docs(go): swap remaining examples to AuthDomain/Channel where possible

Document the core-type-first pattern used across pkg/types/: always define
the domain type X, and introduce Postable/Gettable/Updatable/Storable
flavors only when their shape actually differs from X. Walk through
Channel (core only), AuthDomain (all four flavors), and Rule (the
in-progress v2 split) as worked examples.

.devenv/docker/clickhouse/compose.yaml

@@ -27,8 +27,8 @@ services:
       - ${PWD}/fs/tmp/var/lib/clickhouse/user_scripts/:/var/lib/clickhouse/user_scripts/
       - ${PWD}/../../../deploy/common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
     ports:
-      - '127.0.0.1:8123:8123'
-      - '127.0.0.1:9000:9000'
+      - "127.0.0.1:8123:8123"
+      - "127.0.0.1:9000:9000"
     tty: true
     healthcheck:
       test:
@@ -47,13 +47,16 @@ services:
         condition: service_healthy
     environment:
       - CLICKHOUSE_SKIP_USER_SETUP=1
+    networks:
+      - default
+      - signoz-devenv
   zookeeper:
     image: signoz/zookeeper:3.7.1
     container_name: zookeeper
     volumes:
       - ${PWD}/fs/tmp/zookeeper:/bitnami/zookeeper
     ports:
-      - '127.0.0.1:2181:2181'
+      - "127.0.0.1:2181:2181"
     environment:
       - ALLOW_ANONYMOUS_LOGIN=yes
     healthcheck:
@@ -74,12 +77,19 @@ services:
     entrypoint:
       - /bin/sh
     command:
-    - -c 
-    - |
-      /signoz-otel-collector migrate bootstrap &&
-      /signoz-otel-collector migrate sync up &&
-      /signoz-otel-collector migrate async up
+      - -c
+      - |
+        /signoz-otel-collector migrate bootstrap &&
+        /signoz-otel-collector migrate sync up &&
+        /signoz-otel-collector migrate async up
     depends_on:
       clickhouse:
         condition: service_healthy
     restart: on-failure
+    networks:
+      - default
+      - signoz-devenv
+
+networks:
+  signoz-devenv:
+    name: signoz-devenv

.devenv/docker/signoz-otel-collector/compose.yaml

@@ -3,7 +3,7 @@ services:
     image: signoz/signoz-otel-collector:v0.142.0
     container_name: signoz-otel-collector-dev
     entrypoint:
-    - /bin/sh
+      - /bin/sh
     command:
       - -c
       - |
@@ -34,4 +34,11 @@ services:
       retries: 3
     restart: unless-stopped
     extra_hosts:
-      - "host.docker.internal:host-gateway"
+      - "host.docker.internal:host-gateway"
+    networks:
+      - default
+      - signoz-devenv
+
+networks:
+  signoz-devenv:
+    name: signoz-devenv

.devenv/docker/signoz-otel-collector/otel-collector-config.yaml

@@ -12,10 +12,10 @@ receivers:
       scrape_configs:
         - job_name: otel-collector
           static_configs:
-          - targets:
-              - localhost:8888
-            labels:
-              job_name: otel-collector
+            - targets:
+                - localhost:8888
+              labels:
+                job_name: otel-collector
 
 processors:
   batch:
@@ -29,7 +29,26 @@ processors:
   signozspanmetrics/delta:
     metrics_exporter: signozclickhousemetrics
     metrics_flush_interval: 60s
-    latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
+    latency_histogram_buckets:
+      [
+        100us,
+        1ms,
+        2ms,
+        6ms,
+        10ms,
+        50ms,
+        100ms,
+        250ms,
+        500ms,
+        1000ms,
+        1400ms,
+        2000ms,
+        5s,
+        10s,
+        20s,
+        40s,
+        60s,
+      ]
     dimensions_cache_size: 100000
     aggregation_temporality: AGGREGATION_TEMPORALITY_DELTA
     enable_exp_histogram: true
@@ -60,13 +79,13 @@ extensions:
 
 exporters:
   clickhousetraces:
-    datasource: tcp://host.docker.internal:9000/signoz_traces
+    datasource: tcp://clickhouse:9000/signoz_traces
     low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
     use_new_schema: true
   signozclickhousemetrics:
-    dsn: tcp://host.docker.internal:9000/signoz_metrics
+    dsn: tcp://clickhouse:9000/signoz_metrics
   clickhouselogsexporter:
-    dsn: tcp://host.docker.internal:9000/signoz_logs
+    dsn: tcp://clickhouse:9000/signoz_logs
     timeout: 10s
     use_new_schema: true
 
@@ -93,4 +112,4 @@ service:
     logs:
       receivers: [otlp]
       processors: [batch]
-      exporters: [clickhouselogsexporter]
+      exporters: [clickhouselogsexporter]

.github/CODEOWNERS

@@ -86,6 +86,8 @@ go.mod @therealpandey
 /pkg/types/alertmanagertypes @srikanthccv
 /pkg/alertmanager/ @srikanthccv
 /pkg/ruler/ @srikanthccv
+/pkg/modules/rulestatehistory/ @srikanthccv
+/pkg/types/rulestatehistorytypes/ @srikanthccv
 
 # Correlation-adjacent
 
@@ -105,6 +107,10 @@ go.mod @therealpandey
 /pkg/modules/authdomain/ @vikrantgupta25
 /pkg/modules/role/ @vikrantgupta25
 
+# IdentN Owners
+/pkg/identn/ @vikrantgupta25
+/pkg/http/middleware/identn.go @vikrantgupta25
+
 # Integration tests
 
 /tests/integration/ @vikrantgupta25

.github/workflows/goci.yaml

@@ -102,13 +102,3 @@ jobs:
         run: |
           go run cmd/enterprise/*.go generate openapi
           git diff --compact-summary --exit-code || (echo; echo "Unexpected difference in openapi spec. Run go run cmd/enterprise/*.go generate openapi locally and commit."; exit 1)
-      - name: node-install
-        uses: actions/setup-node@v5
-        with:
-          node-version: "22"
-      - name: install-frontend
-        run: cd frontend && yarn install
-      - name: generate-api-clients
-        run: |
-          cd frontend && yarn generate:api
-          git diff --compact-summary --exit-code || (echo; echo "Unexpected difference in generated api clients. Run yarn generate:api in frontend/ locally and commit."; exit 1)

.github/workflows/integrationci.yaml

@@ -29,6 +29,7 @@ jobs:
       - name: fmt
         run: |
           make py-fmt
+          git diff --exit-code -- tests/integration/
       - name: lint
         run: |
           make py-lint
@@ -49,9 +50,13 @@ jobs:
           - ttl
           - alerts
           - ingestionkeys
+          - rootuser
+          - serviceaccount
         sqlstore-provider:
           - postgres
           - sqlite
+        sqlite-mode:
+          - wal
         clickhouse-version:
           - 25.5.6
           - 25.12.5
@@ -99,6 +104,7 @@ jobs:
             --basetemp=./tmp/ \
             src/${{matrix.src}} \
             --sqlstore-provider ${{matrix.sqlstore-provider}} \
+            --sqlite-mode ${{matrix.sqlite-mode}} \
             --postgres-version ${{matrix.postgres-version}} \
             --clickhouse-version ${{matrix.clickhouse-version}} \
             --schema-migrator-version ${{matrix.schema-migrator-version}}

.github/workflows/jsci.yaml

@@ -52,16 +52,16 @@ jobs:
     with:
       PRIMUS_REF: main
       JS_SRC: frontend
-  md-languages:
+  languages:
     if: |
       github.event_name == 'merge_group' ||
       (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
       (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))
     runs-on: ubuntu-latest
     steps:
-      - name: checkout
+      - name: self-checkout
         uses: actions/checkout@v4
-      - name: validate md languages
+      - name: run
         run: bash frontend/scripts/validate-md-languages.sh
   authz:
     if: |
@@ -70,44 +70,55 @@ jobs:
       (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
+      - name: self-checkout
         uses: actions/checkout@v5
-
-      - name: Set up Node.js
+      - name: node-install
         uses: actions/setup-node@v5
         with:
           node-version: "22"
-
-      - name: Install frontend dependencies
+      - name: deps-install
         working-directory: ./frontend
         run: |
           yarn install
-
-      - name: Install uv
+      - name: uv-install
         uses: astral-sh/setup-uv@v5
-
-      - name: Install Python dependencies
+      - name: uv-deps
         working-directory: ./tests/integration
         run: |
           uv sync
-
-      - name: Start test environment
+      - name: setup-test
         run: |
           make py-test-setup
-
-      - name: Generate permissions.type.ts
+      - name: generate
         working-directory: ./frontend
         run: |
           yarn generate:permissions-type
-
-      - name: Teardown test environment
+      - name: teardown-test
         if: always()
         run: |
           make py-test-teardown
-
-      - name: Check for changes
+      - name: validate
         run: |
           if ! git diff --exit-code frontend/src/hooks/useAuthZ/permissions.type.ts; then
             echo "::error::frontend/src/hooks/useAuthZ/permissions.type.ts is out of date. Please run the generator locally and commit the changes: npm run generate:permissions-type (from the frontend directory)"
             exit 1
           fi
+  openapi:
+    if: |
+      github.event_name == 'merge_group' ||
+      (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
+      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))
+    runs-on: ubuntu-latest
+    steps:
+      - name: self-checkout
+        uses: actions/checkout@v4
+      - name: node-install
+        uses: actions/setup-node@v5
+        with:
+          node-version: "22"
+      - name: install-frontend
+        run: cd frontend && yarn install
+      - name: generate-api-clients
+        run: |
+          cd frontend && yarn generate:api
+          git diff --compact-summary --exit-code || (echo; echo "Unexpected difference in generated api clients. Run yarn generate:api in frontend/ locally and commit."; exit 1)

.gitignore

@@ -51,6 +51,8 @@ ee/query-service/tests/test-deploy/data/
 # local data
 *.backup
 *.db
+*.db-shm
+*.db-wal
 **/db
 /deploy/docker/clickhouse-setup/data/
 /deploy/docker-swarm/clickhouse-setup/data/

.golangci.yml

@@ -6,12 +6,14 @@ linters:
     - depguard
     - errcheck
     - forbidigo
+    - godot
     - govet
     - iface
     - ineffassign
     - misspell
     - nilnil
     - sloglint
+    - staticcheck
     - wastedassign
     - unparam
     - unused
@@ -35,7 +37,7 @@ linters:
         - identical
     sloglint:
       no-mixed-args: true
-      kv-only: true
+      attr-only: true
       no-global: all
       context: all
       static-msg: true

.vscode/settings.json

@@ -17,5 +17,7 @@
 	},
 	"[html]": {
 		"editor.defaultFormatter": "vscode.html-language-features"
-	}
+	},
+	"python-envs.defaultEnvManager": "ms-python.python:system",
+	"python-envs.pythonProjects": []
 }

cmd/community/server.go

@@ -4,43 +4,58 @@ import (
 	"context"
 	"log/slog"
 
+	"github.com/spf13/cobra"
+
 	"github.com/SigNoz/signoz/cmd"
+	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/analytics"
+	"github.com/SigNoz/signoz/pkg/auditor"
 	"github.com/SigNoz/signoz/pkg/authn"
 	"github.com/SigNoz/signoz/pkg/authz"
 	"github.com/SigNoz/signoz/pkg/authz/openfgaauthz"
 	"github.com/SigNoz/signoz/pkg/authz/openfgaschema"
+	"github.com/SigNoz/signoz/pkg/authz/openfgaserver"
+	"github.com/SigNoz/signoz/pkg/cache"
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/gateway"
 	"github.com/SigNoz/signoz/pkg/gateway/noopgateway"
+	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/licensing/nooplicensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
+	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
+	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/queryparser"
+	"github.com/SigNoz/signoz/pkg/ruler"
+	"github.com/SigNoz/signoz/pkg/ruler/signozruler"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/sqlschema"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/telemetrystore"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/SigNoz/signoz/pkg/zeus/noopzeus"
-	"github.com/spf13/cobra"
 )
 
 func registerServer(parentCmd *cobra.Command, logger *slog.Logger) {
-	var flags signoz.DeprecatedFlags
+	var configFiles []string
 
 	serverCmd := &cobra.Command{
 		Use:                "server",
 		Short:              "Run the SigNoz server",
 		FParseErrWhitelist: cobra.FParseErrWhitelist{UnknownFlags: true},
 		RunE: func(currCmd *cobra.Command, args []string) error {
-			config, err := cmd.NewSigNozConfig(currCmd.Context(), logger, flags)
+			config, err := cmd.NewSigNozConfig(currCmd.Context(), logger, configFiles)
 			if err != nil {
 				return err
 			}
@@ -49,7 +64,7 @@ func registerServer(parentCmd *cobra.Command, logger *slog.Logger) {
 		},
 	}
 
-	flags.RegisterFlags(serverCmd)
+	serverCmd.Flags().StringArrayVar(&configFiles, "config", nil, "path to a YAML configuration file (can be specified multiple times, later files override earlier ones)")
 	parentCmd.AddCommand(serverCmd)
 }
 
@@ -68,17 +83,22 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		},
 		signoz.NewEmailingProviderFactories(),
 		signoz.NewCacheProviderFactories(),
-		signoz.NewWebProviderFactories(),
+		signoz.NewWebProviderFactories(config.Global),
 		func(sqlstore sqlstore.SQLStore) factory.NamedMap[factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config]] {
 			return signoz.NewSQLSchemaProviderFactories(sqlstore)
 		},
 		signoz.NewSQLStoreProviderFactories(),
 		signoz.NewTelemetryStoreProviderFactories(),
-		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing, userGetter user.Getter) (map[authtypes.AuthNProvider]authn.AuthN, error) {
-			return signoz.NewAuthNs(ctx, providerSettings, store, licensing, userGetter)
+		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
+			return signoz.NewAuthNs(ctx, providerSettings, store, licensing)
 		},
-		func(ctx context.Context, sqlstore sqlstore.SQLStore, _ licensing.Licensing, _ dashboard.Module) factory.ProviderFactory[authz.AuthZ, authz.Config] {
-			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx))
+		func(ctx context.Context, sqlstore sqlstore.SQLStore, _ licensing.Licensing, _ dashboard.Module) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
+			openfgaDataStore, err := openfgaserver.NewSQLStore(sqlstore)
+			if err != nil {
+				return nil, err
+			}
+
+			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore), nil
 		},
 		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing) dashboard.Module {
 			return impldashboard.NewModule(impldashboard.NewStore(store), settings, analytics, orgGetter, queryParser)
@@ -86,42 +106,51 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		func(_ licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return noopgateway.NewProviderFactory()
 		},
+		func(_ licensing.Licensing) factory.NamedMap[factory.ProviderFactory[auditor.Auditor, auditor.Config]] {
+			return signoz.NewAuditorProviderFactories()
+		},
 		func(ps factory.ProviderSettings, q querier.Querier, a analytics.Analytics) querier.Handler {
 			return querier.NewHandler(ps, q, a)
 		},
+		func(_ sqlstore.SQLStore, _ global.Global, _ zeus.Zeus, _ gateway.Gateway, _ licensing.Licensing, _ serviceaccount.Module, _ cloudintegration.Config) (cloudintegration.Module, error) {
+			return implcloudintegration.NewModule(), nil
+		},
+		func(c cache.Cache, am alertmanager.Alertmanager, ss sqlstore.SQLStore, ts telemetrystore.TelemetryStore, ms telemetrytypes.MetadataStore, p prometheus.Prometheus, og organization.Getter, rsh rulestatehistory.Module, q querier.Querier, qp queryparser.QueryParser) factory.NamedMap[factory.ProviderFactory[ruler.Ruler, ruler.Config]] {
+			return factory.MustNewNamedMap(signozruler.NewFactory(c, am, ss, ts, ms, p, og, rsh, q, qp, nil, nil))
+		},
 	)
 	if err != nil {
-		logger.ErrorContext(ctx, "failed to create signoz", "error", err)
+		logger.ErrorContext(ctx, "failed to create signoz", errors.Attr(err))
 		return err
 	}
 
 	server, err := app.NewServer(config, signoz)
 	if err != nil {
-		logger.ErrorContext(ctx, "failed to create server", "error", err)
+		logger.ErrorContext(ctx, "failed to create server", errors.Attr(err))
 		return err
 	}
 
 	if err := server.Start(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start server", "error", err)
+		logger.ErrorContext(ctx, "failed to start server", errors.Attr(err))
 		return err
 	}
 
 	signoz.Start(ctx)
 
 	if err := signoz.Wait(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start signoz", "error", err)
+		logger.ErrorContext(ctx, "failed to start signoz", errors.Attr(err))
 		return err
 	}
 
 	err = server.Stop(ctx)
 	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop server", "error", err)
+		logger.ErrorContext(ctx, "failed to stop server", errors.Attr(err))
 		return err
 	}
 
 	err = signoz.Stop(ctx)
 	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop signoz", "error", err)
+		logger.ErrorContext(ctx, "failed to stop signoz", errors.Attr(err))
 		return err
 	}
 

cmd/config.go

@@ -10,18 +10,23 @@ import (
 	"github.com/SigNoz/signoz/pkg/signoz"
 )
 
-func NewSigNozConfig(ctx context.Context, logger *slog.Logger, flags signoz.DeprecatedFlags) (signoz.Config, error) {
+func NewSigNozConfig(ctx context.Context, logger *slog.Logger, configFiles []string) (signoz.Config, error) {
+	uris := make([]string, 0, len(configFiles)+1)
+	for _, f := range configFiles {
+		uris = append(uris, "file:"+f)
+	}
+	uris = append(uris, "env:")
+
 	config, err := signoz.NewConfig(
 		ctx,
 		logger,
 		config.ResolverConfig{
-			Uris: []string{"env:"},
+			Uris: uris,
 			ProviderFactories: []config.ProviderFactory{
 				envprovider.NewFactory(),
 				fileprovider.NewFactory(),
 			},
 		},
-		flags,
 	)
 	if err != nil {
 		return signoz.Config{}, err

cmd/config_test.go

@@ -0,0 +1,86 @@
+package cmd
+
+import (
+	"context"
+	"log/slog"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewSigNozConfig_NoConfigFiles(t *testing.T) {
+	logger := slog.New(slog.DiscardHandler)
+	config, err := NewSigNozConfig(context.Background(), logger, nil)
+	require.NoError(t, err)
+	assert.NotZero(t, config)
+}
+
+func TestNewSigNozConfig_SingleConfigFile(t *testing.T) {
+	dir := t.TempDir()
+	configPath := filepath.Join(dir, "config.yaml")
+	err := os.WriteFile(configPath, []byte(`
+cache:
+  provider: "redis"
+`), 0644)
+	require.NoError(t, err)
+
+	logger := slog.New(slog.DiscardHandler)
+	config, err := NewSigNozConfig(context.Background(), logger, []string{configPath})
+	require.NoError(t, err)
+	assert.Equal(t, "redis", config.Cache.Provider)
+}
+
+func TestNewSigNozConfig_MultipleConfigFiles_LaterOverridesEarlier(t *testing.T) {
+	dir := t.TempDir()
+
+	basePath := filepath.Join(dir, "base.yaml")
+	err := os.WriteFile(basePath, []byte(`
+cache:
+  provider: "memory"
+sqlstore:
+  provider: "sqlite"
+`), 0644)
+	require.NoError(t, err)
+
+	overridePath := filepath.Join(dir, "override.yaml")
+	err = os.WriteFile(overridePath, []byte(`
+cache:
+  provider: "redis"
+`), 0644)
+	require.NoError(t, err)
+
+	logger := slog.New(slog.DiscardHandler)
+	config, err := NewSigNozConfig(context.Background(), logger, []string{basePath, overridePath})
+	require.NoError(t, err)
+	// Later file overrides earlier
+	assert.Equal(t, "redis", config.Cache.Provider)
+	// Value from base file that wasn't overridden persists
+	assert.Equal(t, "sqlite", config.SQLStore.Provider)
+}
+
+func TestNewSigNozConfig_EnvOverridesConfigFile(t *testing.T) {
+	dir := t.TempDir()
+	configPath := filepath.Join(dir, "config.yaml")
+	err := os.WriteFile(configPath, []byte(`
+cache:
+  provider: "fromfile"
+`), 0644)
+	require.NoError(t, err)
+
+	t.Setenv("SIGNOZ_CACHE_PROVIDER", "fromenv")
+
+	logger := slog.New(slog.DiscardHandler)
+	config, err := NewSigNozConfig(context.Background(), logger, []string{configPath})
+	require.NoError(t, err)
+	// Env should override file
+	assert.Equal(t, "fromenv", config.Cache.Provider)
+}
+
+func TestNewSigNozConfig_NonexistentFile(t *testing.T) {
+	logger := slog.New(slog.DiscardHandler)
+	_, err := NewSigNozConfig(context.Background(), logger, []string{"/nonexistent/config.yaml"})
+	assert.Error(t, err)
+}

cmd/enterprise/server.go

@@ -5,52 +5,72 @@ import (
 	"log/slog"
 	"time"
 
+	"github.com/spf13/cobra"
+
 	"github.com/SigNoz/signoz/cmd"
+	"github.com/SigNoz/signoz/ee/auditor/otlphttpauditor"
 	"github.com/SigNoz/signoz/ee/authn/callbackauthn/oidccallbackauthn"
 	"github.com/SigNoz/signoz/ee/authn/callbackauthn/samlcallbackauthn"
 	"github.com/SigNoz/signoz/ee/authz/openfgaauthz"
 	"github.com/SigNoz/signoz/ee/authz/openfgaschema"
+	"github.com/SigNoz/signoz/ee/authz/openfgaserver"
 	"github.com/SigNoz/signoz/ee/gateway/httpgateway"
 	enterpriselicensing "github.com/SigNoz/signoz/ee/licensing"
 	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
+	"github.com/SigNoz/signoz/ee/modules/cloudintegration/implcloudintegration"
+	"github.com/SigNoz/signoz/ee/modules/cloudintegration/implcloudintegration/implcloudprovider"
 	"github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard"
 	eequerier "github.com/SigNoz/signoz/ee/querier"
 	enterpriseapp "github.com/SigNoz/signoz/ee/query-service/app"
+	eerules "github.com/SigNoz/signoz/ee/query-service/rules"
 	"github.com/SigNoz/signoz/ee/sqlschema/postgressqlschema"
 	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
 	enterprisezeus "github.com/SigNoz/signoz/ee/zeus"
 	"github.com/SigNoz/signoz/ee/zeus/httpzeus"
+	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/analytics"
+	"github.com/SigNoz/signoz/pkg/auditor"
 	"github.com/SigNoz/signoz/pkg/authn"
 	"github.com/SigNoz/signoz/pkg/authz"
+	"github.com/SigNoz/signoz/pkg/cache"
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/gateway"
+	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	pkgcloudintegration "github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
+	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
+	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
+	"github.com/SigNoz/signoz/pkg/ruler"
+	"github.com/SigNoz/signoz/pkg/ruler/signozruler"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/sqlschema"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
+	"github.com/SigNoz/signoz/pkg/telemetrystore"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/SigNoz/signoz/pkg/zeus"
-	"github.com/spf13/cobra"
 )
 
 func registerServer(parentCmd *cobra.Command, logger *slog.Logger) {
-	var flags signoz.DeprecatedFlags
+	var configFiles []string
 
 	serverCmd := &cobra.Command{
 		Use:                "server",
 		Short:              "Run the SigNoz server",
 		FParseErrWhitelist: cobra.FParseErrWhitelist{UnknownFlags: true},
 		RunE: func(currCmd *cobra.Command, args []string) error {
-			config, err := cmd.NewSigNozConfig(currCmd.Context(), logger, flags)
+			config, err := cmd.NewSigNozConfig(currCmd.Context(), logger, configFiles)
 			if err != nil {
 				return err
 			}
@@ -59,7 +79,7 @@ func registerServer(parentCmd *cobra.Command, logger *slog.Logger) {
 		},
 	}
 
-	flags.RegisterFlags(serverCmd)
+	serverCmd.Flags().StringArrayVar(&configFiles, "config", nil, "path to a YAML configuration file (can be specified multiple times, later files override earlier ones)")
 	parentCmd.AddCommand(serverCmd)
 }
 
@@ -70,7 +90,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 	// add enterprise sqlstore factories to the community sqlstore factories
 	sqlstoreFactories := signoz.NewSQLStoreProviderFactories()
 	if err := sqlstoreFactories.Add(postgressqlstore.NewFactory(sqlstorehook.NewLoggingFactory(), sqlstorehook.NewInstrumentationFactory())); err != nil {
-		logger.ErrorContext(ctx, "failed to add postgressqlstore factory", "error", err)
+		logger.ErrorContext(ctx, "failed to add postgressqlstore factory", errors.Attr(err))
 		return err
 	}
 
@@ -85,7 +105,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		},
 		signoz.NewEmailingProviderFactories(),
 		signoz.NewCacheProviderFactories(),
-		signoz.NewWebProviderFactories(),
+		signoz.NewWebProviderFactories(config.Global),
 		func(sqlstore sqlstore.SQLStore) factory.NamedMap[factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config]] {
 			existingFactories := signoz.NewSQLSchemaProviderFactories(sqlstore)
 			if err := existingFactories.Add(postgressqlschema.NewFactory(sqlstore)); err != nil {
@@ -96,7 +116,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		},
 		sqlstoreFactories,
 		signoz.NewTelemetryStoreProviderFactories(),
-		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing, userGetter user.Getter) (map[authtypes.AuthNProvider]authn.AuthN, error) {
+		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
 			samlCallbackAuthN, err := samlcallbackauthn.New(ctx, store, licensing)
 			if err != nil {
 				return nil, err
@@ -107,7 +127,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 				return nil, err
 			}
 
-			authNs, err := signoz.NewAuthNs(ctx, providerSettings, store, licensing, userGetter)
+			authNs, err := signoz.NewAuthNs(ctx, providerSettings, store, licensing)
 			if err != nil {
 				return nil, err
 			}
@@ -117,8 +137,12 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 
 			return authNs, nil
 		},
-		func(ctx context.Context, sqlstore sqlstore.SQLStore, licensing licensing.Licensing, dashboardModule dashboard.Module) factory.ProviderFactory[authz.AuthZ, authz.Config] {
-			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), licensing, dashboardModule)
+		func(ctx context.Context, sqlstore sqlstore.SQLStore, licensing licensing.Licensing, dashboardModule dashboard.Module) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
+			openfgaDataStore, err := openfgaserver.NewSQLStore(sqlstore)
+			if err != nil {
+				return nil, err
+			}
+			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, licensing, dashboardModule), nil
 		},
 		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
 			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), settings, analytics, orgGetter, queryParser, querier, licensing)
@@ -126,44 +150,67 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		func(licensing licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return httpgateway.NewProviderFactory(licensing)
 		},
+		func(licensing licensing.Licensing) factory.NamedMap[factory.ProviderFactory[auditor.Auditor, auditor.Config]] {
+			factories := signoz.NewAuditorProviderFactories()
+			if err := factories.Add(otlphttpauditor.NewFactory(licensing, version.Info)); err != nil {
+				panic(err)
+			}
+			return factories
+		},
 		func(ps factory.ProviderSettings, q querier.Querier, a analytics.Analytics) querier.Handler {
 			communityHandler := querier.NewHandler(ps, q, a)
 			return eequerier.NewHandler(ps, q, communityHandler)
 		},
-	)
+		func(sqlStore sqlstore.SQLStore, global global.Global, zeus zeus.Zeus, gateway gateway.Gateway, licensing licensing.Licensing, serviceAccount serviceaccount.Module, config cloudintegration.Config) (cloudintegration.Module, error) {
+			defStore := pkgcloudintegration.NewServiceDefinitionStore()
+			awsCloudProviderModule, err := implcloudprovider.NewAWSCloudProvider(defStore)
+			if err != nil {
+				return nil, err
+			}
+			azureCloudProviderModule := implcloudprovider.NewAzureCloudProvider()
+			cloudProvidersMap := map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProviderModule{
+				cloudintegrationtypes.CloudProviderTypeAWS:   awsCloudProviderModule,
+				cloudintegrationtypes.CloudProviderTypeAzure: azureCloudProviderModule,
+			}
 
+			return implcloudintegration.NewModule(pkgcloudintegration.NewStore(sqlStore), global, zeus, gateway, licensing, serviceAccount, cloudProvidersMap, config)
+		},
+		func(c cache.Cache, am alertmanager.Alertmanager, ss sqlstore.SQLStore, ts telemetrystore.TelemetryStore, ms telemetrytypes.MetadataStore, p prometheus.Prometheus, og organization.Getter, rsh rulestatehistory.Module, q querier.Querier, qp queryparser.QueryParser) factory.NamedMap[factory.ProviderFactory[ruler.Ruler, ruler.Config]] {
+			return factory.MustNewNamedMap(signozruler.NewFactory(c, am, ss, ts, ms, p, og, rsh, q, qp, eerules.PrepareTaskFunc, eerules.TestNotification))
+		},
+	)
 	if err != nil {
-		logger.ErrorContext(ctx, "failed to create signoz", "error", err)
+		logger.ErrorContext(ctx, "failed to create signoz", errors.Attr(err))
 		return err
 	}
 
 	server, err := enterpriseapp.NewServer(config, signoz)
 	if err != nil {
-		logger.ErrorContext(ctx, "failed to create server", "error", err)
+		logger.ErrorContext(ctx, "failed to create server", errors.Attr(err))
 		return err
 	}
 
 	if err := server.Start(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start server", "error", err)
+		logger.ErrorContext(ctx, "failed to start server", errors.Attr(err))
 		return err
 	}
 
 	signoz.Start(ctx)
 
 	if err := signoz.Wait(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start signoz", "error", err)
+		logger.ErrorContext(ctx, "failed to start signoz", errors.Attr(err))
 		return err
 	}
 
 	err = server.Stop(ctx)
 	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop server", "error", err)
+		logger.ErrorContext(ctx, "failed to stop server", errors.Attr(err))
 		return err
 	}
 
 	err = signoz.Stop(ctx)
 	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop signoz", "error", err)
+		logger.ErrorContext(ctx, "failed to stop signoz", errors.Attr(err))
 		return err
 	}
 

cmd/root.go

@@ -4,8 +4,10 @@ import (
 	"log/slog"
 	"os"
 
-	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/spf13/cobra"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/version"
 )
 
 var RootCmd = &cobra.Command{
@@ -20,7 +22,7 @@ var RootCmd = &cobra.Command{
 func Execute(logger *slog.Logger) {
 	err := RootCmd.Execute()
 	if err != nil {
-		logger.ErrorContext(RootCmd.Context(), "error running command", "error", err)
+		logger.ErrorContext(RootCmd.Context(), "error running command", errors.Attr(err))
 		os.Exit(1)
 	}
 }

conf/cache-config.yml

@@ -1,4 +0,0 @@
-provider: "inmemory"
-inmemory:
-  ttl: 60m
-  cleanupInterval: 10m

conf/example.yaml

@@ -6,6 +6,8 @@
 ##################### Global #####################
 global:
   # the url under which the signoz apiserver is externally reachable.
+  # the path component (e.g. /signoz in https://example.com/signoz) is used
+  # as the base path for all HTTP routes (both API and web frontend).
   external_url: <unset>
   # the url where the SigNoz backend receives telemetry data (traces, metrics, logs) from instrumented applications.
   ingestion_url: <unset>
@@ -39,12 +41,19 @@ instrumentation:
             host: "0.0.0.0"
             port: 9090
 
+##################### PProf #####################
+pprof:
+  # Whether to enable the pprof server.
+  enabled: true
+  # The address on which the pprof server listens.
+  address: 0.0.0.0:6060
+
 ##################### Web #####################
 web:
   # Whether to enable the web frontend
   enabled: true
-  # The prefix to serve web on
-  prefix: /
+  # The index file to use as the SPA entrypoint.
+  index: index.html
   # The directory containing the static build files.
   directory: /etc/signoz/web
 
@@ -75,13 +84,18 @@ sqlstore:
   provider: sqlite
   # The maximum number of open connections to the database.
   max_open_conns: 100
+  # The maximum amount of time a connection may be reused.
+  # If max_conn_lifetime == 0, connections are not closed due to a connection's age.
+  max_conn_lifetime: 0
   sqlite:
     # The path to the SQLite database file.
     path: /var/lib/signoz/signoz.db
-    # Mode is the mode to use for the sqlite database.
-    mode: delete
-    # BusyTimeout is the timeout for the sqlite database to wait for a lock.
+    # The journal mode for the sqlite database. Supported values: delete, wal.
+    mode: wal
+    # The timeout for the sqlite database to wait for a lock.
     busy_timeout: 10s
+    # The default transaction locking behavior. Supported values: deferred, immediate, exclusive.
+    transaction_mode: deferred
 
 ##################### APIServer #####################
 apiserver:
@@ -137,6 +151,8 @@ telemetrystore:
 
 ##################### Prometheus #####################
 prometheus:
+  # The maximum time a PromQL query is allowed to run before being aborted.
+  timeout: 2m
   active_query_tracker:
     # Whether to enable the active query tracker.
     enabled: true
@@ -308,6 +324,9 @@ user:
       allow_self: true
       # The duration within which a user can reset their password.
       max_token_lifetime: 6h
+    invite:
+      # The duration within which a user can accept their invite.
+      max_token_lifetime: 48h
   root:
     # Whether to enable the root user. When enabled, a root user is provisioned
     # on startup using the email and password below. The root user cannot be
@@ -321,3 +340,70 @@ user:
     org:
       name: default
       id: 00000000-0000-0000-0000-000000000000
+
+##################### IdentN #####################
+identn:
+  tokenizer:
+    # toggle tokenizer identN
+    enabled: true
+    # headers to use for tokenizer identN resolver
+    headers:
+      - Authorization
+      - Sec-WebSocket-Protocol
+  apikey:
+    # toggle apikey identN
+    enabled: true
+    # headers to use for apikey identN resolver
+    headers:
+      - SIGNOZ-API-KEY
+  impersonation:
+    # toggle impersonation identN, when enabled, all requests will impersonate the root user
+    enabled: false
+
+##################### Service Account #####################
+serviceaccount:
+  email:
+    # email domain for the service account principal
+    domain: signozserviceaccount.com
+
+  analytics:
+    # toggle service account analytics
+    enabled: true
+
+##################### Auditor #####################
+auditor:
+  # Specifies the auditor provider to use.
+  # noop: discards all audit events (community default).
+  # otlphttp: exports audit events via OTLP HTTP (enterprise).
+  provider: noop
+  # The async channel capacity for audit events. Events are dropped when full (fail-open).
+  buffer_size: 1000
+  # The maximum number of events per export batch.
+  batch_size: 100
+  # The maximum time between export flushes.
+  flush_interval: 1s
+  otlphttp:
+    # The target scheme://host:port/path of the OTLP HTTP endpoint.
+    endpoint: http://localhost:4318/v1/logs
+    # Whether to use HTTP instead of HTTPS.
+    insecure: false
+    # The maximum duration for an export attempt.
+    timeout: 10s
+    # Additional HTTP headers sent with every export request.
+    headers: {}
+    retry:
+      # Whether to retry on transient failures.
+      enabled: true
+      # The initial wait time before the first retry.
+      initial_interval: 5s
+      # The upper bound on backoff interval.
+      max_interval: 30s
+      # The total maximum time spent retrying.
+      max_elapsed_time: 60s
+
+##################### Cloud Integration #####################
+cloudintegration:
+  # cloud integration agent configuration
+  agent:
+    # The version of the cloud integration agent.
+    version: v0.0.8

conf/prometheus.yml

@@ -1,25 +0,0 @@
-# my global config
-global:
-  scrape_interval:     5s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
-  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
-  # scrape_timeout is set to the global default (10s).
-
-# Alertmanager configuration
-alerting:
-  alertmanagers:
-  - static_configs:
-    - targets:
-      - 127.0.0.1:9093
-
-# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
-rule_files:
-  # - "first_rules.yml"
-  # - "second_rules.yml"
-  - 'alerts.yml'
-
-# A scrape configuration containing exactly one endpoint to scrape:
-# Here it's Prometheus itself.
-scrape_configs: []
-
-remote_read:
-  - url: tcp://localhost:9000/signoz_metrics

deploy/docker-swarm/docker-compose.ha.yaml

@@ -190,7 +190,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.115.0
+    image: signoz/signoz:v0.119.0
     ports:
       - "8080:8080" # signoz port
     #   - "6060:6060"     # pprof port

deploy/docker-swarm/docker-compose.yaml

@@ -117,7 +117,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.115.0
+    image: signoz/signoz:v0.119.0
     ports:
       - "8080:8080" # signoz port
     volumes:

deploy/docker/docker-compose.ha.yaml

@@ -181,7 +181,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.115.0}
+    image: signoz/signoz:${VERSION:-v0.119.0}
     container_name: signoz
     ports:
       - "8080:8080" # signoz port

deploy/docker/docker-compose.yaml

@@ -109,7 +109,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.115.0}
+    image: signoz/signoz:${VERSION:-v0.119.0}
     container_name: signoz
     ports:
       - "8080:8080" # signoz port

docs/contributing/go/handler.md

@@ -123,6 +123,7 @@ if err := router.Handle("/api/v1/things", handler.New(
         Description:         "This endpoint creates a thing",
         Request:             new(types.PostableThing),
         RequestContentType:  "application/json",
+        RequestQuery:        new(types.QueryableThing),
         Response:            new(types.GettableThing),
         ResponseContentType: "application/json",
         SuccessStatusCode:   http.StatusCreated,
@@ -155,6 +156,8 @@ The `handler.New` function ties the HTTP handler to OpenAPI metadata via `OpenAP
 - **Request / RequestContentType**:
   - `Request` is a Go type that describes the request body or form.
   - `RequestContentType` is usually `"application/json"` or `"application/x-www-form-urlencoded"` (for callbacks like SAML).
+- **RequestQuery**:
+  - `RequestQuery` is a Go type that descirbes query url params.
 - **RequestExamples**: An array of `handler.OpenAPIExample` that provide concrete request payloads in the generated spec. See [Adding request examples](#adding-request-examples) below.
 - **Response / ResponseContentType**:
   - `Response` is the Go type for the successful response payload.

docs/contributing/go/integration.md

@@ -193,6 +193,7 @@ uv run pytest --basetemp=./tmp/ -vv --reuse src/passwordauthn/01_register.py::te
 Tests can be configured using pytest options:
 
