docs(changelog): Sign in with ClickHouse Cloud

[Steffen911]

Summary

• Add changelog entry announcing ClickHouse Cloud as a sign-in provider on Langfuse Cloud (US, EU, HIPAA).
• Notes that signing in with ClickHouse Cloud using an email that already has a Langfuse account links the two.
• References Linear issue LFE-8923.

Test plan

• Add login screen screenshot at public/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png (used as both inline image and ogImage)
• Confirm the list of supported regions in the post (US/EU/HIPAA — adjust if Japan or others apply)
• Verify author byline
• Local preview via `pnpm dev` on the /changelog route

🤖 Generated with Claude Code

Greptile Summary

This PR adds a changelog entry announcing ClickHouse Cloud as a new OAuth sign-in provider on Langfuse Cloud, covering account creation, existing-account linking via matching email, and a pointer to the authentication docs.

• The image asset referenced by both ogImage and the <Frame> block (public/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png) is absent from the repository; the page will render a broken image and produce a missing OG image until the screenshot is committed.
• The Japan region (launched April 2026 with stated full platform parity) is not mentioned in the supported-regions list — worth confirming whether ClickHouse Cloud sign-in is or isn't available there before publishing.

Confidence Score: 3/5

Not safe to merge yet — the referenced screenshot is missing from the repository, which will produce broken images on the published changelog page.

The changelog entry itself is well-written and follows the established format, but the image asset does not exist in the repo. Both the ogImage frontmatter field and the inline Frame block point to it, so the page will render with a broken image and missing social-preview metadata the moment it goes live. Additionally, the Japan region — launched weeks earlier with documented full platform parity — is absent from the supported-regions list without explanation.

content/changelog/2026-05-14-sign-in-with-clickhouse-cloud.mdx — the missing image asset and the region list need to be resolved before publishing.

Sequence Diagram

sequenceDiagram
    actor User
    participant Langfuse as Langfuse Cloud Login
    participant CHCloud as ClickHouse Cloud OAuth

    User->>Langfuse: Click "Sign in with ClickHouse Cloud"
    Langfuse->>CHCloud: Redirect to ClickHouse Cloud OAuth
    User->>CHCloud: Authenticate
    CHCloud-->>Langfuse: Return OAuth token + email
    alt Email matches existing Langfuse account
        Langfuse->>Langfuse: Link ClickHouse Cloud identity to existing account
        Langfuse-->>User: Log in (projects, memberships, API keys carried over)
    else New email
        Langfuse->>Langfuse: Create new Langfuse account
        Langfuse-->>User: Log in (new account)
    end

Loading

Prompt To Fix All With AI

Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 2
content/changelog/2026-05-14-sign-in-with-clickhouse-cloud.mdx:6
**Missing image asset blocks publish**

The file `public/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png` is referenced in `ogImage` (line 6) and in the `<Frame>` block (line 20) but does not exist in the repository. The published page will render a broken image, and the OG image used for social/link previews will fail to load. The PR test plan marks this item as unchecked — the screenshot must be added before merging.

### Issue 2 of 2
content/changelog/2026-05-14-sign-in-with-clickhouse-cloud.mdx:13
**Japan region may be omitted**

The Langfuse Cloud Japan region (launched 2026-04-27) is documented as having full platform parity with Cloud EU and Cloud US. The text says the provider is "available across all Langfuse Cloud regions (US, EU, and HIPAA)" but does not mention Japan. If ClickHouse Cloud sign-in is also enabled on the Japan region, the region list should be updated; if it is intentionally excluded, a brief note explaining why would prevent confusion for Japan-region users.

_{Reviews (1): Last reviewed commit: "docs(changelog): announce Sign in with C..." | Re-trigger Greptile}

Greptile also left 2 inline comments on this PR.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
langfuse-docs	Ready	Preview, Comment	May 14, 2026 11:20am

[github-actions]

@claude review

[greptile-apps]

Missing image asset blocks publish

The file public/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png is referenced in ogImage (line 6) and in the <Frame> block (line 20) but does not exist in the repository. The published page will render a broken image, and the OG image used for social/link previews will fail to load. The PR test plan marks this item as unchecked — the screenshot must be added before merging.

