From f1c6c07e3ef295cb8379d9a550abdb8899a97863 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Mon, 1 Jun 2026 23:23:16 -0400
Subject: [PATCH 01/31] Initial check-in

---
 .github/copilot-instructions.md               |   1 +
 .github/skills/apim-policies/SKILL.md         |  23 +
 .github/skills/sample-creator/SKILL.md        |   2 +
 AGENTS.md                                     |   1 +
 README.md                                     |  27 +-
 assets/APIM-Samples-Slide-Deck.html           |  26 +-
 .../Infrastructure-Sample-Compatibility.svg   |  79 ++-
 docs/index.html                               |  13 +-
 infrastructure/simple-apim/README.md          |   7 +-
 infrastructure/simple-apim/main.bicep         |   5 +-
 samples/inference-failover/README.md          |  88 +++
 .../backend-distribution.kql                  |  14 +
 samples/inference-failover/create.ipynb       | 667 ++++++++++++++++++
 .../inference-failover/failover-outcomes.kql  |  12 +
 .../inference-api-policy.xml                  |  45 ++
 .../inference-failover.workbook.json          | 292 ++++++++
 samples/inference-failover/main.bicep         | 426 +++++++++++
 .../inference-failover/token-throughput.kql   |  18 +
 .../inference-failover/update-workbook.ps1    |  57 ++
 .../verify-llm-ingestion.kql                  |  19 +
 ...pool-load-balancing-with-retry-tracked.xml |  10 +-
 tests/Test-Matrix.md                          |  30 +-
 tests/python/test_inference_failover.py       | 159 +++++
 23 files changed, 1941 insertions(+), 80 deletions(-)
 create mode 100644 samples/inference-failover/README.md
 create mode 100644 samples/inference-failover/backend-distribution.kql
 create mode 100644 samples/inference-failover/create.ipynb
 create mode 100644 samples/inference-failover/failover-outcomes.kql
 create mode 100644 samples/inference-failover/inference-api-policy.xml
 create mode 100644 samples/inference-failover/inference-failover.workbook.json
 create mode 100644 samples/inference-failover/main.bicep
 create mode 100644 samples/inference-failover/token-throughput.kql
 create mode 100644 samples/inference-failover/update-workbook.ps1
 create mode 100644 samples/inference-failover/verify-llm-ingestion.kql
 create mode 100644 tests/python/test_inference_failover.py

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index 77226654..3a5e2639 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -601,4 +601,5 @@ Samples that require administrative or operational endpoints (cache loading, con
 ### API Management Policy XML Instructions
 
 - Policies should use camelCase for all variable names.
+- The `<backend>` section may contain only one direct child policy. When retrying a backend request, make `<retry>` the sole direct child of `<backend>` and place `<forward-request>` plus any per-attempt policies inside it. Move terminal fallback handling to `<on-error>` or `<outbound>` as appropriate. Do not add sibling policies such as `<base />` or `<choose>` alongside the backend `<retry>`; APIM rejects the policy during deployment.
 - Policy expressions (`@(...)` and `@{...}`) may **only** reference .NET types and members on APIM's [allow-list](https://learn.microsoft.com/azure/api-management/api-management-policy-expressions#CLRTypes). Using anything outside the list (e.g. `System.Globalization.*`, `DateTime.TryParse`, `DateTime.ToUniversalTime`, `System.Text.Json`) causes a deploy-time `ValidationError: One or more fields contain incorrect values` with no further detail. Verify each type/member against the allow-list before writing the expression. See `.github/skills/apim-policies/SKILL.md` for common pitfalls and allowed replacements.
diff --git a/.github/skills/apim-policies/SKILL.md b/.github/skills/apim-policies/SKILL.md
index ad4de66e..43f259ad 100644
--- a/.github/skills/apim-policies/SKILL.md
+++ b/.github/skills/apim-policies/SKILL.md
@@ -34,6 +34,29 @@ Every APIM policy document follows this structure:
 
 The `<base />` element inherits policies from parent scopes (Global → Product → API → Operation).
 
+### Backend Section Cardinality (CRITICAL)
+
+The `<backend>` section may contain only one direct child policy. APIM rejects a policy during deployment when `<backend>` contains sibling policies such as `<retry>` followed by `<choose>`, or `<base />` followed by `<retry>`.
+
+When retrying a backend request, make `<retry>` the sole direct child of `<backend>` and place `<forward-request>` plus any policies that must execute on every attempt inside `<retry>`. Move terminal fallback handling to `<on-error>` or `<outbound>` as appropriate.
+
+```xml
+<backend>
+    <retry count="3" interval="1" first-fast-retry="true"
+        condition="@(context.Response.StatusCode == 429 || context.Response.StatusCode >= 500)">
+        <forward-request buffer-request-body="true" />
+    </retry>
+</backend>
+```
+
+When a custom backend policy is not needed, keep `<base />` as the only direct child:
+
+```xml
+<backend>
+    <base />
+</backend>
+```
+
 ## Policy Categories Quick Reference
 
 | Category | Common Policies | Section |
diff --git a/.github/skills/sample-creator/SKILL.md b/.github/skills/sample-creator/SKILL.md
index a683f7df..4a165928 100644
--- a/.github/skills/sample-creator/SKILL.md
+++ b/.github/skills/sample-creator/SKILL.md
@@ -314,6 +314,8 @@ For samples with custom policies, create XML files following the APIM policy str
 </policies>
 ```
 
+The `<backend>` section may contain only one direct child policy. Keep `<base />` as the only child when inheriting backend behavior. When retrying, replace `<base />` with a single `<retry>` child, nest `<forward-request>` and any per-attempt policies inside `<retry>`, and move terminal fallback handling to `<on-error>` or `<outbound>` as appropriate.
+
 Load policies in the notebook:
 
 ```python
diff --git a/AGENTS.md b/AGENTS.md
index bc240c17..f0993c92 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -37,6 +37,7 @@ All repository contributions should treat accessibility as a first-class quality
 │   ├── costing/             # APIM costing and showback
 │   ├── egress-control/      # Egress control via NVA routing
 │   ├── general/             # Basic policy demonstrations
+│   ├── inference-failover/  # AOAI model failover with LLM telemetry
 │   ├── load-balancing/      # Backend pool load balancing
 │   ├── oauth-3rd-party/     # OAuth 3rd-party (Spotify example)
 │   └── secure-blob-access/  # Valet key pattern for blob storage
diff --git a/README.md b/README.md
index 85706a68..9152e9d6 100644
--- a/README.md
+++ b/README.md
@@ -62,18 +62,20 @@ It's quick and easy to get started!
 
 <details open>
 
-| Sample Name                                                 | Description                                                                                                         | Supported Infrastructure(s)   |
-|:------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------|:------------------------------|
-| [AuthX][sample-authx]                                       | Authentication and role-based authorization in a mock HR API.                                                       | All infrastructures           |
-| [AuthX Pro][sample-authx-pro]                               | Authentication and role-based authorization in a mock product with multiple APIs and policy fragments.              | All infrastructures           |
-| [Azure Maps][sample-azure-maps]                             | Proxying calls to Azure Maps with APIM policies.                                                                    | All infrastructures           |
-| [Costing][sample-costing]                                   | Track and allocate API costs per business unit using APIM subscriptions, Entra ID application tracking, and AI Gateway token/PTU tracking across **both** Azure OpenAI Chat Completions and Responses APIs, including streaming (SSE) token usage which is not simple to capture correctly in APIM. | All infrastructures           |
-| [Dynamic CORS][sample-dynamic-cors]                         | Dynamic per-API CORS origin validation using custom policy fragments and a maintainable origin mapping. | All infrastructures           |
-| [Egress Control][sample-egress-control]                     | Control APIM outbound internet traffic by routing it through a Network Virtual Appliance (NVA) in a hub/spoke topology. | appgw-apim, appgw-apim-pe     |
-| [General][sample-general]                                   | Basic demo of APIM sample setup and policy usage.                                                                   | All infrastructures           |
-| [Load Balancing][sample-load-balancing]                     | Priority and weighted load balancing across backends.                                                               | apim-aca, afd-apim-pe         |
-| [OAuth 3rd-Party][sample-oauth-3rd-party]                   | Authenticate with APIM which then uses its Credential Manager with Spotify's REST API.                              | All infrastructures           |
-| [Secure Blob Access][sample-secure-blob-access]             | Secure blob access via the [valet key pattern][valet-key-pattern].                                                  | All infrastructures           |
+| Sample Name | Description | Supported Infrastructure(s) |
+| :--- | :--- | :--- |
+| [AuthX][sample-authx] | Authentication and role-based authorization in a mock HR API. | All infrastructures |
+| [AuthX Pro][sample-authx-pro] | Authentication and role-based authorization in a mock product with multiple APIs and policy fragments. | All infrastructures |
+| [Azure Maps][sample-azure-maps] | Proxying calls to Azure Maps with APIM policies. | All infrastructures |
+| [Costing][sample-costing] | Track and allocate API costs per business unit using APIM subscriptions, Entra ID application tracking, and AI Gateway token/PTU tracking across **both** Azure OpenAI Chat Completions and Responses APIs, including streaming (SSE) token usage which is not simple to capture correctly in APIM. | All infrastructures |
+| [Dynamic CORS][sample-dynamic-cors] | Dynamic per-API CORS origin validation using custom policy fragments and a maintainable origin mapping. | All infrastructures |
+| [Egress Control][sample-egress-control] | Control APIM outbound internet traffic by routing it through a Network Virtual Appliance (NVA) in a hub/spoke topology. | appgw-apim, appgw-apim-pe |
+| [General][sample-general] | Basic demo of APIM sample setup and policy usage. | All infrastructures |
+| [Inference Failover][sample-inference-failover] | Route compatible Azure OpenAI models through priority and weighted APIM backend pools with focused LLM failover and token telemetry. | All infrastructures |
+| [Load Balancing][sample-load-balancing] | Priority and weighted load balancing across backends. | apim-aca, afd-apim-pe |
+| [OAuth 3rd-Party][sample-oauth-3rd-party] | Authenticate with APIM which then uses its Credential Manager with Spotify's REST API. | All infrastructures |
+| [Secure Blob Access][sample-secure-blob-access] | Secure blob access via the [valet key pattern][valet-key-pattern]. | All infrastructures |
+
 </details>
 
 ### Compatibility Matrices
@@ -383,6 +385,7 @@ _For much more API Management content, please also check out [APIM Love](https:/
 [sample-costing]: ./samples/costing/README.md
 [sample-dynamic-cors]: ./samples/dynamic-cors/README.md
 [sample-general]: ./samples/general/README.md
+[sample-inference-failover]: ./samples/inference-failover/README.md
 [sample-load-balancing]: ./samples/load-balancing/README.md
 [sample-egress-control]: ./samples/egress-control/README.md
 [sample-oauth-3rd-party]: ./samples/oauth-3rd-party/README.md
diff --git a/assets/APIM-Samples-Slide-Deck.html b/assets/APIM-Samples-Slide-Deck.html
index 2d5c2eff..ac9a8442 100644
--- a/assets/APIM-Samples-Slide-Deck.html
+++ b/assets/APIM-Samples-Slide-Deck.html
@@ -1015,7 +1015,7 @@ <h3>&#128218; Samples</h3>
         <ul style="list-style: none; padding: 0;">
           <li style="padding: 6px 0; font-size: 15px; color: #444; display: flex; gap: 10px; align-items: flex-start;">
             <div class="bullet" style="flex-shrink:0; width:8px; height:8px; border-radius:50%; background:#0078D4; margin-top:7px;"></div>
-            <div>10 real-world scenarios covering auth, networking, costing, and more</div>
+            <div>11 real-world scenarios covering auth, networking, costing, AI failover, and more</div>
           </li>
           <li style="padding: 6px 0; font-size: 15px; color: #444; display: flex; gap: 10px; align-items: flex-start;">
             <div class="bullet" style="flex-shrink:0; width:8px; height:8px; border-radius:50%; background:#0078D4; margin-top:7px;"></div>
@@ -1095,15 +1095,11 @@ <h4>App Gateway & APIM (VNet Injection)</h4>
   <div class="slide slide-light">
     <div class="header-bar">
       <div class="accent"></div>
-      <h2>10 Real-World Policy Samples</h2>
+      <h2>11 Real-World Policy Samples</h2>
     </div>
     <p class="subtitle">From authentication &amp; authorization to network routing, cost tracking, and secure access patterns</p>
 
     <div class="arch-grid" style="flex: 1; grid-template-columns: 1fr 1fr 1fr;">
-      <div class="arch-card">
-        <h4>General</h4>
-        <p>Basic APIM setup &amp; policy usage. Perfect starting point.</p>
-      </div>
       <div class="arch-card">
         <h4>AuthX</h4>
         <p>JWT authentication &amp; role-based authorization with a mock HR API.</p>
@@ -1125,16 +1121,24 @@ <h4>Dynamic CORS</h4>
         <p>Per-API CORS origin validation with custom policy fragments &amp; maintainable origin mappings.</p>
       </div>
       <div class="arch-card">
-        <h4>Credential Manager</h4>
-        <p>APIM Credential Manager with Spotify's REST API.</p>
+        <h4>Egress Control</h4>
+        <p>Route APIM outbound traffic through Azure Firewall in a hub/spoke topology.</p>
+      </div>
+      <div class="arch-card">
+        <h4>General</h4>
+        <p>Basic APIM setup &amp; policy usage. Perfect starting point.</p>
+      </div>
+      <div class="arch-card">
+        <h4>Inference Failover</h4>
+        <p>AOAI model-safe fallback with focused LLM request and token telemetry.</p>
       </div>
       <div class="arch-card">
         <h4>Load Balancing</h4>
         <p>Priority &amp; weighted load balancing across backends.</p>
       </div>
       <div class="arch-card">
-        <h4>Egress Control</h4>
-        <p>Route APIM outbound traffic through Azure Firewall in a hub/spoke topology.</p>
+        <h4>OAuth 3rd-Party</h4>
+        <p>APIM Credential Manager with Spotify's REST API.</p>
       </div>
       <div class="arch-card">
         <h4>Secure Blob Access</h4>
@@ -1422,7 +1426,7 @@ <h4 style="color: #50E6FF;">Educate</h4>
       <div class="summary-item">
         <div class="big-icon">&#9889;</div>
         <h4 style="color: #50E6FF;">Empower</h4>
-        <p>9 real-world samples with guided Jupyter notebooks and à la carte flexibility.</p>
+        <p>11 real-world samples with guided Jupyter notebooks and à la carte flexibility.</p>
       </div>
       <div class="summary-item">
         <div class="big-icon">&#128640;</div>
diff --git a/assets/diagrams/Infrastructure-Sample-Compatibility.svg b/assets/diagrams/Infrastructure-Sample-Compatibility.svg
index 55db0b61..7f6fb323 100644
--- a/assets/diagrams/Infrastructure-Sample-Compatibility.svg
+++ b/assets/diagrams/Infrastructure-Sample-Compatibility.svg
@@ -1,4 +1,4 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 880 768" font-family="Segoe UI, Helvetica, Arial, sans-serif">
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 880 814" font-family="Segoe UI, Helvetica, Arial, sans-serif">
   <defs>
     <linearGradient id="headerGrad" x1="0%" y1="0%" x2="0%" y2="100%">
       <stop offset="0%" stop-color="#0078D4" />
@@ -14,8 +14,8 @@
   </defs>
 
   <!-- Background -->
-  <rect width="880" height="768" rx="12" fill="#FAFAFA" />
-  <rect x="4" y="4" width="872" height="760" rx="10" fill="none" stroke="#E0E0E0" stroke-width="1" />
+  <rect width="880" height="814" rx="12" fill="#FAFAFA" />
+  <rect x="4" y="4" width="872" height="806" rx="10" fill="none" stroke="#E0E0E0" stroke-width="1" />
 
   <g transform="translate(0,20)">
   <!-- Title -->
@@ -24,7 +24,7 @@
 
   <!-- Section Labels -->
   <text x="540" y="82" text-anchor="middle" font-size="16" font-weight="700" font-style="italic" fill="#0078D4" letter-spacing="2">INFRASTRUCTURES</text>
-  <text x="22" y="428" text-anchor="middle" font-size="16" font-weight="700" font-style="italic" fill="#00796B" letter-spacing="2" transform="rotate(-90 22 428)">SAMPLES</text>
+  <text x="22" y="451" text-anchor="middle" font-size="16" font-weight="700" font-style="italic" fill="#00796B" letter-spacing="2" transform="rotate(-90 22 451)">SAMPLES</text>
 
   <!-- Column Headers (Infrastructure names) -->
   <!-- Background rectangles for headers -->
@@ -93,27 +93,32 @@
   <rect x="35" y="478" width="170" height="38" rx="6" fill="url(#rowLabelGrad)" filter="url(#shadow)" />
   <text x="120" y="502" text-anchor="middle" font-size="13" font-weight="600" fill="#FFFFFF">General</text>
 
-  <!-- Row 8: Load Balancing -->
+  <!-- Row 8: Inference Failover -->
   <rect x="30" y="522" width="825" height="42" rx="4" fill="#F5F5F5" />
   <rect x="35" y="524" width="170" height="38" rx="6" fill="url(#rowLabelGrad)" filter="url(#shadow)" />
-  <text x="120" y="548" text-anchor="middle" font-size="13" font-weight="600" fill="#FFFFFF">Load Balancing</text>
+  <text x="120" y="548" text-anchor="middle" font-size="13" font-weight="600" fill="#FFFFFF">Inference Failover</text>
 
-  <!-- Row 9: OAuth 3rd-Party -->
+  <!-- Row 9: Load Balancing -->
   <rect x="30" y="568" width="825" height="42" rx="4" fill="#FFFFFF" />
   <rect x="35" y="570" width="170" height="38" rx="6" fill="url(#rowLabelGrad)" filter="url(#shadow)" />
-  <text x="120" y="594" text-anchor="middle" font-size="13" font-weight="600" fill="#FFFFFF">OAuth 3rd-Party</text>
+  <text x="120" y="594" text-anchor="middle" font-size="13" font-weight="600" fill="#FFFFFF">Load Balancing</text>
 
-  <!-- Row 10: Secure Blob Access -->
+  <!-- Row 10: OAuth 3rd-Party -->
   <rect x="30" y="614" width="825" height="42" rx="4" fill="#F5F5F5" />
   <rect x="35" y="616" width="170" height="38" rx="6" fill="url(#rowLabelGrad)" filter="url(#shadow)" />
-  <text x="120" y="640" text-anchor="middle" font-size="13" font-weight="600" fill="#FFFFFF">Secure Blob Access</text>
+  <text x="120" y="640" text-anchor="middle" font-size="13" font-weight="600" fill="#FFFFFF">OAuth 3rd-Party</text>
+
+  <!-- Row 11: Secure Blob Access -->
+  <rect x="30" y="660" width="825" height="42" rx="4" fill="#FFFFFF" />
+  <rect x="35" y="662" width="170" height="38" rx="6" fill="url(#rowLabelGrad)" filter="url(#shadow)" />
+  <text x="120" y="686" text-anchor="middle" font-size="13" font-weight="600" fill="#FFFFFF">Secure Blob Access</text>
 
   <!-- Vertical grid lines -->
-  <line x1="210" y1="92" x2="210" y2="658" stroke="#E0E0E0" stroke-width="0.5" />
-  <line x1="340" y1="92" x2="340" y2="658" stroke="#E0E0E0" stroke-width="0.5" />
-  <line x1="470" y1="92" x2="470" y2="658" stroke="#E0E0E0" stroke-width="0.5" />
-  <line x1="600" y1="92" x2="600" y2="658" stroke="#E0E0E0" stroke-width="0.5" />
-  <line x1="730" y1="92" x2="730" y2="658" stroke="#E0E0E0" stroke-width="0.5" />
+  <line x1="210" y1="92" x2="210" y2="704" stroke="#E0E0E0" stroke-width="0.5" />
+  <line x1="340" y1="92" x2="340" y2="704" stroke="#E0E0E0" stroke-width="0.5" />
+  <line x1="470" y1="92" x2="470" y2="704" stroke="#E0E0E0" stroke-width="0.5" />
+  <line x1="600" y1="92" x2="600" y2="704" stroke="#E0E0E0" stroke-width="0.5" />
+  <line x1="730" y1="92" x2="730" y2="704" stroke="#E0E0E0" stroke-width="0.5" />
 
   <!-- Compatibility indicators -->
   <!-- Row 1: AuthX - all compatible -->
@@ -202,10 +207,9 @@
   <circle cx="790" cy="497" r="10" fill="#4CAF50" opacity="0.9" />
   <text x="790" y="501" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
 
-  <!-- Row 8: Load Balancing - NOT compatible with Simple APIM -->
-  <circle cx="270" cy="543" r="10" fill="#EF5350" opacity="0.9" />
-  <text x="270" y="547" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2717;</text>
-  <text x="283" y="537" font-size="9" font-weight="600" fill="#1A1A1A">1</text>
+  <!-- Row 8: Inference Failover - all compatible -->
+  <circle cx="270" cy="543" r="10" fill="#4CAF50" opacity="0.9" />
+  <text x="270" y="547" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
   <circle cx="400" cy="543" r="10" fill="#4CAF50" opacity="0.9" />
   <text x="400" y="547" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
   <circle cx="530" cy="543" r="10" fill="#4CAF50" opacity="0.9" />
@@ -215,9 +219,10 @@
   <circle cx="790" cy="543" r="10" fill="#4CAF50" opacity="0.9" />
   <text x="790" y="547" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
 
-  <!-- Row 9: OAuth 3rd-Party - all compatible -->
-  <circle cx="270" cy="589" r="10" fill="#4CAF50" opacity="0.9" />
-  <text x="270" y="593" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
+  <!-- Row 9: Load Balancing - NOT compatible with Simple APIM -->
+  <circle cx="270" cy="589" r="10" fill="#EF5350" opacity="0.9" />
+  <text x="270" y="593" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2717;</text>
+  <text x="283" y="583" font-size="9" font-weight="600" fill="#1A1A1A">1</text>
   <circle cx="400" cy="589" r="10" fill="#4CAF50" opacity="0.9" />
   <text x="400" y="593" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
   <circle cx="530" cy="589" r="10" fill="#4CAF50" opacity="0.9" />
@@ -227,7 +232,7 @@
   <circle cx="790" cy="589" r="10" fill="#4CAF50" opacity="0.9" />
   <text x="790" y="593" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
 
-  <!-- Row 10: Secure Blob Access - all compatible -->
+  <!-- Row 10: OAuth 3rd-Party - all compatible -->
   <circle cx="270" cy="635" r="10" fill="#4CAF50" opacity="0.9" />
   <text x="270" y="639" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
   <circle cx="400" cy="635" r="10" fill="#4CAF50" opacity="0.9" />
@@ -239,20 +244,32 @@
   <circle cx="790" cy="635" r="10" fill="#4CAF50" opacity="0.9" />
   <text x="790" y="639" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
 
+  <!-- Row 11: Secure Blob Access - all compatible -->
+  <circle cx="270" cy="681" r="10" fill="#4CAF50" opacity="0.9" />
+  <text x="270" y="685" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
+  <circle cx="400" cy="681" r="10" fill="#4CAF50" opacity="0.9" />
+  <text x="400" y="685" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
+  <circle cx="530" cy="681" r="10" fill="#4CAF50" opacity="0.9" />
+  <text x="530" y="685" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
+  <circle cx="660" cy="681" r="10" fill="#4CAF50" opacity="0.9" />
+  <text x="660" y="685" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
+  <circle cx="790" cy="681" r="10" fill="#4CAF50" opacity="0.9" />
+  <text x="790" y="685" text-anchor="middle" font-size="13" font-weight="700" fill="#FFFFFF">&#x2713;</text>
+
   <!-- Bottom separator -->
-  <line x1="30" y1="660" x2="855" y2="660" stroke="#BDBDBD" stroke-width="0.5" />
+  <line x1="30" y1="706" x2="855" y2="706" stroke="#BDBDBD" stroke-width="0.5" />
 
   <!-- Legend -->
-  <circle cx="280" cy="686" r="8" fill="#4CAF50" opacity="0.9" />
-  <text x="280" y="690" text-anchor="middle" font-size="11" font-weight="700" fill="#FFFFFF">&#x2713;</text>
-  <text x="296" y="690" font-size="12" fill="#555555">Compatible</text>
+  <circle cx="280" cy="732" r="8" fill="#4CAF50" opacity="0.9" />
+  <text x="280" y="736" text-anchor="middle" font-size="11" font-weight="700" fill="#FFFFFF">&#x2713;</text>
+  <text x="296" y="736" font-size="12" fill="#555555">Compatible</text>
 
-  <circle cx="420" cy="686" r="8" fill="#EF5350" opacity="0.9" />
-  <text x="420" y="690" text-anchor="middle" font-size="11" font-weight="700" fill="#FFFFFF">&#x2717;</text>
-  <text x="436" y="690" font-size="12" fill="#555555">Not compatible</text>
+  <circle cx="420" cy="732" r="8" fill="#EF5350" opacity="0.9" />
+  <text x="420" y="736" text-anchor="middle" font-size="11" font-weight="700" fill="#FFFFFF">&#x2717;</text>
+  <text x="436" y="736" font-size="12" fill="#555555">Not compatible</text>
 
   <!-- Footnote -->
-  <text x="40" y="716" font-size="10" fill="#888888"><tspan font-size="8" baseline-shift="super">1</tspan> Requires ACA backends&#160;&#160;&#160;<tspan font-size="8" baseline-shift="super">2</tspan> Requires VNet-capable infrastructure (appgw-apim or appgw-apim-pe)</text>
+  <text x="40" y="762" font-size="10" fill="#888888"><tspan font-size="8" baseline-shift="super">1</tspan> Requires ACA backends&#160;&#160;&#160;<tspan font-size="8" baseline-shift="super">2</tspan> Requires VNet-capable infrastructure (appgw-apim or appgw-apim-pe)</text>
   </g>
 
 </svg>
diff --git a/docs/index.html b/docs/index.html
index 03acf559..e61cb25a 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -139,9 +139,10 @@
           { "@type": "ListItem", "position": 10, "name": "Dynamic CORS sample",                            "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/dynamic-cors" },
           { "@type": "ListItem", "position": 11, "name": "Egress Control sample",                         "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/egress-control" },
           { "@type": "ListItem", "position": 12, "name": "General sample",                                "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/general" },
-          { "@type": "ListItem", "position": 13, "name": "Load Balancing sample",                         "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/load-balancing" },
-          { "@type": "ListItem", "position": 14, "name": "OAuth 3rd-Party sample",                        "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/oauth-3rd-party" },
-          { "@type": "ListItem", "position": 15, "name": "Secure Blob Access sample",                     "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/secure-blob-access" }
+          { "@type": "ListItem", "position": 13, "name": "Inference Failover sample",                     "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/inference-failover" },
+          { "@type": "ListItem", "position": 14, "name": "Load Balancing sample",                         "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/load-balancing" },
+          { "@type": "ListItem", "position": 15, "name": "OAuth 3rd-Party sample",                        "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/oauth-3rd-party" },
+          { "@type": "ListItem", "position": 16, "name": "Secure Blob Access sample",                     "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/secure-blob-access" }
         ]
       }
     ]
@@ -469,6 +470,12 @@ <h3>General</h3>
             <span class="infra-tag">All infrastructures</span>
           </a>
 
+          <a class="sample-card" href="https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/inference-failover" target="_blank" rel="noopener">
+            <h3>Inference Failover</h3>
+            <p>Route compatible Azure OpenAI deployments through priority and weighted backend pools with focused LLM failover and token telemetry.</p>
+            <span class="infra-tag">All infrastructures</span>
+          </a>
+
           <a class="sample-card" href="https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/load-balancing" target="_blank" rel="noopener">
             <h3>Load Balancing</h3>
             <p>Priority and weighted load balancing across backend pools for resilience and blue-green rollouts.</p>
diff --git a/infrastructure/simple-apim/README.md b/infrastructure/simple-apim/README.md
index 1b08d018..a4a9b4f7 100644
--- a/infrastructure/simple-apim/README.md
+++ b/infrastructure/simple-apim/README.md
@@ -10,18 +10,19 @@ This architecture provides a basic API gateway using Azure API Management, suita
 
 1. Provide the simplest Azure API Management infrastructure with a public ingress to allow for easy testing
 1. Enable observability by sending telemetry to Azure Monitor
+1. Reveal the selected backend URL in the `X-Backend-URL` response header for learning and testing
 
 ## ⚙️ Configuration
 
 Adjust the `user-defined parameters` in this lab's Jupyter Notebook's [Initialize notebook variables][init-notebook-variables] section.
 
+The infrastructure enables `revealBackendApiInfo` by default so samples can show routing decisions. Disable it for production-like environments because `X-Backend-URL` exposes internal backend information to callers.
+
 ## ▶️ Execution
 
 👟 **Expected *Run All* runtime: ~3 minutes**
 
-1. Execute this lab's [Jupyter Notebook][infra-notebook] step-by-step or via _Run All_.
-
-
+1. Execute this lab's [Jupyter Notebook][infra-notebook] step-by-step or via *Run All*.
 
 [infra-notebook]: ./create.ipynb
 [init-notebook-variables]: ./create.ipynb#initialize-notebook-variables
diff --git a/infrastructure/simple-apim/main.bicep b/infrastructure/simple-apim/main.bicep
index 69894daa..d6779412 100644
--- a/infrastructure/simple-apim/main.bicep
+++ b/infrastructure/simple-apim/main.bicep
@@ -14,6 +14,9 @@ param apimSku string
 param apis array = []
 param policyFragments array = []
 
+@description('Whether APIM responses expose the selected backend URL for learning and testing. Disable for production-like environments.')
+param revealBackendApiInfo bool = true
+
 // ------------------
 //    RESOURCES
 // ------------------
@@ -44,7 +47,7 @@ module apimModule '../../shared/bicep/modules/apim/v1/apim.bicep' = {
     apimSku: apimSku
     appInsightsInstrumentationKey: appInsightsInstrumentationKey
     appInsightsId: appInsightsId
-    globalPolicyXml: loadTextContent('../../shared/apim-policies/all-apis.xml')
+    globalPolicyXml: revealBackendApiInfo ? loadTextContent('../../shared/apim-policies/all-apis-reveal-backend.xml') : loadTextContent('../../shared/apim-policies/all-apis.xml')
   }
 }
 
diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
new file mode 100644
index 00000000..008296a1
--- /dev/null
+++ b/samples/inference-failover/README.md
@@ -0,0 +1,88 @@
+# Samples: Inference Failover
+
+This sample uses Azure API Management as an AI Gateway for two Azure OpenAI models, combining priority and weighted backend failover with focused LLM telemetry in Log Analytics and an Azure Monitor Workbook.
+
+⚙️ **Supported infrastructures**: All infrastructures
+
+👟 **Expected *Run All* runtime (excl. infrastructure prerequisite): ~15 minutes**
+
+## 🎯 Objectives
+
+1. Route each model only to compatible Azure OpenAI deployments through model-specific APIM backend pools.
+1. Observe priority failover and equal-weight terminal routing when regional `Standard` deployments return `429` or `503` responses.
+1. Capture request, latency, and token telemetry through `ApiManagementGatewayLogs` and `ApiManagementGatewayLlmLog`.
+1. Use a controlled low-capacity model constellation to generate observable failover without treating simulated PTU tiers as real provisioned deployments.
+
+## ✅ Prerequisites
+
+Beyond the [general prerequisites](../../README.md#-getting-started) (Azure subscription, CLI, Python environment), this sample requires permissions and quota for Azure OpenAI deployments.
+
+- **Cognitive Services Contributor** at resource group scope to create three Azure OpenAI resources and nine regional model deployments.
+- **Role Based Access Control Administrator** or equivalent role-assignment permission at resource group scope to assign APIM's managed identity the **Cognitive Services OpenAI User** role.
+- Regional model availability and quota in `eastus2`, `westus3`, and `southcentralus` for the requested `gpt-5.1` and `gpt-4.1-mini` `Standard` deployments.
+
+## 📝 Scenario
+
+An AI platform prefers provisioned capacity tiers across its available regions before using pay-as-you-go capacity: in-region PTU, out-of-region PTU, in-region PAYG, then out-of-region PAYG. This lab exercises that routing shape using only regional `Standard` pay-as-you-go Azure OpenAI deployments. Names containing `PTU` identify the simulated preference tier in the experiment and do not change the Azure OpenAI deployment SKU or billing model.
+
+### Model Deployments
+
+All deployments below use the regional `Standard` SKU with a capacity of `1` thousand tokens per minute (TPM). This deliberately small capacity makes concentrated `429`-driven failover practical to observe; it is not production sizing advice.
+
+| Region           | Label | Deployment         | Model          | Version      | Simulates          |
+| ---------------- | ----- | ------------------ | -------------- | ------------ | ------------------ |
+| East US 2        | A     | `a-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | In-region PTU      |
+| East US 2        | B     | `b-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | In-region PAYG     |
+| East US 2        | C     | `c-gpt-4-1-mini`   | `gpt-4.1-mini` | `2025-04-14` | In-region PTU      |
+| East US 2        | D     | `d-gpt-4-1-mini`   | `gpt-4.1-mini` | `2025-04-14` | In-region PAYG     |
+| West US 3        | D     | `d-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | Out-of-region PTU  |
+| West US 3        | E     | `e-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | Out-of-region PAYG |
+| West US 3        | F     | `f-gpt-4-1-mini`   | `gpt-4.1-mini` | `2025-04-14` | Out-of-region PTU  |
+| South Central US | G     | `g-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | Out-of-region PAYG |
+| South Central US | H     | `h-gpt-4-1-mini`   | `gpt-4.1-mini` | `2025-04-14` | Out-of-region PAYG |
+
+## 🛩️ Lab Components
+
+This lab adds the following to an existing APIM infrastructure:
+
+- Three regional Azure OpenAI resources containing nine `Standard` model deployments at `1` thousand TPM each.
+- Nine concrete APIM backends named using `<model>-<PTU|PAYGO>-<region>`, each with TLS validation and a one-minute circuit breaker for `429` and `503` responses that accepts `Retry-After`.
+- One APIM backend pool per model so a retry never crosses to an incompatible deployment.
+- Two AI Gateway APIs with managed identity authentication to Azure OpenAI: `POST /inference/gpt-5-1/chat/completions` retries four times through A -> D -> B -> E/G (equal terminal weights), while `POST /inference/gpt-4-1-mini/chat/completions` retries three times through C -> F -> D -> H.
+
+- Model-specific retry policies that buffer the POST body while retrying throttled or unavailable backends and return a generic `503` when fallback is exhausted.
+- APIM AI Gateway diagnostics using the infrastructure-provided Log Analytics workspace and Application Insights component, plus an AOAI-only workbook for terminal outcomes, backend distribution, token usage, and latency.
+
+### Managed Identity And Privacy
+
+The inference API policy authenticates every selected backend request with APIM's system-assigned managed identity and the **Cognitive Services OpenAI User** role. It never stores or forwards an Azure OpenAI API key. For learning and testing, the infrastructure's global APIM policy returns the selected backend URL in the `X-Backend-URL` response header so the notebook can record routing decisions. Disable `revealBackendApiInfo` for production-like environments. If fallback is exhausted, callers receive a generic `503` response without backend identity or placement information.
+
+Gateway ingress exposure follows the selected infrastructure: choose a Private Link or VNet architecture when private ingress is required, while the notebook keeps Simple API Management as its approachable default.
+
+Routine probes intentionally do not perform inference: recurring multi-location model calls would consume request and token budgets while still providing an incomplete capacity signal. The notebook harness sends explicit inference traffic when a live readiness or failover observation is needed.
+
+## ⚙️ Configuration
+
+1. Deploy any [infrastructure architecture](../../README.md#list-of-infrastructures), with [Simple API Management](../../infrastructure/simple-apim/README.md) as the notebook default.
+1. Open [create.ipynb](create.ipynb) and adjust only values under *USER CONFIGURATION* if necessary.
+1. Run all notebook cells to deploy the model constellation, APIs, workbook, controlled inference requests, and telemetry charts.
+1. Increase `pressure_requests_per_model` only when the initial traffic does not produce sufficient concentrated pressure for failover observation; requests consume real Azure OpenAI tokens.
+
+## 🖼️ Expected Results
+
+After the traffic cells run and telemetry ingestion completes, the notebook plots terminal outcomes and token usage while the workbook provides longer-lived views of:
+
+- Requests and terminal `503` results by inference API.
+- Concrete backend distribution when the APIM gateway log records the resolved backend identity.
+- Prompt, completion, and total tokens by model route.
+- Backend latency trends during controlled pressure.
+
+## 🧹 Clean Up
+
+The sample resources live in the selected infrastructure resource group. Remove the sample deployment or clean up the infrastructure resource group after experimenting to stop Azure OpenAI and APIM charges.
+
+## 🔗 Additional Resources
+
+- [Backends in API Management](https://learn.microsoft.com/azure/api-management/backends)
+- [Authenticate and authorize access to LLM APIs by using API Management](https://learn.microsoft.com/azure/api-management/api-management-authenticate-authorize-ai-apis)
+- [Azure OpenAI quotas and limits](https://learn.microsoft.com/azure/ai-services/openai/quotas-limits)
diff --git a/samples/inference-failover/backend-distribution.kql b/samples/inference-failover/backend-distribution.kql
new file mode 100644
index 00000000..3edd3801
--- /dev/null
+++ b/samples/inference-failover/backend-distribution.kql
@@ -0,0 +1,14 @@
+// Shows the concrete backend destinations exercised by AI inference traffic.
+//
+// Parameters (prepend as KQL 'let' bindings before running):
+//   let timeWindow = 1h;
+//   let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+//
+ApiManagementGatewayLogs
+| where TimeGenerated > ago(timeWindow)
+| where ApiId in~ (apiIds)
+| project TimeGenerated, ApiId, BackendId, ResponseCode, BackendTime
+| extend Backend = iff(isempty(BackendId), '(backend not recorded)', BackendId)
+| summarize Requests = count(), Successes = countif(ResponseCode between (200 .. 299)), Throttled = countif(ResponseCode == 429), Failures = countif(ResponseCode >= 500), AverageBackendMs = round(avg(BackendTime), 1) by ApiId, Backend
+| extend SuccessRate = round(100.0 * Successes / Requests, 1)
+| order by ApiId asc, Requests desc
diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
new file mode 100644
index 00000000..edd7f36b
--- /dev/null
+++ b/samples/inference-failover/create.ipynb
@@ -0,0 +1,667 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "id": "1b5e9b13",
+   "metadata": {},
+   "source": [
+    "# Inference Failover\n",
+    "\n",
+    "Deploy two model-safe AI Gateway routes that exercise priority and weighted fallback across regional Azure OpenAI deployments while collecting focused LLM telemetry. See [README.md](README.md) for deployment details and prerequisites."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "d7c2f48c",
+   "metadata": {},
+   "source": [
+    "## What This Sample Does\n",
+    "\n",
+    "- Deploys nine regional `Standard` Azure OpenAI deployments at `1` thousand TPM for deliberate pressure testing.\n",
+    "- Exposes only `POST /inference/gpt-5-1/chat/completions` and `POST /inference/gpt-4-1-mini/chat/completions`.\n",
+    "- Routes each model through its own APIM backend pool, with managed identity authentication, TLS validation, circuit breaking, and buffered retries.\n",
+    "- Captures AOAI request, response, latency, and token telemetry in an Azure Monitor Workbook and in the verification charts below."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "b59a7d7b",
+   "metadata": {},
+   "source": [
+    "## Route Graph\n",
+    "\n",
+    "Each operation targets one APIM backend pool. The pool selects a single member per request by priority (lowest first), and members that share a priority split traffic by weight. The backends never call one another; APIM picks the active backend and fails over to the next priority tier when one is unavailable.\n",
+    "\n",
+    "Every target is a regional `Standard` pay-as-you-go deployment. `PTU` identifies a simulated routing preference, not a provisioned deployment.\n",
+    "\n",
+    "```mermaid\n",
+    "flowchart LR\n",
+    "  subgraph S5 [\" gpt-5.1 (East US 2)\"]\n",
+    "    C51[\"POST /inference/gpt-5-1/chat/completions\"] --> P5{{\"&nbsp;&nbsp;Backend pool: inference-gpt-5-1-pool&nbsp;&nbsp;\"}}\n",
+    "    P5 -- \"priority 1\" --> A[\"`East US 2\n",
+    "                            PTU\n",
+    "                            gpt-5-1`\"]\n",
+    "    P5 -- \"priority 2\" --> D[\"`West US 3\n",
+    "                            PTU\n",
+    "                            gpt-5-1`\"]\n",
+    "    P5 -- \"priority 3\" --> B[\"`East US 2\n",
+    "                            PAYG\n",
+    "                            gpt-5-1`\"]\n",
+    "    P5 -- \"priority 4 &middot; weight 50\" --> E[\"`West US 3 \n",
+    "                                                PAYG\n",
+    "                                                gpt-5-1`\"]\n",
+    "    P5 -- \"priority 4 &middot; weight 50\" --> G[\"`South Central US\n",
+    "                                                PAYG\n",
+    "                                                gpt-5-1`\"]\n",
+    "  end\n",
+    "\n",
+    "  S5 ~~~ S4\n",
+    "\n",
+    "  subgraph S4 [\" gpt-4.1-mini (East US 2)\"]\n",
+    "    C41[\"POST /inference/gpt-4-1-mini/chat/completions\"] --> P4{{\"&nbsp;&nbsp;Backend pool: inference-gpt-4-1-mini-pool&nbsp;&nbsp;\"}}\n",
+    "    P4 -- \"priority 1\" --> C[\"`East US 2\n",
+    "                                PTU\n",
+    "                                gpt-4-1-mini`\"]\n",
+    "    P4 -- \"priority 2\" --> F[\"`West US 3 \n",
+    "                                PTU\n",
+    "                                gpt-4-1-mini`\"]\n",
+    "    P4 -- \"priority 3\" --> DP[\"`East US 2\n",
+    "                                PAYG\n",
+    "                                gpt-4-1-mini`\"]\n",
+    "    P4 -- \"priority 4\" --> H[\"`South Central US\n",
+    "                                PAYG\n",
+    "                                gpt-4-1-mini`\"]\n",
+    "  end\n",
+    "```\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "fea50671",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import azure_resources as az\n",
+    "import utils\n",
+    "from apimtypes import API, APIM_SKU, APIOperation, HTTP_VERB, INFRASTRUCTURE, Region\n",
+    "from console import print_ok\n",
+    "\n",
+    "# ------------------------------\n",
+    "#    USER CONFIGURATION\n",
+    "# ------------------------------\n",
+    "\n",
+    "rg_location = Region.EAST_US_2\n",
+    "index = 1\n",
+    "apim_sku = APIM_SKU.BASICV2\n",
+    "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
+    "api_prefix = 'inference'\n",
+    "tags = ['inference-failover', 'ai-gateway', 'observability']\n",
+    "max_completion_tokens = 128                 # Per-request completion cap for the pressure scenarios\n",
+    "\n",
+    "# ------------------------------\n",
+    "#    SYSTEM CONFIGURATION\n",
+    "# ------------------------------\n",
+    "\n",
+    "sample_folder = 'inference-failover'\n",
+    "rg_name = az.get_infra_rg_name(deployment, index)\n",
+    "supported_infras = [\n",
+    "    INFRASTRUCTURE.AFD_APIM_PE,\n",
+    "    INFRASTRUCTURE.APIM_ACA,\n",
+    "    INFRASTRUCTURE.APPGW_APIM,\n",
+    "    INFRASTRUCTURE.APPGW_APIM_PE,\n",
+    "    INFRASTRUCTURE.SIMPLE_APIM,\n",
+    "]\n",
+    "nb_helper = utils.NotebookHelper(\n",
+    "    sample_folder,\n",
+    "    rg_name,\n",
+    "    rg_location,\n",
+    "    deployment,\n",
+    "    supported_infras,\n",
+    "    index=index,\n",
+    "    apim_sku=apim_sku,\n",
+    ")\n",
+    "current_user, current_user_id, tenant_id, subscription_id = az.get_account_info()\n",
+    "\n",
+    "policy_template = utils.read_policy_xml('inference-api-policy.xml', sample_name=sample_folder)\n",
+    "\n",
+    "def build_inference_policy(backend_pool_id: str, retry_count: int) -> str:\n",
+    "    \"\"\"Build one model-safe inference API policy from the shared template.\"\"\"\n",
+    "    return policy_template.replace('BACKEND_POOL_ID', backend_pool_id).replace('RETRY_COUNT', str(retry_count))\n",
+    "\n",
+    "chat_operation = APIOperation(\n",
+    "    'chat-completions',\n",
+    "    'Chat Completions',\n",
+    "    '/chat/completions',\n",
+    "    HTTP_VERB.POST,\n",
+    "    'Send an inference request through a model-safe backend pool.',\n",
+    ")\n",
+    "gpt_5_1_api = API(\n",
+    "    'inference-gpt-5-1',\n",
+    "    'Inference gpt-5.1',\n",
+    "    f'{api_prefix}/gpt-5-1',\n",
+    "    'Priority and weighted failover for gpt-5.1 deployments.',\n",
+    "    policyXml=build_inference_policy('inference-gpt-5-1-pool', 4),\n",
+    "    operations=[chat_operation],\n",
+    "    tags=tags,\n",
+    "    enableLlmLogging=True,\n",
+    ")\n",
+    "gpt_4_1_mini_api = API(\n",
+    "    'inference-gpt-4-1-mini',\n",
+    "    'Inference gpt-4.1-mini',\n",
+    "    f'{api_prefix}/gpt-4-1-mini',\n",
+    "    'Priority failover for gpt-4.1-mini deployments.',\n",
+    "    policyXml=build_inference_policy('inference-gpt-4-1-mini-pool', 3),\n",
+    "    operations=[chat_operation],\n",
+    "    tags=tags,\n",
+    "    enableLlmLogging=True,\n",
+    ")\n",
+    "apis = [gpt_5_1_api, gpt_4_1_mini_api]\n",
+    "\n",
+    "print_ok('Notebook initialized')\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "82b93a92",
+   "metadata": {},
+   "source": [
+    "## Deploy Inference Gateway Resources\n",
+    "\n",
+    "Deploy the regional Azure OpenAI constellation, APIM backends and pools, retry fragment, LLM diagnostic wiring, two APIs, and the AOAI-only workbook into the selected infrastructure resource group."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "d64811cc",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from console import print_error, print_ok, print_val\n",
+    "\n",
+    "bicep_parameters = {\n",
+    "    'location': {'value': rg_location},\n",
+    "    'index': {'value': index},\n",
+    "    'apis': {'value': [api.to_dict() for api in apis]},\n",
+    "}\n",
+    "output = nb_helper.deploy_sample(bicep_parameters)\n",
+    "\n",
+    "if output.success:\n",
+    "    apim_name = output.get('apimServiceName', 'APIM Service Name')\n",
+    "    apim_gateway_url = output.get('apimResourceGatewayURL', 'APIM API Gateway URL')\n",
+    "    log_analytics_name = output.get('logAnalyticsWorkspaceName', 'Log Analytics Workspace Name')\n",
+    "    log_analytics_id = output.get('logAnalyticsWorkspaceId', 'Log Analytics Workspace ID')\n",
+    "    workbook_name = output.get('workbookName', 'Workbook Name')\n",
+    "    workbook_id = output.get('workbookId', 'Workbook ID')\n",
+    "    api_outputs = output.getJson('apiOutputs', 'Inference API outputs', secure=True)\n",
+    "    api_keys = {api_output['name']: api_output['subscriptionPrimaryKey'] for api_output in api_outputs}\n",
+    "    print_val('Workbook', workbook_name)\n",
+    "    print_ok('Inference failover deployment completed successfully')\n",
+    "else:\n",
+    "    print_error('Deployment failed')\n",
+    "    raise SystemExit(1)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "86ab2697",
+   "metadata": {},
+   "source": [
+    "## 🧪 Inference Failover Test Matrix\n",
+    "\n",
+    "Run a methodical series of scenarios that exercise the model-safe backend pools under increasing pressure, mirroring the structure of the load-balancing sample. Each scenario sends several real Azure OpenAI requests through a single shared session, captures the served backend from the `X-Backend-Id` response header, and verifies the observed behaviour.\n",
+    "\n",
+    "| # | Scenario | API | Runs | Sleep | Behaviour verified |\n",
+    "| --- | --- | --- | --- | --- | --- |\n",
+    "| 1 | Baseline warm path | both | 6 each | none | Fresh priority-1 backend serves small requests with `200` |\n",
+    "| 2 | Sustained pressure | gpt-5.1 | 45 | none | Low-TPM exhaustion forces throttling and priority failover |\n",
+    "| 3 | Sustained pressure | gpt-4.1-mini | 30 | none | Independent pool exhausts and fails over on its own |\n",
+    "| 4 | Paced recovery | gpt-5.1 | 30 | 1.5 s | Inter-request spacing lets circuit breakers recover and lifts the success rate |\n",
+    "| 5 | Terminal exhaustion | gpt-5.1 | 35 | none | A hard burst drains every tier and returns the generic `503` |\n",
+    "\n",
+    "> These are real Azure OpenAI calls (~150 requests) that consume tokens. The deployments are intentionally provisioned at minimum capacity so that pressure is observable quickly; this is an observation aid, not production sizing guidance.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "d4eb7561",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import json\n",
+    "import time\n",
+    "\n",
+    "import requests as http_requests\n",
+    "\n",
+    "from apimtesting import ApimTesting\n",
+    "from console import print_error, print_info, print_message, print_ok\n",
+    "\n",
+    "if 'api_keys' not in locals():\n",
+    "    print_error('Please run the deployment cell first')\n",
+    "    raise SystemExit(1)\n",
+    "\n",
+    "endpoint_url, request_headers, allow_insecure_tls = utils.get_endpoint(deployment, rg_name, apim_gateway_url)\n",
+    "\n",
+    "# Stable backend -> chart index mapping in pool-priority order so chart colors track failover tiers.\n",
+    "gpt_5_1_backend_index = {\n",
+    "    'a-gpt-5-1': 0,   # P1 in-region PTU\n",
+    "    'b-gpt-5-1': 1,   # P2 in-region PAYG\n",
+    "    'd-gpt-5-1': 2,   # P3 out-of-region PTU\n",
+    "    'e-gpt-5-1': 3,   # P4 out-of-region PAYG (westus3)\n",
+    "    'g-gpt-5-1': 4,   # P4 out-of-region PAYG (southcentralus)\n",
+    "}\n",
+    "gpt_4_1_mini_backend_index = {\n",
+    "    'c-gpt-4-1-mini': 0,   # P1 in-region PTU\n",
+    "    'd-gpt-4-1-mini': 1,   # P2 in-region PAYG\n",
+    "    'f-gpt-4-1-mini': 2,   # P3 out-of-region PTU\n",
+    "    'h-gpt-4-1-mini': 3,   # P4 out-of-region PAYG\n",
+    "}\n",
+    "\n",
+    "gpt_5_1_route = f'{api_prefix}/gpt-5-1/chat/completions'\n",
+    "gpt_4_1_mini_route = f'{api_prefix}/gpt-4-1-mini/chat/completions'\n",
+    "\n",
+    "small_payload = {\n",
+    "    'messages': [{'role': 'user', 'content': 'Return the word ready.'}],\n",
+    "    'max_completion_tokens': 16,\n",
+    "}\n",
+    "pressure_payload = {\n",
+    "    'messages': [{'role': 'user', 'content': 'Summarize failover readiness in three bullets. ' * 20}],\n",
+    "    'max_completion_tokens': max_completion_tokens,\n",
+    "}\n",
+    "\n",
+    "\n",
+    "def run_inference_scenario(session, route, api_key, payload, runs, backend_index_map, scenario_label, sleep_ms = 0):\n",
+    "    \"\"\"Send `runs` POSTs through one route, attributing each response to its served backend.\"\"\"\n",
+    "    results = []\n",
+    "    url = f'{endpoint_url}/{route}'\n",
+    "    print_message(scenario_label, blank_above = True)\n",
+    "    print_info(f'POST {url}')\n",
+    "\n",
+    "    for run_index in range(1, runs + 1):\n",
+    "        start_time = time.time()\n",
+    "        response = session.post(url, headers = {'api-key': api_key}, json = payload, timeout = 120)\n",
+    "        response_time = time.time() - start_time\n",
+    "\n",
+    "        backend_id = response.headers.get('X-Backend-Id', 'unknown')\n",
+    "        backend_index = backend_index_map.get(backend_id, 99)\n",
+    "\n",
+    "        # Inject the backend index into the stored body so charts.BarChart colors each 200 bar by the\n",
+    "        # served backend. Non-200 responses keep their error body and are charted in red.\n",
+    "        if response.status_code == 200:\n",
+    "            response_body = json.dumps({'index': backend_index, 'backend': backend_id})\n",
+    "        else:\n",
+    "            response_body = response.text\n",
+    "\n",
+    "        results.append({\n",
+    "            'run': run_index,\n",
+    "            'response': response_body,\n",
+    "            'status_code': response.status_code,\n",
+    "            'response_time': response_time,\n",
+    "            'headers': dict(response.headers),\n",
+    "            'backend': backend_id,\n",
+    "        })\n",
+    "\n",
+    "        print_info(f'Run {run_index}/{runs}: {response.status_code} via {backend_id} ({response_time:.2f}s)')\n",
+    "\n",
+    "        if sleep_ms:\n",
+    "            time.sleep(sleep_ms / 1000)\n",
+    "\n",
+    "    return results\n",
+    "\n",
+    "\n",
+    "def summarize_scenario(results):\n",
+    "    \"\"\"Return (successes, throttled, unavailable, served_backends) for a scenario result list.\"\"\"\n",
+    "    successes = sum(1 for r in results if r['status_code'] == 200)\n",
+    "    throttled = sum(1 for r in results if r['status_code'] == 429)\n",
+    "    unavailable = sum(1 for r in results if r['status_code'] == 503)\n",
+    "    served_backends = sorted({r['backend'] for r in results if r['status_code'] == 200 and r['backend'] != 'unknown'})\n",
+    "    return successes, throttled, unavailable, served_backends\n",
+    "\n",
+    "\n",
+    "tests = ApimTesting('Inference Failover Scenario Tests', sample_folder, nb_helper.deployment)\n",
+    "\n",
+    "session = http_requests.Session()\n",
+    "session.verify = not allow_insecure_tls\n",
+    "if request_headers:\n",
+    "    session.headers.update(request_headers)\n",
+    "session.headers.update({'Content-Type': 'application/json'})\n",
+    "\n",
+    "try:\n",
+    "    # 1/5: Baseline warm path - both routes, small payloads against fresh priority-1 backends.\n",
+    "    scenario1_gpt_5_1 = run_inference_scenario(\n",
+    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], small_payload, 6, gpt_5_1_backend_index,\n",
+    "        '1/5: Baseline warm path - gpt-5.1',\n",
+    "    )\n",
+    "    scenario1_gpt_4_1_mini = run_inference_scenario(\n",
+    "        session, gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], small_payload, 6, gpt_4_1_mini_backend_index,\n",
+    "        '1/5: Baseline warm path - gpt-4.1-mini',\n",
+    "    )\n",
+    "    tests.verify(len(scenario1_gpt_5_1), 6)\n",
+    "    tests.verify(len(scenario1_gpt_4_1_mini), 6)\n",
+    "    tests.verify(scenario1_gpt_5_1[0]['status_code'], 200, label = 'gpt-5.1 baseline first request succeeded')\n",
+    "    tests.verify(scenario1_gpt_4_1_mini[0]['status_code'], 200, label = 'gpt-4.1-mini baseline first request succeeded')\n",
+    "\n",
+    "    # 2/5: Sustained pressure on gpt-5.1 - no spacing, drive low-TPM exhaustion and failover.\n",
+    "    time.sleep(2)\n",
+    "    scenario2_gpt_5_1 = run_inference_scenario(\n",
+    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 45, gpt_5_1_backend_index,\n",
+    "        '2/5: Sustained pressure - gpt-5.1 (no spacing)',\n",
+    "    )\n",
+    "    s2_success, s2_throttled, s2_unavailable, _ = summarize_scenario(scenario2_gpt_5_1)\n",
+    "    tests.verify(len(scenario2_gpt_5_1), 45)\n",
+    "    tests.verify(s2_success > 0, True, label = 'gpt-5.1 sustained pressure still served some requests')\n",
+    "    tests.verify(\n",
+    "        (s2_throttled + s2_unavailable) > 0,\n",
+    "        True,\n",
+    "        label = 'gpt-5.1 sustained pressure produced throttling or failover exhaustion',\n",
+    "    )\n",
+    "\n",
+    "    # 3/5: Sustained pressure on gpt-4.1-mini - the independent pool exhausts on its own.\n",
+    "    time.sleep(2)\n",
+    "    scenario3_gpt_4_1_mini = run_inference_scenario(\n",
+    "        session, gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], pressure_payload, 30, gpt_4_1_mini_backend_index,\n",
+    "        '3/5: Sustained pressure - gpt-4.1-mini (no spacing)',\n",
+    "    )\n",
+    "    s3_success, s3_throttled, s3_unavailable, _ = summarize_scenario(scenario3_gpt_4_1_mini)\n",
+    "    tests.verify(len(scenario3_gpt_4_1_mini), 30)\n",
+    "    tests.verify(s3_success > 0, True, label = 'gpt-4.1-mini sustained pressure still served some requests')\n",
+    "    tests.verify(\n",
+    "        (s3_throttled + s3_unavailable) > 0,\n",
+    "        True,\n",
+    "        label = 'gpt-4.1-mini sustained pressure produced throttling or failover exhaustion',\n",
+    "    )\n",
+    "\n",
+    "    # 4/5: Paced recovery on gpt-5.1 - inter-request spacing lets circuit breakers recover.\n",
+    "    time.sleep(2)\n",
+    "    scenario4_gpt_5_1 = run_inference_scenario(\n",
+    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 30, gpt_5_1_backend_index,\n",
+    "        '4/5: Paced recovery - gpt-5.1 (1.5s spacing)', sleep_ms = 1500,\n",
+    "    )\n",
+    "    s4_success, _, _, _ = summarize_scenario(scenario4_gpt_5_1)\n",
+    "    tests.verify(len(scenario4_gpt_5_1), 30)\n",
+    "    tests.verify(s4_success > 0, True, label = 'gpt-5.1 paced recovery served requests across the window')\n",
+    "\n",
+    "    # 5/5: Terminal exhaustion on gpt-5.1 - a hard burst drains every tier to the generic 503.\n",
+    "    time.sleep(2)\n",
+    "    scenario5_gpt_5_1 = run_inference_scenario(\n",
+    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 35, gpt_5_1_backend_index,\n",
+    "        '5/5: Terminal exhaustion - gpt-5.1 (hard burst)',\n",
+    "    )\n",
+    "    s5_success, s5_throttled, s5_unavailable, _ = summarize_scenario(scenario5_gpt_5_1)\n",
+    "    tests.verify(len(scenario5_gpt_5_1), 35)\n",
+    "    tests.verify(\n",
+    "        (s5_throttled + s5_unavailable) > 0,\n",
+    "        True,\n",
+    "        label = 'gpt-5.1 terminal burst exhausted the pool (429/503 observed)',\n",
+    "    )\n",
+    "finally:\n",
+    "    session.close()\n",
+    "\n",
+    "print_message('Scenario success / throttled / unavailable summary', blank_above = True)\n",
+    "for scenario_name, scenario_results in [\n",
+    "    ('1 baseline gpt-5.1', scenario1_gpt_5_1),\n",
+    "    ('1 baseline gpt-4.1-mini', scenario1_gpt_4_1_mini),\n",
+    "    ('2 sustained gpt-5.1', scenario2_gpt_5_1),\n",
+    "    ('3 sustained gpt-4.1-mini', scenario3_gpt_4_1_mini),\n",
+    "    ('4 paced gpt-5.1', scenario4_gpt_5_1),\n",
+    "    ('5 terminal gpt-5.1', scenario5_gpt_5_1),\n",
+    "]:\n",
+    "    n_ok, n_throttled, n_unavailable, served = summarize_scenario(scenario_results)\n",
+    "    print_info(f'Scenario {scenario_name}: {n_ok} ok, {n_throttled} throttled, {n_unavailable} unavailable, backends={served}')\n",
+    "\n",
+    "tests.print_summary()\n",
+    "if tests.tests_failed:\n",
+    "    raise SystemExit(1)\n",
+    "print_ok('All inference failover scenarios completed')\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "681f2fab",
+   "metadata": {},
+   "source": [
+    "## 📊 Scenario Charts\n",
+    "\n",
+    "Plot the per-run response time for each scenario. Bars are colored by the backend that served the request, derived from the `X-Backend-Id` response header that the inference policy emits.\n",
+    "\n",
+    "**Reading the charts**\n",
+    "\n",
+    "- **Backend index 0** is the priority-1 backend; higher indices are lower-priority failover tiers in pool order.\n",
+    "- A run colored red is a non-`200` response (`429` throttle or terminal `503`) and shows pressure that the pool could not absorb.\n",
+    "- The first request in a cold scenario is often slower (TLS warm-up plus first-token latency); the mean line ignores the slowest 5% so it reflects steady-state behaviour.\n",
+    "- As pressure builds you should see the colors walk from index 0 upward as the priority-1 backend trips and traffic fails over to lower tiers.\n",
+    "\n",
+    "**Backend index legend**\n",
+    "\n",
+    "| Index | gpt-5.1 pool | gpt-4.1-mini pool |\n",
+    "| --- | --- | --- |\n",
+    "| 0 | a-gpt-5-1 (P1) | c-gpt-4-1-mini (P1) |\n",
+    "| 1 | b-gpt-5-1 (P2) | d-gpt-4-1-mini (P2) |\n",
+    "| 2 | d-gpt-5-1 (P3) | f-gpt-4-1-mini (P3) |\n",
+    "| 3 | e-gpt-5-1 (P4) | h-gpt-4-1-mini (P4) |\n",
+    "| 4 | g-gpt-5-1 (P4) | - |\n",
+    "\n",
+    "> If every bar is the same color and labeled index 99, the gateway did not rewrite the request URL to the resolved pool member (the `X-Backend-Id` header returned `unknown`). The scenarios and the server-side distribution below remain valid; only the per-run backend coloring is unavailable.\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "6aad921a",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "import charts\n",
+    "from console import print_error\n",
+    "\n",
+    "if 'scenario5_gpt_5_1' not in locals():\n",
+    "    print_error('Please run the scenario cell first')\n",
+    "    raise SystemExit(1)\n",
+    "\n",
+    "scenario_charts = [\n",
+    "    (scenario1_gpt_5_1, 'Scenario 1 - Baseline warm path (gpt-5.1)',\n",
+    "     'Small requests on a fresh pool stay on the priority-1 backend (index 0).'),\n",
+    "    (scenario1_gpt_4_1_mini, 'Scenario 1 - Baseline warm path (gpt-4.1-mini)',\n",
+    "     'Small requests on a fresh pool stay on the priority-1 backend (index 0).'),\n",
+    "    (scenario2_gpt_5_1, 'Scenario 2 - Sustained pressure (gpt-5.1, no spacing)',\n",
+    "     'Low-TPM exhaustion forces throttling and failover across tiers; red bars are non-200 responses.'),\n",
+    "    (scenario3_gpt_4_1_mini, 'Scenario 3 - Sustained pressure (gpt-4.1-mini, no spacing)',\n",
+    "     'The gpt-4.1-mini pool exhausts independently of gpt-5.1.'),\n",
+    "    (scenario4_gpt_5_1, 'Scenario 4 - Paced recovery (gpt-5.1, 1.5s spacing)',\n",
+    "     'Inter-request spacing lets circuit breakers recover, lifting the success rate versus scenario 2.'),\n",
+    "    (scenario5_gpt_5_1, 'Scenario 5 - Terminal exhaustion (gpt-5.1, hard burst)',\n",
+    "     'A hard burst drains every tier; terminal 503s appear once all backends are tripped.'),\n",
+    "]\n",
+    "\n",
+    "for scenario_results, chart_title, chart_note in scenario_charts:\n",
+    "    charts.BarChart(\n",
+    "        api_results = scenario_results,\n",
+    "        title = chart_title,\n",
+    "        x_label = 'Run #',\n",
+    "        y_label = 'Response Time (ms)',\n",
+    "        fig_text = chart_note,\n",
+    "    ).plot()\n"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "1340f31e",
+   "metadata": {},
+   "source": [
+    "## [Verify] Wait For AI Gateway Telemetry\n",
+    "\n",
+    "Poll the existing Log Analytics workspace for gateway rows and token-bearing LLM diagnostic rows created by the traffic block. Ingestion normally takes several minutes."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "bb466844",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pathlib import Path\n",
+    "\n",
+    "from console import print_error, print_ok, print_warning\n",
+    "\n",
+    "if 'log_analytics_id' not in locals():\n",
+    "    print_error('Please run the deployment and traffic cells first')\n",
+    "    raise SystemExit(1)\n",
+    "\n",
+    "api_ids_binding = \"let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);\\n\"\n",
+    "time_binding = 'let timeWindow = 30m;\\n'\n",
+    "verify_path = utils.determine_policy_path('verify-llm-ingestion.kql', sample_folder)\n",
+    "verify_template = Path(verify_path).read_text(encoding='utf-8')\n",
+    "verification_query = time_binding + api_ids_binding + verify_template\n",
+    "telemetry_found, telemetry_result, telemetry_rows = nb_helper.wait_for_kql(\n",
+    "    log_analytics_id,\n",
+    "    verification_query,\n",
+    "    api_path='/api/query',\n",
+    "    api_version='2020-08-01',\n",
+    "    progress_label='AI telemetry rows',\n",
+    ")\n",
+    "\n",
+    "if telemetry_found:\n",
+    "    request_rows, successful_requests, unavailable_responses, token_rows, total_tokens = telemetry_rows[0]\n",
+    "    print_ok(f'Telemetry ready: {request_rows} requests, {token_rows} token-bearing requests, {total_tokens} tokens')\n",
+    "    if unavailable_responses:\n",
+    "        print_ok(f'Observed {unavailable_responses} terminal 503 responses after fallback exhaustion')\n",
+    "elif telemetry_result is not None and telemetry_result.success:\n",
+    "    print_warning('Token-bearing telemetry has not arrived yet; wait a few minutes and rerun this cell')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "c51bbc9b",
+   "metadata": {},
+   "source": [
+    "## [Verify] Plot Backend Distribution And Token Volume\n",
+    "\n",
+    "Query the same AOAI-only data surfaced in the deployed workbook and render local graphs for route distribution and token consumption."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "db8c37f4",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pathlib import Path\n",
+    "\n",
+    "import matplotlib.pyplot as plt\n",
+    "import pandas as pd\n",
+    "\n",
+    "from console import print_info, print_warning\n",
+    "\n",
+    "distribution_path = utils.determine_policy_path('backend-distribution.kql', sample_folder)\n",
+    "token_path = utils.determine_policy_path('token-throughput.kql', sample_folder)\n",
+    "distribution_template = Path(distribution_path).read_text(encoding='utf-8')\n",
+    "token_template = Path(token_path).read_text(encoding='utf-8')\n",
+    "bindings = \"let timeWindow = 1h;\\nlet apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);\\n\"\n",
+    "distribution_found, _, distribution_rows = nb_helper.wait_for_kql(\n",
+    "    log_analytics_id,\n",
+    "    bindings + distribution_template,\n",
+    "    schedule=[0],\n",
+    "    progress_label='distribution rows',\n",
+    ")\n",
+    "tokens_found, _, token_rows = nb_helper.wait_for_kql(\n",
+    "    log_analytics_id,\n",
+    "    bindings + token_template,\n",
+    "    schedule=[0],\n",
+    "    progress_label='token rows',\n",
+    ")\n",
+    "\n",
+    "if distribution_found:\n",
+    "    distribution_frame = pd.DataFrame(\n",
+    "        distribution_rows,\n",
+    "        columns=['API', 'Backend', 'Requests', 'Successes', 'Throttled', 'Failures', 'AverageBackendMs', 'SuccessRate'],\n",
+    "    )\n",
+    "    display(distribution_frame)\n",
+    "    distribution_frame.pivot(index='Backend', columns='API', values='Requests').fillna(0).plot(\n",
+    "        kind='bar',\n",
+    "        figsize=(12, 5),\n",
+    "        title='Gateway-recorded request distribution by backend',\n",
+    "    )\n",
+    "    plt.xlabel('Backend')\n",
+    "    plt.ylabel('Requests')\n",
+    "    plt.tight_layout()\n",
+    "    plt.show()\n",
+    "else:\n",
+    "    print_warning('No gateway distribution rows returned yet')\n",
+    "\n",
+    "if tokens_found:\n",
+    "    token_frame = pd.DataFrame(\n",
+    "        token_rows,\n",
+    "        columns=['API', 'Backend', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens'],\n",
+    "    )\n",
+    "    display(token_frame)\n",
+    "    token_frame.groupby('API')['TotalTokens'].sum().plot(\n",
+    "        kind='bar',\n",
+    "        figsize=(8, 4),\n",
+    "        title='LLM token volume by inference API',\n",
+    "    )\n",
+    "    plt.xlabel('Inference API')\n",
+    "    plt.ylabel('Total tokens')\n",
+    "    plt.xticks(rotation=0)\n",
+    "    plt.tight_layout()\n",
+    "    plt.show()\n",
+    "else:\n",
+    "    print_info('No token rows returned yet; successful inference rows may still be ingesting')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "93057a50",
+   "metadata": {},
+   "source": [
+    "## Open Azure Views\n",
+    "\n",
+    "Print links to the deployed workbook, Log Analytics workspace, and APIM instance for deeper exploration after the notebook graphs complete."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "77ab0662",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from console import print_ok, print_val\n",
+    "\n",
+    "portal_base = f'https://portal.azure.com/#@{tenant_id}/resource'\n",
+    "apim_id = (\n",
+    "    f'/subscriptions/{subscription_id}/resourceGroups/{rg_name}'\n",
+    "    f'/providers/Microsoft.ApiManagement/service/{apim_name}'\n",
+    ")\n",
+    "print_val('Workbook', f'{portal_base}{workbook_id}/workbook')\n",
+    "print_val('Log Analytics', f'{portal_base}{log_analytics_id}/logs')\n",
+    "print_val('API Management', f'{portal_base}{apim_id}/overview')\n",
+    "print_ok('All done!')"
+   ]
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python (.venv)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.12.0"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}
diff --git a/samples/inference-failover/failover-outcomes.kql b/samples/inference-failover/failover-outcomes.kql
new file mode 100644
index 00000000..f064c139
--- /dev/null
+++ b/samples/inference-failover/failover-outcomes.kql
@@ -0,0 +1,12 @@
+// Reports terminal response outcomes while pressure traffic exercises failover.
+//
+// Parameters (prepend as KQL 'let' bindings before running):
+//   let timeWindow = 1h;
+//   let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+//
+ApiManagementGatewayLogs
+| where TimeGenerated > ago(timeWindow)
+| where ApiId in~ (apiIds)
+| extend Outcome = case(ResponseCode between (200 .. 299), 'Successful inference', ResponseCode == 503, 'Fallback exhausted', ResponseCode == 429, 'Backend throttled', 'Other')
+| summarize Requests = count(), AverageBackendMs = round(avg(BackendTime), 1) by ApiId, Outcome, ResponseCode
+| order by ApiId asc, Requests desc
diff --git a/samples/inference-failover/inference-api-policy.xml b/samples/inference-failover/inference-api-policy.xml
new file mode 100644
index 00000000..1c2041bc
--- /dev/null
+++ b/samples/inference-failover/inference-api-policy.xml
@@ -0,0 +1,45 @@
+<!--
+    Inference API policy template.
+
+    The notebook replaces BACKEND_POOL_ID and RETRY_COUNT for each model-safe API.
+    Managed identity authentication is applied after pool selection, so every selected
+    Azure OpenAI backend receives a bearer token rather than an API key.
+-->
+<policies>
+    <inbound>
+        <base />
+        <set-backend-service backend-id="BACKEND_POOL_ID" />
+        <authentication-managed-identity resource="https://cognitiveservices.azure.com" output-token-variable-name="managed-id-access-token" ignore-error="false" />
+        <set-header name="Authorization" exists-action="override">
+            <value>@("Bearer " + (string)context.Variables["managed-id-access-token"])</value>
+        </set-header>
+        <set-header name="x-ms-client-request-id" exists-action="override">
+            <value>@(context.RequestId.ToString())</value>
+        </set-header>
+        <set-query-parameter name="api-version" exists-action="skip">
+            <value>2024-10-21</value>
+        </set-query-parameter>
+    </inbound>
+    <backend>
+        <retry count="RETRY_COUNT" interval="1" first-fast-retry="true" condition="@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503))">
+            <forward-request buffer-request-body="true" />
+        </retry>
+    </backend>
+    <outbound>
+        <choose>
+            <when condition="@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503))">
+                <return-response>
+                    <set-status code="503" reason="Inference Service Unavailable" />
+                    <set-header name="Content-Type" exists-action="override">
+                        <value>application/json</value>
+                    </set-header>
+                    <set-body>{"error":"Inference service is temporarily unavailable."}</set-body>
+                </return-response>
+            </when>
+        </choose>
+        <base />
+    </outbound>
+    <on-error>
+        <base />
+    </on-error>
+</policies>
diff --git a/samples/inference-failover/inference-failover.workbook.json b/samples/inference-failover/inference-failover.workbook.json
new file mode 100644
index 00000000..7c4f38b7
--- /dev/null
+++ b/samples/inference-failover/inference-failover.workbook.json
@@ -0,0 +1,292 @@
+{
+  "$schema": "https://raw.githubusercontent.com/Microsoft/Application-Insights-Workbooks/refs/heads/master/schema/workbook.json",
+  "fallbackResourceIds": [
+    "Azure Monitor"
+  ],
+  "fromTemplateId": "sentinel-UserWorkbook",
+  "items": [
+    {
+      "content": {
+        "parameters": [
+          {
+            "id": "2dcab739-1e33-4495-b408-980007ee8bd2",
+            "isRequired": true,
+            "label": "Time Range",
+            "name": "TimeRange",
+            "type": 4,
+            "typeSettings": {
+              "allowCustom": true,
+              "selectableValues": [
+                {
+                  "durationMs": 3600000
+                },
+                {
+                  "durationMs": 14400000
+                },
+                {
+                  "durationMs": 86400000
+                }
+              ]
+            },
+            "value": {
+              "durationMs": 3600000
+            },
+            "version": "KqlParameterItem/1.0"
+          },
+          {
+            "id": "f0a1b2c3-d4e5-6789-abcd-tab000000001",
+            "isHiddenWhenLocked": true,
+            "label": "Selected Tab",
+            "name": "selectedTab",
+            "type": 1,
+            "value": "overview",
+            "version": "KqlParameterItem/1.0"
+          }
+        ],
+        "queryType": 0,
+        "resourceType": "microsoft.operationalinsights/workspaces",
+        "style": "pills",
+        "version": "KqlParameterItem/1.0"
+      },
+      "name": "parameters - shared",
+      "type": 9
+    },
+    {
+      "content": {
+        "links": [
+          {
+            "cellValue": "selectedTab",
+            "id": "f0a1b2c3-d4e5-6789-abcd-tab000000010",
+            "linkTarget": "parameter",
+            "linkLabel": "Overview",
+            "preText": "",
+            "style": "link",
+            "subTarget": "overview"
+          },
+          {
+            "cellValue": "selectedTab",
+            "id": "f0a1b2c3-d4e5-6789-abcd-tab000000011",
+            "linkTarget": "parameter",
+            "linkLabel": "Failover Outcomes",
+            "preText": "",
+            "style": "link",
+            "subTarget": "outcomes"
+          },
+          {
+            "cellValue": "selectedTab",
+            "id": "f0a1b2c3-d4e5-6789-abcd-tab000000012",
+            "linkTarget": "parameter",
+            "linkLabel": "Backend Distribution",
+            "preText": "",
+            "style": "link",
+            "subTarget": "distribution"
+          },
+          {
+            "cellValue": "selectedTab",
+            "id": "f0a1b2c3-d4e5-6789-abcd-tab000000013",
+            "linkTarget": "parameter",
+            "linkLabel": "Tokens & Latency",
+            "preText": "",
+            "style": "link",
+            "subTarget": "tokens"
+          }
+        ],
+        "style": "tabs",
+        "version": "LinkItem/1.0"
+      },
+      "name": "links - tabs",
+      "type": 11
+    },
+    {
+      "conditionalVisibility": {
+        "comparison": "isEqualTo",
+        "parameterName": "selectedTab",
+        "value": "overview"
+      },
+      "content": {
+        "groupType": "editable",
+        "items": [
+          {
+            "content": {
+              "json": "# Inference Failover Telemetry\n\nThis workbook observes Azure OpenAI inference requests routed through APIM backend pools. All model deployments are regional `Standard` pay-as-you-go deployments with deliberately small capacity. The `PTU` labels describe the preference tiers simulated by the policy; they do not represent provisioned throughput billing or capacity.\n\nThe workbook is intentionally limited to AI traffic: terminal response outcomes, concrete backend distribution when recorded by gateway logs, latency, and LLM token consumption. A `503` terminal response means the fallback chain was exhausted; it does not reveal backend placement details to callers.\n\n**Pick a Time Range** at the top - it applies to every tab. Then open the tab that matches your question."
+            },
+            "name": "text - overview-intro",
+            "type": 1
+          },
+          {
+            "content": {
+              "expandable": true,
+              "expanded": true,
+              "groupType": "editable",
+              "items": [
+                {
+                  "content": {
+                    "json": "| Tab | Question it answers |\n|---|---|\n| **Failover Outcomes** | How did terminal responses break down - successful, throttled, or fallback exhausted? |\n| **Backend Distribution** | Which backends served traffic, and how often did each fail over or return `503`? |\n| **Tokens & Latency** | How many tokens were consumed per model, and how did backend latency trend over time? |"
+                  },
+                  "name": "text - overview-tabmap",
+                  "type": 1
+                }
+              ],
+              "loadType": "always",
+              "title": "What each tab shows",
+              "version": "NotebookGroup/1.0"
+            },
+            "name": "group - overview-tabmap",
+            "type": 12
+          },
+          {
+            "content": {
+              "expandable": true,
+              "expanded": false,
+              "groupType": "editable",
+              "items": [
+                {
+                  "content": {
+                    "json": "- Successful token-bearing calls appear in both gateway logs and `ApiManagementGatewayLlmLog`.\n- Backend `429` or `503` responses can open a circuit for one minute and move later attempts through the preference chain.\n- Requests returning the terminal generic `503` have exhausted eligible fallback capacity and do not carry token usage.\n- Health probes are not model requests; serviceability is demonstrated by real inference traffic in the notebook harness."
+                  },
+                  "name": "text - overview-signal-notes",
+                  "type": 1
+                }
+              ],
+              "loadType": "always",
+              "title": "Reading the signals",
+              "version": "NotebookGroup/1.0"
+            },
+            "name": "group - overview-signals",
+            "type": 12
+          }
+        ],
+        "version": "NotebookGroup/1.0"
+      },
+      "name": "group - tab-1-overview",
+      "type": 12
+    },
+    {
+      "conditionalVisibility": {
+        "comparison": "isEqualTo",
+        "parameterName": "selectedTab",
+        "value": "outcomes"
+      },
+      "content": {
+        "groupType": "editable",
+        "items": [
+          {
+            "content": {
+              "json": "## Failover Outcomes\n\nTerminal response outcomes for the inference APIs. A `503` means the fallback chain was exhausted; `429` indicates a throttled backend that may have triggered failover."
+            },
+            "name": "text - outcomes",
+            "type": 1
+          },
+          {
+            "content": {
+              "noDataMessage": "No inference requests found for the selected time range.",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend Outcome = case(ResponseCode between (200 .. 299), 'Successful inference', ResponseCode == 503, 'Fallback exhausted', ResponseCode == 429, 'Backend throttled', 'Other')\n| summarize Requests = count() by Outcome\n| order by Requests desc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "tiles"
+            },
+            "name": "query - outcome-summary",
+            "type": 3
+          }
+        ],
+        "version": "NotebookGroup/1.0"
+      },
+      "name": "group - tab-2-outcomes",
+      "type": 12
+    },
+    {
+      "conditionalVisibility": {
+        "comparison": "isEqualTo",
+        "parameterName": "selectedTab",
+        "value": "distribution"
+      },
+      "content": {
+        "groupType": "editable",
+        "items": [
+          {
+            "content": {
+              "json": "## Backend Distribution\n\nWhich backends served traffic for each API, including how many requests were successful versus unavailable. When gateway logs do not record a backend, the row is labeled `(backend not recorded)`."
+            },
+            "name": "text - distribution",
+            "type": 1
+          },
+          {
+            "content": {
+              "noDataMessage": "No backend distribution data found for the selected time range.",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project ApiId, BackendId, ResponseCode\n| extend Backend = iff(isempty(BackendId), '(backend not recorded)', BackendId)\n| summarize Requests = count(), Successful = countif(ResponseCode between (200 .. 299)), Unavailable = countif(ResponseCode == 503) by ApiId, Backend\n| order by ApiId asc, Requests desc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "barchart"
+            },
+            "name": "query - backend-distribution",
+            "type": 3
+          }
+        ],
+        "version": "NotebookGroup/1.0"
+      },
+      "name": "group - tab-3-distribution",
+      "type": 12
+    },
+    {
+      "conditionalVisibility": {
+        "comparison": "isEqualTo",
+        "parameterName": "selectedTab",
+        "value": "tokens"
+      },
+      "content": {
+        "groupType": "editable",
+        "items": [
+          {
+            "content": {
+              "json": "## Tokens & Latency\n\nLLM token consumption per model and backend from `ApiManagementGatewayLlmLog`, plus the backend latency trend over time. Only successful, token-bearing responses contribute token totals."
+            },
+            "name": "text - tokens",
+            "type": 1
+          },
+          {
+            "content": {
+              "noDataMessage": "No successful token-bearing inference rows found for the selected time range.",
+              "query": "let routes = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, BackendId);\nApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| where TotalTokens > 0 and isnotempty(ModelName)\n| project CorrelationId, ModelName, PromptTokens, CompletionTokens, TotalTokens\n| summarize PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by CorrelationId, ModelName\n| join kind=inner routes on CorrelationId\n| extend Backend = iff(isempty(BackendId), '(backend not recorded)', BackendId)\n| summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, Backend, ModelName\n| order by TotalTokens desc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "table"
+            },
+            "name": "query - token-throughput",
+            "type": 3
+          },
+          {
+            "content": {
+              "noDataMessage": "No latency data found for the selected time range.",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| summarize AverageBackendMs = round(avg(BackendTime), 1), P95BackendMs = round(percentile(BackendTime, 95), 1), Requests = count() by bin(TimeGenerated, 5m), ApiId\n| order by TimeGenerated asc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "timechart"
+            },
+            "name": "query - backend-latency-trend",
+            "type": 3
+          }
+        ],
+        "version": "NotebookGroup/1.0"
+      },
+      "name": "group - tab-4-tokens",
+      "type": 12
+    }
+  ],
+  "version": "Notebook/1.0"
+}
diff --git a/samples/inference-failover/main.bicep b/samples/inference-failover/main.bicep
new file mode 100644
index 00000000..20a1cba2
--- /dev/null
+++ b/samples/inference-failover/main.bicep
@@ -0,0 +1,426 @@
+// ------------------------------
+//    PARAMETERS
+// ------------------------------
+
+@description('Location to be used for sample-scoped resources. Defaults to the resource group location.')
+param location string = resourceGroup().location
+
+@description('The unique suffix to append. Defaults to a unique string based on subscription and resource group IDs.')
+param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id)
+
+@description('Name of the existing API Management service.')
+param apimName string = 'apim-${resourceSuffix}'
+
+@description('Deployment index for readable sample resource naming.')
+param index int = 1
+
+@description('Name of the existing infrastructure-deployed Application Insights component to reuse for API diagnostics.')
+param appInsightsName string = 'appi-${resourceSuffix}'
+
+@description('Name of the existing infrastructure-deployed Log Analytics workspace to reuse for AI Gateway telemetry.')
+param logAnalyticsWorkspaceName string = 'log-${resourceSuffix}'
+
+@description('Array of inference APIs assembled by the notebook.')
+param apis array = []
+
+
+// ------------------------------
+//    VARIABLES
+// ------------------------------
+
+@description('Resource ID of the Cognitive Services OpenAI User built-in role assigned to the APIM managed identity.')
+var openAiUserRoleDefinitionId = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd')
+
+@description('Suffix for the APIM diagnostic setting associated with this sample.')
+var diagnosticsSuffix = 'inference-failover-${index}'
+
+@description('Display name of the telemetry workbook deployed for this sample.')
+var workbookName = 'APIM Inference Failover ${index}'
+
+@description('Deterministic resource name of the telemetry workbook.')
+var workbookResourceName = guid(resourceGroup().id, 'inference-failover', string(index))
+
+@description('Regional Azure OpenAI resources used as the source of model-safe backend destinations.')
+var aoaiAccounts = [
+  {
+    name: 'oai-if-eastus2-${index}-${take(resourceSuffix, 6)}'
+    location: 'eastus2'
+  }
+  {
+    name: 'oai-if-westus3-${index}-${take(resourceSuffix, 6)}'
+    location: 'westus3'
+  }
+  {
+    name: 'oai-if-southcentral-${index}-${take(resourceSuffix, 6)}'
+    location: 'southcentralus'
+  }
+]
+@description('Azure OpenAI model deployments and their concrete APIM backend identity labels.')
+var deployments = [
+  {
+    accountIndex: 0
+    backendName: 'gpt-5-1-PTU-eastus2'
+    deploymentName: 'a-gpt-5-1'
+    modelName: 'gpt-5.1'
+    modelVersion: '2025-11-13'
+    region: 'eastus2'
+    route: 'In-region PTU'
+  }
+  {
+    accountIndex: 1
+    backendName: 'gpt-5-1-PTU-westus3'
+    deploymentName: 'd-gpt-5-1'
+    modelName: 'gpt-5.1'
+    modelVersion: '2025-11-13'
+    region: 'westus3'
+    route: 'Out-of-region PTU'
+  }
+  {
+    accountIndex: 0
+    backendName: 'gpt-5-1-PAYGO-eastus2'
+    deploymentName: 'b-gpt-5-1'
+    modelName: 'gpt-5.1'
+    modelVersion: '2025-11-13'
+    region: 'eastus2'
+    route: 'In-region PAYG'
+  }
+  {
+    accountIndex: 1
+    backendName: 'gpt-5-1-PAYGO-westus3'
+    deploymentName: 'e-gpt-5-1'
+    modelName: 'gpt-5.1'
+    modelVersion: '2025-11-13'
+    region: 'westus3'
+    route: 'Out-of-region PAYG'
+  }
+  {
+    accountIndex: 2
+    backendName: 'gpt-5-1-PAYGO-southcentralus'
+    deploymentName: 'g-gpt-5-1'
+    modelName: 'gpt-5.1'
+    modelVersion: '2025-11-13'
+    region: 'southcentralus'
+    route: 'Out-of-region PAYG'
+  }
+  {
+    accountIndex: 0
+    backendName: 'gpt-4-1-mini-PTU-eastus2'
+    deploymentName: 'c-gpt-4-1-mini'
+    modelName: 'gpt-4.1-mini'
+    modelVersion: '2025-04-14'
+    region: 'eastus2'
+    route: 'In-region PTU'
+  }
+  {
+    accountIndex: 1
+    backendName: 'gpt-4-1-mini-PTU-westus3'
+    deploymentName: 'f-gpt-4-1-mini'
+    modelName: 'gpt-4.1-mini'
+    modelVersion: '2025-04-14'
+    region: 'westus3'
+    route: 'Out-of-region PTU'
+  }
+  {
+    accountIndex: 0
+    backendName: 'gpt-4-1-mini-PAYGO-eastus2'
+    deploymentName: 'd-gpt-4-1-mini'
+    modelName: 'gpt-4.1-mini'
+    modelVersion: '2025-04-14'
+    region: 'eastus2'
+    route: 'In-region PAYG'
+  }
+  {
+    accountIndex: 2
+    backendName: 'gpt-4-1-mini-PAYGO-southcentralus'
+    deploymentName: 'h-gpt-4-1-mini'
+    modelName: 'gpt-4.1-mini'
+    modelVersion: '2025-04-14'
+    region: 'southcentralus'
+    route: 'Out-of-region PAYG'
+  }
+]
+
+
+// ------------------------------
+//    EXISTING INFRASTRUCTURE RESOURCES
+// ------------------------------
+
+// https://learn.microsoft.com/azure/templates/microsoft.apimanagement/service
+resource apimService 'Microsoft.ApiManagement/service@2024-06-01-preview' existing = {
+  name: apimName
+}
+
+// https://learn.microsoft.com/azure/templates/microsoft.insights/components
+resource appInsights 'Microsoft.Insights/components@2020-02-02' existing = {
+  name: appInsightsName
+}
+
+// https://learn.microsoft.com/azure/templates/microsoft.operationalinsights/workspaces
+resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
+  name: logAnalyticsWorkspaceName
+}
+
+
+// ------------------------------
+//    AZURE OPENAI DEPLOYMENTS
+// ------------------------------
+
+// https://learn.microsoft.com/azure/templates/microsoft.cognitiveservices/accounts
+resource openAiAccounts 'Microsoft.CognitiveServices/accounts@2024-10-01' = [for account in aoaiAccounts: {
+  name: account.name
+  location: account.location
+  kind: 'OpenAI'
+  sku: {
+    name: 'S0'
+  }
+  properties: {
+    customSubDomainName: account.name
+    disableLocalAuth: true
+    publicNetworkAccess: 'Enabled'
+  }
+}]
+
+// All deployments use regional Standard PAYG capacity. The PTU/PAYGO label is only the route tier being simulated.
+// https://learn.microsoft.com/azure/templates/microsoft.cognitiveservices/accounts/deployments
+@batchSize(1)
+resource openAiDeployments 'Microsoft.CognitiveServices/accounts/deployments@2024-10-01' = [for deployment in deployments: {
+  name: deployment.deploymentName
+  parent: openAiAccounts[deployment.accountIndex]
+  sku: {
+    name: 'Standard'
+    capacity: 1
+  }
+  properties: {
+    model: {
+      format: 'OpenAI'
+      name: deployment.modelName
+      version: deployment.modelVersion
+    }
+  }
+}]
+
+// https://learn.microsoft.com/azure/templates/microsoft.authorization/roleassignments
+resource apimOpenAiRoleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (account, accountIndex) in aoaiAccounts: {
+  name: guid(openAiAccounts[accountIndex].id, apimService.id, openAiUserRoleDefinitionId)
+  scope: openAiAccounts[accountIndex]
+  properties: {
+    principalId: apimService.identity.principalId
+    principalType: 'ServicePrincipal'
+    roleDefinitionId: openAiUserRoleDefinitionId
+  }
+}]
+
+
+// ------------------------------
+//    AI GATEWAY ROUTING
+// ------------------------------
+
+// Each backend targets exactly one compatible deployment. Managed identity authentication is applied by the inference API policy for the selected backend.
+// https://learn.microsoft.com/azure/templates/microsoft.apimanagement/service/backends
+resource inferenceBackends 'Microsoft.ApiManagement/service/backends@2024-06-01-preview' = [for (deployment, deploymentIndex) in deployments: {
+  name: deployment.backendName
+  parent: apimService
+  properties: {
+    description: '${deployment.route}: ${deployment.deploymentName} (${deployment.modelName})'
+    protocol: 'http'
+    type: 'Single'
+    url: '${openAiAccounts[deployment.accountIndex].properties.endpoint}openai/deployments/${deployment.deploymentName}'
+    tls: {
+      validateCertificateChain: true
+      validateCertificateName: true
+    }
+    circuitBreaker: {
+      rules: [
+        {
+          name: 'throttled-or-unavailable'
+          acceptRetryAfter: true
+          failureCondition: {
+            count: 1
+            errorReasons: [
+              'Server errors'
+            ]
+            interval: 'PT1M'
+            statusCodeRanges: [
+              {
+                min: 429
+                max: 429
+              }
+              {
+                min: 503
+                max: 503
+              }
+            ]
+          }
+          tripDuration: 'PT1M'
+        }
+      ]
+    }
+  }
+  dependsOn: [
+    apimOpenAiRoleAssignments
+    openAiDeployments[deploymentIndex]
+  ]
+}]
+
+module gpt51BackendPool '../../shared/bicep/modules/apim/v1/backend-pool.bicep' = {
+  name: 'pool-gpt-5-1'
+  params: {
+    apimName: apimName
+    backendPoolName: 'inference-gpt-5-1-pool'
+    backendPoolDescription: 'gpt-5.1 routing preference: in-region PTU, out-of-region PTU, in-region PAYG, then equal-weight out-of-region PAYG.'
+    backends: [
+      {
+        name: 'gpt-5-1-PTU-eastus2'
+        priority: 1
+        weight: 100
+      }
+      {
+        name: 'gpt-5-1-PTU-westus3'
+        priority: 2
+        weight: 100
+      }
+      {
+        name: 'gpt-5-1-PAYGO-eastus2'
+        priority: 3
+        weight: 100
+      }
+      {
+        name: 'gpt-5-1-PAYGO-westus3'
+        priority: 4
+        weight: 50
+      }
+      {
+        name: 'gpt-5-1-PAYGO-southcentralus'
+        priority: 4
+        weight: 50
+      }
+    ]
+  }
+  dependsOn: [
+    inferenceBackends
+  ]
+}
+
+module gpt41MiniBackendPool '../../shared/bicep/modules/apim/v1/backend-pool.bicep' = {
+  name: 'pool-gpt-4-1-mini'
+  params: {
+    apimName: apimName
+    backendPoolName: 'inference-gpt-4-1-mini-pool'
+    backendPoolDescription: 'gpt-4.1-mini routing preference: in-region PTU, out-of-region PTU, in-region PAYG, then out-of-region PAYG.'
+    backends: [
+      {
+        name: 'gpt-4-1-mini-PTU-eastus2'
+        priority: 1
+        weight: 100
+      }
+      {
+        name: 'gpt-4-1-mini-PTU-westus3'
+        priority: 2
+        weight: 100
+      }
+      {
+        name: 'gpt-4-1-mini-PAYGO-eastus2'
+        priority: 3
+        weight: 100
+      }
+      {
+        name: 'gpt-4-1-mini-PAYGO-southcentralus'
+        priority: 4
+        weight: 100
+      }
+    ]
+  }
+  dependsOn: [
+    inferenceBackends
+  ]
+}
+
+module apimDiagnostics '../../shared/bicep/modules/apim/v1/diagnostics.bicep' = {
+  name: 'diagnostics-inference-failover'
+  params: {
+    location: location
+    apimServiceName: apimName
+    apimResourceGroupName: resourceGroup().name
+    diagnosticSettingsNameSuffix: diagnosticsSuffix
+    enableApplicationInsights: false
+    enableLlmLogs: true
+    enableLogAnalytics: true
+    logAnalyticsWorkspaceId: logAnalyticsWorkspace.id
+  }
+}
+
+module inferenceApis '../../shared/bicep/modules/apim/v1/api.bicep' = [for api in apis: if (!empty(apis)) {
+  name: 'api-${api.name}'
+  params: {
+    api: api
+    apimName: apimName
+    appInsightsId: appInsights.id
+    appInsightsInstrumentationKey: appInsights.properties.InstrumentationKey
+  }
+  dependsOn: [
+    apimDiagnostics
+    gpt51BackendPool
+    gpt41MiniBackendPool
+  ]
+}]
+
+
+// ------------------------------
+//    TELEMETRY WORKBOOK
+// ------------------------------
+
+// https://learn.microsoft.com/azure/templates/microsoft.insights/workbooks
+resource workbook 'Microsoft.Insights/workbooks@2023-06-01' = {
+  name: workbookResourceName
+  location: location
+  kind: 'shared'
+  properties: {
+    category: 'APIM'
+    displayName: workbookName
+    serializedData: string(loadJsonContent('inference-failover.workbook.json'))
+    sourceId: logAnalyticsWorkspace.id
+    version: '1.0'
+  }
+}
+
+
+// ------------------------------
+//    OUTPUTS
+// ------------------------------
+
+@description('Name of the existing Application Insights component used for API diagnostics.')
+output applicationInsightsName string = appInsights.name
+
+@description('Name of the existing Log Analytics workspace used for gateway and LLM telemetry.')
+output logAnalyticsWorkspaceName string = logAnalyticsWorkspace.name
+
+@description('Resource ID of the Log Analytics workspace.')
+output logAnalyticsWorkspaceId string = logAnalyticsWorkspace.id
+
+@description('Name of the existing APIM service.')
+output apimServiceName string = apimService.name
+
+@description('APIM gateway URL.')
+output apimResourceGatewayURL string = apimService.properties.gatewayUrl
+
+@description('Display name of the deployed telemetry workbook.')
+output workbookName string = workbookName
+
+@description('Resource ID of the deployed telemetry workbook.')
+output workbookId string = workbook.id
+
+@description('Regional Azure OpenAI resource names deployed for the experiment.')
+output openAiAccountNames array = [for account in aoaiAccounts: account.name]
+
+@description('Model deployment names deployed for the experiment.')
+output modelDeploymentNames array = [for deployment in deployments: deployment.deploymentName]
+
+@description('Per-API subscription metadata and keys required by notebook request tests.')
+output apiOutputs array = [for (api, apiIndex) in apis: {
+  name: api.name
+  resourceId: inferenceApis[apiIndex].?outputs.?apiResourceId ?? ''
+  displayName: inferenceApis[apiIndex].?outputs.?apiDisplayName ?? ''
+  subscriptionName: inferenceApis[apiIndex].?outputs.?subscriptionName ?? ''
+  #disable-next-line outputs-should-not-contain-secrets // Intentional: notebook needs API-scoped keys for test traffic.
+  subscriptionPrimaryKey: inferenceApis[apiIndex].?outputs.?subscriptionPrimaryKey ?? ''
+}]
diff --git a/samples/inference-failover/token-throughput.kql b/samples/inference-failover/token-throughput.kql
new file mode 100644
index 00000000..d748a9e3
--- /dev/null
+++ b/samples/inference-failover/token-throughput.kql
@@ -0,0 +1,18 @@
+// Aggregates token telemetry for successful inference requests by model route.
+//
+// Parameters (prepend as KQL 'let' bindings before running):
+//   let timeWindow = 1h;
+//   let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+//
+let requestRoutes = ApiManagementGatewayLogs
+| where TimeGenerated > ago(timeWindow)
+| where ApiId in~ (apiIds)
+| project CorrelationId, ApiId, BackendId;
+ApiManagementGatewayLlmLog
+| where TimeGenerated > ago(timeWindow)
+| where TotalTokens > 0 and isnotempty(ModelName)
+| summarize PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by CorrelationId, ModelName
+| join kind=inner requestRoutes on CorrelationId
+| extend Backend = iff(isempty(BackendId), '(backend not recorded)', BackendId)
+| summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, Backend, ModelName
+| order by TotalTokens desc
diff --git a/samples/inference-failover/update-workbook.ps1 b/samples/inference-failover/update-workbook.ps1
new file mode 100644
index 00000000..4858fefc
--- /dev/null
+++ b/samples/inference-failover/update-workbook.ps1
@@ -0,0 +1,57 @@
+param(
+    [Parameter(Mandatory = $true)]
+    [ValidateNotNullOrEmpty()]
+    [string] $rg
+)
+
+Write-Host '=== Update Inference Failover Workbook ===' -ForegroundColor Cyan
+
+$displayNamePrefix = 'APIM Inference Failover'
+$workbookJsonPath = Join-Path $PSScriptRoot 'inference-failover.workbook.json'
+$candidatesJson = az resource list -g $rg --resource-type 'microsoft.insights/workbooks' --query "[?tags.\`"hidden-title\`" != null && starts_with(tags.\`"hidden-title\`", '$displayNamePrefix')].id" -o json
+$candidates = @()
+if (-not [string]::IsNullOrWhiteSpace($candidatesJson)) {
+    $candidates = @($candidatesJson | ConvertFrom-Json)
+}
+
+if ($candidates.Count -ne 1) {
+    throw "Expected exactly one workbook beginning '$displayNamePrefix' in resource group '$rg'; found $($candidates.Count). Deploy the sample or remove orphaned workbooks first."
+}
+
+$workbookId = $candidates[0]
+$existingJson = az rest --method get --uri $workbookId --url-parameters 'api-version=2022-04-01' 'canFetchContent=true'
+$existing = $existingJson | ConvertFrom-Json
+$sourceWorkbook = Get-Content $workbookJsonPath -Raw | ConvertFrom-Json
+$existingWorkbook = $existing.properties.serializedData | ConvertFrom-Json
+
+$existingParameterValues = @{}
+foreach ($item in @($existingWorkbook.items)) {
+    if ($item.type -eq 9 -and $item.content.parameters) {
+        foreach ($parameter in @($item.content.parameters)) {
+            $existingParameterValues[$parameter.name] = $parameter.value
+        }
+    }
+}
+
+foreach ($item in @($sourceWorkbook.items)) {
+    if ($item.type -eq 9 -and $item.content.parameters) {
+        foreach ($parameter in @($item.content.parameters)) {
+            if ($existingParameterValues.ContainsKey($parameter.name)) {
+                $parameter.value = $existingParameterValues[$parameter.name]
+            }
+        }
+    }
+}
+
+$existing.properties.serializedData = $sourceWorkbook | ConvertTo-Json -Depth 100 -Compress
+
+$bodyFile = New-TemporaryFile
+try {
+    $body = $existing | ConvertTo-Json -Depth 100 -Compress
+    Set-Content -Path $bodyFile -Value $body -Encoding UTF8 -NoNewline
+    az rest --method put --uri "${workbookId}?api-version=2022-04-01" --headers 'Content-Type=application/json' --body "@$($bodyFile.FullName)" | Out-Null
+    Write-Host "Workbook updated: $workbookId" -ForegroundColor Green
+}
+finally {
+    Remove-Item $bodyFile -ErrorAction SilentlyContinue
+}
diff --git a/samples/inference-failover/verify-llm-ingestion.kql b/samples/inference-failover/verify-llm-ingestion.kql
new file mode 100644
index 00000000..26b00b88
--- /dev/null
+++ b/samples/inference-failover/verify-llm-ingestion.kql
@@ -0,0 +1,19 @@
+// Confirms that AOAI-only gateway and token logs are reaching Log Analytics.
+//
+// Parameters (prepend as KQL 'let' bindings before running):
+//   let timeWindow = 30m;
+//   let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+//
+let requests = ApiManagementGatewayLogs
+| where TimeGenerated > ago(timeWindow)
+| where ApiId in~ (apiIds)
+| summarize RequestRows = count(), SuccessfulRequests = countif(ResponseCode between (200 .. 299)), UnavailableResponses = countif(ResponseCode == 503);
+let tokens = ApiManagementGatewayLlmLog
+| where TimeGenerated > ago(timeWindow)
+| where TotalTokens > 0
+| summarize TokenRows = dcount(CorrelationId), TotalTokens = sum(TotalTokens);
+requests
+| extend JoinKey = 1
+| join kind=inner (tokens | extend JoinKey = 1) on JoinKey
+| project RequestRows, SuccessfulRequests, UnavailableResponses, TokenRows, TotalTokens
+| where RequestRows > 0 and TokenRows > 0
diff --git a/samples/load-balancing/aca-backend-pool-load-balancing-with-retry-tracked.xml b/samples/load-balancing/aca-backend-pool-load-balancing-with-retry-tracked.xml
index 28f08228..e961dfb1 100644
--- a/samples/load-balancing/aca-backend-pool-load-balancing-with-retry-tracked.xml
+++ b/samples/load-balancing/aca-backend-pool-load-balancing-with-retry-tracked.xml
@@ -19,12 +19,12 @@
         <retry count="{retry_count}" interval="0" first-fast-retry="true" condition="@(context.Response.StatusCode == 429 || context.Response.StatusCode == 503)">
             <forward-request buffer-request-body="true" />
             <choose>
-                <when condition="@((context.Response.StatusCode == 429 || context.Response.StatusCode == 503) && context.Response.Headers.ContainsKey("Retry-After"))">
+                <when condition="@((context.Response.StatusCode == 429 || context.Response.StatusCode == 503) &amp;&amp; context.Response.Headers.ContainsKey('Retry-After'))">
                     <cache-lookup-value key="lb-retry-min-{cache_key}" variable-name="cachedRetryEpoch" />
                     <set-variable name="updatedRetryEpoch" value="@{{
                         // Parse the Retry-After header value as an integer number of seconds
                         int seconds;
-                        var raHeader = context.Response.Headers.GetValueOrDefault("Retry-After", "0");
+                        var raHeader = context.Response.Headers.GetValueOrDefault('Retry-After', '0');
                         if (!int.TryParse(raHeader, out seconds)) {{ seconds = 0; }}
 
                         // Calculate the candidate epoch time based on the Retry-After header
@@ -37,10 +37,10 @@
                         // epoch permanently in the past and the on-error block always emits Retry-After: 0,
                         // even when the pool is actually exhausted again.
                         long cachedEpoch;
-                        var cached = context.Variables.ContainsKey("cachedRetryEpoch") ? context.Variables["cachedRetryEpoch"] as string : null;
-                        return (long.TryParse(cached, out cachedEpoch) && cachedEpoch > nowEpoch && cachedEpoch < candidateEpoch) ? cachedEpoch.ToString() : candidateEpoch.ToString();
+                        var cached = context.Variables.ContainsKey('cachedRetryEpoch') ? context.Variables['cachedRetryEpoch'] as string : null;
+                        return (long.TryParse(cached, out cachedEpoch) &amp;&amp; cachedEpoch &gt; nowEpoch &amp;&amp; cachedEpoch &lt; candidateEpoch) ? cachedEpoch.ToString() : candidateEpoch.ToString();
                     }}" />
-                    <cache-store-value key="lb-retry-min-{cache_key}" value="@((string)context.Variables["updatedRetryEpoch"])" duration="300" />
+                    <cache-store-value key="lb-retry-min-{cache_key}" value="@((string)context.Variables['updatedRetryEpoch'])" duration="300" />
                 </when>
             </choose>
         </retry>
diff --git a/tests/Test-Matrix.md b/tests/Test-Matrix.md
index 675ac161..dbc1829b 100644
--- a/tests/Test-Matrix.md
+++ b/tests/Test-Matrix.md
@@ -1,17 +1,19 @@
-## APIM Samples Test Matrix
+# APIM Samples Test Matrix
 
 **Date / time**: __________________
 
-| Sample / Infrastructure     | SIMPLE APIM                 | APIM ACA                    | AFD APIM PE                 | App Gateway APIM ACA        | App Gateway APIM PE         |
-|:----------------------------|-----------------------------|-----------------------------|-----------------------------|-----------------------------|-----------------------------|
-| **INFRASTRUCTURE**          | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **authX**                   | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **authX-pro**               | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **azure-maps**              | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **costin**                  | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **dynamic-cors**            | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **general**                 | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **load-balancing**          | **N/A**                     | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **oauth-3rd-party**         | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **secure-blob-access**      | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
-| **INFRASTRUCTURE clean-up** | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container | ▢ Local<br>▢ Dev Container |
+| Sample / Infrastructure | Simple APIM | APIM ACA | AFD APIM PE | App Gateway APIM ACA | App Gateway APIM PE |
+| :--- | :--- | :--- | :--- | :--- | :--- |
+| **INFRASTRUCTURE** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **authX** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **authX-pro** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **azure-maps** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **costing** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **dynamic-cors** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **egress-control** | N/A | N/A | N/A | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **general** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **inference-failover** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **load-balancing** | N/A | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **oauth-3rd-party** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **secure-blob-access** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
+| **INFRASTRUCTURE clean-up** | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] | Local [ ] / Dev Container [ ] |
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
new file mode 100644
index 00000000..da37b0e4
--- /dev/null
+++ b/tests/python/test_inference_failover.py
@@ -0,0 +1,159 @@
+"""Regression tests for the AOAI-only Inference Failover sample assets."""
+
+import json
+from pathlib import Path
+from xml.etree import ElementTree
+
+SAMPLE_PATH = Path(__file__).resolve().parents[2] / 'samples' / 'inference-failover'
+SIMPLE_APIM_BICEP_PATH = Path(__file__).resolve().parents[2] / 'infrastructure' / 'simple-apim' / 'main.bicep'
+BICEP_PATH = SAMPLE_PATH / 'main.bicep'
+NOTEBOOK_PATH = SAMPLE_PATH / 'create.ipynb'
+POLICY_PATH = SAMPLE_PATH / 'inference-api-policy.xml'
+WORKBOOK_PATH = SAMPLE_PATH / 'inference-failover.workbook.json'
+WORKBOOK_UPDATE_PATH = SAMPLE_PATH / 'update-workbook.ps1'
+KQL_PATHS = [
+    SAMPLE_PATH / 'backend-distribution.kql',
+    SAMPLE_PATH / 'failover-outcomes.kql',
+    SAMPLE_PATH / 'token-throughput.kql',
+    SAMPLE_PATH / 'verify-llm-ingestion.kql',
+]
+EXPECTED_BACKENDS = {
+    'gpt-5-1-PTU-eastus2',
+    'gpt-5-1-PAYGO-eastus2',
+    'gpt-5-1-PTU-westus3',
+    'gpt-5-1-PAYGO-westus3',
+    'gpt-5-1-PAYGO-southcentralus',
+    'gpt-4-1-mini-PTU-eastus2',
+    'gpt-4-1-mini-PAYGO-eastus2',
+    'gpt-4-1-mini-PTU-westus3',
+    'gpt-4-1-mini-PAYGO-southcentralus',
+}
+
+
+def _load_workbook() -> dict:
+    """Read and parse the failover workbook source."""
+    return json.loads(WORKBOOK_PATH.read_text(encoding='utf-8'))
+
+
+def _collect_item_names(items: list[dict]) -> set[str]:
+    """Collect workbook item names recursively from nested tab groups."""
+    names = {item['name'] for item in items if item.get('name')}
+    for item in items:
+        names.update(_collect_item_names(item.get('content', {}).get('items', [])))
+    return names
+
+
+def test_inference_failover_workbook_is_aoai_only_and_query_backed() -> None:
+    """Keep the workbook focused on inference telemetry rather than cost/showback features."""
+    workbook = _load_workbook()
+    serialized = json.dumps(workbook).lower()
+    item_names = _collect_item_names(workbook['items'])
+
+    assert workbook['$schema'].endswith('/schema/workbook.json')
+    assert 'query - outcome-summary' in item_names
+    assert 'query - backend-distribution' in item_names
+    assert 'query - token-throughput' in item_names
+    assert 'query - backend-latency-trend' in item_names
+    assert 'apimanagementgatewayllmlog' in serialized
+    assert 'cost export' not in serialized
+    assert 'business unit' not in serialized
+    assert 'budget' not in serialized
+
+
+def test_inference_failover_kql_queries_scope_to_ai_gateway_signals() -> None:
+    """Ensure focused KQL query files remain available and tied to AI telemetry tables."""
+    query_text = '\n'.join(path.read_text(encoding='utf-8') for path in KQL_PATHS)
+
+    assert all(path.exists() for path in KQL_PATHS)
+    assert 'ApiManagementGatewayLogs' in query_text
+    assert 'ApiManagementGatewayLlmLog' in query_text
+    assert 'inference-gpt-5-1' in query_text
+    assert 'inference-gpt-4-1-mini' in query_text
+    assert 'CostManagement' not in query_text
+
+
+def test_inference_policies_use_managed_identity_retries_and_generic_terminal_error() -> None:
+    """Protect managed identity routing and the non-disclosing terminal response contract."""
+    api_policy = POLICY_PATH.read_text(encoding='utf-8')
+    policy_root = ElementTree.fromstring(api_policy)
+    backend = policy_root.find('backend')
+
+    assert backend is not None
+    assert [policy.tag for policy in backend] == ['retry']
+    assert 'authentication-managed-identity' in api_policy
+    assert 'https://cognitiveservices.azure.com' in api_policy
+    assert 'count="RETRY_COUNT"' in api_policy
+    assert 'api-key' not in api_policy
+    assert 'StatusCode == 429' in api_policy
+    assert 'StatusCode == 503' in api_policy
+    assert 'interval="1"' in api_policy
+    assert 'interval="0"' not in api_policy
+    assert 'buffer-request-body="true"' in api_policy
+    assert 'Inference service is temporarily unavailable.' in api_policy
+    assert 'BackendId' not in api_policy
+
+
+def test_inference_bicep_contains_only_compatible_model_backend_pools() -> None:
+    """Check the model deployment constellation, pool scope, and circuit breaker contract."""
+    bicep = BICEP_PATH.read_text(encoding='utf-8')
+    single_quote = chr(39)
+
+    assert all(backend in bicep for backend in EXPECTED_BACKENDS)
+    assert bicep.count(f'modelName: {single_quote}gpt-5.1{single_quote}') == 5
+    assert bicep.count(f'modelName: {single_quote}gpt-4.1-mini{single_quote}') == 4
+    assert 'capacity: 1' in bicep
+    assert f'name: {single_quote}Standard{single_quote}' in bicep
+    assert 'acceptRetryAfter: true' in bicep
+    assert 'min: 429' in bicep
+    assert 'min: 503' in bicep
+    assert 'enableLlmLogs: true' in bicep
+    assert f'backendPoolName: {single_quote}inference-gpt-5-1-pool{single_quote}' in bicep
+    assert f'backendPoolName: {single_quote}inference-gpt-4-1-mini-pool{single_quote}' in bicep
+    assert "name: 'gpt-5-1-PTU-westus3'\n        priority: 2" in bicep
+    assert "name: 'gpt-5-1-PAYGO-eastus2'\n        priority: 3" in bicep
+    assert "name: 'gpt-4-1-mini-PTU-westus3'\n        priority: 2" in bicep
+    assert "name: 'gpt-4-1-mini-PAYGO-eastus2'\n        priority: 3" in bicep
+    backend_declaration_order = [
+        'gpt-5-1-PTU-eastus2',
+        'gpt-5-1-PTU-westus3',
+        'gpt-5-1-PAYGO-eastus2',
+        'gpt-5-1-PAYGO-westus3',
+        'gpt-5-1-PAYGO-southcentralus',
+        'gpt-4-1-mini-PTU-eastus2',
+        'gpt-4-1-mini-PTU-westus3',
+        'gpt-4-1-mini-PAYGO-eastus2',
+        'gpt-4-1-mini-PAYGO-southcentralus',
+    ]
+    declaration_offsets = [bicep.index(f"backendName: '{backend}'") for backend in backend_declaration_order]
+    assert declaration_offsets == sorted(declaration_offsets)
+
+
+def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
+    """Retain the intended first-run experience and output-free checked-in notebook."""
+    notebook = json.loads(NOTEBOOK_PATH.read_text(encoding='utf-8'))
+    code_cells = [cell for cell in notebook['cells'] if cell['cell_type'] == 'code']
+    code_source = '\n'.join(''.join(cell['source']) for cell in code_cells)
+
+    assert all(not cell['outputs'] for cell in code_cells)
+    assert 'index = 1' in ''.join(code_cells[0]['source'])
+    assert 'deployment = INFRASTRUCTURE.SIMPLE_APIM' in code_source
+    assert "response.headers.get('X-Backend-URL', '')" in code_source
+    assert 'X-Backend-Id' not in code_source
+    assert 'plt.show()' in code_source
+    assert 'Route Graph' in '\n'.join(''.join(cell['source']) for cell in notebook['cells'])
+
+
+def test_simple_apim_exposes_backend_url_for_learning_by_default() -> None:
+    """Keep the default infrastructure consistent with the learn-only routing test harness."""
+    bicep = SIMPLE_APIM_BICEP_PATH.read_text(encoding='utf-8')
+
+    assert 'param revealBackendApiInfo bool = true' in bicep
+    assert "revealBackendApiInfo ? loadTextContent('../../shared/apim-policies/all-apis-reveal-backend.xml')" in bicep
+
+
+def test_inference_workbook_update_preserves_live_parameter_values() -> None:
+    """Keep portal-edited workbook parameters intact when source visuals are republished."""
+    update_script = WORKBOOK_UPDATE_PATH.read_text(encoding='utf-8')
+
+    assert '$existingParameterValues' in update_script
+    assert '$parameter.value = $existingParameterValues[$parameter.name]' in update_script

From 6b240375459af4589e663d15672f728cb716ae5f Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Tue, 2 Jun 2026 16:10:39 -0400
Subject: [PATCH 02/31] Improved APIM policies, testing, and reporting

---
 .github/agents/apim-sample-publisher.agent.md |  93 ++
 .github/markdown.instructions.md              |  56 +-
 .vscode/README.md                             |   4 +-
 AGENTS.md                                     |  11 +-
 README.md                                     |  79 +-
 docs/README.md                                |   4 +-
 samples/inference-failover/README.md          |  64 +-
 samples/inference-failover/create.ipynb       | 844 +++++++++++++++---
 .../inference-failover/failover-outcomes.kql  |  12 -
 .../inference-api-policy.xml                  |  38 +
 .../inference-failover.workbook.json          | 226 ++++-
 samples/inference-failover/main.bicep         | 134 ++-
 samples/inference-failover/queries/README.md  |  76 ++
 .../{ => queries}/backend-distribution.kql    |   6 +-
 .../queries/failover-outcomes.kql             |  22 +
 .../queries/failure-analysis.kql              |  31 +
 .../queries/llm-telemetry-coverage.kql        |  38 +
 .../queries/request-details.kql               |  66 ++
 .../{ => queries}/token-throughput.kql        |   4 +-
 .../{ => queries}/verify-llm-ingestion.kql    |   0
 samples/load-balancing/main.bicep             |   5 +
 shared/bicep/modules/apim/v1/backend.bicep    |  82 +-
 .../bicep/modules/apim/v1/diagnostics.bicep   |  26 +-
 shared/python/apimtesting.py                  |  15 +-
 shared/python/charts.py                       | 101 ++-
 shared/python/htmlreport.py                   | 229 +++++
 tests/python/test_apimtesting.py              |  23 +-
 tests/python/test_charts.py                   |  90 ++
 tests/python/test_htmlreport.py               |  79 ++
 tests/python/test_inference_failover.py       | 149 +++-
 30 files changed, 2312 insertions(+), 295 deletions(-)
 create mode 100644 .github/agents/apim-sample-publisher.agent.md
 delete mode 100644 samples/inference-failover/failover-outcomes.kql
 create mode 100644 samples/inference-failover/queries/README.md
 rename samples/inference-failover/{ => queries}/backend-distribution.kql (66%)
 create mode 100644 samples/inference-failover/queries/failover-outcomes.kql
 create mode 100644 samples/inference-failover/queries/failure-analysis.kql
 create mode 100644 samples/inference-failover/queries/llm-telemetry-coverage.kql
 create mode 100644 samples/inference-failover/queries/request-details.kql
 rename samples/inference-failover/{ => queries}/token-throughput.kql (83%)
 rename samples/inference-failover/{ => queries}/verify-llm-ingestion.kql (100%)
 create mode 100644 shared/python/htmlreport.py
 create mode 100644 tests/python/test_htmlreport.py

diff --git a/.github/agents/apim-sample-publisher.agent.md b/.github/agents/apim-sample-publisher.agent.md
new file mode 100644
index 00000000..31b4176e
--- /dev/null
+++ b/.github/agents/apim-sample-publisher.agent.md
@@ -0,0 +1,93 @@
+---
+name: APIM Sample Publisher
+description: "Use when publishing, finalizing, or preparing an APIM Samples sample for review or release. Synchronizes READMEs, docs/index.html website cards, SEO metadata and JSON-LD, the pitch deck or slideshow, compatibility artifacts, and runs final linting, unit tests, presentation export, and publication-readiness checks."
+tools: [read, search, edit, execute, todo]
+argument-hint: "Describe the sample to publish, including its folder name and whether it is new, renamed, or updated. Include any known compatibility changes."
+user-invocable: true
+---
+
+You are the specialist for publishing an APIM sample after its implementation is ready for a final quality pass. Your job is to leave the repository buttoned up for review or release: documentation is synchronized, public surfaces and search metadata agree, source artifacts are validated, and any remaining manual checks are explicit.
+
+## Scope
+
+- Finalize an existing sample under `samples/<sample-name>/` for review or publication.
+- Infer the target sample from the user's request and current diff when possible. Ask only when the target or intended compatibility is ambiguous.
+- Treat root documentation, `docs/`, and `assets/` as publication sources. Do not hand-edit generated or staged output such as `build/` or `_site/`.
+- Keep changes focused on the requested sample and its downstream publication surfaces. Preserve unrelated user changes in a dirty worktree.
+
+## Constraints
+
+- Do not invent a canonical display name, supported infrastructure list, or compatibility result.
+- Do not silently broaden the sample scenario while publishing. Report implementation gaps and make only targeted fixes needed for release readiness.
+- Do not commit, push, open a pull request, deploy Azure resources, or publish GitHub Pages unless the user explicitly requests that action.
+- Do not claim that a live Azure scenario passed unless it was actually deployed and exercised.
+
+## Publication Surfaces
+
+Review and update the surfaces that apply to the sample:
+
+1. `samples/<sample-name>/README.md` - Confirm the standard sample README structure, supported infrastructures badge, expected runtime, configuration steps, scenario details, and sample-specific prerequisites.
+2. `README.md` - Keep the sample table entry alphabetized and aligned with the canonical display name, description, and supported infrastructures.
+3. `docs/index.html` - Keep the visible `.sample-card`, SEO metadata, social-card metadata, and JSON-LD `ItemList` entry in sync with the root README. Preserve the static HTML design and do not add executable JavaScript.
+4. `assets/APIM-Samples-Slide-Deck.html` - Update catalog counts, inventory, names, and descriptions wherever the pitch deck or slideshow surfaces the sample. Preserve accessible contrast, non-color-only communication, and readable slide layout.
+5. `tests/Test-Matrix.md` - Add or update the sample compatibility row, using `N/A` for unsupported infrastructures and preserving alphabetical order.
+6. `assets/diagrams/Infrastructure-Sample-Compatibility.svg` - Update the alphabetized sample row when a sample is added, removed, renamed, or changes compatibility. Ensure each infrastructure cell has a clear compatible or incompatible symbol.
+7. `AGENTS.md` - Update the repository structure listing when a new sample folder is added or an existing folder is renamed or removed.
+
+Keep the canonical sample display name identical across public surfaces. If an infrastructure list, architecture SVG, or quick-start flow changed as part of the sample work, also synchronize the related `docs/index.html`, `.github/workflows/github-pages.yml`, and `setup/serve_website.py` mappings described in the repository instructions.
+
+## SEO Pass
+
+Treat search visibility as a publication criterion, not as optional polish. Review the SEO contract in `docs/README.md` and verify the following whenever public website content changes:
+
+1. Keep the `<title>` and primary description in `docs/index.html` concise, descriptive, and front-loaded with relevant Azure API Management terms. Update searchable concepts when a sample adds a meaningful capability, without turning metadata into a keyword list.
+2. Preserve the absolute canonical URL, crawler-facing robots meta tag, Open Graph metadata, Twitter/X card metadata, absolute social image URL, image dimensions, and meaningful image alt text.
+3. Keep the inline JSON-LD `@graph` valid and complete. It must retain the `WebSite`, `SoftwareSourceCode`, and `ItemList` nodes. Update the repository description or keywords when the published catalog gains a material searchable concept.
+4. Keep every JSON-LD `ItemList` entry in lock-step with the visible infrastructure and sample cards. Verify canonical display names, GitHub folder URLs, alphabetical sample order, and contiguous `position` values so search-result sitelinks never advertise stale or missing folders.
+5. Preserve `docs/robots.txt` as a permissive crawler policy with the canonical sitemap URL. Preserve `docs/sitemap.xml` as a valid single-URL sitemap for the GitHub Pages landing page. Do not add a hand-maintained `<lastmod>` value.
+6. Parse the JSON-LD and sitemap after editing. Preview the staged website locally and report the Google Rich Results Test at <https://search.google.com/test/rich-results> as a manual post-publish check when structured data changed.
+
+## Quality Pass
+
+1. Inspect the working-tree diff first. Separate relevant sample changes from unrelated user work and never revert unrelated edits.
+2. Compare the sample against `samples/_TEMPLATE/` and one similar published sample. Check naming, README section order, notebook flow, shared module reuse, and supported infrastructure consistency.
+3. Validate notebook hygiene: no cell outputs, `index = 1` in the first code cell, unique existing cell IDs, imports at the top of each code cell, and no bypass of `NotebookHelper` deployment patterns.
+4. Validate sample-owned structured files. Parse JSON and notebooks, check XML well-formedness, review APIM policy expressions against the allowed policy-expression surface, and compile or lint Bicep when the toolchain is available.
+5. Run the combined Python quality checks from the repository root:
+
+   ```powershell
+   .\tests\python\check_python.ps1
+   ```
+
+   ```bash
+   ./tests/python/check_python.sh
+   ```
+
+6. Export the self-contained presentation and treat warnings about missing images as failures to investigate:
+
+   ```bash
+   uv run python setup/export_presentation.py
+   ```
+
+7. Run the SEO pass when public website content changed. Parse the inline JSON-LD block and `docs/sitemap.xml`, then verify that structured-data entries and visible cards stay synchronized.
+8. Preview the staged website when website or deck content changed. Use `uv run python setup/serve_website.py` and review both the landing page and `/slide-deck.html`. Check desktop and narrow layouts when visual changes are material.
+9. Inspect the final diff after validation. Do not include generated artifacts such as `build/`, `_site/`, coverage files, or lint reports unless the repository intentionally tracks them.
+
+When live Azure validation is relevant but not requested or not available, report the exact notebook scenario and supported infrastructure combinations that remain to be exercised. Do not substitute unit tests for live scenario evidence.
+
+## Approach
+
+1. Confirm or infer the target sample, publication intent, canonical display name, and infrastructure compatibility.
+2. Audit the implementation diff, publication surfaces, and SEO metadata for drift.
+3. Apply the smallest coordinated updates needed across documentation, website, deck, and compatibility artifacts.
+4. Run the applicable automated checks and presentation export.
+5. Report readiness with clear evidence and any manual or live-Azure follow-up still required.
+
+## Output Format
+
+Return a concise publish-readiness report with:
+
+- **Sample**: folder name, canonical display name, and supported infrastructures.
+- **Updated**: source files changed during the publishing pass.
+- **Validated**: commands run and their pass or fail results, including SEO source checks when website content changed.
+- **Remaining**: manual visual checks, live Azure scenarios, or unresolved blockers. State `None` when the sample is ready for review.
diff --git a/.github/markdown.instructions.md b/.github/markdown.instructions.md
index 472b1c6c..d7b39ad5 100644
--- a/.github/markdown.instructions.md
+++ b/.github/markdown.instructions.md
@@ -8,6 +8,14 @@ This document provides standards for Markdown files in the APIM Samples reposito
 
 ## Critical Rules
 
+### Markdownlint Must Pass Before Finalizing
+
+After creating or editing any Markdown file, check the editor diagnostics for every changed `.md` file and resolve all markdownlint warnings before finalizing the work. If the repository adds a Markdown lint command in the future, run it as well.
+
+Do not assume a visually correct preview is lint-clean. Markdownlint also enforces source-level consistency for whitespace, table delimiters, nested list indentation, code-fence languages, inline HTML, and unused link definitions.
+
+Use a narrowly scoped `<!-- markdownlint-disable-next-line RULE -->` comment only when Markdown syntax cannot express the required behavior, such as an intentional `<details>` disclosure. Do not disable a rule for an entire file when a local exception is enough.
+
 ### 🚨 No Emoji Variation Selectors in Markdown Links
 
 **This is the most important rule.** Emoji variation selectors cause rendering and Markdown anchor link failures.
@@ -46,8 +54,18 @@ This document provides standards for Markdown files in the APIM Samples reposito
 - Never use typographic/curly quotes: `'` `'` `"` `"`
 - Improves consistency across editors and platforms
 
+### Blank Lines
+
+- Use exactly one blank line between paragraphs and sections. Do not add multiple consecutive blank lines.
+- Surround headings, tables, lists, and fenced code blocks with a blank line.
+- Add a blank line between introductory text such as `**Windows:**` and the fenced code block that follows it.
+- Keep a blank line between the final table row and any following HTML closing tag or paragraph.
+
 ### Markdown Tables
-**Markdown tables must be column-aligned.** Pad cell values with spaces so that every `|` delimiter in a column lines up vertically.
+
+Use one table style consistently within each table. Always include one space on both sides of each pipe delimiter, including separator rows. Never write compact separators such as `|---|---|`.
+
+**Prefer aligned tables** for short values. Pad cell values with spaces so that every `|` delimiter in a column lines up vertically.
 
 ❌ **WRONG** — misaligned columns:
 ```markdown
@@ -67,6 +85,29 @@ This document provides standards for Markdown files in the APIM Samples reposito
 
 Use the separator row (`---`, `:---:`, `---:`, etc.) to establish column widths, then align all subsequent rows to match.
 
+**Use compact tables** for prose-heavy content when alignment would create very long lines. Keep spaces around every pipe delimiter and use the same compact style for the header, separator, and each row.
+
+```markdown
+| Name | Description |
+| --- | --- |
+| Simple API Management | Public API Management instance for learning and experimentation. |
+| Private Link | Private ingress for security-focused scenarios. |
+```
+
+### Lists
+
+- Surround lists with a blank line.
+- Indent nested unordered list items consistently. Prefer two spaces for each nested level to satisfy `MD007`.
+- Use `1.` for every item in ordered Markdown source. Markdown renderers calculate the visible numbering, and this satisfies the repository's `MD029` style.
+- If an established formatter forces a different nested indentation style, use the smallest possible scoped markdownlint annotation and keep the list internally consistent.
+
+### Inline HTML
+
+- Prefer native Markdown syntax over inline HTML whenever Markdown can express the same result.
+- Use Markdown image syntax instead of `<img>` tags.
+- Use inline HTML only when it adds behavior Markdown does not provide, such as `<details>` disclosures.
+- Add `<!-- markdownlint-disable-next-line MD033 -->` immediately before an intentional inline HTML opening tag. Keep the exception local.
+
 ### File Links
 
 When referencing files or line numbers in documentation:
@@ -179,13 +220,14 @@ Structured guides for domain-specific tasks (Bicep, Python policies, sample crea
 ### Emphasis
 
 - Use `**bold**` for emphasis and strong concepts
-- Use `*italic*` for variables or placeholders
+- Use `_italic_` for variables or placeholders to satisfy the repository's `MD049` style
 - Use `code` (backticks) for symbols, filenames, and technical terms
 - Use blockquotes `>` for notes, tips, and callouts
 
 ### Cross-References
 
 - Use reference-style links at the bottom for multiple references to the same target
+- Remove reference-style link definitions when their final usage is removed. Unused definitions fail `MD053`.
 - Example:
   ```markdown
   See the [setup guide][setup] and [troubleshooting][troubleshooting] pages.
@@ -210,11 +252,14 @@ Structured guides for domain-specific tasks (Bicep, Python policies, sample crea
 
 - Provide meaningful `alt` text for all images and diagrams
 - Alt text should describe the image purpose, not just say "screenshot" or "diagram"
+- Use native Markdown image syntax instead of inline HTML: `![alt text](path/to/image.png "Optional title")`
 - Example: `![Deployment workflow showing resource dependencies](images/deployment.png)`
 
 ### Code Blocks
 
 - Use language tags for syntax highlighting: ` ```python `, ` ```bicep `, ` ```json `
+- Use `text` for plain terminal output, menu choices, and other non-code examples
+- Surround every fenced code block with blank lines
 - Include enough context in code examples that they're self-explanatory
 
 ---
@@ -224,7 +269,12 @@ Structured guides for domain-specific tasks (Bicep, Python policies, sample crea
 | Issue | Cause | Fix |
 | --- | --- | --- |
 | Anchor links break | Emoji in heading + encoded in link | Remove emoji from link reference: `[text](#heading-only)` |
-| Tables misaligned | Inconsistent column widths | Pad cells with spaces to align `\|` delimiters |
+| Tables misaligned | Mixed table styles or missing spaces around pipes | Use one consistent aligned or compact style and write separator rows as `\| --- \| --- \|` |
+| Sections run together | Missing or repeated blank lines | Use exactly one blank line around headings, tables, lists, and fences |
+| Code fence warning | Missing fence language | Add the appropriate language, or use `text` for plain output |
+| List indentation warning | Inconsistent nesting or ordered prefixes | Use two spaces per unordered nesting level and `1.` for ordered items |
+| Inline HTML warning | HTML used where Markdown is sufficient | Prefer native Markdown; add a local `MD033` exception only for required HTML behavior |
+| Unused reference warning | Link definition remains after its final usage was removed | Delete the unused reference definition |
 | File links broken | Wrong path or encoded characters | Use relative paths, encode spaces: `My%20File.md` |
 | Symbols not highlighted | Missing backticks | Wrap in backticks: `symbolName` |
 | Line ending issues | Mixed CRLF/LF | Ensure all `.md` files use LF only |
diff --git a/.vscode/README.md b/.vscode/README.md
index 54634449..85433c72 100644
--- a/.vscode/README.md
+++ b/.vscode/README.md
@@ -1,7 +1,5 @@
-## Fixing Pylance unresolved import warnings
+# Fixing Pylance unresolved import warnings
 
 Follow [this documentation][pylance-troubleshooting].
 
-
-
 [pylance-troubleshooting]: https://github.com/microsoft/pylance-release/blob/main/TROUBLESHOOTING.md#unresolved-import-warnings
diff --git a/AGENTS.md b/AGENTS.md
index f0993c92..843e114c 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -83,9 +83,10 @@ Use these skills for specialized tasks. Skills are located in `.github/skills/`.
 
 Use these custom agents for focused repository workflows. Agents are located in `.github/agents/`.
 
-| Agent                   | When to Use                                                                                                                                                 |
-| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **APIM Sample Creator** | Adding a new sample, gathering missing sample metadata, scaffolding from `_TEMPLATE`, and updating README, website, slide deck, and compatibility artifacts |
+| Agent                       | When to Use                                                                                                                                                        |
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| **APIM Sample Creator**     | Adding a new sample, gathering missing sample metadata, scaffolding from `_TEMPLATE`, and updating README, website, slide deck, and compatibility artifacts        |
+| **APIM Sample Publisher**   | Finalizing an implemented sample for review or release by synchronizing READMEs, website, SEO, slide deck, compatibility artifacts, and quality checks             |
 
 ### How to Use Skills
 
@@ -124,6 +125,10 @@ Skills provide templates, patterns, and step-by-step workflows.
 - Keep sample display names consistent across README tables, the website, the slide deck, and compatibility artifacts.
 - If a broadly useful improvement is discovered while creating a sample, suggest updating `samples/_TEMPLATE` so future samples inherit it.
 
+## Publishing a Sample
+
+Use `.github/agents/apim-sample-publisher.agent.md` after sample implementation is ready for a final quality pass. The publisher agent checks the working-tree diff, synchronizes README, website, SEO metadata and structured data, slideshow, matrix, and compatibility-diagram surfaces, runs the applicable linting and unit tests, exports the presentation, and reports any manual or live-Azure verification that remains.
+
 ### Sample Naming Conventions
 
 - **Folder**: kebab-case (e.g., `oauth-validation`, `rate-limiting`)
diff --git a/README.md b/README.md
index 9152e9d6..fe120f03 100644
--- a/README.md
+++ b/README.md
@@ -14,14 +14,12 @@ Historically, there were two general paths to experimenting with APIM: Standing
 
 💡 **_APIM Samples_ is _neither too much nor too little_. It is _just right_!**
 
-
 ## 🎯 Objectives
 
 1. Educate on common APIM architectures we see across industries and customers.
 1. Empower to safely experiment with APIM policies.
 1. Provide high-fidelity building blocks to further your APIM integration efforts.
 
-
 ## 🚀 Getting Started
 
 It's quick and easy to get started!
@@ -44,22 +42,24 @@ It's quick and easy to get started!
 
 > 💡 **First time?** Start with the [Simple API Management][infra-simple-apim] infrastructure and the [General][sample-general] sample. It takes ~5 minutes to deploy and costs ~$1-2/hour to run.
 
-
 ## 📁 List of Infrastructures
 
+<!-- markdownlint-disable-next-line MD033 -->
 <details open>
 
-| Infrastructure Name                                                | Description                                                                                                                                                           |
-|:-------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| [API Management & Container Apps][infra-apim-aca]                  | APIs are often implemented in containers running in **Azure Container Apps**. This architecture accesses the container apps publicly. It's beneficial to test both APIM and container app URLs to contrast and compare experiences of API calls through and bypassing APIM. It is not intended to be a security baseline.    |
-| [Application Gateway (Private Link) & API Management & Container Apps][infra-appgw-apim-pe]  | **A secure implementation of Azure Application Gateway connecting to APIM via Private Link integration!** Once traffic traverses App Gateway, it reaches APIM through a private endpoint in the VNet's private endpoint subnet. The connection from APIM to Container Apps is secured through VNet integration (and could also use Private Link). APIM Standard V2 is used here to accept the private link connection from App Gateway. |
+| Infrastructure Name | Description |
+| :--- | :--- |
+| [API Management & Container Apps][infra-apim-aca] | APIs are often implemented in containers running in **Azure Container Apps**. This architecture accesses the container apps publicly. It's beneficial to test both APIM and container app URLs to contrast and compare experiences of API calls through and bypassing APIM. It is not intended to be a security baseline. |
+| [Application Gateway (Private Link) & API Management & Container Apps][infra-appgw-apim-pe] | **A secure implementation of Azure Application Gateway connecting to APIM via Private Link integration!** Once traffic traverses App Gateway, it reaches APIM through a private endpoint in the VNet's private endpoint subnet. The connection from APIM to Container Apps is secured through VNet integration (and could also use Private Link). APIM Standard V2 is used here to accept the private link connection from App Gateway. |
 | [Application Gateway (VNet) & API Management & Container Apps][infra-appgw-apim] | Full VNet injection of APIM and ACA! APIM is shielded from any type of traffic unless it comes through App Gateway. This offers maximum isolation for instances in which customers seek VNet injection. |
-| [Front Door & API Management & Container Apps][infra-afd-apim-pe]  | **A secure implementation of Azure Front Door connecting to APIM via Private Link integration!** This traffic, once it traverses through Front Door, rides entirely on Microsoft-owned and operated networks. The connection from APIM to Container Apps is secured through VNet integration (and could also use Private Link). **APIM Standard V2** is used here to accept the private link connection from Front Door. |
-| [Simple API Management][infra-simple-apim]                         | **Just the basics with a publicly accessible API Management instance** fronting your APIs. This is the innermost way to experience and experiment with the APIM policies. |
+| [Front Door & API Management & Container Apps][infra-afd-apim-pe] | **A secure implementation of Azure Front Door connecting to APIM via Private Link integration!** This traffic, once it traverses through Front Door, rides entirely on Microsoft-owned and operated networks. The connection from APIM to Container Apps is secured through VNet integration (and could also use Private Link). **APIM Standard V2** is used here to accept the private link connection from Front Door. |
+| [Simple API Management][infra-simple-apim] | **Just the basics with a publicly accessible API Management instance** fronting your APIs. This is the innermost way to experience and experiment with the APIM policies. |
+
 </details>
 
 ## 📁 List of Samples
 
+<!-- markdownlint-disable-next-line MD033 -->
 <details open>
 
 | Sample Name | Description | Supported Infrastructure(s) |
@@ -82,32 +82,34 @@ It's quick and easy to get started!
 
 Most samples work with all infrastructures, making this a truly _à la carte_ experience. The diagrams below show which samples are compatible with which infrastructures, and which APIM SKUs each infrastructure supports.
 
-<img src="./assets/diagrams/Infrastructure-Sample-Compatibility.svg" alt="Infrastructure and Sample Compatibility Matrix" title="Infrastructure and Sample Compatibility Matrix" />
-
-<img src="./assets/diagrams/Infrastructure-SKU-Compatibility.svg" alt="Infrastructure and SKU Compatibility Matrix" title="Infrastructure and SKU Compatibility Matrix" />
+![Infrastructure and Sample Compatibility Matrix](./assets/diagrams/Infrastructure-Sample-Compatibility.svg "Infrastructure and Sample Compatibility Matrix")
 
+![Infrastructure and SKU Compatibility Matrix](./assets/diagrams/Infrastructure-SKU-Compatibility.svg "Infrastructure and SKU Compatibility Matrix")
 
 ## 🧰 APIM Samples Developer CLI
 
 Use the interactive APIM Samples Developer CLI to verify setup, run tests, and manage your development workflow:
 
 **Windows:**
+
 ```powershell
 .\start.ps1
 ```
 
 **macOS / Linux:**
+
 ```bash
 ./start.sh
 ```
 
 This menu-driven interface provides quick access to:
+
 - **Setup**: Complete environment setup, Azure CLI login, and update & sync `uv` dependencies (refresh `uv.lock`)
 - **Verify**: Show Azure account info, list soft-deleted resources, and list deployed infrastructures
 - **Tests**: Run ruff, pytest, and full Python checks
 - **Presentation**: Serve the slide deck in a browser or export a self-contained HTML copy
 
-<img src="./assets/dev-cli-lint-test-results.png" alt="APIM Samples Developer CLI showing final linting, test, and code coverage results" title="APIM Samples Developer CLI Final Results" />
+![APIM Samples Developer CLI showing final linting, test, and code coverage results](./assets/dev-cli-lint-test-results.png "APIM Samples Developer CLI Final Results")
 
 > The _APIM Samples Developer CLI_ is not synonomous with the _Azure Developer CLI_. These are two separate CLIs.
 
@@ -157,20 +159,21 @@ This writes the output to `build/APIM-Samples-Slide-Deck.html`.
 APIM Samples supports two setup options:
 
 ### Option 1: GitHub Codespaces / Dev Container (Recommended for First-Time Users)
+
+<!-- markdownlint-disable-next-line MD033 -->
 <details>
-<br/>
 
 [![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/Azure-Samples/Apim-Samples?devcontainer_path=.devcontainer%2Fpython314%2Fdevcontainer.json)
 
-**The fastest way to get started is using our pre-configured development environment. Just click the *Open in GitHub Codespaces* button above!** Everything is pre-installed and configured—just sign in to Azure and you're ready to go.
+**The fastest way to get started is using our pre-configured development environment. Just click the _Open in GitHub Codespaces_ button above!** Everything is pre-installed and configured—just sign in to Azure and you're ready to go.
 
 This is especially helpful if you're new to APIM, unfamiliar with Python environments, or want to avoid local setup complexity. **The entire setup typically takes 2-3 minutes.**
 
-**GitHub Codespaces**: You can also go through the menu by clicking the green "Code" button → "Codespaces" → "..." → "New with options..." → "Dev container configuration" (select Python version but ignore *Default project configuration*) → "Create codespace"
+**GitHub Codespaces**: You can also go through the menu by clicking the green "Code" button → "Codespaces" → "..." → "New with options..." → "Dev container configuration" (select Python version but ignore _Default project configuration_) → "Create codespace"
 
 📖 **For detailed setup information, troubleshooting, and optimization details, see [Codespaces Quickstart](.devcontainer/CODESPACES-QUICKSTART.md) and [Dev Container Documentation](.devcontainer/README.md)**
 
-<img src="./assets/codespaces-python-configurations.png" alt="Codespaces configuration selector for various supposed Python versions" title="Codespaces configuration selector" />
+![Codespaces configuration selector for various supposed Python versions](./assets/codespaces-python-configurations.png "Codespaces configuration selector")
 
 **VS Code Dev Containers**: Alternatively, you can run the dev container locally by installing the [Dev Containers extension][vscode-devcontainers], then selecting "Reopen in Container".
 
@@ -191,20 +194,24 @@ All prerequisites are automatically installed and configured.
 </details>
 
 ### Option 2: Full Local Setup
+
+<!-- markdownlint-disable-next-line MD033 -->
 <details>
 
 #### 📋 Prerequisites
 
 These prerequisites apply broadly across all infrastructure and samples. If there are specific deviations, expect them to be noted there.
 
+<!-- markdownlint-disable MD005 MD007 -->
+
 - [Python][python] **3.12, 3.13, and 3.14 are all supported**
-- **uv** (https://docs.astral.sh/uv/) - Fast Python package manager
-   - Install uv:
-      - **Windows**: `winget install --id=astral-sh.uv -e` or `scoop install uv`
-      - **macOS**: `brew install uv` or `curl -LsSf https://astral.sh/uv/install.sh | sh`
-      - **Linux**: `curl -LsSf https://astral.sh/uv/install.sh | sh`
-   - If needed, restart VS Code for path to become effective.
-   - Verify: `uv --version`
+- **[uv](https://docs.astral.sh/uv/)** - Fast Python package manager
+   - Install uv with one of these commands:
+      - **Windows**: `winget install --id=astral-sh.uv -e` or `scoop install uv`.
+      - **macOS**: `brew install uv` or `curl -LsSf https://astral.sh/uv/install.sh | sh`.
+      - **Linux**: `curl -LsSf https://astral.sh/uv/install.sh | sh`.
+   - If needed, restart VS Code for the path change to become effective.
+   - Verify the installation: `uv --version`
 - [VS Code][vscode] installed with the [Jupyter notebook extension][vscode-jupyter] enabled
 - [Azure CLI][azure-cli-install] installed
 - [Azure Bicep][azure-bicep-install] installed
@@ -213,7 +220,9 @@ These prerequisites apply broadly across all infrastructure and samples. If ther
   - To log in to a specific tenant: `az login --tenant <your-tenant-id-or-domain>`
   - To set a specific subscription: `az account set --subscription <your-subscription-id-or-name>`
   - To verify your current context: `az account show`
-   - See the [Azure CLI authentication guide][azure-cli-auth] for more options
+   - For more options, see the [Azure CLI authentication guide][azure-cli-auth].
+
+<!-- markdownlint-enable MD005 MD007 -->
 
 #### Manual Local Setup
 
@@ -228,9 +237,9 @@ These prerequisites apply broadly across all infrastructure and samples. If ther
 
    Alternatively, you can use VS Code: Ctrl+Shift+P → "Python: Create Environment" → "Venv" → Select Python version → name: .venv. Then run `uv sync` to install dependencies.
 1. **Complete Environment Setup**: Open a terminal and start the [APIM Samples Developer CLI](#-apim-samples-developer-cli), then select `Complete environment setup`.
-3. **Restart VS Code** to apply all settings
-4. **Sign in to Azure**: `az login --tenant <your-tenant-id>` and `az account set --subscription <your-subscription>`
-5. **Verify local setup**: Start the APIM Samples Developer CLI, then select `Verify local setup`.
+1. **Restart VS Code** to apply all settings
+1. **Sign in to Azure**: `az login --tenant <your-tenant-id>` and `az account set --subscription <your-subscription>`
+1. **Verify local setup**: Start the APIM Samples Developer CLI, then select `Verify local setup`.
 
 The first time you run a Jupyter notebook, you may be asked to install the Jupyter kernel package (ipykernel) if not already available.
 When you open any `.ipynb` notebook, it will automatically use the correct kernel and all imports will work seamlessly.
@@ -246,15 +255,17 @@ When you open any `.ipynb` notebook, it will automatically use the correct kerne
 
 Now that infrastructure and sample have been stood up, you can experiment with the policies, make requests against APIM, etc.
 
-
 ## 🔎 Logging and Output
 
 The Python helpers in this repo use standard-library `logging`, empowering you to control verbosity via environment variables in the root `.env` file. This file is created via the APIM Samples Developer CLI.
 
+<!-- markdownlint-disable MD007 -->
+
 - `APIM_SAMPLES_LOG_LEVEL`: Controls the overall verbosity (`DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`). Default: `INFO`.
-   - When set to `DEBUG`, the Azure CLI runner in [shared/python/azure_resources.py](shared/python/azure_resources.py) will also add `--debug` to simple `az ...` commands.
+   - If set to `DEBUG`, the Azure CLI runner in [shared/python/azure_resources.py](shared/python/azure_resources.py) will also add `--debug` to simple `az ...` commands.
 - `APIM_SAMPLES_CONSOLE_WIDTH`: Optional wrap width for long lines (defaults to `120`).
 
+<!-- markdownlint-enable MD007 -->
 
 ## Troubleshooting
 
@@ -268,7 +279,6 @@ Encountering issues? Check our comprehensive **[Troubleshooting Guide][troublesh
 
 For immediate help with common errors, diagnostic commands, and step-by-step solutions, see **[TROUBLESHOOTING.md][troubleshooting]**.
 
-
 ## 📂 Repo Structure
 
 ### 🦅 High-level
@@ -320,7 +330,6 @@ Adding a new sample is relatively straight-forward.
 1. Test the sample with all supported infrastructures.
 1. Create a pull request for merge.
 
-
 ## 🙏 Acknowledgements
 
 This project has its roots in work done by [Alex Vieira][alex-vieira] on the excellent Azure API Management [AI Gateway][ai-gateway] GitHub repository. Much of the structure is similar and its reuse resulted in significant time savings. Thank you, Alex!
@@ -333,7 +342,6 @@ Furthermore, [Houssem Dellai][houssem-dellai] was instrumental in setting up a w
 
 The original author of this project is [Simon Kurtz][simon-kurtz].
 
-
 ## 🥇 Other resources
 
 - [AI Gateway][ai-gateway]
@@ -345,18 +353,15 @@ The original author of this project is [Simon Kurtz][simon-kurtz].
 
