- Add rate-limit middleware tests (6 cases: under/over limit, window reset,
per-user isolation, per-limiter isolation, error payload shape)
- Document messages[] trust boundary in aiSummarize schema — caller can
claim any assistant role, acceptable for single-shot, requires
server-side state when a follow-up UI is built
- Extend secret redaction to JSON-shape ("key":"value") and HTTP-header
shape (X-Api-Key: value) + tests
- Add supportsTraceContext gate tests — pattern subject and event
subjects without a traceId must never enable the span fetch
- Dedupe coerce-attribute helpers into formatHelpers.ts; used by both
subject formatters and traceContext
- Simplify TraceAttributeValue to `unknown` (the other union members were
absorbed anyway)
- Comment why abort-reset uses queueMicrotask instead of setTimeout(0)
(jest.useFakeTimers would otherwise freeze the reset)
useEventsAroundFocus runs getConfig in a useMemo even when
enabled=false. When the real trace source hasn't loaded yet,
passing undefined crashes on source.kind access. Provide a
minimal stub TTraceSource so the useMemo produces a harmless
no-op config without throwing.
- Make trace span fetch lazy (only when user clicks Summarize)
- Filter __hdx_ internal keys from pattern sample attributes
- Add bounds clamp to percentile calculation
- Cap trace context output at 4KB to stay within content limits
- Fix stale test assertions for rewritten prompts
- Remove stale comment in AISummaryPanel
- Enrich trace summaries with full trace context (span groups with
count/sum/p50 durations, error spans with details)
- Add tone/style picker (noir, attenborough, shakespeare) gated behind
?smart=true — persisted in localStorage, auto-regenerates on change
- Render AI output as markdown with highlighted key details
- Improve prompts: terse for healthy events, focused for errors
- Enrich pattern summaries with sample attributes
- Add env-local-preload.js so .env.development.local overrides work
- Fix react-markdown ESM mock for Jest
SampleLog requires __hdx_timestamp alongside __hdx_pattern_field.
Added the missing field and used proper Pattern typing throughout.
Co-authored-by: Alex Fedotyev <alex-fedotyev@users.noreply.github.com>
The Pattern type requires an 'id' field. Added it to all test
fixtures to fix the CI TypeScript check.
Co-authored-by: Alex Fedotyev <alex-fedotyev@users.noreply.github.com>
- Export formatEventContent/formatPatternContent for testability
- Always show 'Don't show' link (both real AI and easter egg modes)
- Real AI: visible always (not gated by easter egg dates)
- Easter egg: still uses dismissEasterEgg() for localStorage persistence
- AISummaryPanel: show 'Don't show' link in collapsed state for easy
dismissal, remove April Fools popover in real AI mode
Tests (42 new):
- formatEventContent: 9 tests covering all field extraction paths
- formatPatternContent: 3 tests for pattern/samples formatting
- AISummarizeButton: 10 tests (real AI, fake AI, dismiss, error, toggle)
- AISummarizePatternButton: 5 tests (visibility, AI/fallback, dismiss)
- AISummaryPanel: 8 tests (dismiss, error, theme label, real vs fake)
- POST /ai/summarize: 7 tests (validation, prompts, error handling)
Co-authored-by: Alex Fedotyev <alex-fedotyev@users.noreply.github.com>
- Add POST /ai/summarize endpoint that uses the configured LLM to generate
concise, actionable summaries for individual events and patterns
- Add useAISummarize hook in the frontend to call the new endpoint
- Update AISummarizeButton and AISummarizePatternButton to use real AI
when aiAssistantEnabled is true, falling back to the Easter egg themes
when no AI provider is configured
- Update AISummaryPanel to support both real AI and Easter egg display
modes (no info popover / dismiss for real AI, no italic theme label)
HDX-3992
Co-authored-by: Alex Fedotyev <alex-fedotyev@users.noreply.github.com>
## Summary
Fixes the release workflow bug where the `cli-v*` git tag and GitHub Release are created successfully, but `@hyperdx/cli` never reaches npm.
### Root cause
The `check_changesets` job in `.github/workflows/release.yml` runs only `yarn install` before calling `changesets/action@v1` with `publish: yarn release`. When changesets attempts to publish `@hyperdx/cli`, the package's `prepublishOnly` hook runs `yarn build` (tsup). tsup bundles all `@hyperdx/common-utils/dist/*` imports, but because `common-utils` was never built in this job, esbuild fails with 14 "Could not resolve" errors and aborts the CLI publish. The release logs for `cli-v0.3.0` confirm this:
```
🦋 info Publishing "@hyperdx/cli" at "0.3.0"
🦋 error an error occurred while publishing @hyperdx/cli: 1 command failed
🦋 error sh -c yarn build
🦋 error ✘ [ERROR] Could not resolve "@hyperdx/common-utils/dist/clickhouse"
(... 14 similar errors ...)
🦋 error packages failed to publish:
🦋 @hyperdx/cli@0.3.0
```
The rest of the release jobs (GitHub Release, Docker images, downstream notifications) proceeded because the changesets step has `continue-on-error: true`.
### Fix
Add a `Build common-utils` step (`make ci-build`, which runs `@hyperdx/common-utils:ci:build` via Nx) between `yarn install` and the changesets action. This populates `packages/common-utils/dist/`, so `@hyperdx/cli`'s `prepublishOnly` build can resolve its dist paths.
### Follow-up
`@hyperdx/cli@0.3.0` was never published to npm (`npm view @hyperdx/cli versions` shows only up to `0.2.0`). Because changesets calls `npm info` on each run and retries publishing any local version that isn't yet on npm, the next push to `main` with this fix will publish `0.3.0` automatically — no version bump needed.
### How to test locally
```bash
# From a clean workspace (no common-utils/dist yet)
rm -rf packages/common-utils/dist
cd packages/cli && yarn build
# => fails with "Could not resolve '@hyperdx/common-utils/dist/*'" (reproduces bug)
# With the fix applied:
cd ../..
make ci-build # builds common-utils
cd packages/cli
yarn build # succeeds, produces dist/cli.js
```
### References
- Failing release run: https://github.com/hyperdxio/hyperdx/actions/runs/24652970126
- Published release (CLI binaries only, npm skipped): https://github.com/hyperdxio/hyperdx/releases/tag/cli-v0.3.0
<div><a href="https://cursor.com/agents/bc-43427d62-7a6b-4d6a-b42e-74db8dc0d2b9"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a href="https://cursor.com/background-agent?bcId=bc-43427d62-7a6b-4d6a-b42e-74db8dc0d2b9"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div>
Co-authored-by: Cursor Agent <199161495+cursoragent@users.noreply.github.com>
## Summary
This PR updates the recent alert runner error persistence + display (#2132) to hardcode webhook and unknown-type errors. The raw error messages could contain potentially sensitive information, so we won't persist them or show them in the UI.
