feat: added user-friendly format to dashboard variable url

"

.devenv/docker/clickhouse/compose.yaml

@@ -40,7 +40,7 @@ services:
       timeout: 5s
       retries: 3
   schema-migrator-sync:
-    image: signoz/signoz-schema-migrator:v0.128.2
+    image: signoz/signoz-schema-migrator:v0.111.41
     container_name: schema-migrator-sync
     command:
       - sync
@@ -53,7 +53,7 @@ services:
         condition: service_healthy
     restart: on-failure
   schema-migrator-async:
-    image: signoz/signoz-schema-migrator:v0.128.2
+    image: signoz/signoz-schema-migrator:v0.111.41
     container_name: schema-migrator-async
     command:
       - async

.github/CODEOWNERS

@@ -7,38 +7,8 @@
 /frontend/src/container/NewWidget/RightContainer/types.ts @srikanthccv
 /deploy/ @SigNoz/devops
 .github @SigNoz/devops
-
-# Scaffold Owners
 /pkg/config/ @grandwizard28
 /pkg/errors/ @grandwizard28
 /pkg/factory/ @grandwizard28
 /pkg/types/ @grandwizard28
-/pkg/valuer/ @grandwizard28
-/cmd/ @grandwizard28
-.golangci.yml @grandwizard28
-
-# Zeus Owners
-/pkg/zeus/ @vikrantgupta25
-/ee/zeus/ @vikrantgupta25
-/pkg/licensing/ @vikrantgupta25
-/ee/licensing/ @vikrantgupta25
-
-# SQL Owners
 /pkg/sqlmigration/ @vikrantgupta25
-/ee/sqlmigration/ @vikrantgupta25
-/pkg/sqlschema/ @vikrantgupta25
-/ee/sqlschema/ @vikrantgupta25
-
-# Analytics Owners
-/pkg/analytics/ @vikrantgupta25
-/pkg/statsreporter/ @vikrantgupta25
-
-# Querier Owners
-/pkg/querier/ @srikanthccv
-/pkg/variables/ @srikanthccv
-/pkg/types/querybuildertypes/ @srikanthccv
-/pkg/querybuilder/ @srikanthccv
-/pkg/telemetrylogs/ @srikanthccv
-/pkg/telemetrymetadata/ @srikanthccv
-/pkg/telemetrymetrics/ @srikanthccv
-/pkg/telemetrytraces/ @srikanthccv

.github/pull_request_template.md

@@ -32,7 +32,9 @@ ex:
 
 > Tag the relevant teams for review:
 
-- frontend / backend / devops
+- [ ] @SigNoz/frontend
+- [ ] @SigNoz/backend
+- [ ] @SigNoz/devops
 
 ---
 

.github/workflows/build-community.yaml

@@ -66,7 +66,7 @@ jobs:
       GO_NAME: signoz-community
       GO_INPUT_ARTIFACT_CACHE_KEY: community-jsbuild-${{ github.sha }}
       GO_INPUT_ARTIFACT_PATH: frontend/build
-      GO_BUILD_CONTEXT: ./cmd/community
+      GO_BUILD_CONTEXT: ./pkg/query-service
       GO_BUILD_FLAGS: >-
         -tags timetzdata
         -ldflags='-linkmode external -extldflags \"-static\" -s -w
@@ -74,10 +74,9 @@ jobs:
         -X github.com/SigNoz/signoz/pkg/version.variant=community
         -X github.com/SigNoz/signoz/pkg/version.hash=${{ needs.prepare.outputs.hash }}
         -X github.com/SigNoz/signoz/pkg/version.time=${{ needs.prepare.outputs.time }}
-        -X github.com/SigNoz/signoz/pkg/version.branch=${{ needs.prepare.outputs.branch }}
-        -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr'
+        -X github.com/SigNoz/signoz/pkg/version.branch=${{ needs.prepare.outputs.branch }}'
       GO_CGO_ENABLED: 1
       DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
-      DOCKER_DOCKERFILE_PATH: ./cmd/community/Dockerfile.multi-arch
+      DOCKER_DOCKERFILE_PATH: ./pkg/query-service/Dockerfile.multi-arch
       DOCKER_MANIFEST: true
       DOCKER_PROVIDERS: dockerhub

.github/workflows/build-enterprise.yaml

@@ -67,8 +67,9 @@ jobs:
           echo 'TUNNEL_URL="${{ secrets.TUNNEL_URL }}"' >> frontend/.env
           echo 'TUNNEL_DOMAIN="${{ secrets.TUNNEL_DOMAIN }}"' >> frontend/.env
           echo 'POSTHOG_KEY="${{ secrets.POSTHOG_KEY }}"' >> frontend/.env
-          echo 'PYLON_APP_ID="${{ secrets.PYLON_APP_ID }}"' >> frontend/.env
-          echo 'APPCUES_APP_ID="${{ secrets.APPCUES_APP_ID }}"' >> frontend/.env
+          echo 'CUSTOMERIO_ID="${{ secrets.CUSTOMERIO_ID }}"' >> frontend/.env
+          echo 'CUSTOMERIO_SITE_ID="${{ secrets.CUSTOMERIO_SITE_ID }}"' >> frontend/.env
+          echo 'USERPILOT_KEY="${{ secrets.USERPILOT_KEY }}"' >> frontend/.env
       - name: cache-dotenv
         uses: actions/cache@v4
         with:
@@ -96,7 +97,7 @@ jobs:
       GO_VERSION: 1.23
       GO_INPUT_ARTIFACT_CACHE_KEY: enterprise-jsbuild-${{ github.sha }}
       GO_INPUT_ARTIFACT_PATH: frontend/build
-      GO_BUILD_CONTEXT: ./cmd/enterprise
+      GO_BUILD_CONTEXT: ./ee/query-service
       GO_BUILD_FLAGS: >-
         -tags timetzdata
         -ldflags='-linkmode external -extldflags \"-static\" -s -w
@@ -108,10 +109,9 @@ jobs:
         -X github.com/SigNoz/signoz/ee/zeus.url=https://api.signoz.cloud
         -X github.com/SigNoz/signoz/ee/zeus.deprecatedURL=https://license.signoz.io
         -X github.com/SigNoz/signoz/ee/query-service/constants.ZeusURL=https://api.signoz.cloud
-        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1
-        -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr'
+        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1'
       GO_CGO_ENABLED: 1
       DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
-      DOCKER_DOCKERFILE_PATH: ./cmd/enterprise/Dockerfile.multi-arch
+      DOCKER_DOCKERFILE_PATH: ./ee/query-service/Dockerfile.multi-arch
       DOCKER_MANIFEST: true
       DOCKER_PROVIDERS: ${{ needs.prepare.outputs.docker_providers }}

.github/workflows/build-staging.yaml

@@ -66,8 +66,7 @@ jobs:
           echo 'CI=1' > frontend/.env
           echo 'TUNNEL_URL="${{ secrets.NP_TUNNEL_URL }}"' >> frontend/.env
           echo 'TUNNEL_DOMAIN="${{ secrets.NP_TUNNEL_DOMAIN }}"' >> frontend/.env
-          echo 'PYLON_APP_ID="${{ secrets.NP_PYLON_APP_ID }}"' >> frontend/.env
-          echo 'APPCUES_APP_ID="${{ secrets.NP_APPCUES_APP_ID }}"' >> frontend/.env
+          echo 'USERPILOT_KEY="${{ secrets.NP_USERPILOT_KEY }}"' >> frontend/.env
       - name: cache-dotenv
         uses: actions/cache@v4
         with:
@@ -95,7 +94,7 @@ jobs:
       GO_VERSION: 1.23
       GO_INPUT_ARTIFACT_CACHE_KEY: staging-jsbuild-${{ github.sha }}
       GO_INPUT_ARTIFACT_PATH: frontend/build
-      GO_BUILD_CONTEXT: ./cmd/enterprise
+      GO_BUILD_CONTEXT: ./ee/query-service
       GO_BUILD_FLAGS: >-
         -tags timetzdata
         -ldflags='-linkmode external -extldflags \"-static\" -s -w
@@ -107,11 +106,10 @@ jobs:
         -X github.com/SigNoz/signoz/ee/zeus.url=https://api.staging.signoz.cloud
         -X github.com/SigNoz/signoz/ee/zeus.deprecatedURL=https://license.staging.signoz.cloud
         -X github.com/SigNoz/signoz/ee/query-service/constants.ZeusURL=https://api.staging.signoz.cloud
-        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.staging.signoz.cloud/api/v1
-        -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr'
+        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.staging.signoz.cloud/api/v1'
       GO_CGO_ENABLED: 1
       DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
-      DOCKER_DOCKERFILE_PATH: ./cmd/enterprise/Dockerfile.multi-arch
+      DOCKER_DOCKERFILE_PATH: ./ee/query-service/Dockerfile.multi-arch
       DOCKER_MANIFEST: true
       DOCKER_PROVIDERS: gcp
   staging:

.github/workflows/gor-signoz-community.yaml

@@ -36,7 +36,7 @@ jobs:
           - ubuntu-latest
           - macos-latest
     env:
-      CONFIG_PATH: cmd/community/.goreleaser.yaml
+      CONFIG_PATH: pkg/query-service/.goreleaser.yaml
     runs-on: ${{ matrix.os }}
     steps:
       - name: checkout
@@ -100,7 +100,7 @@ jobs:
     needs: build
     env:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
-      WORKDIR: cmd/community
+      WORKDIR: pkg/query-service
     steps:
       - name: checkout
         uses: actions/checkout@v4

.github/workflows/gor-signoz.yaml

@@ -33,8 +33,9 @@ jobs:
           echo 'TUNNEL_URL="${{ secrets.TUNNEL_URL }}"' >> .env
           echo 'TUNNEL_DOMAIN="${{ secrets.TUNNEL_DOMAIN }}"' >> .env
           echo 'POSTHOG_KEY="${{ secrets.POSTHOG_KEY }}"' >> .env
-          echo 'PYLON_APP_ID="${{ secrets.PYLON_APP_ID }}"' >> .env
-          echo 'APPCUES_APP_ID="${{ secrets.APPCUES_APP_ID }}"' >> .env
+          echo 'CUSTOMERIO_ID="${{ secrets.CUSTOMERIO_ID }}"' >> .env
+          echo 'CUSTOMERIO_SITE_ID="${{ secrets.CUSTOMERIO_SITE_ID }}"' >> .env
+          echo 'USERPILOT_KEY="${{ secrets.USERPILOT_KEY }}"' >> .env
       - name: build-frontend
         run:  make js-build
       - name: upload-frontend-artifact
@@ -50,7 +51,7 @@ jobs:
           - ubuntu-latest
           - macos-latest
     env:
-      CONFIG_PATH: cmd/enterprise/.goreleaser.yaml
+      CONFIG_PATH: ee/query-service/.goreleaser.yaml
     runs-on: ${{ matrix.os }}
     steps:
       - name: checkout

.github/workflows/integrationci.yaml

@@ -20,9 +20,9 @@ jobs:
           - sqlite
         clickhouse-version:
           - 24.1.2-alpine
-          - 25.5.6
+          - 24.12-alpine
         schema-migrator-version:
-          - v0.128.1
+          - v0.111.38
         postgres-version:
           - 15
     if: |

.github/workflows/prereleaser.yaml

@@ -1,6 +1,10 @@
 name: prereleaser
 
 on:
+  # schedule every wednesday 6:30 AM UTC (12:00 PM IST)
+  schedule:
+    - cron: '30 6 * * 3'
+
   # allow manual triggering of the workflow by a maintainer
   workflow_dispatch:
     inputs:

.github/workflows/run-e2e.yaml

@@ -1,62 +0,0 @@
-name: e2eci
-
-on:
-  workflow_dispatch:
-    inputs:
-      userRole:
-        description: "Role of the user (ADMIN, EDITOR, VIEWER)"
-        required: true
-        type: choice
-        options:
-          - ADMIN
-          - EDITOR
-          - VIEWER
-
-jobs:
-  test:
-    name: Run Playwright Tests
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: lts/*
-
-      - name: Mask secrets and input
-        run: |
-          echo "::add-mask::${{ secrets.BASE_URL }}"
-          echo "::add-mask::${{ secrets.LOGIN_USERNAME }}"
-          echo "::add-mask::${{ secrets.LOGIN_PASSWORD }}"
-          echo "::add-mask::${{ github.event.inputs.userRole }}"
-
-      - name: Install dependencies
-        working-directory: frontend
-        run: |
-          npm install -g yarn
-          yarn
-
-      - name: Install Playwright Browsers
-        working-directory: frontend
-        run: yarn playwright install --with-deps
-
-      - name: Run Playwright Tests
-        working-directory: frontend
-        run: |
-          BASE_URL="${{ secrets.BASE_URL }}" \
-          LOGIN_USERNAME="${{ secrets.LOGIN_USERNAME }}" \
-          LOGIN_PASSWORD="${{ secrets.LOGIN_PASSWORD }}" \
-          USER_ROLE="${{ github.event.inputs.userRole }}" \
-          yarn playwright test
-
-      - name: Upload Playwright Report
-        uses: actions/upload-artifact@v4
-        if: always()
-        with:
-          name: playwright-report
-          path: frontend/playwright-report/
-          retention-days: 30

.gitignore

@@ -66,7 +66,6 @@ e2e/.auth
 # go
 vendor/
 **/main/**
-__debug_bin**
 
 # git-town
 .git-branches.toml

.golangci.yml

@@ -1,34 +0,0 @@
-linters:
-  default: standard
-  enable:
-    - bodyclose
-    - misspell
-    - nilnil
-    - sloglint
-    - depguard
-    - iface
-    - unparam
-
-linters-settings:
-  sloglint:
-    no-mixed-args: true
-    kv-only: true
-    no-global: all
-    context: all
-    static-msg: true
-    msg-style: lowercased
-    key-naming-case: snake
-  depguard:
-    rules:
-      nozap:
-        deny:
-          - pkg: "go.uber.org/zap"
-            desc: "Do not use zap logger. Use slog instead."
-  iface:
-    enable:
-      - identical
-issues:
-  exclude-dirs:
-    - "pkg/query-service"
-    - "ee/query-service"
-    - "scripts/"

LICENSE

@@ -2,7 +2,7 @@ Copyright (c) 2020-present SigNoz Inc.
 
 Portions of this software are licensed as follows:
 
-* All content that resides under the "ee/" and the "cmd/enterprise/" directory of this repository, if that directory exists, is licensed under the license defined in "ee/LICENSE".
+* All content that resides under the "ee/" directory of this repository, if that directory exists, is licensed under the license defined in "ee/LICENSE".
 * All third party components incorporated into the SigNoz Software are licensed under the original license provided by the owner of the applicable component.
 * Content outside of the above mentioned directories or restrictions above is available under the "MIT Expat" license as defined below.
 

Makefile

@@ -20,18 +20,18 @@ GO_BUILD_LDFLAG_LICENSE_SIGNOZ_IO 	= -X github.com/SigNoz/signoz/ee/zeus.depreca
 
 GO_BUILD_VERSION_LDFLAGS 		= -X github.com/SigNoz/signoz/pkg/version.version=$(VERSION) -X github.com/SigNoz/signoz/pkg/version.hash=$(COMMIT_SHORT_SHA) -X github.com/SigNoz/signoz/pkg/version.time=$(TIMESTAMP) -X github.com/SigNoz/signoz/pkg/version.branch=$(BRANCH_NAME)
 GO_BUILD_ARCHS_COMMUNITY 		= $(addprefix go-build-community-,$(ARCHS))
-GO_BUILD_CONTEXT_COMMUNITY 		= $(SRC)/cmd/community
+GO_BUILD_CONTEXT_COMMUNITY 		= $(SRC)/pkg/query-service
 GO_BUILD_LDFLAGS_COMMUNITY 		= $(GO_BUILD_VERSION_LDFLAGS) -X github.com/SigNoz/signoz/pkg/version.variant=community
 GO_BUILD_ARCHS_ENTERPRISE 		= $(addprefix go-build-enterprise-,$(ARCHS))
 GO_BUILD_ARCHS_ENTERPRISE_RACE  = $(addprefix go-build-enterprise-race-,$(ARCHS))
-GO_BUILD_CONTEXT_ENTERPRISE 	= $(SRC)/cmd/enterprise
+GO_BUILD_CONTEXT_ENTERPRISE 	= $(SRC)/ee/query-service
 GO_BUILD_LDFLAGS_ENTERPRISE 	= $(GO_BUILD_VERSION_LDFLAGS) -X github.com/SigNoz/signoz/pkg/version.variant=enterprise $(GO_BUILD_LDFLAG_ZEUS_URL) $(GO_BUILD_LDFLAG_LICENSE_SIGNOZ_IO)
 
 DOCKER_BUILD_ARCHS_COMMUNITY 	= $(addprefix docker-build-community-,$(ARCHS))
-DOCKERFILE_COMMUNITY 			= $(SRC)/cmd/community/Dockerfile
+DOCKERFILE_COMMUNITY 			= $(SRC)/pkg/query-service/Dockerfile
 DOCKER_REGISTRY_COMMUNITY 		?= docker.io/signoz/signoz-community
 DOCKER_BUILD_ARCHS_ENTERPRISE 	= $(addprefix docker-build-enterprise-,$(ARCHS))
-DOCKERFILE_ENTERPRISE 			= $(SRC)/cmd/enterprise/Dockerfile
+DOCKERFILE_ENTERPRISE 			= $(SRC)/ee/query-service/Dockerfile
 DOCKER_REGISTRY_ENTERPRISE 		?= docker.io/signoz/signoz
 JS_BUILD_CONTEXT 				= $(SRC)/frontend
 
@@ -74,7 +74,7 @@ go-run-enterprise: ## Runs the enterprise go backend server
 	SIGNOZ_TELEMETRYSTORE_PROVIDER=clickhouse \
 	SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_DSN=tcp://127.0.0.1:9000 \
 	go run -race \
-		$(GO_BUILD_CONTEXT_ENTERPRISE)/*.go \
+		$(GO_BUILD_CONTEXT_ENTERPRISE)/main.go \
 		--config ./conf/prometheus.yml \
 		--cluster cluster
 
@@ -92,7 +92,7 @@ go-run-community: ## Runs the community go backend server
 	SIGNOZ_TELEMETRYSTORE_PROVIDER=clickhouse \
 	SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_DSN=tcp://127.0.0.1:9000 \
 	go run -race \
-		$(GO_BUILD_CONTEXT_COMMUNITY)/*.go \
+		$(GO_BUILD_CONTEXT_COMMUNITY)/main.go \
 		--config ./conf/prometheus.yml \
 		--cluster cluster
 

README.md

@@ -8,6 +8,7 @@
 <p align="center">All your logs, metrics, and traces in one place. Monitor your application, spot issues before they occur and troubleshoot downtime quickly with rich context. SigNoz is a cost-effective open-source alternative to Datadog and New Relic. Visit <a href="https://signoz.io" target="_blank">signoz.io</a> for the full documentation, tutorials, and guide.</p>
 
 <p align="center">
+    <img alt="Downloads" src="https://img.shields.io/docker/pulls/signoz/query-service?label=Docker Downloads"> </a>
     <img alt="GitHub issues" src="https://img.shields.io/github/issues/signoz/signoz"> </a>
     <a href="https://twitter.com/intent/tweet?text=Monitor%20your%20applications%20and%20troubleshoot%20problems%20with%20SigNoz,%20an%20open-source%20alternative%20to%20DataDog,%20NewRelic.&url=https://signoz.io/&via=SigNozHQ&hashtags=opensource,signoz,observability"> 
         <img alt="tweet" src="https://img.shields.io/twitter/url/http/shields.io.svg?style=social"> </a> 
@@ -230,8 +231,6 @@ Not sure how to get started? Just ping us on `#contributing` in our [slack commu
 - [Shaheer Kochai](https://github.com/ahmadshaheer)
 - [Amlan Kumar Nandy](https://github.com/amlannandy)
 - [Sahil Khan](https://github.com/sawhil)
-- [Aditya Singh](https://github.com/aks07)
-- [Abhi Kumar](https://github.com/ahrefabhi)
 
 #### DevOps
 

cmd/community/main.go

@@ -1,18 +0,0 @@
-package main
-
-import (
-	"log/slog"
-
-	"github.com/SigNoz/signoz/cmd"
-	"github.com/SigNoz/signoz/pkg/instrumentation"
-)
-
-func main() {
-	// initialize logger for logging in the cmd/ package. This logger is different from the logger used in the application.
-	logger := instrumentation.NewLogger(instrumentation.Config{Logs: instrumentation.LogsConfig{Level: slog.LevelInfo}})
-
-	// register a list of commands to the root command
-	registerServer(cmd.RootCmd, logger)
-
-	cmd.Execute(logger)
-}

cmd/community/server.go

@@ -1,116 +0,0 @@
-package main
-
-import (
-	"context"
-	"log/slog"
-	"time"
-
-	"github.com/SigNoz/signoz/cmd"
-	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
-	"github.com/SigNoz/signoz/pkg/analytics"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/licensing/nooplicensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/query-service/app"
-	"github.com/SigNoz/signoz/pkg/signoz"
-	"github.com/SigNoz/signoz/pkg/sqlschema"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/version"
-	"github.com/SigNoz/signoz/pkg/zeus"
-	"github.com/SigNoz/signoz/pkg/zeus/noopzeus"
-	"github.com/spf13/cobra"
-)
-
-func registerServer(parentCmd *cobra.Command, logger *slog.Logger) {
-	var flags signoz.DeprecatedFlags
-
-	serverCmd := &cobra.Command{
-		Use:                "server",
-		Short:              "Run the SigNoz server",
-		FParseErrWhitelist: cobra.FParseErrWhitelist{UnknownFlags: true},
-		RunE: func(currCmd *cobra.Command, args []string) error {
-			config, err := cmd.NewSigNozConfig(currCmd.Context(), flags)
-			if err != nil {
-				return err
-			}
-
-			return runServer(currCmd.Context(), config, logger)
-		},
-	}
-
-	flags.RegisterFlags(serverCmd)
-	parentCmd.AddCommand(serverCmd)
-}
-
-func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) error {
-	// print the version
-	version.Info.PrettyPrint(config.Version)
-
-	// add enterprise sqlstore factories to the community sqlstore factories
-	sqlstoreFactories := signoz.NewSQLStoreProviderFactories()
-	if err := sqlstoreFactories.Add(postgressqlstore.NewFactory(sqlstorehook.NewLoggingFactory())); err != nil {
-		logger.ErrorContext(ctx, "failed to add postgressqlstore factory", "error", err)
-		return err
-	}
-
-	jwt := authtypes.NewJWT(cmd.NewJWTSecret(ctx, logger), 30*time.Minute, 30*24*time.Hour)
-
-	signoz, err := signoz.New(
-		ctx,
-		config,
-		jwt,
-		zeus.Config{},
-		noopzeus.NewProviderFactory(),
-		licensing.Config{},
-		func(_ sqlstore.SQLStore, _ zeus.Zeus, _ organization.Getter, _ analytics.Analytics) factory.ProviderFactory[licensing.Licensing, licensing.Config] {
-			return nooplicensing.NewFactory()
-		},
-		signoz.NewEmailingProviderFactories(),
-		signoz.NewCacheProviderFactories(),
-		signoz.NewWebProviderFactories(),
-		func(sqlstore sqlstore.SQLStore) factory.NamedMap[factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config]] {
-			return signoz.NewSQLSchemaProviderFactories(sqlstore)
-		},
-		signoz.NewSQLStoreProviderFactories(),
-		signoz.NewTelemetryStoreProviderFactories(),
-	)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to create signoz", "error", err)
-		return err
-	}
-
-	server, err := app.NewServer(config, signoz, jwt)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to create server", "error", err)
-		return err
-	}
-
-	if err := server.Start(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start server", "error", err)
-		return err
-	}
-
-	signoz.Start(ctx)
-
-	if err := signoz.Wait(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start signoz", "error", err)
-		return err
-	}
-
-	err = server.Stop(ctx)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop server", "error", err)
-		return err
-	}
-
-	err = signoz.Stop(ctx)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop signoz", "error", err)
-		return err
-	}
-
-	return nil
-}

cmd/config.go

@@ -1,45 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"fmt"
-	"log/slog"
-	"os"
-
-	"github.com/SigNoz/signoz/pkg/config"
-	"github.com/SigNoz/signoz/pkg/config/envprovider"
-	"github.com/SigNoz/signoz/pkg/config/fileprovider"
-	"github.com/SigNoz/signoz/pkg/signoz"
-)
-
-func NewSigNozConfig(ctx context.Context, flags signoz.DeprecatedFlags) (signoz.Config, error) {
-	config, err := signoz.NewConfig(
-		ctx,
-		config.ResolverConfig{
-			Uris: []string{"env:"},
-			ProviderFactories: []config.ProviderFactory{
-				envprovider.NewFactory(),
-				fileprovider.NewFactory(),
-			},
-		},
-		flags,
-	)
-	if err != nil {
-		return signoz.Config{}, err
-	}
-
-	return config, nil
-}
-
-func NewJWTSecret(_ context.Context, _ *slog.Logger) string {
-	jwtSecret := os.Getenv("SIGNOZ_JWT_SECRET")
-	if len(jwtSecret) == 0 {
-		fmt.Println("🚨 CRITICAL SECURITY ISSUE: No JWT secret key specified!")
-		fmt.Println("SIGNOZ_JWT_SECRET environment variable is not set. This has dire consequences for the security of the application.")
-		fmt.Println("Without a JWT secret, user sessions are vulnerable to tampering and unauthorized access.")
-		fmt.Println("Please set the SIGNOZ_JWT_SECRET environment variable immediately.")
-		fmt.Println("For more information, please refer to https://github.com/SigNoz/signoz/issues/8400.")
-	}
-
-	return jwtSecret
-}

cmd/enterprise/main.go

@@ -1,18 +0,0 @@
-package main
-
-import (
-	"log/slog"
-
-	"github.com/SigNoz/signoz/cmd"
-	"github.com/SigNoz/signoz/pkg/instrumentation"
-)
-
-func main() {
-	// initialize logger for logging in the cmd/ package. This logger is different from the logger used in the application.
-	logger := instrumentation.NewLogger(instrumentation.Config{Logs: instrumentation.LogsConfig{Level: slog.LevelInfo}})
-
-	// register a list of commands to the root command
-	registerServer(cmd.RootCmd, logger)
-
-	cmd.Execute(logger)
-}

cmd/enterprise/server.go

@@ -1,124 +0,0 @@
-package main
-
-import (
-	"context"
-	"log/slog"
-	"time"
-
-	"github.com/SigNoz/signoz/cmd"
-	enterpriselicensing "github.com/SigNoz/signoz/ee/licensing"
-	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
-	enterpriseapp "github.com/SigNoz/signoz/ee/query-service/app"
-	"github.com/SigNoz/signoz/ee/sqlschema/postgressqlschema"
-	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
-	enterprisezeus "github.com/SigNoz/signoz/ee/zeus"
-	"github.com/SigNoz/signoz/ee/zeus/httpzeus"
-	"github.com/SigNoz/signoz/pkg/analytics"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/signoz"
-	"github.com/SigNoz/signoz/pkg/sqlschema"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/version"
-	"github.com/SigNoz/signoz/pkg/zeus"
-	"github.com/spf13/cobra"
-)
-
-func registerServer(parentCmd *cobra.Command, logger *slog.Logger) {
-	var flags signoz.DeprecatedFlags
-
-	serverCmd := &cobra.Command{
-		Use:                "server",
-		Short:              "Run the SigNoz server",
-		FParseErrWhitelist: cobra.FParseErrWhitelist{UnknownFlags: true},
-		RunE: func(currCmd *cobra.Command, args []string) error {
-			config, err := cmd.NewSigNozConfig(currCmd.Context(), flags)
-			if err != nil {
-				return err
-			}
-
-			return runServer(currCmd.Context(), config, logger)
-		},
-	}
-
-	flags.RegisterFlags(serverCmd)
-	parentCmd.AddCommand(serverCmd)
-}
-
-func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) error {
-	// print the version
-	version.Info.PrettyPrint(config.Version)
-
-	// add enterprise sqlstore factories to the community sqlstore factories
-	sqlstoreFactories := signoz.NewSQLStoreProviderFactories()
-	if err := sqlstoreFactories.Add(postgressqlstore.NewFactory(sqlstorehook.NewLoggingFactory())); err != nil {
-		logger.ErrorContext(ctx, "failed to add postgressqlstore factory", "error", err)
-		return err
-	}
-
-	jwt := authtypes.NewJWT(cmd.NewJWTSecret(ctx, logger), 30*time.Minute, 30*24*time.Hour)
-
-	signoz, err := signoz.New(
-		ctx,
-		config,
-		jwt,
-		enterprisezeus.Config(),
-		httpzeus.NewProviderFactory(),
-		enterpriselicensing.Config(24*time.Hour, 3),
-		func(sqlstore sqlstore.SQLStore, zeus zeus.Zeus, orgGetter organization.Getter, analytics analytics.Analytics) factory.ProviderFactory[licensing.Licensing, licensing.Config] {
-			return httplicensing.NewProviderFactory(sqlstore, zeus, orgGetter, analytics)
-		},
-		signoz.NewEmailingProviderFactories(),
-		signoz.NewCacheProviderFactories(),
-		signoz.NewWebProviderFactories(),
-		func(sqlstore sqlstore.SQLStore) factory.NamedMap[factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config]] {
-			existingFactories := signoz.NewSQLSchemaProviderFactories(sqlstore)
-			if err := existingFactories.Add(postgressqlschema.NewFactory(sqlstore)); err != nil {
-				panic(err)
-			}
-
-			return existingFactories
-		},
-		sqlstoreFactories,
-		signoz.NewTelemetryStoreProviderFactories(),
-	)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to create signoz", "error", err)
-		return err
-	}
-
-	server, err := enterpriseapp.NewServer(config, signoz, jwt)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to create server", "error", err)
-		return err
-	}
-
-	if err := server.Start(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start server", "error", err)
-		return err
-	}
-
-	signoz.Start(ctx)
-
-	if err := signoz.Wait(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start signoz", "error", err)
-		return err
-	}
-
-	err = server.Stop(ctx)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop server", "error", err)
-		return err
-	}
-
-	err = signoz.Stop(ctx)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop signoz", "error", err)
-		return err
-	}
-
-	return nil
-}

cmd/root.go

@@ -1,33 +0,0 @@
-package cmd
-
-import (
-	"log/slog"
-	"os"
-
-	"github.com/SigNoz/signoz/pkg/version"
-	"github.com/spf13/cobra"
-	"go.uber.org/zap" //nolint:depguard
-)
-
-var RootCmd = &cobra.Command{
-	Use:               "signoz",
-	Short:             "OpenTelemetry-Native Logs, Metrics and Traces in a single pane",
-	Version:           version.Info.Version(),
-	SilenceUsage:      true,
-	SilenceErrors:     true,
-	CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
-}
-
-func Execute(logger *slog.Logger) {
-	zapLogger := newZapLogger()
-	zap.ReplaceGlobals(zapLogger)
-	defer func() {
-		_ = zapLogger.Sync()
-	}()
-
-	err := RootCmd.Execute()
-	if err != nil {
-		logger.ErrorContext(RootCmd.Context(), "error running command", "error", err)
-		os.Exit(1)
-	}
-}

cmd/zap.go

@@ -1,15 +0,0 @@
-package cmd
-
-import (
-	"go.uber.org/zap"         //nolint:depguard
-	"go.uber.org/zap/zapcore" //nolint:depguard
-)
-
-// Deprecated: Use `NewLogger` from `pkg/instrumentation` instead.
-func newZapLogger() *zap.Logger {
-	config := zap.NewProductionConfig()
-	config.EncoderConfig.TimeKey = "timestamp"
-	config.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
-	logger, _ := config.Build()
-	return logger
-}

conf/example.yaml

@@ -90,15 +90,6 @@ apiserver:
       - /api/v1/version
       - /
 
-##################### Querier #####################
-querier:
-  # The TTL for cached query results.
-  cache_ttl: 168h
-  # The interval for recent data that should not be cached.
-  flux_interval: 5m
-  # The maximum number of concurrent queries for missing ranges.
-  max_concurrent_queries: 4
-
 ##################### TelemetryStore #####################
 telemetrystore:
   # Maximum number of idle connections in the connection pool.
@@ -112,15 +103,13 @@ telemetrystore:
   clickhouse:
     # The DSN to use for clickhouse.
     dsn: tcp://localhost:9000
-    # The cluster name to use for clickhouse.
-    cluster: cluster
     # The query settings for clickhouse.
     settings:
       max_execution_time: 0
       max_execution_time_leaf: 0
       timeout_before_checking_execution_speed: 0
       max_bytes_to_read: 0
-      max_result_rows: 0
+      max_result_rows_for_ch_query: 0
 
 ##################### Prometheus #####################
 prometheus:
@@ -176,71 +165,8 @@ alertmanager:
       # Retention of the notification logs.
       retention: 120h
 
