chore: add enable prefix

* fix(dashboard): clickhouse table panel collapses value columns onto query name

A table/scalar panel backed by a ClickHouse SQL query rendered every
aggregation column with the header "A" (the query name) and the same value in
each, while only the group columns (e.g. service.name) showed correctly.

Root cause: the scalar-response column-naming utils derive a value column's
display name and row-data key from request-side aggregation metadata, which
only exists for builder_query envelopes. A clickhouse_sql query has none, so
getColName/getColId fell through to the query name for every value column.
Sharing one id ("A") collapsed all value columns onto a single row key, so the
last column written (total_requests) overwrote the rest.

The backend already returns correct data: readAsScalar names each ClickHouse
SELECT column with its real SQL alias and a unique aggregationIndex. This is a
frontend-only consumption fix.

Fix: when a column belongs to a clickhouse_sql query (determined from the
request's query type, not a name heuristic), name and key it by the response
column's real SQL alias. Builder queries are unchanged; formulas/promql keep
the legend || queryName fallback. Applied to both the V1 converter
(convertV5Response.ts, the live table-panel path) and the V2 path
(prepareScalarTables.ts).

* chore: minor type fix

docs/api/openapi.yml

@@ -647,8 +647,12 @@ components:
           type: string
         name:
           type: string
+        transactionGroups:
+          $ref: '#/components/schemas/AuthtypesTransactionGroups'
       required:
       - name
+      - description
+      - transactionGroups
       type: object
     AuthtypesPostableRotateToken:
       properties:
@@ -703,6 +707,34 @@ components:
         useRoleAttribute:
           type: boolean
       type: object
+    AuthtypesRoleWithTransactionGroups:
+      properties:
+        createdAt:
+          format: date-time
+          type: string
+        description:
+          type: string
+        id:
+          type: string
+        name:
+          type: string
+        orgId:
+          type: string
+        transactionGroups:
+          $ref: '#/components/schemas/AuthtypesTransactionGroups'
+        type:
+          type: string
+        updatedAt:
+          format: date-time
+          type: string
+      required:
+      - id
+      - name
+      - description
+      - type
+      - orgId
+      - transactionGroups
+      type: object
     AuthtypesSamlConfig:
       properties:
         attributeMapping:
@@ -736,11 +768,35 @@ components:
       - relation
       - object
       type: object
+    AuthtypesTransactionGroup:
+      properties:
+        objectGroup:
+          $ref: '#/components/schemas/CoretypesObjectGroup'
+        relation:
+          $ref: '#/components/schemas/AuthtypesRelation'
+      required:
+      - relation
+      - objectGroup
+      type: object
+    AuthtypesTransactionGroups:
+      items:
+        $ref: '#/components/schemas/AuthtypesTransactionGroup'
+      type: array
     AuthtypesUpdatableAuthDomain:
       properties:
         config:
           $ref: '#/components/schemas/AuthtypesAuthDomainConfig'
       type: object
+    AuthtypesUpdatableRole:
+      properties:
+        description:
+          type: string
+        transactionGroups:
+          $ref: '#/components/schemas/AuthtypesTransactionGroups'
+      required:
+      - description
+      - transactionGroups
+      type: object
     AuthtypesUserRole:
       properties:
         createdAt:
@@ -3895,29 +3951,6 @@ components:
         enabled:
           type: boolean
       type: object
-    InframonitoringtypesAssociatedComponent:
-      properties:
-        name:
-          type: string
-        type:
-          $ref: '#/components/schemas/InframonitoringtypesOnboardingComponentType'
-      required:
-      - type
-      - name
-      type: object
-    InframonitoringtypesAttributesComponentEntry:
-      properties:
-        associatedComponent:
-          $ref: '#/components/schemas/InframonitoringtypesAssociatedComponent'
-        attributes:
-          items:
-            type: string
-          nullable: true
-          type: array
-      required:
-      - attributes
-      - associatedComponent
-      type: object
     InframonitoringtypesClusterRecord:
       properties:
         clusterCPU:
@@ -4267,57 +4300,6 @@ components:
       - requiredMetricsCheck
       - endTimeBeforeRetention
       type: object
-    InframonitoringtypesMetricsComponentEntry:
-      properties:
-        associatedComponent:
-          $ref: '#/components/schemas/InframonitoringtypesAssociatedComponent'
-        metrics:
-          items:
-            type: string
-          nullable: true
-          type: array
-      required:
-      - metrics
-      - associatedComponent
-      type: object
-    InframonitoringtypesMissingAttributesComponentEntry:
-      properties:
-        associatedComponent:
-          $ref: '#/components/schemas/InframonitoringtypesAssociatedComponent'
-        attributes:
-          items:
-            type: string
-          nullable: true
-          type: array
-        documentationLink:
-          type: string
-        message:
-          type: string
-      required:
-      - attributes
-      - associatedComponent
-      - message
-      - documentationLink
-      type: object
-    InframonitoringtypesMissingMetricsComponentEntry:
-      properties:
-        associatedComponent:
-          $ref: '#/components/schemas/InframonitoringtypesAssociatedComponent'
-        documentationLink:
-          type: string
-        message:
-          type: string
-        metrics:
-          items:
-            type: string
-          nullable: true
-          type: array
-      required:
-      - metrics
-      - associatedComponent
-      - message
-      - documentationLink
-      type: object
     InframonitoringtypesNamespaceRecord:
       properties:
         meta:
@@ -4442,71 +4424,6 @@ components:
       - requiredMetricsCheck
       - endTimeBeforeRetention
       type: object
-    InframonitoringtypesOnboarding:
-      properties:
-        missingDefaultEnabledMetrics:
-          items:
-            $ref: '#/components/schemas/InframonitoringtypesMissingMetricsComponentEntry'
-          nullable: true
-          type: array
-        missingOptionalMetrics:
-          items:
-            $ref: '#/components/schemas/InframonitoringtypesMissingMetricsComponentEntry'
-          nullable: true
-          type: array
-        missingRequiredAttributes:
-          items:
-            $ref: '#/components/schemas/InframonitoringtypesMissingAttributesComponentEntry'
-          nullable: true
-          type: array
-        presentDefaultEnabledMetrics:
-          items:
-            $ref: '#/components/schemas/InframonitoringtypesMetricsComponentEntry'
-          nullable: true
-          type: array
-        presentOptionalMetrics:
-          items:
-            $ref: '#/components/schemas/InframonitoringtypesMetricsComponentEntry'
-          nullable: true
-          type: array
-        presentRequiredAttributes:
-          items:
-            $ref: '#/components/schemas/InframonitoringtypesAttributesComponentEntry'
-          nullable: true
-          type: array
-        ready:
-          type: boolean
-        type:
-          $ref: '#/components/schemas/InframonitoringtypesOnboardingType'
-      required:
-      - type
-      - ready
-      - presentDefaultEnabledMetrics
-      - presentOptionalMetrics
-      - presentRequiredAttributes
-      - missingDefaultEnabledMetrics
-      - missingOptionalMetrics
-      - missingRequiredAttributes
-      type: object
-    InframonitoringtypesOnboardingComponentType:
-      enum:
-      - receiver
-      - processor
-      type: string
-    InframonitoringtypesOnboardingType:
-      enum:
-      - hosts
-      - processes
-      - pods
-      - nodes
-      - deployments
-      - daemonsets
-      - statefulsets
-      - jobs
-      - namespaces
-      - clusters
-      - volumes
-      type: string
     InframonitoringtypesPodCountsByPhase:
       properties:
         failed:
@@ -10392,6 +10309,15 @@ paths:
         name: limit
         schema:
           type: integer
+      - in: query
+        name: q
+        schema:
+          type: string
+      - in: query
+        name: isOverride
+        schema:
+          nullable: true
+          type: boolean
       responses:
         "200":
           content:
@@ -11197,7 +11123,7 @@ paths:
               schema:
                 properties:
                   data:
-                    $ref: '#/components/schemas/AuthtypesRole'
+                    $ref: '#/components/schemas/AuthtypesRoleWithTransactionGroups'
                   status:
                     type: string
                 required:
@@ -11232,7 +11158,7 @@ paths:
       tags:
       - role
     patch:
-      deprecated: false
+      deprecated: true
       description: This endpoint patches a role
       operationId: PatchRole
       parameters:
@@ -11293,6 +11219,68 @@ paths:
       summary: Patch role
       tags:
       - role
+    put:
+      deprecated: false
+      description: This endpoint updates a role
+      operationId: UpdateRole
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/AuthtypesUpdatableRole'
+      responses:
+        "204":
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "451":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unavailable For Legal Reasons
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+        "501":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Implemented
+      security:
+      - api_key:
+        - role:update
+      - tokenizer:
+        - role:update
+      summary: Update role
+      tags:
+      - role
   /api/v1/roles/{id}/relations/{relation}/objects:
     get:
       deprecated: false
@@ -11372,7 +11360,7 @@ paths:
       tags:
       - role
     patch:
-      deprecated: false
+      deprecated: true
       description: Patches the objects connected to the specified role via a given
         relation type
       operationId: PatchObjects
@@ -15328,72 +15316,6 @@ paths:
       summary: List Nodes for Infra Monitoring
       tags:
       - inframonitoring
-  /api/v2/infra_monitoring/onboarding:
-    get:
-      deprecated: false
-      description: 'Returns the per-tab readiness of the infra-monitoring section
-        selected by the ''type'' query parameter (hosts, processes, pods, nodes, deployments,
-        daemonsets, statefulsets, jobs, namespaces, clusters, volumes). For each collector
-        receiver or processor that contributes required metrics or attributes, lists
-        what is present and what is missing, with a prebuilt user-facing message and
-        a docs link per missing component. Default-enabled metrics are those expected
-        as soon as the receiver is configured; optional metrics require ''enabled:
-        true'' in receiver config. ''ready'' is true only when every missing list
-        is empty.'
-      operationId: GetOnboarding
-      parameters:
-      - in: query
-        name: type
-        required: true
-        schema:
-          $ref: '#/components/schemas/InframonitoringtypesOnboardingType'
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/InframonitoringtypesOnboarding'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - VIEWER
-      - tokenizer:
-        - VIEWER
-      summary: Get Onboarding Status for Infra Monitoring
-      tags:
-      - inframonitoring
   /api/v2/infra_monitoring/pods:
     post:
       deprecated: false

