* feat: adding cloud integration type for refactor
* refactor: store interfaces to use local types and error
* feat: adding sql store implementation
* refactor: removing interface check
* feat: adding updated types for cloud integration
* refactor: using struct for map
* refactor: update cloud integration types and module interface
* fix: correct GetService signature and remove shadowed Data field
* feat: implement cloud integration store
* refactor: adding comments and removed wrong code
* refactor: streamlining types
* refactor: add comments for backward compatibility in PostableAgentCheckInRequest
* refactor: update Dashboard struct comments and remove unused fields
* refactor: split upsert store method
* feat: adding integration test
* refactor: clean up types
* refactor: renaming service type to service id
* refactor: using serviceID type
* feat: adding method for service id creation
* refactor: updating store methods
* refactor: clean up
* refactor: clean up
* refactor: review comments
* refactor: clean up
* fix: update error code for service not found
* refactor: returning error only for create methods
* refactor: method chaining formatting
* feat: introduce user_role table
* fix: golint and register migrations
* fix: user types and order of update user
* feat: add migration to drop role column from users table
* fix: raw queries pointing to role column in users table
* chore: remove storable user struct and minor other changes
* chore: remove refs of calling vars as storable users
* chore: user 0th role instead of highest
* chore: address pr comments
* chore: rename userrolestore to user_role_store
* chore: return userroles with user in getter where possible
* chore: move user module as user setter
* chore: arrange getter and setter methods
* fix: nil pointer for update user in integration test due to half payload being passed
* chore: update openapi specs
* fix: nil errors without making frontend changes
* fix: empty array check everywhere for user roles array and minor other changes
* fix: imports
* fix: rebase changes
* chore: renaming functions
* chore: simplified getorcreateuser user setter method and call sites
* fix: golint
* fix: remove redundant authz migration, remove fk enforcement for drop migration
* fix: add new event for user activation
* feat(instrumentation): add OTel exception semantic convention log handler
Add a loghandler.Wrapper that enriches error log records with OpenTelemetry
exception semantic convention attributes (exception.type, exception.code,
exception.message, exception.stacktrace).
- Add errors.Attr() helper for standardized error logging under "exception" key
- Add exception log handler that replaces raw error attrs with structured group
- Wire exception handler into the instrumentation SDK logger chain
- Remove LogValue() from errors.base as the handler now owns structuring
* refactor: replace "error", err with errors.Attr(err) across codebase
Migrate all slog error logging from ad-hoc "error", err key-value pairs
to the standardized errors.Attr(err) helper, enabling the exception log
handler to enrich these logs with OTel semantic convention attributes.
* refactor: enforce attr-only slog style across codebase
Change sloglint from kv-only to attr-only, requiring all slog calls to
use typed attributes (slog.String, slog.Any, etc.) instead of key-value
pairs. Convert all existing kv-style slog calls in non-excluded paths.
* refactor: tighten slog.Any to specific types and standardize error attrs
- Replace slog.Any with slog.String for string values (action, key, where_clause)
- Replace slog.Any with slog.Uint64 for uint64 values (start, end, step, etc.)
- Replace slog.Any("err", err) with errors.Attr(err) in dispatcher and segment analytics
- Replace slog.Any("error", ctx.Err()) with errors.Attr in factory registry
* fix(instrumentation): use Unwrapb message for exception.message
Use the explicit error message (m) from Unwrapb instead of
foundErr.Error(), which resolves to the inner cause's message
for wrapped errors.
* feat(errors): capture stacktrace at error creation time
Store program counters ([]uintptr) in base errors at creation time
using runtime.Callers, inspired by thanos-io/thanos/pkg/errors. The
exception log handler reads the stacktrace from the error instead of
capturing at log time, showing where the error originated.
* fix(instrumentation): apply default log wrappers uniformly in NewLogger
Move correlation, filtering, and exception wrappers into NewLogger so
all call sites (including CLI loggers in cmd/) get them automatically.
* refactor(instrumentation): remove variadic wrappers from NewLogger
NewLogger no longer accepts arbitrary wrappers. The core wrappers
(correlation, filtering, exception) are hardcoded, preventing callers
from accidentally duplicating behavior.
