Pull Request Explorer

Summary

Add deployment depth metrics to telemetry

Adds comprehensive metrics to self-hosted telemetry, enabling deeper insight into deployment complexity, secret sync adoption, integration depth, PKI usage, and infrastructure footprint, improving customer analytics and product decisions.

Health Assessment

• • Rapid review and minimal rework indicate a straightforward, low-risk enhancement.

Summary

Expand forbid policies to cover legacy actions

Fixes permission handling by expanding forbid policies to include legacy actions, ensuring consistent security enforcement across the platform.

Health Assessment

• • The PR was reviewed and merged within 20 hours with no significant rework, indicating a smooth and low-risk fix.

Summary

Increase cron job test timeout to 20 seconds

Adjusts the test hook timeout to prevent flaky failures when cron jobs run near minute boundaries, improving reliability of end‑to‑end tests.

Health Assessment

• • Quick fix with minimal changes, reviewed immediately by AI, merged within 36 minutes.

Summary

Add upgrade impact data for v0.160.3

Adds configuration for upgrade impact data for version v0.160.3, enabling automated upgrade checks and impact assessment.

Health Assessment

• • Fast cycle time, single review, minimal changes, indicating a low‑risk, low‑friction update.

Summary

Add Organization Created telemetry event

Adds a dedicated Organization Created event to PostHog, enabling accurate activation funnel tracking for new organizations.

Health Assessment

• • Fast review cycle with minimal rework, delivering a clear business value by improving activation funnel tracking.

Summary

Remove enrollment from profile endpoints

Simplifies the certificate profile API by removing enrollment configuration fields, reducing complexity and potential security exposure for clients.

Health Assessment

• • The PR was reviewed quickly but required multiple commits to resolve test failures and adjust the API, indicating moderate complexity and a high overall scope.

Summary

Update daily cleanup timeout to 45 minutes

Adjusts the timeout for the daily resource cleanup cron to 45 minutes, ensuring more reliable cleanup operations.

Health Assessment

• • Quick review and merge, minimal changes, low risk.

Summary

Move CA CRL rotation to cronJob

Shifts CA CRL rebuild and DigiCert order polling from dedicated Bull queues to a shared cron scheduler, reducing queue load and simplifying maintenance.

Health Assessment

• • The PR had a long cycle time but was reviewed quickly, indicating a straightforward change that was easy to approve.

Summary

Add XSIAM audit stream logging integration documentation

Adds documentation for XSIAM audit stream logging integration, enabling users to understand how to configure and use the new audit log stream.

Health Assessment

• • Quick review and merge with minimal changes, indicating a straightforward documentation update.

Summary

Fix Cert Manager Export Project UI

Improves UI and documentation for Cert Manager export, enhancing user experience and clarity.

Health Assessment

• • Rapid review and minimal rework indicate a straightforward UI cleanup with low risk.

Summary

Add upgrade impact data for v0.160.2

Adds auto‑generated upgrade impact configuration for version 0.160.2, enabling accurate upgrade planning and documentation.

Health Assessment

• • Fast review and merge with minimal changes; AI‑generated content reviewed quickly.

Summary

Add upgrade impact data for v0.160.1

Adds upgrade impact configuration for version 0.160.1, enabling accurate upgrade planning and impact assessment.

Health Assessment

• • Quick review and single commit after review indicate a smooth, low‑friction process.

Summary

Revamp PKI migration and export tooling

Improves PKI certificate management, enabling smoother migrations and exports, enhancing security and developer experience.

Health Assessment

• • The PR was merged within 30 minutes of opening, with a single review and no major back‑and‑forth, indicating a smooth process. However, the change spans 18 files and over a thousand lines, representing a substantial code‑base impact that warrants careful monitoring in future releases.

Summary

Fix live logs for PAM sessions

Corrects live log streaming for all resource types, improving reliability for users.

Health Assessment

• • Quick review and single iteration indicate a straightforward bug fix with minimal risk.

Summary

Add principals flag to dynamic secrets docs

This PR updates documentation to include the new --principals flag for SSH dynamic secrets and agent templates, improving clarity for users. It ensures users understand how to specify principals when configuring SSH secrets.

Health Assessment

• • Docs update completed quickly with minimal review friction.

Summary

Refactor external migration to use app connection

Enables users with app connection access to import secrets, expanding import capabilities beyond admin-only access. This improves flexibility and reduces administrative overhead.

Health Assessment

• • The PR involved extensive refactoring of secret import logic, with a large number of line changes and a review request after several days, indicating moderate complexity and potential risk.

