Vineet Ahirkar
47e1f565ee
feat: Add OpenAI provider support for AI assistance ( #1960 )
2026-03-23 16:27:19 -06:00
github-actions[bot]
5d2ebc46ee
Release HyperDX ( #1884 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-03-20 14:22:09 -07:00
Dan Hable
a0b3361a85
[HDX-2712] Unified hyperdx entrypoint script for API and tasks ( #1951 )
...
## Summary
The node commands to start the API server and alert task are duplicated across 4+ files, each hardcoding the build output path and node require flags. When the build process changed (esbuild introduction/revert per HDX-2690), the downstream operator and helm chart broke because their entrypoint commands were stale.
This PR introduces `packages/api/bin/hyperdx`, a single shell script that is the **sole source of truth** for how to launch API and task processes. It resolves the build directory relative to its own location, applies the correct node flags (`-r @hyperdx/node-opentelemetry/build/src/tracing`), and exposes two subcommands:
- `hyperdx api` -- starts the API server
- `hyperdx task <name>` -- runs a named task (e.g., `check-alerts`)
All Dockerfiles and entry scripts now delegate to this script instead of inlining the node command. Future build changes only need updating in one place.
### How to test locally or on Vercel
1. **Build the standalone API image** and confirm the entrypoint works:
```bash
docker build . -f packages/api/Dockerfile -t hyperdx-api-test:latest --target prod
docker run -d --name hdx-api-test -p 18000:8000 hyperdx-api-test:latest
sleep 5
docker logs hdx-api-test 2>&1 | head -30
# Should show OpenTelemetry init + MongoStore error (expected without Mongo)
# No "file not found" or "permission denied" errors
docker stop hdx-api-test && docker rm hdx-api-test
```
2. **Build and run the all-in-one image** for a full integration test:
```bash
make build-local
docker run -d --name hdx-aio-test -p 18080:8080 -p 18000:8000 hyperdx/hyperdx-local:2.21.0
# Wait up to 90s for startup, then:
curl -sf http://localhost:18080/api/health # should return {"data":"OK",...}
curl -sf http://localhost:18000/health # should return {"data":"OK",...}
docker exec hdx-aio-test sh -c "ps aux"
# Confirm API, APP, and ALERT-TASK processes are running via the hyperdx script
docker stop hdx-aio-test && docker rm hdx-aio-test
```
3. **Build the prod image** to confirm the entry script changes are valid:
```bash
make build-app
```
**Testing performed:** All three Docker image targets were built and verified locally. The standalone API image started node via `hyperdx api` correctly (crashed on missing MongoDB as expected). The all-in-one image passed health checks on both `localhost:18080/api/health` and `localhost:18000/health`, with all three processes (API, APP, ALERT-TASK) confirmed running inside the container using the new entry point script.
### References
- Linear Issue: [HDX-2712](https://linear.app/clickhouse/issue/HDX-2712/use-a-single-entry-point-script-for-both-hyperdx-api-and-alert-job )
- Related PRs: HDX-2690 (root cause), HDX-2815 (downstream helm chart follow-up)
- **Follow-up needed:** Update helm chart cron job template and operator template in `ClickHouse/ClickStack-helm-charts` to use `./packages/api/bin/hyperdx task check-alerts`
Made with [Cursor](https://cursor.com )
2026-03-20 18:27:40 +00:00
Drew Davis
f5ce232976
ci: Add linting for openapi specs ( #1945 )
...
## Summary
This PR adds the Spectral linter for linting our OpenAPI spec, with rules preventing fields with missing examples or descriptions, which are often enforced in the Control Plane repo.
This PR also resolves lint errors that were already present.
### Screenshots or video
### How to test locally or on Vercel
Run `make ci-lint` to lint the openapi specs
### References
- Linear Issue: Closes HDX-3768
- Related PRs:
2026-03-20 15:13:19 +00:00
Brandon Pereira
f410e6dc1b
chore: Bump ai sdk to v6 ( #1898 )
...
## Summary
This PR refactors part of the agent infrastructure to improve internal structure and long-term maintainability.
There are no functional or user-facing changes. The Graph Explorer continues to behave exactly as before.
> Note: This lays groundwork for future extensibility around agent capabilities.
---
### Screenshots or video
No UI changes.
---
### How to test locally or on Vercel
1. Start the app locally
2. Navigate to **Graph Explorer**.
3. Use the **AI generation feature** to generate a query.
4. Verify that:
* Query generation works as expected.
* No regressions or behavioral changes are observed.
---
### References
Fixes HDX-3109
2026-03-13 14:44:01 +00:00
Warren Lee
843c00cc17
fix: Adjust CI logs verbosity ( #1888 )
...