<img width="664" height="183" alt="Screenshot 2026-04-20 at 7 13 57 AM" src="https://github.com/user-attachments/assets/0f4f600b-2cdd-47e5-ba72-cec4dbc40423" />
### How to test locally or on Vercel
This can be tested locally by running an alert with an invalid webhook destination.
## Summary
This PR adds BETWEEN and NOT BETWEEN alert threshold types.
### Screenshots or video
<img width="2064" height="678" alt="Screenshot 2026-04-16 at 2 44 10 PM" src="https://github.com/user-attachments/assets/ac74ae00-65f8-44f8-80fb-689157d9adff" />
<img width="2062" height="673" alt="Screenshot 2026-04-16 at 2 44 17 PM" src="https://github.com/user-attachments/assets/9853d3a4-90a0-464b-97b2-1ff659e15688" />
### How to test locally or on Vercel
This must be tested locally, since alerts are not supported in the preview environment.
To see the notification content, run an echo server locally and create a webhook that targets it (http://localhost:3000):
```bash
npx http-echo-server
```
### References
- Linear Issue: Closes HDX-3988
- Related PRs:
## Summary
Introduces a "Shared Filters" feature (in addition to locally pinned items in HyperDX.
Especially helpful for teams with lots of filters and team members, allows users to highlight the top filters easily for all members.
This has been one of the most requested features we have received from enterprise customers. \
> **Note:** - currently any user on a team can modify shared filters - we may want/need to introduce role limits to this, but that is oos
### Screenshots or video
https://github.com/user-attachments/assets/9613d37c-d8d6-4aeb-9e47-1ad25532a862
### How to test locally or on Vercel
1. Start the dev server (`yarn dev`)
2. Navigate to the Search page
3. Pin a filter field using the 📌 icon on any filter group header —you should be asked to pin (existing) or add to shared filters.
4. Share a specific value by hovering over a filter checkbox row and clicking the pin icon — it should also appear in Shared Filters
5. Reload the page — pins should persist (MongoDB-backed)
6. Open a second browser/incognito window with the same team — pins should be visible there too
7. Click the ⚙ gear icon next to "Filters" — toggle "Show Shared Filters" off/on
8. Click "Reset Shared Filters" in the gear popover to clear all team pins
### References
- Linear Issue: https://linear.app/clickhouse/issue/HDX-2300/sailpoint-neara-global-filter-pinning
- Related PRs: Previous WIP branch `brandon/shared-filters-ui` (superseded by this implementation)
## Summary
This PR adds new types of alert thresholds: >, <=, =, and !=.
### Screenshots or video
https://github.com/user-attachments/assets/159bffc4-87e5-41af-b59b-51d4bc88d6ed
### How to test locally or on Vercel
This must be tested locally, since alerts are not supported in the preview environment.
To see the notification content, run an echo server locally and create a webhook that targets it (http://localhost:3000):
```bash
npx http-echo-server
```
### References
- Linear Issue: Closes HDX-3988
- Related PRs:
## Summary
- Refactor for readability + add tests
- Allow small agent-branch PRs to reach Tier 2 (< 50 prod lines, ≤ 3 files)
- Add cross-layer detection to keep multi-package changes at Tier 3+
- Raise Tier 2 ceiling from 100 → 150 production lines
- Exclude test and changeset files from line counts used for tier decisions
- Extract pure classification logic into .github/scripts/ for testability
- Gate classify job on tests passing in pr-triage.yml
- Only CI changes to main.yaml and release.yaml are tier 4
- Test changes in critical paths don't count toward tiering decisions
## Summary
This PR updates the alert editor forms with
1. A history of alert states
2. An option to Ack/Silence an alert that is firing
The components and much of the new GET /alert/:id endpoint are shared with the existing alert page functionality.
### Screenshots or video
<img width="799" height="838" alt="Screenshot 2026-04-15 at 10 26 23 AM" src="https://github.com/user-attachments/assets/d1cfc3da-efbf-41a3-83b8-27a2f9e3b760" />
<img width="2107" height="700" alt="Screenshot 2026-04-15 at 10 26 43 AM" src="https://github.com/user-attachments/assets/6884b876-da98-40de-98f7-1f2854def83b" />
### How to test locally or on Vercel
This must be tested locally, since alerts are not supported in the preview environment.
### References
- Linear Issue: Closes HDX-3989
- Related PRs:
## Summary
Currently it's hard to debug integration tests because of all the extra logging/warnings/open handler issues (wasn't sure if I introduced an open handler or was existing). This fixes that.
- Bump Jest from v28 to v30 in api and common-utils packages, syncing with app's existing setup
- Replace legacy `preset: 'ts-jest'` with modern `createJsWithTsPreset()` spread pattern across all packages
- Fix open handles that required `--forceExit` and `--detectOpenHandles` workarounds
- Suppress noisy console and logger output during test runs via targeted mocks
## Changes
### Jest/ts-jest upgrade
- Bump `jest` 28 → 30, `@types/jest` 28 → 29 in api and common-utils
- Adopt `createJsWithTsPreset()` config pattern (matching app)
- Add `isolatedModules: true` to common-utils tsconfig to fix ts-jest warning with Node16 module kind
- Update snapshot files and inline snapshots for Jest 30 format changes
- Replace removed `toThrowError()` with `toThrow()`
- Fix team.test.ts inline snapshot that depended on dynamic Mongo ObjectIds
### Open handle fixes
- Add `close()` method to `BaseClickhouseClient` in common-utils
- Call `mongoose.disconnect()` in `closeDB()` (api fixtures)
- Add `closeTestFixtureClickHouseClient()` and call it in `MockServer.stop()`
- Fix common-utils integration tests to close both `hdxClient` and raw `client` in `afterAll`
- Disable `usageStats()` interval in CI to prevent leaked timers
- Remove `--forceExit` from common-utils CI/dev scripts and api dev script
- Remove `--detectOpenHandles` from all dev scripts
### Log noise suppression
- Use `jest.spyOn` for console methods instead of global console object override
- Add per-file `console.warn`/`console.error` suppression in test files that exercise error paths
- Mock pino logger module in api jest.setup.ts to suppress expected operational logs (validation errors, MCP tool errors, etc.)