-##################### Emailing #####################
-emailing:
-  # Whether to enable emailing.
-  enabled: false
-  templates:
-    # The directory containing the email templates. This directory should contain a list of files defined at pkg/types/emailtypes/template.go.
-    directory: /opt/signoz/conf/templates/email
-  smtp:
-    # The SMTP server address.
-    address: localhost:25
-    # The email address to use for the SMTP server.
-    from:
-    # The hello message to use for the SMTP server.
-    hello:
-    # The static headers to send with the email.
-    headers: {}
-    auth:
-      # The username to use for the SMTP server.
-      username:
-      # The password to use for the SMTP server.
-      password:
-      # The secret to use for the SMTP server.
-      secret:
-      # The identity to use for the SMTP server.
-      identity:
-    tls:
-      # Whether to enable TLS. It should be false in most cases since the authentication mechanism should use the STARTTLS extension instead.
-      enabled: false
-      # Whether to skip TLS verification.
-      insecure_skip_verify: false
-      # The path to the CA file.
-      ca_file_path:
-      # The path to the key file.
-      key_file_path:
-      # The path to the certificate file.
-      cert_file_path:
-
-##################### Sharder (experimental) #####################
-sharder:
-  # Specifies the sharder provider to use.
-  provider: noop
-  single:
-    # The org id to which this instance belongs to.
-    org_id: org_id
 
 ##################### Analytics #####################
 analytics:
   # Whether to enable analytics.
   enabled: false
-  segment:
-    # The key to use for segment.
-    key: ""
-
-##################### StatsReporter #####################
-statsreporter:
-  # Whether to enable stats reporter. This is used to provide valuable insights to the SigNoz team. It does not collect any sensitive/PII data.
-  enabled: true
-  # The interval at which the stats are collected.
-  interval: 6h
-  collect:
-    # Whether to collect identities and traits (emails).
-    identities: true
-
-
-##################### Gateway (License only) #####################
-gateway:
-  # The URL of the gateway's api.
-  url: http://localhost:8080

deploy/docker-swarm/docker-compose.ha.yaml

@@ -174,7 +174,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.91.0
+    image: signoz/signoz:v0.83.0
     command:
       - --config=/root/config/prometheus.yml
     ports:
@@ -194,7 +194,6 @@ services:
       - TELEMETRY_ENABLED=true
       - DEPLOYMENT_TYPE=docker-swarm
       - SIGNOZ_JWT_SECRET=secret
-      - DOT_METRICS_ENABLED=true
     healthcheck:
       test:
         - CMD
@@ -207,7 +206,7 @@ services:
       retries: 3
   otel-collector:
     !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:v0.128.2
+    image: signoz/signoz-otel-collector:v0.111.41
     command:
       - --config=/etc/otel-collector-config.yaml
       - --manager-config=/etc/manager-config.yaml
@@ -231,7 +230,7 @@ services:
       - signoz
   schema-migrator:
     !!merge <<: *common
-    image: signoz/signoz-schema-migrator:v0.128.2
+    image: signoz/signoz-schema-migrator:v0.111.41
     deploy:
       restart_policy:
         condition: on-failure

deploy/docker-swarm/docker-compose.yaml

@@ -100,32 +100,26 @@ services:
     #   - "9000:9000"
     #   - "8123:8123"
     #   - "9181:9181"
-
-    configs:
-      - source: clickhouse-config
-        target: /etc/clickhouse-server/config.xml
-      - source: clickhouse-users
-        target: /etc/clickhouse-server/users.xml
-      - source: clickhouse-custom-function
-        target: /etc/clickhouse-server/custom-function.xml
-      - source: clickhouse-cluster
-        target: /etc/clickhouse-server/config.d/cluster.xml
     volumes:
+      - ../common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
+      - ../common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
+      - ../common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
+      - ../common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
+      - ../common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
       - clickhouse:/var/lib/clickhouse/
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.91.0
+    image: signoz/signoz:v0.83.0
     command:
       - --config=/root/config/prometheus.yml
     ports:
       - "8080:8080" # signoz port
     #   - "6060:6060"     # pprof port
     volumes:
+      - ../common/signoz/prometheus.yml:/root/config/prometheus.yml
+      - ../common/dashboards:/root/config/dashboards
       - sqlite:/var/lib/signoz/
-    configs:
-      - source: signoz-prometheus-config
-        target: /root/config/prometheus.yml
     environment:
       - SIGNOZ_ALERTMANAGER_PROVIDER=signoz
       - SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_DSN=tcp://clickhouse:9000
@@ -135,7 +129,6 @@ services:
       - GODEBUG=netdns=go
       - TELEMETRY_ENABLED=true
       - DEPLOYMENT_TYPE=docker-swarm
-      - DOT_METRICS_ENABLED=true
     healthcheck:
       test:
         - CMD
@@ -148,17 +141,15 @@ services:
       retries: 3
   otel-collector:
     !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:v0.128.2
+    image: signoz/signoz-otel-collector:v0.111.41
     command:
       - --config=/etc/otel-collector-config.yaml
       - --manager-config=/etc/manager-config.yaml
       - --copy-path=/var/tmp/collector-config.yaml
       - --feature-gates=-pkg.translator.prometheus.NormalizeName
-    configs:
-      - source: otel-collector-config
-        target: /etc/otel-collector-config.yaml
-      - source: otel-manager-config
-        target: /etc/manager-config.yaml
+    volumes:
+      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml
+      - ../common/signoz/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
     environment:
       - OTEL_RESOURCE_ATTRIBUTES=host.name={{.Node.Hostname}},os.type={{.Node.Platform.OS}}
       - LOW_CARDINAL_EXCEPTION_GROUPING=false
@@ -174,7 +165,7 @@ services:
       - signoz
   schema-migrator:
     !!merge <<: *common
-    image: signoz/signoz-schema-migrator:v0.128.2
+    image: signoz/signoz-schema-migrator:v0.111.41
     deploy:
       restart_policy:
         condition: on-failure
@@ -195,24 +186,3 @@ volumes:
     name: signoz-sqlite
   zookeeper-1:
     name: signoz-zookeeper-1
-configs:
-  clickhouse-config:
-    file: ../common/clickhouse/config.xml
-  clickhouse-users:
-    file: ../common/clickhouse/users.xml
-  clickhouse-custom-function:
-    file: ../common/clickhouse/custom-function.xml
-  clickhouse-cluster:
-    file: ../common/clickhouse/cluster.xml
-  signoz-prometheus-config:
-    file: ../common/signoz/prometheus.yml
-  # If you have multiple dashboard files, you can list them individually:
-  # dashboard-foo:
-  #   file: ../common/dashboards/foo.json
-  # dashboard-bar:
-  #   file: ../common/dashboards/bar.json
-
-  otel-collector-config:
-    file: ./otel-collector-config.yaml
-  otel-manager-config:
-    file: ../common/signoz/otel-collector-opamp-config.yaml

deploy/docker-swarm/otel-collector-config.yaml

@@ -26,7 +26,7 @@ processors:
     detectors: [env, system]
     timeout: 2s
   signozspanmetrics/delta:
-    metrics_exporter: signozclickhousemetrics
+    metrics_exporter: clickhousemetricswrite, signozclickhousemetrics
     metrics_flush_interval: 60s
     latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
     dimensions_cache_size: 100000
@@ -60,16 +60,27 @@ exporters:
     datasource: tcp://clickhouse:9000/signoz_traces
     low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
     use_new_schema: true
+  clickhousemetricswrite:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
+    resource_to_telemetry_conversion:
+      enabled: true
+    disable_v2: true
+  clickhousemetricswrite/prometheus:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
+    disable_v2: true
   signozclickhousemetrics:
     dsn: tcp://clickhouse:9000/signoz_metrics
   clickhouselogsexporter:
     dsn: tcp://clickhouse:9000/signoz_logs
     timeout: 10s
     use_new_schema: true
+  # debug: {}
 service:
   telemetry:
     logs:
       encoding: json
+    metrics:
+      address: 0.0.0.0:8888
   extensions:
     - health_check
     - pprof
@@ -81,11 +92,11 @@ service:
     metrics:
       receivers: [otlp]
       processors: [batch]
-      exporters: [signozclickhousemetrics]
+      exporters: [clickhousemetricswrite, signozclickhousemetrics]
     metrics/prometheus:
       receivers: [prometheus]
       processors: [batch]
-      exporters: [signozclickhousemetrics]
+      exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
     logs:
       receivers: [otlp]
       processors: [batch]

deploy/docker/docker-compose.ha.yaml

@@ -177,7 +177,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.91.0}
+    image: signoz/signoz:${VERSION:-v0.83.0}
     container_name: signoz
     command:
       - --config=/root/config/prometheus.yml
@@ -197,7 +197,6 @@ services:
       - GODEBUG=netdns=go
       - TELEMETRY_ENABLED=true
       - DEPLOYMENT_TYPE=docker-standalone-amd
-      - DOT_METRICS_ENABLED=true
     healthcheck:
       test:
         - CMD
@@ -211,7 +210,7 @@ services:
   # TODO: support otel-collector multiple replicas. Nginx/Traefik for loadbalancing?
   otel-collector:
     !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.128.2}
+    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.111.41}
     container_name: signoz-otel-collector
     command:
       - --config=/etc/otel-collector-config.yaml
@@ -237,7 +236,7 @@ services:
         condition: service_healthy
   schema-migrator-sync:
     !!merge <<: *common
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.128.2}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.41}
     container_name: schema-migrator-sync
     command:
       - sync
@@ -248,7 +247,7 @@ services:
         condition: service_healthy
   schema-migrator-async:
     !!merge <<: *db-depend
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.128.2}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.41}
     container_name: schema-migrator-async
     command:
       - async

deploy/docker/docker-compose.yaml

@@ -110,7 +110,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.91.0}
+    image: signoz/signoz:${VERSION:-v0.83.0}
     container_name: signoz
     command:
       - --config=/root/config/prometheus.yml
@@ -130,7 +130,6 @@ services:
       - GODEBUG=netdns=go
       - TELEMETRY_ENABLED=true
       - DEPLOYMENT_TYPE=docker-standalone-amd
-      - DOT_METRICS_ENABLED=true
     healthcheck:
       test:
         - CMD
@@ -143,7 +142,7 @@ services:
       retries: 3
   otel-collector:
     !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.128.2}
+    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.111.41}
     container_name: signoz-otel-collector
     command:
       - --config=/etc/otel-collector-config.yaml
@@ -165,7 +164,7 @@ services:
         condition: service_healthy
   schema-migrator-sync:
     !!merge <<: *common
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.128.2}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.41}
     container_name: schema-migrator-sync
     command:
       - sync
@@ -177,7 +176,7 @@ services:
     restart: on-failure
   schema-migrator-async:
     !!merge <<: *db-depend
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.128.2}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.41}
     container_name: schema-migrator-async
     command:
       - async

deploy/docker/otel-collector-config.yaml

@@ -26,7 +26,7 @@ processors:
     detectors: [env, system]
     timeout: 2s
   signozspanmetrics/delta:
-    metrics_exporter: signozclickhousemetrics
+    metrics_exporter: clickhousemetricswrite, signozclickhousemetrics
     metrics_flush_interval: 60s
     latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
     dimensions_cache_size: 100000
@@ -60,16 +60,27 @@ exporters:
     datasource: tcp://clickhouse:9000/signoz_traces
     low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
     use_new_schema: true
+  clickhousemetricswrite:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
+    disable_v2: true
+    resource_to_telemetry_conversion:
+      enabled: true
+  clickhousemetricswrite/prometheus:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
+    disable_v2: true
   signozclickhousemetrics:
     dsn: tcp://clickhouse:9000/signoz_metrics
   clickhouselogsexporter:
     dsn: tcp://clickhouse:9000/signoz_logs
     timeout: 10s
     use_new_schema: true
+  # debug: {}
 service:
   telemetry:
     logs:
       encoding: json
+    metrics:
+      address: 0.0.0.0:8888
   extensions:
     - health_check
     - pprof
@@ -81,11 +92,11 @@ service:
     metrics:
       receivers: [otlp]
       processors: [batch]
-      exporters: [signozclickhousemetrics]
+      exporters: [clickhousemetricswrite, signozclickhousemetrics]
     metrics/prometheus:
       receivers: [prometheus]
       processors: [batch]
-      exporters: [signozclickhousemetrics]
+      exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
     logs:
       receivers: [otlp]
       processors: [batch]

docs/contributing/go/endpoint.md

@@ -1,51 +0,0 @@
-# Endpoint
-
-This guide outlines the recommended approach for designing endpoints, with a focus on entity relationships, RESTful structure, and examples from the codebase.
-
-## How do we design an endpoint?
-
-### Understand the core entities and their relationships
-
-Start with understanding the core entities and their relationships. For example:
-
-- **Organization**: an organization can have multiple users
-
-### Structure Endpoints RESTfully
-
-Endpoints should reflect the resource hierarchy and follow RESTful conventions. Use clear, **pluralized resource names** and versioning. For example:
-
-- `POST /v1/organizations` — Create an organization
-- `GET /v1/organizations/:id` — Get an organization by id
-- `DELETE /v1/organizations/:id` — Delete an organization by id
-- `PUT /v1/organizations/:id` — Update an organization by id
-- `GET /v1/organizations/:id/users` — Get all users in an organization
-- `GET /v1/organizations/me/users` — Get all users in my organization
-
-Think in terms of resource navigation in a file system. For example, to find your organization, you would navigate to the root of the file system and then to the `organizations` directory. To find a user in an organization, you would navigate to the `organizations` directory and then to the `id` directory.
-
-```bash
-v1/
-├── organizations/
-│   └── 123/
-│       └── users/
-```
-
-`me` endpoints are special. They are used to determine the actual id via some auth/external mechanism. For `me` endpoints, think of the `me` directory being symlinked to your organization directory. For example, if you are a part of the organization `123`, the `me` directory will be symlinked to `/v1/organizations/123`:
-
-```bash
-v1/
-├── organizations/
-│   └── me/ -> symlink to /v1/organizations/123
-│       └── users/
-│   └── 123/
-│       └── users/
-```
-
-> 💡 **Note**: There are various ways to structure endpoints. Some prefer to use singular resource names instead of `me`. Others prefer to use singular resource names for all endpoints. We have, however, chosen to standardize our endpoints in the manner described above.
-
-## What should I remember?
-
-- Use clear, **plural resource names**
-- Use `me` endpoints for determining the actual id via some auth mechanism
-
-> 💡 **Note**: When in doubt, diagram the relationships and walk through the user flows as if navigating a file system. This will help you design endpoints that are both logical and user-friendly.

docs/contributing/go/provider.md

@@ -1,106 +0,0 @@
-# Provider
-
-SigNoz is built on the provider pattern, a design approach where code is organized into providers that handle specific application responsibilities. Providers act as adapter components that integrate with external services and deliver required functionality to the application.
-
-> 💡 **Note**: Coming from a DDD background? Providers are similar (not exactly the same) to adapter/infrastructure services.
-
-## How to create a new provider?
-
-To create a new provider, create a directory in the `pkg/` directory named after your provider. The provider package consists of four key components:
-
-- **Interface** (`pkg/<name>/<name>.go`): Defines the provider's interface. Other packages should import this interface to use the provider.
-- **Config** (`pkg/<name>/config.go`): Contains provider configuration, implementing the `factory.Config` interface from [factory/config.go](/pkg/factory/config.go).
-- **Implementation** (`pkg/<name>/<implname><name>/provider.go`): Contains the provider implementation, including a `NewProvider` function that returns a `factory.Provider` interface from [factory/provider.go](/pkg/factory/provider.go).
-- **Mock** (`pkg/<name>/<name>test.go`): Provides mocks for the provider, typically used by dependent packages for unit testing.
-
-For example, the [prometheus](/pkg/prometheus) provider delivers a prometheus engine to the application:
-
-- `pkg/prometheus/prometheus.go` - Interface definition
-- `pkg/prometheus/config.go` - Configuration
-- `pkg/prometheus/clickhouseprometheus/provider.go` - Clickhouse-powered implementation
-- `pkg/prometheus/prometheustest/provider.go` - Mock implementation
-
-## How to wire it up?
-
-The `pkg/signoz` package contains the inversion of control container responsible for wiring providers. It handles instantiation, configuration, and assembly of providers based on configuration metadata.
-
-> 💡 **Note**: Coming from a Java background? Providers are similar to Spring beans.
-
-Wiring up a provider involves three steps:
-
-1. Wiring up the configuration
-Add your config from `pkg/<name>/config.go` to the `pkg/signoz/config.Config` struct and in new factories:
-
-```go
-type Config struct {
-    ...
-	MyProvider myprovider.Config `mapstructure:"myprovider"`
-    ...
-}
-
-func NewConfig(ctx context.Context, resolverConfig config.ResolverConfig, ....) (Config, error) {
-    ...
-	configFactories := []factory.ConfigFactory{
-        myprovider.NewConfigFactory(),
-	}
-    ...
-}
-```
-
-2. Wiring up the provider
-Add available provider implementations in `pkg/signoz/provider.go`:
-
-```go
-func NewMyProviderFactories() factory.NamedMap[factory.ProviderFactory[myprovider.MyProvider, myprovider.Config]] {
-	return factory.MustNewNamedMap(
-        myproviderone.NewFactory(),
-        myprovidertwo.NewFactory(),
-	)
-}
-```
-
-3. Instantiate the provider by adding it to the `SigNoz` struct in `pkg/signoz/signoz.go`:
-
-```go
-type SigNoz struct {
-    ...
-    MyProvider myprovider.MyProvider
-    ...
-}
-
-func New(...) (*SigNoz, error) {
-    ...
-    myprovider, err := myproviderone.New(ctx, settings, config.MyProvider, "one/two")
-    if err != nil {
-        return nil, err
-    }
-    ...
-}
-```
-
-## How to use it?
-
-To use a provider, import its interface. For example, to use the prometheus provider, import `pkg/prometheus/prometheus.go`:
-
-```go
-import "github.com/SigNoz/signoz/pkg/prometheus/prometheus"
-
-func CreateSomething(ctx context.Context, prometheus prometheus.Prometheus) {
-    ...
-    prometheus.DoSomething()
-    ...
-}
-```
-
-## Why do we need this?
-
-Like any dependency injection framework, providers decouple the codebase from implementation details. This is especially valuable in SigNoz's large codebase, where we need to swap implementations without changing dependent code. The provider pattern offers several benefits apart from the obvious one of decoupling:
-
-- Configuration is **defined with each provider and centralized in one place**, making it easier to understand and manage through various methods (environment variables, config files, etc.)
-- Provider mocking is **straightforward for unit testing**, with a consistent pattern for locating mocks
-- **Multiple implementations** of the same provider are **supported**, as demonstrated by our sqlstore provider
-
-## What should I remember?
-
-- Use the provider pattern wherever applicable.
-- Always create a provider **irrespective of the number of implementations**. This makes it easier to add new implementations in the future.

docs/otel-demo-docs.md

@@ -16,7 +16,7 @@ __Table of Contents__
   - [Prerequisites](#prerequisites-1)
   - [Install Helm Repo and Charts](#install-helm-repo-and-charts)
   - [Start the OpenTelemetry Demo App](#start-the-opentelemetry-demo-app-1)
-  - [Monitor with SigNoz (Kubernetes)](#monitor-with-signoz-kubernetes)
+  - [Moniitor with SigNoz (Kubernetes)](#monitor-with-signoz-kubernetes)
 - [What's next](#whats-next)
 
 

ee/http/middleware/pat.go

@@ -0,0 +1,91 @@
+package middleware
+
+import (
+	"net/http"
+	"time"
+
+	eeTypes "github.com/SigNoz/signoz/ee/types"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"go.uber.org/zap"
+)
+
+type Pat struct {
+	store   sqlstore.SQLStore
+	uuid    *authtypes.UUID
+	headers []string
+}
+
+func NewPat(store sqlstore.SQLStore, headers []string) *Pat {
+	return &Pat{store: store, uuid: authtypes.NewUUID(), headers: headers}
+}
+
+func (p *Pat) Wrap(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var values []string
+		var patToken string
+		var pat eeTypes.StorablePersonalAccessToken
+
+		for _, header := range p.headers {
+			values = append(values, r.Header.Get(header))
+		}
+
+		ctx, err := p.uuid.ContextFromRequest(r.Context(), values...)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+		patToken, ok := authtypes.UUIDFromContext(ctx)
+		if !ok {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		err = p.store.BunDB().NewSelect().Model(&pat).Where("token = ?", patToken).Scan(r.Context())
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		if pat.ExpiresAt < time.Now().Unix() && pat.ExpiresAt != 0 {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		// get user from db
+		user := types.User{}
+		err = p.store.BunDB().NewSelect().Model(&user).Where("id = ?", pat.UserID).Scan(r.Context())
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		role, err := types.NewRole(user.Role)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		jwt := authtypes.Claims{
+			UserID: user.ID.String(),
+			Role:   role,
+			Email:  user.Email,
+			OrgID:  user.OrgID,
+		}
+
+		ctx = authtypes.NewContextWithClaims(ctx, jwt)
+
+		r = r.WithContext(ctx)
+
+		next.ServeHTTP(w, r)
+
+		pat.LastUsed = time.Now().Unix()
+		_, err = p.store.BunDB().NewUpdate().Model(&pat).Column("last_used").Where("token = ?", patToken).Where("revoked = false").Exec(r.Context())
+		if err != nil {
+			zap.L().Error("Failed to update PAT last used in db, err: %v", zap.Error(err))
+		}
+
+	})
+
+}

ee/licensing/config.go

@@ -1,26 +0,0 @@
-package licensing
-
-import (
-	"fmt"
-	"sync"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/licensing"
-)
-
-var (
-	config licensing.Config
-	once   sync.Once
-)
-
-// initializes the licensing configuration
-func Config(pollInterval time.Duration, failureThreshold int) licensing.Config {
-	once.Do(func() {
-		config = licensing.Config{PollInterval: pollInterval, FailureThreshold: failureThreshold}
-		if err := config.Validate(); err != nil {
-			panic(fmt.Errorf("invalid licensing config: %w", err))
-		}
-	})
-
-	return config
-}

ee/licensing/httplicensing/api.go

@@ -1,168 +0,0 @@
-package httplicensing
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type licensingAPI struct {
-	licensing licensing.Licensing
-}
-
-func NewLicensingAPI(licensing licensing.Licensing) licensing.API {
-	return &licensingAPI{licensing: licensing}
-}
-
-func (api *licensingAPI) Activate(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	req := new(licensetypes.PostableLicense)
-	err = json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	err = api.licensing.Activate(r.Context(), orgID, req.Key)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusAccepted, nil)
-}
-
-func (api *licensingAPI) GetActive(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	license, err := api.licensing.GetActive(r.Context(), orgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	gettableLicense := licensetypes.NewGettableLicense(license.Data, license.Key)
-	render.Success(rw, http.StatusOK, gettableLicense)
-}
-
-func (api *licensingAPI) Refresh(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	err = api.licensing.Refresh(r.Context(), orgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusNoContent, nil)
-}
-
-func (api *licensingAPI) Checkout(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	req := new(licensetypes.PostableSubscription)
-	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	gettableSubscription, err := api.licensing.Checkout(ctx, orgID, req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusCreated, gettableSubscription)
-}
-
-func (api *licensingAPI) Portal(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	req := new(licensetypes.PostableSubscription)
-	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	gettableSubscription, err := api.licensing.Portal(ctx, orgID, req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusCreated, gettableSubscription)
-}

ee/licensing/httplicensing/provider.go

@@ -1,249 +0,0 @@
-package httplicensing
-
-import (
-	"context"
-	"encoding/json"
-	"time"
-
-	"github.com/SigNoz/signoz/ee/licensing/licensingstore/sqllicensingstore"
-	"github.com/SigNoz/signoz/pkg/analytics"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/analyticstypes"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/SigNoz/signoz/pkg/zeus"
-	"github.com/tidwall/gjson"
-)
-
-type provider struct {
-	store     licensetypes.Store
-	zeus      zeus.Zeus
-	config    licensing.Config
-	settings  factory.ScopedProviderSettings
-	orgGetter organization.Getter
-	analytics analytics.Analytics
-	stopChan  chan struct{}
-}
-
-func NewProviderFactory(store sqlstore.SQLStore, zeus zeus.Zeus, orgGetter organization.Getter, analytics analytics.Analytics) factory.ProviderFactory[licensing.Licensing, licensing.Config] {
-	return factory.NewProviderFactory(factory.MustNewName("http"), func(ctx context.Context, providerSettings factory.ProviderSettings, config licensing.Config) (licensing.Licensing, error) {
-		return New(ctx, providerSettings, config, store, zeus, orgGetter, analytics)
-	})
-}
-
-func New(ctx context.Context, ps factory.ProviderSettings, config licensing.Config, sqlstore sqlstore.SQLStore, zeus zeus.Zeus, orgGetter organization.Getter, analytics analytics.Analytics) (licensing.Licensing, error) {
-	settings := factory.NewScopedProviderSettings(ps, "github.com/SigNoz/signoz/ee/licensing/httplicensing")
-	licensestore := sqllicensingstore.New(sqlstore)
-	return &provider{
-		store:     licensestore,
-		zeus:      zeus,
-		config:    config,
-		settings:  settings,
-		orgGetter: orgGetter,
-		stopChan:  make(chan struct{}),
-		analytics: analytics,
-	}, nil
-}
-
-func (provider *provider) Start(ctx context.Context) error {
-	tick := time.NewTicker(provider.config.PollInterval)
-	defer tick.Stop()
-
-	err := provider.Validate(ctx)
-	if err != nil {
-		provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", "error", err)
-	}
-
-	for {
-		select {
-		case <-provider.stopChan:
-			return nil
-		case <-tick.C:
-			err := provider.Validate(ctx)
-			if err != nil {
-				provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", "error", err)
-			}
-		}
-	}
-}
-
-func (provider *provider) Stop(ctx context.Context) error {
-	provider.settings.Logger().DebugContext(ctx, "license validation stopped")
-	close(provider.stopChan)
-	return nil
-}
-
-func (provider *provider) Validate(ctx context.Context) error {
-	organizations, err := provider.orgGetter.ListByOwnedKeyRange(ctx)
-	if err != nil {
-		return err
-	}
-
-	for _, organization := range organizations {
-		err := provider.Refresh(ctx, organization.ID)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (provider *provider) Activate(ctx context.Context, organizationID valuer.UUID, key string) error {
-	data, err := provider.zeus.GetLicense(ctx, key)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "unable to fetch license data with upstream server")
-	}
-
-	license, err := licensetypes.NewLicense(data, organizationID)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to create license entity")
-	}
-
-	storableLicense := licensetypes.NewStorableLicenseFromLicense(license)
-	err = provider.store.Create(ctx, storableLicense)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (provider *provider) GetActive(ctx context.Context, organizationID valuer.UUID) (*licensetypes.License, error) {
-	storableLicenses, err := provider.store.GetAll(ctx, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	activeLicense, err := licensetypes.GetActiveLicenseFromStorableLicenses(storableLicenses, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	return activeLicense, nil
-}
-
-func (provider *provider) Refresh(ctx context.Context, organizationID valuer.UUID) error {
-	activeLicense, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return nil
-		}
-		provider.settings.Logger().ErrorContext(ctx, "license validation failed", "org_id", organizationID.StringValue())
-		return err
-	}
-
-	data, err := provider.zeus.GetLicense(ctx, activeLicense.Key)
-	if err != nil {
-		if time.Since(activeLicense.LastValidatedAt) > time.Duration(provider.config.FailureThreshold)*provider.config.PollInterval {
-			activeLicense.UpdateFeatures(licensetypes.BasicPlan)
-			updatedStorableLicense := licensetypes.NewStorableLicenseFromLicense(activeLicense)
-			err = provider.store.Update(ctx, organizationID, updatedStorableLicense)
-			if err != nil {
-				return err
-			}
-
-			return nil
-		}
-		return err
-	}
-
-	err = activeLicense.Update(data)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to create license entity from license data")
-	}
-
-	updatedStorableLicense := licensetypes.NewStorableLicenseFromLicense(activeLicense)
-	err = provider.store.Update(ctx, organizationID, updatedStorableLicense)
-	if err != nil {
-		return err
-	}
-
-	stats := licensetypes.NewStatsFromLicense(activeLicense)
-	provider.analytics.Send(ctx,
-		analyticstypes.Track{
-			UserId:     "stats_" + organizationID.String(),
-			Event:      "License Updated",
-			Properties: analyticstypes.NewPropertiesFromMap(stats),
-			Context: &analyticstypes.Context{
-				Extra: map[string]interface{}{
-					analyticstypes.KeyGroupID: organizationID.String(),
-				},
-			},
-		},
-		analyticstypes.Group{
-			UserId:  "stats_" + organizationID.String(),
-			GroupId: organizationID.String(),
-			Traits:  analyticstypes.NewTraitsFromMap(stats),
-		},
-	)
-
-	return nil
-}
-
-func (provider *provider) Checkout(ctx context.Context, organizationID valuer.UUID, postableSubscription *licensetypes.PostableSubscription) (*licensetypes.GettableSubscription, error) {
-	activeLicense, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	body, err := json.Marshal(postableSubscription)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to marshal checkout payload")
-	}
-
-	response, err := provider.zeus.GetCheckoutURL(ctx, activeLicense.Key, body)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to generate checkout session")
-	}
-
-	return &licensetypes.GettableSubscription{RedirectURL: gjson.GetBytes(response, "url").String()}, nil
-}
-
-func (provider *provider) Portal(ctx context.Context, organizationID valuer.UUID, postableSubscription *licensetypes.PostableSubscription) (*licensetypes.GettableSubscription, error) {
-	activeLicense, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	body, err := json.Marshal(postableSubscription)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to marshal portal payload")
-	}
-
-	response, err := provider.zeus.GetPortalURL(ctx, activeLicense.Key, body)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to generate portal session")
-	}
-
-	return &licensetypes.GettableSubscription{RedirectURL: gjson.GetBytes(response, "url").String()}, nil
-}
-
-func (provider *provider) GetFeatureFlags(ctx context.Context, organizationID valuer.UUID) ([]*licensetypes.Feature, error) {
-	license, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return licensetypes.BasicPlan, nil
-		}
-		return nil, err
-	}
-
-	return license.Features, nil
-}
-
-func (provider *provider) Collect(ctx context.Context, orgID valuer.UUID) (map[string]any, error) {
-	activeLicense, err := provider.GetActive(ctx, orgID)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return map[string]any{}, nil
-		}
-
-		return nil, err
-	}
-
-	return licensetypes.NewStatsFromLicense(activeLicense), nil
-}

ee/licensing/licensingstore/sqllicensingstore/store.go

@@ -1,81 +0,0 @@
-package sqllicensingstore
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type store struct {
-	sqlstore sqlstore.SQLStore
-}
-
-func New(sqlstore sqlstore.SQLStore) licensetypes.Store {
-	return &store{sqlstore}
-}
-
-func (store *store) Create(ctx context.Context, storableLicense *licensetypes.StorableLicense) error {
-	_, err := store.
-		sqlstore.
-		BunDB().
-		NewInsert().
-		Model(storableLicense).
-		Exec(ctx)
-	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, errors.CodeAlreadyExists, "license with ID: %s already exists", storableLicense.ID)
-	}
-
-	return nil
-}
-
-func (store *store) Get(ctx context.Context, organizationID valuer.UUID, licenseID valuer.UUID) (*licensetypes.StorableLicense, error) {
-	storableLicense := new(licensetypes.StorableLicense)
-	err := store.
-		sqlstore.
-		BunDB().
-		NewSelect().
-		Model(storableLicense).
-		Where("org_id = ?", organizationID).
-		Where("id = ?", licenseID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, errors.CodeNotFound, "license with ID: %s does not exist", licenseID)
-	}
-
-	return storableLicense, nil
-}
-
-func (store *store) GetAll(ctx context.Context, organizationID valuer.UUID) ([]*licensetypes.StorableLicense, error) {
-	storableLicenses := make([]*licensetypes.StorableLicense, 0)
-	err := store.
-		sqlstore.
-		BunDB().
-		NewSelect().
-		Model(&storableLicenses).
-		Where("org_id = ?", organizationID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, errors.CodeNotFound, "licenses for organizationID: %s does not exists", organizationID)
-	}
-
-	return storableLicenses, nil
-}
-
-func (store *store) Update(ctx context.Context, organizationID valuer.UUID, storableLicense *licensetypes.StorableLicense) error {
-	_, err := store.
-		sqlstore.
-		BunDB().
-		NewUpdate().
-		Model(storableLicense).
-		WherePK().
-		Where("org_id = ?", organizationID).
-		Exec(ctx)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "unable to update license with ID: %s", storableLicense.ID)
-	}
-
-	return nil
-}