 - `--sqlstore-provider` - Choose database provider (default: postgres)
+- `--sqlite-mode` - SQLite journal mode: `delete` or `wal` (default: delete). Only relevant when `--sqlstore-provider=sqlite`.
 - `--postgres-version` - PostgreSQL version (default: 15)
 - `--clickhouse-version` - ClickHouse version (default: 25.5.6)
 - `--zookeeper-version` - Zookeeper version (default: 3.7.1)
@@ -202,7 +203,6 @@ Example:
 uv run pytest --basetemp=./tmp/ -vv --reuse --sqlstore-provider=postgres --postgres-version=14 src/auth/
 ```
 
-
 ## What should I remember?
 
 - **Always use the `--reuse` flag** when setting up the environment to keep containers running
@@ -213,3 +213,4 @@ uv run pytest --basetemp=./tmp/ -vv --reuse --sqlstore-provider=postgres --postg
 - **Use descriptive test names** that clearly indicate what is being tested
 - **Leverage fixtures** for common setup and authentication
 - **Test both success and failure scenarios** to ensure robust functionality
+- **`--sqlite-mode=wal` does not work on macOS.** The integration test environment runs SigNoz inside a Linux container with the SQLite database file mounted from the macOS host. WAL mode requires shared memory between connections, and connections crossing the VM boundary (macOS host ↔ Linux container) cannot share the WAL index, resulting in `SQLITE_IOERR_SHORT_READ`. WAL mode is tested in CI on Linux only.

docs/contributing/go/readme.md

@@ -20,3 +20,4 @@ We **recommend** (almost enforce) reviewing these guides before contributing to
 - [Packages](packages.md) - Naming, layout, and conventions for `pkg/` packages
 - [Service](service.md) - Managed service lifecycle with `factory.Service`
 - [SQL](sql.md) - Database and SQL patterns
+- [Types](types.md) - Domain types, request/response bodies, and storage rows in `pkg/types/`

docs/contributing/go/types.md

@@ -0,0 +1,152 @@
+# Types
+
+Domain types in `pkg/types/<domain>/` live on three serialization boundaries — inbound HTTP, outbound HTTP, and SQL — on top of an in-memory domain representation. SigNoz's convention is **core-type-first**: every domain defines a single canonical type `X`, and specialized flavors (`PostableX`, `GettableX`, `UpdatableX`, `StorableX`) are introduced **only when they actually differ from `X`**. This guide spells out when each flavor is warranted and how they relate to each other.
+
+Before reading, make sure you have read [abstractions.md](abstractions.md) — the rules here build on its guidance that every new type must earn its place.
+
+## The core type is required
+
+Every domain package in `pkg/types/<domain>/` defines exactly one core type `X`: `AuthDomain`, `Channel`, `Rule`, `Dashboard`, `Role`, `PlannedMaintenance`. This is the canonical in-memory representation of the domain object. Domain methods, validation invariants, and business logic hang off `X` — not off the flavor types.
+
+Two rules shape how the core type behaves:
+
+- **Conversions can be either `New<Output>From<Input>` or a receiver-style `(x *X) ToY()` method.** Either form is fine; pick whichever reads best at the call site:
+
+    ```go
+    // Constructor form
+    func NewGettableAuthDomainFromAuthDomain(d *AuthDomain, info *AuthNProviderInfo) *GettableAuthDomain
+
+    // Receiver form
+    func (m *PlannedMaintenanceWithRules) ToPlannedMaintenance() *PlannedMaintenance
+    ```
+- **`X` can double as the storage row** when the DB shape would be identical. `Channel` embeds `bun.BaseModel` directly, and there is no `StorableChannel`. This is the preferred shape when it works.
+
+Domain packages under `pkg/types/` must not import from other `pkg/` packages. Keep the core type's methods lightweight and push orchestration out to the module layer.
+
+## Add a flavor only when it differs
+
+For each of the four flavors, create it only if its shape diverges from `X`. If a flavor would have the same fields and tags as `X`, reuse `X` directly, or declare a type alias. Every flavor must earn its place per [abstractions.md](abstractions.md) rule 6 ("Wrappers must add semantics, not just rename").
+
+| Flavor       | Create it when it differs in…                                                                                                                                                                                                     |
+| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `PostableX`  | JSON shape differs from `X` — typically no `Id`, no audit fields, no server-computed fields. Often owns input validation via `Validate()` or a custom `UnmarshalJSON`.                                                            |
+| `GettableX`  | Response shape adds server-computed fields that are not persisted — e.g., `GettableAuthDomain` adds `AuthNProviderInfo`, which is resolved at read time.                                                                          |
+| `UpdatableX` | Only a strict subset of `PostableX` is replaceable on PUT. If the updatable shape equals `PostableX`, reuse `PostableX`.                                                                                                          |
+| `StorableX`  | DB row shape differs from `X` — usually `X` carries nested typed config while `StorableX` carries a flat `Data string` JSON column, plus bun tags, audit mixins, and an `OrgID`. If `X` already has those, skip the flavor.       |
+
+The failure mode this rule exists to prevent: minting all four flavors on reflex for every new resource, even when two or three are structurally identical. Each unnecessary flavor is another type contributors must understand and another conversion that can drift.
+
+## Worked examples
+
+### Channel — core type only
+
+```go
+type Channels         = []*Channel
+type GettableChannels = []*Channel
+
+type Channel struct {
+    bun.BaseModel `bun:"table:notification_channel"`
+    types.Identifiable
+    types.TimeAuditable
+    Name  string `json:"name"  required:"true" bun:"name"`
+    Type  string `json:"type"  required:"true" bun:"type"`
+    Data  string `json:"data"  required:"true" bun:"data"`
+    OrgID string `json:"orgId" required:"true" bun:"org_id"`
+}
+```
+
+`Channel` is both the domain type and the bun row. `GettableChannels` is a **type alias** because `*Channel` already serializes correctly as a response. There is no `StorableChannel`, `PostableChannel`, or `UpdatableChannel` — those would be identical to `Channel` and so do not exist. Prefer this shape when it works.
+
+### AuthDomain — all four flavors
+
+```go
+type AuthDomain struct {
+    storableAuthDomain *StorableAuthDomain
+    authDomainConfig   *AuthDomainConfig
+}
+
+type StorableAuthDomain struct {
+    bun.BaseModel `bun:"table:auth_domain"`
+    types.Identifiable
+    Name  string      `bun:"name"`
+    Data  string      `bun:"data"`  // AuthDomainConfig serialized as JSON
+    OrgID valuer.UUID `bun:"org_id"`
+    types.TimeAuditable
+}
+
+type PostableAuthDomain struct {
+    Config AuthDomainConfig `json:"config"`
+    Name   string           `json:"name"`
+}
+
+type UpdateableAuthDomain struct {
+    Config AuthDomainConfig `json:"config"` // Name intentionally absent
+}
+
+type GettableAuthDomain struct {
+    *StorableAuthDomain
+    *AuthDomainConfig
+    AuthNProviderInfo *AuthNProviderInfo `json:"authNProviderInfo"`
+}
+```
+
+Each flavor exists for a concrete reason:
+
+- `StorableAuthDomain` stores the typed config as an opaque `Data string` column, so the schema does not need to migrate every time a config field is added.
+- `PostableAuthDomain` carries the config as a structured object (not a string) for the request.
+- `UpdateableAuthDomain` excludes `Name` because a domain's name cannot change after creation.
+- `GettableAuthDomain` adds `AuthNProviderInfo`, which is derived at read time and never persisted.
+
+The core `AuthDomain` holds the two live halves — `storableAuthDomain` and `authDomainConfig` — and owns business methods such as `Update(config)`. Conversions use the `New<Output>From<Input>` form: `NewAuthDomainFromConfig`, `NewAuthDomainFromStorableAuthDomain`, `NewGettableAuthDomainFromAuthDomain`.
+
+## Conventions that tie the flavors together
+
+- **Conversions** use either a `New<Output>From<Input>` constructor — e.g. `NewChannelFromReceiver`, `NewGettableAuthDomainFromAuthDomain` — or a receiver-style `ToY()` method. Both forms coexist in the codebase; use whichever fits the call site.
+- **Validation belongs on the core type `X`.** Putting it on `X` means every write path — HTTP create, HTTP update, in-process migration, replay — runs the same checks. `Validate()` on `PostableX` is reserved for checks that are specific to the request shape and do not apply to `X`. `UnmarshalJSON` on `PostableX` is a separate tool that lives there because decoding only happens at the HTTP boundary — `PostableAuthDomain.UnmarshalJSON` rejecting a malformed domain name at decode time is the canonical example.
+
+    ```go
+    // Domain invariants: every write path re-runs these.
+    func (x *X) Validate() error { ... }
+
+    // Request-shape-only: checks that do not apply once the value is persisted.
+    func (p *PostableX) Validate() error { ... }
+    ```
+- **Type aliases, not wrappers**, when two shapes are identical. `type GettableChannels = []*Channel` is correct because it adds no semantics beyond the underlying type.
+- **Serialization tags** follow [handler.md](handler.md): `required:"true"` means the JSON key must be present, `nullable:"true"` is required on any slice or map that may serialize as `null`, and types with a fixed value set must implement `Enum() []any`.
+
+## A note on `UpdatableX` and `PatchableX`
+
+- `UpdatableX` — the body for PUT (full replace) when the shape is a strict subset of `PostableX`. If the updatable shape equals `PostableX`, reuse `PostableX`.
+- `PatchableX` — the body for PATCH (partial update); only the fields a client is allowed to patch. For example, `PatchableRole` carries a single `Description` field even though `Role` has many — clients may patch the description but not anything else.
+
+    ```go
+    type PatchableRole struct {
+        Description string `json:"description"`
+    }
+    ```
+
+Both are optional. Do not introduce them if `PostableX` already covers the case.
+
+## What to avoid
+
+- **Do not mint a flavor that mirrors the core type.** If `StorableX` would have the same fields as `X`, use `X` directly with `bun.BaseModel` embedded. `Channel` is the canonical example.
+- **Do not bolt domain methods onto `StorableX`.** Storage types are data carriers. Domain methods live on `X`.
+- **Do not invent new suffixes** (`Creatable`, `Fetchable`, `Savable`). The core type plus `Postable` / `Gettable` / `Updatable` / `Patchable` / `Storable` covers every case that exists today.
+- **Spelling — `Updatable`, not `Updateable`.** `Updateable` is a common typo. Prefer the shorter form when introducing new types, and rename any stragglers you come across.
+- **Spelling — `Storable`, not `Storeable`.** `Storeable` is a common typo. Prefer the shorter form when introducing new types, and rename any stragglers you come across.
+
+## What should I remember?
+
+- Every domain package defines the core type `X`. Only `X` is mandatory.
+- Add `PostableX` / `GettableX` / `UpdatableX` / `StorableX` one at a time, only when the shape actually diverges from `X`.
+- Domain logic lives on `X`, not on the flavor types.
+- Conversions can be a `New<Output>From<Input>` constructor or a receiver-style `ToY()` method — pick whichever reads best at the call site.
+- Use a type alias when two shapes are truly identical.
+- `pkg/types/<domain>/` must not import from other `pkg/` packages.
+
+## Further reading
+
+- [abstractions.md](abstractions.md) — when to introduce a new type at all.
+- [handler.md](handler.md) — struct tag rules at the HTTP boundary.
+- [packages.md](packages.md) — where types live under `pkg/types/`.
+- [sql.md](sql.md) — star-schema requirements for `StorableX`.

docs/contributing/onboarding.md

@@ -7,12 +7,12 @@ This guide explains how to add new data sources to the SigNoz onboarding flow. T
 The configuration is located at:
 
 ```
-frontend/src/container/OnboardingV2Container/onboarding-configs/onboarding-config-with-links.json
+frontend/src/container/OnboardingV2Container/onboarding-configs/onboarding-config-with-links.ts
 ```
 
-## JSON Structure Overview
+## Structure Overview
 
-The configuration file is a JSON array containing data source objects. Each object represents a selectable option in the onboarding flow.
+The configuration file exports a TypeScript array (`onboardingConfigWithLinks`) containing data source objects. Each object represents a selectable option in the onboarding flow. SVG logos are imported as ES modules at the top of the file.
 
 ## Data Source Object Keys
 
@@ -24,7 +24,7 @@ The configuration file is a JSON array containing data source objects. Each obje
 | `label` | `string` | Display name shown to users (e.g., `"AWS EC2"`) |
 | `tags` | `string[]` | Array of category tags for grouping (e.g., `["AWS"]`, `["database"]`) |
 | `module` | `string` | Destination module after onboarding completion |
-| `imgUrl` | `string` | Path to the logo/icon **(SVG required)** (e.g., `"/Logos/ec2.svg"`) |
+| `imgUrl` | `string` | Imported SVG URL **(SVG required)** (e.g., `import ec2Url from '@/assets/Logos/ec2.svg'`, then use `ec2Url`) |
 
 ### Optional Keys
 
@@ -57,36 +57,34 @@ The `module` key determines where users are redirected after completing onboardi
 
 The `question` object enables multi-step selection flows:
 
-```json
-{
-  "question": {
-    "desc": "What would you like to monitor?",
-    "type": "select",
-    "helpText": "Choose the telemetry type you want to collect.",
-    "helpLink": "/docs/azure-monitoring/overview/",
-    "helpLinkText": "Read the guide →",
-    "options": [
-        {
-            "key": "logging",
-            "label": "Logs",
-            "imgUrl": "/Logos/azure-vm.svg",
-            "link": "/docs/azure-monitoring/app-service/logging/"
-        },
-        {
-            "key": "metrics",
-            "label": "Metrics",
-            "imgUrl": "/Logos/azure-vm.svg",
-            "link": "/docs/azure-monitoring/app-service/metrics/"
-        },
-        {
-            "key": "tracing",
-            "label": "Traces",
-            "imgUrl": "/Logos/azure-vm.svg",
-            "link": "/docs/azure-monitoring/app-service/tracing/"
-        }
-    ]
-  }
-}
+```ts
+question: {
+  desc: 'What would you like to monitor?',
+  type: 'select',
+  helpText: 'Choose the telemetry type you want to collect.',
+  helpLink: '/docs/azure-monitoring/overview/',
+  helpLinkText: 'Read the guide →',
+  options: [
+    {
+      key: 'logging',
+      label: 'Logs',
+      imgUrl: azureVmUrl,
+      link: '/docs/azure-monitoring/app-service/logging/',
+    },
+    {
+      key: 'metrics',
+      label: 'Metrics',
+      imgUrl: azureVmUrl,
+      link: '/docs/azure-monitoring/app-service/metrics/',
+    },
+    {
+      key: 'tracing',
+      label: 'Traces',
+      imgUrl: azureVmUrl,
+      link: '/docs/azure-monitoring/app-service/tracing/',
+    },
+  ],
+},
 ```
 
 ### Question Keys
@@ -106,152 +104,161 @@ Options can be simple (direct link) or nested (with another question):
 
 ### Simple Option (Direct Link)
 
-```json
+```ts
 {
-  "key": "aws-ec2-logs",
-  "label": "Logs",
-  "imgUrl": "/Logos/ec2.svg",
-  "link": "/docs/userguide/collect_logs_from_file/"
-}
+  key: 'aws-ec2-logs',
+  label: 'Logs',
+  imgUrl: ec2Url,
+  link: '/docs/userguide/collect_logs_from_file/',
+},
 ```
 
 ### Option with Internal Redirect
 
-```json
+```ts
 {
-  "key": "aws-ec2-metrics-one-click",
-  "label": "One Click AWS",
-  "imgUrl": "/Logos/ec2.svg",
-  "link": "/integrations?integration=aws-integration&service=ec2",
-  "internalRedirect": true
-}
+  key: 'aws-ec2-metrics-one-click',
+  label: 'One Click AWS',
+  imgUrl: ec2Url,
+  link: '/integrations?integration=aws-integration&service=ec2',
+  internalRedirect: true,
+},
 ```
 
 > **Important**: Set `internalRedirect: true` only for internal app routes (like `/integrations?...`). Docs links should NOT have this flag.
 
 ### Nested Option (Multi-step Flow)
 
-```json
+```ts
 {
-  "key": "aws-ec2-metrics",
-  "label": "Metrics",
-  "imgUrl": "/Logos/ec2.svg",
-  "question": {
-    "desc": "How would you like to set up monitoring?",
-    "helpText": "Choose your setup method.",
-    "options": [...]
-  }
-}
+  key: 'aws-ec2-metrics',
+  label: 'Metrics',
+  imgUrl: ec2Url,
+  question: {
+    desc: 'How would you like to set up monitoring?',
+    helpText: 'Choose your setup method.',
+    options: [...],
+  },
+},
 ```
 
 ## Examples
 
 ### Simple Data Source (Direct Link)
 
-```json
+```ts
+import elbUrl from '@/assets/Logos/elb.svg';
+
+// inside the onboardingConfigWithLinks array:
 {
-  "dataSource": "aws-elb",
-  "label": "AWS ELB",
-  "tags": ["AWS"],
-  "module": "logs",
-  "relatedSearchKeywords": [
-    "aws",
-    "aws elb",
-    "elb logs",
-    "elastic load balancer"
+  dataSource: 'aws-elb',
+  label: 'AWS ELB',
+  tags: ['AWS'],
+  module: 'logs',
+  relatedSearchKeywords: [
+    'aws',
+    'aws elb',
+    'elb logs',
+    'elastic load balancer',
   ],
-  "imgUrl": "/Logos/elb.svg",
-  "link": "/docs/aws-monitoring/elb/"
-}
+  imgUrl: elbUrl,
+  link: '/docs/aws-monitoring/elb/',
+},
 ```
 
 ### Data Source with Single Question Level
 
-```json
+```ts
+import azureVmUrl from '@/assets/Logos/azure-vm.svg';
+
+// inside the onboardingConfigWithLinks array:
 {
-  "dataSource": "app-service",
-  "label": "App Service",
-  "imgUrl": "/Logos/azure-vm.svg",
-  "tags": ["Azure"],
-  "module": "apm",
-  "relatedSearchKeywords": ["azure", "app service"],
-  "question": {
-    "desc": "What telemetry data do you want to visualise?",
-    "type": "select",
-    "options": [
+  dataSource: 'app-service',
+  label: 'App Service',
+  imgUrl: azureVmUrl,
+  tags: ['Azure'],
+  module: 'apm',
+  relatedSearchKeywords: ['azure', 'app service'],
+  question: {
+    desc: 'What telemetry data do you want to visualise?',
+    type: 'select',
+    options: [
       {
-        "key": "logging",
-        "label": "Logs",
-        "imgUrl": "/Logos/azure-vm.svg",
-        "link": "/docs/azure-monitoring/app-service/logging/"
+        key: 'logging',
+        label: 'Logs',
+        imgUrl: azureVmUrl,
+        link: '/docs/azure-monitoring/app-service/logging/',
       },
       {
-        "key": "metrics",
-        "label": "Metrics",
-        "imgUrl": "/Logos/azure-vm.svg",
-        "link": "/docs/azure-monitoring/app-service/metrics/"
+        key: 'metrics',
+        label: 'Metrics',
+        imgUrl: azureVmUrl,
+        link: '/docs/azure-monitoring/app-service/metrics/',
       },
       {
-        "key": "tracing",
-        "label": "Traces",
-        "imgUrl": "/Logos/azure-vm.svg",
-        "link": "/docs/azure-monitoring/app-service/tracing/"
-      }
-    ]
-  }
-}
+        key: 'tracing',
+        label: 'Traces',
+        imgUrl: azureVmUrl,
+        link: '/docs/azure-monitoring/app-service/tracing/',
+      },
+    ],
+  },
+},
 ```
 
 ### Data Source with Nested Questions (2-3 Levels)
 
-```json
+```ts
+import ec2Url from '@/assets/Logos/ec2.svg';
+
+// inside the onboardingConfigWithLinks array:
 {
-  "dataSource": "aws-ec2",
-  "label": "AWS EC2",
-  "tags": ["AWS"],
-  "module": "logs",
-  "relatedSearchKeywords": ["aws", "aws ec2", "ec2 logs", "ec2 metrics"],
-  "imgUrl": "/Logos/ec2.svg",
-  "question": {
-    "desc": "What would you like to monitor for AWS EC2?",
-    "type": "select",
-    "helpText": "Choose the type of telemetry data you want to collect.",
-    "options": [
+  dataSource: 'aws-ec2',
+  label: 'AWS EC2',
+  tags: ['AWS'],
+  module: 'logs',
+  relatedSearchKeywords: ['aws', 'aws ec2', 'ec2 logs', 'ec2 metrics'],
+  imgUrl: ec2Url,
+  question: {
+    desc: 'What would you like to monitor for AWS EC2?',
+    type: 'select',
+    helpText: 'Choose the type of telemetry data you want to collect.',
+    options: [
       {
-        "key": "aws-ec2-logs",
-        "label": "Logs",
-        "imgUrl": "/Logos/ec2.svg",
-        "link": "/docs/userguide/collect_logs_from_file/"
+        key: 'aws-ec2-logs',
+        label: 'Logs',
+        imgUrl: ec2Url,
+        link: '/docs/userguide/collect_logs_from_file/',
       },
       {
-        "key": "aws-ec2-metrics",
-        "label": "Metrics",
-        "imgUrl": "/Logos/ec2.svg",
-        "question": {
-          "desc": "How would you like to set up EC2 Metrics monitoring?",
-          "helpText": "One Click uses AWS CloudWatch integration. Manual setup uses OpenTelemetry.",
-          "helpLink": "/docs/aws-monitoring/one-click-vs-manual/",
-          "helpLinkText": "Read the comparison guide →",
-          "options": [
+        key: 'aws-ec2-metrics',
+        label: 'Metrics',
+        imgUrl: ec2Url,
+        question: {
+          desc: 'How would you like to set up EC2 Metrics monitoring?',
+          helpText: 'One Click uses AWS CloudWatch integration. Manual setup uses OpenTelemetry.',
+          helpLink: '/docs/aws-monitoring/one-click-vs-manual/',
+          helpLinkText: 'Read the comparison guide →',
+          options: [
             {
-              "key": "aws-ec2-metrics-one-click",
-              "label": "One Click AWS",
-              "imgUrl": "/Logos/ec2.svg",
-              "link": "/integrations?integration=aws-integration&service=ec2",
-              "internalRedirect": true
+              key: 'aws-ec2-metrics-one-click',
+              label: 'One Click AWS',
+              imgUrl: ec2Url,
+              link: '/integrations?integration=aws-integration&service=ec2',
+              internalRedirect: true,
             },
             {
-              "key": "aws-ec2-metrics-manual",
-              "label": "Manual Setup",
-              "imgUrl": "/Logos/ec2.svg",
-              "link": "/docs/tutorial/opentelemetry-binary-usage-in-virtual-machine/"
-            }
-          ]
-        }
-      }
-    ]
-  }
-}
+              key: 'aws-ec2-metrics-manual',
+              label: 'Manual Setup',
+              imgUrl: ec2Url,
+              link: '/docs/tutorial/opentelemetry-binary-usage-in-virtual-machine/',
+            },
+          ],
+        },
+      },
+    ],
+  },
+},
 ```
 
 ## Best Practices
@@ -270,10 +277,16 @@ Options can be simple (direct link) or nested (with another question):
 
 ### 3. Logos
 
-- Place logo files in `public/Logos/`
+- Place logo files in `src/assets/Logos/`
 - Use SVG format
-- Reference as `"/Logos/your-logo.svg"`
-- **Optimize new SVGs**: Run any newly downloaded SVGs through an optimizer like [SVGOMG (svgo)](https://svgomg.net/) or use `npx svgo public/Logos/your-logo.svg` to minimise their size before committing.
+- Import the SVG at the top of the file and reference the imported variable:
+  ```ts
+  import myServiceUrl from '@/assets/Logos/my-service.svg';
+  // then in the config object:
+  imgUrl: myServiceUrl,
+  ```
+- **Fetching Icons**: New icons can be easily fetched from [OpenBrand](https://openbrand.sh/). Use the pattern `https://openbrand.sh/?url=<TARGET_URL>`, where `<TARGET_URL>` is the URL-encoded link to the service's website. For example, to get Render's logo, use [https://openbrand.sh/?url=https%3A%2F%2Frender.com](https://openbrand.sh/?url=https%3A%2F%2Frender.com).
+- **Optimize new SVGs**: Run any newly downloaded SVGs through an optimizer like [SVGOMG (svgo)](https://svgomg.net/) or use `npx svgo src/assets/Logos/your-logo.svg` to minimise their size before committing.
 
 ### 4. Links
 
@@ -289,8 +302,8 @@ Options can be simple (direct link) or nested (with another question):
 
 ## Adding a New Data Source
 
-1. Add your data source object to the JSON array
-2. Ensure the logo exists in `public/Logos/`
+1. Add the logo SVG to `src/assets/Logos/` and add a top-level import in the config file (e.g., `import myServiceUrl from '@/assets/Logos/my-service.svg'`)
+2. Add your data source object to the `onboardingConfigWithLinks` array, referencing the imported variable for `imgUrl`
 3. Test the flow locally with `yarn dev`
 4. Validation:
    - Navigate to the [onboarding page](http://localhost:3301/get-started-with-signoz-cloud) on your local machine

ee/anomaly/hourly.go

@@ -16,7 +16,7 @@ func (hp *HourlyProvider) GetBaseSeasonalProvider() *BaseSeasonalProvider {
 	return &hp.BaseSeasonalProvider
 }
 
-// NewHourlyProvider now uses the generic option type
+// NewHourlyProvider now uses the generic option type.
 func NewHourlyProvider(opts ...GenericProviderOption[*HourlyProvider]) *HourlyProvider {
 	hp := &HourlyProvider{
 		BaseSeasonalProvider: BaseSeasonalProvider{},

ee/anomaly/params.go

@@ -32,7 +32,7 @@ func (s Seasonality) IsValid() bool {
 }
 
 type AnomaliesRequest struct {
-	Params      qbtypes.QueryRangeRequest
+	Params      *qbtypes.QueryRangeRequest
 	Seasonality Seasonality
 }
 
@@ -47,7 +47,7 @@ type AnomaliesResponse struct {
 //		              |                                  |
 //			(rounded value for past peiod)    +      (seasonal growth)
 //
-// score = abs(value - prediction) / stddev (current_season_query)
+// score = abs(value - prediction) / stddev (current_season_query).
 type anomalyQueryParams struct {
 	// CurrentPeriodQuery is the query range params for period user is looking at or eval window
 	// Example: (now-5m, now), (now-30m, now), (now-1h, now)
@@ -81,7 +81,7 @@ type anomalyQueryParams struct {
 	Past3SeasonQuery qbtypes.QueryRangeRequest
 }
 
-func prepareAnomalyQueryParams(req qbtypes.QueryRangeRequest, seasonality Seasonality) *anomalyQueryParams {
+func prepareAnomalyQueryParams(req *qbtypes.QueryRangeRequest, seasonality Seasonality) *anomalyQueryParams {
 	start := req.Start
 	end := req.End
 

ee/anomaly/seasonal.go

@@ -18,12 +18,12 @@ var (
 	movingAvgWindowSize = 7
 )
 
-// BaseProvider is an interface that includes common methods for all provider types
+// BaseProvider is an interface that includes common methods for all provider types.
 type BaseProvider interface {
 	GetBaseSeasonalProvider() *BaseSeasonalProvider
 }
 
-// GenericProviderOption is a generic type for provider options
+// GenericProviderOption is a generic type for provider options.
 type GenericProviderOption[T BaseProvider] func(T)
 
 func WithQuerier[T BaseProvider](querier querier.Querier) GenericProviderOption[T] {
@@ -74,37 +74,37 @@ func (p *BaseSeasonalProvider) getResults(ctx context.Context, orgID valuer.UUID
 		instrumentationtypes.CodeFunctionName: "getResults",
 	})
 	// TODO(srikanthccv): parallelize this?
-	p.logger.InfoContext(ctx, "fetching results for current period", "anomaly_current_period_query", params.CurrentPeriodQuery)
+	p.logger.InfoContext(ctx, "fetching results for current period", slog.Any("anomaly_current_period_query", params.CurrentPeriodQuery))
 	currentPeriodResults, err := p.querier.QueryRange(ctx, orgID, &params.CurrentPeriodQuery)
 	if err != nil {
 		return nil, err
 	}
 
-	p.logger.InfoContext(ctx, "fetching results for past period", "anomaly_past_period_query", params.PastPeriodQuery)
+	p.logger.InfoContext(ctx, "fetching results for past period", slog.Any("anomaly_past_period_query", params.PastPeriodQuery))
 	pastPeriodResults, err := p.querier.QueryRange(ctx, orgID, &params.PastPeriodQuery)
 	if err != nil {
 		return nil, err
 	}
 
-	p.logger.InfoContext(ctx, "fetching results for current season", "anomaly_current_season_query", params.CurrentSeasonQuery)
+	p.logger.InfoContext(ctx, "fetching results for current season", slog.Any("anomaly_current_season_query", params.CurrentSeasonQuery))
 	currentSeasonResults, err := p.querier.QueryRange(ctx, orgID, &params.CurrentSeasonQuery)
 	if err != nil {
 		return nil, err
 	}
 
-	p.logger.InfoContext(ctx, "fetching results for past season", "anomaly_past_season_query", params.PastSeasonQuery)
+	p.logger.InfoContext(ctx, "fetching results for past season", slog.Any("anomaly_past_season_query", params.PastSeasonQuery))
 	pastSeasonResults, err := p.querier.QueryRange(ctx, orgID, &params.PastSeasonQuery)
 	if err != nil {
 		return nil, err
 	}
 
-	p.logger.InfoContext(ctx, "fetching results for past 2 season", "anomaly_past_2season_query", params.Past2SeasonQuery)
+	p.logger.InfoContext(ctx, "fetching results for past 2 season", slog.Any("anomaly_past_2season_query", params.Past2SeasonQuery))
 	past2SeasonResults, err := p.querier.QueryRange(ctx, orgID, &params.Past2SeasonQuery)
 	if err != nil {
 		return nil, err
 	}
 
-	p.logger.InfoContext(ctx, "fetching results for past 3 season", "anomaly_past_3season_query", params.Past3SeasonQuery)
+	p.logger.InfoContext(ctx, "fetching results for past 3 season", slog.Any("anomaly_past_3season_query", params.Past3SeasonQuery))
 	past3SeasonResults, err := p.querier.QueryRange(ctx, orgID, &params.Past3SeasonQuery)
 	if err != nil {
 		return nil, err
@@ -121,7 +121,7 @@ func (p *BaseSeasonalProvider) getResults(ctx context.Context, orgID valuer.UUID
 }
 
 // getMatchingSeries gets the matching series from the query result
-// for the given series
+// for the given series.
 func (p *BaseSeasonalProvider) getMatchingSeries(_ context.Context, queryResult *qbtypes.TimeSeriesData, series *qbtypes.TimeSeries) *qbtypes.TimeSeries {
 	if queryResult == nil || len(queryResult.Aggregations) == 0 || len(queryResult.Aggregations[0].Series) == 0 {
 		return nil
@@ -155,13 +155,14 @@ func (p *BaseSeasonalProvider) getStdDev(series *qbtypes.TimeSeries) float64 {
 	avg := p.getAvg(series)
 	var sum float64
 	for _, smpl := range series.Values {
-		sum += math.Pow(smpl.Value-avg, 2)
+		d := smpl.Value - avg
+		sum += d * d
 	}
 	return math.Sqrt(sum / float64(len(series.Values)))
 }
 
 // getMovingAvg gets the moving average for the given series
-// for the given window size and start index
+// for the given window size and start index.
 func (p *BaseSeasonalProvider) getMovingAvg(series *qbtypes.TimeSeries, movingAvgWindowSize, startIdx int) float64 {
 	if series == nil || len(series.Values) == 0 {
 		return 0
@@ -212,17 +213,17 @@ func (p *BaseSeasonalProvider) getPredictedSeries(
 		if predictedValue < 0 {
 			// this should not happen (except when the data has extreme outliers)
 			// we will use the moving avg of the previous period series in this case
-			p.logger.WarnContext(ctx, "predicted value is less than 0 for series", "anomaly_predicted_value", predictedValue, "anomaly_labels", series.Labels)
+			p.logger.WarnContext(ctx, "predicted value is less than 0 for series", slog.Float64("anomaly_predicted_value", predictedValue), slog.Any("anomaly_labels", series.Labels))
 			predictedValue = p.getMovingAvg(prevSeries, movingAvgWindowSize, idx)
 		}
 
 		p.logger.DebugContext(ctx, "predicted value for series",
-			"anomaly_moving_avg", movingAvg,
-			"anomaly_avg", avg,
-			"anomaly_mean", mean,
-			"anomaly_labels", series.Labels,
-			"anomaly_predicted_value", predictedValue,
-			"anomaly_curr", curr.Value,
+			slog.Float64("anomaly_moving_avg", movingAvg),
+			slog.Float64("anomaly_avg", avg),
+			slog.Float64("anomaly_mean", mean),
+			slog.Any("anomaly_labels", series.Labels),
+			slog.Float64("anomaly_predicted_value", predictedValue),
+			slog.Float64("anomaly_curr", curr.Value),
 		)
 		predictedSeries.Values = append(predictedSeries.Values, &qbtypes.TimeSeriesValue{
 			Timestamp: curr.Timestamp,
@@ -236,7 +237,7 @@ func (p *BaseSeasonalProvider) getPredictedSeries(
 // getBounds gets the upper and lower bounds for the given series
 // for the given z score threshold
 // moving avg of the previous period series + z score threshold * std dev of the series
-// moving avg of the previous period series - z score threshold * std dev of the series
+// moving avg of the previous period series - z score threshold * std dev of the series.
 func (p *BaseSeasonalProvider) getBounds(
 	series, predictedSeries, weekSeries *qbtypes.TimeSeries,
 	zScoreThreshold float64,
@@ -269,7 +270,7 @@ func (p *BaseSeasonalProvider) getBounds(
 
 // getExpectedValue gets the expected value for the given series
 // for the given index
-// prevSeriesAvg + currentSeasonSeriesAvg - mean of past season series, past2 season series and past3 season series
+// prevSeriesAvg + currentSeasonSeriesAvg - mean of past season series, past2 season series and past3 season series.
 func (p *BaseSeasonalProvider) getExpectedValue(
 	_, prevSeries, currentSeasonSeries, pastSeasonSeries, past2SeasonSeries, past3SeasonSeries *qbtypes.TimeSeries, idx int,
 ) float64 {
@@ -283,7 +284,7 @@ func (p *BaseSeasonalProvider) getExpectedValue(
 
 // getScore gets the anomaly score for the given series
 // for the given index
-// (value - expectedValue) / std dev of the series
+// (value - expectedValue) / std dev of the series.
 func (p *BaseSeasonalProvider) getScore(
 	series, prevSeries, weekSeries, weekPrevSeries, past2SeasonSeries, past3SeasonSeries *qbtypes.TimeSeries, value float64, idx int,
 ) float64 {
@@ -296,7 +297,7 @@ func (p *BaseSeasonalProvider) getScore(
 
 // getAnomalyScores gets the anomaly scores for the given series
 // for the given index
-// (value - expectedValue) / std dev of the series
+// (value - expectedValue) / std dev of the series.
 func (p *BaseSeasonalProvider) getAnomalyScores(
 	series, prevSeries, currentSeasonSeries, pastSeasonSeries, past2SeasonSeries, past3SeasonSeries *qbtypes.TimeSeries,
 ) *qbtypes.TimeSeries {
@@ -412,7 +413,7 @@ func (p *BaseSeasonalProvider) getAnomalies(ctx context.Context, orgID valuer.UU
 			past3SeasonSeries := p.getMatchingSeries(ctx, past3SeasonResult, series)
 
 			stdDev := p.getStdDev(currentSeasonSeries)
-			p.logger.InfoContext(ctx, "calculated standard deviation for series", "anomaly_std_dev", stdDev, "anomaly_labels", series.Labels)
+			p.logger.InfoContext(ctx, "calculated standard deviation for series", slog.Float64("anomaly_std_dev", stdDev), slog.Any("anomaly_labels", series.Labels))
 
 			prevSeriesAvg := p.getAvg(pastPeriodSeries)
 			currentSeasonSeriesAvg := p.getAvg(currentSeasonSeries)
@@ -420,12 +421,12 @@ func (p *BaseSeasonalProvider) getAnomalies(ctx context.Context, orgID valuer.UU
 			past2SeasonSeriesAvg := p.getAvg(past2SeasonSeries)
 			past3SeasonSeriesAvg := p.getAvg(past3SeasonSeries)
 			p.logger.InfoContext(ctx, "calculated mean for series",
-				"anomaly_prev_series_avg", prevSeriesAvg,
-				"anomaly_current_season_series_avg", currentSeasonSeriesAvg,
-				"anomaly_past_season_series_avg", pastSeasonSeriesAvg,
-				"anomaly_past_2season_series_avg", past2SeasonSeriesAvg,
-				"anomaly_past_3season_series_avg", past3SeasonSeriesAvg,
-				"anomaly_labels", series.Labels,
+				slog.Float64("anomaly_prev_series_avg", prevSeriesAvg),
+				slog.Float64("anomaly_current_season_series_avg", currentSeasonSeriesAvg),
+				slog.Float64("anomaly_past_season_series_avg", pastSeasonSeriesAvg),
+				slog.Float64("anomaly_past_2season_series_avg", past2SeasonSeriesAvg),
+				slog.Float64("anomaly_past_3season_series_avg", past3SeasonSeriesAvg),
+				slog.Any("anomaly_labels", series.Labels),
 			)
 
 			predictedSeries := p.getPredictedSeries(

ee/auditor/otlphttpauditor/export.go

@@ -0,0 +1,143 @@
+package otlphttpauditor
+
+import (
+	"bytes"
+	"context"
+	"io"
+	"log/slog"
+	"net/http"
+
+	"github.com/SigNoz/signoz/pkg/auditor"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types/audittypes"
+	collogspb "go.opentelemetry.io/proto/otlp/collector/logs/v1"
+	"google.golang.org/protobuf/proto"
+
+	spb "google.golang.org/genproto/googleapis/rpc/status"
+)
+
+const (
+	maxHTTPResponseReadBytes int64  = 64 * 1024
+	protobufContentType      string = "application/x-protobuf"
+)
+
+func (provider *provider) export(ctx context.Context, events []audittypes.AuditEvent) error {
+	logs := audittypes.NewPLogsFromAuditEvents(events, "signoz", provider.build.Version(), "signoz.audit")
+
+	request, err := provider.marshaler.MarshalLogs(logs)
+	if err != nil {
+		return errors.Wrapf(err, errors.TypeInternal, auditor.ErrCodeAuditExportFailed, "failed to marshal audit logs")
+	}
+
+	if err := provider.send(ctx, request); err != nil {
+		provider.settings.Logger().ErrorContext(ctx, "audit export failed", errors.Attr(err), slog.Int("dropped_log_records", len(events)))
+		return err
+	}
+
+	return nil
+}
+
+// Posts a protobuf-encoded OTLP request to the configured endpoint.
+// Retries are handled by the underlying heimdall HTTP client.
+// Ref: https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/otlphttpexporter/otlp.go
+func (provider *provider) send(ctx context.Context, body []byte) error {
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, provider.config.OTLPHTTP.Endpoint.String(), bytes.NewReader(body))
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set("Content-Type", protobufContentType)
+
+	res, err := provider.httpClient.Do(req)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		_, _ = io.CopyN(io.Discard, res.Body, maxHTTPResponseReadBytes)
+		res.Body.Close()
+	}()
+
+	if res.StatusCode >= 200 && res.StatusCode <= 299 {
+		provider.onSuccess(ctx, res)
+		return nil
+	}
+
+	return provider.onErr(res)
+}
+
+// Ref: https://github.com/open-telemetry/opentelemetry-collector/blob/01b07fcbb7a253bd996c290dcae6166e71d13732/exporter/otlphttpexporter/otlp.go#L403.
+func (provider *provider) onSuccess(ctx context.Context, res *http.Response) {
+	resBytes, err := readResponseBody(res)
+	if err != nil || resBytes == nil {
+		return
+	}
+
+	exportResponse := &collogspb.ExportLogsServiceResponse{}
+	if err := proto.Unmarshal(resBytes, exportResponse); err != nil {
+		return
+	}
+
+	ps := exportResponse.GetPartialSuccess()
+	if ps == nil {
+		return
+	}
+
+	if ps.GetErrorMessage() != "" || ps.GetRejectedLogRecords() != 0 {
+		provider.settings.Logger().WarnContext(ctx, "partial success response", slog.String("message", ps.GetErrorMessage()), slog.Int64("dropped_log_records", ps.GetRejectedLogRecords()))
+	}
+}
+
+func (provider *provider) onErr(res *http.Response) error {
+	status := readResponseStatus(res)
+
+	if status != nil {
+		return errors.Newf(errors.TypeInternal, auditor.ErrCodeAuditExportFailed, "request to %s responded with status code %d, Message=%s, Details=%v", provider.config.OTLPHTTP.Endpoint.String(), res.StatusCode, status.Message, status.Details)
+	}
+
+	return errors.Newf(errors.TypeInternal, auditor.ErrCodeAuditExportFailed, "request to %s responded with status code %d", provider.config.OTLPHTTP.Endpoint.String(), res.StatusCode)
+}
+
+// Reads at most maxHTTPResponseReadBytes from the response body.
+// Ref: https://github.com/open-telemetry/opentelemetry-collector/blob/01b07fcbb7a253bd996c290dcae6166e71d13732/exporter/otlphttpexporter/otlp.go#L275.
+func readResponseBody(resp *http.Response) ([]byte, error) {
+	if resp.ContentLength == 0 {
+		return nil, nil
+	}
+
+	maxRead := resp.ContentLength
+	if maxRead == -1 || maxRead > maxHTTPResponseReadBytes {
+		maxRead = maxHTTPResponseReadBytes
+	}
+
+	protoBytes := make([]byte, maxRead)
+	n, err := io.ReadFull(resp.Body, protoBytes)
+	if n == 0 && (err == nil || errors.Is(err, io.EOF)) {
+		return nil, nil
+	}
+	if err != nil && !errors.Is(err, io.ErrUnexpectedEOF) {
+		return nil, err
+	}
+
+	return protoBytes[:n], nil
+}
+
+// Decodes a protobuf-encoded Status from 4xx/5xx response bodies. Returns nil if the response is empty or cannot be decoded.
+// Ref: https://github.com/open-telemetry/opentelemetry-collector/blob/01b07fcbb7a253bd996c290dcae6166e71d13732/exporter/otlphttpexporter/otlp.go#L310.
+func readResponseStatus(resp *http.Response) *spb.Status {
+	if resp.StatusCode < 400 || resp.StatusCode > 599 {
+		return nil
+	}
+
+	respBytes, err := readResponseBody(resp)
+	if err != nil || respBytes == nil {
+		return nil
+	}
+
+	respStatus := &spb.Status{}
+	if err := proto.Unmarshal(respBytes, respStatus); err != nil {
+		return nil
+	}
+
+	return respStatus
+}

ee/auditor/otlphttpauditor/provider.go

@@ -0,0 +1,97 @@
+package otlphttpauditor
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/auditor"
+	"github.com/SigNoz/signoz/pkg/auditor/auditorserver"
+	"github.com/SigNoz/signoz/pkg/factory"
+	client "github.com/SigNoz/signoz/pkg/http/client"
+	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/types/audittypes"
+	"github.com/SigNoz/signoz/pkg/version"
+	"go.opentelemetry.io/collector/pdata/plog"
+)
+
+var _ auditor.Auditor = (*provider)(nil)
+
+type provider struct {
+	settings   factory.ScopedProviderSettings
+	config     auditor.Config
+	licensing  licensing.Licensing
+	build      version.Build
+	server     *auditorserver.Server
+	marshaler  plog.ProtoMarshaler
+	httpClient *client.Client
+}
+
+func NewFactory(licensing licensing.Licensing, build version.Build) factory.ProviderFactory[auditor.Auditor, auditor.Config] {
+	return factory.NewProviderFactory(factory.MustNewName("otlphttp"), func(ctx context.Context, providerSettings factory.ProviderSettings, config auditor.Config) (auditor.Auditor, error) {
+		return newProvider(ctx, providerSettings, config, licensing, build)
+	})
+}
+
+func newProvider(_ context.Context, providerSettings factory.ProviderSettings, config auditor.Config, licensing licensing.Licensing, build version.Build) (auditor.Auditor, error) {
+	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/ee/auditor/otlphttpauditor")
+
+	httpClient, err := client.New(
+		settings.Logger(),
+		providerSettings.TracerProvider,
+		providerSettings.MeterProvider,
+		client.WithTimeout(config.OTLPHTTP.Timeout),
+		client.WithRetryCount(retryCountFromConfig(config.OTLPHTTP.Retry)),
+		retrierOption(config.OTLPHTTP.Retry),
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	provider := &provider{
+		settings:   settings,
+		config:     config,
+		licensing:  licensing,
+		build:      build,
+		marshaler:  plog.ProtoMarshaler{},
+		httpClient: httpClient,
+	}
+
+	server, err := auditorserver.New(settings,
+		auditorserver.Config{
+			BufferSize:    config.BufferSize,
+			BatchSize:     config.BatchSize,
+			FlushInterval: config.FlushInterval,
+		},
+		provider.export,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	provider.server = server
+	return provider, nil
+}
+
+func (provider *provider) Start(ctx context.Context) error {
+	return provider.server.Start(ctx)
+}
+
+func (provider *provider) Audit(ctx context.Context, event audittypes.AuditEvent) {
+	if event.PrincipalAttributes.PrincipalOrgID.IsZero() {
+		provider.settings.Logger().WarnContext(ctx, "audit event dropped as org_id is zero")
+		return
+	}
+
+	if _, err := provider.licensing.GetActive(ctx, event.PrincipalAttributes.PrincipalOrgID); err != nil {
+		return
+	}
+
+	provider.server.Add(ctx, event)
+}
+
+func (provider *provider) Healthy() <-chan struct{} {
+	return provider.server.Healthy()
+}
+
+func (provider *provider) Stop(ctx context.Context) error {
+	return provider.server.Stop(ctx)
+}

ee/auditor/otlphttpauditor/retrier.go

@@ -0,0 +1,52 @@
+package otlphttpauditor
+
+import (
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/auditor"
+	client "github.com/SigNoz/signoz/pkg/http/client"
+)
+
+// retrier implements client.Retriable with exponential backoff
+// derived from auditor.RetryConfig.
+type retrier struct {
+	initialInterval time.Duration
+	maxInterval     time.Duration
+}
+
+func newRetrier(cfg auditor.RetryConfig) *retrier {
+	return &retrier{
+		initialInterval: cfg.InitialInterval,
+		maxInterval:     cfg.MaxInterval,
+	}
+}
+
+// NextInterval returns the backoff duration for the given retry attempt.
+// Uses exponential backoff: initialInterval * 2^retry, capped at maxInterval.
+func (r *retrier) NextInterval(retry int) time.Duration {
+	interval := r.initialInterval
+	for range retry {
+		interval *= 2
+	}
+	return min(interval, r.maxInterval)
+}
+
+func retrierOption(cfg auditor.RetryConfig) client.Option {
+	return client.WithRetriable(newRetrier(cfg))
+}
+
+func retryCountFromConfig(cfg auditor.RetryConfig) int {
+	if !cfg.Enabled || cfg.MaxElapsedTime <= 0 {
+		return 0
+	}
+
+	count := 0
+	elapsed := time.Duration(0)
+	interval := cfg.InitialInterval
+	for elapsed < cfg.MaxElapsedTime {
+		elapsed += interval
+		interval = min(interval*2, cfg.MaxInterval)
+		count++
+	}
+	return count
+}

ee/authn/callbackauthn/oidccallbackauthn/authn.go

@@ -3,6 +3,7 @@ package oidccallbackauthn
 import (
 	"context"
 	"fmt"
+	"log/slog"
 	"net/url"
 
