[HDX-3277] Fix service filter quote escaping on Services page

[wrn14897]

Summary

• escape service name values when generating the Services page SQL filter to prevent malformed queries when names contain quotes
• switch from string interpolation to SqlString.format with a raw left-hand expression and escaped right-hand value

Why

• service names containing apostrophes/single quotes broke ClickHouse query parsing, causing the Services page to error

Linear: https://linear.app/clickhouse/issue/HDX-3277/service-page-quote-escape-bug

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
hyperdx-oss	Ready	Preview, Comment	Mar 17, 2026 9:14pm

[changeset-bot]

🦋 Changeset detected

Latest commit: ce7e09c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@hyperdx/app	Patch
@hyperdx/api	Patch
@hyperdx/otel-collector	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

PR Review

✅ No critical issues found.

The fix correctly replaces unsafe string interpolation with SqlString.format() using SqlString.raw() for the column expression (unescaped, as intended) and proper escaping for the user-controlled service name value. This pattern is consistent with how sqlstring is already used throughout the codebase (e.g., useRowWhere.tsx). Test coverage is adequate.

[github-actions]

E2E Test Results

✅ All tests passed • 91 passed • 3 skipped • 941s

Status	Count
✅ Passed	91
❌ Failed	0
⚠️ Flaky	2
⏭️ Skipped	3

Tests ran across 4 shards in parallel.

View full report →