chore(deps): bump cryptography in /tests/integration

Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
feat(audit): enterprise auditor with licensing gate and OTLP HTTP export (#10776 )
2026-03-31 17:40:25 +01:00 · 2026-03-31 13:48:43 +00:00 · 2026-03-31 13:37:20 +00:00 · 2026-03-31 11:07:42 +00:00 · 2026-03-31 10:56:09 +00:00
15 changed files with 2458 additions and 155 deletions
--- a/ee/auditor/otlphttpauditor/export.go
+++ b/ee/auditor/otlphttpauditor/export.go
@@ -0,0 +1,143 @@
+package otlphttpauditor
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"log/slog"
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/auditor"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types/audittypes"
+	collogspb "go.opentelemetry.io/proto/otlp/collector/logs/v1"
+	"google.golang.org/protobuf/proto"
+
+	spb "google.golang.org/genproto/googleapis/rpc/status"
+)
+
+const (
+	maxHTTPResponseReadBytes int64  = 64 * 1024
+	protobufContentType      string = "application/x-protobuf"
+)
+
+func (provider *provider) export(ctx context.Context, events []audittypes.AuditEvent) error {
+	logs := audittypes.NewPLogsFromAuditEvents(events, "signoz", provider.build.Version(), "signoz.audit")
+
+	request, err := provider.marshaler.MarshalLogs(logs)
+	if err != nil {
+		return errors.Wrapf(err, errors.TypeInternal, auditor.ErrCodeAuditExportFailed, "failed to marshal audit logs")
+	}
+
+	if err := provider.send(ctx, request); err != nil {
+		provider.settings.Logger().ErrorContext(ctx, "audit export failed", errors.Attr(err), slog.Int("dropped_log_records", len(events)))
+		return err
+	}
+
+	return nil
+}
+
+// Posts a protobuf-encoded OTLP request to the configured endpoint.
+// Retries are handled by the underlying heimdall HTTP client.
+// Ref: https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/otlphttpexporter/otlp.go
+func (provider *provider) send(ctx context.Context, body []byte) error {
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, provider.config.OTLPHTTP.Endpoint.String(), bytes.NewReader(body))
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Content-Type", protobufContentType)
+
+	res, err := provider.httpClient.Do(req)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		_, _ = io.CopyN(io.Discard, res.Body, maxHTTPResponseReadBytes)
+		res.Body.Close()
+	}()
+
+	if res.StatusCode >= 200 && res.StatusCode <= 299 {
+		provider.onSuccess(ctx, res)
+		return nil
+	}
+
+	return provider.onErr(res)
+}
+
+// Ref: https://github.com/open-telemetry/opentelemetry-collector/blob/01b07fcbb7a253bd996c290dcae6166e71d13732/exporter/otlphttpexporter/otlp.go#L403.
+func (provider *provider) onSuccess(ctx context.Context, res *http.Response) {
+	resBytes, err := readResponseBody(res)
+	if err != nil || resBytes == nil {
+		return
+	}
+
+	exportResponse := &collogspb.ExportLogsServiceResponse{}
+	if err := proto.Unmarshal(resBytes, exportResponse); err != nil {
+		return
+	}
+
+	ps := exportResponse.GetPartialSuccess()
+	if ps == nil {
+		return
+	}
+
+	if ps.GetErrorMessage() != "" || ps.GetRejectedLogRecords() != 0 {
+		provider.settings.Logger().WarnContext(ctx, "partial success response", slog.String("message", ps.GetErrorMessage()), slog.Int64("dropped_log_records", ps.GetRejectedLogRecords()))
+	}
+}
+
+func (provider *provider) onErr(res *http.Response) error {
+	status := readResponseStatus(res)
+
+	if status != nil {
+		return errors.Newf(errors.TypeInternal, auditor.ErrCodeAuditExportFailed, "request to %s responded with status code %d, Message=%s, Details=%v", provider.config.OTLPHTTP.Endpoint.String(), res.StatusCode, status.Message, status.Details)
+	}
+
+	return errors.Newf(errors.TypeInternal, auditor.ErrCodeAuditExportFailed, "request to %s responded with status code %d", provider.config.OTLPHTTP.Endpoint.String(), res.StatusCode)
+}
+
+// Reads at most maxHTTPResponseReadBytes from the response body.
+// Ref: https://github.com/open-telemetry/opentelemetry-collector/blob/01b07fcbb7a253bd996c290dcae6166e71d13732/exporter/otlphttpexporter/otlp.go#L275.
+func readResponseBody(resp *http.Response) ([]byte, error) {
+	if resp.ContentLength == 0 {
+		return nil, nil
+	}
+
+	maxRead := resp.ContentLength
+	if maxRead == -1 || maxRead > maxHTTPResponseReadBytes {
+		maxRead = maxHTTPResponseReadBytes
+	}
+
+	protoBytes := make([]byte, maxRead)
+	n, err := io.ReadFull(resp.Body, protoBytes)
+	if n == 0 && (err == nil || errors.Is(err, io.EOF)) {
+		return nil, nil
+	}
+	if err != nil && !errors.Is(err, io.ErrUnexpectedEOF) {
+		return nil, err
+	}
+
+	return protoBytes[:n], nil
+}
+
+// Decodes a protobuf-encoded Status from 4xx/5xx response bodies. Returns nil if the response is empty or cannot be decoded.
+// Ref: https://github.com/open-telemetry/opentelemetry-collector/blob/01b07fcbb7a253bd996c290dcae6166e71d13732/exporter/otlphttpexporter/otlp.go#L310.
+func readResponseStatus(resp *http.Response) *spb.Status {
+	if resp.StatusCode < 400 || resp.StatusCode > 599 {
+		return nil
+	}
+
+	respBytes, err := readResponseBody(resp)
+	if err != nil || respBytes == nil {
+		return nil
+	}
+
+	respStatus := &spb.Status{}
+	if err := proto.Unmarshal(respBytes, respStatus); err != nil {
+		return nil
+	}
+
+	return respStatus
+}
--- a/ee/auditor/otlphttpauditor/provider.go
+++ b/ee/auditor/otlphttpauditor/provider.go
@@ -0,0 +1,97 @@
+package otlphttpauditor
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/auditor"
+	"github.com/SigNoz/signoz/pkg/auditor/auditorserver"
+	"github.com/SigNoz/signoz/pkg/factory"
+	client "github.com/SigNoz/signoz/pkg/http/client"
+	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/types/audittypes"
+	"github.com/SigNoz/signoz/pkg/version"
+	"go.opentelemetry.io/collector/pdata/plog"
+)
+
+var _ auditor.Auditor = (*provider)(nil)
+
+type provider struct {
+	settings   factory.ScopedProviderSettings
+	config     auditor.Config
+	licensing  licensing.Licensing
+	build      version.Build
+	server     *auditorserver.Server
+	marshaler  plog.ProtoMarshaler
+	httpClient *client.Client
+}
+
+func NewFactory(licensing licensing.Licensing, build version.Build) factory.ProviderFactory[auditor.Auditor, auditor.Config] {
+	return factory.NewProviderFactory(factory.MustNewName("otlphttp"), func(ctx context.Context, providerSettings factory.ProviderSettings, config auditor.Config) (auditor.Auditor, error) {
+		return newProvider(ctx, providerSettings, config, licensing, build)
+	})
+}
+
+func newProvider(_ context.Context, providerSettings factory.ProviderSettings, config auditor.Config, licensing licensing.Licensing, build version.Build) (auditor.Auditor, error) {
+	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/ee/auditor/otlphttpauditor")
+
+	httpClient, err := client.New(
+		settings.Logger(),
+		providerSettings.TracerProvider,
+		providerSettings.MeterProvider,
+		client.WithTimeout(config.OTLPHTTP.Timeout),
+		client.WithRetryCount(retryCountFromConfig(config.OTLPHTTP.Retry)),
+		retrierOption(config.OTLPHTTP.Retry),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	provider := &provider{
+		settings:   settings,
+		config:     config,
+		licensing:  licensing,
+		build:      build,
+		marshaler:  plog.ProtoMarshaler{},
+		httpClient: httpClient,
+	}
+
+	server, err := auditorserver.New(settings,
+		auditorserver.Config{
+			BufferSize:    config.BufferSize,
+			BatchSize:     config.BatchSize,
+			FlushInterval: config.FlushInterval,
+		},
+		provider.export,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	provider.server = server
+	return provider, nil
+}
+
+func (provider *provider) Start(ctx context.Context) error {
+	return provider.server.Start(ctx)
+}
+
+func (provider *provider) Audit(ctx context.Context, event audittypes.AuditEvent) {
+	if event.PrincipalOrgID.IsZero() {
+		provider.settings.Logger().WarnContext(ctx, "audit event dropped as org_id is zero")
+		return
+	}
+
+	if _, err := provider.licensing.GetActive(ctx, event.PrincipalOrgID); err != nil {
+		return
+	}
+
+	provider.server.Add(ctx, event)
+}
+
+func (provider *provider) Healthy() <-chan struct{} {
+	return provider.server.Healthy()
+}
+
+func (provider *provider) Stop(ctx context.Context) error {
+	return provider.server.Stop(ctx)
+}
--- a/ee/auditor/otlphttpauditor/retrier.go
+++ b/ee/auditor/otlphttpauditor/retrier.go
@@ -0,0 +1,52 @@
+package otlphttpauditor
+
+import (
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/auditor"
+	client "github.com/SigNoz/signoz/pkg/http/client"
+)
+
+// retrier implements client.Retriable with exponential backoff
+// derived from auditor.RetryConfig.
+type retrier struct {
+	initialInterval time.Duration
+	maxInterval     time.Duration
+}
+
+func newRetrier(cfg auditor.RetryConfig) *retrier {
+	return &retrier{
+		initialInterval: cfg.InitialInterval,
+		maxInterval:     cfg.MaxInterval,
+	}
+}
+
+// NextInterval returns the backoff duration for the given retry attempt.
+// Uses exponential backoff: initialInterval * 2^retry, capped at maxInterval.
+func (r *retrier) NextInterval(retry int) time.Duration {
+	interval := r.initialInterval
+	for range retry {
+		interval *= 2
+	}
+	return min(interval, r.maxInterval)
+}
+
+func retrierOption(cfg auditor.RetryConfig) client.Option {
+	return client.WithRetriable(newRetrier(cfg))
+}
+
+func retryCountFromConfig(cfg auditor.RetryConfig) int {
+	if !cfg.Enabled || cfg.MaxElapsedTime <= 0 {
+		return 0
+	}
+
+	count := 0
+	elapsed := time.Duration(0)
+	interval := cfg.InitialInterval
+	for elapsed < cfg.MaxElapsedTime {
+		elapsed += interval
+		interval = min(interval*2, cfg.MaxInterval)
+		count++
+	}
+	return count
+}
--- a/frontend/src/AppRoutes/Private.tsx
+++ b/frontend/src/AppRoutes/Private.tsx
@@ -101,6 +101,22 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 					preference.name === ORG_PREFERENCES.ORG_ONBOARDING,
 			)?.value;

+			// Don't redirect to onboarding if workspace has issues (blocked, suspended, or restricted)
+			// User needs access to settings/billing to fix payment issues
+			const isWorkspaceBlocked = trialInfo?.workSpaceBlock;
+			const isWorkspaceSuspended = activeLicense?.state === LicenseState.DEFAULTED;
+			const isWorkspaceAccessRestricted =
+				activeLicense?.state === LicenseState.TERMINATED ||
+				activeLicense?.state === LicenseState.EXPIRED ||
+				activeLicense?.state === LicenseState.CANCELLED;
+
+			const hasWorkspaceIssue =
+				isWorkspaceBlocked || isWorkspaceSuspended || isWorkspaceAccessRestricted;
+
+			if (hasWorkspaceIssue) {
+				return;
+			}
+
 			const isFirstUser = checkFirstTimeUser();
 			if (
 				isFirstUser &&
@@ -119,40 +135,36 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 		orgPreferences,
 		usersData,
 		pathname,
+		trialInfo?.workSpaceBlock,
+		activeLicense?.state,
 	]);

-	const navigateToWorkSpaceBlocked = (route: any): void => {
-		const { path } = route;
-
+	const navigateToWorkSpaceBlocked = useCallback((): void => {
 		const isRouteEnabledForWorkspaceBlockedState =
 			isAdmin &&
-			(path === ROUTES.SETTINGS ||
-				path === ROUTES.ORG_SETTINGS ||
-				path === ROUTES.MEMBERS_SETTINGS ||
-				path === ROUTES.BILLING ||
-				path === ROUTES.MY_SETTINGS);
+			(pathname === ROUTES.SETTINGS ||
+				pathname === ROUTES.ORG_SETTINGS ||
+				pathname === ROUTES.MEMBERS_SETTINGS ||
+				pathname === ROUTES.BILLING ||
+				pathname === ROUTES.MY_SETTINGS);

 		if (
-			path &&
-			path !== ROUTES.WORKSPACE_LOCKED &&
+			pathname &&
+			pathname !== ROUTES.WORKSPACE_LOCKED &&
 			!isRouteEnabledForWorkspaceBlockedState
 		) {
 			history.push(ROUTES.WORKSPACE_LOCKED);
 		}
-	};
+	}, [isAdmin, pathname]);

-	const navigateToWorkSpaceAccessRestricted = (route: any): void => {
-		const { path } = route;
-
-		if (path && path !== ROUTES.WORKSPACE_ACCESS_RESTRICTED) {
+	const navigateToWorkSpaceAccessRestricted = useCallback((): void => {
+		if (pathname && pathname !== ROUTES.WORKSPACE_ACCESS_RESTRICTED) {
 			history.push(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
 		}
-	};
+	}, [pathname]);

 	useEffect(() => {
 		if (!isFetchingActiveLicense && activeLicense) {
-			const currentRoute = mapRoutes.get('current');
-
 			const isTerminated = activeLicense.state === LicenseState.TERMINATED;
 			const isExpired = activeLicense.state === LicenseState.EXPIRED;
 			const isCancelled = activeLicense.state === LicenseState.CANCELLED;
@@ -161,61 +173,53 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {

 			const { platform } = activeLicense;

-			if (
-				isWorkspaceAccessRestricted &&
-				platform === LicensePlatform.CLOUD &&
-				currentRoute
-			) {
-				navigateToWorkSpaceAccessRestricted(currentRoute);
+			if (isWorkspaceAccessRestricted && platform === LicensePlatform.CLOUD) {
+				navigateToWorkSpaceAccessRestricted();
 			}
 		}
-	}, [isFetchingActiveLicense, activeLicense, mapRoutes, pathname]);
+	}, [
+		isFetchingActiveLicense,
+		activeLicense,
+		navigateToWorkSpaceAccessRestricted,
+	]);

 	useEffect(() => {
 		if (!isFetchingActiveLicense) {
-			const currentRoute = mapRoutes.get('current');
 			const shouldBlockWorkspace = trialInfo?.workSpaceBlock;

 			if (
 				shouldBlockWorkspace &&
-				currentRoute &&
 				activeLicense?.platform === LicensePlatform.CLOUD
 			) {
-				navigateToWorkSpaceBlocked(currentRoute);
+				navigateToWorkSpaceBlocked();
 			}
 		}
-		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, [
 		isFetchingActiveLicense,
 		trialInfo?.workSpaceBlock,
 		activeLicense?.platform,
-		mapRoutes,
-		pathname,
+		navigateToWorkSpaceBlocked,
 	]);

-	const navigateToWorkSpaceSuspended = (route: any): void => {
-		const { path } = route;
-
-		if (path && path !== ROUTES.WORKSPACE_SUSPENDED) {
+	const navigateToWorkSpaceSuspended = useCallback((): void => {
+		if (pathname && pathname !== ROUTES.WORKSPACE_SUSPENDED) {
 			history.push(ROUTES.WORKSPACE_SUSPENDED);
 		}
-	};
+	}, [pathname]);

 	useEffect(() => {
 		if (!isFetchingActiveLicense && activeLicense) {
-			const currentRoute = mapRoutes.get('current');
 			const shouldSuspendWorkspace =
 				activeLicense.state === LicenseState.DEFAULTED;

 			if (
 				shouldSuspendWorkspace &&
-				currentRoute &&
 				activeLicense.platform === LicensePlatform.CLOUD
 			) {
-				navigateToWorkSpaceSuspended(currentRoute);
+				navigateToWorkSpaceSuspended();
 			}
 		}
-	}, [isFetchingActiveLicense, activeLicense, mapRoutes, pathname]);
+	}, [isFetchingActiveLicense, activeLicense, navigateToWorkSpaceSuspended]);

 	useEffect(() => {
 		if (org && org.length > 0 && org[0].id !== undefined) {
--- a/frontend/src/AppRoutes/tests/Private.test.tsx
+++ b/frontend/src/AppRoutes/tests/Private.test.tsx
--- a/frontend/src/container/InfraMonitoringK8s/Volumes/K8sVolumesList.tsx
+++ b/frontend/src/container/InfraMonitoringK8s/Volumes/K8sVolumesList.tsx
@@ -48,6 +48,8 @@ import {
 	formatDataForTable,
 	getK8sVolumesListColumns,
 	getK8sVolumesListQuery,
+	getVolumeListGroupedByRowDataQueryKey,
+	getVolumesListQueryKey,
 	K8sVolumesRowData,
 } from './utils';
 import VolumeDetails from './VolumeDetails';
@@ -167,6 +169,26 @@ function K8sVolumesList({
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, [minTime, maxTime, orderBy, selectedRowData, groupBy]);

+	const groupedByRowDataQueryKey = useMemo(
+		() =>
+			getVolumeListGroupedByRowDataQueryKey(
+				selectedRowData?.groupedByMeta,
+				queryFilters,
+				orderBy,
+				groupBy,
+				minTime,
+				maxTime,
+			),
+		[
+			selectedRowData?.groupedByMeta,
+			queryFilters,
+			orderBy,
+			groupBy,
+			minTime,
+			maxTime,
+		],
+	);
+
 	const {
 		data: groupedByRowData,
 		isFetching: isFetchingGroupedByRowData,
@@ -176,7 +198,7 @@ function K8sVolumesList({
 	} = useGetK8sVolumesList(
 		fetchGroupedByRowDataQuery as K8sVolumesListPayload,
 		{
-			queryKey: ['volumeList', fetchGroupedByRowDataQuery],
+			queryKey: groupedByRowDataQueryKey,
 			enabled: !!fetchGroupedByRowDataQuery && !!selectedRowData,
 		},
 		undefined,
@@ -221,6 +243,28 @@ function K8sVolumesList({
 		return queryPayload;
 	}, [pageSize, currentPage, queryFilters, minTime, maxTime, orderBy, groupBy]);

+	const volumesListQueryKey = useMemo(() => {
+		return getVolumesListQueryKey(
+			selectedVolumeUID,
+			pageSize,
+			currentPage,
+			queryFilters,
+			orderBy,
+			groupBy,
+			minTime,
+			maxTime,
+		);
+	}, [
+		selectedVolumeUID,
+		pageSize,
+		currentPage,
+		queryFilters,
+		groupBy,
+		orderBy,
+		minTime,
+		maxTime,
+	]);
+
 	const formattedGroupedByVolumesData = useMemo(
 		() =>
 			formatDataForTable(groupedByRowData?.payload?.data?.records || [], groupBy),
@@ -237,7 +281,7 @@ function K8sVolumesList({
 	const { data, isFetching, isLoading, isError } = useGetK8sVolumesList(
 		query as K8sVolumesListPayload,
 		{
-			queryKey: ['volumeList', query],
+			queryKey: volumesListQueryKey,
 			enabled: !!query,
 		},
 		undefined,
--- a/frontend/src/container/InfraMonitoringK8s/Volumes/utils.tsx
+++ b/frontend/src/container/InfraMonitoringK8s/Volumes/utils.tsx
@@ -77,6 +77,74 @@ export const getK8sVolumesListQuery = (): K8sVolumesListPayload => ({
 	orderBy: { columnName: 'usage', order: 'desc' },
 });

+export const getVolumeListGroupedByRowDataQueryKey = (
+	groupedByMeta: K8sVolumesData['meta'] | undefined,
+	queryFilters: IBuilderQuery['filters'],
+	orderBy: { columnName: string; order: 'asc' | 'desc' } | null,
+	groupBy: IBuilderQuery['groupBy'],
+	minTime: number,
+	maxTime: number,
+): (string | undefined)[] => {
+	// When we have grouped by metadata defined
+	// We need to leave out the min/max time
+	// Otherwise it will cause a loop
+	const groupedByMetaStr = JSON.stringify(groupedByMeta || undefined) ?? '';
+	if (groupedByMetaStr) {
+		return [
+			'volumeList',
+			JSON.stringify(queryFilters),
+			JSON.stringify(orderBy),
+			JSON.stringify(groupBy),
+			groupedByMetaStr,
+		];
+	}
+	return [
+		'volumeList',
+		JSON.stringify(queryFilters),
+		JSON.stringify(orderBy),
+		JSON.stringify(groupBy),
+		groupedByMetaStr,
+		String(minTime),
+		String(maxTime),
+	];
+};
+
+export const getVolumesListQueryKey = (
+	selectedVolumeUID: string | null,
+	pageSize: number,
+	currentPage: number,
+	queryFilters: IBuilderQuery['filters'],
+	orderBy: { columnName: string; order: 'asc' | 'desc' } | null,
+	groupBy: IBuilderQuery['groupBy'],
+	minTime: number,
+	maxTime: number,
+): (string | undefined)[] => {
+	// When selected volume is defined
+	// We need to leave out the min/max time
+	// Otherwise it will cause a loop
+	if (selectedVolumeUID) {
+		return [
+			'volumeList',
+			String(pageSize),
+			String(currentPage),
+			JSON.stringify(queryFilters),
+			JSON.stringify(orderBy),
+			JSON.stringify(groupBy),
+		];
+	}
+
+	return [
+		'volumeList',
+		String(pageSize),
+		String(currentPage),
+		JSON.stringify(queryFilters),
+		JSON.stringify(orderBy),
+		JSON.stringify(groupBy),
+		String(minTime),
+		String(maxTime),
+	];
+};
+
 const columnsConfig = [
 	{
 		title: <div className="column-header-left pvc-name-header">PVC Name</div>,
--- a/frontend/src/container/InfraMonitoringK8s/tests/Volumes/K8sVolumesList.test.tsx
+++ b/frontend/src/container/InfraMonitoringK8s/tests/Volumes/K8sVolumesList.test.tsx
@@ -1,29 +1,93 @@
-import setupCommonMocks from '../commonMocks';
-
-setupCommonMocks();
-
 import { QueryClient, QueryClientProvider } from 'react-query';
 // eslint-disable-next-line no-restricted-imports
-import { MemoryRouter } from 'react-router-dom';
-import { render, waitFor } from '@testing-library/react';
+import { MemoryRouter } from 'react-router-dom-v5-compat';
 import { FeatureKeys } from 'constants/features';
 import K8sVolumesList from 'container/InfraMonitoringK8s/Volumes/K8sVolumesList';
 import { rest, server } from 'mocks-server/server';
 import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
 import { IAppContext, IUser } from 'providers/App/types';
+import { QueryBuilderProvider } from 'providers/QueryBuilder';
+// eslint-disable-next-line no-restricted-imports
+import { applyMiddleware, legacy_createStore as createStore } from 'redux';
+import thunk from 'redux-thunk';
+import reducers from 'store/reducers';
+import { act, render, screen, userEvent, waitFor } from 'tests/test-utils';
+import { UPDATE_TIME_INTERVAL } from 'types/actions/globalTime';
 import { LicenseResModel } from 'types/api/licensesV3/getActive';

-const queryClient = new QueryClient({
-	defaultOptions: {
-		queries: {
-			retry: false,
-			cacheTime: 0,
-		},
-	},
-});
+import { INFRA_MONITORING_K8S_PARAMS_KEYS } from '../../constants';

 const SERVER_URL = 'http://localhost/api';

+// jsdom does not implement IntersectionObserver — provide a no-op stub
+const mockObserver = {
+	observe: jest.fn(),
+	unobserve: jest.fn(),
+	disconnect: jest.fn(),
+};
+global.IntersectionObserver = jest
+	.fn()
+	.mockImplementation(() => mockObserver) as any;
+
+const mockVolume = {
+	persistentVolumeClaimName: 'test-pvc',
+	volumeAvailable: 1000000,
+	volumeCapacity: 5000000,
+	volumeInodes: 100,
+	volumeInodesFree: 50,
+	volumeInodesUsed: 50,
+	volumeUsage: 4000000,
+	meta: {
+		k8s_cluster_name: 'test-cluster',
+		k8s_namespace_name: 'test-namespace',
+		k8s_node_name: 'test-node',
+		k8s_persistentvolumeclaim_name: 'test-pvc',
+		k8s_pod_name: 'test-pod',
+		k8s_pod_uid: 'test-pod-uid',
+		k8s_statefulset_name: '',
+	},
+};
+
+const mockVolumesResponse = {
+	status: 'success',
+	data: {
+		type: '',
+		records: [mockVolume],
+		groups: null,
+		total: 1,
+		sentAnyHostMetricsData: false,
+		isSendingK8SAgentMetrics: false,
+	},
+};
+
+/** Renders K8sVolumesList with a real Redux store so dispatched actions affect state. */
+function renderWithRealStore(
+	initialEntries?: Record<string, any>,
+): { testStore: ReturnType<typeof createStore> } {
+	const testStore = createStore(reducers, applyMiddleware(thunk as any));
+	const queryClient = new QueryClient({
+		defaultOptions: { queries: { retry: false } },
+	});
+
+	render(
+		<NuqsTestingAdapter searchParams={initialEntries}>
+			<QueryClientProvider client={queryClient}>
+				<QueryBuilderProvider>
+					<MemoryRouter>
+						<K8sVolumesList
+							isFiltersVisible={false}
+							handleFilterVisibilityChange={jest.fn()}
+							quickFiltersLastUpdated={-1}
+						/>
+					</MemoryRouter>
+				</QueryBuilderProvider>
+			</QueryClientProvider>
+		</NuqsTestingAdapter>,
+	);
+
+	return { testStore };
+}
+
 describe('K8sVolumesList - useGetAggregateKeys Category Regression', () => {
 	let requestsMade: Array<{
 		url: string;
@@ -33,7 +97,6 @@ describe('K8sVolumesList - useGetAggregateKeys Category Regression', () => {

 	beforeEach(() => {
 		requestsMade = [];
-		queryClient.clear();

 		server.use(
 			rest.get(`${SERVER_URL}/v3/autocomplete/attribute_keys`, (req, res, ctx) => {
@@ -79,19 +142,7 @@ describe('K8sVolumesList - useGetAggregateKeys Category Regression', () => {
 	});

 	it('should call aggregate keys API with k8s_volume_capacity', async () => {
-		render(
-			<NuqsTestingAdapter>
-				<QueryClientProvider client={queryClient}>
-					<MemoryRouter>
-						<K8sVolumesList
-							isFiltersVisible={false}
-							handleFilterVisibilityChange={jest.fn()}
-							quickFiltersLastUpdated={-1}
-						/>
-					</MemoryRouter>
-				</QueryClientProvider>
-			</NuqsTestingAdapter>,
-		);
+		renderWithRealStore();

 		await waitFor(() => {
 			expect(requestsMade.length).toBeGreaterThan(0);
@@ -128,19 +179,7 @@ describe('K8sVolumesList - useGetAggregateKeys Category Regression', () => {
 				activeLicense: (null as unknown) as LicenseResModel,
 			} as IAppContext);

-		render(
-			<NuqsTestingAdapter>
-				<QueryClientProvider client={queryClient}>
-					<MemoryRouter>
-						<K8sVolumesList
-							isFiltersVisible={false}
-							handleFilterVisibilityChange={jest.fn()}
-							quickFiltersLastUpdated={-1}
-						/>
-					</MemoryRouter>
-				</QueryClientProvider>
-			</NuqsTestingAdapter>,
-		);
+		renderWithRealStore();

 		await waitFor(() => {
 			expect(requestsMade.length).toBeGreaterThan(0);
@@ -159,3 +198,193 @@ describe('K8sVolumesList - useGetAggregateKeys Category Regression', () => {
 		expect(aggregateAttribute).toBe('k8s.volume.capacity');
 	});
 });
+
+describe('K8sVolumesList', () => {
+	beforeEach(() => {
+		server.use(
+			rest.post('http://localhost/api/v1/pvcs/list', (_req, res, ctx) =>
+				res(ctx.status(200), ctx.json(mockVolumesResponse)),
+			),
+			rest.get(
+				'http://localhost/api/v3/autocomplete/attribute_keys',
+				(_req, res, ctx) =>
+					res(ctx.status(200), ctx.json({ data: { attributeKeys: [] } })),
+			),
+		);
+	});
+
+	it('renders volume rows from API response', async () => {
+		renderWithRealStore();
+
+		await waitFor(async () => {
+			const elements = await screen.findAllByText('test-pvc');
+
+			expect(elements.length).toBeGreaterThan(0);
+		});
+	});
+
+	it('opens VolumeDetails when a volume row is clicked', async () => {
+		const user = userEvent.setup();
+		renderWithRealStore();
+
+		const pvcCells = await screen.findAllByText('test-pvc');
+		expect(pvcCells.length).toBeGreaterThan(0);
+
+		const row = pvcCells[0].closest('tr');
+		expect(row).not.toBeNull();
+		await user.click(row!);
+
+		await waitFor(async () => {
+			const cells = await screen.findAllByText('test-pvc');
+			expect(cells.length).toBeGreaterThan(1);
+		});
+	});
+
+	it('closes VolumeDetails when the close button is clicked', async () => {
+		const user = userEvent.setup();
+		renderWithRealStore();
+
+		const pvcCells = await screen.findAllByText('test-pvc');
+		expect(pvcCells.length).toBeGreaterThan(0);
+
+		const row = pvcCells[0].closest('tr');
+		await user.click(row!);
+
+		await waitFor(() => {
+			expect(screen.getByRole('button', { name: 'Close' })).toBeInTheDocument();
+		});
+
+		await user.click(screen.getByRole('button', { name: 'Close' }));
+
+		await waitFor(() => {
+			expect(
+				screen.queryByRole('button', { name: 'Close' }),
+			).not.toBeInTheDocument();
+		});
+	});
+
+	it('does not re-fetch the volumes list when time range changes after selecting a volume', async () => {
+		const user = userEvent.setup();
+		let apiCallCount = 0;
+		server.use(
+			rest.post('http://localhost/api/v1/pvcs/list', async (_req, res, ctx) => {
+				apiCallCount += 1;
+				return res(ctx.status(200), ctx.json(mockVolumesResponse));
+			}),
+		);
+
+		const { testStore } = renderWithRealStore();
+
+		await waitFor(() => expect(apiCallCount).toBe(1));
+
+		const pvcCells = await screen.findAllByText('test-pvc');
+		const row = pvcCells[0].closest('tr');
+		await user.click(row!);
+		await waitFor(async () => {
+			const cells = await screen.findAllByText('test-pvc');
+			expect(cells.length).toBeGreaterThan(1);
+		});
+
+		// Wait for nuqs URL state to fully propagate to the component
+		// The selectedVolumeUID is managed via nuqs (async URL state),
+		// so we need to ensure the state has settled before dispatching time changes
+		await act(async () => {
+			await new Promise((resolve) => {
+				setTimeout(resolve, 0);
+			});
+		});
+
+		const countAfterClick = apiCallCount;
+
+		// There's a specific component causing the min/max time to be updated
+		// After the volume loads, it triggers the change again
+		// And then the query to fetch data for the selected volume enters in a loop
+		act(() => {
+			testStore.dispatch({
+				type: UPDATE_TIME_INTERVAL,
+				payload: {
+					minTime: Date.now() * 1000000 - 30 * 60 * 1000 * 1000000,
+					maxTime: Date.now() * 1000000,
+					selectedTime: '30m',
+				},
+			} as any);
+		});
+
+		// Allow any potential re-fetch to settle
+		await new Promise((resolve) => {
+			setTimeout(resolve, 500);
+		});
+
+		expect(apiCallCount).toBe(countAfterClick);
+	});
+
+	it('does not re-fetch groupedByRowData when time range changes after expanding a volume row with groupBy', async () => {
+		const user = userEvent.setup();
+		const groupByValue = [{ key: 'k8s_namespace_name' }];
+
+		let groupedByRowDataCallCount = 0;
+		server.use(
+			rest.post('http://localhost/api/v1/pvcs/list', async (req, res, ctx) => {
+				const body = await req.json();
+				// Check for both underscore and dot notation keys since dotMetricsEnabled
+				// may be true or false depending on test order
+				const isGroupedByRowDataRequest = body.filters?.items?.some(
+					(item: { key?: { key?: string }; value?: string }) =>
+						(item.key?.key === 'k8s_namespace_name' ||
+							item.key?.key === 'k8s.namespace.name') &&
+						item.value === 'test-namespace',
+				);
+				if (isGroupedByRowDataRequest) {
+					groupedByRowDataCallCount += 1;
+				}
+				return res(ctx.status(200), ctx.json(mockVolumesResponse));
+			}),
+			rest.get(
+				'http://localhost/api/v3/autocomplete/attribute_keys',
+				(_req, res, ctx) =>
+					res(
+						ctx.status(200),
+						ctx.json({
+							data: {
+								attributeKeys: [{ key: 'k8s_namespace_name', dataType: 'string' }],
+							},
+						}),
+					),
+			),
+		);
+
+		const { testStore } = renderWithRealStore({
+			[INFRA_MONITORING_K8S_PARAMS_KEYS.GROUP_BY]: JSON.stringify(groupByValue),
+		});
+
+		await waitFor(async () => {
+			const elements = await screen.findAllByText('test-namespace');
+			return expect(elements.length).toBeGreaterThan(0);
+		});
+
+		const row = (await screen.findAllByText('test-namespace'))[0].closest('tr');
+		expect(row).not.toBeNull();
+		user.click(row as HTMLElement);
+		await waitFor(() => expect(groupedByRowDataCallCount).toBe(1));
+
+		const countAfterExpand = groupedByRowDataCallCount;
+
+		act(() => {
+			testStore.dispatch({
+				type: UPDATE_TIME_INTERVAL,
+				payload: {
+					minTime: Date.now() * 1000000 - 30 * 60 * 1000 * 1000000,
+					maxTime: Date.now() * 1000000,
+					selectedTime: '30m',
+				},
+			} as any);
+		});
+
+		// Allow any potential re-fetch to settle
+		await new Promise((resolve) => {
+			setTimeout(resolve, 500);
+		});
+
+		expect(groupedByRowDataCallCount).toBe(countAfterExpand);
+	});
+});
--- a/go.mod
+++ b/go.mod
@@ -372,7 +372,7 @@ require (
 	go.opentelemetry.io/otel/log v0.15.0 // indirect
 	go.opentelemetry.io/otel/sdk/log v0.14.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v1.40.0
-	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.9.0
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/mock v0.6.0 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
@@ -381,7 +381,7 @@ require (
 	golang.org/x/time v0.14.0 // indirect
 	golang.org/x/tools v0.41.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20260203192932-546029d2fa20 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409
 	google.golang.org/grpc v1.78.0 // indirect
 	gopkg.in/telebot.v3 v3.3.8 // indirect
 	k8s.io/client-go v0.35.0 // indirect
--- a/pkg/auditor/auditor.go
+++ b/pkg/auditor/auditor.go
@@ -3,10 +3,15 @@ package auditor
 import (
 	"context"

+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/types/audittypes"
 )

+var (
+	ErrCodeAuditExportFailed = errors.MustNewCode("audit_export_failed")
+)
+
 type Auditor interface {
 	factory.ServiceWithHealthy

--- a/pkg/auditor/config.go
+++ b/pkg/auditor/config.go
@@ -1,6 +1,7 @@
 package auditor

 import (
+	"net/url"
 	"time"

 	"github.com/SigNoz/signoz/pkg/errors"
@@ -10,6 +11,7 @@ import (
 var _ factory.Config = (*Config)(nil)

 type Config struct {
+	// Provider specifies the audit export implementation to use.
 	Provider string `mapstructure:"provider"`

 	// BufferSize is the async channel capacity for audit events.
@@ -28,18 +30,12 @@ type Config struct {
 // OTLPHTTPConfig holds configuration for the OTLP HTTP exporter provider.
 // Fields map to go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp options.
 type OTLPHTTPConfig struct {
-	// Endpoint is the target host:port (without scheme or path).
-	Endpoint string `mapstructure:"endpoint"`
-
-	// URLPath overrides the default URL path (/v1/logs).
-	URLPath string `mapstructure:"url_path"`
+	// Endpoint is the target scheme://host:port of the OTLP HTTP endpoint.
+	Endpoint *url.URL `mapstructure:"endpoint"`

 	// Insecure disables TLS, using HTTP instead of HTTPS.
 	Insecure bool `mapstructure:"insecure"`

-	// Compression sets the compression strategy. Supported: "none", "gzip".
-	Compression string `mapstructure:"compression"`
-
 	// Timeout is the maximum duration for an export attempt.
 	Timeout time.Duration `mapstructure:"timeout"`

@@ -71,10 +67,12 @@ func newConfig() factory.Config {
 		BatchSize:     100,
 		FlushInterval: time.Second,
 		OTLPHTTP: OTLPHTTPConfig{
-			Endpoint:    "localhost:4318",
-			URLPath:     "/v1/logs",
-			Compression: "none",
-			Timeout:     10 * time.Second,
+			Endpoint: &url.URL{
+				Scheme: "http",
+				Host:   "localhost:4318",
+				Path:   "/v1/logs",
+			},
+			Timeout: 10 * time.Second,
 			Retry: RetryConfig{
 				Enabled:         true,
 				InitialInterval: 5 * time.Second,
@@ -93,14 +91,24 @@ func (c Config) Validate() error {
 	if c.BufferSize <= 0 {
 		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "auditor::buffer_size must be greater than 0")
 	}
+
 	if c.BatchSize <= 0 {
 		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "auditor::batch_size must be greater than 0")
 	}
+
 	if c.FlushInterval <= 0 {
 		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "auditor::flush_interval must be greater than 0")
 	}
+
 	if c.BatchSize > c.BufferSize {
 		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "auditor::batch_size must not exceed auditor::buffer_size")
 	}
+
+	if c.Provider == "otlphttp" {
+		if c.OTLPHTTP.Endpoint == nil {
+			return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "auditor::otlphttp::endpoint must be set when provider is otlphttp")
+		}
+	}
+
 	return nil
 }
--- a/pkg/instrumentation/instrumentation.go
+++ b/pkg/instrumentation/instrumentation.go
@@ -15,12 +15,16 @@ import (
 type Instrumentation interface {
 	// Logger returns the Slog logger.
 	Logger() *slog.Logger
+
 	// MeterProvider returns the OpenTelemetry meter provider.
 	MeterProvider() sdkmetric.MeterProvider
+
 	// TracerProvider returns the OpenTelemetry tracer provider.
 	TracerProvider() sdktrace.TracerProvider
+
 	// PrometheusRegisterer returns the Prometheus registerer.
 	PrometheusRegisterer() prometheus.Registerer
+
 	// ToProviderSettings converts instrumentation to provider settings.
 	ToProviderSettings() factory.ProviderSettings
 }
--- a/pkg/types/audittypes/event.go
+++ b/pkg/types/audittypes/event.go
@@ -1,8 +1,14 @@
 package audittypes

 import (
-	"context"
+	"encoding/hex"
+	"fmt"
 	"time"
+
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"go.opentelemetry.io/collector/pdata/pcommon"
+	"go.opentelemetry.io/collector/pdata/plog"
+	semconv "go.opentelemetry.io/otel/semconv/v1.10.0"
 )

 // AuditEvent represents a single audit log event.
@@ -16,10 +22,10 @@ type AuditEvent struct {
 	EventName EventName `json:"eventName"`

 	// Audit attributes — Principal (Who)
-	PrincipalID    string        `json:"principalId"`
-	PrincipalEmail string        `json:"principalEmail"`
+	PrincipalID    valuer.UUID   `json:"principalId"`
+	PrincipalEmail valuer.Email  `json:"principalEmail"`
 	PrincipalType  PrincipalType `json:"principalType"`
-	PrincipalOrgID string        `json:"principalOrgId"`
+	PrincipalOrgID valuer.UUID   `json:"principalOrgId"`
 	IdentNProvider string        `json:"identnProvider,omitempty"`

 	// Audit attributes — Action (What)
@@ -45,7 +51,105 @@ type AuditEvent struct {
 	UserAgent      string `json:"userAgent,omitempty"`
 }

-// Store is the minimal interface for emitting audit events.
-type Store interface {
-	Emit(ctx context.Context, event AuditEvent) error
+func NewPLogsFromAuditEvents(events []AuditEvent, name string, version string, scope string) plog.Logs {
+	logs := plog.NewLogs()
+
+	resourceLogs := logs.ResourceLogs().AppendEmpty()
+	resourceLogs.Resource().Attributes().PutStr(string(semconv.ServiceNameKey), name)
+	resourceLogs.Resource().Attributes().PutStr(string(semconv.ServiceVersionKey), version)
+	scopeLogs := resourceLogs.ScopeLogs().AppendEmpty()
+	scopeLogs.Scope().SetName(scope)
+
+	for i := range events {
+		events[i].ToLogRecord(scopeLogs.LogRecords().AppendEmpty())
+	}
+
+	return logs
+}
+
+func (event AuditEvent) ToLogRecord(dest plog.LogRecord) {
+	dest.SetTimestamp(pcommon.NewTimestampFromTime(event.Timestamp))
+	dest.SetObservedTimestamp(pcommon.NewTimestampFromTime(event.Timestamp))
+	dest.Body().SetStr(event.setBody())
+	dest.SetEventName(event.EventName.String())
+	dest.SetSeverityNumber(event.Outcome.Severity())
+	dest.SetSeverityText(event.Outcome.SeverityText())
+
+	if tid, ok := parseTraceID(event.TraceID); ok {
+		dest.SetTraceID(tid)
+	}
+	if sid, ok := parseSpanID(event.SpanID); ok {
+		dest.SetSpanID(sid)
+	}
+
+	attrs := dest.Attributes()
+
+	// Principal attributes
+	attrs.PutStr("signoz.audit.principal.id", event.PrincipalID.StringValue())
+	attrs.PutStr("signoz.audit.principal.email", event.PrincipalEmail.String())
+	attrs.PutStr("signoz.audit.principal.type", event.PrincipalType.StringValue())
+	attrs.PutStr("signoz.audit.principal.org_id", event.PrincipalOrgID.StringValue())
+	putStrIfNotEmpty(attrs, "signoz.audit.identn_provider", event.IdentNProvider)
+
+	// Action attributes
+	attrs.PutStr("signoz.audit.action", event.Action.StringValue())
+	attrs.PutStr("signoz.audit.action_category", event.ActionCategory.StringValue())
+	attrs.PutStr("signoz.audit.outcome", event.Outcome.StringValue())
+
+	// Resource attributes
+	attrs.PutStr("signoz.audit.resource.name", event.ResourceName)
+	putStrIfNotEmpty(attrs, "signoz.audit.resource.id", event.ResourceID)
+
+	// Error attributes (on failure)
+	putStrIfNotEmpty(attrs, "signoz.audit.error.type", event.ErrorType)
+	putStrIfNotEmpty(attrs, "signoz.audit.error.code", event.ErrorCode)
+	putStrIfNotEmpty(attrs, "signoz.audit.error.message", event.ErrorMessage)
+
+	// Transport context attributes
+	putStrIfNotEmpty(attrs, "http.request.method", event.HTTPMethod)
+	putStrIfNotEmpty(attrs, "http.route", event.HTTPRoute)
+	if event.HTTPStatusCode != 0 {
+		attrs.PutInt("http.response.status_code", int64(event.HTTPStatusCode))
+	}
+	putStrIfNotEmpty(attrs, "url.path", event.URLPath)
+	putStrIfNotEmpty(attrs, "client.address", event.ClientAddress)
+	putStrIfNotEmpty(attrs, "user_agent.original", event.UserAgent)
+}
+
+func (event AuditEvent) setBody() string {
+	if event.Outcome == OutcomeSuccess {
+		return fmt.Sprintf("%s (%s) %s %s %s", event.PrincipalEmail, event.PrincipalID, event.Action.PastTense(), event.ResourceName, event.ResourceID)
+	}
+
+	return fmt.Sprintf("%s (%s) failed to %s %s %s: %s (%s)", event.PrincipalEmail, event.PrincipalID, event.Action.StringValue(), event.ResourceName, event.ResourceID, event.ErrorType, event.ErrorCode)
+}
+
+func putStrIfNotEmpty(attrs pcommon.Map, key, value string) {
+	if value != "" {
+		attrs.PutStr(key, value)
+	}
+}
+
+func parseTraceID(s string) (pcommon.TraceID, bool) {
+	b, err := hex.DecodeString(s)
+	if err != nil || len(b) != 16 {
+		return pcommon.TraceID{}, false
+	}
+
+	var tid pcommon.TraceID
+	copy(tid[:], b)
+
+	return tid, true
+}
+
+func parseSpanID(s string) (pcommon.SpanID, bool) {
+	b, err := hex.DecodeString(s)
+	if err != nil || len(b) != 8 {
+		return pcommon.SpanID{}, false
+	}
+
+	var sid pcommon.SpanID
+	copy(sid[:], b)
+
+	return sid, true
 }
--- a/pkg/types/audittypes/outcome.go
+++ b/pkg/types/audittypes/outcome.go
@@ -1,13 +1,20 @@
 package audittypes

-import "github.com/SigNoz/signoz/pkg/valuer"
+import (
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"go.opentelemetry.io/collector/pdata/plog"
+)

 // Outcome represents the result of an audited operation.
-type Outcome struct{ valuer.String }
+type Outcome struct {
+	valuer.String
+	severity     plog.SeverityNumber
+	severityText string
+}

 var (
-	OutcomeSuccess = Outcome{valuer.NewString("success")}
-	OutcomeFailure = Outcome{valuer.NewString("failure")}
+	OutcomeSuccess = Outcome{valuer.NewString("success"), plog.SeverityNumberInfo, "INFO"}
+	OutcomeFailure = Outcome{valuer.NewString("failure"), plog.SeverityNumberError, "ERROR"}
 )

 func (Outcome) Enum() []any {
@@ -16,3 +23,13 @@ func (Outcome) Enum() []any {
 		OutcomeFailure,
 	}
 }
+
+// Severity returns the plog severity number for this outcome.
+func (o Outcome) Severity() plog.SeverityNumber {
+	return o.severity
+}
+
+// SeverityText returns the severity text for this outcome.
+func (o Outcome) SeverityText() string {
+	return o.severityText
+}
--- a/tests/integration/uv.lock
+++ b/tests/integration/uv.lock
@@ -251,58 +251,55 @@ wheels = [

 [[package]]
 name = "cryptography"
-version = "46.0.3"
+version = "46.0.6"
 source = { registry = "https://pypi.org/simple" }
 dependencies = [
    { name = "cffi", marker = "platform_python_implementation != 'PyPy'" },
 ]
-sdist = { url = "https://files.pythonhosted.org/packages/9f/33/c00162f49c0e2fe8064a62cb92b93e50c74a72bc370ab92f86112b33ff62/cryptography-46.0.3.tar.gz", hash = "sha256:a8b17438104fed022ce745b362294d9ce35b4c2e45c1d958ad4a4b019285f4a1", size = 749258, upload-time = "2025-10-15T23:18:31.74Z" }
+sdist = { url = "https://files.pythonhosted.org/packages/a4/ba/04b1bd4218cbc58dc90ce967106d51582371b898690f3ae0402876cc4f34/cryptography-46.0.6.tar.gz", hash = "sha256:27550628a518c5c6c903d84f637fbecf287f6cb9ced3804838a1295dc1fd0759", size = 750542, upload-time = "2026-03-25T23:34:53.396Z" }
 wheels = [
-    { url = "https://files.pythonhosted.org/packages/1d/42/9c391dd801d6cf0d561b5890549d4b27bafcc53b39c31a817e69d87c625b/cryptography-46.0.3-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:109d4ddfadf17e8e7779c39f9b18111a09efb969a301a31e987416a0191ed93a", size = 7225004, upload-time = "2025-10-15T23:16:52.239Z" },
-    { url = "https://files.pythonhosted.org/packages/1c/67/38769ca6b65f07461eb200e85fc1639b438bdc667be02cf7f2cd6a64601c/cryptography-46.0.3-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:09859af8466b69bc3c27bdf4f5d84a665e0f7ab5088412e9e2ec49758eca5cbc", size = 4296667, upload-time = "2025-10-15T23:16:54.369Z" },
-    { url = "https://files.pythonhosted.org/packages/5c/49/498c86566a1d80e978b42f0d702795f69887005548c041636df6ae1ca64c/cryptography-46.0.3-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:01ca9ff2885f3acc98c29f1860552e37f6d7c7d013d7334ff2a9de43a449315d", size = 4450807, upload-time = "2025-10-15T23:16:56.414Z" },
-    { url = "https://files.pythonhosted.org/packages/4b/0a/863a3604112174c8624a2ac3c038662d9e59970c7f926acdcfaed8d61142/cryptography-46.0.3-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:6eae65d4c3d33da080cff9c4ab1f711b15c1d9760809dad6ea763f3812d254cb", size = 4299615, upload-time = "2025-10-15T23:16:58.442Z" },
-    { url = "https://files.pythonhosted.org/packages/64/02/b73a533f6b64a69f3cd3872acb6ebc12aef924d8d103133bb3ea750dc703/cryptography-46.0.3-cp311-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:e5bf0ed4490068a2e72ac03d786693adeb909981cc596425d09032d372bcc849", size = 4016800, upload-time = "2025-10-15T23:17:00.378Z" },
-    { url = "https://files.pythonhosted.org/packages/25/d5/16e41afbfa450cde85a3b7ec599bebefaef16b5c6ba4ec49a3532336ed72/cryptography-46.0.3-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:5ecfccd2329e37e9b7112a888e76d9feca2347f12f37918facbb893d7bb88ee8", size = 4984707, upload-time = "2025-10-15T23:17:01.98Z" },
-    { url = "https://files.pythonhosted.org/packages/c9/56/e7e69b427c3878352c2fb9b450bd0e19ed552753491d39d7d0a2f5226d41/cryptography-46.0.3-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:a2c0cd47381a3229c403062f764160d57d4d175e022c1df84e168c6251a22eec", size = 4482541, upload-time = "2025-10-15T23:17:04.078Z" },
-    { url = "https://files.pythonhosted.org/packages/78/f6/50736d40d97e8483172f1bb6e698895b92a223dba513b0ca6f06b2365339/cryptography-46.0.3-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:549e234ff32571b1f4076ac269fcce7a808d3bf98b76c8dd560e42dbc66d7d91", size = 4299464, upload-time = "2025-10-15T23:17:05.483Z" },
-    { url = "https://files.pythonhosted.org/packages/00/de/d8e26b1a855f19d9994a19c702fa2e93b0456beccbcfe437eda00e0701f2/cryptography-46.0.3-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:c0a7bb1a68a5d3471880e264621346c48665b3bf1c3759d682fc0864c540bd9e", size = 4950838, upload-time = "2025-10-15T23:17:07.425Z" },
-    { url = "https://files.pythonhosted.org/packages/8f/29/798fc4ec461a1c9e9f735f2fc58741b0daae30688f41b2497dcbc9ed1355/cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:10b01676fc208c3e6feeb25a8b83d81767e8059e1fe86e1dc62d10a3018fa926", size = 4481596, upload-time = "2025-10-15T23:17:09.343Z" },
-    { url = "https://files.pythonhosted.org/packages/15/8d/03cd48b20a573adfff7652b76271078e3045b9f49387920e7f1f631d125e/cryptography-46.0.3-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:0abf1ffd6e57c67e92af68330d05760b7b7efb243aab8377e583284dbab72c71", size = 4426782, upload-time = "2025-10-15T23:17:11.22Z" },
-    { url = "https://files.pythonhosted.org/packages/fa/b1/ebacbfe53317d55cf33165bda24c86523497a6881f339f9aae5c2e13e57b/cryptography-46.0.3-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:a04bee9ab6a4da801eb9b51f1b708a1b5b5c9eb48c03f74198464c66f0d344ac", size = 4698381, upload-time = "2025-10-15T23:17:12.829Z" },
-    { url = "https://files.pythonhosted.org/packages/96/92/8a6a9525893325fc057a01f654d7efc2c64b9de90413adcf605a85744ff4/cryptography-46.0.3-cp311-abi3-win32.whl", hash = "sha256:f260d0d41e9b4da1ed1e0f1ce571f97fe370b152ab18778e9e8f67d6af432018", size = 3055988, upload-time = "2025-10-15T23:17:14.65Z" },
-    { url = "https://files.pythonhosted.org/packages/7e/bf/80fbf45253ea585a1e492a6a17efcb93467701fa79e71550a430c5e60df0/cryptography-46.0.3-cp311-abi3-win_amd64.whl", hash = "sha256:a9a3008438615669153eb86b26b61e09993921ebdd75385ddd748702c5adfddb", size = 3514451, upload-time = "2025-10-15T23:17:16.142Z" },
-    { url = "https://files.pythonhosted.org/packages/2e/af/9b302da4c87b0beb9db4e756386a7c6c5b8003cd0e742277888d352ae91d/cryptography-46.0.3-cp311-abi3-win_arm64.whl", hash = "sha256:5d7f93296ee28f68447397bf5198428c9aeeab45705a55d53a6343455dcb2c3c", size = 2928007, upload-time = "2025-10-15T23:17:18.04Z" },
-    { url = "https://files.pythonhosted.org/packages/f5/e2/a510aa736755bffa9d2f75029c229111a1d02f8ecd5de03078f4c18d91a3/cryptography-46.0.3-cp314-cp314t-macosx_10_9_universal2.whl", hash = "sha256:00a5e7e87938e5ff9ff5447ab086a5706a957137e6e433841e9d24f38a065217", size = 7158012, upload-time = "2025-10-15T23:17:19.982Z" },
-    { url = "https://files.pythonhosted.org/packages/73/dc/9aa866fbdbb95b02e7f9d086f1fccfeebf8953509b87e3f28fff927ff8a0/cryptography-46.0.3-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:c8daeb2d2174beb4575b77482320303f3d39b8e81153da4f0fb08eb5fe86a6c5", size = 4288728, upload-time = "2025-10-15T23:17:21.527Z" },
-    { url = "https://files.pythonhosted.org/packages/c5/fd/bc1daf8230eaa075184cbbf5f8cd00ba9db4fd32d63fb83da4671b72ed8a/cryptography-46.0.3-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:39b6755623145ad5eff1dab323f4eae2a32a77a7abef2c5089a04a3d04366715", size = 4435078, upload-time = "2025-10-15T23:17:23.042Z" },
-    { url = "https://files.pythonhosted.org/packages/82/98/d3bd5407ce4c60017f8ff9e63ffee4200ab3e23fe05b765cab805a7db008/cryptography-46.0.3-cp314-cp314t-manylinux_2_28_aarch64.whl", hash = "sha256:db391fa7c66df6762ee3f00c95a89e6d428f4d60e7abc8328f4fe155b5ac6e54", size = 4293460, upload-time = "2025-10-15T23:17:24.885Z" },
-    { url = "https://files.pythonhosted.org/packages/26/e9/e23e7900983c2b8af7a08098db406cf989d7f09caea7897e347598d4cd5b/cryptography-46.0.3-cp314-cp314t-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:78a97cf6a8839a48c49271cdcbd5cf37ca2c1d6b7fdd86cc864f302b5e9bf459", size = 3995237, upload-time = "2025-10-15T23:17:26.449Z" },
-    { url = "https://files.pythonhosted.org/packages/91/15/af68c509d4a138cfe299d0d7ddb14afba15233223ebd933b4bbdbc7155d3/cryptography-46.0.3-cp314-cp314t-manylinux_2_28_ppc64le.whl", hash = "sha256:dfb781ff7eaa91a6f7fd41776ec37c5853c795d3b358d4896fdbb5df168af422", size = 4967344, upload-time = "2025-10-15T23:17:28.06Z" },
-    { url = "https://files.pythonhosted.org/packages/ca/e3/8643d077c53868b681af077edf6b3cb58288b5423610f21c62aadcbe99f4/cryptography-46.0.3-cp314-cp314t-manylinux_2_28_x86_64.whl", hash = "sha256:6f61efb26e76c45c4a227835ddeae96d83624fb0d29eb5df5b96e14ed1a0afb7", size = 4466564, upload-time = "2025-10-15T23:17:29.665Z" },
-    { url = "https://files.pythonhosted.org/packages/0e/43/c1e8726fa59c236ff477ff2b5dc071e54b21e5a1e51aa2cee1676f1c986f/cryptography-46.0.3-cp314-cp314t-manylinux_2_34_aarch64.whl", hash = "sha256:23b1a8f26e43f47ceb6d6a43115f33a5a37d57df4ea0ca295b780ae8546e8044", size = 4292415, upload-time = "2025-10-15T23:17:31.686Z" },
-    { url = "https://files.pythonhosted.org/packages/42/f9/2f8fefdb1aee8a8e3256a0568cffc4e6d517b256a2fe97a029b3f1b9fe7e/cryptography-46.0.3-cp314-cp314t-manylinux_2_34_ppc64le.whl", hash = "sha256:b419ae593c86b87014b9be7396b385491ad7f320bde96826d0dd174459e54665", size = 4931457, upload-time = "2025-10-15T23:17:33.478Z" },
-    { url = "https://files.pythonhosted.org/packages/79/30/9b54127a9a778ccd6d27c3da7563e9f2d341826075ceab89ae3b41bf5be2/cryptography-46.0.3-cp314-cp314t-manylinux_2_34_x86_64.whl", hash = "sha256:50fc3343ac490c6b08c0cf0d704e881d0d660be923fd3076db3e932007e726e3", size = 4466074, upload-time = "2025-10-15T23:17:35.158Z" },
-    { url = "https://files.pythonhosted.org/packages/ac/68/b4f4a10928e26c941b1b6a179143af9f4d27d88fe84a6a3c53592d2e76bf/cryptography-46.0.3-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:22d7e97932f511d6b0b04f2bfd818d73dcd5928db509460aaf48384778eb6d20", size = 4420569, upload-time = "2025-10-15T23:17:37.188Z" },
-    { url = "https://files.pythonhosted.org/packages/a3/49/3746dab4c0d1979888f125226357d3262a6dd40e114ac29e3d2abdf1ec55/cryptography-46.0.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:d55f3dffadd674514ad19451161118fd010988540cee43d8bc20675e775925de", size = 4681941, upload-time = "2025-10-15T23:17:39.236Z" },
-    { url = "https://files.pythonhosted.org/packages/fd/30/27654c1dbaf7e4a3531fa1fc77986d04aefa4d6d78259a62c9dc13d7ad36/cryptography-46.0.3-cp314-cp314t-win32.whl", hash = "sha256:8a6e050cb6164d3f830453754094c086ff2d0b2f3a897a1d9820f6139a1f0914", size = 3022339, upload-time = "2025-10-15T23:17:40.888Z" },
-    { url = "https://files.pythonhosted.org/packages/f6/30/640f34ccd4d2a1bc88367b54b926b781b5a018d65f404d409aba76a84b1c/cryptography-46.0.3-cp314-cp314t-win_amd64.whl", hash = "sha256:760f83faa07f8b64e9c33fc963d790a2edb24efb479e3520c14a45741cd9b2db", size = 3494315, upload-time = "2025-10-15T23:17:42.769Z" },
-    { url = "https://files.pythonhosted.org/packages/ba/8b/88cc7e3bd0a8e7b861f26981f7b820e1f46aa9d26cc482d0feba0ecb4919/cryptography-46.0.3-cp314-cp314t-win_arm64.whl", hash = "sha256:516ea134e703e9fe26bcd1277a4b59ad30586ea90c365a87781d7887a646fe21", size = 2919331, upload-time = "2025-10-15T23:17:44.468Z" },
-    { url = "https://files.pythonhosted.org/packages/fd/23/45fe7f376a7df8daf6da3556603b36f53475a99ce4faacb6ba2cf3d82021/cryptography-46.0.3-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:cb3d760a6117f621261d662bccc8ef5bc32ca673e037c83fbe565324f5c46936", size = 7218248, upload-time = "2025-10-15T23:17:46.294Z" },
-    { url = "https://files.pythonhosted.org/packages/27/32/b68d27471372737054cbd34c84981f9edbc24fe67ca225d389799614e27f/cryptography-46.0.3-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:4b7387121ac7d15e550f5cb4a43aef2559ed759c35df7336c402bb8275ac9683", size = 4294089, upload-time = "2025-10-15T23:17:48.269Z" },
-    { url = "https://files.pythonhosted.org/packages/26/42/fa8389d4478368743e24e61eea78846a0006caffaf72ea24a15159215a14/cryptography-46.0.3-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:15ab9b093e8f09daab0f2159bb7e47532596075139dd74365da52ecc9cb46c5d", size = 4440029, upload-time = "2025-10-15T23:17:49.837Z" },
-    { url = "https://files.pythonhosted.org/packages/5f/eb/f483db0ec5ac040824f269e93dd2bd8a21ecd1027e77ad7bdf6914f2fd80/cryptography-46.0.3-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:46acf53b40ea38f9c6c229599a4a13f0d46a6c3fa9ef19fc1a124d62e338dfa0", size = 4297222, upload-time = "2025-10-15T23:17:51.357Z" },
-    { url = "https://files.pythonhosted.org/packages/fd/cf/da9502c4e1912cb1da3807ea3618a6829bee8207456fbbeebc361ec38ba3/cryptography-46.0.3-cp38-abi3-manylinux_2_28_armv7l.manylinux_2_31_armv7l.whl", hash = "sha256:10ca84c4668d066a9878890047f03546f3ae0a6b8b39b697457b7757aaf18dbc", size = 4012280, upload-time = "2025-10-15T23:17:52.964Z" },
-    { url = "https://files.pythonhosted.org/packages/6b/8f/9adb86b93330e0df8b3dcf03eae67c33ba89958fc2e03862ef1ac2b42465/cryptography-46.0.3-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:36e627112085bb3b81b19fed209c05ce2a52ee8b15d161b7c643a7d5a88491f3", size = 4978958, upload-time = "2025-10-15T23:17:54.965Z" },
-    { url = "https://files.pythonhosted.org/packages/d1/a0/5fa77988289c34bdb9f913f5606ecc9ada1adb5ae870bd0d1054a7021cc4/cryptography-46.0.3-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:1000713389b75c449a6e979ffc7dcc8ac90b437048766cef052d4d30b8220971", size = 4473714, upload-time = "2025-10-15T23:17:56.754Z" },
-    { url = "https://files.pythonhosted.org/packages/14/e5/fc82d72a58d41c393697aa18c9abe5ae1214ff6f2a5c18ac470f92777895/cryptography-46.0.3-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:b02cf04496f6576afffef5ddd04a0cb7d49cf6be16a9059d793a30b035f6b6ac", size = 4296970, upload-time = "2025-10-15T23:17:58.588Z" },
-    { url = "https://files.pythonhosted.org/packages/78/06/5663ed35438d0b09056973994f1aec467492b33bd31da36e468b01ec1097/cryptography-46.0.3-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:71e842ec9bc7abf543b47cf86b9a743baa95f4677d22baa4c7d5c69e49e9bc04", size = 4940236, upload-time = "2025-10-15T23:18:00.897Z" },
-    { url = "https://files.pythonhosted.org/packages/fc/59/873633f3f2dcd8a053b8dd1d38f783043b5fce589c0f6988bf55ef57e43e/cryptography-46.0.3-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:402b58fc32614f00980b66d6e56a5b4118e6cb362ae8f3fda141ba4689bd4506", size = 4472642, upload-time = "2025-10-15T23:18:02.749Z" },
-    { url = "https://files.pythonhosted.org/packages/3d/39/8e71f3930e40f6877737d6f69248cf74d4e34b886a3967d32f919cc50d3b/cryptography-46.0.3-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:ef639cb3372f69ec44915fafcd6698b6cc78fbe0c2ea41be867f6ed612811963", size = 4423126, upload-time = "2025-10-15T23:18:04.85Z" },
-    { url = "https://files.pythonhosted.org/packages/cd/c7/f65027c2810e14c3e7268353b1681932b87e5a48e65505d8cc17c99e36ae/cryptography-46.0.3-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:3b51b8ca4f1c6453d8829e1eb7299499ca7f313900dd4d89a24b8b87c0a780d4", size = 4686573, upload-time = "2025-10-15T23:18:06.908Z" },
-    { url = "https://files.pythonhosted.org/packages/0a/6e/1c8331ddf91ca4730ab3086a0f1be19c65510a33b5a441cb334e7a2d2560/cryptography-46.0.3-cp38-abi3-win32.whl", hash = "sha256:6276eb85ef938dc035d59b87c8a7dc559a232f954962520137529d77b18ff1df", size = 3036695, upload-time = "2025-10-15T23:18:08.672Z" },
-    { url = "https://files.pythonhosted.org/packages/90/45/b0d691df20633eff80955a0fc7695ff9051ffce8b69741444bd9ed7bd0db/cryptography-46.0.3-cp38-abi3-win_amd64.whl", hash = "sha256:416260257577718c05135c55958b674000baef9a1c7d9e8f306ec60d71db850f", size = 3501720, upload-time = "2025-10-15T23:18:10.632Z" },
-    { url = "https://files.pythonhosted.org/packages/e8/cb/2da4cc83f5edb9c3257d09e1e7ab7b23f049c7962cae8d842bbef0a9cec9/cryptography-46.0.3-cp38-abi3-win_arm64.whl", hash = "sha256:d89c3468de4cdc4f08a57e214384d0471911a3830fcdaf7a8cc587e42a866372", size = 2918740, upload-time = "2025-10-15T23:18:12.277Z" },
+    { url = "https://files.pythonhosted.org/packages/47/23/9285e15e3bc57325b0a72e592921983a701efc1ee8f91c06c5f0235d86d9/cryptography-46.0.6-cp311-abi3-macosx_10_9_universal2.whl", hash = "sha256:64235194bad039a10bb6d2d930ab3323baaec67e2ce36215fd0952fad0930ca8", size = 7176401, upload-time = "2026-03-25T23:33:22.096Z" },
+    { url = "https://files.pythonhosted.org/packages/60/f8/e61f8f13950ab6195b31913b42d39f0f9afc7d93f76710f299b5ec286ae6/cryptography-46.0.6-cp311-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:26031f1e5ca62fcb9d1fcb34b2b60b390d1aacaa15dc8b895a9ed00968b97b30", size = 4275275, upload-time = "2026-03-25T23:33:23.844Z" },
+    { url = "https://files.pythonhosted.org/packages/19/69/732a736d12c2631e140be2348b4ad3d226302df63ef64d30dfdb8db7ad1c/cryptography-46.0.6-cp311-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:9a693028b9cbe51b5a1136232ee8f2bc242e4e19d456ded3fa7c86e43c713b4a", size = 4425320, upload-time = "2026-03-25T23:33:25.703Z" },
+    { url = "https://files.pythonhosted.org/packages/d4/12/123be7292674abf76b21ac1fc0e1af50661f0e5b8f0ec8285faac18eb99e/cryptography-46.0.6-cp311-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:67177e8a9f421aa2d3a170c3e56eca4e0128883cf52a071a7cbf53297f18b175", size = 4278082, upload-time = "2026-03-25T23:33:27.423Z" },
+    { url = "https://files.pythonhosted.org/packages/5b/ba/d5e27f8d68c24951b0a484924a84c7cdaed7502bac9f18601cd357f8b1d2/cryptography-46.0.6-cp311-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:d9528b535a6c4f8ff37847144b8986a9a143585f0540fbcb1a98115b543aa463", size = 4926514, upload-time = "2026-03-25T23:33:29.206Z" },
+    { url = "https://files.pythonhosted.org/packages/34/71/1ea5a7352ae516d5512d17babe7e1b87d9db5150b21f794b1377eac1edc0/cryptography-46.0.6-cp311-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:22259338084d6ae497a19bae5d4c66b7ca1387d3264d1c2c0e72d9e9b6a77b97", size = 4457766, upload-time = "2026-03-25T23:33:30.834Z" },
+    { url = "https://files.pythonhosted.org/packages/01/59/562be1e653accee4fdad92c7a2e88fced26b3fdfce144047519bbebc299e/cryptography-46.0.6-cp311-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:760997a4b950ff00d418398ad73fbc91aa2894b5c1db7ccb45b4f68b42a63b3c", size = 3986535, upload-time = "2026-03-25T23:33:33.02Z" },
+    { url = "https://files.pythonhosted.org/packages/d6/8b/b1ebfeb788bf4624d36e45ed2662b8bd43a05ff62157093c1539c1288a18/cryptography-46.0.6-cp311-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:3dfa6567f2e9e4c5dceb8ccb5a708158a2a871052fa75c8b78cb0977063f1507", size = 4277618, upload-time = "2026-03-25T23:33:34.567Z" },
+    { url = "https://files.pythonhosted.org/packages/dd/52/a005f8eabdb28df57c20f84c44d397a755782d6ff6d455f05baa2785bd91/cryptography-46.0.6-cp311-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:cdcd3edcbc5d55757e5f5f3d330dd00007ae463a7e7aa5bf132d1f22a4b62b19", size = 4890802, upload-time = "2026-03-25T23:33:37.034Z" },
+    { url = "https://files.pythonhosted.org/packages/ec/4d/8e7d7245c79c617d08724e2efa397737715ca0ec830ecb3c91e547302555/cryptography-46.0.6-cp311-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:d4e4aadb7fc1f88687f47ca20bb7227981b03afaae69287029da08096853b738", size = 4457425, upload-time = "2026-03-25T23:33:38.904Z" },
+    { url = "https://files.pythonhosted.org/packages/1d/5c/f6c3596a1430cec6f949085f0e1a970638d76f81c3ea56d93d564d04c340/cryptography-46.0.6-cp311-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:2b417edbe8877cda9022dde3a008e2deb50be9c407eef034aeeb3a8b11d9db3c", size = 4405530, upload-time = "2026-03-25T23:33:40.842Z" },
+    { url = "https://files.pythonhosted.org/packages/7e/c9/9f9cea13ee2dbde070424e0c4f621c091a91ffcc504ffea5e74f0e1daeff/cryptography-46.0.6-cp311-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:380343e0653b1c9d7e1f55b52aaa2dbb2fdf2730088d48c43ca1c7c0abb7cc2f", size = 4667896, upload-time = "2026-03-25T23:33:42.781Z" },
+    { url = "https://files.pythonhosted.org/packages/ad/b5/1895bc0821226f129bc74d00eccfc6a5969e2028f8617c09790bf89c185e/cryptography-46.0.6-cp311-abi3-win32.whl", hash = "sha256:bcb87663e1f7b075e48c3be3ecb5f0b46c8fc50b50a97cf264e7f60242dca3f2", size = 3026348, upload-time = "2026-03-25T23:33:45.021Z" },
+    { url = "https://files.pythonhosted.org/packages/c3/f8/c9bcbf0d3e6ad288b9d9aa0b1dee04b063d19e8c4f871855a03ab3a297ab/cryptography-46.0.6-cp311-abi3-win_amd64.whl", hash = "sha256:6739d56300662c468fddb0e5e291f9b4d084bead381667b9e654c7dd81705124", size = 3483896, upload-time = "2026-03-25T23:33:46.649Z" },
+    { url = "https://files.pythonhosted.org/packages/01/41/3a578f7fd5c70611c0aacba52cd13cb364a5dee895a5c1d467208a9380b0/cryptography-46.0.6-cp314-cp314t-macosx_10_9_universal2.whl", hash = "sha256:2ef9e69886cbb137c2aef9772c2e7138dc581fad4fcbcf13cc181eb5a3ab6275", size = 7117147, upload-time = "2026-03-25T23:33:48.249Z" },
+    { url = "https://files.pythonhosted.org/packages/fa/87/887f35a6fca9dde90cad08e0de0c89263a8e59b2d2ff904fd9fcd8025b6f/cryptography-46.0.6-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:7f417f034f91dcec1cb6c5c35b07cdbb2ef262557f701b4ecd803ee8cefed4f4", size = 4266221, upload-time = "2026-03-25T23:33:49.874Z" },
+    { url = "https://files.pythonhosted.org/packages/aa/a8/0a90c4f0b0871e0e3d1ed126aed101328a8a57fd9fd17f00fb67e82a51ca/cryptography-46.0.6-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:d24c13369e856b94892a89ddf70b332e0b70ad4a5c43cf3e9cb71d6d7ffa1f7b", size = 4408952, upload-time = "2026-03-25T23:33:52.128Z" },
+    { url = "https://files.pythonhosted.org/packages/16/0b/b239701eb946523e4e9f329336e4ff32b1247e109cbab32d1a7b61da8ed7/cryptography-46.0.6-cp314-cp314t-manylinux_2_28_aarch64.whl", hash = "sha256:aad75154a7ac9039936d50cf431719a2f8d4ed3d3c277ac03f3339ded1a5e707", size = 4270141, upload-time = "2026-03-25T23:33:54.11Z" },
+    { url = "https://files.pythonhosted.org/packages/0f/a8/976acdd4f0f30df7b25605f4b9d3d89295351665c2091d18224f7ad5cdbf/cryptography-46.0.6-cp314-cp314t-manylinux_2_28_ppc64le.whl", hash = "sha256:3c21d92ed15e9cfc6eb64c1f5a0326db22ca9c2566ca46d845119b45b4400361", size = 4904178, upload-time = "2026-03-25T23:33:55.725Z" },
+    { url = "https://files.pythonhosted.org/packages/b1/1b/bf0e01a88efd0e59679b69f42d4afd5bced8700bb5e80617b2d63a3741af/cryptography-46.0.6-cp314-cp314t-manylinux_2_28_x86_64.whl", hash = "sha256:4668298aef7cddeaf5c6ecc244c2302a2b8e40f384255505c22875eebb47888b", size = 4441812, upload-time = "2026-03-25T23:33:57.364Z" },
+    { url = "https://files.pythonhosted.org/packages/bb/8b/11df86de2ea389c65aa1806f331cae145f2ed18011f30234cc10ca253de8/cryptography-46.0.6-cp314-cp314t-manylinux_2_31_armv7l.whl", hash = "sha256:8ce35b77aaf02f3b59c90b2c8a05c73bac12cea5b4e8f3fbece1f5fddea5f0ca", size = 3963923, upload-time = "2026-03-25T23:33:59.361Z" },
+    { url = "https://files.pythonhosted.org/packages/91/e0/207fb177c3a9ef6a8108f234208c3e9e76a6aa8cf20d51932916bd43bda0/cryptography-46.0.6-cp314-cp314t-manylinux_2_34_aarch64.whl", hash = "sha256:c89eb37fae9216985d8734c1afd172ba4927f5a05cfd9bf0e4863c6d5465b013", size = 4269695, upload-time = "2026-03-25T23:34:00.909Z" },
+    { url = "https://files.pythonhosted.org/packages/21/5e/19f3260ed1e95bced52ace7501fabcd266df67077eeb382b79c81729d2d3/cryptography-46.0.6-cp314-cp314t-manylinux_2_34_ppc64le.whl", hash = "sha256:ed418c37d095aeddf5336898a132fba01091f0ac5844e3e8018506f014b6d2c4", size = 4869785, upload-time = "2026-03-25T23:34:02.796Z" },
+    { url = "https://files.pythonhosted.org/packages/10/38/cd7864d79aa1d92ef6f1a584281433419b955ad5a5ba8d1eb6c872165bcb/cryptography-46.0.6-cp314-cp314t-manylinux_2_34_x86_64.whl", hash = "sha256:69cf0056d6947edc6e6760e5f17afe4bea06b56a9ac8a06de9d2bd6b532d4f3a", size = 4441404, upload-time = "2026-03-25T23:34:04.35Z" },
+    { url = "https://files.pythonhosted.org/packages/09/0a/4fe7a8d25fed74419f91835cf5829ade6408fd1963c9eae9c4bce390ecbb/cryptography-46.0.6-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:8e7304c4f4e9490e11efe56af6713983460ee0780f16c63f219984dab3af9d2d", size = 4397549, upload-time = "2026-03-25T23:34:06.342Z" },
+    { url = "https://files.pythonhosted.org/packages/5f/a0/7d738944eac6513cd60a8da98b65951f4a3b279b93479a7e8926d9cd730b/cryptography-46.0.6-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:b928a3ca837c77a10e81a814a693f2295200adb3352395fad024559b7be7a736", size = 4651874, upload-time = "2026-03-25T23:34:07.916Z" },
+    { url = "https://files.pythonhosted.org/packages/cb/f1/c2326781ca05208845efca38bf714f76939ae446cd492d7613808badedf1/cryptography-46.0.6-cp314-cp314t-win32.whl", hash = "sha256:97c8115b27e19e592a05c45d0dd89c57f81f841cc9880e353e0d3bf25b2139ed", size = 3001511, upload-time = "2026-03-25T23:34:09.892Z" },
+    { url = "https://files.pythonhosted.org/packages/c9/57/fe4a23eb549ac9d903bd4698ffda13383808ef0876cc912bcb2838799ece/cryptography-46.0.6-cp314-cp314t-win_amd64.whl", hash = "sha256:c797e2517cb7880f8297e2c0f43bb910e91381339336f75d2c1c2cbf811b70b4", size = 3471692, upload-time = "2026-03-25T23:34:11.613Z" },
+    { url = "https://files.pythonhosted.org/packages/c4/cc/f330e982852403da79008552de9906804568ae9230da8432f7496ce02b71/cryptography-46.0.6-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:12cae594e9473bca1a7aceb90536060643128bb274fcea0fc459ab90f7d1ae7a", size = 7162776, upload-time = "2026-03-25T23:34:13.308Z" },
+    { url = "https://files.pythonhosted.org/packages/49/b3/dc27efd8dcc4bff583b3f01d4a3943cd8b5821777a58b3a6a5f054d61b79/cryptography-46.0.6-cp38-abi3-manylinux2014_aarch64.manylinux_2_17_aarch64.whl", hash = "sha256:639301950939d844a9e1c4464d7e07f902fe9a7f6b215bb0d4f28584729935d8", size = 4270529, upload-time = "2026-03-25T23:34:15.019Z" },
+    { url = "https://files.pythonhosted.org/packages/e6/05/e8d0e6eb4f0d83365b3cb0e00eb3c484f7348db0266652ccd84632a3d58d/cryptography-46.0.6-cp38-abi3-manylinux2014_x86_64.manylinux_2_17_x86_64.whl", hash = "sha256:ed3775295fb91f70b4027aeba878d79b3e55c0b3e97eaa4de71f8f23a9f2eb77", size = 4414827, upload-time = "2026-03-25T23:34:16.604Z" },
+    { url = "https://files.pythonhosted.org/packages/2f/97/daba0f5d2dc6d855e2dcb70733c812558a7977a55dd4a6722756628c44d1/cryptography-46.0.6-cp38-abi3-manylinux_2_28_aarch64.whl", hash = "sha256:8927ccfbe967c7df312ade694f987e7e9e22b2425976ddbf28271d7e58845290", size = 4271265, upload-time = "2026-03-25T23:34:18.586Z" },
+    { url = "https://files.pythonhosted.org/packages/89/06/fe1fce39a37ac452e58d04b43b0855261dac320a2ebf8f5260dd55b201a9/cryptography-46.0.6-cp38-abi3-manylinux_2_28_ppc64le.whl", hash = "sha256:b12c6b1e1651e42ab5de8b1e00dc3b6354fdfd778e7fa60541ddacc27cd21410", size = 4916800, upload-time = "2026-03-25T23:34:20.561Z" },
+    { url = "https://files.pythonhosted.org/packages/ff/8a/b14f3101fe9c3592603339eb5d94046c3ce5f7fc76d6512a2d40efd9724e/cryptography-46.0.6-cp38-abi3-manylinux_2_28_x86_64.whl", hash = "sha256:063b67749f338ca9c5a0b7fe438a52c25f9526b851e24e6c9310e7195aad3b4d", size = 4448771, upload-time = "2026-03-25T23:34:22.406Z" },
+    { url = "https://files.pythonhosted.org/packages/01/b3/0796998056a66d1973fd52ee89dc1bb3b6581960a91ad4ac705f182d398f/cryptography-46.0.6-cp38-abi3-manylinux_2_31_armv7l.whl", hash = "sha256:02fad249cb0e090b574e30b276a3da6a149e04ee2f049725b1f69e7b8351ec70", size = 3978333, upload-time = "2026-03-25T23:34:24.281Z" },
+    { url = "https://files.pythonhosted.org/packages/c5/3d/db200af5a4ffd08918cd55c08399dc6c9c50b0bc72c00a3246e099d3a849/cryptography-46.0.6-cp38-abi3-manylinux_2_34_aarch64.whl", hash = "sha256:7e6142674f2a9291463e5e150090b95a8519b2fb6e6aaec8917dd8d094ce750d", size = 4271069, upload-time = "2026-03-25T23:34:25.895Z" },
+    { url = "https://files.pythonhosted.org/packages/d7/18/61acfd5b414309d74ee838be321c636fe71815436f53c9f0334bf19064fa/cryptography-46.0.6-cp38-abi3-manylinux_2_34_ppc64le.whl", hash = "sha256:456b3215172aeefb9284550b162801d62f5f264a081049a3e94307fe20792cfa", size = 4878358, upload-time = "2026-03-25T23:34:27.67Z" },
+    { url = "https://files.pythonhosted.org/packages/8b/65/5bf43286d566f8171917cae23ac6add941654ccf085d739195a4eacf1674/cryptography-46.0.6-cp38-abi3-manylinux_2_34_x86_64.whl", hash = "sha256:341359d6c9e68834e204ceaf25936dffeafea3829ab80e9503860dcc4f4dac58", size = 4448061, upload-time = "2026-03-25T23:34:29.375Z" },
+    { url = "https://files.pythonhosted.org/packages/e0/25/7e49c0fa7205cf3597e525d156a6bce5b5c9de1fd7e8cb01120e459f205a/cryptography-46.0.6-cp38-abi3-musllinux_1_2_aarch64.whl", hash = "sha256:9a9c42a2723999a710445bc0d974e345c32adfd8d2fac6d8a251fa829ad31cfb", size = 4399103, upload-time = "2026-03-25T23:34:32.036Z" },
+    { url = "https://files.pythonhosted.org/packages/44/46/466269e833f1c4718d6cd496ffe20c56c9c8d013486ff66b4f69c302a68d/cryptography-46.0.6-cp38-abi3-musllinux_1_2_x86_64.whl", hash = "sha256:6617f67b1606dfd9fe4dbfa354a9508d4a6d37afe30306fe6c101b7ce3274b72", size = 4659255, upload-time = "2026-03-25T23:34:33.679Z" },
+    { url = "https://files.pythonhosted.org/packages/0a/09/ddc5f630cc32287d2c953fc5d32705e63ec73e37308e5120955316f53827/cryptography-46.0.6-cp38-abi3-win32.whl", hash = "sha256:7f6690b6c55e9c5332c0b59b9c8a3fb232ebf059094c17f9019a51e9827df91c", size = 3010660, upload-time = "2026-03-25T23:34:35.418Z" },
+    { url = "https://files.pythonhosted.org/packages/1b/82/ca4893968aeb2709aacfb57a30dec6fa2ab25b10fa9f064b8882ce33f599/cryptography-46.0.6-cp38-abi3-win_amd64.whl", hash = "sha256:79e865c642cfc5c0b3eb12af83c35c5aeff4fa5c672dc28c43721c2c9fdd2f0f", size = 3471160, upload-time = "2026-03-25T23:34:37.191Z" },
 ]

 [[package]]
Author	SHA1	Message	Date
dependabot[bot]	69daa9ca6f	chore(deps): bump cryptography in /tests/integration Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-31 13:48:43 +00:00
Pandey	71a13b4818	feat(audit): enterprise auditor with licensing gate and OTLP HTTP export (#10776 ) * feat(audit): add enterprise auditor with licensing gate and OTLP HTTP export Implements the enterprise auditor at ee/auditor/otlphttpauditor/. Composes auditorserver.Server for batching with licensing gate, OTel SDK LoggerProvider for InstrumentationScope, and otlploghttp exporter for OTLP HTTP transport. * fix(audit): address PR review — inline factory, move body+logrecord to audittypes - Inline NewFactory closure, remove newProviderFunc - Move buildBody to audittypes.BuildBody - Move eventToLogRecord to audittypes.ToLogRecord - go mod tidy for newly direct otel/log deps * fix(audit): address PR review round 2 - Make ToLogRecord a method on AuditEvent returning sdklog.Record - Fold buildBody into ToLogRecord as unexported helper - Remove accumulatingProcessor and LoggerProvider — export directly via otlploghttp.Exporter - Delete body.go and processor.go * fix(audit): address PR review round 3 - Merge export.go into provider.go - Add severity/severityText fields to Outcome struct - Rename buildBody to setBody method on AuditEvent - Add appendStringIfNotEmpty helper to reduce duplication * feat(audit): switch to plog + direct HTTP POST for OTLP export Replace otlploghttp.Exporter + sdklog.Record with plog data model, ProtoMarshaler, and direct HTTP POST. This properly sets InstrumentationScope.Name = "signoz.audit" and Resource attributes on the OTLP payload. * fix(audit): adopt collector otlphttpexporter pattern for HTTP export Model the send function after the OTel Collector's otlphttpexporter: - Bounded response body reads (64KB max) - Protobuf-encoded Status parsing from error responses - Proper response body draining on defer - Detailed error messages with endpoint URL and status details * refactor(audit): split export logic into export.go, add throttle retry - Move export, send, and HTTP response helpers to export.go - Add exporterhelper.NewThrottleRetry for 429/503 with Retry-After - Parse Retry-After as delay-seconds or HTTP-date per RFC 7231 - Keep provider.go focused on Auditor interface and lifecycle * feat(audit): add partial success handler and internal retry with backoff - Parse ExportLogsServiceResponse on 2xx for partial success, log warning if log records were rejected - Internal retry loop with exponential backoff for retryable status codes (429, 502, 503, 504) using RetryConfig from auditor config - Honour Retry-After header (delay-seconds and HTTP-date) - Store full auditor.Config on provider struct - Replace exporterhelper.NewThrottleRetry with local retryableError type consumed by the internal retry loop * fix(audit): fix lint — use pkg/errors, remove stdlib errors and fmt.Errorf * refactor(audit): use provider as receiver name instead of p * refactor(audit): clean up enterprise auditor implementation - Extract retry logic into retry.go - Move NewPLogsFromAuditEvents and ToLogRecord into event.go - Add ErrCodeAuditExportFailed to auditor package - Add version.Build to provider for service.version attribute - Simplify sendOnce, split response handling into onSuccess/onErr - Use PrincipalOrgID as valuer.UUID directly - Use OTLPHTTP.Endpoint as URL type - Remove gzip compression handling - Delete logrecord.go * refactor(audit): use pkg/http/client instead of bare http.Client Use the standard SigNoz HTTP client with OTel instrumentation. Disable heimdall retries (count=0) since we have our own OTLP-aware retry loop that understands Retry-After headers. * refactor(audit): use heimdall Retriable for retry instead of manual loop - Implement retrier with exponential backoff from auditor RetryConfig - Compute retry count from MaxElapsedTime and backoff intervals - Pass retrier and retry count to pkg/http/client via WithRetriable - Remove manual retry loop, retryableError type, and Retry-After parsing - Heimdall handles retries on >= 500 status codes automatically * refactor(audit): rename retry.go to retrier.go	2026-03-31 13:37:20 +00:00
Vinicius Lourenço	a8e2155bb6	fix(app-routes-redirect): redirects when workspaceBlocked & onboarding having wrong redirects (#10738 ) * fix(private): issues with redirect when onboarding & workspace locked * test(app-routes): add tests for private route	2026-03-31 11:07:42 +00:00
Vinicius Lourenço	a9cbf9a4df	fix(infra-monitoring): request loop when click to visualize volume (#10657 ) * fix(infra-monitoring): request loop when click to visualize volume * test(k8s-volume-list): fix tests broken due to nuqs	2026-03-31 10:56:09 +00:00