fix: added a new metrics and converted into counters

docs/api/openapi.yml

@@ -3892,6 +3892,8 @@ components:
           type: string
         oldPassword:
           type: string
+        userId:
+          type: string
       type: object
     TypesDeprecatedUser:
       properties:
@@ -4270,6 +4272,63 @@ paths:
       summary: Get resources
       tags:
       - authz
+  /api/v1/changePassword/{id}:
+    post:
+      deprecated: false
+      description: This endpoint changes the password by id
+      operationId: ChangePassword
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/TypesChangePasswordRequest'
+      responses:
+        "204":
+          description: No Content
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Change password
+      tags:
+      - users
   /api/v1/channels:
     get:
       deprecated: false
@@ -6009,9 +6068,9 @@ paths:
       - fields
   /api/v1/getResetPasswordToken/{id}:
     get:
-      deprecated: true
+      deprecated: false
       description: This endpoint returns the reset password token by id
-      operationId: GetResetPasswordTokenDeprecated
+      operationId: GetResetPasswordToken
       parameters:
       - in: path
         name: id
@@ -10835,129 +10894,6 @@ paths:
       summary: Update user v2
       tags:
       - users
-  /api/v2/users/{id}/reset_password_tokens:
-    get:
-      deprecated: false
-      description: This endpoint returns the existing reset password token for a user.
-      operationId: GetResetPasswordToken
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/TypesResetPasswordToken'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Get reset password token for a user
-      tags:
-      - users
-    put:
-      deprecated: false
-      description: This endpoint creates or regenerates a reset password token for
-        a user. If a valid token exists, it is returned. If expired, a new one is
-        created.
-      operationId: CreateResetPasswordToken
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "201":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/TypesResetPasswordToken'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: Created
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Create or regenerate reset password token for a user
-      tags:
-      - users
   /api/v2/users/{id}/roles:
     get:
       deprecated: false
@@ -11198,57 +11134,6 @@ paths:
       summary: Update my user v2
       tags:
       - users
-  /api/v2/users/me/factor_password:
-    put:
-      deprecated: false
-      description: This endpoint updates the password of the user I belong to
-      operationId: UpdateMyPassword
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/TypesChangePasswordRequest'
-      responses:
-        "204":
-          description: No Content
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Updates my password
-      tags:
-      - users
   /api/v2/zeus/hosts:
     get:
       deprecated: false

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -4837,6 +4837,10 @@ export interface TypesChangePasswordRequestDTO {
 	 * @type string
 	 */
 	oldPassword?: string;
+	/**
+	 * @type string
+	 */
+	userId?: string;
 }
 
 export interface TypesDeprecatedUserDTO {
@@ -5200,6 +5204,9 @@ export type AuthzResources200 = {
 	status: string;
 };
 
+export type ChangePasswordPathParameters = {
+	id: string;
+};
 export type ListChannels200 = {
 	/**
 	 * @type array
@@ -5597,10 +5604,10 @@ export type GetFieldsValues200 = {
 	status: string;
 };
 
-export type GetResetPasswordTokenDeprecatedPathParameters = {
+export type GetResetPasswordTokenPathParameters = {
 	id: string;
 };
-export type GetResetPasswordTokenDeprecated200 = {
+export type GetResetPasswordToken200 = {
 	data: TypesResetPasswordTokenDTO;
 	/**
 	 * @type string
@@ -6572,28 +6579,6 @@ export type GetUser200 = {
 export type UpdateUserPathParameters = {
 	id: string;
 };
-export type GetResetPasswordTokenPathParameters = {
-	id: string;
-};
-export type GetResetPasswordToken200 = {
-	data: TypesResetPasswordTokenDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type CreateResetPasswordTokenPathParameters = {
-	id: string;
-};
-export type CreateResetPasswordToken201 = {
-	data: TypesResetPasswordTokenDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
 export type GetRolesByUserIDPathParameters = {
 	id: string;
 };

frontend/src/api/generated/services/users/index.ts

@@ -20,15 +20,12 @@ import { useMutation, useQuery } from 'react-query';
 import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
 import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
 import type {
+	ChangePasswordPathParameters,
 	CreateInvite201,
-	CreateResetPasswordToken201,
-	CreateResetPasswordTokenPathParameters,
 	DeleteUserPathParameters,
 	GetMyUser200,
 	GetMyUserDeprecated200,
 	GetResetPasswordToken200,
-	GetResetPasswordTokenDeprecated200,
-	GetResetPasswordTokenDeprecatedPathParameters,
 	GetResetPasswordTokenPathParameters,
 	GetRolesByUserID200,
 	GetRolesByUserIDPathParameters,
@@ -57,35 +54,133 @@ import type {
 } from '../sigNoz.schemas';
 
 /**
- * This endpoint returns the reset password token by id
- * @deprecated
- * @summary Get reset password token
+ * This endpoint changes the password by id
+ * @summary Change password
  */
-export const getResetPasswordTokenDeprecated = (
-	{ id }: GetResetPasswordTokenDeprecatedPathParameters,
+export const changePassword = (
+	{ id }: ChangePasswordPathParameters,
+	typesChangePasswordRequestDTO: BodyType<TypesChangePasswordRequestDTO>,
 	signal?: AbortSignal,
 ) => {
-	return GeneratedAPIInstance<GetResetPasswordTokenDeprecated200>({
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/changePassword/${id}`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: typesChangePasswordRequestDTO,
+		signal,
+	});
+};
+
+export const getChangePasswordMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof changePassword>>,
+		TError,
+		{
+			pathParams: ChangePasswordPathParameters;
+			data: BodyType<TypesChangePasswordRequestDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof changePassword>>,
+	TError,
+	{
+		pathParams: ChangePasswordPathParameters;
+		data: BodyType<TypesChangePasswordRequestDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['changePassword'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof changePassword>>,
+		{
+			pathParams: ChangePasswordPathParameters;
+			data: BodyType<TypesChangePasswordRequestDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return changePassword(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type ChangePasswordMutationResult = NonNullable<
+	Awaited<ReturnType<typeof changePassword>>
+>;
+export type ChangePasswordMutationBody = BodyType<TypesChangePasswordRequestDTO>;
+export type ChangePasswordMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Change password
+ */
+export const useChangePassword = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof changePassword>>,
+		TError,
+		{
+			pathParams: ChangePasswordPathParameters;
+			data: BodyType<TypesChangePasswordRequestDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof changePassword>>,
+	TError,
+	{
+		pathParams: ChangePasswordPathParameters;
+		data: BodyType<TypesChangePasswordRequestDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getChangePasswordMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint returns the reset password token by id
+ * @summary Get reset password token
+ */
+export const getResetPasswordToken = (
+	{ id }: GetResetPasswordTokenPathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<GetResetPasswordToken200>({
 		url: `/api/v1/getResetPasswordToken/${id}`,
 		method: 'GET',
 		signal,
 	});
 };
 
-export const getGetResetPasswordTokenDeprecatedQueryKey = ({
+export const getGetResetPasswordTokenQueryKey = ({
 	id,
-}: GetResetPasswordTokenDeprecatedPathParameters) => {
+}: GetResetPasswordTokenPathParameters) => {
 	return [`/api/v1/getResetPasswordToken/${id}`] as const;
 };
 
-export const getGetResetPasswordTokenDeprecatedQueryOptions = <
-	TData = Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
+export const getGetResetPasswordTokenQueryOptions = <
+	TData = Awaited<ReturnType<typeof getResetPasswordToken>>,
 	TError = ErrorType<RenderErrorResponseDTO>
 >(
-	{ id }: GetResetPasswordTokenDeprecatedPathParameters,
+	{ id }: GetResetPasswordTokenPathParameters,
 	options?: {
 		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
+			Awaited<ReturnType<typeof getResetPasswordToken>>,
 			TError,
 			TData
 		>;
@@ -94,11 +189,11 @@ export const getGetResetPasswordTokenDeprecatedQueryOptions = <
 	const { query: queryOptions } = options ?? {};
 
 	const queryKey =
-		queryOptions?.queryKey ?? getGetResetPasswordTokenDeprecatedQueryKey({ id });
+		queryOptions?.queryKey ?? getGetResetPasswordTokenQueryKey({ id });
 
 	const queryFn: QueryFunction<
-		Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>
-	> = ({ signal }) => getResetPasswordTokenDeprecated({ id }, signal);
+		Awaited<ReturnType<typeof getResetPasswordToken>>
+	> = ({ signal }) => getResetPasswordToken({ id }, signal);
 
 	return {
 		queryKey,
@@ -106,39 +201,35 @@ export const getGetResetPasswordTokenDeprecatedQueryOptions = <
 		enabled: !!id,
 		...queryOptions,
 	} as UseQueryOptions<
-		Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
+		Awaited<ReturnType<typeof getResetPasswordToken>>,
 		TError,
 		TData
 	> & { queryKey: QueryKey };
 };
 
-export type GetResetPasswordTokenDeprecatedQueryResult = NonNullable<
-	Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>
+export type GetResetPasswordTokenQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getResetPasswordToken>>
 >;
-export type GetResetPasswordTokenDeprecatedQueryError = ErrorType<RenderErrorResponseDTO>;
+export type GetResetPasswordTokenQueryError = ErrorType<RenderErrorResponseDTO>;
 
 /**
- * @deprecated
  * @summary Get reset password token
  */
 
-export function useGetResetPasswordTokenDeprecated<
-	TData = Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
+export function useGetResetPasswordToken<
+	TData = Awaited<ReturnType<typeof getResetPasswordToken>>,
 	TError = ErrorType<RenderErrorResponseDTO>
 >(
-	{ id }: GetResetPasswordTokenDeprecatedPathParameters,
+	{ id }: GetResetPasswordTokenPathParameters,
 	options?: {
 		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getResetPasswordTokenDeprecated>>,
+			Awaited<ReturnType<typeof getResetPasswordToken>>,
 			TError,
 			TData
 		>;
 	},
 ): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetResetPasswordTokenDeprecatedQueryOptions(
-		{ id },
-		options,
-	);
+	const queryOptions = getGetResetPasswordTokenQueryOptions({ id }, options);
 
 	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
 		queryKey: QueryKey;
@@ -150,16 +241,15 @@ export function useGetResetPasswordTokenDeprecated<
 }
 
 /**
- * @deprecated
  * @summary Get reset password token
  */
-export const invalidateGetResetPasswordTokenDeprecated = async (
+export const invalidateGetResetPasswordToken = async (
 	queryClient: QueryClient,
-	{ id }: GetResetPasswordTokenDeprecatedPathParameters,
+	{ id }: GetResetPasswordTokenPathParameters,
 	options?: InvalidateOptions,
 ): Promise<QueryClient> => {
 	await queryClient.invalidateQueries(
-		{ queryKey: getGetResetPasswordTokenDeprecatedQueryKey({ id }) },
+		{ queryKey: getGetResetPasswordTokenQueryKey({ id }) },
 		options,
 	);
 
@@ -1317,189 +1407,6 @@ export const useUpdateUser = <
 
 	return useMutation(mutationOptions);
 };
-/**
- * This endpoint returns the existing reset password token for a user.
- * @summary Get reset password token for a user
- */
-export const getResetPasswordToken = (
-	{ id }: GetResetPasswordTokenPathParameters,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<GetResetPasswordToken200>({
-		url: `/api/v2/users/${id}/reset_password_tokens`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getGetResetPasswordTokenQueryKey = ({
-	id,
-}: GetResetPasswordTokenPathParameters) => {
-	return [`/api/v2/users/${id}/reset_password_tokens`] as const;
-};
-
-export const getGetResetPasswordTokenQueryOptions = <
-	TData = Awaited<ReturnType<typeof getResetPasswordToken>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetResetPasswordTokenPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getResetPasswordToken>>,
-			TError,
-			TData
-		>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey =
-		queryOptions?.queryKey ?? getGetResetPasswordTokenQueryKey({ id });
-
-	const queryFn: QueryFunction<
-		Awaited<ReturnType<typeof getResetPasswordToken>>
-	> = ({ signal }) => getResetPasswordToken({ id }, signal);
-
-	return {
-		queryKey,
-		queryFn,
-		enabled: !!id,
-		...queryOptions,
-	} as UseQueryOptions<
-		Awaited<ReturnType<typeof getResetPasswordToken>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type GetResetPasswordTokenQueryResult = NonNullable<
-	Awaited<ReturnType<typeof getResetPasswordToken>>
->;
-export type GetResetPasswordTokenQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Get reset password token for a user
- */
-
-export function useGetResetPasswordToken<
-	TData = Awaited<ReturnType<typeof getResetPasswordToken>>,
-	TError = ErrorType<RenderErrorResponseDTO>
->(
-	{ id }: GetResetPasswordTokenPathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getResetPasswordToken>>,
-			TError,
-			TData
-		>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetResetPasswordTokenQueryOptions({ id }, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary Get reset password token for a user
- */
-export const invalidateGetResetPasswordToken = async (
-	queryClient: QueryClient,
-	{ id }: GetResetPasswordTokenPathParameters,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getGetResetPasswordTokenQueryKey({ id }) },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint creates or regenerates a reset password token for a user. If a valid token exists, it is returned. If expired, a new one is created.
- * @summary Create or regenerate reset password token for a user
- */
-export const createResetPasswordToken = ({
-	id,
-}: CreateResetPasswordTokenPathParameters) => {
-	return GeneratedAPIInstance<CreateResetPasswordToken201>({
-		url: `/api/v2/users/${id}/reset_password_tokens`,
-		method: 'PUT',
-	});
-};
-
-export const getCreateResetPasswordTokenMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createResetPasswordToken>>,
-		TError,
-		{ pathParams: CreateResetPasswordTokenPathParameters },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof createResetPasswordToken>>,
-	TError,
-	{ pathParams: CreateResetPasswordTokenPathParameters },
-	TContext
-> => {
-	const mutationKey = ['createResetPasswordToken'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof createResetPasswordToken>>,
-		{ pathParams: CreateResetPasswordTokenPathParameters }
-	> = (props) => {
-		const { pathParams } = props ?? {};
-
-		return createResetPasswordToken(pathParams);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type CreateResetPasswordTokenMutationResult = NonNullable<
-	Awaited<ReturnType<typeof createResetPasswordToken>>
->;
-
-export type CreateResetPasswordTokenMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Create or regenerate reset password token for a user
- */
-export const useCreateResetPasswordToken = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createResetPasswordToken>>,
-		TError,
-		{ pathParams: CreateResetPasswordTokenPathParameters },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof createResetPasswordToken>>,
-	TError,
-	{ pathParams: CreateResetPasswordTokenPathParameters },
-	TContext
-> => {
-	const mutationOptions = getCreateResetPasswordTokenMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
 /**
  * This endpoint returns the user roles by user id
  * @summary Get user roles
@@ -1943,84 +1850,3 @@ export const useUpdateMyUserV2 = <
 
 	return useMutation(mutationOptions);
 };
-/**
- * This endpoint updates the password of the user I belong to
- * @summary Updates my password
- */
-export const updateMyPassword = (
-	typesChangePasswordRequestDTO: BodyType<TypesChangePasswordRequestDTO>,
-) => {
-	return GeneratedAPIInstance<void>({
-		url: `/api/v2/users/me/factor_password`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: typesChangePasswordRequestDTO,
-	});
-};
-
-export const getUpdateMyPasswordMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateMyPassword>>,
-		TError,
-		{ data: BodyType<TypesChangePasswordRequestDTO> },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateMyPassword>>,
-	TError,
-	{ data: BodyType<TypesChangePasswordRequestDTO> },
-	TContext
-> => {
-	const mutationKey = ['updateMyPassword'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateMyPassword>>,
-		{ data: BodyType<TypesChangePasswordRequestDTO> }
-	> = (props) => {
-		const { data } = props ?? {};
-
-		return updateMyPassword(data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateMyPasswordMutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateMyPassword>>
->;
-export type UpdateMyPasswordMutationBody = BodyType<TypesChangePasswordRequestDTO>;
-export type UpdateMyPasswordMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Updates my password
- */
-export const useUpdateMyPassword = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateMyPassword>>,
-		TError,
-		{ data: BodyType<TypesChangePasswordRequestDTO> },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateMyPassword>>,
-	TError,
-	{ data: BodyType<TypesChangePasswordRequestDTO> },
-	TContext
-> => {
-	const mutationOptions = getUpdateMyPasswordMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};

frontend/src/api/v1/factor_password/changeMyPassword.ts

@@ -0,0 +1,27 @@
+import axios from 'api';
+import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
+import { AxiosError } from 'axios';
+import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
+import { PayloadProps, Props } from 'types/api/user/changeMyPassword';
+
+const changeMyPassword = async (
+	props: Props,
+): Promise<SuccessResponseV2<PayloadProps>> => {
+	try {
+		const response = await axios.post<PayloadProps>(
+			`/changePassword/${props.userId}`,
+			{
+				...props,
+			},
+		);
+
+		return {
+			httpStatusCode: response.status,
+			data: response.data,
+		};
+	} catch (error) {
+		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
+	}
+};
+
+export default changeMyPassword;

frontend/src/api/v1/factor_password/getResetPasswordToken.ts

@@ -0,0 +1,28 @@
+import axios from 'api';
+import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
+import { AxiosError } from 'axios';
+import { ErrorV2Resp, SuccessResponseV2 } from 'types/api';
+import {
+	GetResetPasswordToken,
+	PayloadProps,
+	Props,
+} from 'types/api/user/getResetPasswordToken';
+
+const getResetPasswordToken = async (
+	props: Props,
+): Promise<SuccessResponseV2<GetResetPasswordToken>> => {
+	try {
+		const response = await axios.get<PayloadProps>(
+			`/getResetPasswordToken/${props.userId}`,
+		);
+
+		return {
+			httpStatusCode: response.status,
+			data: response.data.data,
+		};
+	} catch (error) {
+		ErrorResponseHandlerV2(error as AxiosError<ErrorV2Resp>);
+	}
+};
+
+export default getResetPasswordToken;

frontend/src/components/EditMemberDrawer/EditMemberDrawer.tsx

@@ -10,9 +10,8 @@ import { Skeleton, Tooltip } from 'antd';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
 import {
-	useCreateResetPasswordToken,
+	getResetPasswordToken,
 	useDeleteUser,
-	useGetResetPasswordToken,
 	useGetUser,
 	useUpdateMyUserV2,
 	useUpdateUser,
@@ -56,27 +55,6 @@ function getDeleteTooltip(
 	return undefined;
 }
 
-function getInviteButtonLabel(
-	isLoading: boolean,
-	existingToken: { expiresAt?: Date } | undefined,
-	isExpired: boolean,
-	notFound: boolean,
-): string {
-	if (isLoading) {
-		return 'Checking invite...';
-	}
-	if (existingToken && !isExpired) {
-		return 'Copy Invite Link';
-	}
-	if (isExpired) {
-		return 'Regenerate Invite Link';
-	}
-	if (notFound) {
-		return 'Generate Invite Link';
-	}
-	return 'Copy Invite Link';
-}
-
 function toSaveApiError(err: unknown): APIError {
 	return (
 		convertToApiError(err as AxiosError<RenderErrorResponseDTO>) ??
@@ -105,11 +83,9 @@ function EditMemberDrawer({
 	const [localRole, setLocalRole] = useState('');
 	const [isSaving, setIsSaving] = useState(false);
 	const [saveErrors, setSaveErrors] = useState<SaveError[]>([]);
+	const [isGeneratingLink, setIsGeneratingLink] = useState(false);
 	const [showDeleteConfirm, setShowDeleteConfirm] = useState(false);
 	const [resetLink, setResetLink] = useState<string | null>(null);
-	const [resetLinkExpiresAt, setResetLinkExpiresAt] = useState<string | null>(
-		null,
-	);
 	const [showResetLinkDialog, setShowResetLinkDialog] = useState(false);
 	const [hasCopiedResetLink, setHasCopiedResetLink] = useState(false);
 	const [linkType, setLinkType] = useState<'invite' | 'reset' | null>(null);
@@ -145,27 +121,6 @@ function EditMemberDrawer({
 		applyDiff,
 	} = useMemberRoleManager(member?.id ?? '', open && !!member?.id);
 