ee/authz/openfgaauthz/provider.go

@@ -179,13 +179,36 @@ func (provider *provider) CreateManagedUserRoleTransactions(ctx context.Context,
 	return provider.Write(ctx, tuples, nil)
 }
 
-func (provider *provider) Create(ctx context.Context, orgID valuer.UUID, role *authtypes.Role) error {
+func (provider *provider) Create(ctx context.Context, orgID valuer.UUID, role *authtypes.RoleWithTransactionGroups) error {
 	_, err := provider.licensing.GetActive(ctx, orgID)
 	if err != nil {
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}
 
-	return provider.store.Create(ctx, role)
+	existingRole, err := provider.GetByOrgIDAndName(ctx, orgID, role.Name)
+	if err != nil && !errors.Asc(err, authtypes.ErrCodeRoleNotFound) {
+		return err
+	}
+
+	if existingRole != nil {
+		return errors.Newf(errors.TypeAlreadyExists, authtypes.ErrCodeRoleAlreadyExists, "role with name: %s already exists", existingRole.Name)
+	}
+
+	tuples, err := authtypes.NewTuplesFromTransactionGroups(role.Name, orgID, role.TransactionGroups)
+	if err != nil {
+		return err
+	}
+
+	err = provider.Write(ctx, tuples, nil)
+	if err != nil {
+		return err
+	}
+
+	if err := provider.store.Create(ctx, role.Role); err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func (provider *provider) GetOrCreate(ctx context.Context, orgID valuer.UUID, role *authtypes.Role) (*authtypes.Role, error) {
@@ -213,6 +236,26 @@ func (provider *provider) GetOrCreate(ctx context.Context, orgID valuer.UUID, ro
 	return role, nil
 }
 
+func (provider *provider) GetWithTransactionGroups(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*authtypes.RoleWithTransactionGroups, error) {
+	_, err := provider.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	role, err := provider.store.Get(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+
+	tuples, err := provider.readAllTuplesForRole(ctx, role.Name, orgID)
+	if err != nil {
+		return nil, err
+	}
+
+	transactionGroups := authtypes.MustNewTransactionGroupsFromTuples(tuples)
+	return authtypes.MakeRoleWithTransactionGroups(role, transactionGroups), nil
+}
+
 func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id valuer.UUID, relation authtypes.Relation) ([]*coretypes.Object, error) {
 	_, err := provider.licensing.GetActive(ctx, orgID)
 	if err != nil {
@@ -247,6 +290,36 @@ func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id
 	return objects, nil
 }
 
+func (provider *provider) Update(ctx context.Context, orgID valuer.UUID, updatedRole *authtypes.RoleWithTransactionGroups) error {
+	_, err := provider.licensing.GetActive(ctx, orgID)
+	if err != nil {
+		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	existingRole, err := provider.GetWithTransactionGroups(ctx, orgID, updatedRole.ID)
+	if err != nil {
+		return err
+	}
+
+	additions, deletions := existingRole.TransactionGroups.Diff(updatedRole.TransactionGroups)
+	additionTuples, err := authtypes.NewTuplesFromTransactionGroups(existingRole.Name, orgID, additions)
+	if err != nil {
+		return err
+	}
+
+	deletionTuples, err := authtypes.NewTuplesFromTransactionGroups(existingRole.Name, orgID, deletions)
+	if err != nil {
+		return err
+	}
+
+	err = provider.Write(ctx, additionTuples, deletionTuples)
+	if err != nil {
+		return err
+	}
+
+	return provider.store.Update(ctx, orgID, updatedRole.Role)
+}
+
 func (provider *provider) Patch(ctx context.Context, orgID valuer.UUID, role *authtypes.Role) error {
 	_, err := provider.licensing.GetActive(ctx, orgID)
 	if err != nil {
@@ -286,7 +359,7 @@ func (provider *provider) Delete(ctx context.Context, orgID valuer.UUID, id valu
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}
 
-	role, err := provider.store.Get(ctx, orgID, id)
+	role, err := provider.GetWithTransactionGroups(ctx, orgID, id)
 	if err != nil {
 		return err
 	}
@@ -302,7 +375,12 @@ func (provider *provider) Delete(ctx context.Context, orgID valuer.UUID, id valu
 		}
 	}
 
-	if err := provider.deleteTuples(ctx, role.Name, orgID); err != nil {
+	tuples, err := authtypes.NewTuplesFromTransactionGroups(role.Name, orgID, role.TransactionGroups)
+	if err != nil {
+		return err
+	}
+
+	if err := provider.Write(ctx, nil, tuples); err != nil {
 		return errors.WithAdditionalf(err, "failed to delete tuples for the role: %s", role.Name)
 	}
 
@@ -361,7 +439,7 @@ func (provider *provider) getManagedRoleTransactionTuples(orgID valuer.UUID) []*
 	return tuples
 }
 
-func (provider *provider) deleteTuples(ctx context.Context, roleName string, orgID valuer.UUID) error {
+func (provider *provider) readAllTuplesForRole(ctx context.Context, roleName string, orgID valuer.UUID) ([]*openfgav1.TupleKey, error) {
 	subject := authtypes.MustNewSubject(coretypes.NewResourceRole(), roleName, orgID, &coretypes.VerbAssignee)
 
 	tuples := make([]*openfgav1.TupleKey, 0)
@@ -371,26 +449,10 @@ func (provider *provider) deleteTuples(ctx context.Context, roleName string, org
 			Object: objectType.StringValue() + ":",
 		})
 		if err != nil {
-			return err
+			return nil, err
 		}
 		tuples = append(tuples, typeTuples...)
 	}
 