## Summary
- Silence noisy `console.debug` and `console.info` logs in test output across `api` and `common-utils` packages
- Add `DOTENV_CONFIG_OVERRIDE=true` to API integration test scripts so `.env.test` values take precedence
- Add shared jest setup for `common-utils` to suppress verbose console output during tests
Now the CI stdout should be much cleaner and readable (int tests especially)
2026-03-11 20:32:02 +00:00
github-actions[bot]
5f105bb1b5
Release HyperDX ( #1832 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-03-10 18:14:11 -07:00
Warren Lee
cabe4d8edc
fix: add whereLanguage to tile alerts ( #1842 )
...
## Summary
- Fix tile alerts to support `groupBy` for Gauge/Sum metrics — each group-by value appears as its own column in the response
- Add missing `whereLanguage` to tile alert config so Lucene WHERE conditions are parsed correctly
- Replace stale fixture-based ClickHouse schema with otel-collector's canonical schema in integration tests
Ref: HDX-3576
2026-03-04 18:54:10 +00:00
dependabot[bot]
8a4ca3029c
build(deps): bump semver from 5.7.1 to 7.7.3 ( #1702 )
...
Bumps [semver](https://github.com/npm/node-semver ) from 5.7.1 to 7.7.3.
Sourced from <a href="https://github.com/npm/node-semver/releases ">semver's releases</a>.</em></p>
<blockquote>
<h2>v7.7.3</h2>
<h2><a href="https://github.com/npm/node-semver/compare/v7.7.2...v7.7.3 ">7.7.3</a> (2025-10-06)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a href="e37e0ca0b5https://redirect.github.com/npm/node-semver/pull/813 ">#813</a> faster paths for compare (<a href="https://redirect.github.com/npm/node-semver/issues/813 ">#813</a>) (<a href="https://github.com/H4ad "><code>@H4ad</code></a>)</li>
<li><a href="2471d7543ehttps://redirect.github.com/npm/node-semver/pull/811 ">#811</a> x-range build metadata support (i529015)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a href="8f05c87f56https://redirect.github.com/npm/node-semver/pull/807 ">#807</a> bump <code>@npmcli/template-oss</code> from 4.25.0 to 4.25.1 (<a href="https://redirect.github.com/npm/node-semver/issues/807 ">#807</a>) (<a href="https://github.com/dependabot "><code>@dependabot</code></a>[bot], <a href="https://github.com/owlstronaut "><code>@owlstronaut</code></a>)</li>
</ul>
<h2>v7.7.2</h2>
<h2><a href="https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2 ">7.7.2</a> (2025-05-12)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a href="fcafb61ed5https://redirect.github.com/npm/node-semver/pull/780 ">#780</a> add missing <code>'use strict'</code> directives (<a href="https://redirect.github.com/npm/node-semver/issues/780 ">#780</a>) (<a href="https://github.com/Fdawgs "><code>@Fdawgs</code></a>)</li>
<li><a href="c99f336fa3https://redirect.github.com/npm/node-semver/pull/781 ">#781</a> prerelease identifier starting with digits (<a href="https://redirect.github.com/npm/node-semver/issues/781 ">#781</a>) (<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a href="c760403b93https://redirect.github.com/npm/node-semver/pull/784 ">#784</a> template-oss-apply for workflow permissions (<a href="https://redirect.github.com/npm/node-semver/issues/784 ">#784</a>) (<a href="https://github.com/wraithgar "><code>@wraithgar</code></a>)</li>
<li><a href="2677f2a883https://redirect.github.com/npm/node-semver/pull/778 ">#778</a> bump <code>@npmcli/template-oss</code> from 4.23.6 to 4.24.3 (<a href="https://redirect.github.com/npm/node-semver/issues/778 ">#778</a>) (<a href="https://github.com/dependabot "><code>@dependabot</code></a>[bot], <a href="https://github.com/npm-cli-bot "><code>@npm-cli-bot</code></a>)</li>
</ul>
<h2>v7.7.1</h2>
<h2><a href="https://github.com/npm/node-semver/compare/v7.7.0...v7.7.1 ">7.7.1</a> (2025-02-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a href="af761c05bdhttps://redirect.github.com/npm/node-semver/pull/764 ">#764</a> inc: fully capture prerelease identifier (<a href="https://redirect.github.com/npm/node-semver/issues/764 ">#764</a>) (<a href="https://github.com/wraithgar "><code>@wraithgar</code></a>)</li>
</ul>
<h2>v7.7.0</h2>
<h2><a href="https://github.com/npm/node-semver/compare/v7.6.3...v7.7.0 ">7.7.0</a> (2025-01-29)</h2>
<h3>Features</h3>
<ul>
