chore: add flag for ai observability (#11806)

* chore: add flag for ai observability

* chore: add enable prefix

docs/api/openapi.yml

@@ -659,6 +659,29 @@ components:
         refreshToken:
           type: string
       type: object
+    AuthtypesPostableUser:
+      properties:
+        displayName:
+          type: string
+        email:
+          type: string
+        frontendBaseUrl:
+          type: string
+        userRoles:
+          items:
+            $ref: '#/components/schemas/AuthtypesPostableUserRole'
+          type: array
+      required:
+      - email
+      - userRoles
+      type: object
+    AuthtypesPostableUserRole:
+      properties:
+        id:
+          type: string
+      required:
+      - id
+      type: object
     AuthtypesRelation:
       enum:
       - create
@@ -10183,7 +10206,7 @@ paths:
       - global
   /api/v1/invite:
     post:
-      deprecated: false
+      deprecated: true
       description: This endpoint creates an invite for a user
       operationId: CreateInvite
       requestBody:
@@ -10246,7 +10269,7 @@ paths:
       - users
   /api/v1/invite/bulk:
     post:
-      deprecated: false
+      deprecated: true
       description: This endpoint creates a bulk invite for a user
       operationId: CreateBulkInvite
       requestBody:
@@ -13087,7 +13110,7 @@ paths:
       - tracedetail
   /api/v1/user:
     get:
-      deprecated: false
+      deprecated: true
       description: This endpoint lists all users
       operationId: ListUsersDeprecated
       responses:
@@ -13180,7 +13203,7 @@ paths:
       tags:
       - users
     get:
-      deprecated: false
+      deprecated: true
       description: This endpoint returns the user by id
       operationId: GetUserDeprecated
       parameters:
@@ -13237,7 +13260,7 @@ paths:
       tags:
       - users
     put:
-      deprecated: false
+      deprecated: true
       description: This endpoint updates the user by id
       operationId: UpdateUserDeprecated
       parameters:
@@ -13306,7 +13329,7 @@ paths:
       - users
   /api/v1/user/me:
     get:
-      deprecated: false
+      deprecated: true
       description: This endpoint returns the user I belong to
       operationId: GetMyUserDeprecated
       responses:
@@ -20722,6 +20745,68 @@ paths:
       summary: List users v2
       tags:
       - users
+    post:
+      deprecated: false
+      description: This endpoint creates a user for the organization
+      operationId: CreateUser
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthtypesPostableUser'
+      responses:
+        "201":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/TypesIdentifiable'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: Created
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "409":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Conflict
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - ADMIN
+      - tokenizer:
+        - ADMIN
+      summary: Create user
+      tags:
+      - users
   /api/v2/users/{id}:
     get:
       deprecated: false

ee/query-service/app/api/featureFlags.go

@@ -98,6 +98,15 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 		Route:      "",
 	})
 
+	aiObservability := ah.Signoz.Flagger.BooleanOrEmpty(ctx, flagger.FeatureEnableAIObservability, evalCtx)
+	featureSet = append(featureSet, &licensetypes.Feature{
+		Name:       valuer.NewString(flagger.FeatureEnableAIObservability.String()),
+		Active:     aiObservability,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	})
+
 	if constants.IsDotMetricsEnabled {
 		for idx, feature := range featureSet {
 			if feature.Name == licensetypes.DotMetricsEnabled {

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -2258,6 +2258,32 @@ export interface AuthtypesPostableRotateTokenDTO {
 	refreshToken?: string;
 }
 
+export interface AuthtypesPostableUserRoleDTO {
+	/**
+	 * @type string
+	 */
+	id: string;
+}
+
+export interface AuthtypesPostableUserDTO {
+	/**
+	 * @type string
+	 */
+	displayName?: string;
+	/**
+	 * @type string
+	 */
+	email: string;
+	/**
+	 * @type string
+	 */
+	frontendBaseUrl?: string;
+	/**
+	 * @type array
+	 */
+	userRoles: AuthtypesPostableUserRoleDTO[];
+}
+
 export interface AuthtypesRoleDTO {
 	/**
 	 * @type string
@@ -10807,6 +10833,14 @@ export type ListUsers200 = {
 	status: string;
 };
 
