feat: adding types changes and openapi spec

docs/api/openapi.yml

@@ -405,11 +405,11 @@ components:
       type: object
     CloudintegrationtypesAWSCollectionStrategy:
       properties:
-        aws_logs:
+        logs:
           $ref: '#/components/schemas/CloudintegrationtypesAWSLogsStrategy'
-        aws_metrics:
+        metrics:
           $ref: '#/components/schemas/CloudintegrationtypesAWSMetricsStrategy'
-        s3_buckets:
+        s3Buckets:
           additionalProperties:
             items:
               type: string
@@ -449,12 +449,12 @@ components:
       type: object
     CloudintegrationtypesAWSLogsStrategy:
       properties:
-        cloudwatch_logs_subscriptions:
+        cloudwatchLogsSubscriptions:
           items:
             properties:
-              filter_pattern:
+              filterPattern:
                 type: string
-              log_group_name_prefix:
+              logGroupNamePrefix:
                 type: string
             type: object
           nullable: true
@@ -462,7 +462,7 @@ components:
       type: object
     CloudintegrationtypesAWSMetricsStrategy:
       properties:
-        cloudwatch_metric_stream_filters:
+        cloudwatchMetricStreamFilters:
           items:
             properties:
               MetricNames:
@@ -486,7 +486,7 @@ components:
       properties:
         enabled:
           type: boolean
-        s3_buckets:
+        s3Buckets:
           additionalProperties:
             items:
               type: string
@@ -561,6 +561,26 @@ components:
           nullable: true
           type: array
       type: object
+    CloudintegrationtypesCloudIntegrationService:
+      nullable: true
+      properties:
+        cloudIntegrationId:
+          type: string
+        config:
+          $ref: '#/components/schemas/CloudintegrationtypesServiceConfig'
+        createdAt:
+          format: date-time
+          type: string
+        id:
+          type: string
+        type:
+          $ref: '#/components/schemas/CloudintegrationtypesServiceID'
+        updatedAt:
+          format: date-time
+          type: string
+      required:
+      - id
+      type: object
     CloudintegrationtypesCollectedLogAttribute:
       properties:
         name:
@@ -596,6 +616,16 @@ components:
       - aws
       type: object
     CloudintegrationtypesConnectionArtifactRequest:
+      properties:
+        config:
+          $ref: '#/components/schemas/CloudintegrationtypesConnectionArtifactRequestConfig'
+        credentials:
+          $ref: '#/components/schemas/CloudintegrationtypesSignozCredentials'
+      required:
+      - config
+      - credentials
+      type: object
+    CloudintegrationtypesConnectionArtifactRequestConfig:
       properties:
         aws:
           $ref: '#/components/schemas/CloudintegrationtypesAWSConnectionArtifactRequest'
@@ -694,11 +724,54 @@ components:
             type: string
           type: array
         telemetry:
-          $ref: '#/components/schemas/CloudintegrationtypesAWSCollectionStrategy'
+          $ref: '#/components/schemas/CloudintegrationtypesOldAWSCollectionStrategy'
       required:
       - enabled_regions
       - telemetry
       type: object
+    CloudintegrationtypesOldAWSCollectionStrategy:
+      properties:
+        aws_logs:
+          $ref: '#/components/schemas/CloudintegrationtypesOldAWSLogsStrategy'
+        aws_metrics:
+          $ref: '#/components/schemas/CloudintegrationtypesOldAWSMetricsStrategy'
+        provider:
+          type: string
+        s3_buckets:
+          additionalProperties:
+            items:
+              type: string
+            type: array
+          type: object
+      type: object
+    CloudintegrationtypesOldAWSLogsStrategy:
+      properties:
+        cloudwatch_logs_subscriptions:
+          items:
+            properties:
+              filter_pattern:
+                type: string
+              log_group_name_prefix:
+                type: string
+            type: object
+          nullable: true
+          type: array
+      type: object
+    CloudintegrationtypesOldAWSMetricsStrategy:
+      properties:
+        cloudwatch_metric_stream_filters:
+          items:
+            properties:
+              MetricNames:
+                items:
+                  type: string
+                type: array
+              Namespace:
+                type: string
+            type: object
+          nullable: true
+          type: array
+      type: object
     CloudintegrationtypesPostableAgentCheckInRequest:
       properties:
         account_id:
@@ -727,6 +800,8 @@ components:
       properties:
         assets:
           $ref: '#/components/schemas/CloudintegrationtypesAssets'
+        cloudIntegrationService:
+          $ref: '#/components/schemas/CloudintegrationtypesCloudIntegrationService'
         dataCollected:
           $ref: '#/components/schemas/CloudintegrationtypesDataCollected'
         icon:
@@ -735,9 +810,7 @@ components:
           type: string
         overview:
           type: string
-        serviceConfig:
-          $ref: '#/components/schemas/CloudintegrationtypesServiceConfig'
-        supported_signals:
+        supportedSignals:
           $ref: '#/components/schemas/CloudintegrationtypesSupportedSignals'
         telemetryCollectionStrategy:
           $ref: '#/components/schemas/CloudintegrationtypesCollectionStrategy'
@@ -749,9 +822,10 @@ components:
       - icon
       - overview
       - assets
-      - supported_signals
+      - supportedSignals
       - dataCollected
       - telemetryCollectionStrategy
+      - cloudIntegrationService
       type: object
     CloudintegrationtypesServiceConfig:
       properties:
@@ -760,6 +834,22 @@ components:
       required:
       - aws
       type: object
+    CloudintegrationtypesServiceID:
+      enum:
+      - alb
+      - api-gateway
+      - dynamodb
+      - ec2
+      - ecs
+      - eks
+      - elasticache
+      - lambda
+      - msk
+      - rds
+      - s3sync
+      - sns
+      - sqs
+      type: string
     CloudintegrationtypesServiceMetadata:
       properties:
         enabled:
@@ -776,6 +866,22 @@ components:
       - icon
       - enabled
       type: object
+    CloudintegrationtypesSignozCredentials:
+      properties:
+        ingestionKey:
+          type: string
+        ingestionUrl:
+          type: string
+        sigNozApiKey:
+          type: string
+        sigNozApiURL:
+          type: string
+      required:
+      - sigNozApiURL
+      - sigNozApiKey
+      - ingestionUrl
+      - ingestionKey
+      type: object
     CloudintegrationtypesSupportedSignals:
       properties:
         logs:
@@ -3394,6 +3500,61 @@ paths:
       summary: Update account
       tags:
       - cloudintegration
+  /api/v1/cloud_integrations/{cloud_provider}/accounts/{id}/services/{service_id}:
+    put:
+      deprecated: false
+      description: This endpoint updates a service for the specified cloud provider
+      operationId: UpdateService
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      - in: path
+        name: service_id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/CloudintegrationtypesUpdatableService'
+      responses:
+        "204":
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Update service
+      tags:
+      - cloudintegration
   /api/v1/cloud_integrations/{cloud_provider}/accounts/check_in:
     post:
       deprecated: false
@@ -3451,6 +3612,59 @@ paths:
       summary: Agent check-in
       tags:
       - cloudintegration
+  /api/v1/cloud_integrations/{cloud_provider}/credentials:
+    get:
+      deprecated: false
+      description: This endpoint retrieves the connection credentials required for
+        integration
+      operationId: GetConnectionCredentials
+      parameters:
+      - in: path
+        name: cloud_provider
+        required: true
+        schema:
+          type: string
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/CloudintegrationtypesSignozCredentials'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Get connection credentials
+      tags:
+      - cloudintegration
   /api/v1/cloud_integrations/{cloud_provider}/services:
     get:
       deprecated: false
@@ -3561,55 +3775,6 @@ paths:
       summary: Get service
       tags:
       - cloudintegration
-    put:
-      deprecated: false
-      description: This endpoint updates a service for the specified cloud provider
-      operationId: UpdateService
-      parameters:
-      - in: path
-        name: cloud_provider
-        required: true
-        schema:
-          type: string
-      - in: path
-        name: service_id
-        required: true
-        schema:
-          type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/CloudintegrationtypesUpdatableService'
-      responses:
-        "204":
-          description: No Content
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Update service
-      tags:
-      - cloudintegration
   /api/v1/complete/google:
     get:
       deprecated: false

frontend/src/api/generated/services/cloudintegration/index.ts

@@ -33,6 +33,8 @@ import type {
 	DisconnectAccountPathParameters,
 	GetAccount200,
 	GetAccountPathParameters,
+	GetConnectionCredentials200,
+	GetConnectionCredentialsPathParameters,
 	GetService200,
 	GetServicePathParameters,
 	ListAccounts200,
@@ -628,6 +630,103 @@ export const useUpdateAccount = <
 
 	return useMutation(mutationOptions);
 };
+/**
+ * This endpoint updates a service for the specified cloud provider
+ * @summary Update service
+ */
+export const updateService = (
+	{ cloudProvider, id, serviceId }: UpdateServicePathParameters,
+	cloudintegrationtypesUpdatableServiceDTO: BodyType<CloudintegrationtypesUpdatableServiceDTO>,
+) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/cloud_integrations/${cloudProvider}/accounts/${id}/services/${serviceId}`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: cloudintegrationtypesUpdatableServiceDTO,
+	});
+};
+
+export const getUpdateServiceMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateService>>,
+		TError,
+		{
+			pathParams: UpdateServicePathParameters;
+			data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateService>>,
+	TError,
+	{
+		pathParams: UpdateServicePathParameters;
+		data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updateService'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateService>>,
+		{
+			pathParams: UpdateServicePathParameters;
+			data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updateService(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateServiceMutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateService>>
+>;
+export type UpdateServiceMutationBody = BodyType<CloudintegrationtypesUpdatableServiceDTO>;
+export type UpdateServiceMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update service
+ */
+export const useUpdateService = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateService>>,
+		TError,
+		{
+			pathParams: UpdateServicePathParameters;
+			data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateService>>,
+	TError,
+	{
+		pathParams: UpdateServicePathParameters;
+		data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getUpdateServiceMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
 /**
  * This endpoint is called by the deployed agent to check in
  * @summary Agent check-in
@@ -727,6 +826,114 @@ export const useAgentCheckIn = <
 
 	return useMutation(mutationOptions);
 };
+/**
+ * This endpoint retrieves the connection credentials required for integration
+ * @summary Get connection credentials
+ */
+export const getConnectionCredentials = (
+	{ cloudProvider }: GetConnectionCredentialsPathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<GetConnectionCredentials200>({
+		url: `/api/v1/cloud_integrations/${cloudProvider}/credentials`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetConnectionCredentialsQueryKey = ({
+	cloudProvider,
+}: GetConnectionCredentialsPathParameters) => {
+	return [`/api/v1/cloud_integrations/${cloudProvider}/credentials`] as const;
+};
+
+export const getGetConnectionCredentialsQueryOptions = <
+	TData = Awaited<ReturnType<typeof getConnectionCredentials>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ cloudProvider }: GetConnectionCredentialsPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getConnectionCredentials>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey =
+		queryOptions?.queryKey ??
+		getGetConnectionCredentialsQueryKey({ cloudProvider });
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getConnectionCredentials>>
+	> = ({ signal }) => getConnectionCredentials({ cloudProvider }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!cloudProvider,
+		...queryOptions,
+	} as UseQueryOptions<
+		Awaited<ReturnType<typeof getConnectionCredentials>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetConnectionCredentialsQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getConnectionCredentials>>
+>;
+export type GetConnectionCredentialsQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get connection credentials
+ */
+
+export function useGetConnectionCredentials<
+	TData = Awaited<ReturnType<typeof getConnectionCredentials>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ cloudProvider }: GetConnectionCredentialsPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getConnectionCredentials>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetConnectionCredentialsQueryOptions(
+		{ cloudProvider },
+		options,
+	);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get connection credentials
+ */
+export const invalidateGetConnectionCredentials = async (
+	queryClient: QueryClient,
+	{ cloudProvider }: GetConnectionCredentialsPathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetConnectionCredentialsQueryKey({ cloudProvider }) },
+		options,
+	);
+
+	return queryClient;
+};
+
 /**
  * This endpoint lists the services metadata for the specified cloud provider
  * @summary List services metadata
@@ -941,101 +1148,3 @@ export const invalidateGetService = async (
 
 	return queryClient;
 };
-
-/**
- * This endpoint updates a service for the specified cloud provider
- * @summary Update service
- */
-export const updateService = (
-	{ cloudProvider, serviceId }: UpdateServicePathParameters,
-	cloudintegrationtypesUpdatableServiceDTO: BodyType<CloudintegrationtypesUpdatableServiceDTO>,
-) => {
-	return GeneratedAPIInstance<void>({
-		url: `/api/v1/cloud_integrations/${cloudProvider}/services/${serviceId}`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: cloudintegrationtypesUpdatableServiceDTO,
-	});
-};
-
-export const getUpdateServiceMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateService>>,
-		TError,
-		{
-			pathParams: UpdateServicePathParameters;
-			data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
-		},
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateService>>,
-	TError,
-	{
-		pathParams: UpdateServicePathParameters;
-		data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
-	},
-	TContext
-> => {
-	const mutationKey = ['updateService'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-		  'mutationKey' in options.mutation &&
-		  options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateService>>,
-		{
-			pathParams: UpdateServicePathParameters;
-			data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
-		}
-	> = (props) => {
-		const { pathParams, data } = props ?? {};
-
-		return updateService(pathParams, data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateServiceMutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateService>>
->;
-export type UpdateServiceMutationBody = BodyType<CloudintegrationtypesUpdatableServiceDTO>;
-export type UpdateServiceMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Update service
- */
-export const useUpdateService = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateService>>,
-		TError,
-		{
-			pathParams: UpdateServicePathParameters;
-			data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
-		},
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateService>>,
-	TError,
-	{
-		pathParams: UpdateServicePathParameters;
-		data: BodyType<CloudintegrationtypesUpdatableServiceDTO>;
-	},
-	TContext
-> => {
-	const mutationOptions = getUpdateServiceMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -517,12 +517,12 @@ export type CloudintegrationtypesAWSCollectionStrategyDTOS3Buckets = {
 };
 
 export interface CloudintegrationtypesAWSCollectionStrategyDTO {
-	aws_logs?: CloudintegrationtypesAWSLogsStrategyDTO;
-	aws_metrics?: CloudintegrationtypesAWSMetricsStrategyDTO;
+	logs?: CloudintegrationtypesAWSLogsStrategyDTO;
+	metrics?: CloudintegrationtypesAWSMetricsStrategyDTO;
 	/**
 	 * @type object
 	 */
-	s3_buckets?: CloudintegrationtypesAWSCollectionStrategyDTOS3Buckets;
+	s3Buckets?: CloudintegrationtypesAWSCollectionStrategyDTOS3Buckets;
 }
 
 export interface CloudintegrationtypesAWSConnectionArtifactDTO {
@@ -555,11 +555,11 @@ export type CloudintegrationtypesAWSLogsStrategyDTOCloudwatchLogsSubscriptionsIt
 	/**
 	 * @type string
 	 */
-	filter_pattern?: string;
+	filterPattern?: string;
 	/**
 	 * @type string
 	 */
-	log_group_name_prefix?: string;
+	logGroupNamePrefix?: string;
 };
 
 export interface CloudintegrationtypesAWSLogsStrategyDTO {
@@ -567,7 +567,7 @@ export interface CloudintegrationtypesAWSLogsStrategyDTO {
 	 * @type array
 	 * @nullable true
 	 */
-	cloudwatch_logs_subscriptions?:
+	cloudwatchLogsSubscriptions?:
 		| CloudintegrationtypesAWSLogsStrategyDTOCloudwatchLogsSubscriptionsItem[]
 		| null;
 }
@@ -588,7 +588,7 @@ export interface CloudintegrationtypesAWSMetricsStrategyDTO {
 	 * @type array
 	 * @nullable true
 	 */
-	cloudwatch_metric_stream_filters?:
+	cloudwatchMetricStreamFilters?:
 		| CloudintegrationtypesAWSMetricsStrategyDTOCloudwatchMetricStreamFiltersItem[]
 		| null;
 }
@@ -610,7 +610,7 @@ export interface CloudintegrationtypesAWSServiceLogsConfigDTO {
 	/**
 	 * @type object
 	 */
-	s3_buckets?: CloudintegrationtypesAWSServiceLogsConfigDTOS3Buckets;
+	s3Buckets?: CloudintegrationtypesAWSServiceLogsConfigDTOS3Buckets;
 }
 
 export interface CloudintegrationtypesAWSServiceMetricsConfigDTO {
@@ -693,6 +693,32 @@ export interface CloudintegrationtypesAssetsDTO {
 	dashboards?: CloudintegrationtypesDashboardDTO[] | null;
 }
 
+/**
+ * @nullable
+ */
+export type CloudintegrationtypesCloudIntegrationServiceDTO = {
+	/**
+	 * @type string
+	 */
+	cloudIntegrationId?: string;
+	config?: CloudintegrationtypesServiceConfigDTO;
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	createdAt?: Date;
+	/**
+	 * @type string
+	 */
+	id: string;
+	type?: CloudintegrationtypesServiceIDDTO;
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	updatedAt?: Date;
+} | null;
+
 export interface CloudintegrationtypesCollectedLogAttributeDTO {
 	/**
 	 * @type string
@@ -736,6 +762,11 @@ export interface CloudintegrationtypesConnectionArtifactDTO {
 }
 
 export interface CloudintegrationtypesConnectionArtifactRequestDTO {
+	config: CloudintegrationtypesConnectionArtifactRequestConfigDTO;
+	credentials: CloudintegrationtypesSignozCredentialsDTO;
+}
+
+export interface CloudintegrationtypesConnectionArtifactRequestConfigDTO {
 	aws: CloudintegrationtypesAWSConnectionArtifactRequestDTO;
 }
 
@@ -831,9 +862,68 @@ export type CloudintegrationtypesIntegrationConfigDTO = {
 	 * @type array
 	 */
 	enabled_regions: string[];
-	telemetry: CloudintegrationtypesAWSCollectionStrategyDTO;
+	telemetry: CloudintegrationtypesOldAWSCollectionStrategyDTO;
 } | null;
 
+export type CloudintegrationtypesOldAWSCollectionStrategyDTOS3Buckets = {
+	[key: string]: string[];
+};
+
+export interface CloudintegrationtypesOldAWSCollectionStrategyDTO {
+	aws_logs?: CloudintegrationtypesOldAWSLogsStrategyDTO;
+	aws_metrics?: CloudintegrationtypesOldAWSMetricsStrategyDTO;
+	/**
+	 * @type string
+	 */
+	provider?: string;
+	/**
+	 * @type object
+	 */
+	s3_buckets?: CloudintegrationtypesOldAWSCollectionStrategyDTOS3Buckets;
+}
+
+export type CloudintegrationtypesOldAWSLogsStrategyDTOCloudwatchLogsSubscriptionsItem = {
+	/**
+	 * @type string
+	 */
+	filter_pattern?: string;
+	/**
+	 * @type string
+	 */
+	log_group_name_prefix?: string;
+};
+
+export interface CloudintegrationtypesOldAWSLogsStrategyDTO {
+	/**
+	 * @type array
+	 * @nullable true
+	 */
+	cloudwatch_logs_subscriptions?:
+		| CloudintegrationtypesOldAWSLogsStrategyDTOCloudwatchLogsSubscriptionsItem[]
+		| null;
+}
+
+export type CloudintegrationtypesOldAWSMetricsStrategyDTOCloudwatchMetricStreamFiltersItem = {
+	/**
+	 * @type array
+	 */
+	MetricNames?: string[];
+	/**
+	 * @type string
+	 */
+	Namespace?: string;
+};
+
+export interface CloudintegrationtypesOldAWSMetricsStrategyDTO {
+	/**
+	 * @type array
+	 * @nullable true
+	 */
+	cloudwatch_metric_stream_filters?:
+		| CloudintegrationtypesOldAWSMetricsStrategyDTOCloudwatchMetricStreamFiltersItem[]
+		| null;
+}
+
 /**
  * @nullable
  */
@@ -871,6 +961,7 @@ export interface CloudintegrationtypesProviderIntegrationConfigDTO {
 
 export interface CloudintegrationtypesServiceDTO {
 	assets: CloudintegrationtypesAssetsDTO;
+	cloudIntegrationService: CloudintegrationtypesCloudIntegrationServiceDTO;
 	dataCollected: CloudintegrationtypesDataCollectedDTO;
 	/**
 	 * @type string
@@ -884,8 +975,7 @@ export interface CloudintegrationtypesServiceDTO {
 	 * @type string
 	 */
 	overview: string;
-	serviceConfig?: CloudintegrationtypesServiceConfigDTO;
-	supported_signals: CloudintegrationtypesSupportedSignalsDTO;
+	supportedSignals: CloudintegrationtypesSupportedSignalsDTO;
 	telemetryCollectionStrategy: CloudintegrationtypesCollectionStrategyDTO;
 	/**
 	 * @type string
@@ -897,6 +987,21 @@ export interface CloudintegrationtypesServiceConfigDTO {
 	aws: CloudintegrationtypesAWSServiceConfigDTO;
 }
 
+export enum CloudintegrationtypesServiceIDDTO {
+	alb = 'alb',
+	'api-gateway' = 'api-gateway',
+	dynamodb = 'dynamodb',
+	ec2 = 'ec2',
+	ecs = 'ecs',
+	eks = 'eks',
+	elasticache = 'elasticache',
+	lambda = 'lambda',
+	msk = 'msk',
+	rds = 'rds',
+	s3sync = 's3sync',
+	sns = 'sns',
+	sqs = 'sqs',
+}
 export interface CloudintegrationtypesServiceMetadataDTO {
 	/**
 	 * @type boolean
@@ -916,6 +1021,25 @@ export interface CloudintegrationtypesServiceMetadataDTO {
 	title: string;
 }
 
+export interface CloudintegrationtypesSignozCredentialsDTO {
+	/**
+	 * @type string
+	 */
+	ingestionKey: string;
+	/**
+	 * @type string
+	 */
+	ingestionUrl: string;
+	/**
+	 * @type string
+	 */
+	sigNozApiKey: string;
+	/**
+	 * @type string
+	 */
+	sigNozApiURL: string;
+}
+
 export interface CloudintegrationtypesSupportedSignalsDTO {
 	/**
 	 * @type boolean
@@ -3499,6 +3623,11 @@ export type UpdateAccountPathParameters = {
 	cloudProvider: string;
 	id: string;
 };
+export type UpdateServicePathParameters = {
+	cloudProvider: string;
+	id: string;
+	serviceId: string;
+};
 export type AgentCheckInPathParameters = {
 	cloudProvider: string;
 };
@@ -3510,6 +3639,17 @@ export type AgentCheckIn200 = {
 	status: string;
 };
 
+export type GetConnectionCredentialsPathParameters = {
+	cloudProvider: string;
+};
+export type GetConnectionCredentials200 = {
+	data: CloudintegrationtypesSignozCredentialsDTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
 export type ListServicesMetadataPathParameters = {
 	cloudProvider: string;
 };
@@ -3533,10 +3673,6 @@ export type GetService200 = {
 	status: string;
 };
 
-export type UpdateServicePathParameters = {
-	cloudProvider: string;
-	serviceId: string;
-};
 export type CreateSessionByGoogleCallback303 = {
 	data: AuthtypesGettableTokenDTO;
 	/**

frontend/src/components/CreateServiceAccountModal/CreateServiceAccountModal.tsx

@@ -14,8 +14,6 @@ import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schem
 import { AxiosError } from 'axios';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import { parseAsBoolean, useQueryState } from 'nuqs';
-import { useErrorModal } from 'providers/ErrorModalProvider';
-import APIError from 'types/api/error';
 
 import './CreateServiceAccountModal.styles.scss';
 
@@ -30,8 +28,6 @@ function CreateServiceAccountModal(): JSX.Element {
 		parseAsBoolean.withDefault(false),
 	);
 
-	const { showErrorModal, isErrorModalVisible } = useErrorModal();
-
 	const {
 		control,
 		handleSubmit,
@@ -58,10 +54,13 @@ function CreateServiceAccountModal(): JSX.Element {
 				await invalidateListServiceAccounts(queryClient);
 			},
 			onError: (err) => {
-				const errMessage = convertToApiError(
-					err as AxiosError<RenderErrorResponseDTO, unknown> | null,
-				);
-				showErrorModal(errMessage as APIError);
+				const errMessage =
+					convertToApiError(
+						err as AxiosError<RenderErrorResponseDTO, unknown> | null,
+					)?.getErrorMessage() || 'An error occurred';
+				toast.error(`Failed to create service account: ${errMessage}`, {
+					richColors: true,
+				});
 			},
 		},
 	});
@@ -91,7 +90,7 @@ function CreateServiceAccountModal(): JSX.Element {
 			showCloseButton
 			width="narrow"
 			className="create-sa-modal"
-			disableOutsideClick={isErrorModalVisible}
+			disableOutsideClick={false}
 		>
 			<div className="create-sa-modal__content">
 				<form

frontend/src/components/CreateServiceAccountModal/__tests__/CreateServiceAccountModal.test.tsx

@@ -11,16 +11,6 @@ jest.mock('@signozhq/sonner', () => ({
 
 const mockToast = jest.mocked(toast);
 
-const showErrorModal = jest.fn();
-jest.mock('providers/ErrorModalProvider', () => ({
-	__esModule: true,
-	...jest.requireActual('providers/ErrorModalProvider'),
-	useErrorModal: jest.fn(() => ({
-		showErrorModal,
-		isErrorModalVisible: false,
-	})),
-}));
-
 const SERVICE_ACCOUNTS_ENDPOINT = '*/api/v1/service_accounts';
 
 function renderModal(): ReturnType<typeof render> {
@@ -102,13 +92,10 @@ describe('CreateServiceAccountModal', () => {
 		await user.click(submitBtn);
 
 		await waitFor(() => {
-			expect(showErrorModal).toHaveBeenCalledWith(
-				expect.objectContaining({
-					getErrorMessage: expect.any(Function),
-				}),
+			expect(mockToast.error).toHaveBeenCalledWith(
+				expect.stringMatching(/Failed to create service account/i),
+				expect.anything(),
 			);
-			const passedError = showErrorModal.mock.calls[0][0] as any;
-			expect(passedError.getErrorMessage()).toBe('Internal Server Error');
 		});
 
 		expect(

frontend/src/components/EditMemberDrawer/EditMemberDrawer.tsx

@@ -1,4 +1,4 @@
-import { useCallback, useEffect, useRef, useState } from 'react';
+import { useCallback, useEffect, useState } from 'react';
 import { useCopyToClipboard } from 'react-use';
 import { Badge } from '@signozhq/badge';
 import { Button } from '@signozhq/button';
@@ -28,7 +28,6 @@ import {
 	useMemberRoleManager,
 } from 'hooks/member/useMemberRoleManager';
 import { useAppContext } from 'providers/App/App';
-import { useErrorModal } from 'providers/ErrorModalProvider';
 import { useTimezone } from 'providers/Timezone';
 import APIError from 'types/api/error';
 import { toAPIError } from 'utils/errorUtils';
@@ -91,11 +90,8 @@ function EditMemberDrawer({
 	const [linkType, setLinkType] = useState<'invite' | 'reset' | null>(null);
 
 	const isInvited = member?.status === MemberStatus.Invited;
-	const isDeleted = member?.status === MemberStatus.Deleted;
 	const isSelf = !!member?.id && member.id === currentUser?.id;
 
-	const { showErrorModal } = useErrorModal();
-
 	const {
 		data: fetchedUser,
 		isLoading: isFetchingUser,
@@ -115,39 +111,26 @@ function EditMemberDrawer({
 		refetch: refetchRoles,
 	} = useRoles();
 
-	const {
-		fetchedRoleIds,
-		isLoading: isMemberRolesLoading,
-		applyDiff,
-	} = useMemberRoleManager(member?.id ?? '', open && !!member?.id);
+	const { fetchedRoleIds, applyDiff } = useMemberRoleManager(
+		member?.id ?? '',
+		open && !!member?.id,
+	);
 
 	const fetchedDisplayName =
 		fetchedUser?.data?.displayName ?? member?.name ?? '';
 	const fetchedUserId = fetchedUser?.data?.id;
 	const fetchedUserDisplayName = fetchedUser?.data?.displayName;
 