-	// Token status query for invited users
-	const {
-		data: tokenQueryData,
-		isLoading: isLoadingTokenStatus,
-		isError: tokenNotFound,
-	} = useGetResetPasswordToken(
-		{ id: member?.id ?? '' },
-		{ query: { enabled: open && !!member?.id && isInvited } },
-	);
-
-	const existingToken = tokenQueryData?.data;
-	const isTokenExpired =
-		existingToken != null &&
-		new Date(String(existingToken.expiresAt)) < new Date();
-
-	// Create/regenerate token mutation
-	const {
-		mutateAsync: createTokenMutation,
-		isLoading: isGeneratingLink,
-	} = useCreateResetPasswordToken();
-
 	const fetchedDisplayName =
 		fetchedUser?.data?.displayName ?? member?.name ?? '';
 	const fetchedUserId = fetchedUser?.data?.id;
@@ -383,21 +338,12 @@ function EditMemberDrawer({
 		if (!member) {
 			return;
 		}
+		setIsGeneratingLink(true);
 		try {
-			const response = await createTokenMutation({
-				pathParams: { id: member.id },
-			});
+			const response = await getResetPasswordToken({ id: member.id });
 			if (response?.data?.token) {
 				const link = `${window.location.origin}/password-reset?token=${response.data.token}`;
 				setResetLink(link);
-				setResetLinkExpiresAt(
-					response.data.expiresAt
-						? formatTimezoneAdjustedTimestamp(
-								String(response.data.expiresAt),
-								DATE_TIME_FORMATS.DASH_DATETIME,
-						  )
-						: null,
-				);
 				setHasCopiedResetLink(false);
 				setLinkType(isInvited ? 'invite' : 'reset');
 				setShowResetLinkDialog(true);
@@ -413,8 +359,10 @@ function EditMemberDrawer({
 				err as AxiosError<RenderErrorResponseDTO, unknown> | null,
 			);
 			showErrorModal(errMsg as APIError);
+		} finally {
+			setIsGeneratingLink(false);
 		}
-	}, [member, isInvited, onClose, showErrorModal, createTokenMutation]);
+	}, [member, isInvited, onClose, showErrorModal]);
 
 	const [copyState, copyToClipboard] = useCopyToClipboard();
 	const handleCopyResetLink = useCallback((): void => {
@@ -620,19 +568,12 @@ function EditMemberDrawer({
 								<Button
 									className="edit-member-drawer__footer-btn edit-member-drawer__footer-btn--warning"
 									onClick={handleGenerateResetLink}
-									disabled={isGeneratingLink || isRootUser || isLoadingTokenStatus}
+									disabled={isGeneratingLink || isRootUser}
 								>
 									<RefreshCw size={12} />
-									{isGeneratingLink
-										? 'Generating...'
-										: isInvited
-										? getInviteButtonLabel(
-												isLoadingTokenStatus,
-												existingToken,
-												isTokenExpired,
-												tokenNotFound,
-										  )
-										: 'Generate Password Reset Link'}
+									{isGeneratingLink && 'Generating...'}
+									{!isGeneratingLink && isInvited && 'Copy Invite Link'}
+									{!isGeneratingLink && !isInvited && 'Generate Password Reset Link'}
 								</Button>
 							</span>
 						</Tooltip>
@@ -682,7 +623,6 @@ function EditMemberDrawer({
 				open={showResetLinkDialog}
 				linkType={linkType}
 				resetLink={resetLink}
-				expiresAt={resetLinkExpiresAt}
 				hasCopied={hasCopiedResetLink}
 				onClose={(): void => {
 					setShowResetLinkDialog(false);

frontend/src/components/EditMemberDrawer/ResetLinkDialog.tsx

@@ -6,7 +6,6 @@ interface ResetLinkDialogProps {
 	open: boolean;
 	linkType: 'invite' | 'reset' | null;
 	resetLink: string | null;
-	expiresAt: string | null;
 	hasCopied: boolean;
 	onClose: () => void;
 	onCopy: () => void;
@@ -16,7 +15,6 @@ function ResetLinkDialog({
 	open,
 	linkType,
 	resetLink,
-	expiresAt,
 	hasCopied,
 	onClose,
 	onCopy,
@@ -55,11 +53,6 @@ function ResetLinkDialog({
 						{hasCopied ? 'Copied!' : 'Copy'}
 					</Button>
 				</div>
-				{expiresAt && (
-					<p className="reset-link-dialog__description">
-						This link expires on {expiresAt}.
-					</p>
-				)}
 			</div>
 		</DialogWrapper>
 	);

frontend/src/components/EditMemberDrawer/__tests__/EditMemberDrawer.test.tsx

@@ -2,9 +2,8 @@ import type { ReactNode } from 'react';
 import { toast } from '@signozhq/sonner';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import {
-	useCreateResetPasswordToken,
+	getResetPasswordToken,
 	useDeleteUser,
-	useGetResetPasswordToken,
 	useGetUser,
 	useSetRoleByUserID,
 	useUpdateMyUserV2,
@@ -56,8 +55,7 @@ jest.mock('api/generated/services/users', () => ({
 	useUpdateUser: jest.fn(),
 	useUpdateMyUserV2: jest.fn(),
 	useSetRoleByUserID: jest.fn(),
-	useGetResetPasswordToken: jest.fn(),
-	useCreateResetPasswordToken: jest.fn(),
+	getResetPasswordToken: jest.fn(),
 }));
 
 jest.mock('api/ErrorResponseHandlerForGeneratedAPIs', () => ({
@@ -84,7 +82,7 @@ jest.mock('react-use', () => ({
 const ROLES_ENDPOINT = '*/api/v1/roles';
 
 const mockDeleteMutate = jest.fn();
-const mockCreateTokenMutateAsync = jest.fn();
+const mockGetResetPasswordToken = jest.mocked(getResetPasswordToken);
 
 const showErrorModal = jest.fn();
 jest.mock('providers/ErrorModalProvider', () => ({
@@ -186,31 +184,6 @@ describe('EditMemberDrawer', () => {
 			mutate: mockDeleteMutate,
 			isLoading: false,
 		});
-		// Token query: valid token for invited members
-		(useGetResetPasswordToken as jest.Mock).mockReturnValue({
-			data: {
-				data: {
-					token: 'invite-tok-valid',
-					id: 'token-1',
-					expiresAt: new Date(Date.now() + 86400000).toISOString(),
-				},
-			},
-			isLoading: false,
-			isError: false,
-		});
-		// Create token mutation
-		mockCreateTokenMutateAsync.mockResolvedValue({
-			status: 'success',
-			data: {
-				token: 'reset-tok-abc',
-				id: 'user-1',
-				expiresAt: new Date(Date.now() + 86400000).toISOString(),
-			},
-		});
-		(useCreateResetPasswordToken as jest.Mock).mockReturnValue({
-			mutateAsync: mockCreateTokenMutateAsync,
-			isLoading: false,
-		});
 	});
 
 	afterEach(() => {
@@ -384,40 +357,6 @@ describe('EditMemberDrawer', () => {
 		expect(screen.queryByText('Last Modified')).not.toBeInTheDocument();
 	});
 
-	it('shows "Regenerate Invite Link" when token is expired', () => {
-		(useGetResetPasswordToken as jest.Mock).mockReturnValue({
-			data: {
-				data: {
-					token: 'old-tok',
-					id: 'token-1',
-					expiresAt: new Date(Date.now() - 86400000).toISOString(), // expired yesterday
-				},
-			},
-			isLoading: false,
-			isError: false,
-		});
-
-		renderDrawer({ member: invitedMember });
-
-		expect(
-			screen.getByRole('button', { name: /regenerate invite link/i }),
-		).toBeInTheDocument();
-	});
-
-	it('shows "Generate Invite Link" when no token exists', () => {
-		(useGetResetPasswordToken as jest.Mock).mockReturnValue({
-			data: undefined,
-			isLoading: false,
-			isError: true,
-		});
-
-		renderDrawer({ member: invitedMember });
-
-		expect(
-			screen.getByRole('button', { name: /generate invite link/i }),
-		).toBeInTheDocument();
-	});
-
 	it('calls deleteUser after confirming revoke invite for invited members', async () => {
 		const onComplete = jest.fn();
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
@@ -670,7 +609,7 @@ describe('EditMemberDrawer', () => {
 			).not.toBeInTheDocument();
 		});
 
-		it('does not call createResetPasswordToken when Reset Link is clicked while disabled (root)', async () => {
+		it('does not call getResetPasswordToken when Reset Link is clicked while disabled (root)', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
 			renderDrawer();
 
@@ -678,16 +617,20 @@ describe('EditMemberDrawer', () => {
 				screen.getByRole('button', { name: /generate password reset link/i }),
 			);
 
-			expect(mockCreateTokenMutateAsync).not.toHaveBeenCalled();
+			expect(mockGetResetPasswordToken).not.toHaveBeenCalled();
 		});
 	});
 
 	describe('Generate Password Reset Link', () => {
 		beforeEach(() => {
 			mockCopyToClipboard.mockClear();
+			mockGetResetPasswordToken.mockResolvedValue({
+				status: 'success',
+				data: { token: 'reset-tok-abc', id: 'user-1' },
+			});
 		});
 
-		it('calls POST and opens the reset link dialog with the generated link and expiry', async () => {
+		it('calls getResetPasswordToken and opens the reset link dialog with the generated link', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
 
 			renderDrawer();
@@ -699,12 +642,11 @@ describe('EditMemberDrawer', () => {
 			const dialog = await screen.findByRole('dialog', {
 				name: /password reset link/i,
 			});
-			expect(mockCreateTokenMutateAsync).toHaveBeenCalledWith({
-				pathParams: { id: 'user-1' },
+			expect(mockGetResetPasswordToken).toHaveBeenCalledWith({
+				id: 'user-1',
 			});
 			expect(dialog).toBeInTheDocument();
 			expect(dialog).toHaveTextContent('reset-tok-abc');
-			expect(dialog).toHaveTextContent(/this link expires on/i);
 		});
 
 		it('copies the link to clipboard and shows "Copied!" on the button', async () => {

frontend/src/container/MySettings/UserInfo/index.tsx

@@ -2,10 +2,8 @@ import { useState } from 'react';
 import { useTranslation } from 'react-i18next';
 import { Button, Input, Modal, Typography } from 'antd';
 import logEvent from 'api/common/logEvent';
-import {
-	updateMyPassword,
-	useUpdateMyUserV2,
-} from 'api/generated/services/users';
+import { useUpdateMyUserV2 } from 'api/generated/services/users';
+import changeMyPassword from 'api/v1/factor_password/changeMyPassword';
 import { useNotifications } from 'hooks/useNotifications';
 import { Check, FileTerminal, MailIcon, UserIcon } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
@@ -55,9 +53,10 @@ function UserInfo(): JSX.Element {
 		try {
 			setIsLoading(true);
 
-			await updateMyPassword({
+			await changeMyPassword({
 				newPassword: updatePassword,
 				oldPassword: currentPassword,
+				userId: user.id,
 			});
 			notifications.success({
 				message: t('success', {

frontend/src/container/OrganizationSettings/AuthDomain/__tests__/CreateEdit.test.tsx

@@ -113,8 +113,7 @@ describe('CreateEdit Modal', () => {
 		});
 	});
 
-	// Todo: to fixed properly - failing with - due to timeout > 5000ms
-	describe.skip('Form Validation', () => {
+	describe('Form Validation', () => {
 		it('shows validation error when submitting without required fields', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
 
@@ -334,8 +333,7 @@ describe('CreateEdit Modal', () => {
 		});
 	});
 
-	// Todo: to fixed properly - failing with - due to timeout > 5000ms
-	describe.skip('Modal Actions', () => {
+	describe('Modal Actions', () => {
 		it('calls onClose when cancel button is clicked', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
 

frontend/src/container/RolesSettings/RoleDetails/__tests__/RoleDetailsPage.test.tsx

@@ -56,8 +56,7 @@ afterEach(() => {
 	server.resetHandlers();
 });
 
-// Todo: to fixed properly - failing with - due to timeout > 5000ms
-describe.skip('RoleDetailsPage', () => {
+describe('RoleDetailsPage', () => {
 	it('renders custom role header, tabs, description, permissions, and action buttons', async () => {
 		setupDefaultHandlers();
 

frontend/src/container/SpanDetailsDrawer/__tests__/AttributeActions.userflow.test.tsx

@@ -152,8 +152,7 @@ const renderSpanDetailsDrawer = (span: Span = createMockSpan()): any => {
 };
 
 describe('AttributeActions User Flow Tests', () => {
-	// Todo: to fixed properly - failing with - due to timeout > 5000ms
-	describe.skip('Complete Attribute Actions User Flow', () => {
+	describe('Complete Attribute Actions User Flow', () => {
 		it('should allow user to interact with span attribute actions from trace detail page', async () => {
 			const { user } = renderSpanDetailsDrawer();
 
@@ -255,8 +254,7 @@ describe('AttributeActions User Flow Tests', () => {
 		});
 	});
 
-	// Todo: to fixed properly - failing with - due to timeout > 5000ms
-	describe.skip('Filter Replacement Flow', () => {
+	describe('Filter Replacement Flow', () => {
 		it('should replace previous filter when applying multiple filters on same field', async () => {
 			const { user } = renderSpanDetailsDrawer();
 

frontend/src/mocks-server/handlers.ts

@@ -191,6 +191,17 @@ export const handlers = [
 			}),
 		),
 	),
+	rest.post('http://localhost/api/v1/changePassword', (_, res, ctx) =>
+		res(
+			ctx.status(403),
+			ctx.json({
+				status: 'error',
+				errorType: 'forbidden',
+				error: 'invalid credentials',
+			}),
+		),
+	),
+
 	rest.get(
 		'http://localhost/api/v3/autocomplete/aggregate_attributes',
 		(req, res, ctx) =>

frontend/src/types/api/user/changeMyPassword.ts

@@ -0,0 +1,12 @@
+import { User } from 'types/reducer/app';
+
+export interface Props {
+	oldPassword: string;
+	newPassword: string;
+	userId: User['userId'];
+}
+
+export interface PayloadProps {
+	status: string;
+	data: string;
+}

frontend/src/types/api/user/getResetPasswordToken.ts

@@ -0,0 +1,15 @@
+import { User } from 'types/reducer/app';
+
+export interface Props {
+	userId: User['userId'];
+}
+
+export interface GetResetPasswordToken {
+	token: string;
+	userId: string;
+}
+
+export interface PayloadProps {
+	data: GetResetPasswordToken;
+	status: string;
+}

pkg/apiserver/signozapiserver/user.go

@@ -213,8 +213,8 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/getResetPasswordToken/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.GetResetPasswordTokenDeprecated), handler.OpenAPIDef{
-		ID:                  "GetResetPasswordTokenDeprecated",
+	if err := router.Handle("/api/v1/getResetPasswordToken/{id}", handler.New(provider.authZ.AdminAccess(provider.userHandler.GetResetPasswordToken), handler.OpenAPIDef{
+		ID:                  "GetResetPasswordToken",
 		Tags:                []string{"users"},
 		Summary:             "Get reset password token",
 		Description:         "This endpoint returns the reset password token by id",
@@ -224,46 +224,12 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
-		Deprecated:          true,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v2/users/{id}/reset_password_tokens", handler.New(provider.authZ.AdminAccess(provider.userHandler.GetResetPasswordToken), handler.OpenAPIDef{
-		ID:                  "GetResetPasswordToken",
-		Tags:                []string{"users"},
-		Summary:             "Get reset password token for a user",
-		Description:         "This endpoint returns the existing reset password token for a user.",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            new(types.ResetPasswordToken),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
 		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v2/users/{id}/reset_password_tokens", handler.New(provider.authZ.AdminAccess(provider.userHandler.CreateResetPasswordToken), handler.OpenAPIDef{
-		ID:                  "CreateResetPasswordToken",
-		Tags:                []string{"users"},
-		Summary:             "Create or regenerate reset password token for a user",
-		Description:         "This endpoint creates or regenerates a reset password token for a user. If a valid token exists, it is returned. If expired, a new one is created.",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            new(types.ResetPasswordToken),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusCreated,
-		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPut).GetError(); err != nil {
-		return err
-	}
-
 	if err := router.Handle("/api/v1/resetPassword", handler.New(provider.authZ.OpenAccess(provider.userHandler.ResetPassword), handler.OpenAPIDef{
 		ID:                  "ResetPassword",
 		Tags:                []string{"users"},
@@ -281,11 +247,11 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v2/users/me/factor_password", handler.New(provider.authZ.OpenAccess(provider.userHandler.ChangePassword), handler.OpenAPIDef{
-		ID:                  "UpdateMyPassword",
+	if err := router.Handle("/api/v1/changePassword/{id}", handler.New(provider.authZ.SelfAccess(provider.userHandler.ChangePassword), handler.OpenAPIDef{
+		ID:                  "ChangePassword",
 		Tags:                []string{"users"},
-		Summary:             "Updates my password",
-		Description:         "This endpoint updates the password of the user I belong to",
+		Summary:             "Change password",
+		Description:         "This endpoint changes the password by id",
 		Request:             new(types.ChangePasswordRequest),
 		RequestContentType:  "application/json",
 		Response:            nil,
@@ -294,7 +260,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
 		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
-	})).Methods(http.MethodPut).GetError(); err != nil {
+	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
 

pkg/cache/memorycache/provider.go

@@ -64,7 +64,8 @@ func New(ctx context.Context, settings factory.ProviderSettings, config cache.Co
 		o.ObserveInt64(telemetry.setsRejected, int64(metrics.SetsRejected()), metric.WithAttributes(attributes...))
 		o.ObserveInt64(telemetry.getsDropped, int64(metrics.GetsDropped()), metric.WithAttributes(attributes...))
 		o.ObserveInt64(telemetry.getsKept, int64(metrics.GetsKept()), metric.WithAttributes(attributes...))
-		o.ObserveInt64(telemetry.totalCost, int64(cc.MaxCost()), metric.WithAttributes(attributes...))
+		o.ObserveInt64(telemetry.costUsed, int64(metrics.CostAdded())-int64(metrics.CostEvicted()), metric.WithAttributes(attributes...))
+		o.ObserveInt64(telemetry.totalCost, cc.MaxCost(), metric.WithAttributes(attributes...))
 		return nil
 	},
 		telemetry.cacheRatio,
@@ -79,6 +80,7 @@ func New(ctx context.Context, settings factory.ProviderSettings, config cache.Co
 		telemetry.setsRejected,
 		telemetry.getsDropped,
 		telemetry.getsKept,
+		telemetry.costUsed,
 		telemetry.totalCost,
 	)
 	if err != nil {
@@ -112,11 +114,13 @@ func (provider *provider) Set(ctx context.Context, orgID valuer.UUID, cacheKey s
 	}
 
 	if cloneable, ok := data.(cachetypes.Cloneable); ok {
+		cost := cloneable.Size()
+		// Clamp to a minimum of 1: ristretto treats cost 0 specially and we
+		// never want zero-size entries to bypass admission accounting.
 		span.SetAttributes(attribute.Bool("memory.cloneable", true))
-		span.SetAttributes(attribute.Int64("memory.cost", 1))
+		span.SetAttributes(attribute.Int64("memory.cost", cost))
 		toCache := cloneable.Clone()
-		// In case of contention we are choosing to evict the cloneable entries first hence cost is set to 1
-		if ok := provider.cc.SetWithTTL(strings.Join([]string{orgID.StringValue(), cacheKey}, "::"), toCache, 1, ttl); !ok {
+		if ok := provider.cc.SetWithTTL(strings.Join([]string{orgID.StringValue(), cacheKey}, "::"), toCache, max(cost, 1), ttl); !ok {
 			return errors.New(errors.TypeInternal, errors.CodeInternal, "error writing to cache")
 		}
 
@@ -125,15 +129,15 @@ func (provider *provider) Set(ctx context.Context, orgID valuer.UUID, cacheKey s
 	}
 
 	toCache, err := provider.marshalBinary(ctx, data)
-	cost := int64(len(toCache))
 	if err != nil {
 		return err
 	}
+	cost := int64(len(toCache))
 
 	span.SetAttributes(attribute.Bool("memory.cloneable", false))
 	span.SetAttributes(attribute.Int64("memory.cost", cost))
 