ee/modules/user/impluser/handler.go

@@ -0,0 +1,203 @@
+package impluser
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/gorilla/mux"
+)
+
+// EnterpriseHandler embeds the base handler implementation
+type Handler struct {
+	user.Handler // Embed the base handler interface
+	module       user.Module
+}
+
+func NewHandler(module user.Module) user.Handler {
+	baseHandler := impluser.NewHandler(module)
+	return &Handler{
+		Handler: baseHandler,
+		module:  module,
+	}
+}
+
+func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	var req types.PostableLoginRequest
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if req.RefreshToken == "" {
+		// the EE handler wrapper passes the feature flag value in context
+		ssoAvailable, ok := ctx.Value(types.SSOAvailable).(bool)
+		if !ok {
+			render.Error(w, errors.New(errors.TypeInternal, errors.CodeInternal, "failed to retrieve SSO availability"))
+			return
+		}
+
+		if ssoAvailable {
+			_, err := h.module.CanUsePassword(ctx, req.Email)
+			if err != nil {
+				render.Error(w, err)
+				return
+			}
+		}
+	}
+
+	user, err := h.module.GetAuthenticatedUser(ctx, req.OrgID, req.Email, req.Password, req.RefreshToken)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	jwt, err := h.module.GetJWTForUser(ctx, user)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	gettableLoginResponse := &types.GettableLoginResponse{
+		GettableUserJwt: jwt,
+		UserID:          user.ID.String(),
+	}
+
+	render.Success(w, http.StatusOK, gettableLoginResponse)
+}
+
+// Override only the methods you need with enterprise-specific implementations
+func (h *Handler) LoginPrecheck(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	// assume user is valid unless proven otherwise and assign default values for rest of the fields
+
+	email := r.URL.Query().Get("email")
+	sourceUrl := r.URL.Query().Get("ref")
+	orgID := r.URL.Query().Get("orgID")
+
+	resp, err := h.module.LoginPrecheck(ctx, orgID, email, sourceUrl)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusOK, resp)
+
+}
+
+func (h *Handler) AcceptInvite(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	req := new(types.PostableAcceptInvite)
+	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
+		render.Error(w, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to decode user"))
+		return
+	}
+
+	// get invite object
+	invite, err := h.module.GetInviteByToken(ctx, req.InviteToken)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	orgDomain, err := h.module.GetAuthDomainByEmail(ctx, invite.Email)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		render.Error(w, err)
+		return
+	}
+
+	precheckResp := &types.GettableLoginPrecheck{
+		SSO:    false,
+		IsUser: false,
+	}
+
+	if invite.Name == "" && req.DisplayName != "" {
+		invite.Name = req.DisplayName
+	}
+
+	user, err := types.NewUser(invite.Name, invite.Email, invite.Role, invite.OrgID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if orgDomain != nil && orgDomain.SsoEnabled {
+		// sso is enabled, create user and respond precheck data
+		err = h.module.CreateUser(ctx, user)
+		if err != nil {
+			render.Error(w, err)
+			return
+		}
+
+		// check if sso is enforced for the org
+		precheckResp, err = h.module.LoginPrecheck(ctx, invite.OrgID, user.Email, req.SourceURL)
+		if err != nil {
+			render.Error(w, err)
+			return
+		}
+
+	} else {
+		password, err := types.NewFactorPassword(req.Password)
+		if err != nil {
+			render.Error(w, err)
+			return
+		}
+
+		user, err = h.module.CreateUserWithPassword(ctx, user, password)
+		if err != nil {
+			render.Error(w, err)
+			return
+		}
+
+		precheckResp.IsUser = true
+	}
+
+	// delete the invite
+	if err := h.module.DeleteInvite(ctx, invite.OrgID, invite.ID); err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusOK, precheckResp)
+}
+
+func (h *Handler) GetInvite(w http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	token := mux.Vars(r)["token"]
+	sourceUrl := r.URL.Query().Get("ref")
+	invite, err := h.module.GetInviteByToken(ctx, token)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	// precheck the user
+	precheckResp, err := h.module.LoginPrecheck(ctx, invite.OrgID, invite.Email, sourceUrl)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	gettableInvite := &types.GettableEEInvite{
+		GettableInvite: *invite,
+		PreCheck:       precheckResp,
+	}
+
+	render.Success(w, http.StatusOK, gettableInvite)
+	return
+}

ee/modules/user/impluser/module.go

@@ -0,0 +1,229 @@
+package impluser
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	baseimpl "github.com/SigNoz/signoz/pkg/modules/user/impluser"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"go.uber.org/zap"
+)
+
+// EnterpriseModule embeds the base module implementation
+type Module struct {
+	*baseimpl.Module // Embed the base module implementation
+	store            types.UserStore
+}
+
+func NewModule(store types.UserStore) user.Module {
+	baseModule := baseimpl.NewModule(store).(*baseimpl.Module)
+	return &Module{
+		Module: baseModule,
+		store:  store,
+	}
+}
+
+func (m *Module) createUserForSAMLRequest(ctx context.Context, email string) (*types.User, error) {
+	// get auth domain from email domain
+	_, err := m.GetAuthDomainByEmail(ctx, email)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		return nil, err
+	}
+
+	// get name from email
+	parts := strings.Split(email, "@")
+	if len(parts) < 2 {
+		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid email format")
+	}
+	name := parts[0]
+
+	defaultOrgID, err := m.store.GetDefaultOrgID(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	user, err := types.NewUser(name, email, types.RoleViewer.String(), defaultOrgID)
+	if err != nil {
+		return nil, err
+	}
+
+	err = m.CreateUser(ctx, user)
+	if err != nil {
+		return nil, err
+	}
+
+	return user, nil
+}
+
+func (m *Module) PrepareSsoRedirect(ctx context.Context, redirectUri, email string, jwt *authtypes.JWT) (string, error) {
+	users, err := m.GetUsersByEmail(ctx, email)
+	if err != nil {
+		zap.L().Error("failed to get user with email received from auth provider", zap.String("error", err.Error()))
+		return "", err
+	}
+	user := &types.User{}
+
+	if len(users) == 0 {
+		newUser, err := m.createUserForSAMLRequest(ctx, email)
+		user = newUser
+		if err != nil {
+			zap.L().Error("failed to create user with email received from auth provider", zap.Error(err))
+			return "", err
+		}
+	} else {
+		user = &users[0].User
+	}
+
+	tokenStore, err := m.GetJWTForUser(ctx, user)
+	if err != nil {
+		zap.L().Error("failed to generate token for SSO login user", zap.Error(err))
+		return "", err
+	}
+
+	return fmt.Sprintf("%s?jwt=%s&usr=%s&refreshjwt=%s",
+		redirectUri,
+		tokenStore.AccessJwt,
+		user.ID,
+		tokenStore.RefreshJwt), nil
+}
+
+func (m *Module) CanUsePassword(ctx context.Context, email string) (bool, error) {
+	domain, err := m.GetAuthDomainByEmail(ctx, email)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		return false, err
+	}
+
+	if domain != nil && domain.SsoEnabled {
+		// sso is enabled, check if the user has admin role
+		users, err := m.GetUsersByEmail(ctx, email)
+		if err != nil {
+			return false, err
+		}
+
+		if len(users) == 0 {
+			return false, errors.New(errors.TypeNotFound, errors.CodeNotFound, "user not found")
+		}
+
+		if users[0].Role != types.RoleAdmin.String() {
+			return false, errors.New(errors.TypeForbidden, errors.CodeForbidden, "auth method not supported")
+		}
+
+	}
+
+	return true, nil
+}
+
+func (m *Module) LoginPrecheck(ctx context.Context, orgID, email, sourceUrl string) (*types.GettableLoginPrecheck, error) {
+	resp := &types.GettableLoginPrecheck{IsUser: true, CanSelfRegister: false}
+
+	// check if email is a valid user
+	users, err := m.GetUsersByEmail(ctx, email)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(users) == 0 {
+		resp.IsUser = false
+	}
+
+	// give them an option to select an org
+	if orgID == "" && len(users) > 1 {
+		resp.SelectOrg = true
+		resp.Orgs = make([]string, len(users))
+		for i, user := range users {
+			resp.Orgs[i] = user.OrgID
+		}
+		return resp, nil
+	}
+
+	// select the user with the corresponding orgID
+	if len(users) > 1 {
+		found := false
+		for _, tuser := range users {
+			if tuser.OrgID == orgID {
+				// user = tuser
+				found = true
+				break
+			}
+		}
+		if !found {
+			resp.IsUser = false
+			return resp, nil
+		}
+	}
+
+	// the EE handler wrapper passes the feature flag value in context
+	ssoAvailable, ok := ctx.Value(types.SSOAvailable).(bool)
+	if !ok {
+		zap.L().Error("failed to retrieve ssoAvailable from context")
+		return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "failed to retrieve SSO availability")
+	}
+
+	if ssoAvailable {
+
+		// TODO(Nitya): in multitenancy this should use orgId as well.
+		orgDomain, err := m.GetAuthDomainByEmail(ctx, email)
+		if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+			return nil, err
+		}
+
+		if orgDomain != nil && orgDomain.SsoEnabled {
+			// this is to allow self registration
+			resp.IsUser = true
+
+			// saml is enabled for this domain, lets prepare sso url
+			if sourceUrl == "" {
+				sourceUrl = constants.GetDefaultSiteURL()
+			}
+
+			// parse source url that generated the login request
+			var err error
+			escapedUrl, _ := url.QueryUnescape(sourceUrl)
+			siteUrl, err := url.Parse(escapedUrl)
+			if err != nil {
+				return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to parse referer")
+			}
+
+			// build Idp URL that will authenticat the user
+			// the front-end will redirect user to this url
+			resp.SSOUrl, err = orgDomain.BuildSsoUrl(siteUrl)
+			if err != nil {
+				zap.L().Error("failed to prepare saml request for domain", zap.String("domain", orgDomain.Name), zap.Error(err))
+				return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "failed to prepare saml request for domain")
+			}
+
+			// set SSO to true, as the url is generated correctly
+			resp.SSO = true
+		}
+	}
+	return resp, nil
+}
+
+func (m *Module) GetAuthDomainByEmail(ctx context.Context, email string) (*types.GettableOrgDomain, error) {
+
+	if email == "" {
+		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "email is required")
+	}
+
+	components := strings.Split(email, "@")
+	if len(components) < 2 {
+		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid email format")
+	}
+
+	domain, err := m.store.GetDomainByName(ctx, components[1])
+	if err != nil {
+		return nil, err
+	}
+
+	gettableDomain := &types.GettableOrgDomain{StorableOrgDomain: *domain}
+	if err := gettableDomain.LoadConfig(domain.Data); err != nil {
+		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to load domain config")
+	}
+	return gettableDomain, nil
+}

ee/modules/user/impluser/store.go

@@ -0,0 +1,37 @@
+package impluser
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	baseimpl "github.com/SigNoz/signoz/pkg/modules/user/impluser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+)
+
+type store struct {
+	*baseimpl.Store
+	sqlstore sqlstore.SQLStore
+}
+
+func NewStore(sqlstore sqlstore.SQLStore) types.UserStore {
+	baseStore := baseimpl.NewStore(sqlstore).(*baseimpl.Store)
+	return &store{
+		Store:    baseStore,
+		sqlstore: sqlstore,
+	}
+}
+
+func (s *store) GetDomainByName(ctx context.Context, name string) (*types.StorableOrgDomain, error) {
+	domain := new(types.StorableOrgDomain)
+	err := s.sqlstore.BunDB().NewSelect().
+		Model(domain).
+		Where("name = ?", name).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		return nil, errors.Wrapf(err, errors.TypeNotFound, errors.CodeNotFound, "failed to get domain from name")
+	}
+	return domain, nil
+}

ee/query-service/.dockerignore

@@ -0,0 +1,4 @@
+.vscode
+README.md
+signoz.db
+bin

ee/query-service/.goreleaser.yaml

@@ -11,7 +11,7 @@ before:
 builds:
   - id: signoz
     binary: bin/signoz
-    main: cmd/enterprise
+    main: ee/query-service/main.go
     env:
       - CGO_ENABLED=1
       - >-
@@ -39,7 +39,6 @@ builds:
       - -X github.com/SigNoz/signoz/ee/zeus.deprecatedURL=https://license.signoz.io
       - -X github.com/SigNoz/signoz/ee/query-service/constants.ZeusURL=https://api.signoz.cloud
       - -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1
-      - -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr
       - >-
         {{- if eq .Os "linux" }}-linkmode external -extldflags '-static'{{- end }}
     mod_timestamp: "{{ .CommitTimestamp }}"

ee/query-service/Dockerfile

@@ -11,9 +11,11 @@ RUN apk update && \
 
 
 COPY ./target/${OS}-${TARGETARCH}/signoz /root/signoz
+COPY ./conf/prometheus.yml /root/config/prometheus.yml
 COPY ./templates/email /root/templates
 COPY frontend/build/ /etc/signoz/web/
 
 RUN chmod 755 /root /root/signoz
 
-ENTRYPOINT ["./signoz", "server"]
+ENTRYPOINT ["./signoz"]
+CMD ["-config", "/root/config/prometheus.yml"]

ee/query-service/Dockerfile.integration

@@ -23,7 +23,6 @@ COPY go.mod go.sum ./
 
 RUN go mod download
 
-COPY ./cmd/ ./cmd/
 COPY ./ee/ ./ee/
 COPY ./pkg/ ./pkg/
 COPY ./templates/email /root/templates
@@ -34,4 +33,4 @@ RUN mv /root/linux-${TARGETARCH}/signoz /root/signoz
 
 RUN chmod 755 /root /root/signoz
 
-ENTRYPOINT ["/root/signoz", "server"]
+ENTRYPOINT ["/root/signoz"]

ee/query-service/Dockerfile.multi-arch

@@ -12,9 +12,11 @@ RUN apk update && \
     rm -rf /var/cache/apk/*
 
 COPY ./target/${OS}-${ARCH}/signoz /root/signoz
+COPY ./conf/prometheus.yml /root/config/prometheus.yml
 COPY ./templates/email /root/templates
 COPY frontend/build/ /etc/signoz/web/
 
 RUN chmod 755 /root /root/signoz
 
-ENTRYPOINT ["./signoz", "server"]
+ENTRYPOINT ["./signoz"]
+CMD ["-config", "/root/config/prometheus.yml"]

ee/query-service/app/api/api.go

@@ -1,34 +1,47 @@
 package api
 
 import (
+	"context"
 	"net/http"
 	"net/http/httputil"
 	"time"
 
-	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
+	"github.com/SigNoz/signoz/ee/query-service/dao"
 	"github.com/SigNoz/signoz/ee/query-service/integrations/gateway"
+	"github.com/SigNoz/signoz/ee/query-service/interfaces"
+	"github.com/SigNoz/signoz/ee/query-service/license"
+	"github.com/SigNoz/signoz/ee/query-service/model"
 	"github.com/SigNoz/signoz/ee/query-service/usage"
 	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/apis/fields"
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
-	querierAPI "github.com/SigNoz/signoz/pkg/querier"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/modules/quickfilter"
+	quickfilterscore "github.com/SigNoz/signoz/pkg/modules/quickfilter/core"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
-	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
+	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	rules "github.com/SigNoz/signoz/pkg/query-service/rules"
 	"github.com/SigNoz/signoz/pkg/signoz"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/gorilla/mux"
+	"go.uber.org/zap"
 )
 
 type APIHandlerOptions struct {
-	DataConnector                 interfaces.Reader
+	DataConnector                 interfaces.DataConnector
+	PreferSpanMetrics             bool
+	AppDao                        dao.ModelDao
 	RulesManager                  *rules.Manager
 	UsageManager                  *usage.Manager
+	FeatureFlags                  baseint.FeatureLookup
+	LicenseManager                *license.Manager
 	IntegrationsController        *integrations.Controller
 	CloudIntegrationsController   *cloudintegrations.Controller
 	LogsParsingPipelineController *logparsingpipeline.LogParsingPipelineController
@@ -48,18 +61,22 @@ type APIHandler struct {
 
 // NewAPIHandler returns an APIHandler
 func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz) (*APIHandler, error) {
+	quickfiltermodule := quickfilterscore.NewQuickFilters(quickfilterscore.NewStore(signoz.SQLStore))
+	quickFilter := quickfilter.NewAPI(quickfiltermodule)
 	baseHandler, err := baseapp.NewAPIHandler(baseapp.APIHandlerOpts{
 		Reader:                        opts.DataConnector,
+		PreferSpanMetrics:             opts.PreferSpanMetrics,
 		RuleManager:                   opts.RulesManager,
+		FeatureFlags:                  opts.FeatureFlags,
 		IntegrationsController:        opts.IntegrationsController,
 		CloudIntegrationsController:   opts.CloudIntegrationsController,
 		LogsParsingPipelineController: opts.LogsParsingPipelineController,
 		FluxInterval:                  opts.FluxInterval,
 		AlertmanagerAPI:               alertmanager.NewAPI(signoz.Alertmanager),
-		LicensingAPI:                  httplicensing.NewLicensingAPI(signoz.Licensing),
-		FieldsAPI:                     fields.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.TelemetryStore),
+		FieldsAPI:                     fields.NewAPI(signoz.TelemetryStore),
 		Signoz:                        signoz,
-		QuerierAPI:                    querierAPI.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.Querier),
+		QuickFilters:                  quickFilter,
+		QuickFilterModule:             quickfiltermodule,
 	})
 
 	if err != nil {
@@ -73,39 +90,79 @@ func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz) (*APIHandler,
 	return ah, nil
 }
 
+func (ah *APIHandler) FF() baseint.FeatureLookup {
+	return ah.opts.FeatureFlags
+}
+
 func (ah *APIHandler) RM() *rules.Manager {
 	return ah.opts.RulesManager
 }
 
+func (ah *APIHandler) LM() *license.Manager {
+	return ah.opts.LicenseManager
+}
+
 func (ah *APIHandler) UM() *usage.Manager {
 	return ah.opts.UsageManager
 }
 
+func (ah *APIHandler) AppDao() dao.ModelDao {
+	return ah.opts.AppDao
+}
+
 func (ah *APIHandler) Gateway() *httputil.ReverseProxy {
 	return ah.opts.Gateway
 }
 
+func (ah *APIHandler) CheckFeature(f string) bool {
+	err := ah.FF().CheckFeature(f)
+	return err == nil
+}
+
 // RegisterRoutes registers routes for this handler on the given router
 func (ah *APIHandler) RegisterRoutes(router *mux.Router, am *middleware.AuthZ) {
 	// note: add ee override methods first
 
 	// routes available only in ee version
-	router.HandleFunc("/api/v1/features", am.ViewAccess(ah.getFeatureFlags)).Methods(http.MethodGet)
+
+	router.HandleFunc("/api/v1/featureFlags", am.OpenAccess(ah.getFeatureFlags)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/loginPrecheck", am.OpenAccess(ah.loginPrecheck)).Methods(http.MethodGet)
+
+	// invite
+	router.HandleFunc("/api/v1/invite/{token}", am.OpenAccess(ah.getInvite)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/invite/accept", am.OpenAccess(ah.acceptInvite)).Methods(http.MethodPost)
 
 	// paid plans specific routes
 	router.HandleFunc("/api/v1/complete/saml", am.OpenAccess(ah.receiveSAML)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/complete/google", am.OpenAccess(ah.receiveGoogleAuth)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/orgs/{orgId}/domains", am.AdminAccess(ah.listDomainsByOrg)).Methods(http.MethodGet)
+
+	router.HandleFunc("/api/v1/domains", am.AdminAccess(ah.postDomain)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/domains/{id}", am.AdminAccess(ah.putDomain)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v1/domains/{id}", am.AdminAccess(ah.deleteDomain)).Methods(http.MethodDelete)
 
 	// base overrides
 	router.HandleFunc("/api/v1/version", am.OpenAccess(ah.getVersion)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/login", am.OpenAccess(ah.loginUser)).Methods(http.MethodPost)
 
-	router.HandleFunc("/api/v1/checkout", am.AdminAccess(ah.LicensingAPI.Checkout)).Methods(http.MethodPost)
+	// PAT APIs
+	router.HandleFunc("/api/v1/pats", am.AdminAccess(ah.createPAT)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/pats", am.AdminAccess(ah.getPATs)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/pats/{id}", am.AdminAccess(ah.updatePAT)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v1/pats/{id}", am.AdminAccess(ah.revokePAT)).Methods(http.MethodDelete)
+
+	router.HandleFunc("/api/v1/checkout", am.AdminAccess(ah.checkout)).Methods(http.MethodPost)
 	router.HandleFunc("/api/v1/billing", am.AdminAccess(ah.getBilling)).Methods(http.MethodGet)
-	router.HandleFunc("/api/v1/portal", am.AdminAccess(ah.LicensingAPI.Portal)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/portal", am.AdminAccess(ah.portalSession)).Methods(http.MethodPost)
+
+	router.HandleFunc("/api/v1/dashboards/{uuid}/lock", am.EditAccess(ah.lockDashboard)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v1/dashboards/{uuid}/unlock", am.EditAccess(ah.unlockDashboard)).Methods(http.MethodPut)
 
 	// v3
-	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.LicensingAPI.Activate)).Methods(http.MethodPost)
-	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.LicensingAPI.Refresh)).Methods(http.MethodPut)
-	router.HandleFunc("/api/v3/licenses/active", am.ViewAccess(ah.LicensingAPI.GetActive)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v3/licenses", am.ViewAccess(ah.listLicensesV3)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.applyLicenseV3)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.refreshLicensesV3)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v3/licenses/active", am.ViewAccess(ah.getActiveLicenseV3)).Methods(http.MethodGet)
 
 	// v4
 	router.HandleFunc("/api/v4/query_range", am.ViewAccess(ah.queryRangeV4)).Methods(http.MethodPost)
@@ -117,6 +174,54 @@ func (ah *APIHandler) RegisterRoutes(router *mux.Router, am *middleware.AuthZ) {
 
 }
 
+// TODO(nitya): remove this once we know how to get the FF's
+func (ah *APIHandler) updateRequestContext(w http.ResponseWriter, r *http.Request) (*http.Request, error) {
+	ssoAvailable := true
+	err := ah.FF().CheckFeature(model.SSO)
+	if err != nil {
+		switch err.(type) {
+		case basemodel.ErrFeatureUnavailable:
+			// do nothing, just skip sso
+			ssoAvailable = false
+		default:
+			zap.L().Error("feature check failed", zap.String("featureKey", model.SSO), zap.Error(err))
+			return r, errors.New(errors.TypeInternal, errors.CodeInternal, "error checking SSO feature")
+		}
+	}
+	ctx := context.WithValue(r.Context(), types.SSOAvailable, ssoAvailable)
+	return r.WithContext(ctx), nil
+}
+
+func (ah *APIHandler) loginPrecheck(w http.ResponseWriter, r *http.Request) {
+	r, err := ah.updateRequestContext(w, r)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+	ah.Signoz.Handlers.User.LoginPrecheck(w, r)
+	return
+}
+
+func (ah *APIHandler) acceptInvite(w http.ResponseWriter, r *http.Request) {
+	r, err := ah.updateRequestContext(w, r)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+	ah.Signoz.Handlers.User.AcceptInvite(w, r)
+	return
+}
+
+func (ah *APIHandler) getInvite(w http.ResponseWriter, r *http.Request) {
+	r, err := ah.updateRequestContext(w, r)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+	ah.Signoz.Handlers.User.GetInvite(w, r)
+	return
+}
+
 func (ah *APIHandler) RegisterCloudIntegrationsRoutes(router *mux.Router, am *middleware.AuthZ) {
 
 	ah.APIHandler.RegisterCloudIntegrationsRoutes(router, am)

ee/query-service/app/api/auth.go

@@ -3,16 +3,41 @@ package api
 import (
 	"context"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 
 	"go.uber.org/zap"
 
-	"github.com/SigNoz/signoz/pkg/query-service/constants"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/http/render"
 )
 
+func parseRequest(r *http.Request, req interface{}) error {
+	defer r.Body.Close()
+	requestBody, err := io.ReadAll(r.Body)
+	if err != nil {
+		return err
+	}
+
+	err = json.Unmarshal(requestBody, &req)
+	return err
+}
+
+// loginUser overrides base handler and considers SSO case.
+func (ah *APIHandler) loginUser(w http.ResponseWriter, r *http.Request) {
+	r, err := ah.updateRequestContext(w, r)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+	ah.Signoz.Handlers.User.Login(w, r)
+	return
+}
+
 func handleSsoError(w http.ResponseWriter, r *http.Request, redirectURL string) {
 	ssoError := []byte("Login failed. Please contact your system administrator")
 	dst := make([]byte, base64.StdEncoding.EncodedLen(len(ssoError)))
@@ -21,12 +46,84 @@ func handleSsoError(w http.ResponseWriter, r *http.Request, redirectURL string)
 	http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectURL, string(dst)), http.StatusSeeOther)
 }
 
+// receiveGoogleAuth completes google OAuth response and forwards a request
+// to front-end to sign user in
+func (ah *APIHandler) receiveGoogleAuth(w http.ResponseWriter, r *http.Request) {
+	redirectUri := constants.GetDefaultSiteURL()
+	ctx := context.Background()
+
+	if !ah.CheckFeature(model.SSO) {
+		zap.L().Error("[receiveGoogleAuth] sso requested but feature unavailable in org domain")
+		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently)
+		return
+	}
+
+	q := r.URL.Query()
+	if errType := q.Get("error"); errType != "" {
+		zap.L().Error("[receiveGoogleAuth] failed to login with google auth", zap.String("error", errType), zap.String("error_description", q.Get("error_description")))
+		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "failed to login through SSO "), http.StatusMovedPermanently)
+		return
+	}
+
+	relayState := q.Get("state")
+	zap.L().Debug("[receiveGoogleAuth] relay state received", zap.String("state", relayState))
+
+	parsedState, err := url.Parse(relayState)
+	if err != nil || relayState == "" {
+		zap.L().Error("[receiveGoogleAuth] failed to process response - invalid response from IDP", zap.Error(err), zap.Any("request", r))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	// upgrade redirect url from the relay state for better accuracy
+	redirectUri = fmt.Sprintf("%s://%s%s", parsedState.Scheme, parsedState.Host, "/login")
+
+	// fetch domain by parsing relay state.
+	domain, err := ah.AppDao().GetDomainFromSsoResponse(ctx, parsedState)
+	if err != nil {
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	// now that we have domain, use domain to fetch sso settings.
+	// prepare google callback handler using parsedState -
+	// which contains redirect URL (front-end endpoint)
+	callbackHandler, err := domain.PrepareGoogleOAuthProvider(parsedState)
+	if err != nil {
+		zap.L().Error("[receiveGoogleAuth] failed to prepare google oauth provider", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	identity, err := callbackHandler.HandleCallback(r)
+	if err != nil {
+		zap.L().Error("[receiveGoogleAuth] failed to process HandleCallback ", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	nextPage, err := ah.Signoz.Modules.User.PrepareSsoRedirect(ctx, redirectUri, identity.Email, ah.opts.JWT)
+	if err != nil {
+		zap.L().Error("[receiveGoogleAuth] failed to generate redirect URI after successful login ", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	http.Redirect(w, r, nextPage, http.StatusSeeOther)
+}
+
 // receiveSAML completes a SAML request and gets user logged in
 func (ah *APIHandler) receiveSAML(w http.ResponseWriter, r *http.Request) {
 	// this is the source url that initiated the login request
 	redirectUri := constants.GetDefaultSiteURL()
 	ctx := context.Background()
 
+	if !ah.CheckFeature(model.SSO) {
+		zap.L().Error("[receiveSAML] sso requested but feature unavailable in org domain")
+		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently)
+		return
+	}
+
 	err := r.ParseForm()
 	if err != nil {
 		zap.L().Error("[receiveSAML] failed to process response - invalid response from IDP", zap.Error(err), zap.Any("request", r))
@@ -50,25 +147,12 @@ func (ah *APIHandler) receiveSAML(w http.ResponseWriter, r *http.Request) {
 	redirectUri = fmt.Sprintf("%s://%s%s", parsedState.Scheme, parsedState.Host, "/login")
 
 	// fetch domain by parsing relay state.
-	domain, err := ah.Signoz.Modules.User.GetDomainFromSsoResponse(ctx, parsedState)
+	domain, err := ah.AppDao().GetDomainFromSsoResponse(ctx, parsedState)
 	if err != nil {
 		handleSsoError(w, r, redirectUri)
 		return
 	}
 
-	orgID, err := valuer.NewUUID(domain.OrgID)
-	if err != nil {
-		handleSsoError(w, r, redirectUri)
-		return
-	}
-
-	_, err = ah.Signoz.Licensing.GetActive(ctx, orgID)
-	if err != nil {
-		zap.L().Error("[receiveSAML] sso requested but feature unavailable in org domain")
-		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently)
-		return
-	}
-
 	sp, err := domain.PrepareSamlRequest(parsedState)
 	if err != nil {
 		zap.L().Error("[receiveSAML] failed to prepare saml request for domain", zap.String("domain", domain.String()), zap.Error(err))
@@ -96,7 +180,7 @@ func (ah *APIHandler) receiveSAML(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	nextPage, err := ah.Signoz.Modules.User.PrepareSsoRedirect(ctx, redirectUri, email)
+	nextPage, err := ah.Signoz.Modules.User.PrepareSsoRedirect(ctx, redirectUri, email, ah.opts.JWT)
 	if err != nil {
 		zap.L().Error("[receiveSAML] failed to generate redirect URI after successful login ", zap.String("domain", domain.String()), zap.Error(err))
 		handleSsoError(w, r, redirectUri)

ee/query-service/app/api/cloudIntegrations.go

@@ -11,12 +11,12 @@ import (
 	"time"
 
 	"github.com/SigNoz/signoz/ee/query-service/constants"
+	eeTypes "github.com/SigNoz/signoz/ee/types"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/google/uuid"
 	"github.com/gorilla/mux"
 	"go.uber.org/zap"
@@ -36,12 +36,6 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		return
 	}
 
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
 	cloudProvider := mux.Vars(r)["cloudProvider"]
 	if cloudProvider != "aws" {
 		RespondError(w, basemodel.BadRequest(fmt.Errorf(
@@ -62,9 +56,11 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		SigNozAPIKey: apiKey,
 	}
 
-	license, err := ah.Signoz.Licensing.GetActive(r.Context(), orgID)
-	if err != nil {
-		render.Error(w, err)
+	license, apiErr := ah.LM().GetRepo().GetActiveLicense(r.Context())
+	if apiErr != nil {
+		RespondError(w, basemodel.WrapApiError(
+			apiErr, "couldn't look for active license",
+		), nil)
 		return
 	}
 
@@ -120,21 +116,14 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId
 		return "", apiErr
 	}
 
-	orgIdUUID, err := valuer.NewUUID(orgId)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't parse orgId: %w", err,
-		))
-	}
-
-	allPats, err := ah.Signoz.Modules.User.ListAPIKeys(ctx, orgIdUUID)
+	allPats, err := ah.AppDao().ListPATs(ctx, orgId)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't list PATs: %w", err,
 		))
 	}
 	for _, p := range allPats {
-		if p.UserID == integrationUser.ID && p.Name == integrationPATName {
+		if p.UserID == integrationUser.ID.String() && p.Name == integrationPATName {
 			return p.Token, nil
 		}
 	}
@@ -144,25 +133,19 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId
 		zap.String("cloudProvider", cloudProvider),
 	)
 
-	newPAT, err := types.NewStorableAPIKey(
+	newPAT := eeTypes.NewGettablePAT(
 		integrationPATName,
-		integrationUser.ID,
-		types.RoleViewer,
+		types.RoleViewer.String(),
+		integrationUser.ID.String(),
 		0,
 	)
+	integrationPAT, err := ah.AppDao().CreatePAT(ctx, orgId, newPAT)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't create cloud integration PAT: %w", err,
 		))
 	}
-
-	err = ah.Signoz.Modules.User.CreateAPIKey(ctx, newPAT)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't create cloud integration PAT: %w", err,
-		))
-	}
-	return newPAT.Token, nil
+	return integrationPAT.Token, nil
 }
 
 func (ah *APIHandler) getOrCreateCloudIntegrationUser(

ee/query-service/app/api/dashboard.go

@@ -0,0 +1,62 @@
+package api
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/gorilla/mux"
+)
+
+func (ah *APIHandler) lockDashboard(w http.ResponseWriter, r *http.Request) {
+	ah.lockUnlockDashboard(w, r, true)
+}
+
+func (ah *APIHandler) unlockDashboard(w http.ResponseWriter, r *http.Request) {
+	ah.lockUnlockDashboard(w, r, false)
+}
+
+func (ah *APIHandler) lockUnlockDashboard(w http.ResponseWriter, r *http.Request, lock bool) {
+	// Locking can only be done by the owner of the dashboard
+	// or an admin
+
+	// - Fetch the dashboard
+	// - Check if the user is the owner or an admin
+	// - If yes, lock/unlock the dashboard
+	// - If no, return 403
+
+	// Get the dashboard UUID from the request
+	uuid := mux.Vars(r)["uuid"]
+	if strings.HasPrefix(uuid, "integration") {
+		render.Error(w, errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "dashboards created by integrations cannot be modified"))
+		return
+	}
+
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, errors.Newf(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "unauthenticated"))
+		return
+	}
+
+	dashboard, err := ah.Signoz.Modules.Dashboard.Get(r.Context(), claims.OrgID, uuid)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if err := claims.IsAdmin(); err != nil && (dashboard.CreatedBy != claims.Email) {
+		render.Error(w, errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "You are not authorized to lock/unlock this dashboard"))
+		return
+	}
+
+	// Lock/Unlock the dashboard
+	err = ah.Signoz.Modules.Dashboard.LockUnlock(r.Context(), claims.OrgID, uuid, lock)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	ah.Respond(w, "Dashboard updated successfully")
+}

ee/query-service/app/api/domains.go

@@ -0,0 +1,91 @@
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/google/uuid"
+	"github.com/gorilla/mux"
+)
+
+func (ah *APIHandler) listDomainsByOrg(w http.ResponseWriter, r *http.Request) {
+	orgId := mux.Vars(r)["orgId"]
+	domains, apierr := ah.AppDao().ListDomains(context.Background(), orgId)
+	if apierr != nil {
+		RespondError(w, apierr, domains)
+		return
+	}
+	ah.Respond(w, domains)
+}
+
+func (ah *APIHandler) postDomain(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
+
+	req := types.GettableOrgDomain{}
+
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if err := req.ValidNew(); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if apierr := ah.AppDao().CreateDomain(ctx, &req); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, &req)
+}
+
+func (ah *APIHandler) putDomain(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
+
+	domainIdStr := mux.Vars(r)["id"]
+	domainId, err := uuid.Parse(domainIdStr)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	req := types.GettableOrgDomain{StorableOrgDomain: types.StorableOrgDomain{ID: domainId}}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+	req.ID = domainId
+	if err := req.Valid(nil); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+	}
+
+	if apierr := ah.AppDao().UpdateDomain(ctx, &req); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, &req)
+}
+
+func (ah *APIHandler) deleteDomain(w http.ResponseWriter, r *http.Request) {
+	domainIdStr := mux.Vars(r)["id"]
+
+	domainId, err := uuid.Parse(domainIdStr)
+	if err != nil {
+		RespondError(w, model.BadRequest(fmt.Errorf("invalid domain id")), nil)
+		return
+	}
+
+	apierr := ah.AppDao().DeleteDomain(context.Background(), domainId)
+	if apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+	ah.Respond(w, nil)
+}

ee/query-service/app/api/featureFlags.go

@@ -9,29 +9,13 @@ import (
 	"time"
 