-	const roleSessionRef = useRef<string | null>(null);
-
 	useEffect(() => {
 		if (fetchedUserId) {
 			setLocalDisplayName(fetchedUserDisplayName ?? member?.name ?? '');
 		}
+		setSaveErrors([]);
 	}, [fetchedUserId, fetchedUserDisplayName, member?.name]);
 
 	useEffect(() => {
-		if (fetchedUserId) {
-			setSaveErrors([]);
-		}
-	}, [fetchedUserId]);
-
-	useEffect(() => {
-		if (!member?.id) {
-			roleSessionRef.current = null;
-		} else if (member.id !== roleSessionRef.current && !isMemberRolesLoading) {
-			setLocalRole(fetchedRoleIds[0] ?? '');
-			roleSessionRef.current = member.id;
-		}
-	}, [member?.id, fetchedRoleIds, isMemberRolesLoading]);
+		setLocalRole(fetchedRoleIds[0] ?? '');
+	}, [fetchedRoleIds]);
 
 	const isDirty =
 		member !== null &&
@@ -170,10 +153,17 @@ function EditMemberDrawer({
 				onClose();
 			},
 			onError: (err): void => {
-				const errMessage = convertToApiError(
-					err as AxiosError<RenderErrorResponseDTO, unknown> | null,
-				);
-				showErrorModal(errMessage as APIError);
+				const errMessage =
+					convertToApiError(
+						err as AxiosError<RenderErrorResponseDTO, unknown> | null,
+					)?.getErrorMessage() || 'An error occurred';
+				const prefix = isInvited
+					? 'Failed to revoke invite'
+					: 'Failed to delete member';
+				toast.error(`${prefix}: ${errMessage}`, {
+					richColors: true,
+					position: 'top-right',
+				});
 			},
 		},
 	});
@@ -354,15 +344,15 @@ function EditMemberDrawer({
 					position: 'top-right',
 				});
 			}
-		} catch (err) {
-			const errMsg = convertToApiError(
-				err as AxiosError<RenderErrorResponseDTO, unknown> | null,
-			);
-			showErrorModal(errMsg as APIError);
+		} catch {
+			toast.error('Failed to generate password reset link', {
+				richColors: true,
+				position: 'top-right',
+			});
 		} finally {
 			setIsGeneratingLink(false);
 		}
-	}, [member, isInvited, onClose, showErrorModal]);
+	}, [member, isInvited, onClose]);
 
 	const [copyState, copyToClipboard] = useCopyToClipboard();
 	const handleCopyResetLink = useCallback((): void => {
@@ -429,7 +419,7 @@ function EditMemberDrawer({
 						}}
 						className="edit-member-drawer__input"
 						placeholder="Enter name"
-						disabled={isRootUser || isDeleted}
+						disabled={isRootUser}
 					/>
 				</Tooltip>
 			</div>
@@ -450,15 +440,9 @@ function EditMemberDrawer({
 				<label className="edit-member-drawer__label" htmlFor="member-role">
 					Roles
 				</label>
-				{isSelf || isRootUser || isDeleted ? (
+				{isSelf || isRootUser ? (
 					<Tooltip
-						title={
-							isRootUser
-								? ROOT_USER_TOOLTIP
-								: isDeleted
-								? undefined
-								: 'You cannot modify your own role'
-						}
+						title={isRootUser ? ROOT_USER_TOOLTIP : 'You cannot modify your own role'}
 					>
 						<div className="edit-member-drawer__input-wrapper edit-member-drawer__input-wrapper--disabled">
 							<div className="edit-member-drawer__disabled-roles">
@@ -483,7 +467,7 @@ function EditMemberDrawer({
 						onRefetch={refetchRoles}
 						value={localRole}
 						onChange={(role): void => {
-							setLocalRole(role ?? '');
+							setLocalRole(role);
 							setSaveErrors((prev) =>
 								prev.filter(
 									(err) =>
@@ -492,7 +476,6 @@ function EditMemberDrawer({
 							);
 						}}
 						placeholder="Select role"
-						allowClear={false}
 					/>
 				)}
 			</div>
@@ -504,10 +487,6 @@ function EditMemberDrawer({
 						<Badge color="forest" variant="outline">
 							ACTIVE
 						</Badge>
-					) : member?.status === MemberStatus.Deleted ? (
-						<Badge color="cherry" variant="outline">
-							DELETED
-						</Badge>
 					) : (
 						<Badge color="amber" variant="outline">
 							INVITED
@@ -546,57 +525,55 @@ function EditMemberDrawer({
 		<div className="edit-member-drawer__layout">
 			<div className="edit-member-drawer__body">{drawerBody}</div>
 
-			{!isDeleted && (
-				<div className="edit-member-drawer__footer">
-					<div className="edit-member-drawer__footer-left">
-						<Tooltip title={getDeleteTooltip(isRootUser, isSelf)}>
-							<span className="edit-member-drawer__tooltip-wrapper">
-								<Button
-									className="edit-member-drawer__footer-btn edit-member-drawer__footer-btn--danger"
-									onClick={(): void => setShowDeleteConfirm(true)}
-									disabled={isRootUser || isSelf}
-								>
-									<Trash2 size={12} />
-									{isInvited ? 'Revoke Invite' : 'Delete Member'}
-								</Button>
-							</span>
-						</Tooltip>
+			<div className="edit-member-drawer__footer">
+				<div className="edit-member-drawer__footer-left">
+					<Tooltip title={getDeleteTooltip(isRootUser, isSelf)}>
+						<span className="edit-member-drawer__tooltip-wrapper">
+							<Button
+								className="edit-member-drawer__footer-btn edit-member-drawer__footer-btn--danger"
+								onClick={(): void => setShowDeleteConfirm(true)}
+								disabled={isRootUser || isSelf}
+							>
+								<Trash2 size={12} />
+								{isInvited ? 'Revoke Invite' : 'Delete Member'}
+							</Button>
+						</span>
+					</Tooltip>
 
-						<div className="edit-member-drawer__footer-divider" />
-						<Tooltip title={isRootUser ? ROOT_USER_TOOLTIP : undefined}>
-							<span className="edit-member-drawer__tooltip-wrapper">
-								<Button
-									className="edit-member-drawer__footer-btn edit-member-drawer__footer-btn--warning"
-									onClick={handleGenerateResetLink}
-									disabled={isGeneratingLink || isRootUser}
-								>
-									<RefreshCw size={12} />
-									{isGeneratingLink && 'Generating...'}
-									{!isGeneratingLink && isInvited && 'Copy Invite Link'}
-									{!isGeneratingLink && !isInvited && 'Generate Password Reset Link'}
-								</Button>
-							</span>
-						</Tooltip>
-					</div>
-
-					<div className="edit-member-drawer__footer-right">
-						<Button variant="solid" color="secondary" size="sm" onClick={handleClose}>
-							<X size={14} />
-							Cancel
-						</Button>
-
-						<Button
-							variant="solid"
-							color="primary"
-							size="sm"
-							disabled={!isDirty || isSaving || isRootUser}
-							onClick={handleSave}
-						>
-							{isSaving ? 'Saving...' : 'Save Member Details'}
-						</Button>
-					</div>
+					<div className="edit-member-drawer__footer-divider" />
+					<Tooltip title={isRootUser ? ROOT_USER_TOOLTIP : undefined}>
+						<span className="edit-member-drawer__tooltip-wrapper">
+							<Button
+								className="edit-member-drawer__footer-btn edit-member-drawer__footer-btn--warning"
+								onClick={handleGenerateResetLink}
+								disabled={isGeneratingLink || isRootUser}
+							>
+								<RefreshCw size={12} />
+								{isGeneratingLink && 'Generating...'}
+								{!isGeneratingLink && isInvited && 'Copy Invite Link'}
+								{!isGeneratingLink && !isInvited && 'Generate Password Reset Link'}
+							</Button>
+						</span>
+					</Tooltip>
 				</div>
-			)}
+
+				<div className="edit-member-drawer__footer-right">
+					<Button variant="solid" color="secondary" size="sm" onClick={handleClose}>
+						<X size={14} />
+						Cancel
+					</Button>
+
+					<Button
+						variant="solid"
+						color="primary"
+						size="sm"
+						disabled={!isDirty || isSaving || isRootUser}
+						onClick={handleSave}
+					>
+						{isSaving ? 'Saving...' : 'Save Member Details'}
+					</Button>
+				</div>
+			</div>
 		</div>
 	);
 

frontend/src/components/EditMemberDrawer/__tests__/EditMemberDrawer.test.tsx

@@ -84,16 +84,6 @@ const ROLES_ENDPOINT = '*/api/v1/roles';
 const mockDeleteMutate = jest.fn();
 const mockGetResetPasswordToken = jest.mocked(getResetPasswordToken);
 
-const showErrorModal = jest.fn();
-jest.mock('providers/ErrorModalProvider', () => ({
-	__esModule: true,
-	...jest.requireActual('providers/ErrorModalProvider'),
-	useErrorModal: jest.fn(() => ({
-		showErrorModal,
-		isErrorModalVisible: false,
-	})),
-}));
-
 const mockFetchedUser = {
 	data: {
 		id: 'user-1',
@@ -157,7 +147,6 @@ function renderDrawer(
 describe('EditMemberDrawer', () => {
 	beforeEach(() => {
 		jest.clearAllMocks();
-		showErrorModal.mockClear();
 		server.use(
 			rest.get(ROLES_ENDPOINT, (_, res, ctx) =>
 				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
@@ -470,6 +459,7 @@ describe('EditMemberDrawer', () => {
 
 		it('shows API error message when deleteUser fails for active member', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
+			const mockToast = jest.mocked(toast);
 
 			(useDeleteUser as jest.Mock).mockImplementation((options) => ({
 				mutate: mockDeleteMutate.mockImplementation(() => {
@@ -487,20 +477,16 @@ describe('EditMemberDrawer', () => {
 			await user.click(confirmBtns[confirmBtns.length - 1]);
 
 			await waitFor(() => {
-				expect(showErrorModal).toHaveBeenCalledWith(
-					expect.objectContaining({
-						getErrorMessage: expect.any(Function),
-					}),
-				);
-				const passedError = showErrorModal.mock.calls[0][0] as any;
-				expect(passedError.getErrorMessage()).toBe(
-					'Something went wrong on server',
+				expect(mockToast.error).toHaveBeenCalledWith(
+					'Failed to delete member: Something went wrong on server',
+					expect.anything(),
 				);
 			});
 		});
 
 		it('shows API error message when deleteUser fails for invited member', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
+			const mockToast = jest.mocked(toast);
 
 			(useDeleteUser as jest.Mock).mockImplementation((options) => ({
 				mutate: mockDeleteMutate.mockImplementation(() => {
@@ -518,14 +504,9 @@ describe('EditMemberDrawer', () => {
 			await user.click(confirmBtns[confirmBtns.length - 1]);
 
 			await waitFor(() => {
-				expect(showErrorModal).toHaveBeenCalledWith(
-					expect.objectContaining({
-						getErrorMessage: expect.any(Function),
-					}),
-				);
-				const passedError = showErrorModal.mock.calls[0][0] as any;
-				expect(passedError.getErrorMessage()).toBe(
-					'Something went wrong on server',
+				expect(mockToast.error).toHaveBeenCalledWith(
+					'Failed to revoke invite: Something went wrong on server',
+					expect.anything(),
 				);
 			});
 		});

frontend/src/components/InviteMembersModal/InviteMembersModal.tsx

@@ -10,7 +10,6 @@ import { Select } from 'antd';
 import inviteUsers from 'api/v1/invite/bulk/create';
 import sendInvite from 'api/v1/invite/create';
 import { cloneDeep, debounce } from 'lodash-es';
-import { useErrorModal } from 'providers/ErrorModalProvider';
 import APIError from 'types/api/error';
 import { ROLES } from 'types/roles';
 import { EMAIL_REGEX } from 'utils/app';
@@ -41,8 +40,6 @@ function InviteMembersModal({
 	onClose,
 	onComplete,
 }: InviteMembersModalProps): JSX.Element {
-	const { showErrorModal, isErrorModalVisible } = useErrorModal();
-
 	const [rows, setRows] = useState<InviteRow[]>(() => [
 		EMPTY_ROW(),
 		EMPTY_ROW(),
@@ -207,11 +204,13 @@ function InviteMembersModal({
 			resetAndClose();
 			onComplete?.();
 		} catch (err) {
-			showErrorModal(err as APIError);
+			const apiErr = err as APIError;
+			const errorMessage = apiErr?.getErrorMessage?.() ?? 'An error occurred';
+			toast.error(errorMessage, { richColors: true, position: 'top-right' });
 		} finally {
 			setIsSubmitting(false);
 		}
-	}, [validateAllUsers, rows, resetAndClose, onComplete, showErrorModal]);
+	}, [rows, onComplete, resetAndClose, validateAllUsers]);
 
 	const touchedRows = rows.filter(isRowTouched);
 	const isSubmitDisabled = isSubmitting || touchedRows.length === 0;
@@ -228,7 +227,7 @@ function InviteMembersModal({
 			showCloseButton
 			width="wide"
 			className="invite-members-modal"
-			disableOutsideClick={isErrorModalVisible}
+			disableOutsideClick={false}
 		>
 			<div className="invite-members-modal__content">
 				<div className="invite-members-modal__table">
@@ -330,7 +329,6 @@ function InviteMembersModal({
 						size="sm"
 						onClick={handleSubmit}
 						disabled={isSubmitDisabled}
-						loading={isSubmitting}
 					>
 						{isSubmitting ? 'Inviting...' : 'Invite Team Members'}
 					</Button>

frontend/src/components/InviteMembersModal/__tests__/InviteMembersModal.test.tsx

@@ -1,3 +1,4 @@
+import { toast } from '@signozhq/sonner';
 import inviteUsers from 'api/v1/invite/bulk/create';
 import sendInvite from 'api/v1/invite/create';
 import { StatusCodes } from 'http-status-codes';
@@ -21,16 +22,6 @@ jest.mock('@signozhq/sonner', () => ({
 	},
 }));
 
-const showErrorModal = jest.fn();
-jest.mock('providers/ErrorModalProvider', () => ({
-	__esModule: true,
-	...jest.requireActual('providers/ErrorModalProvider'),
-	useErrorModal: jest.fn(() => ({
-		showErrorModal,
-		isErrorModalVisible: false,
-	})),
-}));
-
 const mockSendInvite = jest.mocked(sendInvite);
 const mockInviteUsers = jest.mocked(inviteUsers);
 
@@ -43,7 +34,6 @@ const defaultProps = {
 describe('InviteMembersModal', () => {
 	beforeEach(() => {
 		jest.clearAllMocks();
-		showErrorModal.mockClear();
 		mockSendInvite.mockResolvedValue({
 			httpStatusCode: 200,
 			data: { data: 'test', status: 'success' },
@@ -164,10 +154,9 @@ describe('InviteMembersModal', () => {
 	describe('error handling', () => {
 		it('shows BE message on single invite 409', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
-			const error = makeApiError(
-				'An invite already exists for this email: single@signoz.io',
+			mockSendInvite.mockRejectedValue(
+				makeApiError('An invite already exists for this email: single@signoz.io'),
 			);
-			mockSendInvite.mockRejectedValue(error);
 
 			render(<InviteMembersModal {...defaultProps} />);
 
@@ -182,16 +171,18 @@ describe('InviteMembersModal', () => {
 			);
 
 			await waitFor(() => {
-				expect(showErrorModal).toHaveBeenCalledWith(error);
+				expect(toast.error).toHaveBeenCalledWith(
+					'An invite already exists for this email: single@signoz.io',
+					expect.anything(),
+				);
 			});
 		});
 
 		it('shows BE message on bulk invite 409', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
-			const error = makeApiError(
-				'An invite already exists for this email: alice@signoz.io',
+			mockInviteUsers.mockRejectedValue(
+				makeApiError('An invite already exists for this email: alice@signoz.io'),
 			);
-			mockInviteUsers.mockRejectedValue(error);
 
 			render(<InviteMembersModal {...defaultProps} />);
 
@@ -210,17 +201,18 @@ describe('InviteMembersModal', () => {
 			);
 
 			await waitFor(() => {
-				expect(showErrorModal).toHaveBeenCalledWith(error);
+				expect(toast.error).toHaveBeenCalledWith(
+					'An invite already exists for this email: alice@signoz.io',
+					expect.anything(),
+				);
 			});
 		});
 
 		it('shows BE message on generic error', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
-			const error = makeApiError(
-				'Internal server error',
-				StatusCodes.INTERNAL_SERVER_ERROR,
+			mockSendInvite.mockRejectedValue(
+				makeApiError('Internal server error', StatusCodes.INTERNAL_SERVER_ERROR),
 			);
-			mockSendInvite.mockRejectedValue(error);
 
 			render(<InviteMembersModal {...defaultProps} />);
 
@@ -235,7 +227,10 @@ describe('InviteMembersModal', () => {
 			);
 
 			await waitFor(() => {
-				expect(showErrorModal).toHaveBeenCalledWith(error);
+				expect(toast.error).toHaveBeenCalledWith(
+					'Internal server error',
+					expect.anything(),
+				);
 			});
 		});
 	});

frontend/src/components/MembersTable/MembersTable.tsx

@@ -210,7 +210,7 @@ function MembersTable({
 					index % 2 === 0 ? 'members-table-row--tinted' : ''
 				}
 				onRow={(record): React.HTMLAttributes<HTMLElement> => {
-					const isClickable = !!onRowClick;
+					const isClickable = onRowClick && record.status !== MemberStatus.Deleted;
 					return {
 						onClick: (): void => {
 							if (isClickable) {

frontend/src/components/MembersTable/__tests__/MembersTable.test.tsx

@@ -86,7 +86,7 @@ describe('MembersTable', () => {
 		);
 	});
 
-	it('renders DELETED badge and calls onRowClick when a deleted member row is clicked', async () => {
+	it('renders DELETED badge and does not call onRowClick when a deleted member row is clicked', async () => {
 		const onRowClick = jest.fn();
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		const deletedMember: MemberRow = {
@@ -108,7 +108,7 @@ describe('MembersTable', () => {
 
 		expect(screen.getByText('DELETED')).toBeInTheDocument();
 		await user.click(screen.getByText('Dave Deleted'));
-		expect(onRowClick).toHaveBeenCalledWith(
+		expect(onRowClick).not.toHaveBeenCalledWith(
 			expect.objectContaining({ id: 'user-del' }),
 		);
 	});

frontend/src/components/RolesSelect/RolesSelect.tsx

@@ -85,8 +85,7 @@ interface BaseProps {
 interface SingleProps extends BaseProps {
 	mode?: 'single';
 	value?: string;
-	onChange?: (role: string | undefined) => void;
-	allowClear?: boolean;
+	onChange?: (role: string) => void;
 }
 
 interface MultipleProps extends BaseProps {
@@ -155,14 +154,13 @@ function RolesSelect(props: RolesSelectProps): JSX.Element {
 		);
 	}
 
-	const { value, onChange, allowClear = true } = props as SingleProps;
+	const { value, onChange } = props as SingleProps;
 	return (
 		<Select
 			id={id}
 			value={value || undefined}
 			onChange={onChange}
 			placeholder={placeholder}
-			allowClear={allowClear}
 			className={cx('roles-single-select', className)}
 			loading={loading}
 			notFoundContent={notFoundContent}

frontend/src/components/ServiceAccountDrawer/AddKeyModal/index.tsx

@@ -17,8 +17,6 @@ import { AxiosError } from 'axios';
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import { parseAsBoolean, useQueryState } from 'nuqs';
-import { useErrorModal } from 'providers/ErrorModalProvider';
-import APIError from 'types/api/error';
 
 import KeyCreatedPhase from './KeyCreatedPhase';
 import KeyFormPhase from './KeyFormPhase';
@@ -29,7 +27,6 @@ import './AddKeyModal.styles.scss';
 
 function AddKeyModal(): JSX.Element {
 	const queryClient = useQueryClient();
-	const { showErrorModal, isErrorModalVisible } = useErrorModal();
 	const [accountId] = useQueryState(SA_QUERY_PARAMS.ACCOUNT);
 	const [isAddKeyOpen, setIsAddKeyOpen] = useQueryState(
 		SA_QUERY_PARAMS.ADD_KEY,
@@ -84,11 +81,11 @@ function AddKeyModal(): JSX.Element {
 				}
 			},
 			onError: (error) => {
-				showErrorModal(
+				const errMessage =
 					convertToApiError(
 						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
-					) as APIError,
-				);
+					)?.getErrorMessage() || 'Failed to create key';
+				toast.error(errMessage, { richColors: true });
 			},
 		},
 	});
@@ -154,7 +151,7 @@ function AddKeyModal(): JSX.Element {
 			width="base"
 			className="add-key-modal"
 			showCloseButton
-			disableOutsideClick={isErrorModalVisible}
+			disableOutsideClick={false}
 		>
 			{phase === Phase.FORM && (
 				<KeyFormPhase

frontend/src/components/ServiceAccountDrawer/DeleteAccountModal.tsx

@@ -16,12 +16,9 @@ import type {
 import { AxiosError } from 'axios';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import { parseAsBoolean, useQueryState } from 'nuqs';
-import { useErrorModal } from 'providers/ErrorModalProvider';
-import APIError from 'types/api/error';
 
 function DeleteAccountModal(): JSX.Element {
 	const queryClient = useQueryClient();
-	const { showErrorModal, isErrorModalVisible } = useErrorModal();
 	const [accountId, setAccountId] = useQueryState(SA_QUERY_PARAMS.ACCOUNT);
 	const [isDeleteOpen, setIsDeleteOpen] = useQueryState(
 		SA_QUERY_PARAMS.DELETE_SA,
@@ -48,11 +45,11 @@ function DeleteAccountModal(): JSX.Element {
 				await invalidateListServiceAccounts(queryClient);
 			},
 			onError: (error) => {
-				showErrorModal(
+				const errMessage =
 					convertToApiError(
 						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
-					) as APIError,
-				);
+					)?.getErrorMessage() || 'Failed to delete service account';
+				toast.error(errMessage, { richColors: true });
 			},
 		},
 	});
@@ -82,7 +79,7 @@ function DeleteAccountModal(): JSX.Element {
 			width="narrow"
 			className="alert-dialog sa-delete-dialog"
 			showCloseButton={false}
-			disableOutsideClick={isErrorModalVisible}
+			disableOutsideClick={false}
 		>
 			<p className="sa-delete-dialog__body">
 				Are you sure you want to delete <strong>{accountName}</strong>? This action

frontend/src/components/ServiceAccountDrawer/EditKeyModal/index.tsx

@@ -17,9 +17,7 @@ import { AxiosError } from 'axios';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import dayjs from 'dayjs';
 import { parseAsString, useQueryState } from 'nuqs';
-import { useErrorModal } from 'providers/ErrorModalProvider';
 import { useTimezone } from 'providers/Timezone';
-import APIError from 'types/api/error';
 
 import { RevokeKeyContent } from '../RevokeKeyModal';
 import EditKeyForm from './EditKeyForm';
@@ -43,7 +41,6 @@ function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {
 	const open = !!editKeyId && !!selectedAccountId;
 
 	const { formatTimezoneAdjustedTimestamp } = useTimezone();
-	const { showErrorModal, isErrorModalVisible } = useErrorModal();
 	const [isRevokeConfirmOpen, setIsRevokeConfirmOpen] = useState(false);
 
 	const {
@@ -81,11 +78,11 @@ function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {
 				}
 			},
 			onError: (error) => {
-				showErrorModal(
+				const errMessage =
 					convertToApiError(
 						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
-					) as APIError,
-				);
+					)?.getErrorMessage() || 'Failed to update key';
+				toast.error(errMessage, { richColors: true });
 			},
 		},
 	});
@@ -105,13 +102,12 @@ function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {
 					});
 				}
 			},
-			// eslint-disable-next-line sonarjs/no-identical-functions
 			onError: (error) => {
-				showErrorModal(
+				const errMessage =
 					convertToApiError(
 						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
-					) as APIError,
-				);
+					)?.getErrorMessage() || 'Failed to revoke key';
+				toast.error(errMessage, { richColors: true });
 			},
 		},
 	});
@@ -164,7 +160,7 @@ function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {
 				isRevokeConfirmOpen ? 'alert-dialog delete-dialog' : 'edit-key-modal'
 			}
 			showCloseButton={!isRevokeConfirmOpen}
-			disableOutsideClick={isErrorModalVisible}
+			disableOutsideClick={false}
 		>
 			{isRevokeConfirmOpen ? (
 				<RevokeKeyContent

frontend/src/components/ServiceAccountDrawer/OverviewTab.tsx

@@ -17,7 +17,7 @@ interface OverviewTabProps {
 	localName: string;
 	onNameChange: (v: string) => void;
 	localRole: string;
-	onRoleChange: (v: string | undefined) => void;
+	onRoleChange: (v: string) => void;
 	isDisabled: boolean;
 	availableRoles: AuthtypesRoleDTO[];
 	rolesLoading?: boolean;

frontend/src/components/ServiceAccountDrawer/RevokeKeyModal.tsx

@@ -16,8 +16,6 @@ import type {
 import { AxiosError } from 'axios';
 import { SA_QUERY_PARAMS } from 'container/ServiceAccountsSettings/constants';
 import { parseAsString, useQueryState } from 'nuqs';
-import { useErrorModal } from 'providers/ErrorModalProvider';
-import APIError from 'types/api/error';
 
 export interface RevokeKeyContentProps {
 	isRevoking: boolean;
@@ -58,7 +56,6 @@ export function RevokeKeyContent({
 
 function RevokeKeyModal(): JSX.Element {
 	const queryClient = useQueryClient();
-	const { showErrorModal, isErrorModalVisible } = useErrorModal();
 	const [accountId] = useQueryState(SA_QUERY_PARAMS.ACCOUNT);
 	const [revokeKeyId, setRevokeKeyId] = useQueryState(
 		SA_QUERY_PARAMS.REVOKE_KEY,
@@ -86,11 +83,11 @@ function RevokeKeyModal(): JSX.Element {
 				}
 			},
 			onError: (error) => {
-				showErrorModal(
+				const errMessage =
 					convertToApiError(
 						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
-					) as APIError,
-				);
+					)?.getErrorMessage() || 'Failed to revoke key';
+				toast.error(errMessage, { richColors: true });
 			},
 		},
 	});
@@ -118,7 +115,7 @@ function RevokeKeyModal(): JSX.Element {
 			width="narrow"
 			className="alert-dialog delete-dialog"
 			showCloseButton={false}
-			disableOutsideClick={isErrorModalVisible}
+			disableOutsideClick={false}
 		>
 			<RevokeKeyContent
 				isRevoking={isRevoking}

frontend/src/components/ServiceAccountDrawer/ServiceAccountDrawer.tsx

@@ -1,4 +1,4 @@
-import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
+import { useCallback, useEffect, useMemo, useState } from 'react';
 import { useQueryClient } from 'react-query';
 import { Button } from '@signozhq/button';
 import { DrawerWrapper } from '@signozhq/drawer';
@@ -8,9 +8,7 @@ import { ToggleGroup, ToggleGroupItem } from '@signozhq/toggle-group';
 import { Pagination, Skeleton } from 'antd';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import {
-	getGetServiceAccountRolesQueryKey,
 	getListServiceAccountsQueryKey,
-	useDeleteServiceAccountRole,
 	useGetServiceAccount,
 	useListServiceAccountKeys,
 	useUpdateServiceAccount,
@@ -25,10 +23,7 @@ import {
 	ServiceAccountStatus,
 	toServiceAccountRow,
 } from 'container/ServiceAccountsSettings/utils';
-import {
-	RoleUpdateFailure,
-	useServiceAccountRoleManager,
-} from 'hooks/serviceAccount/useServiceAccountRoleManager';
+import { useServiceAccountRoleManager } from 'hooks/serviceAccount/useServiceAccountRoleManager';
 import {
 	parseAsBoolean,
 	parseAsInteger,
@@ -37,7 +32,7 @@ import {
 	useQueryState,
 } from 'nuqs';
 import APIError from 'types/api/error';
-import { retryOn429, toAPIError } from 'utils/errorUtils';
+import { toAPIError } from 'utils/errorUtils';
 
 import AddKeyModal from './AddKeyModal';
 import DeleteAccountModal from './DeleteAccountModal';
@@ -54,13 +49,6 @@ export interface ServiceAccountDrawerProps {
 
 const PAGE_SIZE = 15;
 
-function toSaveApiError(err: unknown): APIError {
-	return (
-		convertToApiError(err as AxiosError<RenderErrorResponseDTO>) ??
-		toAPIError(err as AxiosError<RenderErrorResponseDTO>)
-	);
-}
-
 // eslint-disable-next-line sonarjs/cognitive-complexity
 function ServiceAccountDrawer({
 	onSuccess,
@@ -115,35 +103,21 @@ function ServiceAccountDrawer({
 		[accountData],
 	);
 
-	const {
-		currentRoles,
-		isLoading: isRolesLoading,
-		applyDiff,
-	} = useServiceAccountRoleManager(selectedAccountId ?? '');
-
-	const roleSessionRef = useRef<string | null>(null);
+	const { currentRoles, applyDiff } = useServiceAccountRoleManager(
+		selectedAccountId ?? '',
+	);
 
 	useEffect(() => {
 		if (account?.id) {
 			setLocalName(account?.name ?? '');
 			setKeysPage(1);
 		}
+		setSaveErrors([]);
 	}, [account?.id, account?.name, setKeysPage]);
 
 	useEffect(() => {
-		if (account?.id) {
-			setSaveErrors([]);
-		}
-	}, [account?.id]);
-
-	useEffect(() => {
-		if (!account?.id) {
-			roleSessionRef.current = null;
-		} else if (account.id !== roleSessionRef.current && !isRolesLoading) {
-			setLocalRole(currentRoles[0]?.id ?? '');
-			roleSessionRef.current = account.id;
-		}
-	}, [account?.id, currentRoles, isRolesLoading]);
+		setLocalRole(currentRoles[0]?.id ?? '');
+	}, [currentRoles]);
 
 	const isDeleted =
 		account?.status?.toUpperCase() === ServiceAccountStatus.Deleted;
@@ -179,26 +153,12 @@ function ServiceAccountDrawer({
 
 	// the retry for this mutation is safe due to the api being idempotent on backend
 	const { mutateAsync: updateMutateAsync } = useUpdateServiceAccount();
-	const { mutateAsync: deleteRole } = useDeleteServiceAccountRole({
-		mutation: {
-			retry: retryOn429,
-		},
-	});
 
