Merge branch 'nv/delete-v2-dashboard' into nv/patch-dashboard

* fix(authdomain): nest config response, rename Updateable→Updatable, return Identifiable on create

Three small API-shape corrections on auth_domain:

- GettableAuthDomain previously embedded AuthDomainConfig, which
  flattened sso_enabled / saml_config / oidc_config / google_auth_config /
  role_mapping at the response root and made the response shape
  diverge from the request shape (PostableAuthDomain has them under
  `config`). Move it under a named `Config` field with a `config`
  json tag so request and response carry the same nested object.
- UpdateableAuthDomain → UpdatableAuthDomain (typo fix; aligns with
  UpdatableUser already in the codebase).
- CreateAuthDomain previously returned the full GettableAuthDomain;
  the only field clients actually need from the create response is
  the new ID. Switch to Identifiable so the contract states what the
  endpoint guarantees and clients re-Read for the full domain when
  needed.

Frontend schema and OpenAPI spec regenerated.

* fix(authdomain-frontend): adapt to nested config + Identifiable create response

Regenerate the orval client (`yarn generate:api`) and update the
auth-domain UI for the API shape changes from the previous commit:

- `record.ssoType`, `.ssoEnabled`, `.googleAuthConfig`, `.oidcConfig`,
  `.samlConfig`, `.roleMapping` are now nested under `record.config.*`
  in `AuthtypesGettableAuthDomainDTO` — update SSOEnforcementToggle,
  CreateEdit form initial-values, the list page's Configure button,
  and the auth-domain test mocks.
- `mockCreateSuccessResponse` now returns `{ id }` (Identifiable)
  instead of the full domain.

`yarn generate:api` ran clean: lint OK, tsgo OK.

* fix(authdomain): align CreateAuthDomain success code with handler + adjust integration test

The Create handler returns http.StatusCreated but the OpenAPI
annotation said StatusOK. Sync the annotation to 201, regenerate the
spec + frontend client.

The callbackauthn integration test (01_domain.py) still read
`domain["ssoType"]` off the GET response — now nested under
`domain["config"]["ssoType"]` after the previous shape change. Update
the assertion.

cmd/community/server.go

@@ -27,6 +27,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
@@ -100,8 +101,8 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 
 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore), nil
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing) dashboard.Module {
-			return impldashboard.NewModule(impldashboard.NewStore(store), settings, analytics, orgGetter, queryParser)
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing, tagModule tag.Module) dashboard.Module {
+			return impldashboard.NewModule(impldashboard.NewStore(store), store, settings, analytics, orgGetter, queryParser, tagModule)
 		},
 		func(_ licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return noopgateway.NewProviderFactory()

cmd/enterprise/server.go

@@ -42,6 +42,7 @@ import (
 	pkgcloudintegration "github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
@@ -144,8 +145,8 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 			}
 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, licensing, onBeforeRoleDelete, dashboardModule), nil
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
-			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), settings, analytics, orgGetter, queryParser, querier, licensing)
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing, tagModule tag.Module) dashboard.Module {
+			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), store, settings, analytics, orgGetter, queryParser, querier, licensing, tagModule)
 		},
 		func(licensing licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return httpgateway.NewProviderFactory(licensing)

ee/modules/dashboard/impldashboard/module.go

@@ -11,8 +11,10 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
@@ -30,9 +32,9 @@ type module struct {
 	licensing          licensing.Licensing
 }
 
-func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
+func NewModule(store dashboardtypes.Store, sqlstore sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing, tagModule tag.Module) dashboard.Module {
 	scopedProviderSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard")
-	pkgDashboardModule := pkgimpldashboard.NewModule(store, settings, analytics, orgGetter, queryParser)
+	pkgDashboardModule := pkgimpldashboard.NewModule(store, sqlstore, settings, analytics, orgGetter, queryParser, tagModule)
 
 	return &module{
 		pkgDashboardModule: pkgDashboardModule,
@@ -197,6 +199,72 @@ func (module *module) Create(ctx context.Context, orgID valuer.UUID, createdBy s
 	return module.pkgDashboardModule.Create(ctx, orgID, createdBy, creator, data)
 }
 
+func (module *module) CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.CreateV2(ctx, orgID, createdBy, creator, postable)
+}
+
+func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.GetV2(ctx, orgID, id)
+}
+
+func (module *module) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.UpdateV2(ctx, orgID, id, updatedBy, updateable)
+}
+
+func (module *module) PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.PatchV2(ctx, orgID, id, updatedBy, patch)
+}
+
+func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
+	return module.pkgDashboardModule.LockUnlockV2(ctx, orgID, id, updatedBy, isAdmin, lock)
+}
+
+func (module *module) CreatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, postable dashboardtypes.PostablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	if _, err := module.licensing.GetActive(ctx, orgID); err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	existing, err := module.pkgDashboardModule.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	if existing.PublicConfig != nil {
+		return nil, errors.Newf(errors.TypeAlreadyExists, dashboardtypes.ErrCodePublicDashboardAlreadyExists, "dashboard with id %s is already public", id)
+	}
+
+	publicDashboard := dashboardtypes.NewPublicDashboard(postable.TimeRangeEnabled, postable.DefaultTimeRange, id)
+	if err := module.store.CreatePublic(ctx, dashboardtypes.NewStorablePublicDashboardFromPublicDashboard(publicDashboard)); err != nil {
+		return nil, err
+	}
+
+	existing.PublicConfig = publicDashboard
+	return existing, nil
+}
+
+func (module *module) DeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, deletedBy string) error {
+	return module.pkgDashboardModule.DeleteV2(ctx, orgID, id, deletedBy)
+}
+
+func (module *module) UpdatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatable dashboardtypes.UpdatablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	if _, err := module.licensing.GetActive(ctx, orgID); err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	existing, err := module.pkgDashboardModule.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	if existing.PublicConfig == nil {
+		return nil, errors.Newf(errors.TypeNotFound, dashboardtypes.ErrCodePublicDashboardNotFound, "dashboard with id %s isn't public", id)
+	}
+
+	existing.PublicConfig.Update(updatable.TimeRangeEnabled, updatable.DefaultTimeRange)
+	if err := module.store.UpdatePublic(ctx, dashboardtypes.NewStorablePublicDashboardFromPublicDashboard(existing.PublicConfig)); err != nil {
+		return nil, err
+	}
+	return existing, nil
+}
+
 func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.Dashboard, error) {
 	return module.pkgDashboardModule.Get(ctx, orgID, id)
 }

ee/query-service/rules/manager.go

@@ -13,6 +13,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 	baserules "github.com/SigNoz/signoz/pkg/query-service/rules"
 	"github.com/SigNoz/signoz/pkg/types/ruletypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
 func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error) {
@@ -48,7 +49,7 @@ func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error)
 		rules = append(rules, tr)
 
 		// create ch rule task for evaluation
-		task = newTask(baserules.TaskTypeCh, opts.TaskName, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc)
+		task = newTask(baserules.TaskTypeCh, opts.TaskName, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc, opts.MaintenanceStore, opts.OrgID)
 
 	} else if opts.Rule.RuleType == ruletypes.RuleTypeProm {
 
@@ -72,7 +73,7 @@ func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error)
 		rules = append(rules, pr)
 
 		// create promql rule task for evaluation
-		task = newTask(baserules.TaskTypeProm, opts.TaskName, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc)
+		task = newTask(baserules.TaskTypeProm, opts.TaskName, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc, opts.MaintenanceStore, opts.OrgID)
 
 	} else if opts.Rule.RuleType == ruletypes.RuleTypeAnomaly {
 		// create anomaly rule
@@ -95,7 +96,7 @@ func PrepareTaskFunc(opts baserules.PrepareTaskOptions) (baserules.Task, error)
 		rules = append(rules, ar)
 
 		// create anomaly rule task for evaluation
-		task = newTask(baserules.TaskTypeCh, opts.TaskName, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc)
+		task = newTask(baserules.TaskTypeCh, opts.TaskName, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc, opts.MaintenanceStore, opts.OrgID)
 
 	} else {
 		return nil, errors.NewInvalidInputf(errors.CodeInvalidInput, "unsupported rule type %s. Supported types: %s, %s", opts.Rule.RuleType, ruletypes.RuleTypeProm, ruletypes.RuleTypeThreshold)
@@ -209,9 +210,9 @@ func TestNotification(opts baserules.PrepareTestRuleOptions) (int, error) {
 }
 
 // newTask returns an appropriate group for the rule type
-func newTask(taskType baserules.TaskType, name string, frequency time.Duration, rules []baserules.Rule, opts *baserules.ManagerOptions, notify baserules.NotifyFunc) baserules.Task {
+func newTask(taskType baserules.TaskType, name string, frequency time.Duration, rules []baserules.Rule, opts *baserules.ManagerOptions, notify baserules.NotifyFunc, maintenanceStore ruletypes.MaintenanceStore, orgID valuer.UUID) baserules.Task {
 	if taskType == baserules.TaskTypeCh {
-		return baserules.NewRuleTask(name, "", frequency, rules, opts, notify)
+		return baserules.NewRuleTask(name, "", frequency, rules, opts, notify, maintenanceStore, orgID)
 	}
-	return baserules.NewPromRuleTask(name, "", frequency, rules, opts, notify)
+	return baserules.NewPromRuleTask(name, "", frequency, rules, opts, notify, maintenanceStore, orgID)
 }

frontend/src/api/generated/services/authdomains/index.ts

@@ -19,8 +19,8 @@ import type {
 
 import type {
 	AuthtypesPostableAuthDomainDTO,
-	AuthtypesUpdateableAuthDomainDTO,
-	CreateAuthDomain200,
+	AuthtypesUpdatableAuthDomainDTO,
+	CreateAuthDomain201,
 	DeleteAuthDomainPathParameters,
 	GetAuthDomain200,
 	GetAuthDomainPathParameters,
@@ -126,7 +126,7 @@ export const createAuthDomain = (
 	authtypesPostableAuthDomainDTO: BodyType<AuthtypesPostableAuthDomainDTO>,
 	signal?: AbortSignal,
 ) => {
-	return GeneratedAPIInstance<CreateAuthDomain200>({
+	return GeneratedAPIInstance<CreateAuthDomain201>({
 		url: `/api/v1/domains`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
@@ -388,13 +388,13 @@ export const invalidateGetAuthDomain = async (
  */
 export const updateAuthDomain = (
 	{ id }: UpdateAuthDomainPathParameters,
-	authtypesUpdateableAuthDomainDTO: BodyType<AuthtypesUpdateableAuthDomainDTO>,
+	authtypesUpdatableAuthDomainDTO: BodyType<AuthtypesUpdatableAuthDomainDTO>,
 ) => {
 	return GeneratedAPIInstance<void>({
 		url: `/api/v1/domains/${id}`,
 		method: 'PUT',
 		headers: { 'Content-Type': 'application/json' },
-		data: authtypesUpdateableAuthDomainDTO,
+		data: authtypesUpdatableAuthDomainDTO,
 	});
 };
 
@@ -407,7 +407,7 @@ export const getUpdateAuthDomainMutationOptions = <
 		TError,
 		{
 			pathParams: UpdateAuthDomainPathParameters;
-			data: BodyType<AuthtypesUpdateableAuthDomainDTO>;
+			data: BodyType<AuthtypesUpdatableAuthDomainDTO>;
 		},
 		TContext
 	>;
@@ -416,7 +416,7 @@ export const getUpdateAuthDomainMutationOptions = <
 	TError,
 	{
 		pathParams: UpdateAuthDomainPathParameters;
-		data: BodyType<AuthtypesUpdateableAuthDomainDTO>;
+		data: BodyType<AuthtypesUpdatableAuthDomainDTO>;
 	},
 	TContext
 > => {
@@ -433,7 +433,7 @@ export const getUpdateAuthDomainMutationOptions = <
 		Awaited<ReturnType<typeof updateAuthDomain>>,
 		{
 			pathParams: UpdateAuthDomainPathParameters;
-			data: BodyType<AuthtypesUpdateableAuthDomainDTO>;
+			data: BodyType<AuthtypesUpdatableAuthDomainDTO>;
 		}
 	> = (props) => {
 		const { pathParams, data } = props ?? {};
@@ -448,7 +448,7 @@ export type UpdateAuthDomainMutationResult = NonNullable<
 	Awaited<ReturnType<typeof updateAuthDomain>>
 >;
 export type UpdateAuthDomainMutationBody =
-	BodyType<AuthtypesUpdateableAuthDomainDTO>;
+	BodyType<AuthtypesUpdatableAuthDomainDTO>;
 export type UpdateAuthDomainMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
@@ -463,7 +463,7 @@ export const useUpdateAuthDomain = <
 		TError,
 		{
 			pathParams: UpdateAuthDomainPathParameters;
-			data: BodyType<AuthtypesUpdateableAuthDomainDTO>;
+			data: BodyType<AuthtypesUpdatableAuthDomainDTO>;
 		},
 		TContext
 	>;
@@ -472,7 +472,7 @@ export const useUpdateAuthDomain = <
 	TError,
 	{
 		pathParams: UpdateAuthDomainPathParameters;
-		data: BodyType<AuthtypesUpdateableAuthDomainDTO>;
+		data: BodyType<AuthtypesUpdatableAuthDomainDTO>;
 	},
 	TContext
 > => {

frontend/src/api/generated/services/dashboard/index.ts

@@ -18,8 +18,10 @@ import type {
 } from 'react-query';
 
 import type {
+	CreateDashboardV2201,
 	CreatePublicDashboard201,
 	CreatePublicDashboardPathParameters,
+	DashboardtypesPostableDashboardV2DTO,
 	DashboardtypesPostablePublicDashboardDTO,
 	DashboardtypesUpdatablePublicDashboardDTO,
 	DeletePublicDashboardPathParameters,
@@ -634,3 +636,88 @@ export const invalidateGetPublicDashboardWidgetQueryRange = async (
 
 	return queryClient;
 };
+
+/**
+ * This endpoint creates a v2-shape dashboard with structured metadata, a typed data tree, and resolved tags.
+ * @summary Create dashboard (v2)
+ */
+export const createDashboardV2 = (
+	dashboardtypesPostableDashboardV2DTO: BodyType<DashboardtypesPostableDashboardV2DTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateDashboardV2201>({
+		url: `/api/v2/dashboards`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesPostableDashboardV2DTO,
+		signal,
+	});
+};
+
+export const getCreateDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createDashboardV2>>,
+		TError,
+		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createDashboardV2>>,
+	TError,
+	{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+	TContext
+> => {
+	const mutationKey = ['createDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createDashboardV2>>,
+		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return createDashboardV2(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreateDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof createDashboardV2>>
+>;
+export type CreateDashboardV2MutationBody =
+	BodyType<DashboardtypesPostableDashboardV2DTO>;
+export type CreateDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Create dashboard (v2)
+ */
+export const useCreateDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createDashboardV2>>,
+		TError,
+		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createDashboardV2>>,
+	TError,
+	{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+	TContext
+> => {
+	const mutationOptions = getCreateDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};

frontend/src/container/OrganizationSettings/AuthDomain/CreateEdit/CreateEdit.tsx

@@ -60,7 +60,7 @@ function CreateOrEdit(props: CreateOrEditProps): JSX.Element {
 	const [form] = Form.useForm<FormValues>();
 	const [authnProvider, setAuthnProvider] = useState<
 		AuthtypesAuthNProviderDTO | ''
-	>(record?.ssoType || '');
+	>(record?.config?.ssoType || '');
 
 	const { showErrorModal } = useErrorModal();
 	const { featureFlags } = useAppContext();

frontend/src/container/OrganizationSettings/AuthDomain/CreateEdit/CreateEdit.utils.ts

@@ -112,21 +112,26 @@ export function prepareInitialValues(
 		};
 	}
 
+	const config = record.config ?? {};
 	return {
-		...record,
-		googleAuthConfig: record.googleAuthConfig
+		name: record.name,
+		ssoEnabled: config.ssoEnabled,
+		ssoType: config.ssoType,
+		samlConfig: config.samlConfig ?? undefined,
+		oidcConfig: config.oidcConfig ?? undefined,
+		googleAuthConfig: config.googleAuthConfig
 			? {
-					...record.googleAuthConfig,
+					...config.googleAuthConfig,
 					domainToAdminEmailList: convertDomainMappingsToList(
-						record.googleAuthConfig.domainToAdminEmail,
+						config.googleAuthConfig.domainToAdminEmail,
 					),
 				}
 			: undefined,
-		roleMapping: record.roleMapping
+		roleMapping: config.roleMapping
 			? {
-					...record.roleMapping,
+					...config.roleMapping,
 					groupMappingsList: convertGroupMappingsToList(
-						record.roleMapping.groupMappings,
+						config.roleMapping.groupMappings,
 					),
 				}
 			: undefined,

frontend/src/container/OrganizationSettings/AuthDomain/SSOEnforcementToggle.tsx

@@ -43,11 +43,11 @@ function SSOEnforcementToggle({
 				data: {
 					config: {
 						ssoEnabled: checked,
-						ssoType: record.ssoType,
-						googleAuthConfig: record.googleAuthConfig,
-						oidcConfig: record.oidcConfig,
-						samlConfig: record.samlConfig,
-						roleMapping: record.roleMapping,
+						ssoType: record.config?.ssoType,
+						googleAuthConfig: record.config?.googleAuthConfig,
+						oidcConfig: record.config?.oidcConfig,
+						samlConfig: record.config?.samlConfig,
+						roleMapping: record.config?.roleMapping,
 					},
 				},
 			},

frontend/src/container/OrganizationSettings/AuthDomain/__tests__/SSOEnforcementToggle.test.tsx

@@ -55,7 +55,10 @@ describe('SSOEnforcementToggle', () => {
 		render(
 			<SSOEnforcementToggle
 				isDefaultChecked={false}
-				record={{ ...mockGoogleAuthDomain, ssoEnabled: false }}
+				record={{
+					...mockGoogleAuthDomain,
+					config: { ...mockGoogleAuthDomain.config, ssoEnabled: false },
+				}}
 			/>,
 		);
 

frontend/src/container/OrganizationSettings/AuthDomain/__tests__/mocks.ts

@@ -13,11 +13,13 @@ export const AUTH_DOMAINS_DELETE_ENDPOINT = '*/api/v1/domains/:id';
 export const mockGoogleAuthDomain: AuthtypesGettableAuthDomainDTO = {
 	id: 'domain-1',
 	name: 'signoz.io',
-	ssoEnabled: true,
-	ssoType: AuthtypesAuthNProviderDTO.google_auth,
-	googleAuthConfig: {
-		clientId: 'test-client-id',
-		clientSecret: 'test-client-secret',
+	config: {
+		ssoEnabled: true,
+		ssoType: AuthtypesAuthNProviderDTO.google_auth,
+		googleAuthConfig: {
+			clientId: 'test-client-id',
+			clientSecret: 'test-client-secret',
+		},
 	},
 	authNProviderInfo: {
 		relayStatePath: 'api/v1/sso/relay/domain-1',
@@ -28,12 +30,14 @@ export const mockGoogleAuthDomain: AuthtypesGettableAuthDomainDTO = {
 export const mockSamlAuthDomain: AuthtypesGettableAuthDomainDTO = {
 	id: 'domain-2',
 	name: 'example.com',
-	ssoEnabled: false,
-	ssoType: AuthtypesAuthNProviderDTO.saml,
-	samlConfig: {
-		samlIdp: 'https://idp.example.com/sso',
-		samlEntity: 'urn:example:idp',
-		samlCert: 'MOCK_CERTIFICATE',
+	config: {
+		ssoEnabled: false,
+		ssoType: AuthtypesAuthNProviderDTO.saml,
+		samlConfig: {
+			samlIdp: 'https://idp.example.com/sso',
+			samlEntity: 'urn:example:idp',
+			samlCert: 'MOCK_CERTIFICATE',
+		},
 	},
 	authNProviderInfo: {
 		relayStatePath: 'api/v1/sso/relay/domain-2',
@@ -44,12 +48,14 @@ export const mockSamlAuthDomain: AuthtypesGettableAuthDomainDTO = {
 export const mockOidcAuthDomain: AuthtypesGettableAuthDomainDTO = {
 	id: 'domain-3',
 	name: 'corp.io',
-	ssoEnabled: true,
-	ssoType: AuthtypesAuthNProviderDTO.oidc,
-	oidcConfig: {
-		issuer: 'https://oidc.corp.io',
-		clientId: 'oidc-client-id',
-		clientSecret: 'oidc-client-secret',
+	config: {
+		ssoEnabled: true,
+		ssoType: AuthtypesAuthNProviderDTO.oidc,
+		oidcConfig: {
+			issuer: 'https://oidc.corp.io',
+			clientId: 'oidc-client-id',
+			clientSecret: 'oidc-client-secret',
+		},
 	},
 	authNProviderInfo: {
 		relayStatePath: 'api/v1/sso/relay/domain-3',
@@ -60,20 +66,22 @@ export const mockOidcAuthDomain: AuthtypesGettableAuthDomainDTO = {
 export const mockDomainWithRoleMapping: AuthtypesGettableAuthDomainDTO = {
 	id: 'domain-4',
 	name: 'enterprise.com',
-	ssoEnabled: true,
-	ssoType: AuthtypesAuthNProviderDTO.saml,
-	samlConfig: {
-		samlIdp: 'https://idp.enterprise.com/sso',
-		samlEntity: 'urn:enterprise:idp',
-		samlCert: 'MOCK_CERTIFICATE',
-	},
-	roleMapping: {
-		defaultRole: 'EDITOR',
-		useRoleAttribute: false,
-		groupMappings: {
-			'admin-group': 'ADMIN',
-			'dev-team': 'EDITOR',
-			viewers: 'VIEWER',
+	config: {
+		ssoEnabled: true,
+		ssoType: AuthtypesAuthNProviderDTO.saml,
+		samlConfig: {
+			samlIdp: 'https://idp.enterprise.com/sso',
+			samlEntity: 'urn:enterprise:idp',
+			samlCert: 'MOCK_CERTIFICATE',
+		},
+		roleMapping: {
+			defaultRole: 'EDITOR',
+			useRoleAttribute: false,
+			groupMappings: {
+				'admin-group': 'ADMIN',
+				'dev-team': 'EDITOR',
+				viewers: 'VIEWER',
+			},
 		},
 	},
 	authNProviderInfo: {
@@ -86,16 +94,18 @@ export const mockDomainWithDirectRoleAttribute: AuthtypesGettableAuthDomainDTO =
 	{
 		id: 'domain-5',
 		name: 'direct-role.com',
-		ssoEnabled: true,
-		ssoType: AuthtypesAuthNProviderDTO.oidc,
-		oidcConfig: {
-			issuer: 'https://oidc.direct-role.com',
-			clientId: 'direct-role-client-id',
-			clientSecret: 'direct-role-client-secret',
-		},
-		roleMapping: {
-			defaultRole: 'VIEWER',
-			useRoleAttribute: true,
+		config: {
+			ssoEnabled: true,
+			ssoType: AuthtypesAuthNProviderDTO.oidc,
+			oidcConfig: {
+				issuer: 'https://oidc.direct-role.com',
+				clientId: 'direct-role-client-id',
+				clientSecret: 'direct-role-client-secret',
+			},
+			roleMapping: {
+				defaultRole: 'VIEWER',
+				useRoleAttribute: true,
+			},
 		},
 		authNProviderInfo: {
 			relayStatePath: 'api/v1/sso/relay/domain-5',
@@ -106,20 +116,22 @@ export const mockDomainWithDirectRoleAttribute: AuthtypesGettableAuthDomainDTO =
 export const mockOidcWithClaimMapping: AuthtypesGettableAuthDomainDTO = {
 	id: 'domain-6',
 	name: 'oidc-claims.com',
-	ssoEnabled: true,
-	ssoType: AuthtypesAuthNProviderDTO.oidc,
-	oidcConfig: {
-		issuer: 'https://oidc.claims.com',
-		issuerAlias: 'https://alias.claims.com',
-		clientId: 'claims-client-id',
-		clientSecret: 'claims-client-secret',
-		insecureSkipEmailVerified: true,
-		getUserInfo: true,
-		claimMapping: {
-			email: 'user_email',
-			name: 'display_name',
-			groups: 'user_groups',
-			role: 'user_role',
+	config: {
+		ssoEnabled: true,
+		ssoType: AuthtypesAuthNProviderDTO.oidc,
+		oidcConfig: {
+			issuer: 'https://oidc.claims.com',
+			issuerAlias: 'https://alias.claims.com',
+			clientId: 'claims-client-id',
+			clientSecret: 'claims-client-secret',
+			insecureSkipEmailVerified: true,
+			getUserInfo: true,
+			claimMapping: {
+				email: 'user_email',
+				name: 'display_name',
+				groups: 'user_groups',
+				role: 'user_role',
+			},
 		},
 	},
 	authNProviderInfo: {
@@ -131,17 +143,19 @@ export const mockOidcWithClaimMapping: AuthtypesGettableAuthDomainDTO = {
 export const mockSamlWithAttributeMapping: AuthtypesGettableAuthDomainDTO = {
 	id: 'domain-7',
 	name: 'saml-attrs.com',
-	ssoEnabled: true,
-	ssoType: AuthtypesAuthNProviderDTO.saml,
-	samlConfig: {
-		samlIdp: 'https://idp.saml-attrs.com/sso',
-		samlEntity: 'urn:saml-attrs:idp',
-		samlCert: 'MOCK_CERTIFICATE_ATTRS',
-		insecureSkipAuthNRequestsSigned: true,
-		attributeMapping: {
-			name: 'user_display_name',
-			groups: 'member_of',
-			role: 'signoz_role',
+	config: {
+		ssoEnabled: true,
+		ssoType: AuthtypesAuthNProviderDTO.saml,
+		samlConfig: {
+			samlIdp: 'https://idp.saml-attrs.com/sso',
+			samlEntity: 'urn:saml-attrs:idp',
+			samlCert: 'MOCK_CERTIFICATE_ATTRS',
+			insecureSkipAuthNRequestsSigned: true,
+			attributeMapping: {
+				name: 'user_display_name',
+				groups: 'member_of',
+				role: 'signoz_role',
+			},
 		},
 	},
 	authNProviderInfo: {
@@ -154,19 +168,21 @@ export const mockGoogleAuthWithWorkspaceGroups: AuthtypesGettableAuthDomainDTO =
 	{
 		id: 'domain-8',
 		name: 'google-groups.com',
-		ssoEnabled: true,
-		ssoType: AuthtypesAuthNProviderDTO.google_auth,
-		googleAuthConfig: {
-			clientId: 'google-groups-client-id',
-			clientSecret: 'google-groups-client-secret',
-			insecureSkipEmailVerified: false,
-			fetchGroups: true,
-			serviceAccountJson: '{"type": "service_account"}',
-			domainToAdminEmail: {
-				'google-groups.com': 'admin@google-groups.com',
+		config: {
+			ssoEnabled: true,
+			ssoType: AuthtypesAuthNProviderDTO.google_auth,
+			googleAuthConfig: {
+				clientId: 'google-groups-client-id',
+				clientSecret: 'google-groups-client-secret',
+				insecureSkipEmailVerified: false,
+				fetchGroups: true,
+				serviceAccountJson: '{"type": "service_account"}',
+				domainToAdminEmail: {
+					'google-groups.com': 'admin@google-groups.com',
+				},
+				fetchTransitiveGroupMembership: true,
+				allowedGroups: ['allowed-group-1', 'allowed-group-2'],
 			},
-			fetchTransitiveGroupMembership: true,
-			allowedGroups: ['allowed-group-1', 'allowed-group-2'],
 		},
 		authNProviderInfo: {
 			relayStatePath: 'api/v1/sso/relay/domain-8',
@@ -191,15 +207,19 @@ export const mockSingleDomainResponse = {
 	data: [mockGoogleAuthDomain],
 };
 
-// Mock success responses
+// Mock success responses. CreateAuthDomain returns just an Identifiable
+// (the new domain ID); clients re-Read to get the full domain.
 export const mockCreateSuccessResponse = {
 	status: 'success',
-	data: mockGoogleAuthDomain,
+	data: { id: mockGoogleAuthDomain.id },
 };
 
 export const mockUpdateSuccessResponse = {
 	status: 'success',
-	data: { ...mockGoogleAuthDomain, ssoEnabled: false },
+	data: {
+		...mockGoogleAuthDomain,
+		config: { ...mockGoogleAuthDomain.config, ssoEnabled: false },
+	},
 };
 
 export const mockDeleteSuccessResponse = {

frontend/src/container/OrganizationSettings/AuthDomain/index.tsx

@@ -158,7 +158,7 @@ function AuthDomain(): JSX.Element {
 							onClick={(): void => setRecord(record)}
 							variant="link"
 						>
-							Configure {SSOType.get(record.ssoType || '')}
+							Configure {SSOType.get(record.config?.ssoType || '')}
 						</Button>
 						<Button
 							className="auth-domain-list-action-link delete"

frontend/src/container/PlannedDowntime/PlannedDowntime.tsx

@@ -17,7 +17,6 @@ import { Search } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
 import { useErrorModal } from 'providers/ErrorModalProvider';
 import { USER_ROLES } from 'types/roles';
-import { DeepPartial } from 'utils/types';
 
 import 'dayjs/locale/en';
 
@@ -25,7 +24,7 @@ import { PlannedDowntimeDeleteModal } from './PlannedDowntimeDeleteModal';
 import { PlannedDowntimeForm } from './PlannedDowntimeForm';
 import { PlannedDowntimeList } from './PlannedDowntimeList';
 import {
-	defaultInitialValues,
+	defautlInitialValues,
 	deleteDowntimeHandler,
 } from './PlannedDowntimeutils';
 
@@ -49,8 +48,8 @@ export function PlannedDowntime(): JSX.Element {
 	const urlQuery = useUrlQuery();
 
 	const [initialValues, setInitialValues] =
-		useState<DeepPartial<RuletypesPlannedMaintenanceDTO & { editMode: boolean }>>(
-			defaultInitialValues,
+		useState<Partial<RuletypesPlannedMaintenanceDTO & { editMode: boolean }>>(
+			defautlInitialValues,
 		);
 
 	const downtimeSchedules = useListDowntimeSchedules();
@@ -150,7 +149,7 @@ export function PlannedDowntime(): JSX.Element {
 							icon={<PlusOutlined />}
 							type="primary"
 							onClick={(): void => {
-								setInitialValues({ ...defaultInitialValues, editMode: false });
+								setInitialValues({ ...defautlInitialValues, editMode: false });
 								setIsOpen(true);
 								setEditMode(false);
 								form.resetFields();

frontend/src/container/PlannedDowntime/PlannedDowntimeForm.tsx

@@ -1,11 +1,5 @@
-import React, {
-	ReactNode,
-	useCallback,
-	useEffect,
-	useMemo,
-	useState,
-} from 'react';
-import { CheckOutlined, InfoCircleOutlined } from '@ant-design/icons';
+import React, { useCallback, useEffect, useMemo, useState } from 'react';
+import { CheckOutlined } from '@ant-design/icons';
 import {
 	Button,
 	DatePicker,
@@ -16,7 +10,6 @@ import {
 	Select,
 	SelectProps,
 	Spin,
-	Tooltip,
 	Typography,
 } from 'antd';
 import type { DefaultOptionType } from 'antd/es/select';
@@ -45,8 +38,6 @@ import { defaultTo, isEmpty } from 'lodash-es';
 import { useErrorModal } from 'providers/ErrorModalProvider';
 import APIError from 'types/api/error';
 import { ALL_TIME_ZONES } from 'utils/timeZoneUtil';
-import { type PanelMode } from 'rc-picker/lib/interface';
-import { DeepPartial } from 'utils/types';
 
 import 'dayjs/locale/en';
 
@@ -78,14 +69,14 @@ interface PlannedDowntimeFormData {
 	endTime: dayjs.Dayjs | string;
 	recurrence?: RuletypesRecurrenceDTO | null;
 	alertRules: DefaultOptionType[];
+	recurrenceSelect?: RuletypesRecurrenceDTO;
 	timezone?: string;
-	labelExpression?: string;
 }
 
 const customFormat = DATE_TIME_FORMATS.ORDINAL_DATETIME;
 
 interface PlannedDowntimeFormProps {
-	initialValues: DeepPartial<
+	initialValues: Partial<
 		RuletypesPlannedMaintenanceDTO & {
 			editMode: boolean;
 		}
@@ -97,7 +88,7 @@ interface PlannedDowntimeFormProps {
 	setIsOpen: React.Dispatch<React.SetStateAction<boolean>>;
 	refetchAllSchedules: () => void;
 	isEditMode: boolean;
-	form: FormInstance;
+	form: FormInstance<any>;
 }
 
 export function PlannedDowntimeForm(
@@ -141,25 +132,26 @@ export function PlannedDowntimeForm(
 	const { notifications } = useNotifications();
 	const { showErrorModal } = useErrorModal();
 
-	const datePickerFooter = (mode: PanelMode): ReactNode =>
+	const datePickerFooter = (mode: any): any =>
 		mode === 'time' ? (
 			<span style={{ color: 'gray' }}>Please select the time</span>
 		) : null;
 
-	const saveHandler = useCallback(
+	const saveHanlder = useCallback(
 		async (values: PlannedDowntimeFormData) => {
+			const shouldKeepLocalTime = !isEditMode;
 			const data: RuletypesPostablePlannedMaintenanceDTO = {
 				alertIds: values.alertRules
 					.map((alert) => alert.value)
 					.filter((alert) => alert !== undefined) as string[],
 				name: values.name,
-				labelExpression: values.labelExpression,
 				schedule: {
 					startTime: new Date(
 						handleTimeConversion(
 							values.startTime,
 							timezoneInitialValue,
 							values.timezone,
+							shouldKeepLocalTime,
 						),
 					),
 					timezone: values.timezone as string,
@@ -169,6 +161,7 @@ export function PlannedDowntimeForm(
 									values.endTime,
 									timezoneInitialValue,
 									values.timezone,
+									shouldKeepLocalTime,
 								),
 							)
 						: undefined,
@@ -209,24 +202,38 @@ export function PlannedDowntimeForm(
 		],
 	);
 	const onFinish = async (values: PlannedDowntimeFormData): Promise<void> => {
-		const { recurrence } = values;
 		const recurrenceData =
-			!recurrence ||
-			recurrence.repeatType === recurrenceOptions.doesNotRepeat.value
+			values?.recurrence?.repeatType === recurrenceOptions.doesNotRepeat.value
 				? undefined
 				: {
-						duration: recurrence.duration
-							? `${recurrence.duration}${durationUnit}`
+						duration: values.recurrence?.duration
+							? `${values.recurrence?.duration}${durationUnit}`
 							: undefined,
-						repeatOn: recurrence.repeatOn?.length ? recurrence.repeatOn : undefined,
-						repeatType: recurrence.repeatType,
+						endTime: !isEmpty(values.endTime)
+							? handleTimeConversion(
+									values.endTime,
+									timezoneInitialValue,
+									values.timezone,
+									!isEditMode,
+								)
+							: undefined,
+						startTime: handleTimeConversion(
+							values.startTime,
+							timezoneInitialValue,
+							values.timezone,
+							!isEditMode,
+						),
+						repeatOn: !values.recurrence?.repeatOn?.length
+							? undefined
+							: values.recurrence?.repeatOn,
+						repeatType: values.recurrence?.repeatType,
 					};
 
 		const payloadValues = {
 			...values,
 			recurrence: recurrenceData as RuletypesRecurrenceDTO | undefined,
 		};
-		await saveHandler(payloadValues);
+		await saveHanlder(payloadValues);
 	};
 
 	const formValidationRules = [
@@ -279,7 +286,7 @@ export function PlannedDowntimeForm(
 				: '',
 			recurrence: {
 				...initialValues.schedule?.recurrence,
-				repeatType: (!isScheduleRecurring(initialValues.schedule)
+				repeatType: (!isScheduleRecurring(initialValues?.schedule)
 					? recurrenceOptions.doesNotRepeat.value
 					: initialValues.schedule?.recurrence
 							?.repeatType) as RuletypesRecurrenceDTO['repeatType'],
@@ -289,7 +296,6 @@ export function PlannedDowntimeForm(
 				),
 			} as RuletypesRecurrenceDTO,
 			timezone: initialValues.schedule?.timezone as string,
-			labelExpression: initialValues.labelExpression || '',
 		};
 		return formData;
 	}, [initialValues, alertOptions]);
@@ -310,6 +316,7 @@ export function PlannedDowntimeForm(
 	const getTimezoneFormattedTime = (
 		time: string | dayjs.Dayjs,
 		timeZone?: string,
+		isEditMode?: boolean,
 		format?: string,
 	): string => {
 		if (!time) {
@@ -318,11 +325,20 @@ export function PlannedDowntimeForm(
 		if (!timeZone) {
 			return dayjs(time).format(format);
 		}
-		return dayjs(time).tz(timeZone).format(format);
+		return dayjs(time).tz(timeZone, isEditMode).format(format);
 	};
 
 	const startTimeText = useMemo((): string => {
-		let startTime = formData.startTime;
+		let startTime = formData?.startTime;
+		if (recurrenceType !== recurrenceOptions.doesNotRepeat.value) {
+			startTime =
+				(formData?.recurrence?.startTime
+					? dayjs(formData.recurrence.startTime).toISOString()
+					: '') ||
+				formData?.startTime ||
+				'';
+		}
+
 		if (!startTime) {
 			return '';
 		}
@@ -332,6 +348,7 @@ export function PlannedDowntimeForm(
 				startTime,
 				timezoneInitialValue,
 				formData?.timezone,
+				!isEditMode,
 			);
 		}
 		const daysOfWeek = formData?.recurrence?.repeatOn;
@@ -339,16 +356,21 @@ export function PlannedDowntimeForm(
 		const formattedStartTime = getTimezoneFormattedTime(
 			startTime,
 			formData.timezone,
+			!isEditMode,
 			TIME_FORMAT,
 		);
+
 		const formattedStartDate = getTimezoneFormattedTime(
 			startTime,
 			formData.timezone,
+			!isEditMode,
 			DATE_FORMAT,
 		);
+
 		const ordinalFormat = getTimezoneFormattedTime(
 			startTime,
 			formData.timezone,
+			!isEditMode,
 			ORDINAL_FORMAT,
 		);
 