Summary

Fix domain account web access

Corrects web access for domain accounts, ensuring proper authentication and access control.

Health Assessment

• • Quick fix with minimal changes, merged within 2 hours, indicating low complexity and high confidence.

Summary

Fix edge case in vault import

Corrects a subtle bug in vault import logic, preventing potential failures during data migration and ensuring reliable onboarding for users.

Health Assessment

• • Quick fix with minimal changes, reviewed and merged within 20 hours, indicating low complexity and high confidence.

Summary

Add permission audit to project users page

Provides a comprehensive audit trail of user permissions, enhancing compliance and transparency for administrators.

Health Assessment

• • The PR had a normal cycle time but required multiple iterations after the initial review, indicating moderate review friction. The large number of lines added and many files changed suggest a high-impact feature with potential integration complexity.

Summary

Invalidate query on admin project join

Ensures proper cache invalidation when an admin joins a project, improving data consistency and removing unused legacy files.

Health Assessment

• • Fast cycle time and single AI review indicate a well‑scoped, low‑risk fix with minimal rework.

Summary

Resolve Entra SCIM replace issue

Fixes incorrect SCIM patch behavior for Entra, preventing membership truncation and aligning with SCIM 2.0 standards, improving reliability of auto‑provisioning.

Health Assessment

• • Quick fix with minimal changes, fast review and merge, low risk.

Summary

Use auth for non-bucket log chunk fetch

Adds authentication to non-bucket log chunk fetch, improving security and consistency.

Health Assessment

• • Quick fix with minimal changes and a single review, indicating low complexity and high confidence.

Summary

Improve EST Authentication

Enhances security by fixing EST authentication, reducing potential unauthorized access.

Health Assessment

• • Quick initial review but required multiple commits to address feedback, leading to a longer overall cycle time.

Summary

Harden authorization on PKI sync and certificate flows

Strengthens security by tightening permission checks for PKI synchronization, certificate issuance, and profile management, reducing the risk of unauthorized access.

Health Assessment

• • Fast review and minimal rework indicate a straightforward security fix with low impact on existing functionality.

Summary

Fix multiple actions display in org roles page

Corrects UI bug where roles with multiple actions were not displayed properly, improving role management accuracy for administrators. Ensures administrators see all assigned actions, enhancing clarity and reducing misconfiguration.

Health Assessment

• • Quick fix with minimal changes and immediate approval, indicating low complexity and high confidence.

Summary

Add sliding-window error tracking for audit logs

Enables real‑time monitoring of audit log failures, alerting admins via in‑app notifications and email when thresholds are exceeded, improving security oversight.

Health Assessment

• • The PR had a quick initial review but required significant rework after a 4‑day gap, indicating moderate complexity and a lengthy cycle time.

Summary

Add PVC for session recording persistence

Adds persistent volume claim for session recordings on gateway, enabling durable storage for recordings.

Health Assessment

• • The PR had multiple iterations after the initial review, indicating some rework, but the overall scope was moderate and the merge was completed after a few days.

Summary

Fix RSA padding oracle in SCEP

Removes a critical security vulnerability in SCEP RSA padding, ensuring secure certificate enrollment.

Health Assessment

• • PR received a quick review and required minimal rework, but the overall cycle time was long due to a delayed review start. The change is small and low risk.

Summary

Add secret duplication across environments

Enables users to copy secrets between environments, improving workflow efficiency and reducing manual configuration.

Health Assessment

• • The PR required extensive back‑and‑forth with multiple review rounds and a large number of changes, indicating high complexity and potential risk.

Summary

Validate slug format and enforce uniqueness

Ensures organization slugs are properly formatted on the front end and unique on the back end, preventing duplicate entries and improving data integrity.

Health Assessment

• • Review was delayed due to an overage limit, but the PR was resolved quickly after the single review.

Summary

Add browser-based RDP client with session recording and playback

Enables users to access Windows Server resources via a browser-based RDP client, record sessions, and play back recordings, improving remote access flexibility and auditability.

Health Assessment

• • The PR had a long cycle time with multiple iterations after the initial review, indicating significant rework. Automated AI reviews contributed to the review process, but the overall complexity and size suggest a high-risk change.

Summary

Fix secret sync concurrency and retry budget

Improves reliability of secret synchronization by ensuring atomic concurrency admission and extending retry window, reducing sync failures and enhancing user experience.

Health Assessment

• • Multiple iterations after review and an extended cycle time indicate moderate complexity and potential bottlenecks in the review process.

Summary

Make Go SDK cleanup more explicit

Clarifies cleanup steps for the Go SDK, improving developer guidance and reducing confusion.

