Skip to content

docs(apps): add user guide for the Apps feature#278

Merged
maximelb merged 5 commits into
masterfrom
docs/apps-feature
Jun 20, 2026
Merged

docs(apps): add user guide for the Apps feature#278
maximelb merged 5 commits into
masterfrom
docs/apps-feature

Conversation

@maximelb

@maximelb maximelb commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a new top-level Apps documentation section that documents the in-console Apps feature for end users — security practitioners who may not be developers. It complements the existing Config Hive → Apps record reference (which stays the canonical record/format and API/SDK/CLI management reference) by covering the experience: building apps conversationally with the AI assistant, what the app runtime makes available, and how to accomplish the most common requests.

Pages

  • Overview (apps/index.md) — what an app is, where apps appear (the Apps launcher and embedded object panels), the security model in plain language (sandbox, brokered permission-scoped credentials, consent), Labs status, and the permissions needed to use the feature.
  • Creating & Managing Apps (apps/creating-and-managing-apps.md) — the AI-assistant authoring flow (plus a pointer to the CLI/API path), managing apps from the Apps page, a guided walkthrough of the consent screen, and placing an app standalone vs. embedded.
  • Building Blocks & Recipes (apps/building-blocks-and-recipes.md) — the design system at a glance and copy-paste recipes for KPI dashboards, tables, charts/graphs, historical-event widgets via Search, embedded sensor panels, and external lookups.
  • Reference (apps/reference.md) — the record fields, the window.lc runtime (api/chart/ctx/onThemeChange), services and limits, design-system tokens and classes, permission and consent classification, external-origin rules, locations/context, and validation limits.

Also

  • Adds the Apps section to the nav (after AI Sessions).
  • Cross-links the existing Config Hive → Apps page to the new guide.

Validation

  • markdownlint-cli2 passes (0 errors).
  • mkdocs build succeeds with no broken links or nav warnings for the new pages.

Apps is a Labs feature; the docs flag that and note availability may vary by organization.

🤖 Generated with Claude Code

https://claude.ai/code/session_01Y2iVk7q4X7Nyw5JpmzjU9Y

@maximelb @claude
docs(apps): add user guide for the Apps feature
ee4e17f 
Add a top-level "Apps" documentation section aimed at security
practitioners (not only developers), documenting the in-console Apps
feature end to end:

- Overview: what apps are, where they appear, the security model in
  plain language, and who can use them.
- Creating & Managing Apps: the AI-assistant authoring flow, managing
  apps from the Apps page, a guided read of the consent screen, and
  choosing where an app appears.
- Building Blocks & Recipes: the design system plus copy-paste recipes
  for KPIs, tables, charts/graphs, search-backed widgets, embedded
  sensor panels, and external lookups.
- Reference: the window.lc runtime (api/chart/ctx/theme), design-system
  tokens and classes, permission and consent classification, external
  origins, locations/context, and limits.

Wire the section into the nav and cross-link the existing
Config Hive: Apps record reference.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Y2iVk7q4X7Nyw5JpmzjU9Y
lcbill
lcbill previously approved these changes Jun 19, 2026
View reviewed changes
@maximelb @claude
docs(apps): fix API accuracy in recipes after review
0c18d7b 
Verified every endpoint, response field, and permission against the
backend (lc_api-go, replay), the SDKs, and go-essentials. Corrections:

- Search recipe: the query API is asynchronous and block-structured.
  Poll until `completed`, count events by summing `rows` of `events`
  blocks (not `results.length`), pass `startTime`/`endTime` as
  Unix-second strings, and require `insight.evt.get`.
- Embedded sensor panel: `GET /v1/<sid>` returns
  `{ online: { is_online }, info: { hostname } }`, so read
  `data.online.is_online` and `data.info.hostname` (not flat fields);
  require `sensor.get`.
- Add the `sensor.list` permission note to the chart recipe.

The sensor-list shape (`sensors[].is_online` / `hostname` / `sid`),
`sensor.list` for listing, `who.ident`, and all permission strings were
confirmed correct and left unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Y2iVk7q4X7Nyw5JpmzjU9Y
lcbill
lcbill previously approved these changes Jun 19, 2026
View reviewed changes
@maximelb @claude
docs(apps): use an exact COUNT for the Search recipe
2766658 
Verified against live data (an org with ~127k events/24h): the previous
row-counting tally returned only the first page's event count, not the
true total. Switch the recipe to an aggregating LCQL query
(`COUNT(event) as count`) and read the single aggregate row
(`results[].rows[0].data.count`), which is exact regardless of volume.
Relabel "Detections" to "Events" to match the all-events query.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Y2iVk7q4X7Nyw5JpmzjU9Y
lcbill
lcbill previously approved these changes Jun 19, 2026
View reviewed changes
@maximelb @claude
docs(apps): add loading states and chart-color guidance to recipes
77f3aca 
- KPI, Search, and embedded-panel recipes now start with a .lc-spinner and
  wrap calls in try/catch, so an app shows progress and surfaces errors
  instead of sitting on a blank dash.
- Chart recipe: note that pie/doughnut charts get one color per slice and
  that you can pass an explicit backgroundColor array (e.g. green/red).
- External-service recipe: note the site must send CORS headers and be
  reachable (DoH endpoints are commonly network-blocked).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01Y2iVk7q4X7Nyw5JpmzjU9Y
lcbill
lcbill previously approved these changes Jun 19, 2026
View reviewed changes
@maximelb @claude
docs(apps): add recipe screenshots and use a working external endpoint
0da75dc 
Inline a screenshot under each recipe in the Building Blocks & Recipes
page (Hello sample, KPI dashboard, sensors table, doughnut chart, event
count, embedded sensor panel, and the external IP lookup).

Point the "call an external service" recipe at ipinfo.io (free,
CORS-enabled) so the example works as-is, replacing the placeholder
intel.example.com that always failed to fetch.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_018GcEtE5BRz6CdvTxx37b2p
@maximelb maximelb marked this pull request as ready for review June 20, 2026 16:18
@maximelb maximelb merged commit c1a6472 into master Jun 20, 2026
2 checks passed
@maximelb maximelb deleted the docs/apps-feature branch June 20, 2026 16:18
@maximelb maximelb restored the docs/apps-feature branch June 21, 2026 03:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lcbill lcbill lcbill approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maximelb @lcbill