English

Deutsch

English

Deutsch

Appearance

Developer Changelog

Internal — Developer Audience

This changelog tracks API reference changes, internal endpoint updates, and technical implementation details. For user-facing changes, see the Changelog.

2026-03-10

KPI Entity Index and Account Detail View (PR #1082)

Diff: 969a14f9..e0a2e273. Branch: hub/daily-2026-03-10.

Source files:

  • backend/internal/features/kpi/service.goService interface gains GetEntityIDs() and GetAccountsByDefinition(). CalculateKPI now stores an entity index (matched account IDs) after each calculation run via repo.SaveEntityIndex. For ACCOUNTS source entity, triggers computeAccountStatistics() post-calculation to populate def.Statistics.
  • backend/internal/features/kpi/calculator.goCalculate() now returns a CalculateOutput struct containing both Results (existing []KPIResult) and EntityIDs (matched entity ID slice).
  • backend/internal/features/kpi/models.goKPIDefinition gains MatchedEntityCount and Statistics fields. New KPIDefinitionStatistics struct: total_accounts, average_risk_score, top_risk_accounts, risk_threshold, mfa_disabled_count, password_* fields, stale_* fields, privileged_* fields, breached/shared/failed_logins counts, account_distribution (by status and type).
  • backend/internal/features/kpi/repository_kv.go — New methods: SaveEntityIndex, GetEntityIDs, DeleteEntityIndex.
  • backend/internal/web/controllers/kpi_controller.go — New file. Registers GET /kpi/definitions/{id}/accounts (paginated account list) and GET /kpi/definitions/{id}/entity-ids.
  • backend/internal/web/router.go — KPI controller registered.
  • frontend/src/pages/KPIDetails.tsx — New page. Account-level risk analysis: risk summary cards (MFA, password age, stale accounts, privileged, other risks), account distribution (by status and type), top risk accounts list with search and pagination.
  • frontend/src/services/kpi.service.ts — New service. getDefinition(), getAccountsByDefinition(), getEntityIDs(). Defines KPIDefinition, KPIAccount, KPIDefinitionStatistics types.

New API endpoints:

MethodPathDescription
GET/api/v1/kpi/definitions/{id}/accountsPaginated list of matched accounts for a KPI
GET/api/v1/kpi/definitions/{id}/entity-idsAll matched entity IDs for a KPI

Campaign and Dashboard Bug Fixes

Diff: 969a14f9..e0a2e273. Branch: hub/daily-2026-03-10.

Campaign fixes:

  • frontend/src/pages/CampaignDetails.tsx — Refactored (2226 lines → consolidated). Query campaigns now show their query definition on the Start and Details views. Approve/Reject buttons disabled when campaign is not in ACTIVE state.
  • frontend/src/pages/Campaigns.tsx — Filter tiles for automated decisions corrected.
  • frontend/src/hooks/useReviewActions.ts — Batch approve/reject now updates counts immediately on response.

Dashboard fixes:

  • Chart widget styling updated: BarChartWidget, FunnelWidget, PieChartWidget, RadarWidget, TableWidget, TimeSeriesWidget.
  • WidgetDetailExpander — Expanded detail panel layout improved.
  • DashboardCard — Card layout and spacing fixes.

2026-03-05

Query-Based Campaign Scope

Diff: 2eaf545a..969a14f9.

Source files:

  • backend/internal/features/campaigns/query_evaluator.go (new) — QueryEvaluator struct. EvaluateQuery(): groups inclusion conditions by entity, resolves each entity to account ID sets, intersects (AND), then subtracts exclusions (OR). Supports 5 entity types: account (uses AccountFilter.FieldQueries), owner (reflection-based field matching), group (groups repo + memberships), role (roles → owners → accounts), classification (classification → accounts).
  • backend/internal/features/campaigns/models.go — Added CampaignTypeQuery = "QUERY". Added CampaignQueryDefinition (inclusion/exclusion filter arrays), CampaignQueryCondition (entity + field + operator + value), CampaignQueryTestResult (count + sample accounts), CampaignQuerySample. CampaignSettings.QueryDefinition field added.
  • backend/internal/features/campaigns/service.go — Added TestQuery() and GetQueryFields() methods.
  • backend/internal/features/campaigns/account_resolver.go — Updated to support QUERY type campaigns.
  • backend/internal/web/controllers/campaigns_controller.go — Added POST /campaigns/query/test (testQuery) and GET /campaigns/query/fields (getQueryFields). Registered before /{id} to avoid path conflicts.

