flanksource · moshloop · Jan 9, 2026 · Jan 8, 2026 · Jan 8, 2026 · Jan 9, 2026
diff --git a/canary-checker/docs/concepts/request-chaining.mdx b/canary-checker/docs/concepts/request-chaining.mdx
@@ -0,0 +1,90 @@
+---
+title: Request Chaining
+sidebar_position: 5
+---
+
+Request chaining allows you to create dependencies between checks within the same Canary, enabling complex multi-step verification workflows. A check can depend on other checks and access their output data through templating.
+
+## Use Cases
+
+- **Authentication flows**: Login first, then use the token for subsequent API calls
+- **Multi-step API workflows**: Create a resource, then verify its state
+- **Data-dependent checks**: Fetch configuration from one endpoint, use it in another
+
+## How It Works
+
+1. Define checks with unique names
+2. Use `dependsOn` to specify which checks must complete first
+3. Access previous check outputs via `outputs.<checkName>.<field>`
+
+Checks are executed in topological order based on their dependencies, ensuring dependent checks only run after their prerequisites complete successfully.
+
+## Example
+
+```yaml title="http-depends-on.yaml" file=<rootDir>/modules/canary-checker/fixtures/minimal/http_depends_on_pass.yaml
+
+```
+
+## Fields
+
+<Fields rows={[
+  {
+    field: 'dependsOn',
+    description: 'List of check names that must complete before this check runs',
+    scheme: '[]string'
+  }
+]}/>
+
+## Accessing Outputs
+
+When a check has dependencies, it can access the outputs from those checks using the `outputs` object:
+
+| Expression | Description |
+|------------|-------------|
+| `outputs.<checkName>.json` | Parsed JSON response body |
+| `outputs.<checkName>.code` | HTTP response code |
+| `outputs.<checkName>.headers` | Response headers |
+| `outputs.<checkName>.body` | Raw response body |
+
+### Example: Using Previous Check Output
+
+```yaml
+apiVersion: canaries.flanksource.com/v1
+kind: Canary
+metadata:
+  name: auth-flow
+spec:
+  schedule: "@every 5m"
+  http:
+    - name: login
+      url: https://api.example.com/auth/login
+      method: POST
+      body: '{"username": "user", "password": "pass"}'
+      test:
+        expr: "code == 200 && json.token != ''"
+
+    - name: get-profile
+      url: https://api.example.com/profile
+      dependsOn:
+        - login
+      headers:
+        - name: Authorization
+          # Use the token from the login check
+          value: "Bearer $(.outputs.login.json.token)"
+      test:
+        expr: "code == 200"
+```
+
+## Execution Order
+
+Checks are automatically sorted using topological ordering based on their dependencies. If check B depends on check A, then:
+
+1. Check A executes first
+2. If Check A succeeds, Check B executes with access to A's outputs
+3. If Check A fails, Check B is skipped
+
+## Limitations
+
+- Circular dependencies are not allowed
+- `dependsOn` only works within the same Canary resource
+- All referenced check names must exist in the same Canary
diff --git a/canary-checker/docs/partials/_gotemplate.md b/canary-checker/docs/partials/_gotemplate.md
@@ -20,7 +20,7 @@ If you need to pass a template through a Helm Chart and prevent Helm from templa
 {{`{{ .secret }}`}}
 ```
 
-Alternatively [change the templating delimiters](#delimiters)
+Alternatively change the templating delimiters (see below)
 
 </Details>
 

diff --git a/common/snippets/_resource-selector.mdx b/common/snippets/_resource-selector.mdx
diff --git a/common/src/components/CapabilityBadges.jsx b/common/src/components/CapabilityBadges.jsx
@@ -5,41 +5,47 @@ const capabilities = {
   scraper: {
     icon: ConfigDb,
     label: 'Scraper',
+    anchor: 'catalog',
     color: '#2563eb',
     bg: '#dbeafe',
     border: '#93c5fd'
   },
   healthcheck: {
     icon: Health,
     label: 'Health Check',
+    anchor: 'health-checks',
     color: '#d97706',
     bg: '#fef3c7',
     border: '#fcd34d'
   },
   playbook: {
     icon: Playbook,
     label: 'Playbook',
+    anchor: 'playbooks',
     color: '#7c3aed',
     bg: '#ede9fe',
     border: '#c4b5fd'
   },
   notifications: {
     icon: Bell,
     label: 'Notifications',
+    anchor: 'notifications',
     color: '#16a34a',
     bg: '#dcfce7',
     border: '#86efac'