* refactor: migrate remaining "error", <var> to errors.Attr across legacy paths
Replace all remaining "error", <variable> key-value pairs with
errors.Attr(<variable>) in pkg/query-service/ and ee/query-service/
paths that were missed in the initial migration due to non-standard
variable names (res.Err, filterErr, apiErrorObj.Err, etc).
* refactor(instrumentation): use flat exception.* keys instead of nested group
Use flat keys (exception.type, exception.code, exception.message,
exception.stacktrace) instead of a nested slog.Group in the exception
log handler.
* chore: deprecate old user invite apis
* chore: add back validation for pending user in list user apis for integration tests
* fix: allow pending user to be updated
* feat: updated members page with new status response and remove invite endpoint api (#10624)
* feat: updated members page with new status response and remove invite endpoint api
* feat: removed deprecated invite endpoint apis
* feat: delete orphaned type files
* feat: changed text for copy, cancel and ingeneral messaging for invited users
* feat: test case and pagination fix
* feat: feedback, refactor and test mock update
* feat: updated the confirmation dialog description as now the we cant permanently delete the member
* feat: refactored the member status mapping
* feat: used the open api spec hooks in editmember and updated the test cases
* feat: added error handling
---------
Co-authored-by: SagarRajput-7 <162284829+SagarRajput-7@users.noreply.github.com>
Co-authored-by: SagarRajput-7 <sagar@signoz.io>
* feat: adding cloud integration type for refactor
* refactor: store interfaces to use local types and error
* feat: adding updated types for cloud integration
* refactor: using struct for map
* refactor: update cloud integration types and module interface
* fix: correct GetService signature and remove shadowed Data field
* refactor: adding comments and removed wrong code
* refactor: streamlining types
* refactor: add comments for backward compatibility in PostableAgentCheckInRequest
* refactor: update Dashboard struct comments and remove unused fields
* refactor: clean up types
* refactor: renaming service type to service id
* refactor: using serviceID type
* feat: adding method for service id creation
* refactor: updating store methods
* refactor: clean up
* refactor: review comments
* fix(user): increase expiry for reset password token for invites
* fix(user): increase expiry for reset password token for invites
* fix(user): increase expiry for reset password token for invites
* fix(user): increase expiry for reset password token for invites
* feat: deprecate user invite table
* fix: handle soft deleted users flow
* fix: handle edge cases for authentication and reset password flow
* feat: integration tests with fixes for new flow
* fix: array for grants
* fix: edge cases for reset token and context api
* chore: remove all code related to old invite flow
* fix: openapi specs
* fix: integration tests and minor naming change
* fix: integration tests fmtlint
* feat: improve invitation email template
* fix: role tests
* fix: context api
* fix: openapi frontend
* chore: rename countbyorgid to activecountbyorgid
* fix: a deleted user cannot recycled, creating a new one
* feat: migrate existing invites to user as pending invite status
* fix: error from GetUsersByEmailAndOrgID
* feat: add backward compatibility to existing apis using new invite flow
* chore: change ordering of apis in server
* chore: change ordering of apis in server
* fix: filter active users in role and org id check
* fix: check deleted user in reset password flow
* chore: address some review comments, add back countbyorgid method
* chore: move to bulk inserts for migrating existing invites
* fix: wrap funcs to transactions, and fix openapi specs
* fix: move reset link method to types, also move authz grants outside transation
* fix: transaction issues
* feat: helper method ErrIfDeleted for user
* fix: error code for errifdeleted in user
* fix: soft delete store method
* fix: password authn tests also add old invite flow test
* fix: callbackauthn tests
* fix: remove extra oidc tests
* fix: callback authn tests oidc
* chore: address review comments and optimise bulk invite api
* fix: use db ctx in various places
* fix: fix duplicate email invite issue and add partial invite
* fix: openapi specs
* fix: errifpending
* fix: user status persistence
* fix: edge cases
* chore: add tests for partial index too
* feat: use composite unique index on users table instead of partial one
* chore: move duplicate email check to unmarshaljson and query user again in accept invite
* fix: make 068 migratin idempotent
* chore: remove unused emails var
* chore: add a temp filter to show only active users in frontend until next frontend fix
* chore: remove one check from register flow testing until temp code is removed
* chore: remove commented code from tests
* chore: address frontend review comments
* chore: address frontend review comments
* fix: add missing filtering for ip address for scalar data
In domain listing api for external api monitoring,
we have option to filter out the IP address but
it only handles timeseries and raw type data while
domain list handler returns scalar data.