<li><a href="0864b3ce79https://redirect.github.com/npm/node-semver/pull/753 ">#753</a> add "release" inc type (<a href="https://redirect.github.com/npm/node-semver/issues/753 ">#753</a>) (<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a href="d588e37828https://redirect.github.com/npm/node-semver/pull/755 ">#755</a> diff: fix prerelease to stable version diff logic (<a href="https://redirect.github.com/npm/node-semver/issues/755 ">#755</a>) (<a href="https://github.com/eminberkayd "><code>@eminberkayd</code></a>, berkay.daglar)</li>
<li><a href="8a34bdecc7https://redirect.github.com/npm/node-semver/pull/754 ">#754</a> add identifier validation to <code>inc()</code> (<a href="https://redirect.github.com/npm/node-semver/issues/754 ">#754</a>) (<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li><a href="67e54785a0https://redirect.github.com/npm/node-semver/pull/756 ">#756</a> readme: added missing period for consistency (<a href="https://redirect.github.com/npm/node-semver/issues/756 ">#756</a>) (<a href="https://github.com/shaymolcho "><code>@shaymolcho</code></a>)</li>
<li><a href="868d4bbe3dhttps://redirect.github.com/npm/node-semver/pull/749 ">#749</a> clarify comment about obsolete prefixes (<a href="https://redirect.github.com/npm/node-semver/issues/749 ">#749</a>) (<a href="https://github.com/mbtools "><code>@mbtools</code></a>, <a href="https://github.com/ljharb "><code>@ljharb</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a href="145c554b8chttps://redirect.github.com/npm/node-semver/pull/741 ">#741</a> bump <code>@npmcli/eslint-config</code> from 4.0.5 to 5.0.0 (<a href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li><a href="753e02b9d0https://redirect.github.com/npm/node-semver/pull/747 ">#747</a> bump <code>@npmcli/template-oss</code> from 4.23.3 to 4.23.4 (<a href="https://redirect.github.com/npm/node-semver/issues/747 ">#747</a>) (<a href="https://github.com/dependabot "><code>@dependabot</code></a>[bot], <a href="https://github.com/npm-cli-bot "><code>@npm-cli-bot</code></a>)</li>
<li><a href="0b812d5fb5https://redirect.github.com/npm/node-semver/pull/744 ">#744</a> postinstall for dependabot template-oss PR (<a href="https://github.com/hashtagchris "><code>@hashtagchris</code></a>)</li>
</ul>
<h2>v7.6.3</h2>
<h2><a href="https://github.com/npm/node-semver/compare/v7.6.2...v7.6.3 ">7.6.3</a> (2024-07-16)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a href="73a3d79c4ehttps://redirect.github.com/npm/node-semver/pull/726 ">#726</a> optimize Range parsing and formatting (<a href="https://redirect.github.com/npm/node-semver/issues/726 ">#726</a>) (<a href="https://github.com/jviide "><code>@jviide</code></a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li><a href="2975ece120https://redirect.github.com/npm/node-semver/pull/719 ">#719</a> fix extra backtick typo (<a href="https://redirect.github.com/npm/node-semver/issues/719 ">#719</a>) (<a href="https://github.com/stdavis "><code>@stdavis</code></a>)</li>
</ul>
<h2>v7.6.2</h2>
<h2><a href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2 ">7.6.2</a> (2024-05-09)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md ">semver's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/npm/node-semver/compare/v7.7.2...v7.7.3 ">7.7.3</a> (2025-10-06)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a href="e37e0ca0b5https://redirect.github.com/npm/node-semver/pull/813 ">#813</a> faster paths for compare (<a href="https://redirect.github.com/npm/node-semver/issues/813 ">#813</a>) (<a href="https://github.com/H4ad "><code>@H4ad</code></a>)</li>
<li><a href="2471d7543ehttps://redirect.github.com/npm/node-semver/pull/811 ">#811</a> x-range build metadata support (i529015)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a href="8f05c87f56https://redirect.github.com/npm/node-semver/pull/807 ">#807</a> bump <code>@npmcli/template-oss</code> from 4.25.0 to 4.25.1 (<a href="https://redirect.github.com/npm/node-semver/issues/807 ">#807</a>) (<a href="https://github.com/dependabot "><code>@dependabot</code></a>[bot], <a href="https://github.com/owlstronaut "><code>@owlstronaut</code></a>)</li>
</ul>
<h2><a href="https://github.com/npm/node-semver/compare/v7.7.1...v7.7.2 ">7.7.2</a> (2025-05-12)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a href="fcafb61ed5https://redirect.github.com/npm/node-semver/pull/780 ">#780</a> add missing <code>'use strict'</code> directives (<a href="https://redirect.github.com/npm/node-semver/issues/780 ">#780</a>) (<a href="https://github.com/Fdawgs "><code>@Fdawgs</code></a>)</li>
