feat(extensions): add security trust configuration and signature verification

Implements a comprehensive security system for Superset extensions:

Backend:
- Add EXTENSIONS_TRUST_CONFIG to superset_config.py for admin control
- Create ExtensionSecurityManager for trust validation and signature verification
- Support Ed25519 signatures for extension manifests
- Integrate trust validation into extension loading pipeline

CLI:
- Add `generate-keys` command for creating Ed25519 signing keypairs
- Add `sign` command and `--sign` option to `bundle` for manifest signing

Frontend:
- Add WASM support to webpack config for QuickJS sandbox
- Update Extension interface with trust-related fields
- ExtensionsManager now uses backend-validated trust levels

Documentation:
- Add Administrator Configuration guide for trust settings
- Add Extension Signing guide for developers
- Update security.md and sandbox.md with cross-references
- Add Security subcategory to sidebar

Tests:
- Add 21 unit tests for trust validation and signature verification

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.claude/settings.json

@@ -0,0 +1,15 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "jq -r '.tool_input.command // \"\"' | grep -qE '^git commit' && cd \"$CLAUDE_PROJECT_DIR\" && echo '🔍 Running pre-commit before commit...' && pre-commit run || true"
+          }
+        ]
+      }
+    ]
+  }
+}

.envrc.example

@@ -0,0 +1,41 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Auto-configure Docker Compose for multi-instance support
+# Requires direnv: https://direnv.net/
+#
+# Install: brew install direnv (or apt install direnv)
+# Setup: Add 'eval "$(direnv hook bash)"' to ~/.bashrc (or ~/.zshrc)
+# Allow: Run 'direnv allow' in this directory once
+
+# Generate unique project name from directory
+export COMPOSE_PROJECT_NAME=$(basename "$PWD" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g')
+
+# Find available ports sequentially to avoid collisions
+_is_free() { ! lsof -i ":$1" &>/dev/null 2>&1; }
+
+_p=80;    while ! _is_free $_p; do ((_p++)); done; export NGINX_PORT=$_p
+_p=8088;  while ! _is_free $_p; do ((_p++)); done; export SUPERSET_PORT=$_p
+_p=9000;  while ! _is_free $_p; do ((_p++)); done; export NODE_PORT=$_p
+_p=8080;  while ! _is_free $_p || [ $_p -eq $NGINX_PORT ]; do ((_p++)); done; export WEBSOCKET_PORT=$_p
+_p=8081;  while ! _is_free $_p || [ $_p -eq $WEBSOCKET_PORT ]; do ((_p++)); done; export CYPRESS_PORT=$_p
+_p=5432;  while ! _is_free $_p; do ((_p++)); done; export DATABASE_PORT=$_p
+_p=6379;  while ! _is_free $_p; do ((_p++)); done; export REDIS_PORT=$_p
+
+unset _p _is_free
+
+echo "🐳 Superset configured: http://localhost:$SUPERSET_PORT (dev: localhost:$NODE_PORT)"

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -41,8 +41,8 @@ body:
       label: Superset version
       options:
         - master / latest-dev
+        - "6.0.0"
         - "5.0.0"
-        - "4.1.3"
     validations:
       required: true
   - type: dropdown

.github/dependabot.yml

@@ -12,6 +12,9 @@ updates:
       # not until React >= 18.0.0
       - dependency-name: "storybook"
       - dependency-name: "@storybook*"
+      # remark-gfm v4+ requires react-markdown v9+, which needs React 18
+      - dependency-name: "remark-gfm"
+      - dependency-name: "react-markdown"
       # JSDOM v30 doesn't play well with Jest v30
       # Source: https://jestjs.io/blog#known-issues
       # GH thread: https://github.com/jsdom/jsdom/issues/3492

.github/workflows/check_db_migration_confict.yml

@@ -69,7 +69,7 @@ jobs:
                     `❗ @${pull.user.login} Your base branch \`${currentBranch}\` has ` +
                     'also updated `superset/migrations`.\n' +
                     '\n' +
-                    '**Please consider rebasing your branch and [resolving potential db migration conflicts](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#merging-db-migrations).**',
+                    '**Please consider rebasing your branch and [resolving potential db migration conflicts](https://superset.apache.org/docs/contributing/development#merging-db-migrations).**',
                 });
               }
             }

.github/workflows/docker.yml

@@ -101,6 +101,23 @@ jobs:
           docker images $IMAGE_TAG
           docker history $IMAGE_TAG
 
+      # Scan for vulnerabilities in built container image after pushes to mainline branch.
+      - name: Run Trivy container image vulnerabity scan
+        if: github.event_name == 'push' && github.ref == 'refs/heads/master' && (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && matrix.build_preset == 'lean'
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
+        with:
+          image-ref: ${{ env.IMAGE_TAG }}
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          vuln-type: 'os'
+          severity: 'CRITICAL,HIGH'
+          ignore-unfixed: true
+      - name: Upload Trivy scan results to GitHub Security tab
+        if: github.event_name == 'push' && github.ref == 'refs/heads/master' && (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && matrix.build_preset == 'lean'
+        uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
+        with:
+          sarif_file: 'trivy-results.sarif'
+
       - name: docker-compose sanity check
         if: (steps.check.outputs.python || steps.check.outputs.frontend || steps.check.outputs.docker) && matrix.build_preset == 'dev'
         shell: bash

.github/workflows/superset-docs-deploy.yml

@@ -1,6 +1,13 @@
 name: Docs Deployment
 
 on:
+  # Deploy after integration tests complete on master
+  workflow_run:
+    workflows: ["Python-Integration"]
+    types: [completed]
+    branches: [master]
+
+  # Also allow manual trigger and direct pushes to docs
   push:
     paths:
       - "docs/**"
@@ -30,9 +37,10 @@ jobs:
     name: Build & Deploy
     runs-on: ubuntu-24.04
     steps:
-      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
+      - name: "Checkout ${{ github.event.workflow_run.head_sha || github.sha }}"
         uses: actions/checkout@v6
         with:
+          ref: ${{ github.event.workflow_run.head_sha || github.sha }}
           persist-credentials: false
           submodules: recursive
       - name: Set up Node.js
@@ -58,6 +66,35 @@ jobs:
         working-directory: docs
         run: |
           yarn install --check-cache
+      - name: Download database diagnostics (if triggered by integration tests)
+        if: github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success'
+        uses: dawidd6/action-download-artifact@v6
+        continue-on-error: true
+        with:
+          workflow: superset-python-integrationtest.yml
+          run_id: ${{ github.event.workflow_run.id }}
+          name: database-diagnostics
+          path: docs/src/data/
+      - name: Try to download latest diagnostics (for push/dispatch triggers)
+        if: github.event_name != 'workflow_run'
+        uses: dawidd6/action-download-artifact@v6
+        continue-on-error: true
+        with:
+          workflow: superset-python-integrationtest.yml
+          name: database-diagnostics
+          path: docs/src/data/
+          branch: master
+          search_artifacts: true
+          if_no_artifact_found: warn
+      - name: Use diagnostics artifact if available
+        working-directory: docs
+        run: |
+          if [ -f "src/data/databases-diagnostics.json" ]; then
+            echo "Using fresh diagnostics from integration tests"
+            mv src/data/databases-diagnostics.json src/data/databases.json
+          else
+            echo "Using committed databases.json (no artifact found)"
+          fi
       - name: yarn build
         working-directory: docs
         run: |
@@ -71,5 +108,5 @@ jobs:
           destination-github-username: "apache"
           destination-repository-name: "superset-site"
           target-branch: "asf-site"
-          commit-message: "deploying docs: ${{ github.event.head_commit.message }} (apache/superset@${{ github.sha }})"
+          commit-message: "deploying docs: ${{ github.event.head_commit.message || 'triggered by integration tests' }} (apache/superset@${{ github.event.workflow_run.head_sha || github.sha }})"
           user-email: dev@superset.apache.org

.github/workflows/superset-docs-verify.yml

@@ -4,17 +4,23 @@ on:
   pull_request:
     paths:
       - "docs/**"
+      - "superset/db_engine_specs/**"
       - ".github/workflows/superset-docs-verify.yml"
     types: [synchronize, opened, reopened, ready_for_review]
+  workflow_run:
+    workflows: ["Python-Integration"]
+    types: [completed]
 
 # cancel previous workflow jobs for PRs
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.workflow_run.head_sha || github.run_id }}
   cancel-in-progress: true
 
 jobs:
   linkinator:
     # See docs here: https://github.com/marketplace/actions/linkinator
+    # Only run on pull_request, not workflow_run
+    if: github.event_name == 'pull_request'
     name: Link Checking
     runs-on: ubuntu-latest
     steps:
@@ -50,8 +56,11 @@ jobs:
             https://timbr.ai/,
             https://opensource.org/license/apache-2-0,
             https://www.plaidcloud.com/
-  build-deploy:
-    name: Build & Deploy
+
+  build-on-pr:
+    # Build docs when PR changes docs/** (uses committed databases.json)
+    if: github.event_name == 'pull_request'
+    name: Build (PR trigger)
     runs-on: ubuntu-24.04
     defaults:
       run:
@@ -75,3 +84,50 @@ jobs:
       - name: yarn build
         run: |
           yarn build
+
+  build-after-tests:
+    # Build docs after integration tests complete (uses fresh diagnostics)
+    # Only runs if integration tests succeeded
+    if: >
+      github.event_name == 'workflow_run' &&
+      github.event.workflow_run.conclusion == 'success'
+    name: Build (after integration tests)
+    runs-on: ubuntu-24.04
+    defaults:
+      run:
+        working-directory: docs
+    steps:
+      - name: "Checkout PR head: ${{ github.event.workflow_run.head_sha }}"
+        uses: actions/checkout@v6
+        with:
+          ref: ${{ github.event.workflow_run.head_sha }}
+          persist-credentials: false
+          submodules: recursive
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: './docs/.nvmrc'
+      - name: yarn install
+        run: |
+          yarn install --check-cache
+      - name: Download database diagnostics from integration tests
+        uses: dawidd6/action-download-artifact@v6
+        with:
+          workflow: superset-python-integrationtest.yml
+          run_id: ${{ github.event.workflow_run.id }}
+          name: database-diagnostics
+          path: docs/src/data/
+      - name: Use fresh diagnostics
+        run: |
+          if [ -f "src/data/databases-diagnostics.json" ]; then
+            echo "Using fresh diagnostics from integration tests"
+            mv src/data/databases-diagnostics.json src/data/databases.json
+          else
+            echo "Warning: No diagnostics artifact found, using committed data"
+          fi
+      - name: yarn typecheck
+        run: |
+          yarn typecheck
+      - name: yarn build
+        run: |
+          yarn build

.github/workflows/superset-frontend.yml

@@ -174,7 +174,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Download Docker Image Artifact
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
         with:
           name: docker-image
 

.github/workflows/superset-python-integrationtest.yml

@@ -73,6 +73,36 @@ jobs:
           flags: python,mysql
           token: ${{ secrets.CODECOV_TOKEN }}
           verbose: true
+      - name: Generate database diagnostics for docs
+        if: steps.check.outputs.python
+        env:
+          SUPERSET_CONFIG: tests.integration_tests.superset_test_config
+          SUPERSET__SQLALCHEMY_DATABASE_URI: |
+            mysql+mysqldb://superset:superset@127.0.0.1:13306/superset?charset=utf8mb4&binary_prefix=true
+        run: |
+          python -c "
+          import json
+          from superset.app import create_app
+          from superset.db_engine_specs.lib import generate_yaml_docs
+          app = create_app()
+          with app.app_context():
+              docs = generate_yaml_docs()
+              # Wrap in the expected format
+              output = {
+                  'generated': '$(date -Iseconds)',
+                  'databases': docs
+              }
+              with open('databases-diagnostics.json', 'w') as f:
+                  json.dump(output, f, indent=2, default=str)
+              print(f'Generated diagnostics for {len(docs)} databases')
+          "
+      - name: Upload database diagnostics artifact
+        if: steps.check.outputs.python
+        uses: actions/upload-artifact@v4
+        with:
+          name: database-diagnostics
+          path: databases-diagnostics.json
+          retention-days: 7
   test-postgres:
     runs-on: ubuntu-24.04
     strategy:

.gitignore

@@ -139,3 +139,4 @@ PROJECT.md
 .env.local
 oxc-custom-build/
 *.code-workspace
+*.duckdb

.pre-commit-config.yaml

@@ -49,12 +49,12 @@ repos:
     hooks:
       - id: check-docstring-first
       - id: check-added-large-files
-        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*|^superset-frontend/CHANGELOG\.md$
+        exclude: ^.*\.(geojson)$|^docs/static/img/screenshots/.*|^superset-frontend/CHANGELOG\.md$|^superset/examples/.*/data\.parquet$
       - id: check-yaml
         exclude: ^helm/superset/templates/
       - id: debug-statements
       - id: end-of-file-fixer
-        exclude: .*/lerna\.json$
+        exclude: .*/lerna\.json$|^docs/static/img/logos/
       - id: trailing-whitespace
         exclude: ^.*\.(snap)
         args: ["--markdown-linebreak-ext=md"]
@@ -142,3 +142,18 @@ repos:
             else
               echo "No Python files to lint."
             fi
+      - id: db-engine-spec-metadata
+        name: database engine spec metadata validation
+        entry: python superset/db_engine_specs/lint_metadata.py --strict
+        language: system
+        files: ^superset/db_engine_specs/.*\.py$
+        exclude: ^superset/db_engine_specs/(base|lib|lint_metadata|__init__)\.py$
+        pass_filenames: false
+  - repo: local
+    hooks:
+      - id: feature-flags-sync
+        name: feature flags documentation sync
+        entry: bash -c 'python scripts/extract_feature_flags.py > docs/static/feature-flags.json.tmp && if ! diff -q docs/static/feature-flags.json docs/static/feature-flags.json.tmp > /dev/null 2>&1; then mv docs/static/feature-flags.json.tmp docs/static/feature-flags.json && echo "Updated docs/static/feature-flags.json" && exit 1; else rm docs/static/feature-flags.json.tmp; fi'
+        language: system
+        files: ^superset/config\.py$
+        pass_filenames: false

.rat-excludes

@@ -75,6 +75,12 @@ postgresql.svg
 snowflake.svg
 ydb.svg
 loading.svg
+apache-solr.svg
+azure.svg
+superset.svg
+
+# docs third-party logos, i.e. docs/static/img/logos/*
+logos/*
 
 # docs-related
 erd.puml
@@ -83,6 +89,7 @@ intro_header.txt
 
 # for LLMs
 llm-context.md
+llms.txt
 AGENTS.md
 LLMS.md
 CLAUDE.md

AGENTS.md

@@ -2,6 +2,27 @@
 
 Apache Superset is a data visualization platform with Flask/Python backend and React/TypeScript frontend.
 
+## ⚠️ CRITICAL: Always Run Pre-commit Before Pushing
+
+**ALWAYS run `pre-commit run --all-files` before pushing commits.** CI will fail if pre-commit checks don't pass. This is non-negotiable.
+
+```bash
+# Stage your changes first
+git add .
+
+# Run pre-commit on all files
+pre-commit run --all-files
+
+# If there are auto-fixes, stage them and commit
+git add .
+git commit --amend  # or new commit
+```
+
+Common pre-commit failures:
+- **Formatting** - black, prettier, eslint will auto-fix
+- **Type errors** - mypy failures need manual fixes
+- **Linting** - ruff, pylint issues need manual fixes
+
 ## ⚠️ CRITICAL: Ongoing Refactors (What NOT to Do)
 
 **These migrations are actively happening - avoid deprecated patterns:**

CHANGELOG.md

@@ -49,3 +49,4 @@ under the License.
 - [4.1.3](./CHANGELOG/4.1.3.md)
 - [4.1.4](./CHANGELOG/4.1.4.md)
 - [5.0.0](./CHANGELOG/5.0.0.md)
+- [6.0.0](./CHANGELOG/6.0.0.md)

Dockerfile

@@ -26,9 +26,6 @@ ARG BUILDPLATFORM=${BUILDPLATFORM:-amd64}
 # Include translations in the final build
 ARG BUILD_TRANSLATIONS="false"
 
-# Build arg to pre-populate examples DuckDB file
-ARG LOAD_EXAMPLES_DUCKDB="false"
-
 ######################################################################
 # superset-node-ci used as a base for building frontend assets and CI
 ######################################################################
@@ -146,9 +143,6 @@ RUN if [ "${BUILD_TRANSLATIONS}" = "true" ]; then \
 ######################################################################
 FROM python-base AS python-common
 
-# Re-declare build arg to receive it in this stage
-ARG LOAD_EXAMPLES_DUCKDB
-
 ENV SUPERSET_HOME="/app/superset_home" \
     HOME="/app/superset_home" \
     SUPERSET_ENV="production" \
@@ -160,7 +154,7 @@ ENV SUPERSET_HOME="/app/superset_home" \
 COPY --chmod=755 docker/entrypoints /app/docker/entrypoints
 
 WORKDIR /app
-# Set up necessary directories and user
+# Set up necessary directories
 RUN mkdir -p \
       ${PYTHONPATH} \
       superset/static \
@@ -202,17 +196,9 @@ RUN /app/docker/apt-install.sh \
       libecpg-dev \
       libldap2-dev
 
-# Pre-load examples DuckDB file if requested
-RUN if [ "$LOAD_EXAMPLES_DUCKDB" = "true" ]; then \
-        mkdir -p /app/data && \
-        echo "Downloading pre-built examples.duckdb..." && \
-        curl -L -o /app/data/examples.duckdb \
-            "https://raw.githubusercontent.com/apache-superset/examples-data/master/examples.duckdb" && \
-        chown -R superset:superset /app/data; \
-    else \
-        mkdir -p /app/data && \
-        chown -R superset:superset /app/data; \
-    fi
+# Create data directory for DuckDB examples database
+# The database file will be created at runtime when examples are loaded from Parquet files
+RUN mkdir -p /app/data && chown -R superset:superset /app/data
 
 # Copy compiled things from previous stages
 COPY --from=superset-node /app/superset/static/assets superset/static/assets

INSTALL.md

@@ -16,8 +16,20 @@ KIND, either express or implied.  See the License for the
 specific language governing permissions and limitations
 under the License.
 -->
-# INSTALL / BUILD instructions for Apache Superset
+# Installing Apache Superset
 
-At this time, the docker file at RELEASING/Dockerfile.from_local_tarball
-constitutes the recipe on how to get to a working release from a source
-release tarball.
+For comprehensive installation instructions, please see the Apache Superset documentation:
+
+**[📚 Installation Guide →](https://superset.apache.org/docs/installation/installation-methods)**
+
+The documentation covers:
+- [Docker Compose](https://superset.apache.org/docs/installation/docker-compose) (recommended for development)
+- [Kubernetes / Helm](https://superset.apache.org/docs/installation/kubernetes)
+- [PyPI](https://superset.apache.org/docs/installation/pypi)
+- [Docker Builds](https://superset.apache.org/docs/installation/docker-builds)
+- [Architecture Overview](https://superset.apache.org/docs/installation/architecture)
+
+## Building from Source
+
+For building from a source release tarball, see the Dockerfile at:
+`RELEASING/Dockerfile.from_local_tarball`

LINTING_ARCHITECTURE.md

@@ -1,121 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-# Superset Frontend Linting Architecture
-
-## Overview
-We use a hybrid linting approach combining OXC (fast, standard rules) with custom AST-based checks for Superset-specific patterns.
-
-## Components
-
-### 1. Primary Linter: OXC
-- **What**: Oxidation Compiler's linter (oxlint)
-- **Handles**: 95% of linting rules (standard ESLint rules, TypeScript, React, etc.)
-- **Speed**: ~50-100x faster than ESLint
-- **Config**: `oxlint.json`
-
-### 2. Custom Rule Checker
-- **What**: Node.js AST-based script
-- **Handles**: Superset-specific rules:
-  - No literal colors (use theme)
-  - No FontAwesome icons (use Icons component)
-  - No template vars in i18n
-- **Speed**: Fast enough for pre-commit
-- **Script**: `scripts/check-custom-rules.js`
-
-## Developer Workflow
-
-### Local Development
-```bash
-# Fast linting (OXC only)
-npm run lint
-
-# Full linting (OXC + custom rules)
-npm run lint:full
-
-# Auto-fix what's possible
-npm run lint-fix
-```
-
-### Pre-commit
-1. OXC runs first (via `scripts/oxlint.sh`)
-2. Custom rules check runs second (lightweight, AST-based)
-3. Both must pass for commit to succeed
-
-### CI Pipeline
-```yaml
-- name: Lint with OXC
-  run: npm run lint
-
-- name: Check custom rules
-  run: npm run check:custom-rules
-```
-
-## Why This Architecture?
-
-### ✅ Pros
-1. **No binary distribution issues** - ASF compatible
-2. **Fast performance** - OXC for bulk, lightweight script for custom
-3. **Maintainable** - Custom rules in JavaScript, not Rust
-4. **Flexible** - Can evolve as OXC adds plugin support
-5. **Cacheable** - Both OXC and Node.js are standard tools
-
-### ❌ Cons  
-1. **Two tools** - Slightly more complex than single linter
-2. **Duplicate parsing** - Files parsed twice (once by each tool)
-
-### 🔄 Migration Path
-When OXC supports JavaScript plugins:
-1. Convert `check-custom-rules.js` to OXC plugin format
-2. Consolidate back to single tool
-3. Keep same rules and developer experience
-
-## Implementation Checklist
-
-- [x] OXC for standard linting
-- [x] Pre-commit integration  
-- [ ] Custom rules script
-- [ ] Combine in npm scripts
-- [ ] Update CI pipeline
-- [ ] Developer documentation
-
-## Performance Targets
-
-| Operation | Target Time | Current |
-|-----------|------------|---------|
-| Pre-commit (changed files) | <2s | ✅ 1.5s |
-| Full lint (all files) | <10s | ✅ 8s |
-| Custom rules check | <5s | 🔄 TBD |
-
-## Caching Strategy
-
-### Local Development
-- OXC: Built-in incremental checking
-- Custom rules: Use file hash cache (similar to pytest cache)
-
-### CI
-- Cache `node_modules` (includes oxlint binary)
-- Cache custom rules results by commit hash
-- Skip unchanged files using git diff
-
-## Future Improvements
-
-1. **When OXC adds plugin support**: Migrate custom rules to OXC plugins
-2. **Consider Biome**: Another Rust-based linter with plugin support
-3. **AST sharing**: Investigate sharing AST between tools to avoid double parsing

Makefile

@@ -18,7 +18,7 @@
 # Python version installed; we need 3.10-3.11
 PYTHON=`command -v python3.11 || command -v python3.10`
 
-.PHONY: install superset venv pre-commit
+.PHONY: install superset venv pre-commit up down logs ps nuke ports open
 
 install: superset pre-commit
 
@@ -112,3 +112,28 @@ report-celery-beat:
 
 admin-user:
 	superset fab create-admin
+
+# Docker Compose with auto-assigned ports (for running multiple instances)
+up:
+	./scripts/docker-compose-up.sh
+
+up-detached:
+	./scripts/docker-compose-up.sh -d
+
+down:
+	./scripts/docker-compose-up.sh down
+
+logs:
+	./scripts/docker-compose-up.sh logs -f
+
+ps:
+	./scripts/docker-compose-up.sh ps
+
+nuke:
+	./scripts/docker-compose-up.sh nuke
+
+ports:
+	./scripts/docker-compose-up.sh ports
+
+open:
+	./scripts/docker-compose-up.sh open

README.md

@@ -55,7 +55,7 @@ A modern, enterprise-ready business intelligence web application.
 [**Get Involved**](#get-involved) |
 [**Contributor Guide**](#contributor-guide) |
 [**Resources**](#resources) |
-[**Organizations Using Superset**](https://github.com/apache/superset/blob/master/RESOURCES/INTHEWILD.md)
+[**Organizations Using Superset**](https://superset.apache.org/inTheWild)
 
 ## Why Superset?
 
@@ -101,51 +101,54 @@ Superset provides:
 
 ## Supported Databases
 
-Superset can query data from any SQL-speaking datastore or data engine (Presto, Trino, Athena, [and more](https://superset.apache.org/docs/configuration/databases)) that has a Python DB-API driver and a SQLAlchemy dialect.
+Superset can query data from any SQL-speaking datastore or data engine (Presto, Trino, Athena, [and more](https://superset.apache.org/docs/databases)) that has a Python DB-API driver and a SQLAlchemy dialect.
 
 Here are some of the major database solutions that are supported:
 
+<!-- SUPPORTED_DATABASES_START -->
 <p align="center">
-  <img src="https://superset.apache.org/img/databases/redshift.png" alt="redshift" border="0" width="200"/>
-  <img src="https://superset.apache.org/img/databases/google-biquery.png" alt="google-bigquery" border="0" width="200"/>
-  <img src="https://superset.apache.org/img/databases/snowflake.png" alt="snowflake" border="0" width="200"/>
-  <img src="https://superset.apache.org/img/databases/trino.png" alt="trino" border="0" width="150" />
-  <img src="https://superset.apache.org/img/databases/presto.png" alt="presto" border="0" width="200"/>
-  <img src="https://superset.apache.org/img/databases/databricks.png" alt="databricks" border="0" width="160" />
-  <img src="https://superset.apache.org/img/databases/druid.png" alt="druid" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/firebolt.png" alt="firebolt" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/timescale.png" alt="timescale" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/postgresql.png" alt="postgresql" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/mysql.png" alt="mysql" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/mssql-server.png" alt="mssql-server" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/ibm-db2.svg" alt="db2" border="0" width="220" />
-  <img src="https://superset.apache.org/img/databases/sqlite.png" alt="sqlite" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/sybase.png" alt="sybase" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/mariadb.png" alt="mariadb" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/vertica.png" alt="vertica" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/oracle.png" alt="oracle" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/firebird.png" alt="firebird" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/greenplum.png" alt="greenplum" border="0" width="200"  />
-  <img src="https://superset.apache.org/img/databases/clickhouse.png" alt="clickhouse" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/exasol.png" alt="exasol" border="0" width="160" />
-  <img src="https://superset.apache.org/img/databases/monet-db.png" alt="monet-db" border="0" width="200"  />
-  <img src="https://superset.apache.org/img/databases/apache-kylin.png" alt="apache-kylin" border="0" width="80"/>
-  <img src="https://superset.apache.org/img/databases/hologres.png" alt="hologres" border="0" width="80"/>
-  <img src="https://superset.apache.org/img/databases/netezza.png" alt="netezza" border="0" width="80"/>
-  <img src="https://superset.apache.org/img/databases/pinot.png" alt="pinot" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/teradata.png" alt="teradata" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/yugabyte.png" alt="yugabyte" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/databend.png" alt="databend" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/starrocks.png" alt="starrocks" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/doris.png" alt="doris" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/oceanbase.svg" alt="oceanbase" border="0" width="220" />
-  <img src="https://superset.apache.org/img/databases/sap-hana.png" alt="sap-hana" border="0" width="220" />
-  <img src="https://superset.apache.org/img/databases/denodo.png" alt="denodo" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/ydb.svg" alt="ydb" border="0" width="200" />
-  <img src="https://superset.apache.org/img/databases/tdengine.png" alt="TDengine" border="0" width="200" />
+  <img src="https://superset.apache.org/img/databases/doris.png" alt="apache-doris" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/apache-drill.png" alt="apache-drill" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/druid.png" alt="apache-druid" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/apache-hive.svg" alt="apache-hive" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/apache-impala.png" alt="apache-impala" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/apache-kylin.png" alt="apache-kylin" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/apache-pinot.svg" alt="apache-pinot" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/amazon-athena.jpg" alt="aws-athena" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/redshift.png" alt="aws-redshift" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/clickhouse.png" alt="clickhouse" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/couchbase.svg" alt="couchbase" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/databend.png" alt="databend" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/databricks.png" alt="databricks" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/denodo.png" alt="denodo" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/dremio.png" alt="dremio" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/exasol.png" alt="exasol" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/firebird.png" alt="firebird" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/firebolt.png" alt="firebolt" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/google-big-query.svg" alt="google-bigquery" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/google-sheets.svg" alt="google-sheets" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/ibm-db2.svg" alt="ibm-db2" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/netezza.png" alt="ibm-netezza" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/mariadb.png" alt="mariadb" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/msql.png" alt="microsoft-sql-server" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/mysql.png" alt="mysql" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/oceanbase.svg" alt="oceanbase" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/oraclelogo.png" alt="oracle" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/postgresql.svg" alt="postgresql" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/presto-og.png" alt="presto" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/sap-hana.png" alt="sap-hana" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/snowflake.svg" alt="snowflake" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/sqlite.png" alt="sqlite" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/starrocks.png" alt="starrocks" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/tdengine.png" alt="tdengine" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/teradata.png" alt="teradata" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/trino.png" alt="trino" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/vertica.png" alt="vertica" border="0" width="120" height="60" class="database-logo" />
+  <img src="https://superset.apache.org/img/databases/ydb.svg" alt="ydb" border="0" width="120" height="60" class="database-logo" />
 </p>
+<!-- SUPPORTED_DATABASES_END -->
 
-**A more comprehensive list of supported databases** along with the configuration instructions can be found [here](https://superset.apache.org/docs/configuration/databases).
+**A more comprehensive list of supported databases** along with the configuration instructions can be found [here](https://superset.apache.org/docs/databases).
 
 Want to add support for your datastore or data engine? Read more [here](https://superset.apache.org/docs/frequently-asked-questions#does-superset-work-with-insert-database-engine-here) about the technical requirements.
 
@@ -165,14 +168,14 @@ Try out Superset's [quickstart](https://superset.apache.org/docs/quickstart/) gu
 ## Contributor Guide
 
 Interested in contributing? Check out our
-[CONTRIBUTING.md](https://github.com/apache/superset/blob/master/CONTRIBUTING.md)
+[Developer Portal](https://superset.apache.org/developer_portal/)
 to find resources around contributing along with a detailed guide on
 how to set up a development environment.
 
 ## Resources
 
-- [Superset "In the Wild"](https://github.com/apache/superset/blob/master/RESOURCES/INTHEWILD.md) - open a PR to add your org to the list!
-- [Feature Flags](https://github.com/apache/superset/blob/master/RESOURCES/FEATURE_FLAGS.md) - the status of Superset's Feature Flags.
+- [Superset "In the Wild"](https://superset.apache.org/inTheWild) - see who's using Superset, and [add your organization](https://github.com/apache/superset/edit/master/RESOURCES/INTHEWILD.yaml) to the list!
+- [Feature Flags](https://superset.apache.org/docs/configuration/feature-flags) - the status of Superset's Feature Flags.
 - [Standard Roles](https://github.com/apache/superset/blob/master/RESOURCES/STANDARD_ROLES.md) - How RBAC permissions map to roles.
 - [Superset Wiki](https://github.com/apache/superset/wiki) - Tons of additional community resources: best practices, community content and other information.
 - [Superset SIPs](https://github.com/orgs/apache/projects/170) - The status of Superset's SIPs (Superset Improvement Proposals) for both consensus and implementation status.

RELEASING/release-notes-1-0/README.md

@@ -92,7 +92,7 @@ Some of the new features in this release are disabled by default. Each has a fea
 
 | Feature | Feature Flag | Dependencies | Documentation
 | --- | --- | --- | --- |
-| Global Async Queries | `GLOBAL_ASYNC_QUERIES: True` | Redis 5.0+, celery workers configured and running | [Extra documentation](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries )
+| Global Async Queries | `GLOBAL_ASYNC_QUERIES: True` | Redis 5.0+, celery workers configured and running | [Extra documentation](https://superset.apache.org/docs/contributing/misc#async-chart-queries)
 | Dashboard Native Filters | `DASHBOARD_NATIVE_FILTERS: True` | |
 | Alerts & Reporting | `ALERT_REPORTS: True` | [Celery workers configured & celery beat process](https://superset.apache.org/docs/installation/async-queries-celery) |
 | Homescreen Thumbnails | `THUMBNAILS: TRUE, THUMBNAIL_CACHE_CONFIG: CacheConfig = { "CACHE_TYPE": "null", "CACHE_NO_NULL_WARNING": True}`| selenium, pillow 7, celery |

RESOURCES/FEATURE_FLAGS.md

@@ -1,103 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-# Superset Feature Flags
-
-This is a list of the current Superset optional features. See config.py for default values. These features can be turned on/off by setting your preferred values in superset_config.py to True/False respectively
-
-## In Development
-
-These features are considered **unfinished** and should only be used on development environments.
-
-[//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"
-
-- ALERT_REPORT_TABS
-- DATE_RANGE_TIMESHIFTS_ENABLED
-- ENABLE_ADVANCED_DATA_TYPES
-- PRESTO_EXPAND_DATA
-- SHARE_QUERIES_VIA_KV_STORE
-- TAGGING_SYSTEM
-- CHART_PLUGINS_EXPERIMENTAL
-
-## In Testing
-
-These features are **finished** but currently being tested. They are usable, but may still contain some bugs.
-
-[//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"
-
-- ALERT_REPORTS: [(docs)](https://superset.apache.org/docs/configuration/alerts-reports)
-- ALLOW_FULL_CSV_EXPORT
-- CACHE_IMPERSONATION
-- CONFIRM_DASHBOARD_DIFF
-- DYNAMIC_PLUGINS
-- DATE_FORMAT_IN_EMAIL_SUBJECT: [(docs)](https://superset.apache.org/docs/configuration/alerts-reports#commons)
-- ENABLE_SUPERSET_META_DB: [(docs)](https://superset.apache.org/docs/configuration/databases/#querying-across-databases)
-- ESTIMATE_QUERY_COST
-- GLOBAL_ASYNC_QUERIES [(docs)](https://github.com/apache/superset/blob/master/CONTRIBUTING.md#async-chart-queries)
-- IMPERSONATE_WITH_EMAIL_PREFIX
-- PLAYWRIGHT_REPORTS_AND_THUMBNAILS
-- RLS_IN_SQLLAB
-- SSH_TUNNELING [(docs)](https://superset.apache.org/docs/configuration/setup-ssh-tunneling)
-- USE_ANALAGOUS_COLORS
-
-## Stable
-
-These features flags are **safe for production**. They have been tested and will be supported for the at least the current major version cycle.
-
-[//]: # "PLEASE KEEP THESE LISTS SORTED ALPHABETICALLY"
-
-### Flags on the path to feature launch and flag deprecation/removal
-
-- DASHBOARD_VIRTUALIZATION
-
-### Flags retained for runtime configuration
-
-Currently some of our feature flags act as dynamic configurations that can change
-on the fly. This acts in contradiction with the typical ephemeral feature flag use case,
-where the flag is used to mature a feature, and eventually deprecated once the feature is
-solid. Eventually we'll likely refactor these under a more formal "dynamic configurations" managed
-independently. This new framework will also allow for non-boolean configurations.
-
-- ALERTS_ATTACH_REPORTS
-- ALLOW_ADHOC_SUBQUERY
-- DASHBOARD_RBAC [(docs)](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard#manage-access-to-dashboards)
-- DATAPANEL_CLOSED_BY_DEFAULT
-- DRILL_BY
-- DRUID_JOINS
-- EMBEDDABLE_CHARTS
-- EMBEDDED_SUPERSET
-- ENABLE_TEMPLATE_PROCESSING
-- ESCAPE_MARKDOWN_HTML
-- LISTVIEWS_DEFAULT_CARD_VIEW
-- SCHEDULED_QUERIES [(docs)](https://superset.apache.org/docs/configuration/alerts-reports)
-- SLACK_ENABLE_AVATARS (see `superset/config.py` for more information)
-- SQLLAB_BACKEND_PERSISTENCE
-- SQL_VALIDATORS_BY_ENGINE [(docs)](https://superset.apache.org/docs/configuration/sql-templating)
-- THUMBNAILS [(docs)](https://superset.apache.org/docs/configuration/cache)
-
-## Deprecated Flags
-
-These features flags currently default to True and **will be removed in a future major release**. For this current release you can turn them off by setting your config to False, but it is advised to remove or set these flags in your local configuration to **True** so that you do not experience any unexpected changes in a future release.
-
-[//]: # "PLEASE KEEP THE LIST SORTED ALPHABETICALLY"
-
-- AVOID_COLORS_COLLISION
-- DRILL_TO_DETAIL
-- ENABLE_JAVASCRIPT_CONTROLS
-- KV_STORE