* fix: switch to new derived attributes for ip filtering
---------
Co-authored-by: Nityananda Gohain <nityanandagohain@gmail.com>
* fix: fix incosistent use of http attribute in ext. api
HTTP attributes like http.url, url.full along with server.name and net.peer.name
were used inconsitantly leading to bugs in aggregation query and they were
expensive to query as well since these attr are stored as json instead of
direct columns. Using columns like http_url optimises these queries since
it gets populated using all relevant attributes during ingestion itself.
* fix: switch to using http_host instead of external_http_url
external_http_url stores the hostname but the name
is confusing, so switching to http_host
* fix: use constants defined where possible
* fix: fix old attribute usage in tests
## Summary
- Adds root user support with environment-based provisioning, protection guards, and automatic reconciliation. A root user is a special admin user that is provisioned via configuration (environment variables) rather than the UI, designed for automated/headless deployments.
## Key Features
- Environment-based provisioning: Configure root user via user.root.enabled, user.root.email, user.root.password, and user.root.org_name settings
- Automatic reconciliation: A background service runs on startup that:
- Looks up the organization by configured org_name
- If no matching org exists, creates the organization and root user via CreateFirstUser
- If the org exists, reconciles the root user (creates, promotes existing user, or updates email/password to match config)
- Retries every 10 seconds until successful
- Protection guards: Root users cannot be:
- Updated or deleted through the API
- Invited or have their password changed through the UI
- Authenticated via SSO/SAML (password-only authentication enforced)
- Self-registration disabled: When root user provisioning is enabled, the self-registration endpoint (/register) is blocked to prevent creating duplicate organizations
- Idempotent password sync: On every reconciliation, the root user's password is synced with the configured value — if it differs, it's updated; if it matches, no-op
* feat(authz): remove unnecessary dependency injection for role setter
* feat(authz): deprecate role module
* feat(authz): deprecate role module
* feat(authz): split between server and sql actions
* feat(authz): add bootstrap for managed role transactions
* feat(authz): update and add integration tests
* feat(authz): match names for factory and migration
* feat(authz): fix integration tests
* feat(authz): reduce calls on organisation creeation
* fix: make size and count included in json if zero
* fix: make forgot password api fields required
* fix: openapi spec
* fix: error message casing for frontend
* chore: fix openapi spec
* fix: openapi specs
* feat(authz): initial commit for migrating rbac to openfga
* feat(authz): make the role updates idempotant
* feat(authz): split role module into role and grant
* feat(authz): some naming changes
* feat(authz): integrate the grant module
* feat(authz): add support for migrating existing user role
* feat(authz): add support for migrating existing user role
* feat(authz): figure out the * selector
* feat(authz): merge main
* feat(authz): merge main
* feat(authz): address couple of todos
* feat(authz): address couple of todos
* feat(authz): fix tests and revert public dashboard change
* feat(authz): fix tests and revert public dashboard change
* feat(authz): add open api spec
* feat(authz): add open api spec
* feat(authz): add api key changes and missing migration
* feat(authz): split role into getter and setter
* feat(authz): add integration tests for authz register
* feat(authz): add more tests for user invite and delete
* feat(authz): update user tests
* feat(authz): rename grant to granter
* feat(authz): address review comments
* feat(authz): address review comments
* feat(authz): address review comments
* feat(authz): add the migration for existing roles
* feat(authz): go mod tidy
* feat(authz): fix integration tests
* feat(authz): handle community changes
* feat(authz): handle community changes
* feat(authz): role selectors for open claims
* feat(authz): role selectors for open claims
* feat(authz): prevent duplicate entries for changelog
* feat(authz): scafolding for rbac migration
* feat(authz): scafolding for rbac migration
* feat(authz): scafolding for rbac migration
* feat(authz): scafolding for rbac migration
* feat(authz): scafolding for rbac migration
* feat(dashboard): add public dashboard APIs to open-api spec
* feat(dashboard): split the ee and pkg modules
* feat(dashboard): commit open api spec
* feat(dashboard): fix signoz module test
* feat(dashboard): add license checks
* feat(dashboard): merge main
* feat(dashboard): add anonymous scheme
