fix: minor bug fixes sweep (15 bugs)

[TerrifiedBug]

Summary

Polish-sprint PR fixing 15 reported bugs across telemetry, alerts, fleet, audit, library, and backups. Single branch, one logical commit per bundle so the diff stays reviewable.

Bugs fixed

Telemetry

• Docs link in /settings/telemetry now points at the GitBook page instead of a non-existent local route.
• Telemetry entry added to the settings sidebar (System group) and overview cards.
• Deployment mode auto-detects (KUBERNETES_SERVICE_HOST → helm, /.dockerenv → docker, otherwise bare); unknown is reserved for an explicit override that doesn't match the enum.

Vector version

• New src/lib/vector-version.ts is the canonical source. docker/server/Dockerfile, agent/Dockerfile, and agent/install.sh reference it via comments.
• Server image bumped 0.53.0 → 0.54.0 to match the agent + installer (server was lagging).
• Settings > Version Check now surfaces the bundled Vector version with a link to the upstream release notes.

Anomaly detection settings save

• Form now hydrates directly from the mutation response in onSuccess instead of relying on the useEffect sync. The dirty toggle was re-running the effect before the refetch resolved, so saved values appeared to revert.

Alerts architecture

• Outbound webhooks (WebhookEndpoint) UI moved from Settings > Outbound Webhooks → Alerts > Channels as OutboundWebhooksSection. /settings/webhooks now redirects to /alerts?tab=channels.
• Sidebar + settings overview no longer show a standalone Outbound Webhooks entry.
• AnomalyHistorySection now renders inside the History > Grouped tab so anomalies appear next to correlated alert groups during incident triage.

Audit log

• Default audit list view now hides scim.* entries to cut sync-loop noise; they reappear when the user filters by SCIM entity types, picks a scim.* action explicitly, or searches for scim.
• Native HTML date inputs replaced with a shadcn-style DateRangePicker built on react-day-picker v9 + Popover. Adds calendar.tsx and date-range-picker.tsx primitives.

Fleet

• Deployment matrix on the fleet overview defaults the status filter to running when the URL has no status param. An explicit ?status= overrides the default; the default isn't counted as an active filter.
• Node logs container respects parent width (w-full + min-w-0) and the toolbar wraps on narrow viewports instead of forcing horizontal scroll. Long log lines break-words inside their own scroll region.
• withTeamAccess middleware now resolves teamId from a NodeGroup id, fixing the Cannot resolve team context from input error when editing or deleting node groups.

Misc

• Backup download route returns JSON errors so the browser doesn't save the error body as download.txt. UI fetches with toast on failure, blob-downloads on success.
• Shared NODE_KIND_META extracted to src/lib/node-kind-colors.ts. Library shared-components page now uses pipeline-canvas colors (left-border accent + colored badges) instead of ad-hoc emerald/sky/orange utility classes.

Out of scope (added to backlog)

• Dropping AlertWebhook model entirely — wired into 5 services + tests, deserves a dedicated PR. Plaintext-secret risk noted.
• Per-event SCIM status logging so failures can be surfaced in the default audit view.
• Folding AnomalyEvent into AlertCorrelationGroup at the data layer (correlator + schema change).

Test plan

• pnpm test — full vitest suite (2531 tests passing locally)
• pnpm tsc --noEmit — typecheck clean
• Manual: Settings > Telemetry — verify GitBook link + sidebar entry visible
• Manual: Settings > Version Check — verify Vector version row renders
• Manual: Settings > Anomaly Detection — change baseline window, save, refresh; value persists
• Manual: /alerts Channels tab — Outbound Webhooks section renders + create/edit/test still works
• Manual: /alerts History > Grouped — anomalies section appears under correlated groups
• Manual: /audit — date range picker works, SCIM successes hidden by default
• Manual: /fleet overview — deployment matrix defaults to running-only on first visit
• Manual: /fleet/<nodeId> Logs tab — no horizontal scroll on narrow viewport
• Manual: Edit a node group — saves without "Cannot resolve team context" error
• Manual: Settings > Backup — download a backup file actually downloads (not download.txt); error case shows toast
• Manual: Library > Shared Components — colors match pipeline canvas

[greptile-apps]

Greptile Summary

This polish-sprint PR fixes 15 reported bugs across telemetry, audit, fleet, alerts, and backups — including the anomaly detection save-revert race, the node-group team-resolution error, and the backup download saving error bodies as files. The changes are generally well-scoped and consistent with the existing codebase patterns.

One P2 issue found: the new DateRangePicker in the audit log is initialized with new Date(startDate) where startDate is a \"yyyy-MM-dd\" string. ECMAScript parses date-only strings as UTC midnight, so in UTC-negative timezones the calendar highlights the previous day — if the user reopens the picker and confirms, the stored date silently shifts one day earlier.

Confidence Score: 4/5

Safe to merge; only finding is a P2 timezone display bug in the audit date picker that doesn't affect stored data.

All 15 bug fixes are correctly implemented and consistent with the codebase's patterns. The single P2 finding (UTC date-string parsing in the audit DateRangePicker) causes the wrong day to be highlighted on reopen in UTC-negative timezones but does not cause data loss. No P0/P1 issues found.

src/app/(dashboard)/audit/page.tsx — date string construction passed to DateRangePicker should use local midnight (T00:00:00 suffix) instead of relying on bare new Date('yyyy-MM-dd') UTC parsing.

