* feat: introduce user_role table
* fix: golint and register migrations
* fix: user types and order of update user
* feat: add migration to drop role column from users table
* fix: raw queries pointing to role column in users table
* chore: remove storable user struct and minor other changes
* chore: remove refs of calling vars as storable users
* chore: user 0th role instead of highest
* chore: address pr comments
* chore: rename userrolestore to user_role_store
* chore: return userroles with user in getter where possible
* chore: move user module as user setter
* chore: arrange getter and setter methods
* fix: nil pointer for update user in integration test due to half payload being passed
* chore: update openapi specs
* fix: nil errors without making frontend changes
* fix: empty array check everywhere for user roles array and minor other changes
* fix: imports
* fix: rebase changes
* chore: renaming functions
* chore: simplified getorcreateuser user setter method and call sites
* fix: golint
* fix: remove redundant authz migration, remove fk enforcement for drop migration
* fix: add new event for user activation
* feat(instrumentation): add OTel exception semantic convention log handler
Add a loghandler.Wrapper that enriches error log records with OpenTelemetry
exception semantic convention attributes (exception.type, exception.code,
exception.message, exception.stacktrace).
- Add errors.Attr() helper for standardized error logging under "exception" key
- Add exception log handler that replaces raw error attrs with structured group
- Wire exception handler into the instrumentation SDK logger chain
- Remove LogValue() from errors.base as the handler now owns structuring
* refactor: replace "error", err with errors.Attr(err) across codebase
Migrate all slog error logging from ad-hoc "error", err key-value pairs
to the standardized errors.Attr(err) helper, enabling the exception log
handler to enrich these logs with OTel semantic convention attributes.
* refactor: enforce attr-only slog style across codebase
Change sloglint from kv-only to attr-only, requiring all slog calls to
use typed attributes (slog.String, slog.Any, etc.) instead of key-value
pairs. Convert all existing kv-style slog calls in non-excluded paths.
* refactor: tighten slog.Any to specific types and standardize error attrs
- Replace slog.Any with slog.String for string values (action, key, where_clause)
- Replace slog.Any with slog.Uint64 for uint64 values (start, end, step, etc.)
- Replace slog.Any("err", err) with errors.Attr(err) in dispatcher and segment analytics
- Replace slog.Any("error", ctx.Err()) with errors.Attr in factory registry
* fix(instrumentation): use Unwrapb message for exception.message
Use the explicit error message (m) from Unwrapb instead of
foundErr.Error(), which resolves to the inner cause's message
for wrapped errors.
* feat(errors): capture stacktrace at error creation time
Store program counters ([]uintptr) in base errors at creation time
using runtime.Callers, inspired by thanos-io/thanos/pkg/errors. The
exception log handler reads the stacktrace from the error instead of
capturing at log time, showing where the error originated.
* fix(instrumentation): apply default log wrappers uniformly in NewLogger
Move correlation, filtering, and exception wrappers into NewLogger so
all call sites (including CLI loggers in cmd/) get them automatically.
* refactor(instrumentation): remove variadic wrappers from NewLogger
NewLogger no longer accepts arbitrary wrappers. The core wrappers
(correlation, filtering, exception) are hardcoded, preventing callers
from accidentally duplicating behavior.
* refactor: migrate remaining "error", <var> to errors.Attr across legacy paths
Replace all remaining "error", <variable> key-value pairs with
errors.Attr(<variable>) in pkg/query-service/ and ee/query-service/
paths that were missed in the initial migration due to non-standard
variable names (res.Err, filterErr, apiErrorObj.Err, etc).
* refactor(instrumentation): use flat exception.* keys instead of nested group
Use flat keys (exception.type, exception.code, exception.message,
exception.stacktrace) instead of a nested slog.Group in the exception
log handler.