 	"github.com/SigNoz/signoz/pkg/authn"
@@ -150,7 +151,7 @@ func (a *AuthN) HandleCallback(ctx context.Context, query url.Values) (*authtype
 				// Some IDPs return a single group as a string instead of an array
 				groups = append(groups, g)
 			default:
-				a.settings.Logger().WarnContext(ctx, "oidc: unsupported groups type", "type", fmt.Sprintf("%T", claimValue))
+				a.settings.Logger().WarnContext(ctx, "oidc: unsupported groups type", slog.String("type", fmt.Sprintf("%T", claimValue)))
 			}
 		}
 	}

ee/authz/openfgaauthz/provider.go

@@ -16,6 +16,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/valuer"
 	openfgav1 "github.com/openfga/api/proto/openfga/v1"
 	openfgapkgtransformer "github.com/openfga/language/pkg/go/transformer"
+	"github.com/openfga/openfga/pkg/storage"
 )
 
 type provider struct {
@@ -26,14 +27,14 @@ type provider struct {
 	registry        []authz.RegisterTypeable
 }
 
-func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, licensing licensing.Licensing, registry ...authz.RegisterTypeable) factory.ProviderFactory[authz.AuthZ, authz.Config] {
+func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, registry ...authz.RegisterTypeable) factory.ProviderFactory[authz.AuthZ, authz.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("openfga"), func(ctx context.Context, ps factory.ProviderSettings, config authz.Config) (authz.AuthZ, error) {
-		return newOpenfgaProvider(ctx, ps, config, sqlstore, openfgaSchema, licensing, registry)
+		return newOpenfgaProvider(ctx, ps, config, sqlstore, openfgaSchema, openfgaDataStore, licensing, registry)
 	})
 }
 
-func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings, config authz.Config, sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, licensing licensing.Licensing, registry []authz.RegisterTypeable) (authz.AuthZ, error) {
-	pkgOpenfgaAuthzProvider := pkgopenfgaauthz.NewProviderFactory(sqlstore, openfgaSchema)
+func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings, config authz.Config, sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, registry []authz.RegisterTypeable) (authz.AuthZ, error) {
+	pkgOpenfgaAuthzProvider := pkgopenfgaauthz.NewProviderFactory(sqlstore, openfgaSchema, openfgaDataStore)
 	pkgAuthzService, err := pkgOpenfgaAuthzProvider.New(ctx, settings, config)
 	if err != nil {
 		return nil, err
@@ -57,6 +58,10 @@ func (provider *provider) Start(ctx context.Context) error {
 	return provider.openfgaServer.Start(ctx)
 }
 
+func (provider *provider) Healthy() <-chan struct{} {
+	return provider.openfgaServer.Healthy()
+}
+
 func (provider *provider) Stop(ctx context.Context) error {
 	return provider.openfgaServer.Stop(ctx)
 }

ee/authz/openfgaserver/server.go

@@ -16,7 +16,6 @@ type Server struct {
 }
 
 func NewOpenfgaServer(ctx context.Context, pkgAuthzService authz.AuthZ) (*Server, error) {
-
 	return &Server{
 		pkgAuthzService: pkgAuthzService,
 	}, nil
@@ -26,14 +25,31 @@ func (server *Server) Start(ctx context.Context) error {
 	return server.pkgAuthzService.Start(ctx)
 }
 
+func (server *Server) Healthy() <-chan struct{} {
+	return server.pkgAuthzService.Healthy()
+}
+
 func (server *Server) Stop(ctx context.Context) error {
 	return server.pkgAuthzService.Stop(ctx)
 }
 
 func (server *Server) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector, _ []authtypes.Selector) error {
-	subject, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
-	if err != nil {
-		return err
+	subject := ""
+	switch claims.Principal {
+	case authtypes.PrincipalUser:
+		user, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
+		if err != nil {
+			return err
+		}
+
+		subject = user
+	case authtypes.PrincipalServiceAccount:
+		serviceAccount, err := authtypes.NewSubject(authtypes.TypeableServiceAccount, claims.ServiceAccountID, orgID, nil)
+		if err != nil {
+			return err
+		}
+
+		subject = serviceAccount
 	}
 
 	tupleSlice, err := typeable.Tuples(subject, relation, selectors, orgID)

ee/authz/openfgaserver/sqlstore.go

@@ -0,0 +1,32 @@
+package openfgaserver
+
+import (
+	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/openfga/openfga/pkg/storage"
+	"github.com/openfga/openfga/pkg/storage/postgres"
+	"github.com/openfga/openfga/pkg/storage/sqlcommon"
+	"github.com/openfga/openfga/pkg/storage/sqlite"
+)
+
+func NewSQLStore(store sqlstore.SQLStore) (storage.OpenFGADatastore, error) {
+	switch store.BunDB().Dialect().Name().String() {
+	case "sqlite":
+		return sqlite.NewWithDB(store.SQLDB(), &sqlcommon.Config{
+			MaxTuplesPerWriteField: 100,
+			MaxTypesPerModelField:  100,
+		})
+	case "pg":
+		pgStore, ok := store.(postgressqlstore.Pooler)
+		if !ok {
+			panic(errors.New(errors.TypeInternal, errors.CodeInternal, "postgressqlstore should implement Pooler"))
+		}
+
+		return postgres.NewWithDB(pgStore.Pool(), nil, &sqlcommon.Config{
+			MaxTuplesPerWriteField: 100,
+			MaxTypesPerModelField:  100,
+		})
+	}
+	return nil, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid store type: %s", store.BunDB().Dialect().Name().String())
+}

ee/licensing/config.go

@@ -13,7 +13,7 @@ var (
 	once   sync.Once
 )
 
-// initializes the licensing configuration
+// Config initializes the licensing configuration.
 func Config(pollInterval time.Duration, failureThreshold int) licensing.Config {
 	once.Do(func() {
 		config = licensing.Config{PollInterval: pollInterval, FailureThreshold: failureThreshold}

ee/licensing/httplicensing/provider.go

@@ -3,8 +3,11 @@ package httplicensing
 import (
 	"context"
 	"encoding/json"
+	"log/slog"
 	"time"
 
+	"github.com/tidwall/gjson"
+
 	"github.com/SigNoz/signoz/ee/licensing/licensingstore/sqllicensingstore"
 	"github.com/SigNoz/signoz/pkg/analytics"
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -16,7 +19,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/types/licensetypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/SigNoz/signoz/pkg/zeus"
-	"github.com/tidwall/gjson"
 )
 
 type provider struct {
@@ -55,7 +57,7 @@ func (provider *provider) Start(ctx context.Context) error {
 
 	err := provider.Validate(ctx)
 	if err != nil {
-		provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", "error", err)
+		provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", errors.Attr(err))
 	}
 
 	for {
@@ -65,7 +67,7 @@ func (provider *provider) Start(ctx context.Context) error {
 		case <-tick.C:
 			err := provider.Validate(ctx)
 			if err != nil {
-				provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", "error", err)
+				provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", errors.Attr(err))
 			}
 		}
 	}
@@ -133,7 +135,7 @@ func (provider *provider) Refresh(ctx context.Context, organizationID valuer.UUI
 		if errors.Ast(err, errors.TypeNotFound) {
 			return nil
 		}
-		provider.settings.Logger().ErrorContext(ctx, "license validation failed", "org_id", organizationID.StringValue())
+		provider.settings.Logger().ErrorContext(ctx, "license validation failed", slog.String("org_id", organizationID.StringValue()))
 		return err
 	}
 
@@ -198,7 +200,10 @@ func (provider *provider) Checkout(ctx context.Context, organizationID valuer.UU
 
 	response, err := provider.zeus.GetCheckoutURL(ctx, activeLicense.Key, body)
 	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to generate checkout session")
+		if errors.Ast(err, errors.TypeAlreadyExists) {
+			return nil, errors.WithAdditionalf(err, "checkout has already been completed for this account. Please click 'Refresh Status' to sync your subscription")
+		}
+		return nil, err
 	}
 
 	return &licensetypes.GettableSubscription{RedirectURL: gjson.GetBytes(response, "url").String()}, nil
@@ -217,7 +222,7 @@ func (provider *provider) Portal(ctx context.Context, organizationID valuer.UUID
 
 	response, err := provider.zeus.GetPortalURL(ctx, activeLicense.Key, body)
 	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to generate portal session")
+		return nil, err
 	}
 
 	return &licensetypes.GettableSubscription{RedirectURL: gjson.GetBytes(response, "url").String()}, nil

ee/modules/cloudintegration/implcloudintegration/implcloudprovider/awscloudprovider.go

@@ -0,0 +1,132 @@
+package implcloudprovider
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"sort"
+
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+)
+
+type awscloudprovider struct {
+	serviceDefinitions cloudintegrationtypes.ServiceDefinitionStore
+}
+
+func NewAWSCloudProvider(defStore cloudintegrationtypes.ServiceDefinitionStore) (cloudintegration.CloudProviderModule, error) {
+	return &awscloudprovider{serviceDefinitions: defStore}, nil
+}
+
+func (provider *awscloudprovider) GetConnectionArtifact(ctx context.Context, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.GetConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	baseURL := fmt.Sprintf(cloudintegrationtypes.CloudFormationQuickCreateBaseURL.StringValue(), req.Config.Aws.DeploymentRegion)
+	u, _ := url.Parse(baseURL)
+
+	q := u.Query()
+	q.Set("region", req.Config.Aws.DeploymentRegion)
+	u.Fragment = "/stacks/quickcreate"
+
+	u.RawQuery = q.Encode()
+
+	q = u.Query()
+	q.Set("stackName", cloudintegrationtypes.AgentCloudFormationBaseStackName.StringValue())
+	q.Set("templateURL", fmt.Sprintf(cloudintegrationtypes.AgentCloudFormationTemplateS3Path.StringValue(), req.Config.AgentVersion))
+	q.Set("param_SigNozIntegrationAgentVersion", req.Config.AgentVersion)
+	q.Set("param_SigNozApiUrl", req.Credentials.SigNozAPIURL)
+	q.Set("param_SigNozApiKey", req.Credentials.SigNozAPIKey)
+	q.Set("param_SigNozAccountId", account.ID.StringValue())
+	q.Set("param_IngestionUrl", req.Credentials.IngestionURL)
+	q.Set("param_IngestionKey", req.Credentials.IngestionKey)
+
+	return &cloudintegrationtypes.ConnectionArtifact{
+		Aws: &cloudintegrationtypes.AWSConnectionArtifact{
+			ConnectionURL: u.String() + "?&" + q.Encode(), // this format is required by AWS
+		},
+	}, nil
+}
+
+func (provider *awscloudprovider) ListServiceDefinitions(ctx context.Context) ([]*cloudintegrationtypes.ServiceDefinition, error) {
+	return provider.serviceDefinitions.List(ctx, cloudintegrationtypes.CloudProviderTypeAWS)
+}
+
+func (provider *awscloudprovider) GetServiceDefinition(ctx context.Context, serviceID cloudintegrationtypes.ServiceID) (*cloudintegrationtypes.ServiceDefinition, error) {
+	serviceDef, err := provider.serviceDefinitions.Get(ctx, cloudintegrationtypes.CloudProviderTypeAWS, serviceID)
+	if err != nil {
+		return nil, err
+	}
+
+	// override cloud integration dashboard id
+	for index, dashboard := range serviceDef.Assets.Dashboards {
+		serviceDef.Assets.Dashboards[index].ID = cloudintegrationtypes.GetCloudIntegrationDashboardID(cloudintegrationtypes.CloudProviderTypeAWS, serviceID.StringValue(), dashboard.ID)
+	}
+
+	return serviceDef, nil
+}
+
+func (provider *awscloudprovider) BuildIntegrationConfig(
+	ctx context.Context,
+	account *cloudintegrationtypes.Account,
+	services []*cloudintegrationtypes.StorableCloudIntegrationService,
+) (*cloudintegrationtypes.ProviderIntegrationConfig, error) {
+	// Sort services for deterministic output
+	sort.Slice(services, func(i, j int) bool {
+		return services[i].Type.StringValue() < services[j].Type.StringValue()
+	})
+
+	compiledMetrics := new(cloudintegrationtypes.AWSMetricsCollectionStrategy)
+	compiledLogs := new(cloudintegrationtypes.AWSLogsCollectionStrategy)
+	var compiledS3Buckets map[string][]string
+
+	for _, storedSvc := range services {
+		svcCfg, err := cloudintegrationtypes.NewServiceConfigFromJSON(cloudintegrationtypes.CloudProviderTypeAWS, storedSvc.Config)
+		if err != nil {
+			return nil, err
+		}
+
+		svcDef, err := provider.GetServiceDefinition(ctx, storedSvc.Type)
+		if err != nil {
+			return nil, err
+		}
+
+		strategy := svcDef.TelemetryCollectionStrategy.AWS
+		logsEnabled := svcCfg.IsLogsEnabled(cloudintegrationtypes.CloudProviderTypeAWS)
+
+		// S3Sync: logs come directly from configured S3 buckets, not CloudWatch subscriptions
+		if storedSvc.Type == cloudintegrationtypes.AWSServiceS3Sync {
+			if logsEnabled && svcCfg.AWS.Logs.S3Buckets != nil {
+				compiledS3Buckets = svcCfg.AWS.Logs.S3Buckets
+			}
+			// no need to go ahead as the code block specifically checks for the S3Sync service
+			continue
+		}
+
+		if logsEnabled && strategy.Logs != nil {
+			compiledLogs.Subscriptions = append(compiledLogs.Subscriptions, strategy.Logs.Subscriptions...)
+		}
+
+		metricsEnabled := svcCfg.IsMetricsEnabled(cloudintegrationtypes.CloudProviderTypeAWS)
+
+		if metricsEnabled && strategy.Metrics != nil {
+			compiledMetrics.StreamFilters = append(compiledMetrics.StreamFilters, strategy.Metrics.StreamFilters...)
+		}
+	}
+
+	collectionStrategy := new(cloudintegrationtypes.AWSTelemetryCollectionStrategy)
+
+	if len(compiledMetrics.StreamFilters) > 0 {
+		collectionStrategy.Metrics = compiledMetrics
+	}
+	if len(compiledLogs.Subscriptions) > 0 {
+		collectionStrategy.Logs = compiledLogs
+	}
+	if compiledS3Buckets != nil {
+		collectionStrategy.S3Buckets = compiledS3Buckets
+	}
+
+	return &cloudintegrationtypes.ProviderIntegrationConfig{
+		AWS: &cloudintegrationtypes.AWSIntegrationConfig{
+			EnabledRegions:              account.Config.AWS.Regions,
+			TelemetryCollectionStrategy: collectionStrategy,
+		},
+	}, nil
+}

ee/modules/cloudintegration/implcloudintegration/implcloudprovider/azurecloudprovider.go

@@ -0,0 +1,34 @@
+package implcloudprovider
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+)
+
+type azurecloudprovider struct{}
+
+func NewAzureCloudProvider() cloudintegration.CloudProviderModule {
+	return &azurecloudprovider{}
+}
+
+func (provider *azurecloudprovider) GetConnectionArtifact(ctx context.Context, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.GetConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	panic("implement me")
+}
+
+func (provider *azurecloudprovider) ListServiceDefinitions(ctx context.Context) ([]*cloudintegrationtypes.ServiceDefinition, error) {
+	panic("implement me")
+}
+
+func (provider *azurecloudprovider) GetServiceDefinition(ctx context.Context, serviceID cloudintegrationtypes.ServiceID) (*cloudintegrationtypes.ServiceDefinition, error) {
+	panic("implement me")
+}
+
+func (provider *azurecloudprovider) BuildIntegrationConfig(
+	ctx context.Context,
+	account *cloudintegrationtypes.Account,
+	services []*cloudintegrationtypes.StorableCloudIntegrationService,
+) (*cloudintegrationtypes.ProviderIntegrationConfig, error) {
+	panic("implement me")
+}

ee/modules/cloudintegration/implcloudintegration/module.go

@@ -0,0 +1,540 @@
+package implcloudintegration
+
+import (
+	"context"
+	"fmt"
+	"sort"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/gateway"
+	"github.com/SigNoz/signoz/pkg/global"
+	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
+	"github.com/SigNoz/signoz/pkg/types/zeustypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/SigNoz/signoz/pkg/zeus"
+)
+
+type module struct {
+	store             cloudintegrationtypes.Store
+	gateway           gateway.Gateway
+	zeus              zeus.Zeus
+	licensing         licensing.Licensing
+	global            global.Global
+	serviceAccount    serviceaccount.Module
+	cloudProvidersMap map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProviderModule
+	config            cloudintegration.Config
+}
+
+func NewModule(
+	store cloudintegrationtypes.Store,
+	global global.Global,
+	zeus zeus.Zeus,
+	gateway gateway.Gateway,
+	licensing licensing.Licensing,
+	serviceAccount serviceaccount.Module,
+	cloudProvidersMap map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProviderModule,
+	config cloudintegration.Config,
+) (cloudintegration.Module, error) {
+	return &module{
+		store:             store,
+		global:            global,
+		zeus:              zeus,
+		gateway:           gateway,
+		licensing:         licensing,
+		serviceAccount:    serviceAccount,
+		cloudProvidersMap: cloudProvidersMap,
+		config:            config,
+	}, nil
+}
+
+// GetConnectionCredentials returns credentials required to generate connection artifact. eg. apiKey, ingestionKey etc.
+// It will return creds it can deduce and return empty value for others.
+func (module *module) GetConnectionCredentials(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.Credentials, error) {
+	// get license to get the deployment details
+	license, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	// get deployment details from zeus, ignore error
+	respBytes, _ := module.zeus.GetDeployment(ctx, license.Key)
+
+	var signozAPIURL string
+
+	if len(respBytes) > 0 {
+		// parse deployment details, ignore error, if client is asking api url every time check for possible error
+		deployment, _ := zeustypes.NewGettableDeployment(respBytes)
+		if deployment != nil {
+			signozAPIURL, _ = cloudintegrationtypes.GetSigNozAPIURLFromDeployment(deployment)
+		}
+	}
+
+	// ignore error
+	apiKey, _ := module.getOrCreateAPIKey(ctx, orgID, provider)
+
+	// ignore error
+	ingestionKey, _ := module.getOrCreateIngestionKey(ctx, orgID, provider)
+
+	return cloudintegrationtypes.NewCredentials(
+		signozAPIURL,
+		apiKey,
+		module.global.GetConfig(ctx).IngestionURL,
+		ingestionKey,
+	), nil
+}
+
+func (module *module) CreateAccount(ctx context.Context, account *cloudintegrationtypes.Account) error {
+	_, err := module.licensing.GetActive(ctx, account.OrgID)
+	if err != nil {
+		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	storableCloudIntegration, err := cloudintegrationtypes.NewStorableCloudIntegration(account)
+	if err != nil {
+		return err
+	}
+
+	return module.store.CreateAccount(ctx, storableCloudIntegration)
+}
+
+func (module *module) GetConnectionArtifact(ctx context.Context, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.GetConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	_, err := module.licensing.GetActive(ctx, account.OrgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	cloudProviderModule, err := module.getCloudProvider(account.Provider)
+	if err != nil {
+		return nil, err
+	}
+
+	req.Config.SetAgentVersion(module.config.Agent.Version)
+	return cloudProviderModule.GetConnectionArtifact(ctx, account, req)
+}
+
+func (module *module) GetAccount(ctx context.Context, orgID valuer.UUID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.Account, error) {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	storableAccount, err := module.store.GetAccountByID(ctx, orgID, accountID, provider)
+	if err != nil {
+		return nil, err
+	}
+
+	return cloudintegrationtypes.NewAccountFromStorable(storableAccount)
+}
+
+func (module *module) GetConnectedAccount(ctx context.Context, orgID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.Account, error) {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	storableAccount, err := module.store.GetConnectedAccount(ctx, orgID, accountID, provider)
+	if err != nil {
+		return nil, err
+	}
+
+	return cloudintegrationtypes.NewAccountFromStorable(storableAccount)
+}
+
+// ListAccounts return only agent connected accounts.
+func (module *module) ListAccounts(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) ([]*cloudintegrationtypes.Account, error) {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	storableAccounts, err := module.store.ListConnectedAccounts(ctx, orgID, provider)
+	if err != nil {
+		return nil, err
+	}
+
+	return cloudintegrationtypes.NewAccountsFromStorables(storableAccounts)
+}
+
+func (module *module) AgentCheckIn(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, req *cloudintegrationtypes.AgentCheckInRequest) (*cloudintegrationtypes.AgentCheckInResponse, error) {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	connectedAccount, err := module.store.GetConnectedAccountByProviderAccountID(ctx, orgID, req.ProviderAccountID, provider)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		return nil, err
+	}
+
+	// If a different integration is already connected to this provider account ID, reject the check-in.
+	// Allow re-check-in from the same integration (e.g. agent restarting).
+	if connectedAccount != nil && connectedAccount.ID != req.CloudIntegrationID {
+		errMessage := fmt.Sprintf("provider account id %s is already connected to cloud integration id %s", req.ProviderAccountID, connectedAccount.ID)
+		return nil, errors.New(errors.TypeAlreadyExists, cloudintegrationtypes.ErrCodeCloudIntegrationAlreadyConnected, errMessage)
+	}
+
+	account, err := module.store.GetAccountByID(ctx, orgID, req.CloudIntegrationID, provider)
+	if err != nil {
+		return nil, err
+	}
+
+	// If account has been removed (disconnected), return a minimal response with empty integration config.
+	// The agent uses this response to clean up resources
+	if account.RemovedAt != nil {
+		return cloudintegrationtypes.NewAgentCheckInResponse(
+			req.ProviderAccountID,
+			account.ID.StringValue(),
+			new(cloudintegrationtypes.ProviderIntegrationConfig),
+			account.RemovedAt,
+		), nil
+	}
+
+	// update account with cloud provider account id and agent report (heartbeat)
+	account.Update(&req.ProviderAccountID, cloudintegrationtypes.NewAgentReport(req.Data))
+
+	err = module.store.UpdateAccount(ctx, account)
+	if err != nil {
+		return nil, err
+	}
+
+	// Get account as domain object for config access (enabled regions, etc.)
+	domainAccount, err := cloudintegrationtypes.NewAccountFromStorable(account)
+	if err != nil {
+		return nil, err
+	}
+
+	cloudProvider, err := module.getCloudProvider(provider)
+	if err != nil {
+		return nil, err
+	}
+
+	storedServices, err := module.store.ListServices(ctx, req.CloudIntegrationID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Delegate integration config building entirely to the provider module
+	integrationConfig, err := cloudProvider.BuildIntegrationConfig(ctx, domainAccount, storedServices)
+	if err != nil {
+		return nil, err
+	}
+
+	return cloudintegrationtypes.NewAgentCheckInResponse(
+		req.ProviderAccountID,
+		account.ID.StringValue(),
+		integrationConfig,
+		account.RemovedAt,
+	), nil
+}
+
+func (module *module) UpdateAccount(ctx context.Context, account *cloudintegrationtypes.Account) error {
+	_, err := module.licensing.GetActive(ctx, account.OrgID)
+	if err != nil {
+		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	storableAccount, err := cloudintegrationtypes.NewStorableCloudIntegration(account)
+	if err != nil {
+		return err
+	}
+
+	return module.store.UpdateAccount(ctx, storableAccount)
+}
+
+func (module *module) DisconnectAccount(ctx context.Context, orgID valuer.UUID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) error {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	return module.store.RemoveAccount(ctx, orgID, accountID, provider)
+}
+
+func (module *module) ListServicesMetadata(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, integrationID valuer.UUID) ([]*cloudintegrationtypes.ServiceMetadata, error) {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	cloudProvider, err := module.getCloudProvider(provider)
+	if err != nil {
+		return nil, err
+	}
+
+	serviceDefinitions, err := cloudProvider.ListServiceDefinitions(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	enabledServiceIDs := map[string]bool{}
+	if !integrationID.IsZero() {
+		storedServices, err := module.store.ListServices(ctx, integrationID)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, svc := range storedServices {
+			serviceConfig, err := cloudintegrationtypes.NewServiceConfigFromJSON(provider, svc.Config)
+			if err != nil {
+				return nil, err
+			}
+
+			if serviceConfig.IsServiceEnabled(provider) {
+				enabledServiceIDs[svc.Type.StringValue()] = true
+			}
+		}
+	}
+
+	resp := make([]*cloudintegrationtypes.ServiceMetadata, 0, len(serviceDefinitions))
+	for _, serviceDefinition := range serviceDefinitions {
+		resp = append(resp, cloudintegrationtypes.NewServiceMetadata(*serviceDefinition, enabledServiceIDs[serviceDefinition.ID]))
+	}
+
+	return resp, nil
+}
+
+func (module *module) GetService(ctx context.Context, orgID valuer.UUID, serviceID cloudintegrationtypes.ServiceID, provider cloudintegrationtypes.CloudProviderType, cloudIntegrationID valuer.UUID) (*cloudintegrationtypes.Service, error) {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	cloudProvider, err := module.getCloudProvider(provider)
+	if err != nil {
+		return nil, err
+	}
+
+	serviceDefinition, err := cloudProvider.GetServiceDefinition(ctx, serviceID)
+	if err != nil {
+		return nil, err
+	}
+
+	var integrationService *cloudintegrationtypes.CloudIntegrationService
+
+	if !cloudIntegrationID.IsZero() {
+		storedService, err := module.store.GetServiceByServiceID(ctx, cloudIntegrationID, serviceID)
+		if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+			return nil, err
+		}
+		if storedService != nil {
+			serviceConfig, err := cloudintegrationtypes.NewServiceConfigFromJSON(provider, storedService.Config)
+			if err != nil {
+				return nil, err
+			}
+
+			integrationService = cloudintegrationtypes.NewCloudIntegrationServiceFromStorable(storedService, serviceConfig)
+		}
+	}
+
+	return cloudintegrationtypes.NewService(*serviceDefinition, integrationService), nil
+}
+
+func (module *module) CreateService(ctx context.Context, orgID valuer.UUID, service *cloudintegrationtypes.CloudIntegrationService, provider cloudintegrationtypes.CloudProviderType) error {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	cloudProvider, err := module.getCloudProvider(provider)
+	if err != nil {
+		return err
+	}
+
+	serviceDefinition, err := cloudProvider.GetServiceDefinition(ctx, service.Type)
+	if err != nil {
+		return err
+	}
+
+	configJSON, err := service.Config.ToJSON(provider, service.Type, &serviceDefinition.SupportedSignals)
+	if err != nil {
+		return err
+	}
+
+	return module.store.CreateService(ctx, cloudintegrationtypes.NewStorableCloudIntegrationService(service, string(configJSON)))
+}
+
+func (module *module) UpdateService(ctx context.Context, orgID valuer.UUID, integrationService *cloudintegrationtypes.CloudIntegrationService, provider cloudintegrationtypes.CloudProviderType) error {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	cloudProvider, err := module.getCloudProvider(provider)
+	if err != nil {
+		return err
+	}
+
+	serviceDefinition, err := cloudProvider.GetServiceDefinition(ctx, integrationService.Type)
+	if err != nil {
+		return err
+	}
+
+	configJSON, err := integrationService.Config.ToJSON(provider, integrationService.Type, &serviceDefinition.SupportedSignals)
+	if err != nil {
+		return err
+	}
+
+	storableService := cloudintegrationtypes.NewStorableCloudIntegrationService(integrationService, string(configJSON))
+
+	return module.store.UpdateService(ctx, storableService)
+}
+
+func (module *module) GetDashboardByID(ctx context.Context, orgID valuer.UUID, id string) (*dashboardtypes.Dashboard, error) {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	_, _, _, err = cloudintegrationtypes.ParseCloudIntegrationDashboardID(id)
+	if err != nil {
+		return nil, err
+	}
+
+	allDashboards, err := module.listDashboards(ctx, orgID)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, d := range allDashboards {
+		if d.ID == id {
+			return d, nil
+		}
+	}
+
+	return nil, errors.New(errors.TypeNotFound, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "cloud integration dashboard not found")
+}
+
+func (module *module) ListDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error) {
+	_, err := module.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	return module.listDashboards(ctx, orgID)
+}
+
+func (module *module) Collect(ctx context.Context, orgID valuer.UUID) (map[string]any, error) {
+	stats := make(map[string]any)
+
+	// get connected accounts for AWS
+	awsAccountsCount, err := module.store.CountConnectedAccounts(ctx, orgID, cloudintegrationtypes.CloudProviderTypeAWS)
+	if err == nil {
+		stats["cloudintegration.aws.connectedaccounts.count"] = awsAccountsCount
+	}
+
+	// NOTE: not adding stats for services for now.
+
+	// TODO: add more cloud providers when supported
+
+	return stats, nil
+}
+
+func (module *module) getCloudProvider(provider cloudintegrationtypes.CloudProviderType) (cloudintegration.CloudProviderModule, error) {
+	if cloudProviderModule, ok := module.cloudProvidersMap[provider]; ok {
+		return cloudProviderModule, nil
+	}
+
+	return nil, errors.NewInvalidInputf(cloudintegrationtypes.ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
+}
+
+func (module *module) getOrCreateIngestionKey(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (string, error) {
+	keyName := cloudintegrationtypes.NewIngestionKeyName(provider)
+
+	result, err := module.gateway.SearchIngestionKeysByName(ctx, orgID, keyName, 1, 10)
+	if err != nil {
+		return "", errors.WrapInternalf(err, errors.CodeInternal, "couldn't search ingestion keys")
+	}
+
+	// ideally there should be only one key per cloud integration provider
+	if len(result.Keys) > 0 {
+		return result.Keys[0].Value, nil
+	}
+
+	createdIngestionKey, err := module.gateway.CreateIngestionKey(ctx, orgID, keyName, []string{"integration"}, time.Time{})
+	if err != nil {
+		return "", errors.WrapInternalf(err, errors.CodeInternal, "couldn't create ingestion key")
+	}
+
+	return createdIngestionKey.Value, nil
+}
+
+func (module *module) getOrCreateAPIKey(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (string, error) {
+	domain := module.serviceAccount.Config().Email.Domain
+	serviceAccount := serviceaccounttypes.NewServiceAccount("integration", domain, serviceaccounttypes.ServiceAccountStatusActive, orgID)
+	serviceAccount, err := module.serviceAccount.GetOrCreate(ctx, orgID, serviceAccount)
+	if err != nil {
+		return "", err
+	}
+	err = module.serviceAccount.SetRoleByName(ctx, orgID, serviceAccount.ID, authtypes.SigNozViewerRoleName)
+	if err != nil {
+		return "", err
+	}
+
+	factorAPIKey, err := serviceAccount.NewFactorAPIKey(provider.StringValue(), 0)
+	if err != nil {
+		return "", err
+	}
+
+	factorAPIKey, err = module.serviceAccount.GetOrCreateFactorAPIKey(ctx, factorAPIKey)
+	if err != nil {
+		return "", err
+	}
+	return factorAPIKey.Key, nil
+}
+
+func (module *module) listDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error) {
+	var allDashboards []*dashboardtypes.Dashboard
+
+	for provider := range module.cloudProvidersMap {
+		cloudProvider, err := module.getCloudProvider(provider)
+		if err != nil {
+			return nil, err
+		}
+
+		connectedAccounts, err := module.store.ListConnectedAccounts(ctx, orgID, provider)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, storableAccount := range connectedAccounts {
+			storedServices, err := module.store.ListServices(ctx, storableAccount.ID)
+			if err != nil {
+				return nil, err
+			}
+
+			for _, storedSvc := range storedServices {
+				serviceConfig, err := cloudintegrationtypes.NewServiceConfigFromJSON(provider, storedSvc.Config)
+				if err != nil || !serviceConfig.IsMetricsEnabled(provider) {
+					continue
+				}
+
+				svcDef, err := cloudProvider.GetServiceDefinition(ctx, storedSvc.Type)
+				if err != nil || svcDef == nil {
+					continue
+				}
+
+				dashboards := cloudintegrationtypes.GetDashboardsFromAssets(
+					storedSvc.Type.StringValue(),
+					orgID,
+					provider,
+					storableAccount.CreatedAt,
+					svcDef.Assets,
+				)
+				allDashboards = append(allDashboards, dashboards...)
+			}
+		}
+	}
+
+	sort.Slice(allDashboards, func(i, j int) bool {
+		return allDashboards[i].ID < allDashboards[j].ID
+	})
+
+	return allDashboards, nil
+}

ee/modules/dashboard/impldashboard/module.go

@@ -213,8 +213,8 @@ func (module *module) Update(ctx context.Context, orgID valuer.UUID, id valuer.U
 	return module.pkgDashboardModule.Update(ctx, orgID, id, updatedBy, data, diff)
 }
 
-func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, role authtypes.LegacyRole, lock bool) error {
-	return module.pkgDashboardModule.LockUnlock(ctx, orgID, id, updatedBy, role, lock)
+func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
+	return module.pkgDashboardModule.LockUnlock(ctx, orgID, id, updatedBy, isAdmin, lock)
 }
 
 func (module *module) MustGetTypeables() []authtypes.Typeable {

ee/querier/handler.go

@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"io"
 	"net/http"
-	"runtime/debug"
 
 	anomalyV2 "github.com/SigNoz/signoz/ee/anomaly"
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -54,26 +53,6 @@ func (h *handler) QueryRange(rw http.ResponseWriter, req *http.Request) {
 		return
 	}
 
-	defer func() {
-		if r := recover(); r != nil {
-			stackTrace := string(debug.Stack())
-
-			queryJSON, _ := json.Marshal(queryRangeRequest)
-
-			h.set.Logger.ErrorContext(ctx, "panic in QueryRange",
-				"error", r,
-				"user", claims.UserID,
-				"payload", string(queryJSON),
-				"stacktrace", stackTrace,
-			)
-
-			render.Error(rw, errors.NewInternalf(
-				errors.CodeInternal,
-				"Something went wrong on our end. It's not you, it's us. Our team is notified about it. Reach out to support if issue persists.",
-			))
-		}
-	}()
-
 	if err := queryRangeRequest.Validate(); err != nil {
 		render.Error(rw, err)
 		return
@@ -86,7 +65,7 @@ func (h *handler) QueryRange(rw http.ResponseWriter, req *http.Request) {
 	}
 
 	if anomalyQuery, ok := queryRangeRequest.IsAnomalyRequest(); ok {
-		anomalies, err := h.handleAnomalyQuery(ctx, orgID, anomalyQuery, queryRangeRequest)
+		anomalies, err := h.handleAnomalyQuery(ctx, orgID, anomalyQuery, &queryRangeRequest)
 		if err != nil {
 			render.Error(rw, errors.NewInternalf(errors.CodeInternal, "failed to get anomalies: %v", err))
 			return
@@ -100,7 +79,7 @@ func (h *handler) QueryRange(rw http.ResponseWriter, req *http.Request) {
 		// Build step intervals from the anomaly query
 		stepIntervals := make(map[string]uint64)
 		if anomalyQuery.StepInterval.Duration > 0 {
-			stepIntervals[anomalyQuery.Name] = uint64(anomalyQuery.StepInterval.Duration.Seconds())
+			stepIntervals[anomalyQuery.Name] = uint64(anomalyQuery.StepInterval.Seconds())
 		}
 
 		finalResp := &qbtypes.QueryRangeResponse{
@@ -170,7 +149,7 @@ func (h *handler) createAnomalyProvider(seasonality anomalyV2.Seasonality) anoma
 	}
 }
 
-func (h *handler) handleAnomalyQuery(ctx context.Context, orgID valuer.UUID, anomalyQuery *qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation], queryRangeRequest qbtypes.QueryRangeRequest) (*anomalyV2.AnomaliesResponse, error) {
+func (h *handler) handleAnomalyQuery(ctx context.Context, orgID valuer.UUID, anomalyQuery *qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation], queryRangeRequest *qbtypes.QueryRangeRequest) (*anomalyV2.AnomaliesResponse, error) {
 	seasonality := extractSeasonality(anomalyQuery)
 	provider := h.createAnomalyProvider(seasonality)
 

ee/query-service/app/api/api.go

@@ -6,7 +6,6 @@ import (
 
 	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
 	"github.com/SigNoz/signoz/ee/query-service/usage"
-	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
@@ -15,7 +14,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
 	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
-	rules "github.com/SigNoz/signoz/pkg/query-service/rules"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/version"
@@ -24,7 +22,6 @@ import (
 
 type APIHandlerOptions struct {
 	DataConnector                 interfaces.Reader
-	RulesManager                  *rules.Manager
 	UsageManager                  *usage.Manager
 	IntegrationsController        *integrations.Controller
 	CloudIntegrationsController   *cloudintegrations.Controller
@@ -44,12 +41,10 @@ type APIHandler struct {
 func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz, config signoz.Config) (*APIHandler, error) {
 	baseHandler, err := baseapp.NewAPIHandler(baseapp.APIHandlerOpts{
 		Reader:                        opts.DataConnector,
-		RuleManager:                   opts.RulesManager,
 		IntegrationsController:        opts.IntegrationsController,
 		CloudIntegrationsController:   opts.CloudIntegrationsController,
 		LogsParsingPipelineController: opts.LogsParsingPipelineController,
 		FluxInterval:                  opts.FluxInterval,
-		AlertmanagerAPI:               alertmanager.NewAPI(signoz.Alertmanager),
 		LicensingAPI:                  httplicensing.NewLicensingAPI(signoz.Licensing),
 		Signoz:                        signoz,
 		QueryParserAPI:                queryparser.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.QueryParser),
@@ -66,10 +61,6 @@ func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz, config signoz.
 	return ah, nil
 }
 
