address review: only skip first docstring in static_return_bool

A later bare string literal in a function body is not a docstring and
should count as non-trivial logic. Track whether the docstring has been
skipped so subsequent string-constant expression statements fall through
to the conservative 'other_logic' branch.

.github/CODEOWNERS

@@ -22,6 +22,11 @@
 
 /.github/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @sadpandajoe @hainenber
 
+# Notify PMC members of changes to CI-executed scripts (supply-chain risk:
+# scripts/ files run directly in CI workflows and can execute arbitrary code)
+
+/scripts/ @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @sadpandajoe @hainenber
+
 # Notify PMC members of changes to required GitHub Actions
 
 /.asf.yaml @villebro @geido @eschutho @rusackas @betodealmeida @nytai @mistercrunch @craig-rueda @kgabryje @dpgaspar @Antonio-RiveroMartnez

.github/labeler.yml

@@ -17,6 +17,11 @@
   - any-glob-to-any-file:
     - 'superset/migrations/**'
 
+"risk:ci-script":
+- changed-files:
+  - any-glob-to-any-file:
+    - 'scripts/**'
+
 ############################################
 # Dependencies
 ############################################

.github/workflows/embedded-sdk-release.yml

@@ -31,7 +31,7 @@ jobs:
         working-directory: superset-embedded-sdk
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './superset-embedded-sdk/.nvmrc'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/embedded-sdk-test.yml

@@ -19,7 +19,7 @@ jobs:
         working-directory: superset-embedded-sdk
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './superset-embedded-sdk/.nvmrc'
           registry-url: 'https://registry.npmjs.org'

.github/workflows/ephemeral-env-pr-close.yml

@@ -58,7 +58,7 @@ jobs:
       - name: Login to Amazon ECR
         if: steps.describe-services.outputs.active == 'true'
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2
+        uses: aws-actions/amazon-ecr-login@19d944daaa35f0fa1d3f7f8af1d3f2e5de25c5b7 # v2
 
       - name: Delete ECR image tag
         if: steps.describe-services.outputs.active == 'true'

.github/workflows/ephemeral-env.yml

@@ -199,7 +199,7 @@ jobs:
 
       - name: Login to Amazon ECR
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2
+        uses: aws-actions/amazon-ecr-login@19d944daaa35f0fa1d3f7f8af1d3f2e5de25c5b7 # v2
 
       - name: Load, tag and push image to ECR
         id: push-image
@@ -235,7 +235,7 @@ jobs:
 
       - name: Login to Amazon ECR
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2
+        uses: aws-actions/amazon-ecr-login@19d944daaa35f0fa1d3f7f8af1d3f2e5de25c5b7 # v2
 
       - name: Check target image exists in ECR
         id: check-image

.github/workflows/github-action-validator.yml

@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set up Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: '20'
 

.github/workflows/pre-commit.yml

@@ -42,7 +42,7 @@ jobs:
           echo "HOMEBREW_REPOSITORY=$HOMEBREW_REPOSITORY" >>"${GITHUB_ENV}"
           brew install norwoodj/tap/helm-docs
       - name: Setup Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: '20'
 

.github/workflows/release.yml

@@ -44,7 +44,7 @@ jobs:
 
       - name: Install Node.js
         if: env.HAS_TAGS
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './superset-frontend/.nvmrc'
 

.github/workflows/superset-docs-deploy.yml

@@ -46,7 +46,7 @@ jobs:
           persist-credentials: false
           submodules: recursive
       - name: Set up Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './docs/.nvmrc'
       - name: Setup Python

.github/workflows/superset-docs-verify.yml

@@ -72,7 +72,7 @@ jobs:
           persist-credentials: false
           submodules: recursive
       - name: Set up Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './docs/.nvmrc'
       - name: yarn install
@@ -104,7 +104,7 @@ jobs:
           persist-credentials: false
           submodules: recursive
       - name: Set up Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './docs/.nvmrc'
       - name: yarn install

.github/workflows/superset-e2e.yml

@@ -109,7 +109,7 @@ jobs:
           run: testdata
       - name: Setup Node.js
         if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './superset-frontend/.nvmrc'
       - name: Install npm dependencies
@@ -146,7 +146,7 @@ jobs:
           SAFE_APP_ROOT=${APP_ROOT//\//_}
           echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
       - name: Upload Artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         if: failure()
         with:
           path: ${{ github.workspace }}/superset-frontend/cypress-base/cypress/screenshots
@@ -226,7 +226,7 @@ jobs:
           run: playwright_testdata
       - name: Setup Node.js
         if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './superset-frontend/.nvmrc'
       - name: Install npm dependencies
@@ -259,7 +259,7 @@ jobs:
           SAFE_APP_ROOT=${APP_ROOT//\//_}
           echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
       - name: Upload Playwright Artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         if: failure()
         with:
           path: |

.github/workflows/superset-extensions-cli.yml

@@ -58,7 +58,7 @@ jobs:
 
       - name: Upload HTML coverage report
         if: steps.check.outputs.superset-extensions-cli
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: superset-extensions-cli-coverage-html
           path: htmlcov/

.github/workflows/superset-frontend.yml

@@ -58,7 +58,7 @@ jobs:
 
       - name: Upload Docker Image Artifact
         if: steps.check.outputs.frontend
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: docker-image
           path: docker-image.tar.zst
@@ -91,7 +91,7 @@ jobs:
           "npm run test -- --coverage --shard=${{ matrix.shard }}/8 --coverageReporters=json"
 
       - name: Upload Coverage Artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: coverage-artifacts-${{ matrix.shard }}
           path: superset-frontend/coverage

.github/workflows/superset-playwright.yml

@@ -100,7 +100,7 @@ jobs:
           run: playwright_testdata
       - name: Setup Node.js
         if: steps.check.outputs.python || steps.check.outputs.frontend
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './superset-frontend/.nvmrc'
       - name: Install npm dependencies
@@ -133,7 +133,7 @@ jobs:
           SAFE_APP_ROOT=${APP_ROOT//\//_}
           echo "safe_app_root=$SAFE_APP_ROOT" >> $GITHUB_OUTPUT
       - name: Upload Playwright Artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         if: failure()
         with:
           path: |

.github/workflows/superset-python-integrationtest.yml

@@ -101,7 +101,7 @@ jobs:
           "
       - name: Upload database diagnostics artifact
         if: steps.check.outputs.python
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: database-diagnostics
           path: databases-diagnostics.json

.github/workflows/superset-translations.yml

@@ -31,7 +31,7 @@ jobs:
 
       - name: Setup Node.js
         if: steps.check.outputs.frontend
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file:  './superset-frontend/.nvmrc'
       - name: Install dependencies

.github/workflows/tag-release.yml

@@ -62,7 +62,7 @@ jobs:
           build: "true"
 
       - name: Use Node.js 20
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: 20
 
@@ -117,7 +117,7 @@ jobs:
           fetch-depth: 0
 
       - name: Use Node.js 20
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: 20
 

.github/workflows/tech-debt.yml

@@ -35,7 +35,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set up Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version-file: './superset-frontend/.nvmrc'
 

.gitignore

@@ -62,6 +62,7 @@ rat-results.txt
 superset/app/
 superset-websocket/config.json
 .direnv
+*.log
 
 # Node.js, webpack artifacts, storybook
 *.entry.js

RELEASING/README.md

@@ -458,7 +458,7 @@ cd ../
 sed -i '' "s/version_string = .*/version_string = \"$SUPERSET_VERSION\"/" setup.py
 