RESOURCES/INTHEWILD.md

@@ -1,226 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied.  See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-## Superset Users in the Wild
-
-Here's a list of organizations, broken down into broad industry categories, that have taken the time to send a PR to let
-the world know they are using Apache Superset. If you are a user and want to be recognized,
-all you have to do is file a simple PR [like this one](https://github.com/apache/superset/pull/10122) — [just click here](https://github.com/apache/superset/edit/master/RESOURCES/INTHEWILD.md) to do so. If you think
-the categorization is inaccurate, please file a PR with your correction as well.
-Join our growing community!
-
-### Sharing Economy
-
-- [Airbnb](https://github.com/airbnb)
-- [Faasos](https://faasos.com/) [@shashanksingh]
-- [Free2Move](https://www.free2move.com/) [@PaoloTerzi]
-- [Hostnfly](https://www.hostnfly.com/) [@alexisrosuel]
-- [Lime](https://www.li.me/) [@cxmcc]
-- [Lyft](https://www.lyft.com/)
-- [Ontruck](https://www.ontruck.com/)
-
-### Financial Services
-
-- [Aktia Bank plc](https://www.aktia.com)
-- [American Express](https://www.americanexpress.com) [@TheLastSultan]
-- [bumper](https://www.bumper.co/) [@vasu-ram, @JamiePercival]
-- [Cape Crypto](https://capecrypto.com)
-- [Capital Service S.A.](https://capitalservice.pl) [@pkonarzewski]
-- [Clark.de](https://clark.de/)
-- [Europace](https://europace.de)
-- [KarrotPay](https://www.daangnpay.com/)
-- [Remita](https://remita.net) [@mujibishola]
-- [Taveo](https://www.taveo.com) [@codek]
-- [Unit](https://www.unit.co/about-us) [@amitmiran137]
-- [Wise](https://wise.com) [@koszti]
-- [Xendit](https://xendit.co/) [@LieAlbertTriAdrian]
-- [Cover Genius](https://covergenius.com/)
-
-### Gaming
-
-- [Popoko VM Games Studio](https://popoko.live)
-
-### E-Commerce
-
-- [AiHello](https://www.aihello.com) [@ganeshkrishnan1]
-- [Bazaar Technologies](https://www.bazaartech.com) [@umair-abro]
-- [Dragonpass](https://www.dragonpass.com.cn/) [@zhxjdwh]
-- [Dropit Shopping](https://www.dropit.shop/) [@dropit-dev]
-- [Fanatics](https://www.fanatics.com/) [@coderfender]
-- [Fordeal](https://www.fordeal.com) [@Renkai]
-- [Fynd](https://www.fynd.com/) [@darpanjain07]
-- [GFG - Global Fashion Group](https://global-fashion-group.com) [@ksaagariconic]
-- [GoTo/Gojek](https://www.gojek.io/) [@gwthm-in]
-- [HuiShouBao](https://www.huishoubao.com/) [@Yukinoshita-Yukino]
-- [Now](https://www.now.vn/) [@davidkohcw]
-- [Qunar](https://www.qunar.com/) [@flametest]
-- [Rakuten Viki](https://www.viki.com)
-- [Shopee](https://shopee.sg) [@xiaohanyu]
-- [Shopkick](https://www.shopkick.com) [@LAlbertalli]
-- [ShopUp](https://www.shopup.org/) [@gwthm-in]
-- [Tails.com](https://tails.com/gb/) [@alanmcruickshank]
-- [THE ICONIC](https://theiconic.com.au/) [@ksaagariconic]
-- [Utair](https://www.utair.ru) [@utair-digital]
-- [VkusVill](https://vkusvill.ru/) [@ETselikov]
-- [Zalando](https://www.zalando.com) [@dmigo]
-- [Zalora](https://www.zalora.com) [@ksaagariconic]
-- [Zepto](https://www.zeptonow.com/) [@gwthm-in]
-
-### Enterprise Technology
-
-- [A3Data](https://a3data.com.br) [@neylsoncrepalde]
-- [Analytics Aura](https://analyticsaura.com/) [@Analytics-Aura]
-- [Apollo GraphQL](https://www.apollographql.com/) [@evans]
-- [Astronomer](https://www.astronomer.io) [@ryw]
-- [Avesta Technologies](https://avestatechnologies.com/) [@TheRum]
-- [Caizin](https://caizin.com/) [@tejaskatariya]
-- [Canonical](https://canonical.com)
-- [Careem](https://www.careem.com/) [@samraHanif0340]
-- [Cloudsmith](https://cloudsmith.io) [@alancarson]
-- [Cyberhaven](https://www.cyberhaven.com/) [@toliver-ch]
-- [Deepomatic](https://deepomatic.com/) [@Zanoellia]
-- [Dial Once](https://www.dial-once.com/)
-- [Dremio](https://dremio.com) [@narendrans]
-- [EFinance](https://www.efinance.com.eg) [@habeeb556]
-- [Elestio](https://elest.io/) [@kaiwalyakoparkar]
-- [ELMO Cloud HR & Payroll](https://elmosoftware.com.au/)
-- [Endress+Hauser](https://www.endress.com/) [@rumbin]
-- [FBK - ICT center](https://ict.fbk.eu)
-- [Formbricks](https://formbricks.com)
-- [Gavagai](https://gavagai.io) [@gavagai-corp]
-- [GfK Data Lab](https://www.gfk.com/home) [@mherr]
-- [HPE](https://www.hpe.com/in/en/home.html) [@anmol-hpe]
-- [Hydrolix](https://www.hydrolix.io/)
-- [Intercom](https://www.intercom.com/) [@kate-gallo]
-- [jampp](https://jampp.com/)
-- [Konfío](https://konfio.mx) [@uis-rodriguez]
-- [Mainstrat](https://mainstrat.com/)
-- [mishmash io](https://mishmash.io/) [@mishmash-io]
-- [Myra Labs](https://www.myralabs.com/) [@viksit]
-- [Nielsen](https://www.nielsen.com/) [@amitNielsen]
-- [Ona](https://ona.io) [@pld]
-- [Orange](https://www.orange.com) [@icsu]
-- [Oslandia](https://oslandia.com)
-- [Oxylabs](https://oxylabs.io/) [@rytis-ulys]
-- [Peak AI](https://www.peak.ai/) [@azhar22k]
-- [PeopleDoc](https://www.people-doc.com) [@rodo]
-- [PlaidCloud](https://www.plaidcloud.com)
-- [Preset, Inc.](https://preset.io)
-- [PubNub](https://pubnub.com) [@jzucker2]
-- [ReadyTech](https://www.readytech.io)
-- [Reward Gateway](https://www.rewardgateway.com)
-- [RIADVICE](https://riadvice.tn) [@riadvice]
-- [ScopeAI](https://www.getscopeai.com) [@iloveluce]
-- [shipmnts](https://shipmnts.com)
-- [Showmax](https://showmax.com) [@bobek]
-- [SingleStore](https://www.singlestore.com/)
-- [TechAudit](https://www.techaudit.info) [@ETselikov]
-- [Tenable](https://www.tenable.com) [@dflionis]
-- [Tentacle](https://www.linkedin.com/company/tentacle-cmi/) [@jdclarke5]
-- [timbr.ai](https://timbr.ai/) [@semantiDan]
-- [Tobii](https://www.tobii.com/) [@dwa]
-- [Tooploox](https://www.tooploox.com/) [@jakubczaplicki]
-- [Unvired](https://unvired.com) [@srinisubramanian]
-- [Virtuoso QA](https://www.virtuosoqa.com)
-- [Whale](https://whale.im)
-- [Windsor.ai](https://www.windsor.ai/) [@octaviancorlade]
-- [WinWin Network马上赢](https://brandct.cn/) [@wenbinye]
-- [Zeta](https://www.zeta.tech/) [@shaikidris]
-
-### Media & Entertainment
-
-- [6play](https://www.6play.fr) [@CoryChaplin]
-- [bilibili](https://www.bilibili.com) [@Moinheart]
-- [BurdaForward](https://www.burda-forward.de/en/)
-- [Douban](https://www.douban.com/) [@luchuan]
-- [Kuaishou](https://www.kuaishou.com/) [@zhaoyu89730105]
-- [Netflix](https://www.netflix.com/)
-- [Prensa Iberica](https://www.prensaiberica.es/) [@zamar-roura]
-- [TME QQMUSIC/WESING](https://www.tencentmusic.com/) [@shenyuanli,@marklaw]
-- [Xite](https://xite.com/) [@shashankkoppar]
-- [Zaihang](https://www.zaih.com/)
-
-### Education
-
-- [Aveti Learning](https://avetilearning.com/) [@TheShubhendra]
-- [Brilliant.org](https://brilliant.org/)
-- [Open edX](https://openedx.org/)
-- [Platzi.com](https://platzi.com/)
-- [Sunbird](https://www.sunbird.org/) [@eksteporg]
-- [The GRAPH Network](https://thegraphnetwork.org/) [@fccoelho]
-- [Udemy](https://www.udemy.com/) [@sungjuly]
-- [VIPKID](https://www.vipkid.com.cn/) [@illpanda]
-- [WikiMedia Foundation](https://wikimediafoundation.org) [@vg]
-
-### Energy
-
-- [Airboxlab](https://foobot.io) [@antoine-galataud]
-- [DouroECI](https://www.douroeci.com/) [@nunohelibeires]
-- [Safaricom](https://www.safaricom.co.ke/) [@mmutiso]
-- [Scoot](https://scoot.co/) [@haaspt]
-- [Wattbewerb](https://wattbewerb.de/) [@wattbewerb]
-
-### Healthcare
-
-- [Amino](https://amino.com) [@shkr]
-- [Bluesquare](https://www.bluesquarehub.com/) [@madewulf]
-- [Care](https://www.getcare.io/) [@alandao2021]
-- [Living Goods](https://www.livinggoods.org) [@chelule]
-- [Maieutical Labs](https://maieuticallabs.it) [@xrmx]
-- [Medic](https://medic.org) [@1yuv]
-- [REDCap Cloud](https://www.redcapcloud.com/)
-- [TrustMedis](https://trustmedis.com/) [@famasya]
-- [WeSure](https://www.wesure.cn/)
-- [2070Health](https://2070health.com/)
-
-### HR / Staffing
-
-- [Swile](https://www.swile.co/) [@PaoloTerzi]
-- [Symmetrics](https://www.symmetrics.fyi)
-- [bluquist](https://bluquist.com/)
-
-### Government
-
-- [City of Ann Arbor, MI](https://www.a2gov.org/) [@sfirke]
-- [RIS3 Strategy of CZ, MIT CR](https://www.ris3.cz/) [@RIS3CZ]
-- [NRLM - Sarathi, India](https://pib.gov.in/PressReleasePage.aspx?PRID=1999586)
-
-### Travel
-
-- [Agoda](https://www.agoda.com/) [@lostseaway, @maiake, @obombayo]
-- [HomeToGo](https://hometogo.com/) [@pedromartinsteenstrup]
-- [Skyscanner](https://www.skyscanner.net/) [@cleslie, @stanhoucke]
-
-### Others
-
-- [10Web](https://10web.io/)
-- [AI inside](https://inside.ai/en/)
-- [Automattic](https://automattic.com/) [@Khrol, @Usiel]
-- [Dropbox](https://www.dropbox.com/) [@bkyryliuk]
-- [Flowbird](https://flowbird.com) [@EmmanuelCbd]
-- [GEOTAB](https://www.geotab.com) [@JZ6]
-- [Grassroot](https://www.grassrootinstitute.org/)
-- [Increff](https://www.increff.com/) [@ishansinghania]
-- [komoot](https://www.komoot.com/) [@christophlingg]
-- [Let's Roam](https://www.letsroam.com/)
-- [Machrent SA](https://www.machrent.com/)
-- [Onebeat](https://1beat.com/) [@GuyAttia]
-- [X](https://x.com/)
-- [VLMedia](https://www.vlmedia.com.tr/) [@ibotheperfect]
-- [Yahoo!](https://yahoo.com/)

RESOURCES/INTHEWILD.yaml

@@ -0,0 +1,678 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Apache Superset Users in the Wild
+#
+# To add your organization:
+# 1. Find the appropriate category (or add a new one)
+# 2. Add an entry with your organization details
+# 3. Optionally add a logo file to docs/static/img/logos/
+#
+# Required fields:
+#   - name: Your organization name
+#   - url: Link to your organization's website
+#
+# Optional fields:
+#   - logo: Filename of logo in docs/static/img/logos/ (e.g., "mycompany.svg")
+#   - contributors: List of GitHub usernames who contributed (e.g., ["@username"])
+
+categories:
+  Sharing Economy:
+    - name: Airbnb
+      url: https://github.com/airbnb
+
+    - name: Faasos
+      url: https://faasos.com/
+      contributors: ["@shashanksingh"]
+
+    - name: Free2Move
+      url: https://www.free2move.com/
+      contributors: ["@PaoloTerzi"]
+
+    - name: Hostnfly
+      url: https://www.hostnfly.com/
+      contributors: ["@alexisrosuel"]
+
+    - name: Lime
+      url: https://www.li.me/
+      contributors: ["@cxmcc"]
+
+    - name: Lyft
+      url: https://www.lyft.com/
+
+    - name: Ontruck
+      url: https://www.ontruck.com/
+
+  Financial Services:
+    - name: Aktia Bank plc
+      url: https://www.aktia.com
+
+    - name: American Express
+      url: https://www.americanexpress.com
+      contributors: ["@TheLastSultan"]
+
+    - name: bumper
+      url: https://www.bumper.co/
+      contributors: ["@vasu-ram", "@JamiePercival"]
+
+    - name: Cape Crypto
+      url: https://capecrypto.com
+
+    - name: Capital Service S.A.
+      url: https://capitalservice.pl
+      contributors: ["@pkonarzewski"]
+
+    - name: Clark.de
+      url: https://clark.de/
+
+    - name: EnquiryLabs
+      url: https://www.enquirylabs.co.uk
+
+    - name: Europace
+      url: https://europace.de
+
+    - name: KarrotPay
+      url: https://www.daangnpay.com/
+
+    - name: Remita
+      url: https://remita.net
+      contributors: ["@mujibishola"]
+
+    - name: Taveo
+      url: https://www.taveo.com
+      contributors: ["@codek"]
+
+    - name: Unit
+      url: https://www.unit.co/about-us
+      contributors: ["@amitmiran137"]
+
+    - name: Wise
+      url: https://wise.com
+      contributors: ["@koszti"]
+
+    - name: Xendit
+      url: https://xendit.co/
+      contributors: ["@LieAlbertTriAdrian"]
+
+    - name: Cover Genius
+      url: https://covergenius.com/
+
+  Gaming:
+    - name: Popoko VM Games Studio
+      url: https://popoko.live
+
+  E-Commerce:
+    - name: AiHello
+      url: https://www.aihello.com
+      contributors: ["@ganeshkrishnan1"]
+
+    - name: Bazaar Technologies
+      url: https://www.bazaartech.com
+      contributors: ["@umair-abro"]
+
+    - name: Blinkit
+      url: https://www.blinkit.com/
+      contributors: ["@amsharm2"]
+
+    - name: Dragonpass
+      url: https://www.dragonpass.com.cn/
+      contributors: ["@zhxjdwh"]
+
+    - name: Dropit Shopping
+      url: https://www.dropit.shop/
+      contributors: ["@dropit-dev"]
+
+    - name: Fanatics
+      url: https://www.fanatics.com/
+      contributors: ["@coderfender"]
+
+    - name: Fordeal
+      url: https://www.fordeal.com
+      contributors: ["@Renkai"]
+
+    - name: Fynd
+      url: https://www.fynd.com/
+      contributors: ["@darpanjain07"]
+
+    - name: GFG - Global Fashion Group
+      url: https://global-fashion-group.com
+      contributors: ["@ksaagariconic"]
+
+    - name: GoTo/Gojek
+      url: https://www.gojek.io/
+      contributors: ["@gwthm-in"]
+
+    - name: HuiShouBao
+      url: https://www.huishoubao.com/
+      contributors: ["@Yukinoshita-Yukino"]
+
+    - name: Now
+      url: https://www.now.vn/
+      contributors: ["@davidkohcw"]
+
+    - name: Qunar
+      url: https://www.qunar.com/
+      contributors: ["@flametest"]
+
+    - name: Rakuten Viki
+      url: https://www.viki.com
+
+    - name: Shopee
+      url: https://shopee.sg
+      contributors: ["@xiaohanyu"]
+
+    - name: Shopkick
+      url: https://www.shopkick.com
+      contributors: ["@LAlbertalli"]
+
+    - name: ShopUp
+      url: https://www.shopup.org/
+      contributors: ["@gwthm-in"]
+
+    - name: Tails.com
+      url: https://tails.com/gb/
+      contributors: ["@alanmcruickshank"]
+
+    - name: THE ICONIC
+      url: https://theiconic.com.au/
+      contributors: ["@ksaagariconic"]
+
+    - name: Utair
+      url: https://www.utair.ru
+      contributors: ["@utair-digital"]
+
+    - name: VkusVill
+      url: https://vkusvill.ru/
+      contributors: ["@ETselikov"]
+
+    - name: Zalando
+      url: https://www.zalando.com
+      contributors: ["@dmigo"]
+
+    - name: Zalora
+      url: https://www.zalora.com
+      contributors: ["@ksaagariconic"]
+
+    - name: Zepto
+      url: https://www.zeptonow.com/
+      contributors: ["@gwthm-in"]
+
+  Enterprise Technology:
+    - name: A3Data
+      url: https://a3data.com.br
+      contributors: ["@neylsoncrepalde"]
+
+    - name: Analytics Aura
+      url: https://analyticsaura.com/
+      contributors: ["@Analytics-Aura"]
+
+    - name: Apollo GraphQL
+      url: https://www.apollographql.com/
+      contributors: ["@evans"]
+
+    - name: Astronomer
+      url: https://www.astronomer.io
+      contributors: ["@ryw"]
+
+    - name: Avesta Technologies
+      url: https://avestatechnologies.com/
+      contributors: ["@TheRum"]
+
+    - name: Caizin
+      url: https://caizin.com/
+      contributors: ["@tejaskatariya"]
+
+    - name: Canonical
+      url: https://canonical.com
+
+    - name: Careem
+      url: https://www.careem.com/
+      contributors: ["@samraHanif0340"]
+
+    - name: Cloudsmith
+      url: https://cloudsmith.io
+      contributors: ["@alancarson"]
+
+    - name: Cyberhaven
+      url: https://www.cyberhaven.com/
+      contributors: ["@toliver-ch"]
+
+    - name: Deepomatic
+      url: https://deepomatic.com/
+      contributors: ["@Zanoellia"]
+
+    - name: Dial Once
+      url: https://www.dial-once.com/
+
+    - name: Dremio
+      url: https://dremio.com
+      contributors: ["@narendrans"]
+
+    - name: EFinance
+      url: https://www.efinance.com.eg
+      contributors: ["@habeeb556"]
+
+    - name: Elestio
+      url: https://elest.io/
+      contributors: ["@kaiwalyakoparkar"]
+
+    - name: ELMO Cloud HR & Payroll
+      url: https://elmosoftware.com.au/
+
+    - name: Endress+Hauser
+      url: https://www.endress.com/
+      contributors: ["@rumbin"]
+
+    - name: FBK - ICT center
+      url: https://ict.fbk.eu
+
+    - name: Formbricks
+      url: https://formbricks.com
+
+    - name: Gavagai
+      url: https://gavagai.io
+      contributors: ["@gavagai-corp"]
+
+    - name: GfK Data Lab
+      url: https://www.gfk.com/home
+      contributors: ["@mherr"]
+
+    - name: HPE
+      url: https://www.hpe.com/in/en/home.html
+      contributors: ["@anmol-hpe"]
+
+    - name: Hydrolix
+      url: https://www.hydrolix.io/
+
+    - name: Intercom
+      url: https://www.intercom.com/
+      contributors: ["@kate-gallo"]
+
+    - name: jampp
+      url: https://jampp.com/
+
+    - name: Konfío
+      url: https://konfio.mx
+      contributors: ["@uis-rodriguez"]
+
+    - name: Mainstrat
+      url: https://mainstrat.com/
+
+    - name: mishmash io
+      url: https://mishmash.io/
+      contributors: ["@mishmash-io"]
+
+    - name: Myra Labs
+      url: https://www.myralabs.com/
+      contributors: ["@viksit"]
+
+    - name: Nielsen
+      url: https://www.nielsen.com/
+      contributors: ["@amitNielsen"]
+
+    - name: Ona
+      url: https://ona.io
+      contributors: ["@pld"]
+
+    - name: Orange
+      url: https://www.orange.com
+      contributors: ["@icsu"]
+
+    - name: Oslandia
+      url: https://oslandia.com
+
+    - name: Oxylabs
+      url: https://oxylabs.io/
+      contributors: ["@rytis-ulys"]
+
+    - name: Peak AI
+      url: https://www.peak.ai/
+      contributors: ["@azhar22k"]
+
+    - name: PeopleDoc
+      url: https://www.people-doc.com
+      contributors: ["@rodo"]
+
+    - name: PlaidCloud
+      url: https://plaidcloud.com
+      logo: plaidcloud.svg
+      contributors: ["@rad-pat"]
+
+    - name: Preset, Inc.
+      url: https://preset.io
+      logo: preset.svg
+      contributors: ["@mistercrunch", "@betodealmeida", "@dpgaspar", "@rusackas", "@sadpandajoe", "@Vitor-Avila", "@kgabryje", "@geido", "@eschutho", "@Antonio-RiveroMartnez", "@yousoph"]
+
+    - name: PubNub
+      url: https://pubnub.com
+      contributors: ["@jzucker2"]
+
+    - name: ReadyTech
+      url: https://www.readytech.io
+
+    - name: Reward Gateway
+      url: https://www.rewardgateway.com
+
+    - name: RIADVICE
+      url: https://riadvice.tn
+      contributors: ["@riadvice"]
+
+    - name: ScopeAI
+      url: https://www.getscopeai.com
+      contributors: ["@iloveluce"]
+
+    - name: shipmnts
+      url: https://shipmnts.com
+
+    - name: Showmax
+      url: https://showmax.com
+      contributors: ["@bobek"]
+
+    - name: SingleStore
+      url: https://www.singlestore.com/
+
+    - name: TechAudit
+      url: https://www.techaudit.info
+      contributors: ["@ETselikov"]
+
+    - name: Tenable
+      url: https://www.tenable.com
+      contributors: ["@dflionis"]
+
+    - name: Tentacle
+      url: https://www.linkedin.com/company/tentacle-cmi/
+      contributors: ["@jdclarke5"]
+
+    - name: timbr.ai
+      url: https://timbr.ai/
+      contributors: ["@semantiDan"]
+
+    - name: Tobii
+      url: https://www.tobii.com/
+      contributors: ["@dwa"]
+
+    - name: Tooploox
+      url: https://www.tooploox.com/
+      contributors: ["@jakubczaplicki"]
+
+    - name: Unvired
+      url: https://unvired.com
+      contributors: ["@srinisubramanian"]
+
+    - name: UserGuiding
+      url: https://userguiding.com/
+      logo: userguiding.svg
+      contributors: ["@tzercin"]
+
+    - name: Virtuoso QA
+      url: https://www.virtuosoqa.com
+
+    - name: Whale
+      url: https://whale.im
+
+    - name: Windsor.ai
+      url: https://www.windsor.ai/
+      contributors: ["@octaviancorlade"]
+
+    - name: WinWin Network马上赢
+      url: https://brandct.cn/
+      contributors: ["@wenbinye"]
+
+    - name: Zeta
+      url: https://www.zeta.tech/
+      contributors: ["@shaikidris"]
+
+  Media & Entertainment:
+    - name: 6play
+      url: https://www.6play.fr
+      contributors: ["@CoryChaplin"]
+
+    - name: bilibili
+      url: https://www.bilibili.com
+      contributors: ["@Moinheart"]
+
+    - name: BurdaForward
+      url: https://www.burda-forward.de/en/
+
+    - name: Douban
+      url: https://www.douban.com/
+      contributors: ["@luchuan"]
+
+    - name: Kuaishou
+      url: https://www.kuaishou.com/
+      contributors: ["@zhaoyu89730105"]
+
+    - name: Netflix
+      url: https://www.netflix.com/
+
+    - name: Prensa Iberica
+      url: https://www.prensaiberica.es/
+      contributors: ["@zamar-roura"]
+
+    - name: TME QQMUSIC/WESING
+      url: https://www.tencentmusic.com/
+      contributors: ["@shenyuanli", "@marklaw"]
+
+    - name: Xite
+      url: https://xite.com/
+      contributors: ["@shashankkoppar"]
+
+    - name: Zaihang
+      url: https://www.zaih.com/
+
+  Education:
+    - name: Aveti Learning
+      url: https://avetilearning.com/
+      contributors: ["@TheShubhendra"]
+
+    - name: Brilliant.org
+      url: https://brilliant.org/
+
+    - name: Cirrus Assessment
+      url: https://cirrusassessment.com/
+      logo: cirrus.svg
+      contributors: ["@jeroenhabets", "@ddmm-white", "@paulrocost"]
+
+    - name: Open edX
+      url: https://openedx.org/
+
+    - name: Platzi.com
+      url: https://platzi.com/
+
+    - name: Sunbird
+      url: https://www.sunbird.org/
+      contributors: ["@eksteporg"]
+
+    - name: The GRAPH Network
+      url: https://thegraphnetwork.org/
+      contributors: ["@fccoelho"]
+
+    - name: Udemy
+      url: https://www.udemy.com/
+      contributors: ["@sungjuly"]
+
+    - name: VIPKID
+      url: https://www.vipkid.com.cn/
+      contributors: ["@illpanda"]
+
+    - name: WikiMedia Foundation
+      url: https://wikimediafoundation.org
+      contributors: ["@vg"]
+
+  Energy:
+    - name: Airboxlab
+      url: https://foobot.io
+      contributors: ["@antoine-galataud"]
+
+    - name: DouroECI
+      url: https://www.douroeci.com/
+      contributors: ["@nunohelibeires"]
+
+    - name: Safaricom
+      url: https://www.safaricom.co.ke/
+      contributors: ["@mmutiso"]
+
+    - name: Scoot
+      url: https://scoot.co/
+      contributors: ["@haaspt"]
+
+    - name: Wattbewerb
+      url: https://wattbewerb.de/
+      contributors: ["@wattbewerb"]
+
+    - name: Rogow
+      url: https://rogow.com.br/
+      contributors: ["@nilmonto"]
+
+  Healthcare:
+    - name: Amino
+      url: https://amino.com
+      contributors: ["@shkr"]
+
+    - name: Bluesquare
+      url: https://www.bluesquarehub.com/
+      contributors: ["@madewulf"]
+
+    - name: Care
+      url: https://www.getcare.io/
+      contributors: ["@alandao2021"]
+
+    - name: Living Goods
+      url: https://www.livinggoods.org
+      contributors: ["@chelule"]
+
+    - name: Maieutical Labs
+      url: https://maieuticallabs.it
+      contributors: ["@xrmx"]
+
+    - name: Medic
+      url: https://medic.org
+      contributors: ["@1yuv"]
+
+    - name: REDCap Cloud
+      url: https://www.redcapcloud.com/
+
+    - name: TrustMedis
+      url: https://trustmedis.com/
+      contributors: ["@famasya"]
+
+    - name: WeSure
+      url: https://www.wesure.cn/
+
+    - name: 2070Health
+      url: https://2070health.com/
+
+  HR / Staffing:
+    - name: Swile
+      url: https://www.swile.co/
+      contributors: ["@PaoloTerzi"]
+
+    - name: Symmetrics
+      url: https://www.symmetrics.fyi
+
+    - name: bluquist
+      url: https://bluquist.com/
+
+  Government:
+    - name: City of Ann Arbor, MI
+      url: https://www.a2gov.org/
+      contributors: ["@sfirke"]
+
+    - name: RIS3 Strategy of CZ, MIT CR
+      url: https://www.ris3.cz/
+      contributors: ["@RIS3CZ"]
+
+    - name: NRLM - Sarathi, India
+      url: https://pib.gov.in/PressReleasePage.aspx?PRID=1999586
+
+  Mobile Software:
+    - name: VLMedia
+      url: https://www.vlmedia.com.tr
+      logo: vlmedia.svg
+      contributors: ["@iercan"]
+
+  Travel:
+    - name: Agoda
+      url: https://www.agoda.com/
+      contributors: ["@lostseaway", "@maiake", "@obombayo"]
+
+    - name: HomeToGo
+      url: https://hometogo.com/
+      contributors: ["@pedromartinsteenstrup"]
+
+    - name: Skyscanner
+      url: https://www.skyscanner.net/
+      contributors: ["@cleslie", "@stanhoucke"]
+
+  Logistics:
+    - name: Stockarea
+      url: https://stockarea.io
+
+  Others:
+    - name: 10Web
+      url: https://10web.io/
+
+    - name: AI inside
+      url: https://inside.ai/en/
+
+    - name: Automattic
+      url: https://automattic.com/
+      contributors: ["@Khrol", "@Usiel"]
+
+    - name: Dropbox
+      url: https://www.dropbox.com/
+      contributors: ["@bkyryliuk"]
+
+    - name: Flowbird
+      url: https://flowbird.com
+      contributors: ["@EmmanuelCbd"]
+
+    - name: GEOTAB
+      url: https://www.geotab.com
+      contributors: ["@JZ6"]
+
+    - name: Grassroot
+      url: https://www.grassrootinstitute.org/
+
+    - name: HOLLYLAND猛玛
+      url: https://www.hollyland.com
+      logo: hollyland猛玛.svg
+      contributors: ["@hlyda0601"]
+
+    - name: Increff
+      url: https://www.increff.com/
+      contributors: ["@ishansinghania"]
+
+    - name: komoot
+      url: https://www.komoot.com/
+      contributors: ["@christophlingg"]
+
+    - name: Let's Roam
+      url: https://www.letsroam.com/
+
+    - name: Machrent SA
+      url: https://www.machrent.com/
+
+    - name: Onebeat
+      url: https://1beat.com/
+      contributors: ["@GuyAttia"]
+
+    - name: X
+      url: https://x.com/
+
+    - name: Yahoo!
+      url: https://yahoo.com/

RESOURCES/STANDARD_ROLES.md

@@ -17,192 +17,193 @@ specific language governing permissions and limitations
 under the License.
 -->
 
-|                                                  |Admin|Alpha|Gamma|SQL_LAB|
-|--------------------------------------------------|---|---|---|---|
-| Permission/role description                      |Admins have all possible rights, including granting or revoking rights from other users and altering other people’s slices and dashboards.|Alpha users have access to all data sources, but they cannot grant or revoke access from other users. They are also limited to altering the objects that they own. Alpha users can add and alter data sources.|Gamma users have limited access. They can only consume data coming from data sources they have been given access to through another complementary role. They only have access to view the slices and dashboards made from data sources that they have access to. Currently Gamma users are not able to alter or add data sources. We assume that they are mostly content consumers, though they can create slices and dashboards.|The sql_lab role grants access to SQL Lab. Note that while Admin users have access to all databases by default, both Alpha and Gamma users need to be given access on a per database basis.||
-| can read on SavedQuery                           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can write on SavedQuery                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can read on CssTemplate                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can write on CssTemplate                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on ReportSchedule                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can write on ReportSchedule                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on Chart                                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can write on Chart                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on Annotation                           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can write on Annotation                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on Dataset                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can write on Dataset                             |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| can read on Log                                  |:heavy_check_mark:|O|O|O|
-| can write on Log                                 |:heavy_check_mark:|O|O|O|
-| can read on Dashboard                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can write on Dashboard                           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on Database                             |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can write on Database                            |:heavy_check_mark:|O|O|O|
-| can read on Query                                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can this form get on ResetPasswordView           |:heavy_check_mark:|O|O|O|
-| can this form post on ResetPasswordView          |:heavy_check_mark:|O|O|O|
-| can this form get on ResetMyPasswordView         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can this form post on ResetMyPasswordView        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can this form get on UserInfoEditView            |:heavy_check_mark:|O|O|O|
-| can this form post on UserInfoEditView           |:heavy_check_mark:|O|O|O|
-| can show on UserDBModelView                      |:heavy_check_mark:|O|O|O|
-| can edit on UserDBModelView                      |:heavy_check_mark:|O|O|O|
-| can delete on UserDBModelView                    |:heavy_check_mark:|O|O|O|
-| can add on UserDBModelView                       |:heavy_check_mark:|O|O|O|
-| can list on UserDBModelView                      |:heavy_check_mark:|O|O|O|
-| can userinfo on UserDBModelView                  |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| resetmypassword on UserDBModelView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| resetpasswords on UserDBModelView                |:heavy_check_mark:|O|O|O|
-| userinfoedit on UserDBModelView                  |:heavy_check_mark:|O|O|O|
-| can show on RoleModelView                        |:heavy_check_mark:|O|O|O|
-| can edit on RoleModelView                        |:heavy_check_mark:|O|O|O|
-| can delete on RoleModelView                      |:heavy_check_mark:|O|O|O|
-| can add on RoleModelView                         |:heavy_check_mark:|O|O|O|
-| can list on RoleModelView                        |:heavy_check_mark:|O|O|O|
-| copyrole on RoleModelView                        |:heavy_check_mark:|O|O|O|
-| can get on OpenApi                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can show on SwaggerView                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can get on MenuApi                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can list on AsyncEventsRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can invalidate on CacheRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can csv upload on Database                       |:heavy_check_mark:|O|O|O|
-| can excel upload on Database                     |:heavy_check_mark:|O|O|O|
-| can query form data on Api                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can query on Api                                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can time range on Api                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can external metadata on Datasource              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can save on Datasource                           |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| can get on Datasource                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can my queries on SqlLab                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can log on Superset                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can import dashboards on Superset                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can schemas on Superset                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can sqllab history on Superset                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can publish on Superset                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can csv on Superset                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can slice on Superset                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can sync druid source on Superset                |:heavy_check_mark:|O|O|O|
-| can explore on Superset                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can approve on Superset                          |:heavy_check_mark:|O|O|O|
-| can explore json on Superset                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can fetch datasource metadata on Superset        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can csrf token on Superset                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can sqllab on Superset                           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can select star on Superset                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can warm up cache on Superset                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can sqllab table viz on Superset                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can available domains on Superset                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can request access on Superset                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can dashboard on Superset                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can post on TableSchemaView                      |:heavy_check_mark:|O|O|:heavy_check_mark:|
-| can expanded on TableSchemaView                  |:heavy_check_mark:|O|O|:heavy_check_mark:|
-| can delete on TableSchemaView                    |:heavy_check_mark:|O|O|:heavy_check_mark:|
-| can get on TabStateView                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can post on TabStateView                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can delete query on TabStateView                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can migrate query on TabStateView                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can activate on TabStateView                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can delete on TabStateView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can put on TabStateView                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can read on SecurityRestApi                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| menu access on Security                          |:heavy_check_mark:|O|O|O|
-| menu access on List Users                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on List Roles                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Action Log                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Manage                            |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| menu access on Annotation Layers                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on CSS Templates                     |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| menu access on Import Dashboards                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Data                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Databases                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Datasets                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Charts                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Dashboards                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on SQL Lab                           |:heavy_check_mark:|O|O|:heavy_check_mark:|
-| menu access on SQL Editor                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| menu access on Saved Queries                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| menu access on Query Search                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| all datasource access on all_datasource_access   |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| all database access on all_database_access       |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| all query access on all_query_access             |:heavy_check_mark:|O|O|O|
-| can write on DynamicPlugin                       |:heavy_check_mark:|O|O|O|
-| can edit on DynamicPlugin                        |:heavy_check_mark:|O|O|O|
-| can list on DynamicPlugin                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can show on DynamicPlugin                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can download on DynamicPlugin                    |:heavy_check_mark:|O|O|O|
-| can add on DynamicPlugin                         |:heavy_check_mark:|O|O|O|
-| can delete on DynamicPlugin                      |:heavy_check_mark:|O|O|O|
-| can external metadata by name on Datasource      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can get value on KV                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can store on KV                                  |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can tagged objects on TagView                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can suggestions on TagView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can get on TagView                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can post on TagView                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can delete on TagView                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can edit on DashboardEmailScheduleView           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can list on DashboardEmailScheduleView           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can show on DashboardEmailScheduleView           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can add on DashboardEmailScheduleView            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can delete on DashboardEmailScheduleView         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| muldelete on DashboardEmailScheduleView          |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| can edit on SliceEmailScheduleView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can list on SliceEmailScheduleView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can show on SliceEmailScheduleView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can add on SliceEmailScheduleView                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can delete on SliceEmailScheduleView             |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| muldelete on SliceEmailScheduleView              |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| can edit on AlertModelView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can list on AlertModelView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can show on AlertModelView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can add on AlertModelView                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can delete on AlertModelView                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can list on AlertLogModelView                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can show on AlertLogModelView                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can list on AlertObservationModelView            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can show on AlertObservationModelView            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Row Level Security                |:heavy_check_mark:|O|O|O|
-| menu access on Access requests                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Home                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Plugins                           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Dashboard Email Schedules         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Chart Emails                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Alerts                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Alerts & Report                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| menu access on Scan New Datasources              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can share dashboard on Superset                  |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can share chart on Superset                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can this form get on ColumnarToDatabaseView      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can this form post on ColumnarToDatabaseView     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can export on Chart                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can write on DashboardFilterStateRestApi         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on DashboardFilterStateRestApi          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can write on DashboardPermalinkRestApi           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on DashboardPermalinkRestApi            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can delete embedded on Dashboard                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can set embedded on Dashboard                    |:heavy_check_mark:|O|O|O|
-| can export on Dashboard                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can get embedded on Dashboard                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can export on Database                           |:heavy_check_mark:|O|O|O|
-| can export on Dataset                            |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| can write on ExploreFormDataRestApi              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on ExploreFormDataRestApi               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can write on ExplorePermalinkRestApi             |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on ExplorePermalinkRestApi              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can export on ImportExportRestApi                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can import on ImportExportRestApi                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can export on SavedQuery                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|
-| can dashboard permalink on Superset              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can grant guest token on SecurityRestApi         |:heavy_check_mark:|O|O|O|
-| can read on AdvancedDataType                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can read on EmbeddedDashboard                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can duplicate on Dataset                         |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| can read on Explore                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can samples on Datasource                        |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| can read on AvailableDomains                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
-| can get or create dataset on Dataset             |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| can get column values on Datasource              |:heavy_check_mark:|:heavy_check_mark:|O|O|
-| can export csv on SQLLab                         |:heavy_check_mark:|O|O|:heavy_check_mark:|
-| can get results on SQLLab                        |:heavy_check_mark:|O|O|:heavy_check_mark:|
-| can execute sql query on SQLLab                  |:heavy_check_mark:|O|O|:heavy_check_mark:|
-| can recent activity on Log                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+|                                                  |Admin|Alpha|Gamma|Public|SQL_LAB|
+|--------------------------------------------------|---|---|---|---|---|
+| Permission/role description                      |Admins have all possible rights, including granting or revoking rights from other users and altering other people's slices and dashboards.|Alpha users have access to all data sources, but they cannot grant or revoke access from other users. They are also limited to altering the objects that they own. Alpha users can add and alter data sources.|Gamma users have limited access. They can only consume data coming from data sources they have been given access to through another complementary role. They only have access to view the slices and dashboards made from data sources that they have access to. Currently Gamma users are not able to alter or add data sources. We assume that they are mostly content consumers, though they can create slices and dashboards.|Public is the most restrictive built-in role, designed for anonymous/unauthenticated users viewing public dashboards. It provides minimal read-only access for dashboard viewing with interactive filters. Use `PUBLIC_ROLE_LIKE = "Public"` to apply these permissions to anonymous users.|The sql_lab role grants access to SQL Lab. Note that while Admin users have access to all databases by default, both Alpha and Gamma users need to be given access on a per database basis.||
+| can read on SavedQuery                           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can write on SavedQuery                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can read on CssTemplate                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can write on CssTemplate                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can read on ReportSchedule                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can write on ReportSchedule                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can read on Chart                                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can write on Chart                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can read on Annotation                           |:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|O|
+| can write on Annotation                          |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can read on AnnotationLayerRestApi               |:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|O|
+| can read on Dataset                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can write on Dataset                             |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can read on Log                                  |:heavy_check_mark:|O|O|O|O|
+| can write on Log                                 |:heavy_check_mark:|O|O|O|O|
+| can read on Dashboard                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can write on Dashboard                           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can read on Database                             |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can write on Database                            |:heavy_check_mark:|O|O|O|O|
+| can read on Query                                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can this form get on ResetPasswordView           |:heavy_check_mark:|O|O|O|O|
+| can this form post on ResetPasswordView          |:heavy_check_mark:|O|O|O|O|
+| can this form get on ResetMyPasswordView         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can this form post on ResetMyPasswordView        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can this form get on UserInfoEditView            |:heavy_check_mark:|O|O|O|O|
+| can this form post on UserInfoEditView           |:heavy_check_mark:|O|O|O|O|
+| can show on UserDBModelView                      |:heavy_check_mark:|O|O|O|O|
+| can edit on UserDBModelView                      |:heavy_check_mark:|O|O|O|O|
+| can delete on UserDBModelView                    |:heavy_check_mark:|O|O|O|O|
+| can add on UserDBModelView                       |:heavy_check_mark:|O|O|O|O|
+| can list on UserDBModelView                      |:heavy_check_mark:|O|O|O|O|
+| can userinfo on UserDBModelView                  |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| resetmypassword on UserDBModelView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| resetpasswords on UserDBModelView                |:heavy_check_mark:|O|O|O|O|
+| userinfoedit on UserDBModelView                  |:heavy_check_mark:|O|O|O|O|
+| can show on RoleModelView                        |:heavy_check_mark:|O|O|O|O|
+| can edit on RoleModelView                        |:heavy_check_mark:|O|O|O|O|
+| can delete on RoleModelView                      |:heavy_check_mark:|O|O|O|O|
+| can add on RoleModelView                         |:heavy_check_mark:|O|O|O|O|
+| can list on RoleModelView                        |:heavy_check_mark:|O|O|O|O|
+| copyrole on RoleModelView                        |:heavy_check_mark:|O|O|O|O|
+| can get on OpenApi                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can show on SwaggerView                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can get on MenuApi                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can list on AsyncEventsRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can invalidate on CacheRestApi                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can csv upload on Database                       |:heavy_check_mark:|O|O|O|O|
+| can excel upload on Database                     |:heavy_check_mark:|O|O|O|O|
+| can query form data on Api                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can query on Api                                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can time range on Api                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can external metadata on Datasource              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can save on Datasource                           |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can get on Datasource                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can my queries on SqlLab                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can log on Superset                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can import dashboards on Superset                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can schemas on Superset                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can sqllab history on Superset                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can publish on Superset                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can csv on Superset                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can slice on Superset                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can sync druid source on Superset                |:heavy_check_mark:|O|O|O|O|
+| can explore on Superset                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can approve on Superset                          |:heavy_check_mark:|O|O|O|O|
+| can explore json on Superset                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can fetch datasource metadata on Superset        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can csrf token on Superset                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can sqllab on Superset                           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can select star on Superset                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can warm up cache on Superset                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can sqllab table viz on Superset                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can available domains on Superset                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can request access on Superset                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can dashboard on Superset                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can post on TableSchemaView                      |:heavy_check_mark:|O|O|O|:heavy_check_mark:|
+| can expanded on TableSchemaView                  |:heavy_check_mark:|O|O|O|:heavy_check_mark:|
+| can delete on TableSchemaView                    |:heavy_check_mark:|O|O|O|:heavy_check_mark:|
+| can get on TabStateView                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can post on TabStateView                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can delete query on TabStateView                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can migrate query on TabStateView                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can activate on TabStateView                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can delete on TabStateView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can put on TabStateView                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can read on SecurityRestApi                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| menu access on Security                          |:heavy_check_mark:|O|O|O|O|
+| menu access on List Users                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on List Roles                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Action Log                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Manage                            |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| menu access on Annotation Layers                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on CSS Templates                     |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| menu access on Import Dashboards                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Data                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Databases                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Datasets                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Charts                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Dashboards                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on SQL Lab                           |:heavy_check_mark:|O|O|O|:heavy_check_mark:|
+| menu access on SQL Editor                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| menu access on Saved Queries                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| menu access on Query Search                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| all datasource access on all_datasource_access   |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| all database access on all_database_access       |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| all query access on all_query_access             |:heavy_check_mark:|O|O|O|O|
+| can write on DynamicPlugin                       |:heavy_check_mark:|O|O|O|O|
+| can edit on DynamicPlugin                        |:heavy_check_mark:|O|O|O|O|
+| can list on DynamicPlugin                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can show on DynamicPlugin                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can download on DynamicPlugin                    |:heavy_check_mark:|O|O|O|O|
+| can add on DynamicPlugin                         |:heavy_check_mark:|O|O|O|O|
+| can delete on DynamicPlugin                      |:heavy_check_mark:|O|O|O|O|
+| can external metadata by name on Datasource      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can get value on KV                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can store on KV                                  |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can tagged objects on TagView                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can suggestions on TagView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can get on TagView                               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can post on TagView                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can delete on TagView                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can edit on DashboardEmailScheduleView           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can list on DashboardEmailScheduleView           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can show on DashboardEmailScheduleView           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can add on DashboardEmailScheduleView            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can delete on DashboardEmailScheduleView         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| muldelete on DashboardEmailScheduleView          |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can edit on SliceEmailScheduleView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can list on SliceEmailScheduleView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can show on SliceEmailScheduleView               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can add on SliceEmailScheduleView                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can delete on SliceEmailScheduleView             |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| muldelete on SliceEmailScheduleView              |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can edit on AlertModelView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can list on AlertModelView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can show on AlertModelView                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can add on AlertModelView                        |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can delete on AlertModelView                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can list on AlertLogModelView                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can show on AlertLogModelView                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can list on AlertObservationModelView            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can show on AlertObservationModelView            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Row Level Security                |:heavy_check_mark:|O|O|O|O|
+| menu access on Access requests                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Home                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Plugins                           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Dashboard Email Schedules         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Chart Emails                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Alerts                            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Alerts & Report                   |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| menu access on Scan New Datasources              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can share dashboard on Superset                  |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can share chart on Superset                      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can this form get on ColumnarToDatabaseView      |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can this form post on ColumnarToDatabaseView     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can export on Chart                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can write on DashboardFilterStateRestApi         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can read on DashboardFilterStateRestApi          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can write on DashboardPermalinkRestApi           |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can read on DashboardPermalinkRestApi            |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can delete embedded on Dashboard                 |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can set embedded on Dashboard                    |:heavy_check_mark:|O|O|O|O|
+| can export on Dashboard                          |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can get embedded on Dashboard                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can export on Database                           |:heavy_check_mark:|O|O|O|O|
+| can export on Dataset                            |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can write on ExploreFormDataRestApi              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can read on ExploreFormDataRestApi               |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can write on ExplorePermalinkRestApi             |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can read on ExplorePermalinkRestApi              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can export on ImportExportRestApi                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can import on ImportExportRestApi                |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can export on SavedQuery                         |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|:heavy_check_mark:|
+| can dashboard permalink on Superset              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can grant guest token on SecurityRestApi         |:heavy_check_mark:|O|O|O|O|
+| can read on AdvancedDataType                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can read on EmbeddedDashboard                    |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
+| can duplicate on Dataset                         |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can read on Explore                              |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can samples on Datasource                        |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can read on AvailableDomains                     |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|
+| can get or create dataset on Dataset             |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can get column values on Datasource              |:heavy_check_mark:|:heavy_check_mark:|O|O|O|
+| can export csv on SQLLab                         |:heavy_check_mark:|O|O|O|:heavy_check_mark:|
+| can get results on SQLLab                        |:heavy_check_mark:|O|O|O|:heavy_check_mark:|
+| can execute sql query on SQLLab                  |:heavy_check_mark:|O|O|O|:heavy_check_mark:|
+| can recent activity on Log                       |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|O|

UPDATING.md

@@ -24,6 +24,41 @@ assists people when migrating to a new version.
 