-	if len(tuples) == 0 {
-		return nil
-	}
-
-	for idx := 0; idx < len(tuples); idx += provider.config.OpenFGA.MaxTuplesPerWrite {
-		end := idx + provider.config.OpenFGA.MaxTuplesPerWrite
-		if end > len(tuples) {
-			end = len(tuples)
-		}
-
-		err := provider.Write(ctx, nil, tuples[idx:end])
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
+	return tuples, nil
 }

ee/query-service/app/api/featureFlags.go

@@ -98,6 +98,15 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 		Route:      "",
 	})
 
+	aiObservability := ah.Signoz.Flagger.BooleanOrEmpty(ctx, flagger.FeatureEnableAIObservability, evalCtx)
+	featureSet = append(featureSet, &licensetypes.Feature{
+		Name:       valuer.NewString(flagger.FeatureEnableAIObservability.String()),
+		Active:     aiObservability,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	})
+
 	if constants.IsDotMetricsEnabled {
 		for idx, feature := range featureSet {
 			if feature.Name == licensetypes.DotMetricsEnabled {

frontend/src/api/generated/services/inframonitoring/index.ts

@@ -4,22 +4,14 @@
  * * regenerate with 'pnpm generate:api'
  * SigNoz
  */
-import { useMutation, useQuery } from 'react-query';
+import { useMutation } from 'react-query';
 import type {
-	InvalidateOptions,
 	MutationFunction,
-	QueryClient,
-	QueryFunction,
-	QueryKey,
 	UseMutationOptions,
 	UseMutationResult,
-	UseQueryOptions,
-	UseQueryResult,
 } from 'react-query';
 
 import type {
-	GetOnboarding200,
-	GetOnboardingParams,
 	InframonitoringtypesPostableClustersDTO,
 	InframonitoringtypesPostableDaemonSetsDTO,
 	InframonitoringtypesPostableDeploymentsDTO,
@@ -627,104 +619,6 @@ export const useListNodes = <
 > => {
 	return useMutation(getListNodesMutationOptions(options));
 };
-/**
- * Returns the per-tab readiness of the infra-monitoring section selected by the 'type' query parameter (hosts, processes, pods, nodes, deployments, daemonsets, statefulsets, jobs, namespaces, clusters, volumes). For each collector receiver or processor that contributes required metrics or attributes, lists what is present and what is missing, with a prebuilt user-facing message and a docs link per missing component. Default-enabled metrics are those expected as soon as the receiver is configured; optional metrics require 'enabled: true' in receiver config. 'ready' is true only when every missing list is empty.
- * @summary Get Onboarding Status for Infra Monitoring
- */
-export const getOnboarding = (
-	params: GetOnboardingParams,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<GetOnboarding200>({
-		url: `/api/v2/infra_monitoring/onboarding`,
-		method: 'GET',
-		params,
-		signal,
-	});
-};
-
-export const getGetOnboardingQueryKey = (params?: GetOnboardingParams) => {
-	return [
-		`/api/v2/infra_monitoring/onboarding`,
-		...(params ? [params] : []),
-	] as const;
-};
-
-export const getGetOnboardingQueryOptions = <
-	TData = Awaited<ReturnType<typeof getOnboarding>>,
-	TError = ErrorType<RenderErrorResponseDTO>,
->(
-	params: GetOnboardingParams,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getOnboarding>>,
-			TError,
-			TData
-		>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey = queryOptions?.queryKey ?? getGetOnboardingQueryKey(params);
-
-	const queryFn: QueryFunction<Awaited<ReturnType<typeof getOnboarding>>> = ({
-		signal,
-	}) => getOnboarding(params, signal);
-
-	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
-		Awaited<ReturnType<typeof getOnboarding>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type GetOnboardingQueryResult = NonNullable<
-	Awaited<ReturnType<typeof getOnboarding>>
->;
-export type GetOnboardingQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Get Onboarding Status for Infra Monitoring
- */
-
-export function useGetOnboarding<
-	TData = Awaited<ReturnType<typeof getOnboarding>>,
-	TError = ErrorType<RenderErrorResponseDTO>,
->(
-	params: GetOnboardingParams,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getOnboarding>>,
-			TError,
-			TData
-		>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetOnboardingQueryOptions(params, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	return { ...query, queryKey: queryOptions.queryKey };
-}
-
-/**
- * @summary Get Onboarding Status for Infra Monitoring
- */
-export const invalidateGetOnboarding = async (
-	queryClient: QueryClient,
-	params: GetOnboardingParams,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getGetOnboardingQueryKey(params) },
-		options,
-	);
-
-	return queryClient;
-};
-
 /**
  * Returns a paginated list of Kubernetes pods with key metrics: CPU usage, CPU request/limit utilization, memory working set, memory request/limit utilization, current pod phase (pending/running/succeeded/failed/unknown/no_data), and pod age (ms since start time). Each pod includes metadata attributes (namespace, node, workload owner such as deployment/statefulset/daemonset/job/cronjob, cluster). Supports filtering via a filter expression, custom groupBy to aggregate pods by any attribute, ordering by any of the six metrics (cpu, cpu_request, cpu_limit, memory, memory_request, memory_limit), and pagination via offset/limit. The response type is 'list' for the default k8s.pod.uid grouping (each row is one pod with its current phase) or 'grouped_list' for custom groupBy keys (each row aggregates pods in the group with per-phase counts under podCountsByPhase: { pending, running, succeeded, failed, unknown } derived from each pod's latest phase in the window). Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (podCPU, podCPURequest, podCPULimit, podMemory, podMemoryRequest, podMemoryLimit, podAge) return -1 as a sentinel when no data is available for that field.
  * @summary List Pods for Infra Monitoring

frontend/src/api/generated/services/role/index.ts

@@ -20,6 +20,7 @@ import type {
 import type {
 	AuthtypesPatchableRoleDTO,
 	AuthtypesPostableRoleDTO,
+	AuthtypesUpdatableRoleDTO,
 	CoretypesPatchableObjectsDTO,
 	CreateRole201,
 	DeleteRolePathParameters,
@@ -31,6 +32,7 @@ import type {
 	PatchObjectsPathParameters,
 	PatchRolePathParameters,
 	RenderErrorResponseDTO,
+	UpdateRolePathParameters,
 } from '../sigNoz.schemas';
 
 import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
@@ -365,6 +367,7 @@ export const invalidateGetRole = async (
 
 /**
  * This endpoint patches a role
+ * @deprecated
  * @summary Patch role
  */
 export const patchRole = (
@@ -436,6 +439,7 @@ export type PatchRoleMutationBody =
 export type PatchRoleMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
+ * @deprecated
  * @summary Patch role
  */
 export const usePatchRole = <
@@ -462,6 +466,105 @@ export const usePatchRole = <
 > => {
 	return useMutation(getPatchRoleMutationOptions(options));
 };
+/**
+ * This endpoint updates a role
+ * @summary Update role
+ */
+export const updateRole = (
+	{ id }: UpdateRolePathParameters,
+	authtypesUpdatableRoleDTO?: BodyType<AuthtypesUpdatableRoleDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<void>({
+		url: `/api/v1/roles/${id}`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: authtypesUpdatableRoleDTO,
+		signal,
+	});
+};
+
+export const getUpdateRoleMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateRole>>,
+		TError,
+		{
+			pathParams: UpdateRolePathParameters;
+			data?: BodyType<AuthtypesUpdatableRoleDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateRole>>,
+	TError,
+	{
+		pathParams: UpdateRolePathParameters;
+		data?: BodyType<AuthtypesUpdatableRoleDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updateRole'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateRole>>,
+		{
+			pathParams: UpdateRolePathParameters;
+			data?: BodyType<AuthtypesUpdatableRoleDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updateRole(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateRoleMutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateRole>>
+>;
+export type UpdateRoleMutationBody =
+	| BodyType<AuthtypesUpdatableRoleDTO>
+	| undefined;
+export type UpdateRoleMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update role
+ */
+export const useUpdateRole = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateRole>>,
+		TError,
+		{
+			pathParams: UpdateRolePathParameters;
+			data?: BodyType<AuthtypesUpdatableRoleDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateRole>>,
+	TError,
+	{
+		pathParams: UpdateRolePathParameters;
+		data?: BodyType<AuthtypesUpdatableRoleDTO>;
+	},
+	TContext
+> => {
+	return useMutation(getUpdateRoleMutationOptions(options));
+};
 /**
  * Gets all objects connected to the specified role via a given relation type
  * @summary Get objects for a role by relation
@@ -565,6 +668,7 @@ export const invalidateGetObjects = async (
 
