The `color-scheme` CSS property was hardcoded to `dark` on the root element, causing browser-native UI like scrollbars to always render in dark style regardless of the active theme. This moves `color-scheme` into the appropriate `[data-mantine-color-scheme]` selectors so it matches the user's selected theme.
> [!NOTE]
> This issue is only visible if you have your OS configured to always show scrollbars (macOS: System Settings → Appearance → Show scroll bars → Always).
## Before
<img width="3456" height="1834" alt="scrollbar-color-issue" src="https://github.com/user-attachments/assets/3d820ad6-3952-444b-9bac-f7c9d15e2bdc" />
## After
<img width="3456" height="1834" alt="scrollbar-color-fixed" src="https://github.com/user-attachments/assets/002fb0bd-72ee-47f7-9af7-e90faa41562b" />
In localmode and the clickhouse build, it is common to hit a scenario where a connection is not defined, but sources are. This causes the search page to start spamming queries without any credentials, which causes the browser to repeatedly show a prompt for auth credentials and kills the whole onboarding process. Additionally, after creating a connection in the onboarding modal, the sources were not discovered by the onboarding modal and would force you to redefine a source even though you had some saved. This PR fixes both of those issues.
Closes HDX-3515
Closes HDX-3516
## Summary
Fixes#1510
**Root cause:** When a number format (e.g., Percent) is applied to table columns that contain non-numeric values, `formatNumber` doesn't catch non-empty strings. `numbro()` then produces NaN.
The existing check `!value && value !== 0` catches `null`, `undefined`, and `NaN`, but NOT non-empty strings (which are truthy and pass through to `numbro()`).
## Changes
- `packages/app/src/utils.ts`: Added `typeof value !== 'number' || isNaN(value)` guard that returns the raw value as a string instead of formatting it.
## Risk Assessment
**Low** - Only adds a guard for an edge case. Numeric values are formatted exactly as before.
Co-authored-by: Karl Power <85935352+karl-power@users.noreply.github.com>
## Summary
Addresses npm security vulnerabilities in transitive dependencies. Prefer direct dependency upgrades over broad resolutions where possible.
## Changes
**Direct upgrade:**
- **`@slack/webhook`**: `^6.1.0` → `^7.0.0` — v7 natively uses axios v1, eliminating the axios@0.21.4 SSRF/redirect vulnerabilities. Only breaking change in v7 is dropping Node <18 (we're on Node 22).
**Resolutions for transitive deps with no direct upgrade path:**
- **`fast-xml-parser`**: `^4.4.0` — fixes prototype pollution (High)
- **`systeminformation`**: `^5.24.0` — fixes command injection (High)
## Removed/Not Done
- `axios` resolution removed — covered by the `@slack/webhook` upgrade instead
- `tar` resolution removed — was a v6→v7 major jump on build-only tools (`cacache`, `node-gyp`); not present in the production image
- `glob` resolution removed — was breaking test coverage tooling (`test-exclude@6` depends on glob@^7)
## Related
Follow-up to #1731 which addressed base image vulnerabilities (Node, Go, ClickHouse).
# Summary
This PR updates the CI (integration tests) docker compose and env file so that the integration tests run on a separate set of ports, so that they can be run locally without interfering with an instance of the app running locally.
## Testing
To test locally
Start the app
```
yarn dev
```
Run the integration tests
```
make ci-int
```
Note that both can run at the same time without docker port conflicts. `make ci-int` can also be run without running the app - it uses its own independent mongo + clickhouse + api.
Dynamically fills available horizontal space in the Event Deltas view by calculating the number of chart columns based on the container width. Also moves pagination to the bottom of the list and hides it when not needed.
Fixes#1769
Generated with [Claude Code](https://claude.ai/code)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
A user reported that they could not use the Notebooks feature due to a random clickhouse connection failure, pointing to a bad password. https://discord.com/channels/1149498480893640706/1149500035403350036/1473446917198315563
The reason it failed was because we weren't selecting the pw in `mongo` prior to using it in a direct `CH` connection.
Before the fix, the call in `getAIMetadata` omitted the `selectPassword` argument:
`const connection = await getConnectionById(source.team.toString(), connectionId); // connection.password === undefined`
So when the ClickhouseClient was constructed immediately after:
```
const clickhouseClient = new ClickhouseClient({ host: connection.host, username: connection.username, password: connection.password, });
```
`connection.password` was undefined, and the ClickHouse client connected with no password — hence the authentication failure.
The fix just adds `true` so the password is actually fetched from MongoDB and present in connection.password when the client is constructed.
## Summary
- Add support for TLS-enabled ClickHouse endpoints in otelcol migrator (`tcps://`, `tls://`, `clickhouse://` schemes)
- Support `?secure=true` query parameter to override TLS setting on any scheme
- Default TLS port to `9440` for `tcps`/`tls` schemes
- Improve error message for unsupported schemes to list valid options
## Test plan
- Added tests for `clickhouse://`, `tcps://`, `tls://` schemes with default and custom ports
- Added tests for `?secure=true` query param on `tcp` and `http` schemes
- Added test verifying `?secure=false` is a no-op
Docs: https://clickhouse.com/docs/guides/sre/network-ports
Ref: HDX-3490
Fixes https://github.com/hyperdxio/hyperdx/issues/983
This issue was closed as not planned, but I think the solution is simple enough that it should be considered for merging.
row data has `__hdx_resource_attributes` (which is `ROW_DATA_ALIASES.RESOURCE_ATTRIBUTES`) and it is flattened so that it could be used for both map and json type.