 ## Next
 
+### Example Data Loading Improvements
+
+#### New Directory Structure
+Examples are now organized by name with data and configs co-located:
+```
+superset/examples/
+├── _shared/              # Shared database & metadata configs
+├── birth_names/          # Each example is self-contained
+│   ├── data.parquet     # Dataset (Parquet format)
+│   ├── dataset.yaml     # Dataset metadata
+│   ├── dashboard.yaml   # Dashboard config (optional)
+│   └── charts/          # Chart configs (optional)
+└── ...
+```
+
+#### Simplified Parquet-based Loading
+- Auto-discovery: create `superset/examples/my_dataset/data.parquet` to add a new example
+- Parquet is an Apache project format: compressed (~27% smaller), self-describing schema
+- YAML configs define datasets, charts, and dashboards declaratively
+- Removed Python-based data generation from individual example files
+
+#### Test Data Reorganization
+- Moved `big_data.py` to `superset/cli/test_loaders.py` - better reflects its purpose as a test utility
+- Fixed inverted logic for `--load-test-data` flag (now correctly includes .test.yaml files when flag is set)
+- Clarified CLI flags:
+  - `--force` / `-f`: Force reload even if tables exist
+  - `--only-metadata` / `-m`: Create table metadata without loading data
+  - `--load-test-data` / `-t`: Include test dashboards and .test.yaml configs
+  - `--load-big-data` / `-b`: Generate synthetic stress-test data
+
+#### Bug Fixes
+- Fixed numpy array serialization for PostgreSQL (converts complex types to JSON strings)
+- Fixed KeyError for `allow_csv_upload` field in database configs (now optional with default)
+- Fixed test data loading logic that was incorrectly filtering files
+
 ### MCP Service
 
 The MCP (Model Context Protocol) service enables AI assistants and automation tools to interact programmatically with Superset.
@@ -125,8 +160,30 @@ See `superset/mcp_service/PRODUCTION.md` for deployment guides.
 ---
 
 - [35621](https://github.com/apache/superset/pull/35621): The default hash algorithm has changed from MD5 to SHA-256 for improved security and FedRAMP compliance. This affects cache keys for thumbnails, dashboard digests, chart digests, and filter option names. Existing cached data will be invalidated upon upgrade. To opt out of this change and maintain backward compatibility, set `HASH_ALGORITHM = "md5"` in your `superset_config.py`.
-- [33055](https://github.com/apache/superset/pull/33055): Upgrades Flask-AppBuilder to 5.0.0. The AUTH_OID authentication type has been deprecated and is no longer available as an option in Flask-AppBuilder. OpenID (OID) is considered a deprecated authentication protocol - if you are using AUTH_OID, you will need to migrate to an alternative authentication method such as OAuth, LDAP, or database authentication before upgrading.
 - [35062](https://github.com/apache/superset/pull/35062): Changed the function signature of `setupExtensions` to `setupCodeOverrides` with options as arguments.
+
+### Breaking Changes
+- [36317](https://github.com/apache/superset/pull/36317): The `CUSTOM_FONT_URLS` configuration option has been removed. Use the new per-theme `fontUrls` token in `THEME_DEFAULT` or database-managed themes instead.
+  - **Before:**
+  ```python
+  CUSTOM_FONT_URLS = [
+    "https://fonts.example.com/myfont.css",
+  ]
+  ```
+  - **After:**
+  ```python
+  THEME_DEFAULT = {
+    "token": {
+      "fontUrls": [
+        "https://fonts.example.com/myfont.css",
+        ],
+        # ... other tokens  
+    }
+  }
+  ```
+
+## 6.0.0
+- [33055](https://github.com/apache/superset/pull/33055): Upgrades Flask-AppBuilder to 5.0.0. The AUTH_OID authentication type has been deprecated and is no longer available as an option in Flask-AppBuilder. OpenID (OID) is considered a deprecated authentication protocol - if you are using AUTH_OID, you will need to migrate to an alternative authentication method such as OAuth, LDAP, or database authentication before upgrading.
 - [34871](https://github.com/apache/superset/pull/34871): Fixed Jest test hanging issue from Ant Design v5 upgrade. MessageChannel is now mocked in test environment to prevent rc-overflow from causing Jest to hang. Test environment only - no production impact.
 - [34782](https://github.com/apache/superset/pull/34782): Dataset exports now include the dataset ID in their file name (similar to charts and dashboards). If managing assets as code, make sure to rename existing dataset YAMLs to include the ID (and avoid duplicated files).
 - [34536](https://github.com/apache/superset/pull/34536): The `ENVIRONMENT_TAG_CONFIG` color values have changed to support only Ant Design semantic colors. Update your `superset_config.py`:
@@ -143,35 +200,10 @@ Note: Pillow is now a required dependency (previously optional) to support image
 - [33116](https://github.com/apache/superset/pull/33116) In Echarts Series charts (e.g. Line, Area, Bar, etc.) charts, the `x_axis_sort_series` and `x_axis_sort_series_ascending` form data items have been renamed with `x_axis_sort` and `x_axis_sort_asc`.
   There's a migration added that can potentially affect a significant number of existing charts.
 - [32317](https://github.com/apache/superset/pull/32317) The horizontal filter bar feature is now out of testing/beta development and its feature flag `HORIZONTAL_FILTER_BAR` has been removed.
-- [31590](https://github.com/apache/superset/pull/31590) Marks the beginning of intricate work around supporting dynamic Theming, and breaks support for [THEME_OVERRIDES](https://github.com/apache/superset/blob/732de4ac7fae88e29b7f123b6cbb2d7cd411b0e4/superset/config.py#L671) in favor of a new theming system based on AntD V5. Likely this will be in disrepair until settling over the 5.x lifecycle.
+- [31590](https://github.com/apache/superset/pull/31590) Marks the begining of intricate work around supporting dynamic Theming, and breaks support for [THEME_OVERRIDES](https://github.com/apache/superset/blob/732de4ac7fae88e29b7f123b6cbb2d7cd411b0e4/superset/config.py#L671) in favor of a new theming system based on AntD V5. Likely this will be in disrepair until settling over the 5.x lifecycle.
 - [32432](https://github.com/apache/superset/pull/31260) Moves the List Roles FAB view to the frontend and requires `FAB_ADD_SECURITY_API` to be enabled in the configuration and `superset init` to be executed.
 - [34319](https://github.com/apache/superset/pull/34319) Drill to Detail and Drill By is now supported in Embedded mode, and also with the `DASHBOARD_RBAC` FF. If you don't want to expose these features in Embedded / `DASHBOARD_RBAC`, make sure the roles used for Embedded / `DASHBOARD_RBAC`don't have the required permissions to perform D2D actions.
 
-### Breaking Changes
-
-#### CUSTOM_FONT_URLS removed
-
-The `CUSTOM_FONT_URLS` configuration option has been removed. Use the new per-theme `fontUrls` token in `THEME_DEFAULT` or database-managed themes instead.
-
-**Before (5.x):**
-```python
-CUSTOM_FONT_URLS = [
-    "https://fonts.example.com/myfont.css",
-]
-```
-
-**After (6.0):**
-```python
-THEME_DEFAULT = {
-    "token": {
-        "fontUrls": [
-            "https://fonts.example.com/myfont.css",
-        ],
-        # ... other tokens
-    }
-}
-```
-
 ## 5.0.0
 
 - [31976](https://github.com/apache/superset/pull/31976) Removed the `DISABLE_LEGACY_DATASOURCE_EDITOR` feature flag. The previous value of the feature flag was `True` and now the feature is permanently removed.

docker-compose-light.yml

@@ -77,7 +77,6 @@ x-common-build: &common-build
     INCLUDE_CHROMIUM: ${INCLUDE_CHROMIUM:-false}
     INCLUDE_FIREFOX: ${INCLUDE_FIREFOX:-false}
     BUILD_TRANSLATIONS: ${BUILD_TRANSLATIONS:-false}
-    LOAD_EXAMPLES_DUCKDB: ${LOAD_EXAMPLES_DUCKDB:-true}
 
 services:
   db-light:
@@ -116,7 +115,6 @@ services:
       DATABASE_HOST: db-light
       DATABASE_DB: superset_light
       POSTGRES_DB: superset_light
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
       SUPERSET_CONFIG_PATH: /app/docker/pythonpath_dev/superset_config_docker_light.py
       GITHUB_HEAD_REF: ${GITHUB_HEAD_REF:-}
       GITHUB_SHA: ${GITHUB_SHA:-}
@@ -139,7 +137,6 @@ services:
       DATABASE_HOST: db-light
       DATABASE_DB: superset_light
       POSTGRES_DB: superset_light
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
       SUPERSET_CONFIG_PATH: /app/docker/pythonpath_dev/superset_config_docker_light.py
     healthcheck:
       disable: true
@@ -196,7 +193,6 @@ services:
       DATABASE_DB: test
       POSTGRES_DB: test
       SUPERSET__SQLALCHEMY_DATABASE_URI: postgresql+psycopg2://superset:superset@db-light:5432/test
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
       SUPERSET_CONFIG: superset_test_config_light
       PYTHONPATH: /app/pythonpath:/app/docker/pythonpath_dev:/app
 

docker-compose.yml

@@ -44,7 +44,6 @@ x-common-build: &common-build
     INCLUDE_CHROMIUM: ${INCLUDE_CHROMIUM:-false}
     INCLUDE_FIREFOX: ${INCLUDE_FIREFOX:-false}
     BUILD_TRANSLATIONS: ${BUILD_TRANSLATIONS:-false}
-    LOAD_EXAMPLES_DUCKDB: ${LOAD_EXAMPLES_DUCKDB:-true}
 
 services:
   nginx:
@@ -54,10 +53,9 @@ services:
       - path: docker/.env-local # optional override
         required: false
     image: nginx:latest
-    container_name: superset_nginx
     restart: unless-stopped
     ports:
-      - "80:80"
+      - "${NGINX_PORT:-80}:80"
     extra_hosts:
       - "host.docker.internal:host-gateway"
     volumes:
@@ -66,10 +64,9 @@ services:
 
   redis:
     image: redis:7
-    container_name: superset_cache
     restart: unless-stopped
     ports:
-      - "127.0.0.1:6379:6379"
+      - "127.0.0.1:${REDIS_PORT:-6379}:6379"
     volumes:
       - redis:/data
 
@@ -80,10 +77,9 @@ services:
       - path: docker/.env-local # optional override
         required: false
     image: postgres:16
-    container_name: superset_db
     restart: unless-stopped
     ports:
-      - "127.0.0.1:5432:5432"
+      - "127.0.0.1:${DATABASE_PORT:-5432}:5432"
     volumes:
       - db_home:/var/lib/postgresql/data
       - ./docker/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
@@ -96,13 +92,12 @@ services:
         required: false
     build:
       <<: *common-build
-    container_name: superset_app
     command: ["/app/docker/docker-bootstrap.sh", "app"]
     restart: unless-stopped
     ports:
-      - 8088:8088
+      - ${SUPERSET_PORT:-8088}:8088
       # When in cypress-mode ->
-      - 8081:8081
+      - ${CYPRESS_PORT:-8081}:8081
     extra_hosts:
       - "host.docker.internal:host-gateway"
     user: *superset-user
@@ -110,14 +105,11 @@ services:
       superset-init:
         condition: service_completed_successfully
     volumes: *superset-volumes
-    environment:
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
 
   superset-websocket:
-    container_name: superset_websocket
     build: ./superset-websocket
     ports:
-      - 8080:8080
+      - ${WEBSOCKET_PORT:-8080}:8080
     extra_hosts:
       - "host.docker.internal:host-gateway"
     depends_on:
@@ -149,7 +141,6 @@ services:
   superset-init:
     build:
       <<: *common-build
-    container_name: superset_init
     command: ["/app/docker/docker-init.sh"]
     env_file:
       - path: docker/.env # default
@@ -163,8 +154,6 @@ services:
         condition: service_started
     user: *superset-user
     volumes: *superset-volumes
-    environment:
-      SUPERSET__SQLALCHEMY_EXAMPLES_URI: "duckdb:////app/data/examples.duckdb"
     healthcheck:
       disable: true
 
@@ -186,9 +175,10 @@ services:
       SCARF_ANALYTICS: "${SCARF_ANALYTICS:-}"
       # configuring the dev-server to use the host.docker.internal to connect to the backend
       superset: "http://superset:8088"
+      # Bind to all interfaces so Docker port mapping works
+      WEBPACK_DEVSERVER_HOST: "0.0.0.0"
     ports:
-      - "127.0.0.1:9000:9000"  # exposing the dynamic webpack dev server
-    container_name: superset_node
+      - "127.0.0.1:${NODE_PORT:-9000}:9000"  # exposing the dynamic webpack dev server
     command: ["/app/docker/docker-frontend.sh"]
     env_file:
       - path: docker/.env # default
@@ -200,7 +190,6 @@ services:
   superset-worker:
     build:
       <<: *common-build
-    container_name: superset_worker
     command: ["/app/docker/docker-bootstrap.sh", "worker"]
     env_file:
       - path: docker/.env # default
@@ -226,7 +215,6 @@ services:
   superset-worker-beat:
     build:
       <<: *common-build
-    container_name: superset_worker_beat
     command: ["/app/docker/docker-bootstrap.sh", "beat"]
     env_file:
       - path: docker/.env # default
@@ -244,7 +232,6 @@ services:
   superset-tests-worker:
     build:
       <<: *common-build
-    container_name: superset_tests_worker
     command: ["/app/docker/docker-bootstrap.sh", "worker"]
     env_file:
       - path: docker/.env # default

docker/.env

@@ -21,6 +21,15 @@ PYTHONUNBUFFERED=1
 COMPOSE_PROJECT_NAME=superset
 DEV_MODE=true
 
+# Port configuration (override in .env-local for multiple instances)
+# NGINX_PORT=80
+# SUPERSET_PORT=8088
+# NODE_PORT=9000
+# WEBSOCKET_PORT=8080
+# CYPRESS_PORT=8081
+# DATABASE_PORT=5432
+# REDIS_PORT=6379
+
 # database configurations (do not modify)
 DATABASE_DB=superset
 DATABASE_HOST=db

docker/.env-local.example

@@ -0,0 +1,39 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# -----------------------------------------------------------------------
+# Example .env-local file for running multiple Superset instances
+# Copy this file to .env-local and customize for your setup
+# -----------------------------------------------------------------------
+
+# Unique project name prevents container/volume conflicts between clones
+# Each clone should have a different name (e.g., superset-pr123, superset-feature-x)
+COMPOSE_PROJECT_NAME=superset-dev2
+
+# Port offsets for running multiple instances simultaneously
+# Instance 1 (default): 80, 8088, 9000, 8080, 8081, 5432, 6379
+# Instance 2 example:   81, 8089, 9001, 8082, 8083, 5433, 6380
+NGINX_PORT=81
+SUPERSET_PORT=8089
+NODE_PORT=9001
+WEBSOCKET_PORT=8082
+CYPRESS_PORT=8083
+DATABASE_PORT=5433
+REDIS_PORT=6380
+
+# For verbose logging during development:
+# SUPERSET_LOG_LEVEL=debug

docker/README.md

@@ -77,6 +77,34 @@ To run the container, simply run: `docker compose up`
 After waiting several minutes for Superset initialization to finish, you can open a browser and view [`http://localhost:8088`](http://localhost:8088)
 to start your journey.
 
+### Running Multiple Instances
+
+If you need to run multiple Superset instances simultaneously (e.g., different branches or clones), use the make targets which automatically find available ports:
+
+```bash
+make up
+```
+
+This automatically:
+- Generates a unique project name from your directory
+- Finds available ports (incrementing from defaults if in use)
+- Displays the assigned URLs before starting
+
+Available commands (run from repo root):
+
+| Command | Description |
+|---------|-------------|
+| `make up` | Start services (foreground) |
+| `make up-detached` | Start services (background) |
+| `make down` | Stop all services |
+| `make ps` | Show running containers |
+| `make logs` | Follow container logs |
+| `make nuke` | Stop, remove volumes & local images |
+
+From a subdirectory, use: `make -C $(git rev-parse --show-toplevel) up`
+
+**Important**: Always use these commands instead of plain `docker compose down`, which won't know the correct project name.
+
 ## Developing
 
 While running, the container server will reload on modification of the Superset Python and JavaScript source code.

docs/.gitignore

@@ -26,3 +26,10 @@ docs/intro.md
 
 # Generated badge images (downloaded at build time by remark-localize-badges plugin)
 static/badges/
+
+# Generated database documentation MDX files (regenerated at build time)
+# Source of truth is in superset/db_engine_specs/*.py metadata attributes
+docs/databases/
+
+# Note: src/data/databases.json is COMMITTED (not ignored) to preserve feature diagnostics
+# that require Flask context to generate. Update it locally with: npm run gen-db-docs

docs/DOCS_CLAUDE.md

@@ -416,7 +416,7 @@ If versions don't appear in dropdown:
 
 - [Docusaurus Documentation](https://docusaurus.io/docs)
 - [MDX Documentation](https://mdxjs.com/)
-- [Superset Contributing Guide](../CONTRIBUTING.md)
+- [Superset Developer Portal](https://superset.apache.org/developer_portal/)
 - [Main Superset Documentation](https://superset.apache.org/docs/intro)
 
 ## 📖 Real Examples and Patterns

docs/README.md

@@ -18,9 +18,9 @@ under the License.
 -->
 
 This is the public documentation site for Superset, built using
-[Docusaurus 3](https://docusaurus.io/). See
-[CONTRIBUTING.md](../CONTRIBUTING.md#documentation) for documentation on
-contributing to documentation.
+[Docusaurus 3](https://docusaurus.io/). See the
+[Developer Portal](https://superset.apache.org/developer_portal/contributing/development-setup#documentation)
+for documentation on contributing to documentation.
 
 ## Version Management
 

docs/developer_portal/contributing/development-setup.md

@@ -139,6 +139,41 @@ docker volume rm superset_db_home
 docker-compose up
 ```
 
+### Running multiple instances
+
+If you need to run multiple Superset clones simultaneously (e.g., testing different branches),
+use `make up` instead of `docker compose up`:
+
+```bash
+make up
+```
+
+This automatically:
+- Generates a unique project name from your directory name
+- Finds available ports (incrementing from 8088, 9000, etc. if already in use)
+- Displays the assigned URLs before starting
+
+Each clone gets isolated containers and volumes, so you can run them side-by-side without conflicts.
+
+Available commands (run from repo root):
+
+| Command | Description |
+|---------|-------------|
+| `make up` | Start services (foreground) |
+| `make up-detached` | Start services (background) |
+| `make down` | Stop all services |
+| `make ps` | Show running containers |
+| `make logs` | Follow container logs |
+| `make ports` | Show assigned URLs and ports |
+| `make open` | Open browser to dev server |
+| `make nuke` | Stop, remove volumes & local images |
+
+From a subdirectory, use: `make -C $(git rev-parse --show-toplevel) up`
+
+:::warning
+Always use these commands instead of plain `docker compose down`, which won't know the correct project name for your instance.
+:::
+
 ## GitHub Codespaces (Cloud Development)
 
 GitHub Codespaces provides a complete, pre-configured development environment in the cloud. This is ideal for:
@@ -618,7 +653,7 @@ export enum FeatureFlag {
 those specified under FEATURE_FLAGS in `superset_config.py`. For example, `DEFAULT_FEATURE_FLAGS = { 'FOO': True, 'BAR': False }` in `superset/config.py` and `FEATURE_FLAGS = { 'BAR': True, 'BAZ': True }` in `superset_config.py` will result
 in combined feature flags of `{ 'FOO': True, 'BAR': True, 'BAZ': True }`.
 
-The current status of the usability of each flag (stable vs testing, etc) can be found in `RESOURCES/FEATURE_FLAGS.md`.
+The current status of the usability of each flag (stable vs testing, etc) can be found in the [Feature Flags](/docs/configuration/feature-flags) documentation.
 
 ## Git Hooks
 

docs/developer_portal/contributing/howtos.md

@@ -342,26 +342,79 @@ ruff check --fix .
 
 Pre-commit hooks run automatically on `git commit` if installed.
 
-### TypeScript
+### TypeScript / JavaScript
 
-We use ESLint and Prettier for TypeScript:
+We use a hybrid linting approach combining OXC (Oxidation Compiler) for standard rules and a custom AST-based checker for Superset-specific patterns.
+
+#### Quick Commands
 
 ```bash
 cd superset-frontend
 
-# Run eslint checks
+# Run both OXC and custom rules
+npm run lint:full
+
+# Run OXC linter only (faster for most checks)
 npm run lint
 
+# Fix auto-fixable issues with OXC
+npm run lint-fix
+
+# Run custom rules checker only
+npm run check:custom-rules
+
 # Run tsc (typescript) checks
 npm run type
 