- Use pino logger instead of `console.error` in Express error handler (`middleware/error.ts`)
- Add console suppression to app setupTests.tsx
## Testing
- `make ci-lint` — passes
- `make ci-unit` — 2177 tests pass, zero console noise
- `make ci-int` — 642 tests pass (606 api + 36 common-utils), zero log noise
## Summary
Update `packages/otel-collector/builder-config.yaml` to include commonly-used components from the upstream [opentelemetry-collector](https://github.com/open-telemetry/opentelemetry-collector) core and [opentelemetry-collector-contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib) distributions. This gives users more flexibility in their custom OTel configs without pulling in the entire contrib distribution (which causes very long compile times).
Also adds Go module and build cache mounts to the OCB Docker build stage for faster rebuilds, and bumps CI timeouts for integration and smoke test jobs to account for the larger binary.
### Core extensions added (2)
- `memorylimiterextension` — memory-based limiting at the extension level
- `zpagesextension` — zPages debugging endpoints
### Contrib receivers added (4)
- `dockerstatsreceiver` — container metrics from Docker
- `filelogreceiver` — tail log files
- `k8sclusterreceiver` — Kubernetes cluster-level metrics
- `kubeletstatsreceiver` — node/pod/container metrics from kubelet
### Contrib processors added (12)
- `attributesprocessor` — insert/update/delete/hash attributes
- `cumulativetodeltaprocessor` — convert cumulative metrics to delta
- `filterprocessor` — drop unwanted telemetry
- `groupbyattrsprocessor` — reassign resource attributes
- `k8sattributesprocessor` — enrich telemetry with k8s metadata
- `logdedupprocessor` — deduplicate repeated log entries
- `metricstransformprocessor` — rename/aggregate/transform metrics
- `probabilisticsamplerprocessor` — percentage-based sampling
- `redactionprocessor` — mask/remove sensitive data
- `resourceprocessor` — modify resource attributes
- `spanprocessor` — rename spans, extract attributes
- `tailsamplingprocessor` — sample traces based on policies
### Contrib extensions added (1)
- `filestorage` — persistent file-based storage (used by clickhouse exporter sending queue in EE OpAMP controller)
### Other changes
- **Docker cache mounts**: Added `--mount=type=cache` for Go module and build caches in the OCB builder stage of both `docker/otel-collector/Dockerfile` and `docker/hyperdx/Dockerfile`
- **CI timeouts**: Bumped `integration` and `otel-smoke-test` jobs from 8 to 16 minutes in `.github/workflows/main.yml`
All existing HyperDX-specific components are preserved unchanged.
### How to test locally or on Vercel
1. Build the OTel Collector Docker image — verify OCB resolves all listed modules
2. Provide a custom OTel config that uses one of the newly-added components and verify it loads
3. Verify existing HyperDX OTel pipeline still functions
### References
- Linear Issue: https://linear.app/clickhouse/issue/HDX-4029
- Upstream core builder-config: https://github.com/open-telemetry/opentelemetry-collector/blob/main/cmd/otelcorecol/builder-config.yaml
- Upstream contrib builder-config: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/cmd/otelcontribcol/builder-config.yaml
## Summary
Deprecate the upstream-deprecated `--feature-gates=clickhouse.json` CLI flag in favor of the per-exporter `json: true` config option, as recommended by the OpenTelemetry ClickHouse exporter v0.149.0.
This introduces a new env var `HYPERDX_OTEL_EXPORTER_CLICKHOUSE_JSON_ENABLE` that controls JSON mode at the exporter config level. The old `OTEL_AGENT_FEATURE_GATE_ARG` env var remains backward-compatible — when it contains `clickhouse.json`, the entrypoint strips that gate, maps it to the new env var, and prints a deprecation warning. Other feature gates are preserved and passed through to the collector.
**Key changes:**
- **`docker/otel-collector/entrypoint.sh`** — Detects `clickhouse.json` in `OTEL_AGENT_FEATURE_GATE_ARG`, strips it, sets `HYPERDX_OTEL_EXPORTER_CLICKHOUSE_JSON_ENABLE=true`, and prints a deprecation warning. Remaining feature gates are still passed through to the collector in both standalone and supervisor modes.
- **`docker/otel-collector/config.standalone.yaml`** — Added `json: ${env:HYPERDX_OTEL_EXPORTER_CLICKHOUSE_JSON_ENABLE:-false}` to both ClickHouse exporter configs
- **`packages/api/src/opamp/controllers/opampController.ts`** — Added `json` field to the `CollectorConfig` type and both ClickHouse exporter configs for OpAMP-managed collectors
- **`docker/otel-collector/supervisor_docker.yaml.tmpl`** — Feature gate pass-through preserved for non-`clickhouse.json` gates (entrypoint strips the deprecated gate before supervisor template renders)
- **`smoke-tests/otel-collector/`** — Added a JSON-enabled otel-collector service and smoke tests verifying:
- `ResourceAttributes` and `LogAttributes` columns in `otel_logs` are `JSON` type (not `Map`)
- Log data with various attribute types (string, int, boolean) is inserted and queryable via JSON path access
### How to test locally or on Vercel
1. Run `yarn dev` to start the dev stack
2. Verify the `otel-collector-json` container starts without errors (the `clickhouse.json` feature gate is stripped, not passed to the collector)
3. Check container logs for the deprecation warning when `OTEL_AGENT_FEATURE_GATE_ARG` contains `clickhouse.json`
4. Verify the non-JSON `otel-collector` service continues to work normally (json defaults to false)
5. Run smoke tests: `cd smoke-tests/otel-collector && bats json-exporter.bats`
### References
- Linear Issue: https://linear.app/hyperdx/issue/HDX-3994
- Upstream deprecation: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/exporter/clickhouseexporter#experimental-json-support
## Summary
Allow manually constructed /trace URLs to land in the existing search experience with the trace viewer opened from URL state. This keeps trace deep links user-friendly while reusing the search page for source selection, not-found handling, and trace inspection.
### Screenshots or video
https://uploads.linear.app/158526bc-703f-4ea7-a6ff-9dbc61b77628/340aba1f-eab7-45dd-a1f6-216199e96d98/1c0193fa-ebc2-4238-aeb1-7166592483f9
### How to test locally or on Vercel
1. Click a log entry, view the traces tab
2. Copy the trace ID
3. Visit `/trace/:trace_id`: redirects to search with traces search open in the background
4. Select a source
5. Trace visible in a direct access.
### References
Fixes HDX-3961
## Summary
This PR extends alerting support to Raw SQL Number charts.