Operators supported: equals, not_equals, contains, not_contains, starts_with, ends_with, greater_than, less_than, greater_equal, less_equal, is_null, is_not_null, in, not_in.

Reflection-based matching: matchesAllConditions() uses reflect.ValueOf() and snakeToCamel() to map snake_case field names to struct field names. Handles pointer dereference.

Review Item Entitlements and History Endpoints

Source files:

  • backend/internal/web/controllers/campaigns_controller.go — Added GET /{id}/review-items/{accountId}/entitlements and GET /{id}/review-items/{accountId}/history. Entitlements pulls group memberships (with is_high_privilege flag) and app roles from groupsRepo and appRolesService. History queries past approvals across all campaigns for the account.
  • backend/internal/boot/adapters.go — Injected GroupsRepository and AppRolesService into CampaignsController.

User Preferences (Server-Backed)

Source files:

  • backend/internal/features/user_preferences/models.goUserPreferences struct: Theme, ReviewColumns []string, ReviewDetailSections []string. KV storage key scoped per user.
  • backend/internal/features/user_preferences/service.goGetPreferences() (loads or returns defaults), SetPreferences() (partial update, validates theme values).
  • backend/internal/web/controllers/user_preferences_controller.goGET /user/preferences, PUT /user/preferences. No admin role required.
  • backend/internal/web/router.go — Registered UserPreferencesController.
  • frontend/src/services/preferences.service.ts (new) — getPreferences(), setPreferences().
  • frontend/src/context/UserPreferencesContext.tsx (new) — UserPreferencesProvider fetches from server on mount. setTheme(), setReviewColumns(), setReviewDetailSections() all persist to server. Falls back to defaults if server is unreachable.
  • frontend/src/components/settings/PreferencesSettings.tsx — Rebuilt. Added Account List Fields (80+ columns in 6 categories, searchable, categorized) and Detail Panel Sections (8 sections). Required columns user and status are disabled.
  • frontend/src/context/ThemeContext.tsx — Now delegates to UserPreferencesContext.

Default columns: user, risk, privilege, signals, application, activity, owner, status.

Default sections: all 8 (ai_recommendations, owner_details, account_details, risk_factors, entitlements, previous_decisions, similar_accounts, audit_trail).

New Manifest Mappings

Three new source-to-doc mappings proposed:

  • backend/internal/features/campaigns/query_evaluator.gocontrol/access-review/campaigns-page.md and control/api/campaigns.md
  • backend/internal/features/user_preferences/*.gocontrol/settings/preferences.md and control/api/settings.md
  • backend/internal/web/controllers/campaigns_controller.gocontrol/api/campaigns.md

2026-02-23

Provisioning Feature

Major new feature: SCIM-based provisioning for automated account lifecycle management. Commits: PROV-5 through PROV-17. Diff: ac5793c9..e6cbc54d.

Source files triggering documentation:

  • backend/internal/features/provisioning/models.go — Core provisioning models (ExternalSystem, ProvisioningAction, ProvisioningRule, TemporaryCredential)
  • backend/internal/features/provisioning/connector.go — Connector interface and registry
  • backend/internal/features/provisioning/connectors/entra/connector.go — Microsoft Entra ID SCIM connector
  • backend/internal/features/provisioning/connectors/jira/connector.go — Jira ticketing connector
  • backend/internal/features/provisioning/connectors/zendesk/connector.go — Zendesk ticketing connector
  • backend/internal/features/provisioning/scim/client.go — Reusable SCIM 2.0 client (RFC 7643/7644)
  • backend/internal/features/provisioning/scim/models.go — SCIM user, group, and patch operation models
  • backend/internal/features/provisioning/repository.go, repository_kv.go — Provisioning data persistence layer
  • backend/internal/features/provisioning/vault/ — Azure Key Vault secret store integration
  • backend/cmd/worker/dispatch_provisioning_test.go — Worker dispatch integration tests