-# Fix lint issues
-npm run lint-fix
-
 # Format with Prettier
 npm run prettier
 ```
 
+#### Architecture
+
+The linting system consists of two components:
+
+1. **OXC Linter** (`oxlint`) - A Rust-based linter that's 50-100x faster than ESLint
+   - Handles all standard JavaScript/TypeScript rules
+   - Configured via `oxlint.json`
+   - Runs via `npm run lint` or `npm run lint-fix`
+
+2. **Custom Rules Checker** - A Node.js AST-based checker for Superset-specific patterns
+   - Enforces no literal colors (use theme colors)
+   - Prevents FontAwesome usage (use @superset-ui/core Icons)
+   - Validates i18n template usage (no template variables)
+   - Runs via `npm run check:custom-rules`
+
+#### Why This Approach?
+
+- **50-100x faster linting** compared to ESLint for standard rules via OXC
+- **Apache-compatible** - No custom binaries, ASF-friendly
+- **Maintainable** - Custom rules in JavaScript, not Rust
+- **Flexible** - Can evolve as OXC adds plugin support
+
+#### Troubleshooting
+
+**"Plugin 'basic-custom-plugin' not found" Error**
+
+Ensure you're using the explicit config:
+```bash
+npx oxlint --config oxlint.json
+```
+
+**Custom Rules Not Running**
+
+Verify the AST parsing dependencies are installed:
+```bash
+npm ls @babel/parser @babel/traverse glob
+```
+
+#### Adding New Custom Rules
+
+1. Edit `scripts/check-custom-rules.js`
+2. Add a new check function following the AST visitor pattern
+3. Call the function in `processFile()`
+4. Test with `npm run check:custom-rules`
+
 ## GitHub Ephemeral Environments
 
 For every PR, an ephemeral environment is automatically deployed for testing.

docs/developer_portal/extensions/admin-configuration.md

@@ -0,0 +1,248 @@
+---
+title: Administrator Configuration
+sidebar_position: 12
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+# Extension Administrator Configuration
+
+This guide covers how to configure extension security for production deployments. As an administrator, you control which extensions can run and at what trust level.
+
+## Trust Configuration
+
+Configure extension trust in `superset_config.py`:
+
+```python
+EXTENSIONS_TRUST_CONFIG = {
+    # Extensions that can run with full privileges ('core' trust level)
+    "trusted_extensions": [
+        "official-parquet-export",
+        "enterprise-sso-plugin",
+    ],
+
+    # Allow any extension to run as 'core' without signature verification
+    # WARNING: NEVER enable in production - development use only!
+    "allow_unsigned_core": False,
+
+    # Default sandbox for extensions without explicit trust configuration
+    # Options: 'core', 'iframe', 'worker', 'wasm'
+    "default_trust_level": "iframe",
+
+    # Require valid signatures for extensions requesting 'core' trust
+    # Recommended for production deployments
+    "require_core_signatures": True,
+
+    # Public keys for verified publishers (file paths or PEM strings)
+    "trusted_signers": [
+        "/etc/superset/keys/apache-official.pub",
+        "/etc/superset/keys/enterprise-team.pub",
+    ],
+}
+```
+
+## Configuration Options
+
+### `trusted_extensions`
+
+A list of extension IDs that are allowed to run as `core` trust level without signature verification. Use this for extensions you've reviewed and trust completely.
+
+```python
+"trusted_extensions": [
+    "my-company-plugin",
+    "approved-community-extension",
+],
+```
+
+### `allow_unsigned_core`
+
+When `True`, allows any extension to run as `core` trust level regardless of signatures or trusted list. **Never enable this in production** - it's intended only for development environments.
+
+```python
+# Development only!
+"allow_unsigned_core": True,
+```
+
+### `default_trust_level`
+
+The trust level assigned to extensions that don't specify one in their manifest. The safest option is `iframe`, which provides browser-enforced isolation.
+
+| Level | Description |
+|-------|-------------|
+| `iframe` | Browser-sandboxed iframe with controlled API access (recommended default) |
+| `worker` | Web Worker sandbox for command-only extensions |
+| `wasm` | WASM sandbox with no DOM access (most restrictive) |
+| `core` | Full access to main context (not recommended as default) |
+
+```python
+"default_trust_level": "iframe",
+```
+
+### `require_core_signatures`
+
+When `True`, extensions requesting `core` trust level must have a valid signature from a trusted signer. Extensions without valid signatures are downgraded to `default_trust_level`.
+
+```python
+"require_core_signatures": True,
+```
+
+### `trusted_signers`
+
+A list of public keys authorized to sign extensions. Keys can be specified as file paths or inline PEM strings.
+
+```python
+"trusted_signers": [
+    # File path to public key
+    "/etc/superset/keys/publisher.pub",
+
+    # Inline PEM string
+    """-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEA...
+-----END PUBLIC KEY-----""",
+],
+```
+
+## Signature Verification
+
+### How It Works
+
+1. Extension developers generate a signing keypair using the CLI
+2. They sign their extension's manifest during the build process
+3. The signed bundle includes `manifest.sig` alongside `manifest.json`
+4. When Superset loads the extension, it verifies the signature against `trusted_signers`
+5. If verification passes, the extension can run at its requested trust level
+
+### Configuring Trusted Signers
+
+1. Obtain the publisher's public key file (`.pub` extension)
+2. Place it in a secure location on your server (e.g., `/etc/superset/keys/`)
+3. Add the path to `trusted_signers` in your configuration
+
+```python
+EXTENSIONS_TRUST_CONFIG = {
+    "trusted_signers": [
+        "/etc/superset/keys/acme-corp.pub",
+    ],
+    "require_core_signatures": True,
+}
+```
+
+### Verifying a Key Fingerprint
+
+Before adding a public key to your trusted signers, verify its fingerprint with the publisher:
+
+```bash
+# On the publisher's machine
+superset-extensions generate-keys --output my-key.pem
+# Output: Fingerprint: MCowBQYDK2Vw...
+```
+
+Compare this fingerprint with what you receive to ensure authenticity.
+
+## Security Recommendations
+
+### Production Deployments
+
+1. **Set `require_core_signatures: True`** - Ensures core extensions are verified
+2. **Set `allow_unsigned_core: False`** - Never allow unsigned core extensions
+3. **Use `iframe` as default** - Provides strong browser isolation
+4. **Limit `trusted_extensions`** - Only add extensions you've thoroughly reviewed
+5. **Secure key storage** - Store public keys in protected directories
+
+### Development Environments
+
+For local development, you may relax some restrictions:
+
+```python
+# Development configuration
+EXTENSIONS_TRUST_CONFIG = {
+    "trusted_extensions": [],
+    "allow_unsigned_core": True,  # OK for development
+    "default_trust_level": "core",  # Easier debugging
+    "require_core_signatures": False,
+    "trusted_signers": [],
+}
+```
+
+## Extension Installation
+
+### From Trusted Sources
+
+1. Download the `.supx` bundle from a trusted source
+2. Verify any checksums or signatures provided by the publisher
+3. Place the bundle in your `EXTENSIONS_PATH` directory
+4. If the extension requires `core` trust, add it to `trusted_extensions` or configure signature verification
+
+### From Community Registry
+
+Extensions from the community registry should be treated as semi-trusted at best. Consider:
+
+1. Using `iframe` sandbox for community extensions
+2. Reviewing the extension's source code before installation
+3. Testing in a staging environment first
+
+## Monitoring Extensions
+
+### Logging
+
+Extension trust decisions are logged at the INFO level:
+
+```
+INFO: Extension my-extension granted core trust (trusted + valid signature)
+WARNING: Extension unknown-ext trust downgraded from core to iframe: Extension not in trusted list
+```
+
+Review these logs to monitor extension behavior and identify potential issues.
+
+### Trust Downgrades
+
+If an extension's trust is downgraded, you'll see a warning in the logs. Common reasons:
+
+| Reason | Meaning |
+|--------|---------|
+| "Extension not in trusted list" | Extension requests core but isn't in `trusted_extensions` |
+| "Core trust requires a valid signature" | `require_core_signatures` is enabled but signature is missing |
+| "Signature verification failed" | Signature doesn't match any trusted signer |
+
+## Troubleshooting
+
+### Extension Not Loading as Core
+
+1. Check if the extension ID is in `trusted_extensions`
+2. If using signatures, verify the public key is in `trusted_signers`
+3. Check logs for trust downgrade messages
+4. Verify the extension bundle contains `manifest.sig`
+
+### Signature Verification Failing
+
+1. Ensure the public key file is readable by the Superset process
+2. Verify the key is in PEM format with correct Ed25519 type
+3. Check that the manifest wasn't modified after signing
+4. Confirm the signature was created with the matching private key
+
+### Permission Denied Errors
+
+Sandboxed extensions may encounter permission errors if:
+
+1. The extension's declared permissions don't match its API calls
+2. The sandbox is blocking access correctly (working as intended)
+3. The extension was downgraded to a more restrictive sandbox
+
+Check the extension's `sandbox.permissions` configuration against its actual needs.

docs/developer_portal/extensions/architecture.md

@@ -138,19 +138,6 @@ The diagram shows:
 3. **The host application** implements the APIs and manages extensions
 4. **Extensions** integrate seamlessly with the host through well-defined interfaces
 
-### Extension Dependencies
-
-Extensions can depend on any combination of packages based on their needs. For example:
-
-**Frontend-only extension** (e.g., a custom chart type):
-- Depends on `@apache-superset/core` for UI components and React APIs
-
-**Full-stack extension** (e.g., a custom SQL editor with new API endpoints):
-- Depends on `@apache-superset/core` for frontend components
-- Depends on `apache-superset-core` for backend APIs and models
-
-This modular approach allows extension authors to choose exactly what they need while promoting consistency and reusability.
-
 ## Dynamic Module Loading
 
 One of the most sophisticated aspects of the extension architecture is how frontend code is dynamically loaded at runtime using Webpack's Module Federation.
@@ -215,7 +202,6 @@ import {
   authentication,
   core,
   commands,
-  environment,
   extensions,
   sqlLab,
 } from 'src/extensions';
@@ -226,7 +212,6 @@ export default function setupExtensionsAPI() {
     authentication,
     core,
     commands,
-    environment,
     extensions,
     sqlLab,
   };
@@ -248,6 +233,7 @@ This architecture provides several key benefits:
 
 Now that you understand the architecture, explore:
 
+- **[Dependencies](./dependencies)** - Managing dependencies and understanding API stability
 - **[Quick Start](./quick-start)** - Build your first extension
 - **[Contribution Types](./contribution-types)** - What kinds of extensions you can build
 - **[Development](./development)** - Project structure, APIs, and development workflow

docs/developer_portal/extensions/contribution-types.md

@@ -1,6 +1,6 @@
 ---
 title: Contribution Types
-sidebar_position: 4
+sidebar_position: 5
 ---
 
 <!--

docs/developer_portal/extensions/dependencies.md

@@ -0,0 +1,166 @@
+---
+title: Dependencies
+sidebar_position: 4
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+# Dependencies
+
+This guide explains how to manage dependencies in your Superset extensions, including the difference between public APIs and internal code, and best practices for maintaining stable extensions.
+
+## Core Packages vs Internal Code
+
+Extensions run in the same context as Superset during runtime. This means extension developers can technically import any module from the Superset codebase, not just the public APIs. Understanding the distinction between public and internal code is critical for building maintainable extensions.
+
+### Public APIs (Stable)
+
+The core packages follow [semantic versioning](https://semver.org/) and provide stable, documented APIs:
+
+| Package | Language | Description |
+|---------|----------|-------------|
+| `@apache-superset/core` | JavaScript/TypeScript | Frontend APIs, UI components, hooks, and utilities |
+| `apache-superset-core` | Python | Backend APIs, models, DAOs, and utilities |
+
+**Benefits of using core packages:**
+
+- **Semantic versioning**: Breaking changes are communicated through version numbers
+- **Documentation**: APIs are documented with clear usage examples
+- **Stability commitment**: We strive to maintain backward compatibility
+- **Type safety**: Full TypeScript and Python type definitions
+
+### Internal Code (Unstable)
+
+Any code that is not exported through the core packages is considered internal. This includes:
+
+- Direct imports from `superset-frontend/src/` modules
+- Direct imports from `superset/` Python modules (outside of `superset_core`)
+- Undocumented functions, classes, or utilities
+
+:::warning Use at Your Own Risk
+Internal code can change at any time without notice. If you depend on internal modules, your extension may break when Superset is upgraded. There is no guarantee of backward compatibility for internal code.
+:::
+
+**Example of internal vs public imports:**
+
+```typescript
+// ✅ Public API - stable
+import { Button, sqlLab } from '@apache-superset/core';
+
+// ❌ Internal code - may break without notice
+import { someInternalFunction } from 'src/explore/components/SomeComponent';
+```
+
+```python
+# ✅ Public API - stable
+from superset_core.api.models import Database
+from superset_core.api.daos import DatabaseDAO
+
+# ❌ Internal code - may break without notice
+from superset.views.core import SomeInternalClass
+```
+
+## API Evolution
+
+The core packages are still evolving. While we follow semantic versioning, the APIs may change as we add new extension points and refine existing ones based on community feedback.
+
+**What this means for extension developers:**
+
+- Check the release notes when upgrading Superset
+- Test your extensions against new Superset versions before deploying
+- Participate in discussions about API changes to influence the direction
+- In some cases, using internal dependencies may be acceptable while the public API is being developed for your use case
+
+### When Internal Dependencies May Be Acceptable
+
+While public APIs are always preferred, there are situations where using internal code may be reasonable:
+
+1. **Missing functionality**: The public API doesn't yet expose what you need
+2. **Prototype/experimental extensions**: You're exploring capabilities before committing to a stable implementation
+3. **Bridge period**: You need functionality that's planned for the public API but not yet released
+
+In these cases, document your internal dependencies clearly and plan to migrate to public APIs when they become available.
+
+## Core Library Dependencies
+
+An important architectural principle of the Superset extension system is that **we do not provide abstractions on top of core dependencies** like React (frontend) or SQLAlchemy (backend).
+
+### Why We Don't Abstract Core Libraries
+
+Abstracting libraries like React or SQLAlchemy would:
+
+- Create maintenance overhead keeping abstractions in sync with upstream
+- Limit access to the full power of these libraries
+- Add unnecessary abstraction layers
+- Fragment the ecosystem with Superset-specific variants
+
+### Depending on Core Libraries Directly
+
+Extension developers should depend on and use core libraries directly:
+
+**Frontend (examples):**
+- [React](https://react.dev/) - UI framework
+- [Ant Design](https://ant.design/) - UI component library (prefer Superset components from `@apache-superset/core/ui` when available to preserve visual consistency)
+- [Emotion](https://emotion.sh/) - CSS-in-JS styling
+- ...
+
+**Backend (examples):**
+- [SQLAlchemy](https://www.sqlalchemy.org/) - Database toolkit
+- [Flask](https://flask.palletsprojects.com/) - Web framework
+- [Flask-AppBuilder](https://flask-appbuilder.readthedocs.io/) - Application framework
+- ...
+
+:::info Version Compatibility
+When Superset upgrades its core dependencies (e.g., a new major version of Ant Design or SQLAlchemy), extension developers should upgrade their extensions accordingly. This ensures compatibility and access to the latest features and security fixes.
+:::
+
+## API Versioning and Changelog
+
+Once the extensions API reaches **v1**, we will maintain a dedicated `CHANGELOG.md` file to track all changes to the public APIs. This will include:
+
+- New APIs and features
+- Deprecation notices
+- Breaking changes with migration guides
+- Bug fixes affecting API behavior
+
+Until then, monitor the Superset release notes and test your extensions with each new release.
+
+## Best Practices
+
+### Do
+
+- **Prefer public APIs**: Always check if functionality exists in `@apache-superset/core` or `apache-superset-core` before using internal code
+- **Pin versions**: Specify compatible Superset versions in your extension metadata
+- **Test upgrades**: Verify your extension works with new Superset releases before deploying
+- **Report missing APIs**: If you need functionality not in the public API, open a GitHub issue to request it
+- **Use core libraries directly**: Leverage Ant Design, SQLAlchemy, and other core libraries directly
+
+### Don't
+
+- **Assume stability of internal code**: Internal modules can change or be removed in any release
+- **Depend on implementation details**: Even if something works, it may not be supported
+- **Skip upgrade testing**: Always test your extension against new Superset versions
+- **Expect abstractions**: Use core dependencies directly rather than expecting Superset-specific abstractions
+
+## Next Steps
+
+- **[Architecture](./architecture)** - Understand the extension system design
+- **[Development](./development)** - Learn about APIs and development workflow
+- **[Quick Start](./quick-start)** - Build your first extension

docs/developer_portal/extensions/deployment.md

@@ -1,6 +1,6 @@
 ---
 title: Deployment
-sidebar_position: 6
+sidebar_position: 7
 ---
 
 <!--

docs/developer_portal/extensions/development.md

@@ -1,6 +1,6 @@
 ---
 title: Development
-sidebar_position: 5
+sidebar_position: 6
 ---
 
 <!--
@@ -130,10 +130,6 @@ export const getDatabases: () => Database[];
 
 export const getTabs: () => Tab[];
 
-export const onDidChangeEditorContent: Event<string>;
-
-export const onDidClosePanel: Event<Panel>;
-
 export const onDidChangeActivePanel: Event<Panel>;
 
 export const onDidChangeTabTitle: Event<string>;

docs/developer_portal/extensions/mcp.md

@@ -1,7 +1,7 @@
 ---
 title: MCP Integration
 hide_title: true
-sidebar_position: 7
+sidebar_position: 8
 version: 1
 ---
 

docs/developer_portal/extensions/overview.md

@@ -45,6 +45,7 @@ Extensions can provide:
 
 - **[Quick Start](./quick-start)** - Build your first extension with a complete walkthrough
 - **[Architecture](./architecture)** - Design principles and system overview
+- **[Dependencies](./dependencies)** - Managing dependencies and understanding API stability
 - **[Contribution Types](./contribution-types)** - Available extension points
 - **[Development](./development)** - Project structure, APIs, and development workflow
 - **[Deployment](./deployment)** - Packaging and deploying extensions

docs/developer_portal/extensions/registry.md

@@ -1,6 +1,6 @@
 ---
 title: Community Extensions
-sidebar_position: 9
+sidebar_position: 10
 ---
 
 <!--
@@ -28,10 +28,17 @@ This page serves as a registry of community-created Superset extensions. These e
 
 ## Extensions
 
-| Name                                                                                                      | Description                                                                                                                                                                                                                                         | Author            | Preview                                                                                                                                                 |
-| --------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [Extensions API Explorer](https://github.com/michael-s-molina/superset-extensions/tree/main/api_explorer) | A SQL Lab panel that demonstrates the Extensions API by providing an interactive explorer for testing commands like getTabs, getCurrentTab, and getDatabases. Useful for extension developers to understand and experiment with the available APIs. | Michael S. Molina | <a href="/img/extensions/api_explorer.png" target="_blank"><img src="/img/extensions/api_explorer.png" alt="Extensions API Explorer" width="120" /></a> |
-| [SQL Query Flow Visualizer](https://github.com/msyavuz/superset-sql-visualizer) | A SQL Lab panel that transforms SQL queries into interactive flow diagrams, helping developers and analysts understand query execution paths and data relationships.| Mehmet Salih Yavuz | <a href="/img/extensions/sql_flow_visualizer.png" target="_blank"><img src="/img/extensions/sql_flow_visualizer.png" alt="SQL Flow Visualizer" width="120" /></a> |
+| Name                                                                                                                | Description                                                                                                                                                                                                                                         | Author             | Preview                                                                                                                                                             |
+| ------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [Extensions API Explorer](https://github.com/michael-s-molina/superset-extensions/tree/main/api_explorer)           | A SQL Lab panel that demonstrates the Extensions API by providing an interactive explorer for testing commands like getTabs, getCurrentTab, and getDatabases. Useful for extension developers to understand and experiment with the available APIs. | Michael S. Molina  | <a href="/img/extensions/api-explorer.png" target="_blank"><img src="/img/extensions/api-explorer.png" alt="Extensions API Explorer" width="120" /></a>             |
+| [SQL Query Flow Visualizer](https://github.com/msyavuz/superset-sql-visualizer)                                     | A SQL Lab panel that transforms SQL queries into interactive flow diagrams, helping developers and analysts understand query execution paths and data relationships.                                                                                | Mehmet Salih Yavuz | <a href="/img/extensions/sql-flow-visualizer.png" target="_blank"><img src="/img/extensions/sql-flow-visualizer.png" alt="SQL Flow Visualizer" width="120" /></a>   |
+| [SQL Lab Export to Google Sheets](https://github.com/michael-s-molina/superset-extensions/tree/main/sqllab_gsheets) | A Superset extension that allows users to export SQL Lab query results directly to Google Sheets.                                                                                                                                                   | Michael S. Molina  | <a href="/img/extensions/gsheets-export.png" target="_blank"><img src="/img/extensions/gsheets-export.png" alt="SQL Lab Export to Google Sheets" width="120" /></a> |
+| [SQL Lab Export to Parquet](https://github.com/rusackas/superset-extensions/tree/main/sqllab_parquet)               | Export SQL Lab query results directly to Apache Parquet format with Snappy compression.                                                                                                                                                             | Evan Rusackas      | <a href="/img/extensions/parquet-export.png" target="_blank"><img src="/img/extensions/parquet-export.png" alt="SQL Lab Export to Parquet" width="120" /></a>       |
+| [SQL Lab Query Comparison](https://github.com/michael-s-molina/superset-extensions/tree/main/query_comparison)      | A SQL Lab extension that enables side-by-side comparison of query results across different tabs, with GitHub-style diff visualization showing added/removed rows and columns.                                                                       | Michael S. Molina  | <a href="/img/extensions/query-comparison.png" target="_blank"><img src="/img/extensions/query-comparison.png" alt="Query Comparison" width="120" /></a>            |
+| [SQL Lab Result Stats](https://github.com/michael-s-molina/superset-extensions/tree/main/result_stats)              | A SQL Lab extension that automatically computes statistics for query results, providing type-aware analysis including numeric metrics (min, max, mean, median, std dev), string analysis (length, empty counts), and date range information.        | Michael S. Molina  | <a href="/img/extensions/result-stats.png" target="_blank"><img src="/img/extensions/result-stats.png" alt="Result Stats" width="120" /></a>                        |
+| [SQL Snippets](https://github.com/michael-s-molina/superset-extensions/tree/main/sql_snippets)                      | A SQL Lab extension that provides reusable SQL code snippets, enabling quick insertion of commonly used code blocks such as license headers, author information, and frequently used SQL patterns.                                                  | Michael S. Molina  | <a href="/img/extensions/sql-snippets.png" target="_blank"><img src="/img/extensions/sql-snippets.png" alt="SQL Snippets" width="120" /></a>                        |
+| [SQL Lab Query Estimator](https://github.com/michael-s-molina/superset-extensions/tree/main/query_estimator)        | A SQL Lab panel that analyzes query execution plans to estimate resource impact, detect performance issues like Cartesian products and high-cost operations, and visualize the query plan tree.                                                     | Michael S. Molina  | <a href="/img/extensions/query-estimator.png" target="_blank"><img src="/img/extensions/query-estimator.png" alt="Query Estimator" width="120" /></a>               |
+
 ## How to Add Your Extension
 
 To add your extension to this registry, submit a pull request to the [Apache Superset repository](https://github.com/apache/superset) with the following changes:

docs/developer_portal/extensions/sandbox.md

@@ -0,0 +1,416 @@
+---
+title: Extension Sandboxing
+sidebar_position: 10
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+# Extension Sandboxing
+
+Superset provides a tiered sandbox architecture for running extensions with varying levels of trust and isolation. This system balances security with functionality, allowing extensions to be safely executed based on their trust level and requirements.
+
+## Overview
+
+The sandbox system supports three tiers of trust:
+
+| Tier | Trust Level | Isolation | Use Case |
+|------|-------------|-----------|----------|
+| **Tier 1** | `core` | None (main context) | Official/signed extensions |
+| **Tier 2** | `iframe` | Browser sandbox | Community UI extensions |
+| **Tier 3** | `wasm` | WASM sandbox | Logic-only extensions |
+
+## Trust Levels
+
+### Tier 1: Core (Trusted)
+
+Core extensions run in the main JavaScript context with full access to Superset APIs, DOM, and browser capabilities. This is the same behavior as legacy extensions.
+
+**Requirements:**
+- Must be in the trusted extensions list, OR
+- `allowUnsignedCore` configuration must be enabled
+
+**Use cases:**
+- Official Apache Superset extensions
+- Enterprise-verified plugins
+- Extensions from trusted sources
+
+```json
+{
+  "id": "official-extension",
+  "sandbox": {
+    "trustLevel": "core",
+    "requiresSignature": true
+  }
+}
+```
+
+### Tier 2: Iframe (Semi-Trusted)
+
+Iframe-sandboxed extensions run in isolated browser sandboxes with controlled API access via postMessage. This provides strong browser-enforced isolation while still allowing full UI rendering.
+
+**Security features:**
+- Browser-enforced same-origin isolation
+- Content Security Policy (CSP) restrictions
+- Permission-based API access
+- No access to parent window's cookies, localStorage, or DOM
+
+**Use cases:**
+- Community-contributed extensions
+- Third-party plugins
+- Extensions that render custom UI
+
+```json
+{
+  "id": "community-extension",
+  "sandbox": {
+    "trustLevel": "iframe",
+    "permissions": ["sqllab:read", "notification:show"],
+    "csp": {
+      "connectSrc": ["https://api.example.com"]
+    }
+  }
+}
+```
+
+### Tier 3: WASM (Untrusted)
+
+WASM-sandboxed extensions run in a QuickJS WebAssembly sandbox with no DOM access. Only explicitly injected APIs are available. This provides the highest level of isolation.
+
+**Security features:**
+- Complete isolation from browser APIs
+- Memory limits to prevent DoS
+- Execution time limits
+- No network or DOM access
+
+**Use cases:**
+- Custom data transformations
+- Calculated fields and formatters
+- Data validation rules
+- Custom aggregation functions
+
+```json
+{
+  "id": "formatter-extension",
+  "sandbox": {
+    "trustLevel": "wasm",
+    "resourceLimits": {
+      "maxMemory": 10485760,
+      "maxExecutionTime": 5000
+    }
+  }
+}
+```
+
+## Permissions
+
+Sandboxed extensions (Tier 2 and 3) must declare the permissions they need. Permissions follow a least-privilege model.
+
+### Available Permissions
+
+| Permission | Description |
+|------------|-------------|
+| `api:read` | Read-only access to Superset APIs |
+| `api:write` | Write access to Superset APIs |
+| `sqllab:read` | Read SQL Lab state (queries, results) |
+| `sqllab:execute` | Execute SQL queries |
+| `dashboard:read` | Read dashboard data |
+| `dashboard:write` | Modify dashboards |
+| `chart:read` | Read chart data |
+| `chart:write` | Modify charts |
+| `user:read` | Read current user info |
+| `notification:show` | Show notifications to user |
+| `modal:open` | Open modal dialogs |
+| `navigation:redirect` | Navigate to other pages |
+| `clipboard:write` | Write to clipboard |
+| `download:file` | Trigger file downloads |
+
+### Example Permission Declaration
+
+```json
+{
+  "sandbox": {
+    "trustLevel": "iframe",
+    "permissions": [
+      "sqllab:read",
+      "notification:show",
+      "download:file"
+    ]
+  }
+}
+```
+
+## Sandboxed Extension API
+
+Extensions running in iframe sandboxes have access to a controlled API through the `window.superset` object.
+
+### SQL Lab API
+
+```typescript
+// Get the current SQL Lab tab (requires sqllab:read)
+const tab = await window.superset.sqlLab.getCurrentTab();
+
+// Get query results (requires sqllab:read)
+const results = await window.superset.sqlLab.getQueryResults(queryId);
+```
+
+### Dashboard API
+
+```typescript
+// Get dashboard context (requires dashboard:read)
+const context = await window.superset.dashboard.getContext();
+
+// Get dashboard filters (requires dashboard:read)
+const filters = await window.superset.dashboard.getFilters();
+```
+
+### Chart API
+
+```typescript
+// Get chart data (requires chart:read)
+const chartData = await window.superset.chart.getData(chartId);
+```
+
+### User API
+
+```typescript
+// Get current user (requires user:read)
+const user = await window.superset.user.getCurrentUser();
+```
+
+### UI API
+
+```typescript
+// Show notification (requires notification:show)
+window.superset.ui.showNotification('Success!', 'success');
+
+// Open modal (requires modal:open)
+const result = await window.superset.ui.openModal({
+  title: 'Confirm',
+  content: 'Are you sure?',
+  type: 'confirm'
+});
+
+// Navigate (requires navigation:redirect)
+window.superset.ui.navigateTo('/dashboard/1');
+```
+
+### Utility API
+
+```typescript
+// Copy to clipboard (requires clipboard:write)
+await window.superset.utils.copyToClipboard('text');
+
+// Download file (requires download:file)
+window.superset.utils.downloadFile(blob, 'filename.csv');
+
+// Get CSRF token (no permission required)
+const token = await window.superset.utils.getCSRFToken();
+```
+
+### Event Subscriptions
+
+```typescript
+// Subscribe to events
+const unsubscribe = window.superset.on('dashboard:filterChange', (filters) => {
+  console.log('Filters changed:', filters);
+});
+
+// Later, unsubscribe
+unsubscribe();
+```
+
+## Content Security Policy
+
+Iframe-sandboxed extensions can customize their Content Security Policy through the `csp` configuration:
+
+```json
+{
+  "sandbox": {
+    "trustLevel": "iframe",
+    "csp": {
+      "defaultSrc": ["'none'"],
+      "scriptSrc": ["'unsafe-inline'"],
+      "styleSrc": ["'unsafe-inline'"],
+      "imgSrc": ["data:", "blob:", "https://cdn.example.com"],
+      "connectSrc": ["https://api.example.com"],
+      "fontSrc": ["data:"]
+    }
+  }
+}
+```
+
+### Default CSP
+
+By default, iframe sandboxes use a restrictive CSP:
+
+```
+default-src 'none';
+script-src 'unsafe-inline';
+style-src 'unsafe-inline';
+img-src data: blob:;
+font-src data:;
+connect-src 'none';
+frame-src 'none';
+```
+
+## WASM Resource Limits
+
+WASM-sandboxed extensions can configure resource limits:
+
+```json
+{
+  "sandbox": {
+    "trustLevel": "wasm",
+    "resourceLimits": {
+      "maxMemory": 10485760,      // 10MB max memory
+      "maxExecutionTime": 5000,   // 5 second timeout
+      "maxStackSize": 1000        // Max call stack depth
+    }
+  }
+}
+```
+
+### Defaults
+
+- **maxMemory**: 10MB
+- **maxExecutionTime**: 5000ms (5 seconds)
+- **maxStackSize**: 1000 calls
+
+## Migration Guide
+
+### Migrating from Legacy Extensions
+
+Existing extensions that don't specify a `sandbox` configuration will continue to run as `core` extensions for backward compatibility. To migrate to a sandboxed model:
+
+1. **Assess your extension's requirements**:
+   - Does it need to render UI? Use `iframe`
+   - Is it logic-only (formatters, validators)? Use `wasm`
+   - Does it need full access? Keep as `core` (requires trust)
+
+2. **Add sandbox configuration to extension.json**:
+
+```json
+{
+  "sandbox": {
+    "trustLevel": "iframe",
+    "permissions": ["sqllab:read"]
+  }
+}
+```
+
+3. **Update your code to use the sandboxed API**:
+
+Before (core extension):
+```typescript
+import { sqlLab } from '@apache-superset/core';
+const tab = sqlLab.getCurrentTab();
+```
+
+After (sandboxed extension):
+```typescript
+const tab = await window.superset.sqlLab.getCurrentTab();
+```
+
+4. **Test thoroughly** to ensure all functionality works within the sandbox
+
+## Security Comparison
+
+| Aspect | Core | Iframe | WASM |
+|--------|------|--------|------|
+| DOM Access | Full | Own iframe only | None |
+| Network | Full | Restricted (CSP) | None |
+| Cookies | Full | None | None |
+| localStorage | Full | None | None |
+| Superset APIs | Full | Controlled bridge | Injected only |
+| Performance | Native | Near-native | ~40% slower |
+| React rendering | Full | Own instance | Via descriptors |
+
+## Administrator Configuration
+
+Administrators can configure trust settings for their Superset deployment:
+
+```python
+# In superset_config.py
+EXTENSIONS_TRUST_CONFIG = {
+    # Extensions allowed to run as 'core'
+    "trusted_extensions": [
+        "official-extension-1",
+        "enterprise-plugin",
+    ],
+
+    # Allow unsigned extensions to run as core (not recommended for production)
+    "allow_unsigned_core": False,
+
+    # Default trust level for extensions without sandbox config
+    "default_trust_level": "iframe",
+}
+```
+
+## Best Practices
+
+1. **Request minimal permissions** - Only request the permissions your extension actually needs
+
+2. **Prefer iframe over core** - Unless your extension requires deep integration, use iframe sandboxing
+
+3. **Use WASM for pure logic** - If your extension doesn't need UI, WASM provides the best isolation
+
+4. **Handle permission denials gracefully** - Your extension should degrade gracefully if a permission is not granted
+
+5. **Don't store sensitive data** - Sandboxed extensions should not store sensitive user data
+
+6. **Test in sandboxed mode** - Always test your extension in its intended sandbox environment
+
+## Troubleshooting
+
+### Permission Denied Errors
+
+If you see "Permission denied" errors, verify that:
+1. The permission is declared in your extension.json
+2. The permission was granted by the administrator
+3. You're calling the correct API method for that permission
+
+### Timeout Errors (WASM)
+
+If your WASM extension times out:
+1. Optimize your code for faster execution
+2. Request a higher `maxExecutionTime` limit
+3. Break large operations into smaller chunks
+
+### CSP Violations (Iframe)
+
+If resources fail to load due to CSP:
+1. Add the required domains to your CSP configuration
+2. Ensure you're using HTTPS for external resources
+3. Avoid inline scripts and styles where possible
+
+### Core Trust Denied
+
+If your extension is downgraded from `core` to another trust level:
+1. Check if the extension ID is in the administrator's `trusted_extensions` list
+2. If signature verification is required, ensure the extension is signed
+3. Verify the signing key is in the administrator's `trusted_signers`
+
+See [Extension Signing](./signing) for how to sign your extension.
+
+## Related Documentation
+
+- [Security Overview](./security) - Extension security fundamentals
+- [Extension Signing](./signing) - How to sign extensions for core trust
+- [Administrator Configuration](./admin-configuration) - Trust configuration for admins

docs/developer_portal/extensions/security.md

@@ -1,6 +1,6 @@
 ---
 title: Security
-sidebar_position: 8
+sidebar_position: 9
 ---
 
 <!--
@@ -26,9 +26,44 @@ under the License.
 
 By default, extensions are disabled and must be explicitly enabled by setting the `ENABLE_EXTENSIONS` feature flag. Built-in extensions are included as part of the Superset codebase and are held to the same security standards and review processes as the rest of the application.
 
-For external extensions, administrators are responsible for evaluating and verifying the security of any extensions they choose to install, just as they would when installing third-party NPM or PyPI packages. At this stage, all extensions run in the same context as the host application, without additional sandboxing. This means that external extensions can impact the security and performance of a Superset environment in the same way as any other installed dependency.
+## Extension Sandboxing
 
-We plan to introduce an optional sandboxed execution model for extensions in the future (as part of an additional SIP). Until then, administrators should exercise caution and follow best practices when selecting and deploying third-party extensions. A directory of community extensions is available in the [Community Extensions](./registry) page. Note that these extensions are not vetted by the Apache Superset project—administrators must evaluate each extension before installation.
+Superset provides a tiered sandbox architecture for running extensions with varying levels of trust and isolation. Extensions can declare their trust level and permissions in their manifest, and Superset will load them in the appropriate sandbox:
+
+- **Core (Tier 1)**: Trusted extensions run in the main context with full access
+- **Iframe (Tier 2)**: Semi-trusted extensions run in browser-sandboxed iframes
+- **WASM (Tier 3)**: Untrusted logic runs in WebAssembly sandboxes
+
+For detailed information about the sandbox system, see [Extension Sandboxing](./sandbox).
+
+## Trust Model
+
+Administrators are responsible for evaluating and verifying the security of any extensions they choose to install. Superset's sandbox system provides defense-in-depth:
+
+1. **Core extensions** require explicit trust configuration and optionally signature verification
+2. **Iframe-sandboxed extensions** are isolated by the browser's same-origin policy
+3. **WASM-sandboxed extensions** have no access to browser APIs
+
+A directory of community extensions is available in the [Community Extensions](./registry) page. Note that these extensions are not vetted by the Apache Superset project—administrators must evaluate each extension before installation.
+
+## Extension Signing
+
+Extensions can be cryptographically signed to verify their authenticity and integrity. This is required for extensions that need `core` trust level in production environments with signature verification enabled.
+
+- **Developers**: See [Extension Signing](./signing) to learn how to sign your extensions
+- **Administrators**: See [Administrator Configuration](./admin-configuration) to configure trusted signers
+
+## Administrator Configuration
+
+Superset provides extensive configuration options for controlling extension trust levels, signature verification, and security policies. Key settings include:
+
+- **Trusted extensions list**: Extensions allowed to run as `core`
+- **Signature verification**: Require valid signatures for core trust
+- **Default trust level**: Sandbox level for unlisted extensions
+
+For complete configuration details, see [Administrator Configuration](./admin-configuration).
+
+## Security Reporting
 
 **Any performance or security vulnerabilities introduced by external extensions should be reported directly to the extension author, not as Superset vulnerabilities.**
 

docs/developer_portal/extensions/signing.md

@@ -0,0 +1,236 @@
+---
+title: Extension Signing
+sidebar_position: 11
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+# Extension Signing
+
+Signing your extension allows administrators to verify its authenticity and integrity. Signed extensions can run as `core` trust level in production environments where signature verification is required.
+
+## Why Sign Extensions?
+
+- **Trust**: Administrators can verify your extension comes from a known source
+- **Integrity**: Ensures the extension hasn't been modified since you signed it
+- **Core Access**: Required for extensions needing `core` trust level in secured deployments
+- **Distribution**: Makes your extension suitable for enterprise environments
+
+## Generating Signing Keys
+
+Generate a new Ed25519 keypair for signing your extensions:
+
+```bash
+superset-extensions generate-keys --output my-signing-key.pem
+```
+
+This creates two files:
+
+| File | Purpose | Share? |
+|------|---------|--------|
+| `my-signing-key.pem` | Private key for signing | **Never share!** |
+| `my-signing-key.pub` | Public key for verification | Share with administrators |
+
+**Output example:**
+
+```
+✅ Private key: my-signing-key.pem
+✅ Public key:  my-signing-key.pub
+   Fingerprint: MCowBQYDK2Vw...
+
+⚠️  Keep the private key secure! Only share the public key with administrators.
+
+Usage:
+  Sign an extension:  superset-extensions bundle --sign my-signing-key.pem
+  Share with admins:  my-signing-key.pub
+```
+
+## Signing an Extension
+
+### During Bundle
+
+The easiest way to sign is during the bundle step:
+
+```bash
+superset-extensions bundle --sign my-signing-key.pem
+```
+
+This builds, signs the manifest, and creates the `.supx` bundle in one command.
+
+**Output:**
+
+```
+✅ Full build completed in dist/
+✅ Manifest signed
+✅ Bundle created (signed): my-extension-1.0.0.supx
+```
+
+### Signing Existing Manifest
+
+To sign an already-built manifest:
+
+```bash
+superset-extensions sign --key my-signing-key.pem --manifest dist/manifest.json
+```
+
+This creates `dist/manifest.sig` containing the signature.
+
+## Bundle Structure
+
+A signed extension bundle contains:
+
+```
+my-extension-1.0.0.supx
+├── manifest.json       # Extension manifest
+├── manifest.sig        # Ed25519 signature (base64-encoded)
+├── frontend/dist/      # Frontend assets
+└── backend/src/        # Backend code (if applicable)
+```
+
+The signature file (`manifest.sig`) contains a base64-encoded Ed25519 signature of the manifest content.
+
+## Distributing Your Public Key
+
+Share your public key (`.pub` file) with administrators who want to trust your extensions:
+
+1. **Direct sharing**: Send the `.pub` file via secure channels
+2. **Documentation**: Include in your extension's README
+3. **Website**: Host on your organization's website with HTTPS
+
+Administrators will add your public key to their `EXTENSIONS_TRUST_CONFIG.trusted_signers` configuration.
+
+### Key Fingerprint
+
+The fingerprint helps administrators verify they have the correct key. Include it in your documentation:
+
+```
+Public Key Fingerprint: MCowBQYDK2Vw...
+```
+
+Administrators should verify this fingerprint matches when adding your key.
+
+## Security Best Practices
+
+### Protect Your Private Key
+
+- **Never commit** private keys to version control
+- **Use secure storage** like hardware security modules (HSM) for production keys
+- **Limit access** to the private key to authorized personnel only
+- **Back up securely** in case of key loss
+
+### Key Rotation
+
+Consider rotating keys periodically:
+
+1. Generate a new keypair
+2. Notify administrators of the new public key
+3. Sign new releases with the new key
+4. Keep the old key available for verifying existing releases
+
+### Multiple Keys
+
+For organizations, consider separate keys for:
+
+- Development/testing releases
+- Production releases
+- Different product teams
+
+## Requesting Core Trust
+
+If your extension needs `core` trust level:
+
+1. **Sign your extension** using the process above
+2. **Document your public key** with fingerprint
+3. **Explain why core is needed** in your extension documentation
+4. **Provide your public key** to administrators
+
+Administrators will then:
+1. Add your public key to `trusted_signers`
+2. Enable `require_core_signatures: True`
+3. Your signed extension can now run as `core`
+
+## Verification Process
+
+When Superset loads your extension:
+
+1. Reads `manifest.json` and `manifest.sig` from the bundle
+2. Checks if the extension requests `core` trust level
+3. If `require_core_signatures` is enabled, verifies the signature
+4. Checks the signature against all keys in `trusted_signers`
+5. If verification passes, grants the requested trust level
+6. If verification fails, downgrades to `default_trust_level`
+
+## Troubleshooting
+
+### "Signature verification failed"
+
+- Ensure you're using the matching private key for the public key given to admins
+- Verify the manifest wasn't modified after signing
+- Check that the `.sig` file was included in the bundle
+
+### "Private key must be Ed25519"
+
+- The signing system only supports Ed25519 keys
+- Generate a new key using `superset-extensions generate-keys`
+
+### Administrator Reports Invalid Signature
+
+- Verify the public key file wasn't corrupted during transfer
+- Confirm the fingerprint matches between your key and theirs
+- Re-sign the extension and redistribute
+
+## Technical Details
+
+### Signature Algorithm
+
+Extensions use **Ed25519** signatures:
+
+- Fast signature generation and verification
+- Small signature size (64 bytes)
+- Strong security guarantees
+- Deterministic signatures (same input always produces same output)
+
+### Signature Format
+
+The `manifest.sig` file contains:
+
+```
+<base64-encoded Ed25519 signature>
+```
+
+The signature is computed over the raw bytes of `manifest.json`.
+
+### Key Format
+
+Keys are stored in PEM format:
+
+**Private key:**
+```
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEI...
+-----END PRIVATE KEY-----
+```
+
+**Public key:**
+```
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEA...
+-----END PUBLIC KEY-----
+```

docs/developer_portal/guidelines/frontend-style-guidelines.md

@@ -43,8 +43,9 @@ This is a list of statements that describe how we do frontend development in Sup
 - We organize our repo so similar files live near each other, and tests are co-located with the files they test.
   - See: [SIP-61](https://github.com/apache/superset/issues/12098)
 - We prefer small, easily testable files and components.
-- We use ESLint and Prettier to automatically fix lint errors and format the code.
+- We use OXC (oxlint) and Prettier to automatically fix lint errors and format the code.
   - We do not debate code formatting style in PRs, instead relying on automated tooling to enforce it.
   - If there's not a linting rule, we don't have a rule!
+  - See: [Linting How-Tos](../contributing/howtos#typescript--javascript)
 - We use [React Storybook](https://storybook.js.org/) and [Applitools](https://applitools.com/) to help preview/test and stabilize our components
   - A public Storybook with components from the `master` branch is available [here](https://apache-superset.github.io/superset-ui/?path=/story/*)

docs/developer_portal/index.md

@@ -86,7 +86,6 @@ Everything you need to contribute to the Apache Superset project. This section i
 - **[Configuration Guide](https://superset.apache.org/docs/configuration/configuring-superset)** - Setup and configuration
 
 ### Important Files
-- **[CONTRIBUTING.md](https://github.com/apache/superset/blob/master/CONTRIBUTING.md)** - Contribution guidelines
 - **[CLAUDE.md](https://github.com/apache/superset/blob/master/CLAUDE.md)** - LLM development guide
 - **[UPDATING.md](https://github.com/apache/superset/blob/master/UPDATING.md)** - Breaking changes log
 

docs/developer_portal/sidebars.js

@@ -36,6 +36,7 @@ module.exports = {
         'extensions/overview',
         'extensions/quick-start',
         'extensions/architecture',
+        'extensions/dependencies',
         'extensions/contribution-types',
         {
           type: 'category',
@@ -48,7 +49,17 @@ module.exports = {
         'extensions/development',
         'extensions/deployment',
         'extensions/mcp',
-        'extensions/security',
+        {
+          type: 'category',
+          label: 'Security',
+          collapsed: true,
+          items: [
+            'extensions/security',
+            'extensions/sandbox',
+            'extensions/signing',
+            'extensions/admin-configuration',
+          ],
+        },
         'extensions/registry',
       ],
     },

docs/developer_portal/testing/e2e-testing.md

@@ -24,57 +24,204 @@ under the License.
 
 # End-to-End Testing
 
-🚧 **Coming Soon** 🚧
+Apache Superset uses Playwright for end-to-end testing, migrating from the legacy Cypress tests.
 
-Guide for writing and running end-to-end tests using Playwright and Cypress.
-
-## Topics to be covered:
+## Running Tests
 
 ### Playwright (Recommended)
-- Setting up Playwright environment
-- Writing reliable E2E tests
-- Page Object Model pattern
-- Handling async operations
-- Cross-browser testing
-- Visual regression testing
-- Debugging with Playwright Inspector
-- CI/CD integration
 
-### Cypress (Deprecated)
-- Legacy Cypress test maintenance
-- Migration to Playwright
-- Running existing Cypress tests
-
-## Quick Commands
-
-### Playwright
 ```bash
-# Run all Playwright tests
-npm run playwright:test
+cd superset-frontend
 
-# Run in headed mode (see browser)
-npm run playwright:headed
+# Run all tests
+npm run playwright:test
+# or: npx playwright test
 
 # Run specific test file
 npx playwright test tests/auth/login.spec.ts
 
-# Debug specific test
-npm run playwright:debug tests/auth/login.spec.ts
-
-# Open Playwright UI
+# Run with UI mode for debugging
 npm run playwright:ui
+# or: npx playwright test --ui
+
+# Run in headed mode (see browser)
+npm run playwright:headed
+# or: npx playwright test --headed
+
+# Debug specific test file
+npm run playwright:debug tests/auth/login.spec.ts
+# or: npx playwright test --debug tests/auth/login.spec.ts
 ```
 
 ### Cypress (Deprecated)
-```bash
-# Run Cypress tests
-cd superset-frontend/cypress-base
-npm run cypress-run-chrome
 
-# Open Cypress UI
-npm run cypress-debug
+Cypress tests are being migrated to Playwright. For legacy tests:
+
+```bash
+cd superset-frontend/cypress-base
+npm run cypress-run-chrome    # Headless
+npm run cypress-debug         # Interactive UI
 ```
 
----
+## Project Architecture
 
-*This documentation is under active development. Check back soon for updates!*
+```
+superset-frontend/playwright/
+├── components/core/     # Reusable UI components
+├── pages/              # Page Object Models
+├── tests/              # Test files organized by feature
+├── utils/              # Shared constants and utilities
+└── playwright.config.ts
+```
+
+## Design Principles
+
+We follow **YAGNI** (You Aren't Gonna Need It), **DRY** (Don't Repeat Yourself), and **KISS** (Keep It Simple, Stupid) principles:
+
+- Build only what's needed now
+- Reuse existing patterns and components
+- Keep solutions simple and maintainable
+
+## Page Object Pattern
+
+Each page object encapsulates:
+
+- **Actions**: What you can do on the page
+- **Queries**: Information you can get from the page
+- **Selectors**: Centralized in private static SELECTORS constant
+- **NO Assertions**: Keep assertions in test files
+
+**Example Page Object:**
+
+```typescript
+export class AuthPage {
+  // Selectors centralized in the page object
+  private static readonly SELECTORS = {
+    LOGIN_FORM: '[data-test="login-form"]',
+    USERNAME_INPUT: '[data-test="username-input"]',
+  } as const;
+
+  // Actions - what you can do
+  async loginWithCredentials(username: string, password: string) {}
+
+  // Queries - information you can get
+  async getCurrentUrl(): Promise<string> {}
+
+  // NO assertions - those belong in tests
+}
+```
+
+**Example Test:**
+
+```typescript
+import { test, expect } from '@playwright/test';
+import { AuthPage } from '../../pages/AuthPage';
+import { LOGIN } from '../../utils/urls';
+
+test('should login with correct credentials', async ({ page }) => {
+  const authPage = new AuthPage(page);
+  await authPage.goto();
+  await authPage.loginWithCredentials('admin', 'general');
+
+  // Assertions belong in tests, not page objects
+  expect(await authPage.getCurrentUrl()).not.toContain(LOGIN);
+});
+```
+
+## Core Components
+
+Reusable UI interaction classes for common elements (`components/core/`):
+
+- **Form**: Container with properly scoped child element access
+- **Input**: Supports `fill()`, `type()`, and `pressSequentially()` methods
+- **Button**: Standard click, hover, focus interactions
+
+**Usage Example:**
+
+```typescript
+import { Form } from '../components/core';
+
+const loginForm = new Form(page, '[data-test="login-form"]');
+const usernameInput = loginForm.getInput('[data-test="username-input"]');
+await usernameInput.fill('admin');
+```
+
+## Test Reports
+
+Playwright generates multiple reports for better visibility:
+
+```bash
+# View interactive HTML report (opens automatically on failure)
+npm run playwright:report
+# or: npx playwright show-report
+
+# View test trace for debugging failures
+npx playwright show-trace test-results/[test-name]/trace.zip
+```
+
+### Report Types
+
+- **List Reporter**: Shows progress and summary table in terminal
+- **HTML Report**: Interactive web interface with screenshots, videos, and traces
+- **JSON Report**: Machine-readable format in `test-results/results.json`
+- **GitHub Actions**: Annotations in CI for failed tests
+
+### Debugging Failed Tests
+
+When tests fail, Playwright automatically captures:
+
+- **Screenshots** at the point of failure
+- **Videos** of the entire test run
+- **Traces** with timeline and network activity
+- **Error context** with detailed debugging information
+
+All debugging artifacts are available in the HTML report for easy analysis.
+
+## Configuration
+
+- **Config**: `playwright.config.ts` - matches Cypress settings
+- **Base URL**: `http://localhost:8088` (assumes Superset running)
+- **Browsers**: Chrome only for Phase 1 (YAGNI)
+- **Retries**: 2 in CI, 0 locally (matches Cypress)
+
+## Contributing Guidelines
+
+### Adding New Tests
+
+1. **Check existing components** before creating new ones
+2. **Use page objects** for page interactions
+3. **Keep assertions in tests**, not page objects
+4. **Follow naming conventions**: `feature.spec.ts`
+
+### Adding New Components
+
+1. **Follow YAGNI**: Only build what's immediately needed
+2. **Use Locator-based scoping** for proper element isolation
+3. **Support both string selectors and Locator objects** via constructor overloads
+4. **Add to `components/core/index.ts`** for easy importing
+
+### Adding New Page Objects
+
+1. **Centralize selectors** in private static SELECTORS constant
+2. **Import shared constants** from `utils/urls.ts`
+3. **Actions and queries only** - no assertions
+4. **Use existing components** for DOM interactions
+
+## Migration from Cypress
+
+When porting Cypress tests:
+
+1. **Port the logic**, not the implementation
+2. **Use page objects** instead of inline selectors
+3. **Replace `cy.intercept/cy.wait`** with `page.waitForRequest()`
+4. **Use shared constants** from `utils/urls.ts`
+5. **Follow the established patterns** shown in `tests/auth/login.spec.ts`
+
+## Best Practices
+
+- **Centralize selectors** in page objects
+- **Centralize URLs** in `utils/urls.ts`
+- **Use meaningful test descriptions**
+- **Keep page objects action-focused**
+- **Put assertions in tests, not page objects**
+- **Follow the existing patterns** for consistency

docs/docs/api.mdx

@@ -16,6 +16,11 @@ Superset's public **REST API** follows the
 documented here. The docs below are generated using
 [Swagger React UI](https://www.npmjs.com/package/swagger-ui-react).
 
