docs: sync project documentation with today's v8.0 wave-1 push#138
Merged
Conversation
Brings every cross-cutting doc surface in line with the 21 PRs that landed on `main` on 2026-05-14, anchored by the v8.0 architectural foundation (PR #125) and the security + correctness wave that followed it. - `CHANGELOG.md` — new `[Unreleased]` block covering the v8.0 architectural foundation (graph at ingest, four-agent rebrand, `/hunt`, sixteen connectors, automation maturity, public scoreboard), the eight-PR security hardening wave (PRs #116-#128), the three-PR CodeQL alert sweep to zero (#133, #136, #137), the UEBA env-var alignment (PR #135, first community contribution, closes #134), the security-smoke + UX cleanup pair (PR #132, closes #131 + #130), and the playbook engine correctness pass (PR #129). - `README.md` — new `v8.0 wave-1 (on main, not yet tagged)` entry in the version-history section; `Next` block rewritten as `v8.0 wave-2` with the still-`[~]` items from `AISOC_V8_PROGRESS.md`. Version badge intentionally not bumped (still 7.3.1) because wave-1 is on `main` but not tagged. - `AGENTS.md` — new `v8.0 wave-1` block under "Learned Workspace Facts" documenting the four-agent topology, `/hunt` surface, connector inventory, automation maturity ladder, security wave outcomes, CodeQL hygiene patterns (inline `replace`-chain sanitisation for `py/log-injection`, single import style for `py/import-and-import-from`), and the UEBA env-var dual-alias convention. - `AISOC_V8_PROGRESS.md` — `Status` block refreshed to record that PR #125 shipped at `b854010e` on 2026-05-14, list the 12 post-merge PRs that landed on `main` after it, and clarify that wave-2 is the still-tracked `[~]` work. - `apps/docs/docs/deployment/env-vars.md` — UEBA section rewritten around the dual-alias rule (unprefixed wins over `UEBA_`-prefixed, matches every other Python service and the `docker-compose.yml` exports); table now lists canonical + legacy names side by side. - `apps/docs/docs/operations/security.md` — new `Static analysis (CodeQL)` section: zero alerts on `main` as a CI gate, plus the two patterns that came up repeatedly during the sweep (inline-at-call-site sanitisation for `py/log-injection`, single import style for `py/import-and-import-from`). No code changes; pure documentation sync.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Brings every cross-cutting doc surface in line with the 21 PRs that landed on
mainon 2026-05-14, anchored by the v8.0 architectural foundation (PR #125) and the security + correctness wave that followed it. No code changes — pure documentation sync.What changed
CHANGELOG.md— new[Unreleased]block covering:/hunt, sixteen connectors, automation maturity, public scoreboard) — PR feat(v8.0): graph at ingest, four-agent rebrand, /hunt, 16 connectors, public benchmark #125main— PRs chore(security): resolve all open CodeQL python alerts #133, fix(security): resolve final 2 CodeQL alerts (#440, #441) #136, fix(security): resolve CodeQL alert #442 (waitlist log injection) #137README.md— newv8.0 wave-1 (on main, not yet tagged)entry in the version-history section;Nextblock rewritten asv8.0 wave-2. Version badge intentionally not bumped (still 7.3.1) because wave-1 is onmainbut not tagged.AGENTS.md— newv8.0 wave-1block under "Learned Workspace Facts": four-agent topology,/huntsurface, connector inventory, L0–L4 maturity ladder, security-wave outcomes, CodeQL hygiene patterns, UEBA dual-alias env-var convention.AISOC_V8_PROGRESS.md—Statusblock refreshed to record that PR feat(v8.0): graph at ingest, four-agent rebrand, /hunt, 16 connectors, public benchmark #125 shipped atb854010eon 2026-05-14, list the 12 post-merge PRs that landed onmainafter it, and clarify that wave-2 is the still-tracked[~]work.apps/docs/docs/deployment/env-vars.md— UEBA section rewritten around the dual-alias rule (unprefixed wins overUEBA_-prefixed, matches every other Python service and thedocker-compose.ymlexports). Table now lists canonical + legacy names side by side.apps/docs/docs/operations/security.md— newStatic analysis (CodeQL)section documenting the zero-alert CI gate and the two reusable patterns from the sweep (inline-at-call-site sanitisation forpy/log-injection, single import style forpy/import-and-import-from).Verification
git diff --statshows 141 insertions / 28 deletions across 6 filesapps/docs/docs/architecture/graph-schema.md,apps/docs/docs/console/funnel-kpis.md,apps/docs/docs/concepts/automation-maturity.md,apps/docs/docs/benchmark-scoreboard.mdx,apps/docs/static/data/scoreboard.json,apps/web/content/blog/graph-at-ingest.mdx,apps/web/content/blog/automation-maturity.mdx,apps/web/content/papers/l0-l4-automation-maturity.md— all present onmain)Test plan
apps/docs) renders the new env-vars table and newStatic analysis (CodeQL)security section without warnings#ueba-service-servicesueba,#static-analysis-codeql)v8.0 wave-1block renders correctly on GitHubMade with Cursor