<li><a href="c99f336fa3https://redirect.github.com/npm/node-semver/pull/781 ">#781</a> prerelease identifier starting with digits (<a href="https://redirect.github.com/npm/node-semver/issues/781 ">#781</a>) (<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a href="c760403b93https://redirect.github.com/npm/node-semver/pull/784 ">#784</a> template-oss-apply for workflow permissions (<a href="https://redirect.github.com/npm/node-semver/issues/784 ">#784</a>) (<a href="https://github.com/wraithgar "><code>@wraithgar</code></a>)</li>
<li><a href="2677f2a883https://redirect.github.com/npm/node-semver/pull/778 ">#778</a> bump <code>@npmcli/template-oss</code> from 4.23.6 to 4.24.3 (<a href="https://redirect.github.com/npm/node-semver/issues/778 ">#778</a>) (<a href="https://github.com/dependabot "><code>@dependabot</code></a>[bot], <a href="https://github.com/npm-cli-bot "><code>@npm-cli-bot</code></a>)</li>
</ul>
<h2><a href="https://github.com/npm/node-semver/compare/v7.7.0...v7.7.1 ">7.7.1</a> (2025-02-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a href="af761c05bdhttps://redirect.github.com/npm/node-semver/pull/764 ">#764</a> inc: fully capture prerelease identifier (<a href="https://redirect.github.com/npm/node-semver/issues/764 ">#764</a>) (<a href="https://github.com/wraithgar "><code>@wraithgar</code></a>)</li>
</ul>
<h2><a href="https://github.com/npm/node-semver/compare/v7.6.3...v7.7.0 ">7.7.0</a> (2025-01-29)</h2>
<h3>Features</h3>
<ul>
<li><a href="0864b3ce79https://redirect.github.com/npm/node-semver/pull/753 ">#753</a> add "release" inc type (<a href="https://redirect.github.com/npm/node-semver/issues/753 ">#753</a>) (<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><a href="d588e37828https://redirect.github.com/npm/node-semver/pull/755 ">#755</a> diff: fix prerelease to stable version diff logic (<a href="https://redirect.github.com/npm/node-semver/issues/755 ">#755</a>) (<a href="https://github.com/eminberkayd "><code>@eminberkayd</code></a>, berkay.daglar)</li>
<li><a href="8a34bdecc7https://redirect.github.com/npm/node-semver/pull/754 ">#754</a> add identifier validation to <code>inc()</code> (<a href="https://redirect.github.com/npm/node-semver/issues/754 ">#754</a>) (<a href="https://github.com/mbtools "><code>@mbtools</code></a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li><a href="67e54785a0https://redirect.github.com/npm/node-semver/pull/756 ">#756</a> readme: added missing period for consistency (<a href="https://redirect.github.com/npm/node-semver/issues/756 ">#756</a>) (<a href="https://github.com/shaymolcho "><code>@shaymolcho</code></a>)</li>
<li><a href="868d4bbe3dhttps://redirect.github.com/npm/node-semver/pull/749 ">#749</a> clarify comment about obsolete prefixes (<a href="https://redirect.github.com/npm/node-semver/issues/749 ">#749</a>) (<a href="https://github.com/mbtools "><code>@mbtools</code></a>, <a href="https://github.com/ljharb "><code>@ljharb</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a href="145c554b8chttps://redirect.github.com/npm/node-semver/pull/741 ">#741</a> bump <code>@npmcli/eslint-config</code> from 4.0.5 to 5.0.0 (<a href="https://github.com/dependabot "><code>@dependabot</code></a>[bot])</li>
<li><a href="753e02b9d0https://redirect.github.com/npm/node-semver/pull/747 ">#747</a> bump <code>@npmcli/template-oss</code> from 4.23.3 to 4.23.4 (<a href="https://redirect.github.com/npm/node-semver/issues/747 ">#747</a>) (<a href="https://github.com/dependabot "><code>@dependabot</code></a>[bot], <a href="https://github.com/npm-cli-bot "><code>@npm-cli-bot</code></a>)</li>
<li><a href="0b812d5fb5https://redirect.github.com/npm/node-semver/pull/744 ">#744</a> postinstall for dependabot template-oss PR (<a href="https://github.com/hashtagchris "><code>@hashtagchris</code></a>)</li>
</ul>
<h2><a href="https://github.com/npm/node-semver/compare/v7.6.2...v7.6.3 ">7.6.3</a> (2024-07-16)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a href="73a3d79c4ehttps://redirect.github.com/npm/node-semver/pull/726 ">#726</a> optimize Range parsing and formatting (<a href="https://redirect.github.com/npm/node-semver/issues/726 ">#726</a>) (<a href="https://github.com/jviide "><code>@jviide</code></a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li><a href="2975ece120https://redirect.github.com/npm/node-semver/pull/719 ">#719</a> fix extra backtick typo (<a href="https://redirect.github.com/npm/node-semver/issues/719 ">#719</a>) (<a href="https://github.com/stdavis "><code>@stdavis</code></a>)</li>