 _For much more API Management content, please also check out [APIM Love](https://aka.ms/apimlove)._
 
-
 ## 📜 Disclaimer
 
 > [!IMPORTANT]
 > This software is provided for demonstration purposes only. It is not intended to be relied upon for any purpose. The creators of this software make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the software or the information, products, services, or related graphics contained in the software for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
 
-
 [ai-gateway]: https://github.com/Azure-Samples/AI-Gateway
 [ai-gateway-private-connectivity]: https://github.com/Azure-Samples/AI-Gateway/tree/main/labs/private-connectivity
 [alex-vieira]: https://github.com/vieiraae
 [andrew-redman]: https://github.com/anotherRedbeard
-[apim-love]: https://aka.ms/apimlove
 [apim-lza]: https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/app-platform/api-management/landing-zone-accelerator
 [apim-snippets]: https://github.com/Azure/api-management-policy-snippets
 [azure-bicep-install]: https://learn.microsoft.com/azure/azure-resource-manager/bicep/install#azure-cli
@@ -366,7 +371,6 @@ _For much more API Management content, please also check out [APIM Love](https:/
 [badge-python-tests]: https://github.com/Azure-Samples/Apim-Samples/actions/workflows/python-tests.yml/badge.svg?branch=main
 [bicep-linter-docs]: https://learn.microsoft.com/azure/azure-resource-manager/bicep/bicep-config-linter
 [houssem-dellai]: https://github.com/HoussemDellai
-[import-troubleshooting]: .devcontainer/IMPORT-TROUBLESHOOTING.md
 [naga-cheruvu]: https://github.com/ncheruvu-MSFT
 [infra-afd-apim-pe]: ./infrastructure/afd-apim-pe
 [infra-apim-aca]: ./infrastructure/apim-aca
@@ -376,7 +380,6 @@ _For much more API Management content, please also check out [APIM Love](https:/
 [openssf]: https://www.bestpractices.dev/projects/11057
 [openssf-scorecard]: https://scorecard.dev/viewer/?uri=github.com/Azure-Samples/Apim-Samples
 [pytest-docs]: https://docs.pytest.org/
-[pytest-docs-versioned]: https://docs.pytest.org/en/8.2.x/
 [ruff-docs]: https://docs.astral.sh/ruff/
 [python]: https://www.python.org/
 [sample-authx]: ./samples/authX/README.md
diff --git a/docs/README.md b/docs/README.md
index 0d9e4c9e..33e4d3f9 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -6,7 +6,7 @@ This folder contains the source for the public landing page at
 ## How it works
 
 | Piece | Role |
-|---|---|
+| --- | --- |
 | `docs/index.html` | The page markup, structured data, and meta tags. CSS is externalised to `styles.css`; there is no executable JavaScript. |
 | `docs/styles.css` | All visual rules for the landing page. Referenced by `index.html` via `<link rel="stylesheet">`. |
 | `docs/robots.txt` | Permissive crawler policy plus a pointer to the sitemap. |
@@ -21,7 +21,7 @@ There is **no JavaScript framework, no bundler, and no npm install**. That is de
 
 From the Developer CLI (`./start.ps1` on Windows, `./start.sh` on macOS/Linux), choose:
 
-```
+```text
 w) Serve & view GitHub Pages website (auto-opens browser)
 ```
 
diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
index 008296a1..bbe9966e 100644
--- a/samples/inference-failover/README.md
+++ b/samples/inference-failover/README.md
@@ -10,7 +10,7 @@ This sample uses Azure API Management as an AI Gateway for two Azure OpenAI mode
 
 1. Route each model only to compatible Azure OpenAI deployments through model-specific APIM backend pools.
 1. Observe priority failover and equal-weight terminal routing when regional `Standard` deployments return `429` or `503` responses.
-1. Capture request, latency, and token telemetry through `ApiManagementGatewayLogs` and `ApiManagementGatewayLlmLog`.
+1. Capture request, retry-trail, failure, latency, and token telemetry through `ApiManagementGatewayLogs`, `TraceRecords`, and `ApiManagementGatewayLlmLog`.
 1. Use a controlled low-capacity model constellation to generate observable failover without treating simulated PTU tiers as real provisioned deployments.
 
 ## ✅ Prerequisites
@@ -46,16 +46,51 @@ All deployments below use the regional `Standard` SKU with a capacity of `1` tho
 This lab adds the following to an existing APIM infrastructure:
 
 - Three regional Azure OpenAI resources containing nine `Standard` model deployments at `1` thousand TPM each.
-- Nine concrete APIM backends named using `<model>-<PTU|PAYGO>-<region>`, each with TLS validation and a one-minute circuit breaker for `429` and `503` responses that accepts `Retry-After`.
+- Nine concrete APIM backends named using `<model>-<PTU|PAYG>-<region>`, each with TLS validation and a one-minute circuit breaker for `429` and `503` responses that accepts `Retry-After`.
 - One APIM backend pool per model so a retry never crosses to an incompatible deployment.
 - Two AI Gateway APIs with managed identity authentication to Azure OpenAI: `POST /inference/gpt-5-1/chat/completions` retries four times through A -> D -> B -> E/G (equal terminal weights), while `POST /inference/gpt-4-1-mini/chat/completions` retries three times through C -> F -> D -> H.
 
-- Model-specific retry policies that buffer the POST body while retrying throttled or unavailable backends and return a generic `503` when fallback is exhausted.
-- APIM AI Gateway diagnostics using the infrastructure-provided Log Analytics workspace and Application Insights component, plus an AOAI-only workbook for terminal outcomes, backend distribution, token usage, and latency.
+- Model-specific retry policies that buffer the POST body while retrying throttled or unavailable backends, emit an information-level trace after every backend attempt, always return the caller-visible `X-Backend-Retry` count, and return a generic `503` when fallback is exhausted.
+- APIM AI Gateway diagnostics using the infrastructure-provided Log Analytics workspace and Application Insights component, plus an AOAI-only workbook for terminal outcomes, retry trails, backend distribution, APIM errors, token coverage, and latency.
+- An optional Standard Event Hubs namespace, telemetry hub, and `external-observability` consumer group in the APIM region for downstream stream processors, SIEM platforms, or external analytics systems.
+
+### Observability Signals
+
+Every inference call produces one `ApiManagementGatewayLogs` row. The workbook and KQL files preserve the difference between the APIM caller response and the final backend response so an operator can determine whether APIM recovered, transformed the result, or exhausted fallback capacity.
+
+| Signal | Source | What it explains |
+| --- | --- | --- |
+| Caller-visible response | `ApiManagementGatewayLogs.ResponseCode` | The HTTP status ultimately returned by APIM. |
+| Caller-visible retries | `X-Backend-Retry` response header | The number of backend retries absorbed by APIM after the initial attempt. A healthy-path response normally returns `0`. |
+| Final backend response | `ApiManagementGatewayLogs.BackendResponseCode` | The HTTP status from the last selected Azure OpenAI backend. |
+| Final backend placement | `ApiManagementGatewayLogs.BackendId`, `BackendUrl` | The concrete backend used for the final attempt. |
+| Retry trail | `ApiManagementGatewayLogs.TraceRecords` | Each `InferenceBackendAttemptComplete` event records its attempt number, backend response code, and whether retry remained eligible. |
+| Exhausted fallback | `ApiManagementGatewayLogs.TraceRecords` | `InferenceFallbackExhausted` proves that APIM replaced the final `429` or `503` with the generic caller-facing `503`. |
+| Native APIM failures | `Errors`, `LastErrorSource`, `LastErrorReason`, `LastErrorSection`, `LastErrorMessage` | Pipeline failures that are not ordinary Azure OpenAI HTTP responses. |
+| LLM usage and message chunks | `ApiManagementGatewayLlmLog` joined by `CorrelationId` | Model deployment, token usage, and whether prompt/completion message telemetry arrived. |
+
+The sample includes copy-paste KQL for aggregated outcomes, backend distribution, failure taxonomy, telemetry coverage, and a per-request investigation view. The workbook exposes the same operational views and adds a correlation-ID filter for targeted troubleshooting. See the [query catalog](queries/README.md) for parameters, signal sources, and investigation guidance.
+
+- [failover-outcomes.kql](queries/failover-outcomes.kql) - Caller-visible outcomes, final backend outcomes, and retry statistics.
+- [backend-distribution.kql](queries/backend-distribution.kql) - Final backend placement, status distribution, and latency.
+- [failure-analysis.kql](queries/failure-analysis.kql) - Recovered failovers, exhausted chains, backend failures, and APIM pipeline errors.
+- [llm-telemetry-coverage.kql](queries/llm-telemetry-coverage.kql) - Token and prompt/completion message-chunk coverage for successful calls.
+- [request-details.kql](queries/request-details.kql) - Joined per-request gateway, retry, failure, and LLM telemetry for incident investigation.
+- [token-throughput.kql](queries/token-throughput.kql) - Token volume by API, backend, and model.
 
 ### Managed Identity And Privacy
 
-The inference API policy authenticates every selected backend request with APIM's system-assigned managed identity and the **Cognitive Services OpenAI User** role. It never stores or forwards an Azure OpenAI API key. For learning and testing, the infrastructure's global APIM policy returns the selected backend URL in the `X-Backend-URL` response header so the notebook can record routing decisions. Disable `revealBackendApiInfo` for production-like environments. If fallback is exhausted, callers receive a generic `503` response without backend identity or placement information.
+The inference API policy authenticates every selected backend request with APIM's system-assigned managed identity and the **Cognitive Services OpenAI User** role. It never stores or forwards an Azure OpenAI API key. For learning and testing, the infrastructure's global APIM policy returns the selected backend URL in the `X-Backend-URL` response header so the notebook can record routing decisions. Disable `revealBackendApiInfo` for production-like environments. The inference policy always returns `X-Backend-Retry`, including when fallback is exhausted, so callers can see how many backend failures APIM absorbed after the initial attempt. If fallback is exhausted, callers receive a generic `503` response without backend identity or placement information.
+
+This learning sample enables LLM prompt and completion message logging. Treat the Log Analytics workspace as sensitive. Before production use, review retention and role-based access, then disable message capture or reduce logged message size when full prompt/completion bodies are not required. The workbook reports chunk counts for completeness but intentionally does not render prompt or completion bodies.
+
+### Optional Event Hub Export
+
+Set `enable_event_hub_export = True` under *SYSTEM CONFIGURATION* in [create.ipynb](create.ipynb) to stream the APIM diagnostic feed to a sample-scoped Event Hub while retaining Log Analytics ingestion and workbook views. The option defaults to `False` so the normal sample deployment does not add Event Hubs cost. When enabled, the sample deploys a Standard Event Hubs namespace in the selected infrastructure/APIM region, a non-compacted `apim-inference-failover` hub, and an `external-observability` consumer group for downstream processors.
+
+The Event Hub receives the same broad APIM diagnostic stream configured for Log Analytics: `GatewayLogs`, `GatewayLlmLogs`, `WebSocketConnectionLogs`, and `AllMetrics`. This includes caller-visible responses, final backend responses, backend placement, policy `TraceRecords`, native APIM errors, model and token telemetry, and logged prompt/completion message chunks. Workbook calculations are derived views rather than emitted events, so external processors should reconstruct their preferred aggregations from the raw stream.
+
+Treat the Event Hub stream as sensitive for the same reason as the Log Analytics workspace: prompt and completion content can be present. Apply appropriate retention, network controls, role-based access, and consumer-side data handling before using the option beyond the lab. The sample creates the namespace authorization rule required by Azure Monitor diagnostic streaming but does not expose its connection string.
 
 Gateway ingress exposure follows the selected infrastructure: choose a Private Link or VNet architecture when private ingress is required, while the notebook keeps Simple API Management as its approachable default.
 
@@ -65,17 +100,24 @@ Routine probes intentionally do not perform inference: recurring multi-location
 
 1. Deploy any [infrastructure architecture](../../README.md#list-of-infrastructures), with [Simple API Management](../../infrastructure/simple-apim/README.md) as the notebook default.
 1. Open [create.ipynb](create.ipynb) and adjust only values under *USER CONFIGURATION* if necessary.
+1. To externalize the APIM diagnostic feed, set `enable_event_hub_export = True` under *SYSTEM CONFIGURATION*. Leave the default `False` value in place when Event Hub streaming is not needed.
 1. Run all notebook cells to deploy the model constellation, APIs, workbook, controlled inference requests, and telemetry charts.
-1. Increase `pressure_requests_per_model` only when the initial traffic does not produce sufficient concentrated pressure for failover observation; requests consume real Azure OpenAI tokens.
+1. Increase `max_completion_tokens` only when the initial traffic does not produce sufficient concentrated pressure for failover observation; requests consume real Azure OpenAI tokens.
 
 ## 🖼️ Expected Results
 
 After the traffic cells run and telemetry ingestion completes, the notebook plots terminal outcomes and token usage while the workbook provides longer-lived views of:
 
-- Requests and terminal `503` results by inference API.
-- Concrete backend distribution when the APIM gateway log records the resolved backend identity.
-- Prompt, completion, and total tokens by model route.
-- Backend latency trends during controlled pressure.
+- A self-contained local HTML report linked at the end of the run, with assertion totals, scenario outcomes, response-time graphs, available telemetry tables and graphs, and Azure exploration links.
+- Per-run response-time charts for baseline, sustained-pressure, paced-recovery, and terminal-burst scenarios, colored by URL-derived backend index and annotated with captured `X-Backend-URL` values.
+- Caller-visible `X-Backend-Retry` counts that expose how many backend failures APIM absorbed before returning each response.
+- Caller-visible APIM response codes versus final backend response codes.
+- Concrete final-backend distribution using gateway-recorded backend IDs and URLs.
+- Per-request retry trails, recovered failovers, and terminal fallback exhaustion.
+- Native APIM pipeline failures from `Errors` and `LastError*` fields.
+- Prompt, completion, and total tokens by model route, plus successful-request token coverage and message-chunk statistics.
+- Total and backend latency trends during controlled pressure.
+- Joined request exploration by `CorrelationId` without rendering sensitive prompt or completion bodies.
 
 ## 🧹 Clean Up
 
@@ -85,4 +127,6 @@ The sample resources live in the selected infrastructure resource group. Remove
 
 - [Backends in API Management](https://learn.microsoft.com/azure/api-management/backends)
 - [Authenticate and authorize access to LLM APIs by using API Management](https://learn.microsoft.com/azure/api-management/api-management-authenticate-authorize-ai-apis)
+- [Diagnostic settings in Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/platform/diagnostic-settings)
+- [Azure Event Hubs documentation](https://learn.microsoft.com/azure/event-hubs/)
 - [Azure OpenAI quotas and limits](https://learn.microsoft.com/azure/ai-services/openai/quotas-limits)
diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index edd7f36b..a506fdb6 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -32,7 +32,17 @@
     "\n",
     "Each operation targets one APIM backend pool. The pool selects a single member per request by priority (lowest first), and members that share a priority split traffic by weight. The backends never call one another; APIM picks the active backend and fails over to the next priority tier when one is unavailable.\n",
     "\n",
-    "Every target is a regional `Standard` pay-as-you-go deployment. `PTU` identifies a simulated routing preference, not a provisioned deployment.\n",
+    "### Why This Lab Uses `Standard` Deployments\n",
+    "\n",
+    "Every target in this lab is a regional `Standard` pay-per-token deployment at `1` thousand TPM. This keeps the lab approachable, makes each regional target explicit, and makes concentrated traffic likely to produce observable `429` responses that exercise APIM circuit breaking and fallback. The `PTU` and `PAYG` labels describe the preference tiers being simulated; they do not change the real Azure OpenAI SKU or billing model.\n",
+    "\n",
+    "For production, a better deployment type depends on model support, traffic shape, and data-residency requirements. For example, `gpt-4.1-mini` supports provisioned managed deployments. A regional `ProvisionedManaged` deployment reserves PTUs for predictable throughput and lower latency variance. Where the selected model and residency requirements permit, `GlobalStandard` can dynamically route across Azure datacenters and provide higher default quota, while `DataZoneStandard` can dynamically route within a US or EU data zone. This lab intentionally uses regional `Standard` deployments so every destination and APIM failover decision remain visible. See [deployment types](https://learn.microsoft.com/azure/foundry/foundry-models/concepts/deployment-types) and [model availability](https://learn.microsoft.com/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure-region-availability) before choosing a production topology.\n",
+    "\n",
+    "### Reading The Deployment Identifiers\n",
+    "\n",
+    "The `a)` through `h)` prefixes are compact visual identifiers for concrete Azure OpenAI model deployments. In Azure, each prefix is part of the full deployment name, such as `a-gpt-5-1` or `c-gpt-4-1-mini`. The notebook uses these names in `X-Backend-URL` values and charts so a routed request can be traced back to the same graph node.\n",
+    "\n",
+    "The letters are labels, not priorities. Read each letter together with its model name: for example, `d) gpt-5-1` and `d) gpt-4-1-mini` are different deployments. The graph-edge labels define the routing priority.\n",
     "\n",
     "```mermaid\n",
     "flowchart LR\n",
@@ -40,19 +50,19 @@
     "    C51[\"POST /inference/gpt-5-1/chat/completions\"] --> P5{{\"&nbsp;&nbsp;Backend pool: inference-gpt-5-1-pool&nbsp;&nbsp;\"}}\n",
     "    P5 -- \"priority 1\" --> A[\"`East US 2\n",
     "                            PTU\n",
-    "                            gpt-5-1`\"]\n",
+    "                            a) gpt-5-1`\"]\n",
     "    P5 -- \"priority 2\" --> D[\"`West US 3\n",
     "                            PTU\n",
-    "                            gpt-5-1`\"]\n",
+    "                            d) gpt-5-1`\"]\n",
     "    P5 -- \"priority 3\" --> B[\"`East US 2\n",
     "                            PAYG\n",
-    "                            gpt-5-1`\"]\n",
+    "                            b) gpt-5-1`\"]\n",
     "    P5 -- \"priority 4 &middot; weight 50\" --> E[\"`West US 3 \n",
     "                                                PAYG\n",
-    "                                                gpt-5-1`\"]\n",
+    "                                                e) gpt-5-1`\"]\n",
     "    P5 -- \"priority 4 &middot; weight 50\" --> G[\"`South Central US\n",
     "                                                PAYG\n",
-    "                                                gpt-5-1`\"]\n",
+    "                                                g) gpt-5-1`\"]\n",
     "  end\n",
     "\n",
     "  S5 ~~~ S4\n",
@@ -61,16 +71,16 @@
     "    C41[\"POST /inference/gpt-4-1-mini/chat/completions\"] --> P4{{\"&nbsp;&nbsp;Backend pool: inference-gpt-4-1-mini-pool&nbsp;&nbsp;\"}}\n",
     "    P4 -- \"priority 1\" --> C[\"`East US 2\n",
     "                                PTU\n",
-    "                                gpt-4-1-mini`\"]\n",
+    "                                c) gpt-4-1-mini`\"]\n",
     "    P4 -- \"priority 2\" --> F[\"`West US 3 \n",
     "                                PTU\n",
-    "                                gpt-4-1-mini`\"]\n",
+    "                                f) gpt-4-1-mini`\"]\n",
     "    P4 -- \"priority 3\" --> DP[\"`East US 2\n",
     "                                PAYG\n",
-    "                                gpt-4-1-mini`\"]\n",
+    "                                d) gpt-4-1-mini`\"]\n",
     "    P4 -- \"priority 4\" --> H[\"`South Central US\n",
     "                                PAYG\n",
-    "                                gpt-4-1-mini`\"]\n",
+    "                                h) gpt-4-1-mini`\"]\n",
     "  end\n",
     "```\n"
    ]
@@ -104,6 +114,7 @@
     "# ------------------------------\n",
     "\n",
     "sample_folder = 'inference-failover'\n",
+    "enable_event_hub_export = False             # Opt in to regional Event Hub streaming for APIM telemetry\n",
     "rg_name = az.get_infra_rg_name(deployment, index)\n",
     "supported_infras = [\n",
     "    INFRASTRUCTURE.AFD_APIM_PE,\n",
@@ -158,7 +169,7 @@
     ")\n",
     "apis = [gpt_5_1_api, gpt_4_1_mini_api]\n",
     "\n",
-    "print_ok('Notebook initialized')\n"
+    "print_ok('Notebook initialized')"
    ]
   },
   {
@@ -168,7 +179,7 @@
    "source": [
     "## Deploy Inference Gateway Resources\n",
     "\n",
-    "Deploy the regional Azure OpenAI constellation, APIM backends and pools, retry fragment, LLM diagnostic wiring, two APIs, and the AOAI-only workbook into the selected infrastructure resource group."
+    "Deploy the regional Azure OpenAI constellation, APIM backends and pools, retry fragment, LLM diagnostic wiring, two APIs, AOAI-only workbook, and optional regional Event Hub telemetry stream into the selected infrastructure resource group."
    ]
   },
   {
@@ -178,12 +189,13 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "from console import print_error, print_ok, print_val\n",
+    "from console import print_ok, print_val\n",
     "\n",
     "bicep_parameters = {\n",
     "    'location': {'value': rg_location},\n",
     "    'index': {'value': index},\n",
     "    'apis': {'value': [api.to_dict() for api in apis]},\n",
+    "    'enableEventHubExport': {'value': enable_event_hub_export},\n",
     "}\n",
     "output = nb_helper.deploy_sample(bicep_parameters)\n",
     "\n",
@@ -194,33 +206,43 @@
     "    log_analytics_id = output.get('logAnalyticsWorkspaceId', 'Log Analytics Workspace ID')\n",
     "    workbook_name = output.get('workbookName', 'Workbook Name')\n",
     "    workbook_id = output.get('workbookId', 'Workbook ID')\n",
+    "    event_hub_export_enabled = output.get('eventHubExportEnabled', 'Event Hub export enabled')\n",
+    "    event_hub_namespace_id = output.get('eventHubNamespaceId', 'Event Hubs namespace ID')\n",
+    "    event_hub_namespace_name = output.get('eventHubNamespaceName', 'Event Hubs namespace name')\n",
+    "    event_hub_id = output.get('eventHubId', 'Event Hub ID')\n",
+    "    event_hub_name = output.get('eventHubName', 'Event Hub name')\n",
+    "    event_hub_consumer_group_name = output.get('eventHubConsumerGroupName', 'Event Hub consumer group name')\n",
+    "    event_hub_location = output.get('eventHubLocation', 'Event Hubs namespace location')\n",
     "    api_outputs = output.getJson('apiOutputs', 'Inference API outputs', secure=True)\n",
     "    api_keys = {api_output['name']: api_output['subscriptionPrimaryKey'] for api_output in api_outputs}\n",
     "    print_val('Workbook', workbook_name)\n",
-    "    print_ok('Inference failover deployment completed successfully')\n",
-    "else:\n",
-    "    print_error('Deployment failed')\n",
-    "    raise SystemExit(1)"
+    "    print_val('Event Hub export enabled', event_hub_export_enabled)\n",
+    "    if event_hub_export_enabled:\n",
+    "        print_val('Event Hubs namespace', event_hub_namespace_name)\n",
+    "        print_val('Event Hub', event_hub_name)\n",
+    "        print_val('Event Hub consumer group', event_hub_consumer_group_name)\n",
+    "        print_val('Event Hubs location', event_hub_location)\n",
+    "    print_ok('Inference failover deployment completed successfully')\n"
    ]
   },
   {
    "cell_type": "markdown",
-   "id": "86ab2697",
+   "id": "2a933ba2",
    "metadata": {},
    "source": [
     "## 🧪 Inference Failover Test Matrix\n",
     "\n",
-    "Run a methodical series of scenarios that exercise the model-safe backend pools under increasing pressure, mirroring the structure of the load-balancing sample. Each scenario sends several real Azure OpenAI requests through a single shared session, captures the served backend from the `X-Backend-Id` response header, and verifies the observed behaviour.\n",
+    "Run a methodical series of scenarios that exercise the model-safe backend pools under increasing pressure, mirroring the structure of the load-balancing sample. Each scenario sends real Azure OpenAI requests through a single shared session, captures the served backend from the `X-Backend-URL` response header, and records any HTTP `4xx` or `5xx` response so later requests continue to run.\n",
     "\n",
     "| # | Scenario | API | Runs | Sleep | Behaviour verified |\n",
     "| --- | --- | --- | --- | --- | --- |\n",
-    "| 1 | Baseline warm path | both | 6 each | none | Fresh priority-1 backend serves small requests with `200` |\n",
+    "| 1 | Baseline warm path | gpt-5.1 / gpt-4.1-mini | 3 / 6 | none | Fresh priority-1 backend serves small control requests with `200` |\n",
     "| 2 | Sustained pressure | gpt-5.1 | 45 | none | Low-TPM exhaustion forces throttling and priority failover |\n",
-    "| 3 | Sustained pressure | gpt-4.1-mini | 30 | none | Independent pool exhausts and fails over on its own |\n",
+    "| 3 | Sustained pressure | gpt-4.1-mini | 15 | none | Independent pool exhausts and fails over on its own |\n",
     "| 4 | Paced recovery | gpt-5.1 | 30 | 1.5 s | Inter-request spacing lets circuit breakers recover and lifts the success rate |\n",
-    "| 5 | Terminal exhaustion | gpt-5.1 | 35 | none | A hard burst drains every tier and returns the generic `503` |\n",
+    "| 5 | Terminal exhaustion | gpt-5.1 | 35 | none | A hard burst drains every tier and can return the generic `503` |\n",
     "\n",
-    "> These are real Azure OpenAI calls (~150 requests) that consume tokens. The deployments are intentionally provisioned at minimum capacity so that pressure is observable quickly; this is an observation aid, not production sizing guidance.\n"
+    "> These are real Azure OpenAI calls (`134` requests) that consume tokens. The deployments are intentionally provisioned at minimum capacity so that pressure is observable quickly; this is an observation aid, not production sizing guidance."
    ]
   },
   {
@@ -236,31 +258,41 @@
     "import requests as http_requests\n",
     "\n",
     "from apimtesting import ApimTesting\n",
+    "from apimtypes import SUBSCRIPTION_KEY_PARAMETER_NAME\n",
     "from console import print_error, print_info, print_message, print_ok\n",
     "\n",
     "if 'api_keys' not in locals():\n",
     "    print_error('Please run the deployment cell first')\n",
     "    raise SystemExit(1)\n",
     "\n",
+    "required_api_names = ['inference-gpt-5-1', 'inference-gpt-4-1-mini']\n",
+    "missing_api_keys = [api_name for api_name in required_api_names if not api_keys.get(api_name)]\n",
+    "if missing_api_keys:\n",
+    "    print_error(f'Missing API subscription keys for: {\", \".join(missing_api_keys)}')\n",
+    "    print_error('Please rerun the deployment cell to refresh the API subscription outputs')\n",
+    "    raise SystemExit(1)\n",
+    "\n",
     "endpoint_url, request_headers, allow_insecure_tls = utils.get_endpoint(deployment, rg_name, apim_gateway_url)\n",
     "\n",
-    "# Stable backend -> chart index mapping in pool-priority order so chart colors track failover tiers.\n",
-    "gpt_5_1_backend_index = {\n",
-    "    'a-gpt-5-1': 0,   # P1 in-region PTU\n",
-    "    'b-gpt-5-1': 1,   # P2 in-region PAYG\n",
-    "    'd-gpt-5-1': 2,   # P3 out-of-region PTU\n",
-    "    'e-gpt-5-1': 3,   # P4 out-of-region PAYG (westus3)\n",
-    "    'g-gpt-5-1': 4,   # P4 out-of-region PAYG (southcentralus)\n",
+    "# URL markers are listed in deployed pool-priority order so chart colors track failover tiers.\n",
+    "gpt_5_1_backend_url_index = {\n",
+    "    '/openai/deployments/a-gpt-5-1': 0,   # P1 in-region PTU\n",
+    "    '/openai/deployments/d-gpt-5-1': 1,   # P2 out-of-region PTU\n",
+    "    '/openai/deployments/b-gpt-5-1': 2,   # P3 in-region PAYG\n",
+    "    '/openai/deployments/e-gpt-5-1': 3,   # P4 out-of-region PAYG (westus3)\n",
+    "    '/openai/deployments/g-gpt-5-1': 4,   # P4 out-of-region PAYG (southcentralus)\n",
     "}\n",
-    "gpt_4_1_mini_backend_index = {\n",
-    "    'c-gpt-4-1-mini': 0,   # P1 in-region PTU\n",
-    "    'd-gpt-4-1-mini': 1,   # P2 in-region PAYG\n",
-    "    'f-gpt-4-1-mini': 2,   # P3 out-of-region PTU\n",
-    "    'h-gpt-4-1-mini': 3,   # P4 out-of-region PAYG\n",
+    "gpt_4_1_mini_backend_url_index = {\n",
+    "    '/openai/deployments/c-gpt-4-1-mini': 0,   # P1 in-region PTU\n",
+    "    '/openai/deployments/f-gpt-4-1-mini': 1,   # P2 out-of-region PTU\n",
+    "    '/openai/deployments/d-gpt-4-1-mini': 2,   # P3 in-region PAYG\n",
+    "    '/openai/deployments/h-gpt-4-1-mini': 3,   # P4 out-of-region PAYG\n",
     "}\n",
     "\n",
     "gpt_5_1_route = f'{api_prefix}/gpt-5-1/chat/completions'\n",
     "gpt_4_1_mini_route = f'{api_prefix}/gpt-4-1-mini/chat/completions'\n",
+    "gpt_5_1_baseline_runs = 3\n",
+    "gpt_4_1_mini_baseline_runs = 6\n",
     "\n",
     "small_payload = {\n",
     "    'messages': [{'role': 'user', 'content': 'Return the word ready.'}],\n",
@@ -272,8 +304,43 @@
     "}\n",
     "\n",
     "\n",
-    "def run_inference_scenario(session, route, api_key, payload, runs, backend_index_map, scenario_label, sleep_ms = 0):\n",
-    "    \"\"\"Send `runs` POSTs through one route, attributing each response to its served backend.\"\"\"\n",
+    "def get_backend_index(backend_url: str, backend_url_index: dict[str, int]) -> int:\n",
+    "    \"\"\"Return the chart index for an `X-Backend-URL` value, or 99 when no known marker matches.\"\"\"\n",
+    "    return next((index for url_marker, index in backend_url_index.items() if url_marker in backend_url), 99)\n",
+    "\n",
+    "\n",
+    "def get_backend_retry(response) -> int:\n",
+    "    \"\"\"Return the caller-visible retry count, stopping when the required header is invalid.\"\"\"\n",
+    "    retry_header = response.headers.get('X-Backend-Retry')\n",
+    "    if retry_header is None:\n",
+    "        print_error('Required X-Backend-Retry response header is missing.')\n",
+    "        raise SystemExit(1)\n",
+    "\n",
+    "    try:\n",
+    "        backend_retry = int(retry_header)\n",
+    "    except ValueError:\n",
+    "        print_error(f'Invalid X-Backend-Retry response header: {retry_header}')\n",
+    "        raise SystemExit(1) from None\n",
+    "\n",
+    "    if backend_retry < 0:\n",
+    "        print_error(f'Invalid negative X-Backend-Retry response header: {backend_retry}')\n",
+    "        raise SystemExit(1)\n",
+    "\n",
+    "    return backend_retry\n",
+    "\n",
+    "\n",
+    "def fail_on_unexpected_status(response) -> None:\n",
+    "    \"\"\"Stop immediately when a scenario receives a response outside the captured HTTP outcomes.\"\"\"\n",
+    "    if response.status_code == 200 or 400 <= response.status_code < 600:\n",
+    "        return\n",
+    "\n",
+    "    print_error(f'Unexpected HTTP {response.status_code} response from the inference route.')\n",
+    "    print_error(f'Response body: {response.text}')\n",
+    "    raise SystemExit(1)\n",
+    "\n",
+    "\n",
+    "def run_inference_scenario(session, route, subscription_key, payload, runs, backend_url_index, scenario_label, sleep_ms = 0):\n",
+    "    \"\"\"Send `runs` POSTs through one route, attributing each response to its resolved backend URL.\"\"\"\n",
     "    results = []\n",
     "    url = f'{endpoint_url}/{route}'\n",
     "    print_message(scenario_label, blank_above = True)\n",
@@ -281,30 +348,39 @@
     "\n",
     "    for run_index in range(1, runs + 1):\n",
     "        start_time = time.time()\n",
-    "        response = session.post(url, headers = {'api-key': api_key}, json = payload, timeout = 120)\n",
+    "        response = session.post(\n",
+    "            url,\n",
+    "            headers = {SUBSCRIPTION_KEY_PARAMETER_NAME: subscription_key},\n",
+    "            json = payload,\n",
+    "            timeout = 120,\n",
+    "        )\n",
     "        response_time = time.time() - start_time\n",
     "\n",
-    "        backend_id = response.headers.get('X-Backend-Id', 'unknown')\n",
-    "        backend_index = backend_index_map.get(backend_id, 99)\n",
-    "\n",
-    "        # Inject the backend index into the stored body so charts.BarChart colors each 200 bar by the\n",
-    "        # served backend. Non-200 responses keep their error body and are charted in red.\n",
+    "        backend_url = response.headers.get('X-Backend-URL', 'unknown')\n",
+    "        backend_retry = get_backend_retry(response)\n",
+    "        print_info(f'Run {run_index}/{runs}: {response.status_code} via {backend_url}; X-Backend-Retry={backend_retry} ({response_time:.2f}s)')\n",
+    "        fail_on_unexpected_status(response)\n",
+    "        if 400 <= response.status_code < 600:\n",
+    "            print_info(f'Captured error response body: {response.text}')\n",
+    "        backend_index = get_backend_index(backend_url, backend_url_index)\n",
+    "\n",
+    "        # Inject the URL-derived backend index into the stored body so charts.BarChart colors each successful\n",
+    "        # bar by the resolved backend. Preserve the actual model response separately for inspection.\n",
+    "        response_body = response.text\n",
     "        if response.status_code == 200:\n",
-    "            response_body = json.dumps({'index': backend_index, 'backend': backend_id})\n",
-    "        else:\n",
-    "            response_body = response.text\n",
+    "            response_body = json.dumps({'index': backend_index, 'backendUrl': backend_url, 'backendRetry': backend_retry})\n",
     "\n",
     "        results.append({\n",
     "            'run': run_index,\n",
     "            'response': response_body,\n",
+    "            'model_response': response.text,\n",
     "            'status_code': response.status_code,\n",
     "            'response_time': response_time,\n",
     "            'headers': dict(response.headers),\n",
-    "            'backend': backend_id,\n",
+    "            'backend_url': backend_url,\n",
+    "            'backend_retry': backend_retry,\n",
     "        })\n",
     "\n",
-    "        print_info(f'Run {run_index}/{runs}: {response.status_code} via {backend_id} ({response_time:.2f}s)')\n",
-    "\n",
     "        if sleep_ms:\n",
     "            time.sleep(sleep_ms / 1000)\n",
     "\n",
@@ -312,12 +388,31 @@
     "\n",
     "\n",
     "def summarize_scenario(results):\n",
-    "    \"\"\"Return (successes, throttled, unavailable, served_backends) for a scenario result list.\"\"\"\n",
-    "    successes = sum(1 for r in results if r['status_code'] == 200)\n",
-    "    throttled = sum(1 for r in results if r['status_code'] == 429)\n",
-    "    unavailable = sum(1 for r in results if r['status_code'] == 503)\n",
-    "    served_backends = sorted({r['backend'] for r in results if r['status_code'] == 200 and r['backend'] != 'unknown'})\n",
-    "    return successes, throttled, unavailable, served_backends\n",
+    "    \"\"\"Return success, error-class, status-code, and backend URL summaries for a scenario result list.\"\"\"\n",
+    "    status_code_counts = {}\n",
+    "    for result in results:\n",
+    "        status_code = result['status_code']\n",
+    "        status_code_counts[status_code] = status_code_counts.get(status_code, 0) + 1\n",
+    "\n",
+    "    successes = sum(1 for result in results if result['status_code'] == 200)\n",
+    "    client_errors = sum(1 for result in results if 400 <= result['status_code'] < 500)\n",
+    "    server_errors = sum(1 for result in results if 500 <= result['status_code'] < 600)\n",
+    "    served_backend_urls = sorted({\n",
+    "        result['backend_url']\n",
+    "        for result in results\n",
+    "        if result['status_code'] == 200 and result['backend_url'] != 'unknown'\n",
+    "    })\n",
+    "    return successes, client_errors, server_errors, dict(sorted(status_code_counts.items())), served_backend_urls\n",
+    "\n",
+    "\n",
+    "def summarize_backend_retries(results):\n",
+    "    \"\"\"Return the caller-visible `X-Backend-Retry` distribution for a scenario result list.\"\"\"\n",
+    "    retry_counts = {}\n",
+    "    for result in results:\n",
+    "        backend_retry = result['backend_retry']\n",
+    "        retry_counts[backend_retry] = retry_counts.get(backend_retry, 0) + 1\n",
+    "\n",
+    "    return dict(sorted(retry_counts.items()))\n",
     "\n",
     "\n",
     "tests = ApimTesting('Inference Failover Scenario Tests', sample_folder, nb_helper.deployment)\n",
@@ -331,75 +426,96 @@
     "try:\n",
     "    # 1/5: Baseline warm path - both routes, small payloads against fresh priority-1 backends.\n",
     "    scenario1_gpt_5_1 = run_inference_scenario(\n",
-    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], small_payload, 6, gpt_5_1_backend_index,\n",
+    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], small_payload, gpt_5_1_baseline_runs, gpt_5_1_backend_url_index,\n",
     "        '1/5: Baseline warm path - gpt-5.1',\n",
     "    )\n",
     "    scenario1_gpt_4_1_mini = run_inference_scenario(\n",
-    "        session, gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], small_payload, 6, gpt_4_1_mini_backend_index,\n",
+    "        session, gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], small_payload, gpt_4_1_mini_baseline_runs, gpt_4_1_mini_backend_url_index,\n",
     "        '1/5: Baseline warm path - gpt-4.1-mini',\n",
     "    )\n",
-    "    tests.verify(len(scenario1_gpt_5_1), 6)\n",
-    "    tests.verify(len(scenario1_gpt_4_1_mini), 6)\n",
+    "    tests.verify(len(scenario1_gpt_5_1), gpt_5_1_baseline_runs)\n",
+    "    tests.verify(len(scenario1_gpt_4_1_mini), gpt_4_1_mini_baseline_runs)\n",
     "    tests.verify(scenario1_gpt_5_1[0]['status_code'], 200, label = 'gpt-5.1 baseline first request succeeded')\n",
     "    tests.verify(scenario1_gpt_4_1_mini[0]['status_code'], 200, label = 'gpt-4.1-mini baseline first request succeeded')\n",
     "\n",
     "    # 2/5: Sustained pressure on gpt-5.1 - no spacing, drive low-TPM exhaustion and failover.\n",
     "    time.sleep(2)\n",
     "    scenario2_gpt_5_1 = run_inference_scenario(\n",
-    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 45, gpt_5_1_backend_index,\n",
+    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 45, gpt_5_1_backend_url_index,\n",
     "        '2/5: Sustained pressure - gpt-5.1 (no spacing)',\n",
     "    )\n",
-    "    s2_success, s2_throttled, s2_unavailable, _ = summarize_scenario(scenario2_gpt_5_1)\n",
+    "    s2_success, s2_client_errors, s2_server_errors, s2_status_codes, _ = summarize_scenario(scenario2_gpt_5_1)\n",
     "    tests.verify(len(scenario2_gpt_5_1), 45)\n",
     "    tests.verify(s2_success > 0, True, label = 'gpt-5.1 sustained pressure still served some requests')\n",
     "    tests.verify(\n",
-    "        (s2_throttled + s2_unavailable) > 0,\n",
+    "        (s2_success + s2_client_errors + s2_server_errors) == len(scenario2_gpt_5_1),\n",
     "        True,\n",
-    "        label = 'gpt-5.1 sustained pressure produced throttling or failover exhaustion',\n",
+    "        label = 'gpt-5.1 sustained pressure captured every request',\n",
     "    )\n",
+    "    if (s2_client_errors + s2_server_errors) > 0:\n",
+    "        print_info(\n",
+    "            f'gpt-5.1 sustained pressure observed {s2_client_errors} 4xx and {s2_server_errors} 5xx responses: '\n",
+    "            f'{s2_status_codes}'\n",
+    "        )\n",
+    "    else:\n",
+    "        print_info('gpt-5.1 sustained pressure was fully absorbed by priority/weighted failover (no 4xx/5xx)')\n",
     "\n",
     "    # 3/5: Sustained pressure on gpt-4.1-mini - the independent pool exhausts on its own.\n",
     "    time.sleep(2)\n",
     "    scenario3_gpt_4_1_mini = run_inference_scenario(\n",
-    "        session, gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], pressure_payload, 30, gpt_4_1_mini_backend_index,\n",
+    "        session, gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], pressure_payload, 15, gpt_4_1_mini_backend_url_index,\n",
     "        '3/5: Sustained pressure - gpt-4.1-mini (no spacing)',\n",
     "    )\n",
-    "    s3_success, s3_throttled, s3_unavailable, _ = summarize_scenario(scenario3_gpt_4_1_mini)\n",
-    "    tests.verify(len(scenario3_gpt_4_1_mini), 30)\n",
+    "    s3_success, s3_client_errors, s3_server_errors, s3_status_codes, _ = summarize_scenario(scenario3_gpt_4_1_mini)\n",
+    "    tests.verify(len(scenario3_gpt_4_1_mini), 15)\n",
     "    tests.verify(s3_success > 0, True, label = 'gpt-4.1-mini sustained pressure still served some requests')\n",
     "    tests.verify(\n",
-    "        (s3_throttled + s3_unavailable) > 0,\n",
+    "        (s3_success + s3_client_errors + s3_server_errors) == len(scenario3_gpt_4_1_mini),\n",
     "        True,\n",
-    "        label = 'gpt-4.1-mini sustained pressure produced throttling or failover exhaustion',\n",
+    "        label = 'gpt-4.1-mini sustained pressure captured every request',\n",
     "    )\n",
+    "    if (s3_client_errors + s3_server_errors) > 0:\n",
+    "        print_info(\n",
+    "            f'gpt-4.1-mini sustained pressure observed {s3_client_errors} 4xx and {s3_server_errors} 5xx responses: '\n",
+    "            f'{s3_status_codes}'\n",
+    "        )\n",
+    "    else:\n",
+    "        print_info('gpt-4.1-mini sustained pressure was fully absorbed by priority failover (no 4xx/5xx)')\n",
     "\n",
     "    # 4/5: Paced recovery on gpt-5.1 - inter-request spacing lets circuit breakers recover.\n",
     "    time.sleep(2)\n",
     "    scenario4_gpt_5_1 = run_inference_scenario(\n",
-    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 30, gpt_5_1_backend_index,\n",
+    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 30, gpt_5_1_backend_url_index,\n",
     "        '4/5: Paced recovery - gpt-5.1 (1.5s spacing)', sleep_ms = 1500,\n",
     "    )\n",
-    "    s4_success, _, _, _ = summarize_scenario(scenario4_gpt_5_1)\n",
+    "    s4_success, _, _, _, _ = summarize_scenario(scenario4_gpt_5_1)\n",
     "    tests.verify(len(scenario4_gpt_5_1), 30)\n",
     "    tests.verify(s4_success > 0, True, label = 'gpt-5.1 paced recovery served requests across the window')\n",
     "\n",
-    "    # 5/5: Terminal exhaustion on gpt-5.1 - a hard burst drains every tier to the generic 503.\n",
+    "    # 5/5: Terminal exhaustion on gpt-5.1 - a hard burst may drain every tier to the generic 503.\n",
     "    time.sleep(2)\n",
     "    scenario5_gpt_5_1 = run_inference_scenario(\n",
-    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 35, gpt_5_1_backend_index,\n",
+    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 35, gpt_5_1_backend_url_index,\n",
     "        '5/5: Terminal exhaustion - gpt-5.1 (hard burst)',\n",
     "    )\n",
-    "    s5_success, s5_throttled, s5_unavailable, _ = summarize_scenario(scenario5_gpt_5_1)\n",
+    "    s5_success, s5_client_errors, s5_server_errors, s5_status_codes, _ = summarize_scenario(scenario5_gpt_5_1)\n",
     "    tests.verify(len(scenario5_gpt_5_1), 35)\n",
     "    tests.verify(\n",
-    "        (s5_throttled + s5_unavailable) > 0,\n",
+    "        (s5_success + s5_client_errors + s5_server_errors) == len(scenario5_gpt_5_1),\n",
     "        True,\n",
-    "        label = 'gpt-5.1 terminal burst exhausted the pool (429/503 observed)',\n",
+    "        label = 'gpt-5.1 terminal burst captured every request',\n",
     "    )\n",
+    "    if (s5_client_errors + s5_server_errors) > 0:\n",
+    "        print_info(\n",
+    "            f'gpt-5.1 terminal burst observed {s5_client_errors} 4xx and {s5_server_errors} 5xx responses: '\n",
+    "            f'{s5_status_codes}'\n",
+    "        )\n",
+    "    else:\n",
+    "        print_info('gpt-5.1 terminal burst was fully absorbed by failover (no 4xx/5xx observed)')\n",
     "finally:\n",
     "    session.close()\n",
     "\n",
-    "print_message('Scenario success / throttled / unavailable summary', blank_above = True)\n",
+    "print_message('Scenario success / 4xx / 5xx summary', blank_above = True)\n",
     "for scenario_name, scenario_results in [\n",
     "    ('1 baseline gpt-5.1', scenario1_gpt_5_1),\n",
     "    ('1 baseline gpt-4.1-mini', scenario1_gpt_4_1_mini),\n",
@@ -408,13 +524,18 @@
     "    ('4 paced gpt-5.1', scenario4_gpt_5_1),\n",
     "    ('5 terminal gpt-5.1', scenario5_gpt_5_1),\n",
     "]:\n",
-    "    n_ok, n_throttled, n_unavailable, served = summarize_scenario(scenario_results)\n",
-    "    print_info(f'Scenario {scenario_name}: {n_ok} ok, {n_throttled} throttled, {n_unavailable} unavailable, backends={served}')\n",
+    "    n_ok, n_client_errors, n_server_errors, status_code_counts, served_backend_urls = summarize_scenario(scenario_results)\n",
+    "    print_info(\n",
+    "        f'Scenario {scenario_name}: {n_ok} ok, {n_client_errors} 4xx, {n_server_errors} 5xx; '\n",
+    "        f'statuses: {status_code_counts}'\n",
+    "    )\n",
+    "    print_info(f'Observed X-Backend-Retry values: {summarize_backend_retries(scenario_results)}')\n",
+    "    print_info(f'Observed X-Backend-URL values: {served_backend_urls}')\n",
     "\n",
     "tests.print_summary()\n",
     "if tests.tests_failed:\n",
     "    raise SystemExit(1)\n",
-    "print_ok('All inference failover scenarios completed')\n"
+    "print_ok('All inference failover scenarios completed')"
    ]
   },
   {
@@ -422,28 +543,37 @@
    "id": "681f2fab",
    "metadata": {},
    "source": [
-    "## 📊 Scenario Charts\n",
+    "## 📊 Analyze Inference Failover Results\n",
+    "\n",
+    "Plot the per-run response time for each scenario in the same style as the load-balancing sample. Bars are colored by the backend that served the request, derived from the infrastructure-level `X-Backend-URL` response header. Each chart title identifies the APIM source region selected during deployment, and each legend entry identifies the destination priority tier, capacity profile, and region.\n",
+    "\n",
+    "#### Why `X-Backend-URL` is the routing indicator\n",
+    "\n",
+    "The infrastructure's global APIM policy returns the final resolved request URL after the backend pool selects a member. The inference harness stores that full URL on every result and derives the chart label from its deployment path marker. This keeps the chart evidence tied to the actual Azure OpenAI destination rather than a separately maintained backend label.\n",
+    "\n",
+    "#### Why the baseline bars should use one backend\n",
     "\n",
-    "Plot the per-run response time for each scenario. Bars are colored by the backend that served the request, derived from the `X-Backend-Id` response header that the inference policy emits.\n",
+    "The baseline is a control, not a distribution test. Before pressure is applied, APIM should keep selecting the healthy priority-1 backend for all three gpt-5.1 requests and all six gpt-4.1-mini requests. That repetition confirms each preferred route is stable, warms the connection and model path, and establishes a latency reference. Compare scenarios 2 through 5 against that control to see when pressure or recovery moves traffic into lower-priority tiers.\n",
     "\n",
-    "**Reading the charts**\n",
+    "#### Reading the charts\n",
     "\n",
-    "- **Backend index 0** is the priority-1 backend; higher indices are lower-priority failover tiers in pool order.\n",
-    "- A run colored red is a non-`200` response (`429` throttle or terminal `503`) and shows pressure that the pool could not absorb.\n",
+    "- Each chart title shows the APIM source region. Use it with the legend's destination regions to correlate source, destination, and latency.\n",
+    "- Each successful bar's legend label names its priority tier, simulated capacity profile (`PTU` or `PAYG`), and Azure OpenAI destination region.\n",
+    "- A run colored red is a non-`200` response. The harness records any HTTP `4xx` or `5xx` response and continues the scenario so the full pressure window remains visible.\n",
     "- The first request in a cold scenario is often slower (TLS warm-up plus first-token latency); the mean line ignores the slowest 5% so it reflects steady-state behaviour.\n",
-    "- As pressure builds you should see the colors walk from index 0 upward as the priority-1 backend trips and traffic fails over to lower tiers.\n",
+    "- As pressure builds, the colors can walk from priority 1 into lower-priority tiers as the preferred backend trips and traffic fails over.\n",
     "\n",
-    "**Backend index legend**\n",
+    "**Backend URL marker legend**\n",
     "\n",
-    "| Index | gpt-5.1 pool | gpt-4.1-mini pool |\n",
-    "| --- | --- | --- |\n",
-    "| 0 | a-gpt-5-1 (P1) | c-gpt-4-1-mini (P1) |\n",
-    "| 1 | b-gpt-5-1 (P2) | d-gpt-4-1-mini (P2) |\n",
-    "| 2 | d-gpt-5-1 (P3) | f-gpt-4-1-mini (P3) |\n",
-    "| 3 | e-gpt-5-1 (P4) | h-gpt-4-1-mini (P4) |\n",
-    "| 4 | g-gpt-5-1 (P4) | - |\n",
+    "| gpt-5.1 chart label                              | gpt-5.1 pool URL marker                  | gpt-4.1-mini chart label                   | gpt-4.1-mini pool URL marker                  |\n",
+    "| ------------------------------------------------ | ---------------------------------------- | ------------------------------------------ | --------------------------------------------- |\n",
+    "| `Priority 1: PTU (East US 2)`                    | `/openai/deployments/a-gpt-5-1`          | `Priority 1: PTU (East US 2)`              | `/openai/deployments/c-gpt-4-1-mini`          |\n",
+    "| `Priority 2: PTU (West US 3)`                    | `/openai/deployments/d-gpt-5-1`          | `Priority 2: PTU (West US 3)`              | `/openai/deployments/f-gpt-4-1-mini`          |\n",
+    "| `Priority 3: PAYG (East US 2)`                   | `/openai/deployments/b-gpt-5-1`          | `Priority 3: PAYG (East US 2)`             | `/openai/deployments/d-gpt-4-1-mini`          |\n",
+    "| `Priority 4: PAYG (West US 3, weight 50)`        | `/openai/deployments/e-gpt-5-1`          | `Priority 4: PAYG (South Central US)`       | `/openai/deployments/h-gpt-4-1-mini`          |\n",
+    "| `Priority 4: PAYG (South Central US, weight 50)` | `/openai/deployments/g-gpt-5-1`          | -                                          | -                                             |\n",
     "\n",
-    "> If every bar is the same color and labeled index 99, the gateway did not rewrite the request URL to the resolved pool member (the `X-Backend-Id` header returned `unknown`). The scenarios and the server-side distribution below remain valid; only the per-run backend coloring is unavailable.\n"
+    "> If a successful bar uses a fallback `Backend index 99` legend entry, inspect its captured `X-Backend-URL` value. The resolved URL did not contain one of the expected deployment markers, so the per-run backend labeling needs to be updated for the deployed topology.\n"
    ]
   },
   {
@@ -453,36 +583,188 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "import importlib\n",
+    "\n",
+    "from IPython.display import Markdown, display\n",
+    "\n",
+    "# APIM Samples imports\n",
     "import charts\n",
     "from console import print_error\n",
     "\n",
+    "charts = importlib.reload(charts)\n",
+    "\n",
     "if 'scenario5_gpt_5_1' not in locals():\n",
     "    print_error('Please run the scenario cell first')\n",
     "    raise SystemExit(1)\n",
     "\n",
-    "scenario_charts = [\n",
-    "    (scenario1_gpt_5_1, 'Scenario 1 - Baseline warm path (gpt-5.1)',\n",
-    "     'Small requests on a fresh pool stay on the priority-1 backend (index 0).'),\n",
-    "    (scenario1_gpt_4_1_mini, 'Scenario 1 - Baseline warm path (gpt-4.1-mini)',\n",
-    "     'Small requests on a fresh pool stay on the priority-1 backend (index 0).'),\n",
-    "    (scenario2_gpt_5_1, 'Scenario 2 - Sustained pressure (gpt-5.1, no spacing)',\n",
-    "     'Low-TPM exhaustion forces throttling and failover across tiers; red bars are non-200 responses.'),\n",
-    "    (scenario3_gpt_4_1_mini, 'Scenario 3 - Sustained pressure (gpt-4.1-mini, no spacing)',\n",
-    "     'The gpt-4.1-mini pool exhausts independently of gpt-5.1.'),\n",
-    "    (scenario4_gpt_5_1, 'Scenario 4 - Paced recovery (gpt-5.1, 1.5s spacing)',\n",
-    "     'Inter-request spacing lets circuit breakers recover, lifting the success rate versus scenario 2.'),\n",
-    "    (scenario5_gpt_5_1, 'Scenario 5 - Terminal exhaustion (gpt-5.1, hard burst)',\n",
-    "     'A hard burst drains every tier; terminal 503s appear once all backends are tripped.'),\n",
-    "]\n",
     "\n",
-    "for scenario_results, chart_title, chart_note in scenario_charts:\n",
-    "    charts.BarChart(\n",
-    "        api_results = scenario_results,\n",
-    "        title = chart_title,\n",
-    "        x_label = 'Run #',\n",
-    "        y_label = 'Response Time (ms)',\n",
-    "        fig_text = chart_note,\n",
-    "    ).plot()\n"
+    "def format_request_count(count: int) -> str:\n",
+    "    \"\"\"Return a request count with the grammatically correct noun.\"\"\"\n",
+    "    noun = 'request' if count == 1 else 'requests'\n",
+    "    return f'{count} {noun}'\n",
+    "\n",
+    "\n",
+    "def format_backend_url_counts(api_results):\n",
+    "    \"\"\"Return a compact distribution summary from captured `X-Backend-URL` values.\"\"\"\n",
+    "    backend_url_counts = {}\n",
+    "    for result in api_results:\n",
+    "        backend_url = result['backend_url']\n",
+    "        backend_url_counts[backend_url] = backend_url_counts.get(backend_url, 0) + 1\n",
+    "    return '\\n'.join(f'- {backend_url}: {format_request_count(count)}' for backend_url, count in sorted(backend_url_counts.items()))\n",
+    "\n",
+    "\n",
+    "def display_scenario_context(title: str, explanation: str) -> None:\n",
+    "    \"\"\"Render a short explanation immediately before scenario charts.\"\"\"\n",
+    "    display(Markdown(f'#### {title}\\n\\n{explanation}'))\n",
+    "\n",
+    "\n",
+    "apim_source_region = rg_location.name.replace('_', ' ').title().replace(' Us', ' US').replace(' Uk', ' UK')\n",
+    "gpt_5_1_backend_labels = {\n",
+    "    0: 'Priority 1 / Weight 100: PTU (East US 2)',\n",
+    "    1: 'Priority 2 / Weight 100: PTU (West US 3)',\n",
+    "    2: 'Priority 3 / Weight 100: PAYG (East US 2)',\n",
+    "    3: 'Priority 4 / Weight 50: PAYG (West US 3)',\n",
+    "    4: 'Priority 4 / Weight 50: PAYG (South Central US)',\n",
+    "}\n",
+    "gpt_4_1_mini_backend_labels = {\n",
+    "    0: 'Priority 1 / Weight 100: PTU (East US 2)',\n",
+    "    1: 'Priority 2 / Weight 100: PTU (West US 3)',\n",
+    "    2: 'Priority 3 / Weight 100: PAYG (East US 2)',\n",
+    "    3: 'Priority 4 / Weight 100: PAYG (South Central US)',\n",
+    "}\n",
+    "\n",
+    "\n",
+    "display_scenario_context(\n",
+    "    'Baseline Warm Path',\n",
+    "    (\n",
+    "        'These control graphs show end-to-end response time and the resolved backend for small requests before deliberate pressure begins. '\n",
+    "        'They confirm that each independent pool starts from a healthy priority-1 route and provide a latency baseline for comparison.'\n",
+    "    ),\n",
+    ")\n",
+    "\n",
+    "# 1a) Baseline warm path - gpt-5.1\n",
+    "charts.BarChart(\n",
+    "    api_results = scenario1_gpt_5_1,\n",
+    "    title = f'Baseline Warm Path (gpt-5.1) - APIM source: {apim_source_region}',\n",
+    "    x_label = 'Run #',\n",
+    "    y_label = 'Response Time (ms)',\n",
+    "    fig_text = (\n",
+    "        f'The chart shows a total of {len(scenario1_gpt_5_1)} small requests against the gpt-5.1 backend pool.\\n'\n",
+    "        'A fresh pool should start on its priority-1 in-region backend.\\n'\n",
+    "        f'Observed X-Backend-URL values:\\n{format_backend_url_counts(scenario1_gpt_5_1)}\\n'\n",
+    "        'The average response time is calculated excluding statistical outliers above the 95th percentile '\n",
+    "        '(the first request usually takes longer).'\n",
+    "    ),\n",
+    "    backend_labels = gpt_5_1_backend_labels,\n",
+    ").plot()\n",
+    "\n",
+    "# 1b) Baseline warm path - gpt-4.1-mini\n",
+    "charts.BarChart(\n",
+    "    api_results = scenario1_gpt_4_1_mini,\n",
+    "    title = f'Baseline Warm Path (gpt-4.1-mini) - APIM source: {apim_source_region}',\n",
+    "    x_label = 'Run #',\n",
+    "    y_label = 'Response Time (ms)',\n",
+    "    fig_text = (\n",
+    "        f'The chart shows a total of {len(scenario1_gpt_4_1_mini)} small requests against the gpt-4.1-mini backend pool.\\n'\n",
+    "        'A fresh pool should start on its priority-1 in-region backend.\\n'\n",
+    "        f'Observed X-Backend-URL values:\\n{format_backend_url_counts(scenario1_gpt_4_1_mini)}\\n'\n",
+    "        'The average response time is calculated excluding statistical outliers above the 95th percentile '\n",
+    "        '(the first request usually takes longer).'\n",
+    "    ),\n",
+    "    backend_labels = gpt_4_1_mini_backend_labels,\n",
+    ").plot()\n",
+    "\n",
+    "display_scenario_context(\n",
+    "    'Sustained Pressure: gpt-5.1',\n",
+    "    (\n",
+    "        'This graph shows how the gpt-5.1 pool behaves when larger requests arrive without spacing. '\n",
+    "        'Reveals whether circuit breakers redistribute traffic through the priority tiers and whether the weighted terminal tier absorbs the burst.'\n",
+    "    ),\n",
+    ")\n",
+    "\n",
+    "# 2) Sustained pressure - gpt-5.1\n",
+    "charts.BarChart(\n",
+    "    api_results = scenario2_gpt_5_1,\n",
+    "    title = f'Sustained Pressure (gpt-5.1) - APIM source: {apim_source_region}',\n",
+    "    x_label = 'Run #',\n",
+    "    y_label = 'Response Time (ms)',\n",
+    "    fig_text = (\n",
+    "        f'The chart shows a total of {len(scenario2_gpt_5_1)} requests with no spacing against the gpt-5.1 backend pool.\\n'\n",
+    "        'Low-capacity deployments can trip under pressure, moving traffic through the priority tiers and into the equally-weighted terminal tier.\\n'\n",
+    "        f'Observed X-Backend-URL values:\\n{format_backend_url_counts(scenario2_gpt_5_1)}\\n'\n",
+    "        'The average response time is calculated excluding statistical outliers above the 95th percentile.'\n",
+    "    ),\n",
+    "    backend_labels = gpt_5_1_backend_labels,\n",
+    ").plot()\n",
+    "\n",
+    "display_scenario_context(\n",
+    "    'Sustained Pressure: gpt-4.1-mini',\n",
+    "    (\n",
+    "        'This graph applies the same unpaced load to the independent gpt-4.1-mini pool. '\n",
+    "        'It confirms that failover remains model-safe: pressure on this route can only move traffic among compatible gpt-4.1-mini deployments.'\n",
+    "    ),\n",
+    ")\n",
+    "\n",
+    "# 3) Sustained pressure - gpt-4.1-mini\n",
+    "charts.BarChart(\n",
+    "    api_results = scenario3_gpt_4_1_mini,\n",
+    "    title = f'Sustained Pressure (gpt-4.1-mini) - APIM source: {apim_source_region}',\n",
+    "    x_label = 'Run #',\n",
+    "    y_label = 'Response Time (ms)',\n",
+    "    fig_text = (\n",
+    "        f'The chart shows a total of {len(scenario3_gpt_4_1_mini)} requests with no spacing against the independent gpt-4.1-mini pool.\\n'\n",
+    "        'The model-specific pool keeps fallback on compatible deployments while priority tiers respond to pressure.\\n'\n",
+    "        f'Observed X-Backend-URL values:\\n{format_backend_url_counts(scenario3_gpt_4_1_mini)}\\n'\n",
+    "        'The average response time is calculated excluding statistical outliers above the 95th percentile.'\n",
+    "    ),\n",
+    "    backend_labels = gpt_4_1_mini_backend_labels,\n",
+    ").plot()\n",
+    "\n",
+    "display_scenario_context(\n",
+    "    'Paced Recovery',\n",
+    "    (\n",
+    "        'This graph repeats the gpt-5.1 pressure workload with a short pause between requests. '\n",
+    "        'Comparing it with sustained pressure shows whether circuit-breaker recovery improves availability and returns traffic to preferred tiers.'\n",
+    "    ),\n",
+    ")\n",
+    "\n",
+    "# 4) Paced recovery - gpt-5.1\n",
+    "charts.BarChart(\n",
+    "    api_results = scenario4_gpt_5_1,\n",
+    "    title = f'Paced Recovery (gpt-5.1, 1.5s sleep) - APIM source: {apim_source_region}',\n",
+    "    x_label = 'Run #',\n",
+    "    y_label = 'Response Time (ms)',\n",
+    "    fig_text = (\n",
+    "        f'The chart shows a total of {len(scenario4_gpt_5_1)} requests with a 1.5-second sleep after each request.\\n'\n",
+    "        'Inter-request spacing gives tripped backends time to recover while the same priority and weighted pool continues serving traffic.\\n'\n",
+    "        f'Observed X-Backend-URL values:\\n{format_backend_url_counts(scenario4_gpt_5_1)}\\n'\n",
+    "        'The average response time is calculated excluding statistical outliers above the 95th percentile.'\n",
+    "    ),\n",
+    "    backend_labels = gpt_5_1_backend_labels,\n",
+    ").plot()\n",
+    "\n",
+    "display_scenario_context(\n",
+    "    'Terminal Exhaustion',\n",
+    "    (\n",
+    "        'This graph probes the deepest fallback behavior with a hard gpt-5.1 burst. '\n",
+    "        'Demonstrates whether the complete pool absorbs the load and, when capacity is exhausted, whether callers receive a clean terminal response.'\n",
+    "    ),\n",
+    ")\n",
+    "\n",
+    "# 5) Terminal exhaustion - gpt-5.1\n",
+    "charts.BarChart(\n",
+    "    api_results = scenario5_gpt_5_1,\n",
+    "    title = f'Terminal Exhaustion (gpt-5.1, hard burst) - APIM source: {apim_source_region}',\n",
+    "    x_label = 'Run #',\n",
+    "    y_label = 'Response Time (ms)',\n",
+    "    fig_text = (\n",
+    "        f'The chart shows a total of {len(scenario5_gpt_5_1)} hard-burst requests against the gpt-5.1 backend pool.\\n'\n",
+    "        'A deep pool may absorb the burst; if all eligible tiers drain, red bars show terminal non-200 responses.\\n'\n",
+    "        f'Observed X-Backend-URL values:\\n{format_backend_url_counts(scenario5_gpt_5_1)}\\n'\n",
+    "        'The average response time is calculated excluding statistical outliers above the 95th percentile.'\n",
+    "    ),\n",
+    "    backend_labels = gpt_5_1_backend_labels,\n",
+    ").plot()"
    ]
   },
   {
@@ -512,8 +794,8 @@
     "\n",
     "api_ids_binding = \"let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);\\n\"\n",
     "time_binding = 'let timeWindow = 30m;\\n'\n",
-    "verify_path = utils.determine_policy_path('verify-llm-ingestion.kql', sample_folder)\n",
-    "verify_template = Path(verify_path).read_text(encoding='utf-8')\n",
+    "queries_path = Path(utils.determine_policy_path('queries', sample_folder))\n",
+    "verify_template = (queries_path / 'verify-llm-ingestion.kql').read_text(encoding='utf-8')\n",
     "verification_query = time_binding + api_ids_binding + verify_template\n",
     "telemetry_found, telemetry_result, telemetry_rows = nb_helper.wait_for_kql(\n",
     "    log_analytics_id,\n",
@@ -553,13 +835,15 @@
     "\n",
     "import matplotlib.pyplot as plt\n",
     "import pandas as pd\n",
+    "from IPython.display import Markdown as IPythonMarkdown\n",
+    "from IPython.display import display as ipython_display\n",
     "\n",
+    "# APIM Samples imports\n",
     "from console import print_info, print_warning\n",
     "\n",
-    "distribution_path = utils.determine_policy_path('backend-distribution.kql', sample_folder)\n",
-    "token_path = utils.determine_policy_path('token-throughput.kql', sample_folder)\n",
-    "distribution_template = Path(distribution_path).read_text(encoding='utf-8')\n",
-    "token_template = Path(token_path).read_text(encoding='utf-8')\n",
+    "queries_path = Path(utils.determine_policy_path('queries', sample_folder))\n",
+    "distribution_template = (queries_path / 'backend-distribution.kql').read_text(encoding='utf-8')\n",
+    "token_template = (queries_path / 'token-throughput.kql').read_text(encoding='utf-8')\n",
     "bindings = \"let timeWindow = 1h;\\nlet apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);\\n\"\n",
     "distribution_found, _, distribution_rows = nb_helper.wait_for_kql(\n",
     "    log_analytics_id,\n",
@@ -575,6 +859,12 @@
     ")\n",
     "\n",
     "if distribution_found:\n",
+    "    ipython_display(IPythonMarkdown(\n",
+    "        '#### Gateway-Recorded Backend Distribution\\n\\n'\n",
+    "        'This table and graph summarize which regional backend handled each gateway request. '\n",
+    "        'The distribution shows how traffic moved across model-safe pool members as pressure and recovery scenarios '\n",
+    "        'exercised the failover tiers.'\n",
+    "    ))\n",
     "    distribution_frame = pd.DataFrame(\n",
     "        distribution_rows,\n",
     "        columns=['API', 'Backend', 'Requests', 'Successes', 'Throttled', 'Failures', 'AverageBackendMs', 'SuccessRate'],\n",
@@ -593,6 +883,12 @@
     "    print_warning('No gateway distribution rows returned yet')\n",
     "\n",
     "if tokens_found:\n",
+    "    ipython_display(IPythonMarkdown(\n",
+    "        '#### LLM Token Volume\\n\\n'\n",
+    "        'This table and graph summarize total Azure OpenAI tokens observed for each inference API. '\n",
+    "        'Token volume helps connect the routing exercise to model consumption and confirms that LLM diagnostics '\n",
+    "        'captured successful inference traffic.'\n",
+    "    ))\n",
     "    token_frame = pd.DataFrame(\n",
     "        token_rows,\n",
     "        columns=['API', 'Backend', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens'],\n",
@@ -612,6 +908,302 @@
     "    print_info('No token rows returned yet; successful inference rows may still be ingesting')"
    ]
   },
+  {
+   "cell_type": "markdown",
+   "id": "af0bc330",
+   "metadata": {},
+   "source": [
+    "## Generate Local HTML Report\n",
+    "\n",
+    "Create a self-contained local HTML report with test totals, scenario outcomes, response-time graphs, telemetry tables, and telemetry graphs. The closing cell prints a link to the generated file."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "89ad9314",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from collections import Counter\n",
+    "from pathlib import Path\n",
+    "import importlib\n",
+    "import tempfile\n",
+    "\n",
+    "import matplotlib.pyplot as plt\n",
+    "\n",
+    "# APIM Samples imports\n",
+    "import charts\n",
+    "import htmlreport\n",
+    "from console import print_ok, print_warning\n",
+    "\n",
+    "importlib.reload(htmlreport)\n",
+    "\n",
+    "if 'gpt_5_1_backend_labels' not in locals():\n",
+    "    print_warning('Please run the scenario chart cell first')\n",
+    "    raise SystemExit(1)\n",
+    "\n",
+    "\n",
+    "def get_priority_and_weight(backend_index: int, backend_labels: dict[int, str]) -> tuple[int, int]:\n",
+    "    \"\"\"Return the routing priority and weight encoded in a backend legend label.\"\"\"\n",
+    "    route_label = backend_labels[backend_index].split(':', maxsplit=1)[0]\n",
+    "    priority_label, weight_label = route_label.split(' / ', maxsplit=1)\n",
+    "    return int(priority_label.removeprefix('Priority ')), int(weight_label.removeprefix('Weight '))\n",
+    "\n",
+    "\n",
+    "def summarize_scenario(title: str, api_results: list[dict], backend_url_index: dict[str, int], backend_labels: dict[int, str]) -> list[object]:\n",
+    "    \"\"\"Return one compact report row with routing statistics and interpretation.\"\"\"\n",
+    "    total_requests = len(api_results)\n",
+    "    if not total_requests:\n",
+    "        return ['', title, 0, 0, 0, 'None', 'No requests', 'No scenario requests were captured.']\n",
+    "\n",
+    "    status_counts = Counter(result['status_code'] for result in api_results)\n",
+    "    retry_counts = Counter(result['backend_retry'] for result in api_results)\n",
+    "    backend_indexes = [get_backend_index(result['backend_url'], backend_url_index) for result in api_results]\n",
+    "    priority_weight_counts = Counter(get_priority_and_weight(index, backend_labels) for index in backend_indexes if index in backend_labels)\n",
+    "    priority_counts = Counter()\n",
+    "    weights_by_priority: dict[int, list[str]] = {}\n",
+    "    for (priority, weight), count in sorted(priority_weight_counts.items()):\n",
+    "        priority_counts[priority] += count\n",
+    "        weights_by_priority.setdefault(priority, []).append(f'W{weight}: {count} ({count / total_requests:.1%})')\n",
+    "    routed_requests = sum(priority_counts.values())\n",
+    "    unresolved_requests = total_requests - routed_requests\n",
+    "    routed_beyond_primary = sum(count for priority, count in priority_counts.items() if priority > 1)\n",
+    "    non_200_responses = total_requests - status_counts.get(200, 0)\n",
+    "    caller_succeeded = not non_200_responses\n",
+    "    retried_requests = sum(count for retry_count, count in retry_counts.items() if retry_count > 0)\n",
+    "    backend_retries_absorbed = sum(retry_count * count for retry_count, count in retry_counts.items())\n",
+    "    caller_visible_failures = non_200_responses\n",
+    "    observed_backend_failures = backend_retries_absorbed + caller_visible_failures\n",
+    "    terminal_503_responses = status_counts.get(503, 0)\n",
+    "    priority_mix = '\\n'.join(f'P{priority}: {\", \".join(weight_mix)}' for priority, weight_mix in sorted(weights_by_priority.items()))\n",
+    "    retry_mix = '\\n'.join(\n",
+    "        f'{retry_count}: {count} ({count / total_requests:.1%})'\n",
+    "        for retry_count, count in sorted(retry_counts.items())\n",
+    "        if retry_count > 0\n",
+    "    ) or 'None'\n",
+    "    if unresolved_requests:\n",
+    "        unresolved_mix = f'No resolved backend: {unresolved_requests} ({unresolved_requests / total_requests:.1%})'\n",
+    "        priority_mix = f'{priority_mix}\\n{unresolved_mix}' if priority_mix else unresolved_mix\n",
+    "\n",
+    "    observations = []\n",
+    "    if non_200_responses:\n",
+    "        observations.append(f'{non_200_responses}/{total_requests} ({non_200_responses / total_requests:.1%}) caller-visible non-200 responses')\n",
+    "    else:\n",
+    "        observations.append('All requests returned HTTP 200')\n",
+    "    if backend_retries_absorbed:\n",
+    "        observations.append(f'{retried_requests}/{total_requests} returned after a retry')\n",
+    "    else:\n",
+    "        observations.append('all responses returned without a backend retry')\n",
+    "    if routed_beyond_primary:\n",
+    "        observations.append(f'{routed_beyond_primary}/{total_requests} ({routed_beyond_primary / total_requests:.1%}) routed beyond P1')\n",
+    "    else:\n",
+    "        observations.append('no failover beyond P1 observed')\n",
+    "    if priority_counts:\n",
+    "        observations.append(f'Deepest routed tier: P{max(priority_counts)}')\n",
+    "    if unresolved_requests:\n",
+    "        observations.append(f'{unresolved_requests} calls returned no resolved backend, consistent with exhausted or rejected routing')\n",
+    "    observations.append(f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers')\n",
+    "    if observed_backend_failures:\n",
+    "        shielded_percentage = backend_retries_absorbed / observed_backend_failures * 100\n",
+    "        observations.append(f'APIM prevented {shielded_percentage:.1f}% of observed failed backend attempts from reaching callers')\n",
+    "    else:\n",
+    "        observations.append('APIM shielding percentage is not applicable because no backend failures occurred')\n",
+    "    if terminal_503_responses:\n",
+    "        observations.append(f'{terminal_503_responses} caller-visible HTTP 503 responses followed eligible-capacity exhaustion in the low-TPM pool')\n",
+    "    elif caller_visible_failures:\n",
+    "        observations.append('caller-visible failures remained because the model-safe pool exhausted its configured fallback chain')\n",
+    "\n",
+    "    priority_tokens = tuple(f'P{priority}' for priority in sorted(priority_counts))\n",
+    "    observation_items = tuple(f'{item.strip()}' for item in '; '.join(observations).split(';'))\n",
+    "    return [\n",
+    "        htmlreport.HtmlSuccess('All requests returned HTTP 200') if caller_succeeded else '',\n",
+    "        title,\n",
+    "        total_requests,\n",
+    "        status_counts.get(200, 0),\n",
+    "        non_200_responses,\n",
+    "        htmlreport.HtmlText(retry_mix, preserve_line_breaks=True),\n",
+    "        htmlreport.HtmlText(priority_mix, bold_tokens=priority_tokens, preserve_line_breaks=True),\n",
+    "        htmlreport.HtmlList(observation_items),\n",
+    "    ]\n",
+    "\n",
+    "\n",
+    "def add_scenario_figure(report: htmlreport.HtmlReport, title: str, description: str, api_results: list[dict], backend_labels: dict[int, str]) -> None:\n",
+    "    \"\"\"Render and embed one scenario response-time chart.\"\"\"\n",
+    "    figure = charts.BarChart(\n",
+    "        api_results=api_results,\n",
+    "        title=f'{title} - APIM source: {apim_source_region}',\n",
+    "        x_label='Run #',\n",
+    "        y_label='Response Time (ms)',\n",
+    "        fig_text=description,\n",
+    "        backend_labels=backend_labels,\n",
+    "    ).render()\n",
+    "    report.add_figure(title, figure, description)\n",
+    "    plt.close(figure)\n",
+    "\n",
+    "\n",
+    "portal_base = f'https://portal.azure.com/#@{tenant_id}/resource'\n",
+    "apim_id = f'/subscriptions/{subscription_id}/resourceGroups/{rg_name}/providers/Microsoft.ApiManagement/service/{apim_name}'\n",
+    "report = htmlreport.HtmlReport(\n",
+    "    'Inference Failover Run Report',\n",
+    "    f'APIM source region: {apim_source_region} | Deployment: {nb_helper.deployment.name} | Resource group: {rg_name}',\n",
+    ")\n",
+    "success_rate = (tests.tests_passed / tests.total_tests * 100) if tests.total_tests else 0\n",
+    "report.add_metrics(\n",
+    "    'Scenario Test Summary',\n",
+    "    {\n",
+    "        'Result': 'Passed' if not tests.tests_failed and tests.total_tests else 'Needs review',\n",
+    "        'Tests': tests.total_tests,\n",
+    "        'Passed': tests.tests_passed,\n",
+    "        'Failed': tests.tests_failed,\n",
+    "        'Success rate': f'{success_rate:.1f}%',\n",
+    "    },\n",
+    ")\n",
+    "report.add_info_callout(\n",
+    "    'Lab Capacity Is Intentionally Low',\n",
+    "    'Each regional Azure OpenAI deployment is intentionally configured at 1 thousand TPM so concentrated requests trigger observable failover. '\n",
+    "    'This is a learning configuration, not production sizing guidance. With appropriately sized production capacity, caller-visible success rates '\n",
+    "    'should be substantially higher and normally close to perfect.',\n",
+    ")\n",
+    "if tests.errors:\n",
+    "    report.add_table('Assertion Failures', ['Failure'], [[error] for error in tests.errors])\n",
+    "\n",
+    "scenario_groups = [\n",
+    "    (\n",
+    "        'gpt-5.1',\n",
+    "        [\n",
+    "            (\n",
+    "                'Baseline Warm Path',\n",
+    "                'Small control requests against the gpt-5.1 pool before deliberate pressure begins.',\n",
+    "                scenario1_gpt_5_1,\n",
+    "                gpt_5_1_backend_url_index,\n",
+    "                gpt_5_1_backend_labels,\n",
+    "            ),\n",
+    "            (\n",
+    "                'Sustained Pressure',\n",
+    "                'Larger requests without spacing exercise gpt-5.1 failover tiers.',\n",
+    "                scenario2_gpt_5_1,\n",
+    "                gpt_5_1_backend_url_index,\n",
+    "                gpt_5_1_backend_labels,\n",
+    "            ),\n",
+    "            (\n",
+    "                'Paced Recovery',\n",
+    "                'Spaced requests show recovery behavior after sustained pressure.',\n",
+    "                scenario4_gpt_5_1,\n",
+    "                gpt_5_1_backend_url_index,\n",
+    "                gpt_5_1_backend_labels,\n",
+    "            ),\n",
+    "            (\n",
+    "                'Terminal Exhaustion',\n",
+    "                'A hard burst probes deep fallback and terminal responses.',\n",
+    "                scenario5_gpt_5_1,\n",
+    "                gpt_5_1_backend_url_index,\n",
+    "                gpt_5_1_backend_labels,\n",
+    "            ),\n",
+    "        ],\n",
+    "    ),\n",
+    "    (\n",
+    "        'gpt-4.1-mini',\n",
+    "        [\n",
+    "            (\n",
+    "                'Baseline Warm Path',\n",
+    "                'Small control requests against the independent gpt-4.1-mini pool.',\n",
+    "                scenario1_gpt_4_1_mini,\n",
+    "                gpt_4_1_mini_backend_url_index,\n",
+    "                gpt_4_1_mini_backend_labels,\n",
+    "            ),\n",
+    "            (\n",
+    "                'Sustained Pressure',\n",
+    "                'Unpaced load confirms that gpt-4.1-mini fallback remains model-safe.',\n",
+    "                scenario3_gpt_4_1_mini,\n",
+    "                gpt_4_1_mini_backend_url_index,\n",
+    "                gpt_4_1_mini_backend_labels,\n",
+    "            ),\n",
+    "        ],\n",
+    "    ),\n",
+    "]\n",
+    "scenario_definitions = [scenario_definition for _, model_scenarios in scenario_groups for scenario_definition in model_scenarios]\n",
+    "scenario_request_count = sum(len(api_results) for _, _, api_results, _, _ in scenario_definitions)\n",
+    "all_scenario_requests_succeeded = bool(scenario_request_count) and all(\n",
+    "    result['status_code'] == 200\n",
+    "    for _, _, api_results, _, _ in scenario_definitions\n",
+    "    for result in api_results\n",
+    ")\n",
+    "if all_scenario_requests_succeeded:\n",
+    "    report.add_success_callout(\n",
+    "        'All scenario requests returned HTTP 200',\n",
+    "        f'All {scenario_request_count} controlled inference requests completed successfully. '\n",
+    "        'APIM served the full run without a caller-visible error.',\n",
+    "    )\n",
+    "for model_name, model_scenarios in scenario_groups:\n",
+    "    report.add_table(\n",
+    "        htmlreport.HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,)),\n",
+    "        ['', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'],\n",
+    "        [\n",
+    "            summarize_scenario(title, api_results, backend_url_index, backend_labels)\n",
+    "            for title, _, api_results, backend_url_index, backend_labels in model_scenarios\n",
+    "        ],\n",
+    "        (\n",
+    "            'The green checkmark indicates that every request returned HTTP 200 from the caller perspective, including successes after APIM retries. '\n",
+    "            'APIM retries lists only non-zero X-Backend-Retry values absorbed by APIM after the initial backend attempt. '\n",
+    "            'Priority / weight mix aggregates concrete Azure OpenAI destinations into APIM routing tiers and weights. '\n",
+    "            'The interpretation highlights failures APIM absorbed, failover depth, and caller-visible outcomes.'\n",
+    "        ),\n",
+    "        column_widths=['4%', '11%', '7%', '7%', '6%', '12%', '18%', '35%'],\n",
+    "    )\n",
+    "for title, description, api_results, _, backend_labels in scenario_definitions:\n",
+    "    add_scenario_figure(report, title, description, api_results, backend_labels)\n",
+    "\n",
+    "if 'distribution_frame' in locals():\n",
+    "    report.add_table(\n",
+    "        'Gateway-Recorded Backend Distribution',\n",
+    "        distribution_frame.columns.tolist(),\n",
+    "        distribution_frame.values.tolist(),\n",
+    "        'Log Analytics rows summarize the destination selected for each gateway request.',\n",
+    "    )\n",
+    "    distribution_figure, distribution_axis = plt.subplots(figsize=(12, 5))\n",
+    "    distribution_frame.pivot(index='Backend', columns='API', values='Requests').fillna(0).plot(kind='bar', ax=distribution_axis)\n",
+    "    distribution_axis.set_title('Gateway-recorded request distribution by backend')\n",
+    "    distribution_axis.set_xlabel('Backend')\n",
+    "    distribution_axis.set_ylabel('Requests')\n",
+    "    distribution_figure.subplots_adjust(bottom=0.4)\n",
+    "    report.add_figure('Gateway-Recorded Request Distribution', distribution_figure)\n",
+    "    plt.close(distribution_figure)\n",
+    "else:\n",
+    "    print_warning('Gateway distribution telemetry is not available for the HTML report yet')\n",
+    "\n",
+    "if 'token_frame' in locals():\n",
+    "    report.add_table(\n",
+    "        'LLM Token Volume',\n",
+    "        token_frame.columns.tolist(),\n",
+    "        token_frame.values.tolist(),\n",
+    "        'Token totals confirm that LLM diagnostics captured successful inference traffic.',\n",
+    "    )\n",
+    "    token_figure, token_axis = plt.subplots(figsize=(8, 4))\n",
+    "    token_frame.groupby('API')['TotalTokens'].sum().plot(kind='bar', ax=token_axis)\n",
+    "    token_axis.set_title('LLM token volume by inference API')\n",
+    "    token_axis.set_xlabel('Inference API')\n",
+    "    token_axis.set_ylabel('Total tokens')\n",
+    "    token_axis.tick_params(axis='x', rotation=0)\n",
+    "    token_figure.tight_layout()\n",
+    "    report.add_figure('LLM Token Volume By Inference API', token_figure)\n",
+    "    plt.close(token_figure)\n",
+    "else:\n",
+    "    print_warning('Token telemetry is not available for the HTML report yet')\n",
+    "\n",
+    "report.add_links(\n",
+    "    'Azure Views',\n",
+    "    {\n",
+    "        'Workbook': f'{portal_base}{workbook_id}/workbook',\n",
+    "        'Log Analytics': f'{portal_base}{log_analytics_id}/logs',\n",
+    "        'API Management': f'{portal_base}{apim_id}/overview',\n",
+    "    },\n",
+    ")\n",
+    "report_path = report.write(Path(tempfile.gettempdir()) / 'apim-samples-reports' / sample_folder / 'inference-failover-report.html')\n",
+    "report_url = report_path.as_uri()\n",
+    "print_ok(f'Local HTML report ready: {report_url}')"
+   ]
+  },
   {
    "cell_type": "markdown",
    "id": "93057a50",
@@ -629,7 +1221,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "from console import print_ok, print_val\n",
+    "from console import print_ok, print_val, print_warning\n",
     "\n",
     "portal_base = f'https://portal.azure.com/#@{tenant_id}/resource'\n",
     "apim_id = (\n",
@@ -639,6 +1231,12 @@
     "print_val('Workbook', f'{portal_base}{workbook_id}/workbook')\n",
     "print_val('Log Analytics', f'{portal_base}{log_analytics_id}/logs')\n",
     "print_val('API Management', f'{portal_base}{apim_id}/overview')\n",
+    "if enable_event_hub_export:\n",
+    "    print_val('Event Hubs namespace', f'{portal_base}{event_hub_namespace_id}/overview')\n",
+    "if 'report_url' in locals():\n",
+    "    print_val('Local HTML report', report_url)\n",
+    "else:\n",
+    "    print_warning('Run the local HTML report cell to generate a shareable summary')\n",
     "print_ok('All done!')"
    ]
   }
diff --git a/samples/inference-failover/failover-outcomes.kql b/samples/inference-failover/failover-outcomes.kql
deleted file mode 100644
index f064c139..00000000
--- a/samples/inference-failover/failover-outcomes.kql
+++ /dev/null
@@ -1,12 +0,0 @@
-// Reports terminal response outcomes while pressure traffic exercises failover.
-//
-// Parameters (prepend as KQL 'let' bindings before running):
-//   let timeWindow = 1h;
-//   let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
-//
-ApiManagementGatewayLogs
-| where TimeGenerated > ago(timeWindow)
-| where ApiId in~ (apiIds)
-| extend Outcome = case(ResponseCode between (200 .. 299), 'Successful inference', ResponseCode == 503, 'Fallback exhausted', ResponseCode == 429, 'Backend throttled', 'Other')
-| summarize Requests = count(), AverageBackendMs = round(avg(BackendTime), 1) by ApiId, Outcome, ResponseCode
-| order by ApiId asc, Requests desc
diff --git a/samples/inference-failover/inference-api-policy.xml b/samples/inference-failover/inference-api-policy.xml
index 1c2041bc..c6c46e14 100644
--- a/samples/inference-failover/inference-api-policy.xml
+++ b/samples/inference-failover/inference-api-policy.xml
@@ -8,6 +8,7 @@
 <policies>
     <inbound>
         <base />
+        <set-variable name="backendAttempt" value="@(0)" />
         <set-backend-service backend-id="BACKEND_POOL_ID" />
         <authentication-managed-identity resource="https://cognitiveservices.azure.com" output-token-variable-name="managed-id-access-token" ignore-error="false" />
         <set-header name="Authorization" exists-action="override">
@@ -19,17 +20,51 @@
         <set-query-parameter name="api-version" exists-action="skip">
             <value>2024-10-21</value>
         </set-query-parameter>
+        <trace source="InferenceFailover" severity="information">
+            <message>@("InferenceRequestAccepted|requestId=" + context.RequestId.ToString())</message>
+            <metadata name="EventName" value="InferenceRequestAccepted" />
+            <metadata name="RequestId" value="@(context.RequestId.ToString())" />
+        </trace>
     </inbound>
     <backend>
         <retry count="RETRY_COUNT" interval="1" first-fast-retry="true" condition="@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503))">
+            <set-variable name="backendAttempt" value='@(((int)context.Variables["backendAttempt"]) + 1)' />
             <forward-request buffer-request-body="true" />
+            <trace source="InferenceFailover" severity="information">
+                <message>@("InferenceBackendAttemptComplete|attempt=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()) + "|willRetry=" + (context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503)).ToString())</message>
+                <metadata name="EventName" value="InferenceBackendAttemptComplete" />
+                <metadata name="RequestId" value="@(context.RequestId.ToString())" />
+                <metadata name="Attempt" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
+                <metadata name="BackendResponseCode" value='@(context.Response == null ? "none" : context.Response.StatusCode.ToString())' />
+                <metadata name="WillRetry" value='@((context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503)).ToString())' />
+            </trace>
         </retry>
     </backend>
     <outbound>
+        <set-header name="X-Backend-Retry" exists-action="override">
+            <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
+        </set-header>
+        <trace source="InferenceFailover" severity="information">
+            <message>@("InferenceGatewayResponse|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()))</message>
+            <metadata name="EventName" value="InferenceGatewayResponse" />
+            <metadata name="RequestId" value="@(context.RequestId.ToString())" />
+            <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
+            <metadata name="BackendResponseCode" value='@(context.Response == null ? "none" : context.Response.StatusCode.ToString())' />
+        </trace>
         <choose>
             <when condition="@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503))">
+                <trace source="InferenceFailover" severity="error">
+                    <message>@("InferenceFallbackExhausted|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + context.Response.StatusCode.ToString())</message>
+                    <metadata name="EventName" value="InferenceFallbackExhausted" />
+                    <metadata name="RequestId" value="@(context.RequestId.ToString())" />
+                    <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
+                    <metadata name="BackendResponseCode" value="@(context.Response.StatusCode.ToString())" />
+                </trace>
                 <return-response>
                     <set-status code="503" reason="Inference Service Unavailable" />
+                    <set-header name="X-Backend-Retry" exists-action="override">
+                        <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
+                    </set-header>
                     <set-header name="Content-Type" exists-action="override">
                         <value>application/json</value>
                     </set-header>
@@ -40,6 +75,9 @@
         <base />
     </outbound>
     <on-error>
+        <set-header name="X-Backend-Retry" exists-action="override">
+            <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
+        </set-header>
         <base />
     </on-error>
 </policies>
diff --git a/samples/inference-failover/inference-failover.workbook.json b/samples/inference-failover/inference-failover.workbook.json
index 7c4f38b7..a0128916 100644
--- a/samples/inference-failover/inference-failover.workbook.json
+++ b/samples/inference-failover/inference-failover.workbook.json
@@ -41,6 +41,14 @@
             "type": 1,
             "value": "overview",
             "version": "KqlParameterItem/1.0"
+          },
+          {
+            "id": "f0a1b2c3-d4e5-6789-abcd-filter00000001",
+            "label": "Correlation ID Filter",
+            "name": "CorrelationFilter",
+            "type": 1,
+            "value": "",
+            "version": "KqlParameterItem/1.0"
           }
         ],
         "queryType": 0,
@@ -81,6 +89,24 @@
             "style": "link",
             "subTarget": "distribution"
           },
+          {
+            "cellValue": "selectedTab",
+            "id": "f0a1b2c3-d4e5-6789-abcd-tab000000014",
+            "linkTarget": "parameter",
+            "linkLabel": "Failover Trails",
+            "preText": "",
+            "style": "link",
+            "subTarget": "trails"
+          },
+          {
+            "cellValue": "selectedTab",
+            "id": "f0a1b2c3-d4e5-6789-abcd-tab000000015",
+            "linkTarget": "parameter",
+            "linkLabel": "Failures & Errors",
+            "preText": "",
+            "style": "link",
+            "subTarget": "failures"
+          },
           {
             "cellValue": "selectedTab",
             "id": "f0a1b2c3-d4e5-6789-abcd-tab000000013",
@@ -89,6 +115,15 @@
             "preText": "",
             "style": "link",
             "subTarget": "tokens"
+          },
+          {
+            "cellValue": "selectedTab",
+            "id": "f0a1b2c3-d4e5-6789-abcd-tab000000016",
+            "linkTarget": "parameter",
+            "linkLabel": "Request Explorer",
+            "preText": "",
+            "style": "link",
+            "subTarget": "requests"
           }
         ],
         "style": "tabs",
@@ -108,7 +143,7 @@
         "items": [
           {
             "content": {
-              "json": "# Inference Failover Telemetry\n\nThis workbook observes Azure OpenAI inference requests routed through APIM backend pools. All model deployments are regional `Standard` pay-as-you-go deployments with deliberately small capacity. The `PTU` labels describe the preference tiers simulated by the policy; they do not represent provisioned throughput billing or capacity.\n\nThe workbook is intentionally limited to AI traffic: terminal response outcomes, concrete backend distribution when recorded by gateway logs, latency, and LLM token consumption. A `503` terminal response means the fallback chain was exhausted; it does not reveal backend placement details to callers.\n\n**Pick a Time Range** at the top - it applies to every tab. Then open the tab that matches your question."
+              "json": "# Inference Failover Telemetry\n\nThis workbook observes Azure OpenAI inference requests routed through APIM backend pools. All model deployments are regional `Standard` pay-as-you-go deployments with deliberately small capacity. The `PTU` labels describe the preference tiers simulated by the policy; they do not represent provisioned throughput billing or capacity.\n\nEvery APIM call is represented by one `ApiManagementGatewayLogs` row. The workbook separates the status returned to the caller (`ResponseCode`) from the final backend status (`BackendResponseCode`), retains native APIM `Errors` and `LastError*` details, and uses `TraceRecords` emitted by the policy to reconstruct retry counts and exhausted fallback chains. Successful calls are correlated with `ApiManagementGatewayLlmLog` for token and message-chunk telemetry.\n\n**Pick a Time Range** at the top - it applies to every tab. Then open the tab that matches your question."
             },
             "name": "text - overview-intro",
             "type": 1
@@ -121,7 +156,7 @@
               "items": [
                 {
                   "content": {
-                    "json": "| Tab | Question it answers |\n|---|---|\n| **Failover Outcomes** | How did terminal responses break down - successful, throttled, or fallback exhausted? |\n| **Backend Distribution** | Which backends served traffic, and how often did each fail over or return `503`? |\n| **Tokens & Latency** | How many tokens were consumed per model, and how did backend latency trend over time? |"
+                    "json": "| Tab | Question it answers |\n|---|---|\n| **Failover Outcomes** | What did APIM return to callers, and what did the final selected backend return? |\n| **Backend Distribution** | Which concrete backend URLs handled the final attempts? |\n| **Failover Trails** | Which calls retried, recovered after failover, or exhausted the chain? |\n| **Failures & Errors** | What backend and APIM pipeline failures occurred, with native diagnostics? |\n| **Tokens & Latency** | Are token/message logs complete, and how did latency trend? |\n| **Request Explorer** | What happened on one correlation ID from gateway ingress through LLM telemetry? |"
                   },
                   "name": "text - overview-tabmap",
                   "type": 1
@@ -142,7 +177,7 @@
               "items": [
                 {
                   "content": {
-                    "json": "- Successful token-bearing calls appear in both gateway logs and `ApiManagementGatewayLlmLog`.\n- Backend `429` or `503` responses can open a circuit for one minute and move later attempts through the preference chain.\n- Requests returning the terminal generic `503` have exhausted eligible fallback capacity and do not carry token usage.\n- Health probes are not model requests; serviceability is demonstrated by real inference traffic in the notebook harness."
+                    "json": "- `ResponseCode` is the APIM status seen by the caller; `BackendResponseCode` is the status from the final backend attempt.\n- `TraceRecords` entries named `InferenceBackendAttemptComplete` record every forwarded attempt and whether APIM considered it retryable.\n- Backend `429` or `503` responses can open a circuit for one minute and move later attempts through the preference chain.\n- Requests carrying `InferenceFallbackExhausted` returned the generic terminal `503` after eligible capacity was exhausted.\n- Successful token-bearing calls appear in both gateway logs and `ApiManagementGatewayLlmLog`; missing token rows are surfaced as a coverage gap.\n- Prompt and completion messages are logged for this learning sample. Treat the workspace as sensitive and adjust message logging before production use."
                   },
                   "name": "text - overview-signal-notes",
                   "type": 1
@@ -172,7 +207,7 @@
         "items": [
           {
             "content": {
-              "json": "## Failover Outcomes\n\nTerminal response outcomes for the inference APIs. A `503` means the fallback chain was exhausted; `429` indicates a throttled backend that may have triggered failover."
+              "json": "## Failover Outcomes\n\nCaller-visible APIM outcomes and final backend outcomes are shown separately. Recovered failovers are successful calls with more than one policy-recorded backend attempt. A terminal `503` with `InferenceFallbackExhausted` in `TraceRecords` means all eligible fallback capacity was exhausted."
             },
             "name": "text - outcomes",
             "type": 1
@@ -180,7 +215,7 @@
           {
             "content": {
               "noDataMessage": "No inference requests found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend Outcome = case(ResponseCode between (200 .. 299), 'Successful inference', ResponseCode == 503, 'Fallback exhausted', ResponseCode == 429, 'Backend throttled', 'Other')\n| summarize Requests = count() by Outcome\n| order by Requests desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend AttemptCount = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend Outcome = case(\n    TraceText has 'InferenceFallbackExhausted', 'Fallback exhausted',\n    ResponseCode between (200 .. 299) and AttemptCount > 1, 'Recovered after failover',\n    ResponseCode between (200 .. 299), 'Successful without failover',\n    ResponseCode == 429, 'Caller received throttling',\n    ResponseCode >= 500, 'Caller received server error',\n    'Other')\n| summarize Requests = count() by Outcome\n| order by Requests desc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -191,6 +226,21 @@
             },
             "name": "query - outcome-summary",
             "type": 3
+          },
+          {
+            "content": {
+              "noDataMessage": "No inference outcomes found for the selected time range.",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| summarize Requests = count(), Failovers = countif(FailoverOccurred), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = round(avg(Attempts), 2), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode\n| order by ApiId asc, Requests desc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "table"
+            },
+            "name": "query - outcome-status-matrix",
+            "type": 3
           }
         ],
         "version": "NotebookGroup/1.0"
@@ -209,7 +259,7 @@
         "items": [
           {
             "content": {
-              "json": "## Backend Distribution\n\nWhich backends served traffic for each API, including how many requests were successful versus unavailable. When gateway logs do not record a backend, the row is labeled `(backend not recorded)`."
+              "json": "## Backend Distribution\n\nFinal backend placement for each APIM request, including concrete `BackendUrl`, APIM caller response, final backend response, and latency. A recovered failover appears here under the backend that ultimately served the request; use **Failover Trails** to inspect every intermediate attempt."
             },
             "name": "text - distribution",
             "type": 1
@@ -217,14 +267,14 @@
           {
             "content": {
               "noDataMessage": "No backend distribution data found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project ApiId, BackendId, ResponseCode\n| extend Backend = iff(isempty(BackendId), '(backend not recorded)', BackendId)\n| summarize Requests = count(), Successful = countif(ResponseCode between (200 .. 299)), Unavailable = countif(ResponseCode == 503) by ApiId, Backend\n| order by ApiId asc, Requests desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), Successful = countif(ResponseCode between (200 .. 299)), CallerUnavailable = countif(ResponseCode == 503), BackendThrottled = countif(BackendResponseCode == 429), BackendUnavailable = countif(BackendResponseCode == 503), AverageBackendMs = round(avg(BackendTime), 1), P95BackendMs = round(percentile(BackendTime, 95), 1) by ApiId, Backend\n| order by ApiId asc, Requests desc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
                 "durationMs": 3600000
               },
               "version": "KqlItem/1.0",
-              "visualization": "barchart"
+              "visualization": "table"
             },
             "name": "query - backend-distribution",
             "type": 3
@@ -235,6 +285,110 @@
       "name": "group - tab-3-distribution",
       "type": 12
     },
+    {
+      "conditionalVisibility": {
+        "comparison": "isEqualTo",
+        "parameterName": "selectedTab",
+        "value": "trails"
+      },
+      "content": {
+        "groupType": "editable",
+        "items": [
+          {
+            "content": {
+              "json": "## Failover Trails\n\nThe policy writes `InferenceBackendAttemptComplete` into `TraceRecords` after every forwarded backend attempt. These views count the records, flag successful requests that recovered after failover, and retain an ordered attempt trail such as `attempt=1|backendResponseCode=429|willRetry=True -> attempt=2|backendResponseCode=200|willRetry=False`."
+            },
+            "name": "text - trails",
+            "type": 1
+          },
+          {
+            "content": {
+              "noDataMessage": "No policy-recorded failover trails found. Redeploy the sample after the trace policy update, generate traffic, and allow Log Analytics ingestion to complete.",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| where Attempts > 1 or FallbackExhausted\n| summarize Requests = count(), Recovered = countif(ResponseCode between (200 .. 299)), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = round(avg(Attempts), 2), MaximumAttempts = max(Attempts), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId\n| order by ApiId asc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "table"
+            },
+            "name": "query - failover-summary",
+            "type": 3
+          },
+          {
+            "content": {
+              "noDataMessage": "No policy-recorded failover trails found for the selected time range.",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend RetriedFailures = countof(TraceText, 'willRetry=True')\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceBackendAttemptComplete\\|attempt=[0-9]+\\|backendResponseCode=(?:[0-9]+|none)\\|willRetry=(?:True|False))', TraceText), ' -> ')\n| where Attempts > 1 or FallbackExhausted\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, Attempts, RetriedFailures, FallbackExhausted, BackendUrl, AttemptTrail\n| order by TimeGenerated desc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "table"
+            },
+            "name": "query - failover-request-trails",
+            "type": 3
+          }
+        ],
+        "version": "NotebookGroup/1.0"
+      },
+      "name": "group - tab-4-trails",
+      "type": 12
+    },
+    {
+      "conditionalVisibility": {
+        "comparison": "isEqualTo",
+        "parameterName": "selectedTab",
+        "value": "failures"
+      },
+      "content": {
+        "groupType": "editable",
+        "items": [
+          {
+            "content": {
+              "json": "## Failures & Errors\n\nInvestigate failures without conflating backend behavior and caller-visible behavior. `BackendResponseCode` is the final backend attempt; `ResponseCode` is what APIM returned. Native `Errors` and `LastError*` fields preserve APIM pipeline failures that are not ordinary backend HTTP responses."
+            },
+            "name": "text - failures",
+            "type": 1
+          },
+          {
+            "content": {
+              "noDataMessage": "No recovered failovers or failures found for the selected time range.",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| extend FailureType = case(\n    FallbackExhausted, 'Fallback exhausted at APIM',\n    ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',\n    BackendResponseCode == 429, 'Final backend throttled',\n    BackendResponseCode >= 500, 'Final backend server error',\n    ResponseCode between (400 .. 499), 'Caller-visible client error',\n    ResponseCode >= 500, 'Caller-visible server error',\n    isnotempty(LastErrorReason), 'APIM pipeline error',\n    'Successful without failover')\n| where FailureType != 'Successful without failover'\n| summarize Requests = count(), AverageAttempts = round(avg(Attempts), 2), MaximumAttempts = max(Attempts), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId, FailureType, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, LastErrorSource, LastErrorReason\n| order by Requests desc, ApiId asc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "table"
+            },
+            "name": "query - failure-taxonomy",
+            "type": 3
+          },
+          {
+            "content": {
+              "noDataMessage": "No raw failure rows found for the selected time range.",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where ResponseCode >= 400 or BackendResponseCode >= 400 or isnotempty(LastErrorReason)\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, BackendUrl, TotalTime, BackendTime, LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "table"
+            },
+            "name": "query - raw-failure-explorer",
+            "type": 3
+          }
+        ],
+        "version": "NotebookGroup/1.0"
+      },
+      "name": "group - tab-5-failures",
+      "type": 12
+    },
     {
       "conditionalVisibility": {
         "comparison": "isEqualTo",
@@ -254,7 +408,7 @@
           {
             "content": {
               "noDataMessage": "No successful token-bearing inference rows found for the selected time range.",
-              "query": "let routes = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, BackendId);\nApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| where TotalTokens > 0 and isnotempty(ModelName)\n| project CorrelationId, ModelName, PromptTokens, CompletionTokens, TotalTokens\n| summarize PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by CorrelationId, ModelName\n| join kind=inner routes on CorrelationId\n| extend Backend = iff(isempty(BackendId), '(backend not recorded)', BackendId)\n| summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, Backend, ModelName\n| order by TotalTokens desc",
+              "query": "let routes = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, BackendId, BackendUrl);\nApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| where TotalTokens > 0 and isnotempty(ModelName)\n| project CorrelationId, ModelName, DeploymentName, PromptTokens, CompletionTokens, TotalTokens\n| summarize DeploymentName = take_any(DeploymentName), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by CorrelationId, ModelName\n| join kind=inner routes on CorrelationId\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, Backend, ModelName, DeploymentName\n| order by TotalTokens desc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -266,10 +420,25 @@
             "name": "query - token-throughput",
             "type": 3
           },
+          {
+            "content": {
+              "noDataMessage": "No APIM inference requests found for the selected time range.",
+              "query": "let gatewayRequests = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, ResponseCode);\nlet llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\ngatewayRequests\n| join kind=leftouter llmPerRequest on CorrelationId\n| extend Coverage = case(ResponseCode !between (200 .. 299), 'Not expected for non-2xx response', coalesce(TotalTokens, 0) > 0, 'Token telemetry recorded', 'Successful request without token telemetry')\n| summarize Requests = count(), TotalTokens = sum(coalesce(TotalTokens, 0)), LlmRows = sum(coalesce(LlmRows, 0)), RequestMessageChunks = sum(coalesce(RequestMessageChunks, 0)), ResponseMessageChunks = sum(coalesce(ResponseMessageChunks, 0)) by ApiId, Coverage\n| order by ApiId asc, Coverage asc",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "table"
+            },
+            "name": "query - llm-telemetry-coverage",
+            "type": 3
+          },
           {
             "content": {
               "noDataMessage": "No latency data found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| summarize AverageBackendMs = round(avg(BackendTime), 1), P95BackendMs = round(percentile(BackendTime, 95), 1), Requests = count() by bin(TimeGenerated, 5m), ApiId\n| order by TimeGenerated asc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| summarize AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1), AverageBackendMs = round(avg(BackendTime), 1), P95BackendMs = round(percentile(BackendTime, 95), 1), Requests = count() by bin(TimeGenerated, 5m), ApiId\n| order by TimeGenerated asc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -286,6 +455,43 @@
       },
       "name": "group - tab-4-tokens",
       "type": 12
+    },
+    {
+      "conditionalVisibility": {
+        "comparison": "isEqualTo",
+        "parameterName": "selectedTab",
+        "value": "requests"
+      },
+      "content": {
+        "groupType": "editable",
+        "items": [
+          {
+            "content": {
+              "json": "## Request Explorer\n\nOne row per APIM inference call, joined by `CorrelationId` to aggregated LLM telemetry. Paste a correlation ID into **Correlation ID Filter** to isolate one request. Prompt and completion bodies remain in `ApiManagementGatewayLlmLog`; this table reports message chunk counts without rendering sensitive body content."
+            },
+            "name": "text - requests",
+            "type": 1
+          },
+          {
+            "content": {
+              "noDataMessage": "No matching inference requests found for the selected time range and correlation filter.",
+              "query": "let llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize ModelName = take_any(ModelName), DeploymentName = take_any(DeploymentName), LlmRequestId = take_any(RequestId), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\nApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where isempty('{CorrelationFilter}') or CorrelationId contains '{CorrelationFilter}'\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend RetriedFailures = countof(TraceText, 'willRetry=True')\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceBackendAttemptComplete\\|attempt=[0-9]+\\|backendResponseCode=(?:[0-9]+|none)\\|willRetry=(?:True|False))', TraceText), ' -> ')\n| join kind=leftouter llmPerRequest on CorrelationId\n| project TimeGenerated, CorrelationId, ApiId, OperationId, ApimSubscriptionId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, BackendId, BackendUrl, TotalTime, BackendTime, Attempts, RetriedFailures, FallbackExhausted, AttemptTrail, ModelName, DeploymentName, LlmRequestId, PromptTokens = coalesce(PromptTokens, 0), CompletionTokens = coalesce(CompletionTokens, 0), TotalTokens = coalesce(TotalTokens, 0), LlmRows = coalesce(LlmRows, 0), RequestMessageChunks = coalesce(RequestMessageChunks, 0), ResponseMessageChunks = coalesce(ResponseMessageChunks, 0), LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc\n| take 200",
+              "queryType": 0,
+              "resourceType": "microsoft.operationalinsights/workspaces",
+              "timeContext": {
+                "durationMs": 3600000
+              },
+              "version": "KqlItem/1.0",
+              "visualization": "table"
+            },
+            "name": "query - request-explorer",
+            "type": 3
+          }
+        ],
+        "version": "NotebookGroup/1.0"
+      },
+      "name": "group - tab-7-requests",
+      "type": 12
     }
   ],
   "version": "Notebook/1.0"
diff --git a/samples/inference-failover/main.bicep b/samples/inference-failover/main.bicep
index 20a1cba2..794ed91f 100644
--- a/samples/inference-failover/main.bicep
+++ b/samples/inference-failover/main.bicep
@@ -23,6 +23,9 @@ param logAnalyticsWorkspaceName string = 'log-${resourceSuffix}'
 @description('Array of inference APIs assembled by the notebook.')
 param apis array = []
 
+@description('Deploy a regional Event Hub and stream APIM logs and metrics for external consumers.')
+param enableEventHubExport bool = false
+
 
 // ------------------------------
 //    VARIABLES
@@ -40,6 +43,15 @@ var workbookName = 'APIM Inference Failover ${index}'
 @description('Deterministic resource name of the telemetry workbook.')
 var workbookResourceName = guid(resourceGroup().id, 'inference-failover', string(index))
 
+@description('Name of the optional Event Hubs namespace deployed in the APIM region.')
+var eventHubNamespaceName = 'evhns-if-${index}-${take(resourceSuffix, 6)}'
+
+@description('Name of the optional Event Hub receiving APIM telemetry.')
+var eventHubName = 'apim-inference-failover'
+
+@description('Name of the optional Event Hub consumer group for external observability processors.')
+var eventHubConsumerGroupName = 'external-observability'
+
 @description('Regional Azure OpenAI resources used as the source of model-safe backend destinations.')
 var aoaiAccounts = [
   {
@@ -77,7 +89,7 @@ var deployments = [
   }
   {
     accountIndex: 0
-    backendName: 'gpt-5-1-PAYGO-eastus2'
+    backendName: 'gpt-5-1-PAYG-eastus2'
     deploymentName: 'b-gpt-5-1'
     modelName: 'gpt-5.1'
     modelVersion: '2025-11-13'
@@ -86,7 +98,7 @@ var deployments = [
   }
   {
     accountIndex: 1
-    backendName: 'gpt-5-1-PAYGO-westus3'
+    backendName: 'gpt-5-1-PAYG-westus3'
     deploymentName: 'e-gpt-5-1'
     modelName: 'gpt-5.1'
     modelVersion: '2025-11-13'
@@ -95,7 +107,7 @@ var deployments = [
   }
   {
     accountIndex: 2
-    backendName: 'gpt-5-1-PAYGO-southcentralus'
+    backendName: 'gpt-5-1-PAYG-southcentralus'
     deploymentName: 'g-gpt-5-1'
     modelName: 'gpt-5.1'
     modelVersion: '2025-11-13'
@@ -122,7 +134,7 @@ var deployments = [
   }
   {
     accountIndex: 0
-    backendName: 'gpt-4-1-mini-PAYGO-eastus2'
+    backendName: 'gpt-4-1-mini-PAYG-eastus2'
     deploymentName: 'd-gpt-4-1-mini'
     modelName: 'gpt-4.1-mini'
     modelVersion: '2025-04-14'
@@ -131,7 +143,7 @@ var deployments = [
   }
   {
     accountIndex: 2
-    backendName: 'gpt-4-1-mini-PAYGO-southcentralus'
+    backendName: 'gpt-4-1-mini-PAYG-southcentralus'
     deploymentName: 'h-gpt-4-1-mini'
     modelName: 'gpt-4.1-mini'
     modelVersion: '2025-04-14'
@@ -161,6 +173,67 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10
 }
 
 
+// ------------------------------
+//    OPTIONAL EVENT HUB EXPORT
+// ------------------------------
+
+// Azure Monitor requires regional resources to export diagnostics to an Event Hubs namespace in the same region.
+// The notebook passes its infrastructure/APIM region as the sample location parameter.
+// https://learn.microsoft.com/azure/templates/microsoft.eventhub/namespaces
+resource eventHubNamespace 'Microsoft.EventHub/namespaces@2024-01-01' = if (enableEventHubExport) {
+  name: eventHubNamespaceName
+  location: location
+  sku: {
+    name: 'Standard'
+    tier: 'Standard'
+    capacity: 1
+  }
+  properties: {
+    disableLocalAuth: false
+    isAutoInflateEnabled: true
+    kafkaEnabled: false
+    maximumThroughputUnits: 5
+    minimumTlsVersion: '1.2'
+    publicNetworkAccess: 'Enabled'
+    zoneRedundant: false
+  }
+}
+
+// Azure Monitor diagnostic streaming does not support compacted event hubs.
+// https://learn.microsoft.com/azure/templates/microsoft.eventhub/namespaces/eventhubs
+resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2024-01-01' = if (enableEventHubExport) {
+  name: eventHubName
+  parent: eventHubNamespace
+  properties: {
+    messageRetentionInDays: 7
+    partitionCount: 4
+    status: 'Active'
+  }
+}
+
+// Provide a dedicated consumer-group checkpoint scope for downstream observability processors.
+// https://learn.microsoft.com/azure/templates/microsoft.eventhub/namespaces/eventhubs/consumergroups
+resource eventHubConsumerGroup 'Microsoft.EventHub/namespaces/eventhubs/consumergroups@2024-01-01' = if (enableEventHubExport) {
+  name: eventHubConsumerGroupName
+  parent: eventHub
+  properties: {}
+}
+
+// Azure Monitor diagnostic streaming requires Manage, Send, and Listen permissions on a namespace authorization rule.
+// https://learn.microsoft.com/azure/templates/microsoft.eventhub/namespaces/authorizationrules
+resource eventHubExportAuthorizationRule 'Microsoft.EventHub/namespaces/authorizationRules@2024-01-01' = if (enableEventHubExport) {
+  name: 'diagnostic-export'
+  parent: eventHubNamespace
+  properties: {
+    rights: [
+      'Listen'
+      'Send'
+      'Manage'
+    ]
+  }
+}
+
+
 // ------------------------------
 //    AZURE OPENAI DEPLOYMENTS
 // ------------------------------
@@ -180,7 +253,7 @@ resource openAiAccounts 'Microsoft.CognitiveServices/accounts@2024-10-01' = [for
   }
 }]
 
-// All deployments use regional Standard PAYG capacity. The PTU/PAYGO label is only the route tier being simulated.
+// All deployments use regional Standard PAYG capacity. The PTU/PAYG label is only the route tier being simulated.
 // https://learn.microsoft.com/azure/templates/microsoft.cognitiveservices/accounts/deployments
 @batchSize(1)
 resource openAiDeployments 'Microsoft.CognitiveServices/accounts/deployments@2024-10-01' = [for deployment in deployments: {
@@ -216,14 +289,13 @@ resource apimOpenAiRoleAssignments 'Microsoft.Authorization/roleAssignments@2022
 // ------------------------------
 
 // Each backend targets exactly one compatible deployment. Managed identity authentication is applied by the inference API policy for the selected backend.
-// https://learn.microsoft.com/azure/templates/microsoft.apimanagement/service/backends
-resource inferenceBackends 'Microsoft.ApiManagement/service/backends@2024-06-01-preview' = [for (deployment, deploymentIndex) in deployments: {
-  name: deployment.backendName
-  parent: apimService
-  properties: {
-    description: '${deployment.route}: ${deployment.deploymentName} (${deployment.modelName})'
-    protocol: 'http'
-    type: 'Single'
+module inferenceBackends '../../shared/bicep/modules/apim/v1/backend.bicep' = [for (deployment, deploymentIndex) in deployments: {
+  name: 'backend-${deployment.backendName}'
+  params: {
+    apimName: apimName
+    backendName: deployment.backendName
+    backendDescription: '${deployment.route}: ${deployment.deploymentName} (${deployment.modelName})'
+    backendType: 'Single'
     url: '${openAiAccounts[deployment.accountIndex].properties.endpoint}openai/deployments/${deployment.deploymentName}'
     tls: {
       validateCertificateChain: true
@@ -280,17 +352,17 @@ module gpt51BackendPool '../../shared/bicep/modules/apim/v1/backend-pool.bicep'
         weight: 100
       }
       {
-        name: 'gpt-5-1-PAYGO-eastus2'
+        name: 'gpt-5-1-PAYG-eastus2'
         priority: 3
         weight: 100
       }
       {
-        name: 'gpt-5-1-PAYGO-westus3'
+        name: 'gpt-5-1-PAYG-westus3'
         priority: 4
         weight: 50
       }
       {
-        name: 'gpt-5-1-PAYGO-southcentralus'
+        name: 'gpt-5-1-PAYG-southcentralus'
         priority: 4
         weight: 50
       }
@@ -319,12 +391,12 @@ module gpt41MiniBackendPool '../../shared/bicep/modules/apim/v1/backend-pool.bic
         weight: 100
       }
       {
-        name: 'gpt-4-1-mini-PAYGO-eastus2'
+        name: 'gpt-4-1-mini-PAYG-eastus2'
         priority: 3
         weight: 100
       }
       {
-        name: 'gpt-4-1-mini-PAYGO-southcentralus'
+        name: 'gpt-4-1-mini-PAYG-southcentralus'
         priority: 4
         weight: 100
       }
@@ -343,8 +415,11 @@ module apimDiagnostics '../../shared/bicep/modules/apim/v1/diagnostics.bicep' =
     apimResourceGroupName: resourceGroup().name
     diagnosticSettingsNameSuffix: diagnosticsSuffix
     enableApplicationInsights: false
+    enableEventHub: enableEventHubExport
     enableLlmLogs: true
     enableLogAnalytics: true
+    eventHubAuthorizationRuleId: enableEventHubExport ? eventHubExportAuthorizationRule.id : ''
+    eventHubName: enableEventHubExport ? eventHub.name : ''
     logAnalyticsWorkspaceId: logAnalyticsWorkspace.id
   }
 }
@@ -409,6 +484,27 @@ output workbookName string = workbookName
 @description('Resource ID of the deployed telemetry workbook.')
 output workbookId string = workbook.id
 
+@description('Whether optional APIM telemetry streaming to Event Hubs is enabled.')
+output eventHubExportEnabled bool = enableEventHubExport
+
+@description('Resource ID of the optional Event Hubs namespace.')
+output eventHubNamespaceId string = enableEventHubExport ? eventHubNamespace.id : ''
+
+@description('Name of the optional Event Hubs namespace.')
+output eventHubNamespaceName string = enableEventHubExport ? eventHubNamespace.name : ''
+
+@description('Resource ID of the optional Event Hub receiving APIM telemetry.')
+output eventHubId string = enableEventHubExport ? eventHub.id : ''
+
+@description('Name of the optional Event Hub receiving APIM telemetry.')
+output eventHubName string = enableEventHubExport ? eventHub.name : ''
+
+@description('Name of the optional Event Hub consumer group for external observability processors.')
+output eventHubConsumerGroupName string = enableEventHubExport ? eventHubConsumerGroup.name : ''
+
+@description('Location of the optional Event Hubs namespace. This matches the APIM service region.')
+output eventHubLocation string = eventHubNamespace.?location ?? ''
+
 @description('Regional Azure OpenAI resource names deployed for the experiment.')
 output openAiAccountNames array = [for account in aoaiAccounts: account.name]
 
diff --git a/samples/inference-failover/queries/README.md b/samples/inference-failover/queries/README.md
new file mode 100644
index 00000000..00b9d1b2
--- /dev/null
+++ b/samples/inference-failover/queries/README.md
@@ -0,0 +1,76 @@
+# Inference Failover Queries
+
+These KQL queries help operators inspect AI gateway routing, fallback behavior, failures, latency, and LLM telemetry for the inference failover sample. Run them against the Log Analytics workspace used by the selected API Management infrastructure.
+
+Return to the [Inference Failover sample](../README.md) for deployment steps and the broader scenario description.
+
+## Common Parameters
+
+The query files intentionally keep runtime values separate from their query bodies. Prepend these `let` bindings before running an operator-facing query:
+
+```kql
+let timeWindow = 1h;
+let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+```
+
+Adjust `timeWindow` when investigating a shorter incident window or a longer trend. Narrow `apiIds` when you only need one model-safe backend pool.
+
+## Signal Sources
+
+| Table | What the queries use |
+| --- | --- |
+| `ApiManagementGatewayLogs` | Caller-visible response codes, final backend response codes, backend placement, timing, APIM errors, and policy trace records. |
+| `ApiManagementGatewayLlmLog` | Correlated model deployment, prompt token, completion token, total token, and message-chunk telemetry. |
+
+The retry-aware queries inspect `TraceRecords` emitted by the inference API policy. `InferenceBackendAttemptComplete` records each completed backend attempt, and `InferenceFallbackExhausted` marks requests where APIM exhausted the eligible fallback chain.
+
+## Query Catalog
+
+### [backend-distribution.kql](backend-distribution.kql)
+
+Use this query to see where APIM ultimately placed inference requests. It groups gateway rows by API and concrete backend URL or backend ID, then reports request volume, successes, throttled responses, server failures, average backend latency, and success rate.
+
+This is a useful first view when validating weighted distribution or checking whether pressure moved traffic to a regional fallback tier.
+
+### [failover-outcomes.kql](failover-outcomes.kql)
+
+Use this query to compare caller-visible results with the final backend response after APIM retry handling. It classifies requests as successful without failover, recovered after failover, fallback exhausted, caller-visible throttling, caller-visible server error, or another outcome.
+
+The output includes average attempt count and average backend latency for each API, outcome, caller response code, and final backend response code combination.
+
+### [failure-analysis.kql](failure-analysis.kql)
+
+Use this query when investigating degraded traffic or a failed pressure scenario. It filters out requests that succeeded without failover and classifies the remaining rows as recovered failovers, exhausted fallback chains, final-backend throttling, final-backend server errors, caller-visible errors, or native APIM pipeline errors.
+
+The output includes request count, average and maximum attempts, average total latency, P95 total latency, and APIM error source and reason where available.
+
+### [llm-telemetry-coverage.kql](llm-telemetry-coverage.kql)
+
+Use this query to confirm whether successful gateway requests received correlated LLM diagnostic rows. It joins gateway and LLM telemetry by `CorrelationId`, then distinguishes successful calls with token telemetry from successful calls missing token telemetry and non-success calls where token telemetry is not expected.
+
+The output reports requests, token totals, LLM row counts, and request and response message-chunk counts by API and coverage category. This validates telemetry completeness without rendering prompt or completion bodies.
+
+### [request-details.kql](request-details.kql)
+
+Use this query for a per-request investigation after a summary query identifies an anomaly. It joins gateway and LLM rows by `CorrelationId` and returns one operator-focused row for each inference request.
+
+The output includes caller and backend status codes, backend placement, latency, retry counts, the extracted attempt trail, fallback exhaustion state, token usage, message-chunk counts, native APIM errors, and raw trace records. Filter by `CorrelationId` when tracing one request end to end.
+
+### [token-throughput.kql](token-throughput.kql)
+
+Use this query to measure token-bearing model consumption across API routes and concrete backends. It joins token-bearing LLM rows to gateway placement rows by `CorrelationId`, then summarizes request count and prompt, completion, and total tokens by API, backend, and model.
+
+This view helps connect routing behavior to model usage and identify which fallback tiers served token-bearing requests.
+
+### [verify-llm-ingestion.kql](verify-llm-ingestion.kql)
+
+This is the notebook readiness probe used before local charts are rendered. It checks a shorter default window and returns one row only after gateway request rows and token-bearing LLM rows both reach Log Analytics.
+
+When running it manually, prepend these bindings:
+
+```kql
+let timeWindow = 30m;
+let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+```
+
+The output reports gateway request rows, successful requests, unavailable responses, token-bearing correlation IDs, and total tokens. An empty result usually means telemetry is still ingesting or the selected time window does not include recent sample traffic.
diff --git a/samples/inference-failover/backend-distribution.kql b/samples/inference-failover/queries/backend-distribution.kql
similarity index 66%
rename from samples/inference-failover/backend-distribution.kql
rename to samples/inference-failover/queries/backend-distribution.kql
index 3edd3801..b81e8533 100644
--- a/samples/inference-failover/backend-distribution.kql
+++ b/samples/inference-failover/queries/backend-distribution.kql
@@ -1,4 +1,4 @@
-// Shows the concrete backend destinations exercised by AI inference traffic.
+// Shows the final concrete backend destinations exercised by AI inference traffic.
 //
 // Parameters (prepend as KQL 'let' bindings before running):
 //   let timeWindow = 1h;
@@ -7,8 +7,8 @@
 ApiManagementGatewayLogs
 | where TimeGenerated > ago(timeWindow)
 | where ApiId in~ (apiIds)
-| project TimeGenerated, ApiId, BackendId, ResponseCode, BackendTime
-| extend Backend = iff(isempty(BackendId), '(backend not recorded)', BackendId)
+| project TimeGenerated, ApiId, BackendId, BackendUrl, ResponseCode, BackendResponseCode, BackendTime
+| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')
 | summarize Requests = count(), Successes = countif(ResponseCode between (200 .. 299)), Throttled = countif(ResponseCode == 429), Failures = countif(ResponseCode >= 500), AverageBackendMs = round(avg(BackendTime), 1) by ApiId, Backend
 | extend SuccessRate = round(100.0 * Successes / Requests, 1)
 | order by ApiId asc, Requests desc
diff --git a/samples/inference-failover/queries/failover-outcomes.kql b/samples/inference-failover/queries/failover-outcomes.kql
new file mode 100644
index 00000000..10b3e264
--- /dev/null
+++ b/samples/inference-failover/queries/failover-outcomes.kql
@@ -0,0 +1,22 @@
+// Reports caller-visible outcomes separately from final backend outcomes and retry activity.
+//
+// Parameters (prepend as KQL 'let' bindings before running):
+//   let timeWindow = 1h;
+//   let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+//
+ApiManagementGatewayLogs
+| where TimeGenerated > ago(timeWindow)
+| where ApiId in~ (apiIds)
+| extend TraceText = tostring(TraceRecords)
+| extend AttemptCount = countof(TraceText, 'InferenceBackendAttemptComplete')
+| extend FailoverOccurred = AttemptCount > 1
+| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'
+| extend Outcome = case(
+	FallbackExhausted, 'Fallback exhausted',
+	ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after failover',
+	ResponseCode between (200 .. 299), 'Successful without failover',
+	ResponseCode == 429, 'Caller received throttling',
+	ResponseCode >= 500, 'Caller received server error',
+	'Other')
+| summarize Requests = count(), AverageAttempts = round(avg(AttemptCount), 2), AverageBackendMs = round(avg(BackendTime), 1) by ApiId, Outcome, ResponseCode, BackendResponseCode
+| order by ApiId asc, Requests desc
diff --git a/samples/inference-failover/queries/failure-analysis.kql b/samples/inference-failover/queries/failure-analysis.kql
new file mode 100644
index 00000000..cec4b6e4
--- /dev/null
+++ b/samples/inference-failover/queries/failure-analysis.kql
@@ -0,0 +1,31 @@
+// Classifies recovered failovers, exhausted fallback chains, backend failures, and APIM errors.
+//
+// Parameters (prepend as KQL 'let' bindings before running):
+//   let timeWindow = 1h;
+//   let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+//
+ApiManagementGatewayLogs
+| where TimeGenerated > ago(timeWindow)
+| where ApiId in~ (apiIds)
+| extend TraceText = tostring(TraceRecords)
+| extend AttemptCount = countof(TraceText, 'InferenceBackendAttemptComplete')
+| extend FailoverOccurred = AttemptCount > 1
+| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'
+| extend FailureType = case(
+    FallbackExhausted, 'Fallback exhausted at APIM',
+    ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',
+    BackendResponseCode == 429, 'Final backend throttled',
+    BackendResponseCode >= 500, 'Final backend server error',
+    ResponseCode between (400 .. 499), 'Caller-visible client error',
+    ResponseCode >= 500, 'Caller-visible server error',
+    isnotempty(LastErrorReason), 'APIM pipeline error',
+    'Successful without failover')
+| where FailureType != 'Successful without failover'
+| summarize
+    Requests = count(),
+    AverageAttempts = round(avg(AttemptCount), 2),
+    MaximumAttempts = max(AttemptCount),
+    AverageTotalMs = round(avg(TotalTime), 1),
+    P95TotalMs = round(percentile(TotalTime, 95), 1)
+    by ApiId, FailureType, ResponseCode, BackendResponseCode, LastErrorSource, LastErrorReason
+| order by Requests desc, ApiId asc
diff --git a/samples/inference-failover/queries/llm-telemetry-coverage.kql b/samples/inference-failover/queries/llm-telemetry-coverage.kql
new file mode 100644
index 00000000..7e2b40f8
--- /dev/null
+++ b/samples/inference-failover/queries/llm-telemetry-coverage.kql
@@ -0,0 +1,38 @@
+// Measures whether successful APIM inference requests have correlated LLM token and message telemetry.
+//
+// Parameters (prepend as KQL 'let' bindings before running):
+//   let timeWindow = 1h;
+//   let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+//
+let gatewayRequests = materialize(ApiManagementGatewayLogs
+| where TimeGenerated > ago(timeWindow)
+| where ApiId in~ (apiIds)
+| project CorrelationId, ApiId, ResponseCode);
+let llmPerRequest = ApiManagementGatewayLlmLog
+| where TimeGenerated > ago(timeWindow)
+| summarize
+    ModelName = take_any(ModelName),
+    DeploymentName = take_any(DeploymentName),
+    PromptTokens = sum(PromptTokens),
+    CompletionTokens = sum(CompletionTokens),
+    TotalTokens = sum(TotalTokens),
+    LlmRows = count(),
+    RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))),
+    ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages)))
+    by CorrelationId;
+gatewayRequests
+| join kind=leftouter llmPerRequest on CorrelationId
+| extend Coverage = case(
+    ResponseCode !between (200 .. 299), 'Not expected for non-2xx response',
+    coalesce(TotalTokens, 0) > 0, 'Token telemetry recorded',
+    'Successful request without token telemetry')
+| summarize
+    Requests = count(),
+    PromptTokens = sum(coalesce(PromptTokens, 0)),
+    CompletionTokens = sum(coalesce(CompletionTokens, 0)),
+    TotalTokens = sum(coalesce(TotalTokens, 0)),
+    LlmRows = sum(coalesce(LlmRows, 0)),
+    RequestMessageChunks = sum(coalesce(RequestMessageChunks, 0)),
+    ResponseMessageChunks = sum(coalesce(ResponseMessageChunks, 0))
+    by ApiId, Coverage
+| order by ApiId asc, Coverage asc
diff --git a/samples/inference-failover/queries/request-details.kql b/samples/inference-failover/queries/request-details.kql
new file mode 100644
index 00000000..3c191cf2
--- /dev/null
+++ b/samples/inference-failover/queries/request-details.kql
@@ -0,0 +1,66 @@
+// Provides one operator-focused row per APIM inference request, including retry traces,
+// caller-visible status, final backend status, native APIM errors, and LLM token coverage.
+//
+// Parameters (prepend as KQL 'let' bindings before running):
+//   let timeWindow = 1h;
+//   let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);
+//
+let gatewayRequests = materialize(ApiManagementGatewayLogs
+| where TimeGenerated > ago(timeWindow)
+| where ApiId in~ (apiIds)
+| extend TraceText = tostring(TraceRecords)
+| extend AttemptCount = countof(TraceText, 'InferenceBackendAttemptComplete')
+| extend RetriedFailures = countof(TraceText, 'willRetry=True')
+| extend FailoverOccurred = AttemptCount > 1
+| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'
+| extend AttemptTrail = strcat_array(
+    extract_all(@'(InferenceBackendAttemptComplete\|attempt=[0-9]+\|backendResponseCode=(?:[0-9]+|none)\|willRetry=(?:True|False))', TraceText),
+    ' -> '));
+let llmPerRequest = ApiManagementGatewayLlmLog
+| where TimeGenerated > ago(timeWindow)
+| summarize
+    ModelName = take_any(ModelName),
+    DeploymentName = take_any(DeploymentName),
+    LlmRequestId = take_any(RequestId),
+    PromptTokens = sum(PromptTokens),
+    CompletionTokens = sum(CompletionTokens),
+    TotalTokens = sum(TotalTokens),
+    LlmRows = count(),
+    RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))),
+    ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages)))
+    by CorrelationId;
+gatewayRequests
+| join kind=leftouter llmPerRequest on CorrelationId
+| project
+    TimeGenerated,
+    CorrelationId,
+    ApiId,
+    OperationId,
+    ApimSubscriptionId,
+    ResponseCode,
+    BackendResponseCode,
+    BackendId,
+    BackendUrl,
+    TotalTime,
+    BackendTime,
+    AttemptCount,
+    RetriedFailures,
+    FailoverOccurred,
+    FallbackExhausted,
+    AttemptTrail,
+    ModelName,
+    DeploymentName,
+    LlmRequestId,
+    PromptTokens = coalesce(PromptTokens, 0),
+    CompletionTokens = coalesce(CompletionTokens, 0),
+    TotalTokens = coalesce(TotalTokens, 0),
+    LlmRows = coalesce(LlmRows, 0),
+    RequestMessageChunks = coalesce(RequestMessageChunks, 0),
+    ResponseMessageChunks = coalesce(ResponseMessageChunks, 0),
+    LastErrorSource,
+    LastErrorReason,
+    LastErrorSection,
+    LastErrorMessage,
+    Errors,
+    TraceRecords
+| order by TimeGenerated desc
diff --git a/samples/inference-failover/token-throughput.kql b/samples/inference-failover/queries/token-throughput.kql
similarity index 83%
rename from samples/inference-failover/token-throughput.kql
rename to samples/inference-failover/queries/token-throughput.kql
index d748a9e3..f2ba7248 100644
--- a/samples/inference-failover/token-throughput.kql
+++ b/samples/inference-failover/queries/token-throughput.kql
@@ -7,12 +7,12 @@
 let requestRoutes = ApiManagementGatewayLogs
 | where TimeGenerated > ago(timeWindow)
 | where ApiId in~ (apiIds)
-| project CorrelationId, ApiId, BackendId;
+| project CorrelationId, ApiId, BackendId, BackendUrl;
 ApiManagementGatewayLlmLog
 | where TimeGenerated > ago(timeWindow)
 | where TotalTokens > 0 and isnotempty(ModelName)
 | summarize PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by CorrelationId, ModelName
 | join kind=inner requestRoutes on CorrelationId
-| extend Backend = iff(isempty(BackendId), '(backend not recorded)', BackendId)
+| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')
 | summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, Backend, ModelName
 | order by TotalTokens desc
diff --git a/samples/inference-failover/verify-llm-ingestion.kql b/samples/inference-failover/queries/verify-llm-ingestion.kql
similarity index 100%
rename from samples/inference-failover/verify-llm-ingestion.kql
rename to samples/inference-failover/queries/verify-llm-ingestion.kql
diff --git a/samples/load-balancing/main.bicep b/samples/load-balancing/main.bicep
index 1964d430..16e296eb 100644
--- a/samples/load-balancing/main.bicep
+++ b/samples/load-balancing/main.bicep
@@ -8,8 +8,13 @@ param location string = resourceGroup().location
 @description('The unique suffix to append. Defaults to a unique string based on subscription and resource group IDs.')
 param resourceSuffix string = uniqueString(subscription().id, resourceGroup().id)
 
+@description('Name of the existing API Management service.')
 param apimName string = 'apim-${resourceSuffix}'
+
+@description('Name of the existing infrastructure-deployed Application Insights component to reuse for API diagnostics.')
 param appInsightsName string = 'appi-${resourceSuffix}'
+
+@description('Array of inference APIs assembled by the notebook.')
 param apis array = []
 
 // ------------------
diff --git a/shared/bicep/modules/apim/v1/backend.bicep b/shared/bicep/modules/apim/v1/backend.bicep
index c085fe5c..809734b7 100644
--- a/shared/bicep/modules/apim/v1/backend.bicep
+++ b/shared/bicep/modules/apim/v1/backend.bicep
@@ -17,6 +17,60 @@ param backendName string
 @description('The URL of the backend service (e.g., ACA public FQDN).')
 param url string
 
+@description('The description of the backend. Defaults to a description derived from the backend name.')
+param backendDescription string = ''
+
+@description('The backend type. Leave empty to use the API Management default.')
+param backendType string = ''
+
+@description('The TLS validation settings for the backend. Leave empty to use the API Management defaults.')
+param tls object = {}
+
+@description('The circuit breaker configuration for the backend.')
+param circuitBreaker object = {
+  rules: [
+    {
+      failureCondition: {
+        count: 1
+        errorReasons: [
+          'Server errors'
+        ]
+        interval: 'PT5M'
+        statusCodeRanges: [
+          {
+            min: 429
+            max: 429
+          }
+        ]
+      }
+      name: 'backend-circuit-breaker'
+      tripDuration: 'PT1M'
+      acceptRetryAfter: true
+    }
+  ]
+}
+
+
+// ------------------------------
+//    VARIABLES
+// ------------------------------
+
+@description('Backend properties with optional type and TLS settings included only when explicitly configured.')
+var backendProperties = union(
+  {
+    url: url
+    description: empty(backendDescription) ? 'This is the backend for ${backendName}' : backendDescription
+    protocol: 'http'
+    circuitBreaker: circuitBreaker
+  },
+  empty(backendType) ? {} : {
+    type: backendType
+  },
+  empty(tls) ? {} : {
+    tls: tls
+  }
+)
+
 
 // ------------------------------
 //    RESOURCES
@@ -31,33 +85,7 @@ resource apimService 'Microsoft.ApiManagement/service@2024-06-01-preview' existi
 resource backend 'Microsoft.ApiManagement/service/backends@2024-06-01-preview' = {
   name: backendName
   parent: apimService
-  properties: {
-    url: url
-    description: 'This is the backend for ${backendName}'
-    protocol: 'http'
-    circuitBreaker: {
-      rules: [
-        {
-          failureCondition: {
-            count: 1
-            errorReasons: [
-              'Server errors'
-            ]
-            interval: 'PT5M'
-            statusCodeRanges: [
-              {
-                min: 429
-                max: 429
-              }
-            ]
-          }
-          name: 'backend-circuit-breaker'
-          tripDuration: 'PT1M'
-          acceptRetryAfter: true
-        }
-      ]
-    }
-  }
+  properties: backendProperties
 }
 
 
diff --git a/shared/bicep/modules/apim/v1/diagnostics.bicep b/shared/bicep/modules/apim/v1/diagnostics.bicep
index e6f02e6e..5d9066da 100644
--- a/shared/bicep/modules/apim/v1/diagnostics.bicep
+++ b/shared/bicep/modules/apim/v1/diagnostics.bicep
@@ -24,6 +24,15 @@ param enableLogAnalytics bool = true
 @description('Log Analytics Workspace ID for diagnostic settings')
 param logAnalyticsWorkspaceId string = ''
 
+@description('Enable Event Hub streaming for APIM logs and metrics')
+param enableEventHub bool = false
+
+@description('Resource ID of the Event Hubs namespace authorization rule used by Azure Monitor diagnostic settings')
+param eventHubAuthorizationRuleId string = ''
+
+@description('Name of the Event Hub to receive APIM logs and metrics')
+param eventHubName string = ''
+
 @description('Enable Application Insights logger and diagnostic policy for APIM')
 param enableApplicationInsights bool = true
 
@@ -51,6 +60,9 @@ param enableLlmLogs bool = false
 // ------------------
 
 var diagnosticSettingsName = 'apim-${diagnosticSettingsNameSuffix}'
+var enableEventHubDestination = enableEventHub && !empty(eventHubAuthorizationRuleId) && !empty(eventHubName)
+var enableLogAnalyticsDestination = enableLogAnalytics && !empty(logAnalyticsWorkspaceId)
+var enableResourceLogExport = enableLogAnalyticsDestination || enableEventHubDestination
 
 
 // ------------------
@@ -65,12 +77,14 @@ resource apimService 'Microsoft.ApiManagement/service@2024-06-01-preview' existi
 
 // Configure diagnostic settings to send logs to Log Analytics Workspace
 // https://learn.microsoft.com/azure/templates/microsoft.insights/diagnosticsettings
-resource apimDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (enableLogAnalytics && !empty(logAnalyticsWorkspaceId)) {
+resource apimDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (enableResourceLogExport) {
   name: diagnosticSettingsName
   scope: apimService
   properties: {
-    workspaceId: logAnalyticsWorkspaceId
-    logAnalyticsDestinationType: 'Dedicated'
+    eventHubAuthorizationRuleId: enableEventHubDestination ? eventHubAuthorizationRuleId : null
+    eventHubName: enableEventHubDestination ? eventHubName : null
+    workspaceId: enableLogAnalyticsDestination ? logAnalyticsWorkspaceId : null
+    logAnalyticsDestinationType: enableLogAnalyticsDestination ? 'Dedicated' : null
     logs: [
       {
         category: 'GatewayLogs'
@@ -178,7 +192,7 @@ resource apimDiagnostic 'Microsoft.ApiManagement/service/diagnostics@2024-06-01-
 // Configure Azure Monitor diagnostic settings for APIM
 // This ensures gateway logs include subscription IDs and other details
 // https://learn.microsoft.com/azure/templates/microsoft.apimanagement/service/diagnostics
-resource apimAzureMonitorDiagnostic 'Microsoft.ApiManagement/service/diagnostics@2024-06-01-preview' = if (enableLogAnalytics) {
+resource apimAzureMonitorDiagnostic 'Microsoft.ApiManagement/service/diagnostics@2024-06-01-preview' = if (enableLogAnalytics || enableEventHub) {
   parent: apimService
   name: 'azuremonitor'
   properties: {
@@ -198,7 +212,7 @@ resource apimAzureMonitorDiagnostic 'Microsoft.ApiManagement/service/diagnostics
 // ------------------
 
 @description('APIM diagnostic settings resource ID')
-output diagnosticSettingsId string = enableLogAnalytics && !empty(logAnalyticsWorkspaceId) ? apimDiagnosticSettings.id : ''
+output diagnosticSettingsId string = enableResourceLogExport ? apimDiagnosticSettings.id : ''
 
 @description('APIM logger resource ID')
 output apimLoggerId string = enableApplicationInsights && !empty(appInsightsInstrumentationKey) && !empty(appInsightsResourceId) ? apimLogger.id : ''
@@ -207,4 +221,4 @@ output apimLoggerId string = enableApplicationInsights && !empty(appInsightsInst
 output apimDiagnosticId string = enableApplicationInsights && !empty(appInsightsInstrumentationKey) && !empty(appInsightsResourceId) ? apimDiagnostic.id : ''
 
 @description('APIM Azure Monitor diagnostic resource ID')
-output apimAzureMonitorDiagnosticId string = enableLogAnalytics ? apimAzureMonitorDiagnostic.id : ''
+output apimAzureMonitorDiagnosticId string = enableLogAnalytics || enableEventHub ? apimAzureMonitorDiagnostic.id : ''
diff --git a/shared/python/apimtesting.py b/shared/python/apimtesting.py
index edbb1750..70974263 100644
--- a/shared/python/apimtesting.py
+++ b/shared/python/apimtesting.py
@@ -2,6 +2,8 @@
 Rudimentary test framework to offload validations from the Jupyter notebooks.
 """
 
+from time import perf_counter
+
 # APIM Samples imports
 from apimtypes import INFRASTRUCTURE
 
@@ -35,11 +37,20 @@ def __init__(self, test_suite_name: str = 'APIM Tests', sample_name: str = None,
         self.tests_failed = 0
         self.total_tests = 0
         self.errors = []
+        self.start_time = perf_counter()
 
     # ------------------------------
     #    PUBLIC METHODS
     # ------------------------------
 
+    @staticmethod
+    def format_runtime(runtime_seconds: float) -> str:
+        """Format an elapsed runtime as hours, minutes, and seconds."""
+        hours, remaining_seconds = divmod(runtime_seconds, 3600)
+        minutes, seconds = divmod(remaining_seconds, 60)
+
+        return f'{int(hours):02}:{int(minutes):02}:{seconds:05.2f}'
+
     def verify(self, value: any, expected: any, label: str = '') -> bool:
         """
         Verify (i.e. assert) that a value matches an expected value.
@@ -82,6 +93,7 @@ def print_summary(self) -> None:
 
         # Calculate success rate and create visual elements
         success_rate = (self.tests_passed / self.total_tests * 100) if self.total_tests > 0 else 0
+        runtime = self.format_runtime(perf_counter() - self.start_time)
         border_width = 70
         border_line = '=' * border_width
 
@@ -104,7 +116,8 @@ def print_summary(self) -> None:
         print(f'    • Total Tests  : {self.total_tests:>5}')
         print(f'    • Tests Passed : {self.tests_passed:>5}')
         print(f'    • Tests Failed : {self.tests_failed:>5} {"❌" if self.tests_failed > 0 else ""}')
-        print(f'    • Success Rate : {success_rate:>5.1f}%\n')
+        print(f'    • Success Rate : {success_rate:>5.1f}%')
+        print(f'    • Runtime      : {runtime} (HH:MM:SS.ss)\n')
 
         # Overall result
         if not self.tests_failed and self.total_tests > 0:
diff --git a/shared/python/charts.py b/shared/python/charts.py
index 0d8c9946..612fff5d 100644
--- a/shared/python/charts.py
+++ b/shared/python/charts.py
@@ -5,13 +5,28 @@
 """
 
 import json
+from collections import Counter
 
 import matplotlib as mpl
 import matplotlib.pyplot as plt
 import pandas as pd
 from apimtypes import HttpStatusCode
+from matplotlib.figure import Figure
 from matplotlib.patches import Rectangle as pltRectangle
 
+
+def _format_request_count(count: int) -> str:
+    """Return a request count with the grammatically correct noun."""
+    noun = 'request' if count == 1 else 'requests'
+
+    return f'{count} {noun}'
+
+
+def _format_percentage(count: int, total: int) -> str:
+    """Return a percentage while handling an empty denominator."""
+    return f'{count / total:.1%}' if total else '0.0%'
+
+
 # ------------------------------
 #    CLASSES
 # ------------------------------
@@ -34,6 +49,7 @@ def __init__(
         api_results: list[dict],
         fig_text: str = None,
         vertical_separator: tuple[float, str] | list[tuple[float, str]] | None = None,
+        backend_labels: dict[int, str] | None = None,
     ) -> None:
         """
         Initialize the BarChart with API results.
@@ -47,6 +63,8 @@ def __init__(
             vertical_separator (tuple[float, str] | list[tuple[float, str]], optional): Either a
                 single (x_position, label) tuple or a list of such tuples. Each entry draws a
                 dashed vertical separator at the given x (in bar-index units) with an annotation.
+            backend_labels (dict[int, str], optional): Human-readable legend labels keyed by
+                backend index. Missing indexes use the default numeric label.
         """
         self.title = title
         self.x_label = x_label
@@ -54,6 +72,7 @@ def __init__(
         self.api_results = api_results
         self.fig_text = fig_text
         self.vertical_separator = vertical_separator
+        self.backend_labels = backend_labels or {}
 
     # ------------------------------
     #    PUBLIC METHODS
@@ -65,11 +84,15 @@ def plot(self) -> None:
         """
         self._plot_barchart(self.api_results)
 
+    def render(self) -> Figure:
+        """Render the bar chart without displaying it and return the figure."""
+        return self._plot_barchart(self.api_results, show=False)
+
     # ------------------------------
     #    PRIVATE METHODS
     # ------------------------------
 
-    def _plot_barchart(self, api_results: list[dict]) -> None:
+    def _plot_barchart(self, api_results: list[dict], show: bool = True) -> Figure:
         """
         Internal method to plot the bar chart.
 
@@ -103,34 +126,80 @@ def _plot_barchart(self, api_results: list[dict]) -> None:
 
         df = pd.DataFrame(rows)
 
-        mpl.rcParams['figure.figsize'] = [15, 8]
+        mpl.rcParams['figure.figsize'] = [17, 11]
 
-        # Define a color map for each backend index (OK) and errors (non-OK always lightcoral)
+        # Define a color map for each successful backend and conspicuous error categories.
         backend_indexes_200 = sorted(df[df['Status Code'] == HttpStatusCode.OK]['Backend Index'].unique())
         color_palette = ['lightyellow', 'lightblue', 'lightgreen', 'plum', 'orange']
         color_map_200 = {idx: color_palette[i % len(color_palette)] for i, idx in enumerate(backend_indexes_200)}
+        backend_request_counts = Counter(row['Backend Index'] for row in rows if row['Status Code'] == HttpStatusCode.OK)
+        request_count = len(api_results)
+        response_count = len(rows)
+        successful_response_count = sum(200 <= row['Status Code'] < 300 for row in rows)
+        client_error_count = sum(400 <= row['Status Code'] < 500 for row in rows)
+        server_error_count = sum(500 <= row['Status Code'] < 600 for row in rows)
+        other_error_count = sum(row['Status Code'] != HttpStatusCode.OK and not 400 <= row['Status Code'] < 600 for row in rows)
+        client_error_color = '#d83b01'
+        server_error_color = '#a4262c'
+        other_error_color = '#5c2d91'
 
         bar_colors = []
         for _, row in df.iterrows():
             if row['Status Code'] == HttpStatusCode.OK:
                 bar_colors.append(color_map_200.get(row['Backend Index'], 'gray'))
+            elif 400 <= row['Status Code'] < 500:
+                bar_colors.append(client_error_color)
+            elif 500 <= row['Status Code'] < 600:
+                bar_colors.append(server_error_color)
             else:
-                bar_colors.append('lightcoral')
+                bar_colors.append(other_error_color)
 
         # Plot the dataframe with colored bars
         ax = df.plot(kind='bar', x='Run', y='Response Time (ms)', color=bar_colors, legend=False, edgecolor='black')
 
-        # Add dynamic legend based on backend indexes present in the data. We let the legend
-        # auto-size to its contents and use `borderpad` to add internal padding (especially at
-        # the top) so entries do not visually touch the legend frame.
+        # Add a dynamic legend based on backend indexes present in the data.
         legend_labels = []
         legend_names = []
         for idx in backend_indexes_200:
             legend_labels.append(pltRectangle((0, 0), 1, 1, color=color_map_200[idx]))
-            legend_names.append(f'Backend index {idx} (200)')
-        legend_labels.append(pltRectangle((0, 0), 1, 1, color='lightcoral'))
-        legend_names.append('Error/Other (non-200)')
-        ax.legend(legend_labels, legend_names, borderpad=1.5)
+            backend_label = self.backend_labels.get(idx, f'Backend index {idx}')
+            legend_names.append(f'{backend_label} - {_format_request_count(backend_request_counts[idx])}')
+        if client_error_count:
+            legend_labels.append(pltRectangle((0, 0), 1, 1, color=client_error_color))
+            legend_names.append(f'!!! 4xx CLIENT ERRORS - {_format_request_count(client_error_count)} !!!')
+        if server_error_count:
+            legend_labels.append(pltRectangle((0, 0), 1, 1, color=server_error_color))
+            legend_names.append(f'!!! 5xx SERVER ERRORS - {_format_request_count(server_error_count)} !!!')
+        if other_error_count:
+            legend_labels.append(pltRectangle((0, 0), 1, 1, color=other_error_color))
+            legend_names.append(f'!!! OTHER NON-200 RESPONSES - {_format_request_count(other_error_count)} !!!')
+        ax.legend(legend_labels, legend_names, loc='upper left', bbox_to_anchor=(1.01, 1), borderpad=1.2)
+
+        has_errors = client_error_count or server_error_count or other_error_count
+        status_summary = (
+            f'Requests: {request_count}\n'
+            f'Responses: {response_count} ({_format_percentage(response_count, request_count)})\n\n'
+            f'2xx: {successful_response_count} ({_format_percentage(successful_response_count, response_count)})\n'
+            f'4xx: {client_error_count} ({_format_percentage(client_error_count, response_count)})\n'
+            f'5xx: {server_error_count} ({_format_percentage(server_error_count, response_count)})'
+        )
+        ax.text(
+            1.02,
+            0.62,
+            status_summary,
+            transform=ax.transAxes,
+            ha='left',
+            va='top',
+            fontsize=11,
+            color=server_error_color if has_errors else 'black',
+            fontweight='bold' if has_errors else 'normal',
+            bbox={
+                'boxstyle': 'square,pad=0.8',
+                'facecolor': '#fff1f0' if has_errors else 'white',
+                'edgecolor': server_error_color if has_errors else 'lightgray',
+                'linewidth': 2.5 if has_errors else 1,
+            },
+        )
 
         plt.title(self.title)
         plt.xlabel(self.x_label)
@@ -150,8 +219,9 @@ def _plot_barchart(self, api_results: list[dict]) -> None:
                 plt.axhline(y=avg, color='b', linestyle='--')
                 plt.text(len(df) - 1, avg, avg_label, color='b', va='bottom', ha='right', fontsize=10)
 
-        # Add figtext under the chart
-        plt.figtext(0.13, -0.1, wrap=True, ha='left', fontsize=11, s=self.fig_text)
+        # Reserve room for the right-side summary and explanatory text below the x-axis.
+        plt.subplots_adjust(right=0.76, bottom=0.3)
+        plt.figtext(0.08, 0.03, wrap=True, ha='left', fontsize=11, s=self.fig_text)
 
         # Optional vertical separator(s) with annotation (e.g. wait-period marker). Accepts
         # either a single (x, label) tuple or a list of them. The label is nudged slightly to
@@ -164,4 +234,7 @@ def _plot_barchart(self, api_results: list[dict]) -> None:
                 plt.axvline(x=sep_x, color='gray', linestyle='--', linewidth=4, alpha=0.7)
                 plt.text(sep_x - 0.25, y_max * 0.95, sep_label, color='dimgray', rotation=90, va='top', ha='right', fontsize=10)
 
-        plt.show()
+        if show:
+            plt.show()
+
+        return ax.figure
diff --git a/shared/python/htmlreport.py b/shared/python/htmlreport.py
new file mode 100644
index 00000000..65a1a842
--- /dev/null
+++ b/shared/python/htmlreport.py
@@ -0,0 +1,229 @@
+"""Build self-contained HTML reports for APIM sample runs."""
+
+import base64
+import html
+import re
+from dataclasses import dataclass
+from datetime import UTC, datetime
+from io import BytesIO
+from pathlib import Path
+from urllib.parse import urlparse
+
+from matplotlib.figure import Figure
+
+
+@dataclass(frozen=True)
+class HtmlText:
+    """Describe escaped report text with optional bold tokens and line breaks."""
+
+    text: str
+    bold_tokens: tuple[str, ...] = ()
+    preserve_line_breaks: bool = False
+
+
+@dataclass(frozen=True)
+class HtmlSuccess:
+    """Describe an accessible success checkmark for a report table cell."""
+
+    label: str
+
+
+@dataclass(frozen=True)
+class HtmlList:
+    """Describe an escaped flush-left bullet list for a report table cell."""
+
+    items: tuple[str, ...]
+
+
+class HtmlReport:
+    """Collect metrics, tables, figures, and links into a portable HTML report."""
+
+    def __init__(self, title: str, subtitle: str = '') -> None:
+        """Initialize an empty report."""
+        self.title = title
+        self.subtitle = subtitle
+        self.sections: list[str] = []
+
+    def add_metrics(self, title: str, metrics: dict[str, object]) -> None:
+        """Add a compact grid of named values."""
+        metric_items = ''.join(self._metric(label, value) for label, value in metrics.items())
+        self.sections.append(self._section(title, f'<div class="metrics">{metric_items}</div>'))
+
+    def add_success_callout(self, title: str, message: str) -> None:
+        """Add a prominent accessible success message."""
+        callout_html = (
+            '<section class="status-callout status-success" role="status">'
+            '<span class="status-icon" aria-hidden="true">&#10003;</span>'
+            f'<div><h2>{html.escape(title)}</h2><p>{html.escape(message)}</p></div>'
+            '</section>'
+        )
+        self.sections.append(callout_html)
+
+    def add_info_callout(self, title: str, message: str) -> None:
+        """Add a prominent accessible informational note."""
+        callout_html = (
+            '<section class="status-callout status-info" role="note">'
+            '<span class="status-icon" aria-hidden="true">&#9432;</span>'
+            f'<div><h2>{html.escape(title)}</h2><p>{html.escape(message)}</p></div>'
+            '</section>'
+        )
+        self.sections.append(callout_html)
+
+    def add_table(
+        self,
+        title: str | HtmlText,
+        headers: list[str],
+        rows: list[list[object]],
+        description: str = '',
+        column_widths: list[str] | None = None,
+    ) -> None:
+        """Add an accessible data table."""
+        if column_widths is not None and len(column_widths) != len(headers):
+            raise ValueError('Table column widths must match the header count')
+
+        header_html = ''.join(f'<th scope="col">{html.escape(str(header))}</th>' for header in headers)
+        row_html = ''.join(self._table_row(row) for row in rows)
+        column_html = (
+            ''
+            if column_widths is None
+            else '<colgroup>' + ''.join(f'<col style="width: {html.escape(width, quote=True)}">' for width in column_widths) + '</colgroup>'
+        )
+        table_html = f'<div class="table-wrap"><table>{column_html}<thead><tr>{header_html}</tr></thead><tbody>{row_html}</tbody></table></div>'
+        body = self._paragraph(description) + table_html
+        self.sections.append(self._section(title, body))
+
+    def add_figure(self, title: str, figure: Figure, description: str = '') -> None:
+        """Embed a matplotlib figure as a PNG data URI."""
+        buffer = BytesIO()
+        figure.savefig(buffer, format='png', bbox_inches='tight', dpi=140)
+        encoded_figure = base64.b64encode(buffer.getvalue()).decode('ascii')
+        figure_html = f'<img src="data:image/png;base64,{encoded_figure}" alt="{html.escape(title)}">'
+        self.sections.append(self._section(title, self._paragraph(description) + figure_html))
+
+    def add_links(self, title: str, links: dict[str, str]) -> None:
+        """Add a list of links after validating their URL schemes."""
+        link_items = ''.join(
+            f'<li><a href="{html.escape(self._validated_url(url), quote=True)}">{html.escape(str(label))}</a></li>' for label, url in links.items()
+        )
+        self.sections.append(self._section(title, f'<ul class="links">{link_items}</ul>'))
+
+    def write(self, output_path: Path) -> Path:
+        """Write the self-contained report and return its resolved path."""
+        output_path.parent.mkdir(parents=True, exist_ok=True)
+        generated_at = datetime.now(UTC).strftime('%Y-%m-%d %H:%M UTC')
+        subtitle = f'<p class="subtitle">{html.escape(self.subtitle)}</p>' if self.subtitle else ''
+        document = f"""<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>{html.escape(self.title)}</title>
+  <style>
+    :root {{ color-scheme: light; font-family: Arial, sans-serif; background: #f4f6f8; color: #1f2937; }}
+    body {{ margin: 0; }}
+    header {{ background: #12344d; color: #ffffff; padding: 2rem max(1rem, calc((100vw - 1180px) / 2)); }}
+    main {{ max-width: 1180px; margin: 0 auto; padding: 1.25rem 1rem 2rem; }}
+    section {{ background: #ffffff; border: 1px solid #d0d7de; border-radius: 6px; margin: 0 0 1rem; padding: 1rem; }}
+    h1, h2 {{ margin: 0 0 0.75rem; }}
+    h1 {{ font-size: 1.8rem; }} h2 {{ color: #12344d; font-size: 1.2rem; }}
+    p {{ line-height: 1.55; }} .subtitle {{ margin: 0; color: #e6edf3; }} .generated {{ color: #57606a; font-size: 0.9rem; }}
+    .metrics {{ display: grid; grid-template-columns: repeat(auto-fit, minmax(150px, 1fr)); gap: 0.75rem; }}
+    .metric {{ border-left: 4px solid #0078d4; background: #f6f8fa; padding: 0.75rem; }}
+    .metric-label {{ display: block; color: #57606a; font-size: 0.85rem; margin-bottom: 0.3rem; }}
+    .metric-success {{ background: #146c43; border-left-color: #0a3622; color: #ffffff; }} .metric-success .metric-label {{ color: #ffffff; }}
+    .status-callout {{ align-items: center; display: flex; gap: 0.85rem; }}
+    .status-success {{ background: #146c43; border: 2px solid #0a3622; color: #ffffff; }}
+    .status-success h2 {{ color: #ffffff; margin-bottom: 0.25rem; }} .status-success p {{ margin: 0; }}
+    .status-info {{ background: #eaf2f8; border: 2px solid #005a9e; color: #1f2937; }}
+    .status-info h2 {{ color: #12344d; margin-bottom: 0.25rem; }} .status-info p {{ margin: 0; }}
+    .status-icon {{ font-size: 2rem; font-weight: bold; line-height: 1; }}
+    .table-success {{ color: #198754; display: inline-block; font-size: 1.8rem; font-weight: 900; line-height: 1; }}
+    .table-row-success td {{ background: #146c43; border-color: #0a3622; color: #ffffff; }} .table-row-success .table-success {{ color: #ffffff; }}
+    .table-list {{ list-style-position: inside; margin: 0; padding: 0; }}
+    .table-list li {{ margin: 0 0 0.2rem; }} .table-list li:last-child {{ margin-bottom: 0; }}
+    .table-wrap {{ overflow-x: auto; }} table {{ border-collapse: collapse; width: 100%; }}
+    th, td {{ border: 1px solid #d0d7de; padding: 0.55rem; text-align: left; vertical-align: top; }} th {{ background: #eaf2f8; color: #12344d; }}
+    img {{ display: block; height: auto; max-width: 100%; }} .links {{ line-height: 1.8; padding-left: 1.25rem; }}
+    a {{ color: #005a9e; }} a:focus, a:hover {{ color: #003f6f; }}
+  </style>
+</head>
+<body>
+  <header><h1>{html.escape(self.title)}</h1>{subtitle}</header>
+  <main><p class="generated">Generated {generated_at}</p>{''.join(self.sections)}</main>
+</body>
+</html>
+"""
+        output_path.write_text(document, encoding='utf-8', newline='\n')
+
+        return output_path.resolve()
+
+    @staticmethod
+    def _paragraph(text: str) -> str:
+        """Render optional escaped paragraph text."""
+        return f'<p>{html.escape(text)}</p>' if text else ''
+
+    @staticmethod
+    def _section(title: str | HtmlText, body: str) -> str:
+        """Wrap report content in a named section."""
+        return f'<section><h2>{HtmlReport._render_text(title)}</h2>{body}</section>'
+
+    @staticmethod
+    def _metric(label: object, value: object) -> str:
+        """Render one metric, highlighting perfect run outcomes."""
+        normalized_label = str(label).strip().casefold()
+        normalized_value = str(value).strip().casefold()
+        is_perfect = (normalized_label == 'result' and normalized_value == 'passed') or (
+            normalized_label == 'success rate' and re.fullmatch(r'100(?:\.0+)?%', normalized_value)
+        )
+        success_class = ' metric-success' if is_perfect else ''
+
+        return (
+            f'<div class="metric{success_class}"><span class="metric-label">{html.escape(str(label))}</span>'
+            f'<strong>{html.escape(str(value))}</strong></div>'
+        )
+
+    @staticmethod
+    def _table_row(row: list[object]) -> str:
+        """Render one table row, highlighting caller-perfect scenarios."""
+        success_class = ' class="table-row-success"' if any(isinstance(value, HtmlSuccess) for value in row) else ''
+        cells = ''.join(f'<td>{HtmlReport._render_text(value)}</td>' for value in row)
+
+        return f'<tr{success_class}>{cells}</tr>'
+
+    @staticmethod
+    def _render_text(value: object) -> str:
+        """Render escaped text with narrowly scoped formatting when requested."""
+        if isinstance(value, HtmlSuccess):
+            return f'<span class="table-success" role="img" aria-label="{html.escape(value.label, quote=True)}">&#10003;</span>'
+
+        if isinstance(value, HtmlList):
+            list_items = ''.join(f'<li>{html.escape(item)}</li>' for item in value.items)
+            return f'<ul class="table-list">{list_items}</ul>'
+
+        if not isinstance(value, HtmlText):
+            return html.escape(str(value))
+
+        bold_tokens = sorted({token for token in value.bold_tokens if token}, key=len, reverse=True)
+        if not bold_tokens:
+            rendered_text = html.escape(value.text)
+        else:
+            pattern = '|'.join(re.escape(token) for token in bold_tokens)
+            fragments = []
+            last_end = 0
+            for match in re.finditer(pattern, value.text):
+                fragments.append(html.escape(value.text[last_end : match.start()]))
+                fragments.append(f'<strong>{html.escape(match.group())}</strong>')
+                last_end = match.end()
+            fragments.append(html.escape(value.text[last_end:]))
+            rendered_text = ''.join(fragments)
+
+        return rendered_text.replace('\n', '<br>') if value.preserve_line_breaks else rendered_text
+
+    @staticmethod
+    def _validated_url(url: str) -> str:
+        """Return a safe report link URL."""
+        parsed_url = urlparse(url)
+        if parsed_url.scheme not in {'file', 'http', 'https'}:
+            raise ValueError(f'Unsupported report link scheme: {parsed_url.scheme}')
+
+        return url
diff --git a/tests/python/test_apimtesting.py b/tests/python/test_apimtesting.py
index 52bfba93..a7a2302e 100644
--- a/tests/python/test_apimtesting.py
+++ b/tests/python/test_apimtesting.py
@@ -2,9 +2,9 @@
 Unit tests for the ApimTesting module.
 """
 
-from unittest.mock import patch
-import sys
 import os
+import sys
+from unittest.mock import patch
 
 # APIM Samples imports
 from apimtesting import ApimTesting
@@ -42,6 +42,12 @@ def test_apimtesting_init_with_parameters():
     assert not testing.errors
 
 
+def test_format_runtime():
+    """Test runtime formatting for sub-minute and multi-hour durations."""
+    assert ApimTesting.format_runtime(8.25) == '00:00:08.25'
+    assert ApimTesting.format_runtime(7384.5) == '02:03:04.50'
+
+
 # ------------------------------
 #    TEST VERIFY METHOD
 # ------------------------------
@@ -271,6 +277,19 @@ def test_print_summary_with_none_values():
         assert len(na_messages) > 0
 
 
+def test_print_summary_runtime():
+    """Test that print_summary reports elapsed runtime from suite initialization."""
+    with patch('apimtesting.perf_counter', side_effect=[100.0, 223.456]):
+        testing = ApimTesting()
+
+        with patch('builtins.print') as mock_print:
+            testing.print_summary()
+
+    calls = [call.args[0] for call in mock_print.call_args_list if call.args]
+    runtime_messages = [call for call in calls if 'Runtime' in call]
+    assert runtime_messages == ['    • Runtime      : 00:02:03.46 (HH:MM:SS.ss)\n']
+
+
 # ------------------------------
 #    INTEGRATION TESTS
 # ------------------------------
diff --git a/tests/python/test_charts.py b/tests/python/test_charts.py
index 331310d4..45f94739 100644
--- a/tests/python/test_charts.py
+++ b/tests/python/test_charts.py
@@ -95,6 +95,15 @@ def test_barchart_init_empty_results():
     assert chart.api_results == []
 
 
+def test_barchart_init_with_backend_labels():
+    """Test BarChart initialization with human-readable backend labels."""
+    backend_labels = {0: 'Priority 1: PTU (East US 2)'}
+
+    chart = BarChart(title='Test Chart', x_label='X Axis', y_label='Y Axis', api_results=[], backend_labels=backend_labels)
+
+    assert chart.backend_labels == backend_labels
+
+
 # ------------------------------
 #    TEST PLOT METHOD
 # ------------------------------
@@ -111,6 +120,19 @@ def test_plot_calls_internal_method(mock_dataframe, mock_plt, sample_api_results
         mock_plot_barchart.assert_called_once_with(sample_api_results)
 
 
+@patch('charts.plt')
+@patch('charts.pd.DataFrame')
+def test_render_returns_figure_without_displaying(mock_dataframe, mock_plt, sample_api_results):
+    """Test that render() returns an exportable figure without inline display."""
+    chart = BarChart('Test', 'X', 'Y', sample_api_results)
+    figure = MagicMock()
+
+    with patch.object(chart, '_plot_barchart', return_value=figure) as mock_plot_barchart:
+        assert chart.render() is figure
+        mock_plot_barchart.assert_called_once_with(sample_api_results, show=False)
+        mock_plt.show.assert_not_called()
+
+
 # ------------------------------
 #    TEST _PLOT_BARCHART METHOD
 # ------------------------------
@@ -205,6 +227,74 @@ def test_plot_barchart_error_status_codes(mock_dataframe, mock_plt):
         assert row['Status Code'] in [404, 500]
 
 
+@patch('charts.plt')
+@patch('charts.pd.DataFrame')
+def test_plot_barchart_shows_harness_error_counts(mock_dataframe, mock_plt):
+    """Test that the side panel reports 4xx and 5xx responses received by the harness."""
+    api_results = [
+        {'run': 1, 'response_time': 0.1, 'status_code': 200, 'response': '{"index": 1}'},
+        {'run': 2, 'response_time': 0.2, 'status_code': 429, 'response': 'Too Many Requests'},
+        {'run': 3, 'response_time': 0.3, 'status_code': 503, 'response': 'Service Unavailable'},
+    ]
+
+    mock_df = MagicMock()
+    mock_dataframe.return_value = mock_df
+    mock_df.__getitem__.return_value = mock_df
+    mock_df.__iter__.return_value = iter([])
+    mock_df.iterrows.return_value = iter(
+        [
+            (0, {'Status Code': 200, 'Backend Index': 1}),
+            (1, {'Status Code': 429, 'Backend Index': 99}),
+            (2, {'Status Code': 503, 'Backend Index': 99}),
+        ]
+    )
+    mock_ax = MagicMock()
+    mock_df.plot.return_value = mock_ax
+    mock_df.empty = False
+
+    chart = BarChart('Test', 'X', 'Y', api_results)
+    chart._plot_barchart(api_results)
+
+    mock_ax.legend.assert_called_once()
+    assert mock_ax.legend.call_args.kwargs['bbox_to_anchor'] == (1.01, 1)
+    mock_ax.text.assert_called_once()
+    assert mock_ax.legend.call_args.args[1] == [
+        '!!! 4xx CLIENT ERRORS - 1 request !!!',
+        '!!! 5xx SERVER ERRORS - 1 request !!!',
+    ]
+    assert mock_df.plot.call_args.kwargs['color'] == ['gray', '#d83b01', '#a4262c']
+    assert mock_ax.text.call_args.args[2] == 'Requests: 3\nResponses: 3 (100.0%)\n\n2xx: 1 (33.3%)\n4xx: 1 (33.3%)\n5xx: 1 (33.3%)'
+    assert mock_ax.text.call_args.kwargs['fontweight'] == 'bold'
+    assert mock_ax.text.call_args.kwargs['bbox']['edgecolor'] == '#a4262c'
+    mock_plt.subplots_adjust.assert_called_once_with(right=0.76, bottom=0.3)
+
+
+@patch('charts.plt')
+@patch('charts.pd.DataFrame')
+def test_plot_barchart_uses_human_readable_backend_labels(mock_dataframe, mock_plt):
+    """Test that custom backend labels replace numeric legend labels when provided."""
+    api_results = [
+        {'run': 1, 'response_time': 0.1, 'status_code': 200, 'response': '{"index": 0}'},
+        {'run': 2, 'response_time': 0.1, 'status_code': 200, 'response': '{"index": 0}'},
+    ]
+
+    mock_df = MagicMock()
+    mock_dataframe.return_value = mock_df
+    mock_df.__getitem__.return_value = mock_df
+    mock_df.__iter__.return_value = iter([])
+    mock_df.iterrows.return_value = iter([])
+    mock_df.unique.return_value = [0]
+    mock_ax = MagicMock()
+    mock_df.plot.return_value = mock_ax
+    mock_df.empty = False
+
+    chart = BarChart('Test', 'X', 'Y', api_results, backend_labels={0: 'Priority 1 / Weight 100: PTU (East US 2)'})
+    chart._plot_barchart(api_results)
+
+    legend_names = mock_ax.legend.call_args.args[1]
+    assert legend_names == ['Priority 1 / Weight 100: PTU (East US 2) - 2 requests']
+
+
 @patch('charts.plt')
 @patch('charts.pd.DataFrame')
 def test_plot_barchart_matplotlib_calls(mock_dataframe, mock_plt, sample_api_results):
diff --git a/tests/python/test_htmlreport.py b/tests/python/test_htmlreport.py
new file mode 100644
index 00000000..750e5c21
--- /dev/null
+++ b/tests/python/test_htmlreport.py
@@ -0,0 +1,79 @@
+"""Unit tests for the HTML report builder."""
+
+from pathlib import Path
+from unittest.mock import MagicMock
+
+import pytest
+
+# APIM Samples imports
+from htmlreport import HtmlList, HtmlReport, HtmlSuccess, HtmlText
+
+
+def test_html_report_writes_self_contained_content(tmp_path: Path) -> None:
+    """Render escaped metrics, tables, figures, and links into one portable file."""
+    report = HtmlReport('Inference <Report>', 'A clean run summary')
+    figure = MagicMock()
+    figure.savefig.side_effect = lambda buffer, **_: buffer.write(b'png bytes')
+
+    report.add_metrics('Tests', {'Passed': 5, 'Result': 'Passed', 'Success rate': '100.0%', 'Detail': '<ok>'})
+    report.add_success_callout('All <good>', 'Every request returned HTTP 200.')
+    report.add_info_callout('Lab <note>', 'Capacity is intentionally low.')
+    report.add_table(
+        HtmlText('Rows for gpt-5.1', ('gpt-5.1',)),
+        ['Status', 'Name', 'Value'],
+        [
+            [
+                HtmlSuccess('All requests returned HTTP 200'),
+                HtmlText('P1: route-a\nP2: route-b', ('P1', 'P2'), True),
+                HtmlList(('One <item>.', 'Two.')),
+            ]
+        ],
+        column_widths=['10%', '50%', '40%'],
+    )
+    report.add_figure('Route graph', figure, 'Embedded output')
+    report.add_links('Explore', {'Workbook': 'https://portal.azure.com/example'})
+    output_path = report.write(tmp_path / 'report.html')
+    document = output_path.read_text(encoding='utf-8')
+
+    assert output_path == (tmp_path / 'report.html').resolve()
+    assert '<title>Inference &lt;Report&gt;</title>' in document
+    assert '&lt;ok&gt;' in document
+    assert document.count('class="metric metric-success"') == 2
+    assert '.metric-success { background: #146c43; border-left-color: #0a3622; color: #ffffff; }' in document
+    assert 'class="status-callout status-success" role="status"' in document
+    assert '.status-success { background: #146c43; border: 2px solid #0a3622; color: #ffffff; }' in document
+    assert '<span class="status-icon" aria-hidden="true">&#10003;</span>' in document
+    assert '<h2>All &lt;good&gt;</h2><p>Every request returned HTTP 200.</p>' in document
+    assert 'class="status-callout status-info" role="note"' in document
+    assert '.status-info { background: #eaf2f8; border: 2px solid #005a9e; color: #1f2937; }' in document
+    assert '<span class="status-icon" aria-hidden="true">&#9432;</span>' in document
+    assert '<h2>Lab &lt;note&gt;</h2><p>Capacity is intentionally low.</p>' in document
+    assert '<th scope="col">Name</th>' in document
+    assert '<h2>Rows for <strong>gpt-5.1</strong></h2>' in document
+    assert '<td><strong>P1</strong>: route-a<br><strong>P2</strong>: route-b</td>' in document
+    assert '<tr class="table-row-success">' in document
+    assert '<td><span class="table-success" role="img" aria-label="All requests returned HTTP 200">&#10003;</span></td>' in document
+    assert '.table-row-success td { background: #146c43; border-color: #0a3622; color: #ffffff; }' in document
+    assert '.table-success { color: #198754; display: inline-block; font-size: 1.8rem; font-weight: 900; line-height: 1; }' in document
+    assert '<td><ul class="table-list"><li>One &lt;item&gt;.</li><li>Two.</li></ul></td>' in document
+    assert '.table-list { list-style-position: inside; margin: 0; padding: 0; }' in document
+    assert '<colgroup><col style="width: 10%"><col style="width: 50%"><col style="width: 40%"></colgroup>' in document
+    assert 'vertical-align: top;' in document
+    assert 'data:image/png;base64,cG5nIGJ5dGVz' in document
+    assert 'href="https://portal.azure.com/example"' in document
+
+
+def test_html_report_rejects_unsupported_link_scheme() -> None:
+    """Reject executable links in generated reports."""
+    report = HtmlReport('Report')
+
+    with pytest.raises(ValueError, match='Unsupported report link scheme'):
+        report.add_links('Unsafe', {'Bad': 'javascript:alert(1)'})
+
+
+def test_html_report_rejects_mismatched_table_column_widths() -> None:
+    """Reject table widths that do not map one-to-one with headers."""
+    report = HtmlReport('Report')
+
+    with pytest.raises(ValueError, match='Table column widths must match the header count'):
+        report.add_table('Rows', ['Name', 'Value'], [['one', 1]], column_widths=['100%'])
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index da37b0e4..23ba3e7f 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -7,26 +7,31 @@
 SAMPLE_PATH = Path(__file__).resolve().parents[2] / 'samples' / 'inference-failover'
 SIMPLE_APIM_BICEP_PATH = Path(__file__).resolve().parents[2] / 'infrastructure' / 'simple-apim' / 'main.bicep'
 BICEP_PATH = SAMPLE_PATH / 'main.bicep'
+DIAGNOSTICS_BICEP_PATH = Path(__file__).resolve().parents[2] / 'shared' / 'bicep' / 'modules' / 'apim' / 'v1' / 'diagnostics.bicep'
 NOTEBOOK_PATH = SAMPLE_PATH / 'create.ipynb'
 POLICY_PATH = SAMPLE_PATH / 'inference-api-policy.xml'
 WORKBOOK_PATH = SAMPLE_PATH / 'inference-failover.workbook.json'
 WORKBOOK_UPDATE_PATH = SAMPLE_PATH / 'update-workbook.ps1'
+QUERIES_PATH = SAMPLE_PATH / 'queries'
 KQL_PATHS = [
-    SAMPLE_PATH / 'backend-distribution.kql',
-    SAMPLE_PATH / 'failover-outcomes.kql',
-    SAMPLE_PATH / 'token-throughput.kql',
-    SAMPLE_PATH / 'verify-llm-ingestion.kql',
+    QUERIES_PATH / 'backend-distribution.kql',
+    QUERIES_PATH / 'failure-analysis.kql',
+    QUERIES_PATH / 'failover-outcomes.kql',
+    QUERIES_PATH / 'llm-telemetry-coverage.kql',
+    QUERIES_PATH / 'request-details.kql',
+    QUERIES_PATH / 'token-throughput.kql',
+    QUERIES_PATH / 'verify-llm-ingestion.kql',
 ]
 EXPECTED_BACKENDS = {
     'gpt-5-1-PTU-eastus2',
-    'gpt-5-1-PAYGO-eastus2',
+    'gpt-5-1-PAYG-eastus2',
     'gpt-5-1-PTU-westus3',
-    'gpt-5-1-PAYGO-westus3',
-    'gpt-5-1-PAYGO-southcentralus',
+    'gpt-5-1-PAYG-westus3',
+    'gpt-5-1-PAYG-southcentralus',
     'gpt-4-1-mini-PTU-eastus2',
-    'gpt-4-1-mini-PAYGO-eastus2',
+    'gpt-4-1-mini-PAYG-eastus2',
     'gpt-4-1-mini-PTU-westus3',
-    'gpt-4-1-mini-PAYGO-southcentralus',
+    'gpt-4-1-mini-PAYG-southcentralus',
 }
 
 
@@ -51,9 +56,16 @@ def test_inference_failover_workbook_is_aoai_only_and_query_backed() -> None:
 
     assert workbook['$schema'].endswith('/schema/workbook.json')
     assert 'query - outcome-summary' in item_names
+    assert 'query - outcome-status-matrix' in item_names
     assert 'query - backend-distribution' in item_names
+    assert 'query - failover-summary' in item_names
+    assert 'query - failover-request-trails' in item_names
+    assert 'query - failure-taxonomy' in item_names
+    assert 'query - raw-failure-explorer' in item_names
     assert 'query - token-throughput' in item_names
+    assert 'query - llm-telemetry-coverage' in item_names
     assert 'query - backend-latency-trend' in item_names
+    assert 'query - request-explorer' in item_names
     assert 'apimanagementgatewayllmlog' in serialized
     assert 'cost export' not in serialized
     assert 'business unit' not in serialized
@@ -67,6 +79,11 @@ def test_inference_failover_kql_queries_scope_to_ai_gateway_signals() -> None:
     assert all(path.exists() for path in KQL_PATHS)
     assert 'ApiManagementGatewayLogs' in query_text
     assert 'ApiManagementGatewayLlmLog' in query_text
+    assert 'BackendResponseCode' in query_text
+    assert 'BackendUrl' in query_text
+    assert 'TraceRecords' in query_text
+    assert 'LastErrorReason' in query_text
+    assert 'InferenceFallbackExhausted' in query_text
     assert 'inference-gpt-5-1' in query_text
     assert 'inference-gpt-4-1-mini' in query_text
     assert 'CostManagement' not in query_text
@@ -91,6 +108,14 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
     assert 'buffer-request-body="true"' in api_policy
     assert 'Inference service is temporarily unavailable.' in api_policy
     assert 'BackendId' not in api_policy
+    assert 'InferenceRequestAccepted' in api_policy
+    assert 'InferenceBackendAttemptComplete' in api_policy
+    assert 'InferenceGatewayResponse' in api_policy
+    assert 'InferenceFallbackExhausted' in api_policy
+    assert api_policy.count('<trace source="InferenceFailover"') == 4
+    assert api_policy.count('<set-header name="X-Backend-Retry" exists-action="override">') == 3
+    assert '((int)context.Variables["backendAttempt"]) - 1 : 0' in api_policy
+    assert api_policy.index('<set-variable name="backendAttempt" value="@(0)" />') < api_policy.index('<authentication-managed-identity')
 
 
 def test_inference_bicep_contains_only_compatible_model_backend_pools() -> None:
@@ -110,24 +135,56 @@ def test_inference_bicep_contains_only_compatible_model_backend_pools() -> None:
     assert f'backendPoolName: {single_quote}inference-gpt-5-1-pool{single_quote}' in bicep
     assert f'backendPoolName: {single_quote}inference-gpt-4-1-mini-pool{single_quote}' in bicep
     assert "name: 'gpt-5-1-PTU-westus3'\n        priority: 2" in bicep
-    assert "name: 'gpt-5-1-PAYGO-eastus2'\n        priority: 3" in bicep
+    assert "name: 'gpt-5-1-PAYG-eastus2'\n        priority: 3" in bicep
     assert "name: 'gpt-4-1-mini-PTU-westus3'\n        priority: 2" in bicep
-    assert "name: 'gpt-4-1-mini-PAYGO-eastus2'\n        priority: 3" in bicep
+    assert "name: 'gpt-4-1-mini-PAYG-eastus2'\n        priority: 3" in bicep
     backend_declaration_order = [
         'gpt-5-1-PTU-eastus2',
         'gpt-5-1-PTU-westus3',
-        'gpt-5-1-PAYGO-eastus2',
-        'gpt-5-1-PAYGO-westus3',
-        'gpt-5-1-PAYGO-southcentralus',
+        'gpt-5-1-PAYG-eastus2',
+        'gpt-5-1-PAYG-westus3',
+        'gpt-5-1-PAYG-southcentralus',
         'gpt-4-1-mini-PTU-eastus2',
         'gpt-4-1-mini-PTU-westus3',
-        'gpt-4-1-mini-PAYGO-eastus2',
-        'gpt-4-1-mini-PAYGO-southcentralus',
+        'gpt-4-1-mini-PAYG-eastus2',
+        'gpt-4-1-mini-PAYG-southcentralus',
     ]
     declaration_offsets = [bicep.index(f"backendName: '{backend}'") for backend in backend_declaration_order]
     assert declaration_offsets == sorted(declaration_offsets)
 
 
+def test_inference_event_hub_export_is_regional_comprehensive_and_default_off() -> None:
+    """Keep external APIM telemetry streaming optional, regional, and broadly configured."""
+    bicep = BICEP_PATH.read_text(encoding='utf-8')
+    diagnostics_bicep = DIAGNOSTICS_BICEP_PATH.read_text(encoding='utf-8')
+
+    assert 'param enableEventHubExport bool = false' in bicep
+    assert "resource eventHubNamespace 'Microsoft.EventHub/namespaces@2024-01-01' = if (enableEventHubExport)" in bicep
+    assert 'location: location' in bicep
+    assert "resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2024-01-01' = if (enableEventHubExport)" in bicep
+    assert 'messageRetentionInDays: 7' in bicep
+    assert 'partitionCount: 4' in bicep
+    assert "resource eventHubConsumerGroup 'Microsoft.EventHub/namespaces/eventhubs/consumergroups@2024-01-01'" in bicep
+    assert "var eventHubConsumerGroupName = 'external-observability'" in bicep
+    assert "resource eventHubExportAuthorizationRule 'Microsoft.EventHub/namespaces/authorizationRules@2024-01-01'" in bicep
+    assert "'Listen'\n      'Send'\n      'Manage'" in bicep
+    assert 'enableEventHub: enableEventHubExport' in bicep
+    assert "eventHubAuthorizationRuleId: enableEventHubExport ? eventHubExportAuthorizationRule.id : ''" in bicep
+    assert "eventHubName: enableEventHubExport ? eventHub.name : ''" in bicep
+    assert 'output eventHubExportEnabled bool = enableEventHubExport' in bicep
+    assert 'output eventHubId string' in bicep
+    assert 'output eventHubConsumerGroupName string' in bicep
+    assert 'listKeys(' not in bicep
+
+    assert 'param enableEventHub bool = false' in diagnostics_bicep
+    assert 'eventHubAuthorizationRuleId: enableEventHubDestination ? eventHubAuthorizationRuleId : null' in diagnostics_bicep
+    assert 'eventHubName: enableEventHubDestination ? eventHubName : null' in diagnostics_bicep
+    assert "category: 'GatewayLogs'" in diagnostics_bicep
+    assert "category: 'GatewayLlmLogs'" in diagnostics_bicep
+    assert "category: 'WebSocketConnectionLogs'" in diagnostics_bicep
+    assert "category: 'AllMetrics'" in diagnostics_bicep
+
+
 def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
     """Retain the intended first-run experience and output-free checked-in notebook."""
     notebook = json.loads(NOTEBOOK_PATH.read_text(encoding='utf-8'))
@@ -137,12 +194,70 @@ def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
     assert all(not cell['outputs'] for cell in code_cells)
     assert 'index = 1' in ''.join(code_cells[0]['source'])
     assert 'deployment = INFRASTRUCTURE.SIMPLE_APIM' in code_source
-    assert "response.headers.get('X-Backend-URL', '')" in code_source
+    assert 'enable_event_hub_export = False' in code_source
+    assert "'enableEventHubExport': {'value': enable_event_hub_export}" in code_source
+    assert "output.get('eventHubNamespaceId', 'Event Hubs namespace ID')" in code_source
+    assert "response.headers.get('X-Backend-URL', 'unknown')" in code_source
+    assert "response.headers.get('X-Backend-Retry')" in code_source
+    assert "'backend_retry': backend_retry" in code_source
     assert 'X-Backend-Id' not in code_source
+    assert "queries_path = Path(utils.determine_policy_path('queries', sample_folder))" in code_source
+    assert "queries_path / 'verify-llm-ingestion.kql'" in code_source
+    assert "queries_path / 'backend-distribution.kql'" in code_source
+    assert "queries_path / 'token-throughput.kql'" in code_source
     assert 'plt.show()' in code_source
     assert 'Route Graph' in '\n'.join(''.join(cell['source']) for cell in notebook['cells'])
 
 
+def test_inference_notebook_generates_local_html_report() -> None:
+    """Keep the end-of-run local report and link in the notebook flow."""
+    notebook = json.loads(NOTEBOOK_PATH.read_text(encoding='utf-8'))
+    code_source = '\n'.join(''.join(cell['source']) for cell in notebook['cells'] if cell['cell_type'] == 'code')
+
+    assert 'import htmlreport' in code_source
+    assert 'importlib.reload(htmlreport)' in code_source
+    assert "'inference-failover-report.html'" in code_source
+    assert "'', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'" in code_source
+    assert "htmlreport.HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,))" in code_source
+    assert 'if retry_count > 0' in code_source
+    assert 'caller_succeeded = not non_200_responses' in code_source
+    assert "htmlreport.HtmlSuccess('All requests returned HTTP 200') if caller_succeeded else ''" in code_source
+    assert "observation_items = tuple(f'{item.strip()}' for item in '; '.join(observations).split(';'))" in code_source
+    assert 'htmlreport.HtmlList(observation_items)' in code_source
+    assert 'htmlreport.HtmlText(retry_mix, preserve_line_breaks=True)' in code_source
+    assert 'def get_priority_and_weight(' in code_source
+    assert "weights_by_priority.setdefault(priority, []).append(f'W{weight}: {count} ({count / total_requests:.1%})')" in code_source
+    assert "priority_mix = '\\n'.join(f'P{priority}: {\", \".join(weight_mix)}'" in code_source
+    assert 'htmlreport.HtmlText(priority_mix, bold_tokens=priority_tokens, preserve_line_breaks=True)' in code_source
+    assert "column_widths=['4%', '11%', '7%', '7%', '6%', '12%', '18%', '35%']" in code_source
+    assert "f'APIM source region: {apim_source_region} | Deployment: {nb_helper.deployment.name} | Resource group: {rg_name}'" in code_source
+    assert 'report.add_info_callout(' in code_source
+    assert "'Lab Capacity Is Intentionally Low'" in code_source
+    assert "'Each regional Azure OpenAI deployment is intentionally configured at 1 thousand TPM" in code_source
+    assert 'observed_backend_failures = backend_retries_absorbed + caller_visible_failures' in code_source
+    assert 'shielded_percentage = backend_retries_absorbed / observed_backend_failures * 100' in code_source
+    assert "f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers'" in code_source
+    assert "f'APIM prevented {shielded_percentage:.1f}% of observed failed backend attempts from reaching callers'" in code_source
+    assert 'terminal_503_responses = status_counts.get(503, 0)' in code_source
+    assert 'caller-visible HTTP 503 responses followed eligible-capacity exhaustion in the low-TPM pool' in code_source
+    assert "'Observed X-Backend-URL values'" not in code_source.split('report = htmlreport.HtmlReport(', maxsplit=1)[1]
+    assert 'if all_scenario_requests_succeeded:' in code_source
+    assert 'report.add_success_callout(' in code_source
+    assert "'All scenario requests returned HTTP 200'" in code_source
+    assert "print_val('Local HTML report', report_url)" in code_source
+
+
+def test_inference_notebook_uses_tuned_gpt_4_1_mini_pressure_window() -> None:
+    """Keep the independent pool pressure run demonstrative without flooding callers with terminal failures."""
+    notebook = json.loads(NOTEBOOK_PATH.read_text(encoding='utf-8'))
+    notebook_source = '\n'.join(''.join(cell['source']) for cell in notebook['cells'])
+
+    assert '| 3 | Sustained pressure | gpt-4.1-mini | 15 | none |' in notebook_source
+    assert 'pressure_payload, 15, gpt_4_1_mini_backend_url_index' in notebook_source
+    assert 'tests.verify(len(scenario3_gpt_4_1_mini), 15)' in notebook_source
+    assert '(`134` requests)' in notebook_source
+
+
 def test_simple_apim_exposes_backend_url_for_learning_by_default() -> None:
     """Keep the default infrastructure consistent with the learn-only routing test harness."""
     bicep = SIMPLE_APIM_BICEP_PATH.read_text(encoding='utf-8')

From caea849d2be86186c1e9ccb02abea110bc4acab1 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Tue, 9 Jun 2026 14:10:45 -0400
Subject: [PATCH 03/31] Intermittent checkin

---
 samples/inference-failover/create.ipynb | 140 +++++++++++++++++++-----
 shared/python/htmlreport.py             |  49 ++++++---
 tests/python/test_htmlreport.py         |  17 ++-
 tests/python/test_inference_failover.py |  31 +++++-
 4 files changed, 186 insertions(+), 51 deletions(-)

diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index a506fdb6..e68c8ff0 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -102,7 +102,7 @@
     "# ------------------------------\n",
     "\n",
     "rg_location = Region.EAST_US_2\n",
-    "index = 1\n",
+    "index = 200\n",
     "apim_sku = APIM_SKU.BASICV2\n",
     "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
     "api_prefix = 'inference'\n",
@@ -841,6 +841,35 @@
     "# APIM Samples imports\n",
     "from console import print_info, print_warning\n",
     "\n",
+    "\n",
+    "def with_backend_identifier(frame: pd.DataFrame) -> pd.DataFrame:\n",
+    "    \"\"\"Return a telemetry frame with a compact backend identifier.\"\"\"\n",
+    "    if 'Backend URL' not in frame.columns:\n",
+    "        return frame\n",
+    "    if 'Backend' not in frame.columns:\n",
+    "        backend_identifiers = frame['Backend URL'].str.extract(r'/deployments/([a-z])-', expand=False).fillna('')\n",
+    "        frame.insert(1, 'Backend', backend_identifiers)\n",
+    "    else:\n",
+    "        frame['Backend'] = frame['Backend'].replace('?', '')\n",
+    "\n",
+    "    return frame\n",
+    "\n",
+    "\n",
+    "def format_gateway_distribution(frame: pd.DataFrame) -> pd.DataFrame:\n",
+    "    \"\"\"Return gateway distribution values formatted for display.\"\"\"\n",
+    "    display_frame = frame.copy()\n",
+    "    average_backend_ms = pd.to_numeric(display_frame['AverageBackendMs'].astype(str).str.replace(',', '', regex=False), errors='coerce')\n",
+    "    success_rate = pd.to_numeric(display_frame['SuccessRate'].astype(str).str.rstrip('%'), errors='coerce')\n",
+    "    display_frame['AverageBackendMs'] = average_backend_ms.map(lambda value: '' if pd.isna(value) else f'{value:,.1f}')\n",
+    "    display_frame['SuccessRate'] = success_rate.map(lambda value: '' if pd.isna(value) else f'{value:.2f}%')\n",
+    "    if 'Backend URL' in display_frame.columns:\n",
+    "        backend_names = display_frame['Backend URL'].str.extract(r'/deployments/([a-z]-[^/]+)', expand=False).fillna('')\n",
+    "        display_frame['Backend'] = backend_names.str.replace('-', ') ', n=1, regex=False)\n",
+    "        display_frame = display_frame.drop(columns=['Backend URL'])\n",
+    "\n",
+    "    return display_frame\n",
+    "\n",
+    "\n",
     "queries_path = Path(utils.determine_policy_path('queries', sample_folder))\n",
     "distribution_template = (queries_path / 'backend-distribution.kql').read_text(encoding='utf-8')\n",
     "token_template = (queries_path / 'token-throughput.kql').read_text(encoding='utf-8')\n",
@@ -867,20 +896,26 @@
     "    ))\n",
     "    distribution_frame = pd.DataFrame(\n",
     "        distribution_rows,\n",
-    "        columns=['API', 'Backend', 'Requests', 'Successes', 'Throttled', 'Failures', 'AverageBackendMs', 'SuccessRate'],\n",
+    "        columns=['API', 'Backend URL', 'Requests', 'Successes', 'Throttled', 'Failures', 'AverageBackendMs', 'SuccessRate'],\n",
     "    )\n",
+    "    distribution_frame = with_backend_identifier(distribution_frame)\n",
+    "    distribution_frame = format_gateway_distribution(distribution_frame)\n",
     "    display(distribution_frame)\n",
-    "    distribution_frame.pivot(index='Backend', columns='API', values='Requests').fillna(0).plot(\n",
+    "    distribution_frame.pivot(index='API', columns='Backend', values='Requests').fillna(0).plot(\n",
     "        kind='bar',\n",
     "        figsize=(12, 5),\n",
     "        title='Gateway-recorded request distribution by backend',\n",
     "    )\n",
-    "    plt.xlabel('Backend')\n",
+    "    plt.xlabel('API')\n",
     "    plt.ylabel('Requests')\n",
     "    plt.tight_layout()\n",
     "    plt.show()\n",
     "else:\n",
     "    print_warning('No gateway distribution rows returned yet')\n",
+    "    cached_distribution_frame = locals().get('distribution_frame')\n",
+    "    if cached_distribution_frame is not None:\n",
+    "        distribution_frame = with_backend_identifier(cached_distribution_frame)\n",
+    "        distribution_frame = format_gateway_distribution(distribution_frame)\n",
     "\n",
     "if tokens_found:\n",
     "    ipython_display(IPythonMarkdown(\n",
@@ -891,8 +926,9 @@
     "    ))\n",
     "    token_frame = pd.DataFrame(\n",
     "        token_rows,\n",
-    "        columns=['API', 'Backend', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens'],\n",
+    "        columns=['API', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens'],\n",
     "    )\n",
+    "    token_frame = with_backend_identifier(token_frame)\n",
     "    display(token_frame)\n",
     "    token_frame.groupby('API')['TotalTokens'].sum().plot(\n",
     "        kind='bar',\n",
@@ -905,7 +941,10 @@
     "    plt.tight_layout()\n",
     "    plt.show()\n",
     "else:\n",
-    "    print_info('No token rows returned yet; successful inference rows may still be ingesting')"
+    "    print_info('No token rows returned yet; successful inference rows may still be ingesting')\n",
+    "    cached_token_frame = locals().get('token_frame')\n",
+    "    if cached_token_frame is not None:\n",
+    "        token_frame = with_backend_identifier(cached_token_frame)"
    ]
   },
   {
@@ -951,16 +990,26 @@
     "    return int(priority_label.removeprefix('Priority ')), int(weight_label.removeprefix('Weight '))\n",
     "\n",
     "\n",
-    "def summarize_scenario(title: str, api_results: list[dict], backend_url_index: dict[str, int], backend_labels: dict[int, str]) -> list[object]:\n",
+    "def summarize_scenario(\n",
+    "    test_id: str,\n",
+    "    title: str,\n",
+    "    api_results: list[dict],\n",
+    "    backend_url_index: dict[str, int],\n",
+    "    backend_labels: dict[int, str],\n",
+    ") -> list[object]:\n",
     "    \"\"\"Return one compact report row with routing statistics and interpretation.\"\"\"\n",
     "    total_requests = len(api_results)\n",
     "    if not total_requests:\n",
-    "        return ['', title, 0, 0, 0, 'None', 'No requests', 'No scenario requests were captured.']\n",
+    "        return ['', test_id, title, 0, 0, 0, 'None', 'No requests', 'No scenario requests were captured.']\n",
     "\n",
     "    status_counts = Counter(result['status_code'] for result in api_results)\n",
     "    retry_counts = Counter(result['backend_retry'] for result in api_results)\n",
     "    backend_indexes = [get_backend_index(result['backend_url'], backend_url_index) for result in api_results]\n",
-    "    priority_weight_counts = Counter(get_priority_and_weight(index, backend_labels) for index in backend_indexes if index in backend_labels)\n",
+    "    priority_weight_counts = Counter(\n",
+    "        get_priority_and_weight(index, backend_labels)\n",
+    "        for index in backend_indexes\n",
+    "        if index in backend_labels\n",
+    "    )\n",
     "    priority_counts = Counter()\n",
     "    weights_by_priority: dict[int, list[str]] = {}\n",
     "    for (priority, weight), count in sorted(priority_weight_counts.items()):\n",
@@ -988,7 +1037,9 @@
     "\n",
     "    observations = []\n",
     "    if non_200_responses:\n",
-    "        observations.append(f'{non_200_responses}/{total_requests} ({non_200_responses / total_requests:.1%}) caller-visible non-200 responses')\n",
+    "        observations.append(\n",
+    "            f'{non_200_responses}/{total_requests} ({non_200_responses / total_requests:.1%}) caller-visible non-200 responses'\n",
+    "        )\n",
     "    else:\n",
     "        observations.append('All requests returned HTTP 200')\n",
     "    if backend_retries_absorbed:\n",
@@ -1003,21 +1054,30 @@
     "        observations.append(f'Deepest routed tier: P{max(priority_counts)}')\n",
     "    if unresolved_requests:\n",
     "        observations.append(f'{unresolved_requests} calls returned no resolved backend, consistent with exhausted or rejected routing')\n",
-    "    observations.append(f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers')\n",
+    "    observations.append(\n",
+    "        f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers'\n",
+    "    )\n",
     "    if observed_backend_failures:\n",
     "        shielded_percentage = backend_retries_absorbed / observed_backend_failures * 100\n",
     "        observations.append(f'APIM prevented {shielded_percentage:.1f}% of observed failed backend attempts from reaching callers')\n",
     "    else:\n",
     "        observations.append('APIM shielding percentage is not applicable because no backend failures occurred')\n",
     "    if terminal_503_responses:\n",
-    "        observations.append(f'{terminal_503_responses} caller-visible HTTP 503 responses followed eligible-capacity exhaustion in the low-TPM pool')\n",
+    "        observations.append(\n",
+    "            f'{terminal_503_responses} caller-visible HTTP 503 responses followed eligible-capacity exhaustion in the low-TPM pool'\n",
+    "        )\n",
     "    elif caller_visible_failures:\n",
     "        observations.append('caller-visible failures remained because the model-safe pool exhausted its configured fallback chain')\n",
     "\n",
     "    priority_tokens = tuple(f'P{priority}' for priority in sorted(priority_counts))\n",
     "    observation_items = tuple(f'{item.strip()}' for item in '; '.join(observations).split(';'))\n",
     "    return [\n",
-    "        htmlreport.HtmlSuccess('All requests returned HTTP 200') if caller_succeeded else '',\n",
+    "        (\n",
+    "            htmlreport.HtmlSuccess('All requests returned HTTP 200')\n",
+    "            if caller_succeeded\n",
+    "            else htmlreport.HtmlWarning('Some requests returned non-200 responses')\n",
+    "        ),\n",
+    "        test_id,\n",
     "        title,\n",
     "        total_requests,\n",
     "        status_counts.get(200, 0),\n",
@@ -1028,7 +1088,13 @@
     "    ]\n",
     "\n",
     "\n",
-    "def add_scenario_figure(report: htmlreport.HtmlReport, title: str, description: str, api_results: list[dict], backend_labels: dict[int, str]) -> None:\n",
+    "def add_scenario_figure(\n",
+    "    report: htmlreport.HtmlReport,\n",
+    "    title: str,\n",
+    "    description: str,\n",
+    "    api_results: list[dict],\n",
+    "    backend_labels: dict[int, str],\n",
+    ") -> None:\n",
     "    \"\"\"Render and embed one scenario response-time chart.\"\"\"\n",
     "    figure = charts.BarChart(\n",
     "        api_results=api_results,\n",
@@ -1058,12 +1124,13 @@
     "        'Failed': tests.tests_failed,\n",
     "        'Success rate': f'{success_rate:.1f}%',\n",
     "    },\n",
+    "    highlight_success=False,\n",
     ")\n",
     "report.add_info_callout(\n",
     "    'Lab Capacity Is Intentionally Low',\n",
-    "    'Each regional Azure OpenAI deployment is intentionally configured at 1 thousand TPM so concentrated requests trigger observable failover. '\n",
-    "    'This is a learning configuration, not production sizing guidance. With appropriately sized production capacity, caller-visible success rates '\n",
-    "    'should be substantially higher and normally close to perfect.',\n",
+    "    'Each regional Azure OpenAI deployment is intentionally configured at 1,000 TPM so that concentrated requests trigger observable failover. '\n",
+    "    'This is a learning configuration, not production sizing guidance. With appropriately sized production capacity, '\n",
+    "    'caller-visible success rates should be substantially higher and, normally, close to perfect.',\n",
     ")\n",
     "if tests.errors:\n",
     "    report.add_table('Assertion Failures', ['Failure'], [[error] for error in tests.errors])\n",
@@ -1073,6 +1140,7 @@
     "        'gpt-5.1',\n",
     "        [\n",
     "            (\n",
+    "                'A-1',\n",
     "                'Baseline Warm Path',\n",
     "                'Small control requests against the gpt-5.1 pool before deliberate pressure begins.',\n",
     "                scenario1_gpt_5_1,\n",
@@ -1080,6 +1148,7 @@
     "                gpt_5_1_backend_labels,\n",
     "            ),\n",
     "            (\n",
+    "                'A-2',\n",
     "                'Sustained Pressure',\n",
     "                'Larger requests without spacing exercise gpt-5.1 failover tiers.',\n",
     "                scenario2_gpt_5_1,\n",
@@ -1087,6 +1156,7 @@
     "                gpt_5_1_backend_labels,\n",
     "            ),\n",
     "            (\n",
+    "                'A-3',\n",
     "                'Paced Recovery',\n",
     "                'Spaced requests show recovery behavior after sustained pressure.',\n",
     "                scenario4_gpt_5_1,\n",
@@ -1094,6 +1164,7 @@
     "                gpt_5_1_backend_labels,\n",
     "            ),\n",
     "            (\n",
+    "                'A-4',\n",
     "                'Terminal Exhaustion',\n",
     "                'A hard burst probes deep fallback and terminal responses.',\n",
     "                scenario5_gpt_5_1,\n",
@@ -1106,6 +1177,7 @@
     "        'gpt-4.1-mini',\n",
     "        [\n",
     "            (\n",
+    "                'B-1',\n",
     "                'Baseline Warm Path',\n",
     "                'Small control requests against the independent gpt-4.1-mini pool.',\n",
     "                scenario1_gpt_4_1_mini,\n",
@@ -1113,6 +1185,7 @@
     "                gpt_4_1_mini_backend_labels,\n",
     "            ),\n",
     "            (\n",
+    "                'B-2',\n",
     "                'Sustained Pressure',\n",
     "                'Unpaced load confirms that gpt-4.1-mini fallback remains model-safe.',\n",
     "                scenario3_gpt_4_1_mini,\n",
@@ -1123,10 +1196,10 @@
     "    ),\n",
     "]\n",
     "scenario_definitions = [scenario_definition for _, model_scenarios in scenario_groups for scenario_definition in model_scenarios]\n",
-    "scenario_request_count = sum(len(api_results) for _, _, api_results, _, _ in scenario_definitions)\n",
+    "scenario_request_count = sum(len(api_results) for _, _, _, api_results, _, _ in scenario_definitions)\n",
     "all_scenario_requests_succeeded = bool(scenario_request_count) and all(\n",
     "    result['status_code'] == 200\n",
-    "    for _, _, api_results, _, _ in scenario_definitions\n",
+    "    for _, _, _, api_results, _, _ in scenario_definitions\n",
     "    for result in api_results\n",
     ")\n",
     "if all_scenario_requests_succeeded:\n",
@@ -1138,23 +1211,30 @@
     "for model_name, model_scenarios in scenario_groups:\n",
     "    report.add_table(\n",
     "        htmlreport.HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,)),\n",
-    "        ['', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'],\n",
+    "        ['', 'Test #', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'],\n",
     "        [\n",
-    "            summarize_scenario(title, api_results, backend_url_index, backend_labels)\n",
-    "            for title, _, api_results, backend_url_index, backend_labels in model_scenarios\n",
+    "            summarize_scenario(test_id, title, api_results, backend_url_index, backend_labels)\n",
+    "            for test_id, title, _, api_results, backend_url_index, backend_labels in model_scenarios\n",
     "        ],\n",
-    "        (\n",
-    "            'The green checkmark indicates that every request returned HTTP 200 from the caller perspective, including successes after APIM retries. '\n",
+    "        htmlreport.HtmlText(\n",
+    "            'The green checkmark indicates that every request returned HTTP 200 from the caller perspective, '\n",
+    "            'including successes after APIM retries. '\n",
+    "            'The amber warning triangle indicates that one or more requests returned a caller-visible non-200 response. '\n",
     "            'APIM retries lists only non-zero X-Backend-Retry values absorbed by APIM after the initial backend attempt. '\n",
     "            'Priority / weight mix aggregates concrete Azure OpenAI destinations into APIM routing tiers and weights. '\n",
-    "            'The interpretation highlights failures APIM absorbed, failover depth, and caller-visible outcomes.'\n",
+    "            'The interpretation highlights failures APIM absorbed, failover depth, and caller-visible outcomes.',\n",
+    "            bold_tokens=(\n",
+    "                'The green checkmark indicates that every request returned HTTP 200',\n",
+    "                'The amber warning triangle indicates that one or more requests returned a caller-visible non-200 response',\n",
+    "            ),\n",
     "        ),\n",
-    "        column_widths=['4%', '11%', '7%', '7%', '6%', '12%', '18%', '35%'],\n",
+    "        column_widths=['4%', '5%', '10%', '6%', '6%', '5%', '11%', '17%', '36%'],\n",
     "    )\n",
-    "for title, description, api_results, _, backend_labels in scenario_definitions:\n",
-    "    add_scenario_figure(report, title, description, api_results, backend_labels)\n",
+    "for test_id, title, description, api_results, _, backend_labels in scenario_definitions:\n",
+    "    add_scenario_figure(report, f'{test_id}) {title}', description, api_results, backend_labels)\n",
     "\n",
     "if 'distribution_frame' in locals():\n",
+    "    distribution_frame = with_backend_identifier(distribution_frame)\n",
     "    report.add_table(\n",
     "        'Gateway-Recorded Backend Distribution',\n",
     "        distribution_frame.columns.tolist(),\n",
@@ -1162,9 +1242,9 @@
     "        'Log Analytics rows summarize the destination selected for each gateway request.',\n",
     "    )\n",
     "    distribution_figure, distribution_axis = plt.subplots(figsize=(12, 5))\n",
-    "    distribution_frame.pivot(index='Backend', columns='API', values='Requests').fillna(0).plot(kind='bar', ax=distribution_axis)\n",
+    "    distribution_frame.pivot(index='API', columns='Backend', values='Requests').fillna(0).plot(kind='bar', ax=distribution_axis)\n",
     "    distribution_axis.set_title('Gateway-recorded request distribution by backend')\n",
-    "    distribution_axis.set_xlabel('Backend')\n",
+    "    distribution_axis.set_xlabel('API')\n",
     "    distribution_axis.set_ylabel('Requests')\n",
     "    distribution_figure.subplots_adjust(bottom=0.4)\n",
     "    report.add_figure('Gateway-Recorded Request Distribution', distribution_figure)\n",
diff --git a/shared/python/htmlreport.py b/shared/python/htmlreport.py
index 65a1a842..f172912b 100644
--- a/shared/python/htmlreport.py
+++ b/shared/python/htmlreport.py
@@ -28,6 +28,13 @@ class HtmlSuccess:
     label: str
 
 
+@dataclass(frozen=True)
+class HtmlWarning:
+    """Describe an accessible warning marker for a report table cell."""
+
+    label: str
+
+
 @dataclass(frozen=True)
 class HtmlList:
     """Describe an escaped flush-left bullet list for a report table cell."""
@@ -44,9 +51,9 @@ def __init__(self, title: str, subtitle: str = '') -> None:
         self.subtitle = subtitle
         self.sections: list[str] = []
 
-    def add_metrics(self, title: str, metrics: dict[str, object]) -> None:
+    def add_metrics(self, title: str, metrics: dict[str, object], highlight_success: bool = True) -> None:
         """Add a compact grid of named values."""
-        metric_items = ''.join(self._metric(label, value) for label, value in metrics.items())
+        metric_items = ''.join(self._metric(label, value, highlight_success) for label, value in metrics.items())
         self.sections.append(self._section(title, f'<div class="metrics">{metric_items}</div>'))
 
     def add_success_callout(self, title: str, message: str) -> None:
@@ -74,7 +81,7 @@ def add_table(
         title: str | HtmlText,
         headers: list[str],
         rows: list[list[object]],
-        description: str = '',
+        description: str | HtmlText = '',
         column_widths: list[str] | None = None,
     ) -> None:
         """Add an accessible data table."""
@@ -92,7 +99,7 @@ def add_table(
         body = self._paragraph(description) + table_html
         self.sections.append(self._section(title, body))
 
-    def add_figure(self, title: str, figure: Figure, description: str = '') -> None:
+    def add_figure(self, title: str, figure: Figure, description: str | HtmlText = '') -> None:
         """Embed a matplotlib figure as a PNG data URI."""
         buffer = BytesIO()
         figure.savefig(buffer, format='png', bbox_inches='tight', dpi=140)
@@ -139,10 +146,14 @@ def write(self, output_path: Path) -> Path:
     .status-icon {{ font-size: 2rem; font-weight: bold; line-height: 1; }}
     .table-success {{ color: #198754; display: inline-block; font-size: 1.8rem; font-weight: 900; line-height: 1; }}
     .table-row-success td {{ background: #146c43; border-color: #0a3622; color: #ffffff; }} .table-row-success .table-success {{ color: #ffffff; }}
-    .table-list {{ list-style-position: inside; margin: 0; padding: 0; }}
-    .table-list li {{ margin: 0 0 0.2rem; }} .table-list li:last-child {{ margin-bottom: 0; }}
-    .table-wrap {{ overflow-x: auto; }} table {{ border-collapse: collapse; width: 100%; }}
-    th, td {{ border: 1px solid #d0d7de; padding: 0.55rem; text-align: left; vertical-align: top; }} th {{ background: #eaf2f8; color: #12344d; }}
+    .table-warning {{ color: #8a4b00; display: inline-block; font-size: 1.5rem; font-weight: 900; line-height: 1; }}
+    .table-row-warning td {{ background: #fff3cd; border-color: #b45309; color: #3d2c00; }}
+    .table-list {{ list-style: none; margin: 0; padding: 0; }}
+    .table-list li {{ column-gap: 0.1rem; display: grid; grid-template-columns: 0.55rem 1fr; margin: 0 0 0.2rem; }}
+    .table-list li::before {{ content: '\\2022'; }} .table-list li:last-child {{ margin-bottom: 0; }}
+    .table-wrap {{ max-width: 100%; overflow-x: auto; }} table {{ border-collapse: collapse; table-layout: fixed; width: 100%; }}
+    th, td {{ border: 1px solid #d0d7de; overflow-wrap: anywhere; padding: 0.55rem; text-align: left; vertical-align: top; word-break: break-word; }}
+    th {{ background: #eaf2f8; color: #12344d; }}
     img {{ display: block; height: auto; max-width: 100%; }} .links {{ line-height: 1.8; padding-left: 1.25rem; }}
     a {{ color: #005a9e; }} a:focus, a:hover {{ color: #003f6f; }}
   </style>
@@ -158,9 +169,9 @@ def write(self, output_path: Path) -> Path:
         return output_path.resolve()
 
     @staticmethod
-    def _paragraph(text: str) -> str:
+    def _paragraph(text: str | HtmlText) -> str:
         """Render optional escaped paragraph text."""
-        return f'<p>{html.escape(text)}</p>' if text else ''
+        return f'<p>{HtmlReport._render_text(text)}</p>' if text else ''
 
     @staticmethod
     def _section(title: str | HtmlText, body: str) -> str:
@@ -168,14 +179,14 @@ def _section(title: str | HtmlText, body: str) -> str:
         return f'<section><h2>{HtmlReport._render_text(title)}</h2>{body}</section>'
 
     @staticmethod
-    def _metric(label: object, value: object) -> str:
+    def _metric(label: object, value: object, highlight_success: bool = True) -> str:
         """Render one metric, highlighting perfect run outcomes."""
         normalized_label = str(label).strip().casefold()
         normalized_value = str(value).strip().casefold()
         is_perfect = (normalized_label == 'result' and normalized_value == 'passed') or (
             normalized_label == 'success rate' and re.fullmatch(r'100(?:\.0+)?%', normalized_value)
         )
-        success_class = ' metric-success' if is_perfect else ''
+        success_class = ' metric-success' if highlight_success and is_perfect else ''
 
         return (
             f'<div class="metric{success_class}"><span class="metric-label">{html.escape(str(label))}</span>'
@@ -184,11 +195,16 @@ def _metric(label: object, value: object) -> str:
 
     @staticmethod
     def _table_row(row: list[object]) -> str:
-        """Render one table row, highlighting caller-perfect scenarios."""
-        success_class = ' class="table-row-success"' if any(isinstance(value, HtmlSuccess) for value in row) else ''
+        """Render one table row, highlighting caller-perfect and warning scenarios."""
+        if any(isinstance(value, HtmlWarning) for value in row):
+            row_class = ' class="table-row-warning"'
+        elif any(isinstance(value, HtmlSuccess) for value in row):
+            row_class = ' class="table-row-success"'
+        else:
+            row_class = ''
         cells = ''.join(f'<td>{HtmlReport._render_text(value)}</td>' for value in row)
 
-        return f'<tr{success_class}>{cells}</tr>'
+        return f'<tr{row_class}>{cells}</tr>'
 
     @staticmethod
     def _render_text(value: object) -> str:
@@ -196,6 +212,9 @@ def _render_text(value: object) -> str:
         if isinstance(value, HtmlSuccess):
             return f'<span class="table-success" role="img" aria-label="{html.escape(value.label, quote=True)}">&#10003;</span>'
 
+        if isinstance(value, HtmlWarning):
+            return f'<span class="table-warning" role="img" aria-label="{html.escape(value.label, quote=True)}">&#9888;</span>'
+
         if isinstance(value, HtmlList):
             list_items = ''.join(f'<li>{html.escape(item)}</li>' for item in value.items)
             return f'<ul class="table-list">{list_items}</ul>'
diff --git a/tests/python/test_htmlreport.py b/tests/python/test_htmlreport.py
index 750e5c21..7a4aafa8 100644
--- a/tests/python/test_htmlreport.py
+++ b/tests/python/test_htmlreport.py
@@ -6,7 +6,7 @@
 import pytest
 
 # APIM Samples imports
-from htmlreport import HtmlList, HtmlReport, HtmlSuccess, HtmlText
+from htmlreport import HtmlList, HtmlReport, HtmlSuccess, HtmlText, HtmlWarning
 
 
 def test_html_report_writes_self_contained_content(tmp_path: Path) -> None:
@@ -28,8 +28,11 @@ def test_html_report_writes_self_contained_content(tmp_path: Path) -> None:
                 HtmlList(('One <item>.', 'Two.')),
             ]
         ],
+        HtmlText('Bold <caption> then plain text.', ('Bold <caption>',)),
         column_widths=['10%', '50%', '40%'],
     )
+    report.add_table('Warnings', ['Status'], [[HtmlWarning('Some requests returned non-200 responses')]])
+    report.add_metrics('Neutral tests', {'Result': 'Passed', 'Success rate': '100.0%'}, highlight_success=False)
     report.add_figure('Route graph', figure, 'Embedded output')
     report.add_links('Explore', {'Workbook': 'https://portal.azure.com/example'})
     output_path = report.write(tmp_path / 'report.html')
@@ -50,14 +53,24 @@ def test_html_report_writes_self_contained_content(tmp_path: Path) -> None:
     assert '<h2>Lab &lt;note&gt;</h2><p>Capacity is intentionally low.</p>' in document
     assert '<th scope="col">Name</th>' in document
     assert '<h2>Rows for <strong>gpt-5.1</strong></h2>' in document
+    assert '<p><strong>Bold &lt;caption&gt;</strong> then plain text.</p>' in document
     assert '<td><strong>P1</strong>: route-a<br><strong>P2</strong>: route-b</td>' in document
     assert '<tr class="table-row-success">' in document
     assert '<td><span class="table-success" role="img" aria-label="All requests returned HTTP 200">&#10003;</span></td>' in document
     assert '.table-row-success td { background: #146c43; border-color: #0a3622; color: #ffffff; }' in document
     assert '.table-success { color: #198754; display: inline-block; font-size: 1.8rem; font-weight: 900; line-height: 1; }' in document
+    assert '<tr class="table-row-warning">' in document
+    assert '<td><span class="table-warning" role="img" aria-label="Some requests returned non-200 responses">&#9888;</span></td>' in document
+    assert '.table-row-warning td { background: #fff3cd; border-color: #b45309; color: #3d2c00; }' in document
+    assert '.table-warning { color: #8a4b00; display: inline-block; font-size: 1.5rem; font-weight: 900; line-height: 1; }' in document
     assert '<td><ul class="table-list"><li>One &lt;item&gt;.</li><li>Two.</li></ul></td>' in document
-    assert '.table-list { list-style-position: inside; margin: 0; padding: 0; }' in document
+    assert '.table-list { list-style: none; margin: 0; padding: 0; }' in document
+    assert '.table-list li { column-gap: 0.1rem; display: grid; grid-template-columns: 0.55rem 1fr; margin: 0 0 0.2rem; }' in document
+    assert ".table-list li::before { content: '\\2022'; }" in document
     assert '<colgroup><col style="width: 10%"><col style="width: 50%"><col style="width: 40%"></colgroup>' in document
+    assert '.table-wrap { max-width: 100%; overflow-x: auto; } table { border-collapse: collapse; table-layout: fixed; width: 100%; }' in document
+    assert 'overflow-wrap: anywhere;' in document
+    assert 'word-break: break-word;' in document
     assert 'vertical-align: top;' in document
     assert 'data:image/png;base64,cG5nIGJ5dGVz' in document
     assert 'href="https://portal.azure.com/example"' in document
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 23ba3e7f..b5d3a40e 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -205,6 +205,22 @@ def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
     assert "queries_path / 'verify-llm-ingestion.kql'" in code_source
     assert "queries_path / 'backend-distribution.kql'" in code_source
     assert "queries_path / 'token-throughput.kql'" in code_source
+    assert "columns=['API', 'Backend URL', 'Requests', 'Successes', 'Throttled', 'Failures', 'AverageBackendMs', 'SuccessRate']" in code_source
+    assert 'def with_backend_identifier(frame: pd.DataFrame) -> pd.DataFrame:' in code_source
+    assert "backend_identifiers = frame['Backend URL'].str.extract(r'/deployments/([a-z])-', expand=False).fillna('')" in code_source
+    assert "frame.insert(1, 'Backend', backend_identifiers)" in code_source
+    assert "frame['Backend'] = frame['Backend'].replace('?', '')" in code_source
+    assert 'distribution_frame = with_backend_identifier(distribution_frame)' in code_source
+    assert 'def format_gateway_distribution(frame: pd.DataFrame) -> pd.DataFrame:' in code_source
+    assert "backend_names = display_frame['Backend URL'].str.extract(r'/deployments/([a-z]-[^/]+)', expand=False).fillna('')" in code_source
+    assert "display_frame['Backend'] = backend_names.str.replace('-', ') ', n=1, regex=False)" in code_source
+    assert "display_frame = display_frame.drop(columns=['Backend URL'])" in code_source
+    assert "display_frame['AverageBackendMs'] = average_backend_ms.map(lambda value: '' if pd.isna(value) else f'{value:,.1f}')" in code_source
+    assert "display_frame['SuccessRate'] = success_rate.map(lambda value: '' if pd.isna(value) else f'{value:.2f}%')" in code_source
+    assert 'distribution_frame = format_gateway_distribution(distribution_frame)' in code_source
+    assert code_source.count("distribution_frame.pivot(index='API', columns='Backend', values='Requests')") == 2
+    assert "columns=['API', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens']" in code_source
+    assert 'token_frame = with_backend_identifier(token_frame)' in code_source
     assert 'plt.show()' in code_source
     assert 'Route Graph' in '\n'.join(''.join(cell['source']) for cell in notebook['cells'])
 
@@ -217,11 +233,12 @@ def test_inference_notebook_generates_local_html_report() -> None:
     assert 'import htmlreport' in code_source
     assert 'importlib.reload(htmlreport)' in code_source
     assert "'inference-failover-report.html'" in code_source
-    assert "'', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'" in code_source
+    assert "'', 'Test #', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'" in code_source
     assert "htmlreport.HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,))" in code_source
     assert 'if retry_count > 0' in code_source
     assert 'caller_succeeded = not non_200_responses' in code_source
-    assert "htmlreport.HtmlSuccess('All requests returned HTTP 200') if caller_succeeded else ''" in code_source
+    assert "htmlreport.HtmlSuccess('All requests returned HTTP 200')" in code_source
+    assert "else htmlreport.HtmlWarning('Some requests returned non-200 responses')" in code_source
     assert "observation_items = tuple(f'{item.strip()}' for item in '; '.join(observations).split(';'))" in code_source
     assert 'htmlreport.HtmlList(observation_items)' in code_source
     assert 'htmlreport.HtmlText(retry_mix, preserve_line_breaks=True)' in code_source
@@ -229,11 +246,17 @@ def test_inference_notebook_generates_local_html_report() -> None:
     assert "weights_by_priority.setdefault(priority, []).append(f'W{weight}: {count} ({count / total_requests:.1%})')" in code_source
     assert "priority_mix = '\\n'.join(f'P{priority}: {\", \".join(weight_mix)}'" in code_source
     assert 'htmlreport.HtmlText(priority_mix, bold_tokens=priority_tokens, preserve_line_breaks=True)' in code_source
-    assert "column_widths=['4%', '11%', '7%', '7%', '6%', '12%', '18%', '35%']" in code_source
+    assert "column_widths=['4%', '5%', '10%', '6%', '6%', '5%', '11%', '17%', '36%']" in code_source
+    assert "'A-1',\n                'Baseline Warm Path'" in code_source
+    assert "'B-1',\n                'Baseline Warm Path'" in code_source
+    assert "add_scenario_figure(report, f'{test_id}) {title}', description, api_results, backend_labels)" in code_source
+    assert "'The green checkmark indicates that every request returned HTTP 200'," in code_source
+    assert 'highlight_success=False' in code_source
+    assert 'The amber warning triangle indicates that one or more requests returned a caller-visible non-200 response' in code_source
     assert "f'APIM source region: {apim_source_region} | Deployment: {nb_helper.deployment.name} | Resource group: {rg_name}'" in code_source
     assert 'report.add_info_callout(' in code_source
     assert "'Lab Capacity Is Intentionally Low'" in code_source
-    assert "'Each regional Azure OpenAI deployment is intentionally configured at 1 thousand TPM" in code_source
+    assert "'Each regional Azure OpenAI deployment is intentionally configured at 1,000 TPM so that" in code_source
     assert 'observed_backend_failures = backend_retries_absorbed + caller_visible_failures' in code_source
     assert 'shielded_percentage = backend_retries_absorbed / observed_backend_failures * 100' in code_source
     assert "f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers'" in code_source

From 9815ba80a5aa4733fc87663c8844442ff4f2855a Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Tue, 9 Jun 2026 14:11:08 -0400
Subject: [PATCH 04/31] Update meta information

---
 docs/index.html | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/docs/index.html b/docs/index.html
index e61cb25a..5c8d12f4 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -35,7 +35,7 @@
          /index.html and /.
   -->
   <title>Azure API Management Samples - APIM Policies &amp; Architectures</title>
-  <meta name="description" content="Deploy Azure API Management reference architectures and experiment with real-world APIM policies. Jupyter-driven labs covering Front Door, Application Gateway, Private Link, authentication, load balancing, and more.">
+  <meta name="description" content="Deploy Azure API Management reference architectures and test real-world APIM policies for AI Gateway failover, authentication, networking, and more.">
   <meta name="author" content="Microsoft Azure-Samples">
   <meta name="robots" content="index, follow, max-image-preview:large">
   <meta name="theme-color" content="#0078D4">
@@ -45,7 +45,7 @@
   <meta property="og:type" content="website">
   <meta property="og:site_name" content="Azure-Samples">
   <meta property="og:title" content="Azure API Management Samples - APIM Policies &amp; Architectures">
-  <meta property="og:description" content="Deploy Azure API Management reference architectures and experiment with real-world APIM policies. Jupyter-driven labs covering Front Door, Application Gateway, Private Link, and more.">
+  <meta property="og:description" content="Deploy Azure API Management reference architectures and test real-world APIM policies for AI Gateway failover, authentication, networking, and more.">
   <meta property="og:url" content="https://azure-samples.github.io/Apim-Samples/">
   <meta property="og:image" content="https://azure-samples.github.io/Apim-Samples/assets/apim-samples-logo.png">
   <meta property="og:image:alt" content="APIM Samples logo: the Azure API Management icon inside a laboratory flask">
@@ -61,7 +61,7 @@
   <!-- Twitter / X card -->
   <meta name="twitter:card" content="summary_large_image">
   <meta name="twitter:title" content="Azure API Management Samples">
-  <meta name="twitter:description" content="Deploy APIM reference architectures and experiment with real-world policies. Not too much, not too little. Just right.">
+  <meta name="twitter:description" content="Deploy APIM reference architectures and test real-world policies for AI Gateway failover, authentication, networking, and more.">
   <meta name="twitter:image" content="https://azure-samples.github.io/Apim-Samples/assets/apim-samples-logo.png">
   <meta name="twitter:image:alt" content="APIM Samples logo: the Azure API Management icon inside a laboratory flask">
 
@@ -108,13 +108,13 @@
         "@type": "SoftwareSourceCode",
         "@id": "https://github.com/Azure-Samples/Apim-Samples#repo",
         "name": "Azure API Management Samples",
-        "description": "High-fidelity Azure API Management infrastructures and real-world policy samples. Jupyter-driven labs covering Front Door, Application Gateway, Private Link, authentication, load balancing, cost allocation, and OAuth credential management.",
+        "description": "High-fidelity Azure API Management infrastructures and real-world policy samples. Jupyter-driven labs covering AI Gateway failover, Azure OpenAI telemetry, Front Door, Application Gateway, Private Link, authentication, load balancing, cost allocation, and OAuth credential management.",
         "url": "https://azure-samples.github.io/Apim-Samples/",
         "codeRepository": "https://github.com/Azure-Samples/Apim-Samples",
         "programmingLanguage": ["Python", "Bicep", "XML"],
         "runtimePlatform": "Azure",
         "license": "https://github.com/Azure-Samples/Apim-Samples/blob/main/LICENSE",
-        "keywords": "Azure API Management, APIM, APIM policies, API gateway, Azure Front Door, Application Gateway, Private Link, VNet injection, Bicep, Jupyter, load balancing, JWT validation, OAuth, Credential Manager",
+        "keywords": "Azure API Management, APIM, APIM policies, AI Gateway, Azure OpenAI, inference failover, API gateway, Azure Front Door, Application Gateway, Private Link, VNet injection, Bicep, Jupyter, load balancing, JWT validation, OAuth, Credential Manager",
         "author": {
           "@type": "Organization",
           "name": "Microsoft",
@@ -128,10 +128,10 @@
         "name": "Infrastructures and Samples",
         "itemListElement": [
           { "@type": "ListItem", "position": 1,  "name": "Simple API Management",                         "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/infrastructure/simple-apim" },
-          { "@type": "ListItem", "position": 2,  "name": "API Management and Container Apps",             "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/infrastructure/apim-aca" },
-          { "@type": "ListItem", "position": 3,  "name": "Front Door and API Management (Private Link)",  "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/infrastructure/afd-apim-pe" },
-          { "@type": "ListItem", "position": 4,  "name": "Application Gateway and APIM (Private Link)",   "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/infrastructure/appgw-apim-pe" },
-          { "@type": "ListItem", "position": 5,  "name": "Application Gateway and APIM (VNet injection)", "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/infrastructure/appgw-apim" },
+          { "@type": "ListItem", "position": 2,  "name": "API Management & Container Apps",        "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/infrastructure/apim-aca" },
+          { "@type": "ListItem", "position": 3,  "name": "Front Door & API Management",             "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/infrastructure/afd-apim-pe" },
+          { "@type": "ListItem", "position": 4,  "name": "Application Gateway (Private Link)",      "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/infrastructure/appgw-apim-pe" },
+          { "@type": "ListItem", "position": 5,  "name": "Application Gateway (VNet)",               "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/infrastructure/appgw-apim" },
           { "@type": "ListItem", "position": 6,  "name": "AuthX sample",                                  "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/authX" },
           { "@type": "ListItem", "position": 7,  "name": "AuthX Pro sample",                              "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/authX-pro" },
           { "@type": "ListItem", "position": 8,  "name": "Azure Maps sample",                             "url": "https://github.com/Azure-Samples/Apim-Samples/tree/main/samples/azure-maps" },

From 023e97ba457f3ba43d93b02b09bd96173ab2347d Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Tue, 9 Jun 2026 14:44:08 -0400
Subject: [PATCH 05/31] Clean up and test coverage increase

---
 samples/inference-failover/create.ipynb |  2 +-
 tests/python/test_charts.py             | 36 +++++++++++++++++++++++++
 tests/python/test_htmlreport.py         |  6 +++++
 3 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index e68c8ff0..486361e0 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -102,7 +102,7 @@
     "# ------------------------------\n",
     "\n",
     "rg_location = Region.EAST_US_2\n",
-    "index = 200\n",
+    "index = 1\n",
     "apim_sku = APIM_SKU.BASICV2\n",
     "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
     "api_prefix = 'inference'\n",
diff --git a/tests/python/test_charts.py b/tests/python/test_charts.py
index 45f94739..d25b905e 100644
--- a/tests/python/test_charts.py
+++ b/tests/python/test_charts.py
@@ -13,6 +13,14 @@
 from apimtypes import HttpStatusCode
 from charts import BarChart
 
+
+def test_request_summary_formatters_handle_singular_plural_and_empty_totals():
+    """Format request counts grammatically and avoid division by zero."""
+    assert charts._format_request_count(1) == '1 request'
+    assert charts._format_request_count(2) == '2 requests'
+    assert charts._format_percentage(1, 2) == '50.0%'
+    assert charts._format_percentage(0, 0) == '0.0%'
+
 # Add the shared/python directory to the Python path
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..', '..', 'shared', 'python'))
 
@@ -773,3 +781,31 @@ def test_plot_barchart_omits_vertical_separator_when_none(monkeypatch):
     chart._plot_barchart(results)
 
     axvline_mock.assert_not_called()
+
+
+def test_render_executes_plotting_without_displaying(monkeypatch):
+    """Render returns the generated figure without calling pyplot.show."""
+    results = [{'run': 1, 'response_time': 0.1, 'status_code': 200, 'response': '{"index": 1}'}]
+    mock_ax = MagicMock()
+    monkeypatch.setattr(pd.DataFrame, 'plot', lambda self, *args, **kwargs: mock_ax, raising=False)
+    for attr in ['title', 'xlabel', 'ylabel', 'xticks', 'figtext', 'axhline', 'text']:
+        monkeypatch.setattr(charts.plt, attr, MagicMock())
+    show_mock = MagicMock()
+    monkeypatch.setattr(charts.plt, 'show', show_mock)
+
+    assert BarChart('Test', 'X', 'Y', results).render() is mock_ax.figure
+    show_mock.assert_not_called()
+
+
+def test_plot_barchart_shows_other_non_200_responses(monkeypatch):
+    """Give non-4xx and non-5xx responses a distinct accessible legend entry."""
+    results = [{'run': 1, 'response_time': 0.1, 'status_code': 302, 'response': ''}]
+    mock_ax = MagicMock()
+    monkeypatch.setattr(pd.DataFrame, 'plot', lambda self, *args, **kwargs: mock_ax, raising=False)
+    for attr in ['title', 'xlabel', 'ylabel', 'xticks', 'show', 'figtext']:
+        monkeypatch.setattr(charts.plt, attr, MagicMock())
+
+    BarChart('Test', 'X', 'Y', results)._plot_barchart(results)
+
+    legend_names = mock_ax.legend.call_args.args[1]
+    assert legend_names == ['!!! OTHER NON-200 RESPONSES - 1 request !!!']
diff --git a/tests/python/test_htmlreport.py b/tests/python/test_htmlreport.py
index 7a4aafa8..af0e52c8 100644
--- a/tests/python/test_htmlreport.py
+++ b/tests/python/test_htmlreport.py
@@ -90,3 +90,9 @@ def test_html_report_rejects_mismatched_table_column_widths() -> None:
 
     with pytest.raises(ValueError, match='Table column widths must match the header count'):
         report.add_table('Rows', ['Name', 'Value'], [['one', 1]], column_widths=['100%'])
+
+
+def test_html_report_renders_plain_rows_and_unformatted_html_text() -> None:
+    """Render fallback table rows and HtmlText without optional bold formatting."""
+    assert HtmlReport._table_row(['<plain>']) == '<tr><td>&lt;plain&gt;</td></tr>'
+    assert HtmlReport._render_text(HtmlText('<plain>')) == '&lt;plain&gt;'

From a5f33fc26655821ec0c72f4aba568b5ef87b3ec1 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Tue, 9 Jun 2026 15:25:17 -0400
Subject: [PATCH 06/31] Fix mocks

---
 tests/python/test_charts.py | 111 ++++++++++++------------------------
 1 file changed, 38 insertions(+), 73 deletions(-)

diff --git a/tests/python/test_charts.py b/tests/python/test_charts.py
index d25b905e..8862713b 100644
--- a/tests/python/test_charts.py
+++ b/tests/python/test_charts.py
@@ -68,6 +68,17 @@ def empty_api_results():
     return []
 
 
+@pytest.fixture
+def mock_chart_plotting(monkeypatch):
+    """Replace chart plotting boundaries while retaining real pandas data processing."""
+    mock_plt = MagicMock()
+    mock_ax = MagicMock()
+    monkeypatch.setattr(charts, 'plt', mock_plt)
+    monkeypatch.setattr(charts.pd.DataFrame, 'plot', lambda self, *args, **kwargs: mock_ax)
+
+    return mock_plt, mock_ax
+
+
 # ------------------------------
 #    TEST BARCHART INITIALIZATION
 # ------------------------------
@@ -613,7 +624,7 @@ def test_average_line_all_data_outliers(mock_pd, mock_plt):
     mock_plt.text.assert_called()
 
 
-def test_plot_barchart_skips_average_line_without_success(monkeypatch):
+def test_plot_barchart_skips_average_line_without_success(mock_chart_plotting):
     """Ensure average line is skipped when there are no 200 responses."""
 
     no_success_results = [
@@ -623,23 +634,15 @@ def test_plot_barchart_skips_average_line_without_success(monkeypatch):
 
     chart = BarChart('Test', 'X', 'Y', no_success_results)
 
-    # Prevent real plotting
-    monkeypatch.setattr(pd.DataFrame, 'plot', lambda self, *args, **kwargs: MagicMock(), raising=False)
-    for attr in ['title', 'xlabel', 'ylabel', 'xticks', 'show', 'figtext']:
-        monkeypatch.setattr(charts.plt, attr, MagicMock())
-
-    axhline_mock = MagicMock()
-    text_mock = MagicMock()
-    monkeypatch.setattr(charts.plt, 'axhline', axhline_mock)
-    monkeypatch.setattr(charts.plt, 'text', text_mock)
+    mock_plt, _ = mock_chart_plotting
 
     chart._plot_barchart(no_success_results)
 
-    axhline_mock.assert_not_called()
-    text_mock.assert_not_called()
+    mock_plt.axhline.assert_not_called()
+    mock_plt.text.assert_not_called()
 
 
-def test_plot_barchart_skips_average_when_filtered_empty(monkeypatch):
+def test_plot_barchart_skips_average_when_filtered_empty(monkeypatch, mock_chart_plotting):
     """Ensure average line is skipped when all successful rows are filtered out."""
 
     success_results = [
@@ -649,25 +652,17 @@ def test_plot_barchart_skips_average_when_filtered_empty(monkeypatch):
 
     chart = BarChart('Test', 'X', 'Y', success_results)
 
-    monkeypatch.setattr(pd.DataFrame, 'plot', lambda self, *args, **kwargs: MagicMock(), raising=False)
+    mock_plt, _ = mock_chart_plotting
 
     def fake_quantile(self, q, *args, **kwargs):
         return 0  # Force all rows to be excluded
 
-    monkeypatch.setattr(pd.Series, 'quantile', fake_quantile, raising=False)
-
-    for attr in ['title', 'xlabel', 'ylabel', 'xticks', 'show', 'figtext']:
-        monkeypatch.setattr(charts.plt, attr, MagicMock())
-
-    axhline_mock = MagicMock()
-    text_mock = MagicMock()
-    monkeypatch.setattr(charts.plt, 'axhline', axhline_mock)
-    monkeypatch.setattr(charts.plt, 'text', text_mock)
+    monkeypatch.setattr(charts.pd.Series, 'quantile', fake_quantile)
 
     chart._plot_barchart(success_results)
 
-    axhline_mock.assert_not_called()
-    text_mock.assert_not_called()
+    mock_plt.axhline.assert_not_called()
+    mock_plt.text.assert_not_called()
 
 
 # ------------------------------
@@ -688,7 +683,7 @@ def test_barchart_init_with_vertical_separator():
     assert chart.vertical_separator == separator
 
 
-def test_plot_barchart_draws_vertical_separator(monkeypatch):
+def test_plot_barchart_draws_vertical_separator(mock_chart_plotting):
     """Plot draws an axvline and annotation when vertical_separator is provided."""
 
     results = [
@@ -696,51 +691,35 @@ def test_plot_barchart_draws_vertical_separator(monkeypatch):
         {'run': 2, 'response_time': 0.2, 'status_code': 200, 'response': '{"index": 1}'},
     ]
 
-    mock_ax = MagicMock()
+    mock_plt, mock_ax = mock_chart_plotting
     mock_ax.get_ylim.return_value = (0, 500)
-    monkeypatch.setattr(pd.DataFrame, 'plot', lambda self, *args, **kwargs: mock_ax, raising=False)
-    for attr in ['title', 'xlabel', 'ylabel', 'xticks', 'show', 'figtext', 'axhline']:
-        monkeypatch.setattr(charts.plt, attr, MagicMock())
-
-    axvline_mock = MagicMock()
-    text_mock = MagicMock()
-    monkeypatch.setattr(charts.plt, 'axvline', axvline_mock)
-    monkeypatch.setattr(charts.plt, 'text', text_mock)
 
     separator = (1.5, 'Waited 20s for Retry-After to elapse')
     chart = BarChart('Test', 'X', 'Y', results, vertical_separator=separator)
     chart._plot_barchart(results)
 
-    axvline_mock.assert_called_once()
-    axvline_kwargs = axvline_mock.call_args.kwargs
+    mock_plt.axvline.assert_called_once()
+    axvline_kwargs = mock_plt.axvline.call_args.kwargs
     assert axvline_kwargs['x'] == 1.5
     assert axvline_kwargs['linestyle'] == '--'
 
     # The annotation text call should include the separator label as a positional arg. The
     # label is nudged 0.25 bar-positions to the left of the separator line so the text does
     # not visually touch it.
-    annotation_calls = [c for c in text_mock.call_args_list if separator[1] in c.args]
+    annotation_calls = [c for c in mock_plt.text.call_args_list if separator[1] in c.args]
     assert len(annotation_calls) == 1
     annotation_args = annotation_calls[0].args
     assert annotation_args[0] == 1.5 - 0.25  # x position (nudged left)
     assert annotation_args[2] == separator[1]
 
 
-def test_plot_barchart_draws_multiple_vertical_separators(monkeypatch):
+def test_plot_barchart_draws_multiple_vertical_separators(mock_chart_plotting):
     """Plot draws one axvline + annotation per entry when given a list of separators."""
 
     results = [{'run': i, 'response_time': 0.1, 'status_code': 200, 'response': '{"index": 1}'} for i in range(1, 6)]
 
-    mock_ax = MagicMock()
+    mock_plt, mock_ax = mock_chart_plotting
     mock_ax.get_ylim.return_value = (0, 500)
-    monkeypatch.setattr(pd.DataFrame, 'plot', lambda self, *args, **kwargs: mock_ax, raising=False)
-    for attr in ['title', 'xlabel', 'ylabel', 'xticks', 'show', 'figtext', 'axhline']:
-        monkeypatch.setattr(charts.plt, attr, MagicMock())
-
-    axvline_mock = MagicMock()
-    text_mock = MagicMock()
-    monkeypatch.setattr(charts.plt, 'axvline', axvline_mock)
-    monkeypatch.setattr(charts.plt, 'text', text_mock)
 
     separators = [
         (1.5, 'Waited 10s after 429'),
@@ -749,61 +728,47 @@ def test_plot_barchart_draws_multiple_vertical_separators(monkeypatch):
     chart = BarChart('Test', 'X', 'Y', results, vertical_separator=separators)
     chart._plot_barchart(results)
 
-    assert axvline_mock.call_count == len(separators)
-    xs = [c.kwargs['x'] for c in axvline_mock.call_args_list]
+    assert mock_plt.axvline.call_count == len(separators)
+    xs = [c.kwargs['x'] for c in mock_plt.axvline.call_args_list]
     assert xs == [s[0] for s in separators]
 
     for sep_x, sep_label in separators:
-        annotation_calls = [c for c in text_mock.call_args_list if sep_label in c.args]
+        annotation_calls = [c for c in mock_plt.text.call_args_list if sep_label in c.args]
         assert len(annotation_calls) == 1
         annotation_args = annotation_calls[0].args
         assert annotation_args[0] == sep_x - 0.25
         assert annotation_args[2] == sep_label
 
 
-def test_plot_barchart_omits_vertical_separator_when_none(monkeypatch):
+def test_plot_barchart_omits_vertical_separator_when_none(mock_chart_plotting):
     """Plot does not draw an axvline when vertical_separator is None."""
 
     results = [
         {'run': 1, 'response_time': 0.1, 'status_code': 200, 'response': '{"index": 1}'},
     ]
 
-    mock_ax = MagicMock()
+    mock_plt, mock_ax = mock_chart_plotting
     mock_ax.get_ylim.return_value = (0, 500)
-    monkeypatch.setattr(pd.DataFrame, 'plot', lambda self, *args, **kwargs: mock_ax, raising=False)
-    for attr in ['title', 'xlabel', 'ylabel', 'xticks', 'show', 'figtext', 'axhline', 'text']:
-        monkeypatch.setattr(charts.plt, attr, MagicMock())
-
-    axvline_mock = MagicMock()
-    monkeypatch.setattr(charts.plt, 'axvline', axvline_mock)
 
     chart = BarChart('Test', 'X', 'Y', results)
     chart._plot_barchart(results)
 
-    axvline_mock.assert_not_called()
+    mock_plt.axvline.assert_not_called()
 
 
-def test_render_executes_plotting_without_displaying(monkeypatch):
+def test_render_executes_plotting_without_displaying(mock_chart_plotting):
     """Render returns the generated figure without calling pyplot.show."""
     results = [{'run': 1, 'response_time': 0.1, 'status_code': 200, 'response': '{"index": 1}'}]
-    mock_ax = MagicMock()
-    monkeypatch.setattr(pd.DataFrame, 'plot', lambda self, *args, **kwargs: mock_ax, raising=False)
-    for attr in ['title', 'xlabel', 'ylabel', 'xticks', 'figtext', 'axhline', 'text']:
-        monkeypatch.setattr(charts.plt, attr, MagicMock())
-    show_mock = MagicMock()
-    monkeypatch.setattr(charts.plt, 'show', show_mock)
+    mock_plt, mock_ax = mock_chart_plotting
 
     assert BarChart('Test', 'X', 'Y', results).render() is mock_ax.figure
-    show_mock.assert_not_called()
+    mock_plt.show.assert_not_called()
 
 
-def test_plot_barchart_shows_other_non_200_responses(monkeypatch):
+def test_plot_barchart_shows_other_non_200_responses(mock_chart_plotting):
     """Give non-4xx and non-5xx responses a distinct accessible legend entry."""
     results = [{'run': 1, 'response_time': 0.1, 'status_code': 302, 'response': ''}]
-    mock_ax = MagicMock()
-    monkeypatch.setattr(pd.DataFrame, 'plot', lambda self, *args, **kwargs: mock_ax, raising=False)
-    for attr in ['title', 'xlabel', 'ylabel', 'xticks', 'show', 'figtext']:
-        monkeypatch.setattr(charts.plt, attr, MagicMock())
+    _, mock_ax = mock_chart_plotting
 
     BarChart('Test', 'X', 'Y', results)._plot_barchart(results)
 

From 8cafa3db33de50be44b20f1cfef3551a66f11205 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 10:20:38 -0400
Subject: [PATCH 07/31] Refactor inference-failover sample, add HTTP matrix

---
 .github/agents/apim-sample-publisher.agent.md |   2 +-
 samples/inference-failover/README.md          |  53 +-
 .../apim-policies/inference-api-policy.xml    | 140 +++++
 samples/inference-failover/create.ipynb       | 536 ++++++++----------
 .../inference-api-policy.xml                  |  83 ---
 .../inference_failover_helpers.py             | 276 +++++++++
 samples/inference-failover/main.bicep         |  40 +-
 tests/python/test_inference_failover.py       | 125 +++-
 .../python/test_inference_failover_helpers.py | 206 +++++++
 9 files changed, 1053 insertions(+), 408 deletions(-)
 create mode 100644 samples/inference-failover/apim-policies/inference-api-policy.xml
 delete mode 100644 samples/inference-failover/inference-api-policy.xml
 create mode 100644 samples/inference-failover/inference_failover_helpers.py
 create mode 100644 tests/python/test_inference_failover_helpers.py

diff --git a/.github/agents/apim-sample-publisher.agent.md b/.github/agents/apim-sample-publisher.agent.md
index c646a501..ec96b99d 100644
--- a/.github/agents/apim-sample-publisher.agent.md
+++ b/.github/agents/apim-sample-publisher.agent.md
@@ -102,4 +102,4 @@ Return a concise publish-readiness report with:
 - **Updated**: source files changed during the publishing pass.
 - **Architecture**: notebook/helper ownership decision, shared-boundary reuse, and any remaining mechanics intentionally kept visible.
 - **Validated**: focused helper tests, coverage, combined checks, and SEO source checks when website content changed.
-- **Remaining**: manual visual checks, live Azure scenarios, or unresolved blockers. State `None` when the sample is ready for review.
\ No newline at end of file
+- **Remaining**: manual visual checks, live Azure scenarios, or unresolved blockers. State `None` when the sample is ready for review.
diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
index bbe9966e..17265cdd 100644
--- a/samples/inference-failover/README.md
+++ b/samples/inference-failover/README.md
@@ -1,5 +1,8 @@
 # Samples: Inference Failover
 
+<!-- markdownlint-disable MD013 -->
+<!-- Long technical prose and wide telemetry tables are intentionally not hard-wrapped. -->
+
 This sample uses Azure API Management as an AI Gateway for two Azure OpenAI models, combining priority and weighted backend failover with focused LLM telemetry in Log Analytics and an Azure Monitor Workbook.
 
 ⚙️ **Supported infrastructures**: All infrastructures
@@ -25,6 +28,52 @@ Beyond the [general prerequisites](../../README.md#-getting-started) (Azure subs
 
 An AI platform prefers provisioned capacity tiers across its available regions before using pay-as-you-go capacity: in-region PTU, out-of-region PTU, in-region PAYG, then out-of-region PAYG. This lab exercises that routing shape using only regional `Standard` pay-as-you-go Azure OpenAI deployments. Names containing `PTU` identify the simulated preference tier in the experiment and do not change the Azure OpenAI deployment SKU or billing model.
 
+### Response Handling Rules
+
+The inference policy uses the following response-handling matrix. "Failover" means returning the sample's generic caller-facing `503` after the eligible regional retry chain is exhausted; it is distinct from shifting an individual retry to another region.
+
+| Code | Category | Retry     | Shift Region | Failover           | Severity |
+| ---- | -------- | --------- | ------------ | ------------------ | -------- |
+| 200  | Success  | N/A       | No           | No                 | None     |
+| 400  | Client   | No        | No           | No                 | Low      |
+| 401  | Auth     | No        | No           | No                 | Medium   |
+| 403  | AuthZ    | No        | No           | No                 | Medium   |
+| 404  | Config   | No        | No           | No                 | Medium   |
+| 409  | Conflict | Sometimes | No           | No                 | Medium   |
+| 429  | Capacity | Yes       | Yes (bias)   | No                 | Medium   |
+| 500  | Infra    | Yes       | Yes          | Yes (if sustained) | High     |
+| 502  | Infra    | Yes       | Yes          | Yes                | High     |
+| 503  | Infra    | Yes       | Yes          | Yes                | High     |
+| 504  | Infra    | Yes       | Yes          | Yes                | High     |
+
+The policy interprets "Sometimes" as a `409` carrying `Retry-After`: APIM retries it immediately against the selected backend but does not open that backend's circuit or intentionally shift region. A `429` opens the capacity circuit, and `Retry-After` biases subsequent pool selection away from the constrained backend; if every eligible attempt still returns `429`, APIM preserves that response instead of converting it to failover. A `500` becomes a regional failover signal only after two occurrences within one minute, while `502`, `503`, and `504` open the infrastructure circuit immediately. After the regional chain is exhausted, those infrastructure responses become a generic caller-facing `503`.
+
+### Failure Test Coverage
+
+The notebook runs deterministic gateway contract probes before its capacity scenarios. These probes verify a valid `200`, an Azure OpenAI `400` from malformed JSON, an APIM `401` from a missing subscription key, and an APIM `404` from an unknown operation. The `400` also verifies `X-Backend-Retry: 0`, proving that client errors pass through without retry. The pressure scenarios exercise organic `429` handling against the intentionally small deployments. The remaining backend statuses require a controllable fault origin because Azure OpenAI does not provide a supported "return this status" test switch.
+
+| Condition | Automated here | Recommended controlled test | Expected evidence |
+| --- | --- | --- | --- |
+| `200` | Yes | Send a valid small chat-completions request. | `200` and `X-Backend-Retry: 0`. |
+| `400` | Yes | Send truncated JSON with `Content-Type: application/json`. | Backend `400`, caller `400`, and `X-Backend-Retry: 0`. |
+| `401` | Yes | Omit the APIM subscription key. | Gateway `401`; the inference policy is not entered. |
+| `403` | No | On an isolated deployment, remove **Cognitive Services OpenAI User** from APIM or add a temporary deny policy. Restore access immediately after the probe. | Backend/caller `403` and no retry. |
+| `404` | Yes | Call an unknown APIM operation. For a backend-side variant, temporarily target a nonexistent model deployment in an isolated backend. | `404` and no retry. |
+| `409` without `Retry-After` | No | Use a local fault server, Mockoon, WireMock, or a temporary Container App that returns `409` without the header. | One attempt; caller keeps `409`. |
+| `409` with `Retry-After` | No | Return `409` plus `Retry-After: 1` from the controlled fault origin. | Retry count increases, but the backend circuit does not open. |
+| `429` | Yes, workload-dependent | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin. | Regional selection is biased; exhausted capacity remains `429`. |
+| `500` | No | Return `500` twice within one minute, then recover. | First response is retryable; sustained failures open the circuit and can exhaust as generic `503`. |
+| `502` | No | Return an explicit `502` from the controlled fault origin. | Immediate infrastructure circuit trip and regional retry. |
+| `503` | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin. | Immediate regional retry; exhausted chain becomes generic `503`. |
+| `504` | No | Return an explicit `504`; separately delay the origin beyond the APIM forwarding timeout to test transport timeout behavior. | HTTP `504` trips the circuit; timeout produces no backend HTTP response but is retried and normalized to `503`. |
+| DNS/connection failure | No | Point one isolated backend at a reserved nonexistent host such as `https://unresolvable.invalid`. | `BackendConnectionFailure`, retries, then generic `503` if all destinations fail. |
+| TLS failure | No | Point an isolated backend at a host with an expired certificate or a certificate-name mismatch while TLS validation remains enabled. | Backend connection failure, retries, and no certificate detail disclosed to the caller. |
+| Caller disconnect | No | Start a streaming or deliberately slow request, then abort the client socket or use `curl --max-time 1`. | Native client-connection/cancellation telemetry; this is not backend failover. |
+
+Use a separate APIM API/backend pool or a disposable deployment for controlled origin tests. Do not add public fault-injection headers to the production-shaped inference APIs, and do not remove role assignments from a shared environment. A nonexistent backend hostname is useful for DNS failure, but it does **not** simulate a client disconnect: DNS happens between APIM and the backend, while a client disconnect happens between the caller and APIM.
+
+For the HTTP fault cases, a minimal local origin can return the requested status and optional `Retry-After` header. Expose it only to the test APIM network path, register one backend per region/priority under test, and apply the same inference policy and breaker configuration. Run each case twice: once with a later healthy pool member to prove recovery, and once with every member faulted to prove the terminal caller contract. Inspect `X-Backend-Retry`, `BackendResponseCode`, `LastErrorReason`, and the `InferenceBackendAttemptComplete`, `InferenceFallbackExhausted`, or `InferenceTransportFailure` trace event.
+
 ### Model Deployments
 
 All deployments below use the regional `Standard` SKU with a capacity of `1` thousand tokens per minute (TPM). This deliberately small capacity makes concentrated `429`-driven failover practical to observe; it is not production sizing advice.
@@ -46,11 +95,11 @@ All deployments below use the regional `Standard` SKU with a capacity of `1` tho
 This lab adds the following to an existing APIM infrastructure:
 
 - Three regional Azure OpenAI resources containing nine `Standard` model deployments at `1` thousand TPM each.
-- Nine concrete APIM backends named using `<model>-<PTU|PAYG>-<region>`, each with TLS validation and a one-minute circuit breaker for `429` and `503` responses that accepts `Retry-After`.
+- Nine concrete APIM backends named using `<model>-<PTU|PAYG>-<region>`, each with TLS validation and separate circuit breakers for capacity, sustained internal errors, and immediate gateway or availability failures.
 - One APIM backend pool per model so a retry never crosses to an incompatible deployment.
 - Two AI Gateway APIs with managed identity authentication to Azure OpenAI: `POST /inference/gpt-5-1/chat/completions` retries four times through A -> D -> B -> E/G (equal terminal weights), while `POST /inference/gpt-4-1-mini/chat/completions` retries three times through C -> F -> D -> H.
 
-- Model-specific retry policies that buffer the POST body while retrying throttled or unavailable backends, emit an information-level trace after every backend attempt, always return the caller-visible `X-Backend-Retry` count, and return a generic `503` when fallback is exhausted.
+- Model-specific retry policies that buffer the POST body while immediately retrying conditional conflicts, throttling, and listed infrastructure failures; emit an information-level trace after every backend attempt; always return the caller-visible `X-Backend-Retry` count; preserve exhausted `409` and `429` responses; and return a generic `503` when infrastructure failover is exhausted.
 - APIM AI Gateway diagnostics using the infrastructure-provided Log Analytics workspace and Application Insights component, plus an AOAI-only workbook for terminal outcomes, retry trails, backend distribution, APIM errors, token coverage, and latency.
 - An optional Standard Event Hubs namespace, telemetry hub, and `external-observability` consumer group in the APIM region for downstream stream processors, SIEM platforms, or external analytics systems.
 
diff --git a/samples/inference-failover/apim-policies/inference-api-policy.xml b/samples/inference-failover/apim-policies/inference-api-policy.xml
new file mode 100644
index 00000000..849ffd56
--- /dev/null
+++ b/samples/inference-failover/apim-policies/inference-api-policy.xml
@@ -0,0 +1,140 @@
+<!--
+    Inference API policy template.
+
+    The notebook replaces BACKEND_POOL_ID and RETRY_COUNT for each model-safe API.
+    Managed identity authentication is applied after pool selection, so every selected
+    Azure OpenAI backend receives a bearer token rather than an API key.
+
+    Response handling matrix:
+
+    Code  Category  Retry      Shift Region  Failover           Severity
+    200   Success   N/A        No            No                 None
+    400   Client    No         No            No                 Low
+    401   Auth      No         No            No                 Medium
+    403   AuthZ     No         No            No                 Medium
+    404   Config    No         No            No                 Medium
+    409   Conflict  Sometimes  No            No                 Medium
+    429   Capacity  Yes        Yes (bias)    No                 Medium
+    500   Infra     Yes        Yes           Yes (if sustained) High
+    502   Infra     Yes        Yes           Yes                High
+    503   Infra     Yes        Yes           Yes                High
+    504   Infra     Yes        Yes           Yes                High
+
+    "Sometimes" means that 409 is retried only when the backend supplies Retry-After.
+    The 409 response does not trip a circuit breaker, so the retry stays on the selected
+    backend rather than intentionally shifting region. A 429 trips the capacity breaker;
+    Retry-After biases APIM away from that backend, but an exhausted 429 remains a 429.
+    A 500 must be sustained before its circuit opens. A 502, 503, or 504 opens the
+    infrastructure breaker immediately. Exhausted infrastructure failures are normalized
+    to a generic 503 without exposing backend identity.
+
+    A null backend response is not an HTTP status. It represents an APIM-to-backend
+    transport failure such as DNS resolution, connection establishment, or timeout.
+    Those failures are retryable and exhausted forward-request connection/timeouts are
+    normalized to the same generic 503. A caller disconnect is different: changing the
+    backend URL cannot simulate it because the broken connection is on the caller side.
+-->
+<policies>
+    <inbound>
+        <base />
+        <set-variable name="backendAttempt" value="@(0)" />
+        <set-backend-service backend-id="BACKEND_POOL_ID" />
+        <authentication-managed-identity resource="https://cognitiveservices.azure.com" output-token-variable-name="managed-id-access-token" ignore-error="false" />
+        <set-header name="Authorization" exists-action="override">
+            <value>@("Bearer " + (string)context.Variables["managed-id-access-token"])</value>
+        </set-header>
+        <set-header name="x-ms-client-request-id" exists-action="override">
+            <value>@(context.RequestId.ToString())</value>
+        </set-header>
+        <set-query-parameter name="api-version" exists-action="skip">
+            <value>2024-10-21</value>
+        </set-query-parameter>
+        <trace source="InferenceFailover" severity="information">
+            <message>@("InferenceRequestAccepted|requestId=" + context.RequestId.ToString())</message>
+            <metadata name="EventName" value="InferenceRequestAccepted" />
+            <metadata name="RequestId" value="@(context.RequestId.ToString())" />
+        </trace>
+    </inbound>
+    <backend>
+        <!-- Match the load-balancing sample: retry immediately and let the backend pool's circuit breakers control regional selection. -->
+        <!-- Retry a null response because APIM could not obtain any HTTP response from the backend. -->
+        <!-- Retry 409 only when Retry-After explicitly marks it as transient. Retry all capacity and listed infrastructure failures. -->
+        <retry count="RETRY_COUNT" interval="0" first-fast-retry="true" condition="@(context.Response == null || (context.Response.StatusCode == 409 &amp;&amp; context.Response.Headers.ContainsKey(&quot;Retry-After&quot;)) || context.Response.StatusCode == 429 || context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504)">
+            <set-variable name="backendAttempt" value='@(((int)context.Variables["backendAttempt"]) + 1)' />
+            <forward-request buffer-request-body="true" />
+            <trace source="InferenceFailover" severity="information">
+                <message>@("InferenceBackendAttemptComplete|attempt=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()) + "|willRetry=" + (context.Response == null || (context.Response.StatusCode == 409 &amp;&amp; context.Response.Headers.ContainsKey("Retry-After")) || context.Response.StatusCode == 429 || context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504).ToString())</message>
+                <metadata name="EventName" value="InferenceBackendAttemptComplete" />
+                <metadata name="RequestId" value="@(context.RequestId.ToString())" />
+                <metadata name="Attempt" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
+                <metadata name="BackendResponseCode" value='@(context.Response == null ? "none" : context.Response.StatusCode.ToString())' />
+                <metadata name="WillRetry" value='@((context.Response == null || (context.Response.StatusCode == 409 &amp;&amp; context.Response.Headers.ContainsKey("Retry-After")) || context.Response.StatusCode == 429 || context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504).ToString())' />
+            </trace>
+        </retry>
+    </backend>
+    <outbound>
+        <set-header name="X-Backend-Retry" exists-action="override">
+            <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
+        </set-header>
+        <trace source="InferenceFailover" severity="information">
+            <message>@("InferenceGatewayResponse|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()))</message>
+            <metadata name="EventName" value="InferenceGatewayResponse" />
+            <metadata name="RequestId" value="@(context.RequestId.ToString())" />
+            <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
+            <metadata name="BackendResponseCode" value='@(context.Response == null ? "none" : context.Response.StatusCode.ToString())' />
+        </trace>
+        <choose>
+            <!-- A terminal 409 or 429 is returned unchanged because the matrix does not classify it as failover. -->
+            <!-- Reaching this branch means the listed infrastructure failures persisted through the regional retry chain. -->
+            <when condition="@(context.Response != null &amp;&amp; (context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504))">
+                <trace source="InferenceFailover" severity="error">
+                    <message>@("InferenceFallbackExhausted|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + context.Response.StatusCode.ToString())</message>
+                    <metadata name="EventName" value="InferenceFallbackExhausted" />
+                    <metadata name="RequestId" value="@(context.RequestId.ToString())" />
+                    <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
+                    <metadata name="BackendResponseCode" value="@(context.Response.StatusCode.ToString())" />
+                </trace>
+                <return-response>
+                    <set-status code="503" reason="Inference Service Unavailable" />
+                    <set-header name="X-Backend-Retry" exists-action="override">
+                        <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
+                    </set-header>
+                    <set-header name="Content-Type" exists-action="override">
+                        <value>application/json</value>
+                    </set-header>
+                    <set-body>{"error":"Inference service is temporarily unavailable."}</set-body>
+                </return-response>
+            </when>
+        </choose>
+        <base />
+    </outbound>
+    <on-error>
+        <set-header name="X-Backend-Retry" exists-action="override">
+            <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
+        </set-header>
+        <choose>
+            <!-- DNS, TCP/TLS connection, and backend timeout failures have no HTTP status code. -->
+            <!-- Normalize only upstream transport reasons; ClientConnectionFailure remains a native APIM error. -->
+            <when condition="@(context.LastError != null &amp;&amp; (context.LastError.Reason == &quot;BackendConnectionFailure&quot; || context.LastError.Reason == &quot;Timeout&quot;))">
+                <trace source="InferenceFailover" severity="error">
+                    <message>@("InferenceTransportFailure|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|reason=" + context.LastError.Reason)</message>
+                    <metadata name="EventName" value="InferenceTransportFailure" />
+                    <metadata name="RequestId" value="@(context.RequestId.ToString())" />
+                    <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
+                    <metadata name="Reason" value="@(context.LastError.Reason)" />
+                </trace>
+                <return-response>
+                    <set-status code="503" reason="Inference Service Unavailable" />
+                    <set-header name="X-Backend-Retry" exists-action="override">
+                        <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
+                    </set-header>
+                    <set-header name="Content-Type" exists-action="override">
+                        <value>application/json</value>
+                    </set-header>
+                    <set-body>{"error":"Inference service is temporarily unavailable."}</set-body>
+                </return-response>
+            </when>
+        </choose>
+        <base />
+    </on-error>
+</policies>
diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index 486361e0..37fcb822 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -17,7 +17,7 @@
    "source": [
     "## What This Sample Does\n",
     "\n",
-    "- Deploys nine regional `Standard` Azure OpenAI deployments at `1` thousand TPM for deliberate pressure testing.\n",
+    "- Deploys nine regional `Standard` Azure OpenAI deployments at one-thousand tokens-per-minute (`1,000 TPM`) for deliberate pressure testing.\n",
     "- Exposes only `POST /inference/gpt-5-1/chat/completions` and `POST /inference/gpt-4-1-mini/chat/completions`.\n",
     "- Routes each model through its own APIM backend pool, with managed identity authentication, TLS validation, circuit breaking, and buffered retries.\n",
     "- Captures AOAI request, response, latency, and token telemetry in an Azure Monitor Workbook and in the verification charts below."
@@ -92,9 +92,14 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "import importlib\n",
+    "import sys\n",
+    "from pathlib import Path\n",
+    "\n",
+    "# APIM Samples imports\n",
     "import azure_resources as az\n",
     "import utils\n",
-    "from apimtypes import API, APIM_SKU, APIOperation, HTTP_VERB, INFRASTRUCTURE, Region\n",
+    "from apimtypes import APIM_SKU, INFRASTRUCTURE, Region\n",
     "from console import print_ok\n",
     "\n",
     "# ------------------------------\n",
@@ -134,12 +139,44 @@
     ")\n",
     "current_user, current_user_id, tenant_id, subscription_id = az.get_account_info()\n",
     "\n",
+    "sample_dir = str(Path(utils.determine_policy_path('inference_failover_helpers.py', sample_folder)).parent)\n",
+    "if sample_dir not in sys.path:\n",
+    "    sys.path.insert(0, sample_dir)\n",
+    "inference_failover_helpers = importlib.import_module('inference_failover_helpers')\n",
+    "utils.enable_module_autoreload('inference_failover_helpers')\n",
+    "\n",
+    "print_ok('Notebook initialized')"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "82b93a92",
+   "metadata": {},
+   "source": [
+    "## Deploy Inference Gateway Resources\n",
+    "\n",
+    "Deploy the regional Azure OpenAI constellation, APIM backends and pools, retry fragment, LLM diagnostic wiring, two APIs, AOAI-only workbook, and optional regional Event Hub telemetry stream into the selected infrastructure resource group."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "d64811cc",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# APIM Samples imports\n",
+    "from apimtypes import API, APIOperation, HTTP_VERB\n",
+    "from console import print_ok, print_val\n",
+    "\n",
     "policy_template = utils.read_policy_xml('inference-api-policy.xml', sample_name=sample_folder)\n",
     "\n",
+    "\n",
     "def build_inference_policy(backend_pool_id: str, retry_count: int) -> str:\n",
-    "    \"\"\"Build one model-safe inference API policy from the shared template.\"\"\"\n",
+    "    \"\"\"Build one model-safe inference API policy from the sample template.\"\"\"\n",
     "    return policy_template.replace('BACKEND_POOL_ID', backend_pool_id).replace('RETRY_COUNT', str(retry_count))\n",
     "\n",
+    "\n",
     "chat_operation = APIOperation(\n",
     "    'chat-completions',\n",
     "    'Chat Completions',\n",
@@ -169,60 +206,118 @@
     ")\n",
     "apis = [gpt_5_1_api, gpt_4_1_mini_api]\n",
     "\n",
-    "print_ok('Notebook initialized')"
+    "bicep_parameters = {\n",
+    "    'location': {'value': rg_location},\n",
+    "    'index': {'value': index},\n",
+    "    'apis': {'value': [api.to_dict() for api in apis]},\n",
+    "    'enableEventHubExport': {'value': enable_event_hub_export},\n",
+    "}\n",
+    "output = nb_helper.deploy_sample(bicep_parameters)\n",
+    "deployment_context = nb_helper.get_deployment_context(output)\n",
+    "apim_name = deployment_context.apim_name\n",
+    "apim_gateway_url = deployment_context.apim_gateway_url\n",
+    "api_outputs = deployment_context.apis\n",
+    "log_analytics_name = output.get('logAnalyticsWorkspaceName', 'Log Analytics Workspace Name')\n",
+    "log_analytics_id = output.get('logAnalyticsWorkspaceId', 'Log Analytics Workspace ID')\n",
+    "workbook_name = output.get('workbookName', 'Workbook Name')\n",
+    "workbook_id = output.get('workbookId', 'Workbook ID')\n",
+    "event_hub_export_enabled = output.get('eventHubExportEnabled', 'Event Hub export enabled')\n",
+    "event_hub_namespace_id = output.get('eventHubNamespaceId', 'Event Hubs namespace ID')\n",
+    "event_hub_namespace_name = output.get('eventHubNamespaceName', 'Event Hubs namespace name')\n",
+    "event_hub_id = output.get('eventHubId', 'Event Hub ID')\n",
+    "event_hub_name = output.get('eventHubName', 'Event Hub name')\n",
+    "event_hub_consumer_group_name = output.get('eventHubConsumerGroupName', 'Event Hub consumer group name')\n",
+    "event_hub_location = output.get('eventHubLocation', 'Event Hubs namespace location')\n",
+    "api_keys = {api_output['name']: api_output['subscriptionPrimaryKey'] for api_output in api_outputs}\n",
+    "print_val('Workbook', workbook_name)\n",
+    "print_val('Event Hub export enabled', event_hub_export_enabled)\n",
+    "if event_hub_export_enabled:\n",
+    "    print_val('Event Hubs namespace', event_hub_namespace_name)\n",
+    "    print_val('Event Hub', event_hub_name)\n",
+    "    print_val('Event Hub consumer group', event_hub_consumer_group_name)\n",
+    "    print_val('Event Hubs location', event_hub_location)\n",
+    "print_ok('Inference failover deployment completed successfully')"
    ]
   },
   {
    "cell_type": "markdown",
-   "id": "82b93a92",
+   "id": "bae18eff",
    "metadata": {},
    "source": [
-    "## Deploy Inference Gateway Resources\n",
+    "## Deterministic Gateway Contract Probes\n",
     "\n",
-    "Deploy the regional Azure OpenAI constellation, APIM backends and pools, retry fragment, LLM diagnostic wiring, two APIs, AOAI-only workbook, and optional regional Event Hub telemetry stream into the selected infrastructure resource group."
+    "Verify the status codes that the deployed gateway can reproduce safely and consistently before generating load:\n",
+    "\n",
+    "| Probe | Trigger | Expected result |\n",
+    "| --- | --- | --- |\n",
+    "| Healthy request | Valid chat-completions payload and subscription key | `200` with `X-Backend-Retry: 0` |\n",
+    "| Client error | Truncated JSON sent to Azure OpenAI | `400` with `X-Backend-Retry: 0` |\n",
+    "| Authentication error | Omit the APIM subscription key | Gateway `401` before the inference policy runs |\n",
+    "| Configuration error | Call an unknown APIM operation | Gateway `404` before the inference policy runs |\n",
+    "\n",
+    "The `401` and gateway-level `404` intentionally have no `X-Backend-Retry` header because API matching or subscription validation rejects them before the inference policy executes. See the README's **Failure Test Coverage** section for controlled `403`, both `409` branches, deterministic `429`, infrastructure statuses, DNS/TLS failures, timeouts, and true caller disconnects."
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "d64811cc",
+   "id": "1b9bc26c",
    "metadata": {},
    "outputs": [],
    "source": [
-    "from console import print_ok, print_val\n",
+    "# APIM Samples imports\n",
+    "from apimtesting import ApimTesting\n",
+    "from console import print_error, print_ok\n",
     "\n",
-    "bicep_parameters = {\n",
-    "    'location': {'value': rg_location},\n",
-    "    'index': {'value': index},\n",
-    "    'apis': {'value': [api.to_dict() for api in apis]},\n",
-    "    'enableEventHubExport': {'value': enable_event_hub_export},\n",
+    "if 'api_keys' not in locals():\n",
+    "    print_error('Please run the deployment cell first')\n",
+    "    raise SystemExit(1)\n",
+    "\n",
+    "probe_api_name = 'inference-gpt-5-1'\n",
+    "probe_subscription_key = api_keys.get(probe_api_name)\n",
+    "if not probe_subscription_key:\n",
+    "    print_error(f'Missing API subscription key for {probe_api_name}')\n",
+    "    raise SystemExit(1)\n",
+    "\n",
+    "probe_endpoint_url, probe_request_headers, probe_allow_insecure_tls = utils.get_endpoint(deployment, rg_name, apim_gateway_url)\n",
+    "probe_route = f'{probe_endpoint_url}/{api_prefix}/gpt-5-1/chat/completions'\n",
+    "unknown_operation_route = f'{probe_endpoint_url}/{api_prefix}/gpt-5-1/not-an-operation'\n",
+    "probe_payload = {\n",
+    "    'messages': [{'role': 'user', 'content': 'Return the word ready.'}],\n",
+    "    'max_completion_tokens': 16,\n",
     "}\n",
-    "output = nb_helper.deploy_sample(bicep_parameters)\n",
+    "contract_tests = ApimTesting('Inference Gateway Contract Probes', sample_folder, nb_helper.deployment)\n",
+    "\n",
+    "with inference_failover_helpers.InferenceTrafficRunner(\n",
+    "    probe_endpoint_url,\n",
+    "    probe_request_headers,\n",
+    "    probe_allow_insecure_tls,\n",
+    ") as probe_runner:\n",
+    "    probe_results = probe_runner.run_contract_probes(\n",
+    "        probe_route,\n",
+    "        unknown_operation_route,\n",
+    "        probe_subscription_key,\n",
+    "        probe_payload,\n",
+    "    )\n",
+    "\n",
+    "contract_tests.verify(probe_results.success.status_code, 200, label='Valid inference request returns HTTP 200')\n",
+    "contract_tests.verify(probe_results.success.headers.get('X-Backend-Retry'), '0', label='Healthy response performs no backend retry')\n",
+    "contract_tests.verify(probe_results.malformed.status_code, 400, label='Malformed JSON returns backend HTTP 400')\n",
+    "contract_tests.verify(probe_results.malformed.headers.get('X-Backend-Retry'), '0', label='HTTP 400 is not retried')\n",
+    "contract_tests.verify(probe_results.missing_key.status_code, 401, label='Missing APIM subscription key returns HTTP 401')\n",
+    "contract_tests.verify(\n",
+    "    'X-Backend-Retry' in probe_results.missing_key.headers,\n",
+    "    False,\n",
+    "    label='Gateway HTTP 401 occurs before the inference policy',\n",
+    ")\n",
+    "contract_tests.verify(probe_results.unknown_operation.status_code, 404, label='Unknown APIM operation returns HTTP 404')\n",
+    "contract_tests.verify(\n",
+    "    'X-Backend-Retry' in probe_results.unknown_operation.headers,\n",
+    "    False,\n",
+    "    label='Gateway HTTP 404 occurs before the inference policy',\n",
+    ")\n",
     "\n",
-    "if output.success:\n",
-    "    apim_name = output.get('apimServiceName', 'APIM Service Name')\n",
-    "    apim_gateway_url = output.get('apimResourceGatewayURL', 'APIM API Gateway URL')\n",
-    "    log_analytics_name = output.get('logAnalyticsWorkspaceName', 'Log Analytics Workspace Name')\n",
-    "    log_analytics_id = output.get('logAnalyticsWorkspaceId', 'Log Analytics Workspace ID')\n",
-    "    workbook_name = output.get('workbookName', 'Workbook Name')\n",
-    "    workbook_id = output.get('workbookId', 'Workbook ID')\n",
-    "    event_hub_export_enabled = output.get('eventHubExportEnabled', 'Event Hub export enabled')\n",
-    "    event_hub_namespace_id = output.get('eventHubNamespaceId', 'Event Hubs namespace ID')\n",
-    "    event_hub_namespace_name = output.get('eventHubNamespaceName', 'Event Hubs namespace name')\n",
-    "    event_hub_id = output.get('eventHubId', 'Event Hub ID')\n",
-    "    event_hub_name = output.get('eventHubName', 'Event Hub name')\n",
-    "    event_hub_consumer_group_name = output.get('eventHubConsumerGroupName', 'Event Hub consumer group name')\n",
-    "    event_hub_location = output.get('eventHubLocation', 'Event Hubs namespace location')\n",
-    "    api_outputs = output.getJson('apiOutputs', 'Inference API outputs', secure=True)\n",
-    "    api_keys = {api_output['name']: api_output['subscriptionPrimaryKey'] for api_output in api_outputs}\n",
-    "    print_val('Workbook', workbook_name)\n",
-    "    print_val('Event Hub export enabled', event_hub_export_enabled)\n",
-    "    if event_hub_export_enabled:\n",
-    "        print_val('Event Hubs namespace', event_hub_namespace_name)\n",
-    "        print_val('Event Hub', event_hub_name)\n",
-    "        print_val('Event Hub consumer group', event_hub_consumer_group_name)\n",
-    "        print_val('Event Hubs location', event_hub_location)\n",
-    "    print_ok('Inference failover deployment completed successfully')\n"
+    "print_ok('Deterministic gateway contract probes completed')"
    ]
   },
   {
@@ -252,13 +347,8 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "import json\n",
-    "import time\n",
-    "\n",
-    "import requests as http_requests\n",
-    "\n",
+    "# APIM Samples imports\n",
     "from apimtesting import ApimTesting\n",
-    "from apimtypes import SUBSCRIPTION_KEY_PARAMETER_NAME\n",
     "from console import print_error, print_info, print_message, print_ok\n",
     "\n",
     "if 'api_keys' not in locals():\n",
@@ -303,220 +393,105 @@
     "    'max_completion_tokens': max_completion_tokens,\n",
     "}\n",
     "\n",
-    "\n",
-    "def get_backend_index(backend_url: str, backend_url_index: dict[str, int]) -> int:\n",
-    "    \"\"\"Return the chart index for an `X-Backend-URL` value, or 99 when no known marker matches.\"\"\"\n",
-    "    return next((index for url_marker, index in backend_url_index.items() if url_marker in backend_url), 99)\n",
-    "\n",
-    "\n",
-    "def get_backend_retry(response) -> int:\n",
-    "    \"\"\"Return the caller-visible retry count, stopping when the required header is invalid.\"\"\"\n",
-    "    retry_header = response.headers.get('X-Backend-Retry')\n",
-    "    if retry_header is None:\n",
-    "        print_error('Required X-Backend-Retry response header is missing.')\n",
-    "        raise SystemExit(1)\n",
-    "\n",
-    "    try:\n",
-    "        backend_retry = int(retry_header)\n",
-    "    except ValueError:\n",
-    "        print_error(f'Invalid X-Backend-Retry response header: {retry_header}')\n",
-    "        raise SystemExit(1) from None\n",
-    "\n",
-    "    if backend_retry < 0:\n",
-    "        print_error(f'Invalid negative X-Backend-Retry response header: {backend_retry}')\n",
-    "        raise SystemExit(1)\n",
-    "\n",
-    "    return backend_retry\n",
-    "\n",
-    "\n",
-    "def fail_on_unexpected_status(response) -> None:\n",
-    "    \"\"\"Stop immediately when a scenario receives a response outside the captured HTTP outcomes.\"\"\"\n",
-    "    if response.status_code == 200 or 400 <= response.status_code < 600:\n",
-    "        return\n",
-    "\n",
-    "    print_error(f'Unexpected HTTP {response.status_code} response from the inference route.')\n",
-    "    print_error(f'Response body: {response.text}')\n",
-    "    raise SystemExit(1)\n",
-    "\n",
-    "\n",
-    "def run_inference_scenario(session, route, subscription_key, payload, runs, backend_url_index, scenario_label, sleep_ms = 0):\n",
-    "    \"\"\"Send `runs` POSTs through one route, attributing each response to its resolved backend URL.\"\"\"\n",
-    "    results = []\n",
-    "    url = f'{endpoint_url}/{route}'\n",
-    "    print_message(scenario_label, blank_above = True)\n",
-    "    print_info(f'POST {url}')\n",
-    "\n",
-    "    for run_index in range(1, runs + 1):\n",
-    "        start_time = time.time()\n",
-    "        response = session.post(\n",
-    "            url,\n",
-    "            headers = {SUBSCRIPTION_KEY_PARAMETER_NAME: subscription_key},\n",
-    "            json = payload,\n",
-    "            timeout = 120,\n",
-    "        )\n",
-    "        response_time = time.time() - start_time\n",
-    "\n",
-    "        backend_url = response.headers.get('X-Backend-URL', 'unknown')\n",
-    "        backend_retry = get_backend_retry(response)\n",
-    "        print_info(f'Run {run_index}/{runs}: {response.status_code} via {backend_url}; X-Backend-Retry={backend_retry} ({response_time:.2f}s)')\n",
-    "        fail_on_unexpected_status(response)\n",
-    "        if 400 <= response.status_code < 600:\n",
-    "            print_info(f'Captured error response body: {response.text}')\n",
-    "        backend_index = get_backend_index(backend_url, backend_url_index)\n",
-    "\n",
-    "        # Inject the URL-derived backend index into the stored body so charts.BarChart colors each successful\n",
-    "        # bar by the resolved backend. Preserve the actual model response separately for inspection.\n",
-    "        response_body = response.text\n",
-    "        if response.status_code == 200:\n",
-    "            response_body = json.dumps({'index': backend_index, 'backendUrl': backend_url, 'backendRetry': backend_retry})\n",
-    "\n",
-    "        results.append({\n",
-    "            'run': run_index,\n",
-    "            'response': response_body,\n",
-    "            'model_response': response.text,\n",
-    "            'status_code': response.status_code,\n",
-    "            'response_time': response_time,\n",
-    "            'headers': dict(response.headers),\n",
-    "            'backend_url': backend_url,\n",
-    "            'backend_retry': backend_retry,\n",
-    "        })\n",
-    "\n",
-    "        if sleep_ms:\n",
-    "            time.sleep(sleep_ms / 1000)\n",
-    "\n",
-    "    return results\n",
-    "\n",
-    "\n",
-    "def summarize_scenario(results):\n",
-    "    \"\"\"Return success, error-class, status-code, and backend URL summaries for a scenario result list.\"\"\"\n",
-    "    status_code_counts = {}\n",
-    "    for result in results:\n",
-    "        status_code = result['status_code']\n",
-    "        status_code_counts[status_code] = status_code_counts.get(status_code, 0) + 1\n",
-    "\n",
-    "    successes = sum(1 for result in results if result['status_code'] == 200)\n",
-    "    client_errors = sum(1 for result in results if 400 <= result['status_code'] < 500)\n",
-    "    server_errors = sum(1 for result in results if 500 <= result['status_code'] < 600)\n",
-    "    served_backend_urls = sorted({\n",
-    "        result['backend_url']\n",
-    "        for result in results\n",
-    "        if result['status_code'] == 200 and result['backend_url'] != 'unknown'\n",
-    "    })\n",
-    "    return successes, client_errors, server_errors, dict(sorted(status_code_counts.items())), served_backend_urls\n",
-    "\n",
-    "\n",
-    "def summarize_backend_retries(results):\n",
-    "    \"\"\"Return the caller-visible `X-Backend-Retry` distribution for a scenario result list.\"\"\"\n",
-    "    retry_counts = {}\n",
-    "    for result in results:\n",
-    "        backend_retry = result['backend_retry']\n",
-    "        retry_counts[backend_retry] = retry_counts.get(backend_retry, 0) + 1\n",
-    "\n",
-    "    return dict(sorted(retry_counts.items()))\n",
-    "\n",
-    "\n",
-    "tests = ApimTesting('Inference Failover Scenario Tests', sample_folder, nb_helper.deployment)\n",
-    "\n",
-    "session = http_requests.Session()\n",
-    "session.verify = not allow_insecure_tls\n",
-    "if request_headers:\n",
-    "    session.headers.update(request_headers)\n",
-    "session.headers.update({'Content-Type': 'application/json'})\n",
-    "\n",
-    "try:\n",
-    "    # 1/5: Baseline warm path - both routes, small payloads against fresh priority-1 backends.\n",
-    "    scenario1_gpt_5_1 = run_inference_scenario(\n",
-    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], small_payload, gpt_5_1_baseline_runs, gpt_5_1_backend_url_index,\n",
+    "scenarios = [\n",
+    "    inference_failover_helpers.InferenceScenario(\n",
     "        '1/5: Baseline warm path - gpt-5.1',\n",
-    "    )\n",
-    "    scenario1_gpt_4_1_mini = run_inference_scenario(\n",
-    "        session, gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], small_payload, gpt_4_1_mini_baseline_runs, gpt_4_1_mini_backend_url_index,\n",
+    "        gpt_5_1_route,\n",
+    "        api_keys['inference-gpt-5-1'],\n",
+    "        small_payload,\n",
+    "        gpt_5_1_baseline_runs,\n",
+    "        gpt_5_1_backend_url_index,\n",
+    "    ),\n",
+    "    inference_failover_helpers.InferenceScenario(\n",
     "        '1/5: Baseline warm path - gpt-4.1-mini',\n",
-    "    )\n",
-    "    tests.verify(len(scenario1_gpt_5_1), gpt_5_1_baseline_runs)\n",
-    "    tests.verify(len(scenario1_gpt_4_1_mini), gpt_4_1_mini_baseline_runs)\n",
-    "    tests.verify(scenario1_gpt_5_1[0]['status_code'], 200, label = 'gpt-5.1 baseline first request succeeded')\n",
-    "    tests.verify(scenario1_gpt_4_1_mini[0]['status_code'], 200, label = 'gpt-4.1-mini baseline first request succeeded')\n",
-    "\n",
-    "    # 2/5: Sustained pressure on gpt-5.1 - no spacing, drive low-TPM exhaustion and failover.\n",
-    "    time.sleep(2)\n",
-    "    scenario2_gpt_5_1 = run_inference_scenario(\n",
-    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 45, gpt_5_1_backend_url_index,\n",
+    "        gpt_4_1_mini_route,\n",
+    "        api_keys['inference-gpt-4-1-mini'],\n",
+    "        small_payload,\n",
+    "        gpt_4_1_mini_baseline_runs,\n",
+    "        gpt_4_1_mini_backend_url_index,\n",
+    "    ),\n",
+    "    inference_failover_helpers.InferenceScenario(\n",
     "        '2/5: Sustained pressure - gpt-5.1 (no spacing)',\n",
-    "    )\n",
-    "    s2_success, s2_client_errors, s2_server_errors, s2_status_codes, _ = summarize_scenario(scenario2_gpt_5_1)\n",
-    "    tests.verify(len(scenario2_gpt_5_1), 45)\n",
-    "    tests.verify(s2_success > 0, True, label = 'gpt-5.1 sustained pressure still served some requests')\n",
-    "    tests.verify(\n",
-    "        (s2_success + s2_client_errors + s2_server_errors) == len(scenario2_gpt_5_1),\n",
-    "        True,\n",
-    "        label = 'gpt-5.1 sustained pressure captured every request',\n",
-    "    )\n",
-    "    if (s2_client_errors + s2_server_errors) > 0:\n",
-    "        print_info(\n",
-    "            f'gpt-5.1 sustained pressure observed {s2_client_errors} 4xx and {s2_server_errors} 5xx responses: '\n",
-    "            f'{s2_status_codes}'\n",
-    "        )\n",
-    "    else:\n",
-    "        print_info('gpt-5.1 sustained pressure was fully absorbed by priority/weighted failover (no 4xx/5xx)')\n",
-    "\n",
-    "    # 3/5: Sustained pressure on gpt-4.1-mini - the independent pool exhausts on its own.\n",
-    "    time.sleep(2)\n",
-    "    scenario3_gpt_4_1_mini = run_inference_scenario(\n",
-    "        session, gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], pressure_payload, 15, gpt_4_1_mini_backend_url_index,\n",
+    "        gpt_5_1_route,\n",
+    "        api_keys['inference-gpt-5-1'],\n",
+    "        pressure_payload,\n",
+    "        45,\n",
+    "        gpt_5_1_backend_url_index,\n",
+    "    ),\n",
+    "    inference_failover_helpers.InferenceScenario(\n",
     "        '3/5: Sustained pressure - gpt-4.1-mini (no spacing)',\n",
-    "    )\n",
-    "    s3_success, s3_client_errors, s3_server_errors, s3_status_codes, _ = summarize_scenario(scenario3_gpt_4_1_mini)\n",
-    "    tests.verify(len(scenario3_gpt_4_1_mini), 15)\n",
-    "    tests.verify(s3_success > 0, True, label = 'gpt-4.1-mini sustained pressure still served some requests')\n",
-    "    tests.verify(\n",
-    "        (s3_success + s3_client_errors + s3_server_errors) == len(scenario3_gpt_4_1_mini),\n",
-    "        True,\n",
-    "        label = 'gpt-4.1-mini sustained pressure captured every request',\n",
-    "    )\n",
-    "    if (s3_client_errors + s3_server_errors) > 0:\n",
-    "        print_info(\n",
-    "            f'gpt-4.1-mini sustained pressure observed {s3_client_errors} 4xx and {s3_server_errors} 5xx responses: '\n",
-    "            f'{s3_status_codes}'\n",
-    "        )\n",
-    "    else:\n",
-    "        print_info('gpt-4.1-mini sustained pressure was fully absorbed by priority failover (no 4xx/5xx)')\n",
-    "\n",
-    "    # 4/5: Paced recovery on gpt-5.1 - inter-request spacing lets circuit breakers recover.\n",
-    "    time.sleep(2)\n",
-    "    scenario4_gpt_5_1 = run_inference_scenario(\n",
-    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 30, gpt_5_1_backend_url_index,\n",
-    "        '4/5: Paced recovery - gpt-5.1 (1.5s spacing)', sleep_ms = 1500,\n",
-    "    )\n",
-    "    s4_success, _, _, _, _ = summarize_scenario(scenario4_gpt_5_1)\n",
-    "    tests.verify(len(scenario4_gpt_5_1), 30)\n",
-    "    tests.verify(s4_success > 0, True, label = 'gpt-5.1 paced recovery served requests across the window')\n",
-    "\n",
-    "    # 5/5: Terminal exhaustion on gpt-5.1 - a hard burst may drain every tier to the generic 503.\n",
-    "    time.sleep(2)\n",
-    "    scenario5_gpt_5_1 = run_inference_scenario(\n",
-    "        session, gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 35, gpt_5_1_backend_url_index,\n",
+    "        gpt_4_1_mini_route,\n",
+    "        api_keys['inference-gpt-4-1-mini'],\n",
+    "        pressure_payload,\n",
+    "        15,\n",
+    "        gpt_4_1_mini_backend_url_index,\n",
+    "    ),\n",
+    "    inference_failover_helpers.InferenceScenario(\n",
+    "        '4/5: Paced recovery - gpt-5.1 (1.5s spacing)',\n",
+    "        gpt_5_1_route,\n",
+    "        api_keys['inference-gpt-5-1'],\n",
+    "        pressure_payload,\n",
+    "        30,\n",
+    "        gpt_5_1_backend_url_index,\n",
+    "        sleep_ms=1500,\n",
+    "    ),\n",
+    "    inference_failover_helpers.InferenceScenario(\n",
     "        '5/5: Terminal exhaustion - gpt-5.1 (hard burst)',\n",
-    "    )\n",
-    "    s5_success, s5_client_errors, s5_server_errors, s5_status_codes, _ = summarize_scenario(scenario5_gpt_5_1)\n",
-    "    tests.verify(len(scenario5_gpt_5_1), 35)\n",
+    "        gpt_5_1_route,\n",
+    "        api_keys['inference-gpt-5-1'],\n",
+    "        pressure_payload,\n",
+    "        35,\n",
+    "        gpt_5_1_backend_url_index,\n",
+    "    ),\n",
+    "]\n",
+    "\n",
+    "tests = ApimTesting('Inference Failover Scenario Tests', sample_folder, nb_helper.deployment)\n",
+    "scenario_results = []\n",
+    "with inference_failover_helpers.InferenceTrafficRunner(endpoint_url, request_headers, allow_insecure_tls) as traffic_runner:\n",
+    "    for scenario_index, scenario in enumerate(scenarios):\n",
+    "        if scenario_index in (2, 3, 4, 5):\n",
+    "            traffic_runner.pause(2)\n",
+    "        scenario_results.append(traffic_runner.run_scenario(scenario))\n",
+    "\n",
+    "(\n",
+    "    scenario1_gpt_5_1,\n",
+    "    scenario1_gpt_4_1_mini,\n",
+    "    scenario2_gpt_5_1,\n",
+    "    scenario3_gpt_4_1_mini,\n",
+    "    scenario4_gpt_5_1,\n",
+    "    scenario5_gpt_5_1,\n",
+    ") = scenario_results\n",
+    "\n",
+    "tests.verify(len(scenario1_gpt_5_1), gpt_5_1_baseline_runs)\n",
+    "tests.verify(len(scenario1_gpt_4_1_mini), gpt_4_1_mini_baseline_runs)\n",
+    "tests.verify(scenario1_gpt_5_1[0]['status_code'], 200, label='gpt-5.1 baseline first request succeeded')\n",
+    "tests.verify(scenario1_gpt_4_1_mini[0]['status_code'], 200, label='gpt-4.1-mini baseline first request succeeded')\n",
+    "\n",
+    "for scenario_name, results, expected_runs in [\n",
+    "    ('gpt-5.1 sustained pressure', scenario2_gpt_5_1, 45),\n",
+    "    ('gpt-4.1-mini sustained pressure', scenario3_gpt_4_1_mini, 15),\n",
+    "    ('gpt-5.1 paced recovery', scenario4_gpt_5_1, 30),\n",
+    "    ('gpt-5.1 terminal burst', scenario5_gpt_5_1, 35),\n",
+    "]:\n",
+    "    summary = inference_failover_helpers.summarize_scenario(results)\n",
+    "    tests.verify(len(results), expected_runs)\n",
     "    tests.verify(\n",
-    "        (s5_success + s5_client_errors + s5_server_errors) == len(scenario5_gpt_5_1),\n",
+    "        summary.successes + summary.client_errors + summary.server_errors == len(results),\n",
     "        True,\n",
-    "        label = 'gpt-5.1 terminal burst captured every request',\n",
+    "        label=f'{scenario_name} captured every request',\n",
     "    )\n",
-    "    if (s5_client_errors + s5_server_errors) > 0:\n",
+    "    if scenario_name != 'gpt-5.1 terminal burst':\n",
+    "        tests.verify(summary.successes > 0, True, label=f'{scenario_name} served some requests')\n",
+    "    if summary.client_errors + summary.server_errors:\n",
     "        print_info(\n",
-    "            f'gpt-5.1 terminal burst observed {s5_client_errors} 4xx and {s5_server_errors} 5xx responses: '\n",
-    "            f'{s5_status_codes}'\n",
+    "            f'{scenario_name} observed {summary.client_errors} 4xx and {summary.server_errors} 5xx responses: '\n",
+    "            f'{summary.status_code_counts}'\n",
     "        )\n",
     "    else:\n",
-    "        print_info('gpt-5.1 terminal burst was fully absorbed by failover (no 4xx/5xx observed)')\n",
-    "finally:\n",
-    "    session.close()\n",
+    "        print_info(f'{scenario_name} was fully absorbed by failover (no 4xx/5xx)')\n",
     "\n",
-    "print_message('Scenario success / 4xx / 5xx summary', blank_above = True)\n",
-    "for scenario_name, scenario_results in [\n",
+    "print_message('Scenario success / 4xx / 5xx summary', blank_above=True)\n",
+    "for scenario_name, results in [\n",
     "    ('1 baseline gpt-5.1', scenario1_gpt_5_1),\n",
     "    ('1 baseline gpt-4.1-mini', scenario1_gpt_4_1_mini),\n",
     "    ('2 sustained gpt-5.1', scenario2_gpt_5_1),\n",
@@ -524,13 +499,13 @@
     "    ('4 paced gpt-5.1', scenario4_gpt_5_1),\n",
     "    ('5 terminal gpt-5.1', scenario5_gpt_5_1),\n",
     "]:\n",
-    "    n_ok, n_client_errors, n_server_errors, status_code_counts, served_backend_urls = summarize_scenario(scenario_results)\n",
+    "    summary = inference_failover_helpers.summarize_scenario(results)\n",
     "    print_info(\n",
-    "        f'Scenario {scenario_name}: {n_ok} ok, {n_client_errors} 4xx, {n_server_errors} 5xx; '\n",
-    "        f'statuses: {status_code_counts}'\n",
+    "        f'Scenario {scenario_name}: {summary.successes} ok, {summary.client_errors} 4xx, {summary.server_errors} 5xx; '\n",
+    "        f'statuses: {summary.status_code_counts}'\n",
     "    )\n",
-    "    print_info(f'Observed X-Backend-Retry values: {summarize_backend_retries(scenario_results)}')\n",
-    "    print_info(f'Observed X-Backend-URL values: {served_backend_urls}')\n",
+    "    print_info(f'Observed X-Backend-Retry values: {summary.retry_counts}')\n",
+    "    print_info(f'Observed X-Backend-URL values: {summary.served_backend_urls}')\n",
     "\n",
     "tests.print_summary()\n",
     "if tests.tests_failed:\n",
@@ -786,6 +761,7 @@
    "source": [
     "from pathlib import Path\n",
     "\n",
+    "# APIM Samples imports\n",
     "from console import print_error, print_ok, print_warning\n",
     "\n",
     "if 'log_analytics_id' not in locals():\n",
@@ -794,7 +770,7 @@
     "\n",
     "api_ids_binding = \"let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);\\n\"\n",
     "time_binding = 'let timeWindow = 30m;\\n'\n",
-    "queries_path = Path(utils.determine_policy_path('queries', sample_folder))\n",
+    "queries_path = Path(utils.get_project_root()) / 'samples' / sample_folder / 'queries'\n",
     "verify_template = (queries_path / 'verify-llm-ingestion.kql').read_text(encoding='utf-8')\n",
     "verification_query = time_binding + api_ids_binding + verify_template\n",
     "telemetry_found, telemetry_result, telemetry_rows = nb_helper.wait_for_kql(\n",
@@ -841,36 +817,7 @@
     "# APIM Samples imports\n",
     "from console import print_info, print_warning\n",
     "\n",
-    "\n",
-    "def with_backend_identifier(frame: pd.DataFrame) -> pd.DataFrame:\n",
-    "    \"\"\"Return a telemetry frame with a compact backend identifier.\"\"\"\n",
-    "    if 'Backend URL' not in frame.columns:\n",
-    "        return frame\n",
-    "    if 'Backend' not in frame.columns:\n",
-    "        backend_identifiers = frame['Backend URL'].str.extract(r'/deployments/([a-z])-', expand=False).fillna('')\n",
-    "        frame.insert(1, 'Backend', backend_identifiers)\n",
-    "    else:\n",
-    "        frame['Backend'] = frame['Backend'].replace('?', '')\n",
-    "\n",
-    "    return frame\n",
-    "\n",
-    "\n",
-    "def format_gateway_distribution(frame: pd.DataFrame) -> pd.DataFrame:\n",
-    "    \"\"\"Return gateway distribution values formatted for display.\"\"\"\n",
-    "    display_frame = frame.copy()\n",
-    "    average_backend_ms = pd.to_numeric(display_frame['AverageBackendMs'].astype(str).str.replace(',', '', regex=False), errors='coerce')\n",
-    "    success_rate = pd.to_numeric(display_frame['SuccessRate'].astype(str).str.rstrip('%'), errors='coerce')\n",
-    "    display_frame['AverageBackendMs'] = average_backend_ms.map(lambda value: '' if pd.isna(value) else f'{value:,.1f}')\n",
-    "    display_frame['SuccessRate'] = success_rate.map(lambda value: '' if pd.isna(value) else f'{value:.2f}%')\n",
-    "    if 'Backend URL' in display_frame.columns:\n",
-    "        backend_names = display_frame['Backend URL'].str.extract(r'/deployments/([a-z]-[^/]+)', expand=False).fillna('')\n",
-    "        display_frame['Backend'] = backend_names.str.replace('-', ') ', n=1, regex=False)\n",
-    "        display_frame = display_frame.drop(columns=['Backend URL'])\n",
-    "\n",
-    "    return display_frame\n",
-    "\n",
-    "\n",
-    "queries_path = Path(utils.determine_policy_path('queries', sample_folder))\n",
+    "queries_path = Path(utils.get_project_root()) / 'samples' / sample_folder / 'queries'\n",
     "distribution_template = (queries_path / 'backend-distribution.kql').read_text(encoding='utf-8')\n",
     "token_template = (queries_path / 'token-throughput.kql').read_text(encoding='utf-8')\n",
     "bindings = \"let timeWindow = 1h;\\nlet apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini']);\\n\"\n",
@@ -898,8 +845,8 @@
     "        distribution_rows,\n",
     "        columns=['API', 'Backend URL', 'Requests', 'Successes', 'Throttled', 'Failures', 'AverageBackendMs', 'SuccessRate'],\n",
     "    )\n",
-    "    distribution_frame = with_backend_identifier(distribution_frame)\n",
-    "    distribution_frame = format_gateway_distribution(distribution_frame)\n",
+    "    distribution_frame = inference_failover_helpers.with_backend_identifier(distribution_frame)\n",
+    "    distribution_frame = inference_failover_helpers.format_gateway_distribution(distribution_frame)\n",
     "    display(distribution_frame)\n",
     "    distribution_frame.pivot(index='API', columns='Backend', values='Requests').fillna(0).plot(\n",
     "        kind='bar',\n",
@@ -914,8 +861,8 @@
     "    print_warning('No gateway distribution rows returned yet')\n",
     "    cached_distribution_frame = locals().get('distribution_frame')\n",
     "    if cached_distribution_frame is not None:\n",
-    "        distribution_frame = with_backend_identifier(cached_distribution_frame)\n",
-    "        distribution_frame = format_gateway_distribution(distribution_frame)\n",
+    "        distribution_frame = inference_failover_helpers.with_backend_identifier(cached_distribution_frame)\n",
+    "        distribution_frame = inference_failover_helpers.format_gateway_distribution(distribution_frame)\n",
     "\n",
     "if tokens_found:\n",
     "    ipython_display(IPythonMarkdown(\n",
@@ -928,7 +875,7 @@
     "        token_rows,\n",
     "        columns=['API', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens'],\n",
     "    )\n",
-    "    token_frame = with_backend_identifier(token_frame)\n",
+    "    token_frame = inference_failover_helpers.with_backend_identifier(token_frame)\n",
     "    display(token_frame)\n",
     "    token_frame.groupby('API')['TotalTokens'].sum().plot(\n",
     "        kind='bar',\n",
@@ -944,7 +891,7 @@
     "    print_info('No token rows returned yet; successful inference rows may still be ingesting')\n",
     "    cached_token_frame = locals().get('token_frame')\n",
     "    if cached_token_frame is not None:\n",
-    "        token_frame = with_backend_identifier(cached_token_frame)"
+    "        token_frame = inference_failover_helpers.with_backend_identifier(cached_token_frame)"
    ]
   },
   {
@@ -957,6 +904,17 @@
     "Create a self-contained local HTML report with test totals, scenario outcomes, response-time graphs, telemetry tables, and telemetry graphs. The closing cell prints a link to the generated file."
    ]
   },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "0eca8e66",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "get_backend_index = inference_failover_helpers.get_backend_index\n",
+    "with_backend_identifier = inference_failover_helpers.with_backend_identifier"
+   ]
+  },
   {
    "cell_type": "code",
    "execution_count": null,
diff --git a/samples/inference-failover/inference-api-policy.xml b/samples/inference-failover/inference-api-policy.xml
deleted file mode 100644
index c6c46e14..00000000
--- a/samples/inference-failover/inference-api-policy.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<!--
-    Inference API policy template.
-
-    The notebook replaces BACKEND_POOL_ID and RETRY_COUNT for each model-safe API.
-    Managed identity authentication is applied after pool selection, so every selected
-    Azure OpenAI backend receives a bearer token rather than an API key.
--->
-<policies>
-    <inbound>
-        <base />
-        <set-variable name="backendAttempt" value="@(0)" />
-        <set-backend-service backend-id="BACKEND_POOL_ID" />
-        <authentication-managed-identity resource="https://cognitiveservices.azure.com" output-token-variable-name="managed-id-access-token" ignore-error="false" />
-        <set-header name="Authorization" exists-action="override">
-            <value>@("Bearer " + (string)context.Variables["managed-id-access-token"])</value>
-        </set-header>
-        <set-header name="x-ms-client-request-id" exists-action="override">
-            <value>@(context.RequestId.ToString())</value>
-        </set-header>
-        <set-query-parameter name="api-version" exists-action="skip">
-            <value>2024-10-21</value>
-        </set-query-parameter>
-        <trace source="InferenceFailover" severity="information">
-            <message>@("InferenceRequestAccepted|requestId=" + context.RequestId.ToString())</message>
-            <metadata name="EventName" value="InferenceRequestAccepted" />
-            <metadata name="RequestId" value="@(context.RequestId.ToString())" />
-        </trace>
-    </inbound>
-    <backend>
-        <retry count="RETRY_COUNT" interval="1" first-fast-retry="true" condition="@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503))">
-            <set-variable name="backendAttempt" value='@(((int)context.Variables["backendAttempt"]) + 1)' />
-            <forward-request buffer-request-body="true" />
-            <trace source="InferenceFailover" severity="information">
-                <message>@("InferenceBackendAttemptComplete|attempt=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()) + "|willRetry=" + (context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503)).ToString())</message>
-                <metadata name="EventName" value="InferenceBackendAttemptComplete" />
-                <metadata name="RequestId" value="@(context.RequestId.ToString())" />
-                <metadata name="Attempt" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
-                <metadata name="BackendResponseCode" value='@(context.Response == null ? "none" : context.Response.StatusCode.ToString())' />
-                <metadata name="WillRetry" value='@((context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503)).ToString())' />
-            </trace>
-        </retry>
-    </backend>
-    <outbound>
-        <set-header name="X-Backend-Retry" exists-action="override">
-            <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
-        </set-header>
-        <trace source="InferenceFailover" severity="information">
-            <message>@("InferenceGatewayResponse|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()))</message>
-            <metadata name="EventName" value="InferenceGatewayResponse" />
-            <metadata name="RequestId" value="@(context.RequestId.ToString())" />
-            <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
-            <metadata name="BackendResponseCode" value='@(context.Response == null ? "none" : context.Response.StatusCode.ToString())' />
-        </trace>
-        <choose>
-            <when condition="@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503))">
-                <trace source="InferenceFailover" severity="error">
-                    <message>@("InferenceFallbackExhausted|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + context.Response.StatusCode.ToString())</message>
-                    <metadata name="EventName" value="InferenceFallbackExhausted" />
-                    <metadata name="RequestId" value="@(context.RequestId.ToString())" />
-                    <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
-                    <metadata name="BackendResponseCode" value="@(context.Response.StatusCode.ToString())" />
-                </trace>
-                <return-response>
-                    <set-status code="503" reason="Inference Service Unavailable" />
-                    <set-header name="X-Backend-Retry" exists-action="override">
-                        <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
-                    </set-header>
-                    <set-header name="Content-Type" exists-action="override">
-                        <value>application/json</value>
-                    </set-header>
-                    <set-body>{"error":"Inference service is temporarily unavailable."}</set-body>
-                </return-response>
-            </when>
-        </choose>
-        <base />
-    </outbound>
-    <on-error>
-        <set-header name="X-Backend-Retry" exists-action="override">
-            <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
-        </set-header>
-        <base />
-    </on-error>
-</policies>
diff --git a/samples/inference-failover/inference_failover_helpers.py b/samples/inference-failover/inference_failover_helpers.py
new file mode 100644
index 00000000..ab6d4601
--- /dev/null
+++ b/samples/inference-failover/inference_failover_helpers.py
@@ -0,0 +1,276 @@
+"""Runtime helpers for the inference-failover sample notebook."""
+
+import json
+import time
+from collections.abc import Callable, Mapping
+from dataclasses import dataclass
+from typing import Any
+
+import pandas as pd
+import requests as http_requests
+
+# APIM Samples imports
+from apimtypes import SUBSCRIPTION_KEY_PARAMETER_NAME
+from console import print_info, print_message
+
+
+@dataclass(frozen=True)
+class InferenceScenario:
+    """Describe one inference traffic scenario."""
+
+    label: str
+    route: str
+    subscription_key: str
+    payload: dict[str, Any]
+    runs: int
+    backend_url_index: Mapping[str, int]
+    sleep_ms: int = 0
+
+
+@dataclass(frozen=True)
+class ContractProbeResults:
+    """Contain deterministic gateway contract responses."""
+
+    success: http_requests.Response
+    malformed: http_requests.Response
+    missing_key: http_requests.Response
+    unknown_operation: http_requests.Response
+
+
+@dataclass(frozen=True)
+class InferenceScenarioSummary:
+    """Contain normalized outcome counts for one scenario."""
+
+    successes: int
+    client_errors: int
+    server_errors: int
+    status_code_counts: dict[int, int]
+    served_backend_urls: list[str]
+    retry_counts: dict[int, int]
+
+
+class InferenceTrafficRunner:
+    """Run inference traffic while owning one reusable HTTP session."""
+
+    def __init__(
+        self,
+        endpoint_url: str,
+        request_headers: Mapping[str, str] | None,
+        allow_insecure_tls: bool,
+        *,
+        session_factory: Callable[[], http_requests.Session] = http_requests.Session,
+        sleep: Callable[[float], None] = time.sleep,
+        clock: Callable[[], float] = time.perf_counter,
+    ) -> None:
+        self.endpoint_url = endpoint_url.rstrip('/')
+        self.request_headers = dict(request_headers or {})
+        self.allow_insecure_tls = allow_insecure_tls
+        self._session_factory = session_factory
+        self._sleep = sleep
+        self._clock = clock
+        self._session: http_requests.Session | None = None
+
+    def __enter__(self) -> 'InferenceTrafficRunner':
+        self._get_session()
+
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback) -> None:
+        self.close()
+
+    def close(self) -> None:
+        """Close the HTTP session owned by the runner."""
+        if self._session is not None:
+            self._session.close()
+            self._session = None
+
+    def pause(self, seconds: float) -> None:
+        """Pause between scenarios through the injectable sleep boundary."""
+        if seconds < 0:
+            raise ValueError('Pause duration must not be negative.')
+        if seconds > 0:
+            self._sleep(seconds)
+
+    def run_contract_probes(
+        self,
+        route: str,
+        unknown_operation_route: str,
+        subscription_key: str,
+        payload: dict[str, Any],
+    ) -> ContractProbeResults:
+        """Run the deterministic success, client, authentication, and routing probes."""
+        session = self._get_session()
+        probe_headers = {SUBSCRIPTION_KEY_PARAMETER_NAME: subscription_key}
+
+        return ContractProbeResults(
+            success=session.post(route, headers=probe_headers, json=payload, timeout=120),
+            malformed=session.post(route, headers=probe_headers, data='{"messages":', timeout=120),
+            missing_key=session.post(route, json=payload, timeout=120),
+            unknown_operation=session.post(unknown_operation_route, headers=probe_headers, json=payload, timeout=120),
+        )
+
+    def run_scenario(self, scenario: InferenceScenario) -> list[dict[str, Any]]:
+        """Run one inference scenario and return chart-compatible response records."""
+        if scenario.runs < 1:
+            raise ValueError('Scenario runs must be at least 1.')
+        if scenario.sleep_ms < 0:
+            raise ValueError('Scenario sleep must not be negative.')
+
+        session = self._get_session()
+        url = f'{self.endpoint_url}/{scenario.route.lstrip("/")}'
+        print_message(scenario.label, blank_above=True)
+        print_info(f'POST {url}')
+        results: list[dict[str, Any]] = []
+
+        for run_index in range(1, scenario.runs + 1):
+            started_at = self._clock()
+            response = session.post(
+                url,
+                headers={SUBSCRIPTION_KEY_PARAMETER_NAME: scenario.subscription_key},
+                json=scenario.payload,
+                timeout=120,
+            )
+            response_time = self._clock() - started_at
+            backend_url = response.headers.get('X-Backend-URL', 'unknown')
+            backend_retry = parse_backend_retry(response)
+            validate_status(response)
+            print_info(
+                f'Run {run_index}/{scenario.runs}: {response.status_code} via {backend_url}; X-Backend-Retry={backend_retry} ({response_time:.2f}s)'
+            )
+            if 400 <= response.status_code < 600:
+                print_info(f'Captured error response body: {response.text}')
+
+            response_body = response.text
+            if response.status_code == 200:
+                response_body = json.dumps(
+                    {
+                        'index': get_backend_index(backend_url, scenario.backend_url_index),
+                        'backendUrl': backend_url,
+                        'backendRetry': backend_retry,
+                    }
+                )
+
+            results.append(
+                {
+                    'run': run_index,
+                    'response': response_body,
+                    'model_response': response.text,
+                    'status_code': response.status_code,
+                    'response_time': response_time,
+                    'headers': dict(response.headers),
+                    'backend_url': backend_url,
+                    'backend_retry': backend_retry,
+                }
+            )
+
+            if scenario.sleep_ms and run_index < scenario.runs:
+                self._sleep(scenario.sleep_ms / 1000)
+
+        return results
+
+    def _get_session(self) -> http_requests.Session:
+        if self._session is None:
+            self._session = self._session_factory()
+            self._session.verify = not self.allow_insecure_tls
+            self._session.headers.update(self.request_headers)
+            self._session.headers.update({'Content-Type': 'application/json'})
+
+        return self._session
+
+
+def get_backend_index(backend_url: str, backend_url_index: Mapping[str, int]) -> int:
+    """Return the chart index for a backend URL, or 99 when no marker matches."""
+    return next((backend_index for marker, backend_index in backend_url_index.items() if marker in backend_url), 99)
+
+
+def parse_backend_retry(response: http_requests.Response) -> int:
+    """Parse and validate the required caller-visible retry count."""
+    retry_header = response.headers.get('X-Backend-Retry')
+    if retry_header is None:
+        raise ValueError('Required X-Backend-Retry response header is missing.')
+
+    try:
+        backend_retry = int(retry_header)
+    except ValueError as error:
+        raise ValueError(f'Invalid X-Backend-Retry response header: {retry_header}') from error
+
+    if backend_retry < 0:
+        raise ValueError(f'Invalid negative X-Backend-Retry response header: {backend_retry}')
+
+    return backend_retry
+
+
+def validate_status(response: http_requests.Response) -> None:
+    """Reject responses outside the outcomes captured by the sample."""
+    if response.status_code == 200 or 400 <= response.status_code < 600:
+        return
+
+    raise ValueError(f'Unexpected HTTP {response.status_code} response from the inference route: {response.text}')
+
+
+def summarize_scenario(results: list[dict[str, Any]]) -> InferenceScenarioSummary:
+    """Summarize status, retry, and successful backend outcomes."""
+    status_code_counts: dict[int, int] = {}
+    retry_counts: dict[int, int] = {}
+    for result in results:
+        status_code = result['status_code']
+        backend_retry = result['backend_retry']
+        status_code_counts[status_code] = status_code_counts.get(status_code, 0) + 1
+        retry_counts[backend_retry] = retry_counts.get(backend_retry, 0) + 1
+
+    return InferenceScenarioSummary(
+        successes=sum(1 for result in results if result['status_code'] == 200),
+        client_errors=sum(1 for result in results if 400 <= result['status_code'] < 500),
+        server_errors=sum(1 for result in results if 500 <= result['status_code'] < 600),
+        status_code_counts=dict(sorted(status_code_counts.items())),
+        served_backend_urls=sorted(
+            {result['backend_url'] for result in results if result['status_code'] == 200 and result['backend_url'] != 'unknown'}
+        ),
+        retry_counts=dict(sorted(retry_counts.items())),
+    )
+
+
+def format_request_count(count: int) -> str:
+    """Return a request count with the grammatically correct noun."""
+    noun = 'request' if count == 1 else 'requests'
+
+    return f'{count} {noun}'
+
+
+def format_backend_url_counts(api_results: list[dict[str, Any]]) -> str:
+    """Return a compact distribution summary from captured backend URLs."""
+    backend_url_counts: dict[str, int] = {}
+    for result in api_results:
+        backend_url = result['backend_url']
+        backend_url_counts[backend_url] = backend_url_counts.get(backend_url, 0) + 1
+
+    return '\n'.join(f'- {backend_url}: {format_request_count(count)}' for backend_url, count in sorted(backend_url_counts.items()))
+
+
+def with_backend_identifier(frame: pd.DataFrame) -> pd.DataFrame:
+    """Return a telemetry frame copy with a compact backend identifier."""
+    result = frame.copy()
+    if 'Backend URL' not in result.columns:
+        return result
+    if 'Backend' not in result.columns:
+        backend_identifiers = result['Backend URL'].str.extract(r'/deployments/([a-z])-', expand=False).fillna('')
+        result.insert(1, 'Backend', backend_identifiers)
+    else:
+        result['Backend'] = result['Backend'].replace('?', '')
+
+    return result
+
+
+def format_gateway_distribution(frame: pd.DataFrame) -> pd.DataFrame:
+    """Return gateway distribution values formatted for display."""
+    result = frame.copy()
+    average_backend_ms = pd.to_numeric(result['AverageBackendMs'].astype(str).str.replace(',', '', regex=False), errors='coerce')
+    success_rate = pd.to_numeric(result['SuccessRate'].astype(str).str.rstrip('%'), errors='coerce')
+    result['AverageBackendMs'] = average_backend_ms.map(lambda value: '' if pd.isna(value) else f'{value:,.1f}')
+    result['SuccessRate'] = success_rate.map(lambda value: '' if pd.isna(value) else f'{value:.2f}%')
+    if 'Backend URL' in result.columns:
+        backend_names = result['Backend URL'].str.extract(r'/deployments/([a-z]-[^/]+)', expand=False).fillna('')
+        result['Backend'] = backend_names.str.replace('-', ') ', n=1, regex=False)
+        result = result.drop(columns=['Backend URL'])
+
+    return result
diff --git a/samples/inference-failover/main.bicep b/samples/inference-failover/main.bicep
index 794ed91f..88920e86 100644
--- a/samples/inference-failover/main.bicep
+++ b/samples/inference-failover/main.bicep
@@ -304,22 +304,50 @@ module inferenceBackends '../../shared/bicep/modules/apim/v1/backend.bicep' = [f
     circuitBreaker: {
       rules: [
         {
-          name: 'throttled-or-unavailable'
+          // A 429 is a capacity signal. Retry-After controls how long APIM biases
+          // regional pool selection away from this backend.
+          name: 'capacity-throttled'
           acceptRetryAfter: true
           failureCondition: {
             count: 1
-            errorReasons: [
-              'Server errors'
-            ]
             interval: 'PT1M'
             statusCodeRanges: [
               {
                 min: 429
                 max: 429
               }
+            ]
+          }
+          tripDuration: 'PT1M'
+        }
+        {
+          // A single 500 is retryable, but only sustained 500 responses shift
+          // regional selection and qualify as infrastructure failover.
+          name: 'sustained-internal-error'
+          acceptRetryAfter: false
+          failureCondition: {
+            count: 2
+            interval: 'PT1M'
+            statusCodeRanges: [
+              {
+                min: 500
+                max: 500
+              }
+            ]
+          }
+          tripDuration: 'PT1M'
+        }
+        {
+          // Gateway and availability failures shift region immediately.
+          name: 'infrastructure-unavailable'
+          acceptRetryAfter: false
+          failureCondition: {
+            count: 1
+            interval: 'PT1M'
+            statusCodeRanges: [
               {
-                min: 503
-                max: 503
+                min: 502
+                max: 504
               }
             ]
           }
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index b5d3a40e..98d01569 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -1,6 +1,7 @@
 """Regression tests for the AOAI-only Inference Failover sample assets."""
 
 import json
+import re
 from pathlib import Path
 from xml.etree import ElementTree
 
@@ -9,7 +10,8 @@
 BICEP_PATH = SAMPLE_PATH / 'main.bicep'
 DIAGNOSTICS_BICEP_PATH = Path(__file__).resolve().parents[2] / 'shared' / 'bicep' / 'modules' / 'apim' / 'v1' / 'diagnostics.bicep'
 NOTEBOOK_PATH = SAMPLE_PATH / 'create.ipynb'
-POLICY_PATH = SAMPLE_PATH / 'inference-api-policy.xml'
+POLICY_PATH = SAMPLE_PATH / 'apim-policies' / 'inference-api-policy.xml'
+README_PATH = SAMPLE_PATH / 'README.md'
 WORKBOOK_PATH = SAMPLE_PATH / 'inference-failover.workbook.json'
 WORKBOOK_UPDATE_PATH = SAMPLE_PATH / 'update-workbook.ps1'
 QUERIES_PATH = SAMPLE_PATH / 'queries'
@@ -97,14 +99,25 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
 
     assert backend is not None
     assert [policy.tag for policy in backend] == ['retry']
+    retry = backend.find('retry')
+    assert retry is not None
+    retry_condition = retry.attrib['condition']
+    terminal_condition = policy_root.find('outbound/choose/when').attrib['condition']
+    transport_condition = policy_root.find('on-error/choose/when').attrib['condition']
     assert 'authentication-managed-identity' in api_policy
     assert 'https://cognitiveservices.azure.com' in api_policy
     assert 'count="RETRY_COUNT"' in api_policy
     assert 'api-key' not in api_policy
-    assert 'StatusCode == 429' in api_policy
-    assert 'StatusCode == 503' in api_policy
-    assert 'interval="1"' in api_policy
-    assert 'interval="0"' not in api_policy
+    assert all(f'StatusCode == {status_code}' in retry_condition for status_code in (409, 429, 500, 502, 503, 504))
+    assert 'Headers.ContainsKey("Retry-After")' in retry_condition
+    assert all(f'StatusCode == {status_code}' in terminal_condition for status_code in (500, 502, 503, 504))
+    assert all(f'StatusCode == {status_code}' not in terminal_condition for status_code in (409, 429))
+    assert 'context.Response == null' in retry_condition
+    assert 'BackendConnectionFailure' in transport_condition
+    assert 'Timeout' in transport_condition
+    assert 'ClientConnectionFailure' not in transport_condition
+    assert retry.attrib['interval'] == '0'
+    assert 'interval="1"' not in api_policy
     assert 'buffer-request-body="true"' in api_policy
     assert 'Inference service is temporarily unavailable.' in api_policy
     assert 'BackendId' not in api_policy
@@ -112,10 +125,65 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
     assert 'InferenceBackendAttemptComplete' in api_policy
     assert 'InferenceGatewayResponse' in api_policy
     assert 'InferenceFallbackExhausted' in api_policy
-    assert api_policy.count('<trace source="InferenceFailover"') == 4
-    assert api_policy.count('<set-header name="X-Backend-Retry" exists-action="override">') == 3
+    assert api_policy.count('<trace source="InferenceFailover"') == 5
+    assert api_policy.count('<set-header name="X-Backend-Retry" exists-action="override">') == 4
     assert '((int)context.Variables["backendAttempt"]) - 1 : 0' in api_policy
     assert api_policy.index('<set-variable name="backendAttempt" value="@(0)" />') < api_policy.index('<authentication-managed-identity')
+    assert not (SAMPLE_PATH / 'inference-api-policy.xml').exists()
+
+
+def test_inference_policy_decisions_cover_every_documented_status() -> None:
+    """Lock retry and terminal-failover decisions for every response-matrix row."""
+    policy_root = ElementTree.fromstring(POLICY_PATH.read_text(encoding='utf-8'))
+    retry_condition = policy_root.find('backend/retry').attrib['condition']
+    terminal_condition = policy_root.find('outbound/choose/when').attrib['condition']
+    retry_statuses = {int(value) for value in re.findall(r'StatusCode == (\d+)', retry_condition)}
+    terminal_statuses = {int(value) for value in re.findall(r'StatusCode == (\d+)', terminal_condition)}
+    expected_decisions = {
+        200: (False, False),
+        400: (False, False),
+        401: (False, False),
+        403: (False, False),
+        404: (False, False),
+        409: (True, False),
+        429: (True, False),
+        500: (True, True),
+        502: (True, True),
+        503: (True, True),
+        504: (True, True),
+    }
+
+    for status_code, (should_retry, should_failover) in expected_decisions.items():
+        assert (status_code in retry_statuses) is should_retry, f'Unexpected retry decision for HTTP {status_code}'
+        assert (status_code in terminal_statuses) is should_failover, f'Unexpected failover decision for HTTP {status_code}'
+
+    assert '(context.Response.StatusCode == 409 && context.Response.Headers.ContainsKey("Retry-After"))' in retry_condition
+
+
+def test_inference_readme_documents_exact_response_handling_matrix() -> None:
+    """Keep the documented status-code contract synchronized with the policy."""
+    readme = README_PATH.read_text(encoding='utf-8')
+    expected_rows = [
+        '| 200  | Success  | N/A       | No           | No                 | None     |',
+        '| 400  | Client   | No        | No           | No                 | Low      |',
+        '| 401  | Auth     | No        | No           | No                 | Medium   |',
+        '| 403  | AuthZ    | No        | No           | No                 | Medium   |',
+        '| 404  | Config   | No        | No           | No                 | Medium   |',
+        '| 409  | Conflict | Sometimes | No           | No                 | Medium   |',
+        '| 429  | Capacity | Yes       | Yes (bias)   | No                 | Medium   |',
+        '| 500  | Infra    | Yes       | Yes          | Yes (if sustained) | High     |',
+        '| 502  | Infra    | Yes       | Yes          | Yes                | High     |',
+        '| 503  | Infra    | Yes       | Yes          | Yes                | High     |',
+        '| 504  | Infra    | Yes       | Yes          | Yes                | High     |',
+    ]
+
+    assert all(row in readme for row in expected_rows)
+    assert 'A `500` becomes a regional failover signal only after two occurrences within one minute' in readme
+    assert '`https://unresolvable.invalid`' in readme
+    assert 'does **not** simulate a client disconnect' in readme
+    assert '`409` without `Retry-After`' in readme
+    assert '`409` with `Retry-After`' in readme
+    assert '`curl --max-time 1`' in readme
 
 
 def test_inference_bicep_contains_only_compatible_model_backend_pools() -> None:
@@ -129,8 +197,13 @@ def test_inference_bicep_contains_only_compatible_model_backend_pools() -> None:
     assert 'capacity: 1' in bicep
     assert f'name: {single_quote}Standard{single_quote}' in bicep
     assert 'acceptRetryAfter: true' in bicep
+    assert "name: 'capacity-throttled'" in bicep
+    assert "name: 'sustained-internal-error'" in bicep
+    assert "name: 'infrastructure-unavailable'" in bicep
     assert 'min: 429' in bicep
-    assert 'min: 503' in bicep
+    assert 'min: 500' in bicep
+    assert 'min: 502' in bicep
+    assert 'max: 504' in bicep
     assert 'enableLlmLogs: true' in bicep
     assert f'backendPoolName: {single_quote}inference-gpt-5-1-pool{single_quote}' in bicep
     assert f'backendPoolName: {single_quote}inference-gpt-4-1-mini-pool{single_quote}' in bicep
@@ -197,30 +270,28 @@ def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
     assert 'enable_event_hub_export = False' in code_source
     assert "'enableEventHubExport': {'value': enable_event_hub_export}" in code_source
     assert "output.get('eventHubNamespaceId', 'Event Hubs namespace ID')" in code_source
-    assert "response.headers.get('X-Backend-URL', 'unknown')" in code_source
-    assert "response.headers.get('X-Backend-Retry')" in code_source
-    assert "'backend_retry': backend_retry" in code_source
+    assert "importlib.import_module('inference_failover_helpers')" in code_source
+    assert "utils.enable_module_autoreload('inference_failover_helpers')" in code_source
+    assert 'inference_failover_helpers.InferenceTrafficRunner(' in code_source
+    assert 'probe_runner.run_contract_probes(' in code_source
+    assert 'traffic_runner.run_scenario(scenario)' in code_source
+    assert 'probe_results.unknown_operation.status_code, 404' in code_source
+    assert "probe_results.malformed.headers.get('X-Backend-Retry'), '0'" in code_source
+    assert "'X-Backend-Retry' in probe_results.missing_key.headers" in code_source
+    assert "'X-Backend-Retry' in probe_results.unknown_operation.headers" in code_source
     assert 'X-Backend-Id' not in code_source
-    assert "queries_path = Path(utils.determine_policy_path('queries', sample_folder))" in code_source
+    assert "queries_path = Path(utils.get_project_root()) / 'samples' / sample_folder / 'queries'" in code_source
     assert "queries_path / 'verify-llm-ingestion.kql'" in code_source
     assert "queries_path / 'backend-distribution.kql'" in code_source
     assert "queries_path / 'token-throughput.kql'" in code_source
     assert "columns=['API', 'Backend URL', 'Requests', 'Successes', 'Throttled', 'Failures', 'AverageBackendMs', 'SuccessRate']" in code_source
-    assert 'def with_backend_identifier(frame: pd.DataFrame) -> pd.DataFrame:' in code_source
-    assert "backend_identifiers = frame['Backend URL'].str.extract(r'/deployments/([a-z])-', expand=False).fillna('')" in code_source
-    assert "frame.insert(1, 'Backend', backend_identifiers)" in code_source
-    assert "frame['Backend'] = frame['Backend'].replace('?', '')" in code_source
-    assert 'distribution_frame = with_backend_identifier(distribution_frame)' in code_source
-    assert 'def format_gateway_distribution(frame: pd.DataFrame) -> pd.DataFrame:' in code_source
-    assert "backend_names = display_frame['Backend URL'].str.extract(r'/deployments/([a-z]-[^/]+)', expand=False).fillna('')" in code_source
-    assert "display_frame['Backend'] = backend_names.str.replace('-', ') ', n=1, regex=False)" in code_source
-    assert "display_frame = display_frame.drop(columns=['Backend URL'])" in code_source
-    assert "display_frame['AverageBackendMs'] = average_backend_ms.map(lambda value: '' if pd.isna(value) else f'{value:,.1f}')" in code_source
-    assert "display_frame['SuccessRate'] = success_rate.map(lambda value: '' if pd.isna(value) else f'{value:.2f}%')" in code_source
-    assert 'distribution_frame = format_gateway_distribution(distribution_frame)' in code_source
+    assert 'def with_backend_identifier(' not in code_source
+    assert 'def format_gateway_distribution(' not in code_source
+    assert 'distribution_frame = inference_failover_helpers.with_backend_identifier(distribution_frame)' in code_source
+    assert 'distribution_frame = inference_failover_helpers.format_gateway_distribution(distribution_frame)' in code_source
     assert code_source.count("distribution_frame.pivot(index='API', columns='Backend', values='Requests')") == 2
     assert "columns=['API', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens']" in code_source
-    assert 'token_frame = with_backend_identifier(token_frame)' in code_source
+    assert 'token_frame = inference_failover_helpers.with_backend_identifier(token_frame)' in code_source
     assert 'plt.show()' in code_source
     assert 'Route Graph' in '\n'.join(''.join(cell['source']) for cell in notebook['cells'])
 
@@ -276,8 +347,8 @@ def test_inference_notebook_uses_tuned_gpt_4_1_mini_pressure_window() -> None:
     notebook_source = '\n'.join(''.join(cell['source']) for cell in notebook['cells'])
 
     assert '| 3 | Sustained pressure | gpt-4.1-mini | 15 | none |' in notebook_source
-    assert 'pressure_payload, 15, gpt_4_1_mini_backend_url_index' in notebook_source
-    assert 'tests.verify(len(scenario3_gpt_4_1_mini), 15)' in notebook_source
+    assert "'3/5: Sustained pressure - gpt-4.1-mini (no spacing)'" in notebook_source
+    assert "('gpt-4.1-mini sustained pressure', scenario3_gpt_4_1_mini, 15)" in notebook_source
     assert '(`134` requests)' in notebook_source
 
 
diff --git a/tests/python/test_inference_failover_helpers.py b/tests/python/test_inference_failover_helpers.py
new file mode 100644
index 00000000..2683d416
--- /dev/null
+++ b/tests/python/test_inference_failover_helpers.py
@@ -0,0 +1,206 @@
+"""Tests for the inference-failover sample-local runtime helpers."""
+
+import json
+import sys
+from pathlib import Path
+from unittest.mock import MagicMock
+
+import pandas as pd
+import pytest
+
+INFERENCE_FAILOVER_DIR = Path(__file__).resolve().parents[2] / 'samples' / 'inference-failover'
+sys.path.insert(0, str(INFERENCE_FAILOVER_DIR))
+
+from inference_failover_helpers import (  # noqa: E402
+    InferenceScenario,
+    InferenceTrafficRunner,
+    format_backend_url_counts,
+    format_gateway_distribution,
+    get_backend_index,
+    parse_backend_retry,
+    summarize_scenario,
+    validate_status,
+    with_backend_identifier,
+)
+
+
+def _response(status_code=200, *, headers=None, text='response'):
+    response = MagicMock()
+    response.status_code = status_code
+    response.headers = headers or {'X-Backend-Retry': '0'}
+    response.text = text
+    return response
+
+
+def _create_runner(*, responses=None, sleep=None, clock=None):
+    session = MagicMock()
+    session.headers = {}
+    if responses is not None:
+        session.post.side_effect = responses
+    runner = InferenceTrafficRunner(
+        'https://gateway.example/',
+        {'X-Infrastructure': 'test'},
+        True,
+        session_factory=lambda: session,
+        sleep=sleep or MagicMock(),
+        clock=clock or MagicMock(side_effect=[1.0, 1.25]),
+    )
+    return runner, session
+
+
+@pytest.mark.unit
+def test_run_scenario_normalizes_success_and_preserves_model_response():
+    response = _response(headers={'X-Backend-Retry': '2', 'X-Backend-URL': 'https://aoai/openai/deployments/a-model'}, text='model output')
+    runner, session = _create_runner(responses=[response])
+    scenario = InferenceScenario('baseline', '/inference', 'key', {'messages': []}, 1, {'/deployments/a-model': 4})
+
+    results = runner.run_scenario(scenario)
+
+    session.post.assert_called_once_with(
+        'https://gateway.example/inference',
+        headers={'api-key': 'key'},
+        json={'messages': []},
+        timeout=120,
+    )
+    assert session.verify is False
+    assert session.headers == {'X-Infrastructure': 'test', 'Content-Type': 'application/json'}
+    assert json.loads(results[0]['response']) == {'index': 4, 'backendUrl': response.headers['X-Backend-URL'], 'backendRetry': 2}
+    assert results[0]['model_response'] == 'model output'
+    assert results[0]['response_time'] == pytest.approx(0.25)
+
+
+@pytest.mark.unit
+def test_run_scenario_keeps_error_body_and_skips_final_sleep():
+    responses = [
+        _response(429, headers={'X-Backend-Retry': '1'}, text='limited'),
+        _response(503, headers={'X-Backend-Retry': '2'}, text='unavailable'),
+    ]
+    sleep = MagicMock()
+    clock = MagicMock(side_effect=[1.0, 1.1, 2.0, 2.2])
+    runner, _ = _create_runner(responses=responses, sleep=sleep, clock=clock)
+    scenario = InferenceScenario('pressure', 'inference', 'key', {}, 2, {}, sleep_ms=1500)
+
+    results = runner.run_scenario(scenario)
+
+    assert [result['response'] for result in results] == ['limited', 'unavailable']
+    sleep.assert_called_once_with(1.5)
+
+
+@pytest.mark.unit
+@pytest.mark.parametrize(('runs', 'sleep_ms', 'message'), [(0, 0, 'runs'), (1, -1, 'sleep')])
+def test_run_scenario_rejects_invalid_configuration(runs, sleep_ms, message):
+    runner, _ = _create_runner()
+    scenario = InferenceScenario('invalid', '/inference', 'key', {}, runs, {}, sleep_ms)
+
+    with pytest.raises(ValueError, match=message):
+        runner.run_scenario(scenario)
+
+
+@pytest.mark.unit
+def test_retry_and_status_validation_reject_malformed_responses():
+    with pytest.raises(ValueError, match='missing'):
+        parse_backend_retry(_response(headers={'Other': 'value'}))
+    with pytest.raises(ValueError, match='Invalid X-Backend-Retry'):
+        parse_backend_retry(_response(headers={'X-Backend-Retry': 'later'}))
+    with pytest.raises(ValueError, match='negative'):
+        parse_backend_retry(_response(headers={'X-Backend-Retry': '-1'}))
+    with pytest.raises(ValueError, match='Unexpected HTTP 302'):
+        validate_status(_response(302, text='redirect'))
+
+    validate_status(_response(200))
+    validate_status(_response(400))
+    validate_status(_response(599))
+
+
+@pytest.mark.unit
+def test_contract_probes_construct_each_gateway_case():
+    responses = [_response(), _response(400), _response(401), _response(404)]
+    runner, session = _create_runner(responses=responses)
+
+    results = runner.run_contract_probes('https://gateway.example/inference', 'https://gateway.example/unknown', 'key', {'messages': []})
+
+    assert [results.success.status_code, results.malformed.status_code, results.missing_key.status_code, results.unknown_operation.status_code] == [
+        200,
+        400,
+        401,
+        404,
+    ]
+    assert session.post.call_args_list[1].kwargs['data'] == '{"messages":'
+    assert 'headers' not in session.post.call_args_list[2].kwargs
+    assert session.post.call_args_list[3].args[0] == 'https://gateway.example/unknown'
+
+
+@pytest.mark.unit
+def test_context_manager_closes_session_after_exception():
+    runner, session = _create_runner(responses=[RuntimeError('request failed')])
+    scenario = InferenceScenario('failure', '/inference', 'key', {}, 1, {})
+
+    with pytest.raises(RuntimeError, match='request failed'):
+        with runner:
+            runner.run_scenario(scenario)
+
+    session.close.assert_called_once_with()
+
+
+@pytest.mark.unit
+def test_pause_uses_injected_sleep_and_rejects_negative_values():
+    sleep = MagicMock()
+    runner, _ = _create_runner(sleep=sleep)
+
+    runner.pause(2)
+    runner.pause(0)
+
+    sleep.assert_called_once_with(2)
+    with pytest.raises(ValueError, match='must not be negative'):
+        runner.pause(-1)
+
+
+@pytest.mark.unit
+def test_summary_and_backend_formatting_cover_success_errors_and_unknown_urls():
+    results = [
+        {'status_code': 200, 'backend_retry': 0, 'backend_url': 'https://backend-a'},
+        {'status_code': 429, 'backend_retry': 1, 'backend_url': 'unknown'},
+        {'status_code': 503, 'backend_retry': 2, 'backend_url': 'unknown'},
+    ]
+
+    summary = summarize_scenario(results)
+
+    assert summary.successes == 1
+    assert summary.client_errors == 1
+    assert summary.server_errors == 1
+    assert summary.status_code_counts == {200: 1, 429: 1, 503: 1}
+    assert summary.retry_counts == {0: 1, 1: 1, 2: 1}
+    assert summary.served_backend_urls == ['https://backend-a']
+    assert get_backend_index('https://backend-a', {'backend-a': 3}) == 3
+    assert get_backend_index('https://other', {'backend-a': 3}) == 99
+    assert format_backend_url_counts(results) == '- https://backend-a: 1 request\n- unknown: 2 requests'
+
+
+@pytest.mark.unit
+def test_dataframe_helpers_are_non_mutating_and_idempotent():
+    source = pd.DataFrame(
+        [['api', 'https://host/openai/deployments/a-model', 1, '1,234.5', '98.2%']],
+        columns=['API', 'Backend URL', 'Requests', 'AverageBackendMs', 'SuccessRate'],
+    )
+
+    identified = with_backend_identifier(source)
+    formatted = format_gateway_distribution(identified)
+    repeated = with_backend_identifier(identified)
+
+    assert 'Backend' not in source.columns
+    assert identified['Backend'].tolist() == ['a']
+    assert repeated.equals(identified)
+    assert formatted['Backend'].tolist() == ['a) model']
+    assert formatted['AverageBackendMs'].tolist() == ['1,234.5']
+    assert formatted['SuccessRate'].tolist() == ['98.20%']
+    assert 'Backend URL' not in formatted.columns
+
+
+@pytest.mark.unit
+def test_with_backend_identifier_leaves_frames_without_urls_unchanged():
+    source = pd.DataFrame([['api']], columns=['API'])
+
+    result = with_backend_identifier(source)
+
+    assert result.equals(source)
+    assert result is not source

From 26c70c0861fbeeffcb6fa819fd2f7625ba3aece0 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 10:22:09 -0400
Subject: [PATCH 08/31] Fix Markdown

---
 .github/copilot-instructions.md        |  2 +-
 infrastructure/afd-apim-pe/README.md   |  7 +++----
 infrastructure/apim-aca/README.md      |  6 ++----
 infrastructure/appgw-apim-pe/README.md |  7 +++----
 infrastructure/appgw-apim/README.md    |  6 ++++--
 infrastructure/simple-apim/README.md   |  2 +-
 samples/_TEMPLATE/README.md            |  4 ++--
 samples/authX-pro/README.md            |  7 ++++---
 samples/authX/README.md                |  2 +-
 samples/azure-maps/README.md           |  8 +++-----
 samples/egress-control/README.md       |  8 ++++----
 samples/general/README.md              |  2 --
 samples/load-balancing/README.md       | 18 +++++++++---------
 samples/oauth-3rd-party/README.md      | 26 ++++++++++++--------------
 samples/secure-blob-access/README.md   |  9 ++++-----
 setup/README.md                        | 10 +++++++++-
 16 files changed, 62 insertions(+), 62 deletions(-)

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index 8a24da3d..bf64d1b0 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -395,7 +395,7 @@ Match the heading emojis, heading levels, and section ordering exactly. If a sec
 
 #### Prerequisites rules
 
-- **Do NOT repeat general prerequisites** (Azure subscription, Azure CLI, Python environment, APIM instance). These are documented once in the root README's [Getting Started](../../README.md#-getting-started) section and apply to all samples. The APIM Samples Developer CLI (`start.ps1` / `start.sh`) handles environment setup.
+- **Do NOT repeat general prerequisites** (Azure subscription, Azure CLI, Python environment, APIM instance). These are documented once in the [root README](../README.md), under Getting Started, and apply to all samples. The APIM Samples Developer CLI (`start.ps1` / `start.sh`) handles environment setup.
 - **Only add `## ✅ Prerequisites`** when a sample has genuinely unique requirements that go beyond the root README, such as:
   - Additional Azure RBAC role assignments beyond Contributor
   - External service accounts (e.g., a Spotify developer account)
diff --git a/infrastructure/afd-apim-pe/README.md b/infrastructure/afd-apim-pe/README.md
index 4aa89099..c47338b8 100644
--- a/infrastructure/afd-apim-pe/README.md
+++ b/infrastructure/afd-apim-pe/README.md
@@ -2,7 +2,7 @@
 
 Secure architecture that takes all traffic off the public Internet once Azure Front Door is traversed. Traffic behind Front Door is subsequently inaccessible to the public. This is due to Front Door's use of Private Link to Azure API Management.
 
-<img src="../../assets/diagrams/Azure Front Door, API Management & Container Apps Architecture.svg" alt="Diagram showing Azure Front Door, API Management, and Container Apps architecture. Azure Front Door routes traffic to API Management, which then routes to Container Apps. Telemetry is sent to Azure Monitor." title="Azure Front Door, API Management & Container Apps Architecture" width="1000" />
+![Diagram showing Azure Front Door, API Management, and Container Apps architecture. Azure Front Door routes traffic to API Management, which then routes to Container Apps. Telemetry is sent to Azure Monitor.](../../assets/diagrams/Azure%20Front%20Door%2C%20API%20Management%20%26%20Container%20Apps%20Architecture.svg "Azure Front Door, API Management & Container Apps Architecture")
 
 > Diagram created with the [Azure Draw.io MCP Server](https://github.com/simonkurtz-MSFT/drawio-mcp-server).
 
@@ -22,6 +22,7 @@ The notebook also includes a `SYSTEM CONFIGURATION` flag named `use_strict_nsg`.
 We provide NSG deployment as an option for teams that want to experiment with subnet-level controls, but we intentionally keep it disabled by default. The goal of these samples is to stay approachable and focused on APIM scenarios rather than drifting into full Azure Landing Zone-style network governance complexity.
 
 NSG behavior:
+
 - `nsg-default`: Generic fallback NSG for subnets that do not have a service-specific NSG. It stays intentionally generic.
 - `use_strict_nsg = False`: Service subnets get permissive service-aware NSGs: `nsg-apim` and `nsg-aca`. These preserve Azure platform requirements and avoid unnecessary ingress restrictions.
 - `use_strict_nsg = True`: Service subnets get strict NSGs: `nsg-apim-strict` and `nsg-aca-strict`. These keep required platform rules but restrict ingress so traffic follows Front Door -> APIM -> ACA.
@@ -30,9 +31,7 @@ NSG behavior:
 
 👟 **Expected *Run All* runtime: ~13 minutes**
 
-1. Execute this lab's [Jupyter Notebook][infra-notebook] step-by-step or via _Run All_.
-
-
+1. Execute this lab's [Jupyter Notebook][infra-notebook] step-by-step or via *Run All*.
 
 [init-notebook-variables]: ./create.ipynb#initialize-notebook-variables
 [infra-notebook]: ./create.ipynb
diff --git a/infrastructure/apim-aca/README.md b/infrastructure/apim-aca/README.md
index 7a06d237..faea0b48 100644
--- a/infrastructure/apim-aca/README.md
+++ b/infrastructure/apim-aca/README.md
@@ -2,7 +2,7 @@
 
 This architecture secures API traffic by routing requests through Azure API Management, which is integrated with Azure Container Apps for backend processing. Telemetry is sent to Azure Monitor for observability.
 
-<img src="../../assets/diagrams/API Management & Container Apps Architecture.svg" alt="Diagram showing Azure API Management and Container Apps architecture. API Management routes traffic to Container Apps. Telemetry is sent to Azure Monitor." title="API Management & Container Apps Architecture" width="800" />
+![Diagram showing Azure API Management and Container Apps architecture. API Management routes traffic to Container Apps. Telemetry is sent to Azure Monitor.](../../assets/diagrams/API%20Management%20%26%20Container%20Apps%20Architecture.svg "API Management & Container Apps Architecture")
 
 > Diagram created with the [Azure Draw.io MCP Server](https://github.com/simonkurtz-MSFT/drawio-mcp-server).
 
@@ -20,9 +20,7 @@ Adjust the `user-defined parameters` in this lab's Jupyter Notebook's [Initializ
 
 👟 **Expected *Run All* runtime: ~5 minutes**
 
-1. Execute this lab's [Jupyter Notebook][infra-notebook] step-by-step or via _Run All_.
-
-
+1. Execute this lab's [Jupyter Notebook][infra-notebook] step-by-step or via *Run All*.
 
 [init-notebook-variables]: ./create.ipynb#initialize-notebook-variables
 [infra-notebook]: ./create.ipynb
diff --git a/infrastructure/appgw-apim-pe/README.md b/infrastructure/appgw-apim-pe/README.md
index 3355d483..96d476af 100644
--- a/infrastructure/appgw-apim-pe/README.md
+++ b/infrastructure/appgw-apim-pe/README.md
@@ -2,7 +2,7 @@
 
 Secure architecture that takes all traffic off the public Internet once Azure Application (App) Gateway is traversed. Traffic behind App Gateway is subsequently inaccessible to the public. This is due to App Gateway's use of Private Link to Azure API Management.
 
-<img src="../../assets/diagrams/Azure Application Gateway, API Management & Container Apps Architecture.svg" alt="Diagram showing Azure Application Gateway, API Management, and Container Apps architecture. Azure Application Gateway routes traffic to API Management, which then routes to Container Apps. Telemetry is sent to Azure Monitor." title="Azure Application Gateway, API Management & Container Apps Architecture" width="1000" />
+![Diagram showing Azure Application Gateway, API Management, and Container Apps architecture. Azure Application Gateway routes traffic to API Management, which then routes to Container Apps. Telemetry is sent to Azure Monitor.](../../assets/diagrams/Azure%20Application%20Gateway%2C%20API%20Management%20%26%20Container%20Apps%20Architecture.svg "Azure Application Gateway, API Management & Container Apps Architecture")
 
 > Diagram created with the [Azure Draw.io MCP Server](https://github.com/simonkurtz-MSFT/drawio-mcp-server).
 
@@ -22,6 +22,7 @@ The notebook also includes a `SYSTEM CONFIGURATION` flag named `use_strict_nsg`.
 We provide NSG deployment as an option for teams that want to explore subnet-level restrictions, but we intentionally keep it disabled by default. That keeps the sample focused on Application Gateway, private endpoints, and API Management without sliding too far toward Azure Landing Zone-style baseline networking complexity.
 
 NSG behavior:
+
 - `nsg-default`: Generic fallback NSG for subnets that do not have a service-specific NSG. It stays intentionally generic.
 - `use_strict_nsg = False`: Service subnets get permissive service-aware NSGs: `nsg-appgw`, `nsg-apim`, and `nsg-aca`. These preserve Azure platform requirements and avoid unnecessary ingress restrictions.
 - `use_strict_nsg = True`: Service subnets get strict NSGs: `nsg-appgw-strict`, `nsg-apim-strict`, and `nsg-aca-strict`. These keep required platform rules but restrict ingress so traffic follows App Gateway -> APIM -> ACA.
@@ -30,7 +31,7 @@ NSG behavior:
 
 👟 **Expected *Run All* runtime: ~13 minutes**
 
-1. Execute this lab's [Jupyter Notebook][infra-notebook] step-by-step or via _Run All_.
+1. Execute this lab's [Jupyter Notebook][infra-notebook] step-by-step or via *Run All*.
 
 ## 🧪 Testing
 
@@ -40,7 +41,5 @@ We opted for the latter as it is more conducive to generate a self-signed certif
 
 **Production workloads must not use this approach and, instead, be secured appropriately.**
 
-
-
 [init-notebook-variables]: ./create.ipynb#initialize-notebook-variables
 [infra-notebook]: ./create.ipynb
diff --git a/infrastructure/appgw-apim/README.md b/infrastructure/appgw-apim/README.md
index 9ae03a83..243cba51 100644
--- a/infrastructure/appgw-apim/README.md
+++ b/infrastructure/appgw-apim/README.md
@@ -2,7 +2,7 @@
 
 This architecture provides secure ingress through Azure Application Gateway (WAF_v2) to Azure API Management (APIM) deployed in a Virtual Network using Internal mode (private IP only). No private endpoints are used; traffic stays on private networking after the gateway, and APIM cannot be accessed aside from traversing Application Gateway.
 
-<img src="../../assets/diagrams/Azure Application Gateway, API Management & Container Apps Architecture VNet.svg" alt="Diagram showing Application Gateway routing to APIM in VNet Internal mode. Optional Container Apps shown behind APIM. Telemetry to Azure Monitor." title="Application Gateway + APIM (VNet Internal)" width="1000" />
+![Diagram showing Application Gateway routing to APIM in VNet Internal mode. Optional Container Apps shown behind APIM. Telemetry is sent to Azure Monitor.](../../assets/diagrams/Azure%20Application%20Gateway%2C%20API%20Management%20%26%20Container%20Apps%20Architecture%20VNet.svg "Application Gateway + APIM (VNet Internal)")
 
 > Diagram created with the [Azure Draw.io MCP Server](https://github.com/simonkurtz-MSFT/drawio-mcp-server).
 
@@ -28,6 +28,7 @@ We choose the Developer SKU here to dramatically lower costs for experimentation
 Adjust the user-defined parameters in this lab's Jupyter Notebook's Initialize notebook variables section.
 
 Key parameters:
+
 - `apimSku`: Defaults to `Developer`
 - `useACA`: Enable to provision a private ACA environment and sample apps
 - `use_strict_nsg`: Optional system configuration flag, defaults to `False`
@@ -35,6 +36,7 @@ Key parameters:
 We provide NSG deployment as an option for teams that want to experiment with subnet-level controls, but we intentionally keep it disabled by default. This repository aims to stay practical and focused on APIM learning scenarios rather than bundling in too much Azure Landing Zone-style network governance complexity.
 
 NSG behavior:
+
 - `nsg-default`: Generic fallback NSG for subnets that do not have a service-specific NSG. It stays intentionally generic.
 - `use_strict_nsg = False`: Service subnets get permissive service-aware NSGs: `nsg-appgw`, `nsg-apim`, and `nsg-aca`. These preserve Azure platform requirements and avoid unnecessary ingress restrictions.
 - `use_strict_nsg = True`: Service subnets get strict NSGs: `nsg-appgw-strict`, `nsg-apim-strict`, and `nsg-aca-strict`. These keep required platform rules but restrict ingress so traffic follows App Gateway -> APIM -> ACA.
@@ -51,7 +53,7 @@ NSG behavior:
 
 Because we use a self-signed certificate for Application Gateway TLS termination (for convenience in this sample), testing can be done with curl by ignoring certificate warnings and sending the Host header:
 
-```
+```shell
 curl -v -k -H "Host: api.apim-samples.contoso.com" https://<APPGW_PUBLIC_IP>/status-0123456789abcdef
 ```
 