 # build the python distribution
-python setup.py sdist
+python -m build
 ```
 
 Publish to PyPI

docs/admin_docs/configuration/aws-iam.mdx

@@ -0,0 +1,162 @@
+{/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/}
+
+---
+title: AWS IAM Authentication
+sidebar_label: AWS IAM Authentication
+sidebar_position: 15
+---
+
+# AWS IAM Authentication for AWS Databases
+
+Superset supports IAM-based authentication for **Amazon Aurora** (PostgreSQL and MySQL) and **Amazon Redshift**. IAM auth eliminates the need for database passwords — Superset generates a short-lived auth token using temporary AWS credentials instead.
+
+Cross-account IAM role assumption via STS `AssumeRole` is supported, allowing a Superset deployment in one AWS account to connect to databases in a different account.
+
+## Prerequisites
+
+- Enable the `AWS_DATABASE_IAM_AUTH` feature flag in `superset_config.py`. IAM authentication is gated behind this flag; if it is disabled, connections using `aws_iam` fail with *"AWS IAM database authentication is not enabled."*
+  ```python
+  FEATURE_FLAGS = {
+      "AWS_DATABASE_IAM_AUTH": True,
+  }
+  ```
+- `boto3` must be installed in your Superset environment:
+  ```bash
+  pip install boto3
+  ```
+- The Superset server's IAM role (or static credentials) must have permission to call `sts:AssumeRole` (for cross-account) or the same-account permissions for the target service:
+  - **Aurora (RDS)**: `rds-db:connect`
+  - **Redshift provisioned**: `redshift:GetClusterCredentials`
+  - **Redshift Serverless**: `redshift-serverless:GetCredentials` and `redshift-serverless:GetWorkgroup`
+- SSL must be enabled on the Aurora / Redshift endpoint (required for IAM token auth).
+
+## Configuration
+
+IAM authentication is configured via the **encrypted_extra** field of the database connection. Access this field in the **Advanced** → **Security** section of the database connection form, under **Secure Extra**.
+
+### Aurora PostgreSQL or Aurora MySQL
+
+```json
+{
+  "aws_iam": {
+    "enabled": true,
+    "role_arn": "arn:aws:iam::222222222222:role/SupersetDatabaseAccess",
+    "external_id": "superset-prod-12345",
+    "region": "us-east-1",
+    "db_username": "superset_iam_user",
+    "session_duration": 3600
+  }
+}
+```
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `enabled` | Yes | Set to `true` to activate IAM auth |
+| `role_arn` | No | ARN of the cross-account IAM role to assume via STS. Omit for same-account auth |
+| `external_id` | No | External ID for the STS `AssumeRole` call, if required by the target role's trust policy |
+| `region` | Yes | AWS region of the database cluster |
+| `db_username` | Yes | The database username associated with the IAM identity |
+| `session_duration` | No | STS session duration in seconds (default: `3600`) |
+
+### Redshift (Serverless)
+
+```json
+{
+  "aws_iam": {
+    "enabled": true,
+    "role_arn": "arn:aws:iam::222222222222:role/SupersetRedshiftAccess",
+    "region": "us-east-1",
+    "workgroup_name": "my-workgroup",
+    "db_name": "dev"
+  }
+}
+```
+
+### Redshift (Provisioned Cluster)
+
+```json
+{
+  "aws_iam": {
+    "enabled": true,
+    "role_arn": "arn:aws:iam::222222222222:role/SupersetRedshiftAccess",
+    "region": "us-east-1",
+    "cluster_identifier": "my-cluster",
+    "db_username": "superset_iam_user",
+    "db_name": "dev"
+  }
+}
+```
+
+## Cross-Account IAM Setup
+
+To connect to a database in Account B from a Superset deployment in Account A:
+
+**1. In Account B — create a database-access role:**
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": ["rds-db:connect"],
+      "Resource": "arn:aws:rds-db:us-east-1:222222222222:dbuser/db-XXXXXXXXXXXX/superset_iam_user"
+    }
+  ]
+}
+```
+
+**Trust policy** (allows Account A's Superset role to assume it):
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "arn:aws:iam::111111111111:role/SupersetInstanceRole"
+      },
+      "Action": "sts:AssumeRole",
+      "Condition": {
+        "StringEquals": {
+          "sts:ExternalId": "superset-prod-12345"
+        }
+      }
+    }
+  ]
+}
+```
+
+**2. In Account A — grant Superset's role permission to assume the Account B role:**
+
+```json
+{
+  "Effect": "Allow",
+  "Action": "sts:AssumeRole",
+  "Resource": "arn:aws:iam::222222222222:role/SupersetDatabaseAccess"
+}
+```
+
+**3. Configure the database connection in Superset** using the `role_arn` and `external_id` from the trust policy (as shown in the configuration example above).
+
+## Credential Caching
+
+STS credentials are cached in memory keyed by `(role_arn, region, external_id)` with a 10-minute TTL. This reduces the number of STS API calls when multiple queries are executed with the same connection. Tokens are refreshed automatically before expiry.

docs/admin_docs/configuration/configuring-superset.mdx

@@ -109,6 +109,14 @@ SECRET_KEY = 'YOUR_OWN_RANDOM_GENERATED_SECRET_KEY'
 
 You can generate a strong secure key with `openssl rand -base64 42`.
 
+Alternatively, you can set the secret key using `SUPERSET_SECRET_KEY` environment variable:
+
+On a Unix-based system, such as Linux or macOS, you can do so by running the following command in your terminal:
+
+```bash
+export SUPERSET_SECRET_KEY=$(openssl rand -base64 42)
+```
+
 :::caution Use a strong secret key
 This key will be used for securely signing session cookies and encrypting sensitive information stored in Superset's application metadata database.
 Your deployment must use a complex, unique key.

docs/admin_docs/configuration/importing-exporting-datasources.mdx

@@ -10,6 +10,10 @@ version: 1
 The superset cli allows you to import and export datasources from and to YAML. Datasources include
 databases. The data is expected to be organized in the following hierarchy:
 
+:::info
+Superset's ZIP-based import/export also covers **dashboards**, **charts**, and **saved queries**, exercised through the UI and REST API. The [Dashboard Import Overwrite Behavior](#dashboard-import-overwrite-behavior) and [UUIDs in API Responses](#uuids-in-api-responses) sections below document the behavior shared across all asset types.
+:::
+
 ```text
 ├──databases
 |  ├──database_1
@@ -75,6 +79,29 @@ The optional username flag **-u** sets the user used for the datasource import.
 superset import_datasources -p <path / filename> -u 'admin'
 ```
 
+## Dashboard Import Overwrite Behavior
+
+When importing a dashboard ZIP with the **overwrite** option enabled, any existing charts that are part of the dashboard are **replaced** rather than duplicated. This applies to:
+
+- Charts whose UUID matches a chart already present in the target instance
+- The full chart configuration (query, visualization type, columns, metrics) is replaced by the imported version
+
+If you import without the overwrite flag, existing charts with conflicting UUIDs are left unchanged and the import skips those objects. Use overwrite when you want to push a fully updated dashboard (including chart definitions) from a development or staging environment to production.
+
+## UUIDs in API Responses
+
+The REST API POST endpoints for **datasets**, **charts**, and **dashboards** include the auto-generated `uuid` field in the response body:
+
+```json
+{
+  "id": 42,
+  "uuid": "b8a8d5c3-1234-4abc-8def-0123456789ab",
+  ...
+}
+```
+
+UUIDs remain stable across import/export cycles and can be used for cross-environment workflows — for example, recording a UUID when creating a chart in development and using it to identify the matching chart after importing into production.
+
 ## Legacy Importing Datasources
 
 ### From older versions of Superset to current version

docs/admin_docs/configuration/mcp-server.mdx

@@ -501,6 +501,7 @@ All MCP settings go in `superset_config.py`. Defaults are defined in `superset/m
 | `MCP_SERVICE_URL` | `None` | Public base URL for MCP-generated links (set this when behind a reverse proxy) |
 | `MCP_DEBUG` | `False` | Enable debug logging |
 | `MCP_DEV_USERNAME` | -- | Superset username for development mode (no auth) |
+| `MCP_PARSE_REQUEST_ENABLED` | `True` | Pre-parse MCP tool inputs from JSON strings into objects. Set to `False` for clients (Claude Desktop, LangChain) that do not double-serialize arguments — this produces cleaner tool schemas for those clients |
 
 ### Authentication
 
@@ -664,6 +665,32 @@ MCP_CSRF_CONFIG = {
 
 ---
 
+## Audit Events
+
+All MCP tool calls are logged to Superset's event logger, the same system used by the web UI (viewable at **Settings → Action Log**). Each event captures:
+
+- **Action**: `mcp.<tool_name>.<phase>` (e.g., `mcp.list_databases.query`)
+- **User**: the resolved Superset username from the JWT or dev config
+- **Timestamp**: when the operation ran
+
+This means MCP activity is auditable alongside normal user activity. No additional configuration is required — logging is on by default whenever the event logger is enabled in your Superset deployment.
+
+## Tool Pagination
+
+MCP list tools (`list_datasets`, `list_charts`, `list_dashboards`, `list_databases`) use **offset pagination** via `page` (1-based) and `page_size` parameters. Responses include `page`, `page_size`, `total_count`, `total_pages`, `has_previous`, and `has_next`. To iterate through all results:
+
+```python
+# Example: fetch all charts across pages
+all_charts = []
+page = 1
+while True:
+    result = mcp.list_charts(page=page, page_size=50)
+    all_charts.extend(result["charts"])
+    if not result.get("has_next"):
+        break
+    page += 1
+```
+
 ## Security Best Practices
 
 - **Use TLS** for all production MCP endpoints -- place the server behind a reverse proxy with HTTPS

docs/admin_docs/configuration/networking-settings.mdx

@@ -64,7 +64,7 @@ There are two approaches to making dashboards publicly accessible:
 3. Edit each dashboard's properties and add the "Public" role
 4. Only dashboards with the Public role explicitly assigned are visible to anonymous users
 
-See the [Public role documentation](/admin-docs/security/security#public) for more details.
+See the [Public role documentation](/admin-docs/security/#public) for more details.
 
 #### Embedding a Public Dashboard
 
@@ -111,7 +111,7 @@ FEATURE_FLAGS = {
 This flag only hides the logout button when Superset detects it is running inside an iframe. Users accessing Superset directly (not embedded) will still see the logout button regardless of this setting.
 
 :::note
-When embedding with SSO, also set `SESSION_COOKIE_SAMESITE = 'None'` and `SESSION_COOKIE_SECURE = True`. See [Security documentation](/docs/security/securing_superset) for details.
+When embedding with SSO, also set `SESSION_COOKIE_SAMESITE = 'None'` and `SESSION_COOKIE_SECURE = True`. See [Security documentation](/admin-docs/security/securing_superset) for details.
 :::
 
 ## CSRF settings

docs/admin_docs/configuration/timezones.mdx

@@ -20,7 +20,7 @@ To help make the problem somewhat tractable—given that Apache Superset has no
 
 To strive for data consistency (regardless of the timezone of the client) the Apache Superset backend tries to ensure that any timestamp sent to the client has an explicit (or semi-explicit as in the case with [Epoch time](https://en.wikipedia.org/wiki/Unix_time) which is always in reference to UTC) timezone encoded within.
 
-The challenge however lies with the slew of [database engines](/admin-docs/databases#installing-drivers-in-docker) which Apache Superset supports and various inconsistencies between their [Python Database API (DB-API)](https://www.python.org/dev/peps/pep-0249/) implementations combined with the fact that we use [Pandas](https://pandas.pydata.org/) to read SQL into a DataFrame prior to serializing to JSON. Regrettably Pandas ignores the DB-API [type_code](https://www.python.org/dev/peps/pep-0249/#type-objects) relying by default on the underlying Python type returned by the DB-API. Currently only a subset of the supported database engines work correctly with Pandas, i.e., ensuring timestamps without an explicit timestamp are serializd to JSON with the server timezone, thus guaranteeing the client will display timestamps in a consistent manner irrespective of the client's timezone.
+The challenge however lies with the slew of [database engines](/user-docs/databases#installing-drivers-in-docker) which Apache Superset supports and various inconsistencies between their [Python Database API (DB-API)](https://www.python.org/dev/peps/pep-0249/) implementations combined with the fact that we use [Pandas](https://pandas.pydata.org/) to read SQL into a DataFrame prior to serializing to JSON. Regrettably Pandas ignores the DB-API [type_code](https://www.python.org/dev/peps/pep-0249/#type-objects) relying by default on the underlying Python type returned by the DB-API. Currently only a subset of the supported database engines work correctly with Pandas, i.e., ensuring timestamps without an explicit timestamp are serialized to JSON with the server timezone, thus guaranteeing the client will display timestamps in a consistent manner irrespective of the client's timezone.
 
 For example the following is a comparison of MySQL and Presto,
 

docs/admin_docs/installation/kubernetes.mdx

@@ -149,7 +149,7 @@ For production clusters it's recommended to build own image with this step done
 Superset requires a Python DB-API database driver and a SQLAlchemy
 dialect to be installed for each datastore you want to connect to.
 
-See [Install Database Drivers](/admin-docs/databases#installing-database-drivers) for more information.
+See [Install Database Drivers](/user-docs/databases#installing-database-drivers) for more information.
 It is recommended that you refer to versions listed in
 [pyproject.toml](https://github.com/apache/superset/blob/master/pyproject.toml)
 instead of hard-coding them in your bootstrap script, as seen below.

docs/developer_docs/api.mdx

@@ -59,7 +59,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 #### Core Resources
 
 <details>
-<summary><strong>Dashboards</strong> (26 endpoints) — Create, read, update, and delete dashboards.</summary>
+<summary><strong>Dashboards</strong> (28 endpoints) — Create, read, update, and delete dashboards.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
@@ -68,23 +68,25 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 | `POST` | [Create a new dashboard](/developer-docs/api/create-a-new-dashboard) | `/api/v1/dashboard/` |
 | `GET` | [Get metadata information about this API resource (dashboard--info)](/developer-docs/api/get-metadata-information-about-this-api-resource-dashboard-info) | `/api/v1/dashboard/_info` |
 | `GET` | [Get a dashboard detail information](/developer-docs/api/get-a-dashboard-detail-information) | `/api/v1/dashboard/{id_or_slug}` |
-| `GET` | [Get a dashboard's chart definitions.](/developer-docs/api/get-a-dashboard-s-chart-definitions) | `/api/v1/dashboard/{id_or_slug}/charts` |
+| `GET` | [Get a dashboard's chart definitions.](/developer-docs/api/get-a-dashboards-chart-definitions) | `/api/v1/dashboard/{id_or_slug}/charts` |
 | `POST` | [Create a copy of an existing dashboard](/developer-docs/api/create-a-copy-of-an-existing-dashboard) | `/api/v1/dashboard/{id_or_slug}/copy/` |
-| `GET` | [Get dashboard's datasets](/developer-docs/api/get-dashboard-s-datasets) | `/api/v1/dashboard/{id_or_slug}/datasets` |
-| `DELETE` | [Delete a dashboard's embedded configuration](/developer-docs/api/delete-a-dashboard-s-embedded-configuration) | `/api/v1/dashboard/{id_or_slug}/embedded` |
-| `GET` | [Get the dashboard's embedded configuration](/developer-docs/api/get-the-dashboard-s-embedded-configuration) | `/api/v1/dashboard/{id_or_slug}/embedded` |
-| `POST` | [Set a dashboard's embedded configuration](/developer-docs/api/set-a-dashboard-s-embedded-configuration) | `/api/v1/dashboard/{id_or_slug}/embedded` |
+| `GET` | [Get dashboard's datasets](/developer-docs/api/get-dashboards-datasets) | `/api/v1/dashboard/{id_or_slug}/datasets` |
+| `DELETE` | [Delete a dashboard's embedded configuration](/developer-docs/api/delete-a-dashboards-embedded-configuration) | `/api/v1/dashboard/{id_or_slug}/embedded` |
+| `GET` | [Get the dashboard's embedded configuration](/developer-docs/api/get-the-dashboards-embedded-configuration) | `/api/v1/dashboard/{id_or_slug}/embedded` |
+| `POST` | [Set a dashboard's embedded configuration](/developer-docs/api/set-a-dashboards-embedded-configuration) | `/api/v1/dashboard/{id_or_slug}/embedded` |
 | `PUT` | [Update dashboard by id_or_slug embedded](/developer-docs/api/update-dashboard-by-id-or-slug-embedded) | `/api/v1/dashboard/{id_or_slug}/embedded` |
-| `GET` | [Get dashboard's tabs](/developer-docs/api/get-dashboard-s-tabs) | `/api/v1/dashboard/{id_or_slug}/tabs` |
+| `GET` | [Get dashboard's tabs](/developer-docs/api/get-dashboards-tabs) | `/api/v1/dashboard/{id_or_slug}/tabs` |
 | `DELETE` | [Delete a dashboard](/developer-docs/api/delete-a-dashboard) | `/api/v1/dashboard/{pk}` |
 | `PUT` | [Update a dashboard](/developer-docs/api/update-a-dashboard) | `/api/v1/dashboard/{pk}` |
 | `POST` | [Compute and cache a screenshot (dashboard-pk-cache-dashboard-screenshot)](/developer-docs/api/compute-and-cache-a-screenshot-dashboard-pk-cache-dashboard-screenshot) | `/api/v1/dashboard/{pk}/cache_dashboard_screenshot/` |
+| `PUT` | [Update chart customizations configuration for a dashboard.](/developer-docs/api/update-chart-customizations-configuration-for-a-dashboard) | `/api/v1/dashboard/{pk}/chart_customizations` |
 | `PUT` | [Update colors configuration for a dashboard.](/developer-docs/api/update-colors-configuration-for-a-dashboard) | `/api/v1/dashboard/{pk}/colors` |
+| `GET` | [Export dashboard as example bundle](/developer-docs/api/export-dashboard-as-example-bundle) | `/api/v1/dashboard/{pk}/export_as_example/` |
 | `DELETE` | [Remove the dashboard from the user favorite list](/developer-docs/api/remove-the-dashboard-from-the-user-favorite-list) | `/api/v1/dashboard/{pk}/favorites/` |
 | `POST` | [Mark the dashboard as favorite for the current user](/developer-docs/api/mark-the-dashboard-as-favorite-for-the-current-user) | `/api/v1/dashboard/{pk}/favorites/` |
 | `PUT` | [Update native filters configuration for a dashboard.](/developer-docs/api/update-native-filters-configuration-for-a-dashboard) | `/api/v1/dashboard/{pk}/filters` |
 | `GET` | [Get a computed screenshot from cache (dashboard-pk-screenshot-digest)](/developer-docs/api/get-a-computed-screenshot-from-cache-dashboard-pk-screenshot-digest) | `/api/v1/dashboard/{pk}/screenshot/{digest}/` |
-| `GET` | [Get dashboard's thumbnail](/developer-docs/api/get-dashboard-s-thumbnail) | `/api/v1/dashboard/{pk}/thumbnail/{digest}/` |
+| `GET` | [Get dashboard's thumbnail](/developer-docs/api/get-dashboards-thumbnail) | `/api/v1/dashboard/{pk}/thumbnail/{digest}/` |
 | `GET` | [Download multiple dashboards as YAML files](/developer-docs/api/download-multiple-dashboards-as-yaml-files) | `/api/v1/dashboard/export/` |
 | `GET` | [Check favorited dashboards for current user](/developer-docs/api/check-favorited-dashboards-for-current-user) | `/api/v1/dashboard/favorite_status/` |
 | `POST` | [Import dashboard(s) with associated charts/datasets/databases](/developer-docs/api/import-dashboard-s-with-associated-charts-datasets-databases) | `/api/v1/dashboard/import/` |
@@ -101,8 +103,8 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 | `GET` | [Get a list of charts](/developer-docs/api/get-a-list-of-charts) | `/api/v1/chart/` |
 | `POST` | [Create a new chart](/developer-docs/api/create-a-new-chart) | `/api/v1/chart/` |
 | `GET` | [Get metadata information about this API resource (chart--info)](/developer-docs/api/get-metadata-information-about-this-api-resource-chart-info) | `/api/v1/chart/_info` |
+| `GET` | [Get a chart detail information](/developer-docs/api/get-a-chart-detail-information) | `/api/v1/chart/{id_or_uuid}` |
 | `DELETE` | [Delete a chart](/developer-docs/api/delete-a-chart) | `/api/v1/chart/{pk}` |
-| `GET` | [Get a chart detail information](/developer-docs/api/get-a-chart-detail-information) | `/api/v1/chart/{pk}` |
 | `PUT` | [Update a chart](/developer-docs/api/update-a-chart) | `/api/v1/chart/{pk}` |
 | `GET` | [Compute and cache a screenshot (chart-pk-cache-screenshot)](/developer-docs/api/compute-and-cache-a-screenshot-chart-pk-cache-screenshot) | `/api/v1/chart/{pk}/cache_screenshot/` |
 | `GET` | [Return payload data response for a chart](/developer-docs/api/return-payload-data-response-for-a-chart) | `/api/v1/chart/{pk}/data/` |
@@ -121,7 +123,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 </details>
 
 <details>
-<summary><strong>Datasets</strong> (18 endpoints) — Manage datasets (tables) used for building charts.</summary>
+<summary><strong>Datasets</strong> (19 endpoints) — Manage datasets (tables) used for building charts.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
@@ -129,13 +131,14 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 | `GET` | [Get a list of datasets](/developer-docs/api/get-a-list-of-datasets) | `/api/v1/dataset/` |
 | `POST` | [Create a new dataset](/developer-docs/api/create-a-new-dataset) | `/api/v1/dataset/` |
 | `GET` | [Get metadata information about this API resource (dataset--info)](/developer-docs/api/get-metadata-information-about-this-api-resource-dataset-info) | `/api/v1/dataset/_info` |
+| `GET` | [Get a dataset](/developer-docs/api/get-a-dataset) | `/api/v1/dataset/{id_or_uuid}` |
+| `GET` | [Get charts and dashboards count associated to a dataset](/developer-docs/api/get-charts-and-dashboards-count-associated-to-a-dataset) | `/api/v1/dataset/{id_or_uuid}/related_objects` |
 | `DELETE` | [Delete a dataset](/developer-docs/api/delete-a-dataset) | `/api/v1/dataset/{pk}` |
-| `GET` | [Get a dataset](/developer-docs/api/get-a-dataset) | `/api/v1/dataset/{pk}` |
 | `PUT` | [Update a dataset](/developer-docs/api/update-a-dataset) | `/api/v1/dataset/{pk}` |
 | `DELETE` | [Delete a dataset column](/developer-docs/api/delete-a-dataset-column) | `/api/v1/dataset/{pk}/column/{column_id}` |
+| `GET` | [Get dataset drill info](/developer-docs/api/get-dataset-drill-info) | `/api/v1/dataset/{pk}/drill_info/` |
 | `DELETE` | [Delete a dataset metric](/developer-docs/api/delete-a-dataset-metric) | `/api/v1/dataset/{pk}/metric/{metric_id}` |
 | `PUT` | [Refresh and update columns of a dataset](/developer-docs/api/refresh-and-update-columns-of-a-dataset) | `/api/v1/dataset/{pk}/refresh` |