+export type CreateUser201 = {
+	data: TypesIdentifiableDTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
 export type GetUserPathParameters = {
 	id: string;
 };

frontend/src/api/generated/services/users/index.ts

@@ -18,9 +18,11 @@ import type {
 } from 'react-query';
 
 import type {
+	AuthtypesPostableUserDTO,
 	CreateInvite201,
 	CreateResetPasswordToken201,
 	CreateResetPasswordTokenPathParameters,
+	CreateUser201,
 	DeleteUserPathParameters,
 	GetMyUser200,
 	GetMyUserDeprecated200,
@@ -169,6 +171,7 @@ export const invalidateGetResetPasswordTokenDeprecated = async (
 
 /**
  * This endpoint creates an invite for a user
+ * @deprecated
  * @summary Create invite
  */
 export const createInvite = (
@@ -230,6 +233,7 @@ export type CreateInviteMutationBody =
 export type CreateInviteMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
+ * @deprecated
  * @summary Create invite
  */
 export const useCreateInvite = <
@@ -252,6 +256,7 @@ export const useCreateInvite = <
 };
 /**
  * This endpoint creates a bulk invite for a user
+ * @deprecated
  * @summary Create bulk invite
  */
 export const createBulkInvite = (
@@ -313,6 +318,7 @@ export type CreateBulkInviteMutationBody =
 export type CreateBulkInviteMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
+ * @deprecated
  * @summary Create bulk invite
  */
 export const useCreateBulkInvite = <
@@ -418,6 +424,7 @@ export const useResetPassword = <
 };
 /**
  * This endpoint lists all users
+ * @deprecated
  * @summary List users
  */
 export const listUsersDeprecated = (signal?: AbortSignal) => {
@@ -463,6 +470,7 @@ export type ListUsersDeprecatedQueryResult = NonNullable<
 export type ListUsersDeprecatedQueryError = ErrorType<RenderErrorResponseDTO>;
 
 /**
+ * @deprecated
  * @summary List users
  */
 
@@ -486,6 +494,7 @@ export function useListUsersDeprecated<
 }
 
 /**
+ * @deprecated
  * @summary List users
  */
 export const invalidateListUsersDeprecated = async (
@@ -581,6 +590,7 @@ export const useDeleteUser = <
 };
 /**
  * This endpoint returns the user by id
+ * @deprecated
  * @summary Get user
  */
 export const getUserDeprecated = (
@@ -640,6 +650,7 @@ export type GetUserDeprecatedQueryResult = NonNullable<
 export type GetUserDeprecatedQueryError = ErrorType<RenderErrorResponseDTO>;
 
 /**
+ * @deprecated
  * @summary Get user
  */
 
@@ -666,6 +677,7 @@ export function useGetUserDeprecated<
 }
 
 /**
+ * @deprecated
  * @summary Get user
  */
 export const invalidateGetUserDeprecated = async (
@@ -683,6 +695,7 @@ export const invalidateGetUserDeprecated = async (
 
 /**
  * This endpoint updates the user by id
+ * @deprecated
  * @summary Update user
  */
 export const updateUserDeprecated = (
@@ -755,6 +768,7 @@ export type UpdateUserDeprecatedMutationError =
 	ErrorType<RenderErrorResponseDTO>;
 
 /**
+ * @deprecated
  * @summary Update user
  */
 export const useUpdateUserDeprecated = <
@@ -783,6 +797,7 @@ export const useUpdateUserDeprecated = <
 };
 /**
  * This endpoint returns the user I belong to
+ * @deprecated
  * @summary Get my user
  */
 export const getMyUserDeprecated = (signal?: AbortSignal) => {
@@ -828,6 +843,7 @@ export type GetMyUserDeprecatedQueryResult = NonNullable<
 export type GetMyUserDeprecatedQueryError = ErrorType<RenderErrorResponseDTO>;
 
 /**
+ * @deprecated
  * @summary Get my user
  */
 
@@ -851,6 +867,7 @@ export function useGetMyUserDeprecated<
 }
 
 /**
+ * @deprecated
  * @summary Get my user
  */
 export const invalidateGetMyUserDeprecated = async (
@@ -1209,6 +1226,89 @@ export const invalidateListUsers = async (
 	return queryClient;
 };
 