-func (ah *APIHandler) RM() *rules.Manager {
-	return ah.opts.RulesManager
-}
-
 func (ah *APIHandler) UM() *usage.Manager {
 	return ah.opts.UsageManager
 }

ee/query-service/app/api/cloudIntegrations.go

@@ -10,15 +10,15 @@ import (
 	"strings"
 	"time"
 
+	"log/slog"
+
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/modules/user"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/usertypes"
+	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
-	"log/slog"
 )
 
 type CloudIntegrationConnectionParamsResponse struct {
@@ -49,7 +49,7 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		return
 	}
 
-	apiKey, apiErr := ah.getOrCreateCloudIntegrationPAT(r.Context(), claims.OrgID, cloudProvider)
+	apiKey, apiErr := ah.getOrCreateCloudIntegrationFactorAPIKey(r.Context(), valuer.MustNewUUID(claims.OrgID), cloudProvider)
 	if apiErr != nil {
 		RespondError(w, basemodel.WrapApiError(
 			apiErr, "couldn't provision PAT for cloud integration:",
@@ -109,79 +109,44 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 	ah.Respond(w, result)
 }
 
-func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId string, cloudProvider string) (
+func (ah *APIHandler) getOrCreateCloudIntegrationFactorAPIKey(ctx context.Context, orgID valuer.UUID, cloudProvider string) (
 	string, *basemodel.ApiError,
 ) {
-	integrationPATName := fmt.Sprintf("%s integration", cloudProvider)
-
-	integrationUser, apiErr := ah.getOrCreateCloudIntegrationUser(ctx, orgId, cloudProvider)
+	integrationPATName := fmt.Sprintf("%s", cloudProvider)
+	serviceAccount, apiErr := ah.getOrCreateCloudIntegrationServiceAccount(ctx, orgID)
 	if apiErr != nil {
 		return "", apiErr
 	}
 
-	orgIdUUID, err := valuer.NewUUID(orgId)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't parse orgId: %w", err,
-		))
-	}
-
-	allPats, err := ah.Signoz.Modules.User.ListAPIKeys(ctx, orgIdUUID)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't list PATs: %w", err,
-		))
-	}
-	for _, p := range allPats {
-		if p.UserID == integrationUser.ID && p.Name == integrationPATName {
-			return p.Token, nil
-		}
-	}
-
-	slog.InfoContext(ctx, "no PAT found for cloud integration, creating a new one",
-		"cloud_provider", cloudProvider,
-	)
-
-	newPAT, err := usertypes.NewStorableAPIKey(
-		integrationPATName,
-		integrationUser.ID,
-		authtypes.RoleViewer,
-		0,
-	)
+	factorAPIKey, err := serviceAccount.NewFactorAPIKey(integrationPATName, 0)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't create cloud integration PAT: %w", err,
 		))
 	}
 
-	err = ah.Signoz.Modules.User.CreateAPIKey(ctx, newPAT)
+	factorAPIKey, err = ah.Signoz.Modules.ServiceAccount.GetOrCreateFactorAPIKey(ctx, factorAPIKey)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't create cloud integration PAT: %w", err,
 		))
 	}
-	return newPAT.Token, nil
+	return factorAPIKey.Key, nil
 }
 
-func (ah *APIHandler) getOrCreateCloudIntegrationUser(
-	ctx context.Context, orgId string, cloudProvider string,
-) (*usertypes.User, *basemodel.ApiError) {
-	cloudIntegrationUserName := fmt.Sprintf("%s-integration", cloudProvider)
-	email := valuer.MustNewEmail(fmt.Sprintf("%s@signoz.io", cloudIntegrationUserName))
-
-	cloudIntegrationUser, err := usertypes.NewUser(cloudIntegrationUserName, email, authtypes.RoleViewer, valuer.MustNewUUID(orgId), usertypes.UserStatusActive)
+func (ah *APIHandler) getOrCreateCloudIntegrationServiceAccount(ctx context.Context, orgId valuer.UUID) (*serviceaccounttypes.ServiceAccount, *basemodel.ApiError) {
+	domain := ah.Signoz.Modules.ServiceAccount.Config().Email.Domain
+	cloudIntegrationServiceAccount := serviceaccounttypes.NewServiceAccount("integration", domain, serviceaccounttypes.ServiceAccountStatusActive, orgId)
+	cloudIntegrationServiceAccount, err := ah.Signoz.Modules.ServiceAccount.GetOrCreate(ctx, orgId, cloudIntegrationServiceAccount)
 	if err != nil {
-		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration user: %w", err))
+		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration service account: %w", err))
+	}
+	err = ah.Signoz.Modules.ServiceAccount.SetRoleByName(ctx, orgId, cloudIntegrationServiceAccount.ID, authtypes.SigNozViewerRoleName)
+	if err != nil {
+		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration service account: %w", err))
 	}
 
-	password := usertypes.MustGenerateFactorPassword(cloudIntegrationUser.ID.StringValue())
-
-	cloudIntegrationUser, err = ah.Signoz.Modules.User.GetOrCreateUser(ctx, cloudIntegrationUser, user.WithFactorPassword(password))
-	if err != nil {
-		return nil, basemodel.InternalError(fmt.Errorf("couldn't look for integration user: %w", err))
-	}
-
-	return cloudIntegrationUser, nil
+	return cloudIntegrationServiceAccount, nil
 }
 
 func (ah *APIHandler) getIngestionUrlAndSigNozAPIUrl(ctx context.Context, licenseKey string) (

ee/query-service/app/api/featureFlags.go

@@ -4,10 +4,15 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+
 	"io"
 	"net/http"
 	"time"
 
+	signozerrors "github.com/SigNoz/signoz/pkg/errors"
+
+	"log/slog"
+
 	"github.com/SigNoz/signoz/ee/query-service/constants"
 	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/http/render"
@@ -15,7 +20,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/types/featuretypes"
 	"github.com/SigNoz/signoz/pkg/types/licensetypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
-	"log/slog"
 )
 
 func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
@@ -38,7 +42,7 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 		slog.DebugContext(ctx, "fetching license")
 		license, err := ah.Signoz.Licensing.GetActive(ctx, orgID)
 		if err != nil {
-			slog.ErrorContext(ctx, "failed to fetch license", "error", err)
+			slog.ErrorContext(ctx, "failed to fetch license", signozerrors.Attr(err))
 		} else if license == nil {
 			slog.DebugContext(ctx, "no active license found")
 		} else {
@@ -51,7 +55,7 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 				// merge featureSet and zeusFeatures in featureSet with higher priority to zeusFeatures
 				featureSet = MergeFeatureSets(zeusFeatures, featureSet)
 			} else {
-				slog.ErrorContext(ctx, "failed to fetch zeus features", "error", err)
+				slog.ErrorContext(ctx, "failed to fetch zeus features", signozerrors.Attr(err))
 			}
 		}
 	}

ee/query-service/app/api/license.go

@@ -7,6 +7,10 @@ import (
 
 	"github.com/SigNoz/signoz/ee/query-service/constants"
 	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/flagger"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/featuretypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
 type DayWiseBreakdown struct {
@@ -45,15 +49,17 @@ type details struct {
 	BillTotal float64         `json:"billTotal"`
 }
 
+type billingData struct {
+	BillingPeriodStart int64   `json:"billingPeriodStart"`
+	BillingPeriodEnd   int64   `json:"billingPeriodEnd"`
+	Details            details `json:"details"`
+	Discount           float64 `json:"discount"`
+	SubscriptionStatus string  `json:"subscriptionStatus"`
+}
+
 type billingDetails struct {
-	Status string `json:"status"`
-	Data   struct {
-		BillingPeriodStart int64   `json:"billingPeriodStart"`
-		BillingPeriodEnd   int64   `json:"billingPeriodEnd"`
-		Details            details `json:"details"`
-		Discount           float64 `json:"discount"`
-		SubscriptionStatus string  `json:"subscriptionStatus"`
-	} `json:"data"`
+	Status string      `json:"status"`
+	Data   billingData `json:"data"`
 }
 
 func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
@@ -64,6 +70,33 @@ func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		RespondError(w, model.InternalError(err), nil)
+		return
+	}
+
+	orgID := valuer.MustNewUUID(claims.OrgID)
+	evalCtx := featuretypes.NewFlaggerEvaluationContext(orgID)
+	useZeus := ah.Signoz.Flagger.BooleanOrEmpty(r.Context(), flagger.FeatureGetMetersFromZeus, evalCtx)
+
+	if useZeus {
+		data, err := ah.Signoz.Zeus.GetMeters(r.Context(), licenseKey)
+		if err != nil {
+			RespondError(w, model.InternalError(err), nil)
+			return
+		}
+
+		var billing billingData
+		if err := json.Unmarshal(data, &billing); err != nil {
+			RespondError(w, model.InternalError(err), nil)
+			return
+		}
+
+		ah.Respond(w, billing)
+		return
+	}
+
 	billingURL := fmt.Sprintf("%s/usage?licenseKey=%s", constants.LicenseSignozIo, licenseKey)
 
 	hClient := &http.Client{}
@@ -79,13 +112,11 @@ func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// decode response body
 	var billingResponse billingDetails
 	if err := json.NewDecoder(billingResp.Body).Decode(&billingResponse); err != nil {
 		RespondError(w, model.InternalError(err), nil)
 		return
 	}
 
-	// TODO(srikanthccv):Fetch the current day usage and add it to the response
 	ah.Respond(w, billingResponse.Data)
 }

ee/query-service/app/api/queryrange.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 
 	"github.com/SigNoz/signoz/ee/query-service/anomaly"
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/query-service/app/queryBuilder"
@@ -35,7 +36,7 @@ func (aH *APIHandler) queryRangeV4(w http.ResponseWriter, r *http.Request) {
 	queryRangeParams, apiErrorObj := baseapp.ParseQueryRangeParams(r)
 
 	if apiErrorObj != nil {
-		slog.ErrorContext(r.Context(), "error parsing metric query range params", "error", apiErrorObj.Err)
+		slog.ErrorContext(r.Context(), "error parsing metric query range params", errors.Attr(apiErrorObj.Err))
 		RespondError(w, apiErrorObj, nil)
 		return
 	}
@@ -44,7 +45,7 @@ func (aH *APIHandler) queryRangeV4(w http.ResponseWriter, r *http.Request) {
 	// add temporality for each metric
 	temporalityErr := aH.PopulateTemporality(r.Context(), orgID, queryRangeParams)
 	if temporalityErr != nil {
-		slog.ErrorContext(r.Context(), "error while adding temporality for metrics", "error", temporalityErr)
+		slog.ErrorContext(r.Context(), "error while adding temporality for metrics", errors.Attr(temporalityErr))
 		RespondError(w, &model.ApiError{Typ: model.ErrorInternal, Err: temporalityErr}, nil)
 		return
 	}

ee/query-service/app/server.go

@@ -5,35 +5,28 @@ import (
 	"fmt"
 	"net"
 	"net/http"
-	_ "net/http/pprof" // http profiler
 	"slices"
 
-	"github.com/SigNoz/signoz/pkg/cache/memorycache"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/queryparser"
-	"github.com/SigNoz/signoz/pkg/ruler/rulestore/sqlrulestore"
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux"
 	"go.opentelemetry.io/otel/propagation"
 
+	"github.com/SigNoz/signoz/pkg/cache/memorycache"
+	"github.com/SigNoz/signoz/pkg/errors"
+
 	"github.com/gorilla/handlers"
 
-	"github.com/SigNoz/signoz/ee/query-service/app/api"
-	"github.com/SigNoz/signoz/ee/query-service/rules"
-	"github.com/SigNoz/signoz/ee/query-service/usage"
-	"github.com/SigNoz/signoz/pkg/alertmanager"
-	"github.com/SigNoz/signoz/pkg/cache"
-	"github.com/SigNoz/signoz/pkg/http/middleware"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/prometheus"
-	"github.com/SigNoz/signoz/pkg/querier"
-	"github.com/SigNoz/signoz/pkg/signoz"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/telemetrystore"
-	"github.com/SigNoz/signoz/pkg/web"
 	"github.com/rs/cors"
 	"github.com/soheilhy/cmux"
 
+	"github.com/SigNoz/signoz/ee/query-service/app/api"
+	"github.com/SigNoz/signoz/ee/query-service/usage"
+	"github.com/SigNoz/signoz/pkg/cache"
+	"github.com/SigNoz/signoz/pkg/http/middleware"
+	"github.com/SigNoz/signoz/pkg/signoz"
+	"github.com/SigNoz/signoz/pkg/web"
+
+	"log/slog"
+
 	"github.com/SigNoz/signoz/pkg/query-service/agentConf"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/query-service/app/clickhouseReader"
@@ -44,17 +37,13 @@ import (
 	opAmpModel "github.com/SigNoz/signoz/pkg/query-service/app/opamp/model"
 	baseconst "github.com/SigNoz/signoz/pkg/query-service/constants"
 	"github.com/SigNoz/signoz/pkg/query-service/healthcheck"
-	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
-	baserules "github.com/SigNoz/signoz/pkg/query-service/rules"
 	"github.com/SigNoz/signoz/pkg/query-service/utils"
-	"log/slog"
 )
 
 // Server runs HTTP, Mux and a grpc server
 type Server struct {
 	config      signoz.Config
 	signoz      *signoz.SigNoz
-	ruleManager *baserules.Manager
 
 	// public http router
 	httpConn     net.Listener
@@ -94,24 +83,6 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 		nil,
 	)
 
-	rm, err := makeRulesManager(
-		reader,
-		signoz.Cache,
-		signoz.Alertmanager,
-		signoz.SQLStore,
-		signoz.TelemetryStore,
-		signoz.TelemetryMetadataStore,
-		signoz.Prometheus,
-		signoz.Modules.OrgGetter,
-		signoz.Querier,
-		signoz.Instrumentation.ToProviderSettings(),
-		signoz.QueryParser,
-	)
-
-	if err != nil {
-		return nil, err
-	}
-
 	// initiate opamp
 	opAmpModel.Init(signoz.SQLStore, signoz.Instrumentation.Logger(), signoz.Modules.OrgGetter)
 
@@ -133,6 +104,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 	logParsingPipelineController, err := logparsingpipeline.NewLogParsingPipelinesController(
 		signoz.SQLStore,
 		integrationsController.GetPipelinesForInstalledIntegrations,
+		reader,
 	)
 	if err != nil {
 		return nil, err
@@ -159,7 +131,6 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 
 	apiOpts := api.APIHandlerOptions{
 		DataConnector:                 reader,
-		RulesManager:                  rm,
 		UsageManager:                  usageManager,
 		IntegrationsController:        integrationsController,
 		CloudIntegrationsController:   cloudIntegrationsController,
@@ -176,8 +147,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 
 	s := &Server{
 		config:             config,
-		signoz:             signoz,
-		ruleManager:        rm,
+		signoz:       signoz,
 		httpHostPort:       baseconst.HTTPHostPort,
 		unavailableChannel: make(chan healthcheck.Status),
 		usageManager:       usageManager,
@@ -207,6 +177,7 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 	r := baseapp.NewRouter()
 	am := middleware.NewAuthZ(s.signoz.Instrumentation.Logger(), s.signoz.Modules.OrgGetter, s.signoz.Authz)
 
+	r.Use(middleware.NewRecovery(s.signoz.Instrumentation.Logger()).Wrap)
 	r.Use(otelmux.Middleware(
 		"apiserver",
 		otelmux.WithMeterProvider(s.signoz.Instrumentation.MeterProvider()),
@@ -215,7 +186,6 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 		otelmux.WithFilter(func(r *http.Request) bool {
 			return !slices.Contains([]string{"/api/v1/health"}, r.URL.Path)
 		}),
-		otelmux.WithPublicEndpoint(),
 	))
 	r.Use(middleware.NewIdentN(s.signoz.IdentNResolver, s.signoz.Sharder, s.signoz.Instrumentation.Logger()).Wrap)
 	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
@@ -223,7 +193,7 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 		s.config.APIServer.Timeout.Default,
 		s.config.APIServer.Timeout.Max,
 	).Wrap)
-	r.Use(middleware.NewLogging(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes).Wrap)
+	r.Use(middleware.NewAudit(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes, s.signoz.Auditor).Wrap)
 	r.Use(middleware.NewComment().Wrap)
 
 	apiHandler.RegisterRoutes(r, am)
@@ -236,7 +206,6 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 	apiHandler.RegisterWebSocketPaths(r, am)
 	apiHandler.RegisterMessagingQueuesRoutes(r, am)
 	apiHandler.RegisterThirdPartyApiRoutes(r, am)
-	apiHandler.MetricExplorerRoutes(r, am)
 	apiHandler.RegisterTraceFunnelsRoutes(r, am)
 
 	err := s.signoz.APIServer.AddToRouter(r)
@@ -259,6 +228,20 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 		return nil, err
 	}
 
+	routePrefix := s.config.Global.ExternalPath()
+	if routePrefix != "" {
+		prefixed := http.StripPrefix(routePrefix, handler)
+		handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			switch req.URL.Path {
+			case "/api/v1/health", "/api/v2/healthz", "/api/v2/readyz", "/api/v2/livez":
+				r.ServeHTTP(w, req)
+				return
+			}
+
+			prefixed.ServeHTTP(w, req)
+		})
+	}
+
 	return &http.Server{
 		Handler: handler,
 	}, nil
@@ -285,8 +268,6 @@ func (s *Server) initListeners() error {
 
 // Start listening on http and private http port concurrently
 func (s *Server) Start(ctx context.Context) error {
-	s.ruleManager.Start(ctx)
-
 	err := s.initListeners()
 	if err != nil {
 		return err
@@ -304,25 +285,16 @@ func (s *Server) Start(ctx context.Context) error {
 		case nil, http.ErrServerClosed, cmux.ErrListenerClosed:
 			// normal exit, nothing to do
 		default:
-			slog.Error("Could not start HTTP server", "error", err)
+			slog.Error("Could not start HTTP server", errors.Attr(err))
 		}
 		s.unavailableChannel <- healthcheck.Unavailable
 	}()
 
-	go func() {
-		slog.Info("Starting pprof server", "addr", baseconst.DebugHttpPort)
-
-		err = http.ListenAndServe(baseconst.DebugHttpPort, nil)
-		if err != nil {
-			slog.Error("Could not start pprof server", "error", err)
-		}
-	}()
-
 	go func() {
 		slog.Info("Starting OpAmp Websocket server", "addr", baseconst.OpAmpWsEndpoint)
 		err := s.opampServer.Start(baseconst.OpAmpWsEndpoint)
 		if err != nil {
-			slog.Error("opamp ws server failed to start", "error", err)
+			slog.Error("opamp ws server failed to start", errors.Attr(err))
 			s.unavailableChannel <- healthcheck.Unavailable
 		}
 	}()
@@ -339,47 +311,9 @@ func (s *Server) Stop(ctx context.Context) error {
 
 	s.opampServer.Stop()
 
-	if s.ruleManager != nil {
-		s.ruleManager.Stop(ctx)
-	}
-
 	// stop usage manager
 	s.usageManager.Stop(ctx)
 
 	return nil
 }
 
-func makeRulesManager(ch baseint.Reader, cache cache.Cache, alertmanager alertmanager.Alertmanager, sqlstore sqlstore.SQLStore, telemetryStore telemetrystore.TelemetryStore, metadataStore telemetrytypes.MetadataStore, prometheus prometheus.Prometheus, orgGetter organization.Getter, querier querier.Querier, providerSettings factory.ProviderSettings, queryParser queryparser.QueryParser) (*baserules.Manager, error) {
-	ruleStore := sqlrulestore.NewRuleStore(sqlstore, queryParser, providerSettings)
-	maintenanceStore := sqlrulestore.NewMaintenanceStore(sqlstore)
-	// create manager opts
-	managerOpts := &baserules.ManagerOptions{
-		TelemetryStore:      telemetryStore,
-		MetadataStore:       metadataStore,
-		Prometheus:          prometheus,
-		Context:             context.Background(),
-		Reader:              ch,
-		Querier:             querier,
-		Logger:              providerSettings.Logger,
-		Cache:               cache,
-		EvalDelay:           baseconst.GetEvalDelay(),
-		PrepareTaskFunc:     rules.PrepareTaskFunc,
-		PrepareTestRuleFunc: rules.TestNotification,
-		Alertmanager:        alertmanager,
-		OrgGetter:           orgGetter,
-		RuleStore:           ruleStore,
-		MaintenanceStore:    maintenanceStore,
-		SqlStore:            sqlstore,
-		QueryParser:         queryParser,
-	}
-
-	// create Manager
-	manager, err := baserules.NewManager(managerOpts)
-	if err != nil {
-		return nil, fmt.Errorf("rule manager error: %v", err)
-	}
-
-	slog.Info("rules manager is ready")
-
-	return manager, nil
-}

ee/query-service/rules/anomaly.go

@@ -5,57 +5,33 @@ import (
 	"encoding/json"
 	"fmt"
 	"log/slog"
-	"math"
-	"strings"
 	"sync"
 	"time"
 
-	"github.com/SigNoz/signoz/ee/query-service/anomaly"
-	"github.com/SigNoz/signoz/pkg/cache"
-	"github.com/SigNoz/signoz/pkg/query-service/common"
-	"github.com/SigNoz/signoz/pkg/query-service/model"
-	"github.com/SigNoz/signoz/pkg/transition"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/querier"
+	"github.com/SigNoz/signoz/pkg/types/rulestatehistorytypes"
 	"github.com/SigNoz/signoz/pkg/types/ruletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 
-	querierV2 "github.com/SigNoz/signoz/pkg/query-service/app/querier/v2"
-	"github.com/SigNoz/signoz/pkg/query-service/app/queryBuilder"
-	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
-	v3 "github.com/SigNoz/signoz/pkg/query-service/model/v3"
-	"github.com/SigNoz/signoz/pkg/query-service/utils/labels"
-	"github.com/SigNoz/signoz/pkg/query-service/utils/times"
-	"github.com/SigNoz/signoz/pkg/query-service/utils/timestamp"
-
 	"github.com/SigNoz/signoz/pkg/units"
 
 	baserules "github.com/SigNoz/signoz/pkg/query-service/rules"
 
-	querierV5 "github.com/SigNoz/signoz/pkg/querier"
-
-	anomalyV2 "github.com/SigNoz/signoz/ee/anomaly"
+	"github.com/SigNoz/signoz/ee/anomaly"
 
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 )
 
-const (
-	RuleTypeAnomaly = "anomaly_rule"
-)
-
 type AnomalyRule struct {
 	*baserules.BaseRule
 
 	mtx sync.Mutex
 
-	reader interfaces.Reader
+	// querier is used for alerts migrated after the introduction of new query builder
+	querier querier.Querier
 
-	// querierV2 is used for alerts created after the introduction of new metrics query builder
-	querierV2 interfaces.Querier
-
-	// querierV5 is used for alerts migrated after the introduction of new query builder
-	querierV5 querierV5.Querier
-
-	provider   anomaly.Provider
-	providerV2 anomalyV2.Provider
+	provider anomaly.Provider
 
 	version string
 	logger  *slog.Logger
@@ -69,125 +45,70 @@ func NewAnomalyRule(
 	id string,
 	orgID valuer.UUID,
 	p *ruletypes.PostableRule,
-	reader interfaces.Reader,
-	querierV5 querierV5.Querier,
+	querier querier.Querier,
 	logger *slog.Logger,
-	cache cache.Cache,
 	opts ...baserules.RuleOption,
 ) (*AnomalyRule, error) {
-
-	logger.Info("creating new AnomalyRule", "rule_id", id)
+	logger.Info("creating new AnomalyRule", slog.String("rule.id", id))
 
 	opts = append(opts, baserules.WithLogger(logger))
 
-	baseRule, err := baserules.NewBaseRule(id, orgID, p, reader, opts...)
+	baseRule, err := baserules.NewBaseRule(id, orgID, p, opts...)
 	if err != nil {
 		return nil, err
 	}
 
-	t := AnomalyRule{
+	r := AnomalyRule{
 		BaseRule: baseRule,
+		querier:  querier,
+		version:  p.Version,
+		logger:   logger.With(slog.String("rule.id", id)),
 	}
 
-	switch strings.ToLower(p.RuleCondition.Seasonality) {
-	case "hourly":
-		t.seasonality = anomaly.SeasonalityHourly
-	case "daily":
-		t.seasonality = anomaly.SeasonalityDaily
-	case "weekly":
-		t.seasonality = anomaly.SeasonalityWeekly
+	switch p.RuleCondition.Seasonality {
+	case ruletypes.SeasonalityHourly:
+		r.seasonality = anomaly.SeasonalityHourly
+	case ruletypes.SeasonalityDaily:
+		r.seasonality = anomaly.SeasonalityDaily
+	case ruletypes.SeasonalityWeekly:
+		r.seasonality = anomaly.SeasonalityWeekly
 	default:
-		t.seasonality = anomaly.SeasonalityDaily
+		r.seasonality = anomaly.SeasonalityDaily
 	}
 
-	logger.Info("using seasonality", "seasonality", t.seasonality.String())
+	r.logger.Info("using seasonality", slog.String("rule.seasonality", r.seasonality.StringValue()))
 
-	querierOptsV2 := querierV2.QuerierOptions{
-		Reader:       reader,
-		Cache:        cache,
-		KeyGenerator: queryBuilder.NewKeyGenerator(),
-	}
-
-	t.querierV2 = querierV2.NewQuerier(querierOptsV2)
-	t.reader = reader
-	if t.seasonality == anomaly.SeasonalityHourly {
-		t.provider = anomaly.NewHourlyProvider(
-			anomaly.WithCache[*anomaly.HourlyProvider](cache),
-			anomaly.WithKeyGenerator[*anomaly.HourlyProvider](queryBuilder.NewKeyGenerator()),
-			anomaly.WithReader[*anomaly.HourlyProvider](reader),
+	if r.seasonality == anomaly.SeasonalityHourly {
+		r.provider = anomaly.NewHourlyProvider(
+			anomaly.WithQuerier[*anomaly.HourlyProvider](querier),
+			anomaly.WithLogger[*anomaly.HourlyProvider](r.logger),
 		)
-	} else if t.seasonality == anomaly.SeasonalityDaily {
-		t.provider = anomaly.NewDailyProvider(
-			anomaly.WithCache[*anomaly.DailyProvider](cache),
-			anomaly.WithKeyGenerator[*anomaly.DailyProvider](queryBuilder.NewKeyGenerator()),
-			anomaly.WithReader[*anomaly.DailyProvider](reader),
+	} else if r.seasonality == anomaly.SeasonalityDaily {
+		r.provider = anomaly.NewDailyProvider(
+			anomaly.WithQuerier[*anomaly.DailyProvider](querier),
+			anomaly.WithLogger[*anomaly.DailyProvider](r.logger),
 		)
-	} else if t.seasonality == anomaly.SeasonalityWeekly {
-		t.provider = anomaly.NewWeeklyProvider(
-			anomaly.WithCache[*anomaly.WeeklyProvider](cache),
-			anomaly.WithKeyGenerator[*anomaly.WeeklyProvider](queryBuilder.NewKeyGenerator()),
-			anomaly.WithReader[*anomaly.WeeklyProvider](reader),
+	} else if r.seasonality == anomaly.SeasonalityWeekly {
+		r.provider = anomaly.NewWeeklyProvider(
+			anomaly.WithQuerier[*anomaly.WeeklyProvider](querier),
+			anomaly.WithLogger[*anomaly.WeeklyProvider](r.logger),
 		)
 	}
 
-	if t.seasonality == anomaly.SeasonalityHourly {
-		t.providerV2 = anomalyV2.NewHourlyProvider(
-			anomalyV2.WithQuerier[*anomalyV2.HourlyProvider](querierV5),
-			anomalyV2.WithLogger[*anomalyV2.HourlyProvider](logger),
-		)
-	} else if t.seasonality == anomaly.SeasonalityDaily {
-		t.providerV2 = anomalyV2.NewDailyProvider(
-			anomalyV2.WithQuerier[*anomalyV2.DailyProvider](querierV5),
-			anomalyV2.WithLogger[*anomalyV2.DailyProvider](logger),
-		)
-	} else if t.seasonality == anomaly.SeasonalityWeekly {
-		t.providerV2 = anomalyV2.NewWeeklyProvider(
-			anomalyV2.WithQuerier[*anomalyV2.WeeklyProvider](querierV5),
-			anomalyV2.WithLogger[*anomalyV2.WeeklyProvider](logger),
-		)
-	}
-
-	t.querierV5 = querierV5
-	t.version = p.Version
-	t.logger = logger
-	return &t, nil
+	return &r, nil
 }
 
 func (r *AnomalyRule) Type() ruletypes.RuleType {
-	return RuleTypeAnomaly
+	return ruletypes.RuleTypeAnomaly
 }
 
-func (r *AnomalyRule) prepareQueryRange(ctx context.Context, ts time.Time) (*v3.QueryRangeParamsV3, error) {
-
+func (r *AnomalyRule) prepareQueryRange(ctx context.Context, ts time.Time) *qbtypes.QueryRangeRequest {
 	r.logger.InfoContext(
-		ctx, "prepare query range request v4", "ts", ts.UnixMilli(), "eval_window", r.EvalWindow().Milliseconds(), "eval_delay", r.EvalDelay().Milliseconds(),
+		ctx, "prepare query range request", slog.Int64("ts", ts.UnixMilli()),
+		slog.Int64("eval.window_ms", r.EvalWindow().Milliseconds()),
+		slog.Int64("eval.delay_ms", r.EvalDelay().Milliseconds()),
 	)
 
-	st, en := r.Timestamps(ts)
-	start := st.UnixMilli()
-	end := en.UnixMilli()
-
-	compositeQuery := r.Condition().CompositeQuery
-
-	if compositeQuery.PanelType != v3.PanelTypeGraph {
-		compositeQuery.PanelType = v3.PanelTypeGraph
-	}
-
-	// default mode
-	return &v3.QueryRangeParamsV3{
-		Start:          start,
-		End:            end,
-		Step:           int64(math.Max(float64(common.MinAllowedStepInterval(start, end)), 60)),
-		CompositeQuery: compositeQuery,
-		Variables:      make(map[string]interface{}, 0),
-		NoCache:        false,
-	}, nil
-}
-
-func (r *AnomalyRule) prepareQueryRangeV5(ctx context.Context, ts time.Time) (*qbtypes.QueryRangeRequest, error) {
-
-	r.logger.InfoContext(ctx, "prepare query range request v5", "ts", ts.UnixMilli(), "eval_window", r.EvalWindow().Milliseconds(), "eval_delay", r.EvalDelay().Milliseconds())
-
 	startTs, endTs := r.Timestamps(ts)
 	start, end := startTs.UnixMilli(), endTs.UnixMilli()
 
@@ -202,25 +123,14 @@ func (r *AnomalyRule) prepareQueryRangeV5(ctx context.Context, ts time.Time) (*q
 	}
 	req.CompositeQuery.Queries = make([]qbtypes.QueryEnvelope, len(r.Condition().CompositeQuery.Queries))
 	copy(req.CompositeQuery.Queries, r.Condition().CompositeQuery.Queries)
-	return req, nil
-}
-
-func (r *AnomalyRule) GetSelectedQuery() string {
-	return r.Condition().GetSelectedQueryName()
+	return req
 }
 
 func (r *AnomalyRule) buildAndRunQuery(ctx context.Context, orgID valuer.UUID, ts time.Time) (ruletypes.Vector, error) {
 
-	params, err := r.prepareQueryRange(ctx, ts)
-	if err != nil {
-		return nil, err
-	}
-	err = r.PopulateTemporality(ctx, orgID, params)
-	if err != nil {
-		return nil, fmt.Errorf("internal error while setting temporality")
-	}
+	params := r.prepareQueryRange(ctx, ts)
 
-	anomalies, err := r.provider.GetAnomalies(ctx, orgID, &anomaly.GetAnomaliesRequest{
+	anomalies, err := r.provider.GetAnomalies(ctx, orgID, &anomaly.AnomaliesRequest{
 		Params:      params,
 		Seasonality: r.seasonality,
 	})
@@ -228,87 +138,43 @@ func (r *AnomalyRule) buildAndRunQuery(ctx context.Context, orgID valuer.UUID, t
 		return nil, err
 	}
 
-	var queryResult *v3.Result
+	var queryResult *qbtypes.TimeSeriesData
 	for _, result := range anomalies.Results {
-		if result.QueryName == r.GetSelectedQuery() {
+		if result.QueryName == r.SelectedQuery(ctx) {
 			queryResult = result
 			break
 		}
 	}
 
-	hasData := len(queryResult.AnomalyScores) > 0
+	if queryResult == nil {
+		r.logger.WarnContext(ctx, "nil qb result", slog.Int64("ts", ts.UnixMilli()))
+		return ruletypes.Vector{}, nil
+	}
+
+	hasData := len(queryResult.Aggregations) > 0 &&
+		queryResult.Aggregations[0] != nil &&
+		len(queryResult.Aggregations[0].AnomalyScores) > 0
+
 	if missingDataAlert := r.HandleMissingDataAlert(ctx, ts, hasData); missingDataAlert != nil {
 		return ruletypes.Vector{*missingDataAlert}, nil
+	} else if !hasData {
+		r.logger.WarnContext(ctx, "no anomaly result")
+		return ruletypes.Vector{}, nil
 	}
 
 	var resultVector ruletypes.Vector
 
-	scoresJSON, _ := json.Marshal(queryResult.AnomalyScores)
-	r.logger.InfoContext(ctx, "anomaly scores", "scores", string(scoresJSON))
-
-	for _, series := range queryResult.AnomalyScores {
-		if !r.Condition().ShouldEval(series) {
-			r.logger.InfoContext(ctx, "not enough data points to evaluate series, skipping", "ruleid", r.ID(), "numPoints", len(series.Points), "requiredPoints", r.Condition().RequiredNumPoints)
-			continue
-		}
-		results, err := r.Threshold.Eval(*series, r.Unit(), ruletypes.EvalData{
-			ActiveAlerts:  r.ActiveAlertsLabelFP(),
-			SendUnmatched: r.ShouldSendUnmatched(),
-		})
-		if err != nil {
-			return nil, err
-		}
-		resultVector = append(resultVector, results...)
-	}
-	return resultVector, nil
-}
-
-func (r *AnomalyRule) buildAndRunQueryV5(ctx context.Context, orgID valuer.UUID, ts time.Time) (ruletypes.Vector, error) {
-
-	params, err := r.prepareQueryRangeV5(ctx, ts)
-	if err != nil {
-		return nil, err
-	}
-
-	anomalies, err := r.providerV2.GetAnomalies(ctx, orgID, &anomalyV2.AnomaliesRequest{
-		Params:      *params,
-		Seasonality: anomalyV2.Seasonality{String: valuer.NewString(r.seasonality.String())},
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	var qbResult *qbtypes.TimeSeriesData
-	for _, result := range anomalies.Results {
-		if result.QueryName == r.GetSelectedQuery() {
-			qbResult = result
-			break
-		}
-	}
-
-	if qbResult == nil {
-		r.logger.WarnContext(ctx, "nil qb result", "ts", ts.UnixMilli())
-	}
-
-	queryResult := transition.ConvertV5TimeSeriesDataToV4Result(qbResult)
-
-	hasData := len(queryResult.AnomalyScores) > 0
-	if missingDataAlert := r.HandleMissingDataAlert(ctx, ts, hasData); missingDataAlert != nil {
-		return ruletypes.Vector{*missingDataAlert}, nil
-	}
-
-	var resultVector ruletypes.Vector
-
-	scoresJSON, _ := json.Marshal(queryResult.AnomalyScores)
-	r.logger.InfoContext(ctx, "anomaly scores", "scores", string(scoresJSON))
+	scoresJSON, _ := json.Marshal(queryResult.Aggregations[0].AnomalyScores)
+	// TODO(srikanthccv): this could be noisy but we do this to answer false alert requests
+	r.logger.InfoContext(ctx, "anomaly scores", slog.String("anomaly.scores", string(scoresJSON)))
 
 	// Filter out new series if newGroupEvalDelay is configured
-	seriesToProcess := queryResult.AnomalyScores
+	seriesToProcess := queryResult.Aggregations[0].AnomalyScores
 	if r.ShouldSkipNewGroups() {
 		filteredSeries, filterErr := r.BaseRule.FilterNewSeries(ctx, ts, seriesToProcess)
 		// In case of error we log the error and continue with the original series
 		if filterErr != nil {
-			r.logger.ErrorContext(ctx, "Error filtering new series, ", "error", filterErr, "rule_name", r.Name())
+			r.logger.ErrorContext(ctx, "error filtering new series", errors.Attr(filterErr))
 		} else {
 			seriesToProcess = filteredSeries
 		}
@@ -316,10 +182,14 @@ func (r *AnomalyRule) buildAndRunQueryV5(ctx context.Context, orgID valuer.UUID,
 
 	for _, series := range seriesToProcess {
 		if !r.Condition().ShouldEval(series) {
-			r.logger.InfoContext(ctx, "not enough data points to evaluate series, skipping", "ruleid", r.ID(), "numPoints", len(series.Points), "requiredPoints", r.Condition().RequiredNumPoints)
+			r.logger.InfoContext(
+				ctx, "not enough data points to evaluate series, skipping",
+				slog.Int("series.num_points", len(series.Values)),
+				slog.Int("series.required_points", r.Condition().RequiredNumPoints),
+			)
 			continue
 		}
-		results, err := r.Threshold.Eval(*series, r.Unit(), ruletypes.EvalData{
+		results, err := r.Threshold.Eval(series, r.Unit(), ruletypes.EvalData{
 			ActiveAlerts:  r.ActiveAlertsLabelFP(),
 			SendUnmatched: r.ShouldSendUnmatched(),
 		})
@@ -340,13 +210,9 @@ func (r *AnomalyRule) Eval(ctx context.Context, ts time.Time) (int, error) {
 	var res ruletypes.Vector
 	var err error
 
-	if r.version == "v5" {
-		r.logger.InfoContext(ctx, "running v5 query")
-		res, err = r.buildAndRunQueryV5(ctx, r.OrgID(), ts)
-	} else {
-		r.logger.InfoContext(ctx, "running v4 query")
-		res, err = r.buildAndRunQuery(ctx, r.OrgID(), ts)
-	}
+	r.logger.InfoContext(ctx, "running query")
+	res, err = r.buildAndRunQuery(ctx, r.OrgID(), ts)
+
 	if err != nil {
 		return 0, err
 	}
@@ -370,7 +236,10 @@ func (r *AnomalyRule) Eval(ctx context.Context, ts time.Time) (int, error) {
 		}
 		value := valueFormatter.Format(smpl.V, r.Unit())
 		threshold := valueFormatter.Format(smpl.Target, smpl.TargetUnit)
-		r.logger.DebugContext(ctx, "Alert template data for rule", "rule_name", r.Name(), "formatter", valueFormatter.Name(), "value", value, "threshold", threshold)
+		r.logger.DebugContext(
+			ctx, "alert template data for rule", slog.String("formatter.name", valueFormatter.Name()),
+			slog.String("alert.value", value), slog.String("alert.threshold", threshold),
+		)
 
 		tmplData := ruletypes.AlertTemplateData(l, value, threshold)
 		// Inject some convenience variables that are easier to remember for users
@@ -385,35 +254,34 @@ func (r *AnomalyRule) Eval(ctx context.Context, ts time.Time) (int, error) {
 				defs+text,
 				"__alert_"+r.Name(),
 				tmplData,
-				times.Time(timestamp.FromTime(ts)),
 				nil,
 			)
 			result, err := tmpl.Expand()
 			if err != nil {
 				result = fmt.Sprintf("<error expanding template: %s>", err)
-				r.logger.ErrorContext(ctx, "Expanding alert template failed", "error", err, "data", tmplData, "rule_name", r.Name())
+				r.logger.ErrorContext(ctx, "expanding alert template failed", errors.Attr(err), slog.Any("alert.template_data", tmplData))
 			}
 			return result
 		}
 
-		lb := labels.NewBuilder(smpl.Metric).Del(labels.MetricNameLabel).Del(labels.TemporalityLabel)
-		resultLabels := labels.NewBuilder(smpl.Metric).Del(labels.MetricNameLabel).Del(labels.TemporalityLabel).Labels()
+		lb := ruletypes.NewBuilder(smpl.Metric...).Del(ruletypes.MetricNameLabel).Del(ruletypes.TemporalityLabel)
+		resultLabels := ruletypes.NewBuilder(smpl.Metric...).Del(ruletypes.MetricNameLabel).Del(ruletypes.TemporalityLabel).Labels()
 
 		for name, value := range r.Labels().Map() {
 			lb.Set(name, expand(value))
 		}
 
-		lb.Set(labels.AlertNameLabel, r.Name())
-		lb.Set(labels.AlertRuleIdLabel, r.ID())
-		lb.Set(labels.RuleSourceLabel, r.GeneratorURL())
+		lb.Set(ruletypes.AlertNameLabel, r.Name())
+		lb.Set(ruletypes.AlertRuleIDLabel, r.ID())
+		lb.Set(ruletypes.RuleSourceLabel, r.GeneratorURL())
 