-| `GET` | [Get charts and dashboards count associated to a dataset](/developer-docs/api/get-charts-and-dashboards-count-associated-to-a-dataset) | `/api/v1/dataset/{pk}/related_objects` |
 | `GET` | [Get distinct values from field data (dataset-distinct-column-name)](/developer-docs/api/get-distinct-values-from-field-data-dataset-distinct-column-name) | `/api/v1/dataset/distinct/{column_name}` |
 | `POST` | [Duplicate a dataset](/developer-docs/api/duplicate-a-dataset) | `/api/v1/dataset/duplicate` |
 | `GET` | [Download multiple datasets as YAML files](/developer-docs/api/download-multiple-datasets-as-yaml-files) | `/api/v1/dataset/export/` |
@@ -147,7 +150,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 </details>
 
 <details>
-<summary><strong>Database</strong> (31 endpoints) — Manage database connections and metadata.</summary>
+<summary><strong>Database</strong> (30 endpoints) — Manage database connections and metadata.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
@@ -165,7 +168,6 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 | `GET` | [Get all schemas from a database](/developer-docs/api/get-all-schemas-from-a-database) | `/api/v1/database/{pk}/schemas/` |
 | `GET` | [Get database select star for table (database-pk-select-star-table-name)](/developer-docs/api/get-database-select-star-for-table-database-pk-select-star-table-name) | `/api/v1/database/{pk}/select_star/{table_name}/` |
 | `GET` | [Get database select star for table (database-pk-select-star-table-name-schema-name)](/developer-docs/api/get-database-select-star-for-table-database-pk-select-star-table-name-schema-name) | `/api/v1/database/{pk}/select_star/{table_name}/{schema_name}/` |
-| `DELETE` | [Delete a SSH tunnel](/developer-docs/api/delete-a-ssh-tunnel) | `/api/v1/database/{pk}/ssh_tunnel/` |
 | `POST` | [Re-sync all permissions for a database connection](/developer-docs/api/re-sync-all-permissions-for-a-database-connection) | `/api/v1/database/{pk}/sync_permissions/` |
 | `GET` | [Get table extra metadata (database-pk-table-extra-table-name-schema-name)](/developer-docs/api/get-table-extra-metadata-database-pk-table-extra-table-name-schema-name) | `/api/v1/database/{pk}/table_extra/{table_name}/{schema_name}/` |
 | `GET` | [Get table metadata](/developer-docs/api/get-table-metadata) | `/api/v1/database/{pk}/table_metadata/` |
@@ -177,7 +179,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 | `GET` | [Get names of databases currently available](/developer-docs/api/get-names-of-databases-currently-available) | `/api/v1/database/available/` |
 | `GET` | [Download database(s) and associated dataset(s) as a zip file](/developer-docs/api/download-database-s-and-associated-dataset-s-as-a-zip-file) | `/api/v1/database/export/` |
 | `POST` | [Import database(s) with associated datasets](/developer-docs/api/import-database-s-with-associated-datasets) | `/api/v1/database/import/` |
-| `GET` | [Receive personal access tokens from OAuth2](/developer-docs/api/receive-personal-access-tokens-from-oauth2) | `/api/v1/database/oauth2/` |
+| `GET` | [Receive personal access tokens from OAuth2](/developer-docs/api/receive-personal-access-tokens-from-o-auth-2) | `/api/v1/database/oauth2/` |
 | `GET` | [Get related fields data (database-related-column-name)](/developer-docs/api/get-related-fields-data-database-related-column-name) | `/api/v1/database/related/{column_name}` |
 | `POST` | [Test a database connection](/developer-docs/api/test-a-database-connection) | `/api/v1/database/test_connection/` |
 | `POST` | [Upload a file and returns file metadata](/developer-docs/api/upload-a-file-and-returns-file-metadata) | `/api/v1/database/upload_metadata/` |
@@ -197,13 +199,14 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 </details>
 
 <details>
-<summary><strong>SQL Lab</strong> (6 endpoints) — Execute SQL queries and manage SQL Lab sessions.</summary>
+<summary><strong>SQL Lab</strong> (7 endpoints) — Execute SQL queries and manage SQL Lab sessions.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
-| `GET` | [Get the bootstrap data for SqlLab page](/developer-docs/api/get-the-bootstrap-data-for-sqllab-page) | `/api/v1/sqllab/` |
+| `GET` | [Get the bootstrap data for SqlLab page](/developer-docs/api/get-the-bootstrap-data-for-sql-lab-page) | `/api/v1/sqllab/` |
 | `POST` | [Estimate the SQL query execution cost](/developer-docs/api/estimate-the-sql-query-execution-cost) | `/api/v1/sqllab/estimate/` |
 | `POST` | [Execute a SQL query](/developer-docs/api/execute-a-sql-query) | `/api/v1/sqllab/execute/` |
+| `POST` | [Export SQL query results to CSV with streaming](/developer-docs/api/export-sql-query-results-to-csv-with-streaming) | `/api/v1/sqllab/export_streaming/` |
 | `GET` | [Export the SQL query results to a CSV](/developer-docs/api/export-the-sql-query-results-to-a-csv) | `/api/v1/sqllab/export/{client_id}/` |
 | `POST` | [Format SQL code](/developer-docs/api/format-sql-code) | `/api/v1/sqllab/format_sql/` |
 | `GET` | [Get the result of a SQL query execution](/developer-docs/api/get-the-result-of-a-sql-query-execution) | `/api/v1/sqllab/results/` |
@@ -236,20 +239,21 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 </details>
 
 <details>
-<summary><strong>Datasources</strong> (1 endpoints) — Query datasource metadata and column values.</summary>
+<summary><strong>Datasources</strong> (2 endpoints) — Query datasource metadata and column values.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
 | `GET` | [Get possible values for a datasource column](/developer-docs/api/get-possible-values-for-a-datasource-column) | `/api/v1/datasource/{datasource_type}/{datasource_id}/column/{column_name}/values/` |
+| `POST` | [Validate a SQL expression against a datasource](/developer-docs/api/validate-a-sql-expression-against-a-datasource) | `/api/v1/datasource/{datasource_type}/{datasource_id}/validate_expression/` |
 
 </details>
 
 <details>
-<summary><strong>Advanced Data Type</strong> (2 endpoints) — Endpoints for advanced data type operations and conversions.</summary>
+<summary><strong>Advanced Data Type</strong> (2 endpoints) — Advanced data type operations and conversions.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
-| `GET` | [Return an AdvancedDataTypeResponse](/developer-docs/api/return-an-advanceddatatyperesponse) | `/api/v1/advanced_data_type/convert` |
+| `GET` | [Return an AdvancedDataTypeResponse](/developer-docs/api/return-an-advanced-data-type-response) | `/api/v1/advanced_data_type/convert` |
 | `GET` | [Return a list of available advanced data types](/developer-docs/api/return-a-list-of-available-advanced-data-types) | `/api/v1/advanced_data_type/types` |
 
 </details>
@@ -320,32 +324,32 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 #### Sharing & Embedding
 
 <details>
-<summary><strong>Dashboard Permanent Link</strong> (2 endpoints) — Create and retrieve permanent links to dashboard states.</summary>
+<summary><strong>Dashboard Permanent Link</strong> (2 endpoints) — Permanent links to dashboard states.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
-| `POST` | [Create a new dashboard's permanent link](/developer-docs/api/create-a-new-dashboard-s-permanent-link) | `/api/v1/dashboard/{pk}/permalink` |
-| `GET` | [Get dashboard's permanent link state](/developer-docs/api/get-dashboard-s-permanent-link-state) | `/api/v1/dashboard/permalink/{key}` |
+| `POST` | [Create a new dashboard's permanent link](/developer-docs/api/create-a-new-dashboards-permanent-link) | `/api/v1/dashboard/{pk}/permalink` |
+| `GET` | [Get dashboard's permanent link state](/developer-docs/api/get-dashboards-permanent-link-state) | `/api/v1/dashboard/permalink/{key}` |
 
 </details>
 
 <details>
-<summary><strong>Explore Permanent Link</strong> (2 endpoints) — Create and retrieve permanent links to chart explore states.</summary>
+<summary><strong>Explore Permanent Link</strong> (2 endpoints) — Permanent links to chart explore states.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
 | `POST` | [Create a new permanent link (explore-permalink)](/developer-docs/api/create-a-new-permanent-link-explore-permalink) | `/api/v1/explore/permalink` |
-| `GET` | [Get chart's permanent link state](/developer-docs/api/get-chart-s-permanent-link-state) | `/api/v1/explore/permalink/{key}` |
+| `GET` | [Get chart's permanent link state](/developer-docs/api/get-charts-permanent-link-state) | `/api/v1/explore/permalink/{key}` |
 
 </details>
 
 <details>
-<summary><strong>SQL Lab Permanent Link</strong> (2 endpoints) — Create and retrieve permanent links to SQL Lab states.</summary>
+<summary><strong>SQL Lab Permanent Link</strong> (2 endpoints) — Permanent links to SQL Lab states.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
 | `POST` | [Create a new permanent link (sqllab-permalink)](/developer-docs/api/create-a-new-permanent-link-sqllab-permalink) | `/api/v1/sqllab/permalink` |
-| `GET` | [Get permanent link state for SQLLab editor.](/developer-docs/api/get-permanent-link-state-for-sqllab-editor) | `/api/v1/sqllab/permalink/{key}` |
+| `GET` | [Get permanent link state for SQLLab editor.](/developer-docs/api/get-permanent-link-state-for-sql-lab-editor) | `/api/v1/sqllab/permalink/{key}` |
 
 </details>
 
@@ -363,10 +367,10 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
-| `POST` | [Create a dashboard's filter state](/developer-docs/api/create-a-dashboard-s-filter-state) | `/api/v1/dashboard/{pk}/filter_state` |
-| `DELETE` | [Delete a dashboard's filter state value](/developer-docs/api/delete-a-dashboard-s-filter-state-value) | `/api/v1/dashboard/{pk}/filter_state/{key}` |
-| `GET` | [Get a dashboard's filter state value](/developer-docs/api/get-a-dashboard-s-filter-state-value) | `/api/v1/dashboard/{pk}/filter_state/{key}` |
-| `PUT` | [Update a dashboard's filter state value](/developer-docs/api/update-a-dashboard-s-filter-state-value) | `/api/v1/dashboard/{pk}/filter_state/{key}` |
+| `POST` | [Create a dashboard's filter state](/developer-docs/api/create-a-dashboards-filter-state) | `/api/v1/dashboard/{pk}/filter_state` |
+| `DELETE` | [Delete a dashboard's filter state value](/developer-docs/api/delete-a-dashboards-filter-state-value) | `/api/v1/dashboard/{pk}/filter_state/{key}` |
+| `GET` | [Get a dashboard's filter state value](/developer-docs/api/get-a-dashboards-filter-state-value) | `/api/v1/dashboard/{pk}/filter_state/{key}` |
+| `PUT` | [Update a dashboard's filter state value](/developer-docs/api/update-a-dashboards-filter-state-value) | `/api/v1/dashboard/{pk}/filter_state/{key}` |
 
 </details>
 
@@ -406,16 +410,17 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 #### Security & Access Control
 
 <details>
-<summary><strong>Security Roles</strong> (10 endpoints) — Manage security roles and their permissions.</summary>
+<summary><strong>Security Roles</strong> (11 endpoints) — Manage security roles and their permissions.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
 | `GET` | [Get security roles](/developer-docs/api/get-security-roles) | `/api/v1/security/roles/` |
 | `POST` | [Create security roles](/developer-docs/api/create-security-roles) | `/api/v1/security/roles/` |
-| `GET` | [Get security roles info](/developer-docs/api/get-security-roles-info) | `/api/v1/security/roles/_info` |
+| `GET` | [Get security roles  info](/developer-docs/api/get-security-roles-info) | `/api/v1/security/roles/_info` |
 | `DELETE` | [Delete security roles by pk](/developer-docs/api/delete-security-roles-by-pk) | `/api/v1/security/roles/{pk}` |
 | `GET` | [Get security roles by pk](/developer-docs/api/get-security-roles-by-pk) | `/api/v1/security/roles/{pk}` |
 | `PUT` | [Update security roles by pk](/developer-docs/api/update-security-roles-by-pk) | `/api/v1/security/roles/{pk}` |
+| `PUT` | [Update security roles by role_id groups](/developer-docs/api/update-security-roles-by-role-id-groups) | `/api/v1/security/roles/{role_id}/groups` |
 | `POST` | [Create security roles by role_id permissions](/developer-docs/api/create-security-roles-by-role-id-permissions) | `/api/v1/security/roles/{role_id}/permissions` |
 | `GET` | [Get security roles by role_id permissions](/developer-docs/api/get-security-roles-by-role-id-permissions) | `/api/v1/security/roles/{role_id}/permissions/` |
 | `PUT` | [Update security roles by role_id users](/developer-docs/api/update-security-roles-by-role-id-users) | `/api/v1/security/roles/{role_id}/users` |
@@ -430,7 +435,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 |--------|----------|-------------|
 | `GET` | [Get security users](/developer-docs/api/get-security-users) | `/api/v1/security/users/` |
 | `POST` | [Create security users](/developer-docs/api/create-security-users) | `/api/v1/security/users/` |
-| `GET` | [Get security users info](/developer-docs/api/get-security-users-info) | `/api/v1/security/users/_info` |
+| `GET` | [Get security users  info](/developer-docs/api/get-security-users-info) | `/api/v1/security/users/_info` |
 | `DELETE` | [Delete security users by pk](/developer-docs/api/delete-security-users-by-pk) | `/api/v1/security/users/{pk}` |
 | `GET` | [Get security users by pk](/developer-docs/api/get-security-users-by-pk) | `/api/v1/security/users/{pk}` |
 | `PUT` | [Update security users by pk](/developer-docs/api/update-security-users-by-pk) | `/api/v1/security/users/{pk}` |
@@ -443,7 +448,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 | Method | Endpoint | Description |
 |--------|----------|-------------|
 | `GET` | [Get security permissions](/developer-docs/api/get-security-permissions) | `/api/v1/security/permissions/` |
-| `GET` | [Get security permissions info](/developer-docs/api/get-security-permissions-info) | `/api/v1/security/permissions/_info` |
+| `GET` | [Get security permissions  info](/developer-docs/api/get-security-permissions-info) | `/api/v1/security/permissions/_info` |
 | `GET` | [Get security permissions by pk](/developer-docs/api/get-security-permissions-by-pk) | `/api/v1/security/permissions/{pk}` |
 
 </details>
@@ -455,7 +460,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 |--------|----------|-------------|
 | `GET` | [Get security resources](/developer-docs/api/get-security-resources) | `/api/v1/security/resources/` |
 | `POST` | [Create security resources](/developer-docs/api/create-security-resources) | `/api/v1/security/resources/` |
-| `GET` | [Get security resources info](/developer-docs/api/get-security-resources-info) | `/api/v1/security/resources/_info` |
+| `GET` | [Get security resources  info](/developer-docs/api/get-security-resources-info) | `/api/v1/security/resources/_info` |
 | `DELETE` | [Delete security resources by pk](/developer-docs/api/delete-security-resources-by-pk) | `/api/v1/security/resources/{pk}` |
 | `GET` | [Get security resources by pk](/developer-docs/api/get-security-resources-by-pk) | `/api/v1/security/resources/{pk}` |
 | `PUT` | [Update security resources by pk](/developer-docs/api/update-security-resources-by-pk) | `/api/v1/security/resources/{pk}` |
@@ -463,13 +468,13 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 </details>
 
 <details>
-<summary><strong>Security Permissions on Resources (View Menus)</strong> (6 endpoints) — Manage permission-resource mappings.</summary>
+<summary><strong>Security Permissions on Resources (View Menus)</strong> (6 endpoints) — Permission-resource mappings.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
 | `GET` | [Get security permissions resources](/developer-docs/api/get-security-permissions-resources) | `/api/v1/security/permissions-resources/` |
 | `POST` | [Create security permissions resources](/developer-docs/api/create-security-permissions-resources) | `/api/v1/security/permissions-resources/` |
-| `GET` | [Get security permissions resources info](/developer-docs/api/get-security-permissions-resources-info) | `/api/v1/security/permissions-resources/_info` |
+| `GET` | [Get security permissions resources  info](/developer-docs/api/get-security-permissions-resources-info) | `/api/v1/security/permissions-resources/_info` |
 | `DELETE` | [Delete security permissions resources by pk](/developer-docs/api/delete-security-permissions-resources-by-pk) | `/api/v1/security/permissions-resources/{pk}` |
 | `GET` | [Get security permissions resources by pk](/developer-docs/api/get-security-permissions-resources-by-pk) | `/api/v1/security/permissions-resources/{pk}` |
 | `PUT` | [Update security permissions resources by pk](/developer-docs/api/update-security-permissions-resources-by-pk) | `/api/v1/security/permissions-resources/{pk}` |
@@ -477,7 +482,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 </details>
 
 <details>
-<summary><strong>Row Level Security</strong> (8 endpoints) — Manage row-level security rules for data access control.</summary>
+<summary><strong>Row Level Security</strong> (8 endpoints) — Manage row-level security rules for data access.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
@@ -495,7 +500,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 #### Import/Export & Administration
 
 <details>
-<summary><strong>Import/export</strong> (2 endpoints) — Import and export Superset assets (dashboards, charts, databases).</summary>
+<summary><strong>Import/export</strong> (2 endpoints) — Import and export Superset assets.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
@@ -528,11 +533,12 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 #### User & System
 
 <details>
-<summary><strong>Current User</strong> (2 endpoints) — Get information about the currently authenticated user.</summary>
+<summary><strong>Current User</strong> (3 endpoints) — Get information about the authenticated user.</summary>
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
 | `GET` | [Get the user object](/developer-docs/api/get-the-user-object) | `/api/v1/me/` |
+| `PUT` | [Update the current user](/developer-docs/api/update-the-current-user) | `/api/v1/me/` |
 | `GET` | [Get the user roles](/developer-docs/api/get-the-user-roles) | `/api/v1/me/roles/` |
 
 </details>
@@ -578,7 +584,23 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 
 | Method | Endpoint | Description |
 |--------|----------|-------------|
-| `GET` | [Get api by version openapi](/developer-docs/api/get-api-by-version-openapi) | `/api/{version}/_openapi` |
+| `GET` | [Get api by version  openapi](/developer-docs/api/get-api-by-version-openapi) | `/api/{version}/_openapi` |
+
+</details>
+
+#### Other
+
+<details>
+<summary><strong>Security Groups</strong> (6 endpoints) — Endpoints related to Security Groups.</summary>
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `GET` | [Get security groups](/developer-docs/api/get-security-groups) | `/api/v1/security/groups/` |
+| `POST` | [Create security groups](/developer-docs/api/create-security-groups) | `/api/v1/security/groups/` |
+| `GET` | [Get security groups  info](/developer-docs/api/get-security-groups-info) | `/api/v1/security/groups/_info` |
+| `DELETE` | [Delete security groups by pk](/developer-docs/api/delete-security-groups-by-pk) | `/api/v1/security/groups/{pk}` |
+| `GET` | [Get security groups by pk](/developer-docs/api/get-security-groups-by-pk) | `/api/v1/security/groups/{pk}` |
+| `PUT` | [Update security groups by pk](/developer-docs/api/update-security-groups-by-pk) | `/api/v1/security/groups/{pk}` |
 
 </details>
 
@@ -590,7 +612,7 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 | `DELETE` | [Bulk delete themes](/developer-docs/api/bulk-delete-themes) | `/api/v1/theme/` |
 | `GET` | [Get a list of themes](/developer-docs/api/get-a-list-of-themes) | `/api/v1/theme/` |
 | `POST` | [Create a theme](/developer-docs/api/create-a-theme) | `/api/v1/theme/` |
-| `GET` | [Get metadata information about this API resource (theme-info)](/developer-docs/api/get-metadata-information-about-this-api-resource-theme-info) | `/api/v1/theme/_info` |
+| `GET` | [Get metadata information about this API resource (theme--info)](/developer-docs/api/get-metadata-information-about-this-api-resource-theme-info) | `/api/v1/theme/_info` |
 | `DELETE` | [Delete a theme](/developer-docs/api/delete-a-theme) | `/api/v1/theme/{pk}` |
 | `GET` | [Get a theme](/developer-docs/api/get-a-theme) | `/api/v1/theme/{pk}` |
 | `PUT` | [Update a theme](/developer-docs/api/update-a-theme) | `/api/v1/theme/{pk}` |
@@ -604,6 +626,22 @@ curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
 
 </details>
 
+<details>
+<summary><strong>UserRegistrationsRestAPI</strong> (8 endpoints) — Endpoints related to UserRegistrationsRestAPI.</summary>
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| `GET` | [Get security user registrations](/developer-docs/api/get-security-user-registrations) | `/api/v1/security/user_registrations/` |
+| `POST` | [Create security user registrations](/developer-docs/api/create-security-user-registrations) | `/api/v1/security/user_registrations/` |
+| `GET` | [Get security user registrations  info](/developer-docs/api/get-security-user-registrations-info) | `/api/v1/security/user_registrations/_info` |
+| `DELETE` | [Delete security user registrations by pk](/developer-docs/api/delete-security-user-registrations-by-pk) | `/api/v1/security/user_registrations/{pk}` |
+| `GET` | [Get security user registrations by pk](/developer-docs/api/get-security-user-registrations-by-pk) | `/api/v1/security/user_registrations/{pk}` |
+| `PUT` | [Update security user registrations by pk](/developer-docs/api/update-security-user-registrations-by-pk) | `/api/v1/security/user_registrations/{pk}` |
+| `GET` | [Get distinct values from field data (security-user-registrations-distinct-column-name)](/developer-docs/api/get-distinct-values-from-field-data-security-user-registrations-distinct-column-name) | `/api/v1/security/user_registrations/distinct/{column_name}` |
+| `GET` | [Get related fields data (security-user-registrations-related-column-name)](/developer-docs/api/get-related-fields-data-security-user-registrations-related-column-name) | `/api/v1/security/user_registrations/related/{column_name}` |
+
+</details>
+
 ---
 
 ### Additional Resources

docs/developer_docs/components/design-system/dropdowncontainer.mdx

@@ -156,7 +156,7 @@ function SelectFilters() {
 ## Import
 