Number charts
1. Do not use the interval parameter, and thus return one value for the entirety of the alert time range.
2. Are assumed to not be using a group-by (the value of the chart is taken from the first result row only).
### Screenshots or video
<img width="1383" height="1071" alt="Screenshot 2026-04-14 at 12 54 18 PM" src="https://github.com/user-attachments/assets/e74c3ad8-c95a-4668-8332-86f66f7543ba" />
### How to test locally or on Vercel
To test locally, create a raw-sql based number chart, create an alert on it, and view the alert logs for the output.
You can also run the following to run a "webhook" destination that echos what it receives, for testing notification content:
```bash
npx http-echo-server
```
### References
- Linear Issue: Closes HDX-3987
- Related PRs:
## Summary
Fixes an operator-precedence bug in the "Copy entire row as JSON" button on the Search page. The `typeof value === 'string'` guard only applied to `value.startsWith('{')` but not `value.startsWith('[')`, so when a row contained a non-string value (number, boolean, etc.) the second `startsWith` call threw:
```
TypeError: s.startsWith is not a function
```
The fix moves the `typeof` check to guard both `startsWith` calls:
```diff
- (typeof value === 'string' && value.startsWith('{')) ||
- value.startsWith('[')
+ typeof value === 'string' &&
+ (value.startsWith('{') || value.startsWith('['))
```
### How to test locally or on Vercel
1. Open any Search page with results containing non-string column values (e.g. numeric or boolean fields).
2. Hover over a row and click the "Copy entire row as JSON" button (copy icon).
3. Verify the row is copied as valid JSON to the clipboard without a console error.
### References
- Related issue: HDX-4023
<div><a href="https://cursor.com/agents/bc-7aa1e5f4-ced5-4ee0-9585-4f473c5fca69"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a href="https://cursor.com/background-agent?bcId=bc-7aa1e5f4-ced5-4ee0-9585-4f473c5fca69"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div>
Co-authored-by: Cursor Agent <199161495+cursoragent@users.noreply.github.com>
## Summary
This PR fixes a bug causing the $__filters macro to error when the dashboard's global SQL filter is an empty string or whitespace only.
### Screenshots or video
Before: an empty string in the SQL filter box would cause $__filters to render as `(())`
<img width="1708" height="1042" alt="Screenshot 2026-04-14 at 1 29 41 PM" src="https://github.com/user-attachments/assets/0a4068ad-eaf2-4bf7-b894-b796f642b59a" />
After: the empty SQL filter is ignored
<img width="2330" height="520" alt="Screenshot 2026-04-14 at 1 29 20 PM" src="https://github.com/user-attachments/assets/a1e83091-5522-4745-b717-f1bf51c84a80" />
### How to test locally or on Vercel
This can be tested in the preview environment
### References
- Linear Issue: Closes HDX-4017
- Related PRs:
Bumps [@hono/node-server](https://github.com/honojs/node-server) from 1.19.12 to 1.19.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/honojs/node-server/releases"><code>@hono/node-server</code>'s releases</a>.</em></p>
<blockquote>
<h2>v1.19.13</h2>
<h2>Security Fix</h2>
<p>Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (<code>//</code>) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.</p>
<p>See GHSA-92pp-h63x-v22m for details.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="fd64e659a3"><code>fd64e65</code></a> 1.19.13</li>
<li><a href="025c30f55d"><code>025c30f</code></a> Merge commit from fork</li>
<li>See full diff in <a href="https://github.com/honojs/node-server/compare/v1.19.12...v1.19.13">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
## Summary
Adds a pattern mining feature to the CLI, accessible via `Shift+P`. This mirrors the web app's Pattern Table functionality but runs entirely in TypeScript — no Pyodide/Python WASM needed.
**Linear:** https://linear.app/hyperdx/issue/HDX-3964
## What changed
### 1. Drain library in common-utils (`packages/common-utils/src/drain/`)
Ported the [browser-drain](https://github.com/DeploySentinel/browser-drain) TypeScript library into `@hyperdx/common-utils`. This is a pure TypeScript implementation of the Drain3 log template mining algorithm, including:
- `TemplateMiner` / `TemplateMinerConfig` — main API
- `Drain` — core algorithm with prefix tree and LRU cluster cache
- `LogMasker` — regex-based token masking (IPs, numbers, etc.)
- `LruCache` — custom LRU cache matching Python Drain3's eviction semantics
- 11 Jest tests ported from the original `node:test` suite
### 2. CLI pattern view (`packages/cli/src/components/EventViewer/`)
**Keybinding:** `Shift+P` toggles pattern view (pauses follow mode, restores on exit)
**Data flow (mirrors web app's `useGroupedPatterns`):**
- Issues `SELECT ... ORDER BY rand() LIMIT 100000` to randomly sample up to 100K events
- Issues parallel `SELECT count()` to get true total event count
- Feeds sampled log bodies through the TypeScript `TemplateMiner`
- Estimates pattern counts via `sampleMultiplier = totalCount / sampledRowCount`
- Computes time-bucketed trend data per pattern
**UI:**
- Pattern list with columns: Est. Count (with `~` prefix), Pattern
- `l`/`Enter` expands a pattern to show its sample events (full table columns)
- `h`/`Esc` returns to pattern list
- `j/k/G/g/Ctrl+D/Ctrl+U` navigation throughout
- Loading spinner while sampling query runs
**Alias fix:** Pattern and count queries compute `WITH` clauses from the source's `defaultTableSelectExpression` so Lucene searches using aliases (e.g. `level:error` where `level` is an alias for `SeverityText`) resolve correctly.
### New files
- `packages/common-utils/src/drain/` — 7 source files + barrel index
- `packages/common-utils/src/__tests__/drain.test.ts`
- `packages/cli/src/components/EventViewer/usePatternData.ts`
- `packages/cli/src/components/EventViewer/PatternView.tsx`
- `packages/cli/src/components/EventViewer/PatternSamplesView.tsx`
### Modified files
- `packages/cli/src/api/eventQuery.ts` — added `buildPatternSampleQuery`, `buildTotalCountQuery`, `buildAliasWithClauses`
- `packages/cli/src/components/EventViewer/EventViewer.tsx` — wired in pattern state + rendering
- `packages/cli/src/components/EventViewer/useKeybindings.ts` — added P, l, h keybindings + pattern/sample navigation
- `packages/cli/src/components/EventViewer/SubComponents.tsx` — added P to help screen
### Demo
https://github.com/user-attachments/assets/50a2edfc-8891-43ae-ab86-b96fca778c66
Bumps [hono](https://github.com/honojs/hono) from 4.12.9 to 4.12.12.