</ul>
<h2><a href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2 ">7.6.2</a> (2024-05-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a href="6466ba9b54https://redirect.github.com/npm/node-semver/pull/713 ">#713</a> lru: use map.delete() directly (<a href="https://redirect.github.com/npm/node-semver/issues/713 ">#713</a>) (<a href="https://github.com/negezor "><code>@negezor</code></a>, <a href="https://github.com/lukekarrys "><code>@lukekarrys</code></a>)</li>
</ul>
<h2><a href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1 ">7.6.1</a> (2024-05-04)</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="a25789b09bhttps://redirect.github.com/npm/node-semver/issues/812 ">#812</a>)</li>
<li><a href="e37e0ca0b5https://redirect.github.com/npm/node-semver/issues/813 ">#813</a>)</li>
<li><a href="2471d7543e8f05c87f56https://redirect.github.com/npm/node-semver/issues/807 ">#807</a>)</li>
<li><a href="d17aebf848https://redirect.github.com/npm/node-semver/issues/797 ">#797</a>)</li>
<li><a href="3b03e3b4echttps://redirect.github.com/npm/node-semver/issues/790 ">#790</a>)</li>
<li><a href="281055e771https://redirect.github.com/npm/node-semver/issues/783 ">#783</a>)</li>
<li><a href="fcafb61ed5https://redirect.github.com/npm/node-semver/issues/780 ">#780</a>)</li>
<li><a href="c760403b93https://redirect.github.com/npm/node-semver/issues/784 ">#784</a>)</li>
<li><a href="c99f336fa3https://redirect.github.com/npm/node-semver/issues/781 ">#781</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/npm/node-semver/compare/v5.7.1...v7.7.3 ">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub ">https://www.npmjs.com/~GitHub </a> Actions), a new releaser for semver since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts ).
</details>
2026-03-02 17:47:44 +00:00
github-actions[bot]
4a89e1f616
Release HyperDX ( #1790 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-27 08:38:01 -08:00
Rahul
ef66cba8cd
build(deps): add security resolutions for vulnerable npm packages ( #1740 )
...
## Summary
Addresses npm security vulnerabilities in transitive dependencies. Prefer direct dependency upgrades over broad resolutions where possible.
## Changes
**Direct upgrade:**
- **`@slack/webhook`**: `^6.1.0` → `^7.0.0` — v7 natively uses axios v1, eliminating the axios@0.21.4 SSRF/redirect vulnerabilities. Only breaking change in v7 is dropping Node <18 (we're on Node 22).
**Resolutions for transitive deps with no direct upgrade path:**
- **`fast-xml-parser`**: `^4.4.0` — fixes prototype pollution (High)
- **`systeminformation`**: `^5.24.0` — fixes command injection (High)
## Removed/Not Done
- `axios` resolution removed — covered by the `@slack/webhook` upgrade instead
- `tar` resolution removed — was a v6→v7 major jump on build-only tools (`cacache`, `node-gyp`); not present in the production image
- `glob` resolution removed — was breaking test coverage tooling (`test-exclude@6` depends on glob@^7)
## Related
Follow-up to #1731 which addressed base image vulnerabilities (Node, Go, ClickHouse).
2026-02-26 02:14:24 +00:00
Aaron Knudtson
8772f5e294
chore: update clickhouse version for compose files to 26.1 ( #1791 )
2026-02-24 15:24:43 -05:00
dependabot[bot]
3dd8a7b995
chore(deps): bump lodash from 4.17.21 to 4.17.23 ( #1641 )
...
Bumps [lodash](https://github.com/lodash/lodash ) from 4.17.21 to 4.17.23.
<details>
<summary>Commits</summary>
<ul>
<li><a href="dec55b7a3bhttps://redirect.github.com/lodash/lodash/issues/6088 ">#6088</a>)</li>
<li><a href="19c9251b36https://redirect.github.com/lodash/lodash/issues/6071 ">#6071</a>)</li>
<li><a href="b5e672995ahttps://redirect.github.com/lodash/lodash/issues/6062 ">#6062</a>)</li>
<li><a href="edadd452144879a7a7d0https://redirect.github.com/lodash/lodash/issues/6056 ">#6056</a>)</li>
<li><a href="9648f692b0https://redirect.github.com/lodash/lodash/issues/6053 ">#6053</a>)</li>
<li><a href="dfa407db0bhttps://redirect.github.com/lodash/lodash/issues/6052 ">#6052</a>)</li>
<li><a href="156e1965aehttps://redirect.github.com/lodash/lodash/issues/6039 ">#6039</a>)</li>
<li><a href="933e1061b8https://redirect.github.com/lodash/lodash/issues/6023 ">#6023</a>)</li>
<li><a href="072a807ff7https://redirect.github.com/lodash/lodash/issues/5968 ">#5968</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23 ">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts ).