Health Assessment

• • Quick review and merge with minimal changes; no significant rework or blockers.

Summary

Remove BadRequestError for cert-manager projects

Fixes error handling for cert-manager project resolution, preventing unnecessary failures.

Health Assessment

• • Quick fix with minimal changes, no review needed, merged immediately.

Summary

Fix BadRequestError for explicit project ID requests

This change prevents BadRequestError when clients explicitly request a project ID, improving API reliability and reducing client errors.

Health Assessment

• • The PR was merged within 36 minutes with only one additional commit after review, indicating a smooth process.
• • The use of AI feedback was quickly incorporated, resulting in minimal rework.

Summary

Decrease gateway health check interval for HA

Reduces gateway staleness timeout from 1 hour to 5 minutes so dead gateways drop out of pool load balancing quickly, improving high‑availability and load‑balancing responsiveness.

Health Assessment

• • The PR required multiple iterations after a single review, leading to a long cycle time, but the change significantly improves gateway health detection and HA.

Summary

Chore: per-job timeout for daily cleanup

Adds per-job timeout configuration to cron jobs, reducing risk of long-running cleanup tasks hitting global timeout.

Health Assessment

• • Fast cycle time of under 4 hours and minimal review rounds indicate a smooth, low-risk change.

Summary

Fix extglob handling in permission boundary heuristics

Improves permission boundary logic to correctly handle extended glob patterns in secret path rules, ensuring accurate access control and preventing potential security gaps.

Health Assessment

• • Quick review and merge after adding comprehensive tests; minimal code changes and clear intent.

Summary

Remove block for cert manager project endpoints

Eliminates an unnecessary access block, streamlining API calls for cert manager project endpoints and improving performance for end‑users.

Health Assessment

• • Quick, single‑commit fix with fast review and merge, indicating low complexity and minimal risk.

Summary

Gate upgrade PR to successful release

Ensures upgrade pull requests are only created after a successful release, reducing unnecessary PRs and streamlining deployment.

Health Assessment

• • Quick review and merge, minimal changes to CI pipeline.

Summary

Fix honey token trigger edge cases

Resolved two edge cases in honey token trigger, preventing credential exposure and mitigating DDoS via large JSON payloads.

Health Assessment

• • The PR required multiple small commits to address edge cases, indicating a complex bug fix that was iterated upon quickly after review. Despite a fast initial review, the overall cycle time was long due to extended development and testing.

Summary

Update depot build SHA to v1

Ensures the depot build action uses the correct commit SHA, improving build stability.

Health Assessment

• • Quick review and merge, minimal changes, low risk.

Summary

Change icon to activity in secret rotation

Updates the UI to replace the validate credentials icon with an activity icon, improving visual consistency.

Health Assessment

• • Quick icon swap with immediate approval, minimal risk.

Summary

Add upgrade impact data for v0.160.0

Adds self‑hosted upgrade impact data for version 0.160.0, enabling accurate upgrade planning.

Health Assessment

• • Rapid merge with minimal changes indicates low complexity and quick review.

Summary

Resolve missing transaction in SCIM service

Fixes a transaction handling bug in SCIM integration, ensuring consistent data consistency and preventing partial updates.

Health Assessment

• • Quick fix with minimal changes, reviewed by AI, merged within 1.1 hours.

Summary

PKI restructuring documentation update

Updates PKI-related database schemas and documentation to improve certificate management and application structure.

Health Assessment

• • Large schema changes were merged quickly with minimal review, indicating confidence but also a high risk of downstream impact.

Summary

Add PKI applications to Cert Manager

Introduces a PKI Applications abstraction that lets teams manage certificates per workload with dedicated memberships and enrollment configurations, enhancing security and operational efficiency.

Health Assessment

• • The PR had a long cycle time but only a single review round, suggesting a large but straightforward feature addition with minimal contention.

Summary

Enable ACME on free tier license

Enables ACME certificate provisioning for free tier users, aligning functionality with pricing documentation and improving user experience.

Health Assessment

• • Single commit and fast review indicate low complexity; long cycle time likely due to PR queue or scheduling delays.

Summary

Add preview environments for PRs

Enables per‑PR preview environments by building and deploying a backend image, improving testing and collaboration.

Health Assessment

• • Quick review and merge with minimal changes indicates low complexity and high confidence in the workflow.

Summary

Fix PAM inline approval duration

Corrects hardcoded 1h duration to use policy max, preventing failures when policy ranges differ.

Health Assessment

• • The PR involved a small change set and was reviewed immediately, but the overall cycle time was long due to a delayed merge.