e notes</summary>
<p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p>
<blockquote>
<h2>v4.12.12</h2>
<h2>Security fixes</h2>
<p>This release includes fixes for the following security issues:</p>
<h3>Middleware bypass via repeated slashes in serveStatic</h3>
<p>Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (<code>//</code>) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c</p>
<h3>Path traversal in toSSG() allows writing files outside the output directory</h3>
<p>Affects: <code>toSSG()</code> for Static Site Generation. Fixes a path traversal issue where crafted <code>ssgParams</code> values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx</p>
<h3>Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses</h3>
<p>Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. <code>::ffff:127.0.0.1</code>) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g</p>
<h3>Missing validation of cookie name on write path in setCookie()</h3>
<p>Affects: <code>setCookie()</code>, <code>serialize()</code>, and <code>serializeSigned()</code> from <code>hono/cookie</code>. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm</p>
<h3>Non-breaking space prefix bypass in cookie name handling in getCookie()</h3>
<p>Affects: <code>getCookie()</code> from <code>hono/cookie</code>. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4</p>
<hr />
<p>Users who use Serve Static, Static Site Generation, Cookie utilities, or IP restriction middleware are strongly encouraged to upgrade to this version.</p>
<h2>v4.12.11</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(css): add classNameSlug option to createCssContext by <a href="https://github.com/flow-pie"><code>@flow-pie</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/flow-pie"><code>@flow-pie</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.10...v4.12.11">https://github.com/honojs/hono/compare/v4.12.10...v4.12.11</a></p>
<h2>v4.12.10</h2>
<h2>What's Changed</h2>
<ul>
<li>test(router): fix <code>Simple capturing group</code> test by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4838">honojs/hono#4838</a></li>
<li>docs: fix impaired -> inspired typo in benchmark READMEs by <a href="https://github.com/Abhi3975"><code>@Abhi3975</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li>
<li>fix(jsx/dom): apply select value after children are rendered by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4847">honojs/hono#4847</a></li>
<li>fix(compress): convert strong ETag to weak ETag when compressing by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4848">honojs/hono#4848</a></li>
<li>docs(ip-restriction): add clear JSDoc examples and param types by <a href="https://github.com/VISHNU7KASIREDDY"><code>@VISHNU7KASIREDDY</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Abhi3975"><code>@Abhi3975</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li>
<li><a href="https://github.com/VISHNU7KASIREDDY"><code>@VISHNU7KASIREDDY</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="c37ba26da9"><code>c37ba26</code></a> 4.12.12</li>
<li><a href="cc067c8559"><code>cc067c8</code></a> Merge commit from fork</li>
<li><a href="a586cd72e3"><code>a586cd7</code></a> Merge commit from fork</li>
<li><a href="48fa2233bc"><code>48fa223</code></a> Merge commit from fork</li>
<li><a href="b470278920"><code>b470278</code></a> Merge commit from fork</li>
<li><a href="9aff14bd72"><code>9aff14b</code></a> Merge commit from fork</li>
<li><a href="2c403c67eb"><code>2c403c6</code></a> 4.12.11</li>
<li><a href="f82aba8e8e"><code>f82aba8</code></a> feat(css): add classNameSlug option to createCssContext (<a href="https://redirect.github.com/honojs/hono/issues/4834">#4834</a>)</li>
<li><a href="9f374a55b2"><code>9f374a5</code></a> 4.12.10</li>
<li><a href="a8c56a6620"><code>a8c56a6</code></a> docs(ip-restriction): add clear JSDoc examples and param types (<a href="https://redirect.github.com/honojs/hono/issues/4851">#4851</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/honojs/hono/compare/v4.12.9...v4.12.12">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts).
</details>
## Summary
Adds an MCP (Model Context Protocol) server to the HyperDX API, enabling AI assistants (Claude, Cursor, OpenCode, etc.) to query observability data, manage dashboards, and explore data sources directly via standardized tool calls.
Key changes:
- **MCP server** (`packages/api/src/mcp/`) — Streamable HTTP transport at `/api/mcp`, authenticated via Personal API Access Key
- **Tools** — `hyperdx_list_sources`, `hyperdx_query`, `hyperdx_get_dashboard`, `hyperdx_save_dashboard`, `hyperdx_delete_dashboard`, `hyperdx_query_tile`
- **Dashboard prompts** — Detailed prompt templates that guide LLMs in generating valid, high-quality dashboards
- **Shared logic** — Refactored dashboard validation/transformation out of the external API router into reusable utils (`packages/api/src/routers/external-api/v2/utils/dashboards.ts`)
- **Documentation** — `MCP.md` with setup instructions for Claude Code, OpenCode, Cursor, MCP Inspector, and other clients
- **Tests** — Unit tests for dashboard tools, query tools, tracing, and response trimming
### Screenshots
https://github.com/user-attachments/assets/8c5aa582-c79e-47e0-8f75-e03feabdf8a6
### How to test locally
1. Start the dev stack: `yarn dev`
2. Connect an MCP client (e.g. MCP Inspector):
```bash
cd packages/api && yarn dev:mcp
```
Then configure the inspector:
- **Transport Type:** Streamable HTTP
- **URL:** `http://localhost:8080/api/mcp`
- **Header:** `Authorization: Bearer <your-personal-access-key>`
- Click **Connect**
3. Alternatively, connect via Claude Code or OpenCode:
```bash
claude mcp add --transport http hyperdx http://localhost:8080/api/mcp \
--header "Authorization: Bearer <your-personal-access-key>"
```
4. Try listing sources, querying data, or creating/updating a dashboard through the connected AI assistant.
5. Run unit tests:
```bash
cd packages/api && yarn ci:unit
```
### References
- Linear Issue: HDX-3710
## Summary
Adds an `o` keybinding to the TUI that opens the currently expanded row in the HyperDX web app browser, deep-linking directly to the same view with the side panel open.