* feat: deprecate user invite table
* fix: handle soft deleted users flow
* fix: handle edge cases for authentication and reset password flow
* feat: integration tests with fixes for new flow
* fix: array for grants
* fix: edge cases for reset token and context api
* chore: remove all code related to old invite flow
* fix: openapi specs
* fix: integration tests and minor naming change
* fix: integration tests fmtlint
* feat: improve invitation email template
* fix: role tests
* fix: context api
* fix: openapi frontend
* chore: rename countbyorgid to activecountbyorgid
* fix: a deleted user cannot recycled, creating a new one
* feat: migrate existing invites to user as pending invite status
* fix: error from GetUsersByEmailAndOrgID
* feat: add backward compatibility to existing apis using new invite flow
* chore: change ordering of apis in server
* chore: change ordering of apis in server
* fix: filter active users in role and org id check
* fix: check deleted user in reset password flow
* chore: address some review comments, add back countbyorgid method
* chore: move to bulk inserts for migrating existing invites
* fix: wrap funcs to transactions, and fix openapi specs
* fix: move reset link method to types, also move authz grants outside transation
* fix: transaction issues
* feat: helper method ErrIfDeleted for user
* fix: error code for errifdeleted in user
* fix: soft delete store method
* fix: password authn tests also add old invite flow test
* fix: callbackauthn tests
* fix: remove extra oidc tests
* fix: callback authn tests oidc
* chore: address review comments and optimise bulk invite api
* fix: use db ctx in various places
* fix: fix duplicate email invite issue and add partial invite
* fix: openapi specs
* fix: errifpending
* fix: user status persistence
* fix: edge cases
* chore: add tests for partial index too
* feat: use composite unique index on users table instead of partial one
* chore: move duplicate email check to unmarshaljson and query user again in accept invite
* fix: make 068 migratin idempotent
* chore: remove unused emails var
* chore: add a temp filter to show only active users in frontend until next frontend fix
* chore: remove one check from register flow testing until temp code is removed
* chore: remove commented code from tests
* chore: address frontend review comments
* chore: address frontend review comments
## Summary
- Adds root user support with environment-based provisioning, protection guards, and automatic reconciliation. A root user is a special admin user that is provisioned via configuration (environment variables) rather than the UI, designed for automated/headless deployments.
## Key Features
- Environment-based provisioning: Configure root user via user.root.enabled, user.root.email, user.root.password, and user.root.org_name settings
- Automatic reconciliation: A background service runs on startup that:
- Looks up the organization by configured org_name
- If no matching org exists, creates the organization and root user via CreateFirstUser
- If the org exists, reconciles the root user (creates, promotes existing user, or updates email/password to match config)
- Retries every 10 seconds until successful
- Protection guards: Root users cannot be:
- Updated or deleted through the API
- Invited or have their password changed through the UI
- Authenticated via SSO/SAML (password-only authentication enforced)
- Self-registration disabled: When root user provisioning is enabled, the self-registration endpoint (/register) is blocked to prevent creating duplicate organizations
- Idempotent password sync: On every reconciliation, the root user's password is synced with the configured value — if it differs, it's updated; if it matches, no-op
* feat(authz): remove unnecessary dependency injection for role setter
* feat(authz): deprecate role module
* feat(authz): deprecate role module
* feat(authz): split between server and sql actions
* feat(authz): add bootstrap for managed role transactions
* feat(authz): update and add integration tests
* feat(authz): match names for factory and migration
* feat(authz): fix integration tests
* feat(authz): reduce calls on organisation creeation
* fix(authz): sqlmigration for postgres
* fix(authz): only launch transaction for pg
* fix(authz): fix the sql migration number
* fix(authz): add integration tests for public_dashboard
* fix(authz): added changes for tuples in integration tests
* fix(authz): added changes for tuples in integration tests
* fix(authz): reduce cyclomatic complexity
* feat(authz): base setup for public shareable dashboards
* feat(authz): add support for public masking
* feat(authz): added public path for gettable public dashboard
* feat(authz): checkpoint-1 for widget query to query range conversion
* feat(authz): checkpoint-2 for widget query to query range conversion
* feat(authz): fix widget index issue
* feat(authz): better handling for dashboard json and query
* feat(authz): use the default time range if timerange is disabled
* feat(authz): use the default time range if timerange is disabled
* feat(authz): add authz changes
* feat(authz): integrate role with dashboard anonymous access
* feat(authz): integrate the new middleware
* feat(authz): integrate the new middleware
* feat(authz): add back licensing
* feat(authz): renaming selector callback
* feat(authz): self review
* feat(authz): self review
* feat(authz): change to promql
* feat(authz): openfga sql migration
* feat(authz): formatting and naming
* feat(authz): formatting and naming
* feat(authz): extract function for store and model id
* feat(authz): reorder the provider
## 📄 Summary
- Instead of relying on JWT for session management, we are adding another token system: opaque. This gives the benefits of expiration and revocation.