 /**
  * Patches the objects connected to the specified role via a given relation type
+ * @deprecated
  * @summary Patch objects for a role by relation
  */
 export const patchObjects = (
@@ -636,6 +740,7 @@ export type PatchObjectsMutationBody =
 export type PatchObjectsMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
+ * @deprecated
  * @summary Patch objects for a role by relation
  */
 export const usePatchObjects = <

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -2224,15 +2224,31 @@ export interface AuthtypesPostableEmailPasswordSessionDTO {
 	password?: string;
 }
 
+export interface CoretypesObjectGroupDTO {
+	resource: CoretypesResourceRefDTO;
+	/**
+	 * @type array
+	 */
+	selectors: string[];
+}
+
+export interface AuthtypesTransactionGroupDTO {
+	objectGroup: CoretypesObjectGroupDTO;
+	relation: AuthtypesRelationDTO;
+}
+
+export type AuthtypesTransactionGroupsDTO = AuthtypesTransactionGroupDTO[];
+
 export interface AuthtypesPostableRoleDTO {
 	/**
 	 * @type string
 	 */
-	description?: string;
+	description: string;
 	/**
 	 * @type string
 	 */
 	name: string;
+	transactionGroups: AuthtypesTransactionGroupsDTO;
 }
 
 export interface AuthtypesPostableRotateTokenDTO {
@@ -2275,6 +2291,40 @@ export interface AuthtypesRoleDTO {
 	updatedAt?: string;
 }
 
+export interface AuthtypesRoleWithTransactionGroupsDTO {
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	createdAt?: string;
+	/**
+	 * @type string
+	 */
+	description: string;
+	/**
+	 * @type string
+	 */
+	id: string;
+	/**
+	 * @type string
+	 */
+	name: string;
+	/**
+	 * @type string
+	 */
+	orgId: string;
+	transactionGroups: AuthtypesTransactionGroupsDTO;
+	/**
+	 * @type string
+	 */
+	type: string;
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	updatedAt?: string;
+}
+
 export interface AuthtypesSessionContextDTO {
 	/**
 	 * @type boolean
@@ -2295,6 +2345,14 @@ export interface AuthtypesUpdatableAuthDomainDTO {
 	config?: AuthtypesAuthDomainConfigDTO;
 }
 
+export interface AuthtypesUpdatableRoleDTO {
+	/**
+	 * @type string
+	 */
+	description: string;
+	transactionGroups: AuthtypesTransactionGroupsDTO;
+}
+
 export interface AuthtypesUserRoleDTO {
 	/**
 	 * @type string
@@ -3065,14 +3123,6 @@ export interface CommonJSONRefDTO {
 	$ref?: string;
 }
 
-export interface CoretypesObjectGroupDTO {
-	resource: CoretypesResourceRefDTO;
-	/**
-	 * @type array
-	 */
-	selectors: string[];
-}
-
 export interface CoretypesPatchableObjectsDTO {
 	/**
 	 * @type array,null
@@ -5346,26 +5396,6 @@ export interface GlobaltypesConfigDTO {
 	mcp_url: string | null;
 }
 
-export enum InframonitoringtypesOnboardingComponentTypeDTO {
-	receiver = 'receiver',
-	processor = 'processor',
-}
-export interface InframonitoringtypesAssociatedComponentDTO {
-	/**
-	 * @type string
-	 */
-	name: string;
-	type: InframonitoringtypesOnboardingComponentTypeDTO;
-}
-
-export interface InframonitoringtypesAttributesComponentEntryDTO {
-	associatedComponent: InframonitoringtypesAssociatedComponentDTO;
-	/**
-	 * @type array,null
-	 */
-	attributes: string[] | null;
-}
-
 export type InframonitoringtypesClusterRecordDTOMetaAnyOf = {
 	[key: string]: string;
 };
@@ -5822,46 +5852,6 @@ export interface InframonitoringtypesJobsDTO {
 	warning?: Querybuildertypesv5QueryWarnDataDTO;
 }
 
-export interface InframonitoringtypesMetricsComponentEntryDTO {
-	associatedComponent: InframonitoringtypesAssociatedComponentDTO;
-	/**
-	 * @type array,null
-	 */
-	metrics: string[] | null;
-}
-
-export interface InframonitoringtypesMissingAttributesComponentEntryDTO {
-	associatedComponent: InframonitoringtypesAssociatedComponentDTO;
-	/**
-	 * @type array,null
-	 */
-	attributes: string[] | null;
-	/**
-	 * @type string
-	 */
-	documentationLink: string;
-	/**
-	 * @type string
-	 */
-	message: string;
-}
-
-export interface InframonitoringtypesMissingMetricsComponentEntryDTO {
-	associatedComponent: InframonitoringtypesAssociatedComponentDTO;
-	/**
-	 * @type string
-	 */
-	documentationLink: string;
-	/**
-	 * @type string
-	 */
-	message: string;
-	/**
-	 * @type array,null
-	 */
-	metrics: string[] | null;
-}
-
 export type InframonitoringtypesNamespaceRecordDTOMetaAnyOf = {
 	[key: string]: string;
 };
@@ -5979,61 +5969,6 @@ export interface InframonitoringtypesNodesDTO {
 	warning?: Querybuildertypesv5QueryWarnDataDTO;
 }
 
-export enum InframonitoringtypesOnboardingTypeDTO {
-	hosts = 'hosts',
-	processes = 'processes',
-	pods = 'pods',
-	nodes = 'nodes',
-	deployments = 'deployments',
-	daemonsets = 'daemonsets',
-	statefulsets = 'statefulsets',
-	jobs = 'jobs',
-	namespaces = 'namespaces',
-	clusters = 'clusters',
-	volumes = 'volumes',
-}
-export interface InframonitoringtypesOnboardingDTO {
-	/**
-	 * @type array,null
-	 */
-	missingDefaultEnabledMetrics:
-		| InframonitoringtypesMissingMetricsComponentEntryDTO[]
-		| null;
-	/**
-	 * @type array,null
-	 */
-	missingOptionalMetrics:
-		| InframonitoringtypesMissingMetricsComponentEntryDTO[]
-		| null;
-	/**
-	 * @type array,null
-	 */
-	missingRequiredAttributes:
-		| InframonitoringtypesMissingAttributesComponentEntryDTO[]
-		| null;
-	/**
-	 * @type array,null
-	 */
-	presentDefaultEnabledMetrics:
-		| InframonitoringtypesMetricsComponentEntryDTO[]
-		| null;
-	/**
-	 * @type array,null
-	 */
-	presentOptionalMetrics: InframonitoringtypesMetricsComponentEntryDTO[] | null;
-	/**
-	 * @type array,null
-	 */
-	presentRequiredAttributes:
-		| InframonitoringtypesAttributesComponentEntryDTO[]
-		| null;
-	/**
-	 * @type boolean
-	 */
-	ready: boolean;
-	type: InframonitoringtypesOnboardingTypeDTO;
-}
-
 export enum InframonitoringtypesPodPhaseDTO {
 	pending = 'pending',
 	running = 'running',
@@ -9565,6 +9500,16 @@ export type ListLLMPricingRulesParams = {
 	 * @description undefined
 	 */
 	limit?: number;
+	/**
+	 * @type string
+	 * @description undefined
+	 */
+	q?: string;
+	/**
+	 * @type boolean,null
+	 * @description undefined
+	 */
+	isOverride?: boolean | null;
 };
 
 export type ListLLMPricingRules200 = {
@@ -9674,7 +9619,7 @@ export type GetRolePathParameters = {
 	id: string;
 };
 export type GetRole200 = {
-	data: AuthtypesRoleDTO;
+	data: AuthtypesRoleWithTransactionGroupsDTO;
 	/**
 	 * @type string
 	 */
@@ -9684,6 +9629,9 @@ export type GetRole200 = {
 export type PatchRolePathParameters = {
 	id: string;
 };
+export type UpdateRolePathParameters = {
+	id: string;
+};
 export type GetObjectsPathParameters = {
 	id: string;
 	relation: string;
@@ -10292,21 +10240,6 @@ export type ListNodes200 = {
 	status: string;
 };
 