Closes HDX-3479
# Summary
This PR makes a number of improvements to new pie chart implementation (#1704)
1. Pie charts are now limited to 1 series. Previously, the pie chart summed the values of each series by group, and used the sum as the slice value. This is non-obvious and probably not what users expect. With a one-series limit, this problem is eliminated. Further, the logic for formatting the pie chart data from the clickhouse response is dramatically simpler.
2. Slices are now ordered by value decreasing, to avoid randomly changing slice order on refresh
3. Instead of being randomly generated, slice colors are now consistent with the theme colors and auto-detect log and trace severity levels, matching line/bar chart behavior
4. The external dashboards API now supports reading and writing pie charts. The transformation code has been updated so that there will be a type error if any new chart types are added in the future without updating the external API code.
5. The pie chart's tooltip now matches the style of the line chart tooltip, and is updated appropriately based on the app theme and light/dark mode.
6. The chart's number format is now applied to values in the pie chart tooltip
7. Slice labels are now correctly populated when a map is accessed in the Group By (eg. when grouping by `ResourceAttributes['app']`, the slice labels include the `app` value instead of being empty).
8. Also, added some unit tests for the pie chart data transformation, and moved it to ChartUtils with the other similar chart data transformation code.
## Summary
- Fix external API `POST /api/v2/charts/series` returning `"no query support for metric type=gauge"` when `field` is passed without `metricName`
- When querying metric sources, the API now falls back to using `field` as the `metricName` and defaults `valueExpression` to `'Value'` (the ClickHouse column), matching how the dashboard UI builds chart configs
- Backward compatible: when both `metricName` and `field` are provided, behavior is unchanged
## Root Cause
`buildChartConfigFromRequest()` mapped `field` to `valueExpression` but never populated `metricName` from it. Downstream, `translateMetricChartConfig()` requires both `metricType` AND `metricName` to be truthy — when `metricName` was undefined, it fell through to the catch-all error.
## Test plan
- [ ] Added integration tests for gauge, sum, and histogram metrics using `field` without `metricName`
- [ ] Verify existing metric tests still pass (backward compatible — passing both `metricName` and `field` works as before)
- [ ] Verify non-metric source queries are unaffected
Related: https://github.com/hyperdxio/hyperdx/issues/1418, https://github.com/hyperdxio/hyperdx/issues/1214🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude <81847+claude@users.noreply.github.com>
Adds several optimizations that helps immensely with search query duration. On our own data we've seen a 2-3x improvement, for extremely large log tables we've seen a 50x improvement
Closes HDX-3429
## Summary
Replace hardcoded "HyperDX" in user-facing UI with the current theme's display name so deployments using the ClickStack theme show "ClickStack" (e.g. "Welcome to ClickStack", "ClickStack Cloud") instead of "HyperDX".
Closes HDX-3463.
## Changes
### Theme
- **ThemeProvider**: Add `useBrandDisplayName()` hook that returns `theme.displayName` ("HyperDX" or "ClickStack") for use in copy.
### Pages & layout
- **Auth**: Login/register page title and brand label use `useBrandDisplayName()`.
- **AuthLoadingBlocker**: "Loading HyperDX" → "Loading {brandName}".
- **JoinTeamPage**: Document title uses brand name.
- **LandingHeader**: "HyperDX Cloud" → "{brandName} Cloud" (desktop and mobile). Active link color scheme updated for theme consistency.
- **Spotlights**: Cloud action label and description use brand name.
- **Page titles**: All `<Head><title>` now suffix with current brand (Dashboard, Search, Client Sessions, Chart Explorer, My Team, Create a Dashboard, Alerts, DBDashboardImportPage).
### Copy and errors
- **OnboardingModal**: Welcome title and demo server success/error messages use brand name.
- **DBSearchPageAlertModal**, **WebhooksSection**, **TeamMembersSection**, **WebhookForm**: "Please contact HyperDX team" → "Please contact {brandName} team".
- **SessionsPage**: Empty state and setup instructions ("HyperDX integration", "HyperDX Otel Collector", "HyperDX Browser Integration") use brand name.
- **TeamPage**: ClickHouse settings tooltip about windowed queries uses brand name.
- **DBChartPage**: AI Assistant alert text ("on the HyperDX server") and Chart Explorer title use brand name.
- **SourceForm**: All help text that referred to "HyperDX" (materialized view tooltip, correlated source labels, metrics "not yet fully supported") use brand name.
- **HDXMultiSeriesTableChart**: CSV export filename "HyperDX_table_results" → "{brandName}_table_results".
## Testing
- With default/HyperDX theme: all existing strings should still read "HyperDX".
- With ClickStack theme (e.g. `NEXT_PUBLIC_THEME=clickstack` or dev theme override): titles, welcome text, errors, and help text should show "ClickStack" where appropriate.
## Notes
- No changes to SDK imports, type names (e.g. `HyperDXEventType`), or theme definition files.
- Brand is deployment-configured via `NEXT_PUBLIC_THEME`; in dev, theme can be switched for verification.
1. `source` isn't actually required on an alert. It is non-nullable, but has a default value of `saved_search` if omitted.
2. `whereLanguage` is actually a required input.
- Simplified SVG markup for both favicons by removing redundant elements and improving readability.
- Updated clipPath definitions and ensured consistent styling for light and dark modes.
- Enhanced compatibility with modern SVG standards.