@@ -365,10 +387,21 @@ export function PlannedDowntimeForm(
 			default:
 				return `Scheduled for ${formattedStartDate} starting at ${formattedStartTime}.`;
 		}
-	}, [formData, recurrenceType, timezoneInitialValue]);
+	}, [formData, recurrenceType, isEditMode, timezoneInitialValue]);
 
 	const endTimeText = useMemo((): string => {
 		let endTime = formData?.endTime;
+		if (recurrenceType !== recurrenceOptions.doesNotRepeat.value) {
+			endTime =
+				(formData?.recurrence?.endTime
+					? dayjs(formData.recurrence.endTime).toISOString()
+					: '') || '';
+
+			if (!isEditMode && !endTime) {
+				endTime = formData?.endTime || '';
+			}
+		}
+
 		if (!endTime) {
 			return '';
 		}
@@ -378,21 +411,25 @@ export function PlannedDowntimeForm(
 				endTime,
 				timezoneInitialValue,
 				formData?.timezone,
+				!isEditMode,
 			);
 		}
 
 		const formattedEndTime = getTimezoneFormattedTime(
 			endTime,
 			formData.timezone,
+			!isEditMode,
 			TIME_FORMAT,
 		);
+
 		const formattedEndDate = getTimezoneFormattedTime(
 			endTime,
 			formData.timezone,
+			!isEditMode,
 			DATE_FORMAT,
 		);
 		return `Scheduled to end maintenance on ${formattedEndDate} at ${formattedEndTime}.`;
-	}, [formData, timezoneInitialValue]);
+	}, [formData, recurrenceType, isEditMode, timezoneInitialValue]);
 
 	return (
 		<Modal
@@ -427,7 +464,7 @@ export function PlannedDowntimeForm(
 					name="startTime"
 					rules={formValidationRules}
 					className={!isEmpty(startTimeText) ? 'formItemWithBullet' : ''}
-					getValueProps={(value) => ({
+					getValueProps={(value): any => ({
 						value: value ? dayjs(value).tz(timezoneInitialValue) : undefined,
 					})}
 				>
@@ -508,7 +545,7 @@ export function PlannedDowntimeForm(
 						},
 					]}
 					className={!isEmpty(endTimeText) ? 'formItemWithBullet' : ''}
-					getValueProps={(value) => ({
+					getValueProps={(value): any => ({
 						value: value ? dayjs(value).tz(timezoneInitialValue) : undefined,
 					})}
 				>
@@ -570,22 +607,6 @@ export function PlannedDowntimeForm(
 						</Select>
 					</Form.Item>
 				</div>
-				<Form.Item
-					label={
-						<span>
-							Label Expression&nbsp;
-							<Tooltip title='Filter by alert labels. Examples: env == "prod", region == "us-east-1" && severity == "critical"'>
-								<InfoCircleOutlined />
-							</Tooltip>
-						</span>
-					}
-					name="labelExpression"
-				>
-					<Input.TextArea
-						placeholder='e.g. env == "prod" && region == "us-east-1"'
-						autoSize={{ minRows: 2, maxRows: 4 }}
-					/>
-				</Form.Item>
 				<Form.Item style={{ marginBottom: 0 }}>
 					<ModalButtonWrapper>
 						<Button

frontend/src/container/PlannedDowntime/PlannedDowntimeList.tsx

@@ -1,4 +1,4 @@
-import React, { ReactNode, useEffect } from 'react';
+import { ReactNode, useEffect } from 'react';
 import { UseQueryResult } from 'react-query';
 import { Color } from '@signozhq/design-tokens';
 import {
@@ -26,9 +26,8 @@ import { defaultTo } from 'lodash-es';
 import { CalendarClock, PenLine, Trash2 } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
 import { USER_ROLES } from 'types/roles';
-import { showErrorNotification } from 'utils/error';
-import { DeepPartial } from 'utils/types';
 
+import { showErrorNotification } from '../../utils/error';
 import {
 	formatDateTime,
 	getAlertOptionsFromIds,
@@ -36,6 +35,7 @@ import {
 	getEndTime,
 	recurrenceInfo,
 } from './PlannedDowntimeutils';
+
 import './PlannedDowntime.styles.scss';
 
 const { Panel } = Collapse;
@@ -144,7 +144,7 @@ export function CollapseListContent({
 	created_at?: string;
 	created_by_name?: string;
 	created_by_email?: string;
-	timeframe: [string | undefined, string | undefined];
+	timeframe: [string | undefined | null, string | undefined | null];
 	repeats?: RuletypesRecurrenceDTO | null;
 	updated_at?: string;
 	updated_by_name?: string;
@@ -200,12 +200,7 @@ export function CollapseListContent({
 				),
 			)}
 			{renderItems('Timezone', <Typography>{timezone || '-'}</Typography>)}
-			{renderItems(
-				'Repeats',
-				<Typography>
-					{recurrenceInfo(timeframe[0], timeframe[1], repeats)}
-				</Typography>,
-			)}
+			{renderItems('Repeats', <Typography>{recurrenceInfo(repeats)}</Typography>)}
 			{renderItems(
 				'Alerts silenced',
 				alertOptions?.length ? (
@@ -225,7 +220,7 @@ export function CollapseListContent({
 export function CustomCollapseList(
 	props: DowntimeSchedulesTableData & {
 		setInitialValues: React.Dispatch<
-			React.SetStateAction<DeepPartial<RuletypesPlannedMaintenanceDTO>>
+			React.SetStateAction<Partial<RuletypesPlannedMaintenanceDTO>>
 		>;
 		setModalOpen: React.Dispatch<React.SetStateAction<boolean>>;
 		handleDeleteDowntime: (id: string, name: string) => void;
@@ -296,7 +291,9 @@ export function CustomCollapseList(
 							schedule?.startTime?.toString(),
 							typeof endTime === 'string' ? endTime : endTime?.toString(),
 						]}
-						repeats={schedule?.recurrence}
+						repeats={
+							schedule?.recurrence as RuletypesRecurrenceDTO | null | undefined
+						}
 						updated_at={updatedAt ? dayjs(updatedAt).toISOString() : ''}
 						updated_by_name={defaultTo(updatedBy, '')}
 						alertOptions={alertOptions}
@@ -331,7 +328,7 @@ export function PlannedDowntimeList({
 	>;
 	alertOptions: DefaultOptionType[];
 	setInitialValues: React.Dispatch<
-		React.SetStateAction<DeepPartial<RuletypesPlannedMaintenanceDTO>>
+		React.SetStateAction<Partial<RuletypesPlannedMaintenanceDTO>>
 	>;
 	setModalOpen: React.Dispatch<React.SetStateAction<boolean>>;
 	handleDeleteDowntime: (id: string, name: string) => void;

frontend/src/container/PlannedDowntime/PlannedDowntimeutils.ts

@@ -2,7 +2,7 @@ import { UseMutateAsyncFunction } from 'react-query';
 import type { NotificationInstance } from 'antd/es/notification/interface';
 import type { DefaultOptionType } from 'antd/es/select';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
-import {
+import type {
 	DeleteDowntimeScheduleByIDPathParameters,
 	RenderErrorResponseDTO,
 	RuletypesPlannedMaintenanceDTO,
@@ -14,7 +14,6 @@ import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import dayjs from 'dayjs';
 import { isEmpty, isEqual } from 'lodash-es';
 import APIError from 'types/api/error';
-import { DeepPartial } from 'utils/types';
 
 type DateTimeString = string | null | undefined;
 
@@ -61,15 +60,13 @@ export const getAlertOptionsFromIds = (
 	);
 
 export const recurrenceInfo = (
-	startTime?: string,
-	endTime?: string,
 	recurrence?: RuletypesRecurrenceDTO | null,
 ): string => {
 	if (!recurrence) {
 		return 'No';
 	}
 
-	const { duration, repeatOn, repeatType } = recurrence;
+	const { startTime, duration, repeatOn, repeatType, endTime } = recurrence;
 
 	const formattedStartTime = startTime
 		? formatDateTime(dayjs(startTime).toISOString())
@@ -83,7 +80,7 @@ export const recurrenceInfo = (
 	return `Repeats - ${repeatType} ${weeklyRepeatString} from ${formattedStartTime} ${formattedEndTime} ${durationString}`;
 };
 
-export const defaultInitialValues: DeepPartial<
+export const defautlInitialValues: Partial<
 	RuletypesPlannedMaintenanceDTO & { editMode: boolean }
 > = {
 	name: '',
@@ -213,17 +210,39 @@ export const recurrenceOptionWithSubmenu: Option[] = [
 	recurrenceOptions.monthly,
 ];
 
+export const getRecurrenceOptionFromValue = (
+	value?: string | Option | null,
+): Option | null | undefined => {
+	if (!value) {
+		return null;
+	}
+	if (typeof value === 'string') {
+		return Object.values(recurrenceOptions).find(
+			(option) => option.value === value,
+		);
+	}
+	return value;
+};
+
 export const getEndTime = ({
+	kind,
 	schedule,
-}: DeepPartial<
+}: Partial<
 	RuletypesPlannedMaintenanceDTO & {
 		editMode: boolean;
 	}
->): string | dayjs.Dayjs =>
-	schedule?.endTime ? dayjs(schedule.endTime).toISOString() : '';
+>): string | dayjs.Dayjs => {
+	if (kind === 'fixed') {
+		return schedule?.endTime ? dayjs(schedule.endTime).toISOString() : '';
+	}
+
+	return schedule?.recurrence?.endTime
+		? dayjs(schedule.recurrence.endTime).toISOString()
+		: '';
+};
 
 export const isScheduleRecurring = (
-	schedule?: DeepPartial<RuletypesPlannedMaintenanceDTO['schedule']> | null,
+	schedule?: RuletypesPlannedMaintenanceDTO['schedule'] | null,
 ): boolean => (schedule ? !isEmpty(schedule?.recurrence) : false);
 
 function convertUtcOffsetToTimezoneOffset(offsetMinutes: number): string {
@@ -253,6 +272,7 @@ export function handleTimeConversion(
 	dateValue: string | dayjs.Dayjs,
 	timezoneInit?: string,
 	timezone?: string,
+	shouldKeepLocalTime?: boolean,
 ): string {
 	const timezoneChanged = !isEqual(timezoneInit, timezone);
 	const initialTime = dayjs(dateValue).tz(timezoneInit);
@@ -260,5 +280,5 @@ export function handleTimeConversion(
 	const formattedTime = formatWithTimezone(initialTime, timezone);
 	return timezoneChanged
 		? formattedTime
-		: dayjs(dateValue).tz(timezone).format();
+		: dayjs(dateValue).tz(timezone, shouldKeepLocalTime).format();
 }

frontend/src/container/PlannedDowntime/__test__/testUtils.ts

@@ -8,7 +8,7 @@ import {
 } from 'api/generated/services/sigNoz.schemas';
 
 export const buildSchedule = (
-	schedule: RuletypesScheduleDTO,
+	schedule: Partial<RuletypesScheduleDTO>,
 ): RuletypesScheduleDTO => ({
 	timezone: schedule?.timezone ?? '',
 	startTime: schedule?.startTime,
@@ -17,13 +17,16 @@ export const buildSchedule = (
 });
 
 export const createMockDowntime = (
-	overrides: Partial<RuletypesPlannedMaintenanceDTO> &
-		Pick<RuletypesPlannedMaintenanceDTO, 'schedule'>,
+	overrides: Partial<RuletypesPlannedMaintenanceDTO>,
 ): RuletypesPlannedMaintenanceDTO => ({
 	id: overrides.id ?? '0',
 	name: overrides.name ?? '',
 	description: overrides.description ?? '',
-	schedule: overrides.schedule,
+	schedule: buildSchedule({
+		timezone: 'UTC',
+		startTime: new Date('2024-01-01'),
+		...overrides.schedule,
+	}),
 	alertIds: overrides.alertIds ?? [],
 	createdAt: overrides.createdAt,
 	createdBy: overrides.createdBy ?? '',

frontend/src/types/common/index.ts

@@ -19,6 +19,7 @@ export type ServerError = 500;
 export type SuccessStatusCode = Created | Success | SuccessNoContent;
 
 export type ErrorStatusCode =
+	| Forbidden
 	| Forbidden
 	| Unauthorized
 	| NotFound

frontend/src/utils/types.ts

@@ -1,22 +0,0 @@
-type Builtin =
-	| string
-	| number
-	| boolean
-	| bigint
-	| symbol
-	| null
-	| undefined
-	| Function // eslint-disable-line
-	| Date
-	| RegExp
-	| Error;
-
-export type DeepPartial<T> = T extends Builtin
-	? T
-	: T extends Array<infer U>
-		? Array<DeepPartial<U>>
-		: T extends ReadonlyArray<infer U>
-			? ReadonlyArray<DeepPartial<U>>
-			: T extends object
-				? { [K in keyof T]?: DeepPartial<T[K]> }
-				: T;

go.mod

@@ -88,6 +88,7 @@ require (
 	gonum.org/v1/gonum v0.17.0
 	google.golang.org/api v0.265.0
 	google.golang.org/protobuf v1.36.11
+	gopkg.in/evanphx/json-patch.v4 v4.13.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.35.2

pkg/alertmanager/alertmanagerserver/distpatcher_test.go

@@ -24,7 +24,6 @@ import (
 	"github.com/prometheus/alertmanager/dispatch"
 	"github.com/prometheus/alertmanager/notify"
 	"github.com/prometheus/alertmanager/provider/mem"
-	promTypes "github.com/prometheus/alertmanager/types"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/common/model"
 	"github.com/prometheus/common/promslog"
@@ -365,7 +364,7 @@ route:
 	providerSettings := createTestProviderSettings()
 	logger := providerSettings.Logger
 	route := dispatch.NewRoute(conf.Route, nil)
-	marker := promTypes.NewMarker(prometheus.NewRegistry())
+	marker := alertmanagertypes.NewMarker(prometheus.NewRegistry())
 	alerts, err := mem.NewAlerts(context.Background(), marker, time.Hour, 0, nil, logger, prometheus.NewRegistry(), nil)
 	if err != nil {
 		t.Fatal(err)
@@ -638,7 +637,7 @@ route:
 	providerSettings := createTestProviderSettings()
 	logger := providerSettings.Logger
 	route := dispatch.NewRoute(conf.Route, nil)
-	marker := promTypes.NewMarker(prometheus.NewRegistry())
+	marker := alertmanagertypes.NewMarker(prometheus.NewRegistry())
 	alerts, err := mem.NewAlerts(context.Background(), marker, time.Hour, 0, nil, logger, prometheus.NewRegistry(), nil)
 	if err != nil {
 		t.Fatal(err)
@@ -897,7 +896,7 @@ route:
 	providerSettings := createTestProviderSettings()
 	logger := providerSettings.Logger
 	route := dispatch.NewRoute(conf.Route, nil)
-	marker := promTypes.NewMarker(prometheus.NewRegistry())
+	marker := alertmanagertypes.NewMarker(prometheus.NewRegistry())
 	alerts, err := mem.NewAlerts(context.Background(), marker, time.Hour, 0, nil, logger, prometheus.NewRegistry(), nil)
 	if err != nil {
 		t.Fatal(err)
@@ -1159,7 +1158,7 @@ func newAlert(labels model.LabelSet) *alertmanagertypes.Alert {
 
 func TestDispatcherRace(t *testing.T) {
 	logger := promslog.NewNopLogger()
-	marker := promTypes.NewMarker(prometheus.NewRegistry())
+	marker := alertmanagertypes.NewMarker(prometheus.NewRegistry())
 	alerts, err := mem.NewAlerts(context.Background(), marker, time.Hour, 0, nil, logger, prometheus.NewRegistry(), nil)
 	if err != nil {
 		t.Fatal(err)
@@ -1195,7 +1194,7 @@ route:
 	route := dispatch.NewRoute(conf.Route, nil)
 	providerSettings := createTestProviderSettings()
 	logger := providerSettings.Logger
-	marker := promTypes.NewMarker(prometheus.NewRegistry())
+	marker := alertmanagertypes.NewMarker(prometheus.NewRegistry())
 	alerts, err := mem.NewAlerts(context.Background(), marker, time.Hour, 0, nil, logger, prometheus.NewRegistry(), nil)
 	if err != nil {
 		t.Fatal(err)
@@ -1265,7 +1264,7 @@ route:
 
 func TestDispatcher_DoMaintenance(t *testing.T) {
 	r := prometheus.NewRegistry()
-	marker := promTypes.NewMarker(r)
+	marker := alertmanagertypes.NewMarker(r)
 
 	alerts, err := mem.NewAlerts(context.Background(), marker, time.Minute, 0, nil, promslog.NewNopLogger(), prometheus.NewRegistry(), nil)
 	if err != nil {
@@ -1371,7 +1370,7 @@ route:
 			providerSettings := createTestProviderSettings()
 			logger := providerSettings.Logger
 			route := dispatch.NewRoute(conf.Route, nil)
-			marker := promTypes.NewMarker(prometheus.NewRegistry())
+			marker := alertmanagertypes.NewMarker(prometheus.NewRegistry())
 			alerts, err := mem.NewAlerts(context.Background(), marker, time.Hour, 0, nil, logger, prometheus.NewRegistry(), nil)
 			if err != nil {
 				t.Fatal(err)

pkg/alertmanager/alertmanagerserver/maintenance_muter.go

@@ -1,95 +0,0 @@
-package alertmanagerserver
-
-import (
-	"context"
-	"log/slog"
-	"sync"
-	"time"
-
-	"github.com/prometheus/common/model"
-
-	"github.com/SigNoz/signoz/pkg/types/ruletypes"
-)
-
-// MaintenanceMuter implements types.Muter for maintenance windows.
-// It suppresses alerts whose ruleId label matches an active maintenance schedule.
-// Results are cached for cacheTTL to avoid a DB query on every per-alert check.
-type MaintenanceMuter struct {
-	maintenanceStore ruletypes.MaintenanceStore
-	orgID            string
-	logger           *slog.Logger
-
-	mu          sync.RWMutex
-	cached      []*ruletypes.PlannedMaintenance
-	cacheExpiry time.Time
-}
-
-const maintenanceCacheTTL = 30 * time.Second
-
-func NewMaintenanceMuter(store ruletypes.MaintenanceStore, orgID string, logger *slog.Logger) *MaintenanceMuter {
-	return &MaintenanceMuter{
-		maintenanceStore: store,
-		orgID:            orgID,
-		logger:           logger,
-	}
-}
-
-func (m *MaintenanceMuter) Mutes(ctx context.Context, lset model.LabelSet) bool {
-	ruleID := string(lset[ruletypes.AlertRuleIDLabel])
-	if ruleID == "" {
-		return false
-	}
-	now := time.Now()
-	for _, mw := range m.getMaintenances(ctx) {
-		if mw.ShouldSkip(ruleID, now, lset) {
-			return true
-		}
-	}
-	return false
-}
-
-// MutedBy returns the IDs of all active maintenance windows currently
-// suppressing the alert identified by lset. It is used to populate the
-// `mutedBy` field on the v2 API alert response so that maintenance-suppressed
-// alerts surface as `state=suppressed` in GetAlerts responses.
-func (m *MaintenanceMuter) MutedBy(ctx context.Context, lset model.LabelSet) []string {
-	ruleID := string(lset[ruletypes.AlertRuleIDLabel])
-	if ruleID == "" {
-		return nil
-	}
-	var ids []string
-	now := time.Now()
-	for _, mw := range m.getMaintenances(ctx) {
-		if mw.ShouldSkip(ruleID, now, lset) {
-			ids = append(ids, mw.ID.String())
-		}
-	}
-	return ids
-}
-
-func (m *MaintenanceMuter) getMaintenances(ctx context.Context) []*ruletypes.PlannedMaintenance {
-	m.mu.RLock()
-	if time.Now().Before(m.cacheExpiry) {
-		cached := m.cached
-		m.mu.RUnlock()
-		return cached
-	}
-	m.mu.RUnlock()
-
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	// Double-check after acquiring write lock.
-	if time.Now().Before(m.cacheExpiry) {
-		return m.cached
-	}
-
-	mws, err := m.maintenanceStore.ListPlannedMaintenance(ctx, m.orgID)
-	if err != nil {
-		m.logger.ErrorContext(ctx, "failed to list planned maintenance windows; alerts will not be suppressed", slog.String("org_id", m.orgID))
-		return m.cached // return stale (potentially empty) cache on error
-	}
-	m.cached = mws
-	m.cacheExpiry = time.Now().Add(maintenanceCacheTTL)
-	return m.cached
-}

pkg/alertmanager/alertmanagerserver/pipeline_builder.go

@@ -1,109 +0,0 @@
-// Copyright (c) 2026 SigNoz, Inc.
-// Copyright 2015 Prometheus Team
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package alertmanagerserver
-
-import (
-	"time"
-
-	"github.com/prometheus/alertmanager/featurecontrol"
-	"github.com/prometheus/alertmanager/inhibit"
-	"github.com/prometheus/alertmanager/nflog/nflogpb"
-	"github.com/prometheus/alertmanager/notify"
-	"github.com/prometheus/alertmanager/silence"
-	"github.com/prometheus/alertmanager/timeinterval"
-	"github.com/prometheus/alertmanager/types"
-	"github.com/prometheus/client_golang/prometheus"
-)
-
-// pipelineBuilder is a local copy of notify.PipelineBuilder that injects
-// the maintenance mute stage immediately before the receiver stage.
-//
-// We maintain our own copy so we can control exactly where in the pipeline
-// the maintenance stage runs (between the silence stage and the receiver),
-// which is not possible by wrapping the output of the upstream builder.
-//
-// Upstream pipeline order:
-// GossipSettle → Inhibit → TimeActive → TimeMute → Silence → [mms] → Receiver
-type pipelineBuilder struct {
-	metrics *notify.Metrics
-	ff      featurecontrol.Flagger
-}
-
-func newPipelineBuilder(
-	r prometheus.Registerer,
-	ff featurecontrol.Flagger,
-) *pipelineBuilder {
-	return &pipelineBuilder{
-		metrics: notify.NewMetrics(r, ff),
-		ff:      ff,
-	}
-}
-
-// New returns a map of receivers to Stages, mirroring notify.PipelineBuilder.New
-// but inserting a maintenanceMuteStage between the silence stage and the receiver.
-func (pb *pipelineBuilder) New(
-	receivers map[string][]notify.Integration,
-	wait func() time.Duration,
-	inhibitor *inhibit.Inhibitor,
-	silencer *silence.Silencer,
-	intervener *timeinterval.Intervener,
-	marker types.GroupMarker,
-	muter *MaintenanceMuter,
-	notificationLog notify.NotificationLog,
-	peer notify.Peer,
-) notify.RoutingStage {
-	rs := make(notify.RoutingStage, len(receivers))
-
-	ms := notify.NewGossipSettleStage(peer)
-	is := notify.NewMuteStage(inhibitor, pb.metrics)
-	tas := notify.NewTimeActiveStage(intervener, marker, pb.metrics)
-	tms := notify.NewTimeMuteStage(intervener, marker, pb.metrics)
-	ss := notify.NewMuteStage(silencer, pb.metrics)
-	mms := notify.NewMuteStage(muter, pb.metrics)
-
-	for name := range receivers {
-		stages := notify.MultiStage{ms, is, tas, tms, ss, mms}
-		stages = append(stages, createReceiverStage(name, receivers[name], wait, notificationLog, pb.metrics))
-		rs[name] = stages
-	}
-
-	pb.metrics.InitializeFor(receivers)
-	return rs
-}
-
-// createReceiverStage is a copy of notify.createReceiverStage (unexported upstream).
-func createReceiverStage(
-	name string,
-	integrations []notify.Integration,
-	wait func() time.Duration,
-	notificationLog notify.NotificationLog,
-	metrics *notify.Metrics,
-) notify.Stage {
-	var fs notify.FanoutStage
-	for i := range integrations {
-		recv := &nflogpb.Receiver{
-			GroupName:   name,
-			Integration: integrations[i].Name(),
-			Idx:         uint32(integrations[i].Index()),
-		}
-		var s notify.MultiStage
-		s = append(s, notify.NewWaitStage(wait))
-		s = append(s, notify.NewDedupStage(&integrations[i], notificationLog, recv))
-		s = append(s, notify.NewRetryStage(integrations[i], name, metrics))
-		s = append(s, notify.NewSetNotifiesStage(notificationLog, recv))
-		fs = append(fs, s)
-	}
-	return fs
-}

pkg/alertmanager/alertmanagerserver/server.go

@@ -26,13 +26,14 @@ import (
 	"github.com/SigNoz/signoz/pkg/alertmanager/nfmanager"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types/alertmanagertypes"
-	"github.com/SigNoz/signoz/pkg/types/ruletypes"
 )
 
-// This is not a real snapshot file and will never be used. We need this placeholder to ensure maintenance runs on shutdown.
-// See https://github.com/prometheus/alertmanager/blob/3ee2cd0f1271e277295c02b6160507b4d193dde2/silence/silence.go#L435-L438
-// and https://github.com/prometheus/alertmanager/blob/3b06b97af4d146e141af92885a185891eb79a5b0/nflog/nflog.go#L362.
-var snapfnoop string = "snapfnoop"
+var (
+	// This is not a real file and will never be used. We need this placeholder to ensure maintenance runs on shutdown. See
+	// https://github.com/prometheus/server/blob/3ee2cd0f1271e277295c02b6160507b4d193dde2/silence/silence.go#L435-L438
+	// and https://github.com/prometheus/server/blob/3b06b97af4d146e141af92885a185891eb79a5b0/nflog/nflog.go#L362.
+	snapfnoop string = "snapfnoop"
+)
 
 type Server struct {
 	// logger is the logger for the alertmanager
@@ -62,25 +63,15 @@ type Server struct {
 	silencer            *silence.Silencer
 	silences            *silence.Silences
 	timeIntervals       map[string][]timeinterval.TimeInterval
-	pipelineBuilder     *pipelineBuilder
-	muter               *MaintenanceMuter
-	marker              *types.MemMarker
+	pipelineBuilder     *notify.PipelineBuilder
+	marker              *alertmanagertypes.MemMarker
 	tmpl                *template.Template
 	wg                  sync.WaitGroup
 	stopc               chan struct{}
 	notificationManager nfmanager.NotificationManager
 }
 
-func New(
-	ctx context.Context,
-	logger *slog.Logger,
-	registry prometheus.Registerer,
-	srvConfig Config,
-	orgID string,
-	stateStore alertmanagertypes.StateStore,
-	nfManager nfmanager.NotificationManager,
-	maintenanceStore ruletypes.MaintenanceStore,
-) (*Server, error) {
+func New(ctx context.Context, logger *slog.Logger, registry prometheus.Registerer, srvConfig Config, orgID string, stateStore alertmanagertypes.StateStore, nfManager nfmanager.NotificationManager) (*Server, error) {
 	server := &Server{
 		logger:              logger.With(slog.String("pkg", "go.signoz.io/pkg/alertmanager/alertmanagerserver")),
 		registry:            registry,
@@ -93,7 +84,7 @@ func New(
 	signozRegisterer := prometheus.WrapRegistererWithPrefix("signoz_", registry)
 	signozRegisterer = prometheus.WrapRegistererWith(prometheus.Labels{"org_id": server.orgID}, signozRegisterer)
 	// initialize marker
-	server.marker = types.NewMarker(signozRegisterer)
+	server.marker = alertmanagertypes.NewMarker(signozRegisterer)
 
 	// get silences for initial state
 	state, err := server.stateStore.Get(ctx, server.orgID)
@@ -169,6 +160,7 @@ func New(
 
 			return c, server.stateStore.Set(ctx, storableSilences)
 		})
+
 	}()
 
 	// Start maintenance for notification logs
@@ -204,25 +196,17 @@ func New(
 		return nil, err
 	}
 
-	server.muter = NewMaintenanceMuter(maintenanceStore, orgID, server.logger)
-	server.pipelineBuilder = newPipelineBuilder(signozRegisterer, featurecontrol.NoopFlags{})
+	server.pipelineBuilder = notify.NewPipelineBuilder(signozRegisterer, featurecontrol.NoopFlags{})
 	server.dispatcherMetrics = NewDispatcherMetrics(false, signozRegisterer)
 
 	return server, nil
 }
 
 func (server *Server) GetAlerts(ctx context.Context, params alertmanagertypes.GettableAlertsParams) (alertmanagertypes.GettableAlerts, error) {
-	return alertmanagertypes.NewGettableAlertsFromAlertProvider(
-		server.alerts, server.alertmanagerConfig, server.marker.Status,
-		func(labels model.LabelSet) {
-			server.inhibitor.Mutes(ctx, labels)
-			server.silencer.Mutes(ctx, labels)
-		},
-		func(labels model.LabelSet) []string {
-			return server.muter.MutedBy(ctx, labels)
-		},
-		params,
-	)
+	return alertmanagertypes.NewGettableAlertsFromAlertProvider(server.alerts, server.alertmanagerConfig, server.marker.Status, func(labels model.LabelSet) {
+		server.inhibitor.Mutes(ctx, labels)
+		server.silencer.Mutes(ctx, labels)
+	}, params)
 }
 
 func (server *Server) PutAlerts(ctx context.Context, postableAlerts alertmanagertypes.PostableAlerts) error {
@@ -306,7 +290,6 @@ func (server *Server) SetConfig(ctx context.Context, alertmanagerConfig *alertma
 		server.silencer,
 		intervener,
 		server.marker,
-		server.muter,
 		server.nflog,
 		pipelinePeer,
 	)

pkg/alertmanager/alertmanagerserver/server_e2e_test.go

@@ -7,10 +7,6 @@ import (
 	"testing"
 	"time"
 
-	sqlmock "github.com/DATA-DOG/go-sqlmock"
-	"github.com/SigNoz/signoz/pkg/ruler/rulestore/sqlrulestore"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstoretest"
 	"github.com/SigNoz/signoz/pkg/types/alertmanagertypes/alertmanagertypestest"
 	"github.com/prometheus/alertmanager/dispatch"
 
@@ -94,8 +90,7 @@ func TestEndToEndAlertManagerFlow(t *testing.T) {
 	stateStore := alertmanagertypestest.NewStateStore()
 	registry := prometheus.NewRegistry()
 	logger := slog.New(slog.DiscardHandler)
-	maintenanceStore := sqlrulestore.NewMaintenanceStore(sqlstoretest.New(sqlstore.Config{Provider: "sqlite"}, sqlmock.QueryMatcherEqual))
-	server, err := New(context.Background(), logger, registry, srvCfg, orgID, stateStore, notificationManager, maintenanceStore)
+	server, err := New(context.Background(), logger, registry, srvCfg, orgID, stateStore, notificationManager)
 	require.NoError(t, err)
 	amConfig, err := alertmanagertypes.NewDefaultConfig(srvCfg.Global, srvCfg.Route, orgID)
 	require.NoError(t, err)

pkg/alertmanager/alertmanagerserver/server_test.go

@@ -10,14 +10,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/DATA-DOG/go-sqlmock"
 	"github.com/SigNoz/signoz/pkg/alertmanager/nfmanager/nfmanagertest"
-	"github.com/SigNoz/signoz/pkg/ruler/rulestore/sqlrulestore"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstoretest"
 	"github.com/SigNoz/signoz/pkg/types/alertmanagertypes"
 	"github.com/SigNoz/signoz/pkg/types/alertmanagertypes/alertmanagertypestest"
-	"github.com/SigNoz/signoz/pkg/types/ruletypes"
 	"github.com/go-openapi/strfmt"
 	"github.com/prometheus/alertmanager/api/v2/models"
 	"github.com/prometheus/alertmanager/config"
@@ -28,14 +23,9 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func newTestMaintenanceStore() ruletypes.MaintenanceStore {
-	ss := sqlstoretest.New(sqlstore.Config{Provider: "sqlite"}, sqlmock.QueryMatcherEqual)
-	return sqlrulestore.NewMaintenanceStore(ss)
-}
-
 func TestServerSetConfigAndStop(t *testing.T) {
 	notificationManager := nfmanagertest.NewMock()
-	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), NewConfig(), "1", alertmanagertypestest.NewStateStore(), notificationManager, newTestMaintenanceStore())
+	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), NewConfig(), "1", alertmanagertypestest.NewStateStore(), notificationManager)
 	require.NoError(t, err)
 
 	amConfig, err := alertmanagertypes.NewDefaultConfig(alertmanagertypes.GlobalConfig{}, alertmanagertypes.RouteConfig{GroupInterval: 1 * time.Minute, RepeatInterval: 1 * time.Minute, GroupWait: 1 * time.Minute}, "1")
@@ -47,7 +37,7 @@ func TestServerSetConfigAndStop(t *testing.T) {
 
 func TestServerTestReceiverTypeWebhook(t *testing.T) {
 	notificationManager := nfmanagertest.NewMock()
-	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), NewConfig(), "1", alertmanagertypestest.NewStateStore(), notificationManager, newTestMaintenanceStore())
+	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), NewConfig(), "1", alertmanagertypestest.NewStateStore(), notificationManager)
 	require.NoError(t, err)
 
 	amConfig, err := alertmanagertypes.NewDefaultConfig(alertmanagertypes.GlobalConfig{}, alertmanagertypes.RouteConfig{GroupInterval: 1 * time.Minute, RepeatInterval: 1 * time.Minute, GroupWait: 1 * time.Minute}, "1")
@@ -95,7 +85,7 @@ func TestServerPutAlerts(t *testing.T) {
 	srvCfg := NewConfig()
 	srvCfg.Route.GroupInterval = 1 * time.Second
 	notificationManager := nfmanagertest.NewMock()
-	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), srvCfg, "1", stateStore, notificationManager, newTestMaintenanceStore())
+	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), srvCfg, "1", stateStore, notificationManager)
 	require.NoError(t, err)
 
 	amConfig, err := alertmanagertypes.NewDefaultConfig(srvCfg.Global, srvCfg.Route, "1")
@@ -143,7 +133,7 @@ func TestServerTestAlert(t *testing.T) {
 	srvCfg := NewConfig()
 	srvCfg.Route.GroupInterval = 1 * time.Second
 	notificationManager := nfmanagertest.NewMock()
-	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), srvCfg, "1", stateStore, notificationManager, newTestMaintenanceStore())
+	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), srvCfg, "1", stateStore, notificationManager)
 	require.NoError(t, err)
 
 	amConfig, err := alertmanagertypes.NewDefaultConfig(srvCfg.Global, srvCfg.Route, "1")
@@ -248,7 +238,7 @@ func TestServerTestAlertContinuesOnFailure(t *testing.T) {
 	srvCfg := NewConfig()
 	srvCfg.Route.GroupInterval = 1 * time.Second
 	notificationManager := nfmanagertest.NewMock()
-	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), srvCfg, "1", stateStore, notificationManager, newTestMaintenanceStore())
+	server, err := New(context.Background(), slog.New(slog.DiscardHandler), prometheus.NewRegistry(), srvCfg, "1", stateStore, notificationManager)
 	require.NoError(t, err)
 
 	amConfig, err := alertmanagertypes.NewDefaultConfig(srvCfg.Global, srvCfg.Route, "1")

pkg/alertmanager/service.go

@@ -14,7 +14,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/types/alertmanagertypes"
-	"github.com/SigNoz/signoz/pkg/types/ruletypes"
 )
 
 type Service struct {
@@ -40,18 +39,16 @@ type Service struct {
 	serversMtx sync.RWMutex
 
 	notificationManager nfmanager.NotificationManager
-
-	maintenanceStore ruletypes.MaintenanceStore
 }
 
 func New(
+	ctx context.Context,
 	settings factory.ScopedProviderSettings,
 	config alertmanagerserver.Config,
 	stateStore alertmanagertypes.StateStore,
 	configStore alertmanagertypes.ConfigStore,
 	orgGetter organization.Getter,
 	nfManager nfmanager.NotificationManager,
-	maintenanceStore ruletypes.MaintenanceStore,
 ) *Service {
 	service := &Service{
 		config:              config,
@@ -62,7 +59,6 @@ func New(
 		servers:             make(map[string]*alertmanagerserver.Server),
 		serversMtx:          sync.RWMutex{},
 		notificationManager: nfManager,
-		maintenanceStore:    maintenanceStore,
 	}
 
 	return service
@@ -181,10 +177,7 @@ func (service *Service) newServer(ctx context.Context, orgID string) (*alertmana
 		return nil, err
 	}
 
-	server, err := alertmanagerserver.New(
-		ctx, service.settings.Logger(), service.settings.PrometheusRegisterer(), service.config, orgID,
-		service.stateStore, service.notificationManager, service.maintenanceStore,
-	)
+	server, err := alertmanagerserver.New(ctx, service.settings.Logger(), service.settings.PrometheusRegisterer(), service.config, orgID, service.stateStore, service.notificationManager)
 	if err != nil {
 		return nil, err
 	}

pkg/alertmanager/signozalertmanager/provider.go

@@ -4,21 +4,22 @@ import (
 	"context"
 	"time"
 
-	amConfig "github.com/prometheus/alertmanager/config"
 	"github.com/prometheus/common/model"
 
+	"github.com/SigNoz/signoz/pkg/query-service/utils/labels"
+
+	amConfig "github.com/prometheus/alertmanager/config"
+
 	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/alertmanager/alertmanagerstore/sqlalertmanagerstore"
 	"github.com/SigNoz/signoz/pkg/alertmanager/nfmanager"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/query-service/utils/labels"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/alertmanagertypes"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/ruletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
@@ -29,49 +30,35 @@ type provider struct {
 	configStore         alertmanagertypes.ConfigStore
 	stateStore          alertmanagertypes.StateStore
 	notificationManager nfmanager.NotificationManager
-	maintenanceStore    ruletypes.MaintenanceStore
 	stopC               chan struct{}
 }
 
-func NewFactory(
-	sqlstore sqlstore.SQLStore,
-	orgGetter organization.Getter,
-	notificationManager nfmanager.NotificationManager,
-	maintenanceStore ruletypes.MaintenanceStore,
-) factory.ProviderFactory[alertmanager.Alertmanager, alertmanager.Config] {
+func NewFactory(sqlstore sqlstore.SQLStore, orgGetter organization.Getter, notificationManager nfmanager.NotificationManager) factory.ProviderFactory[alertmanager.Alertmanager, alertmanager.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("signoz"), func(ctx context.Context, settings factory.ProviderSettings, config alertmanager.Config) (alertmanager.Alertmanager, error) {
-		return New(settings, config, sqlstore, orgGetter, notificationManager, maintenanceStore)
+		return New(ctx, settings, config, sqlstore, orgGetter, notificationManager)
 	})
 }
 