+/**
+ * This endpoint creates a user for the organization
+ * @summary Create user
+ */
+export const createUser = (
+	authtypesPostableUserDTO?: BodyType<AuthtypesPostableUserDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateUser201>({
+		url: `/api/v2/users`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: authtypesPostableUserDTO,
+		signal,
+	});
+};
+
+export const getCreateUserMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createUser>>,
+		TError,
+		{ data?: BodyType<AuthtypesPostableUserDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createUser>>,
+	TError,
+	{ data?: BodyType<AuthtypesPostableUserDTO> },
+	TContext
+> => {
+	const mutationKey = ['createUser'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createUser>>,
+		{ data?: BodyType<AuthtypesPostableUserDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return createUser(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreateUserMutationResult = NonNullable<
+	Awaited<ReturnType<typeof createUser>>
+>;
+export type CreateUserMutationBody =
+	| BodyType<AuthtypesPostableUserDTO>
+	| undefined;
+export type CreateUserMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Create user
+ */
+export const useCreateUser = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createUser>>,
+		TError,
+		{ data?: BodyType<AuthtypesPostableUserDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createUser>>,
+	TError,
+	{ data?: BodyType<AuthtypesPostableUserDTO> },
+	TContext
+> => {
+	return useMutation(getCreateUserMutationOptions(options));
+};
 /**
  * This endpoint returns the user by id
  * @summary Get user by user id

frontend/src/constants/features.ts

@@ -12,4 +12,5 @@ export enum FeatureKeys {
 	USE_JSON_BODY = 'use_json_body',
 	USE_FINE_GRAINED_AUTHZ = 'use_fine_grained_authz',
 	USE_DASHBOARD_V2 = 'use_dashboard_v2',
+	EMABLE_AI_OBSERVABILITY = 'enable_ai_observability',
 }

pkg/apiserver/signozapiserver/user.go

@@ -21,7 +21,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
-		Deprecated:          false,
+		Deprecated:          true,
 		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
@@ -37,7 +37,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Response:           nil,
 		SuccessStatusCode:  http.StatusCreated,
 		ErrorStatusCodes:   []int{http.StatusBadRequest, http.StatusConflict},
-		Deprecated:         false,
+		Deprecated:         true,
 		SecuritySchemes:    newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
@@ -54,7 +54,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
+		Deprecated:          true,
 		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
@@ -88,7 +88,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
+		Deprecated:          true,
 		SecuritySchemes:     []handler.OpenAPISecurityScheme{{Name: authtypes.IdentNProviderTokenizer.StringValue()}},
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
@@ -111,6 +111,23 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		return err
 	}
 
+	if err := router.Handle("/api/v2/users", handler.New(provider.authzMiddleware.AdminAccess(provider.userHandler.CreateUser), handler.OpenAPIDef{
+		ID:                  "CreateUser",
+		Tags:                []string{"users"},
+		Summary:             "Create user",
+		Description:         "This endpoint creates a user for the organization",
+		Request:             new(authtypes.PostableUser),
+		RequestContentType:  "application/json",
+		Response:            new(types.Identifiable),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusCreated,
+		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v2/users/me", handler.New(provider.authzMiddleware.OpenAccess(provider.userHandler.UpdateMyUser), handler.OpenAPIDef{
 		ID:                  "UpdateMyUserV2",
 		Tags:                []string{"users"},
@@ -139,7 +156,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
-		Deprecated:          false,
+		Deprecated:          true,
 		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
@@ -173,7 +190,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		ResponseContentType: "application/json",
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
-		Deprecated:          false,
+		Deprecated:          true,
 		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err

pkg/flagger/registry.go

@@ -3,15 +3,16 @@ package flagger
 import "github.com/SigNoz/signoz/pkg/types/featuretypes"
 