   },
   actions: {
     icon: Webhook,
     label: 'Actions',
+    anchor: 'actions',
     color: '#4f46e5',
     bg: '#e0e7ff',
     border: '#a5b4fc'
   },
   'relationship': {
     icon: ConfigDb,
     label: 'Relationship',
+    anchor: 'relationship',
     color: '#d97706',
     bg: '#fef3c7',
     border: '#fcd34d'
@@ -80,7 +86,7 @@ export function CapabilityHeading({ type }) {
 
   const Icon = cap.icon;
   return (
-    <h2 className="flex items-center gap-2 mt-8 mb-4 not-prose">
+    <h2 id={cap.anchor} className="flex items-center gap-2 mt-8 mb-4 not-prose">
       <span
         className="inline-flex items-center gap-1.5 px-3 py-1.5 rounded-full text-base font-medium"
         style={{

diff --git a/common/src/components/flanksource/MissionControlPage.jsx b/common/src/components/flanksource/MissionControlPage.jsx
@@ -147,7 +147,7 @@ const MissionControlPage = () => {
 
               <div className="flex flex-col sm:flex-row gap-4 mb-8">
                 <Link
-                  to="/docs/mission-control"
+                  to="/docs"
                   className="inline-block bg-blue-600 hover:bg-blue-700 text-white font-semibold px-8 py-3 rounded-lg transition-colors duration-200 text-center"
                 >
                   Get Started
@@ -375,7 +375,7 @@ const MissionControlPage = () => {
         image="flanksource/self-hosted.svg"
         title="Self-Hosted First"
         subtitle="SECURITY & CONTROL"
-        url="/docs/mission-control/installation"
+        url="/docs/installation"
         left={false}
       >
         Mission Control is self-hosted first, and easy to install using a Helm Chart. Self-Hosted, SaaS or Hybrid Deployment Models with no network or proxy access required and no secrets stored in the SaaS.
@@ -385,7 +385,7 @@ const MissionControlPage = () => {
         image="flanksource/playbooks.svg"
         title="Playbooks & Automation"
         subtitle="DEVELOPER ENABLEMENT"
-        url="/docs/mission-control/playbooks"
+        url="/docs/guide/playbooks"
         left={true}
       >
         Empower developers to be more self-sufficient without the need to become experts in the Cloud and Kubernetes. Run playbooks automatically on failing health checks/alerts, implement security best practices of least privilege and just in time (JIT) access, and use the built-in library of actions.
@@ -395,7 +395,7 @@ const MissionControlPage = () => {
         image="flanksource/status_pages.png"
         title="Deep Health Monitoring"
         subtitle="PROACTIVE OPERATIONS"
-        url="/docs/mission-control/canary-checker"
+        url="/docs/guide/canary-checker"
         left={false}
       >
         Understand the health of complex services at a glance with red, amber, green statuses which leverage active/passive health checks and consolidated alerts from Prometheus, AWS, Dynatrace, and more.
@@ -706,7 +706,7 @@ const MissionControlPage = () => {
 
           <div className="flex flex-col sm:flex-row gap-4 justify-center">
             <Link
-              to="/docs/mission-control"
+              to="/docs"
               className="inline-block bg-blue-600 hover:bg-blue-700 text-white font-semibold px-8 py-3 rounded-lg transition-colors duration-200"
             >
               Read the Docs

diff --git a/common/src/css/custom.css b/common/src/css/custom.css
@@ -79,7 +79,7 @@ li::marker {
 }
 
 li {
-  font: var(--ifm-font-sans) !important;
+  font-family: var(--ifm-font-sans) !important;
 }
 
 li > svg {
@@ -573,7 +573,7 @@ pre {
 
 .navbar__link--active {
   color: var(--ifm-color-primary-light);
-  font: bold;
+  font-weight: bold;
 }
 
 a {

diff --git a/mission-control-chart b/mission-control-chart
diff --git a/mission-control/blog/control-plane-testing/index.mdx b/mission-control/blog/control-plane-testing/index.mdx
@@ -81,7 +81,7 @@ To follow this tutorial, you need:
     <Install/>
 
     :::info Helm Installation
-    This tutorial uses the CLI for faster feedback, in production we recommend installing `canary-checker` as an operator using the [helm chart](https://canarychecker.io/getting-started) or as part of the full Mission Control [platform](/docs/installation/self-hosted/getting-started).