 	"github.com/SigNoz/signoz/ee/query-service/constants"
-	pkgError "github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"go.uber.org/zap"
 )
 
 func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(w, pkgError.Newf(pkgError.TypeInvalidInput, pkgError.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	featureSet, err := ah.Signoz.Licensing.GetFeatureFlags(r.Context(), orgID)
+	featureSet, err := ah.FF().GetFeatureFlags()
 	if err != nil {
 		ah.HandleError(w, err, http.StatusInternalServerError)
 		return
@@ -39,7 +23,7 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 
 	if constants.FetchFeatures == "true" {
 		zap.L().Debug("fetching license")
-		license, err := ah.Signoz.Licensing.GetActive(ctx, orgID)
+		license, err := ah.LM().GetRepo().GetActiveLicense(ctx)
 		if err != nil {
 			zap.L().Error("failed to fetch license", zap.Error(err))
 		} else if license == nil {
@@ -59,17 +43,10 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
-	if constants.IsPreferSpanMetrics {
-		for idx, feature := range featureSet {
-			if feature.Name == licensetypes.UseSpanMetrics {
-				featureSet[idx].Active = true
-			}
-		}
-	}
-
-	if constants.IsDotMetricsEnabled {
-		for idx, feature := range featureSet {
-			if feature.Name == licensetypes.DotMetricsEnabled {
+	if ah.opts.PreferSpanMetrics {
+		for idx := range featureSet {
+			feature := &featureSet[idx]
+			if feature.Name == basemodel.UseSpanMetrics {
 				featureSet[idx].Active = true
 			}
 		}
@@ -80,7 +57,7 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 
 // fetchZeusFeatures makes an HTTP GET request to the /zeusFeatures endpoint
 // and returns the FeatureSet.
-func fetchZeusFeatures(url, licenseKey string) ([]*licensetypes.Feature, error) {
+func fetchZeusFeatures(url, licenseKey string) (basemodel.FeatureSet, error) {
 	// Check if the URL is empty
 	if url == "" {
 		return nil, fmt.Errorf("url is empty")
@@ -139,28 +116,28 @@ func fetchZeusFeatures(url, licenseKey string) ([]*licensetypes.Feature, error)
 }
 
 type ZeusFeaturesResponse struct {
-	Status string                  `json:"status"`
-	Data   []*licensetypes.Feature `json:"data"`
+	Status string               `json:"status"`
+	Data   basemodel.FeatureSet `json:"data"`
 }
 
 // MergeFeatureSets merges two FeatureSet arrays with precedence to zeusFeatures.
-func MergeFeatureSets(zeusFeatures, internalFeatures []*licensetypes.Feature) []*licensetypes.Feature {
+func MergeFeatureSets(zeusFeatures, internalFeatures basemodel.FeatureSet) basemodel.FeatureSet {
 	// Create a map to store the merged features
-	featureMap := make(map[string]*licensetypes.Feature)
+	featureMap := make(map[string]basemodel.Feature)
 
 	// Add all features from the otherFeatures set to the map
 	for _, feature := range internalFeatures {
-		featureMap[feature.Name.StringValue()] = feature
+		featureMap[feature.Name] = feature
 	}
 
 	// Add all features from the zeusFeatures set to the map
 	// If a feature already exists (i.e., same name), the zeusFeature will overwrite it
 	for _, feature := range zeusFeatures {
-		featureMap[feature.Name.StringValue()] = feature
+		featureMap[feature.Name] = feature
 	}
 
 	// Convert the map back to a FeatureSet slice
-	var mergedFeatures []*licensetypes.Feature
+	var mergedFeatures basemodel.FeatureSet
 	for _, feature := range featureMap {
 		mergedFeatures = append(mergedFeatures, feature)
 	}

ee/query-service/app/api/featureFlags_test.go

@@ -3,79 +3,78 @@ package api
 import (
 	"testing"
 
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/stretchr/testify/assert"
 )
 
 func TestMergeFeatureSets(t *testing.T) {
 	tests := []struct {
 		name             string
-		zeusFeatures     []*licensetypes.Feature
-		internalFeatures []*licensetypes.Feature
-		expected         []*licensetypes.Feature
+		zeusFeatures     basemodel.FeatureSet
+		internalFeatures basemodel.FeatureSet
+		expected         basemodel.FeatureSet
 	}{
 		{
 			name:             "empty zeusFeatures and internalFeatures",
-			zeusFeatures:     []*licensetypes.Feature{},
-			internalFeatures: []*licensetypes.Feature{},
-			expected:         []*licensetypes.Feature{},
+			zeusFeatures:     basemodel.FeatureSet{},
+			internalFeatures: basemodel.FeatureSet{},
+			expected:         basemodel.FeatureSet{},
 		},
 		{
 			name: "non-empty zeusFeatures and empty internalFeatures",
-			zeusFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
-			internalFeatures: []*licensetypes.Feature{},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			internalFeatures: basemodel.FeatureSet{},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
 		},
 		{
 			name:         "empty zeusFeatures and non-empty internalFeatures",
-			zeusFeatures: []*licensetypes.Feature{},
-			internalFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{},
+			internalFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
 		},
 		{
 			name: "non-empty zeusFeatures and non-empty internalFeatures with no conflicts",
-			zeusFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature3"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature3", Active: false},
 			},
-			internalFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature2"), Active: true},
-				{Name: valuer.NewString("Feature4"), Active: false},
+			internalFeatures: basemodel.FeatureSet{
+				{Name: "Feature2", Active: true},
+				{Name: "Feature4", Active: false},
 			},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: true},
-				{Name: valuer.NewString("Feature3"), Active: false},
-				{Name: valuer.NewString("Feature4"), Active: false},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: true},
+				{Name: "Feature3", Active: false},
+				{Name: "Feature4", Active: false},
 			},
 		},
 		{
 			name: "non-empty zeusFeatures and non-empty internalFeatures with conflicts",
-			zeusFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
-			internalFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: false},
-				{Name: valuer.NewString("Feature3"), Active: true},
+			internalFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: false},
+				{Name: "Feature3", Active: true},
 			},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
-				{Name: valuer.NewString("Feature3"), Active: true},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
+				{Name: "Feature3", Active: true},
 			},
 		},
 	}

ee/query-service/app/api/gateway.go

@@ -5,26 +5,10 @@ import (
 	"strings"
 
 	"github.com/SigNoz/signoz/ee/query-service/integrations/gateway"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
 func (ah *APIHandler) ServeGatewayHTTP(rw http.ResponseWriter, req *http.Request) {
 	ctx := req.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
 	validPath := false
 	for _, allowedPrefix := range gateway.AllowedPrefix {
 		if strings.HasPrefix(req.URL.Path, gateway.RoutePrefix+allowedPrefix) {
@@ -38,9 +22,9 @@ func (ah *APIHandler) ServeGatewayHTTP(rw http.ResponseWriter, req *http.Request
 		return
 	}
 
-	license, err := ah.Signoz.Licensing.GetActive(ctx, orgID)
+	license, err := ah.LM().GetRepo().GetActiveLicense(ctx)
 	if err != nil {
-		render.Error(rw, err)
+		RespondError(rw, err, nil)
 		return
 	}
 

ee/query-service/app/api/license.go

@@ -6,7 +6,11 @@ import (
 	"net/http"
 
 	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/integrations/signozio"
 	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/query-service/telemetry"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 )
 
 type DayWiseBreakdown struct {
@@ -45,6 +49,10 @@ type details struct {
 	BillTotal float64         `json:"billTotal"`
 }
 
+type Redirect struct {
+	RedirectURL string `json:"redirectURL"`
+}
+
 type billingDetails struct {
 	Status string `json:"status"`
 	Data   struct {
@@ -56,6 +64,97 @@ type billingDetails struct {
 	} `json:"data"`
 }
 
+type ApplyLicenseRequest struct {
+	LicenseKey string `json:"key"`
+}
+
+func (ah *APIHandler) listLicensesV3(w http.ResponseWriter, r *http.Request) {
+	ah.listLicensesV2(w, r)
+}
+
+func (ah *APIHandler) getActiveLicenseV3(w http.ResponseWriter, r *http.Request) {
+	activeLicense, err := ah.LM().GetRepo().GetActiveLicenseV3(r.Context())
+	if err != nil {
+		RespondError(w, &model.ApiError{Typ: model.ErrorInternal, Err: err}, nil)
+		return
+	}
+
+	// return 404 not found if there is no active license
+	if activeLicense == nil {
+		RespondError(w, &model.ApiError{Typ: model.ErrorNotFound, Err: fmt.Errorf("no active license found")}, nil)
+		return
+	}
+
+	// TODO deprecate this when we move away from key for stripe
+	activeLicense.Data["key"] = activeLicense.Key
+	render.Success(w, http.StatusOK, activeLicense.Data)
+}
+
+// this function is called by zeus when inserting licenses in the query-service
+func (ah *APIHandler) applyLicenseV3(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	var licenseKey ApplyLicenseRequest
+	if err := json.NewDecoder(r.Body).Decode(&licenseKey); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if licenseKey.LicenseKey == "" {
+		RespondError(w, model.BadRequest(fmt.Errorf("license key is required")), nil)
+		return
+	}
+
+	_, err = ah.LM().ActivateV3(r.Context(), licenseKey.LicenseKey)
+	if err != nil {
+		telemetry.GetInstance().SendEvent(telemetry.TELEMETRY_LICENSE_ACT_FAILED, map[string]interface{}{"err": err.Error()}, claims.Email, true, false)
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusAccepted, nil)
+}
+
+func (ah *APIHandler) refreshLicensesV3(w http.ResponseWriter, r *http.Request) {
+	err := ah.LM().RefreshLicense(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusNoContent, nil)
+}
+
+func getCheckoutPortalResponse(redirectURL string) *Redirect {
+	return &Redirect{RedirectURL: redirectURL}
+}
+
+func (ah *APIHandler) checkout(w http.ResponseWriter, r *http.Request) {
+	checkoutRequest := &model.CheckoutRequest{}
+	if err := json.NewDecoder(r.Body).Decode(checkoutRequest); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	license := ah.LM().GetActiveLicense()
+	if license == nil {
+		RespondError(w, model.BadRequestStr("cannot proceed with checkout without license key"), nil)
+		return
+	}
+
+	redirectUrl, err := signozio.CheckoutSession(r.Context(), checkoutRequest, license.Key, ah.Signoz.Zeus)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	ah.Respond(w, getCheckoutPortalResponse(redirectUrl))
+}
+
 func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 	licenseKey := r.URL.Query().Get("licenseKey")
 
@@ -89,3 +188,71 @@ func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 	// TODO(srikanthccv):Fetch the current day usage and add it to the response
 	ah.Respond(w, billingResponse.Data)
 }
+
+func convertLicenseV3ToLicenseV2(licenses []*model.LicenseV3) []model.License {
+	licensesV2 := []model.License{}
+	for _, l := range licenses {
+		planKeyFromPlanName, ok := model.MapOldPlanKeyToNewPlanName[l.PlanName]
+		if !ok {
+			planKeyFromPlanName = model.Basic
+		}
+		licenseV2 := model.License{
+			Key:               l.Key,
+			ActivationId:      "",
+			PlanDetails:       "",
+			FeatureSet:        l.Features,
+			ValidationMessage: "",
+			IsCurrent:         l.IsCurrent,
+			LicensePlan: model.LicensePlan{
+				PlanKey:    planKeyFromPlanName,
+				ValidFrom:  l.ValidFrom,
+				ValidUntil: l.ValidUntil,
+				Status:     l.Status},
+		}
+		licensesV2 = append(licensesV2, licenseV2)
+	}
+	return licensesV2
+}
+
+func (ah *APIHandler) listLicensesV2(w http.ResponseWriter, r *http.Request) {
+	licensesV3, apierr := ah.LM().GetLicensesV3(r.Context())
+	if apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+	licenses := convertLicenseV3ToLicenseV2(licensesV3)
+
+	resp := model.Licenses{
+		TrialStart:                   -1,
+		TrialEnd:                     -1,
+		OnTrial:                      false,
+		WorkSpaceBlock:               false,
+		TrialConvertedToSubscription: false,
+		GracePeriodEnd:               -1,
+		Licenses:                     licenses,
+	}
+
+	ah.Respond(w, resp)
+}
+
+func (ah *APIHandler) portalSession(w http.ResponseWriter, r *http.Request) {
+	portalRequest := &model.PortalRequest{}
+	if err := json.NewDecoder(r.Body).Decode(portalRequest); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	license := ah.LM().GetActiveLicense()
+	if license == nil {
+		RespondError(w, model.BadRequestStr("cannot request the portal session without license key"), nil)
+		return
+	}
+
+	redirectUrl, err := signozio.PortalSession(r.Context(), portalRequest, license.Key, ah.Signoz.Zeus)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	ah.Respond(w, getCheckoutPortalResponse(redirectUrl))
+}

ee/query-service/app/api/pat.go

@@ -0,0 +1,186 @@
+package api
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"slices"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	eeTypes "github.com/SigNoz/signoz/ee/types"
+	"github.com/SigNoz/signoz/pkg/errors"
+	errorsV2 "github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/gorilla/mux"
+	"go.uber.org/zap"
+)
+
+func (ah *APIHandler) createPAT(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	req := model.CreatePATRequestBody{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	pat := eeTypes.NewGettablePAT(
+		req.Name,
+		req.Role,
+		claims.UserID,
+		req.ExpiresInDays,
+	)
+	err = validatePATRequest(pat)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	zap.L().Info("Got Create PAT request", zap.Any("pat", pat))
+	var apierr basemodel.BaseApiError
+	if pat, apierr = ah.AppDao().CreatePAT(r.Context(), claims.OrgID, pat); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, &pat)
+}
+
+func validatePATRequest(req eeTypes.GettablePAT) error {
+	_, err := types.NewRole(req.Role)
+	if err != nil {
+		return err
+	}
+
+	if req.ExpiresAt < 0 {
+		return fmt.Errorf("valid expiresAt is required")
+	}
+
+	if req.Name == "" {
+		return fmt.Errorf("valid name is required")
+	}
+
+	return nil
+}
+
+func (ah *APIHandler) updatePAT(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	req := eeTypes.GettablePAT{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	idStr := mux.Vars(r)["id"]
+	id, err := valuer.NewUUID(idStr)
+	if err != nil {
+		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is not a valid uuid-v7"))
+		return
+	}
+
+	//get the pat
+	existingPAT, err := ah.AppDao().GetPATByID(r.Context(), claims.OrgID, id)
+	if err != nil {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, err.Error()))
+		return
+	}
+
+	// get the user
+	createdByUser, err := ah.Signoz.Modules.User.GetUserByID(r.Context(), claims.OrgID, existingPAT.UserID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if slices.Contains(types.AllIntegrationUserEmails, types.IntegrationUserEmail(createdByUser.Email)) {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, "integration user pat cannot be updated"))
+		return
+	}
+
+	err = validatePATRequest(req)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	req.UpdatedByUserID = claims.UserID
+	req.UpdatedAt = time.Now()
+	var apierr basemodel.BaseApiError
+	if apierr = ah.AppDao().UpdatePAT(r.Context(), claims.OrgID, req, id); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, map[string]string{"data": "pat updated successfully"})
+}
+
+func (ah *APIHandler) getPATs(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	pats, apierr := ah.AppDao().ListPATs(r.Context(), claims.OrgID)
+	if apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, pats)
+}
+
+func (ah *APIHandler) revokePAT(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	idStr := mux.Vars(r)["id"]
+	id, err := valuer.NewUUID(idStr)
+	if err != nil {
+		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is not a valid uuid-v7"))
+		return
+	}
+
+	//get the pat
+	existingPAT, paterr := ah.AppDao().GetPATByID(r.Context(), claims.OrgID, id)
+	if paterr != nil {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, paterr.Error()))
+		return
+	}
+
+	// get the user
+	createdByUser, err := ah.Signoz.Modules.User.GetUserByID(r.Context(), claims.OrgID, existingPAT.UserID)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	if slices.Contains(types.AllIntegrationUserEmails, types.IntegrationUserEmail(createdByUser.Email)) {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, "integration user pat cannot be updated"))
+		return
+	}
+
+	zap.L().Info("Revoke PAT with id", zap.String("id", id.StringValue()))
+	if apierr := ah.AppDao().RevokePAT(r.Context(), claims.OrgID, id, claims.UserID); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+	ah.Respond(w, map[string]string{"data": "pat revoked successfully"})
+}

ee/query-service/app/db/reader.go

@@ -0,0 +1,39 @@
+package db
+
+import (
+	"time"
+
+	"github.com/ClickHouse/clickhouse-go/v2"
+
+	"github.com/SigNoz/signoz/pkg/cache"
+	"github.com/SigNoz/signoz/pkg/prometheus"
+	basechr "github.com/SigNoz/signoz/pkg/query-service/app/clickhouseReader"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/telemetrystore"
+)
+
+type ClickhouseReader struct {
+	conn  clickhouse.Conn
+	appdb sqlstore.SQLStore
+	*basechr.ClickHouseReader
+}
+
+func NewDataConnector(
+	sqlDB sqlstore.SQLStore,
+	telemetryStore telemetrystore.TelemetryStore,
+	prometheus prometheus.Prometheus,
+	cluster string,
+	fluxIntervalForTraceDetail time.Duration,
+	cache cache.Cache,
+) *ClickhouseReader {
+	chReader := basechr.NewReader(sqlDB, telemetryStore, prometheus, cluster, fluxIntervalForTraceDetail, cache)
+	return &ClickhouseReader{
+		conn:             telemetryStore.ClickhouseDB(),
+		appdb:            sqlDB,
+		ClickHouseReader: chReader,
+	}
+}
+
+func (r *ClickhouseReader) GetSQLStore() sqlstore.SQLStore {
+	return r.appdb
+}

ee/query-service/app/server.go

@@ -6,17 +6,21 @@ import (
 	"net"
 	"net/http"
 	_ "net/http/pprof" // http profiler
+	"time"
 
 	"github.com/gorilla/handlers"
+	"github.com/jmoiron/sqlx"
 
+	eemiddleware "github.com/SigNoz/signoz/ee/http/middleware"
 	"github.com/SigNoz/signoz/ee/query-service/app/api"
+	"github.com/SigNoz/signoz/ee/query-service/app/db"
+	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/dao/sqlite"
 	"github.com/SigNoz/signoz/ee/query-service/integrations/gateway"
 	"github.com/SigNoz/signoz/ee/query-service/rules"
-	"github.com/SigNoz/signoz/ee/query-service/usage"
 	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/cache"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
@@ -26,9 +30,11 @@ import (
 	"github.com/rs/cors"
 	"github.com/soheilhy/cmux"
 
+	licensepkg "github.com/SigNoz/signoz/ee/query-service/license"
+	"github.com/SigNoz/signoz/ee/query-service/usage"
+
 	"github.com/SigNoz/signoz/pkg/query-service/agentConf"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
-	"github.com/SigNoz/signoz/pkg/query-service/app/clickhouseReader"
 	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
@@ -38,6 +44,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/query-service/healthcheck"
 	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
 	baserules "github.com/SigNoz/signoz/pkg/query-service/rules"
+	"github.com/SigNoz/signoz/pkg/query-service/telemetry"
 	"github.com/SigNoz/signoz/pkg/query-service/utils"
 	"go.uber.org/zap"
 )
@@ -55,55 +62,68 @@ type ServerOptions struct {
 	Jwt                        *authtypes.JWT
 }
 
-// Server runs HTTP, Mux and a grpc server
+// Server runs HTTP api service
 type Server struct {
-	config      signoz.Config
-	signoz      *signoz.SigNoz
-	jwt         *authtypes.JWT
-	ruleManager *baserules.Manager
+	serverOptions *ServerOptions
+	ruleManager   *baserules.Manager
 
 	// public http router
-	httpConn     net.Listener
-	httpServer   *http.Server
-	httpHostPort string
+	httpConn   net.Listener
+	httpServer *http.Server
 
 	// private http
-	privateConn     net.Listener
-	privateHTTP     *http.Server
-	privateHostPort string
-
-	opampServer *opamp.Server
+	privateConn net.Listener
+	privateHTTP *http.Server
 
 	// Usage manager
 	usageManager *usage.Manager
 
+	opampServer *opamp.Server
+
 	unavailableChannel chan healthcheck.Status
 }
 
+// HealthCheckStatus returns health check status channel a client can subscribe to
+func (s Server) HealthCheckStatus() chan healthcheck.Status {
+	return s.unavailableChannel
+}
+
 // NewServer creates and initializes Server
-func NewServer(config signoz.Config, signoz *signoz.SigNoz, jwt *authtypes.JWT) (*Server, error) {
-	gatewayProxy, err := gateway.NewProxy(config.Gateway.URL.String(), gateway.RoutePrefix)
+func NewServer(serverOptions *ServerOptions) (*Server, error) {
+	modelDao := sqlite.NewModelDao(serverOptions.SigNoz.SQLStore)
+	gatewayProxy, err := gateway.NewProxy(serverOptions.GatewayUrl, gateway.RoutePrefix)
 	if err != nil {
 		return nil, err
 	}
 
-	reader := clickhouseReader.NewReader(
-		signoz.SQLStore,
-		signoz.TelemetryStore,
-		signoz.Prometheus,
-		signoz.TelemetryStore.Cluster(),
-		config.Querier.FluxInterval,
-		signoz.Cache,
+	// initiate license manager
+	lm, err := licensepkg.StartManager(serverOptions.SigNoz.SQLStore.SQLxDB(), serverOptions.SigNoz.SQLStore, serverOptions.SigNoz.Zeus)
+	if err != nil {
+		return nil, err
+	}
+
+	fluxIntervalForTraceDetail, err := time.ParseDuration(serverOptions.FluxIntervalForTraceDetail)
+	if err != nil {
+		return nil, err
+	}
+
+	reader := db.NewDataConnector(
+		serverOptions.SigNoz.SQLStore,
+		serverOptions.SigNoz.TelemetryStore,
+		serverOptions.SigNoz.Prometheus,
+		serverOptions.Cluster,
+		fluxIntervalForTraceDetail,
+		serverOptions.SigNoz.Cache,
 	)
 
 	rm, err := makeRulesManager(
+		serverOptions.SigNoz.SQLStore.SQLxDB(),
 		reader,
-		signoz.Cache,
-		signoz.Alertmanager,
-		signoz.SQLStore,
-		signoz.TelemetryStore,
-		signoz.Prometheus,
-		signoz.Modules.OrgGetter,
+		serverOptions.SigNoz.Cache,
+		serverOptions.SigNoz.Alertmanager,
+		serverOptions.SigNoz.SQLStore,
+		serverOptions.SigNoz.TelemetryStore,
+		serverOptions.SigNoz.Prometheus,
 	)
 
 	if err != nil {
@@ -111,16 +131,19 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz, jwt *authtypes.JWT)
 	}
 
 	// initiate opamp
-	opAmpModel.Init(signoz.SQLStore, signoz.Instrumentation.Logger(), signoz.Modules.OrgGetter)
+	_, err = opAmpModel.InitDB(serverOptions.SigNoz.SQLStore.SQLxDB())
+	if err != nil {
+		return nil, err
+	}
 
-	integrationsController, err := integrations.NewController(signoz.SQLStore)
+	integrationsController, err := integrations.NewController(serverOptions.SigNoz.SQLStore)
 	if err != nil {
 		return nil, fmt.Errorf(
 			"couldn't create integrations controller: %w", err,
 		)
 	}
 
-	cloudIntegrationsController, err := cloudintegrations.NewController(signoz.SQLStore)
+	cloudIntegrationsController, err := cloudintegrations.NewController(serverOptions.SigNoz.SQLStore)
 	if err != nil {
 		return nil, fmt.Errorf(
 			"couldn't create cloud provider integrations controller: %w", err,
@@ -129,8 +152,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz, jwt *authtypes.JWT)
 
 	// ingestion pipelines manager
 	logParsingPipelineController, err := logparsingpipeline.NewLogParsingPipelinesController(
-		signoz.SQLStore,
-		integrationsController.GetPipelinesForInstalledIntegrations,
+		serverOptions.SigNoz.SQLStore, integrationsController.GetPipelinesForInstalledIntegrations,
 	)
 	if err != nil {
 		return nil, err
@@ -138,7 +160,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz, jwt *authtypes.JWT)
 
 	// initiate agent config handler
 	agentConfMgr, err := agentConf.Initiate(&agentConf.ManagerOptions{
-		Store:         signoz.SQLStore,
+		DB:            serverOptions.SigNoz.SQLStore.SQLxDB(),
 		AgentFeatures: []agentConf.AgentFeature{logParsingPipelineController},
 	})
 	if err != nil {
@@ -146,45 +168,59 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz, jwt *authtypes.JWT)
 	}
 
 	// start the usagemanager
-	usageManager, err := usage.New(signoz.Licensing, signoz.TelemetryStore.ClickhouseDB(), signoz.Zeus, signoz.Modules.OrgGetter)
+	usageManager, err := usage.New(modelDao, lm.GetRepo(), serverOptions.SigNoz.TelemetryStore.ClickhouseDB(), serverOptions.SigNoz.Zeus)
 	if err != nil {
 		return nil, err
 	}
-	err = usageManager.Start(context.Background())
+	err = usageManager.Start()
+	if err != nil {
+		return nil, err
+	}
+
+	telemetry.GetInstance().SetReader(reader)
+	telemetry.GetInstance().SetSqlStore(serverOptions.SigNoz.SQLStore)
+	telemetry.GetInstance().SetSaasOperator(constants.SaasSegmentKey)
+	telemetry.GetInstance().SetSavedViewsInfoCallback(telemetry.GetSavedViewsInfo)
+	telemetry.GetInstance().SetAlertsInfoCallback(telemetry.GetAlertsInfo)
+	telemetry.GetInstance().SetGetUsersCallback(telemetry.GetUsers)
+	telemetry.GetInstance().SetUserCountCallback(telemetry.GetUserCount)
+	telemetry.GetInstance().SetDashboardsInfoCallback(telemetry.GetDashboardsInfo)
+
+	fluxInterval, err := time.ParseDuration(serverOptions.FluxInterval)
 	if err != nil {
 		return nil, err
 	}
 
 	apiOpts := api.APIHandlerOptions{
 		DataConnector:                 reader,
+		PreferSpanMetrics:             serverOptions.PreferSpanMetrics,
+		AppDao:                        modelDao,
 		RulesManager:                  rm,
 		UsageManager:                  usageManager,
+		FeatureFlags:                  lm,
+		LicenseManager:                lm,
 		IntegrationsController:        integrationsController,
 		CloudIntegrationsController:   cloudIntegrationsController,
 		LogsParsingPipelineController: logParsingPipelineController,
-		FluxInterval:                  config.Querier.FluxInterval,
+		FluxInterval:                  fluxInterval,
 		Gateway:                       gatewayProxy,
-		GatewayUrl:                    config.Gateway.URL.String(),
-		JWT:                           jwt,
+		GatewayUrl:                    serverOptions.GatewayUrl,
+		JWT:                           serverOptions.Jwt,
 	}
 
-	apiHandler, err := api.NewAPIHandler(apiOpts, signoz)
+	apiHandler, err := api.NewAPIHandler(apiOpts, serverOptions.SigNoz)
 	if err != nil {
 		return nil, err
 	}
 
 	s := &Server{
-		config:             config,
-		signoz:             signoz,
-		jwt:                jwt,
 		ruleManager:        rm,
-		httpHostPort:       baseconst.HTTPHostPort,
-		privateHostPort:    baseconst.PrivateHostPort,
+		serverOptions:      serverOptions,
 		unavailableChannel: make(chan healthcheck.Status),
 		usageManager:       usageManager,
 	}
 
-	httpServer, err := s.createPublicServer(apiHandler, signoz.Web)
+	httpServer, err := s.createPublicServer(apiHandler, serverOptions.SigNoz.Web)
 
 	if err != nil {
 		return nil, err
@@ -200,28 +236,36 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz, jwt *authtypes.JWT)
 	s.privateHTTP = privateServer
 
 	s.opampServer = opamp.InitializeServer(
-		&opAmpModel.AllAgents, agentConfMgr, signoz.Instrumentation,
+		&opAmpModel.AllAgents, agentConfMgr,
 	)
 
+	orgs, err := apiHandler.Signoz.Modules.Organization.GetAll(context.Background())
+	if err != nil {
+		return nil, err
+	}
+	for _, org := range orgs {
+		errorList := reader.PreloadMetricsMetadata(context.Background(), org.ID)
+		for _, er := range errorList {
+			zap.L().Error("failed to preload metrics metadata", zap.Error(er))
+		}
+	}
+
 	return s, nil
 }
 
-// HealthCheckStatus returns health check status channel a client can subscribe to
-func (s Server) HealthCheckStatus() chan healthcheck.Status {
-	return s.unavailableChannel
-}
-
 func (s *Server) createPrivateServer(apiHandler *api.APIHandler) (*http.Server, error) {
+
 	r := baseapp.NewRouter()
 
-	r.Use(middleware.NewAuth(s.jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}, s.signoz.Sharder, s.signoz.Instrumentation.Logger()).Wrap)
-	r.Use(middleware.NewAPIKey(s.signoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.signoz.Instrumentation.Logger(), s.signoz.Sharder).Wrap)
-	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
-		s.config.APIServer.Timeout.ExcludedRoutes,
-		s.config.APIServer.Timeout.Default,
-		s.config.APIServer.Timeout.Max,
+	r.Use(middleware.NewAuth(zap.L(), s.serverOptions.Jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}).Wrap)
+	r.Use(eemiddleware.NewPat(s.serverOptions.SigNoz.SQLStore, []string{"SIGNOZ-API-KEY"}).Wrap)
+	r.Use(middleware.NewTimeout(zap.L(),
+		s.serverOptions.Config.APIServer.Timeout.ExcludedRoutes,
+		s.serverOptions.Config.APIServer.Timeout.Default,
+		s.serverOptions.Config.APIServer.Timeout.Max,
 	).Wrap)
-	r.Use(middleware.NewLogging(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes).Wrap)
+	r.Use(middleware.NewAnalytics(zap.L()).Wrap)
+	r.Use(middleware.NewLogging(zap.L(), s.serverOptions.Config.APIServer.Logging.ExcludedRoutes).Wrap)
 
 	apiHandler.RegisterPrivateRoutes(r)
 
@@ -243,16 +287,17 @@ func (s *Server) createPrivateServer(apiHandler *api.APIHandler) (*http.Server,
 
 func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*http.Server, error) {
 	r := baseapp.NewRouter()
-	am := middleware.NewAuthZ(s.signoz.Instrumentation.Logger())
+	am := middleware.NewAuthZ(s.serverOptions.SigNoz.Instrumentation.Logger())
 
-	r.Use(middleware.NewAuth(s.jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}, s.signoz.Sharder, s.signoz.Instrumentation.Logger()).Wrap)
-	r.Use(middleware.NewAPIKey(s.signoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.signoz.Instrumentation.Logger(), s.signoz.Sharder).Wrap)
-	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
-		s.config.APIServer.Timeout.ExcludedRoutes,
-		s.config.APIServer.Timeout.Default,
-		s.config.APIServer.Timeout.Max,
+	r.Use(middleware.NewAuth(zap.L(), s.serverOptions.Jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}).Wrap)
+	r.Use(eemiddleware.NewPat(s.serverOptions.SigNoz.SQLStore, []string{"SIGNOZ-API-KEY"}).Wrap)
+	r.Use(middleware.NewTimeout(zap.L(),
+		s.serverOptions.Config.APIServer.Timeout.ExcludedRoutes,
+		s.serverOptions.Config.APIServer.Timeout.Default,
+		s.serverOptions.Config.APIServer.Timeout.Max,
 	).Wrap)
-	r.Use(middleware.NewLogging(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes).Wrap)
+	r.Use(middleware.NewAnalytics(zap.L()).Wrap)
+	r.Use(middleware.NewLogging(zap.L(), s.serverOptions.Config.APIServer.Logging.ExcludedRoutes).Wrap)
 
 	apiHandler.RegisterRoutes(r, am)
 	apiHandler.RegisterLogsRoutes(r, am)
@@ -262,12 +307,10 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 	apiHandler.RegisterQueryRangeV3Routes(r, am)
 	apiHandler.RegisterInfraMetricsRoutes(r, am)
 	apiHandler.RegisterQueryRangeV4Routes(r, am)
-	apiHandler.RegisterQueryRangeV5Routes(r, am)
 	apiHandler.RegisterWebSocketPaths(r, am)
 	apiHandler.RegisterMessagingQueuesRoutes(r, am)
 	apiHandler.RegisterThirdPartyApiRoutes(r, am)
 	apiHandler.MetricExplorerRoutes(r, am)
-	apiHandler.RegisterTraceFunnelsRoutes(r, am)
 
 	c := cors.New(cors.Options{
 		AllowedOrigins: []string{"*"},
@@ -293,7 +336,7 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 func (s *Server) initListeners() error {
 	// listen on public port
 	var err error
-	publicHostPort := s.httpHostPort
+	publicHostPort := s.serverOptions.HTTPHostPort
 	if publicHostPort == "" {
 		return fmt.Errorf("baseconst.HTTPHostPort is required")
 	}
@@ -303,10 +346,10 @@ func (s *Server) initListeners() error {
 		return err
 	}
 