-	const executeRolesOperation = useCallback(
-		async (accountId: string): Promise<RoleUpdateFailure[]> => {
-			if (localRole === '' && currentRoles[0]?.id) {
-				await deleteRole({
-					pathParams: { id: accountId, rid: currentRoles[0].id },
-				});
-				await queryClient.invalidateQueries(
-					getGetServiceAccountRolesQueryKey({ id: accountId }),
-				);
-				return [];
-			}
-			return applyDiff([localRole].filter(Boolean), availableRoles);
-		},
-		[localRole, currentRoles, availableRoles, applyDiff, deleteRole, queryClient],
+	const toSaveApiError = useCallback(
+		(err: unknown): APIError =>
+			convertToApiError(err as AxiosError<RenderErrorResponseDTO>) ??
+			toAPIError(err as AxiosError<RenderErrorResponseDTO>),
+		[],
 	);
 
 	const retryNameUpdate = useCallback(async (): Promise<void> => {
@@ -220,7 +180,14 @@ function ServiceAccountDrawer({
 				),
 			);
 		}
-	}, [account, localName, updateMutateAsync, refetchAccount, queryClient]);
+	}, [
+		account,
+		localName,
+		updateMutateAsync,
+		refetchAccount,
+		queryClient,
+		toSaveApiError,
+	]);
 
 	const handleNameChange = useCallback((name: string): void => {
 		setLocalName(name);
@@ -243,39 +210,29 @@ function ServiceAccountDrawer({
 				);
 			}
 		},
-		[],
-	);
-
-	const clearRoleErrors = useCallback((): void => {
-		setSaveErrors((prev) =>
-			prev.filter(
-				(e) => e.context !== 'Roles update' && !e.context.startsWith("Role '"),
-			),
-		);
-	}, []);
-
-	const failuresToSaveErrors = useCallback(
-		(failures: RoleUpdateFailure[]): SaveError[] =>
-			failures.map((f) => {
-				const ctx = `Role '${f.roleName}'`;
-				return {
-					context: ctx,
-					apiError: toSaveApiError(f.error),
-					onRetry: makeRoleRetry(ctx, f.onRetry),
-				};
-			}),
-		[makeRoleRetry],
+		[toSaveApiError],
 	);
 
 	const retryRolesUpdate = useCallback(async (): Promise<void> => {
 		try {
-			const failures = await executeRolesOperation(selectedAccountId ?? '');
+			const failures = await applyDiff(
+				[localRole].filter(Boolean),
+				availableRoles,
+			);
 			if (failures.length === 0) {
 				setSaveErrors((prev) => prev.filter((e) => e.context !== 'Roles update'));
 			} else {
 				setSaveErrors((prev) => {
 					const rest = prev.filter((e) => e.context !== 'Roles update');
-					return [...rest, ...failuresToSaveErrors(failures)];
+					const roleErrors = failures.map((f) => {
+						const ctx = `Role '${f.roleName}'`;
+						return {
+							context: ctx,
+							apiError: toSaveApiError(f.error),
+							onRetry: makeRoleRetry(ctx, f.onRetry),
+						};
+					});
+					return [...rest, ...roleErrors];
 				});
 			}
 		} catch (err) {
@@ -285,7 +242,7 @@ function ServiceAccountDrawer({
 				),
 			);
 		}
-	}, [selectedAccountId, executeRolesOperation, failuresToSaveErrors]);
+	}, [localRole, availableRoles, applyDiff, toSaveApiError, makeRoleRetry]);
 
 	const handleSave = useCallback(async (): Promise<void> => {
 		if (!account || !isDirty) {
@@ -304,7 +261,7 @@ function ServiceAccountDrawer({
 
 			const [nameResult, rolesResult] = await Promise.allSettled([
 				namePromise,
-				executeRolesOperation(account.id),
+				applyDiff([localRole].filter(Boolean), availableRoles),
 			]);
 
 			const errors: SaveError[] = [];
@@ -324,7 +281,14 @@ function ServiceAccountDrawer({
 					onRetry: retryRolesUpdate,
 				});
 			} else {
-				errors.push(...failuresToSaveErrors(rolesResult.value));
+				for (const failure of rolesResult.value) {
+					const context = `Role '${failure.roleName}'`;
+					errors.push({
+						context,
+						apiError: toSaveApiError(failure.error),
+						onRetry: makeRoleRetry(context, failure.onRetry),
+					});
+				}
 			}
 
 			if (errors.length > 0) {
@@ -346,14 +310,17 @@ function ServiceAccountDrawer({
 		account,
 		isDirty,
 		localName,
+		localRole,
+		availableRoles,
 		updateMutateAsync,
-		executeRolesOperation,
+		applyDiff,
 		refetchAccount,
 		onSuccess,
 		queryClient,
+		toSaveApiError,
 		retryNameUpdate,
+		makeRoleRetry,
 		retryRolesUpdate,
-		failuresToSaveErrors,
 	]);
 
 	const handleClose = useCallback((): void => {
@@ -446,10 +413,7 @@ function ServiceAccountDrawer({
 								localName={localName}
 								onNameChange={handleNameChange}
 								localRole={localRole}
-								onRoleChange={(role): void => {
-									setLocalRole(role ?? '');
-									clearRoleErrors();
-								}}
+								onRoleChange={setLocalRole}
 								isDisabled={isDeleted}
 								availableRoles={availableRoles}
 								rolesLoading={rolesLoading}

frontend/src/components/ServiceAccountDrawer/__tests__/ServiceAccountDrawer.test.tsx

@@ -390,42 +390,6 @@ describe('ServiceAccountDrawer – save-error UX', () => {
 		).toBeInTheDocument();
 	});
 
-	it('role add retries on 429 then succeeds without showing an error', async () => {
-		const user = userEvent.setup({ pointerEventsCheck: 0 });
-		let roleAddCallCount = 0;
-
-		// First call → 429, second call → 200
-		server.use(
-			rest.post(SA_ROLES_ENDPOINT, (_, res, ctx) => {
-				roleAddCallCount += 1;
-				if (roleAddCallCount === 1) {
-					return res(ctx.status(429), ctx.json({ message: 'Too Many Requests' }));
-				}
-				return res(ctx.status(200), ctx.json({ status: 'success', data: {} }));
-			}),
-		);
-
-		renderDrawer();
-
-		await screen.findByDisplayValue('CI Bot');
-
-		await user.click(screen.getByLabelText('Roles'));
-		await user.click(await screen.findByTitle('signoz-viewer'));
-
-		const saveBtn = screen.getByRole('button', { name: /Save Changes/i });
-		await waitFor(() => expect(saveBtn).not.toBeDisabled());
-		await user.click(saveBtn);
-
-		// Retried after 429 — at least 2 calls, no error shown
-		await waitFor(
-			() => {
-				expect(roleAddCallCount).toBeGreaterThanOrEqual(2);
-			},
-			{ timeout: 5000 },
-		);
-		expect(screen.queryByText(/role assign failed/i)).not.toBeInTheDocument();
-	});
-
 	it('clicking Retry on a name-update error re-triggers the request; on success the error item is removed', async () => {
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
 

frontend/src/container/Home/Home.tsx

@@ -264,22 +264,20 @@ export default function Home(): JSX.Element {
 
 	return (
 		<div className="home-container">
-			{user?.role === USER_ROLES.ADMIN && (
-				<PersistedAnnouncementBanner
-					type="info"
-					storageKey={LOCALSTORAGE.DISMISSED_API_KEYS_DEPRECATION_BANNER}
-					action={{
-						label: 'Go to Service Accounts',
-						onClick: (): void => history.push(ROUTES.SERVICE_ACCOUNTS_SETTINGS),
-					}}
-				>
-					<>
-						<strong>API keys</strong> have been deprecated in favour of{' '}
-						<strong>Service accounts</strong>. The existing API Keys have been
-						migrated to service accounts.
-					</>
-				</PersistedAnnouncementBanner>
-			)}
+			<PersistedAnnouncementBanner
+				type="info"
+				storageKey={LOCALSTORAGE.DISMISSED_API_KEYS_DEPRECATION_BANNER}
+				action={{
+					label: 'Go to Service Accounts',
+					onClick: (): void => history.push(ROUTES.SERVICE_ACCOUNTS_SETTINGS),
+				}}
+			>
+				<>
+					<strong>API keys</strong> have been deprecated in favour of{' '}
+					<strong>Service accounts</strong>. The existing API Keys have been migrated
+					to service accounts.
+				</>
+			</PersistedAnnouncementBanner>
 
 			<div className="sticky-header">
 				<Header

frontend/src/container/MembersSettings/MembersSettings.tsx

@@ -51,8 +51,6 @@ function MembersSettings(): JSX.Element {
 
 		if (filterMode === FilterMode.Invited) {
 			result = result.filter((m) => m.status === MemberStatus.Invited);
-		} else if (filterMode === FilterMode.Deleted) {
-			result = result.filter((m) => m.status === MemberStatus.Deleted);
 		}
 
 		if (searchQuery.trim()) {
@@ -91,9 +89,6 @@ function MembersSettings(): JSX.Element {
 	const pendingCount = allMembers.filter(
 		(m) => m.status === MemberStatus.Invited,
 	).length;
-	const deletedCount = allMembers.filter(
-		(m) => m.status === MemberStatus.Deleted,
-	).length;
 	const totalCount = allMembers.length;
 
 	const filterMenuItems: MenuProps['items'] = [
@@ -123,27 +118,12 @@ function MembersSettings(): JSX.Element {
 				setPage(1);
 			},
 		},
-		{
-			key: FilterMode.Deleted,
-			label: (
-				<div className="members-filter-option">
-					<span>Deleted ⎯ {deletedCount}</span>
-					{filterMode === FilterMode.Deleted && <Check size={14} />}
-				</div>
-			),
-			onClick: (): void => {
-				setFilterMode(FilterMode.Deleted);
-				setPage(1);
-			},
-		},
 	];
 
 	const filterLabel =
 		filterMode === FilterMode.All
 			? `All members ⎯ ${totalCount}`
-			: filterMode === FilterMode.Invited
-			? `Pending invites ⎯ ${pendingCount}`
-			: `Deleted ⎯ ${deletedCount}`;
+			: `Pending invites ⎯ ${pendingCount}`;
 
 	const handleInviteComplete = useCallback((): void => {
 		refetchUsers();

frontend/src/container/MembersSettings/__tests__/MembersSettings.integration.test.tsx

@@ -117,14 +117,14 @@ describe('MembersSettings (integration)', () => {
 		await screen.findByText('Member Details');
 	});
 
-	it('opens EditMemberDrawer when a deleted member row is clicked', async () => {
+	it('does not open EditMemberDrawer when a deleted member row is clicked', async () => {
 		const user = userEvent.setup({ pointerEventsCheck: 0 });
 
 		render(<MembersSettings />);
 
 		await user.click(await screen.findByText('Dave Deleted'));
 
-		expect(screen.queryByText('Member Details')).toBeInTheDocument();
+		expect(screen.queryByText('Member Details')).not.toBeInTheDocument();
 	});
 
 	it('opens InviteMembersModal when "Invite member" button is clicked', async () => {

frontend/src/container/MembersSettings/utils.ts

@@ -1,7 +1,6 @@
 export enum FilterMode {
 	All = 'all',
 	Invited = 'invited',
-	Deleted = 'deleted',
 }
 
 export enum MemberStatus {

frontend/src/container/OrganizationSettings/DisplayName/DisplayName.styles.scss

@@ -1,16 +0,0 @@
-.display-name-form {
-	.form-field {
-		margin-bottom: var(--spacing-8);
-
-		label {
-			display: block;
-			margin-bottom: var(--spacing-4);
-		}
-	}
-
-	.field-error {
-		color: var(--destructive);
-		margin-top: var(--spacing-2);
-		font-size: var(--font-size-xs);
-	}
-}

frontend/src/container/OrganizationSettings/DisplayName/__tests__/DisplayName.test.tsx

@@ -1,78 +0,0 @@
-import { toast } from '@signozhq/sonner';
-import { rest, server } from 'mocks-server/server';
-import {
-	fireEvent,
-	render,
-	screen,
-	userEvent,
-	waitFor,
-} from 'tests/test-utils';
-
-import DisplayName from '../index';
-
-jest.mock('@signozhq/sonner', () => ({
-	toast: {
-		success: jest.fn(),
-		error: jest.fn(),
-	},
-}));
-
-const ORG_ME_ENDPOINT = '*/api/v2/orgs/me';
-
-const defaultProps = { index: 0, id: 'does-not-matter-id' };
-
-describe('DisplayName', () => {
-	beforeEach(() => {
-		jest.clearAllMocks();
-	});
-
-	afterEach(() => {
-		server.resetHandlers();
-	});
-
-	it('renders form pre-filled with org displayName from context', async () => {
-		render(<DisplayName {...defaultProps} />);
-
-		const input = await screen.findByRole('textbox');
-		expect(input).toHaveValue('Pentagon');
-
-		expect(screen.getByRole('button', { name: /submit/i })).toBeDisabled();
-	});
-
-	it('enables submit and calls PUT when display name is changed', async () => {
-		const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-		server.use(rest.put(ORG_ME_ENDPOINT, (_, res, ctx) => res(ctx.status(200))));
-
-		render(<DisplayName {...defaultProps} />);
-
-		const input = await screen.findByRole('textbox');
-		await user.clear(input);
-		await user.type(input, 'New Org Name');
-
-		const submitBtn = screen.getByRole('button', { name: /submit/i });
-		expect(submitBtn).toBeEnabled();
-
-		await user.click(submitBtn);
-
-		await waitFor(() => {
-			expect(toast.success).toHaveBeenCalled();
-		});
-	});
-
-	it('shows validation error when display name is cleared and submitted', async () => {
-		const user = userEvent.setup({ pointerEventsCheck: 0 });
-
-		render(<DisplayName {...defaultProps} />);
-
-		const input = await screen.findByRole('textbox');
-		await user.clear(input);
-
-		const form = input.closest('form') as HTMLFormElement;
-		fireEvent.submit(form);
-
-		await waitFor(() => {
-			expect(screen.getByText(/missing display name/i)).toBeInTheDocument();
-		});
-	});
-});

frontend/src/container/OrganizationSettings/DisplayName/index.tsx

@@ -1,57 +1,21 @@
-import { useEffect } from 'react';
-import { Controller, useForm } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 import { toast } from '@signozhq/sonner';
-import { Button, Input } from 'antd';
+import { Button, Form, Input } from 'antd';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
-import {
-	useGetMyOrganization,
-	useUpdateMyOrganization,
-} from 'api/generated/services/orgs';
+import { useUpdateMyOrganization } from 'api/generated/services/orgs';
 import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
 import { AxiosError } from 'axios';
 import { useAppContext } from 'providers/App/App';
 import { IUser } from 'providers/App/types';
-import { useErrorModal } from 'providers/ErrorModalProvider';
-import APIError from 'types/api/error';
-import { USER_ROLES } from 'types/roles';
 import { requireErrorMessage } from 'utils/form/requireErrorMessage';
 
-import './DisplayName.styles.scss';
-
 function DisplayName({ index, id: orgId }: DisplayNameProps): JSX.Element {
+	const [form] = Form.useForm<FormValues>();
+	const orgName = Form.useWatch('displayName', form);
+
 	const { t } = useTranslation(['organizationsettings', 'common']);
-	const { showErrorModal } = useErrorModal();
-	const { org, updateOrg, user } = useAppContext();
-	const currentOrg = (org || [])[index];
-	const isAdmin = user.role === USER_ROLES.ADMIN;
-
-	const { data: orgData } = useGetMyOrganization({
-		query: {
-			enabled: isAdmin && !currentOrg?.displayName,
-		},
-	});
-
-	const displayName =
-		currentOrg?.displayName ?? orgData?.data?.displayName ?? '';
-
-	const {
-		control,
-		handleSubmit,
-		watch,
-		getValues,
-		setValue,
-	} = useForm<FormValues>({
-		defaultValues: { displayName },
-	});
-
-	const orgName = watch('displayName');
-
-	useEffect(() => {
-		if (displayName && !getValues('displayName')) {
-			setValue('displayName', displayName);
-		}
-	}, [displayName, getValues, setValue]);
+	const { org, updateOrg } = useAppContext();
+	const { displayName } = (org || [])[index];
 
 	const {
 		mutateAsync: updateMyOrganization,
@@ -66,16 +30,20 @@ function DisplayName({ index, id: orgId }: DisplayNameProps): JSX.Element {
 				updateOrg(orgId, data.displayName ?? '');
 			},
 			onError: (error) => {
-				showErrorModal(
-					convertToApiError(error as AxiosError<RenderErrorResponseDTO>) as APIError,
+				const apiError = convertToApiError(
+					error as AxiosError<RenderErrorResponseDTO>,
+				);
+				toast.error(
+					apiError?.getErrorMessage() ?? t('something_went_wrong', { ns: 'common' }),
+					{ richColors: true, position: 'top-right' },
 				);
 			},
 		},
 	});
 
 	const onSubmit = async (values: FormValues): Promise<void> => {
-		const { displayName: name } = values;
-		await updateMyOrganization({ data: { id: orgId, displayName: name } });
+		const { displayName } = values;
+		await updateMyOrganization({ data: { id: orgId, displayName } });
 	};
 
 	if (!org) {
@@ -85,34 +53,21 @@ function DisplayName({ index, id: orgId }: DisplayNameProps): JSX.Element {
 	const isDisabled = isLoading || orgName === displayName || !orgName;
 
 	return (
-		<form
-			className="display-name-form"
-			onSubmit={handleSubmit(onSubmit)}
+		<Form
+			initialValues={{ displayName }}
+			form={form}
+			layout="vertical"
+			onFinish={onSubmit}
 			autoComplete="off"
 		>
-			<div className="form-field">
-				<label htmlFor="displayName">Display name</label>
-				<Controller
-					name="displayName"
-					control={control}
-					rules={{ required: requireErrorMessage('Display name') }}
-					render={({ field, fieldState }): JSX.Element => (
-						<>
-							<Input
-								{...field}
-								id="displayName"
-								size="large"
-								placeholder={t('signoz')}
-								status={fieldState.error ? 'error' : ''}
-							/>
-							{fieldState.error && (
-								<div className="field-error">{fieldState.error.message}</div>
-							)}
-						</>
-					)}
-				/>
-			</div>
-			<div>
+			<Form.Item
+				name="displayName"
+				label="Display name"
+				rules={[{ required: true, message: requireErrorMessage('Display name') }]}
+			>
+				<Input size="large" placeholder={t('signoz')} />
+			</Form.Item>
+			<Form.Item>
 				<Button
 					loading={isLoading}
 					disabled={isDisabled}
@@ -121,8 +76,8 @@ function DisplayName({ index, id: orgId }: DisplayNameProps): JSX.Element {
 				>
 					Submit
 				</Button>
-			</div>
-		</form>
+			</Form.Item>
+		</Form>
 	);
 }
 

frontend/src/hooks/member/useMemberRoleManager.ts

@@ -1,7 +1,6 @@
 import { useCallback, useMemo } from 'react';
 import type { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
 import { useGetUser, useSetRoleByUserID } from 'api/generated/services/users';
-import { retryOn429 } from 'utils/errorUtils';
 
 export interface MemberRoleUpdateFailure {
 	roleName: string;
@@ -39,9 +38,7 @@ export function useMemberRoleManager(
 		[currentUserRoles],
 	);
 
-	const { mutateAsync: setRole } = useSetRoleByUserID({
-		mutation: { retry: retryOn429 },
-	});
+	const { mutateAsync: setRole } = useSetRoleByUserID();
 
 	const applyDiff = useCallback(
 		async (

frontend/src/hooks/serviceAccount/useServiceAccountRoleManager.ts

@@ -6,12 +6,6 @@ import {
 	useGetServiceAccountRoles,
 } from 'api/generated/services/serviceaccount';
 import type { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
-import { retryOn429 } from 'utils/errorUtils';
-
-const enum PromiseStatus {
-	Fulfilled = 'fulfilled',
-	Rejected = 'rejected',
-}
 
 export interface RoleUpdateFailure {
 	roleName: string;
@@ -40,9 +34,7 @@ export function useServiceAccountRoleManager(
 	]);
 
 	// the retry for these mutations is safe due to being idempotent on backend
-	const { mutateAsync: createRole } = useCreateServiceAccountRole({
-		mutation: { retry: retryOn429 },
-	});
+	const { mutateAsync: createRole } = useCreateServiceAccountRole();
 
 	const invalidateRoles = useCallback(
 		() =>
@@ -81,16 +73,11 @@ export function useServiceAccountRoleManager(
 				allOperations.map((op) => op.run()),
 			);
 
-			const successCount = results.filter(
-				(r) => r.status === PromiseStatus.Fulfilled,
-			).length;
-			if (successCount > 0) {
-				await invalidateRoles();
-			}
+			await invalidateRoles();
 
 			const failures: RoleUpdateFailure[] = [];
 			results.forEach((result, index) => {
-				if (result.status === PromiseStatus.Rejected) {
+				if (result.status === 'rejected') {
 					const { role, run } = allOperations[index];
 					failures.push({
 						roleName: role.name ?? 'unknown',

frontend/src/providers/App/App.tsx

@@ -12,6 +12,7 @@ import {
 import { useQuery } from 'react-query';
 import getLocalStorageApi from 'api/browser/localstorage/get';
 import setLocalStorageApi from 'api/browser/localstorage/set';
+import { useGetMyOrganization } from 'api/generated/services/orgs';
 import { useGetMyUser } from 'api/generated/services/users';
 import listOrgPreferences from 'api/v1/org/preferences/list';
 import listUserPreferences from 'api/v1/user/preferences/list';
@@ -84,6 +85,14 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 		query: { enabled: isLoggedIn },
 	});
 
+	const {
+		data: orgData,
+		isFetching: isFetchingOrgData,
+		error: orgFetchDataError,
+	} = useGetMyOrganization({
+		query: { enabled: isLoggedIn },
+	});
+
 	const {
 		permissions: permissionsResult,
 		isFetching: isFetchingPermissions,
@@ -93,8 +102,10 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 		enabled: isLoggedIn,
 	});
 
-	const isFetchingUser = isFetchingUserData || isFetchingPermissions;
-	const userFetchError = userFetchDataError || errorOnPermissions;
+	const isFetchingUser =
+		isFetchingUserData || isFetchingOrgData || isFetchingPermissions;
+	const userFetchError =
+		userFetchDataError || orgFetchDataError || errorOnPermissions;
 
 	const userRole = useMemo(() => {
 		if (permissionsResult?.[IsAdminPermission]?.isGranted) {
@@ -134,40 +145,39 @@ export function AppProvider({ children }: PropsWithChildren): JSX.Element {
 				createdAt: toISOString(userData.data.createdAt) ?? prev.createdAt,
 				updatedAt: toISOString(userData.data.updatedAt) ?? prev.updatedAt,
 			}));
+		}
+	}, [userData, isFetchingUserData]);
 
-			// todo: we need to update the org name as well, we should have the [admin only role restriction on the get org api call] - BE input needed
-			setOrg((prev): any => {
+	useEffect(() => {
+		if (!isFetchingOrgData && orgData?.data) {
+			const { id: orgId, displayName: orgDisplayName } = orgData.data;
+			setOrg((prev) => {
 				if (!prev) {
-					return [
-						{
-							createdAt: 0,
-							id: userData.data.orgId,
-						},
-					];
+					return [{ createdAt: 0, id: orgId, displayName: orgDisplayName ?? '' }];
 				}
-				const orgIndex = prev.findIndex((e) => e.id === userData.data.orgId);
+				const orgIndex = prev.findIndex((e) => e.id === orgId);
 
 				if (orgIndex === -1) {
 					return [
 						...prev,
-						{
-							createdAt: 0,
-							id: userData.data.orgId,
-						},
+						{ createdAt: 0, id: orgId, displayName: orgDisplayName ?? '' },
 					];
 				}
 
-				return [
+				const updatedOrg: Organization[] = [
 					...prev.slice(0, orgIndex),
-					{
-						createdAt: 0,
-						id: userData.data.orgId,
-					},
+					{ createdAt: 0, id: orgId, displayName: orgDisplayName ?? '' },
 					...prev.slice(orgIndex + 1),
 				];
+				return updatedOrg;
 			});
+
+			setDefaultUser((prev) => ({
+				...prev,
+				organization: orgDisplayName ?? prev.organization,
+			}));
 		}
-	}, [userData, isFetchingUserData]);
+	}, [orgData, isFetchingOrgData]);
 
 	// fetcher for licenses v3
 	const {

frontend/src/providers/App/__tests__/App.test.tsx

@@ -281,6 +281,48 @@ describe('AppProvider user and org data from v2 APIs', () => {
 		);
 	});
 
+	it('populates org state from GET /api/v2/orgs/me', async () => {
+		server.use(
+			rest.get(MY_ORG_URL, (_, res, ctx) =>
+				res(
+					ctx.status(200),
+					ctx.json({
+						data: {
+							id: 'org-abc',
+							displayName: 'My Org',
+						},
+					}),
+				),
+			),
+			rest.get(MY_USER_URL, (_, res, ctx) =>
+				res(
+					ctx.status(200),
+					ctx.json({ data: { id: 'u-default', email: 'default@signoz.io' } }),
+				),
+			),
+			rest.post(AUTHZ_CHECK_URL, async (req, res, ctx) => {
+				const payload = await req.json();
+				return res(
+					ctx.status(200),
+					ctx.json(authzMockResponse(payload, [false, false, false])),
+				);
+			}),
+		);
+
+		const wrapper = createWrapper();
+		const { result } = renderHook(() => useAppContext(), { wrapper });
+
+		await waitFor(
+			() => {
+				expect(result.current.org).not.toBeNull();
+				const org = result.current.org?.[0];
+				expect(org?.id).toBe('org-abc');
+				expect(org?.displayName).toBe('My Org');
+			},
+			{ timeout: 2000 },
+		);
+	});
+
 	it('sets isFetchingUser false once both user and org calls complete', async () => {
 		server.use(
 			rest.get(MY_USER_URL, (_, res, ctx) =>

frontend/src/providers/ErrorModalProvider.tsx

@@ -14,7 +14,6 @@ import APIError from 'types/api/error';
 interface ErrorModalContextType {
 	showErrorModal: (error: APIError) => void;
 	hideErrorModal: () => void;
-	isErrorModalVisible: boolean;
 }
 
 const ErrorModalContext = createContext<ErrorModalContextType | undefined>(
@@ -39,10 +38,10 @@ export function ErrorModalProvider({
 		setIsVisible(false);
 	}, []);
 
-	const value = useMemo(
-		() => ({ showErrorModal, hideErrorModal, isErrorModalVisible: isVisible }),
-		[showErrorModal, hideErrorModal, isVisible],
-	);
+	const value = useMemo(() => ({ showErrorModal, hideErrorModal }), [
+		showErrorModal,
+		hideErrorModal,
+	]);
 
 	return (
 		<ErrorModalContext.Provider value={value}>

frontend/src/utils/errorUtils.test.ts

@@ -1,45 +0,0 @@
-import { AxiosError } from 'axios';
-
-import { retryOn429 } from './errorUtils';
-
-describe('retryOn429', () => {
-	const make429 = (): AxiosError =>
-		Object.assign(new AxiosError('Too Many Requests'), {
-			response: { status: 429 },
-		}) as AxiosError;
-
-	it('returns true on first failure (failureCount=0) for 429', () => {
-		expect(retryOn429(0, make429())).toBe(true);
-	});
-
-	it('returns true on second failure (failureCount=1) for 429', () => {
-		expect(retryOn429(1, make429())).toBe(true);
-	});
-
-	it('returns false on third failure (failureCount=2) for 429 — max retries reached', () => {
-		expect(retryOn429(2, make429())).toBe(false);
-	});
-
-	it('returns false for non-429 axios errors', () => {
-		const err = Object.assign(new AxiosError('Server Error'), {
-			response: { status: 500 },
-		}) as AxiosError;
-		expect(retryOn429(0, err)).toBe(false);
-	});
-
-	it('returns false for 401 axios errors', () => {
-		const err = Object.assign(new AxiosError('Unauthorized'), {
-			response: { status: 401 },
-		}) as AxiosError;
-		expect(retryOn429(0, err)).toBe(false);
-	});
-
-	it('returns false for non-axios errors', () => {
-		expect(retryOn429(0, new Error('network error'))).toBe(false);
-	});
-
-	it('returns false for null/undefined errors', () => {
-		expect(retryOn429(0, null)).toBe(false);
-		expect(retryOn429(0, undefined)).toBe(false);
-	});
-});

frontend/src/utils/errorUtils.ts

@@ -1,7 +1,6 @@
 import { ErrorResponseHandlerForGeneratedAPIs } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
 import { ErrorType } from 'api/generatedAPIInstance';
-import { AxiosError } from 'axios';
 import APIError from 'types/api/error';
 