+:::resources
+- [Blog: The Superset REST API](https://preset.io/blog/2020-10-01-superset-api/)
+- [Blog: Accessing APIs with Superset](https://preset.io/blog/accessing-apis-with-superset/)
+:::
+
 <Alert
   type="info"
   message={

docs/docs/configuration/alerts-reports.mdx

@@ -398,3 +398,8 @@ the user can add the metadata required for scheduling the query.
 This information can then be retrieved from the endpoint `/api/v1/saved_query/` and used to
 schedule the queries that have `schedule_info` in their JSON metadata. For schedulers other than
 Airflow, additional fields can be easily added to the configuration file above.
+
+:::resources
+- [Tutorial: Automated Alerts and Reporting via Slack/Email in Superset](https://dev.to/ngtduc693/apache-superset-topic-5-automated-alerts-and-reporting-via-slackemail-in-superset-2gbe)
+- [Blog: Integrating Slack alerts and Apache Superset for better data observability](https://medium.com/affinityanswers-tech/integrating-slack-alerts-and-apache-superset-for-better-data-observability-fd2f9a12c350)
+:::

docs/docs/configuration/async-queries-celery.mdx

@@ -102,3 +102,7 @@ You can run flower using:
 ```bash
 celery --app=superset.tasks.celery_app:app flower
 ```
+
+:::resources
+- [Blog: How to Set Up Global Async Queries (GAQ) in Apache Superset](https://medium.com/@ngigilevis/how-to-set-up-global-async-queries-gaq-in-apache-superset-a-complete-guide-9d2f4a047559)
+:::

docs/docs/configuration/cache.mdx

@@ -152,3 +152,8 @@ Then on configuration:
 ```
 WEBDRIVER_AUTH_FUNC = auth_driver
 ```
+
+:::resources
+- [Blog: The Data Engineer's Guide to Lightning-Fast Superset Dashboards](https://preset.io/blog/the-data-engineers-guide-to-lightning-fast-apache-superset-dashboards/)
+- [Blog: Accelerating Dashboards with Materialized Views](https://preset.io/blog/accelerating-apache-superset-dashboards-with-materialized-views/)
+:::

docs/docs/configuration/configuring-superset.mdx

@@ -441,4 +441,8 @@ FEATURE_FLAGS = {
 }
 ```
 
-A current list of feature flags can be found in [RESOURCES/FEATURE_FLAGS.md](https://github.com/apache/superset/blob/master/RESOURCES/FEATURE_FLAGS.md).
+A current list of feature flags can be found in the [Feature Flags](/docs/configuration/feature-flags) documentation.
+
+:::resources
+- [Blog: Feature Flags in Apache Superset](https://preset.io/blog/feature-flags-in-apache-superset-and-preset/)
+:::

docs/docs/configuration/feature-flags.mdx

@@ -0,0 +1,107 @@
+---
+title: Feature Flags
+hide_title: true
+sidebar_position: 2
+version: 1
+---
+
+import featureFlags from '@site/static/feature-flags.json';
+
+export const FlagTable = ({flags}) => (
+  <table>
+    <thead>
+      <tr>
+        <th>Flag</th>
+        <th>Default</th>
+        <th>Description</th>
+      </tr>
+    </thead>
+    <tbody>
+      {flags.map((flag) => (
+        <tr key={flag.name}>
+          <td><code>{flag.name}</code></td>
+          <td><code>{flag.default ? 'True' : 'False'}</code></td>
+          <td>
+            {flag.description}
+            {flag.docs && (
+              <> (<a href={flag.docs}>docs</a>)</>
+            )}
+          </td>
+        </tr>
+      ))}
+    </tbody>
+  </table>
+);
+
+# Feature Flags
+
+Superset uses feature flags to control the availability of features. Feature flags allow
+gradual rollout of new functionality and provide a way to enable experimental features.
+
+To enable a feature flag, add it to your `superset_config.py`:
+
+```python
+FEATURE_FLAGS = {
+    "ENABLE_TEMPLATE_PROCESSING": True,
+}
+```
+
+## Lifecycle
+
+Feature flags progress through lifecycle stages:
+
+| Stage | Description |
+|-------|-------------|
+| **Development** | Experimental features under active development. May be incomplete or unstable. |
+| **Testing** | Feature complete but undergoing testing. Usable but may contain bugs. |
+| **Stable** | Production-ready features. Safe for all deployments. |
+| **Deprecated** | Features scheduled for removal. Migrate away from these. |
+
+---
+
+## Development
+
+These features are experimental and under active development. Use only in development environments.
+
+<FlagTable flags={featureFlags.flags.development} />
+
+---
+
+## Testing
+
+These features are complete but still being tested. They are usable but may have bugs.
+
+<FlagTable flags={featureFlags.flags.testing} />
+
+---
+
+## Stable
+
+These features are production-ready and safe to enable.
+
+<FlagTable flags={featureFlags.flags.stable} />
+
+---
+
+## Deprecated
+
+These features are scheduled for removal. Plan to migrate away from them.
+
+<FlagTable flags={featureFlags.flags.deprecated} />
+
+---
+
+## Adding New Feature Flags
+
+When adding a new feature flag to `superset/config.py`, include the following annotations:
+
+```python
+# Description of what the feature does
+# @lifecycle: development | testing | stable | deprecated
+# @docs: https://superset.apache.org/docs/... (optional)
+# @category: runtime_config | path_to_deprecation (optional, for stable flags)
+"MY_NEW_FEATURE": False,
+```
+
+This documentation is auto-generated from the annotations in
+[config.py](https://github.com/apache/superset/blob/master/superset/config.py).

docs/docs/configuration/networking-settings.mdx

@@ -51,8 +51,20 @@ Restart Superset for this configuration change to take effect.
 
 #### Making a Dashboard Public
 
-1. Add the `'DASHBOARD_RBAC': True` [Feature Flag](https://github.com/apache/superset/blob/master/RESOURCES/FEATURE_FLAGS.md) to `superset_config.py`
-2. Add the `Public` role to your dashboard as described [here](https://superset.apache.org/docs/using-superset/creating-your-first-dashboard/#manage-access-to-dashboards)
+There are two approaches to making dashboards publicly accessible:
+
+**Option 1: Dataset-based access (simpler)**
+1. Set `PUBLIC_ROLE_LIKE = "Public"` in `superset_config.py`
+2. Grant the Public role access to the relevant datasets (Menu → Security → List Roles → Public)
+3. All published dashboards using those datasets become visible to anonymous users
+
+**Option 2: Dashboard-level access (selective control)**
+1. Set `PUBLIC_ROLE_LIKE = "Public"` in `superset_config.py`
+2. Add the `'DASHBOARD_RBAC': True` [Feature Flag](/docs/configuration/feature-flags)
+3. Edit each dashboard's properties and add the "Public" role
+4. Only dashboards with the Public role explicitly assigned are visible to anonymous users
+
+See the [Public role documentation](/docs/security/security#public) for more details.
 
 #### Embedding a Public Dashboard
 

docs/docs/configuration/sql-templating.mdx

@@ -590,3 +590,7 @@ Loads a string as a `datetime` object. This is useful when performing date opera
    do something else
 {% endif %}
 ```
+
+:::resources
+- [Blog: Intro to Jinja Templating in Apache Superset](https://preset.io/blog/intro-jinja-templating-apache-superset/)
+:::

docs/docs/configuration/theming.mdx

@@ -395,3 +395,11 @@ For programmatic theme management, Superset provides REST endpoints:
 - `POST /api/v1/theme/import/` - Import themes from YAML
 
 These endpoints require appropriate permissions and are subject to RBAC controls.
+
+:::resources
+- [Video: Live Demo — Theming Apache Superset](https://www.youtube.com/watch?v=XsZAsO9tC3o)
+- [CSS and Theming](https://docs.preset.io/docs/css-and-theming) - Additional theming techniques and CSS customization
+- [Blog: Customizing Apache Superset Dashboards with CSS](https://preset.io/blog/customizing-superset-dashboards-with-css/)
+- [Blog: Customizing Dashboards with CSS — Tips and Tricks](https://preset.io/blog/customizing-apache-superset-dashboards-with-css-additional-tips-and-tricks/)
+- [Blog: Customizing Chart Colors](https://preset.io/blog/customizing-chart-colors-with-superset-and-preset/)
+:::

docs/docs/configuration/timezones.mdx

@@ -20,7 +20,7 @@ To help make the problem somewhat tractable—given that Apache Superset has no
 
 To strive for data consistency (regardless of the timezone of the client) the Apache Superset backend tries to ensure that any timestamp sent to the client has an explicit (or semi-explicit as in the case with [Epoch time](https://en.wikipedia.org/wiki/Unix_time) which is always in reference to UTC) timezone encoded within.
 
-The challenge however lies with the slew of [database engines](/docs/configuration/databases#installing-drivers-in-docker-images) which Apache Superset supports and various inconsistencies between their [Python Database API (DB-API)](https://www.python.org/dev/peps/pep-0249/) implementations combined with the fact that we use [Pandas](https://pandas.pydata.org/) to read SQL into a DataFrame prior to serializing to JSON. Regrettably Pandas ignores the DB-API [type_code](https://www.python.org/dev/peps/pep-0249/#type-objects) relying by default on the underlying Python type returned by the DB-API. Currently only a subset of the supported database engines work correctly with Pandas, i.e., ensuring timestamps without an explicit timestamp are serializd to JSON with the server timezone, thus guaranteeing the client will display timestamps in a consistent manner irrespective of the client's timezone.
+The challenge however lies with the slew of [database engines](/docs/databases#installing-drivers-in-docker) which Apache Superset supports and various inconsistencies between their [Python Database API (DB-API)](https://www.python.org/dev/peps/pep-0249/) implementations combined with the fact that we use [Pandas](https://pandas.pydata.org/) to read SQL into a DataFrame prior to serializing to JSON. Regrettably Pandas ignores the DB-API [type_code](https://www.python.org/dev/peps/pep-0249/#type-objects) relying by default on the underlying Python type returned by the DB-API. Currently only a subset of the supported database engines work correctly with Pandas, i.e., ensuring timestamps without an explicit timestamp are serializd to JSON with the server timezone, thus guaranteeing the client will display timestamps in a consistent manner irrespective of the client's timezone.
 
 For example the following is a comparison of MySQL and Presto,
 

docs/docs/contributing/contributing.mdx

@@ -136,3 +136,7 @@ Security team members should also follow these general expectations:
 - Actively participate in assessing, discussing, fixing, and releasing security issues in Superset.
 - Avoid discussing security fixes in public forums. Pull request (PR) descriptions should not contain any information about security issues. The corresponding JIRA ticket should contain a link to the PR.
 - Security team members who contribute to a fix may be listed as remediation developers in the CVE report, along with their job affiliation (if they choose to include it).
+
+:::resources
+- [Blog: Comprehensive Tutorial for Contributing Code to Apache Superset](https://preset.io/blog/tutorial-contributing-code-to-apache-superset/)
+:::

docs/docs/contributing/development.mdx

@@ -282,13 +282,13 @@ curl -f http://localhost:8088/health && echo "✅ Superset ready"
 ### LLM Session Best Practices
 - Always validate environment setup first using the health checks above
 - Use focused validation commands: `pre-commit run` (not `--all-files`)
-- **Read [LLMS.md](https://github.com/apache/superset/blob/master/LLMS.md) first** - Contains comprehensive development guidelines, coding standards, and critical refactor information
+- **Read [AGENTS.md](https://github.com/apache/superset/blob/master/AGENTS.md) first** - Contains comprehensive development guidelines, coding standards, and critical refactor information
 - **Check platform-specific files** when available:
   - `CLAUDE.md` - For Claude/Anthropic tools
   - `CURSOR.md` - For Cursor editor
   - `GEMINI.md` - For Google Gemini tools
   - `GPT.md` - For OpenAI/ChatGPT tools
-- Follow the TypeScript migration guidelines and avoid deprecated patterns listed in LLMS.md
+- Follow the TypeScript migration guidelines and avoid deprecated patterns listed in AGENTS.md
 
 ### Key Development Commands
 ```bash
@@ -306,7 +306,7 @@ pytest tests/unit_tests/specific_test.py  # Run single test file
 pytest tests/unit_tests/  # Run all tests in directory
 ```
 
-For detailed development context, environment setup, and coding guidelines, see [LLMS.md](https://github.com/apache/superset/blob/master/LLMS.md).
+For detailed development context, environment setup, and coding guidelines, see [AGENTS.md](https://github.com/apache/superset/blob/master/AGENTS.md).
 
 ## Alternatives to `docker compose`
 
@@ -350,6 +350,12 @@ superset init
 # Note: you MUST have previously created an admin user with the username `admin` for this command to work.
 superset load-examples
 
+# The load-examples command supports various options:
+# --force / -f          Force reload data even if tables exist
+# --only-metadata / -m  Only create table metadata without loading data (fast setup)
+# --load-test-data / -t Load additional test dashboards and datasets
+# --load-big-data / -b  Generate synthetic data for stress testing (wide tables, many tables)
+
 # Start the Flask dev web server from inside your virtualenv.
 # Note that your page may not have CSS at this point.
 # See instructions below on how to build the front-end assets.
@@ -599,7 +605,7 @@ export enum FeatureFlag {
 those specified under FEATURE_FLAGS in `superset_config.py`. For example, `DEFAULT_FEATURE_FLAGS = { 'FOO': True, 'BAR': False }` in `superset/config.py` and `FEATURE_FLAGS = { 'BAR': True, 'BAZ': True }` in `superset_config.py` will result
 in combined feature flags of `{ 'FOO': True, 'BAR': True, 'BAZ': True }`.
 
-The current status of the usability of each flag (stable vs testing, etc) can be found in `RESOURCES/FEATURE_FLAGS.md`.
+The current status of the usability of each flag (stable vs testing, etc) can be found in the [Feature Flags](/docs/configuration/feature-flags) documentation.
 
 ## Git Hooks
 
@@ -692,6 +698,97 @@ secrets.
 
 ---
 
+## Example Data and Test Loaders
+
+### Example Datasets
+
+Superset includes example datasets stored as Parquet files, organized by example name in the `superset/examples/` directory. Each example is self-contained:
+
+```
+superset/examples/
+├── _shared/                    # Shared configuration
+│   ├── database.yaml          # Database connection config
+│   └── metadata.yaml          # Import metadata
+├── birth_names/               # Example: US Birth Names
+│   ├── data.parquet          # Dataset (compressed columnar)
+│   ├── dataset.yaml          # Dataset metadata
+│   ├── dashboard.yaml        # Dashboard configuration (optional)
+│   └── charts/               # Chart configurations (optional)
+│       ├── Boys.yaml
+│       ├── Girls.yaml
+│       └── ...
+├── energy_usage/              # Example: Energy Sankey
+│   ├── data.parquet
+│   ├── dataset.yaml
+│   └── charts/
+└── ... (27 example directories)
+```
+
+#### Adding a New Example Dataset
+
+**Simple dataset (data only):**
+
+1. Create a directory: `superset/examples/my_dataset/`
+2. Add your data as `data.parquet`:
+   ```python
+   import pandas as pd
+   df = pd.read_csv("your_data.csv")
+   df.to_parquet("superset/examples/my_dataset/data.parquet", compression="snappy")
+   ```
+3. The dataset will be auto-discovered when running `superset load-examples`
+
+**Complete example with dashboard:**
+
+1. Create your dataset directory with `data.parquet`
+2. Add `dataset.yaml` with metadata (columns, metrics, etc.)
+3. Add `dashboard.yaml` with dashboard layout
+4. Add chart configs in `charts/` directory
+5. See existing examples like `birth_names/` for reference
+
+#### Exporting an Existing Dashboard
+
+To export a dashboard and its charts as YAML configs:
+
+1. In Superset, go to the dashboard you want to export
+2. Click the "..." menu → "Export"
+3. Unzip the exported file
+4. Copy the YAML files to your example directory
+5. Add the `data.parquet` file
+
+#### Why Parquet?
+
+- **Apache-friendly**: Parquet is an Apache project, ideal for ASF codebases
+- **Compressed**: Built-in Snappy compression (~27% smaller than CSV)
+- **Self-describing**: Schema is embedded in the file
+- **Widely supported**: Works with pandas, pyarrow, DuckDB, Spark, etc.
+
+### Test Data Generation
+
+For stress testing and development, Superset includes special test data generators that create synthetic data:
+
+#### Big Data Loader (`--load-big-data`)
+
+Located in `superset/cli/test_loaders.py`, this generates:
+
+- **Wide Table** (`wide_table`): 100 columns of mixed types, 1000 rows
+- **Many Small Tables** (`small_table_0` through `small_table_999`): 1000 tables for testing catalog performance
+- **Long Name Table**: Table with 60-character random name for testing UI edge cases
+
+This is primarily used for:
+- Performance testing with extreme data shapes
+- UI edge case validation
+- Database catalog stress testing
+- CI/CD pipeline validation
+
+#### Test Dashboards (`--load-test-data`)
+
+Loads additional test-specific content:
+- Tabbed dashboard example
+- Supported charts dashboard
+- Test configuration files (*.test.yaml)
+
+---
+
 ## Testing
 
 ### Python Testing
@@ -972,7 +1069,12 @@ The `test-storybook` job runs automatically in CI on every pull request, ensurin
 
 The topic of authoring new plugins, whether you'd like to contribute
 it back or not has been well documented in the
-[the documentation](https://superset.apache.org/docs/contributing/creating-viz-plugins), and in [this blog post](https://preset.io/blog/building-custom-viz-plugins-in-superset-v2).
+[documentation](https://superset.apache.org/docs/contributing/creating-viz-plugins).
+
+:::resources
+- [Blog: Building Custom Viz Plugins in Superset v2](https://preset.io/blog/building-custom-viz-plugins-in-superset-v2)
+- [Blog: Enhancing Superset Visualization Plugins](https://preset.io/blog/enhancing-superset-visualization-plugins-part-1/)
+:::
 
 To contribute a plugin to Superset, your plugin must meet the following criteria:
 

docs/docs/faq.mdx

@@ -157,7 +157,7 @@ table afterwards to configure the Columns tab, check the appropriate boxes and s
 
 To clarify, the database backend is an OLTP database used by Superset to store its internal
 information like your list of users and dashboard definitions. While Superset supports a
-[variety of databases as data _sources_](/docs/configuration/databases#installing-database-drivers),
+[variety of databases as data _sources_](/docs/databases#installing-database-drivers),
 only a few database engines are supported for use as the OLTP backend / metadata store.
 
 Superset is tested using MySQL, PostgreSQL, and SQLite backends. It’s recommended you install
@@ -190,7 +190,7 @@ second etc). Example:
 
 ## Does Superset work with [insert database engine here]?
 
-The [Connecting to Databases section](/docs/configuration/databases) provides the best
+The [Connecting to Databases section](/docs/databases) provides the best
 overview for supported databases. Database engines not listed on that page may work too. We rely on
 the community to contribute to this knowledge base.
 

docs/docs/installation/kubernetes.mdx

@@ -149,7 +149,7 @@ For production clusters it's recommended to build own image with this step done
 Superset requires a Python DB-API database driver and a SQLAlchemy
 dialect to be installed for each datastore you want to connect to.
 