-	zap.L().Info(fmt.Sprintf("Query server started listening on %s...", s.httpHostPort))
+	zap.L().Info(fmt.Sprintf("Query server started listening on %s...", s.serverOptions.HTTPHostPort))
 
 	// listen on private port to support internal services
-	privateHostPort := s.privateHostPort
+	privateHostPort := s.serverOptions.PrivateHostPort
 
 	if privateHostPort == "" {
 		return fmt.Errorf("baseconst.PrivateHostPort is required")
@@ -316,7 +359,7 @@ func (s *Server) initListeners() error {
 	if err != nil {
 		return err
 	}
-	zap.L().Info(fmt.Sprintf("Query server started listening on private port %s...", s.privateHostPort))
+	zap.L().Info(fmt.Sprintf("Query server started listening on private port %s...", s.serverOptions.PrivateHostPort))
 
 	return nil
 }
@@ -336,7 +379,7 @@ func (s *Server) Start(ctx context.Context) error {
 	}
 
 	go func() {
-		zap.L().Info("Starting HTTP server", zap.Int("port", httpPort), zap.String("addr", s.httpHostPort))
+		zap.L().Info("Starting HTTP server", zap.Int("port", httpPort), zap.String("addr", s.serverOptions.HTTPHostPort))
 
 		switch err := s.httpServer.Serve(s.httpConn); err {
 		case nil, http.ErrServerClosed, cmux.ErrListenerClosed:
@@ -362,7 +405,7 @@ func (s *Server) Start(ctx context.Context) error {
 	}
 
 	go func() {
-		zap.L().Info("Starting Private HTTP server", zap.Int("port", privatePort), zap.String("addr", s.privateHostPort))
+		zap.L().Info("Starting Private HTTP server", zap.Int("port", privatePort), zap.String("addr", s.serverOptions.PrivateHostPort))
 
 		switch err := s.privateHTTP.Serve(s.privateConn); err {
 		case nil, http.ErrServerClosed, cmux.ErrListenerClosed:
@@ -388,15 +431,15 @@ func (s *Server) Start(ctx context.Context) error {
 	return nil
 }
 
-func (s *Server) Stop(ctx context.Context) error {
+func (s *Server) Stop() error {
 	if s.httpServer != nil {
-		if err := s.httpServer.Shutdown(ctx); err != nil {
+		if err := s.httpServer.Shutdown(context.Background()); err != nil {
 			return err
 		}
 	}
 
 	if s.privateHTTP != nil {
-		if err := s.privateHTTP.Shutdown(ctx); err != nil {
+		if err := s.privateHTTP.Shutdown(context.Background()); err != nil {
 			return err
 		}
 	}
@@ -404,28 +447,29 @@ func (s *Server) Stop(ctx context.Context) error {
 	s.opampServer.Stop()
 
 	if s.ruleManager != nil {
-		s.ruleManager.Stop(ctx)
+		s.ruleManager.Stop(context.Background())
 	}
 
 	// stop usage manager
-	s.usageManager.Stop(ctx)
+	s.usageManager.Stop()
 
 	return nil
 }
 
 func makeRulesManager(
+	db *sqlx.DB,
 	ch baseint.Reader,
 	cache cache.Cache,
 	alertmanager alertmanager.Alertmanager,
 	sqlstore sqlstore.SQLStore,
 	telemetryStore telemetrystore.TelemetryStore,
 	prometheus prometheus.Prometheus,
-	orgGetter organization.Getter,
 ) (*baserules.Manager, error) {
 	// create manager opts
 	managerOpts := &baserules.ManagerOptions{
 		TelemetryStore:      telemetryStore,
 		Prometheus:          prometheus,
+		DBConn:              db,
 		Context:             context.Background(),
 		Logger:              zap.L(),
 		Reader:              ch,
@@ -435,7 +479,6 @@ func makeRulesManager(
 		PrepareTestRuleFunc: rules.TestNotification,
 		Alertmanager:        alertmanager,
 		SQLStore:            sqlstore,
-		OrgGetter:           orgGetter,
 	}
 
 	// create Manager

ee/query-service/constants/constants.go

@@ -33,18 +33,3 @@ func GetOrDefaultEnv(key string, fallback string) string {
 func GetDefaultSiteURL() string {
 	return GetOrDefaultEnv("SIGNOZ_SITE_URL", DefaultSiteURL)
 }
-
-const DotMetricsEnabled = "DOT_METRICS_ENABLED"
-
-var IsDotMetricsEnabled = false
-var IsPreferSpanMetrics = false
-
-func init() {
-	if GetOrDefaultEnv(DotMetricsEnabled, "false") == "true" {
-		IsDotMetricsEnabled = true
-	}
-
-	if GetOrDefaultEnv("USE_SPAN_METRICS", "false") == "true" {
-		IsPreferSpanMetrics = true
-	}
-}

ee/query-service/dao/interface.go

@@ -0,0 +1,32 @@
+package dao
+
+import (
+	"context"
+	"net/url"
+
+	eeTypes "github.com/SigNoz/signoz/ee/types"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/google/uuid"
+)
+
+type ModelDao interface {
+	// auth methods
+	GetDomainFromSsoResponse(ctx context.Context, relayState *url.URL) (*types.GettableOrgDomain, error)
+
+	// org domain (auth domains) CRUD ops
+	ListDomains(ctx context.Context, orgId string) ([]types.GettableOrgDomain, basemodel.BaseApiError)
+	GetDomain(ctx context.Context, id uuid.UUID) (*types.GettableOrgDomain, basemodel.BaseApiError)
+	CreateDomain(ctx context.Context, d *types.GettableOrgDomain) basemodel.BaseApiError
+	UpdateDomain(ctx context.Context, domain *types.GettableOrgDomain) basemodel.BaseApiError
+	DeleteDomain(ctx context.Context, id uuid.UUID) basemodel.BaseApiError
+	GetDomainByEmail(ctx context.Context, email string) (*types.GettableOrgDomain, basemodel.BaseApiError)
+
+	CreatePAT(ctx context.Context, orgID string, p eeTypes.GettablePAT) (eeTypes.GettablePAT, basemodel.BaseApiError)
+	UpdatePAT(ctx context.Context, orgID string, p eeTypes.GettablePAT, id valuer.UUID) basemodel.BaseApiError
+	GetPAT(ctx context.Context, pat string) (*eeTypes.GettablePAT, basemodel.BaseApiError)
+	GetPATByID(ctx context.Context, orgID string, id valuer.UUID) (*eeTypes.GettablePAT, basemodel.BaseApiError)
+	ListPATs(ctx context.Context, orgID string) ([]eeTypes.GettablePAT, basemodel.BaseApiError)
+	RevokePAT(ctx context.Context, orgID string, id valuer.UUID, userID string) basemodel.BaseApiError
+}

ee/query-service/dao/sqlite/domain.go

@@ -0,0 +1,272 @@
+package sqlite
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
+	ossTypes "github.com/SigNoz/signoz/pkg/types"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+)
+
+// GetDomainFromSsoResponse uses relay state received from IdP to fetch
+// user domain. The domain is further used to process validity of the response.
+// when sending login request to IdP we send relay state as URL (site url)
+// with domainId or domainName as query parameter.
+func (m *modelDao) GetDomainFromSsoResponse(ctx context.Context, relayState *url.URL) (*types.GettableOrgDomain, error) {
+	// derive domain id from relay state now
+	var domainIdStr string
+	var domainNameStr string
+	var domain *types.GettableOrgDomain
+
+	for k, v := range relayState.Query() {
+		if k == "domainId" && len(v) > 0 {
+			domainIdStr = strings.Replace(v[0], ":", "-", -1)
+		}
+		if k == "domainName" && len(v) > 0 {
+			domainNameStr = v[0]
+		}
+	}
+
+	if domainIdStr != "" {
+		domainId, err := uuid.Parse(domainIdStr)
+		if err != nil {
+			zap.L().Error("failed to parse domainId from relay state", zap.Error(err))
+			return nil, fmt.Errorf("failed to parse domainId from IdP response")
+		}
+
+		domain, err = m.GetDomain(ctx, domainId)
+		if err != nil {
+			zap.L().Error("failed to find domain from domainId received in IdP response", zap.Error(err))
+			return nil, fmt.Errorf("invalid credentials")
+		}
+	}
+
+	if domainNameStr != "" {
+
+		domainFromDB, err := m.GetDomainByName(ctx, domainNameStr)
+		domain = domainFromDB
+		if err != nil {
+			zap.L().Error("failed to find domain from domainName received in IdP response", zap.Error(err))
+			return nil, fmt.Errorf("invalid credentials")
+		}
+	}
+	if domain != nil {
+		return domain, nil
+	}
+
+	return nil, fmt.Errorf("failed to find domain received in IdP response")
+}
+
+// GetDomainByName returns org domain for a given domain name
+func (m *modelDao) GetDomainByName(ctx context.Context, name string) (*types.GettableOrgDomain, basemodel.BaseApiError) {
+
+	stored := types.StorableOrgDomain{}
+	err := m.sqlStore.BunDB().NewSelect().
+		Model(&stored).
+		Where("name = ?", name).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, model.BadRequest(fmt.Errorf("invalid domain name"))
+		}
+		return nil, model.InternalError(err)
+	}
+
+	domain := &types.GettableOrgDomain{StorableOrgDomain: stored}
+	if err := domain.LoadConfig(stored.Data); err != nil {
+		return nil, model.InternalError(err)
+	}
+	return domain, nil
+}
+
+// GetDomain returns org domain for a given domain id
+func (m *modelDao) GetDomain(ctx context.Context, id uuid.UUID) (*types.GettableOrgDomain, basemodel.BaseApiError) {
+
+	stored := types.StorableOrgDomain{}
+	err := m.sqlStore.BunDB().NewSelect().
+		Model(&stored).
+		Where("id = ?", id).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, model.BadRequest(fmt.Errorf("invalid domain id"))
+		}
+		return nil, model.InternalError(err)
+	}
+
+	domain := &types.GettableOrgDomain{StorableOrgDomain: stored}
+	if err := domain.LoadConfig(stored.Data); err != nil {
+		return nil, model.InternalError(err)
+	}
+	return domain, nil
+}
+
+// ListDomains gets the list of auth domains by org id
+func (m *modelDao) ListDomains(ctx context.Context, orgId string) ([]types.GettableOrgDomain, basemodel.BaseApiError) {
+	domains := []types.GettableOrgDomain{}
+
+	stored := []types.StorableOrgDomain{}
+	err := m.sqlStore.BunDB().NewSelect().
+		Model(&stored).
+		Where("org_id = ?", orgId).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return domains, nil
+		}
+		return nil, model.InternalError(err)
+	}
+
+	for _, s := range stored {
+		domain := types.GettableOrgDomain{StorableOrgDomain: s}
+		if err := domain.LoadConfig(s.Data); err != nil {
+			zap.L().Error("ListDomains() failed", zap.Error(err))
+		}
+		domains = append(domains, domain)
+	}
+
+	return domains, nil
+}
+
+// CreateDomain creates  a new auth domain
+func (m *modelDao) CreateDomain(ctx context.Context, domain *types.GettableOrgDomain) basemodel.BaseApiError {
+
+	if domain.ID == uuid.Nil {
+		domain.ID = uuid.New()
+	}
+
+	if domain.OrgID == "" || domain.Name == "" {
+		return model.BadRequest(fmt.Errorf("domain creation failed, missing fields: OrgID, Name "))
+	}
+
+	configJson, err := json.Marshal(domain)
+	if err != nil {
+		zap.L().Error("failed to unmarshal domain config", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain creation failed"))
+	}
+
+	storableDomain := types.StorableOrgDomain{
+		ID:            domain.ID,
+		Name:          domain.Name,
+		OrgID:         domain.OrgID,
+		Data:          string(configJson),
+		TimeAuditable: ossTypes.TimeAuditable{CreatedAt: time.Now(), UpdatedAt: time.Now()},
+	}
+
+	_, err = m.sqlStore.BunDB().NewInsert().
+		Model(&storableDomain).
+		Exec(ctx)
+
+	if err != nil {
+		zap.L().Error("failed to insert domain in db", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain creation failed"))
+	}
+
+	return nil
+}
+
+// UpdateDomain updates stored config params for a domain
+func (m *modelDao) UpdateDomain(ctx context.Context, domain *types.GettableOrgDomain) basemodel.BaseApiError {
+
+	if domain.ID == uuid.Nil {
+		zap.L().Error("domain update failed", zap.Error(fmt.Errorf("OrgDomain.Id is null")))
+		return model.InternalError(fmt.Errorf("domain update failed"))
+	}
+
+	configJson, err := json.Marshal(domain)
+	if err != nil {
+		zap.L().Error("domain update failed", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain update failed"))
+	}
+
+	storableDomain := &types.StorableOrgDomain{
+		ID:            domain.ID,
+		Name:          domain.Name,
+		OrgID:         domain.OrgID,
+		Data:          string(configJson),
+		TimeAuditable: ossTypes.TimeAuditable{UpdatedAt: time.Now()},
+	}
+
+	_, err = m.sqlStore.BunDB().NewUpdate().
+		Model(storableDomain).
+		Column("data", "updated_at").
+		WherePK().
+		Exec(ctx)
+
+	if err != nil {
+		zap.L().Error("domain update failed", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain update failed"))
+	}
+
+	return nil
+}
+
+// DeleteDomain deletes an org domain
+func (m *modelDao) DeleteDomain(ctx context.Context, id uuid.UUID) basemodel.BaseApiError {
+
+	if id == uuid.Nil {
+		zap.L().Error("domain delete failed", zap.Error(fmt.Errorf("OrgDomain.Id is null")))
+		return model.InternalError(fmt.Errorf("domain delete failed"))
+	}
+
+	storableDomain := &types.StorableOrgDomain{ID: id}
+	_, err := m.sqlStore.BunDB().NewDelete().
+		Model(storableDomain).
+		WherePK().
+		Exec(ctx)
+
+	if err != nil {
+		zap.L().Error("domain delete failed", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain delete failed"))
+	}
+
+	return nil
+}
+
+func (m *modelDao) GetDomainByEmail(ctx context.Context, email string) (*types.GettableOrgDomain, basemodel.BaseApiError) {
+
+	if email == "" {
+		return nil, model.BadRequest(fmt.Errorf("could not find auth domain, missing fields: email "))
+	}
+
+	components := strings.Split(email, "@")
+	if len(components) < 2 {
+		return nil, model.BadRequest(fmt.Errorf("invalid email address"))
+	}
+
+	parsedDomain := components[1]
+
+	stored := types.StorableOrgDomain{}
+	err := m.sqlStore.BunDB().NewSelect().
+		Model(&stored).
+		Where("name = ?", parsedDomain).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, nil
+		}
+		return nil, model.InternalError(err)
+	}
+
+	domain := &types.GettableOrgDomain{StorableOrgDomain: stored}
+	if err := domain.LoadConfig(stored.Data); err != nil {
+		return nil, model.InternalError(err)
+	}
+	return domain, nil
+}

ee/query-service/dao/sqlite/modelDao.go

@@ -0,0 +1,18 @@
+package sqlite
+
+import (
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+)
+
+type modelDao struct {
+	userModule user.Module
+	sqlStore   sqlstore.SQLStore
+}
+
+// InitDB creates and extends base model DB repository
+func NewModelDao(sqlStore sqlstore.SQLStore) *modelDao {
+	userModule := impluser.NewModule(impluser.NewStore(sqlStore))
+	return &modelDao{userModule: userModule, sqlStore: sqlStore}
+}

ee/query-service/dao/sqlite/pat.go

@@ -0,0 +1,201 @@
+package sqlite
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/ee/types"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	ossTypes "github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+
+	"go.uber.org/zap"
+)
+
+func (m *modelDao) CreatePAT(ctx context.Context, orgID string, p types.GettablePAT) (types.GettablePAT, basemodel.BaseApiError) {
+	p.StorablePersonalAccessToken.OrgID = orgID
+	p.StorablePersonalAccessToken.ID = valuer.GenerateUUID()
+	_, err := m.sqlStore.BunDB().NewInsert().
+		Model(&p.StorablePersonalAccessToken).
+		Exec(ctx)
+	if err != nil {
+		zap.L().Error("Failed to insert PAT in db, err: %v", zap.Error(err))
+		return types.GettablePAT{}, model.InternalError(fmt.Errorf("PAT insertion failed"))
+	}
+
+	createdByUser, _ := m.userModule.GetUserByID(ctx, orgID, p.UserID)
+	if createdByUser == nil {
+		p.CreatedByUser = types.PatUser{
+			NotFound: true,
+		}
+	} else {
+		p.CreatedByUser = types.PatUser{
+			User: ossTypes.User{
+				Identifiable: ossTypes.Identifiable{
+					ID: createdByUser.ID,
+				},
+				DisplayName: createdByUser.DisplayName,
+				Email:       createdByUser.Email,
+				TimeAuditable: ossTypes.TimeAuditable{
+					CreatedAt: createdByUser.CreatedAt,
+					UpdatedAt: createdByUser.UpdatedAt,
+				},
+			},
+			NotFound: false,
+		}
+	}
+	return p, nil
+}
+
+func (m *modelDao) UpdatePAT(ctx context.Context, orgID string, p types.GettablePAT, id valuer.UUID) basemodel.BaseApiError {
+	_, err := m.sqlStore.BunDB().NewUpdate().
+		Model(&p.StorablePersonalAccessToken).
+		Column("role", "name", "updated_at", "updated_by_user_id").
+		Where("id = ?", id.StringValue()).
+		Where("org_id = ?", orgID).
+		Where("revoked = false").
+		Exec(ctx)
+	if err != nil {
+		zap.L().Error("Failed to update PAT in db, err: %v", zap.Error(err))
+		return model.InternalError(fmt.Errorf("PAT update failed"))
+	}
+	return nil
+}
+
+func (m *modelDao) ListPATs(ctx context.Context, orgID string) ([]types.GettablePAT, basemodel.BaseApiError) {
+	pats := []types.StorablePersonalAccessToken{}
+
+	if err := m.sqlStore.BunDB().NewSelect().
+		Model(&pats).
+		Where("revoked = false").
+		Where("org_id = ?", orgID).
+		Order("updated_at DESC").
+		Scan(ctx); err != nil {
+		zap.L().Error("Failed to fetch PATs err: %v", zap.Error(err))
+		return nil, model.InternalError(fmt.Errorf("failed to fetch PATs"))
+	}
+
+	patsWithUsers := []types.GettablePAT{}
+	for i := range pats {
+		patWithUser := types.GettablePAT{
+			StorablePersonalAccessToken: pats[i],
+		}
+
+		createdByUser, _ := m.userModule.GetUserByID(ctx, orgID, pats[i].UserID)
+		if createdByUser == nil {
+			patWithUser.CreatedByUser = types.PatUser{
+				NotFound: true,
+			}
+		} else {
+			patWithUser.CreatedByUser = types.PatUser{
+				User: ossTypes.User{
+					Identifiable: ossTypes.Identifiable{
+						ID: createdByUser.ID,
+					},
+					DisplayName: createdByUser.DisplayName,
+					Email:       createdByUser.Email,
+					TimeAuditable: ossTypes.TimeAuditable{
+						CreatedAt: createdByUser.CreatedAt,
+						UpdatedAt: createdByUser.UpdatedAt,
+					},
+				},
+				NotFound: false,
+			}
+		}
+
+		updatedByUser, _ := m.userModule.GetUserByID(ctx, orgID, pats[i].UpdatedByUserID)
+		if updatedByUser == nil {
+			patWithUser.UpdatedByUser = types.PatUser{
+				NotFound: true,
+			}
+		} else {
+			patWithUser.UpdatedByUser = types.PatUser{
+				User: ossTypes.User{
+					Identifiable: ossTypes.Identifiable{
+						ID: updatedByUser.ID,
+					},
+					DisplayName: updatedByUser.DisplayName,
+					Email:       updatedByUser.Email,
+					TimeAuditable: ossTypes.TimeAuditable{
+						CreatedAt: updatedByUser.CreatedAt,
+						UpdatedAt: updatedByUser.UpdatedAt,
+					},
+				},
+				NotFound: false,
+			}
+		}
+
+		patsWithUsers = append(patsWithUsers, patWithUser)
+	}
+	return patsWithUsers, nil
+}
+
+func (m *modelDao) RevokePAT(ctx context.Context, orgID string, id valuer.UUID, userID string) basemodel.BaseApiError {
+	updatedAt := time.Now().Unix()
+	_, err := m.sqlStore.BunDB().NewUpdate().
+		Model(&types.StorablePersonalAccessToken{}).
+		Set("revoked = ?", true).
+		Set("updated_by_user_id = ?", userID).
+		Set("updated_at = ?", updatedAt).
+		Where("id = ?", id.StringValue()).
+		Where("org_id = ?", orgID).
+		Exec(ctx)
+	if err != nil {
+		zap.L().Error("Failed to revoke PAT in db, err: %v", zap.Error(err))
+		return model.InternalError(fmt.Errorf("PAT revoke failed"))
+	}
+	return nil
+}
+
+func (m *modelDao) GetPAT(ctx context.Context, token string) (*types.GettablePAT, basemodel.BaseApiError) {
+	pats := []types.StorablePersonalAccessToken{}
+
+	if err := m.sqlStore.BunDB().NewSelect().
+		Model(&pats).
+		Where("token = ?", token).
+		Where("revoked = false").
+		Scan(ctx); err != nil {
+		return nil, model.InternalError(fmt.Errorf("failed to fetch PAT"))
+	}
+
+	if len(pats) != 1 {
+		return nil, &model.ApiError{
+			Typ: model.ErrorInternal,
+			Err: fmt.Errorf("found zero or multiple PATs with same token, %s", token),
+		}
+	}
+
+	patWithUser := types.GettablePAT{
+		StorablePersonalAccessToken: pats[0],
+	}
+
+	return &patWithUser, nil
+}
+
+func (m *modelDao) GetPATByID(ctx context.Context, orgID string, id valuer.UUID) (*types.GettablePAT, basemodel.BaseApiError) {
+	pats := []types.StorablePersonalAccessToken{}
+
+	if err := m.sqlStore.BunDB().NewSelect().
+		Model(&pats).
+		Where("id = ?", id.StringValue()).
+		Where("org_id = ?", orgID).
+		Where("revoked = false").
+		Scan(ctx); err != nil {
+		return nil, model.InternalError(fmt.Errorf("failed to fetch PAT"))
+	}
+
+	if len(pats) != 1 {
+		return nil, &model.ApiError{
+			Typ: model.ErrorInternal,
+			Err: fmt.Errorf("found zero or multiple PATs with same token"),
+		}
+	}
+
+	patWithUser := types.GettablePAT{
+		StorablePersonalAccessToken: pats[0],
+	}
+
+	return &patWithUser, nil
+}

ee/query-service/integrations/signozio/signozio.go

@@ -0,0 +1,67 @@
+package signozio
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/zeus"
+	"github.com/tidwall/gjson"
+)
+
+func ValidateLicenseV3(ctx context.Context, licenseKey string, zeus zeus.Zeus) (*model.LicenseV3, error) {
+	data, err := zeus.GetLicense(ctx, licenseKey)
+	if err != nil {
+		return nil, err
+	}
+
+	var m map[string]any
+	if err = json.Unmarshal(data, &m); err != nil {
+		return nil, err
+	}
+
+	license, err := model.NewLicenseV3(m)
+	if err != nil {
+		return nil, err
+	}
+
+	return license, nil
+}
+
+// SendUsage reports the usage of signoz to license server
+func SendUsage(ctx context.Context, usage model.UsagePayload, zeus zeus.Zeus) error {
+	body, err := json.Marshal(usage)
+	if err != nil {
+		return err
+	}
+
+	return zeus.PutMeters(ctx, usage.LicenseKey.String(), body)
+}
+
+func CheckoutSession(ctx context.Context, checkoutRequest *model.CheckoutRequest, licenseKey string, zeus zeus.Zeus) (string, error) {
+	body, err := json.Marshal(checkoutRequest)
+	if err != nil {
+		return "", err
+	}
+
+	response, err := zeus.GetCheckoutURL(ctx, licenseKey, body)
+	if err != nil {
+		return "", err
+	}
+
+	return gjson.GetBytes(response, "url").String(), nil
+}
+
+func PortalSession(ctx context.Context, portalRequest *model.PortalRequest, licenseKey string, zeus zeus.Zeus) (string, error) {
+	body, err := json.Marshal(portalRequest)
+	if err != nil {
+		return "", err
+	}
+
+	response, err := zeus.GetPortalURL(ctx, licenseKey, body)
+	if err != nil {
+		return "", err
+	}
+
+	return gjson.GetBytes(response, "url").String(), nil
+}

ee/query-service/interfaces/connector.go

@@ -0,0 +1,11 @@
+package interfaces
+
+import (
+	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
+)
+
+// Connector defines methods for interaction
+// with o11y data. for example - clickhouse
+type DataConnector interface {
+	baseint.Reader
+}

ee/query-service/license/db.go

@@ -0,0 +1,248 @@
+package license
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+	"github.com/mattn/go-sqlite3"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"go.uber.org/zap"
+)
+
+// Repo is license repo. stores license keys in a secured DB
+type Repo struct {
+	db    *sqlx.DB
+	store sqlstore.SQLStore
+}
+
+// NewLicenseRepo initiates a new license repo
+func NewLicenseRepo(db *sqlx.DB, store sqlstore.SQLStore) Repo {
+	return Repo{
+		db:    db,
+		store: store,
+	}
+}
+
+func (r *Repo) GetLicensesV3(ctx context.Context) ([]*model.LicenseV3, error) {
+	licensesData := []model.LicenseDB{}
+	licenseV3Data := []*model.LicenseV3{}
+
+	query := "SELECT id,key,data FROM licenses_v3"
+
+	err := r.db.Select(&licensesData, query)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get licenses from db: %v", err)
+	}
+
+	for _, l := range licensesData {
+		var licenseData map[string]interface{}
+		err := json.Unmarshal([]byte(l.Data), &licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal data into licenseData : %v", err)
+		}
+
+		license, err := model.NewLicenseV3WithIDAndKey(l.ID, l.Key, licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get licenses v3 schema : %v", err)
+		}
+		licenseV3Data = append(licenseV3Data, license)
+	}
+
+	return licenseV3Data, nil
+}
+
+// GetActiveLicense fetches the latest active license from DB.
+// If the license is not present, expect a nil license and a nil error in the output.
+func (r *Repo) GetActiveLicense(ctx context.Context) (*model.License, *basemodel.ApiError) {
+	activeLicenseV3, err := r.GetActiveLicenseV3(ctx)
+	if err != nil {
+		return nil, basemodel.InternalError(fmt.Errorf("failed to get active licenses from db: %v", err))
+	}
+
+	if activeLicenseV3 == nil {
+		return nil, nil
+	}
+	activeLicenseV2 := model.ConvertLicenseV3ToLicenseV2(activeLicenseV3)
+	return activeLicenseV2, nil
+}
+
+func (r *Repo) GetActiveLicenseV3(ctx context.Context) (*model.LicenseV3, error) {
+	var err error
+	licenses := []model.LicenseDB{}
+
+	query := "SELECT id,key,data FROM licenses_v3"
+
+	err = r.db.Select(&licenses, query)
+	if err != nil {
+		return nil, basemodel.InternalError(fmt.Errorf("failed to get active licenses from db: %v", err))
+	}
+
+	var active *model.LicenseV3
+	for _, l := range licenses {
+		var licenseData map[string]interface{}
+		err := json.Unmarshal([]byte(l.Data), &licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal data into licenseData : %v", err)
+		}
+
+		license, err := model.NewLicenseV3WithIDAndKey(l.ID, l.Key, licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get licenses v3 schema : %v", err)
+		}
+
+		if active == nil &&
+			(license.ValidFrom != 0) &&
+			(license.ValidUntil == -1 || license.ValidUntil > time.Now().Unix()) {
+			active = license
+		}
+		if active != nil &&
+			license.ValidFrom > active.ValidFrom &&
+			(license.ValidUntil == -1 || license.ValidUntil > time.Now().Unix()) {
+			active = license
+		}
+	}
+
+	return active, nil
+}
+
+// InsertLicenseV3 inserts a new license v3 in db
+func (r *Repo) InsertLicenseV3(ctx context.Context, l *model.LicenseV3) *model.ApiError {
+
+	query := `INSERT INTO licenses_v3 (id, key, data) VALUES ($1, $2, $3)`
+
+	// licsense is the entity of zeus so putting the entire license here without defining schema
+	licenseData, err := json.Marshal(l.Data)
+	if err != nil {
+		return &model.ApiError{Typ: basemodel.ErrorBadData, Err: err}
+	}
+
+	_, err = r.db.ExecContext(ctx,
+		query,
+		l.ID,
+		l.Key,
+		string(licenseData),
+	)
+
+	if err != nil {
+		if sqliteErr, ok := err.(sqlite3.Error); ok {
+			if sqliteErr.ExtendedCode == sqlite3.ErrConstraintUnique {
+				zap.L().Error("error in inserting license data: ", zap.Error(sqliteErr))
+				return &model.ApiError{Typ: model.ErrorConflict, Err: sqliteErr}
+			}
+		}
+		zap.L().Error("error in inserting license data: ", zap.Error(err))
+		return &model.ApiError{Typ: basemodel.ErrorExec, Err: err}
+	}
+
+	return nil
+}
+
+// UpdateLicenseV3 updates a new license v3 in db
+func (r *Repo) UpdateLicenseV3(ctx context.Context, l *model.LicenseV3) error {
+
+	// the key and id for the license can't change so only update the data here!
+	query := `UPDATE licenses_v3 SET data=$1 WHERE id=$2;`
+
+	license, err := json.Marshal(l.Data)
+	if err != nil {
+		return fmt.Errorf("insert license failed: license marshal error")
+	}
+	_, err = r.db.ExecContext(ctx,
+		query,
+		license,
+		l.ID,
+	)
+
+	if err != nil {
+		zap.L().Error("error in updating license data: ", zap.Error(err))
+		return fmt.Errorf("failed to update license in db: %v", err)
+	}
+
+	return nil
+}
+
+func (r *Repo) CreateFeature(req *types.FeatureStatus) *basemodel.ApiError {
+
+	_, err := r.store.BunDB().NewInsert().
+		Model(req).
+		Exec(context.Background())
+	if err != nil {
+		return &basemodel.ApiError{Typ: basemodel.ErrorInternal, Err: err}
+	}
+	return nil
+}
+
+func (r *Repo) GetFeature(featureName string) (types.FeatureStatus, error) {
+	var feature types.FeatureStatus
+
+	err := r.store.BunDB().NewSelect().
+		Model(&feature).
+		Where("name = ?", featureName).
+		Scan(context.Background())
+
+	if err != nil {
+		return feature, err
+	}
+	if feature.Name == "" {
+		return feature, basemodel.ErrFeatureUnavailable{Key: featureName}
+	}
+	return feature, nil
+}
+
+func (r *Repo) GetAllFeatures() ([]basemodel.Feature, error) {
+
+	var feature []basemodel.Feature
+
+	err := r.db.Select(&feature,
+		`SELECT * FROM feature_status;`)
+	if err != nil {
+		return feature, err
+	}
+
+	return feature, nil
+}
+
+func (r *Repo) UpdateFeature(req types.FeatureStatus) error {
+
+	_, err := r.store.BunDB().NewUpdate().
+		Model(&req).
+		Where("name = ?", req.Name).
+		Exec(context.Background())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (r *Repo) InitFeatures(req []types.FeatureStatus) error {
+	// get a feature by name, if it doesn't exist, create it. If it does exist, update it.
+	for _, feature := range req {
+		currentFeature, err := r.GetFeature(feature.Name)
+		if err != nil && err == sql.ErrNoRows {
+			err := r.CreateFeature(&feature)
+			if err != nil {
+				return err
+			}
+			continue
+		} else if err != nil {
+			return err
+		}
+		feature.Usage = int(currentFeature.Usage)
+		if feature.Usage >= feature.UsageLimit && feature.UsageLimit != -1 {
+			feature.Active = false
+		}
+		err = r.UpdateFeature(feature)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