-		annotations := make(labels.Labels, 0, len(r.Annotations().Map()))
+		annotations := make(ruletypes.Labels, 0, len(r.Annotations().Map()))
 		for name, value := range r.Annotations().Map() {
-			annotations = append(annotations, labels.Label{Name: name, Value: expand(value)})
+			annotations = append(annotations, ruletypes.Label{Name: name, Value: expand(value)})
 		}
 		if smpl.IsMissing {
-			lb.Set(labels.AlertNameLabel, "[No data] "+r.Name())
-			lb.Set(labels.NoDataLabel, "true")
+			lb.Set(ruletypes.AlertNameLabel, "[No data] "+r.Name())
+			lb.Set(ruletypes.NoDataLabel, "true")
 		}
 
 		lbs := lb.Labels()
@@ -421,17 +289,17 @@ func (r *AnomalyRule) Eval(ctx context.Context, ts time.Time) (int, error) {
 		resultFPs[h] = struct{}{}
 
 		if _, ok := alerts[h]; ok {
-			r.logger.ErrorContext(ctx, "the alert query returns duplicate records", "rule_id", r.ID(), "alert", alerts[h])
-			err = fmt.Errorf("duplicate alert found, vector contains metrics with the same labelset after applying alert labels")
+			r.logger.ErrorContext(ctx, "the alert query returns duplicate records", slog.Any("alert", alerts[h]))
+			err = errors.NewInternalf(errors.CodeInternal, "duplicate alert found, vector contains metrics with the same labelset after applying alert labels")
 			return 0, err
 		}
 
 		alerts[h] = &ruletypes.Alert{
 			Labels:            lbs,
-			QueryResultLables: resultLabels,
+			QueryResultLabels: resultLabels,
 			Annotations:       annotations,
 			ActiveAt:          ts,
-			State:             model.StatePending,
+			State:             ruletypes.StatePending,
 			Value:             smpl.V,
 			GeneratorURL:      r.GeneratorURL(),
 			Receivers:         ruleReceiverMap[lbs.Map()[ruletypes.LabelThresholdName]],
@@ -440,12 +308,12 @@ func (r *AnomalyRule) Eval(ctx context.Context, ts time.Time) (int, error) {
 		}
 	}
 
-	r.logger.InfoContext(ctx, "number of alerts found", "rule_name", r.Name(), "alerts_count", len(alerts))
+	r.logger.InfoContext(ctx, "number of alerts found", slog.Int("alert.count", len(alerts)))
 	// alerts[h] is ready, add or update active list now
 	for h, a := range alerts {
 		// Check whether we already have alerting state for the identifying label set.
 		// Update the last value and annotations if so, create a new alert entry otherwise.
-		if alert, ok := r.Active[h]; ok && alert.State != model.StateInactive {
+		if alert, ok := r.Active[h]; ok && alert.State != ruletypes.StateInactive {
 
 			alert.Value = a.Value
 			alert.Annotations = a.Annotations
@@ -461,76 +329,76 @@ func (r *AnomalyRule) Eval(ctx context.Context, ts time.Time) (int, error) {
 		r.Active[h] = a
 	}
 
-	itemsToAdd := []model.RuleStateHistory{}
+	itemsToAdd := []rulestatehistorytypes.RuleStateHistory{}
 
 	// Check if any pending alerts should be removed or fire now. Write out alert timeseries.
 	for fp, a := range r.Active {
-		labelsJSON, err := json.Marshal(a.QueryResultLables)
+		labelsJSON, err := json.Marshal(a.QueryResultLabels)
 		if err != nil {
-			r.logger.ErrorContext(ctx, "error marshaling labels", "error", err, "labels", a.Labels)
+			r.logger.ErrorContext(ctx, "error marshaling labels", errors.Attr(err), slog.Any("alert.labels", a.Labels))
 		}
 		if _, ok := resultFPs[fp]; !ok {
 			// If the alert was previously firing, keep it around for a given
 			// retention time so it is reported as resolved to the AlertManager.
-			if a.State == model.StatePending || (!a.ResolvedAt.IsZero() && ts.Sub(a.ResolvedAt) > ruletypes.ResolvedRetention) {
+			if a.State == ruletypes.StatePending || (!a.ResolvedAt.IsZero() && ts.Sub(a.ResolvedAt) > ruletypes.ResolvedRetention) {
 				delete(r.Active, fp)
 			}
-			if a.State != model.StateInactive {
-				a.State = model.StateInactive
+			if a.State != ruletypes.StateInactive {
+				a.State = ruletypes.StateInactive
 				a.ResolvedAt = ts
-				itemsToAdd = append(itemsToAdd, model.RuleStateHistory{
+				itemsToAdd = append(itemsToAdd, rulestatehistorytypes.RuleStateHistory{
 					RuleID:       r.ID(),
 					RuleName:     r.Name(),
-					State:        model.StateInactive,
+					State:        ruletypes.StateInactive,
 					StateChanged: true,
 					UnixMilli:    ts.UnixMilli(),
-					Labels:       model.LabelsString(labelsJSON),
-					Fingerprint:  a.QueryResultLables.Hash(),
+					Labels:       rulestatehistorytypes.LabelsString(labelsJSON),
+					Fingerprint:  a.QueryResultLabels.Hash(),
 					Value:        a.Value,
 				})
 			}
 			continue
 		}
 
-		if a.State == model.StatePending && ts.Sub(a.ActiveAt) >= r.HoldDuration().Duration() {
-			a.State = model.StateFiring
+		if a.State == ruletypes.StatePending && ts.Sub(a.ActiveAt) >= r.HoldDuration().Duration() {
+			a.State = ruletypes.StateFiring
 			a.FiredAt = ts
-			state := model.StateFiring
+			state := ruletypes.StateFiring
 			if a.Missing {
-				state = model.StateNoData
+				state = ruletypes.StateNoData
 			}
-			itemsToAdd = append(itemsToAdd, model.RuleStateHistory{
+			itemsToAdd = append(itemsToAdd, rulestatehistorytypes.RuleStateHistory{
 				RuleID:       r.ID(),
 				RuleName:     r.Name(),
 				State:        state,
 				StateChanged: true,
 				UnixMilli:    ts.UnixMilli(),
-				Labels:       model.LabelsString(labelsJSON),
-				Fingerprint:  a.QueryResultLables.Hash(),
+				Labels:       rulestatehistorytypes.LabelsString(labelsJSON),
+				Fingerprint:  a.QueryResultLabels.Hash(),
 				Value:        a.Value,
 			})
 		}
 
 		// We need to change firing alert to recovering if the returned sample meets recovery threshold
-		changeFiringToRecovering := a.State == model.StateFiring && a.IsRecovering
+		changeFiringToRecovering := a.State == ruletypes.StateFiring && a.IsRecovering
 		// We need to change recovering alerts to firing if the returned sample meets target threshold
-		changeRecoveringToFiring := a.State == model.StateRecovering && !a.IsRecovering && !a.Missing
+		changeRecoveringToFiring := a.State == ruletypes.StateRecovering && !a.IsRecovering && !a.Missing
 		// in any of the above case we need to update the status of alert
 		if changeFiringToRecovering || changeRecoveringToFiring {
-			state := model.StateRecovering
+			state := ruletypes.StateRecovering
 			if changeRecoveringToFiring {
-				state = model.StateFiring
+				state = ruletypes.StateFiring
 			}
 			a.State = state
-			r.logger.DebugContext(ctx, "converting alert state", "name", r.Name(), "state", state)
-			itemsToAdd = append(itemsToAdd, model.RuleStateHistory{
+			r.logger.DebugContext(ctx, "converting alert state", slog.Any("alert.state", state))
+			itemsToAdd = append(itemsToAdd, rulestatehistorytypes.RuleStateHistory{
 				RuleID:       r.ID(),
 				RuleName:     r.Name(),
 				State:        state,
 				StateChanged: true,
 				UnixMilli:    ts.UnixMilli(),
-				Labels:       model.LabelsString(labelsJSON),
-				Fingerprint:  a.QueryResultLables.Hash(),
+				Labels:       rulestatehistorytypes.LabelsString(labelsJSON),
+				Fingerprint:  a.QueryResultLabels.Hash(),
 				Value:        a.Value,
 			})
 		}
@@ -545,7 +413,7 @@ func (r *AnomalyRule) Eval(ctx context.Context, ts time.Time) (int, error) {
 		itemsToAdd[idx] = item
 	}
 
-	r.RecordRuleStateHistory(ctx, prevState, currentState, itemsToAdd)
+	_ = r.RecordRuleStateHistory(ctx, itemsToAdd)
 
 	return len(r.Active), nil
 }

ee/query-service/rules/anomaly_test.go

@@ -2,21 +2,19 @@ package rules
 
 import (
 	"context"
-	"log/slog"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/SigNoz/signoz/ee/query-service/anomaly"
 	"github.com/SigNoz/signoz/pkg/instrumentation/instrumentationtest"
-	"github.com/SigNoz/signoz/pkg/query-service/app/clickhouseReader"
-	v3 "github.com/SigNoz/signoz/pkg/query-service/model/v3"
-	"github.com/SigNoz/signoz/pkg/telemetrystore"
-	"github.com/SigNoz/signoz/pkg/telemetrystore/telemetrystoretest"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/ruletypes"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
+
+	"github.com/SigNoz/signoz/ee/anomaly"
 )
 
 // mockAnomalyProvider is a mock implementation of anomaly.Provider for testing.
@@ -24,13 +22,13 @@ import (
 // time periods (current, past period, current season, past season, past 2 seasons,
 // past 3 seasons), making it cumbersome to create mock data.
 type mockAnomalyProvider struct {
-	responses []*anomaly.GetAnomaliesResponse
+	responses []*anomaly.AnomaliesResponse
 	callCount int
 }
 
-func (m *mockAnomalyProvider) GetAnomalies(ctx context.Context, orgID valuer.UUID, req *anomaly.GetAnomaliesRequest) (*anomaly.GetAnomaliesResponse, error) {
+func (m *mockAnomalyProvider) GetAnomalies(ctx context.Context, orgID valuer.UUID, req *anomaly.AnomaliesRequest) (*anomaly.AnomaliesResponse, error) {
 	if m.callCount >= len(m.responses) {
-		return &anomaly.GetAnomaliesResponse{Results: []*v3.Result{}}, nil
+		return &anomaly.AnomaliesResponse{Results: []*qbtypes.TimeSeriesData{}}, nil
 	}
 	resp := m.responses[m.callCount]
 	m.callCount++
@@ -49,45 +47,46 @@ func TestAnomalyRule_NoData_AlertOnAbsent(t *testing.T) {
 	postableRule := ruletypes.PostableRule{
 		AlertName: "Test anomaly no data",
 		AlertType: ruletypes.AlertTypeMetric,
-		RuleType:  RuleTypeAnomaly,
+		RuleType:  ruletypes.RuleTypeAnomaly,
 		Evaluation: &ruletypes.EvaluationEnvelope{Kind: ruletypes.RollingEvaluation, Spec: ruletypes.RollingWindow{
 			EvalWindow: evalWindow,
 			Frequency:  valuer.MustParseTextDuration("1m"),
 		}},
 		RuleCondition: &ruletypes.RuleCondition{
-			CompareOp: ruletypes.ValueIsAbove,
-			MatchType: ruletypes.AtleastOnce,
-			Target:    &target,
-			CompositeQuery: &v3.CompositeQuery{
-				QueryType: v3.QueryTypeBuilder,
-				BuilderQueries: map[string]*v3.BuilderQuery{
-					"A": {
-						QueryName:   "A",
-						Expression:  "A",
-						DataSource:  v3.DataSourceMetrics,
-						Temporality: v3.Unspecified,
+			CompareOperator: ruletypes.ValueIsAbove,
+			MatchType:       ruletypes.AtleastOnce,
+			Target:          &target,
+			CompositeQuery: &ruletypes.AlertCompositeQuery{
+				QueryType: ruletypes.QueryTypeBuilder,
+				Queries: []qbtypes.QueryEnvelope{{
+					Type: qbtypes.QueryTypeBuilder,
+					Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+						Name:   "A",
+						Signal: telemetrytypes.SignalMetrics,
 					},
-				},
+				}},
 			},
 			SelectedQuery: "A",
-			Seasonality:   "daily",
+			Seasonality:   ruletypes.SeasonalityDaily,
 			Thresholds: &ruletypes.RuleThresholdData{
 				Kind: ruletypes.BasicThresholdKind,
 				Spec: ruletypes.BasicRuleThresholds{{
-					Name:        "Test anomaly no data",
-					TargetValue: &target,
-					MatchType:   ruletypes.AtleastOnce,
-					CompareOp:   ruletypes.ValueIsAbove,
+					Name:            "Test anomaly no data",
+					TargetValue:     &target,
+					MatchType:       ruletypes.AtleastOnce,
+					CompareOperator: ruletypes.ValueIsAbove,
 				}},
 			},
 		},
 	}
 
-	responseNoData := &anomaly.GetAnomaliesResponse{
-		Results: []*v3.Result{
+	responseNoData := &anomaly.AnomaliesResponse{
+		Results: []*qbtypes.TimeSeriesData{
 			{
-				QueryName:     "A",
-				AnomalyScores: []*v3.Series{},
+				QueryName: "A",
+				Aggregations: []*qbtypes.AggregationBucket{{
+					AnomalyScores: []*qbtypes.TimeSeries{},
+				}},
 			},
 		},
 	}
@@ -115,23 +114,17 @@ func TestAnomalyRule_NoData_AlertOnAbsent(t *testing.T) {
 		t.Run(c.description, func(t *testing.T) {
 			postableRule.RuleCondition.AlertOnAbsent = c.alertOnAbsent
 
-			telemetryStore := telemetrystoretest.New(telemetrystore.Config{}, nil)
-			options := clickhouseReader.NewOptions("primaryNamespace")
-			reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, nil, "", time.Second, nil, nil, options)
-
 			rule, err := NewAnomalyRule(
 				"test-anomaly-rule",
 				valuer.GenerateUUID(),
 				&postableRule,
-				reader,
 				nil,
 				logger,
-				nil,
 			)
 			require.NoError(t, err)
 
 			rule.provider = &mockAnomalyProvider{
-				responses: []*anomaly.GetAnomaliesResponse{responseNoData},
+				responses: []*anomaly.AnomaliesResponse{responseNoData},
 			}
 
 			alertsFound, err := rule.Eval(context.Background(), evalTime)
@@ -156,46 +149,47 @@ func TestAnomalyRule_NoData_AbsentFor(t *testing.T) {
 	postableRule := ruletypes.PostableRule{
 		AlertName: "Test anomaly no data with AbsentFor",
 		AlertType: ruletypes.AlertTypeMetric,
-		RuleType:  RuleTypeAnomaly,
+		RuleType:  ruletypes.RuleTypeAnomaly,
 		Evaluation: &ruletypes.EvaluationEnvelope{Kind: ruletypes.RollingEvaluation, Spec: ruletypes.RollingWindow{
 			EvalWindow: evalWindow,
 			Frequency:  valuer.MustParseTextDuration("1m"),
 		}},
 		RuleCondition: &ruletypes.RuleCondition{
-			CompareOp:     ruletypes.ValueIsAbove,
-			MatchType:     ruletypes.AtleastOnce,
-			AlertOnAbsent: true,
-			Target:        &target,
-			CompositeQuery: &v3.CompositeQuery{
-				QueryType: v3.QueryTypeBuilder,
-				BuilderQueries: map[string]*v3.BuilderQuery{
-					"A": {
-						QueryName:   "A",
-						Expression:  "A",
-						DataSource:  v3.DataSourceMetrics,
-						Temporality: v3.Unspecified,
+			CompareOperator: ruletypes.ValueIsAbove,
+			MatchType:       ruletypes.AtleastOnce,
+			AlertOnAbsent:   true,
+			Target:          &target,
+			CompositeQuery: &ruletypes.AlertCompositeQuery{
+				QueryType: ruletypes.QueryTypeBuilder,
+				Queries: []qbtypes.QueryEnvelope{{
+					Type: qbtypes.QueryTypeBuilder,
+					Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+						Name:   "A",
+						Signal: telemetrytypes.SignalMetrics,
 					},
-				},
+				}},
 			},
 			SelectedQuery: "A",
-			Seasonality:   "daily",
+			Seasonality:   ruletypes.SeasonalityDaily,
 			Thresholds: &ruletypes.RuleThresholdData{
 				Kind: ruletypes.BasicThresholdKind,
 				Spec: ruletypes.BasicRuleThresholds{{
-					Name:        "Test anomaly no data with AbsentFor",
-					TargetValue: &target,
-					MatchType:   ruletypes.AtleastOnce,
-					CompareOp:   ruletypes.ValueIsAbove,
+					Name:            "Test anomaly no data with AbsentFor",
+					TargetValue:     &target,
+					MatchType:       ruletypes.AtleastOnce,
+					CompareOperator: ruletypes.ValueIsAbove,
 				}},
 			},
 		},
 	}
 
-	responseNoData := &anomaly.GetAnomaliesResponse{
-		Results: []*v3.Result{
+	responseNoData := &anomaly.AnomaliesResponse{
+		Results: []*qbtypes.TimeSeriesData{
 			{
-				QueryName:     "A",
-				AnomalyScores: []*v3.Series{},
+				QueryName: "A",
+				Aggregations: []*qbtypes.AggregationBucket{{
+					AnomalyScores: []*qbtypes.TimeSeries{},
+				}},
 			},
 		},
 	}
@@ -229,32 +223,35 @@ func TestAnomalyRule_NoData_AbsentFor(t *testing.T) {
 			t1 := baseTime.Add(5 * time.Minute)
 			t2 := t1.Add(c.timeBetweenEvals)
 
-			responseWithData := &anomaly.GetAnomaliesResponse{
-				Results: []*v3.Result{
+			responseWithData := &anomaly.AnomaliesResponse{
+				Results: []*qbtypes.TimeSeriesData{
 					{
 						QueryName: "A",
-						AnomalyScores: []*v3.Series{
-							{
-								Labels: map[string]string{"test": "label"},
-								Points: []v3.Point{
-									{Timestamp: baseTime.UnixMilli(), Value: 1.0},
-									{Timestamp: baseTime.Add(time.Minute).UnixMilli(), Value: 1.5},
+						Aggregations: []*qbtypes.AggregationBucket{{
+							AnomalyScores: []*qbtypes.TimeSeries{
+								{
+									Labels: []*qbtypes.Label{
+										{
+											Key:   telemetrytypes.TelemetryFieldKey{Name: "Test"},
+											Value: "labels",
+										},
+									},
+									Values: []*qbtypes.TimeSeriesValue{
+										{Timestamp: baseTime.UnixMilli(), Value: 1.0},
+										{Timestamp: baseTime.Add(time.Minute).UnixMilli(), Value: 1.5},
+									},
 								},
 							},
-						},
+						}},
 					},
 				},
 			}
 
-			telemetryStore := telemetrystoretest.New(telemetrystore.Config{}, nil)
-			options := clickhouseReader.NewOptions("primaryNamespace")
-			reader := clickhouseReader.NewReader(slog.Default(), nil, telemetryStore, nil, "", time.Second, nil, nil, options)
-
-			rule, err := NewAnomalyRule("test-anomaly-rule", valuer.GenerateUUID(), &postableRule, reader, nil, logger, nil)
+			rule, err := NewAnomalyRule("test-anomaly-rule", valuer.GenerateUUID(), &postableRule, nil, logger)
 			require.NoError(t, err)
 
 			rule.provider = &mockAnomalyProvider{
-				responses: []*anomaly.GetAnomaliesResponse{responseWithData, responseNoData},
+				responses: []*anomaly.AnomaliesResponse{responseWithData, responseNoData},
 			}
 
 			alertsFound1, err := rule.Eval(context.Background(), t1)

ee/query-service/rules/manager.go

@@ -6,14 +6,14 @@ import (
 
 	"time"
 
+	"log/slog"
+
+	"github.com/google/uuid"
+
 	"github.com/SigNoz/signoz/pkg/errors"
-	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	baserules "github.com/SigNoz/signoz/pkg/query-service/rules"
-	"github.com/SigNoz/signoz/pkg/query-service/utils/labels"
 	"github.com/SigNoz/signoz/pkg/types/ruletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/google/uuid"
-	"log/slog"
 )
 
 func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error) {
@@ -21,24 +21,25 @@ func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error)
 	rules := make([]baserules.Rule, 0)
 	var task baserules.Task
 
-	ruleId := baserules.RuleIdFromTaskName(opts.TaskName)
+	ruleID := baserules.RuleIDFromTaskName(opts.TaskName)
 	evaluation, err := opts.Rule.Evaluation.GetEvaluation()
 	if err != nil {
 		return nil, errors.NewInvalidInputf(errors.CodeInvalidInput, "evaluation is invalid: %v", err)
 	}
+
 	if opts.Rule.RuleType == ruletypes.RuleTypeThreshold {
 		// create a threshold rule
 		tr, err := baserules.NewThresholdRule(
-			ruleId,
+			ruleID,
 			opts.OrgID,
 			opts.Rule,
-			opts.Reader,
 			opts.Querier,
 			opts.Logger,
 			baserules.WithEvalDelay(opts.ManagerOpts.EvalDelay),
 			baserules.WithSQLStore(opts.SQLStore),
 			baserules.WithQueryParser(opts.ManagerOpts.QueryParser),
 			baserules.WithMetadataStore(opts.ManagerOpts.MetadataStore),
+			baserules.WithRuleStateHistoryModule(opts.ManagerOpts.RuleStateHistoryModule),
 		)
 
 		if err != nil {
@@ -54,15 +55,15 @@ func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error)
 
 		// create promql rule
 		pr, err := baserules.NewPromRule(
-			ruleId,
+			ruleID,
 			opts.OrgID,
 			opts.Rule,
 			opts.Logger,
-			opts.Reader,
 			opts.ManagerOpts.Prometheus,
 			baserules.WithSQLStore(opts.SQLStore),
 			baserules.WithQueryParser(opts.ManagerOpts.QueryParser),
 			baserules.WithMetadataStore(opts.ManagerOpts.MetadataStore),
+			baserules.WithRuleStateHistoryModule(opts.ManagerOpts.RuleStateHistoryModule),
 		)
 
 		if err != nil {
@@ -77,17 +78,16 @@ func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error)
 	} else if opts.Rule.RuleType == ruletypes.RuleTypeAnomaly {
 		// create anomaly rule
 		ar, err := NewAnomalyRule(
-			ruleId,
+			ruleID,
 			opts.OrgID,
 			opts.Rule,
-			opts.Reader,
 			opts.Querier,
 			opts.Logger,
-			opts.Cache,
 			baserules.WithEvalDelay(opts.ManagerOpts.EvalDelay),
 			baserules.WithSQLStore(opts.SQLStore),
 			baserules.WithQueryParser(opts.ManagerOpts.QueryParser),
 			baserules.WithMetadataStore(opts.ManagerOpts.MetadataStore),
+			baserules.WithRuleStateHistoryModule(opts.ManagerOpts.RuleStateHistoryModule),
 		)
 		if err != nil {
 			return task, err
@@ -99,7 +99,7 @@ func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error)
 		task = newTask(baserules.TaskTypeCh, opts.TaskName, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc, opts.MaintenanceStore, opts.OrgID)
 
 	} else {
-		return nil, fmt.Errorf("unsupported rule type %s. Supported types: %s, %s", opts.Rule.RuleType, ruletypes.RuleTypeProm, ruletypes.RuleTypeThreshold)
+		return nil, errors.NewInvalidInputf(errors.CodeInvalidInput, "unsupported rule type %s. Supported types: %s, %s", opts.Rule.RuleType, ruletypes.RuleTypeProm, ruletypes.RuleTypeThreshold)
 	}
 
 	return task, nil
@@ -107,12 +107,12 @@ func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error)
 
 // TestNotification prepares a dummy rule for given rule parameters and
 // sends a test notification. returns alert count and error (if any)
-func TestNotification(opts baserules.PrepareTestRuleOptions) (int, *basemodel.ApiError) {
+func TestNotification(opts baserules.PrepareTestRuleOptions) (int, error) {
 
 	ctx := context.Background()
 
 	if opts.Rule == nil {
-		return 0, basemodel.BadRequest(fmt.Errorf("rule is required"))
+		return 0, errors.NewInvalidInputf(errors.CodeInvalidInput, "rule is required")
 	}
 
 	parsedRule := opts.Rule
@@ -132,15 +132,14 @@ func TestNotification(opts baserules.PrepareTestRuleOptions) (int, *basemodel.Ap
 	if parsedRule.RuleType == ruletypes.RuleTypeThreshold {
 
 		// add special labels for test alerts
-		parsedRule.Labels[labels.RuleSourceLabel] = ""
-		parsedRule.Labels[labels.AlertRuleIdLabel] = ""
+		parsedRule.Labels[ruletypes.RuleSourceLabel] = ""
+		parsedRule.Labels[ruletypes.AlertRuleIDLabel] = ""
 
 		// create a threshold rule
 		rule, err = baserules.NewThresholdRule(
 			alertname,
 			opts.OrgID,
 			parsedRule,
-			opts.Reader,
 			opts.Querier,
 			opts.Logger,
 			baserules.WithSendAlways(),
@@ -151,8 +150,8 @@ func TestNotification(opts baserules.PrepareTestRuleOptions) (int, *basemodel.Ap
 		)
 
 		if err != nil {
-			slog.Error("failed to prepare a new threshold rule for test", "name", alertname, "error", err)
-			return 0, basemodel.BadRequest(err)
+			slog.Error("failed to prepare a new threshold rule for test", "name", alertname, errors.Attr(err))
+			return 0, err
 		}
 
 	} else if parsedRule.RuleType == ruletypes.RuleTypeProm {
@@ -163,7 +162,6 @@ func TestNotification(opts baserules.PrepareTestRuleOptions) (int, *basemodel.Ap
 			opts.OrgID,
 			parsedRule,
 			opts.Logger,
-			opts.Reader,
 			opts.ManagerOpts.Prometheus,
 			baserules.WithSendAlways(),
 			baserules.WithSendUnmatched(),
@@ -173,8 +171,8 @@ func TestNotification(opts baserules.PrepareTestRuleOptions) (int, *basemodel.Ap
 		)
 
 		if err != nil {
-			slog.Error("failed to prepare a new promql rule for test", "name", alertname, "error", err)
-			return 0, basemodel.BadRequest(err)
+			slog.Error("failed to prepare a new promql rule for test", "name", alertname, errors.Attr(err))
+			return 0, err
 		}
 	} else if parsedRule.RuleType == ruletypes.RuleTypeAnomaly {
 		// create anomaly rule
@@ -182,10 +180,8 @@ func TestNotification(opts baserules.PrepareTestRuleOptions) (int, *basemodel.Ap
 			alertname,
 			opts.OrgID,
 			parsedRule,
-			opts.Reader,
 			opts.Querier,
 			opts.Logger,
-			opts.Cache,
 			baserules.WithSendAlways(),
 			baserules.WithSendUnmatched(),
 			baserules.WithSQLStore(opts.SQLStore),
@@ -193,11 +189,11 @@ func TestNotification(opts baserules.PrepareTestRuleOptions) (int, *basemodel.Ap
 			baserules.WithMetadataStore(opts.ManagerOpts.MetadataStore),
 		)
 		if err != nil {
-			slog.Error("failed to prepare a new anomaly rule for test", "name", alertname, "error", err)
-			return 0, basemodel.BadRequest(err)
+			slog.Error("failed to prepare a new anomaly rule for test", "name", alertname, errors.Attr(err))
+			return 0, err
 		}
 	} else {
-		return 0, basemodel.BadRequest(fmt.Errorf("failed to derive ruletype with given information"))
+		return 0, errors.NewInvalidInputf(errors.CodeInvalidInput, "failed to derive ruletype with given information")
 	}
 
 	// set timestamp to current utc time
@@ -205,8 +201,8 @@ func TestNotification(opts baserules.PrepareTestRuleOptions) (int, *basemodel.Ap
 
 	alertsFound, err := rule.Eval(ctx, ts)
 	if err != nil {
-		slog.Error("evaluating rule failed", "rule", rule.Name(), "error", err)
-		return 0, basemodel.InternalError(fmt.Errorf("rule evaluation failed"))
+		slog.Error("evaluating rule failed", "rule", rule.Name(), errors.Attr(err))
+		return 0, err
 	}
 	rule.SendAlerts(ctx, ts, 0, time.Minute, opts.NotifyFunc)
 

ee/query-service/rules/manager_test.go

@@ -80,6 +80,21 @@ func TestManager_TestNotification_SendUnmatched_ThresholdRule(t *testing.T) {
 					alertDataRows := cmock.NewRows(cols, tc.Values)
 
 					mock := telemetryStore.Mock()
+					// Mock metadata queries for FetchTemporalityAndTypeMulti
+					// First query: fetchMetricsTemporalityAndType (from signoz_metrics time series table)
+					metadataCols := []cmock.ColumnType{
+						{Name: "metric_name", Type: "String"},
+						{Name: "temporality", Type: "String"},
+						{Name: "type", Type: "String"},
+						{Name: "is_monotonic", Type: "Bool"},
+					}
+					metadataRows := cmock.NewRows(metadataCols, [][]any{
+						{"probe_success", metrictypes.Unspecified, metrictypes.GaugeType, false},
+					})
+					mock.ExpectQuery("*distributed_time_series_v4*").WithArgs(nil, nil, nil).WillReturnRows(metadataRows)
+					// Second query: fetchMeterSourceMetricsTemporalityAndType (from signoz_meter table)
+					emptyMetadataRows := cmock.NewRows(metadataCols, [][]any{})
+					mock.ExpectQuery("*meter*").WithArgs(nil).WillReturnRows(emptyMetadataRows)
 
 					// Generate query arguments for the metric query
 					evalTime := time.Now().UTC()
@@ -99,11 +114,8 @@ func TestManager_TestNotification_SendUnmatched_ThresholdRule(t *testing.T) {
 				},
 			})
 
-			count, apiErr := mgr.TestNotification(context.Background(), orgID, string(ruleBytes))
-			if apiErr != nil {
-				t.Logf("TestNotification error: %v, type: %s", apiErr.Err, apiErr.Typ)
-			}
-			require.Nil(t, apiErr)
+			count, err := mgr.TestNotification(context.Background(), orgID, string(ruleBytes))
+			require.Nil(t, err)
 			assert.Equal(t, tc.ExpectAlerts, count)
 
 			if tc.ExpectAlerts > 0 {
@@ -242,7 +254,7 @@ func TestManager_TestNotification_SendUnmatched_PromRule(t *testing.T) {
 						WillReturnRows(samplesRows)
 
 					// Create Prometheus provider for this test
-					promProvider = prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{}, store)
+					promProvider = prometheustest.New(context.Background(), instrumentationtest.New().ToProviderSettings(), prometheus.Config{Timeout: 2 * time.Minute}, store)
 				},
 				ManagerOptionsHook: func(opts *rules.ManagerOptions) {
 					// Set Prometheus provider for PromQL queries
@@ -253,11 +265,8 @@ func TestManager_TestNotification_SendUnmatched_PromRule(t *testing.T) {
 				},
 			})
 
-			count, apiErr := mgr.TestNotification(context.Background(), orgID, string(ruleBytes))
-			if apiErr != nil {
-				t.Logf("TestNotification error: %v, type: %s", apiErr.Err, apiErr.Typ)
-			}
-			require.Nil(t, apiErr)
+			count, err := mgr.TestNotification(context.Background(), orgID, string(ruleBytes))
+			require.Nil(t, err)
 			assert.Equal(t, tc.ExpectAlerts, count)
 
 			if tc.ExpectAlerts > 0 {

ee/query-service/usage/manager.go

@@ -15,6 +15,7 @@ import (
 	"github.com/google/uuid"
 
 	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/query-service/utils/encryption"
@@ -76,14 +77,14 @@ func (lm *Manager) Start(ctx context.Context) error {
 func (lm *Manager) UploadUsage(ctx context.Context) {
 	organizations, err := lm.orgGetter.ListByOwnedKeyRange(ctx)
 	if err != nil {
-		slog.ErrorContext(ctx, "failed to get organizations", "error", err)
+		slog.ErrorContext(ctx, "failed to get organizations", errors.Attr(err))
 		return
 	}
 	for _, organization := range organizations {
 		// check if license is present or not
 		license, err := lm.licenseService.GetActive(ctx, organization.ID)
 		if err != nil {
-			slog.ErrorContext(ctx, "failed to get active license", "error", err)
+			slog.ErrorContext(ctx, "failed to get active license", errors.Attr(err))
 			return
 		}
 		if license == nil {
@@ -115,7 +116,7 @@ func (lm *Manager) UploadUsage(ctx context.Context) {
 			dbusages := []model.UsageDB{}
 			err := lm.clickhouseConn.Select(ctx, &dbusages, fmt.Sprintf(query, db, db), time.Now().Add(-(24 * time.Hour)))
 			if err != nil && !strings.Contains(err.Error(), "doesn't exist") {
-				slog.ErrorContext(ctx, "failed to get usage from clickhouse", "error", err)
+				slog.ErrorContext(ctx, "failed to get usage from clickhouse", errors.Attr(err))
 				return
 			}
 			for _, u := range dbusages {
@@ -135,14 +136,14 @@ func (lm *Manager) UploadUsage(ctx context.Context) {
 		for _, usage := range usages {
 			usageDataBytes, err := encryption.Decrypt([]byte(usage.ExporterID[:32]), []byte(usage.Data))
 			if err != nil {
-				slog.ErrorContext(ctx, "error while decrypting usage data", "error", err)
+				slog.ErrorContext(ctx, "error while decrypting usage data", errors.Attr(err))
 				return
 			}
 
 			usageData := model.Usage{}
 			err = json.Unmarshal(usageDataBytes, &usageData)
 			if err != nil {
-				slog.ErrorContext(ctx, "error while unmarshalling usage data", "error", err)
+				slog.ErrorContext(ctx, "error while unmarshalling usage data", errors.Attr(err))
 				return
 			}
 
@@ -163,13 +164,13 @@ func (lm *Manager) UploadUsage(ctx context.Context) {
 
 		body, errv2 := json.Marshal(payload)
 		if errv2 != nil {
-			slog.ErrorContext(ctx, "error while marshalling usage payload", "error", errv2)
+			slog.ErrorContext(ctx, "error while marshalling usage payload", errors.Attr(errv2))
 			return
 		}
 
 		errv2 = lm.zeus.PutMeters(ctx, payload.LicenseKey.String(), body)
 		if errv2 != nil {
-			slog.ErrorContext(ctx, "failed to upload usage", "error", errv2)
+			slog.ErrorContext(ctx, "failed to upload usage", errors.Attr(errv2))
 			// not returning error here since it is captured in the failed count
 			return
 		}

ee/sqlschema/postgressqlschema/provider.go

@@ -4,11 +4,12 @@ import (
 	"context"
 	"database/sql"
 
+	"github.com/uptrace/bun"
+
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/sqlschema"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/uptrace/bun"
 )
 
 type provider struct {
@@ -113,7 +114,7 @@ WHERE
 
 	defer func() {
 		if err := constraintsRows.Close(); err != nil {
-			provider.settings.Logger().ErrorContext(ctx, "error closing rows", "error", err)
+			provider.settings.Logger().ErrorContext(ctx, "error closing rows", errors.Attr(err))
 		}
 	}()
 
@@ -174,7 +175,7 @@ WHERE
 
 	defer func() {
 		if err := foreignKeyConstraintsRows.Close(); err != nil {
-			provider.settings.Logger().ErrorContext(ctx, "error closing rows", "error", err)
+			provider.settings.Logger().ErrorContext(ctx, "error closing rows", errors.Attr(err))
 		}
 	}()
 
@@ -223,7 +224,8 @@ SELECT
     i.indisunique AS unique,
     i.indisprimary AS primary,
     a.attname AS column_name,
-    array_position(i.indkey, a.attnum) AS column_position
+    array_position(i.indkey, a.attnum) AS column_position,
+    pg_get_expr(i.indpred, i.indrelid) AS predicate
 FROM
     pg_index i
     LEFT JOIN pg_class ct ON ct.oid = i.indrelid
@@ -242,11 +244,16 @@ ORDER BY index_name, column_position`, string(name))
 
 	defer func() {
 		if err := rows.Close(); err != nil {
-			provider.settings.Logger().ErrorContext(ctx, "error closing rows", "error", err)
+			provider.settings.Logger().ErrorContext(ctx, "error closing rows", errors.Attr(err))
 		}
 	}()
 
-	uniqueIndicesMap := make(map[string]*sqlschema.UniqueIndex)
+	type indexEntry struct {
+		columns   []sqlschema.ColumnName
+		predicate *string
+	}
+
+	uniqueIndicesMap := make(map[string]*indexEntry)
 	for rows.Next() {
 		var (
 			tableName  string
@@ -256,30 +263,50 @@ ORDER BY index_name, column_position`, string(name))
 			columnName string
 			// starts from 0 and is unused in this function, this is to ensure that the column names are in the correct order
 			columnPosition int
+			predicate      *string
 		)
 
-		if err := rows.Scan(&tableName, &indexName, &unique, &primary, &columnName, &columnPosition); err != nil {
+		if err := rows.Scan(&tableName, &indexName, &unique, &primary, &columnName, &columnPosition, &predicate); err != nil {
 			return nil, err
 		}
 
 		if unique {
 			if _, ok := uniqueIndicesMap[indexName]; !ok {
-				uniqueIndicesMap[indexName] = &sqlschema.UniqueIndex{
-					TableName:   name,
-					ColumnNames: []sqlschema.ColumnName{sqlschema.ColumnName(columnName)},
+				uniqueIndicesMap[indexName] = &indexEntry{
+					columns:   []sqlschema.ColumnName{sqlschema.ColumnName(columnName)},
+					predicate: predicate,
 				}
 			} else {
-				uniqueIndicesMap[indexName].ColumnNames = append(uniqueIndicesMap[indexName].ColumnNames, sqlschema.ColumnName(columnName))
+				uniqueIndicesMap[indexName].columns = append(uniqueIndicesMap[indexName].columns, sqlschema.ColumnName(columnName))
 			}
 		}
 	}
 
 	indices := make([]sqlschema.Index, 0)
-	for indexName, index := range uniqueIndicesMap {
-		if index.Name() == indexName {
-			indices = append(indices, index)
+	for indexName, entry := range uniqueIndicesMap {
+		if entry.predicate != nil {
+			index := &sqlschema.PartialUniqueIndex{
+				TableName:   name,
+				ColumnNames: entry.columns,
+				Where:       *entry.predicate,
+			}
+
+			if index.Name() == indexName {
+				indices = append(indices, index)
+			} else {
+				indices = append(indices, index.Named(indexName))
+			}
 		} else {
-			indices = append(indices, index.Named(indexName))
+			index := &sqlschema.UniqueIndex{
+				TableName:   name,
+				ColumnNames: entry.columns,
+			}
+
+			if index.Name() == indexName {
+				indices = append(indices, index)
+			} else {
+				indices = append(indices, index.Named(indexName))
+			}
 		}
 	}
 

ee/sqlstore/postgressqlstore/dialect.go

@@ -336,9 +336,10 @@ func (dialect *dialect) UpdatePrimaryKey(ctx context.Context, bun bun.IDB, oldMo
 	}
 
 	fkReference := ""
-	if reference == Org {
+	switch reference {
+	case Org:
 		fkReference = OrgReference
-	} else if reference == User {
+	case User:
 		fkReference = UserReference
 	}
 
@@ -392,9 +393,10 @@ func (dialect *dialect) AddPrimaryKey(ctx context.Context, bun bun.IDB, oldModel
 	}
 
 	fkReference := ""
-	if reference == Org {
+	switch reference {
+	case Org:
 		fkReference = OrgReference
-	} else if reference == User {
+	case User:
 		fkReference = UserReference
 	}
 

ee/sqlstore/postgressqlstore/provider.go

@@ -14,14 +14,21 @@ import (
 	"github.com/uptrace/bun/dialect/pgdialect"
 )
 
+var _ Pooler = new(provider)
+
 type provider struct {
 	settings  factory.ScopedProviderSettings
 	sqldb     *sql.DB
 	bundb     *sqlstore.BunDB
+	pgxPool   *pgxpool.Pool
 	dialect   *dialect
 	formatter sqlstore.SQLFormatter
 }
 
+type Pooler interface {
+	Pool() *pgxpool.Pool
+}
+
 func NewFactory(hookFactories ...factory.ProviderFactory[sqlstore.SQLStoreHook, sqlstore.Config]) factory.ProviderFactory[sqlstore.SQLStore, sqlstore.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("postgres"), func(ctx context.Context, providerSettings factory.ProviderSettings, config sqlstore.Config) (sqlstore.SQLStore, error) {
 		hooks := make([]sqlstore.SQLStoreHook, len(hookFactories))
@@ -47,6 +54,7 @@ func New(ctx context.Context, providerSettings factory.ProviderSettings, config
 
 	// Set the maximum number of open connections
 	pgConfig.MaxConns = int32(config.Connection.MaxOpenConns)
+	pgConfig.MaxConnLifetime = config.Connection.MaxConnLifetime
 
 	// Use pgxpool to create a connection pool
 	pool, err := pgxpool.NewWithConfig(ctx, pgConfig)
@@ -62,6 +70,7 @@ func New(ctx context.Context, providerSettings factory.ProviderSettings, config
 		settings:  settings,
 		sqldb:     sqldb,
 		bundb:     bunDB,
+		pgxPool:   pool,
 		dialect:   new(dialect),
 		formatter: newFormatter(bunDB.Dialect()),
 	}, nil
@@ -75,6 +84,10 @@ func (provider *provider) SQLDB() *sql.DB {
 	return provider.sqldb
 }
 