</details>
2026-02-24 18:59:44 +00:00
github-actions[bot]
9488421ac6
Release HyperDX ( #1777 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-24 06:21:31 +01:00
github-actions[bot]
d1288cf67b
Release HyperDX ( #1752 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-21 07:08:56 +01:00
github-actions[bot]
7679b80f13
Release HyperDX ( #1718 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-18 14:06:08 -08:00
github-actions[bot]
a33efbc4b5
Release HyperDX ( #1701 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-09 15:14:05 -08:00
github-actions[bot]
00703bc121
Release HyperDX ( #1696 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-04 12:30:19 -08:00
github-actions[bot]
a8457e2be9
Release HyperDX ( #1688 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-04 05:21:21 +01:00
github-actions[bot]
d78df68e87
Release HyperDX ( #1656 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-02 07:43:34 -08:00
github-actions[bot]
866de771b4
Release HyperDX ( #1592 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-01-23 15:55:50 -08:00
github-actions[bot]
547e2bfa21
Release HyperDX ( #1542 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-01-10 22:19:00 +01:00
Brandon Pereira
e767d79e02
Clean Up Integration Test Console Output ( #1566 )
...
- Also fix issue where integration tests were making actual network requests
- this also slightly speeds up tests
- Fixes issues where there were JS errors thrown during tests due to incorrect mocks, causing confusion when adding/fixing other tests
Before (note: too much content to even see all tests)
https://github.com/user-attachments/assets/346bb57d-aa64-4a62-b666-3cf47fcc2a6c
After:
https://github.com/user-attachments/assets/f6379a93-2d1d-4f12-a467-02d874f98de6
Fixes HDX-3165
2026-01-07 17:38:01 +00:00
github-actions[bot]
9037dae0ac
Release HyperDX ( #1531 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-12-30 23:19:50 +01:00
github-actions[bot]
81d48e410a
Release HyperDX ( #1455 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-12-29 08:36:23 -08:00
Brandon Pereira
65bcc1e72e
Improve common-utils build performance and add support for .env.local ( #1466 )
...
- Improves common-utils build process so the server is ready immediately when started. Currently, when the server starts common-utils hasn't finished building, so it starts, crashes, then restarts correctly after build. Now it runs as expected the first try.
- Adds support for `.env.local` so you can easily provide secret keys without always passing it in via the CLI
- These features already exist downstream, but they seem necessary fro oss as well.
2025-12-11 23:07:16 +00:00
github-actions[bot]
e46ec835ee
Release HyperDX ( #1381 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-12-08 16:58:57 +01:00
Jarrad
cac4d3ddca
add aws4 to api to allow mongo aws auth ( #1345 )
2025-11-29 04:30:28 +01:00
Brandon Pereira
7405d18308
Bump Typescript Version (app) ( #1401 )
...
As part of implementing a dependency upgrade (nuqs) we noticed that it requires Typescript 5, but we are on 4.
We should update this dependency so we don't get too outdated, by bumping this we can unblock other upgrades.
The biggest painpoint in this upgrade was the way that Typescript handles ESM in v4->v5 broke ts-jest ESM handling logic. I have mitigated this problem but using a lower version of `flat` which supports CJS, and mocking `ky` package since it's not actually needed for tests.
Fixes HDX-2900
2025-11-24 21:19:42 +00:00
github-actions[bot]
d322cd967d
Release HyperDX ( #1325 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-11-19 04:24:41 +01:00
github-actions[bot]
f98193852c
Release HyperDX ( #1289 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-10-30 11:13:50 +01:00
github-actions[bot]
0325416235
Release HyperDX ( #1224 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-10-22 16:13:54 +02:00
Warren
131a1c1edb
revert: api esbuild ( #1280 )
...
This PR reverts https://github.com/hyperdxio/hyperdx/pull/937
Ref: HDX-2620
2025-10-21 09:27:47 +00:00
Warren
348a4044e8
migration: migrate to Pino (logger) ( #1269 )
...
Summary
Migrates the HyperDX API and related services from Winston to Pino for standardized,
faster, and more structured logging with improved OpenTelemetry integration.