-	if ok := provider.cc.SetWithTTL(strings.Join([]string{orgID.StringValue(), cacheKey}, "::"), toCache, 1, ttl); !ok {
+	if ok := provider.cc.SetWithTTL(strings.Join([]string{orgID.StringValue(), cacheKey}, "::"), toCache, max(cost, 1), ttl); !ok {
 		return errors.New(errors.TypeInternal, errors.CodeInternal, "error writing to cache")
 	}
 

pkg/cache/memorycache/provider_test.go

@@ -31,6 +31,10 @@ func (cloneable *CloneableA) Clone() cachetypes.Cacheable {
 	}
 }
 
+func (cloneable *CloneableA) Size() int64 {
+	return int64(len(cloneable.Key)) + 16
+}
+
 func (cloneable *CloneableA) MarshalBinary() ([]byte, error) {
 	return json.Marshal(cloneable)
 }
@@ -165,6 +169,50 @@ func TestSetGetWithDifferentTypes(t *testing.T) {
 	assert.Error(t, err)
 }
 
+// LargeCloneable reports a large byte cost so we can test ristretto eviction
+// without allocating the full payload in memory.
+type LargeCloneable struct {
+	Key  string
+	Cost int64
+}
+
+func (c *LargeCloneable) Clone() cachetypes.Cacheable {
+	return &LargeCloneable{Key: c.Key, Cost: c.Cost}
+}
+
+func (c *LargeCloneable) Size() int64 { return c.Cost }
+
+func (c *LargeCloneable) MarshalBinary() ([]byte, error) { return json.Marshal(c) }
+
+func (c *LargeCloneable) UnmarshalBinary(data []byte) error { return json.Unmarshal(data, c) }
+
+func TestCloneableCostTriggersEviction(t *testing.T) {
+	const maxCost int64 = 1 << 20 // 1 MiB
+	const perEntry int64 = 256 * 1024
+	const entries = 32 // 32 * 256 KiB = 8 MiB, well over MaxCost
+
+	c, err := New(context.Background(), factorytest.NewSettings(), cache.Config{Provider: "memory", Memory: cache.Memory{
+		NumCounters: 10 * 1000,
+		MaxCost:     maxCost,
+	}})
+	require.NoError(t, err)
+
+	orgID := valuer.GenerateUUID()
+	for i := 0; i < entries; i++ {
+		item := &LargeCloneable{Key: fmt.Sprintf("key-%d", i), Cost: perEntry}
+		assert.NoError(t, c.Set(context.Background(), orgID, fmt.Sprintf("key-%d", i), item, time.Minute))
+	}
+
+	metrics := c.(*provider).cc.Metrics
+	// Eviction (or admission rejection) must have kicked in: we wrote 32 entries
+	// each costing 256 KiB into a 1 MiB cache.
+	assert.Greater(t, metrics.KeysEvicted()+metrics.SetsRejected(), uint64(0),
+		"expected eviction or admission rejection once total cost exceeds MaxCost; got evicted=%d rejected=%d",
+		metrics.KeysEvicted(), metrics.SetsRejected())
+	// Net retained cost should not exceed MaxCost.
+	assert.LessOrEqual(t, int64(metrics.CostAdded()-metrics.CostEvicted()), maxCost)
+}
+
 func TestCloneableConcurrentSetGet(t *testing.T) {
 	cache, err := New(context.Background(), factorytest.NewSettings(), cache.Config{Provider: "memory", Memory: cache.Memory{
 		NumCounters: 10 * 1000,

pkg/cache/memorycache/telemetry.go

@@ -7,17 +7,18 @@ import (
 
 type telemetry struct {
 	cacheRatio   metric.Float64ObservableGauge
-	cacheHits    metric.Int64ObservableGauge
-	cacheMisses  metric.Int64ObservableGauge
-	costAdded    metric.Int64ObservableGauge
-	costEvicted  metric.Int64ObservableGauge
-	keysAdded    metric.Int64ObservableGauge
-	keysEvicted  metric.Int64ObservableGauge
-	keysUpdated  metric.Int64ObservableGauge
-	setsDropped  metric.Int64ObservableGauge
-	setsRejected metric.Int64ObservableGauge
-	getsDropped  metric.Int64ObservableGauge
-	getsKept     metric.Int64ObservableGauge
+	cacheHits    metric.Int64ObservableCounter
+	cacheMisses  metric.Int64ObservableCounter
+	costAdded    metric.Int64ObservableCounter
+	costEvicted  metric.Int64ObservableCounter
+	keysAdded    metric.Int64ObservableCounter
+	keysEvicted  metric.Int64ObservableCounter
+	keysUpdated  metric.Int64ObservableCounter
+	setsDropped  metric.Int64ObservableCounter
+	setsRejected metric.Int64ObservableCounter
+	getsDropped  metric.Int64ObservableCounter
+	getsKept     metric.Int64ObservableCounter
+	costUsed     metric.Int64ObservableGauge
 	totalCost    metric.Int64ObservableGauge
 }
 
@@ -28,62 +29,67 @@ func newMetrics(meter metric.Meter) (*telemetry, error) {
 		errs = errors.Join(errs, err)
 	}
 
-	cacheHits, err := meter.Int64ObservableGauge("signoz.cache.hits", metric.WithDescription("Hits is the number of Get calls where a value was found for the corresponding key."))
+	cacheHits, err := meter.Int64ObservableCounter("signoz.cache.hits", metric.WithDescription("Hits is the number of Get calls where a value was found for the corresponding key."))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	cacheMisses, err := meter.Int64ObservableGauge("signoz.cache.misses", metric.WithDescription("Misses is the number of Get calls where a value was not found for the corresponding key"))
+	cacheMisses, err := meter.Int64ObservableCounter("signoz.cache.misses", metric.WithDescription("Misses is the number of Get calls where a value was not found for the corresponding key"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	costAdded, err := meter.Int64ObservableGauge("signoz.cache.cost.added", metric.WithDescription("CostAdded is the sum of costs that have been added (successful Set calls)"))
+	costAdded, err := meter.Int64ObservableCounter("signoz.cache.cost.added", metric.WithDescription("CostAdded is the sum of costs that have been added (successful Set calls)"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	costEvicted, err := meter.Int64ObservableGauge("signoz.cache.cost.evicted", metric.WithDescription("CostEvicted is the sum of all costs that have been evicted"))
+	costEvicted, err := meter.Int64ObservableCounter("signoz.cache.cost.evicted", metric.WithDescription("CostEvicted is the sum of all costs that have been evicted"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	keysAdded, err := meter.Int64ObservableGauge("signoz.cache.keys.added", metric.WithDescription("KeysAdded is the total number of Set calls where a new key-value item was added"))
+	keysAdded, err := meter.Int64ObservableCounter("signoz.cache.keys.added", metric.WithDescription("KeysAdded is the total number of Set calls where a new key-value item was added"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	keysEvicted, err := meter.Int64ObservableGauge("signoz.cache.keys.evicted", metric.WithDescription("KeysEvicted is the total number of keys evicted"))
+	keysEvicted, err := meter.Int64ObservableCounter("signoz.cache.keys.evicted", metric.WithDescription("KeysEvicted is the total number of keys evicted"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	keysUpdated, err := meter.Int64ObservableGauge("signoz.cache.keys.updated", metric.WithDescription("KeysUpdated is the total number of Set calls where the value was updated"))
+	keysUpdated, err := meter.Int64ObservableCounter("signoz.cache.keys.updated", metric.WithDescription("KeysUpdated is the total number of Set calls where the value was updated"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	setsDropped, err := meter.Int64ObservableGauge("signoz.cache.sets.dropped", metric.WithDescription("SetsDropped is the number of Set calls that don't make it into internal buffers (due to contention or some other reason)"))
+	setsDropped, err := meter.Int64ObservableCounter("signoz.cache.sets.dropped", metric.WithDescription("SetsDropped is the number of Set calls that don't make it into internal buffers (due to contention or some other reason)"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	setsRejected, err := meter.Int64ObservableGauge("signoz.cache.sets.rejected", metric.WithDescription("SetsRejected is the number of Set calls rejected by the policy (TinyLFU)"))
+	setsRejected, err := meter.Int64ObservableCounter("signoz.cache.sets.rejected", metric.WithDescription("SetsRejected is the number of Set calls rejected by the policy (TinyLFU)"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	getsDropped, err := meter.Int64ObservableGauge("signoz.cache.gets.dropped", metric.WithDescription("GetsDropped is the number of Get calls that don't make it into internal buffers (due to contention or some other reason)"))
+	getsDropped, err := meter.Int64ObservableCounter("signoz.cache.gets.dropped", metric.WithDescription("GetsDropped is the number of Get calls that don't make it into internal buffers (due to contention or some other reason)"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	getsKept, err := meter.Int64ObservableGauge("signoz.cache.gets.kept", metric.WithDescription("GetsKept is the number of Get calls that make it into internal buffers"))
+	getsKept, err := meter.Int64ObservableCounter("signoz.cache.gets.kept", metric.WithDescription("GetsKept is the number of Get calls that make it into internal buffers"))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
 
-	totalCost, err := meter.Int64ObservableGauge("signoz.cache.total.cost", metric.WithDescription("TotalCost is the available cost configured for the cache"))
+	costUsed, err := meter.Int64ObservableGauge("signoz.cache.cost.used", metric.WithDescription("CostUsed is the current retained cost in the cache (CostAdded - CostEvicted)."))
+	if err != nil {
+		errs = errors.Join(errs, err)
+	}
+
+	totalCost, err := meter.Int64ObservableGauge("signoz.cache.total.cost", metric.WithDescription("TotalCost is the configured MaxCost ceiling for the cache."))
 	if err != nil {
 		errs = errors.Join(errs, err)
 	}
@@ -105,6 +111,7 @@ func newMetrics(meter metric.Meter) (*telemetry, error) {
 		setsRejected: setsRejected,
 		getsDropped:  getsDropped,
 		getsKept:     getsKept,
+		costUsed:     costUsed,
 		totalCost:    totalCost,
 	}, nil
 }

pkg/cache/rediscache/provider_test.go

@@ -29,6 +29,10 @@ func (cacheable *CacheableA) Clone() cachetypes.Cacheable {
 	}
 }
 
+func (cacheable *CacheableA) Size() int64 {
+	return int64(len(cacheable.Key)) + 16
+}
+
 func (cacheable *CacheableA) MarshalBinary() ([]byte, error) {
 	return json.Marshal(cacheable)
 }

pkg/modules/user/impluser/getter.go

@@ -218,10 +218,6 @@ func (module *getter) GetRolesByUserID(ctx context.Context, userID valuer.UUID)
 	return userRoles, nil
 }
 
-func (module *getter) GetResetPasswordTokenByOrgIDAndUserID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*types.ResetPasswordToken, error) {
-	return module.store.GetResetPasswordTokenByOrgIDAndUserID(ctx, orgID, userID)
-}
-
 func (module *getter) GetUsersByOrgIDAndRoleID(ctx context.Context, orgID valuer.UUID, roleID valuer.UUID) ([]*types.User, error) {
 	return module.store.GetUsersByOrgIDAndRoleID(ctx, orgID, roleID)
 }

pkg/modules/user/impluser/handler.go

@@ -25,7 +25,7 @@ func NewHandler(setter root.Setter, getter root.Getter) root.Handler {
 	return &handler{setter: setter, getter: getter}
 }
 
-func (handler *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
+func (h *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -41,7 +41,7 @@ func (handler *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	invites, err := handler.setter.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.IdentityID()), valuer.MustNewEmail(claims.Email), &types.PostableBulkInviteRequest{
+	invites, err := h.setter.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.IdentityID()), valuer.MustNewEmail(claims.Email), &types.PostableBulkInviteRequest{
 		Invites: []types.PostableInvite{req},
 	})
 	if err != nil {
@@ -52,7 +52,7 @@ func (handler *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 	render.Success(rw, http.StatusCreated, invites[0])
 }
 
-func (handler *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
+func (h *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -74,7 +74,7 @@ func (handler *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request
 		return
 	}
 
-	_, err = handler.setter.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.IdentityID()), valuer.MustNewEmail(claims.Email), &req)
+	_, err = h.setter.CreateBulkInvite(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.IdentityID()), valuer.MustNewEmail(claims.Email), &req)
 	if err != nil {
 		render.Error(rw, err)
 		return
@@ -83,7 +83,7 @@ func (handler *handler) CreateBulkInvite(rw http.ResponseWriter, r *http.Request
 	render.Success(rw, http.StatusCreated, nil)
 }
 
-func (handler *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request) {
+func (h *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -95,7 +95,7 @@ func (handler *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request
 		return
 	}
 
-	user, err := handler.getter.GetDeprecatedUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(id))
+	user, err := h.getter.GetDeprecatedUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(id))
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -104,7 +104,7 @@ func (handler *handler) GetUserDeprecated(w http.ResponseWriter, r *http.Request
 	render.Success(w, http.StatusOK, user)
 }
 
-func (handler *handler) GetUser(w http.ResponseWriter, r *http.Request) {
+func (h *handler) GetUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -116,13 +116,13 @@ func (handler *handler) GetUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := handler.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
+	user, err := h.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
 	if err != nil {
 		render.Error(w, err)
 		return
 	}
 
-	userRoles, err := handler.getter.GetRolesByUserID(ctx, user.ID)
+	userRoles, err := h.getter.GetRolesByUserID(ctx, user.ID)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -136,7 +136,7 @@ func (handler *handler) GetUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, userWithRoles)
 }
 
-func (handler *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Request) {
+func (h *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -146,7 +146,7 @@ func (handler *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Reque
 		return
 	}
 
-	user, err := handler.getter.GetDeprecatedUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
+	user, err := h.getter.GetDeprecatedUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -155,7 +155,7 @@ func (handler *handler) GetMyUserDeprecated(w http.ResponseWriter, r *http.Reque
 	render.Success(w, http.StatusOK, user)
 }
 
-func (handler *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
+func (h *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -165,13 +165,13 @@ func (handler *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	user, err := handler.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
+	user, err := h.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID))
 	if err != nil {
 		render.Error(w, err)
 		return
 	}
 
-	userRoles, err := handler.getter.GetRolesByUserID(ctx, user.ID)
+	userRoles, err := h.getter.GetRolesByUserID(ctx, user.ID)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -185,7 +185,7 @@ func (handler *handler) GetMyUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, userWithRoles)
 }
 
-func (handler *handler) UpdateMyUser(w http.ResponseWriter, r *http.Request) {
+func (h *handler) UpdateMyUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -201,7 +201,7 @@ func (handler *handler) UpdateMyUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	_, err = handler.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID), updatableUser)
+	_, err = h.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(claims.UserID), updatableUser)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -210,7 +210,7 @@ func (handler *handler) UpdateMyUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (handler *handler) ListUsersDeprecated(w http.ResponseWriter, r *http.Request) {
+func (h *handler) ListUsersDeprecated(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -220,7 +220,7 @@ func (handler *handler) ListUsersDeprecated(w http.ResponseWriter, r *http.Reque
 		return
 	}
 
-	users, err := handler.getter.ListDeprecatedUsersByOrgID(ctx, valuer.MustNewUUID(claims.OrgID))
+	users, err := h.getter.ListDeprecatedUsersByOrgID(ctx, valuer.MustNewUUID(claims.OrgID))
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -229,7 +229,7 @@ func (handler *handler) ListUsersDeprecated(w http.ResponseWriter, r *http.Reque
 	render.Success(w, http.StatusOK, users)
 }
 
-func (handler *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
+func (h *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -239,7 +239,7 @@ func (handler *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	users, err := handler.getter.ListUsersByOrgID(ctx, valuer.MustNewUUID(claims.OrgID))
+	users, err := h.getter.ListUsersByOrgID(ctx, valuer.MustNewUUID(claims.OrgID))
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -248,7 +248,7 @@ func (handler *handler) ListUsers(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusOK, users)
 }
 
-func (handler *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Request) {
+func (h *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -266,7 +266,7 @@ func (handler *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Requ
 		return
 	}
 
-	updatedUser, err := handler.setter.UpdateUserDeprecated(ctx, valuer.MustNewUUID(claims.OrgID), id, &user)
+	updatedUser, err := h.setter.UpdateUserDeprecated(ctx, valuer.MustNewUUID(claims.OrgID), id, &user)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -275,7 +275,7 @@ func (handler *handler) UpdateUserDeprecated(w http.ResponseWriter, r *http.Requ
 	render.Success(w, http.StatusOK, updatedUser)
 }
 
-func (handler *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
+func (h *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -298,7 +298,7 @@ func (handler *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	_, err = handler.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), updatableUser)
+	_, err = h.setter.UpdateUser(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), updatableUser)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -307,7 +307,7 @@ func (handler *handler) UpdateUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (handler *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
+func (h *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -319,7 +319,7 @@ func (handler *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if err := handler.setter.DeleteUser(ctx, valuer.MustNewUUID(claims.OrgID), id, claims.IdentityID()); err != nil {
+	if err := h.setter.DeleteUser(ctx, valuer.MustNewUUID(claims.OrgID), id, claims.IdentityID()); err != nil {
 		render.Error(w, err)
 		return
 	}
@@ -327,7 +327,7 @@ func (handler *handler) DeleteUser(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (handler *handler) GetResetPasswordTokenDeprecated(w http.ResponseWriter, r *http.Request) {
+func (handler *handler) GetResetPasswordToken(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -354,62 +354,6 @@ func (handler *handler) GetResetPasswordTokenDeprecated(w http.ResponseWriter, r
 	render.Success(w, http.StatusOK, token)
 }
 
-func (handler *handler) GetResetPasswordToken(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	userID, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	token, err := handler.getter.GetResetPasswordTokenByOrgIDAndUserID(ctx, valuer.MustNewUUID(claims.OrgID), userID)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	render.Success(w, http.StatusOK, token)
-}
-
-func (handler *handler) CreateResetPasswordToken(w http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	userID, err := valuer.NewUUID(mux.Vars(r)["id"])
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	user, err := handler.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), userID)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	token, err := handler.setter.GetOrCreateResetPasswordToken(ctx, user.ID)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	render.Success(w, http.StatusCreated, token)
-}
-
 func (handler *handler) ResetPassword(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
@@ -433,19 +377,13 @@ func (handler *handler) ChangePassword(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
 	var req types.ChangePasswordRequest
 	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
 		render.Error(w, err)
 		return
 	}
 
-	err = handler.setter.UpdatePassword(ctx, valuer.MustNewUUID(claims.UserID), req.OldPassword, req.NewPassword)
+	err := handler.setter.UpdatePassword(ctx, req.UserID, req.OldPassword, req.NewPassword)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -454,7 +392,7 @@ func (handler *handler) ChangePassword(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (handler *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
+func (h *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -464,7 +402,7 @@ func (handler *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	err := handler.setter.ForgotPassword(ctx, req.OrgID, req.Email, req.FrontendBaseURL)
+	err := h.setter.ForgotPassword(ctx, req.OrgID, req.Email, req.FrontendBaseURL)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -473,7 +411,7 @@ func (handler *handler) ForgotPassword(w http.ResponseWriter, r *http.Request) {
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (handler *handler) GetRolesByUserID(w http.ResponseWriter, r *http.Request) {
+func (h *handler) GetRolesByUserID(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -485,13 +423,13 @@ func (handler *handler) GetRolesByUserID(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	user, err := handler.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
+	user, err := h.getter.GetUserByOrgIDAndID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID))
 	if err != nil {
 		render.Error(w, err)
 		return
 	}
 
-	userRoles, err := handler.getter.GetRolesByUserID(ctx, user.ID)
+	userRoles, err := h.getter.GetRolesByUserID(ctx, user.ID)
 	if err != nil {
 		render.Error(w, err)
 		return
@@ -505,7 +443,7 @@ func (handler *handler) GetRolesByUserID(w http.ResponseWriter, r *http.Request)
 	render.Success(w, http.StatusOK, roles)
 }
 