-export type GetOnboardingParams = {
-	/**
-	 * @description undefined
-	 */
-	type: InframonitoringtypesOnboardingTypeDTO;
-};
-
-export type GetOnboarding200 = {
-	data: InframonitoringtypesOnboardingDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
 export type ListPods200 = {
 	data: InframonitoringtypesPodsDTO;
 	/**

frontend/src/api/v5/queryRange/convertV5Response.test.ts

@@ -274,4 +274,110 @@ describe('convertV5ResponseToLegacy', () => {
 			},
 		});
 	});
+
+	it('clickhouse_sql scalar keeps each value column distinct (regression: all-"A" collapse)', () => {
+		const scalar: ScalarData = {
+			columns: [
+				{
+					name: 'service.name',
+					queryName: 'A',
+					aggregationIndex: 0,
+					columnType: 'group',
+				} as unknown as ScalarData['columns'][number],
+				{
+					name: 'current_availability',
+					queryName: 'A',
+					aggregationIndex: 0,
+					columnType: 'aggregation',
+				} as unknown as ScalarData['columns'][number],
+				{
+					name: 'error_budget_remaining',
+					queryName: 'A',
+					aggregationIndex: 1,
+					columnType: 'aggregation',
+				} as unknown as ScalarData['columns'][number],
+				{
+					name: 'budget_status',
+					queryName: 'A',
+					aggregationIndex: 2,
+					columnType: 'group',
+				} as unknown as ScalarData['columns'][number],
+				{
+					name: 'total_requests',
+					queryName: 'A',
+					aggregationIndex: 4,
+					columnType: 'aggregation',
+				} as unknown as ScalarData['columns'][number],
+			],
+			data: [['kuja-api_gateway-service', 99.985, 0.985, 'Healthy ✅', 2181216]],
+		};
+
+		const v5Data: QueryRangeResponseV5 = {
+			type: 'scalar',
+			data: { results: [scalar] },
+			meta: { rowsScanned: 0, bytesScanned: 0, durationMs: 0, stepIntervals: {} },
+		};
+
+		// A clickhouse_sql envelope contributes no aggregation metadata.
+		const params = makeBaseParams('scalar', [
+			{
+				type: 'clickhouse_sql',
+				spec: {
+					name: 'A',
+					query: 'SELECT ...',
+					disabled: false,
+				},
+			} as unknown as QueryRangeRequestV5['compositeQuery']['queries'][number],
+		]);
+
+		const input: SuccessResponse<MetricRangePayloadV5, QueryRangeRequestV5> =
+			makeBaseSuccess({ data: v5Data }, params);
+		// formatForWeb=true is the table-panel path.
+		const result = convertV5ResponseToLegacy(input, { A: '' }, true);
+
+		const [tableEntry] = result.payload.data.result;
+		// Headers keep their real names instead of collapsing to "A".
+		expect(tableEntry.table?.columns).toStrictEqual([
+			{
+				name: 'service.name',
+				queryName: 'A',
+				isValueColumn: false,
+				id: 'service.name',
+			},
+			{
+				name: 'current_availability',
+				queryName: 'A',
+				isValueColumn: true,
+				id: 'current_availability',
+			},
+			{
+				name: 'error_budget_remaining',
+				queryName: 'A',
+				isValueColumn: true,
+				id: 'error_budget_remaining',
+			},
+			{
+				name: 'budget_status',
+				queryName: 'A',
+				isValueColumn: false,
+				id: 'budget_status',
+			},
+			{
+				name: 'total_requests',
+				queryName: 'A',
+				isValueColumn: true,
+				id: 'total_requests',
+			},
+		]);
+		// Ids are unique, so value columns don't overwrite each other in the row.
+		expect(tableEntry.table?.rows?.[0]).toStrictEqual({
+			data: {
+				'service.name': 'kuja-api_gateway-service',
+				current_availability: 99.985,
+				error_budget_remaining: 0.985,
+				budget_status: 'Healthy ✅',
+				total_requests: 2181216,
+			},
+		});
+	});
 });

frontend/src/api/v5/queryRange/convertV5Response.ts

@@ -15,6 +15,7 @@ function getColName(
 	col: ScalarData['columns'][number],
 	legendMap: Record<string, string>,
 	aggregationPerQuery: Record<string, any>,
+	clickhouseQueryNames: Set<string>,
 ): string {
 	if (col.columnType === 'group') {
 		return col.name;
@@ -39,16 +40,32 @@ function getColName(
 		return alias || expression || col.queryName;
 	}
 
+	// clickhouse_sql value columns carry their real SQL alias in col.name — use
+	// it so each value column keeps its own header instead of collapsing onto
+	// the query name. Formulas/promql use placeholder names, so they fall back
+	// to legend || queryName.
+	if (clickhouseQueryNames.has(col.queryName)) {
+		return col.name;
+	}
 	return legend || col.queryName;
 }
 
 function getColId(
 	col: ScalarData['columns'][number],
 	aggregationPerQuery: Record<string, any>,
+	clickhouseQueryNames: Set<string>,
 ): string {
 	if (col.columnType === 'group') {
 		return col.name;
 	}
+
+	// clickhouse_sql value columns are keyed by their real SQL alias so multiple
+	// value columns stay unique instead of all collapsing onto the query name
+	// (which would overwrite every cell in the row with the last column's value).
+	if (clickhouseQueryNames.has(col.queryName)) {
+		return col.name;
+	}
+
 	const aggregation =
 		aggregationPerQuery?.[col.queryName]?.[col.aggregationIndex];
 	const expression = aggregation?.expression || '';
@@ -141,6 +158,7 @@ function convertScalarDataArrayToTable(
 	scalarDataArray: ScalarData[],
 	legendMap: Record<string, string>,
 	aggregationPerQuery: Record<string, any>,
+	clickhouseQueryNames: Set<string>,
 ): QueryDataV3[] {
 	// If no scalar data, return empty structure
 
@@ -166,10 +184,10 @@ function convertScalarDataArrayToTable(
 
 		// Collect columns for this specific query
 		const columns = scalarData?.columns?.map((col) => ({
-			name: getColName(col, legendMap, aggregationPerQuery),
+			name: getColName(col, legendMap, aggregationPerQuery, clickhouseQueryNames),
 			queryName: col.queryName,
 			isValueColumn: col.columnType === 'aggregation',
-			id: getColId(col, aggregationPerQuery),
+			id: getColId(col, aggregationPerQuery, clickhouseQueryNames),
 		}));
 
 		// Process rows for this specific query
@@ -177,8 +195,13 @@ function convertScalarDataArrayToTable(
 			const rowData: Record<string, any> = {};
 
 			scalarData?.columns?.forEach((col, colIndex) => {
-				const columnName = getColName(col, legendMap, aggregationPerQuery);
-				const columnId = getColId(col, aggregationPerQuery);
+				const columnName = getColName(
+					col,
+					legendMap,
+					aggregationPerQuery,
+					clickhouseQueryNames,
+				);
+				const columnId = getColId(col, aggregationPerQuery, clickhouseQueryNames);
 				rowData[columnId || columnName] = dataRow[colIndex];
 			});
 