Prompt To Fix With AI

This is a comment left during a code review.
Path: content/changelog/2026-05-14-sign-in-with-clickhouse-cloud.mdx
Line: 6

Comment:
**Missing image asset blocks publish**

The file `public/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png` is referenced in `ogImage` (line 6) and in the `<Frame>` block (line 20) but does not exist in the repository. The published page will render a broken image, and the OG image used for social/link previews will fail to load. The PR test plan marks this item as unchecked — the screenshot must be added before merging.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

Japan region may be omitted

The Langfuse Cloud Japan region (launched 2026-04-27) is documented as having full platform parity with Cloud EU and Cloud US. The text says the provider is "available across all Langfuse Cloud regions (US, EU, and HIPAA)" but does not mention Japan. If ClickHouse Cloud sign-in is also enabled on the Japan region, the region list should be updated; if it is intentionally excluded, a brief note explaining why would prevent confusion for Japan-region users. Is ClickHouse Cloud sign-in available on the Japan region as well? If so, should it be added to the list?

Prompt To Fix With AI

This is a comment left during a code review.
Path: content/changelog/2026-05-14-sign-in-with-clickhouse-cloud.mdx
Line: 13

Comment:
**Japan region may be omitted**

The Langfuse Cloud Japan region (launched 2026-04-27) is documented as having full platform parity with Cloud EU and Cloud US. The text says the provider is "available across all Langfuse Cloud regions (US, EU, and HIPAA)" but does not mention Japan. If ClickHouse Cloud sign-in is also enabled on the Japan region, the region list should be updated; if it is intentionally excluded, a brief note explaining why would prevent confusion for Japan-region users. Is ClickHouse Cloud sign-in available on the Japan region as well? If so, should it be added to the list?

How can I resolve this? If you propose a fix, please make it concise.

[claude]

🔴 The line "available across all Langfuse Cloud regions (US, EU, and HIPAA)" is internally contradictory — Langfuse Cloud also has a Japan region (jp.cloud.langfuse.com, see content/security/data-regions.mdx and the 2026-04-27 changelog entry), so the parenthetical does not match "all". Either add Japan to the list (if ClickHouse SSO is supported there) or change "all Langfuse Cloud regions" to "the US, EU, and HIPAA regions" (if Japan is intentionally excluded). The PR's own test plan flags this exact uncertainty.

Extended reasoning...

What's wrong

Line 13 of content/changelog/2026-05-14-sign-in-with-clickhouse-cloud.mdx says:

available across all Langfuse Cloud regions (US, EU, and HIPAA)

The parenthetical lists three regions but uses the word "all", which is factually inaccurate. Langfuse Cloud has four regions, not three.

Proof — step by step

1. Open content/security/data-regions.mdx — it enumerates the supported Langfuse Cloud regions and includes Japan (jp.cloud.langfuse.com, Tokyo ap-northeast-1) alongside US, EU, and HIPAA.
2. content/changelog/2026-04-27-langfuse-cloud-japan.mdx is the public announcement that the Japan region went live on 2026-04-27 — i.e. it was live for ~2.5 weeks before this PR was opened on 2026-05-14.
3. Other security docs (content/security/dpa.mdx, content/security/subprocessors.mdx, content/security/hipaa.mdx) consistently treat EU / US / Japan / HIPAA as the four regions.
4. Therefore the statement "available across all Langfuse Cloud regions (US, EU, and HIPAA)" is self-contradictory: the universal quantifier "all" is followed by a list that drops one of the four regions.

Why this matters

This is a public-facing changelog post that customers will read to decide whether they can adopt the new SSO provider. The ambiguity has real consequences in either direction:

• If ClickHouse Cloud sign-in is enabled in Japan, customers in the Japan region may incorrectly conclude it isn't available to them and not try it.
• If it is not enabled in Japan, the word "all" misleads Japan customers into thinking they can use it, leading to a broken login attempt and a support request.

Confirmed by the PR author's own test plan

The PR description includes the line:

Confirm the list of supported regions in the post (US/EU/HIPAA — adjust if Japan or others apply)

— so the author already knows this is unverified and explicitly asked for it to be checked before merge.