-func (handler *handler) SetRoleByUserID(w http.ResponseWriter, r *http.Request) {
+func (h *handler) SetRoleByUserID(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -533,7 +471,7 @@ func (handler *handler) SetRoleByUserID(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	if err := handler.setter.AddUserRole(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), postableRole.Name); err != nil {
+	if err := h.setter.AddUserRole(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), postableRole.Name); err != nil {
 		render.Error(w, err)
 		return
 	}
@@ -541,7 +479,7 @@ func (handler *handler) SetRoleByUserID(w http.ResponseWriter, r *http.Request)
 	render.Success(w, http.StatusOK, nil)
 }
 
-func (handler *handler) RemoveUserRoleByRoleID(w http.ResponseWriter, r *http.Request) {
+func (h *handler) RemoveUserRoleByRoleID(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -559,7 +497,7 @@ func (handler *handler) RemoveUserRoleByRoleID(w http.ResponseWriter, r *http.Re
 		return
 	}
 
-	if err := handler.setter.RemoveUserRole(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), valuer.MustNewUUID(roleID)); err != nil {
+	if err := h.setter.RemoveUserRole(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(userID), valuer.MustNewUUID(roleID)); err != nil {
 		render.Error(w, err)
 		return
 	}
@@ -567,7 +505,7 @@ func (handler *handler) RemoveUserRoleByRoleID(w http.ResponseWriter, r *http.Re
 	render.Success(w, http.StatusNoContent, nil)
 }
 
-func (handler *handler) GetUsersByRoleID(w http.ResponseWriter, r *http.Request) {
+func (h *handler) GetUsersByRoleID(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
 
@@ -579,7 +517,7 @@ func (handler *handler) GetUsersByRoleID(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	users, err := handler.getter.GetUsersByOrgIDAndRoleID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(roleID))
+	users, err := h.getter.GetUsersByOrgIDAndRoleID(ctx, valuer.MustNewUUID(claims.OrgID), valuer.MustNewUUID(roleID))
 	if err != nil {
 		render.Error(w, err)
 		return

pkg/modules/user/impluser/store.go

@@ -359,26 +359,6 @@ func (store *store) GetResetPasswordTokenByPasswordID(ctx context.Context, passw
 	return resetPasswordToken, nil
 }
 
-func (store *store) GetResetPasswordTokenByOrgIDAndUserID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*types.ResetPasswordToken, error) {
-	resetPasswordToken := new(types.ResetPasswordToken)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(resetPasswordToken).
-		Join("JOIN factor_password ON factor_password.id = reset_password_token.password_id").
-		Join("JOIN users ON users.id = factor_password.user_id").
-		Where("factor_password.user_id = ?", userID).
-		Where("users.org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrResetPasswordTokenNotFound, "reset password token for user %s does not exist", userID)
-	}
-
-	return resetPasswordToken, nil
-}
-
 func (store *store) DeleteResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) error {
 	_, err := store.sqlstore.BunDBCtx(ctx).NewDelete().
 		Model(&types.ResetPasswordToken{}).

pkg/modules/user/user.go

@@ -80,9 +80,6 @@ type Getter interface {
 	// Get factor password by user id.
 	GetFactorPasswordByUserID(context.Context, valuer.UUID) (*types.FactorPassword, error)
 
-	// Get reset password token by org id and user id.
-	GetResetPasswordTokenByOrgIDAndUserID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*types.ResetPasswordToken, error)
-
 	// Gets single Non-Deleted user by email and org id
 	GetNonDeletedUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*types.User, error)
 
@@ -115,9 +112,7 @@ type Handler interface {
 	GetUsersByRoleID(http.ResponseWriter, *http.Request)
 
 	// Reset Password
-	GetResetPasswordTokenDeprecated(http.ResponseWriter, *http.Request)
 	GetResetPasswordToken(http.ResponseWriter, *http.Request)
-	CreateResetPasswordToken(http.ResponseWriter, *http.Request)
 	ResetPassword(http.ResponseWriter, *http.Request)
 	ChangePassword(http.ResponseWriter, *http.Request)
 	ForgotPassword(http.ResponseWriter, *http.Request)

pkg/query-service/model/cacheable.go

@@ -41,6 +41,11 @@ func (c *GetWaterfallSpansForTraceWithMetadataCache) Clone() cachetypes.Cacheabl
 	}
 }
 
+func (c *GetWaterfallSpansForTraceWithMetadataCache) Size() int64 {
+	const perSpanBytes = 256
+	return int64(c.TotalSpans) * perSpanBytes
+}
+
 func (c *GetWaterfallSpansForTraceWithMetadataCache) MarshalBinary() (data []byte, err error) {
 	return json.Marshal(c)
 }
@@ -66,6 +71,16 @@ func (c *GetFlamegraphSpansForTraceCache) Clone() cachetypes.Cacheable {
 	}
 }
 
+func (c *GetFlamegraphSpansForTraceCache) Size() int64 {
+	const perSpanBytes = 128
+	var spans int64
+	for _, row := range c.SelectedSpans {
+		spans += int64(len(row))
+	}
+	spans += int64(len(c.TraceRoots))
+	return spans * perSpanBytes
+}
+
 func (c *GetFlamegraphSpansForTraceCache) MarshalBinary() (data []byte, err error) {
 	return json.Marshal(c)
 }

pkg/querybuilder/collision.go

@@ -207,16 +207,23 @@ func AdjustKey(key *telemetrytypes.TelemetryFieldKey, keys map[string][]*telemet
 		indexes := []telemetrytypes.JSONDataTypeIndex{}
 		fieldContextsSeen := map[telemetrytypes.FieldContext]bool{}
 		dataTypesSeen := map[telemetrytypes.FieldDataType]bool{}
+		jsonTypesSeen := map[string]*telemetrytypes.JSONDataType{}
 		for _, matchingKey := range matchingKeys {
 			materialized = materialized && matchingKey.Materialized
 			fieldContextsSeen[matchingKey.FieldContext] = true
 			dataTypesSeen[matchingKey.FieldDataType] = true
+			if matchingKey.JSONDataType != nil {
+				jsonTypesSeen[matchingKey.JSONDataType.StringValue()] = matchingKey.JSONDataType
+			}
 			indexes = append(indexes, matchingKey.Indexes...)
 		}
 		for _, matchingKey := range contextPrefixedMatchingKeys {
 			materialized = materialized && matchingKey.Materialized
 			fieldContextsSeen[matchingKey.FieldContext] = true
 			dataTypesSeen[matchingKey.FieldDataType] = true
+			if matchingKey.JSONDataType != nil {
+				jsonTypesSeen[matchingKey.JSONDataType.StringValue()] = matchingKey.JSONDataType
+			}
 			indexes = append(indexes, matchingKey.Indexes...)
 		}
 		key.Materialized = materialized
@@ -241,6 +248,15 @@ func AdjustKey(key *telemetrytypes.TelemetryFieldKey, keys map[string][]*telemet
 				break
 			}
 		}
+
+		if len(jsonTypesSeen) == 1 && key.JSONDataType == nil {
+			// all matching keys have same JSON data type, use it
+			for _, jt := range jsonTypesSeen {
+				actions = append(actions, fmt.Sprintf("Adjusting key %s to have JSON data type %s", key, jt.StringValue()))
+				key.JSONDataType = jt
+				break
+			}
+		}
 	}
 
 	return actions

pkg/querybuilder/where_clause_visitor_test.go

@@ -318,7 +318,7 @@ func TestVisitKey(t *testing.T) {
 					{
 						Name:          "count",
 						FieldContext:  telemetrytypes.FieldContextAttribute,
-						FieldDataType: telemetrytypes.FieldDataTypeInt64,
+						FieldDataType: telemetrytypes.FieldDataTypeNumber,
 					},
 				},
 			},
@@ -326,7 +326,7 @@ func TestVisitKey(t *testing.T) {
 				{
 					Name:          "count",
 					FieldContext:  telemetrytypes.FieldContextAttribute,
-					FieldDataType: telemetrytypes.FieldDataTypeInt64,
+					FieldDataType: telemetrytypes.FieldDataTypeNumber,
 				},
 			},
 			expectedErrors:     nil,

pkg/telemetrylogs/condition_builder.go

@@ -44,6 +44,7 @@ func (c *conditionBuilder) conditionFor(
 			}
 			return cond, nil
 		}
+
 	}
 
 	if operator.IsStringSearchOperator() {

pkg/telemetrylogs/field_mapper.go

@@ -276,10 +276,14 @@ func (m *fieldMapper) FieldFor(ctx context.Context, tsStart, tsEnd uint64, key *
 					continue
 				}
 
-				if key.FieldDataType == telemetrytypes.FieldDataTypeUnspecified {
+				if key.JSONDataType == nil {
 					return "", qbtypes.ErrColumnNotFound
 				}
 
+				if key.KeyNameContainsArray() && !key.JSONDataType.IsArray {
+					return "", errors.NewInvalidInputf(errors.CodeInvalidInput, "FieldFor not supported for nested fields; only supported for flat paths (e.g. body.status.detail) and paths of Array type: %s(%s)", key.Name, key.FieldDataType)
+				}
+
 				expr, err := m.buildFieldForJSON(key)
 				if err != nil {
 					return "", err
@@ -350,6 +354,7 @@ func (m *fieldMapper) ColumnExpressionFor(
 	field *telemetrytypes.TelemetryFieldKey,
 	keys map[string][]*telemetrytypes.TelemetryFieldKey,
 ) (string, error) {
+
 	fieldExpression, err := m.FieldFor(ctx, tsStart, tsEnd, field)
 	if errors.Is(err, qbtypes.ErrColumnNotFound) {
 		// the key didn't have the right context to be added to the query
@@ -388,8 +393,6 @@ func (m *fieldMapper) ColumnExpressionFor(
 			}
 			fieldExpression = fmt.Sprintf("multiIf(%s, NULL)", strings.Join(args, ", "))
 		}
-	} else if err != nil {
-		return "", err
 	}
 
 	return fmt.Sprintf("%s AS `%s`", sqlbuilder.Escape(fieldExpression), field.Name), nil

pkg/telemetrylogs/json_condition_builder.go

@@ -173,9 +173,29 @@ func (c *jsonConditionBuilder) terminalIndexedCondition(node *telemetrytypes.JSO
 		return "", errors.NewInternalf(CodeArrayNavigationFailed, "can not build index condition for array field %s", fieldPath)
 	}
 
-	indexedExpr := assumeNotNull(fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, node.TerminalConfig.ElemType.StringValue()))
+	elemType := node.TerminalConfig.ElemType
+	dynamicExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, elemType.StringValue())
+	indexedExpr := assumeNotNull(dynamicExpr)
+
+	// switch the operator and value for exists and not exists
+	switch operator {
+	case qbtypes.FilterOperatorExists:
+		operator = qbtypes.FilterOperatorNotEqual
+		value = getEmptyValue(elemType)
+	case qbtypes.FilterOperatorNotExists:
+		operator = qbtypes.FilterOperatorEqual
+		value = getEmptyValue(elemType)
+	default:
+		// do nothing
+	}
+
 	indexedExpr, formattedValue := querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, value, indexedExpr, operator)
-	return c.applyOperator(sb, indexedExpr, operator, formattedValue)
+	cond, err := c.applyOperator(sb, indexedExpr, operator, formattedValue)
+	if err != nil {
+		return "", err
+	}
+
+	return cond, nil
 }
 
 // buildPrimitiveTerminalCondition builds the condition if the terminal node is a primitive type
@@ -184,31 +204,32 @@ func (c *jsonConditionBuilder) buildPrimitiveTerminalCondition(node *telemetryty
 	fieldPath := node.FieldPath()
 	conditions := []string{}
 
-	// Utilize indexes when available, except for EXISTS/NOT EXISTS checks.
-	// Indexed columns always store a default empty value for absent fields (e.g. "" for strings,
-	// 0 for numbers), so using the index for existence checks would incorrectly exclude rows where
-	// the field genuinely holds the empty/zero value.
+	// utilize indexes for the condition if available
 	//
-	// Note: indexing is also skipped for Array Nested fields because they cannot be indexed.
+	// Note: Indexing code doesn't get executed for Array Nested fields because they can not be indexed
 	indexed := slices.ContainsFunc(node.TerminalConfig.Key.Indexes, func(index telemetrytypes.JSONDataTypeIndex) bool {
 		return index.Type == node.TerminalConfig.ElemType
 	})
-	isExistsCheck := operator == qbtypes.FilterOperatorExists || operator == qbtypes.FilterOperatorNotExists
-	if node.TerminalConfig.ElemType.IndexSupported && indexed && !isExistsCheck {
+	if node.TerminalConfig.ElemType.IndexSupported && indexed {
 		indexCond, err := c.terminalIndexedCondition(node, operator, value, sb)
 		if err != nil {
 			return "", err
 		}
-		// With a concrete non-zero value the index condition is self-contained.
+		// if qb has a definitive value, we can skip adding a condition to
+		// check the existence of the path in the json column
 		if value != nil && value != getEmptyValue(node.TerminalConfig.ElemType) {
 			return indexCond, nil
 		}
-		// The value is nil or the type's zero/empty value. Because indexed columns always store
-		// that zero value for absent fields, the index alone cannot distinguish "field is absent"
-		// from "field exists with zero value". Append a path-existence check (IS NOT NULL) as a
-		// second condition and AND them together.
+
 		conditions = append(conditions, indexCond)
-		operator = qbtypes.FilterOperatorExists
+
+		// Switch operator to EXISTS except when operator is NOT EXISTS since
+		// indexed paths on assumedNotNull, indexes will always have a default
+		// value so we flip the operator to Exists and filter the rows that
+		// actually have the value
+		if operator != qbtypes.FilterOperatorNotExists {
+			operator = qbtypes.FilterOperatorExists
+		}
 	}
 
 	var formattedValue = value
@@ -218,15 +239,20 @@ func (c *jsonConditionBuilder) buildPrimitiveTerminalCondition(node *telemetryty
 
 	fieldExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, node.TerminalConfig.ElemType.StringValue())
 
-	// For non-nested paths with a negative comparison operator (e.g. !=, NOT LIKE, NOT IN),
-	// wrap in assumeNotNull so ClickHouse treats absent paths as the zero value rather than NULL,
-	// which would otherwise cause them to be silently dropped from results.
-	// NOT EXISTS is excluded: we want a true NULL check there, not a zero-value stand-in.
+	// if operator is negative and has a value comparison i.e. excluding EXISTS and NOT EXISTS, we need to assume that the field exists everywhere
 	//
-	// Note: for nested array paths, buildAccessNodeBranches already inverts the operator before
-	// reaching here, so IsNonNestedPath() guards against double-applying the wrapping.
-	if node.IsNonNestedPath() && operator.IsNegativeOperator() && operator != qbtypes.FilterOperatorNotExists {
-		fieldExpr = assumeNotNull(fieldExpr)
+	// Note: here applyNotCondition will return true only if; top level path is being queried and operator is a negative operator
+	// Otherwise this code will be triggered by buildAccessNodeBranches; Where operator would've been already inverted if needed.
+	if node.IsNonNestedPath() {
+		yes, _ := applyNotCondition(operator)
+		if yes {
+			switch operator {
+			case qbtypes.FilterOperatorNotExists:
+				// skip
+			default:
+				fieldExpr = assumeNotNull(fieldExpr)
+			}
+		}
 	}
 
 	fieldExpr, formattedValue = querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, formattedValue, fieldExpr, operator)