diff --git a/infrastructure/simple-apim/README.md b/infrastructure/simple-apim/README.md
index a4a9b4f7..739f73ec 100644
--- a/infrastructure/simple-apim/README.md
+++ b/infrastructure/simple-apim/README.md
@@ -2,7 +2,7 @@
 
 This architecture provides a basic API gateway using Azure API Management, suitable for simple scenarios where secure API exposure and basic observability are required.
 
-<img src="../../assets/diagrams/Simple API Management Architecture.svg" alt="Diagram showing a simple Azure API Management architecture. API Management acts as a gateway for API consumers. Telemetry is sent to Azure Monitor." title="Simple API Management Architecture" width="800" />
+![Diagram showing a simple Azure API Management architecture. API Management acts as a gateway for API consumers. Telemetry is sent to Azure Monitor.](../../assets/diagrams/Simple%20API%20Management%20Architecture.svg "Simple API Management Architecture")
 
 > Diagram created with the [Azure Draw.io MCP Server](https://github.com/simonkurtz-MSFT/drawio-mcp-server).
 
diff --git a/samples/_TEMPLATE/README.md b/samples/_TEMPLATE/README.md
index 4177a908..462d2c74 100644
--- a/samples/_TEMPLATE/README.md
+++ b/samples/_TEMPLATE/README.md
@@ -27,5 +27,5 @@
 ## ⚙️ Configuration
 
 1. Decide which of the [Infrastructure Architectures](../../README.md#infrastructure-architectures) you wish to use.
-    1. If the infrastructure _does not_ yet exist, navigate to the desired [infrastructure](../../infrastructure/) folder and follow its README.md.
-    1. If the infrastructure _does_ exist, adjust the `user-defined parameters` in the _Initialize notebook variables_ below. Please ensure that all parameters match your infrastructure.
+    1. If the infrastructure *does not* yet exist, navigate to the desired [infrastructure](../../infrastructure/) folder and follow its README.md.
+    1. If the infrastructure *does* exist, adjust the `user-defined parameters` in the *Initialize notebook variables* below. Please ensure that all parameters match your infrastructure.
diff --git a/samples/authX-pro/README.md b/samples/authX-pro/README.md
index 70bd6257..14dcb389 100644
--- a/samples/authX-pro/README.md
+++ b/samples/authX-pro/README.md
@@ -15,9 +15,10 @@ Sets up a more sophisticate authentication (authN) and authorization (authZ) com
 1. Experience how API Management policy fragments simplify shared logic.
 
 ## 📝 Scenario
-This sample, compared to the simpler _AuthX_, introduces use of API Management Product and policy fragments to simplify and consolidate shared logic. When considering scaling, consider this as your starting point.
 
-The same two personas from _AuthX_ are at play:
+This sample, compared to the simpler *AuthX*, introduces use of API Management Product and policy fragments to simplify and consolidate shared logic. When considering scaling, consider this as your starting point.
+
+The same two personas from *AuthX* are at play:
 
 - `HR Administrator` - holds broad rights to the API
 - `HR Associate` - has read-only permissions
@@ -25,7 +26,7 @@ The same two personas from _AuthX_ are at play:
 The API hierarchy is as follows:
 
 1. All APIs / global
-    This is a great place to do authentication, but we refrain from doing it in the sample as to not affect other samples. 
+    This is a great place to do authentication, but we refrain from doing it in the sample as to not affect other samples.
 1. HR Product
     Perform authentication and authorization for HR_Member in the JWT claims. Continue on success; otherwise, return 401.
 1. HR Employee & Benefits APIs
diff --git a/samples/authX/README.md b/samples/authX/README.md
index 40d88e1f..a4a2988a 100644
--- a/samples/authX/README.md
+++ b/samples/authX/README.md
@@ -4,7 +4,7 @@ Sets up a simple authentication (authN) and authorization (authZ) combination fo
 
 ⚙️ **Supported infrastructures**: All infrastructures
 
-👟 **Expected *Run All* runtime (excl. infrastructure prerequisite): ~2-3 minutes**
+👟 **Expected _Run All_ runtime (excl. infrastructure prerequisite): ~2-3 minutes**
 
 ## 🎯 Objectives
 
diff --git a/samples/azure-maps/README.md b/samples/azure-maps/README.md
index 48b65810..f46e2914 100644
--- a/samples/azure-maps/README.md
+++ b/samples/azure-maps/README.md
@@ -25,7 +25,7 @@ Organizations migrating from services like Bing Maps to Azure Maps often need fl
 - **Migration patterns**: Supporting different authentication methods during transition periods
 - **API management**: Centralizing access control, rate limiting, and monitoring for Azure Maps
 
-### Authentication Scenarios Demonstrated:
+### Authentication Scenarios Demonstrated
 
 1. **🔑 Shared Key (Subscription Key)**: Direct use of Azure Maps primary/secondary keys - simpler but less granular control
 2. **🛡️ Azure Entra ID (Managed Identity)**: Recommended for production - leverages Azure RBAC and eliminates key management
@@ -51,10 +51,8 @@ This lab sets up:
 ## ⚙️ Configuration
 
 1. Decide which of the [Infrastructure Architectures][infrastructure-architectures] you wish to use.
-  1. If the infrastructure _does not_ yet exist, navigate to the desired [infrastructure][infrastructure-folder] folder and follow its README.md.
-  1. If the infrastructure _does_ exist, adjust the `user-defined parameters` in the _Initialize notebook variables_ below. Please ensure that all parameters match your infrastructure.
-
-
+1. If the infrastructure *does not* yet exist, navigate to the desired [infrastructure][infrastructure-folder] folder and follow its README.md.
+1. If the infrastructure *does* exist, adjust the `user-defined parameters` in the *Initialize notebook variables* below. Please ensure that all parameters match your infrastructure.
 
 [infrastructure-architectures]: ../../README.md#infrastructure-architectures
 [infrastructure-folder]: ../../infrastructure/
diff --git a/samples/egress-control/README.md b/samples/egress-control/README.md
index 946f3204..937247fb 100644
--- a/samples/egress-control/README.md
+++ b/samples/egress-control/README.md
@@ -2,7 +2,7 @@
 
 Control APIM outbound internet traffic by routing it through a Network Virtual Appliance (NVA) — Azure Firewall — in a hub/spoke network topology.
 
-<img src="../../assets/diagrams/Azure Application Gateway, API Management & Container Apps Architecture VNet Egress Control.svg" alt="Diagram showing a hub/spoke topology where APIM outbound internet traffic routes through Azure Firewall in the hub VNet. The spoke VNet hosts Application Gateway and APIM, with a route table directing internet-bound traffic to the firewall." title="Application Gateway, API Management & Azure Firewall Egress Control" width="1000" />
+![Diagram showing a hub/spoke topology where APIM outbound internet traffic routes through Azure Firewall in the hub VNet. The spoke VNet hosts Application Gateway and APIM, with a route table directing internet-bound traffic to the firewall.](../../assets/diagrams/Azure%20Application%20Gateway%2C%20API%20Management%20%26%20Container%20Apps%20Architecture%20VNet%20Egress%20Control.svg "Application Gateway, API Management & Azure Firewall Egress Control")
 
 ⚙️ **Supported infrastructures**: appgw-apim, appgw-apim-pe
 
@@ -33,7 +33,7 @@ This sample demonstrates the hub/spoke pattern with:
 Three APIM APIs demonstrate the routing behaviour:
 
 | API | Backend | Expected result |
-|-----|---------|-----------------|
+| --- | --- | --- |
 | `egress-weather` | `https://api.weather.gov` (HTTPS) | ✅ 200 — allowed by firewall |
 | `egress-blocked-http` | `http://api.weather.gov` (HTTP/port 80) | ❌ 5xx — HTTP blocked by firewall |
 | `egress-blocked-host` | `https://api.accuweather.com` (HTTPS) | ❌ 5xx — host not in allow list |
@@ -55,8 +55,8 @@ The sample deploys the following resources into the infrastructure resource grou
 ## ⚙️ Configuration
 
 1. Decide which of the [Infrastructure Architectures](../../README.md#infrastructure-architectures) you wish to use.
-    1. If the infrastructure _does not_ yet exist, navigate to the desired [infrastructure](../../infrastructure/) folder and follow its README.md.
-    1. If the infrastructure _does_ exist, adjust the `user-defined parameters` in the _Initialize notebook variables_ cell below.
+    1. If the infrastructure *does not* yet exist, navigate to the desired [infrastructure](../../infrastructure/) folder and follow its README.md.
+    1. If the infrastructure *does* exist, adjust the `user-defined parameters` in the *Initialize notebook variables* cell below.
 1. Adjust `apim_nsg_name` if your infrastructure was deployed with strict NSGs (`nsg-apim-strict`).
 
 > **Supported VNet SKUs only**: APIM must be deployed with a VNet-capable SKU. For `appgw-apim-pe` (Private Link, default), use `STANDARDV2` or `PREMIUMV2`. For `appgw-apim`, use `DEVELOPER` or `PREMIUM` (VNet injection) or `STANDARDV2` or `PREMIUMV2` (VNet integration). Basic, Standard, and BasicV2 are not supported.
diff --git a/samples/general/README.md b/samples/general/README.md
index 76681397..f4c71911 100644
--- a/samples/general/README.md
+++ b/samples/general/README.md
@@ -24,6 +24,4 @@ Sets up a simple APIM instance with a variety of policies to experiment.
 1. Decide which of the [Infrastructure Architectures](../../README.md#infrastructure-architectures) you wish to use.
 1. Press `Run All` in this sample's `create.ipynb` notebook.
 
-
-
 [apim-policy-snippets]: https://github.com/Azure/api-management-policy-snippets
diff --git a/samples/load-balancing/README.md b/samples/load-balancing/README.md
index bca028d0..607a8139 100644
--- a/samples/load-balancing/README.md
+++ b/samples/load-balancing/README.md
@@ -25,15 +25,15 @@ This lab integrates into an existing Azure Container Apps architecture and sets
 
 The notebook exercises each load-balancing strategy with a dedicated test. Run order and run counts are fixed; behaviour varies by backend pool configuration and per-test sleep semantics.
 
-| #   | Test                                | API path                  | Runs | Pool / Backends                           | Sleep semantics                                                                 | Key behaviour verified                                                                 | Chart |
-| --- | ----------------------------------- | ------------------------- | ---- | ----------------------------------------- | ------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | ----- |
-| 1   | Prioritized Distribution            | `/lb-prioritized`         | 15   | 2 backends, priorities P1 -> P2           | None                                                                            | First request lands on P1 (index 0, count 1); P1 serves until exhaustion, then P2 takes over until the pool is unhealthy | Yes   |
-| 2   | Weighted (50/50)                    | `/lb-weighted-equal`      | 15   | 2 backends, equal weight                  | None                                                                            | Requests alternate across the two backends until exhaustion                              | Yes   |
-| 3   | Weighted (80/20)                    | `/lb-weighted-unequal`    | 15   | 2 backends, 80/20 weight                  | None                                                                            | Distribution roughly tracks the configured 80/20 weighting until exhaustion              | Yes   |
-| 4   | Prioritized & Weighted              | `/lb-prioritized-weighted`| 25   | 3 backends, P1 then 2 x P2 equal weight   | None                                                                            | P1 serves first; P2 pair then takes over with equal weighting until the pool is unhealthy | Yes   |
-| 5   | Prioritized & Weighted (500ms sleep)| `/lb-prioritized-weighted`| 20   | Same as #4                                | 500 ms sleep between every request                                              | The sleep gives backends time to recover, so the pool keeps serving longer before exhaustion | Yes |
-| 6   | Absolute-Time `Retry-After` Tracking| `/lb-retry-tracked`       | 25   | 2 backends, priorities P1 -> P2           | On every 429 with a parseable `Retry-After`, the loop sleeps exactly that many seconds (the policy bakes in a +1s buffer) | Pre-first-wait `Retry-After` values are non-increasing; first emitted value is > 0; at least one request after the first wait returns 200 (pool recovered) | Yes |
-| 7   | 503-to-429 Error Handling           | `/lb-429-prioritized`     | 12   | 2 backends, priorities P1 -> P2           | None                                                                            | At least one 429 is returned once the pool is exhausted; 429 responses carry a `Retry-After` header and non-429 responses do not | No    |
+| # | Test | API path | Runs | Pool / Backends | Sleep semantics | Key behaviour verified | Chart |
+| --- | --- | --- | --- | --- | --- | --- | --- |
+| 1 | Prioritized Distribution | `/lb-prioritized` | 15 | 2 backends, priorities P1 -> P2 | None | First request lands on P1 (index 0, count 1); P1 serves until exhaustion, then P2 takes over until the pool is unhealthy | Yes |
+| 2 | Weighted (50/50) | `/lb-weighted-equal` | 15 | 2 backends, equal weight | None | Requests alternate across the two backends until exhaustion | Yes |
+| 3 | Weighted (80/20) | `/lb-weighted-unequal` | 15 | 2 backends, 80/20 weight | None | Distribution roughly tracks the configured 80/20 weighting until exhaustion | Yes |
+| 4 | Prioritized & Weighted | `/lb-prioritized-weighted` | 25 | 3 backends, P1 then 2 x P2 equal weight | None | P1 serves first; P2 pair then takes over with equal weighting until the pool is unhealthy | Yes |
+| 5 | Prioritized & Weighted (500ms sleep) | `/lb-prioritized-weighted` | 20 | Same as #4 | 500 ms sleep between every request | The sleep gives backends time to recover, so the pool keeps serving longer before exhaustion | Yes |
+| 6 | Absolute-Time `Retry-After` Tracking | `/lb-retry-tracked` | 25 | 2 backends, priorities P1 -> P2 | On every 429 with a parseable `Retry-After`, the loop sleeps exactly that many seconds (the policy bakes in a +1s buffer) | Pre-first-wait `Retry-After` values are non-increasing; first emitted value is > 0; at least one request after the first wait returns 200 (pool recovered) | Yes |
+| 7 | 503-to-429 Error Handling | `/lb-429-prioritized` | 12 | 2 backends, priorities P1 -> P2 | None | At least one 429 is returned once the pool is exhausted; 429 responses carry a `Retry-After` header and non-429 responses do not | No |
 
 Tests 1-6 run in the *Verify Deployment* cell; test 7 runs in the separate *Test 503-to-429 Error Handling* cell. All charts apply a 95th-percentile cutoff when computing the mean so the cold-path first request does not skew the steady-state average.
 
diff --git a/samples/oauth-3rd-party/README.md b/samples/oauth-3rd-party/README.md
index 264e6725..00e5e200 100644
--- a/samples/oauth-3rd-party/README.md
+++ b/samples/oauth-3rd-party/README.md
@@ -13,7 +13,7 @@ Sets up a 3rd party integration via [Azure API Management Credential Manager][ap
 1. Distinguish between authentication to APIM via JSON Web Tokens and to the 3rd party using Credential Manager.
 1. Understand how API Management supports OAuth 2.0 authentication (authN) with JSON Web Tokens (JWT).
 1. Learn how authorization (authZ) can be accomplished based on JWT claims.
-1. Configure authN and authZ at the API level (simpler than _AuthX-Pro_)
+1. Configure authN and authZ at the API level (simpler than *AuthX-Pro*)
 1. Use external secrets in policies.
 1. Experience how API Management policy fragments simplify shared logic.
 
@@ -26,31 +26,31 @@ Beyond the [general prerequisites](../../README.md#-getting-started) (Azure subs
 
 ### A Spotify Account
 
-1. You can use your existing Spotify account or sign up for a new one [here][spotify-signup]. Please ensure you adhere to Spotify's terms & conditions of use.
+1. You can use your existing Spotify account or visit the [Spotify signup page][spotify-signup] to create one. Please ensure you adhere to Spotify's terms & conditions of use.
 
 ### A Spotify Application
 
-In order for API Management to gain access to Spotify's API, we need to create an application that represents API Management. 
+In order for API Management to gain access to Spotify's API, we need to create an application that represents API Management.
 