Changes
Core Migration
- Replaced Winston with Pino across all logging infrastructure
- Upgraded @hyperdx/node-opentelemetry from v0.8.2 to v0.9.0 to support Pino
transport
- Removed deprecated dependencies:
- winston and express-winston
- @opentelemetry/host-metrics and @opentelemetry/sdk-metrics (consolidated into
newer OTel SDK)
- Added new dependencies:
- pino and pino-http for core logging
- pino-pretty for development console output
Logger Configuration (packages/api/src/utils/logger.ts)
Production:
- Outputs stringified JSON to stdout via pino/file transport
- Maintains HyperDX transport integration when API key is configured
- Includes full OpenTelemetry trace context (trace_id, span_id, trace_flags)
<img width="830" height="184" alt="Screenshot 2025-10-14 at 4 31 36 PM" src="https://github.com/user-attachments/assets/82e60919-5c4d-4688-a6f5-d54632aef749 " />
Development:
- Uses pino-pretty for human-readable, colorized console output
- Hides verbose fields from console: pid, hostname, trace_id, span_id, trace_flags
- HTTP request/response objects excluded from logs via custom serializers
<img width="825" height="350" alt="image" src="https://github.com/user-attachments/assets/64b293d8-bc95-4715-931a-dbf73483d247 " />
HTTP Logging:
- Replaced express-winston with pino-http
- Custom log levels based on HTTP status codes (warn for 4xx, error for 5xx+)
- Simplified log messages: HTTP {method} {url}
Error Logging Updates
Updated error logging patterns throughout the codebase to follow Pino's structured
logging conventions:
// Before (Winston)
logger.error('Error message:', error);
// After (Pino)
logger.error({ err: error }, 'Error message');
Ref: HDX-2588
This PR should also address issue: https://github.com/hyperdxio/hyperdx/issues/1035
2025-10-15 17:15:46 +00:00
Dan Hable
c90a93e6c3
fix(alerts): bump cron package to pick up stalled job fix ( #1244 )
...
Ref: https://github.com/kelektiv/node-cron/issues/962
2025-10-07 21:39:48 +00:00
Mike Shi
b8efb4924c
chart ai assistant ( #1243 )
2025-10-07 14:47:10 -04:00
github-actions[bot]
fb1b035630
Release HyperDX ( #1197 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-29 16:05:02 -07:00
github-actions[bot]
a9715350ee
Release HyperDX ( #1170 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-20 21:03:57 -07:00
Warren
df259392a3
chore: remove unused npm packages (api) ( #1169 )
2025-09-15 18:38:59 +00:00
github-actions[bot]
6d1a123322
Release HyperDX ( #1149 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-12 13:43:16 -07:00
Drew Davis
45e8e1b62d
fix: Update tsconfigs to resolve IDE type errors ( #1150 )
2025-09-11 08:55:14 -04:00
dependabot[bot]
b139d90b47
build(deps): bump on-headers from 1.0.2 to 1.1.0 ( #1006 )
...
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some time.
Note: if you make any changes to this PR yourself, they will take precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps [on-headers](https://github.com/jshttp/on-headers ) from 1.0.2 to 1.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/jshttp/on-headers/releases ">on-headers's releases</a>.</em></p>
<blockquote>
<h2>1.1.0</h2>
<h2>Important</h2>
<ul>
<li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-7339 ">CVE-2025-7339</a> (<a href="https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q ">GHSA-76c9-3jph-rj3q</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Migrate CI pipeline to GitHub actions by <a href="https://github.com/carpasse "><code>@carpasse</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/12 ">jshttp/on-headers#12</a></li>
<li>fix README.md badges by <a href="https://github.com/carpasse "><code>@carpasse</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/13 ">jshttp/on-headers#13</a></li>
<li>add OSSF scorecard action by <a href="https://github.com/carpasse "><code>@carpasse</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/14 ">jshttp/on-headers#14</a></li>
<li>fix: use <code>ubuntu-latest</code> as ci runner by <a href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/19 ">jshttp/on-headers#19</a></li>
<li>ci: apply OSSF Scorecard security best practices by <a href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/20 ">jshttp/on-headers#20</a></li>
<li>👷 add upstream change detection by <a href="https://github.com/ctcpip "><code>@ctcpip</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/31 ">jshttp/on-headers#31</a></li>
<li>✨ add script to update known hashes by <a href="https://github.com/ctcpip "><code>@ctcpip</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/32 ">jshttp/on-headers#32</a></li>
<li>💚 update CI - add newer node versions by <a href="https://github.com/ctcpip "><code>@ctcpip</code></a> in <a href="https://redirect.github.com/jshttp/on-headers/pull/33 ">jshttp/on-headers#33</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/carpasse "><code>@carpasse</code></a> made their first contribution in <a href="https://redirect.github.com/jshttp/on-headers/pull/12 ">jshttp/on-headers#12</a></li>