-func New(
-	providerSettings factory.ProviderSettings,
-	config alertmanager.Config,
-	sqlstore sqlstore.SQLStore,
-	orgGetter organization.Getter,
-	notificationManager nfmanager.NotificationManager,
-	maintenanceStore ruletypes.MaintenanceStore,
-) (*provider, error) {
+func New(ctx context.Context, providerSettings factory.ProviderSettings, config alertmanager.Config, sqlstore sqlstore.SQLStore, orgGetter organization.Getter, notificationManager nfmanager.NotificationManager) (*provider, error) {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/alertmanager/signozalertmanager")
 	configStore := sqlalertmanagerstore.NewConfigStore(sqlstore)
 	stateStore := sqlalertmanagerstore.NewStateStore(sqlstore)
 
 	p := &provider{
 		service: alertmanager.New(
+			ctx,
 			settings,
 			config.Signoz.Config,
 			stateStore,
 			configStore,
 			orgGetter,
 			notificationManager,
-			maintenanceStore,
 		),
 		settings:            settings,
 		config:              config,
 		configStore:         configStore,
 		stateStore:          stateStore,
 		notificationManager: notificationManager,
-		maintenanceStore:    maintenanceStore,
 		stopC:               make(chan struct{}),
 	}
 

pkg/apiserver/signozapiserver/authdomain.go

@@ -34,9 +34,9 @@ func (provider *provider) addAuthDomainRoutes(router *mux.Router) error {
 		Description:         "This endpoint creates an auth domain",
 		Request:             new(authtypes.PostableAuthDomain),
 		RequestContentType:  "application/json",
-		Response:            new(authtypes.GettableAuthDomain),
+		Response:            new(types.Identifiable),
 		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
+		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
 		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
@@ -66,7 +66,7 @@ func (provider *provider) addAuthDomainRoutes(router *mux.Router) error {
 		Tags:                []string{"authdomains"},
 		Summary:             "Update auth domain",
 		Description:         "This endpoint updates an auth domain",
-		Request:             new(authtypes.UpdateableAuthDomain),
+		Request:             new(authtypes.UpdatableAuthDomain),
 		RequestContentType:  "application/json",
 		Response:            nil,
 		ResponseContentType: "",

pkg/apiserver/signozapiserver/dashboard.go

@@ -13,6 +13,165 @@ import (
 )
 
 func (provider *provider) addDashboardRoutes(router *mux.Router) error {
+	if err := router.Handle("/api/v2/dashboards", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.CreateV2), handler.OpenAPIDef{
+		ID:                  "CreateDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Create dashboard (v2)",
+		Description:         "This endpoint creates a v2-shape dashboard with structured metadata, a typed data tree, and resolved tags.",
+		Request:             new(dashboardtypes.PostableDashboardV2),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusCreated,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authZ.ViewAccess(provider.dashboardHandler.GetV2), handler.OpenAPIDef{
+		ID:                  "GetDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Get dashboard (v2)",
+		Description:         "This endpoint returns a v2-shape dashboard with its tags and public sharing config (if any).",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.UpdateV2), handler.OpenAPIDef{
+		ID:                  "UpdateDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Update dashboard (v2)",
+		Description:         "This endpoint updates a v2-shape dashboard's metadata, data, and tag set. Locked dashboards are rejected.",
+		Request:             new(dashboardtypes.UpdateableDashboardV2),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.PatchV2), handler.OpenAPIDef{
+		ID:                  "PatchDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Patch dashboard (v2)",
+		Description:         "This endpoint applies an RFC 6902 JSON Patch to a v2-shape dashboard. The patch is applied against the postable view of the dashboard (metadata, data, tags), so individual panels, queries, variables, layouts, or tags can be updated without re-sending the rest of the dashboard. Locked dashboards are rejected.",
+		Request:             new(dashboardtypes.JSONPatchDocument),
+		// Strictly per RFC 6902 the content type is `application/json-patch+json`,
+		// but our OpenAPI generator only reflects schemas for content types it
+		// understands (application/json, form-urlencoded, multipart) — anything
+		// else degrades to `type: string`. Declaring application/json here keeps
+		// the array-of-ops schema visible to spec consumers; the runtime decoder
+		// parses JSON regardless of the request's actual Content-Type header.
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPatch).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/lock", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.LockV2), handler.OpenAPIDef{
+		ID:                  "LockDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Lock dashboard (v2)",
+		Description:         "This endpoint locks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/lock", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.UnlockV2), handler.OpenAPIDef{
+		ID:                  "UnlockDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Unlock dashboard (v2)",
+		Description:         "This endpoint unlocks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/public", handler.New(provider.authZ.AdminAccess(provider.dashboardHandler.CreatePublicV2), handler.OpenAPIDef{
+		ID:                  "CreatePublicDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Make a dashboard v2 public",
+		Description:         "This endpoint creates the public sharing config for a v2 dashboard and returns the dashboard with the new public config attached. Lock state does not gate this endpoint.",
+		Request:             new(dashboardtypes.PostablePublicDashboard),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodPatch).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authZ.EditAccess(provider.dashboardHandler.DeleteV2), handler.OpenAPIDef{
+		ID:                  "DeleteDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Delete dashboard (v2)",
+		Description:         "This endpoint soft-deletes a v2-shape dashboard. Locked dashboards are rejected. Hard deletion happens later via the purge cron.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/public", handler.New(provider.authZ.AdminAccess(provider.dashboardHandler.UpdatePublicV2), handler.OpenAPIDef{
+		ID:                  "UpdatePublicDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Update public sharing config for a dashboard v2",
+		Description:         "This endpoint updates the public sharing config (time range settings) of an already-public v2 dashboard. Lock state does not gate this endpoint.",
+		Request:             new(dashboardtypes.UpdatablePublicDashboard),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/dashboards/{id}/public", handler.New(provider.authZ.AdminAccess(provider.dashboardHandler.CreatePublic), handler.OpenAPIDef{
 		ID:                  "CreatePublicDashboard",
 		Tags:                []string{"dashboard"},

pkg/config/envprovider/provider_test.go

@@ -2,8 +2,6 @@ package envprovider
 
 import (
 	"context"
-	"os"
-	"strings"
 	"testing"
 
 	"github.com/SigNoz/signoz/pkg/config"
@@ -11,21 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-// clearSignozEnv unsets all existing SIGNOZ_* env vars for the duration of the test.
-func clearSignozEnv(t *testing.T) {
-	t.Helper()
-	for _, kv := range os.Environ() {
-		if strings.HasPrefix(kv, prefix) {
-			key := strings.SplitN(kv, "=", 2)[0]
-			orig, _ := os.LookupEnv(key)
-			os.Unsetenv(key)
-			t.Cleanup(func() { os.Setenv(key, orig) })
-		}
-	}
-}
-
 func TestGetWithStrings(t *testing.T) {
-	clearSignozEnv(t)
 	t.Setenv("SIGNOZ_K1_K2", "string")
 	t.Setenv("SIGNOZ_K3__K4", "string")
 	t.Setenv("SIGNOZ_K5__K6_K7__K8", "string")
@@ -47,7 +31,6 @@ func TestGetWithStrings(t *testing.T) {
 }
 
 func TestGetWithNoPrefix(t *testing.T) {
-	clearSignozEnv(t)
 	t.Setenv("K1_K2", "string")
 	t.Setenv("K3_K4", "string")
 	expected := map[string]any{}
@@ -60,7 +43,6 @@ func TestGetWithNoPrefix(t *testing.T) {
 }
 
 func TestGetWithGoTypes(t *testing.T) {
-	clearSignozEnv(t)
 	t.Setenv("SIGNOZ_BOOL", "true")
 	t.Setenv("SIGNOZ_STRING", "string")
 	t.Setenv("SIGNOZ_INT", "1")

pkg/modules/authdomain/implauthdomain/handler.go

@@ -142,7 +142,7 @@ func (handler *handler) Update(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	body := new(authtypes.UpdateableAuthDomain)
+	body := new(authtypes.UpdatableAuthDomain)
 	if err := binding.JSON.BindBody(r.Body, body); err != nil {
 		render.Error(rw, err)
 		return

pkg/modules/dashboard/dashboard.go

@@ -52,6 +52,26 @@ type Module interface {
 	statsreporter.StatsCollector
 
 	authz.RegisterTypeable
+
+	// ════════════════════════════════════════════════════════════════════════
+	// v2 dashboard methods
+	// ════════════════════════════════════════════════════════════════════════
+
+	CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error)
+
+	UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error
+
+	CreatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, postable dashboardtypes.PostablePublicDashboard) (*dashboardtypes.DashboardV2, error)
+
+	UpdatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatable dashboardtypes.UpdatablePublicDashboard) (*dashboardtypes.DashboardV2, error)
+
+	DeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, deletedBy string) error
 }
 
 type Handler interface {
@@ -74,4 +94,25 @@ type Handler interface {
 	LockUnlock(http.ResponseWriter, *http.Request)
 
 	Delete(http.ResponseWriter, *http.Request)
+
+	// ════════════════════════════════════════════════════════════════════════
+	// v2 dashboard methods
+	// ════════════════════════════════════════════════════════════════════════
+	CreateV2(http.ResponseWriter, *http.Request)
+
+	GetV2(http.ResponseWriter, *http.Request)
+
+	UpdateV2(http.ResponseWriter, *http.Request)
+
+	PatchV2(http.ResponseWriter, *http.Request)
+
+	LockV2(http.ResponseWriter, *http.Request)
+
+	UnlockV2(http.ResponseWriter, *http.Request)
+
+	CreatePublicV2(http.ResponseWriter, *http.Request)
+
+	UpdatePublicV2(http.ResponseWriter, *http.Request)
+
+	DeleteV2(http.ResponseWriter, *http.Request)
 }

pkg/modules/dashboard/dashboardpurger/config.go

@@ -0,0 +1,46 @@
+package dashboardpurger
+
+import (
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+)
+
+type Config struct {
+	// Interval between successive purge passes.
+	Interval time.Duration `mapstructure:"interval"`
+
+	// BatchSize is the maximum number of dashboards hard-deleted per pass.
+	// Caps the size of the IN(...) clause and bounds tx duration.
+	BatchSize int `mapstructure:"batch_size"`
+
+	// Retention is how long a soft-deleted dashboard sticks around before
+	// becoming eligible for hard deletion.
+	Retention time.Duration `mapstructure:"retention"`
+}
+
+func NewConfigFactory() factory.ConfigFactory {
+	return factory.NewConfigFactory(factory.MustNewName("dashboardpurger"), newConfig)
+}
+
+func newConfig() factory.Config {
+	return &Config{
+		Interval:  1 * time.Hour,
+		BatchSize: 100,
+		Retention: 7 * 24 * time.Hour,
+	}
+}
+
+func (c Config) Validate() error {
+	if c.Interval <= 0 {
+		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "interval must be positive")
+	}
+	if c.BatchSize <= 0 {
+		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "batch_size must be positive")
+	}
+	if c.Retention < 0 {
+		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "retention must not be negative")
+	}
+	return nil
+}

pkg/modules/dashboard/dashboardpurger/purger.go

@@ -0,0 +1,79 @@
+package dashboardpurger
+
+import (
+	"context"
+	"log/slog"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+)
+
+type Purger interface {
+	factory.Service
+}
+
+type purger struct {
+	config   Config
+	settings factory.ScopedProviderSettings
+	store    dashboardtypes.Store
+	stopC    chan struct{}
+}
+
+func NewFactory(store dashboardtypes.Store) factory.ProviderFactory[Purger, Config] {
+	return factory.NewProviderFactory(factory.MustNewName("dashboardpurger"), func(ctx context.Context, providerSettings factory.ProviderSettings, config Config) (Purger, error) {
+		return New(ctx, providerSettings, config, store)
+	})
+}
+
+func New(_ context.Context, providerSettings factory.ProviderSettings, config Config, store dashboardtypes.Store) (Purger, error) {
+	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/modules/dashboard/dashboardpurger")
+	return &purger{
+		config:   config,
+		settings: settings,
+		store:    store,
+		stopC:    make(chan struct{}),
+	}, nil
+}
+
+func (p *purger) Start(ctx context.Context) error {
+	ticker := time.NewTicker(p.config.Interval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-p.stopC:
+			return nil
+		case <-ticker.C:
+			ctx, span := p.settings.Tracer().Start(ctx, "dashboardpurger.Sweep")
+			if err := p.sweep(ctx); err != nil {
+				span.RecordError(err)
+				p.settings.Logger().ErrorContext(ctx, "dashboard purge sweep failed", errors.Attr(err))
+			}
+			span.End()
+		}
+	}
+}
+
+func (p *purger) Stop(_ context.Context) error {
+	close(p.stopC)
+	return nil
+}
+
+// sweep does at most one batch per call. The ticker drives further passes; if
+// purge volume is bursty the next tick will pick up the rest.
+func (p *purger) sweep(ctx context.Context) error {
+	ids, err := p.store.ListPurgeable(ctx, p.config.Retention, p.config.BatchSize)
+	if err != nil {
+		return err
+	}
+	if len(ids) == 0 {
+		return nil
+	}
+	if err := p.store.HardDelete(ctx, ids); err != nil {
+		return err
+	}
+	p.settings.Logger().InfoContext(ctx, "hard-deleted soft-deleted dashboards", slog.Int("count", len(ids)))
+	return nil
+}

pkg/modules/dashboard/impldashboard/module.go

@@ -10,7 +10,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/queryparser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
@@ -20,20 +22,24 @@ import (
 
 type module struct {
 	store       dashboardtypes.Store
+	sqlstore    sqlstore.SQLStore
 	settings    factory.ScopedProviderSettings
 	analytics   analytics.Analytics
 	orgGetter   organization.Getter
 	queryParser queryparser.QueryParser
+	tagModule   tag.Module
 }
 
-func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser) dashboard.Module {
+func NewModule(store dashboardtypes.Store, sqlstore sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, tagModule tag.Module) dashboard.Module {
 	scopedProviderSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard")
 	return &module{
 		store:       store,
+		sqlstore:    sqlstore,
 		settings:    scopedProviderSettings,
 		analytics:   analytics,
 		orgGetter:   orgGetter,
 		queryParser: queryParser,
+		tagModule:   tagModule,
 	}
 }
 

pkg/modules/dashboard/impldashboard/store.go

@@ -2,10 +2,13 @@ package impldashboard
 
 import (
 	"context"
+	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -63,6 +66,195 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 	return storableDashboard, nil
 }
 
+func (store *store) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.StorableDashboard, *dashboardtypes.StorablePublicDashboard, error) {
+	type joinedRow struct {
+		bun.BaseModel `bun:"table:dashboard,alias:d"`
+
+		ID        valuer.UUID                          `bun:"id"`
+		OrgID     valuer.UUID                          `bun:"org_id"`
+		Data      dashboardtypes.StorableDashboardData `bun:"data"`
+		Locked    bool                                 `bun:"locked"`
+		CreatedAt time.Time                            `bun:"created_at"`
+		CreatedBy string                               `bun:"created_by"`
+		UpdatedAt time.Time                            `bun:"updated_at"`
+		UpdatedBy string                               `bun:"updated_by"`
+
+		PublicID               *valuer.UUID `bun:"public_id"`
+		PublicCreatedAt        *time.Time   `bun:"public_created_at"`
+		PublicUpdatedAt        *time.Time   `bun:"public_updated_at"`
+		PublicTimeRangeEnabled *bool        `bun:"public_time_range_enabled"`
+		PublicDefaultTimeRange *string      `bun:"public_default_time_range"`
+	}
+
+	row := new(joinedRow)
+	err := store.
+		sqlstore.
+		BunDB().
+		NewSelect().
+		Model(row).
+		ColumnExpr("d.id, d.org_id, d.data, d.locked, d.created_at, d.created_by, d.updated_at, d.updated_by").
+		ColumnExpr("pd.id AS public_id, pd.created_at AS public_created_at, pd.updated_at AS public_updated_at, pd.time_range_enabled AS public_time_range_enabled, pd.default_time_range AS public_default_time_range").
+		Join("LEFT JOIN public_dashboard AS pd ON pd.dashboard_id = d.id").
+		Where("d.id = ?", id).
+		Where("d.org_id = ?", orgID).
+		Where("d.deleted_at IS NULL").
+		Scan(ctx)
+	if err != nil {
+		return nil, nil, store.sqlstore.WrapNotFoundErrf(err, dashboardtypes.ErrCodeDashboardNotFound, "dashboard with id %s doesn't exist", id)
+	}
+
+	storable := &dashboardtypes.StorableDashboard{
+		Identifiable:  types.Identifiable{ID: row.ID},
+		TimeAuditable: types.TimeAuditable{CreatedAt: row.CreatedAt, UpdatedAt: row.UpdatedAt},
+		UserAuditable: types.UserAuditable{CreatedBy: row.CreatedBy, UpdatedBy: row.UpdatedBy},
+		OrgID:         row.OrgID,
+		Data:          row.Data,
+		Locked:        row.Locked,
+	}
+
+	if row.PublicID == nil {
+		return storable, nil, nil
+	}
+	public := &dashboardtypes.StorablePublicDashboard{
+		Identifiable:     types.Identifiable{ID: *row.PublicID},
+		TimeAuditable:    types.TimeAuditable{CreatedAt: *row.PublicCreatedAt, UpdatedAt: *row.PublicUpdatedAt},
+		TimeRangeEnabled: *row.PublicTimeRangeEnabled,
+		DefaultTimeRange: *row.PublicDefaultTimeRange,
+		DashboardID:      row.ID.StringValue(),
+	}
+	return storable, public, nil
+}
+
+func (store *store) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, data dashboardtypes.StorableDashboardData) error {
+	res, err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewUpdate().
+		Model((*dashboardtypes.StorableDashboard)(nil)).
+		Set("data = ?", data).
+		Set("updated_by = ?", updatedBy).
+		Set("updated_at = ?", time.Now()).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Where("deleted_at IS NULL").
+		Exec(ctx)
+	if err != nil {
+		return err
+	}
+	rows, err := res.RowsAffected()
+	if err != nil {
+		return err
+	}
+	// Defends against the race where a soft-delete lands between the caller's
+	// pre-update GetV2 and this update.
+	if rows == 0 {
+		return errors.Newf(errors.TypeNotFound, dashboardtypes.ErrCodeDashboardNotFound, "dashboard with id %s doesn't exist", id)
+	}
+	return nil
+}
+
+func (store *store) ListPurgeable(ctx context.Context, retention time.Duration, limit int) ([]valuer.UUID, error) {
+	if limit <= 0 {
+		return nil, nil
+	}
+	cutoff := time.Now().Add(-retention)
+	ids := make([]valuer.UUID, 0, limit)
+	err := store.
+		sqlstore.
+		BunDB().
+		NewSelect().
+		Model((*dashboardtypes.StorableDashboard)(nil)).
+		Column("id").
+		Where("deleted_at IS NOT NULL").
+		Where("deleted_at < ?", cutoff).
+		Limit(limit).
+		Scan(ctx, &ids)
+	if err != nil {
+		return nil, err
+	}
+	return ids, nil
+}
+
+// HardDelete cascades to tag_relations and public_dashboard inside one
+// transaction so a partial failure leaves no orphans.
+func (store *store) HardDelete(ctx context.Context, ids []valuer.UUID) error {
+	if len(ids) == 0 {
+		return nil
+	}
+	return store.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
+		if _, err := store.sqlstore.BunDBCtx(ctx).
+			NewDelete().
+			Model((*tagtypes.TagRelation)(nil)).
+			Where("entity_id IN (?)", bun.In(ids)).
+			Exec(ctx); err != nil {
+			return err
+		}
+		if _, err := store.sqlstore.BunDBCtx(ctx).
+			NewDelete().
+			Model((*dashboardtypes.StorablePublicDashboard)(nil)).
+			Where("dashboard_id IN (?)", bun.In(ids)).
+			Exec(ctx); err != nil {
+			return err
+		}
+		_, err := store.sqlstore.BunDBCtx(ctx).
+			NewDelete().
+			Model((*dashboardtypes.StorableDashboard)(nil)).
+			Where("id IN (?)", bun.In(ids)).
+			Exec(ctx)
+		return err
+	})
+}
+
+func (store *store) SoftDeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, deletedBy string) error {
+	res, err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewUpdate().
+		Model((*dashboardtypes.StorableDashboard)(nil)).
+		Set("deleted_at = ?", time.Now()).
+		Set("deleted_by = ?", deletedBy).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Where("deleted_at IS NULL").
+		Exec(ctx)
+	if err != nil {
+		return err
+	}
+	rows, err := res.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if rows == 0 {
+		return errors.Newf(errors.TypeNotFound, dashboardtypes.ErrCodeDashboardNotFound, "dashboard with id %s doesn't exist", id)
+	}
+	return nil
+}
+
+func (store *store) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, locked bool, updatedBy string) error {
+	res, err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewUpdate().
+		Model((*dashboardtypes.StorableDashboard)(nil)).
+		Set("locked = ?", locked).
+		Set("updated_by = ?", updatedBy).
+		Set("updated_at = ?", time.Now()).
+		Where("id = ?", id).
+		Where("deleted_at IS NULL").
+		Exec(ctx)
+	if err != nil {
+		return err
+	}
+	rows, err := res.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if rows == 0 {
+		return errors.Newf(errors.TypeNotFound, dashboardtypes.ErrCodeDashboardNotFound, "dashboard with id %s doesn't exist", id)
+	}
+	return nil
+}
+
 func (store *store) GetPublic(ctx context.Context, dashboardID string) (*dashboardtypes.StorablePublicDashboard, error) {
 	storable := new(dashboardtypes.StorablePublicDashboard)
 	err := store.

pkg/modules/dashboard/impldashboard/v2_handler.go

@@ -0,0 +1,344 @@
+package impldashboard
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/gorilla/mux"
+)
+
+func (handler *handler) CreateV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.PostableDashboardV2{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.CreateV2(ctx, orgID, claims.Email, valuer.MustNewUUID(claims.IdentityID()), req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusCreated, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) GetV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.GetV2(ctx, orgID, dashboardID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) LockV2(rw http.ResponseWriter, r *http.Request) {
+	handler.lockUnlockV2(rw, r, true)
+}
+
+func (handler *handler) UnlockV2(rw http.ResponseWriter, r *http.Request) {
+	handler.lockUnlockV2(rw, r, false)
+}
+
+func (handler *handler) lockUnlockV2(rw http.ResponseWriter, r *http.Request, lock bool) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	isAdmin := false
+	selectors := []authtypes.Selector{
+		authtypes.MustNewSelector(authtypes.TypeRole, authtypes.SigNozAdminRoleName),
+	}
+	if err := handler.authz.CheckWithTupleCreation(
+		ctx,
+		claims,
+		valuer.MustNewUUID(claims.OrgID),
+		authtypes.RelationAssignee,
+		authtypes.TypeableRole,
+		selectors,
+		selectors,
+	); err == nil {
+		isAdmin = true
+	}
+
+	if err := handler.module.LockUnlockV2(ctx, orgID, dashboardID, claims.Email, isAdmin, lock); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}
+
+func (handler *handler) UpdateV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.UpdateableDashboardV2{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.UpdateV2(ctx, orgID, dashboardID, claims.Email, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) PatchV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.PatchableDashboardV2{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.PatchV2(ctx, orgID, dashboardID, claims.Email, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) CreatePublicV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.PostablePublicDashboard{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.CreatePublicV2(ctx, orgID, dashboardID, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) UpdatePublicV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.UpdatablePublicDashboard{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.UpdatePublicV2(ctx, orgID, dashboardID, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) DeleteV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	if err := handler.module.DeleteV2(ctx, orgID, dashboardID, claims.Email); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}

pkg/modules/dashboard/impldashboard/v2_module.go

@@ -0,0 +1,189 @@
+package impldashboard
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+func (module *module) CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	if err := postable.Validate(); err != nil {
+		return nil, err
+	}
+
+	// Tag upserts run outside the dashboard transaction by design: a successful
+	// upsert that loses an outer dashboard insert just leaves resolved tag rows
+	// around for the next attempt — preferable to coupling the two.
+	resolvedTags, err := module.tagModule.CreateMany(ctx, orgID, postable.Tags, createdBy)
+	if err != nil {
+		return nil, err
+	}
+
+	dashboard := dashboardtypes.NewDashboardV2(orgID, createdBy, postable, resolvedTags)
+
+	storableDashboard, err := dashboard.ToStorableDashboard()
+	if err != nil {
+		return nil, err
+	}
+
+	tagIDs := make([]valuer.UUID, len(resolvedTags))
+	for i, t := range resolvedTags {
+		tagIDs[i] = t.ID
+	}
+
+	err = module.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
+		if err := module.store.Create(ctx, storableDashboard); err != nil {
+			return err
+		}
+		return module.tagModule.LinkToEntity(ctx, orgID, dashboardtypes.EntityTypeDashboard, dashboard.ID, tagIDs)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	module.analytics.TrackUser(ctx, orgID.String(), creator.String(), "Dashboard Created", dashboardtypes.NewStatsFromStorableDashboards([]*dashboardtypes.StorableDashboard{storableDashboard}))
+	return dashboard, nil
+}
+
+func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error) {
+	storable, public, err := module.store.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+
+	tags, err := module.tagModule.ListForEntity(ctx, id)
+	if err != nil {
+		return nil, err
+	}
+
+	return dashboardtypes.NewDashboardV2FromStorable(storable, public, tags)
+}
+
+func (module *module) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	if err := updateable.Validate(); err != nil {
+		return nil, err
+	}
+
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	// safety check before upserting tags. existing.Update also has this checks, but
+	// because existing.Update needs the resolved tags, that method can only be called
+	// after the tags have been resolved.
+	if err := existing.CanUpdate(); err != nil {
+		return nil, err
+	}
+
+	// Tag upserts run outside the update transaction for the same reason as
+	// Create: a successful upsert that loses the outer transaction just leaves
+	// resolved tag rows around for the next attempt.
+	resolvedTags, err := module.tagModule.CreateMany(ctx, orgID, updateable.Tags, updatedBy)
+	if err != nil {
+		return nil, err
+	}
+	tagIDs := make([]valuer.UUID, len(resolvedTags))
+	for i, t := range resolvedTags {
+		tagIDs[i] = t.ID
+	}
+
+	if err := existing.Update(updateable, updatedBy, resolvedTags); err != nil {
+		return nil, err
+	}
+
+	storable, err := existing.ToStorableDashboard()
+	if err != nil {
+		return nil, err
+	}
+
+	err = module.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
+		if err := module.tagModule.SyncLinksForEntity(ctx, orgID, dashboardtypes.EntityTypeDashboard, id, tagIDs); err != nil {
+			return err
+		}
+		return module.store.UpdateV2(ctx, orgID, id, updatedBy, storable.Data)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return existing, nil
+}
+
+func (module *module) PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	if err := existing.CanUpdate(); err != nil {
+		return nil, err
+	}
+
+	updateable, err := patch.Apply(existing)
+	if err != nil {
+		return nil, err
+	}
+
+	resolvedTags, err := module.tagModule.CreateMany(ctx, orgID, updateable.Tags, updatedBy)
+	if err != nil {
+		return nil, err
+	}
+	tagIDs := make([]valuer.UUID, len(resolvedTags))
+	for i, t := range resolvedTags {
+		tagIDs[i] = t.ID
+	}
+
+	if err := existing.Update(*updateable, updatedBy, resolvedTags); err != nil {
+		return nil, err
+	}
+
+	storable, err := existing.ToStorableDashboard()
+	if err != nil {
+		return nil, err
+	}
+
+	err = module.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
+		if err := module.tagModule.SyncLinksForEntity(ctx, orgID, dashboardtypes.EntityTypeDashboard, id, tagIDs); err != nil {
+			return err
+		}
+		return module.store.UpdateV2(ctx, orgID, id, updatedBy, storable.Data)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return existing, nil
+}
+
+// CreatePublicV2 is not supported in the community build.
+func (module *module) CreatePublicV2(_ context.Context, _ valuer.UUID, _ valuer.UUID, _ dashboardtypes.PostablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	return nil, errors.Newf(errors.TypeUnsupported, dashboardtypes.ErrCodePublicDashboardUnsupported, "not implemented")
+}
+
+// UpdatePublicV2 is not supported in the community build.
+func (module *module) UpdatePublicV2(_ context.Context, _ valuer.UUID, _ valuer.UUID, _ dashboardtypes.UpdatablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	return nil, errors.Newf(errors.TypeUnsupported, dashboardtypes.ErrCodePublicDashboardUnsupported, "not implemented")
+}
+
+func (module *module) DeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, deletedBy string) error {
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return err
+	}
+	if err := existing.CanDelete(); err != nil {
+		return err
+	}
+	return module.store.SoftDeleteV2(ctx, orgID, id, deletedBy)
+}
+
+func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return err
+	}
+	if err := existing.LockUnlock(lock, isAdmin, updatedBy); err != nil {
+		return err
+	}
+	return module.store.LockUnlockV2(ctx, orgID, id, lock, updatedBy)
+}

pkg/modules/tag/impltag/module.go

@@ -0,0 +1,53 @@
+package impltag
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/modules/tag"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type module struct {
+	store tagtypes.Store
+}
+
+func NewModule(store tagtypes.Store) tag.Module {
+	return &module{store: store}
+}
+
+func (m *module) CreateMany(ctx context.Context, orgID valuer.UUID, postable []tagtypes.PostableTag, createdBy string) ([]*tagtypes.Tag, error) {
+	if len(postable) == 0 {
+		return []*tagtypes.Tag{}, nil
+	}
+
+	toCreate, matched, err := tagtypes.Resolve(ctx, m.store, orgID, postable, createdBy)
+	if err != nil {
+		return nil, err
+	}
+
+	created, err := m.store.Create(ctx, toCreate)
+	if err != nil {
+		return nil, err
+	}
+
+	return append(matched, created...), nil
+}
+
+func (m *module) LinkToEntity(ctx context.Context, orgID valuer.UUID, entityType tagtypes.EntityType, entityID valuer.UUID, tagIDs []valuer.UUID) error {
+	if len(tagIDs) == 0 {
+		return nil
+	}
+	return m.store.CreateRelations(ctx, tagtypes.NewTagRelations(orgID, entityType, entityID, tagIDs))
+}
+
+func (m *module) SyncLinksForEntity(ctx context.Context, orgID valuer.UUID, entityType tagtypes.EntityType, entityID valuer.UUID, tagIDs []valuer.UUID) error {
+	if err := m.store.CreateRelations(ctx, tagtypes.NewTagRelations(orgID, entityType, entityID, tagIDs)); err != nil {
+		return err
+	}
+	return m.store.DeleteRelationsExcept(ctx, entityID, tagIDs)
+}
+
+func (m *module) ListForEntity(ctx context.Context, entityID valuer.UUID) ([]*tagtypes.Tag, error) {
+	return m.store.ListByEntity(ctx, entityID)
+}

pkg/modules/tag/impltag/store.go

@@ -0,0 +1,95 @@
+package impltag
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+)
+
+type store struct {
+	sqlstore sqlstore.SQLStore
+}
+
+func NewStore(sqlstore sqlstore.SQLStore) tagtypes.Store {
+	return &store{sqlstore: sqlstore}
+}
+
+func (s *store) List(ctx context.Context, orgID valuer.UUID) ([]*tagtypes.Tag, error) {
+	tags := make([]*tagtypes.Tag, 0)
+	err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(&tags).
+		Where("org_id = ?", orgID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return tags, nil
+}
+
+func (s *store) ListByEntity(ctx context.Context, entityID valuer.UUID) ([]*tagtypes.Tag, error) {
+	tags := make([]*tagtypes.Tag, 0)
+	err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(&tags).
+		Join("JOIN tag_relations AS tr ON tr.tag_id = tag.id").
+		Where("tr.entity_id = ?", entityID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return tags, nil
+}
+
+func (s *store) Create(ctx context.Context, tags []*tagtypes.Tag) ([]*tagtypes.Tag, error) {
+	if len(tags) == 0 {
+		return tags, nil
+	}
+	// DO UPDATE on a self-set is a deliberate no-op write whose only purpose
+	// is to make RETURNING fire on conflicting rows. Without it, RETURNING is
+	// silent on the conflict path and we'd have to refetch by internal name to
+	// learn the existing rows' IDs after a concurrent-insert race.
+	err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewInsert().
+		Model(&tags).
+		On("CONFLICT (org_id, internal_name) DO UPDATE").
+		Set("internal_name = EXCLUDED.internal_name").
+		Returning("*").
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return tags, nil
+}
+
+func (s *store) CreateRelations(ctx context.Context, relations []*tagtypes.TagRelation) error {
+	if len(relations) == 0 {
+		return nil
+	}
+	_, err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewInsert().
+		Model(&relations).
+		On("CONFLICT (entity_id, tag_id) DO NOTHING").
+		Exec(ctx)
+	return err
+}
+
+func (s *store) DeleteRelationsExcept(ctx context.Context, entityID valuer.UUID, keepTagIDs []valuer.UUID) error {
+	q := s.sqlstore.
+		BunDBCtx(ctx).
+		NewDelete().
+		Model((*tagtypes.TagRelation)(nil)).
+		Where("entity_id = ?", entityID)
+	if len(keepTagIDs) > 0 {
+		q = q.Where("tag_id NOT IN (?)", bun.In(keepTagIDs))
+	}
+	_, err := q.Exec(ctx)
+	return err
+}

pkg/modules/tag/impltag/store_test.go

@@ -0,0 +1,140 @@
+package impltag
+
+import (
+	"context"
+	"path/filepath"
+	"testing"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/factory/factorytest"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/sqlstore/sqlitesqlstore"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/uptrace/bun"
+)
+
+func newTestStore(t *testing.T) sqlstore.SQLStore {
+	t.Helper()
+	dbPath := filepath.Join(t.TempDir(), "test.db")
+	store, err := sqlitesqlstore.New(context.Background(), factorytest.NewSettings(), sqlstore.Config{
+		Provider: "sqlite",
+		Connection: sqlstore.ConnectionConfig{
+			MaxOpenConns:    1,
+			MaxConnLifetime: 0,
+		},
+		Sqlite: sqlstore.SqliteConfig{
+			Path:            dbPath,
+			Mode:            "wal",
+			BusyTimeout:     5 * time.Second,
+			TransactionMode: "deferred",
+		},
+	})
+	require.NoError(t, err)
+
+	_, err = store.BunDB().NewCreateTable().
+		Model((*tagtypes.Tag)(nil)).
+		IfNotExists().
+		Exec(context.Background())
+	require.NoError(t, err)
+
+	_, err = store.BunDB().Exec(`CREATE UNIQUE INDEX IF NOT EXISTS uq_tag_org_id_internal_name ON tag (org_id, internal_name)`)
+	require.NoError(t, err)
+	return store
+}
+
+func tagsByInternalName(t *testing.T, db *bun.DB) map[string]*tagtypes.Tag {
+	t.Helper()
+	all := make([]*tagtypes.Tag, 0)
+	require.NoError(t, db.NewSelect().Model(&all).Scan(context.Background()))
+	out := map[string]*tagtypes.Tag{}
+	for _, tag := range all {
+		out[tag.InternalName] = tag
+	}
+	return out
+}
+
+func TestStore_Create_PopulatesIDsOnFreshInsert(t *testing.T) {
+	ctx := context.Background()
+	sqlstore := newTestStore(t)
+	s := NewStore(sqlstore)
+
+	orgID := valuer.GenerateUUID()
+	tagA := tagtypes.NewTag(orgID, "Database", "database", "u@signoz.io")
+	tagB := tagtypes.NewTag(orgID, "team/BLR", "team::blr", "u@signoz.io")
+	preIDA := tagA.ID
+	preIDB := tagB.ID
+
+	got, err := s.Create(ctx, []*tagtypes.Tag{tagA, tagB})
+	require.NoError(t, err)
+	require.Len(t, got, 2)
+
+	// No race → pre-generated IDs stand. The slice is what we passed in,
+	// confirming Scan didn't reallocate.
+	assert.Equal(t, preIDA, got[0].ID)
+	assert.Equal(t, preIDB, got[1].ID)
+
+	// And the rows are in the DB.
+	stored := tagsByInternalName(t, sqlstore.BunDB())
+	require.Contains(t, stored, "database")
+	require.Contains(t, stored, "team::blr")
+	assert.Equal(t, preIDA, stored["database"].ID)
+	assert.Equal(t, preIDB, stored["team::blr"].ID)
+}
+
+func TestStore_Create_ConflictReturnsExistingRowID(t *testing.T) {
+	ctx := context.Background()
+	sqlstore := newTestStore(t)
+	s := NewStore(sqlstore)
+
+	orgID := valuer.GenerateUUID()
+
+	// Simulate a concurrent insert: someone else has already inserted "database".
+	winner := tagtypes.NewTag(orgID, "Database", "database", "concurrent")
+	_, err := s.Create(ctx, []*tagtypes.Tag{winner})
+	require.NoError(t, err)
+	winnerID := winner.ID
+
+	// Now our request runs with a different pre-generated ID for the same
+	// internal name. RETURNING should overwrite our stale ID with winner's ID.
+	loser := tagtypes.NewTag(orgID, "Database", "database", "u@signoz.io")
+	loserPreID := loser.ID
+	require.NotEqual(t, winnerID, loserPreID, "pre-generated IDs must differ for this test to be meaningful")
+
+	got, err := s.Create(ctx, []*tagtypes.Tag{loser})
+	require.NoError(t, err)
+	require.Len(t, got, 1)
+
+	assert.Equal(t, winnerID, got[0].ID, "returned slice should carry the existing row's ID, not our stale one")
+	assert.Equal(t, winnerID, loser.ID, "input slice element is mutated in place")
+
+	// And the DB still has exactly one row for that internal name — winner's.
+	stored := tagsByInternalName(t, sqlstore.BunDB())
+	require.Len(t, stored, 1)
+	assert.Equal(t, winnerID, stored["database"].ID)
+}
+
+func TestStore_Create_MixedFreshAndConflict(t *testing.T) {
+	ctx := context.Background()
+	sqlstore := newTestStore(t)
+	s := NewStore(sqlstore)
+
+	orgID := valuer.GenerateUUID()
+	pre := tagtypes.NewTag(orgID, "Database", "database", "concurrent")
+	_, err := s.Create(ctx, []*tagtypes.Tag{pre})
+	require.NoError(t, err)
+	preExistingID := pre.ID
+
+	conflict := tagtypes.NewTag(orgID, "Database", "database", "u@signoz.io")
+	fresh := tagtypes.NewTag(orgID, "team/BLR", "team::blr", "u@signoz.io")
+	freshPreID := fresh.ID
+
+	got, err := s.Create(ctx, []*tagtypes.Tag{conflict, fresh})
+	require.NoError(t, err)
+	require.Len(t, got, 2)
+
+	assert.Equal(t, preExistingID, got[0].ID, "conflicting row's ID overwritten with the existing row's")
+	assert.Equal(t, freshPreID, got[1].ID, "fresh row's pre-generated ID is preserved")
+}

pkg/modules/tag/tag.go

@@ -0,0 +1,28 @@
+package tag
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type Module interface {
+	// CreateMany resolves user-supplied tag names against the existing tags for the
+	// org — reusing the casing of any existing parent tag so that
+	// "teams/blr/platform" inherits the "BLR" casing from a pre-existing
+	// "teams/BLR" tag — and inserts any tags that don't yet exist.
+	//
+	// Does not link the resolved tags to any entity — call LinkToEntity for that.
+	CreateMany(ctx context.Context, orgID valuer.UUID, postable []tagtypes.PostableTag, createdBy string) ([]*tagtypes.Tag, error)
+
+	// LinkToEntity inserts (entity, tag) rows in tag_relations. Existing rows
+	// are left untouched. Uses the caller's transaction context if any so that
+	// it can be made atomic with the entity row insert.
+	LinkToEntity(ctx context.Context, orgID valuer.UUID, entityType tagtypes.EntityType, entityID valuer.UUID, tagIDs []valuer.UUID) error
+
+	// missing links are inserted, obsolete ones removed.
+	SyncLinksForEntity(ctx context.Context, orgID valuer.UUID, entityType tagtypes.EntityType, entityID valuer.UUID, tagIDs []valuer.UUID) error
+
+	ListForEntity(ctx context.Context, entityID valuer.UUID) ([]*tagtypes.Tag, error)
+}

pkg/query-service/rules/manager.go

@@ -32,28 +32,30 @@ import (
 )
 
 type PrepareTaskOptions struct {
-	Rule        *ruletypes.PostableRule
-	TaskName    string
-	RuleStore   ruletypes.RuleStore
-	Querier     querier.Querier
-	Logger      *slog.Logger
-	Cache       cache.Cache
-	ManagerOpts *ManagerOptions
-	NotifyFunc  NotifyFunc
-	SQLStore    sqlstore.SQLStore
-	OrgID       valuer.UUID
+	Rule             *ruletypes.PostableRule
+	TaskName         string
+	RuleStore        ruletypes.RuleStore
+	MaintenanceStore ruletypes.MaintenanceStore
+	Querier          querier.Querier
+	Logger           *slog.Logger
+	Cache            cache.Cache
+	ManagerOpts      *ManagerOptions
+	NotifyFunc       NotifyFunc
+	SQLStore         sqlstore.SQLStore
+	OrgID            valuer.UUID
 }
 
 type PrepareTestRuleOptions struct {
-	Rule        *ruletypes.PostableRule
-	RuleStore   ruletypes.RuleStore
-	Querier     querier.Querier
-	Logger      *slog.Logger
-	Cache       cache.Cache
-	ManagerOpts *ManagerOptions
-	NotifyFunc  NotifyFunc
-	SQLStore    sqlstore.SQLStore
-	OrgID       valuer.UUID
+	Rule             *ruletypes.PostableRule
+	RuleStore        ruletypes.RuleStore
+	MaintenanceStore ruletypes.MaintenanceStore
+	Querier          querier.Querier
+	Logger           *slog.Logger
+	Cache            cache.Cache
+	ManagerOpts      *ManagerOptions
+	NotifyFunc       NotifyFunc
+	SQLStore         sqlstore.SQLStore
+	OrgID            valuer.UUID
 }
 
 const taskNameSuffix = "webAppEditor"
@@ -132,6 +134,7 @@ func defaultOptions(o *ManagerOptions) *ManagerOptions {
 }
 
 func defaultPrepareTaskFunc(opts PrepareTaskOptions) (Task, error) {
+
 	rules := make([]Rule, 0)
 	var task Task
 