+func (provider *provider) Pool() *pgxpool.Pool {
+	return provider.pgxPool
+}
+
 func (provider *provider) Dialect() sqlstore.SQLDialect {
 	return provider.dialect
 }
@@ -101,7 +114,7 @@ func (provider *provider) WrapNotFoundErrf(err error, code errors.Code, format s
 
 func (provider *provider) WrapAlreadyExistsErrf(err error, code errors.Code, format string, args ...any) error {
 	var pgErr *pgconn.PgError
-	if errors.As(err, &pgErr) && pgErr.Code == "23505" {
+	if errors.As(err, &pgErr) && (pgErr.Code == "23505" || pgErr.Code == "23503") {
 		return errors.Wrapf(err, errors.TypeAlreadyExists, code, format, args...)
 	}
 

ee/zeus/config.go

@@ -19,7 +19,7 @@ var (
 	once   sync.Once
 )
 
-// initializes the Zeus configuration
+// initializes the Zeus configuration.
 func Config() zeus.Config {
 	once.Do(func() {
 		parsedURL, err := neturl.Parse(url)

ee/zeus/httpzeus/provider.go

@@ -109,6 +109,21 @@ func (provider *Provider) GetDeployment(ctx context.Context, key string) ([]byte
 	return []byte(gjson.GetBytes(response, "data").String()), nil
 }
 
+func (provider *Provider) GetMeters(ctx context.Context, key string) ([]byte, error) {
+	response, err := provider.do(
+		ctx,
+		provider.config.URL.JoinPath("/v1/meters"),
+		http.MethodGet,
+		key,
+		nil,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	return []byte(gjson.GetBytes(response, "data").String()), nil
+}
+
 func (provider *Provider) PutMeters(ctx context.Context, key string, data []byte) error {
 	_, err := provider.do(
 		ctx,
@@ -189,7 +204,7 @@ func (provider *Provider) do(ctx context.Context, url *url.URL, method string, k
 	return nil, provider.errFromStatusCode(response.StatusCode, errorMessage)
 }
 
-// This can be taken down to the client package
+// This can be taken down to the client package.
 func (provider *Provider) errFromStatusCode(statusCode int, errorMessage string) error {
 	switch statusCode {
 	case http.StatusBadRequest:

frontend/.cursor/rules/state-management.mdc

@@ -0,0 +1,97 @@
+---
+globs: **/*.store.ts
+alwaysApply: false
+---
+# State Management: React Query, nuqs, Zustand
+
+Use the following stack. Do **not** introduce or recommend Redux or React Context for shared/global state.
+
+## Server state → React Query
+
+- **Use for:** API responses, time-series data, caching, background refetch, retries, stale/refresh.
+- **Do not use Redux/Context** to store or mirror data that comes from React Query (e.g. do not dispatch API results into Redux).
+- Prefer generated React Query hooks from `frontend/src/api/generated` when available.
+- Keep server state in React Query; expose it via hooks that return the query result (and optionally memoized derived values). Do not duplicate it in Redux or Context.
+
+```tsx
+// ✅ GOOD: single source of truth from React Query
+export function useAppStateHook() {
+  const { data, isError } = useQuery(...)
+  const memoizedConfigs = useMemo(() => ({ ... }), [data?.configs])
+  return { configs: memoizedConfigs, isError, ... }
+}
+
+// ❌ BAD: copying React Query result into Redux
+dispatch({ type: UPDATE_LATEST_VERSION, payload: queryResponse.data })
+```
+
+## URL state → nuqs
+
+- **Use for:** shareable state, filters, time range, selected values, pagination, view state that belongs in the URL.
+- **Do not use Redux/Context** for state that should be shareable or reflected in the URL.
+- Use [nuqs](https://nuqs.dev/docs/basic-usage) for typed, type-safe URL search params. Avoid ad-hoc `useSearchParams` encoding/decoding.
+- Keep URL payload small; respect browser URL length limits (e.g. Chrome ~2k chars). Do not put large datasets or sensitive data in query params.
+
+```tsx
+// ✅ GOOD: nuqs for filters / time range / selection
+const [timeRange, setTimeRange] = useQueryState('timeRange', parseAsString.withDefault('1h'))
+const [page, setPage] = useQueryState('page', parseAsInteger.withDefault(1))
+
+// ❌ BAD: Redux/Context for shareable or URL-synced state
+const { timeRange } = useContext(SomeContext)
+```
+
+## Client state → Zustand
+
+- **Use for:** global/client state, cross-component state, feature flags, complex or large client objects (e.g. dashboard state, query builder state).
+- **Do not use Redux or React Context** for global or feature-level client state.
+- Prefer small, domain-scoped stores (e.g. DashboardStore, QueryBuilderStore).
+
+### Zustand best practices (align with eslint-plugin-zustand-rules)
+
+- **One store per module.** Do not define multiple `create()` calls in the same file; use one store per module (or compose slices into one store).
+- **Always use selectors.** Call the store hook with a selector so only the used slice triggers re-renders. Never use `useStore()` with no selector.
+
+```tsx
+// ✅ GOOD: selector — re-renders only when isDashboardLocked changes
+const isLocked = useDashboardStore(state => state.isDashboardLocked)
+
+// ❌ BAD: no selector — re-renders on any store change
+const state = useDashboardStore()
+```
+
+- **Never mutate state directly.** Update only via `set` or `setState` (or `getState()` + `set` for reads). No `state.foo = x` or `state.bears += 1` inside actions.
+
+```tsx
+// ✅ GOOD: use set
+increment: () => set(state => ({ bears: state.bears + 1 }))
+
+// ❌ BAD: direct mutation
+increment: () => { state.bears += 1 }
+```
+
+- **State properties before actions.** In the store object, list all state fields first, then action functions.
+- **Split into slices when state is large.** If a store has many top-level properties (e.g. more than 5–10), split into slice factories and combine with one `create()`.
+
+```tsx
+// ✅ GOOD: slices for large state
+const createBearSlice = set => ({ bears: 0, addBear: () => set(s => ({ bears: s.bears + 1 })) })
+const createFishSlice = set => ({ fish: 0, addFish: () => set(s => ({ fish: s.fish + 1 })) })
+const useStore = create(set => ({ ...createBearSlice(set), ...createFishSlice(set) }))
+```
+
+- **In projects using Zustand:** add `eslint-plugin-zustand-rules` and extend `plugin:zustand-rules/recommended` to enforce these rules automatically.
+
+## Local state → React state only
+
+- **Use useState/useReducer** for: component-local UI state, form inputs, toggles, hover state, data that never leaves the component.
+- Do not use Zustand, Redux, or Context for state that is purely local to one component or a small subtree.
+
+## Summary
+
+| State type        | Use              | Avoid              |
+|-------------------|------------------|--------------------|
+| Server / API      | React Query      | Redux, Context     |
+| URL / shareable   | nuqs             | Redux, Context     |
+| Global client     | Zustand          | Redux, Context     |
+| Local UI          | useState/useReducer | Zustand, Redux, Context |

frontend/.cursor/skills/migrate-state-management/SKILL.md

@@ -0,0 +1,150 @@
+---
+name: migrate-state-management
+description: Migrate Redux or React Context to the correct state option (React Query for server state, nuqs for URL/shareable state, Zustand for global client state). Use when refactoring away from Redux/Context, moving state to the right store, or when the user asks to migrate state management.
+---
+
+# Migrate State: Redux/Context → React Query, nuqs, Zustand
+
+Do **not** introduce or recommend Redux or React Context. Migrate existing usage to the stack below.
+
+## 1. Classify the state
+
+Before changing code, classify what the state represents:
+
+| If the state is… | Migrate to | Do not use |
+|------------------|------------|------------|
+| From API / server (versions, configs, fetched lists, time-series) | **React Query** | Redux, Context |
+| Shareable via URL (filters, time range, page, selected ids) | **nuqs** | Redux, Context |
+| Global/client UI (dashboard lock, query builder, feature flags, large client objects) | **Zustand** | Redux, Context |
+| Local to one component (inputs, toggles, hover) | **useState / useReducer** | Zustand, Redux, Context |
+
+If one slice mixes concerns (e.g. Redux has both API data and pagination), split: API → React Query, pagination → nuqs, rest → Zustand or local state.
+
+## 2. Migrate to React Query (server state)
+
+**When:** State comes from or mirrors an API response (e.g. `currentVersion`, `latestVersion`, `configs`, lists).
+
+**Steps:**
+
+1. Find where the data is fetched (existing `useQuery`/API call) and where it is dispatched or set in Context/Redux.
+2. Remove the dispatch/set that writes API results into Redux/Context.
+3. Expose a single hook that uses the query and returns the same shape consumers expect (use `useMemo` for derived objects like `configs` to avoid unnecessary re-renders).
+4. Replace Redux/Context consumption with the new hook. Prefer generated React Query hooks from `frontend/src/api/generated` when available.
+5. Configure cache/refetch (e.g. `refetchOnMount: false`, `staleTime`) so behavior matches previous “single source” expectations.
+
+**Before (Redux mirroring React Query):**
+
+```tsx
+if (getUserLatestVersionResponse.isFetched && getUserLatestVersionResponse.isSuccess && getUserLatestVersionResponse.data?.payload) {
+  dispatch({ type: UPDATE_LATEST_VERSION, payload: { latestVersion: getUserLatestVersionResponse.data.payload.tag_name } })
+}
+```
+
+**After (single source in React Query):**
+
+```tsx
+export function useAppStateHook() {
+  const { data, isError } = useQuery(...)
+  const memoizedConfigs = useMemo(() => ({ ... }), [data?.configs])
+  return {
+    latestVersion: data?.payload?.tag_name,
+    configs: memoizedConfigs,
+    isError,
+  }
+}
+```
+
+Consumers use `useAppStateHook()` instead of `useSelector` or Context. Do not copy React Query result into Redux or Context.
+
+## 3. Migrate to nuqs (URL / shareable state)
+
+**When:** State should be in the URL: filters, time range, pagination, selected values, view state. Keep payload small (e.g. Chrome ~2k chars); no large datasets or sensitive data.
+
+**Steps:**
+
+1. Identify which Redux/Context fields are shareable or already reflected in the URL (e.g. `currentPage`, `timeRange`, `selectedFilter`).
+2. Add nuqs (or use existing): `useQueryState('param', parseAsString.withDefault('…'))` (or `parseAsInteger`, etc.).
+3. Replace reads/writes of those fields with nuqs hooks. Use typed parsers; avoid ad-hoc `useSearchParams` encoding/decoding.
+4. Remove the same fields from Redux/Context and their reducers/providers.
+
+**Before (Context/Redux):**
+
+```tsx
+const { timeRange } = useContext(SomeContext)
+const [page, setPage] = useDispatch(...)
+```
+
+**After (nuqs):**
+
+```tsx
+const [timeRange, setTimeRange] = useQueryState('timeRange', parseAsString.withDefault('1h'))
+const [page, setPage] = useQueryState('page', parseAsInteger.withDefault(1))
+```
+
+## 4. Migrate to Zustand (global client state)
+
+**When:** State is global or cross-component client state: feature flags, dashboard state, query builder state, complex/large client objects (e.g. up to ~1.5–2MB). Not for server cache or local-only UI.
+
+**Steps:**
+
+1. Create one store per domain (e.g. `DashboardStore`, `QueryBuilderStore`). One `create()` per module; for large state use slice factories and combine.
+2. Put state properties first, then actions. Use `set` (or `setState` / `getState()` + `set`) for updates; never mutate state directly.
+3. Replace Context/Redux consumption with the store hook **and a selector** so only the used slice triggers re-renders.
+4. Remove the old Context provider / Redux slice and related dispatches.
+
+**Selector (required):**
+
+```tsx
+const isLocked = useDashboardStore(state => state.isDashboardLocked)
+```
+
+Never use `useStore()` with no selector. Never do `state.foo = x` inside actions; use `set(state => ({ ... }))`.
+
+**Before (Context/Redux):**
+
+```tsx
+const { isDashboardLocked, setLocked } = useContext(DashboardContext)
+```
+
+**After (Zustand):**
+
+```tsx
+const isLocked = useDashboardStore(state => state.isDashboardLocked)
+const setLocked = useDashboardStore(state => state.setLocked)
+```
+
+For large stores (many top-level fields), split into slices and combine:
+
+```tsx
+const createBearSlice = set => ({ bears: 0, addBear: () => set(s => ({ bears: s.bears + 1 })) })
+const useStore = create(set => ({ ...createBearSlice(set), ...createFishSlice(set) }))
+```
+
+Add `eslint-plugin-zustand-rules` with `plugin:zustand-rules/recommended` to enforce selectors and no direct mutation.
+
+## 5. Migrate to local state (useState / useReducer)
+
+**When:** State is used only inside one component or a small subtree (form inputs, toggles, hover, panel selection). No URL sync, no cross-feature sharing.
+
+**Steps:**
+
+1. Move the state into the component that owns it (or the smallest common parent).
+2. Use `useState` or `useReducer` (useReducer when multiple related fields change together).
+3. Remove from Redux/Context and any provider/slice.
+
+Do not use Zustand, Redux, or Context for purely local UI state.
+
+## 6. Migration checklist
+
+- [ ] Classify each piece of state (server / URL / global client / local).
+- [ ] Server state: move to React Query; expose via hook; remove Redux/Context mirroring.
+- [ ] URL state: move to nuqs; remove from Redux/Context; keep URL payload small.
+- [ ] Global client state: move to Zustand with selectors and immutable updates; one store per domain.
+- [ ] Local state: move to useState/useReducer in the owning component.
+- [ ] Remove old Redux slices / Context providers and all dispatches/consumers for migrated state.
+- [ ] Do not duplicate the same data in multiple places (e.g. React Query + Redux).
+
+## Additional resources
+
+- Project rule: [.cursor/rules/state-management.mdc](../../rules/state-management.mdc)
+- Detailed patterns and rationale: [reference.md](reference.md)

frontend/.cursor/skills/migrate-state-management/reference.md

@@ -0,0 +1,50 @@
+# State migration reference
+
+## Why migrate
+
+- **Context:** Re-renders all consumers on any change; no granular subscriptions; becomes brittle at scale.
+- **Redux:** Heavy boilerplate (actions, reducers, selectors, Provider); slower onboarding; often used to mirror React Query or URL state.
+- **Goal:** Fewer mechanisms, domain isolation, granular subscriptions, single source of truth per state type.
+
+## React Query migration (server state)
+
+Typical anti-pattern: API is called via React Query, then result is dispatched to Redux. Flow becomes: Component → useQueries → API → dispatch → Reducer → Redux state → useSelector.
+
+Correct flow: Component → useQuery (or custom hook wrapping it) → same component reads from hook. No Redux/Context in between.
+
+- Prefer generated hooks from `frontend/src/api/generated`.
+- For “app state” that is just API data (versions, configs), one hook that returns `{ ...data, configs: useMemo(...) }` is enough. No selectors needed for plain data; useMemo only where the value is used as dependency (e.g. in useState).
+- Set `staleTime` / `refetchOnMount` etc. so refetch behavior matches previous expectations.
+
+## nuqs migration (URL state)
+
+Redux/Context often hold pagination, filters, time range, selected values that are shareable. Those belong in the URL.
+
+- Use [nuqs](https://nuqs.dev/docs/basic-usage) for typed search params. Avoid ad-hoc `useSearchParams` + manual encoding.
+- Browser limits: Chrome ~2k chars practical; keep payload small; no large datasets or secrets in query params.
+- If the app uses TanStack Router, search params can be handled there; otherwise nuqs is the standard.
+
+## Zustand migration (client state)
+
+- One store per domain (e.g. DashboardStore, QueryBuilderStore). Multiple `create()` in one file is disallowed; use one store or composed slices.
+- Always use a selector: `useStore(s => s.field)` so only that field drives re-renders.
+- Never mutate: update only via `set(state => ({ ... }))` or `setState` / `getState()` + `set`.
+- State properties first, then actions. For 5–10+ top-level fields, split into slice factories and combine with one `create()`.
+- Large client objects: Zustand is for “large” in the ~1.5–2MB range; above that, optimize at API/store design.
+- Testing: no Provider; stores are plain functions; easy to reset and mock.
+
+## What not to use
+
+- **Redux / Context** for new or migrated shared/global state.
+- **Redux / Context** to store or mirror React Query results.
+- **Redux / Context** for state that should live in the URL (use nuqs).
+- **Zustand / Redux / Context** for component-local UI (use useState/useReducer).
+
+## Summary table
+
+| State type   | Use                | Avoid           |
+|-------------|--------------------|-----------------|
+| Server/API  | React Query        | Redux, Context  |
+| URL/shareable | nuqs             | Redux, Context  |
+| Global client | Zustand          | Redux, Context  |
+| Local UI    | useState/useReducer | Zustand, Redux, Context |

frontend/.eslintignore

@@ -1,5 +1,7 @@
 node_modules
 build
+eslint-rules/
+stylelint-rules/
 *.typegen.ts
 i18-generate-hash.js
 src/parser/TraceOperatorParser/**

frontend/.eslintrc.cjs

@@ -1,3 +1,10 @@
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const path = require('path');
+// eslint-disable-next-line @typescript-eslint/no-var-requires
+const rulesDirPlugin = require('eslint-plugin-rulesdir');
+// eslint-rules/ always points to frontend/eslint-rules/ regardless of workspace root.
+rulesDirPlugin.RULES_DIR = path.join(__dirname, 'eslint-rules');
+
 /**
  * ESLint Configuration for SigNoz Frontend
  */
@@ -32,6 +39,7 @@ module.exports = {
 		sourceType: 'module',
 	},
 	plugins: [
+		'rulesdir', // Local custom rules
 		'react', // React-specific rules
 		'@typescript-eslint', // TypeScript linting
 		'simple-import-sort', // Auto-sort imports
@@ -56,6 +64,9 @@ module.exports = {
 		},
 	},
 	rules: {
+		// Asset migration — base-path safety
+		'rulesdir/no-unsupported-asset-pattern': 'error',
+
 		// Code quality rules
 		'prefer-const': 'error', // Enforces const for variables never reassigned
 		'no-var': 'error', // Disallows var, enforces let/const
@@ -193,8 +204,37 @@ module.exports = {
 				],
 			},
 		],
+		'no-restricted-syntax': [
+			'error',
+			{
+				selector:
+					// TODO: Make this generic on removal of redux
+					"CallExpression[callee.property.name='getState'][callee.object.name=/^use/]",
+				message:
+					'Avoid calling .getState() directly. Export a standalone action from the store instead.',
+			},
+		],
 	},
 	overrides: [
+		{
+			files: ['src/**/*.{jsx,tsx,ts}'],
+			excludedFiles: [
+				'**/*.test.{js,jsx,ts,tsx}',
+				'**/*.spec.{js,jsx,ts,tsx}',
+				'**/__tests__/**/*.{js,jsx,ts,tsx}',
+			],
+			rules: {
+				'no-restricted-properties': [
+					'error',
+					{
+						object: 'navigator',
+						property: 'clipboard',
+						message:
+							'Do not use navigator.clipboard directly since it does not work well with specific browsers. Use hook useCopyToClipboard from react-use library. https://streamich.github.io/react-use/?path=/story/side-effects-usecopytoclipboard--docs',
+					},
+				],
+			},
+		},
 		{
 			files: [
 				'**/*.test.{js,jsx,ts,tsx}',
@@ -217,5 +257,13 @@ module.exports = {
 				'@typescript-eslint/no-unused-vars': 'warn',
 			},
 		},
+		{
+			// Store definition files are the only place .getState() is permitted —
+			// they are the canonical source for standalone action exports.
+			files: ['**/*Store.{ts,tsx}'],
+			rules: {
+				'no-restricted-syntax': 'off',
+			},
+		},
 	],
 };

frontend/.stylelintrc.cjs

@@ -0,0 +1,9 @@
+const path = require('path');
+
+module.exports = {
+	plugins: [path.join(__dirname, 'stylelint-rules/no-unsupported-asset-url.js')],
+	customSyntax: 'postcss-scss',
+	rules: {
+		'local/no-unsupported-asset-url': true,
+	},
+};