@@ -202,6 +225,7 @@ function convertScalarWithFormatForWeb(
 	scalarDataArray: ScalarData[],
 	legendMap: Record<string, string>,
 	aggregationPerQuery: Record<string, any>,
+	clickhouseQueryNames: Set<string>,
 ): QueryDataV3[] {
 	if (!scalarDataArray || scalarDataArray.length === 0) {
 		return [];
@@ -210,13 +234,18 @@ function convertScalarWithFormatForWeb(
 	return scalarDataArray.map((scalarData) => {
 		const columns =
 			scalarData.columns?.map((col) => {
-				const colName = getColName(col, legendMap, aggregationPerQuery);
+				const colName = getColName(
+					col,
+					legendMap,
+					aggregationPerQuery,
+					clickhouseQueryNames,
+				);
 
 				return {
 					name: colName,
 					queryName: col.queryName,
 					isValueColumn: col.columnType === 'aggregation',
-					id: getColId(col, aggregationPerQuery),
+					id: getColId(col, aggregationPerQuery, clickhouseQueryNames),
 				};
 			}) || [];
 
@@ -289,6 +318,7 @@ function convertV5DataByType(
 	v5Data: any,
 	legendMap: Record<string, string>,
 	aggregationPerQuery: Record<string, any>,
+	clickhouseQueryNames: Set<string>,
 ): MetricRangePayloadV3['data'] {
 	switch (v5Data?.type) {
 		case 'time_series': {
@@ -307,6 +337,7 @@ function convertV5DataByType(
 				scalarData,
 				legendMap,
 				aggregationPerQuery,
+				clickhouseQueryNames,
 			);
 			return {
 				resultType: 'scalar',
@@ -373,6 +404,15 @@ export function convertV5ResponseToLegacy(
 				{} as Record<string, any>,
 			) || {};
 
+	// clickhouse_sql queries have no aggregation metadata; their value columns
+	// are named/keyed by the real SQL alias the response carries (see getColId).
+	const clickhouseQueryNames = new Set<string>(
+		(params?.compositeQuery?.queries ?? [])
+			.filter((query) => query.type === 'clickhouse_sql')
+			.map((query) => (query.spec as { name?: string })?.name)
+			.filter((name): name is string => !!name),
+	);
+
 	// If formatForWeb is true, return as-is (like existing logic)
 	if (formatForWeb && v5Data?.type === 'scalar') {
 		const scalarData = v5Data.data.results as ScalarData[];
@@ -380,6 +420,7 @@ export function convertV5ResponseToLegacy(
 			scalarData,
 			legendMap,
 			aggregationPerQuery,
+			clickhouseQueryNames,
 		);
 
 		return {
@@ -402,6 +443,7 @@ export function convertV5ResponseToLegacy(
 		v5Data,
 		legendMap,
 		aggregationPerQuery,
+		clickhouseQueryNames,
 	);
 
 	// Create legacy-compatible response structure

frontend/src/constants/features.ts

@@ -12,4 +12,5 @@ export enum FeatureKeys {
 	USE_JSON_BODY = 'use_json_body',
 	USE_FINE_GRAINED_AUTHZ = 'use_fine_grained_authz',
 	USE_DASHBOARD_V2 = 'use_dashboard_v2',
+	EMABLE_AI_OBSERVABILITY = 'enable_ai_observability',
 }

frontend/src/container/RolesSettings/RolesComponents/CreateRoleModal.tsx

@@ -116,7 +116,8 @@ function CreateRoleModal({
 			} else {
 				const data: AuthtypesPostableRoleDTO = {
 					name: values.name,
-					...(values.description ? { description: values.description } : {}),
+					description: values.description || '',
+					transactionGroups: [],
 				};
 				createRole({ data });
 			}

frontend/src/pages/DashboardPageV2/DashboardContainer/queryV5/__tests__/prepareScalarTables.test.ts

@@ -5,6 +5,7 @@ import type {
 
 import {
 	extractAggregationsPerQuery,
+	extractClickhouseQueryNames,
 	prepareScalarTables,
 } from '../prepareScalarTables';
 
@@ -56,6 +57,24 @@ describe('extractAggregationsPerQuery', () => {
 	});
 });
 
+describe('extractClickhouseQueryNames', () => {
+	it('collects names of clickhouse_sql queries, ignoring other envelope types', () => {
+		const request = requestWith([
+			{ type: 'clickhouse_sql', spec: { name: 'A', query: 'SELECT 1' } },
+			{
+				type: 'builder_query',
+				spec: { name: 'B', aggregations: [{ expression: 'count()' }] },
+			},
+			{ type: 'promql', spec: { name: 'P', query: 'up' } },
+		]);
+		expect(extractClickhouseQueryNames(request)).toStrictEqual(new Set(['A']));
+	});
+
+	it('returns an empty set for an undefined payload', () => {
+		expect(extractClickhouseQueryNames(undefined)).toStrictEqual(new Set());
+	});
+});
+
 describe('prepareScalarTables', () => {
 	it('builds keyed rows with group + aggregation columns (V1 getColName/getColId parity)', () => {
 		const [table] = prepareScalarTables({
@@ -194,18 +213,115 @@ describe('prepareScalarTables', () => {
 		expect(tables.map((t) => t.queryName)).toStrictEqual(['A', 'B']);
 	});
 
-	it('queries without aggregation metadata fall back to legend || queryName', () => {
+	it('clickhouse_sql single value column uses the SQL alias over the legend', () => {
 		const [table] = prepareScalarTables({
 			results: [
+				scalarResult(
+					[
+						{
+							name: 'current_availability',
+							queryName: 'A',
+							columnType: 'aggregation',
+						},
+					],
+					[],
+				),
+			],
+			legendMap: { A: 'Legend' },
+			requestPayload: requestWith([
+				{ type: 'clickhouse_sql', spec: { name: 'A', query: 'SELECT ...' } },
+			]),
+		});
+		// The query is clickhouse_sql, so the response column's real SQL alias is
+		// used for both header and key (a single legend can't be the column name).
+		expect(table.columns[0].name).toBe('current_availability');
+		expect(table.columns[0].id).toBe('current_availability');
+	});
+
+	it('non-clickhouse query without aggregation metadata falls back to legend || queryName', () => {
+		const [table] = prepareScalarTables({
+			results: [
+				// Formulas/promql carry placeholder names and are not clickhouse_sql,
+				// so they must not adopt the response column name.
 				scalarResult(
 					[{ name: '__result_0', queryName: 'A', columnType: 'aggregation' }],
 					[],
 				),
 			],
 			legendMap: { A: 'Legend' },
-			requestPayload: requestWith([]),
+			requestPayload: requestWith([
+				{ type: 'promql', spec: { name: 'A', query: 'up' } },
+			]),
 		});
 		expect(table.columns[0].name).toBe('Legend');
 		expect(table.columns[0].id).toBe('A');
 	});
+
+	it('clickhouse_sql query keeps each value column distinct (regression: all-"A" collapse)', () => {
+		const [table] = prepareScalarTables({
+			results: [
+				scalarResult(
+					[
+						{ name: 'service.name', queryName: 'A', columnType: 'group' },
+						{
+							name: 'current_availability',
+							queryName: 'A',
+							columnType: 'aggregation',
+							aggregationIndex: 0,
+						},
+						{
+							name: 'error_budget_remaining',
+							queryName: 'A',
+							columnType: 'aggregation',
+							aggregationIndex: 1,
+						},
+						{ name: 'budget_status', queryName: 'A', columnType: 'group' },
+						{
+							name: 'total_requests',
+							queryName: 'A',
+							columnType: 'aggregation',
+							aggregationIndex: 4,
+						},
+					],
+					[['kuja-api_gateway-service', 99.985, 0.985, 'Healthy ✅', 2181216]],
+				),
+			],
+			legendMap: { A: '' },
+			// A clickhouse_sql envelope contributes no aggregation metadata.
+			requestPayload: requestWith([
+				{
+					type: 'clickhouse_sql',
+					spec: { name: 'A', query: 'SELECT ...' },
+				},
+			]),
+		});
+
+		// Headers keep their real names instead of collapsing to "A".
+		expect(table.columns.map((col) => col.name)).toStrictEqual([
+			'service.name',
+			'current_availability',
+			'error_budget_remaining',
+			'budget_status',
+			'total_requests',
+		]);
+		// Ids are unique, so value columns don't overwrite each other in the row.
+		expect(table.columns.map((col) => col.id)).toStrictEqual([
+			'service.name',
+			'current_availability',
+			'error_budget_remaining',
+			'budget_status',
+			'total_requests',
+		]);
+		expect(table.rows).toStrictEqual([
+			{
+				data: {
+					'service.name': 'kuja-api_gateway-service',
+					current_availability: 99.985,
+					error_budget_remaining: 0.985,
+					budget_status: 'Healthy ✅',
+					total_requests: 2181216,
+				},
+			},
+		]);
+	});
 });

frontend/src/pages/DashboardPageV2/DashboardContainer/queryV5/prepareScalarTables.ts