**Linear ticket:** https://linear.app/hyperdx/issue/HDX-3978
## What changed
When a user expands a row in the TUI (via `l`/Enter) and presses `o`, the browser opens to the HyperDX web app's `/search` page with URL parameters that reproduce the exact TUI state:
| URL Parameter | Description |
|---|---|
| `source` | Active source ID |
| `where` | User's search query + `TraceId:<id>` for traces |
| `from` / `to` | Current time range |
| `rowWhere` | SQL WHERE clause identifying the specific row (double-encoded) |
| `rowSource` | Source ID for the expanded row |
| `sidePanelTab` | Maps TUI tab: `overview` → `overview`, `columns` → `parsed`, `trace` → `trace` |
| `eventRowWhere` | Pre-selects the specific span in the trace waterfall (trace tab only, double-encoded JSON) |
### Tab behavior
- **Overview tab** → Opens side panel to Overview for the specific row
- **Column Values tab** → Opens side panel to Parsed (Column Values) for the specific row
- **Trace tab** → Opens side panel to Trace with waterfall, pre-selecting the highlighted span
### Source support
- **Trace sources**: URL includes `TraceId` filter combined with the user's search query
- **Log sources with trace correlation**: Full trace waterfall deep-linking supported
- **Log sources without trace**: Opens with the user's search query and row identification (no trace filter)
## Files changed
| File | Change |
|---|---|
| `packages/cli/src/utils/openUrl.ts` | **New** — Cross-platform browser open utility |
| `packages/cli/src/api/eventQuery.ts` | `buildFullRowQuery` returns `rowWhere` alongside `ChSql` |
| `packages/cli/src/components/EventViewer/useEventData.ts` | Exposes `expandedRowWhere` state |
| `packages/cli/src/components/TraceWaterfall/types.ts` | Added `onSelectedNodeChange` callback prop |
| `packages/cli/src/components/TraceWaterfall/TraceWaterfall.tsx` | Calls `onSelectedNodeChange` when selected span changes |
| `packages/cli/src/components/EventViewer/DetailPanel.tsx` | Threads `onTraceSelectedNodeChange` to TraceWaterfall |
| `packages/cli/src/components/EventViewer/types.ts` | Added `appUrl` to `EventViewerProps` |
| `packages/cli/src/components/EventViewer/EventViewer.tsx` | Threads `appUrl`, `expandedRowWhere`, `traceSelectedNode`, `submittedQuery` |
| `packages/cli/src/components/EventViewer/utils.ts` | Added `buildBrowserUrl` (full URL builder) and `buildSpanEventRowWhere` |
| `packages/cli/src/components/EventViewer/useKeybindings.ts` | Added `o` keybinding with all new params |
| `packages/cli/src/components/EventViewer/SubComponents.tsx` | Added `o` to help screen |
| `packages/cli/src/App.tsx` | Passes `appUrl` to EventViewer |
| `packages/cli/AGENTS.md` | Added `o` to keybindings table |
## Testing
- Type check: `npx tsc --noEmit` passes
- Lint: `yarn lint:fix` — 0 errors
## Summary
Optimizes the queries powering the event details panel and trace waterfall chart in the TUI, and improves the trace waterfall UX.
Fixes HDX-3963
Linear: https://linear.app/clickhouse/issue/HDX-3963
### Query optimizations
**Full row fetch (`SELECT *`)** — Removed the 1-year `dateRange` from `buildFullRowQuery`. The WHERE clause already uniquely identifies the row, so ClickHouse can use the filter directly without scanning time partitions. Matches the web frontend's `useRowData` pattern in `DBRowDataPanel.tsx`.
**Trace waterfall queries** — Replaced raw SQL builders (`buildTraceSpansSql`/`buildTraceLogsSql`) with `renderChartConfig`-based async builders. This enables:
- Time partition pruning via a tight ±1h `dateRange` derived from the event timestamp
- Materialized field optimization
- Query parameterization
**Trace span detail fetch** — Replaced raw SQL `SELECT * FROM ... WHERE ... LIMIT 1` with `renderChartConfig` via `buildTraceRowDetailConfig`, omitting `dateRange`/`timestampValueExpression` so ClickHouse uses the WHERE clause directly.
**Shared logic** — Extracted all trace config construction into `packages/cli/src/shared/traceConfig.ts`.
### UX improvements
**Trace Event Details → dedicated page** — Previously Event Details was rendered inline below the waterfall, consuming screen space. Now:
- Waterfall view gets the full terminal height
- Press `l`/`Enter` to drill into a span's full Event Details
- Press `h`/`Esc` to return to the waterfall
- `Ctrl+D/U` scrolls the detail view using full terminal height
**Trace waterfall scrolling** — Previously the waterfall truncated at `maxRows` with no way to see remaining spans. Now `j`/`k` scrolls the viewport when the cursor reaches the edge, with a scroll position indicator showing spans above/below.
### Files changed
| File | Change |
|---|---|
| `packages/cli/src/shared/traceConfig.ts` | NEW — shared trace config builders |
| `packages/cli/src/api/eventQuery.ts` | Replace raw SQL with `renderChartConfig`; remove date range from full row fetch |
| `packages/cli/src/components/TraceWaterfall/TraceWaterfall.tsx` | Split into waterfall + detail views; add scroll support |
| `packages/cli/src/components/TraceWaterfall/useTraceData.ts` | Use async builders + parameterized queries |
| `packages/cli/src/components/TraceWaterfall/types.ts` | Add `metadata`, `eventTimestamp`, `detailExpanded` props |
| `packages/cli/src/components/EventViewer/useKeybindings.ts` | Add `l`/`h` keybindings for trace detail navigation |
| `packages/cli/src/components/EventViewer/DetailPanel.tsx` | Thread `metadata`, `eventTimestamp`, `traceDetailExpanded` |
| `packages/cli/src/components/EventViewer/EventViewer.tsx` | Add `traceDetailExpanded` state; pass new props |
## Summary
This PR implements alerting on Raw SQL-based line/bar charts.
- This is only available for line/bar charts with this change. Number charts will be added in a future PR.
- The threshold is compared to the _last_ numeric column in each result.
- The interval parameter must be used. This is required for line charts to function, and is used for zero-fill and other functionality within the alerts task. This limitation will be removed for Number chart alerts when those are implemented.
- Start and and end date should be used, but are not required because there are some potential use-cases where they may not be desirable.
### Screenshots or video
https://github.com/user-attachments/assets/e2d0cd6c-b040-4490-89af-6a51a7380647
Logs from Check-Alerts evaluating a raw-sql alert
<img width="1241" height="908" alt="Screenshot 2026-04-09 at 3 01 14 PM" src="https://github.com/user-attachments/assets/dbed4e5f-bf27-4179-b8e0-897cc19f3d3a" />
### How to test locally or on Vercel
This must be tested locally, as alerts are not enabled in the preview environment.