pkg/telemetrylogs/json_stmt_builder_test.go

@@ -220,7 +220,7 @@ func TestJSONStmtBuilder_PrimitivePaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((LOWER(toString(dynamicElement(body_v2.`user.age`, 'Int64'))) LIKE LOWER(?)) AND has(JSONAllPaths(body_v2), 'user.age')) OR ((LOWER(dynamicElement(body_v2.`user.age`, 'String')) LIKE LOWER(?)) AND has(JSONAllPaths(body_v2), 'user.age')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%25%", "%25%", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `user.age` is ambiguous, found 2 different combinations of field context / data type: [name=user.age,context=body,datatype=int64 name=user.age,context=body,datatype=string]."},
+				Warnings:    []string{"Key `user.age` is ambiguous, found 2 different combinations of field context / data type: [name=user.age,context=body,datatype=int64,jsondatatype=Int64 name=user.age,context=body,datatype=string,jsondatatype=String]."},
 			},
 		},
 		{
@@ -414,7 +414,7 @@ func TestStatementBuilderListQueryBodyPromoted(t *testing.T) {
 			},
 			expected: TestExpected{
 				Args:     []any{uint64(1747945619), uint64(1747983448), "%1.65%", 1.65, "%1.65%", 1.65, "%1.65%", 1.65, "%1.65%", 1.65, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true name=education[].parameters,context=body,datatype=[]dynamic,materialized=true]."},
+				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,materialized=true,jsondatatype=Array(Dynamic)]."},
 			},
 			expectedErr: nil,
 		},
@@ -441,7 +441,7 @@ func TestStatementBuilderListQueryBodyPromoted(t *testing.T) {
 			},
 			expected: TestExpected{
 				Args:     []any{uint64(1747945619), uint64(1747983448), "%true%", true, "%true%", true, "%true%", true, "%true%", true, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true name=education[].parameters,context=body,datatype=[]dynamic,materialized=true]."},
+				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,materialized=true,jsondatatype=Array(Dynamic)]."},
 			},
 			expectedErr: nil,
 		},
@@ -455,7 +455,7 @@ func TestStatementBuilderListQueryBodyPromoted(t *testing.T) {
 			},
 			expected: TestExpected{
 				Args:     []any{uint64(1747945619), uint64(1747983448), "%passed%", "passed", "%passed%", "passed", "%passed%", "passed", "%passed%", "passed", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true name=education[].parameters,context=body,datatype=[]dynamic,materialized=true]."},
+				Warnings: []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,materialized=true,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,materialized=true,jsondatatype=Array(Dynamic)]."},
 			},
 			expectedErr: nil,
 		},
@@ -549,7 +549,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "((NOT arrayExists(`body_v2.education`-> toFloat64OrNull(dynamicElement(`body_v2.education`.`type`, 'String')) = ?, dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND (NOT arrayExists(`body_v2.education`-> dynamicElement(`body_v2.education`.`type`, 'Int64') = ?, dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), int64(10001), int64(10001), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].type` is ambiguous, found 2 different combinations of field context / data type: [name=education[].type,context=body,datatype=string name=education[].type,context=body,datatype=int64]."},
+				Warnings:    []string{"Key `education[].type` is ambiguous, found 2 different combinations of field context / data type: [name=education[].type,context=body,datatype=string,jsondatatype=String name=education[].type,context=body,datatype=int64,jsondatatype=Int64]."},
 			},
 		},
 		{
@@ -576,7 +576,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')) OR arrayExists(x -> toFloat64(x) = ?, dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')) OR ((arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))) OR arrayExists(x -> accurateCastOrNull(x, 'Float64') = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)')))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%1.65%", 1.65, "%1.65%", 1.65, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -585,7 +585,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.education`-> arrayExists(x -> toString(x) = ?, dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')) OR ((arrayExists(`body_v2.education`-> arrayExists(x -> toString(x) = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "passed", "passed", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -594,7 +594,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')) OR arrayExists(x -> toString(x) = ?, dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')) OR ((arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))) OR arrayExists(x -> toString(x) = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)')))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%passed%", "passed", "%passed%", "passed", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -603,7 +603,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.education`-> arrayExists(x -> toFloat64(x) IN (?, ?), dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')) OR ((arrayExists(`body_v2.education`-> arrayExists(x -> toString(x) IN (?, ?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'education')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), 1.65, 1.99, "1.65", "1.99", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -612,7 +612,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "((NOT arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))')) OR arrayExists(x -> toFloat64(x) = ?, dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))'))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND (NOT arrayExists(`body_v2.education`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'))) OR arrayExists(x -> accurateCastOrNull(x, 'Float64') = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)')))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%1.65%", float64(1.65), "%1.65%", float64(1.65), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic]."},
+				Warnings:    []string{"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)]."},
 			},
 		},
 		{
@@ -622,7 +622,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 				WhereClause: "(has(arrayFlatten(arrayConcat(arrayMap(`body_v2.education`->dynamicElement(`body_v2.education`.`parameters`, 'Array(Nullable(Float64))'), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))), ?) OR has(arrayFlatten(arrayConcat(arrayMap(`body_v2.education`->dynamicElement(`body_v2.education`.`parameters`, 'Array(Dynamic)'), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))), ?))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), 1.65, 1.65, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 				Warnings: []string{
-					"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64 name=education[].parameters,context=body,datatype=[]dynamic].",
+					"Key `education[].parameters` is ambiguous, found 2 different combinations of field context / data type: [name=education[].parameters,context=body,datatype=[]float64,jsondatatype=Array(Nullable(Float64)) name=education[].parameters,context=body,datatype=[]dynamic,jsondatatype=Array(Dynamic)].",
 				},
 			},
 		},
@@ -702,7 +702,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			expected: TestExpected{
 				WhereClause: "(((arrayExists(`body_v2.interests`-> arrayExists(`body_v2.interests[].entities`-> arrayExists(`body_v2.interests[].entities[].reviews`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries[].metadata`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`.`ratings`, 'Array(Nullable(Int64))')) OR arrayExists(x -> toFloat64(x) = ?, dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`.`ratings`, 'Array(Nullable(Int64))'))), dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata`.`positions`, 'Array(JSON(max_dynamic_types=0, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities[].reviews[].entries`.`metadata`, 'Array(JSON(max_dynamic_types=1, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities[].reviews`.`entries`, 'Array(JSON(max_dynamic_types=2, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities`.`reviews`, 'Array(JSON(max_dynamic_types=4, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests`.`entities`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), dynamicElement(body_v2.`interests`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'interests')) OR ((arrayExists(`body_v2.interests`-> arrayExists(`body_v2.interests[].entities`-> arrayExists(`body_v2.interests[].entities[].reviews`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries[].metadata`-> arrayExists(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`-> (arrayExists(x -> LOWER(x) LIKE LOWER(?), dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`.`ratings`, 'Array(Nullable(String))')) OR arrayExists(x -> toFloat64OrNull(x) = ?, dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata[].positions`.`ratings`, 'Array(Nullable(String))'))), dynamicElement(`body_v2.interests[].entities[].reviews[].entries[].metadata`.`positions`, 'Array(JSON(max_dynamic_types=0, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities[].reviews[].entries`.`metadata`, 'Array(JSON(max_dynamic_types=1, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities[].reviews`.`entries`, 'Array(JSON(max_dynamic_types=2, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests[].entities`.`reviews`, 'Array(JSON(max_dynamic_types=4, max_dynamic_paths=0))')), dynamicElement(`body_v2.interests`.`entities`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), dynamicElement(body_v2.`interests`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'interests')))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%4%", float64(4), "%4%", float64(4), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-				Warnings:    []string{"Key `interests[].entities[].reviews[].entries[].metadata[].positions[].ratings` is ambiguous, found 2 different combinations of field context / data type: [name=interests[].entities[].reviews[].entries[].metadata[].positions[].ratings,context=body,datatype=[]int64 name=interests[].entities[].reviews[].entries[].metadata[].positions[].ratings,context=body,datatype=[]string]."},
+				Warnings:    []string{"Key `interests[].entities[].reviews[].entries[].metadata[].positions[].ratings` is ambiguous, found 2 different combinations of field context / data type: [name=interests[].entities[].reviews[].entries[].metadata[].positions[].ratings,context=body,datatype=[]int64,jsondatatype=Array(Nullable(Int64)) name=interests[].entities[].reviews[].entries[].metadata[].positions[].ratings,context=body,datatype=[]string,jsondatatype=Array(Nullable(String))]."},
 			},
 		},
 		{
@@ -761,35 +761,27 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 			},
 		},
 		{
-			name:   "dynamic_array_element_compare_CONTAINS",
-			filter: "interests[].entities[].product_codes Contains 1",
+			name:   "dynamic array element comparison",
+			filter: "ids Contains 1",
 			expected: TestExpected{
-				WhereClause: "((arrayExists(`body_v2.interests`-> arrayExists(`body_v2.interests[].entities`-> (arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.interests[].entities`.`product_codes`, 'Array(Dynamic)'))) OR arrayExists(x -> accurateCastOrNull(x, 'Float64') = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.interests[].entities`.`product_codes`, 'Array(Dynamic)')))), dynamicElement(`body_v2.interests`.`entities`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), dynamicElement(body_v2.`interests`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))'))) AND has(JSONAllPaths(body_v2), 'interests'))",
+				WhereClause: "(((arrayExists(x -> LOWER(toString(x)) LIKE LOWER(?), arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(body_v2.`ids`, 'Array(Dynamic)'))) OR arrayExists(x -> accurateCastOrNull(x, 'Float64') = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(body_v2.`ids`, 'Array(Dynamic)'))))) AND has(JSONAllPaths(body_v2), 'ids'))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), "%1%", float64(1), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 			},
 		},
 		{
-			name:   "dynamic_array_element_compare_HAS_STRING",
-			filter: "has(interests[].entities[].product_codes, '2002')",
+			name:   "dynamic array element comparison",
+			filter: "ids != '1'",
 			expected: TestExpected{
-				WhereClause: "has(arrayFlatten(arrayConcat(arrayMap(`body_v2.interests`->arrayMap(`body_v2.interests[].entities`->dynamicElement(`body_v2.interests[].entities`.`product_codes`, 'Array(Dynamic)'), dynamicElement(`body_v2.interests`.`entities`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), dynamicElement(body_v2.`interests`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))), ?)",
-				Args:        []any{uint64(1747945619), uint64(1747983448), "2002", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-		{
-			name:   "dynamic_array_element_compare_NOT_EQUAL",
-			filter: "interests[].entities[].product_codes != '1'",
-			expected: TestExpected{
-				WhereClause: "(NOT arrayExists(`body_v2.interests`-> arrayExists(`body_v2.interests[].entities`-> arrayExists(x -> accurateCastOrNull(x, 'Float64') = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(`body_v2.interests[].entities`.`product_codes`, 'Array(Dynamic)'))), dynamicElement(`body_v2.interests`.`entities`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), dynamicElement(body_v2.`interests`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))",
+				WhereClause: "(NOT arrayExists(x -> accurateCastOrNull(x, 'Float64') = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(body_v2.`ids`, 'Array(Dynamic)'))))",
 				Args:        []any{uint64(1747945619), uint64(1747983448), int64(1), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 			},
 		},
 		{
-			name:   "dynamic_array_element_compare_HAS_INT",
-			filter: "has(interests[].entities[].product_codes, 1001)",
+			name:   "dynamic array element comparison boolean",
+			filter: "ids = true",
 			expected: TestExpected{
-				WhereClause: "has(arrayFlatten(arrayConcat(arrayMap(`body_v2.interests`->arrayMap(`body_v2.interests[].entities`->dynamicElement(`body_v2.interests[].entities`.`product_codes`, 'Array(Dynamic)'), dynamicElement(`body_v2.interests`.`entities`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), dynamicElement(body_v2.`interests`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))), ?)",
-				Args:        []any{uint64(1747945619), uint64(1747983448), float64(1001), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
+				WhereClause: "((arrayExists(x -> accurateCastOrNull(x, 'Bool') = ?, arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), dynamicElement(body_v2.`ids`, 'Array(Dynamic)')))) AND has(JSONAllPaths(body_v2), 'ids'))",
+				Args:        []any{uint64(1747945619), uint64(1747983448), true, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 			},
 		},
 	}
@@ -852,10 +844,7 @@ func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
 				Args:        []any{uint64(1747945619), uint64(1747983448), float64(110001), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 			},
 		},
-		// ── indexed exists: index is skipped; emits plain IS NOT NULL ───────────
-		// EXISTS/NOT EXISTS bypass the index because indexed columns store a default
-		// empty value for absent fields, making != "" unreliable for existence checks
-		// (a field with value "" would be incorrectly excluded).
+		// ── indexed exists: emits assumeNotNull != nil AND dynamicElement IS NOT NULL ─
 		{
 			name: "Indexed String Exists",
 			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
@@ -864,8 +853,8 @@ func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
 				Limit:  10,
 			},
 			expected: TestExpected{
-				WhereClause: "(dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL)",
-				Args:        []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
+				WhereClause: "((assumeNotNull(dynamicElement(body_v2.`user.name`, 'String')) <> ? AND dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL))",
+				Args:        []any{uint64(1747945619), uint64(1747983448), "", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 			},
 		},
 		// ── indexed not-equal: assumeNotNull wrapping + no path index ─────────
@@ -881,6 +870,22 @@ func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
 				Args:        []any{uint64(1747945619), uint64(1747983448), "alice", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
 			},
 		},
+		// ── indexed not-exists: assumeNotNull = "" AND assumeNotNull IS NOT NULL ─
+		// FilterOperatorNotExists → Equal + emptyValue("") in the indexed branch,
+		// then a second condition flipped to Exists (IS NOT NULL) on the same
+		// assumeNotNull expr, producing AND(= "", IS NOT NULL).
+		{
+			name: "Indexed String NotExists",
+			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
+				Signal: telemetrytypes.SignalLogs,
+				Filter: &qbtypes.Filter{Expression: "body.user.name NOT EXISTS"},
+				Limit:  10,
+			},
+			expected: TestExpected{
+				WhereClause: "((assumeNotNull(dynamicElement(body_v2.`user.name`, 'String')) = ? AND dynamicElement(body_v2.`user.name`, 'String') IS NULL))",
+				Args:        []any{uint64(1747945619), uint64(1747983448), "", "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
+			},
+		},
 
 		// ── special-character indexed paths ───────────────────────────────────
 		{
@@ -937,192 +942,20 @@ func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
 		})
 	}
 }
-
-func TestJSONStmtBuilder_SelectField(t *testing.T) {
-	enable, disable := jsonQueryTestUtil(t)
-	enable()
-	defer disable()
-	statementBuilder := buildJSONTestStatementBuilder(t, false)
-
-	cases := []struct {
-		name                string
-		requestType         qbtypes.RequestType
-		query               qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]
-		expected            qbtypes.Statement
-		expectedErrContains string
-	}{
-		{
-			name:        "select_x_education[].awards[].participated[].members",
-			requestType: qbtypes.RequestTypeRaw,
-			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-				Signal:       telemetrytypes.SignalLogs,
-				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
-				Limit:        10,
-				SelectFields: []telemetrytypes.TelemetryFieldKey{
-					{
-						Name: "education[].awards[].participated[].members",
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: "user.name exists",
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH __resource_filter AS (SELECT fingerprint FROM signoz_logs.distributed_logs_v2_resource WHERE true AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?) SELECT timestamp, id, arrayFlatten(arrayConcat(arrayMap(`body_v2.education`->arrayConcat(arrayMap(`body_v2.education[].awards`->arrayConcat(arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(JSON(max_dynamic_types=4, max_dynamic_paths=0))')), arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(Dynamic)'))))), dynamicElement(`body_v2.education`.`awards`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), arrayMap(`body_v2.education[].awards`->arrayConcat(arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=256))')), arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(Dynamic)'))))), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education`.`awards`, 'Array(Dynamic)'))))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))) AS `education[].awards[].participated[].members` FROM signoz_logs.distributed_logs_v2 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter) AND (dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? LIMIT ?",
-				Args:  []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-		{
-			name:        "select_x_education[].awards[].type",
-			requestType: qbtypes.RequestTypeRaw,
-			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-				Signal:       telemetrytypes.SignalLogs,
-				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
-				Limit:        10,
-				SelectFields: []telemetrytypes.TelemetryFieldKey{
-					{
-						Name: "education[].awards[].type",
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: "user.name exists",
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH __resource_filter AS (SELECT fingerprint FROM signoz_logs.distributed_logs_v2_resource WHERE true AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?) SELECT timestamp, id, arrayFlatten(arrayConcat(arrayMap(`body_v2.education`->arrayConcat(arrayMap(`body_v2.education[].awards`->dynamicElement(`body_v2.education[].awards`.`type`, 'String'), dynamicElement(`body_v2.education`.`awards`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), arrayMap(`body_v2.education[].awards`->dynamicElement(`body_v2.education[].awards`.`type`, 'String'), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education`.`awards`, 'Array(Dynamic)'))))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))) AS `education[].awards[].type` FROM signoz_logs.distributed_logs_v2 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter) AND (dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? LIMIT ?",
-				Args:  []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-		{
-			name:        "select_x_user.name",
-			requestType: qbtypes.RequestTypeRaw,
-			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-				Signal:       telemetrytypes.SignalLogs,
-				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
-				Limit:        10,
-				SelectFields: []telemetrytypes.TelemetryFieldKey{
-					{
-						Name: "user.name",
-					},
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH __resource_filter AS (SELECT fingerprint FROM signoz_logs.distributed_logs_v2_resource WHERE seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?) SELECT timestamp, id, dynamicElement(body_v2.`user.name`, 'String') AS `user.name` FROM signoz_logs.distributed_logs_v2 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? LIMIT ?",
-				Args:  []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.name, func(t *testing.T) {
-			q, err := statementBuilder.Build(context.Background(), 1747947419000, 1747983448000, c.requestType, c.query, nil)
-			if c.expectedErrContains != "" {
-				require.Error(t, err)
-				require.Contains(t, err.Error(), c.expectedErrContains)
-			} else {
-				require.NoError(t, err)
-				require.Equal(t, c.expected.Query, q.Query)
-				require.Equal(t, c.expected.Args, q.Args)
-				require.Equal(t, c.expected.Warnings, q.Warnings)
-			}
-		})
-	}
-}
-
-func TestJSONStmtBuilder_OrderBy(t *testing.T) {
-	enable, disable := jsonQueryTestUtil(t)
-	enable()
-	defer disable()
-	statementBuilder := buildJSONTestStatementBuilder(t, false)
-
-	cases := []struct {
-		name                string
-		requestType         qbtypes.RequestType
-		query               qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]
-		expected            qbtypes.Statement
-		expectedErrContains string
-	}{
-		{
-			name:        "order_by_education[].awards[].participated[].members",
-			requestType: qbtypes.RequestTypeRaw,
-			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-				Signal:       telemetrytypes.SignalLogs,
-				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
-				Limit:        10,
-				Order: []qbtypes.OrderBy{
-					{
-						Key: qbtypes.OrderByKey{
-							TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-								Name: "education[].awards[].participated[].members",
-							},
-						},
-						Direction: qbtypes.OrderDirectionAsc,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: "user.name exists",
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH __resource_filter AS (SELECT fingerprint FROM signoz_logs.distributed_logs_v2_resource WHERE true AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?) SELECT timestamp, id, trace_id, span_id, trace_flags, severity_text, severity_number, scope_name, scope_version, body_v2 as body, attributes_string, attributes_number, attributes_bool, resources_string, scope_string FROM signoz_logs.distributed_logs_v2 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter) AND (dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? ORDER BY arrayFlatten(arrayConcat(arrayMap(`body_v2.education`->arrayConcat(arrayMap(`body_v2.education[].awards`->arrayConcat(arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(JSON(max_dynamic_types=4, max_dynamic_paths=0))')), arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(Dynamic)'))))), dynamicElement(`body_v2.education`.`awards`, 'Array(JSON(max_dynamic_types=8, max_dynamic_paths=0))')), arrayMap(`body_v2.education[].awards`->arrayConcat(arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=256))')), arrayMap(`body_v2.education[].awards[].participated`->dynamicElement(`body_v2.education[].awards[].participated`.`members`, 'Array(Nullable(String))'), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education[].awards`.`participated`, 'Array(Dynamic)'))))), arrayMap(x->assumeNotNull(dynamicElement(x, 'JSON')), arrayFilter(x->(dynamicType(x) = 'JSON'), dynamicElement(`body_v2.education`.`awards`, 'Array(Dynamic)'))))), dynamicElement(body_v2.`education`, 'Array(JSON(max_dynamic_types=16, max_dynamic_paths=0))')))) AS `education[].awards[].participated[].members` asc LIMIT ?",
-				Args:  []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-		{
-			name:        "order_by_user.name",
-			requestType: qbtypes.RequestTypeRaw,
-			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
-				Signal:       telemetrytypes.SignalLogs,
-				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
-				Limit:        10,
-				Order: []qbtypes.OrderBy{
-					{
-						Key: qbtypes.OrderByKey{
-							TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-								Name: "user.name",
-							},
-						},
-						Direction: qbtypes.OrderDirectionAsc,
-					},
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH __resource_filter AS (SELECT fingerprint FROM signoz_logs.distributed_logs_v2_resource WHERE seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?) SELECT timestamp, id, trace_id, span_id, trace_flags, severity_text, severity_number, scope_name, scope_version, body_v2 as body, attributes_string, attributes_number, attributes_bool, resources_string, scope_string FROM signoz_logs.distributed_logs_v2 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? ORDER BY dynamicElement(body_v2.`user.name`, 'String') AS `user.name` asc LIMIT ?",
-				Args:  []any{uint64(1747945619), uint64(1747983448), "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448), 10},
-			},
-		},
-	}
-
-	for _, c := range cases {
-		t.Run(c.name, func(t *testing.T) {
-			q, err := statementBuilder.Build(context.Background(), 1747947419000, 1747983448000, c.requestType, c.query, nil)
-			if c.expectedErrContains != "" {
-				require.Error(t, err)
-				require.Contains(t, err.Error(), c.expectedErrContains)
-			} else {
-				require.NoError(t, err)
-				require.Equal(t, c.expected.Query, q.Query)
-				require.Equal(t, c.expected.Args, q.Args)
-				require.Equal(t, c.expected.Warnings, q.Warnings)
-			}
-		})
-	}
-}
-
 func buildTestTelemetryMetadataStore(t *testing.T, addIndexes bool) *telemetrytypestest.MockMetadataStore {
 	mockMetadataStore := telemetrytypestest.NewMockMetadataStore()
 	mockMetadataStore.SetStaticFields(IntrinsicFields)
 	types, _ := telemetrytypes.TestJSONTypeSet()
-	for path, fieldDataTypes := range types {
-		for _, fdt := range fieldDataTypes {
+	for path, jsonTypes := range types {
+		for _, jsonType := range jsonTypes {
 			key := &telemetrytypes.TelemetryFieldKey{
 				Name:          path,
 				Signal:        telemetrytypes.SignalLogs,
 				FieldContext:  telemetrytypes.FieldContextBody,
-				FieldDataType: fdt,
+				FieldDataType: telemetrytypes.MappingJSONDataTypeToFieldDataType[jsonType],
+				JSONDataType:  &jsonType,
 			}
 			if addIndexes {
-				jsonType := telemetrytypes.MappingFieldDataTypeToJSONDataType[fdt]
 				idx := slices.IndexFunc(telemetrytypes.TestIndexedPaths, func(entry telemetrytypes.TestIndexedPathEntry) bool {
 					return entry.Path == path && entry.Type == jsonType
 				})

pkg/telemetrylogs/stmt_builder_test.go

@@ -875,6 +875,7 @@ func TestAdjustKey(t *testing.T) {
 			require.Equal(t, c.expectedKey.FieldContext, key.FieldContext, "field context should match")
 			require.Equal(t, c.expectedKey.FieldDataType, key.FieldDataType, "field data type should match")
 			require.Equal(t, c.expectedKey.Materialized, key.Materialized, "materialized should match")
+			require.Equal(t, c.expectedKey.JSONDataType, key.JSONDataType, "json data type should match")
 			require.Equal(t, c.expectedKey.Indexes, key.Indexes, "json exists should match")
 		})
 	}

pkg/telemetrymetadata/body_json_metadata.go

@@ -21,84 +21,133 @@ import (
 )
 
 var (
+	defaultPathLimit = 100 // Default limit to prevent full table scans
+
+	CodeUnknownJSONDataType     = errors.MustNewCode("unknown_json_data_type")
 	CodeFailLoadPromotedPaths   = errors.MustNewCode("fail_load_promoted_paths")
 	CodeFailCheckPathPromoted   = errors.MustNewCode("fail_check_path_promoted")
+	CodeFailIterateBodyJSONKeys = errors.MustNewCode("fail_iterate_body_json_keys")
+	CodeFailExtractBodyJSONKeys = errors.MustNewCode("fail_extract_body_json_keys")
 	CodeFailLoadLogsJSONIndexes = errors.MustNewCode("fail_load_logs_json_indexes")
 	CodeFailListJSONValues      = errors.MustNewCode("fail_list_json_values")
 	CodeFailScanJSONValue       = errors.MustNewCode("fail_scan_json_value")
 	CodeFailScanVariant         = errors.MustNewCode("fail_scan_variant")
+	CodeFailBuildJSONPathsQuery = errors.MustNewCode("fail_build_json_paths_query")
+	CodeNoPathsToQueryIndexes   = errors.MustNewCode("no_paths_to_query_indexes_provided")
 