-See [Install Database Drivers](/docs/configuration/databases) for more information.
+See [Install Database Drivers](/docs/databases#installing-database-drivers) for more information.
 It is recommended that you refer to versions listed in
 [pyproject.toml](https://github.com/apache/superset/blob/master/pyproject.toml)
 instead of hard-coding them in your bootstrap script, as seen below.
@@ -444,3 +444,8 @@ To load the examples, add the following to the `my_values.yaml` file:
 init:
   loadExamples: true
 ```
+
+:::resources
+- [Tutorial: Mastering Data Visualization — Installing Superset on Kubernetes with Helm Chart](https://mahira-technology.medium.com/mastering-data-visualization-installing-superset-on-kubernetes-cluster-using-helm-chart-e4ec99199e1e)
+- [Tutorial: Installing Apache Superset in Kubernetes](https://aws.plainenglish.io/installing-apache-superset-in-kubernetes-1aec192ac495)
+:::

docs/docs/installation/upgrading-superset.mdx

@@ -47,3 +47,15 @@ superset init
 While upgrading superset should not delete your charts and dashboards, we recommend following best
 practices and to backup your metadata database before upgrading. Before upgrading production, we
 recommend upgrading in a staging environment and upgrading production finally during off-peak usage.
+
+## Breaking Changes
+
+For a detailed list of breaking changes and migration notes for each version, see
+[UPDATING.md](https://github.com/apache/superset/blob/master/UPDATING.md).
+
+This file documents backwards-incompatible changes and provides guidance for migrating between
+major versions, including:
+- Configuration changes
+- API changes
+- Database migrations
+- Deprecated features

docs/docs/quickstart.mdx

@@ -74,9 +74,15 @@ processes by running Docker Compose `stop` command. By doing so, you can avoid d
 From this point on, you can head on to:
 
 - [Create your first Dashboard](/docs/using-superset/creating-your-first-dashboard)
-- [Connect to a Database](/docs/configuration/databases)
+- [Connect to a Database](/docs/databases)
 - [Using Docker Compose](/docs/installation/docker-compose)
 - [Configure Superset](/docs/configuration/configuring-superset/)
 - [Installing on Kubernetes](/docs/installation/kubernetes/)
 
 Or just explore our [Documentation](https://superset.apache.org/docs/intro)!
+
+:::resources
+- [Video: Superset in 2 Minutes](https://www.youtube.com/watch?v=AqousXQ7YHw)
+- [Video: Superset 101](https://www.youtube.com/watch?v=mAIH3hUoxEE)
+- [Tutorial: Creating Your First Dashboard](/docs/using-superset/creating-your-first-dashboard)
+:::

docs/docs/security/securing_superset.mdx

@@ -172,3 +172,8 @@ Rotating the `SUPERSET_SECRET_KEY` is a critical security procedure. It is manda
 **Procedure for Rotating the Key**
 The procedure for safely rotating the SECRET_KEY must be followed precisely to avoid locking yourself out of your instance. The official Apache Superset documentation maintains the correct, up-to-date procedure. Please follow the official guide here:
 https://superset.apache.org/docs/configuration/configuring-superset/#rotating-to-a-newer-secret_key
+
+:::resources
+- [Blog: Running Apache Superset on the Open Internet](https://preset.io/blog/running-apache-superset-on-the-open-internet-a-report-from-the-fireline/)
+- [Blog: How Security Vulnerabilities are Reported & Handled in Apache Superset](https://preset.io/blog/how-security-vulnerabilities-are-reported-and-handled-in-apache-superset/)
+:::

docs/docs/security/security.mdx

@@ -46,12 +46,62 @@ to all databases by default, both **Alpha** and **Gamma** users need to be given
 
 ### Public
 
-To allow logged-out users to access some Superset features, you can use the `PUBLIC_ROLE_LIKE` config setting and assign it to another role whose permissions you want passed to this role.
+The **Public** role is the most restrictive built-in role, designed specifically for anonymous/unauthenticated
+users who need to view dashboards. It provides minimal read-only access for:
 
-For example, by setting `PUBLIC_ROLE_LIKE = "Gamma"` in your `superset_config.py` file, you grant
-public role the same set of permissions as for the **Gamma** role. This is useful if one
-wants to enable anonymous users to view dashboards. Explicit grant on specific datasets is
-still required, meaning that you need to edit the **Public** role and add the public data sources to the role manually.
+- Viewing dashboards and charts
+- Using interactive dashboard filters
+- Accessing dashboard and chart permalinks
+- Reading embedded dashboards
+- Viewing annotations on charts
+
+The Public role explicitly excludes:
+- Any write permissions on dashboards, charts, or datasets
+- SQL Lab access
+- Share functionality
+- User profile or admin features
+- Menu access to most Superset features
+
+Anonymous users are automatically assigned the Public role when `AUTH_ROLE_PUBLIC` is configured
+(a Flask-AppBuilder setting). The `PUBLIC_ROLE_LIKE` setting is **optional** and controls what
+permissions are synced to the Public role when you run `superset init`:
+
+```python
+# Optional: Sync sensible default permissions to the Public role
+PUBLIC_ROLE_LIKE = "Public"
+
+# Alternative: Copy permissions from Gamma for broader access
+# PUBLIC_ROLE_LIKE = "Gamma"
+```
+
+If you prefer to manually configure the Public role's permissions (or use `DASHBOARD_RBAC` to
+grant access at the dashboard level), you do not need to set `PUBLIC_ROLE_LIKE`.
+
+**Important notes:**
+
+- **Data access is still required:** The Public role only grants UI/API permissions. You must
+  also grant access to specific datasets necessary to view a dashboard. As with other roles,
+  this can be done in two ways:
+
+  - **Without `DASHBOARD_RBAC`:** Dashboards only appear in the list and are accessible if
+    the user has permission to at least one of their datasets. Grant dataset access by editing
+    the Public role in the Superset UI (Menu → Security → List Roles → Public) and adding the
+    relevant data sources. All published dashboards using those datasets become visible.
+
+  - **With `DASHBOARD_RBAC` enabled:** Anonymous users will only see dashboards where the
+    "Public" role has been explicitly added in the dashboard's properties. Dataset permissions
+    are not required—DASHBOARD_RBAC handles the cascading permissions check. This provides
+    fine-grained control over which dashboards are publicly visible.
+
+- **Role synchronization:** Built-in role permissions (Admin, Alpha, Gamma, sql_lab, and Public
+  when `PUBLIC_ROLE_LIKE = "Public"`) are synchronized when you run `superset init`. Any manual
+  permission edits to these roles may be overwritten during upgrades. To customize the Public
+  role permissions, you can either:
+  - Edit the Public role directly and avoid setting `PUBLIC_ROLE_LIKE` (permissions won't be
+    overwritten by `superset init`)
+  - Copy the Public role via "Copy Role" in the Superset web UI, save it under a different name
+    (e.g., "Public_Custom"), customize the permissions, then update **both** configs:
+    `PUBLIC_ROLE_LIKE = "Public_Custom"` and `AUTH_ROLE_PUBLIC = "Public_Custom"`
 
 ### Managing Data Source Access for Gamma Roles
 
@@ -64,6 +114,46 @@ tables in the **Permissions** dropdown. To select the data sources you want to a
 You can then confirm with users assigned to the **Gamma** role that they see the
 objects (dashboards and slices) associated with the tables you just extended them.
 
+### Dashboard Access Control
+
+Access to dashboards is managed via owners (users that have edit permissions to the dashboard).
+Non-owner user access can be managed in two ways. Note that dashboards must be published to be
+visible to other users.
+
+#### Dataset-Based Access (Default)
+
+By default, users can view published dashboards if they have access to at least one dataset
+used in that dashboard. Grant dataset access by adding the relevant data source permissions
+to a role (Menu → Security → List Roles).
+
+This is the simplest approach but provides all-or-nothing access based on dataset permissions—
+if a user has access to a dataset, they can see all published dashboards using that dataset.
+
+#### Dashboard-Level Access (DASHBOARD_RBAC)
+
+For fine-grained control over which dashboards specific roles can access, enable the
+`DASHBOARD_RBAC` feature flag:
+
+```python
+FEATURE_FLAGS = {
+    "DASHBOARD_RBAC": True,
+}
+```
+
+With this enabled, you can assign specific roles to each dashboard in its properties. Users
+will only see dashboards where their role is explicitly added.
+
+**Important considerations:**
+- Dashboard access **bypasses** dataset-level checks—granting a role access to a dashboard
+  implicitly grants read access to all charts and datasets in that dashboard
+- Dashboards without any assigned roles fall back to dataset-based access
+- The dashboard must still be published to be visible
+
+This feature is particularly useful for:
+- Making specific dashboards public while keeping others private
+- Granting access to dashboards without exposing the underlying datasets for other uses
+- Creating dashboard-specific access patterns that don't align with dataset ownership
+
 ### SQL Execution Security Considerations
 
 Apache Superset includes features designed to provide safeguards when interacting with connected databases, such as the `DISALLOWED_SQL_FUNCTIONS` configuration setting. This aims to prevent the execution of potentially harmful database functions or system variables directly from Superset interfaces like SQL Lab.

docs/docs/using-superset/creating-your-first-dashboard.mdx

@@ -114,6 +114,12 @@ Aggregate functions aren't allowed in calculated columns.
 
 <img src={useBaseUrl("/img/tutorial/tutorial_calculated_column.png" )} />
 
+:::resources
+- [Using Metrics and Calculated Columns](https://docs.preset.io/docs/using-metrics-and-calculated-columns) - In-depth guide to the semantic layer
+- [Blog: Understanding the Superset Semantic Layer](https://preset.io/blog/understanding-superset-semantic-layer/)
+- [Blog: Unlocking the Power of Virtual Datasets](https://preset.io/blog/unlocking-the-power-of-virtual-datasets-in-apache-superset/)
+:::
+
 ### Creating charts in Explore view
 
 Superset has 2 main interfaces for exploring data:
@@ -183,14 +189,12 @@ slices and dashboards of your own.
 
 ### Manage access to Dashboards
 
-Access to dashboards is managed via owners (users that have edit permissions to the dashboard).
+Access to dashboards is managed via owners and permissions. Non-owner access can be controlled
+through dataset permissions or dashboard-level roles (using the `DASHBOARD_RBAC` feature flag).
 
-Non-owner users access can be managed in two different ways. The dashboard needs to be published to be visible to other users.
-
-1. Dataset permissions - if you add to the relevant role permissions to datasets it automatically grants implicit access to all dashboards that uses those permitted datasets.
-2. Dashboard roles - if you enable [**DASHBOARD_RBAC** feature flag](/docs/configuration/configuring-superset#feature-flags) then you will be able to manage which roles can access the dashboard
-   - Granting a role access to a dashboard will bypass dataset level checks. Having dashboard access implicitly grants read access to all the featured charts in the dashboard, and thereby also all the associated datasets.
-   - If no roles are specified for a dashboard, regular **Dataset permissions** will apply.
+For detailed information on configuring dashboard access, see the
+[Dashboard Access Control](/docs/security/security#dashboard-access-control) section in the
+Security documentation.
 
 <img src={useBaseUrl("/img/tutorial/tutorial_dashboard_access.png" )} />
 
@@ -229,3 +233,8 @@ The following URL parameters can be used to modify how the dashboard is rendered
 For example, when running the local development build, the following will disable the
 Top Nav and remove the Filter Bar:
 `http://localhost:8088/superset/dashboard/my-dashboard/?standalone=1&show_filters=0`
+
+:::resources
+- [Dashboard Customization](https://docs.preset.io/docs/dashboard-customization) - Advanced dashboard styling and layout options
+- [Blog: BI Dashboard Best Practices](https://preset.io/blog/bi-dashboard-best-practices/)
+:::

docs/docs/using-superset/exploring-data.mdx

@@ -9,9 +9,11 @@ import useBaseUrl from "@docusaurus/useBaseUrl";
 
 ## Exploring Data in Superset
 
-In this tutorial, we will introduce key concepts in Apache Superset through the exploration of a
-real dataset which contains the flights made by employees of a UK-based organization in 2011. The
-following information about each flight is given:
+Apache Superset enables users to explore data interactively through SQL queries, visual query builders, and rich visualizations, making it easier to understand datasets before building charts and dashboards.
+
+In this tutorial, we will introduce key concepts in Apache Superset through the exploration of a real dataset which contains the flights made by employees of a UK-based organization in 2011.
+
+The following information about each flight is given:
 
 - The traveler’s department. For the purposes of this tutorial the departments have been renamed
   Orange, Yellow and Purple.
@@ -326,3 +328,12 @@ various options in this section, refer to the
 
 Lastly, save your chart as Tutorial Resample and add it to the Tutorial Dashboard. Go to the
 tutorial dashboard to see the four charts side by side and compare the different outputs.
+
+:::resources
+- [Chart Walkthroughs](https://docs.preset.io/docs/chart-walkthroughs) - Detailed guides for most chart types
+- [Blog: Why Apache ECharts is the Future of Apache Superset](https://preset.io/blog/2021-4-1-why-echarts/)
+- [Blog: ECharts Time-Series Visualizations in Superset](https://preset.io/blog/echarts-time-series-visualizations-in-superset/)
+- [Blog: Finding New Insights with Drill By](https://preset.io/blog/drill-by/)
+- [Blog: From Drill Down to Drill By](https://preset.io/blog/drill-down-and-drill-by/)
+- [Blog: Cross-Filtering in Apache Superset](https://preset.io/blog/cross-filtering-in-Superset-and-Preset/)
+:::

docs/docusaurus.config.ts

@@ -46,6 +46,10 @@ if (!versionsConfig.components.disabled) {
       editUrl:
         'https://github.com/apache/superset/edit/master/docs/components',
       remarkPlugins: [remarkImportPartial, remarkLocalizeBadges],
+      admonitions: {
+        keywords: ['note', 'tip', 'info', 'warning', 'danger', 'resources'],
+        extendDefaults: true,
+      },
       docItemComponent: '@theme/DocItem',
       includeCurrentVersion: versionsConfig.components.includeCurrentVersion,
       lastVersion: versionsConfig.components.lastVersion,
@@ -70,6 +74,10 @@ if (!versionsConfig.developer_portal.disabled) {
       editUrl:
         'https://github.com/apache/superset/edit/master/docs/developer_portal',
       remarkPlugins: [remarkImportPartial, remarkLocalizeBadges],
+      admonitions: {
+        keywords: ['note', 'tip', 'info', 'warning', 'danger', 'resources'],
+        extendDefaults: true,
+      },
       docItemComponent: '@theme/DocItem',
       includeCurrentVersion: versionsConfig.developer_portal.includeCurrentVersion,
       lastVersion: versionsConfig.developer_portal.lastVersion,
@@ -126,7 +134,7 @@ if (!versionsConfig.developer_portal.disabled && !versionsConfig.developer_porta
       {
         type: 'doc',
         docsPluginId: 'developer_portal',
-        docId: 'extensions/architectural-principles',
+        docId: 'extensions/overview',
         label: 'Extensions',
       },
       {
@@ -214,7 +222,7 @@ const config: Config = {
             from: '/gallery.html',
           },
           {
-            to: '/docs/configuration/databases',
+            to: '/docs/databases',
             from: '/druid.html',
           },
           {
@@ -266,7 +274,7 @@ const config: Config = {
             from: '/docs/contributing/contribution-page',
           },
           {
-            to: '/docs/configuration/databases',
+            to: '/docs/databases',
             from: '/docs/databases/yugabyte/',
           },
           {
@@ -343,6 +351,10 @@ const config: Config = {
             return `https://github.com/apache/superset/edit/master/docs/${versionDocsDirPath}/${docPath}`;
           },
           remarkPlugins: [remarkImportPartial, remarkLocalizeBadges],
+          admonitions: {
+            keywords: ['note', 'tip', 'info', 'warning', 'danger', 'resources'],
+            extendDefaults: true,
+          },
           includeCurrentVersion: versionsConfig.docs.includeCurrentVersion,
           lastVersion: versionsConfig.docs.lastVersion,  // Make 'next' the default
           onlyIncludeVersions: versionsConfig.docs.onlyIncludeVersions,
@@ -398,6 +410,11 @@ const config: Config = {
               docId: 'intro',
               label: 'Getting Started',
             },
+            {
+              type: 'doc',
+              docId: 'databases/index',
+              label: 'Databases',
+            },
             {
               type: 'doc',
               docId: 'faq',
@@ -429,6 +446,14 @@ const config: Config = {
               label: 'Stack Overflow',
               href: 'https://stackoverflow.com/questions/tagged/apache-superset',
             },
+            {
+              label: 'Community Calendar',
+              href: '/community#superset-community-calendar',
+            },
+            {
+              label: 'In the Wild',
+              href: '/inTheWild',
+            },
           ],
         },
         ...dynamicNavbarItems,

docs/netlify.toml

@@ -0,0 +1,56 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Netlify configuration for Superset documentation
+# This enables automatic deploy previews for PRs that modify docs
+
+[build]
+  # Base directory is the docs folder
+  base = "docs"
+  # Build command for Docusaurus
+  command = "yarn install && yarn build"
+  # Output directory (relative to base)
+  publish = "build"
+  # Skip builds when no docs changes (exit 0 = skip, exit 1 = build)
+  # Checks for changes in docs/ and README.md (which gets pulled into docs)
+  ignore = "git diff --quiet $CACHED_COMMIT_REF $COMMIT_REF -- . ../README.md"
+
+[build.environment]
+  # Node version matching docs/.nvmrc
+  NODE_VERSION = "20"
+  # Yarn version
+  YARN_VERSION = "1.22.22"
+
+# Deploy preview settings
+[context.deploy-preview]
+  command = "yarn install && yarn build"
+
+# Branch deploy settings (for feature branches)
+[context.branch-deploy]
+  command = "yarn install && yarn build"
+
+# Redirect /docs to the main docs page
+[[redirects]]
+  from = "/docs"
+  to = "/docs/intro"
+  status = 301
+
+# Handle SPA routing for Docusaurus
+[[redirects]]
+  from = "/*"
+  to = "/index.html"
+  status = 200

docs/package.json

@@ -6,17 +6,22 @@
   "scripts": {
     "docusaurus": "docusaurus",
     "_init": "cat src/intro_header.txt ../README.md > docs/intro.md",
-    "start": "yarn run _init && yarn run generate:extension-components && NODE_ENV=development docusaurus start",
+    "start": "yarn run _init && yarn run generate:extension-components && yarn run generate:database-docs && NODE_ENV=development docusaurus start",
     "stop": "pkill -f 'docusaurus start' || pkill -f 'docusaurus serve' || echo 'No docusaurus server running'",
-    "build": "yarn run _init && yarn run generate:extension-components && DEBUG=docusaurus:* docusaurus build",
+    "build": "yarn run _init && yarn run generate:extension-components && yarn run generate:database-docs && DEBUG=docusaurus:* docusaurus build",
     "swizzle": "docusaurus swizzle",
     "deploy": "docusaurus deploy",
     "clear": "docusaurus clear",
     "serve": "yarn run _init && docusaurus serve",
     "write-translations": "docusaurus write-translations",
     "write-heading-ids": "docusaurus write-heading-ids",
-    "typecheck": "yarn run generate:extension-components && tsc",
+    "typecheck": "yarn run generate:extension-components && yarn run generate:database-docs && tsc",
     "generate:extension-components": "node scripts/generate-extension-components.mjs",
+    "generate:database-docs": "node scripts/generate-database-docs.mjs",
+    "gen-db-docs": "node scripts/generate-database-docs.mjs",
+    "lint:db-metadata": "python3 ../superset/db_engine_specs/lint_metadata.py",
+    "lint:db-metadata:report": "python3 ../superset/db_engine_specs/lint_metadata.py --markdown -o ../superset/db_engine_specs/METADATA_STATUS.md",
+    "update:readme-db-logos": "node scripts/generate-database-docs.mjs --update-readme",
     "eslint": "eslint .",
     "version:add": "node scripts/manage-versions.mjs add",
     "version:remove": "node scripts/manage-versions.mjs remove",
@@ -39,7 +44,7 @@
     "@emotion/styled": "^11.14.1",
     "@mdx-js/react": "^3.1.1",
     "@saucelabs/theme-github-codeblock": "^0.3.0",
-    "@storybook/addon-docs": "^8.6.11",
+    "@storybook/addon-docs": "^8.6.15",
     "@storybook/blocks": "^8.6.11",
     "@storybook/channels": "^8.6.11",
     "@storybook/client-logger": "^8.6.11",
@@ -51,9 +56,11 @@
     "@storybook/preview-api": "^8.6.11",
     "@storybook/theming": "^8.6.11",
     "@superset-ui/core": "^0.20.4",
-    "antd": "^6.1.0",
-    "caniuse-lite": "^1.0.30001760",
+    "antd": "^6.2.1",
+    "caniuse-lite": "^1.0.30001765",
     "docusaurus-plugin-less": "^2.0.2",
+    "js-yaml": "^4.1.1",
+    "js-yaml-loader": "^1.2.2",
     "json-bigint": "^1.0.0",
     "less": "^4.5.1",
     "less-loader": "^12.3.0",
@@ -64,7 +71,7 @@
     "react-svg-pan-zoom": "^3.13.1",
     "remark-import-partial": "^0.0.2",
     "reselect": "^5.1.1",
-    "storybook": "^8.6.11",
+    "storybook": "^8.6.15",
     "swagger-ui-react": "^5.31.0",
     "tinycolor2": "^1.4.2",
     "ts-loader": "^9.5.4",
@@ -74,18 +81,19 @@
     "@docusaurus/module-type-aliases": "^3.9.1",
     "@docusaurus/tsconfig": "^3.9.2",
     "@eslint/js": "^9.39.2",
+    "@types/js-yaml": "^4.0.9",
     "@types/react": "^19.1.8",
-    "@typescript-eslint/eslint-plugin": "^8.37.0",
-    "@typescript-eslint/parser": "^8.49.0",
+    "@typescript-eslint/eslint-plugin": "^8.52.0",
+    "@typescript-eslint/parser": "^8.52.0",
     "eslint": "^9.39.2",
     "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-prettier": "^5.5.3",
+    "eslint-plugin-prettier": "^5.5.5",
     "eslint-plugin-react": "^7.37.5",
-    "globals": "^16.5.0",
-    "prettier": "^3.7.4",
+    "globals": "^17.0.0",
+    "prettier": "^3.8.1",
     "typescript": "~5.9.3",
-    "typescript-eslint": "^8.49.0",
-    "webpack": "^5.103.0"
+    "typescript-eslint": "^8.53.1",
+    "webpack": "^5.104.1"
   },
   "browserslist": {
     "production": [

docs/plugins/remark-localize-badges.mjs

@@ -49,9 +49,23 @@ const BADGE_PATH_PATTERNS = [
 // Cache for downloaded badges (persists across files in a single build)
 const badgeCache = new Map();
 
+// Track in-flight downloads to prevent duplicate concurrent requests
+const inFlightDownloads = new Map();
+
 // Track if we've already ensured the badges directory exists
 let badgesDirCreated = false;
 
+// Retry configuration
+const MAX_RETRIES = 3;
+const RETRY_DELAY_MS = 1000;
+
+/**
+ * Sleep for a given number of milliseconds
+ */
+function sleep(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
 /**
  * Generate a stable filename for a badge URL
  */
@@ -74,21 +88,61 @@ function isBadgeUrl(url) {
   try {
     const parsed = new URL(url);
     // Check if it's from a known badge domain
-    if (BADGE_DOMAINS.some((domain) => parsed.hostname.includes(domain))) {
+    if (BADGE_DOMAINS.some(domain => parsed.hostname.includes(domain))) {
       return true;
     }
     // Check if it matches a badge path pattern
-    return BADGE_PATH_PATTERNS.some((pattern) => pattern.test(url));
+    return BADGE_PATH_PATTERNS.some(pattern => pattern.test(url));
   } catch {
     return false;
   }
 }
 
+/**
+ * Fetch a badge with retry logic
+ */
+async function fetchWithRetry(url, retries = MAX_RETRIES) {
+  let lastError;
+
+  for (let attempt = 1; attempt <= retries; attempt++) {
+    try {
+      const response = await fetch(url, {
+        headers: {
+          // Some services need a user agent
+          'User-Agent': 'Mozilla/5.0 (compatible; DocusaurusBuild/1.0)',
+          Accept: 'image/svg+xml,image/*,*/*',
+        },
+        // Follow redirects
+        redirect: 'follow',
+        // Add timeout to prevent hanging
+        signal: AbortSignal.timeout(30000),
+      });
+
+      if (!response.ok) {
+        throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+      }
+
+      return response;
+    } catch (error) {
+      lastError = error;
+      if (attempt < retries) {
+        const delay = RETRY_DELAY_MS * attempt; // Exponential backoff
+        console.log(
+          `[remark-localize-badges] Retry ${attempt}/${retries} for ${url} after ${delay}ms...`,
+        );
+        await sleep(delay);
+      }
+    }
+  }
+
+  throw lastError;
+}
+
 /**
  * Download a badge and return the local path
  */
 async function downloadBadge(url, staticDir) {
-  // Check cache first
+  // Check memory cache first
   if (badgeCache.has(url)) {
     return badgeCache.get(url);
   }
@@ -105,58 +159,67 @@ async function downloadBadge(url, staticDir) {
   const localPath = path.join(badgesDir, filename);
   const webPath = `/badges/${filename}`;
 
-  // Check if already downloaded in a previous build
+  // Check if already downloaded in a previous build or by another concurrent request
   if (fs.existsSync(localPath)) {
     badgeCache.set(url, webPath);
     return webPath;
   }
 
-  console.log(`[remark-localize-badges] Downloading: ${url}`);
-
-  try {
-    const response = await fetch(url, {
-      headers: {
-        // Some services need a user agent
-        'User-Agent': 'Mozilla/5.0 (compatible; DocusaurusBuild/1.0)',
-        Accept: 'image/svg+xml,image/*,*/*',
-      },
-      // Follow redirects
-      redirect: 'follow',
-    });
-
-    if (!response.ok) {
-      throw new Error(`HTTP ${response.status}: ${response.statusText}`);
-    }
-
-    const contentType = response.headers.get('content-type') || '';
-    const content = await response.text();
-
-    // Validate it's actually an SVG or image
-    if (
-      !contentType.includes('svg') &&
-      !contentType.includes('image') &&
-      !content.trim().startsWith('<svg') &&
-      !content.trim().startsWith('<?xml')
-    ) {
-      throw new Error(
-        `Invalid content type: ${contentType}. Expected SVG image.`,
-      );
-    }
-
-    // Write the badge to disk
-    fs.writeFileSync(localPath, content, 'utf8');
-    console.log(`[remark-localize-badges] Saved: ${filename}`);
-
-    badgeCache.set(url, webPath);
-    return webPath;
-  } catch (error) {
-    // Fail the build on badge download failure
-    throw new Error(
-      `[remark-localize-badges] Failed to download badge: ${url}\n` +
-        `Error: ${error.message}\n` +
-        `Build cannot continue with broken badges. Please fix the badge URL or remove it.`,
-    );
+  // Check if there's already an in-flight download for this URL
+  // This prevents duplicate concurrent downloads of the same badge
+  if (inFlightDownloads.has(url)) {
+    return inFlightDownloads.get(url);
   }
+
+  // Create the download promise and store it
+  const downloadPromise = (async () => {
+    // Double-check file existence after acquiring the "lock"
+    if (fs.existsSync(localPath)) {
+      badgeCache.set(url, webPath);
+      return webPath;
+    }
+
+    console.log(`[remark-localize-badges] Downloading: ${url}`);
+
+    try {
+      const response = await fetchWithRetry(url);
+
+      const contentType = response.headers.get('content-type') || '';
+      const content = await response.text();
+
+      // Validate it's actually an SVG or image
+      if (
+        !contentType.includes('svg') &&
+        !contentType.includes('image') &&
+        !content.trim().startsWith('<svg') &&
+        !content.trim().startsWith('<?xml')
+      ) {
+        throw new Error(
+          `Invalid content type: ${contentType}. Expected SVG image.`,
+        );
+      }
+
+      // Write the badge to disk
+      fs.writeFileSync(localPath, content, 'utf8');
+      console.log(`[remark-localize-badges] Saved: ${filename}`);
+
+      badgeCache.set(url, webPath);
+      return webPath;
+    } catch (error) {
+      // Fail the build on badge download failure
+      throw new Error(
+        `[remark-localize-badges] Failed to download badge: ${url}\n` +
+          `Error: ${error.message}\n` +
+          `Build cannot continue with broken badges. Please fix the badge URL or remove it.`,
+      );
+    } finally {
+      // Clean up the in-flight tracker
+      inFlightDownloads.delete(url);
+    }
+  })();
+
+  inFlightDownloads.set(url, downloadPromise);
+  return downloadPromise;
 }
 
 /**
@@ -168,15 +231,14 @@ export default function remarkLocalizeBadges(options = {}) {
   const docsRoot = path.resolve(currentDir, '..');
   const staticDir = options.staticDir || path.join(docsRoot, 'static');
 
-
   return async function transformer(tree) {
     const promises = [];
 
     // Find all image nodes
-    visit(tree, 'image', (node) => {
+    visit(tree, 'image', node => {
       if (isBadgeUrl(node.url)) {
         promises.push(
-          downloadBadge(node.url, staticDir).then((localPath) => {
+          downloadBadge(node.url, staticDir).then(localPath => {
             node.url = localPath;
           }),
         );
@@ -184,7 +246,7 @@ export default function remarkLocalizeBadges(options = {}) {
     });
 
     // Also handle HTML img tags in raw HTML or JSX
-    visit(tree, ['html', 'jsx'], (node) => {
+    visit(tree, ['html', 'jsx'], node => {
       if (!node.value) return;
 
       // Find img src attributes pointing to badge URLs
@@ -195,7 +257,7 @@ export default function remarkLocalizeBadges(options = {}) {
         const url = match[1];
         if (isBadgeUrl(url)) {
           promises.push(
-            downloadBadge(url, staticDir).then((localPath) => {
+            downloadBadge(url, staticDir).then(localPath => {
               node.value = node.value.replace(url, localPath);
             }),
           );
@@ -204,12 +266,12 @@ export default function remarkLocalizeBadges(options = {}) {
     });
 
     // Also handle markdown link images: [![alt](img-url)](link-url)
-    visit(tree, 'link', (node) => {
+    visit(tree, 'link', node => {
       if (node.children) {
-        node.children.forEach((child) => {
+        node.children.forEach(child => {
           if (child.type === 'image' && isBadgeUrl(child.url)) {
             promises.push(
-              downloadBadge(child.url, staticDir).then((localPath) => {
+              downloadBadge(child.url, staticDir).then(localPath => {
                 child.url = localPath;
               }),
             );

docs/scripts/generate-database-docs.mjs

@@ -0,0 +1,867 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * This script generates database documentation data from engine spec metadata.
+ * It outputs a JSON file that can be imported by React components for rendering.
+ *
+ * Usage: node scripts/generate-database-docs.mjs
+ *
+ * The script can run in two modes:
+ * 1. With Flask app (full diagnostics) - requires superset to be installed
+ * 2. Fallback mode (documentation only) - parses engine spec `metadata` attributes via AST
+ */
+
+import { spawnSync } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const ROOT_DIR = path.resolve(__dirname, '../..');
+const DOCS_DIR = path.resolve(__dirname, '..');
+const DATA_OUTPUT_DIR = path.join(DOCS_DIR, 'src/data');
+const DATA_OUTPUT_FILE = path.join(DATA_OUTPUT_DIR, 'databases.json');
+const MDX_OUTPUT_DIR = path.join(DOCS_DIR, 'docs/databases');
+const MDX_SUPPORTED_DIR = path.join(MDX_OUTPUT_DIR, 'supported');
+
+/**
+ * Try to run the full lib.py script with Flask context
+ */
+function tryRunFullScript() {
+  try {
+    console.log('Attempting to run lib.py with Flask context...');
+    const pythonCode = `
+import sys
+import json
+sys.path.insert(0, '.')
+from superset.app import create_app
+from superset.db_engine_specs.lib import generate_yaml_docs
+app = create_app()
+with app.app_context():
+    docs = generate_yaml_docs()
+    print(json.dumps(docs, default=str))
+`;
+    const result = spawnSync('python', ['-c', pythonCode], {
+      cwd: ROOT_DIR,
+      encoding: 'utf-8',
+      timeout: 60000,
+      maxBuffer: 10 * 1024 * 1024,
+      env: { ...process.env, SUPERSET_SECRET_KEY: 'docs-build-key' },
+    });
+
+    if (result.error) {
+      throw result.error;
+    }
+    if (result.status !== 0) {
+      throw new Error(result.stderr || 'Python script failed');
+    }
+    return JSON.parse(result.stdout);
+  } catch (error) {
+    console.log('Full script execution failed, using fallback mode...');
+    console.log('  Reason:', error.message?.split('\n')[0] || 'Unknown error');
+    return null;
+  }
+}
+
+/**
+ * Extract metadata from individual engine spec files using AST parsing
+ * This is the preferred approach - reads directly from spec.metadata attributes
+ * Supports metadata inheritance - child classes inherit and merge with parent metadata
+ */
+function extractEngineSpecMetadata() {
+  console.log('Extracting metadata from engine spec files...');
+  console.log(`  ROOT_DIR: ${ROOT_DIR}`);
+
+  try {
+    const pythonCode = `
+import sys
+import json
+import ast
+import os
+
+def eval_node(node):
+    """Safely evaluate an AST node as a Python literal."""
+    if node is None:
+        return None
+    if isinstance(node, ast.Constant):
+        return node.value
+    elif isinstance(node, ast.List):
+        return [eval_node(e) for e in node.elts]
+    elif isinstance(node, ast.Dict):
+        result = {}
+        for k, v in zip(node.keys, node.values):
+            if k is not None:
+                key = eval_node(k)
+                if key is not None:
+                    result[key] = eval_node(v)
+        return result
+    elif isinstance(node, ast.Name):
+        # Handle True, False, None constants
+        if node.id == 'True':
+            return True
+        elif node.id == 'False':
+            return False
+        elif node.id == 'None':
+            return None
+        return node.id
+    elif isinstance(node, ast.Attribute):
+        # Handle DatabaseCategory.SOMETHING - return just the attribute name
+        return node.attr
+    elif isinstance(node, ast.BinOp) and isinstance(node.op, ast.Add):
+        left, right = eval_node(node.left), eval_node(node.right)
+        if isinstance(left, str) and isinstance(right, str):
+            return left + right
+        return None
+    elif isinstance(node, ast.Tuple):
+        return tuple(eval_node(e) for e in node.elts)
+    elif isinstance(node, ast.JoinedStr):
+        # f-strings - just return a placeholder
+        return "<f-string>"
+    return None
+
+def deep_merge(base, override):
+    """Deep merge two dictionaries. Override values take precedence."""
+    if base is None:
+        return override
+    if override is None:
+        return base
+    if not isinstance(base, dict) or not isinstance(override, dict):
+        return override
+
+    # Fields that should NOT be inherited from parent classes
+    # - compatible_databases: Each class defines its own compatible DBs
+    # - categories: Each class defines its own categories (not extended from parent)
+    NON_INHERITABLE_FIELDS = {'compatible_databases', 'categories'}
+
+    result = base.copy()
+    # Remove non-inheritable fields from base (they should only come from the class that defines them)
+    for field in NON_INHERITABLE_FIELDS:
+        result.pop(field, None)
+
+    for key, value in override.items():
+        if key in result and isinstance(result[key], dict) and isinstance(value, dict):
+            result[key] = deep_merge(result[key], value)
+        elif key in result and isinstance(result[key], list) and isinstance(value, list):
+            # Extend lists from parent (e.g., drivers)
+            result[key] = result[key] + value
+        else:
+            result[key] = value
+    return result
+
+databases = {}
+specs_dir = 'superset/db_engine_specs'
+errors = []
+debug_info = {
+    "cwd": os.getcwd(),
+    "specs_dir_exists": os.path.isdir(specs_dir),
+    "files_checked": 0,
+    "classes_found": 0,
+    "classes_with_metadata": 0,
+    "inherited_metadata": 0,
+}
+
+if not os.path.isdir(specs_dir):
+    print(json.dumps({"error": f"Directory not found: {specs_dir}", "cwd": os.getcwd()}))
+    sys.exit(1)
+
+# First pass: collect all class info (name, bases, metadata)
+class_info = {}  # class_name -> {bases: [], metadata: {}, engine_name: str, filename: str}
+
+for filename in sorted(os.listdir(specs_dir)):
+    if not filename.endswith('.py') or filename in ('__init__.py', 'lib.py', 'lint_metadata.py'):
+        continue
+
+    debug_info["files_checked"] += 1
+    filepath = os.path.join(specs_dir, filename)
+    try:
+        with open(filepath) as f:
+            source = f.read()
+        tree = ast.parse(source)
+
+        for node in ast.walk(tree):
+            if not isinstance(node, ast.ClassDef):
+                continue
+
+            # Get base class names
+            base_names = []
+            for b in node.bases:
+                if isinstance(b, ast.Name):
+                    base_names.append(b.id)
+                elif isinstance(b, ast.Attribute):
+                    base_names.append(b.attr)
+
+            is_engine_spec = any('EngineSpec' in name or 'Mixin' in name for name in base_names)
+            if not is_engine_spec:
+                continue
+
+            # Extract class attributes
+            engine_name = None
+            metadata = None
+
+            for item in node.body:
+                if isinstance(item, ast.Assign):
+                    for target in item.targets:
+                        if isinstance(target, ast.Name):
+                            if target.id == 'engine_name':
+                                val = eval_node(item.value)
+                                if isinstance(val, str):
+                                    engine_name = val
+                            elif target.id == 'metadata':
+                                metadata = eval_node(item.value)
+
+            # Check for engine attribute with non-empty value to distinguish
+            # true base classes from product classes like OceanBaseEngineSpec
+            has_non_empty_engine = False
+            for item in node.body:
+                if isinstance(item, ast.Assign):
+                    for target in item.targets:
+                        if isinstance(target, ast.Name) and target.id == 'engine':
+                            # Check if engine value is non-empty string
+                            if isinstance(item.value, ast.Constant):
+                                has_non_empty_engine = bool(item.value.value)
+                            break
+
+            # True base classes: end with BaseEngineSpec AND don't define engine
+            # or have empty engine (like PostgresBaseEngineSpec with engine = "")
+            is_true_base = (
+                node.name.endswith('BaseEngineSpec') and not has_non_empty_engine
+            ) or 'Mixin' in node.name
+
+            # Store class info for inheritance resolution
+            class_info[node.name] = {
+                'bases': base_names,
+                'metadata': metadata,
+                'engine_name': engine_name,
+                'filename': filename,
+                'is_base_or_mixin': is_true_base,
+            }
+    except Exception as e:
+        errors.append(f"{filename}: {str(e)}")
+
+# Second pass: resolve inheritance and build final metadata
+def get_inherited_metadata(class_name, visited=None):
+    """Recursively get metadata from parent classes."""
+    if visited is None:
+        visited = set()
+    if class_name in visited:
+        return {}  # Prevent circular inheritance
+    visited.add(class_name)
+
+    info = class_info.get(class_name)
+    if not info:
+        return {}
+
+    # Start with parent metadata
+    inherited = {}
+    for base_name in info['bases']:
+        parent_metadata = get_inherited_metadata(base_name, visited.copy())
+        if parent_metadata:
+            inherited = deep_merge(inherited, parent_metadata)
+
+    # Merge with own metadata (own takes precedence)
+    if info['metadata']:
+        inherited = deep_merge(inherited, info['metadata'])
+
+    return inherited
+
+for class_name, info in class_info.items():
+    # Skip base classes and mixins
+    if info['is_base_or_mixin']:
+        continue
+
+    debug_info["classes_found"] += 1
+
+    # Get final metadata with inheritance
+    final_metadata = get_inherited_metadata(class_name)
+
+    # Remove compatible_databases if not defined by this class (it's not inheritable)
+    own_metadata = info['metadata'] or {}
+    if 'compatible_databases' not in own_metadata and 'compatible_databases' in final_metadata:
+        del final_metadata['compatible_databases']
+
+    # Track if we inherited anything
+    if final_metadata and final_metadata != own_metadata:
+        debug_info["inherited_metadata"] += 1
+
+    # Use class name as fallback for engine_name
+    display_name = info['engine_name'] or class_name.replace('EngineSpec', '').replace('_', ' ')
+
+    if final_metadata and isinstance(final_metadata, dict) and display_name:
+        debug_info["classes_with_metadata"] += 1
+        databases[display_name] = {
+            'engine': display_name.lower().replace(' ', '_'),
+            'engine_name': display_name,
+            'module': info['filename'][:-3],  # Remove .py extension
+            'documentation': final_metadata,
+            'time_grains': {},
+            'score': 0,
+            'max_score': 0,
+            'joins': True,
+            'subqueries': True,
+            'supports_dynamic_schema': False,
+            'supports_catalog': False,
+            'supports_dynamic_catalog': False,
+            'ssh_tunneling': False,
+            'query_cancelation': False,
+            'supports_file_upload': False,
+            'user_impersonation': False,
+            'query_cost_estimation': False,
+            'sql_validation': False,
+        }
+
+if errors and not databases:
+    print(json.dumps({"error": "Parse errors", "details": errors, "debug": debug_info}), file=sys.stderr)
+
+# Print debug info to stderr for troubleshooting
+print(json.dumps(debug_info), file=sys.stderr)
+
+print(json.dumps(databases, default=str))
+`;
+    const result = spawnSync('python3', ['-c', pythonCode], {
+      cwd: ROOT_DIR,
+      encoding: 'utf-8',
+      timeout: 30000,
+      maxBuffer: 10 * 1024 * 1024,
+    });
+
+    if (result.error) {
+      throw result.error;
+    }
+    // Log debug info from stderr
+    if (result.stderr) {
+      console.log('Python debug info:', result.stderr.trim());
+    }
+    if (result.status !== 0) {
+      throw new Error(result.stderr || 'Python script failed');
+    }
+    const databases = JSON.parse(result.stdout);
+    if (Object.keys(databases).length === 0) {
+      throw new Error('No metadata found in engine specs');
+    }
+
+    console.log(`Extracted metadata from ${Object.keys(databases).length} engine specs`);
+    return databases;
+  } catch (err) {
+    console.log('Engine spec metadata extraction failed:', err.message);
+    return null;
+  }
+}
+
+/**
+ * Build statistics from the database data
+ */
+function buildStatistics(databases) {
+  const stats = {
+    totalDatabases: Object.keys(databases).length,
+    withDocumentation: 0,
+    withConnectionString: 0,
+    withDrivers: 0,
+    withAuthMethods: 0,
+    supportsJoins: 0,
+    supportsSubqueries: 0,
+    supportsDynamicSchema: 0,
+    supportsCatalog: 0,
+    averageScore: 0,
+    maxScore: 0,
+    byCategory: {},
+  };
+
+  let totalScore = 0;
+
+  for (const [name, db] of Object.entries(databases)) {
+    const docs = db.documentation || {};
+
+    if (Object.keys(docs).length > 0) stats.withDocumentation++;
+    if (docs.connection_string || docs.drivers?.length > 0)
+      stats.withConnectionString++;
+    if (docs.drivers?.length > 0) stats.withDrivers++;
+    if (docs.authentication_methods?.length > 0) stats.withAuthMethods++;
+    if (db.joins) stats.supportsJoins++;
+    if (db.subqueries) stats.supportsSubqueries++;
+    if (db.supports_dynamic_schema) stats.supportsDynamicSchema++;
+    if (db.supports_catalog) stats.supportsCatalog++;
+
+    totalScore += db.score || 0;
+    if (db.max_score > stats.maxScore) stats.maxScore = db.max_score;
+
+    // Use categories from documentation metadata (computed by Python)
+    // Each database can belong to multiple categories
+    const categories = docs.categories || ['OTHER'];
+    for (const cat of categories) {
+      // Map category constant names to display names
+      const categoryDisplayNames = {
+        'CLOUD_AWS': 'Cloud - AWS',
+        'CLOUD_GCP': 'Cloud - Google',
+        'CLOUD_AZURE': 'Cloud - Azure',
+        'CLOUD_DATA_WAREHOUSES': 'Cloud Data Warehouses',
+        'APACHE_PROJECTS': 'Apache Projects',
+        'TRADITIONAL_RDBMS': 'Traditional RDBMS',
+        'ANALYTICAL_DATABASES': 'Analytical Databases',
+        'SEARCH_NOSQL': 'Search & NoSQL',
+        'QUERY_ENGINES': 'Query Engines',
+        'TIME_SERIES': 'Time Series Databases',
+        'OTHER': 'Other Databases',
+        'OPEN_SOURCE': 'Open Source',
+        'HOSTED_OPEN_SOURCE': 'Hosted Open Source',
+        'PROPRIETARY': 'Proprietary',
+      };
+      const displayName = categoryDisplayNames[cat] || cat;
+      if (!stats.byCategory[displayName]) {
+        stats.byCategory[displayName] = [];
+      }
+      stats.byCategory[displayName].push(name);
+    }
+  }
+
+  stats.averageScore = Math.round(totalScore / stats.totalDatabases);
+
+  return stats;
+}
+
+/**
+ * Convert database name to a URL-friendly slug
+ */
+function toSlug(name) {
+  return name
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, '-')
+    .replace(/^-|-$/g, '');
+}
+
+/**
+ * Generate MDX content for a single database page
+ */
+function generateDatabaseMDX(name, db) {
+  const description = db.documentation?.description || `Documentation for ${name} database connection.`;
+  const shortDesc = description
+    .slice(0, 160)
+    .replace(/\\/g, '\\\\')
+    .replace(/"/g, '\\"');
+
+  return `---
+title: ${name}
+sidebar_label: ${name}
+description: "${shortDesc}"
+hide_title: true
+---
+
+{/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/}
+
+import { DatabasePage } from '@site/src/components/databases';
+import databaseData from '@site/src/data/databases.json';
+
+<DatabasePage name="${name}" database={databaseData.databases["${name}"]} />
+`;
+}
+
+/**
+ * Generate the index MDX for the databases overview
+ */
+function generateIndexMDX(statistics, usedFlaskContext = true) {
+  const fallbackNotice = usedFlaskContext ? '' : `
+:::info Developer Note
+This documentation was built without Flask context, so feature diagnostics (scores, time grain support, etc.)
+may not reflect actual database capabilities. For full diagnostics, build docs locally with:
+
+\`\`\`bash
+cd docs && npm run gen-db-docs
+\`\`\`
+
+This requires a working Superset development environment.
+:::
+
+`;
+
+  return `---
+title: Connecting to Databases
+sidebar_label: Overview
+sidebar_position: 1
+---
+
+{/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/}
+
+import { DatabaseIndex } from '@site/src/components/databases';
+import databaseData from '@site/src/data/databases.json';
+
+# Connecting to Databases
+
+Superset does not ship bundled with connectivity to databases. The main step in connecting
+Superset to a database is to **install the proper database driver(s)** in your environment.
+
+:::note
+You'll need to install the required packages for the database you want to use as your metadata database
+as well as the packages needed to connect to the databases you want to access through Superset.
+For information about setting up Superset's metadata database, please refer to
+installation documentations ([Docker Compose](/docs/installation/docker-compose), [Kubernetes](/docs/installation/kubernetes))
+:::
+
+## Supported Databases
+
+Superset supports **${statistics.totalDatabases} databases** with varying levels of feature support.
+Click on any database name to see detailed documentation including connection strings,
+authentication methods, and configuration options.
+
+<DatabaseIndex data={databaseData} />
+
+## Installing Database Drivers
+
+Superset requires a Python [DB-API database driver](https://peps.python.org/pep-0249/)
+and a [SQLAlchemy dialect](https://docs.sqlalchemy.org/en/20/dialects/) to be installed for
+each database engine you want to connect to.
+
+### Installing Drivers in Docker
+
+For Docker deployments, create a \`requirements-local.txt\` file in the \`docker\` directory:
+
+\`\`\`bash
+# Create the requirements file
+touch ./docker/requirements-local.txt
+
+# Add your driver (e.g., for PostgreSQL)
+echo "psycopg2-binary" >> ./docker/requirements-local.txt
+\`\`\`
+
+Then restart your containers. The drivers will be installed automatically.
+
+### Installing Drivers with pip
+
+For non-Docker installations:
+
+\`\`\`bash
+pip install <driver-package>
+\`\`\`
+
+See individual database pages for the specific driver packages needed.
+
+## Connecting Through the UI
+