ee/query-service/license/manager.go

@@ -0,0 +1,318 @@
+package license
+
+import (
+	"context"
+	"sync/atomic"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+
+	"sync"
+
+	baseconstants "github.com/SigNoz/signoz/pkg/query-service/constants"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/zeus"
+
+	validate "github.com/SigNoz/signoz/ee/query-service/integrations/signozio"
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/query-service/telemetry"
+	"go.uber.org/zap"
+)
+
+var LM *Manager
+
+// validate and update license every 24 hours
+var validationFrequency = 24 * 60 * time.Minute
+
+type Manager struct {
+	repo             *Repo
+	zeus             zeus.Zeus
+	mutex            sync.Mutex
+	validatorRunning bool
+	// end the license validation, this is important to gracefully
+	// stopping validation and protect in-consistent updates
+	done chan struct{}
+	// terminated waits for the validate go routine to end
+	terminated chan struct{}
+	// last time the license was validated
+	lastValidated int64
+	// keep track of validation failure attempts
+	failedAttempts uint64
+	// keep track of active license and features
+	activeLicenseV3 *model.LicenseV3
+	activeFeatures  basemodel.FeatureSet
+}
+
+func StartManager(db *sqlx.DB, store sqlstore.SQLStore, zeus zeus.Zeus, features ...basemodel.Feature) (*Manager, error) {
+	if LM != nil {
+		return LM, nil
+	}
+
+	repo := NewLicenseRepo(db, store)
+	m := &Manager{
+		repo: &repo,
+		zeus: zeus,
+	}
+	if err := m.start(features...); err != nil {
+		return m, err
+	}
+
+	LM = m
+	return m, nil
+}
+
+// start loads active license in memory and initiates validator
+func (lm *Manager) start(features ...basemodel.Feature) error {
+	return lm.LoadActiveLicenseV3(features...)
+}
+
+func (lm *Manager) Stop() {
+	close(lm.done)
+	<-lm.terminated
+}
+
+func (lm *Manager) SetActiveV3(l *model.LicenseV3, features ...basemodel.Feature) {
+	lm.mutex.Lock()
+	defer lm.mutex.Unlock()
+
+	if l == nil {
+		return
+	}
+
+	lm.activeLicenseV3 = l
+	lm.activeFeatures = append(l.Features, features...)
+	// set default features
+	setDefaultFeatures(lm)
+
+	err := lm.InitFeatures(lm.activeFeatures)
+	if err != nil {
+		zap.L().Panic("Couldn't activate features", zap.Error(err))
+	}
+	if !lm.validatorRunning {
+		// we want to make sure only one validator runs,
+		// we already have lock() so good to go
+		lm.validatorRunning = true
+		go lm.ValidatorV3(context.Background())
+	}
+
+}
+
+func setDefaultFeatures(lm *Manager) {
+	lm.activeFeatures = append(lm.activeFeatures, baseconstants.DEFAULT_FEATURE_SET...)
+}
+
+func (lm *Manager) LoadActiveLicenseV3(features ...basemodel.Feature) error {
+	active, err := lm.repo.GetActiveLicenseV3(context.Background())
+	if err != nil {
+		return err
+	}
+
+	if active != nil {
+		lm.SetActiveV3(active, features...)
+	} else {
+		zap.L().Info("No active license found, defaulting to basic plan")
+		// if no active license is found, we default to basic(free) plan with all default features
+		lm.activeFeatures = model.BasicPlan
+		setDefaultFeatures(lm)
+		err := lm.InitFeatures(lm.activeFeatures)
+		if err != nil {
+			zap.L().Error("Couldn't initialize features", zap.Error(err))
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (lm *Manager) GetLicensesV3(ctx context.Context) (response []*model.LicenseV3, apiError *model.ApiError) {
+
+	licenses, err := lm.repo.GetLicensesV3(ctx)
+	if err != nil {
+		return nil, model.InternalError(err)
+	}
+
+	for _, l := range licenses {
+		if lm.activeLicenseV3 != nil && l.Key == lm.activeLicenseV3.Key {
+			l.IsCurrent = true
+		}
+		if l.ValidUntil == -1 {
+			// for subscriptions, there is no end-date as such
+			// but for showing user some validity we default one year timespan
+			l.ValidUntil = l.ValidFrom + 31556926
+		}
+		response = append(response, l)
+	}
+
+	return response, nil
+}
+
+// Validator validates license after an epoch of time
+func (lm *Manager) ValidatorV3(ctx context.Context) {
+	zap.L().Info("ValidatorV3 started!")
+	defer close(lm.terminated)
+
+	tick := time.NewTicker(validationFrequency)
+	defer tick.Stop()
+
+	_ = lm.ValidateV3(ctx)
+	for {
+		select {
+		case <-lm.done:
+			return
+		default:
+			select {
+			case <-lm.done:
+				return
+			case <-tick.C:
+				_ = lm.ValidateV3(ctx)
+			}
+		}
+
+	}
+}
+
+func (lm *Manager) RefreshLicense(ctx context.Context) error {
+	license, err := validate.ValidateLicenseV3(ctx, lm.activeLicenseV3.Key, lm.zeus)
+	if err != nil {
+		return err
+	}
+
+	err = lm.repo.UpdateLicenseV3(ctx, license)
+	if err != nil {
+		return err
+	}
+	lm.SetActiveV3(license)
+
+	return nil
+}
+
+func (lm *Manager) ValidateV3(ctx context.Context) (reterr error) {
+	if lm.activeLicenseV3 == nil {
+		return nil
+	}
+
+	defer func() {
+		lm.mutex.Lock()
+
+		lm.lastValidated = time.Now().Unix()
+		if reterr != nil {
+			zap.L().Error("License validation completed with error", zap.Error(reterr))
+
+			atomic.AddUint64(&lm.failedAttempts, 1)
+			// default to basic plan if validation fails for three consecutive times
+			if atomic.LoadUint64(&lm.failedAttempts) > 3 {
+				zap.L().Error("License validation completed with error for three consecutive times, defaulting to basic plan", zap.String("license_id", lm.activeLicenseV3.ID), zap.Bool("license_validation", false))
+				lm.activeLicenseV3 = nil
+				lm.activeFeatures = model.BasicPlan
+				setDefaultFeatures(lm)
+				err := lm.InitFeatures(lm.activeFeatures)
+				if err != nil {
+					zap.L().Error("Couldn't initialize features", zap.Error(err))
+				}
+				lm.done <- struct{}{}
+				lm.validatorRunning = false
+			}
+
+			telemetry.GetInstance().SendEvent(telemetry.TELEMETRY_LICENSE_CHECK_FAILED,
+				map[string]interface{}{"err": reterr.Error()}, "", true, false)
+		} else {
+			// reset the failed attempts counter
+			atomic.StoreUint64(&lm.failedAttempts, 0)
+			zap.L().Info("License validation completed with no errors")
+		}
+
+		lm.mutex.Unlock()
+	}()
+
+	err := lm.RefreshLicense(ctx)
+
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (lm *Manager) ActivateV3(ctx context.Context, licenseKey string) (*model.LicenseV3, error) {
+	license, err := validate.ValidateLicenseV3(ctx, licenseKey, lm.zeus)
+	if err != nil {
+		return nil, err
+	}
+
+	// insert the new license to the sqlite db
+	modelErr := lm.repo.InsertLicenseV3(ctx, license)
+	if modelErr != nil {
+		zap.L().Error("failed to activate license", zap.Error(modelErr))
+		return nil, modelErr
+	}
+
+	// license is valid, activate it
+	lm.SetActiveV3(license)
+	return license, nil
+}
+
+func (lm *Manager) GetActiveLicense() *model.LicenseV3 {
+	return lm.activeLicenseV3
+}
+
+// CheckFeature will be internally used by backend routines
+// for feature gating
+func (lm *Manager) CheckFeature(featureKey string) error {
+	feature, err := lm.repo.GetFeature(featureKey)
+	if err != nil {
+		return err
+	}
+	if feature.Active {
+		return nil
+	}
+	return basemodel.ErrFeatureUnavailable{Key: featureKey}
+}
+
+// GetFeatureFlags returns current active features
+func (lm *Manager) GetFeatureFlags() (basemodel.FeatureSet, error) {
+	return lm.repo.GetAllFeatures()
+}
+
+func (lm *Manager) InitFeatures(features basemodel.FeatureSet) error {
+	featureStatus := make([]types.FeatureStatus, len(features))
+	for i, f := range features {
+		featureStatus[i] = types.FeatureStatus{
+			Name:       f.Name,
+			Active:     f.Active,
+			Usage:      int(f.Usage),
+			UsageLimit: int(f.UsageLimit),
+			Route:      f.Route,
+		}
+	}
+	return lm.repo.InitFeatures(featureStatus)
+}
+
+func (lm *Manager) UpdateFeatureFlag(feature basemodel.Feature) error {
+	return lm.repo.UpdateFeature(types.FeatureStatus{
+		Name:       feature.Name,
+		Active:     feature.Active,
+		Usage:      int(feature.Usage),
+		UsageLimit: int(feature.UsageLimit),
+		Route:      feature.Route,
+	})
+}
+
+func (lm *Manager) GetFeatureFlag(key string) (basemodel.Feature, error) {
+	featureStatus, err := lm.repo.GetFeature(key)
+	if err != nil {
+		return basemodel.Feature{}, err
+	}
+	return basemodel.Feature{
+		Name:       featureStatus.Name,
+		Active:     featureStatus.Active,
+		Usage:      int64(featureStatus.Usage),
+		UsageLimit: int64(featureStatus.UsageLimit),
+		Route:      featureStatus.Route,
+	}, nil
+}
+
+// GetRepo return the license repo
+func (lm *Manager) GetRepo() *Repo {
+	return lm.repo
+}

ee/query-service/main.go

@@ -0,0 +1,182 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"os"
+	"time"
+
+	eeuserimpl "github.com/SigNoz/signoz/ee/modules/user/impluser"
+	"github.com/SigNoz/signoz/ee/query-service/app"
+	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
+	"github.com/SigNoz/signoz/ee/zeus"
+	"github.com/SigNoz/signoz/ee/zeus/httpzeus"
+	"github.com/SigNoz/signoz/pkg/config"
+	"github.com/SigNoz/signoz/pkg/config/envprovider"
+	"github.com/SigNoz/signoz/pkg/config/fileprovider"
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	baseconst "github.com/SigNoz/signoz/pkg/query-service/constants"
+	"github.com/SigNoz/signoz/pkg/signoz"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/version"
+
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+)
+
+// Deprecated: Please use the logger from pkg/instrumentation.
+func initZapLog() *zap.Logger {
+	config := zap.NewProductionConfig()
+	config.EncoderConfig.TimeKey = "timestamp"
+	config.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
+	logger, _ := config.Build()
+	return logger
+}
+
+func main() {
+	var promConfigPath, skipTopLvlOpsPath string
+
+	// disables rule execution but allows change to the rule definition
+	var disableRules bool
+
+	// the url used to build link in the alert messages in slack and other systems
+	var ruleRepoURL string
+	var cluster string
+
+	var useLogsNewSchema bool
+	var useTraceNewSchema bool
+	var cacheConfigPath, fluxInterval, fluxIntervalForTraceDetail string
+	var preferSpanMetrics bool
+
+	var maxIdleConns int
+	var maxOpenConns int
+	var dialTimeout time.Duration
+	var gatewayUrl string
+	var useLicensesV3 bool
+
+	// Deprecated
+	flag.BoolVar(&useLogsNewSchema, "use-logs-new-schema", false, "use logs_v2 schema for logs")
+	// Deprecated
+	flag.BoolVar(&useTraceNewSchema, "use-trace-new-schema", false, "use new schema for traces")
+	// Deprecated
+	flag.StringVar(&promConfigPath, "config", "./config/prometheus.yml", "(prometheus config to read metrics)")
+	// Deprecated
+	flag.StringVar(&skipTopLvlOpsPath, "skip-top-level-ops", "", "(config file to skip top level operations)")
+	// Deprecated
+	flag.BoolVar(&disableRules, "rules.disable", false, "(disable rule evaluation)")
+	flag.BoolVar(&preferSpanMetrics, "prefer-span-metrics", false, "(prefer span metrics for service level metrics)")
+	// Deprecated
+	flag.IntVar(&maxIdleConns, "max-idle-conns", 50, "(number of connections to maintain in the pool.)")
+	// Deprecated
+	flag.IntVar(&maxOpenConns, "max-open-conns", 100, "(max connections for use at any time.)")
+	// Deprecated
+	flag.DurationVar(&dialTimeout, "dial-timeout", 5*time.Second, "(the maximum time to establish a connection.)")
+	// Deprecated
+	flag.StringVar(&ruleRepoURL, "rules.repo-url", baseconst.AlertHelpPage, "(host address used to build rule link in alert messages)")
+	// Deprecated
+	flag.StringVar(&cacheConfigPath, "experimental.cache-config", "", "(cache config to use)")
+	flag.StringVar(&fluxInterval, "flux-interval", "5m", "(the interval to exclude data from being cached to avoid incorrect cache for data in motion)")
+	flag.StringVar(&fluxIntervalForTraceDetail, "flux-interval-trace-detail", "2m", "(the interval to exclude data from being cached to avoid incorrect cache for trace data in motion)")
+	flag.StringVar(&cluster, "cluster", "cluster", "(cluster name - defaults to 'cluster')")
+	flag.StringVar(&gatewayUrl, "gateway-url", "", "(url to the gateway)")
+	// Deprecated
+	flag.BoolVar(&useLicensesV3, "use-licenses-v3", false, "use licenses_v3 schema for licenses")
+	flag.Parse()
+
+	loggerMgr := initZapLog()
+	zap.ReplaceGlobals(loggerMgr)
+	defer loggerMgr.Sync() // flushes buffer, if any
+
+	config, err := signoz.NewConfig(context.Background(), config.ResolverConfig{
+		Uris: []string{"env:"},
+		ProviderFactories: []config.ProviderFactory{
+			envprovider.NewFactory(),
+			fileprovider.NewFactory(),
+		},
+	}, signoz.DeprecatedFlags{
+		MaxIdleConns: maxIdleConns,
+		MaxOpenConns: maxOpenConns,
+		DialTimeout:  dialTimeout,
+		Config:       promConfigPath,
+	})
+	if err != nil {
+		zap.L().Fatal("Failed to create config", zap.Error(err))
+	}
+
+	version.Info.PrettyPrint(config.Version)
+
+	sqlStoreFactories := signoz.NewSQLStoreProviderFactories()
+	if err := sqlStoreFactories.Add(postgressqlstore.NewFactory(sqlstorehook.NewLoggingFactory())); err != nil {
+		zap.L().Fatal("Failed to add postgressqlstore factory", zap.Error(err))
+	}
+
+	signoz, err := signoz.New(
+		context.Background(),
+		config,
+		zeus.Config(),
+		httpzeus.NewProviderFactory(),
+		signoz.NewCacheProviderFactories(),
+		signoz.NewWebProviderFactories(),
+		sqlStoreFactories,
+		signoz.NewTelemetryStoreProviderFactories(),
+		func(sqlstore sqlstore.SQLStore) user.Module {
+			return eeuserimpl.NewModule(eeuserimpl.NewStore(sqlstore))
+		},
+		func(userModule user.Module) user.Handler {
+			return eeuserimpl.NewHandler(userModule)
+		},
+	)
+	if err != nil {
+		zap.L().Fatal("Failed to create signoz", zap.Error(err))
+	}
+
+	jwtSecret := os.Getenv("SIGNOZ_JWT_SECRET")
+
+	if len(jwtSecret) == 0 {
+		zap.L().Warn("No JWT secret key is specified.")
+	} else {
+		zap.L().Info("JWT secret key set successfully.")
+	}
+
+	jwt := authtypes.NewJWT(jwtSecret, 30*time.Minute, 30*24*time.Hour)
+
+	serverOptions := &app.ServerOptions{
+		Config:                     config,
+		SigNoz:                     signoz,
+		HTTPHostPort:               baseconst.HTTPHostPort,
+		PreferSpanMetrics:          preferSpanMetrics,
+		PrivateHostPort:            baseconst.PrivateHostPort,
+		FluxInterval:               fluxInterval,
+		FluxIntervalForTraceDetail: fluxIntervalForTraceDetail,
+		Cluster:                    cluster,
+		GatewayUrl:                 gatewayUrl,
+		Jwt:                        jwt,
+	}
+
+	server, err := app.NewServer(serverOptions)
+	if err != nil {
+		zap.L().Fatal("Failed to create server", zap.Error(err))
+	}
+
+	if err := server.Start(context.Background()); err != nil {
+		zap.L().Fatal("Could not start server", zap.Error(err))
+	}
+
+	signoz.Start(context.Background())
+
+	if err := signoz.Wait(context.Background()); err != nil {
+		zap.L().Fatal("Failed to start signoz", zap.Error(err))
+	}
+
+	err = server.Stop()
+	if err != nil {
+		zap.L().Fatal("Failed to stop server", zap.Error(err))
+	}
+
+	err = signoz.Stop(context.Background())
+	if err != nil {
+		zap.L().Fatal("Failed to stop signoz", zap.Error(err))
+	}
+}

ee/query-service/model/license.go

@@ -0,0 +1,244 @@
+package model
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"time"
+
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/pkg/errors"
+)
+
+type License struct {
+	Key          string    `json:"key" db:"key"`
+	ActivationId string    `json:"activationId" db:"activationId"`
+	CreatedAt    time.Time `db:"created_at"`
+
+	// PlanDetails contains the encrypted plan info
+	PlanDetails string `json:"planDetails" db:"planDetails"`
+
+	// stores parsed license details
+	LicensePlan
+
+	FeatureSet basemodel.FeatureSet
+
+	// populated in case license has any errors
+	ValidationMessage string `db:"validationMessage"`
+
+	// used only for sending details to front-end
+	IsCurrent bool `json:"isCurrent"`
+}
+
+func (l *License) MarshalJSON() ([]byte, error) {
+
+	return json.Marshal(&struct {
+		Key               string    `json:"key" db:"key"`
+		ActivationId      string    `json:"activationId" db:"activationId"`
+		ValidationMessage string    `db:"validationMessage"`
+		IsCurrent         bool      `json:"isCurrent"`
+		PlanKey           string    `json:"planKey"`
+		ValidFrom         time.Time `json:"ValidFrom"`
+		ValidUntil        time.Time `json:"ValidUntil"`
+		Status            string    `json:"status"`
+	}{
+		Key:               l.Key,
+		ActivationId:      l.ActivationId,
+		IsCurrent:         l.IsCurrent,
+		PlanKey:           l.PlanKey,
+		ValidFrom:         time.Unix(l.ValidFrom, 0),
+		ValidUntil:        time.Unix(l.ValidUntil, 0),
+		Status:            l.Status,
+		ValidationMessage: l.ValidationMessage,
+	})
+}
+
+type LicensePlan struct {
+	PlanKey    string `json:"planKey"`
+	ValidFrom  int64  `json:"validFrom"`
+	ValidUntil int64  `json:"validUntil"`
+	Status     string `json:"status"`
+}
+
+type Licenses struct {
+	TrialStart                   int64     `json:"trialStart"`
+	TrialEnd                     int64     `json:"trialEnd"`
+	OnTrial                      bool      `json:"onTrial"`
+	WorkSpaceBlock               bool      `json:"workSpaceBlock"`
+	TrialConvertedToSubscription bool      `json:"trialConvertedToSubscription"`
+	GracePeriodEnd               int64     `json:"gracePeriodEnd"`
+	Licenses                     []License `json:"licenses"`
+}
+
+type SubscriptionServerResp struct {
+	Status string   `json:"status"`
+	Data   Licenses `json:"data"`
+}
+
+type Plan struct {
+	Name string `json:"name"`
+}
+
+type LicenseDB struct {
+	ID   string `json:"id"`
+	Key  string `json:"key"`
+	Data string `json:"data"`
+}
+type LicenseV3 struct {
+	ID         string
+	Key        string
+	Data       map[string]interface{}
+	PlanName   string
+	Features   basemodel.FeatureSet
+	Status     string
+	IsCurrent  bool
+	ValidFrom  int64
+	ValidUntil int64
+}
+
+func extractKeyFromMapStringInterface[T any](data map[string]interface{}, key string) (T, error) {
+	var zeroValue T
+	if val, ok := data[key]; ok {
+		if value, ok := val.(T); ok {
+			return value, nil
+		}
+		return zeroValue, fmt.Errorf("%s key is not a valid %s", key, reflect.TypeOf(zeroValue))
+	}
+	return zeroValue, fmt.Errorf("%s key is missing", key)
+}
+
+func NewLicenseV3(data map[string]interface{}) (*LicenseV3, error) {
+	var features basemodel.FeatureSet
+
+	// extract id from data
+	licenseID, err := extractKeyFromMapStringInterface[string](data, "id")
+	if err != nil {
+		return nil, err
+	}
+	delete(data, "id")
+
+	// extract key from data
+	licenseKey, err := extractKeyFromMapStringInterface[string](data, "key")
+	if err != nil {
+		return nil, err
+	}
+	delete(data, "key")
+
+	// extract status from data
+	status, err := extractKeyFromMapStringInterface[string](data, "status")
+	if err != nil {
+		return nil, err
+	}
+
+	planMap, err := extractKeyFromMapStringInterface[map[string]any](data, "plan")
+	if err != nil {
+		return nil, err
+	}
+
+	planName, err := extractKeyFromMapStringInterface[string](planMap, "name")
+	if err != nil {
+		return nil, err
+	}
+	// if license status is invalid then default it to basic
+	if status == LicenseStatusInvalid {
+		planName = PlanNameBasic
+	}
+
+	featuresFromZeus := basemodel.FeatureSet{}
+	if _features, ok := data["features"]; ok {
+		featuresData, err := json.Marshal(_features)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to marshal features data")
+		}
+
+		if err := json.Unmarshal(featuresData, &featuresFromZeus); err != nil {
+			return nil, errors.Wrap(err, "failed to unmarshal features data")
+		}
+	}
+
+	switch planName {
+	case PlanNameEnterprise:
+		features = append(features, EnterprisePlan...)
+	case PlanNameBasic:
+		features = append(features, BasicPlan...)
+	default:
+		features = append(features, BasicPlan...)
+	}
+
+	if len(featuresFromZeus) > 0 {
+		for _, feature := range featuresFromZeus {
+			exists := false
+			for i, existingFeature := range features {
+				if existingFeature.Name == feature.Name {
+					features[i] = feature // Replace existing feature
+					exists = true
+					break
+				}
+			}
+			if !exists {
+				features = append(features, feature) // Append if it doesn't exist
+			}
+		}
+	}
+	data["features"] = features
+
+	_validFrom, err := extractKeyFromMapStringInterface[float64](data, "valid_from")
+	if err != nil {
+		_validFrom = 0
+	}
+	validFrom := int64(_validFrom)
+
+	_validUntil, err := extractKeyFromMapStringInterface[float64](data, "valid_until")
+	if err != nil {
+		_validUntil = 0
+	}
+	validUntil := int64(_validUntil)
+
+	return &LicenseV3{
+		ID:         licenseID,
+		Key:        licenseKey,
+		Data:       data,
+		PlanName:   planName,
+		Features:   features,
+		ValidFrom:  validFrom,
+		ValidUntil: validUntil,
+		Status:     status,
+	}, nil
+
+}
+
+func NewLicenseV3WithIDAndKey(id string, key string, data map[string]interface{}) (*LicenseV3, error) {
+	licenseDataWithIdAndKey := data
+	licenseDataWithIdAndKey["id"] = id
+	licenseDataWithIdAndKey["key"] = key
+	return NewLicenseV3(licenseDataWithIdAndKey)
+}
+
+func ConvertLicenseV3ToLicenseV2(l *LicenseV3) *License {
+	planKeyFromPlanName, ok := MapOldPlanKeyToNewPlanName[l.PlanName]
+	if !ok {
+		planKeyFromPlanName = Basic
+	}
+	return &License{
+		Key:               l.Key,
+		ActivationId:      "",
+		PlanDetails:       "",
+		FeatureSet:        l.Features,
+		ValidationMessage: "",
+		IsCurrent:         l.IsCurrent,
+		LicensePlan: LicensePlan{
+			PlanKey:    planKeyFromPlanName,
+			ValidFrom:  l.ValidFrom,
+			ValidUntil: l.ValidUntil,
+			Status:     l.Status},
+	}
+
+}
+
+type CheckoutRequest struct {
+	SuccessURL string `json:"url"`
+}
+
+type PortalRequest struct {
+	SuccessURL string `json:"url"`
+}

ee/query-service/model/license_test.go

@@ -0,0 +1,170 @@
+package model
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewLicenseV3(t *testing.T) {
+	testCases := []struct {
+		name     string
+		data     []byte
+		pass     bool
+		expected *LicenseV3
+		error    error
+	}{
+		{
+			name:  "Error for missing license id",
+			data:  []byte(`{}`),
+			pass:  false,
+			error: errors.New("id key is missing"),
+		},
+		{
+			name:  "Error for license id not being a valid string",
+			data:  []byte(`{"id": 10}`),
+			pass:  false,
+			error: errors.New("id key is not a valid string"),
+		},
+		{
+			name:  "Error for missing license key",
+			data:  []byte(`{"id":"does-not-matter"}`),
+			pass:  false,
+			error: errors.New("key key is missing"),
+		},
+		{
+			name:  "Error for invalid string license key",
+			data:  []byte(`{"id":"does-not-matter","key":10}`),
+			pass:  false,
+			error: errors.New("key key is not a valid string"),
+		},
+		{
+			name:  "Error for missing license status",
+			data:  []byte(`{"id":"does-not-matter", "key": "does-not-matter","category":"FREE"}`),
+			pass:  false,
+			error: errors.New("status key is missing"),
+		},
+		{
+			name:  "Error for invalid string license status",
+			data:  []byte(`{"id":"does-not-matter","key": "does-not-matter", "category":"FREE", "status":10}`),
+			pass:  false,
+			error: errors.New("status key is not a valid string"),
+		},
+		{
+			name:  "Error for missing license plan",
+			data:  []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE"}`),
+			pass:  false,
+			error: errors.New("plan key is missing"),
+		},
+		{
+			name:  "Error for invalid json license plan",
+			data:  []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":10}`),
+			pass:  false,
+			error: errors.New("plan key is not a valid map[string]interface {}"),
+		},
+		{
+			name:  "Error for invalid license plan",
+			data:  []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":{}}`),
+			pass:  false,
+			error: errors.New("name key is missing"),
+		},
+		{
+			name: "Parse the entire license properly",
+			data: []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":{"name":"ENTERPRISE"},"valid_from": 1730899309,"valid_until": -1}`),
+			pass: true,
+			expected: &LicenseV3{
+				ID:  "does-not-matter",
+				Key: "does-not-matter-key",
+				Data: map[string]interface{}{
+					"plan": map[string]interface{}{
+						"name": "ENTERPRISE",
+					},
+					"category":    "FREE",
+					"status":      "ACTIVE",
+					"valid_from":  float64(1730899309),
+					"valid_until": float64(-1),
+				},
+				PlanName:   PlanNameEnterprise,
+				ValidFrom:  1730899309,
+				ValidUntil: -1,
+				Status:     "ACTIVE",
+				IsCurrent:  false,
+				Features:   model.FeatureSet{},
+			},
+		},
+		{
+			name: "Fallback to basic plan if license status is invalid",
+			data: []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"INVALID","plan":{"name":"ENTERPRISE"},"valid_from": 1730899309,"valid_until": -1}`),
+			pass: true,
+			expected: &LicenseV3{
+				ID:  "does-not-matter",
+				Key: "does-not-matter-key",
+				Data: map[string]interface{}{
+					"plan": map[string]interface{}{
+						"name": "ENTERPRISE",
+					},
+					"category":    "FREE",
+					"status":      "INVALID",
+					"valid_from":  float64(1730899309),
+					"valid_until": float64(-1),
+				},
+				PlanName:   PlanNameBasic,
+				ValidFrom:  1730899309,
+				ValidUntil: -1,
+				Status:     "INVALID",
+				IsCurrent:  false,
+				Features:   model.FeatureSet{},
+			},
+		},
+		{
+			name: "fallback states for validFrom and validUntil",
+			data: []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":{"name":"ENTERPRISE"},"valid_from":1234.456,"valid_until":5678.567}`),
+			pass: true,
+			expected: &LicenseV3{
+				ID:  "does-not-matter",
+				Key: "does-not-matter-key",
+				Data: map[string]interface{}{
+					"plan": map[string]interface{}{
+						"name": "ENTERPRISE",
+					},
+					"valid_from":  1234.456,
+					"valid_until": 5678.567,
+					"category":    "FREE",
+					"status":      "ACTIVE",
+				},
+				PlanName:   PlanNameEnterprise,
+				ValidFrom:  1234,
+				ValidUntil: 5678,
+				Status:     "ACTIVE",
+				IsCurrent:  false,
+				Features:   model.FeatureSet{},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		var licensePayload map[string]interface{}
+		err := json.Unmarshal(tc.data, &licensePayload)
+		require.NoError(t, err)
+		license, err := NewLicenseV3(licensePayload)
+		if license != nil {
+			license.Features = make(model.FeatureSet, 0)
+			delete(license.Data, "features")
+		}
+
+		if tc.pass {
+			require.NoError(t, err)
+			require.NotNil(t, license)
+			assert.Equal(t, tc.expected, license)
+		} else {
+			require.Error(t, err)
+			assert.EqualError(t, err, tc.error.Error())
+			require.Nil(t, license)
+		}
+
+	}
+}

ee/query-service/model/pat.go

@@ -0,0 +1,7 @@
+package model
+
+type CreatePATRequestBody struct {
+	Name          string `json:"name"`
+	Role          string `json:"role"`
+	ExpiresInDays int64  `json:"expiresInDays"`
+}

ee/query-service/model/plans.go

@@ -0,0 +1,131 @@
+package model
+
+import (
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+)
+
+const SSO = "SSO"
+const Basic = "BASIC_PLAN"
+const Enterprise = "ENTERPRISE_PLAN"
+
+var (
+	PlanNameEnterprise = "ENTERPRISE"
+	PlanNameBasic      = "BASIC"
+)
+
+var (
+	MapOldPlanKeyToNewPlanName map[string]string = map[string]string{PlanNameBasic: Basic, PlanNameEnterprise: Enterprise}
+)
+
+var (
+	LicenseStatusInvalid = "INVALID"
+)
+
+const Onboarding = "ONBOARDING"
+const ChatSupport = "CHAT_SUPPORT"
+const Gateway = "GATEWAY"
+const PremiumSupport = "PREMIUM_SUPPORT"
+
+var BasicPlan = basemodel.FeatureSet{
+	basemodel.Feature{
+		Name:       SSO,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.UseSpanMetrics,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       Gateway,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       PremiumSupport,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.AnomalyDetection,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.TraceFunnels,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+}
+
+var EnterprisePlan = basemodel.FeatureSet{
+	basemodel.Feature{
+		Name:       SSO,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.UseSpanMetrics,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       Onboarding,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       ChatSupport,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       Gateway,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       PremiumSupport,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.AnomalyDetection,
+		Active:     true,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+	basemodel.Feature{
+		Name:       basemodel.TraceFunnels,
+		Active:     false,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	},
+}

ee/query-service/usage/manager.go

@@ -14,9 +14,9 @@ import (
 
 	"go.uber.org/zap"
 
+	"github.com/SigNoz/signoz/ee/query-service/dao"
+	"github.com/SigNoz/signoz/ee/query-service/license"
 	"github.com/SigNoz/signoz/ee/query-service/model"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/query-service/utils/encryption"
 	"github.com/SigNoz/signoz/pkg/zeus"
 )
@@ -35,68 +35,64 @@ var (
 type Manager struct {
 	clickhouseConn clickhouse.Conn
 
-	licenseService licensing.Licensing
+	licenseRepo *license.Repo
 
 	scheduler *gocron.Scheduler
 
-	zeus zeus.Zeus
+	modelDao dao.ModelDao
 
-	orgGetter organization.Getter
+	zeus zeus.Zeus
 }
 
-func New(licenseService licensing.Licensing, clickhouseConn clickhouse.Conn, zeus zeus.Zeus, orgGetter organization.Getter) (*Manager, error) {
+func New(modelDao dao.ModelDao, licenseRepo *license.Repo, clickhouseConn clickhouse.Conn, zeus zeus.Zeus) (*Manager, error) {
 	m := &Manager{
 		clickhouseConn: clickhouseConn,
-		licenseService: licenseService,
+		licenseRepo:    licenseRepo,
 		scheduler:      gocron.NewScheduler(time.UTC).Every(1).Day().At("00:00"), // send usage every at 00:00 UTC
+		modelDao:       modelDao,
 		zeus:           zeus,
-		orgGetter:      orgGetter,
 	}
 	return m, nil
 }
 
 // start loads collects and exports any exported snapshot and starts the exporter
-func (lm *Manager) Start(ctx context.Context) error {
+func (lm *Manager) Start() error {
 	// compares the locker and stateUnlocked if both are same lock is applied else returns error
 	if !atomic.CompareAndSwapUint32(&locker, stateUnlocked, stateLocked) {
 		return fmt.Errorf("usage exporter is locked")
 	}
 
-	// upload usage once when starting the service
-
-	_, err := lm.scheduler.Do(func() { lm.UploadUsage(ctx) })
+	_, err := lm.scheduler.Do(func() { lm.UploadUsage() })
 	if err != nil {
 		return err
 	}
 
-	lm.UploadUsage(ctx)
+	// upload usage once when starting the service
+	lm.UploadUsage()
+
 	lm.scheduler.StartAsync()
+
 	return nil
 }
-func (lm *Manager) UploadUsage(ctx context.Context) {
-	organizations, err := lm.orgGetter.ListByOwnedKeyRange(ctx)
+func (lm *Manager) UploadUsage() {
+	ctx := context.Background()
+	// check if license is present or not
+	license, err := lm.licenseRepo.GetActiveLicense(ctx)
 	if err != nil {
-		zap.L().Error("failed to get organizations", zap.Error(err))
+		zap.L().Error("failed to get active license", zap.Error(err))
+		return
+	}
+	if license == nil {
+		// we will not start the usage reporting if license is not present.
+		zap.L().Info("no license present, skipping usage reporting")
 		return
 	}
-	for _, organization := range organizations {
-		// check if license is present or not
-		license, err := lm.licenseService.GetActive(ctx, organization.ID)
-		if err != nil {
-			zap.L().Error("failed to get active license", zap.Error(err))
-			return
-		}
-		if license == nil {
-			// we will not start the usage reporting if license is not present.
-			zap.L().Info("no license present, skipping usage reporting")
-			return
-		}
 