+    This tutorial uses the CLI for faster feedback, in production we recommend installing `canary-checker` as an operator using the [helm chart](https://canarychecker.io/getting-started) or as part of the full Mission Control [platform](/docs/installation/self-hosted).
 1. Next create a `Canary` CustomResourceDefinition (CRD)  using the `kubernetesResource` check type, the layout of the canary is as follows:
 
     ```yaml title=basic-canary.yaml file=template.yaml

diff --git a/mission-control/blog/rust-ffi/index.mdx b/mission-control/blog/rust-ffi/index.mdx
@@ -11,6 +11,8 @@ For the past few years at [Flanksource](https://flanksource.com/), I've helped b
 
 One Tuesday afternoon, one of our pods started crashing with an OOM (OutOfMemory) error.
 
+{/* truncate */}
+
 > When a container exceeds its memory limit in Kubernetes, the system restarts it with an OutOfMemory message. Memory leaks can trigger a crash loop cycle.
 
 This issue occurred frequently enough to raise concerns, particularly since it only affected one customer's environment.

diff --git a/mission-control/docs/guide/config-db/concepts/access-logs.mdx b/mission-control/docs/guide/config-db/concepts/access-logs.mdx
@@ -0,0 +1,130 @@
+---
+title: Access Logs
+sidebar_position: 6
+sidebar_custom_props:
+  icon: mdi:account-clock
+---
+
+Access logs track who accessed configuration items and when. This enables compliance auditing, security monitoring, and access reviews for your infrastructure.
+
+## Overview
+
+When scraping configurations from external systems, you can also capture access logs that record:
+
+- **Who** accessed a resource (external user)
+- **What** was accessed (config item)
+- **When** the access occurred
+- **How** they authenticated (MFA status, properties)
+
+Access logs are stored separately from configuration data and can be queried independently for audit purposes.
+
+## Enabling Access Log Scraping
+
+To scrape access logs, set `full: true` on your scraper configuration:
+
+```yaml
+apiVersion: configs.flanksource.com/v1
+kind: ScrapeConfig
+metadata:
+  name: database-config
+spec:
+  # highlight-next-line
+  full: true
+  # ... scraper configuration
+```
+
+When `full` mode is enabled, the scraper expects each configuration item to potentially include an `access_logs` field containing access records.