+1. Go to **Settings → Data: Database Connections**
+2. Click **+ DATABASE**
+3. Select your database type or enter a SQLAlchemy URI
+4. Click **Test Connection** to verify
+5. Click **Connect** to save
+
+## Contributing
+
+To add or update database documentation, add a \`metadata\` attribute to your engine spec class in
+\`superset/db_engine_specs/\`. Documentation is auto-generated from these metadata attributes.
+
+See [METADATA_STATUS.md](https://github.com/apache/superset/blob/master/superset/db_engine_specs/METADATA_STATUS.md)
+for the current status of database documentation and the [README](https://github.com/apache/superset/blob/master/superset/db_engine_specs/README.md) for the metadata schema.
+${fallbackNotice}`;
+}
+
+const README_PATH = path.join(ROOT_DIR, 'README.md');
+const README_START_MARKER = '<!-- SUPPORTED_DATABASES_START -->';
+const README_END_MARKER = '<!-- SUPPORTED_DATABASES_END -->';
+
+/**
+ * Generate the database logos HTML for README.md
+ * Only includes databases that have logos defined
+ */
+function generateReadmeLogos(databases) {
+  // Get databases with logos, sorted alphabetically
+  const dbsWithLogos = Object.entries(databases)
+    .filter(([, db]) => db.documentation?.logo)
+    .sort(([a], [b]) => a.localeCompare(b));
+
+  if (dbsWithLogos.length === 0) {
+    return '';
+  }
+
+  // Generate HTML img tags
+  const logoTags = dbsWithLogos.map(([name, db]) => {
+    const logo = db.documentation.logo;
+    const alt = name.toLowerCase().replace(/\s+/g, '-');
+    // Use docs site URL for logos
+    return `  <img src="https://superset.apache.org/img/databases/${logo}" alt="${alt}" border="0" width="80" height="40" class="database-logo" />`;
+  });
+
+  return `<p align="center">
+${logoTags.join('\n')}
+</p>`;
+}
+
+/**
+ * Update the README.md with generated database logos
+ */
+function updateReadme(databases) {
+  if (!fs.existsSync(README_PATH)) {
+    console.log('README.md not found, skipping update');
+    return false;
+  }
+
+  const content = fs.readFileSync(README_PATH, 'utf-8');
+
+  // Check if markers exist
+  if (!content.includes(README_START_MARKER) || !content.includes(README_END_MARKER)) {
+    console.log('README.md missing database markers, skipping update');
+    console.log(`  Add ${README_START_MARKER} and ${README_END_MARKER} to enable auto-generation`);
+    return false;
+  }
+
+  // Generate new logos section
+  const logosHtml = generateReadmeLogos(databases);
+
+  // Replace content between markers
+  const pattern = new RegExp(
+    `${README_START_MARKER}[\\s\\S]*?${README_END_MARKER}`,
+    'g'
+  );
+  const newContent = content.replace(
+    pattern,
+    `${README_START_MARKER}\n${logosHtml}\n${README_END_MARKER}`
+  );
+
+  if (newContent !== content) {
+    fs.writeFileSync(README_PATH, newContent);
+    console.log('Updated README.md database logos');
+    return true;
+  }
+
+  console.log('README.md database logos unchanged');
+  return false;
+}
+
+/**
+ * Load existing database data if available
+ */
+function loadExistingData() {
+  if (!fs.existsSync(DATA_OUTPUT_FILE)) {
+    return null;
+  }
+
+  try {
+    const content = fs.readFileSync(DATA_OUTPUT_FILE, 'utf-8');
+    return JSON.parse(content);
+  } catch (error) {
+    console.log('Could not load existing data:', error.message);
+    return null;
+  }
+}
+
+/**
+ * Merge new documentation with existing diagnostics
+ * Preserves score, time_grains, and feature flags from existing data
+ */
+function mergeWithExistingDiagnostics(newDatabases, existingData) {
+  if (!existingData?.databases) return newDatabases;
+
+  const diagnosticFields = [
+    'score', 'max_score', 'time_grains', 'joins', 'subqueries',
+    'supports_dynamic_schema', 'supports_catalog', 'supports_dynamic_catalog',
+    'ssh_tunneling', 'query_cancelation', 'supports_file_upload',
+    'user_impersonation', 'query_cost_estimation', 'sql_validation'
+  ];
+
+  for (const [name, db] of Object.entries(newDatabases)) {
+    const existingDb = existingData.databases[name];
+    if (existingDb && existingDb.score > 0) {
+      // Preserve diagnostics from existing data
+      for (const field of diagnosticFields) {
+        if (existingDb[field] !== undefined) {
+          db[field] = existingDb[field];
+        }
+      }
+    }
+  }
+
+  const preserved = Object.values(newDatabases).filter(d => d.score > 0).length;
+  if (preserved > 0) {
+    console.log(`Preserved diagnostics for ${preserved} databases from existing data`);
+  }
+
+  return newDatabases;
+}
+
+/**
+ * Main function
+ */
+async function main() {
+  console.log('Generating database documentation...\n');
+
+  // Ensure output directories exist
+  if (!fs.existsSync(DATA_OUTPUT_DIR)) {
+    fs.mkdirSync(DATA_OUTPUT_DIR, { recursive: true });
+  }
+  if (!fs.existsSync(MDX_OUTPUT_DIR)) {
+    fs.mkdirSync(MDX_OUTPUT_DIR, { recursive: true });
+  }
+
+  // Load existing data for potential merge
+  const existingData = loadExistingData();
+
+  // Try sources in order of preference:
+  // 1. Full script with Flask context (richest data with diagnostics)
+  // 2. Engine spec metadata files (works in CI without Flask)
+  let databases = tryRunFullScript();
+  let usedFlaskContext = !!databases;
+
+  if (!databases) {
+    // Extract from engine spec metadata (preferred for CI)
+    databases = extractEngineSpecMetadata();
+  }
+
+  if (!databases || Object.keys(databases).length === 0) {
+    console.error('Failed to generate database documentation data.');
+    console.error('Could not extract from Flask app or engine spec metadata.');
+    process.exit(1);
+  }
+
+  console.log(`Processed ${Object.keys(databases).length} databases\n`);
+
+  // Check if new data has scores; if not, preserve existing diagnostics
+  const hasNewScores = Object.values(databases).some((db) => db.score > 0);
+  if (!hasNewScores && existingData) {
+    databases = mergeWithExistingDiagnostics(databases, existingData);
+  }
+
+  // Build statistics
+  const statistics = buildStatistics(databases);
+
+  // Create the final output structure
+  const output = {
+    generated: new Date().toISOString(),
+    statistics,
+    databases,
+  };
+
+  // Write the JSON file (with trailing newline for POSIX compliance)
+  fs.writeFileSync(DATA_OUTPUT_FILE, JSON.stringify(output, null, 2) + '\n');
+  console.log(`Generated: ${path.relative(DOCS_DIR, DATA_OUTPUT_FILE)}`);
+
+
+  // Ensure supported directory exists
+  if (!fs.existsSync(MDX_SUPPORTED_DIR)) {
+    fs.mkdirSync(MDX_SUPPORTED_DIR, { recursive: true });
+  }
+
+  // Clean up old MDX files that are no longer in the database list
+  console.log(`\nCleaning up old MDX files in ${path.relative(DOCS_DIR, MDX_SUPPORTED_DIR)}/`);
+  const existingMdxFiles = fs.readdirSync(MDX_SUPPORTED_DIR).filter(f => f.endsWith('.mdx'));
+  const validSlugs = new Set(Object.keys(databases).map(name => `${toSlug(name)}.mdx`));
+  let removedCount = 0;
+  for (const file of existingMdxFiles) {
+    if (!validSlugs.has(file)) {
+      fs.unlinkSync(path.join(MDX_SUPPORTED_DIR, file));
+      removedCount++;
+    }
+  }
+  if (removedCount > 0) {
+    console.log(`  Removed ${removedCount} outdated MDX files`);
+  }
+
+  // Generate individual MDX files for each database in supported/ subdirectory
+  console.log(`\nGenerating MDX files in ${path.relative(DOCS_DIR, MDX_SUPPORTED_DIR)}/`);
+
+  let mdxCount = 0;
+  for (const [name, db] of Object.entries(databases)) {
+    const slug = toSlug(name);
+    const mdxContent = generateDatabaseMDX(name, db);
+    const mdxPath = path.join(MDX_SUPPORTED_DIR, `${slug}.mdx`);
+    fs.writeFileSync(mdxPath, mdxContent);
+    mdxCount++;
+  }
+  console.log(`  Generated ${mdxCount} database pages`);
+
+  // Generate index page in parent databases/ directory
+  const indexContent = generateIndexMDX(statistics, usedFlaskContext);
+  const indexPath = path.join(MDX_OUTPUT_DIR, 'index.mdx');
+  fs.writeFileSync(indexPath, indexContent);
+  console.log(`  Generated index page`);
+
+  // Generate _category_.json for databases/ directory
+  const categoryJson = {
+    label: 'Databases',
+    position: 1,
+    link: {
+      type: 'doc',
+      id: 'databases/index',
+    },
+  };
+  fs.writeFileSync(
+    path.join(MDX_OUTPUT_DIR, '_category_.json'),
+    JSON.stringify(categoryJson, null, 2) + '\n'
+  );
+
+  // Generate _category_.json for supported/ subdirectory (collapsible)
+  const supportedCategoryJson = {
+    label: 'Supported Databases',
+    position: 2,
+    collapsed: true,
+    collapsible: true,
+  };
+  fs.writeFileSync(
+    path.join(MDX_SUPPORTED_DIR, '_category_.json'),
+    JSON.stringify(supportedCategoryJson, null, 2) + '\n'
+  );
+  console.log(`  Generated _category_.json files`);
+
+  // Update README.md database logos (only when explicitly requested)
+  if (process.env.UPDATE_README === 'true' || process.argv.includes('--update-readme')) {
+    console.log('');
+    updateReadme(databases);
+  }
+
+  console.log(`\nStatistics:`);
+  console.log(`  Total databases: ${statistics.totalDatabases}`);
+  console.log(`  With documentation: ${statistics.withDocumentation}`);
+  console.log(`  With connection strings: ${statistics.withConnectionString}`);
+  console.log(`  Categories: ${Object.keys(statistics.byCategory).length}`);
+
+  console.log('\nDone!');
+}
+
+main().catch(console.error);

docs/sidebarTutorials.js

@@ -72,6 +72,7 @@ const sidebars = {
         'extensions/overview',
         'extensions/quick-start',
         'extensions/architecture',
+        'extensions/dependencies',
         'extensions/contribution-types',
         {
           type: 'category',

docs/sidebars.js

@@ -57,6 +57,20 @@ const sidebars = {
         },
       ],
     },
+    {
+      type: 'category',
+      label: 'Databases',
+      link: {
+        type: 'doc',
+        id: 'databases/index',
+      },
+      items: [
+        {
+          type: 'autogenerated',
+          dirName: 'databases',
+        },
+      ],
+    },
     {
       type: 'category',
       label: 'Using Superset',

docs/src/components/SectionHeader.tsx

@@ -98,6 +98,7 @@ interface SectionHeaderProps {
   title: string;
   subtitle?: string | ReactNode;
   dark?: boolean;
+  link?: string;
 }
 
 const SectionHeader = ({
@@ -105,15 +106,24 @@ const SectionHeader = ({
   title,
   subtitle,
   dark,
+  link,
 }: SectionHeaderProps) => {
   const Heading = level;
 
   const StyledRoot =
     level === 'h1' ? StyledSectionHeaderH1 : StyledSectionHeaderH2;
 
+  const titleContent = link ? (
+    <a href={link} style={{ color: 'inherit', textDecoration: 'none' }}>
+      {title}
+    </a>
+  ) : (
+    title
+  );
+
   return (
     <StyledRoot dark={!!dark}>
-      <Heading className="title">{title}</Heading>
+      <Heading className="title">{titleContent}</Heading>
       <img className="line" src="/img/community/line.png" alt="line" />
       {subtitle && <div className="subtitle">{subtitle}</div>}
     </StyledRoot>

docs/src/components/databases/DatabaseIndex.tsx

@@ -0,0 +1,578 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import React, { useState, useMemo } from 'react';
+import { Card, Row, Col, Statistic, Table, Tag, Input, Select, Tooltip } from 'antd';
+import {
+  DatabaseOutlined,
+  CheckCircleOutlined,
+  ApiOutlined,
+  KeyOutlined,
+  SearchOutlined,
+  LinkOutlined,
+} from '@ant-design/icons';
+import type { DatabaseData, DatabaseInfo, TimeGrains } from './types';
+
+interface DatabaseIndexProps {
+  data: DatabaseData;
+}
+
+// Type for table entries (includes both regular DBs and compatible DBs)
+interface TableEntry {
+  name: string;
+  categories: string[];  // Multiple categories supported
+  score: number;
+  max_score: number;
+  timeGrainCount: number;
+  time_grains?: TimeGrains;
+  hasDrivers: boolean;
+  hasAuthMethods: boolean;
+  hasConnectionString: boolean;
+  joins?: boolean;
+  subqueries?: boolean;
+  supports_dynamic_schema?: boolean;
+  supports_catalog?: boolean;
+  ssh_tunneling?: boolean;
+  supports_file_upload?: boolean;
+  query_cancelation?: boolean;
+  query_cost_estimation?: boolean;
+  user_impersonation?: boolean;
+  sql_validation?: boolean;
+  documentation?: DatabaseInfo['documentation'];
+  // For compatible databases
+  isCompatible?: boolean;
+  compatibleWith?: string;
+  compatibleDescription?: string;
+}
+
+// Map category constant names to display names
+const CATEGORY_DISPLAY_NAMES: Record<string, string> = {
+  'CLOUD_AWS': 'Cloud - AWS',
+  'CLOUD_GCP': 'Cloud - Google',
+  'CLOUD_AZURE': 'Cloud - Azure',
+  'CLOUD_DATA_WAREHOUSES': 'Cloud Data Warehouses',
+  'APACHE_PROJECTS': 'Apache Projects',
+  'TRADITIONAL_RDBMS': 'Traditional RDBMS',
+  'ANALYTICAL_DATABASES': 'Analytical Databases',
+  'SEARCH_NOSQL': 'Search & NoSQL',
+  'QUERY_ENGINES': 'Query Engines',
+  'TIME_SERIES': 'Time Series Databases',
+  'OTHER': 'Other Databases',
+  'OPEN_SOURCE': 'Open Source',
+  'HOSTED_OPEN_SOURCE': 'Hosted Open Source',
+  'PROPRIETARY': 'Proprietary',
+};
+
+// Category colors for visual distinction
+const CATEGORY_COLORS: Record<string, string> = {
+  'Cloud - AWS': 'orange',
+  'Cloud - Google': 'blue',
+  'Cloud - Azure': 'cyan',
+  'Cloud Data Warehouses': 'purple',
+  'Apache Projects': 'red',
+  'Traditional RDBMS': 'green',
+  'Analytical Databases': 'magenta',
+  'Search & NoSQL': 'gold',
+  'Query Engines': 'lime',
+  'Time Series Databases': 'volcano',
+  'Other Databases': 'default',
+  // Licensing categories
+  'Open Source': 'geekblue',
+  'Hosted Open Source': 'cyan',
+  'Proprietary': 'default',
+};
+
+// Convert category constant to display name
+function getCategoryDisplayName(cat: string): string {
+  return CATEGORY_DISPLAY_NAMES[cat] || cat;
+}
+
+// Get categories for a database - uses categories from metadata when available
+// Falls back to name-based inference for compatible databases without categories
+function getCategories(
+  name: string,
+  documentationCategories?: string[]
+): string[] {
+  // Prefer categories from documentation metadata (computed by Python)
+  if (documentationCategories && documentationCategories.length > 0) {
+    return documentationCategories.map(getCategoryDisplayName);
+  }
+
+  // Fallback: infer from name (for compatible databases without categories)
+  const nameLower = name.toLowerCase();
+
+  if (nameLower.includes('aws') || nameLower.includes('amazon'))
+    return ['Cloud - AWS'];
+  if (nameLower.includes('google') || nameLower.includes('bigquery'))
+    return ['Cloud - Google'];
+  if (nameLower.includes('azure') || nameLower.includes('microsoft'))
+    return ['Cloud - Azure'];
+  if (nameLower.includes('snowflake') || nameLower.includes('databricks'))
+    return ['Cloud Data Warehouses'];
+  if (
+    nameLower.includes('apache') ||
+    nameLower.includes('druid') ||
+    nameLower.includes('hive') ||
+    nameLower.includes('spark')
+  )
+    return ['Apache Projects'];
+  if (
+    nameLower.includes('postgres') ||
+    nameLower.includes('mysql') ||
+    nameLower.includes('sqlite') ||
+    nameLower.includes('mariadb')
+  )
+    return ['Traditional RDBMS'];
+  if (
+    nameLower.includes('clickhouse') ||
+    nameLower.includes('vertica') ||
+    nameLower.includes('starrocks')
+  )
+    return ['Analytical Databases'];
+  if (
+    nameLower.includes('elastic') ||
+    nameLower.includes('solr') ||
+    nameLower.includes('couchbase')
+  )
+    return ['Search & NoSQL'];
+  if (nameLower.includes('trino') || nameLower.includes('presto'))
+    return ['Query Engines'];
+
+  return ['Other Databases'];
+}
+
+// Count supported time grains
+function countTimeGrains(db: DatabaseInfo): number {
+  if (!db.time_grains) return 0;
+  return Object.values(db.time_grains).filter(Boolean).length;
+}
+
+// Format time grain name for display (e.g., FIVE_MINUTES -> "5 min")
+function formatTimeGrain(grain: string): string {
+  const mapping: Record<string, string> = {
+    SECOND: 'Second',
+    FIVE_SECONDS: '5 sec',
+    THIRTY_SECONDS: '30 sec',
+    MINUTE: 'Minute',
+    FIVE_MINUTES: '5 min',
+    TEN_MINUTES: '10 min',
+    FIFTEEN_MINUTES: '15 min',
+    THIRTY_MINUTES: '30 min',
+    HALF_HOUR: '30 min',
+    HOUR: 'Hour',
+    SIX_HOURS: '6 hours',
+    DAY: 'Day',
+    WEEK: 'Week',
+    WEEK_STARTING_SUNDAY: 'Week (Sun)',
+    WEEK_STARTING_MONDAY: 'Week (Mon)',
+    WEEK_ENDING_SATURDAY: 'Week (→Sat)',
+    WEEK_ENDING_SUNDAY: 'Week (→Sun)',
+    MONTH: 'Month',
+    QUARTER: 'Quarter',
+    QUARTER_YEAR: 'Quarter',
+    YEAR: 'Year',
+  };
+  return mapping[grain] || grain;
+}
+
+// Get list of supported time grains for tooltip
+function getSupportedTimeGrains(timeGrains?: TimeGrains): string[] {
+  if (!timeGrains) return [];
+  return Object.entries(timeGrains)
+    .filter(([, supported]) => supported)
+    .map(([grain]) => formatTimeGrain(grain));
+}
+
+const DatabaseIndex: React.FC<DatabaseIndexProps> = ({ data }) => {
+  const [searchText, setSearchText] = useState('');
+  const [categoryFilter, setCategoryFilter] = useState<string | null>(null);
+
+  const { statistics, databases } = data;
+
+  // Convert databases object to array, including compatible databases
+  const databaseList = useMemo(() => {
+    const entries: TableEntry[] = [];
+
+    Object.entries(databases).forEach(([name, db]) => {
+      // Add the main database
+      // Use categories from documentation metadata (computed by Python) when available
+      entries.push({
+        ...db,
+        name,
+        categories: getCategories(name, db.documentation?.categories),
+        timeGrainCount: countTimeGrains(db),
+        hasDrivers: (db.documentation?.drivers?.length ?? 0) > 0,
+        hasAuthMethods: (db.documentation?.authentication_methods?.length ?? 0) > 0,
+        hasConnectionString: Boolean(
+          db.documentation?.connection_string ||
+            (db.documentation?.drivers?.length ?? 0) > 0
+        ),
+        isCompatible: false,
+      });
+
+      // Add compatible databases from this database's documentation
+      const compatibleDbs = db.documentation?.compatible_databases ?? [];
+      compatibleDbs.forEach((compat) => {
+        // Check if this compatible DB already exists as a main entry
+        const existsAsMain = Object.keys(databases).some(
+          (dbName) => dbName.toLowerCase() === compat.name.toLowerCase()
+        );
+
+        if (!existsAsMain) {
+          // Compatible databases: use their categories if defined, or infer from name
+          entries.push({
+            name: compat.name,
+            categories: getCategories(compat.name, compat.categories),
+            // Compatible DBs inherit scores from parent
+            score: db.score,
+            max_score: db.max_score,
+            timeGrainCount: countTimeGrains(db),
+            hasDrivers: false,
+            hasAuthMethods: false,
+            hasConnectionString: Boolean(compat.connection_string),
+            joins: db.joins,
+            subqueries: db.subqueries,
+            supports_dynamic_schema: db.supports_dynamic_schema,
+            supports_catalog: db.supports_catalog,
+            ssh_tunneling: db.ssh_tunneling,
+            documentation: {
+              description: compat.description,
+              connection_string: compat.connection_string,
+              pypi_packages: compat.pypi_packages,
+            },
+            isCompatible: true,
+            compatibleWith: name,
+            compatibleDescription: `Uses ${name} driver`,
+          });
+        }
+      });
+    });
+
+    return entries;
+  }, [databases]);
+
+  // Filter and sort databases
+  const filteredDatabases = useMemo(() => {
+    return databaseList
+      .filter((db) => {
+        const matchesSearch =
+          !searchText ||
+          db.name.toLowerCase().includes(searchText.toLowerCase()) ||
+          db.documentation?.description
+            ?.toLowerCase()
+            .includes(searchText.toLowerCase());
+        const matchesCategory = !categoryFilter || db.categories.includes(categoryFilter);
+        return matchesSearch && matchesCategory;
+      })
+      .sort((a, b) => b.score - a.score);
+  }, [databaseList, searchText, categoryFilter]);
+
+  // Get unique categories and counts for filter
+  const { categories, categoryCounts } = useMemo(() => {
+    const counts: Record<string, number> = {};
+    databaseList.forEach((db) => {
+      // Count each category the database belongs to
+      db.categories.forEach((cat) => {
+        counts[cat] = (counts[cat] || 0) + 1;
+      });
+    });
+    return {
+      categories: Object.keys(counts).sort(),
+      categoryCounts: counts,
+    };
+  }, [databaseList]);
+
+  // Table columns
+  const columns = [
+    {
+      title: 'Database',
+      dataIndex: 'name',
+      key: 'name',
+      sorter: (a: TableEntry, b: TableEntry) => a.name.localeCompare(b.name),
+      render: (name: string, record: TableEntry) => {
+        // Convert name to URL slug
+        const toSlug = (n: string) => n.toLowerCase().replace(/[^a-z0-9]+/g, '-').replace(/^-|-$/g, '');
+
+        // Link to parent for compatible DBs, otherwise to own page
+        const linkTarget = record.isCompatible && record.compatibleWith
+          ? `/docs/databases/supported/${toSlug(record.compatibleWith)}`
+          : `/docs/databases/supported/${toSlug(name)}`;
+
+        return (
+          <div>
+            <a href={linkTarget}>
+              <strong>{name}</strong>
+            </a>
+            {record.isCompatible && record.compatibleWith && (
+              <Tag
+                icon={<LinkOutlined />}
+                color="geekblue"
+                style={{ marginLeft: 8, fontSize: '11px' }}
+              >
+                {record.compatibleWith} compatible
+              </Tag>
+            )}
+            <div style={{ fontSize: '12px', color: '#666' }}>
+              {record.documentation?.description?.slice(0, 80)}
+              {(record.documentation?.description?.length ?? 0) > 80 ? '...' : ''}
+            </div>
+          </div>
+        );
+      },
+    },
+    {
+      title: 'Categories',
+      dataIndex: 'categories',
+      key: 'categories',
+      width: 220,
+      filters: categories.map((cat) => ({ text: cat, value: cat })),
+      onFilter: (value: React.Key | boolean, record: TableEntry) =>
+        record.categories.includes(value as string),
+      render: (cats: string[]) => (
+        <div style={{ display: 'flex', gap: '4px', flexWrap: 'wrap' }}>
+          {cats.map((cat) => (
+            <Tag key={cat} color={CATEGORY_COLORS[cat] || 'default'}>{cat}</Tag>
+          ))}
+        </div>
+      ),
+    },
+    {
+      title: 'Score',
+      dataIndex: 'score',
+      key: 'score',
+      width: 80,
+      sorter: (a: TableEntry, b: TableEntry) => a.score - b.score,
+      defaultSortOrder: 'descend' as const,
+      render: (score: number, record: TableEntry) => (
+        <span
+          style={{
+            color: score > 150 ? '#52c41a' : score > 100 ? '#1890ff' : '#666',
+            fontWeight: score > 150 ? 'bold' : 'normal',
+          }}
+        >
+          {score}/{record.max_score}
+        </span>
+      ),
+    },
+    {
+      title: 'Time Grains',
+      dataIndex: 'timeGrainCount',
+      key: 'timeGrainCount',
+      width: 100,
+      sorter: (a: TableEntry, b: TableEntry) => a.timeGrainCount - b.timeGrainCount,
+      render: (count: number, record: TableEntry) => {
+        if (count === 0) return <span>-</span>;
+        const grains = getSupportedTimeGrains(record.time_grains);
+        return (
+          <Tooltip
+            title={
+              <div style={{ display: 'flex', flexWrap: 'wrap', gap: '4px', maxWidth: 280 }}>
+                {grains.map((grain) => (
+                  <Tag key={grain} style={{ margin: 0 }}>{grain}</Tag>
+                ))}
+              </div>
+            }
+            placement="top"
+          >
+            <span style={{ cursor: 'help', borderBottom: '1px dotted #999' }}>
+              {count} grains
+            </span>
+          </Tooltip>
+        );
+      },
+    },
+    {
+      title: 'Features',
+      key: 'features',
+      width: 280,
+      filters: [
+        { text: 'JOINs', value: 'joins' },
+        { text: 'Subqueries', value: 'subqueries' },
+        { text: 'Dynamic Schema', value: 'dynamic_schema' },
+        { text: 'Catalog', value: 'catalog' },
+        { text: 'SSH Tunneling', value: 'ssh' },
+        { text: 'File Upload', value: 'file_upload' },
+        { text: 'Query Cancel', value: 'query_cancel' },
+        { text: 'Cost Estimation', value: 'cost_estimation' },
+        { text: 'User Impersonation', value: 'impersonation' },
+        { text: 'SQL Validation', value: 'sql_validation' },
+      ],
+      onFilter: (value: React.Key | boolean, record: TableEntry) => {
+        switch (value) {
+          case 'joins':
+            return Boolean(record.joins);
+          case 'subqueries':
+            return Boolean(record.subqueries);
+          case 'dynamic_schema':
+            return Boolean(record.supports_dynamic_schema);
+          case 'catalog':
+            return Boolean(record.supports_catalog);
+          case 'ssh':
+            return Boolean(record.ssh_tunneling);
+          case 'file_upload':
+            return Boolean(record.supports_file_upload);
+          case 'query_cancel':
+            return Boolean(record.query_cancelation);
+          case 'cost_estimation':
+            return Boolean(record.query_cost_estimation);
+          case 'impersonation':
+            return Boolean(record.user_impersonation);
+          case 'sql_validation':
+            return Boolean(record.sql_validation);
+          default:
+            return true;
+        }
+      },
+      render: (_: unknown, record: TableEntry) => (
+        <div style={{ display: 'flex', gap: '4px', flexWrap: 'wrap' }}>
+          {record.joins && <Tag color="green">JOINs</Tag>}
+          {record.subqueries && <Tag color="green">Subqueries</Tag>}
+          {record.supports_dynamic_schema && <Tag color="blue">Dynamic Schema</Tag>}
+          {record.supports_catalog && <Tag color="purple">Catalog</Tag>}
+          {record.ssh_tunneling && <Tag color="cyan">SSH</Tag>}
+          {record.supports_file_upload && <Tag color="orange">File Upload</Tag>}
+          {record.query_cancelation && <Tag color="volcano">Query Cancel</Tag>}
+          {record.query_cost_estimation && <Tag color="gold">Cost Est.</Tag>}
+          {record.user_impersonation && <Tag color="magenta">Impersonation</Tag>}
+          {record.sql_validation && <Tag color="lime">SQL Validation</Tag>}
+        </div>
+      ),
+    },
+    {
+      title: 'Documentation',
+      key: 'docs',
+      width: 150,
+      render: (_: unknown, record: TableEntry) => (
+        <div style={{ display: 'flex', gap: '4px', flexWrap: 'wrap' }}>
+          {record.hasConnectionString && (
+            <Tag icon={<ApiOutlined />} color="default">
+              Connection
+            </Tag>
+          )}
+          {record.hasDrivers && (
+            <Tag icon={<DatabaseOutlined />} color="default">
+              Drivers
+            </Tag>
+          )}
+          {record.hasAuthMethods && (
+            <Tag icon={<KeyOutlined />} color="default">
+              Auth
+            </Tag>
+          )}
+        </div>
+      ),
+    },
+  ];
+
+  return (
+    <div className="database-index">
+      {/* Statistics Cards */}
+      <Row gutter={[16, 16]} style={{ marginBottom: 24 }}>
+        <Col xs={12} sm={6}>
+          <Card>
+            <Statistic
+              title="Total Databases"
+              value={statistics.totalDatabases}
+              prefix={<DatabaseOutlined />}
+            />
+          </Card>
+        </Col>
+        <Col xs={12} sm={6}>
+          <Card>
+            <Statistic
+              title="With Documentation"
+              value={statistics.withDocumentation}
+              prefix={<CheckCircleOutlined />}
+              suffix={`/ ${statistics.totalDatabases}`}
+            />
+          </Card>
+        </Col>
+        <Col xs={12} sm={6}>
+          <Card>
+            <Statistic
+              title="Multiple Drivers"
+              value={statistics.withDrivers}
+              prefix={<ApiOutlined />}
+            />
+          </Card>
+        </Col>
+        <Col xs={12} sm={6}>
+          <Card>
+            <Statistic
+              title="Auth Methods"
+              value={statistics.withAuthMethods}
+              prefix={<KeyOutlined />}
+            />
+          </Card>
+        </Col>
+      </Row>
+
+      {/* Filters */}
+      <Row gutter={[16, 16]} style={{ marginBottom: 16 }}>
+        <Col xs={24} sm={12}>
+          <Input
+            placeholder="Search databases..."
+            prefix={<SearchOutlined />}
+            value={searchText}
+            onChange={(e) => setSearchText(e.target.value)}
+            allowClear
+          />
+        </Col>
+        <Col xs={24} sm={12}>
+          <Select
+            placeholder="Filter by category"
+            style={{ width: '100%' }}
+            value={categoryFilter}
+            onChange={setCategoryFilter}
+            allowClear
+            options={categories.map((cat) => ({
+              label: (
+                <span>
+                  <Tag
+                    color={CATEGORY_COLORS[cat] || 'default'}
+                    style={{ marginRight: 8 }}
+                  >
+                    {categoryCounts[cat] || 0}
+                  </Tag>
+                  {cat}
+                </span>
+              ),
+              value: cat,
+            }))}
+          />
+        </Col>
+      </Row>
+
+      {/* Database Table */}
+      <Table
+        dataSource={filteredDatabases}
+        columns={columns}
+        rowKey={(record) => record.isCompatible ? `${record.compatibleWith}-${record.name}` : record.name}
+        pagination={{
+          pageSize: 20,
+          showSizeChanger: true,
+          showTotal: (total) => `${total} databases`,
+        }}
+        size="middle"
+      />
+    </div>
+  );
+};
+
+export default DatabaseIndex;

docs/src/components/databases/DatabasePage.tsx

@@ -0,0 +1,634 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import React from 'react';
+import {
+  Card,
+  Collapse,
+  Table,
+  Tag,
+  Typography,
+  Alert,
+  Space,
+  Divider,
+  Tabs,
+} from 'antd';
+import {
+  CheckCircleOutlined,
+  CloseCircleOutlined,
+  WarningOutlined,
+  LinkOutlined,
+  KeyOutlined,
+  SettingOutlined,
+  BookOutlined,
+  EditOutlined,
+  GithubOutlined,
+} from '@ant-design/icons';
+import type { DatabaseInfo } from './types';
+
+// Simple code block component for connection strings
+const CodeBlock: React.FC<{ children: React.ReactNode }> = ({ children }) => (
+  <pre
+    style={{
+      background: 'var(--ifm-code-background)',
+      padding: '12px 16px',
+      borderRadius: '4px',
+      overflow: 'auto',
+      fontSize: '13px',
+      fontFamily: 'var(--ifm-font-family-monospace)',
+    }}
+  >
+    <code>{children}</code>
+  </pre>
+);
+
+const { Title, Paragraph, Text } = Typography;
+const { Panel } = Collapse;
+const { TabPane } = Tabs;
+
+interface DatabasePageProps {
+  database: DatabaseInfo;
+  name: string;
+}
+
+// Feature badge component
+const FeatureBadge: React.FC<{ supported: boolean; label: string }> = ({
+  supported,
+  label,
+}) => (
+  <Tag
+    icon={supported ? <CheckCircleOutlined /> : <CloseCircleOutlined />}
+    color={supported ? 'success' : 'default'}
+  >
+    {label}
+  </Tag>
+);
+
+// Time grain badge
+const TimeGrainBadge: React.FC<{ supported: boolean; grain: string }> = ({
+  supported,
+  grain,
+}) => (
+  <Tag color={supported ? 'blue' : 'default'} style={{ margin: '2px' }}>
+    {grain}
+  </Tag>
+);
+
+const DatabasePage: React.FC<DatabasePageProps> = ({ database, name }) => {
+  const { documentation: docs } = database;
+
+  // Helper to render connection string with copy button
+  const renderConnectionString = (connStr: string, description?: string) => (
+    <div style={{ marginBottom: 16 }}>
+      {description && (
+        <Text type="secondary" style={{ display: 'block', marginBottom: 4 }}>
+          {description}
+        </Text>
+      )}
+      <CodeBlock>{connStr}</CodeBlock>
+    </div>
+  );
+
+  // Render driver information
+  const renderDrivers = () => {
+    if (!docs?.drivers?.length) return null;
+
+    return (
+      <Card title="Drivers" style={{ marginBottom: 16 }}>
+        <Tabs>
+          {docs.drivers.map((driver, idx) => (
+            <TabPane
+              tab={
+                <span>
+                  {driver.name}
+                  {driver.is_recommended && (
+                    <Tag color="green" style={{ marginLeft: 8 }}>
+                      Recommended
+                    </Tag>
+                  )}
+                </span>
+              }
+              key={idx}
+            >
+              <Space direction="vertical" style={{ width: '100%' }}>
+                {driver.pypi_package && (
+                  <div>
+                    <Text strong>PyPI Package: </Text>
+                    <code>{driver.pypi_package}</code>
+                  </div>
+                )}
+                {driver.connection_string &&
+                  renderConnectionString(driver.connection_string)}
+                {driver.notes && (
+                  <Alert message={driver.notes} type="info" showIcon />
+                )}
+                {driver.docs_url && (
+                  <a href={driver.docs_url} target="_blank" rel="noreferrer">
+                    <LinkOutlined /> Documentation
+                  </a>
+                )}
+              </Space>
+            </TabPane>
+          ))}
+        </Tabs>
+      </Card>
+    );
+  };
+
+  // Render authentication methods
+  const renderAuthMethods = () => {
+    if (!docs?.authentication_methods?.length) return null;
+
+    return (
+      <Card
+        title={
+          <>
+            <KeyOutlined /> Authentication Methods
+          </>
+        }
+        style={{ marginBottom: 16 }}
+      >
+        <Collapse accordion>
+          {docs.authentication_methods.map((auth, idx) => (
+            <Panel header={auth.name} key={idx}>
+              {auth.description && <Paragraph>{auth.description}</Paragraph>}
+              {auth.requirements && (
+                <Alert
+                  message="Requirements"
+                  description={auth.requirements}
+                  type="warning"
+                  showIcon
+                  style={{ marginBottom: 16 }}
+                />
+              )}
+              {auth.connection_string &&
+                renderConnectionString(
+                  auth.connection_string,
+                  'Connection String'
+                )}
+              {auth.secure_extra && (
+                <div>
+                  <Text strong>Secure Extra Configuration:</Text>
+                  <CodeBlock>
+                    {JSON.stringify(auth.secure_extra, null, 2)}
+                  </CodeBlock>
+                </div>
+              )}
+              {auth.engine_parameters && (
+                <div>
+                  <Text strong>Engine Parameters:</Text>
+                  <CodeBlock>
+                    {JSON.stringify(auth.engine_parameters, null, 2)}
+                  </CodeBlock>
+                </div>
+              )}
+              {auth.notes && (
+                <Alert message={auth.notes} type="info" showIcon />
+              )}
+            </Panel>
+          ))}
+        </Collapse>
+      </Card>
+    );
+  };
+
+  // Render engine parameters
+  const renderEngineParams = () => {
+    if (!docs?.engine_parameters?.length) return null;
+
+    return (
+      <Card
+        title={
+          <>
+            <SettingOutlined /> Engine Parameters
+          </>
+        }
+        style={{ marginBottom: 16 }}
+      >
+        <Collapse>
+          {docs.engine_parameters.map((param, idx) => (
+            <Panel header={param.name} key={idx}>
+              {param.description && <Paragraph>{param.description}</Paragraph>}
+              {param.json && (
+                <CodeBlock>
+                  {JSON.stringify(param.json, null, 2)}
+                </CodeBlock>
+              )}
+              {param.docs_url && (
+                <a href={param.docs_url} target="_blank" rel="noreferrer">
+                  <LinkOutlined /> Learn more
+                </a>
+              )}
+            </Panel>
+          ))}
+        </Collapse>
+      </Card>
+    );
+  };
+
+  // Render compatible databases (for PostgreSQL, etc.)
+  const renderCompatibleDatabases = () => {
+    if (!docs?.compatible_databases?.length) return null;
+
+    // Create array of all panel keys to expand by default
+    const allPanelKeys = docs.compatible_databases.map((_, idx) => idx);
+
+    return (
+      <Card title="Compatible Databases" style={{ marginBottom: 16 }}>
+        <Paragraph>
+          The following databases are compatible with the {name} driver:
+        </Paragraph>
+        <Collapse defaultActiveKey={allPanelKeys}>
+          {docs.compatible_databases.map((compat, idx) => (
+            <Panel
+              header={
+                <div style={{ display: 'flex', alignItems: 'center', gap: 12 }}>
+                  {compat.logo && (
+                    <img
+                      src={`/img/databases/${compat.logo}`}
+                      alt={compat.name}
+                      style={{
+                        width: 28,
+                        height: 28,
+                        objectFit: 'contain',
+                      }}
+                    />
+                  )}
+                  <span>{compat.name}</span>
+                </div>
+              }
+              key={idx}
+            >
+              {compat.description && (
+                <Paragraph>{compat.description}</Paragraph>
+              )}
+              {compat.connection_string &&
+                renderConnectionString(compat.connection_string)}
+              {compat.parameters && (
+                <div>
+                  <Text strong>Parameters:</Text>
+                  <Table
+                    dataSource={Object.entries(compat.parameters).map(
+                      ([key, value]) => ({
+                        key,
+                        parameter: key,
+                        description: value,
+                      })
+                    )}
+                    columns={[
+                      { title: 'Parameter', dataIndex: 'parameter', key: 'p' },
+                      {
+                        title: 'Description',
+                        dataIndex: 'description',
+                        key: 'd',
+                      },
+                    ]}
+                    pagination={false}
+                    size="small"
+                  />
+                </div>
+              )}
+              {compat.notes && (
+                <Alert
+                  message={compat.notes}
+                  type="info"
+                  showIcon
+                  style={{ marginTop: 16 }}
+                />
+              )}
+            </Panel>
+          ))}
+        </Collapse>
+      </Card>
+    );
+  };
+
+  // Render feature matrix
+  const renderFeatures = () => {
+    const features: Array<{ key: keyof DatabaseInfo; label: string }> = [
+      { key: 'joins', label: 'JOINs' },
+      { key: 'subqueries', label: 'Subqueries' },
+      { key: 'supports_dynamic_schema', label: 'Dynamic Schema' },
+      { key: 'supports_catalog', label: 'Catalog Support' },
+      { key: 'supports_dynamic_catalog', label: 'Dynamic Catalog' },
+      { key: 'ssh_tunneling', label: 'SSH Tunneling' },
+      { key: 'query_cancelation', label: 'Query Cancellation' },
+      { key: 'supports_file_upload', label: 'File Upload' },
+      { key: 'user_impersonation', label: 'User Impersonation' },
+      { key: 'query_cost_estimation', label: 'Cost Estimation' },
+      { key: 'sql_validation', label: 'SQL Validation' },
+    ];
+
+    return (
+      <Card title="Supported Features" style={{ marginBottom: 16 }}>
+        <div style={{ display: 'flex', flexWrap: 'wrap', gap: 8 }}>
+          {features.map(({ key, label }) => (
+            <FeatureBadge
+              key={key}
+              supported={Boolean(database[key])}
+              label={label}
+            />
+          ))}
+        </div>
+        {database.score > 0 && (
+          <div style={{ marginTop: 16 }}>
+            <Text>
+              Feature Score:{' '}
+              <Text strong>
+                {database.score}/{database.max_score}
+              </Text>
+            </Text>
+          </div>
+        )}
+      </Card>
+    );
+  };
+
+  // Render time grains
+  const renderTimeGrains = () => {
+    if (!database.time_grains) return null;
+
+    const commonGrains = [
+      'SECOND',
+      'MINUTE',
+      'HOUR',
+      'DAY',
+      'WEEK',
+      'MONTH',
+      'QUARTER',
+      'YEAR',
+    ];
+    const extendedGrains = Object.keys(database.time_grains).filter(
+      (g) => !commonGrains.includes(g)
+    );
+
+    return (
+      <Card title="Time Grains" style={{ marginBottom: 16 }}>
+        <div style={{ marginBottom: 16 }}>
+          <Text strong>Common Time Grains:</Text>
+          <div style={{ marginTop: 8 }}>
+            {commonGrains.map((grain) => (
+              <TimeGrainBadge
+                key={grain}
+                grain={grain}
+                supported={Boolean(
+                  database.time_grains[grain as keyof typeof database.time_grains]
+                )}
+              />
+            ))}
+          </div>
+        </div>
+        {extendedGrains.length > 0 && (
+          <div>
+            <Text strong>Extended Time Grains:</Text>
+            <div style={{ marginTop: 8 }}>
+              {extendedGrains.map((grain) => (
+                <TimeGrainBadge
+                  key={grain}
+                  grain={grain}
+                  supported={Boolean(
+                    database.time_grains[grain as keyof typeof database.time_grains]
+                  )}
+                />
+              ))}
+            </div>
+          </div>
+        )}
+      </Card>
+    );
+  };
+
+  return (
+    <div
+      className="database-page"
+      id={name.toLowerCase().replace(/\s+/g, '-')}
+    >
+      <div style={{ marginBottom: 16 }}>
+        {docs?.logo && (
+          <img
+            src={`/img/databases/${docs.logo}`}
+            alt={name}
+            style={{
+              height: 120,
+              objectFit: 'contain',
+              marginBottom: 12,
+            }}
+          />
+        )}
+        <Title level={1} style={{ margin: 0 }}>{name}</Title>
+        {docs?.homepage_url && (
+          <a
+            href={docs.homepage_url}
+            target="_blank"
+            rel="noreferrer"
+            style={{ fontSize: 14 }}
+          >
+            <LinkOutlined /> {docs.homepage_url}
+          </a>
+        )}
+      </div>
+
+      {docs?.description && <Paragraph>{docs.description}</Paragraph>}
+
+      {/* Warnings */}
+      {docs?.warnings?.map((warning, idx) => (
+        <Alert
+          key={idx}
+          message={warning}
+          type="warning"
+          icon={<WarningOutlined />}
+          showIcon
+          style={{ marginBottom: 16 }}
+        />
+      ))}
+
+      {/* Known Limitations */}
+      {docs?.limitations?.length > 0 && (
+        <Card
+          title="Known Limitations"
+          style={{ marginBottom: 16 }}
+          type="inner"
+        >
+          <ul style={{ margin: 0, paddingLeft: 20 }}>
+            {docs.limitations.map((limitation, idx) => (
+              <li key={idx}>{limitation}</li>
+            ))}
+          </ul>
+        </Card>
+      )}
+
+      {/* Installation */}
+      {(docs?.pypi_packages?.length || docs?.install_instructions) && (
+        <Card title="Installation" style={{ marginBottom: 16 }}>
+          {docs.pypi_packages?.length > 0 && (
+            <div style={{ marginBottom: 16 }}>
+              <Text strong>Required packages: </Text>
+              {docs.pypi_packages.map((pkg) => (
+                <Tag key={pkg} color="blue">
+                  {pkg}
+                </Tag>
+              ))}
+            </div>
+          )}
+          {docs.version_requirements && (
+            <Alert
+              message={`Version requirement: ${docs.version_requirements}`}
+              type="info"
+              showIcon
+              style={{ marginBottom: 16 }}
+            />
+          )}
+          {docs.install_instructions && (
+            <CodeBlock>{docs.install_instructions}</CodeBlock>
+          )}
+        </Card>
+      )}
+
+      {/* Basic Connection */}
+      {docs?.connection_string && !docs?.drivers?.length && (
+        <Card title="Connection String" style={{ marginBottom: 16 }}>
+          {renderConnectionString(docs.connection_string)}
+          {docs.parameters && (
+            <Table
+              dataSource={Object.entries(docs.parameters).map(
+                ([key, value]) => ({
+                  key,
+                  parameter: key,
+                  description: value,
+                })
+              )}
+              columns={[
+                { title: 'Parameter', dataIndex: 'parameter', key: 'p' },
+                { title: 'Description', dataIndex: 'description', key: 'd' },
+              ]}
+              pagination={false}
+              size="small"
+            />
+          )}
+          {docs.default_port && (
+            <Text type="secondary">Default port: {docs.default_port}</Text>
+          )}
+        </Card>
+      )}
+
+      {/* Drivers */}
+      {renderDrivers()}
+
+      {/* Connection Examples */}
+      {docs?.connection_examples?.length > 0 && (
+        <Card title="Connection Examples" style={{ marginBottom: 16 }}>
+          {docs.connection_examples.map((example, idx) => (
+            <div key={idx}>
+              {renderConnectionString(
+                example.connection_string,
+                example.description
+              )}
+            </div>
+          ))}
+        </Card>
+      )}
+
+      {/* Authentication Methods */}
+      {renderAuthMethods()}
+
+      {/* Engine Parameters */}
+      {renderEngineParams()}
+
+      {/* Features */}
+      {renderFeatures()}
+
+      {/* Time Grains */}
+      {renderTimeGrains()}
+
+      {/* Compatible Databases */}
+      {renderCompatibleDatabases()}
+
+      {/* Notes */}
+      {docs?.notes && (
+        <Alert
+          message="Notes"
+          description={docs.notes}
+          type="info"
+          showIcon
+          style={{ marginBottom: 16 }}
+        />
+      )}
+
+      {/* External Links */}
+      {(docs?.docs_url || docs?.tutorials?.length) && (
+        <Card
+          title={
+            <>
+              <BookOutlined /> Resources
+            </>
+          }
+          style={{ marginBottom: 16 }}
+        >
+          <Space direction="vertical">
+            {docs.docs_url && (
+              <a href={docs.docs_url} target="_blank" rel="noreferrer">
+                <LinkOutlined /> Official Documentation
+              </a>
+            )}
+            {docs.sqlalchemy_docs_url && (
+              <a href={docs.sqlalchemy_docs_url} target="_blank" rel="noreferrer">
+                <LinkOutlined /> SQLAlchemy Dialect Documentation
+              </a>
+            )}
+            {docs.tutorials?.map((tutorial, idx) => (
+              <a key={idx} href={tutorial} target="_blank" rel="noreferrer">
+                <LinkOutlined /> Tutorial {idx + 1}
+              </a>
+            ))}
+          </Space>
+        </Card>
+      )}
+
+      {/* Edit link */}
+      {database.module && (
+        <Card
+          style={{
+            marginBottom: 16,
+            background: 'var(--ifm-background-surface-color)',
+            borderStyle: 'dashed',
+          }}
+          size="small"
+        >
+          <Space>
+            <GithubOutlined />
+            <Text type="secondary">
+              Help improve this documentation by editing the engine spec:
+            </Text>
+            <a
+              href={`https://github.com/apache/superset/edit/master/superset/db_engine_specs/${database.module}.py`}
+              target="_blank"
+              rel="noreferrer"
+            >
+              <EditOutlined /> Edit {database.module}.py
+            </a>
+          </Space>
+        </Card>
+      )}
+
+      <Divider />
+    </div>
+  );
+};
+
+export default DatabasePage;

docs/src/components/databases/index.ts

@@ -0,0 +1,22 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export { default as DatabaseIndex } from './DatabaseIndex';
+export { default as DatabasePage } from './DatabasePage';
+export * from './types';

docs/src/components/databases/types.ts

@@ -0,0 +1,243 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * TypeScript types for database documentation data
+ * Generated from superset/db_engine_specs/lib.py
+ */
+
+export interface Driver {
+  name: string;
+  pypi_package?: string;
+  connection_string?: string;
+  is_recommended?: boolean;
+  notes?: string;
+  docs_url?: string;
+  default_port?: number;
+  odbc_driver_paths?: Record<string, string>;
+  environment_variables?: Record<string, string>;
+}
+
+export interface ConnectionExample {
+  description: string;
+  connection_string: string;
+}
+
+export interface HostExample {
+  platform: string;
+  host: string;
+}
+
+export interface AuthenticationMethod {
+  name: string;
+  description?: string;
+  requirements?: string;
+  connection_string?: string;
+  secure_extra?: Record<string, unknown>;
+  secure_extra_body?: Record<string, unknown>;
+  secure_extra_path?: Record<string, unknown>;
+  engine_parameters?: Record<string, unknown>;
+  config_example?: Record<string, unknown>;
+  notes?: string;
+}
+
+export interface EngineParameter {
+  name: string;
+  description?: string;
+  json?: Record<string, unknown>;
+  secure_extra?: Record<string, unknown>;
+  docs_url?: string;
+}
+
+export interface SSLConfiguration {
+  custom_certificate?: string;
+  disable_ssl_verification?: {
+    engine_params?: Record<string, unknown>;
+  };
+}
+
+export interface CompatibleDatabase {
+  name: string;
+  description?: string;
+  logo?: string;
+  homepage_url?: string;
+  categories?: string[];  // Category classifications (e.g., ["TRADITIONAL_RDBMS", "OPEN_SOURCE"])
+  pypi_packages?: string[];
+  connection_string?: string;
+  parameters?: Record<string, string>;
+  connection_examples?: ConnectionExample[];
+  notes?: string;
+  docs_url?: string;
+}
+
+export interface DatabaseDocumentation {
+  description?: string;
+  logo?: string;
+  homepage_url?: string;
+  categories?: string[];  // Category classifications (e.g., ["TRADITIONAL_RDBMS", "OPEN_SOURCE"])
+  pypi_packages?: string[];
+  connection_string?: string;
+  default_port?: number;
+  parameters?: Record<string, string>;
+  notes?: string;
+  limitations?: string[];  // Known limitations or caveats
+  connection_examples?: ConnectionExample[];
+  host_examples?: HostExample[];
+  drivers?: Driver[];
+  authentication_methods?: AuthenticationMethod[];
+  engine_parameters?: EngineParameter[];
+  ssl_configuration?: SSLConfiguration;
+  version_requirements?: string;
+  install_instructions?: string;
+  warnings?: string[];
+  tutorials?: string[];
+  docs_url?: string;
+  sqlalchemy_docs_url?: string;
+  advanced_features?: Record<string, string>;
+  compatible_databases?: CompatibleDatabase[];
+}
+
+export interface TimeGrains {
+  SECOND?: boolean;
+  MINUTE?: boolean;
+  HOUR?: boolean;
+  DAY?: boolean;
+  WEEK?: boolean;
+  MONTH?: boolean;
+  QUARTER?: boolean;
+  YEAR?: boolean;
+  FIVE_SECONDS?: boolean;
+  THIRTY_SECONDS?: boolean;
+  FIVE_MINUTES?: boolean;
+  TEN_MINUTES?: boolean;
+  FIFTEEN_MINUTES?: boolean;
+  THIRTY_MINUTES?: boolean;
+  HALF_HOUR?: boolean;
+  SIX_HOURS?: boolean;
+  WEEK_STARTING_SUNDAY?: boolean;
+  WEEK_STARTING_MONDAY?: boolean;
+  WEEK_ENDING_SATURDAY?: boolean;
+  WEEK_ENDING_SUNDAY?: boolean;
+  QUARTER_YEAR?: boolean;
+}
+
+export interface DatabaseInfo {
+  engine: string;
+  engine_name: string;
+  engine_aliases?: string[];
+  default_driver?: string;
+  module?: string;
+  documentation: DatabaseDocumentation;
+
+  // Diagnostics from lib.py diagnose() function
+  time_grains: TimeGrains;
+  score: number;
+  max_score: number;
+
+  // SQL capabilities
+  joins: boolean;
+  subqueries: boolean;
+  alias_in_select?: boolean;
+  alias_in_orderby?: boolean;
+  cte_in_subquery?: boolean;
+  sql_comments?: boolean;
+  escaped_colons?: boolean;
+  time_groupby_inline?: boolean;
+  alias_to_source_column?: boolean;
+  order_by_not_in_select?: boolean;
+  expressions_in_orderby?: boolean;
+
+  // Platform features
+  limit_method?: string;
+  limit_clause?: boolean;
+  max_column_name?: number;
+  supports_file_upload?: boolean;
+  supports_dynamic_schema?: boolean;
+  supports_catalog?: boolean;
+  supports_dynamic_catalog?: boolean;
+
+  // Advanced features
+  user_impersonation?: boolean;
+  ssh_tunneling?: boolean;
+  query_cancelation?: boolean;
+  expand_data?: boolean;
+  query_cost_estimation?: boolean;
+  sql_validation?: boolean;
+  get_metrics?: boolean;
+  where_latest_partition?: boolean;
+  get_extra_table_metadata?: boolean;
+  dbapi_exception_mapping?: boolean;
+  custom_errors?: boolean;
+  masked_encrypted_extra?: boolean;
+  column_type_mapping?: boolean;
+  function_names?: boolean;
+}
+
+export interface Statistics {
+  totalDatabases: number;
+  withDocumentation: number;
+  withConnectionString: number;
+  withDrivers: number;
+  withAuthMethods: number;
+  supportsJoins: number;
+  supportsSubqueries: number;
+  supportsDynamicSchema: number;
+  supportsCatalog: number;
+  averageScore: number;
+  maxScore: number;
+  byCategory: Record<string, string[]>;
+}
+
+export interface DatabaseData {
+  generated: string;
+  statistics: Statistics;
+  databases: Record<string, DatabaseInfo>;
+}
+
+// Helper type for sorting databases
+export type SortField = 'name' | 'score' | 'category';
+export type SortDirection = 'asc' | 'desc';
+
+// Helper to get common time grains
+export const COMMON_TIME_GRAINS = [
+  'SECOND',
+  'MINUTE',
+  'HOUR',
+  'DAY',
+  'WEEK',
+  'MONTH',
+  'QUARTER',
+  'YEAR',
+] as const;
+
+export const EXTENDED_TIME_GRAINS = [
+  'FIVE_SECONDS',
+  'THIRTY_SECONDS',
+  'FIVE_MINUTES',
+  'TEN_MINUTES',
+  'FIFTEEN_MINUTES',
+  'THIRTY_MINUTES',
+  'HALF_HOUR',
+  'SIX_HOURS',
+  'WEEK_STARTING_SUNDAY',
+  'WEEK_STARTING_MONDAY',
+  'WEEK_ENDING_SATURDAY',
+  'WEEK_ENDING_SUNDAY',
+  'QUARTER_YEAR',
+] as const;

docs/src/pages/inTheWild.tsx

@@ -0,0 +1,165 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import Layout from '@theme/Layout';
+import { Avatar, Card, Col, Collapse, Row, Typography } from 'antd';
+import BlurredSection from '../components/BlurredSection';
+import SectionHeader from '../components/SectionHeader';
+import DataSet from '../../../RESOURCES/INTHEWILD.yaml';
+
+const { Text, Link } = Typography;
+
+interface Organization {
+  name: string;
+  url: string;
+  logo?: string;
+  contributors?: string[];
+}
+
+interface DataSetType {
+  categories: Record<string, Organization[]>;
+}
+
+const typedDataSet = DataSet as DataSetType;
+
+const ContributorAvatars = ({ contributors }: { contributors?: string[] }) => {
+  if (!contributors?.length) return null;
+  return (
+    <Avatar.Group size="small" max={{ count: 3 }}>
+      {contributors.map((handle) => {
+        const username = handle.replace('@', '');
+        return (
+          <a
+            key={username}
+            href={`https://github.com/${username}`}
+            target="_blank"
+            rel="noreferrer"
+            onClick={(e) => e.stopPropagation()}
+          >
+            <Avatar
+              src={`https://github.com/${username}.png?size=40`}
+              alt={username}
+              style={{ cursor: 'pointer' }}
+            >
+              {username.charAt(0).toUpperCase()}
+            </Avatar>
+          </a>
+        );
+      })}
+    </Avatar.Group>
+  );
+};
+
+export default function InTheWild() {
+  return (
+    <Layout title="In the Wild" description="Organizations using Apache Superset">
+      <main>
+        <BlurredSection>
+          <SectionHeader
+            level="h2"
+            title="In the Wild"
+            subtitle="See who's using Superset and join our growing community"
+          />
+          <div style={{ textAlign: 'center', marginTop: 10 }}>
+            <Link
+              href="https://github.com/apache/superset/edit/master/RESOURCES/INTHEWILD.yaml"
+              target="_blank"
+            >
+              Add your name/org!
+            </Link>
+          </div>
+        </BlurredSection>
+
+        <div style={{ maxWidth: 850, margin: '70px auto 60px', padding: '0 20px' }}>
+          <Collapse
+            bordered={false}
+            defaultActiveKey={Object.keys(typedDataSet.categories)}
+            style={{
+              background: 'var(--ifm-background-color)',
+              border: '1px solid var(--ifm-border-color)',
+              borderRadius: 10,
+            }}
+            items={Object.entries(typedDataSet.categories).map(([category, items]) => {
+              const logoItems = items.filter(({ logo }) => logo?.trim());
+              const textItems = items.filter(({ logo }) => !logo?.trim());
+
+              return {
+                key: category,
+                label: (
+                  <Text strong style={{ fontSize: 16, lineHeight: '22px', color: 'var(--ifm-font-base-color)' }}>
+                    {category} ({items.length})
+                  </Text>
+                ),
+                children: (
+                  <>
+                    {logoItems.length > 0 && (
+                      <Row gutter={[16, 16]} style={{ marginBottom: textItems.length > 0 ? 24 : 0 }}>
+                        {logoItems.map(({ name, url, logo, contributors }) => (
+                          <Col xs={24} sm={12} md={8} key={name}>
+                            <a href={url} target="_blank" rel="noreferrer">
+                              <Card
+                                hoverable
+                                style={{ height: 150, position: 'relative' }}
+                                styles={{ body: { padding: 16, height: '100%', display: 'flex', alignItems: 'center', justifyContent: 'center' } }}
+                              >
+                                <img
+                                  src={`/img/logos/${logo}`}
+                                  alt={name}
+                                  style={{ maxHeight: 80, maxWidth: '100%', objectFit: 'contain' }}
+                                />
+                                {contributors?.length && (
+                                  <div style={{ position: 'absolute', bottom: 8, right: 8 }}>
+                                    <ContributorAvatars contributors={contributors} />
+                                  </div>
+                                )}
+                              </Card>
+                            </a>
+                          </Col>
+                        ))}
+                      </Row>
+                    )}
+
+                    {textItems.length > 0 && (
+                      <Row gutter={[8, 8]}>
+                        {textItems.map(({ name, url, contributors }) => (
+                          <Col xs={24} sm={12} md={8} key={name}>
+                            <a href={url} target="_blank" rel="noreferrer">
+                              <Card
+                                size="small"
+                                hoverable
+                                styles={{ body: { padding: '8px 12px', display: 'flex', alignItems: 'center', justifyContent: 'space-between', gap: 8 } }}
+                              >
+                                <Text ellipsis style={{ flex: 1 }}>{name}</Text>
+                                <ContributorAvatars contributors={contributors} />
+                              </Card>
+                            </a>
+                          </Col>
+                        ))}
+                      </Row>
+                    )}
+                  </>
+                ),
+              };
+            })}
+          />
+        </div>
+      </main>
+    </Layout>
+  );
+}

docs/src/pages/index.tsx

@@ -19,15 +19,63 @@
 import { useRef, useState, useEffect, JSX } from 'react';
 import Layout from '@theme/Layout';
 import Link from '@docusaurus/Link';
-import { Carousel } from 'antd';
+import { Card, Carousel, Flex } from 'antd';
 import styled from '@emotion/styled';
 import GitHubButton from 'react-github-btn';
 import { mq } from '../utils';
-import { Databases } from '../resources/data';
 import SectionHeader from '../components/SectionHeader';
+import databaseData from '../data/databases.json';
 import BlurredSection from '../components/BlurredSection';
+import DataSet from '../../../RESOURCES/INTHEWILD.yaml';
+import type { DatabaseData } from '../components/databases/types';
 import '../styles/main.less';
 
+// Build database list from databases.json (databases with logos)
+// Deduplicate by logo filename to avoid showing the same logo twice
+const typedDatabaseData = databaseData as DatabaseData;
+const seenLogos = new Set<string>();
+const Databases = Object.entries(typedDatabaseData.databases)
+  .filter(([, db]) => db.documentation?.logo && db.documentation?.homepage_url)
+  .map(([name, db]) => ({
+    title: name,
+    href: db.documentation?.homepage_url,
+    imgName: db.documentation?.logo,
+    docPath: `/docs/databases/supported/${name.toLowerCase().replace(/[^a-z0-9]+/g, '-').replace(/^-|-$/g, '')}`,
+  }))
+  .sort((a, b) => a.title.localeCompare(b.title))
+  .filter((db) => {
+    if (seenLogos.has(db.imgName!)) return false;
+    seenLogos.add(db.imgName!);
+    return true;
+  });
+
+interface Organization {
+  name: string;
+  url: string;
+  logo?: string;
+}
+
+interface DataSetType {
+  categories: Record<string, Organization[]>;
+}
+
+const typedDataSet = DataSet as DataSetType;
+
+// Extract all organizations with logos for the carousel
+const companiesWithLogos = Object.values(typedDataSet.categories)
+  .flat()
+  .filter((org) => org.logo?.trim());
+
+// Fisher-Yates shuffle for fair randomization
+function shuffleArray<T>(array: T[]): T[] {
+  const shuffled = [...array];
+  for (let i = shuffled.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    [shuffled[i], shuffled[j]] = [shuffled[j], shuffled[i]];
+  }
+  return shuffled;
+}
+
 const features = [
   {
     image: 'powerful-yet-easy.jpg',
@@ -412,22 +460,22 @@ const StyledIntegrations = styled('div')`
   padding: 0 20px;
   .database-grid {
     display: grid;
-    grid-template-columns: repeat(5, minmax(0, 1fr));
-    gap: 14px;
-    max-width: 1160px;
+    grid-template-columns: repeat(8, minmax(0, 1fr));
+    gap: 10px;
+    max-width: 1200px;
     margin: 25px auto 0;
     ${mq[1]} {
-      grid-template-columns: repeat(4, minmax(0, 1fr));
+      grid-template-columns: repeat(5, minmax(0, 1fr));
     }
     ${mq[0]} {
-      grid-template-columns: repeat(1, minmax(0, 1fr));
+      grid-template-columns: repeat(2, minmax(0, 1fr));
     }
     & > .item {
       border: 1px solid var(--ifm-border-color);
-      border-radius: 10px;
+      border-radius: 8px;
       overflow: hidden;
-      height: 120px;
-      padding: 25px;
+      height: 80px;
+      padding: 14px;
       display: flex;
       align-items: center;
       justify-content: center;
@@ -452,6 +500,7 @@ export default function Home(): JSX.Element {
   const slider = useRef(null);
 
   const [slideIndex, setSlideIndex] = useState(0);
+  const [shuffledCompanies, setShuffledCompanies] = useState(companiesWithLogos);
 
   const onChange = (current, next) => {
     setSlideIndex(next);
@@ -479,6 +528,11 @@ export default function Home(): JSX.Element {
     }
   };
 
+  // Shuffle companies on mount for fair rotation
+  useEffect(() => {
+    setShuffledCompanies(shuffleArray(companiesWithLogos));
+  }, []);
+
   // Set up dark <-> light navbar change
   useEffect(() => {
     changeToDark();
@@ -725,28 +779,92 @@ export default function Home(): JSX.Element {
         </BlurredSection>
         <BlurredSection>
           <StyledIntegrations>
-            <SectionHeader level="h2" title="Supported Databases" />
+            <SectionHeader level="h2" title="Supported Databases" link="/docs/databases" />
             <div className="database-grid">
-              {Databases.map(({ title, href, imgName }) => (
+              {Databases.map(({ title, imgName, docPath }) => (
                 <div className="item" key={title}>
-                  {href ? (
-                    <a href={href} aria-label={`Go to ${title} page`}>
-                      <img src={`/img/databases/${imgName}`} title={title} />
-                    </a>
-                  ) : (
+                  <a href={docPath} aria-label={`${title} documentation`}>
                     <img src={`/img/databases/${imgName}`} title={title} />
-                  )}
+                  </a>
                 </div>
               ))}
             </div>
             <span className="database-sub">
               ...and many other{' '}
-              <a href="/docs/configuration/databases#installing-database-drivers">
+              <a href="/docs/databases#installing-database-drivers">
                 compatible databases
               </a>
             </span>
           </StyledIntegrations>
         </BlurredSection>
+        {/* Only show carousel when we have enough logos (>10) for a good display */}
+        {companiesWithLogos.length > 10 && (
+          <BlurredSection>
+            <div style={{ padding: '0 20px' }}>
+              <SectionHeader
+                level="h2"
+                title="Trusted by teams everywhere"
+                subtitle="Join thousands of companies using Superset to explore and visualize their data"
+              />
+              <div style={{ maxWidth: 1160, margin: '25px auto 0' }}>
+                <Carousel
+                  autoplay
+                  autoplaySpeed={2000}
+                  slidesToShow={6}
+                  slidesToScroll={1}
+                  dots={false}
+                  responsive={[
+                    { breakpoint: 1024, settings: { slidesToShow: 4 } },
+                    { breakpoint: 768, settings: { slidesToShow: 3 } },
+                    { breakpoint: 480, settings: { slidesToShow: 2 } },
+                  ]}
+                >
+                  {shuffledCompanies.map(({ name, url, logo }) => (
+                    <div key={name}>
+                      <a
+                        href={url}
+                        target="_blank"
+                        rel="noreferrer"
+                        aria-label={`Visit ${name}`}
+                      >
+                        <Card
+                          style={{ margin: '0 8px' }}
+                          styles={{
+                            body: {
+                              height: 80,
+                              display: 'flex',
+                              alignItems: 'center',
+                              justifyContent: 'center',
+                              padding: 16,
+                            },
+                          }}
+                        >
+                          <img
+                            src={`/img/logos/${logo}`}
+                            alt={name}
+                            title={name}
+                            style={{ maxHeight: 48, maxWidth: '100%', objectFit: 'contain' }}
+                          />
+                        </Card>
+                      </a>
+                    </div>
+                  ))}
+                </Carousel>
+              </div>
+              <Flex justify="center" style={{ marginTop: 30, fontSize: 17 }}>
+                <Link to="/inTheWild">See all companies</Link>
+                <span style={{ margin: '0 8px' }}>·</span>
+                <a
+                  href="https://github.com/apache/superset/edit/master/RESOURCES/INTHEWILD.yaml"
+                  target="_blank"
+                  rel="noreferrer"
+                >
+                  Add yours to the list!
+                </a>
+              </Flex>
+            </div>
+          </BlurredSection>
+        )}
       </StyledMain>
     </Layout>
   );

docs/src/styles/custom.css

@@ -123,6 +123,11 @@ ul.dropdown__menu svg {
   --ifm-code-padding-horizontal: 5px;
 }
 
+/* Database logo images in intro/README */
+.database-logo {
+  object-fit: contain;
+}
+
 [data-theme='dark'] {
   --ifm-color-primary: #25c2a0;
   --ifm-color-primary-dark: #21af90;
@@ -134,3 +139,51 @@ ul.dropdown__menu svg {
   --ifm-font-base-color: #bbb5ac;
   --ifm-border-color: #797063;
 }
+
+/* Custom "resources" admonition for additional resources/links */
+.alert--resources {
+  --ifm-alert-background-color: #f8f9fa;
+  --ifm-alert-border-color: #6c757d;
+  --ifm-alert-foreground-color: #495057;
+  background-color: var(--ifm-alert-background-color);
+  border-left: 5px solid var(--ifm-alert-border-color);
+}
+
+.alert--resources .admonition-heading h5 {
+  color: var(--ifm-alert-foreground-color);
+}
+
+.alert--resources .admonition-icon svg {
+  fill: var(--ifm-alert-foreground-color);
+  stroke: var(--ifm-alert-foreground-color);
+}
+
+/* Resources admonition - dark mode */
+[data-theme='dark'] .alert--resources {
+  --ifm-alert-background-color: #2d3748;
+  --ifm-alert-border-color: #718096;
+  --ifm-alert-foreground-color: #e2e8f0;
+}
+
+/* Style links within resources admonition */
+.alert--resources a {
+  color: var(--ifm-link-color);
+  text-decoration: none;
+}
+
+.alert--resources a:hover {
+  text-decoration: underline;
+}
+
+[data-theme='dark'] .alert--resources a {
+  color: var(--ifm-color-primary-light);
+}
+
+/* Fix Ant Design Collapse arrow visibility in dark mode */
+[data-theme='dark'] .ant-collapse-expand-icon {
+  color: var(--ifm-font-base-color);
+}
+
+[data-theme='dark'] .ant-collapse-header {
+  color: var(--ifm-font-base-color);
+}

docs/src/theme/Admonition/Types.js

@@ -0,0 +1,63 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import React from 'react';
+import DefaultAdmonitionTypes from '@theme-original/Admonition/Types';
+
+function ResourcesIcon() {
+  return (
+    <svg
+      xmlns="http://www.w3.org/2000/svg"
+      width="16"
+      height="16"
+      viewBox="0 0 24 24"
+      fill="none"
+      stroke="currentColor"
+      strokeWidth="2"
+      strokeLinecap="round"
+      strokeLinejoin="round"
+    >
+      {/* Bookmark/link icon */}
+      <path d="M19 21l-7-5-7 5V5a2 2 0 0 1 2-2h10a2 2 0 0 1 2 2z" />
+    </svg>
+  );
+}
+
+function ResourcesAdmonition(props) {
+  return (
+    <div className="admonition admonition-resources alert alert--resources">
+      <div className="admonition-heading">
+        <h5>
+          <span className="admonition-icon">
+            <ResourcesIcon />
+          </span>
+          {props.title || 'Additional Resources'}
+        </h5>
+      </div>
+      <div className="admonition-content">{props.children}</div>
+    </div>
+  );
+}
+
+const AdmonitionTypes = {
+  ...DefaultAdmonitionTypes,
+  resources: ResourcesAdmonition,
+};
+
+export default AdmonitionTypes;

docs/src/theme/Root.js

@@ -19,6 +19,17 @@
 import { useEffect } from 'react';
 import useDocusaurusContext from '@docusaurus/useDocusaurusContext';
 
+// File extensions to track as downloads
+const DOWNLOAD_EXTENSIONS = [
+  'pdf', 'zip', 'tar', 'gz', 'tgz', 'bz2',
+  'exe', 'dmg', 'pkg', 'deb', 'rpm',
+  'doc', 'docx', 'xls', 'xlsx', 'ppt', 'pptx',
+  'csv', 'json', 'yaml', 'yml',
+];
+
+// Scroll depth milestones to track
+const SCROLL_MILESTONES = [25, 50, 75, 100];
+
 export default function Root({ children }) {
   const { siteConfig } = useDocusaurusContext();
   const { customFields } = siteConfig;
@@ -27,10 +38,9 @@ export default function Root({ children }) {
     const { matomoUrl, matomoSiteId } = customFields;
 
     if (typeof window !== 'undefined') {
-      // Making testing easier, logging debug junk if we're in development
-      const devMode = window.location.hostname === 'localhost' ? true : false;
+      const devMode = ['localhost', '127.0.0.1', '::1', '0.0.0.0'].includes(window.location.hostname);
 
-      // Initialize the _paq array first
+      // Initialize the _paq array
       window._paq = window._paq || [];
 
       // Configure the tracker before loading matomo.js
@@ -39,7 +49,8 @@ export default function Root({ children }) {
       window._paq.push(['setTrackerUrl', `${matomoUrl}/matomo.php`]);
       window._paq.push(['setSiteId', matomoSiteId]);
 
-      // Initial page view is handled by handleRouteChange
+      // Track downloads with custom extensions
+      window._paq.push(['setDownloadExtensions', DOWNLOAD_EXTENSIONS.join('|')]);
 
       // Now load the matomo.js script
       const script = document.createElement('script');
@@ -47,19 +58,168 @@ export default function Root({ children }) {
       script.src = `${matomoUrl}/matomo.js`;
       document.head.appendChild(script);
 
+      // Helper to track events
+      const trackEvent = (category, action, name, value) => {
+        if (devMode) {
+          console.log('Matomo trackEvent:', { category, action, name, value });
+        }
+        window._paq.push(['trackEvent', category, action, name, value]);
+      };
+
+      // Helper to track site search
+      const trackSiteSearch = (keyword, category, resultsCount) => {
+        if (devMode) {
+          console.log('Matomo trackSiteSearch:', { keyword, category, resultsCount });
+        }
+        window._paq.push(['trackSiteSearch', keyword, category, resultsCount]);
+      };
+
+
+      // Track external link clicks using domain as category (vendor-agnostic)
+      const handleLinkClick = (event) => {
+        const link = event.target.closest('a');
+        if (!link) return;
+
+        const href = link.getAttribute('href');
+        if (!href) return;
+
+        try {
+          const url = new URL(href, window.location.origin);
+
+          // Skip internal links
+          if (url.hostname === window.location.hostname) return;
+
+          // Use hostname as category for vendor-agnostic tracking
+          trackEvent('Outbound Link', url.hostname, href);
+        } catch {
+          // Invalid URL, skip tracking
+        }
+      };
+
+      // Track Algolia search queries
+      const setupAlgoliaTracking = () => {
+        const observer = new MutationObserver((mutations) => {
+          mutations.forEach((mutation) => {
+            mutation.addedNodes.forEach((node) => {
+              if (node.nodeType === Node.ELEMENT_NODE) {
+                const searchInput = node.querySelector?.('.DocSearch-Input') ||
+                                   (node.classList?.contains('DocSearch-Input') ? node : null);
+                if (searchInput) {
+                  let debounceTimer;
+                  searchInput.addEventListener('input', (e) => {
+                    clearTimeout(debounceTimer);
+                    debounceTimer = setTimeout(() => {
+                      const query = e.target.value.trim();
+                      if (query.length >= 3) {
+                        const results = document.querySelectorAll('.DocSearch-Hit');
+                        trackSiteSearch(query, 'Documentation', results.length);
+                      }
+                    }, 1000);
+                  });
+                }
+              }
+            });
+          });
+        });
+
+        observer.observe(document.body, { childList: true, subtree: true });
+        return observer;
+      };
+
+      // Track video plays
+      const handleVideoPlay = (event) => {
+        if (event.target.tagName === 'VIDEO') {
+          const videoSrc = event.target.currentSrc || event.target.src || 'unknown';
+          trackEvent('Video', 'Play', videoSrc);
+        }
+      };
+
+      // Track CTA button clicks
+      const handleCTAClick = (event) => {
+        const button = event.target.closest('.get-started-button, .default-button-theme');
+        if (button) {
+          const buttonText = button.textContent?.trim() || 'Unknown';
+          const href = button.getAttribute('href') || '';
+          trackEvent('CTA', 'Click', `${buttonText} - ${href}`);
+        }
+      };
+
+      // Track scroll depth
+      let scrollMilestonesReached = new Set();
+      const handleScroll = () => {
+        const scrollTop = window.scrollY;
+        const docHeight = document.documentElement.scrollHeight - window.innerHeight;
+        if (docHeight <= 0) return;
+
+        const scrollPercent = Math.round((scrollTop / docHeight) * 100);
+
+        SCROLL_MILESTONES.forEach(milestone => {
+          if (scrollPercent >= milestone && !scrollMilestonesReached.has(milestone)) {
+            scrollMilestonesReached.add(milestone);
+            trackEvent('Scroll Depth', `${milestone}%`, window.location.pathname);
+          }
+        });
+      };
+
+      // Reset scroll tracking on route change
+      const resetScrollTracking = () => {
+        scrollMilestonesReached = new Set();
+      };
+
+      // Track 404 pages
+      const track404 = () => {
+        const is404 = document.querySelector('.theme-doc-404') ||
+                      document.title.toLowerCase().includes('not found') ||
+                      document.querySelector('h1')?.textContent?.toLowerCase().includes('not found');
+        if (is404) {
+          trackEvent('Error', '404', window.location.pathname);
+          if (devMode) {
+            console.log('Matomo: 404 page detected', window.location.pathname);
+          }
+        }
+      };
+
+      // Track copy-to-clipboard events on code blocks
+      const handleCopy = (event) => {
+        const codeBlock = event.target.closest('pre, code, .prism-code');
+        if (codeBlock) {
+          const codeText = window.getSelection()?.toString() || '';
+          const codeSnippet = codeText.substring(0, 100) + (codeText.length > 100 ? '...' : '');
+          trackEvent('Code', 'Copy', `${window.location.pathname}: ${codeSnippet}`);
+        }
+      };
+
+      // Track color mode preference (as event, no admin config needed)
+      const trackColorMode = () => {
+        const colorMode = document.documentElement.getAttribute('data-theme') ||
+                         (window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light');
+        trackEvent('User Preference', 'Color Mode', colorMode);
+      };
+
+      // Track docs version from URL (as event, no admin config needed)
+      const trackDocsVersion = () => {
+        const pathMatch = window.location.pathname.match(/\/docs\/([\d.]+)\//);
+        const version = pathMatch ? pathMatch[1] : 'latest';
+        trackEvent('User Preference', 'Docs Version', version);
+      };
+
       // Handle route changes for SPA
       const handleRouteChange = () => {
         if (devMode) {
           console.log('Route changed to:', window.location.pathname);
         }
 
-        // Short timeout to ensure the page has fully rendered
+        // Reset scroll tracking for new page
+        resetScrollTracking();
+
         setTimeout(() => {
-          // Get the current page title from the document
           const currentTitle = document.title;
           const currentPath = window.location.pathname;
 
-          // For testing: impersonate real domain - ONLY FOR DEVELOPMENT
+          // Set custom dimensions before tracking page view
+          trackColorMode();
+          trackDocsVersion();
+
           if (devMode) {
             console.log('Tracking page view:', currentPath, currentTitle);
             window._paq.push(['setDomains', ['superset.apache.org']]);
@@ -74,10 +234,13 @@ export default function Root({ children }) {
           window._paq.push(['setReferrerUrl', window.location.href]);
           window._paq.push(['setDocumentTitle', currentTitle]);
           window._paq.push(['trackPageView']);
-        }, 100); // Increased delay to ensure page has fully rendered
+
+          // Check for 404 after page renders
+          setTimeout(track404, 500);
+        }, 100);
       };
 
-      // Try all possible Docusaurus events - they've changed between versions
+      // Set up Docusaurus route listeners
       const possibleEvents = [
         'docusaurus.routeDidUpdate',
         'docusaurusRouteDidUpdate',
@@ -85,21 +248,22 @@ export default function Root({ children }) {
       ];
 
       if (devMode) {
-        console.log('Setting up Docusaurus route listeners');
+        console.log('Setting up Matomo tracking with enhanced features');
       }
-      possibleEvents.forEach(eventName => {
-        document.addEventListener(eventName, () => {
+
+      // Store handler references for proper cleanup
+      const routeHandlers = possibleEvents.map(eventName => {
+        const handler = () => {
           if (devMode) {
             console.log(`Docusaurus route update detected via ${eventName}`);
           }
           handleRouteChange();
-        });
+        };
+        document.addEventListener(eventName, handler);
+        return { eventName, handler };
       });
 
-      // Also set up manual history tracking as fallback
-      if (devMode) {
-        console.log('Setting up manual history tracking as fallback');
-      }
+      // Manual history tracking as fallback
       const originalPushState = window.history.pushState;
       window.history.pushState = function () {
         originalPushState.apply(this, arguments);
@@ -108,19 +272,53 @@ export default function Root({ children }) {
 
       window.addEventListener('popstate', handleRouteChange);
 
+      // Set up event listeners
+      document.addEventListener('click', handleLinkClick);
+      document.addEventListener('click', handleCTAClick);
+      document.addEventListener('play', handleVideoPlay, true);
+      document.addEventListener('copy', handleCopy);
+      window.addEventListener('scroll', handleScroll, { passive: true });
+
+      // Watch for color mode changes
+      const colorModeObserver = new MutationObserver((mutations) => {
+        mutations.forEach((mutation) => {
+          if (mutation.attributeName === 'data-theme') {
+            trackEvent('User Preference', 'Color Mode Change',
+              document.documentElement.getAttribute('data-theme'));
+          }
+        });
+      });
+      colorModeObserver.observe(document.documentElement, { attributes: true });
+
+      // Set up Algolia tracking
+      const algoliaObserver = setupAlgoliaTracking();
+
       // Initial page tracking
       handleRouteChange();
 
+      // Cleanup
       return () => {
-        // Cleanup listeners
-        possibleEvents.forEach(eventName => {
-          document.removeEventListener(eventName, handleRouteChange);
+        routeHandlers.forEach(({ eventName, handler }) => {
+          document.removeEventListener(eventName, handler);
         });
 
         if (originalPushState) {
           window.history.pushState = originalPushState;
           window.removeEventListener('popstate', handleRouteChange);
         }
+
+        document.removeEventListener('click', handleLinkClick);
+        document.removeEventListener('click', handleCTAClick);
+        document.removeEventListener('play', handleVideoPlay, true);
+        document.removeEventListener('copy', handleCopy);
+        window.removeEventListener('scroll', handleScroll);
+
+        if (algoliaObserver) {
+          algoliaObserver.disconnect();
+        }
+        if (colorModeObserver) {
+          colorModeObserver.disconnect();
+        }
       };
     }
   }, []);

docs/src/types/yaml.d.ts

@@ -17,11 +17,12 @@
  * under the License.
  */
 
-// Minimal service worker for PWA file handling support
-self.addEventListener('install', event => {
-  event.waitUntil(self.skipWaiting());
-});
+declare module '*.yaml' {
+  const content: unknown;
+  export default content;
+}
 
-self.addEventListener('activate', event => {
-  event.waitUntil(self.clients.claim());
-});
+declare module '*.yml' {
+  const content: unknown;
+  export default content;
+}

docs/src/webpack.extend.ts

@@ -25,6 +25,13 @@ export default function webpackExtendPlugin(): Plugin<void> {
     name: 'custom-webpack-plugin',
     configureWebpack(config) {
       const isDev = process.env.NODE_ENV === 'development';
+
+      // Add YAML loader rule directly to existing rules
+      config.module?.rules?.push({
+        test: /\.ya?ml$/,
+        use: 'js-yaml-loader',
+      });
+
       return {
         devtool: isDev ? 'eval-source-map' : config.devtool,
         ...(isDev && {

docs/static/.htaccess

@@ -35,7 +35,7 @@ RewriteRule ^usertutorial\.html$ /docs/using-superset/creating-your-first-dashbo
 RewriteRule ^security\.html$ /docs/security/ [R=301,L]
 RewriteRule ^sqllab\.html$ /docs/configuration/sql-templating [R=301,L]
 RewriteRule ^gallery\.html$ /docs/intro [R=301,L]
-RewriteRule ^druid\.html$ /docs/configuration/databases [R=301,L]
+RewriteRule ^druid\.html$ /docs/databases [R=301,L]
 RewriteRule ^misc\.html$ /docs/configuration/country-map-tools [R=301,L]
 RewriteRule ^visualization\.html$ /docs/configuration/country-map-tools [R=301,L]
 RewriteRule ^videos\.html$ /docs/faq [R=301,L]
@@ -47,7 +47,7 @@ RewriteRule ^docs/installation/email-reports$ /docs/configuration/alerts-reports
 RewriteRule ^docs/roadmap$ /docs/intro [R=301,L]
 RewriteRule ^docs/contributing/contribution-guidelines$ /docs/contributing/ [R=301,L]
 RewriteRule ^docs/contributing/contribution-page$ /docs/contributing/ [R=301,L]
-RewriteRule ^docs/databases/yugabyte/$ /docs/configuration/databases [R=301,L]
+RewriteRule ^docs/databases/yugabyte/$ /docs/databases [R=301,L]
 RewriteRule ^docs/frequently-asked-questions$ /docs/faq [R=301,L]
 RewriteRule ^docs/installation/running-on-kubernetes/$ /docs/installation/kubernetes [R=301,L]
 RewriteRule ^docs/contributing/testing-locally/$ /docs/contributing/howtos [R=301,L]
@@ -62,7 +62,5 @@ RewriteRule ^docs/installation/cache/$ /docs/configuration/cache [R=301,L]
 RewriteRule ^docs/installation/async-queries-celery/$ /docs/configuration/async-queries-celery [R=301,L]
 RewriteRule ^docs/installation/event-logging/$ /docs/configuration/event-logging [R=301,L]
 
-RewriteRule ^docs/databases.*$ /docs/configuration/databases [R=301,L]
-
 # pre-commit hooks documentation
 RewriteRule ^docs/contributing/hooks-and-linting/$ /docs/contributing/development/#git-hooks-1

docs/static/feature-flags.json

@@ -0,0 +1,379 @@
+{
+  "generated": true,
+  "source": "superset/config.py",
+  "flags": {
+    "development": [
+      {
+        "name": "AG_GRID_TABLE_ENABLED",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Enables Table V2 (AG Grid) viz plugin"
+      },
+      {
+        "name": "ALERT_REPORT_TABS",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Enables experimental tabs UI for Alerts and Reports"
+      },
+      {
+        "name": "CHART_PLUGINS_EXPERIMENTAL",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Enables experimental chart plugins"
+      },
+      {
+        "name": "CSV_UPLOAD_PYARROW_ENGINE",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Experimental PyArrow engine for CSV parsing (may have issues with dates/nulls)"
+      },
+      {
+        "name": "DATASET_FOLDERS",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Allow metrics and columns to be grouped into folders in the chart builder"
+      },
+      {
+        "name": "DATE_RANGE_TIMESHIFTS_ENABLED",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Enable support for date range timeshifts (e.g., \"2015-01-03 : 2015-01-04\") in addition to relative timeshifts (e.g., \"1 day ago\")"
+      },
+      {
+        "name": "ENABLE_ADVANCED_DATA_TYPES",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Enables advanced data type support"
+      },
+      {
+        "name": "ENABLE_EXTENSIONS",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Enable Superset extensions for custom functionality without modifying core"
+      },
+      {
+        "name": "MATRIXIFY",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Enable Matrixify feature for matrix-style chart layouts"
+      },
+      {
+        "name": "OPTIMIZE_SQL",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Try to optimize SQL queries \u2014 for now only predicate pushdown is supported"
+      },
+      {
+        "name": "PRESTO_EXPAND_DATA",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Expand nested types in Presto into extra columns/arrays. Experimental, doesn't work with all nested types."
+      },
+      {
+        "name": "TABLE_V2_TIME_COMPARISON_ENABLED",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Enable Table V2 time comparison feature"
+      },
+      {
+        "name": "TAGGING_SYSTEM",
+        "default": false,
+        "lifecycle": "development",
+        "description": "Enables the tagging system for organizing assets"
+      }
+    ],
+    "testing": [
+      {
+        "name": "ALERT_REPORTS",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Enables Alerts and Reports functionality",
+        "docs": "https://superset.apache.org/docs/configuration/alerts-reports"
+      },
+      {
+        "name": "ALERT_REPORTS_FILTER",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Enables filter functionality in Alerts and Reports"
+      },
+      {
+        "name": "ALERT_REPORT_SLACK_V2",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Enables Slack V2 integration for Alerts and Reports"
+      },
+      {
+        "name": "ALERT_REPORT_WEBHOOK",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Enables webhook integration for Alerts and Reports"
+      },
+      {
+        "name": "ALLOW_FULL_CSV_EXPORT",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Allow users to export full CSV of table viz type. Warning: Could cause server memory/compute issues with large datasets."
+      },
+      {
+        "name": "CACHE_IMPERSONATION",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Enable caching per impersonation key in datasources with user impersonation"
+      },
+      {
+        "name": "DATE_FORMAT_IN_EMAIL_SUBJECT",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Allow users to optionally specify date formats in email subjects",
+        "docs": "https://superset.apache.org/docs/configuration/alerts-reports"
+      },
+      {
+        "name": "DYNAMIC_PLUGINS",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Enable dynamic plugin loading"
+      },
+      {
+        "name": "ENABLE_DASHBOARD_DOWNLOAD_WEBDRIVER_SCREENSHOT",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Generate screenshots (PDF/JPG) of dashboards using web driver. Depends on ENABLE_DASHBOARD_SCREENSHOT_ENDPOINTS."
+      },
+      {
+        "name": "ENABLE_DASHBOARD_SCREENSHOT_ENDPOINTS",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Enables endpoints to cache and retrieve dashboard screenshots via webdriver. Requires Celery and THUMBNAIL_CACHE_CONFIG."
+      },
+      {
+        "name": "ENABLE_SUPERSET_META_DB",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Allows users to add a superset:// DB that can query across databases. Experimental with potential security/performance risks. See SUPERSET_META_DB_LIMIT.",
+        "docs": "https://superset.apache.org/docs/configuration/databases/#querying-across-databases"
+      },
+      {
+        "name": "ESTIMATE_QUERY_COST",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Enable query cost estimation. Supported in Presto, Postgres, and BigQuery. Requires `cost_estimate_enabled: true` in database `extra` attribute."
+      },
+      {
+        "name": "GLOBAL_ASYNC_QUERIES",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Enable async queries for dashboards and Explore via WebSocket. Requires Redis 5.0+ and Celery workers.",
+        "docs": "https://superset.apache.org/docs/contributing/misc#async-chart-queries"
+      },
+      {
+        "name": "IMPERSONATE_WITH_EMAIL_PREFIX",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "When impersonating a user, use the email prefix instead of username"
+      },
+      {
+        "name": "PLAYWRIGHT_REPORTS_AND_THUMBNAILS",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Replace Selenium with Playwright for reports and thumbnails. Supports deck.gl visualizations. Requires playwright pip package."
+      },
+      {
+        "name": "RLS_IN_SQLLAB",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Apply RLS rules to SQL Lab queries. Requires query parsing/manipulation. May break queries or allow RLS bypass. Use with care!"
+      },
+      {
+        "name": "SSH_TUNNELING",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Allow users to enable SSH tunneling when creating a DB connection. DB engine must support SSH Tunnels.",
+        "docs": "https://superset.apache.org/docs/configuration/setup-ssh-tunneling"
+      },
+      {
+        "name": "USE_ANALOGOUS_COLORS",
+        "default": false,
+        "lifecycle": "testing",
+        "description": "Use analogous colors in charts"
+      }
+    ],
+    "stable": [
+      {
+        "name": "ALERTS_ATTACH_REPORTS",
+        "default": true,
+        "lifecycle": "stable",
+        "description": "When enabled, alerts send email/slack with screenshot AND link. When disabled, alerts send only link; reports still send screenshot.",
+        "category": "runtime_config"
+      },
+      {
+        "name": "ALLOW_ADHOC_SUBQUERY",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Allow ad-hoc subqueries in SQL Lab",
+        "category": "runtime_config"
+      },
+      {
+        "name": "CACHE_QUERY_BY_USER",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Enable caching per user key for Superset cache",
+        "category": "runtime_config"
+      },
+      {
+        "name": "CSS_TEMPLATES",
+        "default": true,
+        "lifecycle": "stable",
+        "description": "Enables CSS Templates in Settings menu and dashboard forms",
+        "category": "runtime_config"
+      },
+      {
+        "name": "DASHBOARD_RBAC",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Role-based access control for dashboards",
+        "docs": "https://superset.apache.org/docs/using-superset/creating-your-first-dashboard",
+        "category": "runtime_config"
+      },
+      {
+        "name": "DASHBOARD_VIRTUALIZATION",
+        "default": true,
+        "lifecycle": "stable",
+        "description": "Enables dashboard virtualization for improved performance",
+        "category": "path_to_deprecation"
+      },
+      {
+        "name": "DATAPANEL_CLOSED_BY_DEFAULT",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Data panel closed by default in chart builder",
+        "category": "runtime_config"
+      },
+      {
+        "name": "DRILL_BY",
+        "default": true,
+        "lifecycle": "stable",
+        "description": "Enable drill-by functionality in charts",
+        "category": "runtime_config"
+      },
+      {
+        "name": "DRUID_JOINS",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Enable Druid JOINs (requires Druid version with JOIN support)",
+        "category": "runtime_config"
+      },
+      {
+        "name": "EMBEDDABLE_CHARTS",
+        "default": true,
+        "lifecycle": "stable",
+        "description": "Enable sharing charts with embedding",
+        "category": "runtime_config"
+      },
+      {
+        "name": "EMBEDDED_SUPERSET",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Enable embedded Superset functionality",
+        "category": "runtime_config"
+      },
+      {
+        "name": "ENABLE_FACTORY_RESET_COMMAND",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Enable factory reset CLI command",
+        "category": "internal"
+      },
+      {
+        "name": "ENABLE_TEMPLATE_PROCESSING",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Enable Jinja templating in SQL queries",
+        "category": "runtime_config"
+      },
+      {
+        "name": "ESCAPE_MARKDOWN_HTML",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Escape HTML in Markdown components (rather than rendering it)",
+        "category": "runtime_config"
+      },
+      {
+        "name": "FILTERBAR_CLOSED_BY_DEFAULT",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Filter bar closed by default when opening dashboard",
+        "category": "runtime_config"
+      },
+      {
+        "name": "FORCE_GARBAGE_COLLECTION_AFTER_EVERY_REQUEST",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Force garbage collection after every request",
+        "category": "runtime_config"
+      },
+      {
+        "name": "LISTVIEWS_DEFAULT_CARD_VIEW",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Use card view as default in list views",
+        "category": "runtime_config"
+      },
+      {
+        "name": "MENU_HIDE_USER_INFO",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Hide user info in the navigation menu",
+        "category": "runtime_config"
+      },
+      {
+        "name": "SLACK_ENABLE_AVATARS",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Use Slack avatars for users. Requires adding slack-edge.com to TALISMAN_CONFIG.",
+        "category": "runtime_config"
+      },
+      {
+        "name": "SQLLAB_BACKEND_PERSISTENCE",
+        "default": true,
+        "lifecycle": "stable",
+        "description": "Enable SQL Lab backend persistence for query state",
+        "category": "runtime_config"
+      },
+      {
+        "name": "SQLLAB_FORCE_RUN_ASYNC",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Force SQL Lab to run async via Celery regardless of database settings",
+        "category": "runtime_config"
+      },
+      {
+        "name": "THUMBNAILS",
+        "default": false,
+        "lifecycle": "stable",
+        "description": "Exposes API endpoint to compute thumbnails",
+        "docs": "https://superset.apache.org/docs/configuration/cache",
+        "category": "runtime_config"
+      }
+    ],
+    "deprecated": [
+      {
+        "name": "AVOID_COLORS_COLLISION",
+        "default": true,
+        "lifecycle": "deprecated",
+        "description": "Avoid color collisions in charts by using distinct colors"
+      },
+      {
+        "name": "DRILL_TO_DETAIL",
+        "default": true,
+        "lifecycle": "deprecated",
+        "description": "Enable drill-to-detail functionality in charts"
+      },
+      {
+        "name": "ENABLE_JAVASCRIPT_CONTROLS",
+        "default": false,
+        "lifecycle": "deprecated",
+        "description": "Allow JavaScript in chart controls. WARNING: XSS security vulnerability!"
+      }
+    ]
+  }
+}