<details>
<summary>Query for the "anomaly detection" example</summary>
```sql
WITH buckets AS (
SELECT
$__timeInterval(Timestamp) AS ts,
count() AS bucket_count
FROM $__sourceTable
WHERE TimestampTime >= fromUnixTimestamp64Milli({startDateMilliseconds:Int64}) - toIntervalSecond($__interval_s * 30) -- Fetch 30 intervals back
AND TimestampTime < fromUnixTimestamp64Milli({endDateMilliseconds:Int64})
AND SeverityText = 'error'
GROUP BY ts
ORDER BY ts
WITH FILL STEP toIntervalSecond($__interval_s)
),
anomaly_detection as (
SELECT
ts,
bucket_count,
avg(bucket_count) OVER (ORDER BY ts ROWS BETWEEN 30 PRECEDING AND 1 PRECEDING) as previous_30_avg, -- avg of previous 30 intervals
stddevPop(bucket_count) OVER (ORDER BY ts ROWS BETWEEN 30 PRECEDING AND 1 PRECEDING) as previous_30_stddev, -- standard deviation of previous 30 intervals
greatest(bucket_count - (previous_30_avg + 2 * previous_30_stddev), 0) as excess_over_2std -- compare bucket to avg + 2 stddev. clamp at 0.
FROM buckets
)
SELECT ts, excess_over_2std
FROM anomaly_detection
WHERE ts >= fromUnixTimestamp64Milli({startDateMilliseconds:Int64}) AND ts < fromUnixTimestamp64Milli({endDateMilliseconds:Int64})
```
</details>
### References
- Linear Issue: HDX-1605
- Related PRs:
## Summary
Upgrade all `@mantine/*` packages from v7.17.8 to v9.0.0 (skipping the v8 intermediate step since the breaking changes were manageable in a single pass). This improves React 19 compatibility and keeps the UI library current.
### Breaking changes resolved
**v7 → v8 changes:**
- `DateTimePicker`/`DateInput` `onChange` now returns a date string instead of a `Date` object — updated handlers in `AlertScheduleFields.tsx` and `SourceForm.tsx`
- Updated `postcss-preset-mantine` to ^1.18.0
**v8 → v9 changes:**
- `Collapse`: renamed `in` prop to `expanded` (11 instances across 10 files)
- `Grid`: removed deprecated `overflow="hidden"` prop (5 instances, 3 files) — v9 uses native CSS `gap` instead of negative margins
- `Text`/`Anchor`: renamed `color` prop to `c` style prop (7 instances, 5 files)
- `SourceSchemaPreview`: replaced removed `TextProps` `color` key with `React.CSSProperties`
- Theme: set `defaultRadius: 'sm'` in both theme configs to preserve existing visual appearance (v9 changed default from `sm` to `md`)
- Updated test for Collapse visibility behavior change in jsdom
### Not affected (verified)
- No `@mantine/carousel` or `@mantine/tiptap` usage — embla and Tiptap migrations not needed
- No `TypographyStylesProvider`, `Spoiler`, `positionDependencies`, `useFullscreen`, `useMouse`, `useMutationObserver`, or `zodResolver` from `@mantine/form` usage
- All `useLocalStorage` calls from `@mantine/hooks` already provide `defaultValue`
- `react-hook-form-mantine` has a peer dep mismatch (expects `@mantine/core ^7.0.0`) but its thin wrappers are compatible at runtime
### How to test locally or on Vercel
1. Start the dev stack with `yarn dev`
2. Navigate through key pages: search, dashboards, alerts, services dashboard, Kubernetes pages
3. Verify Collapse animations work correctly (alert details, nav sub-menus, advanced settings)
4. Verify Grid layouts render properly on services dashboard side panels
5. Verify no visual regressions in border-radius, spacing, or color across components
### References
- Linear Issue: https://linear.app/clickhouse/issue/HDX-3981/upgrade-mantine-v7-v9
- [Mantine v9 Changelog](https://mantine.dev/changelog/9-0-0/)
- [7.x → 8.x Migration Guide](https://mantine.dev/guides/7x-to-8x/)
- [8.x → 9.x Migration Guide](https://mantine.dev/guides/8x-to-9x/)
## Summary
Migrates the CLI from using API URLs (`-s, --server`) to app URLs (`-a, --app-url`), and adds interactive login prompts on expired/missing sessions.
Linear: https://linear.app/clickhouse/issue/HDX-3976
---
## Breaking Change
**The `-s` / `--server` flag has been removed.** All commands (except `upload-sourcemaps`) now use `-a` / `--app-url` instead.
The URL semantics have changed: users should now provide the **HyperDX app URL** (e.g. `http://localhost:8080`), not the API URL. The CLI derives the API URL internally by appending `/api`.
| Before | After |
|---|---|
| `hdx auth login -s http://localhost:8080/api` | `hdx auth login -a http://localhost:8080` |
| `hdx tui -s http://localhost:8080/api` | `hdx tui -a http://localhost:8080` |
| `hdx sources -s http://localhost:8080/api` | `hdx sources -a http://localhost:8080` |
> **Note:** `upload-sourcemaps` is unchanged — it still uses `--apiUrl` / `-u` as before.
**Existing saved sessions are auto-migrated** — old `session.json` files with `apiUrl` are converted to `appUrl` on first load.
---
## Changes
### `apiUrl` → `appUrl` migration
- `ApiClient` now accepts `appUrl` and derives `apiUrl` by appending `/api`
- `SessionConfig` stores `appUrl`; legacy sessions with `apiUrl` auto-migrate on load
- All commands use `-a, --app-url` instead of `-s, --server`
### Interactive login flow (HDX-3976)
- `hdx auth login` no longer requires `-a` — it prompts interactively for login method, app URL, then credentials
- Login method selector is extensible (currently Email/Password, designed for future OAuth support)
- **Expired sessions now prompt for re-login** instead of printing an error and exiting
- The app URL field is autofilled with the last used value so users can just hit Enter
- No longer requires manual deletion of `~/.config/hyperdx/cli/session.json` to recover from expired sessions
- Non-TUI commands (`sources`, `dashboards`, `query`) also launch interactive login on expired/missing sessions via `ensureSession()` helper
### TUI (`App.tsx`)
- Detects expired session on mount and shows "Session expired" message with editable URL field
- If the user changes the URL during re-login, the client is recreated
- 401/403 errors during data loading bounce back to the login screen instead of showing raw error messages
### Input validation & error handling
- App URL inputs are validated — rejects non-`http://` or `https://` URLs with a clear inline error
- `ApiClient.login()` catches network/URL errors and returns `false` instead of crashing
- `ApiClient.login()` verifies the session after a 302/200 response by calling `checkSession()` — prevents false "Logged in" messages from servers that return 302 without a valid session (e.g. SSO redirects)
- Login failure messages now mention both credentials and server URL
---
## Files changed
- `packages/cli/src/api/client.ts` — accepts `appUrl`, derives `apiUrl`, exposes `getAppUrl()`, login validation
- `packages/cli/src/utils/config.ts` — `SessionConfig.appUrl`, backward-compat migration
- `packages/cli/src/cli.tsx` — `-a` flag, `LoginPrompt`, `ReLoginPrompt`, `ensureSession()`, URL validation
- `packages/cli/src/App.tsx` — expired session detection, editable URL on re-login, 401/403 handling
- `packages/cli/src/components/LoginForm.tsx` — app URL prompt field, `message` prop, URL validation
## Summary
When `IS_LOCAL_MODE` sources are created (e.g. via "Connect to Demo Server" in the onboarding modal), IDs are now derived from a stable hash of the item content instead of `Math.random()`. This ensures every user who connects to the same demo server gets the same source IDs, making deep links with `?source=<id>` work across different users and sessions.