 /**
@@ -67,10 +66,3 @@ export function handleApiError(
 		showErrorFunction(apiError as APIError);
 	}
 }
-
-export const retryOn429 = (failureCount: number, error: unknown): boolean => {
-	if (error instanceof AxiosError && error.response?.status === 429) {
-		return failureCount < 2;
-	}
-	return false;
-};

go.mod

@@ -5,7 +5,7 @@ go 1.25.0
 require (
 	dario.cat/mergo v1.0.2
 	github.com/AfterShip/clickhouse-sql-parser v0.4.16
-	github.com/ClickHouse/clickhouse-go/v2 v2.43.0
+	github.com/ClickHouse/clickhouse-go/v2 v2.40.1
 	github.com/DATA-DOG/go-sqlmock v1.5.2
 	github.com/SigNoz/govaluate v0.0.0-20240203125216-988004ccc7fd
 	github.com/SigNoz/signoz-otel-collector v0.144.2
@@ -28,15 +28,15 @@ require (
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674
 	github.com/huandu/go-sqlbuilder v1.35.0
-	github.com/jackc/pgx/v5 v5.9.1
+	github.com/jackc/pgx/v5 v5.7.6
 	github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12
 	github.com/knadh/koanf v1.5.0
 	github.com/knadh/koanf/v2 v2.3.2
 	github.com/mailru/easyjson v0.9.0
 	github.com/open-telemetry/opamp-go v0.22.0
 	github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza v0.144.0
-	github.com/openfga/api/proto v0.0.0-20260319214821-f153694bfc20
-	github.com/openfga/language/pkg/go v0.2.0-beta.2.0.20251202173232-1e8bf16f1dce
+	github.com/openfga/api/proto v0.0.0-20250909172242-b4b2a12f5c67
+	github.com/openfga/language/pkg/go v0.2.0-beta.2.0.20251027165255-0f8f255e5f6c
 	github.com/opentracing/opentracing-go v1.2.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/alertmanager v0.31.0
@@ -68,26 +68,26 @@ require (
 	go.opentelemetry.io/collector/pdata v1.51.0
 	go.opentelemetry.io/contrib/config v0.10.0
 	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.63.0
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0
-	go.opentelemetry.io/otel v1.42.0
-	go.opentelemetry.io/otel/metric v1.42.0
-	go.opentelemetry.io/otel/sdk v1.42.0
-	go.opentelemetry.io/otel/trace v1.42.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0
+	go.opentelemetry.io/otel v1.40.0
+	go.opentelemetry.io/otel/metric v1.40.0
+	go.opentelemetry.io/otel/sdk v1.40.0
+	go.opentelemetry.io/otel/trace v1.40.0
 	go.uber.org/multierr v1.11.0
 	go.uber.org/zap v1.27.1
-	golang.org/x/crypto v0.48.0
-	golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa
-	golang.org/x/net v0.51.0
-	golang.org/x/oauth2 v0.35.0
-	golang.org/x/sync v0.20.0
-	golang.org/x/text v0.34.0
+	golang.org/x/crypto v0.47.0
+	golang.org/x/exp v0.0.0-20260112195511-716be5621a96
+	golang.org/x/net v0.49.0
+	golang.org/x/oauth2 v0.34.0
+	golang.org/x/sync v0.19.0
+	golang.org/x/text v0.33.0
 	gonum.org/v1/gonum v0.17.0
 	google.golang.org/api v0.265.0
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.35.0
-	modernc.org/sqlite v1.47.0
+	modernc.org/sqlite v1.40.1
 )
 
 require (
@@ -130,7 +130,7 @@ require (
 	github.com/hashicorp/go-metrics v0.5.4 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/ncruces/go-strftime v1.0.0 // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/prometheus/client_golang/exp v0.0.0-20260108101519-fb0838f53562 // indirect
 	github.com/redis/go-redis/extra/rediscmd/v9 v9.15.1 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
@@ -147,7 +147,7 @@ require (
 	go.opentelemetry.io/collector/pdata/xpdata v0.144.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	golang.org/x/arch v0.20.0 // indirect
-	modernc.org/libc v1.70.0 // indirect
+	modernc.org/libc v1.66.10 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 )
@@ -161,7 +161,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.13.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 // indirect
-	github.com/ClickHouse/ch-go v0.71.0 // indirect
+	github.com/ClickHouse/ch-go v0.67.0 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Yiling-J/theine-go v0.6.2 // indirect
 	github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b // indirect
@@ -208,7 +208,7 @@ require (
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v1.0.0 // indirect
 	github.com/google/btree v1.1.3 // indirect
-	github.com/google/cel-go v0.27.0 // indirect
+	github.com/google/cel-go v0.26.1 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.11 // indirect
 	github.com/googleapis/gax-go/v2 v2.16.0 // indirect
@@ -216,7 +216,7 @@ require (
 	github.com/grafana/regexp v0.0.0-20250905093917-f7b3be9d1853 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-msgpack/v2 v2.1.5 // indirect
@@ -237,7 +237,7 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/jpillora/backoff v1.0.0 // indirect
 	github.com/jtolds/gls v4.20.0+incompatible // indirect
-	github.com/klauspost/compress v1.18.4 // indirect
+	github.com/klauspost/compress v1.18.3 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect
@@ -268,14 +268,14 @@ require (
 	github.com/open-telemetry/opentelemetry-collector-contrib/internal/exp/metrics v0.145.0 // indirect
 	github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil v0.145.0 // indirect
 	github.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessor v0.145.0 // indirect
-	github.com/openfga/openfga v1.14.0
-	github.com/paulmach/orb v0.12.0 // indirect
+	github.com/openfga/openfga v1.11.2
+	github.com/paulmach/orb v0.11.1 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
-	github.com/pierrec/lz4/v4 v4.1.25 // indirect
+	github.com/pierrec/lz4/v4 v4.1.23 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/pressly/goose/v3 v3.27.0 // indirect
+	github.com/pressly/goose/v3 v3.26.0 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/exporter-toolkit v0.15.1 // indirect
 	github.com/prometheus/otlptranslator v1.0.0 // indirect
@@ -285,7 +285,7 @@ require (
 	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/sagikazarmark/locafero v0.9.0 // indirect
 	github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
-	github.com/segmentio/asm v1.2.1 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/segmentio/backo-go v1.0.1 // indirect
 	github.com/sethvargo/go-retry v0.3.0 // indirect
 	github.com/shirou/gopsutil/v4 v4.25.12 // indirect
@@ -298,6 +298,7 @@ require (
 	github.com/spf13/cast v1.10.0 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/spf13/viper v1.20.1 // indirect
+	github.com/stoewer/go-strcase v1.3.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/swaggest/openapi-go v0.2.60
@@ -361,27 +362,27 @@ require (
 	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.14.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.39.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.39.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.42.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 // indirect
 	go.opentelemetry.io/otel/exporters/prometheus v0.60.0
 	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.14.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.39.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.39.0 // indirect
 	go.opentelemetry.io/otel/log v0.15.0 // indirect
 	go.opentelemetry.io/otel/sdk/log v0.14.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.42.0
-	go.opentelemetry.io/proto/otlp v1.10.0
+	go.opentelemetry.io/otel/sdk/metric v1.40.0
+	go.opentelemetry.io/proto/otlp v1.9.0
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/mock v0.6.0 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/mod v0.33.0 // indirect
-	golang.org/x/sys v0.42.0 // indirect
+	golang.org/x/mod v0.32.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
-	golang.org/x/tools v0.42.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171
-	google.golang.org/grpc v1.79.3 // indirect
+	golang.org/x/tools v0.41.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260203192932-546029d2fa20 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409
+	google.golang.org/grpc v1.78.0 // indirect
 	gopkg.in/telebot.v3 v3.3.8 // indirect
 	k8s.io/client-go v0.35.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect

go.sum

@@ -64,8 +64,8 @@ cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3f
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
 dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo=
-filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc=
+filippo.io/edwards25519 v1.1.1 h1:YpjwWWlNmGIDyXOn8zLzqiD+9TyIlPhGFG96P39uBpw=
+filippo.io/edwards25519 v1.1.1/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/AfterShip/clickhouse-sql-parser v0.4.16 h1:gpl+wXclYUKT0p4+gBq22XeRYWwEoZ9f35vogqMvkLQ=
 github.com/AfterShip/clickhouse-sql-parser v0.4.16/go.mod h1:W0Z82wJWkJxz2RVun/RMwxue3g7ut47Xxl+SFqdJGus=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
@@ -87,10 +87,10 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0 h1:XRzhVemXdgv
 github.com/AzureAD/microsoft-authentication-library-for-go v1.6.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/ClickHouse/ch-go v0.71.0 h1:bUdZ/EZj/LcVHsMqaRUP2holqygrPWQKeMjc6nZoyRM=
-github.com/ClickHouse/ch-go v0.71.0/go.mod h1:NwbNc+7jaqfY58dmdDUbG4Jl22vThgx1cYjBw0vtgXw=
-github.com/ClickHouse/clickhouse-go/v2 v2.43.0 h1:fUR05TrF1GyvLDa/mAQjkx7KbgwdLRffs2n9O3WobtE=
-github.com/ClickHouse/clickhouse-go/v2 v2.43.0/go.mod h1:o6jf7JM/zveWC/PP277BLxjHy5KjnGX/jfljhM4s34g=
+github.com/ClickHouse/ch-go v0.67.0 h1:18MQF6vZHj+4/hTRaK7JbS/TIzn4I55wC+QzO24uiqc=
+github.com/ClickHouse/ch-go v0.67.0/go.mod h1:2MSAeyVmgt+9a2k2SQPPG1b4qbTPzdGDpf1+bcHh+18=
+github.com/ClickHouse/clickhouse-go/v2 v2.40.1 h1:PbwsHBgqXRydU7jKULD1C8CHmifczffvQqmFvltM2W4=
+github.com/ClickHouse/clickhouse-go/v2 v2.40.1/go.mod h1:GDzSBLVhladVm8V01aEB36IoBOVLLICfyeuiIp/8Ezc=
 github.com/Code-Hex/go-generics-cache v1.5.1 h1:6vhZGc5M7Y/YD8cIUcY8kcuQLB4cHR7U+0KMqAA0KcU=
 github.com/Code-Hex/go-generics-cache v1.5.1/go.mod h1:qxcC9kRVrct9rHeiYpFWSoW1vxyillCVzX13KZG8dl4=
 github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=
@@ -235,8 +235,8 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w=
-github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI=
+github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f h1:Y8xYupdHxryycyPlc9Y+bSQAYZnetRJ70VMVKm5CKI0=
+github.com/cncf/xds/go v0.0.0-20251022180443-0feb69152e9f/go.mod h1:HlzOvOjVBOfTGSRXRyY0OiCS/3J1akRGQQpRO/7zyF4=
 github.com/coder/quartz v0.3.0 h1:bUoSEJ77NBfKtUqv6CPSC0AS8dsjqAqqAv7bN02m1mg=
 github.com/coder/quartz v0.3.0/go.mod h1:BgE7DOj/8NfvRgvKw0jPLDQH/2Lya2kxcTaNJ8X0rZk=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
@@ -299,7 +299,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m
 github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
 github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
-github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA=
+github.com/envoyproxy/go-control-plane v0.13.5-0.20251024222203-75eaa193e329 h1:K+fnvUM0VZ7ZFJf0n4L/BRlnsb9pL/GuDG6FqaH+PwM=
 github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g=
 github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
@@ -489,8 +489,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
 github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/cel-go v0.27.0 h1:e7ih85+4qVrBuqQWTW4FKSqZYokVuc3HnhH5keboFTo=
-github.com/google/cel-go v0.27.0/go.mod h1:tTJ11FWqnhw5KKpnWpvW9CJC3Y9GK4EIS0WXnBbebzw=
+github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ=
+github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM=
 github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
 github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -572,8 +572,8 @@ github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3 h1:B+8ClL/kCQkRiU82d9xajR
 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.3.3/go.mod h1:NbCUVmiS4foBGBHOYlCT25+YmGpJ32dZPi75pGEUpj4=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 h1:HWRh5R2+9EifMyIHV7ZV+MIZqgz+PMpZ14Jynv3O2Zs=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0/go.mod h1:JfhWUomR1baixubs02l85lZYYOm7LV6om4ceouMv45c=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 h1:X+2YciYSxvMQK0UZ7sg45ZVabVZBeBuvMkmuI2V3Fak=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7/go.mod h1:lW34nIZuQ8UDPdkon5fmfp2l3+ZkQ2me/+oecHYLOII=
 github.com/hashicorp/consul/api v1.12.0/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0=
 github.com/hashicorp/consul/api v1.13.0/go.mod h1:ZlVrynguJKcYr54zGaDbaL3fOvKC9m72FhPvA8T35KQ=
 github.com/hashicorp/consul/api v1.32.1 h1:0+osr/3t/aZNAdJX558crU3PEjVrG4x6715aZHRgceE=
@@ -672,8 +672,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.9.1 h1:uwrxJXBnx76nyISkhr33kQLlUqjv7et7b9FjCen/tdc=
-github.com/jackc/pgx/v5 v5.9.1/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
+github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk=
+github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jessevdk/go-flags v1.6.1 h1:Cvu5U8UGrLay1rZfv/zP7iLpSHGUZ/Ou68T0iX1bBK4=
@@ -711,8 +711,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
-github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/klauspost/compress v1.18.3 h1:9PJRvfbmTabkOX8moIpXPbMMbYN60bWImDDU7L+/6zw=
+github.com/klauspost/compress v1.18.3/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
 github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/knadh/koanf v1.5.0 h1:q2TSd/3Pyc/5yP9ldIrSdIz26MCcyNQzW0pEAugLPNs=
@@ -825,8 +825,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/natefinch/wrap v0.2.0 h1:IXzc/pw5KqxJv55gV0lSOcKHYuEZPGbQrOOXr/bamRk=
 github.com/natefinch/wrap v0.2.0/go.mod h1:6gMHlAl12DwYEfKP3TkuykYUfLSEAvHw67itm4/KAS8=
-github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
-github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
+github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/npillmayer/nestext v0.1.3/go.mod h1:h2lrijH8jpicr25dFY+oAJLyzlya6jhnuG+zWp9L0Uk=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
@@ -867,12 +867,12 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
 github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
-github.com/openfga/api/proto v0.0.0-20260319214821-f153694bfc20 h1:xdVG0EDz9Z9Uhd7YZ5OMN1F8tkAz/Dpgdjxd0cuTBJo=
-github.com/openfga/api/proto v0.0.0-20260319214821-f153694bfc20/go.mod h1:XDX4qYNBUM2Rsa2AbKPh+oocZc2zgme+EF2fFC6amVU=
-github.com/openfga/language/pkg/go v0.2.0-beta.2.0.20251202173232-1e8bf16f1dce h1:9ufUx4ZNLTbk1/VYb7dPGvHyjoAicm4imeVF8OEv3YE=
-github.com/openfga/language/pkg/go v0.2.0-beta.2.0.20251202173232-1e8bf16f1dce/go.mod h1:EbSJVzbk2+UyLx4i1t7Fi1yZEg+2pk2ZdnVg3jas1JA=
-github.com/openfga/openfga v1.14.0 h1:P1nW5LJpaviM3rbgh6AwcF3sUB3h0pdCetQQS5Lxnx4=
-github.com/openfga/openfga v1.14.0/go.mod h1:yMiperTAsSrvUrzCZpLWUsOJGQZNomxM9zSQi63bcds=
+github.com/openfga/api/proto v0.0.0-20250909172242-b4b2a12f5c67 h1:58mhO5nqkdka2Mpg5mijuZOHScX7reowhzRciwjFCU8=
+github.com/openfga/api/proto v0.0.0-20250909172242-b4b2a12f5c67/go.mod h1:XDX4qYNBUM2Rsa2AbKPh+oocZc2zgme+EF2fFC6amVU=
+github.com/openfga/language/pkg/go v0.2.0-beta.2.0.20251027165255-0f8f255e5f6c h1:xPbHNFG8QbPr/fpL7u0MPI0x74/BCLm7Sx02btL1m5Q=
+github.com/openfga/language/pkg/go v0.2.0-beta.2.0.20251027165255-0f8f255e5f6c/go.mod h1:BG26d1Fk4GSg0wMj60TRJ6Pe4ka2WQ33akhO+mzt3t0=
+github.com/openfga/openfga v1.11.2 h1:6vFZSSE0pyyt9qz320BgQLh/sHxZY5nfPOcJ3d5g8Bg=
+github.com/openfga/openfga v1.11.2/go.mod h1:aCDb0gaWsU6dDAdC+zNOR2XC2W3lteGwKSkRWcSjGW8=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
@@ -881,8 +881,8 @@ github.com/ovh/go-ovh v1.9.0/go.mod h1:cTVDnl94z4tl8pP1uZ/8jlVxntjSIf09bNcQ5TJSC
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/paulmach/orb v0.12.0 h1:z+zOwjmG3MyEEqzv92UN49Lg1JFYx0L9GpGKNVDKk1s=
-github.com/paulmach/orb v0.12.0/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
+github.com/paulmach/orb v0.11.1 h1:3koVegMC4X/WeiXYz9iswopaTwMem53NzTJuTF20JzU=
+github.com/paulmach/orb v0.11.1/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
 github.com/paulmach/protoscan v0.2.1/go.mod h1:SpcSwydNLrxUGSDvXvO0P7g7AuhJ7lcKfDlhJCDw2gY=
 github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
@@ -892,8 +892,8 @@ github.com/pelletier/go-toml/v2 v2.0.5/go.mod h1:OMHamSCAODeSsVrwwvcJOaoN0LIUIaF
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pierrec/lz4/v4 v4.1.25 h1:kocOqRffaIbU5djlIBr7Wh+cx82C0vtFb0fOurZHqD0=
-github.com/pierrec/lz4/v4 v4.1.25/go.mod h1:EoQMVJgeeEOMsCqCzqFm2O0cJvljX2nGZjcRIPL34O4=
+github.com/pierrec/lz4/v4 v4.1.23 h1:oJE7T90aYBGtFNrI8+KbETnPymobAhzRrR8Mu8n1yfU=
+github.com/pierrec/lz4/v4 v4.1.23/go.mod h1:EoQMVJgeeEOMsCqCzqFm2O0cJvljX2nGZjcRIPL34O4=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -911,8 +911,8 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/pressly/goose/v3 v3.27.0 h1:/D30gVTuQhu0WsNZYbJi4DMOsx1lNq+6SkLe+Wp59BM=
-github.com/pressly/goose/v3 v3.27.0/go.mod h1:3ZBeCXqzkgIRvrEMDkYh1guvtoJTU5oMMuDdkutoM78=
+github.com/pressly/goose/v3 v3.26.0 h1:KJakav68jdH0WDvoAcj8+n61WqOIaPGgH0bJWS6jpmM=
+github.com/pressly/goose/v3 v3.26.0/go.mod h1:4hC1KrritdCxtuFsqgs1R4AU5bWtTAf+cnWvfhf2DNY=
 github.com/prometheus/alertmanager v0.31.0 h1:DQW02uIUNNiAa9AD9VA5xaFw5D+xrV+bocJc4gN9bEU=
 github.com/prometheus/alertmanager v0.31.0/go.mod h1:zWPQwhbLt2ybee8rL921UONeQ59Oncash+m/hGP17tU=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
@@ -997,8 +997,8 @@ github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624
 github.com/sebdah/goldie/v2 v2.5.3/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI=
 github.com/segmentio/analytics-go/v3 v3.2.1 h1:G+f90zxtc1p9G+WigVyTR0xNfOghOGs/PYAlljLOyeg=
 github.com/segmentio/analytics-go/v3 v3.2.1/go.mod h1:p8owAF8X+5o27jmvUognuXxdtqvSGtD0ZrfY2kcS9bE=
-github.com/segmentio/asm v1.2.1 h1:DTNbBqs57ioxAD4PrArqftgypG4/qNpXoJx8TVXxPR0=
-github.com/segmentio/asm v1.2.1/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
 github.com/segmentio/backo-go v1.0.1 h1:68RQccglxZeyURy93ASB/2kc9QudzgIDexJ927N++y4=
 github.com/segmentio/backo-go v1.0.1/go.mod h1:9/Rh6yILuLysoQnZ2oNooD2g7aBnvM7r/fNVxRNWfBc=
 github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
@@ -1049,6 +1049,8 @@ github.com/srikanthccv/ClickHouse-go-mock v0.13.0 h1:/b7DQphGkh29ocNtLh4DGmQxQYA
 github.com/srikanthccv/ClickHouse-go-mock v0.13.0/go.mod h1:LiiyBUdXNwB/1DE9rgK/8q9qjVYsTzg6WXQ/3mU3TeY=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1 h1:Y/PcAgM7DPYMNqum0MLv4n1mF9ieuevzcCIZYQfm3Ts=
 github.com/stackitcloud/stackit-sdk-go/core v0.21.1/go.mod h1:osMglDby4csGZ5sIfhNyYq1bS1TxIdPY88+skE/kkmI=
+github.com/stoewer/go-strcase v1.3.0 h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=
+github.com/stoewer/go-strcase v1.3.0/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8wodgtPmh1xo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
@@ -1293,16 +1295,16 @@ go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.63
 go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.63.0/go.mod h1:34csimR1lUhdT5HH4Rii9aKPrvBcnFRwxLwcevsU+Kk=
 go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.65.0 h1:ab5U7DpTjjN8pNgwqlA/s0Csb+N2Raqo9eTSDhfg4Z8=
 go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.65.0/go.mod h1:nwFJC46Dxhqz5R9k7IV8To/Z46JPvW+GNKhTxQQlUzg=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 h1:OyrsyzuttWTSur2qN/Lm0m2a8yqyIjUVBZcxFPuXq2o=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0/go.mod h1:C2NGBr+kAB4bk3xtMXfZ94gqFDtg/GkI7e9zqGh5Beg=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0=
 go.opentelemetry.io/contrib/otelconf v0.18.0 h1:ciF2Gf00BWs0DnexKFZXcxg9kJ8r3SUW1LOzW3CsKA8=
 go.opentelemetry.io/contrib/otelconf v0.18.0/go.mod h1:FcP7k+JLwBLdOxS6qY6VQ/4b5VBntI6L6o80IMwhAeI=
 go.opentelemetry.io/contrib/propagators/b3 v1.39.0 h1:PI7pt9pkSnimWcp5sQhUA9OzLbc3Ba4sL+VEUTNsxrk=
 go.opentelemetry.io/contrib/propagators/b3 v1.39.0/go.mod h1:5gV/EzPnfYIwjzj+6y8tbGW2PKWhcsz5e/7twptRVQY=
 go.opentelemetry.io/contrib/zpages v0.63.0 h1:TppOKuZGbqXMgsfjqq3i09N5Vbo1JLtLImUqiTPGnX4=
 go.opentelemetry.io/contrib/zpages v0.63.0/go.mod h1:5F8uugz75ay/MMhRRhxAXY33FuaI8dl7jTxefrIy5qk=
-go.opentelemetry.io/otel v1.42.0 h1:lSQGzTgVR3+sgJDAU/7/ZMjN9Z+vUip7leaqBKy4sho=
-go.opentelemetry.io/otel v1.42.0/go.mod h1:lJNsdRMxCUIWuMlVJWzecSMuNjE7dOYyWlqOXWkdqCc=
+go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
+go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.14.0 h1:OMqPldHt79PqWKOMYIAQs3CxAi7RLgPxwfFSwr4ZxtM=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.14.0/go.mod h1:1biG4qiqTxKiUCtoWDPpL3fB3KxVwCiGw81j3nKMuHE=
 go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.14.0 h1:QQqYw3lkrzwVsoEX0w//EhH/TCnpRdEenKBOOEIMjWc=
@@ -1311,12 +1313,12 @@ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.39.0 h1:cEf
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.39.0/go.mod h1:k1lzV5n5U3HkGvTCJHraTAGJ7MqsgL1wrGwTj1Isfiw=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.39.0 h1:nKP4Z2ejtHn3yShBb+2KawiXgpn8In5cT7aO2wXuOTE=
 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.39.0/go.mod h1:NwjeBbNigsO4Aj9WgM0C+cKIrxsZUaRmZUO7A8I7u8o=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0 h1:THuZiwpQZuHPul65w4WcwEnkX2QIuMT+UFoOrygtoJw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0/go.mod h1:J2pvYM5NGHofZ2/Ru6zw/TNWnEQp5crgyDeSrYpXkAw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.42.0 h1:zWWrB1U6nqhS/k6zYB74CjRpuiitRtLLi68VcgmOEto=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.42.0/go.mod h1:2qXPNBX1OVRC0IwOnfo1ljoid+RD0QK3443EaqVlsOU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0 h1:inYW9ZhgqiDqh6BioM7DVHHzEGVq76Db5897WLGZ5Go=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0/go.mod h1:Izur+Wt8gClgMJqO/cZ8wdeeMryJ/xxiOVgFSSfpDTY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0 h1:QKdN8ly8zEMrByybbQgv8cWBcdAarwmIPZ6FThrWXJs=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0/go.mod h1:bTdK1nhqF76qiPoCCdyFIV+N/sRHYXYCTQc+3VCi3MI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 h1:DvJDOPmSWQHWywQS6lKL+pb8s3gBLOZUtw4N+mavW1I=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0/go.mod h1:EtekO9DEJb4/jRyN4v4Qjc2yA7AtfCBuz2FynRUWTXs=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0 h1:wVZXIWjQSeSmMoxF74LzAnpVQOAFDo3pPji9Y4SOFKc=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.40.0/go.mod h1:khvBS2IggMFNwZK/6lEeHg/W57h/IX6J4URh57fuI40=
 go.opentelemetry.io/otel/exporters/prometheus v0.60.0 h1:cGtQxGvZbnrWdC2GyjZi0PDKVSLWP/Jocix3QWfXtbo=
 go.opentelemetry.io/otel/exporters/prometheus v0.60.0/go.mod h1:hkd1EekxNo69PTV4OWFGZcKQiIqg0RfuWExcPKFvepk=
 go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.14.0 h1:B/g+qde6Mkzxbry5ZZag0l7QrQBCtVm7lVjaLgmpje8=
@@ -1329,21 +1331,21 @@ go.opentelemetry.io/otel/log v0.15.0 h1:0VqVnc3MgyYd7QqNVIldC3dsLFKgazR6P3P3+ypk
 go.opentelemetry.io/otel/log v0.15.0/go.mod h1:9c/G1zbyZfgu1HmQD7Qj84QMmwTp2QCQsZH1aeoWDE4=
 go.opentelemetry.io/otel/log/logtest v0.14.0 h1:BGTqNeluJDK2uIHAY8lRqxjVAYfqgcaTbVk1n3MWe5A=
 go.opentelemetry.io/otel/log/logtest v0.14.0/go.mod h1:IuguGt8XVP4XA4d2oEEDMVDBBCesMg8/tSGWDjuKfoA=
-go.opentelemetry.io/otel/metric v1.42.0 h1:2jXG+3oZLNXEPfNmnpxKDeZsFI5o4J+nz6xUlaFdF/4=
-go.opentelemetry.io/otel/metric v1.42.0/go.mod h1:RlUN/7vTU7Ao/diDkEpQpnz3/92J9ko05BIwxYa2SSI=
-go.opentelemetry.io/otel/sdk v1.42.0 h1:LyC8+jqk6UJwdrI/8VydAq/hvkFKNHZVIWuslJXYsDo=
-go.opentelemetry.io/otel/sdk v1.42.0/go.mod h1:rGHCAxd9DAph0joO4W6OPwxjNTYWghRWmkHuGbayMts=
+go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
+go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
+go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
+go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
 go.opentelemetry.io/otel/sdk/log v0.14.0 h1:JU/U3O7N6fsAXj0+CXz21Czg532dW2V4gG1HE/e8Zrg=
 go.opentelemetry.io/otel/sdk/log v0.14.0/go.mod h1:imQvII+0ZylXfKU7/wtOND8Hn4OpT3YUoIgqJVksUkM=
 go.opentelemetry.io/otel/sdk/log/logtest v0.14.0 h1:Ijbtz+JKXl8T2MngiwqBlPaHqc4YCaP/i13Qrow6gAM=
 go.opentelemetry.io/otel/sdk/log/logtest v0.14.0/go.mod h1:dCU8aEL6q+L9cYTqcVOk8rM9Tp8WdnHOPLiBgp0SGOA=
-go.opentelemetry.io/otel/sdk/metric v1.42.0 h1:D/1QR46Clz6ajyZ3G8SgNlTJKBdGp84q9RKCAZ3YGuA=
-go.opentelemetry.io/otel/sdk/metric v1.42.0/go.mod h1:Ua6AAlDKdZ7tdvaQKfSmnFTdHx37+J4ba8MwVCYM5hc=
-go.opentelemetry.io/otel/trace v1.42.0 h1:OUCgIPt+mzOnaUTpOQcBiM/PLQ/Op7oq6g4LenLmOYY=
-go.opentelemetry.io/otel/trace v1.42.0/go.mod h1:f3K9S+IFqnumBkKhRJMeaZeNk9epyhnCmQh/EysQCdc=
+go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
+go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
+go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
+go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.opentelemetry.io/proto/otlp v1.10.0 h1:IQRWgT5srOCYfiWnpqUYz9CVmbO8bFmKcwYxpuCSL2g=
-go.opentelemetry.io/proto/otlp v1.10.0/go.mod h1:/CV4QoCR/S9yaPj8utp3lvQPoqMtxXdzn7ozvvozVqk=
+go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
+go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.opentelemetry.io/proto/slim/otlp v1.9.0 h1:fPVMv8tP3TrsqlkH1HWYUpbCY9cAIemx184VGkS6vlE=
 go.opentelemetry.io/proto/slim/otlp v1.9.0/go.mod h1:xXdeJJ90Gqyll+orzUkY4bOd2HECo5JofeoLpymVqdI=
 go.opentelemetry.io/proto/slim/otlp/collector/profiles/v1development v0.2.0 h1:o13nadWDNkH/quoDomDUClnQBpdQQ2Qqv0lQBjIXjE8=
@@ -1383,8 +1385,8 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
-golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1395,8 +1397,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa h1:Zt3DZoOFFYkKhDT3v7Lm9FDMEV06GpzjG2jrqW+QTE0=
-golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa/go.mod h1:K79w1Vqn7PoiZn+TkNpx3BUWUQksGO3JcVX6qIjytmA=
+golang.org/x/exp v0.0.0-20260112195511-716be5621a96 h1:Z/6YuSHTLOHfNFdb8zVZomZr7cqNgTJvA8+Qz75D8gU=
+golang.org/x/exp v0.0.0-20260112195511-716be5621a96/go.mod h1:nzimsREAkjBCIEFtHiYkrJyT+2uy9YZJB7H1k68CXZU=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -1422,8 +1424,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
-golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
+golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
+golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1472,8 +1474,8 @@ golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220520000938-2e3eb7b945c2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
-golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
+golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1494,8 +1496,8 @@ golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
-golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ=
-golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1508,8 +1510,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220513210516-0976fa681c29/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
-golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1596,12 +1598,12 @@ golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
-golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg=
-golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM=
+golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
+golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1612,8 +1614,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
-golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1676,8 +1678,8 @@ golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
-golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
-golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
+golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
+golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
 golang.org/x/tools/godoc v0.1.0-deprecated h1:o+aZ1BOj6Hsx/GBdJO/s815sqftjSnrZZwyYTHODvtk=
 golang.org/x/tools/godoc v0.1.0-deprecated/go.mod h1:qM63CriJ961IHWmnWa9CjZnBndniPt4a3CK0PVB9bIg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1818,10 +1820,10 @@ google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP
 google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217 h1:GvESR9BIyHUahIb0NcTum6itIWtdoglGX+rnGxm2934=
 google.golang.org/genproto v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:yJ2HH4EHEDTd3JiLmhds6NkJ17ITVYOdV3m3VKOnws0=
-google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 h1:JLQynH/LBHfCTSbDWl+py8C+Rg/k1OVH3xfcaiANuF0=
-google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:kSJwQxqmFXeo79zOmbrALdflXQeAYcUbgS7PbpMknCY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 h1:ggcbiqK8WWh6l1dnltU4BgWGIGo+EVYxCaAPih/zQXQ=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171/go.mod h1:4Hqkh8ycfw05ld/3BWL7rJOSfebL2Q+DVDeRgYgxUU8=
+google.golang.org/genproto/googleapis/api v0.0.0-20260203192932-546029d2fa20 h1:7ei4lp52gK1uSejlA8AZl5AJjeLUOHBQscRQZUgAcu0=
+google.golang.org/genproto/googleapis/api v0.0.0-20260203192932-546029d2fa20/go.mod h1:ZdbssH/1SOVnjnDlXzxDHK2MCidiqXtbYccJNzNYPEE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
 google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@@ -1854,8 +1856,8 @@ google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ5
 google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ=
 google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
-google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
-google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+google.golang.org/grpc v1.78.0 h1:K1XZG/yGDJnzMdd/uZHAkVqJE+xIDOcmdSFZkBUicNc=
+google.golang.org/grpc v1.78.0/go.mod h1:I47qjTo4OKbMkjA/aOOwxDIiPSBofUtQUI5EfpWvW7U=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1925,20 +1927,18 @@ k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZ
 k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ=
 k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck=
 k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis=
-modernc.org/cc/v4 v4.27.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
-modernc.org/ccgo/v4 v4.32.0 h1:hjG66bI/kqIPX1b2yT6fr/jt+QedtP2fqojG2VrFuVw=
-modernc.org/ccgo/v4 v4.32.0/go.mod h1:6F08EBCx5uQc38kMGl+0Nm0oWczoo1c7cgpzEry7Uc0=
-modernc.org/fileutil v1.4.0 h1:j6ZzNTftVS054gi281TyLjHPp6CPHr2KCxEXjEbD6SM=
-modernc.org/fileutil v1.4.0/go.mod h1:EqdKFDxiByqxLk8ozOxObDSfcVOv/54xDs/DUHdvCUU=
+modernc.org/cc/v4 v4.26.5 h1:xM3bX7Mve6G8K8b+T11ReenJOT+BmVqQj0FY5T4+5Y4=
+modernc.org/cc/v4 v4.26.5/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
+modernc.org/ccgo/v4 v4.28.1 h1:wPKYn5EC/mYTqBO373jKjvX2n+3+aK7+sICCv4Fjy1A=
+modernc.org/ccgo/v4 v4.28.1/go.mod h1:uD+4RnfrVgE6ec9NGguUNdhqzNIeeomeXf6CL0GTE5Q=
+modernc.org/fileutil v1.3.40 h1:ZGMswMNc9JOCrcrakF1HrvmergNLAmxOPjizirpfqBA=
+modernc.org/fileutil v1.3.40/go.mod h1:HxmghZSZVAz/LXcMNwZPA/DRrQZEVP9VX0V4LQGQFOc=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
 modernc.org/gc/v2 v2.6.5/go.mod h1:YgIahr1ypgfe7chRuJi2gD7DBQiKSLMPgBQe9oIiito=
-modernc.org/gc/v3 v3.1.2 h1:ZtDCnhonXSZexk/AYsegNRV1lJGgaNZJuKjJSWKyEqo=
-modernc.org/gc/v3 v3.1.2/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
-modernc.org/libc v1.70.0 h1:U58NawXqXbgpZ/dcdS9kMshu08aiA6b7gusEusqzNkw=
-modernc.org/libc v1.70.0/go.mod h1:OVmxFGP1CI/Z4L3E0Q3Mf1PDE0BucwMkcXjjLntvHJo=
+modernc.org/libc v1.66.10 h1:yZkb3YeLx4oynyR+iUsXsybsX4Ubx7MQlSYEw4yj59A=
+modernc.org/libc v1.66.10/go.mod h1:8vGSEwvoUoltr4dlywvHqjtAqHBaw0j1jI7iFBTAr2I=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
@@ -1947,8 +1947,8 @@ modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
 modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.47.0 h1:R1XyaNpoW4Et9yly+I2EeX7pBza/w+pmYee/0HJDyKk=
-modernc.org/sqlite v1.47.0/go.mod h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
+modernc.org/sqlite v1.40.1 h1:VfuXcxcUWWKRBuP8+BR9L7VnmusMgBNNnBYGEe9w/iY=
+modernc.org/sqlite v1.40.1/go.mod h1:9fjQZ0mB1LLP0GYrp39oOJXx/I2sxEnZtzCmEQIKvGE=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
@@ -1960,8 +1960,8 @@ sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5E
 sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg=
 sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
 sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
 sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=

pkg/apiserver/signozapiserver/cloudintegration.go

@@ -10,6 +10,26 @@ import (
 )
 
 func (provider *provider) addCloudIntegrationRoutes(router *mux.Router) error {
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/credentials", handler.New(
+		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.GetConnectionCredentials),
+		handler.OpenAPIDef{
+			ID:                  "GetConnectionCredentials",
+			Tags:                []string{"cloudintegration"},
+			Summary:             "Get connection credentials",
+			Description:         "This endpoint retrieves the connection credentials required for integration",
+			Request:             nil,
+			RequestContentType:  "application/json",
+			Response:            new(citypes.SignozCredentials),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		},
+	)).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts", handler.New(
 		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.CreateAccount),
 		handler.OpenAPIDef{
@@ -59,7 +79,7 @@ func (provider *provider) addCloudIntegrationRoutes(router *mux.Router) error {
 			Description:         "This endpoint gets an account for the specified cloud provider",
 			Request:             nil,
 			RequestContentType:  "",
-			Response:            new(citypes.GettableAccount),
+			Response:            new(citypes.Account),
 			ResponseContentType: "application/json",
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
@@ -139,7 +159,7 @@ func (provider *provider) addCloudIntegrationRoutes(router *mux.Router) error {
 			Description:         "This endpoint gets a service for the specified cloud provider",
 			Request:             nil,
 			RequestContentType:  "",
-			Response:            new(citypes.GettableService),
+			Response:            new(citypes.Service),
 			ResponseContentType: "application/json",
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{},
@@ -150,7 +170,7 @@ func (provider *provider) addCloudIntegrationRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/services/{service_id}", handler.New(
+	if err := router.Handle("/api/v1/cloud_integrations/{cloud_provider}/accounts/{id}/services/{service_id}", handler.New(
 		provider.authZ.AdminAccess(provider.cloudIntegrationHandler.UpdateService),
 		handler.OpenAPIDef{
 			ID:                  "UpdateService",

pkg/authz/openfgaauthz/provider.go

@@ -150,7 +150,7 @@ func (provider *provider) Grant(ctx context.Context, orgID valuer.UUID, names []
 
 	err = provider.Write(ctx, tuples, nil)
 	if err != nil {
-		return errors.WithAdditionalf(err, "failed to grant roles: %v to subject: %s", names, subject)
+		return errors.WrapInternalf(err, errors.CodeInternal, "failed to grant roles: %v to subject: %s", names, subject)
 	}
 
 	return nil
@@ -188,7 +188,7 @@ func (provider *provider) Revoke(ctx context.Context, orgID valuer.UUID, names [
 
 	err = provider.Write(ctx, nil, tuples)
 	if err != nil {
-		return errors.WithAdditionalf(err, "failed to revoke roles: %v to subject: %s", names, subject)
+		return errors.WrapInternalf(err, errors.CodeInternal, "failed to revoke roles: %v to subject: %s", names, subject)
 	}
 
 	return nil

pkg/authz/openfgaserver/server.go

@@ -15,14 +15,12 @@ import (
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 	openfgapkgtransformer "github.com/openfga/language/pkg/go/transformer"
 	openfgapkgserver "github.com/openfga/openfga/pkg/server"
-	openfgaerrors "github.com/openfga/openfga/pkg/server/errors"
 	"github.com/openfga/openfga/pkg/storage"
 	"google.golang.org/protobuf/encoding/protojson"
 )
 
 const (
 	batchCheckItemErrorMessage = "::AUTHZ-CHECK-ERROR::"
-	writeErrorMessage          = "::AUTHZ-WRITE-ERROR::"
 )
 
 var (
@@ -250,19 +248,7 @@ func (server *Server) Write(ctx context.Context, additions []*openfgav1.TupleKey
 		}(),
 	})
 
-	if err != nil {
-		openfgaError := new(openfgaerrors.InternalError)
-		ok := errors.As(err, openfgaError)
-		if ok {
-			server.settings.Logger().ErrorContext(ctx, writeErrorMessage, errors.Attr(openfgaError.Unwrap()))
-			return errors.New(errors.TypeTooManyRequests, errors.CodeTooManyRequests, openfgaError.Error())
-		}
-
-		server.settings.Logger().ErrorContext(ctx, writeErrorMessage, errors.Attr(err))
-		return err
-	}
-
-	return nil
+	return err
 }
 
 func (server *Server) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, typeable authtypes.Typeable) ([]*authtypes.Object, error) {

pkg/errors/code.go

@@ -18,7 +18,6 @@ var (
 	CodeUnknown                 = Code{"unknown"}
 	CodeFatal                   = Code{"fatal"}
 	CodeLicenseUnavailable      = Code{"license_unavailable"}
-	CodeTooManyRequests         = Code{"too_many_requests"}
 )
 
 var (

pkg/errors/type.go

@@ -12,9 +12,8 @@ var (
 	TypeCanceled               = typ{"canceled"}
 	TypeTimeout                = typ{"timeout"}
 	TypeUnexpected             = typ{"unexpected"} // Generic mismatch of expectations
-	TypeFatal                  = typ{"fatal"}      // Unrecoverable failure (e.g. panic)
+	TypeFatal                  = typ{"fatal"}     // Unrecoverable failure (e.g. panic)
 	TypeLicenseUnavailable     = typ{"license-unavailable"}
-	TypeTooManyRequests        = typ{"too-many-requests"}
 )
 
 // Defines custom error types.

pkg/http/render/render.go

@@ -77,8 +77,6 @@ func ErrorTypeFromStatusCode(statusCode int) string {
 		return errors.TypeTimeout.String()
 	case http.StatusUnavailableForLegalReasons:
 		return errors.TypeLicenseUnavailable.String()
-	case http.StatusTooManyRequests:
-		return errors.TypeTooManyRequests.String()
 	default:
 		return errors.TypeInternal.String()
 	}
@@ -110,8 +108,6 @@ func Error(rw http.ResponseWriter, cause error) {
 		httpCode = http.StatusInternalServerError
 	case errors.TypeLicenseUnavailable:
 		httpCode = http.StatusUnavailableForLegalReasons
-	case errors.TypeTooManyRequests:
-		httpCode = http.StatusTooManyRequests
 	}
 
 	body, err := json.Marshal(&ErrorResponse{Status: StatusError.s, Error: errors.AsJSON(cause)})

pkg/modules/cloudintegration/cloudintegration.go

@@ -10,19 +10,21 @@ import (
 )
 
 type Module interface {
+	GetConnectionCredentials(ctx context.Context, orgID valuer.UUID, provider citypes.CloudProviderType) (*citypes.SignozCredentials, error)
+
 	CreateAccount(ctx context.Context, account *citypes.Account) error
 
 	// GetAccount returns cloud integration account
-	GetAccount(ctx context.Context, orgID, accountID valuer.UUID) (*citypes.Account, error)
+	GetAccount(ctx context.Context, orgID, accountID valuer.UUID, provider citypes.CloudProviderType) (*citypes.Account, error)
 
 	// ListAccounts lists accounts where agent is connected
-	ListAccounts(ctx context.Context, orgID valuer.UUID) ([]*citypes.Account, error)
+	ListAccounts(ctx context.Context, orgID valuer.UUID, provider citypes.CloudProviderType) ([]*citypes.Account, error)
 
 	// UpdateAccount updates the cloud integration account for a specific organization.
 	UpdateAccount(ctx context.Context, account *citypes.Account) error
 
 	// DisconnectAccount soft deletes/removes a cloud integration account.
-	DisconnectAccount(ctx context.Context, orgID, accountID valuer.UUID) error
+	DisconnectAccount(ctx context.Context, orgID, accountID valuer.UUID, provider citypes.CloudProviderType) error
 
 	// GetConnectionArtifact returns cloud provider specific connection information,
 	// client side handles how this information is shown
@@ -30,17 +32,20 @@ type Module interface {
 
 	// ListServicesMetadata returns the list of services metadata for a cloud provider attached with the integrationID.
 	// This just returns a summary of the service and not the whole service definition
-	ListServicesMetadata(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID) ([]*citypes.ServiceMetadata, error)
+	ListServicesMetadata(ctx context.Context, orgID valuer.UUID, provider citypes.CloudProviderType, integrationID *valuer.UUID) ([]*citypes.ServiceMetadata, error)
 
 	// GetService returns service definition details for a serviceID. This returns config and
 	// other details required to show in service details page on web client.
-	GetService(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID, serviceID string) (*citypes.Service, error)
+	GetService(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID, serviceID citypes.ServiceID, provider citypes.CloudProviderType) (*citypes.Service, error)
+
+	// CreateService creates a new service for a cloud integration account.
+	CreateService(ctx context.Context, orgID valuer.UUID, service *citypes.CloudIntegrationService, provider citypes.CloudProviderType) error
 
 	// UpdateService updates cloud integration service
-	UpdateService(ctx context.Context, orgID valuer.UUID, service *citypes.CloudIntegrationService) error
+	UpdateService(ctx context.Context, orgID valuer.UUID, service *citypes.CloudIntegrationService, provider citypes.CloudProviderType) error
 
 	// AgentCheckIn is called by agent to heartbeat and get latest config in response.
-	AgentCheckIn(ctx context.Context, orgID valuer.UUID, req *citypes.AgentCheckInRequest) (*citypes.AgentCheckInResponse, error)
+	AgentCheckIn(ctx context.Context, orgID valuer.UUID, provider citypes.CloudProviderType, req *citypes.AgentCheckInRequest) (*citypes.AgentCheckInResponse, error)
 
 	// GetDashboardByID returns dashboard JSON for a given dashboard id.
 	// this only returns the dashboard when the service (embedded in dashboard id) is enabled
@@ -52,7 +57,22 @@ type Module interface {
 	ListDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error)
 }
 
+type CloudProviderModule interface {
+	GetConnectionArtifact(ctx context.Context, account *citypes.Account, req *citypes.ConnectionArtifactRequest) (*citypes.ConnectionArtifact, error)
+
+	// ListServiceDefinitions returns all service definitions for this cloud provider.
+	ListServiceDefinitions(ctx context.Context) ([]*citypes.ServiceDefinition, error)
+
+	// GetServiceDefinition returns the service definition for the given service ID.
+	GetServiceDefinition(ctx context.Context, serviceID citypes.ServiceID) (*citypes.ServiceDefinition, error)
+
+	// BuildIntegrationConfig compiles the provider-specific integration config from the account
+	// and list of configured services. This is the config returned to the agent on check-in.
+	BuildIntegrationConfig(ctx context.Context, account *citypes.Account, services []*citypes.StorableCloudIntegrationService) (*citypes.ProviderIntegrationConfig, error)
+}
+
 type Handler interface {
+	GetConnectionCredentials(http.ResponseWriter, *http.Request)
 	CreateAccount(http.ResponseWriter, *http.Request)
 	ListAccounts(http.ResponseWriter, *http.Request)
 	GetAccount(http.ResponseWriter, *http.Request)

pkg/modules/cloudintegration/implcloudintegration/handler.go

@@ -12,6 +12,10 @@ func NewHandler() cloudintegration.Handler {
 	return &handler{}
 }
 
+func (handler *handler) GetConnectionCredentials(http.ResponseWriter, *http.Request) {
+	panic("unimplemented")
+}
+
 func (handler *handler) CreateAccount(writer http.ResponseWriter, request *http.Request) {
 	// TODO implement me
 	panic("implement me")

pkg/modules/cloudintegration/implcloudintegration/store.go

@@ -34,6 +34,25 @@ func (store *store) GetAccountByID(ctx context.Context, orgID, id valuer.UUID, p
 	return account, nil
 }
 
+func (store *store) GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, providerAccountID string) (*cloudintegrationtypes.StorableCloudIntegration, error) {
+	account := new(cloudintegrationtypes.StorableCloudIntegration)
+	err := store.
+		store.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(account).
+		Where("org_id = ?", orgID).
+		Where("provider = ?", provider).
+		Where("account_id = ?", providerAccountID).
+		Where("last_agent_report IS NOT NULL").
+		Where("removed_at IS NULL").
+		Scan(ctx)
+	if err != nil {
+		return nil, store.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "connected account with provider account id %s not found", providerAccountID)
+	}
+	return account, nil
+}
+
 func (store *store) ListConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) ([]*cloudintegrationtypes.StorableCloudIntegration, error) {
 	var accounts []*cloudintegrationtypes.StorableCloudIntegration
 	err := store.
@@ -96,25 +115,6 @@ func (store *store) RemoveAccount(ctx context.Context, orgID, id valuer.UUID, pr
 	return err
 }
 
-func (store *store) GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, providerAccountID string) (*cloudintegrationtypes.StorableCloudIntegration, error) {
-	account := new(cloudintegrationtypes.StorableCloudIntegration)
-	err := store.
-		store.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(account).
-		Where("org_id = ?", orgID).
-		Where("provider = ?", provider).
-		Where("account_id = ?", providerAccountID).
-		Where("last_agent_report IS NOT NULL").
-		Where("removed_at IS NULL").
-		Scan(ctx)
-	if err != nil {
-		return nil, store.store.WrapNotFoundErrf(err, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "connected account with provider account id %s not found", providerAccountID)
-	}
-	return account, nil
-}
-
 func (store *store) GetServiceByServiceID(ctx context.Context, cloudIntegrationID valuer.UUID, serviceID cloudintegrationtypes.ServiceID) (*cloudintegrationtypes.StorableCloudIntegrationService, error) {
 	service := new(cloudintegrationtypes.StorableCloudIntegrationService)
 	err := store.
@@ -172,3 +172,9 @@ func (store *store) UpdateService(ctx context.Context, service *cloudintegration
 		Exec(ctx)
 	return err
 }
+
+func (store *store) RunInTx(ctx context.Context, cb func(ctx context.Context) error) error {
+	return store.store.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
+		return cb(ctx)
+	})
+}

pkg/querybuilder/fallback_expr.go

@@ -211,8 +211,6 @@ func DataTypeCollisionHandledFieldName(key *telemetrytypes.TelemetryFieldKey, va
 		case float64:
 			// try to convert the string value to to number
 			tblFieldName = castFloat(tblFieldName)
-		case int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64:
-			tblFieldName = castFloat(tblFieldName)
 		case []any:
 			if allFloats(v) {
 				tblFieldName = castFloat(tblFieldName)
@@ -279,18 +277,6 @@ func DataTypeCollisionHandledFieldName(key *telemetrytypes.TelemetryFieldKey, va
 				tblFieldName, value = castString(tblFieldName), toStrings(v)
 			}
 		}
-	case telemetrytypes.FieldDataTypeArrayDynamic:
-		switch v := value.(type) {
-		case string:
-			tblFieldName = castString(tblFieldName)
-		case float32, float64, int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64:
-			tblFieldName = accurateCastFloat(tblFieldName)
-		case bool:
-			tblFieldName = castBool(tblFieldName)
-		case []any:
-			// dynamic array elements will be default casted to string
-			tblFieldName, value = castString(tblFieldName), toStrings(v)
-		}
 	}
 	return tblFieldName, value
 }
@@ -298,10 +284,6 @@ func DataTypeCollisionHandledFieldName(key *telemetrytypes.TelemetryFieldKey, va
 func castFloat(col string) string     { return fmt.Sprintf("toFloat64OrNull(%s)", col) }
 func castFloatHack(col string) string { return fmt.Sprintf("toFloat64(%s)", col) }
 func castString(col string) string    { return fmt.Sprintf("toString(%s)", col) }
-func castBool(col string) string      { return fmt.Sprintf("accurateCastOrNull(%s, 'Bool')", col) }
-func accurateCastFloat(col string) string {
-	return fmt.Sprintf("accurateCastOrNull(%s, 'Float64')", col)
-}
 
 func allFloats(in []any) bool {
 	for _, x := range in {

pkg/telemetrylogs/json_condition_builder.go

@@ -3,7 +3,6 @@ package telemetrylogs
 import (
 	"fmt"
 	"slices"
-	"strings"
 
 	schemamigrator "github.com/SigNoz/signoz-otel-collector/cmd/signozschemamigrator/schema_migrator"
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -34,34 +33,182 @@ func NewJSONConditionBuilder(key *telemetrytypes.TelemetryFieldKey, valueType te
 
 // BuildCondition builds the full WHERE condition for body_v2 JSON paths.
 func (c *jsonConditionBuilder) buildJSONCondition(operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	baseCond, err := c.emitPlannedCondition(operator, value, sb)
-	if err != nil {
-		return "", err
+	conditions := []string{}
+	for _, node := range c.key.JSONPlan {
+		condition, err := c.emitPlannedCondition(node, operator, value, sb)
+		if err != nil {
+			return "", err
+		}
+		conditions = append(conditions, condition)
 	}
+	baseCond := sb.Or(conditions...)
 
 	// path index
 	if operator.AddDefaultExistsFilter() {
 		pathIndex := fmt.Sprintf(`has(%s, '%s')`, schemamigrator.JSONPathsIndexExpr(LogsV2BodyV2Column), c.key.ArrayParentPaths()[0])
 		return sb.And(baseCond, pathIndex), nil
 	}
-
 	return baseCond, nil
 }
 
-func (c *jsonConditionBuilder) emitPlannedCondition(operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+// emitPlannedCondition handles paths with array traversal.
+func (c *jsonConditionBuilder) emitPlannedCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
 	// Build traversal + terminal recursively per-hop
-	conditions := []string{}
-	for _, node := range c.key.JSONPlan {
-		condition, err := c.recurseArrayHops(node, operator, value, sb)
+	compiled, err := c.recurseArrayHops(node, operator, value, sb)
+	if err != nil {
+		return "", err
+	}
+	return compiled, nil
+}
+
+// buildTerminalCondition creates the innermost condition.
+func (c *jsonConditionBuilder) buildTerminalCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+	if node.TerminalConfig.ElemType.IsArray {
+		conditions := []string{}
+		// if the value type is not an array
+		// TODO(piyush): Confirm the Query built for Array case and add testcases for it later
+		if !c.valueType.IsArray {
+			// if operator is a String search Operator, then we need to build one more String comparison condition along with the Strict match condition
+			if operator.IsStringSearchOperator() {
+				formattedValue := querybuilder.FormatValueForContains(value)
+				arrayCond, err := c.buildArrayMembershipCondition(node, operator, formattedValue, sb)
+				if err != nil {
+					return "", err
+				}
+				conditions = append(conditions, arrayCond)
+			}
+
+			// switch operator for array membership checks
+			switch operator {
+			case qbtypes.FilterOperatorContains:
+				operator = qbtypes.FilterOperatorEqual
+			case qbtypes.FilterOperatorNotContains:
+				operator = qbtypes.FilterOperatorNotEqual
+			}
+		}
+
+		arrayCond, err := c.buildArrayMembershipCondition(node, operator, value, sb)
 		if err != nil {
 			return "", err
 		}
-		conditions = append(conditions, condition)
+		conditions = append(conditions, arrayCond)
+		// or the conditions together
+		return sb.Or(conditions...), nil
 	}
 
-	return sb.Or(conditions...), nil
+	return c.buildPrimitiveTerminalCondition(node, operator, value, sb)
 }
 
+// buildPrimitiveTerminalCondition builds the condition if the terminal node is a primitive type
+// it handles the data type collisions and utilizes indexes for the condition if available.
+func (c *jsonConditionBuilder) buildPrimitiveTerminalCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+	fieldPath := node.FieldPath()
+	conditions := []string{}
+	var formattedValue = value
+	if operator.IsStringSearchOperator() {
+		formattedValue = querybuilder.FormatValueForContains(value)
+	}
+
+	elemType := node.TerminalConfig.ElemType
+	fieldExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, elemType.StringValue())
+	fieldExpr, formattedValue = querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, formattedValue, fieldExpr, operator)
+
+	// utilize indexes for the condition if available
+	indexed := slices.ContainsFunc(node.TerminalConfig.Key.Indexes, func(index telemetrytypes.JSONDataTypeIndex) bool {
+		return index.Type == elemType && index.ColumnExpression == fieldPath
+	})
+	if elemType.IndexSupported && indexed {
+		indexedExpr := assumeNotNull(fieldPath, elemType)
+		emptyValue := func() any {
+			switch elemType {
+			case telemetrytypes.String:
+				return ""
+			case telemetrytypes.Int64, telemetrytypes.Float64, telemetrytypes.Bool:
+				return 0
+			default:
+				return nil
+			}
+		}()
+
+		// switch the operator and value for exists and not exists
+		switch operator {
+		case qbtypes.FilterOperatorExists:
+			operator = qbtypes.FilterOperatorNotEqual
+			value = emptyValue
+		case qbtypes.FilterOperatorNotExists:
+			operator = qbtypes.FilterOperatorEqual
+			value = emptyValue
+		default:
+			// do nothing
+		}
+
+		indexedExpr, indexedComparisonValue := querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, formattedValue, indexedExpr, operator)
+		cond, err := c.applyOperator(sb, indexedExpr, operator, indexedComparisonValue)
+		if err != nil {
+			return "", err
+		}
+
+		// if qb has a definitive value, we can skip adding a condition to
+		// check the existence of the path in the json column
+		if value != emptyValue {
+			return cond, nil
+		}
+
+		conditions = append(conditions, cond)
+		// Switch operator to EXISTS since indexed paths on assumedNotNull, indexes will always have a default value
+		// So we flip the operator to Exists and filter the rows that actually have the value
+		operator = qbtypes.FilterOperatorExists
+	}
+
+	cond, err := c.applyOperator(sb, fieldExpr, operator, formattedValue)
+	if err != nil {
+		return "", err
+	}
+	conditions = append(conditions, cond)
+	if len(conditions) > 1 {
+		return sb.And(conditions...), nil
+	}
+	return conditions[0], nil
+}
+
+// buildArrayMembershipCondition handles array membership checks.
+func (c *jsonConditionBuilder) buildArrayMembershipCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
+	arrayPath := node.FieldPath()
+	localKeyCopy := *node.TerminalConfig.Key
+	// create typed array out of a dynamic array
+	filteredDynamicExpr := func() string {
+		// Change the field data type from []dynamic to the value type
+		// since we've filtered the value type out of the dynamic array, we need to change the field data corresponding to the value type
+		localKeyCopy.FieldDataType = telemetrytypes.MappingJSONDataTypeToFieldDataType[telemetrytypes.ScalerTypeToArrayType[c.valueType]]
+
+		baseArrayDynamicExpr := fmt.Sprintf("dynamicElement(%s, 'Array(Dynamic)')", arrayPath)
+		return fmt.Sprintf("arrayMap(x->dynamicElement(x, '%s'), arrayFilter(x->(dynamicType(x) = '%s'), %s))",
+			c.valueType.StringValue(),
+			c.valueType.StringValue(),
+			baseArrayDynamicExpr)
+	}
+	typedArrayExpr := func() string {
+		return fmt.Sprintf("dynamicElement(%s, '%s')", arrayPath, node.TerminalConfig.ElemType.StringValue())
+	}
+
+	var arrayExpr string
+	if node.TerminalConfig.ElemType == telemetrytypes.ArrayDynamic {
+		arrayExpr = filteredDynamicExpr()
+	} else {
+		arrayExpr = typedArrayExpr()
+	}
+
+	key := "x"
+	fieldExpr, value := querybuilder.DataTypeCollisionHandledFieldName(&localKeyCopy, value, key, operator)
+	op, err := c.applyOperator(sb, fieldExpr, operator, value)
+	if err != nil {
+		return "", err
+	}
+
+	return fmt.Sprintf("arrayExists(%s -> %s, %s)", key, op, arrayExpr), nil
+}
+
+// recurseArrayHops recursively builds array traversal conditions.
 func (c *jsonConditionBuilder) recurseArrayHops(current *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
 	if current == nil {
 		return "", errors.NewInternalf(CodeArrayNavigationFailed, "navigation failed, current node is nil")
@@ -75,33 +222,6 @@ func (c *jsonConditionBuilder) recurseArrayHops(current *telemetrytypes.JSONAcce
 		return terminalCond, nil
 	}
 
-	// apply NOT at top level arrayExists so that any subsequent arrayExists fails we count it as true (matching log)
-	yes, operator := applyNotCondition(operator)
-	condition, err := c.buildAccessNodeBranches(current, operator, value, sb)
-	if err != nil {
-		return "", err
-	}
-
-	if yes {
-		return sb.Not(condition), nil
-	}
-
-	return condition, nil
-}
-
-func applyNotCondition(operator qbtypes.FilterOperator) (bool, qbtypes.FilterOperator) {
-	if operator.IsNegativeOperator() {
-		return true, operator.Inverse()
-	}
-	return false, operator
-}
-
-// buildAccessNodeBranches builds conditions for each branch of the access node.
-func (c *jsonConditionBuilder) buildAccessNodeBranches(current *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	if current == nil {
-		return "", errors.NewInternalf(CodeArrayNavigationFailed, "navigation failed, current node is nil")
-	}
-
 	currAlias := current.Alias()
 	fieldPath := current.FieldPath()
 	// Determine availability of Array(JSON) and Array(Dynamic) at this hop
@@ -136,200 +256,6 @@ func (c *jsonConditionBuilder) buildAccessNodeBranches(current *telemetrytypes.J
 	return sb.Or(branches...), nil
 }
 
-// buildTerminalCondition creates the innermost condition.
-func (c *jsonConditionBuilder) buildTerminalCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	if node.TerminalConfig.ElemType.IsArray {
-		// Note: here applyNotCondition will return true only if; top level path is an array; and operator is a negative operator
-		// Otherwise this code will be triggered by buildAccessNodeBranches; Where operator would've been already inverted if needed.
-		yes, operator := applyNotCondition(operator)
-		cond, err := c.buildTerminalArrayCondition(node, operator, value, sb)
-		if err != nil {
-			return "", err
-		}
-
-		if yes {
-			return sb.Not(cond), nil
-		}
-		return cond, nil
-	}
-
-	return c.buildPrimitiveTerminalCondition(node, operator, value, sb)
-}
-
-func getEmptyValue(elemType telemetrytypes.JSONDataType) any {
-	switch elemType {
-	case telemetrytypes.String:
-		return ""
-	case telemetrytypes.Int64, telemetrytypes.Float64, telemetrytypes.Bool:
-		return 0
-	default:
-		return nil
-	}
-}
-
-func (c *jsonConditionBuilder) terminalIndexedCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	fieldPath := node.FieldPath()
-	if strings.Contains(fieldPath, telemetrytypes.ArraySepSuffix) {
-		return "", errors.NewInternalf(CodeArrayNavigationFailed, "can not build index condition for array field %s", fieldPath)
-	}
-
-	elemType := node.TerminalConfig.ElemType
-	dynamicExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, elemType.StringValue())
-	indexedExpr := assumeNotNull(dynamicExpr)
-
-	// switch the operator and value for exists and not exists
-	switch operator {
-	case qbtypes.FilterOperatorExists:
-		operator = qbtypes.FilterOperatorNotEqual
-		value = getEmptyValue(elemType)
-	case qbtypes.FilterOperatorNotExists:
-		operator = qbtypes.FilterOperatorEqual
-		value = getEmptyValue(elemType)
-	default:
-		// do nothing
-	}
-
-	indexedExpr, formattedValue := querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, value, indexedExpr, operator)
-	cond, err := c.applyOperator(sb, indexedExpr, operator, formattedValue)
-	if err != nil {
-		return "", err
-	}
-
-	return cond, nil
-}
-
-// buildPrimitiveTerminalCondition builds the condition if the terminal node is a primitive type
-// it handles the data type collisions and utilizes indexes for the condition if available.
-func (c *jsonConditionBuilder) buildPrimitiveTerminalCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	fieldPath := node.FieldPath()
-	conditions := []string{}
-
-	// utilize indexes for the condition if available
-	//
-	// Note: Indexing code doesn't get executed for Array Nested fields because they can not be indexed
-	indexed := slices.ContainsFunc(node.TerminalConfig.Key.Indexes, func(index telemetrytypes.JSONDataTypeIndex) bool {
-		return index.Type == node.TerminalConfig.ElemType
-	})
-	if node.TerminalConfig.ElemType.IndexSupported && indexed {
-		indexCond, err := c.terminalIndexedCondition(node, operator, value, sb)
-		if err != nil {
-			return "", err
-		}
-		// if qb has a definitive value, we can skip adding a condition to
-		// check the existence of the path in the json column
-		if value != nil && value != getEmptyValue(node.TerminalConfig.ElemType) {
-			return indexCond, nil
-		}
-
-		conditions = append(conditions, indexCond)
-
-		// Switch operator to EXISTS except when operator is NOT EXISTS since
-		// indexed paths on assumedNotNull, indexes will always have a default
-		// value so we flip the operator to Exists and filter the rows that
-		// actually have the value
-		if operator != qbtypes.FilterOperatorNotExists {
-			operator = qbtypes.FilterOperatorExists
-		}
-	}
-
-	var formattedValue = value
-	if operator.IsStringSearchOperator() {
-		formattedValue = querybuilder.FormatValueForContains(value)
-	}
-
-	fieldExpr := fmt.Sprintf("dynamicElement(%s, '%s')", fieldPath, node.TerminalConfig.ElemType.StringValue())
-
-	// if operator is negative and has a value comparison i.e. excluding EXISTS and NOT EXISTS, we need to assume that the field exists everywhere
-	//
-	// Note: here applyNotCondition will return true only if; top level path is being queried and operator is a negative operator
-	// Otherwise this code will be triggered by buildAccessNodeBranches; Where operator would've been already inverted if needed.
-	if node.IsNonNestedPath() {
-		yes, _ := applyNotCondition(operator)
-		if yes {
-			switch operator {
-			case qbtypes.FilterOperatorNotExists:
-				// skip
-			default:
-				fieldExpr = assumeNotNull(fieldExpr)
-			}
-		}
-	}
-
-	fieldExpr, formattedValue = querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, formattedValue, fieldExpr, operator)
-	cond, err := c.applyOperator(sb, fieldExpr, operator, formattedValue)
-	if err != nil {
-		return "", err
-	}
-	conditions = append(conditions, cond)
-	if len(conditions) > 1 {
-		return sb.And(conditions...), nil
-	}
-	return conditions[0], nil
-}
-
-func (c *jsonConditionBuilder) buildTerminalArrayCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	conditions := []string{}
-	// if operator is a String search Operator, then we need to build one more String comparison condition along with the Strict match condition
-	if operator.IsStringSearchOperator() {
-		formattedValue := querybuilder.FormatValueForContains(value)
-		arrayCond, err := c.buildArrayMembershipCondition(node, operator, formattedValue, sb)
-		if err != nil {
-			return "", err
-		}
-		conditions = append(conditions, arrayCond)
-
-		// switch operator for array membership checks
-		switch operator {
-		case qbtypes.FilterOperatorContains:
-			operator = qbtypes.FilterOperatorEqual
-		case qbtypes.FilterOperatorNotContains:
-			operator = qbtypes.FilterOperatorNotEqual
-		}
-	}
-
-	arrayCond, err := c.buildArrayMembershipCondition(node, operator, value, sb)
-	if err != nil {
-		return "", err
-	}
-	conditions = append(conditions, arrayCond)
-	if len(conditions) > 1 {
-		return sb.Or(conditions...), nil
-	}
-
-	return conditions[0], nil
-}
-
-// buildArrayMembershipCondition builds condition of the part where Arrays becomes primitive typed Arrays
-// e.g. [300, 404, 500], and value operations will work on the array elements.
-func (c *jsonConditionBuilder) buildArrayMembershipCondition(node *telemetrytypes.JSONAccessNode, operator qbtypes.FilterOperator, value any, sb *sqlbuilder.SelectBuilder) (string, error) {
-	arrayPath := node.FieldPath()
-	// create typed array out of a dynamic array
-	filteredDynamicExpr := func() string {
-		baseArrayDynamicExpr := fmt.Sprintf("dynamicElement(%s, 'Array(Dynamic)')", arrayPath)
-		return fmt.Sprintf("arrayFilter(x->(dynamicType(x) IN ('String', 'Int64', 'Float64', 'Bool')), %s)",
-			baseArrayDynamicExpr)
-	}
-	typedArrayExpr := func() string {
-		return fmt.Sprintf("dynamicElement(%s, '%s')", arrayPath, node.TerminalConfig.ElemType.StringValue())
-	}
-
-	var arrayExpr string
-	if node.TerminalConfig.ElemType == telemetrytypes.ArrayDynamic {
-		arrayExpr = filteredDynamicExpr()
-	} else {
-		arrayExpr = typedArrayExpr()
-	}
-
-	key := "x"
-	fieldExpr, value := querybuilder.DataTypeCollisionHandledFieldName(node.TerminalConfig.Key, value, key, operator)
-	op, err := c.applyOperator(sb, fieldExpr, operator, value)
-	if err != nil {
-		return "", err
-	}
-
-	return fmt.Sprintf("arrayExists(%s -> %s, %s)", key, op, arrayExpr), nil
-}
-
 func (c *jsonConditionBuilder) applyOperator(sb *sqlbuilder.SelectBuilder, fieldExpr string, operator qbtypes.FilterOperator, value any) (string, error) {
 	switch operator {
 	case qbtypes.FilterOperatorEqual:
@@ -391,6 +317,6 @@ func (c *jsonConditionBuilder) applyOperator(sb *sqlbuilder.SelectBuilder, field
 	}
 }
 
-func assumeNotNull(fieldExpr string) string {
-	return fmt.Sprintf("assumeNotNull(%s)", fieldExpr)
+func assumeNotNull(column string, elemType telemetrytypes.JSONDataType) string {
+	return fmt.Sprintf("assumeNotNull(dynamicElement(%s, '%s'))", column, elemType.StringValue())
 }

pkg/types/cloudintegrationtypes/account.go

@@ -1,8 +1,10 @@
 package cloudintegrationtypes
 
 import (
+	"encoding/json"
 	"time"
 
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
@@ -33,8 +35,6 @@ type GettableAccounts struct {
 	Accounts []*Account `json:"accounts" required:"true" nullable:"false"`
 }
 
-type GettableAccount = Account
-
 type UpdatableAccount struct {
 	Config *AccountConfig `json:"config" required:"true" nullable:"false"`
 }
@@ -42,3 +42,169 @@ type UpdatableAccount struct {
 type AWSAccountConfig struct {
 	Regions []string `json:"regions" required:"true" nullable:"false"`
 }
+
+func NewAccount(orgID valuer.UUID, provider CloudProviderType, config *AccountConfig) *Account {
+	return &Account{
+		Identifiable: types.Identifiable{
+			ID: valuer.GenerateUUID(),
+		},
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: time.Now(),
+			UpdatedAt: time.Now(),
+		},
+		OrgID:    orgID,
+		Provider: provider,
+		Config:   config,
+	}
+}
+
+func NewAccountFromStorable(storableAccount *StorableCloudIntegration) (*Account, error) {
+	// config can not be empty
+	if storableAccount.Config == "" {
+		return nil, errors.NewInternalf(errors.CodeInternal, "config is empty for account with id: %s", storableAccount.ID)
+	}
+
+	account := &Account{
+		Identifiable:      storableAccount.Identifiable,
+		TimeAuditable:     storableAccount.TimeAuditable,
+		ProviderAccountID: storableAccount.AccountID,
+		Provider:          storableAccount.Provider,
+		RemovedAt:         storableAccount.RemovedAt,
+		OrgID:             storableAccount.OrgID,
+		Config:            new(AccountConfig),
+	}
+
+	switch storableAccount.Provider {
+	case CloudProviderTypeAWS:
+		awsConfig := new(AWSAccountConfig)
+		err := json.Unmarshal([]byte(storableAccount.Config), awsConfig)
+		if err != nil {
+			return nil, err
+		}
+		account.Config.AWS = awsConfig
+	}
+
+	if storableAccount.LastAgentReport != nil {
+		account.AgentReport = &AgentReport{
+			TimestampMillis: storableAccount.LastAgentReport.TimestampMillis,
+			Data:            storableAccount.LastAgentReport.Data,
+		}
+	}
+
+	return account, nil
+}
+
+func NewAccountsFromStorables(storableAccounts []*StorableCloudIntegration) ([]*Account, error) {
+	accounts := make([]*Account, 0, len(storableAccounts))
+	for _, storableAccount := range storableAccounts {
+		account, err := NewAccountFromStorable(storableAccount)
+		if err != nil {
+			return nil, err
+		}
+		accounts = append(accounts, account)
+	}
+
+	return accounts, nil
+}
+
+func (account *Account) Update(config *AccountConfig) error {
+	if account.RemovedAt != nil {
+		return errors.New(errors.TypeUnsupported, ErrCodeCloudIntegrationRemoved, "this operation is not supported for a removed cloud integration account")
+	}
+	account.Config = config
+	account.UpdatedAt = time.Now()
+	return nil
+}
+
+func (account *Account) IsRemoved() bool {
+	return account.RemovedAt != nil
+}
+
+func NewAccountConfigFromPostableArtifact(provider CloudProviderType, artifact *PostableConnectionArtifact) (*AccountConfig, error) {
+	switch provider {
+	case CloudProviderTypeAWS:
+		if artifact.Config.Aws == nil {
+			return nil, errors.NewInternalf(errors.CodeInternal, "AWS artifact is nil")
+		}
+		return &AccountConfig{
+			AWS: &AWSAccountConfig{
+				Regions: artifact.Config.Aws.Regions,
+			},
+		}, nil
+	}
+
+	return nil, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
+}
+
+func NewArtifactRequestFromPostableArtifact(provider CloudProviderType, artifact *PostableConnectionArtifact) (*ConnectionArtifactRequest, error) {
+	req := &ConnectionArtifactRequest{
+		Credentials: artifact.Credentials,
+	}
+
+	switch provider {
+	case CloudProviderTypeAWS:
+		if artifact.Config.Aws == nil {
+			return nil, errors.NewInternalf(errors.CodeInternal, "AWS artifact is nil")
+		}
+		req.Config = &ConnectionArtifactRequestConfig{
+			Aws: &AWSConnectionArtifactRequest{
+				DeploymentRegion: artifact.Config.Aws.DeploymentRegion,
+				Regions:          artifact.Config.Aws.Regions,
+			},
+		}
+
+		return req, nil
+	}
+
+	return nil, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
+}
+
+func NewAgentReport(data map[string]any) *AgentReport {
+	return &AgentReport{
+		TimestampMillis: time.Now().UnixMilli(),
+		Data:            data,
+	}
+}
+
+// ToJSON return JSON bytes for the provider's config
+// thats why not naming it MarshalJSON(), as it will interfere with default JSON marshalling of AccountConfig struct.
+// NOTE: this entertains first non-null provider's config.
+func (config *AccountConfig) ToJSON() ([]byte, error) {
+	if config.AWS != nil {
+		return json.Marshal(config.AWS)
+	}
+
+	return nil, errors.NewInternalf(errors.CodeInternal, "no provider account config found")
+}
+
+func (updatable *UpdatableAccount) Validate(provider CloudProviderType) error {
+	if updatable.Config == nil {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"config is required")
+	}
+
+	switch provider {
+	case CloudProviderTypeAWS:
+		if updatable.Config.AWS == nil {
+			return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+				"aws configuration is required")
+		}
+
+		if len(updatable.Config.AWS.Regions) == 0 {
+			return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+				"at least one region is required")
+		}
+
+		for _, region := range updatable.Config.AWS.Regions {
+			if _, ok := ValidAWSRegions[region]; !ok {
+				return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidCloudRegion,
+					"invalid AWS region: %s", region)
+			}
+		}
+	default:
+		return errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput,
+			"invalid cloud provider: %s", provider.StringValue())
+	}
+
+	return nil
+}

pkg/types/cloudintegrationtypes/cloudintegration.go

@@ -13,10 +13,16 @@ import (
 )
 
 var (
+	ErrCodeCloudIntegrationInvalidConfig        = errors.MustNewCode("cloud_integration_invalid_config")
+	ErrCodeUnsupported                          = errors.MustNewCode("cloud_integration_unsupported")
 	ErrCodeCloudIntegrationNotFound             = errors.MustNewCode("cloud_integration_not_found")
 	ErrCodeCloudIntegrationAlreadyExists        = errors.MustNewCode("cloud_integration_already_exists")
+	ErrCodeCloudIntegrationAlreadyConnected     = errors.MustNewCode("cloud_integration_already_connected")
+	ErrCodeCloudIntegrationRemoved              = errors.MustNewCode("cloud_integration_removed")
+	ErrCodeInvalidInput                         = errors.MustNewCode("cloud_integration_invalid_input")
 	ErrCodeCloudIntegrationServiceNotFound      = errors.MustNewCode("cloud_integration_service_not_found")
 	ErrCodeCloudIntegrationServiceAlreadyExists = errors.MustNewCode("cloud_integration_service_already_exists")
+	ErrCodeServiceDefinitionNotFound            = errors.MustNewCode("service_definition_not_found")
 )
 
 // StorableCloudIntegration represents a cloud integration stored in the database.
@@ -52,6 +58,26 @@ type StorableCloudIntegrationService struct {
 	CloudIntegrationID valuer.UUID `bun:"cloud_integration_id,type:text"`
 }
 
+// Following Service config types are only internally used to store service config in DB and use JSON snake case keys for backward compatibility.
+
+type StorableServiceConfig struct {
+	AWS *StorableAWSServiceConfig
+}
+
+type StorableAWSServiceConfig struct {
+	Logs    *StorableAWSLogsServiceConfig    `json:"logs,omitempty"`
+	Metrics *StorableAWSMetricsServiceConfig `json:"metrics,omitempty"`
+}
+
+type StorableAWSLogsServiceConfig struct {
+	Enabled   bool                `json:"enabled"`
+	S3Buckets map[string][]string `json:"s3_buckets,omitempty"` // region -> list of buckets in that region
+}
+
+type StorableAWSMetricsServiceConfig struct {
+	Enabled bool `json:"enabled"`
+}
+
 // Scan scans value from DB.
 func (r *StorableAgentReport) Scan(src any) error {
 	var data []byte
@@ -68,10 +94,6 @@ func (r *StorableAgentReport) Scan(src any) error {
 
 // Value creates value to be stored in DB.
 func (r *StorableAgentReport) Value() (driver.Value, error) {
-	if r == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "agent report is nil")
-	}
-
 	serialized, err := json.Marshal(r)
 	if err != nil {
 		return nil, errors.WrapInternalf(
@@ -81,3 +103,107 @@ func (r *StorableAgentReport) Value() (driver.Value, error) {
 	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytes
 	return string(serialized), nil
 }
+
+func NewStorableCloudIntegration(account *Account) (*StorableCloudIntegration, error) {
+	configBytes, err := account.Config.ToJSON()
+	if err != nil {
+		return nil, err
+	}
+
+	storableAccount := &StorableCloudIntegration{
+		Identifiable:  account.Identifiable,
+		TimeAuditable: account.TimeAuditable,
+		Provider:      account.Provider,
+		Config:        string(configBytes),
+		AccountID:     account.ProviderAccountID,
+		OrgID:         account.OrgID,
+		RemovedAt:     account.RemovedAt,
+	}
+
+	if account.AgentReport != nil {
+		storableAccount.LastAgentReport = &StorableAgentReport{
+			TimestampMillis: account.AgentReport.TimestampMillis,
+			Data:            account.AgentReport.Data,
+		}
+	}
+
+	return storableAccount, nil
+}
+
+// NewStorableCloudIntegrationService creates a new StorableCloudIntegrationService with
+// generated ID and timestamps from a CloudIntegrationService and its serialized config JSON.
+func NewStorableCloudIntegrationService(svc *CloudIntegrationService, configJSON string) *StorableCloudIntegrationService {
+	return &StorableCloudIntegrationService{
+		Identifiable:       svc.Identifiable,
+		TimeAuditable:      svc.TimeAuditable,
+		Type:               svc.Type,
+		Config:             configJSON,
+		CloudIntegrationID: svc.CloudIntegrationID,
+	}
+}
+
+func (account *StorableCloudIntegration) Update(providerAccountID *string, agentReport *AgentReport) {
+	account.AccountID = providerAccountID
+	if agentReport != nil {
+		account.LastAgentReport = &StorableAgentReport{
+			TimestampMillis: agentReport.TimestampMillis,
+			Data:            agentReport.Data,
+		}
+	}
+}
+
+// following StorableServiceConfig related functions are helper functions to convert between JSON string and ServiceConfig domain struct.
+func newStorableServiceConfig(provider CloudProviderType, serviceID ServiceID, serviceConfig *ServiceConfig, supportedSignals *SupportedSignals) *StorableServiceConfig {
+	switch provider {
+	case CloudProviderTypeAWS:
+		storableAWSServiceConfig := new(StorableAWSServiceConfig)
+
+		if supportedSignals.Logs {
+			storableAWSServiceConfig.Logs = &StorableAWSLogsServiceConfig{
+				Enabled: serviceConfig.AWS.Logs.Enabled,
+			}
+
+			if serviceID == AWSServiceS3Sync {
+				storableAWSServiceConfig.Logs.S3Buckets = serviceConfig.AWS.Logs.S3Buckets
+			}
+		}
+
+		if supportedSignals.Metrics {
+			storableAWSServiceConfig.Metrics = &StorableAWSMetricsServiceConfig{
+				Enabled: serviceConfig.AWS.Metrics.Enabled,
+			}
+		}
+
+		return &StorableServiceConfig{AWS: storableAWSServiceConfig}
+	default:
+		return nil
+	}
+}
+
+func newStorableServiceConfigFromJSON(provider CloudProviderType, jsonStr string) (*StorableServiceConfig, error) {
+	switch provider {
+	case CloudProviderTypeAWS:
+		awsConfig := new(StorableAWSServiceConfig)
+		err := json.Unmarshal([]byte(jsonStr), awsConfig)
+		if err != nil {
+			return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't parse AWS service config JSON")
+		}
+		return &StorableServiceConfig{AWS: awsConfig}, nil
+	default:
+		return nil, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
+	}
+}
+
+func (config *StorableServiceConfig) toJSON(provider CloudProviderType) ([]byte, error) {
+	switch provider {
+	case CloudProviderTypeAWS:
+		jsonBytes, err := json.Marshal(config.AWS)
+		if err != nil {
+			return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't serialize AWS service config to JSON")
+		}
+
+		return jsonBytes, nil
+	default:
+		return nil, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
+	}
+}

pkg/types/cloudintegrationtypes/cloudprovider.go

@@ -1,6 +1,8 @@
 package cloudintegrationtypes
 
 import (
+	"fmt"
+
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
@@ -14,10 +16,14 @@ var (
 	CloudProviderTypeAzure = CloudProviderType{valuer.NewString("azure")}
 
 	// errors.
-	ErrCodeCloudProviderInvalidInput = errors.MustNewCode("invalid_cloud_provider")
+	ErrCodeCloudProviderInvalidInput = errors.MustNewCode("cloud_integration_invalid_cloud_provider")
 
 	AWSIntegrationUserEmail   = valuer.MustNewEmail("aws-integration@signoz.io")
 	AzureIntegrationUserEmail = valuer.MustNewEmail("azure-integration@signoz.io")
+
+	CloudFormationQuickCreateBaseURL  = valuer.NewString("https://%s.console.aws.amazon.com/cloudformation/home")
+	AgentCloudFormationTemplateS3Path = valuer.NewString("https://signoz-integrations.s3.us-east-1.amazonaws.com/aws-quickcreate-template-%s.json")
+	AgentCloudFormationBaseStackName  = valuer.NewString("signoz-integration")
 )
 
 // CloudIntegrationUserEmails is the list of valid emails for Cloud One Click integrations.
@@ -39,3 +45,18 @@ func NewCloudProvider(provider string) (CloudProviderType, error) {
 		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider)
 	}
 }
+
+func GetCloudProviderEmail(provider CloudProviderType) (valuer.Email, error) {
+	switch provider {
+	case CloudProviderTypeAWS:
+		return AWSIntegrationUserEmail, nil
+	case CloudProviderTypeAzure:
+		return AzureIntegrationUserEmail, nil
+	default:
+		return valuer.Email{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
+	}
+}
+
+func NewIngestionKeyName(provider CloudProviderType) string {
+	return fmt.Sprintf("%s-integration", provider.StringValue())
+}

pkg/types/cloudintegrationtypes/connection.go

@@ -3,12 +3,26 @@ package cloudintegrationtypes
 import (
 	"time"
 
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
+type SignozCredentials struct {
+	SigNozAPIURL string `json:"sigNozApiURL" required:"true"`
+	SigNozAPIKey string `json:"sigNozApiKey" required:"true"` // PAT
+	IngestionURL string `json:"ingestionUrl" required:"true"`
+	IngestionKey string `json:"ingestionKey" required:"true"`
+}
+
 type ConnectionArtifactRequest struct {
-	// required till new providers are added
-	Aws *AWSConnectionArtifactRequest `json:"aws" required:"true" nullable:"false"`
+	Config      *ConnectionArtifactRequestConfig `json:"config" required:"true"`
+	Credentials *SignozCredentials               `json:"credentials" required:"true"`
+}
+
+type ConnectionArtifactRequestConfig struct {
+	// as agent version is common for all providers, we can keep it at top level of this struct
+	AgentVersion string
+	Aws          *AWSConnectionArtifactRequest `json:"aws" required:"true" nullable:"false"`
 }
 
 type AWSConnectionArtifactRequest struct {
@@ -33,8 +47,8 @@ type GettableAccountWithArtifact struct {
 }
 
 type AgentCheckInRequest struct {
-	ProviderAccountID  string `json:"providerAccountId" required:"false"`
-	CloudIntegrationID string `json:"cloudIntegrationId" required:"false"`
+	ProviderAccountID  string      `json:"providerAccountId" required:"false"`
+	CloudIntegrationID valuer.UUID `json:"cloudIntegrationId" required:"false"`
 
 	Data map[string]any `json:"data" required:"true" nullable:"true"`
 }
@@ -67,8 +81,8 @@ type GettableAgentCheckInResponse struct {
 // IntegrationConfig older integration config struct for backward compatibility,
 // this will be eventually removed once agents are updated to use new struct.
 type IntegrationConfig struct {
-	EnabledRegions []string               `json:"enabled_regions" required:"true" nullable:"false"` // backward compatible
-	Telemetry      *AWSCollectionStrategy `json:"telemetry" required:"true" nullable:"false"`       // backward compatible
+	EnabledRegions []string                  `json:"enabled_regions" required:"true" nullable:"false"` // backward compatible
+	Telemetry      *OldAWSCollectionStrategy `json:"telemetry" required:"true" nullable:"false"`       // backward compatible
 }
 
 type ProviderIntegrationConfig struct {
@@ -79,3 +93,110 @@ type AWSIntegrationConfig struct {
 	EnabledRegions []string               `json:"enabledRegions" required:"true" nullable:"false"`
 	Telemetry      *AWSCollectionStrategy `json:"telemetry" required:"true" nullable:"false"`
 }
+
+// NewGettableAgentCheckInResponse constructs a backward-compatible response from an AgentCheckInResponse.
+// It populates the old snake_case fields (account_id, cloud_account_id, integration_config, removed_at)
+// from the new camelCase fields so older agents continue to work unchanged.
+// The provider parameter controls which provider-specific block is mapped into the legacy integration_config.
+func NewGettableAgentCheckInResponse(provider CloudProviderType, resp *AgentCheckInResponse) *GettableAgentCheckInResponse {
+	gettable := &GettableAgentCheckInResponse{
+		AccountID:            resp.CloudIntegrationID,
+		CloudAccountID:       resp.ProviderAccountID,
+		OlderRemovedAt:       resp.RemovedAt,
+		AgentCheckInResponse: *resp,
+	}
+
+	switch provider {
+	case CloudProviderTypeAWS:
+		gettable.OlderIntegrationConfig = awsOlderIntegrationConfig(resp.IntegrationConfig)
+	}
+
+	return gettable
+}
+
+// Validate checks that the connection artifact request has a valid provider-specific block
+// with non-empty, valid regions and a valid deployment region.
+func (req *ConnectionArtifactRequest) Validate(provider CloudProviderType) error {
+	if req.Config == nil || req.Credentials == nil {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"config and credentials are required")
+	}
+
+	if req.Credentials.SigNozAPIURL == "" {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"sigNozApiURL can not be empty")
+	}
+
+	if req.Credentials.SigNozAPIKey == "" {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"sigNozApiKey can not be empty")
+	}
+
+	if req.Credentials.IngestionURL == "" {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"ingestionUrl can not be empty")
+	}
+
+	if req.Credentials.IngestionKey == "" {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"ingestionKey can not be empty")
+	}
+
+	switch provider {
+	case CloudProviderTypeAWS:
+		if req.Config.Aws == nil {
+			return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+				"aws configuration is required")
+		}
+		return req.Config.Aws.Validate()
+	}
+
+	return errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput,
+		"invalid cloud provider: %s", provider)
+}
+
+// Validate checks that the AWS connection artifact request has a valid deployment region
+// and a non-empty list of valid regions.
+func (req *AWSConnectionArtifactRequest) Validate() error {
+	if req.DeploymentRegion == "" {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"deploymentRegion is required")
+	}
+	if _, ok := ValidAWSRegions[req.DeploymentRegion]; !ok {
+		return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidCloudRegion,
+			"invalid deployment region: %s", req.DeploymentRegion)
+	}
+
+	if len(req.Regions) == 0 {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"at least one region is required")
+	}
+	for _, region := range req.Regions {
+		if _, ok := ValidAWSRegions[region]; !ok {
+			return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidCloudRegion,
+				"invalid AWS region: %s", region)
+		}
+	}
+	return nil
+}
+
+// Validate checks that the request uses either old fields (account_id, cloud_account_id) or
+// new fields (cloudIntegrationId, providerAccountId), never a mix of both.
+func (req *PostableAgentCheckInRequest) Validate() error {
+	hasOldFields := req.ID != "" || req.AccountID != ""
+	hasNewFields := !req.CloudIntegrationID.IsZero() || req.ProviderAccountID != ""
+
+	if hasOldFields && hasNewFields {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"request must use either old fields (account_id, cloud_account_id) or new fields (cloudIntegrationId, providerAccountId), not both")
+	}
+	if !hasOldFields && !hasNewFields {
+		return errors.New(errors.TypeInvalidInput, ErrCodeInvalidInput,
+			"request must provide either old fields (account_id, cloud_account_id) or new fields (cloudIntegrationId, providerAccountId)")
+	}
+	return nil
+}
+
+func (config *ConnectionArtifactRequestConfig) AddAgentVersion(agentVersion string) {
+	config.AgentVersion = agentVersion
+}

pkg/types/cloudintegrationtypes/regions.go

@@ -4,10 +4,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 )
 
-var (
-	ErrCodeInvalidCloudRegion    = errors.MustNewCode("invalid_cloud_region")
-	ErrCodeMismatchCloudProvider = errors.MustNewCode("cloud_provider_mismatch")
-)
+var ErrCodeInvalidCloudRegion = errors.MustNewCode("invalid_cloud_region")
 
 // List of all valid cloud regions on Amazon Web Services.
 var ValidAWSRegions = map[string]struct{}{

pkg/types/cloudintegrationtypes/service.go

@@ -2,6 +2,7 @@ package cloudintegrationtypes
 
 import (
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -45,13 +46,13 @@ type GettableServicesMetadata struct {
 	Services []*ServiceMetadata `json:"services" required:"true" nullable:"false"`
 }
 
+// Service represents a cloud integration service with its definition,
+// cloud integration service is non nil only when the service entry exists in DB with ANY config (enabled or disabled).
 type Service struct {
 	ServiceDefinition
-	ServiceConfig *ServiceConfig `json:"serviceConfig" required:"false" nullable:"false"`
+	CloudIntegrationService *CloudIntegrationService `json:"cloudIntegrationService" required:"true" nullable:"true"`
 }
 
-type GettableService = Service
-
 type UpdatableService struct {
 	Config *ServiceConfig `json:"config" required:"true" nullable:"false"`
 }
@@ -60,7 +61,7 @@ type ServiceDefinition struct {
 	ServiceDefinitionMetadata
 	Overview         string              `json:"overview" required:"true"` // markdown
 	Assets           Assets              `json:"assets" required:"true"`
-	SupportedSignals SupportedSignals    `json:"supported_signals" required:"true"`
+	SupportedSignals SupportedSignals    `json:"supportedSignals" required:"true"`
 	DataCollected    DataCollected       `json:"dataCollected" required:"true"`
 	Strategy         *CollectionStrategy `json:"telemetryCollectionStrategy" required:"true" nullable:"false"`
 }
@@ -92,7 +93,7 @@ type AWSServiceConfig struct {
 // NOTE: the JSON keys are snake case for backward compatibility with existing agents.
 type AWSServiceLogsConfig struct {
 	Enabled   bool                `json:"enabled"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
+	S3Buckets map[string][]string `json:"s3Buckets,omitempty"`
 }
 
 type AWSServiceMetricsConfig struct {
@@ -121,19 +122,38 @@ type CollectedMetric struct {
 }
 
 // AWSCollectionStrategy represents signal collection strategy for AWS services.
-// this is AWS specific.
-// NOTE: this structure is still using snake case, for backward compatibility,
-// with existing agents.
 type AWSCollectionStrategy struct {
-	Metrics   *AWSMetricsStrategy `json:"aws_metrics,omitempty"`
-	Logs      *AWSLogsStrategy    `json:"aws_logs,omitempty"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"` // Only available in S3 Sync Service Type in AWS
+	Metrics   *AWSMetricsStrategy `json:"metrics,omitempty"`
+	Logs      *AWSLogsStrategy    `json:"logs,omitempty"`
+	S3Buckets map[string][]string `json:"s3Buckets,omitempty"` // Only available in S3 Sync Service Type in AWS
+}
+
+// OldAWSCollectionStrategy is the backward-compatible snake_case form of AWSCollectionStrategy,
+// used in the legacy integration_config response field for older agents.
+type OldAWSCollectionStrategy struct {
+	Provider  string                 `json:"provider"`
+	Metrics   *OldAWSMetricsStrategy `json:"aws_metrics,omitempty"`
+	Logs      *OldAWSLogsStrategy    `json:"aws_logs,omitempty"`
+	S3Buckets map[string][]string    `json:"s3_buckets,omitempty"`
+}
+
+// OldAWSMetricsStrategy is the snake_case form of AWSMetricsStrategy for older agents.
+type OldAWSMetricsStrategy struct {
+	StreamFilters []struct {
+		Namespace   string   `json:"Namespace"`
+		MetricNames []string `json:"MetricNames,omitempty"`
+	} `json:"cloudwatch_metric_stream_filters"`
+}
+
+// OldAWSLogsStrategy is the snake_case form of AWSLogsStrategy for older agents.
+type OldAWSLogsStrategy struct {
+	Subscriptions []struct {
+		LogGroupNamePrefix string `json:"log_group_name_prefix"`
+		FilterPattern      string `json:"filter_pattern"`
+	} `json:"cloudwatch_logs_subscriptions"`
 }
 
 // AWSMetricsStrategy represents metrics collection strategy for AWS services.
-// this is AWS specific.
-// NOTE: this structure is still using snake case, for backward compatibility,
-// with existing agents.
 type AWSMetricsStrategy struct {
 	// to be used as https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html#cfn-cloudwatch-metricstream-includefilters
 	StreamFilters []struct {
@@ -141,23 +161,20 @@ type AWSMetricsStrategy struct {
 		// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-metricstream-metricstreamfilter.html
 		Namespace   string   `json:"Namespace"`
 		MetricNames []string `json:"MetricNames,omitempty"`
-	} `json:"cloudwatch_metric_stream_filters"`
+	} `json:"cloudwatchMetricStreamFilters"`
 }
 
 // AWSLogsStrategy represents logs collection strategy for AWS services.
-// this is AWS specific.
-// NOTE: this structure is still using snake case, for backward compatibility,
-// with existing agents.
 type AWSLogsStrategy struct {
 	Subscriptions []struct {
 		// subscribe to all logs groups with specified prefix.
 		// eg: `/aws/rds/`
-		LogGroupNamePrefix string `json:"log_group_name_prefix"`
+		LogGroupNamePrefix string `json:"logGroupNamePrefix"`
 
 		// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
 		// "" implies no filtering is required.
-		FilterPattern string `json:"filter_pattern"`
-	} `json:"cloudwatch_logs_subscriptions"`
+		FilterPattern string `json:"filterPattern"`
+	} `json:"cloudwatchLogsSubscriptions"`
 }
 
 // Dashboard represents a dashboard definition for cloud integration.
@@ -170,12 +187,156 @@ type Dashboard struct {
 	Definition  dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
 }
 
-// UTILS
+func NewCloudIntegrationService(serviceID ServiceID, cloudIntegrationID valuer.UUID, config *ServiceConfig) *CloudIntegrationService {
+	return &CloudIntegrationService{
+		Identifiable: types.Identifiable{
+			ID: valuer.GenerateUUID(),
+		},
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: time.Now(),
+			UpdatedAt: time.Now(),
+		},
+		Type:               serviceID,
+		Config:             config,
+		CloudIntegrationID: cloudIntegrationID,
+	}
+}
+
+func NewCloudIntegrationServiceFromStorable(stored *StorableCloudIntegrationService, config *ServiceConfig) *CloudIntegrationService {
+	return &CloudIntegrationService{
+		Identifiable:       stored.Identifiable,
+		TimeAuditable:      stored.TimeAuditable,
+		Type:               stored.Type,
+		Config:             config,
+		CloudIntegrationID: stored.CloudIntegrationID,
+	}
+}
+
+func NewServiceMetadata(definition ServiceDefinition, enabled bool) *ServiceMetadata {
+	return &ServiceMetadata{
+		ServiceDefinitionMetadata: definition.ServiceDefinitionMetadata,
+		Enabled:                   enabled,
+	}
+}
+
+func NewService(def ServiceDefinition, storableService *CloudIntegrationService) *Service {
+	return &Service{
+		ServiceDefinition:       def,
+		CloudIntegrationService: storableService,
+	}
+}
+
+func NewServiceConfigFromJSON(provider CloudProviderType, jsonString string) (*ServiceConfig, error) {
+	storableServiceConfig, err := newStorableServiceConfigFromJSON(provider, jsonString)
+	if err != nil {
+		return nil, err
+	}
+
+	switch provider {
+	case CloudProviderTypeAWS:
+		awsServiceConfig := new(AWSServiceConfig)
+
+		if storableServiceConfig.AWS.Logs != nil {
+			awsServiceConfig.Logs = &AWSServiceLogsConfig{
+				Enabled:   storableServiceConfig.AWS.Logs.Enabled,
+				S3Buckets: storableServiceConfig.AWS.Logs.S3Buckets,
+			}
+		}
+
+		if storableServiceConfig.AWS.Metrics != nil {
+			awsServiceConfig.Metrics = &AWSServiceMetricsConfig{
+				Enabled: storableServiceConfig.AWS.Metrics.Enabled,
+			}
+		}
+
+		return &ServiceConfig{AWS: awsServiceConfig}, nil
+	default:
+		return nil, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
+	}
+}
+
+// Update sets the service config.
+func (service *CloudIntegrationService) Update(config *ServiceConfig) {
+	service.Config = config
+	service.UpdatedAt = time.Now()
+}
+
+// IsServiceEnabled returns true if the service has at least one signal (logs or metrics) enabled
+// for the given cloud provider.
+func IsServiceEnabled(provider CloudProviderType, config *ServiceConfig) bool {
+	switch provider {
+	case CloudProviderTypeAWS:
+		logsEnabled := config.AWS.Logs != nil && config.AWS.Logs.Enabled
+		metricsEnabled := config.AWS.Metrics != nil && config.AWS.Metrics.Enabled
+		return logsEnabled || metricsEnabled
+	default:
+		return false
+	}
+}
+
+// IsMetricsEnabled returns true if metrics are explicitly enabled for the given cloud provider.
+// Used to gate dashboard availability — dashboards are only shown when metrics are enabled.
+func IsMetricsEnabled(provider CloudProviderType, config *ServiceConfig) bool {
+	switch provider {
+	case CloudProviderTypeAWS:
+		return config.AWS.Metrics != nil && config.AWS.Metrics.Enabled
+	default:
+		return false
+	}
+}
+
+// IsLogsEnabled returns true if logs are explicitly enabled for the given cloud provider.
+func IsLogsEnabled(provider CloudProviderType, config *ServiceConfig) bool {
+	switch provider {
+	case CloudProviderTypeAWS:
+		return config.AWS.Logs != nil && config.AWS.Logs.Enabled
+	default:
+		return false
+	}
+}
+
+func (serviceConfig *ServiceConfig) ToJSON(provider CloudProviderType, serviceID ServiceID, supportedSignals *SupportedSignals) ([]byte, error) {
+	storableServiceConfig := newStorableServiceConfig(provider, serviceID, serviceConfig, supportedSignals)
+	return storableServiceConfig.toJSON(provider)
+}
+
+func (updatableService *UpdatableService) Validate(provider CloudProviderType, serviceID ServiceID) error {
+	switch provider {
+	case CloudProviderTypeAWS:
+		if updatableService.Config.AWS == nil {
+			return errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "AWS config is required for AWS service")
+		}
+
+		if serviceID == AWSServiceS3Sync {
+			if updatableService.Config.AWS.Logs == nil || updatableService.Config.AWS.Logs.S3Buckets == nil {
+				return errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "AWS S3 Sync service requires S3 bucket configuration for logs")
+			}
+		}
+
+		return nil
+	default:
+		return errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
+	}
+}
 
 // GetCloudIntegrationDashboardID returns the dashboard id for a cloud integration, given the cloud provider, service id, and dashboard id.
 // This is used to generate unique dashboard ids for cloud integration, and also to parse the dashboard id to get the cloud provider and service id when needed.
 func GetCloudIntegrationDashboardID(cloudProvider CloudProviderType, svcID, dashboardID string) string {
-	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider, svcID, dashboardID)
+	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider.StringValue(), svcID, dashboardID)
+}
+
+// ParseCloudIntegrationDashboardID parses a dashboard id generated by GetCloudIntegrationDashboardID
+// into its constituent parts (cloudProvider, serviceID, dashboardID).
+func ParseCloudIntegrationDashboardID(id string) (CloudProviderType, string, string, error) {
+	parts := strings.SplitN(id, "--", 4)
+	if len(parts) != 4 || parts[0] != "cloud-integration" {
+		return CloudProviderType{}, "", "", errors.New(errors.TypeNotFound, ErrCodeCloudIntegrationNotFound, "invalid cloud integration dashboard id")
+	}
+	provider, err := NewCloudProvider(parts[1])
+	if err != nil {
+		return CloudProviderType{}, "", "", err
+	}
+	return provider, parts[2], parts[3], nil
 }
 
 // GetDashboardsFromAssets returns the list of dashboards for the cloud provider service from definition.
@@ -189,9 +350,9 @@ func GetDashboardsFromAssets(
 	dashboards := make([]*dashboardtypes.Dashboard, 0)
 
 	for _, d := range assets.Dashboards {
-		author := fmt.Sprintf("%s-integration", cloudProvider)
+		author := fmt.Sprintf("%s-integration", cloudProvider.StringValue())
 		dashboards = append(dashboards, &dashboardtypes.Dashboard{
-			ID:     GetCloudIntegrationDashboardID(cloudProvider, svcID, d.ID),
+			ID:     d.ID,
 			Locked: true,
 			OrgID:  orgID,
 			Data:   d.Definition,
@@ -208,3 +369,53 @@ func GetDashboardsFromAssets(
 
 	return dashboards
 }
+
+// awsOlderIntegrationConfig converts a ProviderIntegrationConfig into the legacy snake_case
+// IntegrationConfig format consumed by older AWS agents. Returns nil if AWS config is absent.
+func awsOlderIntegrationConfig(cfg *ProviderIntegrationConfig) *IntegrationConfig {
+	if cfg == nil || cfg.AWS == nil {
+		return nil
+	}
+	awsCfg := cfg.AWS
+
+	older := &IntegrationConfig{
+		EnabledRegions: awsCfg.EnabledRegions,
+	}
+
+	if awsCfg.Telemetry == nil {
+		return older
+	}
+
+	// Older agents expect a "provider" field and fully snake_case keys inside telemetry.
+	oldTelemetry := &OldAWSCollectionStrategy{
+		Provider:  CloudProviderTypeAWS.StringValue(),
+		S3Buckets: awsCfg.Telemetry.S3Buckets,
+	}
+
+	if awsCfg.Telemetry.Metrics != nil {
+		// Convert camelCase cloudwatchMetricStreamFilters → snake_case cloudwatch_metric_stream_filters
+		oldMetrics := &OldAWSMetricsStrategy{}
+		for _, f := range awsCfg.Telemetry.Metrics.StreamFilters {
+			oldMetrics.StreamFilters = append(oldMetrics.StreamFilters, struct {
+				Namespace   string   `json:"Namespace"`
+				MetricNames []string `json:"MetricNames,omitempty"`
+			}{Namespace: f.Namespace, MetricNames: f.MetricNames})
+		}
+		oldTelemetry.Metrics = oldMetrics
+	}
+
+	if awsCfg.Telemetry.Logs != nil {
+		// Convert camelCase cloudwatchLogsSubscriptions → snake_case cloudwatch_logs_subscriptions
+		oldLogs := &OldAWSLogsStrategy{}
+		for _, s := range awsCfg.Telemetry.Logs.Subscriptions {
+			oldLogs.Subscriptions = append(oldLogs.Subscriptions, struct {
+				LogGroupNamePrefix string `json:"log_group_name_prefix"`
+				FilterPattern      string `json:"filter_pattern"`
+			}{LogGroupNamePrefix: s.LogGroupNamePrefix, FilterPattern: s.FilterPattern})
+		}
+		oldTelemetry.Logs = oldLogs
+	}
+
+	older.Telemetry = oldTelemetry
+	return older
+}

pkg/types/cloudintegrationtypes/store.go

@@ -38,6 +38,8 @@ type Store interface {
 
 	// UpdateService updates an existing cloud integration service
 	UpdateService(ctx context.Context, service *StorableCloudIntegrationService) error
+
+	RunInTx(context.Context, func(ctx context.Context) error) error
 }
 
 type ServiceDefinitionStore interface {

pkg/types/querybuildertypes/querybuildertypesv5/builder_elements.go

@@ -113,29 +113,6 @@ const (
 	FilterOperatorNotContains
 )
 
-var operatorInverseMapping = map[FilterOperator]FilterOperator{
-	FilterOperatorEqual:           FilterOperatorNotEqual,
-	FilterOperatorNotEqual:        FilterOperatorEqual,
-	FilterOperatorGreaterThan:     FilterOperatorLessThanOrEq,
-	FilterOperatorGreaterThanOrEq: FilterOperatorLessThan,
-	FilterOperatorLessThan:        FilterOperatorGreaterThanOrEq,
-	FilterOperatorLessThanOrEq:    FilterOperatorGreaterThan,
-	FilterOperatorLike:            FilterOperatorNotLike,
-	FilterOperatorNotLike:         FilterOperatorLike,
-	FilterOperatorILike:           FilterOperatorNotILike,
-	FilterOperatorNotILike:        FilterOperatorILike,
-	FilterOperatorBetween:         FilterOperatorNotBetween,
-	FilterOperatorNotBetween:      FilterOperatorBetween,
-	FilterOperatorIn:              FilterOperatorNotIn,
-	FilterOperatorNotIn:           FilterOperatorIn,
-	FilterOperatorExists:          FilterOperatorNotExists,
-	FilterOperatorNotExists:       FilterOperatorExists,
-	FilterOperatorRegexp:          FilterOperatorNotRegexp,
-	FilterOperatorNotRegexp:       FilterOperatorRegexp,
-	FilterOperatorContains:        FilterOperatorNotContains,
-	FilterOperatorNotContains:     FilterOperatorContains,
-}
-
 // AddDefaultExistsFilter returns true if addl exists filter should be added to the query
 // For the negative predicates, we don't want to add the exists filter. Why?
 // Say for example, user adds a filter `service.name != "redis"`, we can't interpret it
@@ -185,10 +162,6 @@ func (f FilterOperator) IsNegativeOperator() bool {
 	return true
 }
 
-func (f FilterOperator) Inverse() FilterOperator {
-	return operatorInverseMapping[f]
-}
-
 func (f FilterOperator) IsComparisonOperator() bool {
 	switch f {
 	case FilterOperatorGreaterThan, FilterOperatorGreaterThanOrEq, FilterOperatorLessThan, FilterOperatorLessThanOrEq:

pkg/types/telemetrytypes/json_access_plan.go

@@ -90,11 +90,6 @@ func (n *JSONAccessNode) FieldPath() string {
 	return n.Parent.Alias() + "." + key
 }
 
-// Returns true if the current node is a non-nested path.
-func (n *JSONAccessNode) IsNonNestedPath() bool {
-	return !strings.Contains(n.FieldPath(), ArraySep)
-}
-
 func (n *JSONAccessNode) BranchesInOrder() []JSONAccessBranchType {
 	return slices.SortedFunc(maps.Keys(n.Branches), func(a, b JSONAccessBranchType) int {
 		return strings.Compare(b.StringValue(), a.StringValue())

pkg/types/telemetrytypes/test_data.go

@@ -8,101 +8,65 @@ package telemetrytypes
 // This represents the type information available in the test JSON structure.
 func TestJSONTypeSet() (map[string][]JSONDataType, MetadataStore) {
 	types := map[string][]JSONDataType{
-
-		// ── user (primitives) ─────────────────────────────────────────────
-		"user.name":        {String},
-		"user.permissions": {ArrayString},
-		"user.age":         {Int64, String}, // Int64/String ambiguity
-		"user.height":      {Float64},
-		"user.active":      {Bool}, // Bool — not IndexSupported
-
-		// Deeper non-array nesting (a.b.c — no array hops)
-		"user.address.zip": {Int64},
-
-		// ── education[] ───────────────────────────────────────────────────
-		// Pattern: x[].y
-		"education":              {ArrayJSON},
-		"education[].name":       {String},
-		"education[].type":       {String, Int64},
-		"education[].year":       {Int64},
-		"education[].scores":     {ArrayInt64},
-		"education[].parameters": {ArrayFloat64, ArrayDynamic},
-
-		// Pattern: x[].y[]
-		"education[].awards": {ArrayDynamic, ArrayJSON},
-
-		// Pattern: x[].y[].z
-		"education[].awards[].name":     {String},
-		"education[].awards[].type":     {String},
-		"education[].awards[].semester": {Int64},
-
-		// Pattern: x[].y[].z[]
-		"education[].awards[].participated": {ArrayDynamic, ArrayJSON},
-
-		// Pattern: x[].y[].z[].w
-		"education[].awards[].participated[].members": {ArrayString},
-
-		// Pattern: x[].y[].z[].w[]
-		"education[].awards[].participated[].team": {ArrayJSON},
-
-		// Pattern: x[].y[].z[].w[].v
-		"education[].awards[].participated[].team[].branch": {String},
-
-		// ── interests[] ───────────────────────────────────────────────────
-		"interests":                                                                 {ArrayJSON},
-		"interests[].entities":                                                      {ArrayJSON},
-		"interests[].entities[].reviews":                                            {ArrayJSON},
-		"interests[].entities[].reviews[].entries":                                  {ArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata":                       {ArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata[].positions":           {ArrayJSON},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].name":    {String},
-		"interests[].entities[].reviews[].entries[].metadata[].positions[].ratings": {ArrayInt64, ArrayString},
-		"http-events":                     {ArrayJSON},
-		"http-events[].request-info.host": {String},
-		"ids":                             {ArrayDynamic},
-
-		// ── top-level primitives ──────────────────────────────────────────
-		"message":     {String},
-		"http-status": {Int64, String}, // hyphen in root key, ambiguous
-
-		// ── top-level nested objects (no array hops) ───────────────────────
-		"response.time-taken": {Float64}, // hyphen inside nested key
+		"user.name":                                           {String},
+		"user.permissions":                                    {ArrayString},
+		"user.age":                                            {Int64, String},
+		"user.height":                                         {Float64},
+		"education":                                           {ArrayJSON},
+		"education[].name":                                    {String},
+		"education[].type":                                    {String, Int64},
+		"education[].internal_type":                           {String},
+		"education[].metadata.location":                       {String},
+		"education[].parameters":                              {ArrayFloat64, ArrayDynamic},
+		"education[].duration":                                {String},
+		"education[].mode":                                    {String},
+		"education[].year":                                    {Int64},
+		"education[].field":                                   {String},
+		"education[].awards":                                  {ArrayDynamic, ArrayJSON},
+		"education[].awards[].name":                           {String},
+		"education[].awards[].rank":                           {Int64},
+		"education[].awards[].medal":                          {String},
+		"education[].awards[].type":                           {String},
+		"education[].awards[].semester":                       {Int64},
+		"education[].awards[].participated":                   {ArrayDynamic, ArrayJSON},
+		"education[].awards[].participated[].type":            {String},
+		"education[].awards[].participated[].field":           {String},
+		"education[].awards[].participated[].project_type":    {String},
+		"education[].awards[].participated[].project_name":    {String},
+		"education[].awards[].participated[].race_type":       {String},
+		"education[].awards[].participated[].team_based":      {Bool},
+		"education[].awards[].participated[].team_name":       {String},
+		"education[].awards[].participated[].team":            {ArrayJSON},
+		"education[].awards[].participated[].members":         {ArrayString},
+		"education[].awards[].participated[].team[].name":     {String},
+		"education[].awards[].participated[].team[].branch":   {String},
+		"education[].awards[].participated[].team[].semester": {Int64},
+		"interests":                                                                  {ArrayJSON},
+		"interests[].type":                                                           {String},
+		"interests[].entities":                                                       {ArrayJSON},
+		"interests[].entities.application_date":                                      {String},
+		"interests[].entities[].reviews":                                             {ArrayJSON},
+		"interests[].entities[].reviews[].given_by":                                  {String},
+		"interests[].entities[].reviews[].remarks":                                   {String},
+		"interests[].entities[].reviews[].weight":                                    {Float64},
+		"interests[].entities[].reviews[].passed":                                    {Bool},
+		"interests[].entities[].reviews[].type":                                      {String},
+		"interests[].entities[].reviews[].analysis_type":                             {Int64},
+		"interests[].entities[].reviews[].entries":                                   {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].subject":                         {String},
+		"interests[].entities[].reviews[].entries[].status":                          {String},
+		"interests[].entities[].reviews[].entries[].metadata":                        {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata[].company":              {String},
+		"interests[].entities[].reviews[].entries[].metadata[].experience":           {Int64},
+		"interests[].entities[].reviews[].entries[].metadata[].unit":                 {String},
+		"interests[].entities[].reviews[].entries[].metadata[].positions":            {ArrayJSON},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].name":     {String},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].duration": {Int64, Float64},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].unit":     {String},
+		"interests[].entities[].reviews[].entries[].metadata[].positions[].ratings":  {ArrayInt64, ArrayString},
+		"message": {String},
+		"tags":    {ArrayString},
 	}
 
 	return types, nil
 }
-
-// TestIndexedPathEntry is a path + JSON type pair representing a field
-// backed by a ClickHouse skip index in the test data.
-//
-// Only non-array paths with IndexSupported types (String, Int64, Float64)
-// are valid entries — arrays and Bool cannot carry a skip index.
-//
-// The ColumnExpression for each entry is computed at test-setup time from
-// the access plan, since it depends on the column name (e.g. body_v2)
-// which is unknown to this package.
-type TestIndexedPathEntry struct {
-	Path string
-	Type JSONDataType
-}
-
-// TestIndexedPaths lists path+type pairs from TestJSONTypeSet that are
-// backed by a JSON data type index. Test setup uses this to populate
-// key.Indexes after calling SetJSONAccessPlan.
-//
-// Intentionally excluded:
-//   - user.active → Bool, IndexSupported=false
-var TestIndexedPaths = []TestIndexedPathEntry{
-	// user primitives
-	{Path: "user.name", Type: String},
-
-	// user.address — deeper non-array nesting
-	{Path: "user.address.zip", Type: Int64},
-
-	// root-level with special characters
-	{Path: "http-status", Type: Int64},
-	{Path: "http-status", Type: String},
-
-	// root-level nested objects (no array hops)
-	{Path: "response.time-taken", Type: Float64},
-}

tests/integration/fixtures/querier.py

@@ -14,8 +14,8 @@ QUERY_TIMEOUT = 30  # seconds
 @dataclass
 class TelemetryFieldKey:
     name: str
-    field_data_type: Optional[str] = None
-    field_context: Optional[str] = None
+    field_data_type: str
+    field_context: str
 
     def to_dict(self) -> Dict:
         return {

tests/integration/src/querier/01_logs.py

@@ -14,9 +14,7 @@ from fixtures.querier import (
     index_series_by_label,
     make_query_request,
 )
-from src.querier.util import (
-    assert_identical_query_response,
-)
+from src.querier.util import assert_identical_query_response
 
 
 def test_logs_list(
@@ -401,6 +399,174 @@ def test_logs_list(
     assert "d-001" in values
 