How to fix

Pick one of the following, depending on whether the new SSO provider is actually enabled in the Japan region:

• If supported in Japan: ...available across all Langfuse Cloud regions (US, EU, Japan, and HIPAA).
• If not supported in Japan: ...available in the US, EU, and HIPAA regions on Langfuse Cloud. (drop "all")

[claude]

🔴 The closing sentence links readers to Authentication & SSO "for the full list of supported providers", but that page does not list ClickHouse Cloud anywhere — its Social Logins section (content/docs/administration/authentication-and-sso.mdx lines 31-38) still only lists Google, GitHub, and Azure AD (Entra ID), and the intro on line 9 explicitly says "social logins (Sign in with Google, GitHub, Microsoft)". Update authentication-and-sso.mdx as part of this rollout (add ClickHouse Cloud to the Social Logins bullet list and to the line-9 intro) so the changelog and the canonical doc agree at the moment of the public announcement.

Extended reasoning...

What the bug is

The changelog announces a new social login provider (ClickHouse Cloud) and closes with: "See Authentication & SSO for the full list of supported providers." That link points to content/docs/administration/authentication-and-sso.mdx, which is the canonical reference page for sign-in methods. However, that page has not been updated as part of this PR and does not mention ClickHouse Cloud anywhere.

Code path that triggers it

A reader sees the announcement on the /changelog route, follows the closing link expecting to confirm the new provider is supported, and lands on /docs/administration/authentication-and-sso. Two places on that page contradict the changelog:

• Line 9 (intro): "By default, Langfuse supports email/password and social logins (Sign in with Google, GitHub, Microsoft)."
• Lines 31-38 (Social Logins section):

  ## Social Logins
  
  For simplified access, users can sign in using their existing social accounts:
  
  - Google
  - GitHub
  - Azure AD (Entra ID)
  

Neither mentions ClickHouse Cloud.

Why existing code doesn't prevent it

This is a cross-file documentation consistency issue — there is no automated check that the providers listed in the changelog match those in the authoritative SSO doc, so the two can drift, and they have drifted here. The PR adds the changelog file only and does not touch authentication-and-sso.mdx.

Impact

This is a user-visible inconsistency at the exact moment of the public announcement. Anyone who clicks the link the changelog explicitly invites them to click — to verify or learn more about the new provider — will see a list that contradicts the announcement. That undermines trust in the docs and the rollout, and is the kind of thing the changelog's closing line is specifically designed to avoid.

How to fix it

In content/docs/administration/authentication-and-sso.mdx, update both the intro line and the Social Logins list to include ClickHouse Cloud, e.g.:

• Line 9: ... social logins (Sign in with Google, GitHub, Microsoft, ClickHouse Cloud).
• Lines 35-37 bullet list: add - ClickHouse Cloud (with the appropriate availability note if it is Cloud-only).

If ClickHouse Cloud is only available on Langfuse Cloud (as the changelog implies: "available across all Langfuse Cloud regions"), the doc should also call that out so self-hosted readers are not misled.

Step-by-step proof

1. Open the new changelog (content/changelog/2026-05-14-sign-in-with-clickhouse-cloud.mdx, line 23): the page ends with See [Authentication & SSO](/docs/administration/authentication-and-sso) for the full list of supported providers.
2. Follow that link to content/docs/administration/authentication-and-sso.mdx.
3. Read line 9 — it lists Google, GitHub, Microsoft.
4. Read lines 31-38 — the ## Social Logins section lists exactly three providers: Google, GitHub, Azure AD (Entra ID).
5. Search the whole file for ClickHouse — zero matches.
6. The reader has now followed the changelog's own pointer to "the full list of supported providers" and the newly-announced provider is not on that list. Bug confirmed.

[claude]

🔴 The frontmatter sets ogImage to /images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png, and the inline <Frame> on lines 19-21 embeds the same path. Since ChangelogHeader automatically renders ogImage at the top of the post (unless showOgInHeader: false is set), the identical screenshot will appear twice on the published page. Fix by dropping the inline <Frame>, swapping it for a different screenshot, or adding showOgInHeader: false to the frontmatter.

Extended reasoning...

What the bug is

The new changelog MDX file declares ogImage: /images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png in its frontmatter (line 6) and also embeds an inline <Frame> containing the same image path on lines 19-21:

<Frame fullWidth>
  ![Sign in to Langfuse with ClickHouse Cloud](/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png)
</Frame>

Why the existing component code doesn't prevent this

components/changelog/ChangelogHeader.tsx lines 69-83 unconditionally renders the ogImage (or ogVideo/gif if provided) as an <Image> element at the top of every changelog post, unless the frontmatter explicitly sets showOgInHeader: false:

{showOgInHeader === false ? null : ogVideo ? (
  <Video src={ogVideo} gifStyle />
) : ogImage ? (
  <Image src={(gif ?? ogImage) as string} ... />
) : null}

The new MDX does not set showOgInHeader, so the default branch fires and the header renders the screenshot.