 1. Open or log into the [Spotify Developer Dashboard][spotify-dashboard].
-1. Review and accept the _Spotify Developer Terms of Service_, if required.
+1. Review and accept the *Spotify Developer Terms of Service*, if required.
 1. Proceed with verifying your email address, if required.
 1. If the Dashboard does not open immediately, select it from the menu after clicking on your profile name (top-right corner).
 1. [Create the app][spotify-create-app]:
-    - **App Name**: _APIM_
-    - **App Description**: _API Management_
-    - **Redirect URIs**: https://localhost:8080/callback
+    - **App Name**: *APIM*
+    - **App Description**: *API Management*
+    - **Redirect URIs**: <https://localhost:8080/callback>
         We will update this placeholder once we have the APIM URL.
-    - **Which API/SDKs are you planning to use?** _Web API_
-1. Once the app has been created, copy the _Client ID_ and _Client secret_ into the root `.env` file. We will need them for the Credential Manager setup.
+    - **Which API/SDKs are you planning to use?** *Web API*
+1. Once the app has been created, copy the *Client ID* and *Client secret* into the root `.env` file. We will need them for the Credential Manager setup.
 1. Leave the Dashboard page open in your browser, as we will need to replace the Redirect URI shortly.
 1. Proceed to the [create](./create.ipynb) Jupyter notebook and follow directions there.
 
 ## 📝 Scenario
 
-We chose Spotify as it provides an extensive [REST API][spotify-rest-api] and has relatively generous limits on free API access. This makes for a relatively straight-forward experience for this sample. 
+We chose Spotify as it provides an extensive [REST API][spotify-rest-api] and has relatively generous limits on free API access. This makes for a relatively straight-forward experience for this sample.
 Specifically, this sample uses Spotify's REST API to obtain information about its deep music and artist catalog. API Management is registered as an application in Spotify's applications with its own client ID and client secret for a given scope. This application is then set up as a generic OAuth 2.0 integration in Credential Manager.  
-Furthermore, we build on the knowledge gained from the _AuthX_ and _AuthX-Pro_ samples to authentication callers and authorize their use of the Spotify integration. 
+Furthermore, we build on the knowledge gained from the *AuthX* and *AuthX-Pro* samples to authentication callers and authorize their use of the Spotify integration.
 
 We use only one persona in this sample:
 
@@ -59,15 +59,13 @@ We use only one persona in this sample:
 The API hierarchy is as follows:
 
 1. All APIs / global
-    This is a great place to do authentication, but we refrain from doing it in the sample as to not affect other samples. 
+    This is a great place to do authentication, but we refrain from doing it in the sample as to not affect other samples.
 1. Marketing Member
 
 ## Acknowledgement
 
 We thank [Spotify][spotify] for access to their API. Keep building great products!
 
-
-
 [apim-credential-manager]: https://learn.microsoft.com/azure/api-management/credentials-overview
 [spotify]: https://www.spotify.com
 [spotify-create-app]: https://developer.spotify.com/dashboard/create
diff --git a/samples/secure-blob-access/README.md b/samples/secure-blob-access/README.md
index b82156e4..75df7038 100644
--- a/samples/secure-blob-access/README.md
+++ b/samples/secure-blob-access/README.md
@@ -15,21 +15,20 @@ This sample demonstrates implementing the **valet key pattern** with Azure API M
 
 ## 📝 Scenario
 
-This sample demonstrates how a Human Resources (HR) application or user can securely gain access to an HR file. The authentication and authorization between the application or the user is with APIM. Once verified, APIM then uses its own managed identity to verify the blob exists, obtains a user delegation key from Azure Storage, and creates a User Delegation SAS token for direct, secure, time-limited access to the blob. This token is then combined with the URL to the blob before it is returned to the API caller. Once received, the caller can then _directly_ access the blob on storage. 
+This sample demonstrates how a Human Resources (HR) application or user can securely gain access to an HR file. The authentication and authorization between the application or the user is with APIM. Once verified, APIM then uses its own managed identity to verify the blob exists, obtains a user delegation key from Azure Storage, and creates a User Delegation SAS token for direct, secure, time-limited access to the blob. This token is then combined with the URL to the blob before it is returned to the API caller. Once received, the caller can then *directly* access the blob on storage.
 
-This is an implementation of the valet key pattern, which ensures that APIM is not used as the download (or upload) conduit of the blob, which could potentially be quite large. Instead, APIM is used very appropriately for facilitating means of secure access to the resource only. 
+This is an implementation of the valet key pattern, which ensures that APIM is not used as the download (or upload) conduit of the blob, which could potentially be quite large. Instead, APIM is used very appropriately for facilitating means of secure access to the resource only.
 
-This sample builds upon knowledge gained from the _AuthX_ and _AuthX-Pro_ samples. 
+This sample builds upon knowledge gained from the *AuthX* and *AuthX-Pro* samples.
 
 ## 🛩️ Lab Components
 
 This lab sets up:
+
 - A simple Azure Storage account with LRS redundancy and shared key access disabled
 - A blob container with a sample text file
 - APIM managed identity with Storage Blob Data Reader and Storage Blob Delegator permissions
 - An API that generates User Delegation SAS tokens for secure blob access URLs using the valet key pattern
 - Sample files: a text file for testing
 
-
-
 [valet-key-pattern]: https://learn.microsoft.com/azure/architecture/patterns/valet-key
diff --git a/setup/README.md b/setup/README.md
index dffc878e..3cd49d73 100644
--- a/setup/README.md
+++ b/setup/README.md
@@ -7,6 +7,7 @@ Configures cross-platform PYTHONPATH for APIM Samples and provides streamlined l
 Install uv (fast Python package manager) before proceeding:
 
 **Windows:**
+
 ```powershell
 # Using winget (recommended)
 winget install --id=astral-sh.uv -e
@@ -16,6 +17,7 @@ scoop install uv
 ```
 
 **macOS:**
+
 ```bash
 # Using Homebrew
 brew install uv
@@ -25,12 +27,14 @@ curl -LsSf https://astral.sh/uv/install.sh | sh
 ```
 
 **Linux:**
+
 ```bash
 # Using the official installer
 curl -LsSf https://astral.sh/uv/install.sh | sh
 ```
 
 Verify installation:
+
 ```bash
 uv --version
 ```
@@ -46,6 +50,7 @@ python setup/local_setup.py --complete-setup
 ```
 
 This will:
+
 - Generate `.env` file for Python path configuration
 - Register the standardized "APIM Samples Python 3.12" Jupyter kernel
 - Configure VS Code settings for automatic kernel selection
@@ -85,6 +90,7 @@ python setup/verify_setup.py
 ```
 
 This checks:
+
 - Virtual environment activation
 - Required package installation
 - Shared module imports
@@ -102,6 +108,7 @@ To ensure notebooks always use the correct kernel ("APIM Samples Python 3.12" in
 3. **Verify with**: `python setup/verify_setup.py`
 
 If you still see incorrect kernel names, run:
+
 ```shell
 python setup/local_setup.py --force-kernel
 ```
@@ -109,6 +116,7 @@ python setup/local_setup.py --force-kernel
 ## Troubleshooting
 
 ### Kernel Issues
+
 - **Problem**: Notebooks show ".venv" or "python3" instead of "APIM Samples Python 3.12"
 - **Solution**: Run `--force-kernel` and restart VS Code
 
@@ -147,7 +155,7 @@ bash setup/clean-local-artifacts.sh
 The following are removed:
 
 | Type | Items |
-|---|---|
+| --- | --- |
 | Cache directories | `.pytest_cache`, `.ruff_cache`, `__pycache__` |
 | Test/coverage artifacts | `htmlcov`, `.coverage`, `.coverage.*` |
 | Build/package artifacts | `build`, `dist`, `.eggs`, `*.egg-info` |

From c519b0e204da9f027cedd0926fd98ac18819b8c7 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 11:24:09 -0400
Subject: [PATCH 09/31] Refactor Markdown

---
 .devcontainer/CODESPACES-QUICKSTART.md        |  6 +-
 .devcontainer/README.md                       | 49 ++++++++--
 .github/agents/apim-sample-creator.agent.md   |  2 +
 .github/agents/apim-sample-publisher.agent.md |  8 +-
 .github/copilot-instructions.md               | 92 +++++++++++++-----
 .github/github-workflows.instructions.md      | 12 ++-
 .github/markdown.instructions.md              | 93 +++++++++++--------
 .github/python.instructions.md                |  6 +-
 .github/skills/apim-bicep/SKILL.md            |  2 +-
 .github/skills/apim-policies/SKILL.md         |  4 +-
 .github/skills/sample-creator/SKILL.md        |  7 +-
 .markdownlint-cli2.jsonc                      |  8 ++
 .vscode/APIM-POLICY-CONFIG.md                 | 15 +++
 13 files changed, 222 insertions(+), 82 deletions(-)
 create mode 100644 .markdownlint-cli2.jsonc

diff --git a/.devcontainer/CODESPACES-QUICKSTART.md b/.devcontainer/CODESPACES-QUICKSTART.md
index b0df69ba..506723a1 100644
--- a/.devcontainer/CODESPACES-QUICKSTART.md
+++ b/.devcontainer/CODESPACES-QUICKSTART.md
@@ -3,6 +3,7 @@
 ## ✅ What's ready for you
 
 Your Codespace has automatically set up:
+
 - Python virtual environment (`.venv`)
 - Azure CLI
 - All project dependencies
@@ -31,6 +32,7 @@ az login --tenant <your-tenant-id>
 ## 🚀 Ready to go?
 
 ### Start with a sample
+
 1. Open any notebook in `infrastructure/` or `samples/`
 2. If prompted, select the **Python (.venv)** kernel
 3. Run the cells
@@ -38,6 +40,7 @@ az login --tenant <your-tenant-id>
 Each folder has a `README.md` with full deployment steps.
 
 ### Use the Developer CLI
+
 ```bash
 bash start.sh
 ```
@@ -47,7 +50,7 @@ bash start.sh
 ## 📋 If something isn't working
 
 | Issue | Solution |
-|-------|----------|
+| --- | --- |
 | Virtual environment not active | New terminals auto-activate. If you see no `(.venv)` prefix, run: `source .venv/bin/activate` |
 | Extensions not ready | Wait for VS Code status bar to stop spinning (~1 minute) |
 | Need to verify setup | Run: `python setup/verify_local_setup.py` |
@@ -55,5 +58,4 @@ bash start.sh
 
 ---
 
-
 Ready? Start with the README in the root folder for the big picture!
diff --git a/.devcontainer/README.md b/.devcontainer/README.md
index 216e5fba..19cbb210 100644
--- a/.devcontainer/README.md
+++ b/.devcontainer/README.md
@@ -4,6 +4,7 @@ This directory contains the optimized dev container configuration for the Azure
 
 ## 📋 Table of Contents
 
+<!-- markdownlint-disable MD051 -->
 - [Overview](#overview)
 - [Files in this Directory](#files-in-this-directory)
 - [Setup Stages](#setup-stages)
@@ -12,6 +13,7 @@ This directory contains the optimized dev container configuration for the Azure
 - [Jupyter Kernel Configuration](#jupyter-kernel-configuration)
 - [Troubleshooting](#troubleshooting)
 - [Performance Notes](#performance-notes)
+<!-- markdownlint-enable MD051 -->
 
 ## 🎯 Overview
 
@@ -30,7 +32,7 @@ This approach ensures that time-consuming operations happen during container pre
 ### Core Configuration Files
 
 | File | Purpose | Stage |
-|------|---------|-------|
+| --- | --- | --- |
 | `python312/devcontainer.json` | Dev container configuration (Python 3.12) | All |
 | `python312/Dockerfile` | Container image definition (Python 3.12) | Build |
 | `python313/devcontainer.json` | Dev container configuration (Python 3.13) | All |
@@ -43,18 +45,21 @@ This approach ensures that time-consuming operations happen during container pre
 ### Configuration Details
 
 #### `devcontainer.json` (per Python version folder)
+
 - **Features**: Azure CLI, common utilities, Git, Docker-in-Docker
 - **Extensions**: Python, Jupyter, Bicep, GitHub Copilot, and more
 - **Lifecycle Commands**: Optimized three-stage setup
 - **Port Forwarding**: Common development ports (3000, 5000, 8000, 8080)
 
 #### `Dockerfile` (per Python version folder)
+
 - **Base Image**: Microsoft's Python 3.12/3.13/3.14 dev container (depending on folder)
 - **System Dependencies**: Essential packages and tools
 - **Azure CLI Setup**: Extensions and configuration for Codespaces
 - **Virtual Environment**: Auto-activation configuration
 
 #### `post-start-setup.sh` (shared behavior)
+
 - **Location**: `.devcontainer/post-start-setup.sh` is invoked by each Python variant's `post-start-setup.sh` wrapper
 - **Environment Verification**: Quick checks and status reporting
 - **Fallback Installation**: Safety net for missing components
@@ -73,6 +78,7 @@ All three are supported and prebuilt; choose the Python runtime that best matche
 ### ⚠️ About the "Default" Option
 
 GitHub Codespaces will also display a generic **"Default"** dev container option. **Do not use this option** — it will result in:
+
 - Significantly slower startup times (5-10 minutes vs. ~30 seconds)
 - Missing tools, extensions, and optimizations
 - Suboptimal development experience
@@ -82,16 +88,20 @@ GitHub Codespaces will also display a generic **"Default"** dev container option
 ## 🚀 Setup Stages
 
 ### Stage 1: Container Build (Dockerfile)
+
 **When it runs**: During initial container build
 **What it does**:
+
 - Installs the selected Python version (3.12, 3.13, or 3.14) and system dependencies
 - Configures Azure CLI for Codespaces (device code authentication)
 - Installs Azure CLI extensions (`containerapp`, `front-door`)
 - Sets up shell auto-activation for virtual environment
 
 ### Stage 2: Content Update (devcontainer.json)
+
 **When it runs**: During prebuild when content changes
 **What it does**:
+
 - Creates Python virtual environment with uv
 - Installs all Python packages via `uv sync` (pyproject.toml)
 - Generates environment configuration (`.env` file)
@@ -99,8 +109,10 @@ GitHub Codespaces will also display a generic **"Default"** dev container option
 - Configures Azure CLI settings
 
 ### Stage 3: Runtime Verification (post-start-setup.sh)
+
 **When it runs**: Every time the container starts
 **What it does**:
+
 - Verifies environment setup (< 10 seconds)
 - Provides status reporting and user guidance
 - Performs fallback installation if needed
@@ -109,6 +121,7 @@ GitHub Codespaces will also display a generic **"Default"** dev container option
 ## ⚡ Optimization Strategy
 
 ### What Moved to Prebuild
+
 - ✅ Python package installation
 - ✅ Virtual environment creation
 - ✅ Azure CLI extension installation
@@ -117,12 +130,14 @@ GitHub Codespaces will also display a generic **"Default"** dev container option
 - ✅ VS Code extension installation
 
 ### What Stays in Runtime
+
 - ✅ Environment verification
 - ✅ Status reporting and user guidance
 - ✅ Fallback installation (safety net)
 - ✅ Performance timing and completion messages
 
 ### Performance Benefits
+
 - **Faster Startup**: Most heavy operations happen during prebuild
 - **Better UX**: Users see verification instead of installation progress
 - **Reliability**: Fallback mechanisms ensure robustness
@@ -133,7 +148,7 @@ GitHub Codespaces will also display a generic **"Default"** dev container option
 To further optimize the startup experience, several VS Code extensions are pre-installed in the container image rather than being installed at container startup:
 
 | Extension ID | Description |
-|-------------|-------------|
+| --- | --- |
 | ms-python.python | Python language support |
 | ms-python.debugpy | Python debugging |
 | ms-toolsai.jupyter | Jupyter notebook support |
@@ -172,7 +187,7 @@ This pre-installation happens in the Dockerfile and significantly reduces contai
 ### Prebuild Benefits
 
 | Aspect | Without Prebuild | With Prebuild |
-|--------|------------------|---------------|
+| --- | --- | --- |
 | **Startup Time** | 5-10 minutes | 10-30 seconds |
 | **User Experience** | Watch installation progress | See verification only |
 | **Resource Usage** | Build every time | Build once, use many times |
@@ -184,6 +199,7 @@ This pre-installation happens in the Dockerfile and significantly reduces contai
 Our devcontainer uses two key lifecycle commands optimized for prebuild:
 
 #### `onCreateCommand` (Container Creation)
+
 ```bash
 # Creates Python virtual environment with uv and registers Jupyter kernel
 # Note: The Python path varies by selected variant (3.12/3.13/3.14)
@@ -194,6 +210,7 @@ python -m ipykernel install --user --name=python-venv --display-name='Python (.v
 ```
 
 #### `updateContentCommand` (Content Updates)
+
 ```bash
 # Installs Python packages via uv and configures environment
 source /workspaces/Apim-Samples/.venv/bin/activate &&
@@ -207,6 +224,7 @@ az extension add --name front-door --only-show-errors
 ### When Prebuild is Triggered
 
 Prebuild automatically occurs when you push changes to:
+
 - `.devcontainer/devcontainer.json`
 - `.devcontainer/Dockerfile`
 - `pyproject.toml` (when referenced in `updateContentCommand`)
@@ -246,16 +264,19 @@ You can monitor prebuild status in several ways:
 To refresh the prebuilt container (recommended periodically):
 
 #### Method 1: Trigger via Configuration Change
+
 1. Make a small change to `.devcontainer/devcontainer.json` (e.g., add a comment)
 2. Commit and push the change
 3. GitHub will automatically trigger a new prebuild
 
 #### Method 2: Manual Trigger (if available)
+
 1. Go to your repository's Codespaces settings
 2. Find the prebuild configuration
 3. Click "Trigger prebuild" if the option is available
 
 #### Method 3: Update Dependencies
+
 1. Update `pyproject.toml` with newer package versions or add new dependencies
 2. Commit and push the changes
 3. Prebuild will automatically run with updated dependencies
@@ -272,7 +293,7 @@ To refresh the prebuilt container (recommended periodically):
 ### Prebuild vs Runtime Separation
 
 | Operation | Prebuild Stage | Runtime Stage |
-|-----------|----------------|---------------|
+| --- | --- | --- |
 | Python packages | ✅ Install all | ❌ Verify only |
 | Virtual environment | ✅ Create and configure | ❌ Activate only |
 | Azure CLI extensions | ✅ Install | ❌ Verify only |
@@ -289,12 +310,15 @@ The dev container is configured with a standardized Jupyter kernel for optimal P
 - **Python Path**: `/workspaces/Apim-Samples/.venv/bin/python`
 
 ### Kernel Registration Details
+
 The kernel is automatically registered during the prebuild stage using:
+
 ```bash
 python -m ipykernel install --user --name=python-venv --display-name="Python (.venv)"
 ```
 
 ### VS Code Kernel Configuration
+
 The `devcontainer.json` includes specific Jupyter settings to ensure proper kernel selection:
 
 ```jsonc
@@ -313,8 +337,10 @@ For more details on kernel configuration in VS Code, see: [VS Code Issue #130946
 ### Common Issues and Solutions
 
 #### Virtual Environment Not Found
+
 **Symptom**: Error about missing virtual environment
 **Solution**: The virtual environment should be created during prebuild. If missing:
+
 ```bash
 python3.12 -m venv /workspaces/Apim-Samples/.venv
 source /workspaces/Apim-Samples/.venv/bin/activate
@@ -322,28 +348,35 @@ uv sync
 ```
 
 #### Azure CLI Extensions Missing
+
 **Symptom**: Commands fail with extension not found
 **Solution**: Extensions should install during prebuild. If missing:
+
 ```bash
 az extension add --name containerapp
 az extension add --name front-door
 ```
 
 #### Jupyter Kernel Not Available
+
 **Symptom**: Kernel not visible in VS Code
 **Solution**: Re-register the kernel:
+
 ```bash
 python -m ipykernel install --user --name=python-venv --display-name="Python (.venv)"
 ```
 
 #### Environment Variables Not Set
+
 **Symptom**: Import errors or path issues
 **Solution**: Regenerate the `.env` file:
+
 ```bash
 python setup/local_setup.py --generate-env
 ```
 
 ### Debug Commands
+
 Useful commands for troubleshooting:
 
 ```bash
@@ -370,17 +403,21 @@ cat .env
 ## 📊 Performance Notes
 
 ### Typical Timing
+
 - **First Build**: ~5-10 minutes (includes all prebuild operations)
 - **Subsequent Startups**: ~10-30 seconds (verification only)
 - **Content Updates**: ~2-5 minutes (package updates during prebuild)
 
 ### Monitoring Setup Progress
+
 The post-start script provides real-time feedback:
+
 - **Terminal Output**: Keep the initial terminal open to see progress
 - **Status Messages**: Clear indicators for each verification step
 - **Error Handling**: Detailed messages for any issues encountered
 
 ### Best Practices
+
 1. **Keep Initial Terminal Open**: Shows verification progress and status
 2. **Wait for Completion**: Let the verification finish before starting work
 3. **Check Status Messages**: Review any warnings or errors reported
@@ -390,6 +427,7 @@ The post-start script provides real-time feedback:
 ### Prebuild Refresh Recommendations
 
 **When to refresh prebuilds**:
+
 - Monthly maintenance (keep dependencies current)
 - After major Python package updates
 - When Azure CLI or extensions have significant updates
@@ -397,6 +435,7 @@ The post-start script provides real-time feedback:
 - Before important development cycles or team onboarding
 
 **Quick refresh method**:
+
 ```bash
 # Add a comment to trigger prebuild
 # Edit .devcontainer/devcontainer.json and add/update a comment, then:
@@ -420,7 +459,5 @@ When modifying the dev container setup:
 
 *This dev container configuration is optimized for Azure API Management samples development with fast startup times and comprehensive tooling support.*
 
-
-
 [github-codespaces]: https://github.com/codespaces
 [vscode-issue-130946]: https://github.com/microsoft/vscode/issues/130946#issuecomment-1899389049
diff --git a/.github/agents/apim-sample-creator.agent.md b/.github/agents/apim-sample-creator.agent.md
index 7465735b..19b394e4 100644
--- a/.github/agents/apim-sample-creator.agent.md
+++ b/.github/agents/apim-sample-creator.agent.md
@@ -7,6 +7,8 @@ argument-hint: "Describe the sample to add, including its sample name, display n
 user-invocable: true
 ---
 
+# APIM Sample Creator
+
 You are the specialist for adding new samples to the APIM Samples repository.
 
 ## Required Inputs
diff --git a/.github/agents/apim-sample-publisher.agent.md b/.github/agents/apim-sample-publisher.agent.md
index ec96b99d..6e286a0e 100644
--- a/.github/agents/apim-sample-publisher.agent.md
+++ b/.github/agents/apim-sample-publisher.agent.md
@@ -6,6 +6,8 @@ argument-hint: "Describe the sample to publish, including its folder name and wh
 user-invocable: true
 ---
 
+# APIM Sample Publisher
+
 You are the specialist for publishing an APIM sample after its implementation is ready for a final quality pass. Your job is to leave the repository buttoned up for review or release: documentation is synchronized, public surfaces and search metadata agree, source artifacts are validated, and any remaining manual checks are explicit.
 
 ## Scope
@@ -80,9 +82,9 @@ Treat search visibility as a publication criterion, not as optional polish. Revi
    uv run python setup/export_presentation.py
    ```
 
-12. Run the SEO pass when public website content changed. Parse the inline JSON-LD block and `docs/sitemap.xml`, then verify that structured-data entries and visible cards stay synchronized.
-13. Preview the staged website when website or deck content changed. Use `uv run python setup/serve_website.py` and review both the landing page and `/slide-deck.html`. Check desktop and narrow layouts when visual changes are material.
-14. Inspect the final diff after validation. Do not include generated artifacts such as `build/`, `_site/`, coverage files, or lint reports unless the repository intentionally tracks them.
+1. Run the SEO pass when public website content changed. Parse the inline JSON-LD block and `docs/sitemap.xml`, then verify that structured-data entries and visible cards stay synchronized.
+2. Preview the staged website when website or deck content changed. Use `uv run python setup/serve_website.py` and review both the landing page and `/slide-deck.html`. Check desktop and narrow layouts when visual changes are material.
+3. Inspect the final diff after validation. Do not include generated artifacts such as `build/`, `_site/`, coverage files, or lint reports unless the repository intentionally tracks them.
 
 When live Azure validation is relevant but not requested or not available, report the exact notebook scenario and supported infrastructure combinations that remain to be exercised. Do not substitute unit tests for live scenario evidence.
 
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index bf64d1b0..c02701f3 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -66,6 +66,9 @@ Uniformity, clarity, and ease of use are paramount across all infrastructures an
 ## General Coding Guidelines
 
 - All code, scripts, and configuration must be cross-platform compatible, supporting Windows, Linux, and macOS. If any special adjustments are to be made, please clearly indicate so in comments.
+- Treat CodeQL rules as code-generation requirements. Before writing or changing code, consider applicable security queries and use patterns that are structurally safe and recognizable to static analysis.
+- Do not validate, allowlist, or sanitize URLs with substring checks. Parse the URL and compare the required scheme, hostname, port, and path components explicitly. In tests, parse structured content and assert exact URL-bearing fields instead of searching serialized text for a URL substring.
+- Resolve CodeQL findings at the source. Do not suppress, dismiss, or weaken a security query unless the repository maintainers have documented why the result is a false positive and approved the narrowest possible suppression.
 - Prioritize clarity, maintainability, and readability in all generated code.
 - Focus on achieving a Minimal Viable Product (MVP) first, then iterate.
 - Follow language-specific conventions and style guides (e.g., PEP 8 for Python).
@@ -88,13 +91,13 @@ Uniformity, clarity, and ease of use are paramount across all infrastructures an
 
 - `/`: Root directory containing the main files and folders. Bicep configuration is stored in `bicepconfig.json`.
 - The following folders are all at the root level:
-    - `assets/`: Draw.io diagrams, SVG exports, and images. Static assets such as these should be placed here. Architecture diagrams should be placed in the /diagrams subfolder.
-    - `docs/`: Source for the public GitHub Pages landing page. See the *GitHub Pages Site* section below for upkeep rules.
-    - `infrastructure/`: Contains Jupyter notebooks for setting up various API Management infrastructures. When modifying samples, these notebooks should not need to be modified.
-    - `samples/`: Various policy and scenario samples that can be applied to the infrastructures.
-    - `setup/`: General setup scripts and configurations for the repository and dev environment setup.
-    - `shared/`: Shared resources, such as Bicep modules, Python libraries, and other reusable components.
-    - `tests/`: Contains unit tests for Python code and Bicep modules. This folder should contain all tests for all code in the repository.
+  - `assets/`: Draw.io diagrams, SVG exports, and images. Static assets such as these should be placed here. Architecture diagrams should be placed in the /diagrams subfolder.
+  - `docs/`: Source for the public GitHub Pages landing page. See the *GitHub Pages Site* section below for upkeep rules.
+  - `infrastructure/`: Contains Jupyter notebooks for setting up various API Management infrastructures. When modifying samples, these notebooks should not need to be modified.
+  - `samples/`: Various policy and scenario samples that can be applied to the infrastructures.
+  - `setup/`: General setup scripts and configurations for the repository and dev environment setup.
+  - `shared/`: Shared resources, such as Bicep modules, Python libraries, and other reusable components.
+  - `tests/`: Contains unit tests for Python code and Bicep modules. This folder should contain all tests for all code in the repository.
 
 ## Infrastructure Development Guidelines
 
@@ -103,6 +106,7 @@ Infrastructures live in `infrastructure/[infra-name]/` and provide the foundatio
 ### Infrastructure File Structure
 
 Each infrastructure in `infrastructure/[infra-name]/` must contain:
+
 - `create.ipynb` - Jupyter notebook that deploys the infrastructure
 - `create_infrastructure.py` - Python helper script for infrastructure creation logic
 - `main.bicep` - Bicep template for deploying the infrastructure resources
@@ -115,24 +119,28 @@ Each infrastructure in `infrastructure/[infra-name]/` must contain:
 All infrastructure notebooks must follow this exact cell pattern:
 
 #### Cell 1: Configure & Create (Markdown)
+
 - Heading: `### 🛠️ Configure Infrastructure Parameters & Create the Infrastructure`
 - One-sentence description naming the specific infrastructure
 - Bold reminder: `❗️ **Modify entries under _User-defined parameters_**.`
 - Optional: a short note if the infrastructure has unique deployment phases (e.g. private link approval)
 
 #### Cell 2: Configure & Create (Python Code)
+
 - Import only `APIM_SKU`, `INFRASTRUCTURE` from `apimtypes`, `InfrastructureNotebookHelper` from `utils`, and `print_ok` from `console`
 - `USER CONFIGURATION` section with `rg_location`, `index`, and `apim_sku` (comment each with inline description)
 - `SYSTEM CONFIGURATION` section: instantiate `InfrastructureNotebookHelper` and call `create_infrastructure()`
 - Final line: `print_ok('All done!')`
 
 #### Cell 3: Clean Up (Markdown)
+
 - Heading: `### 🗑️ Clean up resources`
 - Standard text: "When you're finished experimenting, it's advisable to remove all associated resources from Azure to avoid unnecessary cost. Use the clean-up notebook for that."
 
 ### Infrastructure README.md
 
 Use this consistent layout:
+
 - **Title** - Name of the architecture (e.g. "Simple API Management Infrastructure")
 - **Description** - One to two sentences summarising the architecture and its value
 - **Architecture diagram** - `<img>` tag referencing the SVG in the infrastructure folder
@@ -148,6 +156,7 @@ Use this consistent layout:
 ### Sample File Structure
 
 Each sample in `samples/[sample-name]/` must contain:
+
 - `create.ipynb` - Jupyter notebook that deploys and demonstrates the sample
 - `main.bicep` - Bicep template for deploying sample resources
 - `README.md` - Documentation explaining the sample, use cases, and concepts
@@ -160,6 +169,7 @@ New sample-owned APIM policy XML and KQL files must not be placed at the sample
 ### New Sample Sync Checklist
 
 Whenever a new sample is added:
+
 - Ask for the sample name if it has not been provided. Do not invent it.
 - Ask for supported infrastructures if they have not been provided. Do not assume "All infrastructures".
 - Create the sample under `samples/[sample-name]/` unless the user explicitly requests another location.
@@ -175,20 +185,25 @@ Whenever a new sample is added:
 Follow this pattern for **all** sample `create.ipynb` files. Consistency here is critical - users should recognise the layout immediately from having used any other sample:
 
 #### Cell 1: Title & Overview (Markdown)
+
 - Notebook title and brief description
 - Reference to README.md for detailed information
 
 #### Cell 2: What This Sample Does (Markdown)
+
 - Bullet list of key actions/demonstrations
 - Keep focused on user-facing outcomes
 
 #### Cell 3: Initialize Notebook Variables (Markdown)
+
 - Heading with note that only USER CONFIGURATION should be modified
 
 #### Cell 4: Initialize Notebook Variables (Python Code)
+
 **This cell should be straightforward configuration only. No Azure SDK calls here.**
 
 Structure:
+
 1. Import statements at the top:
    - Standard library imports (time, json, tempfile, requests, pathlib, datetime)
    - `utils`, `apimtypes`, `console`, `azure_resources` (including `az`, `get_infra_rg_name`, `get_account_info`)
@@ -211,6 +226,7 @@ Structure:
 **Important:** Do NOT call `az` commands in this cell. Do NOT create a config dictionary. Do NOT initialize deployment outputs. All Azure operations and variable definitions should happen in subsequent operation cells.
 
 #### Cell 5+: Functional Cells (Markdown + Code pairs)
+
 - Each logical operation gets a markdown heading cell followed by one or more code cells
 - Keep educational configuration, scenario steps, and key APIM concepts visible in the notebook. Extract non-educational Python mechanics, such as reusable orchestration, parsing, retries, polling, data transformation, and repeated request setup, into existing shared helpers or focused sample-local Python helper modules. Compose established helpers first; extend one only when the behavior belongs to its existing responsibility, state, and lifecycle.
 - Follow `shared/python/README.md` for the complete helper and supporting-class strategy, including ownership, dependency direction, state, lifecycle, selective autoreload, promotion, and testing rules.
@@ -223,22 +239,26 @@ Structure:
 **First operation cell (typically deployment):**
 
 ⚠️ **CRITICAL**: Use `nb_helper.deploy_sample()` for all sample deployments. This method:
-  - Automatically validates the infrastructure exists (checks resource group)
-  - Prompts user to select or create infrastructure if needed
-  - Handles all Azure availability checks internally
-  - Returns deployment outputs including the APIM service name
+
+- Automatically validates the infrastructure exists (checks resource group)
+- Prompts user to select or create infrastructure if needed
+- Handles all Azure availability checks internally
+- Returns deployment outputs including the APIM service name
 
 **Process:**
+
 1. Print configuration summary using variables from init cell
 2. Build `bicep_parameters` dict with sample-specific parameters (e.g., `location`, `costExportFrequency`)
    - **DO NOT** manually query for APIM services
    - **DO NOT** pass `apimServiceName` to `bicep_parameters` if the infrastructure already provides it
 3. Call `nb_helper.deploy_sample(bicep_parameters)` to deploy Bicep template
 4. Call `nb_helper.get_deployment_context(output)` to validate common outputs, then store its fields as **individual variables** (not in a dictionary)
-  - Example: `apim_name = deployment_context.apim_name`, `apim_gateway_url = deployment_context.apim_gateway_url`
-  - Continue to use `output.get(...)` or `output.getJson(...)` for sample-specific outputs that are not part of `SampleDeploymentContext`
+
+- Example: `apim_name = deployment_context.apim_name`, `apim_gateway_url = deployment_context.apim_gateway_url`
+- Continue to use `output.get(...)` or `output.getJson(...)` for sample-specific outputs that are not part of `SampleDeploymentContext`
 
 **Invalid approach** (do NOT do this):
+
 ```python
 # ❌ WRONG - Manual APIM service queries
 apim_list_result = az.run(f'az apim list --resource-group {rg_name}...')
@@ -249,6 +269,7 @@ bicep_parameters = {'apimServiceName': {'value': apim_name}}
 ```
 
 **Valid approach** (do this):
+
 ```python
 # ✅ CORRECT - Let deploy_sample() handle infrastructure validation
 bicep_parameters = {
@@ -263,6 +284,7 @@ apim_apis = deployment_context.apis
 ```
 
 **Subsequent cells:**
+
 - Check prerequisites with `if 'variable_name' not in locals(): raise SystemExit(1)`
 - Use variables directly in code (e.g., `rg_name`, `subscription_id`, `apim_name`)
 - Do NOT recreate or duplicate variables from previous cells
@@ -271,6 +293,7 @@ apim_apis = deployment_context.apis
 ### Variable Management
 
 **Do NOT use a config dictionary.** Use individual variables that flow naturally through cells:
+
 - Init cell defines user and system configuration variables
 - Deployment cell creates new variables for deployment outputs (e.g., `apim_name`, `app_insights_name`)
 - Subsequent cells reference these variables directly
@@ -278,6 +301,7 @@ apim_apis = deployment_context.apis
 - Variables created in one cell are automatically available in all subsequent cells
 
 Example:
+
 ```python
 # Init cell
 apim_sku = APIM_SKU.BASICV2
@@ -298,6 +322,7 @@ storage_account_id = f'/subscriptions/{subscription_id}/...'
 ### NotebookHelper Usage
 
 **What NotebookHelper does:**
+
 - `__init__()`: Initializes with sample folder, resource group name, location, infrastructure type, and supported infrastructure list
 - `deploy_sample(bicep_parameters)`: Orchestrates the complete deployment process:
   1. Checks if the desired resource group/infrastructure exists
@@ -308,7 +333,9 @@ storage_account_id = f'/subscriptions/{subscription_id}/...'
 - `create_apim_requests(apim_gateway_url, subscription_key=None, headers=None)`: Resolves the selected infrastructure endpoint and creates a configured `ApimRequests` client.
 
 **How to use:**
+
 1. Initialize in the configuration cell (Cell 4):
+
    ```python
    nb_helper = utils.NotebookHelper(
        sample_folder,
@@ -322,6 +349,7 @@ storage_account_id = f'/subscriptions/{subscription_id}/...'
    ```
 
 2. Call in the deployment cell (Cell 5+):
+
    ```python
    bicep_parameters = {
        'location': {'value': rg_location},
@@ -331,15 +359,17 @@ storage_account_id = f'/subscriptions/{subscription_id}/...'
    ```
 
 3. Extract common and sample-specific outputs:
-   ```python
-  deployment_context = nb_helper.get_deployment_context(output)
-  apim_name = deployment_context.apim_name
-  apim_gateway_url = deployment_context.apim_gateway_url
-  apim_apis = deployment_context.apis
+
+    ```python
+    deployment_context = nb_helper.get_deployment_context(output)
+    apim_name = deployment_context.apim_name
+    apim_gateway_url = deployment_context.apim_gateway_url
+    apim_apis = deployment_context.apis
    app_insights_name = output.get('applicationInsightsName')
    ```
 
 **CRITICAL: Do not bypass NotebookHelper!**
+
 - ❌ Do NOT manually check `az group exists`
 - ❌ Do NOT manually query `az apim list` to find APIM services
 - ❌ Do NOT check if resources exist before deployment
@@ -401,11 +431,13 @@ Match the heading emojis, heading levels, and section ordering exactly. If a sec
   - External service accounts (e.g., a Spotify developer account)
   - Special tooling or configuration not covered by the Developer CLI
 - When a Prerequisites section is needed, **open with a one-line reference** to the root README for general prerequisites, then list only the sample-specific requirements. Example:
+
   ```markdown
   ## ✅ Prerequisites
 
   Beyond the [general prerequisites](../../README.md#-getting-started) (Azure subscription, CLI, Python environment), this sample requires ...
   ```
+
 - The `oauth-3rd-party` sample is the canonical example of sample-specific prerequisites (external service accounts). The `costing` sample is the canonical example of additional RBAC requirements.
 
 ### Testing and Traffic Generation
@@ -416,6 +448,7 @@ Match the heading emojis, heading levels, and section ordering exactly. If a sec
 - **One session per cell is fine.** Each notebook cell should be independently runnable, so create and close a session within the same cell rather than sharing one across cells.
 - For `ApimRequests`, use `nb_helper.create_apim_requests(...)` to resolve the correct endpoint URL, headers, and TLS behavior. Use `utils.get_endpoint(...)` directly only when constructing a raw session for high-volume traffic.
 - Session pattern example (preferred for loops):
+
   ```python
   import requests as http_requests
 
@@ -435,7 +468,9 @@ Match the heading emojis, heading levels, and section ordering exactly. If a sec
   finally:
       session.close()
   ```
+
 - ApimRequests example (for structured test verification with logging):
+
   ```python
   from apimtesting import ApimTesting
 
@@ -460,10 +495,10 @@ When designing or restructuring a sample notebook:
 
 ## Language-specific Instructions
 
-  - Python: see `.github/python.instructions.md`
-  - Bicep: see `.github/bicep.instructions.md`
-  - JSON: see `.github/json.instructions.md`
-  - Markdown: see `.github/markdown.instructions.md`
+- Python: see `.github/python.instructions.md`
+- Bicep: see `.github/bicep.instructions.md`
+- JSON: see `.github/json.instructions.md`
+- Markdown: see `.github/markdown.instructions.md`
 
 ## Formatting and Style
 
@@ -492,7 +527,7 @@ The public landing page at <https://azure-samples.github.io/Apim-Samples/> is bu
 **Treat `docs/index.html` as a downstream consumer of the README.** When you change any of the following, update the landing page in the same PR:
 
 | Change | Update required in `docs/index.html` | Also update |
-|---|---|---|
+| --- | --- | --- |
 | Add / remove / rename an **infrastructure** | Add / remove / rename the matching `.infra-card` **and** the matching `ListItem` in the JSON-LD `ItemList` (in `<head>`). Update the infrastructure count in the first `.value-card` if it still says "Five". | Add / remove the SVG copy line in `.github/workflows/github-pages.yml`. |
 | Add / remove / rename a **sample** | Add / remove / rename the matching `.sample-card` **and** the matching `ListItem` in the JSON-LD `ItemList`. | — |
 | Change a sample's **supported infrastructures** | Update the `.infra-tag` text on that sample's card. | — |
@@ -502,6 +537,7 @@ The public landing page at <https://azure-samples.github.io/Apim-Samples/> is bu
 Check `docs/README.md` for local preview instructions and styling notes. The page is deliberately plain static HTML + an external stylesheet (`docs/styles.css`), with no executable JavaScript and no build tooling, so that it cannot rot due to a transitive npm dependency. The only `<script>` tag is the JSON-LD structured-data block, which must stay inline because search-engine crawlers do not reliably follow external JSON-LD references. Keep it that way unless there is a compelling reason to add a build step.
 
 ## Required before each commit
+
 - Ensure all code is well-documented and follows the guidelines in this file.
 - Ensure markdownlint passes with zero violations for all new or modified Markdown files.
 - Ensure that Jupyter notebooks do not contain any cell output.
@@ -546,17 +582,22 @@ Check `docs/README.md` for local preview instructions and styling notes. The pag
 
 - Store every sample-owned KQL query in a dedicated `.kql` file under `samples/<sample-name>/queries/` rather than at the sample root or embedded inline in Python code. This keeps notebooks readable and lets users copy-paste the query directly into a Log Analytics or Azure Data Explorer query editor.
 - Resolve `.kql` files from the sample's `queries/` directory and load them with `Path.read_text()`:
+
   ```python
   from pathlib import Path
 
   kql_path = Path(utils.get_project_root()) / 'samples' / sample_folder / 'queries' / 'my-query.kql'
   kql_query = Path(kql_path).read_text(encoding='utf-8')
   ```
+
 - Parameterise KQL queries using native `let` bindings. Define parameters as `let` statements prepended to the query body at runtime, keeping the `.kql` file free of Python string interpolation:
+
   ```python
   kusto_query = f"let buName = '{bu_name}';\nlet threshold = {alert_threshold};\n{kql_template}"
   ```
+
 - In the `.kql` file, document available parameters in a comment header so users know which `let` bindings to supply:
+
   ```kql
   // Parameters (prepend as KQL 'let' bindings before running):
   //   let buName    = 'bu-hr';     // Business unit subscription ID
@@ -566,6 +607,7 @@ Check `docs/README.md` for local preview instructions and styling notes. The pag
   | summarize RequestCount = count()
   | where RequestCount > threshold
   ```
+
 - When executing KQL via `az rest` or `az monitor log-analytics query`, write the query body to a temporary JSON file and pass it with `--body @tempfile.json` to avoid shell pipe-character interpretation issues on Windows.
 
 ### Azure Monitor Workbook File Convention
@@ -584,6 +626,7 @@ Azure Monitor Workbook definitions stored in this repository must follow the **`
 Azure Monitor Workbook query items execute independently — there is no native mechanism to share a materialized table across query items. Apply the following patterns to minimise data scanned and improve workbook responsiveness:
 
 - **`materialize()` for multi-reference `let` bindings.** When a `let` binding is referenced more than once in the same query (e.g. once for a `toscalar(count)` and once for the main `summarize`), wrap it in `materialize()` so Log Analytics computes the base set once per query execution rather than scanning the underlying table twice.
+
   ```kql
   let logs = materialize(ApiManagementGatewayLogs
   | where TimeGenerated {TimeRange} and ApimSubscriptionId startswith 'bu-');
@@ -592,7 +635,9 @@ Azure Monitor Workbook query items execute independently — there is no native
   | summarize RequestCount = count() by ApimSubscriptionId
   | extend UsageShare = round(RequestCount * 100.0 / totalRequests, 2)
   ```
+
 - **Column-project before joins.** When joining two tables, add an explicit `| project` on both sides to carry only the columns that the downstream `summarize`/`extend`/`project` actually needs. Wide diagnostic tables like `ApiManagementGatewayLlmLog` contain many columns; projecting only the needed ones before the join reduces memory and network cost.
+
   ```kql
   ApiManagementGatewayLlmLog
   | where TimeGenerated {TimeRange} and TotalTokens > 0
@@ -604,6 +649,7 @@ Azure Monitor Workbook query items execute independently — there is no native
   ) on CorrelationId
   | summarize TotalTokens = sum(TotalTokens) by BusinessUnit
   ```
+
 - **Avoid duplicate queries across items.** If two workbook visualisations require identical data, consider whether they can share a single query item with different chart/table renderings, or whether the layout can be restructured to avoid scanning the same data twice. Workbook Merge items can combine two previously-computed result sets but cannot perform arbitrary re-aggregation.
 - **Keep the Workbook `timeContext` on each query item** rather than relying solely on the global parameter. This ensures Log Analytics can push down the time filter to the storage layer even when the parameter is complex.
 - **Prefer `summarize` close to the source.** Push `summarize` as early as possible in the pipeline to reduce the volume of rows flowing through subsequent operators.
diff --git a/.github/github-workflows.instructions.md b/.github/github-workflows.instructions.md
index 70ac5c6d..fc3ec27d 100644
--- a/.github/github-workflows.instructions.md
+++ b/.github/github-workflows.instructions.md
@@ -162,7 +162,7 @@ steps:
       COVERAGE_FILE: tests/.coverage-${{ matrix.python-version }}
 ```
 
-## Checklist Before Committing
+## Final Checklist Before Committing
 
 - [ ] All GitHub Actions use commit hashes (no version tags)
 - [ ] Triggers are explicitly defined (`on:`)
@@ -184,6 +184,7 @@ steps:
 **CRITICAL: Never use untrusted input directly in `run:` commands.**
 
 Untrusted input includes:
+
 - `${{ github.event.pull_request.title }}`
 - `${{ github.event.pull_request.body }}`
 - `${{ github.event.issue.title }}`
@@ -237,17 +238,20 @@ Untrusted input includes:
 **⚠️ EXTREMELY DANGEROUS: `pull_request_target` runs with write permissions to the base repository.**
 
 The `pull_request_target` trigger:
+
 - Runs in the context of the base branch (not the PR branch)
 - Has **write access** to the base repository
 - Has access to repository secrets
 - Can be triggered by anyone who can create a PR (including attackers)
 
 **When NOT to use:**
+
 - ❌ Never checkout code from the PR (`${{ github.event.pull_request.head.ref }}`)
 - ❌ Never execute code from the PR (tests, builds, scripts)
 - ❌ Never install dependencies from the PR's package files
 
 **When it's safe to use (rare cases):**
+
 - ✅ Commenting on PRs using `actions/github-script`
 - ✅ Labeling PRs based on metadata (not content)
 - ✅ Static analysis that doesn't execute PR code
@@ -296,11 +300,13 @@ jobs:
 **⚠️ NEVER use self-hosted runners on public repositories.**
 
 Risks:
+
 - Pull requests from forks can execute arbitrary code on your infrastructure
 - Runners may retain secrets or sensitive data between runs
 - Potential for persistent backdoors or data exfiltration
 
 **Guidelines:**
+
 - ✅ Use GitHub-hosted runners (`ubuntu-latest`, `windows-latest`, `macos-latest`) for public repos
 - ✅ Use self-hosted runners only on private repositories with strict access controls
 - ✅ If you must use self-hosted runners, isolate them completely (ephemeral containers)
@@ -310,6 +316,7 @@ Risks:
 **Best practices for handling secrets:**
 
 1. **Never log secrets:**
+
    ```yaml
    # ❌ WRONG: Secret appears in logs
    - name: Deploy
@@ -323,6 +330,7 @@ Risks:
    ```
 
 2. **Mask dynamic secrets:**
+
    ```yaml
    - name: Generate temporary token
      run: |
@@ -337,6 +345,7 @@ Risks:
    - Never trust fork PR code with write permissions or secrets access
 
 4. **Least privilege:**
+
    ```yaml
    # Only request secrets that are actually needed
    env:
@@ -371,6 +380,7 @@ Risks:
    - Update commit hashes when new versions are released
 
 5. **Example vetting process:**
+
    ```yaml
    # Good: Vetted, pinned, documented
    - name: Setup Python
diff --git a/.github/markdown.instructions.md b/.github/markdown.instructions.md
index 2c0ab5e3..43b9edf6 100644
--- a/.github/markdown.instructions.md
+++ b/.github/markdown.instructions.md
@@ -19,22 +19,25 @@ This document provides standards for Markdown files in the APIM Samples reposito
 **This is the most important rule.** Emoji variation selectors cause rendering and Markdown anchor link failures.
 
 ❌ **WRONG** — DO NOT DO THIS:
+
 ```markdown
 ## ✅ Prerequisites
 
-[Go to Prerequisites](#%EF%B8%8F-prerequisites)  <!-- Encoded emoji in link -->
+[Go to Prerequisites](#%EF%B8%8F-prerequisites) <!-- Encoded emoji in link -->
 ```
 
 ✅ **CORRECT** — DO THIS:
+
 ```markdown
 ## ✅ Prerequisites
 
-[Go to Prerequisites](#prerequisites)  <!-- Text only, no emoji encoding -->
+[Go to Prerequisites](#prerequisites) <!-- Text only, no emoji encoding -->
 ```
 
 **Why:** When you create an anchor link with an emoji in the heading, Markdown renders the emoji but the anchor reference gets URL-encoded (like `%EF%B8%8F`). The link then breaks because the actual anchor is just the text portion without the encoding.
 
 **The pattern:**
+
 - **Keep emojis in headings** for visual clarity — they're fine there
 - **Never include emojis in anchor link references** — always reference just the text
 - **When linking to a heading**, use only the text: `[Link text](#heading-text-only)`
@@ -44,10 +47,12 @@ This document provides standards for Markdown files in the APIM Samples reposito
 ## Formatting Standards
 
 ### Line Endings
+
 - Use **LF line endings only**, never CRLF
 - This applies to all files, including Windows development environments
 
 ### Quotes and Apostrophes
+
 - Use only straight quotes and apostrophes: `'` (U+0027) and `"` (U+0022)
 - Never use typographic/curly quotes: `'` `'` `"` `"`
 - Improves consistency across editors and platforms
@@ -66,19 +71,21 @@ Use one table style consistently within each table. Always include one space on
 **Prefer aligned tables** for short values. Pad cell values with spaces so that every `|` delimiter in a column lines up vertically.
 
 ❌ **WRONG** — misaligned columns:
+
 ```markdown
-| Name | Value |
-|---|---|
-| Short | 123 |
-| Very Long Name | 45 |
+| Name           | Value |
+| -------------- | ----- |
+| Short          | 123   |
+| Very Long Name | 45    |
 ```
 
 ✅ **CORRECT** — aligned columns:
+
 ```markdown
-| Name              | Value |
-| --- | --- |
-| Short             | 123   |
-| Very Long Name    | 45    |
+| Name           | Value |
+| -------------- | ----- |
+| Short          | 123   |
+| Very Long Name | 45    |
 ```
 
 Use the separator row (`---`, `:---:`, `---:`, etc.) to establish column widths, then align all subsequent rows to match.
@@ -86,10 +93,10 @@ Use the separator row (`---`, `:---:`, `---:`, etc.) to establish column widths,
 **Use compact tables** for prose-heavy content when alignment would create very long lines. Keep spaces around every pipe delimiter and use the same compact style for the header, separator, and each row.
 
 ```markdown
-| Name | Description |
-| --- | --- |
+| Name                  | Description                                                      |
+| --------------------- | ---------------------------------------------------------------- |
 | Simple API Management | Public API Management instance for learning and experimentation. |
-| Private Link | Private ingress for security-focused scenarios. |
+| Private Link          | Private ingress for security-focused scenarios.                  |
 ```
 
 ### Lists
@@ -113,6 +120,7 @@ When referencing files or line numbers in documentation:
 **Format:** `[display text](path/to/file.md)` or `[display text](path/to/file.md#L10)` for specific lines
 
 **Rules:**
+
 - Display text must match or describe the target
 - Use workspace-relative paths (no `file://` or `vscode://` schemes)
 - Encode spaces in the URL: `My File.md` → `My%20File.md`
@@ -121,6 +129,7 @@ When referencing files or line numbers in documentation:
 - Do NOT wrap file paths in backticks — they're already links
 
 ✅ **CORRECT:**
+
 ```markdown
 See [configuration guide](docs/configuration.md) for details.
 
@@ -130,6 +139,7 @@ Update [my config file](path/to/My%20Config.md) as needed.
 ```
 
 ❌ **WRONG:**
+
 ```markdown
 See `docs/configuration.md` for details.
 
@@ -151,12 +161,14 @@ See the `README.md#L10` file.
 ### README Files
 
 **Location & Naming:**
+
 - Root `README.md` - Main repository overview
 - `infrastructure/[name]/README.md` - Infrastructure architecture guide
 - `samples/[name]/README.md` - Sample documentation
 - `shared/` folders - Optional READMEs for component overview
 
 **Structure** (see `copilot-instructions.md` for detailed layouts):
+
 - Consistent heading hierarchy and emoji usage across similar documents
 - Badges for runtime, supported services, prerequisites
 - Clear sections: Objectives, Scenario, Lab Components, Configuration, Results, Clean Up, Links
@@ -165,11 +177,13 @@ See the `README.md#L10` file.
 ### Instruction Files
 
 **Location & Naming:**
+
 - Language-specific: `.github/[language].instructions.md` (e.g., `python.instructions.md`, `markdown.instructions.md`)
 - Topic-specific: `.github/markdown.instructions.md` (e.g., for Markdown formatting)
 - General: `.github/copilot-instructions.md`
 
 **Metadata Block:**
+
 ```markdown
 ---
 applyTo: "**/*.md"
@@ -190,13 +204,13 @@ Structured guides for domain-specific tasks (Bicep, Python policies, sample crea
 
 ## When to Use Markdown Files
 
-| File Type | When | Example |
-| --- | --- | --- |
-| README | Document a folder/project | `infrastructure/simple-apim/README.md` |
-| CONTRIBUTING | Contribution process | Root `CONTRIBUTING.md` |
-| Instructions | Copilot guidance | `.github/bicep.instructions.md` |
-| Skill Guide | Domain expertise | `.github/skills/sample-creator/SKILL.md` |
-| Index/Navigation | Landing pages, TOCs | `samples/README.md` listing all samples |
+| File Type        | When                      | Example                                  |
+| ---------------- | ------------------------- | ---------------------------------------- |
+| README           | Document a folder/project | `infrastructure/simple-apim/README.md`   |
+| CONTRIBUTING     | Contribution process      | Root `CONTRIBUTING.md`                   |
+| Instructions     | Copilot guidance          | `.github/bicep.instructions.md`          |
+| Skill Guide      | Domain expertise          | `.github/skills/sample-creator/SKILL.md` |
+| Index/Navigation | Landing pages, TOCs       | `samples/README.md` listing all samples  |
 
 ---
 
@@ -227,12 +241,13 @@ Structured guides for domain-specific tasks (Bicep, Python policies, sample crea
 - Use reference-style links at the bottom for multiple references to the same target
 - Remove reference-style link definitions when their final usage is removed. Unused definitions fail `MD053`.
 - Example:
-  ```markdown
-  See the [setup guide][setup] and [troubleshooting][troubleshooting] pages.
 
-  [setup]: docs/setup.md
-  [troubleshooting]: docs/troubleshooting.md
-  ```
+    ```markdown
+    See the [setup guide][setup] and [troubleshooting][troubleshooting] pages.
+
+    [setup]: docs/setup.md
+    [troubleshooting]: docs/troubleshooting.md
+    ```
 
 - Link within README sections using anchor links: `[Jump to section](#section-name)`
 
@@ -264,17 +279,17 @@ Structured guides for domain-specific tasks (Bicep, Python policies, sample crea
 
 ## Common Issues and Fixes
 
-| Issue | Cause | Fix |
-| --- | --- | --- |
-| Markdownlint failure | Markdown does not meet the configured lint rules | Fix every reported violation and rerun markdownlint |
-| Anchor links break | Emoji in heading + encoded in link | Remove emoji from link reference: `[text](#heading-only)` |
-| Tables misaligned | Mixed table styles or missing spaces around pipes | Use one consistent aligned or compact style and write separator rows as `\| --- \| --- \|` |
-| Sections run together | Missing or repeated blank lines | Use exactly one blank line around headings, tables, lists, and fences |
-| Code fence warning | Missing fence language | Add the appropriate language, or use `text` for plain output |
-| List indentation warning | Inconsistent nesting or ordered prefixes | Use two spaces per unordered nesting level and `1.` for ordered items |
-| Inline HTML warning | HTML used where Markdown is sufficient | Prefer native Markdown; add a local `MD033` exception only for required HTML behavior |
-| Unused reference warning | Link definition remains after its final usage was removed | Delete the unused reference definition |
-| File links broken | Wrong path or encoded characters | Use relative paths, encode spaces: `My%20File.md` |
-| Symbols not highlighted | Missing backticks | Wrap in backticks: `symbolName` |
-| Line ending issues | Mixed CRLF/LF | Ensure all `.md` files use LF only |
-| Rendering issues | Curly quotes | Use straight quotes: `'` and `"` only |
+| Issue                    | Cause                                                     | Fix                                                                                        |
+| ------------------------ | --------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
+| Markdownlint failure     | Markdown does not meet the configured lint rules          | Fix every reported violation and rerun markdownlint                                        |
+| Anchor links break       | Emoji in heading + encoded in link                        | Remove emoji from link reference: `[text](#heading-only)`                                  |
+| Tables misaligned        | Mixed table styles or missing spaces around pipes         | Use one consistent aligned or compact style and write separator rows as `\| --- \| --- \|` |
+| Sections run together    | Missing or repeated blank lines                           | Use exactly one blank line around headings, tables, lists, and fences                      |
+| Code fence warning       | Missing fence language                                    | Add the appropriate language, or use `text` for plain output                               |
+| List indentation warning | Inconsistent nesting or ordered prefixes                  | Use two spaces per unordered nesting level and `1.` for ordered items                      |
+| Inline HTML warning      | HTML used where Markdown is sufficient                    | Prefer native Markdown; add a local `MD033` exception only for required HTML behavior      |
+| Unused reference warning | Link definition remains after its final usage was removed | Delete the unused reference definition                                                     |
+| File links broken        | Wrong path or encoded characters                          | Use relative paths, encode spaces: `My%20File.md`                                          |
+| Symbols not highlighted  | Missing backticks                                         | Wrap in backticks: `symbolName`                                                            |
+| Line ending issues       | Mixed CRLF/LF                                             | Ensure all `.md` files use LF only                                                         |
+| Rendering issues         | Curly quotes                                              | Use straight quotes: `'` and `"` only                                                      |
diff --git a/.github/python.instructions.md b/.github/python.instructions.md
index 97370330..2e57946f 100644
--- a/.github/python.instructions.md
+++ b/.github/python.instructions.md
@@ -68,6 +68,7 @@ This ensures all code changes comply with the project's linting standards from t
   - Good: `from console import print_error, print_val`
   - Bad: `from console import (print_error, print_val)`
   - Good (multi-line):
+
     ```python
     from console import (
         print_error,
@@ -75,6 +76,7 @@ This ensures all code changes comply with the project's linting standards from t
         print_ok
     )
     ```
+
 - Order within APIM Samples imports section:
   1. Module imports with aliases (e.g., `import azure_resources as az`)
   2. Specific type/constant imports (e.g., `from apimtypes import INFRASTRUCTURE`)
@@ -86,8 +88,8 @@ Before completing any Python code changes, verify:
 
 - All ruff warnings and errors are resolved (`ruff check <file>`)
   - Ruff rules cover these, but we don't see `pyproject.toml` being added to context. Therefore, please pay special attention to these common occurrences:
-      - No trailing whitespace
-      - No assertion of empty strings in tests (use `assert not`)
+    - No trailing whitespace
+    - No assertion of empty strings in tests (use `assert not`)
 - Code follows PEP 8 and the style guidelines in this file
 - Import statements for modules within this repo are placed last in the imports and are grouped with the `# APIM Samples imports` header
 - Type hints are present where appropriate
diff --git a/.github/skills/apim-bicep/SKILL.md b/.github/skills/apim-bicep/SKILL.md
index abbc5c51..b03062d1 100644
--- a/.github/skills/apim-bicep/SKILL.md
+++ b/.github/skills/apim-bicep/SKILL.md
@@ -51,7 +51,7 @@ output principalId string = apimService.identity.principalId
 ## Resource Types Reference
 
 | Resource Type | API Version | Purpose |
-|---------------|-------------|---------|
+| --- | --- | --- |
 | `Microsoft.ApiManagement/service` | `2024-06-01-preview` | APIM service instance |
 | `Microsoft.ApiManagement/service/apis` | `2024-06-01-preview` | API definitions |
 | `Microsoft.ApiManagement/service/apis/operations` | `2024-06-01-preview` | API operations |
diff --git a/.github/skills/apim-policies/SKILL.md b/.github/skills/apim-policies/SKILL.md
index 3d7c8ed1..441ae2bc 100644
--- a/.github/skills/apim-policies/SKILL.md
+++ b/.github/skills/apim-policies/SKILL.md
@@ -60,7 +60,7 @@ When a custom backend policy is not needed, keep `<base />` as the only direct c
 ## Policy Categories Quick Reference
 
 | Category | Common Policies | Section |
-|----------|-----------------|---------|
+| --- | --- | --- |
 | **Authentication** | `authentication-managed-identity`, `validate-azure-ad-token`, `validate-jwt` | inbound |
 | **Rate Limiting** | `rate-limit-by-key`, `quota-by-key` | inbound |
 | **Caching** | `cache-lookup`, `cache-store` | inbound/outbound |
@@ -220,7 +220,7 @@ Before using a type or member in a policy expression, verify it appears on the o
 When a member you need is not allowed, refactor to an equivalent that is. Examples:
 
 | Disallowed | Allowed replacement |
-|---|---|
+| --- | --- |
 | `DateTime.TryParse(s, ..., DateTimeStyles.RoundtripKind, out dt)` | Store as Unix epoch via `DateTimeOffset.UtcNow.ToUnixTimeSeconds()`, parse with `long.TryParse` |
 | `DateTime.ParseExact(s, fmt, CultureInfo.InvariantCulture)` | `DateTime.Parse(s)` (allowed) or epoch-based representation |
 | `Enum.GetValues(typeof(T))` | Hard-code the comparison values or store as a string |
diff --git a/.github/skills/sample-creator/SKILL.md b/.github/skills/sample-creator/SKILL.md
index 10aa9b68..95bf3257 100644
--- a/.github/skills/sample-creator/SKILL.md
+++ b/.github/skills/sample-creator/SKILL.md
@@ -11,7 +11,7 @@ This skill guides creating new APIM samples that follow the repository's establi
 
 Every sample under `samples/` must contain these files:
 
-```
+```text
 samples/<sample-name>/
 ├── README.md              (documentation)
 ├── create.ipynb           (Jupyter notebook for deployment)
@@ -36,7 +36,8 @@ Before creating the sample, collect:
    - `INFRASTRUCTURE.APPGW_APIM` - Application Gateway + APIM
    - `INFRASTRUCTURE.APPGW_APIM_PE` - Application Gateway + APIM with Private Endpoint
    - `INFRASTRUCTURE.SIMPLE_APIM` - Basic APIM setup
-    - If the user has not provided supported infrastructures, ask before scaffolding the sample.
+
+    If the user has not provided supported infrastructures, ask before scaffolding the sample.
 5. **Learning objectives** - What users will learn (3-5 bullet points)
 6. **APIs to create** - List of APIs with operations, paths, and policies
 7. **Policy requirements** - Any custom APIM policies needed
@@ -441,7 +442,7 @@ api = API(
 Available infrastructure types:
 
 | Constant | Description |
-|----------|-------------|
+| --- | --- |
 | `INFRASTRUCTURE.AFD_APIM_PE` | Azure Front Door + APIM with Private Endpoint |
 | `INFRASTRUCTURE.APIM_ACA` | APIM with Azure Container Apps |
 | `INFRASTRUCTURE.APPGW_APIM` | Application Gateway + APIM |
diff --git a/.markdownlint-cli2.jsonc b/.markdownlint-cli2.jsonc
new file mode 100644
index 00000000..ebd1c661
--- /dev/null
+++ b/.markdownlint-cli2.jsonc
@@ -0,0 +1,8 @@
+{
+  "config": {
+    "MD013": false,
+    "MD024": {
+      "siblings_only": true
+    }
+  }
+}
diff --git a/.vscode/APIM-POLICY-CONFIG.md b/.vscode/APIM-POLICY-CONFIG.md
index 0011dcd8..90b42ec8 100644
--- a/.vscode/APIM-POLICY-CONFIG.md
+++ b/.vscode/APIM-POLICY-CONFIG.md
@@ -18,15 +18,18 @@ The following extensions are required for optimal APIM policy development:
 ## Key Configuration Settings
 
 ### XML Validation
+
 ```json
 "xml.validation.enabled": true,
 "xml.validation.namespaces.enabled": "never",
 "xml.validation.schema.enabled": "never"
 ```
+
 - Enables basic XML syntax validation but disables strict schema and namespace validation
 - Prevents false errors on APIM-specific elements and C# expressions
 
 ### File Associations
+
 ```json
 "files.associations": {
     "*.xml": "xml",
@@ -36,10 +39,12 @@ The following extensions are required for optimal APIM policy development:
     "hr_*.xml": "xml"
 }
 ```
+
 - Ensures all APIM policy files are treated as XML
 - Covers policy fragments (pf-*.xml) and sample files
 
 ### Validation Filters
+
 ```json
 "xml.validation.filters": [
     {
@@ -52,14 +57,17 @@ The following extensions are required for optimal APIM policy development:
     }
 ]
 ```
+
 - Suppresses "no grammar" warnings for APIM policy files
 - Allows VS Code to provide formatting and basic syntax checking without schema validation errors
 
 ### APIM-Specific Settings
+
 ```json
 "azureApiManagement.policies.validateSyntax": true,
 "azureApiManagement.policies.showCodeLens": true
 ```
+
 - Enables APIM extension's built-in policy syntax validation
 - Shows code lens information for policy elements
 
@@ -81,6 +89,7 @@ APIM policies often contain C# expressions within XML attributes and content. Th
 - Provides basic bracket matching for C# code
 
 Example C# expression in APIM policy:
+
 ```xml
 <set-variable name="authz_roles" value="{{HRAdministratorRoleId}},{{HRAssociateRoleId}}" />
 <when condition="@(((Jwt)context.Variables[&quot;jwt&quot;]).Claims[&quot;roles&quot;].Contains(context.Variables[&quot;authz_roles&quot;]))">
@@ -100,19 +109,25 @@ The configuration recognizes and provides support for common APIM policy element
 ## Troubleshooting
 
 ### Schema Validation Errors
+
 If you see schema validation errors:
+
 1. Check that `xml.validation.schema.enabled` is set to `"never"`
 2. Verify the validation filters are correctly configured
 3. Ensure the APIM extension is installed and enabled
 
 ### Missing Intellisense
+
 If you're not getting XML completion:
+
 1. Verify the file is recognized as XML (check the language mode in the status bar)
 2. Ensure `xml.completion.autoCloseTags` is enabled
 3. Check that the file associations are correctly configured
 
 ### C# Expression Errors
+
 If C# expressions in policies show errors:
+
 - This is normal - VS Code cannot fully validate C# within XML context
 - The APIM extension provides the actual validation
 - Use the APIM test console for runtime validation

From 101ce55d9dd85fee1d88e81141b62ea1b4478732 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 11:24:44 -0400
Subject: [PATCH 10/31] Fix assertion

---
 tests/python/test_inference_failover.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 98d01569..6df8827a 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -104,8 +104,6 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
     retry_condition = retry.attrib['condition']
     terminal_condition = policy_root.find('outbound/choose/when').attrib['condition']
     transport_condition = policy_root.find('on-error/choose/when').attrib['condition']
-    assert 'authentication-managed-identity' in api_policy
-    assert 'https://cognitiveservices.azure.com' in api_policy
     assert 'count="RETRY_COUNT"' in api_policy
     assert 'api-key' not in api_policy
     assert all(f'StatusCode == {status_code}' in retry_condition for status_code in (409, 429, 500, 502, 503, 504))
@@ -132,6 +130,15 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
     assert not (SAMPLE_PATH / 'inference-api-policy.xml').exists()
 
 
+def test_inference_policy_uses_exact_managed_identity_resource() -> None:
+    """Require the exact Cognitive Services resource in the parsed policy structure."""
+    policy_root = ElementTree.fromstring(POLICY_PATH.read_text(encoding='utf-8'))
+    managed_identity = policy_root.find('inbound/authentication-managed-identity')
+
+    assert managed_identity is not None
+    assert managed_identity.attrib['resource'] == 'https://cognitiveservices.azure.com'
+
+
 def test_inference_policy_decisions_cover_every_documented_status() -> None:
     """Lock retry and terminal-failover decisions for every response-matrix row."""
     policy_root = ElementTree.fromstring(POLICY_PATH.read_text(encoding='utf-8'))

From 96133849673aab5ea4096d21a5afe6478915c3b9 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 11:29:05 -0400
Subject: [PATCH 11/31] Refine AI backend instructions

---
 .github/agents/apim-sample-publisher.agent.md | 11 ++++++-----
 samples/inference-failover/README.md          |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/.github/agents/apim-sample-publisher.agent.md b/.github/agents/apim-sample-publisher.agent.md
index 6e286a0e..59eb9c95 100644
--- a/.github/agents/apim-sample-publisher.agent.md
+++ b/.github/agents/apim-sample-publisher.agent.md
@@ -63,9 +63,10 @@ Treat search visibility as a publication criterion, not as optional polish. Revi
    - Remote, session, sleep, clock, or command boundaries are injectable where deterministic tests require them.
    - Actively edited sample-local modules use module-qualified imports and selective autoreload, not broad autoreload.
 6. Confirm every sample-local helper has focused tests under `tests/python/test_<sample>_helpers.py` covering meaningful success, failure, malformed-input, and cleanup paths without live Azure access. Target at least 95% coverage for changed helper modules.
-7. Validate sample-owned structured files. Parse JSON and notebooks, check XML well-formedness, review APIM policy expressions against the allowed policy-expression surface, and compile or lint Bicep when the toolchain is available.
-8. Confirm sample-owned APIM policy XML is under `apim-policies/` and KQL is under `queries/`. For migrations, verify every notebook, helper, Bicep, test, script, and documentation reference, including canonical-directory lookup, temporary root-level policy fallback, explicit paths, auto-detection, and missing-file behavior.
-9. Run the combined Python quality checks from the repository root:
+7. For multi-model inference samples, confirm that every model uses model-specific APIM backends as well as a model-specific backend pool. APIM tracks circuit-breaker state at the backend resource, so sharing a backend across models can allow a `429` or another configured failure from one model to suppress traffic to an otherwise healthy model.
+8. Validate sample-owned structured files. Parse JSON and notebooks, check XML well-formedness, review APIM policy expressions against the allowed policy-expression surface, and compile or lint Bicep when the toolchain is available.
+9. Confirm sample-owned APIM policy XML is under `apim-policies/` and KQL is under `queries/`. For migrations, verify every notebook, helper, Bicep, test, script, and documentation reference, including canonical-directory lookup, temporary root-level policy fallback, explicit paths, auto-detection, and missing-file behavior.
+10. Run the combined Python quality checks from the repository root:
 
    ```powershell
    .\tests\python\check_python.ps1
@@ -75,8 +76,8 @@ Treat search visibility as a publication criterion, not as optional polish. Revi
    ./tests/python/check_python.sh
    ```
 
-10. Run markdownlint on all changed Markdown files and require zero violations. Fix violations instead of disabling rules unless a narrowly scoped suppression is necessary and documented.
-11. Export the self-contained presentation and treat warnings about missing images as failures to investigate:
+11. Run markdownlint on all changed Markdown files and require zero violations. Fix violations instead of disabling rules unless a narrowly scoped suppression is necessary and documented.
+12. Export the self-contained presentation and treat warnings about missing images as failures to investigate:
 
    ```bash
    uv run python setup/export_presentation.py
diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
index 17265cdd..a23fd154 100644
--- a/samples/inference-failover/README.md
+++ b/samples/inference-failover/README.md
@@ -96,7 +96,7 @@ This lab adds the following to an existing APIM infrastructure:
 
 - Three regional Azure OpenAI resources containing nine `Standard` model deployments at `1` thousand TPM each.
 - Nine concrete APIM backends named using `<model>-<PTU|PAYG>-<region>`, each with TLS validation and separate circuit breakers for capacity, sustained internal errors, and immediate gateway or availability failures.
-- One APIM backend pool per model so a retry never crosses to an incompatible deployment.
+- Model-specific APIM backends and one backend pool per model, so a retry never crosses to an incompatible deployment and circuit-breaker state remains isolated. APIM tracks circuit-breaker state at the backend resource; if models shared a backend, a `429` or another configured failure from one model could suppress traffic to a healthy model on that same backend.
 - Two AI Gateway APIs with managed identity authentication to Azure OpenAI: `POST /inference/gpt-5-1/chat/completions` retries four times through A -> D -> B -> E/G (equal terminal weights), while `POST /inference/gpt-4-1-mini/chat/completions` retries three times through C -> F -> D -> H.
 
 - Model-specific retry policies that buffer the POST body while immediately retrying conditional conflicts, throttling, and listed infrastructure failures; emit an information-level trace after every backend attempt; always return the caller-visible `X-Backend-Retry` count; preserve exhausted `409` and `429` responses; and return a generic `503` when infrastructure failover is exhausted.

From e2555157fbc510206810807f3eaaa19dc4f75240 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 14:27:42 -0400
Subject: [PATCH 12/31] Hone the circuit breaker setup

---
 samples/inference-failover/README.md          |  42 ++---
 .../apim-policies/inference-api-policy.xml    |  49 +++---
 samples/inference-failover/create.ipynb       | 144 +-----------------
 .../inference_failover_helpers.py             |  94 ++++++++++++
 samples/inference-failover/main.bicep         |  33 +---
 tests/python/test_inference_failover.py       |  61 +++++---
 .../python/test_inference_failover_helpers.py |  69 +++++++++
 7 files changed, 255 insertions(+), 237 deletions(-)

diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
index a23fd154..f7a4022e 100644
--- a/samples/inference-failover/README.md
+++ b/samples/inference-failover/README.md
@@ -30,23 +30,23 @@ An AI platform prefers provisioned capacity tiers across its available regions b
 
 ### Response Handling Rules
 
-The inference policy uses the following response-handling matrix. "Failover" means returning the sample's generic caller-facing `503` after the eligible regional retry chain is exhausted; it is distinct from shifting an individual retry to another region.
-
-| Code | Category | Retry     | Shift Region | Failover           | Severity |
-| ---- | -------- | --------- | ------------ | ------------------ | -------- |
-| 200  | Success  | N/A       | No           | No                 | None     |
-| 400  | Client   | No        | No           | No                 | Low      |
-| 401  | Auth     | No        | No           | No                 | Medium   |
-| 403  | AuthZ    | No        | No           | No                 | Medium   |
-| 404  | Config   | No        | No           | No                 | Medium   |
-| 409  | Conflict | Sometimes | No           | No                 | Medium   |
-| 429  | Capacity | Yes       | Yes (bias)   | No                 | Medium   |
-| 500  | Infra    | Yes       | Yes          | Yes (if sustained) | High     |
-| 502  | Infra    | Yes       | Yes          | Yes                | High     |
-| 503  | Infra    | Yes       | Yes          | Yes                | High     |
-| 504  | Infra    | Yes       | Yes          | Yes                | High     |
-
-The policy interprets "Sometimes" as a `409` carrying `Retry-After`: APIM retries it immediately against the selected backend but does not open that backend's circuit or intentionally shift region. A `429` opens the capacity circuit, and `Retry-After` biases subsequent pool selection away from the constrained backend; if every eligible attempt still returns `429`, APIM preserves that response instead of converting it to failover. A `500` becomes a regional failover signal only after two occurrences within one minute, while `502`, `503`, and `504` open the infrastructure circuit immediately. After the regional chain is exhausted, those infrastructure responses become a generic caller-facing `503`.
+The inference policy uses the following response-handling matrix. "Trip Breaker" applies to the backend that returned the response. "Caller Codes" lists the recovery code first and the exhausted terminal code second when both are possible.
+
+| Backend Code | Trip Breaker | Retry | Caller Codes | Category | Severity | Handling |
+| --- | --- | --- | --- | --- | --- | --- |
+| 200 | - | - | 200 | Success | None | Return the successful response. |
+| 400 | No | No | 400 | Client | Low | Return unchanged; may indicate an invalid request or content filtering. |
+| 401 | No | No | 401 | Auth | Medium | Return unchanged; correct backend authentication. |
+| 403 | No | No | 403 | AuthZ | Medium | Return unchanged; correct backend authorization. |
+| 404 | No | No | 404 | Config | Medium | Return unchanged; correct the backend URL or deployment name. |
+| 408 | No | No | 408 | Timeout | Medium | Return the explicit HTTP timeout; transport timeouts have no response. |
+| 409 | No | Sometimes | 200 or 409 | Conflict | Medium | Retry only when `Retry-After` marks the conflict as transient. |
+| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Honor `Retry-After` and retry another eligible backend; preserve an exhausted `429`. |
+| 500 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
+| 502 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
+| 503 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
+| 504 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
+| null | No | Yes | 200 or 503 | Transport | High | Retry after no backend response; normalize handled transport failures to `503`. |
 
 ### Failure Test Coverage
 
@@ -61,10 +61,10 @@ The notebook runs deterministic gateway contract probes before its capacity scen
 | `404` | Yes | Call an unknown APIM operation. For a backend-side variant, temporarily target a nonexistent model deployment in an isolated backend. | `404` and no retry. |
 | `409` without `Retry-After` | No | Use a local fault server, Mockoon, WireMock, or a temporary Container App that returns `409` without the header. | One attempt; caller keeps `409`. |
 | `409` with `Retry-After` | No | Return `409` plus `Retry-After: 1` from the controlled fault origin. | Retry count increases, but the backend circuit does not open. |
-| `429` | Yes, workload-dependent | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin. | Regional selection is biased; exhausted capacity remains `429`. |
-| `500` | No | Return `500` twice within one minute, then recover. | First response is retryable; sustained failures open the circuit and can exhaust as generic `503`. |
-| `502` | No | Return an explicit `502` from the controlled fault origin. | Immediate infrastructure circuit trip and regional retry. |
-| `503` | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin. | Immediate regional retry; exhausted chain becomes generic `503`. |
+| `429` | Yes, workload-dependent | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin. | Backend selection avoids the constrained backend; exhausted capacity remains `429`. |
+| `500` | No | Return an explicit `500` from the controlled fault origin. | Immediate circuit trip and backend failover; an exhausted chain becomes generic `503`. |
+| `502` | No | Return an explicit `502` from the controlled fault origin. | Immediate circuit trip and backend failover. |
+| `503` | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin. | Immediate backend failover; an exhausted chain becomes generic `503`. |
 | `504` | No | Return an explicit `504`; separately delay the origin beyond the APIM forwarding timeout to test transport timeout behavior. | HTTP `504` trips the circuit; timeout produces no backend HTTP response but is retried and normalized to `503`. |
 | DNS/connection failure | No | Point one isolated backend at a reserved nonexistent host such as `https://unresolvable.invalid`. | `BackendConnectionFailure`, retries, then generic `503` if all destinations fail. |
 | TLS failure | No | Point an isolated backend at a host with an expired certificate or a certificate-name mismatch while TLS validation remains enabled. | Backend connection failure, retries, and no certificate detail disclosed to the caller. |
diff --git a/samples/inference-failover/apim-policies/inference-api-policy.xml b/samples/inference-failover/apim-policies/inference-api-policy.xml
index 849ffd56..b895315c 100644
--- a/samples/inference-failover/apim-policies/inference-api-policy.xml
+++ b/samples/inference-failover/apim-policies/inference-api-policy.xml
@@ -5,34 +5,23 @@
     Managed identity authentication is applied after pool selection, so every selected
     Azure OpenAI backend receives a bearer token rather than an API key.
 
-    Response handling matrix:
+    HTTP Response Code handling matrix:
 
-    Code  Category  Retry      Shift Region  Failover           Severity
-    200   Success   N/A        No            No                 None
-    400   Client    No         No            No                 Low
-    401   Auth      No         No            No                 Medium
-    403   AuthZ     No         No            No                 Medium
-    404   Config    No         No            No                 Medium
-    409   Conflict  Sometimes  No            No                 Medium
-    429   Capacity  Yes        Yes (bias)    No                 Medium
-    500   Infra     Yes        Yes           Yes (if sustained) High
-    502   Infra     Yes        Yes           Yes                High
-    503   Infra     Yes        Yes           Yes                High
-    504   Infra     Yes        Yes           Yes                High
-
-    "Sometimes" means that 409 is retried only when the backend supplies Retry-After.
-    The 409 response does not trip a circuit breaker, so the retry stays on the selected
-    backend rather than intentionally shifting region. A 429 trips the capacity breaker;
-    Retry-After biases APIM away from that backend, but an exhausted 429 remains a 429.
-    A 500 must be sustained before its circuit opens. A 502, 503, or 504 opens the
-    infrastructure breaker immediately. Exhausted infrastructure failures are normalized
-    to a generic 503 without exposing backend identity.
-
-    A null backend response is not an HTTP status. It represents an APIM-to-backend
-    transport failure such as DNS resolution, connection establishment, or timeout.
-    Those failures are retryable and exhausted forward-request connection/timeouts are
-    normalized to the same generic 503. A caller disconnect is different: changing the
-    backend URL cannot simulate it because the broken connection is on the caller side.
+    Backend  Trip Breaker  Retry      Frontend    Category   Severity  Handling
+    ================================================================================================================================================
+    200      -             -          200         Success    None      Return the successful response.
+    400      No            No         400         Client     Low       Return unchanged; may indicate an invalid request or content filtering.
+    401      No            No         401         Auth       Medium    Return unchanged; correct backend authentication.
+    403      No            No         403         AuthZ      Medium    Return unchanged; correct backend authorization.
+    404      No            No         404         Config     Medium    Return unchanged; correct the backend URL or deployment name.
+    408      No            No         408         Timeout    Medium    Return the explicit HTTP timeout; transport timeouts have no response.
+    409      No            Sometimes  200 or 409  Conflict   Medium    Retry only when Retry-After marks the conflict as transient.
+    429      Yes           Yes        200 or 429  Capacity   Medium    Honor Retry-After and retry another eligible backend; preserve exhausted 429.
+    500      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
+    502      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
+    503      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
+    504      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
+    null     No            Yes        200 or 503  Transport  High      Retry after no backend response; normalize handled transport failures to 503.
 -->
 <policies>
     <inbound>
@@ -56,7 +45,7 @@
         </trace>
     </inbound>
     <backend>
-        <!-- Match the load-balancing sample: retry immediately and let the backend pool's circuit breakers control regional selection. -->
+        <!-- Match the load-balancing sample: retry immediately and let the backend pool's circuit breakers control backend selection. -->
         <!-- Retry a null response because APIM could not obtain any HTTP response from the backend. -->
         <!-- Retry 409 only when Retry-After explicitly marks it as transient. Retry all capacity and listed infrastructure failures. -->
         <retry count="RETRY_COUNT" interval="0" first-fast-retry="true" condition="@(context.Response == null || (context.Response.StatusCode == 409 &amp;&amp; context.Response.Headers.ContainsKey(&quot;Retry-After&quot;)) || context.Response.StatusCode == 429 || context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504)">
@@ -84,8 +73,8 @@
             <metadata name="BackendResponseCode" value='@(context.Response == null ? "none" : context.Response.StatusCode.ToString())' />
         </trace>
         <choose>
-            <!-- A terminal 409 or 429 is returned unchanged because the matrix does not classify it as failover. -->
-            <!-- Reaching this branch means the listed infrastructure failures persisted through the regional retry chain. -->
+            <!-- A terminal 409 or 429 is returned unchanged because the matrix does not normalize it to 503. -->
+            <!-- Reaching this branch means the listed infrastructure failures persisted through the eligible backend chain. -->
             <when condition="@(context.Response != null &amp;&amp; (context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504))">
                 <trace source="InferenceFailover" severity="error">
                     <message>@("InferenceFallbackExhausted|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + context.Response.StatusCode.ToString())</message>
diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index 37fcb822..a65200c2 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -573,26 +573,12 @@
     "    raise SystemExit(1)\n",
     "\n",
     "\n",
-    "def format_request_count(count: int) -> str:\n",
-    "    \"\"\"Return a request count with the grammatically correct noun.\"\"\"\n",
-    "    noun = 'request' if count == 1 else 'requests'\n",
-    "    return f'{count} {noun}'\n",
-    "\n",
-    "\n",
-    "def format_backend_url_counts(api_results):\n",
-    "    \"\"\"Return a compact distribution summary from captured `X-Backend-URL` values.\"\"\"\n",
-    "    backend_url_counts = {}\n",
-    "    for result in api_results:\n",
-    "        backend_url = result['backend_url']\n",
-    "        backend_url_counts[backend_url] = backend_url_counts.get(backend_url, 0) + 1\n",
-    "    return '\\n'.join(f'- {backend_url}: {format_request_count(count)}' for backend_url, count in sorted(backend_url_counts.items()))\n",
-    "\n",
-    "\n",
     "def display_scenario_context(title: str, explanation: str) -> None:\n",
     "    \"\"\"Render a short explanation immediately before scenario charts.\"\"\"\n",
     "    display(Markdown(f'#### {title}\\n\\n{explanation}'))\n",
     "\n",
     "\n",
+    "format_backend_url_counts = inference_failover_helpers.format_backend_url_counts\n",
     "apim_source_region = rg_location.name.replace('_', ' ').title().replace(' Us', ' US').replace(' Uk', ' UK')\n",
     "gpt_5_1_backend_labels = {\n",
     "    0: 'Priority 1 / Weight 100: PTU (East US 2)',\n",
@@ -739,7 +725,7 @@
     "        'The average response time is calculated excluding statistical outliers above the 95th percentile.'\n",
     "    ),\n",
     "    backend_labels = gpt_5_1_backend_labels,\n",
-    ").plot()"
+    ").plot()\n"
    ]
   },
   {
@@ -904,17 +890,6 @@
     "Create a self-contained local HTML report with test totals, scenario outcomes, response-time graphs, telemetry tables, and telemetry graphs. The closing cell prints a link to the generated file."
    ]
   },
-  {
-   "cell_type": "code",
-   "execution_count": null,
-   "id": "0eca8e66",
-   "metadata": {},
-   "outputs": [],
-   "source": [
-    "get_backend_index = inference_failover_helpers.get_backend_index\n",
-    "with_backend_identifier = inference_failover_helpers.with_backend_identifier"
-   ]
-  },
   {
    "cell_type": "code",
    "execution_count": null,
@@ -922,9 +897,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "from collections import Counter\n",
     "from pathlib import Path\n",
-    "import importlib\n",
     "import tempfile\n",
     "\n",
     "import matplotlib.pyplot as plt\n",
@@ -934,118 +907,11 @@
     "import htmlreport\n",
     "from console import print_ok, print_warning\n",
     "\n",
-    "importlib.reload(htmlreport)\n",
-    "\n",
     "if 'gpt_5_1_backend_labels' not in locals():\n",
     "    print_warning('Please run the scenario chart cell first')\n",
     "    raise SystemExit(1)\n",
     "\n",
     "\n",
-    "def get_priority_and_weight(backend_index: int, backend_labels: dict[int, str]) -> tuple[int, int]:\n",
-    "    \"\"\"Return the routing priority and weight encoded in a backend legend label.\"\"\"\n",
-    "    route_label = backend_labels[backend_index].split(':', maxsplit=1)[0]\n",
-    "    priority_label, weight_label = route_label.split(' / ', maxsplit=1)\n",
-    "    return int(priority_label.removeprefix('Priority ')), int(weight_label.removeprefix('Weight '))\n",
-    "\n",
-    "\n",
-    "def summarize_scenario(\n",
-    "    test_id: str,\n",
-    "    title: str,\n",
-    "    api_results: list[dict],\n",
-    "    backend_url_index: dict[str, int],\n",
-    "    backend_labels: dict[int, str],\n",
-    ") -> list[object]:\n",
-    "    \"\"\"Return one compact report row with routing statistics and interpretation.\"\"\"\n",
-    "    total_requests = len(api_results)\n",
-    "    if not total_requests:\n",
-    "        return ['', test_id, title, 0, 0, 0, 'None', 'No requests', 'No scenario requests were captured.']\n",
-    "\n",
-    "    status_counts = Counter(result['status_code'] for result in api_results)\n",
-    "    retry_counts = Counter(result['backend_retry'] for result in api_results)\n",
-    "    backend_indexes = [get_backend_index(result['backend_url'], backend_url_index) for result in api_results]\n",
-    "    priority_weight_counts = Counter(\n",
-    "        get_priority_and_weight(index, backend_labels)\n",
-    "        for index in backend_indexes\n",
-    "        if index in backend_labels\n",
-    "    )\n",
-    "    priority_counts = Counter()\n",
-    "    weights_by_priority: dict[int, list[str]] = {}\n",
-    "    for (priority, weight), count in sorted(priority_weight_counts.items()):\n",
-    "        priority_counts[priority] += count\n",
-    "        weights_by_priority.setdefault(priority, []).append(f'W{weight}: {count} ({count / total_requests:.1%})')\n",
-    "    routed_requests = sum(priority_counts.values())\n",
-    "    unresolved_requests = total_requests - routed_requests\n",
-    "    routed_beyond_primary = sum(count for priority, count in priority_counts.items() if priority > 1)\n",
-    "    non_200_responses = total_requests - status_counts.get(200, 0)\n",
-    "    caller_succeeded = not non_200_responses\n",
-    "    retried_requests = sum(count for retry_count, count in retry_counts.items() if retry_count > 0)\n",
-    "    backend_retries_absorbed = sum(retry_count * count for retry_count, count in retry_counts.items())\n",
-    "    caller_visible_failures = non_200_responses\n",
-    "    observed_backend_failures = backend_retries_absorbed + caller_visible_failures\n",
-    "    terminal_503_responses = status_counts.get(503, 0)\n",
-    "    priority_mix = '\\n'.join(f'P{priority}: {\", \".join(weight_mix)}' for priority, weight_mix in sorted(weights_by_priority.items()))\n",
-    "    retry_mix = '\\n'.join(\n",
-    "        f'{retry_count}: {count} ({count / total_requests:.1%})'\n",
-    "        for retry_count, count in sorted(retry_counts.items())\n",
-    "        if retry_count > 0\n",
-    "    ) or 'None'\n",
-    "    if unresolved_requests:\n",
-    "        unresolved_mix = f'No resolved backend: {unresolved_requests} ({unresolved_requests / total_requests:.1%})'\n",
-    "        priority_mix = f'{priority_mix}\\n{unresolved_mix}' if priority_mix else unresolved_mix\n",
-    "\n",
-    "    observations = []\n",
-    "    if non_200_responses:\n",
-    "        observations.append(\n",
-    "            f'{non_200_responses}/{total_requests} ({non_200_responses / total_requests:.1%}) caller-visible non-200 responses'\n",
-    "        )\n",
-    "    else:\n",
-    "        observations.append('All requests returned HTTP 200')\n",
-    "    if backend_retries_absorbed:\n",
-    "        observations.append(f'{retried_requests}/{total_requests} returned after a retry')\n",
-    "    else:\n",
-    "        observations.append('all responses returned without a backend retry')\n",
-    "    if routed_beyond_primary:\n",
-    "        observations.append(f'{routed_beyond_primary}/{total_requests} ({routed_beyond_primary / total_requests:.1%}) routed beyond P1')\n",
-    "    else:\n",
-    "        observations.append('no failover beyond P1 observed')\n",
-    "    if priority_counts:\n",
-    "        observations.append(f'Deepest routed tier: P{max(priority_counts)}')\n",
-    "    if unresolved_requests:\n",
-    "        observations.append(f'{unresolved_requests} calls returned no resolved backend, consistent with exhausted or rejected routing')\n",
-    "    observations.append(\n",
-    "        f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers'\n",
-    "    )\n",
-    "    if observed_backend_failures:\n",
-    "        shielded_percentage = backend_retries_absorbed / observed_backend_failures * 100\n",
-    "        observations.append(f'APIM prevented {shielded_percentage:.1f}% of observed failed backend attempts from reaching callers')\n",
-    "    else:\n",
-    "        observations.append('APIM shielding percentage is not applicable because no backend failures occurred')\n",
-    "    if terminal_503_responses:\n",
-    "        observations.append(\n",
-    "            f'{terminal_503_responses} caller-visible HTTP 503 responses followed eligible-capacity exhaustion in the low-TPM pool'\n",
-    "        )\n",
-    "    elif caller_visible_failures:\n",
-    "        observations.append('caller-visible failures remained because the model-safe pool exhausted its configured fallback chain')\n",
-    "\n",
-    "    priority_tokens = tuple(f'P{priority}' for priority in sorted(priority_counts))\n",
-    "    observation_items = tuple(f'{item.strip()}' for item in '; '.join(observations).split(';'))\n",
-    "    return [\n",
-    "        (\n",
-    "            htmlreport.HtmlSuccess('All requests returned HTTP 200')\n",
-    "            if caller_succeeded\n",
-    "            else htmlreport.HtmlWarning('Some requests returned non-200 responses')\n",
-    "        ),\n",
-    "        test_id,\n",
-    "        title,\n",
-    "        total_requests,\n",
-    "        status_counts.get(200, 0),\n",
-    "        non_200_responses,\n",
-    "        htmlreport.HtmlText(retry_mix, preserve_line_breaks=True),\n",
-    "        htmlreport.HtmlText(priority_mix, bold_tokens=priority_tokens, preserve_line_breaks=True),\n",
-    "        htmlreport.HtmlList(observation_items),\n",
-    "    ]\n",
-    "\n",
-    "\n",
     "def add_scenario_figure(\n",
     "    report: htmlreport.HtmlReport,\n",
     "    title: str,\n",
@@ -1171,7 +1037,7 @@
     "        htmlreport.HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,)),\n",
     "        ['', 'Test #', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'],\n",
     "        [\n",
-    "            summarize_scenario(test_id, title, api_results, backend_url_index, backend_labels)\n",
+    "            inference_failover_helpers.build_scenario_report_row(test_id, title, api_results, backend_url_index, backend_labels)\n",
     "            for test_id, title, _, api_results, backend_url_index, backend_labels in model_scenarios\n",
     "        ],\n",
     "        htmlreport.HtmlText(\n",
@@ -1192,7 +1058,7 @@
     "    add_scenario_figure(report, f'{test_id}) {title}', description, api_results, backend_labels)\n",
     "\n",
     "if 'distribution_frame' in locals():\n",
-    "    distribution_frame = with_backend_identifier(distribution_frame)\n",
+    "    distribution_frame = inference_failover_helpers.with_backend_identifier(distribution_frame)\n",
     "    report.add_table(\n",
     "        'Gateway-Recorded Backend Distribution',\n",
     "        distribution_frame.columns.tolist(),\n",
@@ -1239,7 +1105,7 @@
     ")\n",
     "report_path = report.write(Path(tempfile.gettempdir()) / 'apim-samples-reports' / sample_folder / 'inference-failover-report.html')\n",
     "report_url = report_path.as_uri()\n",
-    "print_ok(f'Local HTML report ready: {report_url}')"
+    "print_ok(f'Local HTML report ready: {report_url}')\n"
    ]
   },
   {
diff --git a/samples/inference-failover/inference_failover_helpers.py b/samples/inference-failover/inference_failover_helpers.py
index ab6d4601..5fcc4539 100644
--- a/samples/inference-failover/inference_failover_helpers.py
+++ b/samples/inference-failover/inference_failover_helpers.py
@@ -2,6 +2,7 @@
 
 import json
 import time
+from collections import Counter
 from collections.abc import Callable, Mapping
 from dataclasses import dataclass
 from typing import Any
@@ -12,6 +13,7 @@
 # APIM Samples imports
 from apimtypes import SUBSCRIPTION_KEY_PARAMETER_NAME
 from console import print_info, print_message
+from htmlreport import HtmlList, HtmlSuccess, HtmlText, HtmlWarning
 
 
 @dataclass(frozen=True)
@@ -274,3 +276,95 @@ def format_gateway_distribution(frame: pd.DataFrame) -> pd.DataFrame:
         result = result.drop(columns=['Backend URL'])
 
     return result
+
+
+def get_priority_and_weight(backend_index: int, backend_labels: Mapping[int, str]) -> tuple[int, int]:
+    """Return the routing priority and weight encoded in a backend legend label."""
+    route_label = backend_labels[backend_index].split(':', maxsplit=1)[0]
+    priority_label, weight_label = route_label.split(' / ', maxsplit=1)
+
+    return int(priority_label.removeprefix('Priority ')), int(weight_label.removeprefix('Weight '))
+
+
+def build_scenario_report_row(
+    test_id: str,
+    title: str,
+    api_results: list[dict[str, Any]],
+    backend_url_index: Mapping[str, int],
+    backend_labels: Mapping[int, str],
+) -> list[object]:
+    """Return one compact HTML report row with routing statistics and interpretation."""
+    total_requests = len(api_results)
+    if not total_requests:
+        return ['', test_id, title, 0, 0, 0, 'None', 'No requests', 'No scenario requests were captured.']
+
+    status_counts = Counter(result['status_code'] for result in api_results)
+    retry_counts = Counter(result['backend_retry'] for result in api_results)
+    backend_indexes = [get_backend_index(result['backend_url'], backend_url_index) for result in api_results]
+    priority_weight_counts = Counter(get_priority_and_weight(index, backend_labels) for index in backend_indexes if index in backend_labels)
+    priority_counts: Counter = Counter()
+    weights_by_priority: dict[int, list[str]] = {}
+    for (priority, weight), count in sorted(priority_weight_counts.items()):
+        priority_counts[priority] += count
+        weights_by_priority.setdefault(priority, []).append(f'W{weight}: {count} ({count / total_requests:.1%})')
+    routed_requests = sum(priority_counts.values())
+    unresolved_requests = total_requests - routed_requests
+    routed_beyond_primary = sum(count for priority, count in priority_counts.items() if priority > 1)
+    non_200_responses = total_requests - status_counts.get(200, 0)
+    caller_succeeded = not non_200_responses
+    retried_requests = sum(count for retry_count, count in retry_counts.items() if retry_count > 0)
+    backend_retries_absorbed = sum(retry_count * count for retry_count, count in retry_counts.items())
+    caller_visible_failures = non_200_responses
+    observed_backend_failures = backend_retries_absorbed + caller_visible_failures
+    terminal_503_responses = status_counts.get(503, 0)
+    priority_mix = '\n'.join(f'P{priority}: {", ".join(weight_mix)}' for priority, weight_mix in sorted(weights_by_priority.items()))
+    retry_mix = (
+        '\n'.join(f'{retry_count}: {count} ({count / total_requests:.1%})' for retry_count, count in sorted(retry_counts.items()) if retry_count > 0)
+        or 'None'
+    )
+    if unresolved_requests:
+        unresolved_mix = f'No resolved backend: {unresolved_requests} ({unresolved_requests / total_requests:.1%})'
+        priority_mix = f'{priority_mix}\n{unresolved_mix}' if priority_mix else unresolved_mix
+
+    observations = []
+    if non_200_responses:
+        observations.append(f'{non_200_responses}/{total_requests} ({non_200_responses / total_requests:.1%}) caller-visible non-200 responses')
+    else:
+        observations.append('All requests returned HTTP 200')
+    if backend_retries_absorbed:
+        observations.append(f'{retried_requests}/{total_requests} returned after a retry')
+    else:
+        observations.append('all responses returned without a backend retry')
+    if routed_beyond_primary:
+        observations.append(f'{routed_beyond_primary}/{total_requests} ({routed_beyond_primary / total_requests:.1%}) routed beyond P1')
+    else:
+        observations.append('no failover beyond P1 observed')
+    if priority_counts:
+        observations.append(f'Deepest routed tier: P{max(priority_counts)}')
+    if unresolved_requests:
+        observations.append(f'{unresolved_requests} calls returned no resolved backend, consistent with exhausted or rejected routing')
+    observations.append(f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers')
+    if observed_backend_failures:
+        shielded_percentage = backend_retries_absorbed / observed_backend_failures * 100
+        observations.append(f'APIM prevented {shielded_percentage:.1f}% of observed failed backend attempts from reaching callers')
+    else:
+        observations.append('APIM shielding percentage is not applicable because no backend failures occurred')
+    if terminal_503_responses:
+        observations.append(f'{terminal_503_responses} caller-visible HTTP 503 responses followed eligible-capacity exhaustion in the low-TPM pool')
+    elif caller_visible_failures:
+        observations.append('caller-visible failures remained because the model-safe pool exhausted its configured fallback chain')
+
+    priority_tokens = tuple(f'P{priority}' for priority in sorted(priority_counts))
+    observation_items = tuple(item.strip() for item in '; '.join(observations).split(';'))
+
+    return [
+        (HtmlSuccess('All requests returned HTTP 200') if caller_succeeded else HtmlWarning('Some requests returned non-200 responses')),
+        test_id,
+        title,
+        total_requests,
+        status_counts.get(200, 0),
+        non_200_responses,
+        HtmlText(retry_mix, preserve_line_breaks=True),
+        HtmlText(priority_mix, bold_tokens=priority_tokens, preserve_line_breaks=True),
+        HtmlList(observation_items),
+    ]
diff --git a/samples/inference-failover/main.bicep b/samples/inference-failover/main.bicep
index 88920e86..97140577 100644
--- a/samples/inference-failover/main.bicep
+++ b/samples/inference-failover/main.bicep
@@ -304,9 +304,11 @@ module inferenceBackends '../../shared/bicep/modules/apim/v1/backend.bicep' = [f
     circuitBreaker: {
       rules: [
         {
-          // A 429 is a capacity signal. Retry-After controls how long APIM biases
-          // regional pool selection away from this backend.
-          name: 'capacity-throttled'
+          // APIM allows only one circuit breaker rule per backend, so all failure
+          // signals share one rule. The first 429, 500, 502, 503, or 504 response
+          // trips this backend's circuit. acceptRetryAfter honors the Retry-After
+          // header on 429 responses when determining how long to avoid the backend.
+          name: 'failover-on-capacity-or-infrastructure-failure'
           acceptRetryAfter: true
           failureCondition: {
             count: 1
@@ -316,35 +318,10 @@ module inferenceBackends '../../shared/bicep/modules/apim/v1/backend.bicep' = [f
                 min: 429
                 max: 429
               }
-            ]
-          }
-          tripDuration: 'PT1M'
-        }
-        {
-          // A single 500 is retryable, but only sustained 500 responses shift
-          // regional selection and qualify as infrastructure failover.
-          name: 'sustained-internal-error'
-          acceptRetryAfter: false
-          failureCondition: {
-            count: 2
-            interval: 'PT1M'
-            statusCodeRanges: [
               {
                 min: 500
                 max: 500
               }
-            ]
-          }
-          tripDuration: 'PT1M'
-        }
-        {
-          // Gateway and availability failures shift region immediately.
-          name: 'infrastructure-unavailable'
-          acceptRetryAfter: false
-          failureCondition: {
-            count: 1
-            interval: 'PT1M'
-            statusCodeRanges: [
               {
                 min: 502
                 max: 504
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 6df8827a..362548e5 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -152,9 +152,11 @@ def test_inference_policy_decisions_cover_every_documented_status() -> None:
         401: (False, False),
         403: (False, False),
         404: (False, False),
+        408: (False, False),
         409: (True, False),
         429: (True, False),
         500: (True, True),
+        501: (False, False),
         502: (True, True),
         503: (True, True),
         504: (True, True),
@@ -171,21 +173,30 @@ def test_inference_readme_documents_exact_response_handling_matrix() -> None:
     """Keep the documented status-code contract synchronized with the policy."""
     readme = README_PATH.read_text(encoding='utf-8')
     expected_rows = [
-        '| 200  | Success  | N/A       | No           | No                 | None     |',
-        '| 400  | Client   | No        | No           | No                 | Low      |',
-        '| 401  | Auth     | No        | No           | No                 | Medium   |',
-        '| 403  | AuthZ    | No        | No           | No                 | Medium   |',
-        '| 404  | Config   | No        | No           | No                 | Medium   |',
-        '| 409  | Conflict | Sometimes | No           | No                 | Medium   |',
-        '| 429  | Capacity | Yes       | Yes (bias)   | No                 | Medium   |',
-        '| 500  | Infra    | Yes       | Yes          | Yes (if sustained) | High     |',
-        '| 502  | Infra    | Yes       | Yes          | Yes                | High     |',
-        '| 503  | Infra    | Yes       | Yes          | Yes                | High     |',
-        '| 504  | Infra    | Yes       | Yes          | Yes                | High     |',
+        '| 200 | - | - | 200 | Success | None | Return the successful response. |',
+        '| 400 | No | No | 400 | Client | Low | Return unchanged; may indicate an invalid request or content filtering. |',
+        '| 401 | No | No | 401 | Auth | Medium | Return unchanged; correct backend authentication. |',
+        '| 403 | No | No | 403 | AuthZ | Medium | Return unchanged; correct backend authorization. |',
+        '| 404 | No | No | 404 | Config | Medium | Return unchanged; correct the backend URL or deployment name. |',
+        '| 408 | No | No | 408 | Timeout | Medium | Return the explicit HTTP timeout; transport timeouts have no response. |',
+        '| 409 | No | Sometimes | 200 or 409 | Conflict | Medium | Retry only when `Retry-After` marks the conflict as transient. |',
+        (
+            '| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Honor `Retry-After` and retry another eligible '
+            'backend; preserve an exhausted `429`. |'
+        ),
+        '| 500 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
+        '| 502 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
+        '| 503 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
+        '| 504 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
+        (
+            '| null | No | Yes | 200 or 503 | Transport | High | Retry after no backend response; normalize handled '
+            'transport failures to `503`. |'
+        ),
     ]
 
     assert all(row in readme for row in expected_rows)
-    assert 'A `500` becomes a regional failover signal only after two occurrences within one minute' in readme
+    assert '| Backend Code | Trip Breaker | Retry | Caller Codes | Category | Severity | Handling |' in readme
+    assert '"Trip Breaker" applies to the backend that returned the response' in readme
     assert '`https://unresolvable.invalid`' in readme
     assert 'does **not** simulate a client disconnect' in readme
     assert '`409` without `Retry-After`' in readme
@@ -204,13 +215,25 @@ def test_inference_bicep_contains_only_compatible_model_backend_pools() -> None:
     assert 'capacity: 1' in bicep
     assert f'name: {single_quote}Standard{single_quote}' in bicep
     assert 'acceptRetryAfter: true' in bicep
-    assert "name: 'capacity-throttled'" in bicep
-    assert "name: 'sustained-internal-error'" in bicep
-    assert "name: 'infrastructure-unavailable'" in bicep
-    assert 'min: 429' in bicep
-    assert 'min: 500' in bicep
-    assert 'min: 502' in bicep
-    assert 'max: 504' in bicep
+    assert bicep.count("name: 'failover-on-capacity-or-infrastructure-failure'") == 1
+    assert "name: 'capacity-throttled'" not in bicep
+    assert "name: 'sustained-internal-error'" not in bicep
+    assert "name: 'infrastructure-unavailable'" not in bicep
+    circuit_breaker_block = re.search(
+        r"name: 'failover-on-capacity-or-infrastructure-failure'(?P<body>.*?)tripDuration: 'PT1M'",
+        bicep,
+        re.DOTALL,
+    )
+    assert circuit_breaker_block is not None
+    breaker_body = circuit_breaker_block.group('body')
+    assert re.search(r'count:\s*1\b', breaker_body)
+
+    status_ranges = {
+        status_code
+        for minimum, maximum in re.findall(r'min:\s*(\d+)\s+max:\s*(\d+)', breaker_body)
+        for status_code in range(int(minimum), int(maximum) + 1)
+    }
+    assert status_ranges == {429, 500, 502, 503, 504}
     assert 'enableLlmLogs: true' in bicep
     assert f'backendPoolName: {single_quote}inference-gpt-5-1-pool{single_quote}' in bicep
     assert f'backendPoolName: {single_quote}inference-gpt-4-1-mini-pool{single_quote}' in bicep
diff --git a/tests/python/test_inference_failover_helpers.py b/tests/python/test_inference_failover_helpers.py
index 2683d416..4f3eee84 100644
--- a/tests/python/test_inference_failover_helpers.py
+++ b/tests/python/test_inference_failover_helpers.py
@@ -11,12 +11,15 @@
 INFERENCE_FAILOVER_DIR = Path(__file__).resolve().parents[2] / 'samples' / 'inference-failover'
 sys.path.insert(0, str(INFERENCE_FAILOVER_DIR))
 
+from htmlreport import HtmlList, HtmlSuccess, HtmlText, HtmlWarning  # noqa: E402
 from inference_failover_helpers import (  # noqa: E402
     InferenceScenario,
     InferenceTrafficRunner,
+    build_scenario_report_row,
     format_backend_url_counts,
     format_gateway_distribution,
     get_backend_index,
+    get_priority_and_weight,
     parse_backend_retry,
     summarize_scenario,
     validate_status,
@@ -204,3 +207,69 @@ def test_with_backend_identifier_leaves_frames_without_urls_unchanged():
 
     assert result.equals(source)
     assert result is not source
+
+
+@pytest.mark.unit
+def test_get_priority_and_weight_parses_legend_label():
+    labels = {
+        0: 'Priority 1 / Weight 100: PTU (East US 2)',
+        3: 'Priority 4 / Weight 50: PAYG (West US 3)',
+    }
+
+    assert get_priority_and_weight(0, labels) == (1, 100)
+    assert get_priority_and_weight(3, labels) == (4, 50)
+
+
+@pytest.mark.unit
+def test_build_scenario_report_row_handles_empty_results():
+    row = build_scenario_report_row('A-1', 'Baseline', [], {}, {})
+
+    assert row == ['', 'A-1', 'Baseline', 0, 0, 0, 'None', 'No requests', 'No scenario requests were captured.']
+
+
+@pytest.mark.unit
+def test_build_scenario_report_row_all_success_without_retries():
+    labels = {0: 'Priority 1 / Weight 100: PTU (East US 2)'}
+    backend_url_index = {'/deployments/a-model': 0}
+    results = [
+        {'status_code': 200, 'backend_retry': 0, 'backend_url': 'https://host/deployments/a-model'},
+        {'status_code': 200, 'backend_retry': 0, 'backend_url': 'https://host/deployments/a-model'},
+    ]
+
+    row = build_scenario_report_row('A-1', 'Baseline', results, backend_url_index, labels)
+
+    assert isinstance(row[0], HtmlSuccess)
+    assert row[1:6] == ['A-1', 'Baseline', 2, 2, 0]
+    assert row[6] == HtmlText('None', preserve_line_breaks=True)
+    assert isinstance(row[7], HtmlText)
+    assert 'P1' in row[7].text
+    assert isinstance(row[8], HtmlList)
+    observations = '\n'.join(row[8].items)
+    assert 'All requests returned HTTP 200' in observations
+    assert 'no failover beyond P1 observed' in observations
+    assert 'no backend failures occurred' in observations
+
+
+@pytest.mark.unit
+def test_build_scenario_report_row_reports_failover_retries_and_terminal_503():
+    labels = {
+        0: 'Priority 1 / Weight 100: PTU (East US 2)',
+        1: 'Priority 2 / Weight 100: PTU (West US 3)',
+    }
+    backend_url_index = {'/deployments/a-model': 0, '/deployments/b-model': 1}
+    results = [
+        {'status_code': 200, 'backend_retry': 1, 'backend_url': 'https://host/deployments/b-model'},
+        {'status_code': 503, 'backend_retry': 3, 'backend_url': 'unknown'},
+    ]
+
+    row = build_scenario_report_row('A-2', 'Sustained Pressure', results, backend_url_index, labels)
+
+    assert isinstance(row[0], HtmlWarning)
+    assert row[3:6] == [2, 1, 1]
+    assert isinstance(row[6], HtmlText)
+    assert '1:' in row[6].text and '3:' in row[6].text
+    observations = '\n'.join(row[8].items)
+    assert 'routed beyond P1' in observations
+    assert 'no resolved backend' in observations
+    assert 'HTTP 503 responses' in observations
+    assert 'APIM prevented 80.0%' in observations

From cadb4a46a16a65c7e79dffa2ea50e07024ffc682 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 14:44:55 -0400
Subject: [PATCH 13/31] Fix tests

---
 samples/inference-failover/create.ipynb       |  5 ++-
 tests/python/test_inference_failover.py       | 18 +---------
 .../python/test_inference_failover_helpers.py | 35 +++++++++++++++++++
 3 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index a65200c2..8379b315 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -897,8 +897,9 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "from pathlib import Path\n",
+    "import importlib\n",
     "import tempfile\n",
+    "from pathlib import Path\n",
     "\n",
     "import matplotlib.pyplot as plt\n",
     "\n",
@@ -907,6 +908,8 @@
     "import htmlreport\n",
     "from console import print_ok, print_warning\n",
     "\n",
+    "importlib.reload(htmlreport)\n",
+    "\n",
     "if 'gpt_5_1_backend_labels' not in locals():\n",
     "    print_warning('Please run the scenario chart cell first')\n",
     "    raise SystemExit(1)\n",
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 362548e5..90806058 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -336,17 +336,7 @@ def test_inference_notebook_generates_local_html_report() -> None:
     assert "'inference-failover-report.html'" in code_source
     assert "'', 'Test #', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'" in code_source
     assert "htmlreport.HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,))" in code_source
-    assert 'if retry_count > 0' in code_source
-    assert 'caller_succeeded = not non_200_responses' in code_source
-    assert "htmlreport.HtmlSuccess('All requests returned HTTP 200')" in code_source
-    assert "else htmlreport.HtmlWarning('Some requests returned non-200 responses')" in code_source
-    assert "observation_items = tuple(f'{item.strip()}' for item in '; '.join(observations).split(';'))" in code_source
-    assert 'htmlreport.HtmlList(observation_items)' in code_source
-    assert 'htmlreport.HtmlText(retry_mix, preserve_line_breaks=True)' in code_source
-    assert 'def get_priority_and_weight(' in code_source
-    assert "weights_by_priority.setdefault(priority, []).append(f'W{weight}: {count} ({count / total_requests:.1%})')" in code_source
-    assert "priority_mix = '\\n'.join(f'P{priority}: {\", \".join(weight_mix)}'" in code_source
-    assert 'htmlreport.HtmlText(priority_mix, bold_tokens=priority_tokens, preserve_line_breaks=True)' in code_source
+    assert 'inference_failover_helpers.build_scenario_report_row(' in code_source
     assert "column_widths=['4%', '5%', '10%', '6%', '6%', '5%', '11%', '17%', '36%']" in code_source
     assert "'A-1',\n                'Baseline Warm Path'" in code_source
     assert "'B-1',\n                'Baseline Warm Path'" in code_source
@@ -358,12 +348,6 @@ def test_inference_notebook_generates_local_html_report() -> None:
     assert 'report.add_info_callout(' in code_source
     assert "'Lab Capacity Is Intentionally Low'" in code_source
     assert "'Each regional Azure OpenAI deployment is intentionally configured at 1,000 TPM so that" in code_source
-    assert 'observed_backend_failures = backend_retries_absorbed + caller_visible_failures' in code_source
-    assert 'shielded_percentage = backend_retries_absorbed / observed_backend_failures * 100' in code_source
-    assert "f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers'" in code_source
-    assert "f'APIM prevented {shielded_percentage:.1f}% of observed failed backend attempts from reaching callers'" in code_source
-    assert 'terminal_503_responses = status_counts.get(503, 0)' in code_source
-    assert 'caller-visible HTTP 503 responses followed eligible-capacity exhaustion in the low-TPM pool' in code_source
     assert "'Observed X-Backend-URL values'" not in code_source.split('report = htmlreport.HtmlReport(', maxsplit=1)[1]
     assert 'if all_scenario_requests_succeeded:' in code_source
     assert 'report.add_success_callout(' in code_source
diff --git a/tests/python/test_inference_failover_helpers.py b/tests/python/test_inference_failover_helpers.py
index 4f3eee84..5b5a5875 100644
--- a/tests/python/test_inference_failover_helpers.py
+++ b/tests/python/test_inference_failover_helpers.py
@@ -145,6 +145,16 @@ def test_context_manager_closes_session_after_exception():
     session.close.assert_called_once_with()
 
 
+@pytest.mark.unit
+def test_close_is_idempotent_without_an_open_session():
+    runner, session = _create_runner()
+
+    runner.close()
+    runner.close()
+
+    session.close.assert_not_called()
+
+
 @pytest.mark.unit
 def test_pause_uses_injected_sleep_and_rejects_negative_values():
     sleep = MagicMock()
@@ -209,6 +219,18 @@ def test_with_backend_identifier_leaves_frames_without_urls_unchanged():
     assert result is not source
 
 
+@pytest.mark.unit
+def test_format_gateway_distribution_leaves_frames_without_backend_urls():
+    source = pd.DataFrame([['api', 'not available', 'not available']], columns=['API', 'AverageBackendMs', 'SuccessRate'])
+
+    result = format_gateway_distribution(source)
+
+    assert result['AverageBackendMs'].tolist() == ['']
+    assert result['SuccessRate'].tolist() == ['']
+    assert 'Backend' not in result.columns
+    assert result is not source
+
+
 @pytest.mark.unit
 def test_get_priority_and_weight_parses_legend_label():
     labels = {
@@ -273,3 +295,16 @@ def test_build_scenario_report_row_reports_failover_retries_and_terminal_503():
     assert 'no resolved backend' in observations
     assert 'HTTP 503 responses' in observations
     assert 'APIM prevented 80.0%' in observations
+
+
+@pytest.mark.unit
+def test_build_scenario_report_row_reports_unresolved_non_503_failure():
+    results = [{'status_code': 429, 'backend_retry': 0, 'backend_url': 'unknown'}]
+
+    row = build_scenario_report_row('A-3', 'Capacity Exhausted', results, {}, {})
+
+    assert isinstance(row[0], HtmlWarning)
+    assert row[7] == HtmlText('No resolved backend: 1 (100.0%)', preserve_line_breaks=True)
+    observations = '\n'.join(row[8].items)
+    assert 'caller-visible failures remained' in observations
+    assert 'Deepest routed tier' not in observations

From d2e5fedafca2439451258311057811db6709d532 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 14:57:17 -0400
Subject: [PATCH 14/31] Format

---
 tests/python/test_inference_failover.py | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 90806058..21ebba63 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -188,10 +188,7 @@ def test_inference_readme_documents_exact_response_handling_matrix() -> None:
         '| 502 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
         '| 503 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
         '| 504 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
-        (
-            '| null | No | Yes | 200 or 503 | Transport | High | Retry after no backend response; normalize handled '
-            'transport failures to `503`. |'
-        ),
+        ('| null | No | Yes | 200 or 503 | Transport | High | Retry after no backend response; normalize handled transport failures to `503`. |'),
     ]
 
     assert all(row in readme for row in expected_rows)

From 62948eede128a73b4ad4e4b2aa03e3e75e973e35 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 15:44:26 -0400
Subject: [PATCH 15/31] Refine test output

---
 shared/python/apimtesting.py     |  9 ++++++---
 tests/python/test_apimtesting.py | 32 +++++++++++++++++++++-----------
 2 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/shared/python/apimtesting.py b/shared/python/apimtesting.py
index 70974263..2530e5de 100644
--- a/shared/python/apimtesting.py
+++ b/shared/python/apimtesting.py
@@ -63,16 +63,18 @@ def verify(self, value: any, expected: any, label: str = '') -> bool:
         Returns:
             bool: True, if the assertion passes; otherwise, False.
         """
+        self.total_tests += 1
+
         try:
             if label:
-                print(f'🔍 Assert that {label} value [{value}] matches expected value [{expected}].')
+                print(f'🔍 Test {self.total_tests}: Assert that {label} value [{value}] matches expected value [{expected}].')
             else:
-                print(f'🔍 Assert that value [{value}] matches expected value [{expected}].')
+                print(f'🔍 Test {self.total_tests}: Assert that value [{value}] matches expected value [{expected}].')
 
-            self.total_tests += 1
             assert value == expected, f'Value [{value}] does not match expected value [{expected}]'
             self.tests_passed += 1
             print(f'✅ Test {self.total_tests}: PASS')
+            print()
 
             return True
         except AssertionError as e:
@@ -80,6 +82,7 @@ def verify(self, value: any, expected: any, label: str = '') -> bool:
             label_suffix = f' [{label}]' if label else ''
             self.errors.append(f'Test {self.total_tests}{label_suffix}: {str(e)}')
             print(f'❌ Test {self.total_tests}: FAIL - {str(e)}')
+            print()
 
             return False
 
diff --git a/tests/python/test_apimtesting.py b/tests/python/test_apimtesting.py
index a7a2302e..766de5ff 100644
--- a/tests/python/test_apimtesting.py
+++ b/tests/python/test_apimtesting.py
@@ -4,7 +4,7 @@
 
 import os
 import sys
-from unittest.mock import patch
+from unittest.mock import call, patch
 
 # APIM Samples imports
 from apimtesting import ApimTesting
@@ -64,7 +64,11 @@ def test_verify_success():
         assert testing.tests_passed == 1
         assert not testing.tests_failed
         assert testing.total_tests == 1
-        mock_print.assert_called_with('✅ Test 1: PASS')
+        assert mock_print.call_args_list == [
+            call('🔍 Test 1: Assert that value [5] matches expected value [5].'),
+            call('✅ Test 1: PASS'),
+            call(),
+        ]
 
 
 def test_verify_failure():
@@ -80,7 +84,11 @@ def test_verify_failure():
         assert testing.total_tests == 1
         assert len(testing.errors) == 1
         assert 'Value [5] does not match expected value [10]' in testing.errors[0]
-        mock_print.assert_called_with('❌ Test 1: FAIL - Value [5] does not match expected value [10]')
+        assert mock_print.call_args_list == [
+            call('🔍 Test 1: Assert that value [5] matches expected value [10].'),
+            call('❌ Test 1: FAIL - Value [5] does not match expected value [10]'),
+            call(),
+        ]
 
 
 def test_verify_multiple_tests():
@@ -153,10 +161,11 @@ def test_verify_with_label():
         assert testing.tests_passed == 1
         assert not testing.tests_failed
 
-        # Check that label was used in the print statement
-        calls = [str(call) for call in mock_print.call_args_list]
-        label_found = any('HTTP Status Code' in call for call in calls)
-        assert label_found
+        assert mock_print.call_args_list == [
+            call('🔍 Test 1: Assert that HTTP Status Code value [200] matches expected value [200].'),
+            call('✅ Test 1: PASS'),
+            call(),
+        ]
 
 
 def test_verify_with_label_failure():
@@ -169,10 +178,11 @@ def test_verify_with_label_failure():
         assert result is False
         assert testing.tests_failed == 1
 
-        # Check that label was used in the output
-        calls = [str(call) for call in mock_print.call_args_list]
-        label_found = any('Status' in call for call in calls)
-        assert label_found
+        assert mock_print.call_args_list == [
+            call('🔍 Test 1: Assert that Status value [404] matches expected value [200].'),
+            call('❌ Test 1: FAIL - Value [404] does not match expected value [200]'),
+            call(),
+        ]
 
 
 # ------------------------------

From 0b562185e0ae8208767859c45b6d739eba4e8ded Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 18:47:34 -0400
Subject: [PATCH 16/31] Further refinement of APIM policy and reporting

---
 .github/copilot-instructions.md               |   1 +
 .github/skills/apim-policies/SKILL.md         |  49 ++++--
 samples/inference-failover/README.md          |  21 ++-
 .../apim-policies/inference-api-policy.xml    | 160 +++++++++++-------
 samples/inference-failover/create.ipynb       |   2 +-
 .../inference-failover.workbook.json          |  18 +-
 samples/inference-failover/main.bicep         |   8 +-
 samples/inference-failover/queries/README.md  |   2 +-
 .../queries/failover-outcomes.kql             |   5 +-
 .../queries/failure-analysis.kql              |   5 +-
 .../queries/request-details.kql               |   9 +-
 .../queries/verify-llm-ingestion.kql          |   4 +-
 tests/python/test_inference_failover.py       | 111 +++++++++---
 13 files changed, 267 insertions(+), 128 deletions(-)

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index c02701f3..3065c31d 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -671,6 +671,7 @@ Samples that require administrative or operational endpoints (cache loading, con
 - When migrating existing samples, update policy path helpers to check `samples/<sample-name>/apim-policies/` first and the sample root second as a temporary backwards-compatible fallback. New files must use `apim-policies/`; do not rely on the fallback for newly created policies.
 - After moving KQL or policy XML files, check and update every notebook, Python helper, Bicep `loadTextContent()` call, test, script, and documentation reference that consumes them. Add or update tests for canonical-directory resolution, root-level fallback, explicit paths, auto-detected sample names, and missing files before considering the migration complete.
 - Policies should use camelCase for all variable names.
+- In XML attribute values and element text, encode `&` as `&amp;` and `<` as `&lt;`. Encode `>` as `&gt;` for paired angle brackets and comparisons so the policy expression remains unambiguous and consistent. This applies to C# generic type arguments (`GetValueOrDefault&lt;int&gt;`), comparisons (`value &lt;= limit`, `value &gt; limit`), and logical AND (`left &amp;&amp; right`).
 - In policy expressions inside double-quoted XML attributes, escape embedded double quotes as `&quot;` (for example, `value="@((string)context.Variables[&quot;callerId&quot;])"`). Unescaped quotes make the XML malformed. Expressions in element text, such as `<value>@("text")</value>`, do not require this escaping.
 - The `<backend>` section may contain only one direct child policy. When retrying a backend request, make `<retry>` the sole direct child of `<backend>` and place `<forward-request>` plus any per-attempt policies inside it. Move terminal fallback handling to `<on-error>` or `<outbound>` as appropriate. Do not add sibling policies such as `<base />` or `<choose>` alongside the backend `<retry>`; APIM rejects the policy during deployment.
 - Policy expressions (`@(...)` and `@{...}`) may **only** reference .NET types and members on APIM's [allow-list](https://learn.microsoft.com/azure/api-management/api-management-policy-expressions#CLRTypes). Using anything outside the list (e.g. `System.Globalization.*`, `DateTime.TryParse`, `DateTime.ToUniversalTime`, `System.Text.Json`) causes a deploy-time `ValidationError: One or more fields contain incorrect values` with no further detail. Verify each type/member against the allow-list before writing the expression. See `.github/skills/apim-policies/SKILL.md` for common pitfalls and allowed replacements.
diff --git a/.github/skills/apim-policies/SKILL.md b/.github/skills/apim-policies/SKILL.md
index 441ae2bc..841b7344 100644
--- a/.github/skills/apim-policies/SKILL.md
+++ b/.github/skills/apim-policies/SKILL.md
@@ -34,6 +34,16 @@ Every APIM policy document follows this structure:
 
 The `<base />` element inherits policies from parent scopes (Global → Product → API → Operation).
 
+### Readability and Semantic Layout
+
+Keep policy XML readable as its control flow grows:
+
+- Add concise XML comments before non-obvious policy blocks to explain their intent, especially retry classification, fallback handling, cache behavior, and error normalization. Do not narrate self-explanatory individual statements.
+- Separate semantic phases with a blank line, such as initialization, routing and authentication, retry tracking, telemetry, response classification, and response rendering.
+- Break long policy elements across lines and place one attribute per line when that makes conditions or configuration easier to scan. Preserve the established indentation and policy execution order.
+- Keep related policies together under a clear comment instead of allowing one uninterrupted block of XML. Use comments and whitespace for structure; do not add wrapper policies that change APIM behavior solely for visual grouping.
+- Format multi-statement `@{}` expressions like ordinary C# blocks, with blank lines between distinct calculations or validation phases. Keep short `@()` expressions inline when they remain easy to read.
+
 ### Backend Section Cardinality (CRITICAL)
 
 The `<backend>` section may contain only one direct child policy. APIM rejects a policy during deployment when `<backend>` contains sibling policies such as `<retry>` followed by `<choose>`, or `<base />` followed by `<retry>`.
@@ -43,7 +53,7 @@ When retrying a backend request, make `<retry>` the sole direct child of `<backe
 ```xml
 <backend>
     <retry count="3" interval="1" first-fast-retry="true"
-        condition="@(context.Response.StatusCode == 429 || context.Response.StatusCode >= 500)">
+        condition='@(context.Response.StatusCode == 429 || context.Response.StatusCode &gt;= 500)'>
         <forward-request buffer-request-body="true" />
     </retry>
 </backend>
@@ -108,7 +118,7 @@ Apply policies based on conditions:
 
 ```xml
 <choose>
-    <when condition="@(context.Request.Headers.GetValueOrDefault(&quot;X-Custom&quot;, &quot;&quot;) == &quot;value&quot;)">
+    <when condition='@(context.Request.Headers.GetValueOrDefault("X-Custom", "") == "value")'>
         <!-- policies when condition is true -->
     </when>
     <otherwise>
@@ -137,7 +147,7 @@ Retry failed requests with conditions:
 
 ```xml
 <retry count="3" interval="1" first-fast-retry="true"
-    condition="@(context.Response.StatusCode == 429 || context.Response.StatusCode >= 500)">
+    condition='@(context.Response.StatusCode == 429 || context.Response.StatusCode &gt;= 500)'>
     <forward-request buffer-request-body="true" />
 </retry>
 ```
@@ -148,18 +158,37 @@ Policy expressions use C# syntax within `@()` for single statements or `@{}` for
 
 ### Quotes in XML Attributes
 
-When a policy expression is inside a double-quoted XML attribute, encode every double quote within the expression as `&quot;`. Raw inner double quotes terminate the attribute and make the policy XML malformed.
+Use single quotes around XML attribute values that contain policy expressions. This allows C# string literals and dictionary keys inside the expression to use normal double quotes without XML entity encoding.
 
 ```xml
-<set-variable name="callerId" value="@((string)context.Variables[&quot;callerId&quot;])" />
+<set-variable name="callerId" value='@((string)context.Variables["callerId"])' />
 ```
 
-Double quotes do not need entity encoding when the expression is element text:
+Keep ordinary non-expression XML attributes double-quoted. If an expression itself requires a single-quoted character or string literal, encode that apostrophe as `&apos;` or use a double-quoted XML attribute and encode its inner double quotes as `&quot;`.
+
+Expressions in element text also use normal double quotes:
 
 ```xml
 <value>@((string)context.Variables["callerId"])</value>
 ```
 
+### XML Entity Encoding
+
+Policy expressions are C# embedded in XML, so XML parsing occurs before APIM evaluates the expression. In XML attribute values and element text:
+
+- Encode `&` as `&amp;`. Logical AND must therefore be written as `&amp;&amp;`.
+- Encode `<` as `&lt;`. This is required for less-than comparisons and the opening angle bracket of generic type arguments.
+- Encode `>` as `&gt;` for paired angle brackets and comparisons. A literal `>` is generally valid XML, but encoding it keeps expressions consistent and avoids ambiguity.
+
+```xml
+<set-variable name="attempt" value='@(context.Variables.GetValueOrDefault&lt;int&gt;("attempt", 0))' />
+<when condition='@(attempt &lt;= retryLimit &amp;&amp; statusCode &gt;= 500)'>
+    <!-- policies -->
+</when>
+```
+
+These entities are decoded before C# evaluation, so APIM receives `GetValueOrDefault<int>`, `<=`, `&&`, and `>=`. Code shown outside an XML context, such as a `csharp` fenced block, should use ordinary C# characters without XML entity encoding.
+
 ### Common Expressions
 
 ```csharp
@@ -191,17 +220,17 @@ Double quotes do not need entity encoding when the expression is element text:
 ### Multi-Statement Expression
 
 ```xml
-<set-variable name="result" value="@{
+<set-variable name="result" value='@{
     string[] value;
-    if (context.Request.Headers.TryGetValue(&quot;Authorization&quot;, out value))
+    if (context.Request.Headers.TryGetValue("Authorization", out value))
     {
-        if(value != null && value.Length > 0)
+        if(value != null &amp;&amp; value.Length &gt; 0)
         {
             return Encoding.UTF8.GetString(Convert.FromBase64String(value[0]));
         }
     }
     return null;
-}" />
+}' />
 ```
 
 ### Allowed .NET Types and Members (CRITICAL)
diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
index f7a4022e..0f5922c0 100644
--- a/samples/inference-failover/README.md
+++ b/samples/inference-failover/README.md
@@ -39,12 +39,13 @@ The inference policy uses the following response-handling matrix. "Trip Breaker"
 | 401 | No | No | 401 | Auth | Medium | Return unchanged; correct backend authentication. |
 | 403 | No | No | 403 | AuthZ | Medium | Return unchanged; correct backend authorization. |
 | 404 | No | No | 404 | Config | Medium | Return unchanged; correct the backend URL or deployment name. |
-| 408 | No | No | 408 | Timeout | Medium | Return the explicit HTTP timeout; transport timeouts have no response. |
+| 408 | Yes | Yes | 200 or 408 | Timeout | Medium | Retry another backend; return the explicit HTTP timeout if the fallback chain is exhausted. |
 | 409 | No | Sometimes | 200 or 409 | Conflict | Medium | Retry only when `Retry-After` marks the conflict as transient. |
-| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Honor `Retry-After` and retry another eligible backend; preserve an exhausted `429`. |
+| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Retry another eligible backend; return exhausted capacity with the soonest `Retry-After`. |
+| 499 | Yes | Yes | 200 or 499 | Custom | Medium | Retry another backend when PTU exhaustion is represented by a transformed `408`. |
 | 500 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
 | 502 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
-| 503 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
+| 503 | Yes | Yes | 200, 429, or 503 | Infra | High | Retry another backend; return `429` when `Retry-After` identifies capacity, otherwise normalize exhaustion to `503`. |
 | 504 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
 | null | No | Yes | 200 or 503 | Transport | High | Retry after no backend response; normalize handled transport failures to `503`. |
 
@@ -59,12 +60,14 @@ The notebook runs deterministic gateway contract probes before its capacity scen
 | `401` | Yes | Omit the APIM subscription key. | Gateway `401`; the inference policy is not entered. |
 | `403` | No | On an isolated deployment, remove **Cognitive Services OpenAI User** from APIM or add a temporary deny policy. Restore access immediately after the probe. | Backend/caller `403` and no retry. |
 | `404` | Yes | Call an unknown APIM operation. For a backend-side variant, temporarily target a nonexistent model deployment in an isolated backend. | `404` and no retry. |
+| `408` | No | Return an explicit `408` from the controlled fault origin. | Immediate circuit trip and backend failover; an exhausted chain keeps `408`. |
 | `409` without `Retry-After` | No | Use a local fault server, Mockoon, WireMock, or a temporary Container App that returns `409` without the header. | One attempt; caller keeps `409`. |
 | `409` with `Retry-After` | No | Return `409` plus `Retry-After: 1` from the controlled fault origin. | Retry count increases, but the backend circuit does not open. |
-| `429` | Yes, workload-dependent | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin. | Backend selection avoids the constrained backend; exhausted capacity remains `429`. |
+| `429` | Yes, workload-dependent | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin. | Backend selection avoids the constrained backend; exhausted capacity returns `429` with the soonest recovery delay. |
+| `499` | No | Transform a PTU-exhaustion `408` into `499`, or return `499` from the controlled fault origin. | Immediate circuit trip and backend failover; an exhausted chain keeps `499`. |
 | `500` | No | Return an explicit `500` from the controlled fault origin. | Immediate circuit trip and backend failover; an exhausted chain becomes generic `503`. |
 | `502` | No | Return an explicit `502` from the controlled fault origin. | Immediate circuit trip and backend failover. |
-| `503` | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin. | Immediate backend failover; an exhausted chain becomes generic `503`. |
+| `503` | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin. | Immediate failover; exhausted capacity with `Retry-After` becomes `429`, otherwise the chain becomes generic `503`. |
 | `504` | No | Return an explicit `504`; separately delay the origin beyond the APIM forwarding timeout to test transport timeout behavior. | HTTP `504` trips the circuit; timeout produces no backend HTTP response but is retried and normalized to `503`. |
 | DNS/connection failure | No | Point one isolated backend at a reserved nonexistent host such as `https://unresolvable.invalid`. | `BackendConnectionFailure`, retries, then generic `503` if all destinations fail. |
 | TLS failure | No | Point an isolated backend at a host with an expired certificate or a certificate-name mismatch while TLS validation remains enabled. | Backend connection failure, retries, and no certificate detail disclosed to the caller. |
@@ -72,7 +75,7 @@ The notebook runs deterministic gateway contract probes before its capacity scen
 
 Use a separate APIM API/backend pool or a disposable deployment for controlled origin tests. Do not add public fault-injection headers to the production-shaped inference APIs, and do not remove role assignments from a shared environment. A nonexistent backend hostname is useful for DNS failure, but it does **not** simulate a client disconnect: DNS happens between APIM and the backend, while a client disconnect happens between the caller and APIM.
 
-For the HTTP fault cases, a minimal local origin can return the requested status and optional `Retry-After` header. Expose it only to the test APIM network path, register one backend per region/priority under test, and apply the same inference policy and breaker configuration. Run each case twice: once with a later healthy pool member to prove recovery, and once with every member faulted to prove the terminal caller contract. Inspect `X-Backend-Retry`, `BackendResponseCode`, `LastErrorReason`, and the `InferenceBackendAttemptComplete`, `InferenceFallbackExhausted`, or `InferenceTransportFailure` trace event.
+For the HTTP fault cases, a minimal local origin can return the requested status and optional `Retry-After` header. Expose it only to the test APIM network path, register one backend per region/priority under test, and apply the same inference policy and breaker configuration. Run each case twice: once with a later healthy pool member to prove recovery, and once with every member faulted to prove the terminal caller contract. Inspect `X-Backend-Retry`, `ResponseCode`, `BackendResponseCode`, `LastErrorReason`, and the compact `InferenceAttempt` trace records.
 
 ### Model Deployments
 
@@ -99,7 +102,7 @@ This lab adds the following to an existing APIM infrastructure:
 - Model-specific APIM backends and one backend pool per model, so a retry never crosses to an incompatible deployment and circuit-breaker state remains isolated. APIM tracks circuit-breaker state at the backend resource; if models shared a backend, a `429` or another configured failure from one model could suppress traffic to a healthy model on that same backend.
 - Two AI Gateway APIs with managed identity authentication to Azure OpenAI: `POST /inference/gpt-5-1/chat/completions` retries four times through A -> D -> B -> E/G (equal terminal weights), while `POST /inference/gpt-4-1-mini/chat/completions` retries three times through C -> F -> D -> H.
 
-- Model-specific retry policies that buffer the POST body while immediately retrying conditional conflicts, throttling, and listed infrastructure failures; emit an information-level trace after every backend attempt; always return the caller-visible `X-Backend-Retry` count; preserve exhausted `409` and `429` responses; and return a generic `503` when infrastructure failover is exhausted.
+- Model-specific retry policies that buffer the POST body while immediately retrying conditional conflicts, throttling, and listed infrastructure failures; cache the soonest `Retry-After` recovery time per model-safe pool; emit an information-level trace after every backend attempt; return caller-visible retry counts; return exhausted capacity as `429` with the remaining recovery delay; and return a generic `503` when infrastructure failover is exhausted.
 - APIM AI Gateway diagnostics using the infrastructure-provided Log Analytics workspace and Application Insights component, plus an AOAI-only workbook for terminal outcomes, retry trails, backend distribution, APIM errors, token coverage, and latency.
 - An optional Standard Event Hubs namespace, telemetry hub, and `external-observability` consumer group in the APIM region for downstream stream processors, SIEM platforms, or external analytics systems.
 
@@ -113,8 +116,8 @@ Every inference call produces one `ApiManagementGatewayLogs` row. The workbook a
 | Caller-visible retries | `X-Backend-Retry` response header | The number of backend retries absorbed by APIM after the initial attempt. A healthy-path response normally returns `0`. |
 | Final backend response | `ApiManagementGatewayLogs.BackendResponseCode` | The HTTP status from the last selected Azure OpenAI backend. |
 | Final backend placement | `ApiManagementGatewayLogs.BackendId`, `BackendUrl` | The concrete backend used for the final attempt. |
-| Retry trail | `ApiManagementGatewayLogs.TraceRecords` | Each `InferenceBackendAttemptComplete` event records its attempt number, backend response code, and whether retry remained eligible. |
-| Exhausted fallback | `ApiManagementGatewayLogs.TraceRecords` | `InferenceFallbackExhausted` proves that APIM replaced the final `429` or `503` with the generic caller-facing `503`. |
+| Retry trail | `ApiManagementGatewayLogs.TraceRecords` | Each compact `InferenceAttempt` event records its sequence number and backend response code. Retry count is attempts minus one. |
+| Exhausted fallback | `ApiManagementGatewayLogs.ResponseCode`, `BackendResponseCode`, and `LastErrorReason` | The workbook derives whether APIM returned capacity exhaustion as `429` or normalized infrastructure or transport exhaustion to `503`. |
 | Native APIM failures | `Errors`, `LastErrorSource`, `LastErrorReason`, `LastErrorSection`, `LastErrorMessage` | Pipeline failures that are not ordinary Azure OpenAI HTTP responses. |
 | LLM usage and message chunks | `ApiManagementGatewayLlmLog` joined by `CorrelationId` | Model deployment, token usage, and whether prompt/completion message telemetry arrived. |
 
diff --git a/samples/inference-failover/apim-policies/inference-api-policy.xml b/samples/inference-failover/apim-policies/inference-api-policy.xml
index b895315c..3053bda6 100644
--- a/samples/inference-failover/apim-policies/inference-api-policy.xml
+++ b/samples/inference-failover/apim-policies/inference-api-policy.xml
@@ -1,11 +1,13 @@
 <!--
     Inference API policy template.
 
-    The notebook replaces BACKEND_POOL_ID and RETRY_COUNT for each model-safe API.
-    Managed identity authentication is applied after pool selection, so every selected
-    Azure OpenAI backend receives a bearer token rather than an API key.
+    The notebook replaces BACKEND_POOL_ID and RETRY_COUNT for each model-safe API. Managed identity authentication is applied after pool selection,
+    so every selected Azure OpenAI backend receives a bearer token rather than an API key.
 
-    HTTP Response Code handling matrix:
+    Retry-After values from capacity responses are stored as Unix epoch seconds. The pool-specific cache retains the soonest future recovery instant
+    across attempts so an exhausted pool can return a useful Retry-After value from on-error.
+
+    HTTP Response Code handling matrix for Azure OpenAI inference APIs:
 
     Backend  Trip Breaker  Retry      Frontend    Category   Severity  Handling
     ================================================================================================================================================
@@ -14,80 +16,84 @@
     401      No            No         401         Auth       Medium    Return unchanged; correct backend authentication.
     403      No            No         403         AuthZ      Medium    Return unchanged; correct backend authorization.
     404      No            No         404         Config     Medium    Return unchanged; correct the backend URL or deployment name.
-    408      No            No         408         Timeout    Medium    Return the explicit HTTP timeout; transport timeouts have no response.
+    408      Yes           Yes        200 or 408  Timeout    Medium    Return the explicit HTTP timeout; transport timeouts have no response.
     409      No            Sometimes  200 or 409  Conflict   Medium    Retry only when Retry-After marks the conflict as transient.
-    429      Yes           Yes        200 or 429  Capacity   Medium    Honor Retry-After and retry another eligible backend; preserve exhausted 429.
+    429      Yes           Yes        200 or 429  Capacity   Medium    Retry another backend; return exhausted capacity with the soonest Retry-After.
+    499      Yes           Yes        200 or 499  Custom     Medium    408s turned into 499 for PTU exhaustion. Retry another backend.
     500      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
     502      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
-    503      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
+    503      Yes           Yes        200/429/503 Infra      High      Return 429 when Retry-After signals capacity; otherwise normalize exhaustion to 503.
     504      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
     null     No            Yes        200 or 503  Transport  High      Retry after no backend response; normalize handled transport failures to 503.
 -->
 <policies>
     <inbound>
         <base />
-        <set-variable name="backendAttempt" value="@(0)" />
+
+        <set-variable name="backendAttempt" value='@(0)' />
         <set-backend-service backend-id="BACKEND_POOL_ID" />
+
         <authentication-managed-identity resource="https://cognitiveservices.azure.com" output-token-variable-name="managed-id-access-token" ignore-error="false" />
         <set-header name="Authorization" exists-action="override">
             <value>@("Bearer " + (string)context.Variables["managed-id-access-token"])</value>
         </set-header>
+
         <set-header name="x-ms-client-request-id" exists-action="override">
             <value>@(context.RequestId.ToString())</value>
         </set-header>
         <set-query-parameter name="api-version" exists-action="skip">
             <value>2024-10-21</value>
         </set-query-parameter>
-        <trace source="InferenceFailover" severity="information">
-            <message>@("InferenceRequestAccepted|requestId=" + context.RequestId.ToString())</message>
-            <metadata name="EventName" value="InferenceRequestAccepted" />
-            <metadata name="RequestId" value="@(context.RequestId.ToString())" />
-        </trace>
     </inbound>
     <backend>
         <!-- Match the load-balancing sample: retry immediately and let the backend pool's circuit breakers control backend selection. -->
         <!-- Retry a null response because APIM could not obtain any HTTP response from the backend. -->
-        <!-- Retry 409 only when Retry-After explicitly marks it as transient. Retry all capacity and listed infrastructure failures. -->
-        <retry count="RETRY_COUNT" interval="0" first-fast-retry="true" condition="@(context.Response == null || (context.Response.StatusCode == 409 &amp;&amp; context.Response.Headers.ContainsKey(&quot;Retry-After&quot;)) || context.Response.StatusCode == 429 || context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504)">
+        <!-- Retry 409 only when Retry-After marks it as transient. Retry explicit timeouts, capacity responses, and listed infrastructure failures. -->
+        <retry count="RETRY_COUNT" interval="0" first-fast-retry="true" condition='@(context.Response == null || context.Response.StatusCode == 408 || (context.Response.StatusCode == 409 &amp;&amp; context.Response.Headers.ContainsKey("Retry-After")) || context.Response.StatusCode == 429 || context.Response.StatusCode == 499 || context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504)'>
             <set-variable name="backendAttempt" value='@(((int)context.Variables["backendAttempt"]) + 1)' />
+
             <forward-request buffer-request-body="true" />
+
+            <!-- Look for capacity responses with Retry-After so exhausted fallback can return the soonest backend recovery time. -->
+            <choose>
+                <when condition='@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503) &amp;&amp; context.Response.Headers.ContainsKey("Retry-After"))'>
+                    <cache-lookup-value key="inference-retry-min-BACKEND_POOL_ID" variable-name="cachedRetryEpoch" />
+
+                    <set-variable name="updatedRetryEpoch" value='@{
+                        int seconds;
+                        var retryAfter = context.Response.Headers.GetValueOrDefault("Retry-After", "0");
+                        if (!int.TryParse(retryAfter, out seconds)) { seconds = 0; }
+
+                        var nowEpoch = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
+                        var candidateEpoch = nowEpoch + seconds;
+                        long cachedEpoch;
+                        var cached = context.Variables.ContainsKey("cachedRetryEpoch") ? context.Variables["cachedRetryEpoch"] as string : null;
+                        return (long.TryParse(cached, out cachedEpoch) &amp;&amp; cachedEpoch &gt; nowEpoch &amp;&amp; cachedEpoch &lt; candidateEpoch)
+                            ? cachedEpoch.ToString()
+                            : candidateEpoch.ToString();
+                    }' />
+
+                    <cache-store-value key="inference-retry-min-BACKEND_POOL_ID" value='@((string)context.Variables["updatedRetryEpoch"])' duration="300" />
+                </when>
+            </choose>
+
+            <!-- Record one compact event per backend call; gateway fields provide the final response and error details. -->
             <trace source="InferenceFailover" severity="information">
-                <message>@("InferenceBackendAttemptComplete|attempt=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()) + "|willRetry=" + (context.Response == null || (context.Response.StatusCode == 409 &amp;&amp; context.Response.Headers.ContainsKey("Retry-After")) || context.Response.StatusCode == 429 || context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504).ToString())</message>
-                <metadata name="EventName" value="InferenceBackendAttemptComplete" />
-                <metadata name="RequestId" value="@(context.RequestId.ToString())" />
-                <metadata name="Attempt" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
-                <metadata name="BackendResponseCode" value='@(context.Response == null ? "none" : context.Response.StatusCode.ToString())' />
-                <metadata name="WillRetry" value='@((context.Response == null || (context.Response.StatusCode == 409 &amp;&amp; context.Response.Headers.ContainsKey("Retry-After")) || context.Response.StatusCode == 429 || context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504).ToString())' />
+                <message>@("InferenceAttempt|n=" + ((int)context.Variables["backendAttempt"]).ToString() + "|code=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()))</message>
             </trace>
         </retry>
     </backend>
     <outbound>
+        <set-variable name="backendRetry" value='@(Math.Max(0, ((int)context.Variables["backendAttempt"]) - 1).ToString())' />
         <set-header name="X-Backend-Retry" exists-action="override">
-            <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
+            <value>@((string)context.Variables["backendRetry"])</value>
         </set-header>
-        <trace source="InferenceFailover" severity="information">
-            <message>@("InferenceGatewayResponse|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()))</message>
-            <metadata name="EventName" value="InferenceGatewayResponse" />
-            <metadata name="RequestId" value="@(context.RequestId.ToString())" />
-            <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
-            <metadata name="BackendResponseCode" value='@(context.Response == null ? "none" : context.Response.StatusCode.ToString())' />
-        </trace>
+
+        <!-- Look for exhausted infrastructure failures to normalize as 503; terminal 408, 409, 429, and 499 responses remain unchanged. -->
         <choose>
-            <!-- A terminal 409 or 429 is returned unchanged because the matrix does not normalize it to 503. -->
-            <!-- Reaching this branch means the listed infrastructure failures persisted through the eligible backend chain. -->
-            <when condition="@(context.Response != null &amp;&amp; (context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504))">
-                <trace source="InferenceFailover" severity="error">
-                    <message>@("InferenceFallbackExhausted|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|backendResponseCode=" + context.Response.StatusCode.ToString())</message>
-                    <metadata name="EventName" value="InferenceFallbackExhausted" />
-                    <metadata name="RequestId" value="@(context.RequestId.ToString())" />
-                    <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
-                    <metadata name="BackendResponseCode" value="@(context.Response.StatusCode.ToString())" />
-                </trace>
+            <when condition='@(context.Response != null &amp;&amp; (context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504))'>
                 <return-response>
                     <set-status code="503" reason="Inference Service Unavailable" />
-                    <set-header name="X-Backend-Retry" exists-action="override">
-                        <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
-                    </set-header>
                     <set-header name="Content-Type" exists-action="override">
                         <value>application/json</value>
                     </set-header>
@@ -95,35 +101,59 @@
                 </return-response>
             </when>
         </choose>
+
         <base />
     </outbound>
     <on-error>
-        <set-header name="X-Backend-Retry" exists-action="override">
-            <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
-        </set-header>
+        <set-variable name="backendRetry" value='@(Math.Max(0, context.Variables.GetValueOrDefault&lt;int&gt;("backendAttempt", 0) - 1).ToString())' />
+
+        <!-- Classify exhausted capacity separately from infrastructure and transport failures so each receives the correct terminal status. -->
         <choose>
-            <!-- DNS, TCP/TLS connection, and backend timeout failures have no HTTP status code. -->
-            <!-- Normalize only upstream transport reasons; ClientConnectionFailure remains a native APIM error. -->
-            <when condition="@(context.LastError != null &amp;&amp; (context.LastError.Reason == &quot;BackendConnectionFailure&quot; || context.LastError.Reason == &quot;Timeout&quot;))">
-                <trace source="InferenceFailover" severity="error">
-                    <message>@("InferenceTransportFailure|attempts=" + ((int)context.Variables["backendAttempt"]).ToString() + "|reason=" + context.LastError.Reason)</message>
-                    <metadata name="EventName" value="InferenceTransportFailure" />
-                    <metadata name="RequestId" value="@(context.RequestId.ToString())" />
-                    <metadata name="Attempts" value='@(((int)context.Variables["backendAttempt"]).ToString())' />
-                    <metadata name="Reason" value="@(context.LastError.Reason)" />
-                </trace>
-                <return-response>
-                    <set-status code="503" reason="Inference Service Unavailable" />
-                    <set-header name="X-Backend-Retry" exists-action="override">
-                        <value>@((((int)context.Variables["backendAttempt"]) > 0 ? ((int)context.Variables["backendAttempt"]) - 1 : 0).ToString())</value>
-                    </set-header>
-                    <set-header name="Content-Type" exists-action="override">
-                        <value>application/json</value>
-                    </set-header>
-                    <set-body>{"error":"Inference service is temporarily unavailable."}</set-body>
-                </return-response>
+            <when condition='@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503) &amp;&amp; context.Variables.ContainsKey("updatedRetryEpoch"))'>
+                <set-variable name="retryAfterSeconds" value='@{
+                    var retryEpoch = (string)context.Variables["updatedRetryEpoch"];
+                    long parsedEpoch;
+                    var nowEpoch = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
+                    if (!long.TryParse(retryEpoch, out parsedEpoch) || parsedEpoch &lt;= nowEpoch) { return 1L; }
+
+                    return Math.Max(0L, parsedEpoch - nowEpoch) + 1L;
+                }' />
+
+                <set-variable name="terminalStatus" value='@(429)' />
+            </when>
+
+            <!-- Normalize exhausted HTTP infrastructure responses and backend transport failures through one non-disclosing response. -->
+            <!-- ClientConnectionFailure remains a native APIM error. -->
+            <when condition='@((context.Response != null &amp;&amp; (context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504)) || (context.LastError != null &amp;&amp; (context.LastError.Reason == "BackendConnectionFailure" || context.LastError.Reason == "Timeout")))'>
+                <set-variable name="terminalStatus" value='@(503)' />
             </when>
         </choose>
+
+        <!-- Look for a classified terminal failure before replacing the native APIM error response. -->
+        <choose>
+            <when condition='@(context.Variables.ContainsKey("terminalStatus"))'>
+                <!-- Add Retry-After only for exhausted capacity because infrastructure and transport failures have no recovery estimate. -->
+                <choose>
+                    <when condition='@(context.Variables.ContainsKey("retryAfterSeconds"))'>
+                        <set-header name="Retry-After" exists-action="override">
+                            <value>@(((long)context.Variables["retryAfterSeconds"]).ToString())</value>
+                        </set-header>
+                    </when>
+                </choose>
+
+                <set-status code='@((int)context.Variables["terminalStatus"])' reason='@((int)context.Variables["terminalStatus"] == 429 ? "Too Many Requests" : "Inference Service Unavailable")' />
+
+                <set-header name="X-Backend-Retry" exists-action="override">
+                    <value>@((string)context.Variables["backendRetry"])</value>
+                </set-header>
+                <set-header name="Content-Type" exists-action="override">
+                    <value>application/json</value>
+                </set-header>
+
+                <set-body>@((int)context.Variables["terminalStatus"] == 429 ? "{\"error\":\"Inference capacity is temporarily unavailable.\"}" : "{\"error\":\"Inference service is temporarily unavailable.\"}")</set-body>
+            </when>
+        </choose>
+
         <base />
     </on-error>
 </policies>
diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index 8379b315..47c90d1b 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -107,7 +107,7 @@
     "# ------------------------------\n",
     "\n",
     "rg_location = Region.EAST_US_2\n",
-    "index = 1\n",
+    "index = 110\n",
     "apim_sku = APIM_SKU.BASICV2\n",
     "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
     "api_prefix = 'inference'\n",
diff --git a/samples/inference-failover/inference-failover.workbook.json b/samples/inference-failover/inference-failover.workbook.json
index a0128916..00df44ee 100644
--- a/samples/inference-failover/inference-failover.workbook.json
+++ b/samples/inference-failover/inference-failover.workbook.json
@@ -177,7 +177,7 @@
               "items": [
                 {
                   "content": {
-                    "json": "- `ResponseCode` is the APIM status seen by the caller; `BackendResponseCode` is the status from the final backend attempt.\n- `TraceRecords` entries named `InferenceBackendAttemptComplete` record every forwarded attempt and whether APIM considered it retryable.\n- Backend `429` or `503` responses can open a circuit for one minute and move later attempts through the preference chain.\n- Requests carrying `InferenceFallbackExhausted` returned the generic terminal `503` after eligible capacity was exhausted.\n- Successful token-bearing calls appear in both gateway logs and `ApiManagementGatewayLlmLog`; missing token rows are surfaced as a coverage gap.\n- Prompt and completion messages are logged for this learning sample. Treat the workspace as sensitive and adjust message logging before production use."
+                    "json": "- `ResponseCode` is the APIM status seen by the caller; `BackendResponseCode` is the status from the final backend attempt.\n- Compact `InferenceAttempt` records capture each forwarded attempt; retry counts are derived from their sequence.\n- Backend `408`, `429`, `499`, `500`, `502`, `503`, or `504` responses can open a circuit for one minute and move later attempts through the preference chain.\n- Exhausted fallback is derived from caller and backend response codes plus native `LastErrorReason` values.\n- Successful token-bearing calls appear in both gateway logs and `ApiManagementGatewayLlmLog`; missing token rows are surfaced as a coverage gap.\n- Prompt and completion messages are logged for this learning sample. Treat the workspace as sensitive and adjust message logging before production use."
                   },
                   "name": "text - overview-signal-notes",
                   "type": 1
@@ -207,7 +207,7 @@
         "items": [
           {
             "content": {
-              "json": "## Failover Outcomes\n\nCaller-visible APIM outcomes and final backend outcomes are shown separately. Recovered failovers are successful calls with more than one policy-recorded backend attempt. A terminal `503` with `InferenceFallbackExhausted` in `TraceRecords` means all eligible fallback capacity was exhausted."
+              "json": "## Failover Outcomes\n\nCaller-visible APIM outcomes and final backend outcomes are shown separately. Recovered failovers are successful calls with more than one policy-recorded backend attempt. Exhausted fallback is derived from the terminal caller response, final backend response, and native APIM error reason."
             },
             "name": "text - outcomes",
             "type": 1
@@ -215,7 +215,7 @@
           {
             "content": {
               "noDataMessage": "No inference requests found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend AttemptCount = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend Outcome = case(\n    TraceText has 'InferenceFallbackExhausted', 'Fallback exhausted',\n    ResponseCode between (200 .. 299) and AttemptCount > 1, 'Recovered after failover',\n    ResponseCode between (200 .. 299), 'Successful without failover',\n    ResponseCode == 429, 'Caller received throttling',\n    ResponseCode >= 500, 'Caller received server error',\n    'Other')\n| summarize Requests = count() by Outcome\n| order by Requests desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend AttemptCount = countof(TraceText, 'InferenceAttempt')\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend Outcome = case(\n    FallbackExhausted, 'Fallback exhausted',\n    ResponseCode between (200 .. 299) and AttemptCount > 1, 'Recovered after failover',\n    ResponseCode between (200 .. 299), 'Successful without failover',\n    ResponseCode == 429, 'Caller received throttling',\n    ResponseCode >= 500, 'Caller received server error',\n    'Other')\n| summarize Requests = count() by Outcome\n| order by Requests desc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -230,7 +230,7 @@
           {
             "content": {
               "noDataMessage": "No inference outcomes found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| summarize Requests = count(), Failovers = countif(FailoverOccurred), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = round(avg(Attempts), 2), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode\n| order by ApiId asc, Requests desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| summarize Requests = count(), Failovers = countif(FailoverOccurred), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = round(avg(Attempts), 2), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode\n| order by ApiId asc, Requests desc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -296,7 +296,7 @@
         "items": [
           {
             "content": {
-              "json": "## Failover Trails\n\nThe policy writes `InferenceBackendAttemptComplete` into `TraceRecords` after every forwarded backend attempt. These views count the records, flag successful requests that recovered after failover, and retain an ordered attempt trail such as `attempt=1|backendResponseCode=429|willRetry=True -> attempt=2|backendResponseCode=200|willRetry=False`."
+              "json": "## Failover Trails\n\nThe policy writes a compact `InferenceAttempt` record after every forwarded backend attempt. These views count the records, derive retries as attempts minus one, and retain an ordered trail such as `n=1|code=429 -> n=2|code=200`."
             },
             "name": "text - trails",
             "type": 1
@@ -304,7 +304,7 @@
           {
             "content": {
               "noDataMessage": "No policy-recorded failover trails found. Redeploy the sample after the trace policy update, generate traffic, and allow Log Analytics ingestion to complete.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| where Attempts > 1 or FallbackExhausted\n| summarize Requests = count(), Recovered = countif(ResponseCode between (200 .. 299)), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = round(avg(Attempts), 2), MaximumAttempts = max(Attempts), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId\n| order by ApiId asc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| where Attempts > 1 or FallbackExhausted\n| summarize Requests = count(), Recovered = countif(ResponseCode between (200 .. 299)), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = round(avg(Attempts), 2), MaximumAttempts = max(Attempts), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId\n| order by ApiId asc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -319,7 +319,7 @@
           {
             "content": {
               "noDataMessage": "No policy-recorded failover trails found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend RetriedFailures = countof(TraceText, 'willRetry=True')\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceBackendAttemptComplete\\|attempt=[0-9]+\\|backendResponseCode=(?:[0-9]+|none)\\|willRetry=(?:True|False))', TraceText), ' -> ')\n| where Attempts > 1 or FallbackExhausted\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, Attempts, RetriedFailures, FallbackExhausted, BackendUrl, AttemptTrail\n| order by TimeGenerated desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend RetriedFailures = max_of(Attempts - 1, 0)\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceAttempt\\|n=[0-9]+\\|code=(?:[0-9]+|none))', TraceText), ' -> ')\n| where Attempts > 1 or FallbackExhausted\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, Attempts, RetriedFailures, FallbackExhausted, BackendUrl, AttemptTrail\n| order by TimeGenerated desc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -356,7 +356,7 @@
           {
             "content": {
               "noDataMessage": "No recovered failovers or failures found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| extend FailureType = case(\n    FallbackExhausted, 'Fallback exhausted at APIM',\n    ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',\n    BackendResponseCode == 429, 'Final backend throttled',\n    BackendResponseCode >= 500, 'Final backend server error',\n    ResponseCode between (400 .. 499), 'Caller-visible client error',\n    ResponseCode >= 500, 'Caller-visible server error',\n    isnotempty(LastErrorReason), 'APIM pipeline error',\n    'Successful without failover')\n| where FailureType != 'Successful without failover'\n| summarize Requests = count(), AverageAttempts = round(avg(Attempts), 2), MaximumAttempts = max(Attempts), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId, FailureType, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, LastErrorSource, LastErrorReason\n| order by Requests desc, ApiId asc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend FailureType = case(\n    FallbackExhausted, 'Fallback exhausted at APIM',\n    ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',\n    BackendResponseCode == 429, 'Final backend throttled',\n    BackendResponseCode >= 500, 'Final backend server error',\n    ResponseCode between (400 .. 499), 'Caller-visible client error',\n    ResponseCode >= 500, 'Caller-visible server error',\n    isnotempty(LastErrorReason), 'APIM pipeline error',\n    'Successful without failover')\n| where FailureType != 'Successful without failover'\n| summarize Requests = count(), AverageAttempts = round(avg(Attempts), 2), MaximumAttempts = max(Attempts), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId, FailureType, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, LastErrorSource, LastErrorReason\n| order by Requests desc, ApiId asc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -475,7 +475,7 @@
           {
             "content": {
               "noDataMessage": "No matching inference requests found for the selected time range and correlation filter.",
-              "query": "let llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize ModelName = take_any(ModelName), DeploymentName = take_any(DeploymentName), LlmRequestId = take_any(RequestId), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\nApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where isempty('{CorrelationFilter}') or CorrelationId contains '{CorrelationFilter}'\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceBackendAttemptComplete')\n| extend RetriedFailures = countof(TraceText, 'willRetry=True')\n| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceBackendAttemptComplete\\|attempt=[0-9]+\\|backendResponseCode=(?:[0-9]+|none)\\|willRetry=(?:True|False))', TraceText), ' -> ')\n| join kind=leftouter llmPerRequest on CorrelationId\n| project TimeGenerated, CorrelationId, ApiId, OperationId, ApimSubscriptionId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, BackendId, BackendUrl, TotalTime, BackendTime, Attempts, RetriedFailures, FallbackExhausted, AttemptTrail, ModelName, DeploymentName, LlmRequestId, PromptTokens = coalesce(PromptTokens, 0), CompletionTokens = coalesce(CompletionTokens, 0), TotalTokens = coalesce(TotalTokens, 0), LlmRows = coalesce(LlmRows, 0), RequestMessageChunks = coalesce(RequestMessageChunks, 0), ResponseMessageChunks = coalesce(ResponseMessageChunks, 0), LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc\n| take 200",
+              "query": "let llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize ModelName = take_any(ModelName), DeploymentName = take_any(DeploymentName), LlmRequestId = take_any(RequestId), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\nApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where isempty('{CorrelationFilter}') or CorrelationId contains '{CorrelationFilter}'\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend RetriedFailures = max_of(Attempts - 1, 0)\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceAttempt\\|n=[0-9]+\\|code=(?:[0-9]+|none))', TraceText), ' -> ')\n| join kind=leftouter llmPerRequest on CorrelationId\n| project TimeGenerated, CorrelationId, ApiId, OperationId, ApimSubscriptionId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, BackendId, BackendUrl, TotalTime, BackendTime, Attempts, RetriedFailures, FallbackExhausted, AttemptTrail, ModelName, DeploymentName, LlmRequestId, PromptTokens = coalesce(PromptTokens, 0), CompletionTokens = coalesce(CompletionTokens, 0), TotalTokens = coalesce(TotalTokens, 0), LlmRows = coalesce(LlmRows, 0), RequestMessageChunks = coalesce(RequestMessageChunks, 0), ResponseMessageChunks = coalesce(ResponseMessageChunks, 0), LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc\n| take 200",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
diff --git a/samples/inference-failover/main.bicep b/samples/inference-failover/main.bicep
index 97140577..da10aa8e 100644
--- a/samples/inference-failover/main.bicep
+++ b/samples/inference-failover/main.bicep
@@ -305,7 +305,7 @@ module inferenceBackends '../../shared/bicep/modules/apim/v1/backend.bicep' = [f
       rules: [
         {
           // APIM allows only one circuit breaker rule per backend, so all failure
-          // signals share one rule. The first 429, 500, 502, 503, or 504 response
+          // signals share one rule. The first 408, 429, 499, 500, 502, 503, or 504 response
           // trips this backend's circuit. acceptRetryAfter honors the Retry-After
           // header on 429 responses when determining how long to avoid the backend.
           name: 'failover-on-capacity-or-infrastructure-failure'
@@ -314,12 +314,16 @@ module inferenceBackends '../../shared/bicep/modules/apim/v1/backend.bicep' = [f
             count: 1
             interval: 'PT1M'
             statusCodeRanges: [
+              {
+                min: 408
+                max: 408
+              }
               {
                 min: 429
                 max: 429
               }
               {
-                min: 500
+                min: 499
                 max: 500
               }
               {
diff --git a/samples/inference-failover/queries/README.md b/samples/inference-failover/queries/README.md
index 00b9d1b2..26bbe1e1 100644
--- a/samples/inference-failover/queries/README.md
+++ b/samples/inference-failover/queries/README.md
@@ -22,7 +22,7 @@ Adjust `timeWindow` when investigating a shorter incident window or a longer tre
 | `ApiManagementGatewayLogs` | Caller-visible response codes, final backend response codes, backend placement, timing, APIM errors, and policy trace records. |
 | `ApiManagementGatewayLlmLog` | Correlated model deployment, prompt token, completion token, total token, and message-chunk telemetry. |
 
-The retry-aware queries inspect `TraceRecords` emitted by the inference API policy. `InferenceBackendAttemptComplete` records each completed backend attempt, and `InferenceFallbackExhausted` marks requests where APIM exhausted the eligible fallback chain.
+The retry-aware queries count compact `InferenceAttempt` entries in `TraceRecords`. Exhausted fallback is derived from native `ResponseCode`, `BackendResponseCode`, and `LastErrorReason` fields.
 