Important Files Changed

Filename	Overview
src/trpc/init.ts	Adds NodeGroup → environment → teamId resolution to the withTeamAccess lookup chain, fixing the 'Cannot resolve team context' error for node group mutations. Consistent with the existing pattern; no RBAC bypass risk.
src/app/(dashboard)/audit/page.tsx	Replaces two native date inputs with a DateRangePicker; SCIM filter handled correctly. Contains a timezone bug: date-only strings passed to new Date() are UTC midnight, causing the calendar to highlight the previous day in UTC-negative zones.
src/server/services/telemetry-sender.ts	Deployment-mode auto-detection added (KUBERNETES_SERVICE_HOST → helm, /.dockerenv → docker, fallback → bare). The existsSync call is guarded with try/catch. Logic matches the updated tests.
src/server/routers/audit.ts	SCIM entries excluded from default view via AND/NOT condition; correctly reinstated when filtering by SCIM entity type, scim.* action, or a search string containing 'scim'. Tests cover all three bypass paths.
src/app/(dashboard)/settings/_components/backup-settings.tsx	Download replaced from plain anchor href to fetch+blob pattern; error responses are now shown as toasts instead of being saved as download.txt. Standard revoke-after-click ordering is safe in modern browsers.
src/app/api/backups/[filename]/download/route.ts	All error branches now return JSON with Content-Type: application/json via the new jsonError helper, consistent with the client-side fetch+toast approach.
src/hooks/use-matrix-filters.ts	Status filter defaults to ['running'] when no URL param exists; explicit ?status= overrides it; clearFilters now sets ?status= to prevent the default re-applying. Logic and tests are aligned.
src/app/(dashboard)/settings/_components/anomaly-detection-settings.tsx	Form now hydrated directly from mutation response in onSuccess, preventing the useEffect re-running on dirty state from reverting saved values before the refetch resolves.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    subgraph withTeamAccess["withTeamAccess middleware (src/trpc/init.ts)"]
        A["rawInput.teamId?"] -->|yes| DONE["teamId resolved ✓"]
        A -->|no| B["rawInput.environmentId?"]
        B -->|yes| DONE
        B -->|no| C["rawInput.pipelineId?"]
        C -->|yes| DONE
        C -->|no| D["rawInput.id → try multiple entity types"]
        D --> E["AlertWebhook?"]
        E -->|found| DONE
        E -->|miss| F["NodeGroup → environment.teamId 🆕"]
        F -->|found| DONE
        F -->|miss| G["NotificationChannel?"]
        G -->|found| DONE
        G -->|miss| H["… more lookups …"]
        H -->|all miss| ERR["Cannot resolve team context ❌"]
    end

Loading

Comments Outside Diff (1)

1. src/app/(dashboard)/audit/page.tsx, line 1162-1165 (link)

   Date-string parsed as UTC midnight, shows wrong day in western timezones

   new Date("yyyy-MM-dd") follows the ECMAScript spec and treats date-only ISO strings as UTC midnight. In a UTC-5 timezone that resolves to the previous evening (Jan 14 @ 19:00 local), so react-day-picker highlights January 14 instead of January 15 when the picker is reopened. If the user confirms without changing anything, format(range.from, "yyyy-MM-dd") then writes back "2024-01-14", silently shifting the filter one day earlier.

   Fix: force local midnight by appending T00:00:00 before passing to Date:

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: src/app/(dashboard)/audit/page.tsx
   Line: 1162-1165
   
   Comment:
   **Date-string parsed as UTC midnight, shows wrong day in western timezones**
   
   `new Date("yyyy-MM-dd")` follows the ECMAScript spec and treats date-only ISO strings as UTC midnight. In a UTC-5 timezone that resolves to the previous evening (Jan 14 @ 19:00 local), so react-day-picker highlights January 14 instead of January 15 when the picker is reopened. If the user confirms without changing anything, `format(range.from, "yyyy-MM-dd")` then writes back "2024-01-14", silently shifting the filter one day earlier.
   
   Fix: force local midnight by appending `T00:00:00` before passing to `Date`:
   
   
   How can I resolve this? If you propose a fix, please make it concise.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: src/app/(dashboard)/audit/page.tsx
Line: 1162-1165

Comment:
**Date-string parsed as UTC midnight, shows wrong day in western timezones**

`new Date("yyyy-MM-dd")` follows the ECMAScript spec and treats date-only ISO strings as UTC midnight. In a UTC-5 timezone that resolves to the previous evening (Jan 14 @ 19:00 local), so react-day-picker highlights January 14 instead of January 15 when the picker is reopened. If the user confirms without changing anything, `format(range.from, "yyyy-MM-dd")` then writes back "2024-01-14", silently shifting the filter one day earlier.

Fix: force local midnight by appending `T00:00:00` before passing to `Date`:
```suggestion
                from: startDate ? new Date(`${startDate}T00:00:00`) : undefined,
                to: endDate ? new Date(`${endDate}T00:00:00`) : undefined,
```

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "test(fleet): update matrix-filter tests ..." | Re-trigger Greptile}