External System Types:

  • entra — Microsoft Entra ID (SCIM identity management)
  • jira — Jira (ticketing)
  • zendesk — Zendesk (ticketing)
  • salesforce — Salesforce (identity management)

Provisioning Action Types:

  • Account lifecycle: create_account, modify_account, disable_account, enable_account
  • Group membership: add_account_to_group, remove_account_from_group
  • Role assignment: add_account_to_role, remove_account_from_role
  • Ticketing: create_ticket, get_ticket, update_ticket, transition_ticket, comment_ticket, delete_ticket, list_tickets

Trigger Event Types:

  • Data changes: account_created, account_updated, account_deleted, group_member_added, group_member_removed, role_assigned, role_revoked
  • Ticket lifecycle: ticket_resolved, ticket_approved, ticket_rejected

Credential Delivery Methods:

  • email — Encrypted email delivery
  • in_app — In-app notification with secure reveal
  • both — Email and in-app
  • sspr — Self-Service Password Reset link

Campaign Review UI Refresh

Redesigned campaign review experience with enhanced keyboard navigation and batch operations. Commit: ada4d7ec.

Source files triggering documentation:

  • frontend/src/pages/CampaignReview.tsx — Main review page with hooks integration
  • frontend/src/hooks/useReviewItems.ts — Review items data fetching and state
  • frontend/src/hooks/useReviewActions.ts — Review action handlers (approve, reject, flag, skip, undo)
  • frontend/src/hooks/useReviewSelection.ts — Selection state and batch selection
  • frontend/src/hooks/useReviewColumns.ts — Column visibility and ordering
  • frontend/src/hooks/useReviewKeyboard.ts — Keyboard shortcut bindings
  • frontend/src/components/campaign-review/ReviewKPICards.tsx — Status KPI cards with click-to-filter
  • frontend/src/components/campaign-review/ReviewFilterBar.tsx — Filter toolbar
  • frontend/src/components/campaign-review/ReviewTable.tsx — Account list table
  • frontend/src/components/campaign-review/ReviewDetailPanel.tsx — Account detail panel
  • frontend/src/components/campaign-review/BatchActionBar.tsx — Batch action toolbar

Keyboard Shortcuts:

  • A — Approve, R — Reject, F — Flag, S — Skip
  • J/ — Next item, K/ — Previous item
  • Space — Toggle batch select, Ctrl+A — Select all pending
  • Ctrl+Shift+A — Batch approve, Ctrl+Shift+R — Batch reject
  • Z — Undo, Esc — Clear selection, ? — Show shortcuts help
  • [/] — Previous/next page

Bug Fixes

  • fix sync job execution DAG — Fixed dependency graph ordering in sync orchestration
  • fix sidebar load performance — Reduced sidebar render time
  • fix platform campaign creation — Use account platform instead of owner platform
  • fix unbounded limit from user input — Added max limit validation
  • pagination issue fixed — Fixed pagination offset calculation
  • fix lazy loading for applications page — Improved application list performance
  • fix multi-select behavior — Corrected batch selection state management

2026-02-17

Custom Dashboards Feature

Major new feature: canvas-first custom dashboard builder with AI-assisted creation. Branch: feature/customdashboards. Diff: eb635293..ac5793c9.