 
+def test_logs_list_with_corrupt_data(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[List[Logs]], None],
+) -> None:
+    """
+    Setup:
+    Insert 2 logs with different attributes
+
+    Tests:
+    1. Query logs for the last 10 seconds and check if the logs are returned in the correct order
+    2. Query values of severity_text attribute from the autocomplete API
+    3. Query values of severity_text attribute from the fields API
+    4. Query values of code.file attribute from the autocomplete API
+    5. Query values of code.file attribute from the fields API
+    6. Query values of code.line attribute from the autocomplete API
+    7. Query values of code.line attribute from the fields API
+    """
+    insert_logs(
+        [
+            Logs(
+                timestamp=datetime.now(tz=timezone.utc) - timedelta(seconds=1),
+                resources={
+                    "deployment.environment": "production",
+                    "service.name": "java",
+                    "os.type": "linux",
+                    "host.name": "linux-001",
+                    "cloud.provider": "integration",
+                    "cloud.account.id": "001",
+                    "timestamp": "2024-01-01T00:00:00Z",
+                },
+                attributes={
+                    "log.iostream": "stdout",
+                    "logtag": "F",
+                    "code.file": "/opt/Integration.java",
+                    "code.function": "com.example.Integration.process",
+                    "code.line": 120,
+                    "telemetry.sdk.language": "java",
+                    "id": "1",
+                },
+                body="This is a log message, coming from a java application",
+                severity_text="DEBUG",
+            ),
+            Logs(
+                timestamp=datetime.now(tz=timezone.utc),
+                resources={
+                    "deployment.environment": "production",
+                    "service.name": "go",
+                    "os.type": "linux",
+                    "host.name": "linux-001",
+                    "cloud.provider": "integration",
+                    "cloud.account.id": "001",
+                    "id": 2,
+                },
+                attributes={
+                    "log.iostream": "stdout",
+                    "logtag": "F",
+                    "code.file": "/opt/integration.go",
+                    "code.function": "com.example.Integration.process",
+                    "code.line": 120,
+                    "metric.domain_id": "d-001",
+                    "telemetry.sdk.language": "go",
+                    "timestamp": "invalid-timestamp",
+                },
+                body="This is a log message, coming from a go application",
+                severity_text="INFO",
+            ),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Query Logs for the last 10 seconds and check if the logs are returned in the correct order
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v5/query_range"),
+        timeout=2,
+        headers={
+            "authorization": f"Bearer {token}",
+        },
+        json={
+            "schemaVersion": "v1",
+            "start": int(
+                (datetime.now(tz=timezone.utc) - timedelta(seconds=10)).timestamp()
+                * 1000
+            ),
+            "end": int(datetime.now(tz=timezone.utc).timestamp() * 1000),
+            "requestType": "raw",
+            "compositeQuery": {
+                "queries": [
+                    {
+                        "type": "builder_query",
+                        "spec": {
+                            "name": "A",
+                            "signal": "logs",
+                            "disabled": False,
+                            "limit": 100,
+                            "offset": 0,
+                            "order": [
+                                {"key": {"name": "timestamp"}, "direction": "desc"},
+                                {"key": {"name": "id"}, "direction": "desc"},
+                            ],
+                            "having": {"expression": ""},
+                            "aggregations": [{"expression": "count()"}],
+                        },
+                    }
+                ]
+            },
+            "formatOptions": {"formatTableResultForUI": False, "fillGaps": False},
+        },
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.json()["status"] == "success"
+
+    results = response.json()["data"]["data"]["results"]
+    assert len(results) == 1
+
+    rows = results[0]["rows"]
+    assert len(rows) == 2
+
+    assert (
+        rows[0]["data"]["body"] == "This is a log message, coming from a go application"
+    )
+    assert rows[0]["data"]["resources_string"] == {
+        "cloud.account.id": "001",
+        "cloud.provider": "integration",
+        "deployment.environment": "production",
+        "host.name": "linux-001",
+        "os.type": "linux",
+        "service.name": "go",
+        "id": "2",
+    }
+    assert rows[0]["data"]["attributes_string"] == {
+        "code.file": "/opt/integration.go",
+        "code.function": "com.example.Integration.process",
+        "log.iostream": "stdout",
+        "logtag": "F",
+        "metric.domain_id": "d-001",
+        "telemetry.sdk.language": "go",
+        "timestamp": "invalid-timestamp",
+    }
+    assert rows[0]["data"]["attributes_number"] == {"code.line": 120}
+
+    assert (
+        rows[1]["data"]["body"]
+        == "This is a log message, coming from a java application"
+    )
+    assert rows[1]["data"]["resources_string"] == {
+        "cloud.account.id": "001",
+        "cloud.provider": "integration",
+        "deployment.environment": "production",
+        "host.name": "linux-001",
+        "os.type": "linux",
+        "service.name": "java",
+        "timestamp": "2024-01-01T00:00:00Z",
+    }
+    assert rows[1]["data"]["attributes_string"] == {
+        "code.file": "/opt/Integration.java",
+        "code.function": "com.example.Integration.process",
+        "id": "1",
+        "log.iostream": "stdout",
+        "logtag": "F",
+        "telemetry.sdk.language": "java",
+    }
+    assert rows[1]["data"]["attributes_number"] == {"code.line": 120}
+
+
 @pytest.mark.parametrize(
     "order_by_context,expected_order",
     ####

tests/integration/src/querier/14_list_query_expectations.py

@@ -1,774 +0,0 @@
-from datetime import datetime, timedelta, timezone
-from http import HTTPStatus
-from typing import Any, Callable, List
-
-import pytest
-
-from fixtures import types
-from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
-from fixtures.logs import Logs
-from fixtures.querier import (
-    BuilderQuery,
-    OrderBy,
-    TelemetryFieldKey,
-    make_query_request,
-)
-from src.querier.util import (
-    generate_logs_with_corrupt_metadata,
-)
-
-
-@pytest.mark.parametrize(
-    "query,result",
-    [
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         limit=1,
-        #     ),
-        #     lambda x: _flatten_log(x[2]),
-        #     id="no-select-no-order",
-        #     # Behaviour:
-        #     # Empty order results in consistent random order
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[TelemetryFieldKey("timestamp")],
-        #         limit=1,
-        #     ),
-        #     lambda x: [x[2].id, x[2].timestamp],
-        #     id="select-timestamp-no-order",
-        #     # Behaviour:
-        #     # AdjustKeys no-op
-        #     # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-        #     # Select timestamp is mapped to top level field by field mapper
-        #     # Empty order results in consistent random order
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[TelemetryFieldKey("log.timestamp")],
-        #         limit=1,
-        #     ),
-        #     lambda x: [x[2].id, x[2].timestamp],
-        #     id="select-log-timestamp-no-order",
-        #     # Behaviour:
-        #     # AdjustKeys no-op
-        #     # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-        #     # Select timestamp is mapped to top level field by field mapper
-        #     # Empty order results in consistent random order
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[TelemetryFieldKey("attribute.timestamp")],
-        #         limit=1,
-        #     ),
-        #     lambda x: [x[2].id, x[2].timestamp],
-        #     id="select-attr-timestamp-no-order",
-        #     # Behaviour: [BUG - user didn't get what they expected]
-        #     # AdjustKeys no-op
-        #     # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-        #     # Select timestamp is mapped to top level field by field mapper
-        #     # Empty order results in consistent random order
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[
-        #             TelemetryFieldKey("log.timestamp"),
-        #             TelemetryFieldKey("attribute.timestamp"),
-        #         ],
-        #         limit=1,
-        #     ),
-        #     lambda x: [x[2].id, x[2].timestamp],
-        #     id="select-log-timestamp-and-attr-timestamp-no-order",
-        #     # Behaviour: [BUG - user didn't get what they expected]
-        #     # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-        #     # AdjustKeys logic adjusts key "log.timestamp" to "timestamp"
-        #     # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-        #     # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp fields
-        #     # Select timestamp is mapped to top level field by field mapper
-        #     # Empty order results in consistent random order
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[
-        #             TelemetryFieldKey("timestamp"),
-        #             TelemetryFieldKey("attribute.timestamp"),
-        #         ],
-        #         limit=1,
-        #     ),
-        #     lambda x: [x[2].id, x[2].timestamp],
-        #     id="select-timestamp-and-attr-timestamp-no-order",
-        #     # Behaviour:
-        #     # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-        #     # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-        #     # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp fields
-        #     # Select timestamp is mapped to top level field by field mapper
-        #     # Empty order results in consistent random order
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[
-        #             TelemetryFieldKey("log.timestamp"),
-        #             TelemetryFieldKey("timestamp"),
-        #         ],
-        #         limit=1,
-        #     ),
-        #     lambda x: [x[2].id, x[2].timestamp],
-        #     id="select-log-timestamp-and-timestamp-no-order",
-        #     # Behaviour:
-        #     # AdjustKeys logic adjusts key "log.timestamp" to "timestamp"
-        #     # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-        #     # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-        #     # Select timestamp is mapped to top level field by field mapper
-        #     # Empty order results in consistent random order
-        # ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                limit=1,
-                order=[OrderBy(TelemetryFieldKey("timestamp"), "desc")],
-            ),
-            lambda x: _flatten_log(x[3]),
-            id="no-select-order-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys no-op
-            # Order by timestamp is mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("timestamp")],
-                order=[OrderBy(TelemetryFieldKey("timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-timestamp-order-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys no-op
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("log.timestamp")],
-                order=[OrderBy(TelemetryFieldKey("timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-log-timestamp-order-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys logic adjusts key "log.timestamp" to "timestamp"
-            # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input log.timestamp field
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("attribute.timestamp")],
-                order=[OrderBy(TelemetryFieldKey("timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-attr-timestamp-order-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-            # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[
-                    TelemetryFieldKey("log.timestamp"),
-                    TelemetryFieldKey("attribute.timestamp"),
-                ],
-                order=[OrderBy(TelemetryFieldKey("timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-log-timestamp-and-attr-timestamp-order-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-            # AdjustKeys logic adjusts key "log.timestamp" to "timestamp"
-            # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp fields
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[
-                    TelemetryFieldKey("timestamp"),
-                    TelemetryFieldKey("attribute.timestamp"),
-                ],
-                order=[OrderBy(TelemetryFieldKey("timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-timestamp-and-attr-timestamp-order-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-            # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp fields
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[
-                    TelemetryFieldKey("log.timestamp"),
-                    TelemetryFieldKey("timestamp"),
-                ],
-                order=[OrderBy(TelemetryFieldKey("timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-log-timestamp-and-timestamp-order-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-            # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp fields
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                limit=1,
-                order=[OrderBy(TelemetryFieldKey("attribute.timestamp"), "desc")],
-            ),
-            lambda x: [],
-            id="no-select-order-attr-timestamp-desc",
-            # Behaviour: [BUG]
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "attribute.timestamp:string"
-            # Because of aliasing bug, result is empty
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("timestamp")],
-                order=[OrderBy(TelemetryFieldKey("attribute.timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-timestamp-order-attr-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys adjusts key "attribute.timestamp" to "timestamp"
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("log.timestamp")],
-                order=[OrderBy(TelemetryFieldKey("attribute.timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-log-timestamp-order-attr-timestamp-desc",
-            # Behaviour: [BUG - user didn't get what they expected]
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-            # AdjustKeys logic adjusts key "log.timestamp" to "timestamp"
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("attribute.timestamp")],
-                order=[OrderBy(TelemetryFieldKey("attribute.timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [],  # Because of aliasing bug, this returns no data
-            id="select-attr-timestamp-order-attr-timestamp-desc",
-            # Behaviour [BUG - user didn't get what they expected]:
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "attribute.timestamp:string"
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-            # Because of Logs stmt builder behaviour, we ran into aliasing bug, result is empty
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[
-                    TelemetryFieldKey("log.timestamp"),
-                    TelemetryFieldKey("attribute.timestamp"),
-                ],
-                order=[OrderBy(TelemetryFieldKey("attribute.timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-log-timestamp-and-attr-timestamp-order-attr-timestamp-desc",
-            # Behaviour: [BUG - user didn't get what they expected]
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-            # AdjustKeys logic adjusts key "log.timestamp" to "timestamp"
-            # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-            # Logs stmt builder by default adds timestamp field to select fields and ignores user input timestamp field
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[
-                    TelemetryFieldKey("timestamp"),
-                    TelemetryFieldKey("attribute.timestamp"),
-                ],
-                order=[OrderBy(TelemetryFieldKey("attribute.timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-timestamp-and-attr-timestamp-order-attr-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-            # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[
-                    TelemetryFieldKey("log.timestamp"),
-                    TelemetryFieldKey("timestamp"),
-                ],
-                order=[OrderBy(TelemetryFieldKey("attribute.timestamp"), "desc")],
-                limit=1,
-            ),
-            lambda x: [x[3].id, x[3].timestamp],
-            id="select-log-timestamp-and-timestamp-order-attr-timestamp-desc",
-            # Behaviour:
-            # AdjustKeys logic adjusts key "attribute.timestamp" to "timestamp"
-            # AdjustKeys logic adjusts key "log.timestamp" to "timestamp"
-            # AdjustKeys logic removes duplicate key "timestamp", only 1 select field is left
-            # Select and OrderBy both timestamp are mapped to top level field by field mapper
-        ),
-    ],
-)
-def test_logs_list_query_timestamp_expectations(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-    insert_logs: Callable[[List[Logs]], None],
-    query: BuilderQuery,
-    result: Callable[[List[Logs]], List[Any]],
-) -> None:
-    """
-    Setup:
-    Insert logs with corrupt data
-
-    Tests:
-    """
-    logs = generate_logs_with_corrupt_metadata()
-    insert_logs(logs)
-
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    # Query Logs for the last 1 minute and check if the logs are returned in the correct order
-    response = make_query_request(
-        signoz,
-        token,
-        start_ms=int(
-            (datetime.now(tz=timezone.utc) - timedelta(minutes=1)).timestamp() * 1000
-        ),
-        end_ms=int(datetime.now(tz=timezone.utc).timestamp() * 1000),
-        request_type="raw",
-        queries=[query.to_dict()],
-    )
-
-    assert response.status_code == HTTPStatus.OK
-
-    if response.status_code == HTTPStatus.OK:
-        if not result(logs):
-            # No results expected
-            assert response.json()["data"]["data"]["results"][0]["rows"] is None
-        else:
-            data = response.json()["data"]["data"]["results"][0]["rows"][0]["data"]
-            for key, value in zip(list(data.keys()), result(logs)):
-                assert data[key] == value
-
-
-@pytest.mark.parametrize(
-    "query,results",
-    [
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[TelemetryFieldKey("trace_id")],
-        #     ),
-        #     lambda x: [
-        #         [x[2].id, x[2].timestamp, x[2].trace_id],
-        #         [x[1].id, x[1].timestamp, x[1].trace_id],
-        #         [x[0].id, x[0].timestamp, x[0].trace_id],
-        #         [x[3].id, x[3].timestamp, x[3].trace_id],
-        #     ],
-        #     id="select-trace-id-no-order",
-        #     # Justification (expected values and row order):
-        #     # Values: x[0].trace_id="1", x[1].trace_id="", x[2].trace_id="", x[3].trace_id=""
-        #     # Order: no explicit order → ClickHouse internal storage order
-        #     # Behaviour:
-        #     # AdjustKeys no-op
-        #     # Select trace_id is mapped to top level field by field mapper
-        #     # Empty order results in consistent random order
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[TelemetryFieldKey("log.trace_id")],
-        #     ),
-        #     lambda x: [
-        #         [x[2].id, x[2].timestamp, x[2].trace_id],
-        #         [x[1].id, x[1].timestamp, x[1].trace_id],
-        #         [x[0].id, x[0].timestamp, x[0].trace_id],
-        #         [x[3].id, x[3].timestamp, x[3].trace_id],
-        #     ],
-        #     id="select-log-trace-id-no-order",
-        #     # Justification (expected values and row order):
-        #     # Values: x[0].trace_id="1", x[1].trace_id="", x[2].trace_id="", x[3].trace_id=""
-        #     # Order: no explicit order → ClickHouse internal storage order
-        #     # Behaviour:
-        #     # AdjustKeys adjusts log.trace_id to log.trace_id:string
-        #     # Select log.trace_id is mapped to top level field by field mapper
-        #     # Empty order results in consistent random order
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[TelemetryFieldKey("body.trace_id")],
-        #     ),
-        #     lambda x: [
-        #         [x[2].id, x[2].timestamp, x[2].trace_id],
-        #         [x[1].id, x[1].timestamp, x[1].trace_id],
-        #         [x[0].id, x[0].timestamp, x[0].trace_id],
-        #         [x[3].id, x[3].timestamp, x[3].trace_id],
-        #     ],
-        #     id="select-body-trace-id-no-order",
-        #     # Justification (expected values and row order):
-        #     # Values: x[0].trace_id="1", x[1].trace_id="", x[2].trace_id="", x[3].trace_id=""
-        #     # Order: no explicit order → ClickHouse internal storage order
-        #     # Behaviour:
-        #     # AdjustKeys logic adjusts key "body.trace_id" to "log.trace_id:string"
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[TelemetryFieldKey("attribute.trace_id")],
-        #     ),
-        #     lambda x: [
-        #         [x[2].id, x[2].timestamp, x[2].attributes_string.get("trace_id", "")],
-        #         [x[1].id, x[1].timestamp, x[1].attributes_string.get("trace_id", "")],
-        #         [x[0].id, x[0].timestamp, x[0].attributes_string.get("trace_id", "")],
-        #         [x[3].id, x[3].timestamp, x[3].attributes_string.get("trace_id", "")],
-        #     ],
-        #     id="select-attribute-trace-id-no-order",
-        #     # Justification (expected values and row order):
-        #     # Values: x[0]="", x[1]="2", x[2]="", x[3]="" (only x[1] has attribute.trace_id set)
-        #     # Order: no explicit order → ClickHouse internal storage order
-        #     # Behaviour:
-        #     # AdjustKeys no-op
-        # ),
-        # pytest.param(
-        #     BuilderQuery(
-        #         signal="logs",
-        #         name="A",
-        #         select_fields=[TelemetryFieldKey("resource.trace_id")],
-        #     ),
-        #     lambda x: [
-        #         [x[2].id, x[2].timestamp, x[2].resources_string.get("trace_id", "")],
-        #         [x[1].id, x[1].timestamp, x[1].resources_string.get("trace_id", "")],
-        #         [x[0].id, x[0].timestamp, x[0].resources_string.get("trace_id", "")],
-        #         [x[3].id, x[3].timestamp, x[3].resources_string.get("trace_id", "")],
-        #     ],
-        #     id="select-resource-trace-id-no-order",
-        #     # Justification (expected values and row order):
-        #     # Values: x[0]="", x[1]="", x[2]="3", x[3]="" (only x[2] has resource.trace_id set)
-        #     # Order: no explicit order → ClickHouse internal storage order
-        #     # Behaviour:
-        #     # AdjustKeys no-op
-        # ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                order=[OrderBy(TelemetryFieldKey("trace_id"), "desc")],
-            ),
-            lambda x: [
-                _flatten_log(x[0]),
-                _flatten_log(x[2]),
-                _flatten_log(x[1]),
-                _flatten_log(x[3]),
-            ],
-            id="no-select-trace-id-order",
-            # Justification (expected values and row order):
-            # Values: x[0].trace_id="1", x[1].trace_id="", x[2].trace_id="", x[3].trace_id=""
-            # Order: trace_id DESC → x[0]("1") first, then x[2](""), x[1](""), x[3]("") in storage order
-            # Behaviour:
-            # AdjustKeys no-op
-            # Order by trace_id is mapped to top level field by field mapper
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                order=[OrderBy(TelemetryFieldKey("attribute.trace_id"), "desc")],
-            ),
-            lambda x: [
-                [*_flatten_log(x[1])[:14], x[1].attributes_string.get("trace_id", "")],
-                [*_flatten_log(x[2])[:14], x[2].attributes_string.get("trace_id", "")],
-                [*_flatten_log(x[0])[:14], x[0].attributes_string.get("trace_id", "")],
-                [*_flatten_log(x[3])[:14], x[3].attributes_string.get("trace_id", "")],
-            ],
-            id="no-select-attribute-trace-id-order",
-            # Justification (expected values and row order):
-            # attribute.trace_id values: x[0]="", x[1]="2", x[2]="", x[3]=""
-            # Behaviour: [BUG - user didn't get what they expected]
-            # AdjustKeys adjusts "attribute.trace_id" to "attribute.trace_id:string"
-            # Order by attribute.trace_id maps to attributes_string['trace_id']
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("trace_id")],
-                order=[OrderBy(TelemetryFieldKey("trace_id"), "desc")],
-            ),
-            lambda x: [
-                [x[0].id, x[0].timestamp, x[0].trace_id],
-                [x[2].id, x[2].timestamp, x[2].trace_id],
-                [x[1].id, x[1].timestamp, x[1].trace_id],
-                [x[3].id, x[3].timestamp, x[3].trace_id],
-            ],
-            id="select-trace-id-order-trace-id-desc",
-            # Justification (expected values and row order):
-            # Values: x[0].trace_id="1", x[1].trace_id="", x[2].trace_id="", x[3].trace_id=""
-            # Order: trace_id DESC → x[0]("1") first, then x[2](""), x[1](""), x[3]("") in storage order
-            # Behaviour:
-            # AdjustKeys no-op
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("attribute.trace_id")],
-                order=[OrderBy(TelemetryFieldKey("attribute.trace_id"), "desc")],
-            ),
-            lambda x: [
-                [x[1].id, x[1].timestamp, x[1].attributes_string.get("trace_id", "")],
-                [x[2].id, x[2].timestamp, x[2].attributes_string.get("trace_id", "")],
-                [x[0].id, x[0].timestamp, x[0].attributes_string.get("trace_id", "")],
-                [x[3].id, x[3].timestamp, x[3].attributes_string.get("trace_id", "")],
-            ],
-            id="select-attribute-trace-id-order-attribute-trace-id-desc",
-            # Justification (expected values and row order):
-            # AdjustKeys: no-op for both select and order, "attribute.trace_id" is a valid attribute key
-            # Field mapping: "attribute.trace_id" → attributes_string["trace_id"]
-            # Values: x[0]="", x[1]="2", x[2]="", x[3]="" (only x[1] has attribute.trace_id set)
-            # Order: attribute.trace_id DESC → x[1]("2") first, then x[2](""), x[0](""), x[3]("") in storage order
-            # Behaviour:
-            # AdjustKeys no-op
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("resource.trace_id")],
-                order=[OrderBy(TelemetryFieldKey("resource.trace_id"), "desc")],
-            ),
-            lambda x: [
-                [x[2].id, x[2].timestamp, x[2].resources_string.get("trace_id", "")],
-                [x[1].id, x[1].timestamp, x[1].resources_string.get("trace_id", "")],
-                [x[0].id, x[0].timestamp, x[0].resources_string.get("trace_id", "")],
-                [x[3].id, x[3].timestamp, x[3].resources_string.get("trace_id", "")],
-            ],
-            id="select-resource-trace-id-order-resource-trace-id-desc",
-            # Justification (expected values and row order):
-            # AdjustKeys: no-op for both select and order, "resource.trace_id" is a valid resource key
-            # Field mapping: "resource.trace_id" → resources_string["trace_id"]
-            # Values: x[0]="", x[1]="", x[2]="3", x[3]="" (only x[2] has resource.trace_id set)
-            # Order: resource.trace_id DESC → x[2]("3") first, then x[1](""), x[0](""), x[3]("") in storage order
-            # Behaviour:
-            # AdjustKeys no-op
-        ),
-        pytest.param(
-            BuilderQuery(
-                signal="logs",
-                name="A",
-                select_fields=[TelemetryFieldKey("body.trace_id")],
-                order=[OrderBy(TelemetryFieldKey("body.trace_id"), "desc")],
-            ),
-            lambda x: [
-                [x[0].id, x[0].timestamp, x[0].trace_id],
-                [x[2].id, x[2].timestamp, x[2].trace_id],
-                [x[1].id, x[1].timestamp, x[1].trace_id],
-                [x[3].id, x[3].timestamp, x[3].trace_id],
-            ],
-            id="select-body-trace-id-order-body-trace-id-desc",
-            # Justification (expected values and row order):
-            # AdjustKeys: adjusts "body.trace_id" to "log.trace_id:string" for both select and order
-            # Field mapping: "log.trace_id:string" → top-level trace_id column
-            # Values: x[0].trace_id="1", x[1].trace_id="", x[2].trace_id="", x[3].trace_id=""
-            # Order: trace_id DESC → x[0]("1") first, then x[2](""), x[1](""), x[3]("") in storage order
-            # Behaviour:
-            # AdjustKeys logic adjusts key "body.trace_id" to "log.trace_id:string"
-        ),
-    ],
-)
-def test_logs_list_query_trace_id_expectations(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-    insert_logs: Callable[[List[Logs]], None],
-    query: BuilderQuery,
-    results: Callable[[List[Logs]], List[Any]],
-) -> None:
-    """
-    Justification for expected rows and ordering:
-    Four logs differ by where trace_id is set: top-level (x[0]), attribute (x[1]),
-    resource (x[2]), or only in body text (x[3]). Each parametrized case documents
-    which column AdjustKeys/field mapping reads and why DESC ties break in storage order.
-
-    Setup:
-    Insert logs with corrupt trace_id
-
-    Tests:
-    """
-    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
-
-    logs = [
-        Logs(
-            timestamp=now - timedelta(seconds=4),
-            body="POST /integration request received",
-            severity_text="INFO",
-            resources={
-                "service.name": "http-service",
-                "timestamp": "corrupt_data",
-            },
-            attributes={
-                "severity_text": "corrupt_data",
-                "timestamp": "corrupt_data",
-            },
-            trace_id="1",
-        ),
-        Logs(
-            timestamp=now - timedelta(seconds=3),
-            body="SELECT query executed",
-            severity_text="DEBUG",
-            resources={
-                "service.name": "http-service",
-                "id": "corrupt_data",
-            },
-            attributes={
-                "trace_id": "2",
-            },
-        ),
-        Logs(
-            timestamp=now - timedelta(seconds=2),
-            body="HTTP PATCH failed with 404",
-            severity_text="WARN",
-            resources={
-                "service.name": "http-service",
-                "body": "corrupt_data",
-                "trace_id": "3",
-            },
-            attributes={
-                "id": "1",
-            },
-        ),
-        Logs(
-            timestamp=now - timedelta(seconds=1),
-            body="{'trace_id': '4'}",
-            severity_text="ERROR",
-            resources={
-                "service.name": "topic-service",
-            },
-            attributes={
-                "body": "corrupt_data",
-                "timestamp": "corrupt_data",
-            },
-        ),
-    ]
-    insert_logs(logs)
-
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    # Query Logs for the last 1 minute and check if the logs are returned in the correct order
-    response = make_query_request(
-        signoz,
-        token,
-        start_ms=int(
-            (datetime.now(tz=timezone.utc) - timedelta(minutes=10)).timestamp() * 1000
-        ),
-        end_ms=int(datetime.now(tz=timezone.utc).timestamp() * 1000),
-        request_type="raw",
-        queries=[query.to_dict()],
-    )
-
-    assert response.status_code == HTTPStatus.OK
-
-    if response.status_code == HTTPStatus.OK:
-        if not results(logs):
-            # No results expected
-            assert response.json()["data"]["data"]["results"][0]["rows"] is None
-        else:
-            print(response.json())
-            rows = response.json()["data"]["data"]["results"][0]["rows"]
-            assert len(rows) == len(
-                results(logs)
-            ), f"Expected {len(results(logs))} rows, got {len(rows)}"
-            for row, expected_row in zip(rows, results(logs)):
-                data = row["data"]
-                keys = list(data.keys())
-                for i, expected_value in enumerate(expected_row):
-                    assert (
-                        data[keys[i]] == expected_value
-                    ), f"Row mismatch at key '{keys[i]}': expected {expected_value}, got {data[keys[i]]}"
-
-
-def _flatten_log(log: Logs) -> List[Any]:
-    return [
-        log.attributes_bool,
-        log.attributes_number,
-        log.attributes_string,
-        log.body,
-        log.id,
-        log.resources_string,
-        log.scope_name,
-        log.scope_string,
-        log.scope_version,
-        log.severity_number,
-        log.severity_text,
-        log.span_id,
-        log.timestamp,
-        log.trace_flags,
-        log.trace_id,
-    ]

tests/integration/src/querier/util.py

@@ -4,7 +4,6 @@ from typing import List
 
 import requests
 
-from fixtures.logs import Logs
 from fixtures.traces import TraceIdGenerator, Traces, TracesKind, TracesStatusCode
 
 
@@ -39,101 +38,6 @@ def assert_identical_query_response(
         ), "Response data do not match"
 
 
-def generate_logs_with_corrupt_metadata() -> List[Logs]:
-    """
-    Specifically, entries with 'id', 'timestamp', 'severity_text', 'severity_number' and 'body' fields in metadata
-    """
-    now = datetime.now(tz=timezone.utc).replace(second=0, microsecond=0)
-
-    return [
-        Logs(
-            timestamp=now - timedelta(seconds=4),
-            body="POST /integration request received",
-            severity_text="INFO",
-            resources={
-                "deployment.environment": "production",
-                "service.name": "http-service",
-                "os.type": "linux",
-                "host.name": "linux-000",
-                "cloud.provider": "integration",
-                "cloud.account.id": "000",
-                "timestamp": "corrupt_data",
-            },
-            attributes={
-                "net.transport": "IP.TCP",
-                "http.scheme": "http",
-                "http.user_agent": "Integration Test",
-                "http.request.method": "POST",
-                "http.response.status_code": "200",
-                "severity_text": "corrupt_data",
-                "timestamp": "corrupt_data",
-            },
-            trace_id="1",
-        ),
-        Logs(
-            timestamp=now - timedelta(seconds=3),
-            body="SELECT query executed",
-            severity_text="DEBUG",
-            resources={
-                "deployment.environment": "production",
-                "service.name": "http-service",
-                "os.type": "linux",
-                "host.name": "linux-000",
-                "cloud.provider": "integration",
-                "cloud.account.id": "000",
-                "severity_number": "corrupt_data",
-                "id": "corrupt_data",
-            },
-            attributes={
-                "db.name": "integration",
-                "db.operation": "SELECT",
-                "db.statement": "SELECT * FROM integration",
-                "trace_id": "2",
-            },
-        ),
-        Logs(
-            timestamp=now - timedelta(seconds=2),
-            body="HTTP PATCH failed with 404",
-            severity_text="WARN",
-            resources={
-                "deployment.environment": "production",
-                "service.name": "http-service",
-                "os.type": "linux",
-                "host.name": "linux-000",
-                "cloud.provider": "integration",
-                "cloud.account.id": "000",
-                "body": "corrupt_data",
-                "trace_id": "3",
-            },
-            attributes={
-                "http.request.method": "PATCH",
-                "http.status_code": "404",
-                "id": "1",
-            },
-        ),
-        Logs(
-            timestamp=now - timedelta(seconds=1),
-            body="{'trace_id': '4'}",
-            severity_text="ERROR",
-            resources={
-                "deployment.environment": "production",
-                "service.name": "topic-service",
-                "os.type": "linux",
-                "host.name": "linux-001",
-                "cloud.provider": "integration",
-                "cloud.account.id": "001",
-            },
-            attributes={
-                "message.type": "SENT",
-                "messaging.operation": "publish",
-                "messaging.message.id": "001",
-                "body": "corrupt_data",
-                "timestamp": "corrupt_data",
-            },
-        ),
-    ]
-
-
 def generate_traces_with_corrupt_metadata() -> List[Traces]:
     """
     Specifically, entries with 'id', 'timestamp', 'trace_id' and 'duration_nano' fields in metadata