 ## Query Catalog
 
diff --git a/samples/inference-failover/queries/failover-outcomes.kql b/samples/inference-failover/queries/failover-outcomes.kql
index 10b3e264..c012c18b 100644
--- a/samples/inference-failover/queries/failover-outcomes.kql
+++ b/samples/inference-failover/queries/failover-outcomes.kql
@@ -8,9 +8,10 @@ ApiManagementGatewayLogs
 | where TimeGenerated > ago(timeWindow)
 | where ApiId in~ (apiIds)
 | extend TraceText = tostring(TraceRecords)
-| extend AttemptCount = countof(TraceText, 'InferenceBackendAttemptComplete')
+| extend AttemptCount = countof(TraceText, 'InferenceAttempt')
 | extend FailoverOccurred = AttemptCount > 1
-| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'
+| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503))
+	or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))
 | extend Outcome = case(
 	FallbackExhausted, 'Fallback exhausted',
 	ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after failover',
diff --git a/samples/inference-failover/queries/failure-analysis.kql b/samples/inference-failover/queries/failure-analysis.kql
index cec4b6e4..76be0907 100644
--- a/samples/inference-failover/queries/failure-analysis.kql
+++ b/samples/inference-failover/queries/failure-analysis.kql
@@ -8,9 +8,10 @@ ApiManagementGatewayLogs
 | where TimeGenerated > ago(timeWindow)
 | where ApiId in~ (apiIds)
 | extend TraceText = tostring(TraceRecords)
-| extend AttemptCount = countof(TraceText, 'InferenceBackendAttemptComplete')
+| extend AttemptCount = countof(TraceText, 'InferenceAttempt')
 | extend FailoverOccurred = AttemptCount > 1
-| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'
+| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503))
+    or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))
 | extend FailureType = case(
     FallbackExhausted, 'Fallback exhausted at APIM',
     ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',
diff --git a/samples/inference-failover/queries/request-details.kql b/samples/inference-failover/queries/request-details.kql
index 3c191cf2..56b7ed3b 100644
--- a/samples/inference-failover/queries/request-details.kql
+++ b/samples/inference-failover/queries/request-details.kql
@@ -9,12 +9,13 @@ let gatewayRequests = materialize(ApiManagementGatewayLogs
 | where TimeGenerated > ago(timeWindow)
 | where ApiId in~ (apiIds)
 | extend TraceText = tostring(TraceRecords)
-| extend AttemptCount = countof(TraceText, 'InferenceBackendAttemptComplete')
-| extend RetriedFailures = countof(TraceText, 'willRetry=True')
+| extend AttemptCount = countof(TraceText, 'InferenceAttempt')
+| extend RetriedFailures = max_of(AttemptCount - 1, 0)
 | extend FailoverOccurred = AttemptCount > 1
-| extend FallbackExhausted = TraceText has 'InferenceFallbackExhausted'
+| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503))
+    or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))
 | extend AttemptTrail = strcat_array(
-    extract_all(@'(InferenceBackendAttemptComplete\|attempt=[0-9]+\|backendResponseCode=(?:[0-9]+|none)\|willRetry=(?:True|False))', TraceText),
+    extract_all(@'(InferenceAttempt\|n=[0-9]+\|code=(?:[0-9]+|none))', TraceText),
     ' -> '));
 let llmPerRequest = ApiManagementGatewayLlmLog
 | where TimeGenerated > ago(timeWindow)
diff --git a/samples/inference-failover/queries/verify-llm-ingestion.kql b/samples/inference-failover/queries/verify-llm-ingestion.kql
index 26b00b88..1dba910f 100644
--- a/samples/inference-failover/queries/verify-llm-ingestion.kql
+++ b/samples/inference-failover/queries/verify-llm-ingestion.kql
@@ -7,7 +7,7 @@
 let requests = ApiManagementGatewayLogs
 | where TimeGenerated > ago(timeWindow)
 | where ApiId in~ (apiIds)
-| summarize RequestRows = count(), SuccessfulRequests = countif(ResponseCode between (200 .. 299)), UnavailableResponses = countif(ResponseCode == 503);
+| summarize RequestRows = count(), SuccessfulRequests = countif(ResponseCode between (200 .. 299)), ThrottledResponses = countif(ResponseCode == 429), UnavailableResponses = countif(ResponseCode == 503);
 let tokens = ApiManagementGatewayLlmLog
 | where TimeGenerated > ago(timeWindow)
 | where TotalTokens > 0
@@ -15,5 +15,5 @@ let tokens = ApiManagementGatewayLlmLog
 requests
 | extend JoinKey = 1
 | join kind=inner (tokens | extend JoinKey = 1) on JoinKey
-| project RequestRows, SuccessfulRequests, UnavailableResponses, TokenRows, TotalTokens
+| project RequestRows, SuccessfulRequests, ThrottledResponses, UnavailableResponses, TokenRows, TotalTokens
 | where RequestRows > 0 and TokenRows > 0
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 21ebba63..57df703e 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -69,6 +69,11 @@ def test_inference_failover_workbook_is_aoai_only_and_query_backed() -> None:
     assert 'query - backend-latency-trend' in item_names
     assert 'query - request-explorer' in item_names
     assert 'apimanagementgatewayllmlog' in serialized
+    assert 'inferenceattempt' in serialized
+    assert 'inferencebackendattemptcomplete' not in serialized
+    assert 'inferencefallbackexhausted' not in serialized
+    assert "lasterrorreason in ('backendconnectionfailure', 'timeout')" in serialized
+    assert 'max_of(attempts - 1, 0)' in serialized
     assert 'cost export' not in serialized
     assert 'business unit' not in serialized
     assert 'budget' not in serialized
@@ -85,7 +90,10 @@ def test_inference_failover_kql_queries_scope_to_ai_gateway_signals() -> None:
     assert 'BackendUrl' in query_text
     assert 'TraceRecords' in query_text
     assert 'LastErrorReason' in query_text
-    assert 'InferenceFallbackExhausted' in query_text
+    assert 'InferenceAttempt' in query_text
+    assert 'InferenceBackendAttemptComplete' not in query_text
+    assert 'InferenceFallbackExhausted' not in query_text
+    assert "LastErrorReason in ('BackendConnectionFailure', 'Timeout')" in query_text
     assert 'inference-gpt-5-1' in query_text
     assert 'inference-gpt-4-1-mini' in query_text
     assert 'CostManagement' not in query_text
@@ -103,33 +111,86 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
     assert retry is not None
     retry_condition = retry.attrib['condition']
     terminal_condition = policy_root.find('outbound/choose/when').attrib['condition']
-    transport_condition = policy_root.find('on-error/choose/when').attrib['condition']
+    on_error_conditions = [branch.attrib['condition'] for branch in policy_root.findall('on-error/choose/when')]
+    capacity_condition = next(condition for condition in on_error_conditions if 'updatedRetryEpoch' in condition)
+    generic_failure_condition = next(condition for condition in on_error_conditions if 'BackendConnectionFailure' in condition)
     assert 'count="RETRY_COUNT"' in api_policy
     assert 'api-key' not in api_policy
-    assert all(f'StatusCode == {status_code}' in retry_condition for status_code in (409, 429, 500, 502, 503, 504))
+    assert all(f'StatusCode == {status_code}' in retry_condition for status_code in (408, 409, 429, 499, 500, 502, 503, 504))
     assert 'Headers.ContainsKey("Retry-After")' in retry_condition
     assert all(f'StatusCode == {status_code}' in terminal_condition for status_code in (500, 502, 503, 504))
-    assert all(f'StatusCode == {status_code}' not in terminal_condition for status_code in (409, 429))
+    assert all(f'StatusCode == {status_code}' not in terminal_condition for status_code in (408, 409, 429, 499))
     assert 'context.Response == null' in retry_condition
-    assert 'BackendConnectionFailure' in transport_condition
-    assert 'Timeout' in transport_condition
-    assert 'ClientConnectionFailure' not in transport_condition
+    assert all(f'StatusCode == {status_code}' in generic_failure_condition for status_code in (500, 502, 503, 504))
+    assert 'BackendConnectionFailure' in generic_failure_condition
+    assert 'Timeout' in generic_failure_condition
+    assert 'ClientConnectionFailure' not in generic_failure_condition
+    assert all(f'StatusCode == {status_code}' in capacity_condition for status_code in (429, 503))
     assert retry.attrib['interval'] == '0'
     assert 'interval="1"' not in api_policy
     assert 'buffer-request-body="true"' in api_policy
     assert 'Inference service is temporarily unavailable.' in api_policy
     assert 'BackendId' not in api_policy
-    assert 'InferenceRequestAccepted' in api_policy
-    assert 'InferenceBackendAttemptComplete' in api_policy
-    assert 'InferenceGatewayResponse' in api_policy
-    assert 'InferenceFallbackExhausted' in api_policy
-    assert api_policy.count('<trace source="InferenceFailover"') == 5
-    assert api_policy.count('<set-header name="X-Backend-Retry" exists-action="override">') == 4
-    assert '((int)context.Variables["backendAttempt"]) - 1 : 0' in api_policy
-    assert api_policy.index('<set-variable name="backendAttempt" value="@(0)" />') < api_policy.index('<authentication-managed-identity')
+    assert 'InferenceAttempt|n=' in api_policy
+    assert '|code=' in api_policy
+    assert 'InferenceBackendAttemptComplete' not in api_policy
+    assert 'InferenceFallbackExhausted' not in api_policy
+    assert 'InferenceTransportFailure' not in api_policy
+    assert 'InferenceRequestAccepted' not in api_policy
+    assert 'InferenceGatewayResponse' not in api_policy
+    assert api_policy.count('<trace source="InferenceFailover"') == 1
+    assert '<metadata ' not in api_policy
+    assert api_policy.count('<set-header name="X-Backend-Retry" exists-action="override">') == 2
+    assert api_policy.count('<set-variable name="backendRetry"') == 2
+    assert api_policy.count('@((string)context.Variables["backendRetry"])') == 2
+    assert '<set-variable name="willRetry"' not in api_policy
+    assert api_policy.index('name="backendAttempt"') < api_policy.index('<authentication-managed-identity')
     assert not (SAMPLE_PATH / 'inference-api-policy.xml').exists()
 
 
+def test_inference_policy_tracks_soonest_retry_after_and_returns_capacity_from_on_error() -> None:
+    """Keep exhausted capacity responses aligned with the earliest backend recovery time."""
+    api_policy = POLICY_PATH.read_text(encoding='utf-8')
+    policy_root = ElementTree.fromstring(api_policy)
+    retry = policy_root.find('backend/retry')
+    on_error = policy_root.find('on-error')
+
+    assert retry is not None
+    assert on_error is not None
+    retry_tracking_condition = retry.find('choose/when').attrib['condition']
+    capacity_branch = next(branch for branch in on_error.findall('choose/when') if 'updatedRetryEpoch' in branch.attrib['condition'])
+    response_branch = next(branch for branch in on_error.findall('choose/when') if 'terminalStatus' in branch.attrib['condition'])
+
+    assert all(f'StatusCode == {status_code}' in retry_tracking_condition for status_code in (429, 503))
+    assert 'Headers.ContainsKey("Retry-After")' in retry_tracking_condition
+    assert api_policy.count('key="inference-retry-min-BACKEND_POOL_ID"') == 2
+    assert 'cachedEpoch &gt; nowEpoch &amp;&amp; cachedEpoch &lt; candidateEpoch' in api_policy
+    assert 'parsedEpoch &lt;= nowEpoch' in api_policy
+    assert 'Math.Max(0L, parsedEpoch - nowEpoch) + 1L' in api_policy
+    assert capacity_branch.find("set-variable[@name='terminalStatus']").attrib['value'] == '@(429)'
+    assert response_branch.find('set-status').attrib == {
+        'code': '@((int)context.Variables["terminalStatus"])',
+        'reason': '@((int)context.Variables["terminalStatus"] == 429 ? "Too Many Requests" : "Inference Service Unavailable")',
+    }
+    assert on_error.findall('.//return-response') == []
+    assert on_error.findall('.//trace') == []
+    assert len(on_error.findall('.//set-status')) == 1
+    assert len(on_error.findall(".//set-header[@name='X-Backend-Retry']")) == 1
+    assert len(on_error.findall(".//set-header[@name='Content-Type']")) == 1
+    assert len(on_error.findall('.//set-body')) == 1
+    retry_after_header = response_branch.find("choose/when/set-header[@name='Retry-After']")
+    assert retry_after_header is not None
+    assert retry_after_header.find('value') is not None
+    assert 'Inference capacity is temporarily unavailable.' in api_policy
+    assert 'GetValueOrDefault&lt;int&gt;("backendAttempt", 0)' in api_policy
+    assert 'capacityRetryAfterObserved' not in api_policy
+    assert 'context.Variables.ContainsKey("updatedRetryEpoch")' in api_policy
+    assert 'terminalReason' not in api_policy
+    assert 'terminalBody' not in api_policy
+    assert 'terminalEvent' not in api_policy
+    assert '&quot;' not in api_policy
+
+
 def test_inference_policy_uses_exact_managed_identity_resource() -> None:
     """Require the exact Cognitive Services resource in the parsed policy structure."""
     policy_root = ElementTree.fromstring(POLICY_PATH.read_text(encoding='utf-8'))
@@ -152,9 +213,10 @@ def test_inference_policy_decisions_cover_every_documented_status() -> None:
         401: (False, False),
         403: (False, False),
         404: (False, False),
-        408: (False, False),
+        408: (True, False),
         409: (True, False),
         429: (True, False),
+        499: (True, False),
         500: (True, True),
         501: (False, False),
         502: (True, True),
@@ -178,15 +240,22 @@ def test_inference_readme_documents_exact_response_handling_matrix() -> None:
         '| 401 | No | No | 401 | Auth | Medium | Return unchanged; correct backend authentication. |',
         '| 403 | No | No | 403 | AuthZ | Medium | Return unchanged; correct backend authorization. |',
         '| 404 | No | No | 404 | Config | Medium | Return unchanged; correct the backend URL or deployment name. |',
-        '| 408 | No | No | 408 | Timeout | Medium | Return the explicit HTTP timeout; transport timeouts have no response. |',
+        (
+            '| 408 | Yes | Yes | 200 or 408 | Timeout | Medium | Retry another backend; return the explicit HTTP timeout if the fallback '
+            'chain is exhausted. |'
+        ),
         '| 409 | No | Sometimes | 200 or 409 | Conflict | Medium | Retry only when `Retry-After` marks the conflict as transient. |',
         (
-            '| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Honor `Retry-After` and retry another eligible '
-            'backend; preserve an exhausted `429`. |'
+            '| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Retry another eligible backend; return exhausted '
+            'capacity with the soonest `Retry-After`. |'
         ),
+        ('| 499 | Yes | Yes | 200 or 499 | Custom | Medium | Retry another backend when PTU exhaustion is represented by a transformed `408`. |'),
         '| 500 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
         '| 502 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
-        '| 503 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
+        (
+            '| 503 | Yes | Yes | 200, 429, or 503 | Infra | High | Retry another backend; return `429` when `Retry-After` '
+            'identifies capacity, otherwise normalize exhaustion to `503`. |'
+        ),
         '| 504 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
         ('| null | No | Yes | 200 or 503 | Transport | High | Retry after no backend response; normalize handled transport failures to `503`. |'),
     ]
@@ -230,7 +299,7 @@ def test_inference_bicep_contains_only_compatible_model_backend_pools() -> None:
         for minimum, maximum in re.findall(r'min:\s*(\d+)\s+max:\s*(\d+)', breaker_body)
         for status_code in range(int(minimum), int(maximum) + 1)
     }
-    assert status_ranges == {429, 500, 502, 503, 504}
+    assert status_ranges == {408, 429, 499, 500, 502, 503, 504}
     assert 'enableLlmLogs: true' in bicep
     assert f'backendPoolName: {single_quote}inference-gpt-5-1-pool{single_quote}' in bicep
     assert f'backendPoolName: {single_quote}inference-gpt-4-1-mini-pool{single_quote}' in bicep

From c4bba1b8528361b1823c95a0ecc2cfe2b64086cc Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 23:45:35 -0400
Subject: [PATCH 17/31] Tweaking the sample

---
 .github/copilot-instructions.md               |   2 +
 samples/inference-failover/README.md          |   1 +
 samples/inference-failover/WAF-COMPARISON.md  | 134 +++++++++
 samples/inference-failover/create.ipynb       | 232 ++-------------
 .../inference-failover.workbook.json          |  15 +-
 .../inference_failover_helpers.py             | 267 +++++++++++++++++-
 shared/python/console.py                      |   5 +-
 tests/python/test_inference_failover.py       |  68 +++--
 .../python/test_inference_failover_helpers.py | 119 ++++++++
 9 files changed, 608 insertions(+), 235 deletions(-)
 create mode 100644 samples/inference-failover/WAF-COMPARISON.md

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index 3065c31d..22a99370 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -625,6 +625,8 @@ Azure Monitor Workbook definitions stored in this repository must follow the **`
 
 Azure Monitor Workbook query items execute independently — there is no native mechanism to share a materialized table across query items. Apply the following patterns to minimise data scanned and improve workbook responsiveness:
 
+- **Leave missing numeric values empty.** Workbook tables must not show `Na`, `NaN`, `Infinity`, or other sentinel text when a numeric value is unavailable. Keep the column numeric and normalize non-finite aggregate results to a typed null, for example `iff(isfinite(toreal(AverageMs)), round(AverageMs, 1), real(null))`. Do not stringify the numeric column or substitute labels such as `N/A`; Azure Workbooks render `real(null)` as an empty cell while preserving numeric sorting and formatting for populated values.
+
 - **`materialize()` for multi-reference `let` bindings.** When a `let` binding is referenced more than once in the same query (e.g. once for a `toscalar(count)` and once for the main `summarize`), wrap it in `materialize()` so Log Analytics computes the base set once per query execution rather than scanning the underlying table twice.
 
   ```kql
diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
index 0f5922c0..dbb4e5d1 100644
--- a/samples/inference-failover/README.md
+++ b/samples/inference-failover/README.md
@@ -177,6 +177,7 @@ The sample resources live in the selected infrastructure resource group. Remove
 
 ## 🔗 Additional Resources
 
+- [Inference Failover and WAF Throttling Guidance](WAF-COMPARISON.md)
 - [Backends in API Management](https://learn.microsoft.com/azure/api-management/backends)
 - [Authenticate and authorize access to LLM APIs by using API Management](https://learn.microsoft.com/azure/api-management/api-management-authenticate-authorize-ai-apis)
 - [Diagnostic settings in Azure Monitor](https://learn.microsoft.com/azure/azure-monitor/platform/diagnostic-settings)
diff --git a/samples/inference-failover/WAF-COMPARISON.md b/samples/inference-failover/WAF-COMPARISON.md
new file mode 100644
index 00000000..ce542255
--- /dev/null
+++ b/samples/inference-failover/WAF-COMPARISON.md
@@ -0,0 +1,134 @@
+# Inference Failover and WAF Throttling Guidance
+
+This document compares the circuit-breaker, retry, and failover behavior in the Inference Failover sample with the Azure Well-Architected Framework (WAF) guidance in [Design throttling to improve resilience][waf-throttling].
+
+The WAF guidance describes a broad, workload-level throttling strategy across callers, gateways, application components, and downstream dependencies. This sample has a narrower purpose: demonstrate how Azure API Management (APIM) can route one synchronous inference request across model-compatible Azure OpenAI deployments when a selected deployment is constrained or unavailable.
+
+> The differences described here are deliberate and correct for the sample's learning objectives. They should not be interpreted as accidental noncompliance or as general production guidance. A production workload should combine this gateway failover pattern with the broader admission control, concurrency, client, and operational controls described by WAF.
+
+## Scope of the Comparison
+
+The sample owns the APIM-to-Azure OpenAI boundary. It demonstrates:
+
+- Model-specific backend pools that prevent cross-model routing.
+- Priority and weighted selection across regional deployments.
+- Per-backend circuit breakers that remove constrained destinations.
+- Bounded in-request failover with a buffered request body.
+- Caller-visible terminal `429` and `503` responses.
+- Retry, backend, latency, outcome, and token telemetry.
+
+The sample does not attempt to implement the complete throttling architecture for an application that calls the gateway. In particular, it does not define workload identity contracts, tenant quotas, application queues, end-user priorities, or application-level concurrency limits. Those decisions depend on the workload that adopts the pattern.
+
+## Implemented Behavior
+
+The deployed behavior is defined in [main.bicep](main.bicep) and [inference-api-policy.xml](apim-policies/inference-api-policy.xml):
+
+- One qualifying `408`, `429`, `499`, `500`, `502`, `503`, or `504` response opens that backend's circuit.
+- The normal circuit interval and trip duration are one minute.
+- `acceptRetryAfter: true` allows APIM to honor backend recovery guidance when opening a circuit.
+- The gpt-5.1 route permits four retries across five model-compatible backends.
+- The gpt-4.1-mini route permits three retries across four model-compatible backends.
+- Retryable responses are handled immediately with `interval="0"` and `first-fast-retry="true"`.
+- A circuit-open backend is excluded from subsequent pool selection, so an immediate retry normally selects another eligible backend.
+- Exhausted downstream capacity is returned as `429` with the soonest observed relative `Retry-After` value.
+- Exhausted infrastructure or transport failure is returned as a generic `503` without unsupported recovery guidance.
+- `X-Backend-Retry` and `InferenceAttempt` trace records expose the attempts absorbed by the gateway.
+
+Although APIM calls this mechanism a `retry` policy, its role in this sample is primarily **bounded cross-backend failover**. It is not a general-purpose loop that repeatedly calls a backend already known to be throttled.
+
+## Comparison Matrix
+
+| WAF practice | Sample behavior | Relationship | Sample-specific rationale |
+| --- | --- | --- | --- |
+| Treat overload as a normal operating mode | The notebook deliberately uses small Azure OpenAI deployments and pressure scenarios to produce observable throttling and recovery. | Direct alignment | Failure and recovery are part of the main scenario rather than exceptional test-only behavior. |
+| TP-2: Apply user and service limits at multiple entry points | APIM subscription validation protects the APIs, but the sample does not define workload-identity token quotas or operation-level admission limits. | Outside sample scope | The sample studies downstream failover. Caller contracts and service-wide admission limits belong to the adopting workload. |
+| TP-3: Return `429` for user limits and `503` for service constraints | The sample preserves downstream capacity exhaustion as `429` with `Retry-After`, while infrastructure exhaustion becomes `503`. | Deliberate specialization | Keeping capacity exhaustion distinct makes Azure OpenAI throttling and recovery observable. The sample is not claiming that the caller violated an APIM user quota. |
+| TP-3: Provide useful retry guidance | The policy preserves the soonest relative recovery delay observed across constrained pool members. | Direct alignment | A relative delay avoids absolute-time and clock-skew problems and gives the caller an actionable capacity signal. |
+| TP-3: Add standardized rate-limit metadata | The sample returns `Retry-After` and its educational `X-Backend-Retry` header, but not `RateLimit-Policy`, `RateLimit`, or `x-ms-ratelimit-used`. | Outside sample scope | APIM does not own a user or tenant rate contract in this sample, so publishing one would imply limits that the sample does not enforce. |
+| TP-5: Respect downstream backpressure | A throttled backend is removed from selection by its circuit, including an APIM circuit duration informed by `Retry-After`. | Direct alignment | The gateway stops sending traffic to the constrained deployment and uses independent regional capacity instead. |
+| TP-5: Keep retries bounded | Retry counts match the number of alternative model-compatible pool members. | Direct alignment | One caller request cannot create an unbounded retry storm. |
+| TP-5: Do not retry before `Retry-After` elapses | The gateway immediately tries another eligible backend instead of waiting for the constrained backend. | Deliberate specialization | Waiting inside a synchronous gateway request would consume request lifetime without using available alternative capacity. The constrained backend remains circuit-open for its recovery window. |
+| TP-5: Do not retry `503` without retry guidance | The policy can immediately fail over after a backend `503`, even without `Retry-After`. | Deliberate specialization | This is a bounded attempt against a different regional deployment, not a delayed retry against the same failing dependency. If alternatives are exhausted, the caller receives `503` without retry guidance. |
+| TP-5: Annotate downstream retries | The sample records attempts in traces and returns `X-Backend-Retry`, but does not send a `retry-attempt` request header to Azure OpenAI. | Partial alignment | The sample emphasizes gateway and operator observability. A production contract with a dependency that consumes retry metadata should add the request header where supported. |
+| TP-5: Use circuit breakers to fail fast | Each concrete Azure OpenAI deployment has isolated circuit state and is removed after one configured failure. | Direct alignment | Isolation prevents one model or regional deployment from suppressing an otherwise healthy destination. |
+| TP-5: Gradually reintroduce recovered traffic | A backend becomes eligible when APIM closes its circuit; the sample does not implement a separate ramp-up controller. | Deliberate simplification | Fixed recovery behavior makes the lab repeatable. Progressive re-entry requires workload-specific health, capacity, and priority signals. |
+| TP-7: Apply egress bulkheads | Backend pools bound attempts per request, but the sample does not impose a gateway-wide in-flight concurrency limit. | Outside sample scope | Pool failover and workload concurrency control solve different problems. Production callers and gateways should add concurrency controls based on their capacity model. |
+| TP-9: Keep throttling accounting out of the critical path | Circuit state is managed by APIM. Telemetry is emitted to Log Analytics and the optional Event Hub without synchronous analytical queries in request processing. | Direct alignment | Observability does not require a workbook or Log Analytics query to complete before inference proceeds. |
+| TP-11: Reassess and validate limits | The notebook runs low-capacity pressure, recovery, and exhaustion scenarios and provides controlled fault-testing guidance. | Direct alignment for a lab | Production adoption should automate periodic load, chaos, and regional outage validation. |
+| TP-12: Use state-aware throttling | Backend eligibility reacts to response status and `Retry-After`, but priorities and weights remain static. | Partial alignment | Response-aware circuit state is sufficient for the sample. Business-priority brownouts and dynamic token admission require application context not available here. |
+| TP-14: Shed load before the hard ceiling | The sample intentionally drives low-capacity deployments to their limit rather than randomly rejecting traffic early. | Deliberate specialization | Reaching the limit makes circuit breaking and failover visible. Random early drop would obscure the behavior the lab is designed to teach. |
+
+## Why Immediate Retry Is Appropriate Here
+
+WAF warns against immediate retries because repeated calls to a constrained dependency amplify load. That warning applies directly when a client retries the same dependency without respecting its backpressure signal.
+
+This sample uses a different sequence:
+
+1. APIM selects one concrete model-compatible backend.
+1. A configured capacity or infrastructure response opens that backend's circuit.
+1. The retry policy immediately asks the pool for another eligible backend.
+1. The open backend remains unavailable for the circuit duration or accepted `Retry-After` window.
+1. The gateway stops after the bounded number of pool alternatives has been attempted.
+
+The zero interval therefore avoids holding a synchronous inference request idle while healthy regional capacity might be available. The circuit breaker, model-safe pool, and bounded attempt count are all required for that choice to remain appropriate. Copying `interval="0"` into a policy without those controls would not preserve the same safety properties.
+
+## Why the Sample Returns 429 for Capacity Exhaustion
+
+WAF recommends `429` for a caller exceeding a user limit and `503` for a service-wide constraint. The sample's terminal `429` is a deliberate educational contract for **downstream Azure OpenAI capacity exhaustion**, not an APIM user-limit decision.
+
+This choice preserves two signals that the lab needs to demonstrate:
+
+- Capacity exhaustion remains distinguishable from infrastructure and transport failure.
+- The caller receives the earliest known `Retry-After` delay from the attempted capacity pool.
+
+The sample returns `503` when it cannot make a supported capacity statement, such as exhausted infrastructure failures or backend connection failures. A production API can instead normalize pool-wide capacity exhaustion to `503` if its public contract follows the WAF user-limit versus service-limit distinction strictly. That is a contract decision at the workload boundary, not evidence that the sample's internal failover behavior is wrong.
+
+## Responsibility Boundaries
+
+| Boundary | This sample demonstrates | Production workload responsibility |
+| --- | --- | --- |
+| Caller to APIM | Subscription authentication and terminal backpressure signals. | Backoff, jitter, retry budgets, deadlines, cancellation, workload identity, and safe replay semantics. |
+| APIM ingress | API and operation matching before the inference policy runs. | User and service token limits, differentiated priorities, blocking controls, and standardized rate-limit headers. |
+| APIM to Azure OpenAI | Model-safe selection, bounded failover, per-backend circuits, managed identity, and terminal response classification. | Concurrency limits, total request deadlines, dependency contracts, and production-specific timeout budgets. |
+| Operations | Retry traces, backend distribution, terminal outcomes, latency, and token telemetry. | Current limit saturation, top callers, alert thresholds, automated mitigation, drills, and periodic limit review. |
+| Adaptive control | Response-aware backend exclusion and recovery. | Brownouts, progressive re-entry, dynamic token costs, borrowing, and random early drop when required. |
+
+## Production Adoption
+
+The following sample behaviors are useful building blocks for production:
+
+- Keep one backend resource and circuit state per model-compatible deployment.
+- Bound attempts to the available alternatives and to the caller's total deadline.
+- Preserve request bodies only when the operation is safe to replay.
+- Do not retry caller, authentication, authorization, or configuration errors.
+- Distinguish downstream capacity from infrastructure and transport failure.
+- Keep retry and backend-selection telemetry without exposing backend identities publicly.
+
+A production workload should add controls based on its own saturation vectors and service-level objectives:
+
+- Enforce token-based user limits by workload identity and service limits by operation.
+- Limit concurrent in-flight inference calls and account for retry amplification.
+- Define whether terminal downstream capacity is exposed as `429` or normalized to `503` in the public API contract.
+- Add `RateLimit-Policy`, `RateLimit`, and related headers only for limits the gateway actually enforces.
+- Apply caller-side jitter, total retry budgets, deadlines, and cancellation.
+- Add progressive recovery, brownouts, or early load shedding when business priorities require them.
+- Monitor current limits, saturation, top callers, and high-water marks, then validate them through regular load and regional failure drills.
+
+## Verification and Evidence
+
+The sample provides several ways to inspect the behavior described above:
+
+- [create.ipynb](create.ipynb) runs deterministic contract probes and pressure, recovery, and terminal exhaustion scenarios.
+- [failover-outcomes.kql](queries/failover-outcomes.kql) separates successful requests, recovered failovers, caller throttling, and exhausted fallback.
+- [failure-analysis.kql](queries/failure-analysis.kql) classifies backend failures and APIM pipeline errors.
+- [token-throughput.kql](queries/token-throughput.kql) reports the AI-specific saturation dimension of token volume.
+- [request-details.kql](queries/request-details.kql) correlates gateway, retry, backend, and LLM telemetry for an individual request.
+- [README.md](README.md#failure-test-coverage) lists deterministic and controlled tests for each response class.
+
+## Conclusion
+
+The sample and WAF guidance are complementary. WAF explains how an entire workload should control overload across ingress, internal components, egress, clients, and operations. This sample isolates one important part of that system and makes it observable: fast, bounded failover across independent Azure OpenAI capacity targets.
+
+Its immediate cross-backend attempts, one-failure circuit trips, capacity-preserving `429`, static recovery, and intentionally low deployment capacity are purpose-built for that demonstration. They are correct within the sample's boundary and should be carried into production only together with the broader workload controls appropriate to the adopting system.
+
+[waf-throttling]: https://learn.microsoft.com/azure/well-architected/design-guides/throttling
diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index 47c90d1b..50bc2e7f 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -107,7 +107,7 @@
     "# ------------------------------\n",
     "\n",
     "rg_location = Region.EAST_US_2\n",
-    "index = 110\n",
+    "index = 1\n",
     "apim_sku = APIM_SKU.BASICV2\n",
     "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
     "api_prefix = 'inference'\n",
@@ -768,8 +768,11 @@
     ")\n",
     "\n",
     "if telemetry_found:\n",
-    "    request_rows, successful_requests, unavailable_responses, token_rows, total_tokens = telemetry_rows[0]\n",
-    "    print_ok(f'Telemetry ready: {request_rows} requests, {token_rows} token-bearing requests, {total_tokens} tokens')\n",
+    "    request_rows, successful_requests, throttled_responses, unavailable_responses, token_rows, total_tokens = telemetry_rows[0]\n",
+    "    print_ok(\n",
+    "        f'Telemetry ready: {request_rows} requests ({successful_requests} successful, {throttled_responses} throttled), '\n",
+    "        f'{token_rows} token-bearing requests, {total_tokens} tokens'\n",
+    "    )\n",
     "    if unavailable_responses:\n",
     "        print_ok(f'Observed {unavailable_responses} terminal 503 responses after fallback exhaustion')\n",
     "elif telemetry_result is not None and telemetry_result.success:\n",
@@ -897,218 +900,41 @@
    "metadata": {},
    "outputs": [],
    "source": [
-    "import importlib\n",
-    "import tempfile\n",
-    "from pathlib import Path\n",
-    "\n",
-    "import matplotlib.pyplot as plt\n",
-    "\n",
     "# APIM Samples imports\n",
-    "import charts\n",
-    "import htmlreport\n",
     "from console import print_ok, print_warning\n",
     "\n",
-    "importlib.reload(htmlreport)\n",
-    "\n",
     "if 'gpt_5_1_backend_labels' not in locals():\n",
     "    print_warning('Please run the scenario chart cell first')\n",
     "    raise SystemExit(1)\n",
     "\n",
-    "\n",
-    "def add_scenario_figure(\n",
-    "    report: htmlreport.HtmlReport,\n",
-    "    title: str,\n",
-    "    description: str,\n",
-    "    api_results: list[dict],\n",
-    "    backend_labels: dict[int, str],\n",
-    ") -> None:\n",
-    "    \"\"\"Render and embed one scenario response-time chart.\"\"\"\n",
-    "    figure = charts.BarChart(\n",
-    "        api_results=api_results,\n",
-    "        title=f'{title} - APIM source: {apim_source_region}',\n",
-    "        x_label='Run #',\n",
-    "        y_label='Response Time (ms)',\n",
-    "        fig_text=description,\n",
-    "        backend_labels=backend_labels,\n",
-    "    ).render()\n",
-    "    report.add_figure(title, figure, description)\n",
-    "    plt.close(figure)\n",
-    "\n",
-    "\n",
-    "portal_base = f'https://portal.azure.com/#@{tenant_id}/resource'\n",
-    "apim_id = f'/subscriptions/{subscription_id}/resourceGroups/{rg_name}/providers/Microsoft.ApiManagement/service/{apim_name}'\n",
-    "report = htmlreport.HtmlReport(\n",
-    "    'Inference Failover Run Report',\n",
-    "    f'APIM source region: {apim_source_region} | Deployment: {nb_helper.deployment.name} | Resource group: {rg_name}',\n",
+    "report_context = inference_failover_helpers.InferenceReportContext(\n",
+    "    sample_folder=sample_folder,\n",
+    "    apim_source_region=apim_source_region,\n",
+    "    deployment_name=nb_helper.deployment.name,\n",
+    "    resource_group_name=rg_name,\n",
+    "    tenant_id=tenant_id,\n",
+    "    subscription_id=subscription_id,\n",
+    "    apim_name=apim_name,\n",
+    "    workbook_id=workbook_id,\n",
+    "    log_analytics_id=log_analytics_id,\n",
     ")\n",
-    "success_rate = (tests.tests_passed / tests.total_tests * 100) if tests.total_tests else 0\n",
-    "report.add_metrics(\n",
-    "    'Scenario Test Summary',\n",
-    "    {\n",
-    "        'Result': 'Passed' if not tests.tests_failed and tests.total_tests else 'Needs review',\n",
-    "        'Tests': tests.total_tests,\n",
-    "        'Passed': tests.tests_passed,\n",
-    "        'Failed': tests.tests_failed,\n",
-    "        'Success rate': f'{success_rate:.1f}%',\n",
+    "report_path = inference_failover_helpers.generate_local_html_report(\n",
+    "    report_context,\n",
+    "    tests,\n",
+    "    scenario_results=scenario_results,\n",
+    "    backend_url_indexes={\n",
+    "        'gpt-5.1': gpt_5_1_backend_url_index,\n",
+    "        'gpt-4.1-mini': gpt_4_1_mini_backend_url_index,\n",
     "    },\n",
-    "    highlight_success=False,\n",
-    ")\n",
-    "report.add_info_callout(\n",
-    "    'Lab Capacity Is Intentionally Low',\n",
-    "    'Each regional Azure OpenAI deployment is intentionally configured at 1,000 TPM so that concentrated requests trigger observable failover. '\n",
-    "    'This is a learning configuration, not production sizing guidance. With appropriately sized production capacity, '\n",
-    "    'caller-visible success rates should be substantially higher and, normally, close to perfect.',\n",
-    ")\n",
-    "if tests.errors:\n",
-    "    report.add_table('Assertion Failures', ['Failure'], [[error] for error in tests.errors])\n",
-    "\n",
-    "scenario_groups = [\n",
-    "    (\n",
-    "        'gpt-5.1',\n",
-    "        [\n",
-    "            (\n",
-    "                'A-1',\n",
-    "                'Baseline Warm Path',\n",
-    "                'Small control requests against the gpt-5.1 pool before deliberate pressure begins.',\n",
-    "                scenario1_gpt_5_1,\n",
-    "                gpt_5_1_backend_url_index,\n",
-    "                gpt_5_1_backend_labels,\n",
-    "            ),\n",
-    "            (\n",
-    "                'A-2',\n",
-    "                'Sustained Pressure',\n",
-    "                'Larger requests without spacing exercise gpt-5.1 failover tiers.',\n",
-    "                scenario2_gpt_5_1,\n",
-    "                gpt_5_1_backend_url_index,\n",
-    "                gpt_5_1_backend_labels,\n",
-    "            ),\n",
-    "            (\n",
-    "                'A-3',\n",
-    "                'Paced Recovery',\n",
-    "                'Spaced requests show recovery behavior after sustained pressure.',\n",
-    "                scenario4_gpt_5_1,\n",
-    "                gpt_5_1_backend_url_index,\n",
-    "                gpt_5_1_backend_labels,\n",
-    "            ),\n",
-    "            (\n",
-    "                'A-4',\n",
-    "                'Terminal Exhaustion',\n",
-    "                'A hard burst probes deep fallback and terminal responses.',\n",
-    "                scenario5_gpt_5_1,\n",
-    "                gpt_5_1_backend_url_index,\n",
-    "                gpt_5_1_backend_labels,\n",
-    "            ),\n",
-    "        ],\n",
-    "    ),\n",
-    "    (\n",
-    "        'gpt-4.1-mini',\n",
-    "        [\n",
-    "            (\n",
-    "                'B-1',\n",
-    "                'Baseline Warm Path',\n",
-    "                'Small control requests against the independent gpt-4.1-mini pool.',\n",
-    "                scenario1_gpt_4_1_mini,\n",
-    "                gpt_4_1_mini_backend_url_index,\n",
-    "                gpt_4_1_mini_backend_labels,\n",
-    "            ),\n",
-    "            (\n",
-    "                'B-2',\n",
-    "                'Sustained Pressure',\n",
-    "                'Unpaced load confirms that gpt-4.1-mini fallback remains model-safe.',\n",
-    "                scenario3_gpt_4_1_mini,\n",
-    "                gpt_4_1_mini_backend_url_index,\n",
-    "                gpt_4_1_mini_backend_labels,\n",
-    "            ),\n",
-    "        ],\n",
-    "    ),\n",
-    "]\n",
-    "scenario_definitions = [scenario_definition for _, model_scenarios in scenario_groups for scenario_definition in model_scenarios]\n",
-    "scenario_request_count = sum(len(api_results) for _, _, _, api_results, _, _ in scenario_definitions)\n",
-    "all_scenario_requests_succeeded = bool(scenario_request_count) and all(\n",
-    "    result['status_code'] == 200\n",
-    "    for _, _, _, api_results, _, _ in scenario_definitions\n",
-    "    for result in api_results\n",
-    ")\n",
-    "if all_scenario_requests_succeeded:\n",
-    "    report.add_success_callout(\n",
-    "        'All scenario requests returned HTTP 200',\n",
-    "        f'All {scenario_request_count} controlled inference requests completed successfully. '\n",
-    "        'APIM served the full run without a caller-visible error.',\n",
-    "    )\n",
-    "for model_name, model_scenarios in scenario_groups:\n",
-    "    report.add_table(\n",
-    "        htmlreport.HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,)),\n",
-    "        ['', 'Test #', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'],\n",
-    "        [\n",
-    "            inference_failover_helpers.build_scenario_report_row(test_id, title, api_results, backend_url_index, backend_labels)\n",
-    "            for test_id, title, _, api_results, backend_url_index, backend_labels in model_scenarios\n",
-    "        ],\n",
-    "        htmlreport.HtmlText(\n",
-    "            'The green checkmark indicates that every request returned HTTP 200 from the caller perspective, '\n",
-    "            'including successes after APIM retries. '\n",
-    "            'The amber warning triangle indicates that one or more requests returned a caller-visible non-200 response. '\n",
-    "            'APIM retries lists only non-zero X-Backend-Retry values absorbed by APIM after the initial backend attempt. '\n",
-    "            'Priority / weight mix aggregates concrete Azure OpenAI destinations into APIM routing tiers and weights. '\n",
-    "            'The interpretation highlights failures APIM absorbed, failover depth, and caller-visible outcomes.',\n",
-    "            bold_tokens=(\n",
-    "                'The green checkmark indicates that every request returned HTTP 200',\n",
-    "                'The amber warning triangle indicates that one or more requests returned a caller-visible non-200 response',\n",
-    "            ),\n",
-    "        ),\n",
-    "        column_widths=['4%', '5%', '10%', '6%', '6%', '5%', '11%', '17%', '36%'],\n",
-    "    )\n",
-    "for test_id, title, description, api_results, _, backend_labels in scenario_definitions:\n",
-    "    add_scenario_figure(report, f'{test_id}) {title}', description, api_results, backend_labels)\n",
-    "\n",
-    "if 'distribution_frame' in locals():\n",
-    "    distribution_frame = inference_failover_helpers.with_backend_identifier(distribution_frame)\n",
-    "    report.add_table(\n",
-    "        'Gateway-Recorded Backend Distribution',\n",
-    "        distribution_frame.columns.tolist(),\n",
-    "        distribution_frame.values.tolist(),\n",
-    "        'Log Analytics rows summarize the destination selected for each gateway request.',\n",
-    "    )\n",
-    "    distribution_figure, distribution_axis = plt.subplots(figsize=(12, 5))\n",
-    "    distribution_frame.pivot(index='API', columns='Backend', values='Requests').fillna(0).plot(kind='bar', ax=distribution_axis)\n",
-    "    distribution_axis.set_title('Gateway-recorded request distribution by backend')\n",
-    "    distribution_axis.set_xlabel('API')\n",
-    "    distribution_axis.set_ylabel('Requests')\n",
-    "    distribution_figure.subplots_adjust(bottom=0.4)\n",
-    "    report.add_figure('Gateway-Recorded Request Distribution', distribution_figure)\n",
-    "    plt.close(distribution_figure)\n",
-    "else:\n",
-    "    print_warning('Gateway distribution telemetry is not available for the HTML report yet')\n",
-    "\n",
-    "if 'token_frame' in locals():\n",
-    "    report.add_table(\n",
-    "        'LLM Token Volume',\n",
-    "        token_frame.columns.tolist(),\n",
-    "        token_frame.values.tolist(),\n",
-    "        'Token totals confirm that LLM diagnostics captured successful inference traffic.',\n",
-    "    )\n",
-    "    token_figure, token_axis = plt.subplots(figsize=(8, 4))\n",
-    "    token_frame.groupby('API')['TotalTokens'].sum().plot(kind='bar', ax=token_axis)\n",
-    "    token_axis.set_title('LLM token volume by inference API')\n",
-    "    token_axis.set_xlabel('Inference API')\n",
-    "    token_axis.set_ylabel('Total tokens')\n",
-    "    token_axis.tick_params(axis='x', rotation=0)\n",
-    "    token_figure.tight_layout()\n",
-    "    report.add_figure('LLM Token Volume By Inference API', token_figure)\n",
-    "    plt.close(token_figure)\n",
-    "else:\n",
-    "    print_warning('Token telemetry is not available for the HTML report yet')\n",
-    "\n",
-    "report.add_links(\n",
-    "    'Azure Views',\n",
-    "    {\n",
-    "        'Workbook': f'{portal_base}{workbook_id}/workbook',\n",
-    "        'Log Analytics': f'{portal_base}{log_analytics_id}/logs',\n",
-    "        'API Management': f'{portal_base}{apim_id}/overview',\n",
+    "    backend_labels={\n",
+    "        'gpt-5.1': gpt_5_1_backend_labels,\n",
+    "        'gpt-4.1-mini': gpt_4_1_mini_backend_labels,\n",
     "    },\n",
+    "    distribution_frame=distribution_frame if 'distribution_frame' in locals() else None,\n",
+    "    token_frame=token_frame if 'token_frame' in locals() else None,\n",
     ")\n",
-    "report_path = report.write(Path(tempfile.gettempdir()) / 'apim-samples-reports' / sample_folder / 'inference-failover-report.html')\n",
     "report_url = report_path.as_uri()\n",
-    "print_ok(f'Local HTML report ready: {report_url}')\n"
+    "print_ok(f'Local HTML report ready: {report_url}')"
    ]
   },
   {
diff --git a/samples/inference-failover/inference-failover.workbook.json b/samples/inference-failover/inference-failover.workbook.json
index 00df44ee..ac4b7ecb 100644
--- a/samples/inference-failover/inference-failover.workbook.json
+++ b/samples/inference-failover/inference-failover.workbook.json
@@ -230,7 +230,7 @@
           {
             "content": {
               "noDataMessage": "No inference outcomes found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| summarize Requests = count(), Failovers = countif(FailoverOccurred), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = round(avg(Attempts), 2), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode\n| order by ApiId asc, Requests desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| summarize Requests = count(), Failovers = countif(FailoverOccurred), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = avg(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by ApiId asc, Requests desc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -267,7 +267,7 @@
           {
             "content": {
               "noDataMessage": "No backend distribution data found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), Successful = countif(ResponseCode between (200 .. 299)), CallerUnavailable = countif(ResponseCode == 503), BackendThrottled = countif(BackendResponseCode == 429), BackendUnavailable = countif(BackendResponseCode == 503), AverageBackendMs = round(avg(BackendTime), 1), P95BackendMs = round(percentile(BackendTime, 95), 1) by ApiId, Backend\n| order by ApiId asc, Requests desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), Successful = countif(ResponseCode between (200 .. 299)), CallerUnavailable = countif(ResponseCode == 503), BackendThrottled = countif(BackendResponseCode == 429), BackendUnavailable = countif(BackendResponseCode == 503), AverageBackendMs = avg(BackendTime), P95BackendMs = percentile(BackendTime, 95) by ApiId, Backend\n| extend AverageBackendMs = iff(isfinite(toreal(AverageBackendMs)), round(AverageBackendMs, 1), real(null)), P95BackendMs = iff(isfinite(toreal(P95BackendMs)), round(P95BackendMs, 1), real(null))\n| order by ApiId asc, Requests desc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -304,7 +304,7 @@
           {
             "content": {
               "noDataMessage": "No policy-recorded failover trails found. Redeploy the sample after the trace policy update, generate traffic, and allow Log Analytics ingestion to complete.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| where Attempts > 1 or FallbackExhausted\n| summarize Requests = count(), Recovered = countif(ResponseCode between (200 .. 299)), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = round(avg(Attempts), 2), MaximumAttempts = max(Attempts), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId\n| order by ApiId asc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| where Attempts > 1 or FallbackExhausted\n| summarize Requests = count(), Recovered = countif(ResponseCode between (200 .. 299)), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = avg(Attempts), MaximumAttempts = max(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by ApiId asc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -356,7 +356,7 @@
           {
             "content": {
               "noDataMessage": "No recovered failovers or failures found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend FailureType = case(\n    FallbackExhausted, 'Fallback exhausted at APIM',\n    ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',\n    BackendResponseCode == 429, 'Final backend throttled',\n    BackendResponseCode >= 500, 'Final backend server error',\n    ResponseCode between (400 .. 499), 'Caller-visible client error',\n    ResponseCode >= 500, 'Caller-visible server error',\n    isnotempty(LastErrorReason), 'APIM pipeline error',\n    'Successful without failover')\n| where FailureType != 'Successful without failover'\n| summarize Requests = count(), AverageAttempts = round(avg(Attempts), 2), MaximumAttempts = max(Attempts), AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1) by ApiId, FailureType, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, LastErrorSource, LastErrorReason\n| order by Requests desc, ApiId asc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend FailureType = case(\n    FallbackExhausted, 'Fallback exhausted at APIM',\n    ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',\n    BackendResponseCode == 429, 'Final backend throttled',\n    BackendResponseCode >= 500, 'Final backend server error',\n    ResponseCode between (400 .. 499), 'Caller-visible client error',\n    ResponseCode >= 500, 'Caller-visible server error',\n    isnotempty(LastErrorReason), 'APIM pipeline error',\n    'Successful without failover')\n| where FailureType != 'Successful without failover'\n| summarize Requests = count(), AverageAttempts = avg(Attempts), MaximumAttempts = max(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId, FailureType, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, LastErrorSource, LastErrorReason\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by Requests desc, ApiId asc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -438,7 +438,7 @@
           {
             "content": {
               "noDataMessage": "No latency data found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| summarize AverageTotalMs = round(avg(TotalTime), 1), P95TotalMs = round(percentile(TotalTime, 95), 1), AverageBackendMs = round(avg(BackendTime), 1), P95BackendMs = round(percentile(BackendTime, 95), 1), Requests = count() by bin(TimeGenerated, 5m), ApiId\n| order by TimeGenerated asc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| summarize AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95), AverageBackendMs = avg(BackendTime), P95BackendMs = percentile(BackendTime, 95), Requests = count() by bin(TimeGenerated, 5m), ApiId\n| extend AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null)), AverageBackendMs = iff(isfinite(toreal(AverageBackendMs)), round(AverageBackendMs, 1), real(null)), P95BackendMs = iff(isfinite(toreal(P95BackendMs)), round(P95BackendMs, 1), real(null))\n| order by TimeGenerated asc",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -474,10 +474,15 @@
           },
           {
             "content": {
+              "gridSettings": {
+                "filter": true,
+                "rowLimit": 10000
+              },
               "noDataMessage": "No matching inference requests found for the selected time range and correlation filter.",
               "query": "let llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize ModelName = take_any(ModelName), DeploymentName = take_any(DeploymentName), LlmRequestId = take_any(RequestId), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\nApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where isempty('{CorrelationFilter}') or CorrelationId contains '{CorrelationFilter}'\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend RetriedFailures = max_of(Attempts - 1, 0)\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceAttempt\\|n=[0-9]+\\|code=(?:[0-9]+|none))', TraceText), ' -> ')\n| join kind=leftouter llmPerRequest on CorrelationId\n| project TimeGenerated, CorrelationId, ApiId, OperationId, ApimSubscriptionId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, BackendId, BackendUrl, TotalTime, BackendTime, Attempts, RetriedFailures, FallbackExhausted, AttemptTrail, ModelName, DeploymentName, LlmRequestId, PromptTokens = coalesce(PromptTokens, 0), CompletionTokens = coalesce(CompletionTokens, 0), TotalTokens = coalesce(TotalTokens, 0), LlmRows = coalesce(LlmRows, 0), RequestMessageChunks = coalesce(RequestMessageChunks, 0), ResponseMessageChunks = coalesce(ResponseMessageChunks, 0), LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc\n| take 200",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
+              "size": 0,
               "timeContext": {
                 "durationMs": 3600000
               },
diff --git a/samples/inference-failover/inference_failover_helpers.py b/samples/inference-failover/inference_failover_helpers.py
index 5fcc4539..b5d27873 100644
--- a/samples/inference-failover/inference_failover_helpers.py
+++ b/samples/inference-failover/inference_failover_helpers.py
@@ -3,17 +3,22 @@
 import json
 import time
 from collections import Counter
-from collections.abc import Callable, Mapping
+from collections.abc import Callable, Mapping, Sequence
 from dataclasses import dataclass
+from pathlib import Path
+from tempfile import gettempdir
 from typing import Any
 
+import matplotlib.pyplot as plt
 import pandas as pd
 import requests as http_requests
 
 # APIM Samples imports
+import charts
+from apimtesting import ApimTesting
 from apimtypes import SUBSCRIPTION_KEY_PARAMETER_NAME
-from console import print_info, print_message
-from htmlreport import HtmlList, HtmlSuccess, HtmlText, HtmlWarning
+from console import print_info, print_message, print_warning
+from htmlreport import HtmlList, HtmlReport, HtmlSuccess, HtmlText, HtmlWarning
 
 
 @dataclass(frozen=True)
@@ -51,6 +56,21 @@ class InferenceScenarioSummary:
     retry_counts: dict[int, int]
 
 
+@dataclass(frozen=True)
+class InferenceReportContext:
+    """Contain deployment metadata and Azure resources linked from the local report."""
+
+    sample_folder: str
+    apim_source_region: str
+    deployment_name: str
+    resource_group_name: str
+    tenant_id: str
+    subscription_id: str
+    apim_name: str
+    workbook_id: str
+    log_analytics_id: str
+
+
 class InferenceTrafficRunner:
     """Run inference traffic while owning one reusable HTTP session."""
 
@@ -368,3 +388,244 @@ def build_scenario_report_row(
         HtmlText(priority_mix, bold_tokens=priority_tokens, preserve_line_breaks=True),
         HtmlList(observation_items),
     ]
+
+
+def generate_local_html_report(
+    context: InferenceReportContext,
+    tests: ApimTesting,
+    scenario_results: Sequence[list[dict[str, Any]]],
+    backend_url_indexes: Mapping[str, Mapping[str, int]],
+    backend_labels: Mapping[str, Mapping[int, str]],
+    distribution_frame: pd.DataFrame | None = None,
+    token_frame: pd.DataFrame | None = None,
+    output_path: Path | None = None,
+) -> Path:
+    """Generate the self-contained inference failover run report."""
+    scenario_groups = _build_report_scenario_groups(scenario_results, backend_url_indexes, backend_labels)
+    report = HtmlReport(
+        'Inference Failover Run Report',
+        f'APIM source region: {context.apim_source_region} | Deployment: {context.deployment_name} | '
+        f'Resource group: {context.resource_group_name}',
+    )
+    success_rate = (tests.tests_passed / tests.total_tests * 100) if tests.total_tests else 0
+    report.add_metrics(
+        'Scenario Test Summary',
+        {
+            'Result': 'Passed' if not tests.tests_failed and tests.total_tests else 'Needs review',
+            'Tests': tests.total_tests,
+            'Passed': tests.tests_passed,
+            'Failed': tests.tests_failed,
+            'Success rate': f'{success_rate:.1f}%',
+        },
+        highlight_success=False,
+    )
+    report.add_info_callout(
+        'Lab Capacity Is Intentionally Low',
+        'Each regional Azure OpenAI deployment is intentionally configured at 1,000 TPM so that concentrated requests trigger observable failover. '
+        'This is a learning configuration, not production sizing guidance. With appropriately sized production capacity, '
+        'caller-visible success rates should be substantially higher and, normally, close to perfect.',
+    )
+    if tests.errors:
+        report.add_table('Assertion Failures', ['Failure'], [[error] for error in tests.errors])
+
+    scenario_definitions = [scenario for _, scenarios in scenario_groups for scenario in scenarios]
+    scenario_request_count = sum(len(results) for _, _, _, results, _, _ in scenario_definitions)
+    if scenario_request_count and all(result['status_code'] == 200 for _, _, _, results, _, _ in scenario_definitions for result in results):
+        report.add_success_callout(
+            'All scenario requests returned HTTP 200',
+            f'All {scenario_request_count} controlled inference requests completed successfully. '
+            'APIM served the full run without a caller-visible error.',
+        )
+
+    for model_name, model_scenarios in scenario_groups:
+        report.add_table(
+            HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,)),
+            ['', 'Test #', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'],
+            [
+                build_scenario_report_row(test_id, title, results, url_index, labels)
+                for test_id, title, _, results, url_index, labels in model_scenarios
+            ],
+            HtmlText(
+                'The green checkmark indicates that every request returned HTTP 200 from the caller perspective, '
+                'including successes after APIM retries. '
+                'The amber warning triangle indicates that one or more requests returned a caller-visible non-200 response. '
+                'APIM retries lists only non-zero X-Backend-Retry values absorbed by APIM after the initial backend attempt. '
+                'Priority / weight mix aggregates concrete Azure OpenAI destinations into APIM routing tiers and weights. '
+                'The interpretation highlights failures APIM absorbed, failover depth, and caller-visible outcomes.',
+                bold_tokens=(
+                    'The green checkmark indicates that every request returned HTTP 200',
+                    'The amber warning triangle indicates that one or more requests returned a caller-visible non-200 response',
+                ),
+            ),
+            column_widths=['4%', '5%', '10%', '6%', '6%', '5%', '11%', '17%', '36%'],
+        )
+
+    for test_id, title, description, results, _, labels in scenario_definitions:
+        _add_scenario_figure(report, context.apim_source_region, f'{test_id}) {title}', description, results, labels)
+
+    _add_distribution_telemetry(report, distribution_frame)
+    _add_token_telemetry(report, token_frame)
+    report.add_links('Azure Views', _build_azure_links(context))
+
+    destination = output_path or Path(gettempdir()) / 'apim-samples-reports' / context.sample_folder / 'inference-failover-report.html'
+
+    return report.write(destination)
+
+
+def _build_report_scenario_groups(
+    scenario_results: Sequence[list[dict[str, Any]]],
+    backend_url_indexes: Mapping[str, Mapping[str, int]],
+    backend_labels: Mapping[str, Mapping[int, str]],
+) -> list[tuple[str, list[tuple[str, str, str, list[dict[str, Any]], Mapping[str, int], Mapping[int, str]]]]]:
+    if len(scenario_results) != 6:
+        raise ValueError('The inference report requires exactly six scenario result sets.')
+
+    required_models = ('gpt-5.1', 'gpt-4.1-mini')
+    missing_models = [model for model in required_models if model not in backend_url_indexes or model not in backend_labels]
+    if missing_models:
+        raise ValueError(f'Missing report backend metadata for: {", ".join(missing_models)}')
+
+    return [
+        (
+            'gpt-5.1',
+            [
+                (
+                    'A-1',
+                    'Baseline Warm Path',
+                    'Small control requests against the gpt-5.1 pool before deliberate pressure begins.',
+                    scenario_results[0],
+                    backend_url_indexes['gpt-5.1'],
+                    backend_labels['gpt-5.1'],
+                ),
+                (
+                    'A-2',
+                    'Sustained Pressure',
+                    'Larger requests without spacing exercise gpt-5.1 failover tiers.',
+                    scenario_results[2],
+                    backend_url_indexes['gpt-5.1'],
+                    backend_labels['gpt-5.1'],
+                ),
+                (
+                    'A-3',
+                    'Paced Recovery',
+                    'Spaced requests show recovery behavior after sustained pressure.',
+                    scenario_results[4],
+                    backend_url_indexes['gpt-5.1'],
+                    backend_labels['gpt-5.1'],
+                ),
+                (
+                    'A-4',
+                    'Terminal Exhaustion',
+                    'A hard burst probes deep fallback and terminal responses.',
+                    scenario_results[5],
+                    backend_url_indexes['gpt-5.1'],
+                    backend_labels['gpt-5.1'],
+                ),
+            ],
+        ),
+        (
+            'gpt-4.1-mini',
+            [
+                (
+                    'B-1',
+                    'Baseline Warm Path',
+                    'Small control requests against the independent gpt-4.1-mini pool.',
+                    scenario_results[1],
+                    backend_url_indexes['gpt-4.1-mini'],
+                    backend_labels['gpt-4.1-mini'],
+                ),
+                (
+                    'B-2',
+                    'Sustained Pressure',
+                    'Unpaced load confirms that gpt-4.1-mini fallback remains model-safe.',
+                    scenario_results[3],
+                    backend_url_indexes['gpt-4.1-mini'],
+                    backend_labels['gpt-4.1-mini'],
+                ),
+            ],
+        ),
+    ]
+
+
+def _add_scenario_figure(
+    report: HtmlReport,
+    apim_source_region: str,
+    title: str,
+    description: str,
+    results: list[dict[str, Any]],
+    labels: Mapping[int, str],
+) -> None:
+    figure = charts.BarChart(
+        api_results=results,
+        title=f'{title} - APIM source: {apim_source_region}',
+        x_label='Run #',
+        y_label='Response Time (ms)',
+        fig_text=description,
+        backend_labels=dict(labels),
+    ).render()
+    try:
+        report.add_figure(title, figure, description)
+    finally:
+        plt.close(figure)
+
+
+def _add_distribution_telemetry(report: HtmlReport, distribution_frame: pd.DataFrame | None) -> None:
+    if distribution_frame is None:
+        print_warning('Gateway distribution telemetry is not available for the HTML report yet')
+        return
+
+    report_frame = with_backend_identifier(distribution_frame)
+    report.add_table(
+        'Gateway-Recorded Backend Distribution',
+        report_frame.columns.tolist(),
+        report_frame.values.tolist(),
+        'Log Analytics rows summarize the destination selected for each gateway request.',
+    )
+    figure, axis = plt.subplots(figsize=(12, 5))
+    try:
+        report_frame.pivot(index='API', columns='Backend', values='Requests').fillna(0).plot(kind='bar', ax=axis)
+        axis.set_title('Gateway-recorded request distribution by backend')
+        axis.set_xlabel('API')
+        axis.set_ylabel('Requests')
+        figure.subplots_adjust(bottom=0.4)
+        report.add_figure('Gateway-Recorded Request Distribution', figure)
+    finally:
+        plt.close(figure)
+
+
+def _add_token_telemetry(report: HtmlReport, token_frame: pd.DataFrame | None) -> None:
+    if token_frame is None:
+        print_warning('Token telemetry is not available for the HTML report yet')
+        return
+
+    report.add_table(
+        'LLM Token Volume',
+        token_frame.columns.tolist(),
+        token_frame.values.tolist(),
+        'Token totals confirm that LLM diagnostics captured successful inference traffic.',
+    )
+    figure, axis = plt.subplots(figsize=(8, 4))
+    try:
+        token_frame.groupby('API')['TotalTokens'].sum().plot(kind='bar', ax=axis)
+        axis.set_title('LLM token volume by inference API')
+        axis.set_xlabel('Inference API')
+        axis.set_ylabel('Total tokens')
+        axis.tick_params(axis='x', rotation=0)
+        figure.tight_layout()
+        report.add_figure('LLM Token Volume By Inference API', figure)
+    finally:
+        plt.close(figure)
+
+
+def _build_azure_links(context: InferenceReportContext) -> dict[str, str]:
+    portal_base = f'https://portal.azure.com/#@{context.tenant_id}/resource'
+    apim_id = (
+        f'/subscriptions/{context.subscription_id}/resourceGroups/{context.resource_group_name}'
+        f'/providers/Microsoft.ApiManagement/service/{context.apim_name}'
+    )
+
+    return {
+        'Workbook': f'{portal_base}{context.workbook_id}/workbook',
+        'Log Analytics': f'{portal_base}{context.log_analytics_id}/logs',
+        'API Management': f'{portal_base}{apim_id}/overview',
+    }
diff --git a/shared/python/console.py b/shared/python/console.py
index 254be9d3..9a509f0f 100644
--- a/shared/python/console.py
+++ b/shared/python/console.py
@@ -40,6 +40,7 @@
 _CONSOLE_WIDTH_ENV = 'APIM_SAMPLES_CONSOLE_WIDTH'
 _DEFAULT_CONSOLE_WIDTH = 220
 _MIN_CONSOLE_WIDTH = 20
+_PAD_MAX = 35
 
 # Thread-safe print lock
 _print_lock = threading.Lock()
@@ -204,13 +205,13 @@ def print_warning(msg: str, output: str = '', duration: str = '') -> None:
 
 def print_val(name: str, value: str, val_below: bool = False) -> None:
     """Print a key-value pair."""
-    _print_log(f'{name:<25}:{"\n" if val_below else " "}{value}', '👉 ', BOLD_B, wrap_lines=True, level=logging.INFO)
+    _print_log(f'{name:<_PAD_MAX}:{"\n" if val_below else " "}{value}', '👉 ', BOLD_B, wrap_lines=True, level=logging.INFO)
 
 
 def print_secret(name: str, value: str) -> None:
     """Print a key-value pair with the value masked, showing only its length."""
     masked = f'***REDACTED*** ({len(value)} chars)' if value else '(empty)'
-    _print_log(f'{name:<25}: {masked}', '🔒 ', BOLD_B, wrap_lines=True, level=logging.INFO)
+    _print_log(f'{name:<_PAD_MAX}: {masked}', '🔒 ', BOLD_B, wrap_lines=True, level=logging.INFO)
 
 
 def print_plain(msg: str = '', *, level: int | None = None, wrap_lines: bool = True, blank_above: bool = False, blank_below: bool = False) -> None:
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 57df703e..a9879d0b 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -50,6 +50,20 @@ def _collect_item_names(items: list[dict]) -> set[str]:
     return names
 
 
+def _find_workbook_item(items: list[dict], name: str) -> dict:
+    """Find a workbook item recursively by name."""
+    for item in items:
+        if item.get('name') == name:
+            return item
+        nested_items = item.get('content', {}).get('items', [])
+        if nested_items:
+            try:
+                return _find_workbook_item(nested_items, name)
+            except KeyError:
+                pass
+    raise KeyError(name)
+
+
 def test_inference_failover_workbook_is_aoai_only_and_query_backed() -> None:
     """Keep the workbook focused on inference telemetry rather than cost/showback features."""
     workbook = _load_workbook()
@@ -79,6 +93,26 @@ def test_inference_failover_workbook_is_aoai_only_and_query_backed() -> None:
     assert 'budget' not in serialized
 
 
+def test_inference_failover_workbook_leaves_missing_numeric_aggregates_empty() -> None:
+    """Render absent backend latency values as empty numeric cells rather than NaN text."""
+    serialized = json.dumps(_load_workbook())
+
+    assert 'round(avg(' not in serialized
+    assert 'round(percentile(' not in serialized
+    assert 'AverageBackendMs = avg(BackendTime)' in serialized
+    assert 'P95BackendMs = percentile(BackendTime, 95)' in serialized
+    assert 'AverageBackendMs = iff(isfinite(toreal(AverageBackendMs)), round(AverageBackendMs, 1), real(null))' in serialized
+    assert 'P95BackendMs = iff(isfinite(toreal(P95BackendMs)), round(P95BackendMs, 1), real(null))' in serialized
+
+
+def test_inference_failover_request_explorer_shows_many_rows() -> None:
+    """Keep Request Explorer auto-sized with a high row limit and filtering."""
+    request_explorer = _find_workbook_item(_load_workbook()['items'], 'query - request-explorer')['content']
+
+    assert request_explorer['size'] == 0
+    assert request_explorer['gridSettings'] == {'filter': True, 'rowLimit': 10000}
+
+
 def test_inference_failover_kql_queries_scope_to_ai_gateway_signals() -> None:
     """Ensure focused KQL query files remain available and tied to AI telemetry tables."""
     query_text = '\n'.join(path.read_text(encoding='utf-8') for path in KQL_PATHS)
@@ -397,28 +431,18 @@ def test_inference_notebook_generates_local_html_report() -> None:
     notebook = json.loads(NOTEBOOK_PATH.read_text(encoding='utf-8'))
     code_source = '\n'.join(''.join(cell['source']) for cell in notebook['cells'] if cell['cell_type'] == 'code')
 
-    assert 'import htmlreport' in code_source
-    assert 'importlib.reload(htmlreport)' in code_source
-    assert "'inference-failover-report.html'" in code_source
-    assert "'', 'Test #', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'" in code_source
-    assert "htmlreport.HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,))" in code_source
-    assert 'inference_failover_helpers.build_scenario_report_row(' in code_source
-    assert "column_widths=['4%', '5%', '10%', '6%', '6%', '5%', '11%', '17%', '36%']" in code_source
-    assert "'A-1',\n                'Baseline Warm Path'" in code_source
-    assert "'B-1',\n                'Baseline Warm Path'" in code_source
-    assert "add_scenario_figure(report, f'{test_id}) {title}', description, api_results, backend_labels)" in code_source
-    assert "'The green checkmark indicates that every request returned HTTP 200'," in code_source
-    assert 'highlight_success=False' in code_source
-    assert 'The amber warning triangle indicates that one or more requests returned a caller-visible non-200 response' in code_source
-    assert "f'APIM source region: {apim_source_region} | Deployment: {nb_helper.deployment.name} | Resource group: {rg_name}'" in code_source
-    assert 'report.add_info_callout(' in code_source
-    assert "'Lab Capacity Is Intentionally Low'" in code_source
-    assert "'Each regional Azure OpenAI deployment is intentionally configured at 1,000 TPM so that" in code_source
-    assert "'Observed X-Backend-URL values'" not in code_source.split('report = htmlreport.HtmlReport(', maxsplit=1)[1]
-    assert 'if all_scenario_requests_succeeded:' in code_source
-    assert 'report.add_success_callout(' in code_source
-    assert "'All scenario requests returned HTTP 200'" in code_source
-    assert "print_val('Local HTML report', report_url)" in code_source
+    assert 'inference_failover_helpers.InferenceReportContext(' in code_source
+    assert 'inference_failover_helpers.generate_local_html_report(' in code_source
+    assert 'scenario_results=scenario_results' in code_source
+    assert "'gpt-5.1': gpt_5_1_backend_url_index" in code_source
+    assert "'gpt-4.1-mini': gpt_4_1_mini_backend_labels" in code_source
+    assert "distribution_frame=distribution_frame if 'distribution_frame' in locals() else None" in code_source
+    assert "token_frame=token_frame if 'token_frame' in locals() else None" in code_source
+    assert 'htmlreport.HtmlReport' not in code_source
+    assert 'def add_scenario_figure(' not in code_source
+    assert 'report.add_table(' not in code_source
+    assert 'report.add_figure(' not in code_source
+    assert "print_ok(f'Local HTML report ready: {report_url}')" in code_source
 
 
 def test_inference_notebook_uses_tuned_gpt_4_1_mini_pressure_window() -> None:
diff --git a/tests/python/test_inference_failover_helpers.py b/tests/python/test_inference_failover_helpers.py
index 5b5a5875..93480ded 100644
--- a/tests/python/test_inference_failover_helpers.py
+++ b/tests/python/test_inference_failover_helpers.py
@@ -11,13 +11,16 @@
 INFERENCE_FAILOVER_DIR = Path(__file__).resolve().parents[2] / 'samples' / 'inference-failover'
 sys.path.insert(0, str(INFERENCE_FAILOVER_DIR))
 
+import inference_failover_helpers as helpers  # noqa: E402
 from htmlreport import HtmlList, HtmlSuccess, HtmlText, HtmlWarning  # noqa: E402
 from inference_failover_helpers import (  # noqa: E402
+    InferenceReportContext,
     InferenceScenario,
     InferenceTrafficRunner,
     build_scenario_report_row,
     format_backend_url_counts,
     format_gateway_distribution,
+    generate_local_html_report,
     get_backend_index,
     get_priority_and_weight,
     parse_backend_retry,
@@ -308,3 +311,119 @@ def test_build_scenario_report_row_reports_unresolved_non_503_failure():
     observations = '\n'.join(row[8].items)
     assert 'caller-visible failures remained' in observations
     assert 'Deepest routed tier' not in observations
+
+
+def _report_context() -> InferenceReportContext:
+    return InferenceReportContext(
+        sample_folder='inference-failover',
+        apim_source_region='East US 2',
+        deployment_name='SIMPLE_APIM',
+        resource_group_name='rg-test',
+        tenant_id='tenant-id',
+        subscription_id='subscription-id',
+        apim_name='apim-test',
+        workbook_id='/subscriptions/subscription-id/resourceGroups/rg-test/providers/microsoft.insights/workbooks/report',
+        log_analytics_id='/subscriptions/subscription-id/resourceGroups/rg-test/providers/Microsoft.OperationalInsights/workspaces/logs',
+    )
+
+
+def _report_results() -> list[list[dict]]:
+    result = {
+        'run': 1,
+        'response': json.dumps({'index': 0}),
+        'status_code': 200,
+        'response_time': 0.1,
+        'backend_retry': 0,
+        'backend_url': 'https://host/openai/deployments/a-model',
+    }
+
+    return [[result.copy()] for _ in range(6)]
+
+
+@pytest.mark.unit
+def test_generate_local_html_report_owns_rendering_links_and_output(monkeypatch, tmp_path):
+    report = MagicMock()
+    close_figure = MagicMock()
+    output_path = tmp_path / 'report.html'
+    report.write.return_value = output_path
+    monkeypatch.setattr(helpers, 'HtmlReport', MagicMock(return_value=report))
+    monkeypatch.setattr(helpers.plt, 'close', close_figure)
+    scenario_figures = [MagicMock() for _ in range(6)]
+    monkeypatch.setattr(helpers.charts, 'BarChart', MagicMock(return_value=MagicMock(render=MagicMock(side_effect=scenario_figures))))
+    tests = MagicMock(total_tests=3, tests_passed=3, tests_failed=0, errors=[])
+    labels = {
+        'gpt-5.1': {0: 'Priority 1 / Weight 100: PTU (East US 2)'},
+        'gpt-4.1-mini': {0: 'Priority 1 / Weight 100: PTU (East US 2)'},
+    }
+    indexes = {
+        'gpt-5.1': {'/deployments/a-model': 0},
+        'gpt-4.1-mini': {'/deployments/a-model': 0},
+    }
+
+    result = generate_local_html_report(_report_context(), tests, _report_results(), indexes, labels, output_path=output_path)
+
+    assert result == output_path
+    assert report.add_table.call_count == 2
+    assert report.add_figure.call_count == 6
+    report.add_success_callout.assert_called_once()
+    report.add_links.assert_called_once()
+    azure_links = report.add_links.call_args.args[1]
+    assert azure_links['Workbook'].endswith('/workbook')
+    assert azure_links['API Management'].endswith('/overview')
+    assert close_figure.call_count == 6
+    report.write.assert_called_once_with(output_path)
+
+
+@pytest.mark.unit
+def test_generate_local_html_report_adds_available_telemetry(monkeypatch, tmp_path):
+    report = MagicMock()
+    close_figure = MagicMock()
+    report.write.return_value = tmp_path / 'report.html'
+    monkeypatch.setattr(helpers, 'HtmlReport', MagicMock(return_value=report))
+    monkeypatch.setattr(helpers.plt, 'close', close_figure)
+    scenario_figure = MagicMock()
+    monkeypatch.setattr(helpers.charts, 'BarChart', MagicMock(return_value=MagicMock(render=MagicMock(return_value=scenario_figure))))
+    tests = MagicMock(total_tests=1, tests_passed=0, tests_failed=1, errors=['failed assertion'])
+    labels = {
+        'gpt-5.1': {0: 'Priority 1 / Weight 100: PTU (East US 2)'},
+        'gpt-4.1-mini': {0: 'Priority 1 / Weight 100: PTU (East US 2)'},
+    }
+    indexes = {
+        'gpt-5.1': {'/deployments/a-model': 0},
+        'gpt-4.1-mini': {'/deployments/a-model': 0},
+    }
+    distribution_frame = pd.DataFrame(
+        [['inference-gpt-5-1', 'https://host/openai/deployments/a-model', 1]],
+        columns=['API', 'Backend URL', 'Requests'],
+    )
+    token_frame = pd.DataFrame([['inference-gpt-5-1', 20]], columns=['API', 'TotalTokens'])
+
+    generate_local_html_report(
+        _report_context(),
+        tests,
+        _report_results(),
+        indexes,
+        labels,
+        distribution_frame,
+        token_frame,
+        tmp_path / 'report.html',
+    )
+
+    assert report.add_table.call_count == 5
+    assert report.add_figure.call_count == 8
+    report.add_success_callout.assert_called_once()
+    assert report.add_table.call_args_list[0].args[0] == 'Assertion Failures'
+    assert close_figure.call_count == 8
+
+
+@pytest.mark.unit
+@pytest.mark.parametrize(
+    ('scenario_results', 'indexes', 'labels', 'message'),
+    (
+        ([], {'gpt-5.1': {}, 'gpt-4.1-mini': {}}, {'gpt-5.1': {}, 'gpt-4.1-mini': {}}, 'six scenario'),
+        ([[] for _ in range(6)], {'gpt-5.1': {}}, {'gpt-5.1': {}, 'gpt-4.1-mini': {}}, 'gpt-4.1-mini'),
+    ),
+)
+def test_generate_local_html_report_rejects_incomplete_inputs(scenario_results, indexes, labels, message):
+    with pytest.raises(ValueError, match=message):
+        generate_local_html_report(_report_context(), MagicMock(), scenario_results, indexes, labels)

From 4d50855e6128a57adde187f9912231d523d485ae Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 11 Jun 2026 23:49:14 -0400
Subject: [PATCH 18/31] Fix padding

---
 samples/inference-failover/inference_failover_helpers.py | 5 ++---
 shared/python/console.py                                 | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/samples/inference-failover/inference_failover_helpers.py b/samples/inference-failover/inference_failover_helpers.py
index b5d27873..15ce4d36 100644
--- a/samples/inference-failover/inference_failover_helpers.py
+++ b/samples/inference-failover/inference_failover_helpers.py
@@ -9,12 +9,11 @@
 from tempfile import gettempdir
 from typing import Any
 
+# APIM Samples imports
+import charts
 import matplotlib.pyplot as plt
 import pandas as pd
 import requests as http_requests
-
-# APIM Samples imports
-import charts
 from apimtesting import ApimTesting
 from apimtypes import SUBSCRIPTION_KEY_PARAMETER_NAME
 from console import print_info, print_message, print_warning
diff --git a/shared/python/console.py b/shared/python/console.py
index 9a509f0f..ab9b36ea 100644
--- a/shared/python/console.py
+++ b/shared/python/console.py
@@ -205,13 +205,13 @@ def print_warning(msg: str, output: str = '', duration: str = '') -> None:
 
 def print_val(name: str, value: str, val_below: bool = False) -> None:
     """Print a key-value pair."""
-    _print_log(f'{name:<_PAD_MAX}:{"\n" if val_below else " "}{value}', '👉 ', BOLD_B, wrap_lines=True, level=logging.INFO)
+    _print_log(f'{name:<{_PAD_MAX}}:{"\n" if val_below else " "}{value}', '👉 ', BOLD_B, wrap_lines=True, level=logging.INFO)
 
 
 def print_secret(name: str, value: str) -> None:
     """Print a key-value pair with the value masked, showing only its length."""
     masked = f'***REDACTED*** ({len(value)} chars)' if value else '(empty)'
-    _print_log(f'{name:<_PAD_MAX}: {masked}', '🔒 ', BOLD_B, wrap_lines=True, level=logging.INFO)
+    _print_log(f'{name:<{_PAD_MAX}}: {masked}', '🔒 ', BOLD_B, wrap_lines=True, level=logging.INFO)
 
 
 def print_plain(msg: str = '', *, level: int | None = None, wrap_lines: bool = True, blank_above: bool = False, blank_below: bool = False) -> None:

From e0d468f871141aa87eb75010a9d4c41c8ca8401a Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Fri, 12 Jun 2026 00:00:59 -0400
Subject: [PATCH 19/31] Fix tests

---
 tests/python/test_inference_failover.py         | 3 ++-
 tests/python/test_inference_failover_helpers.py | 6 ++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index a9879d0b..9dadcf71 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -419,7 +419,7 @@ def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
     assert 'def format_gateway_distribution(' not in code_source
     assert 'distribution_frame = inference_failover_helpers.with_backend_identifier(distribution_frame)' in code_source
     assert 'distribution_frame = inference_failover_helpers.format_gateway_distribution(distribution_frame)' in code_source
-    assert code_source.count("distribution_frame.pivot(index='API', columns='Backend', values='Requests')") == 2
+    assert code_source.count("distribution_frame.pivot(index='API', columns='Backend', values='Requests')") == 1
     assert "columns=['API', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens']" in code_source
     assert 'token_frame = inference_failover_helpers.with_backend_identifier(token_frame)' in code_source
     assert 'plt.show()' in code_source
@@ -432,6 +432,7 @@ def test_inference_notebook_generates_local_html_report() -> None:
     code_source = '\n'.join(''.join(cell['source']) for cell in notebook['cells'] if cell['cell_type'] == 'code')
 
     assert 'inference_failover_helpers.InferenceReportContext(' in code_source
+    assert 'inference_failover_helpers = importlib.reload(inference_failover_helpers)' in code_source
     assert 'inference_failover_helpers.generate_local_html_report(' in code_source
     assert 'scenario_results=scenario_results' in code_source
     assert "'gpt-5.1': gpt_5_1_backend_url_index" in code_source
diff --git a/tests/python/test_inference_failover_helpers.py b/tests/python/test_inference_failover_helpers.py
index 93480ded..50c87223 100644
--- a/tests/python/test_inference_failover_helpers.py
+++ b/tests/python/test_inference_failover_helpers.py
@@ -397,11 +397,13 @@ def test_generate_local_html_report_adds_available_telemetry(monkeypatch, tmp_pa
         columns=['API', 'Backend URL', 'Requests'],
     )
     token_frame = pd.DataFrame([['inference-gpt-5-1', 20]], columns=['API', 'TotalTokens'])
+    scenario_results = _report_results()
+    scenario_results[0][0]['status_code'] = 503
 
     generate_local_html_report(
         _report_context(),
         tests,
-        _report_results(),
+        scenario_results,
         indexes,
         labels,
         distribution_frame,
@@ -411,7 +413,7 @@ def test_generate_local_html_report_adds_available_telemetry(monkeypatch, tmp_pa
 
     assert report.add_table.call_count == 5
     assert report.add_figure.call_count == 8
-    report.add_success_callout.assert_called_once()
+    report.add_success_callout.assert_not_called()
     assert report.add_table.call_args_list[0].args[0] == 'Assertion Failures'
     assert close_figure.call_count == 8
 

From feb85ab05f8754c9da05ea7f6a2c58a642ded1d2 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Fri, 12 Jun 2026 00:06:44 -0400
Subject: [PATCH 20/31] Fix error

---
 samples/inference-failover/create.ipynb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index 50bc2e7f..1456a1a4 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -900,6 +900,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "import importlib\n",
     "# APIM Samples imports\n",
     "from console import print_ok, print_warning\n",
     "\n",
@@ -907,6 +908,7 @@
     "    print_warning('Please run the scenario chart cell first')\n",
     "    raise SystemExit(1)\n",
     "\n",
+    "inference_failover_helpers = importlib.reload(inference_failover_helpers)\n",
     "report_context = inference_failover_helpers.InferenceReportContext(\n",
     "    sample_folder=sample_folder,\n",
     "    apim_source_region=apim_source_region,\n",

From b84d0bac077332ffa4b8a9df61c730e3bf484937 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Fri, 12 Jun 2026 18:07:05 -0400
Subject: [PATCH 21/31] Sample tweaks

---
 .github/copilot-instructions.md               |  64 ++++-
 .github/markdown.instructions.md              |  18 +-
 .markdownlint-cli2.jsonc                      |   6 +
 pyproject.toml                                |   2 +-
 .../APIM Load Balancer Config.md              |  78 ++++++
 samples/inference-failover/README.md          | 147 ++++++-----
 samples/inference-failover/create.ipynb       | 247 ++++++++----------
 .../inference-failover.workbook.json          |  22 +-
 .../inference_failover_helpers.py             |  52 ++--
 samples/inference-failover/main.bicep         |  26 +-
 samples/inference-failover/queries/README.md  |  16 +-
 .../queries/backend-distribution.kql          |  19 +-
 .../queries/failover-outcomes.kql             |   3 +-
 .../queries/failure-analysis.kql              |   3 +-
 .../queries/request-details.kql               |   2 +
 .../queries/token-throughput.kql              |   3 +-
 tests/python/test_inference_failover.py       | 149 +++++++++--
 .../python/test_inference_failover_helpers.py |  55 +++-
 18 files changed, 597 insertions(+), 315 deletions(-)
 create mode 100644 samples/inference-failover/APIM Load Balancer Config.md

diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
index 22a99370..4bf4cd28 100644
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -526,13 +526,13 @@ The public landing page at <https://azure-samples.github.io/Apim-Samples/> is bu
 
 **Treat `docs/index.html` as a downstream consumer of the README.** When you change any of the following, update the landing page in the same PR:
 
-| Change | Update required in `docs/index.html` | Also update |
-| --- | --- | --- |
-| Add / remove / rename an **infrastructure** | Add / remove / rename the matching `.infra-card` **and** the matching `ListItem` in the JSON-LD `ItemList` (in `<head>`). Update the infrastructure count in the first `.value-card` if it still says "Five". | Add / remove the SVG copy line in `.github/workflows/github-pages.yml`. |
-| Add / remove / rename a **sample** | Add / remove / rename the matching `.sample-card` **and** the matching `ListItem` in the JSON-LD `ItemList`. | — |
-| Change a sample's **supported infrastructures** | Update the `.infra-tag` text on that sample's card. | — |
-| Change the **quick-start flow** in the root README | Update the four `.step` items. | — |
-| Rename or replace an **architecture SVG** in `assets/diagrams/` | — | Update the matching `cp` line in `.github/workflows/github-pages.yml`. |
+| Change                                                          | Update required in `docs/index.html`                                                                                                                                                                          | Also update                                                             |
+| --------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------- |
+| Add / remove / rename an **infrastructure**                     | Add / remove / rename the matching `.infra-card` **and** the matching `ListItem` in the JSON-LD `ItemList` (in `<head>`). Update the infrastructure count in the first `.value-card` if it still says "Five". | Add / remove the SVG copy line in `.github/workflows/github-pages.yml`. |
+| Add / remove / rename a **sample**                              | Add / remove / rename the matching `.sample-card` **and** the matching `ListItem` in the JSON-LD `ItemList`.                                                                                                  | —                                                                       |
+| Change a sample's **supported infrastructures**                 | Update the `.infra-tag` text on that sample's card.                                                                                                                                                           | —                                                                       |
+| Change the **quick-start flow** in the root README              | Update the four `.step` items.                                                                                                                                                                                | —                                                                       |
+| Rename or replace an **architecture SVG** in `assets/diagrams/` | —                                                                                                                                                                                                             | Update the matching `cp` line in `.github/workflows/github-pages.yml`.  |
 
 Check `docs/README.md` for local preview instructions and styling notes. The page is deliberately plain static HTML + an external stylesheet (`docs/styles.css`), with no executable JavaScript and no build tooling, so that it cannot rot due to a transitive npm dependency. The only `<script>` tag is the JSON-LD structured-data block, which must stay inline because search-engine crawlers do not reliably follow external JSON-LD references. Keep it that way unless there is a compelling reason to add a build step.
 
@@ -621,6 +621,56 @@ Azure Monitor Workbook definitions stored in this repository must follow the **`
 - **Push script**: A sample that ships a workbook should provide an `update-workbook.ps1` (or equivalent) helper that reads `<name>.workbook.json` and updates the deployed workbook resource via `az rest`. The script should accept a mandatory `-rg` parameter and preserve any user-edited workbook parameter values (e.g. cost rates) from the live resource so that re-pushing source-controlled changes does not clobber portal edits.
 - **Tests**: Workbook JSON files should be parsed and structurally validated by a unit test (see `tests/python/test_costing_workbook.py` for the canonical pattern: schema check, parameter presence, KQL query well-formedness).
 
+### Azure Monitor Workbook Table Presentation
+
+Workbook tables must use readable, consistently formatted column titles and numeric values:
+
+- **Use human-readable column titles.** Do not expose raw camelCase or PascalCase telemetry identifiers as table headers. Add a final KQL `project-rename` presentation layer after filtering, aggregation, ordering, and row limiting so internal query names remain stable. Separate words with spaces and preserve standard initialisms such as `API`, `APIM`, `AOAI`, `ID`, and `LLM`. For example, use `AOAI Instance`, `Correlation ID`, and `Model Deployment`, not `AOAIInstance`, `CorrelationId`, or `DeploymentName`.
+- **Include units in column titles.** Add the unit in parentheses whenever the value's unit is not otherwise obvious. For example, rename `TotalTime` to `Total Time (ms)`, `AverageBackendMs` to `Average Backend (ms)`, and a percentage value to a title ending in `(%)`.
+- **Always use thousands separators for quantitative numeric values.** Configure every count, duration, token, cost, percentage, and other quantitative numeric table column with a `gridSettings.formatters` entry whose `numberFormat.options` uses `"style": "decimal"` and `"useGrouping": true`. Set `minimumFractionDigits` and `maximumFractionDigits` to values appropriate for the metric. Numeric identifiers and categorical status codes do not require numeric formatting.
+- **Keep formatted values numeric.** Do not use KQL `format_*()`, `tostring()`, or string concatenation to add separators, units, currency symbols, or percent signs. Keep the result typed as numeric so workbook sorting, filtering, thresholds, and visualizations continue to work; apply presentation through `numberFormat`.
+
+```kql
+| project-rename
+    ['API'] = ApiId,
+    ['AOAI Instance'] = AOAIInstance,
+    ['Total Time (ms)'] = TotalTime,
+    ['Total Tokens'] = TotalTokens
+```
+
+```json
+"gridSettings": {
+  "formatters": [
+    {
+      "columnMatch": "Total Time \\(ms\\)",
+      "formatter": 0,
+      "numberFormat": {
+        "unit": 0,
+        "options": {
+          "style": "decimal",
+          "useGrouping": true,
+          "minimumFractionDigits": 1,
+          "maximumFractionDigits": 1
+        }
+      }
+    },
+    {
+      "columnMatch": "Total Tokens",
+      "formatter": 0,
+      "numberFormat": {
+        "unit": 0,
+        "options": {
+          "style": "decimal",
+          "useGrouping": true,
+          "minimumFractionDigits": 0,
+          "maximumFractionDigits": 0
+        }
+      }
+    }
+  ]
+}
+```
+
 ### Azure Monitor Workbook Query Optimization
 
 Azure Monitor Workbook query items execute independently — there is no native mechanism to share a materialized table across query items. Apply the following patterns to minimise data scanned and improve workbook responsiveness:
diff --git a/.github/markdown.instructions.md b/.github/markdown.instructions.md
index 43b9edf6..94af3013 100644
--- a/.github/markdown.instructions.md
+++ b/.github/markdown.instructions.md
@@ -12,6 +12,7 @@ This document provides standards for Markdown files in the APIM Samples reposito
 
 - Every new or modified Markdown file must pass markdownlint with zero violations before the work is considered complete.
 - Run markdownlint against all changed `.md` files using the available CLI or VS Code diagnostics.
+- Format every table before running markdownlint. Use the editor's Markdown formatter or Prettier, then review the file-wide diff for unrelated changes.
 - Fix violations instead of disabling rules. Add a narrowly scoped suppression only when the Markdown intentionally cannot comply, and explain why next to the suppression.
 
 ### 🚨 No Emoji Variation Selectors in Markdown Links
@@ -66,9 +67,9 @@ This document provides standards for Markdown files in the APIM Samples reposito
 
 ### Markdown Tables
 
-Use one table style consistently within each table. Always include one space on both sides of each pipe delimiter, including separator rows. Never write compact separators such as `|---|---|`.
+Every Markdown table must use the aligned column style enforced by `MD060`. Pad the header, separator, and data cells so every pipe delimiter in a column lines up vertically. Always include leading and trailing pipes as enforced by `MD055`, with one space on both sides of each interior pipe delimiter. Never use compact or tight table styles, including compact separators such as `|---|---|`.
 
-**Prefer aligned tables** for short values. Pad cell values with spaces so that every `|` delimiter in a column lines up vertically.
+Format tables after adding, removing, or editing any row or cell. Because aligned `MD060` findings may require adjusting the entire table, use the editor's Markdown formatter or Prettier before running markdownlint, then review the resulting diff.
 
 ❌ **WRONG** — misaligned columns:
 
@@ -88,16 +89,7 @@ Use one table style consistently within each table. Always include one space on
 | Very Long Name | 45    |
 ```
 
-Use the separator row (`---`, `:---:`, `---:`, etc.) to establish column widths, then align all subsequent rows to match.
-
-**Use compact tables** for prose-heavy content when alignment would create very long lines. Keep spaces around every pipe delimiter and use the same compact style for the header, separator, and each row.
-
-```markdown
-| Name                  | Description                                                      |
-| --------------------- | ---------------------------------------------------------------- |
-| Simple API Management | Public API Management instance for learning and experimentation. |
-| Private Link          | Private ingress for security-focused scenarios.                  |
-```
+Use the separator row (`---`, `:---:`, `---:`, etc.) to establish column widths, then align all subsequent rows to match. Wide prose-heavy tables must remain aligned; `MD013` is disabled so table width is not a reason to use compact formatting.
 
 ### Lists
 
@@ -283,7 +275,7 @@ Structured guides for domain-specific tasks (Bicep, Python policies, sample crea
 | ------------------------ | --------------------------------------------------------- | ------------------------------------------------------------------------------------------ |
 | Markdownlint failure     | Markdown does not meet the configured lint rules          | Fix every reported violation and rerun markdownlint                                        |
 | Anchor links break       | Emoji in heading + encoded in link                        | Remove emoji from link reference: `[text](#heading-only)`                                  |
-| Tables misaligned        | Mixed table styles or missing spaces around pipes         | Use one consistent aligned or compact style and write separator rows as `\| --- \| --- \|` |
+| Tables misaligned        | Columns or pipe styles do not satisfy `MD055` and `MD060` | Format the entire table with aligned columns and leading/trailing pipes                    |
 | Sections run together    | Missing or repeated blank lines                           | Use exactly one blank line around headings, tables, lists, and fences                      |
 | Code fence warning       | Missing fence language                                    | Add the appropriate language, or use `text` for plain output                               |
 | List indentation warning | Inconsistent nesting or ordered prefixes                  | Use two spaces per unordered nesting level and `1.` for ordered items                      |
diff --git a/.markdownlint-cli2.jsonc b/.markdownlint-cli2.jsonc
index ebd1c661..0f99951b 100644
--- a/.markdownlint-cli2.jsonc
+++ b/.markdownlint-cli2.jsonc
@@ -3,6 +3,12 @@
     "MD013": false,
     "MD024": {
       "siblings_only": true
+    },
+    "MD055": {
+      "style": "leading_and_trailing"
+    },
+    "MD060": {
+      "style": "aligned"
     }
   }
 }
diff --git a/pyproject.toml b/pyproject.toml
index b8f41a81..fd3915bd 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -31,7 +31,7 @@ dev = [
 ]
 
 [tool.ruff]
-line-length = 150
+line-length = 220
 
 [tool.ruff.format]
 quote-style = "single"
diff --git a/samples/inference-failover/APIM Load Balancer Config.md b/samples/inference-failover/APIM Load Balancer Config.md
new file mode 100644
index 00000000..6d2e27bf
--- /dev/null
+++ b/samples/inference-failover/APIM Load Balancer Config.md	
@@ -0,0 +1,78 @@
+# Azure API Management (APIM) Load Balancer Configuration
+
+This topology assumes the following:
+
+- Single APIM region: **East US 2**
+- Model: **gpt-5-mini (2025-08-07)**
+- PTUs: **300 in East US 2**
+
+This load balancing design provides inference-backend failover. A single-region APIM deployment remains a gateway dependency, so an East US 2 APIM outage can make every backend in this pool unreachable. Use an appropriate multi-region APIM topology when gateway-region resilience is also required.
+
+## Backend Pool
+
+| Index | Subscription | AI Resource region | APIM backend                    | Deployment type      | Billing/capacity | Priority | Weight |
+| :---: | :----------: | ------------------ | ------------------------------- | -------------------- | :--------------: | :------: | -----: |
+| 1     |  1           | East US 2          | `gpt-5-mini-ptu-eastus2`        | `ProvisionedManaged` | 300 PTUs         |    1     |    100 |
+| 2     |  1           | East US 2          | `gpt-5-mini-datazone-eastus2`   | `DataZoneStandard`   | PAYG             |    2     |     25 |
+| 3     |  2           | East US            | `gpt-5-mini-datazone-eastus`    | `DataZoneStandard`   | PAYG             |    2     |     25 |
+| 4     |  3           | Central US         | `gpt-5-mini-datazone-centralus` | `DataZoneStandard`   | PAYG             |    2     |     25 |
+| 5     |  4           | West US 3          | `gpt-5-mini-datazone-westus3`   | `DataZoneStandard`   | PAYG             |    2     |     25 |
+| 6     |  1           | East US 2          | `gpt-5-mini-global-eastus2`     | `GlobalStandard`     | PAYG             |    3     |     25 |
+| 7     |  2           | East US            | `gpt-5-mini-global-eastus`      | `GlobalStandard`     | PAYG             |    3     |     25 |
+| 8     |  3           | Central US         | `gpt-5-mini-global-centralus`   | `GlobalStandard`     | PAYG             |    3     |     25 |
+| 9     |  4           | West US 3          | `gpt-5-mini-global-westus3`     | `GlobalStandard`     | PAYG             |    3     |     25 |
+
+*Equal weights divide traffic approximately evenly among healthy backends in the same priority tier.*
+
+## Routing Strategy
+
+The backend pool uses three priority tiers:
+
+  1. **Priority 1 - regional provisioned capacity:** Route to the 300-PTU `ProvisionedManaged` deployment in East US 2.
+
+  1. **Priority 2 - US data zone fallback:** Distribute traffic equally across the four `DataZoneStandard` deployments.
+
+  1. **Priority 3 - global fallback:** Distribute traffic equally across the four `GlobalStandard` deployments.
+
+### Design Decisions
+
+The priorities reflect capacity commitment and permitted processing scope, not physical distance from APIM alone:
+
+- **Use the regional PTU deployment first.** The East US 2 `ProvisionedManaged` deployment provides reserved, predictable throughput and keeps inference processing in the same region as APIM.
+- **Aggregate independently granted PAYG quota.** PAYG quota is assigned per subscription, resource region, model, and deployment type. APIM can balance across the four subscription-and-region allocations to expose the sum of quota explicitly approved and assigned to these deployments. Four subscriptions do not automatically provide four times the capacity, and multiple deployments within one quota scope do not create more quota. Tenant-level model usage tiers can also affect latency across subscriptions and regions.
+- **Treat the four US data zone deployments as equal peers.** A `DataZoneStandard` resource created in East US 2 can process inference anywhere in the US data zone, so its resource location does not guarantee lower latency or East US 2 processing. Equal weights use the independently granted PAYG capacity and reduce dependence on one subscription, quota allocation, resource endpoint, or resource-location failure domain.
+- **Do not give the East US 2 data zone resource its own priority without evidence.** Doing so would direct all post-PTU traffic to that one resource until its circuit breaker trips. This can be appropriate for a measured latency, cost-allocation, or subscription preference, but it does not provide regional inference locality.
+- **Keep global deployments as the final tier.** `GlobalStandard` offers the broadest processing scope and additional PAYG capacity, but requests can be processed in any eligible Azure region. It therefore follows the US data zone tier when US-only processing is preferred.
+
+> **Note: Simpler topology if quota aggregation was unnecessary:**
+>
+> If one subscription had enough approved PAYG quota and separate endpoint isolation is not required, the pool could be reduced from nine backends to three:
+>
+> 1. One East US 2 `ProvisionedManaged` backend at priority 1.
+> 1. One US `DataZoneStandard` backend at priority 2.
+> 1. One `GlobalStandard` backend at priority 3.
+>
+> The global backend can be omitted when US-only processing is mandatory, leaving a two-backend pool. Retain multiple backends in a tier when independent subscription quota, endpoint failure isolation, or operational ownership justifies the added complexity. A single `DataZoneStandard` or `GlobalStandard` deployment already uses the service's internal routing scope; multiple deployments are not required merely to reach multiple inference regions.
+
+- **Set max number of retries.** Set the max to the total number of backends - 1. 1 represents the initial request. Here, this yields `10 backends - 1 = 9 retries`. This recommendation depends on the current circuit breaker setting, which trips a backend after one qualifying `408`, `429`, `499`, `500`, `502`, `503`, or `504` response. Once its circuit opens, later requests handled by that APIM gateway avoid the unavailable backend, so every request does not need to probe the full pool. The pool-specific cache in this policy stores the soonest `Retry-After` recovery time for an exhausted response; it does not select backends or replace circuit-breaker state.
+
+> **Note: About potential retries:**
+>
+> Because we retry in the context of a load balancer with a backend pool (as opposed to a single backend), any failing request may trip that backend's configred circuit breaker. That backend is then immediately removed from the pool for the duration of the circuit breaker trip. APIM then immediately retries against another *healthy* backend, if available, from the pool. **ONE retry represents the vast majority of retry occurrences.**
+> It is technically possible for more retries to occur, but that would necessitate backends failing often with a very dynamic backend health pool. This is very unlikely to happen, but even if it did, it would not result in many retries (odds are high that a healthy backend will be selectable and we also limit the max retry count).
+
+## Availability Validation
+
+**Availability checked:** `2026-06-12 13:32:15 UTC`
+
+The official Microsoft Learn availability matrices list `gpt-5-mini` version `2025-08-07` as available for:
+
+- [DataZoneStandard in East US 2, East US, Central US, and West US 3](https://learn.microsoft.com/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure-region-availability?pivots=standard#data-zone-standard).
+- [GlobalStandard in East US 2, East US, Central US, and West US 3](https://learn.microsoft.com/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure-region-availability?pivots=standard#global-standard).
+- [Regional ProvisionedManaged in East US 2](https://learn.microsoft.com/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure-region-availability?pivots=provisioned#regional-provisioned-managed).
+
+The [`gpt-5-mini` model specification](https://learn.microsoft.com/azure/foundry/foundry-models/concepts/models-sold-directly-by-azure#gpt-5) identifies version `2025-08-07`. The [deployment type comparison](https://learn.microsoft.com/azure/foundry/foundry-models/concepts/deployment-types#deployment-type-comparison) defines the exact Azure SKU codes used in this table.
+
+The [Azure OpenAI quota reference](https://learn.microsoft.com/azure/foundry/openai/quotas-limits#scope-of-quota) documents subscription-level quota scope and regional allocation. The [APIM backend reference](https://learn.microsoft.com/azure/api-management/backends#load-balanced-pool) defines pool priorities, relative weights, circuit breakers, and the distributed-gateway caveats. The [APIM retry policy reference](https://learn.microsoft.com/azure/api-management/retry-policy) defines retry-count and immediate-retry behavior.
+
+**Model availability does not guarantee that PTUs are immediately allocatable in a specific subscription and region. Confirm the East US 2 provisioned quota and capacity before deployment.**
diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
index dbb4e5d1..13b3caba 100644
--- a/samples/inference-failover/README.md
+++ b/samples/inference-failover/README.md
@@ -7,7 +7,7 @@ This sample uses Azure API Management as an AI Gateway for two Azure OpenAI mode
 
 ⚙️ **Supported infrastructures**: All infrastructures
 
-👟 **Expected *Run All* runtime (excl. infrastructure prerequisite): ~15 minutes**
+👟 **Expected _Run All_ runtime (excl. infrastructure prerequisite): ~15 minutes**
 
 ## 🎯 Objectives
 
@@ -26,52 +26,52 @@ Beyond the [general prerequisites](../../README.md#-getting-started) (Azure subs
 
 ## 📝 Scenario
 
-An AI platform prefers provisioned capacity tiers across its available regions before using pay-as-you-go capacity: in-region PTU, out-of-region PTU, in-region PAYG, then out-of-region PAYG. This lab exercises that routing shape using only regional `Standard` pay-as-you-go Azure OpenAI deployments. Names containing `PTU` identify the simulated preference tier in the experiment and do not change the Azure OpenAI deployment SKU or billing model.
+An AI platform prefers all provisioned capacity before using pay-as-you-go capacity: all PTUs, then in-region PAYG, then any remaining PAYG. This lab exercises that routing shape using only regional `Standard` pay-as-you-go Azure OpenAI deployments. Names containing `PTU` identify the simulated preference tier in the experiment and do not change the Azure OpenAI deployment SKU or billing model.
 
 ### Response Handling Rules
 
 The inference policy uses the following response-handling matrix. "Trip Breaker" applies to the backend that returned the response. "Caller Codes" lists the recovery code first and the exhausted terminal code second when both are possible.
 
-| Backend Code | Trip Breaker | Retry | Caller Codes | Category | Severity | Handling |
-| --- | --- | --- | --- | --- | --- | --- |
-| 200 | - | - | 200 | Success | None | Return the successful response. |
-| 400 | No | No | 400 | Client | Low | Return unchanged; may indicate an invalid request or content filtering. |
-| 401 | No | No | 401 | Auth | Medium | Return unchanged; correct backend authentication. |
-| 403 | No | No | 403 | AuthZ | Medium | Return unchanged; correct backend authorization. |
-| 404 | No | No | 404 | Config | Medium | Return unchanged; correct the backend URL or deployment name. |
-| 408 | Yes | Yes | 200 or 408 | Timeout | Medium | Retry another backend; return the explicit HTTP timeout if the fallback chain is exhausted. |
-| 409 | No | Sometimes | 200 or 409 | Conflict | Medium | Retry only when `Retry-After` marks the conflict as transient. |
-| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Retry another eligible backend; return exhausted capacity with the soonest `Retry-After`. |
-| 499 | Yes | Yes | 200 or 499 | Custom | Medium | Retry another backend when PTU exhaustion is represented by a transformed `408`. |
-| 500 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
-| 502 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
-| 503 | Yes | Yes | 200, 429, or 503 | Infra | High | Retry another backend; return `429` when `Retry-After` identifies capacity, otherwise normalize exhaustion to `503`. |
-| 504 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |
-| null | No | Yes | 200 or 503 | Transport | High | Retry after no backend response; normalize handled transport failures to `503`. |
+| Backend Code | Trip Breaker | Retry     | Caller Codes     | Category  | Severity | Handling                                                                                                             |
+| ------------ | ------------ | --------- | ---------------- | --------- | -------- | -------------------------------------------------------------------------------------------------------------------- |
+| 200          | -            | -         | 200              | Success   | None     | Return the successful response.                                                                                      |
+| 400          | No           | No        | 400              | Client    | Low      | Return unchanged; may indicate an invalid request or content filtering.                                              |
+| 401          | No           | No        | 401              | Auth      | Medium   | Return unchanged; correct backend authentication.                                                                    |
+| 403          | No           | No        | 403              | AuthZ     | Medium   | Return unchanged; correct backend authorization.                                                                     |
+| 404          | No           | No        | 404              | Config    | Medium   | Return unchanged; correct the backend URL or deployment name.                                                        |
+| 408          | Yes          | Yes       | 200 or 408       | Timeout   | Medium   | Retry another backend; return the explicit HTTP timeout if the fallback chain is exhausted.                          |
+| 409          | No           | Sometimes | 200 or 409       | Conflict  | Medium   | Retry only when `Retry-After` marks the conflict as transient.                                                       |
+| 429          | Yes          | Yes       | 200 or 429       | Capacity  | Medium   | Retry another eligible backend; return exhausted capacity with the soonest `Retry-After`.                            |
+| 499          | Yes          | Yes       | 200 or 499       | Custom    | Medium   | Retry another backend when PTU exhaustion is represented by a transformed `408`.                                     |
+| 500          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
+| 502          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
+| 503          | Yes          | Yes       | 200, 429, or 503 | Infra     | High     | Retry another backend; return `429` when `Retry-After` identifies capacity, otherwise normalize exhaustion to `503`. |
+| 504          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
+| null         | No           | Yes       | 200 or 503       | Transport | High     | Retry after no backend response; normalize handled transport failures to `503`.                                      |
 
 ### Failure Test Coverage
 
 The notebook runs deterministic gateway contract probes before its capacity scenarios. These probes verify a valid `200`, an Azure OpenAI `400` from malformed JSON, an APIM `401` from a missing subscription key, and an APIM `404` from an unknown operation. The `400` also verifies `X-Backend-Retry: 0`, proving that client errors pass through without retry. The pressure scenarios exercise organic `429` handling against the intentionally small deployments. The remaining backend statuses require a controllable fault origin because Azure OpenAI does not provide a supported "return this status" test switch.
 
-| Condition | Automated here | Recommended controlled test | Expected evidence |
-| --- | --- | --- | --- |
-| `200` | Yes | Send a valid small chat-completions request. | `200` and `X-Backend-Retry: 0`. |
-| `400` | Yes | Send truncated JSON with `Content-Type: application/json`. | Backend `400`, caller `400`, and `X-Backend-Retry: 0`. |
-| `401` | Yes | Omit the APIM subscription key. | Gateway `401`; the inference policy is not entered. |
-| `403` | No | On an isolated deployment, remove **Cognitive Services OpenAI User** from APIM or add a temporary deny policy. Restore access immediately after the probe. | Backend/caller `403` and no retry. |
-| `404` | Yes | Call an unknown APIM operation. For a backend-side variant, temporarily target a nonexistent model deployment in an isolated backend. | `404` and no retry. |
-| `408` | No | Return an explicit `408` from the controlled fault origin. | Immediate circuit trip and backend failover; an exhausted chain keeps `408`. |
-| `409` without `Retry-After` | No | Use a local fault server, Mockoon, WireMock, or a temporary Container App that returns `409` without the header. | One attempt; caller keeps `409`. |
-| `409` with `Retry-After` | No | Return `409` plus `Retry-After: 1` from the controlled fault origin. | Retry count increases, but the backend circuit does not open. |
-| `429` | Yes, workload-dependent | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin. | Backend selection avoids the constrained backend; exhausted capacity returns `429` with the soonest recovery delay. |
-| `499` | No | Transform a PTU-exhaustion `408` into `499`, or return `499` from the controlled fault origin. | Immediate circuit trip and backend failover; an exhausted chain keeps `499`. |
-| `500` | No | Return an explicit `500` from the controlled fault origin. | Immediate circuit trip and backend failover; an exhausted chain becomes generic `503`. |
-| `502` | No | Return an explicit `502` from the controlled fault origin. | Immediate circuit trip and backend failover. |
-| `503` | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin. | Immediate failover; exhausted capacity with `Retry-After` becomes `429`, otherwise the chain becomes generic `503`. |
-| `504` | No | Return an explicit `504`; separately delay the origin beyond the APIM forwarding timeout to test transport timeout behavior. | HTTP `504` trips the circuit; timeout produces no backend HTTP response but is retried and normalized to `503`. |
-| DNS/connection failure | No | Point one isolated backend at a reserved nonexistent host such as `https://unresolvable.invalid`. | `BackendConnectionFailure`, retries, then generic `503` if all destinations fail. |
-| TLS failure | No | Point an isolated backend at a host with an expired certificate or a certificate-name mismatch while TLS validation remains enabled. | Backend connection failure, retries, and no certificate detail disclosed to the caller. |
-| Caller disconnect | No | Start a streaming or deliberately slow request, then abort the client socket or use `curl --max-time 1`. | Native client-connection/cancellation telemetry; this is not backend failover. |
+| Condition                   | Automated here             | Recommended controlled test                                                                                                                                | Expected evidence                                                                                                   |
+| --------------------------- | -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- |
+| `200`                       | Yes                        | Send a valid small chat-completions request.                                                                                                               | `200` and `X-Backend-Retry: 0`.                                                                                     |
+| `400`                       | Yes                        | Send truncated JSON with `Content-Type: application/json`.                                                                                                 | Backend `400`, caller `400`, and `X-Backend-Retry: 0`.                                                              |
+| `401`                       | Yes                        | Omit the APIM subscription key.                                                                                                                            | Gateway `401`; the inference policy is not entered.                                                                 |
+| `403`                       | No                         | On an isolated deployment, remove **Cognitive Services OpenAI User** from APIM or add a temporary deny policy. Restore access immediately after the probe. | Backend/caller `403` and no retry.                                                                                  |
+| `404`                       | Yes                        | Call an unknown APIM operation. For a backend-side variant, temporarily target a nonexistent model deployment in an isolated backend.                      | `404` and no retry.                                                                                                 |
+| `408`                       | No                         | Return an explicit `408` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover; an exhausted chain keeps `408`.                                        |
+| `409` without `Retry-After` | No                         | Use a local fault server, Mockoon, WireMock, or a temporary Container App that returns `409` without the header.                                           | One attempt; caller keeps `409`.                                                                                    |
+| `409` with `Retry-After`    | No                         | Return `409` plus `Retry-After: 1` from the controlled fault origin.                                                                                       | Retry count increases, but the backend circuit does not open.                                                       |
+| `429`                       | Yes, workload-dependent    | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin.                                              | Backend selection avoids the constrained backend; exhausted capacity returns `429` with the soonest recovery delay. |
+| `499`                       | No                         | Transform a PTU-exhaustion `408` into `499`, or return `499` from the controlled fault origin.                                                             | Immediate circuit trip and backend failover; an exhausted chain keeps `499`.                                        |
+| `500`                       | No                         | Return an explicit `500` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover; an exhausted chain becomes generic `503`.                              |
+| `502`                       | No                         | Return an explicit `502` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover.                                                                        |
+| `503`                       | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin.                                                                             | Immediate failover; exhausted capacity with `Retry-After` becomes `429`, otherwise the chain becomes generic `503`. |
+| `504`                       | No                         | Return an explicit `504`; separately delay the origin beyond the APIM forwarding timeout to test transport timeout behavior.                               | HTTP `504` trips the circuit; timeout produces no backend HTTP response but is retried and normalized to `503`.     |
+| DNS/connection failure      | No                         | Point one isolated backend at a reserved nonexistent host such as `https://unresolvable.invalid`.                                                          | `BackendConnectionFailure`, retries, then generic `503` if all destinations fail.                                   |
+| TLS failure                 | No                         | Point an isolated backend at a host with an expired certificate or a certificate-name mismatch while TLS validation remains enabled.                       | Backend connection failure, retries, and no certificate detail disclosed to the caller.                             |
+| Caller disconnect           | No                         | Start a streaming or deliberately slow request, then abort the client socket or use `curl --max-time 1`.                                                   | Native client-connection/cancellation telemetry; this is not backend failover.                                      |
 
 Use a separate APIM API/backend pool or a disposable deployment for controlled origin tests. Do not add public fault-injection headers to the production-shaped inference APIs, and do not remove role assignments from a shared environment. A nonexistent backend hostname is useful for DNS failure, but it does **not** simulate a client disconnect: DNS happens between APIM and the backend, while a client disconnect happens between the caller and APIM.
 
@@ -81,17 +81,39 @@ For the HTTP fault cases, a minimal local origin can return the requested status
 
 All deployments below use the regional `Standard` SKU with a capacity of `1` thousand tokens per minute (TPM). This deliberately small capacity makes concentrated `429`-driven failover practical to observe; it is not production sizing advice.
 
-| Region           | Label | Deployment         | Model          | Version      | Simulates          |
-| ---------------- | ----- | ------------------ | -------------- | ------------ | ------------------ |
-| East US 2        | A     | `a-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | In-region PTU      |
-| East US 2        | B     | `b-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | In-region PAYG     |
-| East US 2        | C     | `c-gpt-4-1-mini`   | `gpt-4.1-mini` | `2025-04-14` | In-region PTU      |
-| East US 2        | D     | `d-gpt-4-1-mini`   | `gpt-4.1-mini` | `2025-04-14` | In-region PAYG     |
-| West US 3        | D     | `d-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | Out-of-region PTU  |
-| West US 3        | E     | `e-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | Out-of-region PAYG |
-| West US 3        | F     | `f-gpt-4-1-mini`   | `gpt-4.1-mini` | `2025-04-14` | Out-of-region PTU  |
-| South Central US | G     | `g-gpt-5-1`        | `gpt-5.1`      | `2025-11-13` | Out-of-region PAYG |
-| South Central US | H     | `h-gpt-4-1-mini`   | `gpt-4.1-mini` | `2025-04-14` | Out-of-region PAYG |
+| Region           | Label | Deployment       | Model          | Version      | Simulates          |
+| ---------------- | ----- | ---------------- | -------------- | ------------ | ------------------ |
+| East US 2        | A     | `a-gpt-5-1`      | `gpt-5.1`      | `2025-11-13` | In-region PTU      |
+| East US 2        | B     | `b-gpt-5-1`      | `gpt-5.1`      | `2025-11-13` | In-region PAYG     |
+| East US 2        | C     | `c-gpt-4-1-mini` | `gpt-4.1-mini` | `2025-04-14` | In-region PTU      |
+| East US 2        | D     | `d-gpt-4-1-mini` | `gpt-4.1-mini` | `2025-04-14` | In-region PAYG     |
+| West US 3        | D     | `d-gpt-5-1`      | `gpt-5.1`      | `2025-11-13` | Out-of-region PTU  |
+| West US 3        | E     | `e-gpt-5-1`      | `gpt-5.1`      | `2025-11-13` | Out-of-region PAYG |
+| West US 3        | F     | `f-gpt-4-1-mini` | `gpt-4.1-mini` | `2025-04-14` | Out-of-region PTU  |
+| South Central US | G     | `g-gpt-5-1`      | `gpt-5.1`      | `2025-11-13` | Out-of-region PAYG |
+| South Central US | H     | `h-gpt-4-1-mini` | `gpt-4.1-mini` | `2025-04-14` | Out-of-region PAYG |
+
+### Load Balancer Configuration
+
+The following table is the source of truth for both model-safe APIM backend pools. APIM selects the lowest available priority first and distributes requests among available members at the same priority in proportion to their weights.
+
+The routing rules are:
+
+1. **Priority 1 - all PTUs:** Prefer every simulated PTU deployment, with equal weight across regions.
+1. **Priority 2 - in-region PAYG:** Use the East US 2 PAYG deployment after all compatible PTUs are unavailable.
+1. **Priority 3 - any PAYG:** Distribute traffic across any remaining compatible PAYG deployments, with equal weight when a model has multiple members in this tier.
+
+| Model          | Label | APIM Backend                       | Capacity Tier      | Priority | Weight |
+| -------------- | ----- | ---------------------------------- | ------------------ | -------- | ------ |
+| `gpt-5.1`      | A     | `gpt-5-1-PTU-eastus2`              | In-region PTU      | 1        | 50     |
+| `gpt-5.1`      | D     | `gpt-5-1-PTU-westus3`              | Out-of-region PTU  | 1        | 50     |
+| `gpt-5.1`      | B     | `gpt-5-1-PAYG-eastus2`             | In-region PAYG     | 2        | 100    |
+| `gpt-5.1`      | E     | `gpt-5-1-PAYG-westus3`             | Out-of-region PAYG | 3        | 50     |
+| `gpt-5.1`      | G     | `gpt-5-1-PAYG-southcentralus`      | Out-of-region PAYG | 3        | 50     |
+| `gpt-4.1-mini` | C     | `gpt-4-1-mini-PTU-eastus2`         | In-region PTU      | 1        | 50     |
+| `gpt-4.1-mini` | F     | `gpt-4-1-mini-PTU-westus3`         | Out-of-region PTU  | 1        | 50     |
+| `gpt-4.1-mini` | D     | `gpt-4-1-mini-PAYG-eastus2`        | In-region PAYG     | 2        | 100    |
+| `gpt-4.1-mini` | H     | `gpt-4-1-mini-PAYG-southcentralus` | Out-of-region PAYG | 3        | 100    |
 
 ## 🛩️ Lab Components
 
@@ -100,7 +122,7 @@ This lab adds the following to an existing APIM infrastructure:
 - Three regional Azure OpenAI resources containing nine `Standard` model deployments at `1` thousand TPM each.
 - Nine concrete APIM backends named using `<model>-<PTU|PAYG>-<region>`, each with TLS validation and separate circuit breakers for capacity, sustained internal errors, and immediate gateway or availability failures.
 - Model-specific APIM backends and one backend pool per model, so a retry never crosses to an incompatible deployment and circuit-breaker state remains isolated. APIM tracks circuit-breaker state at the backend resource; if models shared a backend, a `429` or another configured failure from one model could suppress traffic to a healthy model on that same backend.
-- Two AI Gateway APIs with managed identity authentication to Azure OpenAI: `POST /inference/gpt-5-1/chat/completions` retries four times through A -> D -> B -> E/G (equal terminal weights), while `POST /inference/gpt-4-1-mini/chat/completions` retries three times through C -> F -> D -> H.
+- Two AI Gateway APIs with managed identity authentication to Azure OpenAI: `POST /inference/gpt-5-1/chat/completions` retries four times across A/D -> B -> E/G, while `POST /inference/gpt-4-1-mini/chat/completions` retries three times across C/F -> D -> H. Members separated by `/` share a priority and have equal weights.
 
 - Model-specific retry policies that buffer the POST body while immediately retrying conditional conflicts, throttling, and listed infrastructure failures; cache the soonest `Retry-After` recovery time per model-safe pool; emit an information-level trace after every backend attempt; return caller-visible retry counts; return exhausted capacity as `429` with the remaining recovery delay; and return a generic `503` when infrastructure failover is exhausted.
 - APIM AI Gateway diagnostics using the infrastructure-provided Log Analytics workspace and Application Insights component, plus an AOAI-only workbook for terminal outcomes, retry trails, backend distribution, APIM errors, token coverage, and latency.
@@ -110,16 +132,17 @@ This lab adds the following to an existing APIM infrastructure:
 
 Every inference call produces one `ApiManagementGatewayLogs` row. The workbook and KQL files preserve the difference between the APIM caller response and the final backend response so an operator can determine whether APIM recovered, transformed the result, or exhausted fallback capacity.
 
-| Signal | Source | What it explains |
-| --- | --- | --- |
-| Caller-visible response | `ApiManagementGatewayLogs.ResponseCode` | The HTTP status ultimately returned by APIM. |
-| Caller-visible retries | `X-Backend-Retry` response header | The number of backend retries absorbed by APIM after the initial attempt. A healthy-path response normally returns `0`. |
-| Final backend response | `ApiManagementGatewayLogs.BackendResponseCode` | The HTTP status from the last selected Azure OpenAI backend. |
-| Final backend placement | `ApiManagementGatewayLogs.BackendId`, `BackendUrl` | The concrete backend used for the final attempt. |
-| Retry trail | `ApiManagementGatewayLogs.TraceRecords` | Each compact `InferenceAttempt` event records its sequence number and backend response code. Retry count is attempts minus one. |
-| Exhausted fallback | `ApiManagementGatewayLogs.ResponseCode`, `BackendResponseCode`, and `LastErrorReason` | The workbook derives whether APIM returned capacity exhaustion as `429` or normalized infrastructure or transport exhaustion to `503`. |
-| Native APIM failures | `Errors`, `LastErrorSource`, `LastErrorReason`, `LastErrorSection`, `LastErrorMessage` | Pipeline failures that are not ordinary Azure OpenAI HTTP responses. |
-| LLM usage and message chunks | `ApiManagementGatewayLlmLog` joined by `CorrelationId` | Model deployment, token usage, and whether prompt/completion message telemetry arrived. |
+| Signal                       | Source                                                                                 | What it explains                                                                                                                       |
+| ---------------------------- | -------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
+| Caller-visible response      | `ApiManagementGatewayLogs.ResponseCode`                                                | The HTTP status ultimately returned by APIM.                                                                                           |
+| Caller-visible retries       | `X-Backend-Retry` response header                                                      | The number of backend retries absorbed by APIM after the initial attempt. A healthy-path response normally returns `0`.                |
+| Final backend response       | `ApiManagementGatewayLogs.BackendResponseCode`                                         | The HTTP status from the last selected Azure OpenAI backend.                                                                           |
+| Final backend placement      | `ApiManagementGatewayLogs.BackendId`, `BackendUrl`                                     | The concrete backend used for the final attempt.                                                                                       |
+| AOAI account instance        | First DNS label parsed from `ApiManagementGatewayLogs.BackendUrl`                      | The Azure OpenAI account resource that serviced the final backend request; empty when APIM recorded no backend call.                   |
+| Retry trail                  | `ApiManagementGatewayLogs.TraceRecords`                                                | Each compact `InferenceAttempt` event records its sequence number and backend response code. Retry count is attempts minus one.        |
+| Exhausted fallback           | `ApiManagementGatewayLogs.ResponseCode`, `BackendResponseCode`, and `LastErrorReason`  | The workbook derives whether APIM returned capacity exhaustion as `429` or normalized infrastructure or transport exhaustion to `503`. |
+| Native APIM failures         | `Errors`, `LastErrorSource`, `LastErrorReason`, `LastErrorSection`, `LastErrorMessage` | Pipeline failures that are not ordinary Azure OpenAI HTTP responses.                                                                   |
+| LLM usage and message chunks | `ApiManagementGatewayLlmLog` joined by `CorrelationId`                                 | Model deployment, token usage, and whether prompt/completion message telemetry arrived.                                                |
 
 The sample includes copy-paste KQL for aggregated outcomes, backend distribution, failure taxonomy, telemetry coverage, and a per-request investigation view. The workbook exposes the same operational views and adds a correlation-ID filter for targeted troubleshooting. See the [query catalog](queries/README.md) for parameters, signal sources, and investigation guidance.
 
@@ -138,7 +161,7 @@ This learning sample enables LLM prompt and completion message logging. Treat th
 
 ### Optional Event Hub Export
 
-Set `enable_event_hub_export = True` under *SYSTEM CONFIGURATION* in [create.ipynb](create.ipynb) to stream the APIM diagnostic feed to a sample-scoped Event Hub while retaining Log Analytics ingestion and workbook views. The option defaults to `False` so the normal sample deployment does not add Event Hubs cost. When enabled, the sample deploys a Standard Event Hubs namespace in the selected infrastructure/APIM region, a non-compacted `apim-inference-failover` hub, and an `external-observability` consumer group for downstream processors.
+Set `enable_event_hub_export = True` under _SYSTEM CONFIGURATION_ in [create.ipynb](create.ipynb) to stream the APIM diagnostic feed to a sample-scoped Event Hub while retaining Log Analytics ingestion and workbook views. The option defaults to `False` so the normal sample deployment does not add Event Hubs cost. When enabled, the sample deploys a Standard Event Hubs namespace in the selected infrastructure/APIM region, a non-compacted `apim-inference-failover` hub, and an `external-observability` consumer group for downstream processors.
 
 The Event Hub receives the same broad APIM diagnostic stream configured for Log Analytics: `GatewayLogs`, `GatewayLlmLogs`, `WebSocketConnectionLogs`, and `AllMetrics`. This includes caller-visible responses, final backend responses, backend placement, policy `TraceRecords`, native APIM errors, model and token telemetry, and logged prompt/completion message chunks. Workbook calculations are derived views rather than emitted events, so external processors should reconstruct their preferred aggregations from the raw stream.
 
@@ -151,8 +174,8 @@ Routine probes intentionally do not perform inference: recurring multi-location
 ## ⚙️ Configuration
 
 1. Deploy any [infrastructure architecture](../../README.md#list-of-infrastructures), with [Simple API Management](../../infrastructure/simple-apim/README.md) as the notebook default.
-1. Open [create.ipynb](create.ipynb) and adjust only values under *USER CONFIGURATION* if necessary.
-1. To externalize the APIM diagnostic feed, set `enable_event_hub_export = True` under *SYSTEM CONFIGURATION*. Leave the default `False` value in place when Event Hub streaming is not needed.
+1. Open [create.ipynb](create.ipynb) and adjust only values under _USER CONFIGURATION_ if necessary.
+1. To externalize the APIM diagnostic feed, set `enable_event_hub_export = True` under _SYSTEM CONFIGURATION_. Leave the default `False` value in place when Event Hub streaming is not needed.
 1. Run all notebook cells to deploy the model constellation, APIs, workbook, controlled inference requests, and telemetry charts.
 1. Increase `max_completion_tokens` only when the initial traffic does not produce sufficient concentrated pressure for failover observation; requests consume real Azure OpenAI tokens.
 
diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index 1456a1a4..9bd9d8e7 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -30,7 +30,9 @@
    "source": [
     "## Route Graph\n",
     "\n",
-    "Each operation targets one APIM backend pool. The pool selects a single member per request by priority (lowest first), and members that share a priority split traffic by weight. The backends never call one another; APIM picks the active backend and fails over to the next priority tier when one is unavailable.\n",
+    "Each operation targets one APIM backend pool. The pool selects a single member per request by priority (lowest first), and members that share a priority split traffic by weight. The backends never call one another; APIM picks the active backend and fails over to the next priority tier when one is unavailable. The README's **Load Balancer Configuration** table is the source of truth for these values.\n",
+    "\n",
+    "The pools apply three routing rules: priority 1 includes all compatible PTUs, priority 2 contains the in-region PAYG deployment, and priority 3 contains any remaining PAYG deployments.\n",
     "\n",
     "### Why This Lab Uses `Standard` Deployments\n",
     "\n",
@@ -48,19 +50,19 @@
     "flowchart LR\n",
     "  subgraph S5 [\" gpt-5.1 (East US 2)\"]\n",
     "    C51[\"POST /inference/gpt-5-1/chat/completions\"] --> P5{{\"&nbsp;&nbsp;Backend pool: inference-gpt-5-1-pool&nbsp;&nbsp;\"}}\n",
-    "    P5 -- \"priority 1\" --> A[\"`East US 2\n",
-    "                            PTU\n",
-    "                            a) gpt-5-1`\"]\n",
-    "    P5 -- \"priority 2\" --> D[\"`West US 3\n",
-    "                            PTU\n",
-    "                            d) gpt-5-1`\"]\n",
-    "    P5 -- \"priority 3\" --> B[\"`East US 2\n",
-    "                            PAYG\n",
-    "                            b) gpt-5-1`\"]\n",
-    "    P5 -- \"priority 4 &middot; weight 50\" --> E[\"`West US 3 \n",
+    "    P5 -- \"priority 1 &middot; weight 50\" --> A[\"`East US 2\n",
+    "                                                PTU\n",
+    "                                                a) gpt-5-1`\"]\n",
+    "    P5 -- \"priority 1 &middot; weight 50\" --> D[\"`West US 3\n",
+    "                                                PTU\n",
+    "                                                d) gpt-5-1`\"]\n",
+    "    P5 -- \"priority 2 &middot; weight 100\" --> B[\"`East US 2\n",
+    "                                                 PAYG\n",
+    "                                                 b) gpt-5-1`\"]\n",
+    "    P5 -- \"priority 3 &middot; weight 50\" --> E[\"`West US 3\n",
     "                                                PAYG\n",
     "                                                e) gpt-5-1`\"]\n",
-    "    P5 -- \"priority 4 &middot; weight 50\" --> G[\"`South Central US\n",
+    "    P5 -- \"priority 3 &middot; weight 50\" --> G[\"`South Central US\n",
     "                                                PAYG\n",
     "                                                g) gpt-5-1`\"]\n",
     "  end\n",
@@ -69,18 +71,18 @@
     "\n",
     "  subgraph S4 [\" gpt-4.1-mini (East US 2)\"]\n",
     "    C41[\"POST /inference/gpt-4-1-mini/chat/completions\"] --> P4{{\"&nbsp;&nbsp;Backend pool: inference-gpt-4-1-mini-pool&nbsp;&nbsp;\"}}\n",
-    "    P4 -- \"priority 1\" --> C[\"`East US 2\n",
-    "                                PTU\n",
-    "                                c) gpt-4-1-mini`\"]\n",
-    "    P4 -- \"priority 2\" --> F[\"`West US 3 \n",
-    "                                PTU\n",
-    "                                f) gpt-4-1-mini`\"]\n",
-    "    P4 -- \"priority 3\" --> DP[\"`East US 2\n",
-    "                                PAYG\n",
-    "                                d) gpt-4-1-mini`\"]\n",
-    "    P4 -- \"priority 4\" --> H[\"`South Central US\n",
-    "                                PAYG\n",
-    "                                h) gpt-4-1-mini`\"]\n",
+    "    P4 -- \"priority 1 &middot; weight 50\" --> C[\"`East US 2\n",
+    "                                                PTU\n",
+    "                                                c) gpt-4-1-mini`\"]\n",
+    "    P4 -- \"priority 1 &middot; weight 50\" --> F[\"`West US 3\n",
+    "                                                PTU\n",
+    "                                                f) gpt-4-1-mini`\"]\n",
+    "    P4 -- \"priority 2 &middot; weight 100\" --> DP[\"`East US 2\n",
+    "                                                  PAYG\n",
+    "                                                  d) gpt-4-1-mini`\"]\n",
+    "    P4 -- \"priority 3 &middot; weight 100\" --> H[\"`South Central US\n",
+    "                                                 PAYG\n",
+    "                                                 h) gpt-4-1-mini`\"]\n",
     "  end\n",
     "```\n"
    ]
@@ -107,7 +109,7 @@
     "# ------------------------------\n",
     "\n",
     "rg_location = Region.EAST_US_2\n",
-    "index = 1\n",
+    "index = 120\n",
     "apim_sku = APIM_SKU.BASICV2\n",
     "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
     "api_prefix = 'inference'\n",
@@ -198,7 +200,7 @@
     "    'inference-gpt-4-1-mini',\n",
     "    'Inference gpt-4.1-mini',\n",
     "    f'{api_prefix}/gpt-4-1-mini',\n",
-    "    'Priority failover for gpt-4.1-mini deployments.',\n",
+    "    'Priority and weighted failover for gpt-4.1-mini deployments.',\n",
     "    policyXml=build_inference_policy('inference-gpt-4-1-mini-pool', 3),\n",
     "    operations=[chat_operation],\n",
     "    tags=tags,\n",
@@ -288,34 +290,22 @@
     "}\n",
     "contract_tests = ApimTesting('Inference Gateway Contract Probes', sample_folder, nb_helper.deployment)\n",
     "\n",
-    "with inference_failover_helpers.InferenceTrafficRunner(\n",
-    "    probe_endpoint_url,\n",
-    "    probe_request_headers,\n",
-    "    probe_allow_insecure_tls,\n",
-    ") as probe_runner:\n",
-    "    probe_results = probe_runner.run_contract_probes(\n",
-    "        probe_route,\n",
-    "        unknown_operation_route,\n",
-    "        probe_subscription_key,\n",
-    "        probe_payload,\n",
-    "    )\n",
+    "with inference_failover_helpers.InferenceTrafficRunner(probe_endpoint_url, probe_request_headers, probe_allow_insecure_tls) as probe_runner:\n",
+    "    probe_results = probe_runner.run_contract_probes(probe_route, unknown_operation_route, probe_subscription_key, probe_payload)\n",
     "\n",
     "contract_tests.verify(probe_results.success.status_code, 200, label='Valid inference request returns HTTP 200')\n",
     "contract_tests.verify(probe_results.success.headers.get('X-Backend-Retry'), '0', label='Healthy response performs no backend retry')\n",
     "contract_tests.verify(probe_results.malformed.status_code, 400, label='Malformed JSON returns backend HTTP 400')\n",
     "contract_tests.verify(probe_results.malformed.headers.get('X-Backend-Retry'), '0', label='HTTP 400 is not retried')\n",
     "contract_tests.verify(probe_results.missing_key.status_code, 401, label='Missing APIM subscription key returns HTTP 401')\n",
-    "contract_tests.verify(\n",
-    "    'X-Backend-Retry' in probe_results.missing_key.headers,\n",
-    "    False,\n",
-    "    label='Gateway HTTP 401 occurs before the inference policy',\n",
-    ")\n",
+    "contract_tests.verify('X-Backend-Retry' in probe_results.missing_key.headers, False, label='Gateway HTTP 401 occurs before the inference policy')\n",
     "contract_tests.verify(probe_results.unknown_operation.status_code, 404, label='Unknown APIM operation returns HTTP 404')\n",
-    "contract_tests.verify(\n",
-    "    'X-Backend-Retry' in probe_results.unknown_operation.headers,\n",
-    "    False,\n",
-    "    label='Gateway HTTP 404 occurs before the inference policy',\n",
-    ")\n",
+    "contract_tests.verify('X-Backend-Retry' in probe_results.unknown_operation.headers, False, label='Gateway HTTP 404 occurs before the inference policy')\n",
+    "\n",
+    "contract_tests.print_summary()\n",
+    "\n",
+    "if contract_tests.tests_failed:\n",
+    "    raise SystemExit(1)\n",
     "\n",
     "print_ok('Deterministic gateway contract probes completed')"
    ]
@@ -331,13 +321,13 @@
     "\n",
     "| # | Scenario | API | Runs | Sleep | Behaviour verified |\n",
     "| --- | --- | --- | --- | --- | --- |\n",
-    "| 1 | Baseline warm path | gpt-5.1 / gpt-4.1-mini | 3 / 6 | none | Fresh priority-1 backend serves small control requests with `200` |\n",
+    "| 1 | Baseline warm path | gpt-5.1 / gpt-4.1-mini | 3 / 6 | none | Fresh priority-1 PTU tier serves small control requests with `200` |\n",
     "| 2 | Sustained pressure | gpt-5.1 | 45 | none | Low-TPM exhaustion forces throttling and priority failover |\n",
     "| 3 | Sustained pressure | gpt-4.1-mini | 15 | none | Independent pool exhausts and fails over on its own |\n",
     "| 4 | Paced recovery | gpt-5.1 | 30 | 1.5 s | Inter-request spacing lets circuit breakers recover and lifts the success rate |\n",
     "| 5 | Terminal exhaustion | gpt-5.1 | 35 | none | A hard burst drains every tier and can return the generic `503` |\n",
     "\n",
-    "> These are real Azure OpenAI calls (`134` requests) that consume tokens. The deployments are intentionally provisioned at minimum capacity so that pressure is observable quickly; this is an observation aid, not production sizing guidance."
+    "> These are real Azure OpenAI calls (`134` requests) that consume tokens. The deployments are intentionally provisioned at minimum capacity so that pressure is observable quickly; this is an observation aid, not production sizing guidance.\n"
    ]
   },
   {
@@ -364,19 +354,19 @@
     "\n",
     "endpoint_url, request_headers, allow_insecure_tls = utils.get_endpoint(deployment, rg_name, apim_gateway_url)\n",
     "\n",
-    "# URL markers are listed in deployed pool-priority order so chart colors track failover tiers.\n",
+    "# URL markers are listed in deployed pool order so chart colors group matching priority tiers.\n",
     "gpt_5_1_backend_url_index = {\n",
-    "    '/openai/deployments/a-gpt-5-1': 0,   # P1 in-region PTU\n",
-    "    '/openai/deployments/d-gpt-5-1': 1,   # P2 out-of-region PTU\n",
-    "    '/openai/deployments/b-gpt-5-1': 2,   # P3 in-region PAYG\n",
-    "    '/openai/deployments/e-gpt-5-1': 3,   # P4 out-of-region PAYG (westus3)\n",
-    "    '/openai/deployments/g-gpt-5-1': 4,   # P4 out-of-region PAYG (southcentralus)\n",
+    "    '/openai/deployments/a-gpt-5-1': 0,   # P1 / W50 in-region PTU\n",
+    "    '/openai/deployments/d-gpt-5-1': 1,   # P1 / W50 out-of-region PTU\n",
+    "    '/openai/deployments/b-gpt-5-1': 2,   # P2 / W100 in-region PAYG\n",
+    "    '/openai/deployments/e-gpt-5-1': 3,   # P3 / W50 out-of-region PAYG (westus3)\n",
+    "    '/openai/deployments/g-gpt-5-1': 4,   # P3 / W50 out-of-region PAYG (southcentralus)\n",
     "}\n",
     "gpt_4_1_mini_backend_url_index = {\n",
-    "    '/openai/deployments/c-gpt-4-1-mini': 0,   # P1 in-region PTU\n",
-    "    '/openai/deployments/f-gpt-4-1-mini': 1,   # P2 out-of-region PTU\n",
-    "    '/openai/deployments/d-gpt-4-1-mini': 2,   # P3 in-region PAYG\n",
-    "    '/openai/deployments/h-gpt-4-1-mini': 3,   # P4 out-of-region PAYG\n",
+    "    '/openai/deployments/c-gpt-4-1-mini': 0,   # P1 / W50 in-region PTU\n",
+    "    '/openai/deployments/f-gpt-4-1-mini': 1,   # P1 / W50 out-of-region PTU\n",
+    "    '/openai/deployments/d-gpt-4-1-mini': 2,   # P2 / W100 in-region PAYG\n",
+    "    '/openai/deployments/h-gpt-4-1-mini': 3,   # P3 / W100 out-of-region PAYG\n",
     "}\n",
     "\n",
     "gpt_5_1_route = f'{api_prefix}/gpt-5-1/chat/completions'\n",
@@ -394,55 +384,13 @@
     "}\n",
     "\n",
     "scenarios = [\n",
-    "    inference_failover_helpers.InferenceScenario(\n",
-    "        '1/5: Baseline warm path - gpt-5.1',\n",
-    "        gpt_5_1_route,\n",
-    "        api_keys['inference-gpt-5-1'],\n",
-    "        small_payload,\n",
-    "        gpt_5_1_baseline_runs,\n",
-    "        gpt_5_1_backend_url_index,\n",
-    "    ),\n",
-    "    inference_failover_helpers.InferenceScenario(\n",
-    "        '1/5: Baseline warm path - gpt-4.1-mini',\n",
-    "        gpt_4_1_mini_route,\n",
-    "        api_keys['inference-gpt-4-1-mini'],\n",
-    "        small_payload,\n",
-    "        gpt_4_1_mini_baseline_runs,\n",
-    "        gpt_4_1_mini_backend_url_index,\n",
-    "    ),\n",
-    "    inference_failover_helpers.InferenceScenario(\n",
-    "        '2/5: Sustained pressure - gpt-5.1 (no spacing)',\n",
-    "        gpt_5_1_route,\n",
-    "        api_keys['inference-gpt-5-1'],\n",
-    "        pressure_payload,\n",
-    "        45,\n",
-    "        gpt_5_1_backend_url_index,\n",
-    "    ),\n",
-    "    inference_failover_helpers.InferenceScenario(\n",
-    "        '3/5: Sustained pressure - gpt-4.1-mini (no spacing)',\n",
-    "        gpt_4_1_mini_route,\n",
-    "        api_keys['inference-gpt-4-1-mini'],\n",
-    "        pressure_payload,\n",
-    "        15,\n",
-    "        gpt_4_1_mini_backend_url_index,\n",
-    "    ),\n",
-    "    inference_failover_helpers.InferenceScenario(\n",
-    "        '4/5: Paced recovery - gpt-5.1 (1.5s spacing)',\n",
-    "        gpt_5_1_route,\n",
-    "        api_keys['inference-gpt-5-1'],\n",
-    "        pressure_payload,\n",
-    "        30,\n",
-    "        gpt_5_1_backend_url_index,\n",
-    "        sleep_ms=1500,\n",
-    "    ),\n",
-    "    inference_failover_helpers.InferenceScenario(\n",
-    "        '5/5: Terminal exhaustion - gpt-5.1 (hard burst)',\n",
-    "        gpt_5_1_route,\n",
-    "        api_keys['inference-gpt-5-1'],\n",
-    "        pressure_payload,\n",
-    "        35,\n",
-    "        gpt_5_1_backend_url_index,\n",
-    "    ),\n",
+    "    inference_failover_helpers.InferenceScenario('1/5: Baseline warm path - gpt-5.1', gpt_5_1_route, api_keys['inference-gpt-5-1'], small_payload, gpt_5_1_baseline_runs, gpt_5_1_backend_url_index),\n",
+    "    inference_failover_helpers.InferenceScenario('1/5: Baseline warm path - gpt-4.1-mini', gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], small_payload, gpt_4_1_mini_baseline_runs,\n",
+    "                                                 gpt_4_1_mini_backend_url_index),\n",
+    "    inference_failover_helpers.InferenceScenario('2/5: Sustained pressure - gpt-5.1 (no spacing)', gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 45, gpt_5_1_backend_url_index),\n",
+    "    inference_failover_helpers.InferenceScenario('3/5: Sustained pressure - gpt-4.1-mini (no spacing)', gpt_4_1_mini_route, api_keys['inference-gpt-4-1-mini'], pressure_payload, 15, gpt_4_1_mini_backend_url_index),\n",
+    "    inference_failover_helpers.InferenceScenario('4/5: Paced recovery - gpt-5.1 (1.5s spacing)', gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 30, gpt_5_1_backend_url_index, sleep_ms=1500),\n",
+    "    inference_failover_helpers.InferenceScenario('5/5: Terminal exhaustion - gpt-5.1 (hard burst)', gpt_5_1_route, api_keys['inference-gpt-5-1'], pressure_payload, 35, gpt_5_1_backend_url_index)\n",
     "]\n",
     "\n",
     "tests = ApimTesting('Inference Failover Scenario Tests', sample_folder, nb_helper.deployment)\n",
@@ -462,6 +410,7 @@
     "    scenario5_gpt_5_1,\n",
     ") = scenario_results\n",
     "\n",
+    "print()\n",
     "tests.verify(len(scenario1_gpt_5_1), gpt_5_1_baseline_runs)\n",
     "tests.verify(len(scenario1_gpt_4_1_mini), gpt_4_1_mini_baseline_runs)\n",
     "tests.verify(scenario1_gpt_5_1[0]['status_code'], 200, label='gpt-5.1 baseline first request succeeded')\n",
@@ -520,33 +469,33 @@
    "source": [
     "## 📊 Analyze Inference Failover Results\n",
     "\n",
-    "Plot the per-run response time for each scenario in the same style as the load-balancing sample. Bars are colored by the backend that served the request, derived from the infrastructure-level `X-Backend-URL` response header. Each chart title identifies the APIM source region selected during deployment, and each legend entry identifies the destination priority tier, capacity profile, and region.\n",
+    "Plot the per-run response time for each scenario in the same style as the load-balancing sample. Bars are colored by the backend that served the request, derived from the infrastructure-level `X-Backend-URL` response header. Each chart title identifies the APIM source region selected during deployment, and each legend entry identifies the destination priority tier, weight, capacity profile, and region.\n",
     "\n",
     "#### Why `X-Backend-URL` is the routing indicator\n",
     "\n",
     "The infrastructure's global APIM policy returns the final resolved request URL after the backend pool selects a member. The inference harness stores that full URL on every result and derives the chart label from its deployment path marker. This keeps the chart evidence tied to the actual Azure OpenAI destination rather than a separately maintained backend label.\n",
     "\n",
-    "#### Why the baseline bars should use one backend\n",
+    "#### Why the baseline bars should stay in priority 1\n",
     "\n",
-    "The baseline is a control, not a distribution test. Before pressure is applied, APIM should keep selecting the healthy priority-1 backend for all three gpt-5.1 requests and all six gpt-4.1-mini requests. That repetition confirms each preferred route is stable, warms the connection and model path, and establishes a latency reference. Compare scenarios 2 through 5 against that control to see when pressure or recovery moves traffic into lower-priority tiers.\n",
+    "The baseline is a control, not a distribution test. Before pressure is applied, APIM should select only the healthy priority-1 PTU backends for all three gpt-5.1 requests and all six gpt-4.1-mini requests. Traffic can appear on either equally weighted PTU destination. That repetition confirms each preferred pool tier is stable, warms the connection and model paths, and establishes a latency reference. Compare scenarios 2 through 5 against that control to see when pressure or recovery moves traffic into lower-priority tiers.\n",
     "\n",
     "#### Reading the charts\n",
     "\n",
     "- Each chart title shows the APIM source region. Use it with the legend's destination regions to correlate source, destination, and latency.\n",
-    "- Each successful bar's legend label names its priority tier, simulated capacity profile (`PTU` or `PAYG`), and Azure OpenAI destination region.\n",
+    "- Each successful bar's legend label names its priority, weight, simulated capacity profile (`PTU` or `PAYG`), and Azure OpenAI destination region.\n",
     "- A run colored red is a non-`200` response. The harness records any HTTP `4xx` or `5xx` response and continues the scenario so the full pressure window remains visible.\n",
     "- The first request in a cold scenario is often slower (TLS warm-up plus first-token latency); the mean line ignores the slowest 5% so it reflects steady-state behaviour.\n",
-    "- As pressure builds, the colors can walk from priority 1 into lower-priority tiers as the preferred backend trips and traffic fails over.\n",
+    "- As pressure builds, the colors can move from priority 1 into lower-priority tiers as preferred backends trip and traffic fails over.\n",
     "\n",
     "**Backend URL marker legend**\n",
     "\n",
-    "| gpt-5.1 chart label                              | gpt-5.1 pool URL marker                  | gpt-4.1-mini chart label                   | gpt-4.1-mini pool URL marker                  |\n",
-    "| ------------------------------------------------ | ---------------------------------------- | ------------------------------------------ | --------------------------------------------- |\n",
-    "| `Priority 1: PTU (East US 2)`                    | `/openai/deployments/a-gpt-5-1`          | `Priority 1: PTU (East US 2)`              | `/openai/deployments/c-gpt-4-1-mini`          |\n",
-    "| `Priority 2: PTU (West US 3)`                    | `/openai/deployments/d-gpt-5-1`          | `Priority 2: PTU (West US 3)`              | `/openai/deployments/f-gpt-4-1-mini`          |\n",
-    "| `Priority 3: PAYG (East US 2)`                   | `/openai/deployments/b-gpt-5-1`          | `Priority 3: PAYG (East US 2)`             | `/openai/deployments/d-gpt-4-1-mini`          |\n",
-    "| `Priority 4: PAYG (West US 3, weight 50)`        | `/openai/deployments/e-gpt-5-1`          | `Priority 4: PAYG (South Central US)`       | `/openai/deployments/h-gpt-4-1-mini`          |\n",
-    "| `Priority 4: PAYG (South Central US, weight 50)` | `/openai/deployments/g-gpt-5-1`          | -                                          | -                                             |\n",
+    "| gpt-5.1 chart label                              | gpt-5.1 pool URL marker                  | gpt-4.1-mini chart label                         | gpt-4.1-mini pool URL marker                  |\n",
+    "| ------------------------------------------------ | ---------------------------------------- | ------------------------------------------------ | --------------------------------------------- |\n",
+    "| `Priority 1: PTU (East US 2, weight 50)`         | `/openai/deployments/a-gpt-5-1`          | `Priority 1: PTU (East US 2, weight 50)`         | `/openai/deployments/c-gpt-4-1-mini`          |\n",
+    "| `Priority 1: PTU (West US 3, weight 50)`         | `/openai/deployments/d-gpt-5-1`          | `Priority 1: PTU (West US 3, weight 50)`         | `/openai/deployments/f-gpt-4-1-mini`          |\n",
+    "| `Priority 2: PAYG (East US 2, weight 100)`       | `/openai/deployments/b-gpt-5-1`          | `Priority 2: PAYG (East US 2, weight 100)`       | `/openai/deployments/d-gpt-4-1-mini`          |\n",
+    "| `Priority 3: PAYG (West US 3, weight 50)`        | `/openai/deployments/e-gpt-5-1`          | `Priority 3: PAYG (South Central US, weight 100)` | `/openai/deployments/h-gpt-4-1-mini`          |\n",
+    "| `Priority 3: PAYG (South Central US, weight 50)` | `/openai/deployments/g-gpt-5-1`          | -                                                | -                                             |\n",
     "\n",
     "> If a successful bar uses a fallback `Backend index 99` legend entry, inspect its captured `X-Backend-URL` value. The resolved URL did not contain one of the expected deployment markers, so the per-run backend labeling needs to be updated for the deployed topology.\n"
    ]
@@ -581,17 +530,17 @@
     "format_backend_url_counts = inference_failover_helpers.format_backend_url_counts\n",
     "apim_source_region = rg_location.name.replace('_', ' ').title().replace(' Us', ' US').replace(' Uk', ' UK')\n",
     "gpt_5_1_backend_labels = {\n",
-    "    0: 'Priority 1 / Weight 100: PTU (East US 2)',\n",
-    "    1: 'Priority 2 / Weight 100: PTU (West US 3)',\n",
-    "    2: 'Priority 3 / Weight 100: PAYG (East US 2)',\n",
-    "    3: 'Priority 4 / Weight 50: PAYG (West US 3)',\n",
-    "    4: 'Priority 4 / Weight 50: PAYG (South Central US)',\n",
+    "    0: 'Priority 1 / Weight 50: PTU (East US 2)',\n",
+    "    1: 'Priority 1 / Weight 50: PTU (West US 3)',\n",
+    "    2: 'Priority 2 / Weight 100: PAYG (East US 2)',\n",
+    "    3: 'Priority 3 / Weight 50: PAYG (West US 3)',\n",
+    "    4: 'Priority 3 / Weight 50: PAYG (South Central US)',\n",
     "}\n",
     "gpt_4_1_mini_backend_labels = {\n",
-    "    0: 'Priority 1 / Weight 100: PTU (East US 2)',\n",
-    "    1: 'Priority 2 / Weight 100: PTU (West US 3)',\n",
-    "    2: 'Priority 3 / Weight 100: PAYG (East US 2)',\n",
-    "    3: 'Priority 4 / Weight 100: PAYG (South Central US)',\n",
+    "    0: 'Priority 1 / Weight 50: PTU (East US 2)',\n",
+    "    1: 'Priority 1 / Weight 50: PTU (West US 3)',\n",
+    "    2: 'Priority 2 / Weight 100: PAYG (East US 2)',\n",
+    "    3: 'Priority 3 / Weight 100: PAYG (South Central US)',\n",
     "}\n",
     "\n",
     "\n",
@@ -599,7 +548,7 @@
     "    'Baseline Warm Path',\n",
     "    (\n",
     "        'These control graphs show end-to-end response time and the resolved backend for small requests before deliberate pressure begins. '\n",
-    "        'They confirm that each independent pool starts from a healthy priority-1 route and provide a latency baseline for comparison.'\n",
+    "        'They confirm that each independent pool starts within its healthy priority-1 PTU tier and provide a latency baseline for comparison.'\n",
     "    ),\n",
     ")\n",
     "\n",
@@ -611,7 +560,7 @@
     "    y_label = 'Response Time (ms)',\n",
     "    fig_text = (\n",
     "        f'The chart shows a total of {len(scenario1_gpt_5_1)} small requests against the gpt-5.1 backend pool.\\n'\n",
-    "        'A fresh pool should start on its priority-1 in-region backend.\\n'\n",
+    "        'A fresh pool should use only its equally weighted priority-1 PTU backends.\\n'\n",
     "        f'Observed X-Backend-URL values:\\n{format_backend_url_counts(scenario1_gpt_5_1)}\\n'\n",
     "        'The average response time is calculated excluding statistical outliers above the 95th percentile '\n",
     "        '(the first request usually takes longer).'\n",
@@ -627,7 +576,7 @@
     "    y_label = 'Response Time (ms)',\n",
     "    fig_text = (\n",
     "        f'The chart shows a total of {len(scenario1_gpt_4_1_mini)} small requests against the gpt-4.1-mini backend pool.\\n'\n",
-    "        'A fresh pool should start on its priority-1 in-region backend.\\n'\n",
+    "        'A fresh pool should use only its equally weighted priority-1 PTU backends.\\n'\n",
     "        f'Observed X-Backend-URL values:\\n{format_backend_url_counts(scenario1_gpt_4_1_mini)}\\n'\n",
     "        'The average response time is calculated excluding statistical outliers above the 95th percentile '\n",
     "        '(the first request usually takes longer).'\n",
@@ -826,13 +775,30 @@
     "if distribution_found:\n",
     "    ipython_display(IPythonMarkdown(\n",
     "        '#### Gateway-Recorded Backend Distribution\\n\\n'\n",
-    "        'This table and graph summarize which regional backend handled each gateway request. '\n",
-    "        'The distribution shows how traffic moved across model-safe pool members as pressure and recovery scenarios '\n",
-    "        'exercised the failover tiers.'\n",
+    "        'This table and graph summarize which regional backend handled each gateway request. **AOAI Instance** is the '\n",
+    "        'Azure OpenAI account name parsed from the final `BackendUrl`; it is distinct from the model deployment and remains '\n",
+    "        'blank when no backend call was recorded. The distribution shows how traffic moved across model-safe pool members as '\n",
+    "        'pressure and recovery scenarios exercised the failover tiers. Rows labeled **APIM failure (no final backend recorded)** '\n",
+    "        'returned a `5xx` without a final backend identity in gateway diagnostics; use the workbook **Failures & Errors** tab for '\n",
+    "        '`LastError` details. Rows labeled **Gateway rejection (no backend call)** were rejected before APIM forwarded them to a backend.'\n",
     "    ))\n",
     "    distribution_frame = pd.DataFrame(\n",
     "        distribution_rows,\n",
-    "        columns=['API', 'Backend URL', 'Requests', 'Successes', 'Throttled', 'Failures', 'AverageBackendMs', 'SuccessRate'],\n",
+    "        columns=[\n",
+    "            'API',\n",
+    "            'AOAI Instance',\n",
+    "            'Backend URL',\n",
+    "            'Requests',\n",
+    "            'APIM Statuses',\n",
+    "            'Final Backend Statuses',\n",
+    "            'Successes',\n",
+    "            'Client Errors',\n",
+    "            'Throttled',\n",
+    "            'Server Errors',\n",
+    "            'Other Responses',\n",
+    "            'AverageBackendMs',\n",
+    "            'SuccessRate',\n",
+    "        ],\n",
     "    )\n",
     "    distribution_frame = inference_failover_helpers.with_backend_identifier(distribution_frame)\n",
     "    distribution_frame = inference_failover_helpers.format_gateway_distribution(distribution_frame)\n",
@@ -856,15 +822,17 @@
     "if tokens_found:\n",
     "    ipython_display(IPythonMarkdown(\n",
     "        '#### LLM Token Volume\\n\\n'\n",
-    "        'This table and graph summarize total Azure OpenAI tokens observed for each inference API. '\n",
+    "        'This table and graph summarize total Azure OpenAI tokens observed for each inference API and AOAI account. '\n",
+    "        '**AOAI Instance** identifies the account resource, while **Model** identifies the deployed model version. '\n",
     "        'Token volume helps connect the routing exercise to model consumption and confirms that LLM diagnostics '\n",
     "        'captured successful inference traffic.'\n",
     "    ))\n",
     "    token_frame = pd.DataFrame(\n",
     "        token_rows,\n",
-    "        columns=['API', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens'],\n",
+    "        columns=['API', 'AOAI Instance', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens'],\n",
     "    )\n",
     "    token_frame = inference_failover_helpers.with_backend_identifier(token_frame)\n",
+    "    token_frame = inference_failover_helpers.with_one_based_row_index(token_frame)\n",
     "    display(token_frame)\n",
     "    token_frame.groupby('API')['TotalTokens'].sum().plot(\n",
     "        kind='bar',\n",
@@ -880,7 +848,8 @@
     "    print_info('No token rows returned yet; successful inference rows may still be ingesting')\n",
     "    cached_token_frame = locals().get('token_frame')\n",
     "    if cached_token_frame is not None:\n",
-    "        token_frame = inference_failover_helpers.with_backend_identifier(cached_token_frame)"
+    "        token_frame = inference_failover_helpers.with_backend_identifier(cached_token_frame)\n",
+    "        token_frame = inference_failover_helpers.with_one_based_row_index(token_frame)"
    ]
   },
   {
diff --git a/samples/inference-failover/inference-failover.workbook.json b/samples/inference-failover/inference-failover.workbook.json
index ac4b7ecb..7de2d6df 100644
--- a/samples/inference-failover/inference-failover.workbook.json
+++ b/samples/inference-failover/inference-failover.workbook.json
@@ -230,7 +230,7 @@
           {
             "content": {
               "noDataMessage": "No inference outcomes found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| summarize Requests = count(), Failovers = countif(FailoverOccurred), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = avg(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by ApiId asc, Requests desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| summarize Requests = count(), Failovers = countif(FailoverOccurred), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = avg(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by ApiId asc, Requests desc\n| project-rename ['API'] = ApiId, ['Fallback Exhausted'] = FallbackExhausted, ['Average Attempts'] = AverageAttempts, ['Average Total (ms)'] = AverageTotalMs, ['P95 Total (ms)'] = P95TotalMs",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -259,7 +259,7 @@
         "items": [
           {
             "content": {
-              "json": "## Backend Distribution\n\nFinal backend placement for each APIM request, including concrete `BackendUrl`, APIM caller response, final backend response, and latency. A recovered failover appears here under the backend that ultimately served the request; use **Failover Trails** to inspect every intermediate attempt."
+              "json": "## Backend Distribution\n\nFinal backend placement for each APIM request, including the Azure OpenAI account name parsed from the final `BackendUrl`, exact caller and final-backend status sets, exhaustive caller outcome counts, and latency. **AOAI Instance** identifies the account resource; **Model Deployment** elsewhere identifies the model deployment. A recovered failover appears here under the backend that ultimately served the request; use **Failover Trails** to inspect every intermediate attempt."
             },
             "name": "text - distribution",
             "type": 1
@@ -267,7 +267,7 @@
           {
             "content": {
               "noDataMessage": "No backend distribution data found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), Successful = countif(ResponseCode between (200 .. 299)), CallerUnavailable = countif(ResponseCode == 503), BackendThrottled = countif(BackendResponseCode == 429), BackendUnavailable = countif(BackendResponseCode == 503), AverageBackendMs = avg(BackendTime), P95BackendMs = percentile(BackendTime, 95) by ApiId, Backend\n| extend AverageBackendMs = iff(isfinite(toreal(AverageBackendMs)), round(AverageBackendMs, 1), real(null)), P95BackendMs = iff(isfinite(toreal(P95BackendMs)), round(P95BackendMs, 1), real(null))\n| order by ApiId asc, Requests desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), CallerResponseCodes = make_set(ResponseCode), FinalBackendResponseCodes = make_set(BackendResponseCode), Successes = countif(ResponseCode between (200 .. 299)), ClientErrors = countif(ResponseCode between (400 .. 499) and ResponseCode != 429), Throttled = countif(ResponseCode == 429), ServerErrors = countif(ResponseCode >= 500), BackendThrottled = countif(BackendResponseCode == 429), BackendUnavailable = countif(BackendResponseCode == 503), AverageBackendMs = avg(BackendTime), P95BackendMs = percentile(BackendTime, 95) by ApiId, AOAIInstance, Backend\n| extend CallerResponseCodes = tostring(array_sort_asc(CallerResponseCodes)), FinalBackendResponseCodes = tostring(array_sort_asc(FinalBackendResponseCodes)), OtherResponses = Requests - Successes - ClientErrors - Throttled - ServerErrors, AverageBackendMs = iff(isfinite(toreal(AverageBackendMs)), round(AverageBackendMs, 1), real(null)), P95BackendMs = iff(isfinite(toreal(P95BackendMs)), round(P95BackendMs, 1), real(null))\n| project ApiId, AOAIInstance, Backend, Requests, CallerResponseCodes, FinalBackendResponseCodes, Successes, ClientErrors, Throttled, ServerErrors, OtherResponses, BackendThrottled, BackendUnavailable, AverageBackendMs, P95BackendMs\n| order by ApiId asc, Requests desc\n| project-rename ['API'] = ApiId, ['AOAI Instance'] = AOAIInstance, ['APIM Statuses'] = CallerResponseCodes, ['Final Backend Statuses'] = FinalBackendResponseCodes, ['Client Errors'] = ClientErrors, ['Server Errors'] = ServerErrors, ['Other Responses'] = OtherResponses, ['Backend Throttled'] = BackendThrottled, ['Backend Unavailable'] = BackendUnavailable, ['Average Backend (ms)'] = AverageBackendMs, ['P95 Backend (ms)'] = P95BackendMs",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -304,7 +304,7 @@
           {
             "content": {
               "noDataMessage": "No policy-recorded failover trails found. Redeploy the sample after the trace policy update, generate traffic, and allow Log Analytics ingestion to complete.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| where Attempts > 1 or FallbackExhausted\n| summarize Requests = count(), Recovered = countif(ResponseCode between (200 .. 299)), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = avg(Attempts), MaximumAttempts = max(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by ApiId asc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| where Attempts > 1 or FallbackExhausted\n| summarize Requests = count(), Recovered = countif(ResponseCode between (200 .. 299)), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = avg(Attempts), MaximumAttempts = max(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by ApiId asc\n| project-rename ['API'] = ApiId, ['Fallback Exhausted'] = FallbackExhausted, ['Average Attempts'] = AverageAttempts, ['Maximum Attempts'] = MaximumAttempts, ['Average Total (ms)'] = AverageTotalMs, ['P95 Total (ms)'] = P95TotalMs",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -319,7 +319,7 @@
           {
             "content": {
               "noDataMessage": "No policy-recorded failover trails found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend RetriedFailures = max_of(Attempts - 1, 0)\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceAttempt\\|n=[0-9]+\\|code=(?:[0-9]+|none))', TraceText), ' -> ')\n| where Attempts > 1 or FallbackExhausted\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, Attempts, RetriedFailures, FallbackExhausted, BackendUrl, AttemptTrail\n| order by TimeGenerated desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend RetriedFailures = max_of(Attempts - 1, 0)\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceAttempt\\|n=[0-9]+\\|code=(?:[0-9]+|none))', TraceText), ' -> ')\n| where Attempts > 1 or FallbackExhausted\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, Attempts, RetriedFailures, FallbackExhausted, AOAIInstance, BackendUrl, AttemptTrail\n| order by TimeGenerated desc\n| project-rename ['Time'] = TimeGenerated, ['Correlation ID'] = CorrelationId, ['API'] = ApiId, ['Retried Failures'] = RetriedFailures, ['Fallback Exhausted'] = FallbackExhausted, ['AOAI Instance'] = AOAIInstance, ['Backend URL'] = BackendUrl, ['Attempt Trail'] = AttemptTrail",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -356,7 +356,7 @@
           {
             "content": {
               "noDataMessage": "No recovered failovers or failures found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend FailureType = case(\n    FallbackExhausted, 'Fallback exhausted at APIM',\n    ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',\n    BackendResponseCode == 429, 'Final backend throttled',\n    BackendResponseCode >= 500, 'Final backend server error',\n    ResponseCode between (400 .. 499), 'Caller-visible client error',\n    ResponseCode >= 500, 'Caller-visible server error',\n    isnotempty(LastErrorReason), 'APIM pipeline error',\n    'Successful without failover')\n| where FailureType != 'Successful without failover'\n| summarize Requests = count(), AverageAttempts = avg(Attempts), MaximumAttempts = max(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId, FailureType, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, LastErrorSource, LastErrorReason\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by Requests desc, ApiId asc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| extend FailureType = case(\n    FallbackExhausted, 'Fallback exhausted at APIM',\n    ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',\n    BackendResponseCode == 429, 'Final backend throttled',\n    BackendResponseCode >= 500, 'Final backend server error',\n    ResponseCode between (400 .. 499), 'Caller-visible client error',\n    ResponseCode >= 500, 'Caller-visible server error',\n    isnotempty(LastErrorReason), 'APIM pipeline error',\n    'Successful without failover')\n| where FailureType != 'Successful without failover'\n| summarize Requests = count(), AverageAttempts = avg(Attempts), MaximumAttempts = max(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId, AOAIInstance, FailureType, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, LastErrorSource, LastErrorReason\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by Requests desc, ApiId asc\n| project-rename ['API'] = ApiId, ['AOAI Instance'] = AOAIInstance, ['Failure Type'] = FailureType, ['Average Attempts'] = AverageAttempts, ['Maximum Attempts'] = MaximumAttempts, ['Average Total (ms)'] = AverageTotalMs, ['P95 Total (ms)'] = P95TotalMs, ['Last Error Source'] = LastErrorSource, ['Last Error Reason'] = LastErrorReason",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -371,7 +371,7 @@
           {
             "content": {
               "noDataMessage": "No raw failure rows found for the selected time range.",
-              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where ResponseCode >= 400 or BackendResponseCode >= 400 or isnotempty(LastErrorReason)\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, BackendUrl, TotalTime, BackendTime, LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc",
+              "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where ResponseCode >= 400 or BackendResponseCode >= 400 or isnotempty(LastErrorReason)\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, AOAIInstance, BackendUrl, TotalTime, BackendTime, LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc\n| project-rename ['Time'] = TimeGenerated, ['Correlation ID'] = CorrelationId, ['API'] = ApiId, ['AOAI Instance'] = AOAIInstance, ['Backend URL'] = BackendUrl, ['Total Time (ms)'] = TotalTime, ['Backend Time (ms)'] = BackendTime, ['Last Error Source'] = LastErrorSource, ['Last Error Reason'] = LastErrorReason, ['Last Error Section'] = LastErrorSection, ['Last Error Message'] = LastErrorMessage, ['Trace Records'] = TraceRecords",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -408,7 +408,7 @@
           {
             "content": {
               "noDataMessage": "No successful token-bearing inference rows found for the selected time range.",
-              "query": "let routes = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, BackendId, BackendUrl);\nApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| where TotalTokens > 0 and isnotempty(ModelName)\n| project CorrelationId, ModelName, DeploymentName, PromptTokens, CompletionTokens, TotalTokens\n| summarize DeploymentName = take_any(DeploymentName), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by CorrelationId, ModelName\n| join kind=inner routes on CorrelationId\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, Backend, ModelName, DeploymentName\n| order by TotalTokens desc",
+              "query": "let routes = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, BackendId, BackendUrl);\nApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| where TotalTokens > 0 and isnotempty(ModelName)\n| project CorrelationId, ModelName, DeploymentName, PromptTokens, CompletionTokens, TotalTokens\n| summarize DeploymentName = take_any(DeploymentName), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by CorrelationId, ModelName\n| join kind=inner routes on CorrelationId\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, AOAIInstance, Backend, ModelName, DeploymentName\n| order by TotalTokens desc\n| project-rename ['API'] = ApiId, ['AOAI Instance'] = AOAIInstance, ['Model'] = ModelName, ['Model Deployment'] = DeploymentName, ['Prompt Tokens'] = PromptTokens, ['Completion Tokens'] = CompletionTokens, ['Total Tokens'] = TotalTokens",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -423,7 +423,7 @@
           {
             "content": {
               "noDataMessage": "No APIM inference requests found for the selected time range.",
-              "query": "let gatewayRequests = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, ResponseCode);\nlet llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\ngatewayRequests\n| join kind=leftouter llmPerRequest on CorrelationId\n| extend Coverage = case(ResponseCode !between (200 .. 299), 'Not expected for non-2xx response', coalesce(TotalTokens, 0) > 0, 'Token telemetry recorded', 'Successful request without token telemetry')\n| summarize Requests = count(), TotalTokens = sum(coalesce(TotalTokens, 0)), LlmRows = sum(coalesce(LlmRows, 0)), RequestMessageChunks = sum(coalesce(RequestMessageChunks, 0)), ResponseMessageChunks = sum(coalesce(ResponseMessageChunks, 0)) by ApiId, Coverage\n| order by ApiId asc, Coverage asc",
+              "query": "let gatewayRequests = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, ResponseCode);\nlet llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\ngatewayRequests\n| join kind=leftouter llmPerRequest on CorrelationId\n| extend Coverage = case(ResponseCode !between (200 .. 299), 'Not expected for non-2xx response', coalesce(TotalTokens, 0) > 0, 'Token telemetry recorded', 'Successful request without token telemetry')\n| summarize Requests = count(), TotalTokens = sum(coalesce(TotalTokens, 0)), LlmRows = sum(coalesce(LlmRows, 0)), RequestMessageChunks = sum(coalesce(RequestMessageChunks, 0)), ResponseMessageChunks = sum(coalesce(ResponseMessageChunks, 0)) by ApiId, Coverage\n| order by ApiId asc, Coverage asc\n| project-rename ['API'] = ApiId, ['Total Tokens'] = TotalTokens, ['LLM Rows'] = LlmRows, ['Request Message Chunks'] = RequestMessageChunks, ['Response Message Chunks'] = ResponseMessageChunks",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "timeContext": {
@@ -467,7 +467,7 @@
         "items": [
           {
             "content": {
-              "json": "## Request Explorer\n\nOne row per APIM inference call, joined by `CorrelationId` to aggregated LLM telemetry. Paste a correlation ID into **Correlation ID Filter** to isolate one request. Prompt and completion bodies remain in `ApiManagementGatewayLlmLog`; this table reports message chunk counts without rendering sensitive body content."
+              "json": "## Request Explorer\n\nOne row per APIM inference call, joined by `CorrelationId` to aggregated LLM telemetry. **AOAI Instance** is the Azure OpenAI account parsed from the final `BackendUrl`; **Model Deployment** is the model deployment reported by LLM diagnostics. Paste a correlation ID into **Correlation ID Filter** to isolate one request. Prompt and completion bodies remain in `ApiManagementGatewayLlmLog`; this table reports message chunk counts without rendering sensitive body content."
             },
             "name": "text - requests",
             "type": 1
@@ -479,7 +479,7 @@
                 "rowLimit": 10000
               },
               "noDataMessage": "No matching inference requests found for the selected time range and correlation filter.",
-              "query": "let llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize ModelName = take_any(ModelName), DeploymentName = take_any(DeploymentName), LlmRequestId = take_any(RequestId), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\nApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where isempty('{CorrelationFilter}') or CorrelationId contains '{CorrelationFilter}'\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend RetriedFailures = max_of(Attempts - 1, 0)\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceAttempt\\|n=[0-9]+\\|code=(?:[0-9]+|none))', TraceText), ' -> ')\n| join kind=leftouter llmPerRequest on CorrelationId\n| project TimeGenerated, CorrelationId, ApiId, OperationId, ApimSubscriptionId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, BackendId, BackendUrl, TotalTime, BackendTime, Attempts, RetriedFailures, FallbackExhausted, AttemptTrail, ModelName, DeploymentName, LlmRequestId, PromptTokens = coalesce(PromptTokens, 0), CompletionTokens = coalesce(CompletionTokens, 0), TotalTokens = coalesce(TotalTokens, 0), LlmRows = coalesce(LlmRows, 0), RequestMessageChunks = coalesce(RequestMessageChunks, 0), ResponseMessageChunks = coalesce(ResponseMessageChunks, 0), LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc\n| take 200",
+              "query": "let llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize ModelName = take_any(ModelName), DeploymentName = take_any(DeploymentName), LlmRequestId = take_any(RequestId), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\nApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where isempty('{CorrelationFilter}') or CorrelationId contains '{CorrelationFilter}'\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend RetriedFailures = max_of(Attempts - 1, 0)\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceAttempt\\|n=[0-9]+\\|code=(?:[0-9]+|none))', TraceText), ' -> ')\n| join kind=leftouter llmPerRequest on CorrelationId\n| project TimeGenerated, CorrelationId, ApiId, OperationId, ApimSubscriptionId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, BackendId, AOAIInstance, BackendUrl, TotalTime, BackendTime, Attempts, RetriedFailures, FallbackExhausted, AttemptTrail, ModelName, DeploymentName, LlmRequestId, PromptTokens = coalesce(PromptTokens, 0), CompletionTokens = coalesce(CompletionTokens, 0), TotalTokens = coalesce(TotalTokens, 0), LlmRows = coalesce(LlmRows, 0), RequestMessageChunks = coalesce(RequestMessageChunks, 0), ResponseMessageChunks = coalesce(ResponseMessageChunks, 0), LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc\n| take 200\n| project-rename ['Time'] = TimeGenerated, ['Correlation ID'] = CorrelationId, ['API'] = ApiId, ['Operation ID'] = OperationId, ['APIM Subscription ID'] = ApimSubscriptionId, ['Backend ID'] = BackendId, ['AOAI Instance'] = AOAIInstance, ['Backend URL'] = BackendUrl, ['Total Time (ms)'] = TotalTime, ['Backend Time (ms)'] = BackendTime, ['Retried Failures'] = RetriedFailures, ['Fallback Exhausted'] = FallbackExhausted, ['Attempt Trail'] = AttemptTrail, ['Model'] = ModelName, ['Model Deployment'] = DeploymentName, ['LLM Request ID'] = LlmRequestId, ['Prompt Tokens'] = PromptTokens, ['Completion Tokens'] = CompletionTokens, ['Total Tokens'] = TotalTokens, ['LLM Rows'] = LlmRows, ['Request Message Chunks'] = RequestMessageChunks, ['Response Message Chunks'] = ResponseMessageChunks, ['Last Error Source'] = LastErrorSource, ['Last Error Reason'] = LastErrorReason, ['Last Error Section'] = LastErrorSection, ['Last Error Message'] = LastErrorMessage, ['Trace Records'] = TraceRecords",
               "queryType": 0,
               "resourceType": "microsoft.operationalinsights/workspaces",
               "size": 0,
diff --git a/samples/inference-failover/inference_failover_helpers.py b/samples/inference-failover/inference_failover_helpers.py
index 15ce4d36..ab1b92da 100644
--- a/samples/inference-failover/inference_failover_helpers.py
+++ b/samples/inference-failover/inference_failover_helpers.py
@@ -122,10 +122,11 @@ def run_contract_probes(
         """Run the deterministic success, client, authentication, and routing probes."""
         session = self._get_session()
         probe_headers = {SUBSCRIPTION_KEY_PARAMETER_NAME: subscription_key}
+        malformed_headers = {**probe_headers, 'Content-Type': 'application/json'}
 
         return ContractProbeResults(
             success=session.post(route, headers=probe_headers, json=payload, timeout=120),
-            malformed=session.post(route, headers=probe_headers, data='{"messages":', timeout=120),
+            malformed=session.post(route, headers=malformed_headers, data='{"messages":', timeout=120),
             missing_key=session.post(route, json=payload, timeout=120),
             unknown_operation=session.post(unknown_operation_route, headers=probe_headers, json=payload, timeout=120),
         )
@@ -155,9 +156,7 @@ def run_scenario(self, scenario: InferenceScenario) -> list[dict[str, Any]]:
             backend_url = response.headers.get('X-Backend-URL', 'unknown')
             backend_retry = parse_backend_retry(response)
             validate_status(response)
-            print_info(
-                f'Run {run_index}/{scenario.runs}: {response.status_code} via {backend_url}; X-Backend-Retry={backend_retry} ({response_time:.2f}s)'
-            )
+            print_info(f'Run {run_index}/{scenario.runs}: {response.status_code} via {backend_url}; X-Backend-Retry={backend_retry} ({response_time:.2f}s)')
             if 400 <= response.status_code < 600:
                 print_info(f'Captured error response body: {response.text}')
 
@@ -244,9 +243,7 @@ def summarize_scenario(results: list[dict[str, Any]]) -> InferenceScenarioSummar
         client_errors=sum(1 for result in results if 400 <= result['status_code'] < 500),
         server_errors=sum(1 for result in results if 500 <= result['status_code'] < 600),
         status_code_counts=dict(sorted(status_code_counts.items())),
-        served_backend_urls=sorted(
-            {result['backend_url'] for result in results if result['status_code'] == 200 and result['backend_url'] != 'unknown'}
-        ),
+        served_backend_urls=sorted({result['backend_url'] for result in results if result['status_code'] == 200 and result['backend_url'] != 'unknown'}),
         retry_counts=dict(sorted(retry_counts.items())),
     )
 
@@ -282,6 +279,15 @@ def with_backend_identifier(frame: pd.DataFrame) -> pd.DataFrame:
     return result
 
 
+def with_one_based_row_index(frame: pd.DataFrame) -> pd.DataFrame:
+    """Return a frame copy with a display-oriented one-based row index."""
+    result = frame.copy()
+    result.index = range(1, len(result) + 1)
+    result.index.name = 'Row'
+
+    return result
+
+
 def format_gateway_distribution(frame: pd.DataFrame) -> pd.DataFrame:
     """Return gateway distribution values formatted for display."""
     result = frame.copy()
@@ -290,11 +296,16 @@ def format_gateway_distribution(frame: pd.DataFrame) -> pd.DataFrame:
     result['AverageBackendMs'] = average_backend_ms.map(lambda value: '' if pd.isna(value) else f'{value:,.1f}')
     result['SuccessRate'] = success_rate.map(lambda value: '' if pd.isna(value) else f'{value:.2f}%')
     if 'Backend URL' in result.columns:
-        backend_names = result['Backend URL'].str.extract(r'/deployments/([a-z]-[^/]+)', expand=False).fillna('')
+        backend_names = result['Backend URL'].str.extract(r'/deployments/([a-z]-[^/]+)', expand=False)
         result['Backend'] = backend_names.str.replace('-', ') ', n=1, regex=False)
+        missing_backend = backend_names.isna()
+        client_errors = pd.to_numeric(result.get('Client Errors', pd.Series(0, index=result.index)), errors='coerce').fillna(0)
+        server_errors = pd.to_numeric(result.get('Server Errors', pd.Series(0, index=result.index)), errors='coerce').fillna(0)
+        result.loc[missing_backend, 'Backend'] = 'Backend not recorded'
+        result.loc[missing_backend & server_errors.gt(0), 'Backend'] = 'APIM failure (no final backend recorded)'
+        result.loc[missing_backend & server_errors.eq(0) & client_errors.gt(0), 'Backend'] = 'Gateway rejection (no backend call)'
         result = result.drop(columns=['Backend URL'])
-
-    return result
+    return with_one_based_row_index(result)
 
 
 def get_priority_and_weight(backend_index: int, backend_labels: Mapping[int, str]) -> tuple[int, int]:
@@ -337,10 +348,7 @@ def build_scenario_report_row(
     observed_backend_failures = backend_retries_absorbed + caller_visible_failures
     terminal_503_responses = status_counts.get(503, 0)
     priority_mix = '\n'.join(f'P{priority}: {", ".join(weight_mix)}' for priority, weight_mix in sorted(weights_by_priority.items()))
-    retry_mix = (
-        '\n'.join(f'{retry_count}: {count} ({count / total_requests:.1%})' for retry_count, count in sorted(retry_counts.items()) if retry_count > 0)
-        or 'None'
-    )
+    retry_mix = '\n'.join(f'{retry_count}: {count} ({count / total_requests:.1%})' for retry_count, count in sorted(retry_counts.items()) if retry_count > 0) or 'None'
     if unresolved_requests:
         unresolved_mix = f'No resolved backend: {unresolved_requests} ({unresolved_requests / total_requests:.1%})'
         priority_mix = f'{priority_mix}\n{unresolved_mix}' if priority_mix else unresolved_mix
@@ -403,8 +411,7 @@ def generate_local_html_report(
     scenario_groups = _build_report_scenario_groups(scenario_results, backend_url_indexes, backend_labels)
     report = HtmlReport(
         'Inference Failover Run Report',
-        f'APIM source region: {context.apim_source_region} | Deployment: {context.deployment_name} | '
-        f'Resource group: {context.resource_group_name}',
+        f'APIM source region: {context.apim_source_region} | Deployment: {context.deployment_name} | Resource group: {context.resource_group_name}',
     )
     success_rate = (tests.tests_passed / tests.total_tests * 100) if tests.total_tests else 0
     report.add_metrics(
@@ -432,18 +439,14 @@ def generate_local_html_report(
     if scenario_request_count and all(result['status_code'] == 200 for _, _, _, results, _, _ in scenario_definitions for result in results):
         report.add_success_callout(
             'All scenario requests returned HTTP 200',
-            f'All {scenario_request_count} controlled inference requests completed successfully. '
-            'APIM served the full run without a caller-visible error.',
+            f'All {scenario_request_count} controlled inference requests completed successfully. APIM served the full run without a caller-visible error.',
         )
 
     for model_name, model_scenarios in scenario_groups:
         report.add_table(
             HtmlText(f'Scenario Outcomes: {model_name}', bold_tokens=(model_name,)),
             ['', 'Test #', 'Scenario', 'Requests', 'HTTP 200', 'Other', 'APIM retries', 'Priority / weight mix', 'What the data says'],
-            [
-                build_scenario_report_row(test_id, title, results, url_index, labels)
-                for test_id, title, _, results, url_index, labels in model_scenarios
-            ],
+            [build_scenario_report_row(test_id, title, results, url_index, labels) for test_id, title, _, results, url_index, labels in model_scenarios],
             HtmlText(
                 'The green checkmark indicates that every request returned HTTP 200 from the caller perspective, '
                 'including successes after APIM retries. '
@@ -618,10 +621,7 @@ def _add_token_telemetry(report: HtmlReport, token_frame: pd.DataFrame | None) -
 
 def _build_azure_links(context: InferenceReportContext) -> dict[str, str]:
     portal_base = f'https://portal.azure.com/#@{context.tenant_id}/resource'
-    apim_id = (
-        f'/subscriptions/{context.subscription_id}/resourceGroups/{context.resource_group_name}'
-        f'/providers/Microsoft.ApiManagement/service/{context.apim_name}'
-    )
+    apim_id = f'/subscriptions/{context.subscription_id}/resourceGroups/{context.resource_group_name}/providers/Microsoft.ApiManagement/service/{context.apim_name}'
 
     return {
         'Workbook': f'{portal_base}{context.workbook_id}/workbook',
diff --git a/samples/inference-failover/main.bicep b/samples/inference-failover/main.bicep
index da10aa8e..a5b59106 100644
--- a/samples/inference-failover/main.bicep
+++ b/samples/inference-failover/main.bicep
@@ -348,31 +348,31 @@ module gpt51BackendPool '../../shared/bicep/modules/apim/v1/backend-pool.bicep'
   params: {
     apimName: apimName
     backendPoolName: 'inference-gpt-5-1-pool'
-    backendPoolDescription: 'gpt-5.1 routing preference: in-region PTU, out-of-region PTU, in-region PAYG, then equal-weight out-of-region PAYG.'
+    backendPoolDescription: 'gpt-5.1 routing preference: equal-weight PTUs, in-region PAYG, then equal-weight remaining PAYG.'
     backends: [
       {
         name: 'gpt-5-1-PTU-eastus2'
         priority: 1
-        weight: 100
+        weight: 50
       }
       {
         name: 'gpt-5-1-PTU-westus3'
-        priority: 2
-        weight: 100
+        priority: 1
+        weight: 50
       }
       {
         name: 'gpt-5-1-PAYG-eastus2'
-        priority: 3
+        priority: 2
         weight: 100
       }
       {
         name: 'gpt-5-1-PAYG-westus3'
-        priority: 4
+        priority: 3
         weight: 50
       }
       {
         name: 'gpt-5-1-PAYG-southcentralus'
-        priority: 4
+        priority: 3
         weight: 50
       }
     ]
@@ -387,26 +387,26 @@ module gpt41MiniBackendPool '../../shared/bicep/modules/apim/v1/backend-pool.bic
   params: {
     apimName: apimName
     backendPoolName: 'inference-gpt-4-1-mini-pool'
-    backendPoolDescription: 'gpt-4.1-mini routing preference: in-region PTU, out-of-region PTU, in-region PAYG, then out-of-region PAYG.'
+    backendPoolDescription: 'gpt-4.1-mini routing preference: equal-weight PTUs, in-region PAYG, then remaining PAYG.'
     backends: [
       {
         name: 'gpt-4-1-mini-PTU-eastus2'
         priority: 1
-        weight: 100
+        weight: 50
       }
       {
         name: 'gpt-4-1-mini-PTU-westus3'
-        priority: 2
-        weight: 100
+        priority: 1
+        weight: 50
       }
       {
         name: 'gpt-4-1-mini-PAYG-eastus2'
-        priority: 3
+        priority: 2
         weight: 100
       }
       {
         name: 'gpt-4-1-mini-PAYG-southcentralus'
-        priority: 4
+        priority: 3
         weight: 100
       }
     ]
diff --git a/samples/inference-failover/queries/README.md b/samples/inference-failover/queries/README.md
index 26bbe1e1..ac4a4d57 100644
--- a/samples/inference-failover/queries/README.md
+++ b/samples/inference-failover/queries/README.md
@@ -17,10 +17,8 @@ Adjust `timeWindow` when investigating a shorter incident window or a longer tre
 
 ## Signal Sources
 
-| Table | What the queries use |
-| --- | --- |
-| `ApiManagementGatewayLogs` | Caller-visible response codes, final backend response codes, backend placement, timing, APIM errors, and policy trace records. |
-| `ApiManagementGatewayLlmLog` | Correlated model deployment, prompt token, completion token, total token, and message-chunk telemetry. |
+- `ApiManagementGatewayLogs`: Caller-visible response codes, final backend response codes, backend placement, timing, APIM errors, and policy trace records.
+- `ApiManagementGatewayLlmLog`: Correlated model deployment, prompt token, completion token, total token, and message-chunk telemetry.
 