 ```tsx
-import { DropdownContainer } from '@superset/components';
+import { DropdownContainer } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/design-system/flex.mdx

@@ -186,7 +186,7 @@ function JustifyAlign() {
 ## Import
 
 ```tsx
-import { Flex } from '@superset/components';
+import { Flex } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/design-system/grid.mdx

@@ -181,7 +181,7 @@ function AlignmentDemo() {
 ## Import
 
 ```tsx
-import Grid from '@superset/components';
+import { Grid } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/design-system/layout.mdx

@@ -128,7 +128,7 @@ function RightSidebar() {
 ## Import
 
 ```tsx
-import { Layout } from '@superset/components';
+import { Layout } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/design-system/metadatabar.mdx

@@ -163,7 +163,7 @@ function FullMetadata() {
 ## Import
 
 ```tsx
-import MetadataBar from '@superset/components';
+import { MetadataBar } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/design-system/space.mdx

@@ -157,7 +157,7 @@ function SpaceSizes() {
 ## Import
 
 ```tsx
-import { Space } from '@superset/components';
+import { Space } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/design-system/table.mdx

@@ -300,7 +300,7 @@ function LoadingTable() {
 ## Import
 
 ```tsx
-import { Table } from '@superset/components';
+import { Table } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/index.mdx

@@ -23,7 +23,16 @@ sidebar_position: 0
     under the License.
 -->
 
-# Superset Design System
+import { ComponentIndex } from '@site/src/components/ui-components';
+import componentData from '@site/static/data/components.json';
+
+# UI Components
+
+<ComponentIndex data={componentData} />
+
+---
+
+## Design System
 
 A design system is a complete set of standards intended to manage design at scale using reusable components and patterns.
 
@@ -35,19 +44,6 @@ The Superset Design System uses [Atomic Design](https://bradfrost.com/blog/post/
 
 <img src="/img/atomic-design.png" alt="Atoms = Foundations, Molecules = Components, Organisms = Patterns, Templates = Templates, Pages / Screens = Features" style={{maxWidth: '100%'}} />
 
----
-
-## Component Library
-
-Interactive documentation for Superset's UI component library. **53 components** documented across 2 categories.
-
-### [Core Components](./ui/)
-46 components — Buttons, inputs, modals, selects, and other fundamental UI elements.
-
-### [Layout Components](./design-system/)
-7 components — Grid, Layout, Table, Flex, Space, and container components for page structure.
-
-
 ## Usage
 
 All components are exported from `@superset-ui/core/components`:

docs/developer_docs/components/ui/autocomplete.mdx

@@ -204,7 +204,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { AutoComplete } from '@superset/components';
+import { AutoComplete } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/avatar.mdx

@@ -129,7 +129,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { Avatar } from '@superset/components';
+import { Avatar } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/badge.mdx

@@ -149,7 +149,7 @@ function ColorGallery() {
 ## Import
 
 ```tsx
-import { Badge } from '@superset/components';
+import { Badge } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/breadcrumb.mdx

@@ -82,7 +82,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { Breadcrumb } from '@superset/components';
+import { Breadcrumb } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/button.mdx

@@ -43,7 +43,7 @@ The Button component from Superset's UI library.
 <StoryWithControls
   component="Button"
   props={{
-  buttonStyle: "default",
+  buttonStyle: "primary",
   buttonSize: "default",
   children: "Button!"
 }}
@@ -111,7 +111,7 @@ Edit the code below to experiment with the component:
 function Demo() {
   return (
     <Button
-      buttonStyle="default"
+      buttonStyle="primary"
       buttonSize="default"
     >
       Button!
@@ -124,14 +124,14 @@ function Demo() {
 
 | Prop | Type | Default | Description |
 |------|------|---------|-------------|
-| `buttonStyle` | `string` | `"default"` | The style variant of the button. |
+| `buttonStyle` | `string` | `"primary"` | The style variant of the button. |
 | `buttonSize` | `string` | `"default"` | The size of the button. |
 | `children` | `string` | `"Button!"` | The button text or content. |
 
 ## Import
 
 ```tsx
-import { Button } from '@superset/components';
+import { Button } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/buttongroup.mdx

@@ -77,7 +77,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { ButtonGroup } from '@superset/components';
+import { ButtonGroup } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/cachedlabel.mdx

@@ -68,7 +68,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { CachedLabel } from '@superset/components';
+import { CachedLabel } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/card.mdx

@@ -131,7 +131,7 @@ function CardStates() {
 ## Import
 
 ```tsx
-import { Card } from '@superset/components';
+import { Card } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/checkbox.mdx

@@ -130,7 +130,7 @@ function SelectAllDemo() {
 ## Import
 
 ```tsx
-import { Checkbox } from '@superset/components';
+import { Checkbox } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/collapse.mdx

@@ -95,7 +95,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { Collapse } from '@superset/components';
+import { Collapse } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/datepicker.mdx

@@ -99,7 +99,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { DatePicker } from '@superset/components';
+import { DatePicker } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/divider.mdx

@@ -133,7 +133,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { Divider } from '@superset/components';
+import { Divider } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/editabletitle.mdx

@@ -161,7 +161,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { EditableTitle } from '@superset/components';
+import { EditableTitle } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/emptystate.mdx

@@ -136,7 +136,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { EmptyState } from '@superset/components';
+import { EmptyState } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/favestar.mdx

@@ -85,7 +85,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { FaveStar } from '@superset/components';
+import { FaveStar } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/iconbutton.mdx

@@ -95,7 +95,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { IconButton } from '@superset/components';
+import { IconButton } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/icons.mdx

@@ -241,7 +241,7 @@ function IconWithText() {
 ## Import
 
 ```tsx
-import { Icons } from '@superset/components';
+import { Icons } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/icontooltip.mdx

@@ -89,7 +89,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { IconTooltip } from '@superset/components';
+import { IconTooltip } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/infotooltip.mdx

@@ -95,7 +95,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { InfoTooltip } from '@superset/components';
+import { InfoTooltip } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/input.mdx

@@ -151,7 +151,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { Input } from '@superset/components';
+import { Input } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/label.mdx

@@ -94,7 +94,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { Label } from '@superset/components';
+import { Label } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/list.mdx

@@ -106,7 +106,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { List } from '@superset/components';
+import { List } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/listviewcard.mdx

@@ -121,7 +121,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { ListViewCard } from '@superset/components';
+import { ListViewCard } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/loading.mdx

@@ -176,7 +176,7 @@ function ContextualDemo() {
 ## Import
 