 var (
-	FeatureUseSpanMetrics      = featuretypes.MustNewName("use_span_metrics")
-	FeatureKafkaSpanEval       = featuretypes.MustNewName("kafka_span_eval")
-	FeatureHideRootUser        = featuretypes.MustNewName("hide_root_user")
-	FeatureGetMetersFromZeus   = featuretypes.MustNewName("get_meters_from_zeus")
-	FeaturePutMetersInZeus     = featuretypes.MustNewName("put_meters_in_zeus")
-	FeatureUseMeterReporter    = featuretypes.MustNewName("use_meter_reporter")
-	FeatureUseJSONBody         = featuretypes.MustNewName("use_json_body")
-	FeatureUseFineGrainedAuthz = featuretypes.MustNewName("use_fine_grained_authz")
-	FeatureUseDashboardV2      = featuretypes.MustNewName("use_dashboard_v2")
+	FeatureUseSpanMetrics        = featuretypes.MustNewName("use_span_metrics")
+	FeatureKafkaSpanEval         = featuretypes.MustNewName("kafka_span_eval")
+	FeatureHideRootUser          = featuretypes.MustNewName("hide_root_user")
+	FeatureGetMetersFromZeus     = featuretypes.MustNewName("get_meters_from_zeus")
+	FeaturePutMetersInZeus       = featuretypes.MustNewName("put_meters_in_zeus")
+	FeatureUseMeterReporter      = featuretypes.MustNewName("use_meter_reporter")
+	FeatureUseJSONBody           = featuretypes.MustNewName("use_json_body")
+	FeatureUseFineGrainedAuthz   = featuretypes.MustNewName("use_fine_grained_authz")
+	FeatureUseDashboardV2        = featuretypes.MustNewName("use_dashboard_v2")
+	FeatureEnableAIObservability = featuretypes.MustNewName("enable_ai_observability")
 )
 
 func MustNewRegistry() featuretypes.Registry {
@@ -88,6 +89,14 @@ func MustNewRegistry() featuretypes.Registry {
 			DefaultVariant: featuretypes.MustNewName("disabled"),
 			Variants:       featuretypes.NewBooleanVariants(),
 		},
+		&featuretypes.Feature{
+			Name:           FeatureEnableAIObservability,
+			Kind:           featuretypes.KindBoolean,
+			Stage:          featuretypes.StageExperimental,
+			Description:    "Controls whether ai observability is enabled",
+			DefaultVariant: featuretypes.MustNewName("disabled"),
+			Variants:       featuretypes.NewBooleanVariants(),
+		},
 	)
 	if err != nil {
 		panic(err)

pkg/modules/user/impluser/handler.go

@@ -25,6 +25,42 @@ func NewHandler(setter root.Setter, getter root.Getter) root.Handler {
 	return &handler{setter: setter, getter: getter}
 }
 
+func (handler *handler) CreateUser(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := new(authtypes.PostableUser)
+	if err := binding.JSON.BindBody(r.Body, req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	user, err := types.NewUser(req.DisplayName, req.Email, valuer.MustNewUUID(claims.OrgID), types.UserStatusPendingInvite)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	roleIDs := make([]valuer.UUID, 0, len(req.UserRoles))
+	for _, role := range req.UserRoles {
+		roleIDs = append(roleIDs, role.ID)
+	}
+
+	user, err = handler.setter.CreatePendingInviteUser(ctx, valuer.MustNewUUID(claims.IdentityID()), valuer.MustNewEmail(claims.Email), req.FrontendBaseUrl, user, root.WithRoleIDs(roleIDs))
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusCreated, types.Identifiable{ID: user.ID})
+}
+
 func (handler *handler) CreateInvite(rw http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()

pkg/modules/user/impluser/setter.go

@@ -215,6 +215,67 @@ func (module *setter) CreateUser(ctx context.Context, user *types.User, opts ...
 	return nil
 }
 