@@ -156,6 +159,7 @@ func defaultPrepareTaskFunc(opts PrepareTaskOptions) (Task, error) {
 			WithMetadataStore(opts.ManagerOpts.MetadataStore),
 			WithRuleStateHistoryModule(opts.ManagerOpts.RuleStateHistoryModule),
 		)
+
 		if err != nil {
 			return task, err
 		}
@@ -163,7 +167,7 @@ func defaultPrepareTaskFunc(opts PrepareTaskOptions) (Task, error) {
 		rules = append(rules, tr)
 
 		// create ch rule task for evaluation
-		task = newTask(TaskTypeCh, opts.TaskName, taskNameSuffix, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc)
+		task = newTask(TaskTypeCh, opts.TaskName, taskNameSuffix, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc, opts.MaintenanceStore, opts.OrgID)
 
 	} else if opts.Rule.RuleType == ruletypes.RuleTypeProm {
 
@@ -179,6 +183,7 @@ func defaultPrepareTaskFunc(opts PrepareTaskOptions) (Task, error) {
 			WithMetadataStore(opts.ManagerOpts.MetadataStore),
 			WithRuleStateHistoryModule(opts.ManagerOpts.RuleStateHistoryModule),
 		)
+
 		if err != nil {
 			return task, err
 		}
@@ -186,7 +191,7 @@ func defaultPrepareTaskFunc(opts PrepareTaskOptions) (Task, error) {
 		rules = append(rules, pr)
 
 		// create promql rule task for evaluation
-		task = newTask(TaskTypeProm, opts.TaskName, taskNameSuffix, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc)
+		task = newTask(TaskTypeProm, opts.TaskName, taskNameSuffix, evaluation.GetFrequency().Duration(), rules, opts.ManagerOpts, opts.NotifyFunc, opts.MaintenanceStore, opts.OrgID)
 
 	} else {
 		return nil, errors.NewInvalidInputf(errors.CodeInvalidInput, "unsupported rule type %s. Supported types: %s, %s", opts.Rule.RuleType, ruletypes.RuleTypeProm, ruletypes.RuleTypeThreshold)
@@ -236,7 +241,6 @@ func (m *Manager) MaintenanceStore() ruletypes.MaintenanceStore {
 	return m.maintenanceStore
 }
 
-// TODO(jatinderjit): remove (unused)?
 func (m *Manager) Pause(b bool) {
 	m.mtx.Lock()
 	defer m.mtx.Unlock()
@@ -426,17 +430,19 @@ func (m *Manager) editTask(_ context.Context, orgID valuer.UUID, rule *ruletypes
 	m.logger.Debug("editing a rule task", "name", taskName)
 
 	newTask, err := m.prepareTaskFunc(PrepareTaskOptions{
-		Rule:        rule,
-		TaskName:    taskName,
-		RuleStore:   m.ruleStore,
-		Querier:     m.opts.Querier,
-		Logger:      m.opts.Logger,
-		Cache:       m.cache,
-		ManagerOpts: m.opts,
-		NotifyFunc:  m.notifyFunc,
-		SQLStore:    m.sqlstore,
-		OrgID:       orgID,
+		Rule:             rule,
+		TaskName:         taskName,
+		RuleStore:        m.ruleStore,
+		MaintenanceStore: m.maintenanceStore,
+		Querier:          m.opts.Querier,
+		Logger:           m.opts.Logger,
+		Cache:            m.cache,
+		ManagerOpts:      m.opts,
+		NotifyFunc:       m.notifyFunc,
+		SQLStore:         m.sqlstore,
+		OrgID:            orgID,
 	})
+
 	if err != nil {
 		m.logger.Error("loading tasks failed", errors.Attr(err))
 		return errors.NewInvalidInputf(errors.CodeInvalidInput, "error preparing rule with given parameters, previous rule set restored")
@@ -637,17 +643,19 @@ func (m *Manager) addTask(_ context.Context, orgID valuer.UUID, rule *ruletypes.
 
 	m.logger.Debug("adding a new rule task", "name", taskName)
 	newTask, err := m.prepareTaskFunc(PrepareTaskOptions{
-		Rule:        rule,
-		TaskName:    taskName,
-		RuleStore:   m.ruleStore,
-		Querier:     m.opts.Querier,
-		Logger:      m.opts.Logger,
-		Cache:       m.cache,
-		ManagerOpts: m.opts,
-		NotifyFunc:  m.notifyFunc,
-		SQLStore:    m.sqlstore,
-		OrgID:       orgID,
+		Rule:             rule,
+		TaskName:         taskName,
+		RuleStore:        m.ruleStore,
+		MaintenanceStore: m.maintenanceStore,
+		Querier:          m.opts.Querier,
+		Logger:           m.opts.Logger,
+		Cache:            m.cache,
+		ManagerOpts:      m.opts,
+		NotifyFunc:       m.notifyFunc,
+		SQLStore:         m.sqlstore,
+		OrgID:            orgID,
 	})
+
 	if err != nil {
 		m.logger.Error("creating rule task failed", "name", taskName, errors.Attr(err))
 		return errors.NewInvalidInputf(errors.CodeInvalidInput, "error loading rules, previous rule set restored")
@@ -695,6 +703,7 @@ func (m *Manager) RuleTasks() []Task {
 // RuleTasksWithoutLock returns the list of manager's rule tasks without
 // acquiring a lock on the manager.
 func (m *Manager) RuleTasksWithoutLock() []Task {
+
 	rgs := make([]Task, 0, len(m.tasks))
 	for _, g := range m.tasks {
 		rgs = append(rgs, g)
@@ -888,6 +897,7 @@ func (m *Manager) GetRule(ctx context.Context, id valuer.UUID) (*ruletypes.Getta
 // the task state. For example - if a stored rule is disabled, then
 // there is no task running against it.
 func (m *Manager) syncRuleStateWithTask(ctx context.Context, orgID valuer.UUID, taskName string, rule *ruletypes.PostableRule) error {
+
 	if rule.Disabled {
 		// check if rule has any task running
 		if _, ok := m.tasks[taskName]; ok {
@@ -1019,15 +1029,16 @@ func (m *Manager) TestNotification(ctx context.Context, orgID valuer.UUID, ruleS
 	}
 
 	alertCount, err := m.prepareTestRuleFunc(PrepareTestRuleOptions{
-		Rule:        &parsedRule,
-		RuleStore:   m.ruleStore,
-		Querier:     m.opts.Querier,
-		Logger:      m.opts.Logger,
-		Cache:       m.cache,
-		ManagerOpts: m.opts,
-		NotifyFunc:  m.testNotifyFunc,
-		SQLStore:    m.sqlstore,
-		OrgID:       orgID,
+		Rule:             &parsedRule,
+		RuleStore:        m.ruleStore,
+		MaintenanceStore: m.maintenanceStore,
+		Querier:          m.opts.Querier,
+		Logger:           m.opts.Logger,
+		Cache:            m.cache,
+		ManagerOpts:      m.opts,
+		NotifyFunc:       m.testNotifyFunc,
+		SQLStore:         m.sqlstore,
+		OrgID:            orgID,
 	})
 
 	return alertCount, err

pkg/query-service/rules/prom_rule_task.go

@@ -15,6 +15,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	ruletypes "github.com/SigNoz/signoz/pkg/types/ruletypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
 // PromRuleTask is a promql rule executor
@@ -38,11 +39,14 @@ type PromRuleTask struct {
 	pause  bool
 	logger *slog.Logger
 	notify NotifyFunc
+
+	maintenanceStore ruletypes.MaintenanceStore
+	orgID            valuer.UUID
 }
 
 // NewPromRuleTask holds rules that have promql condition
 // and evaluates the rule at a given frequency
-func NewPromRuleTask(name, file string, frequency time.Duration, rules []Rule, opts *ManagerOptions, notify NotifyFunc) *PromRuleTask {
+func NewPromRuleTask(name, file string, frequency time.Duration, rules []Rule, opts *ManagerOptions, notify NotifyFunc, maintenanceStore ruletypes.MaintenanceStore, orgID valuer.UUID) *PromRuleTask {
 	opts.Logger.Info("initiating a new rule group", "name", name, "frequency", frequency)
 
 	if frequency == 0 {
@@ -59,8 +63,10 @@ func NewPromRuleTask(name, file string, frequency time.Duration, rules []Rule, o
 		seriesInPreviousEval: make([]map[string]plabels.Labels, len(rules)),
 		done:                 make(chan struct{}),
 		terminated:           make(chan struct{}),
-		notify: notify,
-		logger: opts.Logger,
+		notify:               notify,
+		maintenanceStore:     maintenanceStore,
+		logger:               opts.Logger,
+		orgID:                orgID,
 	}
 }
 
@@ -324,12 +330,30 @@ func (g *PromRuleTask) Eval(ctx context.Context, ts time.Time) {
 	}()
 
 	g.logger.InfoContext(ctx, "promql rule task", "name", g.name, "eval_started_at", ts)
+	maintenance, err := g.maintenanceStore.ListPlannedMaintenance(ctx, g.orgID.StringValue())
+	if err != nil {
+		g.logger.ErrorContext(ctx, "error in processing sql query", errors.Attr(err))
+	}
 
 	for i, rule := range g.rules {
 		if rule == nil {
 			continue
 		}
 
+		shouldSkip := false
+		for _, m := range maintenance {
+			g.logger.InfoContext(ctx, "checking if rule should be skipped", slog.String("rule.id", rule.ID()), slog.Any("maintenance", m))
+			if m.ShouldSkip(rule.ID(), ts) {
+				shouldSkip = true
+				break
+			}
+		}
+
+		if shouldSkip {
+			g.logger.InfoContext(ctx, "rule should be skipped", slog.String("rule.id", rule.ID()))
+			continue
+		}
+
 		select {
 		case <-g.done:
 			return

pkg/query-service/rules/rule_task.go

@@ -2,18 +2,20 @@ package rules
 
 import (
 	"context"
-	"log/slog"
 	"runtime/debug"
 	"sort"
 	"sync"
 	"time"
 
+	"log/slog"
+
 	opentracing "github.com/opentracing/opentracing-go"
 
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	"github.com/SigNoz/signoz/pkg/types/ruletypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
 // RuleTask holds a rule (with composite queries)
@@ -35,28 +37,34 @@ type RuleTask struct {
 
 	pause  bool
 	notify NotifyFunc
+
+	maintenanceStore ruletypes.MaintenanceStore
+	orgID            valuer.UUID
 }
 
 const DefaultFrequency = 1 * time.Minute
 
 // NewRuleTask makes a new RuleTask with the given name, options, and rules.
-func NewRuleTask(name, file string, frequency time.Duration, rules []Rule, opts *ManagerOptions, notify NotifyFunc) *RuleTask {
+func NewRuleTask(name, file string, frequency time.Duration, rules []Rule, opts *ManagerOptions, notify NotifyFunc, maintenanceStore ruletypes.MaintenanceStore, orgID valuer.UUID) *RuleTask {
+
 	if frequency == 0 {
 		frequency = DefaultFrequency
 	}
 	opts.Logger.Info("initiating a new rule task", "name", name, "frequency", frequency)
 
 	return &RuleTask{
-		name:       name,
-		file:       file,
-		pause:      false,
-		frequency:  frequency,
-		rules:      rules,
-		opts:       opts,
-		logger:     opts.Logger,
-		done:       make(chan struct{}),
-		terminated: make(chan struct{}),
-		notify:     notify,
+		name:             name,
+		file:             file,
+		pause:            false,
+		frequency:        frequency,
+		rules:            rules,
+		opts:             opts,
+		logger:           opts.Logger,
+		done:             make(chan struct{}),
+		terminated:       make(chan struct{}),
+		notify:           notify,
+		maintenanceStore: maintenanceStore,
+		orgID:            orgID,
 	}
 }
 
@@ -64,7 +72,6 @@ func NewRuleTask(name, file string, frequency time.Duration, rules []Rule, opts
 func (g *RuleTask) Name() string { return g.name }
 
 // Key returns the group key
-// TODO(jatinderjit): remove (unused)?
 func (g *RuleTask) Key() string {
 	return g.name + ";" + g.file
 }
@@ -76,7 +83,7 @@ func (g *RuleTask) Type() TaskType { return TaskTypeCh }
 func (g *RuleTask) Rules() []Rule { return g.rules }
 
 // Interval returns the group's interval.
-// TODO(jatinderjit): remove (unused)?
+// TODO: remove (unused)?
 func (g *RuleTask) Interval() time.Duration { return g.frequency }
 
 func (g *RuleTask) Pause(b bool) {
@@ -254,6 +261,7 @@ func nameAndLabels(rule Rule) string {
 // Rules are matched based on their name and labels. If there are duplicates, the
 // first is matched with the first, second with the second etc.
 func (g *RuleTask) CopyState(fromTask Task) error {
+
 	from, ok := fromTask.(*RuleTask)
 	if !ok {
 		return errors.NewInternalf(errors.CodeInternal, "invalid from task for copy")
@@ -298,6 +306,7 @@ func (g *RuleTask) CopyState(fromTask Task) error {
 
 // Eval runs a single evaluation cycle in which all rules are evaluated sequentially.
 func (g *RuleTask) Eval(ctx context.Context, ts time.Time) {
+
 	defer func() {
 		if r := recover(); r != nil {
 			g.logger.ErrorContext(
@@ -309,11 +318,31 @@ func (g *RuleTask) Eval(ctx context.Context, ts time.Time) {
 
 	g.logger.DebugContext(ctx, "rule task eval started", "name", g.name, "start_time", ts)
 
+	maintenance, err := g.maintenanceStore.ListPlannedMaintenance(ctx, g.orgID.StringValue())
+
+	if err != nil {
+		g.logger.ErrorContext(ctx, "error in processing sql query", errors.Attr(err))
+	}
+
 	for i, rule := range g.rules {
 		if rule == nil {
 			continue
 		}
 
+		shouldSkip := false
+		for _, m := range maintenance {
+			g.logger.InfoContext(ctx, "checking if rule should be skipped", slog.String("rule.id", rule.ID()), slog.Any("maintenance", m))
+			if m.ShouldSkip(rule.ID(), ts) {
+				shouldSkip = true
+				break
+			}
+		}
+
+		if shouldSkip {
+			g.logger.InfoContext(ctx, "rule should be skipped", slog.String("rule.id", rule.ID()))
+			continue
+		}
+
 		select {
 		case <-g.done:
 			return
@@ -353,6 +382,7 @@ func (g *RuleTask) Eval(ctx context.Context, ts time.Time) {
 			}
 
 			rule.SendAlerts(ctx, ts, g.opts.ResendDelay, g.frequency, g.notify)
+
 		}(i, rule)
 	}
 }

pkg/query-service/rules/task.go

@@ -3,6 +3,9 @@ package rules
 import (
 	"context"
 	"time"
+
+	"github.com/SigNoz/signoz/pkg/types/ruletypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
 type TaskType string
@@ -29,9 +32,9 @@ type Task interface {
 
 // newTask returns an appropriate group for
 // rule type
-func newTask(taskType TaskType, name, file string, frequency time.Duration, rules []Rule, opts *ManagerOptions, notify NotifyFunc) Task {
+func newTask(taskType TaskType, name, file string, frequency time.Duration, rules []Rule, opts *ManagerOptions, notify NotifyFunc, maintenanceStore ruletypes.MaintenanceStore, orgID valuer.UUID) Task {
 	if taskType == TaskTypeCh {
-		return NewRuleTask(name, file, frequency, rules, opts, notify)
+		return NewRuleTask(name, file, frequency, rules, opts, notify, maintenanceStore, orgID)
 	}
-	return NewPromRuleTask(name, file, frequency, rules, opts, notify)
+	return NewPromRuleTask(name, file, frequency, rules, opts, notify, maintenanceStore, orgID)
 }

pkg/ruler/rulestore/sqlrulestore/maintenance.go

@@ -75,11 +75,10 @@ func (r *maintenance) CreatePlannedMaintenance(ctx context.Context, maintenance
 			CreatedBy: claims.Email,
 			UpdatedBy: claims.Email,
 		},
-		Name:            maintenance.Name,
-		Description:     maintenance.Description,
-		Schedule:        maintenance.Schedule,
-		OrgID:           claims.OrgID,
-		LabelExpression: maintenance.LabelExpression,
+		Name:        maintenance.Name,
+		Description: maintenance.Description,
+		Schedule:    maintenance.Schedule,
+		OrgID:       claims.OrgID,
 	}
 
 	maintenanceRules := make([]*ruletypes.StorablePlannedMaintenanceRule, 0)
@@ -127,16 +126,15 @@ func (r *maintenance) CreatePlannedMaintenance(ctx context.Context, maintenance
 	}
 
 	return &ruletypes.PlannedMaintenance{
-		ID:              storablePlannedMaintenance.ID,
-		Name:            storablePlannedMaintenance.Name,
-		Description:     storablePlannedMaintenance.Description,
-		Schedule:        storablePlannedMaintenance.Schedule,
-		RuleIDs:         maintenance.AlertIds,
-		LabelExpression: maintenance.LabelExpression,
-		CreatedAt:       storablePlannedMaintenance.CreatedAt,
-		CreatedBy:       storablePlannedMaintenance.CreatedBy,
-		UpdatedAt:       storablePlannedMaintenance.UpdatedAt,
-		UpdatedBy:       storablePlannedMaintenance.UpdatedBy,
+		ID:          storablePlannedMaintenance.ID,
+		Name:        storablePlannedMaintenance.Name,
+		Description: storablePlannedMaintenance.Description,
+		Schedule:    storablePlannedMaintenance.Schedule,
+		RuleIDs:     maintenance.AlertIds,
+		CreatedAt:   storablePlannedMaintenance.CreatedAt,
+		CreatedBy:   storablePlannedMaintenance.CreatedBy,
+		UpdatedAt:   storablePlannedMaintenance.UpdatedAt,
+		UpdatedBy:   storablePlannedMaintenance.UpdatedBy,
 	}, nil
 }
 
@@ -177,11 +175,10 @@ func (r *maintenance) UpdatePlannedMaintenance(ctx context.Context, maintenance
 			CreatedBy: existing.CreatedBy,
 			UpdatedBy: claims.Email,
 		},
-		Name:            maintenance.Name,
-		Description:     maintenance.Description,
-		Schedule:        maintenance.Schedule,
-		OrgID:           claims.OrgID,
-		LabelExpression: maintenance.LabelExpression,
+		Name:        maintenance.Name,
+		Description: maintenance.Description,
+		Schedule:    maintenance.Schedule,
+		OrgID:       claims.OrgID,
 	}
 
 	storablePlannedMaintenanceRules := make([]*ruletypes.StorablePlannedMaintenanceRule, 0)

pkg/signoz/config.go

@@ -24,6 +24,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/identn"
 	"github.com/SigNoz/signoz/pkg/instrumentation"
 	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/modules/dashboard/dashboardpurger"
 	"github.com/SigNoz/signoz/pkg/modules/inframonitoring"
 	"github.com/SigNoz/signoz/pkg/modules/metricsexplorer"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
@@ -143,6 +144,9 @@ type Config struct {
 
 	// Authz config
 	Authz authz.Config `mapstructure:"authz"`
+
+	// DashboardPurger config (hard-deletes soft-deleted dashboards after a TTL).
+	DashboardPurger dashboardpurger.Config `mapstructure:"dashboardpurger"`
 }
 
 func NewConfig(ctx context.Context, logger *slog.Logger, resolverConfig config.ResolverConfig) (Config, error) {
@@ -168,6 +172,7 @@ func NewConfig(ctx context.Context, logger *slog.Logger, resolverConfig config.R
 		statsreporter.NewConfigFactory(),
 		gateway.NewConfigFactory(),
 		tokenizer.NewConfigFactory(),
+		dashboardpurger.NewConfigFactory(),
 		metricsexplorer.NewConfigFactory(),
 		inframonitoring.NewConfigFactory(),
 		flagger.NewConfigFactory(),

pkg/signoz/handler_test.go

@@ -16,10 +16,10 @@ import (
 	"github.com/SigNoz/signoz/pkg/instrumentation/instrumentationtest"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
+	"github.com/SigNoz/signoz/pkg/modules/tag/impltag"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
-	"github.com/SigNoz/signoz/pkg/ruler/rulestore/sqlrulestore"
 	"github.com/SigNoz/signoz/pkg/sharder"
 	"github.com/SigNoz/signoz/pkg/sharder/noopsharder"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
@@ -39,14 +39,14 @@ func TestNewHandlers(t *testing.T) {
 	orgGetter := implorganization.NewGetter(implorganization.NewStore(sqlstore), sharder)
 	notificationManager := nfmanagertest.NewMock()
 	require.NoError(t, err)
-	maintenanceStore := sqlrulestore.NewMaintenanceStore(sqlstore)
-	alertmanager, err := signozalertmanager.New(providerSettings, alertmanager.Config{}, sqlstore, orgGetter, notificationManager, maintenanceStore)
+	alertmanager, err := signozalertmanager.New(context.TODO(), providerSettings, alertmanager.Config{}, sqlstore, orgGetter, notificationManager)
 	require.NoError(t, err)
 	tokenizer := tokenizertest.NewMockTokenizer(t)
 	emailing := emailingtest.New()
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
-	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)
+	tagModule := impltag.NewModule(impltag.NewStore(sqlstore))
+	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), sqlstore, providerSettings, nil, orgGetter, queryParser, tagModule)
 
 	flagger, err := flagger.New(context.Background(), instrumentationtest.New().ToProviderSettings(), flagger.Config{}, flagger.MustNewRegistry())
 	require.NoError(t, err)
@@ -54,7 +54,7 @@ func TestNewHandlers(t *testing.T) {
 	userRoleStore := impluser.NewUserRoleStore(sqlstore, providerSettings)
 
 	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings), userRoleStore, flagger)
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, nil, nil, flagger)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, nil, nil, flagger, tagModule)
 
 	querierHandler := querier.NewHandler(providerSettings, nil, nil)
 	registryHandler := factory.NewHandler(nil)

pkg/signoz/module.go

@@ -40,6 +40,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/session/implsession"
 	"github.com/SigNoz/signoz/pkg/modules/spanpercentile"
 	"github.com/SigNoz/signoz/pkg/modules/spanpercentile/implspanpercentile"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/tracedetail"
 	"github.com/SigNoz/signoz/pkg/modules/tracedetail/impltracedetail"
 	"github.com/SigNoz/signoz/pkg/modules/tracefunnel"
@@ -80,6 +81,7 @@ type Modules struct {
 	CloudIntegration cloudintegration.Module
 	RuleStateHistory rulestatehistory.Module
 	TraceDetail      tracedetail.Module
+	Tag              tag.Module
 }
 
 func NewModules(
@@ -104,6 +106,7 @@ func NewModules(
 	serviceAccount serviceaccount.Module,
 	cloudIntegrationModule cloudintegration.Module,
 	fl flagger.Flagger,
+	tagModule tag.Module,
 ) Modules {
 	quickfilter := implquickfilter.NewModule(implquickfilter.NewStore(sqlstore))
 	orgSetter := implorganization.NewSetter(implorganization.NewStore(sqlstore), alertmanager, quickfilter)
@@ -133,5 +136,6 @@ func NewModules(
 		RuleStateHistory: implrulestatehistory.NewModule(implrulestatehistory.NewStore(telemetryStore, telemetryMetadataStore, providerSettings.Logger)),
 		CloudIntegration: cloudIntegrationModule,
 		TraceDetail:      impltracedetail.NewModule(impltracedetail.NewTraceStore(telemetryStore), providerSettings, config.TraceDetail),
+		Tag:              tagModule,
 	}
 }

pkg/signoz/module_test.go

@@ -18,9 +18,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount/implserviceaccount"
+	"github.com/SigNoz/signoz/pkg/modules/tag/impltag"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/queryparser"
-	"github.com/SigNoz/signoz/pkg/ruler/rulestore/sqlrulestore"
 	"github.com/SigNoz/signoz/pkg/sharder"
 	"github.com/SigNoz/signoz/pkg/sharder/noopsharder"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
@@ -40,14 +40,14 @@ func TestNewModules(t *testing.T) {
 	orgGetter := implorganization.NewGetter(implorganization.NewStore(sqlstore), sharder)
 	notificationManager := nfmanagertest.NewMock()
 	require.NoError(t, err)
-	maintenanceStore := sqlrulestore.NewMaintenanceStore(sqlstore)
-	alertmanager, err := signozalertmanager.New(providerSettings, alertmanager.Config{}, sqlstore, orgGetter, notificationManager, maintenanceStore)
+	alertmanager, err := signozalertmanager.New(context.TODO(), providerSettings, alertmanager.Config{}, sqlstore, orgGetter, notificationManager)
 	require.NoError(t, err)
 	tokenizer := tokenizertest.NewMockTokenizer(t)
 	emailing := emailingtest.New()
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
-	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)
+	tagModule := impltag.NewModule(impltag.NewStore(sqlstore))
+	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), sqlstore, providerSettings, nil, orgGetter, queryParser, tagModule)
 
 	flagger, err := flagger.New(context.Background(), instrumentationtest.New().ToProviderSettings(), flagger.Config{}, flagger.MustNewRegistry())
 	require.NoError(t, err)
@@ -58,7 +58,7 @@ func TestNewModules(t *testing.T) {
 
 	serviceAccount := implserviceaccount.NewModule(implserviceaccount.NewStore(sqlstore), nil, nil, nil, providerSettings, serviceaccount.Config{})
 
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, serviceAccount, implcloudintegration.NewModule(), flagger)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, serviceAccount, implcloudintegration.NewModule(), flagger, tagModule)
 
 	reflectVal := reflect.ValueOf(modules)
 	for i := 0; i < reflectVal.NumField(); i++ {

pkg/signoz/provider.go

@@ -65,7 +65,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/tokenizer/tokenizerstore/sqltokenizerstore"
 	"github.com/SigNoz/signoz/pkg/types/alertmanagertypes"
 	"github.com/SigNoz/signoz/pkg/types/featuretypes"
-	ruletypes "github.com/SigNoz/signoz/pkg/types/ruletypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/SigNoz/signoz/pkg/web"
 	"github.com/SigNoz/signoz/pkg/web/noopweb"
@@ -196,7 +195,8 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewServiceAccountAuthzactory(sqlstore),
 		sqlmigration.NewDropUserDeletedAtFactory(sqlstore, sqlschema),
 		sqlmigration.NewMigrateAWSAllRegionsFactory(sqlstore),
-		sqlmigration.NewAddLabelExpressionToPlannedMaintenanceFactory(sqlstore, sqlschema),
+		sqlmigration.NewAddTagsFactory(sqlstore, sqlschema),
+		sqlmigration.NewAddDashboardSoftDeleteFactory(sqlstore, sqlschema),
 	)
 }
 
@@ -223,14 +223,9 @@ func NewNotificationManagerProviderFactories(routeStore alertmanagertypes.RouteS
 	)
 }
 
-func NewAlertmanagerProviderFactories(
-	sqlstore sqlstore.SQLStore,
-	orgGetter organization.Getter,
-	nfManager nfmanager.NotificationManager,
-	maintenanceStore ruletypes.MaintenanceStore,
-) factory.NamedMap[factory.ProviderFactory[alertmanager.Alertmanager, alertmanager.Config]] {
+func NewAlertmanagerProviderFactories(sqlstore sqlstore.SQLStore, orgGetter organization.Getter, nfManager nfmanager.NotificationManager) factory.NamedMap[factory.ProviderFactory[alertmanager.Alertmanager, alertmanager.Config]] {
 	return factory.MustNewNamedMap(
-		signozalertmanager.NewFactory(sqlstore, orgGetter, nfManager, maintenanceStore),
+		signozalertmanager.NewFactory(sqlstore, orgGetter, nfManager),
 	)
 }
 

pkg/signoz/provider_test.go

@@ -14,7 +14,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/sqlschema"
 	"github.com/SigNoz/signoz/pkg/sqlschema/sqlschematest"
-	"github.com/SigNoz/signoz/pkg/ruler/rulestore/sqlrulestore"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstoretest"
 	"github.com/SigNoz/signoz/pkg/statsreporter"
@@ -60,11 +59,9 @@ func TestNewProviderFactories(t *testing.T) {
 	})
 
 	assert.NotPanics(t, func() {
-		store := sqlstoretest.New(sqlstore.Config{Provider: "sqlite"}, sqlmock.QueryMatcherEqual)
-		orgGetter := implorganization.NewGetter(implorganization.NewStore(store), nil)
+		orgGetter := implorganization.NewGetter(implorganization.NewStore(sqlstoretest.New(sqlstore.Config{Provider: "sqlite"}, sqlmock.QueryMatcherEqual)), nil)
 		notificationManager := nfmanagertest.NewMock()
-		maintenanceStore := sqlrulestore.NewMaintenanceStore(store)
-		NewAlertmanagerProviderFactories(store, orgGetter, notificationManager, maintenanceStore)
+		NewAlertmanagerProviderFactories(sqlstoretest.New(sqlstore.Config{Provider: "sqlite"}, sqlmock.QueryMatcherEqual), orgGetter, notificationManager)
 	})
 
 	assert.NotPanics(t, func() {

pkg/signoz/signoz.go

@@ -29,12 +29,15 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount/implserviceaccount"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
+	"github.com/SigNoz/signoz/pkg/modules/dashboard/dashboardpurger"
+	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
+	"github.com/SigNoz/signoz/pkg/modules/tag/impltag"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/ruler"
-	"github.com/SigNoz/signoz/pkg/ruler/rulestore/sqlrulestore"
 	"github.com/SigNoz/signoz/pkg/sharder"
 	"github.com/SigNoz/signoz/pkg/sqlmigration"
 	"github.com/SigNoz/signoz/pkg/sqlmigrator"
@@ -102,7 +105,7 @@ func New(
 	telemetrystoreProviderFactories factory.NamedMap[factory.ProviderFactory[telemetrystore.TelemetryStore, telemetrystore.Config]],
 	authNsCallback func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error),
 	authzCallback func(context.Context, sqlstore.SQLStore, licensing.Licensing, []authz.OnBeforeRoleDelete, dashboard.Module) (factory.ProviderFactory[authz.AuthZ, authz.Config], error),
-	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, queryparser.QueryParser, querier.Querier, licensing.Licensing) dashboard.Module,
+	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, queryparser.QueryParser, querier.Querier, licensing.Licensing, tag.Module) dashboard.Module,
 	gatewayProviderFactory func(licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config],
 	auditorProviderFactories func(licensing.Licensing) factory.NamedMap[factory.ProviderFactory[auditor.Auditor, auditor.Config]],
 	querierHandlerCallback func(factory.ProviderSettings, querier.Querier, analytics.Analytics) querier.Handler,
@@ -326,8 +329,13 @@ func New(
 	// Initialize query parser (needed for dashboard module)
 	queryParser := queryparser.New(providerSettings)
 
+	// Initialize tag module — shared across modules that link entities to tags
+	// (currently dashboard; future: alerts, RBAC). Built once here and injected
+	// where needed.
+	tagModule := impltag.NewModule(impltag.NewStore(sqlstore))
+
 	// Initialize dashboard module (needed for authz registry)
-	dashboard := dashboardModuleCallback(sqlstore, providerSettings, analytics, orgGetter, queryParser, querier, licensing)
+	dashboard := dashboardModuleCallback(sqlstore, providerSettings, analytics, orgGetter, queryParser, querier, licensing, tagModule)
 
 	// Initialize user getter
 	userGetter := impluser.NewGetter(userStore, userRoleStore, flagger)
@@ -363,14 +371,12 @@ func New(
 		return nil, err
 	}
 
-	maintenanceStore := sqlrulestore.NewMaintenanceStore(sqlstore)
-
 	// Initialize alertmanager from the available alertmanager provider factories
 	alertmanager, err := factory.NewProviderFromNamedMap(
 		ctx,
 		providerSettings,
 		config.Alertmanager,
-		NewAlertmanagerProviderFactories(sqlstore, orgGetter, nfManager, maintenanceStore),
+		NewAlertmanagerProviderFactories(sqlstore, orgGetter, nfManager),
 		config.Alertmanager.Provider,
 	)
 	if err != nil {
@@ -444,7 +450,7 @@ func New(
 	}
 
 	// Initialize all modules
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter, userRoleStore, serviceAccount, cloudIntegrationModule, flagger)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter, userRoleStore, serviceAccount, cloudIntegrationModule, flagger, tagModule)
 
 	// Initialize ruler from the variant-specific provider factories
 	rulerInstance, err := factory.NewProviderFromNamedMap(ctx, providerSettings, config.Ruler, rulerProviderFactories(cache, alertmanager, sqlstore, telemetrystore, telemetryMetadataStore, prometheus, orgGetter, modules.RuleStateHistory, querier, queryParser), "signoz")
@@ -491,6 +497,12 @@ func New(
 		return nil, err
 	}
 
+	// Initialize dashboard purger — periodic hard-delete of soft-deleted rows.
+	dashboardPurger, err := dashboardpurger.NewFactory(impldashboard.NewStore(sqlstore)).New(ctx, providerSettings, config.DashboardPurger)
+	if err != nil {
+		return nil, err
+	}
+
 	registry, err := factory.NewRegistry(
 		ctx,
 		instrumentation.Logger(),
@@ -505,6 +517,7 @@ func New(
 		factory.NewNamedService(factory.MustNewName("user"), userService, factory.MustNewName("authz")),
 		factory.NewNamedService(factory.MustNewName("auditor"), auditor),
 		factory.NewNamedService(factory.MustNewName("ruler"), rulerInstance),
+		factory.NewNamedService(factory.MustNewName("dashboardpurger"), dashboardPurger),
 	)
 	if err != nil {
 		return nil, err

pkg/sqlmigration/078_add_label_expression_to_planned_maintenance.go

@@ -1,97 +0,0 @@
-package sqlmigration
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/sqlschema"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/uptrace/bun"
-	"github.com/uptrace/bun/migrate"
-)
-
-type addLabelExpressionToPlannedMaintenance struct {
-	sqlstore  sqlstore.SQLStore
-	sqlschema sqlschema.SQLSchema
-}
-
-func NewAddLabelExpressionToPlannedMaintenanceFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
-	return factory.NewProviderFactory(
-		factory.MustNewName("add_label_expr_to_planned"),
-		func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
-			return &addLabelExpressionToPlannedMaintenance{
-				sqlstore:  sqlstore,
-				sqlschema: sqlschema,
-			}, nil
-		},
-	)
-}
-
-func (migration *addLabelExpressionToPlannedMaintenance) Register(migrations *migrate.Migrations) error {
-	if err := migrations.Register(migration.Up, migration.Down); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (migration *addLabelExpressionToPlannedMaintenance) Up(ctx context.Context, db *bun.DB) error {
-	tx, err := db.BeginTx(ctx, nil)
-	if err != nil {
-		return err
-	}
-
-	defer func() {
-		_ = tx.Rollback()
-	}()
-
-	table, _, err := migration.sqlschema.GetTable(ctx, sqlschema.TableName("planned_maintenance"))
-	if err != nil {
-		return err
-	}
-
-	column := &sqlschema.Column{
-		Name:     sqlschema.ColumnName("label_expression"),
-		DataType: sqlschema.DataTypeText,
-		Nullable: true,
-	}
-
-	sqls := migration.sqlschema.Operator().AddColumn(table, nil, column, nil)
-	for _, sql := range sqls {
-		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
-			return err
-		}
-	}
-
-	return tx.Commit()
-}
-
-func (migration *addLabelExpressionToPlannedMaintenance) Down(ctx context.Context, db *bun.DB) error {
-	tx, err := db.BeginTx(ctx, nil)
-	if err != nil {
-		return err
-	}
-
-	defer func() {
-		_ = tx.Rollback()
-	}()
-
-	table, _, err := migration.sqlschema.GetTable(ctx, sqlschema.TableName("planned_maintenance"))
-	if err != nil {
-		return err
-	}
-
-	column := &sqlschema.Column{
-		Name:     sqlschema.ColumnName("label_expression"),
-		DataType: sqlschema.DataTypeText,
-		Nullable: true,
-	}
-
-	sqls := migration.sqlschema.Operator().DropColumn(table, column)
-	for _, sql := range sqls {
-		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
-			return err
-		}
-	}
-
-	return tx.Commit()
-}

pkg/sqlmigration/078_add_tags.go

@@ -0,0 +1,103 @@
+package sqlmigration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addTags struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewAddTagsFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(factory.MustNewName("add_tags"), func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+		return &addTags{
+			sqlstore:  sqlstore,
+			sqlschema: sqlschema,
+		}, nil
+	})
+}
+
+func (migration *addTags) Register(migrations *migrate.Migrations) error {
+	return migrations.Register(migration.Up, migration.Down)
+}
+
+func (migration *addTags) Up(ctx context.Context, db *bun.DB) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	sqls := [][]byte{}
+
+	tagTableSQLs := migration.sqlschema.Operator().CreateTable(&sqlschema.Table{
+		Name: "tag",
+		Columns: []*sqlschema.Column{
+			{Name: "id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "name", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "internal_name", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "org_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "created_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false},
+			{Name: "created_by", DataType: sqlschema.DataTypeText, Nullable: true},
+			{Name: "updated_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false},
+			{Name: "updated_by", DataType: sqlschema.DataTypeText, Nullable: true},
+		},
+		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{ColumnNames: []sqlschema.ColumnName{"id"}},
+		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
+			{
+				ReferencingColumnName: sqlschema.ColumnName("org_id"),
+				ReferencedTableName:   sqlschema.TableName("organizations"),
+				ReferencedColumnName:  sqlschema.ColumnName("id"),
+			},
+		},
+	})
+	sqls = append(sqls, tagTableSQLs...)
+
+	tagUniqueIndexSQL := migration.sqlschema.Operator().CreateIndex(
+		&sqlschema.UniqueIndex{
+			TableName:   "tag",
+			ColumnNames: []sqlschema.ColumnName{"org_id", "internal_name"},
+		})
+	sqls = append(sqls, tagUniqueIndexSQL...)
+
+	tagRelationsTableSQLs := migration.sqlschema.Operator().CreateTable(&sqlschema.Table{
+		Name: "tag_relations",
+		Columns: []*sqlschema.Column{
+			{Name: "entity_type", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "entity_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "tag_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "org_id", DataType: sqlschema.DataTypeText, Nullable: false},
+		},
+		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{ColumnNames: []sqlschema.ColumnName{"entity_id", "tag_id"}},
+		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
+			{
+				ReferencingColumnName: sqlschema.ColumnName("org_id"),
+				ReferencedTableName:   sqlschema.TableName("organizations"),
+				ReferencedColumnName:  sqlschema.ColumnName("id"),
+			},
+		},
+	})
+	sqls = append(sqls, tagRelationsTableSQLs...)
+
+	for _, sql := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	return tx.Commit()
+}
+
+func (migration *addTags) Down(_ context.Context, _ *bun.DB) error {
+	return nil
+}

pkg/sqlmigration/079_add_dashboard_soft_delete.go

@@ -0,0 +1,59 @@
+package sqlmigration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addDashboardSoftDelete struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewAddDashboardSoftDeleteFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(factory.MustNewName("add_dashboard_soft_delete"), func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+		return &addDashboardSoftDelete{
+			sqlstore:  sqlstore,
+			sqlschema: sqlschema,
+		}, nil
+	})
+}
+
+func (migration *addDashboardSoftDelete) Register(migrations *migrate.Migrations) error {
+	return migrations.Register(migration.Up, migration.Down)
+}
+
+func (migration *addDashboardSoftDelete) Up(ctx context.Context, db *bun.DB) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	dashboardTable := &sqlschema.Table{Name: "dashboard"}
+	sqls := [][]byte{}
+	sqls = append(sqls, migration.sqlschema.Operator().AddColumn(
+		dashboardTable, nil,
+		&sqlschema.Column{Name: "deleted_at", DataType: sqlschema.DataTypeTimestamp, Nullable: true}, nil,
+	)...)
+	sqls = append(sqls, migration.sqlschema.Operator().AddColumn(
+		dashboardTable, nil,
+		&sqlschema.Column{Name: "deleted_by", DataType: sqlschema.DataTypeText, Nullable: true}, nil,
+	)...)
+
+	for _, sql := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+	return tx.Commit()
+}
+
+func (migration *addDashboardSoftDelete) Down(_ context.Context, _ *bun.DB) error {
+	return nil
+}

pkg/types/alertmanagertypes/alert.go

@@ -170,7 +170,6 @@ func NewGettableAlertsFromAlertProvider(
 	cfg *Config,
 	getAlertStatusFunc func(model.Fingerprint) types.AlertStatus,
 	setAlertStatusFunc func(model.LabelSet),
-	mutedByFunc func(model.LabelSet) []string,
 	params GettableAlertsParams,
 ) (GettableAlerts, error) {
 	res := GettableAlerts{}
@@ -220,7 +219,7 @@ func NewGettableAlertsFromAlertProvider(
 			continue
 		}
 