-		usages := []model.UsageDB{}
+	usages := []model.UsageDB{}
 
-		// get usage from clickhouse
-		dbs := []string{"signoz_logs", "signoz_traces", "signoz_metrics"}
-		query := `
+	// get usage from clickhouse
+	dbs := []string{"signoz_logs", "signoz_traces", "signoz_metrics"}
+	query := `
 		SELECT tenant, collector_id, exporter_id, timestamp, data
 		FROM %s.distributed_usage as u1 
 			GLOBAL INNER JOIN 
@@ -111,76 +107,76 @@ func (lm *Manager) UploadUsage(ctx context.Context) {
 		order by timestamp
 	`
 
-		for _, db := range dbs {
-			dbusages := []model.UsageDB{}
-			err := lm.clickhouseConn.Select(ctx, &dbusages, fmt.Sprintf(query, db, db), time.Now().Add(-(24 * time.Hour)))
-			if err != nil && !strings.Contains(err.Error(), "doesn't exist") {
-				zap.L().Error("failed to get usage from clickhouse: %v", zap.Error(err))
-				return
-			}
-			for _, u := range dbusages {
-				u.Type = db
-				usages = append(usages, u)
-			}
+	for _, db := range dbs {
+		dbusages := []model.UsageDB{}
+		err := lm.clickhouseConn.Select(ctx, &dbusages, fmt.Sprintf(query, db, db), time.Now().Add(-(24 * time.Hour)))
+		if err != nil && !strings.Contains(err.Error(), "doesn't exist") {
+			zap.L().Error("failed to get usage from clickhouse: %v", zap.Error(err))
+			return
 		}
+		for _, u := range dbusages {
+			u.Type = db
+			usages = append(usages, u)
+		}
+	}
 
-		if len(usages) <= 0 {
-			zap.L().Info("no snapshots to upload, skipping.")
+	if len(usages) <= 0 {
+		zap.L().Info("no snapshots to upload, skipping.")
+		return
+	}
+
+	zap.L().Info("uploading usage data")
+
+	usagesPayload := []model.Usage{}
+	for _, usage := range usages {
+		usageDataBytes, err := encryption.Decrypt([]byte(usage.ExporterID[:32]), []byte(usage.Data))
+		if err != nil {
+			zap.L().Error("error while decrypting usage data: %v", zap.Error(err))
 			return
 		}
 
-		zap.L().Info("uploading usage data")
-
-		usagesPayload := []model.Usage{}
-		for _, usage := range usages {
-			usageDataBytes, err := encryption.Decrypt([]byte(usage.ExporterID[:32]), []byte(usage.Data))
-			if err != nil {
-				zap.L().Error("error while decrypting usage data: %v", zap.Error(err))
-				return
-			}
-
-			usageData := model.Usage{}
-			err = json.Unmarshal(usageDataBytes, &usageData)
-			if err != nil {
-				zap.L().Error("error while unmarshalling usage data: %v", zap.Error(err))
-				return
-			}
-
-			usageData.CollectorID = usage.CollectorID
-			usageData.ExporterID = usage.ExporterID
-			usageData.Type = usage.Type
-			usageData.Tenant = "default"
-			usageData.OrgName = "default"
-			usageData.TenantId = "default"
-			usagesPayload = append(usagesPayload, usageData)
-		}
-
-		key, _ := uuid.Parse(license.Key)
-		payload := model.UsagePayload{
-			LicenseKey: key,
-			Usage:      usagesPayload,
-		}
-
-		body, errv2 := json.Marshal(payload)
-		if errv2 != nil {
-			zap.L().Error("error while marshalling usage payload: %v", zap.Error(errv2))
+		usageData := model.Usage{}
+		err = json.Unmarshal(usageDataBytes, &usageData)
+		if err != nil {
+			zap.L().Error("error while unmarshalling usage data: %v", zap.Error(err))
 			return
 		}
 
-		errv2 = lm.zeus.PutMeters(ctx, payload.LicenseKey.String(), body)
-		if errv2 != nil {
-			zap.L().Error("failed to upload usage: %v", zap.Error(errv2))
-			// not returning error here since it is captured in the failed count
-			return
-		}
+		usageData.CollectorID = usage.CollectorID
+		usageData.ExporterID = usage.ExporterID
+		usageData.Type = usage.Type
+		usageData.Tenant = "default"
+		usageData.OrgName = "default"
+		usageData.TenantId = "default"
+		usagesPayload = append(usagesPayload, usageData)
+	}
+
+	key, _ := uuid.Parse(license.Key)
+	payload := model.UsagePayload{
+		LicenseKey: key,
+		Usage:      usagesPayload,
+	}
+
+	body, errv2 := json.Marshal(payload)
+	if errv2 != nil {
+		zap.L().Error("error while marshalling usage payload: %v", zap.Error(errv2))
+		return
+	}
+
+	errv2 = lm.zeus.PutMeters(ctx, payload.LicenseKey.String(), body)
+	if errv2 != nil {
+		zap.L().Error("failed to upload usage: %v", zap.Error(errv2))
+		// not returning error here since it is captured in the failed count
+		return
 	}
 }
 
-func (lm *Manager) Stop(ctx context.Context) {
+func (lm *Manager) Stop() {
 	lm.scheduler.Stop()
 
 	zap.L().Info("sending usage data before shutting down")
 	// send usage before shutting down
-	lm.UploadUsage(ctx)
+	lm.UploadUsage()
+
 	atomic.StoreUint32(&locker, stateUnlocked)
 }

ee/sqlschema/postgressqlschema/formatter.go

@@ -1,36 +0,0 @@
-package postgressqlschema
-
-import (
-	"strings"
-
-	"github.com/SigNoz/signoz/pkg/sqlschema"
-)
-
-type Formatter struct {
-	sqlschema.Formatter
-}
-
-func (formatter Formatter) SQLDataTypeOf(dataType sqlschema.DataType) string {
-	if dataType == sqlschema.DataTypeTimestamp {
-		return "TIMESTAMPTZ"
-	}
-
-	return strings.ToUpper(dataType.String())
-}
-
-func (formatter Formatter) DataTypeOf(dataType string) sqlschema.DataType {
-	switch strings.ToUpper(dataType) {
-	case "TIMESTAMPTZ", "TIMESTAMP", "TIMESTAMP WITHOUT TIME ZONE", "TIMESTAMP WITH TIME ZONE":
-		return sqlschema.DataTypeTimestamp
-	case "INT8":
-		return sqlschema.DataTypeBigInt
-	case "INT2", "INT4", "SMALLINT", "INTEGER":
-		return sqlschema.DataTypeInteger
-	case "BOOL", "BOOLEAN":
-		return sqlschema.DataTypeBoolean
-	case "VARCHAR", "CHARACTER VARYING", "CHARACTER":
-		return sqlschema.DataTypeText
-	}
-
-	return formatter.Formatter.DataTypeOf(dataType)
-}

ee/sqlschema/postgressqlschema/provider.go

@@ -1,285 +0,0 @@
-package postgressqlschema
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/sqlschema"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/uptrace/bun"
-)
-
-type provider struct {
-	settings factory.ScopedProviderSettings
-	fmter    sqlschema.SQLFormatter
-	sqlstore sqlstore.SQLStore
-	operator sqlschema.SQLOperator
-}
-
-func NewFactory(sqlstore sqlstore.SQLStore) factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config] {
-	return factory.NewProviderFactory(factory.MustNewName("postgres"), func(ctx context.Context, providerSettings factory.ProviderSettings, config sqlschema.Config) (sqlschema.SQLSchema, error) {
-		return New(ctx, providerSettings, config, sqlstore)
-	})
-}
-
-func New(ctx context.Context, providerSettings factory.ProviderSettings, config sqlschema.Config, sqlstore sqlstore.SQLStore) (sqlschema.SQLSchema, error) {
-	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/sqlschema/postgressqlschema")
-	fmter := Formatter{Formatter: sqlschema.NewFormatter(sqlstore.BunDB().Dialect())}
-
-	return &provider{
-		sqlstore: sqlstore,
-		fmter:    fmter,
-		settings: settings,
-		operator: sqlschema.NewOperator(fmter, sqlschema.OperatorSupport{
-			DropConstraint:          true,
-			ColumnIfNotExistsExists: true,
-			AlterColumnSetNotNull:   true,
-		}),
-	}, nil
-}
-
-func (provider *provider) Formatter() sqlschema.SQLFormatter {
-	return provider.fmter
-}
-
-func (provider *provider) Operator() sqlschema.SQLOperator {
-	return provider.operator
-}
-
-func (provider *provider) GetTable(ctx context.Context, tableName sqlschema.TableName) (*sqlschema.Table, []*sqlschema.UniqueConstraint, error) {
-	rows, err := provider.
-		sqlstore.
-		BunDB().
-		QueryContext(ctx, `
-SELECT 
-    c.column_name, 
-	c.is_nullable = 'YES', 
-	c.udt_name, 
-	c.column_default 
-FROM 
-    information_schema.columns AS c
-WHERE
-    c.table_name = ?`, string(tableName))
-	if err != nil {
-		return nil, nil, err
-	}
-
-	defer func() {
-		if err := rows.Close(); err != nil {
-			provider.settings.Logger().ErrorContext(ctx, "error closing rows", "error", err)
-		}
-	}()
-
-	columns := make([]*sqlschema.Column, 0)
-	for rows.Next() {
-		var (
-			name        string
-			sqlDataType string
-			nullable    bool
-			defaultVal  *string
-		)
-		if err := rows.Scan(&name, &nullable, &sqlDataType, &defaultVal); err != nil {
-			return nil, nil, err
-		}
-
-		columnDefault := ""
-		if defaultVal != nil {
-			columnDefault = *defaultVal
-		}
-
-		columns = append(columns, &sqlschema.Column{
-			Name:     sqlschema.ColumnName(name),
-			Nullable: nullable,
-			DataType: provider.fmter.DataTypeOf(sqlDataType),
-			Default:  columnDefault,
-		})
-	}
-
-	constraintsRows, err := provider.
-		sqlstore.
-		BunDB().
-		QueryContext(ctx, `
-SELECT 
-    c.column_name, 
-	constraint_name, 
-	constraint_type 
-FROM 
-    information_schema.table_constraints tc
-	JOIN information_schema.constraint_column_usage AS ccu USING (constraint_schema, constraint_catalog, table_name, constraint_name) 
-	JOIN information_schema.columns AS c ON c.table_schema = tc.constraint_schema AND tc.table_name = c.table_name AND ccu.column_name = c.column_name 
-WHERE
-    c.table_name = ?`, string(tableName))
-	if err != nil {
-		return nil, nil, err
-	}
-
-	defer func() {
-		if err := constraintsRows.Close(); err != nil {
-			provider.settings.Logger().ErrorContext(ctx, "error closing rows", "error", err)
-		}
-	}()
-
-	var primaryKeyConstraint *sqlschema.PrimaryKeyConstraint
-	uniqueConstraintsMap := make(map[string]*sqlschema.UniqueConstraint)
-	for constraintsRows.Next() {
-		var (
-			name           string
-			constraintName string
-			constraintType string
-		)
-
-		if err := constraintsRows.Scan(&name, &constraintName, &constraintType); err != nil {
-			return nil, nil, err
-		}
-
-		if constraintType == "PRIMARY KEY" {
-			if primaryKeyConstraint == nil {
-				primaryKeyConstraint = (&sqlschema.PrimaryKeyConstraint{
-					ColumnNames: []sqlschema.ColumnName{sqlschema.ColumnName(name)},
-				}).Named(constraintName).(*sqlschema.PrimaryKeyConstraint)
-			} else {
-				primaryKeyConstraint.ColumnNames = append(primaryKeyConstraint.ColumnNames, sqlschema.ColumnName(name))
-			}
-		}
-
-		if constraintType == "UNIQUE" {
-			if _, ok := uniqueConstraintsMap[constraintName]; !ok {
-				uniqueConstraintsMap[constraintName] = (&sqlschema.UniqueConstraint{
-					ColumnNames: []sqlschema.ColumnName{sqlschema.ColumnName(name)},
-				}).Named(constraintName).(*sqlschema.UniqueConstraint)
-			} else {
-				uniqueConstraintsMap[constraintName].ColumnNames = append(uniqueConstraintsMap[constraintName].ColumnNames, sqlschema.ColumnName(name))
-			}
-		}
-	}
-
-	foreignKeyConstraintsRows, err := provider.
-		sqlstore.
-		BunDB().
-		QueryContext(ctx, `
-SELECT 
-    tc.constraint_name, 
-	kcu.table_name AS referencing_table, 
-	kcu.column_name AS referencing_column, 
-	ccu.table_name AS referenced_table, 
-	ccu.column_name AS referenced_column 
-FROM
-    information_schema.key_column_usage kcu 
-    JOIN information_schema.table_constraints tc ON kcu.constraint_name = tc.constraint_name AND kcu.table_schema = tc.table_schema 
-    JOIN information_schema.constraint_column_usage ccu ON ccu.constraint_name = tc.constraint_name AND ccu.table_schema = tc.table_schema
-WHERE 
-    tc.constraint_type = ?
-	AND kcu.table_name = ?`, "FOREIGN KEY", string(tableName))
-	if err != nil {
-		return nil, nil, err
-	}
-
-	defer func() {
-		if err := foreignKeyConstraintsRows.Close(); err != nil {
-			provider.settings.Logger().ErrorContext(ctx, "error closing rows", "error", err)
-		}
-	}()
-
-	foreignKeyConstraints := make([]*sqlschema.ForeignKeyConstraint, 0)
-	for foreignKeyConstraintsRows.Next() {
-		var (
-			constraintName    string
-			referencingTable  string
-			referencingColumn string
-			referencedTable   string
-			referencedColumn  string
-		)
-
-		if err := foreignKeyConstraintsRows.Scan(&constraintName, &referencingTable, &referencingColumn, &referencedTable, &referencedColumn); err != nil {
-			return nil, nil, err
-		}
-
-		foreignKeyConstraints = append(foreignKeyConstraints, (&sqlschema.ForeignKeyConstraint{
-			ReferencingColumnName: sqlschema.ColumnName(referencingColumn),
-			ReferencedTableName:   sqlschema.TableName(referencedTable),
-			ReferencedColumnName:  sqlschema.ColumnName(referencedColumn),
-		}).Named(constraintName).(*sqlschema.ForeignKeyConstraint))
-	}
-
-	uniqueConstraints := make([]*sqlschema.UniqueConstraint, 0)
-	for _, uniqueConstraint := range uniqueConstraintsMap {
-		uniqueConstraints = append(uniqueConstraints, uniqueConstraint)
-	}
-
-	return &sqlschema.Table{
-		Name:                  tableName,
-		Columns:               columns,
-		PrimaryKeyConstraint:  primaryKeyConstraint,
-		ForeignKeyConstraints: foreignKeyConstraints,
-	}, uniqueConstraints, nil
-}
-
-func (provider *provider) GetIndices(ctx context.Context, name sqlschema.TableName) ([]sqlschema.Index, error) {
-	rows, err := provider.
-		sqlstore.
-		BunDB().
-		QueryContext(ctx, `
-SELECT
-    ct.relname AS table_name,
-    ci.relname AS index_name,
-    i.indisunique AS unique,
-    i.indisprimary AS primary,
-    a.attname AS column_name
-FROM
-    pg_index i
-    LEFT JOIN pg_class ct ON ct.oid = i.indrelid
-    LEFT JOIN pg_class ci ON ci.oid = i.indexrelid
-    LEFT JOIN pg_attribute a ON a.attrelid = ct.oid
-    LEFT JOIN pg_constraint con ON con.conindid = i.indexrelid
-WHERE
-    a.attnum = ANY(i.indkey)
-    AND con.oid IS NULL
-    AND ct.relkind = 'r'
-    AND ct.relname = ?`, string(name))
-	if err != nil {
-		return nil, err
-	}
-
-	defer func() {
-		if err := rows.Close(); err != nil {
-			provider.settings.Logger().ErrorContext(ctx, "error closing rows", "error", err)
-		}
-	}()
-
-	uniqueIndicesMap := make(map[string]*sqlschema.UniqueIndex)
-	for rows.Next() {
-		var (
-			tableName  string
-			indexName  string
-			unique     bool
-			primary    bool
-			columnName string
-		)
-
-		if err := rows.Scan(&tableName, &indexName, &unique, &primary, &columnName); err != nil {
-			return nil, err
-		}
-
-		if unique {
-			if _, ok := uniqueIndicesMap[indexName]; !ok {
-				uniqueIndicesMap[indexName] = &sqlschema.UniqueIndex{
-					TableName:   name,
-					ColumnNames: []sqlschema.ColumnName{sqlschema.ColumnName(columnName)},
-				}
-			} else {
-				uniqueIndicesMap[indexName].ColumnNames = append(uniqueIndicesMap[indexName].ColumnNames, sqlschema.ColumnName(columnName))
-			}
-		}
-	}
-
-	indices := make([]sqlschema.Index, 0)
-	for _, index := range uniqueIndicesMap {
-		indices = append(indices, index)
-	}
-
-	return indices, nil
-}
-
-func (provider *provider) ToggleFKEnforcement(_ context.Context, _ bun.IDB, _ bool) error {
-	return nil
-}

ee/sqlstore/postgressqlstore/dialect.go

@@ -17,21 +17,17 @@ var (
 )
 
 var (
-	Org                = "org"
-	User               = "user"
-	UserNoCascade      = "user_no_cascade"
-	FactorPassword     = "factor_password"
-	CloudIntegration   = "cloud_integration"
-	AgentConfigVersion = "agent_config_version"
+	Org              = "org"
+	User             = "user"
+	FactorPassword   = "factor_password"
+	CloudIntegration = "cloud_integration"
 )
 
 var (
-	OrgReference                = `("org_id") REFERENCES "organizations" ("id")`
-	UserReference               = `("user_id") REFERENCES "users" ("id") ON DELETE CASCADE ON UPDATE CASCADE`
-	UserReferenceNoCascade      = `("user_id") REFERENCES "users" ("id")`
-	FactorPasswordReference     = `("password_id") REFERENCES "factor_password" ("id")`
-	CloudIntegrationReference   = `("cloud_integration_id") REFERENCES "cloud_integration" ("id") ON DELETE CASCADE`
-	AgentConfigVersionReference = `("version_id") REFERENCES "agent_config_version" ("id")`
+	OrgReference              = `("org_id") REFERENCES "organizations" ("id")`
+	UserReference             = `("user_id") REFERENCES "users" ("id") ON DELETE CASCADE ON UPDATE CASCADE`
+	FactorPasswordReference   = `("password_id") REFERENCES "factor_password" ("id")`
+	CloudIntegrationReference = `("cloud_integration_id") REFERENCES "cloud_integration" ("id") ON DELETE CASCADE`
 )
 
 type dialect struct{}
@@ -270,14 +266,10 @@ func (dialect *dialect) RenameTableAndModifyModel(ctx context.Context, bun bun.I
 			fkReferences = append(fkReferences, OrgReference)
 		} else if reference == User && !slices.Contains(fkReferences, UserReference) {
 			fkReferences = append(fkReferences, UserReference)
-		} else if reference == UserNoCascade && !slices.Contains(fkReferences, UserReferenceNoCascade) {
-			fkReferences = append(fkReferences, UserReferenceNoCascade)
 		} else if reference == FactorPassword && !slices.Contains(fkReferences, FactorPasswordReference) {
 			fkReferences = append(fkReferences, FactorPasswordReference)
 		} else if reference == CloudIntegration && !slices.Contains(fkReferences, CloudIntegrationReference) {
 			fkReferences = append(fkReferences, CloudIntegrationReference)
-		} else if reference == AgentConfigVersion && !slices.Contains(fkReferences, AgentConfigVersionReference) {
-			fkReferences = append(fkReferences, AgentConfigVersionReference)
 		}
 	}
 

ee/sqlstore/postgressqlstore/provider.go

@@ -10,6 +10,7 @@ import (
 	"github.com/jackc/pgx/v5/pgconn"
 	"github.com/jackc/pgx/v5/pgxpool"
 	"github.com/jackc/pgx/v5/stdlib"
+	"github.com/jmoiron/sqlx"
 	"github.com/uptrace/bun"
 	"github.com/uptrace/bun/dialect/pgdialect"
 )
@@ -18,6 +19,7 @@ type provider struct {
 	settings factory.ScopedProviderSettings
 	sqldb    *sql.DB
 	bundb    *sqlstore.BunDB
+	sqlxdb   *sqlx.DB
 	dialect  *dialect
 }
 
@@ -59,6 +61,7 @@ func New(ctx context.Context, providerSettings factory.ProviderSettings, config
 		settings: settings,
 		sqldb:    sqldb,
 		bundb:    sqlstore.NewBunDB(settings, sqldb, pgdialect.New(), hooks),
+		sqlxdb:   sqlx.NewDb(sqldb, "postgres"),
 		dialect:  new(dialect),
 	}, nil
 }
@@ -71,6 +74,10 @@ func (provider *provider) SQLDB() *sql.DB {
 	return provider.sqldb
 }
 
+func (provider *provider) SQLxDB() *sqlx.DB {
+	return provider.sqlxdb
+}
+
 func (provider *provider) Dialect() sqlstore.SQLDialect {
 	return provider.dialect
 }

ee/types/personal_access_token.go

@@ -0,0 +1,76 @@
+package types
+
+import (
+	"crypto/rand"
+	"encoding/base64"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+)
+
+type GettablePAT struct {
+	CreatedByUser PatUser `json:"createdByUser"`
+	UpdatedByUser PatUser `json:"updatedByUser"`
+
+	StorablePersonalAccessToken
+}
+
+type PatUser struct {
+	types.User
+	NotFound bool `json:"notFound"`
+}
+
+func NewGettablePAT(name, role, userID string, expiresAt int64) GettablePAT {
+	return GettablePAT{
+		StorablePersonalAccessToken: NewStorablePersonalAccessToken(name, role, userID, expiresAt),
+	}
+}
+
+type StorablePersonalAccessToken struct {
+	bun.BaseModel `bun:"table:personal_access_token"`
+	types.Identifiable
+	types.TimeAuditable
+	OrgID           string `json:"orgId" bun:"org_id,type:text,notnull"`
+	Role            string `json:"role" bun:"role,type:text,notnull,default:'ADMIN'"`
+	UserID          string `json:"userId" bun:"user_id,type:text,notnull"`
+	Token           string `json:"token" bun:"token,type:text,notnull,unique"`
+	Name            string `json:"name" bun:"name,type:text,notnull"`
+	ExpiresAt       int64  `json:"expiresAt" bun:"expires_at,notnull,default:0"`
+	LastUsed        int64  `json:"lastUsed" bun:"last_used,notnull,default:0"`
+	Revoked         bool   `json:"revoked" bun:"revoked,notnull,default:false"`
+	UpdatedByUserID string `json:"updatedByUserId" bun:"updated_by_user_id,type:text,notnull,default:''"`
+}
+
+func NewStorablePersonalAccessToken(name, role, userID string, expiresAt int64) StorablePersonalAccessToken {
+	now := time.Now()
+	if expiresAt != 0 {
+		// convert expiresAt to unix timestamp from days
+		expiresAt = now.Unix() + (expiresAt * 24 * 60 * 60)
+	}
+
+	// Generate a 32-byte random token.
+	token := make([]byte, 32)
+	rand.Read(token)
+	// Encode the token in base64.
+	encodedToken := base64.StdEncoding.EncodeToString(token)
+
+	return StorablePersonalAccessToken{
+		Token:           encodedToken,
+		Name:            name,
+		Role:            role,
+		UserID:          userID,
+		ExpiresAt:       expiresAt,
+		LastUsed:        0,
+		Revoked:         false,
+		UpdatedByUserID: "",
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: now,
+			UpdatedAt: now,
+		},
+		Identifiable: types.Identifiable{
+			ID: valuer.GenerateUUID(),
+		},
+	}
+}

frontend/.gitignore

@@ -2,30 +2,3 @@
 # Sentry Config File
 .env.sentry-build-plugin
 .qodo
-
-# Playwright
-node_modules/
-/test-results/
-/playwright-report/
-/blob-report/
-/playwright/.cache/
-/playwright/test-results/
-/playwright/blob-report/
-/playwright/playwright-report/
-
-e2e/test-plan/alerts/
-e2e/test-plan/dashboards/
-e2e/test-plan/exceptions/
-e2e/test-plan/external-apis/
-e2e/test-plan/help-support/
-e2e/test-plan/infrastructure/
-e2e/test-plan/logs/
-e2e/test-plan/messaging-queues/
-e2e/test-plan/metrics/
-e2e/test-plan/navigation/
-e2e/test-plan/onboarding/
-e2e/test-plan/saved-views/
-e2e/test-plan/service-map/
-e2e/test-plan/services/
-e2e/test-plan/traces/
-e2e/test-plan/user-preferences/

frontend/e2e/test-plan/README.md

@@ -1,29 +0,0 @@
-# SigNoz E2E Test Plan
-
-This directory contains the structured test plan for the SigNoz application. Each subfolder corresponds to a main module or feature area, and contains scenario files for all user journeys, edge cases, and cross-module flows. These documents serve as the basis for generating Playwright MCP-driven E2E tests.
-
-## Structure
-
-- Each main module (e.g., logs, traces, dashboards, alerts, settings, etc.) has its own folder or markdown file.
-- Each file contains detailed scenario templates, including preconditions, step-by-step actions, and expected outcomes.
-- Use these documents to write, review, and update test cases as the application evolves.
-
-## Folders & Files
-
-- `logs/` — Logs module scenarios
-- `traces/` — Traces module scenarios
-- `metrics/` — Metrics module scenarios
-- `dashboards/` — Dashboards module scenarios
-- `alerts/` — Alerts module scenarios
-- `services/` — Services module scenarios
-- `settings/` — Settings and all sub-settings scenarios
-- `onboarding/` — Onboarding and signup flows
-- `navigation/` — Navigation, sidebar, and cross-module flows
-- `exceptions/` — Exception and error handling scenarios
-- `external-apis/` — External API monitoring scenarios
-- `messaging-queues/` — Messaging queue scenarios
-- `infrastructure/` — Infrastructure monitoring scenarios
-- `help-support/` — Help & support scenarios
-- `user-preferences/` — User preferences and personalization scenarios
-- `service-map/` — Service map scenarios
-- `saved-views/` — Saved views scenarios

frontend/e2e/test-plan/settings/README.md

@@ -1,16 +0,0 @@
-# Settings Module Test Plan
-
-This folder contains E2E test scenarios for the Settings module and all sub-settings.
-
-## Scenario Categories
-
-- General settings (org/workspace, branding, version info)
-- Billing settings
-- Members & SSO
-- Custom domain
-- Integrations
-- Notification channels
-- API keys
-- Ingestion
-- Account settings (profile, password, preferences)
-- Keyboard shortcuts

frontend/e2e/test-plan/settings/account-settings.md

@@ -1,43 +0,0 @@
-# Account Settings E2E Scenarios (Updated)
-
-## 1. Update Name
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Click 'Update name' button
-  2. Edit name field in the modal/dialog
-  3. Save changes
-- **Expected:** Name is updated in the UI
-
-## 2. Update Email
-
-- **Note:** The email field is not editable in the current UI.
-
-## 3. Reset Password
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Click 'Reset password' button
-  2. Complete reset flow (modal/dialog or external flow)
-- **Expected:** Password is reset
-
-## 4. Toggle 'Adapt to my timezone'
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Toggle 'Adapt to my timezone' switch
-- **Expected:** Timezone adapts accordingly (UI feedback/confirmation should be checked)
-
-## 5. Toggle Theme (Dark/Light)
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Toggle theme radio buttons ('Dark', 'Light Beta')
-- **Expected:** Theme changes
-
-## 6. Toggle Sidebar Always Open
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Toggle 'Keep the primary sidebar always open' switch
-- **Expected:** Sidebar remains open/closed as per toggle

frontend/e2e/test-plan/settings/api-keys.md

@@ -1,26 +0,0 @@
-# API Keys E2E Scenarios (Updated)
-
-## 1. Create a New API Key
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'New Key' button
-  2. Enter details in the modal/dialog
-  3. Click 'Save'
-- **Expected:** API key is created and listed in the table
-
-## 2. Revoke an API Key
-
-- **Precondition:** API key exists
-- **Steps:**
-  1. In the table, locate the API key row
-  2. Click the revoke/delete button (icon button in the Action column)
-  3. Confirm if prompted
-- **Expected:** API key is revoked/removed from the table
-
-## 3. View API Key Usage
-
-- **Precondition:** API key exists
-- **Steps:**
-  1. View the 'Last used' and 'Expired' columns in the table
-- **Expected:** Usage data is displayed for each API key

frontend/e2e/test-plan/settings/billing.md

@@ -1,17 +0,0 @@
-# Billing Settings E2E Scenarios (Updated)
-
-## 1. View Billing Information
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Navigate to Billing Settings
-  2. Wait for the billing chart/data to finish loading
-- **Expected:**
-  - Billing heading and subheading are displayed
-  - Usage/cost table is visible with columns: Unit, Data Ingested, Price per Unit, Cost (Billing period to date)
-  - "Download CSV" and "Manage Billing" buttons are present and enabled after loading
-  - Test clicking "Download CSV" and "Manage Billing" for expected behavior (e.g., file download, navigation, or modal)
-
-> Note: If these features are expected to trigger specific flows, document the observed behavior for each button.
-
-

frontend/e2e/test-plan/settings/custom-domain.md

@@ -1,18 +0,0 @@
-# Custom Domain E2E Scenarios (Updated)
-
-## 1. Add or Update Custom Domain
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'Customize team’s URL' button
-  2. In the 'Customize your team’s URL' dialog, enter the preferred subdomain
-  3. Click 'Apply Changes'
-- **Expected:** Domain is set/updated for the team (UI feedback/confirmation should be checked)
-
-## 2. Verify Domain Ownership
-
-- **Note:** No explicit 'Verify' button or flow is present in the current UI. If verification is required, it may be handled automatically or via support.
-
-## 3. Remove a Custom Domain
-
-- **Note:** No explicit 'Remove' button or flow is present in the current UI. The only available action is to update the subdomain.

frontend/e2e/test-plan/settings/general.md

@@ -1,31 +0,0 @@
-# General Settings E2E Scenarios
-
-## 1. View General Settings
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Navigate to General Settings
-- **Expected:** General settings are displayed
-
-## 2. Update Organization/Workspace Name
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Edit organization/workspace name
-  2. Save changes
-- **Expected:** Name is updated and visible
-
-## 3. Update Logo or Branding
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Upload new logo/branding
-  2. Save changes
-- **Expected:** Branding is updated
-
-## 4. View Version/Build Info
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. View version/build info section
-- **Expected:** Version/build info is displayed

frontend/e2e/test-plan/settings/ingestion.md

@@ -1,102 +0,0 @@
-# Ingestion E2E Scenarios
-
-## 1. View Ingestion Settings Page
-
-- **Precondition:** User is logged in and has admin/editor role
-- **Steps:**
-  1. Navigate to Settings page
-  2. Click on "Ingestion" tab in the settings sidebar
-- **Expected:** 
-  - Page displays "Ingestion Keys" heading
-  - Shows subtitle "Create and manage ingestion keys for the SigNoz Cloud"
-  - Displays ingestion URL and region information (if available)
-  - Shows search box for ingestion keys
-  - Shows "New Ingestion key" button
-
-## 2. Search Ingestion Keys
-
-- **Precondition:** User is on the Ingestion Settings page
-- **Steps:**
-  1. Enter text in the search box
-  2. Wait for search results to update
-- **Expected:** Table filters to show only matching ingestion keys
-
-## 3. Create New Ingestion Key
-
-- **Precondition:** User is on the Ingestion Settings page
-- **Steps:**
-  1. Click "New Ingestion key" button
-  2. Fill in the name field (minimum 6 characters, alphanumeric with underscores/hyphens)
-  3. Set expiration date
-  4. Add optional tags
-  5. Click "Create new Ingestion key" button
-- **Expected:** 
-  - New ingestion key is created
-  - Success notification is shown
-  - New key appears in the table
-
-## 4. Edit Ingestion Key
-
-- **Precondition:** User is on the Ingestion Settings page with existing ingestion keys
-- **Steps:**
-  1. Click the edit (pen) icon for an existing ingestion key
-  2. Modify tags or expiration date
-  3. Click "Update Ingestion Key" button
-- **Expected:** 
-  - Ingestion key is updated
-  - Success notification is shown
-  - Changes are reflected in the table
-
-## 5. Delete Ingestion Key
-
-- **Precondition:** User is on the Ingestion Settings page with existing ingestion keys
-- **Steps:**
-  1. Click the delete (trash) icon for an existing ingestion key
-  2. Confirm deletion in the modal
-  3. Click "Delete Ingestion Key" button
-- **Expected:** 
-  - Ingestion key is deleted
-  - Success notification is shown
-  - Key is removed from the table
-
-## 6. Copy Ingestion Key Value
-
-- **Precondition:** User is on the Ingestion Settings page with existing ingestion keys
-- **Steps:**
-  1. Click the copy icon next to an ingestion key value
-- **Expected:** 
-  - Key value is copied to clipboard
-  - Success notification is shown
-
-## 7. Copy Ingestion URL and Region
-
-- **Precondition:** User is on the Ingestion Settings page with deployment data available
-- **Steps:**
-  1. Click on the ingestion URL to copy it
-  2. Click on the region name to copy it
-- **Expected:** 
-  - Respective values are copied to clipboard
-  - Success notification is shown
-
-## 8. Manage Ingestion Key Limits - Pending
-
-- **Precondition:** User is on the Ingestion Settings page with existing ingestion keys
-- **Steps:**
-  1. Expand an ingestion key to view its details
-  2. For each signal (logs, traces, metrics):
-     - Click "Limits" button to add limits
-     - Or click edit/delete icons to modify existing limits
-     - Configure daily and per-second limits
-     - Save or cancel changes
-- **Expected:** 
-  - Limits are properly configured for each signal
-  - Success notifications are shown for successful operations
-
-## 9. Pagination
-
-- **Precondition:** User is on the Ingestion Settings page with multiple ingestion keys
-- **Steps:**
-  1. Navigate through pagination controls
-- **Expected:** 
-  - Different pages of ingestion keys are displayed
-  - Pagination information shows correct totals

frontend/e2e/test-plan/settings/integrations.md

@@ -1,51 +0,0 @@
-# Integrations E2E Scenarios (Updated)
-
-## 1. View List of Available Integrations
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Navigate to Integrations
-- **Expected:** List of integrations is displayed, each with a name, description, and 'Configure' button
-
-## 2. Search Integrations by Name/Type
-
-- **Precondition:** Integrations exist
-- **Steps:**
-  1. Enter search/filter criteria in the 'Search for an integration...' box
-- **Expected:** Only matching integrations are shown
-
-## 3. Connect a New Integration
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'Configure' for an integration
-  2. Complete the configuration flow (modal or page, as available)
-- **Expected:** Integration is connected/configured (UI feedback/confirmation should be checked)
-
-## 4. Disconnect an Integration
-
-- **Note:** No visible 'Disconnect' button in the main list. This may be available in the configuration flow for a connected integration.
-
-## 5. Configure Integration Settings
-
-- **Note:** Configuration is handled in the flow after clicking 'Configure' for an integration.
-
-## 6. Test Integration Connection
-
-- **Note:** No visible 'Test Connection' button in the main list. This may be available in the configuration flow.
-
-## 7. View Integration Status/Logs
-
-- **Note:** No visible status/logs section in the main list. This may be available in the configuration flow.
-
-## 8. Filter Integrations by Category
-
-- **Note:** No explicit category filter in the current UI, only a search box.
-
-## 9. View Integration Documentation/Help
-
-- **Note:** No visible 'Help/Docs' button in the main list. This may be available in the configuration flow.
-
-## 10. Update Integration Configuration
-
-- **Note:** Configuration is handled in the flow after clicking 'Configure' for an integration.