 The retry-aware queries count compact `InferenceAttempt` entries in `TraceRecords`. Exhausted fallback is derived from native `ResponseCode`, `BackendResponseCode`, and `LastErrorReason` fields.
 
@@ -28,7 +26,7 @@ The retry-aware queries count compact `InferenceAttempt` entries in `TraceRecord
 
 ### [backend-distribution.kql](backend-distribution.kql)
 
-Use this query to see where APIM ultimately placed inference requests. It groups gateway rows by API and concrete backend URL or backend ID, then reports request volume, successes, throttled responses, server failures, average backend latency, and success rate.
+Use this query to see where APIM ultimately placed inference requests. It parses the Azure OpenAI account name from the final backend URL, groups gateway rows by API, AOAI instance, and concrete backend URL or backend ID, then reports the exact caller and final-backend status sets, successes, non-throttling client errors, throttled responses, server errors, residual responses, average backend latency, and success rate. The outcome counts are mutually exclusive and add up to the request total.
 
 This is a useful first view when validating weighted distribution or checking whether pressure moved traffic to a regional fallback tier.
 
@@ -36,13 +34,13 @@ This is a useful first view when validating weighted distribution or checking wh
 
 Use this query to compare caller-visible results with the final backend response after APIM retry handling. It classifies requests as successful without failover, recovered after failover, fallback exhausted, caller-visible throttling, caller-visible server error, or another outcome.
 
-The output includes average attempt count and average backend latency for each API, outcome, caller response code, and final backend response code combination.
+The output includes average attempt count and average backend latency for each API, AOAI instance, outcome, caller response code, and final backend response code combination.
 
 ### [failure-analysis.kql](failure-analysis.kql)
 
 Use this query when investigating degraded traffic or a failed pressure scenario. It filters out requests that succeeded without failover and classifies the remaining rows as recovered failovers, exhausted fallback chains, final-backend throttling, final-backend server errors, caller-visible errors, or native APIM pipeline errors.
 
-The output includes request count, average and maximum attempts, average total latency, P95 total latency, and APIM error source and reason where available.
+The output includes the final AOAI instance, request count, average and maximum attempts, average total latency, P95 total latency, and APIM error source and reason where available.
 
 ### [llm-telemetry-coverage.kql](llm-telemetry-coverage.kql)
 
@@ -54,11 +52,11 @@ The output reports requests, token totals, LLM row counts, and request and respo
 
 Use this query for a per-request investigation after a summary query identifies an anomaly. It joins gateway and LLM rows by `CorrelationId` and returns one operator-focused row for each inference request.
 
-The output includes caller and backend status codes, backend placement, latency, retry counts, the extracted attempt trail, fallback exhaustion state, token usage, message-chunk counts, native APIM errors, and raw trace records. Filter by `CorrelationId` when tracing one request end to end.
+The output includes caller and backend status codes, AOAI account and backend placement, latency, retry counts, the extracted attempt trail, fallback exhaustion state, token usage, message-chunk counts, native APIM errors, and raw trace records. Filter by `CorrelationId` when tracing one request end to end.
 
 ### [token-throughput.kql](token-throughput.kql)
 
-Use this query to measure token-bearing model consumption across API routes and concrete backends. It joins token-bearing LLM rows to gateway placement rows by `CorrelationId`, then summarizes request count and prompt, completion, and total tokens by API, backend, and model.
+Use this query to measure token-bearing model consumption across API routes and concrete backends. It joins token-bearing LLM rows to gateway placement rows by `CorrelationId`, then summarizes request count and prompt, completion, and total tokens by API, AOAI instance, backend, and model.
 
 This view helps connect routing behavior to model usage and identify which fallback tiers served token-bearing requests.
 
diff --git a/samples/inference-failover/queries/backend-distribution.kql b/samples/inference-failover/queries/backend-distribution.kql
index b81e8533..e49fb06a 100644
--- a/samples/inference-failover/queries/backend-distribution.kql
+++ b/samples/inference-failover/queries/backend-distribution.kql
@@ -8,7 +8,22 @@ ApiManagementGatewayLogs
 | where TimeGenerated > ago(timeWindow)
 | where ApiId in~ (apiIds)
 | project TimeGenerated, ApiId, BackendId, BackendUrl, ResponseCode, BackendResponseCode, BackendTime
+| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')
 | extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')
-| summarize Requests = count(), Successes = countif(ResponseCode between (200 .. 299)), Throttled = countif(ResponseCode == 429), Failures = countif(ResponseCode >= 500), AverageBackendMs = round(avg(BackendTime), 1) by ApiId, Backend
-| extend SuccessRate = round(100.0 * Successes / Requests, 1)
+| summarize
+	Requests = count(),
+	CallerResponseCodes = make_set(ResponseCode),
+	FinalBackendResponseCodes = make_set(BackendResponseCode),
+	Successes = countif(ResponseCode between (200 .. 299)),
+	ClientErrors = countif(ResponseCode between (400 .. 499) and ResponseCode != 429),
+	Throttled = countif(ResponseCode == 429),
+	ServerErrors = countif(ResponseCode >= 500),
+	AverageBackendMs = round(avg(BackendTime), 1)
+	by ApiId, AOAIInstance, Backend
+| extend
+	CallerResponseCodes = tostring(array_sort_asc(CallerResponseCodes)),
+	FinalBackendResponseCodes = tostring(array_sort_asc(FinalBackendResponseCodes)),
+	OtherResponses = Requests - Successes - ClientErrors - Throttled - ServerErrors,
+	SuccessRate = round(100.0 * Successes / Requests, 1)
+| project ApiId, AOAIInstance, Backend, Requests, CallerResponseCodes, FinalBackendResponseCodes, Successes, ClientErrors, Throttled, ServerErrors, OtherResponses, AverageBackendMs, SuccessRate
 | order by ApiId asc, Requests desc
diff --git a/samples/inference-failover/queries/failover-outcomes.kql b/samples/inference-failover/queries/failover-outcomes.kql
index c012c18b..a87606f2 100644
--- a/samples/inference-failover/queries/failover-outcomes.kql
+++ b/samples/inference-failover/queries/failover-outcomes.kql
@@ -12,6 +12,7 @@ ApiManagementGatewayLogs
 | extend FailoverOccurred = AttemptCount > 1
 | extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503))
 	or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))
+| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')
 | extend Outcome = case(
 	FallbackExhausted, 'Fallback exhausted',
 	ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after failover',
@@ -19,5 +20,5 @@ ApiManagementGatewayLogs
 	ResponseCode == 429, 'Caller received throttling',
 	ResponseCode >= 500, 'Caller received server error',
 	'Other')
-| summarize Requests = count(), AverageAttempts = round(avg(AttemptCount), 2), AverageBackendMs = round(avg(BackendTime), 1) by ApiId, Outcome, ResponseCode, BackendResponseCode
+| summarize Requests = count(), AverageAttempts = round(avg(AttemptCount), 2), AverageBackendMs = round(avg(BackendTime), 1) by ApiId, AOAIInstance, Outcome, ResponseCode, BackendResponseCode
 | order by ApiId asc, Requests desc
diff --git a/samples/inference-failover/queries/failure-analysis.kql b/samples/inference-failover/queries/failure-analysis.kql
index 76be0907..81d19ed8 100644
--- a/samples/inference-failover/queries/failure-analysis.kql
+++ b/samples/inference-failover/queries/failure-analysis.kql
@@ -12,6 +12,7 @@ ApiManagementGatewayLogs
 | extend FailoverOccurred = AttemptCount > 1
 | extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503))
     or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))
+| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')
 | extend FailureType = case(
     FallbackExhausted, 'Fallback exhausted at APIM',
     ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',
@@ -28,5 +29,5 @@ ApiManagementGatewayLogs
     MaximumAttempts = max(AttemptCount),
     AverageTotalMs = round(avg(TotalTime), 1),
     P95TotalMs = round(percentile(TotalTime, 95), 1)
-    by ApiId, FailureType, ResponseCode, BackendResponseCode, LastErrorSource, LastErrorReason
+    by ApiId, AOAIInstance, FailureType, ResponseCode, BackendResponseCode, LastErrorSource, LastErrorReason
 | order by Requests desc, ApiId asc
diff --git a/samples/inference-failover/queries/request-details.kql b/samples/inference-failover/queries/request-details.kql
index 56b7ed3b..1247a408 100644
--- a/samples/inference-failover/queries/request-details.kql
+++ b/samples/inference-failover/queries/request-details.kql
@@ -14,6 +14,7 @@ let gatewayRequests = materialize(ApiManagementGatewayLogs
 | extend FailoverOccurred = AttemptCount > 1
 | extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503))
     or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))
+| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')
 | extend AttemptTrail = strcat_array(
     extract_all(@'(InferenceAttempt\|n=[0-9]+\|code=(?:[0-9]+|none))', TraceText),
     ' -> '));
@@ -41,6 +42,7 @@ gatewayRequests
     ResponseCode,
     BackendResponseCode,
     BackendId,
+    AOAIInstance,
     BackendUrl,
     TotalTime,
     BackendTime,
diff --git a/samples/inference-failover/queries/token-throughput.kql b/samples/inference-failover/queries/token-throughput.kql
index f2ba7248..089bca56 100644
--- a/samples/inference-failover/queries/token-throughput.kql
+++ b/samples/inference-failover/queries/token-throughput.kql
@@ -13,6 +13,7 @@ ApiManagementGatewayLlmLog
 | where TotalTokens > 0 and isnotempty(ModelName)
 | summarize PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by CorrelationId, ModelName
 | join kind=inner requestRoutes on CorrelationId
+| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')
 | extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')
-| summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, Backend, ModelName
+| summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, AOAIInstance, Backend, ModelName
 | order by TotalTokens desc
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 9dadcf71..3fd44230 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -35,6 +35,17 @@
     'gpt-4-1-mini-PTU-westus3',
     'gpt-4-1-mini-PAYG-southcentralus',
 }
+EXPECTED_POOL_MEMBERS = [
+    ('gpt-5.1', 'A', 'gpt-5-1-PTU-eastus2', 'In-region PTU', 1, 50),
+    ('gpt-5.1', 'D', 'gpt-5-1-PTU-westus3', 'Out-of-region PTU', 1, 50),
+    ('gpt-5.1', 'B', 'gpt-5-1-PAYG-eastus2', 'In-region PAYG', 2, 100),
+    ('gpt-5.1', 'E', 'gpt-5-1-PAYG-westus3', 'Out-of-region PAYG', 3, 50),
+    ('gpt-5.1', 'G', 'gpt-5-1-PAYG-southcentralus', 'Out-of-region PAYG', 3, 50),
+    ('gpt-4.1-mini', 'C', 'gpt-4-1-mini-PTU-eastus2', 'In-region PTU', 1, 50),
+    ('gpt-4.1-mini', 'F', 'gpt-4-1-mini-PTU-westus3', 'Out-of-region PTU', 1, 50),
+    ('gpt-4.1-mini', 'D', 'gpt-4-1-mini-PAYG-eastus2', 'In-region PAYG', 2, 100),
+    ('gpt-4.1-mini', 'H', 'gpt-4-1-mini-PAYG-southcentralus', 'Out-of-region PAYG', 3, 100),
+]
 
 
 def _load_workbook() -> dict:
@@ -105,6 +116,44 @@ def test_inference_failover_workbook_leaves_missing_numeric_aggregates_empty() -
     assert 'P95BackendMs = iff(isfinite(toreal(P95BackendMs)), round(P95BackendMs, 1), real(null))' in serialized
 
 
+def test_backend_distribution_reports_exact_and_exhaustive_outcomes() -> None:
+    """Expose exact statuses and classify every caller response in both distribution views."""
+    standalone_query = (QUERIES_PATH / 'backend-distribution.kql').read_text(encoding='utf-8')
+    workbook_query = _find_workbook_item(_load_workbook()['items'], 'query - backend-distribution')['content']['query']
+
+    for query in (standalone_query, workbook_query):
+        assert 'CallerResponseCodes = make_set(ResponseCode)' in query
+        assert 'FinalBackendResponseCodes = make_set(BackendResponseCode)' in query
+        assert 'ClientErrors = countif(ResponseCode between (400 .. 499) and ResponseCode != 429)' in query
+        assert 'Throttled = countif(ResponseCode == 429)' in query
+        assert 'ServerErrors = countif(ResponseCode >= 500)' in query
+        assert 'OtherResponses = Requests - Successes - ClientErrors - Throttled - ServerErrors' in query
+
+
+def test_inference_queries_report_final_aoai_account_instance() -> None:
+    """Derive the Azure OpenAI account from the final backend URL in every placement view."""
+    instance_expression = "AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')"
+    standalone_paths = [
+        QUERIES_PATH / 'backend-distribution.kql',
+        QUERIES_PATH / 'failure-analysis.kql',
+        QUERIES_PATH / 'failover-outcomes.kql',
+        QUERIES_PATH / 'request-details.kql',
+        QUERIES_PATH / 'token-throughput.kql',
+    ]
+    workbook = _load_workbook()
+    workbook_item_names = [
+        'query - backend-distribution',
+        'query - failover-request-trails',
+        'query - failure-taxonomy',
+        'query - raw-failure-explorer',
+        'query - token-throughput',
+        'query - request-explorer',
+    ]
+
+    assert all(instance_expression in path.read_text(encoding='utf-8') for path in standalone_paths)
+    assert all(instance_expression in _find_workbook_item(workbook['items'], name)['content']['query'] for name in workbook_item_names)
+
+
 def test_inference_failover_request_explorer_shows_many_rows() -> None:
     """Keep Request Explorer auto-sized with a high row limit and filtering."""
     request_explorer = _find_workbook_item(_load_workbook()['items'], 'query - request-explorer')['content']
@@ -113,6 +162,27 @@ def test_inference_failover_request_explorer_shows_many_rows() -> None:
     assert request_explorer['gridSettings'] == {'filter': True, 'rowLimit': 10000}
 
 
+def test_inference_failover_workbook_uses_readable_table_column_titles() -> None:
+    """Keep workbook table headers readable without changing internal telemetry names."""
+    workbook = _load_workbook()
+    expected_aliases = {
+        'query - outcome-status-matrix': ("['API'] = ApiId", "['Average Total (ms)'] = AverageTotalMs"),
+        'query - backend-distribution': ("['AOAI Instance'] = AOAIInstance", "['APIM Statuses'] = CallerResponseCodes"),
+        'query - failover-summary': ("['Maximum Attempts'] = MaximumAttempts", "['P95 Total (ms)'] = P95TotalMs"),
+        'query - failover-request-trails': ("['Correlation ID'] = CorrelationId", "['Attempt Trail'] = AttemptTrail"),
+        'query - failure-taxonomy': ("['Failure Type'] = FailureType", "['Last Error Reason'] = LastErrorReason"),
+        'query - raw-failure-explorer': ("['Backend URL'] = BackendUrl", "['Trace Records'] = TraceRecords"),
+        'query - token-throughput': ("['Model Deployment'] = DeploymentName", "['Total Tokens'] = TotalTokens"),
+        'query - llm-telemetry-coverage': ("['LLM Rows'] = LlmRows", "['Response Message Chunks'] = ResponseMessageChunks"),
+        'query - request-explorer': ("['AOAI Instance'] = AOAIInstance", "['LLM Request ID'] = LlmRequestId"),
+    }
+
+    for item_name, aliases in expected_aliases.items():
+        query = _find_workbook_item(workbook['items'], item_name)['content']['query']
+        assert '| project-rename ' in query
+        assert all(alias in query for alias in aliases)
+
+
 def test_inference_failover_kql_queries_scope_to_ai_gateway_signals() -> None:
     """Ensure focused KQL query files remain available and tied to AI telemetry tables."""
     query_text = '\n'.join(path.read_text(encoding='utf-8') for path in KQL_PATHS)
@@ -268,34 +338,26 @@ def test_inference_policy_decisions_cover_every_documented_status() -> None:
 def test_inference_readme_documents_exact_response_handling_matrix() -> None:
     """Keep the documented status-code contract synchronized with the policy."""
     readme = README_PATH.read_text(encoding='utf-8')
+    normalized_table_rows = {'| ' + ' | '.join(cell.strip() for cell in line.strip().strip('|').split('|')) + ' |' for line in readme.splitlines() if line.startswith('|')}
     expected_rows = [
         '| 200 | - | - | 200 | Success | None | Return the successful response. |',
         '| 400 | No | No | 400 | Client | Low | Return unchanged; may indicate an invalid request or content filtering. |',
         '| 401 | No | No | 401 | Auth | Medium | Return unchanged; correct backend authentication. |',
         '| 403 | No | No | 403 | AuthZ | Medium | Return unchanged; correct backend authorization. |',
         '| 404 | No | No | 404 | Config | Medium | Return unchanged; correct the backend URL or deployment name. |',
-        (
-            '| 408 | Yes | Yes | 200 or 408 | Timeout | Medium | Retry another backend; return the explicit HTTP timeout if the fallback '
-            'chain is exhausted. |'
-        ),
+        ('| 408 | Yes | Yes | 200 or 408 | Timeout | Medium | Retry another backend; return the explicit HTTP timeout if the fallback chain is exhausted. |'),
         '| 409 | No | Sometimes | 200 or 409 | Conflict | Medium | Retry only when `Retry-After` marks the conflict as transient. |',
-        (
-            '| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Retry another eligible backend; return exhausted '
-            'capacity with the soonest `Retry-After`. |'
-        ),
+        ('| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Retry another eligible backend; return exhausted capacity with the soonest `Retry-After`. |'),
         ('| 499 | Yes | Yes | 200 or 499 | Custom | Medium | Retry another backend when PTU exhaustion is represented by a transformed `408`. |'),
         '| 500 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
         '| 502 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
-        (
-            '| 503 | Yes | Yes | 200, 429, or 503 | Infra | High | Retry another backend; return `429` when `Retry-After` '
-            'identifies capacity, otherwise normalize exhaustion to `503`. |'
-        ),
+        ('| 503 | Yes | Yes | 200, 429, or 503 | Infra | High | Retry another backend; return `429` when `Retry-After` identifies capacity, otherwise normalize exhaustion to `503`. |'),
         '| 504 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
         ('| null | No | Yes | 200 or 503 | Transport | High | Retry after no backend response; normalize handled transport failures to `503`. |'),
     ]
 
-    assert all(row in readme for row in expected_rows)
-    assert '| Backend Code | Trip Breaker | Retry | Caller Codes | Category | Severity | Handling |' in readme
+    assert all(row in normalized_table_rows for row in expected_rows)
+    assert '| Backend Code | Trip Breaker | Retry | Caller Codes | Category | Severity | Handling |' in normalized_table_rows
     assert '"Trip Breaker" applies to the backend that returned the response' in readme
     assert '`https://unresolvable.invalid`' in readme
     assert 'does **not** simulate a client disconnect' in readme
@@ -304,6 +366,21 @@ def test_inference_readme_documents_exact_response_handling_matrix() -> None:
     assert '`curl --max-time 1`' in readme
 
 
+def test_inference_readme_defines_load_balancer_source_of_truth() -> None:
+    """Keep the documented priority and weight contract complete and explicit."""
+    readme = README_PATH.read_text(encoding='utf-8')
+
+    assert '### Load Balancer Configuration' in readme
+    assert 'table is the source of truth for both model-safe APIM backend pools' in readme
+    assert '**Priority 1 - all PTUs:**' in readme
+    assert '**Priority 2 - in-region PAYG:**' in readme
+    assert '**Priority 3 - any PAYG:**' in readme
+
+    for model, label, backend_name, capacity_tier, priority, weight in EXPECTED_POOL_MEMBERS:
+        expected_cells = [f'`{model}`', label, f'`{backend_name}`', capacity_tier, str(priority), str(weight)]
+        assert any([cell.strip() for cell in row.strip().strip('|').split('|')] == expected_cells for row in readme.splitlines() if row.startswith('|'))
+
+
 def test_inference_bicep_contains_only_compatible_model_backend_pools() -> None:
     """Check the model deployment constellation, pool scope, and circuit breaker contract."""
     bicep = BICEP_PATH.read_text(encoding='utf-8')
@@ -328,19 +405,14 @@ def test_inference_bicep_contains_only_compatible_model_backend_pools() -> None:
     breaker_body = circuit_breaker_block.group('body')
     assert re.search(r'count:\s*1\b', breaker_body)
 
-    status_ranges = {
-        status_code
-        for minimum, maximum in re.findall(r'min:\s*(\d+)\s+max:\s*(\d+)', breaker_body)
-        for status_code in range(int(minimum), int(maximum) + 1)
-    }
+    status_ranges = {status_code for minimum, maximum in re.findall(r'min:\s*(\d+)\s+max:\s*(\d+)', breaker_body) for status_code in range(int(minimum), int(maximum) + 1)}
     assert status_ranges == {408, 429, 499, 500, 502, 503, 504}
     assert 'enableLlmLogs: true' in bicep
     assert f'backendPoolName: {single_quote}inference-gpt-5-1-pool{single_quote}' in bicep
     assert f'backendPoolName: {single_quote}inference-gpt-4-1-mini-pool{single_quote}' in bicep
-    assert "name: 'gpt-5-1-PTU-westus3'\n        priority: 2" in bicep
-    assert "name: 'gpt-5-1-PAYG-eastus2'\n        priority: 3" in bicep
-    assert "name: 'gpt-4-1-mini-PTU-westus3'\n        priority: 2" in bicep
-    assert "name: 'gpt-4-1-mini-PAYG-eastus2'\n        priority: 3" in bicep
+    for _, _, backend_name, _, priority, weight in EXPECTED_POOL_MEMBERS:
+        expected_member = f"name: '{backend_name}'\n        priority: {priority}\n        weight: {weight}"
+        assert expected_member in bicep
     backend_declaration_order = [
         'gpt-5-1-PTU-eastus2',
         'gpt-5-1-PTU-westus3',
@@ -414,18 +486,45 @@ def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
     assert "queries_path / 'verify-llm-ingestion.kql'" in code_source
     assert "queries_path / 'backend-distribution.kql'" in code_source
     assert "queries_path / 'token-throughput.kql'" in code_source
-    assert "columns=['API', 'Backend URL', 'Requests', 'Successes', 'Throttled', 'Failures', 'AverageBackendMs', 'SuccessRate']" in code_source
+    expected_distribution_columns = (
+        "columns=['API', 'AOAI Instance', 'Backend URL', 'Requests', 'APIM Statuses', 'Final Backend Statuses', 'Successes', "
+        "'Client Errors', 'Throttled', 'Server Errors', 'Other Responses', 'AverageBackendMs', 'SuccessRate']"
+    )
+    assert expected_distribution_columns in code_source
     assert 'def with_backend_identifier(' not in code_source
     assert 'def format_gateway_distribution(' not in code_source
     assert 'distribution_frame = inference_failover_helpers.with_backend_identifier(distribution_frame)' in code_source
     assert 'distribution_frame = inference_failover_helpers.format_gateway_distribution(distribution_frame)' in code_source
     assert code_source.count("distribution_frame.pivot(index='API', columns='Backend', values='Requests')") == 1
-    assert "columns=['API', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens']" in code_source
+    assert "columns=['API', 'AOAI Instance', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens']" in code_source
     assert 'token_frame = inference_failover_helpers.with_backend_identifier(token_frame)' in code_source
+    assert 'token_frame = inference_failover_helpers.with_one_based_row_index(token_frame)' in code_source
     assert 'plt.show()' in code_source
     assert 'Route Graph' in '\n'.join(''.join(cell['source']) for cell in notebook['cells'])
 
 
+def test_inference_notebook_runs_deterministic_http_contract_probes() -> None:
+    """Keep safe live status probes executable and fault-only paths explained."""
+    notebook = json.loads(NOTEBOOK_PATH.read_text(encoding='utf-8'))
+    code_source = '\n'.join(''.join(cell['source']) for cell in notebook['cells'] if cell['cell_type'] == 'code')
+    markdown_source = '\n'.join(''.join(cell['source']) for cell in notebook['cells'] if cell['cell_type'] == 'markdown')
+
+    expected_status_assertions = [
+        'probe_results.success.status_code, 200',
+        'probe_results.malformed.status_code, 400',
+        'probe_results.missing_key.status_code, 401',
+        'probe_results.unknown_operation.status_code, 404',
+    ]
+    assert all(assertion in code_source for assertion in expected_status_assertions)
+    assert "probe_results.malformed.headers.get('X-Backend-Retry'), '0'" in code_source
+    assert "'X-Backend-Retry' in probe_results.missing_key.headers" in code_source
+    assert "'X-Backend-Retry' in probe_results.unknown_operation.headers" in code_source
+    assert 'contract_tests.print_summary()' in code_source
+    assert 'if contract_tests.tests_failed:' in code_source
+    assert 'controlled `403`, both `409` branches, deterministic `429`' in markdown_source
+    assert 'DNS/TLS failures, timeouts, and true caller disconnects' in markdown_source
+
+
 def test_inference_notebook_generates_local_html_report() -> None:
     """Keep the end-of-run local report and link in the notebook flow."""
     notebook = json.loads(NOTEBOOK_PATH.read_text(encoding='utf-8'))
diff --git a/tests/python/test_inference_failover_helpers.py b/tests/python/test_inference_failover_helpers.py
index 50c87223..0ff1383a 100644
--- a/tests/python/test_inference_failover_helpers.py
+++ b/tests/python/test_inference_failover_helpers.py
@@ -27,6 +27,7 @@
     summarize_scenario,
     validate_status,
     with_backend_identifier,
+    with_one_based_row_index,
 )
 
 
@@ -122,8 +123,9 @@ def test_retry_and_status_validation_reject_malformed_responses():
 def test_contract_probes_construct_each_gateway_case():
     responses = [_response(), _response(400), _response(401), _response(404)]
     runner, session = _create_runner(responses=responses)
+    payload = {'messages': []}
 
-    results = runner.run_contract_probes('https://gateway.example/inference', 'https://gateway.example/unknown', 'key', {'messages': []})
+    results = runner.run_contract_probes('https://gateway.example/inference', 'https://gateway.example/unknown', 'key', payload)
 
     assert [results.success.status_code, results.malformed.status_code, results.missing_key.status_code, results.unknown_operation.status_code] == [
         200,
@@ -131,9 +133,18 @@ def test_contract_probes_construct_each_gateway_case():
         401,
         404,
     ]
-    assert session.post.call_args_list[1].kwargs['data'] == '{"messages":'
-    assert 'headers' not in session.post.call_args_list[2].kwargs
-    assert session.post.call_args_list[3].args[0] == 'https://gateway.example/unknown'
+    assert session.post.call_args_list[0].args == ('https://gateway.example/inference',)
+    assert session.post.call_args_list[0].kwargs == {'headers': {'api-key': 'key'}, 'json': payload, 'timeout': 120}
+    assert session.post.call_args_list[1].args == ('https://gateway.example/inference',)
+    assert session.post.call_args_list[1].kwargs == {
+        'headers': {'api-key': 'key', 'Content-Type': 'application/json'},
+        'data': '{"messages":',
+        'timeout': 120,
+    }
+    assert session.post.call_args_list[2].args == ('https://gateway.example/inference',)
+    assert session.post.call_args_list[2].kwargs == {'json': payload, 'timeout': 120}
+    assert session.post.call_args_list[3].args == ('https://gateway.example/unknown',)
+    assert session.post.call_args_list[3].kwargs == {'headers': {'api-key': 'key'}, 'json': payload, 'timeout': 120}
 
 
 @pytest.mark.unit
@@ -206,6 +217,8 @@ def test_dataframe_helpers_are_non_mutating_and_idempotent():
     assert 'Backend' not in source.columns
     assert identified['Backend'].tolist() == ['a']
     assert repeated.equals(identified)
+    assert formatted.index.tolist() == [1]
+    assert formatted.index.name == 'Row'
     assert formatted['Backend'].tolist() == ['a) model']
     assert formatted['AverageBackendMs'].tolist() == ['1,234.5']
     assert formatted['SuccessRate'].tolist() == ['98.20%']
@@ -222,6 +235,40 @@ def test_with_backend_identifier_leaves_frames_without_urls_unchanged():
     assert result is not source
 
 
+@pytest.mark.unit
+def test_format_gateway_distribution_explains_rows_without_backend_identity():
+    source = pd.DataFrame(
+        [
+            ['api-a', '(backend not recorded)', '[503]', 0, 6],
+            ['api-b', '(backend not recorded)', '[401,404]', 2, 0],
+        ],
+        columns=['API', 'Backend URL', 'APIM Statuses', 'Client Errors', 'Server Errors'],
+    )
+    source['AverageBackendMs'] = 'not available'
+    source['SuccessRate'] = '0.0'
+
+    result = format_gateway_distribution(source)
+
+    assert result.index.tolist() == [1, 2]
+    assert result.index.name == 'Row'
+    assert result['Backend'].tolist() == [
+        'APIM failure (no final backend recorded)',
+        'Gateway rejection (no backend call)',
+    ]
+
+
+@pytest.mark.unit
+def test_with_one_based_row_index_is_non_mutating():
+    source = pd.DataFrame([['first'], ['second']], columns=['Value'])
+
+    result = with_one_based_row_index(source)
+
+    assert source.index.tolist() == [0, 1]
+    assert source.index.name is None
+    assert result.index.tolist() == [1, 2]
+    assert result.index.name == 'Row'
+
+
 @pytest.mark.unit
 def test_format_gateway_distribution_leaves_frames_without_backend_urls():
     source = pd.DataFrame([['api', 'not available', 'not available']], columns=['API', 'AverageBackendMs', 'SuccessRate'])

From 31580a06d4b817a6b61b6f9638a4b3a00bac9d07 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Fri, 12 Jun 2026 18:53:04 -0400
Subject: [PATCH 22/31] Tweaks

---
 .../inference-failover.workbook.json          | 255 ++++++++++++++++++
 tests/python/test_inference_failover.py       |  33 ++-
 2 files changed, 287 insertions(+), 1 deletion(-)

diff --git a/samples/inference-failover/inference-failover.workbook.json b/samples/inference-failover/inference-failover.workbook.json
index 7de2d6df..29461c8d 100644
--- a/samples/inference-failover/inference-failover.workbook.json
+++ b/samples/inference-failover/inference-failover.workbook.json
@@ -229,6 +229,49 @@
           },
           {
             "content": {
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "^(Requests|Failovers|Fallback Exhausted)$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 0,
+                        "maximumFractionDigits": 0
+                      }
+                    }
+                  },
+                  {
+                    "columnMatch": "Average Attempts",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 2,
+                        "maximumFractionDigits": 2
+                      }
+                    }
+                  },
+                  {
+                    "columnMatch": "^(Average Total \\(ms\\)|P95 Total \\(ms\\))$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 1,
+                        "maximumFractionDigits": 1
+                      }
+                    }
+                  }
+                ]
+              },
               "noDataMessage": "No inference outcomes found for the selected time range.",
               "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| summarize Requests = count(), Failovers = countif(FailoverOccurred), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = avg(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by ApiId asc, Requests desc\n| project-rename ['API'] = ApiId, ['Fallback Exhausted'] = FallbackExhausted, ['Average Attempts'] = AverageAttempts, ['Average Total (ms)'] = AverageTotalMs, ['P95 Total (ms)'] = P95TotalMs",
               "queryType": 0,
@@ -266,6 +309,36 @@
           },
           {
             "content": {
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "^(Requests|Successes|Client Errors|Throttled|Server Errors|Other Responses|Backend Throttled|Backend Unavailable)$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 0,
+                        "maximumFractionDigits": 0
+                      }
+                    }
+                  },
+                  {
+                    "columnMatch": "^(Average Backend \\(ms\\)|P95 Backend \\(ms\\))$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 1,
+                        "maximumFractionDigits": 1
+                      }
+                    }
+                  }
+                ]
+              },
               "noDataMessage": "No backend distribution data found for the selected time range.",
               "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), CallerResponseCodes = make_set(ResponseCode), FinalBackendResponseCodes = make_set(BackendResponseCode), Successes = countif(ResponseCode between (200 .. 299)), ClientErrors = countif(ResponseCode between (400 .. 499) and ResponseCode != 429), Throttled = countif(ResponseCode == 429), ServerErrors = countif(ResponseCode >= 500), BackendThrottled = countif(BackendResponseCode == 429), BackendUnavailable = countif(BackendResponseCode == 503), AverageBackendMs = avg(BackendTime), P95BackendMs = percentile(BackendTime, 95) by ApiId, AOAIInstance, Backend\n| extend CallerResponseCodes = tostring(array_sort_asc(CallerResponseCodes)), FinalBackendResponseCodes = tostring(array_sort_asc(FinalBackendResponseCodes)), OtherResponses = Requests - Successes - ClientErrors - Throttled - ServerErrors, AverageBackendMs = iff(isfinite(toreal(AverageBackendMs)), round(AverageBackendMs, 1), real(null)), P95BackendMs = iff(isfinite(toreal(P95BackendMs)), round(P95BackendMs, 1), real(null))\n| project ApiId, AOAIInstance, Backend, Requests, CallerResponseCodes, FinalBackendResponseCodes, Successes, ClientErrors, Throttled, ServerErrors, OtherResponses, BackendThrottled, BackendUnavailable, AverageBackendMs, P95BackendMs\n| order by ApiId asc, Requests desc\n| project-rename ['API'] = ApiId, ['AOAI Instance'] = AOAIInstance, ['APIM Statuses'] = CallerResponseCodes, ['Final Backend Statuses'] = FinalBackendResponseCodes, ['Client Errors'] = ClientErrors, ['Server Errors'] = ServerErrors, ['Other Responses'] = OtherResponses, ['Backend Throttled'] = BackendThrottled, ['Backend Unavailable'] = BackendUnavailable, ['Average Backend (ms)'] = AverageBackendMs, ['P95 Backend (ms)'] = P95BackendMs",
               "queryType": 0,
@@ -303,6 +376,49 @@
           },
           {
             "content": {
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "^(Requests|Recovered|Fallback Exhausted|Maximum Attempts)$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 0,
+                        "maximumFractionDigits": 0
+                      }
+                    }
+                  },
+                  {
+                    "columnMatch": "Average Attempts",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 2,
+                        "maximumFractionDigits": 2
+                      }
+                    }
+                  },
+                  {
+                    "columnMatch": "^(Average Total \\(ms\\)|P95 Total \\(ms\\))$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 1,
+                        "maximumFractionDigits": 1
+                      }
+                    }
+                  }
+                ]
+              },
               "noDataMessage": "No policy-recorded failover trails found. Redeploy the sample after the trace policy update, generate traffic, and allow Log Analytics ingestion to complete.",
               "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| where Attempts > 1 or FallbackExhausted\n| summarize Requests = count(), Recovered = countif(ResponseCode between (200 .. 299)), FallbackExhausted = countif(FallbackExhausted), AverageAttempts = avg(Attempts), MaximumAttempts = max(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by ApiId asc\n| project-rename ['API'] = ApiId, ['Fallback Exhausted'] = FallbackExhausted, ['Average Attempts'] = AverageAttempts, ['Maximum Attempts'] = MaximumAttempts, ['Average Total (ms)'] = AverageTotalMs, ['P95 Total (ms)'] = P95TotalMs",
               "queryType": 0,
@@ -318,6 +434,23 @@
           },
           {
             "content": {
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "^(Attempts|Retried Failures)$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 0,
+                        "maximumFractionDigits": 0
+                      }
+                    }
+                  }
+                ]
+              },
               "noDataMessage": "No policy-recorded failover trails found for the selected time range.",
               "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend RetriedFailures = max_of(Attempts - 1, 0)\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| extend AttemptTrail = strcat_array(extract_all(@'(InferenceAttempt\\|n=[0-9]+\\|code=(?:[0-9]+|none))', TraceText), ' -> ')\n| where Attempts > 1 or FallbackExhausted\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, Attempts, RetriedFailures, FallbackExhausted, AOAIInstance, BackendUrl, AttemptTrail\n| order by TimeGenerated desc\n| project-rename ['Time'] = TimeGenerated, ['Correlation ID'] = CorrelationId, ['API'] = ApiId, ['Retried Failures'] = RetriedFailures, ['Fallback Exhausted'] = FallbackExhausted, ['AOAI Instance'] = AOAIInstance, ['Backend URL'] = BackendUrl, ['Attempt Trail'] = AttemptTrail",
               "queryType": 0,
@@ -355,6 +488,49 @@
           },
           {
             "content": {
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "^(Requests|Maximum Attempts)$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 0,
+                        "maximumFractionDigits": 0
+                      }
+                    }
+                  },
+                  {
+                    "columnMatch": "Average Attempts",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 2,
+                        "maximumFractionDigits": 2
+                      }
+                    }
+                  },
+                  {
+                    "columnMatch": "^(Average Total \\(ms\\)|P95 Total \\(ms\\))$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 1,
+                        "maximumFractionDigits": 1
+                      }
+                    }
+                  }
+                ]
+              },
               "noDataMessage": "No recovered failovers or failures found for the selected time range.",
               "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| extend TraceText = tostring(TraceRecords)\n| extend Attempts = countof(TraceText, 'InferenceAttempt')\n| extend FailoverOccurred = Attempts > 1\n| extend FallbackExhausted = (ResponseCode == 429 and BackendResponseCode in (429, 503)) or (ResponseCode == 503 and (BackendResponseCode in (500, 502, 503, 504) or LastErrorReason in ('BackendConnectionFailure', 'Timeout')))\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| extend FailureType = case(\n    FallbackExhausted, 'Fallback exhausted at APIM',\n    ResponseCode between (200 .. 299) and FailoverOccurred, 'Recovered after backend failover',\n    BackendResponseCode == 429, 'Final backend throttled',\n    BackendResponseCode >= 500, 'Final backend server error',\n    ResponseCode between (400 .. 499), 'Caller-visible client error',\n    ResponseCode >= 500, 'Caller-visible server error',\n    isnotempty(LastErrorReason), 'APIM pipeline error',\n    'Successful without failover')\n| where FailureType != 'Successful without failover'\n| summarize Requests = count(), AverageAttempts = avg(Attempts), MaximumAttempts = max(Attempts), AverageTotalMs = avg(TotalTime), P95TotalMs = percentile(TotalTime, 95) by ApiId, AOAIInstance, FailureType, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, LastErrorSource, LastErrorReason\n| extend AverageAttempts = iff(isfinite(toreal(AverageAttempts)), round(AverageAttempts, 2), real(null)), AverageTotalMs = iff(isfinite(toreal(AverageTotalMs)), round(AverageTotalMs, 1), real(null)), P95TotalMs = iff(isfinite(toreal(P95TotalMs)), round(P95TotalMs, 1), real(null))\n| order by Requests desc, ApiId asc\n| project-rename ['API'] = ApiId, ['AOAI Instance'] = AOAIInstance, ['Failure Type'] = FailureType, ['Average Attempts'] = AverageAttempts, ['Maximum Attempts'] = MaximumAttempts, ['Average Total (ms)'] = AverageTotalMs, ['P95 Total (ms)'] = P95TotalMs, ['Last Error Source'] = LastErrorSource, ['Last Error Reason'] = LastErrorReason",
               "queryType": 0,
@@ -370,6 +546,23 @@
           },
           {
             "content": {
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "^(Total Time \\(ms\\)|Backend Time \\(ms\\))$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 1,
+                        "maximumFractionDigits": 1
+                      }
+                    }
+                  }
+                ]
+              },
               "noDataMessage": "No raw failure rows found for the selected time range.",
               "query": "ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| where ResponseCode >= 400 or BackendResponseCode >= 400 or isnotempty(LastErrorReason)\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| project TimeGenerated, CorrelationId, ApiId, ['APIM Response'] = ResponseCode, ['Final Backend Response'] = BackendResponseCode, AOAIInstance, BackendUrl, TotalTime, BackendTime, LastErrorSource, LastErrorReason, LastErrorSection, LastErrorMessage, Errors, TraceRecords\n| order by TimeGenerated desc\n| project-rename ['Time'] = TimeGenerated, ['Correlation ID'] = CorrelationId, ['API'] = ApiId, ['AOAI Instance'] = AOAIInstance, ['Backend URL'] = BackendUrl, ['Total Time (ms)'] = TotalTime, ['Backend Time (ms)'] = BackendTime, ['Last Error Source'] = LastErrorSource, ['Last Error Reason'] = LastErrorReason, ['Last Error Section'] = LastErrorSection, ['Last Error Message'] = LastErrorMessage, ['Trace Records'] = TraceRecords",
               "queryType": 0,
@@ -407,6 +600,23 @@
           },
           {
             "content": {
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "^(Requests|Prompt Tokens|Completion Tokens|Total Tokens)$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 0,
+                        "maximumFractionDigits": 0
+                      }
+                    }
+                  }
+                ]
+              },
               "noDataMessage": "No successful token-bearing inference rows found for the selected time range.",
               "query": "let routes = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, BackendId, BackendUrl);\nApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| where TotalTokens > 0 and isnotempty(ModelName)\n| project CorrelationId, ModelName, DeploymentName, PromptTokens, CompletionTokens, TotalTokens\n| summarize DeploymentName = take_any(DeploymentName), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by CorrelationId, ModelName\n| join kind=inner routes on CorrelationId\n| extend AOAIInstance = iff(isnotempty(BackendUrl), tostring(split(tostring(parse_url(BackendUrl).Host), '.')[0]), '')\n| extend Backend = case(isnotempty(BackendUrl), BackendUrl, isnotempty(BackendId), BackendId, '(backend not recorded)')\n| summarize Requests = count(), PromptTokens = sum(PromptTokens), CompletionTokens = sum(CompletionTokens), TotalTokens = sum(TotalTokens) by ApiId, AOAIInstance, Backend, ModelName, DeploymentName\n| order by TotalTokens desc\n| project-rename ['API'] = ApiId, ['AOAI Instance'] = AOAIInstance, ['Model'] = ModelName, ['Model Deployment'] = DeploymentName, ['Prompt Tokens'] = PromptTokens, ['Completion Tokens'] = CompletionTokens, ['Total Tokens'] = TotalTokens",
               "queryType": 0,
@@ -422,6 +632,23 @@
           },
           {
             "content": {
+              "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "^(Requests|Total Tokens|LLM Rows|Request Message Chunks|Response Message Chunks)$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 0,
+                        "maximumFractionDigits": 0
+                      }
+                    }
+                  }
+                ]
+              },
               "noDataMessage": "No APIM inference requests found for the selected time range.",
               "query": "let gatewayRequests = materialize(ApiManagementGatewayLogs\n| where TimeGenerated {TimeRange}\n| where ApiId in~ ('inference-gpt-5-1', 'inference-gpt-4-1-mini')\n| project CorrelationId, ApiId, ResponseCode);\nlet llmPerRequest = ApiManagementGatewayLlmLog\n| where TimeGenerated {TimeRange}\n| summarize TotalTokens = sum(TotalTokens), LlmRows = count(), RequestMessageChunks = countif(isnotempty(tostring(RequestMessages))), ResponseMessageChunks = countif(isnotempty(tostring(ResponseMessages))) by CorrelationId;\ngatewayRequests\n| join kind=leftouter llmPerRequest on CorrelationId\n| extend Coverage = case(ResponseCode !between (200 .. 299), 'Not expected for non-2xx response', coalesce(TotalTokens, 0) > 0, 'Token telemetry recorded', 'Successful request without token telemetry')\n| summarize Requests = count(), TotalTokens = sum(coalesce(TotalTokens, 0)), LlmRows = sum(coalesce(LlmRows, 0)), RequestMessageChunks = sum(coalesce(RequestMessageChunks, 0)), ResponseMessageChunks = sum(coalesce(ResponseMessageChunks, 0)) by ApiId, Coverage\n| order by ApiId asc, Coverage asc\n| project-rename ['API'] = ApiId, ['Total Tokens'] = TotalTokens, ['LLM Rows'] = LlmRows, ['Request Message Chunks'] = RequestMessageChunks, ['Response Message Chunks'] = ResponseMessageChunks",
               "queryType": 0,
@@ -475,6 +702,34 @@
           {
             "content": {
               "gridSettings": {
+                "formatters": [
+                  {
+                    "columnMatch": "^(Attempts|Retried Failures|Prompt Tokens|Completion Tokens|Total Tokens|LLM Rows|Request Message Chunks|Response Message Chunks)$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 0,
+                        "maximumFractionDigits": 0
+                      }
+                    }
+                  },
+                  {
+                    "columnMatch": "^(Total Time \\(ms\\)|Backend Time \\(ms\\))$",
+                    "formatter": 0,
+                    "numberFormat": {
+                      "unit": 0,
+                      "options": {
+                        "style": "decimal",
+                        "useGrouping": true,
+                        "minimumFractionDigits": 1,
+                        "maximumFractionDigits": 1
+                      }
+                    }
+                  }
+                ],
                 "filter": true,
                 "rowLimit": 10000
               },
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 3fd44230..0f442b89 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -159,7 +159,8 @@ def test_inference_failover_request_explorer_shows_many_rows() -> None:
     request_explorer = _find_workbook_item(_load_workbook()['items'], 'query - request-explorer')['content']
 
     assert request_explorer['size'] == 0
-    assert request_explorer['gridSettings'] == {'filter': True, 'rowLimit': 10000}
+    assert request_explorer['gridSettings']['filter'] is True
+    assert request_explorer['gridSettings']['rowLimit'] == 10000
 
 
 def test_inference_failover_workbook_uses_readable_table_column_titles() -> None:
@@ -183,6 +184,36 @@ def test_inference_failover_workbook_uses_readable_table_column_titles() -> None
         assert all(alias in query for alias in aliases)
 
 
+def test_inference_failover_workbook_groups_quantitative_table_values() -> None:
+    """Use grouped numeric display with metric-appropriate precision in every table."""
+    workbook = _load_workbook()
+    expected_precision = {
+        'query - outcome-status-matrix': [0, 2, 1],
+        'query - backend-distribution': [0, 1],
+        'query - failover-summary': [0, 2, 1],
+        'query - failover-request-trails': [0],
+        'query - failure-taxonomy': [0, 2, 1],
+        'query - raw-failure-explorer': [1],
+        'query - token-throughput': [0],
+        'query - llm-telemetry-coverage': [0],
+        'query - request-explorer': [0, 1],
+    }
+
+    for item_name, precision in expected_precision.items():
+        grid_settings = _find_workbook_item(workbook['items'], item_name)['content']['gridSettings']
+        formatters = grid_settings['formatters']
+
+        assert len(formatters) == len(precision)
+        for formatter, fraction_digits in zip(formatters, precision, strict=True):
+            options = formatter['numberFormat']['options']
+            assert formatter['formatter'] == 0
+            assert formatter['numberFormat']['unit'] == 0
+            assert options['style'] == 'decimal'
+            assert options['useGrouping'] is True
+            assert options['minimumFractionDigits'] == fraction_digits
+            assert options['maximumFractionDigits'] == fraction_digits
+
+
 def test_inference_failover_kql_queries_scope_to_ai_gateway_signals() -> None:
     """Ensure focused KQL query files remain available and tied to AI telemetry tables."""
     query_text = '\n'.join(path.read_text(encoding='utf-8') for path in KQL_PATHS)

From cfbea0e606bcc54fdef4d2699bdf360ecebe7221 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Fri, 12 Jun 2026 20:27:17 -0400
Subject: [PATCH 23/31] Fix test

---
 tests/python/test_inference_failover.py | 47 +++++++++++++++++++++----
 1 file changed, 41 insertions(+), 6 deletions(-)

diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 0f442b89..73343592 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -1,5 +1,6 @@
 """Regression tests for the AOAI-only Inference Failover sample assets."""
 
+import ast
 import json
 import re
 from pathlib import Path
@@ -53,6 +54,28 @@ def _load_workbook() -> dict:
     return json.loads(WORKBOOK_PATH.read_text(encoding='utf-8'))
 
 
+def _get_dataframe_columns(code_cells: list[dict], frame_name: str) -> list[str]:
+    """Return the literal columns assigned when constructing a notebook DataFrame."""
+    assignment_prefix = f'{frame_name} = pd.DataFrame('
+    source = next(''.join(cell['source']) for cell in code_cells if assignment_prefix in ''.join(cell['source']))
+
+    for node in ast.walk(ast.parse(source)):
+        if not isinstance(node, ast.Assign):
+            continue
+        if not any(isinstance(target, ast.Name) and target.id == frame_name for target in node.targets):
+            continue
+        if not isinstance(node.value, ast.Call):
+            continue
+        columns_keyword = next((keyword for keyword in node.value.keywords if keyword.arg == 'columns'), None)
+        if columns_keyword is not None:
+            columns = ast.literal_eval(columns_keyword.value)
+            assert isinstance(columns, list)
+            assert all(isinstance(column, str) for column in columns)
+            return columns
+
+    raise AssertionError(f'No literal columns found for {frame_name}')
+
+
 def _collect_item_names(items: list[dict]) -> set[str]:
     """Collect workbook item names recursively from nested tab groups."""
     names = {item['name'] for item in items if item.get('name')}
@@ -517,17 +540,29 @@ def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
     assert "queries_path / 'verify-llm-ingestion.kql'" in code_source
     assert "queries_path / 'backend-distribution.kql'" in code_source
     assert "queries_path / 'token-throughput.kql'" in code_source
-    expected_distribution_columns = (
-        "columns=['API', 'AOAI Instance', 'Backend URL', 'Requests', 'APIM Statuses', 'Final Backend Statuses', 'Successes', "
-        "'Client Errors', 'Throttled', 'Server Errors', 'Other Responses', 'AverageBackendMs', 'SuccessRate']"
-    )
-    assert expected_distribution_columns in code_source
+    expected_distribution_columns = [
+        'API',
+        'AOAI Instance',
+        'Backend URL',
+        'Requests',
+        'APIM Statuses',
+        'Final Backend Statuses',
+        'Successes',
+        'Client Errors',
+        'Throttled',
+        'Server Errors',
+        'Other Responses',
+        'AverageBackendMs',
+        'SuccessRate',
+    ]
+    assert _get_dataframe_columns(code_cells, 'distribution_frame') == expected_distribution_columns
     assert 'def with_backend_identifier(' not in code_source
     assert 'def format_gateway_distribution(' not in code_source
     assert 'distribution_frame = inference_failover_helpers.with_backend_identifier(distribution_frame)' in code_source
     assert 'distribution_frame = inference_failover_helpers.format_gateway_distribution(distribution_frame)' in code_source
     assert code_source.count("distribution_frame.pivot(index='API', columns='Backend', values='Requests')") == 1
-    assert "columns=['API', 'AOAI Instance', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens']" in code_source
+    expected_token_columns = ['API', 'AOAI Instance', 'Backend URL', 'Model', 'Requests', 'PromptTokens', 'CompletionTokens', 'TotalTokens']
+    assert _get_dataframe_columns(code_cells, 'token_frame') == expected_token_columns
     assert 'token_frame = inference_failover_helpers.with_backend_identifier(token_frame)' in code_source
     assert 'token_frame = inference_failover_helpers.with_one_based_row_index(token_frame)' in code_source
     assert 'plt.show()' in code_source

From 9fdde5294f996a6a895d9e21c3bb2379381617b3 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Mon, 15 Jun 2026 16:29:05 -0400
Subject: [PATCH 24/31] Test updates

---
 samples/inference-failover/README.md          |  20 ++-
 samples/inference-failover/WAF-COMPARISON.md  |  68 ++++----
 ...nference-api-policy-with-retry-tracked.xml | 155 ++++++++++++++++++
 .../apim-policies/inference-api-policy.xml    |  85 ++--------
 samples/inference-failover/create.ipynb       |  49 ++++--
 .../inference_failover_helpers.py             |  44 +++--
 tests/python/test_inference_failover.py       |  92 +++++++----
 .../python/test_inference_failover_helpers.py |  21 ++-
 8 files changed, 360 insertions(+), 174 deletions(-)
 create mode 100644 samples/inference-failover/apim-policies/inference-api-policy-with-retry-tracked.xml

diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
index 13b3caba..917eac6d 100644
--- a/samples/inference-failover/README.md
+++ b/samples/inference-failover/README.md
@@ -30,7 +30,7 @@ An AI platform prefers all provisioned capacity before using pay-as-you-go capac
 
 ### Response Handling Rules
 
-The inference policy uses the following response-handling matrix. "Trip Breaker" applies to the backend that returned the response. "Caller Codes" lists the recovery code first and the exhausted terminal code second when both are possible.
+The primary inference policy used by the notebook scenarios follows this response-handling matrix. "Trip Breaker" applies to the backend that returned the response. "Caller Codes" lists the recovery code first and the exhausted terminal code second when both are possible.
 
 | Backend Code | Trip Breaker | Retry     | Caller Codes     | Category  | Severity | Handling                                                                                                             |
 | ------------ | ------------ | --------- | ---------------- | --------- | -------- | -------------------------------------------------------------------------------------------------------------------- |
@@ -41,14 +41,16 @@ The inference policy uses the following response-handling matrix. "Trip Breaker"
 | 404          | No           | No        | 404              | Config    | Medium   | Return unchanged; correct the backend URL or deployment name.                                                        |
 | 408          | Yes          | Yes       | 200 or 408       | Timeout   | Medium   | Retry another backend; return the explicit HTTP timeout if the fallback chain is exhausted.                          |
 | 409          | No           | Sometimes | 200 or 409       | Conflict  | Medium   | Retry only when `Retry-After` marks the conflict as transient.                                                       |
-| 429          | Yes          | Yes       | 200 or 429       | Capacity  | Medium   | Retry another eligible backend; return exhausted capacity with the soonest `Retry-After`.                            |
+| 429          | Yes          | Yes       | 200 or 429       | Capacity  | Medium   | Retry another eligible backend; return the final `429` unchanged if all fallbacks are exhausted.                     |
 | 499          | Yes          | Yes       | 200 or 499       | Custom    | Medium   | Retry another backend when PTU exhaustion is represented by a transformed `408`.                                     |
 | 500          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
 | 502          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
-| 503          | Yes          | Yes       | 200, 429, or 503 | Infra     | High     | Retry another backend; return `429` when `Retry-After` identifies capacity, otherwise normalize exhaustion to `503`. |
+| 503          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
 | 504          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
 | null         | No           | Yes       | 200 or 503       | Transport | High     | Retry after no backend response; normalize handled transport failures to `503`.                                      |
 
+The sample also deploys `POST /inference/gpt-5-1-retry-tracked/chat/completions` with [inference-api-policy-with-retry-tracked.xml](apim-policies/inference-api-policy-with-retry-tracked.xml). This optional comparison route records the earliest future `Retry-After` value and returns a rewritten `429` only when all five gpt-5.1 backends return `429` in the same retry chain. The notebook does not call this route or include it in its KQL, charts, assertions, or local report because exhausting the full five-member pool is intentionally uncommon.
+
 ### Failure Test Coverage
 
 The notebook runs deterministic gateway contract probes before its capacity scenarios. These probes verify a valid `200`, an Azure OpenAI `400` from malformed JSON, an APIM `401` from a missing subscription key, and an APIM `404` from an unknown operation. The `400` also verifies `X-Backend-Retry: 0`, proving that client errors pass through without retry. The pressure scenarios exercise organic `429` handling against the intentionally small deployments. The remaining backend statuses require a controllable fault origin because Azure OpenAI does not provide a supported "return this status" test switch.
@@ -63,11 +65,11 @@ The notebook runs deterministic gateway contract probes before its capacity scen
 | `408`                       | No                         | Return an explicit `408` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover; an exhausted chain keeps `408`.                                        |
 | `409` without `Retry-After` | No                         | Use a local fault server, Mockoon, WireMock, or a temporary Container App that returns `409` without the header.                                           | One attempt; caller keeps `409`.                                                                                    |
 | `409` with `Retry-After`    | No                         | Return `409` plus `Retry-After: 1` from the controlled fault origin.                                                                                       | Retry count increases, but the backend circuit does not open.                                                       |
-| `429`                       | Yes, workload-dependent    | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin.                                              | Backend selection avoids the constrained backend; exhausted capacity returns `429` with the soonest recovery delay. |
+| `429`                       | Yes, workload-dependent    | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin.                                              | Backend selection avoids the constrained backend; an exhausted primary route returns the final backend `429`.       |
 | `499`                       | No                         | Transform a PTU-exhaustion `408` into `499`, or return `499` from the controlled fault origin.                                                             | Immediate circuit trip and backend failover; an exhausted chain keeps `499`.                                        |
 | `500`                       | No                         | Return an explicit `500` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover; an exhausted chain becomes generic `503`.                              |
 | `502`                       | No                         | Return an explicit `502` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover.                                                                        |
-| `503`                       | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin.                                                                             | Immediate failover; exhausted capacity with `Retry-After` becomes `429`, otherwise the chain becomes generic `503`. |
+| `503`                       | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin.                                                                             | Immediate failover; an exhausted chain becomes generic `503`.                                                       |
 | `504`                       | No                         | Return an explicit `504`; separately delay the origin beyond the APIM forwarding timeout to test transport timeout behavior.                               | HTTP `504` trips the circuit; timeout produces no backend HTTP response but is retried and normalized to `503`.     |
 | DNS/connection failure      | No                         | Point one isolated backend at a reserved nonexistent host such as `https://unresolvable.invalid`.                                                          | `BackendConnectionFailure`, retries, then generic `503` if all destinations fail.                                   |
 | TLS failure                 | No                         | Point an isolated backend at a host with an expired certificate or a certificate-name mismatch while TLS validation remains enabled.                       | Backend connection failure, retries, and no certificate detail disclosed to the caller.                             |
@@ -122,9 +124,9 @@ This lab adds the following to an existing APIM infrastructure:
 - Three regional Azure OpenAI resources containing nine `Standard` model deployments at `1` thousand TPM each.
 - Nine concrete APIM backends named using `<model>-<PTU|PAYG>-<region>`, each with TLS validation and separate circuit breakers for capacity, sustained internal errors, and immediate gateway or availability failures.
 - Model-specific APIM backends and one backend pool per model, so a retry never crosses to an incompatible deployment and circuit-breaker state remains isolated. APIM tracks circuit-breaker state at the backend resource; if models shared a backend, a `429` or another configured failure from one model could suppress traffic to a healthy model on that same backend.
-- Two AI Gateway APIs with managed identity authentication to Azure OpenAI: `POST /inference/gpt-5-1/chat/completions` retries four times across A/D -> B -> E/G, while `POST /inference/gpt-4-1-mini/chat/completions` retries three times across C/F -> D -> H. Members separated by `/` share a priority and have equal weights.
-
-- Model-specific retry policies that buffer the POST body while immediately retrying conditional conflicts, throttling, and listed infrastructure failures; cache the soonest `Retry-After` recovery time per model-safe pool; emit an information-level trace after every backend attempt; return caller-visible retry counts; return exhausted capacity as `429` with the remaining recovery delay; and return a generic `503` when infrastructure failover is exhausted.
+- Three AI Gateway APIs with managed identity authentication to Azure OpenAI. The two exercised routes are `POST /inference/gpt-5-1/chat/completions`, which retries four times across A/D -> B -> E/G, and `POST /inference/gpt-4-1-mini/chat/completions`, which retries three times across C/F -> D -> H. Members separated by `/` share a priority and have equal weights.
+- An optional `POST /inference/gpt-5-1-retry-tracked/chat/completions` route that shares the gpt-5.1 pool and demonstrates minimum `Retry-After` tracking. It is deployed for manual comparison and excluded from the notebook's automated traffic and verification.
+- Model-specific retry policies that buffer the POST body while immediately retrying conditional conflicts, throttling, and listed infrastructure failures; emit an information-level trace after every backend attempt; return caller-visible retry counts; and return a generic `503` when infrastructure failover is exhausted. Only the optional comparison policy caches the soonest recovery time and rewrites all-backend `429` exhaustion.
 - APIM AI Gateway diagnostics using the infrastructure-provided Log Analytics workspace and Application Insights component, plus an AOAI-only workbook for terminal outcomes, retry trails, backend distribution, APIM errors, token coverage, and latency.
 - An optional Standard Event Hubs namespace, telemetry hub, and `external-observability` consumer group in the APIM region for downstream stream processors, SIEM platforms, or external analytics systems.
 
@@ -155,7 +157,7 @@ The sample includes copy-paste KQL for aggregated outcomes, backend distribution
 
 ### Managed Identity And Privacy
 
-The inference API policy authenticates every selected backend request with APIM's system-assigned managed identity and the **Cognitive Services OpenAI User** role. It never stores or forwards an Azure OpenAI API key. For learning and testing, the infrastructure's global APIM policy returns the selected backend URL in the `X-Backend-URL` response header so the notebook can record routing decisions. Disable `revealBackendApiInfo` for production-like environments. The inference policy always returns `X-Backend-Retry`, including when fallback is exhausted, so callers can see how many backend failures APIM absorbed after the initial attempt. If fallback is exhausted, callers receive a generic `503` response without backend identity or placement information.
+The inference API policies authenticate every selected backend request with APIM's system-assigned managed identity and the **Cognitive Services OpenAI User** role. They never store or forward an Azure OpenAI API key. For learning and testing, the infrastructure's global APIM policy returns the selected backend URL in the `X-Backend-URL` response header so the notebook can record routing decisions. Disable `revealBackendApiInfo` for production-like environments. Each inference policy returns `X-Backend-Retry`, including when fallback is exhausted, so callers can see how many backend failures APIM absorbed after the initial attempt. Exhausted infrastructure and transport failures receive a generic `503` response without backend identity or placement information.
 
 This learning sample enables LLM prompt and completion message logging. Treat the Log Analytics workspace as sensitive. Before production use, review retention and role-based access, then disable message capture or reduce logged message size when full prompt/completion bodies are not required. The workbook reports chunk counts for completeness but intentionally does not render prompt or completion bodies.
 
diff --git a/samples/inference-failover/WAF-COMPARISON.md b/samples/inference-failover/WAF-COMPARISON.md
index ce542255..009564f8 100644
--- a/samples/inference-failover/WAF-COMPARISON.md
+++ b/samples/inference-failover/WAF-COMPARISON.md
@@ -21,7 +21,7 @@ The sample does not attempt to implement the complete throttling architecture fo
 
 ## Implemented Behavior
 
-The deployed behavior is defined in [main.bicep](main.bicep) and [inference-api-policy.xml](apim-policies/inference-api-policy.xml):
+The deployed behavior is defined in [main.bicep](main.bicep), the primary [inference-api-policy.xml](apim-policies/inference-api-policy.xml), and the optional [inference-api-policy-with-retry-tracked.xml](apim-policies/inference-api-policy-with-retry-tracked.xml):
 
 - One qualifying `408`, `429`, `499`, `500`, `502`, `503`, or `504` response opens that backend's circuit.
 - The normal circuit interval and trip duration are one minute.
@@ -30,7 +30,7 @@ The deployed behavior is defined in [main.bicep](main.bicep) and [inference-api-
 - The gpt-4.1-mini route permits three retries across four model-compatible backends.
 - Retryable responses are handled immediately with `interval="0"` and `first-fast-retry="true"`.
 - A circuit-open backend is excluded from subsequent pool selection, so an immediate retry normally selects another eligible backend.
-- Exhausted downstream capacity is returned as `429` with the soonest observed relative `Retry-After` value.
+- The primary routes preserve the final backend `429`; the optional retry-tracked gpt-5.1 route rewrites `429` with the soonest observed relative `Retry-After` only when all five backends returned `429`.
 - Exhausted infrastructure or transport failure is returned as a generic `503` without unsupported recovery guidance.
 - `X-Backend-Retry` and `InferenceAttempt` trace records expose the attempts absorbed by the gateway.
 
@@ -38,25 +38,25 @@ Although APIM calls this mechanism a `retry` policy, its role in this sample is
 
 ## Comparison Matrix
 
-| WAF practice | Sample behavior | Relationship | Sample-specific rationale |
-| --- | --- | --- | --- |
-| Treat overload as a normal operating mode | The notebook deliberately uses small Azure OpenAI deployments and pressure scenarios to produce observable throttling and recovery. | Direct alignment | Failure and recovery are part of the main scenario rather than exceptional test-only behavior. |
-| TP-2: Apply user and service limits at multiple entry points | APIM subscription validation protects the APIs, but the sample does not define workload-identity token quotas or operation-level admission limits. | Outside sample scope | The sample studies downstream failover. Caller contracts and service-wide admission limits belong to the adopting workload. |
-| TP-3: Return `429` for user limits and `503` for service constraints | The sample preserves downstream capacity exhaustion as `429` with `Retry-After`, while infrastructure exhaustion becomes `503`. | Deliberate specialization | Keeping capacity exhaustion distinct makes Azure OpenAI throttling and recovery observable. The sample is not claiming that the caller violated an APIM user quota. |
-| TP-3: Provide useful retry guidance | The policy preserves the soonest relative recovery delay observed across constrained pool members. | Direct alignment | A relative delay avoids absolute-time and clock-skew problems and gives the caller an actionable capacity signal. |
-| TP-3: Add standardized rate-limit metadata | The sample returns `Retry-After` and its educational `X-Backend-Retry` header, but not `RateLimit-Policy`, `RateLimit`, or `x-ms-ratelimit-used`. | Outside sample scope | APIM does not own a user or tenant rate contract in this sample, so publishing one would imply limits that the sample does not enforce. |
-| TP-5: Respect downstream backpressure | A throttled backend is removed from selection by its circuit, including an APIM circuit duration informed by `Retry-After`. | Direct alignment | The gateway stops sending traffic to the constrained deployment and uses independent regional capacity instead. |
-| TP-5: Keep retries bounded | Retry counts match the number of alternative model-compatible pool members. | Direct alignment | One caller request cannot create an unbounded retry storm. |
-| TP-5: Do not retry before `Retry-After` elapses | The gateway immediately tries another eligible backend instead of waiting for the constrained backend. | Deliberate specialization | Waiting inside a synchronous gateway request would consume request lifetime without using available alternative capacity. The constrained backend remains circuit-open for its recovery window. |
-| TP-5: Do not retry `503` without retry guidance | The policy can immediately fail over after a backend `503`, even without `Retry-After`. | Deliberate specialization | This is a bounded attempt against a different regional deployment, not a delayed retry against the same failing dependency. If alternatives are exhausted, the caller receives `503` without retry guidance. |
-| TP-5: Annotate downstream retries | The sample records attempts in traces and returns `X-Backend-Retry`, but does not send a `retry-attempt` request header to Azure OpenAI. | Partial alignment | The sample emphasizes gateway and operator observability. A production contract with a dependency that consumes retry metadata should add the request header where supported. |
-| TP-5: Use circuit breakers to fail fast | Each concrete Azure OpenAI deployment has isolated circuit state and is removed after one configured failure. | Direct alignment | Isolation prevents one model or regional deployment from suppressing an otherwise healthy destination. |
-| TP-5: Gradually reintroduce recovered traffic | A backend becomes eligible when APIM closes its circuit; the sample does not implement a separate ramp-up controller. | Deliberate simplification | Fixed recovery behavior makes the lab repeatable. Progressive re-entry requires workload-specific health, capacity, and priority signals. |
-| TP-7: Apply egress bulkheads | Backend pools bound attempts per request, but the sample does not impose a gateway-wide in-flight concurrency limit. | Outside sample scope | Pool failover and workload concurrency control solve different problems. Production callers and gateways should add concurrency controls based on their capacity model. |
-| TP-9: Keep throttling accounting out of the critical path | Circuit state is managed by APIM. Telemetry is emitted to Log Analytics and the optional Event Hub without synchronous analytical queries in request processing. | Direct alignment | Observability does not require a workbook or Log Analytics query to complete before inference proceeds. |
-| TP-11: Reassess and validate limits | The notebook runs low-capacity pressure, recovery, and exhaustion scenarios and provides controlled fault-testing guidance. | Direct alignment for a lab | Production adoption should automate periodic load, chaos, and regional outage validation. |
-| TP-12: Use state-aware throttling | Backend eligibility reacts to response status and `Retry-After`, but priorities and weights remain static. | Partial alignment | Response-aware circuit state is sufficient for the sample. Business-priority brownouts and dynamic token admission require application context not available here. |
-| TP-14: Shed load before the hard ceiling | The sample intentionally drives low-capacity deployments to their limit rather than randomly rejecting traffic early. | Deliberate specialization | Reaching the limit makes circuit breaking and failover visible. Random early drop would obscure the behavior the lab is designed to teach. |
+| WAF practice                                                         | Sample behavior                                                                                                                                                                  | Relationship               | Sample-specific rationale                                                                                                                                                                                    |
+| -------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Treat overload as a normal operating mode                            | The notebook deliberately uses small Azure OpenAI deployments and pressure scenarios to produce observable throttling and recovery.                                              | Direct alignment           | Failure and recovery are part of the main scenario rather than exceptional test-only behavior.                                                                                                               |
+| TP-2: Apply user and service limits at multiple entry points         | APIM subscription validation protects the APIs, but the sample does not define workload-identity token quotas or operation-level admission limits.                               | Outside sample scope       | The sample studies downstream failover. Caller contracts and service-wide admission limits belong to the adopting workload.                                                                                  |
+| TP-3: Return `429` for user limits and `503` for service constraints | The primary routes preserve the final downstream `429`, while infrastructure exhaustion becomes `503`; the optional comparison route rewrites only all-backend `429` exhaustion. | Deliberate specialization  | Keeping capacity exhaustion distinct makes Azure OpenAI throttling and recovery observable. The sample is not claiming that the caller violated an APIM user quota.                                          |
+| TP-3: Provide useful retry guidance                                  | The optional retry-tracked route preserves the soonest relative recovery delay observed across constrained pool members.                                                         | Direct alignment           | A relative delay avoids absolute-time and clock-skew problems and gives the caller an actionable capacity signal without burdening every route with tracking logic.                                          |
+| TP-3: Add standardized rate-limit metadata                           | The sample returns `Retry-After` and its educational `X-Backend-Retry` header, but not `RateLimit-Policy`, `RateLimit`, or `x-ms-ratelimit-used`.                                | Outside sample scope       | APIM does not own a user or tenant rate contract in this sample, so publishing one would imply limits that the sample does not enforce.                                                                      |
+| TP-5: Respect downstream backpressure                                | A throttled backend is removed from selection by its circuit, including an APIM circuit duration informed by `Retry-After`.                                                      | Direct alignment           | The gateway stops sending traffic to the constrained deployment and uses independent regional capacity instead.                                                                                              |
+| TP-5: Keep retries bounded                                           | Retry counts match the number of alternative model-compatible pool members.                                                                                                      | Direct alignment           | One caller request cannot create an unbounded retry storm.                                                                                                                                                   |
+| TP-5: Do not retry before `Retry-After` elapses                      | The gateway immediately tries another eligible backend instead of waiting for the constrained backend.                                                                           | Deliberate specialization  | Waiting inside a synchronous gateway request would consume request lifetime without using available alternative capacity. The constrained backend remains circuit-open for its recovery window.              |
+| TP-5: Do not retry `503` without retry guidance                      | The policy can immediately fail over after a backend `503`, even without `Retry-After`.                                                                                          | Deliberate specialization  | This is a bounded attempt against a different regional deployment, not a delayed retry against the same failing dependency. If alternatives are exhausted, the caller receives `503` without retry guidance. |
+| TP-5: Annotate downstream retries                                    | The sample records attempts in traces and returns `X-Backend-Retry`, but does not send a `retry-attempt` request header to Azure OpenAI.                                         | Partial alignment          | The sample emphasizes gateway and operator observability. A production contract with a dependency that consumes retry metadata should add the request header where supported.                                |
+| TP-5: Use circuit breakers to fail fast                              | Each concrete Azure OpenAI deployment has isolated circuit state and is removed after one configured failure.                                                                    | Direct alignment           | Isolation prevents one model or regional deployment from suppressing an otherwise healthy destination.                                                                                                       |
+| TP-5: Gradually reintroduce recovered traffic                        | A backend becomes eligible when APIM closes its circuit; the sample does not implement a separate ramp-up controller.                                                            | Deliberate simplification  | Fixed recovery behavior makes the lab repeatable. Progressive re-entry requires workload-specific health, capacity, and priority signals.                                                                    |
+| TP-7: Apply egress bulkheads                                         | Backend pools bound attempts per request, but the sample does not impose a gateway-wide in-flight concurrency limit.                                                             | Outside sample scope       | Pool failover and workload concurrency control solve different problems. Production callers and gateways should add concurrency controls based on their capacity model.                                      |
+| TP-9: Keep throttling accounting out of the critical path            | Circuit state is managed by APIM. Telemetry is emitted to Log Analytics and the optional Event Hub without synchronous analytical queries in request processing.                 | Direct alignment           | Observability does not require a workbook or Log Analytics query to complete before inference proceeds.                                                                                                      |
+| TP-11: Reassess and validate limits                                  | The notebook runs low-capacity pressure, recovery, and exhaustion scenarios and provides controlled fault-testing guidance.                                                      | Direct alignment for a lab | Production adoption should automate periodic load, chaos, and regional outage validation.                                                                                                                    |
+| TP-12: Use state-aware throttling                                    | Backend eligibility reacts to response status and `Retry-After`, but priorities and weights remain static.                                                                       | Partial alignment          | Response-aware circuit state is sufficient for the sample. Business-priority brownouts and dynamic token admission require application context not available here.                                           |
+| TP-14: Shed load before the hard ceiling                             | The sample intentionally drives low-capacity deployments to their limit rather than randomly rejecting traffic early.                                                            | Deliberate specialization  | Reaching the limit makes circuit breaking and failover visible. Random early drop would obscure the behavior the lab is designed to teach.                                                                   |
 
 ## Why Immediate Retry Is Appropriate Here
 
@@ -72,26 +72,26 @@ This sample uses a different sequence:
 
 The zero interval therefore avoids holding a synchronous inference request idle while healthy regional capacity might be available. The circuit breaker, model-safe pool, and bounded attempt count are all required for that choice to remain appropriate. Copying `interval="0"` into a policy without those controls would not preserve the same safety properties.
 
-## Why the Sample Returns 429 for Capacity Exhaustion
+## Why the Optional Route Tracks Capacity Exhaustion
 
-WAF recommends `429` for a caller exceeding a user limit and `503` for a service-wide constraint. The sample's terminal `429` is a deliberate educational contract for **downstream Azure OpenAI capacity exhaustion**, not an APIM user-limit decision.
+WAF recommends `429` for a caller exceeding a user limit and `503` for a service-wide constraint. The optional retry-tracked route's terminal `429` is a deliberate educational contract for **downstream Azure OpenAI capacity exhaustion**, not an APIM user-limit decision. The primary routes simply preserve a final backend `429` after bounded failover.
 
 This choice preserves two signals that the lab needs to demonstrate:
 
 - Capacity exhaustion remains distinguishable from infrastructure and transport failure.
-- The caller receives the earliest known `Retry-After` delay from the attempted capacity pool.
+- A caller of the optional route receives the earliest known `Retry-After` delay from the attempted capacity pool only when all five backends returned `429`.
 
-The sample returns `503` when it cannot make a supported capacity statement, such as exhausted infrastructure failures or backend connection failures. A production API can instead normalize pool-wide capacity exhaustion to `503` if its public contract follows the WAF user-limit versus service-limit distinction strictly. That is a contract decision at the workload boundary, not evidence that the sample's internal failover behavior is wrong.
+The sample returns `503` when it cannot make a supported capacity statement, such as mixed exhaustion, infrastructure failures, or backend connection failures. A production API can instead normalize pool-wide capacity exhaustion to `503` if its public contract follows the WAF user-limit versus service-limit distinction strictly. That is a contract decision at the workload boundary, not evidence that the sample's internal failover behavior is wrong.
 
 ## Responsibility Boundaries
 
-| Boundary | This sample demonstrates | Production workload responsibility |
-| --- | --- | --- |
-| Caller to APIM | Subscription authentication and terminal backpressure signals. | Backoff, jitter, retry budgets, deadlines, cancellation, workload identity, and safe replay semantics. |
-| APIM ingress | API and operation matching before the inference policy runs. | User and service token limits, differentiated priorities, blocking controls, and standardized rate-limit headers. |
-| APIM to Azure OpenAI | Model-safe selection, bounded failover, per-backend circuits, managed identity, and terminal response classification. | Concurrency limits, total request deadlines, dependency contracts, and production-specific timeout budgets. |
-| Operations | Retry traces, backend distribution, terminal outcomes, latency, and token telemetry. | Current limit saturation, top callers, alert thresholds, automated mitigation, drills, and periodic limit review. |
-| Adaptive control | Response-aware backend exclusion and recovery. | Brownouts, progressive re-entry, dynamic token costs, borrowing, and random early drop when required. |
+| Boundary             | This sample demonstrates                                                                                              | Production workload responsibility                                                                                |
+| -------------------- | --------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- |
+| Caller to APIM       | Subscription authentication and terminal backpressure signals.                                                        | Backoff, jitter, retry budgets, deadlines, cancellation, workload identity, and safe replay semantics.            |
+| APIM ingress         | API and operation matching before the inference policy runs.                                                          | User and service token limits, differentiated priorities, blocking controls, and standardized rate-limit headers. |
+| APIM to Azure OpenAI | Model-safe selection, bounded failover, per-backend circuits, managed identity, and terminal response classification. | Concurrency limits, total request deadlines, dependency contracts, and production-specific timeout budgets.       |
+| Operations           | Retry traces, backend distribution, terminal outcomes, latency, and token telemetry.                                  | Current limit saturation, top callers, alert thresholds, automated mitigation, drills, and periodic limit review. |
+| Adaptive control     | Response-aware backend exclusion and recovery.                                                                        | Brownouts, progressive re-entry, dynamic token costs, borrowing, and random early drop when required.             |
 
 ## Production Adoption
 
@@ -118,7 +118,7 @@ A production workload should add controls based on its own saturation vectors an
 
 The sample provides several ways to inspect the behavior described above:
 
-- [create.ipynb](create.ipynb) runs deterministic contract probes and pressure, recovery, and terminal exhaustion scenarios.
+- [create.ipynb](create.ipynb) runs deterministic contract probes and pressure, recovery, and terminal exhaustion scenarios against the two primary routes. It deploys but does not exercise the retry-tracked comparison route.
 - [failover-outcomes.kql](queries/failover-outcomes.kql) separates successful requests, recovered failovers, caller throttling, and exhausted fallback.
 - [failure-analysis.kql](queries/failure-analysis.kql) classifies backend failures and APIM pipeline errors.
 - [token-throughput.kql](queries/token-throughput.kql) reports the AI-specific saturation dimension of token volume.
@@ -129,6 +129,6 @@ The sample provides several ways to inspect the behavior described above:
 
 The sample and WAF guidance are complementary. WAF explains how an entire workload should control overload across ingress, internal components, egress, clients, and operations. This sample isolates one important part of that system and makes it observable: fast, bounded failover across independent Azure OpenAI capacity targets.
 
-Its immediate cross-backend attempts, one-failure circuit trips, capacity-preserving `429`, static recovery, and intentionally low deployment capacity are purpose-built for that demonstration. They are correct within the sample's boundary and should be carried into production only together with the broader workload controls appropriate to the adopting system.
+Its immediate cross-backend attempts, one-failure circuit trips, optional capacity-tracked `429`, static recovery, and intentionally low deployment capacity are purpose-built for that demonstration. They are correct within the sample's boundary and should be carried into production only together with the broader workload controls appropriate to the adopting system.
 
 [waf-throttling]: https://learn.microsoft.com/azure/well-architected/design-guides/throttling
diff --git a/samples/inference-failover/apim-policies/inference-api-policy-with-retry-tracked.xml b/samples/inference-failover/apim-policies/inference-api-policy-with-retry-tracked.xml
new file mode 100644
index 00000000..a2b60538
--- /dev/null
+++ b/samples/inference-failover/apim-policies/inference-api-policy-with-retry-tracked.xml
@@ -0,0 +1,155 @@
+<!--
+    Inference API policy template with absolute-time Retry-After tracking.
+
+    The notebook replaces BACKEND_POOL_ID, BACKEND_COUNT, and RETRY_COUNT. This optional policy
+    demonstrates the same tracked-recovery pattern as the load-balancing sample without adding it
+    to the inference traffic or verification scenarios.
+
+    Every backend response is counted. The policy returns a terminal 429 only when all configured
+    backends returned 429 during the current retry chain. Mixed capacity and infrastructure failures
+    are normalized to 503. The earliest future Retry-After instant is retained in the APIM cache so
+    repeated calls receive a decreasing relative delay.
+-->
+<policies>
+    <inbound>
+        <base />
+
+        <set-variable name="backendAttempt" value='@(0)' />
+        <set-variable name="backend429Attempt" value='@(0)' />
+        <set-backend-service backend-id="BACKEND_POOL_ID" />
+
+        <authentication-managed-identity resource="https://cognitiveservices.azure.com" output-token-variable-name="managed-id-access-token" ignore-error="false" />
+        <set-header name="Authorization" exists-action="override">
+            <value>@("Bearer " + (string)context.Variables["managed-id-access-token"])</value>
+        </set-header>
+
+        <set-header name="x-ms-client-request-id" exists-action="override">
+            <value>@(context.RequestId.ToString())</value>
+        </set-header>
+        <set-query-parameter name="api-version" exists-action="skip">
+            <value>2024-10-21</value>
+        </set-query-parameter>
+    </inbound>
+    <backend>
+        <!-- Retry immediately and let the backend pool's circuit breakers control backend selection. -->
+        <retry count="RETRY_COUNT" interval="0" first-fast-retry="true" condition='@(context.Response == null || context.Response.StatusCode == 408 || (context.Response.StatusCode == 409 &amp;&amp; context.Response.Headers.ContainsKey("Retry-After")) || context.Response.StatusCode == 429 || context.Response.StatusCode == 499 || context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504)'>
+            <set-variable name="backendAttempt" value='@(((int)context.Variables["backendAttempt"]) + 1)' />
+
+            <forward-request buffer-request-body="true" />
+
+            <!-- Count exact 429 responses and retain the earliest parseable recovery instant. -->
+            <choose>
+                <when condition='@(context.Response != null &amp;&amp; context.Response.StatusCode == 429)'>
+                    <set-variable name="backend429Attempt" value='@(((int)context.Variables["backend429Attempt"]) + 1)' />
+
+                    <choose>
+                        <when condition='@(context.Response.Headers.ContainsKey("Retry-After"))'>
+                            <cache-lookup-value key="inference-retry-min-BACKEND_POOL_ID" variable-name="cachedRetryEpoch" />
+
+                            <set-variable name="updatedRetryEpoch" value='@{
+                                int seconds;
+                                var retryAfter = context.Response.Headers.GetValueOrDefault("Retry-After", "0");
+                                if (!int.TryParse(retryAfter, out seconds) || seconds &lt;= 0) {
+                                    return context.Variables.GetValueOrDefault&lt;string&gt;("updatedRetryEpoch", "0");
+                                }
+
+                                var nowEpoch = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
+                                var candidateEpoch = nowEpoch + seconds;
+                                long currentEpoch;
+                                long cachedEpoch;
+                                var current = context.Variables.GetValueOrDefault&lt;string&gt;("updatedRetryEpoch", "0");
+                                var cached = context.Variables.GetValueOrDefault&lt;string&gt;("cachedRetryEpoch", "0");
+
+                                if (long.TryParse(current, out currentEpoch) &amp;&amp; currentEpoch &gt; nowEpoch &amp;&amp; currentEpoch &lt; candidateEpoch) {
+                                    candidateEpoch = currentEpoch;
+                                }
+                                if (long.TryParse(cached, out cachedEpoch) &amp;&amp; cachedEpoch &gt; nowEpoch &amp;&amp; cachedEpoch &lt; candidateEpoch) {
+                                    candidateEpoch = cachedEpoch;
+                                }
+
+                                return candidateEpoch.ToString();
+                            }' />
+
+                            <cache-store-value key="inference-retry-min-BACKEND_POOL_ID" value='@((string)context.Variables["updatedRetryEpoch"])' duration="300" />
+                        </when>
+                    </choose>
+                </when>
+            </choose>
+
+            <trace source="InferenceFailover" severity="information">
+                <message>@("InferenceAttempt|n=" + ((int)context.Variables["backendAttempt"]).ToString() + "|code=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()))</message>
+            </trace>
+        </retry>
+    </backend>
+    <outbound>
+        <set-variable name="backendRetry" value='@(Math.Max(0, ((int)context.Variables["backendAttempt"]) - 1).ToString())' />
+        <set-header name="X-Backend-Retry" exists-action="override">
+            <value>@((string)context.Variables["backendRetry"])</value>
+        </set-header>
+
+        <!-- Ordinary final HTTP responses continue through outbound after retry exhaustion. -->
+        <choose>
+            <when condition='@(context.Response != null &amp;&amp; context.Response.StatusCode == 429 &amp;&amp; context.Variables.GetValueOrDefault&lt;int&gt;("backendAttempt", 0) == BACKEND_COUNT &amp;&amp; context.Variables.GetValueOrDefault&lt;int&gt;("backend429Attempt", 0) == BACKEND_COUNT)'>
+                <set-variable name="retryAfterSeconds" value='@{
+                    var retryEpoch = context.Variables.GetValueOrDefault&lt;string&gt;("updatedRetryEpoch", "0");
+                    long parsedEpoch;
+                    var nowEpoch = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
+                    if (!long.TryParse(retryEpoch, out parsedEpoch) || parsedEpoch &lt;= nowEpoch) {
+                        return 1L;
+                    }
+
+                    return Math.Max(0L, parsedEpoch - nowEpoch) + 1L;
+                }' />
+
+                <return-response>
+                    <set-status code="429" reason="Too Many Requests" />
+                    <set-header name="Retry-After" exists-action="override">
+                        <value>@(((long)context.Variables["retryAfterSeconds"]).ToString())</value>
+                    </set-header>
+                    <set-header name="X-Backend-Retry" exists-action="override">
+                        <value>@((string)context.Variables["backendRetry"])</value>
+                    </set-header>
+                    <set-header name="Content-Type" exists-action="override">
+                        <value>application/json</value>
+                    </set-header>
+                    <set-body>{"error":"Inference capacity is temporarily unavailable."}</set-body>
+                </return-response>
+            </when>
+            <when condition='@(context.Response != null &amp;&amp; (context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504))'>
+                <return-response>
+                    <set-status code="503" reason="Inference Service Unavailable" />
+                    <set-header name="X-Backend-Retry" exists-action="override">
+                        <value>@((string)context.Variables["backendRetry"])</value>
+                    </set-header>
+                    <set-header name="Content-Type" exists-action="override">
+                        <value>application/json</value>
+                    </set-header>
+                    <set-body>{"error":"Inference service is temporarily unavailable."}</set-body>
+                </return-response>
+            </when>
+        </choose>
+
+        <base />
+    </outbound>
+    <on-error>
+        <set-variable name="backendRetry" value='@(Math.Max(0, context.Variables.GetValueOrDefault&lt;int&gt;("backendAttempt", 0) - 1).ToString())' />
+
+        <!-- Only true APIM processing failures enter on-error; ordinary final HTTP responses are handled in outbound. -->
+        <choose>
+            <when condition='@(context.LastError != null &amp;&amp; (context.LastError.Reason == "BackendConnectionFailure" || context.LastError.Reason == "Timeout"))'>
+                <return-response>
+                    <set-status code="503" reason="Inference Service Unavailable" />
+                    <set-header name="X-Backend-Retry" exists-action="override">
+                        <value>@((string)context.Variables["backendRetry"])</value>
+                    </set-header>
+                    <set-header name="Content-Type" exists-action="override">
+                        <value>application/json</value>
+                    </set-header>
+                    <set-body>{"error":"Inference service is temporarily unavailable."}</set-body>
+                </return-response>
+            </when>
+        </choose>
+
+        <base />
+    </on-error>
+</policies>
diff --git a/samples/inference-failover/apim-policies/inference-api-policy.xml b/samples/inference-failover/apim-policies/inference-api-policy.xml
index 3053bda6..81dba1bd 100644
--- a/samples/inference-failover/apim-policies/inference-api-policy.xml
+++ b/samples/inference-failover/apim-policies/inference-api-policy.xml
@@ -4,9 +4,6 @@
     The notebook replaces BACKEND_POOL_ID and RETRY_COUNT for each model-safe API. Managed identity authentication is applied after pool selection,
     so every selected Azure OpenAI backend receives a bearer token rather than an API key.
 
-    Retry-After values from capacity responses are stored as Unix epoch seconds. The pool-specific cache retains the soonest future recovery instant
-    across attempts so an exhausted pool can return a useful Retry-After value from on-error.
-
     HTTP Response Code handling matrix for Azure OpenAI inference APIs:
 
     Backend  Trip Breaker  Retry      Frontend    Category   Severity  Handling
@@ -18,11 +15,11 @@
     404      No            No         404         Config     Medium    Return unchanged; correct the backend URL or deployment name.
     408      Yes           Yes        200 or 408  Timeout    Medium    Return the explicit HTTP timeout; transport timeouts have no response.
     409      No            Sometimes  200 or 409  Conflict   Medium    Retry only when Retry-After marks the conflict as transient.
-    429      Yes           Yes        200 or 429  Capacity   Medium    Retry another backend; return exhausted capacity with the soonest Retry-After.
+    429      Yes           Yes        200 or 429  Capacity   Medium    Retry another backend; return the final 429 unchanged if all fallbacks are exhausted.
     499      Yes           Yes        200 or 499  Custom     Medium    408s turned into 499 for PTU exhaustion. Retry another backend.
     500      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
     502      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
-    503      Yes           Yes        200/429/503 Infra      High      Return 429 when Retry-After signals capacity; otherwise normalize exhaustion to 503.
+    503      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
     504      Yes           Yes        200 or 503  Infra      High      Retry another eligible backend; normalize an exhausted chain to 503.
     null     No            Yes        200 or 503  Transport  High      Retry after no backend response; normalize handled transport failures to 503.
 -->
@@ -54,29 +51,6 @@
 
             <forward-request buffer-request-body="true" />
 
-            <!-- Look for capacity responses with Retry-After so exhausted fallback can return the soonest backend recovery time. -->
-            <choose>
-                <when condition='@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503) &amp;&amp; context.Response.Headers.ContainsKey("Retry-After"))'>
-                    <cache-lookup-value key="inference-retry-min-BACKEND_POOL_ID" variable-name="cachedRetryEpoch" />
-
-                    <set-variable name="updatedRetryEpoch" value='@{
-                        int seconds;
-                        var retryAfter = context.Response.Headers.GetValueOrDefault("Retry-After", "0");
-                        if (!int.TryParse(retryAfter, out seconds)) { seconds = 0; }
-
-                        var nowEpoch = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
-                        var candidateEpoch = nowEpoch + seconds;
-                        long cachedEpoch;
-                        var cached = context.Variables.ContainsKey("cachedRetryEpoch") ? context.Variables["cachedRetryEpoch"] as string : null;
-                        return (long.TryParse(cached, out cachedEpoch) &amp;&amp; cachedEpoch &gt; nowEpoch &amp;&amp; cachedEpoch &lt; candidateEpoch)
-                            ? cachedEpoch.ToString()
-                            : candidateEpoch.ToString();
-                    }' />
-
-                    <cache-store-value key="inference-retry-min-BACKEND_POOL_ID" value='@((string)context.Variables["updatedRetryEpoch"])' duration="300" />
-                </when>
-            </choose>
-
             <!-- Record one compact event per backend call; gateway fields provide the final response and error details. -->
             <trace source="InferenceFailover" severity="information">
                 <message>@("InferenceAttempt|n=" + ((int)context.Variables["backendAttempt"]).ToString() + "|code=" + (context.Response == null ? "none" : context.Response.StatusCode.ToString()))</message>
@@ -107,50 +81,19 @@
     <on-error>
         <set-variable name="backendRetry" value='@(Math.Max(0, context.Variables.GetValueOrDefault&lt;int&gt;("backendAttempt", 0) - 1).ToString())' />
 
-        <!-- Classify exhausted capacity separately from infrastructure and transport failures so each receives the correct terminal status. -->
-        <choose>
-            <when condition='@(context.Response != null &amp;&amp; (context.Response.StatusCode == 429 || context.Response.StatusCode == 503) &amp;&amp; context.Variables.ContainsKey("updatedRetryEpoch"))'>
-                <set-variable name="retryAfterSeconds" value='@{
-                    var retryEpoch = (string)context.Variables["updatedRetryEpoch"];
-                    long parsedEpoch;
-                    var nowEpoch = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
-                    if (!long.TryParse(retryEpoch, out parsedEpoch) || parsedEpoch &lt;= nowEpoch) { return 1L; }
-
-                    return Math.Max(0L, parsedEpoch - nowEpoch) + 1L;
-                }' />
-
-                <set-variable name="terminalStatus" value='@(429)' />
-            </when>
-
-            <!-- Normalize exhausted HTTP infrastructure responses and backend transport failures through one non-disclosing response. -->
-            <!-- ClientConnectionFailure remains a native APIM error. -->
-            <when condition='@((context.Response != null &amp;&amp; (context.Response.StatusCode == 500 || context.Response.StatusCode == 502 || context.Response.StatusCode == 503 || context.Response.StatusCode == 504)) || (context.LastError != null &amp;&amp; (context.LastError.Reason == "BackendConnectionFailure" || context.LastError.Reason == "Timeout")))'>
-                <set-variable name="terminalStatus" value='@(503)' />
-            </when>
-        </choose>
-
-        <!-- Look for a classified terminal failure before replacing the native APIM error response. -->
+        <!-- Normalize backend transport failures through one non-disclosing response. ClientConnectionFailure remains a native APIM error. -->
         <choose>
-            <when condition='@(context.Variables.ContainsKey("terminalStatus"))'>
-                <!-- Add Retry-After only for exhausted capacity because infrastructure and transport failures have no recovery estimate. -->
-                <choose>
-                    <when condition='@(context.Variables.ContainsKey("retryAfterSeconds"))'>
-                        <set-header name="Retry-After" exists-action="override">
-                            <value>@(((long)context.Variables["retryAfterSeconds"]).ToString())</value>
-                        </set-header>
-                    </when>
-                </choose>
-
-                <set-status code='@((int)context.Variables["terminalStatus"])' reason='@((int)context.Variables["terminalStatus"] == 429 ? "Too Many Requests" : "Inference Service Unavailable")' />
-
-                <set-header name="X-Backend-Retry" exists-action="override">
-                    <value>@((string)context.Variables["backendRetry"])</value>
-                </set-header>
-                <set-header name="Content-Type" exists-action="override">
-                    <value>application/json</value>
-                </set-header>
-
-                <set-body>@((int)context.Variables["terminalStatus"] == 429 ? "{\"error\":\"Inference capacity is temporarily unavailable.\"}" : "{\"error\":\"Inference service is temporarily unavailable.\"}")</set-body>
+            <when condition='@(context.LastError != null &amp;&amp; (context.LastError.Reason == "BackendConnectionFailure" || context.LastError.Reason == "Timeout"))'>
+                <return-response>
+                    <set-status code="503" reason="Inference Service Unavailable" />
+                    <set-header name="X-Backend-Retry" exists-action="override">
+                        <value>@((string)context.Variables["backendRetry"])</value>
+                    </set-header>
+                    <set-header name="Content-Type" exists-action="override">
+                        <value>application/json</value>
+                    </set-header>
+                    <set-body>{"error":"Inference service is temporarily unavailable."}</set-body>
+                </return-response>
             </when>
         </choose>
 
diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index 9bd9d8e7..edd19eab 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -7,7 +7,7 @@
    "source": [
     "# Inference Failover\n",
     "\n",
-    "Deploy two model-safe AI Gateway routes that exercise priority and weighted fallback across regional Azure OpenAI deployments while collecting focused LLM telemetry. See [README.md](README.md) for deployment details and prerequisites."
+    "Deploy two exercised model-safe AI Gateway routes plus an optional retry-tracked comparison route across regional Azure OpenAI deployments while collecting focused LLM telemetry. See [README.md](README.md) for deployment details and prerequisites."
    ]
   },
   {
@@ -18,7 +18,7 @@
     "## What This Sample Does\n",
     "\n",
     "- Deploys nine regional `Standard` Azure OpenAI deployments at one-thousand tokens-per-minute (`1,000 TPM`) for deliberate pressure testing.\n",
-    "- Exposes only `POST /inference/gpt-5-1/chat/completions` and `POST /inference/gpt-4-1-mini/chat/completions`.\n",
+    "- Exposes the tested `POST /inference/gpt-5-1/chat/completions` and `POST /inference/gpt-4-1-mini/chat/completions` routes, plus an optional unexercised `POST /inference/gpt-5-1-retry-tracked/chat/completions` policy variant.\n",
     "- Routes each model through its own APIM backend pool, with managed identity authentication, TLS validation, circuit breaking, and buffered retries.\n",
     "- Captures AOAI request, response, latency, and token telemetry in an Azure Monitor Workbook and in the verification charts below."
    ]
@@ -109,7 +109,7 @@
     "# ------------------------------\n",
     "\n",
     "rg_location = Region.EAST_US_2\n",
-    "index = 120\n",
+    "index = 121\n",
     "apim_sku = APIM_SKU.BASICV2\n",
     "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
     "api_prefix = 'inference'\n",
@@ -157,7 +157,7 @@
    "source": [
     "## Deploy Inference Gateway Resources\n",
     "\n",
-    "Deploy the regional Azure OpenAI constellation, APIM backends and pools, retry fragment, LLM diagnostic wiring, two APIs, AOAI-only workbook, and optional regional Event Hub telemetry stream into the selected infrastructure resource group."
+    "Deploy the regional Azure OpenAI constellation, APIM backends and pools, LLM diagnostic wiring, three APIs, AOAI-only workbook, and optional regional Event Hub telemetry stream into the selected infrastructure resource group. The retry-tracked API is deployed for manual comparison but is not called by this notebook."
    ]
   },
   {
@@ -172,11 +172,24 @@
     "from console import print_ok, print_val\n",
     "\n",
     "policy_template = utils.read_policy_xml('inference-api-policy.xml', sample_name=sample_folder)\n",
+    "retry_tracked_policy_template = utils.read_policy_xml(\n",
+    "    'inference-api-policy-with-retry-tracked.xml',\n",
+    "    sample_name=sample_folder,\n",
+    ")\n",
+    "\n",
     "\n",
+    "def build_inference_policy(\n",
+    "    template: str,\n",
+    "    backend_pool_id: str,\n",
+    "    retry_count: int,\n",
+    "    backend_count: int | None = None,\n",
+    ") -> str:\n",
+    "    \"\"\"Build one model-safe inference API policy from the selected template.\"\"\"\n",
+    "    policy = template.replace('BACKEND_POOL_ID', backend_pool_id).replace('RETRY_COUNT', str(retry_count))\n",
+    "    if backend_count is not None:\n",
+    "        policy = policy.replace('BACKEND_COUNT', str(backend_count))\n",
     "\n",
-    "def build_inference_policy(backend_pool_id: str, retry_count: int) -> str:\n",
-    "    \"\"\"Build one model-safe inference API policy from the sample template.\"\"\"\n",
-    "    return policy_template.replace('BACKEND_POOL_ID', backend_pool_id).replace('RETRY_COUNT', str(retry_count))\n",
+    "    return policy\n",
     "\n",
     "\n",
     "chat_operation = APIOperation(\n",
@@ -191,7 +204,7 @@
     "    'Inference gpt-5.1',\n",
     "    f'{api_prefix}/gpt-5-1',\n",
     "    'Priority and weighted failover for gpt-5.1 deployments.',\n",
-    "    policyXml=build_inference_policy('inference-gpt-5-1-pool', 4),\n",
+    "    policyXml=build_inference_policy(policy_template, 'inference-gpt-5-1-pool', 4),\n",
     "    operations=[chat_operation],\n",
     "    tags=tags,\n",
     "    enableLlmLogging=True,\n",
@@ -201,12 +214,27 @@
     "    'Inference gpt-4.1-mini',\n",
     "    f'{api_prefix}/gpt-4-1-mini',\n",
     "    'Priority and weighted failover for gpt-4.1-mini deployments.',\n",
-    "    policyXml=build_inference_policy('inference-gpt-4-1-mini-pool', 3),\n",
+    "    policyXml=build_inference_policy(policy_template, 'inference-gpt-4-1-mini-pool', 3),\n",
+    "    operations=[chat_operation],\n",
+    "    tags=tags,\n",
+    "    enableLlmLogging=True,\n",
+    ")\n",
+    "gpt_5_1_retry_tracked_api = API(\n",
+    "    'inference-gpt-5-1-retry-tracked',\n",
+    "    'Inference gpt-5.1 Retry Tracked',\n",
+    "    f'{api_prefix}/gpt-5-1-retry-tracked',\n",
+    "    'Optional gpt-5.1 route that tracks the soonest backend recovery time.',\n",
+    "    policyXml=build_inference_policy(\n",
+    "        retry_tracked_policy_template,\n",
+    "        'inference-gpt-5-1-pool',\n",
+    "        4,\n",
+    "        backend_count=5,\n",
+    "    ),\n",
     "    operations=[chat_operation],\n",
     "    tags=tags,\n",
     "    enableLlmLogging=True,\n",
     ")\n",
-    "apis = [gpt_5_1_api, gpt_4_1_mini_api]\n",
+    "apis = [gpt_5_1_api, gpt_4_1_mini_api, gpt_5_1_retry_tracked_api]\n",
     "\n",
     "bicep_parameters = {\n",
     "    'location': {'value': rg_location},\n",
@@ -238,6 +266,7 @@
     "    print_val('Event Hub', event_hub_name)\n",
     "    print_val('Event Hub consumer group', event_hub_consumer_group_name)\n",
     "    print_val('Event Hubs location', event_hub_location)\n",
+    "\n",
     "print_ok('Inference failover deployment completed successfully')"
    ]
   },
diff --git a/samples/inference-failover/inference_failover_helpers.py b/samples/inference-failover/inference_failover_helpers.py
index ab1b92da..72c8fb20 100644
--- a/samples/inference-failover/inference_failover_helpers.py
+++ b/samples/inference-failover/inference_failover_helpers.py
@@ -52,7 +52,7 @@ class InferenceScenarioSummary:
     server_errors: int
     status_code_counts: dict[int, int]
     served_backend_urls: list[str]
-    retry_counts: dict[int, int]
+    retry_counts: dict[int | None, int]
 
 
 @dataclass(frozen=True)
@@ -154,9 +154,10 @@ def run_scenario(self, scenario: InferenceScenario) -> list[dict[str, Any]]:
             )
             response_time = self._clock() - started_at
             backend_url = response.headers.get('X-Backend-URL', 'unknown')
-            backend_retry = parse_backend_retry(response)
+            backend_retry = parse_backend_retry(response, required=response.status_code < 500)
             validate_status(response)
-            print_info(f'Run {run_index}/{scenario.runs}: {response.status_code} via {backend_url}; X-Backend-Retry={backend_retry} ({response_time:.2f}s)')
+            backend_retry_label = backend_retry if backend_retry is not None else 'unknown'
+            print_info(f'Run {run_index}/{scenario.runs}: {response.status_code} via {backend_url}; X-Backend-Retry={backend_retry_label} ({response_time:.2f}s)')
             if 400 <= response.status_code < 600:
                 print_info(f'Captured error response body: {response.text}')
 
@@ -203,11 +204,14 @@ def get_backend_index(backend_url: str, backend_url_index: Mapping[str, int]) ->
     return next((backend_index for marker, backend_index in backend_url_index.items() if marker in backend_url), 99)
 
 
-def parse_backend_retry(response: http_requests.Response) -> int:
-    """Parse and validate the required caller-visible retry count."""
+def parse_backend_retry(response: http_requests.Response, *, required: bool = True) -> int | None:
+    """Parse a caller-visible retry count, optionally allowing missing metadata."""
     retry_header = response.headers.get('X-Backend-Retry')
     if retry_header is None:
-        raise ValueError('Required X-Backend-Retry response header is missing.')
+        if required:
+            raise ValueError('Required X-Backend-Retry response header is missing.')
+
+        return None
 
     try:
         backend_retry = int(retry_header)
@@ -231,7 +235,7 @@ def validate_status(response: http_requests.Response) -> None:
 def summarize_scenario(results: list[dict[str, Any]]) -> InferenceScenarioSummary:
     """Summarize status, retry, and successful backend outcomes."""
     status_code_counts: dict[int, int] = {}
-    retry_counts: dict[int, int] = {}
+    retry_counts: dict[int | None, int] = {}
     for result in results:
         status_code = result['status_code']
         backend_retry = result['backend_retry']
@@ -244,7 +248,7 @@ def summarize_scenario(results: list[dict[str, Any]]) -> InferenceScenarioSummar
         server_errors=sum(1 for result in results if 500 <= result['status_code'] < 600),
         status_code_counts=dict(sorted(status_code_counts.items())),
         served_backend_urls=sorted({result['backend_url'] for result in results if result['status_code'] == 200 and result['backend_url'] != 'unknown'}),
-        retry_counts=dict(sorted(retry_counts.items())),
+        retry_counts=dict(sorted(retry_counts.items(), key=lambda item: (item[0] is None, item[0] if item[0] is not None else 0))),
     )
 
 
@@ -330,6 +334,8 @@ def build_scenario_report_row(
 
     status_counts = Counter(result['status_code'] for result in api_results)
     retry_counts = Counter(result['backend_retry'] for result in api_results)
+    unknown_retry_count = retry_counts.get(None, 0)
+    known_retry_counts = {retry_count: count for retry_count, count in retry_counts.items() if retry_count is not None}
     backend_indexes = [get_backend_index(result['backend_url'], backend_url_index) for result in api_results]
     priority_weight_counts = Counter(get_priority_and_weight(index, backend_labels) for index in backend_indexes if index in backend_labels)
     priority_counts: Counter = Counter()
@@ -342,13 +348,16 @@ def build_scenario_report_row(
     routed_beyond_primary = sum(count for priority, count in priority_counts.items() if priority > 1)
     non_200_responses = total_requests - status_counts.get(200, 0)
     caller_succeeded = not non_200_responses
-    retried_requests = sum(count for retry_count, count in retry_counts.items() if retry_count > 0)
-    backend_retries_absorbed = sum(retry_count * count for retry_count, count in retry_counts.items())
+    retried_requests = sum(count for retry_count, count in known_retry_counts.items() if retry_count > 0)
+    backend_retries_absorbed = sum(retry_count * count for retry_count, count in known_retry_counts.items())
     caller_visible_failures = non_200_responses
     observed_backend_failures = backend_retries_absorbed + caller_visible_failures
     terminal_503_responses = status_counts.get(503, 0)
     priority_mix = '\n'.join(f'P{priority}: {", ".join(weight_mix)}' for priority, weight_mix in sorted(weights_by_priority.items()))
-    retry_mix = '\n'.join(f'{retry_count}: {count} ({count / total_requests:.1%})' for retry_count, count in sorted(retry_counts.items()) if retry_count > 0) or 'None'
+    retry_mix_lines = [f'{retry_count}: {count} ({count / total_requests:.1%})' for retry_count, count in sorted(known_retry_counts.items()) if retry_count > 0]
+    if unknown_retry_count:
+        retry_mix_lines.append(f'Unknown: {unknown_retry_count} ({unknown_retry_count / total_requests:.1%})')
+    retry_mix = '\n'.join(retry_mix_lines) or 'None'
     if unresolved_requests:
         unresolved_mix = f'No resolved backend: {unresolved_requests} ({unresolved_requests / total_requests:.1%})'
         priority_mix = f'{priority_mix}\n{unresolved_mix}' if priority_mix else unresolved_mix
@@ -358,8 +367,10 @@ def build_scenario_report_row(
         observations.append(f'{non_200_responses}/{total_requests} ({non_200_responses / total_requests:.1%}) caller-visible non-200 responses')
     else:
         observations.append('All requests returned HTTP 200')
-    if backend_retries_absorbed:
+    if retried_requests:
         observations.append(f'{retried_requests}/{total_requests} returned after a retry')
+    elif unknown_retry_count:
+        observations.append('retry metadata was unavailable for one or more 5xx responses')
     else:
         observations.append('all responses returned without a backend retry')
     if routed_beyond_primary:
@@ -370,11 +381,14 @@ def build_scenario_report_row(
         observations.append(f'Deepest routed tier: P{max(priority_counts)}')
     if unresolved_requests:
         observations.append(f'{unresolved_requests} calls returned no resolved backend, consistent with exhausted or rejected routing')
-    observations.append(f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers')
-    if observed_backend_failures:
+    if unknown_retry_count:
+        observations.append(f'APIM reported {backend_retries_absorbed} confirmed backend retries; {unknown_retry_count} responses did not expose X-Backend-Retry')
+    else:
+        observations.append(f'APIM absorbed {backend_retries_absorbed} backend failures and sent {caller_visible_failures} failures to callers')
+    if observed_backend_failures and not unknown_retry_count:
         shielded_percentage = backend_retries_absorbed / observed_backend_failures * 100
         observations.append(f'APIM prevented {shielded_percentage:.1f}% of observed failed backend attempts from reaching callers')
-    else:
+    elif not unknown_retry_count:
         observations.append('APIM shielding percentage is not applicable because no backend failures occurred')
     if terminal_503_responses:
         observations.append(f'{terminal_503_responses} caller-visible HTTP 503 responses followed eligible-capacity exhaustion in the low-TPM pool')
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index 73343592..a65e5172 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -12,6 +12,7 @@
 DIAGNOSTICS_BICEP_PATH = Path(__file__).resolve().parents[2] / 'shared' / 'bicep' / 'modules' / 'apim' / 'v1' / 'diagnostics.bicep'
 NOTEBOOK_PATH = SAMPLE_PATH / 'create.ipynb'
 POLICY_PATH = SAMPLE_PATH / 'apim-policies' / 'inference-api-policy.xml'
+RETRY_TRACKED_POLICY_PATH = SAMPLE_PATH / 'apim-policies' / 'inference-api-policy-with-retry-tracked.xml'
 README_PATH = SAMPLE_PATH / 'README.md'
 WORKBOOK_PATH = SAMPLE_PATH / 'inference-failover.workbook.json'
 WORKBOOK_UPDATE_PATH = SAMPLE_PATH / 'update-workbook.ps1'
@@ -267,11 +268,15 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
     assert [policy.tag for policy in backend] == ['retry']
     retry = backend.find('retry')
     assert retry is not None
+    outbound_retry_header = policy_root.find("outbound/set-header[@name='X-Backend-Retry']")
+    terminal_response = policy_root.find('outbound/choose/when/return-response')
+    transport_response = policy_root.find('on-error/choose/when/return-response')
     retry_condition = retry.attrib['condition']
     terminal_condition = policy_root.find('outbound/choose/when').attrib['condition']
-    on_error_conditions = [branch.attrib['condition'] for branch in policy_root.findall('on-error/choose/when')]
-    capacity_condition = next(condition for condition in on_error_conditions if 'updatedRetryEpoch' in condition)
-    generic_failure_condition = next(condition for condition in on_error_conditions if 'BackendConnectionFailure' in condition)
+    generic_failure_condition = policy_root.find('on-error/choose/when').attrib['condition']
+    assert outbound_retry_header is not None
+    assert terminal_response is not None
+    assert transport_response is not None
     assert 'count="RETRY_COUNT"' in api_policy
     assert 'api-key' not in api_policy
     assert all(f'StatusCode == {status_code}' in retry_condition for status_code in (408, 409, 429, 499, 500, 502, 503, 504))
@@ -279,11 +284,9 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
     assert all(f'StatusCode == {status_code}' in terminal_condition for status_code in (500, 502, 503, 504))
     assert all(f'StatusCode == {status_code}' not in terminal_condition for status_code in (408, 409, 429, 499))
     assert 'context.Response == null' in retry_condition
-    assert all(f'StatusCode == {status_code}' in generic_failure_condition for status_code in (500, 502, 503, 504))
     assert 'BackendConnectionFailure' in generic_failure_condition
     assert 'Timeout' in generic_failure_condition
     assert 'ClientConnectionFailure' not in generic_failure_condition
-    assert all(f'StatusCode == {status_code}' in capacity_condition for status_code in (429, 503))
     assert retry.attrib['interval'] == '0'
     assert 'interval="1"' not in api_policy
     assert 'buffer-request-body="true"' in api_policy
@@ -298,64 +301,78 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
     assert 'InferenceGatewayResponse' not in api_policy
     assert api_policy.count('<trace source="InferenceFailover"') == 1
     assert '<metadata ' not in api_policy
-    assert api_policy.count('<set-header name="X-Backend-Retry" exists-action="override">') == 2
     assert api_policy.count('<set-variable name="backendRetry"') == 2
-    assert api_policy.count('@((string)context.Variables["backendRetry"])') == 2
+    assert terminal_response.find("set-header[@name='X-Backend-Retry']") is None
+    transport_retry_header = transport_response.find("set-header[@name='X-Backend-Retry']")
+    assert transport_retry_header is not None
+    assert transport_retry_header.findtext('value') == '@((string)context.Variables["backendRetry"])'
     assert '<set-variable name="willRetry"' not in api_policy
+    assert 'cache-lookup-value' not in api_policy
+    assert 'cache-store-value' not in api_policy
+    assert 'updatedRetryEpoch' not in api_policy
+    assert 'retryAfterSeconds' not in api_policy
+    assert 'Inference capacity is temporarily unavailable.' not in api_policy
     assert api_policy.index('name="backendAttempt"') < api_policy.index('<authentication-managed-identity')
     assert not (SAMPLE_PATH / 'inference-api-policy.xml').exists()
 
 
-def test_inference_policy_tracks_soonest_retry_after_and_returns_capacity_from_on_error() -> None:
-    """Keep exhausted capacity responses aligned with the earliest backend recovery time."""
-    api_policy = POLICY_PATH.read_text(encoding='utf-8')
+def test_inference_retry_tracked_policy_requires_all_backends_and_finalizes_in_outbound() -> None:
+    """Keep the optional tracked route strict and outside the APIM on-error path."""
+    api_policy = RETRY_TRACKED_POLICY_PATH.read_text(encoding='utf-8')
     policy_root = ElementTree.fromstring(api_policy)
     retry = policy_root.find('backend/retry')
+    outbound = policy_root.find('outbound')
     on_error = policy_root.find('on-error')
 
     assert retry is not None
+    assert outbound is not None
     assert on_error is not None
     retry_tracking_condition = retry.find('choose/when').attrib['condition']
-    capacity_branch = next(branch for branch in on_error.findall('choose/when') if 'updatedRetryEpoch' in branch.attrib['condition'])
-    response_branch = next(branch for branch in on_error.findall('choose/when') if 'terminalStatus' in branch.attrib['condition'])
+    capacity_branch, infrastructure_branch = outbound.findall('choose/when')
 
-    assert all(f'StatusCode == {status_code}' in retry_tracking_condition for status_code in (429, 503))
-    assert 'Headers.ContainsKey("Retry-After")' in retry_tracking_condition
+    assert 'StatusCode == 429' in retry_tracking_condition
+    assert 'StatusCode == 503' not in retry_tracking_condition
+    assert 'Headers.ContainsKey("Retry-After")' in api_policy
     assert api_policy.count('key="inference-retry-min-BACKEND_POOL_ID"') == 2
+    assert 'currentEpoch &gt; nowEpoch &amp;&amp; currentEpoch &lt; candidateEpoch' in api_policy
     assert 'cachedEpoch &gt; nowEpoch &amp;&amp; cachedEpoch &lt; candidateEpoch' in api_policy
     assert 'parsedEpoch &lt;= nowEpoch' in api_policy
     assert 'Math.Max(0L, parsedEpoch - nowEpoch) + 1L' in api_policy
-    assert capacity_branch.find("set-variable[@name='terminalStatus']").attrib['value'] == '@(429)'
-    assert response_branch.find('set-status').attrib == {
-        'code': '@((int)context.Variables["terminalStatus"])',
-        'reason': '@((int)context.Variables["terminalStatus"] == 429 ? "Too Many Requests" : "Inference Service Unavailable")',
-    }
-    assert on_error.findall('.//return-response') == []
+    assert 'context.Response.StatusCode == 429' in capacity_branch.attrib['condition']
+    assert 'backendAttempt", 0) == BACKEND_COUNT' in capacity_branch.attrib['condition']
+    assert 'backend429Attempt", 0) == BACKEND_COUNT' in capacity_branch.attrib['condition']
+    assert capacity_branch.find('return-response/set-status').attrib == {'code': '429', 'reason': 'Too Many Requests'}
+    assert all(f'StatusCode == {status_code}' in infrastructure_branch.attrib['condition'] for status_code in (500, 502, 503, 504))
+    assert infrastructure_branch.find('return-response/set-status').attrib == {'code': '503', 'reason': 'Inference Service Unavailable'}
+    for branch in (capacity_branch, infrastructure_branch):
+        retry_header = branch.find("return-response/set-header[@name='X-Backend-Retry']")
+        assert retry_header is not None
+        assert retry_header.findtext('value') == '@((string)context.Variables["backendRetry"])'
     assert on_error.findall('.//trace') == []
     assert len(on_error.findall('.//set-status')) == 1
     assert len(on_error.findall(".//set-header[@name='X-Backend-Retry']")) == 1
     assert len(on_error.findall(".//set-header[@name='Content-Type']")) == 1
     assert len(on_error.findall('.//set-body')) == 1
-    retry_after_header = response_branch.find("choose/when/set-header[@name='Retry-After']")
+    retry_after_header = capacity_branch.find("return-response/set-header[@name='Retry-After']")
     assert retry_after_header is not None
     assert retry_after_header.find('value') is not None
     assert 'Inference capacity is temporarily unavailable.' in api_policy
     assert 'GetValueOrDefault&lt;int&gt;("backendAttempt", 0)' in api_policy
-    assert 'capacityRetryAfterObserved' not in api_policy
-    assert 'context.Variables.ContainsKey("updatedRetryEpoch")' in api_policy
-    assert 'terminalReason' not in api_policy
-    assert 'terminalBody' not in api_policy
-    assert 'terminalEvent' not in api_policy
+    assert 'GetValueOrDefault&lt;int&gt;("backend429Attempt", 0)' in api_policy
+    assert 'context.LastError.Reason == "BackendConnectionFailure"' in api_policy
+    assert 'context.LastError.Reason == "Timeout"' in api_policy
+    assert 'context.Response.StatusCode == 429' not in on_error.find('choose/when').attrib['condition']
     assert '&quot;' not in api_policy
 
 
 def test_inference_policy_uses_exact_managed_identity_resource() -> None:
     """Require the exact Cognitive Services resource in the parsed policy structure."""
-    policy_root = ElementTree.fromstring(POLICY_PATH.read_text(encoding='utf-8'))
-    managed_identity = policy_root.find('inbound/authentication-managed-identity')
+    for policy_path in (POLICY_PATH, RETRY_TRACKED_POLICY_PATH):
+        policy_root = ElementTree.fromstring(policy_path.read_text(encoding='utf-8'))
+        managed_identity = policy_root.find('inbound/authentication-managed-identity')
 
-    assert managed_identity is not None
-    assert managed_identity.attrib['resource'] == 'https://cognitiveservices.azure.com'
+        assert managed_identity is not None
+        assert managed_identity.attrib['resource'] == 'https://cognitiveservices.azure.com'
 
 
 def test_inference_policy_decisions_cover_every_documented_status() -> None:
@@ -401,11 +418,11 @@ def test_inference_readme_documents_exact_response_handling_matrix() -> None:
         '| 404 | No | No | 404 | Config | Medium | Return unchanged; correct the backend URL or deployment name. |',
         ('| 408 | Yes | Yes | 200 or 408 | Timeout | Medium | Retry another backend; return the explicit HTTP timeout if the fallback chain is exhausted. |'),
         '| 409 | No | Sometimes | 200 or 409 | Conflict | Medium | Retry only when `Retry-After` marks the conflict as transient. |',
-        ('| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Retry another eligible backend; return exhausted capacity with the soonest `Retry-After`. |'),
+        ('| 429 | Yes | Yes | 200 or 429 | Capacity | Medium | Retry another eligible backend; return the final `429` unchanged if all fallbacks are exhausted. |'),
         ('| 499 | Yes | Yes | 200 or 499 | Custom | Medium | Retry another backend when PTU exhaustion is represented by a transformed `408`. |'),
         '| 500 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
         '| 502 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
-        ('| 503 | Yes | Yes | 200, 429, or 503 | Infra | High | Retry another backend; return `429` when `Retry-After` identifies capacity, otherwise normalize exhaustion to `503`. |'),
+        '| 503 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
         '| 504 | Yes | Yes | 200 or 503 | Infra | High | Retry another eligible backend; normalize an exhausted chain to `503`. |',
         ('| null | No | Yes | 200 or 503 | Transport | High | Retry after no backend response; normalize handled transport failures to `503`. |'),
     ]
@@ -418,6 +435,8 @@ def test_inference_readme_documents_exact_response_handling_matrix() -> None:
     assert '`409` without `Retry-After`' in readme
     assert '`409` with `Retry-After`' in readme
     assert '`curl --max-time 1`' in readme
+    assert '`POST /inference/gpt-5-1-retry-tracked/chat/completions`' in readme
+    assert 'returns a rewritten `429` only when all five gpt-5.1 backends return `429`' in readme
 
 
 def test_inference_readme_defines_load_balancer_source_of_truth() -> None:
@@ -526,6 +545,15 @@ def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
     assert 'enable_event_hub_export = False' in code_source
     assert "'enableEventHubExport': {'value': enable_event_hub_export}" in code_source
     assert "output.get('eventHubNamespaceId', 'Event Hubs namespace ID')" in code_source
+    retry_tracked_cells = [''.join(cell['source']) for cell in code_cells if 'inference-gpt-5-1-retry-tracked' in ''.join(cell['source'])]
+    assert len(retry_tracked_cells) == 1
+    assert "utils.read_policy_xml(\n    'inference-api-policy-with-retry-tracked.xml'" in retry_tracked_cells[0]
+    assert "'inference-gpt-5-1-pool',\n        4,\n        backend_count=5" in retry_tracked_cells[0]
+    assert 'gpt_5_1_retry_tracked_api' in retry_tracked_cells[0]
+    non_deployment_source = code_source.replace(retry_tracked_cells[0], '')
+    assert 'inference-gpt-5-1-retry-tracked' not in non_deployment_source
+    assert "required_api_names = ['inference-gpt-5-1', 'inference-gpt-4-1-mini']" in non_deployment_source
+    assert "let apiIds = dynamic(['inference-gpt-5-1', 'inference-gpt-4-1-mini'])" in non_deployment_source
     assert "importlib.import_module('inference_failover_helpers')" in code_source
     assert "utils.enable_module_autoreload('inference_failover_helpers')" in code_source
     assert 'inference_failover_helpers.InferenceTrafficRunner(' in code_source
diff --git a/tests/python/test_inference_failover_helpers.py b/tests/python/test_inference_failover_helpers.py
index 0ff1383a..437097f6 100644
--- a/tests/python/test_inference_failover_helpers.py
+++ b/tests/python/test_inference_failover_helpers.py
@@ -80,7 +80,7 @@ def test_run_scenario_normalizes_success_and_preserves_model_response():
 def test_run_scenario_keeps_error_body_and_skips_final_sleep():
     responses = [
         _response(429, headers={'X-Backend-Retry': '1'}, text='limited'),
-        _response(503, headers={'X-Backend-Retry': '2'}, text='unavailable'),
+        _response(503, headers={'Content-Type': 'application/json'}, text='unavailable'),
     ]
     sleep = MagicMock()
     clock = MagicMock(side_effect=[1.0, 1.1, 2.0, 2.2])
@@ -90,6 +90,7 @@ def test_run_scenario_keeps_error_body_and_skips_final_sleep():
     results = runner.run_scenario(scenario)
 
     assert [result['response'] for result in results] == ['limited', 'unavailable']
+    assert [result['backend_retry'] for result in results] == [1, None]
     sleep.assert_called_once_with(1.5)
 
 
@@ -107,6 +108,7 @@ def test_run_scenario_rejects_invalid_configuration(runs, sleep_ms, message):
 def test_retry_and_status_validation_reject_malformed_responses():
     with pytest.raises(ValueError, match='missing'):
         parse_backend_retry(_response(headers={'Other': 'value'}))
+    assert parse_backend_retry(_response(503, headers={'Other': 'value'}), required=False) is None
     with pytest.raises(ValueError, match='Invalid X-Backend-Retry'):
         parse_backend_retry(_response(headers={'X-Backend-Retry': 'later'}))
     with pytest.raises(ValueError, match='negative'):
@@ -187,7 +189,7 @@ def test_summary_and_backend_formatting_cover_success_errors_and_unknown_urls():
     results = [
         {'status_code': 200, 'backend_retry': 0, 'backend_url': 'https://backend-a'},
         {'status_code': 429, 'backend_retry': 1, 'backend_url': 'unknown'},
-        {'status_code': 503, 'backend_retry': 2, 'backend_url': 'unknown'},
+        {'status_code': 503, 'backend_retry': None, 'backend_url': 'unknown'},
     ]
 
     summary = summarize_scenario(results)
@@ -196,7 +198,7 @@ def test_summary_and_backend_formatting_cover_success_errors_and_unknown_urls():
     assert summary.client_errors == 1
     assert summary.server_errors == 1
     assert summary.status_code_counts == {200: 1, 429: 1, 503: 1}
-    assert summary.retry_counts == {0: 1, 1: 1, 2: 1}
+    assert summary.retry_counts == {0: 1, 1: 1, None: 1}
     assert summary.served_backend_urls == ['https://backend-a']
     assert get_backend_index('https://backend-a', {'backend-a': 3}) == 3
     assert get_backend_index('https://other', {'backend-a': 3}) == 99
@@ -347,6 +349,19 @@ def test_build_scenario_report_row_reports_failover_retries_and_terminal_503():
     assert 'APIM prevented 80.0%' in observations
 
 
+@pytest.mark.unit
+def test_build_scenario_report_row_marks_missing_5xx_retry_metadata_unknown():
+    results = [{'status_code': 503, 'backend_retry': None, 'backend_url': 'unknown'}]
+
+    row = build_scenario_report_row('A-3', 'Infrastructure Exhausted', results, {}, {})
+
+    assert row[6] == HtmlText('Unknown: 1 (100.0%)', preserve_line_breaks=True)
+    observations = '\n'.join(row[8].items)
+    assert 'retry metadata was unavailable' in observations
+    assert 'did not expose X-Backend-Retry' in observations
+    assert 'APIM prevented' not in observations
+
+
 @pytest.mark.unit
 def test_build_scenario_report_row_reports_unresolved_non_503_failure():
     results = [{'status_code': 429, 'backend_retry': 0, 'backend_url': 'unknown'}]

From a299e1f10924c475c565a1d6e630209adc289257 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Mon, 15 Jun 2026 16:29:20 -0400
Subject: [PATCH 25/31] Clean-up improvements

---
 shared/python/infrastructures.py     | 28 ++++++++++++----
 tests/python/test_infrastructures.py | 48 +++++++++++++++++++++++++++-
 2 files changed, 68 insertions(+), 8 deletions(-)

diff --git a/shared/python/infrastructures.py b/shared/python/infrastructures.py
index dddac90a..1948051e 100644
--- a/shared/python/infrastructures.py
+++ b/shared/python/infrastructures.py
@@ -1195,6 +1195,11 @@ def deploy_infrastructure(self, is_update: bool = False) -> utils.Output:
 # ------------------------------
 
 
+def _is_apim_service_not_found(output_text: str) -> bool:
+    """Return whether Azure reports that an APIM service does not exist."""
+    return 'servicenotfound' in output_text.casefold()
+
+
 def _cleanup_single_resource(resource: dict) -> tuple[bool, str]:
     """
     Delete and purge a single Azure resource (worker function for parallel cleanup).
@@ -1229,15 +1234,24 @@ def _cleanup_single_resource(resource: dict) -> tuple[bool, str]:
         else:
             return False, f'Unknown resource type: {resource_type}'
 
-        # Execute delete
-        output = az.run(delete_cmd, f"{resource_type} '{resource_name}' deleted", f"Failed to delete {resource_type} '{resource_name}'")
-        if not output.success:
+        # APIM cleanup is idempotent: a missing live service may still have a soft-deleted service to purge.
+        delete_error_message = '' if resource_type == 'apim' else f"Failed to delete {resource_type} '{resource_name}'"
+        delete_retries = 0 if resource_type == 'apim' else 1
+        output = az.run(delete_cmd, f"{resource_type} '{resource_name}' deleted", delete_error_message, retries=delete_retries)
+        apim_service_missing = resource_type == 'apim' and _is_apim_service_not_found(output.text)
+        if not output.success and not apim_service_missing:
             return False, f'Delete failed for {resource_name}'
-
-        # Execute purge
-        output = az.run(purge_cmd, f"{resource_type} '{resource_name}' purged", f"Failed to purge {resource_type} '{resource_name}'")
-        if not output.success:
+        if apim_service_missing:
+            print_info(f"APIM service '{resource_name}' does not exist; checking for a soft-deleted service to purge.")
+
+        purge_error_message = '' if resource_type == 'apim' else f"Failed to purge {resource_type} '{resource_name}'"
+        purge_retries = 0 if resource_type == 'apim' else 1
+        output = az.run(purge_cmd, f"{resource_type} '{resource_name}' purged", purge_error_message, retries=purge_retries)
+        apim_deleted_service_missing = resource_type == 'apim' and _is_apim_service_not_found(output.text)
+        if not output.success and not apim_deleted_service_missing:
             return False, f'Purge failed for {resource_name}'
+        if apim_deleted_service_missing:
+            print_info(f"Soft-deleted APIM service '{resource_name}' does not exist; nothing to purge.")
 
         return True, ''
 
diff --git a/tests/python/test_infrastructures.py b/tests/python/test_infrastructures.py
index 0b58eb05..5b60c6cf 100644
--- a/tests/python/test_infrastructures.py
+++ b/tests/python/test_infrastructures.py
@@ -2016,7 +2016,7 @@ def test_infrastructure_concrete_class_sku_inheritance():
 def test_cleanup_single_resource_exception_handling(monkeypatch):
     """Test _cleanup_single_resource exception handling."""
 
-    def mock_run(command, ok_message=None, error_message=None):
+    def mock_run(command, ok_message=None, error_message=None, **kwargs):
         raise RuntimeError('Test exception')
 
     monkeypatch.setattr(infrastructures.az, 'run', mock_run)
@@ -4491,6 +4491,52 @@ def test_cleanup_single_resource_purge_failure(mock_utils, mock_az):
     assert 'Purge failed' in error_msg
 
 
+@pytest.mark.unit
+def test_cleanup_single_resource_apim_missing_live_service_still_purges(mock_utils, mock_az):
+    """Test APIM cleanup checks for a soft-deleted service when the live service is absent."""
+    mock_az.run.side_effect = [
+        Output(False, '(ServiceNotFound) Api service does not exist: test-apim'),
+        Output(True, ''),
+    ]
+
+    success, error_msg = infrastructures._cleanup_single_resource(
+        {'type': 'apim', 'name': 'test-apim', 'location': 'eastus', 'rg_name': 'test-rg'}
+    )
+
+    assert success is True
+    assert not error_msg
+    assert mock_az.run.call_count == 2
+    assert 'az apim deletedservice purge' in mock_az.run.call_args_list[1].args[0]
+
+
+@pytest.mark.unit
+def test_cleanup_single_resource_apim_missing_live_and_deleted_services_succeeds(mock_utils, mock_az):
+    """Test APIM cleanup succeeds when neither the live nor soft-deleted service exists."""
+    service_not_found = '(ServiceNotFound) Api service does not exist: test-apim'
+    mock_az.run.side_effect = [Output(False, service_not_found), Output(False, service_not_found)]
+
+    success, error_msg = infrastructures._cleanup_single_resource(
+        {'type': 'apim', 'name': 'test-apim', 'location': 'eastus', 'rg_name': 'test-rg'}
+    )
+
+    assert success is True
+    assert not error_msg
+    assert mock_az.run.call_count == 2
+
+
+@pytest.mark.unit
+def test_cleanup_single_resource_apim_other_purge_failure_fails(mock_utils, mock_az):
+    """Test APIM cleanup preserves purge failures unrelated to a missing service."""
+    mock_az.run.side_effect = [Output(True, ''), Output(False, '(AuthorizationFailed) Access denied')]
+
+    success, error_msg = infrastructures._cleanup_single_resource(
+        {'type': 'apim', 'name': 'test-apim', 'location': 'eastus', 'rg_name': 'test-rg'}
+    )
+
+    assert success is False
+    assert 'Purge failed' in error_msg
+
+
 @pytest.mark.unit
 def test_cleanup_resources_parallel_empty_list(mock_utils):
     """Test _cleanup_resources_parallel with empty resource list."""

From 65808c1aaa017ecf7af9d9da594095c38cb560f6 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Mon, 15 Jun 2026 16:33:27 -0400
Subject: [PATCH 26/31] Update tests

---
 shared/python/infrastructures.py     | 69 +++++++-------------------
 tests/python/test_infrastructures.py | 72 +++++++---------------------
 2 files changed, 34 insertions(+), 107 deletions(-)

diff --git a/shared/python/infrastructures.py b/shared/python/infrastructures.py
index 1948051e..899cf691 100644
--- a/shared/python/infrastructures.py
+++ b/shared/python/infrastructures.py
@@ -104,10 +104,7 @@ def _approve_private_link_connections(self, apim_service_id: str) -> bool:
 
         try:
             # Get all pending private endpoint connections
-            output = az.run(
-                f'az network private-endpoint-connection list --id {apim_service_id}'
-                f' --query "[?contains(properties.privateLinkServiceConnectionState.status, \'Pending\')]" -o json'
-            )
+            output = az.run(f'az network private-endpoint-connection list --id {apim_service_id} --query "[?contains(properties.privateLinkServiceConnectionState.status, \'Pending\')]" -o json')
 
             if not output.success:
                 print_error('Failed to retrieve private endpoint connections')
@@ -155,10 +152,7 @@ def _create_keyvault(self, key_vault_name: str) -> bool:
         if not check_kv.success:
             # Create Key Vault via Azure CLI with RBAC authorization (consistent with Bicep module)
             print_plain(f'Creating Key Vault: {key_vault_name}')
-            create_kv = az.run(
-                f'az keyvault create --name {key_vault_name} --resource-group {self.rg_name}'
-                f' --location {self.rg_location} --enable-rbac-authorization true'
-            )
+            create_kv = az.run(f'az keyvault create --name {key_vault_name} --resource-group {self.rg_name} --location {self.rg_location} --enable-rbac-authorization true')
 
             if not create_kv.success:
                 print_error(f'Failed to create Key Vault: {key_vault_name}')
@@ -178,10 +172,7 @@ def _create_keyvault(self, key_vault_name: str) -> bool:
                 f'/providers/Microsoft.KeyVault/vaults/{key_vault_name}'
             )
             if not assign_kv_role.success:
-                print_error(
-                    'Failed to assign Key Vault Certificates Officer role to current user.\n'
-                    'This is an RBAC permission issue - verify your account has sufficient permissions.'
-                )
+                print_error('Failed to assign Key Vault Certificates Officer role to current user.\nThis is an RBAC permission issue - verify your account has sufficient permissions.')
                 return False
 
             print_ok('Assigned Key Vault Certificates Officer role to current user')
@@ -306,8 +297,7 @@ def _disable_apim_public_access(self) -> bool:
                 # Run the second deployment
                 main_bicep_path = infra_dir / 'main.bicep'
                 output = az.run(
-                    f'az deployment group create --name {self.infra.value}-lockdown --resource-group {self.rg_name}'
-                    f' --template-file "{main_bicep_path}" --parameters "{params_file_path}" --query "properties.outputs"',
+                    f'az deployment group create --name {self.infra.value}-lockdown --resource-group {self.rg_name} --template-file "{main_bicep_path}" --parameters "{params_file_path}" --query "properties.outputs"',
                     'Public access disabled successfully',
                     'Failed to disable public access',
                     timeout=1800,
@@ -502,8 +492,7 @@ def deploy_infrastructure(self, is_update: bool = False) -> utils.Output:
             # Run the deployment directly
             main_bicep_path = infra_dir / 'main.bicep'
             output = az.run(
-                f'az deployment group create --name {self.infra.value} --resource-group {self.rg_name}'
-                f' --template-file "{main_bicep_path}" --parameters "{params_file_path}" --query "properties.outputs"',
+                f'az deployment group create --name {self.infra.value} --resource-group {self.rg_name} --template-file "{main_bicep_path}" --parameters "{params_file_path}" --query "properties.outputs"',
                 f"Deployment '{self.infra.value}' succeeded",
                 utils.get_deployment_failure_message(self.infra.value),
                 timeout=1800,
@@ -819,10 +808,7 @@ def _keyvault_certificate_endpoint_reachable(self, key_vault_name: str) -> bool:
             print_ok('Key Vault certificate endpoint is reachable')
             return True
 
-        print_warning(
-            'Unable to reach the Key Vault certificate endpoint from the current environment. '
-            'This can be expected when the Key Vault only allows private access.'
-        )
+        print_warning('Unable to reach the Key Vault certificate endpoint from the current environment. This can be expected when the Key Vault only allows private access.')
         return False
 
     def _has_existing_infrastructure_deployment(self) -> bool:
@@ -893,8 +879,7 @@ def _prepare_keyvault_certificate(self, key_vault_name: str) -> bool:
                 return True
 
             print_error(
-                'The Key Vault already exists but its certificate endpoint is not reachable from the current environment. '
-                'No previous infrastructure deployment was found, so certificate creation cannot continue.'
+                'The Key Vault already exists but its certificate endpoint is not reachable from the current environment. No previous infrastructure deployment was found, so certificate creation cannot continue.'
             )
             self._last_keyvault_preparation_error = 'Failed to access Key Vault certificate endpoint'
             return False
@@ -1181,10 +1166,7 @@ def deploy_infrastructure(self, is_update: bool = False) -> utils.Output:
         print_info('Traffic flow: Internet → Application Gateway → APIM (VNet Internal)')
 
         print_plain('\n\n🧪 TESTING\n')
-        print_plain(
-            'Using a self-signed certificate; test using curl with Host header against the'
-            ' App Gateway public IP. A 200 from the APIM health endpoint indicates success.'
-        )
+        print_plain('Using a self-signed certificate; test using curl with Host header against the App Gateway public IP. A 200 from the APIM health endpoint indicates success.')
         print_command(f'curl -v -k -H "Host: {self.appgw_domain_name}" https://{self.appgw_public_ip}/status-0123456789abcdef')
 
         return output
@@ -1431,15 +1413,11 @@ def _cleanup_resources(deployment_name: str, rg_name: str) -> None:
         resources_to_cleanup = []
 
         # List CognitiveService accounts
-        output = az.run(
-            f'az cognitiveservices account list -g {rg_name}', 'Listed CognitiveService accounts', 'Failed to list CognitiveService accounts'
-        )
+        output = az.run(f'az cognitiveservices account list -g {rg_name}', 'Listed CognitiveService accounts', 'Failed to list CognitiveService accounts')
 
         if output.success and output.json_data:
             for resource in output.json_data:
-                resources_to_cleanup.append(
-                    {'type': 'cognitiveservices', 'name': resource['name'], 'location': resource['location'], 'rg_name': rg_name}
-                )
+                resources_to_cleanup.append({'type': 'cognitiveservices', 'name': resource['name'], 'location': resource['location'], 'rg_name': rg_name})
 
         # List APIM resources
         output = az.run(f'az apim list -g {rg_name}', 'Listed APIM resources', 'Failed to list APIM resources')
@@ -1536,23 +1514,17 @@ def _cleanup_resources_with_thread_safe_printing(deployment_name: str, rg_name:
             _print_log(f'{thread_prefix}Resource group : {rg_name}', '👉 ', thread_color)
 
         # Show the deployment details
-        output = az.run(
-            f'az deployment group show --name {deployment_name} -g {rg_name} -o json', 'Deployment retrieved', 'Failed to retrieve the deployment'
-        )
+        output = az.run(f'az deployment group show --name {deployment_name} -g {rg_name} -o json', 'Deployment retrieved', 'Failed to retrieve the deployment')
 
         # Collect all resources that need to be deleted and purged
         resources_to_cleanup = []
 
         # List CognitiveService accounts
-        output = az.run(
-            f'az cognitiveservices account list -g {rg_name}', 'Listed CognitiveService accounts', 'Failed to list CognitiveService accounts'
-        )
+        output = az.run(f'az cognitiveservices account list -g {rg_name}', 'Listed CognitiveService accounts', 'Failed to list CognitiveService accounts')
 
         if output.success and output.json_data:
             for resource in output.json_data:
-                resources_to_cleanup.append(
-                    {'type': 'cognitiveservices', 'name': resource['name'], 'location': resource['location'], 'rg_name': rg_name}
-                )
+                resources_to_cleanup.append({'type': 'cognitiveservices', 'name': resource['name'], 'location': resource['location'], 'rg_name': rg_name})
 
         # List APIM resources
         output = az.run(f'az apim list -g {rg_name}', 'Listed APIM resources', 'Failed to list APIM resources')
@@ -1571,9 +1543,7 @@ def _cleanup_resources_with_thread_safe_printing(deployment_name: str, rg_name:
         # Delete and purge resources in parallel if there are any
         if resources_to_cleanup:
             with _print_lock:
-                _print_log(
-                    f'{thread_prefix}Found {len(resources_to_cleanup)} resource(s) to clean up. Processing in parallel...', '👉 ', thread_color
-                )
+                _print_log(f'{thread_prefix}Found {len(resources_to_cleanup)} resource(s) to clean up. Processing in parallel...', '👉 ', thread_color)
             _cleanup_resources_parallel_thread_safe(resources_to_cleanup, thread_prefix, thread_color)
         else:
             with _print_lock:
@@ -1639,19 +1609,12 @@ def cleanup_infra_deployments(deployment: INFRASTRUCTURE, indexes: int | list[in
         thread_color = THREAD_COLORS[i % len(THREAD_COLORS)]
         thread_prefix = f'{thread_color}[{deployment.value}-{idx}]{RESET}: '
 
-        cleanup_tasks.append(
-            {'deployment_name': deployment.value, 'rg_name': rg_name, 'thread_prefix': thread_prefix, 'thread_color': thread_color, 'index': idx}
-        )
+        cleanup_tasks.append({'deployment_name': deployment.value, 'rg_name': rg_name, 'thread_prefix': thread_prefix, 'thread_color': thread_color, 'index': idx})
 
     # Execute cleanup tasks in parallel
     with ThreadPoolExecutor(max_workers=max_workers) as executor:
         # Submit all tasks
-        future_to_task = {
-            executor.submit(
-                _cleanup_resources_thread_safe, task['deployment_name'], task['rg_name'], task['thread_prefix'], task['thread_color']
-            ): task
-            for task in cleanup_tasks
-        }
+        future_to_task = {executor.submit(_cleanup_resources_thread_safe, task['deployment_name'], task['rg_name'], task['thread_prefix'], task['thread_color']): task for task in cleanup_tasks}
 
         # Track results
         completed_count = 0
diff --git a/tests/python/test_infrastructures.py b/tests/python/test_infrastructures.py
index 5b60c6cf..4c802897 100644
--- a/tests/python/test_infrastructures.py
+++ b/tests/python/test_infrastructures.py
@@ -64,9 +64,7 @@ def test_infrastructure_creation_basic(mock_utils):
 @pytest.mark.unit
 def test_infrastructure_creation_with_custom_values(mock_utils):
     """Test Infrastructure creation with custom values."""
-    infra = infrastructures.Infrastructure(
-        infra=INFRASTRUCTURE.APIM_ACA, index=2, rg_location=Region.WEST_US_2, apim_sku=APIM_SKU.PREMIUM, networkMode=APIMNetworkMode.EXTERNAL_VNET
-    )
+    infra = infrastructures.Infrastructure(infra=INFRASTRUCTURE.APIM_ACA, index=2, rg_location=Region.WEST_US_2, apim_sku=APIM_SKU.PREMIUM, networkMode=APIMNetworkMode.EXTERNAL_VNET)
 
     assert infra.infra == INFRASTRUCTURE.APIM_ACA
     assert infra.index == 2
@@ -78,9 +76,7 @@ def test_infrastructure_creation_with_custom_values(mock_utils):
 @pytest.mark.unit
 def test_infrastructure_creation_with_custom_policy_fragments(mock_utils, mock_policy_fragments):
     """Test Infrastructure creation with custom policy fragments."""
-    infra = infrastructures.Infrastructure(
-        infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, rg_location=TEST_LOCATION, infra_pfs=mock_policy_fragments
-    )
+    infra = infrastructures.Infrastructure(infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, rg_location=TEST_LOCATION, infra_pfs=mock_policy_fragments)
 
     # Initialize policy fragments
     pfs = infra._define_policy_fragments()
@@ -244,9 +240,7 @@ def test_appgw_has_existing_infrastructure_deployment_returns_cli_result(mock_ut
         (infrastructures.AppGwApimInfrastructure, APIM_SKU.DEVELOPER),
     ],
 )
-def test_appgw_prepare_keyvault_certificate_skips_creation_for_unreachable_existing_keyvault_with_prior_deployment(
-    mock_utils, infra_class, default_sku
-):
+def test_appgw_prepare_keyvault_certificate_skips_creation_for_unreachable_existing_keyvault_with_prior_deployment(mock_utils, infra_class, default_sku):
     """Skip certificate creation when an existing private Key Vault is unreachable but the infra already exists."""
     infra = infra_class(rg_location='eastus', index=1, apim_sku=default_sku)
     infra._keyvault_exists = Mock(return_value=True)
@@ -343,9 +337,7 @@ def test_define_policy_fragments_with_none_input(mock_utils):
 @pytest.mark.unit
 def test_define_policy_fragments_with_custom_input(mock_utils, mock_policy_fragments):
     """Test _define_policy_fragments with custom input."""
-    infra = infrastructures.Infrastructure(
-        infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, rg_location=TEST_LOCATION, infra_pfs=mock_policy_fragments
-    )
+    infra = infrastructures.Infrastructure(infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, rg_location=TEST_LOCATION, infra_pfs=mock_policy_fragments)
 
     # Initialize policy fragments
     pfs = infra._define_policy_fragments()
@@ -767,9 +759,7 @@ def test_afd_apim_infrastructure_bicep_parameters(mock_utils):
     # Test with custom APIs (should enable ACA)
     custom_apis = [API('test-api', 'Test API', '/test', 'Test API description')]
 
-    infra = infrastructures.AfdApimAcaInfrastructure(
-        rg_location=TEST_LOCATION, index=TEST_INDEX, apim_sku=APIM_SKU.STANDARDV2, infra_apis=custom_apis
-    )
+    infra = infrastructures.AfdApimAcaInfrastructure(rg_location=TEST_LOCATION, index=TEST_INDEX, apim_sku=APIM_SKU.STANDARDV2, infra_apis=custom_apis)
 
     # Initialize components
     infra._define_policy_fragments()
@@ -1087,9 +1077,7 @@ def test_infrastructure_empty_custom_lists(mock_utils):
     empty_pfs = []
     empty_apis = []
 
-    infra = infrastructures.Infrastructure(
-        infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, rg_location=TEST_LOCATION, infra_pfs=empty_pfs, infra_apis=empty_apis
-    )
+    infra = infrastructures.Infrastructure(infra=INFRASTRUCTURE.SIMPLE_APIM, index=TEST_INDEX, rg_location=TEST_LOCATION, infra_pfs=empty_pfs, infra_apis=empty_apis)
 
     # Initialize components
     infra._define_policy_fragments()
@@ -2138,9 +2126,7 @@ def test_infrastructure_multiple_custom_pfs(mock_utils):
 
 def test_infrastructure_large_custom_api_list(mock_utils):
     """Test infrastructure with many custom APIs."""
-    apis = [
-        API(name=f'api-{i}', displayName=f'API {i}', path=f'/api-{i}', description=f'API {i}', policyXml='<policy></policy>') for i in range(1, 11)
-    ]
+    apis = [API(name=f'api-{i}', displayName=f'API {i}', path=f'/api-{i}', description=f'API {i}', policyXml='<policy></policy>') for i in range(1, 11)]
 
     infra = infrastructures.Infrastructure(infra=INFRASTRUCTURE.SIMPLE_APIM, index=1, rg_location='eastus', infra_apis=apis)
 
@@ -2525,15 +2511,11 @@ def test_infrastructure_constructor_with_all_network_modes(mock_utils):
     assert infra_public.networkMode == APIMNetworkMode.PUBLIC
 
     # Test EXTERNAL_VNET mode
-    infra_external = infrastructures.Infrastructure(
-        infra=INFRASTRUCTURE.SIMPLE_APIM, index=1, rg_location='eastus', networkMode=APIMNetworkMode.EXTERNAL_VNET
-    )
+    infra_external = infrastructures.Infrastructure(infra=INFRASTRUCTURE.SIMPLE_APIM, index=1, rg_location='eastus', networkMode=APIMNetworkMode.EXTERNAL_VNET)
     assert infra_external.networkMode == APIMNetworkMode.EXTERNAL_VNET
 
     # Test INTERNAL_VNET mode
-    infra_internal = infrastructures.Infrastructure(
-        infra=INFRASTRUCTURE.SIMPLE_APIM, index=1, rg_location='eastus', networkMode=APIMNetworkMode.INTERNAL_VNET
-    )
+    infra_internal = infrastructures.Infrastructure(infra=INFRASTRUCTURE.SIMPLE_APIM, index=1, rg_location='eastus', networkMode=APIMNetworkMode.INTERNAL_VNET)
     assert infra_internal.networkMode == APIMNetworkMode.INTERNAL_VNET
 
 
@@ -2551,18 +2533,14 @@ def test_infrastructure_constructor_with_all_sku_types(mock_utils):
 def test_infrastructure_constructor_with_mixed_custom_components(mock_utils):
     """Test Infrastructure with combinations of custom APIs and policy fragments."""
     # Only custom APIs, no PFs
-    api_only = infrastructures.Infrastructure(
-        infra=INFRASTRUCTURE.SIMPLE_APIM, index=1, rg_location='eastus', infra_apis=[API('api1', 'API 1', '/api1', 'API 1')], infra_pfs=None
-    )
+    api_only = infrastructures.Infrastructure(infra=INFRASTRUCTURE.SIMPLE_APIM, index=1, rg_location='eastus', infra_apis=[API('api1', 'API 1', '/api1', 'API 1')], infra_pfs=None)
     api_only._define_policy_fragments()
     api_only._define_apis()
     assert len(api_only.apis) == 2  # hello-world + api1
     assert len(api_only.pfs) == 6  # only base fragments
 
     # Only custom PFs, no APIs
-    pf_only = infrastructures.Infrastructure(
-        infra=INFRASTRUCTURE.SIMPLE_APIM, index=1, rg_location='eastus', infra_apis=None, infra_pfs=[PolicyFragment('pf1', '<policy/>', 'PF 1')]
-    )
+    pf_only = infrastructures.Infrastructure(infra=INFRASTRUCTURE.SIMPLE_APIM, index=1, rg_location='eastus', infra_apis=None, infra_pfs=[PolicyFragment('pf1', '<policy/>', 'PF 1')])
     pf_only._define_policy_fragments()
     pf_only._define_apis()
     assert len(pf_only.apis) == 1  # only hello-world
@@ -2833,9 +2811,7 @@ def test_afd_apim_aca_deploy_infrastructure_success_calls_steps(mock_utils, mock
 
     assert result is base_output
     mock_base_deploy.assert_called_once()
-    infra._approve_private_link_connections.assert_called_once_with(
-        '/subscriptions/test/resourceGroups/test/providers/Microsoft.ApiManagement/service/test'
-    )
+    infra._approve_private_link_connections.assert_called_once_with('/subscriptions/test/resourceGroups/test/providers/Microsoft.ApiManagement/service/test')
     infra._verify_apim_connectivity.assert_called_once_with('https://test-apim.azure-api.net')
     infra._disable_apim_public_access.assert_called_once()
 
@@ -2919,9 +2895,7 @@ def test_appgw_apim_pe_deploy_infrastructure_success_calls_steps_and_sets_appgw_
     infra._create_keyvault.assert_called_once()
     infra._create_keyvault_certificate.assert_called_once()
     mock_base_deploy.assert_called_once()
-    infra._approve_private_link_connections.assert_called_once_with(
-        '/subscriptions/test/resourceGroups/test/providers/Microsoft.ApiManagement/service/test'
-    )
+    infra._approve_private_link_connections.assert_called_once_with('/subscriptions/test/resourceGroups/test/providers/Microsoft.ApiManagement/service/test')
     infra._verify_apim_connectivity.assert_called_once_with('https://test-apim.azure-api.net')
     infra._disable_apim_public_access.assert_called_once()
     assert infra.appgw_domain_name == 'api.example.com'
@@ -3220,9 +3194,7 @@ def test_infrastructure_network_mode_with_custom_components(mock_utils):
     api = API('test-api', 'Test API', '/test', 'Test', '<policy></policy>')
 
     for network_mode in [APIMNetworkMode.PUBLIC, APIMNetworkMode.INTERNAL_VNET, APIMNetworkMode.EXTERNAL_VNET]:
-        infra = infrastructures.Infrastructure(
-            infra=INFRASTRUCTURE.APPGW_APIM, index=1, rg_location='eastus', networkMode=network_mode, infra_pfs=[pf], infra_apis=[api]
-        )
+        infra = infrastructures.Infrastructure(infra=INFRASTRUCTURE.APPGW_APIM, index=1, rg_location='eastus', networkMode=network_mode, infra_pfs=[pf], infra_apis=[api])
         assert infra.networkMode == network_mode
         infra._define_policy_fragments()
         infra._define_apis()
@@ -4469,9 +4441,7 @@ def test_appgw_apim_deploy_no_output_data(mock_utils, mock_az):
 @pytest.mark.unit
 def test_cleanup_single_resource_unknown_type(mock_utils, mock_az):
     """Test _cleanup_single_resource with unknown resource type."""
-    success, error_msg = infrastructures._cleanup_single_resource(
-        {'type': 'unknown-type', 'name': 'test-resource', 'location': 'eastus', 'rg_name': 'test-rg'}
-    )
+    success, error_msg = infrastructures._cleanup_single_resource({'type': 'unknown-type', 'name': 'test-resource', 'location': 'eastus', 'rg_name': 'test-rg'})
 
     assert success is False
     assert 'Unknown resource type' in error_msg
@@ -4499,9 +4469,7 @@ def test_cleanup_single_resource_apim_missing_live_service_still_purges(mock_uti
         Output(True, ''),
     ]
 
-    success, error_msg = infrastructures._cleanup_single_resource(
-        {'type': 'apim', 'name': 'test-apim', 'location': 'eastus', 'rg_name': 'test-rg'}
-    )
+    success, error_msg = infrastructures._cleanup_single_resource({'type': 'apim', 'name': 'test-apim', 'location': 'eastus', 'rg_name': 'test-rg'})
 
     assert success is True
     assert not error_msg
@@ -4515,9 +4483,7 @@ def test_cleanup_single_resource_apim_missing_live_and_deleted_services_succeeds
     service_not_found = '(ServiceNotFound) Api service does not exist: test-apim'
     mock_az.run.side_effect = [Output(False, service_not_found), Output(False, service_not_found)]
 
-    success, error_msg = infrastructures._cleanup_single_resource(
-        {'type': 'apim', 'name': 'test-apim', 'location': 'eastus', 'rg_name': 'test-rg'}
-    )
+    success, error_msg = infrastructures._cleanup_single_resource({'type': 'apim', 'name': 'test-apim', 'location': 'eastus', 'rg_name': 'test-rg'})
 
     assert success is True
     assert not error_msg
@@ -4529,9 +4495,7 @@ def test_cleanup_single_resource_apim_other_purge_failure_fails(mock_utils, mock
     """Test APIM cleanup preserves purge failures unrelated to a missing service."""
     mock_az.run.side_effect = [Output(True, ''), Output(False, '(AuthorizationFailed) Access denied')]
 
-    success, error_msg = infrastructures._cleanup_single_resource(
-        {'type': 'apim', 'name': 'test-apim', 'location': 'eastus', 'rg_name': 'test-rg'}
-    )
+    success, error_msg = infrastructures._cleanup_single_resource({'type': 'apim', 'name': 'test-apim', 'location': 'eastus', 'rg_name': 'test-rg'})
 
     assert success is False
     assert 'Purge failed' in error_msg

From 806269e91bd85431aa2f5ee0a9e9bfa00f0cecef Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Tue, 16 Jun 2026 09:36:02 -0400
Subject: [PATCH 27/31] Update dependencies, revert index

---
 samples/inference-failover/create.ipynb |  2 +-
 uv.lock                                 | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index edd19eab..80f3aa23 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -109,7 +109,7 @@
     "# ------------------------------\n",
     "\n",
     "rg_location = Region.EAST_US_2\n",
-    "index = 121\n",
+    "index = 1\n",
     "apim_sku = APIM_SKU.BASICV2\n",
     "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
     "api_prefix = 'inference'\n",
diff --git a/uv.lock b/uv.lock
index 04b6d6a4..8e363663 100644
--- a/uv.lock
+++ b/uv.lock
@@ -420,7 +420,7 @@ wheels = [
 
 [[package]]
 name = "cyclonedx-python-lib"
-version = "11.9.0"
+version = "11.10.0"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
     { name = "license-expression" },
@@ -429,9 +429,9 @@ dependencies = [
     { name = "sortedcontainers" },
     { name = "typing-extensions", marker = "python_full_version < '3.13'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/33/86/3508db3dade17e1f8cfa289b7dd3df7c2f0401d8cf7ee186042bdb3ab003/cyclonedx_python_lib-11.9.0.tar.gz", hash = "sha256:5d3b54834bbdfa2538b0e7eeda243f43c136d0a324d175fd8d6ec8685ee81f3c", size = 1424867, upload-time = "2026-06-08T07:32:26.945Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/a7/54/40d741cb605229cddcf9ec689b0fd401e39e2e70c2fe9cc728923b983b8e/cyclonedx_python_lib-11.10.0.tar.gz", hash = "sha256:d03d6ea271e26feaf123b8b1b34468a305f33a338c5763f56e397a8408f9b290", size = 1429036, upload-time = "2026-06-11T10:36:27.633Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/13/cd/8e671a62b18a946ea4923914030a68297cf3a50ac3bb169facc7b6c0d995/cyclonedx_python_lib-11.9.0-py3-none-any.whl", hash = "sha256:80620df4d11628458b7a17523b3f62be4663779babf51c82fe0ca7a32e3d0633", size = 524883, upload-time = "2026-06-08T07:32:25.094Z" },
+    { url = "https://files.pythonhosted.org/packages/a3/21/01c9b957ec3a778de86e010c1b54ea433ebf2fc50b810a3ca0ce8000782f/cyclonedx_python_lib-11.10.0-py3-none-any.whl", hash = "sha256:ffb9510b8d00a0896cfbe0a78b97c545d28f7d2a54e9d9dd5e5dc6e91ca9b375", size = 527798, upload-time = "2026-06-11T10:36:25.985Z" },
 ]
 
 [[package]]
@@ -484,11 +484,11 @@ wheels = [
 
 [[package]]
 name = "filelock"
-version = "3.29.3"
+version = "3.29.4"
 source = { registry = "https://pypi.org/simple" }
-sdist = { url = "https://files.pythonhosted.org/packages/91/f5/3557bf28e0f1943e4849154c821533706e6dea010f96fb6aa0b6949037d1/filelock-3.29.3.tar.gz", hash = "sha256:7fc1b3f39cf172fd8203812043c57b8a65aef9969f38b6704f628b881f761a84", size = 61956, upload-time = "2026-06-10T17:37:11.832Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/e6/dc/be6cbe99670cd6e4ad387123647cb08e0c32975e223f82551e914c5568a6/filelock-3.29.4.tar.gz", hash = "sha256:10cdb3656fc44541cdf30652a93fb10ec6b05325620eb316bd26893e4201538a", size = 63028, upload-time = "2026-06-13T16:12:00.744Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/81/8f/b61d427c4f49a8bdadc93f4e7e74df8a6df6f77ee6e26bf0df53d3925363/filelock-3.29.3-py3-none-any.whl", hash = "sha256:e58333029cc9b925f39aad59b1d8f0a1ad836af4e60d7217f4a4dba87461261d", size = 42324, upload-time = "2026-06-10T17:37:10.37Z" },
+    { url = "https://files.pythonhosted.org/packages/13/37/a065dc3bd6e49423a6532c642ca7378d3f467b1ef44c2800c937af7f9739/filelock-3.29.4-py3-none-any.whl", hash = "sha256:dac1648087d5115554850d113e7dd8c83ab2d38e3435dde2d4f163847e57b767", size = 42757, upload-time = "2026-06-13T16:11:59.582Z" },
 ]
 
 [[package]]

From 375864b8e9679e8cedcac6d35249dabb69d229ab Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Tue, 16 Jun 2026 10:01:02 -0400
Subject: [PATCH 28/31] Move event hub flag up

---
 samples/inference-failover/create.ipynb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index 80f3aa23..35439240 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -114,6 +114,7 @@
     "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
     "api_prefix = 'inference'\n",
     "tags = ['inference-failover', 'ai-gateway', 'observability']\n",
+    "enable_event_hub_export = False             # Opt in to regional Event Hub streaming for APIM telemetry\n",
     "max_completion_tokens = 128                 # Per-request completion cap for the pressure scenarios\n",
     "\n",
     "# ------------------------------\n",
@@ -121,7 +122,6 @@
     "# ------------------------------\n",
     "\n",
     "sample_folder = 'inference-failover'\n",
-    "enable_event_hub_export = False             # Opt in to regional Event Hub streaming for APIM telemetry\n",
     "rg_name = az.get_infra_rg_name(deployment, index)\n",
     "supported_infras = [\n",
     "    INFRASTRUCTURE.AFD_APIM_PE,\n",

From d96f835aa1696b5feb0af78be2b4e9d673b4b2cb Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Tue, 16 Jun 2026 10:59:03 -0400
Subject: [PATCH 29/31] Clean up

---
 shared/python/infrastructures.py     | 59 ++++++++++++++++---
 tests/python/test_infrastructures.py | 86 ++++++++++++++++------------
 2 files changed, 100 insertions(+), 45 deletions(-)

diff --git a/shared/python/infrastructures.py b/shared/python/infrastructures.py
index 899cf691..ba442c3b 100644
--- a/shared/python/infrastructures.py
+++ b/shared/python/infrastructures.py
@@ -1345,10 +1345,39 @@ def _cleanup_resources_parallel_thread_safe(resources: list[dict], thread_prefix
     _cleanup_resources_parallel(resources, thread_prefix, thread_color)
 
 
+def _get_resource_group_existence(rg_name: str) -> bool | None:
+    """Return whether a resource group exists, or None when the check fails."""
+    try:
+        output = az.run(f'az group exists --name {rg_name}', retries=0)
+    except Exception:  # pragma: no cover
+        return None
+
+    if not output.success:
+        return None
+
+    normalized_output = output.text.strip().lower()
+    if normalized_output == 'true':
+        return True
+    if normalized_output == 'false':
+        return False
+
+    return None
+
+
 def _delete_resource_group_best_effort(rg_name: str, *, thread_prefix: str = '', thread_color: str = '') -> None:
     if not rg_name:
         return
 
+    rg_exists = _get_resource_group_existence(rg_name)
+    if rg_exists is False:
+        message = f"Resource group '{rg_name}' is already absent. No deletion is needed."
+        if thread_prefix:
+            with _print_lock:
+                _print_log(f'{thread_prefix}{message}', 'ℹ️ ', thread_color, show_time=True)
+        else:
+            print_info(message)
+        return
+
     delete_cmd = f'az group delete --name {rg_name} -y --no-wait'
 
     if thread_prefix:
@@ -1402,12 +1431,14 @@ def _cleanup_resources(deployment_name: str, rg_name: str) -> None:
     try:
         print_info(f'Resource group : {rg_name}')
 
-        # Show the deployment details (if it exists)
-        output = az.run(
-            f'az deployment group show --name {deployment_name} -g {rg_name} -o json',
-            'Deployment retrieved',
-            'Deployment not found (may be empty resource group)',
-        )
+        rg_exists = _get_resource_group_existence(rg_name)
+        if rg_exists is False:
+            rg_delete_attempted = True
+            print_info(f"Resource group '{rg_name}' was not found. Nothing to clean up.")
+            print_message('Cleanup completed.')
+            return
+        if rg_exists is None:
+            print_warning(f"Could not verify whether resource group '{rg_name}' exists. Continuing with best-effort cleanup.")
 