 	CodeFailedToPrepareBatch = errors.MustNewCode("failed_to_prepare_batch_promoted_paths")
 	CodeFailedToSendBatch    = errors.MustNewCode("failed_to_send_batch_promoted_paths")
 	CodeFailedToAppendPath   = errors.MustNewCode("failed_to_append_path_promoted_paths")
 )
 
-// enrichJSONKeys enriches body-context keys with promoted path info, indexes,
-// and JSON access plans. parentTypeCache contains parent array types (ArrayJSON/ArrayDynamic)
-// pre-fetched in the main UNION query.
+// fetchBodyJSONPaths extracts body JSON paths from the path_types table
+// This function can be used by both JSONQueryBuilder and metadata extraction
+// uniquePathLimit: 0 for no limit, >0 for maximum number of unique paths to return
+//   - For startup load: set to 10000 to get top 10k unique paths
+//   - For lookup: set to 0 (no limit needed for single path)
+//   - For metadata API: set to desired pagination limit
 //
-// NOTE: enrichment can not work with FuzzySelectors; QB requests exact matches for query building so
-// parentTypeCache will actually have proper matches and
-// FuzzyMatching is for Suggestions API so enrichment is not needed.
-func (t *telemetryMetaStore) enrichJSONKeys(ctx context.Context, selectors []*telemetrytypes.FieldKeySelector, keys []*telemetrytypes.TelemetryFieldKey, parentTypeCache map[string][]telemetrytypes.FieldDataType) error {
-	mapOfExactSelectors := make(map[string]*telemetrytypes.FieldKeySelector)
-	for _, selector := range selectors {
-		if selector.SelectorMatchType != telemetrytypes.FieldSelectorMatchTypeExact {
-			continue
+// searchOperator: LIKE for pattern matching, EQUAL for exact match.
+func (t *telemetryMetaStore) fetchBodyJSONPaths(ctx context.Context,
+	fieldKeySelectors []*telemetrytypes.FieldKeySelector) ([]*telemetrytypes.TelemetryFieldKey, []string, bool, error) {
+	ctx = ctxtypes.NewContextWithCommentVals(ctx, map[string]string{
+		instrumentationtypes.TelemetrySignal:  telemetrytypes.SignalLogs.StringValue(),
+		instrumentationtypes.CodeNamespace:    "metadata",
+		instrumentationtypes.CodeFunctionName: "fetchBodyJSONPaths",
+	})
+
+	query, args, limit := buildGetBodyJSONPathsQuery(fieldKeySelectors)
+	rows, err := t.telemetrystore.ClickhouseDB().Query(ctx, query, args...)
+	if err != nil {
+		return nil, nil, false, errors.WrapInternalf(err, CodeFailExtractBodyJSONKeys, "failed to extract body JSON keys")
+	}
+	defer rows.Close()
+
+	fieldKeys := []*telemetrytypes.TelemetryFieldKey{}
+	paths := []string{}
+	rowCount := 0
+	for rows.Next() {
+		var path string
+		var typesArray []string // ClickHouse returns array as []string
+		var lastSeen uint64
+
+		err = rows.Scan(&path, &typesArray, &lastSeen)
+		if err != nil {
+			return nil, nil, false, errors.WrapInternalf(err, CodeFailExtractBodyJSONKeys, "failed to scan body JSON key row")
 		}
 
-		mapOfExactSelectors[selector.Name] = selector
-	}
-
-	var filteredKeys []*telemetrytypes.TelemetryFieldKey
-	for _, key := range keys {
-		if key.FieldContext == telemetrytypes.FieldContextBody && mapOfExactSelectors[key.Name] != nil {
-			filteredKeys = append(filteredKeys, key)
+		for _, typ := range typesArray {
+			mapping, found := telemetrytypes.MappingStringToJSONDataType[typ]
+			if !found {
+				t.logger.ErrorContext(ctx, "failed to map type string to JSON data type", slog.String("type", typ), slog.String("path", path))
+				continue
+			}
+			fieldKeys = append(fieldKeys, &telemetrytypes.TelemetryFieldKey{
+				Name:          path,
+				Signal:        telemetrytypes.SignalLogs,
+				FieldContext:  telemetrytypes.FieldContextBody,
+				FieldDataType: telemetrytypes.MappingJSONDataTypeToFieldDataType[mapping],
+				JSONDataType:  &mapping,
+			})
 		}
+
+		paths = append(paths, path)
+		rowCount++
+	}
+	if rows.Err() != nil {
+		return nil, nil, false, errors.WrapInternalf(rows.Err(), CodeFailIterateBodyJSONKeys, "error iterating body JSON keys")
 	}
 
-	if len(filteredKeys) == 0 {
-		return nil
-	}
-
-	paths := make([]string, 0, len(filteredKeys))
-	for _, key := range filteredKeys {
-		paths = append(paths, key.Name)
-	}
-
-	// fetch promoted paths
-	promoted, err := t.GetPromotedPaths(ctx, paths...)
-	if err != nil {
-		return err
-	}
-
-	// fetch JSON path indexes
-	indexes, err := t.getJSONPathIndexes(ctx, paths...)
-	if err != nil {
-		return err
-	}
-
-	// apply promoted/index metadata to keys
-	for _, key := range filteredKeys {
-		promotedKey := strings.Split(key.Name, telemetrytypes.ArraySep)[0]
-		key.Materialized = promoted[promotedKey]
-		key.Indexes = indexes[key.Name]
-	}
-
-	// build JSON access plans using the pre-fetched parent type cache
-	return t.buildJSONPlans(filteredKeys, parentTypeCache)
+	return fieldKeys, paths, rowCount <= limit, nil
 }
 
-// buildJSONPlans builds JSON access plans for the given keys
-// using the provided parent type cache (pre-fetched in the main UNION query).
-func (t *telemetryMetaStore) buildJSONPlans(keys []*telemetrytypes.TelemetryFieldKey, typeCache map[string][]telemetrytypes.FieldDataType) error {
-	if len(keys) == 0 {
-		return nil
+func (t *telemetryMetaStore) buildBodyJSONPaths(ctx context.Context,
+	fieldKeySelectors []*telemetrytypes.FieldKeySelector) ([]*telemetrytypes.TelemetryFieldKey, bool, error) {
+
+	fieldKeys, paths, finished, err := t.fetchBodyJSONPaths(ctx, fieldKeySelectors)
+	if err != nil {
+		return nil, false, err
 	}
 
-	columnMeta := t.jsonColumnMetadata[telemetrytypes.SignalLogs][telemetrytypes.FieldContextBody]
+	promoted, err := t.GetPromotedPaths(ctx, paths...)
+	if err != nil {
+		return nil, false, err
+	}
+
+	indexes, err := t.getJSONPathIndexes(ctx, paths...)
+	if err != nil {
+		return nil, false, err
+	}
+
+	for _, fieldKey := range fieldKeys {
+		promotedKey := strings.Split(fieldKey.Name, telemetrytypes.ArraySep)[0]
+		fieldKey.Materialized = promoted[promotedKey]
+		fieldKey.Indexes = indexes[fieldKey.Name]
+	}
+
+	return fieldKeys, finished, t.buildJSONPlans(ctx, fieldKeys)
+}
+
+func (t *telemetryMetaStore) buildJSONPlans(ctx context.Context, keys []*telemetrytypes.TelemetryFieldKey) error {
+	parentSelectors := make([]*telemetrytypes.FieldKeySelector, 0, len(keys))
 	for _, key := range keys {
-		if err := key.SetJSONAccessPlan(columnMeta, typeCache); err != nil {
+		parentSelectors = append(parentSelectors, key.ArrayParentSelectors()...)
+	}
+
+	parentKeys, _, _, err := t.fetchBodyJSONPaths(ctx, parentSelectors)
+	if err != nil {
+		return err
+	}
+
+	typeCache := make(map[string][]telemetrytypes.JSONDataType)
+	for _, key := range parentKeys {
+		typeCache[key.Name] = append(typeCache[key.Name], *key.JSONDataType)
+	}
+
+	// build plans for keys now
+	for _, key := range keys {
+		err = key.SetJSONAccessPlan(t.jsonColumnMetadata[telemetrytypes.SignalLogs][telemetrytypes.FieldContextBody], typeCache)
+		if err != nil {
 			return err
 		}
 	}
@@ -106,6 +155,51 @@ func (t *telemetryMetaStore) buildJSONPlans(keys []*telemetrytypes.TelemetryFiel
 	return nil
 }
 
+func buildGetBodyJSONPathsQuery(fieldKeySelectors []*telemetrytypes.FieldKeySelector) (string, []any, int) {
+	if len(fieldKeySelectors) == 0 {
+		return "", nil, defaultPathLimit
+	}
+	from := fmt.Sprintf("%s.%s", DBName, PathTypesTableName)
+
+	// Build a better query using GROUP BY to deduplicate at database level
+	// This aggregates all types per path and gets the max last_seen, then applies LIMIT
+	sb := sqlbuilder.Select(
+		"path",
+		"groupArray(DISTINCT type) AS types",
+		"max(last_seen) AS last_seen",
+	).From(from)
+
+	limit := 0
+	// Add search filter if provided
+	orClauses := []string{}
+	for _, fieldKeySelector := range fieldKeySelectors {
+		// replace [*] with []
+		fieldKeySelector.Name = strings.ReplaceAll(fieldKeySelector.Name, telemetrytypes.ArrayAnyIndex, telemetrytypes.ArraySep)
+		// Extract search text for body JSON keys
+		keyName := CleanPathPrefixes(fieldKeySelector.Name)
+		if fieldKeySelector.SelectorMatchType == telemetrytypes.FieldSelectorMatchTypeExact {
+			orClauses = append(orClauses, sb.Equal("path", keyName))
+		} else {
+			// Pattern matching for metadata API (defaults to LIKE behavior for other operators)
+			orClauses = append(orClauses, sb.ILike("path", fmt.Sprintf("%%%s%%", querybuilder.FormatValueForContains(keyName))))
+		}
+		limit += fieldKeySelector.Limit
+	}
+	sb.Where(sb.Or(orClauses...))
+	// Group by path to get unique paths with aggregated types
+	sb.GroupBy("path")
+
+	// Order by max last_seen to get most recent paths first
+	sb.OrderBy("last_seen DESC")
+	if limit == 0 {
+		limit = defaultPathLimit
+	}
+	sb.Limit(limit)
+
+	query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
+	return query, args, limit
+}
+
 func (t *telemetryMetaStore) getJSONPathIndexes(ctx context.Context, paths ...string) (map[string][]telemetrytypes.JSONDataTypeIndex, error) {
 	filteredPaths := []string{}
 	for _, path := range paths {

pkg/telemetrymetadata/body_json_metadata_test.go

@@ -7,9 +7,99 @@ import (
 	"github.com/SigNoz/signoz-otel-collector/constants"
 	"github.com/SigNoz/signoz/pkg/querybuilder"
 	"github.com/SigNoz/signoz/pkg/telemetrylogs"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/stretchr/testify/require"
 )
 
+func TestBuildGetBodyJSONPathsQuery(t *testing.T) {
+	testCases := []struct {
+		name              string
+		fieldKeySelectors []*telemetrytypes.FieldKeySelector
+		expectedSQL       string
+		expectedArgs      []any
+		expectedLimit     int
+	}{
+
+		{
+			name: "Single search text with EQUAL operator",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "user.name",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeExact,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (path = ?) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"user.name", defaultPathLimit},
+			expectedLimit: defaultPathLimit,
+		},
+		{
+			name: "Single search text with LIKE operator",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "user",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeFuzzy,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (LOWER(path) LIKE LOWER(?)) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"%user%", 100},
+			expectedLimit: 100,
+		},
+		{
+			name: "Multiple search texts with EQUAL operator",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "user.name",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeExact,
+				},
+				{
+					Name:              "user.age",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeExact,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (path = ? OR path = ?) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"user.name", "user.age", defaultPathLimit},
+			expectedLimit: defaultPathLimit,
+		},
+		{
+			name: "Multiple search texts with LIKE operator",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "user",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeFuzzy,
+				},
+				{
+					Name:              "admin",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeFuzzy,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (LOWER(path) LIKE LOWER(?) OR LOWER(path) LIKE LOWER(?)) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"%user%", "%admin%", defaultPathLimit},
+			expectedLimit: defaultPathLimit,
+		},
+		{
+			name: "Search with Contains operator (should default to LIKE)",
+			fieldKeySelectors: []*telemetrytypes.FieldKeySelector{
+				{
+					Name:              "test",
+					SelectorMatchType: telemetrytypes.FieldSelectorMatchTypeFuzzy,
+				},
+			},
+			expectedSQL:   "SELECT path, groupArray(DISTINCT type) AS types, max(last_seen) AS last_seen FROM signoz_metadata.distributed_field_keys WHERE (LOWER(path) LIKE LOWER(?)) GROUP BY path ORDER BY last_seen DESC LIMIT ?",
+			expectedArgs:  []any{"%test%", defaultPathLimit},
+			expectedLimit: defaultPathLimit,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			query, args, limit := buildGetBodyJSONPathsQuery(tc.fieldKeySelectors)
+			require.Equal(t, tc.expectedSQL, query)
+			require.Equal(t, tc.expectedArgs, args)
+			require.Equal(t, tc.expectedLimit, limit)
+		})
+	}
+}
+
 func TestBuildListLogsJSONIndexesQuery(t *testing.T) {
 	testCases := []struct {
 		name         string

pkg/telemetrymetadata/metadata.go

@@ -397,153 +397,90 @@ func (t *telemetryMetaStore) getLogsKeys(ctx context.Context, fieldKeySelectors
 	// tables to query based on field selectors
 	queryAttributeTable := false
 	queryResourceTable := false
-	queryBodyTable := false
 
 	for _, selector := range fieldKeySelectors {
 		if selector.FieldContext == telemetrytypes.FieldContextUnspecified {
-			// unspecified context, query all tables
+			// unspecified context, query both tables
 			queryAttributeTable = true
 			queryResourceTable = true
-			queryBodyTable = true
 			break
 		} else if selector.FieldContext == telemetrytypes.FieldContextAttribute {
 			queryAttributeTable = true
 		} else if selector.FieldContext == telemetrytypes.FieldContextResource {
 			queryResourceTable = true
-		} else if selector.FieldContext == telemetrytypes.FieldContextBody {
-			queryBodyTable = true
 		}
 	}
 
-	// body keys are gated behind the feature flag
-	queryBodyTable = queryBodyTable && querybuilder.BodyJSONQueryEnabled
-
-	// requestedFieldKeySelectors is the set of names the user explicitly asked for.
-	// Used to ensure a name that is both a parent path AND a directly requested field still surfaces
-	// in the result keys (e.g. "a.b[].c" is a parent of "a.b[].c[].d" but also a queried field).
-	mapOfRequestedSelectors := make(map[string]bool)
-	for _, sel := range fieldKeySelectors {
-		if sel.SelectorMatchType == telemetrytypes.FieldSelectorMatchTypeExact {
-			mapOfRequestedSelectors[sel.Name] = true
-		}
+	tablesToQuery := []struct {
+		fieldContext telemetrytypes.FieldContext
+		shouldQuery  bool
+	}{
+		{telemetrytypes.FieldContextAttribute, queryAttributeTable},
+		{telemetrytypes.FieldContextResource, queryResourceTable},
 	}
 
-	// pre-compute parent array path names from body selectors for JSON plan building;
-	// these will be fetched as a separate UNION arm filtered to ArrayJSON/ArrayDynamic only.
-	parentPaths := make(map[string]bool)
-	if queryBodyTable {
-		for _, sel := range fieldKeySelectors {
-			if sel.FieldContext != telemetrytypes.FieldContextBody &&
-				sel.FieldContext != telemetrytypes.FieldContextUnspecified {
-				continue
-			}
-			key := &telemetrytypes.TelemetryFieldKey{
-				Name:         sel.Name,
-				Signal:       telemetrytypes.SignalLogs,
-				FieldContext: telemetrytypes.FieldContextBody,
-			}
-			if !key.KeyNameContainsArray() {
-				continue
-			}
-			for _, parent := range key.ArrayParentPaths() {
-				parentPaths[parent] = true
-			}
+	for _, table := range tablesToQuery {
+		if !table.shouldQuery {
+			continue
+		}
+
+		fieldContext := table.fieldContext
+
+		// table name based on field context
+		var tblName string
+		if fieldContext == telemetrytypes.FieldContextAttribute {
+			tblName = t.logsDBName + "." + t.logAttributeKeysTblName
+		} else {
+			tblName = t.logsDBName + "." + t.logResourceKeysTblName
 		}
-	}
 
-	// attribute and resource tables share identical schema (name/datatype columns, lower-cased select,
-	// TagDataType encoding) — only the table name and field context differ.
-	addTagTableQuery := func(tblName string, fieldContext telemetrytypes.FieldContext) {
 		sb := sqlbuilder.Select(
 			"name AS tag_key",
 			fmt.Sprintf("'%s' AS tag_type", fieldContext.TagType()),
-			"lower(datatype) AS tag_data_type", // logs had historical mixed-case data
-			fmt.Sprintf("%d AS priority", getPriorityForContext(fieldContext)),
+			"lower(datatype) AS tag_data_type", // in logs, we had some historical data with capital and small case
+			fmt.Sprintf(`%d AS priority`, getPriorityForContext(fieldContext)),
 		).From(tblName)
 