 ```tsx
-import { Loading } from '@superset/components';
+import { Loading } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/menu.mdx

@@ -163,7 +163,7 @@ function MenuWithIcons() {
 ## Import
 
 ```tsx
-import { Menu } from '@superset/components';
+import { Menu } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/modal.mdx

@@ -196,7 +196,7 @@ function ConfirmationDialogs() {
 ## Import
 
 ```tsx
-import { Modal } from '@superset/components';
+import { Modal } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/modaltrigger.mdx

@@ -181,7 +181,7 @@ function DraggableModal() {
 ## Import
 
 ```tsx
-import { ModalTrigger } from '@superset/components';
+import { ModalTrigger } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/popover.mdx

@@ -188,7 +188,7 @@ function RichPopover() {
 ## Import
 
 ```tsx
-import { Popover } from '@superset/components';
+import { Popover } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/progressbar.mdx

@@ -195,7 +195,7 @@ function CustomColors() {
 ## Import
 
 ```tsx
-import { ProgressBar } from '@superset/components';
+import { ProgressBar } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/radio.mdx

@@ -126,7 +126,7 @@ function VerticalDemo() {
 ## Import
 
 ```tsx
-import { Radio } from '@superset/components';
+import { Radio } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/safemarkdown.mdx

@@ -74,7 +74,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { SafeMarkdown } from '@superset/components';
+import { SafeMarkdown } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/select.mdx

@@ -297,7 +297,7 @@ function OneLineDemo() {
 ## Import
 
 ```tsx
-import { Select } from '@superset/components';
+import { Select } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/skeleton.mdx

@@ -129,7 +129,7 @@ function Demo() {
 ## Import
 
 ```tsx
-import { Skeleton } from '@superset/components';
+import { Skeleton } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/slider.mdx

@@ -242,7 +242,7 @@ function VerticalDemo() {
 ## Import
 
 ```tsx
-import { Slider } from '@superset/components';
+import { Slider } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/steps.mdx

@@ -261,7 +261,7 @@ function DotAndSmall() {
 ## Import
 
 ```tsx
-import { Steps } from '@superset/components';
+import { Steps } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/switch.mdx

@@ -182,7 +182,7 @@ function SettingsPanel() {
 ## Import
 
 ```tsx
-import { Switch } from '@superset/components';
+import { Switch } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/tablecollection.mdx

@@ -52,12 +52,6 @@ function Demo() {
 
 
 
-## Import
-
-```tsx
-import { TableCollection } from '@superset/components';
-```
-
 ---
 
 :::tip[Improve this page]

docs/developer_docs/components/ui/tableview.mdx

@@ -283,7 +283,7 @@ function SortingDemo() {
 ## Import
 
 ```tsx
-import { TableView } from '@superset/components';
+import { TableView } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/tabs.mdx

@@ -212,7 +212,7 @@ function IconTabs() {
 ## Import
 
 ```tsx
-import { Tabs } from '@superset/components';
+import { Tabs } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/timer.mdx

@@ -161,7 +161,7 @@ function StartStop() {
 ## Import
 
 ```tsx
-import { Timer } from '@superset/components';
+import { Timer } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/tooltip.mdx

@@ -160,7 +160,7 @@ function Triggers() {
 ## Import
 
 ```tsx
-import { Tooltip } from '@superset/components';
+import { Tooltip } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/tree.mdx

@@ -257,7 +257,7 @@ function LinesAndIcons() {
 ## Import
 
 ```tsx
-import { Tree } from '@superset/components';
+import { Tree } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/treeselect.mdx

@@ -275,7 +275,7 @@ function TreeLinesDemo() {
 ## Import
 
 ```tsx
-import { TreeSelect } from '@superset/components';
+import { TreeSelect } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/typography.mdx

@@ -225,7 +225,7 @@ function TextStyles() {
 ## Import
 
 ```tsx
-import { Typography } from '@superset/components';
+import { Typography } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/unsavedchangesmodal.mdx

@@ -115,7 +115,7 @@ function CustomTitle() {
 ## Import
 
 ```tsx
-import { UnsavedChangesModal } from '@superset/components';
+import { UnsavedChangesModal } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/components/ui/upload.mdx

@@ -125,7 +125,7 @@ function DragDrop() {
 ## Import
 