frontend/e2e/test-plan/settings/keyboard-shortcuts.md

@@ -1,19 +0,0 @@
-# Keyboard Shortcuts E2E Scenarios (Updated)
-
-## 1. View Keyboard Shortcuts
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Navigate to Keyboard Shortcuts
-- **Expected:** Shortcuts are displayed in categorized tables (Global, Logs Explorer, Query Builder, Dashboard)
-
-## 2. Customize Keyboard Shortcuts (if supported)
-
-- **Note:** Customization is not available in the current UI. Shortcuts are view-only.
-
-## 3. Use Keyboard Shortcuts for Navigation/Actions
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Use shortcut for navigation/action (e.g., shift+s for Services, cmd+enter for running query)
-- **Expected:** Navigation/action is performed as per shortcut

frontend/e2e/test-plan/settings/members-sso.md

@@ -1,49 +0,0 @@
-# Members & SSO E2E Scenarios (Updated)
-
-## 1. Invite a New Member
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'Invite Members' button
-  2. In the 'Invite team members' dialog, enter email address, name (optional), and select role
-  3. (Optional) Click 'Add another team member' to invite more
-  4. Click 'Invite team members' to send invite(s)
-- **Expected:** Pending invite appears in the 'Pending Invites' table
-
-## 2. Remove a Member
-
-- **Precondition:** User is admin, member exists
-- **Steps:**
-  1. In the 'Members' table, locate the member row
-  2. Click 'Delete' in the Action column
-  3. Confirm removal if prompted
-- **Expected:** Member is removed from the table
-
-## 3. Update Member Roles
-
-- **Precondition:** User is admin, member exists
-- **Steps:**
-  1. In the 'Members' table, locate the member row
-  2. Click 'Edit' in the Action column
-  3. Change role in the edit dialog/modal
-  4. Save changes
-- **Expected:** Member role is updated in the table
-
-## 4. Configure SSO
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. In the 'Authenticated Domains' section, locate the domain row
-  2. Click 'Configure SSO' or 'Edit Google Auth' as available
-  3. Complete SSO provider configuration in the modal/dialog
-  4. Save settings
-- **Expected:** SSO is configured for the domain
-
-## 5. Login via SSO
-
-- **Precondition:** SSO is configured
-- **Steps:**
-  1. Log out from the app
-  2. On the login page, click 'Login with SSO'
-  3. Complete SSO login flow
-- **Expected:** User is logged in via SSO

frontend/e2e/test-plan/settings/notification-channels.md

@@ -1,39 +0,0 @@
-# Notification Channels E2E Scenarios (Updated)
-
-## 1. Add a New Notification Channel
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'New Alert Channel' button
-  2. In the 'New Notification Channel' form, fill in required fields (Name, Type, Webhook URL, etc.)
-  3. (Optional) Toggle 'Send resolved alerts'
-  4. (Optional) Click 'Test' to send a test notification
-  5. Click 'Save' to add the channel
-- **Expected:** Channel is added and listed in the table
-
-## 2. Test Notification Channel
-
-- **Precondition:** Channel is being created or edited
-- **Steps:**
-  1. In the 'New Notification Channel' or 'Edit Notification Channel' form, click 'Test'
-- **Expected:** Test notification is sent (UI feedback/confirmation should be checked)
-
-## 3. Remove a Notification Channel
-
-- **Precondition:** Channel is added
-- **Steps:**
-  1. In the table, locate the channel row
-  2. Click 'Delete' in the Action column
-  3. Confirm removal if prompted
-- **Expected:** Channel is removed from the table
-
-## 4. Update Notification Channel Settings
-
-- **Precondition:** Channel is added
-- **Steps:**
-  1. In the table, locate the channel row
-  2. Click 'Edit' in the Action column
-  3. In the 'Edit Notification Channel' form, update fields as needed
-  4. (Optional) Click 'Test' to send a test notification
-  5. Click 'Save' to update the channel
-- **Expected:** Settings are updated

frontend/e2e/test-plan/validation-report.md

@@ -1,199 +0,0 @@
-# SigNoz Test Plan Validation Report
-
-This report documents the validation of the E2E test plan against the current live application using Playwright MCP. Each module is reviewed for coverage, gaps, and required updates.
-
----
-
-## Home Module
-
-- **Coverage:**
-  - Widgets for logs, traces, metrics, dashboards, alerts, services, saved views, onboarding checklist
-  - Quick access buttons: Explore Logs, Create dashboard, Create an alert
-- **Gaps/Updates:**
-  - Add scenarios for checklist interactions (e.g., “I’ll do this later”, progress tracking)
-  - Add scenarios for Saved Views and cross-module links
-  - Add scenario for onboarding checklist completion
-
----
-
-## Logs Module
-
-- **Coverage:**
-  - Explorer, Pipelines, Views tabs
-  - Filtering by service, environment, severity, host, k8s, etc.
-  - Search, save view, create alert, add to dashboard, export, view mode switching
-- **Gaps/Updates:**
-  - Add scenario for quick filter customization
-  - Add scenario for “Old Explorer” button
-  - Add scenario for frequency chart toggle
-  - Add scenario for “Stage & Run Query” workflow
-
----
-
-## Traces Module
-
-- **Coverage:**
-  - Tabs: Explorer, Funnels, Views
-  - Filtering by name, error status, duration, environment, function, service, RPC, status code, HTTP, trace ID, etc.
-  - Search, save view, create alert, add to dashboard, export, view mode switching (List, Traces, Time Series, Table)
-  - Pagination, quick filter customization, group by, aggregation
-- **Gaps/Updates:**
-  - Add scenario for quick filter customization
-  - Add scenario for “Stage & Run Query” workflow
-  - Add scenario for all view modes (List, Traces, Time Series, Table)
-  - Add scenario for group by/aggregation
-  - Add scenario for trace detail navigation (clicking on trace row)
-  - Add scenario for Funnels tab (create/edit/delete funnel)
-  - Add scenario for Views tab (manage saved views)
-
----
-
-## Metrics Module
-
-- **Coverage:**
-  - Tabs: Summary, Explorer, Views
-  - Filtering by metric, type, unit, etc.
-  - Search, save view, add to dashboard, export, view mode switching (chart, table, proportion view)
-  - Pagination, group by, aggregation, custom queries
-- **Gaps/Updates:**
-  - Add scenario for Proportion View in Summary
-  - Add scenario for all view modes (chart, table, proportion)
-  - Add scenario for group by/aggregation
-  - Add scenario for custom queries in Explorer
-  - Add scenario for Views tab (manage saved views)
-
----
-
-## Dashboards Module
-
-- **Coverage:**
-  - List, search, and filter dashboards
-  - Create new dashboard (button and template link)
-  - Edit, delete, and view dashboard details
-  - Add/edit/delete widgets (implied by dashboard detail)
-  - Pagination through dashboards
-- **Gaps/Updates:**
-  - Add scenario for browsing dashboard templates (external link)
-  - Add scenario for requesting new template
-  - Add scenario for dashboard owner and creation info
-  - Add scenario for dashboard tags and filtering by tags
-  - Add scenario for dashboard sharing (if available)
-  - Add scenario for dashboard image/preview
-
----
-
-## Messaging Queues Module
-
-- **Coverage:**
-  - Overview tab: queue metrics, filters (Service Name, Span Name, Msg System, Destination, Kind)
-  - Search across all columns
-  - Pagination of queue data
-  - Sync and Share buttons
-  - Tabs for Kafka and Celery
-- **Gaps/Updates:**
-  - Add scenario for Kafka tab (detailed metrics, actions)
-  - Add scenario for Celery tab (detailed metrics, actions)
-  - Add scenario for filter combinations and edge cases
-  - Add scenario for sharing queue data
-  - Add scenario for time range selection
-
----
-
-## External APIs Module
-
-- **Coverage:**
-  - Accessed via side navigation under MORE
-  - Explorer tab: domain, endpoints, last used, rate, error %, avg. latency
-  - Filters: Deployment Environment, Service Name, Rpc Method, Show IP addresses
-  - Table pagination
-  - Share and Stage & Run Query buttons
-- **Gaps/Updates:**
-  - Add scenario for customizing quick filters
-  - Add scenario for running and staging queries
-  - Add scenario for sharing API data
-  - Add scenario for edge cases in filters and table data
-
----
-
-## Alerts Module
-
-- **Coverage:**
-  - Alert Rules tab: list, search, create (New Alert), edit, delete, enable/disable, severity, labels, actions
-  - Triggered Alerts tab (visible in tablist)
-  - Configuration tab (visible in tablist)
-  - Table pagination
-- **Gaps/Updates:**
-  - Add scenario for triggered alerts (view, acknowledge, resolve)
-  - Add scenario for alert configuration (settings, integrations)
-  - Add scenario for edge cases in alert creation and management
-  - Add scenario for searching and filtering alerts
-
----
-
-## Integrations Module
-
-- **Coverage:**
-  - Integrations tab: list, search, configure (e.g., AWS), request new integration
-  - One-click setup for AWS monitoring
-  - Request more integrations (form)
-- **Gaps/Updates:**
-  - Add scenario for configuring integrations (step-by-step)
-  - Add scenario for searching and filtering integrations
-  - Add scenario for requesting new integrations
-  - Add scenario for edge cases (e.g., failed configuration)
-
----
-
-## Exceptions Module
-
-- **Coverage:**
-  - All Exceptions: list, search, filter (Deployment Environment, Service Name, Host Name, K8s Cluster/Deployment/Namespace, Net Peer Name)
-  - Table: Exception Type, Error Message, Count, Last Seen, First Seen, Application
-  - Pagination
-  - Exception detail links
-  - Share and Stage & Run Query buttons
-- **Gaps/Updates:**
-  - Add scenario for exception detail view
-  - Add scenario for advanced filtering and edge cases
-  - Add scenario for sharing and running queries
-  - Add scenario for error grouping and navigation
-
----
-
-## Service Map Module
-
-- **Coverage:**
-  - Service Map visualization (main graph)
-  - Filters: environment, resource attributes
-  - Time range selection
-  - Sync and Share buttons
-- **Gaps/Updates:**
-  - Add scenario for interacting with the map (zoom, pan, select service)
-  - Add scenario for filtering and edge cases
-  - Add scenario for sharing the map
-  - Add scenario for time range and environment combinations
-
----
-
-## Billing Module
-
-- **Coverage:**
-  - Billing overview: cost monitoring, invoices, CSV download (disabled), manage billing (disabled)
-  - Teams Cloud section
-  - Billing table: Unit, Data Ingested, Price per Unit, Cost (Billing period to date)
-- **Gaps/Updates:**
-  - Add scenario for invoice download and management (when enabled)
-  - Add scenario for cost monitoring and edge cases
-  - Add scenario for billing table data validation
-  - Add scenario for permissions and access control
-
----
-
-## Usage Explorer Module
-
-- **Status:**
-  - Not accessible in the current environment. Removing from test plan flows.
-
----
-
-## [Next modules will be filled as validation proceeds]

frontend/e2e/tests/settings/account-settings/account-settings-settings.spec.ts

@@ -1,42 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Account Settings - View and Assert Static Controls', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Assert General section and controls (confirmed by DOM)
-	await expect(
-		page.getByLabel('My Settings').getByText('General'),
-	).toBeVisible();
-	await expect(page.getByText('Manage your account settings.')).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Update name' })).toBeVisible();
-	await expect(
-		page.getByRole('button', { name: 'Reset password' }),
-	).toBeVisible();
-
-	// Assert User Preferences section and controls (confirmed by DOM)
-	await expect(page.getByText('User Preferences')).toBeVisible();
-	await expect(
-		page.getByText('Tailor the SigNoz console to work according to your needs.'),
-	).toBeVisible();
-	await expect(page.getByText('Select your theme')).toBeVisible();
-
-	const themeSelector = page.getByTestId('theme-selector');
-
-	await expect(themeSelector.getByText('Dark')).toBeVisible();
-	await expect(themeSelector.getByText('Light')).toBeVisible();
-	await expect(themeSelector.getByText('System')).toBeVisible();
-
-	await expect(page.getByTestId('timezone-adaptation-switch')).toBeVisible();
-	await expect(page.getByTestId('side-nav-pinned-switch')).toBeVisible();
-});

frontend/e2e/tests/settings/api-keys/api-keys-settings.spec.ts

@@ -1,42 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('API Keys Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click API Keys tab in the settings sidebar (by data-testid)
-	await page.getByTestId('api-keys').click();
-
-	// Assert heading and subheading
-	await expect(page.getByRole('heading', { name: 'API Keys' })).toBeVisible();
-	await expect(
-		page.getByText('Create and manage API keys for the SigNoz API'),
-	).toBeVisible();
-
-	// Assert presence of New Key button
-	const newKeyBtn = page.getByRole('button', { name: 'New Key' });
-	await expect(newKeyBtn).toBeVisible();
-
-	// Assert table columns
-	await expect(page.getByText('Last used').first()).toBeVisible();
-	await expect(page.getByText('Expired').first()).toBeVisible();
-
-	// Assert at least one API key row with action buttons
-	// Select the first action cell's first button (icon button)
-	const firstActionCell = page.locator('table tr').nth(1).locator('td').last();
-	const deleteBtn = firstActionCell.locator('button').first();
-	await expect(deleteBtn).toBeVisible();
-});

frontend/e2e/tests/settings/billing/billing-settings.spec.ts

@@ -1,71 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-// E2E: Billing Settings - View Billing Information and Button Actions
-
-test('View Billing Information and Button Actions', async ({
-	page,
-	context,
-}) => {
-	// Ensure user is logged in
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Billing tab in the settings sidebar (by data-testid)
-	await page.getByTestId('billing').click();
-
-	// Wait for billing chart/data to finish loading
-	await page.getByText('loading').first().waitFor({ state: 'hidden' });
-
-	// Assert visibility of subheading (unique)
-	await expect(
-		page.getByText(
-			'Manage your billing information, invoices, and monitor costs.',
-		),
-	).toBeVisible();
-	// Assert visibility of Teams Cloud heading
-	await expect(page.getByRole('heading', { name: 'Teams Cloud' })).toBeVisible();
-
-	// Assert presence of summary and detailed tables
-	await expect(page.getByText('TOTAL SPENT')).toBeVisible();
-	await expect(page.getByText('Data Ingested')).toBeVisible();
-	await expect(page.getByText('Price per Unit')).toBeVisible();
-	await expect(page.getByText('Cost (Billing period to date)')).toBeVisible();
-
-	// Assert presence of alert and note
-	await expect(
-		page.getByText('Your current billing period is from', { exact: false }),
-	).toBeVisible();
-	await expect(
-		page.getByText('Billing metrics are updated once every 24 hours.'),
-	).toBeVisible();
-
-	// Test Download CSV button
-	const [download] = await Promise.all([
-		page.waitForEvent('download'),
-		page.getByRole('button', { name: 'cloud-download Download CSV' }).click(),
-	]);
-	// Optionally, check download file name
-	expect(download.suggestedFilename()).toContain('billing_usage');
-
-	// Test Manage Billing button (opens Stripe in new tab)
-	const [newPage] = await Promise.all([
-		context.waitForEvent('page'),
-		page.getByTestId('header-billing-button').click(),
-	]);
-	await newPage.waitForLoadState();
-	expect(newPage.url()).toContain('stripe.com');
-	await newPage.close();
-});

frontend/e2e/tests/settings/custom-domain/custom-domain-settings.spec.ts

@@ -1,52 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Custom Domain Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Custom Domain tab in the settings sidebar (by data-testid)
-	await page.getByTestId('custom-domain').click();
-
-	// Wait for custom domain chart/data to finish loading
-	await page.getByText('loading').first().waitFor({ state: 'hidden' });
-
-	// Assert heading and subheading
-	await expect(
-		page.getByRole('heading', { name: 'Custom Domain Settings' }),
-	).toBeVisible();
-	await expect(
-		page.getByText('Personalize your workspace domain effortlessly.'),
-	).toBeVisible();
-
-	// Assert presence of Customize team’s URL button
-	const customizeBtn = page.getByRole('button', {
-		name: 'Customize team’s URL',
-	});
-	await expect(customizeBtn).toBeVisible();
-	await customizeBtn.click();
-
-	// Assert modal/dialog fields and buttons
-	await expect(
-		page.getByRole('dialog', { name: 'Customize your team’s URL' }),
-	).toBeVisible();
-	await expect(page.getByLabel('Team’s URL subdomain')).toBeVisible();
-	await expect(
-		page.getByRole('button', { name: 'Apply Changes' }),
-	).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Close' })).toBeVisible();
-	// Close the modal
-	await page.getByRole('button', { name: 'Close' }).click();
-});

frontend/e2e/tests/settings/general/general-settings.spec.ts

@@ -1,32 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('View General Settings', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click General tab in the settings sidebar (by data-testid)
-	await page.getByTestId('general').click();
-
-	// Wait for General tab to be visible
-	await page.getByRole('tabpanel', { name: 'General' }).waitFor();
-
-	// Assert visibility of definitive/static elements
-	await expect(page.getByRole('heading', { name: 'Metrics' })).toBeVisible();
-	await expect(page.getByRole('heading', { name: 'Traces' })).toBeVisible();
-	await expect(page.getByRole('heading', { name: 'Logs' })).toBeVisible();
-	await expect(page.getByText('Please')).toBeVisible();
-	await expect(page.getByRole('link', { name: 'email us' })).toBeVisible();
-});

frontend/e2e/tests/settings/ingestion/ingestion-settings.spec.ts

@@ -1,326 +0,0 @@
-/* eslint-disable sonarjs/no-duplicate-string */
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test.describe('Ingestion Settings', () => {
-	test.beforeEach(async ({ page }) => {
-		await ensureLoggedIn(page);
-	});
-
-	test('View Ingestion Settings Page', async ({ page }) => {
-		// 1. Open the sidebar settings menu using data-testid
-		await page.getByTestId('settings-nav-item').click();
-
-		// 2. Click Account Settings in the dropdown
-		await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-		// Assert the main tabpanel/heading
-		await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-		// Focus on the settings page sidenav
-		await page.getByTestId('settings-page-sidenav').focus();
-
-		// Click Ingestion tab in the settings sidebar
-		await page.getByTestId('ingestion').click();
-
-		// Assert heading and subheading
-		await expect(
-			page.getByRole('heading', { name: 'Ingestion Keys' }),
-		).toBeVisible();
-		await expect(
-			page.getByText('Create and manage ingestion keys for the SigNoz Cloud'),
-		).toBeVisible();
-
-		// Assert presence of search box
-		await expect(
-			page.getByPlaceholder('Search for ingestion key...'),
-		).toBeVisible();
-
-		// Assert presence of New Ingestion key button
-		const newBtn = page.getByRole('button', { name: 'New Ingestion key' });
-		await expect(newBtn).toBeVisible();
-
-		// Assert Learn more link
-		await expect(page.getByRole('link', { name: /Learn more/ })).toBeVisible();
-	});
-
-	test('Search Ingestion Keys', async ({ page }) => {
-		// Navigate to ingestion settings
-		await page.getByTestId('settings-nav-item').click();
-		await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-		await page.getByTestId('settings-page-sidenav').focus();
-		await page.getByTestId('ingestion').click();
-
-		// Get the search input
-		const searchInput = page.getByPlaceholder('Search for ingestion key...');
-		await expect(searchInput).toBeVisible();
-
-		// Enter search text
-		await searchInput.fill('test-key');
-
-		// Wait for search to complete (debounced)
-		await page.waitForTimeout(600);
-	});
-
-	test('Create New Ingestion Key', async ({ page }) => {
-		// Navigate to ingestion settings
-		await page.getByTestId('settings-nav-item').click();
-		await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-		await page.getByTestId('settings-page-sidenav').focus();
-		await page.getByTestId('ingestion').click();
-
-		// Click New Ingestion key button
-		await page.getByRole('button', { name: 'New Ingestion key' }).click();
-
-		// Assert modal is visible
-		await expect(
-			page.getByRole('dialog', { name: 'Create new ingestion key' }),
-		).toBeVisible();
-
-		// Fill in the form
-		await page
-			.getByPlaceholder('Enter Ingestion Key name')
-			.fill('test-ingestion-key');
-
-		// Set expiration date (future date)
-		await page.locator('.ant-picker-input').click();
-
-		// enter tomorrow date in yyyy-mm-dd format
-		const tomorrow = new Date();
-		tomorrow.setDate(tomorrow.getDate() + 1);
-		const formattedDate = tomorrow.toISOString().split('T')[0];
-
-		await page
-			.getByRole('textbox', { name: '* Expiration' })
-			.fill(formattedDate, {
-				force: true,
-			});
-
-		// press enter
-		await page.keyboard.press('Enter');
-
-		// Click Create button
-		await page.getByRole('button', { name: 'Create new Ingestion key' }).click();
-
-		// Assert success (modal should close and new key should appear)
-		await expect(
-			page.getByRole('dialog', { name: 'Create new ingestion key' }),
-		).not.toBeVisible();
-	});
-
-	test('Edit Ingestion Key', async ({ page }) => {
-		// Navigate to ingestion settings
-		await page.getByTestId('settings-nav-item').click();
-		await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-		await page.getByTestId('settings-page-sidenav').focus();
-		await page.getByTestId('ingestion').click();
-
-		// Wait for ingestion keys to load
-		await page.waitForSelector('.ingestion-key-container', { timeout: 10000 });
-
-		// if there are no ingestion keys, create a new one
-		if (await page.locator('.ant-empty-description').isVisible()) {
-			// Click New Ingestion key button
-			await page.getByRole('button', { name: 'New Ingestion key' }).click();
-
-			// Assert modal is visible
-			await expect(
-				page.getByRole('dialog', { name: 'Create new ingestion key' }),
-			).toBeVisible();
-
-			// Fill in the form
-			await page
-				.getByPlaceholder('Enter Ingestion Key name')
-				.fill('test-ingestion-key');
-
-			// Set expiration date (future date)
-			await page.locator('.ant-picker-input').click();
-
-			// enter tomorrow date in yyyy-mm-dd format
-			const tomorrow = new Date();
-			tomorrow.setDate(tomorrow.getDate() + 1);
-			const formattedDate = tomorrow.toISOString().split('T')[0];
-
-			await page
-				.getByRole('textbox', { name: '* Expiration' })
-				.fill(formattedDate, {
-					force: true,
-				});
-
-			// press enter
-			await page.keyboard.press('Enter');
-
-			// Click Create button
-			await page.getByRole('button', { name: 'Create new Ingestion key' }).click();
-
-			// Assert success (modal should close and new key should appear)
-			await expect(
-				page.getByRole('dialog', { name: 'Create new ingestion key' }),
-			).not.toBeVisible();
-		}
-
-		// Click edit button for the first ingestion key
-		const editButton = page.locator('.action-btn button').first();
-		await editButton.click();
-
-		// Assert edit modal is visible
-		await expect(
-			page.getByRole('dialog', { name: 'Edit Ingestion Key' }),
-		).toBeVisible();
-
-		// Add a new tag
-		await page.getByRole('button', { name: 'plus New Tag' }).click();
-		await page.getByRole('textbox').nth(2).fill('test');
-		await page.getByRole('textbox').nth(2).press('Enter');
-
-		// Update expiration date
-
-		// Set expiration date (future date)
-		await page.locator('.ant-picker-input').click();
-
-		// enter tomorrow date in yyyy-mm-dd format
-		const tomorrow = new Date();
-		tomorrow.setDate(tomorrow.getDate() + 1);
-		const formattedDate = tomorrow.toISOString().split('T')[0];
-
-		await page
-			.getByRole('textbox', { name: '* Expiration' })
-			.fill(formattedDate, {
-				force: true,
-			});
-
-		// press enter
-		await page.keyboard.press('Enter');
-
-		// Click Update button
-		await page.getByRole('button', { name: 'Update Ingestion Key' }).click();
-
-		// Assert modal closes
-		await expect(
-			page.getByRole('dialog', { name: 'Edit Ingestion Key' }),
-		).not.toBeVisible();
-	});
-
-	test('Copy Ingestion URL and Region', async ({ page }) => {
-		// Navigate to ingestion settings
-		await page.getByTestId('settings-nav-item').click();
-		await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-		await page.getByTestId('settings-page-sidenav').focus();
-		await page.getByTestId('ingestion').click();
-
-		// Wait for ingestion setup details to load
-		await page.waitForSelector('.ingestion-setup-details-links', {
-			timeout: 10000,
-		});
-
-		// Click copy button for ingestion URL
-		const urlCopyButton = page.locator('.ingestion-key-url-value');
-		await urlCopyButton.click();
-
-		// Assert copy success
-		await expect(page.getByText('Copied to clipboard')).toBeVisible();
-
-		// wait for 1 second
-		await page.waitForTimeout(5000);
-
-		// Click copy button for region
-		const regionCopyButton = page.locator('.ingestion-data-region-value');
-		await regionCopyButton.click();
-
-		// Assert copy success
-		await expect(page.getByText('Copied to clipboard')).toBeVisible();
-	});
-
-	test('Pagination', async ({ page }) => {
-		// Navigate to ingestion settings
-		await page.getByTestId('settings-nav-item').click();
-		await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-		await page.getByTestId('settings-page-sidenav').focus();
-		await page.getByTestId('ingestion').click();
-
-		// Wait for ingestion keys to load
-		await page.waitForSelector('.ingestion-key-container', { timeout: 10000 });
-
-		// Check if pagination is present
-		const pagination = page.locator('.ant-pagination');
-		if (await pagination.isVisible()) {
-			// Click next page
-			await page.getByRole('button', { name: 'Next' }).click();
-
-			// Assert page changed
-			await expect(page.getByText('2-')).toBeVisible();
-
-			// Click previous page
-			await page.getByRole('button', { name: 'Previous' }).click();
-
-			// Assert back to first page
-			await expect(page.getByText('1-')).toBeVisible();
-		}
-	});
-
-	test('Form Validation for Create Ingestion Key', async ({ page }) => {
-		// Navigate to ingestion settings
-		await page.getByTestId('settings-nav-item').click();
-		await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-		await page.getByTestId('settings-page-sidenav').focus();
-		await page.getByTestId('ingestion').click();
-
-		// Click New Ingestion key button
-		await page.getByRole('button', { name: 'New Ingestion key' }).click();
-
-		// Try to submit without filling required fields
-		await page.getByRole('button', { name: 'Create new Ingestion key' }).click();
-
-		// Assert validation errors
-		await expect(page.getByText('Please enter Name')).toBeVisible();
-		await expect(page.getByText('Please enter Expiration')).toBeVisible();
-
-		// Test invalid name (too short)
-		await page.getByPlaceholder('Enter Ingestion Key name').fill('abc');
-		await page.getByPlaceholder('Enter Ingestion Key name').blur();
-		await expect(
-			page.getByText('Name must be at least 6 characters'),
-		).toBeVisible();
-
-		// Test invalid name (special characters)
-		await page.getByPlaceholder('Enter Ingestion Key name').fill('test@key');
-		await page.getByPlaceholder('Enter Ingestion Key name').blur();
-		await expect(
-			page.getByText(
-				'Ingestion key name should only contain letters, numbers, underscores, and hyphens',
-			),
-		).toBeVisible();
-
-		// Close modal
-		await page.getByRole('button', { name: 'Cancel' }).click();
-	});
-
-	test('Delete Ingestion Key', async ({ page }) => {
-		// Navigate to ingestion settings
-		await page.getByTestId('settings-nav-item').click();
-		await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-		await page.getByTestId('settings-page-sidenav').focus();
-		await page.getByTestId('ingestion').click();
-
-		// Wait for ingestion keys to load
-		await page.waitForSelector('.ingestion-key-container', { timeout: 10000 });
-
-		// Click delete button for the first ingestion key (second button in action area)
-		const deleteButton = page.locator('.action-btn button').nth(1);
-		await deleteButton.click();
-
-		// Assert delete confirmation modal is visible
-		await expect(
-			page.getByRole('dialog', { name: 'Delete Ingestion Key' }),
-		).toBeVisible();
-
-		// Confirm deletion
-		await page.getByRole('button', { name: 'Delete Ingestion Key' }).click();
-
-		// Assert modal closes
-		await expect(
-			page.getByRole('dialog', { name: 'Delete Ingestion Key' }),
-		).not.toBeVisible();
-	});
-});

frontend/e2e/tests/settings/integrations/integrations-settings.spec.ts

@@ -1,48 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Integrations Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Integrations tab in the settings sidebar (by data-testid)
-	await page.getByTestId('integrations').click();
-
-	// Assert heading and subheading
-	await expect(
-		page.getByRole('heading', { name: 'Integrations' }),
-	).toBeVisible();
-	await expect(
-		page.getByText('Manage Integrations for this workspace'),
-	).toBeVisible();
-
-	// Assert presence of search box
-	await expect(
-		page.getByPlaceholder('Search for an integration...'),
-	).toBeVisible();
-
-	// Assert at least one integration with Configure button
-	const configureBtn = page.getByRole('button', { name: 'Configure' }).first();
-	await expect(configureBtn).toBeVisible();
-
-	// Assert Request more integrations section
-	await expect(
-		page.getByText(
-			"Can't find what you’re looking for? Request more integrations",
-		),
-	).toBeVisible();
-	await expect(page.getByPlaceholder('Enter integration name...')).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Submit' })).toBeVisible();
-});

frontend/e2e/tests/settings/members-sso/members-sso-settings.spec.ts

@@ -1,56 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Members & SSO Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Members & SSO tab in the settings sidebar (by data-testid)
-	await page.getByTestId('members-sso').click();
-
-	// Assert headings and tables
-	await expect(
-		page.getByRole('heading', { name: /Members \(\d+\)/ }),
-	).toBeVisible();
-	await expect(
-		page.getByRole('heading', { name: /Pending Invites \(\d+\)/ }),
-	).toBeVisible();
-	await expect(
-		page.getByRole('heading', { name: 'Authenticated Domains' }),
-	).toBeVisible();
-
-	// Assert Invite Members button is visible and clickable
-	const inviteBtn = page.getByRole('button', { name: /Invite Members/ });
-	await expect(inviteBtn).toBeVisible();
-	await inviteBtn.click();
-	// Assert Invite Members modal/dialog appears (modal title is unique)
-	await expect(page.getByText('Invite team members').first()).toBeVisible();
-	// Close the modal (use unique 'Close' button)
-	await page.getByRole('button', { name: 'Close' }).click();
-
-	// Assert Edit and Delete buttons are present for at least one member
-	const editBtn = page.getByRole('button', { name: /Edit/ }).first();
-	const deleteBtn = page.getByRole('button', { name: /Delete/ }).first();
-	await expect(editBtn).toBeVisible();
-	await expect(deleteBtn).toBeVisible();
-
-	// Assert Add Domains button is visible
-	await expect(page.getByRole('button', { name: /Add Domains/ })).toBeVisible();
-	// Assert Configure SSO or Edit Google Auth button is visible for at least one domain
-	const ssoBtn = page
-		.getByRole('button', { name: /Configure SSO|Edit Google Auth/ })
-		.first();
-	await expect(ssoBtn).toBeVisible();
-});