-		branches := []string{}
-		for _, sel := range fieldKeySelectors {
-			if sel.FieldContext != telemetrytypes.FieldContextUnspecified && sel.FieldContext != fieldContext {
+		var limit int
+		conds := []string{}
+
+		for _, fieldKeySelector := range fieldKeySelectors {
+			// Include this selector if:
+			// 1. It has unspecified context (matches all tables)
+			// 2. Its context matches the current table's context
+			if fieldKeySelector.FieldContext != telemetrytypes.FieldContextUnspecified &&
+				fieldKeySelector.FieldContext != fieldContext {
 				continue
 			}
+
+			// key part of the selector
 			fieldKeyConds := []string{}
-			if sel.SelectorMatchType == telemetrytypes.FieldSelectorMatchTypeExact {
-				fieldKeyConds = append(fieldKeyConds, sb.E("name", sel.Name))
+			if fieldKeySelector.SelectorMatchType == telemetrytypes.FieldSelectorMatchTypeExact {
+				fieldKeyConds = append(fieldKeyConds, sb.E("name", fieldKeySelector.Name))
 			} else {
-				fieldKeyConds = append(fieldKeyConds, sb.ILike("name", "%"+escapeForLike(sel.Name)+"%"))
+				fieldKeyConds = append(fieldKeyConds, sb.ILike("name", "%"+escapeForLike(fieldKeySelector.Name)+"%"))
 			}
-			if sel.FieldDataType != telemetrytypes.FieldDataTypeUnspecified {
-				fieldKeyConds = append(fieldKeyConds, sb.E("datatype", sel.FieldDataType.TagDataType()))
+
+			// now look at the field data type
+			if fieldKeySelector.FieldDataType != telemetrytypes.FieldDataTypeUnspecified {
+				fieldKeyConds = append(fieldKeyConds, sb.E("datatype", fieldKeySelector.FieldDataType.TagDataType()))
 			}
+
 			if len(fieldKeyConds) > 0 {
-				branches = append(branches, sb.And(fieldKeyConds...))
+				conds = append(conds, sb.And(fieldKeyConds...))
 			}
+			limit += fieldKeySelector.Limit
 		}
-		if len(branches) > 0 {
-			sb.Where(sb.Or(branches...))
+
+		if len(conds) > 0 {
+			sb.Where(sb.Or(conds...))
 		}
+
 		sb.GroupBy("name", "datatype")
-		query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
-		queries = append(queries, query)
-		allArgs = append(allArgs, args...)
-	}
-
-	if queryAttributeTable {
-		addTagTableQuery(t.logsDBName+"."+t.logAttributeKeysTblName, telemetrytypes.FieldContextAttribute)
-	}
-	if queryResourceTable {
-		addTagTableQuery(t.logsDBName+"."+t.logResourceKeysTblName, telemetrytypes.FieldContextResource)
-	}
-
-	// body context uses a different table/schema (field_name, field_data_type) and requires
-	// signal+context base filters. It also fetches parent array container types (ArrayJSON/ArrayDynamic)
-	// needed for JSON access plan building.
-	if queryBodyTable {
-		sb := sqlbuilder.Select(
-			"field_name AS tag_key",
-			fmt.Sprintf("'%s' AS tag_type", telemetrytypes.FieldContextBody.TagType()),
-			"field_data_type AS tag_data_type",
-			fmt.Sprintf("%d AS priority", getPriorityForContext(telemetrytypes.FieldContextBody)),
-		).From(fmt.Sprintf("%s.%s", DBName, FieldKeysTable))
-
-		sb.Where(sb.E("signal", telemetrytypes.SignalLogs.StringValue()))
-		sb.Where(sb.E("field_context", telemetrytypes.FieldContextBody.StringValue()))
-
-		branches := []string{}
-		for _, sel := range fieldKeySelectors {
-			if sel.FieldContext != telemetrytypes.FieldContextUnspecified && sel.FieldContext != telemetrytypes.FieldContextBody {
-				continue
-			}
-			fieldKeyConds := []string{}
-			if sel.SelectorMatchType == telemetrytypes.FieldSelectorMatchTypeExact {
-				fieldKeyConds = append(fieldKeyConds, sb.E("field_name", sel.Name))
-			} else {
-				fieldKeyConds = append(fieldKeyConds, sb.ILike("field_name", "%"+escapeForLike(sel.Name)+"%"))
-			}
-			if sel.FieldDataType != telemetrytypes.FieldDataTypeUnspecified {
-				fieldKeyConds = append(fieldKeyConds, sb.E("field_data_type", sel.FieldDataType.StringValue()))
-			}
-			if len(fieldKeyConds) > 0 {
-				branches = append(branches, sb.And(fieldKeyConds...))
-			}
+		if limit == 0 {
+			limit = 1000
 		}
-		if len(parentPaths) > 0 {
-			names := make([]any, 0, len(parentPaths))
-			for n := range parentPaths {
-				names = append(names, n)
-			}
-			branches = append(branches, sb.And(
-				sb.In("field_name", names...),
-				sb.In("field_data_type",
-					telemetrytypes.FieldDataTypeArrayDynamic.StringValue(),
-					telemetrytypes.FieldDataTypeArrayJSON.StringValue(),
-				),
-			))
-		}
-		if len(branches) > 0 {
-			sb.Where(sb.Or(branches...))
-		}
-		sb.GroupBy("field_name", "field_data_type")
+
 		query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
 		queries = append(queries, query)
 		allArgs = append(allArgs, args...)
@@ -580,7 +517,6 @@ func (t *telemetryMetaStore) getLogsKeys(ctx context.Context, fieldKeySelectors
 	defer rows.Close()
 
 	keys := []*telemetrytypes.TelemetryFieldKey{}
-	parentTypes := make(map[string][]telemetrytypes.FieldDataType)
 	rowCount := 0
 	searchTexts := []string{}
 
@@ -604,21 +540,6 @@ func (t *telemetryMetaStore) getLogsKeys(ctx context.Context, fieldKeySelectors
 		if err != nil {
 			return nil, false, errors.Wrap(err, errors.TypeInternal, errors.CodeInternal, ErrFailedToGetLogsKeys.Error())
 		}
-
-		// ArrayJSON/ArrayDynamic body rows for parent paths are needed by the JSON access plan
-		// builder (enrichJSONKeys). Always record them in parentTypes. Only skip adding to keys
-		// if the user did not also directly request this name — a field like "education" can be
-		// both a parent of "education[].name" and an explicitly queried field in its own right.
-		switch fieldDataType {
-		case telemetrytypes.FieldDataTypeArrayJSON, telemetrytypes.FieldDataTypeArrayDynamic:
-			if fieldContext == telemetrytypes.FieldContextBody && parentPaths[name] {
-				parentTypes[name] = append(parentTypes[name], fieldDataType)
-				if !mapOfRequestedSelectors[name] {
-					continue // skip; don't register the key.
-				}
-			}
-		}
-
 		key, ok := mapOfKeys[name+";"+fieldContext.StringValue()+";"+fieldDataType.StringValue()]
 
 		// if there is no materialised column, create a key with the field context and data type
@@ -672,11 +593,13 @@ func (t *telemetryMetaStore) getLogsKeys(ctx context.Context, fieldKeySelectors
 		}
 	}
 
-	// enrich body keys with promoted paths, indexes, and JSON access plans
 	if querybuilder.BodyJSONQueryEnabled {
-		if err := t.enrichJSONKeys(ctx, fieldKeySelectors, keys, parentTypes); err != nil {
-			return nil, false, err
+		bodyJSONPaths, finished, err := t.buildBodyJSONPaths(ctx, fieldKeySelectors) // LIKE for pattern matching
+		if err != nil {
+			t.logger.ErrorContext(ctx, "failed to extract body JSON paths", errors.Attr(err))
 		}
+		keys = append(keys, bodyJSONPaths...)
+		complete = complete && finished
 	}
 
 	if _, err := t.updateColumnEvolutionMetadataForKeys(ctx, keys); err != nil {

pkg/telemetrymetadata/tables.go

@@ -1,13 +1,13 @@
 package telemetrymetadata
 
-import otelconst "github.com/SigNoz/signoz-otel-collector/constants"
+import otelcollectorconst "github.com/SigNoz/signoz-otel-collector/constants"
 
 const (
 	DBName                           = "signoz_metadata"
 	AttributesMetadataTableName      = "distributed_attributes_metadata"
 	AttributesMetadataLocalTableName = "attributes_metadata"
 	ColumnEvolutionMetadataTableName = "distributed_column_evolution_metadata"
-	FieldKeysTable                   = otelconst.DistributedFieldKeysTable
+	PathTypesTableName               = otelcollectorconst.DistributedFieldKeysTable
 	// Column Evolution table stores promoted paths as (signal, column_name, field_context, field_name); see signoz-otel-collector metadata_migrations.
 	PromotedPathsTableName = "distributed_column_evolution_metadata"
 	SkipIndexTableName     = "system.data_skipping_indices"

pkg/types/cachetypes/cacheable.go

@@ -18,6 +18,9 @@ type Cloneable interface {
 	// Creates a deep copy of the Cacheable. This method is useful for memory caches to avoid the need for serialization/deserialization. It also prevents
 	// race conditions in the memory cache.
 	Clone() Cacheable
+	// Size returns the approximate retained byte cost of this entry. Memory-backed
+	// caches use it as the ristretto cost so MaxCost-based eviction works.
+	Size() int64
 }
 
 func NewSha1CacheKey(val string) string {

pkg/types/factor_password.go

@@ -31,8 +31,9 @@ type PostableResetPassword struct {
 }
 
 type ChangePasswordRequest struct {
-	OldPassword string `json:"oldPassword"`
-	NewPassword string `json:"newPassword"`
+	UserID      valuer.UUID `json:"userId"`
+	OldPassword string      `json:"oldPassword"`
+	NewPassword string      `json:"newPassword"`
 }
 
 type PostableForgotPassword struct {

pkg/types/querybuildertypes/querybuildertypesv5/cached.go

@@ -59,3 +59,21 @@ func (c *CachedData) Clone() cachetypes.Cacheable {
 
 	return clonedCachedData
 }
+
+// Size approximates the retained bytes of this CachedData. The dominant cost is
+// the serialized bucket values (json.RawMessage); other fields are fixed-size
+// or small strings.
+func (c *CachedData) Size() int64 {
+	var size int64
+	for _, b := range c.Buckets {
+		if b == nil {
+			continue
+		}
+		// Value is the bulk of the payload
+		size += int64(len(b.Value))
+	}
+	for _, w := range c.Warnings {
+		size += int64(len(w))
+	}
+	return size
+}

pkg/types/telemetrytypes/field.go

@@ -37,6 +37,7 @@ type TelemetryFieldKey struct {
 	FieldContext  FieldContext  `json:"fieldContext,omitzero"`
 	FieldDataType FieldDataType `json:"fieldDataType,omitzero"`
 
+	JSONDataType *JSONDataType       `json:"-"`
 	JSONPlan     JSONAccessPlan      `json:"-"`
 	Indexes      []JSONDataTypeIndex `json:"-"`
 	Materialized bool                `json:"-"` // refers to promoted in case of body.... fields
@@ -79,11 +80,6 @@ func (f *TelemetryFieldKey) ArrayParentSelectors() []*FieldKeySelector {
 	return selectors
 }
 
-// GetJSONDataType derives the JSONDataType from FieldDataType.
-func (f *TelemetryFieldKey) GetJSONDataType() JSONDataType {
-	return MappingFieldDataTypeToJSONDataType[f.FieldDataType]
-}
-
 func (f TelemetryFieldKey) String() string {
 	var sb strings.Builder
 	fmt.Fprintf(&sb, "name=%s", f.Name)
@@ -96,6 +92,9 @@ func (f TelemetryFieldKey) String() string {
 	if f.Materialized {
 		sb.WriteString(",materialized=true")
 	}
+	if f.JSONDataType != nil {
+		fmt.Fprintf(&sb, ",jsondatatype=%s", f.JSONDataType.StringValue())
+	}
 	if len(f.Indexes) > 0 {
 		sb.WriteString(",indexes=[")
 		for i, index := range f.Indexes {
@@ -118,6 +117,7 @@ func (f TelemetryFieldKey) Text() string {
 func (f *TelemetryFieldKey) OverrideMetadataFrom(src *TelemetryFieldKey) {
 	f.FieldContext = src.FieldContext
 	f.FieldDataType = src.FieldDataType
+	f.JSONDataType = src.JSONDataType
 	f.Indexes = src.Indexes
 	f.Materialized = src.Materialized
 	f.JSONPlan = src.JSONPlan

pkg/types/telemetrytypes/field_datatype.go

@@ -31,7 +31,7 @@ var (
 	FieldDataTypeArrayInt64  = FieldDataType{valuer.NewString("[]int64")}
 	FieldDataTypeArrayNumber = FieldDataType{valuer.NewString("[]number")}
 
-	FieldDataTypeArrayJSON    = FieldDataType{valuer.NewString("[]json")}
+	FieldDataTypeArrayObject  = FieldDataType{valuer.NewString("[]object")}
 	FieldDataTypeArrayDynamic = FieldDataType{valuer.NewString("[]dynamic")}
 
 	// Map string representations to FieldDataType values
@@ -51,7 +51,7 @@ var (
 		"int8":   FieldDataTypeNumber,
 		"int16":  FieldDataTypeNumber,
 		"int32":  FieldDataTypeNumber,
-		"int64":  FieldDataTypeInt64,
+		"int64":  FieldDataTypeNumber,
 		"uint":   FieldDataTypeNumber,
 		"uint8":  FieldDataTypeNumber,
 		"uint16": FieldDataTypeNumber,
@@ -72,8 +72,6 @@ var (
 		"[]float64": FieldDataTypeArrayFloat64,
 		"[]number":  FieldDataTypeArrayNumber,
 		"[]bool":    FieldDataTypeArrayBool,
-		"[]json":    FieldDataTypeArrayJSON,
-		"[]dynamic": FieldDataTypeArrayDynamic,
 
 		// c-style array types
 		"string[]":  FieldDataTypeArrayString,
@@ -81,8 +79,6 @@ var (
 		"float64[]": FieldDataTypeArrayFloat64,
 		"number[]":  FieldDataTypeArrayNumber,
 		"bool[]":    FieldDataTypeArrayBool,
-		"json[]":    FieldDataTypeArrayJSON,
-		"dynamic[]": FieldDataTypeArrayDynamic,
 	}
 
 	fieldDataTypeToCHDataType = map[FieldDataType]string{

pkg/types/telemetrytypes/json_access_plan.go

@@ -19,8 +19,7 @@ var (
 	BranchJSON    = JSONAccessBranchType{valuer.NewString("json")}
 	BranchDynamic = JSONAccessBranchType{valuer.NewString("dynamic")}
 
-	CodePlanIndexOutOfBounds     = errors.MustNewCode("plan_index_out_of_bounds")
-	CodePlanFieldDataTypeMissing = errors.MustNewCode("field_data_type_missing")
+	CodePlanIndexOutOfBounds = errors.MustNewCode("plan_index_out_of_bounds")
 )
 
 type JSONColumnMetadata struct {
@@ -43,6 +42,9 @@ type JSONAccessNode struct {
 	IsTerminal bool
 	isRoot     bool // marked true for only body_v2 and body_promoted
 
+	// Precomputed type information (single source of truth)
+	AvailableTypes []JSONDataType
+
 	// Array type branches (Array(JSON) vs Array(Dynamic))
 	Branches map[JSONAccessBranchType]*JSONAccessNode
 
@@ -104,7 +106,7 @@ type planBuilder struct {
 	paths      []string // cumulative paths for type cache lookups
 	segments   []string // individual path segments for node names
 	isPromoted bool
-	typeCache  map[string][]FieldDataType
+	typeCache  map[string][]JSONDataType
 }
 
 // buildPlan recursively builds the path plan tree.
@@ -136,41 +138,34 @@ func (pb *planBuilder) buildPlan(index int, parent *JSONAccessNode, isDynArrChil
 		}
 	}
 
+	// Use cached types from the batched metadata query
+	types, ok := pb.typeCache[pathSoFar]
+	if !ok {
+		return nil, errors.NewInternalf(errors.CodeInvalidInput, "types missing for path %s", pathSoFar)
+	}
+
 	// Create node for this path segment
 	node := &JSONAccessNode{
 		Name:            segmentName,
 		IsTerminal:      isTerminal,
+		AvailableTypes:  types,
 		Branches:        make(map[JSONAccessBranchType]*JSONAccessNode),
 		Parent:          parent,
 		MaxDynamicTypes: maxTypes,
 		MaxDynamicPaths: maxPaths,
 	}
 
+	hasJSON := slices.Contains(node.AvailableTypes, ArrayJSON)
+	hasDynamic := slices.Contains(node.AvailableTypes, ArrayDynamic)
+
 	// Configure terminal if this is the last part
 	if isTerminal {
-		// fielddatatype must not be unspecified else expression can not be generated
-		if pb.key.FieldDataType == FieldDataTypeUnspecified {
-			return nil, errors.NewInternalf(CodePlanFieldDataTypeMissing, "field data type is missing for path %s", pathSoFar)
-		}
-
 		node.TerminalConfig = &TerminalConfig{
 			Key:      pb.key,
-			ElemType: pb.key.GetJSONDataType(),
+			ElemType: *pb.key.JSONDataType,
 		}
 	} else {
 		var err error
-		// Use cached types from the batched metadata query
-		types, ok := pb.typeCache[pathSoFar]
-		if !ok {
-			return nil, errors.NewInternalf(errors.CodeInvalidInput, "types missing for path %s", pathSoFar)
-		}
-
-		hasJSON := slices.Contains(types, FieldDataTypeArrayJSON)
-		hasDynamic := slices.Contains(types, FieldDataTypeArrayDynamic)
-		if !hasJSON && !hasDynamic {
-			return nil, errors.NewInternalf(CodePlanFieldDataTypeMissing, "array data type missing for path %s", pathSoFar)
-		}
-
 		if hasJSON {
 			node.Branches[BranchJSON], err = pb.buildPlan(index+1, node, false)
 			if err != nil {
@@ -190,7 +185,7 @@ func (pb *planBuilder) buildPlan(index int, parent *JSONAccessNode, isDynArrChil
 
 // buildJSONAccessPlan builds a tree structure representing the complete JSON path traversal
 // that precomputes all possible branches and their types.
-func (key *TelemetryFieldKey) SetJSONAccessPlan(columnInfo JSONColumnMetadata, typeCache map[string][]FieldDataType,
+func (key *TelemetryFieldKey) SetJSONAccessPlan(columnInfo JSONColumnMetadata, typeCache map[string][]JSONDataType,
 ) error {
 	// if path is empty, return nil
 	if key.Name == "" {

pkg/types/telemetrytypes/json_access_plan_test.go

@@ -19,11 +19,11 @@ const (
 // ============================================================================
 
 // makeKey creates a TelemetryFieldKey for testing.
-func makeKey(name string, dataType FieldDataType, materialized bool) *TelemetryFieldKey {
+func makeKey(name string, dataType JSONDataType, materialized bool) *TelemetryFieldKey {
 	return &TelemetryFieldKey{
-		Name:          name,
-		FieldDataType: dataType,
-		Materialized:  materialized,
+		Name:         name,
+		JSONDataType: &dataType,
+		Materialized: materialized,
 	}
 }
 
@@ -65,6 +65,14 @@ func toTestNode(n *JSONAccessNode) *jsonAccessTestNode {
 		out.Column = n.Parent.Name
 	}
 