 ```tsx
-import { Upload } from '@superset/components';
+import { Upload } from '@superset-ui/core/components';
 ```
 
 ---

docs/developer_docs/extensions/overview.md

@@ -43,7 +43,7 @@ Extensions can provide:
 
 ## UI Components for Extensions
 
-Extension developers have access to pre-built UI components via `@apache-superset/core/components`. Browse all available components on the [UI Components](/docs/components/) page and filter by **Extension Compatible** to see components available to extensions.
+Extension developers have access to pre-built UI components via `@apache-superset/core/components`. Browse all available components on the [UI Components](/developer-docs/components/) page and filter by **Extension Compatible** to see components available to extensions.
 
 ## Next Steps
 

docs/docs/using-superset/creating-your-first-dashboard.mdx

@@ -63,6 +63,12 @@ by clicking the **Connect** button in the bottom right corner of the modal windo
 
 Congratulations, you've just added a new data source in Superset!
 
+### Sharing a Database Connection
+
+When adding a new database, you can share the connection with other Superset users. Shared connections appear in other users' database lists, making it easier to collaborate on the same data without requiring each user to configure the same connection separately.
+
+To share a connection, enable the **Share connection with other users** option in the **Advanced** tab of the database connection modal before saving. You can change sharing settings later by editing the database connection.
+
 ### Registering a new table
 
 Now that you’ve configured a data source, you can select specific tables (called **Datasets** in Superset)
@@ -80,6 +86,22 @@ we register the **cleaned_sales_data** table from the **examples** database.
 
 To finish, click the **Add** button in the bottom right corner. You should now see your dataset in the list of datasets.
 
+### Organizing Datasets into Folders
+
+The Datasets list view supports **folders** for organizing datasets into groups. To create and manage folders:
+
+1. In the **Datasets** list, click the **Folders** panel on the left sidebar.
+2. Click **+ New Folder** to create a top-level folder, or drag an existing folder to nest it.
+3. Drag dataset rows onto a folder to move them in, or right-click a dataset and select **Move to folder**.
+
+Folders are per-user organizational aids — they do not affect dataset access permissions or how other users see the datasets.
+
+### Uploading Files via the OS File Manager (PWA)
+
+When Superset is installed as a **Progressive Web App (PWA)** from your browser, your operating system will offer Superset as an option when opening CSV, Excel (`.xls`/`.xlsx`), and Parquet files. Double-clicking or right-clicking a supported file and selecting "Open with Superset" navigates directly to the upload workflow for that file.
+
+To install Superset as a PWA, look for the install icon in your browser's address bar (Chrome, Edge) when visiting your Superset instance over HTTPS. PWA installation requires HTTPS and a valid manifest — your admin needs to confirm the app manifest is served correctly.
+
 ### Customizing column properties
 
 Now that you've registered your dataset, you can configure column properties
@@ -193,7 +215,7 @@ Access to dashboards is managed via owners and permissions. Non-owner access can
 through dataset permissions or dashboard-level roles (using the `DASHBOARD_RBAC` feature flag).
 
 For detailed information on configuring dashboard access, see the
-[Dashboard Access Control](/admin-docs/security/security#dashboard-access-control) section in the
+[Dashboard Access Control](/admin-docs/security/#dashboard-access-control) section in the
 Security documentation.
 
 <img src={useBaseUrl("/img/tutorial/tutorial_dashboard_access.png" )} />
@@ -234,6 +256,64 @@ For example, when running the local development build, the following will disabl
 Top Nav and remove the Filter Bar:
 `http://localhost:8088/superset/dashboard/my-dashboard/?standalone=1&show_filters=0`
 
+### AG Grid Interactive Table
+
+The **AG Grid Interactive Table** chart type is Superset's fully-featured data grid, suitable for large paginated datasets where the standard Table chart is not enough.
+
+#### Server-Side Column Filters
+
+AG Grid supports server-side column filters that query the full dataset — not just the loaded page. Filters are applied before data is sent to the browser, so results are correct even across millions of rows.
+
+**Available filter types:**
+
+| Column type | Filter options |
+|---|---|
+| Text | Contains, equals, starts with, ends with |
+| Number | Equals, not equal, less than, greater than, between |
+| Date | Before, after, between, blank |
+| Set | Select from a list of distinct values |
+
+**AND / OR logic:** Each column supports combining multiple conditions with AND or OR. Filters from different columns are always combined with AND.
+
+**Interaction with pagination:** Server-side filters run as WHERE clauses in the underlying SQL query, so pagination always operates over the already-filtered result set.
+
+#### Time Shift (Time Comparison)
+
+AG Grid Interactive Table supports **Time Shift** (time comparison), matching the behavior of the standard Table chart. In the **Advanced Analytics** → **Time Comparison** section of the chart configuration, enter a shift expression (e.g., `1 year ago`, `minus 7 days`) to add comparison columns showing values from the offset period. Dashboard-level time range overrides apply to both the base and comparison periods.
+
+### Dynamic Currency Formatting
+
+Chart metric values can display currencies dynamically rather than using a fixed currency code. To enable:
+
+1. Open the dataset editor for your dataset (**Datasets → Edit**).
+2. In the **Advanced** tab, set **Currency Code Column** to the name of a column in your dataset that contains ISO 4217 currency codes (e.g., `USD`, `EUR`, `GBP`).
+3. In the Explore chart configuration, open the metric's **Number format** section and select **Auto-detect** for currency.
+
+When Auto-detect is active, each row uses the currency code from the designated column, so a single chart can display values in multiple currencies — each formatted correctly for its currency.
+
+### ECharts Option Editor
+
+For ECharts-based chart types (line, bar, area, scatter, pie, and others), Explore includes an advanced **ECharts Option Editor** that accepts raw JSON overrides for the underlying ECharts configuration.
+
+Access it via the **Customize** tab → **ECharts Options** section at the bottom of the panel. The JSON you enter is deep-merged on top of Superset's generated ECharts config, so you can override specific options without rewriting the entire config.
+
+**Example:** override the legend position and add a custom title:
+
+```json
+{
+  "legend": { "orient": "vertical", "right": "5%", "top": "middle" },
+  "title": { "text": "My Custom Title", "left": "center" }
+}
+```
+
+:::caution
+ECharts option overrides bypass Superset's validation layer. Invalid option keys are silently ignored by ECharts. Overrides that conflict with Superset-generated options (e.g., `series`) may produce unexpected results.
+:::
+
+### Table Chart: Exporting Filtered Data
+
+When the **Search Box** is visible in a Table chart, the **Download** action exports only the rows currently visible after the search filter is applied — not the full underlying dataset. This matches the visual output and is intentional. To export the full dataset regardless of search state, use the **Download as CSV** option from the chart's three-dot menu in the dashboard or from the Explore chart toolbar before applying a search filter.
+
 :::resources
 - [Dashboard Customization](https://docs.preset.io/docs/dashboard-customization) - Advanced dashboard styling and layout options
 - [Blog: BI Dashboard Best Practices](https://preset.io/blog/bi-dashboard-best-practices/)

docs/docs/using-superset/embedding.mdx

@@ -0,0 +1,130 @@
+{/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/}
+
+---
+title: Embedding Superset
+sidebar_position: 6
+---
+
+# Embedding Superset
+
+Superset dashboards can be embedded directly in host applications using the `@superset-ui/embedded-sdk` package.
+
+:::info Prerequisites
+- The `EMBEDDED_SUPERSET` feature flag must be enabled.
+- The embedding domain and allowed origins must be configured by an admin.
+:::
+
+## Quick Start
+
+Install the SDK:
+
+```bash
+npm install @superset-ui/embedded-sdk
+```
+
+Embed a dashboard:
+
+```javascript
+import { embedDashboard } from '@superset-ui/embedded-sdk';
+
+embedDashboard({
+  id: 'dashboard-uuid-here',          // from Dashboard → Embed
+  supersetDomain: 'https://superset.example.com',
+  mountPoint: document.getElementById('superset-container'),
+  fetchGuestToken: () => fetchTokenFromYourBackend(),
+  dashboardUiConfig: {
+    hideTitle: true,
+    filters: { expanded: false },
+  },
+});
+```
+
+`fetchGuestToken` must return a **guest token** obtained from your server by calling Superset's `/api/v1/security/guest_token/` endpoint with a service account. Do not call this endpoint from client-side code.
+
+---
+
+## Callbacks
+
+### `resolvePermalinkUrl`
+
+When a user copies a permalink from an embedded dashboard, Superset generates a URL on its own domain. In an embedded context this URL is usually not meaningful to the host application's users — the dashboard is rendered inside the host app, not at the Superset URL.
+
+The `resolvePermalinkUrl` callback lets the host app intercept permalink generation and return a URL on the host domain instead:
+
+```javascript
+embedDashboard({
+  id: 'my-dashboard-uuid',
+  supersetDomain: 'https://superset.example.com',
+  mountPoint: document.getElementById('superset-container'),
+  fetchGuestToken: () => fetchGuestToken(),
+  /**
+   * Called when Superset generates a permalink.
+   * @param {Object} args - { key: string } — the permalink key
+   * @returns {string | null} - your host URL, or null to use Superset's default
+   */
+  resolvePermalinkUrl: ({ key }) => {
+    return `https://myapp.example.com/dashboard?permalink=${key}`;
+  },
+});
+```
+
+If the callback returns `null` or is not provided, Superset uses its own permalink URL as a fallback.
+
+---
+
+## Feature Flags for Embedded Mode
+
+### `DISABLE_EMBEDDED_SUPERSET_LOGOUT`
+
+Hides the logout button when Superset is embedded in a host application. This is useful when the host application manages the session lifecycle and you do not want users to accidentally log out of the embedded Superset session:
+
+```python
+# superset_config.py
+FEATURE_FLAGS = {
+    "EMBEDDED_SUPERSET": True,
+    "DISABLE_EMBEDDED_SUPERSET_LOGOUT": True,
+}
+```
+
+When enabled, the **Logout** menu item is removed from the user avatar dropdown in the embedded view. The session can still be invalidated server-side by revoking the guest token.
+
+### `EMBEDDED_SUPERSET`
+
+Must be `True` to enable the embedded SDK and the guest token endpoint. Without this flag, `embedDashboard` will fail to load.
+
+---
+
+## URL Parameters
+
+The following URL parameters can be passed through the `urlParams` option in `dashboardUiConfig` or appended to the embedded iframe URL:
+
+| Parameter | Values | Effect |
+|-----------|--------|--------|
+| `standalone` | `0`, `1`, `2`, `3` | `0`: normal; `1`: hide nav; `2`: hide nav + title; `3`: hide nav + title + tabs |
+| `show_filters` | `0`, `1` | Show or hide the native filter bar |
+| `expand_filters` | `0`, `1` | Start with filter bar expanded or collapsed |
+
+---
+
+## Security Notes
+
+- **Guest tokens expire** — their lifetime is controlled by the `GUEST_TOKEN_JWT_EXP_SECONDS` config (default: 5 minutes). Refresh tokens before they expire using a token refresh mechanism in your host app.
+- **Row-level security** — pass `rls` rules in the guest token request to restrict which rows are visible to the embedded user.
+- **Allowed domains** — restrict which host origins can embed a dashboard by setting **Allowed Domains** per-dashboard in the *Embed* settings modal. Superset checks the request's `Referer` header against this list before serving the embedded view; an empty list allows any origin, so configure this explicitly for production.

docs/docs/using-superset/exploring-data.mdx

@@ -329,6 +329,27 @@ various options in this section, refer to the
 Lastly, save your chart as Tutorial Resample and add it to the Tutorial Dashboard. Go to the
 tutorial dashboard to see the four charts side by side and compare the different outputs.
 
+### SQL Lab Tips
+
+**Schema and table browser**: The left-side table browser uses a collapsible treeview — click a schema to expand its tables, and click a table to see its columns and sample data inline. This makes navigating large schemas much faster than the previous flat list.
+
+**Find in editor**: Press **Ctrl+F** (or **Cmd+F** on Mac) to open the Monaco find/replace widget inside the SQL editor without leaving the editor.
+
+**Resizable panels**: The dividers between the SQL editor, schema browser, and results pane are draggable. Adjust them to match your workflow and screen size.
+
+**Dialect-aware Format SQL**: The **Format SQL** button applies the SQL dialect of the currently selected database — Trino, Presto, MySQL, PostgreSQL, etc. — rather than a generic formatter. Switch to a different database in the toolbar and re-format to get dialect-specific output. Jinja template syntax (`{{ }}`, `{% %}`) is preserved during formatting and will not cause format errors.
+
+### Time Range Natural Language Expressions
+
+The **Custom** time range picker accepts natural language expressions alongside specific dates:
+
+- **Relative**: `Last 7 days`, `Last month`, `Last quarter`, `Last year`
+- **Anchored**: `previous calendar week`, `previous calendar month`
+- **"First of" expressions**: `first day of this week`, `first day of this month`, `first day of this quarter`, `first day of this year`, `first week of this year`
+- **Offsets**: `30 days ago`, `1 year ago`, `next week`
+
+These expressions are evaluated at query time, so saved charts always display data relative to the current date.
+
 :::resources
 - [Chart Walkthroughs](https://docs.preset.io/docs/chart-walkthroughs) - Detailed guides for most chart types
 - [Blog: Why Apache ECharts is the Future of Apache Superset](https://preset.io/blog/2021-4-1-why-echarts/)

docs/docs/using-superset/using-ai-with-superset.mdx

@@ -56,8 +56,8 @@ Ask your AI assistant to browse what's available in your Superset instance:
 Describe the visualization you want and AI creates it for you:
 
 - **Create charts from natural language** -- describe what you want to see and AI picks the right chart type, metrics, and dimensions
-- **Preview before saving** -- AI generates a preview so you can review before committing
-- **Modify existing charts** -- update filters, change chart types, add metrics
+- **Preview before saving** -- `generate_chart` defaults to `save_chart=False`, showing the chart in Explore before it's committed. Ask AI to save once you're satisfied.
+- **Modify existing charts** -- `update_chart` also supports preview mode so you can review changes before saving
 - **Get Explore links** -- open any chart in Superset's Explore view for further refinement
 
 **Example prompts:**
@@ -195,27 +195,59 @@ Ask your admin for the MCP server URL and any authentication tokens you need.
 
 ## Available Tools Reference
 
+### Exploration & Discovery
+
 | Tool | Description |
 |------|-------------|
 | `health_check` | Verify the MCP server is running and connected |
 | `get_instance_info` | Get instance statistics (dataset, chart, dashboard counts) |
 | `get_schema` | Discover available charts, datasets, and dashboards with schema info |
+
+### Datasets
+
+| Tool | Description |
+|------|-------------|
 | `list_datasets` | List datasets with filtering and search |
 | `get_dataset_info` | Get dataset metadata (columns, metrics, filters) |
+| `create_virtual_dataset` | Create a virtual dataset from a SQL query |
+
+### Charts
+
+| Tool | Description |
+|------|-------------|
 | `list_charts` | List charts with filtering and search |
 | `get_chart_info` | Get chart metadata and configuration |
 | `get_chart_data` | Retrieve chart data (JSON, CSV, or Excel) |
 | `get_chart_preview` | Generate a chart preview (URL, ASCII, table, or Vega-Lite) |
-| `generate_chart` | Create a new chart from a specification |
-| `update_chart` | Modify an existing chart's configuration |
+| `get_chart_type_schema` | Get the configuration schema for a chart type |
+| `generate_chart` | Create a new chart from a specification (defaults to preview mode — review before saving) |
+| `update_chart` | Modify an existing chart's configuration (pass `generate_preview=False` to persist immediately instead of returning a preview URL) |
 | `update_chart_preview` | Update a cached chart preview without saving |
+| `generate_explore_link` | Generate an Explore URL for interactive visualization |
+
+### Dashboards
+
+| Tool | Description |
+|------|-------------|
 | `list_dashboards` | List dashboards with filtering and search |
 | `get_dashboard_info` | Get dashboard metadata and layout |
 | `generate_dashboard` | Create a new dashboard with specified charts |
 | `add_chart_to_existing_dashboard` | Add a chart to an existing dashboard |
+
+### SQL
+
+| Tool | Description |
+|------|-------------|
 | `execute_sql` | Run a SQL query with RBAC enforcement |
+| `save_sql_query` | Persist a SQL query to SQL Lab's saved queries |
 | `open_sql_lab_with_context` | Open SQL Lab with a pre-populated query |
-| `generate_explore_link` | Generate an Explore URL for interactive visualization |
+
+### Databases
+
+| Tool | Description |
+|------|-------------|
+| `list_databases` | List configured database connections |
+| `get_database_info` | Get details about a specific database connection |
 
 ---
 

docs/docusaurus.config.ts

@@ -178,7 +178,7 @@ if (!versionsConfig.admin_docs.disabled) {
       },
       {
         label: 'Security',
-        to: '/admin-docs/security/security',