         # Collect all resources that need to be deleted and purged
         resources_to_cleanup = []
@@ -1513,8 +1544,20 @@ def _cleanup_resources_with_thread_safe_printing(deployment_name: str, rg_name:
         with _print_lock:
             _print_log(f'{thread_prefix}Resource group : {rg_name}', '👉 ', thread_color)
 
-        # Show the deployment details
-        output = az.run(f'az deployment group show --name {deployment_name} -g {rg_name} -o json', 'Deployment retrieved', 'Failed to retrieve the deployment')
+        rg_exists = _get_resource_group_existence(rg_name)
+        if rg_exists is False:
+            rg_delete_attempted = True
+            with _print_lock:
+                _print_log(f"{thread_prefix}Resource group '{rg_name}' was not found. Nothing to clean up.", 'ℹ️ ', thread_color, show_time=True)
+            return
+        if rg_exists is None:
+            with _print_lock:
+                _print_log(
+                    f"{thread_prefix}Could not verify whether resource group '{rg_name}' exists. Continuing with best-effort cleanup.",
+                    '⚠️ ',
+                    BOLD_Y,
+                    show_time=True,
+                )
 
         # Collect all resources that need to be deleted and purged
         resources_to_cleanup = []
diff --git a/tests/python/test_infrastructures.py b/tests/python/test_infrastructures.py
index 4c802897..221d0183 100644
--- a/tests/python/test_infrastructures.py
+++ b/tests/python/test_infrastructures.py
@@ -1224,9 +1224,8 @@ def test_cleanup_resources_with_resources(monkeypatch):
     def mock_run(command, ok_message=None, error_message=None, **kwargs):
         run_commands.append(command)
 
-        # Mock deployment show response
-        if 'deployment group show' in command:
-            return Output(success=True, text='{"properties": {"provisioningState": "Succeeded"}}')
+        if 'group exists' in command:
+            return Output(success=True, text='true')
 
         # Mock cognitive services list response
         if 'cognitiveservices account list' in command:
@@ -1251,7 +1250,7 @@ def mock_run(command, ok_message=None, error_message=None, **kwargs):
 
     # Verify all expected commands were called
     command_patterns = [
-        'az deployment group show --name test-deployment -g test-rg',
+        'az group exists --name test-rg',
         'az cognitiveservices account list -g test-rg',
         'az cognitiveservices account delete -g test-rg -n cog-service-1',
         'az cognitiveservices account purge -g test-rg -n cog-service-1 --location "eastus"',
@@ -1281,9 +1280,8 @@ def test_cleanup_resources_no_resources(monkeypatch):
     def mock_run(command, ok_message=None, error_message=None, **kwargs):
         run_commands.append(command)
 
-        # Mock deployment show response
-        if 'deployment group show' in command:
-            return Output(success=True, text='{"properties": {"provisioningState": "Succeeded"}}')
+        if 'group exists' in command:
+            return Output(success=True, text='true')
 
         # Mock empty resource lists
         if any(x in command for x in ['cognitiveservices account list', 'apim list', 'keyvault list']):
@@ -1300,7 +1298,7 @@ def mock_run(command, ok_message=None, error_message=None, **kwargs):
 
     # Verify only listing and resource group deletion commands were called
     expected_commands = [
-        'az deployment group show --name test-deployment -g test-rg',
+        'az group exists --name test-rg',
         'az cognitiveservices account list -g test-rg',
         'az apim list -g test-rg',
         'az keyvault list -g test-rg',
@@ -1316,23 +1314,24 @@ def mock_run(command, ok_message=None, error_message=None, **kwargs):
         assert not any(pattern in cmd for cmd in run_commands), f'Unexpected delete/purge command found: {pattern}'
 
 
-def test_cleanup_resources_command_failures(monkeypatch):
-    """Test _cleanup_resources when commands fail."""
+def test_cleanup_resources_missing_resource_group_is_already_clean(monkeypatch):
+    """Treat a missing resource group as an informational no-op."""
+    run_calls = []
+    info_messages = []
 
     def mock_run(command, ok_message=None, error_message=None, **kwargs):
-        # Mock deployment show failure
-        if 'deployment group show' in command:
-            return Output(success=False, text='Deployment not found')
-
-        # All other commands succeed
-        return Output(success=True, text='[]')
+        run_calls.append((command, kwargs))
+        return Output(success=True, text='false')
 
     monkeypatch.setattr(infrastructures.az, 'run', mock_run)
-    suppress_module_functions(monkeypatch, infrastructures, ['print_info', 'print_message'])
+    monkeypatch.setattr(infrastructures, 'print_info', info_messages.append)
+    suppress_module_functions(monkeypatch, infrastructures, ['print_message'])
 
-    # Should not raise exception even when deployment show fails
     infrastructures._cleanup_resources('test-deployment', 'test-rg')
 
+    assert run_calls == [('az group exists --name test-rg', {'retries': 0})]
+    assert any('was not found. Nothing to clean up.' in message for message in info_messages)
+
 
 def test_cleanup_resources_exception_handling(monkeypatch):
     """Test _cleanup_resources exception handling."""
@@ -1769,9 +1768,8 @@ def test_cleanup_resources_partial_failures(monkeypatch):
     def mock_run(command, ok_message=None, error_message=None, **kwargs):
         run_commands.append(command)
 
-        # Mock deployment show response
-        if 'deployment group show' in command:
-            return Output(success=True, text='{"properties": {"provisioningState": "Failed"}}')
+        if 'group exists' in command:
+            return Output(success=True, text='true')
 
         # Mock resources exist
         if 'cognitiveservices account list' in command:
@@ -1807,7 +1805,7 @@ def mock_run(command, ok_message=None, error_message=None, **kwargs):
 
     # Verify all listing and group operations were attempted
     # Note: With parallel cleanup, if delete fails, purge is not attempted (expected behavior)
-    expected_patterns = ['deployment group show', 'cognitiveservices account list', 'apim list', 'keyvault list', 'group delete']
+    expected_patterns = ['group exists', 'cognitiveservices account list', 'apim list', 'keyvault list', 'group delete']
 
     for pattern in expected_patterns:
         assert any(pattern in cmd for cmd in run_commands), f'Expected command pattern not found: {pattern}'
@@ -3759,27 +3757,22 @@ def mock_cleanup_parallel(resources, thread_prefix, thread_color):
 
 
 @pytest.mark.unit
-def test_cleanup_resources_with_thread_safe_printing_deployment_show_fails(monkeypatch):
-    """Test cleanup when deployment group show fails."""
+def test_cleanup_resources_with_thread_safe_printing_missing_resource_group_is_already_clean(monkeypatch):
+    """Treat a missing resource group as an informational no-op in parallel cleanup."""
+    run_calls = []
 
-    def mock_run(command, ok_msg=None, error_msg=None):
-        if 'deployment group show' in command:
-            return Output(False, 'Deployment not found')
-        if 'cognitiveservices account list' in command or 'apim list' in command or 'keyvault list' in command:
-            return Output(True, json.dumps([]))
-        return Output(True, '{}')
+    def mock_run(command, ok_message=None, error_message=None, **kwargs):
+        run_calls.append((command, kwargs))
+        return Output(True, 'false')
 
     monkeypatch.setattr(infrastructures.az, 'run', mock_run)
-    patch_module_thread_safe_printing(monkeypatch, infrastructures)
-    suppress_module_functions(
-        monkeypatch,
-        infrastructures,
-        ['_cleanup_resources_parallel_thread_safe', '_delete_resource_group_best_effort'],
-    )
+    log_calls = capture_module_print_log(monkeypatch, infrastructures)
 
-    # Should not raise exception
     infrastructures._cleanup_resources_with_thread_safe_printing('test-deployment', 'test-rg', '[TEST]: ', 'color')
 
+    assert run_calls == [('az group exists --name test-rg', {'retries': 0})]
+    assert any(call['icon'] == 'ℹ️ ' and 'was not found. Nothing to clean up.' in call['msg'] for call in log_calls)
+
 
 @pytest.mark.unit
 def test_cleanup_resources_with_thread_safe_printing_cognitiveservices_list_fails(monkeypatch):
@@ -3938,6 +3931,25 @@ def test_delete_resource_group_best_effort_no_rg_name(monkeypatch):
     assert not print_calls
 
 
+@pytest.mark.unit
+def test_delete_resource_group_best_effort_already_absent(monkeypatch):
+    """Skip deletion when the resource group has already disappeared."""
+    run_calls = []
+    info_messages = []
+
+    def mock_run(command, *args, **kwargs):
+        run_calls.append((command, kwargs))
+        return Output(True, 'false')
+
+    monkeypatch.setattr(infrastructures.az, 'run', mock_run)
+    monkeypatch.setattr(infrastructures, 'print_info', info_messages.append)
+
+    infrastructures._delete_resource_group_best_effort('rg-absent')
+
+    assert run_calls == [('az group exists --name rg-absent', {'retries': 0})]
+    assert any('already absent. No deletion is needed.' in message for message in info_messages)
+
+
 @pytest.mark.unit
 def test_delete_resource_group_best_effort_thread_prefix_path(monkeypatch):
     """When thread_prefix provided, uses thread-safe print and az.run."""

From 06376dca68fdb2cf457f21b6830d0a7c7d71b565 Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 18 Jun 2026 16:51:17 -0400
Subject: [PATCH 30/31] Intermittent check-in

---
 .editorconfig                                 |    3 +
 .github/skills/apim-policies/SKILL.md         |   36 +-
 .../APIM Load Balancer Config.md              |   34 +-
 .../APIOPS-BACKEND-FILTERING-GUIDE.md         |  397 ++++++
 .../APIOPS-ENVIRONMENT-PROMOTION-PLAN.md      |  439 +++++++
 .../APIOps-variable-publish/.editorconfig     |    2 +
 .../APIOps-variable-publish/README.md         |  305 +++++
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   11 +
 .../backendInformation.json                   |   60 +
 .../configurations/configuration.dev.yaml     |   71 ++
 .../configuration.prod-eastus2.yaml           |   58 +
 .../configuration.prod-westus3.yaml           |   58 +
 .../configurations/configuration.qa.yaml      |   22 +
 .../scripts/prepare-apiops-artifacts.ps1      |  654 ++++++++++
 .../configuration.missing-backend.yaml        |   10 +
 ...onfiguration.pool-member-not-selected.yaml |   18 +
 .../tests/test-prepare-apiops-artifacts.ps1   |  449 +++++++
 .../workflow-templates/publish-apiops.yml     |   79 ++
 .../run-publisher-with-backend-selection.yml  |  189 +++
 samples/inference-failover/README.md          |   80 +-
 ...RRAFORM-APIOPS-BACKEND-ENVIRONMENT-PLAN.md |  503 ++++++++
 samples/inference-failover/WAF-COMPARISON.md  |   48 +-
 ...nference-api-policy-with-retry-tracked.xml |   12 +-
 .../configuration.prod-eus2-01.sample.yaml    |  310 +++++
 samples/inference-failover/create.ipynb       |   18 +-
 .../prepare-apiops-artifacts.ps1              | 1065 +++++++++++++++++
 samples/load-balancing/README.md              |   27 +-
 ...a-backend-pool-load-balancing-with-429.xml |    3 +-
 ...pool-load-balancing-with-retry-tracked.xml |    1 +
 .../aca-backend-pool-load-balancing.xml       |    3 +-
 samples/load-balancing/create.ipynb           |   15 +-
 tests/python/test_inference_failover.py       |   28 +-
 tests/python/test_load_balancing_helpers.py   |   28 +
 42 files changed, 4993 insertions(+), 142 deletions(-)
 create mode 100644 samples/inference-failover/APIOPS-BACKEND-FILTERING-GUIDE.md
 create mode 100644 samples/inference-failover/APIOPS-ENVIRONMENT-PROMOTION-PLAN.md
 create mode 100644 samples/inference-failover/APIOps-variable-publish/.editorconfig
 create mode 100644 samples/inference-failover/APIOps-variable-publish/README.md
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-centralus/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-eastus2-02/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-eastus2/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-northcentralus/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-southcentralus/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-westus3-02/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-westus3/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-eastus2/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-southcentralus/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-westus3/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/artifacts/backends/inference-gpt-5-1-pool/backendInformation.json
 create mode 100644 samples/inference-failover/APIOps-variable-publish/configurations/configuration.dev.yaml
 create mode 100644 samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-eastus2.yaml
 create mode 100644 samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-westus3.yaml
 create mode 100644 samples/inference-failover/APIOps-variable-publish/configurations/configuration.qa.yaml
 create mode 100644 samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1
 create mode 100644 samples/inference-failover/APIOps-variable-publish/tests/fixtures/configuration.missing-backend.yaml
 create mode 100644 samples/inference-failover/APIOps-variable-publish/tests/fixtures/configuration.pool-member-not-selected.yaml
 create mode 100644 samples/inference-failover/APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1
 create mode 100644 samples/inference-failover/APIOps-variable-publish/workflow-templates/publish-apiops.yml
 create mode 100644 samples/inference-failover/APIOps-variable-publish/workflow-templates/run-publisher-with-backend-selection.yml
 create mode 100644 samples/inference-failover/TERRAFORM-APIOPS-BACKEND-ENVIRONMENT-PLAN.md
 create mode 100644 samples/inference-failover/configuration.prod-eus2-01.sample.yaml
 create mode 100644 samples/inference-failover/prepare-apiops-artifacts.ps1

diff --git a/.editorconfig b/.editorconfig
index 185bf798..8dc5590c 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -13,6 +13,9 @@ charset = utf-8
 [*.md]
 trim_trailing_whitespace = false
 
+[*.ps1]
+max_line_length = 160
+
 [*.bicep]
 indent_size = 2
 
diff --git a/.github/skills/apim-policies/SKILL.md b/.github/skills/apim-policies/SKILL.md
index 841b7344..f46a58cd 100644
--- a/.github/skills/apim-policies/SKILL.md
+++ b/.github/skills/apim-policies/SKILL.md
@@ -52,7 +52,7 @@ When retrying a backend request, make `<retry>` the sole direct child of `<backe
 
 ```xml
 <backend>
-    <retry count="3" interval="1" first-fast-retry="true"
+    <retry count="2" interval="1" first-fast-retry="true"
         condition='@(context.Response.StatusCode == 429 || context.Response.StatusCode &gt;= 500)'>
         <forward-request buffer-request-body="true" />
     </retry>
@@ -69,14 +69,14 @@ When a custom backend policy is not needed, keep `<base />` as the only direct c
 
 ## Policy Categories Quick Reference
 
-| Category | Common Policies | Section |
-| --- | --- | --- |
-| **Authentication** | `authentication-managed-identity`, `validate-azure-ad-token`, `validate-jwt` | inbound |
-| **Rate Limiting** | `rate-limit-by-key`, `quota-by-key` | inbound |
-| **Caching** | `cache-lookup`, `cache-store` | inbound/outbound |
-| **Routing** | `set-backend-service`, `forward-request`, `retry` | inbound/backend |
-| **Transformation** | `set-header`, `set-body`, `set-variable`, `rewrite-uri` | any |
-| **Control Flow** | `choose`, `return-response`, `retry`, `wait` | any |
+| Category           | Common Policies                                                              | Section          |
+| ------------------ | ---------------------------------------------------------------------------- | ---------------- |
+| **Authentication** | `authentication-managed-identity`, `validate-azure-ad-token`, `validate-jwt` | inbound          |
+| **Rate Limiting**  | `rate-limit-by-key`, `quota-by-key`                                          | inbound          |
+| **Caching**        | `cache-lookup`, `cache-store`                                                | inbound/outbound |
+| **Routing**        | `set-backend-service`, `forward-request`, `retry`                            | inbound/backend  |
+| **Transformation** | `set-header`, `set-body`, `set-variable`, `rewrite-uri`                      | any              |
+| **Control Flow**   | `choose`, `return-response`, `retry`, `wait`                                 | any              |
 
 ## Essential Policies
 
@@ -146,12 +146,16 @@ Return an immediate response without calling the backend:
 Retry failed requests with conditions:
 
 ```xml
-<retry count="3" interval="1" first-fast-retry="true"
+<retry count="2" interval="1" first-fast-retry="true"
     condition='@(context.Response.StatusCode == 429 || context.Response.StatusCode &gt;= 500)'>
     <forward-request buffer-request-body="true" />
 </retry>
 ```
 
+For backend-pool failover, bound the retry budget independently of pool size. Use `count="2"` as the default unless workload testing justifies another value. This permits two retries after the initial attempt, for three total attempts. Two retries may already be more than sufficient for interactive traffic: a circuit-breaking pool removes a failed member from selection, and three consecutive failures against backends that were eligible moments earlier are a strong signal to stop and return control to the caller. Use retry-attempt and latency telemetry to justify reducing the count to `1` or increasing it above `2`.
+
+When the value must be managed outside the policy, use a plain numeric Named Value as the complete attribute value, for example `count="{{backend-retry-count}}"`, and set that Named Value to `2`. Keep pool cardinality as a separate concern only when policy behavior genuinely needs to count pool members.
+
 ## Policy Expressions
 
 Policy expressions use C# syntax within `@()` for single statements or `@{}` for multi-statement blocks.
@@ -244,16 +248,16 @@ Before using a type or member in a policy expression, verify it appears on the o
 - **`System.Enum` is restricted to** `Parse`, `TryParse`, `ToString`. No `GetValues`, `GetNames`, `IsDefined`.
 - **`System.Text.RegularExpressions.Regex` is restricted to** the constructor plus `IsMatch`, `Match`, `Matches`, `Replace`, `Unescape`, `Split`. No `CompileToAssembly`, `CacheSize`.
 - **Numeric primitives are fully allowed**, so `int.TryParse`, `long.TryParse`, `double.TryParse` are safe.
-- **JSON via `Newtonsoft.Json`** is the only supported JSON library — do not use `System.Text.Json`.
+- **JSON via `Newtonsoft.Json`** is the only supported JSON library; do not use `System.Text.Json`.
 
 When a member you need is not allowed, refactor to an equivalent that is. Examples:
 
-| Disallowed | Allowed replacement |
-| --- | --- |
+| Disallowed                                                        | Allowed replacement                                                                             |
+| ----------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- |
 | `DateTime.TryParse(s, ..., DateTimeStyles.RoundtripKind, out dt)` | Store as Unix epoch via `DateTimeOffset.UtcNow.ToUnixTimeSeconds()`, parse with `long.TryParse` |
-| `DateTime.ParseExact(s, fmt, CultureInfo.InvariantCulture)` | `DateTime.Parse(s)` (allowed) or epoch-based representation |
-| `Enum.GetValues(typeof(T))` | Hard-code the comparison values or store as a string |
-| `System.Text.Json.JsonSerializer.Deserialize<T>(s)` | `JsonConvert.DeserializeObject<T>(s)` |
+| `DateTime.ParseExact(s, fmt, CultureInfo.InvariantCulture)`       | `DateTime.Parse(s)` (allowed) or epoch-based representation                                     |
+| `Enum.GetValues(typeof(T))`                                       | Hard-code the comparison values or store as a string                                            |
+| `System.Text.Json.JsonSerializer.Deserialize<T>(s)`               | `JsonConvert.DeserializeObject<T>(s)`                                                           |
 
 If you are unsure whether a member is allowed, fetch the [allowed types table](https://learn.microsoft.com/azure/api-management/api-management-policy-expressions#CLRTypes) and confirm before writing the expression.
 
diff --git a/samples/inference-failover/APIM Load Balancer Config.md b/samples/inference-failover/APIM Load Balancer Config.md
index 6d2e27bf..fb6a9032 100644
--- a/samples/inference-failover/APIM Load Balancer Config.md	
+++ b/samples/inference-failover/APIM Load Balancer Config.md	
@@ -12,27 +12,27 @@ This load balancing design provides inference-backend failover. A single-region
 
 | Index | Subscription | AI Resource region | APIM backend                    | Deployment type      | Billing/capacity | Priority | Weight |
 | :---: | :----------: | ------------------ | ------------------------------- | -------------------- | :--------------: | :------: | -----: |
-| 1     |  1           | East US 2          | `gpt-5-mini-ptu-eastus2`        | `ProvisionedManaged` | 300 PTUs         |    1     |    100 |
-| 2     |  1           | East US 2          | `gpt-5-mini-datazone-eastus2`   | `DataZoneStandard`   | PAYG             |    2     |     25 |
-| 3     |  2           | East US            | `gpt-5-mini-datazone-eastus`    | `DataZoneStandard`   | PAYG             |    2     |     25 |
-| 4     |  3           | Central US         | `gpt-5-mini-datazone-centralus` | `DataZoneStandard`   | PAYG             |    2     |     25 |
-| 5     |  4           | West US 3          | `gpt-5-mini-datazone-westus3`   | `DataZoneStandard`   | PAYG             |    2     |     25 |
-| 6     |  1           | East US 2          | `gpt-5-mini-global-eastus2`     | `GlobalStandard`     | PAYG             |    3     |     25 |
-| 7     |  2           | East US            | `gpt-5-mini-global-eastus`      | `GlobalStandard`     | PAYG             |    3     |     25 |
-| 8     |  3           | Central US         | `gpt-5-mini-global-centralus`   | `GlobalStandard`     | PAYG             |    3     |     25 |
-| 9     |  4           | West US 3          | `gpt-5-mini-global-westus3`     | `GlobalStandard`     | PAYG             |    3     |     25 |
-
-*Equal weights divide traffic approximately evenly among healthy backends in the same priority tier.*
+|   1   |      1       | East US 2          | `gpt-5-mini-ptu-eastus2`        | `ProvisionedManaged` |     300 PTUs     |    1     |    100 |
+|   2   |      1       | East US 2          | `gpt-5-mini-datazone-eastus2`   | `DataZoneStandard`   |       PAYG       |    2     |     25 |
+|   3   |      2       | East US            | `gpt-5-mini-datazone-eastus`    | `DataZoneStandard`   |       PAYG       |    2     |     25 |
+|   4   |      3       | Central US         | `gpt-5-mini-datazone-centralus` | `DataZoneStandard`   |       PAYG       |    2     |     25 |
+|   5   |      4       | West US 3          | `gpt-5-mini-datazone-westus3`   | `DataZoneStandard`   |       PAYG       |    2     |     25 |
+|   6   |      1       | East US 2          | `gpt-5-mini-global-eastus2`     | `GlobalStandard`     |       PAYG       |    3     |     25 |
+|   7   |      2       | East US            | `gpt-5-mini-global-eastus`      | `GlobalStandard`     |       PAYG       |    3     |     25 |
+|   8   |      3       | Central US         | `gpt-5-mini-global-centralus`   | `GlobalStandard`     |       PAYG       |    3     |     25 |
+|   9   |      4       | West US 3          | `gpt-5-mini-global-westus3`     | `GlobalStandard`     |       PAYG       |    3     |     25 |
+
+_Equal weights divide traffic approximately evenly among healthy backends in the same priority tier._
 
 ## Routing Strategy
 
 The backend pool uses three priority tiers:
 
-  1. **Priority 1 - regional provisioned capacity:** Route to the 300-PTU `ProvisionedManaged` deployment in East US 2.
+1. **Priority 1 - regional provisioned capacity:** Route to the 300-PTU `ProvisionedManaged` deployment in East US 2.
 
-  1. **Priority 2 - US data zone fallback:** Distribute traffic equally across the four `DataZoneStandard` deployments.
+1. **Priority 2 - US data zone fallback:** Distribute traffic equally across the four `DataZoneStandard` deployments.
 
-  1. **Priority 3 - global fallback:** Distribute traffic equally across the four `GlobalStandard` deployments.
+1. **Priority 3 - global fallback:** Distribute traffic equally across the four `GlobalStandard` deployments.
 
 ### Design Decisions
 
@@ -54,12 +54,12 @@ The priorities reflect capacity commitment and permitted processing scope, not p
 >
 > The global backend can be omitted when US-only processing is mandatory, leaving a two-backend pool. Retain multiple backends in a tier when independent subscription quota, endpoint failure isolation, or operational ownership justifies the added complexity. A single `DataZoneStandard` or `GlobalStandard` deployment already uses the service's internal routing scope; multiple deployments are not required merely to reach multiple inference regions.
 
-- **Set max number of retries.** Set the max to the total number of backends - 1. 1 represents the initial request. Here, this yields `10 backends - 1 = 9 retries`. This recommendation depends on the current circuit breaker setting, which trips a backend after one qualifying `408`, `429`, `499`, `500`, `502`, `503`, or `504` response. Once its circuit opens, later requests handled by that APIM gateway avoid the unavailable backend, so every request does not need to probe the full pool. The pool-specific cache in this policy stores the soonest `Retry-After` recovery time for an exhausted response; it does not select backends or replace circuit-breaker state.
+- **Keep the retry budget independent of pool size.** Use `2` retries as the bounded default, which permits three total attempts including the initial request. This may already be more than sufficient for interactive traffic. Do not use the number of backends minus one. The current circuit breaker trips a backend after one qualifying `408`, `429`, `499`, `500`, `502`, `503`, or `504` response, and later attempts handled by that APIM gateway avoid the unavailable backend. If the initial selection and two additional backends all fail while eligible, the request has enough evidence to stop rather than probe the full pool. The pool-specific cache in this policy stores the soonest `Retry-After` recovery time for an exhausted response; it does not select backends or replace circuit-breaker state.
 
 > **Note: About potential retries:**
 >
-> Because we retry in the context of a load balancer with a backend pool (as opposed to a single backend), any failing request may trip that backend's configred circuit breaker. That backend is then immediately removed from the pool for the duration of the circuit breaker trip. APIM then immediately retries against another *healthy* backend, if available, from the pool. **ONE retry represents the vast majority of retry occurrences.**
-> It is technically possible for more retries to occur, but that would necessitate backends failing often with a very dynamic backend health pool. This is very unlikely to happen, but even if it did, it would not result in many retries (odds are high that a healthy backend will be selectable and we also limit the max retry count).
+> Because we retry in the context of a load balancer with a backend pool (as opposed to a single backend), any failing request may trip that backend's configured circuit breaker. That backend is then immediately removed from the pool for the duration of the circuit breaker trip. APIM then immediately retries against another _healthy_ backend, if available, from the pool. **One retry represents the vast majority of retry occurrences.**
+> More retries require several backends that were eligible moments earlier to fail during the same request. That condition should be uncommon and is sufficiently represented by the fixed maximum of two retries. Use observed conditional recovery by attempt and end-to-end latency to determine whether even one retry is enough.
 
 ## Availability Validation
 
diff --git a/samples/inference-failover/APIOPS-BACKEND-FILTERING-GUIDE.md b/samples/inference-failover/APIOPS-BACKEND-FILTERING-GUIDE.md
new file mode 100644
index 00000000..feb57e29
--- /dev/null
+++ b/samples/inference-failover/APIOPS-BACKEND-FILTERING-GUIDE.md
@@ -0,0 +1,397 @@
+# APIOps Environment Backend Filtering
+
+This guide describes a controlled way to publish a different subset of Azure API Management (APIM) backends to each environment while retaining one canonical APIOps artifact superset.
+
+The implementation filters a temporary copy of the artifact tree before the APIOps publisher discovers resources. The source artifacts remain unchanged, and the target APIOps configuration acts as an explicit allowlist of backend resources for that environment.
+
+The need for selective environment publication and the temporary filtered-tree approach are discussed in [Azure/apiops issue #789](https://github.com/Azure/apiops/issues/789). This guide applies that general community workaround specifically to APIM backends and adds dependency validation, audit evidence, and fail-closed behavior. The PowerShell staging step is a repository-owned workflow extension; it is not a built-in APIOps publisher feature, and it does not change the publisher configuration file into a native allowlist.
+
+## Executive Summary
+
+Use this pattern when DEV, QA, and PROD have different backend inventories or when PROD should receive only an approved subset, such as 5 of 10 available backends.
+
+```text
+Canonical artifact superset
+          |
+          v
+configuration.<environment>.yaml backend allowlist
+          |
+          v
+PowerShell validation and temporary staging
+          |
+          v
+APIOps publisher reads only the staged artifact tree
+```
+
+The design is fail closed. A new canonical backend is not published to an environment until its name is added to that environment's top-level `backends` array.
+
+## Package Contents
+
+- [prepare-apiops-artifacts.ps1](prepare-apiops-artifacts.ps1) creates and validates the staged artifact tree.
+- [configuration.prod-eus2-01.sample.yaml](configuration.prod-eus2-01.sample.yaml) demonstrates the selection contract with nine concrete backends and two backend pools.
+- [Terraform and APIOps backend environment plan](TERRAFORM-APIOPS-BACKEND-ENVIRONMENT-PLAN.md) covers ownership, target manifests, release validation, and rollback in more detail.
+
+The script is dependency-free and supports PowerShell 7 on Windows, Linux, and macOS. It intentionally parses only the constrained APIOps YAML structure described below; it is not a general-purpose YAML parser.
+
+## Before You Begin
+
+The script prepares files for the APIOps publisher. It does not connect to Azure or run the publisher itself.
+
+Confirm the following before the first run:
+
+- [ ] PowerShell 7 or later is installed on the workstation or CI runner.
+- [ ] The APIOps extractor has produced a complete canonical artifact tree.
+- [ ] The artifact root contains a `backends/` directory.
+- [ ] Every backend that may be selected has its own `backendInformation.json` file.
+- [ ] The target configuration contains exactly one top-level `backends` array.
+- [ ] Backend pools and every concrete backend used by those pools are listed in that array.
+- [ ] The destination is a temporary or generated directory, not the source artifact directory.
+
+View the complete built-in script documentation at any time:
+
+```powershell
+Get-Help ./samples/inference-failover/prepare-apiops-artifacts.ps1 -Full
+```
+
+Use `-Verbose` during initial setup or troubleshooting to include resolved paths and cleanup details.
+
+## Selection Contract
+
+Each backend resource that should exist in the target environment must have a direct entry under the configuration's top-level `backends` property. Backend pools are APIM backend resources, so they must also be listed.
+
+```yaml
+backends:
+  - name: gpt-5-1-PTU-eastus2
+    properties:
+      url: https://aoai-prod-eus2.openai.azure.com/openai/deployments/gpt-5-1
+
+  - name: inference-gpt-5-1-pool
+    properties:
+      type: Pool
+      pool:
+        services:
+          - id: /backends/gpt-5-1-PTU-eastus2
+            priority: 1
+            weight: 100
+```
+
+In this example, the script retains the concrete backend and the pool. Every other directory under the canonical `backends/` folder is removed only from the staged copy.
+
+Apply these rules:
+
+- Treat backend names as case-sensitive artifact directory names.
+- List every concrete backend that the environment may publish.
+- List every backend pool used by an API policy.
+- Supply the complete `properties.pool.services` array when overriding pool membership.
+- Ensure every pool member is also selected as a top-level backend.
+- Keep backend credentials out of configuration. The inference-failover policy uses APIM managed identity.
+
+The script rejects an empty or missing `backends` property, duplicate or unsafe names, selected artifacts that do not exist, and pool or literal policy references to filtered backends.
+
+## Artifact Layout
+
+The source path must be the APIOps artifact root, not the `backends` directory itself.
+
+```text
+artifacts/
+  apis/
+  backends/
+    backend-a/
+      backendInformation.json
+    backend-b/
+      backendInformation.json
+    inference-pool/
+      backendInformation.json
+  namedValues/
+  products/
+```
+
+The complete tree is copied. Only directories directly beneath staged `backends/` are filtered. APIs, policies, Named Values, products, and other artifact collections are preserved.
+
+## How the Script Works
+
+The script follows six phases in a fixed order. Publication should begin only after all six phases succeed.
+
+1. **Validate input paths.** Resolve the source, destination, configuration, and audit paths. Reject missing paths, overlapping artifact trees, and an audit path inside either artifact tree.
+1. **Read the environment allowlist.** Read direct `name` entries beneath the configuration's top-level `backends` property and collect pool members from `properties.pool.services`.
+1. **Validate source artifacts.** Confirm that every selected name has a canonical backend directory and a parseable `backendInformation.json` file.
+1. **Create the staged tree.** Copy the entire source artifact tree, then remove only unselected directories directly beneath staged `backends/`.
+1. **Validate dependencies.** Confirm that effective pool members and literal `set-backend-service` policy references resolve to selected backend resources.
+1. **Write release evidence.** Atomically write a JSON audit manifest with the configuration hash, counts, selected names, and removed names.
+
+If phases 4, 5, or 6 fail, the script attempts to remove the partial staging directory before returning an error. This prevents a later workflow step from publishing incomplete artifacts.
+
+## Script Parameters
+
+- **`SourceArtifactsPath` (required):** Canonical APIOps artifact root containing `backends/`, `apis/`, and other artifact collections. The script reads but never changes this directory.
+- **`DestinationArtifactsPath` (required):** Separate staging root passed to the APIOps publisher after success. It must not overlap the source path.
+- **`ConfigurationPath` (required):** Target `configuration.<environment>.yaml` whose top-level `backends` entries define the environment allowlist.
+- **`AuditManifestPath` (optional):** JSON release-evidence path. The default is `<DestinationArtifactsPath>.selection.json`, adjacent to the staged directory.
+- **`Force` (optional):** Replaces an existing destination. Without this switch, an existing destination produces exit code `2`. It never permits source and destination overlap.
+- **`Verbose` (optional):** Standard PowerShell common parameter that includes resolved paths, replacement details, cleanup confirmation, and exception stack context.
+
+The first three values are validated inside the script instead of relying only on PowerShell parameter binding. This allows missing values to produce the documented exit code `2` and a complete corrective message.
+
+## Run Locally
+
+Run the script from the repository root with PowerShell 7. For a first run, omit `-Force` so an unexpected existing destination cannot be replaced:
+
+```powershell
+./samples/inference-failover/prepare-apiops-artifacts.ps1 `
+  -SourceArtifactsPath ./artifacts `
+  -DestinationArtifactsPath ./out/apimartifacts-prod `
+  -ConfigurationPath ./configuration.prod.yaml `
+  -AuditManifestPath ./out/apimartifacts-prod.selection.json `
+  -Verbose
+```
+
+After reviewing the generated path, use `-Force` in repeatable automation where replacement is intentional:
+
+```powershell
+./samples/inference-failover/prepare-apiops-artifacts.ps1 `
+    -SourceArtifactsPath ./artifacts `
+    -DestinationArtifactsPath ./out/apimartifacts-prod `
+    -ConfigurationPath ./configuration.prod.yaml `
+    -AuditManifestPath ./out/apimartifacts-prod.selection.json `
+    -Force
+```
+
+`-Force` replaces an existing destination. It never permits the source directory, the destination directory, or either directory's parent tree to overlap.
+
+On success, inspect:
+
+- The staged `backends/` directory. It must contain exactly the configured backend names.
+- The staged non-backend collections. They must match the source.
+- The selection manifest. It records the resolved paths, configuration SHA-256, selected resources, removed resources, counts, and UTC generation time.
+
+The selection manifest is written next to the staged directory by default, not inside it. This prevents the publisher from interpreting audit data as an APIOps artifact.
+
+## Understanding the Result
+
+### Successful Run
+
+A successful run reports every phase and ends with an explicit success block:
+
+```text
+=== APIOps Environment Artifact Preparation ===
+[1/6] Validating and resolving input paths...
+[2/6] Reading the target backend allowlist...
+  Selected 6 backend resources, including pools.
+[3/6] Checking selected resources against the source artifacts...
+  Found 11 backend resources in the canonical superset.
+[4/6] Copying the artifact tree and filtering staged backends...
+  Removed 5 unselected backend resources from staging.
+[5/6] Validating pool members and policy backend references...
+[6/6] Writing the backend selection audit manifest...
+
+[SUCCESS] APIOps artifact preparation completed.
+Exit code : 0
+Staged at : /runner/temp/apimartifacts-prod
+Audit file: /runner/temp/apimartifacts-prod.selection.json
+Selected  : 6 backend resources
+Filtered  : 5 backend resources
+```
+
+Exit code `0` means both the staged tree and audit manifest are complete. The workflow may proceed to the APIOps publisher.
+
+### Failed Run
+
+An expected failure prints one error block to standard error:
+
+```text
+[ERROR] APIOps artifact preparation failed.
+Category : Invalid backend references
+Exit code: 5
+Message  : The selected backend set is not dependency-complete. Selected backend pool 'inference-gpt-5-1-pool' references filtered backend 'gpt-5-1-PAYG-westus3'.
+Resolution: Select every backend referenced by a retained pool or literal set-backend-service policy, then rerun the script.
+```
+
+Do not invoke the publisher after any nonzero exit code. Correct the reported condition and rerun artifact preparation from the canonical source tree.
+
+## Exit Codes
+
+The numeric code is the automation contract. The category and resolution text provide the human-readable diagnosis.
+
+- **`0` - Success:** Staging, reference validation, and audit generation completed. Continue to the APIOps publisher.
+- **`1` - PowerShell startup or binding:** PowerShell could not parse the invocation or bind a supplied parameter. Check parameter spelling, value types, PowerShell availability, and script syntax.
+- **`2` - Invalid input:** A required value is missing, paths overlap, or destination handling is unsafe. Correct the invocation or choose separate source, destination, and audit locations.
+- **`3` - Invalid configuration:** The top-level backend allowlist or supported pool YAML shape is invalid. Correct the target configuration using the selection contract in this guide.
+- **`4` - Invalid source artifacts:** A selected directory or `backendInformation.json` file is missing, invalid, or unreadable. Restore or re-extract the canonical APIOps artifacts.
+- **`5` - Invalid backend references:** A selected pool or literal policy refers to a backend that is not selected. Add the referenced backend or remove the reference, then rerun validation.
+- **`6` - Staging failure:** The destination could not be replaced, created, copied, filtered, or cleaned up. Check permissions, locks, path length, disk capacity, and stale files.
+- **`7` - Audit failure:** The JSON selection manifest could not be written atomically. Check the audit directory permissions and disk capacity, then rerun.
+- **`99` - Unexpected failure:** An unclassified runtime error occurred. Rerun with `-Verbose` and provide the complete error block to the script maintainer if it persists.
+
+In PowerShell, read the code immediately after the script finishes:
+
+```powershell
+./samples/inference-failover/prepare-apiops-artifacts.ps1 @parameters
+$preparationExitCode = $LASTEXITCODE
+
+if ($preparationExitCode -ne 0) {
+    throw "APIOps artifact preparation failed with exit code $preparationExitCode."
+}
+```
+
+GitHub Actions automatically fails the preparation step when the script returns a nonzero code. The script also emits a GitHub error annotation and, after success, adds selection counts and names to the job summary.
+
+## Common Errors
+
+### The Destination Already Exists
+
+Confirm that the destination is generated output. Rerun with `-Force` only when replacing it is intentional. Never point the destination at the canonical source tree.
+
+### A Configured Backend Does Not Exist in Source
+
+The configuration is an allowlist and an override, not a replacement for canonical artifacts. Restore `backends/<name>/backendInformation.json` through extraction or remove the name from the target configuration.
+
+### A Pool References a Filtered Backend
+
+Add every pool member as its own direct top-level backend entry. A pool entry alone does not select its concrete members.
+
+### A Policy References a Filtered Backend or Pool
+
+Retain the referenced backend resource or update the policy to use a selected stable pool ID. Dynamic expressions and Named Values require a separate target-aware validation because their runtime values cannot be determined from static artifacts.
+
+### Partial Staging Cleanup Reports a Warning
+
+The primary failure code remains authoritative, but the staging path may still contain partial output. Remove it manually before rerunning and investigate file locks or runner permissions.
+
+## GitHub Actions Integration
+
+Insert the preparation step after checkout and APIOps publisher download, but before the publisher executable runs. Keep the existing Azure authentication and publisher acquisition steps.
+
+The following fragment is designed for a fixed PROD job protected by a GitHub environment approval. Actions are pinned to full commit SHAs. Workflow expressions are assigned through `env` rather than interpolated into the PowerShell command.
+
+```yaml
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  publish-prod:
+    runs-on: ubuntu-latest
+    environment: prod
+    env:
+      SOURCE_ARTIFACTS_PATH: ${{ github.workspace }}/artifacts
+      TARGET_CONFIGURATION_PATH: ${{ github.workspace }}/configuration.prod.yaml
+      STAGED_ARTIFACTS_PATH: ${{ runner.temp }}/apimartifacts-prod
+      SELECTION_AUDIT_PATH: ${{ runner.temp }}/apimartifacts-prod.selection.json
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+      # Keep the customer's existing Azure login and APIOps publisher download steps here.
+
+      - name: Prepare target APIOps artifacts
+        shell: pwsh
+        run: |
+          ./samples/inference-failover/prepare-apiops-artifacts.ps1 `
+            -SourceArtifactsPath $env:SOURCE_ARTIFACTS_PATH `
+            -DestinationArtifactsPath $env:STAGED_ARTIFACTS_PATH `
+            -ConfigurationPath $env:TARGET_CONFIGURATION_PATH `
+            -AuditManifestPath $env:SELECTION_AUDIT_PATH `
+            -Force
+
+      - name: Run APIOps publisher
+        shell: pwsh
+        env:
+          API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ runner.temp }}/apimartifacts-prod
+          CONFIGURATION_YAML_PATH: ${{ github.workspace }}/configuration.prod.yaml
+          API_MANAGEMENT_SERVICE_NAME: ${{ vars.API_MANAGEMENT_SERVICE_NAME }}
+          PUBLISHER_EXECUTABLE_PATH: ${{ runner.temp }}/apiops/publisher
+        run: |
+          & $env:PUBLISHER_EXECUTABLE_PATH
+
+      - name: Upload backend selection audit
+        if: always()
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: apiops-prod-backend-selection
+          path: ${{ runner.temp }}/apimartifacts-prod.selection.json
+          if-no-files-found: error
+          retention-days: 30
+```
+
+Adapt `PUBLISHER_EXECUTABLE_PATH` to the location produced by the customer's existing APIOps download step. Preserve all required APIOps authentication environment variables from that workflow.
+
+Use a full APIOps publication for the generated staging tree. Do not set `COMMIT_ID` initially. Commit-aware publication calculates changes from the canonical Git tree, while the filtered tree is generated after checkout and has different resource visibility.
+
+## Validation Behavior
+
+Before the publisher runs, the script verifies:
+
+- The source, destination, and configuration paths are distinct and valid.
+- The source contains a `backends/` collection.
+- Every configured backend has `backends/<name>/backendInformation.json`.
+- The staged backend names equal the configured selection.
+- Pool service IDs from configuration overrides resolve to selected backends.
+- Pool service IDs from retained canonical pool artifacts resolve to selected backends when configuration does not override the pool.
+- Literal `set-backend-service` policy references resolve to selected backends or pools.
+
+Dynamic policy references, including policy expressions and Named Value substitutions, cannot be resolved statically by this script. Validate those references in a separate target-specific release check.
+
+This control validates resource selection and dependency closure. It does not validate backend URLs against Terraform state, test network reachability, or confirm Azure role assignments. Those controls remain part of the target manifest and release validation process.
+
+## Related Azure/apiops Discussions
+
+The following issues provide upstream context for this pattern. Several discuss APIs rather than backends, but the same publisher discovery and configuration semantics apply to both artifact types. Issue state and implementation details can change, so verify the selected APIOps release before relying on any behavior.
+
+- [#789 - Selectively publish APIs across APIM environments](https://github.com/Azure/apiops/issues/789) (open) is the primary discussion of environment allowlists, separate environment artifact folders, and custom scripts that prepare a temporary filtered artifact tree before publication.
+- [#659 - API not present in configuration is still deployed](https://github.com/Azure/apiops/issues/659) (open) contains the contributor clarification that publisher configuration overrides properties but does not select resources; artifacts or commit changes determine publication scope.
+- [#417 - `PUBLISH_CONFIGURATION_ARTIFACTS` setting is ignored](https://github.com/Azure/apiops/issues/417) (closed) records that configuration-based selection was reverted because of complexity and confirms that configuration entries are used as overrides in current publisher behavior.
+- [#504 - Publish selected APIs to UAT or PROD](https://github.com/Azure/apiops/issues/504) (closed) is an earlier environment-promotion question whose response states that publisher configuration cannot exclude artifacts and points to extraction or repository partitioning instead.
+- [#773 - Deleting objects in Git does not delete them from APIM](https://github.com/Azure/apiops/issues/773) (open) clarifies that deletion is commit-aware: with `COMMIT_ID`, artifacts deleted in that commit are removed; without it, a full publication creates or updates but does not reconcile.
+- [#154 - Deploy all changes between two deployments](https://github.com/Azure/apiops/issues/154) (open) tracks the gap between single-commit publication and full publication when an environment has missed multiple commits, including community sequencing and staging workarounds.
+
+## Existing Resource Cleanup
+
+Filtering controls what the publisher discovers and creates or updates. It does not automatically delete a backend that was deployed to APIM by an earlier release and is now absent from the staged tree.
+
+Use a separate, explicitly approved cleanup for existing unwanted resources:
+
+1. Remove the backend from all pool definitions and policy references.
+1. Publish and verify the updated routing configuration.
+1. Confirm through APIM telemetry that the backend is no longer receiving traffic.
+1. Delete the dormant backend with the approved APIOps deletion process or a reviewed Azure management operation.
+1. Record the deletion in the release evidence and verify that rollback artifacts remain available.
+
+Do not infer deletion merely from absence in the staged tree.
+
+## Security and Operational Controls
+
+- Use GitHub environments and required reviewers for QA and PROD publication.
+- Grant the workflow identity only the permissions required by the APIOps publisher.
+- Keep the target APIM service name in protected environment variables.
+- Keep secrets in the approved secret store; do not place credentials in backend configuration or audit manifests.
+- Upload the selection manifest as release evidence and retain it according to the customer's audit policy.
+- Review configuration changes as code. Adding a backend name expands the target environment's resource inventory.
+- Keep one immutable canonical artifact revision and record its commit SHA separately from the generated selection manifest.
+- Run target-specific smoke tests after publication, including failover and retry behavior for each retained pool.
+
+## Rollout Plan
+
+1. Add the script and one environment configuration to a non-production APIOps branch.
+1. Run the script without invoking the publisher and review the staged tree and audit manifest.
+1. Publish to DEV and verify backend inventory, pool membership, policy references, and API traffic.
+1. Repeat in QA with environment approval and rollback rehearsal.
+1. Inventory dormant backends already present in PROD and approve a separate cleanup plan where needed.
+1. Enable PROD staging and full publication behind required reviewers.
+1. Add release evidence retention and post-publication smoke tests.
+
+## Acceptance Checklist
+
+- [ ] Every target configuration contains an explicit, reviewed top-level backend allowlist.
+- [ ] Every selected pool is listed and references only selected concrete backends.
+- [ ] The script runs on the customer's hosted runner with PowerShell 7.
+- [ ] The source artifact tree is unchanged after staging.
+- [ ] The staged backend inventory exactly matches the target configuration.
+- [ ] Non-backend APIOps artifact collections are preserved.
+- [ ] The APIOps publisher receives the staged path, not the canonical source path.
+- [ ] `COMMIT_ID` is omitted for the initial generated-tree implementation.
+- [ ] The audit manifest is retained with the release evidence.
+- [ ] Existing unwanted APIM resources have an explicit cleanup decision.
+- [ ] DEV and QA failover tests pass before PROD enablement.
+
+Record the completed checklist with the approved release evidence.
diff --git a/samples/inference-failover/APIOPS-ENVIRONMENT-PROMOTION-PLAN.md b/samples/inference-failover/APIOPS-ENVIRONMENT-PROMOTION-PLAN.md
new file mode 100644
index 00000000..c75dc55f
--- /dev/null
+++ b/samples/inference-failover/APIOPS-ENVIRONMENT-PROMOTION-PLAN.md
@@ -0,0 +1,439 @@
+# Inference Failover APIOps Environment Promotion Plan
+
+<!-- markdownlint-disable MD013 -->
+<!-- Long technical prose and wide planning tables are intentionally not hard-wrapped. -->
+
+**Audience:** API platform owners, AI platform owners, security teams, operations teams, and delivery teams planning promotion across development (DEV), quality assurance (QA), and production (PROD) environments.
+
+## Summary
+
+- Use one version-controlled API and policy release and promote it through three APIM instances: DEV on **Developer stv2.1**, then separate QA and PROD instances on **Premium stv2.1**.
+- Keep API definitions and policy XML identical across environments.
+- Keep the sample's environment-specific Azure OpenAI resources, concrete APIM backends, backend pools, service-level diagnostics, and workbook under Bicep ownership.
+- Give every policy-facing backend pool a stable ID, and express scalar policy differences through APIOps publisher configuration files that override non-secret Named Value values.
+
+The recommended ownership boundary is:
+
+- **Infrastructure as Code (IaC)** provisions APIM services, Azure OpenAI accounts and model deployments, networking, managed identities, role assignments, Key Vaults, monitoring destinations, concrete APIM backends, backend pools, loggers, and service-level diagnostics.
+- **APIOps** manages the portable release layer: APIs, operations, policies, policy fragments, API-level diagnostics, products where applicable, and Named Values used by those policies.
+
+This boundary prevents Bicep and APIOps from trying to manage the same APIM child resource. IaC must finish and publish a validated environment manifest before APIOps runs.
+
+The current sample already supports this split with minimal change. Its `apis` parameter defaults to an empty array, and the API module runs only when that array is non-empty. The existing notebook can continue passing APIs for the self-contained learning experience. An APIOps pipeline can deploy the same Bicep template with `apis: []`, leaving the routing substrate in place for APIOps to publish the APIs and policies afterward.
+
+## Recommended Outcome
+
+The target operating model has the following properties:
+
+1. DEV, QA, and PROD each have a separate APIM service.
+1. DEV uses Developer stv2.1; QA and PROD each use Premium stv2.1.
+1. One immutable source commit represents the APIM release candidate.
+1. The same commit is promoted from DEV to QA and then PROD.
+1. DEV uses canonical artifacts by default; QA uses `configuration.qa.yaml`; PROD uses `configuration.prod.yaml`.
+1. Policies contain no environment names, Azure OpenAI hostnames, subscription IDs, or region-specific conditions.
+1. Stable pool IDs select the routing contract; Bicep contains the environment-specific backend and pool topology.
+1. Environment-specific scalar policy settings use stable Named Value names.
+1. Every promotion is validated before publication and verified after publication.
+1. API and policy rollback uses an APIOps revert release; routing rollback uses the corresponding IaC release.
+
+## Architecture
+
+```text
+                        APIOps configuration repository
+                      APIs + policies + Named Values
+                                      |
+                 same reviewed commit promoted in sequence
+                                      |
+             +------------------+------------------+
+             |                  |                  |
+             v                  v                  v
+         DEV APIM           QA APIM            PROD APIM
+         Developer stv2.1   Premium stv2.1     Premium stv2.1
+         canonical          configuration.qa   configuration.prod
+
+  IaC provisions each APIM service, Azure OpenAI topology, identity,
+  networking, RBAC, APIM backends and pools, and telemetry beforehand.
+```
+
+One release pipeline runs Bicep first, validates the target manifest, then publishes the same APIOps commit to that environment. Each stage has independent IaC parameters, APIM coordinates, publisher configuration, validation evidence, and rollback.
+
+## Minimal-Change Sample Integration
+
+The sample can support two profiles without forking the Bicep template:
+
+| Profile                 | Bicep `apis` input      | Bicep responsibility                                                               | APIOps responsibility                                         |
+| ----------------------- | ----------------------- | ---------------------------------------------------------------------------------- | ------------------------------------------------------------- |
+| Self-contained learning | Existing notebook array | All sample resources, routing resources, APIs, policies, diagnostics, and workbook | None                                                          |
+| APIOps promotion        | Empty array or omitted  | Azure resources, concrete APIM backends, pools, service diagnostics, and workbook  | APIs, operations, policies, API diagnostics, and Named Values |
+
+The APIOps profile uses behavior already present in `main.bicep`: `inferenceApis` is conditional on a non-empty `apis` array. No backend or pool needs to be blank. Bicep should create each one as a valid, usable environment resource, and APIOps should treat the stable pool IDs as external dependencies.
+
+For the current topology, no Bicep resource split or module move is required. If environments use different pool membership, the smallest optional enhancement is to expose the two existing pool member arrays as parameters with their current arrays as defaults. Environment parameter files can then select complete pool shapes without changing API policies or moving routing ownership to APIOps.
+
+The Bicep resources do not need to change to produce the manifest. The pipeline can query the deployed APIM backends and pools after Bicep completes. Adding non-secret backend and pool outputs to `main.bicep` is a useful convenience, but it is an output-only enhancement rather than a resource redesign.
+
+The APIOps profile is a CI/CD path rather than a notebook `Run All` path. With `apis: []`, Bicep correctly returns no API subscription outputs. Post-publication tests must obtain a pipeline-managed test subscription through a secure credential mechanism rather than expecting `apiOutputs` from Bicep. The existing notebook remains unchanged for the self-contained learning profile.
+
+Because the APIOps artifact set intentionally omits Bicep-owned backends and pools, APIOps relationship validation cannot prove those external dependencies from artifacts alone. The wrapper pipeline must validate every policy `backend-id` against the Bicep manifest before invoking APIOps. For a publisher release that treats an absent backend artifact as a missing predecessor, do not enable strict artifact-only predecessor validation for this profile; replace that specific check with the manifest gate while retaining all other static and dry-run validation.
+
+## Policy Contract
+
+The two model-specific pool IDs already used by the sample are the correct stable boundary:
+
+| Model          | Stable backend pool ID        |
+| -------------- | ----------------------------- |
+| `gpt-5.1`      | `inference-gpt-5-1-pool`      |
+| `gpt-4.1-mini` | `inference-gpt-4-1-mini-pool` |
+
+Each model route should commit a concrete policy artifact containing its literal pool ID. The policy must not contain the sample's build-time `BACKEND_POOL_ID` or `RETRY_COUNT` placeholders after APIOps onboarding.
+
+For example, the canonical `gpt-5.1` policy should contain:
+
+```xml
+<set-backend-service backend-id="inference-gpt-5-1-pool" />
+```
+
+The retry count can remain environment-neutral by referencing a stable Named Value:
+
+```xml
+<retry count="{{inference-gpt-5-1-retry-count}}"
+       interval="0"
+       first-fast-retry="true"
+       condition="...">
+    <forward-request buffer-request-body="true" />
+</retry>
+```
+
+Configure the Named Value as the plain numeric string `2` in all three APIM services. Named Value substitution can supply a complete policy attribute value, so APIM resolves the policy to `count="2"`. This is substitution, not a runtime `@(...)` policy expression.
+
+Two retries permit three total attempts. This may already be more than sufficient for interactive traffic. The limit is intentionally independent of pool size: after the initial failure, two more failures against backends that were eligible moments earlier are sufficient evidence to stop. The circuit breakers remove failed members from subsequent selection, so probing every member is neither required nor guaranteed. Use conditional recovery by attempt and end-to-end latency to determine whether the value should be reduced to `1`; require workload evidence before increasing it above `2`.
+
+The optional retry-tracked route uses the same retry-count Named Value and determines whether every attempt in the bounded chain returned `429`; it does not require a backend-count Named Value. Named Value names and display names must remain identical in all three APIM services.
+
+Named Values are appropriate for scalar policy settings and secret references. Backend URLs, pool members, priority, and weight are properties of the Bicep-owned APIM backend resources and should remain in Bicep and its environment parameters, not be calculated in policy.
+
+## Stable Backend Identity
+
+The policy-facing pool IDs are the compatibility contract and must remain identical in all three APIM services. The concrete backend IDs are internal to the Bicep-owned routing layer because policies do not reference them directly.
+
+The sample's current concrete IDs contain physical placement, such as `gpt-5-1-PTU-eastus2`. Retain those IDs when the corresponding region and routing role remain true in every environment. If a target maps the same slot to a different region or capacity product, a future Bicep cleanup can introduce environment-neutral logical backend IDs.
+
+DEV may use fewer pool members when cost reduction is worth reduced fidelity. Keep QA production-like while allowing reviewed capacity differences from PROD. Bicep must always create a valid pool whose stable ID exists before APIOps publishes a policy that references it.
+
+## Environment Model
+
+The following topology is an illustrative starting point. Azure OpenAI model availability, capacity, data residency, latency, and cost requirements must determine the final regional choices.
+
+| Concern                    | DEV                                      | QA                                      | PROD                                     |
+| -------------------------- | ---------------------------------------- | --------------------------------------- | ---------------------------------------- |
+| APIM service               | Separate DEV service                     | Separate QA service                     | Separate PROD service                    |
+| APIM SKU                   | Developer stv2.1                         | Premium stv2.1                          | Premium stv2.1                           |
+| Publisher configuration    | Canonical artifacts by default           | `configuration.qa.yaml`                 | `configuration.prod.yaml`                |
+| Goal                       | Fast developer feedback                  | Production-like release qualification   | Customer traffic                         |
+| Active backends per model  | At least two when demonstrating failover | Production-like topology                | Approved production topology             |
+| Capacity                   | Lowest practical capacity                | Production placement; reviewed capacity | Capacity and resilience plan             |
+| Pool shape                 | Preferred plus fallback                  | Production-like routing                 | Approved routing design                  |
+| Retry count for each model | `2`                                      | `2`                                     | `2`                                      |
+| Fault injection            | Allowed on isolated test routes          | Controlled fault and recovery tests     | Canary checks only                       |
+| Approval                   | Team review                              | Platform and service owner approval     | Change approval and separation of duties |
+
+Do not reduce DEV to a single backend if the sample must demonstrate failover. The fixed retry budget does not require four distinct backends, but at least two members are needed to observe cross-backend selection.
+
+Because QA is isolated from PROD, it can run controlled fault and recovery tests against its own resources. Keep fault-injection controls out of PROD.
+
+## Source Repository Layout
+
+The exact root folder can follow the customer's APIOps bootstrap repository. The important distinction is between canonical APIM artifacts and environment overlays.
+
+```text
+samples/inference-failover/
+  main.bicep
+  apiops/
+    artifacts/
+      apis/
+      namedValues/
+    environments/
+      configuration.qa.yaml
+      configuration.prod.yaml
+    manifests/
+      development.infrastructure.json
+      qa.infrastructure.json
+      production.infrastructure.json
+```
+
+The `artifacts` directory is the source of truth for APIs and policy behavior. The overlay files are the source of truth for environment-specific Named Value properties. Bicep and its parameter files are the source of truth for backends, pool membership, priority, weight, and diagnostics. Infrastructure manifests are generated by the IaC pipeline and consumed by APIOps validation; they should not contain credentials.
+
+## Publisher Configuration Pattern
+
+The following example is illustrative APIOps publisher configuration, not a ready-to-run file. Routing resources are intentionally absent because Bicep owns them.
+
+```yaml
+namedValues:
+    - name: inference-gpt-5-1-retry-count
+      properties:
+          displayName: inference-gpt-5-1-retry-count
+          value: "2"
+          secret: false
+```
+
+Apply the same pattern to `gpt-4.1-mini`. Keep the value at `2` unless telemetry supports reducing it to `1` or workload testing justifies a reviewed increase. Pool arrays no longer pass through APIOps publisher configuration, so APIOps array-merge behavior is not part of this sample profile.
+
+## IaC And APIOps Ownership
+
+| Resource or concern                             | IaC owner | APIOps owner | Notes                                                                         |
+| ----------------------------------------------- | --------- | ------------ | ----------------------------------------------------------------------------- |
+| APIM service and SKU                            | Yes       | No           | Must exist before publication.                                                |
+| APIM networking and custom domains              | Yes       | No           | Includes private endpoints, certificates, DNS, and gateway ingress.           |
+| Azure OpenAI accounts and deployments           | Yes       | No           | IaC validates model version, capacity, region, and quota.                     |
+| APIM managed identity                           | Yes       | No           | Identity lifecycle remains with the APIM service.                             |
+| Azure OpenAI and Key Vault role assignment      | Yes       | No           | Apply least privilege before smoke tests.                                     |
+| Key Vault and secrets                           | Yes       | No           | APIOps stores only stable Key Vault references where required.                |
+| Log Analytics, Application Insights, Event Hubs | Yes       | No           | IaC owns destinations and access.                                             |
+| Concrete APIM backends                          | Yes       | No           | Existing Bicep modules own URLs, TLS, and circuit breakers.                   |
+| APIM backend pools                              | Yes       | No           | Existing Bicep modules own membership, priorities, and weights.               |
+| APIM loggers and service-level diagnostics      | Yes       | No           | Keeps the current Azure Monitor, Application Insights, and Event Hub wiring.  |
+| APIs, operations, and products                  | No        | Yes          | Canonical, version-controlled APIM artifacts in APIOps mode.                  |
+| API-level diagnostics                           | No        | Yes          | Travel with each API so Application Insights and LLM telemetry remain active. |
+| Policies and policy fragments                   | No        | Yes          | One canonical policy release is promoted unchanged.                           |
+| Named Values                                    | No        | Yes          | Stable names; environment values or Key Vault identifiers come from overlays. |
+
+There must be no steady-state dual ownership. The APIOps artifact filter and repository layout must exclude backends, pools, loggers, and service-level diagnostics while retaining API-level diagnostics. In the self-contained learning profile, Bicep may still deploy APIs; in the APIOps profile, the pipeline must pass an empty `apis` array so only APIOps owns them and their child diagnostics.
+
+## Infrastructure Contract
+
+The IaC pipeline should publish a machine-readable manifest for each APIM deployment target. At minimum, it should identify:
+
+- Subscription, resource group, and APIM service name.
+- APIM gateway URL and managed identity principal ID.
+- Azure OpenAI endpoint and deployment name for every concrete backend.
+- Model name, model version, region, SKU, and capacity for each deployment.
+- Concrete APIM backend IDs and their expected URLs.
+- Stable pool IDs, complete member lists, priorities, weights, and active member counts.
+- Required role assignment status.
+- Key Vault secret identifiers used by APIM Named Values, if any.
+- Logger and diagnostic destination resource IDs.
+- Network and DNS readiness status.
+
+The manifests must identify three distinct APIM resource IDs and map DEV, QA, and PROD to their corresponding services and manifests.
+
+The APIOps pipeline should fail before publication when a policy references a pool absent from the manifest, the retry-count Named Value is missing or invalid, an endpoint is not HTTPS, a hostname is not in the approved Azure OpenAI allowlist, a model deployment is missing, or APIM's managed identity lacks the required role.
+
+## Promotion Pipeline
+
+### Pull Request Validation
+
+1. Parse every JSON, YAML, and XML artifact.
+1. Reject unresolved template tokens such as `BACKEND_POOL_ID` and `RETRY_COUNT`.
+1. Validate that API, policy, and Named Value names are unique and every overlay uses a matching canonical artifact name.
+1. Validate every policy `backend-id` against the expected pool IDs in each deployment-target manifest.
+1. Validate that each retry-count Named Value resolves to the plain numeric string `2`, or to a reviewed bounded exception supported by workload evidence.
+1. Validate the Bicep manifest's backend URLs by parsing scheme, hostname, port, and path components.
+1. Validate positive priorities, valid weights, and model compatibility from the Bicep manifest.
+1. Compare canonical policy content across deployment targets; overlays must not contain policy bodies.
+1. Run APIOps with `DRY_RUN=true` using the validation mode approved for external Bicep-owned dependencies.
+1. Produce one human-readable change summary containing the Bicep routing changes and the APIOps API, policy, and Named Value changes.
+
+For Azure/apiops `v7.0.3`, `DRY_RUN=true` prevents resource writes and `STRICT_VALIDATION=true` makes a missing artifact predecessor fail instead of producing a warning. In this hybrid profile, a policy's backend pool is deliberately external to the APIOps artifact set. The pipeline must therefore use manifest validation for that relationship and confirm the pinned publisher's behavior before enabling strict artifact-only validation. Dry run does not prove that APIM will accept every property or that backend runtime access works, so it remains one gate rather than the final gate.
+
+### Deployment Target Publication
+
+1. Deploy or reconcile the target's infrastructure through IaC.
+1. Generate and validate the infrastructure manifest.
+1. Verify that the manifest contains both stable backend pool IDs expected by the policies.
+1. Select the immutable APIOps artifact commit and matching Named Value overlay from the same reviewed source state.
+1. Select the full or incremental publication mode described below.
+1. Run APIOps dry run with manifest-backed dependency validation against the target configuration and selected mode.
+1. Publish using a workload identity and the target APIM coordinates.
+1. Verify the resulting APIM resources through management-plane reads.
+1. Run gateway smoke tests and model-specific contract tests.
+1. Record the commit SHA, APIOps version, overlay digest, IaC deployment ID, test result, and approver as release evidence.
+
+### Promotion Sequence
+
+| Stage | Required evidence before promotion                                                                                                     |
+| ----- | -------------------------------------------------------------------------------------------------------------------------------------- |
+| DEV   | Static and manifest validation, dry run, publish success, deterministic failure tests, and basic gateway contracts                     |
+| QA    | DEV evidence, full QA publication, production-like routing and recovery tests, security review, and telemetry validation               |
+| PROD  | QA evidence, approved change record, capacity and quota confirmation, rollback readiness, canary test, and post-publication monitoring |
+
+Promote the same commit without rebuilding or re-extracting artifacts. A change after DEV or QA creates a new candidate that restarts promotion. QA and PROD each receive a separate publication with their own reviewed configuration and APIM coordinates.
+
+### Publication Modes
+
+The pipeline must choose publication mode deliberately:
+
+| Scenario                                              | Mode                                 | Reason                                                                                                                                                                 |
+| ----------------------------------------------------- | ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| First APIOps publication to a target                  | Full publish without `COMMIT_ID`     | The target does not yet contain the parent desired state; processing one commit might omit unchanged dependencies and baseline artifacts.                              |
+| Normal artifact release to a synchronized environment | Incremental publish with `COMMIT_ID` | The target already matches the candidate commit's parent; APIOps can process the artifacts changed by the candidate commit.                                            |
+| Canonical artifact deletion                           | Incremental publish with `COMMIT_ID` | The publisher needs the parent commit to identify and order deletions.                                                                                                 |
+| Configuration-only change on `v7.0.3`                 | Commit-aware if fully covered        | Publisher processes artifact-backed resources explicitly named in configuration. Use a full publication when coverage is uncertain.                                    |
+| Deliberate full reconciliation                        | Full publish without `COMMIT_ID`     | Re-applies the complete canonical artifact set plus the selected overlay; use with separate drift review because it does not infer deleted artifacts from Git history. |
+
+Before a commit-aware promotion, verify that the target's recorded release is the candidate commit's parent. If it is not, either apply the missing releases in order or run an approved full reconciliation and separately account for deletions.
+
+The publisher-scope limitation behind this rule is discussed in [Azure/apiops issue #789](https://github.com/Azure/apiops/issues/789) and clarified in [issue #659](https://github.com/Azure/apiops/issues/659): publisher configuration supplies property overrides rather than a native resource allowlist. [Issue #154](https://github.com/Azure/apiops/issues/154) tracks the related gap between publishing one commit and publishing the full repository, while [issue #773](https://github.com/Azure/apiops/issues/773) clarifies commit-aware deletion behavior. In this hybrid plan, those issues explain API artifact publication only; Bicep remains the owner of backends and pools, so the backend staging script is not part of this profile.
+
+## Dependency And Publication Behavior
+
+APIOps still orders dependencies that are inside its artifact set, such as Named Values referenced by policies. Bicep-owned backend pools are external predecessors: Bicep creates them before APIOps starts, and the manifest gate proves that each expected stable ID exists with the intended topology.
+
+The onboarding proof of concept must exercise this external-dependency profile against the pinned APIOps release. It must verify that Bicep completes first, manifest validation catches a missing or renamed pool, dry run succeeds with the selected validation settings, APIM accepts the policy, and the gateway reaches only the model-compatible members recorded in the manifest.
+
+## Validation Strategy
+
+### Management-Plane Checks
+
+- Every expected API, policy, Named Value, backend, pool, logger, service diagnostic, and API diagnostic exists under its designated owner.
+- Every concrete backend URL matches the environment manifest exactly.
+- Every pool's members, priorities, and weights match the Bicep manifest.
+- No pool references a backend from another model.
+- Policy files resolve to the expected static pool IDs.
+- Named Value display names and resolved non-secret values match the environment contract.
+- Circuit-breaker settings are present on each concrete backend.
+- APIM managed identity role assignments exist for every active Azure OpenAI resource.
+
+### Gateway Contract Checks
+
+- Healthy requests return `200` and report zero retries.
+- Client errors remain client errors and do not cause failover.
+- Capacity and transient infrastructure failures move to the next eligible backend.
+- Exhausted capacity keeps the final `429` contract.
+- Exhausted infrastructure and transport failures return the generic `503` contract.
+- A model route never reaches a backend for a different model.
+- `X-Backend-Retry`, APIM gateway logs, trace records, and LLM telemetry remain consistent.
+
+Use controlled fault origins in DEV and QA. Do not expose fault-injection controls on production inference routes.
+
+### Policy Equality
+
+Compute a source hash for each canonical policy file and attach it to the release evidence for all three APIM targets. After publication, compare normalized XML semantics because management-plane serialization can alter insignificant formatting.
+
+## Security And Separation Of Duties
+
+- Use workload identity federation for pipelines; do not store long-lived Azure credentials in repository secrets.
+- Give the APIOps publisher identity the least privilege required on the target APIM service scope.
+- Use a different infrastructure deployment identity for Azure OpenAI, networking, role assignments, and Key Vault provisioning.
+- Require protected environment approval for QA and production.
+- Prevent the same unapproved principal from changing source, approving production, and publishing production.
+- Keep credentials and secret values out of artifacts and overlays.
+- Prefer APIM managed identity for Azure OpenAI access, as the sample already does.
+- Use Key Vault-backed Named Values when a secret is unavoidable.
+- Treat diagnostic destinations as sensitive because LLM prompt or completion content may be enabled.
+- Retain immutable pipeline logs and deployment evidence according to the customer's audit policy.
+
+## Drift Management
+
+Git is the desired-state source of truth. Portal changes should be restricted in QA and production and treated as emergency exceptions.
+
+Run a scheduled drift job that reads the managed APIM resource types and compares each one with its designated source: backends, pools, loggers, and service-level diagnostics against the Bicep manifest; APIs, policies, API-level diagnostics, and Named Values against the APIOps artifacts plus environment overlay. The job should report drift but must not automatically commit production state or overwrite either desired-state source.
+
+For an approved emergency portal change:
+
+1. Record the incident or emergency change reference.
+1. Reproduce the intended change in Bicep or APIOps according to the ownership table.
+1. Review and merge it normally.
+1. Republish and verify the managed resource.
+1. Confirm that the drift report is clear.
+
+## Rollback
+
+API or policy rollback is a forward-moving APIOps Git revert:
+
+1. Create a new commit that restores the last known-good API, policy, and Named Value state.
+1. Review the generated APIOps change summary.
+1. Run manifest validation and APIOps dry run.
+1. Publish the revert commit to the affected APIM target.
+1. Run smoke tests and confirm telemetry recovery.
+
+Routing rollback is an IaC deployment that restores the last known-good Bicep parameters and backend-pool topology, followed by the same manifest and gateway checks. When a release changes both layers, roll back in dependency order: restore Bicep routing first, verify the manifest, then restore the APIOps policy release if needed.
+
+Use commit-aware APIOps publication for changes that delete canonical API artifacts so the publisher can process removals relative to the parent commit. Use a full publication for an overlay-only Named Value revert unless the pinned APIOps release and pipeline wrapper have been proven to map configuration-file changes to affected artifacts. Do not use a force push or move a branch pointer backward as the operational rollback mechanism.
+
+Keep Azure OpenAI deployments available through the rollback window. Removing an old deployment immediately after promotion can make an otherwise valid APIM configuration rollback impossible.
+
+For a routing-only incident, an expedited IaC revert can restore the previous backend URLs or pool membership. It must still pass referential, URL, model compatibility, manifest, and gateway checks.
+
+## Adoption Roadmap
+
+| Phase | Objective                    | Key activities                                                                                                                                             | Exit criteria                                                                          |
+| ----- | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------- |
+| 0     | Confirm decisions            | Confirm the three-service topology, APIOps release, CI/CD platform, stable pool contract, ownership boundary, and approvals.                               | Architecture decision record approved with no unresolved ownership questions.          |
+| 1     | Prove mechanics in a sandbox | Deploy Bicep with `apis: []`, generate a manifest, publish one API and its Named Values, then test validation, dry run, readback, and rollback.            | Repeatable publication and rollback pass without moving Bicep-owned routing resources. |
+| 2     | Onboard DEV                  | Normalize APIs, policies, and Named Values, remove placeholders, and establish the combined Bicep-then-APIOps pipeline.                                    | DEV on Developer stv2.1 is reproducible from Git and its drift report is clear.        |
+| 3     | Onboard QA                   | Add `configuration.qa.yaml`, validate the QA manifest, publish to Premium stv2.1, and run production-like routing, failure, security, and telemetry tests. | One immutable candidate passes QA with complete evidence.                              |
+| 4     | Onboard PROD                 | Add `configuration.prod.yaml`, validate quota and identity, rehearse rollback, publish the QA-tested candidate, run canaries, and monitor.                 | Production publication and revert are demonstrated; operating procedures are approved. |
+| 5     | Operate and improve          | Schedule owner-aware drift checks, review permissions, track APIOps upgrades, test disaster recovery, and tune capacity using telemetry.                   | Regular evidence review and upgrade cadence are owned by named teams.                  |
+
+During Phase 2, the existing Bicep backend, pool, diagnostic, and workbook declarations remain in place. The only deployment-mode change is that the APIOps pipeline supplies an empty `apis` array. The notebook's current self-contained path remains available for learning and demonstration.
+
+## Risk And Control Matrix
+
+| Status   | Risk                                                     | Impact | Effort | Required control                                                                                                        |
+| -------- | -------------------------------------------------------- | ------ | ------ | ----------------------------------------------------------------------------------------------------------------------- |
+| 🔴 Red   | Bicep and APIOps both manage the same API child resource | High   | Low    | Exclude routing artifacts from APIOps and pass `apis: []` to Bicep in APIOps mode.                                      |
+| 🔴 Red   | A pipeline publishes to the wrong APIM instance          | High   | Low    | Verify subscription, resource group, APIM name, configuration digest, and protected environment before every write.     |
+| 🔴 Red   | Bicep maps a pool member to an incompatible model        | High   | Medium | Validate manifest model/version metadata before publication and run model-specific smoke tests.                         |
+| 🔴 Red   | Production has insufficient quota or missing RBAC        | High   | Low    | Make capacity, deployment existence, network readiness, and managed identity access pre-publication gates.              |
+| 🟠 Amber | APIOps cannot validate an external pool from artifacts   | High   | Low    | Validate policy pool IDs against the validated Bicep manifest and prove publisher settings in a disposable environment. |
+| 🟠 Amber | QA does not represent production routing                 | Medium | Medium | Keep QA production-like and document intentional differences from PROD.                                                 |
+| 🟠 Amber | Manual portal changes create drift                       | Medium | Medium | Restrict write access, run scheduled normalized comparisons, and reconcile emergency changes through Git.               |
+| 🟠 Amber | Retry count is increased to probe a larger pool          | Medium | Low    | Keep the Named Value at `2`; note that it may already be more than sufficient and require evidence for any increase.    |
+| 🟢 Green | Stable pool IDs isolate policy from topology changes     | High   | Low    | Protect pool names as a compatibility contract and block renames without an explicit migration.                         |
+| 🟢 Green | Immutable promotion provides traceability                | High   | Low    | Record commit, overlay digest, APIOps version, IaC deployment, test evidence, and approval for every stage.             |
+
+## Customer Decisions Required
+
+Before implementation starts, the customer must approve:
+
+1. The Azure subscription and resource group placement for DEV, QA, and PROD APIM services.
+1. The APIOps release to pin and the upgrade cadence.
+1. The definitive hybrid ownership boundary and APIOps artifact filter.
+1. The stable policy-facing pool IDs.
+1. The production backend topology, regions, model versions, capacity types, priorities, and weights.
+1. Which topology differences are acceptable among DEV, QA, and PROD.
+1. The required QA fidelity, controlled fault tests, and evidence before PROD promotion.
+1. Whether optional Bicep pool-array parameters are needed for environment-specific pool shapes.
+1. Whether the optional retry-tracked API is in promotion scope.
+1. The Named Values that may vary by environment and which must use Key Vault.
+1. The approval, separation-of-duties, and emergency change process.
+1. The required smoke, failure, performance, security, and rollback evidence.
+1. The drift detection schedule and operational ownership.
+
+## Acceptance Criteria
+
+The APIOps design is ready for production adoption only when:
+
+- The inventory records three distinct APIM services: DEV on Developer stv2.1, QA on Premium stv2.1, and PROD on Premium stv2.1.
+- The same canonical policy files are promoted through DEV, QA, and PROD.
+- No policy contains environment-specific branches, hostnames, regions, or secrets.
+- Pool and Named Value names are identical in all three APIM services.
+- DEV, QA, and PROD resolve to distinct APIM resource IDs and environment manifests.
+- Backend URLs and pool arrays differ only through reviewed Bicep source and parameters.
+- Every APIM-owned artifact has exactly one deployment owner.
+- IaC readiness checks pass before APIOps begins.
+- Manifest relationship validation, dry run, publication, management-plane verification, and gateway smoke tests pass.
+- DEV deterministic failover tests cover recovery and exhausted behavior.
+- QA proves the production-like routing, failure, security, and observability contracts before PROD publication.
+- Owner-specific Git reverts restore the previous known-good routing and API configuration without manual portal repair.
+- Drift detection identifies an out-of-band change and the team successfully reconciles it through source control.
+
+## Vetting Notes
+
+This plan was checked against the current inference-failover sample, the APIM backend pool resource model, and the Azure/apiops publisher implementation. The sample already allows Bicep API deployment to be skipped by supplying an empty `apis` array, while its existing backend, pool, diagnostic, and workbook resources remain deployable. The review also confirmed that APIOps can discover policy-to-backend relationships from its artifact set, which is why this hybrid profile requires a manifest gate for the deliberately external Bicep-owned pools.
+
+The design must still be proven against the exact APIOps release selected by the customer. At the time of this review, Azure/apiops `v7.0.3` was the latest published release. Pin a version rather than following a floating latest build, and repeat the sandbox proof when upgrading.
+
+## References
+
+- [APIOps Toolkit for Azure API Management](https://github.com/Azure/apiops)
+- [APIOps publisher configuration](https://github.com/Azure/apiops/wiki/Configuration)
+- [Azure/apiops #789 - Selectively publish APIs across APIM environments](https://github.com/Azure/apiops/issues/789)
+- [Azure/apiops #659 - Publisher configuration does not select resources](https://github.com/Azure/apiops/issues/659)
+- [Azure/apiops #773 - Commit-aware deletion and full-publication behavior](https://github.com/Azure/apiops/issues/773)
+- [Azure/apiops #154 - Changes between two environment deployments](https://github.com/Azure/apiops/issues/154)
+- [Automated API deployments using APIOps](https://learn.microsoft.com/azure/architecture/example-scenario/devops/automated-api-deployments-apiops)
+- [Backends in Azure API Management](https://learn.microsoft.com/azure/api-management/backends)
+- [Named Values in Azure API Management](https://learn.microsoft.com/azure/api-management/api-management-howto-properties)
+- [Retry policy reference](https://learn.microsoft.com/azure/api-management/retry-policy)
+- [Set backend service policy reference](https://learn.microsoft.com/azure/api-management/set-backend-service-policy)
diff --git a/samples/inference-failover/APIOps-variable-publish/.editorconfig b/samples/inference-failover/APIOps-variable-publish/.editorconfig
new file mode 100644
index 00000000..c6687560
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/.editorconfig
@@ -0,0 +1,2 @@
+[*]
+max_line_length = 160
diff --git a/samples/inference-failover/APIOps-variable-publish/README.md b/samples/inference-failover/APIOps-variable-publish/README.md
new file mode 100644
index 00000000..159844bf
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/README.md
@@ -0,0 +1,305 @@
+# APIOps Backend Selection Proof of Concept
+
+This proof of concept (POC) demonstrates how a GitHub Actions workflow can publish different subsets of one canonical APIOps backend artifact inventory to
+multiple API Management instances. It keeps ten fictitious gpt-5.1 concrete backends and one stable model-safe backend pool in source control, then creates a
+temporary target-specific artifact tree before the APIOps publisher discovers resources.
+
+This is a **custom repository-owned preprocessing pattern**, not a built-in APIOps backend allowlist. The APIOps configuration continues to provide normal
+property overrides. The POC script additionally interprets its top-level `backends[].name` values as the selection contract for the temporary staged tree.
+
+The design follows the selective-publishing discussion in [Azure/apiops issue #789](https://github.com/Azure/apiops/issues/789) and the repository's
+[Terraform and APIOps Environment Operations Plan](../TERRAFORM-APIOPS-BACKEND-ENVIRONMENT-PLAN.md). See
+[Related APIOps Discussions](#related-apiops-discussions) for the upstream behavior that shapes this POC.
+
+## What the POC Proves
+
+| Environment | Canonical concrete backends | Selected concrete backends | Pool ID                  |
+| ----------- | --------------------------- | -------------------------- | ------------------------ |
+| DEV         | 10                          | 10                         | `inference-gpt-5-1-pool` |
+| QA          | 10                          | 2                          | `inference-gpt-5-1-pool` |
+| PROD        | 10                          | 7 per regional APIM        | `inference-gpt-5-1-pool` |
+
+- DEV selects all ten concrete gpt-5.1 backends: three simulated PTU backends and seven PAYG backends.
+- QA selects `gpt-5-1-PTU-eastus2` and `gpt-5-1-PTU-westus3`.
+- Both PROD targets select one simulated PTU and two PAYG backends in each primary region, plus `gpt-5-1-PAYG-southcentralus` as a tertiary fallback.
+
+The pool name and APIM resource ID remain `inference-gpt-5-1-pool` in every environment. Only its complete `properties.pool.services` array changes. DEV places
+three equal-priority simulated PTU members ahead of seven equal-priority PAYG members, QA uses a preferred simulated PTU backend plus one simulated PTU
+fallback, and each PROD APIM uses seven members across five priority tiers.
+
+### Backend Naming Decision
+
+The environment plan treats stable backend and pool IDs as compatibility contracts. This POC therefore follows its descriptive `<model>-<capacity>-<region>`
+convention instead of ordinal names such as `backend-01`:
+
+- `gpt-5-1-PTU-eastus2` identifies the model, provisioned capacity, and physical Azure region.
+- `gpt-5-1-PAYG-westus3` identifies the same model using pay-as-you-go capacity in West US 3.
+- `gpt-5-1-PAYG-eastus2-02` adds an ordinal only because a second deployment has the same model, capacity type, and region.
+- `inference-gpt-5-1-pool` identifies a model-safe pool that must never contain a backend for another model.
+
+These IDs are shared unchanged across APIM targets. Regional target configurations change the pool's complete priority and weight array, not backend identity.
+This keeps policy references stable and makes the physical placement encoded by each backend ID truthful in every environment.
+
+The workflow template models four target APIM instances:
+
+| Target            | Logical environment | GitHub environment | Configuration                     |
+| ----------------- | ------------------- | ------------------ | --------------------------------- |
+| `dev-eastus2-01`  | DEV                 | `apiops-dev`       | `configuration.dev.yaml`          |
+| `qa-eastus2-01`   | QA                  | `apiops-qa`        | `configuration.qa.yaml`           |
+| `prod-eastus2-01` | PROD                | `apiops-prod`      | `configuration.prod-eastus2.yaml` |
+| `prod-westus3-01` | PROD                | `apiops-prod`      | `configuration.prod-westus3.yaml` |
+
+`PTU` is simulated in this POC: it is an identity and routing label, not a claim that the `.example.net` endpoint has provisioned Azure OpenAI capacity. This
+keeps the artifact set offline while demonstrating the production naming and priority model.
+
+Each independently managed APIM instance has its own configuration. Both PROD configurations select the same seven concrete backend IDs and stable pool ID, but
+replace the complete pool services array with a region-specific priority order:
+
+| Capacity and location | Backend IDs                                       | East US 2 APIM | West US 3 APIM |
+| --------------------- | ------------------------------------------------- | -------------- | -------------- |
+| East US 2 PTU         | `gpt-5-1-PTU-eastus2`                             | Priority 1     | Priority 2     |
+| East US 2 PAYG        | `gpt-5-1-PAYG-eastus2`, `gpt-5-1-PAYG-eastus2-02` | Priority 3     | Priority 4     |
+| West US 3 PTU         | `gpt-5-1-PTU-westus3`                             | Priority 2     | Priority 1     |
+| West US 3 PAYG        | `gpt-5-1-PAYG-westus3`, `gpt-5-1-PAYG-westus3-02` | Priority 4     | Priority 3     |
+| Tertiary PAYG         | `gpt-5-1-PAYG-southcentralus`                     | Priority 5     | Priority 5     |
+
+APIM tries the lowest available priority first. Each APIM therefore exhausts simulated local PTU and then simulated peer-region PTU before using any PAYG
+capacity. PAYG follows the same locality order: local, peer-region, then tertiary fallback. The weights distribute traffic within each PAYG priority group. This
+capacity-first behavior is independent of global traffic routing between the two APIM instances; use Azure Front Door or another global entry point when clients
+need automatic regional APIM failover.
+
+## Processing Flow
+
+1. GitHub checks out the complete tree containing ten concrete backends and one stable pool.
+1. The script reads direct backend resource IDs and pool members from the target APIOps configuration.
+1. The script validates **all configured IDs** against the canonical artifact inventory.
+1. The script verifies that every selected pool has a complete, non-empty services array whose members are selected concrete backends.
+1. If any configured ID is missing, the script exits before staging and APIOps does not run.
+1. The script copies the complete artifact tree to an isolated runner-temporary directory. **Source remains safe as it is NOT modified!**
+1. The script effectively includes only the desired backends by removing the unselected direct descendants of the staged `backends` directory.
+1. The APIOps publisher receives the staged path through `API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH`.
+1. The original configuration is passed through `CONFIGURATION_YAML_PATH` for normal APIOps property overrides.
+1. A JSON selection manifest is uploaded as release evidence.
+
+The workflow deliberately does not set `COMMIT_ID`. A staged tree is generated during the workflow and does not have meaningful Git commit history of its own,
+so the publisher must process the complete staged snapshot.
+
+## Package Contents
+
+```text
+POC/
+|-- README.md
+|-- artifacts/
+|   |-- backends/
+|   |   |-- gpt-5-1-PTU-eastus2/backendInformation.json
+|   |   |-- ...
+|   |   |-- gpt-5-1-PAYG-southcentralus/backendInformation.json
+|   |   `-- inference-gpt-5-1-pool/backendInformation.json
+|-- configurations/
+|   |-- configuration.dev.yaml
+|   |-- configuration.qa.yaml
+|   |-- configuration.prod-eastus2.yaml
+|   `-- configuration.prod-westus3.yaml
+|-- scripts/
+|   `-- prepare-apiops-artifacts.ps1
+|-- tests/
+|   |-- fixtures/
+|   |   |-- configuration.missing-backend.yaml
+|   |   `-- configuration.pool-member-not-selected.yaml
+|   `-- test-prepare-apiops-artifacts.ps1
+`-- workflow-templates/
+    |-- publish-apiops.yml
+    `-- run-publisher-with-backend-selection.yml
+```
+
+## Run the Offline Test Harness
+
+The harness requires PowerShell 7. It does not require Azure credentials, an APIM instance, the APIOps publisher, Pester, or a YAML module.
+
+From this directory:
+
+```powershell
+./APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1
+```
+
+The harness creates disposable copies under the operating system's temporary directory. It injects a temporary `poc-marker` Named Value into those copies to
+prove that filtering preserves non-backend artifact collections without shipping a synthetic resource to APIM. It verifies:
+
+- [ ] DEV stages 10 concrete backends and `inference-gpt-5-1-pool` with 10 members.
+- [ ] QA stages 2 concrete backends and `inference-gpt-5-1-pool` with 2 members.
+- [ ] Both regional PROD targets stage 7 concrete backends and `inference-gpt-5-1-pool` with 7 members.
+- [ ] Each PROD configuration assigns priorities 1 through 5 to local PTU, peer-region PTU, local PAYG, peer-region PAYG, and tertiary PAYG respectively.
+- [ ] Every successful run records concrete backend counts, pool counts, and effective membership in an audit manifest.
+- [ ] Non-backend artifact collections remain present.
+- [ ] A configuration containing absent `gpt-5-1-PTU-japaneast` exits with code `4`.
+- [ ] The missing-backend error names the ID, expected artifact path, and available IDs.
+- [ ] No staging directory is created after missing-ID preflight validation fails.
+- [ ] A pool member omitted from direct selection exits with code `3` before staging.
+- [ ] Invalid source and overlapping audit paths exit with code `2` before staging.
+- [ ] The canonical source tree remains byte-for-byte unchanged.
+
+Pass `-KeepTemporaryFiles` to retain generated trees for manual inspection:
+
+```powershell
+pwsh ./samples/inference-failover/POC/tests/test-prepare-apiops-artifacts.ps1 -KeepTemporaryFiles
+```
+
+## Run One Selection Manually
+
+The following command produces a QA tree with `gpt-5-1-PTU-eastus2`, `gpt-5-1-PTU-westus3`, and the stable `inference-gpt-5-1-pool` artifact. The QA
+configuration overrides the pool with those two concrete members:
+
+```powershell
+pwsh ./samples/inference-failover/POC/scripts/prepare-apiops-artifacts.ps1 `
+  -SourceArtifactsPath ./samples/inference-failover/POC/artifacts `
+  -DestinationArtifactsPath ./samples/inference-failover/POC/out/qa `
+  -ConfigurationPath ./samples/inference-failover/POC/configurations/configuration.qa.yaml
+```
+
+Generated `out` directories are demonstrations only and should not be committed. The GitHub workflow uses `${{ runner.temp }}` instead.
+
+## Missing Backend Failure
+
+The negative fixture selects `gpt-5-1-PTU-japaneast`, which is not part of the canonical inventory. The script aggregates every missing configured ID and
+reports:
+
+```text
+[POC004] CONFIGURED BACKEND ARTIFACTS ARE MISSING
+Configuration: .../configuration.missing-backend.yaml
+Canonical backend root: .../artifacts/backends
+Configured backend IDs not found (1): gpt-5-1-PTU-japaneast
+Expected artifact path(s): .../artifacts/backends/gpt-5-1-PTU-japaneast/backendInformation.json
+Available backend IDs (11): gpt-5-1-PAYG-centralus, ..., inference-gpt-5-1-pool
+The APIOps publisher was not started and no staging directory was created.
+Resolution: Restore or extract each missing backend artifact, or remove the incorrect ID from the target configuration, then rerun the preparation step.
+```
+
+This validation happens before the destination is created. A typo or stale configuration therefore cannot silently produce an incomplete publication set.
+
+## Script Exit Codes
+
+| Exit code | Meaning                                                              |
+| --------- | -------------------------------------------------------------------- |
+| `0`       | Staging completed and audit evidence was written.                    |
+| `2`       | An input path, overlapping path, or existing destination is invalid. |
+| `3`       | The configuration or selected backend-pool composition is invalid.   |
+| `4`       | A configured backend artifact is missing or has invalid JSON.        |
+| `5`       | Staging or audit output failed; partial staging is removed.          |
+| `99`      | An unexpected failure escaped categorized handling.                  |
+
+## Configuration Contract
+
+Each selected concrete backend must be a direct item in the top-level `backends` array:
+
+```yaml
+backends:
+    - name: gpt-5-1-PTU-eastus2
+      properties:
+          url: https://qa-gpt-5-1-ptu-eastus2.example.net/inference
+```
+
+The stable pool is another direct backend resource. Every environment supplies its complete member array:
+
+```yaml
+- name: inference-gpt-5-1-pool
+  properties:
+      type: Pool
+      pool:
+          services:
+              - id: /backends/gpt-5-1-PTU-eastus2
+                priority: 1
+                weight: 100
+              - id: /backends/gpt-5-1-PTU-westus3
+                priority: 2
+                weight: 100
+```
+
+APIOps replaces `properties.pool.services` as a complete array. It does not merge individual members with the canonical pool artifact. Every pool member must
+therefore also appear as a direct top-level backend entry in the same environment configuration.
+
+The dependency-free parser intentionally supports this narrow APIOps shape:
+
+- `backends:` begins at the top level.
+- Every direct item uses two spaces followed by `- name:`.
+- IDs are case-sensitive.
+- IDs contain only ASCII letters, numbers, periods, underscores, and hyphens.
+- Duplicate IDs are rejected.
+- Pool members use the literal `/backends/<backend-id>` resource form beneath `properties.pool.services`.
+- Every selected canonical pool must have a non-empty target services array.
+- Pool members must be selected canonical concrete backends; pools cannot contain filtered backends or another pool.
+- Other nested properties are ignored by selection parsing and remain available to APIOps.
+
+Use a full YAML parser if a production configuration requires anchors, aliases, tags, flow-style arrays, or another YAML feature outside this contract.
+
+## Adopt the Workflow Templates
+
+The files under `workflow-templates` are inert while they remain inside the POC. To use them in another repository:
+
+1. Place both workflow files in that repository's `.github/workflows/` directory without renaming them.
+1. Update the matrix values in `publish-apiops.yml` with real APIM service and resource group names.
+1. Update `source-artifacts-path`, configuration paths, and the preprocessing script path if the POC layout changes.
+1. Create protected GitHub environments named `apiops-dev`, `apiops-qa`, and `apiops-prod`, or update the matrix names.
+1. Add the following secrets to each protected environment:
+    - `AZURE_CLIENT_ID`
+    - `AZURE_TENANT_ID`
+    - `AZURE_SUBSCRIPTION_ID`
+1. Configure the federated credential for each client ID to trust the repository and matching GitHub environment.
+1. Grant the workload identity only the Azure permissions required to publish to its target APIM instance.
+1. Add required reviewers and deployment protections, especially for `apiops-prod`.
+1. Run the workflow manually and choose `dev`, `qa`, `prod`, or `all`.
+
+The reusable workflow uses OIDC through the SHA-pinned `azure/login` action. It downloads the APIOps `v7.0.3` Linux publisher, verifies the published SHA-256
+digest, and then executes it. Review and update both the release version and checksum together when adopting a newer APIOps release.
+
+Selecting `all` starts all matching targets as independent matrix jobs. GitHub environment approvals still apply, but this POC does not impose DEV-to-QA-to-PROD
+sequencing. Add explicit promotion dependencies or separate workflows when successful lower-environment deployment must gate the next environment.
+
+## Safety Boundaries
+
+- The script never changes the canonical source tree.
+- The destination must not equal, contain, or be contained by the source path.
+- The audit manifest must remain outside both artifact trees.
+- An existing destination is rejected unless `-Force` is explicit.
+- All configured IDs are validated before staging begins.
+- Every selected pool composition is validated for dependency closure before staging begins.
+- Only direct child directories of staged `backends` are filtered.
+- Partial staging is removed after staging or audit failure.
+- The workflow does not pass secrets through command text.
+- GitHub Actions are pinned to immutable commit SHAs.
+- The publisher archive is pinned to a release and verified by SHA-256.
+
+This POC does not delete backend resources that already exist in APIM. A full APIOps publication processes artifacts visible in the staged tree; absence from
+that tree is not a deletion declaration. Treat backend retirement as a separate, reviewed cleanup operation.
+
+## Adapting the POC
+
+Before using this pattern with real inference backends:
+
+- [ ] Replace all `.example.net` URLs with validated target endpoints.
+- [ ] Replace fictitious APIM service and resource group names.
+- [ ] Create one configuration per independently routed APIM instance and map it to the correct workflow target.
+- [ ] Classify every production backend by region and assign local, peer-region, and tertiary priorities.
+- [ ] Preserve stable pool IDs across environments and provide complete target-specific service arrays.
+- [ ] Include every pool member as a direct selected concrete backend.
+- [ ] Validate literal policy backend references for dependency closure.
+- [ ] Review the generated selection manifest before publisher execution.
+- [ ] Define a separate process for deliberate backend deletion from APIM.
+- [ ] Test the adopted workflow in a non-production APIM instance.
+
+This POC validates selected backend-pool members directly. The more complete parent implementation in
+[prepare-apiops-artifacts.ps1](../prepare-apiops-artifacts.ps1) additionally validates literal policy references. Use that policy dependency validation when
+adopting the POC with real API policy artifacts.
+
+## Related APIOps Discussions
+
+- [Issue #789: selectively publish APIs across different APIM environments](https://github.com/Azure/apiops/issues/789) closely matches the canonical-superset
+  and temporary-filtered-copy pattern demonstrated here.
+- [Issue #659: configuration file behavior](https://github.com/Azure/apiops/issues/659) explains that publisher configuration overrides properties but does not
+  natively select resources.
+- [Issue #417: selective publishing configuration](https://github.com/Azure/apiops/issues/417) records why an earlier artifact-selection capability was
+  reverted.
+- [Issue #504: exclude selected artifacts from UAT and PROD](https://github.com/Azure/apiops/issues/504) confirms that configuration cannot exclude artifacts by
+  itself.
+- [Issue #773: publisher deletion behavior](https://github.com/Azure/apiops/issues/773) distinguishes commit-based deletion from full artifact publication.
+- [Issue #154: publishing environments that missed commits](https://github.com/Azure/apiops/issues/154) describes the gap between one-commit publication and a
+  complete repository publication.
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-centralus/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-centralus/backendInformation.json
new file mode 100644
index 00000000..2dc189e1
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-centralus/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Canonical gpt-5.1 PAYG backend in Central US.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-payg-centralus.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-eastus2-02/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-eastus2-02/backendInformation.json
new file mode 100644
index 00000000..aaf53f1c
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-eastus2-02/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Second canonical gpt-5.1 PAYG backend in East US 2.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-payg-eastus2-02.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-eastus2/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-eastus2/backendInformation.json
new file mode 100644
index 00000000..b30a3287
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-eastus2/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Canonical gpt-5.1 PAYG backend in East US 2.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-payg-eastus2.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-northcentralus/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-northcentralus/backendInformation.json
new file mode 100644
index 00000000..cbb9f913
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-northcentralus/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Canonical gpt-5.1 PAYG backend in North Central US.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-payg-northcentralus.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-southcentralus/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-southcentralus/backendInformation.json
new file mode 100644
index 00000000..9a5e9611
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-southcentralus/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Canonical gpt-5.1 PAYG backend in South Central US.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-payg-southcentralus.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-westus3-02/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-westus3-02/backendInformation.json
new file mode 100644
index 00000000..8a6dc7e6
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-westus3-02/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Second canonical gpt-5.1 PAYG backend in West US 3.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-payg-westus3-02.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-westus3/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-westus3/backendInformation.json
new file mode 100644
index 00000000..1fbceca0
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PAYG-westus3/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Canonical gpt-5.1 PAYG backend in West US 3.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-payg-westus3.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-eastus2/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-eastus2/backendInformation.json
new file mode 100644
index 00000000..d810f181
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-eastus2/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Canonical gpt-5.1 simulated PTU backend in East US 2.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-ptu-eastus2.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-southcentralus/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-southcentralus/backendInformation.json
new file mode 100644
index 00000000..0fd8f435
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-southcentralus/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Canonical gpt-5.1 simulated PTU backend in South Central US.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-ptu-southcentralus.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-westus3/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-westus3/backendInformation.json
new file mode 100644
index 00000000..dda30d91
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/gpt-5-1-PTU-westus3/backendInformation.json
@@ -0,0 +1,11 @@
+{
+    "properties": {
+        "description": "Canonical gpt-5.1 simulated PTU backend in West US 3.",
+        "protocol": "http",
+        "tls": {
+            "validateCertificateChain": true,
+            "validateCertificateName": true
+        },
+        "url": "https://canonical-gpt-5-1-ptu-westus3.example.net/inference"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/artifacts/backends/inference-gpt-5-1-pool/backendInformation.json b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/inference-gpt-5-1-pool/backendInformation.json
new file mode 100644
index 00000000..e2cecf3f
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/artifacts/backends/inference-gpt-5-1-pool/backendInformation.json
@@ -0,0 +1,60 @@
+{
+    "properties": {
+        "description": "Stable gpt-5.1 inference pool from the canonical POC artifact superset.",
+        "pool": {
+            "services": [
+                {
+                    "id": "/backends/gpt-5-1-PTU-eastus2",
+                    "priority": 1,
+                    "weight": 10
+                },
+                {
+                    "id": "/backends/gpt-5-1-PTU-westus3",
+                    "priority": 1,
+                    "weight": 10
+                },
+                {
+                    "id": "/backends/gpt-5-1-PTU-southcentralus",
+                    "priority": 1,
+                    "weight": 10
+                },
+                {
+                    "id": "/backends/gpt-5-1-PAYG-centralus",
+                    "priority": 2,
+                    "weight": 10
+                },
+                {
+                    "id": "/backends/gpt-5-1-PAYG-eastus2",
+                    "priority": 2,
+                    "weight": 10
+                },
+                {
+                    "id": "/backends/gpt-5-1-PAYG-northcentralus",
+                    "priority": 2,
+                    "weight": 10
+                },
+                {
+                    "id": "/backends/gpt-5-1-PAYG-westus3",
+                    "priority": 2,
+                    "weight": 10
+                },
+                {
+                    "id": "/backends/gpt-5-1-PAYG-eastus2-02",
+                    "priority": 2,
+                    "weight": 10
+                },
+                {
+                    "id": "/backends/gpt-5-1-PAYG-westus3-02",
+                    "priority": 2,
+                    "weight": 10
+                },
+                {
+                    "id": "/backends/gpt-5-1-PAYG-southcentralus",
+                    "priority": 2,
+                    "weight": 10
+                }
+            ]
+        },
+        "type": "Pool"
+    }
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/configurations/configuration.dev.yaml b/samples/inference-failover/APIOps-variable-publish/configurations/configuration.dev.yaml
new file mode 100644
index 00000000..536d1021
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/configurations/configuration.dev.yaml
@@ -0,0 +1,71 @@
+# APIOps property overrides and the POC backend allowlist for DEV.
+# The preprocessing script retains all 10 concrete backends and the stable pool.
+# Simulated PTU capacity is exhausted before PAYG capacity.
+ARM_API_VERSION: 2024-06-01-preview
+
+backends:
+  - name: gpt-5-1-PTU-eastus2
+    properties:
+      url: https://dev-gpt-5-1-ptu-eastus2.example.net/inference
+  - name: gpt-5-1-PAYG-centralus
+    properties:
+      url: https://dev-gpt-5-1-payg-centralus.example.net/inference
+  - name: gpt-5-1-PTU-westus3
+    properties:
+      url: https://dev-gpt-5-1-ptu-westus3.example.net/inference
+  - name: gpt-5-1-PAYG-eastus2
+    properties:
+      url: https://dev-gpt-5-1-payg-eastus2.example.net/inference
+  - name: gpt-5-1-PAYG-northcentralus
+    properties:
+      url: https://dev-gpt-5-1-payg-northcentralus.example.net/inference
+  - name: gpt-5-1-PAYG-westus3
+    properties:
+      url: https://dev-gpt-5-1-payg-westus3.example.net/inference
+  - name: gpt-5-1-PAYG-eastus2-02
+    properties:
+      url: https://dev-gpt-5-1-payg-eastus2-02.example.net/inference
+  - name: gpt-5-1-PTU-southcentralus
+    properties:
+      url: https://dev-gpt-5-1-ptu-southcentralus.example.net/inference
+  - name: gpt-5-1-PAYG-westus3-02
+    properties:
+      url: https://dev-gpt-5-1-payg-westus3-02.example.net/inference
+  - name: gpt-5-1-PAYG-southcentralus
+    properties:
+      url: https://dev-gpt-5-1-payg-southcentralus.example.net/inference
+  - name: inference-gpt-5-1-pool
+    properties:
+      type: Pool
+      pool:
+        services:
+          - id: /backends/gpt-5-1-PTU-eastus2
+            priority: 1
+            weight: 10
+          - id: /backends/gpt-5-1-PTU-westus3
+            priority: 1
+            weight: 10
+          - id: /backends/gpt-5-1-PTU-southcentralus
+            priority: 1
+            weight: 10
+          - id: /backends/gpt-5-1-PAYG-centralus
+            priority: 2
+            weight: 10
+          - id: /backends/gpt-5-1-PAYG-eastus2
+            priority: 2
+            weight: 10
+          - id: /backends/gpt-5-1-PAYG-northcentralus
+            priority: 2
+            weight: 10
+          - id: /backends/gpt-5-1-PAYG-westus3
+            priority: 2
+            weight: 10
+          - id: /backends/gpt-5-1-PAYG-eastus2-02
+            priority: 2
+            weight: 10
+          - id: /backends/gpt-5-1-PAYG-westus3-02
+            priority: 2
+            weight: 10
+          - id: /backends/gpt-5-1-PAYG-southcentralus
+            priority: 2
+            weight: 10
diff --git a/samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-eastus2.yaml b/samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-eastus2.yaml
new file mode 100644
index 00000000..5f44026b
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-eastus2.yaml
@@ -0,0 +1,58 @@
+# APIOps property overrides and backend selection for the East US 2 PROD APIM.
+# All PTU capacity precedes PAYG, with local capacity first in each class.
+ARM_API_VERSION: 2024-06-01-preview
+
+backends:
+  # East US 2 simulated PTU and PAYG backends.
+  - name: gpt-5-1-PTU-eastus2
+    properties:
+      url: https://prod-gpt-5-1-ptu-eastus2.example.net/inference
+  - name: gpt-5-1-PAYG-eastus2
+    properties:
+      url: https://prod-gpt-5-1-payg-eastus2.example.net/inference
+  - name: gpt-5-1-PAYG-eastus2-02
+    properties:
+      url: https://prod-gpt-5-1-payg-eastus2-02.example.net/inference
+
+  # West US 3 simulated PTU and PAYG backends.
+  - name: gpt-5-1-PTU-westus3
+    properties:
+      url: https://prod-gpt-5-1-ptu-westus3.example.net/inference
+  - name: gpt-5-1-PAYG-westus3
+    properties:
+      url: https://prod-gpt-5-1-payg-westus3.example.net/inference
+  - name: gpt-5-1-PAYG-westus3-02
+    properties:
+      url: https://prod-gpt-5-1-payg-westus3-02.example.net/inference
+
+  # Region-neutral tertiary fallback.
+  - name: gpt-5-1-PAYG-southcentralus
+    properties:
+      url: https://prod-gpt-5-1-payg-southcentralus.example.net/inference
+
+  - name: inference-gpt-5-1-pool
+    properties:
+      type: Pool
+      pool:
+        services:
+          - id: /backends/gpt-5-1-PTU-eastus2
+            priority: 1
+            weight: 100
+          - id: /backends/gpt-5-1-PTU-westus3
+            priority: 2
+            weight: 100
+          - id: /backends/gpt-5-1-PAYG-eastus2
+            priority: 3
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-eastus2-02
+            priority: 3
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-westus3
+            priority: 4
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-westus3-02
+            priority: 4
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-southcentralus
+            priority: 5
+            weight: 100
diff --git a/samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-westus3.yaml b/samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-westus3.yaml
new file mode 100644
index 00000000..9b70fd0e
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-westus3.yaml
@@ -0,0 +1,58 @@
+# APIOps property overrides and backend selection for the West US 3 PROD APIM.
+# All PTU capacity precedes PAYG, with local capacity first in each class.
+ARM_API_VERSION: 2024-06-01-preview
+
+backends:
+  # East US 2 simulated PTU and PAYG backends.
+  - name: gpt-5-1-PTU-eastus2
+    properties:
+      url: https://prod-gpt-5-1-ptu-eastus2.example.net/inference
+  - name: gpt-5-1-PAYG-eastus2
+    properties:
+      url: https://prod-gpt-5-1-payg-eastus2.example.net/inference
+  - name: gpt-5-1-PAYG-eastus2-02
+    properties:
+      url: https://prod-gpt-5-1-payg-eastus2-02.example.net/inference
+
+  # West US 3 simulated PTU and PAYG backends.
+  - name: gpt-5-1-PTU-westus3
+    properties:
+      url: https://prod-gpt-5-1-ptu-westus3.example.net/inference
+  - name: gpt-5-1-PAYG-westus3
+    properties:
+      url: https://prod-gpt-5-1-payg-westus3.example.net/inference
+  - name: gpt-5-1-PAYG-westus3-02
+    properties:
+      url: https://prod-gpt-5-1-payg-westus3-02.example.net/inference
+
+  # Region-neutral tertiary fallback.
+  - name: gpt-5-1-PAYG-southcentralus
+    properties:
+      url: https://prod-gpt-5-1-payg-southcentralus.example.net/inference
+
+  - name: inference-gpt-5-1-pool
+    properties:
+      type: Pool
+      pool:
+        services:
+          - id: /backends/gpt-5-1-PTU-westus3
+            priority: 1
+            weight: 100
+          - id: /backends/gpt-5-1-PTU-eastus2
+            priority: 2
+            weight: 100
+          - id: /backends/gpt-5-1-PAYG-westus3
+            priority: 3
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-westus3-02
+            priority: 3
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-eastus2
+            priority: 4
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-eastus2-02
+            priority: 4
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-southcentralus
+            priority: 5
+            weight: 100
diff --git a/samples/inference-failover/APIOps-variable-publish/configurations/configuration.qa.yaml b/samples/inference-failover/APIOps-variable-publish/configurations/configuration.qa.yaml
new file mode 100644
index 00000000..c4188111
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/configurations/configuration.qa.yaml
@@ -0,0 +1,22 @@
+# APIOps property overrides and the POC backend allowlist for QA.
+# The preprocessing script retains 2 concrete backends and the stable pool.
+ARM_API_VERSION: 2024-06-01-preview
+
+backends:
+  - name: gpt-5-1-PTU-eastus2
+    properties:
+      url: https://qa-gpt-5-1-ptu-eastus2.example.net/inference
+  - name: gpt-5-1-PTU-westus3
+    properties:
+      url: https://qa-gpt-5-1-ptu-westus3.example.net/inference
+  - name: inference-gpt-5-1-pool
+    properties:
+      type: Pool
+      pool:
+        services:
+          - id: /backends/gpt-5-1-PTU-eastus2
+            priority: 1
+            weight: 100
+          - id: /backends/gpt-5-1-PTU-westus3
+            priority: 2
+            weight: 100
diff --git a/samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1 b/samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1
new file mode 100644
index 00000000..2b913b52
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1
@@ -0,0 +1,654 @@
+#!/usr/bin/env pwsh
+
+<#
+.SYNOPSIS
+Creates an environment-specific APIOps artifact tree from a canonical superset.
+
+.DESCRIPTION
+This script reads backend resource IDs and backend-pool members from the top-level `backends` array in an APIOps configuration YAML file. It validates
+that every configured ID has a matching `backends/<id>/backendInformation.json` artifact and every pool member is a selected concrete backend before staging.
+
+After validation, the script copies the complete source artifact tree to a separate destination and removes only unselected direct children of the staged
+`backends` directory. Other APIOps collections are copied without filtering. The source tree is never modified.
+
+The YAML reader is intentionally dependency-free and supports the APIOps shape used by this POC. Each direct backend item must use exactly this form:
+
+  backends:
+    - name: backend-id
+
+Nested backend properties may follow each name. Backend IDs may contain ASCII
+letters, numbers, periods, underscores, and hyphens.
+
+Selected pool resources must provide a complete services array in this form:
+
+        - name: inference-gpt-5-1-pool
+            properties:
+                type: Pool
+                pool:
+                    services:
+                        - id: /backends/gpt-5-1-PTU-eastus2
+
+.PARAMETER SourceArtifactsPath
+Canonical APIOps artifact root containing the complete `backends` directory.
+
+.PARAMETER DestinationArtifactsPath
+Separate staging root that APIOps will receive through `API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH`.
+
+.PARAMETER ConfigurationPath
+APIOps configuration YAML whose top-level `backends[].name` values define the backend allowlist for this preprocessing step.
+
+.PARAMETER AuditManifestPath
+Optional JSON output path. The default is beside the staged directory with a `.selection.json` suffix.
+
+.PARAMETER Force
+Replaces an existing destination. Without this switch, an existing destination is treated as an input error and remains untouched.
+
+.EXAMPLE
+pwsh ./scripts/prepare-apiops-artifacts.ps1 `
+  -SourceArtifactsPath ./artifacts `
+  -DestinationArtifactsPath ./out/qa `
+  -ConfigurationPath ./configurations/configuration.qa.yaml
+
+.OUTPUTS
+Exit 0: staging completed successfully.
+Exit 2: an input path or destination is invalid.
+Exit 3: the configuration cannot provide a valid backend allowlist.
+Exit 4: configured backend artifacts are absent or invalid in the superset.
+Exit 5: staging or audit output could not be created.
+Exit 99: an unexpected failure occurred.
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Mandatory)]
+    [string] $SourceArtifactsPath,
+
+    [Parameter(Mandatory)]
+    [string] $DestinationArtifactsPath,
+
+    [Parameter(Mandatory)]
+    [string] $ConfigurationPath,
+
+    [string] $AuditManifestPath,
+
+    [switch] $Force
+)
+
+Set-StrictMode -Version Latest
+$ErrorActionPreference = 'Stop'
+
+$script:ExitCodes = [ordered]@{
+    Success = 0
+    InvalidInput = 2
+    InvalidConfiguration = 3
+    InvalidSourceArtifacts = 4
+    StagingFailure = 5
+    UnexpectedFailure = 99
+}
+
+function New-PocException {
+    param(
+        [int] $ExitCode,
+        [string] $ErrorId,
+        [string] $Message
+    )
+
+    $exception = [System.InvalidOperationException]::new($Message)
+    $exception.Data['ExitCode'] = $ExitCode
+    $exception.Data['ErrorId'] = $ErrorId
+
+    return $exception
+}
+
+function Stop-PocOperation {
+    param(
+        [int] $ExitCode,
+        [string] $ErrorId,
+        [string] $Title,
+        [string[]] $Details,
+        [string] $Resolution
+    )
+
+    $messageLines = [System.Collections.Generic.List[string]]::new()
+    $messageLines.Add("[$ErrorId] $Title")
+    foreach ($detail in $Details) {
+        $messageLines.Add($detail)
+    }
+    $messageLines.Add("Resolution: $Resolution")
+
+    throw (New-PocException -ExitCode $ExitCode -ErrorId $ErrorId -Message ($messageLines -join [Environment]::NewLine))
+}
+
+function Get-NormalizedPath {
+    param(
+        [string] $Path,
+        [switch] $MustExist
+    )
+
+    if ([string]::IsNullOrWhiteSpace($Path)) {
+        throw 'A required path value is empty.'
+    }
+
+    $normalizedPath = [System.IO.Path]::GetFullPath($Path)
+    if ($MustExist -and -not (Test-Path -LiteralPath $normalizedPath)) {
+        throw "Path does not exist: $normalizedPath"
+    }
+
+    return [System.IO.Path]::TrimEndingDirectorySeparator($normalizedPath)
+}
+
+function Test-PathContains {
+    param(
+        [string] $ParentPath,
+        [string] $ChildPath
+    )
+
+    $separator = [System.IO.Path]::DirectorySeparatorChar
+    $parentPrefix = $ParentPath.TrimEnd($separator, [System.IO.Path]::AltDirectorySeparatorChar) + $separator
+
+    return $ChildPath.StartsWith($parentPrefix, [System.StringComparison]::OrdinalIgnoreCase)
+}
+
+function ConvertFrom-BackendNameScalar {
+    param(
+        [string] $Value,
+        [int] $LineNumber
+    )
+
+    $backendName = $Value.Trim()
+    if (($backendName.StartsWith("'") -and $backendName.EndsWith("'")) -or ($backendName.StartsWith('"') -and $backendName.EndsWith('"'))) {
+        $backendName = $backendName.Substring(1, $backendName.Length - 2)
+    }
+
+    if ($backendName -notmatch '^[A-Za-z0-9._-]+$') {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidConfiguration `
+            -ErrorId 'POC003' `
+            -Title 'INVALID BACKEND ID IN CONFIGURATION' `
+            -Details @("Line $LineNumber contains unsupported backend ID '$backendName'.") `
+            -Resolution 'Use a non-empty ID containing only ASCII letters, numbers, periods, underscores, or hyphens.'
+    }
+
+    return $backendName
+}
+
+function ConvertFrom-PoolMemberScalar {
+    param(
+        [string] $Value,
+        [int] $LineNumber
+    )
+
+    $memberId = $Value.Trim()
+    if (($memberId.StartsWith("'") -and $memberId.EndsWith("'")) -or ($memberId.StartsWith('"') -and $memberId.EndsWith('"'))) {
+        $memberId = $memberId.Substring(1, $memberId.Length - 2)
+    }
+
+    if ($memberId -notmatch '^/backends/(?<name>[A-Za-z0-9._-]+)$') {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidConfiguration `
+            -ErrorId 'POC003' `
+            -Title 'INVALID BACKEND POOL MEMBER ID' `
+            -Details @("Line $LineNumber contains unsupported pool member ID '$memberId'.") `
+            -Resolution "Use the literal APIOps backend resource form '/backends/<backend-id>'."
+    }
+
+    return $Matches.name
+}
+
+function Get-ConfiguredBackendSelection {
+    param([string] $Path)
+
+    $lines = @(Get-Content -LiteralPath $Path)
+    $backendsSectionCount = @($lines | Where-Object { $_ -match '^backends:\s*(?:#.*)?$' }).Count
+    if ($backendsSectionCount -ne 1) {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidConfiguration `
+            -ErrorId 'POC003' `
+            -Title 'CONFIGURATION MUST HAVE ONE BACKENDS ARRAY' `
+            -Details @("Expected one top-level backends property in '$Path'; found $backendsSectionCount.") `
+            -Resolution 'Keep exactly one top-level backends array in the target APIOps configuration.'
+    }
+
+    $insideBackends = $false
+    $foundBackendsSection = $false
+    $names = [System.Collections.Generic.List[string]]::new()
+    $nameSet = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
+    $poolMembers = [System.Collections.Generic.Dictionary[string, System.Collections.Generic.List[string]]]::new([System.StringComparer]::Ordinal)
+    $configuredPools = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
+    $currentBackendName = $null
+
+    for ($index = 0; $index -lt $lines.Count; $index++) {
+        $line = $lines[$index]
+        $lineNumber = $index + 1
+
+        if (-not $insideBackends) {
+            if ($line -match '^backends:\s*(?:#.*)?$') {
+                $insideBackends = $true
+                $foundBackendsSection = $true
+            }
+            continue
+        }
+
+        if ($line -match '^\S' -and $line -notmatch '^#') {
+            break
+        }
+
+        if ($line -match '^  - name:\s*(?<name>[^#]+?)\s*(?:#.*)?$') {
+            $backendName = ConvertFrom-BackendNameScalar -Value $Matches.name -LineNumber $lineNumber
+            if (-not $nameSet.Add($backendName)) {
+                Stop-PocOperation `
+                    -ExitCode $script:ExitCodes.InvalidConfiguration `
+                    -ErrorId 'POC003' `
+                    -Title 'DUPLICATE BACKEND ID IN CONFIGURATION' `
+                    -Details @("Backend ID '$backendName' appears more than once in '$Path'.") `
+                    -Resolution 'Keep one direct backends entry for each backend ID.'
+            }
+            $names.Add($backendName)
+            $poolMembers.Add($backendName, [System.Collections.Generic.List[string]]::new())
+            $currentBackendName = $backendName
+            continue
+        }
+
+        if ($null -ne $currentBackendName -and $line -match '^        services:\s*(?:#.*)?$') {
+            $null = $configuredPools.Add($currentBackendName)
+            continue
+        }
+
+        if ($null -ne $currentBackendName -and $line -match '^          - id:\s*(?<id>[^#]+?)\s*(?:#.*)?$') {
+            if (-not $configuredPools.Contains($currentBackendName)) {
+                Stop-PocOperation `
+                    -ExitCode $script:ExitCodes.InvalidConfiguration `
+                    -ErrorId 'POC003' `
+                    -Title 'POOL MEMBER IS OUTSIDE A SERVICES ARRAY' `
+                    -Details @("Line $lineNumber in '$Path' is not beneath properties.pool.services.") `
+                    -Resolution 'Use the documented indentation for the complete backend-pool services array.'
+            }
+
+            $memberName = ConvertFrom-PoolMemberScalar -Value $Matches.id -LineNumber $lineNumber
+            if ($poolMembers[$currentBackendName].Contains($memberName)) {
+                Stop-PocOperation `
+                    -ExitCode $script:ExitCodes.InvalidConfiguration `
+                    -ErrorId 'POC003' `
+                    -Title 'DUPLICATE BACKEND POOL MEMBER' `
+                    -Details @("Pool '$currentBackendName' includes '$memberName' more than once in '$Path'.") `
+                    -Resolution 'Keep one services entry for each concrete backend in a pool.'
+            }
+            $poolMembers[$currentBackendName].Add($memberName)
+            continue
+        }
+
+        if ($line -match '^  -\s+') {
+            Stop-PocOperation `
+                -ExitCode $script:ExitCodes.InvalidConfiguration `
+                -ErrorId 'POC003' `
+                -Title 'INVALID DIRECT BACKEND ITEM' `
+                -Details @("Line $lineNumber in '$Path' must begin with exactly '  - name: <backend-id>'.") `
+                -Resolution 'Give every direct item in the top-level backends array a name property as its first field.'
+        }
+    }
+
+    if (-not $foundBackendsSection -or $names.Count -eq 0) {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidConfiguration `
+            -ErrorId 'POC003' `
+            -Title 'BACKEND ALLOWLIST IS EMPTY OR MISSING' `
+            -Details @("No direct backend names were read from '$Path'.") `
+            -Resolution 'Add a top-level backends array with direct items formatted as two spaces, a hyphen, and name: <backend-id>.'
+    }
+
+    foreach ($poolName in $configuredPools) {
+        if ($poolMembers[$poolName].Count -eq 0) {
+            Stop-PocOperation `
+                -ExitCode $script:ExitCodes.InvalidConfiguration `
+                -ErrorId 'POC003' `
+                -Title 'BACKEND POOL SERVICES ARRAY IS EMPTY' `
+                -Details @("Pool '$poolName' does not declare any service IDs in '$Path'.") `
+                -Resolution 'List every concrete backend that should belong to the target pool.'
+        }
+    }
+
+    return [pscustomobject]@{
+        Names = $names.ToArray()
+        NameSet = $nameSet
+        PoolMembers = $poolMembers
+        ConfiguredPools = $configuredPools
+    }
+}
+
+function Get-CanonicalBackendInventory {
+    param(
+        [string] $SourcePath,
+        [string[]] $SelectedNames,
+        [string] $ConfigurationFullPath
+    )
+
+    $backendsPath = Join-Path $SourcePath 'backends'
+    if (-not (Test-Path -LiteralPath $backendsPath -PathType Container)) {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidSourceArtifacts `
+            -ErrorId 'POC004' `
+            -Title 'CANONICAL BACKENDS DIRECTORY IS MISSING' `
+            -Details @("Expected backend root: $backendsPath", "Configuration: $ConfigurationFullPath") `
+            -Resolution 'Restore the canonical artifacts/backends directory before running APIOps.'
+    }
+
+    $availableNames = @(Get-ChildItem -LiteralPath $backendsPath -Force -Directory | ForEach-Object Name | Sort-Object)
+    $availableSet = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
+    foreach ($availableName in $availableNames) {
+        $null = $availableSet.Add($availableName)
+    }
+
+    $missingNames = @($SelectedNames | Where-Object { -not $availableSet.Contains($_) } | Sort-Object)
+    if ($missingNames.Count -gt 0) {
+        $expectedPaths = @($missingNames | ForEach-Object { Join-Path (Join-Path $backendsPath $_) 'backendInformation.json' })
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidSourceArtifacts `
+            -ErrorId 'POC004' `
+            -Title 'CONFIGURED BACKEND ARTIFACTS ARE MISSING' `
+            -Details @(
+                "Configuration: $ConfigurationFullPath",
+                "Canonical backend root: $backendsPath",
+                "Configured backend IDs not found ($($missingNames.Count)): $($missingNames -join ', ')",
+                "Expected artifact path(s): $($expectedPaths -join '; ')",
+                "Available backend IDs ($($availableNames.Count)): $($availableNames -join ', ')",
+                'The APIOps publisher was not started and no staging directory was created.'
+            ) `
+            -Resolution ('Restore or extract each missing backend artifact, or remove the incorrect ID from the target ' +
+                'configuration, then rerun the preparation step.')
+    }
+
+    $invalidArtifacts = [System.Collections.Generic.List[string]]::new()
+    $poolNames = [System.Collections.Generic.List[string]]::new()
+    $poolNameSet = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
+    $concreteNames = [System.Collections.Generic.List[string]]::new()
+    $concreteNameSet = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
+    foreach ($backendName in $availableNames) {
+        $informationPath = Join-Path (Join-Path $backendsPath $backendName) 'backendInformation.json'
+        if (-not (Test-Path -LiteralPath $informationPath -PathType Leaf)) {
+            $invalidArtifacts.Add("$backendName (missing $informationPath)")
+            continue
+        }
+
+        try {
+            $document = Get-Content -LiteralPath $informationPath -Raw | ConvertFrom-Json
+            $isPool = (
+                $null -ne $document.properties -and
+                $null -ne $document.properties.PSObject.Properties['type'] -and
+                [string] $document.properties.type -eq 'Pool'
+            )
+            if ($isPool) {
+                $poolNames.Add($backendName)
+                $null = $poolNameSet.Add($backendName)
+            }
+            else {
+                $concreteNames.Add($backendName)
+                $null = $concreteNameSet.Add($backendName)
+            }
+        }
+        catch {
+            $invalidArtifacts.Add("$backendName (invalid JSON in ${informationPath}: $($_.Exception.Message))")
+        }
+    }
+
+    if ($invalidArtifacts.Count -gt 0) {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidSourceArtifacts `
+            -ErrorId 'POC004' `
+            -Title 'CONFIGURED BACKEND ARTIFACTS ARE INVALID' `
+            -Details @($invalidArtifacts) `
+            -Resolution 'Restore valid backendInformation.json files for every configured backend before running APIOps.'
+    }
+
+    return [pscustomobject]@{
+        AvailableNames = $availableNames
+        BackendsPath = $backendsPath
+        PoolNames = $poolNames.ToArray()
+        PoolNameSet = $poolNameSet
+        ConcreteNames = $concreteNames.ToArray()
+        ConcreteNameSet = $concreteNameSet
+    }
+}
+
+function Assert-BackendPoolSelection {
+    param(
+        [pscustomobject] $Selection,
+        [pscustomobject] $Inventory,
+        [string] $ConfigurationFullPath
+    )
+
+    foreach ($configuredPoolName in $Selection.ConfiguredPools) {
+        if (-not $Inventory.PoolNameSet.Contains($configuredPoolName)) {
+            Stop-PocOperation `
+                -ExitCode $script:ExitCodes.InvalidConfiguration `
+                -ErrorId 'POC003' `
+                -Title 'POOL COMPOSITION TARGET IS NOT A CANONICAL POOL' `
+                -Details @("Resource '$configuredPoolName' has a services array but its canonical artifact is not type Pool.") `
+                -Resolution 'Move the services array to a selected canonical backend-pool resource.'
+        }
+    }
+
+    foreach ($poolName in $Inventory.PoolNames) {
+        if (-not $Selection.NameSet.Contains($poolName)) {
+            continue
+        }
+
+        if (-not $Selection.ConfiguredPools.Contains($poolName)) {
+            Stop-PocOperation `
+                -ExitCode $script:ExitCodes.InvalidConfiguration `
+                -ErrorId 'POC003' `
+                -Title 'SELECTED POOL HAS NO TARGET COMPOSITION' `
+                -Details @("Selected pool '$poolName' has no properties.pool.services override in '$ConfigurationFullPath'.") `
+                -Resolution 'Declare the complete target-specific services array for every selected backend pool.'
+        }
+
+        foreach ($memberName in $Selection.PoolMembers[$poolName]) {
+            if (-not $Selection.NameSet.Contains($memberName)) {
+                Stop-PocOperation `
+                    -ExitCode $script:ExitCodes.InvalidConfiguration `
+                    -ErrorId 'POC003' `
+                    -Title 'BACKEND POOL MEMBER IS NOT SELECTED' `
+                    -Details @(
+                        "Pool: $poolName",
+                        "Member: $memberName",
+                        "Configuration: $ConfigurationFullPath",
+                        'The APIOps publisher was not started and no staging directory was created.'
+                    ) `
+                    -Resolution "Add '$memberName' as a direct backends entry or remove it from the pool's services array."
+            }
+
+            if (-not $Inventory.ConcreteNameSet.Contains($memberName)) {
+                Stop-PocOperation `
+                    -ExitCode $script:ExitCodes.InvalidConfiguration `
+                    -ErrorId 'POC003' `
+                    -Title 'BACKEND POOL MEMBER IS NOT A CONCRETE BACKEND' `
+                    -Details @("Pool '$poolName' references '$memberName', which is not a canonical concrete backend.") `
+                    -Resolution 'Reference only selected concrete backend resources from a pool services array.'
+            }
+        }
+    }
+}
+
+function Invoke-ArtifactPreparation {
+    try {
+        $sourcePath = Get-NormalizedPath -Path $SourceArtifactsPath -MustExist
+        $configurationFullPath = Get-NormalizedPath -Path $ConfigurationPath -MustExist
+        $destinationPath = Get-NormalizedPath -Path $DestinationArtifactsPath
+    }
+    catch {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -ErrorId 'POC002' `
+            -Title 'INPUT PATH COULD NOT BE RESOLVED' `
+            -Details @($_.Exception.Message) `
+            -Resolution 'Confirm that the source and configuration exist and that the destination is a valid separate path.'
+    }
+
+    if (-not (Test-Path -LiteralPath $sourcePath -PathType Container)) {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -ErrorId 'POC002' `
+            -Title 'SOURCE ARTIFACT PATH IS NOT A DIRECTORY' `
+            -Details @("SourceArtifactsPath: $sourcePath") `
+            -Resolution 'Pass the canonical APIOps artifact root directory.'
+    }
+
+    if (-not (Test-Path -LiteralPath $configurationFullPath -PathType Leaf)) {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -ErrorId 'POC002' `
+            -Title 'CONFIGURATION PATH IS NOT A FILE' `
+            -Details @("ConfigurationPath: $configurationFullPath") `
+            -Resolution 'Pass one environment APIOps configuration YAML file.'
+    }
+
+    if ($sourcePath -eq $destinationPath -or (Test-PathContains -ParentPath $sourcePath -ChildPath $destinationPath) -or
+        (Test-PathContains -ParentPath $destinationPath -ChildPath $sourcePath)) {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -ErrorId 'POC002' `
+            -Title 'SOURCE AND DESTINATION PATHS OVERLAP' `
+            -Details @("Source: $sourcePath", "Destination: $destinationPath") `
+            -Resolution 'Use an isolated staging directory, preferably beneath the CI runner temporary directory.'
+    }
+
+    try {
+        $auditPath = if ([string]::IsNullOrWhiteSpace($AuditManifestPath)) {
+            "$destinationPath.selection.json"
+        }
+        else {
+            Get-NormalizedPath -Path $AuditManifestPath
+        }
+    }
+    catch {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -ErrorId 'POC002' `
+            -Title 'AUDIT MANIFEST PATH COULD NOT BE RESOLVED' `
+            -Details @($_.Exception.Message) `
+            -Resolution 'Use a valid audit file path outside the source and staged artifact trees.'
+    }
+
+    if ($auditPath -eq $sourcePath -or $auditPath -eq $destinationPath -or (Test-PathContains -ParentPath $sourcePath -ChildPath $auditPath) -or
+        (Test-PathContains -ParentPath $destinationPath -ChildPath $auditPath)) {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -ErrorId 'POC002' `
+            -Title 'AUDIT MANIFEST PATH OVERLAPS AN ARTIFACT TREE' `
+            -Details @("AuditManifestPath: $auditPath", "Source: $sourcePath", "Destination: $destinationPath") `
+            -Resolution 'Place the audit manifest beside the staged directory or in a separate release-evidence directory.'
+    }
+
+    Write-Host '[1/4] Reading configured backend IDs...'
+    $selection = Get-ConfiguredBackendSelection -Path $configurationFullPath
+    $selectedNames = @($selection.Names)
+    Write-Host "      Selected: $($selectedNames -join ', ')"
+
+    Write-Host '[2/4] Validating configured IDs against the canonical superset...'
+    $inventory = Get-CanonicalBackendInventory `
+        -SourcePath $sourcePath `
+        -SelectedNames $selectedNames `
+        -ConfigurationFullPath $configurationFullPath
+    Assert-BackendPoolSelection -Selection $selection -Inventory $inventory -ConfigurationFullPath $configurationFullPath
+    Write-Host "      Canonical resources: $($inventory.ConcreteNames.Count) concrete backends, $($inventory.PoolNames.Count) pool."
+
+    if ((Test-Path -LiteralPath $destinationPath) -and -not $Force) {
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -ErrorId 'POC002' `
+            -Title 'DESTINATION ALREADY EXISTS' `
+            -Details @("DestinationArtifactsPath: $destinationPath") `
+            -Resolution 'Choose a new staging path or explicitly pass -Force to replace it.'
+    }
+
+    $stagingStarted = $false
+    try {
+        Write-Host '[3/4] Copying and filtering the staged artifact tree...'
+        if (Test-Path -LiteralPath $destinationPath) {
+            Remove-Item -LiteralPath $destinationPath -Recurse -Force
+        }
+
+        $null = New-Item -ItemType Directory -Path $destinationPath -Force
+        $stagingStarted = $true
+        Get-ChildItem -LiteralPath $sourcePath -Force | Copy-Item -Destination $destinationPath -Recurse -Force
+
+        $removedNames = [System.Collections.Generic.List[string]]::new()
+        $stagedBackendsPath = Join-Path $destinationPath 'backends'
+        foreach ($directory in Get-ChildItem -LiteralPath $stagedBackendsPath -Force -Directory) {
+            if (-not $selection.NameSet.Contains($directory.Name)) {
+                $removedNames.Add($directory.Name)
+                Remove-Item -LiteralPath $directory.FullName -Recurse -Force
+            }
+        }
+
+        Write-Host '[4/4] Writing selection audit evidence...'
+        $auditParent = Split-Path -Path $auditPath -Parent
+        if (-not (Test-Path -LiteralPath $auditParent -PathType Container)) {
+            $null = New-Item -ItemType Directory -Path $auditParent -Force
+        }
+
+        $selectedConcreteNames = @($selectedNames | Where-Object { $inventory.ConcreteNameSet.Contains($_) } | Sort-Object)
+        $selectedPoolNames = @($selectedNames | Where-Object { $inventory.PoolNameSet.Contains($_) } | Sort-Object)
+        $poolMemberships = [ordered]@{}
+        foreach ($poolName in $selectedPoolNames) {
+            $poolMemberships[$poolName] = @($selection.PoolMembers[$poolName])
+        }
+
+        $manifest = [ordered]@{
+            schemaVersion = 1
+            status = 'Succeeded'
+            generatedAtUtc = [DateTimeOffset]::UtcNow.ToString('O')
+            sourceArtifactsPath = $sourcePath
+            destinationArtifactsPath = $destinationPath
+            configurationPath = $configurationFullPath
+            configurationSha256 = (Get-FileHash -LiteralPath $configurationFullPath -Algorithm SHA256).Hash.ToLowerInvariant()
+            availableBackendResourceCount = $inventory.AvailableNames.Count
+            availableConcreteBackendCount = $inventory.ConcreteNames.Count
+            availableBackendPoolCount = $inventory.PoolNames.Count
+            selectedBackendResourceCount = $selectedNames.Count
+            selectedConcreteBackendCount = $selectedConcreteNames.Count
+            selectedBackendPoolCount = $selectedPoolNames.Count
+            selectedBackendResources = @($selectedNames | Sort-Object)
+            selectedConcreteBackends = $selectedConcreteNames
+            selectedBackendPools = $selectedPoolNames
+            backendPoolMemberships = $poolMemberships
+            removedBackendResourceCount = $removedNames.Count
+            removedBackendResources = @($removedNames | Sort-Object)
+        }
+        $manifest | ConvertTo-Json -Depth 10 | Set-Content -LiteralPath $auditPath -Encoding utf8
+
+        Write-Host `
+            "SUCCESS: staged $($selectedConcreteNames.Count) concrete backends and $($selectedPoolNames.Count) pool at '$destinationPath'." `
+            -ForegroundColor Green
+        Write-Host "Audit manifest: $auditPath"
+    }
+    catch {
+        if ($stagingStarted -and (Test-Path -LiteralPath $destinationPath)) {
+            Remove-Item -LiteralPath $destinationPath -Recurse -Force -ErrorAction SilentlyContinue
+        }
+
+        if ($_.Exception.Data.Contains('ExitCode')) {
+            throw
+        }
+
+        Stop-PocOperation `
+            -ExitCode $script:ExitCodes.StagingFailure `
+            -ErrorId 'POC005' `
+            -Title 'STAGING OR AUDIT OUTPUT FAILED' `
+            -Details @($_.Exception.Message, "Partial staging was removed: $destinationPath") `
+            -Resolution 'Check path permissions and free disk space, then rerun the preparation step.'
+    }
+}
+
+try {
+    Invoke-ArtifactPreparation
+    exit $script:ExitCodes.Success
+}
+catch {
+    $exitCode = $script:ExitCodes.UnexpectedFailure
+    if ($_.Exception.Data.Contains('ExitCode')) {
+        $exitCode = [int] $_.Exception.Data['ExitCode']
+    }
+
+    [Console]::Error.WriteLine($_.Exception.Message)
+    exit $exitCode
+}
diff --git a/samples/inference-failover/APIOps-variable-publish/tests/fixtures/configuration.missing-backend.yaml b/samples/inference-failover/APIOps-variable-publish/tests/fixtures/configuration.missing-backend.yaml
new file mode 100644
index 00000000..8e0d468d
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/tests/fixtures/configuration.missing-backend.yaml
@@ -0,0 +1,10 @@
+# Negative-test fixture: gpt-5-1-PTU-japaneast is deliberately absent.
+ARM_API_VERSION: 2024-06-01-preview
+
+backends:
+  - name: gpt-5-1-PTU-eastus2
+    properties:
+      url: https://test-gpt-5-1-ptu-eastus2.example.net/inference
+  - name: gpt-5-1-PTU-japaneast
+    properties:
+      url: https://test-gpt-5-1-ptu-japaneast.example.net/inference
diff --git a/samples/inference-failover/APIOps-variable-publish/tests/fixtures/configuration.pool-member-not-selected.yaml b/samples/inference-failover/APIOps-variable-publish/tests/fixtures/configuration.pool-member-not-selected.yaml
new file mode 100644
index 00000000..abdc5e3e
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/tests/fixtures/configuration.pool-member-not-selected.yaml
@@ -0,0 +1,18 @@
+# Negative-test fixture: the West US 3 PTU backend is not selected directly.
+ARM_API_VERSION: 2024-06-01-preview
+
+backends:
+  - name: gpt-5-1-PTU-eastus2
+    properties:
+      url: https://test-gpt-5-1-ptu-eastus2.example.net/inference
+  - name: inference-gpt-5-1-pool
+    properties:
+      type: Pool
+      pool:
+        services:
+          - id: /backends/gpt-5-1-PTU-eastus2
+            priority: 1
+            weight: 50
+          - id: /backends/gpt-5-1-PTU-westus3
+            priority: 2
+            weight: 50
diff --git a/samples/inference-failover/APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1 b/samples/inference-failover/APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1
new file mode 100644
index 00000000..a568447e
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1
@@ -0,0 +1,449 @@
+#!/usr/bin/env pwsh
+
+<#
+.SYNOPSIS
+Runs offline end-to-end tests for the APIOps backend filtering POC.
+
+.DESCRIPTION
+The harness copies the fictitious canonical artifacts to a temporary directory
+and invokes the preparation script in child PowerShell processes. It requires
+PowerShell 7 but no Azure access, APIOps binary, Pester module, or YAML module.
+
+The success cases verify one stable pool with DEV=10, QA=2, and two regional
+PROD targets with the same seven concrete members. Capacity checks verify that
+all simulated PTU tiers precede PAYG. The PROD checks also verify local PTU,
+peer-region PTU, local PAYG, peer-region PAYG, and tertiary PAYG priorities.
+Negative cases verify that an absent configured backend and a pool member
+omitted from the environment selection both fail before staging. The harness
+also checks that non-backend artifacts are preserved and the source copy is
+not modified by any test.
+
+.PARAMETER KeepTemporaryFiles
+Retains the generated temporary directory for manual inspection.
+
+.EXAMPLE
+pwsh ./tests/test-prepare-apiops-artifacts.ps1
+#>
+
+[CmdletBinding()]
+param(
+    [switch] $KeepTemporaryFiles
+)
+
+Set-StrictMode -Version Latest
+$ErrorActionPreference = 'Stop'
+
+$script:PassedCount = 0
+$script:Failures = [System.Collections.Generic.List[string]]::new()
+
+function Assert-PocTest {
+    param(
+        [bool] $Condition,
+        [string] $Message
+    )
+
+    if ($Condition) {
+        $script:PassedCount++
+        Write-Host "PASS: $Message" -ForegroundColor Green
+        return
+    }
+
+    $script:Failures.Add($Message)
+    Write-Host "FAIL: $Message" -ForegroundColor Red
+}
+
+function Get-TreeFingerprint {
+    param([string] $RootPath)
+
+    return @(
+        Get-ChildItem -LiteralPath $RootPath -File -Recurse |
+            ForEach-Object {
+                $relativePath = [System.IO.Path]::GetRelativePath($RootPath, $_.FullName).Replace('\', '/')
+                $hash = (Get-FileHash -LiteralPath $_.FullName -Algorithm SHA256).Hash.ToLowerInvariant()
+                "$relativePath|$hash"
+            } |
+            Sort-Object
+    )
+}
+
+function Get-ConfiguredPoolPriorities {
+    param(
+        [string] $Path,
+        [string] $PoolName
+    )
+
+    $priorities = [ordered]@{}
+    $insidePool = $false
+    $currentMember = $null
+
+    foreach ($line in Get-Content -LiteralPath $Path) {
+        if ($line -match '^  - name:\s*(?<name>[A-Za-z0-9._-]+)\s*$') {
+            $insidePool = $Matches.name -eq $PoolName
+            $currentMember = $null
+            continue
+        }
+
+        if (-not $insidePool) {
+            continue
+        }
+
+        if ($line -match '^          - id: /backends/(?<name>[A-Za-z0-9._-]+)\s*$') {
+            $currentMember = $Matches.name
+            continue
+        }
+
+        if ($null -ne $currentMember -and $line -match '^            priority:\s*(?<priority>\d+)\s*$') {
+            $priorities[$currentMember] = [int] $Matches.priority
+            $currentMember = $null
+        }
+    }
+
+    return $priorities
+}
+
+function Invoke-PreparationProcess {
+    param(
+        [string] $PowerShellPath,
+        [string] $ScriptPath,
+        [string] $SourcePath,
+        [string] $DestinationPath,
+        [string] $ConfigurationPath,
+        [string] $AuditPath
+    )
+
+    $arguments = @(
+        '-NoLogo'
+        '-NoProfile'
+        '-File'
+        $ScriptPath
+        '-SourceArtifactsPath'
+        $SourcePath
+        '-DestinationArtifactsPath'
+        $DestinationPath
+        '-ConfigurationPath'
+        $ConfigurationPath
+        '-AuditManifestPath'
+        $AuditPath
+    )
+
+    $output = & $PowerShellPath @arguments 2>&1 | Out-String
+
+    return [pscustomobject]@{
+        ExitCode = $LASTEXITCODE
+        Output = $output
+    }
+}
+
+$pocRoot = [System.IO.Path]::GetFullPath((Join-Path $PSScriptRoot '..'))
+$scriptPath = Join-Path $pocRoot 'scripts/prepare-apiops-artifacts.ps1'
+$sourceFixturePath = Join-Path $pocRoot 'artifacts'
+$configurationRoot = Join-Path $pocRoot 'configurations'
+$missingBackendConfiguration = Join-Path $PSScriptRoot 'fixtures/configuration.missing-backend.yaml'
+$unselectedPoolMemberConfiguration = Join-Path $PSScriptRoot 'fixtures/configuration.pool-member-not-selected.yaml'
+$poolName = 'inference-gpt-5-1-pool'
+$powerShellPath = (Get-Command pwsh -ErrorAction Stop).Source
+$temporaryRoot = Join-Path ([System.IO.Path]::GetTempPath()) "apiops-backend-poc-$([guid]::NewGuid().ToString('N'))"
+$canonicalPath = Join-Path $temporaryRoot 'canonical-artifacts'
+
+try {
+    $null = New-Item -ItemType Directory -Path $canonicalPath -Force
+    Get-ChildItem -LiteralPath $sourceFixturePath -Force | Copy-Item -Destination $canonicalPath -Recurse -Force
+
+    $markerDirectory = Join-Path $canonicalPath 'namedValues/poc-marker'
+    $null = New-Item -ItemType Directory -Path $markerDirectory -Force
+    @{
+        properties = @{
+            displayName = 'poc-marker'
+            secret = $false
+            tags = @('backend-filtering-poc')
+            value = 'preserved'
+        }
+    } |
+        ConvertTo-Json -Depth 3 |
+        Set-Content -LiteralPath (Join-Path $markerDirectory 'namedValueInformation.json') -Encoding utf8
+
+    $sourceFingerprintBefore = @(Get-TreeFingerprint -RootPath $canonicalPath)
+
+    $canonicalPoolPath = Join-Path $canonicalPath "backends/$poolName/backendInformation.json"
+    $canonicalServices = @((Get-Content -LiteralPath $canonicalPoolPath -Raw | ConvertFrom-Json).properties.pool.services)
+    $canonicalPtuPriorities = @($canonicalServices | Where-Object { $_.id -match '-PTU-' } | ForEach-Object priority)
+    $canonicalPaygPriorities = @($canonicalServices | Where-Object { $_.id -match '-PAYG-' } | ForEach-Object priority)
+    Assert-PocTest `
+        -Condition (@($canonicalPtuPriorities | Where-Object { $_ -ne 1 }).Count -eq 0) `
+        -Message 'The canonical pool assigns priority 1 to all simulated PTU capacity.'
+    Assert-PocTest `
+        -Condition (@($canonicalPaygPriorities | Where-Object { $_ -ne 2 }).Count -eq 0) `
+        -Message 'The canonical pool assigns priority 2 to all PAYG capacity.'
+
+    $cases = @(
+        [pscustomobject]@{
+            Name = 'DEV'
+            Configuration = Join-Path $configurationRoot 'configuration.dev.yaml'
+            ExpectedConcreteNames = @(
+                'gpt-5-1-PAYG-centralus',
+                'gpt-5-1-PAYG-eastus2',
+                'gpt-5-1-PAYG-eastus2-02',
+                'gpt-5-1-PAYG-northcentralus',
+                'gpt-5-1-PAYG-southcentralus',
+                'gpt-5-1-PAYG-westus3',
+                'gpt-5-1-PAYG-westus3-02',
+                'gpt-5-1-PTU-eastus2',
+                'gpt-5-1-PTU-southcentralus',
+                'gpt-5-1-PTU-westus3'
+            )
+            ExpectedPtuBackends = @(
+                'gpt-5-1-PTU-eastus2',
+                'gpt-5-1-PTU-southcentralus',
+                'gpt-5-1-PTU-westus3'
+            )
+            ExpectedPaygBackends = @(
+                'gpt-5-1-PAYG-centralus',
+                'gpt-5-1-PAYG-eastus2',
+                'gpt-5-1-PAYG-eastus2-02',
+                'gpt-5-1-PAYG-northcentralus',
+                'gpt-5-1-PAYG-southcentralus',
+                'gpt-5-1-PAYG-westus3',
+                'gpt-5-1-PAYG-westus3-02'
+            )
+        }
+        [pscustomobject]@{
+            Name = 'QA'
+            Configuration = Join-Path $configurationRoot 'configuration.qa.yaml'
+            ExpectedConcreteNames = @('gpt-5-1-PTU-eastus2', 'gpt-5-1-PTU-westus3')
+        }
+        [pscustomobject]@{
+            Name = 'PROD East US 2'
+            Configuration = Join-Path $configurationRoot 'configuration.prod-eastus2.yaml'
+            ExpectedConcreteNames = @(
+                'gpt-5-1-PAYG-eastus2',
+                'gpt-5-1-PAYG-eastus2-02',
+                'gpt-5-1-PAYG-southcentralus',
+                'gpt-5-1-PAYG-westus3',
+                'gpt-5-1-PAYG-westus3-02',
+                'gpt-5-1-PTU-eastus2',
+                'gpt-5-1-PTU-westus3'
+            )
+            ExpectedLocalPtuBackends = @(
+                'gpt-5-1-PTU-eastus2'
+            )
+            ExpectedLocalPaygBackends = @(
+                'gpt-5-1-PAYG-eastus2',
+                'gpt-5-1-PAYG-eastus2-02'
+            )
+            ExpectedRemotePtuBackends = @(
+                'gpt-5-1-PTU-westus3'
+            )
+            ExpectedRemotePaygBackends = @(
+                'gpt-5-1-PAYG-westus3',
+                'gpt-5-1-PAYG-westus3-02'
+            )
+            ExpectedFallbackBackends = @('gpt-5-1-PAYG-southcentralus')
+        }
+        [pscustomobject]@{
+            Name = 'PROD West US 3'
+            Configuration = Join-Path $configurationRoot 'configuration.prod-westus3.yaml'
+            ExpectedConcreteNames = @(
+                'gpt-5-1-PAYG-eastus2',
+                'gpt-5-1-PAYG-eastus2-02',
+                'gpt-5-1-PAYG-southcentralus',
+                'gpt-5-1-PAYG-westus3',
+                'gpt-5-1-PAYG-westus3-02',
+                'gpt-5-1-PTU-eastus2',
+                'gpt-5-1-PTU-westus3'
+            )
+            ExpectedLocalPtuBackends = @(
+                'gpt-5-1-PTU-westus3'
+            )
+            ExpectedLocalPaygBackends = @(
+                'gpt-5-1-PAYG-westus3',
+                'gpt-5-1-PAYG-westus3-02'
+            )
+            ExpectedRemotePtuBackends = @(
+                'gpt-5-1-PTU-eastus2'
+            )
+            ExpectedRemotePaygBackends = @(
+                'gpt-5-1-PAYG-eastus2',
+                'gpt-5-1-PAYG-eastus2-02'
+            )
+            ExpectedFallbackBackends = @('gpt-5-1-PAYG-southcentralus')
+        }
+    )
+
+    foreach ($case in $cases) {
+        Write-Host "`n--- $($case.Name) selection test ---" -ForegroundColor Cyan
+        $destinationPath = Join-Path $temporaryRoot "staged-$($case.Name.ToLowerInvariant())"
+        $auditPath = "$destinationPath.selection.json"
+        $result = Invoke-PreparationProcess `
+            -PowerShellPath $powerShellPath `
+            -ScriptPath $scriptPath `
+            -SourcePath $canonicalPath `
+            -DestinationPath $destinationPath `
+            -ConfigurationPath $case.Configuration `
+            -AuditPath $auditPath
+
+        Assert-PocTest -Condition ($result.ExitCode -eq 0) -Message "$($case.Name) exits with code 0. Output: $($result.Output.Trim())"
+        Assert-PocTest -Condition (Test-Path -LiteralPath $destinationPath -PathType Container) -Message "$($case.Name) creates a staged artifact tree."
+
+        if (Test-Path -LiteralPath $destinationPath -PathType Container) {
+            $actualNames = @(Get-ChildItem -LiteralPath (Join-Path $destinationPath 'backends') -Directory | ForEach-Object Name | Sort-Object)
+            $expectedNames = @($case.ExpectedConcreteNames + $poolName | Sort-Object)
+            $nameDifference = @(Compare-Object -ReferenceObject $expectedNames -DifferenceObject $actualNames)
+            Assert-PocTest `
+                -Condition ($nameDifference.Count -eq 0) `
+                -Message "$($case.Name) stages $($case.ExpectedConcreteNames.Count) concrete backends and the stable pool ID."
+
+            $poolArtifactPath = Join-Path $destinationPath "backends/$poolName/backendInformation.json"
+            Assert-PocTest `
+                -Condition (Test-Path -LiteralPath $poolArtifactPath -PathType Leaf) `
+                -Message "$($case.Name) preserves the canonical $poolName artifact."
+
+            $markerPath = Join-Path $destinationPath 'namedValues/poc-marker/namedValueInformation.json'
+            Assert-PocTest -Condition (Test-Path -LiteralPath $markerPath -PathType Leaf) -Message "$($case.Name) preserves non-backend artifact collections."
+        }
+
+        Assert-PocTest -Condition (Test-Path -LiteralPath $auditPath -PathType Leaf) -Message "$($case.Name) writes an audit manifest."
+        if (Test-Path -LiteralPath $auditPath -PathType Leaf) {
+            $audit = Get-Content -LiteralPath $auditPath -Raw | ConvertFrom-Json
+            $auditMembers = @($audit.backendPoolMemberships.$poolName)
+            $memberDifference = @(Compare-Object -ReferenceObject @($case.ExpectedConcreteNames) -DifferenceObject $auditMembers)
+            Assert-PocTest `
+                -Condition ($audit.selectedConcreteBackendCount -eq $case.ExpectedConcreteNames.Count) `
+                -Message "$($case.Name) audit records the concrete backend count."
+            Assert-PocTest -Condition ($audit.selectedBackendPoolCount -eq 1) -Message "$($case.Name) audit records one selected backend pool."
+            Assert-PocTest -Condition ($audit.availableBackendResourceCount -eq 11) -Message "$($case.Name) audit records 11 canonical backend resources."
+            Assert-PocTest -Condition ($audit.availableConcreteBackendCount -eq 10) -Message "$($case.Name) audit records 10 canonical concrete backends."
+            Assert-PocTest -Condition ($audit.availableBackendPoolCount -eq 1) -Message "$($case.Name) audit records one canonical backend pool."
+            Assert-PocTest -Condition ($memberDifference.Count -eq 0) -Message "$($case.Name) audit records the exact target-specific pool composition."
+        }
+
+        if ($null -ne $case.PSObject.Properties['ExpectedLocalPtuBackends']) {
+            $priorities = Get-ConfiguredPoolPriorities -Path $case.Configuration -PoolName $poolName
+            $localPtuPriorities = @($case.ExpectedLocalPtuBackends | ForEach-Object { $priorities[$_] })
+            $localPaygPriorities = @($case.ExpectedLocalPaygBackends | ForEach-Object { $priorities[$_] })
+            $remotePtuPriorities = @($case.ExpectedRemotePtuBackends | ForEach-Object { $priorities[$_] })
+            $remotePaygPriorities = @($case.ExpectedRemotePaygBackends | ForEach-Object { $priorities[$_] })
+            $fallbackPriorities = @($case.ExpectedFallbackBackends | ForEach-Object { $priorities[$_] })
+
+            Assert-PocTest `
+                -Condition (@($localPtuPriorities | Where-Object { $_ -ne 1 }).Count -eq 0) `
+                -Message "$($case.Name) assigns priority 1 to simulated local PTU capacity."
+            Assert-PocTest `
+                -Condition (@($remotePtuPriorities | Where-Object { $_ -ne 2 }).Count -eq 0) `
+                -Message "$($case.Name) assigns priority 2 to simulated peer-region PTU capacity."
+            Assert-PocTest `
+                -Condition (@($localPaygPriorities | Where-Object { $_ -ne 3 }).Count -eq 0) `
+                -Message "$($case.Name) assigns priority 3 to local PAYG capacity."
+            Assert-PocTest `
+                -Condition (@($remotePaygPriorities | Where-Object { $_ -ne 4 }).Count -eq 0) `
+                -Message "$($case.Name) assigns priority 4 to peer-region PAYG capacity."
+            Assert-PocTest `
+                -Condition (@($fallbackPriorities | Where-Object { $_ -ne 5 }).Count -eq 0) `
+                -Message "$($case.Name) assigns priority 5 to the tertiary PAYG fallback."
+        }
+
+        if ($null -ne $case.PSObject.Properties['ExpectedPtuBackends']) {
+            $priorities = Get-ConfiguredPoolPriorities -Path $case.Configuration -PoolName $poolName
+            $ptuPriorities = @($case.ExpectedPtuBackends | ForEach-Object { $priorities[$_] })
+            $paygPriorities = @($case.ExpectedPaygBackends | ForEach-Object { $priorities[$_] })
+            Assert-PocTest `
+                -Condition (@($ptuPriorities | Where-Object { $_ -ne 1 }).Count -eq 0) `
+                -Message "$($case.Name) assigns priority 1 to all simulated PTU capacity."
+            Assert-PocTest `
+                -Condition (@($paygPriorities | Where-Object { $_ -ne 2 }).Count -eq 0) `
+                -Message "$($case.Name) assigns priority 2 to all PAYG capacity."
+        }
+    }
+
+    Write-Host "`n--- Missing configured backend test ---" -ForegroundColor Cyan
+    $failedDestinationPath = Join-Path $temporaryRoot 'staged-missing'
+    $failedAuditPath = "$failedDestinationPath.selection.json"
+    $failureResult = Invoke-PreparationProcess `
+        -PowerShellPath $powerShellPath `
+        -ScriptPath $scriptPath `
+        -SourcePath $canonicalPath `
+        -DestinationPath $failedDestinationPath `
+        -ConfigurationPath $missingBackendConfiguration `
+        -AuditPath $failedAuditPath
+
+    Assert-PocTest -Condition ($failureResult.ExitCode -eq 4) -Message 'A missing configured backend exits with code 4.'
+    Assert-PocTest -Condition ($failureResult.Output -match 'POC004') -Message 'The failure identifies the source-artifact error category.'
+    Assert-PocTest -Condition ($failureResult.Output -match 'gpt-5-1-PTU-japaneast') -Message 'The failure names the missing configured backend ID.'
+    Assert-PocTest -Condition ($failureResult.Output -match 'Expected artifact path') -Message 'The failure reports the expected canonical artifact path.'
+    Assert-PocTest -Condition ($failureResult.Output -match 'publisher was not started') -Message 'The failure confirms that APIOps was not started.'
+    Assert-PocTest -Condition (-not (Test-Path -LiteralPath $failedDestinationPath)) -Message 'No staging directory remains after preflight validation fails.'
+
+    Write-Host "`n--- Unselected backend-pool member test ---" -ForegroundColor Cyan
+    $failedPoolDestinationPath = Join-Path $temporaryRoot 'staged-invalid-pool'
+    $failedPoolResult = Invoke-PreparationProcess `
+        -PowerShellPath $powerShellPath `
+        -ScriptPath $scriptPath `
+        -SourcePath $canonicalPath `
+        -DestinationPath $failedPoolDestinationPath `
+        -ConfigurationPath $unselectedPoolMemberConfiguration `
+        -AuditPath "$failedPoolDestinationPath.selection.json"
+
+    Assert-PocTest -Condition ($failedPoolResult.ExitCode -eq 3) -Message 'A pool member omitted from direct selection exits with code 3.'
+    Assert-PocTest `
+        -Condition ($failedPoolResult.Output -match 'BACKEND POOL MEMBER IS NOT SELECTED') `
+        -Message 'The pool dependency error explains why selection is invalid.'
+    Assert-PocTest -Condition ($failedPoolResult.Output -match 'gpt-5-1-PTU-westus3') -Message 'The pool dependency error names the unselected member.'
+    Assert-PocTest `
+        -Condition ($failedPoolResult.Output -match 'publisher was not started') `
+        -Message 'The invalid pool composition confirms that APIOps was not started.'
+    Assert-PocTest `
+        -Condition (-not (Test-Path -LiteralPath $failedPoolDestinationPath)) `
+        -Message 'No staging directory remains after pool dependency validation fails.'
+
+    Write-Host "`n--- Invalid path safety tests ---" -ForegroundColor Cyan
+    $missingSourceDestination = Join-Path $temporaryRoot 'staged-missing-source'
+    $missingSourceResult = Invoke-PreparationProcess `
+        -PowerShellPath $powerShellPath `
+        -ScriptPath $scriptPath `
+        -SourcePath (Join-Path $temporaryRoot 'source-does-not-exist') `
+        -DestinationPath $missingSourceDestination `
+        -ConfigurationPath (Join-Path $configurationRoot 'configuration.dev.yaml') `
+        -AuditPath "$missingSourceDestination.selection.json"
+
+    Assert-PocTest -Condition ($missingSourceResult.ExitCode -eq 2) -Message 'A nonexistent source path exits with code 2.'
+    Assert-PocTest -Condition ($missingSourceResult.Output -match 'POC002') -Message 'A nonexistent source path reports the invalid-input category.'
+    Assert-PocTest -Condition (-not (Test-Path -LiteralPath $missingSourceDestination)) -Message 'A nonexistent source path cannot create staging.'
+
+    $overlapDestination = Join-Path $temporaryRoot 'staged-audit-overlap'
+    $overlapResult = Invoke-PreparationProcess `
+        -PowerShellPath $powerShellPath `
+        -ScriptPath $scriptPath `
+        -SourcePath $canonicalPath `
+        -DestinationPath $overlapDestination `
+        -ConfigurationPath (Join-Path $configurationRoot 'configuration.dev.yaml') `
+        -AuditPath (Join-Path $overlapDestination 'selection.json')
+
+    Assert-PocTest -Condition ($overlapResult.ExitCode -eq 2) -Message 'An audit path inside staging exits with code 2.'
+    Assert-PocTest -Condition ($overlapResult.Output -match 'AUDIT MANIFEST PATH OVERLAPS') -Message 'An overlapping audit path receives a descriptive error.'
+    Assert-PocTest -Condition (-not (Test-Path -LiteralPath $overlapDestination)) -Message 'An overlapping audit path is rejected before staging is created.'
+
+    $sourceFingerprintAfter = @(Get-TreeFingerprint -RootPath $canonicalPath)
+    $sourceDifference = @(Compare-Object -ReferenceObject $sourceFingerprintBefore -DifferenceObject $sourceFingerprintAfter)
+    Assert-PocTest -Condition ($sourceDifference.Count -eq 0) -Message 'The canonical source artifact tree remains byte-for-byte unchanged.'
+}
+finally {
+    if ($KeepTemporaryFiles) {
+        Write-Host "Temporary test files retained at: $temporaryRoot" -ForegroundColor Yellow
+    }
+    elseif (Test-Path -LiteralPath $temporaryRoot) {
+        Remove-Item -LiteralPath $temporaryRoot -Recurse -Force
+    }
+}
+
+Write-Host "`n=== POC Test Summary ===" -ForegroundColor Cyan
+Write-Host "Passed assertions: $script:PassedCount"
+Write-Host "Failed assertions: $($script:Failures.Count)"
+
+if ($script:Failures.Count -gt 0) {
+    foreach ($failure in $script:Failures) {
+        Write-Host " - $failure" -ForegroundColor Red
+    }
+    exit 1
+}
+
+Write-Host 'All APIOps backend filtering POC tests passed.' -ForegroundColor Green
+exit 0
diff --git a/samples/inference-failover/APIOps-variable-publish/workflow-templates/publish-apiops.yml b/samples/inference-failover/APIOps-variable-publish/workflow-templates/publish-apiops.yml
new file mode 100644
index 00000000..ac57bc62
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/workflow-templates/publish-apiops.yml
@@ -0,0 +1,79 @@
+name: Publish APIOps Backend Selection POC
+
+# This file is an inert template in the POC. Copy it to .github/workflows together with the reusable workflow before enabling it in a repository.
+on:
+  workflow_dispatch:
+    inputs:
+      target-environment:
+        description: Logical environment to publish
+        required: true
+        type: choice
+        default: all
+
+        options:
+          - all
+          - dev
+          - qa
+          - prod
+
+permissions:
+  # Checkout needs repository read access; Azure login exchanges the GitHub OIDC token for an Azure access token without storing a client secret.
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    name: Publish ${{ matrix.target-name }}
+    strategy:
+      # Let independent APIM targets finish even when another target fails.
+      fail-fast: false
+
+      # Each row is one independently managed APIM target. The reusable workflow skips rows outside the environment selected at dispatch time.
+      matrix:
+        include:
+          - target-name: dev-eastus2-01
+            logical-environment: dev
+            github-environment: apiops-dev
+            configuration-path: samples/inference-failover/POC/configurations/configuration.dev.yaml
+            resource-group-name: rg-apim-dev-eastus2-01
+            apim-service-name: apim-dev-eastus2-01
+
+          - target-name: qa-eastus2-01
+            logical-environment: qa
+            github-environment: apiops-qa
+            configuration-path: samples/inference-failover/POC/configurations/configuration.qa.yaml
+            resource-group-name: rg-apim-qa-eastus2-01
+            apim-service-name: apim-qa-eastus2-01
+
+          - target-name: prod-eastus2-01
+            logical-environment: prod
+            github-environment: apiops-prod
+            configuration-path: samples/inference-failover/POC/configurations/configuration.prod-eastus2.yaml
+            resource-group-name: rg-apim-prod-eastus2-01
+            apim-service-name: apim-prod-eastus2-01
+
+          # PROD targets select the same backend IDs but publish different PTU-first regional pool priority arrays.
+          - target-name: prod-westus3-01
+            logical-environment: prod
+            github-environment: apiops-prod
+            configuration-path: samples/inference-failover/POC/configurations/configuration.prod-westus3.yaml
+            resource-group-name: rg-apim-prod-westus3-01
+            apim-service-name: apim-prod-westus3-01
+
+    # Reusable workflows must live directly under .github/workflows.
+    uses: ./.github/workflows/run-publisher-with-backend-selection.yml
+
+    with:
+      selected-environment: ${{ inputs.target-environment }}
+      logical-environment: ${{ matrix.logical-environment }}
+      github-environment: ${{ matrix.github-environment }}
+      target-name: ${{ matrix.target-name }}
+
+      source-artifacts-path: samples/inference-failover/POC/artifacts
+      configuration-path: ${{ matrix.configuration-path }}
+
+      resource-group-name: ${{ matrix.resource-group-name }}
+      apim-service-name: ${{ matrix.apim-service-name }}
+
+    # The protected GitHub environment selected by each matrix row governs access to the Azure workload identity values consumed by the callee.
+    secrets: inherit
diff --git a/samples/inference-failover/APIOps-variable-publish/workflow-templates/run-publisher-with-backend-selection.yml b/samples/inference-failover/APIOps-variable-publish/workflow-templates/run-publisher-with-backend-selection.yml
new file mode 100644
index 00000000..b3b7080b
--- /dev/null
+++ b/samples/inference-failover/APIOps-variable-publish/workflow-templates/run-publisher-with-backend-selection.yml
@@ -0,0 +1,189 @@
+name: Run APIOps Publisher with Backend Selection
+
+# This file is an inert template in the POC. Copy it to .github/workflows so publish-apiops.yml can call it as a reusable workflow.
+on:
+  workflow_call:
+    inputs:
+      selected-environment:
+        description: Logical environment requested by the caller, or all
+        required: true
+        type: string
+
+      logical-environment:
+        description: Logical environment represented by this target
+        required: true
+        type: string
+
+      github-environment:
+        description: Protected GitHub environment containing Azure OIDC secrets
+        required: true
+        type: string
+
+      target-name:
+        description: Stable target identifier used in logs and evidence names
+        required: true
+        type: string
+
+      source-artifacts-path:
+        description: Repository-relative canonical APIOps artifact root
+        required: true
+        type: string
+
+      configuration-path:
+        description: Repository-relative APIOps configuration YAML
+        required: true
+        type: string
+
+      resource-group-name:
+        description: Resource group containing the target APIM service
+        required: true
+        type: string
+
+      apim-service-name:
+        description: Target API Management service name
+        required: true
+        type: string
+
+permissions:
+  # Checkout needs repository read access; Azure login uses GitHub OIDC.
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    # The caller expands every matrix row. Skip targets outside the logical environment selected by the operator, while "all" publishes every row.
+    if: inputs.selected-environment == 'all' || inputs.selected-environment == inputs.logical-environment
+    name: Prepare and publish ${{ inputs.target-name }}
+    runs-on: ubuntu-latest
+    # Environment protection rules can require approval before Azure access.
+    environment: ${{ inputs.github-environment }}
+
+    env:
+      # Pin the publisher release and its archive digest independently. A modified or unexpectedly replaced release asset fails before execution.
+      APIOPS_RELEASE_VERSION: v7.0.3
+      PUBLISHER_ARCHIVE_SHA256: f9808d211c672841b951378562c08fe2acfddeef8a524a80963d771fed4bfee7
+
+    steps:
+      - name: Check out canonical artifacts
+        # CONVENTIONAL PIPELINE SETUP - NOT AN APIOPS FEATURE:
+        # The publisher needs local artifact files, so the workflow checks out the repository. APIOps itself does not perform source control checkout.
+        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+
+      - name: Prepare target-specific artifact tree
+        # POC-SPECIFIC EXTENSION - NOT OUT-OF-THE-BOX APIOPS:
+        #
+        # WHY: Native APIOps configuration overrides properties but does not select which artifact folders the publisher discovers. Without this step,
+        # every target would publish all 10 canonical backends.
+        #
+        # WALKTHROUGH:
+        # 1. Treat the configuration's top-level backends[].name values as this target's allowlist, including the stable backend pool resource.
+        #    For example:
+        #       backends[0].name = gpt-5-1-PTU-eastus2, ... backends[10].name = inference-gpt-5-1-pool
+        #
+        # 2. Validate every selected ID and pool member against the canonical artifact superset before creating any staged output. Every backend defined in
+        #    the configuration YAML must have a matching canonical artifact; the configured set may contain any intentional number of those artifacts.
+        #    Every configured pool member must also resolve to a selected canonical concrete backend. If an ID is missing because of a typo, stale
+        #    configuration, or absent extraction output, APIOps cannot publish it because property overrides do not create a missing artifact. If a pool
+        #    member is not selected, the staged pool would reference a backend that is not being published. The script fails before staging in either case.
+        #
+        # 3. Copy the canonical tree to runner.temp, include only selected backend directories, and preserve all non-backend collections.
+        #
+        # 4. Leave the checked-out source unchanged - we do not modify source - and write a JSON audit manifest containing the effective selection and pool membership.
+        #
+        # EFFECT: APIOps discovers and creates or updates only the selected subset: DEV=10, QA=2, and each regional PROD target=7. The target configuration
+        # also replaces the pool's complete services array with its PTU-first routing order. Validation failure stops before Azure authentication. This does
+        # not delete unselected backends already in APIM; retirement remains a separate reviewed operation.
+        shell: pwsh
+
+        env:
+          SOURCE_ARTIFACTS_PATH: ${{ github.workspace }}/${{ inputs.source-artifacts-path }}
+          CONFIGURATION_PATH: ${{ github.workspace }}/${{ inputs.configuration-path }}
+          STAGED_ARTIFACTS_PATH: ${{ runner.temp }}/apiops-${{ inputs.target-name }}
+          AUDIT_MANIFEST_PATH: ${{ runner.temp }}/apiops-${{ inputs.target-name }}.selection.json
+
+        run: |
+          & ./samples/inference-failover/POC/scripts/prepare-apiops-artifacts.ps1 `
+            -SourceArtifactsPath $env:SOURCE_ARTIFACTS_PATH `
+            -DestinationArtifactsPath $env:STAGED_ARTIFACTS_PATH `
+            -ConfigurationPath $env:CONFIGURATION_PATH `
+            -AuditManifestPath $env:AUDIT_MANIFEST_PATH
+
+          if ($LASTEXITCODE -ne 0) {
+            throw "Artifact preparation failed with exit code $LASTEXITCODE. The APIOps publisher will not run."
+          }
+
+      - name: Sign in to Azure with workload identity
+        # CONVENTIONAL APIOPS PIPELINE PREREQUISITE - NOT A PUBLISHER FEATURE:
+        # The publisher requires an authenticated Azure context. OIDC through azure/login is the standard secretless GitHub Actions setup used here; APIOps
+        # consumes the resulting credentials but does not perform login. Authenticate only after custom selection validation succeeds.
+        uses: azure/login@532459ea530d8321f2fb9bb10d1e0bcf23869a43 # v3.0.0
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Download and verify APIOps publisher
+        # CONVENTIONAL APIOPS TOOL ACQUISITION WITH POC HARDENING:
+        # Downloading the official standalone publisher for the runner platform is normal APIOps setup. Pinning v7.0.3 and verifying its SHA-256 digest are
+        # pipeline supply-chain controls added by this POC.
+        id: publisher
+        shell: pwsh
+
+        env:
+          DOWNLOAD_DIRECTORY: ${{ runner.temp }}/apiops-publisher
+
+        run: |
+          $archiveName = 'publisher-linux-x64.zip'
+          $archivePath = Join-Path $env:RUNNER_TEMP $archiveName
+          $downloadUri = "https://github.com/Azure/apiops/releases/download/$env:APIOPS_RELEASE_VERSION/$archiveName"
+
+          Invoke-WebRequest -Uri $downloadUri -OutFile $archivePath
+          $actualHash = (Get-FileHash -LiteralPath $archivePath -Algorithm SHA256).Hash.ToLowerInvariant()
+          if ($actualHash -ne $env:PUBLISHER_ARCHIVE_SHA256) {
+            throw "Publisher checksum mismatch. Expected '$env:PUBLISHER_ARCHIVE_SHA256'; received '$actualHash'."
+          }
+
+          Expand-Archive -LiteralPath $archivePath -DestinationPath $env:DOWNLOAD_DIRECTORY -Force
+          $publisherPath = Join-Path $env:DOWNLOAD_DIRECTORY 'publisher'
+          & chmod +x $publisherPath
+          if ($LASTEXITCODE -ne 0) {
+            throw 'Could not mark the APIOps publisher executable.'
+          }
+
+          "publisher-path=$publisherPath" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
+
+      - name: Publish staged artifacts to API Management
+        # OUT-OF-THE-BOX APIOPS PUBLISHING:
+        # These AZURE_*, API_MANAGEMENT_*, CONFIGURATION_YAML_PATH, and logging environment variables are conventional APIOps publisher inputs. The executable
+        # discovers artifacts under the supplied output-folder path, applies configuration property overrides, and publishes them to APIM. COMMIT_ID is
+        # intentionally absent: the staged tree is generated during this run and has no meaningful Git history, so the publisher must process it as a
+        # complete target-specific snapshot.
+        shell: pwsh
+
+        env:
+          AZURE_RESOURCE_GROUP_NAME: ${{ inputs.resource-group-name }}
+          API_MANAGEMENT_SERVICE_NAME: ${{ inputs.apim-service-name }}
+          API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH: ${{ runner.temp }}/apiops-${{ inputs.target-name }}
+          CONFIGURATION_YAML_PATH: ${{ github.workspace }}/${{ inputs.configuration-path }}
+          PUBLISHER_PATH: ${{ steps.publisher.outputs.publisher-path }}
+          Logging__LogLevel__Default: Information
+
+        run: |
+          & $env:PUBLISHER_PATH
+          if ($LASTEXITCODE -ne 0) {
+            throw "APIOps publisher failed with exit code $LASTEXITCODE."
+          }
+
+      - name: Upload backend selection evidence
+        # POC-SPECIFIC EVIDENCE - NOT OUT-OF-THE-BOX APIOPS:
+        # APIOps does not create or upload this backend-selection manifest. The custom preparation script creates it, and GitHub Actions retains it for review
+        # of the exact target subset and effective pool membership. Preserve the manifest on success and failure; missing evidence warns instead of masking
+        # the original preparation or publisher error.
+        if: always()
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+
+        with:
+          name: apiops-selection-${{ inputs.target-name }}
+          path: ${{ runner.temp }}/apiops-${{ inputs.target-name }}.selection.json
+          if-no-files-found: warn
+          retention-days: 30
diff --git a/samples/inference-failover/README.md b/samples/inference-failover/README.md
index 917eac6d..d337a4ba 100644
--- a/samples/inference-failover/README.md
+++ b/samples/inference-failover/README.md
@@ -32,48 +32,48 @@ An AI platform prefers all provisioned capacity before using pay-as-you-go capac
 
 The primary inference policy used by the notebook scenarios follows this response-handling matrix. "Trip Breaker" applies to the backend that returned the response. "Caller Codes" lists the recovery code first and the exhausted terminal code second when both are possible.
 
-| Backend Code | Trip Breaker | Retry     | Caller Codes     | Category  | Severity | Handling                                                                                                             |
-| ------------ | ------------ | --------- | ---------------- | --------- | -------- | -------------------------------------------------------------------------------------------------------------------- |
-| 200          | -            | -         | 200              | Success   | None     | Return the successful response.                                                                                      |
-| 400          | No           | No        | 400              | Client    | Low      | Return unchanged; may indicate an invalid request or content filtering.                                              |
-| 401          | No           | No        | 401              | Auth      | Medium   | Return unchanged; correct backend authentication.                                                                    |
-| 403          | No           | No        | 403              | AuthZ     | Medium   | Return unchanged; correct backend authorization.                                                                     |
-| 404          | No           | No        | 404              | Config    | Medium   | Return unchanged; correct the backend URL or deployment name.                                                        |
-| 408          | Yes          | Yes       | 200 or 408       | Timeout   | Medium   | Retry another backend; return the explicit HTTP timeout if the fallback chain is exhausted.                          |
-| 409          | No           | Sometimes | 200 or 409       | Conflict  | Medium   | Retry only when `Retry-After` marks the conflict as transient.                                                       |
-| 429          | Yes          | Yes       | 200 or 429       | Capacity  | Medium   | Retry another eligible backend; return the final `429` unchanged if all fallbacks are exhausted.                     |
-| 499          | Yes          | Yes       | 200 or 499       | Custom    | Medium   | Retry another backend when PTU exhaustion is represented by a transformed `408`.                                     |
-| 500          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
-| 502          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
-| 503          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
-| 504          | Yes          | Yes       | 200 or 503       | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                                               |
-| null         | No           | Yes       | 200 or 503       | Transport | High     | Retry after no backend response; normalize handled transport failures to `503`.                                      |
-
-The sample also deploys `POST /inference/gpt-5-1-retry-tracked/chat/completions` with [inference-api-policy-with-retry-tracked.xml](apim-policies/inference-api-policy-with-retry-tracked.xml). This optional comparison route records the earliest future `Retry-After` value and returns a rewritten `429` only when all five gpt-5.1 backends return `429` in the same retry chain. The notebook does not call this route or include it in its KQL, charts, assertions, or local report because exhausting the full five-member pool is intentionally uncommon.
+| Backend Code | Trip Breaker | Retry     | Caller Codes | Category  | Severity | Handling                                                                                         |
+| ------------ | ------------ | --------- | ------------ | --------- | -------- | ------------------------------------------------------------------------------------------------ |
+| 200          | -            | -         | 200          | Success   | None     | Return the successful response.                                                                  |
+| 400          | No           | No        | 400          | Client    | Low      | Return unchanged; may indicate an invalid request or content filtering.                          |
+| 401          | No           | No        | 401          | Auth      | Medium   | Return unchanged; correct backend authentication.                                                |
+| 403          | No           | No        | 403          | AuthZ     | Medium   | Return unchanged; correct backend authorization.                                                 |
+| 404          | No           | No        | 404          | Config    | Medium   | Return unchanged; correct the backend URL or deployment name.                                    |
+| 408          | Yes          | Yes       | 200 or 408   | Timeout   | Medium   | Retry another backend; return the explicit HTTP timeout if the fallback chain is exhausted.      |
+| 409          | No           | Sometimes | 200 or 409   | Conflict  | Medium   | Retry only when `Retry-After` marks the conflict as transient.                                   |
+| 429          | Yes          | Yes       | 200 or 429   | Capacity  | Medium   | Retry another eligible backend; return the final `429` unchanged if all fallbacks are exhausted. |
+| 499          | Yes          | Yes       | 200 or 499   | Custom    | Medium   | Retry another backend when PTU exhaustion is represented by a transformed `408`.                 |
+| 500          | Yes          | Yes       | 200 or 503   | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                           |
+| 502          | Yes          | Yes       | 200 or 503   | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                           |
+| 503          | Yes          | Yes       | 200 or 503   | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                           |
+| 504          | Yes          | Yes       | 200 or 503   | Infra     | High     | Retry another eligible backend; normalize an exhausted chain to `503`.                           |
+| null         | No           | Yes       | 200 or 503   | Transport | High     | Retry after no backend response; normalize handled transport failures to `503`.                  |
+
+The sample also deploys `POST /inference/gpt-5-1-retry-tracked/chat/completions` with [inference-api-policy-with-retry-tracked.xml](apim-policies/inference-api-policy-with-retry-tracked.xml). This optional comparison route records the earliest future `Retry-After` value and returns a rewritten `429` only when every attempt in the bounded retry chain returns `429`. The notebook does not call this route or include it in its KQL, charts, assertions, or local report because exhausting the retry budget is intentionally uncommon.
 
 ### Failure Test Coverage
 
 The notebook runs deterministic gateway contract probes before its capacity scenarios. These probes verify a valid `200`, an Azure OpenAI `400` from malformed JSON, an APIM `401` from a missing subscription key, and an APIM `404` from an unknown operation. The `400` also verifies `X-Backend-Retry: 0`, proving that client errors pass through without retry. The pressure scenarios exercise organic `429` handling against the intentionally small deployments. The remaining backend statuses require a controllable fault origin because Azure OpenAI does not provide a supported "return this status" test switch.
 
-| Condition                   | Automated here             | Recommended controlled test                                                                                                                                | Expected evidence                                                                                                   |
-| --------------------------- | -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- |
-| `200`                       | Yes                        | Send a valid small chat-completions request.                                                                                                               | `200` and `X-Backend-Retry: 0`.                                                                                     |
-| `400`                       | Yes                        | Send truncated JSON with `Content-Type: application/json`.                                                                                                 | Backend `400`, caller `400`, and `X-Backend-Retry: 0`.                                                              |
-| `401`                       | Yes                        | Omit the APIM subscription key.                                                                                                                            | Gateway `401`; the inference policy is not entered.                                                                 |
-| `403`                       | No                         | On an isolated deployment, remove **Cognitive Services OpenAI User** from APIM or add a temporary deny policy. Restore access immediately after the probe. | Backend/caller `403` and no retry.                                                                                  |
-| `404`                       | Yes                        | Call an unknown APIM operation. For a backend-side variant, temporarily target a nonexistent model deployment in an isolated backend.                      | `404` and no retry.                                                                                                 |
-| `408`                       | No                         | Return an explicit `408` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover; an exhausted chain keeps `408`.                                        |
-| `409` without `Retry-After` | No                         | Use a local fault server, Mockoon, WireMock, or a temporary Container App that returns `409` without the header.                                           | One attempt; caller keeps `409`.                                                                                    |
-| `409` with `Retry-After`    | No                         | Return `409` plus `Retry-After: 1` from the controlled fault origin.                                                                                       | Retry count increases, but the backend circuit does not open.                                                       |
-| `429`                       | Yes, workload-dependent    | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin.                                              | Backend selection avoids the constrained backend; an exhausted primary route returns the final backend `429`.       |
-| `499`                       | No                         | Transform a PTU-exhaustion `408` into `499`, or return `499` from the controlled fault origin.                                                             | Immediate circuit trip and backend failover; an exhausted chain keeps `499`.                                        |
-| `500`                       | No                         | Return an explicit `500` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover; an exhausted chain becomes generic `503`.                              |
-| `502`                       | No                         | Return an explicit `502` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover.                                                                        |
-| `503`                       | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin.                                                                             | Immediate failover; an exhausted chain becomes generic `503`.                                                       |
-| `504`                       | No                         | Return an explicit `504`; separately delay the origin beyond the APIM forwarding timeout to test transport timeout behavior.                               | HTTP `504` trips the circuit; timeout produces no backend HTTP response but is retried and normalized to `503`.     |
-| DNS/connection failure      | No                         | Point one isolated backend at a reserved nonexistent host such as `https://unresolvable.invalid`.                                                          | `BackendConnectionFailure`, retries, then generic `503` if all destinations fail.                                   |
-| TLS failure                 | No                         | Point an isolated backend at a host with an expired certificate or a certificate-name mismatch while TLS validation remains enabled.                       | Backend connection failure, retries, and no certificate detail disclosed to the caller.                             |
-| Caller disconnect           | No                         | Start a streaming or deliberately slow request, then abort the client socket or use `curl --max-time 1`.                                                   | Native client-connection/cancellation telemetry; this is not backend failover.                                      |
+| Condition                   | Automated here             | Recommended controlled test                                                                                                                                | Expected evidence                                                                                               |
+| --------------------------- | -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- |
+| `200`                       | Yes                        | Send a valid small chat-completions request.                                                                                                               | `200` and `X-Backend-Retry: 0`.                                                                                 |
+| `400`                       | Yes                        | Send truncated JSON with `Content-Type: application/json`.                                                                                                 | Backend `400`, caller `400`, and `X-Backend-Retry: 0`.                                                          |
+| `401`                       | Yes                        | Omit the APIM subscription key.                                                                                                                            | Gateway `401`; the inference policy is not entered.                                                             |
+| `403`                       | No                         | On an isolated deployment, remove **Cognitive Services OpenAI User** from APIM or add a temporary deny policy. Restore access immediately after the probe. | Backend/caller `403` and no retry.                                                                              |
+| `404`                       | Yes                        | Call an unknown APIM operation. For a backend-side variant, temporarily target a nonexistent model deployment in an isolated backend.                      | `404` and no retry.                                                                                             |
+| `408`                       | No                         | Return an explicit `408` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover; an exhausted chain keeps `408`.                                    |
+| `409` without `Retry-After` | No                         | Use a local fault server, Mockoon, WireMock, or a temporary Container App that returns `409` without the header.                                           | One attempt; caller keeps `409`.                                                                                |
+| `409` with `Retry-After`    | No                         | Return `409` plus `Retry-After: 1` from the controlled fault origin.                                                                                       | Retry count increases, but the backend circuit does not open.                                                   |
+| `429`                       | Yes, workload-dependent    | Run the pressure cells. For deterministic CI, return `429` plus `Retry-After` from a controlled fault origin.                                              | Backend selection avoids the constrained backend; an exhausted primary route returns the final backend `429`.   |
+| `499`                       | No                         | Transform a PTU-exhaustion `408` into `499`, or return `499` from the controlled fault origin.                                                             | Immediate circuit trip and backend failover; an exhausted chain keeps `499`.                                    |
+| `500`                       | No                         | Return an explicit `500` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover; an exhausted chain becomes generic `503`.                          |
+| `502`                       | No                         | Return an explicit `502` from the controlled fault origin.                                                                                                 | Immediate circuit trip and backend failover.                                                                    |
+| `503`                       | Organic but not guaranteed | Return `503`, optionally with `Retry-After`, from the controlled fault origin.                                                                             | Immediate failover; an exhausted chain becomes generic `503`.                                                   |
+| `504`                       | No                         | Return an explicit `504`; separately delay the origin beyond the APIM forwarding timeout to test transport timeout behavior.                               | HTTP `504` trips the circuit; timeout produces no backend HTTP response but is retried and normalized to `503`. |
+| DNS/connection failure      | No                         | Point one isolated backend at a reserved nonexistent host such as `https://unresolvable.invalid`.                                                          | `BackendConnectionFailure`, retries, then generic `503` if all destinations fail.                               |
+| TLS failure                 | No                         | Point an isolated backend at a host with an expired certificate or a certificate-name mismatch while TLS validation remains enabled.                       | Backend connection failure, retries, and no certificate detail disclosed to the caller.                         |
+| Caller disconnect           | No                         | Start a streaming or deliberately slow request, then abort the client socket or use `curl --max-time 1`.                                                   | Native client-connection/cancellation telemetry; this is not backend failover.                                  |
 
 Use a separate APIM API/backend pool or a disposable deployment for controlled origin tests. Do not add public fault-injection headers to the production-shaped inference APIs, and do not remove role assignments from a shared environment. A nonexistent backend hostname is useful for DNS failure, but it does **not** simulate a client disconnect: DNS happens between APIM and the backend, while a client disconnect happens between the caller and APIM.
 
@@ -124,9 +124,9 @@ This lab adds the following to an existing APIM infrastructure:
 - Three regional Azure OpenAI resources containing nine `Standard` model deployments at `1` thousand TPM each.
 - Nine concrete APIM backends named using `<model>-<PTU|PAYG>-<region>`, each with TLS validation and separate circuit breakers for capacity, sustained internal errors, and immediate gateway or availability failures.
 - Model-specific APIM backends and one backend pool per model, so a retry never crosses to an incompatible deployment and circuit-breaker state remains isolated. APIM tracks circuit-breaker state at the backend resource; if models shared a backend, a `429` or another configured failure from one model could suppress traffic to a healthy model on that same backend.
-- Three AI Gateway APIs with managed identity authentication to Azure OpenAI. The two exercised routes are `POST /inference/gpt-5-1/chat/completions`, which retries four times across A/D -> B -> E/G, and `POST /inference/gpt-4-1-mini/chat/completions`, which retries three times across C/F -> D -> H. Members separated by `/` share a priority and have equal weights.
+- Three AI Gateway APIs with managed identity authentication to Azure OpenAI. Both exercised routes permit two retries after the initial attempt, for three total attempts. This may already be more than sufficient for interactive traffic. The bounded limit is independent of pool size because failed backends are removed from selection by their circuit breakers. Members separated by `/` share a priority and have equal weights.
 - An optional `POST /inference/gpt-5-1-retry-tracked/chat/completions` route that shares the gpt-5.1 pool and demonstrates minimum `Retry-After` tracking. It is deployed for manual comparison and excluded from the notebook's automated traffic and verification.
-- Model-specific retry policies that buffer the POST body while immediately retrying conditional conflicts, throttling, and listed infrastructure failures; emit an information-level trace after every backend attempt; return caller-visible retry counts; and return a generic `503` when infrastructure failover is exhausted. Only the optional comparison policy caches the soonest recovery time and rewrites all-backend `429` exhaustion.
+- Model-specific retry policies that buffer the POST body while immediately retrying conditional conflicts, throttling, and listed infrastructure failures; emit an information-level trace after every backend attempt; return caller-visible retry counts; and return a generic `503` when infrastructure failover is exhausted. Only the optional comparison policy caches the soonest recovery time and rewrites retry-budget `429` exhaustion.
 - APIM AI Gateway diagnostics using the infrastructure-provided Log Analytics workspace and Application Insights component, plus an AOAI-only workbook for terminal outcomes, retry trails, backend distribution, APIM errors, token coverage, and latency.
 - An optional Standard Event Hubs namespace, telemetry hub, and `external-observability` consumer group in the APIM region for downstream stream processors, SIEM platforms, or external analytics systems.
 
@@ -202,6 +202,8 @@ The sample resources live in the selected infrastructure resource group. Remove
 
 ## 🔗 Additional Resources
 
+- [Inference Failover APIOps Environment Promotion Plan](APIOPS-ENVIRONMENT-PROMOTION-PLAN.md)
+- [Terraform and APIOps Backend Environment Configuration Plan](TERRAFORM-APIOPS-BACKEND-ENVIRONMENT-PLAN.md)
 - [Inference Failover and WAF Throttling Guidance](WAF-COMPARISON.md)
 - [Backends in API Management](https://learn.microsoft.com/azure/api-management/backends)
 - [Authenticate and authorize access to LLM APIs by using API Management](https://learn.microsoft.com/azure/api-management/api-management-authenticate-authorize-ai-apis)
diff --git a/samples/inference-failover/TERRAFORM-APIOPS-BACKEND-ENVIRONMENT-PLAN.md b/samples/inference-failover/TERRAFORM-APIOPS-BACKEND-ENVIRONMENT-PLAN.md
new file mode 100644
index 00000000..144f30f6
--- /dev/null
+++ b/samples/inference-failover/TERRAFORM-APIOPS-BACKEND-ENVIRONMENT-PLAN.md
@@ -0,0 +1,503 @@
+# Terraform and APIOps Environment Operations Plan
+
+<!-- markdownlint-disable MD013 -->
+<!-- Long technical prose and wide planning tables are intentionally not hard-wrapped. -->
+
+**Audience:** API platform, infrastructure, AI platform, security, and delivery teams that use Terraform and APIOps for Azure API Management (APIM).
+
+---
+
+## Contents
+
+Main plan:
+
+- [1. Purpose](#1-purpose)
+- [2. Plan at a Glance](#2-plan-at-a-glance)
+- [3. Key Terms](#3-key-terms)
+- [4. What Stays the Same and What Changes](#4-what-stays-the-same-and-what-changes)
+- [5. Ownership](#5-ownership)
+- [6. Required Files](#6-required-files)
+- [7. Terraform Manifest](#7-terraform-manifest)
+- [8. Decisions Before Implementation](#8-decisions-before-implementation)
+- [9. Implementation Plan](#9-implementation-plan)
+- [10. Adding Another Regional APIM Service](#10-adding-another-regional-apim-service)
+- [11. Release Checks](#11-release-checks)
+- [12. Rollback and Emergency Changes](#12-rollback-and-emergency-changes)
+- [13. Acceptance Criteria](#13-acceptance-criteria)
+
+Appendices and references:
+
+- [14. Transferring Ownership from Terraform](#14-transferring-ownership-from-terraform)
+- [15. APIOps Publication Modes](#15-apiops-publication-modes)
+- [16. Retry Count](#16-retry-count)
+- [17. Risk and Control Matrix](#17-risk-and-control-matrix)
+- [18. References](#18-references)
+
+---
+
+## 1. Purpose
+
+- **Primary objective:** Establish a simple, robust, and efficient way to create, change, validate, release, and recover APIM environments through Infrastructure as Code (IaC).
+- **Simple:** Use one repeatable environment pattern, clear ownership, and the fewest target-specific files needed to describe an APIM service.
+- **Robust:** Validate infrastructure and APIM configuration together, prevent conflicting ownership, stop incorrect deployments before they write, and provide a tested rollback path.
+- **Efficient:** Reuse shared configuration, automate environment checks, avoid manual portal changes, and add an environment by supplying only its infrastructure and target-specific values.
+- **Consistent:** Apply the same workflow to the first East US 2 environment and to every environment added later.
+
+> **Desired outcome:** An environment is represented by reviewed IaC and APIOps files, deployed by a repeatable pipeline, verified against its intended state, and recoverable without manual reconstruction.
+
+The initial implementation uses one APIM service, `prod-eus2-01`, in East US 2. Shared APIs, policies, and backend definitions are reused across environments; only values that genuinely belong to one target, such as its APIM identity and backend-pool order, vary. These routing details support the operating model but are not its primary purpose.
+
+---
+
+## 2. Plan at a Glance
+
+- **Repeatable environments:** Use the same IaC and APIOps workflow for every independently managed APIM service.
+- **Clear ownership:** Assign every resource to Terraform or APIOps, never both.
+- **Small differences:** Share common configuration and isolate only genuine target-specific values.
+- **Safe releases:** Bind each target to an exact APIM resource, validate before writing, and record release evidence.
+- **Predictable recovery:** Keep a last known-good release and test rollback before the environment is accepted.
+- **Additive growth:** Add a target entry, manifest, and configuration without changing existing environment files.
+
+For this scenario, independently managed environments use **independent APIM services**. Adding a gateway region to one Premium APIM service does not create a separate backend-pool configuration. Two regions can use different pool priorities only when they use separate APIM services.
+
+---
+
+## 3. Key Terms
+
+- **Environment:** One independently managed APIM service and its supporting Azure resources, desired configuration, release history, and rollback point.
+- **APIOps:** A toolkit that publishes APIM configuration from source-controlled files.
+- **Shared artifact:** A source-controlled APIOps file that defines an API, policy, Named Value, concrete backend, or stable backend-pool resource. Shared artifacts are published to every target. A shared pool artifact provides the pool ID; target configuration provides its complete member list.
+- **Concrete backend:** An APIM resource that describes one Azure OpenAI endpoint, including its URL, authentication, TLS settings, and circuit breaker.
+- **Backend pool:** An APIM resource that groups concrete backends and assigns their priorities and weights.
+- **Deployment target:** One APIM service and the files, release record, lock, and rollback point used to manage it.
+- **Deployment lock:** Pipeline concurrency control keyed by the APIM resource ID. It prevents two releases from changing the same APIM service at the same time.
+- **Terraform manifest:** A non-secret machine-readable description of the infrastructure that Terraform deployed. APIOps uses it to validate the target before publication.
+
+---
+
+## 4. What Stays the Same and What Changes
+
+| Configuration                            | Shared Across Targets | Target-Specific |
+| ---------------------------------------- | :-------------------: | :-------------: |
+| API and policy files                     |          Yes          |       No        |
+| Concrete backend IDs and properties      |          Yes          |       No        |
+| Backend pool IDs                         |          Yes          |       No        |
+| Retry-count Named Value                  |          Yes          |       No        |
+| APIM service name and resource ID        |          No           |       Yes       |
+| Pool membership, priority, and weight    |          No           |       Yes       |
+| Deployment lock, release, and rollback   |          No           |       Yes       |
+
+For example, both APIM services can contain the same concrete backend definitions, shown here with the illustrative IDs `gpt-5-1-PTU-eastus2` and `gpt-5-1-PTU-westus3`. The stable pool ID remains the same while each target changes only the pool priorities:
+
+| Target         | Backend Pool ID          | `gpt-5-1-PTU-eastus2` Priority | `gpt-5-1-PTU-westus3` Priority |
+| -------------- | ------------------------ | ------------------------------ | ------------------------------ |
+| `prod-eus2-01` | `inference-gpt-5-1-pool` | `1`                            | `2`                            |
+| `prod-wus3-01` | `inference-gpt-5-1-pool` | `2`                            | `1`                            |
+
+The concrete backend IDs are examples and can follow the organization's naming convention. The policy references the stable pool ID in both services and does not contain regional routing logic.
+
+---
+
+## 5. Ownership
+
+| Resource or Concern                                      | Owner                |
+| -------------------------------------------------------- | -------------------- |
+| APIM service, SKU, network, identity, and custom domains | Platform/IaC team    |
+| Azure OpenAI accounts, deployments, and access roles     | Platform/IaC team    |
+| Key Vault, monitoring, DNS, and private access           | Platform/IaC team    |
+| APIs, operations, products, and subscriptions            | APIOps delivery team |
+| Policies, fragments, diagnostics, and Named Values       | APIOps delivery team |
+| Concrete APIM backends and backend pools                 | APIOps delivery team |
+
+> **Single-owner requirement:** Terraform and APIOps must not retain steady-state ownership of the same APIM backend or pool. If Terraform currently manages these resources, complete the controlled no-destroy transfer in [Section 14](#14-transferring-ownership-from-terraform) before normal APIOps management begins.
+
+---
+
+## 6. Required Files
+
+The APIOps repository needs the following target-related files:
+
+```text
+artifacts/
+  apis/
+  backends/
+    <concrete-backend-id>/
+    <stable-pool-id>/
+  namedValues/
+configuration.prod-eus2-01.yaml
+deployment-targets.yaml
+manifests/
+  prod-eus2-01.infrastructure.json
+```
+
+### 6.1 Target Registry
+
+The registry maps a target ID to exactly one APIM service, target configuration, and Terraform manifest:
+
+```yaml
+targets:
+  prod-eus2-01:
+    environment: prod
+    apimResourceId: /subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.ApiManagement/service/apim-prod-eus2-01
+    apimServiceName: apim-prod-eus2-01
+    gatewayRegion: eastus2
+    configurationPath: configuration.prod-eus2-01.yaml
+    terraformManifestPath: manifests/prod-eus2-01.infrastructure.json
+```
+
+> **Target safety requirement:** Select a target only by its target ID. Never infer it from a branch, environment, or region. Before writing to APIM, confirm that the target ID, exact APIM resource ID, target configuration, Terraform manifest, and approved source commit belong to the same release. Any mismatch must stop publication.
+
+### 6.2 East US 2 Pool Configuration
+
+The concrete backend artifacts and retry-count Named Value are shared. The East US 2 target configuration supplies only the complete pool member list:
+
+```yaml
+apimServiceName: apim-prod-eus2-01
+
+backends:
+    - name: inference-gpt-5-1-pool
+      properties:
+          pool:
+              services:
+                  - id: /backends/gpt-5-1-PTU-eastus2
+                    priority: 1
+                    weight: 100
+                  - id: /backends/gpt-5-1-PTU-westus3
+                    priority: 2
+                    weight: 100
+```
+
+Apply the same pattern to each model pool.
+
+For a more complete publisher configuration based on this repository's inference-failover sample and `inference-api-policy.xml`, see [configuration.prod-eus2-01.sample.yaml](configuration.prod-eus2-01.sample.yaml). The example includes all nine concrete backends across East US 2, West US 3, and South Central US; both model-safe pools; TLS validation; the sample's circuit breaker; and retry-count Named Values. Its Azure OpenAI account hostnames are illustrative and must be replaced with endpoints from the validated Terraform manifest.
+
+APIOps `v7.0.3` treats this YAML as a property override. Matching canonical `backendInformation.json` artifacts must still exist under `artifacts/backends/`; the YAML file alone is not an artifact inventory and cannot create an otherwise undiscoverable backend.
+
+When an environment should receive only a subset of the canonical backend artifacts, use the tested [PowerShell staging script](prepare-apiops-artifacts.ps1) and follow the [APIOps environment backend filtering guide](APIOPS-BACKEND-FILTERING-GUIDE.md). This pre-publisher control treats the target configuration's top-level `backends` entries as an allowlist, validates pool and policy references, and passes a filtered temporary tree to the APIOps publisher without modifying the source artifacts.
+
+This design is a backend-specific implementation of the temporary filtered-tree workaround discussed in [Azure/apiops issue #789](https://github.com/Azure/apiops/issues/789). It is a repository-owned preprocessing control, not a built-in APIOps resource-selection feature. [Issue #659](https://github.com/Azure/apiops/issues/659) documents the underlying distinction: publisher configuration overrides artifact properties, while artifact visibility or commit changes determine which resources the publisher processes.
+
+> **Complete-array requirement:** APIOps replaces `properties.pool.services` as a whole. It does not update one member and keep the others. If an override lists only East US 2, the deployed pool will contain only East US 2. Every target configuration must list every member that should remain in the pool.
+
+---
+
+## 7. Terraform Manifest
+
+Terraform produces one non-secret manifest for each target. The manifest describes available infrastructure; it does **not** own pool membership or priority.
+
+The manifest must contain:
+
+- Target ID, subscription, resource group, APIM resource ID, service name, gateway URL, region, and managed identity.
+- Azure OpenAI endpoint, deployment name, model, version, region, SKU, and capacity for every concrete backend.
+- Approved backend destinations and network, DNS, role assignment, Key Vault, and monitoring readiness.
+
+The APIOps pipeline compares shared backend artifacts and target pool configuration with this manifest. It stops when:
+
+- A backend endpoint or model does not match deployed infrastructure.
+- A pool refers to a backend that is missing, incompatible, or not approved for the target.
+- The APIM service identity or target ID does not match the registry.
+- Required networking or Azure roles are not ready.
+- The retry-count Named Value is missing or invalid.
+
+> **Security requirement: Never place credentials or secret values in the manifest.** The manifest may contain resource identifiers and readiness status, but authentication material belongs in Key Vault or the pipeline's approved secret store. Manifest generation must fail rather than emit a credential.
+
+---
+
+## 8. Decisions Before Implementation
+
+The platform owner and APIOps delivery owner must approve:
+
+- [ ] The exact `prod-eus2-01` APIM resource ID and target name.
+- [ ] The Terraform, provider, and APIOps versions. This plan is verified against APIOps `v7.0.3`.
+- [ ] APIOps ownership of concrete backends and pools, including any required Terraform transfer.
+- [ ] Stable backend IDs, pool IDs, and Named Value names.
+- [ ] The complete set of shared concrete backends.
+- [ ] The manifest generation and storage approach.
+- [ ] Required reviewers, release evidence, drift-check schedule, and rollback approval.
+
+Implementation must not begin while ownership or target identity is unresolved.
+
+---
+
+## 9. Implementation Plan
+
+The team names below describe responsibilities. One team may perform more than one role, but each action must have a named owner. The five phases move from confirming the current state to steady-state operation, and each phase records a named owner and an exit gate that must pass before the next phase begins.
+
+| Phase                              | Focus                                                         | Primary Owner                         |
+| ---------------------------------- | ------------------------------------------------------------- | ------------------------------------- |
+| 1. Confirm Current State           | Inventory resources and assign a single owner to each         | Platform/IaC with APIOps delivery     |
+| 2. Build the Desired Configuration | Author shared artifacts, the manifest, and target files       | APIOps delivery                       |
+| 3. Prove the Process in a Sandbox  | Validate publish, failover, and rollback on a disposable APIM | APIOps delivery with AI service owner |
+| 4. Onboard East US 2               | Publish to production and record release evidence             | Release owner                         |
+| 5. Operate the Target              | Run drift checks, telemetry reviews, and rollback drills      | API platform operations               |
+
+### 9.1 Phase 1: Confirm Current State
+
+**Owner:** Platform/IaC team with the APIOps delivery team.
+
+**Inputs:** Terraform state, deployed East US 2 APIM resources, current APIOps files, and pinned tool versions.
+
+**Actions:**
+
+1. Record the exact APIM resource ID and assign `prod-eus2-01`.
+1. Inventory APIs, policies, Named Values, concrete backends, and pools.
+1. Record the current owner and future owner of each resource.
+1. Approve the stable backend IDs, pool IDs, and shared backend inventory.
+1. Identify any backends or pools that must move from Terraform to APIOps.
+
+**Output:** Approved target record, resource inventory, ownership map, and version list.
+
+**Exit gate:** Every resource has one future owner, and the APIM target is unambiguous.
+
+### 9.2 Phase 2: Build the Desired Configuration
+
+**Owner:** APIOps delivery team; Platform/IaC team supplies the manifest.
+
+**Inputs:** Approved output from Phase 1.
+
+**Actions:**
+
+1. Create shared artifacts for APIs, policies, Named Values, concrete backends, and stable pools.
+1. Generate the non-secret Terraform manifest for `prod-eus2-01`.
+1. Create `deployment-targets.yaml` and `configuration.prod-eus2-01.yaml`.
+1. Add pipeline checks for target identity, backend destinations, model compatibility, and complete pool arrays.
+1. Transfer Terraform-owned backends or pools only when required; follow [Section 14](#14-transferring-ownership-from-terraform).
+
+**Output:** Reviewable APIOps files, target registry, target configuration, manifest, and validation results.
+
+**Exit gate:** All files parse, all references resolve, the pool arrays are complete, backend destinations match the manifest, and no resource has two owners.
+
+### 9.3 Phase 3: Prove the Process in a Sandbox
+
+**Owner:** APIOps delivery team with the AI service owner.
+
+**Inputs:** Phase 2 files and a disposable APIM service.
+
+**Actions:**
+
+1. Run APIOps validation and dry run.
+1. Perform the first full publication.
+1. Read the deployed state through the Azure management API and compare it with the approved files.
+1. Send healthy requests and confirm the preferred backend is used.
+1. Simulate an eligible failure and confirm traffic moves to a compatible fallback.
+1. Revert to the previous release and prove rollback.
+
+**Output:** Publication log, deployed-state comparison, gateway test results, telemetry evidence, and rollback evidence.
+
+**Exit gate:** Publication, readback, healthy traffic, failover, telemetry, and rollback all pass without manual portal repair.
+
+### 9.4 Phase 4: Onboard East US 2
+
+**Owner:** Release owner coordinates the Platform/IaC and APIOps delivery teams.
+
+**Inputs:** Approved Phase 3 evidence and a release change record.
+
+**Actions:**
+
+1. Reconcile Terraform-owned infrastructure and generate the production manifest.
+1. Validate the target registry, manifest, and configuration as one release.
+1. Review the full publication summary and obtain approval.
+1. Publish to the exact `prod-eus2-01` APIM resource ID.
+1. Run deployed-state checks, gateway smoke tests, failover checks, and telemetry checks.
+1. Record the source commit, target ID, APIM resource ID, file digests, tool versions, tests, and approver.
+
+**Output:** Reproducible East US 2 deployment and complete release record.
+
+**Exit gate:** The service matches the approved configuration, tests pass, and rollback remains available.
+
+### 9.5 Phase 5: Operate the Target
+
+**Owner:** API platform operations team.
+
+**Actions:**
+
+1. Compare deployed APIM configuration with source-controlled files on the approved schedule. This is the drift check.
+1. Investigate and correct any difference that was not produced by an approved release.
+1. Retest publication and rollback before changing the pinned APIOps version.
+1. Review retry and failover telemetry before changing retry count or pool order.
+1. Rehearse rollback at the agreed operational interval.
+
+**Output:** Drift reports, upgrade evidence, routing reviews, and rollback drill records.
+
+**Exit gate:** Named owners resolve drift and failed checks within the agreed operational process.
+
+---
+
+## 10. Adding Another Regional APIM Service
+
+Add a regional target only after East US 2 is operating successfully.
+
+**Owner:** Platform owner and release owner.
+
+**Actions:**
+
+1. Provision the independent APIM service, identity, networking, and access through Terraform.
+1. Assign a target ID using `<environment>-<region>-<ordinal>`, for example `prod-wus3-01`.
+1. Generate the target's Terraform manifest.
+1. Append one registry entry. Do not modify the existing East US 2 entry.
+1. Add `configuration.prod-wus3-01.yaml` with complete pool arrays. Set West US 3 to priority `1` and East US 2 to priority `2` when that is the approved routing order.
+1. Publish the same shared APIOps artifacts and policy files.
+1. Use a separate deployment lock, release record, test result, and rollback point.
+1. Prove that publishing or rolling back one APIM service does not change the other.
+
+**Exit gate:** The new APIM service uses the approved local-first pool order, existing target files remain unchanged, and both services can be released and rolled back independently.
+
+---
+
+## 11. Release Checks
+
+**Owner:** The APIOps delivery team runs the checks. The release owner approves publication and stops the release when any required check fails.
+
+### 11.1 Before Publication
+
+- [ ] Confirm the exact target ID and APIM resource ID.
+- [ ] Parse all JSON, YAML, and XML files and reject unresolved placeholders.
+- [ ] Confirm that every policy, pool member, backend, and Named Value reference exists.
+- [ ] Compare backend URL components and model metadata with the Terraform manifest.
+- [ ] Confirm that each target pool contains its complete approved member list.
+- [ ] Run APIOps validation and dry run.
+- [ ] Review the complete change summary and selected publication mode. See [Section 15](#15-apiops-publication-modes).
+
+### 11.2 After Publication
+
+- [ ] Read back backend URLs, TLS settings, circuit breakers, pool members, priorities, weights, Named Values, and policy references through the Azure management API.
+- [ ] Confirm healthy requests return `200` and client errors do not trigger backend retries.
+- [ ] Confirm eligible capacity and transient failures move to compatible pool members.
+- [ ] Confirm exhausted retries preserve the expected `429` and `503` responses.
+- [ ] Confirm retry, Application Insights, and LLM diagnostic telemetry is available.
+- [ ] Store the release evidence listed in Phase 4.
+
+> **Verification requirement:** A dry run does not prove that APIM accepts the configuration or that runtime access works. A release is not complete until deployed-state checks and gateway tests both pass.
+
+---
+
+## 12. Rollback and Emergency Changes
+
+**Owner:** The release owner authorizes rollback. The APIOps delivery team performs it with support from the API platform operations team.
+
+**Inputs:** A failed release check or service incident, an approved rollback decision, and the last known-good release record.
+
+**Actions:**
+
+1. Revert the affected shared artifacts or target configuration.
+1. Run the same pre-publication checks used for a normal release.
+1. Publish only to the affected APIM resource ID.
+1. Run deployed-state and gateway checks.
+1. Record the rollback release and its approval.
+
+**Output:** Rollback commit, publication log, deployed-state comparison, gateway test results, and updated incident or change record.
+
+**Exit gate:** Deployed state matches the last known-good release, gateway checks pass, and the incident owner confirms service recovery.
+
+> **Rollback requirement:** Keep previous Azure OpenAI deployments available for the entire agreed rollback window. Routing cannot return to a backend that Terraform has already removed.
+
+The incident owner determines when an emergency portal change is required. Restore service first, then assign an owner to reproduce the change in the correct source repository, review it, and republish it. Do not automatically treat extracted production state as approved source.
+
+---
+
+## 13. Acceptance Criteria
+
+The plan is complete when:
+
+- [ ] The same documented IaC and APIOps workflow can create, change, validate, release, and recover an APIM environment without manual reconstruction.
+- [ ] Terraform and APIOps have documented, non-overlapping ownership.
+- [ ] `prod-eus2-01` maps to one APIM resource ID, manifest, target configuration, deployment lock, release record, and rollback point.
+- [ ] Shared artifacts contain every approved concrete backend, stable pool, policy, and Named Value.
+- [ ] Target configuration contains only complete pool arrays; concrete backend definitions remain shared and unchanged.
+- [ ] Backend destinations match Terraform-provisioned infrastructure.
+- [ ] Validation, dry run, full publication, deployed-state checks, gateway tests, telemetry checks, and rollback pass.
+- [ ] Drift checks detect changes made outside the approved release process.
+- [ ] A future environment can be added through the same workflow by appending its target files without changing existing environment files.
+
+---
+
+## 14. Transferring Ownership from Terraform
+
+Use this procedure only when Terraform currently manages concrete APIM backends or pools that APIOps will own.
+
+> **State security requirement:** Treat every Terraform state backup as sensitive. Store it only in an approved restricted location, never commit it, and delete the temporary copy according to the organization's retention policy after the transfer is verified.
+
+1. Freeze Terraform and APIOps changes and retain state locking.
+1. Save a restricted `terraform state pull` backup. Verify the workspace, state lineage, resource IDs, and exact state addresses.
+1. Create APIOps artifacts with the same deployed resource IDs and properties.
+1. Run static validation, APIOps dry run, and deployed-state comparison.
+1. Publish APIOps over the unchanged resource IDs and verify routing.
+1. Remove only Terraform's state binding:
+   - Use a `removed` block with `lifecycle { destroy = false }` for a whole resource or module.
+   - Use `terraform state rm -dry-run` followed by `terraform state rm` for selected resource instances.
+1. Remove stale Terraform declarations and references.
+1. Run an untargeted `terraform plan -detailed-exitcode`. Require exit code `0` with no deletion or recreation.
+1. Repeat APIOps deployed-state and gateway checks before ending the freeze.
+
+> **No-destroy requirement:** Stop immediately if a state command selects unexpected addresses or Terraform proposes any resource change. Ownership transfer removes only Terraform's state binding; it must not delete or recreate deployed resources. Do not use `ignore_changes` as permanent shared ownership.
+
+---
+
+## 15. APIOps Publication Modes
+
+| Scenario                                          | Publication Mode                          |
+| ------------------------------------------------- | ----------------------------------------- |
+| First publication to a target                     | Full publication without `COMMIT_ID`      |
+| Normal release to a synchronized target           | Change-based publication with `COMMIT_ID` |
+| Shared artifact deletion                          | Change-based publication with `COMMIT_ID` |
+| Target configuration change, fully covered        | Change-based publication on `v7.0.3`      |
+| Target configuration change, coverage uncertain   | Reviewed full publication                 |
+| Deliberate full reconciliation                    | Reviewed full publication                 |
+
+A **full publication** processes the complete shared artifact set and selected target configuration. A **change-based publication** uses Git history and explicitly configured artifacts to determine what to process.
+
+On APIOps `v7.0.3`, a change-based publication also processes artifact-backed resources named in target configuration. Use this mode for a target-configuration-only change only when every affected resource has a shared artifact and the target still matches the previous approved release. Otherwise, use a reviewed full publication.
+
+Repeat these tests before every APIOps upgrade. Publisher behavior can change between versions.
+
+---
+
+## 16. Retry Count
+
+Use a plain numeric Named Value as the complete retry `count` value:
+
+```xml
+<retry count="{{inference-gpt-5-1-retry-count}}"
+       interval="0"
+       first-fast-retry="true"
+       condition="...">
+    <forward-request buffer-request-body="true" />
+</retry>
+```
+
+Set `inference-gpt-5-1-retry-count` to the non-secret string `"2"`. This permits one initial attempt and two retries. Retry count is independent of pool size because circuit breakers remove unhealthy members from selection. Change the default only when latency and retry telemetry support it.
+
+---
+
+## 17. Risk and Control Matrix
+
+| Status   | Risk                                                    | Impact | Effort | Control                                                                                        |
+| -------- | ------------------------------------------------------- | ------ | ------ | ---------------------------------------------------------------------------------------------- |
+| 🔴 Red   | Terraform and APIOps manage the same backend or pool    | High   | Medium | Complete a no-destroy transfer and enforce one owner.                                          |
+| 🔴 Red   | A pipeline publishes to the wrong APIM service          | High   | Low    | Bind the target ID to the exact resource ID, manifest, target configuration, and release lock. |
+| 🔴 Red   | Terraform removes a deployment required for rollback    | High   | Low    | Retain old deployments through the rollback window.                                            |
+| 🟠 Amber | A pool override contains only part of the desired array | High   | Low    | Require complete arrays and compare deployed state.                                            |
+| 🟠 Amber | Change-based publication has incomplete coverage        | High   | Low    | Require a shared artifact for every affected resource or use a reviewed full publication.      |
+| 🟠 Amber | A future target reuses the East US 2 configuration      | High   | Low    | Require one registry entry and complete configuration per APIM resource ID.                    |
+| 🟠 Amber | Retry count is increased to match pool size             | Medium | Low    | Keep the default at `2` unless telemetry supports a change.                                    |
+| 🟢 Green | Stable IDs keep policies identical across targets       | High   | Low    | Protect backend, pool, and Named Value names as compatibility contracts.                       |
+
+---
+
+## 18. References
+
+- [APIOps Toolkit for Azure API Management](https://github.com/Azure/apiops)
+- [APIOps Toolkit v7.0.3 release](https://github.com/Azure/apiops/releases/tag/v7.0.3)
+- [APIOps publisher documentation](https://azure.github.io/apiops/apiops/3-apimTools/apiops-2-2-tools-publisher.html)
+- [APIOps publisher configuration](https://github.com/Azure/apiops/wiki/Configuration)
+- [Azure/apiops #789 - Selectively publish APIs across APIM environments](https://github.com/Azure/apiops/issues/789)
+- [Azure/apiops #659 - Publisher configuration does not select resources](https://github.com/Azure/apiops/issues/659)
+- [Azure/apiops #773 - Commit-aware deletion and full-publication behavior](https://github.com/Azure/apiops/issues/773)
+- [Azure/apiops #154 - Changes between two environment deployments](https://github.com/Azure/apiops/issues/154)
+- [Azure API Management retry policy](https://learn.microsoft.com/azure/api-management/retry-policy)
+- [Named Values in Azure API Management](https://learn.microsoft.com/azure/api-management/api-management-howto-properties)
+- [Backends in Azure API Management](https://learn.microsoft.com/azure/api-management/backends)
+- [Terraform state removal](https://developer.hashicorp.com/terraform/language/state/remove)
+- [Terraform state rm command](https://developer.hashicorp.com/terraform/cli/commands/state/rm)
+- [Terraform state pull command](https://developer.hashicorp.com/terraform/cli/commands/state/pull)
+- [Terraform plan command](https://developer.hashicorp.com/terraform/cli/commands/plan)
diff --git a/samples/inference-failover/WAF-COMPARISON.md b/samples/inference-failover/WAF-COMPARISON.md
index 009564f8..b03abe06 100644
--- a/samples/inference-failover/WAF-COMPARISON.md
+++ b/samples/inference-failover/WAF-COMPARISON.md
@@ -26,11 +26,11 @@ The deployed behavior is defined in [main.bicep](main.bicep), the primary [infer
 - One qualifying `408`, `429`, `499`, `500`, `502`, `503`, or `504` response opens that backend's circuit.
 - The normal circuit interval and trip duration are one minute.
 - `acceptRetryAfter: true` allows APIM to honor backend recovery guidance when opening a circuit.
-- The gpt-5.1 route permits four retries across five model-compatible backends.
-- The gpt-4.1-mini route permits three retries across four model-compatible backends.
+- Both model routes permit two retries after the initial attempt, for three total attempts. This may already be more than sufficient for interactive traffic.
+- The retry budget is independent of pool size; circuit-open backends are removed from subsequent selection.
 - Retryable responses are handled immediately with `interval="0"` and `first-fast-retry="true"`.
 - A circuit-open backend is excluded from subsequent pool selection, so an immediate retry normally selects another eligible backend.
-- The primary routes preserve the final backend `429`; the optional retry-tracked gpt-5.1 route rewrites `429` with the soonest observed relative `Retry-After` only when all five backends returned `429`.
+- The primary routes preserve the final backend `429`; the optional retry-tracked gpt-5.1 route rewrites `429` with the soonest observed relative `Retry-After` only when every attempt in the bounded retry chain returned `429`.
 - Exhausted infrastructure or transport failure is returned as a generic `503` without unsupported recovery guidance.
 - `X-Backend-Retry` and `InferenceAttempt` trace records expose the attempts absorbed by the gateway.
 
@@ -38,25 +38,25 @@ Although APIM calls this mechanism a `retry` policy, its role in this sample is
 
 ## Comparison Matrix
 
-| WAF practice                                                         | Sample behavior                                                                                                                                                                  | Relationship               | Sample-specific rationale                                                                                                                                                                                    |
-| -------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Treat overload as a normal operating mode                            | The notebook deliberately uses small Azure OpenAI deployments and pressure scenarios to produce observable throttling and recovery.                                              | Direct alignment           | Failure and recovery are part of the main scenario rather than exceptional test-only behavior.                                                                                                               |
-| TP-2: Apply user and service limits at multiple entry points         | APIM subscription validation protects the APIs, but the sample does not define workload-identity token quotas or operation-level admission limits.                               | Outside sample scope       | The sample studies downstream failover. Caller contracts and service-wide admission limits belong to the adopting workload.                                                                                  |
-| TP-3: Return `429` for user limits and `503` for service constraints | The primary routes preserve the final downstream `429`, while infrastructure exhaustion becomes `503`; the optional comparison route rewrites only all-backend `429` exhaustion. | Deliberate specialization  | Keeping capacity exhaustion distinct makes Azure OpenAI throttling and recovery observable. The sample is not claiming that the caller violated an APIM user quota.                                          |
-| TP-3: Provide useful retry guidance                                  | The optional retry-tracked route preserves the soonest relative recovery delay observed across constrained pool members.                                                         | Direct alignment           | A relative delay avoids absolute-time and clock-skew problems and gives the caller an actionable capacity signal without burdening every route with tracking logic.                                          |
-| TP-3: Add standardized rate-limit metadata                           | The sample returns `Retry-After` and its educational `X-Backend-Retry` header, but not `RateLimit-Policy`, `RateLimit`, or `x-ms-ratelimit-used`.                                | Outside sample scope       | APIM does not own a user or tenant rate contract in this sample, so publishing one would imply limits that the sample does not enforce.                                                                      |
-| TP-5: Respect downstream backpressure                                | A throttled backend is removed from selection by its circuit, including an APIM circuit duration informed by `Retry-After`.                                                      | Direct alignment           | The gateway stops sending traffic to the constrained deployment and uses independent regional capacity instead.                                                                                              |
-| TP-5: Keep retries bounded                                           | Retry counts match the number of alternative model-compatible pool members.                                                                                                      | Direct alignment           | One caller request cannot create an unbounded retry storm.                                                                                                                                                   |
-| TP-5: Do not retry before `Retry-After` elapses                      | The gateway immediately tries another eligible backend instead of waiting for the constrained backend.                                                                           | Deliberate specialization  | Waiting inside a synchronous gateway request would consume request lifetime without using available alternative capacity. The constrained backend remains circuit-open for its recovery window.              |
-| TP-5: Do not retry `503` without retry guidance                      | The policy can immediately fail over after a backend `503`, even without `Retry-After`.                                                                                          | Deliberate specialization  | This is a bounded attempt against a different regional deployment, not a delayed retry against the same failing dependency. If alternatives are exhausted, the caller receives `503` without retry guidance. |
-| TP-5: Annotate downstream retries                                    | The sample records attempts in traces and returns `X-Backend-Retry`, but does not send a `retry-attempt` request header to Azure OpenAI.                                         | Partial alignment          | The sample emphasizes gateway and operator observability. A production contract with a dependency that consumes retry metadata should add the request header where supported.                                |
-| TP-5: Use circuit breakers to fail fast                              | Each concrete Azure OpenAI deployment has isolated circuit state and is removed after one configured failure.                                                                    | Direct alignment           | Isolation prevents one model or regional deployment from suppressing an otherwise healthy destination.                                                                                                       |
-| TP-5: Gradually reintroduce recovered traffic                        | A backend becomes eligible when APIM closes its circuit; the sample does not implement a separate ramp-up controller.                                                            | Deliberate simplification  | Fixed recovery behavior makes the lab repeatable. Progressive re-entry requires workload-specific health, capacity, and priority signals.                                                                    |
-| TP-7: Apply egress bulkheads                                         | Backend pools bound attempts per request, but the sample does not impose a gateway-wide in-flight concurrency limit.                                                             | Outside sample scope       | Pool failover and workload concurrency control solve different problems. Production callers and gateways should add concurrency controls based on their capacity model.                                      |
-| TP-9: Keep throttling accounting out of the critical path            | Circuit state is managed by APIM. Telemetry is emitted to Log Analytics and the optional Event Hub without synchronous analytical queries in request processing.                 | Direct alignment           | Observability does not require a workbook or Log Analytics query to complete before inference proceeds.                                                                                                      |
-| TP-11: Reassess and validate limits                                  | The notebook runs low-capacity pressure, recovery, and exhaustion scenarios and provides controlled fault-testing guidance.                                                      | Direct alignment for a lab | Production adoption should automate periodic load, chaos, and regional outage validation.                                                                                                                    |
-| TP-12: Use state-aware throttling                                    | Backend eligibility reacts to response status and `Retry-After`, but priorities and weights remain static.                                                                       | Partial alignment          | Response-aware circuit state is sufficient for the sample. Business-priority brownouts and dynamic token admission require application context not available here.                                           |
-| TP-14: Shed load before the hard ceiling                             | The sample intentionally drives low-capacity deployments to their limit rather than randomly rejecting traffic early.                                                            | Deliberate specialization  | Reaching the limit makes circuit breaking and failover visible. Random early drop would obscure the behavior the lab is designed to teach.                                                                   |
+| WAF practice                                                         | Sample behavior                                                                                                                                                                   | Relationship               | Sample-specific rationale                                                                                                                                                                                    |
+| -------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Treat overload as a normal operating mode                            | The notebook deliberately uses small Azure OpenAI deployments and pressure scenarios to produce observable throttling and recovery.                                               | Direct alignment           | Failure and recovery are part of the main scenario rather than exceptional test-only behavior.                                                                                                               |
+| TP-2: Apply user and service limits at multiple entry points         | APIM subscription validation protects the APIs, but the sample does not define workload-identity token quotas or operation-level admission limits.                                | Outside sample scope       | The sample studies downstream failover. Caller contracts and service-wide admission limits belong to the adopting workload.                                                                                  |
+| TP-3: Return `429` for user limits and `503` for service constraints | The primary routes preserve the final downstream `429`, while infrastructure exhaustion becomes `503`; the optional comparison route rewrites only retry-budget `429` exhaustion. | Deliberate specialization  | Keeping capacity exhaustion distinct makes Azure OpenAI throttling and recovery observable. The sample is not claiming that the caller violated an APIM user quota.                                          |
+| TP-3: Provide useful retry guidance                                  | The optional retry-tracked route preserves the soonest relative recovery delay observed across constrained pool members.                                                          | Direct alignment           | A relative delay avoids absolute-time and clock-skew problems and gives the caller an actionable capacity signal without burdening every route with tracking logic.                                          |
+| TP-3: Add standardized rate-limit metadata                           | The sample returns `Retry-After` and its educational `X-Backend-Retry` header, but not `RateLimit-Policy`, `RateLimit`, or `x-ms-ratelimit-used`.                                 | Outside sample scope       | APIM does not own a user or tenant rate contract in this sample, so publishing one would imply limits that the sample does not enforce.                                                                      |
+| TP-5: Respect downstream backpressure                                | A throttled backend is removed from selection by its circuit, including an APIM circuit duration informed by `Retry-After`.                                                       | Direct alignment           | The gateway stops sending traffic to the constrained deployment and uses independent regional capacity instead.                                                                                              |
+| TP-5: Keep retries bounded                                           | Each route permits two retries after the initial attempt, independent of pool size.                                                                                               | Direct alignment           | Three consecutive failures across recently eligible backends are enough evidence to return control to the caller; even this retry budget may be more than sufficient for interactive traffic.                |
+| TP-5: Do not retry before `Retry-After` elapses                      | The gateway immediately tries another eligible backend instead of waiting for the constrained backend.                                                                            | Deliberate specialization  | Waiting inside a synchronous gateway request would consume request lifetime without using available alternative capacity. The constrained backend remains circuit-open for its recovery window.              |
+| TP-5: Do not retry `503` without retry guidance                      | The policy can immediately fail over after a backend `503`, even without `Retry-After`.                                                                                           | Deliberate specialization  | This is a bounded attempt against a different regional deployment, not a delayed retry against the same failing dependency. If alternatives are exhausted, the caller receives `503` without retry guidance. |
+| TP-5: Annotate downstream retries                                    | The sample records attempts in traces and returns `X-Backend-Retry`, but does not send a `retry-attempt` request header to Azure OpenAI.                                          | Partial alignment          | The sample emphasizes gateway and operator observability. A production contract with a dependency that consumes retry metadata should add the request header where supported.                                |
+| TP-5: Use circuit breakers to fail fast                              | Each concrete Azure OpenAI deployment has isolated circuit state and is removed after one configured failure.                                                                     | Direct alignment           | Isolation prevents one model or regional deployment from suppressing an otherwise healthy destination.                                                                                                       |
+| TP-5: Gradually reintroduce recovered traffic                        | A backend becomes eligible when APIM closes its circuit; the sample does not implement a separate ramp-up controller.                                                             | Deliberate simplification  | Fixed recovery behavior makes the lab repeatable. Progressive re-entry requires workload-specific health, capacity, and priority signals.                                                                    |
+| TP-7: Apply egress bulkheads                                         | Backend pools bound attempts per request, but the sample does not impose a gateway-wide in-flight concurrency limit.                                                              | Outside sample scope       | Pool failover and workload concurrency control solve different problems. Production callers and gateways should add concurrency controls based on their capacity model.                                      |
+| TP-9: Keep throttling accounting out of the critical path            | Circuit state is managed by APIM. Telemetry is emitted to Log Analytics and the optional Event Hub without synchronous analytical queries in request processing.                  | Direct alignment           | Observability does not require a workbook or Log Analytics query to complete before inference proceeds.                                                                                                      |
+| TP-11: Reassess and validate limits                                  | The notebook runs low-capacity pressure, recovery, and exhaustion scenarios and provides controlled fault-testing guidance.                                                       | Direct alignment for a lab | Production adoption should automate periodic load, chaos, and regional outage validation.                                                                                                                    |
+| TP-12: Use state-aware throttling                                    | Backend eligibility reacts to response status and `Retry-After`, but priorities and weights remain static.                                                                        | Partial alignment          | Response-aware circuit state is sufficient for the sample. Business-priority brownouts and dynamic token admission require application context not available here.                                           |
+| TP-14: Shed load before the hard ceiling                             | The sample intentionally drives low-capacity deployments to their limit rather than randomly rejecting traffic early.                                                             | Deliberate specialization  | Reaching the limit makes circuit breaking and failover visible. Random early drop would obscure the behavior the lab is designed to teach.                                                                   |
 
 ## Why Immediate Retry Is Appropriate Here
 
@@ -68,7 +68,7 @@ This sample uses a different sequence:
 1. A configured capacity or infrastructure response opens that backend's circuit.
 1. The retry policy immediately asks the pool for another eligible backend.
 1. The open backend remains unavailable for the circuit duration or accepted `Retry-After` window.
-1. The gateway stops after the bounded number of pool alternatives has been attempted.
+1. The gateway stops after the bounded retry budget is exhausted.
 
 The zero interval therefore avoids holding a synchronous inference request idle while healthy regional capacity might be available. The circuit breaker, model-safe pool, and bounded attempt count are all required for that choice to remain appropriate. Copying `interval="0"` into a policy without those controls would not preserve the same safety properties.
 
@@ -79,7 +79,7 @@ WAF recommends `429` for a caller exceeding a user limit and `503` for a service
 This choice preserves two signals that the lab needs to demonstrate:
 
 - Capacity exhaustion remains distinguishable from infrastructure and transport failure.
-- A caller of the optional route receives the earliest known `Retry-After` delay from the attempted capacity pool only when all five backends returned `429`.
+- A caller of the optional route receives the earliest known `Retry-After` delay from the attempted capacity pool only when every attempt in the bounded retry chain returned `429`.
 
 The sample returns `503` when it cannot make a supported capacity statement, such as mixed exhaustion, infrastructure failures, or backend connection failures. A production API can instead normalize pool-wide capacity exhaustion to `503` if its public contract follows the WAF user-limit versus service-limit distinction strictly. That is a contract decision at the workload boundary, not evidence that the sample's internal failover behavior is wrong.
 
diff --git a/samples/inference-failover/apim-policies/inference-api-policy-with-retry-tracked.xml b/samples/inference-failover/apim-policies/inference-api-policy-with-retry-tracked.xml
index a2b60538..24fcf4fc 100644
--- a/samples/inference-failover/apim-policies/inference-api-policy-with-retry-tracked.xml
+++ b/samples/inference-failover/apim-policies/inference-api-policy-with-retry-tracked.xml
@@ -1,14 +1,14 @@
 <!--
     Inference API policy template with absolute-time Retry-After tracking.
 
-    The notebook replaces BACKEND_POOL_ID, BACKEND_COUNT, and RETRY_COUNT. This optional policy
+    The notebook replaces BACKEND_POOL_ID and RETRY_COUNT. This optional policy
     demonstrates the same tracked-recovery pattern as the load-balancing sample without adding it
     to the inference traffic or verification scenarios.
 
-    Every backend response is counted. The policy returns a terminal 429 only when all configured
-    backends returned 429 during the current retry chain. Mixed capacity and infrastructure failures
-    are normalized to 503. The earliest future Retry-After instant is retained in the APIM cache so
-    repeated calls receive a decreasing relative delay.
+    Every backend response is counted. The policy returns a terminal 429 only when every attempt in
+    the bounded retry chain returned 429. Mixed capacity and infrastructure failures are normalized
+    to 503. The earliest future Retry-After instant is retained in the APIM cache so repeated calls
+    receive a decreasing relative delay.
 -->
 <policies>
     <inbound>
@@ -89,7 +89,7 @@
 
         <!-- Ordinary final HTTP responses continue through outbound after retry exhaustion. -->
         <choose>
-            <when condition='@(context.Response != null &amp;&amp; context.Response.StatusCode == 429 &amp;&amp; context.Variables.GetValueOrDefault&lt;int&gt;("backendAttempt", 0) == BACKEND_COUNT &amp;&amp; context.Variables.GetValueOrDefault&lt;int&gt;("backend429Attempt", 0) == BACKEND_COUNT)'>
+            <when condition='@(context.Response != null &amp;&amp; context.Response.StatusCode == 429 &amp;&amp; context.Variables.GetValueOrDefault&lt;int&gt;("backendAttempt", 0) &gt; 1 &amp;&amp; context.Variables.GetValueOrDefault&lt;int&gt;("backend429Attempt", 0) == context.Variables.GetValueOrDefault&lt;int&gt;("backendAttempt", 0))'>
                 <set-variable name="retryAfterSeconds" value='@{
                     var retryEpoch = context.Variables.GetValueOrDefault&lt;string&gt;("updatedRetryEpoch", "0");
                     long parsedEpoch;
diff --git a/samples/inference-failover/configuration.prod-eus2-01.sample.yaml b/samples/inference-failover/configuration.prod-eus2-01.sample.yaml
new file mode 100644
index 00000000..b2ede727
--- /dev/null
+++ b/samples/inference-failover/configuration.prod-eus2-01.sample.yaml
@@ -0,0 +1,310 @@
+# Illustrative APIOps v7.0.3 publisher configuration for the
+# inference-failover sample in prod-eus2-01.
+#
+# Replace the Azure OpenAI account hostnames with endpoints from the validated
+# Terraform manifest before publication. Matching backendInformation.json
+# artifacts must exist under artifacts/backends for every entry below; APIOps
+# uses this file to override those canonical artifacts, not to replace them.
+#
+# Canonical API policy artifacts should be derived from
+# apim-policies/inference-api-policy.xml. Replace BACKEND_POOL_ID with the
+# matching model-safe pool ID and RETRY_COUNT with the matching Named Value
+# expression, such as {{inference-gpt-5-1-retry-count}}. The policy supplies
+# managed identity authentication after pool selection, so these backend
+# definitions intentionally contain no credentials.
+
+ARM_API_VERSION: 2024-06-01-preview
+apimServiceName: apim-prod-eus2-01
+
+namedValues:
+  - name: inference-gpt-5-1-retry-count
+    properties:
+      displayName: inference-gpt-5-1-retry-count
+      secret: false
+      value: "2"
+  - name: inference-gpt-4-1-mini-retry-count
+    properties:
+      displayName: inference-gpt-4-1-mini-retry-count
+      secret: false
+      value: "2"
+
+backends:
+  # Concrete gpt-5.1 backends.
+  - name: gpt-5-1-PTU-eastus2
+    properties:
+      description: "In-region PTU: a-gpt-5-1 (gpt-5.1)"
+      type: Single
+      protocol: http
+      url: https://oai-prod-eastus2-01.openai.azure.com/openai/deployments/a-gpt-5-1
+      tls:
+        validateCertificateChain: true
+        validateCertificateName: true
+      circuitBreaker:
+        rules:
+          - name: failover-on-capacity-or-infrastructure-failure
+            acceptRetryAfter: true
+            failureCondition:
+              count: 1
+              interval: PT1M
+              statusCodeRanges:
+                - min: 408
+                  max: 408
+                - min: 429
+                  max: 429
+                - min: 499
+                  max: 500
+                - min: 502
+                  max: 504
+            tripDuration: PT1M
+  - name: gpt-5-1-PTU-westus3
+    properties:
+      description: "Out-of-region PTU: d-gpt-5-1 (gpt-5.1)"
+      type: Single
+      protocol: http
+      url: https://oai-prod-westus3-01.openai.azure.com/openai/deployments/d-gpt-5-1
+      tls:
+        validateCertificateChain: true
+        validateCertificateName: true
+      circuitBreaker:
+        rules:
+          - name: failover-on-capacity-or-infrastructure-failure
+            acceptRetryAfter: true
+            failureCondition:
+              count: 1
+              interval: PT1M
+              statusCodeRanges:
+                - min: 408
+                  max: 408
+                - min: 429
+                  max: 429
+                - min: 499
+                  max: 500
+                - min: 502
+                  max: 504
+            tripDuration: PT1M
+  - name: gpt-5-1-PAYG-eastus2
+    properties:
+      description: "In-region PAYG: b-gpt-5-1 (gpt-5.1)"
+      type: Single
+      protocol: http
+      url: https://oai-prod-eastus2-01.openai.azure.com/openai/deployments/b-gpt-5-1
+      tls:
+        validateCertificateChain: true
+        validateCertificateName: true
+      circuitBreaker:
+        rules:
+          - name: failover-on-capacity-or-infrastructure-failure
+            acceptRetryAfter: true
+            failureCondition:
+              count: 1
+              interval: PT1M
+              statusCodeRanges:
+                - min: 408
+                  max: 408
+                - min: 429
+                  max: 429
+                - min: 499
+                  max: 500
+                - min: 502
+                  max: 504
+            tripDuration: PT1M
+  - name: gpt-5-1-PAYG-westus3
+    properties:
+      description: "Out-of-region PAYG: e-gpt-5-1 (gpt-5.1)"
+      type: Single
+      protocol: http
+      url: https://oai-prod-westus3-01.openai.azure.com/openai/deployments/e-gpt-5-1
+      tls:
+        validateCertificateChain: true
+        validateCertificateName: true
+      circuitBreaker:
+        rules:
+          - name: failover-on-capacity-or-infrastructure-failure
+            acceptRetryAfter: true
+            failureCondition:
+              count: 1
+              interval: PT1M
+              statusCodeRanges:
+                - min: 408
+                  max: 408
+                - min: 429
+                  max: 429
+                - min: 499
+                  max: 500
+                - min: 502
+                  max: 504
+            tripDuration: PT1M
+  - name: gpt-5-1-PAYG-southcentralus
+    properties:
+      description: "Out-of-region PAYG: g-gpt-5-1 (gpt-5.1)"
+      type: Single
+      protocol: http
+      url: https://oai-prod-southcentralus-01.openai.azure.com/openai/deployments/g-gpt-5-1
+      tls:
+        validateCertificateChain: true
+        validateCertificateName: true
+      circuitBreaker:
+        rules:
+          - name: failover-on-capacity-or-infrastructure-failure
+            acceptRetryAfter: true
+            failureCondition:
+              count: 1
+              interval: PT1M
+              statusCodeRanges:
+                - min: 408
+                  max: 408
+                - min: 429
+                  max: 429
+                - min: 499
+                  max: 500
+                - min: 502
+                  max: 504
+            tripDuration: PT1M
+
+  # Concrete gpt-4.1-mini backends use a separate model-safe pool.
+  - name: gpt-4-1-mini-PTU-eastus2
+    properties:
+      description: "In-region PTU: c-gpt-4-1-mini (gpt-4.1-mini)"
+      type: Single
+      protocol: http
+      url: https://oai-prod-eastus2-01.openai.azure.com/openai/deployments/c-gpt-4-1-mini
+      tls:
+        validateCertificateChain: true
+        validateCertificateName: true
+      circuitBreaker:
+        rules:
+          - name: failover-on-capacity-or-infrastructure-failure
+            acceptRetryAfter: true
+            failureCondition:
+              count: 1
+              interval: PT1M
+              statusCodeRanges:
+                - min: 408
+                  max: 408
+                - min: 429
+                  max: 429
+                - min: 499
+                  max: 500
+                - min: 502
+                  max: 504
+            tripDuration: PT1M
+  - name: gpt-4-1-mini-PTU-westus3
+    properties:
+      description: "Out-of-region PTU: f-gpt-4-1-mini (gpt-4.1-mini)"
+      type: Single
+      protocol: http
+      url: https://oai-prod-westus3-01.openai.azure.com/openai/deployments/f-gpt-4-1-mini
+      tls:
+        validateCertificateChain: true
+        validateCertificateName: true
+      circuitBreaker:
+        rules:
+          - name: failover-on-capacity-or-infrastructure-failure
+            acceptRetryAfter: true
+            failureCondition:
+              count: 1
+              interval: PT1M
+              statusCodeRanges:
+                - min: 408
+                  max: 408
+                - min: 429
+                  max: 429
+                - min: 499
+                  max: 500
+                - min: 502
+                  max: 504
+            tripDuration: PT1M
+  - name: gpt-4-1-mini-PAYG-eastus2
+    properties:
+      description: "In-region PAYG: d-gpt-4-1-mini (gpt-4.1-mini)"
+      type: Single
+      protocol: http
+      url: https://oai-prod-eastus2-01.openai.azure.com/openai/deployments/d-gpt-4-1-mini
+      tls:
+        validateCertificateChain: true
+        validateCertificateName: true
+      circuitBreaker:
+        rules:
+          - name: failover-on-capacity-or-infrastructure-failure
+            acceptRetryAfter: true
+            failureCondition:
+              count: 1
+              interval: PT1M
+              statusCodeRanges:
+                - min: 408
+                  max: 408
+                - min: 429
+                  max: 429
+                - min: 499
+                  max: 500
+                - min: 502
+                  max: 504
+            tripDuration: PT1M
+  - name: gpt-4-1-mini-PAYG-southcentralus
+    properties:
+      description: "Out-of-region PAYG: h-gpt-4-1-mini (gpt-4.1-mini)"
+      type: Single
+      protocol: http
+      url: https://oai-prod-southcentralus-01.openai.azure.com/openai/deployments/h-gpt-4-1-mini
+      tls:
+        validateCertificateChain: true
+        validateCertificateName: true
+      circuitBreaker:
+        rules:
+          - name: failover-on-capacity-or-infrastructure-failure
+            acceptRetryAfter: true
+            failureCondition:
+              count: 1
+              interval: PT1M
+              statusCodeRanges:
+                - min: 408
+                  max: 408
+                - min: 429
+                  max: 429
+                - min: 499
+                  max: 500
+                - min: 502
+                  max: 504
+            tripDuration: PT1M
+
+  # Pool service arrays are complete replacements. List every backend that
+  # should remain in each target pool.
+  - name: inference-gpt-5-1-pool
+    properties:
+      description: gpt-5.1 routing preference for the inference-failover sample
+      type: Pool
+      pool:
+        services:
+          - id: /backends/gpt-5-1-PTU-eastus2
+            priority: 1
+            weight: 50
+          - id: /backends/gpt-5-1-PTU-westus3
+            priority: 1
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-eastus2
+            priority: 2
+            weight: 100
+          - id: /backends/gpt-5-1-PAYG-westus3
+            priority: 3
+            weight: 50
+          - id: /backends/gpt-5-1-PAYG-southcentralus
+            priority: 3
+            weight: 50
+  - name: inference-gpt-4-1-mini-pool
+    properties:
+      description: gpt-4.1-mini routing preference for the inference-failover sample
+      type: Pool
+      pool:
+        services:
+          - id: /backends/gpt-4-1-mini-PTU-eastus2
+            priority: 1
+            weight: 50
+          - id: /backends/gpt-4-1-mini-PTU-westus3
+            priority: 1
+            weight: 50
+          - id: /backends/gpt-4-1-mini-PAYG-eastus2
+            priority: 2
+            weight: 100
+          - id: /backends/gpt-4-1-mini-PAYG-southcentralus
+            priority: 3
+            weight: 100
diff --git a/samples/inference-failover/create.ipynb b/samples/inference-failover/create.ipynb
index 35439240..c128865c 100644
--- a/samples/inference-failover/create.ipynb
+++ b/samples/inference-failover/create.ipynb
@@ -109,7 +109,7 @@
     "# ------------------------------\n",
     "\n",
     "rg_location = Region.EAST_US_2\n",
-    "index = 1\n",
+    "index = 122\n",
     "apim_sku = APIM_SKU.BASICV2\n",
     "deployment = INFRASTRUCTURE.SIMPLE_APIM\n",
     "api_prefix = 'inference'\n",
@@ -182,16 +182,13 @@
     "    template: str,\n",
     "    backend_pool_id: str,\n",
     "    retry_count: int,\n",
-    "    backend_count: int | None = None,\n",
     ") -> str:\n",
     "    \"\"\"Build one model-safe inference API policy from the selected template.\"\"\"\n",
-    "    policy = template.replace('BACKEND_POOL_ID', backend_pool_id).replace('RETRY_COUNT', str(retry_count))\n",
-    "    if backend_count is not None:\n",
-    "        policy = policy.replace('BACKEND_COUNT', str(backend_count))\n",
-    "\n",
-    "    return policy\n",
+    "    return template.replace('BACKEND_POOL_ID', backend_pool_id).replace('RETRY_COUNT', str(retry_count))\n",
     "\n",
     "\n",
+    "# Two retries permit three total attempts and may already be more than sufficient.\n",
+    "backend_retry_count = 2\n",
     "chat_operation = APIOperation(\n",
     "    'chat-completions',\n",
     "    'Chat Completions',\n",
@@ -204,7 +201,7 @@
     "    'Inference gpt-5.1',\n",
     "    f'{api_prefix}/gpt-5-1',\n",
     "    'Priority and weighted failover for gpt-5.1 deployments.',\n",
-    "    policyXml=build_inference_policy(policy_template, 'inference-gpt-5-1-pool', 4),\n",
+    "    policyXml=build_inference_policy(policy_template, 'inference-gpt-5-1-pool', backend_retry_count),\n",
     "    operations=[chat_operation],\n",
     "    tags=tags,\n",
     "    enableLlmLogging=True,\n",
@@ -214,7 +211,7 @@
     "    'Inference gpt-4.1-mini',\n",
     "    f'{api_prefix}/gpt-4-1-mini',\n",
     "    'Priority and weighted failover for gpt-4.1-mini deployments.',\n",
-    "    policyXml=build_inference_policy(policy_template, 'inference-gpt-4-1-mini-pool', 3),\n",
+    "    policyXml=build_inference_policy(policy_template, 'inference-gpt-4-1-mini-pool', backend_retry_count),\n",
     "    operations=[chat_operation],\n",
     "    tags=tags,\n",
     "    enableLlmLogging=True,\n",
@@ -227,8 +224,7 @@
     "    policyXml=build_inference_policy(\n",
     "        retry_tracked_policy_template,\n",
     "        'inference-gpt-5-1-pool',\n",
-    "        4,\n",
-    "        backend_count=5,\n",
+    "        backend_retry_count,\n",
     "    ),\n",
     "    operations=[chat_operation],\n",
     "    tags=tags,\n",
diff --git a/samples/inference-failover/prepare-apiops-artifacts.ps1 b/samples/inference-failover/prepare-apiops-artifacts.ps1
new file mode 100644
index 00000000..c7cab0ea
--- /dev/null
+++ b/samples/inference-failover/prepare-apiops-artifacts.ps1
@@ -0,0 +1,1065 @@
+#!/usr/bin/env pwsh
+
+<#
+.SYNOPSIS
+Creates an environment-specific APIOps artifact tree from a backend superset.
+
+.DESCRIPTION
+Copies a complete APIOps artifact tree to a separate staging directory, reads
+the top-level backends list from an APIOps publisher configuration YAML file,
+and removes backend artifact directories that are not named in that list.
+
+The script validates configured backend names, effective backend-pool members,
+and literal set-backend-service policy references before publication. It does
+not modify the source artifact tree or delete resources from API Management.
+
+The process has six phases:
+1. Validate and resolve all input paths.
+2. Read the environment's backend allowlist from the configuration YAML.
+3. Validate that every selected backend exists in the source artifacts.
+4. Copy the source tree and filter only the staged backends directory.
+5. Validate pool membership and literal policy backend references.
+6. Write a JSON audit manifest and report the result.
+
+Expected failures use stable exit codes and print an error category, a specific
+message, and a suggested corrective action. A failed run removes any partial
+staging directory so it cannot be passed accidentally to the APIOps publisher.
+
+.PARAMETER SourceArtifactsPath
+Path to the canonical APIOps artifact root. This is the directory that contains
+artifact collections such as backends, apis, namedValues, and products. Pass
+the artifact root, not the backends directory. The script never changes it.
+
+.PARAMETER DestinationArtifactsPath
+Path to the temporary artifact root that the APIOps publisher will consume.
+The destination must not equal, contain, or be contained by the source path.
+If it exists, the script stops unless Force is supplied.
+
+.PARAMETER ConfigurationPath
+Path to configuration.<environment>.yaml. Every backend resource to publish,
+including backend pools, must have a direct entry in the top-level backends
+array. The script intentionally supports this constrained APIOps YAML shape;
+it is not a general-purpose YAML parser.
+
+.PARAMETER AuditManifestPath
+Optional path for the JSON selection manifest. The default is adjacent to the
+staged artifact directory with a .selection.json suffix. The manifest is kept
+outside the artifact tree so the publisher cannot interpret it as an artifact.
+
+.PARAMETER Force
+Removes and recreates DestinationArtifactsPath when it already exists. Force
+never permits the source and destination trees to overlap.
+
+.OUTPUTS
+The script writes human-readable progress to the console and a JSON audit
+manifest to AuditManifestPath. It does not write pipeline objects to stdout.
+
+Process exit codes:
+    0  Success. The staged tree and audit manifest are ready.
+    1  PowerShell could not start or bind the script parameters.
+    2  An input path or invocation option is invalid.
+    3  The APIOps configuration YAML selection is invalid.
+    4  Required source artifacts are missing or unreadable.
+    5  A pool or policy references a backend that is not selected.
+    6  The staging tree could not be created, copied, filtered, or cleaned up.
+    7  The JSON audit manifest could not be created.
+    99 An unexpected error occurred.
+
+.EXAMPLE
+./prepare-apiops-artifacts.ps1 `
+    -SourceArtifactsPath ./apimartifacts `
+    -DestinationArtifactsPath "$env:RUNNER_TEMP/apimartifacts-prod" `
+    -ConfigurationPath ./configuration.prod.yaml `
+    -Force
+
+Creates a PROD staging tree, uses the default adjacent audit-manifest path,
+and replaces a previous staging directory if one exists.
+
+.EXAMPLE
+./prepare-apiops-artifacts.ps1 `
+    -SourceArtifactsPath ./apimartifacts `
+    -DestinationArtifactsPath ./out/apimartifacts-qa `
+    -ConfigurationPath ./configuration.qa.yaml `
+    -AuditManifestPath ./out/qa-backend-selection.json `
+    -Verbose
+
+Creates a QA staging tree, writes the audit manifest to an explicit path, and
+shows additional diagnostic detail. The command fails if the destination
+already exists because Force is not supplied.
+
+.NOTES
+Prerequisites:
+- PowerShell 7 or later on Windows, Linux, or macOS.
+- A canonical APIOps artifact tree containing a backends directory.
+- One backendInformation.json file in every selected backend directory.
+- A target configuration with exactly one top-level backends array.
+
+Safety boundaries:
+- This script does not call Azure or the APIOps publisher.
+- This script does not delete resources already deployed in APIM.
+- This script does not alter the source artifact tree.
+- Dynamic policy backend references cannot be validated statically.
+
+Use Get-Help ./prepare-apiops-artifacts.ps1 -Full to view this documentation.
+#>
+
+[CmdletBinding()]
+param(
+    [string] $SourceArtifactsPath,
+
+    [string] $DestinationArtifactsPath,
+
+    [string] $ConfigurationPath,
+
+    [string] $AuditManifestPath,
+
+    [switch] $Force
+)
+
+Set-StrictMode -Version Latest
+$ErrorActionPreference = 'Stop'
+
+# These codes form the public automation contract. Do not renumber an existing
+# code without updating the guide and every workflow that handles the result.
+$script:ExitCodes = [ordered]@{
+    Success = 0
+    InvalidInput = 2
+    InvalidConfiguration = 3
+    InvalidSourceArtifacts = 4
+    InvalidReferences = 5
+    StagingFailure = 6
+    AuditFailure = 7
+    UnexpectedFailure = 99
+}
+
+function New-PreparationException {
+    <#
+    .SYNOPSIS
+    Creates an exception containing the script's stable error metadata.
+
+    .DESCRIPTION
+    The top-level error handler reads ExitCode, Category, and Resolution from
+    the exception Data dictionary. Keeping this metadata on the exception lets
+    nested functions add context without printing duplicate error messages.
+
+    .OUTPUTS
+    System.InvalidOperationException
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [int] $ExitCode,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Category,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Message,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Resolution,
+
+        [System.Exception] $InnerException
+    )
+
+    $exception = if ($null -eq $InnerException) {
+        [System.InvalidOperationException]::new($Message)
+    }
+    else {
+        [System.InvalidOperationException]::new($Message, $InnerException)
+    }
+
+    $exception.Data['ExitCode'] = $ExitCode
+    $exception.Data['Category'] = $Category
+    $exception.Data['Resolution'] = $Resolution
+    return $exception
+}
+
+function Stop-Preparation {
+    <#
+    .SYNOPSIS
+    Stops processing with a categorized, actionable error.
+
+    .DESCRIPTION
+    This is the only helper used to create expected terminating errors. It does
+    not print output; the top-level handler prints one consistent error block.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [int] $ExitCode,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Category,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Message,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Resolution,
+
+        [System.Exception] $InnerException
+    )
+
+    throw (New-PreparationException `
+        -ExitCode $ExitCode `
+        -Category $Category `
+        -Message $Message `
+        -Resolution $Resolution `
+        -InnerException $InnerException)
+}
+
+function Invoke-PreparationOperation {
+    <#
+    .SYNOPSIS
+    Runs one operation and maps unclassified exceptions to a stable exit code.
+
+    .DESCRIPTION
+    Errors already created by Stop-Preparation retain their original metadata.
+    Other exceptions are wrapped with the phase-specific code and remediation.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [scriptblock] $Operation,
+
+        [Parameter(Mandatory = $true)]
+        [int] $ExitCode,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Category,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Message,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Resolution
+    )
+
+    try {
+        return & $Operation
+    }
+    catch {
+        if ($_.Exception.Data.Contains('ExitCode')) {
+            throw
+        }
+
+        Stop-Preparation `
+            -ExitCode $ExitCode `
+            -Category $Category `
+            -Message "$Message $($_.Exception.Message)" `
+            -Resolution $Resolution `
+            -InnerException $_.Exception
+    }
+}
+
+function Get-FullPath {
+    <#
+    .SYNOPSIS
+    Converts a relative or absolute path into a normalized absolute path.
+
+    .PARAMETER MustExist
+    Uses Resolve-Path when set, which also verifies that the path exists.
+
+    .OUTPUTS
+    System.String containing the normalized absolute path.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [string] $Path,
+
+        [switch] $MustExist
+    )
+
+    if ($MustExist) {
+        return (Resolve-Path -LiteralPath $Path -ErrorAction Stop).Path
+    }
+
+    return [System.IO.Path]::GetFullPath($Path)
+}
+
+function Test-PathContains {
+    <#
+    .SYNOPSIS
+    Determines whether ChildPath is inside ParentPath.
+
+    .DESCRIPTION
+    A trailing directory separator prevents sibling paths with a shared prefix
+    from being treated as parent and child paths. For example, artifacts-old
+    is not considered a child of artifacts.
+
+    .OUTPUTS
+    System.Boolean
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [string] $ParentPath,
+
+        [Parameter(Mandatory = $true)]
+        [string] $ChildPath
+    )
+
+    $separator = [System.IO.Path]::DirectorySeparatorChar
+    $normalizedParent = $ParentPath.TrimEnd($separator, [System.IO.Path]::AltDirectorySeparatorChar) + $separator
+    $normalizedChild = $ChildPath.TrimEnd($separator, [System.IO.Path]::AltDirectorySeparatorChar) + $separator
+    return $normalizedChild.StartsWith($normalizedParent, [System.StringComparison]::OrdinalIgnoreCase)
+}
+
+function ConvertFrom-BackendYamlScalar {
+    <#
+    .SYNOPSIS
+    Reads one backend name or pool-member ID from constrained YAML syntax.
+
+    .DESCRIPTION
+    Supports unquoted, single-quoted, and JSON-compatible double-quoted YAML
+    scalars. The parser intentionally does not support anchors, aliases, tags,
+    multiline scalars, or flow collections. Limiting the supported syntax
+    keeps the dependency-free selection parser predictable and reviewable.
+
+    .OUTPUTS
+    System.String containing the decoded scalar value.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [string] $Value,
+
+        [Parameter(Mandatory = $true)]
+        [int] $LineNumber
+    )
+
+    $scalar = $Value.Trim()
+
+    if ($scalar.StartsWith("'", [System.StringComparison]::Ordinal)) {
+        if (-not $scalar.EndsWith("'", [System.StringComparison]::Ordinal) -or $scalar.Length -lt 2) {
+            throw "Unterminated single-quoted YAML scalar on line $LineNumber."
+        }
+
+        $result = $scalar.Substring(1, $scalar.Length - 2).Replace("''", "'")
+    }
+    elseif ($scalar.StartsWith('"', [System.StringComparison]::Ordinal)) {
+        try {
+            $result = $scalar | ConvertFrom-Json
+        }
+        catch {
+            throw "Invalid double-quoted YAML scalar on line $LineNumber. $($_.Exception.Message)"
+        }
+    }
+    else {
+        $result = ($scalar -split '\s+#', 2)[0].TrimEnd()
+    }
+
+    if ([string]::IsNullOrWhiteSpace($result)) {
+        throw "Empty YAML scalar on line $LineNumber."
+    }
+
+    return [string] $result
+}
+
+function Assert-SafeBackendName {
+    <#
+    .SYNOPSIS
+    Rejects backend names that are invalid or unsafe as directory names.
+
+    .DESCRIPTION
+    The allowlist prevents path traversal and keeps names compatible with APIM
+    backend artifact directories. The function returns no value on success and
+    throws a configuration error for its caller to categorize on failure.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [string] $Name,
+
+        [Parameter(Mandatory = $true)]
+        [int] $LineNumber
+    )
+
+    if ($Name -notmatch '^[A-Za-z0-9][A-Za-z0-9._-]{0,79}$' -or
+        $Name -in @('.', '..') -or
+        $Name.Contains([System.IO.Path]::DirectorySeparatorChar) -or
+        $Name.Contains([System.IO.Path]::AltDirectorySeparatorChar) -or
+        [System.IO.Path]::GetFileName($Name) -ne $Name) {
+        throw "Backend name '$Name' on line $LineNumber is invalid. Use 1-80 letters, numbers, periods, underscores, or hyphens, starting with a letter or number."
+    }
+}
+
+function Get-BackendSelection {
+    <#
+    .SYNOPSIS
+    Reads the environment backend allowlist and configured pool memberships.
+
+    .DESCRIPTION
+    Scans exactly one top-level backends array. Every direct array item must
+    begin with '- name:'. For pool overrides, only IDs beneath
+    properties.pool.services are collected; unrelated id properties are
+    ignored. This avoids mistaking credentials or certificate IDs for pool
+    members.
+
+    .OUTPUTS
+    PSCustomObject with these properties:
+    - Names: ordered backend and pool names selected for publication.
+    - NameSet: case-sensitive set used for exact membership checks.
+    - PoolMembers: configured pool members grouped by selected backend name.
+    - ConfiguredPoolServices: names whose services array is overridden.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [string] $Path
+    )
+
+    $lines = [System.IO.File]::ReadAllLines($Path)
+    $backendSectionFound = $false
+    $backendSectionComplete = $false
+    $itemIndent = $null
+    $currentBackend = $null
+    $poolIndent = $null
+    $servicesIndent = $null
+    $orderedNames = [System.Collections.Generic.List[string]]::new()
+    $names = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
+    $poolMembers = [System.Collections.Generic.Dictionary[string, System.Collections.Generic.List[string]]]::new([System.StringComparer]::Ordinal)
+    $configuredPoolServices = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
+
+    $backendSectionCount = @($lines | Where-Object { $_ -match '^backends\s*:' }).Count
+    if ($backendSectionCount -ne 1) {
+        throw "Configuration '$Path' must contain exactly one top-level backends property; found $backendSectionCount."
+    }
+
+    for ($index = 0; $index -lt $lines.Length; $index++) {
+        $line = $lines[$index]
+        $lineNumber = $index + 1
+
+        if ($line.Contains("`t")) {
+            throw "Tab indentation is not supported in YAML (line $lineNumber)."
+        }
+
+        if ($line -match '^\s*$' -or $line -match '^\s*#') {
+            continue
+        }
+
+        $indent = $line.Length - $line.TrimStart(' ').Length
+
+        if (-not $backendSectionFound) {
+            if ($line -match '^backends\s*:\s*(?:#.*)?$') {
+                $backendSectionFound = $true
+            }
+            continue
+        }
+
+        if ($indent -eq 0) {
+            $backendSectionComplete = $true
+            break
+        }
+
+        $trimmed = $line.TrimStart(' ')
+
+        if ($null -ne $poolIndent -and $indent -le $poolIndent) {
+            $poolIndent = $null
+            $servicesIndent = $null
+        }
+        elseif ($null -ne $servicesIndent -and $indent -le $servicesIndent) {
+            $servicesIndent = $null
+        }
+
+        if ($trimmed -match '^-\s+name\s*:\s*(?<value>.+?)\s*$') {
+            if ($null -eq $itemIndent) {
+                $itemIndent = $indent
+            }
+
+            if ($indent -eq $itemIndent) {
+                $name = ConvertFrom-BackendYamlScalar -Value $Matches['value'] -LineNumber $lineNumber
+                Assert-SafeBackendName -Name $name -LineNumber $lineNumber
+
+                if (-not $names.Add($name)) {
+                    throw "Duplicate backend name '$name' in configuration on line $lineNumber."
+                }
+
+                $orderedNames.Add($name)
+                $poolMembers.Add($name, [System.Collections.Generic.List[string]]::new())
+                $currentBackend = $name
+                $poolIndent = $null
+                $servicesIndent = $null
+                continue
+            }
+        }
+
+        if ($trimmed -match '^-\s+' -and ($null -eq $itemIndent -or $indent -eq $itemIndent)) {
+            if ($null -eq $itemIndent) {
+                $itemIndent = $indent
+            }
+
+            throw "Each direct item under top-level backends must start with '- name:' (line $lineNumber)."
+        }
+
+        if ($null -ne $currentBackend -and $indent -gt $itemIndent -and $trimmed -match '^pool\s*:\s*(?:#.*)?$') {
+            $poolIndent = $indent
+            $servicesIndent = $null
+            continue
+        }
+
+        if ($null -ne $poolIndent -and $indent -gt $poolIndent -and $trimmed -match '^services\s*:\s*(?<value>.*?)\s*$') {
+            $servicesValue = ($Matches['value'] -split '\s+#', 2)[0].Trim()
+            if (-not [string]::IsNullOrWhiteSpace($servicesValue)) {
+                throw "Pool services must use block-list syntax and must not be empty (line $lineNumber)."
+            }
+
+            $null = $configuredPoolServices.Add($currentBackend)
+            $servicesIndent = $indent
+            continue
+        }
+
+        if ($null -ne $servicesIndent -and $indent -gt $servicesIndent -and $trimmed -match '^-\s+id\s*:\s*(?<value>.+?)\s*$') {
+            $backendId = ConvertFrom-BackendYamlScalar -Value $Matches['value'] -LineNumber $lineNumber
+            if ($backendId -notmatch '(?:^|/)backends/(?<name>[^/]+)$') {
+                throw "Backend pool member ID '$backendId' on line $lineNumber must end with '/backends/<name>'."
+            }
+
+            $memberName = $Matches['name']
+            Assert-SafeBackendName -Name $memberName -LineNumber $lineNumber
+            $poolMembers[$currentBackend].Add($memberName)
+        }
+    }
+
+    if (-not $backendSectionFound) {
+        throw "Configuration '$Path' does not contain a top-level backends property."
+    }
+
+    if (-not $backendSectionComplete -and $lines.Length -eq 0) {
+        throw "Configuration '$Path' is empty."
+    }
+
+    if ($orderedNames.Count -eq 0) {
+        throw "Configuration '$Path' must select at least one backend resource."
+    }
+
+    return [pscustomobject]@{
+        Names = $orderedNames.ToArray()
+        NameSet = $names
+        PoolMembers = $poolMembers
+        ConfiguredPoolServices = $configuredPoolServices
+    }
+}
+
+function Get-CanonicalPoolMembers {
+    <#
+    .SYNOPSIS
+    Reads pool members from one canonical backendInformation.json artifact.
+
+    .DESCRIPTION
+    Concrete backend artifacts do not have properties.pool.services and return
+    an empty array. Pool artifacts return the terminal backend name from every
+    service ID. Malformed JSON and malformed service IDs stop validation.
+
+    .OUTPUTS
+    System.String[] containing zero or more backend names.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [string] $InformationFilePath
+    )
+
+    try {
+        $document = Get-Content -LiteralPath $InformationFilePath -Raw | ConvertFrom-Json
+    }
+    catch {
+        throw "Unable to parse '$InformationFilePath'. $($_.Exception.Message)"
+    }
+
+    if ($null -eq $document.properties -or
+        $null -eq $document.properties.PSObject.Properties['pool'] -or
+        $null -eq $document.properties.pool -or
+        $null -eq $document.properties.pool.PSObject.Properties['services']) {
+        return @()
+    }
+
+    $services = @($document.properties.pool.services)
+    $members = [System.Collections.Generic.List[string]]::new()
+
+    foreach ($service in $services) {
+        if ($null -eq $service -or [string]::IsNullOrWhiteSpace([string] $service.id)) {
+            throw "Backend pool '$InformationFilePath' contains a service without an ID."
+        }
+
+        $backendId = [string] $service.id
+        if ($backendId -notmatch '(?:^|/)backends/(?<name>[^/]+)$') {
+            throw "Backend pool member ID '$backendId' in '$InformationFilePath' must end with '/backends/<name>'."
+        }
+
+        $members.Add($Matches['name'])
+    }
+
+    return $members.ToArray()
+}
+
+function Assert-BackendReferences {
+    <#
+    .SYNOPSIS
+    Verifies that selected pools and literal policy references are complete.
+
+    .DESCRIPTION
+    Configured pool services take precedence over canonical pool services,
+    matching APIOps publisher override behavior. Every effective pool member
+    must be selected. Literal set-backend-service backend-id values in XML
+    policies must also be selected. Dynamic expressions and Named Value
+    substitutions are skipped because their runtime value cannot be resolved
+    safely without an APIM deployment context.
+
+    .OUTPUTS
+    No output. Throws on the first invalid reference.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [string] $ArtifactsPath,
+
+        [Parameter(Mandatory = $true)]
+        [pscustomobject] $Selection
+    )
+
+    $backendsPath = Join-Path $ArtifactsPath 'backends'
+
+    foreach ($backendName in $Selection.Names) {
+        $informationFile = Join-Path (Join-Path $backendsPath $backendName) 'backendInformation.json'
+        if (-not (Test-Path -LiteralPath $informationFile -PathType Leaf)) {
+            throw "Selected backend '$backendName' does not contain backendInformation.json."
+        }
+
+        $configuredMembers = $Selection.PoolMembers[$backendName]
+        if ($Selection.ConfiguredPoolServices.Contains($backendName) -and $configuredMembers.Count -eq 0) {
+            throw "Selected backend pool '$backendName' declares an empty services list."
+        }
+
+        if ($Selection.ConfiguredPoolServices.Contains($backendName)) {
+            $effectiveMembers = @($configuredMembers)
+        }
+        else {
+            $effectiveMembers = @(Get-CanonicalPoolMembers -InformationFilePath $informationFile)
+        }
+
+        $distinctMembers = @($effectiveMembers | Sort-Object -Unique)
+        if ($distinctMembers.Count -ne $effectiveMembers.Count) {
+            throw "Selected backend pool '$backendName' contains duplicate service IDs."
+        }
+
+        foreach ($memberName in $effectiveMembers) {
+            if ($memberName -eq $backendName) {
+                throw "Selected backend pool '$backendName' cannot reference itself."
+            }
+
+            if (-not $Selection.NameSet.Contains($memberName)) {
+                throw "Selected backend pool '$backendName' references filtered backend '$memberName'."
+            }
+        }
+    }
+
+    $policyPattern = '<set-backend-service\b[^>]*\bbackend-id\s*=\s*["''](?<name>[^"'']+)["'']'
+    foreach ($policyFile in Get-ChildItem -LiteralPath $ArtifactsPath -Recurse -File -Filter '*.xml') {
+        $content = Get-Content -LiteralPath $policyFile.FullName -Raw
+        foreach ($match in [System.Text.RegularExpressions.Regex]::Matches($content, $policyPattern, [System.Text.RegularExpressions.RegexOptions]::IgnoreCase)) {
+            $backendName = $match.Groups['name'].Value.Trim()
+            if ($backendName.Contains('{{') -or $backendName.Contains('@(')) {
+                continue
+            }
+
+            if (-not $Selection.NameSet.Contains($backendName)) {
+                throw "Policy '$($policyFile.FullName)' references filtered backend or pool '$backendName'."
+            }
+        }
+    }
+}
+
+function Write-GitHubStepSummary {
+    <#
+    .SYNOPSIS
+    Adds the successful selection result to the GitHub Actions job summary.
+
+    .DESCRIPTION
+    The summary is optional operational output. A summary-writing failure emits
+    a warning but does not invalidate an otherwise complete staging operation.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [pscustomobject] $Result
+    )
+
+    if ([string]::IsNullOrWhiteSpace($env:GITHUB_STEP_SUMMARY)) {
+        return
+    }
+
+    try {
+        $summaryLines = [System.Collections.Generic.List[string]]::new()
+        $summaryLines.Add('## APIOps backend selection')
+        $summaryLines.Add('')
+        $summaryLines.Add('- Result: Success (exit code 0)')
+        $summaryLines.Add("- Selected backend resources: $($Result.SelectedBackends.Count)")
+        $summaryLines.Add("- Filtered backend resources: $($Result.RemovedBackends.Count)")
+        $summaryLines.Add("- Audit manifest: ``$($Result.AuditManifestPath)``")
+        $summaryLines.Add('')
+        $summaryLines.Add('### Selected resources')
+        $summaryLines.Add('')
+        foreach ($backendName in $Result.SelectedBackends) {
+            $summaryLines.Add("- ``$backendName``")
+        }
+
+        $summaryLines | Add-Content -LiteralPath $env:GITHUB_STEP_SUMMARY -Encoding utf8
+    }
+    catch {
+        Write-Warning "Staging succeeded, but the GitHub job summary could not be updated: $($_.Exception.Message)"
+    }
+}
+
+function Write-PreparationFailure {
+    <#
+    .SYNOPSIS
+    Writes one consistent, actionable failure block to standard error.
+
+    .DESCRIPTION
+    GitHub Actions also receives an error workflow command. The workflow
+    command is best-effort and never replaces the standard error block.
+    #>
+    param(
+        [Parameter(Mandatory = $true)]
+        [int] $ExitCode,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Category,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Message,
+
+        [Parameter(Mandatory = $true)]
+        [string] $Resolution,
+
+        [System.Management.Automation.ErrorRecord] $ErrorRecord
+    )
+
+    [Console]::Error.WriteLine('')
+    [Console]::Error.WriteLine('[ERROR] APIOps artifact preparation failed.')
+    [Console]::Error.WriteLine("Category : $Category")
+    [Console]::Error.WriteLine("Exit code: $ExitCode")
+    [Console]::Error.WriteLine("Message  : $Message")
+    [Console]::Error.WriteLine("Resolution: $Resolution")
+
+    if ($VerbosePreference -ne 'SilentlyContinue' -and $null -ne $ErrorRecord) {
+        [Console]::Error.WriteLine("Exception : $($ErrorRecord.Exception.GetType().FullName)")
+        if (-not [string]::IsNullOrWhiteSpace($ErrorRecord.ScriptStackTrace)) {
+            [Console]::Error.WriteLine("Stack     : $($ErrorRecord.ScriptStackTrace)")
+        }
+    }
+
+    if ($env:GITHUB_ACTIONS -eq 'true') {
+        $annotation = "$Category (exit code $ExitCode): $Message Resolution: $Resolution"
+        $annotation = $annotation.Replace('%', '%25').Replace("`r", '%0D').Replace("`n", '%0A')
+        [Console]::Error.WriteLine("::error title=APIOps artifact preparation failed::$annotation")
+    }
+}
+
+function Invoke-ApimArtifactPreparation {
+    <#
+    .SYNOPSIS
+    Coordinates validation, staging, reference checks, and audit generation.
+
+    .DESCRIPTION
+    This function is the single owner of the end-to-end process. Parsing and
+    reference helpers remain side-effect free; file-system changes occur only
+    in phases 4 and 6. Any failure after staging begins removes the partial
+    destination before the categorized error is returned to the caller.
+
+    .OUTPUTS
+    PSCustomObject describing the successful staging result.
+    #>
+    param(
+        [string] $SourcePathInput,
+        [string] $DestinationPathInput,
+        [string] $ConfigurationPathInput,
+        [string] $AuditPathInput,
+        [switch] $ReplaceDestination
+    )
+
+    $requiredInputs = [ordered]@{
+        SourceArtifactsPath = $SourcePathInput
+        DestinationArtifactsPath = $DestinationPathInput
+        ConfigurationPath = $ConfigurationPathInput
+    }
+    $missingInputs = @($requiredInputs.GetEnumerator() | Where-Object { [string]::IsNullOrWhiteSpace([string] $_.Value) } | ForEach-Object Key)
+    if ($missingInputs.Count -gt 0) {
+        Stop-Preparation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -Category 'Invalid input' `
+            -Message "Required parameter values are missing: $($missingInputs -join ', ')." `
+            -Resolution 'Run the script with -SourceArtifactsPath, -DestinationArtifactsPath, and -ConfigurationPath. Use Get-Help with -Full for examples.'
+    }
+
+    Write-Host '=== APIOps Environment Artifact Preparation ===' -ForegroundColor Cyan
+    Write-Host '[1/6] Validating and resolving input paths...'
+
+    $sourcePath = Invoke-PreparationOperation `
+        -ExitCode $script:ExitCodes.InvalidInput `
+        -Category 'Invalid input' `
+        -Message "Could not resolve source artifact path '$SourcePathInput'." `
+        -Resolution 'Confirm that SourceArtifactsPath exists and points to the APIOps artifact root.' `
+        -Operation { Get-FullPath -Path $SourcePathInput -MustExist }
+
+    $configurationFullPath = Invoke-PreparationOperation `
+        -ExitCode $script:ExitCodes.InvalidInput `
+        -Category 'Invalid input' `
+        -Message "Could not resolve configuration path '$ConfigurationPathInput'." `
+        -Resolution 'Confirm that ConfigurationPath exists and points to the intended environment configuration YAML file.' `
+        -Operation { Get-FullPath -Path $ConfigurationPathInput -MustExist }
+
+    $destinationPath = Invoke-PreparationOperation `
+        -ExitCode $script:ExitCodes.InvalidInput `
+        -Category 'Invalid input' `
+        -Message "Could not normalize destination artifact path '$DestinationPathInput'." `
+        -Resolution 'Use a valid local or runner-temporary directory path for DestinationArtifactsPath.' `
+        -Operation { Get-FullPath -Path $DestinationPathInput }
+
+    if (-not (Test-Path -LiteralPath $sourcePath -PathType Container)) {
+        Stop-Preparation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -Category 'Invalid input' `
+            -Message "SourceArtifactsPath is not a directory: $sourcePath" `
+            -Resolution 'Pass the APIOps artifact root directory, not an individual artifact file.'
+    }
+
+    if (-not (Test-Path -LiteralPath $configurationFullPath -PathType Leaf)) {
+        Stop-Preparation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -Category 'Invalid input' `
+            -Message "ConfigurationPath is not a file: $configurationFullPath" `
+            -Resolution 'Pass one configuration.<environment>.yaml file.'
+    }
+
+    if ($sourcePath -eq $destinationPath -or
+        (Test-PathContains -ParentPath $sourcePath -ChildPath $destinationPath) -or
+        (Test-PathContains -ParentPath $destinationPath -ChildPath $sourcePath)) {
+        Stop-Preparation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -Category 'Invalid input' `
+            -Message 'Source and destination artifact paths overlap.' `
+            -Resolution 'Choose a separate staging directory, preferably beneath the CI runner temporary directory.'
+    }
+
+    $auditPath = if ([string]::IsNullOrWhiteSpace($AuditPathInput)) {
+        "$destinationPath.selection.json"
+    }
+    else {
+        Invoke-PreparationOperation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -Category 'Invalid input' `
+            -Message "Could not normalize audit manifest path '$AuditPathInput'." `
+            -Resolution 'Use a valid file path outside both the source and staged artifact trees.' `
+            -Operation { Get-FullPath -Path $AuditPathInput }
+    }
+
+    if ($auditPath -eq $sourcePath -or $auditPath -eq $destinationPath -or
+        (Test-PathContains -ParentPath $sourcePath -ChildPath $auditPath) -or
+        (Test-PathContains -ParentPath $destinationPath -ChildPath $auditPath)) {
+        Stop-Preparation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -Category 'Invalid input' `
+            -Message "AuditManifestPath must be outside the source and staged artifact trees: $auditPath" `
+            -Resolution 'Place the audit manifest beside the staged directory or in a separate release-evidence directory.'
+    }
+
+    Write-Verbose "Source artifacts : $sourcePath"
+    Write-Verbose "Configuration    : $configurationFullPath"
+    Write-Verbose "Staged artifacts : $destinationPath"
+    Write-Verbose "Audit manifest   : $auditPath"
+
+    Write-Host '[2/6] Reading the target backend allowlist...'
+    $selection = Invoke-PreparationOperation `
+        -ExitCode $script:ExitCodes.InvalidConfiguration `
+        -Category 'Invalid configuration' `
+        -Message "Could not read the backend selection from '$configurationFullPath'." `
+        -Resolution 'Correct the top-level backends array. Each direct item must begin with - name:, and pool services must use block-list syntax.' `
+        -Operation { Get-BackendSelection -Path $configurationFullPath }
+    Write-Host "      Selected $($selection.Names.Count) backend resources, including pools."
+
+    Write-Host '[3/6] Checking selected resources against the source artifacts...'
+    $sourceInventory = Invoke-PreparationOperation `
+        -ExitCode $script:ExitCodes.InvalidSourceArtifacts `
+        -Category 'Invalid source artifacts' `
+        -Message "The source artifact tree '$sourcePath' is incomplete or unreadable." `
+        -Resolution 'Re-run the APIOps extractor or restore the missing backend directories and backendInformation.json files.' `
+        -Operation {
+            $sourceBackendsPath = Join-Path $sourcePath 'backends'
+            if (-not (Test-Path -LiteralPath $sourceBackendsPath -PathType Container)) {
+                throw "The required backends directory does not exist: $sourceBackendsPath"
+            }
+
+            $availableNames = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
+            foreach ($directory in Get-ChildItem -LiteralPath $sourceBackendsPath -Force -Directory) {
+                $null = $availableNames.Add($directory.Name)
+            }
+
+            $missingNames = @($selection.Names | Where-Object { -not $availableNames.Contains($_) })
+            if ($missingNames.Count -gt 0) {
+                throw "Selected backend directories do not exist: $($missingNames -join ', ')"
+            }
+
+            foreach ($backendName in $selection.Names) {
+                $informationFile = Join-Path (Join-Path $sourceBackendsPath $backendName) 'backendInformation.json'
+                if (-not (Test-Path -LiteralPath $informationFile -PathType Leaf)) {
+                    throw "Selected backend '$backendName' is missing backendInformation.json."
+                }
+
+                try {
+                    $null = Get-Content -LiteralPath $informationFile -Raw | ConvertFrom-Json
+                }
+                catch {
+                    throw "Selected backend '$backendName' has invalid backendInformation.json. $($_.Exception.Message)"
+                }
+            }
+
+            return [pscustomobject]@{
+                BackendsPath = $sourceBackendsPath
+                AvailableNames = $availableNames
+            }
+        }
+    Write-Host "      Found $($sourceInventory.AvailableNames.Count) backend resources in the canonical superset."
+
+    # This check intentionally occurs before the staging try/catch. When Force
+    # is absent, the existing directory remains user-owned and must never enter
+    # the cleanup path for artifacts created by this script.
+    if ((Test-Path -LiteralPath $destinationPath) -and -not $ReplaceDestination) {
+        Stop-Preparation `
+            -ExitCode $script:ExitCodes.InvalidInput `
+            -Category 'Invalid input' `
+            -Message "DestinationArtifactsPath already exists: $destinationPath" `
+            -Resolution 'Choose a new staging path or rerun with -Force to replace the existing destination.'
+    }
+
+    try {
+        Write-Host '[4/6] Copying the artifact tree and filtering staged backends...'
+        $removedNames = @(Invoke-PreparationOperation `
+            -ExitCode $script:ExitCodes.StagingFailure `
+            -Category 'Staging failure' `
+            -Message "Could not prepare staged artifacts at '$destinationPath'." `
+            -Resolution 'Check file-system permissions and available disk space. Remove stale files or rerun with -Force when replacing the destination is intended.' `
+            -Operation {
+                if (Test-Path -LiteralPath $destinationPath) {
+                    Write-Verbose "Removing existing staging directory because -Force was supplied: $destinationPath"
+                    Remove-Item -LiteralPath $destinationPath -Recurse -Force
+                }
+
+                $null = New-Item -ItemType Directory -Path $destinationPath -Force
+                Get-ChildItem -LiteralPath $sourcePath -Force |
+                    Copy-Item -Destination $destinationPath -Recurse -Force
+
+                $stagedBackendsPath = Join-Path $destinationPath 'backends'
+                $removed = [System.Collections.Generic.List[string]]::new()
+                foreach ($directory in Get-ChildItem -LiteralPath $stagedBackendsPath -Force -Directory) {
+                    if (-not $selection.NameSet.Contains($directory.Name)) {
+                        $removed.Add($directory.Name)
+                        Remove-Item -LiteralPath $directory.FullName -Recurse -Force
+                    }
+                }
+
+                return $removed.ToArray()
+            })
+        Write-Host "      Removed $($removedNames.Count) unselected backend resources from staging."
+
+        Write-Host '[5/6] Validating pool members and policy backend references...'
+        $null = Invoke-PreparationOperation `
+            -ExitCode $script:ExitCodes.InvalidReferences `
+            -Category 'Invalid backend references' `
+            -Message 'The selected backend set is not dependency-complete.' `
+            -Resolution 'Select every backend referenced by a retained pool or literal set-backend-service policy, then rerun the script.' `
+            -Operation { Assert-BackendReferences -ArtifactsPath $destinationPath -Selection $selection }
+
+        Write-Host '[6/6] Writing the backend selection audit manifest...'
+        $auditManifest = [ordered]@{
+            schemaVersion = 1
+            status = 'Succeeded'
+            exitCode = $script:ExitCodes.Success
+            generatedAtUtc = [DateTimeOffset]::UtcNow.ToString('O')
+            sourceArtifactsPath = $sourcePath
+            destinationArtifactsPath = $destinationPath
+            configurationPath = $configurationFullPath
+            configurationSha256 = (Get-FileHash -LiteralPath $configurationFullPath -Algorithm SHA256).Hash.ToLowerInvariant()
+            availableBackendCount = $sourceInventory.AvailableNames.Count
+            selectedBackendCount = $selection.Names.Count
+            selectedBackends = @($selection.Names | Sort-Object)
+            removedBackendCount = $removedNames.Count
+            removedBackends = @($removedNames | Sort-Object)
+        }
+
+        $null = Invoke-PreparationOperation `
+            -ExitCode $script:ExitCodes.AuditFailure `
+            -Category 'Audit failure' `
+            -Message "Could not write the selection audit manifest '$auditPath'." `
+            -Resolution 'Check the audit directory permissions and available disk space, then rerun the script. The partial staging directory has been removed.' `
+            -Operation {
+                $auditParent = Split-Path -Path $auditPath -Parent
+                if (-not (Test-Path -LiteralPath $auditParent -PathType Container)) {
+                    $null = New-Item -ItemType Directory -Path $auditParent -Force
+                }
+
+                # Write to a temporary sibling first so a failed write cannot
+                # leave a truncated manifest that appears valid to automation.
+                $temporaryAuditPath = Join-Path $auditParent ".$(Split-Path -Path $auditPath -Leaf).$([guid]::NewGuid().ToString('N')).tmp"
+                try {
+                    $auditManifest | ConvertTo-Json -Depth 10 |
+                        Set-Content -LiteralPath $temporaryAuditPath -Encoding utf8
+                    Move-Item -LiteralPath $temporaryAuditPath -Destination $auditPath -Force
+                }
+                finally {
+                    Remove-Item -LiteralPath $temporaryAuditPath -Force -ErrorAction SilentlyContinue
+                }
+            }
+    }
+    catch {
+        if (Test-Path -LiteralPath $destinationPath) {
+            try {
+                Remove-Item -LiteralPath $destinationPath -Recurse -Force -ErrorAction Stop
+                Write-Verbose "Removed partial staging directory after failure: $destinationPath"
+            }
+            catch {
+                Write-Warning "Could not completely remove the partial staging directory '$destinationPath': $($_.Exception.Message)"
+            }
+        }
+        throw
+    }
+
+    return [pscustomobject]@{
+        DestinationArtifactsPath = $destinationPath
+        AuditManifestPath = $auditPath
+        SelectedBackends = @($selection.Names | Sort-Object)
+        RemovedBackends = @($removedNames | Sort-Object)
+    }
+}
+
+# The entry point prints exactly one final result and owns the process exit
+# code. Helper functions throw metadata-rich exceptions but never call exit.
+try {
+    $result = Invoke-ApimArtifactPreparation `
+        -SourcePathInput $SourceArtifactsPath `
+        -DestinationPathInput $DestinationArtifactsPath `
+        -ConfigurationPathInput $ConfigurationPath `
+        -AuditPathInput $AuditManifestPath `
+        -ReplaceDestination:$Force
+
+    Write-Host ''
+    Write-Host '[SUCCESS] APIOps artifact preparation completed.' -ForegroundColor Green
+    Write-Host "Exit code : $($script:ExitCodes.Success)"
+    Write-Host "Staged at : $($result.DestinationArtifactsPath)"
+    Write-Host "Audit file: $($result.AuditManifestPath)"
+    Write-Host "Selected  : $($result.SelectedBackends.Count) backend resources"
+    Write-Host "Filtered  : $($result.RemovedBackends.Count) backend resources"
+    Write-GitHubStepSummary -Result $result
+    exit $script:ExitCodes.Success
+}
+catch {
+    $exitCode = $script:ExitCodes.UnexpectedFailure
+    $category = 'Unexpected failure'
+    $resolution = 'Rerun with -Verbose for diagnostic context. If the problem continues, provide the complete error block to the script maintainer.'
+
+    if ($_.Exception.Data.Contains('ExitCode')) {
+        $exitCode = [int] $_.Exception.Data['ExitCode']
+        $category = [string] $_.Exception.Data['Category']
+        $resolution = [string] $_.Exception.Data['Resolution']
+    }
+
+    Write-PreparationFailure `
+        -ExitCode $exitCode `
+        -Category $category `
+        -Message $_.Exception.Message `
+        -Resolution $resolution `
+        -ErrorRecord $_
+    exit $exitCode
+}
diff --git a/samples/load-balancing/README.md b/samples/load-balancing/README.md
index 607a8139..836a3547 100644
--- a/samples/load-balancing/README.md
+++ b/samples/load-balancing/README.md
@@ -4,7 +4,7 @@ Sets up an APIM instance that demonstrates load balancing and circuit breaking a
 
 ⚙️ **Supported infrastructures**: apim-aca, afd-apim-pe
 
-👟 **Expected *Run All* runtime (excl. infrastructure prerequisite): ~3 minutes**
+👟 **Expected _Run All_ runtime (excl. infrastructure prerequisite): ~3 minutes**
 
 ## 🎯 Objectives
 
@@ -20,25 +20,26 @@ This lab integrates into an existing Azure Container Apps architecture and sets
 - Three separate backends are set up in APIM that each point to a different endpoint on this container app (e.g. /api/0, /api/1, etc.).
 - Four separate backend pool with varying load balancer setups are configured using these three backends.
 - Six APIs that each demonstrate a different load-balancing or error-handling behavior, including a `/lb-retry-tracked` endpoint that records the soonest backend recovery time as an absolute UTC timestamp and emits a decreasing `Retry-After` header until that instant elapses.
+- Every policy uses a bounded retry count of `2`, allowing two retries after the initial attempt, for three total attempts. This may already be more than sufficient for interactive traffic. The limit is intentionally independent of pool size because circuit breakers remove failed backends from selection and repeated failures across recently eligible members are a signal to return control to the caller.
 
 ## 🧪 Test Matrix
 
 The notebook exercises each load-balancing strategy with a dedicated test. Run order and run counts are fixed; behaviour varies by backend pool configuration and per-test sleep semantics.
 
-| # | Test | API path | Runs | Pool / Backends | Sleep semantics | Key behaviour verified | Chart |
-| --- | --- | --- | --- | --- | --- | --- | --- |
-| 1 | Prioritized Distribution | `/lb-prioritized` | 15 | 2 backends, priorities P1 -> P2 | None | First request lands on P1 (index 0, count 1); P1 serves until exhaustion, then P2 takes over until the pool is unhealthy | Yes |
-| 2 | Weighted (50/50) | `/lb-weighted-equal` | 15 | 2 backends, equal weight | None | Requests alternate across the two backends until exhaustion | Yes |
-| 3 | Weighted (80/20) | `/lb-weighted-unequal` | 15 | 2 backends, 80/20 weight | None | Distribution roughly tracks the configured 80/20 weighting until exhaustion | Yes |
-| 4 | Prioritized & Weighted | `/lb-prioritized-weighted` | 25 | 3 backends, P1 then 2 x P2 equal weight | None | P1 serves first; P2 pair then takes over with equal weighting until the pool is unhealthy | Yes |
-| 5 | Prioritized & Weighted (500ms sleep) | `/lb-prioritized-weighted` | 20 | Same as #4 | 500 ms sleep between every request | The sleep gives backends time to recover, so the pool keeps serving longer before exhaustion | Yes |
-| 6 | Absolute-Time `Retry-After` Tracking | `/lb-retry-tracked` | 25 | 2 backends, priorities P1 -> P2 | On every 429 with a parseable `Retry-After`, the loop sleeps exactly that many seconds (the policy bakes in a +1s buffer) | Pre-first-wait `Retry-After` values are non-increasing; first emitted value is > 0; at least one request after the first wait returns 200 (pool recovered) | Yes |
-| 7 | 503-to-429 Error Handling | `/lb-429-prioritized` | 12 | 2 backends, priorities P1 -> P2 | None | At least one 429 is returned once the pool is exhausted; 429 responses carry a `Retry-After` header and non-429 responses do not | No |
+| #   | Test                                 | API path                   | Runs | Pool / Backends                         | Sleep semantics                                                                                                           | Key behaviour verified                                                                                                                                     | Chart |
+| --- | ------------------------------------ | -------------------------- | ---- | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- |
+| 1   | Prioritized Distribution             | `/lb-prioritized`          | 15   | 2 backends, priorities P1 -> P2         | None                                                                                                                      | First request lands on P1 (index 0, count 1); P1 serves until exhaustion, then P2 takes over until the pool is unhealthy                                   | Yes   |
+| 2   | Weighted (50/50)                     | `/lb-weighted-equal`       | 15   | 2 backends, equal weight                | None                                                                                                                      | Requests alternate across the two backends until exhaustion                                                                                                | Yes   |
+| 3   | Weighted (80/20)                     | `/lb-weighted-unequal`     | 15   | 2 backends, 80/20 weight                | None                                                                                                                      | Distribution roughly tracks the configured 80/20 weighting until exhaustion                                                                                | Yes   |
+| 4   | Prioritized & Weighted               | `/lb-prioritized-weighted` | 25   | 3 backends, P1 then 2 x P2 equal weight | None                                                                                                                      | P1 serves first; P2 pair then takes over with equal weighting until the pool is unhealthy                                                                  | Yes   |
+| 5   | Prioritized & Weighted (500ms sleep) | `/lb-prioritized-weighted` | 20   | Same as #4                              | 500 ms sleep between every request                                                                                        | The sleep gives backends time to recover, so the pool keeps serving longer before exhaustion                                                               | Yes   |
+| 6   | Absolute-Time `Retry-After` Tracking | `/lb-retry-tracked`        | 25   | 2 backends, priorities P1 -> P2         | On every 429 with a parseable `Retry-After`, the loop sleeps exactly that many seconds (the policy bakes in a +1s buffer) | Pre-first-wait `Retry-After` values are non-increasing; first emitted value is > 0; at least one request after the first wait returns 200 (pool recovered) | Yes   |
+| 7   | 503-to-429 Error Handling            | `/lb-429-prioritized`      | 12   | 2 backends, priorities P1 -> P2         | None                                                                                                                      | At least one 429 is returned once the pool is exhausted; 429 responses carry a `Retry-After` header and non-429 responses do not                           | No    |
 
-Tests 1-6 run in the *Verify Deployment* cell; test 7 runs in the separate *Test 503-to-429 Error Handling* cell. All charts apply a 95th-percentile cutoff when computing the mean so the cold-path first request does not skew the steady-state average.
+Tests 1-6 run in the _Verify Deployment_ cell; test 7 runs in the separate _Test 503-to-429 Error Handling_ cell. All charts apply a 95th-percentile cutoff when computing the mean so the cold-path first request does not skew the steady-state average.
 
 ## ⚙️ Configuration
 
 1. Decide which of the [Infrastructure Architectures](../../README.md#infrastructure-architectures) you wish to use.
-    1. If the infrastructure *does not* yet exist, navigate to the desired [infrastructure](../../infrastructure/) folder and follow its README.md.
-    1. If the infrastructure *does* exist, adjust the `user-defined parameters` in the *Initialize notebook variables* below. Please ensure that all parameters match your infrastructure.
+    1. If the infrastructure _does not_ yet exist, navigate to the desired [infrastructure](../../infrastructure/) folder and follow its README.md.
+    1. If the infrastructure _does_ exist, adjust the `user-defined parameters` in the _Initialize notebook variables_ below. Please ensure that all parameters match your infrastructure.
diff --git a/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-429.xml b/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-429.xml
index 16aaf735..9635c22d 100644
--- a/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-429.xml
+++ b/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-429.xml
@@ -10,8 +10,7 @@
         <set-backend-service backend-id="{backend_id}" />
     </inbound>
     <backend>
-        <!--Apply load-balancing and retry mechanisms -->
-        <!--Set count to one less than the number of backends in the pool to try all backends until the backend pool is temporarily unavailable.-->
+        <!-- Two retries permit three total attempts and may already be more than sufficient. -->
         <retry count="{retry_count}" interval="0" first-fast-retry="true" condition="@(context.Response.StatusCode == 429 || context.Response.StatusCode == 503)">
             <forward-request buffer-request-body="true" />
         </retry>
diff --git a/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-retry-tracked.xml b/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-retry-tracked.xml
index e961dfb1..a870567f 100644
--- a/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-retry-tracked.xml
+++ b/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing-with-retry-tracked.xml
@@ -16,6 +16,7 @@
         <set-backend-service backend-id="{backend_id}" />
     </inbound>
     <backend>
+        <!-- Two retries permit three total attempts and may already be more than sufficient. -->
         <retry count="{retry_count}" interval="0" first-fast-retry="true" condition="@(context.Response.StatusCode == 429 || context.Response.StatusCode == 503)">
             <forward-request buffer-request-body="true" />
             <choose>
diff --git a/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing.xml b/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing.xml
index bdd9cdb6..d56a1272 100644
--- a/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing.xml
+++ b/samples/load-balancing/apim-policies/aca-backend-pool-load-balancing.xml
@@ -7,8 +7,7 @@
         <set-backend-service backend-id="{backend_id}" />
     </inbound>
     <backend>
-        <!--Apply load-balancing and retry mechanisms -->
-        <!--Set count to one less than the number of backends in the pool to try all backends until the backend pool is temporarily unavailable.-->
+        <!-- Two retries permit three total attempts and may already be more than sufficient. -->
         <retry count="{retry_count}" interval="0" first-fast-retry="true" condition="@(context.Response.StatusCode == 429 || context.Response.StatusCode == 503)">
             <forward-request buffer-request-body="true" />
         </retry>
diff --git a/samples/load-balancing/create.ipynb b/samples/load-balancing/create.ipynb
index 6a86002a..771a0eb7 100644
--- a/samples/load-balancing/create.ipynb
+++ b/samples/load-balancing/create.ipynb
@@ -60,24 +60,27 @@
     "# Get account info (returns: current_user, current_user_id, tenant_id, subscription_id)\n",
     "_, _, _, subscription_id = get_account_info()\n",
     "\n",
+    "# Two retries permit three total attempts and may already be more than sufficient.\n",
+    "backend_retry_count = 2\n",
+    "\n",
     "# Policy files with backend pool and retry count placeholders\n",
     "pol_lb_prioritized = utils.read_policy_xml('aca-backend-pool-load-balancing.xml', sample_name=sample_folder).format(\n",
-    "    backend_id='aca-backend-pool-web-api-429-prioritized', retry_count=2\n",
+    "    backend_id='aca-backend-pool-web-api-429-prioritized', retry_count=backend_retry_count\n",
     ")\n",
     "pol_lb_weighted_equal = utils.read_policy_xml('aca-backend-pool-load-balancing.xml', sample_name=sample_folder).format(\n",
-    "    backend_id='aca-backend-pool-web-api-429-weighted-50-50', retry_count=2\n",
+    "    backend_id='aca-backend-pool-web-api-429-weighted-50-50', retry_count=backend_retry_count\n",
     ")\n",
     "pol_lb_weighted_unequal = utils.read_policy_xml('aca-backend-pool-load-balancing.xml', sample_name=sample_folder).format(\n",
-    "    backend_id='aca-backend-pool-web-api-429-weighted-80-20', retry_count=2\n",
+    "    backend_id='aca-backend-pool-web-api-429-weighted-80-20', retry_count=backend_retry_count\n",
     ")\n",
     "pol_lb_prioritized_weighted = utils.read_policy_xml('aca-backend-pool-load-balancing.xml', sample_name=sample_folder).format(\n",
-    "    backend_id='aca-backend-pool-web-api-429-prioritized-and-weighted', retry_count=3\n",
+    "    backend_id='aca-backend-pool-web-api-429-prioritized-and-weighted', retry_count=backend_retry_count\n",
     ")\n",
     "pol_lb_429_prioritized = utils.read_policy_xml('aca-backend-pool-load-balancing-with-429.xml', sample_name=sample_folder).format(\n",
-    "    backend_id='aca-backend-pool-web-api-429-prioritized', retry_count=2\n",
+    "    backend_id='aca-backend-pool-web-api-429-prioritized', retry_count=backend_retry_count\n",
     ")\n",
     "pol_lb_retry_tracked = utils.read_policy_xml('aca-backend-pool-load-balancing-with-retry-tracked.xml', sample_name=sample_folder).format(\n",
-    "    backend_id='aca-backend-pool-web-api-429-prioritized', retry_count=2, cache_key='retry-tracked'\n",
+    "    backend_id='aca-backend-pool-web-api-429-prioritized', retry_count=backend_retry_count, cache_key='retry-tracked'\n",
     ")\n",
     "\n",
     "# API 1: Prioritized load balancing\n",
diff --git a/tests/python/test_inference_failover.py b/tests/python/test_inference_failover.py
index a65e5172..8e7278f9 100644
--- a/tests/python/test_inference_failover.py
+++ b/tests/python/test_inference_failover.py
@@ -11,6 +11,7 @@
 BICEP_PATH = SAMPLE_PATH / 'main.bicep'
 DIAGNOSTICS_BICEP_PATH = Path(__file__).resolve().parents[2] / 'shared' / 'bicep' / 'modules' / 'apim' / 'v1' / 'diagnostics.bicep'
 NOTEBOOK_PATH = SAMPLE_PATH / 'create.ipynb'
+PARAMS_PATH = SAMPLE_PATH / 'params.json'
 POLICY_PATH = SAMPLE_PATH / 'apim-policies' / 'inference-api-policy.xml'
 RETRY_TRACKED_POLICY_PATH = SAMPLE_PATH / 'apim-policies' / 'inference-api-policy-with-retry-tracked.xml'
 README_PATH = SAMPLE_PATH / 'README.md'
@@ -316,8 +317,8 @@ def test_inference_policies_use_managed_identity_retries_and_generic_terminal_er
     assert not (SAMPLE_PATH / 'inference-api-policy.xml').exists()
 
 
-def test_inference_retry_tracked_policy_requires_all_backends_and_finalizes_in_outbound() -> None:
-    """Keep the optional tracked route strict and outside the APIM on-error path."""
+def test_inference_retry_tracked_policy_requires_all_attempts_and_finalizes_in_outbound() -> None:
+    """Keep the optional tracked route bounded and outside the APIM on-error path."""
     api_policy = RETRY_TRACKED_POLICY_PATH.read_text(encoding='utf-8')
     policy_root = ElementTree.fromstring(api_policy)
     retry = policy_root.find('backend/retry')
@@ -339,8 +340,9 @@ def test_inference_retry_tracked_policy_requires_all_backends_and_finalizes_in_o
     assert 'parsedEpoch &lt;= nowEpoch' in api_policy
     assert 'Math.Max(0L, parsedEpoch - nowEpoch) + 1L' in api_policy
     assert 'context.Response.StatusCode == 429' in capacity_branch.attrib['condition']
-    assert 'backendAttempt", 0) == BACKEND_COUNT' in capacity_branch.attrib['condition']
-    assert 'backend429Attempt", 0) == BACKEND_COUNT' in capacity_branch.attrib['condition']
+    assert 'backendAttempt", 0) > 1' in capacity_branch.attrib['condition']
+    assert 'backend429Attempt", 0) == context.Variables.GetValueOrDefault<int>("backendAttempt", 0)' in capacity_branch.attrib['condition']
+    assert 'BACKEND_COUNT' not in api_policy
     assert capacity_branch.find('return-response/set-status').attrib == {'code': '429', 'reason': 'Too Many Requests'}
     assert all(f'StatusCode == {status_code}' in infrastructure_branch.attrib['condition'] for status_code in (500, 502, 503, 504))
     assert infrastructure_branch.find('return-response/set-status').attrib == {'code': '503', 'reason': 'Inference Service Unavailable'}
@@ -365,6 +367,18 @@ def test_inference_retry_tracked_policy_requires_all_backends_and_finalizes_in_o
     assert '&quot;' not in api_policy
 
 
+def test_inference_generated_params_match_bounded_policy_templates() -> None:
+    """Keep checked-in deployment parameters synchronized with the policy templates."""
+    params = json.loads(PARAMS_PATH.read_text(encoding='utf-8'))
+    policies = {api['name']: api['policyXml'] for api in params['parameters']['apis']['value']}
+    primary_template = POLICY_PATH.read_text(encoding='utf-8')
+    tracked_template = RETRY_TRACKED_POLICY_PATH.read_text(encoding='utf-8')
+
+    assert policies['inference-gpt-5-1'] == primary_template.replace('BACKEND_POOL_ID', 'inference-gpt-5-1-pool').replace('RETRY_COUNT', '2')
+    assert policies['inference-gpt-4-1-mini'] == primary_template.replace('BACKEND_POOL_ID', 'inference-gpt-4-1-mini-pool').replace('RETRY_COUNT', '2')
+    assert policies['inference-gpt-5-1-retry-tracked'] == tracked_template.replace('BACKEND_POOL_ID', 'inference-gpt-5-1-pool').replace('RETRY_COUNT', '2')
+
+
 def test_inference_policy_uses_exact_managed_identity_resource() -> None:
     """Require the exact Cognitive Services resource in the parsed policy structure."""
     for policy_path in (POLICY_PATH, RETRY_TRACKED_POLICY_PATH):
@@ -436,7 +450,7 @@ def test_inference_readme_documents_exact_response_handling_matrix() -> None:
     assert '`409` with `Retry-After`' in readme
     assert '`curl --max-time 1`' in readme
     assert '`POST /inference/gpt-5-1-retry-tracked/chat/completions`' in readme
-    assert 'returns a rewritten `429` only when all five gpt-5.1 backends return `429`' in readme
+    assert 'returns a rewritten `429` only when every attempt in the bounded retry chain returns `429`' in readme
 
 
 def test_inference_readme_defines_load_balancer_source_of_truth() -> None:
@@ -548,7 +562,9 @@ def test_inference_notebook_is_clean_and_defaults_to_simple_apim() -> None:
     retry_tracked_cells = [''.join(cell['source']) for cell in code_cells if 'inference-gpt-5-1-retry-tracked' in ''.join(cell['source'])]
     assert len(retry_tracked_cells) == 1
     assert "utils.read_policy_xml(\n    'inference-api-policy-with-retry-tracked.xml'" in retry_tracked_cells[0]
-    assert "'inference-gpt-5-1-pool',\n        4,\n        backend_count=5" in retry_tracked_cells[0]
+    assert 'backend_retry_count = 2' in retry_tracked_cells[0]
+    assert "'inference-gpt-5-1-pool',\n        backend_retry_count," in retry_tracked_cells[0]
+    assert 'backend_count' not in retry_tracked_cells[0]
     assert 'gpt_5_1_retry_tracked_api' in retry_tracked_cells[0]
     non_deployment_source = code_source.replace(retry_tracked_cells[0], '')
     assert 'inference-gpt-5-1-retry-tracked' not in non_deployment_source
diff --git a/tests/python/test_load_balancing_helpers.py b/tests/python/test_load_balancing_helpers.py
index 1d4eafef..39d526b8 100644
--- a/tests/python/test_load_balancing_helpers.py
+++ b/tests/python/test_load_balancing_helpers.py
@@ -1,5 +1,6 @@
 """Tests for the load-balancing sample-local runtime helpers."""
 
+import json
 import sys
 from pathlib import Path
 from unittest.mock import MagicMock
@@ -15,6 +16,33 @@
 from load_balancing_helpers import LoadBalancingScenario, LoadBalancingTrafficRunner, RetryTrackingResult  # noqa: E402
 
 
+@pytest.mark.unit
+def test_load_balancing_policies_use_bounded_retry_count() -> None:
+    """Keep every load-balancing route on two retries independent of pool size."""
+    notebook = json.loads((LOAD_BALANCING_DIR / 'create.ipynb').read_text(encoding='utf-8'))
+    code_source = '\n'.join(''.join(cell['source']) for cell in notebook['cells'] if cell['cell_type'] == 'code')
+    policy_paths = sorted((LOAD_BALANCING_DIR / 'apim-policies').glob('*.xml'))
+    params = json.loads((LOAD_BALANCING_DIR / 'params.json').read_text(encoding='utf-8'))
+    embedded_policies = {api['name']: api['operations'][0]['policyXml'] for api in params['parameters']['apis']['value']}
+    standard_template = (LOAD_BALANCING_DIR / 'apim-policies' / 'aca-backend-pool-load-balancing.xml').read_text(encoding='utf-8')
+    error_template = (LOAD_BALANCING_DIR / 'apim-policies' / 'aca-backend-pool-load-balancing-with-429.xml').read_text(encoding='utf-8')
+    tracked_template = (LOAD_BALANCING_DIR / 'apim-policies' / 'aca-backend-pool-load-balancing-with-retry-tracked.xml').read_text(encoding='utf-8')
+    expected_policies = {
+        'lb-prioritized': standard_template.format(backend_id='aca-backend-pool-web-api-429-prioritized', retry_count=2),
+        'lb-prioritized-weighted': standard_template.format(backend_id='aca-backend-pool-web-api-429-prioritized-and-weighted', retry_count=2),
+        'lb-weighted-equal': standard_template.format(backend_id='aca-backend-pool-web-api-429-weighted-50-50', retry_count=2),
+        'lb-weighted-unequal': standard_template.format(backend_id='aca-backend-pool-web-api-429-weighted-80-20', retry_count=2),
+        'lb-429-prioritized': error_template.format(backend_id='aca-backend-pool-web-api-429-prioritized', retry_count=2),
+        'lb-retry-tracked': tracked_template.format(backend_id='aca-backend-pool-web-api-429-prioritized', retry_count=2, cache_key='retry-tracked'),
+    }
+
+    assert 'backend_retry_count = 2' in code_source
+    assert code_source.count('retry_count=backend_retry_count') == 6
+    assert len(policy_paths) == 3
+    assert all('number of backends' not in policy_path.read_text(encoding='utf-8') for policy_path in policy_paths)
+    assert embedded_policies == expected_policies
+
+
 def _create_runner(*, responses=None, sleep=None, clock=None):
     requests = MagicMock()
     requests.headers = {'Ocp-Apim-Subscription-Key': 'initial-key'}

From 6cca44acb9a2dec8d9032f7f63a78f69cc849f1c Mon Sep 17 00:00:00 2001
From: Simon Kurtz <simonkurtz@microsoft.com>
Date: Thu, 18 Jun 2026 17:45:49 -0400
Subject: [PATCH 31/31] Update paths

---
 .../APIOps-variable-publish/README.md         | 121 ++++++++++---
 .../scripts/prepare-apiops-artifacts.ps1      |  40 +++--
 .../tests/test-prepare-apiops-artifacts.ps1   | 162 +++++++++++++++---
 .../workflow-templates/publish-apiops.yml     |  10 +-
 .../run-publisher-with-backend-selection.yml  |   2 +-
 5 files changed, 267 insertions(+), 68 deletions(-)

diff --git a/samples/inference-failover/APIOps-variable-publish/README.md b/samples/inference-failover/APIOps-variable-publish/README.md
index 159844bf..feedf383 100644
--- a/samples/inference-failover/APIOps-variable-publish/README.md
+++ b/samples/inference-failover/APIOps-variable-publish/README.md
@@ -11,8 +11,26 @@ The design follows the selective-publishing discussion in [Azure/apiops issue #7
 [Terraform and APIOps Environment Operations Plan](../TERRAFORM-APIOPS-BACKEND-ENVIRONMENT-PLAN.md). See
 [Related APIOps Discussions](#related-apiops-discussions) for the upstream behavior that shapes this POC.
 
+## Scope and Data Scrubbing
+
+This package is a publication-mechanics POC, not a deployable inference environment. It contains no tenant IDs, subscription IDs, client IDs, credentials,
+keys, real APIM names, real resource group names, or customer endpoints.
+
+- Every backend URL uses the IANA-reserved `.example.net` domain and cannot represent a production endpoint.
+- Workflow target names, APIM service names, and resource group names are fictitious examples that must be replaced.
+- `PTU`, `PAYG`, region, model, priority, and weight values demonstrate naming and configuration shape only. They do not describe purchased capacity.
+- GitHub workflow references such as `AZURE_CLIENT_ID` are secret names, not embedded values.
+- The artifacts do not include backend credentials, managed-identity configuration, circuit-breaker rules, APIs, or policies.
+
+Do not publish the included artifacts to a real APIM instance unchanged. The `.example.net` backends cannot serve traffic, and the workflow template has not
+been exercised against the reader's Azure environment.
+
 ## What the POC Proves
 
+The offline harness proves deterministic target selection, dependency checks for backend-pool members, source-tree immutability, and audit-manifest creation.
+The workflow template shows how the staged tree can be passed to APIOps. The harness does **not** execute APIOps, authenticate to Azure, publish to APIM, or
+verify runtime traffic and failover.
+
 | Environment | Canonical concrete backends | Selected concrete backends | Pool ID                  |
 | ----------- | --------------------------- | -------------------------- | ------------------------ |
 | DEV         | 10                          | 10                         | `inference-gpt-5-1-pool` |
@@ -63,10 +81,14 @@ replace the complete pool services array with a region-specific priority order:
 | West US 3 PAYG        | `gpt-5-1-PAYG-westus3`, `gpt-5-1-PAYG-westus3-02` | Priority 4     | Priority 3     |
 | Tertiary PAYG         | `gpt-5-1-PAYG-southcentralus`                     | Priority 5     | Priority 5     |
 
-APIM tries the lowest available priority first. Each APIM therefore exhausts simulated local PTU and then simulated peer-region PTU before using any PAYG
-capacity. PAYG follows the same locality order: local, peer-region, then tertiary fallback. The weights distribute traffic within each PAYG priority group. This
-capacity-first behavior is independent of global traffic routing between the two APIM instances; use Azure Front Door or another global entry point when clients
-need automatic regional APIM failover.
+The arrays express the intended order as lower numeric priorities: local PTU, peer-region PTU, local PAYG, peer-region PAYG, and tertiary PAYG. Weights
+distribute traffic only among available members of the same priority group. APIM uses a lower-priority group only when all members of every higher-priority
+group are unavailable because their circuit breakers are tripped.
+
+This POC intentionally omits circuit-breaker rules, so its priority arrays alone do **not** implement capacity exhaustion or runtime failover. A production
+adoption must add reviewed circuit breakers to the concrete backends and test `429`, `Retry-After`, trip, recovery, and lower-priority routing behavior. Global
+traffic routing between the two APIM instances is also outside this POC; use Azure Front Door or another global entry point when clients need regional APIM
+failover.
 
 ## Processing Flow
 
@@ -87,7 +109,8 @@ so the publisher must process the complete staged snapshot.
 ## Package Contents
 