@@ -1,5 +1,6 @@
 import type {
 	Querybuildertypesv5ColumnDescriptorDTO,
+	Querybuildertypesv5QueryEnvelopeClickHouseSQLDTO,
 	Querybuildertypesv5QueryRangeRequestDTO,
 	Querybuildertypesv5ScalarDataDTO,
 } from 'api/generated/services/sigNoz.schemas';
@@ -44,16 +45,43 @@ export function extractAggregationsPerQuery(
 	return perQuery;
 }
 
+/**
+ * Names of the request's clickhouse_sql queries. These have no aggregation
+ * metadata, but their value columns carry the user's real SQL alias in the
+ * response `col.name` — so columns of these queries are named/keyed by that
+ * alias rather than collapsing onto the query name. Builder/formula/promql use
+ * placeholder names (`__result`/`__result_N`) and are excluded here.
+ */
+export function extractClickhouseQueryNames(
+	requestPayload: Querybuildertypesv5QueryRangeRequestDTO | undefined,
+): Set<string> {
+	const names = new Set<string>();
+	(requestPayload?.compositeQuery?.queries ?? []).forEach((envelope) => {
+		if (envelope.type !== Querybuildertypesv5QueryTypeDTO.clickhouse_sql) {
+			return;
+		}
+		const spec = (envelope as Querybuildertypesv5QueryEnvelopeClickHouseSQLDTO)
+			.spec;
+		if (spec?.name) {
+			names.add(spec.name);
+		}
+	});
+	return names;
+}
+
 /**
  * Column display name. Group columns keep their field name; aggregation
  * columns resolve alias > legend > expression > queryName — with the legend
  * skipped when the query has multiple aggregations, because one legend can't
- * label several value columns. (Port of V1 `getColName`.)
+ * label several value columns. clickhouse_sql columns have no aggregation
+ * metadata, so their value columns are named by the real SQL alias the
+ * response carries in `col.name`. (Port of V1 `getColName`.)
  */
 function getColName(
 	col: Querybuildertypesv5ColumnDescriptorDTO,
 	legendMap: Record<string, string>,
 	aggregationsPerQuery: AggregationsPerQuery,
+	clickhouseQueryNames: Set<string>,
 ): string {
 	if (col.columnType === 'group') {
 		return col.name;
@@ -74,6 +102,13 @@ function getColName(
 		return alias || expression || queryName;
 	}
 
+	// clickhouse_sql value columns carry their real SQL alias in col.name — use
+	// it so each value column keeps its own header instead of collapsing onto
+	// the query name. Formulas/promql use placeholder names, so they fall back
+	// to legend || queryName.
+	if (clickhouseQueryNames.has(queryName)) {
+		return col.name;
+	}
 	return legend || queryName;
 }
 
@@ -85,15 +120,23 @@ function getColName(
 function getColId(
 	col: Querybuildertypesv5ColumnDescriptorDTO,
 	aggregationsPerQuery: AggregationsPerQuery,
+	clickhouseQueryNames: Set<string>,
 ): string {
 	if (col.columnType === 'group') {
 		return col.name;
 	}
 
 	const queryName = col.queryName ?? '';
+
+	// clickhouse_sql value columns are keyed by their real SQL alias so multiple
+	// value columns stay unique instead of all collapsing onto the query name
+	// (which would overwrite every cell in the row with the last column's value).
+	if (clickhouseQueryNames.has(queryName)) {
+		return col.name;
+	}
+
 	const aggregations = aggregationsPerQuery[queryName];
 	const expression = aggregations?.[col.aggregationIndex ?? 0]?.expression || '';
-
 	if ((aggregations?.length || 0) > 1 && expression) {
 		return `${queryName}.${expression}`;
 	}
@@ -119,6 +162,7 @@ export function prepareScalarTables({
 	requestPayload,
 }: PrepareScalarTablesArgs): PanelTable[] {
 	const aggregationsPerQuery = extractAggregationsPerQuery(requestPayload);
+	const clickhouseQueryNames = extractClickhouseQueryNames(requestPayload);
 
 	return results.map((scalarData) => {
 		if (!scalarData) {
@@ -132,10 +176,10 @@ export function prepareScalarTables({
 		const queryName = scalarData.columns?.[0]?.queryName ?? '';
 
 		const columns: PanelTableColumn[] = (scalarData.columns ?? []).map((col) => ({
-			name: getColName(col, legendMap, aggregationsPerQuery),
+			name: getColName(col, legendMap, aggregationsPerQuery, clickhouseQueryNames),
 			queryName: col.queryName ?? '',
 			isValueColumn: col.columnType === 'aggregation',
-			id: getColId(col, aggregationsPerQuery),
+			id: getColId(col, aggregationsPerQuery, clickhouseQueryNames),
 		}));
 
 		const rows = (scalarData.data ?? []).map((dataRow) => {

pkg/apiserver/signozapiserver/inframonitoring.go

@@ -200,23 +200,5 @@ func (provider *provider) addInfraMonitoringRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v2/infra_monitoring/onboarding", handler.New(
-		provider.authzMiddleware.ViewAccess(provider.infraMonitoringHandler.GetOnboarding),
-		handler.OpenAPIDef{
-			ID:                  "GetOnboarding",
-			Tags:                []string{"inframonitoring"},
-			Summary:             "Get Onboarding Status for Infra Monitoring",
-			Description:         "Returns the per-tab readiness of the infra-monitoring section selected by the 'type' query parameter (hosts, processes, pods, nodes, deployments, daemonsets, statefulsets, jobs, namespaces, clusters, volumes). For each collector receiver or processor that contributes required metrics or attributes, lists what is present and what is missing, with a prebuilt user-facing message and a docs link per missing component. Default-enabled metrics are those expected as soon as the receiver is configured; optional metrics require 'enabled: true' in receiver config. 'ready' is true only when every missing list is empty.",
-			RequestQuery:        new(inframonitoringtypes.PostableOnboarding),
-			Response:            new(inframonitoringtypes.Onboarding),
-			ResponseContentType: "application/json",
-			SuccessStatusCode:   http.StatusOK,
-			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized},
-			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
-		})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
 	return nil
 }

pkg/apiserver/signozapiserver/role.go

@@ -73,7 +73,7 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 			Description:         "This endpoint gets a role",
 			Request:             nil,
 			RequestContentType:  "",
-			Response:            new(authtypes.Role),
+			Response:            new(authtypes.RoleWithTransactionGroups),
 			ResponseContentType: "application/json",
 			SuccessStatusCode:   http.StatusOK,
 			ErrorStatusCodes:    []int{},
@@ -91,6 +91,60 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		return err
 	}
 