+        to: '/admin-docs/security/',
         activeBaseRegex: '^/admin-docs/security/',
       },
     ],
@@ -227,35 +227,28 @@ if (!versionsConfig.developer_docs.disabled && !versionsConfig.developer_docs.hi
   });
 }
 
-// Docusaurus Faster: Rspack bundler, SWC transpilation, and other build
-// optimizations. Only enabled for local development — CI runners (GitHub
-// Actions, Netlify) have ~8GB RAM and these features push memory usage over
-// the limit. See https://docusaurus.io/blog/releases/3.6#docusaurus-faster
-const isCI = process.env.CI === 'true';
 
 const config: Config = {
-  ...(!isCI && {
-    future: {
-      v4: {
-        removeLegacyPostBuildHeadAttribute: true,
-        // Disabled: CSS cascade layers change specificity and cause antd
-        // styles (from Storybook component pages) to override theme styles
-        useCssCascadeLayers: false,
-      },
-      experimental_faster: {
-        swcJsLoader: true,
-        swcJsMinimizer: true,
-        swcHtmlMinimizer: true,
-        lightningCssMinimizer: true,
-        rspackBundler: true,
-        mdxCrossCompilerCache: true,
-        rspackPersistentCache: true,
-        // SSG worker threads spawn parallel Node processes, each consuming
-        // significant memory. Disabled to keep total usage reasonable.
-        ssgWorkerThreads: false,
-      },
+  future: {
+    v4: {
+      removeLegacyPostBuildHeadAttribute: true,
+      // Disabled: CSS cascade layers change specificity and cause antd
+      // styles (from Storybook component pages) to override theme styles
+      useCssCascadeLayers: false,
     },
-  }),
+    faster: {
+      swcJsLoader: false,
+      swcJsMinimizer: true,
+      swcHtmlMinimizer: true,
+      lightningCssMinimizer: true,
+      rspackBundler: true,
+      mdxCrossCompilerCache: true,
+      rspackPersistentCache: true,
+      // SSG worker threads spawn parallel Node processes, each consuming
+      // significant memory. Disabled to keep total usage reasonable.
+      ssgWorkerThreads: false,
+    },
+  },
   title: 'Superset',
   tagline:
     'Apache Superset is a modern data exploration and visualization platform',

docs/package.json

@@ -40,13 +40,13 @@
     "version:remove:components": "node scripts/manage-versions.mjs remove components"
   },
   "dependencies": {
-    "@ant-design/icons": "^6.1.1",
-    "@docusaurus/core": "3.9.2",
+    "@ant-design/icons": "^6.2.0",
+    "@docusaurus/core": "^3.10.0",
     "@docusaurus/faster": "^3.10.0",
-    "@docusaurus/plugin-client-redirects": "3.9.2",
-    "@docusaurus/preset-classic": "3.9.2",
-    "@docusaurus/theme-live-codeblock": "^3.9.2",
-    "@docusaurus/theme-mermaid": "^3.9.2",
+    "@docusaurus/plugin-client-redirects": "^3.10.0",
+    "@docusaurus/preset-classic": "3.10.0",
+    "@docusaurus/theme-live-codeblock": "^3.10.0",
+    "@docusaurus/theme-mermaid": "^3.10.0",
     "@emotion/core": "^11.0.0",
     "@emotion/react": "^11.13.3",
     "@emotion/styled": "^11.14.1",
@@ -67,12 +67,12 @@
     "@storybook/preview-api": "^8.6.18",
     "@storybook/theming": "^8.6.15",
     "@superset-ui/core": "^0.20.4",
-    "@swc/core": "^1.15.21",
-    "antd": "^6.3.5",
-    "baseline-browser-mapping": "^2.10.16",
-    "caniuse-lite": "^1.0.30001788",
-    "docusaurus-plugin-openapi-docs": "^4.6.0",
-    "docusaurus-theme-openapi-docs": "^4.6.0",
+    "@swc/core": "^1.15.30",
+    "antd": "^6.3.7",
+    "baseline-browser-mapping": "^2.10.21",
+    "caniuse-lite": "^1.0.30001791",
+    "docusaurus-plugin-openapi-docs": "^5.0.1",
+    "docusaurus-theme-openapi-docs": "^5.0.1",
     "js-yaml": "^4.1.1",
     "js-yaml-loader": "^1.2.2",
     "json-bigint": "^1.0.0",
@@ -98,16 +98,16 @@
     "@types/js-yaml": "^4.0.9",
     "@types/react": "^19.1.8",
     "@typescript-eslint/eslint-plugin": "^8.52.0",
-    "@typescript-eslint/parser": "^8.56.1",
+    "@typescript-eslint/parser": "^8.59.0",
     "eslint": "^9.39.2",
     "eslint-config-prettier": "^10.1.8",
     "eslint-plugin-prettier": "^5.5.5",
     "eslint-plugin-react": "^7.37.5",
-    "globals": "^17.4.0",
-    "prettier": "^3.8.1",
-    "typescript": "~5.9.3",
-    "typescript-eslint": "^8.58.0",
-    "webpack": "^5.105.4"
+    "globals": "^17.5.0",
+    "prettier": "^3.8.3",
+    "typescript": "~6.0.3",
+    "typescript-eslint": "^8.59.0",
+    "webpack": "^5.106.2"
   },
   "browserslist": {
     "production": [
@@ -124,7 +124,8 @@
   "resolutions": {
     "react-redux": "^9.2.0",
     "@reduxjs/toolkit": "^2.5.0",
-    "baseline-browser-mapping": "^2.9.19"
+    "baseline-browser-mapping": "^2.9.19",
+    "webpackbar": "^7.0.0"
   },
   "packageManager": "yarn@1.22.22+sha1.ac34549e6aa8e7ead463a7407e1c7390f61a6610"
 }

docs/scripts/generate-database-docs.mjs

@@ -141,6 +141,47 @@ def eval_node(node):
         return "<f-string>"
     return None
 
+def static_return_bool(func_node):
+    """
+    Statically resolve a method's return value to a bool when possible.
+
+    Returns True/False for functions whose body is (effectively) a single
+    \`return True\` / \`return False\` — allowing a leading docstring and
+    ignoring pure-comment/pass statements. Returns None for anything more
+    complex (conditional returns, computed values, no return, etc.).
+
+    Used by \`has_implicit_cancel\` handling: \`diagnose()\` in lib.py calls
+    the method and checks the return value, so an override that explicitly
+    returns False must NOT be treated as enabling query cancelation.
+    """
+    returns = []
+    other_logic = False
+    docstring_skipped = False
+    for stmt in func_node.body:
+        # Skip docstring (only the FIRST expression statement that is a
+        # string constant — later bare string literals are not docstrings
+        # and should count as non-trivial logic).
+        if (not docstring_skipped
+                and isinstance(stmt, ast.Expr)
+                and isinstance(stmt.value, ast.Constant)
+                and isinstance(stmt.value.value, str)):
+            docstring_skipped = True
+            continue
+        if isinstance(stmt, ast.Pass):
+            continue
+        if isinstance(stmt, ast.Return):
+            returns.append(stmt)
+            continue
+        # Any other statement (if/for/assign/etc.) means control flow is
+        # non-trivial; bail out to be conservative.
+        other_logic = True
+        break
+    if other_logic or len(returns) != 1:
+        return None
+    val = eval_node(returns[0].value)
+    return val if isinstance(val, bool) else None
+
+
 def deep_merge(base, override):
     """Deep merge two dictionaries. Override values take precedence."""
     if base is None:
@@ -186,8 +227,55 @@ if not os.path.isdir(specs_dir):
     print(json.dumps({"error": f"Directory not found: {specs_dir}", "cwd": os.getcwd()}))
     sys.exit(1)
 
-# First pass: collect all class info (name, bases, metadata)
-class_info = {}  # class_name -> {bases: [], metadata: {}, engine_name: str, filename: str}
+# Capability flag attributes with their defaults from BaseEngineSpec
+CAP_ATTR_DEFAULTS = {
+    'supports_dynamic_schema': False,
+    'supports_catalog': False,
+    'supports_dynamic_catalog': False,
+    'disable_ssh_tunneling': False,
+    'supports_file_upload': True,
+    'allows_joins': True,
+    'allows_subqueries': True,
+}
+
+# Maps source capability attribute -> output field name used in databases.json.
+# When a cap attr is assigned an unevaluable expression (e.g.
+# allows_joins = is_feature_enabled("DRUID_JOINS")), the JS layer uses this
+# mapping to preserve the corresponding field from the previously-generated
+# JSON rather than silently inheriting an incorrect parent default.
+CAP_ATTR_TO_OUTPUT_FIELD = {
+    'allows_joins': 'joins',
+    'allows_subqueries': 'subqueries',
+    'supports_dynamic_schema': 'supports_dynamic_schema',
+    'supports_catalog': 'supports_catalog',
+    'supports_dynamic_catalog': 'supports_dynamic_catalog',
+    'disable_ssh_tunneling': 'ssh_tunneling',
+    'supports_file_upload': 'supports_file_upload',
+}
+
+# Methods that indicate a capability when overridden by a non-BaseEngineSpec class.
+# Mirrors the has_custom_method checks in superset/db_engine_specs/lib.py.
+# cancel_query / has_implicit_cancel -> query_cancelation
+#   (diagnose() checks cancel_query override OR has_implicit_cancel() == True;
+#    base has_implicit_cancel returns False, so overriding it is the static
+#    equivalent of that method returning True. get_cancel_query_id is NOT
+#    part of the diagnose() heuristic and is intentionally excluded.)
+# estimate_statement_cost / estimate_query_cost -> query_cost_estimation
+# impersonate_user / update_impersonation_config / get_url_for_impersonation -> user_impersonation
+# validate_sql -> sql_validation (not used yet; validation is engine-based)
+CAP_METHODS = {
+    'cancel_query', 'has_implicit_cancel',
+    'estimate_statement_cost', 'estimate_query_cost',
+    'impersonate_user', 'update_impersonation_config', 'get_url_for_impersonation',
+    'validate_sql',
+}
+
+# Only the literal BaseEngineSpec is excluded from method-override tracking.
+# Intermediate base classes (e.g. PrestoBaseEngineSpec) do count as overrides.
+TRUE_BASE_CLASS = 'BaseEngineSpec'
+
+# First pass: collect all class info (name, bases, metadata, cap_attrs, direct_methods)
+class_info = {}  # class_name -> {bases: [], metadata: {}, engine_name: str, filename: str, ...}
 
 for filename in sorted(os.listdir(specs_dir)):
     if not filename.endswith('.py') or filename in ('__init__.py', 'lib.py', 'lint_metadata.py'):
@@ -218,30 +306,54 @@ for filename in sorted(os.listdir(specs_dir)):
 
             # Extract class attributes
             engine_name = None
+            engine_attr = None
             metadata = None
+            cap_attrs = {}   # capability flag attributes defined directly in this class
+            # Cap attrs assigned via expressions we can't statically resolve
+            # (e.g. is_feature_enabled("FLAG")). Tracked so the JS layer can
+            # fall back to the previously-generated databases.json value
+            # rather than inherit a parent default that would be wrong.
+            unresolved_cap_attrs = set()
+            direct_methods = set()  # capability methods defined directly in this class
 
             for item in node.body:
                 if isinstance(item, ast.Assign):
                     for target in item.targets:
-                        if isinstance(target, ast.Name):
-                            if target.id == 'engine_name':
-                                val = eval_node(item.value)
-                                if isinstance(val, str):
-                                    engine_name = val
-                            elif target.id == 'metadata':
-                                metadata = eval_node(item.value)
+                        if not isinstance(target, ast.Name):
+                            continue
+                        if target.id == 'engine_name':
+                            val = eval_node(item.value)
+                            if isinstance(val, str):
+                                engine_name = val
+                        elif target.id == 'engine':
+                            val = eval_node(item.value)
+                            if isinstance(val, str):
+                                engine_attr = val
+                        elif target.id == 'metadata':
+                            metadata = eval_node(item.value)
+                        elif target.id in CAP_ATTR_DEFAULTS:
+                            val = eval_node(item.value)
+                            if isinstance(val, bool):
+                                cap_attrs[target.id] = val
+                            else:
+                                # Unevaluable expression — defer to JS fallback.
+                                unresolved_cap_attrs.add(target.id)
+                elif isinstance(item, (ast.FunctionDef, ast.AsyncFunctionDef)):
+                    if item.name in CAP_METHODS:
+                        # has_implicit_cancel is special: diagnose() uses the
+                        # method's RETURN VALUE, not just its presence. If the
+                        # override statically returns False, treat it as if
+                        # the method weren't overridden so query_cancelation
+                        # matches diagnose(). Unresolvable / True / anything
+                        # else falls through as an override (conservative).
+                        if item.name == 'has_implicit_cancel':
+                            if static_return_bool(item) is False:
+                                continue
+                        direct_methods.add(item.name)
 
             # Check for engine attribute with non-empty value to distinguish
             # true base classes from product classes like OceanBaseEngineSpec
-            has_non_empty_engine = False
-            for item in node.body:
-                if isinstance(item, ast.Assign):
-                    for target in item.targets:
-                        if isinstance(target, ast.Name) and target.id == 'engine':
-                            # Check if engine value is non-empty string
-                            if isinstance(item.value, ast.Constant):
-                                has_non_empty_engine = bool(item.value.value)
-                            break
+            has_non_empty_engine = engine_attr is not None and bool(engine_attr)
 
             # True base classes: end with BaseEngineSpec AND don't define engine
             # or have empty engine (like PostgresBaseEngineSpec with engine = "")
@@ -254,13 +366,18 @@ for filename in sorted(os.listdir(specs_dir)):
                 'bases': base_names,
                 'metadata': metadata,
                 'engine_name': engine_name,
+                'engine': engine_attr,
                 'filename': filename,
                 'is_base_or_mixin': is_true_base,
+                'cap_attrs': cap_attrs,
+                'unresolved_cap_attrs': unresolved_cap_attrs,
+                'direct_methods': direct_methods,
             }
     except Exception as e:
         errors.append(f"{filename}: {str(e)}")
 
-# Second pass: resolve inheritance and build final metadata
+# Second pass: resolve inheritance and build final metadata + capability flags
+
 def get_inherited_metadata(class_name, visited=None):
     """Recursively get metadata from parent classes."""
     if visited is None:
@@ -286,6 +403,64 @@ def get_inherited_metadata(class_name, visited=None):
 
     return inherited
 
+def get_resolved_caps(class_name, visited=None):
+    """
+    Resolve capability flags and method overrides with inheritance.
+
+    Returns (attr_values, unresolved, methods):
+      - attr_values: {attr: bool} for attrs where the nearest MRO assignment
+        was a literal bool. Defaults are applied at the call site.
+      - unresolved: attrs where the nearest MRO assignment was an unevaluable
+        expression (e.g. is_feature_enabled("FLAG")). The JS layer falls
+        back to the previously-generated JSON value for these.
+      - methods: capability methods defined directly in some non-base ancestor,
+        matching the has_custom_method() logic in db_engine_specs/lib.py.
+
+    attr_values and unresolved are disjoint — an attr is in at most one.
+    """
+    if visited is None:
+        visited = set()
+    if class_name in visited:
+        return {}, set(), set()
+    visited.add(class_name)
+
+    info = class_info.get(class_name)
+    if not info:
+        return {}, set(), set()
+
+    attr_values = {}
+    unresolved = set()
+    resolved_methods = set()
+
+    # Collect from parents, iterating right-to-left so leftmost bases win
+    # (matches Python MRO: for class C(A, B), A's attributes take precedence).
+    for base_name in reversed(info['bases']):
+        p_vals, p_unres, p_meth = get_resolved_caps(base_name, visited.copy())
+        # A parent's literal assignments overwrite whatever we inherited so far.
+        for attr, val in p_vals.items():
+            attr_values[attr] = val
+            unresolved.discard(attr)
+        # A parent's unresolved assignments likewise take precedence.
+        for attr in p_unres:
+            unresolved.add(attr)
+            attr_values.pop(attr, None)
+        resolved_methods.update(p_meth)
+
+    # Apply this class's own assignments (override parents).
+    for attr, val in info['cap_attrs'].items():
+        attr_values[attr] = val
+        unresolved.discard(attr)
+    for attr in info['unresolved_cap_attrs']:
+        unresolved.add(attr)
+        attr_values.pop(attr, None)
+
+    # Accumulate method overrides, but skip the literal BaseEngineSpec
+    # (its implementations are stubs; only non-base overrides count).
+    if class_name != TRUE_BASE_CLASS:
+        resolved_methods.update(info['direct_methods'])
+
+    return attr_values, unresolved, resolved_methods
+
 for class_name, info in class_info.items():
     # Skip base classes and mixins
     if info['is_base_or_mixin']:
@@ -310,7 +485,14 @@ for class_name, info in class_info.items():
 
     if final_metadata and isinstance(final_metadata, dict) and display_name:
         debug_info["classes_with_metadata"] += 1
-        databases[display_name] = {
+
+        # Resolve capability flags from Python source
+        attr_values, unresolved_caps, cap_methods = get_resolved_caps(class_name)
+        cap_attrs = dict(CAP_ATTR_DEFAULTS)
+        cap_attrs.update(attr_values)
+        engine_attr = info.get('engine') or ''
+
+        entry = {
             'engine': display_name.lower().replace(' ', '_'),
             'engine_name': display_name,
             'module': info['filename'][:-3],  # Remove .py extension
@@ -318,19 +500,40 @@ for class_name, info in class_info.items():
             'time_grains': {},
             'score': 0,
             'max_score': 0,
-            'joins': True,
-            'subqueries': True,
-            'supports_dynamic_schema': False,
-            'supports_catalog': False,