+
+## Access Log Schema
+
+Each access log entry should include:
+
+<Fields rows={[
+  {
+    field: 'config_id',
+    description: 'ID of the config item that was accessed',
+    scheme: 'uuid',
+    required: true
+  },
+  {
+    field: 'external_user_id',
+    description: 'ID of the external user who accessed the resource',
+    scheme: 'uuid',
+    required: true
+  },
+  {
+    field: 'created_at',
+    description: 'Timestamp when the access occurred',
+    scheme: 'timestamp'
+  },
+  {
+    field: 'mfa',
+    description: 'Whether multi-factor authentication was used',
+    scheme: 'bool'
+  },
+  {
+    field: 'properties',
+    description: 'Additional access metadata (IP address, session info, etc.)',
+    scheme: 'map[string]string'
+  }
+]}/>
+
+## Example: Custom Scraper with Access Logs
+
+```json title="config-with-access-logs.json"
+{
+  "id": "db-prod-001",
+  "config": {
+    "name": "production-database",
+    "engine": "postgres",
+    "version": "15.2"
+  },
+  "access_logs": [
+    {
+      "config_id": "db-prod-001",
+      "external_user_id": "user-123",
+      "created_at": "2025-01-08T10:30:00Z",
+      "mfa": true,
+      "properties": {
+        "ip_address": "192.168.1.100",
+        "client": "psql"
+      }
+    },
+    {
+      "config_id": "db-prod-001",
+      "external_user_id": "user-456",
+      "created_at": "2025-01-08T11:45:00Z",
+      "mfa": false
+    }
+  ]
+}
+```
+
+## Scrapers with Access Log Support
+
+The following scrapers support access log extraction when `full: true` is enabled:
+
+| Scraper | Use Case |
+|---------|----------|
+| [SQL](/docs/guide/config-db/scrapers/sql) | Database access logs from audit tables |
+| [PostgreSQL](/docs/guide/config-db/scrapers/postgres) | PostgreSQL connection and query logs |
+| [SQL Server](/docs/guide/config-db/scrapers/mssql) | SQL Server audit events |
+| [Clickhouse](/docs/guide/config-db/scrapers/clickhouse) | Clickhouse query logs and S3 access |
+| [HTTP](/docs/guide/config-db/scrapers/http) | API access logs from external systems |
+| [File](/docs/guide/config-db/scrapers/file) | Access logs from log files |
+| [Exec](/docs/guide/config-db/scrapers/exec) | Custom scripts that output access data |
+
+## External Users and Groups
+
+Access logs reference external users and groups that are also scraped from your systems. These entities enable:
+
+- **User identification**: Track individual user access across configs
+- **Group membership**: Understand access patterns by team or role
+- **Access reviews**: Audit who has access to what resources
+
+See the [SQL scraper](/docs/guide/config-db/scrapers/sql) for examples of scraping users, groups, and roles alongside access logs.
+
+## Related
+
+- [Config Access Reference](/docs/reference/config-db/config_access) - Access log schema details
+- [Retention](/docs/guide/config-db/concepts/retention) - Configure access log retention policies
+109 −16		.github/workflows/release.yml
+21 −14		.github/workflows/test.yml
+10 −1		Makefile
+3 −3		agent-chart/Chart.yaml
+5 −4		agent-chart/README.md
+671 −178		agent-chart/values.schema.json
+16 −8		agent-chart/values.yaml
+7 −0		chart/.gitignore
+5 −0		chart/.helmignore
+4 −4		chart/Chart.yaml
+45 −0		chart/Makefile
+17 −10		chart/README.md
+27 −0		chart/ci/basic-auth-values.yaml
+106 −2		chart/crds/mission-control.flanksource.com_connections.yaml
+1 −1		chart/crds/mission-control.flanksource.com_notifications.yaml
+472 −3		chart/crds/mission-control.flanksource.com_playbooks.yaml
+124 −0		chart/crds/mission-control.flanksource.com_teams.yaml
+95 −2		chart/crds/mission-control.flanksource.com_views.yaml
+16 −0		chart/templates/deployment.yaml
+10 −0		chart/templates/rbac.yaml
+11 −0		chart/templates/secrets.yaml
+6 −0		chart/test/Taskfile.yml
+133 −0		chart/test/basic_test.go
+237 −0		chart/test/go.mod
+751 −0		chart/test/go.sum
+140 −0		chart/test/mission-control.go
+87 −0		chart/test/suite_test.go
+87 −0		chart/test/utils_test.go
+147 −22		chart/values.schema.json
+57 −8		chart/values.yaml
+199 −1		crd-chart/templates/canary-checker.flanksource.com_Canary.yaml
+1,386 −114		crd-chart/templates/configs.flanksource.com_scrapeconfigs.yaml
+31 −3		crd-chart/templates/configs.flanksource.com_scrapeplugins.yaml
+106 −2		crd-chart/templates/mission-control.flanksource.com_connections.yaml
+1 −1		crd-chart/templates/mission-control.flanksource.com_notifications.yaml
+472 −3		crd-chart/templates/mission-control.flanksource.com_playbooks.yaml
+124 −0		crd-chart/templates/mission-control.flanksource.com_teams.yaml
+95 −2		crd-chart/templates/mission-control.flanksource.com_views.yaml