frontend/README.md

@@ -12,7 +12,7 @@
 or
 `docker build . -t tagname`
 
-**Tag to remote url- Introduce versinoing later on**
+**Tag to remote url- Introduce versioning later on**
 
 ```
 docker tag signoz/frontend:latest 7296823551/signoz:latest

frontend/__mocks__/fileMock.ts

@@ -0,0 +1 @@
+export default 'test-file-stub';

frontend/__mocks__/useSafeNavigate.ts

@@ -2,6 +2,7 @@
 interface SafeNavigateOptions {
 	replace?: boolean;
 	state?: unknown;
+	newTab?: boolean;
 }
 
 interface SafeNavigateTo {
@@ -20,9 +21,7 @@ interface UseSafeNavigateReturn {
 
 export const useSafeNavigate = (): UseSafeNavigateReturn => ({
 	safeNavigate: jest.fn(
-		(to: SafeNavigateToType, options?: SafeNavigateOptions) => {
-			console.log(`Mock safeNavigate called with:`, to, options);
-		},
+		(_to: SafeNavigateToType, _options?: SafeNavigateOptions) => {},
 	) as jest.MockedFunction<
 		(to: SafeNavigateToType, options?: SafeNavigateOptions) => void
 	>,

frontend/eslint-rules/no-unsupported-asset-pattern.js

@@ -0,0 +1,390 @@
+'use strict';
+
+/**
+ * ESLint rule: no-unsupported-asset-pattern
+ *
+ * Enforces that all asset references (SVG, PNG, etc.) go through Vite's module
+ * pipeline via ES imports (`import fooUrl from '@/assets/...'`) rather than
+ * hard-coded strings or public/ paths.
+ *
+ * Why this matters: when the app is served from a sub-path (base-path deployment),
+ * Vite rewrites ES import URLs automatically. String literals and public/ references
+ * bypass that rewrite and break at runtime.
+ *
+ * Covers four AST patterns:
+ *   1. Literal        — plain string: "/Icons/logo.svg"
+ *   2. TemplateLiteral — template string: `/Icons/${name}.svg`
+ *   3. BinaryExpression — concatenation: "/Icons/" + name + ".svg"
+ *   4. ImportDeclaration / ImportExpression — static & dynamic imports
+ */
+
+const {
+	hasAssetExtension,
+	containsAssetExtension,
+	extractUrlPath,
+	isAbsolutePath,
+	isPublicRelative,
+	isRelativePublicDir,
+	isValidAssetImport,
+	isExternalUrl,
+} = require('./shared/asset-patterns');
+
+// Known public/ sub-directories that should never appear in dynamic asset paths.
+const PUBLIC_DIR_SEGMENTS = ['/Icons/', '/Images/', '/Logos/', '/svgs/'];
+
+/**
+ * Recursively extracts the static string parts from a binary `+` expression or
+ * template literal.  Returns `[null]` for any dynamic (non-string) node so
+ * callers can detect that the prefix became unknowable.
+ *
+ * Example: `"/Icons/" + iconName + ".svg"` → ["/Icons/", null, ".svg"]
+ */
+function collectBinaryStringParts(node) {
+	if (node.type === 'Literal' && typeof node.value === 'string')
+		return [node.value];
+	if (node.type === 'BinaryExpression' && node.operator === '+') {
+		return [
+			...collectBinaryStringParts(node.left),
+			...collectBinaryStringParts(node.right),
+		];
+	}
+	if (node.type === 'TemplateLiteral') {
+		return node.quasis.map((q) => q.value.raw);
+	}
+	// Unknown / dynamic node — signals "prefix is no longer fully static"
+	return [null];
+}
+
+module.exports = {
+	meta: {
+		type: 'problem',
+		docs: {
+			description:
+				'Disallow Vite-unsafe asset reference patterns that break runtime base-path deployments',
+			category: 'Asset Migration',
+			recommended: true,
+		},
+		schema: [],
+		messages: {
+			absoluteString:
+				'Absolute asset path "{{ value }}" is not base-path-safe. ' +
+				"Use an ES import instead: import fooUrl from '@/assets/...' and reference the variable.",
+			templateLiteral:
+				'Dynamic asset path with absolute prefix is not base-path-safe. ' +
+				"Use new URL('./asset.svg', import.meta.url).href for dynamic asset paths.",
+			absoluteImport:
+				'Asset imported via absolute path is not supported. ' +
+				"Use import fooUrl from '@/assets/...' instead.",
+			publicImport:
+				"Assets in public/ bypass Vite's module pipeline — their URLs are not base-path-aware and will break when the app is served from a sub-path (e.g. /app/). " +
+				"Use an ES import instead: import fooUrl from '@/assets/...' so Vite injects the correct base path.",
+			relativePublicString:
+				'Relative public-dir path "{{ value }}" is not base-path-safe. ' +
+				"Use an ES import instead: import fooUrl from '@/assets/...' and reference the variable.",
+			invalidAssetImport:
+				"Asset '{{ src }}' must be imported from src/assets/ using either '@/assets/...' " +
+				'or a relative path into src/assets/.',
+		},
+	},
+
+	create(context) {
+		return {
+			/**
+			 * Catches plain string literals used as asset paths, e.g.:
+			 *   src="/Icons/logo.svg"   or   url("../public/Images/bg.png")
+			 *
+			 * Import declaration sources are skipped here — handled by ImportDeclaration.
+			 * Also unwraps CSS `url(...)` wrappers before checking.
+			 */
+			Literal(node) {
+				if (node.parent && node.parent.type === 'ImportDeclaration') {
+					return;
+				}
+				const value = node.value;
+				if (typeof value !== 'string') return;
+				if (isExternalUrl(value)) return;
+
+				if (isAbsolutePath(value) && containsAssetExtension(value)) {
+					context.report({
+						node,
+						messageId: 'absoluteString',
+						data: { value },
+					});
+					return;
+				}
+
+				if (isRelativePublicDir(value) && containsAssetExtension(value)) {
+					context.report({
+						node,
+						messageId: 'relativePublicString',
+						data: { value },
+					});
+					return;
+				}
+
+				// Catches relative paths that start with "public/" e.g. 'public/Logos/aws-dark.svg'.
+				// isRelativePublicDir only covers known sub-dirs (Icons/, Logos/, etc.),
+				// so this handles the case where the full "public/" prefix is written explicitly.
+				if (isPublicRelative(value) && containsAssetExtension(value)) {
+					context.report({
+						node,
+						messageId: 'relativePublicString',
+						data: { value },
+					});
+					return;
+				}
+
+				// Also check the path inside a CSS url("...") wrapper
+				const urlPath = extractUrlPath(value);
+				if (urlPath && isExternalUrl(urlPath)) return;
+				if (urlPath && isAbsolutePath(urlPath) && containsAssetExtension(urlPath)) {
+					context.report({
+						node,
+						messageId: 'absoluteString',
+						data: { value: urlPath },
+					});
+					return;
+				}
+				if (
+					urlPath &&
+					isRelativePublicDir(urlPath) &&
+					containsAssetExtension(urlPath)
+				) {
+					context.report({
+						node,
+						messageId: 'relativePublicString',
+						data: { value: urlPath },
+					});
+					return;
+				}
+				if (
+					urlPath &&
+					isPublicRelative(urlPath) &&
+					containsAssetExtension(urlPath)
+				) {
+					context.report({
+						node,
+						messageId: 'relativePublicString',
+						data: { value: urlPath },
+					});
+				}
+			},
+
+			/**
+			 * Catches template literals used as asset paths, e.g.:
+			 *   `/Icons/${name}.svg`
+			 *   `url('/Images/${bg}.png')`
+			 */
+			TemplateLiteral(node) {
+				const quasis = node.quasis;
+				if (!quasis || quasis.length === 0) return;
+
+				const firstQuasi = quasis[0].value.raw;
+				if (isExternalUrl(firstQuasi)) return;
+
+				const hasAssetExt = quasis.some((q) => containsAssetExtension(q.value.raw));
+
+				if (isAbsolutePath(firstQuasi) && hasAssetExt) {
+					context.report({
+						node,
+						messageId: 'templateLiteral',
+					});
+					return;
+				}
+
+				if (isRelativePublicDir(firstQuasi) && hasAssetExt) {
+					context.report({
+						node,
+						messageId: 'relativePublicString',
+						data: { value: firstQuasi },
+					});
+					return;
+				}
+
+				// Expression-first template with known public-dir segment: `${base}/Icons/foo.svg`
+				const hasPublicSegment = quasis.some((q) =>
+					PUBLIC_DIR_SEGMENTS.some((seg) => q.value.raw.includes(seg)),
+				);
+				if (hasPublicSegment && hasAssetExt) {
+					context.report({
+						node,
+						messageId: 'templateLiteral',
+					});
+					return;
+				}
+
+				// No-interpolation template (single quasi): treat like a plain string
+				// and also unwrap any css url(...) wrapper.
+				if (quasis.length === 1) {
+					// Check the raw string first (no url() wrapper)
+					if (isPublicRelative(firstQuasi) && hasAssetExt) {
+						context.report({
+							node,
+							messageId: 'relativePublicString',
+							data: { value: firstQuasi },
+						});
+						return;
+					}
+
+					const urlPath = extractUrlPath(firstQuasi);
+					if (urlPath && isExternalUrl(urlPath)) return;
+					if (urlPath && isAbsolutePath(urlPath) && hasAssetExtension(urlPath)) {
+						context.report({
+							node,
+							messageId: 'templateLiteral',
+						});
+						return;
+					}
+					if (
+						urlPath &&
+						isRelativePublicDir(urlPath) &&
+						hasAssetExtension(urlPath)
+					) {
+						context.report({
+							node,
+							messageId: 'relativePublicString',
+							data: { value: urlPath },
+						});
+						return;
+					}
+					if (urlPath && isPublicRelative(urlPath) && hasAssetExtension(urlPath)) {
+						context.report({
+							node,
+							messageId: 'relativePublicString',
+							data: { value: urlPath },
+						});
+					}
+					return;
+				}
+
+				// CSS url() with an absolute path inside a multi-quasi template, e.g.:
+				//   `url('/Icons/${name}.svg')`
+				if (firstQuasi.includes('url(') && hasAssetExt) {
+					const urlMatch = firstQuasi.match(/^url\(\s*['"]?\//);
+					if (urlMatch) {
+						context.report({
+							node,
+							messageId: 'templateLiteral',
+						});
+					}
+				}
+			},
+
+			/**
+			 * Catches string concatenation used to build asset paths, e.g.:
+			 *   "/Icons/" + name + ".svg"
+			 *
+			 * Collects the leading static parts (before the first dynamic value)
+			 * to determine the path prefix. If any part carries a known asset
+			 * extension, the expression is flagged.
+			 */
+			BinaryExpression(node) {
+				if (node.operator !== '+') return;
+
+				const parts = collectBinaryStringParts(node);
+				// Collect only the leading static parts; stop at the first dynamic (null) part
+				const prefixParts = [];
+				for (const part of parts) {
+					if (part === null) break;
+					prefixParts.push(part);
+				}
+				const staticPrefix = prefixParts.join('');
+
+				if (isExternalUrl(staticPrefix)) return;
+
+				const hasExt = parts.some(
+					(part) => part !== null && containsAssetExtension(part),
+				);
+
+				if (isAbsolutePath(staticPrefix) && hasExt) {
+					context.report({
+						node,
+						messageId: 'templateLiteral',
+					});
+					return;
+				}
+
+				if (isPublicRelative(staticPrefix) && hasExt) {
+					context.report({
+						node,
+						messageId: 'relativePublicString',
+						data: { value: staticPrefix },
+					});
+					return;
+				}
+
+				if (isRelativePublicDir(staticPrefix) && hasExt) {
+					context.report({
+						node,
+						messageId: 'relativePublicString',
+						data: { value: staticPrefix },
+					});
+				}
+			},
+
+			/**
+			 * Catches static asset imports that don't go through src/assets/, e.g.:
+			 *   import logo from '/public/Icons/logo.svg'   ← absolute path
+			 *   import logo from '../../public/logo.svg'    ← relative into public/
+			 *   import logo from '../somewhere/logo.svg'    ← outside src/assets/
+			 *
+			 * Valid pattern: import fooUrl from '@/assets/...' or relative within src/assets/
+			 */
+			ImportDeclaration(node) {
+				const src = node.source.value;
+				if (typeof src !== 'string') return;
+				if (!hasAssetExtension(src)) return;
+
+				if (isAbsolutePath(src)) {
+					context.report({ node, messageId: 'absoluteImport' });
+					return;
+				}
+
+				if (isPublicRelative(src)) {
+					context.report({ node, messageId: 'publicImport' });
+					return;
+				}
+
+				if (!isValidAssetImport(src)) {
+					context.report({
+						node,
+						messageId: 'invalidAssetImport',
+						data: { src },
+					});
+				}
+			},
+
+			/**
+			 * Same checks as ImportDeclaration but for dynamic imports:
+			 *   const logo = await import('/Icons/logo.svg')
+			 *
+			 * Only literal sources are checked; fully dynamic expressions are ignored
+			 * since their paths cannot be statically analysed.
+			 */
+			ImportExpression(node) {
+				const src = node.source;
+				if (!src || src.type !== 'Literal' || typeof src.value !== 'string') return;
+				const value = src.value;
+				if (!hasAssetExtension(value)) return;
+
+				if (isAbsolutePath(value)) {
+					context.report({ node, messageId: 'absoluteImport' });
+					return;
+				}
+
+				if (isPublicRelative(value)) {
+					context.report({ node, messageId: 'publicImport' });
+					return;
+				}
+
+				if (!isValidAssetImport(value)) {
+					context.report({
+						node,
+						messageId: 'invalidAssetImport',
+						data: { src: value },
+					});
+				}
+			},
+		};
+	},
+};

frontend/eslint-rules/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "commonjs"
+}

frontend/eslint-rules/shared/asset-patterns.js

@@ -0,0 +1,121 @@
+'use strict';
+
+const ALLOWED_ASSET_EXTENSIONS = [
+	'.svg',
+	'.png',
+	'.webp',
+	'.jpg',
+	'.jpeg',
+	'.gif',
+];
+
+/**
+ * Returns true if the string ends with an asset extension.
+ * e.g. "/Icons/foo.svg" → true, "/Icons/foo.svg.bak" → false
+ */
+function hasAssetExtension(str) {
+	if (typeof str !== 'string') return false;
+	return ALLOWED_ASSET_EXTENSIONS.some((ext) => str.endsWith(ext));
+}
+
+// Like hasAssetExtension but also matches mid-string with boundary check,
+// e.g. "/foo.svg?v=1" → true, "/icons.svg-dir/" → true (- is non-alphanumeric boundary)
+function containsAssetExtension(str) {
+	if (typeof str !== 'string') return false;
+	return ALLOWED_ASSET_EXTENSIONS.some((ext) => {
+		const idx = str.indexOf(ext);
+		if (idx === -1) return false;
+		const afterIdx = idx + ext.length;
+		// Broad boundary (any non-alphanumeric) is intentional — the real guard against
+		// false positives is the upstream conditions (isAbsolutePath, isRelativePublicDir, etc.)
+		// that must pass before this is reached. "/icons.svg-dir/" → true (- is a boundary).
+		return afterIdx >= str.length || /[^a-zA-Z0-9]/.test(str[afterIdx]);
+	});
+}
+
+/**
+ * Extracts the asset path from a CSS url() wrapper.
+ * Handles single quotes, double quotes, unquoted, and whitespace variations.
+ * e.g.
+ *   "url('/Icons/foo.svg')" → "/Icons/foo.svg"
+ *   "url( '../assets/bg.png' )" → "../assets/bg.png"
+ *   "url(/Icons/foo.svg)" → "/Icons/foo.svg"
+ * Returns null if the string is not a url() wrapper.
+ */
+function extractUrlPath(str) {
+	if (typeof str !== 'string') return null;
+	// Match url( [whitespace] [quote?] path [quote?] [whitespace] )
+	// Capture group: [^'")\s]+ matches path until quote, closing paren, or whitespace
+	const match = str.match(/^url\(\s*['"]?([^'")\s]+)['"]?\s*\)$/);
+	return match ? match[1] : null;
+}
+
+/**
+ * Returns true if the string is an absolute path (starts with /).
+ * Absolute paths in url() bypass <base href> and fail under any URL prefix.
+ */
+function isAbsolutePath(str) {
+	if (typeof str !== 'string') return false;
+	return str.startsWith('/') && !str.startsWith('//');
+}
+
+/**
+ * Returns true if the path imports from the public/ directory.
+ * Relative imports into public/ cause asset duplication in dist/.
+ */
+function isPublicRelative(str) {
+	if (typeof str !== 'string') return false;
+	return str.includes('/public/') || str.startsWith('public/');
+}
+
+/**
+ * Returns true if the string is a relative reference into a known public-dir folder.
+ * e.g. "Icons/foo.svg", `Logos/aws-dark.svg`, "Images/bg.png"
+ * These bypass Vite's module pipeline even without a leading slash.
+ */
+const PUBLIC_DIR_SEGMENTS = ['Icons/', 'Images/', 'Logos/', 'svgs/'];
+
+function isRelativePublicDir(str) {
+	if (typeof str !== 'string') return false;
+	return PUBLIC_DIR_SEGMENTS.some((seg) => str.startsWith(seg));
+}
+
+/**
+ * Returns true if an asset import path is valid (goes through Vite's module pipeline).
+ * Valid: @/assets/..., any relative path containing /assets/, or node_modules packages.
+ * Invalid: absolute paths, public/ dir, or relative paths outside src/assets/.
+ */
+function isValidAssetImport(str) {
+	if (typeof str !== 'string') return false;
+	if (str.startsWith('@/assets/')) return true;
+	if (str.includes('/assets/')) return true;
+	// Not starting with . or / means it's a node_modules package — always valid
+	if (!str.startsWith('.') && !str.startsWith('/')) return true;
+	return false;
+}
+
+/**
+ * Returns true if the string is an external URL.
+ * Used to avoid false positives on CDN/API URLs with asset extensions.
+ */
+function isExternalUrl(str) {
+	if (typeof str !== 'string') return false;
+	return (
+		str.startsWith('http://') ||
+		str.startsWith('https://') ||
+		str.startsWith('//')
+	);
+}
+
+module.exports = {
+	ALLOWED_ASSET_EXTENSIONS,
+	PUBLIC_DIR_SEGMENTS,
+	hasAssetExtension,
+	containsAssetExtension,
+	extractUrlPath,
+	isAbsolutePath,
+	isPublicRelative,
+	isRelativePublicDir,
+	isValidAssetImport,
+	isExternalUrl,
+};

frontend/index.html

@@ -62,6 +62,29 @@
 		<link data-react-helmet="true" rel="shortcut icon" href="/favicon.ico" />
 	</head>
 	<body data-theme="default">
+		<script>
+			// Apply theme class synchronously before React renders to prevent flash.
+			// Mirrors the logic in ThemeProvider (hooks/useDarkMode/index.tsx).
+			(function () {
+				try {
+					var theme = localStorage.getItem('THEME');
+					var autoSwitch = localStorage.getItem('THEME_AUTO_SWITCH') === 'true';
+					if (autoSwitch) {
+						theme = window.matchMedia('(prefers-color-scheme: dark)').matches
+							? 'dark'
+							: 'light';
+					}
+					if (theme === 'light') {
+						document.body.classList.add('lightMode');
+					} else {
+						// Default to dark when no preference is stored
+						document.body.classList.add('dark', 'darkMode');
+					}
+				} catch (e) {
+					document.body.classList.add('dark', 'darkMode');
+				}
+			})();
+		</script>
 		<noscript>You need to enable JavaScript to run this app.</noscript>
 		<div id="root"></div>
 

frontend/jest.config.ts

@@ -11,7 +11,11 @@ const config: Config.InitialOptions = {
 	moduleFileExtensions: ['ts', 'tsx', 'js', 'json'],
 	modulePathIgnorePatterns: ['dist'],
 	moduleNameMapper: {
+		'\\.(png|jpg|jpeg|gif|svg|webp|avif|ico|bmp|tiff)$':
+			'<rootDir>/__mocks__/fileMock.ts',
+		'^@/(.*)$': '<rootDir>/src/$1',
 		'\\.(css|less|scss)$': '<rootDir>/__mocks__/cssMock.ts',
+		'\\.module\\.mjs$': '<rootDir>/__mocks__/cssMock.ts',
 		'\\.md$': '<rootDir>/__mocks__/cssMock.ts',
 		'^uplot$': '<rootDir>/__mocks__/uplotMock.ts',
 		'^@signozhq/resizable$': '<rootDir>/__mocks__/resizableMock.tsx',
@@ -24,7 +28,8 @@ const config: Config.InitialOptions = {
 			'<rootDir>/node_modules/@signozhq/icons/dist/index.esm.js',
 		'^react-syntax-highlighter/dist/esm/(.*)$':
 			'<rootDir>/node_modules/react-syntax-highlighter/dist/cjs/$1',
-		'^@signozhq/([^/]+)$': '<rootDir>/node_modules/@signozhq/$1/dist/$1.js',
+		'^@signozhq/(?!ui$)([^/]+)$':
+			'<rootDir>/node_modules/@signozhq/$1/dist/$1.js',
 	},
 	extensionsToTreatAsEsm: ['.ts'],
 	testMatch: ['<rootDir>/src/**/*?(*.)(test).(ts|js)?(x)'],
@@ -40,7 +45,7 @@ const config: Config.InitialOptions = {
 		'^.+\\.(js|jsx)$': 'babel-jest',
 	},
 	transformIgnorePatterns: [
-		'node_modules/(?!(lodash-es|react-dnd|core-dnd|@react-dnd|dnd-core|react-dnd-html5-backend|axios|@signozhq/design-tokens|@signozhq/table|@signozhq/calendar|@signozhq/input|@signozhq/popover|@signozhq/button|@signozhq/sonner|@signozhq/*|date-fns|d3-interpolate|d3-color|api|@codemirror|@lezer|@marijn|@grafana|nuqs)/)',
+		'node_modules/(?!(lodash-es|react-dnd|core-dnd|@react-dnd|dnd-core|react-dnd-html5-backend|axios|@signozhq/design-tokens|@signozhq/table|@signozhq/calendar|@signozhq/input|@signozhq/popover|@signozhq/button|@signozhq/*|date-fns|d3-interpolate|d3-color|api|@codemirror|@lezer|@marijn|@grafana|nuqs)/)',
 	],
 	setupFilesAfterEnv: ['<rootDir>/jest.setup.ts'],
 	testPathIgnorePatterns: ['/node_modules/', '/public/'],

frontend/jest.setup.ts

@@ -24,6 +24,30 @@ window.matchMedia =
 		};
 	};
 
+// Patch getComputedStyle to handle CSS parsing errors from @signozhq/* packages.
+// These packages inject CSS at import time via style-inject / vite-plugin-css-injected-by-js.
+// jsdom's nwsapi cannot parse some of the injected selectors (e.g. Tailwind's :animate-in),
+// causing SyntaxErrors during getComputedStyle / getByRole calls.
+const _origGetComputedStyle = window.getComputedStyle;
+window.getComputedStyle = function (
+	elt: Element,
+	pseudoElt?: string | null,
+): CSSStyleDeclaration {
+	try {
+		return _origGetComputedStyle.call(window, elt, pseudoElt);
+	} catch {
+		// Return a minimal CSSStyleDeclaration so callers (testing-library, Radix UI)
+		// see the element as visible and without animations.
+		return ({
+			display: '',
+			visibility: '',
+			opacity: '1',
+			animationName: 'none',
+			getPropertyValue: () => '',
+		} as unknown) as CSSStyleDeclaration;
+	}
+};
+
 beforeAll(() => server.listen());
 
 afterEach(() => server.resetHandlers());

frontend/package.json

@@ -10,8 +10,10 @@
     "preview": "vite preview",
     "prettify": "prettier --write .",
     "fmt": "prettier --check .",
-    "lint": "eslint ./src",
+    "lint": "eslint ./src && stylelint \"src/**/*.scss\"",
+    "lint:generated": "eslint ./src/api/generated --fix",
     "lint:fix": "eslint ./src --fix",
+    "lint:styles": "stylelint \"src/**/*.scss\"",
     "jest": "jest",
     "jest:coverage": "jest --coverage",
     "jest:watch": "jest --watch",
@@ -46,28 +48,25 @@
     "@radix-ui/react-tooltip": "1.0.7",
     "@sentry/react": "8.41.0",
     "@sentry/vite-plugin": "2.22.6",
-    "@signozhq/badge": "0.0.2",
-    "@signozhq/button": "0.0.2",
-    "@signozhq/calendar": "0.0.0",
-    "@signozhq/callout": "0.0.2",
-    "@signozhq/checkbox": "0.0.2",
-    "@signozhq/combobox": "0.0.2",
-    "@signozhq/command": "0.0.0",
-    "@signozhq/design-tokens": "2.1.1",
-    "@signozhq/dialog": "^0.0.2",
-    "@signozhq/drawer": "0.0.4",
+    "@signozhq/button": "0.0.5",
+    "@signozhq/calendar": "0.1.1",
+    "@signozhq/callout": "0.0.4",
+    "@signozhq/checkbox": "0.0.4",
+    "@signozhq/combobox": "0.0.4",
+    "@signozhq/command": "0.0.2",
+    "@signozhq/design-tokens": "2.1.4",
+    "@signozhq/dialog": "0.0.4",
+    "@signozhq/drawer": "0.0.6",
     "@signozhq/icons": "0.1.0",
-    "@signozhq/input": "0.0.2",
-    "@signozhq/popover": "0.0.0",
-    "@signozhq/radio-group": "0.0.2",
-    "@signozhq/resizable": "0.0.0",
-    "@signozhq/sonner": "0.1.0",
-    "@signozhq/switch": "0.0.2",
+    "@signozhq/input": "0.0.4",
+    "@signozhq/popover": "0.1.2",
+    "@signozhq/radio-group": "0.0.4",
+    "@signozhq/resizable": "0.0.2",
     "@signozhq/table": "0.3.7",
-    "@signozhq/toggle-group": "0.0.1",
-    "@signozhq/tooltip": "0.0.2",
-    "@tanstack/react-table": "8.20.6",
-    "@tanstack/react-virtual": "3.11.2",
+    "@signozhq/toggle-group": "0.0.3",
+    "@signozhq/ui": "0.0.5",
+    "@tanstack/react-table": "8.21.3",
+    "@tanstack/react-virtual": "3.13.22",
     "@uiw/codemirror-theme-copilot": "4.23.11",
     "@uiw/codemirror-theme-github": "4.24.1",
     "@uiw/react-codemirror": "4.23.10",
@@ -135,6 +134,7 @@
     "react-full-screen": "1.1.1",
     "react-grid-layout": "^1.3.4",
     "react-helmet-async": "1.3.0",
+    "react-hook-form": "7.71.2",
     "react-i18next": "^11.16.1",
     "react-lottie": "1.2.10",
     "react-markdown": "8.0.7",
@@ -161,6 +161,7 @@
     "vite-plugin-html": "3.2.2",
     "web-vitals": "^0.2.4",
     "xstate": "^4.31.0",
+    "zod": "4.3.6",
     "zustand": "5.0.11"
   },
   "browserslist": {
@@ -225,6 +226,7 @@
     "eslint-plugin-prettier": "^4.0.0",
     "eslint-plugin-react": "^7.24.0",
     "eslint-plugin-react-hooks": "^4.3.0",
+    "eslint-plugin-rulesdir": "0.2.2",
     "eslint-plugin-simple-import-sort": "^7.0.0",
     "eslint-plugin-sonarjs": "^0.12.0",
     "husky": "^7.0.4",
@@ -240,6 +242,7 @@
     "orval": "7.18.0",
     "portfinder-sync": "^0.0.2",
     "postcss": "8.5.6",
+    "postcss-scss": "4.0.9",
     "prettier": "2.2.1",
     "prop-types": "15.8.1",
     "react-hooks-testing-library": "0.6.0",
@@ -247,6 +250,8 @@
     "redux-mock-store": "1.5.4",
     "sass": "1.97.3",
     "sharp": "0.34.5",
+    "stylelint": "17.7.0",
+    "stylelint-scss": "7.0.0",
     "svgo": "4.0.0",
     "ts-api-utils": "2.4.0",
     "ts-jest": "29.4.6",

frontend/public/locales/en-GB/routes.json

@@ -15,5 +15,6 @@
 	"logs_to_metrics": "Logs To Metrics",
 	"roles": "Roles",
 	"role_details": "Role Details",
-	"members": "Members"
+	"members": "Members",
+	"service_accounts": "Service Accounts"
 }

frontend/public/locales/en-GB/titles.json

@@ -50,5 +50,8 @@
 	"INFRASTRUCTURE_MONITORING_KUBERNETES": "SigNoz | Infra Monitoring",
 	"METER_EXPLORER": "SigNoz | Meter Explorer",
 	"METER_EXPLORER_VIEWS": "SigNoz | Meter Explorer Views",
-	"METER": "SigNoz | Meter"
+	"METER": "SigNoz | Meter",
+	"ROLES_SETTINGS": "SigNoz | Roles",
+	"MEMBERS_SETTINGS": "SigNoz | Members",
+	"SERVICE_ACCOUNTS_SETTINGS": "SigNoz | Service Accounts"
 }

frontend/public/locales/en/routes.json

@@ -15,5 +15,6 @@
 	"logs_to_metrics": "Logs To Metrics",
 	"roles": "Roles",
 	"role_details": "Role Details",
-	"members": "Members"
+	"members": "Members",
+	"service_accounts": "Service Accounts"
 }

frontend/public/locales/en/titles.json

@@ -75,5 +75,6 @@
 	"METER_EXPLORER_VIEWS": "SigNoz | Meter Explorer Views",
 	"METER": "SigNoz | Meter",
 	"ROLES_SETTINGS": "SigNoz | Roles",
-	"MEMBERS_SETTINGS": "SigNoz | Members"
+	"MEMBERS_SETTINGS": "SigNoz | Members",
+	"SERVICE_ACCOUNTS_SETTINGS": "SigNoz | Service Accounts"
 }

frontend/scripts/post-types-generation.sh

@@ -25,7 +25,7 @@ echo "\n✅ Prettier formatting successful"
 
 # Fix linting issues
 echo "\n\n---\nRunning eslint...\n"
-if ! yarn lint --fix --quiet src/api/generated; then
+if ! yarn lint:generated; then
   echo "ESLint check failed! Please fix linting errors before proceeding."
   exit 1
 fi

frontend/src/AppRoutes/Private.tsx

@@ -1,23 +1,17 @@
-import { ReactChild, useCallback, useEffect, useMemo, useState } from 'react';
-import { useQuery } from 'react-query';
+import { ReactChild, useCallback, useMemo } from 'react';
 import { matchPath, Redirect, useLocation } from 'react-router-dom';
 import getLocalStorageApi from 'api/browser/localstorage/get';
 import setLocalStorageApi from 'api/browser/localstorage/set';
-import getAll from 'api/v1/user/get';
+import { useListUsers } from 'api/generated/services/users';
 import { FeatureKeys } from 'constants/features';
 import { LOCALSTORAGE } from 'constants/localStorage';
 import { ORG_PREFERENCES } from 'constants/orgPreferences';
 import ROUTES from 'constants/routes';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
-import history from 'lib/history';
 import { isEmpty } from 'lodash-es';
 import { useAppContext } from 'providers/App/App';
-import { SuccessResponseV2 } from 'types/api';
-import APIError from 'types/api/error';
 import { LicensePlatform, LicenseState } from 'types/api/licensesV3/getActive';
 import { OrgPreference } from 'types/api/preferences/preference';
-import { Organization } from 'types/api/user/getOrganization';
-import { UserResponse } from 'types/api/user/getUser';
 import { USER_ROLES } from 'types/roles';
 import { routePermission } from 'utils/permission';
 
@@ -29,6 +23,7 @@ import routes, {
 	SUPPORT_ROUTE,
 } from './routes';
 
+// eslint-disable-next-line sonarjs/cognitive-complexity
 function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 	const location = useLocation();
 	const { pathname } = location;
@@ -61,20 +56,17 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 	const currentRoute = mapRoutes.get('current');
 	const { isCloudUser: isCloudUserVal } = useGetTenantLicense();
 
-	const [orgData, setOrgData] = useState<Organization | undefined>(undefined);
+	const orgData = useMemo(() => {
+		if (org && org.length > 0 && org[0].id !== undefined) {
+			return org[0];
+		}
+		return undefined;
+	}, [org]);
 
-	const { data: usersData, isFetching: isFetchingUsers } = useQuery<
-		SuccessResponseV2<UserResponse[]> | undefined,
-		APIError
-	>({
-		queryFn: () => {
-			if (orgData && orgData.id !== undefined) {
-				return getAll();
-			}
-			return undefined;
+	const { data: usersData, isFetching: isFetchingUsers } = useListUsers({
+		query: {
+			enabled: !isEmpty(orgData) && user.role === 'ADMIN',
 		},
-		queryKey: ['getOrgUser'],
-		enabled: !isEmpty(orgData) && user.role === 'ADMIN',
 	});
 
 	const checkFirstTimeUser = useCallback((): boolean => {
@@ -87,210 +79,7 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 		return remainingUsers.length === 1;
 	}, [usersData?.data]);
 
-	useEffect(() => {
-		if (
-			isCloudUserVal &&
-			!isFetchingOrgPreferences &&
-			orgPreferences &&
-			!isFetchingUsers &&
-			usersData &&
-			usersData.data
-		) {
-			const isOnboardingComplete = orgPreferences?.find(
-				(preference: OrgPreference) =>
-					preference.name === ORG_PREFERENCES.ORG_ONBOARDING,
-			)?.value;
-
-			const isFirstUser = checkFirstTimeUser();
-			if (
-				isFirstUser &&
-				!isOnboardingComplete &&
-				// if the current route is allowed to be overriden by org onboarding then only do the same
-				!ROUTES_NOT_TO_BE_OVERRIDEN.includes(pathname)
-			) {
-				history.push(ROUTES.ONBOARDING);
-			}
-		}
-	}, [
-		checkFirstTimeUser,
-		isCloudUserVal,
-		isFetchingOrgPreferences,
-		isFetchingUsers,
-		orgPreferences,
-		usersData,
-		pathname,
-	]);
-
-	const navigateToWorkSpaceBlocked = (route: any): void => {
-		const { path } = route;
-
-		const isRouteEnabledForWorkspaceBlockedState =
-			isAdmin &&
-			(path === ROUTES.SETTINGS ||
-				path === ROUTES.ORG_SETTINGS ||
-				path === ROUTES.MEMBERS_SETTINGS ||
-				path === ROUTES.BILLING ||
-				path === ROUTES.MY_SETTINGS);
-
-		if (
-			path &&
-			path !== ROUTES.WORKSPACE_LOCKED &&
-			!isRouteEnabledForWorkspaceBlockedState
-		) {
-			history.push(ROUTES.WORKSPACE_LOCKED);
-		}
-	};
-
-	const navigateToWorkSpaceAccessRestricted = (route: any): void => {
-		const { path } = route;
-
-		if (path && path !== ROUTES.WORKSPACE_ACCESS_RESTRICTED) {
-			history.push(ROUTES.WORKSPACE_ACCESS_RESTRICTED);
-		}
-	};
-
-	useEffect(() => {
-		if (!isFetchingActiveLicense && activeLicense) {
-			const currentRoute = mapRoutes.get('current');
-
-			const isTerminated = activeLicense.state === LicenseState.TERMINATED;
-			const isExpired = activeLicense.state === LicenseState.EXPIRED;
-			const isCancelled = activeLicense.state === LicenseState.CANCELLED;
-
-			const isWorkspaceAccessRestricted = isTerminated || isExpired || isCancelled;
-
-			const { platform } = activeLicense;
-
-			if (
-				isWorkspaceAccessRestricted &&
-				platform === LicensePlatform.CLOUD &&
-				currentRoute
-			) {
-				navigateToWorkSpaceAccessRestricted(currentRoute);
-			}
-		}
-	}, [isFetchingActiveLicense, activeLicense, mapRoutes, pathname]);
-
-	useEffect(() => {
-		if (!isFetchingActiveLicense) {
-			const currentRoute = mapRoutes.get('current');
-			const shouldBlockWorkspace = trialInfo?.workSpaceBlock;
-
-			if (
-				shouldBlockWorkspace &&
-				currentRoute &&
-				activeLicense?.platform === LicensePlatform.CLOUD
-			) {
-				navigateToWorkSpaceBlocked(currentRoute);
-			}
-		}
-		// eslint-disable-next-line react-hooks/exhaustive-deps
-	}, [
-		isFetchingActiveLicense,
-		trialInfo?.workSpaceBlock,
-		activeLicense?.platform,
-		mapRoutes,
-		pathname,
-	]);
-
-	const navigateToWorkSpaceSuspended = (route: any): void => {
-		const { path } = route;
-
-		if (path && path !== ROUTES.WORKSPACE_SUSPENDED) {
-			history.push(ROUTES.WORKSPACE_SUSPENDED);
-		}
-	};
-
-	useEffect(() => {
-		if (!isFetchingActiveLicense && activeLicense) {
-			const currentRoute = mapRoutes.get('current');
-			const shouldSuspendWorkspace =
-				activeLicense.state === LicenseState.DEFAULTED;
-
-			if (
-				shouldSuspendWorkspace &&
-				currentRoute &&
-				activeLicense.platform === LicensePlatform.CLOUD
-			) {
-				navigateToWorkSpaceSuspended(currentRoute);
-			}
-		}
-	}, [isFetchingActiveLicense, activeLicense, mapRoutes, pathname]);
-
-	useEffect(() => {
-		if (org && org.length > 0 && org[0].id !== undefined) {
-			setOrgData(org[0]);
-		}
-	}, [org]);
-
-	// if the feature flag is enabled and the current route is /get-started then redirect to /get-started-with-signoz-cloud
-	useEffect(() => {
-		if (
-			currentRoute?.path === ROUTES.GET_STARTED &&
-			featureFlags?.find((e) => e.name === FeatureKeys.ONBOARDING_V3)?.active
-		) {
-			history.push(ROUTES.GET_STARTED_WITH_CLOUD);
-		}
-	}, [currentRoute, featureFlags]);
-
-	// eslint-disable-next-line sonarjs/cognitive-complexity
-	useEffect(() => {
-		// if it is an old route navigate to the new route
-		if (isOldRoute) {
-			// this will be handled by the redirect component below
-			return;
-		}
-
-		// if the current route is public dashboard then don't redirect to login
-		const isPublicDashboard = currentRoute?.path === ROUTES.PUBLIC_DASHBOARD;
-
-		if (isPublicDashboard) {
-			return;
-		}
-
-		// if the current route
-		if (currentRoute) {
-			const { isPrivate, key } = currentRoute;
-			if (isPrivate) {
-				if (isLoggedInState) {
-					const route = routePermission[key];
-					if (route && route.find((e) => e === user.role) === undefined) {
-						history.push(ROUTES.UN_AUTHORIZED);
-					}
-				} else {
-					setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, pathname);
-					history.push(ROUTES.LOGIN);
-				}
-			} else if (isLoggedInState) {
-				const fromPathname = getLocalStorageApi(
-					LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT,
-				);
-				if (fromPathname) {
-					history.push(fromPathname);
-					setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, '');
-				} else if (pathname !== ROUTES.SOMETHING_WENT_WRONG) {
-					history.push(ROUTES.HOME);
-				}
-			} else {
-				// do nothing as the unauthenticated routes are LOGIN and SIGNUP and the LOGIN container takes care of routing to signup if
-				// setup is not completed
-			}
-		} else if (isLoggedInState) {
-			const fromPathname = getLocalStorageApi(
-				LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT,
-			);
-			if (fromPathname) {
-				history.push(fromPathname);
-				setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, '');
-			} else {
-				history.push(ROUTES.HOME);
-			}
-		} else {
-			setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, pathname);
-			history.push(ROUTES.LOGIN);
-		}
-	}, [isLoggedInState, pathname, user, isOldRoute, currentRoute, location]);
-
+	// Handle old routes - redirect to new routes
 	if (isOldRoute) {
 		const redirectUrl = oldNewRoutesMapping[pathname];
 		return (
@@ -304,7 +93,143 @@ function PrivateRoute({ children }: PrivateRouteProps): JSX.Element {
 		);
 	}
 
-	// NOTE: disabling this rule as there is no need to have div
+	// Public dashboard - no redirect needed
+	const isPublicDashboard = currentRoute?.path === ROUTES.PUBLIC_DASHBOARD;
+	if (isPublicDashboard) {
+		return <>{children}</>;
+	}
+
+	// Check for workspace access restriction (cloud only)
+	const isCloudPlatform = activeLicense?.platform === LicensePlatform.CLOUD;
+
+	if (!isFetchingActiveLicense && activeLicense && isCloudPlatform) {
+		const isTerminated = activeLicense.state === LicenseState.TERMINATED;
+		const isExpired = activeLicense.state === LicenseState.EXPIRED;
+		const isCancelled = activeLicense.state === LicenseState.CANCELLED;
+		const isWorkspaceAccessRestricted = isTerminated || isExpired || isCancelled;
+
+		if (
+			isWorkspaceAccessRestricted &&
+			pathname !== ROUTES.WORKSPACE_ACCESS_RESTRICTED
+		) {
+			return <Redirect to={ROUTES.WORKSPACE_ACCESS_RESTRICTED} />;
+		}
+
+		// Check for workspace suspended (DEFAULTED)
+		const shouldSuspendWorkspace = activeLicense.state === LicenseState.DEFAULTED;
+		if (shouldSuspendWorkspace && pathname !== ROUTES.WORKSPACE_SUSPENDED) {
+			return <Redirect to={ROUTES.WORKSPACE_SUSPENDED} />;
+		}
+	}
+
+	// Check for workspace blocked (trial expired)
+	if (!isFetchingActiveLicense && isCloudPlatform && trialInfo?.workSpaceBlock) {
+		const isRouteEnabledForWorkspaceBlockedState =
+			isAdmin &&
+			(pathname === ROUTES.SETTINGS ||
+				pathname === ROUTES.ORG_SETTINGS ||
+				pathname === ROUTES.MEMBERS_SETTINGS ||
+				pathname === ROUTES.BILLING ||
+				pathname === ROUTES.MY_SETTINGS);
+
+		if (
+			pathname !== ROUTES.WORKSPACE_LOCKED &&
+			!isRouteEnabledForWorkspaceBlockedState
+		) {
+			return <Redirect to={ROUTES.WORKSPACE_LOCKED} />;
+		}
+	}
+
+	// Check for onboarding redirect (cloud users, first user, onboarding not complete)
+	if (
+		isCloudUserVal &&
+		!isFetchingOrgPreferences &&
+		orgPreferences &&
+		!isFetchingUsers &&
+		usersData &&
+		usersData.data
+	) {
+		const isOnboardingComplete = orgPreferences?.find(
+			(preference: OrgPreference) =>
+				preference.name === ORG_PREFERENCES.ORG_ONBOARDING,
+		)?.value;
+
+		// Don't redirect to onboarding if workspace has issues
+		const isWorkspaceBlocked = trialInfo?.workSpaceBlock;
+		const isWorkspaceSuspended = activeLicense?.state === LicenseState.DEFAULTED;
+		const isWorkspaceAccessRestricted =
+			activeLicense?.state === LicenseState.TERMINATED ||
+			activeLicense?.state === LicenseState.EXPIRED ||
+			activeLicense?.state === LicenseState.CANCELLED;
+
+		const hasWorkspaceIssue =
+			isWorkspaceBlocked || isWorkspaceSuspended || isWorkspaceAccessRestricted;
+
+		if (!hasWorkspaceIssue) {
+			const isFirstUser = checkFirstTimeUser();
+			if (
+				isFirstUser &&
+				!isOnboardingComplete &&
+				!ROUTES_NOT_TO_BE_OVERRIDEN.includes(pathname) &&
+				pathname !== ROUTES.ONBOARDING
+			) {
+				return <Redirect to={ROUTES.ONBOARDING} />;
+			}
+		}
+	}
+
+	// Check for GET_STARTED → GET_STARTED_WITH_CLOUD redirect (feature flag)
+	if (
+		currentRoute?.path === ROUTES.GET_STARTED &&
+		featureFlags?.find((e) => e.name === FeatureKeys.ONBOARDING_V3)?.active
+	) {
+		return <Redirect to={ROUTES.GET_STARTED_WITH_CLOUD} />;
+	}
+
+	// Main routing logic
+	if (currentRoute) {
+		const { isPrivate, key } = currentRoute;
+		if (isPrivate) {
+			if (isLoggedInState) {
+				const route = routePermission[key];
+				if (route && route.find((e) => e === user.role) === undefined) {
+					return <Redirect to={ROUTES.UN_AUTHORIZED} />;
+				}
+			} else {
+				// Save current path and redirect to login
+				setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, pathname);
+				return <Redirect to={ROUTES.LOGIN} />;
+			}
+		} else if (isLoggedInState) {
+			// Non-private route, but user is logged in
+			const fromPathname = getLocalStorageApi(
+				LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT,
+			);
+			if (fromPathname) {
+				setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, '');
+				return <Redirect to={fromPathname} />;
+			}
+			if (pathname !== ROUTES.SOMETHING_WENT_WRONG) {
+				return <Redirect to={ROUTES.HOME} />;
+			}
+		}
+		// Non-private route, user not logged in - let login/signup pages handle it
+	} else if (isLoggedInState) {
+		// Unknown route, logged in
+		const fromPathname = getLocalStorageApi(
+			LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT,
+		);
+		if (fromPathname) {
+			setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, '');
+			return <Redirect to={fromPathname} />;
+		}
+		return <Redirect to={ROUTES.HOME} />;
+	} else {
+		// Unknown route, not logged in
+		setLocalStorageApi(LOCALSTORAGE.UNAUTHENTICATED_ROUTE_HIT, pathname);
+		return <Redirect to={ROUTES.LOGIN} />;
+	}
+
 	return <>{children}</>;
 }
 

frontend/src/AppRoutes/index.tsx

@@ -18,7 +18,7 @@ import AppLayout from 'container/AppLayout';
 import Hex from 'crypto-js/enc-hex';
 import HmacSHA256 from 'crypto-js/hmac-sha256';
 import { KeyboardHotkeysProvider } from 'hooks/hotkeys/useKeyboardHotkeys';
-import { useThemeConfig } from 'hooks/useDarkMode';
+import { useIsDarkMode, useThemeConfig } from 'hooks/useDarkMode';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
 import { NotificationProvider } from 'hooks/useNotifications';
 import { ResourceProvider } from 'hooks/useResourceAttribute';
@@ -212,6 +212,12 @@ function App(): JSX.Element {
 		activeLicenseFetchError,
 	]);
 
+	const isDarkMode = useIsDarkMode();
+
+	useEffect(() => {
+		window.Pylon?.('setTheme', isDarkMode ? 'dark' : 'light');
+	}, [isDarkMode]);
+
 	useEffect(() => {
 		if (
 			pathname === ROUTES.ONBOARDING ||

frontend/src/AppRoutes/pageComponents.ts

@@ -157,10 +157,6 @@ export const IngestionSettings = Loadable(
 	() => import(/* webpackChunkName: "Ingestion Settings" */ 'pages/Settings'),
 );
 
-export const APIKeys = Loadable(
-	() => import(/* webpackChunkName: "All Settings" */ 'pages/Settings'),
-);
-
 export const MySettings = Loadable(
 	() => import(/* webpackChunkName: "All MySettings" */ 'pages/Settings'),
 );

frontend/src/AppRoutes/routes.ts

@@ -513,6 +513,7 @@ export const oldRoutes = [
 	'/logs-save-views',
 	'/traces-save-views',
 	'/settings/access-tokens',
+	'/settings/api-keys',
 	'/messaging-queues',
 	'/alerts/edit',
 ];
@@ -523,7 +524,8 @@ export const oldNewRoutesMapping: Record<string, string> = {
 	'/logs-explorer/live': '/logs/logs-explorer/live',
 	'/logs-save-views': '/logs/saved-views',
 	'/traces-save-views': '/traces/saved-views',
-	'/settings/access-tokens': '/settings/api-keys',
+	'/settings/access-tokens': '/settings/service-accounts',
+	'/settings/api-keys': '/settings/service-accounts',
 	'/messaging-queues': '/messaging-queues/overview',
 	'/alerts/edit': '/alerts/overview',
 };

frontend/src/api/dashboard/public/createPublicDashboard.ts

@@ -1,6 +1,7 @@
 import axios from 'api';
 import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
 import { AxiosError } from 'axios';
+import { DEFAULT_TIME_RANGE } from 'container/TopNav/DateTimeSelectionV2/constants';
 import { ErrorV2Resp, 	 SuccessResponseV2 } from 'types/api';
 import { CreatePublicDashboardProps } from 'types/api/dashboard/public/create';
 
@@ -8,7 +9,7 @@ const createPublicDashboard = async (
 	props: CreatePublicDashboardProps,
 ): Promise<SuccessResponseV2<CreatePublicDashboardProps>> => {
 
-    const { dashboardId, timeRangeEnabled = false, defaultTimeRange = '30m' } = props;
+    const { dashboardId, timeRangeEnabled = false, defaultTimeRange = DEFAULT_TIME_RANGE } = props;
 
 	try {
 		const response = await axios.post(

frontend/src/api/dashboard/public/updatePublicDashboard.ts

@@ -1,6 +1,7 @@
 import axios from 'api';
 import { ErrorResponseHandlerV2 } from 'api/ErrorResponseHandlerV2';
 import { AxiosError } from 'axios';
+import { DEFAULT_TIME_RANGE } from 'container/TopNav/DateTimeSelectionV2/constants';
 import {  ErrorV2Resp, SuccessResponseV2 } from 'types/api';
 import { UpdatePublicDashboardProps } from 'types/api/dashboard/public/update';
 
@@ -8,7 +9,7 @@ const updatePublicDashboard = async (
 	props: UpdatePublicDashboardProps,
 ): Promise<SuccessResponseV2<UpdatePublicDashboardProps>> => {
 
-    const { dashboardId, timeRangeEnabled = false, defaultTimeRange = '30m' } = props;
+    const { dashboardId, timeRangeEnabled = false, defaultTimeRange = DEFAULT_TIME_RANGE } = props;
 
 	try {
 		const response = await axios.put(

frontend/src/api/generated/services/alerts/index.ts

@@ -0,0 +1,97 @@
+/**
+ * ! Do not edit manually
+ * * The file has been auto-generated using Orval for SigNoz
+ * * regenerate with 'yarn generate:api'
+ * SigNoz
+ */
+import type {
+	InvalidateOptions,
+	QueryClient,
+	QueryFunction,
+	QueryKey,
+	UseQueryOptions,
+	UseQueryResult,
+} from 'react-query';
+import { useQuery } from 'react-query';
+
+import type { ErrorType } from '../../../generatedAPIInstance';
+import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
+import type { GetAlerts200, RenderErrorResponseDTO } from '../sigNoz.schemas';
+
+/**
+ * This endpoint returns alerts for the organization
+ * @summary Get alerts
+ */
+export const getAlerts = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<GetAlerts200>({
+		url: `/api/v1/alerts`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetAlertsQueryKey = () => {
+	return [`/api/v1/alerts`] as const;
+};
+
+export const getGetAlertsQueryOptions = <
+	TData = Awaited<ReturnType<typeof getAlerts>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof getAlerts>>, TError, TData>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getGetAlertsQueryKey();
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof getAlerts>>> = ({
+		signal,
+	}) => getAlerts(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof getAlerts>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetAlertsQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getAlerts>>
+>;
+export type GetAlertsQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get alerts
+ */
+
+export function useGetAlerts<
+	TData = Awaited<ReturnType<typeof getAlerts>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof getAlerts>>, TError, TData>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetAlertsQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get alerts
+ */
+export const invalidateGetAlerts = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetAlertsQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};

frontend/src/api/generated/services/channels/index.ts

@@ -0,0 +1,646 @@
+/**
+ * ! Do not edit manually
+ * * The file has been auto-generated using Orval for SigNoz
+ * * regenerate with 'yarn generate:api'
+ * SigNoz
+ */
+import type {
+	InvalidateOptions,
+	MutationFunction,
+	QueryClient,
+	QueryFunction,
+	QueryKey,
+	UseMutationOptions,
+	UseMutationResult,
+	UseQueryOptions,
+	UseQueryResult,
+} from 'react-query';
+import { useMutation, useQuery } from 'react-query';
+
+import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
+import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
+import type {
+	ConfigReceiverDTO,
+	CreateChannel201,
+	DeleteChannelByIDPathParameters,
+	GetChannelByID200,
+	GetChannelByIDPathParameters,
+	ListChannels200,
+	RenderErrorResponseDTO,
+	UpdateChannelByIDPathParameters,
+} from '../sigNoz.schemas';
+
+/**
+ * This endpoint lists all notification channels for the organization
+ * @summary List notification channels
+ */
+export const listChannels = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<ListChannels200>({
+		url: `/api/v1/channels`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getListChannelsQueryKey = () => {
+	return [`/api/v1/channels`] as const;
+};
+
+export const getListChannelsQueryOptions = <
+	TData = Awaited<ReturnType<typeof listChannels>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof listChannels>>,
+		TError,
+		TData
+	>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getListChannelsQueryKey();
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof listChannels>>> = ({
+		signal,
+	}) => listChannels(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof listChannels>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type ListChannelsQueryResult = NonNullable<
+	Awaited<ReturnType<typeof listChannels>>
+>;
+export type ListChannelsQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary List notification channels
+ */
+
+export function useListChannels<
+	TData = Awaited<ReturnType<typeof listChannels>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof listChannels>>,
+		TError,
+		TData
+	>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getListChannelsQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary List notification channels
+ */
+export const invalidateListChannels = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getListChannelsQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint creates a notification channel
+ * @summary Create notification channel
+ */
+export const createChannel = (
+	configReceiverDTO: BodyType<ConfigReceiverDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateChannel201>({
+		url: `/api/v1/channels`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: configReceiverDTO,
+		signal,
+	});
+};
+
+export const getCreateChannelMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createChannel>>,
+		TError,
+		{ data: BodyType<ConfigReceiverDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createChannel>>,
+	TError,
+	{ data: BodyType<ConfigReceiverDTO> },
+	TContext
+> => {
+	const mutationKey = ['createChannel'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createChannel>>,
+		{ data: BodyType<ConfigReceiverDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return createChannel(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreateChannelMutationResult = NonNullable<
+	Awaited<ReturnType<typeof createChannel>>
+>;
+export type CreateChannelMutationBody = BodyType<ConfigReceiverDTO>;
+export type CreateChannelMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Create notification channel
+ */
+export const useCreateChannel = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createChannel>>,
+		TError,
+		{ data: BodyType<ConfigReceiverDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createChannel>>,
+	TError,
+	{ data: BodyType<ConfigReceiverDTO> },
+	TContext
+> => {
+	const mutationOptions = getCreateChannelMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint deletes a notification channel by ID
+ * @summary Delete notification channel
+ */
+export const deleteChannelByID = ({ id }: DeleteChannelByIDPathParameters) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/channels/${id}`,
+		method: 'DELETE',
+	});
+};
+
+export const getDeleteChannelByIDMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteChannelByID>>,
+		TError,
+		{ pathParams: DeleteChannelByIDPathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof deleteChannelByID>>,
+	TError,
+	{ pathParams: DeleteChannelByIDPathParameters },
+	TContext
+> => {
+	const mutationKey = ['deleteChannelByID'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof deleteChannelByID>>,
+		{ pathParams: DeleteChannelByIDPathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return deleteChannelByID(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type DeleteChannelByIDMutationResult = NonNullable<
+	Awaited<ReturnType<typeof deleteChannelByID>>
+>;
+
+export type DeleteChannelByIDMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Delete notification channel
+ */
+export const useDeleteChannelByID = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteChannelByID>>,
+		TError,
+		{ pathParams: DeleteChannelByIDPathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof deleteChannelByID>>,
+	TError,
+	{ pathParams: DeleteChannelByIDPathParameters },
+	TContext
+> => {
+	const mutationOptions = getDeleteChannelByIDMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint returns a notification channel by ID
+ * @summary Get notification channel by ID
+ */
+export const getChannelByID = (
+	{ id }: GetChannelByIDPathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<GetChannelByID200>({
+		url: `/api/v1/channels/${id}`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetChannelByIDQueryKey = ({
+	id,
+}: GetChannelByIDPathParameters) => {
+	return [`/api/v1/channels/${id}`] as const;
+};
+
+export const getGetChannelByIDQueryOptions = <
+	TData = Awaited<ReturnType<typeof getChannelByID>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetChannelByIDPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getChannelByID>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getGetChannelByIDQueryKey({ id });
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof getChannelByID>>> = ({
+		signal,
+	}) => getChannelByID({ id }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!id,
+		...queryOptions,
+	} as UseQueryOptions<
+		Awaited<ReturnType<typeof getChannelByID>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetChannelByIDQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getChannelByID>>
+>;
+export type GetChannelByIDQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get notification channel by ID
+ */
+
+export function useGetChannelByID<
+	TData = Awaited<ReturnType<typeof getChannelByID>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetChannelByIDPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getChannelByID>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetChannelByIDQueryOptions({ id }, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get notification channel by ID
+ */
+export const invalidateGetChannelByID = async (
+	queryClient: QueryClient,
+	{ id }: GetChannelByIDPathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetChannelByIDQueryKey({ id }) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint updates a notification channel by ID
+ * @summary Update notification channel
+ */
+export const updateChannelByID = (
+	{ id }: UpdateChannelByIDPathParameters,
+	configReceiverDTO: BodyType<ConfigReceiverDTO>,
+) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/channels/${id}`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: configReceiverDTO,
+	});
+};
+
+export const getUpdateChannelByIDMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateChannelByID>>,
+		TError,
+		{
+			pathParams: UpdateChannelByIDPathParameters;
+			data: BodyType<ConfigReceiverDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateChannelByID>>,
+	TError,
+	{
+		pathParams: UpdateChannelByIDPathParameters;
+		data: BodyType<ConfigReceiverDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updateChannelByID'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateChannelByID>>,