 ```text
-POC/
+APIOps-variable-publish/
+|-- .editorconfig
 |-- README.md
 |-- artifacts/
 |   |-- backends/
@@ -119,11 +142,14 @@ The harness requires PowerShell 7. It does not require Azure credentials, an API
 From this directory:
 
 ```powershell
-./APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1
+./tests/test-prepare-apiops-artifacts.ps1
 ```
 
 The harness creates disposable copies under the operating system's temporary directory. It injects a temporary `poc-marker` Named Value into those copies to
-prove that filtering preserves non-backend artifact collections without shipping a synthetic resource to APIM. It verifies:
+prove that filtering preserves non-backend artifact collections without shipping a synthetic resource to APIM. Each successful target test prints a selection and
+transformation report. The report distinguishes the backend artifacts selected or removed during staging from the URL and complete pool-array overrides that the
+APIOps publisher subsequently applies from the target configuration. The missing-backend test also prints the complete caller-visible process output, exit code,
+and staging outcome so the preflight failure can be reviewed directly. It verifies:
 
 - [ ] DEV stages 10 concrete backends and `inference-gpt-5-1-pool` with 10 members.
 - [ ] QA stages 2 concrete backends and `inference-gpt-5-1-pool` with 2 members.
@@ -132,16 +158,19 @@ prove that filtering preserves non-backend artifact collections without shipping
 - [ ] Every successful run records concrete backend counts, pool counts, and effective membership in an audit manifest.
 - [ ] Non-backend artifact collections remain present.
 - [ ] A configuration containing absent `gpt-5-1-PTU-japaneast` exits with code `4`.
-- [ ] The missing-backend error names the ID, expected artifact path, and available IDs.
+- [ ] The missing-backend error quantifies the mismatch, names the unresolved ID and absent artifact path, explains the APIOps limitation, and provides exact fixes.
 - [ ] No staging directory is created after missing-ID preflight validation fails.
 - [ ] A pool member omitted from direct selection exits with code `3` before staging.
 - [ ] Invalid source and overlapping audit paths exit with code `2` before staging.
 - [ ] The canonical source tree remains byte-for-byte unchanged.
 
+The transformation report describes what the configuration asks APIOps to override. Because the harness does not run the publisher, it does not prove that an
+APIOps release accepted those overrides or that APIM reached the requested state. Validate those outcomes in a non-production APIM instance before promotion.
+
 Pass `-KeepTemporaryFiles` to retain generated trees for manual inspection:
 
 ```powershell
-pwsh ./samples/inference-failover/POC/tests/test-prepare-apiops-artifacts.ps1 -KeepTemporaryFiles
+pwsh ./samples/inference-failover/APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1 -KeepTemporaryFiles
 ```
 
 ## Run One Selection Manually
@@ -150,28 +179,36 @@ The following command produces a QA tree with `gpt-5-1-PTU-eastus2`, `gpt-5-1-PT
 configuration overrides the pool with those two concrete members:
 
 ```powershell
-pwsh ./samples/inference-failover/POC/scripts/prepare-apiops-artifacts.ps1 `
-  -SourceArtifactsPath ./samples/inference-failover/POC/artifacts `
-  -DestinationArtifactsPath ./samples/inference-failover/POC/out/qa `
-  -ConfigurationPath ./samples/inference-failover/POC/configurations/configuration.qa.yaml
+pwsh ./samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1 `
+  -SourceArtifactsPath ./samples/inference-failover/APIOps-variable-publish/artifacts `
+  -DestinationArtifactsPath ./samples/inference-failover/APIOps-variable-publish/out/qa `
+  -ConfigurationPath ./samples/inference-failover/APIOps-variable-publish/configurations/configuration.qa.yaml
 ```
 
 Generated `out` directories are demonstrations only and should not be committed. The GitHub workflow uses `${{ runner.temp }}` instead.
 
 ## Missing Backend Failure
 
-The negative fixture selects `gpt-5-1-PTU-japaneast`, which is not part of the canonical inventory. The script aggregates every missing configured ID and
-reports:
+The negative fixture selects `gpt-5-1-PTU-japaneast`, which is not part of the canonical inventory. The script aggregates every missing configured ID. The
+following output is abridged only where the available backend inventory is shown:
 
 ```text
-[POC004] CONFIGURED BACKEND ARTIFACTS ARE MISSING
+[POC004] CONFIGURATION REFERENCES BACKENDS THAT DO NOT EXIST IN THE CANONICAL ARTIFACTS
 Configuration: .../configuration.missing-backend.yaml
 Canonical backend root: .../artifacts/backends
-Configured backend IDs not found (1): gpt-5-1-PTU-japaneast
-Expected artifact path(s): .../artifacts/backends/gpt-5-1-PTU-japaneast/backendInformation.json
+Mismatch: configuration selects 2 backend IDs; canonical artifacts resolve 1 and cannot resolve 1.
+Unresolved configured backend IDs:
+  - gpt-5-1-PTU-japaneast (configuration line 8)
+Required artifact path(s) that do not exist:
+  - .../artifacts/backends/gpt-5-1-PTU-japaneast/backendInformation.json
 Available backend IDs (11): gpt-5-1-PAYG-centralus, ..., inference-gpt-5-1-pool
-The APIOps publisher was not started and no staging directory was created.
-Resolution: Restore or extract each missing backend artifact, or remove the incorrect ID from the target configuration, then rerun the preparation step.
+Why this fails: APIOps configuration can override an artifact-backed resource, but it cannot create a backend whose artifact is absent.
+Impact: preflight validation stopped before staging, Azure authentication, or APIOps publisher execution.
+Correction options:
+  1. Intended backend: add backendInformation.json at each required path shown above.
+  2. Typo or stale entry: correct or remove the exact name at the reported configuration line.
+Matching rule: configured names must match canonical backend directory names exactly, including case.
+Resolution: Apply the appropriate correction above, then rerun the preparation step.
 ```
 
 This validation happens before the destination is created. A typo or stale configuration therefore cannot silently produce an incomplete publication set.
@@ -214,8 +251,9 @@ The stable pool is another direct backend resource. Every environment supplies i
                 weight: 100
 ```
 
-APIOps replaces `properties.pool.services` as a complete array. It does not merge individual members with the canonical pool artifact. Every pool member must
-therefore also appear as a direct top-level backend entry in the same environment configuration.
+With the pinned APIOps `v7.0.3` publisher, `properties.pool.services` is replaced as a complete array. Individual members are not merged with the canonical
+pool artifact. Every pool member must therefore also appear as a direct top-level backend entry in the same environment configuration. Revalidate array
+replacement behavior before upgrading APIOps.
 
 The dependency-free parser intentionally supports this narrow APIOps shape:
 
@@ -233,11 +271,13 @@ Use a full YAML parser if a production configuration requires anchors, aliases,
 
 ## Adopt the Workflow Templates
 
-The files under `workflow-templates` are inert while they remain inside the POC. To use them in another repository:
+The files under `workflow-templates` are inert while they remain inside the POC. They are illustrative templates, not production-ready workflows. To use them
+in another repository:
 
 1. Place both workflow files in that repository's `.github/workflows/` directory without renaming them.
-1. Update the matrix values in `publish-apiops.yml` with real APIM service and resource group names.
-1. Update `source-artifacts-path`, configuration paths, and the preprocessing script path if the POC layout changes.
+1. Update every `resource-group-name` and `apim-service-name` matrix value in `publish-apiops.yml`; the checked-in names are fictitious.
+1. Update every `configuration-path`, `source-artifacts-path`, and the script path in `run-publisher-with-backend-selection.yml` if the package is not retained
+  at `samples/inference-failover/APIOps-variable-publish/`.
 1. Create protected GitHub environments named `apiops-dev`, `apiops-qa`, and `apiops-prod`, or update the matrix names.
 1. Add the following secrets to each protected environment:
     - `AZURE_CLIENT_ID`
@@ -246,10 +286,24 @@ The files under `workflow-templates` are inert while they remain inside the POC.
 1. Configure the federated credential for each client ID to trust the repository and matching GitHub environment.
 1. Grant the workload identity only the Azure permissions required to publish to its target APIM instance.
 1. Add required reviewers and deployment protections, especially for `apiops-prod`.
+1. Review the checked-out preprocessing script and both workflow files as executable release code.
+1. Run the offline harness, then validate publication, readback, API traffic, and rollback in a non-production APIM instance.
 1. Run the workflow manually and choose `dev`, `qa`, `prod`, or `all`.
 
-The reusable workflow uses OIDC through the SHA-pinned `azure/login` action. It downloads the APIOps `v7.0.3` Linux publisher, verifies the published SHA-256
-digest, and then executes it. Review and update both the release version and checksum together when adopting a newer APIOps release.
+The reusable workflow uses OIDC through the SHA-pinned `azure/login` action. It downloads the official APIOps `v7.0.3` Linux x64 publisher and verifies it
+against the SHA-256 digest pinned in the workflow before execution. The checked-in digest was independently verified against that release asset. The APIOps
+release page does not currently publish a checksum file, so recompute and review the digest whenever changing the publisher version or platform asset:
+
+```powershell
+$version = 'v7.0.3'
+$archive = 'publisher-linux-x64.zip'
+Invoke-WebRequest "https://github.com/Azure/apiops/releases/download/$version/$archive" -OutFile $archive
+(Get-FileHash -LiteralPath $archive -Algorithm SHA256).Hash.ToLowerInvariant()
+Remove-Item -LiteralPath $archive
+```
+
+Update `APIOPS_RELEASE_VERSION` and `PUBLISHER_ARCHIVE_SHA256` together, then review the target release notes. The current pinned digest is
+`f9808d211c672841b951378562c08fe2acfddeef8a524a80963d771fed4bfee7`.
 
 Selecting `all` starts all matching targets as independent matrix jobs. GitHub environment approvals still apply, but this POC does not impose DEV-to-QA-to-PROD
 sequencing. Add explicit promotion dependencies or separate workflows when successful lower-environment deployment must gate the next environment.
@@ -267,6 +321,12 @@ sequencing. Add explicit promotion dependencies or separate workflows when succe
 - The workflow does not pass secrets through command text.
 - GitHub Actions are pinned to immutable commit SHAs.
 - The publisher archive is pinned to a release and verified by SHA-256.
+- Selection validation runs before Azure login, but it does not validate endpoint reachability, backend credentials, APIM existence, RBAC, policy references,
+  circuit-breaker behavior, or the publisher's Azure-side result.
+- The uploaded audit manifest contains absolute runner paths and a configuration hash. Review that evidence and its retention policy before using a
+  self-hosted runner or a sensitive repository layout.
+- The workflow executes the checked-out PowerShell script. Protect the release branch and require review for changes to scripts, workflows, configurations,
+  and canonical artifacts.
 
 This POC does not delete backend resources that already exist in APIM. A full APIOps publication processes artifacts visible in the staged tree; absence from
 that tree is not a deletion declaration. Treat backend retirement as a separate, reviewed cleanup operation.
@@ -277,6 +337,8 @@ Before using this pattern with real inference backends:
 
 - [ ] Replace all `.example.net` URLs with validated target endpoints.
 - [ ] Replace fictitious APIM service and resource group names.
+- [ ] Add backend authentication through managed identity or another reviewed mechanism; do not commit credentials.
+- [ ] Add and test circuit-breaker rules before relying on pool priorities for failover.
 - [ ] Create one configuration per independently routed APIM instance and map it to the correct workflow target.
 - [ ] Classify every production backend by region and assign local, peer-region, and tertiary priorities.
 - [ ] Preserve stable pool IDs across environments and provide complete target-specific service arrays.
@@ -284,6 +346,8 @@ Before using this pattern with real inference backends:
 - [ ] Validate literal policy backend references for dependency closure.
 - [ ] Review the generated selection manifest before publisher execution.
 - [ ] Define a separate process for deliberate backend deletion from APIM.
+- [ ] Read back the published backends and complete pool arrays from APIM and compare them with the intended configuration.
+- [ ] Exercise endpoint authentication, `429`, `Retry-After`, circuit trip, recovery, and regional routing in a non-production environment.
 - [ ] Test the adopted workflow in a non-production APIM instance.
 
 This POC validates selected backend-pool members directly. The more complete parent implementation in
@@ -292,6 +356,9 @@ adopting the POC with real API policy artifacts.
 
 ## Related APIOps Discussions
 
+- [APIOps v7.0.3 release](https://github.com/Azure/apiops/releases/tag/v7.0.3) is the publisher version pinned by the workflow template.
+- [Azure API Management backends](https://learn.microsoft.com/azure/api-management/backends) defines priority, weight, pool, and circuit-breaker behavior.
+
 - [Issue #789: selectively publish APIs across different APIM environments](https://github.com/Azure/apiops/issues/789) closely matches the canonical-superset
   and temporary-filtered-copy pattern demonstrated here.
 - [Issue #659: configuration file behavior](https://github.com/Azure/apiops/issues/659) explains that publisher configuration overrides properties but does not
diff --git a/samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1 b/samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1
index 2b913b52..bceb218e 100644
--- a/samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1
+++ b/samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1
@@ -213,6 +213,7 @@ function Get-ConfiguredBackendSelection {
     $foundBackendsSection = $false
     $names = [System.Collections.Generic.List[string]]::new()
     $nameSet = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
+    $nameLineNumbers = [ordered]@{}
     $poolMembers = [System.Collections.Generic.Dictionary[string, System.Collections.Generic.List[string]]]::new([System.StringComparer]::Ordinal)
     $configuredPools = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal)
     $currentBackendName = $null
@@ -244,6 +245,7 @@ function Get-ConfiguredBackendSelection {
                     -Resolution 'Keep one direct backends entry for each backend ID.'
             }
             $names.Add($backendName)
+            $nameLineNumbers[$backendName] = $lineNumber
             $poolMembers.Add($backendName, [System.Collections.Generic.List[string]]::new())
             $currentBackendName = $backendName
             continue
@@ -310,6 +312,7 @@ function Get-ConfiguredBackendSelection {
     return [pscustomobject]@{
         Names = $names.ToArray()
         NameSet = $nameSet
+        NameLineNumbers = $nameLineNumbers
         PoolMembers = $poolMembers
         ConfiguredPools = $configuredPools
     }
@@ -319,6 +322,7 @@ function Get-CanonicalBackendInventory {
     param(
         [string] $SourcePath,
         [string[]] $SelectedNames,
+        [System.Collections.IDictionary] $SelectedNameLineNumbers,
         [string] $ConfigurationFullPath
     )
 
@@ -341,20 +345,33 @@ function Get-CanonicalBackendInventory {
     $missingNames = @($SelectedNames | Where-Object { -not $availableSet.Contains($_) } | Sort-Object)
     if ($missingNames.Count -gt 0) {
         $expectedPaths = @($missingNames | ForEach-Object { Join-Path (Join-Path $backendsPath $_) 'backendInformation.json' })
+        $resolvedCount = $SelectedNames.Count - $missingNames.Count
+        $mismatchSummary = "Mismatch: configuration selects $($SelectedNames.Count) backend IDs; canonical artifacts resolve $resolvedCount " +
+            "and cannot resolve $($missingNames.Count)."
+        $missingDetails = @(
+            "Configuration: $ConfigurationFullPath"
+            "Canonical backend root: $backendsPath"
+            $mismatchSummary
+            'Unresolved configured backend IDs:'
+        )
+        $missingDetails += @($missingNames | ForEach-Object { "  - $_ (configuration line $($SelectedNameLineNumbers[$_]))" })
+        $missingDetails += 'Required artifact path(s) that do not exist:'
+        $missingDetails += @($expectedPaths | ForEach-Object { "  - $_" })
+        $missingDetails += "Available backend IDs ($($availableNames.Count)):"
+        $missingDetails += @($availableNames | ForEach-Object { "  - $_" })
+        $missingDetails += ('Why this fails: APIOps configuration can override an artifact-backed resource, but it cannot create a backend ' +
+            'whose artifact is absent.')
+        $missingDetails += 'Impact: preflight validation stopped before staging, Azure authentication, or APIOps publisher execution.'
+        $missingDetails += 'Correction options:'
+        $missingDetails += '  1. Intended backend: add backendInformation.json at each required path shown above.'
+        $missingDetails += '  2. Typo or stale entry: correct or remove the exact name at the reported configuration line.'
+        $missingDetails += 'Matching rule: configured names must match canonical backend directory names exactly, including case.'
         Stop-PocOperation `
             -ExitCode $script:ExitCodes.InvalidSourceArtifacts `
             -ErrorId 'POC004' `
-            -Title 'CONFIGURED BACKEND ARTIFACTS ARE MISSING' `
-            -Details @(
-                "Configuration: $ConfigurationFullPath",
-                "Canonical backend root: $backendsPath",
-                "Configured backend IDs not found ($($missingNames.Count)): $($missingNames -join ', ')",
-                "Expected artifact path(s): $($expectedPaths -join '; ')",
-                "Available backend IDs ($($availableNames.Count)): $($availableNames -join ', ')",
-                'The APIOps publisher was not started and no staging directory was created.'
-            ) `
-            -Resolution ('Restore or extract each missing backend artifact, or remove the incorrect ID from the target ' +
-                'configuration, then rerun the preparation step.')
+            -Title 'CONFIGURATION REFERENCES BACKENDS THAT DO NOT EXIST IN THE CANONICAL ARTIFACTS' `
+            -Details $missingDetails `
+            -Resolution 'Apply the appropriate correction above, then rerun the preparation step.'
     }
 
     $invalidArtifacts = [System.Collections.Generic.List[string]]::new()
@@ -547,6 +564,7 @@ function Invoke-ArtifactPreparation {
     $inventory = Get-CanonicalBackendInventory `
         -SourcePath $sourcePath `
         -SelectedNames $selectedNames `
+        -SelectedNameLineNumbers $selection.NameLineNumbers `
         -ConfigurationFullPath $configurationFullPath
     Assert-BackendPoolSelection -Selection $selection -Inventory $inventory -ConfigurationFullPath $configurationFullPath
     Write-Host "      Canonical resources: $($inventory.ConcreteNames.Count) concrete backends, $($inventory.PoolNames.Count) pool."
diff --git a/samples/inference-failover/APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1 b/samples/inference-failover/APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1
index a568447e..38e40484 100644
--- a/samples/inference-failover/APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1
+++ b/samples/inference-failover/APIOps-variable-publish/tests/test-prepare-apiops-artifacts.ps1
@@ -5,18 +5,14 @@
 Runs offline end-to-end tests for the APIOps backend filtering POC.
 
 .DESCRIPTION
-The harness copies the fictitious canonical artifacts to a temporary directory
-and invokes the preparation script in child PowerShell processes. It requires
+The harness copies the fictitious canonical artifacts to a temporary directory and invokes the preparation script in child PowerShell processes. It requires
 PowerShell 7 but no Azure access, APIOps binary, Pester module, or YAML module.
 
-The success cases verify one stable pool with DEV=10, QA=2, and two regional
-PROD targets with the same seven concrete members. Capacity checks verify that
-all simulated PTU tiers precede PAYG. The PROD checks also verify local PTU,
-peer-region PTU, local PAYG, peer-region PAYG, and tertiary PAYG priorities.
-Negative cases verify that an absent configured backend and a pool member
-omitted from the environment selection both fail before staging. The harness
-also checks that non-backend artifacts are preserved and the source copy is
-not modified by any test.
+The success cases verify one stable pool with DEV=10, QA=2, and two regional PROD targets with the same seven concrete members. For each target, the harness
+reports the artifacts selected for staging and the canonical-to-target property transformations configured for the APIOps publisher. Capacity checks verify
+that all simulated PTU tiers precede PAYG. The PROD checks also verify local PTU, peer-region PTU, local PAYG, peer-region PAYG, and tertiary PAYG priorities.
+Negative cases verify that an absent configured backend and a pool member omitted from the environment selection both fail before staging.
+The harness checks that non-backend artifacts are preserved and the source copy is not modified by any test.
 
 .PARAMETER KeepTemporaryFiles
 Retains the generated temporary directory for manual inspection.
@@ -66,20 +62,28 @@ function Get-TreeFingerprint {
     )
 }
 
-function Get-ConfiguredPoolPriorities {
+function Get-ConfiguredBackendTransformations {
     param(
         [string] $Path,
         [string] $PoolName
     )
 
-    $priorities = [ordered]@{}
+    $backendUrls = [ordered]@{}
+    $poolServices = [System.Collections.Generic.List[object]]::new()
+    $currentBackend = $null
     $insidePool = $false
-    $currentMember = $null
+    $currentPoolMember = $null
 
     foreach ($line in Get-Content -LiteralPath $Path) {
         if ($line -match '^  - name:\s*(?<name>[A-Za-z0-9._-]+)\s*$') {
-            $insidePool = $Matches.name -eq $PoolName
-            $currentMember = $null
+            $currentBackend = $Matches.name
+            $insidePool = $currentBackend -eq $PoolName
+            $currentPoolMember = $null
+            continue
+        }
+
+        if ($null -ne $currentBackend -and -not $insidePool -and $line -match '^      url:\s*(?<url>\S+)\s*$') {
+            $backendUrls[$currentBackend] = $Matches.url
             continue
         }
 
@@ -88,17 +92,101 @@ function Get-ConfiguredPoolPriorities {
         }
 
         if ($line -match '^          - id: /backends/(?<name>[A-Za-z0-9._-]+)\s*$') {
-            $currentMember = $Matches.name
+            $currentPoolMember = [pscustomobject]@{
+                Name = $Matches.name
+                Id = "/backends/$($Matches.name)"
+                Priority = $null
+                Weight = $null
+            }
             continue
         }
 
-        if ($null -ne $currentMember -and $line -match '^            priority:\s*(?<priority>\d+)\s*$') {
-            $priorities[$currentMember] = [int] $Matches.priority
-            $currentMember = $null
+        if ($null -ne $currentPoolMember -and $line -match '^            priority:\s*(?<priority>\d+)\s*$') {
+            $currentPoolMember.Priority = [int] $Matches.priority
+            continue
+        }
+
+        if ($null -ne $currentPoolMember -and $line -match '^            weight:\s*(?<weight>\d+)\s*$') {
+            $currentPoolMember.Weight = [int] $Matches.weight
+            $poolServices.Add($currentPoolMember)
+            $currentPoolMember = $null
         }
     }
 
-    return $priorities
+    return [pscustomobject]@{
+        BackendUrls = $backendUrls
+        PoolServices = $poolServices.ToArray()
+    }
+}
+
+function Write-SelectionAndTransformationReport {
+    param(
+        [string] $TargetName,
+        [pscustomobject] $Audit,
+        [pscustomobject] $Transformations,
+        [string] $CanonicalPath,
+        [string] $PoolName,
+        [object[]] $CanonicalServices
+    )
+
+    Write-Host "`n=== $TargetName Selection and Transformation Report ===" -ForegroundColor Magenta
+    Write-Host "Selected staged backend artifacts ($($Audit.selectedBackendResourceCount)):" -ForegroundColor White
+    foreach ($backendName in $Audit.selectedBackendResources) {
+        Write-Host "  + $backendName"
+    }
+
+    Write-Host "Removed canonical backend artifacts ($($Audit.removedBackendResourceCount)):" -ForegroundColor White
+    if ($Audit.removedBackendResourceCount -eq 0) {
+        Write-Host '  (none)'
+    }
+    else {
+        foreach ($backendName in $Audit.removedBackendResources) {
+            Write-Host "  - $backendName"
+        }
+    }
+
+    Write-Host 'Configured APIOps property transformations (applied by the publisher, not written into the staged JSON):' -ForegroundColor White
+    Write-Host "  Backend URL overrides ($($Transformations.BackendUrls.Count)):"
+    foreach ($urlOverride in $Transformations.BackendUrls.GetEnumerator()) {
+        $canonicalBackendPath = Join-Path $CanonicalPath "backends/$($urlOverride.Key)/backendInformation.json"
+        $canonicalUrl = (Get-Content -LiteralPath $canonicalBackendPath -Raw | ConvertFrom-Json).properties.url
+        Write-Host "    * $($urlOverride.Key): $canonicalUrl -> $($urlOverride.Value)"
+    }
+
+    $poolCountChange = "$($CanonicalServices.Count) -> $($Transformations.PoolServices.Count) members"
+    Write-Host "  Pool services override: $PoolName replaces the complete canonical array ($poolCountChange)"
+    foreach ($targetService in $Transformations.PoolServices) {
+        $canonicalService = $CanonicalServices | Where-Object { $_.id -eq $targetService.Id } | Select-Object -First 1
+        $priorityChange = "$($canonicalService.priority) -> $($targetService.Priority)"
+        $weightChange = "$($canonicalService.weight) -> $($targetService.Weight)"
+        Write-Host "    * $($targetService.Name): priority $priorityChange; weight $weightChange"
+    }
+
+    $targetMemberIds = @($Transformations.PoolServices | ForEach-Object Id)
+    $removedPoolMemberIds = @($CanonicalServices | Where-Object { $_.id -notin $targetMemberIds } | ForEach-Object id)
+    if ($removedPoolMemberIds.Count -gt 0) {
+        Write-Host "  Pool members omitted by the target configuration ($($removedPoolMemberIds.Count)):"
+        foreach ($memberId in $removedPoolMemberIds) {
+            Write-Host "    - $memberId"
+        }
+    }
+    else {
+        Write-Host '  Pool members omitted by the target configuration: (none)'
+    }
+}
+
+function Write-ExpectedFailureReport {
+    param(
+        [string] $ScenarioName,
+        [pscustomobject] $Result,
+        [string] $DestinationPath
+    )
+
+    Write-Host "`n=== $ScenarioName Expected Failure Report ===" -ForegroundColor Magenta
+    Write-Host 'Caller-visible process output (stdout and stderr merged by the harness):' -ForegroundColor White
+    Write-Host ($Result.Output.TrimEnd())
+    Write-Host "Exit code: $($Result.ExitCode)"
+    Write-Host "Staging directory exists after failure: $(Test-Path -LiteralPath $DestinationPath)"
 }
 
 function Invoke-PreparationProcess {
@@ -271,6 +359,7 @@ try {
 
     foreach ($case in $cases) {
         Write-Host "`n--- $($case.Name) selection test ---" -ForegroundColor Cyan
+        $transformations = Get-ConfiguredBackendTransformations -Path $case.Configuration -PoolName $poolName
         $destinationPath = Join-Path $temporaryRoot "staged-$($case.Name.ToLowerInvariant())"
         $auditPath = "$destinationPath.selection.json"
         $result = Invoke-PreparationProcess `
@@ -314,10 +403,20 @@ try {
             Assert-PocTest -Condition ($audit.availableConcreteBackendCount -eq 10) -Message "$($case.Name) audit records 10 canonical concrete backends."
             Assert-PocTest -Condition ($audit.availableBackendPoolCount -eq 1) -Message "$($case.Name) audit records one canonical backend pool."
             Assert-PocTest -Condition ($memberDifference.Count -eq 0) -Message "$($case.Name) audit records the exact target-specific pool composition."
+            Write-SelectionAndTransformationReport `
+                -TargetName $case.Name `
+                -Audit $audit `
+                -Transformations $transformations `
+                -CanonicalPath $canonicalPath `
+                -PoolName $poolName `
+                -CanonicalServices $canonicalServices
         }
 
         if ($null -ne $case.PSObject.Properties['ExpectedLocalPtuBackends']) {
-            $priorities = Get-ConfiguredPoolPriorities -Path $case.Configuration -PoolName $poolName
+            $priorities = [ordered]@{}
+            foreach ($service in $transformations.PoolServices) {
+                $priorities[$service.Name] = $service.Priority
+            }
             $localPtuPriorities = @($case.ExpectedLocalPtuBackends | ForEach-Object { $priorities[$_] })
             $localPaygPriorities = @($case.ExpectedLocalPaygBackends | ForEach-Object { $priorities[$_] })
             $remotePtuPriorities = @($case.ExpectedRemotePtuBackends | ForEach-Object { $priorities[$_] })
@@ -342,7 +441,10 @@ try {
         }
 
         if ($null -ne $case.PSObject.Properties['ExpectedPtuBackends']) {
-            $priorities = Get-ConfiguredPoolPriorities -Path $case.Configuration -PoolName $poolName
+            $priorities = [ordered]@{}
+            foreach ($service in $transformations.PoolServices) {
+                $priorities[$service.Name] = $service.Priority
+            }
             $ptuPriorities = @($case.ExpectedPtuBackends | ForEach-Object { $priorities[$_] })
             $paygPriorities = @($case.ExpectedPaygBackends | ForEach-Object { $priorities[$_] })
             Assert-PocTest `
@@ -365,11 +467,23 @@ try {
         -ConfigurationPath $missingBackendConfiguration `
         -AuditPath $failedAuditPath
 
+    Write-ExpectedFailureReport -ScenarioName 'Missing Configured Backend' -Result $failureResult -DestinationPath $failedDestinationPath
+
     Assert-PocTest -Condition ($failureResult.ExitCode -eq 4) -Message 'A missing configured backend exits with code 4.'
     Assert-PocTest -Condition ($failureResult.Output -match 'POC004') -Message 'The failure identifies the source-artifact error category.'
+    Assert-PocTest `
+        -Condition ($failureResult.Output -match 'selects 2 backend IDs; canonical artifacts resolve 1 and cannot resolve 1') `
+        -Message 'The failure quantifies the configuration-to-artifact mismatch.'
     Assert-PocTest -Condition ($failureResult.Output -match 'gpt-5-1-PTU-japaneast') -Message 'The failure names the missing configured backend ID.'
-    Assert-PocTest -Condition ($failureResult.Output -match 'Expected artifact path') -Message 'The failure reports the expected canonical artifact path.'
-    Assert-PocTest -Condition ($failureResult.Output -match 'publisher was not started') -Message 'The failure confirms that APIOps was not started.'
+    Assert-PocTest -Condition ($failureResult.Output -match 'configuration line 8') -Message 'The failure identifies the exact configuration line.'
+    Assert-PocTest -Condition ($failureResult.Output -match 'Required artifact path') -Message 'The failure reports the absent canonical artifact path.'
+    Assert-PocTest `
+        -Condition ($failureResult.Output -match 'cannot create a backend') `
+        -Message 'The failure explains the relevant APIOps configuration limitation.'
+    Assert-PocTest -Condition ($failureResult.Output -match 'typo or stale entry') -Message 'The failure distinguishes the two likely correction paths.'
+    Assert-PocTest `
+        -Condition ($failureResult.Output -match 'before staging.*publisher execution') `
+        -Message 'The failure states exactly where processing stopped.'
     Assert-PocTest -Condition (-not (Test-Path -LiteralPath $failedDestinationPath)) -Message 'No staging directory remains after preflight validation fails.'
 
     Write-Host "`n--- Unselected backend-pool member test ---" -ForegroundColor Cyan
diff --git a/samples/inference-failover/APIOps-variable-publish/workflow-templates/publish-apiops.yml b/samples/inference-failover/APIOps-variable-publish/workflow-templates/publish-apiops.yml
index ac57bc62..50f6a4f3 100644
--- a/samples/inference-failover/APIOps-variable-publish/workflow-templates/publish-apiops.yml
+++ b/samples/inference-failover/APIOps-variable-publish/workflow-templates/publish-apiops.yml
@@ -34,21 +34,21 @@ jobs:
           - target-name: dev-eastus2-01
             logical-environment: dev
             github-environment: apiops-dev
-            configuration-path: samples/inference-failover/POC/configurations/configuration.dev.yaml
+            configuration-path: samples/inference-failover/APIOps-variable-publish/configurations/configuration.dev.yaml
             resource-group-name: rg-apim-dev-eastus2-01
             apim-service-name: apim-dev-eastus2-01
 
           - target-name: qa-eastus2-01
             logical-environment: qa
             github-environment: apiops-qa
-            configuration-path: samples/inference-failover/POC/configurations/configuration.qa.yaml
+            configuration-path: samples/inference-failover/APIOps-variable-publish/configurations/configuration.qa.yaml
             resource-group-name: rg-apim-qa-eastus2-01
             apim-service-name: apim-qa-eastus2-01
 
           - target-name: prod-eastus2-01
             logical-environment: prod
             github-environment: apiops-prod
-            configuration-path: samples/inference-failover/POC/configurations/configuration.prod-eastus2.yaml
+            configuration-path: samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-eastus2.yaml
             resource-group-name: rg-apim-prod-eastus2-01
             apim-service-name: apim-prod-eastus2-01
 
@@ -56,7 +56,7 @@ jobs:
           - target-name: prod-westus3-01
             logical-environment: prod
             github-environment: apiops-prod
-            configuration-path: samples/inference-failover/POC/configurations/configuration.prod-westus3.yaml
+            configuration-path: samples/inference-failover/APIOps-variable-publish/configurations/configuration.prod-westus3.yaml
             resource-group-name: rg-apim-prod-westus3-01
             apim-service-name: apim-prod-westus3-01
 
@@ -69,7 +69,7 @@ jobs:
       github-environment: ${{ matrix.github-environment }}
       target-name: ${{ matrix.target-name }}
 
-      source-artifacts-path: samples/inference-failover/POC/artifacts
+      source-artifacts-path: samples/inference-failover/APIOps-variable-publish/artifacts
       configuration-path: ${{ matrix.configuration-path }}
 
       resource-group-name: ${{ matrix.resource-group-name }}
diff --git a/samples/inference-failover/APIOps-variable-publish/workflow-templates/run-publisher-with-backend-selection.yml b/samples/inference-failover/APIOps-variable-publish/workflow-templates/run-publisher-with-backend-selection.yml
index b3b7080b..357ce689 100644
--- a/samples/inference-failover/APIOps-variable-publish/workflow-templates/run-publisher-with-backend-selection.yml
+++ b/samples/inference-failover/APIOps-variable-publish/workflow-templates/run-publisher-with-backend-selection.yml
@@ -102,7 +102,7 @@ jobs:
           AUDIT_MANIFEST_PATH: ${{ runner.temp }}/apiops-${{ inputs.target-name }}.selection.json
 
         run: |
-          & ./samples/inference-failover/POC/scripts/prepare-apiops-artifacts.ps1 `
+          & ./samples/inference-failover/APIOps-variable-publish/scripts/prepare-apiops-artifacts.ps1 `
             -SourceArtifactsPath $env:SOURCE_ARTIFACTS_PATH `
             -DestinationArtifactsPath $env:STAGED_ARTIFACTS_PATH `
             -ConfigurationPath $env:CONFIGURATION_PATH `