-		alert := v2.AlertToOpenAPIAlert(alertData, getAlertStatusFunc(alertData.Fingerprint()), receivers, mutedByFunc(alertData.Labels))
+		alert := v2.AlertToOpenAPIAlert(alertData, getAlertStatusFunc(alertData.Fingerprint()), receivers, nil)
 
 		res = append(res, alert)
 	}

pkg/types/alertmanagertypes/marker.go

@@ -0,0 +1,12 @@
+package alertmanagertypes
+
+import (
+	"github.com/prometheus/alertmanager/types"
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+type MemMarker = types.MemMarker
+
+func NewMarker(r prometheus.Registerer) *MemMarker {
+	return types.NewMarker(r)
+}

pkg/types/auditable.go

@@ -11,3 +11,8 @@ type UserAuditable struct {
 	CreatedBy string `bun:"created_by,type:text" json:"createdBy"`
 	UpdatedBy string `bun:"updated_by,type:text" json:"updatedBy"`
 }
+
+type DeleteAuditable struct {
+	DeletedBy string    `bun:"deleted_by,type:text,nullzero" json:"deletedBy,omitempty"`
+	DeletedAt time.Time `bun:"deleted_at,nullzero" json:"deletedAt,omitzero"`
+}

pkg/types/authtypes/domain.go

@@ -30,7 +30,7 @@ var (
 
 type GettableAuthDomain struct {
 	StorableAuthDomain
-	AuthDomainConfig
+	Config            AuthDomainConfig   `json:"config"`
 	AuthNProviderInfo *AuthNProviderInfo `json:"authNProviderInfo"`
 }
 
@@ -43,7 +43,7 @@ type PostableAuthDomain struct {
 	Name   string           `json:"name"`
 }
 
-type UpdateableAuthDomain struct {
+type UpdatableAuthDomain struct {
 	Config AuthDomainConfig `json:"config"`
 }
 
@@ -121,7 +121,7 @@ func NewAuthDomainFromStorableAuthDomain(storableAuthDomain *StorableAuthDomain)
 func NewGettableAuthDomainFromAuthDomain(authDomain *AuthDomain, authNProviderInfo *AuthNProviderInfo) *GettableAuthDomain {
 	return &GettableAuthDomain{
 		StorableAuthDomain: *authDomain.StorableAuthDomain(),
-		AuthDomainConfig:   *authDomain.AuthDomainConfig(),
+		Config:             *authDomain.AuthDomainConfig(),
 		AuthNProviderInfo:  authNProviderInfo,
 	}
 }

pkg/types/dashboardtypes/dashboard.go

@@ -11,6 +11,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -19,6 +20,8 @@ var (
 	TypeableMetaResourceDashboard       = authtypes.MustNewTypeableMetaResource(authtypes.MustNewName("dashboard"))
 	TypeableMetaResourcePublicDashboard = authtypes.MustNewTypeableMetaResource(authtypes.MustNewName("public-dashboard"))
 	TypeableMetaResourcesDashboards     = authtypes.MustNewTypeableMetaResources(authtypes.MustNewName("dashboards"))
+
+	EntityTypeDashboard = tagtypes.MustNewEntityType("dashboard")
 )
 
 var (
@@ -34,6 +37,7 @@ type StorableDashboard struct {
 	types.Identifiable
 	types.TimeAuditable
 	types.UserAuditable
+	types.DeleteAuditable
 	Data   StorableDashboardData `bun:"data,type:text,notnull"`
 	Locked bool                  `bun:"locked,notnull,default:false"`
 	OrgID  valuer.UUID           `bun:"org_id,notnull"`

pkg/types/dashboardtypes/dashboard_v2.go

@@ -1,262 +0,0 @@
-package dashboardtypes
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"slices"
-	"strings"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	qb "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
-	"github.com/go-playground/validator/v10"
-	v1 "github.com/perses/perses/pkg/model/api/v1"
-	"github.com/perses/perses/pkg/model/api/v1/common"
-	"github.com/perses/perses/pkg/model/api/v1/dashboard"
-)
-
-// StorableDashboardDataV2 wraps v1.DashboardSpec (Perses) with additional SigNoz-specific fields.
-//
-// We embed DashboardSpec (not v1.Dashboard) to avoid carrying Perses's Metadata
-// (Name, Project, CreatedAt, UpdatedAt, Tags, Version) and Kind field. SigNoz
-// manages identity (ID), timestamps (TimeAuditable), and multi-tenancy (OrgID)
-// separately on StorableDashboardV2/DashboardV2.
-//
-// The following v1 request fields map to locations inside v1.DashboardSpec:
-//   - title       → Display.Name          (common.Display)
-//   - description → Display.Description   (common.Display)
-//
-// Fields that have no Perses equivalent will be added in this wrapper (like image, uploadGrafana, etc.)
-type StorableDashboardDataV2 = v1.DashboardSpec
-
-// UnmarshalAndValidateDashboardV2JSON unmarshals the JSON into a StorableDashboardDataV2
-// (= PostableDashboardV2 = UpdatableDashboardV2) and validates plugin kinds and specs.
-func UnmarshalAndValidateDashboardV2JSON(data []byte) (*StorableDashboardDataV2, error) {
-	var d StorableDashboardDataV2
-	// Note: DashboardSpec has a custom UnmarshalJSON which prevents
-	// DisallowUnknownFields from working at the top level. Unknown
-	// fields in plugin specs are still rejected by validateAndNormalizePluginSpec.
-	if err := json.Unmarshal(data, &d); err != nil {
-		return nil, err
-	}
-	if err := validateDashboardV2(d); err != nil {
-		return nil, err
-	}
-	return &d, nil
-}
-
-// Plugin kind → spec type factory. Each value is a pointer to the zero value of the
-// expected spec struct. validatePluginSpec marshals plugin.Spec back to JSON and
-// unmarshals into the typed struct to catch field-level errors.
-var (
-	panelPluginSpecs = map[PanelPluginKind]func() any{
-		PanelKindTimeSeries: func() any { return new(TimeSeriesPanelSpec) },
-		PanelKindBarChart:   func() any { return new(BarChartPanelSpec) },
-		PanelKindNumber:     func() any { return new(NumberPanelSpec) },
-		PanelKindPieChart:   func() any { return new(PieChartPanelSpec) },
-		PanelKindTable:      func() any { return new(TablePanelSpec) },
-		PanelKindHistogram:  func() any { return new(HistogramPanelSpec) },
-		PanelKindList:       func() any { return new(ListPanelSpec) },
-	}
-	queryPluginSpecs = map[QueryPluginKind]func() any{
-		QueryKindBuilder:       func() any { return new(BuilderQuerySpec) },
-		QueryKindComposite:     func() any { return new(CompositeQuerySpec) },
-		QueryKindFormula:       func() any { return new(FormulaSpec) },
-		QueryKindPromQL:        func() any { return new(PromQLQuerySpec) },
-		QueryKindClickHouseSQL: func() any { return new(ClickHouseSQLQuerySpec) },
-		QueryKindTraceOperator: func() any { return new(TraceOperatorSpec) },
-	}
-	variablePluginSpecs = map[VariablePluginKind]func() any{
-		VariableKindDynamic: func() any { return new(DynamicVariableSpec) },
-		VariableKindQuery:   func() any { return new(QueryVariableSpec) },
-		VariableKindCustom:  func() any { return new(CustomVariableSpec) },
-		VariableKindTextbox: func() any { return new(TextboxVariableSpec) },
-	}
-	datasourcePluginSpecs = map[DatasourcePluginKind]func() any{
-		DatasourceKindSigNoz: func() any { return new(struct{}) },
-	}
-
-	// allowedQueryKinds maps each panel plugin kind to the query plugin
-	// kinds it supports. Composite sub-query types are mapped to these
-	// same kind strings via compositeSubQueryTypeToPluginKind.
-	allowedQueryKinds = map[PanelPluginKind][]QueryPluginKind{
-		PanelKindTimeSeries: {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindPromQL, QueryKindClickHouseSQL},
-		PanelKindBarChart:   {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindPromQL, QueryKindClickHouseSQL},
-		PanelKindNumber:     {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindPromQL, QueryKindClickHouseSQL},
-		PanelKindHistogram:  {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindPromQL, QueryKindClickHouseSQL},
-		PanelKindPieChart:   {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindClickHouseSQL},
-		PanelKindTable:      {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindClickHouseSQL},
-		PanelKindList:       {QueryKindBuilder},
-	}
-
-	// compositeSubQueryTypeToPluginKind maps CompositeQuery sub-query type
-	// strings to the equivalent top-level query plugin kind for validation.
-	compositeSubQueryTypeToPluginKind = map[qb.QueryType]QueryPluginKind{
-		qb.QueryTypeBuilder:       QueryKindBuilder,
-		qb.QueryTypeFormula:       QueryKindFormula,
-		qb.QueryTypeTraceOperator: QueryKindTraceOperator,
-		qb.QueryTypePromQL:        QueryKindPromQL,
-		qb.QueryTypeClickHouseSQL: QueryKindClickHouseSQL,
-	}
-)
-
-func validateDashboardV2(d StorableDashboardDataV2) error {
-	for name, ds := range d.Datasources {
-		if err := validateDatasourcePlugin(&ds.Plugin, fmt.Sprintf("spec.datasources.%s.plugin", name)); err != nil {
-			return err
-		}
-	}
-
-	for i, v := range d.Variables {
-		if err := validateVariablePlugin(v, fmt.Sprintf("spec.variables[%d]", i)); err != nil {
-			return err
-		}
-	}
-
-	for key, panel := range d.Panels {
-		if panel == nil {
-			return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "spec.panels.%s: panel must not be null", key)
-		}
-		path := fmt.Sprintf("spec.panels.%s", key)
-		if err := validatePanelPlugin(&panel.Spec.Plugin, path+".spec.plugin"); err != nil {
-			return err
-		}
-		panelKind := PanelPluginKind(panel.Spec.Plugin.Kind)
-		allowed := allowedQueryKinds[panelKind]
-		for qi := range panel.Spec.Queries {
-			queryPath := fmt.Sprintf("%s.spec.queries[%d].spec.plugin", path, qi)
-			if err := validateQueryPlugin(&panel.Spec.Queries[qi].Spec.Plugin, queryPath); err != nil {
-				return err
-			}
-			if err := validateQueryAllowedForPanel(panel.Spec.Queries[qi].Spec.Plugin, allowed, panelKind, queryPath); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-func validateDatasourcePlugin(plugin *common.Plugin, path string) error {
-	kind := DatasourcePluginKind(plugin.Kind)
-	factory, ok := datasourcePluginSpecs[kind]
-	if !ok {
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput,
-			"%s: unknown datasource plugin kind %q; allowed values: %s", path, kind, formatEnum(kind.Enum()))
-	}
-	return validateAndNormalizePluginSpec(plugin, factory, path)
-}
-
-func validateVariablePlugin(v dashboard.Variable, path string) error {
-	switch spec := v.Spec.(type) {
-	case *dashboard.ListVariableSpec:
-		pluginPath := path + ".spec.plugin"
-		kind := VariablePluginKind(spec.Plugin.Kind)
-		factory, ok := variablePluginSpecs[kind]
-		if !ok {
-			return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput,
-				"%s: unknown variable plugin kind %q; allowed values: %s", pluginPath, kind, formatEnum(kind.Enum()))
-		}
-		return validateAndNormalizePluginSpec(&spec.Plugin, factory, pluginPath)
-	case *dashboard.TextVariableSpec:
-		// TextVariables have no plugin, nothing to validate.
-		return nil
-	default:
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "%s: unsupported variable kind %q", path, v.Kind)
-	}
-}
-
-func validatePanelPlugin(plugin *common.Plugin, path string) error {
-	kind := PanelPluginKind(plugin.Kind)
-	factory, ok := panelPluginSpecs[kind]
-	if !ok {
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput,
-			"%s: unknown panel plugin kind %q; allowed values: %s", path, kind, formatEnum(kind.Enum()))
-	}
-	return validateAndNormalizePluginSpec(plugin, factory, path)
-}
-
-func validateQueryPlugin(plugin *common.Plugin, path string) error {
-	kind := QueryPluginKind(plugin.Kind)
-	factory, ok := queryPluginSpecs[kind]
-	if !ok {
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput,
-			"%s: unknown query plugin kind %q; allowed values: %s", path, kind, formatEnum(kind.Enum()))
-	}
-	return validateAndNormalizePluginSpec(plugin, factory, path)
-}
-
-func formatEnum(values []any) string {
-	parts := make([]string, len(values))
-	for i, v := range values {
-		parts[i] = fmt.Sprintf("`%v`", v)
-	}
-	return strings.Join(parts, ", ")
-}
-
-// validateAndNormalizePluginSpec validates the plugin spec and writes the typed
-// struct (with defaults) back into plugin.Spec so that DB storage and API
-// responses contain normalized values.
-func validateAndNormalizePluginSpec(plugin *common.Plugin, factory func() any, path string) error {
-	if plugin.Kind == "" {
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "%s: plugin kind is required", path)
-	}
-	if plugin.Spec == nil {
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "%s: plugin spec is required", path)
-	}
-	// Re-marshal the spec and unmarshal into the typed struct.
-	specJSON, err := json.Marshal(plugin.Spec)
-	if err != nil {
-		return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s.spec", path)
-	}
-	target := factory()
-	decoder := json.NewDecoder(bytes.NewReader(specJSON))
-	decoder.DisallowUnknownFields()
-	if err := decoder.Decode(target); err != nil {
-		return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s.spec", path)
-	}
-	if err := validator.New().Struct(target); err != nil {
-		return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s.spec", path)
-	}
-	// Write the typed struct back so defaults are included.
-	plugin.Spec = target
-	return nil
-}
-
-// validateQueryAllowedForPanel checks that the query plugin kind is permitted
-// for the given panel. For composite queries it recurses into sub-queries.
-func validateQueryAllowedForPanel(plugin common.Plugin, allowed []QueryPluginKind, panelKind PanelPluginKind, path string) error {
-	queryKind := QueryPluginKind(plugin.Kind)
-	if !slices.Contains(allowed, queryKind) {
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput,
-			"%s: query kind %q is not supported by panel kind %q", path, queryKind, panelKind)
-	}
-
-	// For composite queries, validate each sub-query type.
-	if queryKind == QueryKindComposite && plugin.Spec != nil {
-		specJSON, err := json.Marshal(plugin.Spec)
-		if err != nil {
-			return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s.spec", path)
-		}
-		var composite struct {
-			Queries []struct {
-				Type qb.QueryType `json:"type"`
-			} `json:"queries"`
-		}
-		if err := json.Unmarshal(specJSON, &composite); err != nil {
-			return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s.spec", path)
-		}
-		for si, sub := range composite.Queries {
-			pluginKind, ok := compositeSubQueryTypeToPluginKind[sub.Type]
-			if !ok {
-				continue
-			}
-			if !slices.Contains(allowed, pluginKind) {
-				return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput,
-					"%s.spec.queries[%d]: sub-query type %q is not supported by panel kind %q",
-					path, si, sub.Type, panelKind)
-			}
-		}
-	}
-	return nil
-}

pkg/types/dashboardtypes/perses_dashboard.go

@@ -0,0 +1,326 @@
+package dashboardtypes
+
+import (
+	"bytes"
+	"encoding/json"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/swaggest/jsonschema-go"
+	jsonpatch "gopkg.in/evanphx/json-patch.v4"
+)
+
+const (
+	SchemaVersion       = "v6"
+	MaxTagsPerDashboard = 5
+)
+
+type DashboardV2 struct {
+	types.Identifiable
+	types.TimeAuditable
+	types.UserAuditable
+
+	OrgID        valuer.UUID      `json:"orgId"`
+	Locked       bool             `json:"locked"`
+	Info         DashboardInfo    `json:"info"`
+	PublicConfig *PublicDashboard `json:"publicConfig,omitempty"`
+}
+
+// DashboardInfo is the serializable view of a dashboard's contents — what the UI renders as "the dashboard JSON".
+type DashboardInfo struct {
+	StoredDashboardInfo
+	Tags []*tagtypes.Tag `json:"tags,omitempty"`
+}
+
+// StoredDashboardInfo is exactly what serializes into the dashboard.data column.
+type StoredDashboardInfo struct {
+	Metadata DashboardMetadata `json:"metadata"`
+	Data     DashboardData     `json:"data"`
+}
+
+type DashboardMetadata struct {
+	SchemaVersion   string `json:"schemaVersion"`
+	Image           string `json:"image,omitempty"`
+	UploadedGrafana bool   `json:"uploadedGrafana"`
+}
+
+type PostableDashboardV2 struct {
+	StoredDashboardInfo
+	Tags []tagtypes.PostableTag `json:"tags,omitempty"`
+}
+
+type UpdateableDashboardV2 = PostableDashboardV2
+
+// PatchableDashboardV2 is an RFC 6902 JSON Patch document applied against a
+// PostableDashboardV2-shaped view of an existing dashboard. Patch ops can
+// target any field — including individual entries inside `data.panels`,
+// `data.panels.<id>.spec.queries`, or `tags` — without re-sending the rest of
+// the dashboard.
+type PatchableDashboardV2 struct {
+	patch jsonpatch.Patch
+}
+
+// JSONPatchDocument is the OpenAPI-facing schema for an RFC 6902 patch body.
+// PatchableDashboardV2 has only an internal `jsonpatch.Patch` field, so the
+// reflector would emit an empty schema; the handler def points at this type
+// instead so consumers see the array-of-ops shape.
+type JSONPatchDocument []JSONPatchOperation
+
+// JSONPatchOperation is one RFC 6902 op. Not every field is valid on every
+// op kind (e.g. `value` is required for add/replace/test, ignored for remove;
+// `from` is required for move/copy) — the JSON Patch RFC governs that.
+type JSONPatchOperation struct {
+	Op    string `json:"op" required:"true"`
+	Path  string `json:"path" required:"true" description:"JSON Pointer (RFC 6901) into the dashboard's postable shape — e.g. /data/display/name, /data/panels/<id>, /data/panels/<id>/spec/queries/0, /tags/-."`
+	Value any    `json:"value,omitempty" description:"Value to add/replace/test against. The expected type depends on the path — a string for /data/display/name, a Panel for /data/panels/<id>, a PostableTag for /tags/-, etc. Required for add/replace/test; ignored for remove/move/copy."`
+	From  string `json:"from,omitempty" description:"Source JSON Pointer for move/copy ops; ignored for other ops."`
+}
+
+// PrepareJSONSchema constrains the `op` field to the six RFC 6902 verbs.
+func (JSONPatchOperation) PrepareJSONSchema(s *jsonschema.Schema) error {
+	op, ok := s.Properties["op"]
+	if !ok || op.TypeObject == nil {
+		return errors.NewInternalf(errors.CodeInternal, "JSONPatchOperation schema missing `op` property")
+	}
+	op.TypeObject.WithEnum("add", "remove", "replace", "move", "copy", "test")
+	s.Properties["op"] = op
+	return nil
+}
+
+func (p *PatchableDashboardV2) UnmarshalJSON(data []byte) error {
+	patch, err := jsonpatch.DecodePatch(data)
+	if err != nil {
+		return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s", err.Error())
+	}
+	p.patch = patch
+	return nil
+}
+
+// patchableDashboardV2View is the JSON shape a patch is applied against.
+// It mirrors PostableDashboardV2 except `tags` is always emitted (even when
+// empty) — RFC 6902 `add /tags/-` requires the array to exist in the target
+// document, and PostableDashboardV2's own `omitempty` on tags would drop it.
+type patchableDashboardV2View struct {
+	StoredDashboardInfo
+	Tags []tagtypes.PostableTag `json:"tags"`
+}
+
+// Apply runs the patch against the existing dashboard. The dashboard is
+// projected into the postable JSON shape, the patch is applied, and the
+// result is decoded back into an UpdateableDashboardV2 — which re-runs
+// the full v2 validation chain.
+func (p PatchableDashboardV2) Apply(existing *DashboardV2) (*UpdateableDashboardV2, error) {
+	postableTags := make([]tagtypes.PostableTag, len(existing.Info.Tags))
+	for i, t := range existing.Info.Tags {
+		postableTags[i] = tagtypes.PostableTag{Name: t.Name}
+	}
+	base := patchableDashboardV2View{
+		StoredDashboardInfo: existing.Info.StoredDashboardInfo,
+		Tags:                postableTags,
+	}
+	raw, err := json.Marshal(base)
+	if err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "marshal existing dashboard for patch")
+	}
+	patched, err := p.patch.Apply(raw)
+	if err != nil {
+		return nil, errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s", err.Error())
+	}
+	out := &UpdateableDashboardV2{}
+	if err := json.Unmarshal(patched, out); err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (p *PostableDashboardV2) UnmarshalJSON(data []byte) error {
+	dec := json.NewDecoder(bytes.NewReader(data))
+	dec.DisallowUnknownFields()
+	type alias PostableDashboardV2
+	var tmp alias
+	if err := dec.Decode(&tmp); err != nil {
+		return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s", err.Error())
+	}
+	*p = PostableDashboardV2(tmp)
+	return p.Validate()
+}
+
+func (p *PostableDashboardV2) Validate() error {
+	if p.Metadata.SchemaVersion != SchemaVersion {
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "metadata.schemaVersion must be %q, got %q", SchemaVersion, p.Metadata.SchemaVersion)
+	}
+	if p.Data.Display == nil || p.Data.Display.Name == "" {
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "data.display.name is required")
+	}
+	if len(p.Tags) > MaxTagsPerDashboard {
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "a dashboard can have at most %d tags", MaxTagsPerDashboard)
+	}
+	return p.Data.Validate()
+}
+
+type GettableDashboardV2 struct {
+	types.Identifiable
+	types.TimeAuditable
+	types.UserAuditable
+
+	OrgID        valuer.UUID               `json:"orgId"`
+	Locked       bool                      `json:"locked"`
+	Info         GettableDashboardInfo     `json:"info"`
+	PublicConfig *GettablePublicDasbhboard `json:"publicConfig,omitempty"`
+}
+
+type GettableDashboardInfo struct {
+	StoredDashboardInfo
+	Tags []*tagtypes.GettableTag `json:"tags,omitempty"`
+}
+
+func NewGettableDashboardV2FromDashboardV2(dashboard *DashboardV2) *GettableDashboardV2 {
+	gettable := &GettableDashboardV2{
+		Identifiable:  dashboard.Identifiable,
+		TimeAuditable: dashboard.TimeAuditable,
+		UserAuditable: dashboard.UserAuditable,
+		OrgID:         dashboard.OrgID,
+		Locked:        dashboard.Locked,
+		Info: GettableDashboardInfo{
+			StoredDashboardInfo: dashboard.Info.StoredDashboardInfo,
+			Tags:                tagtypes.NewGettableTagsFromTags(dashboard.Info.Tags),
+		},
+	}
+	if dashboard.PublicConfig != nil {
+		gettable.PublicConfig = NewGettablePublicDashboard(dashboard.PublicConfig)
+	}
+	return gettable
+}
+
+func NewDashboardV2(orgID valuer.UUID, createdBy string, postable PostableDashboardV2, resolvedTags []*tagtypes.Tag) *DashboardV2 {
+	now := time.Now()
+
+	return &DashboardV2{
+		Identifiable:  types.Identifiable{ID: valuer.GenerateUUID()},
+		TimeAuditable: types.TimeAuditable{CreatedAt: now, UpdatedAt: now},
+		UserAuditable: types.UserAuditable{CreatedBy: createdBy, UpdatedBy: createdBy},
+		OrgID:         orgID,
+		Locked:        false,
+		Info: DashboardInfo{
+			StoredDashboardInfo: StoredDashboardInfo{
+				Metadata: postable.Metadata,
+				Data:     postable.Data,
+			},
+			Tags: resolvedTags,
+		},
+	}
+}
+
+// rejects rows that don't carry a v2-shape blob — those are pre-migration v1 dashboards that the v2 API can't render.
+func NewDashboardV2FromStorable(storable *StorableDashboard, public *StorablePublicDashboard, tags []*tagtypes.Tag) (*DashboardV2, error) {
+	metadata, _ := storable.Data["metadata"].(map[string]any)
+	if metadata == nil || metadata["schemaVersion"] != SchemaVersion {
+		return nil, errors.Newf(errors.TypeUnsupported, ErrCodeDashboardInvalidData, "dashboard %s is not in %s schema", storable.ID, SchemaVersion)
+	}
+
+	raw, err := json.Marshal(storable.Data)
+	if err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "marshal stored v2 dashboard data")
+	}
+	var stored StoredDashboardInfo
+	if err := json.Unmarshal(raw, &stored); err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "unmarshal stored v2 dashboard data")
+	}
+
+	var publicConfig *PublicDashboard
+	if public != nil {
+		publicConfig = NewPublicDashboardFromStorablePublicDashboard(public)
+	}
+
+	return &DashboardV2{
+		Identifiable:  storable.Identifiable,
+		TimeAuditable: storable.TimeAuditable,
+		UserAuditable: storable.UserAuditable,
+		OrgID:         storable.OrgID,
+		Locked:        storable.Locked,
+		Info: DashboardInfo{
+			StoredDashboardInfo: stored,
+			Tags:                tags,
+		},
+		PublicConfig: publicConfig,
+	}, nil
+}
+
+func (d *DashboardV2) CanLockUnlock(lock bool, isAdmin bool, updatedBy string) error {
+	if d.CreatedBy != updatedBy && !isAdmin {
+		return errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "you are not authorized to lock/unlock this dashboard")
+	}
+	if d.Locked == lock {
+		if lock {
+			return errors.Newf(errors.TypeAlreadyExists, errors.CodeAlreadyExists, "dashboard is already locked")
+		}
+		return errors.Newf(errors.TypeAlreadyExists, errors.CodeAlreadyExists, "dashboard is already unlocked")
+	}
+	return nil
+}
+
+func (d *DashboardV2) LockUnlock(lock bool, isAdmin bool, updatedBy string) error {
+	if err := d.CanLockUnlock(lock, isAdmin, updatedBy); err != nil {
+		return err
+	}
+	d.Locked = lock
+	d.UpdatedBy = updatedBy
+	d.UpdatedAt = time.Now()
+	return nil
+}
+
+func (d *DashboardV2) CanUpdate() error {
+	if d.Locked {
+		return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "cannot update a locked dashboard, please unlock the dashboard to update")
+	}
+	return nil
+}
+
+func (d *DashboardV2) CanDelete() error {
+	return d.CanUpdate()
+}
+
+func (d *DashboardV2) Update(updateable UpdateableDashboardV2, updatedBy string, resolvedTags []*tagtypes.Tag) error {
+	if err := d.CanUpdate(); err != nil {
+		return err
+	}
+	d.Info.Metadata = updateable.Metadata
+	d.Info.Data = updateable.Data
+	d.Info.Tags = resolvedTags
+	d.UpdatedBy = updatedBy
+	d.UpdatedAt = time.Now()
+	return nil
+}
+
+// ToStorableDashboard packages a Dashboard into the bun row that goes into
+// the dashboard table. Tags are intentionally omitted — they live in
+// tag_relations and are inserted separately by the caller.
+func (d *DashboardV2) ToStorableDashboard() (*StorableDashboard, error) {
+	data, err := d.Info.toStorableDashboardData()
+	if err != nil {
+		return nil, err
+	}
+	return &StorableDashboard{
+		Identifiable:  types.Identifiable{ID: d.ID},
+		TimeAuditable: d.TimeAuditable,
+		UserAuditable: d.UserAuditable,
+		OrgID:         d.OrgID,
+		Locked:        d.Locked,
+		Data:          data,
+	}, nil
+}
+
+func (s StoredDashboardInfo) toStorableDashboardData() (StorableDashboardData, error) {
+	raw, err := json.Marshal(s)
+	if err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "marshal v2 dashboard data")
+	}
+	out := StorableDashboardData{}
+	if err := json.Unmarshal(raw, &out); err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "unmarshal v2 dashboard data")
+	}
+	return out, nil
+}

pkg/types/dashboardtypes/perses_dashboard_data.go

@@ -0,0 +1,107 @@
+package dashboardtypes
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"slices"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	qb "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	v1 "github.com/perses/perses/pkg/model/api/v1"
+	"github.com/perses/perses/pkg/model/api/v1/common"
+)
+
+// DashboardData is the SigNoz dashboard v2 spec shape. It mirrors
+// v1.DashboardSpec (Perses) field-for-field, except every common.Plugin
+// occurrence is replaced with a typed SigNoz plugin whose OpenAPI schema is a
+// per-site discriminated oneOf.
+type DashboardData struct {
+	Display         *common.Display            `json:"display,omitempty"`
+	Datasources     map[string]*DatasourceSpec `json:"datasources,omitempty"`
+	Variables       []Variable                 `json:"variables,omitempty"`
+	Panels          map[string]*Panel          `json:"panels"`
+	Layouts         []Layout                   `json:"layouts"`
+	Duration        common.DurationString      `json:"duration"`
+	RefreshInterval common.DurationString      `json:"refreshInterval,omitempty"`
+	Links           []v1.Link                  `json:"links,omitempty"`
+}
+
+// ══════════════════════════════════════════════
+// Unmarshal + validate entry point
+// ══════════════════════════════════════════════
+
+func (d *DashboardData) UnmarshalJSON(data []byte) error {
+	dec := json.NewDecoder(bytes.NewReader(data))
+	dec.DisallowUnknownFields()
+	type alias DashboardData
+	var tmp alias
+	if err := dec.Decode(&tmp); err != nil {
+		return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "invalid dashboard spec")
+	}
+	*d = DashboardData(tmp)
+	return d.Validate()
+}
+
+// ══════════════════════════════════════════════
+// Cross-field validation
+// ══════════════════════════════════════════════
+
+func (d *DashboardData) Validate() error {
+	for key, panel := range d.Panels {
+		if panel == nil {
+			return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "spec.panels.%s: panel must not be null", key)
+		}
+		path := fmt.Sprintf("spec.panels.%s", key)
+		panelKind := panel.Spec.Plugin.Kind
+		if len(panel.Spec.Queries) == 0 {
+			return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "%s.spec.queries: panel must have at least one query", path)
+		}
+		allowed := allowedQueryKinds[panelKind]
+		for qi, q := range panel.Spec.Queries {
+			queryPath := fmt.Sprintf("%s.spec.queries[%d].spec.plugin", path, qi)
+			if err := validateQueryAllowedForPanel(q.Spec.Plugin, allowed, panelKind, queryPath); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func validateQueryAllowedForPanel(plugin QueryPlugin, allowed []QueryPluginKind, panelKind PanelPluginKind, path string) error {
+	if !slices.Contains(allowed, plugin.Kind) {
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput,
+			"%s: query kind %q is not supported by panel kind %q", path, plugin.Kind, panelKind)
+	}
+
+	if plugin.Kind != QueryKindComposite {
+		return nil
+	}
+	composite, ok := plugin.Spec.(*CompositeQuerySpec)
+	if !ok || composite == nil {
+		// Unreachable via UnmarshalJSON; reaching here means a Go caller broke the Kind/Spec pairing.
+		return errors.NewInternalf(errors.CodeInternal, "%s: composite query plugin has unexpected spec type %T", path, plugin.Spec)
+	}
+	for si, sub := range composite.Queries {
+		subKind, ok := compositeSubQueryTypeToPluginKind[sub.Type]
+		if !ok {
+			continue
+		}
+		if !slices.Contains(allowed, subKind) {
+			return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput,
+				"%s.spec.queries[%d]: sub-query type %q is not supported by panel kind %q",
+				path, si, sub.Type, panelKind)
+		}
+	}
+	return nil
+}
+
+var (
+	compositeSubQueryTypeToPluginKind = map[qb.QueryType]QueryPluginKind{
+		qb.QueryTypeBuilder:       QueryKindBuilder,
+		qb.QueryTypeFormula:       QueryKindFormula,
+		qb.QueryTypeTraceOperator: QueryKindTraceOperator,
+		qb.QueryTypePromQL:        QueryKindPromQL,
+		qb.QueryTypeClickHouseSQL: QueryKindClickHouseSQL,
+	}
+)