-            'supports_dynamic_catalog': False,
-            'ssh_tunneling': False,
-            'query_cancelation': False,
-            'supports_file_upload': False,
-            'user_impersonation': False,
-            'query_cost_estimation': False,
-            'sql_validation': False,
+            # Capability flags read from engine spec class attributes/methods
+            'joins': cap_attrs['allows_joins'],
+            'subqueries': cap_attrs['allows_subqueries'],
+            'supports_dynamic_schema': cap_attrs['supports_dynamic_schema'],
+            'supports_catalog': cap_attrs['supports_catalog'],
+            'supports_dynamic_catalog': cap_attrs['supports_dynamic_catalog'],
+            'ssh_tunneling': not cap_attrs['disable_ssh_tunneling'],
+            'supports_file_upload': cap_attrs['supports_file_upload'],
+            # Method-based flags: True only when a non-base class overrides them.
+            # Matches diagnose() in lib.py: cancel_query override OR
+            # has_implicit_cancel() returning True (which, given the base
+            # returns False, is equivalent to overriding has_implicit_cancel).
+            'query_cancelation': bool({'cancel_query', 'has_implicit_cancel'} & cap_methods),
+            'query_cost_estimation': bool({'estimate_statement_cost', 'estimate_query_cost'} & cap_methods),
+            # SQL validation is implemented in external validator classes keyed by engine name
+            'sql_validation': engine_attr in {'presto', 'postgresql'},
+            'user_impersonation': bool(
+                {'impersonate_user', 'update_impersonation_config', 'get_url_for_impersonation'} & cap_methods
+            ),
         }
 
+        # Tell the JS layer which output fields were populated from the
+        # BaseEngineSpec default because the source assignment was an
+        # unevaluable expression; those get overridden from existing JSON.
+        unresolved_fields = sorted(
+            CAP_ATTR_TO_OUTPUT_FIELD[attr]
+            for attr in unresolved_caps
+            if attr in CAP_ATTR_TO_OUTPUT_FIELD
+        )
+        if unresolved_fields:
+            entry['_unresolved_cap_fields'] = unresolved_fields
+
+        databases[display_name] = entry
+
 if errors and not databases:
     print(json.dumps({"error": "Parse errors", "details": errors, "debug": debug_info}), file=sys.stderr)
 
@@ -851,24 +1054,52 @@ function loadExistingData() {
   }
 }
 
+/**
+ * Fall back to the previously-generated databases.json for capability flags
+ * whose source assignment couldn't be statically resolved (e.g.
+ * `allows_joins = is_feature_enabled("DRUID_JOINS")`). The Python extractor
+ * flags these via the internal `_unresolved_cap_fields` marker; without this
+ * fallback those fields would silently inherit the BaseEngineSpec default
+ * and disagree with runtime behavior. The marker is stripped before output.
+ */
+function fallbackUnresolvedCaps(newDatabases, existingData) {
+  for (const [name, db] of Object.entries(newDatabases)) {
+    const unresolved = db._unresolved_cap_fields;
+    if (!unresolved || unresolved.length === 0) {
+      delete db._unresolved_cap_fields;
+      continue;
+    }
+    const existingDb = existingData?.databases?.[name];
+    if (existingDb) {
+      for (const field of unresolved) {
+        if (existingDb[field] !== undefined) {
+          db[field] = existingDb[field];
+        }
+      }
+    }
+    delete db._unresolved_cap_fields;
+  }
+  return newDatabases;
+}
+
 /**
  * Merge new documentation with existing diagnostics
- * Preserves score, time_grains, and feature flags from existing data
+ * Preserves score, max_score, and time_grains from existing data (these require
+ * Flask context to generate and cannot be derived from static source analysis).
+ * Capability flags (joins, supports_catalog, etc.) are NOT preserved here — they
+ * are read fresh from the Python engine spec source by extractEngineSpecMetadata(),
+ * with a separate fallback for expression-based assignments (see fallbackUnresolvedCaps).
  */
 function mergeWithExistingDiagnostics(newDatabases, existingData) {
   if (!existingData?.databases) return newDatabases;
 
-  const diagnosticFields = [
-    'score', 'max_score', 'time_grains', 'joins', 'subqueries',
-    'supports_dynamic_schema', 'supports_catalog', 'supports_dynamic_catalog',
-    'ssh_tunneling', 'query_cancelation', 'supports_file_upload',
-    'user_impersonation', 'query_cost_estimation', 'sql_validation'
-  ];
+  // Only preserve fields that require Flask/runtime context to generate
+  const diagnosticFields = ['score', 'max_score', 'time_grains'];
 
   for (const [name, db] of Object.entries(newDatabases)) {
     const existingDb = existingData.databases[name];
     if (existingDb && existingDb.score > 0) {
-      // Preserve diagnostics from existing data
+      // Preserve score/time_grain diagnostics from existing data
       for (const field of diagnosticFields) {
         if (existingDb[field] !== undefined) {
           db[field] = existingDb[field];
@@ -879,7 +1110,7 @@ function mergeWithExistingDiagnostics(newDatabases, existingData) {
 
   const preserved = Object.values(newDatabases).filter(d => d.score > 0).length;
   if (preserved > 0) {
-    console.log(`Preserved diagnostics for ${preserved} databases from existing data`);
+    console.log(`Preserved score/time_grains for ${preserved} databases from existing data`);
   }
 
   return newDatabases;
@@ -927,6 +1158,12 @@ async function main() {
     databases = mergeWithExistingDiagnostics(databases, existingData);
   }
 
+  // For cap flags assigned via unevaluable expressions (e.g.
+  // `is_feature_enabled(...)`), prefer the value from a previously-generated
+  // JSON. Runs regardless of scores since it addresses static-analysis gaps,
+  // not missing Flask diagnostics. Always strips the internal marker.
+  databases = fallbackUnresolvedCaps(databases, existingData);
+
   // Extract and merge custom_errors for troubleshooting documentation
   const customErrors = extractCustomErrors();
   mergeCustomErrors(databases, customErrors);

docs/scripts/generate-superset-components.mjs

@@ -185,6 +185,76 @@ const SKIP_STORIES = [
 ];
 
 
+/**
+ * Collect the set of value names exported from a barrel file, following
+ * `export * from './X'` re-exports one level deep. Used to verify that a
+ * component the docs claim is importable is actually re-exported from the
+ * public package entry point.
+ */
+function collectBarrelExports(barrelPath, visited = new Set()) {
+  const exports = new Set();
+  if (!fs.existsSync(barrelPath) || visited.has(barrelPath)) return exports;
+  visited.add(barrelPath);
+
+  const content = fs.readFileSync(barrelPath, 'utf8');
+
+  for (const m of content.matchAll(/export\s+\{([\s\S]*?)\}(?:\s+from\s+['"][^'"]+['"])?/g)) {
+    for (const part of m[1].split(',')) {
+      const cleaned = part.trim().replace(/^type\s+/, '');
+      if (!cleaned) continue;
+      const asMatch = cleaned.match(/(?:^|\s)as\s+([A-Za-z_]\w*)\s*$/);
+      if (asMatch) {
+        exports.add(asMatch[1]);
+      } else {
+        const plain = cleaned.match(/^([A-Za-z_]\w*)\s*$/);
+        if (plain) exports.add(plain[1]);
+      }
+    }
+  }
+
+  for (const m of content.matchAll(
+    /export\s+(?:const|let|var|function|class)\s+([A-Za-z_]\w*)/g
+  )) {
+    exports.add(m[1]);
+  }
+
+  for (const m of content.matchAll(/export\s+\*\s+from\s+['"]([^'"]+)['"]/g)) {
+    const target = m[1];
+    if (!target.startsWith('.')) continue;
+    const baseDir = path.dirname(barrelPath);
+    const candidates = [
+      path.resolve(baseDir, `${target}.ts`),
+      path.resolve(baseDir, `${target}.tsx`),
+      path.resolve(baseDir, target, 'index.ts'),
+      path.resolve(baseDir, target, 'index.tsx'),
+    ];
+    const resolved = candidates.find(p => fs.existsSync(p));
+    if (resolved) {
+      for (const name of collectBarrelExports(resolved, visited)) {
+        exports.add(name);
+      }
+    }
+  }
+
+  return exports;
+}
+
+const SOURCE_PUBLIC_EXPORTS = new Map();
+function getPublicExports(sourceConfig) {
+  if (SOURCE_PUBLIC_EXPORTS.has(sourceConfig)) {
+    return SOURCE_PUBLIC_EXPORTS.get(sourceConfig);
+  }
+  const sourceDir = path.join(FRONTEND_DIR, sourceConfig.path);
+  const candidates = [
+    path.join(sourceDir, 'index.ts'),
+    path.join(sourceDir, 'index.tsx'),
+  ];
+  const barrel = candidates.find(p => fs.existsSync(p));
+  const result = barrel ? collectBarrelExports(barrel) : null;
+  SOURCE_PUBLIC_EXPORTS.set(sourceConfig, result);
+  return result;
+}
+
 /**
  * Recursively find all story files in a directory
  */
@@ -1048,6 +1118,28 @@ function generateMDX(component, storyContent) {
   // Use resolved import path if available, otherwise fall back to source config
   const componentImportPath = resolvedImportPath || sourceConfig.importPrefix;
 
+  // The displayed import in user docs should reflect the public package path,
+  // not the internal storybook alias.
+  const docImportPath = sourceConfig.importPrefix.startsWith('@superset/')
+    ? sourceConfig.docImportPrefix
+    : componentImportPath;
+
+  // When the source uses the internal storybook alias, the public package
+  // re-exports components as named exports (e.g. `export { default as Foo }`),
+  // so users must use named imports even when the story uses a default import.
+  const useDefaultImport =
+    isDefaultExport && !sourceConfig.importPrefix.startsWith('@superset/');
+
+  // Only render the import snippet if the component is actually re-exported
+  // from the public package barrel; otherwise the snippet would mislead users
+  // copy-pasting it (e.g. TableCollection, which has a story but is not
+  // re-exported from `@superset-ui/core/components`).
+  const publicExports = sourceConfig.importPrefix.startsWith('@superset/')
+    ? getPublicExports(sourceConfig)
+    : null;
+  const isPubliclyExported =
+    !publicExports || publicExports.has(componentName);
+
   // Determine component description based on source
   const defaultDesc = sourceConfig.category === 'ui'
     ? `The ${componentName} component from Superset's UI library.`
@@ -1134,13 +1226,13 @@ ${Object.keys(args).length > 0 ? `## Props
 |------|------|---------|-------------|
 ${propsTable}` : ''}
 
-## Import
+${isPubliclyExported ? `## Import
 
 \`\`\`tsx
-${isDefaultExport ? `import ${componentName} from '${componentImportPath}';` : `import { ${componentName} } from '${componentImportPath}';`}
+${useDefaultImport ? `import ${componentName} from '${docImportPath}';` : `import { ${componentName} } from '${docImportPath}';`}
 \`\`\`
 
----
+---` : '---'}
 
 :::tip[Improve this page]
 This documentation is auto-generated from the component's Storybook story.

docs/src/pages/index.tsx

@@ -717,7 +717,7 @@ export default function Home(): JSX.Element {
               </span>
             </div>
             <img src="/img/community/line.png" alt="line" />
-            <StyledButton className="default-button-theme" href="/docs/intro">
+            <StyledButton className="default-button-theme" href="/user-docs/intro">
               Get Started
             </StyledButton>
           </div>

docs/tsconfig.json

@@ -3,6 +3,7 @@
   "extends": "@docusaurus/tsconfig",
   "compilerOptions": {
     "baseUrl": ".",
+    "ignoreDeprecations": "6.0",
     "skipLibCheck": true,
     "noImplicitAny": false,
     "strict": false,

docs/versioned_docs/version-6.0.0/configuration/configuring-superset.mdx

@@ -109,6 +109,14 @@ SECRET_KEY = 'YOUR_OWN_RANDOM_GENERATED_SECRET_KEY'
 
 You can generate a strong secure key with `openssl rand -base64 42`.
 
+Alternatively, you can set the secret key using `SUPERSET_SECRET_KEY` environment variable:
+
+On a Unix-based system, such as Linux or macOS, you can do so by running the following command in your terminal:
+
+```bash
+export SUPERSET_SECRET_KEY=$(openssl rand -base64 42)
+```
+
 :::caution Use a strong secret key
 This key will be used for securely signing session cookies and encrypting sensitive information stored in Superset's application metadata database.
 Your deployment must use a complex, unique key.

pyproject.toml

@@ -89,10 +89,11 @@ dependencies = [
     "python-dateutil",
     "python-dotenv", # optional dependencies for Flask but required for Superset, see https://flask.palletsprojects.com/en/stable/installation/#optional-dependencies
     "pygeohash",
-    "pyarrow>=16.1.0, <19", # before upgrading pyarrow, check that all db dependencies support this, see e.g. https://github.com/apache/superset/pull/34693
+    "pyarrow>=16.1.0, <21", # before upgrading pyarrow, check that all db dependencies support this, see e.g. https://github.com/apache/superset/pull/34693
     "pyyaml>=6.0.0, <7.0.0",
     "PyJWT>=2.4.0, <3.0",
     "redis>=5.0.0, <6.0",
+    "rison>=2.0.0, <3.0",
     "selenium>=4.14.0, <5.0",
     "shillelagh[gsheetsapi]>=1.4.3, <2.0",
     "sshtunnel>=0.4.0, <0.5",
@@ -183,6 +184,7 @@ risingwave = ["sqlalchemy-risingwave"]
 shillelagh = ["shillelagh[all]>=1.4.3, <2"]
 singlestore = ["sqlalchemy-singlestoredb>=1.1.1, <2"]
 snowflake = ["snowflake-sqlalchemy>=1.2.4, <2"]
+sqlite = ["syntaqlite>=0.1.0"]
 spark = [
     "pyhive[hive]>=0.6.5;python_version<'3.11'",
     "pyhive[hive_pure_sasl]>=0.7",
@@ -226,6 +228,7 @@ development = [
     "ruff",
     "sqloxide",
     "statsd",
+    "syntaqlite>=0.1.0",
 ]
 
 [project.urls]
@@ -238,7 +241,7 @@ combine_as_imports = true
 include_trailing_comma = true
 line_length = 88
 known_first_party = "superset, apache-superset-core, apache-superset-extensions-cli"
-known_third_party = "alembic, apispec, backoff, celery, click, colorama, cron_descriptor, croniter, cryptography, dateutil, deprecation, flask, flask_appbuilder, flask_babel, flask_caching, flask_compress, flask_jwt_extended, flask_login, flask_migrate, flask_sqlalchemy, flask_talisman, flask_testing, flask_wtf, freezegun, geohash, geopy, holidays, humanize, isodate, jinja2, jwt, markdown, markupsafe, marshmallow, marshmallow-union, msgpack, nh3, numpy, pandas, parameterized, parsedatetime, pgsanity, polyline, prison, progress, pyarrow, sqlalchemy_bigquery, pyhive, pyparsing, pytest, pytest_mock, pytz, redis, requests, selenium, setuptools, shillelagh, simplejson, slack, sqlalchemy, sqlalchemy_utils, typing_extensions, urllib3, werkzeug, wtforms, wtforms_json, yaml"
+known_third_party = "alembic, apispec, backoff, celery, click, colorama, cron_descriptor, croniter, cryptography, dateutil, deprecation, flask, flask_appbuilder, flask_babel, flask_caching, flask_compress, flask_jwt_extended, flask_login, flask_migrate, flask_sqlalchemy, flask_talisman, flask_testing, flask_wtf, freezegun, geohash, geopy, holidays, humanize, isodate, jinja2, jwt, markdown, markupsafe, marshmallow, marshmallow-union, msgpack, nh3, numpy, pandas, parameterized, parsedatetime, pgsanity, polyline, rison, progress, pyarrow, sqlalchemy_bigquery, pyhive, pyparsing, pytest, pytest_mock, pytz, redis, requests, selenium, setuptools, shillelagh, simplejson, slack, sqlalchemy, sqlalchemy_utils, syntaqlite, typing_extensions, urllib3, werkzeug, wtforms, wtforms_json, yaml"
 multi_line_output = 3
 order_by_type = false
 

requirements/base.in

@@ -25,6 +25,16 @@ filelock>=3.20.3,<4.0.0
 # Security: decompression bomb fix (required by aiohttp 3.13.3)
 brotli>=1.2.0,<2.0.0
 numexpr>=2.9.0
+# Security: CVE-2026-34073 (MEDIUM) - Improper Certificate Validation
+cryptography>=46.0.7,<47.0.0
+# Security: Snyk - XSS vulnerability in Mako templates
+mako>=1.3.11,<2.0.0
+# Security: CVE-2024-52338 (CRITICAL) - Deserialization of untrusted data in IPC/Parquet readers
+pyarrow>=20.0.0,<21.0.0
+# Security: CVE-2026-27459 - pyopenssl certificate validation
+pyopenssl>=26.0.0,<27.0.0
+# Security: CVE-2026-25645 (MEDIUM) - Insecure Temporary File
+requests>=2.33.0,<3.0.0
 
 # 5.0.0 has a sensitive deprecation used in other libs
 # -> https://github.com/aio-libs/async-timeout/blob/master/CHANGES.rst#500-2024-10-31

requirements/base.txt

@@ -86,8 +86,9 @@ cron-descriptor==1.4.5
     # via apache-superset (pyproject.toml)
 croniter==6.0.0
     # via apache-superset (pyproject.toml)
-cryptography==46.0.6
+cryptography==46.0.7
     # via
+    #   -r requirements/base.in
     #   apache-superset (pyproject.toml)
     #   paramiko
     #   pyopenssl
@@ -205,8 +206,9 @@ kombu==5.5.3
     # via celery
 limits==5.1.0
     # via flask-limiter
-mako==1.3.10
+mako==1.3.11
     # via
+    #   -r requirements/base.in
     #   apache-superset (pyproject.toml)
     #   alembic
 markdown==3.8.1
@@ -247,7 +249,6 @@ numpy==1.26.4
     #   bottleneck
     #   numexpr
     #   pandas
-    #   pyarrow
 odfpy==1.4.1
     # via pandas
 openapi-schema-validator==0.6.3
@@ -279,7 +280,7 @@ parsedatetime==2.6
     # via apache-superset (pyproject.toml)
 pgsanity==0.2.9
     # via apache-superset (pyproject.toml)
-pillow==12.1.1
+pillow==12.2.0
     # via apache-superset (pyproject.toml)
 platformdirs==4.3.8
     # via requests-cache
@@ -291,8 +292,10 @@ prison==0.2.1
     # via flask-appbuilder
 prompt-toolkit==3.0.51
     # via click-repl
-pyarrow==16.1.0
-    # via apache-superset (pyproject.toml)
+pyarrow==20.0.0
+    # via
+    #   -r requirements/base.in
+    #   apache-superset (pyproject.toml)
 pyasn1==0.6.3
     # via
     #   pyasn1-modules
@@ -319,8 +322,10 @@ pyjwt==2.12.0
     #   redis
 pynacl==1.6.2
     # via paramiko
-pyopenssl==25.3.0
-    # via shillelagh
+pyopenssl==26.0.0
+    # via
+    #   -r requirements/base.in
+    #   shillelagh
 pyparsing==3.2.3
     # via apache-superset (pyproject.toml)
 pysocks==1.7.1
@@ -353,8 +358,9 @@ referencing==0.36.2
     # via
     #   jsonschema
     #   jsonschema-specifications
-requests==2.32.4
+requests==2.33.0
     # via
+    #   -r requirements/base.in
     #   requests-cache
     #   shillelagh
 requests-cache==1.2.1
@@ -363,6 +369,8 @@ rfc3339-validator==0.1.4
     # via openapi-schema-validator
 rich==13.9.4
     # via flask-limiter
+rison==2.0.0
+    # via apache-superset (pyproject.toml)
 rpds-py==0.25.0
     # via
     #   jsonschema