+		{
+			pathParams: UpdateChannelByIDPathParameters;
+			data: BodyType<ConfigReceiverDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updateChannelByID(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateChannelByIDMutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateChannelByID>>
+>;
+export type UpdateChannelByIDMutationBody = BodyType<ConfigReceiverDTO>;
+export type UpdateChannelByIDMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update notification channel
+ */
+export const useUpdateChannelByID = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateChannelByID>>,
+		TError,
+		{
+			pathParams: UpdateChannelByIDPathParameters;
+			data: BodyType<ConfigReceiverDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateChannelByID>>,
+	TError,
+	{
+		pathParams: UpdateChannelByIDPathParameters;
+		data: BodyType<ConfigReceiverDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getUpdateChannelByIDMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint tests a notification channel by sending a test notification
+ * @summary Test notification channel
+ */
+export const testChannel = (
+	configReceiverDTO: BodyType<ConfigReceiverDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/channels/test`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: configReceiverDTO,
+		signal,
+	});
+};
+
+export const getTestChannelMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof testChannel>>,
+		TError,
+		{ data: BodyType<ConfigReceiverDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof testChannel>>,
+	TError,
+	{ data: BodyType<ConfigReceiverDTO> },
+	TContext
+> => {
+	const mutationKey = ['testChannel'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof testChannel>>,
+		{ data: BodyType<ConfigReceiverDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return testChannel(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type TestChannelMutationResult = NonNullable<
+	Awaited<ReturnType<typeof testChannel>>
+>;
+export type TestChannelMutationBody = BodyType<ConfigReceiverDTO>;
+export type TestChannelMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Test notification channel
+ */
+export const useTestChannel = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof testChannel>>,
+		TError,
+		{ data: BodyType<ConfigReceiverDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof testChannel>>,
+	TError,
+	{ data: BodyType<ConfigReceiverDTO> },
+	TContext
+> => {
+	const mutationOptions = getTestChannelMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * Deprecated: use /api/v1/channels/test instead
+ * @deprecated
+ * @summary Test notification channel (deprecated)
+ */
+export const testChannelDeprecated = (
+	configReceiverDTO: BodyType<ConfigReceiverDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/testChannel`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: configReceiverDTO,
+		signal,
+	});
+};
+
+export const getTestChannelDeprecatedMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof testChannelDeprecated>>,
+		TError,
+		{ data: BodyType<ConfigReceiverDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof testChannelDeprecated>>,
+	TError,
+	{ data: BodyType<ConfigReceiverDTO> },
+	TContext
+> => {
+	const mutationKey = ['testChannelDeprecated'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof testChannelDeprecated>>,
+		{ data: BodyType<ConfigReceiverDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return testChannelDeprecated(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type TestChannelDeprecatedMutationResult = NonNullable<
+	Awaited<ReturnType<typeof testChannelDeprecated>>
+>;
+export type TestChannelDeprecatedMutationBody = BodyType<ConfigReceiverDTO>;
+export type TestChannelDeprecatedMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @deprecated
+ * @summary Test notification channel (deprecated)
+ */
+export const useTestChannelDeprecated = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof testChannelDeprecated>>,
+		TError,
+		{ data: BodyType<ConfigReceiverDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof testChannelDeprecated>>,
+	TError,
+	{ data: BodyType<ConfigReceiverDTO> },
+	TContext
+> => {
+	const mutationOptions = getTestChannelDeprecatedMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};

frontend/src/api/generated/services/downtimeschedules/index.ts

@@ -0,0 +1,496 @@
+/**
+ * ! Do not edit manually
+ * * The file has been auto-generated using Orval for SigNoz
+ * * regenerate with 'yarn generate:api'
+ * SigNoz
+ */
+import type {
+	InvalidateOptions,
+	MutationFunction,
+	QueryClient,
+	QueryFunction,
+	QueryKey,
+	UseMutationOptions,
+	UseMutationResult,
+	UseQueryOptions,
+	UseQueryResult,
+} from 'react-query';
+import { useMutation, useQuery } from 'react-query';
+
+import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
+import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
+import type {
+	CreateDowntimeSchedule201,
+	DeleteDowntimeScheduleByIDPathParameters,
+	GetDowntimeScheduleByID200,
+	GetDowntimeScheduleByIDPathParameters,
+	ListDowntimeSchedules200,
+	ListDowntimeSchedulesParams,
+	RenderErrorResponseDTO,
+	RuletypesPostablePlannedMaintenanceDTO,
+	UpdateDowntimeScheduleByIDPathParameters,
+} from '../sigNoz.schemas';
+
+/**
+ * This endpoint lists all planned maintenance / downtime schedules
+ * @summary List downtime schedules
+ */
+export const listDowntimeSchedules = (
+	params?: ListDowntimeSchedulesParams,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<ListDowntimeSchedules200>({
+		url: `/api/v1/downtime_schedules`,
+		method: 'GET',
+		params,
+		signal,
+	});
+};
+
+export const getListDowntimeSchedulesQueryKey = (
+	params?: ListDowntimeSchedulesParams,
+) => {
+	return [`/api/v1/downtime_schedules`, ...(params ? [params] : [])] as const;
+};
+
+export const getListDowntimeSchedulesQueryOptions = <
+	TData = Awaited<ReturnType<typeof listDowntimeSchedules>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	params?: ListDowntimeSchedulesParams,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof listDowntimeSchedules>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey =
+		queryOptions?.queryKey ?? getListDowntimeSchedulesQueryKey(params);
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof listDowntimeSchedules>>
+	> = ({ signal }) => listDowntimeSchedules(params, signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof listDowntimeSchedules>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type ListDowntimeSchedulesQueryResult = NonNullable<
+	Awaited<ReturnType<typeof listDowntimeSchedules>>
+>;
+export type ListDowntimeSchedulesQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary List downtime schedules
+ */
+
+export function useListDowntimeSchedules<
+	TData = Awaited<ReturnType<typeof listDowntimeSchedules>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	params?: ListDowntimeSchedulesParams,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof listDowntimeSchedules>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getListDowntimeSchedulesQueryOptions(params, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary List downtime schedules
+ */
+export const invalidateListDowntimeSchedules = async (
+	queryClient: QueryClient,
+	params?: ListDowntimeSchedulesParams,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getListDowntimeSchedulesQueryKey(params) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint creates a new planned maintenance / downtime schedule
+ * @summary Create downtime schedule
+ */
+export const createDowntimeSchedule = (
+	ruletypesPostablePlannedMaintenanceDTO: BodyType<RuletypesPostablePlannedMaintenanceDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateDowntimeSchedule201>({
+		url: `/api/v1/downtime_schedules`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: ruletypesPostablePlannedMaintenanceDTO,
+		signal,
+	});
+};
+
+export const getCreateDowntimeScheduleMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createDowntimeSchedule>>,
+		TError,
+		{ data: BodyType<RuletypesPostablePlannedMaintenanceDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createDowntimeSchedule>>,
+	TError,
+	{ data: BodyType<RuletypesPostablePlannedMaintenanceDTO> },
+	TContext
+> => {
+	const mutationKey = ['createDowntimeSchedule'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createDowntimeSchedule>>,
+		{ data: BodyType<RuletypesPostablePlannedMaintenanceDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return createDowntimeSchedule(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreateDowntimeScheduleMutationResult = NonNullable<
+	Awaited<ReturnType<typeof createDowntimeSchedule>>
+>;
+export type CreateDowntimeScheduleMutationBody = BodyType<RuletypesPostablePlannedMaintenanceDTO>;
+export type CreateDowntimeScheduleMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Create downtime schedule
+ */
+export const useCreateDowntimeSchedule = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createDowntimeSchedule>>,
+		TError,
+		{ data: BodyType<RuletypesPostablePlannedMaintenanceDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createDowntimeSchedule>>,
+	TError,
+	{ data: BodyType<RuletypesPostablePlannedMaintenanceDTO> },
+	TContext
+> => {
+	const mutationOptions = getCreateDowntimeScheduleMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint deletes a downtime schedule by ID
+ * @summary Delete downtime schedule
+ */
+export const deleteDowntimeScheduleByID = ({
+	id,
+}: DeleteDowntimeScheduleByIDPathParameters) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/downtime_schedules/${id}`,
+		method: 'DELETE',
+	});
+};
+
+export const getDeleteDowntimeScheduleByIDMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteDowntimeScheduleByID>>,
+		TError,
+		{ pathParams: DeleteDowntimeScheduleByIDPathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof deleteDowntimeScheduleByID>>,
+	TError,
+	{ pathParams: DeleteDowntimeScheduleByIDPathParameters },
+	TContext
+> => {
+	const mutationKey = ['deleteDowntimeScheduleByID'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof deleteDowntimeScheduleByID>>,
+		{ pathParams: DeleteDowntimeScheduleByIDPathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return deleteDowntimeScheduleByID(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type DeleteDowntimeScheduleByIDMutationResult = NonNullable<
+	Awaited<ReturnType<typeof deleteDowntimeScheduleByID>>
+>;
+
+export type DeleteDowntimeScheduleByIDMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Delete downtime schedule
+ */
+export const useDeleteDowntimeScheduleByID = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteDowntimeScheduleByID>>,
+		TError,
+		{ pathParams: DeleteDowntimeScheduleByIDPathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof deleteDowntimeScheduleByID>>,
+	TError,
+	{ pathParams: DeleteDowntimeScheduleByIDPathParameters },
+	TContext
+> => {
+	const mutationOptions = getDeleteDowntimeScheduleByIDMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint returns a downtime schedule by ID
+ * @summary Get downtime schedule by ID
+ */
+export const getDowntimeScheduleByID = (
+	{ id }: GetDowntimeScheduleByIDPathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<GetDowntimeScheduleByID200>({
+		url: `/api/v1/downtime_schedules/${id}`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetDowntimeScheduleByIDQueryKey = ({
+	id,
+}: GetDowntimeScheduleByIDPathParameters) => {
+	return [`/api/v1/downtime_schedules/${id}`] as const;
+};
+
+export const getGetDowntimeScheduleByIDQueryOptions = <
+	TData = Awaited<ReturnType<typeof getDowntimeScheduleByID>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetDowntimeScheduleByIDPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getDowntimeScheduleByID>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey =
+		queryOptions?.queryKey ?? getGetDowntimeScheduleByIDQueryKey({ id });
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getDowntimeScheduleByID>>
+	> = ({ signal }) => getDowntimeScheduleByID({ id }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!id,
+		...queryOptions,
+	} as UseQueryOptions<
+		Awaited<ReturnType<typeof getDowntimeScheduleByID>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetDowntimeScheduleByIDQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getDowntimeScheduleByID>>
+>;
+export type GetDowntimeScheduleByIDQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get downtime schedule by ID
+ */
+
+export function useGetDowntimeScheduleByID<
+	TData = Awaited<ReturnType<typeof getDowntimeScheduleByID>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetDowntimeScheduleByIDPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getDowntimeScheduleByID>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetDowntimeScheduleByIDQueryOptions({ id }, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get downtime schedule by ID
+ */
+export const invalidateGetDowntimeScheduleByID = async (
+	queryClient: QueryClient,
+	{ id }: GetDowntimeScheduleByIDPathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetDowntimeScheduleByIDQueryKey({ id }) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint updates a downtime schedule by ID
+ * @summary Update downtime schedule
+ */
+export const updateDowntimeScheduleByID = (
+	{ id }: UpdateDowntimeScheduleByIDPathParameters,
+	ruletypesPostablePlannedMaintenanceDTO: BodyType<RuletypesPostablePlannedMaintenanceDTO>,
+) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/downtime_schedules/${id}`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: ruletypesPostablePlannedMaintenanceDTO,
+	});
+};
+
+export const getUpdateDowntimeScheduleByIDMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateDowntimeScheduleByID>>,
+		TError,
+		{
+			pathParams: UpdateDowntimeScheduleByIDPathParameters;
+			data: BodyType<RuletypesPostablePlannedMaintenanceDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateDowntimeScheduleByID>>,
+	TError,
+	{
+		pathParams: UpdateDowntimeScheduleByIDPathParameters;
+		data: BodyType<RuletypesPostablePlannedMaintenanceDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updateDowntimeScheduleByID'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateDowntimeScheduleByID>>,
+		{
+			pathParams: UpdateDowntimeScheduleByIDPathParameters;
+			data: BodyType<RuletypesPostablePlannedMaintenanceDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updateDowntimeScheduleByID(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateDowntimeScheduleByIDMutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateDowntimeScheduleByID>>
+>;
+export type UpdateDowntimeScheduleByIDMutationBody = BodyType<RuletypesPostablePlannedMaintenanceDTO>;
+export type UpdateDowntimeScheduleByIDMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update downtime schedule
+ */
+export const useUpdateDowntimeScheduleByID = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateDowntimeScheduleByID>>,
+		TError,
+		{
+			pathParams: UpdateDowntimeScheduleByIDPathParameters;
+			data: BodyType<RuletypesPostablePlannedMaintenanceDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateDowntimeScheduleByID>>,
+	TError,
+	{
+		pathParams: UpdateDowntimeScheduleByIDPathParameters;
+		data: BodyType<RuletypesPostablePlannedMaintenanceDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getUpdateDowntimeScheduleByIDMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};

frontend/src/api/generated/services/health/index.ts

@@ -0,0 +1,250 @@
+/**
+ * ! Do not edit manually
+ * * The file has been auto-generated using Orval for SigNoz
+ * * regenerate with 'yarn generate:api'
+ * SigNoz
+ */
+import type {
+	InvalidateOptions,
+	QueryClient,
+	QueryFunction,
+	QueryKey,
+	UseQueryOptions,
+	UseQueryResult,
+} from 'react-query';
+import { useQuery } from 'react-query';
+
+import type { ErrorType } from '../../../generatedAPIInstance';
+import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
+import type {
+	Healthz200,
+	Healthz503,
+	Livez200,
+	Readyz200,
+	Readyz503,
+	RenderErrorResponseDTO,
+} from '../sigNoz.schemas';
+
+/**
+ * @summary Health check
+ */
+export const healthz = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<Healthz200>({
+		url: `/api/v2/healthz`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getHealthzQueryKey = () => {
+	return [`/api/v2/healthz`] as const;
+};
+
+export const getHealthzQueryOptions = <
+	TData = Awaited<ReturnType<typeof healthz>>,
+	TError = ErrorType<Healthz503>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof healthz>>, TError, TData>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getHealthzQueryKey();
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof healthz>>> = ({
+		signal,
+	}) => healthz(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof healthz>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type HealthzQueryResult = NonNullable<
+	Awaited<ReturnType<typeof healthz>>
+>;
+export type HealthzQueryError = ErrorType<Healthz503>;
+
+/**
+ * @summary Health check
+ */
+
+export function useHealthz<
+	TData = Awaited<ReturnType<typeof healthz>>,
+	TError = ErrorType<Healthz503>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof healthz>>, TError, TData>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getHealthzQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Health check
+ */
+export const invalidateHealthz = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getHealthzQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * @summary Liveness check
+ */
+export const livez = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<Livez200>({
+		url: `/api/v2/livez`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getLivezQueryKey = () => {
+	return [`/api/v2/livez`] as const;
+};
+
+export const getLivezQueryOptions = <
+	TData = Awaited<ReturnType<typeof livez>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof livez>>, TError, TData>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getLivezQueryKey();
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof livez>>> = ({
+		signal,
+	}) => livez(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof livez>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type LivezQueryResult = NonNullable<Awaited<ReturnType<typeof livez>>>;
+export type LivezQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Liveness check
+ */
+
+export function useLivez<
+	TData = Awaited<ReturnType<typeof livez>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof livez>>, TError, TData>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getLivezQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Liveness check
+ */
+export const invalidateLivez = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries({ queryKey: getLivezQueryKey() }, options);
+
+	return queryClient;
+};
+
+/**
+ * @summary Readiness check
+ */
+export const readyz = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<Readyz200>({
+		url: `/api/v2/readyz`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getReadyzQueryKey = () => {
+	return [`/api/v2/readyz`] as const;
+};
+
+export const getReadyzQueryOptions = <
+	TData = Awaited<ReturnType<typeof readyz>>,
+	TError = ErrorType<Readyz503>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof readyz>>, TError, TData>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getReadyzQueryKey();
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof readyz>>> = ({
+		signal,
+	}) => readyz(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof readyz>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type ReadyzQueryResult = NonNullable<Awaited<ReturnType<typeof readyz>>>;
+export type ReadyzQueryError = ErrorType<Readyz503>;
+
+/**
+ * @summary Readiness check
+ */
+
+export function useReadyz<
+	TData = Awaited<ReturnType<typeof readyz>>,
+	TError = ErrorType<Readyz503>
+>(options?: {
+	query?: UseQueryOptions<Awaited<ReturnType<typeof readyz>>, TError, TData>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getReadyzQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Readiness check
+ */
+export const invalidateReadyz = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getReadyzQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};

frontend/src/api/generated/services/logs/index.ts

@@ -20,11 +20,113 @@ import { useMutation, useQuery } from 'react-query';
 import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
 import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
 import type {
+	HandleExportRawDataPOSTParams,
 	ListPromotedAndIndexedPaths200,
 	PromotetypesPromotePathDTO,
+	Querybuildertypesv5QueryRangeRequestDTO,
 	RenderErrorResponseDTO,
 } from '../sigNoz.schemas';
 
+/**
+ * This endpoints allows complex query exporting raw data for traces and logs
+ * @summary Export raw data
+ */
+export const handleExportRawDataPOST = (
+	querybuildertypesv5QueryRangeRequestDTO: BodyType<Querybuildertypesv5QueryRangeRequestDTO>,
+	params?: HandleExportRawDataPOSTParams,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v1/export_raw_data`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: querybuildertypesv5QueryRangeRequestDTO,
+		params,
+		signal,
+	});
+};
+
+export const getHandleExportRawDataPOSTMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+		TError,
+		{
+			data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+			params?: HandleExportRawDataPOSTParams;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+	TError,
+	{
+		data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+		params?: HandleExportRawDataPOSTParams;
+	},
+	TContext
+> => {
+	const mutationKey = ['handleExportRawDataPOST'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+		{
+			data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+			params?: HandleExportRawDataPOSTParams;
+		}
+	> = (props) => {
+		const { data, params } = props ?? {};
+
+		return handleExportRawDataPOST(data, params);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type HandleExportRawDataPOSTMutationResult = NonNullable<
+	Awaited<ReturnType<typeof handleExportRawDataPOST>>
+>;
+export type HandleExportRawDataPOSTMutationBody = BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+export type HandleExportRawDataPOSTMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Export raw data
+ */
+export const useHandleExportRawDataPOST = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+		TError,
+		{
+			data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+			params?: HandleExportRawDataPOSTParams;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof handleExportRawDataPOST>>,
+	TError,
+	{
+		data: BodyType<Querybuildertypesv5QueryRangeRequestDTO>;
+		params?: HandleExportRawDataPOSTParams;
+	},
+	TContext
+> => {
+	const mutationOptions = getHandleExportRawDataPOSTMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
 /**
  * This endpoints promotes and indexes paths
  * @summary Promote and index paths

frontend/src/api/generated/services/metrics/index.ts

@@ -31,10 +31,13 @@ import type {
 	GetMetricHighlightsPathParameters,
 	GetMetricMetadata200,
 	GetMetricMetadataPathParameters,
+	GetMetricsOnboardingStatus200,
 	GetMetricsStats200,
 	GetMetricsTreemap200,
+	InspectMetrics200,
 	ListMetrics200,
 	ListMetricsParams,
+	MetricsexplorertypesInspectMetricsRequestDTO,
 	MetricsexplorertypesStatsRequestDTO,
 	MetricsexplorertypesTreemapRequestDTO,
 	MetricsexplorertypesUpdateMetricMetadataRequestDTO,
@@ -778,6 +781,176 @@ export const useUpdateMetricMetadata = <
 
 	return useMutation(mutationOptions);
 };
+/**
+ * Returns raw time series data points for a metric within a time range (max 30 minutes). Each series includes labels and timestamp/value pairs.
+ * @summary Inspect raw metric data points
+ */
+export const inspectMetrics = (
+	metricsexplorertypesInspectMetricsRequestDTO: BodyType<MetricsexplorertypesInspectMetricsRequestDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<InspectMetrics200>({
+		url: `/api/v2/metrics/inspect`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: metricsexplorertypesInspectMetricsRequestDTO,
+		signal,
+	});
+};
+
+export const getInspectMetricsMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof inspectMetrics>>,
+		TError,
+		{ data: BodyType<MetricsexplorertypesInspectMetricsRequestDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof inspectMetrics>>,
+	TError,
+	{ data: BodyType<MetricsexplorertypesInspectMetricsRequestDTO> },
+	TContext
+> => {
+	const mutationKey = ['inspectMetrics'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof inspectMetrics>>,
+		{ data: BodyType<MetricsexplorertypesInspectMetricsRequestDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return inspectMetrics(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type InspectMetricsMutationResult = NonNullable<
+	Awaited<ReturnType<typeof inspectMetrics>>
+>;
+export type InspectMetricsMutationBody = BodyType<MetricsexplorertypesInspectMetricsRequestDTO>;
+export type InspectMetricsMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Inspect raw metric data points
+ */
+export const useInspectMetrics = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof inspectMetrics>>,
+		TError,
+		{ data: BodyType<MetricsexplorertypesInspectMetricsRequestDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof inspectMetrics>>,
+	TError,
+	{ data: BodyType<MetricsexplorertypesInspectMetricsRequestDTO> },
+	TContext
+> => {
+	const mutationOptions = getInspectMetricsMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * Lightweight endpoint that checks if any non-SigNoz metrics have been ingested, used for onboarding status detection
+ * @summary Check if non-SigNoz metrics have been received
+ */
+export const getMetricsOnboardingStatus = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<GetMetricsOnboardingStatus200>({
+		url: `/api/v2/metrics/onboarding`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetMetricsOnboardingStatusQueryKey = () => {
+	return [`/api/v2/metrics/onboarding`] as const;
+};
+
+export const getGetMetricsOnboardingStatusQueryOptions = <
+	TData = Awaited<ReturnType<typeof getMetricsOnboardingStatus>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof getMetricsOnboardingStatus>>,
+		TError,
+		TData
+	>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey =
+		queryOptions?.queryKey ?? getGetMetricsOnboardingStatusQueryKey();
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getMetricsOnboardingStatus>>
+	> = ({ signal }) => getMetricsOnboardingStatus(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof getMetricsOnboardingStatus>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetMetricsOnboardingStatusQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getMetricsOnboardingStatus>>
+>;
+export type GetMetricsOnboardingStatusQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Check if non-SigNoz metrics have been received
+ */
+
+export function useGetMetricsOnboardingStatus<
+	TData = Awaited<ReturnType<typeof getMetricsOnboardingStatus>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof getMetricsOnboardingStatus>>,
+		TError,
+		TData
+	>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetMetricsOnboardingStatusQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Check if non-SigNoz metrics have been received
+ */
+export const invalidateGetMetricsOnboardingStatus = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetMetricsOnboardingStatusQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};
+
 /**
  * This endpoint provides list of metrics with their number of samples and timeseries for the given time range
  * @summary Get metrics statistics

frontend/src/api/generated/services/routepolicies/index.ts

@@ -0,0 +1,482 @@
+/**
+ * ! Do not edit manually
+ * * The file has been auto-generated using Orval for SigNoz
+ * * regenerate with 'yarn generate:api'
+ * SigNoz
+ */
+import type {
+	InvalidateOptions,
+	MutationFunction,
+	QueryClient,
+	QueryFunction,
+	QueryKey,
+	UseMutationOptions,
+	UseMutationResult,
+	UseQueryOptions,
+	UseQueryResult,
+} from 'react-query';
+import { useMutation, useQuery } from 'react-query';
+
+import type { BodyType, ErrorType } from '../../../generatedAPIInstance';
+import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
+import type {
+	AlertmanagertypesPostableRoutePolicyDTO,
+	CreateRoutePolicy201,
+	DeleteRoutePolicyByIDPathParameters,
+	GetAllRoutePolicies200,
+	GetRoutePolicyByID200,
+	GetRoutePolicyByIDPathParameters,
+	RenderErrorResponseDTO,
+	UpdateRoutePolicy200,
+	UpdateRoutePolicyPathParameters,
+} from '../sigNoz.schemas';
+
+/**
+ * This endpoint lists all route policies for the organization
+ * @summary List route policies
+ */
+export const getAllRoutePolicies = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<GetAllRoutePolicies200>({
+		url: `/api/v1/route_policies`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetAllRoutePoliciesQueryKey = () => {
+	return [`/api/v1/route_policies`] as const;
+};
+
+export const getGetAllRoutePoliciesQueryOptions = <
+	TData = Awaited<ReturnType<typeof getAllRoutePolicies>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof getAllRoutePolicies>>,
+		TError,
+		TData
+	>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getGetAllRoutePoliciesQueryKey();
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getAllRoutePolicies>>
+	> = ({ signal }) => getAllRoutePolicies(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof getAllRoutePolicies>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetAllRoutePoliciesQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getAllRoutePolicies>>
+>;
+export type GetAllRoutePoliciesQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary List route policies
+ */
+
+export function useGetAllRoutePolicies<
+	TData = Awaited<ReturnType<typeof getAllRoutePolicies>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof getAllRoutePolicies>>,
+		TError,
+		TData
+	>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetAllRoutePoliciesQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary List route policies
+ */
+export const invalidateGetAllRoutePolicies = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetAllRoutePoliciesQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint creates a route policy
+ * @summary Create route policy
+ */
+export const createRoutePolicy = (
+	alertmanagertypesPostableRoutePolicyDTO: BodyType<AlertmanagertypesPostableRoutePolicyDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateRoutePolicy201>({
+		url: `/api/v1/route_policies`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: alertmanagertypesPostableRoutePolicyDTO,
+		signal,
+	});
+};
+
+export const getCreateRoutePolicyMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createRoutePolicy>>,
+		TError,
+		{ data: BodyType<AlertmanagertypesPostableRoutePolicyDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createRoutePolicy>>,
+	TError,
+	{ data: BodyType<AlertmanagertypesPostableRoutePolicyDTO> },
+	TContext
+> => {
+	const mutationKey = ['createRoutePolicy'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createRoutePolicy>>,
+		{ data: BodyType<AlertmanagertypesPostableRoutePolicyDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return createRoutePolicy(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreateRoutePolicyMutationResult = NonNullable<
+	Awaited<ReturnType<typeof createRoutePolicy>>
+>;
+export type CreateRoutePolicyMutationBody = BodyType<AlertmanagertypesPostableRoutePolicyDTO>;
+export type CreateRoutePolicyMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Create route policy
+ */
+export const useCreateRoutePolicy = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createRoutePolicy>>,
+		TError,
+		{ data: BodyType<AlertmanagertypesPostableRoutePolicyDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createRoutePolicy>>,
+	TError,
+	{ data: BodyType<AlertmanagertypesPostableRoutePolicyDTO> },
+	TContext
+> => {
+	const mutationOptions = getCreateRoutePolicyMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint deletes a route policy by ID
+ * @summary Delete route policy
+ */
+export const deleteRoutePolicyByID = ({
+	id,
+}: DeleteRoutePolicyByIDPathParameters) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/route_policies/${id}`,
+		method: 'DELETE',
+	});
+};
+
+export const getDeleteRoutePolicyByIDMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteRoutePolicyByID>>,
+		TError,
+		{ pathParams: DeleteRoutePolicyByIDPathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof deleteRoutePolicyByID>>,
+	TError,
+	{ pathParams: DeleteRoutePolicyByIDPathParameters },
+	TContext
+> => {
+	const mutationKey = ['deleteRoutePolicyByID'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof deleteRoutePolicyByID>>,
+		{ pathParams: DeleteRoutePolicyByIDPathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return deleteRoutePolicyByID(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type DeleteRoutePolicyByIDMutationResult = NonNullable<
+	Awaited<ReturnType<typeof deleteRoutePolicyByID>>
+>;
+
+export type DeleteRoutePolicyByIDMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Delete route policy
+ */
+export const useDeleteRoutePolicyByID = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteRoutePolicyByID>>,
+		TError,
+		{ pathParams: DeleteRoutePolicyByIDPathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof deleteRoutePolicyByID>>,
+	TError,
+	{ pathParams: DeleteRoutePolicyByIDPathParameters },
+	TContext
+> => {
+	const mutationOptions = getDeleteRoutePolicyByIDMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint returns a route policy by ID
+ * @summary Get route policy by ID
+ */
+export const getRoutePolicyByID = (
+	{ id }: GetRoutePolicyByIDPathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<GetRoutePolicyByID200>({
+		url: `/api/v1/route_policies/${id}`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetRoutePolicyByIDQueryKey = ({
+	id,
+}: GetRoutePolicyByIDPathParameters) => {
+	return [`/api/v1/route_policies/${id}`] as const;
+};
+
+export const getGetRoutePolicyByIDQueryOptions = <
+	TData = Awaited<ReturnType<typeof getRoutePolicyByID>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetRoutePolicyByIDPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getRoutePolicyByID>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey =
+		queryOptions?.queryKey ?? getGetRoutePolicyByIDQueryKey({ id });
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getRoutePolicyByID>>
+	> = ({ signal }) => getRoutePolicyByID({ id }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!id,
+		...queryOptions,
+	} as UseQueryOptions<
+		Awaited<ReturnType<typeof getRoutePolicyByID>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetRoutePolicyByIDQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getRoutePolicyByID>>
+>;
+export type GetRoutePolicyByIDQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get route policy by ID
+ */
+
+export function useGetRoutePolicyByID<
+	TData = Awaited<ReturnType<typeof getRoutePolicyByID>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetRoutePolicyByIDPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getRoutePolicyByID>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetRoutePolicyByIDQueryOptions({ id }, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get route policy by ID
+ */
+export const invalidateGetRoutePolicyByID = async (
+	queryClient: QueryClient,
+	{ id }: GetRoutePolicyByIDPathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetRoutePolicyByIDQueryKey({ id }) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint updates a route policy by ID
+ * @summary Update route policy
+ */
+export const updateRoutePolicy = (
+	{ id }: UpdateRoutePolicyPathParameters,
+	alertmanagertypesPostableRoutePolicyDTO: BodyType<AlertmanagertypesPostableRoutePolicyDTO>,
+) => {
+	return GeneratedAPIInstance<UpdateRoutePolicy200>({
+		url: `/api/v1/route_policies/${id}`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: alertmanagertypesPostableRoutePolicyDTO,
+	});
+};
+
+export const getUpdateRoutePolicyMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateRoutePolicy>>,
+		TError,
+		{
+			pathParams: UpdateRoutePolicyPathParameters;
+			data: BodyType<AlertmanagertypesPostableRoutePolicyDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateRoutePolicy>>,
+	TError,
+	{
+		pathParams: UpdateRoutePolicyPathParameters;
+		data: BodyType<AlertmanagertypesPostableRoutePolicyDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updateRoutePolicy'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateRoutePolicy>>,
+		{
+			pathParams: UpdateRoutePolicyPathParameters;
+			data: BodyType<AlertmanagertypesPostableRoutePolicyDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updateRoutePolicy(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateRoutePolicyMutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateRoutePolicy>>
+>;
+export type UpdateRoutePolicyMutationBody = BodyType<AlertmanagertypesPostableRoutePolicyDTO>;
+export type UpdateRoutePolicyMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update route policy
+ */
+export const useUpdateRoutePolicy = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateRoutePolicy>>,
+		TError,
+		{
+			pathParams: UpdateRoutePolicyPathParameters;
+			data: BodyType<AlertmanagertypesPostableRoutePolicyDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateRoutePolicy>>,
+	TError,
+	{
+		pathParams: UpdateRoutePolicyPathParameters;
+		data: BodyType<AlertmanagertypesPostableRoutePolicyDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getUpdateRoutePolicyMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};

frontend/src/api/generated/services/serviceaccount/index.ts

@@ -23,9 +23,15 @@ import type {
 	CreateServiceAccount201,
 	CreateServiceAccountKey201,
 	CreateServiceAccountKeyPathParameters,
+	CreateServiceAccountRole201,
+	CreateServiceAccountRolePathParameters,
 	DeleteServiceAccountPathParameters,
+	DeleteServiceAccountRolePathParameters,
+	GetMyServiceAccount200,
 	GetServiceAccount200,
 	GetServiceAccountPathParameters,
+	GetServiceAccountRoles200,
+	GetServiceAccountRolesPathParameters,
 	ListServiceAccountKeys200,
 	ListServiceAccountKeysPathParameters,
 	ListServiceAccounts200,
@@ -33,12 +39,10 @@ import type {
 	RevokeServiceAccountKeyPathParameters,
 	ServiceaccounttypesPostableFactorAPIKeyDTO,
 	ServiceaccounttypesPostableServiceAccountDTO,
+	ServiceaccounttypesPostableServiceAccountRoleDTO,
 	ServiceaccounttypesUpdatableFactorAPIKeyDTO,
-	ServiceaccounttypesUpdatableServiceAccountDTO,
-	ServiceaccounttypesUpdatableServiceAccountStatusDTO,
 	UpdateServiceAccountKeyPathParameters,
 	UpdateServiceAccountPathParameters,
-	UpdateServiceAccountStatusPathParameters,
 } from '../sigNoz.schemas';
 
 /**
@@ -399,13 +403,13 @@ export const invalidateGetServiceAccount = async (
  */
 export const updateServiceAccount = (
 	{ id }: UpdateServiceAccountPathParameters,
-	serviceaccounttypesUpdatableServiceAccountDTO: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>,
+	serviceaccounttypesPostableServiceAccountDTO: BodyType<ServiceaccounttypesPostableServiceAccountDTO>,
 ) => {
 	return GeneratedAPIInstance<string>({
 		url: `/api/v1/service_accounts/${id}`,
 		method: 'PUT',
 		headers: { 'Content-Type': 'application/json' },
-		data: serviceaccounttypesUpdatableServiceAccountDTO,
+		data: serviceaccounttypesPostableServiceAccountDTO,
 	});
 };
 
@@ -418,7 +422,7 @@ export const getUpdateServiceAccountMutationOptions = <
 		TError,
 		{
 			pathParams: UpdateServiceAccountPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 		},
 		TContext
 	>;
@@ -427,7 +431,7 @@ export const getUpdateServiceAccountMutationOptions = <
 	TError,
 	{
 		pathParams: UpdateServiceAccountPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+		data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 	},
 	TContext
 > => {
@@ -444,7 +448,7 @@ export const getUpdateServiceAccountMutationOptions = <
 		Awaited<ReturnType<typeof updateServiceAccount>>,
 		{
 			pathParams: UpdateServiceAccountPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 		}
 	> = (props) => {
 		const { pathParams, data } = props ?? {};
@@ -458,7 +462,7 @@ export const getUpdateServiceAccountMutationOptions = <
 export type UpdateServiceAccountMutationResult = NonNullable<
 	Awaited<ReturnType<typeof updateServiceAccount>>
 >;
-export type UpdateServiceAccountMutationBody = BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+export type UpdateServiceAccountMutationBody = BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 export type UpdateServiceAccountMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
@@ -473,7 +477,7 @@ export const useUpdateServiceAccount = <
 		TError,
 		{
 			pathParams: UpdateServiceAccountPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 		},
 		TContext
 	>;
@@ -482,7 +486,7 @@ export const useUpdateServiceAccount = <
 	TError,
 	{
 		pathParams: UpdateServiceAccountPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountDTO>;
+		data: BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
 	},
 	TContext
 > => {
@@ -871,44 +875,150 @@ export const useUpdateServiceAccountKey = <
 	return useMutation(mutationOptions);
 };
 /**
- * This endpoint updates an existing service account status
- * @summary Updates a service account status
+ * This endpoint gets all the roles for the existing service account
+ * @summary Gets service account roles
  */
-export const updateServiceAccountStatus = (
-	{ id }: UpdateServiceAccountStatusPathParameters,
-	serviceaccounttypesUpdatableServiceAccountStatusDTO: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>,
+export const getServiceAccountRoles = (
+	{ id }: GetServiceAccountRolesPathParameters,
+	signal?: AbortSignal,
 ) => {
-	return GeneratedAPIInstance<string>({
-		url: `/api/v1/service_accounts/${id}/status`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: serviceaccounttypesUpdatableServiceAccountStatusDTO,
+	return GeneratedAPIInstance<GetServiceAccountRoles200>({
+		url: `/api/v1/service_accounts/${id}/roles`,
+		method: 'GET',
+		signal,
 	});
 };
 
-export const getUpdateServiceAccountStatusMutationOptions = <
+export const getGetServiceAccountRolesQueryKey = ({
+	id,
+}: GetServiceAccountRolesPathParameters) => {
+	return [`/api/v1/service_accounts/${id}/roles`] as const;
+};
+
+export const getGetServiceAccountRolesQueryOptions = <
+	TData = Awaited<ReturnType<typeof getServiceAccountRoles>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetServiceAccountRolesPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getServiceAccountRoles>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey =
+		queryOptions?.queryKey ?? getGetServiceAccountRolesQueryKey({ id });
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getServiceAccountRoles>>
+	> = ({ signal }) => getServiceAccountRoles({ id }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!id,
+		...queryOptions,
+	} as UseQueryOptions<
+		Awaited<ReturnType<typeof getServiceAccountRoles>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetServiceAccountRolesQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getServiceAccountRoles>>
+>;
+export type GetServiceAccountRolesQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Gets service account roles
+ */
+
+export function useGetServiceAccountRoles<
+	TData = Awaited<ReturnType<typeof getServiceAccountRoles>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(
+	{ id }: GetServiceAccountRolesPathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getServiceAccountRoles>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetServiceAccountRolesQueryOptions({ id }, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Gets service account roles
+ */
+export const invalidateGetServiceAccountRoles = async (
+	queryClient: QueryClient,
+	{ id }: GetServiceAccountRolesPathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetServiceAccountRolesQueryKey({ id }) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint assigns a role to a service account
+ * @summary Create service account role
+ */
+export const createServiceAccountRole = (
+	{ id }: CreateServiceAccountRolePathParameters,
+	serviceaccounttypesPostableServiceAccountRoleDTO: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateServiceAccountRole201>({
+		url: `/api/v1/service_accounts/${id}/roles`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: serviceaccounttypesPostableServiceAccountRoleDTO,
+		signal,
+	});
+};
+
+export const getCreateServiceAccountRoleMutationOptions = <
 	TError = ErrorType<RenderErrorResponseDTO>,
 	TContext = unknown
 >(options?: {
 	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+		Awaited<ReturnType<typeof createServiceAccountRole>>,
 		TError,
 		{
-			pathParams: UpdateServiceAccountStatusPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+			pathParams: CreateServiceAccountRolePathParameters;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 		},
 		TContext
 	>;
 }): UseMutationOptions<
-	Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+	Awaited<ReturnType<typeof createServiceAccountRole>>,
 	TError,
 	{
-		pathParams: UpdateServiceAccountStatusPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+		pathParams: CreateServiceAccountRolePathParameters;
+		data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 	},
 	TContext
 > => {
-	const mutationKey = ['updateServiceAccountStatus'];
+	const mutationKey = ['createServiceAccountRole'];
 	const { mutation: mutationOptions } = options
 		? options.mutation &&
 		  'mutationKey' in options.mutation &&
@@ -918,52 +1028,299 @@ export const getUpdateServiceAccountStatusMutationOptions = <
 		: { mutation: { mutationKey } };
 
 	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+		Awaited<ReturnType<typeof createServiceAccountRole>>,
 		{
-			pathParams: UpdateServiceAccountStatusPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+			pathParams: CreateServiceAccountRolePathParameters;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 		}
 	> = (props) => {
 		const { pathParams, data } = props ?? {};
 
-		return updateServiceAccountStatus(pathParams, data);
+		return createServiceAccountRole(pathParams, data);
 	};
 
 	return { mutationFn, ...mutationOptions };
 };
 
-export type UpdateServiceAccountStatusMutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateServiceAccountStatus>>
+export type CreateServiceAccountRoleMutationResult = NonNullable<
+	Awaited<ReturnType<typeof createServiceAccountRole>>
 >;
-export type UpdateServiceAccountStatusMutationBody = BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
-export type UpdateServiceAccountStatusMutationError = ErrorType<RenderErrorResponseDTO>;
+export type CreateServiceAccountRoleMutationBody = BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
+export type CreateServiceAccountRoleMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
- * @summary Updates a service account status
+ * @summary Create service account role
  */
-export const useUpdateServiceAccountStatus = <
+export const useCreateServiceAccountRole = <
 	TError = ErrorType<RenderErrorResponseDTO>,
 	TContext = unknown
 >(options?: {
 	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+		Awaited<ReturnType<typeof createServiceAccountRole>>,
 		TError,
 		{
-			pathParams: UpdateServiceAccountStatusPathParameters;
-			data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+			pathParams: CreateServiceAccountRolePathParameters;
+			data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 		},
 		TContext
 	>;
 }): UseMutationResult<
-	Awaited<ReturnType<typeof updateServiceAccountStatus>>,
+	Awaited<ReturnType<typeof createServiceAccountRole>>,
 	TError,
 	{
-		pathParams: UpdateServiceAccountStatusPathParameters;
-		data: BodyType<ServiceaccounttypesUpdatableServiceAccountStatusDTO>;
+		pathParams: CreateServiceAccountRolePathParameters;
+		data: BodyType<ServiceaccounttypesPostableServiceAccountRoleDTO>;
 	},
 	TContext
 > => {
-	const mutationOptions = getUpdateServiceAccountStatusMutationOptions(options);
+	const mutationOptions = getCreateServiceAccountRoleMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint revokes a role from service account
+ * @summary Delete service account role
+ */
+export const deleteServiceAccountRole = ({
+	id,
+	rid,
+}: DeleteServiceAccountRolePathParameters) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v1/service_accounts/${id}/roles/${rid}`,
+		method: 'DELETE',
+	});
+};
+
+export const getDeleteServiceAccountRoleMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+		TError,
+		{ pathParams: DeleteServiceAccountRolePathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+	TError,
+	{ pathParams: DeleteServiceAccountRolePathParameters },
+	TContext
+> => {
+	const mutationKey = ['deleteServiceAccountRole'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+		{ pathParams: DeleteServiceAccountRolePathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return deleteServiceAccountRole(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type DeleteServiceAccountRoleMutationResult = NonNullable<
+	Awaited<ReturnType<typeof deleteServiceAccountRole>>
+>;
+
+export type DeleteServiceAccountRoleMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Delete service account role
+ */
+export const useDeleteServiceAccountRole = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+		TError,
+		{ pathParams: DeleteServiceAccountRolePathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof deleteServiceAccountRole>>,
+	TError,
+	{ pathParams: DeleteServiceAccountRolePathParameters },
+	TContext
+> => {
+	const mutationOptions = getDeleteServiceAccountRoleMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint gets my service account
+ * @summary Gets my service account
+ */
+export const getMyServiceAccount = (signal?: AbortSignal) => {
+	return GeneratedAPIInstance<GetMyServiceAccount200>({
+		url: `/api/v1/service_accounts/me`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetMyServiceAccountQueryKey = () => {
+	return [`/api/v1/service_accounts/me`] as const;
+};
+
+export const getGetMyServiceAccountQueryOptions = <
+	TData = Awaited<ReturnType<typeof getMyServiceAccount>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof getMyServiceAccount>>,
+		TError,
+		TData
+	>;
+}) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getGetMyServiceAccountQueryKey();
+
+	const queryFn: QueryFunction<
+		Awaited<ReturnType<typeof getMyServiceAccount>>
+	> = ({ signal }) => getMyServiceAccount(signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof getMyServiceAccount>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetMyServiceAccountQueryResult = NonNullable<
+	Awaited<ReturnType<typeof getMyServiceAccount>>
+>;
+export type GetMyServiceAccountQueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Gets my service account
+ */
+
+export function useGetMyServiceAccount<
+	TData = Awaited<ReturnType<typeof getMyServiceAccount>>,
+	TError = ErrorType<RenderErrorResponseDTO>
+>(options?: {
+	query?: UseQueryOptions<
+		Awaited<ReturnType<typeof getMyServiceAccount>>,
+		TError,
+		TData
+	>;
+}): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetMyServiceAccountQueryOptions(options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Gets my service account
+ */
+export const invalidateGetMyServiceAccount = async (
+	queryClient: QueryClient,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetMyServiceAccountQueryKey() },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint gets my service account
+ * @summary Updates my service account
+ */
+export const updateMyServiceAccount = (
+	serviceaccounttypesPostableServiceAccountDTO: BodyType<ServiceaccounttypesPostableServiceAccountDTO>,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v1/service_accounts/me`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: serviceaccounttypesPostableServiceAccountDTO,
+	});
+};
+
+export const getUpdateMyServiceAccountMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateMyServiceAccount>>,
+		TError,
+		{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateMyServiceAccount>>,
+	TError,
+	{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
+	TContext
+> => {
+	const mutationKey = ['updateMyServiceAccount'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+		  'mutationKey' in options.mutation &&
+		  options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateMyServiceAccount>>,
+		{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return updateMyServiceAccount(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateMyServiceAccountMutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateMyServiceAccount>>
+>;
+export type UpdateMyServiceAccountMutationBody = BodyType<ServiceaccounttypesPostableServiceAccountDTO>;
+export type UpdateMyServiceAccountMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Updates my service account
+ */
+export const useUpdateMyServiceAccount = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateMyServiceAccount>>,
+		TError,
+		{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateMyServiceAccount>>,
+	TError,
+	{ data: BodyType<ServiceaccounttypesPostableServiceAccountDTO> },
+	TContext
+> => {
+	const mutationOptions = getUpdateMyServiceAccountMutationOptions(options);
 
 	return useMutation(mutationOptions);
 };