+func (module *setter) CreatePendingInviteUser(ctx context.Context, identityID valuer.UUID, identityEmail valuer.Email, frontendBaseURL string, user *types.User, opts ...root.CreateUserOption) (*types.User, error) {
+	if err := user.ErrIfNotPending(); err != nil {
+		return nil, err
+	}
+
+	createUserOpts := root.NewCreateUserOptions(opts...)
+
+	roleNames := createUserOpts.RoleNames
+	if len(createUserOpts.RoleIDs) > 0 {
+		roles, err := module.authz.ListByOrgIDAndIDs(ctx, user.OrgID, createUserOpts.RoleIDs)
+		if err != nil {
+			return nil, err
+		}
+		for _, role := range roles {
+			roleNames = append(roleNames, role.Name)
+		}
+	}
+
+	var resetPasswordToken *types.ResetPasswordToken
+	if err := module.store.RunInTx(ctx, func(ctx context.Context) error {
+		if err := module.createUserWithoutGrant(ctx, user, root.WithRoleNames(roleNames), root.WithFactorPassword(createUserOpts.FactorPassword)); err != nil {
+			return err
+		}
+
+		token, err := module.GetOrCreateResetPasswordToken(ctx, user.ID)
+		if err != nil {
+			return err
+		}
+		resetPasswordToken = token
+
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	module.analytics.TrackUser(ctx, user.OrgID.String(), identityID.String(), "Invite Sent", map[string]any{
+		"invitee_email": user.Email,
+		"invitee_role":  roleNames,
+	})
+
+	if frontendBaseURL == "" {
+		module.settings.Logger().InfoContext(ctx, "frontend base url is not provided, skipping email", slog.Any("invitee_email", user.Email))
+		return user, nil
+	}
+
+	resetLink := resetPasswordToken.FactorPasswordResetLink(frontendBaseURL)
+
+	tokenLifetime := module.config.Password.Invite.MaxTokenLifetime
+	humanizedTokenLifetime := strings.TrimSpace(humanize.RelTime(time.Now(), time.Now().Add(tokenLifetime), "", ""))
+
+	if err := module.emailing.SendHTML(ctx, user.Email.String(), "You're Invited to Join SigNoz", emailtypes.TemplateNameInvitationEmail, map[string]any{
+		"inviter_email": identityEmail.StringValue(),
+		"link":          resetLink,
+		"Expiry":        humanizedTokenLifetime,
+	}); err != nil {
+		module.settings.Logger().ErrorContext(ctx, "failed to send invite email", errors.Attr(err))
+	}
+
+	return user, nil
+}
+
 func (module *setter) UpdateUserDeprecated(ctx context.Context, orgID valuer.UUID, id string, user *types.DeprecatedUser) (*types.DeprecatedUser, error) {
 	claims, err := authtypes.ClaimsFromContext(ctx)
 	if err != nil {

pkg/modules/user/option.go

@@ -8,6 +8,7 @@ import (
 type createUserOptions struct {
 	FactorPassword *types.FactorPassword
 	RoleNames      []string
+	RoleIDs        []valuer.UUID
 }
 
 type CreateUserOption func(*createUserOptions)
@@ -24,6 +25,12 @@ func WithRoleNames(roleNames []string) CreateUserOption {
 	}
 }
 
+func WithRoleIDs(roleIDs []valuer.UUID) CreateUserOption {
+	return func(o *createUserOptions) {
+		o.RoleIDs = roleIDs
+	}
+}
+
 func NewCreateUserOptions(opts ...CreateUserOption) *createUserOptions {
 	o := &createUserOptions{
 		FactorPassword: nil,

pkg/modules/user/user.go

@@ -45,6 +45,9 @@ type Setter interface {
 	// invite
 	CreateBulkInvite(ctx context.Context, orgID valuer.UUID, identityID valuer.UUID, identityEmail valuer.Email, bulkInvites *types.PostableBulkInviteRequest) ([]*types.Invite, error)
 
+	// Creates a pending invite user with the roles given via opts and emails them the invite link.
+	CreatePendingInviteUser(ctx context.Context, identityID valuer.UUID, identityEmail valuer.Email, frontendBaseURL string, user *types.User, opts ...CreateUserOption) (*types.User, error)
+
 	// Roles
 	UpdateUserRoles(ctx context.Context, orgID, userID valuer.UUID, finalRoleNames []string) error
 	AddUserRole(ctx context.Context, orgID, userID valuer.UUID, roleName string) error
@@ -107,6 +110,7 @@ type Handler interface {
 	// users
 	ListUsersDeprecated(http.ResponseWriter, *http.Request)
 	ListUsers(http.ResponseWriter, *http.Request)
+	CreateUser(http.ResponseWriter, *http.Request)
 	UpdateUserDeprecated(http.ResponseWriter, *http.Request)
 	UpdateUser(http.ResponseWriter, *http.Request)
 	DeleteUser(http.ResponseWriter, *http.Request)

pkg/query-service/app/http_handler.go

@@ -1678,6 +1678,15 @@ func (aH *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 		Route:      "",
 	})
 