pkg/types/dashboardtypes/perses_dashboard_patch_test.go

@@ -0,0 +1,521 @@
+package dashboardtypes
+
+import (
+	"encoding/json"
+	"strings"
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// basePostableJSON is the postable shape of a small but realistic v2
+// dashboard used as the base document for patch tests. Each panel carries
+// one builder query in the same shape production dashboards use
+// (aggregations, filter, groupBy populated), and the dashboard has one
+// variable — the variable is not patched in any test here, that's
+// covered in a separate variable-focused suite.
+const basePostableJSON = `{
+	"metadata": {"schemaVersion": "v6"},
+	"data": {
+		"display": {"name": "Service overview"},
+		"variables": [
+			{
+				"kind": "ListVariable",
+				"spec": {
+					"name": "service",
+					"allowAllValue": true,
+					"allowMultiple": false,
+					"plugin": {
+						"kind": "signoz/DynamicVariable",
+						"spec": {"name": "service.name", "signal": "metrics"}
+					}
+				}
+			}
+		],
+		"panels": {
+			"p1": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/TimeSeriesPanel", "spec": {}},
+					"queries": [
+						{
+							"kind": "TimeSeriesQuery",
+							"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+								"name": "A",
+								"signal": "metrics",
+								"aggregations": [{
+									"metricName": "signoz_calls_total",
+									"temporality": "cumulative",
+									"timeAggregation": "rate",
+									"spaceAggregation": "sum"
+								}],
+								"filter": {"expression": "service.name IN $service"},
+								"groupBy": [{"name": "service.name", "fieldDataType": "string", "fieldContext": "tag"}]
+							}}}
+						}
+					]
+				}
+			},
+			"p2": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/NumberPanel", "spec": {}},
+					"queries": [
+						{
+							"kind": "TimeSeriesQuery",
+							"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+								"name": "X",
+								"signal": "metrics",
+								"aggregations": [{
+									"metricName": "signoz_latency_count",
+									"temporality": "cumulative",
+									"timeAggregation": "rate",
+									"spaceAggregation": "sum"
+								}]
+							}}}
+						}
+					]
+				}
+			}
+		},
+		"layouts": [
+			{
+				"kind": "Grid",
+				"spec": {
+					"display": {"title": "Row 1"},
+					"items": [
+						{"x": 0, "y": 0, "width": 6, "height": 6, "content": {"$ref": "#/spec/panels/p1"}},
+						{"x": 6, "y": 0, "width": 6, "height": 6, "content": {"$ref": "#/spec/panels/p2"}}
+					]
+				}
+			}
+		],
+		"duration": "1h"
+	},
+	"tags": [{"name": "team/alpha"}, {"name": "env/prod"}]
+}`
+
+func TestPatchableDashboardV2_Apply(t *testing.T) {
+	// Apply doesn't mutate the input *DashboardV2 — it marshals it to
+	// JSON, applies the patch, and unmarshals the result into a fresh
+	// struct. Sharing one base across subtests is safe.
+	var p PostableDashboardV2
+	require.NoError(t, json.Unmarshal([]byte(basePostableJSON), &p), "base postable JSON must validate")
+	base := &DashboardV2{
+		Info: DashboardInfo{
+			StoredDashboardInfo: p.StoredDashboardInfo,
+			Tags: []*tagtypes.Tag{
+				{Name: "team/alpha", InternalName: "team::alpha"},
+				{Name: "env/prod", InternalName: "env::prod"},
+			},
+		},
+	}
+
+	decode := func(t *testing.T, body string) PatchableDashboardV2 {
+		t.Helper()
+		var patch PatchableDashboardV2
+		require.NoError(t, json.Unmarshal([]byte(body), &patch))
+		return patch
+	}
+
+	// jsonOf marshals the patched dashboard back to JSON so subtests can
+	// assert on field values without reaching into the typed plugin specs.
+	jsonOf := func(t *testing.T, out *UpdateableDashboardV2) string {
+		t.Helper()
+		raw, err := json.Marshal(out)
+		require.NoError(t, err)
+		return string(raw)
+	}
+
+	// ─────────────────────────────────────────────────────────────────
+	// Successful patches
+	// ─────────────────────────────────────────────────────────────────
+
+	t.Run("no-op preserves all fields", func(t *testing.T) {
+		out, err := decode(t, `[]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, base.Info.Metadata, out.Metadata)
+		assert.Equal(t, base.Info.Data.Display.Name, out.Data.Display.Name)
+		require.Equal(t, len(base.Info.Data.Panels), len(out.Data.Panels))
+		for k, panel := range base.Info.Data.Panels {
+			require.Contains(t, out.Data.Panels, k)
+			assert.Equal(t, panel.Spec.Plugin.Kind, out.Data.Panels[k].Spec.Plugin.Kind)
+		}
+		assert.Len(t, out.Tags, len(base.Info.Tags))
+		assert.Len(t, out.Data.Variables, len(base.Info.Data.Variables))
+		assert.Len(t, out.Data.Layouts, len(base.Info.Data.Layouts))
+	})
+
+	t.Run("add metadata image", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "add", "path": "/metadata/image", "value": "https://example.com/img.png"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "https://example.com/img.png", out.Metadata.Image)
+		assert.Equal(t, SchemaVersion, out.Metadata.SchemaVersion, "schemaVersion preserved")
+	})
+
+	t.Run("replace display name", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/data/display/name", "value": "Renamed"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "Renamed", out.Data.Display.Name)
+	})
+
+	// Per RFC 6902 § 4.1, `add` on an existing object member replaces the
+	// existing value rather than erroring — same effect as `replace`.
+	t.Run("add overwrites existing display name", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "add", "path": "/data/display/name", "value": "Overwritten"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "Overwritten", out.Data.Display.Name)
+	})
+
+	t.Run("add data refreshInterval", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "add", "path": "/data/refreshInterval", "value": "30s"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "30s", string(out.Data.RefreshInterval))
+	})
+
+	t.Run("add panel leaves others untouched", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "add",
+			"path": "/data/panels/p3",
+			"value": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/TablePanel", "spec": {}},
+					"queries": [{
+						"kind": "TimeSeriesQuery",
+						"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+							"name": "A",
+							"signal": "logs",
+							"aggregations": [{"expression": "count()"}]
+						}}}
+					}]
+				}
+			}
+		}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Len(t, out.Data.Panels, 3)
+		assert.Contains(t, out.Data.Panels, "p1")
+		assert.Contains(t, out.Data.Panels, "p2")
+		assert.Contains(t, out.Data.Panels, "p3")
+	})
+
+	t.Run("replace single panel", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "replace",
+			"path": "/data/panels/p2",
+			"value": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/BarChartPanel", "spec": {}},
+					"queries": [{
+						"kind": "TimeSeriesQuery",
+						"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+							"name": "A",
+							"signal": "metrics",
+							"aggregations": [{
+								"metricName": "signoz_calls_total",
+								"temporality": "cumulative",
+								"timeAggregation": "rate",
+								"spaceAggregation": "sum"
+							}]
+						}}}
+					}]
+				}
+			}
+		}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, PanelPluginKind("signoz/BarChartPanel"), out.Data.Panels["p2"].Spec.Plugin.Kind)
+		assert.Equal(t, PanelPluginKind("signoz/TimeSeriesPanel"), out.Data.Panels["p1"].Spec.Plugin.Kind, "p1 untouched")
+	})
+
+	// Removing a panel realistically also drops its layout item — exercise
+	// the multi-op shape the UI sends.
+	t.Run("remove panel and its layout item", func(t *testing.T) {
+		out, err := decode(t, `[
+			{"op": "remove", "path": "/data/panels/p2"},
+			{"op": "remove", "path": "/data/layouts/0/spec/items/1"}
+		]`).Apply(base)
+		require.NoError(t, err)
+		assert.Len(t, out.Data.Panels, 1)
+		assert.Contains(t, out.Data.Panels, "p1")
+		assert.NotContains(t, out.Data.Panels, "p2")
+		raw := jsonOf(t, out)
+		assert.NotContains(t, raw, `"$ref":"#/spec/panels/p2"`)
+		assert.Contains(t, raw, `"$ref":"#/spec/panels/p1"`)
+	})
+
+	// The headline use case: edit a single field of a single query inside
+	// one panel without re-sending any other part of the dashboard.
+	t.Run("rename single query inside panel", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "replace",
+			"path": "/data/panels/p1/spec/queries/0/spec/plugin/spec/name",
+			"value": "renamed"
+		}]`).Apply(base)
+		require.NoError(t, err)
+
+		require.Len(t, out.Data.Panels["p1"].Spec.Queries, 1)
+		assert.Contains(t, jsonOf(t, out), `"name":"renamed"`)
+	})
+
+	// Replace a query at a specific index — swaps query "A" out for "B"
+	// without re-sending the rest of the panel.
+	t.Run("replace query at index", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "replace",
+			"path": "/data/panels/p1/spec/queries/0",
+			"value": {
+				"kind": "TimeSeriesQuery",
+				"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+					"name": "B",
+					"signal": "metrics",
+					"aggregations": [{
+						"metricName": "signoz_db_calls_total",
+						"temporality": "cumulative",
+						"timeAggregation": "rate",
+						"spaceAggregation": "sum"
+					}]
+				}}}
+			}
+		}]`).Apply(base)
+		require.NoError(t, err)
+		require.Len(t, out.Data.Panels["p1"].Spec.Queries, 1)
+		raw := jsonOf(t, out)
+		assert.Contains(t, raw, `"name":"B"`)
+		assert.NotContains(t, raw, `"name":"A"`)
+	})
+
+	// ─────────────────────────────────────────────────────────────────
+	// Layout edits
+	// ─────────────────────────────────────────────────────────────────
+
+	t.Run("move panel by editing layout x coordinate", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/data/layouts/0/spec/items/0/x", "value": 6}]`).Apply(base)
+		require.NoError(t, err)
+		raw := jsonOf(t, out)
+		// The first item used to live at x=0, now lives at x=6.
+		assert.Contains(t, raw, `"x":6,"y":0,"width":6,"height":6,"content":{"$ref":"#/spec/panels/p1"}`)
+	})
+
+	t.Run("resize panel by editing layout width", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/data/layouts/0/spec/items/0/width", "value": 12}]`).Apply(base)
+		require.NoError(t, err)
+		raw := jsonOf(t, out)
+		assert.Contains(t, raw, `"width":12`)
+	})
+
+	t.Run("rename layout row title", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/data/layouts/0/spec/display/title", "value": "Latency"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Contains(t, jsonOf(t, out), `"title":"Latency"`)
+	})
+
+	t.Run("append layout item", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "add",
+			"path": "/data/layouts/0/spec/items/-",
+			"value": {"x": 0, "y": 6, "width": 12, "height": 6, "content": {"$ref": "#/spec/panels/p1"}}
+		}]`).Apply(base)
+		require.NoError(t, err)
+		// Item count went 2 → 3.
+		raw := jsonOf(t, out)
+		assert.Equal(t, 3, strings.Count(raw, `"$ref":"#/spec/panels/`))
+	})
+
+	// Composing add-panel + add-layout-item is the realistic shape of the
+	// "add a new chart to my dashboard" UI flow — exercise it end-to-end.
+	t.Run("add panel and corresponding layout item", func(t *testing.T) {
+		out, err := decode(t, `[
+			{
+				"op": "add",
+				"path": "/data/panels/p3",
+				"value": {
+					"kind": "Panel",
+					"spec": {
+						"plugin": {"kind": "signoz/TablePanel", "spec": {}},
+						"queries": [{
+							"kind": "TimeSeriesQuery",
+							"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+								"name": "A",
+								"signal": "logs",
+								"aggregations": [{"expression": "count()"}]
+							}}}
+						}]
+					}
+				}
+			},
+			{
+				"op": "add",
+				"path": "/data/layouts/0/spec/items/-",
+				"value": {"x": 0, "y": 6, "width": 12, "height": 6, "content": {"$ref": "#/spec/panels/p3"}}
+			}
+		]`).Apply(base)
+		require.NoError(t, err)
+		assert.Len(t, out.Data.Panels, 3)
+		raw := jsonOf(t, out)
+		assert.Contains(t, raw, `"$ref":"#/spec/panels/p3"`)
+	})
+
+	t.Run("append tag", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "add", "path": "/tags/-", "value": {"name": "env/staging"}}]`).Apply(base)
+		require.NoError(t, err)
+		require.Len(t, out.Tags, 3)
+		assert.Equal(t, "env/staging", out.Tags[2].Name)
+	})
+
+	t.Run("append tag when none exist", func(t *testing.T) {
+		noTagsBase := &DashboardV2{
+			Info: DashboardInfo{
+				StoredDashboardInfo: base.Info.StoredDashboardInfo,
+				Tags:                nil,
+			},
+		}
+		out, err := decode(t, `[{"op": "add", "path": "/tags/-", "value": {"name": "team/new"}}]`).Apply(noTagsBase)
+		require.NoError(t, err)
+		require.Len(t, out.Tags, 1)
+		assert.Equal(t, "team/new", out.Tags[0].Name)
+	})
+
+	t.Run("replace tag name", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/tags/0/name", "value": "team/beta"}]`).Apply(base)
+		require.NoError(t, err)
+		require.Len(t, out.Tags, 2)
+		assert.Equal(t, "team/beta", out.Tags[0].Name)
+		assert.Equal(t, "env/prod", out.Tags[1].Name, "tag at index 1 untouched")
+		for _, tag := range out.Tags {
+			assert.NotEqual(t, "team/alpha", tag.Name, "old tag name must be gone")
+		}
+	})
+
+	t.Run("multiple ops applied in order", func(t *testing.T) {
+		out, err := decode(t, `[
+			{"op": "replace", "path": "/data/display/name", "value": "Multi-step"},
+			{"op": "remove",  "path": "/data/panels/p2"},
+			{"op": "add",     "path": "/tags/-", "value": {"name": "env/staging"}}
+		]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "Multi-step", out.Data.Display.Name)
+		assert.Len(t, out.Data.Panels, 1)
+		assert.Len(t, out.Tags, 3)
+	})
+
+	// `test` is an RFC 6902 precondition op: aborts the patch if the value
+	// at the path doesn't equal the supplied value. Used for optimistic
+	// concurrency. Here it matches, so the subsequent ops apply.
+	t.Run("test op passes", func(t *testing.T) {
+		out, err := decode(t, `[
+			{"op": "test",    "path": "/data/display/name", "value": "Service overview"},
+			{"op": "replace", "path": "/data/display/name", "value": "Confirmed"}
+		]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "Confirmed", out.Data.Display.Name)
+	})
+
+	// ─────────────────────────────────────────────────────────────────
+	// Failure cases
+	// ─────────────────────────────────────────────────────────────────
+
+	t.Run("decode rejects non-array body", func(t *testing.T) {
+		var patch PatchableDashboardV2
+		err := json.Unmarshal([]byte(`{"op": "replace"}`), &patch)
+		require.Error(t, err)
+	})
+
+	t.Run("decode rejects malformed JSON", func(t *testing.T) {
+		var patch PatchableDashboardV2
+		// Outer json.Unmarshal rejects non-JSON before PatchableDashboardV2's
+		// UnmarshalJSON runs, so the error is a stdlib SyntaxError rather
+		// than the InvalidInput-classified wrap.
+		err := json.Unmarshal([]byte(`not json`), &patch)
+		require.Error(t, err)
+	})
+
+	// `test` precondition fails — the whole patch is rejected, including
+	// the subsequent replace.
+	t.Run("test op failure rejected", func(t *testing.T) {
+		_, err := decode(t, `[
+			{"op": "test", "path": "/data/display/name", "value": "Wrong"},
+			{"op": "replace", "path": "/data/display/name", "value": "Should not apply"}
+		]`).Apply(base)
+		require.Error(t, err)
+	})
+
+	t.Run("remove at missing path rejected", func(t *testing.T) {
+		_, err := decode(t, `[{"op": "remove", "path": "/data/panels/does-not-exist"}]`).Apply(base)
+		require.Error(t, err)
+	})
+
+	t.Run("remove schemaVersion rejected", func(t *testing.T) {
+		_, err := decode(t, `[{"op": "remove", "path": "/metadata/schemaVersion"}]`).Apply(base)
+		require.Error(t, err)
+	})
+
+	t.Run("wrong schemaVersion rejected", func(t *testing.T) {
+		_, err := decode(t, `[{"op": "replace", "path": "/metadata/schemaVersion", "value": "v5"}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), SchemaVersion)
+	})
+
+	t.Run("empty display name rejected", func(t *testing.T) {
+		_, err := decode(t, `[{"op": "replace", "path": "/data/display/name", "value": ""}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "data.display.name is required")
+	})
+
+	t.Run("unknown top-level field rejected", func(t *testing.T) {
+		_, err := decode(t, `[{"op": "add", "path": "/bogus", "value": 42}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "bogus")
+	})
+
+	t.Run("invalid panel kind rejected", func(t *testing.T) {
+		_, err := decode(t, `[{
+			"op": "replace",
+			"path": "/data/panels/p1",
+			"value": {
+				"kind": "Panel",
+				"spec": {"plugin": {"kind": "signoz/NotAPanel", "spec": {}}}
+			}
+		}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "NotAPanel")
+	})
+
+	t.Run("query kind incompatible with panel rejected", func(t *testing.T) {
+		// PromQLQuery is not allowed on ListPanel — verify the cross-check
+		// in Validate still runs after a patch.
+		_, err := decode(t, `[{
+			"op": "replace",
+			"path": "/data/panels/p2",
+			"value": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/ListPanel", "spec": {}},
+					"queries": [{"kind": "TimeSeriesQuery", "spec": {"plugin": {"kind": "signoz/PromQLQuery", "spec": {"name": "A", "query": "up"}}}}]
+				}
+			}
+		}]`).Apply(base)
+		require.Error(t, err)
+	})
+
+	t.Run("removing only query rejected", func(t *testing.T) {
+		// p2 has exactly one query in the base; removing it would strand
+		// the panel queryless, which Validate now rejects.
+		_, err := decode(t, `[{"op": "remove", "path": "/data/panels/p2/spec/queries/0"}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "at least one query")
+	})
+
+	t.Run("too many tags rejected", func(t *testing.T) {
+		_, err := decode(t, `[
+			{"op": "add", "path": "/tags/-", "value": {"name": "t1"}},
+			{"op": "add", "path": "/tags/-", "value": {"name": "t2"}},
+			{"op": "add", "path": "/tags/-", "value": {"name": "t3"}},
+			{"op": "add", "path": "/tags/-", "value": {"name": "t4"}}
+		]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "at most")
+	})
+}

pkg/types/dashboardtypes/perses_dashboard_test.go

@@ -7,33 +7,75 @@ import (
 	"testing"
 	"time"
 
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
+func unmarshalDashboard(data []byte) (*DashboardData, error) {
+	var d DashboardData
+	if err := json.Unmarshal(data, &d); err != nil {
+		return nil, err
+	}
+	return &d, nil
+}
+
 func TestValidateBigExample(t *testing.T) {
 	data, err := os.ReadFile("testdata/perses.json")
 	require.NoError(t, err, "reading example file")
-	_, err = UnmarshalAndValidateDashboardV2JSON(data)
+	_, err = unmarshalDashboard(data)
 	require.NoError(t, err, "expected valid dashboard")
 }
 
 func TestValidateDashboardWithSections(t *testing.T) {
 	data, err := os.ReadFile("testdata/perses_with_sections.json")
 	require.NoError(t, err, "reading example file")
-	_, err = UnmarshalAndValidateDashboardV2JSON(data)
+	_, err = unmarshalDashboard(data)
 	require.NoError(t, err, "expected valid dashboard")
 }
 
 func TestInvalidateNotAJSON(t *testing.T) {
-	_, err := UnmarshalAndValidateDashboardV2JSON([]byte("not json"))
+	_, err := unmarshalDashboard([]byte("not json"))
 	require.Error(t, err, "expected error for invalid JSON")
 }
 
+// TestUnmarshalErrorPreservesNestedMessage guards the wrap on dec.Decode in
+// DashboardData.UnmarshalJSON. The wrap stamps a consistent type/code on
+// decode failures, but must not smother the rich messages produced by nested
+// UnmarshalJSON methods (panel/query/variable/datasource plugin envelopes).
+func TestUnmarshalErrorPreservesNestedMessage(t *testing.T) {
+	data := []byte(`{
+		"panels": {
+			"p1": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "NonExistentPanel", "spec": {}}
+				}
+			}
+		},
+		"layouts": []
+	}`)
+
+	_, err := unmarshalDashboard(data)
+	require.Error(t, err)
+
+	require.Contains(t, err.Error(), "unknown panel plugin kind",
+		"outer wrap should not smother the inner UnmarshalJSON message")
+	require.Contains(t, err.Error(), `"NonExistentPanel"`,
+		"the offending value should still appear in the error")
+	require.Contains(t, err.Error(), "allowed values:",
+		"the allowed-values hint should still appear in the error")
+
+	assert.True(t, errors.Ast(err, errors.TypeInvalidInput),
+		"outer wrap should classify the error as TypeInvalidInput")
+	assert.True(t, errors.Asc(err, ErrCodeDashboardInvalidInput),
+		"outer wrap should stamp ErrCodeDashboardInvalidInput")
+}
+
 func TestValidateEmptySpec(t *testing.T) {
 	// no variables no panels
 	data := []byte(`{}`)
-	_, err := UnmarshalAndValidateDashboardV2JSON(data)
+	_, err := unmarshalDashboard(data)
 	require.NoError(t, err, "expected valid")
 }
 
@@ -59,17 +101,13 @@ func TestValidateOnlyVariables(t *testing.T) {
 				"kind": "TextVariable",
 				"spec": {
 					"name": "mytext",
-					"value": "default",
-					"plugin": {
-						"kind": "signoz/TextboxVariable",
-						"spec": {}
-					}
+					"value": "default"
 				}
 			}
 		],
 		"layouts": []
 	}`)
-	_, err := UnmarshalAndValidateDashboardV2JSON(data)
+	_, err := unmarshalDashboard(data)
 	require.NoError(t, err, "expected valid")
 }
 
@@ -148,7 +186,7 @@ func TestInvalidateUnknownPluginKind(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			_, err := UnmarshalAndValidateDashboardV2JSON([]byte(tt.data))
+			_, err := unmarshalDashboard([]byte(tt.data))
 			require.Error(t, err, "expected error containing %q, got nil", tt.wantContain)
 			require.Contains(t, err.Error(), tt.wantContain, "error should mention %q", tt.wantContain)
 		})
@@ -169,7 +207,7 @@ func TestInvalidateOneInvalidPanel(t *testing.T) {
 		},
 		"layouts": []
 	}`)
-	_, err := UnmarshalAndValidateDashboardV2JSON(data)
+	_, err := unmarshalDashboard(data)
 	require.Error(t, err, "expected error for invalid panel plugin kind")
 	require.Contains(t, err.Error(), "FakePanel", "error should mention FakePanel")
 }
@@ -245,7 +283,7 @@ func TestRejectUnknownFieldsInPluginSpec(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			_, err := UnmarshalAndValidateDashboardV2JSON([]byte(tt.data))
+			_, err := unmarshalDashboard([]byte(tt.data))
 			require.Error(t, err, "expected error for unknown field")
 			require.Contains(t, err.Error(), tt.wantContain, "error should mention %q", tt.wantContain)
 		})
@@ -323,7 +361,7 @@ func TestInvalidateWrongFieldTypeInPluginSpec(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			_, err := UnmarshalAndValidateDashboardV2JSON([]byte(tt.data))
+			_, err := unmarshalDashboard([]byte(tt.data))
 			require.Error(t, err, "expected validation error")
 			if tt.wantContain != "" {
 				require.Contains(t, err.Error(), tt.wantContain, "error should mention %q", tt.wantContain)
@@ -531,13 +569,46 @@ func TestInvalidateBadPanelSpecValues(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			_, err := UnmarshalAndValidateDashboardV2JSON([]byte(tt.data))
+			_, err := unmarshalDashboard([]byte(tt.data))
 			require.Error(t, err, "expected error containing %q, got nil", tt.wantContain)
 			require.Contains(t, err.Error(), tt.wantContain, "error should mention %q", tt.wantContain)
 		})
 	}
 }
 
+func TestInvalidatePanelWithoutQueries(t *testing.T) {
+	data := []byte(`{
+		"panels": {
+			"p1": {
+				"kind": "Panel",
+				"spec": {"plugin": {"kind": "signoz/TimeSeriesPanel", "spec": {}}}
+			}
+		},
+		"layouts": []
+	}`)
+	_, err := unmarshalDashboard(data)
+	require.Error(t, err, "expected panel-without-queries to be rejected")
+	require.Contains(t, err.Error(), "at least one query")
+}
+
+func TestInvalidatePanelWithEmptyQueriesArray(t *testing.T) {
+	data := []byte(`{
+		"panels": {
+			"p1": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/TimeSeriesPanel", "spec": {}},
+					"queries": []
+				}
+			}
+		},
+		"layouts": []
+	}`)
+	_, err := unmarshalDashboard(data)
+	require.Error(t, err, "expected panel with explicit empty queries array to be rejected")
+	require.Contains(t, err.Error(), "at least one query")
+}
+
 func TestValidateRequiredFields(t *testing.T) {
 	wrapVariable := func(pluginKind, pluginSpec string) string {
 		return `{
@@ -626,7 +697,7 @@ func TestValidateRequiredFields(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			_, err := UnmarshalAndValidateDashboardV2JSON([]byte(tt.data))
+			_, err := unmarshalDashboard([]byte(tt.data))
 			require.Error(t, err, "expected error containing %q, got nil", tt.wantContain)
 			require.Contains(t, err.Error(), tt.wantContain, "error should mention %q", tt.wantContain)
 		})
@@ -642,13 +713,14 @@ func TestTimeSeriesPanelDefaults(t *testing.T) {
 					"plugin": {
 						"kind": "signoz/TimeSeriesPanel",
 						"spec": {}
-					}
+					},
+					"queries": [{"kind": "TimeSeriesQuery", "spec": {"plugin": {"kind": "signoz/PromQLQuery", "spec": {"name": "A", "query": "up"}}}}]
 				}
 			}
 		},
 		"layouts": []
 	}`)
-	d, err := UnmarshalAndValidateDashboardV2JSON(data)
+	d, err := unmarshalDashboard(data)
 	require.NoError(t, err, "unmarshal and validate failed")
 
 	// After validation+normalization, the plugin spec should be a typed struct.
@@ -689,13 +761,14 @@ func TestNumberPanelDefaults(t *testing.T) {
 					"plugin": {
 						"kind": "signoz/NumberPanel",
 						"spec": {"thresholds": [{"value": 100, "color": "Red"}]}
-					}
+					},
+					"queries": [{"kind": "TimeSeriesQuery", "spec": {"plugin": {"kind": "signoz/PromQLQuery", "spec": {"name": "A", "query": "up"}}}}]
 				}
 			}
 		},
 		"layouts": []
 	}`)
-	d, err := UnmarshalAndValidateDashboardV2JSON(data)
+	d, err := unmarshalDashboard(data)
 	require.NoError(t, err, "unmarshal and validate failed")
 
 	require.IsType(t, &NumberPanelSpec{}, d.Panels["p1"].Spec.Plugin.Spec)
@@ -716,6 +789,30 @@ func TestNumberPanelDefaults(t *testing.T) {
 		"expected stored/response JSON to contain operator:>, got: %s", outputStr)
 }
 
+// TestPersesFixtureStorageRoundTrip exercises the typed → map[string]any →
+// typed cycle that the create/get path performs against the kitchen-sink
+// fixture. Catches plugin specs whose UnmarshalJSON expects a different shape
+// than the default MarshalJSON emits.
+func TestPersesFixtureStorageRoundTrip(t *testing.T) {
+	raw, err := os.ReadFile("testdata/perses.json")
+	require.NoError(t, err)
+
+	var data DashboardData
+	require.NoError(t, json.Unmarshal(raw, &data), "initial unmarshal")
+
+	marshaled, err := json.Marshal(data)
+	require.NoError(t, err, "marshal typed → JSON")
+
+	var asMap map[string]any
+	require.NoError(t, json.Unmarshal(marshaled, &asMap), "JSON → map (storage shape)")
+
+	remarshaled, err := json.Marshal(asMap)
+	require.NoError(t, err, "map → JSON (read-back shape)")
+
+	var roundtripped DashboardData
+	require.NoError(t, json.Unmarshal(remarshaled, &roundtripped), "JSON → typed (the failure mode)")
+}
+
 // TestStorageRoundTrip simulates the future DB store/load cycle:
 // marshal the normalized dashboard to JSON (what would be written to DB),
 // then unmarshal it back (what would be read from DB), and verify defaults survive.
@@ -728,7 +825,8 @@ func TestStorageRoundTrip(t *testing.T) {
 					"plugin": {
 						"kind": "signoz/TimeSeriesPanel",
 						"spec": {}
-					}
+					},
+					"queries": [{"kind": "TimeSeriesQuery", "spec": {"plugin": {"kind": "signoz/PromQLQuery", "spec": {"name": "A", "query": "up"}}}}]
 				}
 			},
 			"p2": {
@@ -737,7 +835,8 @@ func TestStorageRoundTrip(t *testing.T) {
 					"plugin": {
 						"kind": "signoz/NumberPanel",
 						"spec": {"thresholds": [{"value": 100, "color": "Red"}]}
-					}
+					},
+					"queries": [{"kind": "TimeSeriesQuery", "spec": {"plugin": {"kind": "signoz/PromQLQuery", "spec": {"name": "A", "query": "up"}}}}]
 				}
 			}
 		},
@@ -745,7 +844,7 @@ func TestStorageRoundTrip(t *testing.T) {
 	}`)
 
 	// Step 1: Unmarshal + validate + normalize (what the API handler does).
-	d, err := UnmarshalAndValidateDashboardV2JSON(input)
+	d, err := unmarshalDashboard(input)
 	require.NoError(t, err, "unmarshal and validate failed")
 
 	// Step 1.5: Verify struct fields have correct defaults (extra validation before storing).
@@ -765,7 +864,7 @@ func TestStorageRoundTrip(t *testing.T) {
 	require.NoError(t, err, "marshal for storage failed")
 
 	// Step 3: Unmarshal from JSON (simulates reading from DB).
-	loaded, err := UnmarshalAndValidateDashboardV2JSON(stored)
+	loaded, err := unmarshalDashboard(stored)
 	require.NoError(t, err, "unmarshal from storage failed")
 
 	// Step 3.5: Verify struct fields have correct defaults after loading (before returning in API).
@@ -878,7 +977,7 @@ func TestPanelTypeQueryTypeCompatibility(t *testing.T) {
 
 	for _, tc := range cases {
 		t.Run(tc.name, func(t *testing.T) {
-			_, err := UnmarshalAndValidateDashboardV2JSON(tc.data)
+			_, err := unmarshalDashboard(tc.data)
 			if tc.wantErr {
 				require.Error(t, err)
 			} else {

pkg/types/dashboardtypes/perses_drift_test.go

@@ -0,0 +1,170 @@
+package dashboardtypes
+
+// TestDashboardDataMatchesPerses asserts that DashboardData
+// and every nested SigNoz-owned type cover the JSON field set of their Perses
+// counterpart.
+
+import (
+	"reflect"
+	"sort"
+	"strings"
+	"testing"
+
+	v1 "github.com/perses/perses/pkg/model/api/v1"
+	"github.com/perses/perses/pkg/model/api/v1/dashboard"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDashboardDataMatchesPerses(t *testing.T) {
+	cases := []struct {
+		name   string
+		ours   reflect.Type
+		perses reflect.Type
+	}{
+		{"DashboardSpec", typeOf[DashboardData](), typeOf[v1.DashboardSpec]()},
+		{"Panel", typeOf[Panel](), typeOf[v1.Panel]()},
+		{"PanelSpec", typeOf[PanelSpec](), typeOf[v1.PanelSpec]()},
+		{"Query", typeOf[Query](), typeOf[v1.Query]()},
+		{"QuerySpec", typeOf[QuerySpec](), typeOf[v1.QuerySpec]()},
+		{"DatasourceSpec", typeOf[DatasourceSpec](), typeOf[v1.DatasourceSpec]()},
+		{"Variable", typeOf[Variable](), typeOf[dashboard.Variable]()},
+		{"ListVariableSpec", typeOf[ListVariableSpec](), typeOf[dashboard.ListVariableSpec]()},
+		{"Layout", typeOf[Layout](), typeOf[dashboard.Layout]()},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			missing, extra := drift(c.ours, c.perses)
+
+			assert.Empty(t, missing,
+				"DashboardData (%s) is missing json fields present on Perses %s — upstream likely added or renamed a field",
+				c.ours.Name(), c.perses.Name())
+			assert.Empty(t, extra,
+				"DashboardData (%s) has json fields absent on Perses %s — upstream likely removed a field or we added one without the counterpart",
+				c.ours.Name(), c.perses.Name())
+		})
+	}
+}
+
+func TestDriftDetectionMechanics(t *testing.T) {
+	t.Run("upstream added a field", func(t *testing.T) {
+		type ours struct {
+			Name string `json:"name"`
+		}
+		type perses struct {
+			Name        string `json:"name"`
+			Description string `json:"description"`
+		}
+		missing, extra := drift(typeOf[ours](), typeOf[perses]())
+		assert.Equal(t, []string{"description"}, missing, "missing fires: upstream has a field we don't")
+		assert.Empty(t, extra)
+	})
+
+	t.Run("upstream removed a field", func(t *testing.T) {
+		type ours struct {
+			Name        string `json:"name"`
+			Description string `json:"description"`
+		}
+		type perses struct {
+			Name string `json:"name"`
+		}
+		missing, extra := drift(typeOf[ours](), typeOf[perses]())
+		assert.Empty(t, missing)
+		assert.Equal(t, []string{"description"}, extra, "extra fires: we kept a field upstream removed")
+	})
+
+	t.Run("upstream renamed a field", func(t *testing.T) {
+		type ours struct {
+			Name string `json:"name"`
+		}
+		type perses struct {
+			Name string `json:"title"`
+		}
+		missing, extra := drift(typeOf[ours](), typeOf[perses]())
+		assert.Equal(t, []string{"title"}, missing, "missing fires for the new name")
+		assert.Equal(t, []string{"name"}, extra, "extra fires for the old name — both fire on a rename")
+	})
+
+	t.Run("we added a field upstream does not have", func(t *testing.T) {
+		type ours struct {
+			Name     string `json:"name"`
+			Internal string `json:"internal"`
+		}
+		type perses struct {
+			Name string `json:"name"`
+		}
+		missing, extra := drift(typeOf[ours](), typeOf[perses]())
+		assert.Empty(t, missing)
+		assert.Equal(t, []string{"internal"}, extra, "extra fires: we added a field with no upstream counterpart")
+	})
+
+	t.Run("embedded struct flattens — drift inside the embed is caught", func(t *testing.T) {
+		type embedded struct {
+			Display string `json:"display"`
+			NewBit  string `json:"newBit"` // upstream added this inside the embed
+		}
+		type ours struct {
+			Display string `json:"display"`
+			Name    string `json:"name"`
+		}
+		type perses struct {
+			embedded `json:",inline"`
+			Name     string `json:"name"`
+		}
+		missing, extra := drift(typeOf[ours](), typeOf[perses]())
+		assert.Equal(t, []string{"newBit"}, missing, "field added inside an inlined embed surfaces at the parent level")
+		assert.Empty(t, extra)
+	})
+}
+
+func drift(ours, perses reflect.Type) (missing, extra []string) {
+	o, p := jsonFields(ours), jsonFields(perses)
+	return sortedDiff(p, o), sortedDiff(o, p)
+}
+
+// jsonFields returns the set of json tag names for a struct, flattening
+// anonymous embedded fields (matching encoding/json behavior).
+func jsonFields(t reflect.Type) map[string]struct{} {
+	out := map[string]struct{}{}
+	if t.Kind() != reflect.Struct {
+		return out
+	}
+	for i := 0; i < t.NumField(); i++ {
+		f := t.Field(i)
+		// Skip unexported fields (e.g., dashboard.ListVariableSpec has an
+		// unexported `variableSpec` interface tag).
+		if !f.IsExported() && !f.Anonymous {
+			continue
+		}
+		tag := f.Tag.Get("json")
+		name := strings.Split(tag, ",")[0]
+		// Anonymous embed with empty json name (no tag, or `json:",inline"` /
+		// `json:",omitempty"`-style options-only tag) is flattened by encoding/json.
+		if f.Anonymous && name == "" {
+			for k := range jsonFields(f.Type) {
+				out[k] = struct{}{}
+			}
+			continue
+		}
+		if tag == "-" || name == "" {
+			continue
+		}
+		out[name] = struct{}{}
+	}
+	return out
+}
+
+// sortedDiff returns keys in a but not in b, sorted.
+func sortedDiff(a, b map[string]struct{}) []string {
+	var diff []string
+	for k := range a {
+		if _, ok := b[k]; !ok {
+			diff = append(diff, k)
+		}
+	}
+	sort.Strings(diff)
+	return diff
+}
+
+func typeOf[T any]() reflect.Type { return reflect.TypeOf((*T)(nil)).Elem() }

pkg/types/dashboardtypes/perses_plugin_wrappers.go

@@ -0,0 +1,312 @@
+package dashboardtypes
+
+import (
+	"bytes"
+	"encoding/json"
+	"maps"
+	"slices"
+	"strings"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+
+	"github.com/go-playground/validator/v10"
+	"github.com/swaggest/jsonschema-go"
+)
+
+// ══════════════════════════════════════════════
+// Panel plugin
+// ══════════════════════════════════════════════
+
+type PanelPlugin struct {
+	Kind PanelPluginKind `json:"kind"`
+	Spec any             `json:"spec"`
+}
+
+// PrepareJSONSchema drops the reflected struct shape (type: object, properties)
+// from the envelope so that only the JSONSchemaOneOf result binds.
+func (PanelPlugin) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return clearOneOfParentShape(s)
+}
+
+func (p *PanelPlugin) UnmarshalJSON(data []byte) error {
+	kind, specJSON, err := extractKindAndSpec(data)
+	if err != nil {
+		return err
+	}
+	factory, ok := panelPluginSpecs[PanelPluginKind(kind)]
+	if !ok {
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "unknown panel plugin kind %q; allowed values: %s", kind, allowedValuesForKind(slices.Sorted(maps.Keys(panelPluginSpecs))))
+	}
+	spec, err := decodeSpec(specJSON, factory(), kind)
+	if err != nil {
+		return err
+	}
+	p.Kind = PanelPluginKind(kind)
+	p.Spec = spec
+	return nil
+}
+
+func (PanelPlugin) JSONSchemaOneOf() []any {
+	return []any{
+		PanelPluginVariant[TimeSeriesPanelSpec]{Kind: string(PanelKindTimeSeries)},
+		PanelPluginVariant[BarChartPanelSpec]{Kind: string(PanelKindBarChart)},
+		PanelPluginVariant[NumberPanelSpec]{Kind: string(PanelKindNumber)},
+		PanelPluginVariant[PieChartPanelSpec]{Kind: string(PanelKindPieChart)},
+		PanelPluginVariant[TablePanelSpec]{Kind: string(PanelKindTable)},
+		PanelPluginVariant[HistogramPanelSpec]{Kind: string(PanelKindHistogram)},
+		PanelPluginVariant[ListPanelSpec]{Kind: string(PanelKindList)},
+	}
+}
+
+type PanelPluginVariant[S any] struct {
+	Kind string `json:"kind" required:"true"`
+	Spec S      `json:"spec" required:"true"`
+}
+
+func (v PanelPluginVariant[S]) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return restrictKindToOneValue(s, v.Kind)
+}
+
+// ══════════════════════════════════════════════
+// Query plugin
+// ══════════════════════════════════════════════
+
+type QueryPlugin struct {
+	Kind QueryPluginKind `json:"kind"`
+	Spec any             `json:"spec"`
+}
+
+func (QueryPlugin) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return clearOneOfParentShape(s)
+}
+
+func (p *QueryPlugin) UnmarshalJSON(data []byte) error {
+	kind, specJSON, err := extractKindAndSpec(data)
+	if err != nil {
+		return err
+	}
+	factory, ok := queryPluginSpecs[QueryPluginKind(kind)]
+	if !ok {
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "unknown query plugin kind %q; allowed values: %s", kind, allowedValuesForKind(slices.Sorted(maps.Keys(queryPluginSpecs))))
+	}
+	spec, err := decodeSpec(specJSON, factory(), kind)
+	if err != nil {
+		return err
+	}
+	p.Kind = QueryPluginKind(kind)
+	p.Spec = spec
+	return nil
+}
+
+func (QueryPlugin) JSONSchemaOneOf() []any {
+	return []any{
+		QueryPluginVariant[BuilderQuerySpec]{Kind: string(QueryKindBuilder)},
+		QueryPluginVariant[CompositeQuerySpec]{Kind: string(QueryKindComposite)},
+		QueryPluginVariant[FormulaSpec]{Kind: string(QueryKindFormula)},
+		QueryPluginVariant[PromQLQuerySpec]{Kind: string(QueryKindPromQL)},
+		QueryPluginVariant[ClickHouseSQLQuerySpec]{Kind: string(QueryKindClickHouseSQL)},
+		QueryPluginVariant[TraceOperatorSpec]{Kind: string(QueryKindTraceOperator)},
+	}
+}
+
+type QueryPluginVariant[S any] struct {
+	Kind string `json:"kind" required:"true"`
+	Spec S      `json:"spec" required:"true"`
+}
+
+func (v QueryPluginVariant[S]) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return restrictKindToOneValue(s, v.Kind)
+}
+
+// ══════════════════════════════════════════════
+// Variable plugin
+// ══════════════════════════════════════════════
+
+type VariablePlugin struct {
+	Kind VariablePluginKind `json:"kind"`
+	Spec any                `json:"spec"`
+}
+
+func (VariablePlugin) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return clearOneOfParentShape(s)
+}
+
+func (p *VariablePlugin) UnmarshalJSON(data []byte) error {
+	kind, specJSON, err := extractKindAndSpec(data)
+	if err != nil {
+		return err
+	}
+	factory, ok := variablePluginSpecs[VariablePluginKind(kind)]
+	if !ok {
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "unknown variable plugin kind %q; allowed values: %s", kind, allowedValuesForKind(slices.Sorted(maps.Keys(variablePluginSpecs))))
+	}
+	spec, err := decodeSpec(specJSON, factory(), kind)
+	if err != nil {
+		return err
+	}
+	p.Kind = VariablePluginKind(kind)
+	p.Spec = spec
+	return nil
+}
+
+func (VariablePlugin) JSONSchemaOneOf() []any {
+	return []any{
+		VariablePluginVariant[DynamicVariableSpec]{Kind: string(VariableKindDynamic)},
+		VariablePluginVariant[QueryVariableSpec]{Kind: string(VariableKindQuery)},
+		VariablePluginVariant[CustomVariableSpec]{Kind: string(VariableKindCustom)},
+	}
+}
+
+type VariablePluginVariant[S any] struct {
+	Kind string `json:"kind" required:"true"`
+	Spec S      `json:"spec" required:"true"`
+}
+
+func (v VariablePluginVariant[S]) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return restrictKindToOneValue(s, v.Kind)
+}
+
+// ══════════════════════════════════════════════
+// Datasource plugin
+// ══════════════════════════════════════════════
+
+type DatasourcePlugin struct {
+	Kind DatasourcePluginKind `json:"kind"`
+	Spec any                  `json:"spec"`
+}
+
+func (DatasourcePlugin) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return clearOneOfParentShape(s)
+}
+
+func (p *DatasourcePlugin) UnmarshalJSON(data []byte) error {
+	kind, specJSON, err := extractKindAndSpec(data)
+	if err != nil {
+		return err
+	}
+	factory, ok := datasourcePluginSpecs[DatasourcePluginKind(kind)]
+	if !ok {
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "unknown datasource plugin kind %q; allowed values: %s", kind, allowedValuesForKind(slices.Sorted(maps.Keys(datasourcePluginSpecs))))
+	}
+	spec, err := decodeSpec(specJSON, factory(), kind)
+	if err != nil {
+		return err
+	}
+	p.Kind = DatasourcePluginKind(kind)
+	p.Spec = spec
+	return nil
+}
+
+func (DatasourcePlugin) JSONSchemaOneOf() []any {
+	return []any{
+		DatasourcePluginVariant[struct{}]{Kind: string(DatasourceKindSigNoz)},
+	}
+}
+
+type DatasourcePluginVariant[S any] struct {
+	Kind string `json:"kind" required:"true"`
+	Spec S      `json:"spec" required:"true"`
+}
+
+func (v DatasourcePluginVariant[S]) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return restrictKindToOneValue(s, v.Kind)
+}
+
+// ══════════════════════════════════════════════
+// Helpers
+// ══════════════════════════════════════════════
+
+var (
+	panelPluginSpecs = map[PanelPluginKind]func() any{
+		PanelKindTimeSeries: func() any { return new(TimeSeriesPanelSpec) },
+		PanelKindBarChart:   func() any { return new(BarChartPanelSpec) },
+		PanelKindNumber:     func() any { return new(NumberPanelSpec) },
+		PanelKindPieChart:   func() any { return new(PieChartPanelSpec) },
+		PanelKindTable:      func() any { return new(TablePanelSpec) },
+		PanelKindHistogram:  func() any { return new(HistogramPanelSpec) },
+		PanelKindList:       func() any { return new(ListPanelSpec) },
+	}
+	queryPluginSpecs = map[QueryPluginKind]func() any{
+		QueryKindBuilder:       func() any { return new(BuilderQuerySpec) },
+		QueryKindComposite:     func() any { return new(CompositeQuerySpec) },
+		QueryKindFormula:       func() any { return new(FormulaSpec) },
+		QueryKindPromQL:        func() any { return new(PromQLQuerySpec) },
+		QueryKindClickHouseSQL: func() any { return new(ClickHouseSQLQuerySpec) },
+		QueryKindTraceOperator: func() any { return new(TraceOperatorSpec) },
+	}
+	variablePluginSpecs = map[VariablePluginKind]func() any{
+		VariableKindDynamic: func() any { return new(DynamicVariableSpec) },
+		VariableKindQuery:   func() any { return new(QueryVariableSpec) },
+		VariableKindCustom:  func() any { return new(CustomVariableSpec) },
+	}
+	datasourcePluginSpecs = map[DatasourcePluginKind]func() any{
+		DatasourceKindSigNoz: func() any { return new(struct{}) },
+	}
+
+	allowedQueryKinds = map[PanelPluginKind][]QueryPluginKind{
+		PanelKindTimeSeries: {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindPromQL, QueryKindClickHouseSQL},
+		PanelKindBarChart:   {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindPromQL, QueryKindClickHouseSQL},
+		PanelKindNumber:     {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindPromQL, QueryKindClickHouseSQL},
+		PanelKindHistogram:  {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindPromQL, QueryKindClickHouseSQL},
+		PanelKindPieChart:   {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindClickHouseSQL},
+		PanelKindTable:      {QueryKindBuilder, QueryKindComposite, QueryKindFormula, QueryKindTraceOperator, QueryKindClickHouseSQL},
+		PanelKindList:       {QueryKindBuilder},
+	}
+)
+
+func allowedValuesForKind[K ~string](kinds []K) string {
+	parts := make([]string, len(kinds))
+	for i, k := range kinds {
+		parts[i] = "`" + string(k) + "`"
+	}
+	return strings.Join(parts, ", ")
+}
+
+// extractKindAndSpec parses a {"kind": "...", "spec": {...}} envelope and returns
+// kind and the raw spec bytes for typed decoding.
+func extractKindAndSpec(data []byte) (string, []byte, error) {
+	var head struct {
+		Kind string          `json:"kind"`
+		Spec json.RawMessage `json:"spec"`
+	}
+	if err := json.Unmarshal(data, &head); err != nil {
+		return "", nil, errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "invalid plugin envelope")
+	}
+	return head.Kind, head.Spec, nil
+}
+
+// decodeSpec strict-decodes a spec JSON into target and runs struct-tag validation (go-playground/validator).
+func decodeSpec(specJSON []byte, target any, kind string) (any, error) {
+	if len(specJSON) == 0 {
+		return nil, errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "kind %q: spec is required", kind)
+	}
+	dec := json.NewDecoder(bytes.NewReader(specJSON))
+	dec.DisallowUnknownFields()
+	if err := dec.Decode(target); err != nil {
+		return nil, errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "kind %q: invalid spec JSON", kind)
+	}
+	if err := validator.New().Struct(target); err != nil {
+		return nil, errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "kind %q: spec failed validation", kind)
+	}
+	return target, nil
+}
+
+// clearOneOfParentShape drops Type and Properties on a schema that also has a JSONSchemaOneOf.
+func clearOneOfParentShape(s *jsonschema.Schema) error {
+	s.Type = nil
+	s.Properties = nil
+	return nil
+}
+
+// restrictKindToOneValue ensures that the schema only allows one Kind value for a type.
+// For eg. PanelPluginVariant[TimeSeriesPanelSpec]{Kind: string(PanelKindTimeSeries)} should
+// only allow "signoz/TimeSeriesPanel" in its kind field.
+func restrictKindToOneValue(schema *jsonschema.Schema, kind string) error {
+	kindProp, ok := schema.Properties["kind"]
+	if !ok || kindProp.TypeObject == nil {
+		return errors.NewInternalf(errors.CodeInternal, "variant schema missing `kind` property")
+	}
+	kindProp.TypeObject.WithEnum(kind)
+	schema.Properties["kind"] = kindProp
+	return nil
+}