- We are now ensuring that emails are regex checked throughout the backend.
- Support has been added for OIDC protocol
* feat(telemetry/meter): added base setup for telemetry meter signal
* feat(telemetry/meter): added metadata setup for meter
* feat(telemetry/meter): fix stmnt builder tests
* feat(telemetry/meter): test query range API fixes
* feat(telemetry/meter): improve error messages
* feat(telemetrymeter): step interval improvements
* feat(telemetrymeter): metadata changes and aggregate attribute changes
* feat(telemetrymeter): metadata changes and aggregate attribute changes
* feat(telemetrymeter): deprecate the signal and use aggregation instead
* feat(telemetrymeter): deprecate the signal and use aggregation instead
* feat(telemetrymeter): deprecate the signal and use aggregation instead
* feat(telemetrymeter): cleanup the types
* feat(telemetrymeter): introduce source for query
* feat(telemetrymeter): better naming for source in metadata
* feat(telemetrymeter): added quick filters for meter explorer
* feat(telemetrymeter): incorporate the new changes to stmnt builder
* feat(telemetrymeter): add the statement builder for the ranged cache queries
* feat(telemetrymeter): use meter aggregate keys
* feat(telemetrymeter): use meter aggregate keys
* feat(telemetrymeter): remove meter from complete bools
* feat(telemetrymeter): remove meter from complete bools
* feat(telemetrymeter): update the quick filters to use meter
## 📄 Summary
To reliably migrate the alerts and dashboards, we need access to the telemetrystore to fetch some metadata and while doing migration, I need to log some stuff to fix stuff later.
Key changes:
- Modified the migration to include telemetrystore and a logging provider (open to using a standard logger instead)
- To avoid the previous issues with imported dashboards failing during migration, I've ensured that imported JSON files are automatically transformed when migration is active
- Implemented detailed logic to handle dashboard migration cleanly and prevent unnecessary errors
- Separated the core migration logic from SQL migration code, as users from the dot metrics migration requested shareable code snippets for local migrations. This modular approach allows others to easily reuse the migration functionality.
Known: I didn't register the migration yet in this PR, and will not merge this yet, so please review with that in mid.
* fix: updated the service name in exceptions filter
* fix: updated the service name in exceptions filter
* fix: updated the service name in exceptions filter
* chore(linter): add more linters and deprecate zap
* chore(linter): add more linters and deprecate zap
* chore(linter): add more linters and deprecate zap
* chore(linter): add more linters and deprecate zap
* fix: changed the keys in the default quick filters to actual keys in the v3.attributekeys
* fix: changed the keys in the default quick filters to actual keys in the v3.attributekeys
* fix: changed the keys in the default quick filters to actual keys in the v3.attributekeys
* fix: changed the keys in the default quick filters to actual keys in the v3.attributekeys
* fix: changed the keys in the default quick filters to actual keys in the v3.attributekeys
* feat: quick_filter_fix
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added support for custom quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat: added changes related to custom options for quick filters
* feat(organization): add hname and alias for organization
* fix: boolean values are not shown in the list panel's column
* fix: moved logic to component level
* fix: added type
* fix: added test cases
* fix: added test cases
* chore: update copy webpack plugin
* Revert "fix: display same key with multiple data types in filter suggestions by enhancing the deduping logic (#7255)"
This reverts commit 1e85981a17.