Source files triggering documentation:

  • docs/custom-dashboards-requirements.md — Product requirements document (v1.2 MVP scope)
  • frontend/src/pages/Dashboards.tsx, frontend/src/pages/DashboardView.tsx — Dashboard list and canvas view pages
  • frontend/src/components/dashboard/prebuilt-widgets.ts — 18 pre-built widget definitions across 6 dashboard templates
  • frontend/src/components/widgets/visualizations/ — 10 new widget types: AnomaliesWidget, FunnelWidget, GaugeWidget, HealthScoreWidget, HeatmapWidget, ImpactTimelineWidget, InsightsWidget, ProgressTrackerWidget, RadarWidget, TreemapWidget
  • frontend/src/components/widgets/AddWidgetDrawer.tsx, WidgetEditDrawer.tsx, WidgetManagement.tsx — Widget CRUD interface
  • frontend/src/lib/echarts.tsx — Apache ECharts integration (replaced Recharts)
  • frontend/src/lib/anomaly-detection.ts, health-score.ts, period-comparison.ts — Calculation libraries
  • backend/internal/mcp/tools/ — 7 new MCP tools: create_dashboard, create_widget, list_dashboards, list_widgets, update_dashboard, update_kpi_definition, update_widget
  • frontend/src/components/settings/KPISettings.tsx — KPI definition management UI
  • frontend/src/components/kpi/BucketEditor.tsx — Numeric range bucket editor for KPI group-by

Backend changes:

  • backend/internal/features/kpi/calculator.go — KPI calculation enhancements, bucket aggregation
  • backend/internal/features/kpi/models.go — New KPI model fields (buckets, schedule, retention)
  • backend/internal/features/sync/orchestrator.go — Auto-recalculate KPIs after sync completion
  • backend/internal/web/controllers/kpi_controller.go — New KPI API endpoints
  • backend/internal/web/controllers/settings_controller.go — Settings API updates

Classifications Feature

New account classification pages with pre-computed risk statistics. Branch: feature/customdashboards.

Source files triggering documentation:

  • frontend/src/pages/Classifications.tsx — Classification list page with search, tile/list views
  • frontend/src/pages/ClassificationDetails.tsx — Classification detail page with risk breakdown
  • backend/internal/features/classification/models.go — Classification entity and statistics models (MFA, password, staleness, privileged metrics)
  • backend/internal/features/classification/service.go — Classification service with statistics pre-computation
  • backend/internal/web/controllers/classification_controller.go — Classification API endpoints
  • frontend/src/services/classification.service.ts — Frontend API client

Charting Engine Migration

Replaced Recharts with Apache ECharts for all dashboard visualizations.

Source files:

  • frontend/src/lib/echarts.tsx — New ECharts wrapper component
  • frontend/package.json — Dependency change: removed recharts, added echarts and echarts-for-react
  • All visualization components in frontend/src/components/widgets/visualizations/ updated

UI Refreshes

  • frontend/src/pages/Campaigns.tsx — Campaign page layout refresh
  • frontend/src/pages/Policies.tsx, PolicyDetails.tsx, EditPolicy.tsx — Policy pages UI refresh with dashboard widget integration
  • frontend/src/pages/Applications.tsx, ApplicationDetails.tsx — Application performance improvements
  • frontend/src/components/layout/Layout.tsx, Sidebar.tsx, Navbar.tsx — Navigation layout updates (added Dashboards and Classifications)

2026-02-12

Discovery API Integration Reference

Cross-referenced Discovery API endpoints used by Control's integration layer. Relevant API reference pages in discover/api/ now include Control integration context (field mappings, auth patterns, retry logic) based on:

  • backend/internal/features/integrations/hydden/http_client.go — authentication patterns
  • backend/internal/features/integrations/hydden/interfaces.go — client interface contract
  • Dashboard integration patterns from docs/dev-hints/frontend/dashboards/

See the Discovery API Reference for the full developer documentation.

2026-02-11

Documentation pipeline baseline established (commit eb635293). Key product updates in this release:

Infrastructure

  • Refactored repository layer with new generic base repository pattern
  • Improved KV store abstraction for better maintainability
  • Enhanced auditing capabilities across all features

Features

  • Updated application management workflows
  • Enhanced campaign review functionality
  • Improved policy and compliance tracking
  • Refinements to role configuration
  • Updated group and account management

Removed

  • Legacy employees module removed (superseded by platform users and owner management)

Hydden Documentation and Training Hub

Copyright © 2026 Hydden