Step-by-step proof

1. <ChangelogHeader /> mounts and reads frontMatter via useChangelogFrontMatter().
2. frontMatter.showOgInHeader is undefined (not set in this MDX), so showOgInHeader === false is false → the conditional falls through.
3. frontMatter.ogVideo is undefined → falls through to the ogImage branch.
4. frontMatter.ogImage is /images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png → renders <Image src="/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png" ... /> at the top of the post.
5. MDX body then renders the inline <Frame> containing the same /images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png path.
6. Result: two <img> tags pointing to the same asset on the same page.

Convention in the repo

Other recent changelogs that use ogImage (2026-04-13-experiments-rebuild.mdx, 2026-04-13-amazon-bedrock-api-keys.mdx, 2026-04-27-langfuse-cloud-japan.mdx, 2026-05-08-self-service-enterprise-sso-setup.mdx) do not also inline the same image. The one entry that uses both an ogImage and a body <Frame> (2026-02-13-observation-level-evals.mdx) deliberately uses two different files. So the established convention is to avoid duplicating the same asset.

Impact and fix

Once the screenshot is added at public/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png (the PR checklist requires this before merge), readers on /changelog/2026-05-14-sign-in-with-clickhouse-cloud will see the identical screenshot rendered twice. Fix is a one-liner — pick any of: (a) delete the inline <Frame> block on lines 19-21, (b) replace the inline image with a different screenshot, or (c) add showOgInHeader: false to the frontmatter to suppress the header image.

[claude]

🔴 The MDX references /images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png in both the ogImage frontmatter (line 6) and the inline <Frame> (line 20), but the image file is not committed in this PR. If merged as-is, the changelog page will render a broken image and the OpenGraph preview will 404 when the URL is shared. The PR's own test plan flags this as an unchecked TODO — please commit public/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png alongside this MDX before merging.

Extended reasoning...

What the bug is

The new changelog entry content/changelog/2026-05-14-sign-in-with-clickhouse-cloud.mdx references an image at /images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png in two distinct places:

1. Frontmatter ogImage (line 6): ogImage: /images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png — used to generate the OpenGraph preview card when the page is shared on social media / chat.
2. Inline <Frame> (line 20): ![Sign in to Langfuse with ClickHouse Cloud](/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png) — the screenshot embedded in the body of the changelog post.

However, the PR does not add a corresponding asset to public/images/changelog/. The directory only contains older images (e.g., 2026-05-05-experiment-ci-cd.png), with no 2026-05-14-sign-in-with-clickhouse-cloud.png.

Why existing code doesn't prevent it

There is no build-time validation that ogImage paths or inline image references in MDX resolve to committed assets in public/. Both Next.js' /public static serving and the MDX image component silently 404 at request time rather than failing the build, so this won't be caught by pnpm build or any of the docs lint/typecheck steps.

Impact

Once this PR merges to main and deploys:

• The body of /changelog/2026-05-14-sign-in-with-clickhouse-cloud will render a broken image (alt text only).
• Any social/chat unfurl of the changelog URL will request a non-existent OpenGraph image — the unfurl will either show no preview or a 404 placeholder.
• Both regressions are user-visible on a public marketing surface.

Step-by-step proof

1. Clone the PR branch.
2. ls public/images/changelog/ | grep clickhouse → no matching file (verified by multiple reviewers; only 2026-05-05-experiment-ci-cd.png is present for May 2026).
3. pnpm dev and visit /changelog/2026-05-14-sign-in-with-clickhouse-cloud → the inline <Frame> renders a broken <img> (the browser shows the alt text and a missing-image icon, and DevTools shows a 404 for /images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png).
4. curl -I http://localhost:3000/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png → HTTP/1.1 404 Not Found.
5. Inspect the generated <head> of the changelog page — the OpenGraph og:image meta tag points to the same 404 URL.

How to fix

Commit the actual screenshot at public/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png as part of this PR. The PR's own test plan already lists this as an unchecked TODO ("Add login screen screenshot at public/images/changelog/2026-05-14-sign-in-with-clickhouse-cloud.png (used as both inline image and ogImage)"), so the author is aware — it just needs to be done before merge.