* fix: use query search v2 for traces data source to handle multiple data types for the same key
* fix(QueryBuilderSearchV2): add user typed option if it doesn't exist in the payload
* fix(QueryBuilderSearchV2): increase the height of search dropdown for non-logs data sources
* fix: display span scope selector for trace data source
* chore: remove the span scope selector from qb search v1 and move the component to search v2
* fix: write test to ensure that we display span scope selector for traces data source
* fix: limit converting -> only to log data source
* fix: don't display empty suggestion if only spaces are typed
* chore: tests for span scope selector
* chore: qb search flow (key, operator, value) test cases
* refactor: fix the Maximum update depth reached issue while running tests
* chore: overall improvements to span scope selector tests
Resource attr filter: style fix and quick filter changes (#7691)
* chore: resource attr filter init
* chore: resource attr filter api integration
* chore: operator config updated
* chore: fliter show hide logic and styles
* chore: add support for custom operator list to qb
* chore: minor refactor
* chore: minor code refactor
* test: quick filters test suite added
* test: quick filters test suite added
* test: all errors test suite added
* chore: style fix
* test: all errors mock fix
* chore: test case fix and mixpanel update
* chore: color update
* chore: minor refactor
* chore: style fix
* chore: set default query in exceptions tab
* chore: style fix
* chore: minor refactor
* chore: minor refactor
* chore: minor refactor
* chore: test update
* chore: fix filter header with no query name
* fix: scroll fix
* chore: add data source traces to quick filters
* chore: replace div with fragment
---------
Co-authored-by: Aditya Singh <adityasingh@Adityas-MacBook-Pro.local>
fix: handle rate operators for table panel (#7695)
* fix: handle rate operators for table panel
chore: fix error rate (#7701)
Signed-off-by: Shivanshu Raj Shrivastava <shivanshu1333@gmail.com>
* feat(organization): minor cleanups
* feat(organization): better naming for api and usecase
* feat(organization): better packaging for modules
* feat(organization): change hname to displayName
* feat(organization): update the migration to use dialect
* feat(organization): update the migration to use dialect
* feat(organization): update the migration to use dialect
* feat(organization): revert back to impl
* feat(organization): remove DI from organization
* feat(organization): address review comments
* feat(organization): address review comments
* feat(organization): address review comments
---------
Signed-off-by: Shivanshu Raj Shrivastava <shivanshu1333@gmail.com>
* feat(ruler): base setup for rules and planned maintenance tables
* feat(ruler): more changes for making ruler org aware
* feat(ruler): fix lint
* feat(ruler): update the edit planned maintenance function
* feat(ruler): local testing edits for planned maintenance
* feat(ruler): abstract store and types from rules pkg
* feat(ruler): abstract store and types from rules pkg
* feat(ruler): abstract out store and add migration
* feat(ruler): frontend changes and review comments
* feat(ruler): add back compareAndSelectConfig
* feat(ruler): changes for alertmanager matchers
* feat(ruler): addressed review comments
* feat(ruler): remove the cascade operations from rules table
* feat(ruler): update the template for alertmanager
* feat(ruler): implement the rule history changes
* feat(ruler): implement the rule history changes
* feat(ruler): implement the rule history changes
---------
Co-authored-by: Vibhu Pandey <vibhupandey28@gmail.com>
* chore: multitenancy in integrations
* chore: multitenancy in cloud integration accounts
* chore: changes to cloudintegrationservice
* chore: rename migration
* chore: update scan function
* chore: update scan function
* chore: fix migration
* chore: fix struct
* chore: remove unwanted code
* chore: update scan function
* chore: migrate user and pat for integrations
* fix: changes to the user for integrations
* fix: address comments
* fix: copy created_at
* fix: update non revoked token
* chore: don't allow deleting pat and user for integrations
* fix: address comments
* chore: address comments
* chore: add checks for fk in dialect
* fix: service migration
* fix: don't update user if user is already migrated
* fix: update correct service config
* fix: remove unwanted code
* fix: remove migration for multiple same services which is not required
* fix: fix migration and disable disaboard if metrics disabled
* fix: don't use ee types
---------
Co-authored-by: Vikrant Gupta <vikrant@signoz.io>