This has the added benefit of ensuring that the dashboards created in local mode will not break due to new sources being created on every new session.
Further, the `<OnboardingModal>` has been added to a few pages where it was previous missing, ensuring that users which are deeplinked to those pages see the modal and are able to create the demo connection.
### How to test locally or on Vercel
1. Open the play/demo environment in two separate browser profiles (or incognito windows) so each has fresh localStorage
2. In the first, connect to the demo server, then navigate to a page where a source is selected
3. Copy the link into the second browser. You should see the "connect to demo server" and once connected you should see the same source as was selected in the 1st browser.
### References
- Linear Issue: Closes HDX-3974
- Related PRs: none
The "Release CLI Binaries" job fails because `bun build --compile` can't resolve `@hyperdx/common-utils/dist/*` imports. In CI it's a fresh checkout — `yarn install` puts source code in place but `common-utils` needs to be compiled (tsup) to produce its `dist/` output.
Adds a `make ci-build` step between `yarn install` and the CLI compile step.
Fixes https://github.com/hyperdxio/hyperdx/actions/runs/24220292098/job/70710194631
## Summary
When a chart uses a trace source with a Duration Expression, the chart now automatically defaults to adaptive time unit formatting (e.g., `120.41s`, `45ms`, `3µs`) instead of requiring users to manually select a format. Users can still override the format through the existing display settings.
**Key changes:**
1. **New `duration` output type** in `NumberFormatSchema` — renders values adaptively as `µs`, `ms`, `s`, `min`, or `h` based on magnitude, instead of the clock-style `hh:mm:ss` format
2. **Auto-detection via exact match** — `getTraceDurationNumberFormat()` checks if any chart select `valueExpression` exactly equals the trace source's `durationExpression`. Only applies for unit-preserving aggregate functions (`avg`, `min`, `max`, `sum`, `quantile`, `any`, `last_value`, etc.) — skips `count` and `count_distinct`
3. **`useResolvedNumberFormat()` hook** — resolves the effective `numberFormat` for a chart: returns the user's explicit format if set, otherwise auto-detects duration format for trace sources
4. **UI form update** — Added "Duration" option to the number format selector with input unit picker (seconds/ms/µs/ns)
5. **Display settings drawer** — Shows the auto-detected format by default so users can see what's being applied
6. **Heatmap support** — Updated `DBHeatmapChart` tick formatter to use `formatDurationMs` for duration-formatted values
**Components updated:** `DBTimeChart`, `DBNumberChart`, `DBListBarChart`, `DBPieChart`, `DBTableChart`, `DBHeatmapChart`, `DBSearchHeatmapChart`, `DBEditTimeChartForm`, `ChartDisplaySettingsDrawer`
### How to test locally or on Vercel
1. Create a chart from a trace source with a unit-preserving aggFn (e.g., avg/p95/p99/min/max of the Duration column)
2. Verify the chart y-axis and tooltips now show values like `120.41s` or `45ms` instead of raw numbers
3. Open the chart display settings and verify the "Duration" output format is shown as the default
4. Change the aggFn to `count` or `count_distinct` — verify duration formatting is NOT applied
5. Change the format to something else (e.g., "Number") and verify the override persists
6. Switch back to "Duration" and pick different input units (seconds, ms, µs, ns) — the preview should update correctly
7. Check that non-trace-source charts are unaffected (no auto-detection triggers)
8. Verify the search heatmap chart for traces still shows proper duration labels
9. Reset to defaults in the display settings drawer and verify it returns to the auto-detected duration format
### References
- Linear Issue: HDX-3909
Linear Issue: [HDX-3909](https://linear.app/clickhouse/issue/HDX-3909/trace-duration-should-render-in-time-unit-by-default)
<div><a href="https://cursor.com/agents/bc-c39f9186-2593-4675-8f23-190cd148818b"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-web-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-web-light.png"><img alt="Open in Web" width="114" height="28" src="https://cursor.com/assets/images/open-in-web-dark.png"></picture></a> <a href="https://cursor.com/background-agent?bcId=bc-c39f9186-2593-4675-8f23-190cd148818b"><picture><source media="(prefers-color-scheme: dark)" srcset="https://cursor.com/assets/images/open-in-cursor-dark.png"><source media="(prefers-color-scheme: light)" srcset="https://cursor.com/assets/images/open-in-cursor-light.png"><img alt="Open in Cursor" width="131" height="28" src="https://cursor.com/assets/images/open-in-cursor-dark.png"></picture></a> </div>
Co-authored-by: Cursor Agent <199161495+cursoragent@users.noreply.github.com>
## Summary
This PR:
- Updates the eslint config to restore `react-hook` plugin rules which were removed in #2069. Some of them were removed in without any replacements being _enabled_ in the recommended @eslint-react ruleset
- Reverts #2074, as those lint fixes were possible only because the related rules had been removed
Rule equivalence is documented here: https://www.eslint-react.xyz/docs/migrating-from-eslint-plugin-react-hooks
You can view current effective rule states with `cd packages/app && npx eslint --inspect-config`
### How to test locally or on Vercel
Locally:
```
make ci-lint / make dev-lint
```
### References
- Linear Issue: HDX-3467
- Related PRs:
## Summary
This PR extracts a TileAlertEditor component for future re-use in the Raw-SQL Alert UI. The UI has been updated to make the alert section collapsible and co-locate the "Remove Alert" button within the alert section. The collapsibility will be more important in the Raw SQL case, since the Raw SQL Editor is already pretty vertically tall.
### Screenshots or video
https://github.com/user-attachments/assets/4e595fc6-06f0-4ccd-ab1f-08dcb9895c89
### How to test locally or on Vercel
This must be tested locally, since alerts are not supported in local mode.
### References
- Linear Issue: Related to HDX-1605
- Related PRs:
