Skip to content

Metric Attribute Explorer#1703

Merged
kodiakhq[bot] merged 10 commits intomainfrom
mikeshi/metric-attribute-explorer
Feb 6, 2026
Merged

Metric Attribute Explorer#1703
kodiakhq[bot] merged 10 commits intomainfrom
mikeshi/metric-attribute-explorer

Conversation

@MikeShi42
Copy link
Contributor

@MikeShi42 MikeShi42 commented Feb 5, 2026
edited
Loading

image

Fixes HDX-2282

@changeset-bot
Copy link

changeset-bot bot commented Feb 5, 2026
edited
Loading

🦋 Changeset detected

Latest commit: f7c0e4c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@hyperdx/app Minor
@hyperdx/api Minor
@hyperdx/otel-collector Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel
Copy link

vercel bot commented Feb 5, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
hyperdx-v2-oss-app Ready Ready Preview, Comment Feb 6, 2026 3:33pm

Request Review

@MikeShi42 MikeShi42 requested review from a team and pulpdrew and removed request for a team February 5, 2026 03:20
@claude
Copy link

claude bot commented Feb 5, 2026
edited
Loading

PR Review: Metric Attribute Explorer

Critical Issues

  • 🔒 SQL Injection vulnerability in formatWhereClause (MetricAttributeHelperPanel.tsx:148) → Escape single quotes in name and value parameters before string interpolation
  • 🔒 SQL Injection vulnerability in formatGroupByClause (MetricAttributeHelperPanel.tsx:159) → Escape single quotes in name parameter before string interpolation

Important Issues

  • ⚠️ Missing databaseName in query key (useFetchMetricMetadata.tsx:49) → Add tableSource to query key for proper cache isolation
  • ⚠️ Missing databaseName in query key (useFetchMetricAttributeValues.tsx:58-66) → Add databaseName to query key for proper cache isolation
  • ⚠️ Component exceeds 300 lines (MetricAttributeHelperPanel.tsx:493 lines) → Split into separate files per project guidelines

Notes

The feature looks good overall - nice UI/UX implementation with proper debouncing, loading states, and React Query integration. The parameterized queries in the ClickHouse hooks are properly done. Main concerns are the string interpolation in the WHERE/GROUP BY clause formatters that could allow SQL injection if values contain quotes.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 5, 2026
edited
Loading

E2E Test Results

All tests passed • 64 passed • 4 skipped • 792s

Status Count
✅ Passed 64
❌ Failed 0
⚠️ Flaky 0
⏭️ Skipped 4

Tests ran across 4 shards in parallel.

View full report →

pulpdrew
pulpdrew reviewed Feb 5, 2026
View reviewed changes
Copy link
Contributor

@pulpdrew pulpdrew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great, just a couple of minor comments!

Also one behavior that was unexpected was that anytime the query is submitted (including when adding a filter or group by using this panel), the helper panel is collapsed. Is that intentional?

@MikeShi42 MikeShi42 requested a review from pulpdrew February 6, 2026 08:28
pulpdrew
pulpdrew approved these changes Feb 6, 2026
View reviewed changes
Copy link
Contributor

@pulpdrew pulpdrew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kodiakhq kodiakhq bot merged commit 6241c38 into main Feb 6, 2026
11 of 12 checks passed
@kodiakhq kodiakhq bot deleted the mikeshi/metric-attribute-explorer branch February 6, 2026 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pulpdrew pulpdrew pulpdrew approved these changes

Assignees

No one assigned

Labels

automerge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MikeShi42 @pulpdrew