+	aiObservability := aH.Signoz.Flagger.BooleanOrEmpty(r.Context(), flagger.FeatureEnableAIObservability, evalCtx)
+	featureSet = append(featureSet, &licensetypes.Feature{
+		Name:       valuer.NewString(flagger.FeatureEnableAIObservability.String()),
+		Active:     aiObservability,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	})
+
 	if constants.IsDotMetricsEnabled {
 		for idx, feature := range featureSet {
 			if feature.Name == licensetypes.DotMetricsEnabled {

pkg/types/authtypes/user_role.go

@@ -2,6 +2,7 @@ package authtypes
 
 import (
 	"context"
+	"encoding/json"
 	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -13,6 +14,7 @@ import (
 var (
 	ErrCodeUserRoleAlreadyExists = errors.MustNewCode("user_role_already_exists")
 	ErrCodeUserRolesNotFound     = errors.MustNewCode("user_roles_not_found")
+	ErrCodeUserRoleInvalidInput  = errors.MustNewCode("user_role_invalid_input")
 )
 
 type UserRole struct {
@@ -28,6 +30,44 @@ type UserRole struct {
 	Role *Role `bun:"rel:belongs-to,join:role_id=id" json:"role" required:"true"`
 }
 
+type UserWithRoles struct {
+	*types.User
+	UserRoles []*UserRole `json:"userRoles"`
+}
+
+type PostableUser struct {
+	DisplayName     string              `json:"displayName"`
+	Email           valuer.Email        `json:"email" required:"true"`
+	FrontendBaseUrl string              `json:"frontendBaseUrl"`
+	UserRoles       []*PostableUserRole `json:"userRoles" required:"true" nullable:"false"`
+}
+
+type PostableUserRole struct {
+	ID valuer.UUID `json:"id" required:"true"`
+}
+
+func (p *PostableUser) UnmarshalJSON(data []byte) error {
+	type Alias PostableUser
+
+	var temp Alias
+	if err := json.Unmarshal(data, &temp); err != nil {
+		return err
+	}
+
+	if temp.UserRoles == nil {
+		return errors.New(errors.TypeInvalidInput, ErrCodeUserRoleInvalidInput, "userRoles is required").WithSuggestions("send an empty array to create user without role")
+	}
+
+	for _, role := range temp.UserRoles {
+		if role == nil {
+			return errors.New(errors.TypeInvalidInput, ErrCodeUserRoleInvalidInput, "userRoles cannot contain null entries")
+		}
+	}
+
+	*p = PostableUser(temp)
+	return nil
+}
+
 func newUserRole(userID valuer.UUID, roleID valuer.UUID) *UserRole {
 	return &UserRole{
 		ID:        valuer.GenerateUUID(),
@@ -48,11 +88,6 @@ func NewUserRoles(userID valuer.UUID, roles []*Role) []*UserRole {
 	return userRoles
 }
 
-type UserWithRoles struct {
-	*types.User
-	UserRoles []*UserRole `json:"userRoles"`
-}
-
 type UserRoleStore interface {
 	// create user roles in bulk
 	CreateUserRoles(ctx context.Context, userRoles []*UserRole) error

pkg/types/user.go

@@ -24,6 +24,7 @@ var (
 	ErrCodeRootUserOperationUnsupported = errors.MustNewCode("root_user_operation_unsupported")
 	ErrCodeUserStatusDeleted            = errors.MustNewCode("user_status_deleted")
 	ErrCodeUserStatusPendingInvite      = errors.MustNewCode("user_status_pending_invite")
+	ErrCodeUserStatusNotPendingInvite   = errors.MustNewCode("user_status_not_pending_invite")
 )
 
 var (
@@ -214,6 +215,15 @@ func (u *User) ErrIfPending() error {
 	return nil
 }
 
+// ErrIfNotPending returns an error if the user is not in pending invite state.
+// This error can be enriched with specific operation by the called using errors.WithAdditionalf.
+func (u *User) ErrIfNotPending() error {
+	if u.Status != UserStatusPendingInvite {
+		return errors.New(errors.TypeInvalidInput, ErrCodeUserStatusNotPendingInvite, "operation is only supported for pending invite user")
+	}
+	return nil
+}
+
 func NewTraitsFromUser(user *User) map[string]any {
 	return map[string]any{
 		"name":         user.DisplayName,