<li><a href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a> made their first contribution in <a href="https://redirect.github.com/jshttp/on-headers/pull/19 ">jshttp/on-headers#19</a></li>
<li><a href="https://github.com/ctcpip "><code>@ctcpip</code></a> made their first contribution in <a href="https://redirect.github.com/jshttp/on-headers/pull/31 ">jshttp/on-headers#31</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0 ">https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0 </a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/jshttp/on-headers/blob/master/HISTORY.md ">on-headers's changelog</a>.</em></p>
<blockquote>
<h1>1.1.0 / 2025-07-17</h1>
<ul>
<li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-7339 ">CVE-2025-7339</a> (<a href="https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q ">GHSA-76c9-3jph-rj3q</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="4b017af88fb636f2d08e♻️ refactor header array code</li>
<li><a href="3e2c2d46c3✨ ignore falsy header keys, matching node behavior</li>
<li><a href="172eb41b99✨ support duplicate headers</li>
<li><a href="c6e384908c🔒 ️ fix array handling</li>
<li><a href="6893518341💚 update CI - add newer node versions</li>
<li><a href="56a345d82b✨ add script to update known hashes</li>
<li><a href="175ab21715👷 add upstream change detection (<a href="https://redirect.github.com/jshttp/on-headers/issues/31 ">#31</a>)</li>
<li><a href="ce0b2c8fcdhttps://redirect.github.com/jshttp/on-headers/issues/20 ">#20</a>)</li>
<li><a href="1a38c543e7https://redirect.github.com/jshttp/on-headers/issues/19 ">#19</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0 ">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a href="https://www.npmjs.com/~ulisesgascon ">ulisesgascon</a>, a new releaser for on-headers since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/hyperdxio/hyperdx/network/alerts ).
</details>
2025-09-08 15:49:09 +00:00
github-actions[bot]
d298874a78
Release HyperDX ( #1106 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-08 08:14:58 -07:00
Warren
d6f8058e52
chore: bump @clickhouse/client to v1.12.1 + centralize @clickhouse/client ( #1110 )
...
1. deprecate unused `packages/api/src/clickhouse`
2. deprecate unused route `/datasources`
3. introduce `getJSNativeCreateClient` in common-utils
4. uninstall `@clickhouse/client` in api package
5. uninstall `@clickhouse/client` + `@clickhouse/client-web` in app package
6. bump `@clickhouse/client` in common-utils package to v1.12.1
2025-08-28 00:56:17 +00:00
Dan Hable
261d4693a3
feat: limit how many tasks are executing at any time ( #1103 )
...
Allows user defined concurrency limit when evaluating check alert tasks. Includes some further refinements of the task execution types to make actual task execution more type safe.
2025-08-25 19:01:03 +00:00
github-actions[bot]
1e1baa4205
Release HyperDX ( #1090 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-25 00:00:43 -07:00
github-actions[bot]
6d30caf023
Release HyperDX ( #1082 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-19 10:15:56 -07:00
github-actions[bot]
adb05ac723
Release HyperDX ( #1066 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-18 14:54:21 -07:00
Candido Sales Gomes
5a59d32c00
chore: Upgraded NX from version 16.8.1 to 21.3.11 ( #1076 )
...
- ✅ NX Version: 21.3.11 (Local)
- ✅ All existing projects properly recognized: @hyperdx/common-utils, @hyperdx/api, @hyperdx/app
- ✅ All NX commands are working properly
- ✅ Edited the `.vscode/settings.json` adding `editor.tabSize`, `editor.insertSpaces`, `editor.detectIndentation` to keep the format standard for all developers.
- ✅ Updated the `changeset`
## Why? Benefits
- Monorepo optimization - Improved incremental builds when only one package changes
- Enhanced Caching - More granular and intelligent caching mechanisms reduce redundant work
- 20-40% faster build times in CI/CD due to improved caching
- Improved Project Graph - Improved support for modern build tools (ESBuild, SWC, etc.)
- Enhanced visualization and analysis of project dependencies
- Clearer migration guides for future upgrades
- More intuitive commands and better error messages
## Tested
- `npx nx show projects`
- `npx nx graph --dry-run`
- `npx nx run @hyperdx/common-utils:dev --help`
- `bun run app:dev:local`
Lint
```
hyperdx/packages/common-utils && npm run build
npx nx run-many -t ci:lint
```
<img width="1126" height="314" alt="CleanShot 2025-08-17 at 22 47 19@2x" src="https://github.com/user-attachments/assets/e5186e1b-9799-491f-8ee8-25b26bd82a54 " />
## Evidence
<img width="3810" height="1724" alt="CleanShot 2025-07-24 at 21 15 24@2x" src="https://github.com/user-attachments/assets/1f4d316e-de14-4e35-9098-3b33420afc18 " />
2025-08-18 17:16:05 +00:00
github-actions[bot]
345ff7e26f
Release HyperDX ( #1042 )
...
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-08-08 14:07:19 -07:00