pkg/types/dashboardtypes/perses_replicas.go

@@ -0,0 +1,182 @@
+package dashboardtypes
+
+import (
+	"maps"
+	"slices"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	v1 "github.com/perses/perses/pkg/model/api/v1"
+	"github.com/perses/perses/pkg/model/api/v1/common"
+	"github.com/perses/perses/pkg/model/api/v1/dashboard"
+	"github.com/perses/perses/pkg/model/api/v1/variable"
+	"github.com/swaggest/jsonschema-go"
+)
+
+// ══════════════════════════════════════════════
+// Datasource
+// ══════════════════════════════════════════════
+
+type DatasourceSpec struct {
+	Display *common.Display  `json:"display,omitempty"`
+	Default bool             `json:"default"`
+	Plugin  DatasourcePlugin `json:"plugin"`
+}
+
+// ══════════════════════════════════════════════
+// Panel
+// ══════════════════════════════════════════════
+
+type Panel struct {
+	Kind string    `json:"kind"`
+	Spec PanelSpec `json:"spec"`
+}
+
+type PanelSpec struct {
+	Display *v1.PanelDisplay `json:"display,omitempty"`
+	Plugin  PanelPlugin      `json:"plugin"`
+	Queries []Query          `json:"queries,omitempty"`
+	Links   []v1.Link        `json:"links,omitempty"`
+}
+
+// ══════════════════════════════════════════════
+// Query
+// ══════════════════════════════════════════════
+
+type Query struct {
+	Kind string    `json:"kind"`
+	Spec QuerySpec `json:"spec"`
+}
+
+type QuerySpec struct {
+	Name   string      `json:"name,omitempty"`
+	Plugin QueryPlugin `json:"plugin"`
+}
+
+// ══════════════════════════════════════════════
+// Variable
+// ══════════════════════════════════════════════
+
+// Variable is the list/text sum type. Spec is set to *ListVariableSpec or
+// *dashboard.TextVariableSpec by UnmarshalJSON based on Kind. The schema is a
+// discriminated oneOf (see JSONSchemaOneOf).
+type Variable struct {
+	Kind variable.Kind `json:"kind"`
+	Spec any           `json:"spec"`
+}
+
+func (Variable) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return clearOneOfParentShape(s)
+}
+
+func (v *Variable) UnmarshalJSON(data []byte) error {
+	kind, specJSON, err := extractKindAndSpec(data)
+	if err != nil {
+		return err
+	}
+	switch kind {
+	case string(variable.KindList):
+		spec, err := decodeSpec(specJSON, new(ListVariableSpec), kind)
+		if err != nil {
+			return err
+		}
+		v.Kind = variable.KindList
+		v.Spec = spec
+	case string(variable.KindText):
+		spec, err := decodeSpec(specJSON, new(dashboard.TextVariableSpec), kind)
+		if err != nil {
+			return err
+		}
+		v.Kind = variable.KindText
+		v.Spec = spec
+	default:
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "unknown variable kind %q; allowed values: %s", kind, allowedValuesForKind([]variable.Kind{variable.KindList, variable.KindText}))
+	}
+	return nil
+}
+
+func (Variable) JSONSchemaOneOf() []any {
+	return []any{
+		VariableEnvelope[ListVariableSpec]{Kind: string(variable.KindList)},
+		VariableEnvelope[dashboard.TextVariableSpec]{Kind: string(variable.KindText)},
+	}
+}
+
+type VariableEnvelope[S any] struct {
+	Kind string `json:"kind" required:"true"`
+	Spec S      `json:"spec" required:"true"`
+}
+
+func (v VariableEnvelope[S]) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return restrictKindToOneValue(s, v.Kind)
+}
+
+// ListVariableSpec mirrors dashboard.ListVariableSpec (variable.ListSpec
+// fields + Name) but with a typed VariablePlugin replacing common.Plugin.
+type ListVariableSpec struct {
+	Display         *variable.Display      `json:"display,omitempty"`
+	DefaultValue    *variable.DefaultValue `json:"defaultValue,omitempty"`
+	AllowAllValue   bool                   `json:"allowAllValue"`
+	AllowMultiple   bool                   `json:"allowMultiple"`
+	CustomAllValue  string                 `json:"customAllValue,omitempty"`
+	CapturingRegexp string                 `json:"capturingRegexp,omitempty"`
+	Sort            *variable.Sort         `json:"sort,omitempty"`
+	Plugin          VariablePlugin         `json:"plugin"`
+	Name            string                 `json:"name"`
+}
+
+// ══════════════════════════════════════════════
+// Layout
+// ══════════════════════════════════════════════
+
+// Layout is the dashboard layout sum type. Spec is populated by UnmarshalJSON
+// with the concrete layout spec struct (today only dashboard.GridLayoutSpec)
+// based on Kind. No plugin is involved, so we reuse the Perses spec types as
+// leaf imports.
+type Layout struct {
+	Kind dashboard.LayoutKind `json:"kind"`
+	Spec any                  `json:"spec"`
+}
+
+// layoutSpecs is the layout sum type factory. Perses only defines
+// KindGridLayout today; adding a new kind upstream surfaces as an
+// "unknown layout kind" runtime error here until we add it.
+var layoutSpecs = map[dashboard.LayoutKind]func() any{
+	dashboard.KindGridLayout: func() any { return new(dashboard.GridLayoutSpec) },
+}
+
+func (Layout) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return clearOneOfParentShape(s)
+}
+
+func (l *Layout) UnmarshalJSON(data []byte) error {
+	kind, specJSON, err := extractKindAndSpec(data)
+	if err != nil {
+		return err
+	}
+	factory, ok := layoutSpecs[dashboard.LayoutKind(kind)]
+	if !ok {
+		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "unknown layout kind %q; allowed values: %s", kind, allowedValuesForKind(slices.Sorted(maps.Keys(layoutSpecs))))
+	}
+	spec, err := decodeSpec(specJSON, factory(), kind)
+	if err != nil {
+		return err
+	}
+	l.Kind = dashboard.LayoutKind(kind)
+	l.Spec = spec
+	return nil
+}
+
+func (Layout) JSONSchemaOneOf() []any {
+	return []any{
+		LayoutEnvelope[dashboard.GridLayoutSpec]{Kind: string(dashboard.KindGridLayout)},
+	}
+}
+
+type LayoutEnvelope[S any] struct {
+	Kind string `json:"kind" required:"true"`
+	Spec S      `json:"spec" required:"true"`
+}
+
+func (v LayoutEnvelope[S]) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return restrictKindToOneValue(s, v.Kind)
+}

pkg/types/dashboardtypes/perses_signoz_plugins.go

@@ -8,6 +8,7 @@ import (
 	qb "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/swaggest/jsonschema-go"
 )
 
 // ══════════════════════════════════════════════
@@ -20,11 +21,10 @@ const (
 	VariableKindDynamic VariablePluginKind = "signoz/DynamicVariable"
 	VariableKindQuery   VariablePluginKind = "signoz/QueryVariable"
 	VariableKindCustom  VariablePluginKind = "signoz/CustomVariable"
-	VariableKindTextbox VariablePluginKind = "signoz/TextboxVariable"
 )
 
 func (VariablePluginKind) Enum() []any {
-	return []any{VariableKindDynamic, VariableKindQuery, VariableKindCustom, VariableKindTextbox}
+	return []any{VariableKindDynamic, VariableKindQuery, VariableKindCustom}
 }
 
 type DynamicVariableSpec struct {
@@ -42,8 +42,6 @@ type CustomVariableSpec struct {
 	CustomValue string `json:"customValue" validate:"required" required:"true"`
 }
 
-type TextboxVariableSpec struct{}
-
 // ══════════════════════════════════════════════
 // SigNoz query plugin specs — aliased from querybuildertypesv5
 // ══════════════════════════════════════════════
@@ -87,6 +85,30 @@ func (b *BuilderQuerySpec) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+// MarshalJSON delegates to the inner Spec so the on-wire shape matches what
+// UnmarshalJSON expects (a flat builder-query payload with `signal` at the top
+// level). Without this, Go's default would wrap it as {"Spec": {...}} and the
+// signal-dispatch on read would fail.
+func (b BuilderQuerySpec) MarshalJSON() ([]byte, error) {
+	return json.Marshal(b.Spec)
+}
+
+// PrepareJSONSchema drops the reflected struct shape so only the
+// JSONSchemaOneOf result binds.
+func (BuilderQuerySpec) PrepareJSONSchema(s *jsonschema.Schema) error {
+	return clearOneOfParentShape(s)
+}
+
+// JSONSchemaOneOf exposes the three signal-dispatched shapes a builder query
+// can take. Mirrors qb.UnmarshalBuilderQueryBySignal's runtime dispatch.
+func (BuilderQuerySpec) JSONSchemaOneOf() []any {
+	return []any{
+		qb.QueryBuilderQuery[qb.LogAggregation]{},
+		qb.QueryBuilderQuery[qb.MetricAggregation]{},
+		qb.QueryBuilderQuery[qb.TraceAggregation]{},
+	}
+}
+
 // ══════════════════════════════════════════════
 // SigNoz panel plugin specs
 // ══════════════════════════════════════════════

pkg/types/dashboardtypes/store.go

@@ -2,6 +2,7 @@ package dashboardtypes
 
 import (
 	"context"
+	"time"
 
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
@@ -32,4 +33,23 @@ type Store interface {
 	DeletePublic(context.Context, string) error
 
 	RunInTx(context.Context, func(context.Context) error) error
+
+	// ════════════════════════════════════════════════════════════════════════
+	// v2 dashboard methods
+	// ════════════════════════════════════════════════════════════════════════
+	GetV2(context.Context, valuer.UUID, valuer.UUID) (*StorableDashboard, *StorablePublicDashboard, error)
+
+	// UpdateV2 updates the dashboard's data, updated_at and updated_by columns
+	// only, scoped by org and excluding soft-deleted rows. Uses the caller's
+	// transaction context so it can be made atomic with tag relation changes.
+	UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, data StorableDashboardData) error
+
+	LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, locked bool, updatedBy string) error
+
+	//re-deleting a soft-deleted row returns 0 rows → NotFound.
+	SoftDeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, deletedBy string) error
+
+	ListPurgeable(ctx context.Context, retention time.Duration, limit int) ([]valuer.UUID, error)
+
+	HardDelete(ctx context.Context, ids []valuer.UUID) error
 }

pkg/types/dashboardtypes/testdata/perses.json

@@ -76,11 +76,7 @@
                 "display": {
                     "name": "textboxvar"
                 },
-                "value": "defaultvaluegoeshere",
-                "plugin": {
-                    "kind": "signoz/TextboxVariable",
-                    "spec": {}
-                }
+                "value": "defaultvaluegoeshere"
             }
         }
     ],

pkg/types/ruletypes/maintenance.go

@@ -8,12 +8,12 @@ import (
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/expr-lang/expr"
-	"github.com/prometheus/common/model"
 	"github.com/uptrace/bun"
 )
 
-var ErrCodeInvalidPlannedMaintenancePayload = errors.MustNewCode("invalid_planned_maintenance_payload")
+var (
+	ErrCodeInvalidPlannedMaintenancePayload = errors.MustNewCode("invalid_planned_maintenance_payload")
+)
 
 type MaintenanceStatus struct {
 	valuer.String
@@ -56,37 +56,34 @@ type StorablePlannedMaintenance struct {
 	types.Identifiable
 	types.TimeAuditable
 	types.UserAuditable
-	Name            string    `bun:"name,type:text,notnull"`
-	Description     string    `bun:"description,type:text"`
-	Schedule        *Schedule `bun:"schedule,type:text,notnull"`
-	OrgID           string    `bun:"org_id,type:text"`
-	LabelExpression string    `bun:"label_expression,type:text"`
+	Name        string    `bun:"name,type:text,notnull"`
+	Description string    `bun:"description,type:text"`
+	Schedule    *Schedule `bun:"schedule,type:text,notnull"`
+	OrgID       string    `bun:"org_id,type:text"`
 }
 
 type PlannedMaintenance struct {
-	ID              valuer.UUID       `json:"id" required:"true"`
-	Name            string            `json:"name" required:"true"`
-	Description     string            `json:"description"`
-	Schedule        *Schedule         `json:"schedule" required:"true"`
-	RuleIDs         []string          `json:"alertIds"`
-	LabelExpression string            `json:"labelExpression,omitempty"`
-	CreatedAt       time.Time         `json:"createdAt"`
-	CreatedBy       string            `json:"createdBy"`
-	UpdatedAt       time.Time         `json:"updatedAt"`
-	UpdatedBy       string            `json:"updatedBy"`
-	Status          MaintenanceStatus `json:"status" required:"true"`
-	Kind            MaintenanceKind   `json:"kind" required:"true"`
+	ID          valuer.UUID       `json:"id" required:"true"`
+	Name        string            `json:"name" required:"true"`
+	Description string            `json:"description"`
+	Schedule    *Schedule         `json:"schedule" required:"true"`
+	RuleIDs     []string          `json:"alertIds"`
+	CreatedAt   time.Time         `json:"createdAt"`
+	CreatedBy   string            `json:"createdBy"`
+	UpdatedAt   time.Time         `json:"updatedAt"`
+	UpdatedBy   string            `json:"updatedBy"`
+	Status      MaintenanceStatus `json:"status" required:"true"`
+	Kind        MaintenanceKind   `json:"kind" required:"true"`
 }
 
 // PostablePlannedMaintenance is the input payload for creating or updating a
 // planned maintenance. Server-owned fields (id, timestamps, audit users,
 // derived status / kind) are deliberately not accepted from the client.
 type PostablePlannedMaintenance struct {
-	Name            string    `json:"name" required:"true"`
-	Description     string    `json:"description"`
-	Schedule        *Schedule `json:"schedule" required:"true"`
-	AlertIds        []string  `json:"alertIds"`
-	LabelExpression string    `json:"labelExpression"`
+	Name        string    `json:"name" required:"true"`
+	Description string    `json:"description"`
+	Schedule    *Schedule `json:"schedule" required:"true"`
+	AlertIds    []string  `json:"alertIds"`
 }
 
 func (p *PostablePlannedMaintenance) Validate() error {
@@ -103,11 +100,11 @@ func (p *PostablePlannedMaintenance) Validate() error {
 	if _, err := time.LoadLocation(p.Schedule.Timezone); err != nil {
 		return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "invalid timezone in the payload")
 	}
-	if p.Schedule.StartTime.IsZero() {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "missing start time in the payload")
-	}
-	if !p.Schedule.EndTime.IsZero() && p.Schedule.StartTime.After(p.Schedule.EndTime) {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "start time cannot be after end time")
+
+	if !p.Schedule.StartTime.IsZero() && !p.Schedule.EndTime.IsZero() {
+		if p.Schedule.StartTime.After(p.Schedule.EndTime) {
+			return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "start time cannot be after end time")
+		}
 	}
 
 	if p.Schedule.Recurrence != nil {
@@ -117,10 +114,8 @@ func (p *PostablePlannedMaintenance) Validate() error {
 		if p.Schedule.Recurrence.Duration.IsZero() {
 			return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "missing duration in the payload")
 		}
-	}
-	if p.LabelExpression != "" {
-		if _, err := expr.Compile(p.LabelExpression, expr.AllowUndefinedVariables(), expr.AsBool()); err != nil {
-			return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "invalid label expression: %v", err)
+		if p.Schedule.Recurrence.EndTime != nil && p.Schedule.Recurrence.EndTime.Before(p.Schedule.Recurrence.StartTime) {
+			return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "end time cannot be before start time")
 		}
 	}
 	return nil
@@ -138,7 +133,7 @@ type PlannedMaintenanceWithRules struct {
 	Rules                       []*StorablePlannedMaintenanceRule `bun:"rel:has-many,join:id=planned_maintenance_id"`
 }
 
-func (m *PlannedMaintenance) ShouldSkip(ruleID string, now time.Time, lset model.LabelSet) bool {
+func (m *PlannedMaintenance) ShouldSkip(ruleID string, now time.Time) bool {
 	// Check if the alert ID is in the maintenance window
 	found := false
 	if len(m.RuleIDs) > 0 {
@@ -158,86 +153,60 @@ func (m *PlannedMaintenance) ShouldSkip(ruleID string, now time.Time, lset model
 		return false
 	}
 
-	if !m.isScheduleActive(now) {
-		return false
-	}
-
-	// lset is empty when called from IsActive (no instance labels available);
-	// skip expression filtering in that case.
-	if m.LabelExpression != "" && len(lset) != 0 {
-		if !evalLabelExpression(m.LabelExpression, lset) {
-			return false
-		}
-	}
-
-	return true
-}
-
-// isScheduleActive reports whether now falls inside the maintenance window's schedule.
-func (m *PlannedMaintenance) isScheduleActive(now time.Time) bool {
+	// If alert is found, we check if it should be skipped based on the schedule
 	loc, err := time.LoadLocation(m.Schedule.Timezone)
 	if err != nil {
 		return false
 	}
 
-	// TODO(jatinderjit): `In(loc)` conversions seem redundant
 	currentTime := now.In(loc)
-	startTime := m.Schedule.StartTime.In(loc)
-	endTime := m.Schedule.EndTime.In(loc)
 
-	// Maintenance window hasn't yet started
-	if currentTime.Before(startTime) {
-		return false
-	}
-
-	// Maintenance window has ended
-	if !endTime.IsZero() && currentTime.After(endTime) {
-		return false
-	}
-
-	// Fixed schedule (startTime <= currentTime <= endTime)
-	if m.Schedule.Recurrence == nil {
-		return true
+	// fixed schedule
+	if !m.Schedule.StartTime.IsZero() && !m.Schedule.EndTime.IsZero() {
+		startTime := m.Schedule.StartTime.In(loc)
+		endTime := m.Schedule.EndTime.In(loc)
+		if currentTime.Equal(startTime) || currentTime.Equal(endTime) ||
+			(currentTime.After(startTime) && currentTime.Before(endTime)) {
+			return true
+		}
 	}
 
 	// recurring schedule
-	switch m.Schedule.Recurrence.RepeatType {
-	case RepeatTypeDaily:
-		return m.checkDaily(currentTime, m.Schedule.Recurrence, loc)
-	case RepeatTypeWeekly:
-		return m.checkWeekly(currentTime, m.Schedule.Recurrence, loc)
-	case RepeatTypeMonthly:
-		return m.checkMonthly(currentTime, m.Schedule.Recurrence, loc)
+	if m.Schedule.Recurrence != nil {
+		start := m.Schedule.Recurrence.StartTime
+
+		// Make sure the recurrence has started
+		if currentTime.Before(start.In(loc)) {
+			return false
+		}
+
+		// Check if recurrence has expired
+		if m.Schedule.Recurrence.EndTime != nil {
+			endTime := *m.Schedule.Recurrence.EndTime
+			if !endTime.IsZero() && currentTime.After(endTime.In(loc)) {
+				return false
+			}
+		}
+
+		switch m.Schedule.Recurrence.RepeatType {
+		case RepeatTypeDaily:
+			return m.checkDaily(currentTime, m.Schedule.Recurrence, loc)
+		case RepeatTypeWeekly:
+			return m.checkWeekly(currentTime, m.Schedule.Recurrence, loc)
+		case RepeatTypeMonthly:
+			return m.checkMonthly(currentTime, m.Schedule.Recurrence, loc)
+		}
 	}
 
 	return false
 }
 
-// evalLabelExpression compiles and runs the expression against the provided labels.
-// Returns false on any error (safety-first: don't suppress on a bad expression).
-func evalLabelExpression(expression string, lset model.LabelSet) bool {
-	env := make(map[string]interface{}, len(lset))
-	for k, v := range lset {
-		env[string(k)] = string(v)
-	}
-	program, err := expr.Compile(expression, expr.Env(env), expr.AllowUndefinedVariables())
-	if err != nil {
-		return false
-	}
-	output, err := expr.Run(program, env)
-	if err != nil {
-		return false
-	}
-	result, ok := output.(bool)
-	return ok && result
-}
-
 // checkDaily rebases the recurrence start to today (or yesterday if needed)
 // and returns true if currentTime is within [candidate, candidate+Duration].
 func (m *PlannedMaintenance) checkDaily(currentTime time.Time, rec *Recurrence, loc *time.Location) bool {
 	candidate := time.Date(
 		currentTime.Year(), currentTime.Month(), currentTime.Day(),
-		m.Schedule.StartTime.Hour(), m.Schedule.StartTime.Minute(), 0, 0,
+		rec.StartTime.Hour(), rec.StartTime.Minute(), 0, 0,
 		loc,
 	)
 	if candidate.After(currentTime) {
@@ -265,7 +234,7 @@ func (m *PlannedMaintenance) checkWeekly(currentTime time.Time, rec *Recurrence,
 		// Build a candidate occurrence by rebasing today's date to the allowed weekday.
 		candidate := time.Date(
 			currentTime.Year(), currentTime.Month(), currentTime.Day(),
-			m.Schedule.StartTime.Hour(), m.Schedule.StartTime.Minute(), 0, 0,
+			rec.StartTime.Hour(), rec.StartTime.Minute(), 0, 0,
 			loc,
 		).AddDate(0, 0, delta)
 		// If the candidate is in the future, subtract 7 days.
@@ -282,8 +251,7 @@ func (m *PlannedMaintenance) checkWeekly(currentTime time.Time, rec *Recurrence,
 // checkMonthly rebases the candidate occurrence using the recurrence's day-of-month.
 // If the candidate for the current month is in the future, it uses the previous month.
 func (m *PlannedMaintenance) checkMonthly(currentTime time.Time, rec *Recurrence, loc *time.Location) bool {
-	startTime := m.Schedule.StartTime
-	refDay := startTime.Day()
+	refDay := rec.StartTime.Day()
 	year, month, _ := currentTime.Date()
 	lastDay := time.Date(year, month+1, 0, 0, 0, 0, 0, loc).Day()
 	day := refDay
@@ -291,7 +259,7 @@ func (m *PlannedMaintenance) checkMonthly(currentTime time.Time, rec *Recurrence
 		day = lastDay
 	}
 	candidate := time.Date(year, month, day,
-		startTime.Hour(), startTime.Minute(), startTime.Second(), startTime.Nanosecond(),
+		rec.StartTime.Hour(), rec.StartTime.Minute(), rec.StartTime.Second(), rec.StartTime.Nanosecond(),
 		loc,
 	)
 	if candidate.After(currentTime) {
@@ -301,12 +269,12 @@ func (m *PlannedMaintenance) checkMonthly(currentTime time.Time, rec *Recurrence
 		lastDayPrev := time.Date(y, m+1, 0, 0, 0, 0, 0, loc).Day()
 		if refDay > lastDayPrev {
 			candidate = time.Date(y, m, lastDayPrev,
-				startTime.Hour(), startTime.Minute(), startTime.Second(), startTime.Nanosecond(),
+				rec.StartTime.Hour(), rec.StartTime.Minute(), rec.StartTime.Second(), rec.StartTime.Nanosecond(),
 				loc,
 			)
 		} else {
 			candidate = time.Date(y, m, refDay,
-				startTime.Hour(), startTime.Minute(), startTime.Second(), startTime.Nanosecond(),
+				rec.StartTime.Hour(), rec.StartTime.Minute(), rec.StartTime.Second(), rec.StartTime.Nanosecond(),
 				loc,
 			)
 		}
@@ -319,7 +287,7 @@ func (m *PlannedMaintenance) IsActive(now time.Time) bool {
 	if len(m.RuleIDs) > 0 {
 		ruleID = (m.RuleIDs)[0]
 	}
-	return m.ShouldSkip(ruleID, now, nil)
+	return m.ShouldSkip(ruleID, now)
 }
 
 func (m *PlannedMaintenance) IsUpcoming() bool {
@@ -328,7 +296,14 @@ func (m *PlannedMaintenance) IsUpcoming() bool {
 		return false
 	}
 	now := time.Now().In(loc)
-	return now.Before(m.Schedule.StartTime)
+
+	if !m.Schedule.StartTime.IsZero() && !m.Schedule.EndTime.IsZero() {
+		return now.Before(m.Schedule.StartTime)
+	}
+	if m.Schedule.Recurrence != nil {
+		return now.Before(m.Schedule.Recurrence.StartTime)
+	}
+	return false
 }
 
 func (m *PlannedMaintenance) IsRecurring() bool {
@@ -345,16 +320,16 @@ func (m *PlannedMaintenance) Validate() error {
 	if m.Schedule.Timezone == "" {
 		return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "missing timezone in the payload")
 	}
+
 	_, err := time.LoadLocation(m.Schedule.Timezone)
 	if err != nil {
 		return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "invalid timezone in the payload")
 	}
-	if m.Schedule.StartTime.IsZero() {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "missing start time in the payload")
-	}
 
-	if !m.Schedule.EndTime.IsZero() && m.Schedule.StartTime.After(m.Schedule.EndTime) {
-		return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "start time cannot be after end time")
+	if !m.Schedule.StartTime.IsZero() && !m.Schedule.EndTime.IsZero() {
+		if m.Schedule.StartTime.After(m.Schedule.EndTime) {
+			return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "start time cannot be after end time")
+		}
 	}
 
 	if m.Schedule.Recurrence != nil {
@@ -364,6 +339,9 @@ func (m *PlannedMaintenance) Validate() error {
 		if m.Schedule.Recurrence.Duration.IsZero() {
 			return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "missing duration in the payload")
 		}
+		if m.Schedule.Recurrence.EndTime != nil && m.Schedule.Recurrence.EndTime.Before(m.Schedule.Recurrence.StartTime) {
+			return errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidPlannedMaintenancePayload, "end time cannot be before start time")
+		}
 	}
 	return nil
 }
@@ -387,31 +365,29 @@ func (m PlannedMaintenance) MarshalJSON() ([]byte, error) {
 	}
 
 	return json.Marshal(struct {
-		ID              valuer.UUID       `json:"id" db:"id"`
-		Name            string            `json:"name" db:"name"`
-		Description     string            `json:"description" db:"description"`
-		Schedule        *Schedule         `json:"schedule" db:"schedule"`
-		AlertIds        []string          `json:"alertIds" db:"alert_ids"`
-		LabelExpression string            `json:"labelExpression,omitempty"`
-		CreatedAt       time.Time         `json:"createdAt" db:"created_at"`
-		CreatedBy       string            `json:"createdBy" db:"created_by"`
-		UpdatedAt       time.Time         `json:"updatedAt" db:"updated_at"`
-		UpdatedBy       string            `json:"updatedBy" db:"updated_by"`
-		Status          MaintenanceStatus `json:"status"`
-		Kind            MaintenanceKind   `json:"kind"`
+		ID          valuer.UUID       `json:"id" db:"id"`
+		Name        string            `json:"name" db:"name"`
+		Description string            `json:"description" db:"description"`
+		Schedule    *Schedule         `json:"schedule" db:"schedule"`
+		AlertIds    []string          `json:"alertIds" db:"alert_ids"`
+		CreatedAt   time.Time         `json:"createdAt" db:"created_at"`
+		CreatedBy   string            `json:"createdBy" db:"created_by"`
+		UpdatedAt   time.Time         `json:"updatedAt" db:"updated_at"`
+		UpdatedBy   string            `json:"updatedBy" db:"updated_by"`
+		Status      MaintenanceStatus `json:"status"`
+		Kind        MaintenanceKind   `json:"kind"`
 	}{
-		ID:              m.ID,
-		Name:            m.Name,
-		Description:     m.Description,
-		Schedule:        m.Schedule,
-		AlertIds:        m.RuleIDs,
-		LabelExpression: m.LabelExpression,
-		CreatedAt:       m.CreatedAt,
-		CreatedBy:       m.CreatedBy,
-		UpdatedAt:       m.UpdatedAt,
-		UpdatedBy:       m.UpdatedBy,
-		Status:          status,
-		Kind:            kind,
+		ID:          m.ID,
+		Name:        m.Name,
+		Description: m.Description,
+		Schedule:    m.Schedule,
+		AlertIds:    m.RuleIDs,
+		CreatedAt:   m.CreatedAt,
+		CreatedBy:   m.CreatedBy,
+		UpdatedAt:   m.UpdatedAt,
+		UpdatedBy:   m.UpdatedBy,
+		Status:      status,
+		Kind:        kind,
 	})
 }
 
@@ -424,16 +400,15 @@ func (m *PlannedMaintenanceWithRules) ToPlannedMaintenance() *PlannedMaintenance
 	}
 
 	return &PlannedMaintenance{
-		ID:              m.ID,
-		Name:            m.Name,
-		Description:     m.Description,
-		Schedule:        m.Schedule,
-		RuleIDs:         ruleIDs,
-		LabelExpression: m.LabelExpression,
-		CreatedAt:       m.CreatedAt,
-		UpdatedAt:       m.UpdatedAt,
-		CreatedBy:       m.CreatedBy,
-		UpdatedBy:       m.UpdatedBy,
+		ID:          m.ID,
+		Name:        m.Name,
+		Description: m.Description,
+		Schedule:    m.Schedule,
+		RuleIDs:     ruleIDs,
+		CreatedAt:   m.CreatedAt,
+		UpdatedAt:   m.UpdatedAt,
+		CreatedBy:   m.CreatedBy,
+		UpdatedBy:   m.UpdatedBy,
 	}
 }
 

pkg/types/ruletypes/maintenance_test.go

@@ -5,10 +5,15 @@ import (
 	"time"
 
 	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/prometheus/common/model"
 )
 