+	// AvailableTypes as strings (using StringValue for stable representation)
+	if len(n.AvailableTypes) > 0 {
+		out.AvailableTypes = make([]string, 0, len(n.AvailableTypes))
+		for _, t := range n.AvailableTypes {
+			out.AvailableTypes = append(out.AvailableTypes, t.StringValue())
+		}
+	}
+
 	// Terminal config
 	if n.TerminalConfig != nil {
 		out.ElemType = n.TerminalConfig.ElemType.StringValue()
@@ -234,10 +242,12 @@ func TestPlanJSON_BasicStructure(t *testing.T) {
 	}{
 		{
 			name: "Simple path not promoted",
-			key:  makeKey("user.name", FieldDataTypeString, false),
+			key:  makeKey("user.name", String, false),
 			expectedYAML: fmt.Sprintf(`
 - name: user.name
   column: %s
+  availableTypes:
+    - String
   maxDynamicTypes: 16
   isTerminal: true
   elemType: String
@@ -245,15 +255,19 @@ func TestPlanJSON_BasicStructure(t *testing.T) {
 		},
 		{
 			name: "Simple path promoted",
-			key:  makeKey("user.name", FieldDataTypeString, true),
+			key:  makeKey("user.name", String, true),
 			expectedYAML: fmt.Sprintf(`
 - name: user.name
   column: %s
+  availableTypes:
+    - String
   maxDynamicTypes: 16
   isTerminal: true
   elemType: String
 - name: user.name
   column: %s
+  availableTypes:
+    - String
   maxDynamicTypes: 16
   maxDynamicPaths: 256
   isTerminal: true
@@ -262,7 +276,7 @@ func TestPlanJSON_BasicStructure(t *testing.T) {
 		},
 		{
 			name:         "Empty path returns error",
-			key:          makeKey("", FieldDataTypeString, false),
+			key:          makeKey("", String, false),
 			expectErr:    true,
 			expectedYAML: "",
 		},
@@ -300,10 +314,14 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: name
+      availableTypes:
+        - String
       maxDynamicTypes: 8
       isTerminal: true
       elemType: String
@@ -315,19 +333,28 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 4
           isTerminal: true
           elemType: String
         dynamic:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           isTerminal: true
@@ -340,29 +367,43 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: interests
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: entities
+      availableTypes:
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: reviews
+          availableTypes:
+            - Array(JSON)
           maxDynamicTypes: 4
           branches:
             json:
               name: entries
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 2
               branches:
                 json:
                   name: metadata
+                  availableTypes:
+                    - Array(JSON)
                   maxDynamicTypes: 1
                   branches:
                     json:
                       name: positions
+                      availableTypes:
+                        - Array(JSON)
                       branches:
                         json:
                           name: name
+                          availableTypes:
+                            - String
                           isTerminal: true
                           elemType: String
 `, bodyV2Column),
@@ -373,10 +414,14 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: name
+      availableTypes:
+        - String
       maxDynamicTypes: 8
       isTerminal: true
       elemType: String
@@ -386,7 +431,7 @@ func TestPlanJSON_ArrayPaths(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			key := makeKey(tt.path, FieldDataTypeString, false)
+			key := makeKey(tt.path, String, false)
 			err := key.SetJSONAccessPlan(JSONColumnMetadata{
 				BaseColumn:     bodyV2Column,
 				PromotedColumn: bodyPromotedColumn,
@@ -405,7 +450,7 @@ func TestPlanJSON_PromotedVsNonPromoted(t *testing.T) {
 	path := "education[].awards[].type"
 
 	t.Run("Non-promoted plan", func(t *testing.T) {
-		key := makeKey(path, FieldDataTypeString, false)
+		key := makeKey(path, String, false)
 		err := key.SetJSONAccessPlan(JSONColumnMetadata{
 			BaseColumn:     bodyV2Column,
 			PromotedColumn: bodyPromotedColumn,
@@ -416,19 +461,28 @@ func TestPlanJSON_PromotedVsNonPromoted(t *testing.T) {
 		expectedYAML := fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 4
           isTerminal: true
           elemType: String
         dynamic:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           isTerminal: true
@@ -439,7 +493,7 @@ func TestPlanJSON_PromotedVsNonPromoted(t *testing.T) {
 	})
 
 	t.Run("Promoted plan", func(t *testing.T) {
-		key := makeKey(path, FieldDataTypeString, true)
+		key := makeKey(path, String, true)
 		err := key.SetJSONAccessPlan(JSONColumnMetadata{
 			BaseColumn:     bodyV2Column,
 			PromotedColumn: bodyPromotedColumn,
@@ -450,41 +504,59 @@ func TestPlanJSON_PromotedVsNonPromoted(t *testing.T) {
 		expectedYAML := fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 4
           isTerminal: true
           elemType: String
         dynamic:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           isTerminal: true
           elemType: String
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   maxDynamicPaths: 256
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       maxDynamicPaths: 64
       branches:
         json:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 4
           maxDynamicPaths: 16
           isTerminal: true
           elemType: String
         dynamic:
           name: type
+          availableTypes:
+            - String
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           isTerminal: true
@@ -506,7 +578,7 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 	}{
 		{
 			name:      "Path with no available types",
-			path:      "unknown[].path",
+			path:      "unknown.path",
 			expectErr: true,
 		},
 		{
@@ -515,29 +587,43 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: interests
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: entities
+      availableTypes:
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: reviews
+          availableTypes:
+            - Array(JSON)
           maxDynamicTypes: 4
           branches:
             json:
               name: entries
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 2
               branches:
                 json:
                   name: metadata
+                  availableTypes:
+                    - Array(JSON)
                   maxDynamicTypes: 1
                   branches:
                     json:
                       name: positions
+                      availableTypes:
+                        - Array(JSON)
                       branches:
                         json:
                           name: name
+                          availableTypes:
+                            - String
                           isTerminal: true
                           elemType: String
 `, bodyV2Column),
@@ -548,10 +634,15 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: type
+      availableTypes:
+        - String
+        - Int64
       maxDynamicTypes: 8
       isTerminal: true
       elemType: String
@@ -563,6 +654,8 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 			expectedYAML: fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   isTerminal: true
   elemType: Array(JSON)
@@ -573,12 +666,12 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			// Choose key type based on path; operator does not affect the tree shape asserted here.
-			keyType := FieldDataTypeString
+			keyType := String
 			switch tt.path {
 			case "education":
-				keyType = FieldDataTypeArrayJSON
+				keyType = ArrayJSON
 			case "education[].type":
-				keyType = FieldDataTypeString
+				keyType = String
 			}
 			key := makeKey(tt.path, keyType, false)
 			err := key.SetJSONAccessPlan(JSONColumnMetadata{
@@ -599,7 +692,7 @@ func TestPlanJSON_EdgeCases(t *testing.T) {
 func TestPlanJSON_TreeStructure(t *testing.T) {
 	types, _ := TestJSONTypeSet()
 	path := "education[].awards[].participated[].team[].branch"
-	key := makeKey(path, FieldDataTypeString, false)
+	key := makeKey(path, String, false)
 	err := key.SetJSONAccessPlan(JSONColumnMetadata{
 		BaseColumn:     bodyV2Column,
 		PromotedColumn: bodyPromotedColumn,
@@ -610,59 +703,86 @@ func TestPlanJSON_TreeStructure(t *testing.T) {
 	expectedYAML := fmt.Sprintf(`
 - name: education
   column: %s
+  availableTypes:
+    - Array(JSON)
   maxDynamicTypes: 16
   branches:
     json:
       name: awards
+      availableTypes:
+        - Array(Dynamic)
+        - Array(JSON)
       maxDynamicTypes: 8
       branches:
         json:
           name: participated
+          availableTypes:
+            - Array(Dynamic)
+            - Array(JSON)
           maxDynamicTypes: 4
           branches:
             json:
               name: team
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 2
               branches:
                 json:
                   name: branch
+                  availableTypes:
+                    - String
                   maxDynamicTypes: 1
                   isTerminal: true
                   elemType: String
             dynamic:
               name: team
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 16
               maxDynamicPaths: 256
               branches:
                 json:
                   name: branch
+                  availableTypes:
+                    - String
                   maxDynamicTypes: 8
                   maxDynamicPaths: 64
                   isTerminal: true
                   elemType: String
         dynamic:
           name: participated
+          availableTypes:
+            - Array(Dynamic)
+            - Array(JSON)
           maxDynamicTypes: 16
           maxDynamicPaths: 256
           branches:
             json:
               name: team
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 8
               maxDynamicPaths: 64
               branches:
                 json:
                   name: branch
+                  availableTypes:
+                    - String
                   maxDynamicTypes: 4
                   maxDynamicPaths: 16
                   isTerminal: true
                   elemType: String
             dynamic:
               name: team
+              availableTypes:
+                - Array(JSON)
               maxDynamicTypes: 16
               maxDynamicPaths: 256
               branches:
                 json:
                   name: branch
+                  availableTypes:
+                    - String
                   maxDynamicTypes: 8
                   maxDynamicPaths: 64
                   isTerminal: true

pkg/types/telemetrytypes/json_datatype.go

@@ -46,6 +46,14 @@ var MappingStringToJSONDataType = map[string]JSONDataType{
 	"Array(JSON)":              ArrayJSON,
 }
 
+var ScalerTypeToArrayType = map[JSONDataType]JSONDataType{
+	String:  ArrayString,
+	Int64:   ArrayInt64,
+	Float64: ArrayFloat64,
+	Bool:    ArrayBool,
+	Dynamic: ArrayDynamic,
+}
+
 var MappingFieldDataTypeToJSONDataType = map[FieldDataType]JSONDataType{
 	FieldDataTypeString:       String,
 	FieldDataTypeInt64:        Int64,
@@ -55,8 +63,18 @@ var MappingFieldDataTypeToJSONDataType = map[FieldDataType]JSONDataType{
 	FieldDataTypeArrayString:  ArrayString,
 	FieldDataTypeArrayInt64:   ArrayInt64,
 	FieldDataTypeArrayFloat64: ArrayFloat64,
-	FieldDataTypeArrayNumber:  ArrayFloat64,
 	FieldDataTypeArrayBool:    ArrayBool,
-	FieldDataTypeArrayDynamic: ArrayDynamic,
-	FieldDataTypeArrayJSON:    ArrayJSON,
+}
+
+var MappingJSONDataTypeToFieldDataType = map[JSONDataType]FieldDataType{
+	String:       FieldDataTypeString,
+	Int64:        FieldDataTypeInt64,
+	Float64:      FieldDataTypeFloat64,
+	Bool:         FieldDataTypeBool,
+	ArrayString:  FieldDataTypeArrayString,
+	ArrayInt64:   FieldDataTypeArrayInt64,
+	ArrayFloat64: FieldDataTypeArrayFloat64,
+	ArrayBool:    FieldDataTypeArrayBool,
+	ArrayDynamic: FieldDataTypeArrayDynamic,
+	ArrayJSON:    FieldDataTypeArrayObject,
 }

pkg/types/telemetrytypes/test_data.go

@@ -4,69 +4,69 @@ package telemetrytypes
 // Test JSON Type Set Data Setup
 // ============================================================================
 
-// TestJSONTypeSet returns a map of path->field data types for testing.
+// TestJSONTypeSet returns a map of path->types for testing.
 // This represents the type information available in the test JSON structure.
-func TestJSONTypeSet() (map[string][]FieldDataType, MetadataStore) {
-	types := map[string][]FieldDataType{
+func TestJSONTypeSet() (map[string][]JSONDataType, MetadataStore) {
+	types := map[string][]JSONDataType{
 
 		// ── user (primitives) ─────────────────────────────────────────────
-		"user.name":        {FieldDataTypeString},
-		"user.permissions": {FieldDataTypeArrayString},
-		"user.age":         {FieldDataTypeInt64, FieldDataTypeString}, // Int64/String ambiguity
-		"user.height":      {FieldDataTypeFloat64},
-		"user.active":      {FieldDataTypeBool}, // Bool — not IndexSupported
+		"user.name":        {String},
+		"user.permissions": {ArrayString},
+		"user.age":         {Int64, String}, // Int64/String ambiguity
+		"user.height":      {Float64},
+		"user.active":      {Bool}, // Bool — not IndexSupported
 
 		// Deeper non-array nesting (a.b.c — no array hops)
-		"user.address.zip": {FieldDataTypeInt64},
+		"user.address.zip": {Int64},
 
 		// ── education[] ───────────────────────────────────────────────────
 		// Pattern: x[].y
-		"education":              {FieldDataTypeArrayJSON},
-		"education[].name":       {FieldDataTypeString},
-		"education[].type":       {FieldDataTypeString, FieldDataTypeInt64},
-		"education[].year":       {FieldDataTypeInt64},
-		"education[].scores":     {FieldDataTypeArrayInt64},
-		"education[].parameters": {FieldDataTypeArrayFloat64, FieldDataTypeArrayDynamic},
+		"education":              {ArrayJSON},
+		"education[].name":       {String},
+		"education[].type":       {String, Int64},
+		"education[].year":       {Int64},
+		"education[].scores":     {ArrayInt64},
+		"education[].parameters": {ArrayFloat64, ArrayDynamic},
 
 		// Pattern: x[].y[]
-		"education[].awards": {FieldDataTypeArrayDynamic, FieldDataTypeArrayJSON},
+		"education[].awards": {ArrayDynamic, ArrayJSON},
 
 		// Pattern: x[].y[].z
-		"education[].awards[].name":     {FieldDataTypeString},
-		"education[].awards[].type":     {FieldDataTypeString},
-		"education[].awards[].semester": {FieldDataTypeInt64},
+		"education[].awards[].name":     {String},
+		"education[].awards[].type":     {String},
+		"education[].awards[].semester": {Int64},
 
 		// Pattern: x[].y[].z[]
-		"education[].awards[].participated": {FieldDataTypeArrayDynamic, FieldDataTypeArrayJSON},
+		"education[].awards[].participated": {ArrayDynamic, ArrayJSON},
 
 		// Pattern: x[].y[].z[].w
-		"education[].awards[].participated[].members": {FieldDataTypeArrayString},
+		"education[].awards[].participated[].members": {ArrayString},
 
 		// Pattern: x[].y[].z[].w[]
-		"education[].awards[].participated[].team": {FieldDataTypeArrayJSON},
+		"education[].awards[].participated[].team": {ArrayJSON},
 
 		// Pattern: x[].y[].z[].w[].v
-		"education[].awards[].participated[].team[].branch": {FieldDataTypeString},
+		"education[].awards[].participated[].team[].branch": {String},
 
 		// ── interests[] ───────────────────────────────────────────────────
-		"interests":                                                                 {FieldDataTypeArrayJSON},
-		"interests[].entities":                                                      {FieldDataTypeArrayJSON},
-		"interests[].entities[].product_codes":                            {FieldDataTypeArrayDynamic},
-		"interests[].entities[].reviews":                                            {FieldDataTypeArrayJSON},
-		"interests[].entities[].reviews[].entries":                                  {FieldDataTypeArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata":                       {FieldDataTypeArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata[].positions":           {FieldDataTypeArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].name":    {FieldDataTypeString},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].ratings": {FieldDataTypeArrayInt64, FieldDataTypeArrayString},
-		"http-events":                     {FieldDataTypeArrayJSON},
-		"http-events[].request-info.host": {FieldDataTypeString},
+		"interests":                                                                 {ArrayJSON},
+		"interests[].entities":                                                      {ArrayJSON},
+		"interests[].entities[].reviews":                                            {ArrayJSON},
+		"interests[].entities[].reviews[].entries":                                  {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata":                       {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata[].positions":           {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].name":    {String},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].ratings": {ArrayInt64, ArrayString},
+		"http-events":                     {ArrayJSON},
+		"http-events[].request-info.host": {String},
+		"ids":                             {ArrayDynamic},
 
 		// ── top-level primitives ──────────────────────────────────────────
-		"message":     {FieldDataTypeString},
-		"http-status": {FieldDataTypeInt64, FieldDataTypeString}, // hyphen in root key, ambiguous
+		"message":     {String},
+		"http-status": {Int64, String}, // hyphen in root key, ambiguous
 
 		// ── top-level nested objects (no array hops) ───────────────────────
-		"response.time-taken": {FieldDataTypeFloat64}, // hyphen inside nested key
+		"response.time-taken": {Float64}, // hyphen inside nested key
 	}
 
 	return types, nil

pkg/types/tracedetailtypes/waterfall.go

@@ -238,6 +238,13 @@ func (c *WaterfallCache) Clone() cachetypes.Cacheable {
 	}
 }
 
+// Size approximates the retained bytes. Each span dominates; use a per-span
+// constant rather than reflecting field-by-field.
+func (c *WaterfallCache) Size() int64 {
+	const perSpanBytes = 256
+	return int64(c.TotalSpans) * perSpanBytes
+}
+
 func (c *WaterfallCache) MarshalBinary() (data []byte, err error) {
 	return json.Marshal(c)
 }

pkg/types/user.go

@@ -284,7 +284,6 @@ type UserStore interface {
 	GetPasswordByUserID(ctx context.Context, userID valuer.UUID) (*FactorPassword, error)
 	GetResetPasswordToken(ctx context.Context, token string) (*ResetPasswordToken, error)
 	GetResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) (*ResetPasswordToken, error)
-	GetResetPasswordTokenByOrgIDAndUserID(ctx context.Context, orgID valuer.UUID, userID valuer.UUID) (*ResetPasswordToken, error)
 	DeleteResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) error
 	UpdatePassword(ctx context.Context, password *FactorPassword) error
 

tests/integration/src/passwordauthn/03_password.py

@@ -39,14 +39,20 @@ def test_change_password(
     )
     assert response.status_code == HTTPStatus.NO_CONTENT
 
+    # Get the user id via v2
+    found_user = find_user_by_email(signoz, admin_token, PASSWORD_USER_EMAIL)
+
     # Try logging in with the password
     token = get_token(PASSWORD_USER_EMAIL, PASSWORD_USER_PASSWORD)
     assert token is not None
 
     # Try changing the password with a bad old password which should fail
-    response = requests.put(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me/factor_password"),
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/changePassword/{found_user['id']}"
+        ),
         json={
+            "userId": f"{found_user['id']}",
             "oldPassword": "password",
             "newPassword": PASSWORD_USER_PASSWORD,
         },
@@ -57,9 +63,12 @@ def test_change_password(
     assert response.status_code == HTTPStatus.BAD_REQUEST
 
     # Try changing the password with a good old password
-    response = requests.put(
-        signoz.self.host_configs["8080"].get("/api/v2/users/me/factor_password"),
+    response = requests.post(
+        signoz.self.host_configs["8080"].get(
+            f"/api/v1/changePassword/{found_user['id']}"
+        ),
         json={
+            "userId": f"{found_user['id']}",
             "oldPassword": PASSWORD_USER_PASSWORD,
             "newPassword": "password123Znew$",
         },
@@ -82,42 +91,17 @@ def test_reset_password(
     # Get the user id via v2
     found_user = find_user_by_email(signoz, admin_token, PASSWORD_USER_EMAIL)
 
-    # Create a reset password token via v2 PUT
-    response = requests.put(
-        signoz.self.host_configs["8080"].get(
-            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
-        ),
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-
-    assert response.status_code == HTTPStatus.CREATED, response.text
-    token_data = response.json()["data"]
-    assert "token" in token_data
-    assert "expiresAt" in token_data
-    token = token_data["token"]
-
-    # Calling PUT again should return the same token (still valid)
-    response = requests.put(
-        signoz.self.host_configs["8080"].get(
-            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
-        ),
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.CREATED, response.text
-    assert response.json()["data"]["token"] == token
-
-    # GET should also return the same token
     response = requests.get(
         signoz.self.host_configs["8080"].get(
-            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
+            f"/api/v1/getResetPasswordToken/{found_user['id']}"
         ),
         headers={"Authorization": f"Bearer {admin_token}"},
         timeout=2,
     )
-    assert response.status_code == HTTPStatus.OK, response.text
-    assert response.json()["data"]["token"] == token
+
+    assert response.status_code == HTTPStatus.OK
+
+    token = response.json()["data"]["token"]
 
     # Reset the password with a bad password which should fail
     response = requests.post(
@@ -156,29 +140,18 @@ def test_reset_password_with_no_password(
         )
         assert result.rowcount == 1
 
-    # GET should return 404 since there's no password (and thus no token)
+    # Generate a new reset password token
     response = requests.get(
         signoz.self.host_configs["8080"].get(
-            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
-        ),
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.NOT_FOUND, response.text
-
-    # Generate a new reset password token via v2 PUT
-    response = requests.put(
-        signoz.self.host_configs["8080"].get(
-            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
+            f"/api/v1/getResetPasswordToken/{found_user['id']}"
         ),
         headers={"Authorization": f"Bearer {admin_token}"},
         timeout=2,
     )
 
-    assert response.status_code == HTTPStatus.CREATED, response.text
-    token_data = response.json()["data"]
-    assert "expiresAt" in token_data
-    token = token_data["token"]
+    assert response.status_code == HTTPStatus.OK
+
+    token = response.json()["data"]["token"]
 
     # Reset the password with a good password
     response = requests.post(
@@ -289,22 +262,32 @@ def test_forgot_password_creates_reset_token(
     )
     assert response.status_code == HTTPStatus.NO_CONTENT
 
-    # Verify reset password token was created via the v2 GET endpoint
+    # Verify reset password token was created by querying the database
     found_user = find_user_by_email(signoz, admin_token, forgot_email)
 
-    response = requests.get(
-        signoz.self.host_configs["8080"].get(
-            f"/api/v2/users/{found_user['id']}/reset_password_tokens"
-        ),
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-    assert response.status_code == HTTPStatus.OK, response.text
-    token_data = response.json()["data"]
-    reset_token = token_data["token"]
+    reset_token = None
+    # Query the database directly to get the reset password token
+    # First get the password_id from factor_password, then get the token
+    with signoz.sqlstore.conn.connect() as conn:
+        result = conn.execute(
+            sql.text(
+                """
+                SELECT rpt.token
+                FROM reset_password_token rpt
+                JOIN factor_password fp ON rpt.password_id = fp.id
+                WHERE fp.user_id = :user_id
+            """
+            ),
+            {"user_id": found_user["id"]},
+        )
+        row = result.fetchone()
+        assert (
+            row is not None
+        ), "Reset password token should exist after calling forgotPassword"
+        reset_token = row[0]
+
     assert reset_token is not None
     assert reset_token != ""
-    assert "expiresAt" in token_data
 
     # Reset password with a valid strong password
     response = requests.post(