+// Helper function to create a time pointer.
+func timePtr(t time.Time) *time.Time {
+	return &t
+}
+
 func TestShouldSkipMaintenance(t *testing.T) {
+
 	cases := []struct {
 		name        string
 		maintenance *PlannedMaintenance
@@ -19,9 +24,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "only-on-saturday",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "Europe/London",
-					StartTime: time.Date(2025, 3, 1, 0, 0, 0, 0, time.UTC),
+					Timezone: "Europe/London",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2025, 3, 1, 0, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("24h"),
 						RepeatType: RepeatTypeWeekly,
 						RepeatOn:   []RepeatOn{RepeatOnMonday, RepeatOnTuesday, RepeatOnWednesday, RepeatOnThursday, RepeatOnFriday, RepeatOnSunday},
@@ -36,10 +41,10 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "weekly-across-midnight-previous-day",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 22, 0, 0, 0, time.UTC), // Monday 22:00
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("4h"), // Until Tuesday 02:00
+						StartTime:  time.Date(2024, 4, 1, 22, 0, 0, 0, time.UTC), // Monday 22:00
+						Duration:   valuer.MustParseTextDuration("4h"),           // Until Tuesday 02:00
 						RepeatType: RepeatTypeWeekly,
 						RepeatOn:   []RepeatOn{RepeatOnMonday}, // Only Monday
 					},
@@ -53,10 +58,10 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "weekly-across-midnight-previous-day",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 22, 0, 0, 0, time.UTC), // Monday 22:00
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("4h"), // Until Tuesday 02:00
+						StartTime:  time.Date(2024, 4, 1, 22, 0, 0, 0, time.UTC), // Monday 22:00
+						Duration:   valuer.MustParseTextDuration("4h"),           // Until Tuesday 02:00
 						RepeatType: RepeatTypeWeekly,
 						RepeatOn:   []RepeatOn{RepeatOnMonday}, // Only Monday
 					},
@@ -70,10 +75,10 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "weekly-across-midnight-previous-day",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 22, 0, 0, 0, time.UTC), // Monday 22:00
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("52h"), // Until Thursday 02:00
+						StartTime:  time.Date(2024, 4, 1, 22, 0, 0, 0, time.UTC), // Monday 22:00
+						Duration:   valuer.MustParseTextDuration("52h"),          // Until Thursday 02:00
 						RepeatType: RepeatTypeWeekly,
 						RepeatOn:   []RepeatOn{RepeatOnMonday}, // Only Monday
 					},
@@ -87,10 +92,10 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "weekly-across-midnight-previous-day-not-in-repeaton",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 2, 22, 0, 0, 0, time.UTC), // Tuesday 22:00
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("4h"), // Until Wednesday 02:00
+						StartTime:  time.Date(2024, 4, 2, 22, 0, 0, 0, time.UTC), // Tuesday 22:00
+						Duration:   valuer.MustParseTextDuration("4h"),           // Until Wednesday 02:00
 						RepeatType: RepeatTypeWeekly,
 						RepeatOn:   []RepeatOn{RepeatOnTuesday}, // Only Tuesday
 					},
@@ -104,10 +109,10 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "daily-maintenance-across-midnight",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 23, 0, 0, 0, time.UTC), // 23:00
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"), // Until 01:00 next day
+						StartTime:  time.Date(2024, 1, 1, 23, 0, 0, 0, time.UTC), // 23:00
+						Duration:   valuer.MustParseTextDuration("2h"),           // Until 01:00 next day
 						RepeatType: RepeatTypeDaily,
 					},
 				},
@@ -120,9 +125,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "at-start-time-boundary",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeDaily,
 					},
@@ -136,9 +141,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "at-end-time-boundary",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeDaily,
 					},
@@ -152,9 +157,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "monthly-multi-day-duration",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 28, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 28, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("72h"), // 3 days
 						RepeatType: RepeatTypeMonthly,
 					},
@@ -168,9 +173,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "weekly-multi-day-duration",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 28, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 28, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("72h"), // 3 days
 						RepeatType: RepeatTypeWeekly,
 						RepeatOn:   []RepeatOn{RepeatOnSunday},
@@ -185,9 +190,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "monthly-crosses-to-next-month",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 30, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 30, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("48h"), // 2 days, crosses to Feb 1
 						RepeatType: RepeatTypeMonthly,
 					},
@@ -201,9 +206,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "timezone-offset-test",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "America/New_York", // UTC-5 or UTC-4 depending on DST
-					StartTime: time.Date(2024, 1, 1, 22, 0, 0, 0, time.FixedZone("America/New_York", -5*3600)),
+					Timezone: "America/New_York", // UTC-5 or UTC-4 depending on DST
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 22, 0, 0, 0, time.FixedZone("America/New_York", -5*3600)),
 						Duration:   valuer.MustParseTextDuration("4h"),
 						RepeatType: RepeatTypeDaily,
 					},
@@ -217,9 +222,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "daily-maintenance-time-outside-window",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeDaily,
 					},
@@ -233,10 +238,10 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "recurring-maintenance-with-past-end-date",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
-					EndTime:   time.Date(2024, 1, 10, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
+						EndTime:    timePtr(time.Date(2024, 1, 10, 12, 0, 0, 0, time.UTC)),
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeDaily,
 					},
@@ -250,10 +255,10 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "monthly-maintenance-spans-month-end",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 3, 31, 22, 0, 0, 0, time.UTC), // March 31, 22:00
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("6h"), // Until April 1, 04:00
+						StartTime:  time.Date(2024, 3, 31, 22, 0, 0, 0, time.UTC), // March 31, 22:00
+						Duration:   valuer.MustParseTextDuration("6h"),            // Until April 1, 04:00
 						RepeatType: RepeatTypeMonthly,
 					},
 				},
@@ -266,9 +271,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "weekly-empty-repeaton",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 4, 1, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeWeekly,
 						RepeatOn:   []RepeatOn{}, // Empty - should apply to all days
@@ -283,9 +288,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "monthly-maintenance-february-fewer-days",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 31, 12, 0, 0, 0, time.UTC), // January 31st
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 31, 12, 0, 0, 0, time.UTC), // January 31st
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeMonthly,
 					},
@@ -298,9 +303,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "daily-maintenance-crosses-midnight",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 23, 30, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 23, 30, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("1h"), // Crosses to 00:30 next day
 						RepeatType: RepeatTypeDaily,
 					},
@@ -313,9 +318,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "monthly-maintenance-crosses-month-end",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 31, 12, 0, 0, 0, time.UTC), // January 31st
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 31, 12, 0, 0, 0, time.UTC), // January 31st
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeMonthly,
 					},
@@ -328,9 +333,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "monthly-maintenance-crosses-month-end-and-duration-is-2-days",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 30, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 30, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("48h"), // 2 days duration
 						RepeatType: RepeatTypeMonthly,
 					},
@@ -343,10 +348,10 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "weekly-maintenance-crosses-midnight",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 23, 0, 0, 0, time.UTC), // Monday 23:00
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"), // Until Tuesday 01:00
+						StartTime:  time.Date(2024, 4, 1, 23, 0, 0, 0, time.UTC), // Monday 23:00
+						Duration:   valuer.MustParseTextDuration("2h"),           // Until Tuesday 01:00
 						RepeatType: RepeatTypeWeekly,
 						RepeatOn:   []RepeatOn{RepeatOnMonday}, // Only Monday
 					},
@@ -359,9 +364,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "monthly-maintenance-crosses-month-end-and-duration-is-2-days",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 31, 12, 0, 0, 0, time.UTC), // January 31st
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 31, 12, 0, 0, 0, time.UTC), // January 31st
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeMonthly,
 					},
@@ -374,9 +379,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "daily-maintenance-crosses-midnight",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 22, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 22, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("4h"), // Until 02:00 next day
 						RepeatType: RepeatTypeDaily,
 					},
@@ -389,9 +394,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "monthly-maintenance-crosses-month-end-and-duration-is-2-hours",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 31, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 31, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeMonthly,
 					},
@@ -440,9 +445,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "recurring maintenance, repeat sunday, saturday, weekly for 24 hours, in Us/Eastern timezone",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "US/Eastern",
-					StartTime: time.Date(2025, 3, 29, 20, 0, 0, 0, time.FixedZone("US/Eastern", -4*3600)),
+					Timezone: "US/Eastern",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2025, 3, 29, 20, 0, 0, 0, time.FixedZone("US/Eastern", -4*3600)),
 						Duration:   valuer.MustParseTextDuration("24h"),
 						RepeatType: RepeatTypeWeekly,
 						RepeatOn:   []RepeatOn{RepeatOnSunday, RepeatOnSaturday},
@@ -456,9 +461,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "recurring maintenance, repeat daily from 12:00 to 14:00",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeDaily,
 					},
@@ -471,9 +476,9 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "recurring maintenance, repeat daily from 12:00 to 14:00",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeDaily,
 					},
@@ -486,182 +491,146 @@ func TestShouldSkipMaintenance(t *testing.T) {
 			name: "recurring maintenance, repeat daily from 12:00 to 14:00",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("2h"),
 						RepeatType: RepeatTypeDaily,
 					},
 				},
 			},
-			ts:   time.Date(2024, 4, 1, 12, 10, 0, 0, time.UTC),
+			ts:   time.Date(2024, 04, 1, 12, 10, 0, 0, time.UTC),
 			skip: true,
 		},
 		{
 			name: "recurring maintenance, repeat weekly on monday from 12:00 to 14:00",
-			maintenance: &PlannedMaintenance{
-				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 12, 0, 0, 0, time.UTC),
-					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"),
-						RepeatType: RepeatTypeWeekly,
-						RepeatOn:   []RepeatOn{RepeatOnMonday},
-					},
-				},
-			},
-			ts:   time.Date(2024, 4, 15, 12, 10, 0, 0, time.UTC),
-			skip: true,
-		},
-		{
-			name: "recurring maintenance, repeat weekly on monday from 12:00 to 14:00",
-			maintenance: &PlannedMaintenance{
-				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 12, 0, 0, 0, time.UTC),
-					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"),
-						RepeatType: RepeatTypeWeekly,
-						RepeatOn:   []RepeatOn{RepeatOnMonday},
-					},
-				},
-			},
-			ts:   time.Date(2024, 4, 14, 12, 10, 0, 0, time.UTC), // 14th 04 is sunday
-			skip: false,
-		},
-		{
-			name: "recurring maintenance, repeat weekly on monday from 12:00 to 14:00",
-			maintenance: &PlannedMaintenance{
-				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 12, 0, 0, 0, time.UTC),
-					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"),
-						RepeatType: RepeatTypeWeekly,
-						RepeatOn:   []RepeatOn{RepeatOnMonday},
-					},
-				},
-			},
-			ts:   time.Date(2024, 4, 16, 12, 10, 0, 0, time.UTC), // 16th 04 is tuesday
-			skip: false,
-		},
-		{
-			name: "recurring maintenance, repeat weekly on monday from 12:00 to 14:00",
-			maintenance: &PlannedMaintenance{
-				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 12, 0, 0, 0, time.UTC),
-					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"),
-						RepeatType: RepeatTypeWeekly,
-						RepeatOn:   []RepeatOn{RepeatOnMonday},
-					},
-				},
-			},
-			ts:   time.Date(2024, 5, 6, 12, 10, 0, 0, time.UTC),
-			skip: true,
-		},
-		{
-			name: "recurring maintenance, repeat weekly on monday from 12:00 to 14:00",
-			maintenance: &PlannedMaintenance{
-				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 1, 12, 0, 0, 0, time.UTC),
-					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"),
-						RepeatType: RepeatTypeWeekly,
-						RepeatOn:   []RepeatOn{RepeatOnMonday},
-					},
-				},
-			},
-			ts:   time.Date(2024, 5, 6, 14, 0, 0, 0, time.UTC),
-			skip: true,
-		},
-		{
-			name: "recurring maintenance, repeat monthly on 4th from 12:00 to 14:00",
-			maintenance: &PlannedMaintenance{
-				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 4, 12, 0, 0, 0, time.UTC),
-					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"),
-						RepeatType: RepeatTypeMonthly,
-					},
-				},
-			},
-			ts:   time.Date(2024, 4, 4, 12, 10, 0, 0, time.UTC),
-			skip: true,
-		},
-		{
-			name: "recurring maintenance, repeat monthly on 4th from 12:00 to 14:00",
-			maintenance: &PlannedMaintenance{
-				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 4, 12, 0, 0, 0, time.UTC),
-					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"),
-						RepeatType: RepeatTypeMonthly,
-					},
-				},
-			},
-			ts:   time.Date(2024, 4, 4, 14, 10, 0, 0, time.UTC),
-			skip: false,
-		},
-		{
-			name: "recurring maintenance, repeat monthly on 4th from 12:00 to 14:00",
-			maintenance: &PlannedMaintenance{
-				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2024, 4, 4, 12, 0, 0, 0, time.UTC),
-					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"),
-						RepeatType: RepeatTypeMonthly,
-					},
-				},
-			},
-			ts:   time.Date(2024, 5, 4, 12, 10, 0, 0, time.UTC),
-			skip: true,
-		},
-		// The recurrence should govern, when set. Not the fixed range.
-		{
-			name: "recurring-daily-with-fixed-times-outside-daily-window",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
 					Timezone: "UTC",
-					// These fixed fields should be ignored when Recurrence is set.
-					StartTime: time.Date(2026, 4, 1, 14, 0, 0, 0, time.UTC), // daily at 14:00
-					EndTime:   time.Date(2026, 4, 30, 18, 0, 0, 0, time.UTC),
 					Recurrence: &Recurrence{
-						Duration:   valuer.MustParseTextDuration("2h"), // until 16:00
-						RepeatType: RepeatTypeDaily,
+						StartTime:  time.Date(2024, 04, 01, 12, 0, 0, 0, time.UTC),
+						Duration:   valuer.MustParseTextDuration("2h"),
+						RepeatType: RepeatTypeWeekly,
+						RepeatOn:   []RepeatOn{RepeatOnMonday},
 					},
 				},
 			},
-			// 2026-04-15 11:00 is inside the fixed range but outside the daily 14:00-16:00 window.
-			ts:   time.Date(2026, 4, 15, 11, 0, 0, 0, time.UTC),
+			ts:   time.Date(2024, 04, 15, 12, 10, 0, 0, time.UTC),
+			skip: true,
+		},
+		{
+			name: "recurring maintenance, repeat weekly on monday from 12:00 to 14:00",
+			maintenance: &PlannedMaintenance{
+				Schedule: &Schedule{
+					Timezone: "UTC",
+					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 04, 01, 12, 0, 0, 0, time.UTC),
+						Duration:   valuer.MustParseTextDuration("2h"),
+						RepeatType: RepeatTypeWeekly,
+						RepeatOn:   []RepeatOn{RepeatOnMonday},
+					},
+				},
+			},
+			ts:   time.Date(2024, 04, 14, 12, 10, 0, 0, time.UTC), // 14th 04 is sunday
 			skip: false,
 		},
 		{
-			name: "recurring-daily-with-fixed-times-inside-daily-window",
+			name: "recurring maintenance, repeat weekly on monday from 12:00 to 14:00",
 			maintenance: &PlannedMaintenance{
 				Schedule: &Schedule{
-					Timezone:  "UTC",
-					StartTime: time.Date(2026, 4, 1, 14, 0, 0, 0, time.UTC),
-					EndTime:   time.Date(2026, 4, 30, 18, 0, 0, 0, time.UTC),
+					Timezone: "UTC",
 					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 04, 01, 12, 0, 0, 0, time.UTC),
 						Duration:   valuer.MustParseTextDuration("2h"),
-						RepeatType: RepeatTypeDaily,
+						RepeatType: RepeatTypeWeekly,
+						RepeatOn:   []RepeatOn{RepeatOnMonday},
 					},
 				},
 			},
-			// 15:00 is inside the daily 14:00-16:00 window. Should skip.
-			ts:   time.Date(2026, 4, 15, 15, 0, 0, 0, time.UTC),
+			ts:   time.Date(2024, 04, 16, 12, 10, 0, 0, time.UTC), // 16th 04 is tuesday
+			skip: false,
+		},
+		{
+			name: "recurring maintenance, repeat weekly on monday from 12:00 to 14:00",
+			maintenance: &PlannedMaintenance{
+				Schedule: &Schedule{
+					Timezone: "UTC",
+					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 04, 01, 12, 0, 0, 0, time.UTC),
+						Duration:   valuer.MustParseTextDuration("2h"),
+						RepeatType: RepeatTypeWeekly,
+						RepeatOn:   []RepeatOn{RepeatOnMonday},
+					},
+				},
+			},
+			ts:   time.Date(2024, 05, 06, 12, 10, 0, 0, time.UTC),
+			skip: true,
+		},
+		{
+			name: "recurring maintenance, repeat weekly on monday from 12:00 to 14:00",
+			maintenance: &PlannedMaintenance{
+				Schedule: &Schedule{
+					Timezone: "UTC",
+					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 04, 01, 12, 0, 0, 0, time.UTC),
+						Duration:   valuer.MustParseTextDuration("2h"),
+						RepeatType: RepeatTypeWeekly,
+						RepeatOn:   []RepeatOn{RepeatOnMonday},
+					},
+				},
+			},
+			ts:   time.Date(2024, 05, 06, 14, 00, 0, 0, time.UTC),
+			skip: true,
+		},
+		{
+			name: "recurring maintenance, repeat monthly on 4th from 12:00 to 14:00",
+			maintenance: &PlannedMaintenance{
+				Schedule: &Schedule{
+					Timezone: "UTC",
+					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 04, 04, 12, 0, 0, 0, time.UTC),
+						Duration:   valuer.MustParseTextDuration("2h"),
+						RepeatType: RepeatTypeMonthly,
+					},
+				},
+			},
+			ts:   time.Date(2024, 04, 04, 12, 10, 0, 0, time.UTC),
+			skip: true,
+		},
+		{
+			name: "recurring maintenance, repeat monthly on 4th from 12:00 to 14:00",
+			maintenance: &PlannedMaintenance{
+				Schedule: &Schedule{
+					Timezone: "UTC",
+					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 04, 04, 12, 0, 0, 0, time.UTC),
+						Duration:   valuer.MustParseTextDuration("2h"),
+						RepeatType: RepeatTypeMonthly,
+					},
+				},
+			},
+			ts:   time.Date(2024, 04, 04, 14, 10, 0, 0, time.UTC),
+			skip: false,
+		},
+		{
+			name: "recurring maintenance, repeat monthly on 4th from 12:00 to 14:00",
+			maintenance: &PlannedMaintenance{
+				Schedule: &Schedule{
+					Timezone: "UTC",
+					Recurrence: &Recurrence{
+						StartTime:  time.Date(2024, 04, 04, 12, 0, 0, 0, time.UTC),
+						Duration:   valuer.MustParseTextDuration("2h"),
+						RepeatType: RepeatTypeMonthly,
+					},
+				},
+			},
+			ts:   time.Date(2024, 05, 04, 12, 10, 0, 0, time.UTC),
 			skip: true,
 		},
 	}
 
 	for idx, c := range cases {
-		result := c.maintenance.ShouldSkip(c.name, c.ts, model.LabelSet{})
+		result := c.maintenance.ShouldSkip(c.name, c.ts)
 		if result != c.skip {
 			t.Errorf("skip %v, got %v, case:%d - %s", c.skip, result, idx, c.name)
 		}

pkg/types/ruletypes/recurrence.go

@@ -67,6 +67,8 @@ var RepeatOnAllMap = map[RepeatOn]time.Weekday{
 }
 
 type Recurrence struct {
+	StartTime  time.Time           `json:"startTime" required:"true"`
+	EndTime    *time.Time          `json:"endTime,omitempty"`
 	Duration   valuer.TextDuration `json:"duration" required:"true"`
 	RepeatType RepeatType          `json:"repeatType" required:"true"`
 	RepeatOn   []RepeatOn          `json:"repeatOn"`
@@ -103,16 +105,33 @@ func (s Schedule) MarshalJSON() ([]byte, error) {
 		endTime = time.Date(s.EndTime.Year(), s.EndTime.Month(), s.EndTime.Day(), s.EndTime.Hour(), s.EndTime.Minute(), s.EndTime.Second(), s.EndTime.Nanosecond(), loc)
 	}
 
+	var recurrence *Recurrence
+	if s.Recurrence != nil {
+		recStartTime := time.Date(s.Recurrence.StartTime.Year(), s.Recurrence.StartTime.Month(), s.Recurrence.StartTime.Day(), s.Recurrence.StartTime.Hour(), s.Recurrence.StartTime.Minute(), s.Recurrence.StartTime.Second(), s.Recurrence.StartTime.Nanosecond(), loc)
+		var recEndTime *time.Time
+		if s.Recurrence.EndTime != nil {
+			end := time.Date(s.Recurrence.EndTime.Year(), s.Recurrence.EndTime.Month(), s.Recurrence.EndTime.Day(), s.Recurrence.EndTime.Hour(), s.Recurrence.EndTime.Minute(), s.Recurrence.EndTime.Second(), s.Recurrence.EndTime.Nanosecond(), loc)
+			recEndTime = &end
+		}
+		recurrence = &Recurrence{
+			StartTime:  recStartTime,
+			EndTime:    recEndTime,
+			Duration:   s.Recurrence.Duration,
+			RepeatType: s.Recurrence.RepeatType,
+			RepeatOn:   s.Recurrence.RepeatOn,
+		}
+	}
+
 	return json.Marshal(&struct {
 		Timezone   string      `json:"timezone"`
-		StartTime  time.Time   `json:"startTime"`
-		EndTime    time.Time   `json:"endTime,omitzero"`
+		StartTime  string      `json:"startTime"`
+		EndTime    string      `json:"endTime"`
 		Recurrence *Recurrence `json:"recurrence,omitempty"`
 	}{
 		Timezone:   s.Timezone,
-		StartTime:  startTime,
-		EndTime:    endTime,
-		Recurrence: s.Recurrence,
+		StartTime:  startTime.Format(time.RFC3339),
+		EndTime:    endTime.Format(time.RFC3339),
+		Recurrence: recurrence,
 	})
 }
 
@@ -147,11 +166,34 @@ func (s *Schedule) UnmarshalJSON(data []byte) error {
 		if err != nil {
 			return err
 		}
-		// TODO(jatinderjit): if endTime.IsZero() then we should not set the endTime
 		s.EndTime = time.Date(endTime.Year(), endTime.Month(), endTime.Day(), endTime.Hour(), endTime.Minute(), endTime.Second(), endTime.Nanosecond(), loc)
 	}
 
 	s.Timezone = aux.Timezone
-	s.Recurrence = aux.Recurrence
+
+	if aux.Recurrence != nil {
+		recStartTime, err := time.Parse(time.RFC3339, aux.Recurrence.StartTime.Format(time.RFC3339))
+		if err != nil {
+			return err
+		}
+
+		var recEndTime *time.Time
+		if aux.Recurrence.EndTime != nil {
+			end, err := time.Parse(time.RFC3339, aux.Recurrence.EndTime.Format(time.RFC3339))
+			if err != nil {
+				return err
+			}
+			endConverted := time.Date(end.Year(), end.Month(), end.Day(), end.Hour(), end.Minute(), end.Second(), end.Nanosecond(), loc)
+			recEndTime = &endConverted
+		}
+
+		s.Recurrence = &Recurrence{
+			StartTime:  time.Date(recStartTime.Year(), recStartTime.Month(), recStartTime.Day(), recStartTime.Hour(), recStartTime.Minute(), recStartTime.Second(), recStartTime.Nanosecond(), loc),
+			EndTime:    recEndTime,
+			Duration:   aux.Recurrence.Duration,
+			RepeatType: aux.Recurrence.RepeatType,
+			RepeatOn:   aux.Recurrence.RepeatOn,
+		}
+	}
 	return nil
 }

pkg/types/ruletypes/schedule.go

@@ -11,8 +11,8 @@ import (
 
 type Schedule struct {
 	Timezone   string      `json:"timezone" required:"true"`
-	StartTime  time.Time   `json:"startTime" required:"true"`
-	EndTime    time.Time   `json:"endTime,omitzero"`
+	StartTime  time.Time   `json:"startTime,omitempty"`
+	EndTime    time.Time   `json:"endTime,omitempty"`
 	Recurrence *Recurrence `json:"recurrence"`
 }
 

pkg/types/tagtypes/store.go

@@ -0,0 +1,24 @@
+package tagtypes
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type Store interface {
+	List(ctx context.Context, orgID valuer.UUID) ([]*Tag, error)
+
+	ListByEntity(ctx context.Context, entityID valuer.UUID) ([]*Tag, error)
+
+	// Create upserts the given tags and returns them with authoritative IDs.
+	// On conflict on (org_id, internal_name) — which happens only when a
+	// concurrent insert raced ours — the returned entry carries the existing
+	// row's ID rather than the pre-generated one in the input.
+	Create(ctx context.Context, tags []*Tag) ([]*Tag, error)
+
+	// CreateRelations inserts tag-entity relations. Conflicts on the composite primary key are ignored.
+	CreateRelations(ctx context.Context, relations []*TagRelation) error
+
+	DeleteRelationsExcept(ctx context.Context, entityID valuer.UUID, keepTagIDs []valuer.UUID) error
+}

pkg/types/tagtypes/tag.go

@@ -0,0 +1,197 @@
+package tagtypes
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+)
+
+const (
+	// separator users type in the display name (e.g. "team/blr").
+	HierarchySeparator = "/"
+
+	// separator used in internal_name. Different from HierarchySeparator
+	// because "/" is reserved by the access control layer.
+	InternalSeparator = "::"
+)
+
+var (
+	ErrCodeTagInvalidName = errors.MustNewCode("tag_invalid_name")
+	ErrCodeTagNotFound    = errors.MustNewCode("tag_not_found")
+)
+
+type Tag struct {
+	bun.BaseModel `bun:"table:tag,alias:tag"`
+
+	types.Identifiable
+	types.TimeAuditable
+	types.UserAuditable
+	Name         string      `json:"name" required:"true" bun:"name,type:text,notnull"`
+	InternalName string      `json:"internalName" required:"true" bun:"internal_name,type:text,notnull,unique:org_id_internal_name"`
+	OrgID        valuer.UUID `json:"orgId" required:"true" bun:"org_id,type:text,notnull,unique:org_id_internal_name"`
+}
+
+type PostableTag struct {
+	Name string `json:"name" required:"true"`
+}
+
+type GettableTag struct {
+	Name string `json:"name" required:"true"`
+}
+
+func NewGettableTagFromTag(tag *Tag) *GettableTag {
+	return &GettableTag{Name: tag.Name}
+}
+
+func NewGettableTagsFromTags(tags []*Tag) []*GettableTag {
+	out := make([]*GettableTag, len(tags))
+	for i, t := range tags {
+		out[i] = NewGettableTagFromTag(t)
+	}
+	return out
+}
+
+func NewTag(orgID valuer.UUID, name string, internalName string, createdBy string) *Tag {
+	now := time.Now()
+	return &Tag{
+		Identifiable: types.Identifiable{ID: valuer.GenerateUUID()},
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: now,
+			UpdatedAt: now,
+		},
+		UserAuditable: types.UserAuditable{
+			CreatedBy: createdBy,
+			UpdatedBy: createdBy,
+		},
+		Name:         name,
+		InternalName: internalName,
+		OrgID:        orgID,
+	}
+}
+
+// Resolve canonicalizes a batch of user-supplied tag names against the existing
+// tags for an org. Existing parent tags' casing is reused so that
+// "teams/blr/platform" inherits the "BLR" casing from a pre-existing
+// "teams/BLR". Inputs are deduped by internal name. Returns:
+//   - toCreate: new Tag rows the caller should insert (with pre-generated IDs)
+//   - matched: existing rows that the caller's input already pointed to. They
+//     already carry authoritative IDs from the store.
+func Resolve(ctx context.Context, store Store, orgID valuer.UUID, postable []PostableTag, createdBy string) ([]*Tag, []*Tag, error) {
+	if len(postable) == 0 {
+		return nil, nil, nil
+	}
+
+	existing, err := store.List(ctx, orgID)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	internalNameToExistingTag := make(map[string]*Tag, len(existing))
+	for _, t := range existing {
+		internalNameToExistingTag[t.InternalName] = t
+	}
+
+	seen := make(map[string]struct{}, len(postable))
+	toCreate := make([]*Tag, 0)
+	matched := make([]*Tag, 0)
+
+	for _, p := range postable {
+		cleanedName, err := cleanupName(p.Name)
+		if err != nil {
+			return nil, nil, err
+		}
+		matchedName, matchedInternalName := matchCasingWithExistingTags(cleanedName, existing)
+		if _, dup := seen[matchedInternalName]; dup {
+			continue
+		}
+		seen[matchedInternalName] = struct{}{}
+
+		if existingTag, ok := internalNameToExistingTag[matchedInternalName]; ok {
+			matched = append(matched, existingTag)
+			continue
+		}
+		toCreate = append(toCreate, NewTag(orgID, matchedName, matchedInternalName, createdBy))
+	}
+
+	return toCreate, matched, nil
+}
+
+func cleanupName(name string) (string, error) {
+	trimmed := strings.TrimSpace(name)
+	raw := strings.Split(trimmed, HierarchySeparator)
+	segments := make([]string, 0, len(raw))
+	for _, seg := range raw {
+		seg = strings.TrimSpace(seg)
+		if seg == "" {
+			continue
+		}
+		segments = append(segments, seg)
+	}
+	if len(segments) == 0 {
+		return "", errors.Newf(errors.TypeInvalidInput, ErrCodeTagInvalidName, "tag name cannot be empty")
+	}
+
+	for _, seg := range segments {
+		if strings.Contains(seg, InternalSeparator) {
+			return "", errors.Newf(errors.TypeInvalidInput, ErrCodeTagInvalidName, "tag name segment %q cannot contain %q", seg, InternalSeparator)
+		}
+	}
+
+	return strings.Join(segments, HierarchySeparator), nil
+}
+
+func buildInternalName(cleanedName string) string {
+	return strings.ToLower(strings.ReplaceAll(cleanedName, HierarchySeparator, InternalSeparator))
+}
+
+// matchCasingWithExistingTags returns the display name and internal name to use for
+// a user-supplied tag, given the existing tags in the org. If an existing tag
+// has the same internal name, its display name (casing) is reused. Otherwise
+// the existing tag with the longest segment-wise (case-insensitive) common
+// prefix lends its casing to the matching segments — the remaining input
+// segments keep the user-supplied casing. With no overlap, the input is
+// returned as-is.
+func matchCasingWithExistingTags(inputCleaned string, existing []*Tag) (canonicalName string, canonicalInternalName string) {
+	inputSegments := strings.Split(inputCleaned, HierarchySeparator)
+	inputInternal := buildInternalName(inputCleaned)
+
+	var bestMatch *Tag
+	bestMatchLen := 0
+	for _, tag := range existing {
+		if tag.InternalName == inputInternal {
+			return tag.Name, tag.InternalName
+		}
+		existingSegments := strings.Split(tag.Name, HierarchySeparator)
+		matchLen := commonSegmentPrefix(inputSegments, existingSegments)
+		if matchLen > bestMatchLen {
+			bestMatch = tag
+			bestMatchLen = matchLen
+		}
+	}
+
+	if bestMatch == nil {
+		return inputCleaned, inputInternal
+	}
+
+	existingSegments := strings.Split(bestMatch.Name, HierarchySeparator)
+	canonicalSegments := append(existingSegments[:bestMatchLen:bestMatchLen], inputSegments[bestMatchLen:]...)
+	canonical := strings.Join(canonicalSegments, HierarchySeparator)
+	return canonical, buildInternalName(canonical)
+}
+
+// returns 1 + (the index till which the two arrays are equal)
+// for eg ["a", "bcd", "efg", "h"] and ["a", "bcd", "ef"] returns 2
+func commonSegmentPrefix(a, b []string) int {
+	n := min(len(a), len(b))
+	for i := range n {
+		if !strings.EqualFold(a[i], b[i]) {
+			return i
+		}
+	}
+	return n
+}

pkg/types/tagtypes/tag_relation.go

@@ -0,0 +1,38 @@
+package tagtypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+)
+
+type EntityType struct{ valuer.String }
+
+func MustNewEntityType(name string) EntityType {
+	return EntityType{valuer.NewString(name)}
+}
+
+type TagRelation struct {
+	bun.BaseModel `bun:"table:tag_relations,alias:tag_relations"`
+
+	EntityType EntityType  `json:"entityType" required:"true" bun:"entity_type,type:text,notnull"`
+	EntityID   valuer.UUID `json:"entityId" required:"true" bun:"entity_id,pk,type:text,notnull"`
+	TagID      valuer.UUID `json:"tagId" required:"true" bun:"tag_id,pk,type:text,notnull"`
+	OrgID      valuer.UUID `json:"orgId" required:"true" bun:"org_id,type:text,notnull"`
+}
+
+func NewTagRelation(orgID valuer.UUID, entityType EntityType, entityID valuer.UUID, tagID valuer.UUID) *TagRelation {
+	return &TagRelation{
+		EntityType: entityType,
+		EntityID:   entityID,
+		TagID:      tagID,
+		OrgID:      orgID,
+	}
+}
+
+func NewTagRelations(orgID valuer.UUID, entityType EntityType, entityID valuer.UUID, tagIDs []valuer.UUID) []*TagRelation {
+	relations := make([]*TagRelation, 0, len(tagIDs))
+	for _, tagID := range tagIDs {
+		relations = append(relations, NewTagRelation(orgID, entityType, entityID, tagID))
+	}
+	return relations
+}

pkg/types/tagtypes/tag_test.go

@@ -0,0 +1,236 @@
+package tagtypes
+
+import (
+	"context"
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCleanupName(t *testing.T) {
+	tests := []struct {
+		name      string
+		input     string
+		want      string
+		wantError bool
+	}{
+		{name: "single segment", input: "prod", want: "prod"},
+		{name: "two segments", input: "team/blr", want: "team/blr"},
+		{name: "three segments", input: "team/BLR/platform", want: "team/BLR/platform"},
+		{name: "leading whitespace", input: "  prod", want: "prod"},
+		{name: "trailing whitespace", input: "prod  ", want: "prod"},
+		{name: "leading separator", input: "/prod", want: "prod"},
+		{name: "trailing separator", input: "prod/", want: "prod"},
+		{name: "consecutive separators collapsed", input: "team//blr", want: "team/blr"},
+		{name: "many separators collapsed", input: "team///blr////platform", want: "team/blr/platform"},
+		{name: "whitespace within segments", input: "team/ blr ", want: "team/blr"},
+		{name: "empty rejected", input: "", wantError: true},
+		{name: "only whitespace rejected", input: "   ", wantError: true},
+		{name: "only separators rejected", input: "///", wantError: true},
+		{name: "internal separator rejected", input: "team/foo::bar", wantError: true},
+	}
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got, err := cleanupName(tc.input)
+			if tc.wantError {
+				require.Error(t, err)
+				return
+			}
+			require.NoError(t, err)
+			assert.Equal(t, tc.want, got)
+		})
+	}
+}
+
+func TestBuildInternalName(t *testing.T) {
+	tests := []struct {
+		input string
+		want  string
+	}{
+		{input: "prod", want: "prod"},
+		{input: "Prod", want: "prod"},
+		{input: "team/BLR/platform", want: "team::blr::platform"},
+		{input: "TEAM/BLR", want: "team::blr"},
+	}
+	for _, tc := range tests {
+		t.Run(tc.input, func(t *testing.T) {
+			assert.Equal(t, tc.want, buildInternalName(tc.input))
+		})
+	}
+}
+
+func TestMatchCasingWithExistingTags(t *testing.T) {
+	existing := []*Tag{
+		{Name: "team/BLR", InternalName: "team::blr"},
+		{Name: "team/BLR/Pulse", InternalName: "team::blr::pulse"},
+		{Name: "Database", InternalName: "database"},
+	}
+
+	tests := []struct {
+		name             string
+		input            string
+		wantName         string
+		wantInternalName string
+	}{
+		{
+			name:             "exact match reuses casing",
+			input:            "team/blr",
+			wantName:         "team/BLR",
+			wantInternalName: "team::blr",
+		},
+		{
+			name:             "exact match reuses casing for deeper tag",
+			input:            "TEAM/blr/pulse",
+			wantName:         "team/BLR/Pulse",
+			wantInternalName: "team::blr::pulse",
+		},
+		{
+			name:             "prefix match reuses prefix casing and keeps remainder",
+			input:            "team/blr/platform",
+			wantName:         "team/BLR/platform",
+			wantInternalName: "team::blr::platform",
+		},
+		{
+			name:             "longest prefix wins",
+			input:            "team/blr/pulse/sub",
+			wantName:         "team/BLR/Pulse/sub",
+			wantInternalName: "team::blr::pulse::sub",
+		},
+		{
+			name:             "no match returns input as-is",
+			input:            "Brand-New/Tag",
+			wantName:         "Brand-New/Tag",
+			wantInternalName: "brand-new::tag",
+		},
+		{
+			name:             "single segment exact match",
+			input:            "DATABASE",
+			wantName:         "Database",
+			wantInternalName: "database",
+		},
+		{
+			name:             "input that shares text but not segment boundary is not a prefix match",
+			input:            "teams/blr",
+			wantName:         "teams/blr",
+			wantInternalName: "teams::blr",
+		},
+		{
+			name:             "prefix of an existing tag",
+			input:            "TEAM",
+			wantName:         "team",
+			wantInternalName: "team",
+		},
+	}
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			cleaned, err := cleanupName(tc.input)
+			require.NoError(t, err)
+			gotName, gotInternal := matchCasingWithExistingTags(cleaned, existing)
+			assert.Equal(t, tc.wantName, gotName)
+			assert.Equal(t, tc.wantInternalName, gotInternal)
+		})
+	}
+}
+
+func TestMatchCasingWithExistingTags_NoTagsExist(t *testing.T) {
+	cleaned, err := cleanupName("Foo/Bar")
+	require.NoError(t, err)
+	name, internal := matchCasingWithExistingTags(cleaned, nil)
+	assert.Equal(t, "Foo/Bar", name)
+	assert.Equal(t, "foo::bar", internal)
+}
+
+type fakeStore struct {
+	tags          []*Tag
+	listCallCount int
+}
+
+func (f *fakeStore) List(_ context.Context, _ valuer.UUID) ([]*Tag, error) {
+	f.listCallCount++
+	out := make([]*Tag, len(f.tags))
+	copy(out, f.tags)
+	return out, nil
+}
+
+func (f *fakeStore) Create(_ context.Context, tags []*Tag) ([]*Tag, error) {
+	return tags, nil
+}
+
+func (f *fakeStore) CreateRelations(_ context.Context, _ []*TagRelation) error {
+	return nil
+}
+
+func (f *fakeStore) ListByEntity(_ context.Context, _ valuer.UUID) ([]*Tag, error) {
+	return nil, nil
+}
+
+func (f *fakeStore) DeleteRelationsExcept(_ context.Context, _ valuer.UUID, _ []valuer.UUID) error {
+	return nil
+}
+
+func TestResolve(t *testing.T) {
+	t.Run("empty input does not hit store", func(t *testing.T) {
+		store := &fakeStore{}
+		toCreate, matched, err := Resolve(context.Background(), store, valuer.GenerateUUID(), nil, "u@signoz.io")
+		require.NoError(t, err)
+		assert.Empty(t, toCreate)
+		assert.Empty(t, matched)
+		assert.Zero(t, store.listCallCount, "should not hit store when input is empty")
+	})
+
+	t.Run("creates missing tags and reuses existing", func(t *testing.T) {
+		orgID := valuer.GenerateUUID()
+		dbTag := NewTag(orgID, "team/BLR", "team::blr", "seed")
+		dbTag2 := NewTag(orgID, "Database", "database", "seed")
+		store := &fakeStore{tags: []*Tag{dbTag, dbTag2}}
+
+		toCreate, matched, err := Resolve(context.Background(), store, orgID, []PostableTag{
+			{Name: "team/blr/platform"},
+			{Name: "DATABASE"},
+			{Name: "Brand-New"},
+		}, "u@signoz.io")
+		require.NoError(t, err)
+
+		createdInternalNames := []string{}
+		createdNames := map[string]string{}
+		for _, tg := range toCreate {
+			createdInternalNames = append(createdInternalNames, tg.InternalName)
+			createdNames[tg.InternalName] = tg.Name
+		}
+		assert.ElementsMatch(t, []string{"team::blr::platform", "brand-new"}, createdInternalNames,
+			"only the two missing tags should be returned for insertion")
+		assert.Equal(t, "team/BLR/platform", createdNames["team::blr::platform"], "should inherit casing from existing parent")
+		assert.Equal(t, "Brand-New", createdNames["brand-new"], "should keep input casing when no existing match")
+
+		require.Len(t, matched, 1, "DATABASE should hit the existing 'Database' tag")
+		assert.Same(t, dbTag2, matched[0], "matched should return the existing pointer with its authoritative ID")
+	})
+
+	t.Run("dedupes inputs that map to the same internal name", func(t *testing.T) {
+		orgID := valuer.GenerateUUID()
+		store := &fakeStore{}
+
+		toCreate, matched, err := Resolve(context.Background(), store, orgID, []PostableTag{
+			{Name: "Foo/Bar"},
+			{Name: "foo/bar"},
+			{Name: "FOO/BAR"},
+		}, "u@signoz.io")
+		require.NoError(t, err)
+
+		require.Empty(t, matched)
+		require.Len(t, toCreate, 1, "duplicate inputs must collapse into a single insert")
+		assert.Equal(t, "Foo/Bar", toCreate[0].Name)
+		assert.Equal(t, "foo::bar", toCreate[0].InternalName)
+	})
+
+	t.Run("propagates validation error from any input", func(t *testing.T) {
+		store := &fakeStore{}
+		_, _, err := Resolve(context.Background(), store, valuer.GenerateUUID(), []PostableTag{
+			{Name: "valid"},
+			{Name: ""},
+		}, "u@signoz.io")
+		require.Error(t, err)
+	})
+}

tests/integration/tests/callbackauthn/01_domain.py

@@ -86,7 +86,7 @@ def test_create_and_get_domain(
             "domain-google.integration.test",
             "domain-saml.integration.test",
         ]
-        assert domain["ssoType"] in ["google_auth", "saml"]
+        assert domain["config"]["ssoType"] in ["google_auth", "saml"]
 
 
 def test_create_invalid(

tests/integration/tests/dashboard/03_v2_dashboard.py

@@ -0,0 +1,191 @@
+import json
+from collections.abc import Callable
+from http import HTTPStatus
+from pathlib import Path
+
+import requests
+
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
+from fixtures.types import Operation, SigNoz
+
+_PERSES_FIXTURE = (
+    Path(__file__).parents[4]
+    / "pkg/types/dashboardtypes/dashboardtypesv2/testdata/perses.json"
+)
+
+
+def _post_dashboard(signoz: SigNoz, token: str, body: dict) -> requests.Response:
+    return requests.post(
+        signoz.self.host_configs["8080"].get("/api/v2/dashboards"),
+        json=body,
+        headers={"Authorization": f"Bearer {token}"},
+        timeout=2,
+    )
+
+
+def test_empty_body_rejected_for_missing_schema_version(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(signoz, admin_token, {})
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["status"] == "error"
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == 'metadata.schemaVersion must be "v6", got ""'
+
+
+def test_missing_display_name_rejected(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(signoz, admin_token, {"metadata": {"schemaVersion": "v6"}})
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["status"] == "error"
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == "data.display.name is required"
+
+
+def test_minimal_valid_body_creates_dashboard(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {"display": {"name": "test name"}},
+        },
+    )
+
+    assert response.status_code == HTTPStatus.CREATED
+    body = response.json()
+    assert body["status"] == "success"
+    data = body["data"]
+    assert data["info"]["data"]["display"]["name"] == "test name"
+    assert data["info"]["metadata"]["schemaVersion"] == "v6"
+
+
+def test_unknown_root_field_rejected(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {"display": {"name": "test name"}},
+            "unknownfieldattheroot": "shouldgiveanerror",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["status"] == "error"
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == 'json: unknown field "unknownfieldattheroot"'
+
+
+def test_unknown_nested_field_rejected(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {
+                "display": {
+                    "name": "test name",
+                    "unknownfieldinside": "shouldgiveanerror",
+                },
+            },
+        },
+    )
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["status"] == "error"
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == 'json: unknown field "unknownfieldinside"'
+
+
+def test_perses_fixture_creates_dashboard(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    """The perses.json fixture is the kitchen-sink dashboard the schema tests
+    use; round-tripping it through the create API exercises the full plugin
+    surface end-to-end."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    data = json.loads(_PERSES_FIXTURE.read_text())
+    response = _post_dashboard(
+        signoz,
+        admin_token,
+        {"metadata": {"schemaVersion": "v6"}, "data": data},
+    )
+
+    assert response.status_code == HTTPStatus.CREATED
+    body = response.json()
+    assert body["status"] == "success"
+    assert body["data"]["info"]["data"]["display"]["name"] == data["display"]["name"]
+
+
+def test_tag_casing_is_inherited_from_existing_parent(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    """A second dashboard tagged with a sibling under a casing-variant parent
+    path should adopt the existing parent's casing while keeping the
+    user-supplied casing for the new leaf segment."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    first = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {"display": {"name": "dac"}},
+            "tags": [{"name": "engineering/US/NYC"}],
+        },
+    )
+    assert first.status_code == HTTPStatus.CREATED
+    first_tags = first.json()["data"]["info"]["tags"]
+    assert first_tags == [{"name": "engineering/US/NYC"}]
+
+    second = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {"display": {"name": "dac"}},
+            "tags": [{"name": "engineering/us/SF"}],
+        },
+    )
+    assert second.status_code == HTTPStatus.CREATED
+    second_tags = second.json()["data"]["info"]["tags"]
+    assert second_tags == [{"name": "engineering/US/SF"}]