+	if err := router.Handle("/api/v1/roles/{id}", handler.New(
+		provider.authzMiddleware.CheckResources(provider.authzHandler.Update, authtypes.SigNozAdminRoleName),
+		handler.OpenAPIDef{
+			ID:                  "UpdateRole",
+			Tags:                []string{"role"},
+			Summary:             "Update role",
+			Description:         "This endpoint updates a role",
+			Request:             new(authtypes.UpdatableRole),
+			RequestContentType:  "",
+			Response:            nil,
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusNoContent,
+			ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
+			Deprecated:          false,
+			SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbUpdate)}),
+		},
+		handler.WithResourceDefs(handler.BasicResourceDef{
+			Resource: coretypes.ResourceRole,
+			Verb:     coretypes.VerbUpdate,
+			Category: coretypes.ActionCategoryAccessControl,
+			ID:       coretypes.PathParam("id"),
+			Selector: provider.roleSelector,
+		}),
+	)).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v1/roles/{id}", handler.New(
+		provider.authzMiddleware.CheckResources(provider.authzHandler.Delete, authtypes.SigNozAdminRoleName),
+		handler.OpenAPIDef{
+			ID:                  "DeleteRole",
+			Tags:                []string{"role"},
+			Summary:             "Delete role",
+			Description:         "This endpoint deletes a role",
+			Request:             nil,
+			RequestContentType:  "",
+			Response:            nil,
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusNoContent,
+			ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
+			Deprecated:          false,
+			SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbDelete)}),
+		},
+		handler.WithResourceDefs(handler.BasicResourceDef{
+			Resource: coretypes.ResourceRole,
+			Verb:     coretypes.VerbDelete,
+			Category: coretypes.ActionCategoryAccessControl,
+			ID:       coretypes.PathParam("id"),
+			Selector: provider.roleSelector,
+		}),
+	)).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/roles/{id}/relations/{relation}/objects", handler.New(
 		provider.authzMiddleware.CheckResources(provider.authzHandler.GetObjects, authtypes.SigNozAdminRoleName),
 		handler.OpenAPIDef{
@@ -131,7 +185,7 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 			ResponseContentType: "application/json",
 			SuccessStatusCode:   http.StatusNoContent,
 			ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
-			Deprecated:          false,
+			Deprecated:          true,
 			SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbUpdate)}),
 		},
 		handler.WithResourceDefs(handler.BasicResourceDef{
@@ -158,7 +212,7 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 			ResponseContentType: "application/json",
 			SuccessStatusCode:   http.StatusNoContent,
 			ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
-			Deprecated:          false,
+			Deprecated:          true,
 			SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbUpdate)}),
 		},
 		handler.WithResourceDefs(handler.BasicResourceDef{
@@ -172,32 +226,5 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/roles/{id}", handler.New(
-		provider.authzMiddleware.CheckResources(provider.authzHandler.Delete, authtypes.SigNozAdminRoleName),
-		handler.OpenAPIDef{
-			ID:                  "DeleteRole",
-			Tags:                []string{"role"},
-			Summary:             "Delete role",
-			Description:         "This endpoint deletes a role",
-			Request:             nil,
-			RequestContentType:  "",
-			Response:            nil,
-			ResponseContentType: "application/json",
-			SuccessStatusCode:   http.StatusNoContent,
-			ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
-			Deprecated:          false,
-			SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbDelete)}),
-		},
-		handler.WithResourceDefs(handler.BasicResourceDef{
-			Resource: coretypes.ResourceRole,
-			Verb:     coretypes.VerbDelete,
-			Category: coretypes.ActionCategoryAccessControl,
-			ID:       coretypes.PathParam("id"),
-			Selector: provider.roleSelector,
-		}),
-	)).Methods(http.MethodDelete).GetError(); err != nil {
-		return err
-	}
-
 	return nil
 }

pkg/authz/authz.go

@@ -33,8 +33,8 @@ type AuthZ interface {
 	// Lists the selectors for objects assigned to subject (s) with relation (r) on resource (s)
 	ListObjects(context.Context, string, authtypes.Relation, coretypes.Type) ([]*coretypes.Object, error)
 
-	// Creates the role.
-	Create(context.Context, valuer.UUID, *authtypes.Role) error
+	// Creates the role with its transaction groups.
+	Create(context.Context, valuer.UUID, *authtypes.RoleWithTransactionGroups) error
 
 	// Gets the role if it exists or creates one.
 	GetOrCreate(context.Context, valuer.UUID, *authtypes.Role) (*authtypes.Role, error)
@@ -48,12 +48,18 @@ type AuthZ interface {
 	// Patches the objects in authorization server associated with the given role and relation
 	PatchObjects(context.Context, valuer.UUID, string, authtypes.Relation, []*coretypes.Object, []*coretypes.Object) error
 
+	// Updates the role's metadata and reconciles its transaction groups.
+	Update(context.Context, valuer.UUID, *authtypes.RoleWithTransactionGroups) error
+
 	// Deletes the role and tuples in authorization server.
 	Delete(context.Context, valuer.UUID, valuer.UUID) error
 
 	// Gets the role
 	Get(context.Context, valuer.UUID, valuer.UUID) (*authtypes.Role, error)
 
+	// Gets the role with transaction groups
+	GetWithTransactionGroups(context.Context, valuer.UUID, valuer.UUID) (*authtypes.RoleWithTransactionGroups, error)
+
 	// Gets the role by org_id and name
 	GetByOrgIDAndName(context.Context, valuer.UUID, string) (*authtypes.Role, error)
 
@@ -101,6 +107,8 @@ type Handler interface {
 
 	PatchObjects(http.ResponseWriter, *http.Request)
 
+	Update(http.ResponseWriter, *http.Request)
+
 	Check(http.ResponseWriter, *http.Request)
 
 	Delete(http.ResponseWriter, *http.Request)

pkg/authz/openfgaauthz/provider.go

@@ -83,6 +83,10 @@ func (provider *provider) Get(ctx context.Context, orgID valuer.UUID, id valuer.
 	return provider.store.Get(ctx, orgID, id)
 }
 
+func (provider *provider) GetWithTransactionGroups(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*authtypes.RoleWithTransactionGroups, error) {
+	return nil, errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
+}
+
 func (provider *provider) GetByOrgIDAndName(ctx context.Context, orgID valuer.UUID, name string) (*authtypes.Role, error) {
 	return provider.store.GetByOrgIDAndName(ctx, orgID, name)
 }
@@ -168,7 +172,7 @@ func (provider *provider) CreateManagedUserRoleTransactions(ctx context.Context,
 	return provider.Grant(ctx, orgID, []string{authtypes.SigNozAdminRoleName}, authtypes.MustNewSubject(coretypes.NewResourceUser(), userID.String(), orgID, nil))
 }
 
-func (setter *provider) Create(_ context.Context, _ valuer.UUID, _ *authtypes.Role) error {
+func (setter *provider) Create(_ context.Context, _ valuer.UUID, _ *authtypes.RoleWithTransactionGroups) error {
 	return errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
 }
 
@@ -180,6 +184,10 @@ func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id
 	return nil, errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
 }
 
+func (provider *provider) Update(_ context.Context, _ valuer.UUID, _ *authtypes.RoleWithTransactionGroups) error {
+	return errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
+}
+
 func (provider *provider) Patch(_ context.Context, _ valuer.UUID, _ *authtypes.Role) error {
 	return errors.Newf(errors.TypeUnsupported, authtypes.ErrCodeRoleUnsupported, "not implemented")
 }

pkg/authz/openfgaserver/server.go

@@ -212,6 +212,30 @@ func (server *Server) CheckWithTupleCreationWithoutClaims(ctx context.Context, o
 }
 
 func (server *Server) Write(ctx context.Context, additions []*openfgav1.TupleKey, deletions []*openfgav1.TupleKey) error {
+	maxTuplesPerWrite := server.config.OpenFGA.MaxTuplesPerWrite
+
+	if len(additions)+len(deletions) <= maxTuplesPerWrite {
+		return server.write(ctx, additions, deletions)
+	}
+
+	for idx := 0; idx < len(additions); idx += maxTuplesPerWrite {
+		end := min(idx+maxTuplesPerWrite, len(additions))
+		if err := server.write(ctx, additions[idx:end], nil); err != nil {
+			return err
+		}
+	}
+
+	for idx := 0; idx < len(deletions); idx += maxTuplesPerWrite {
+		end := min(idx+maxTuplesPerWrite, len(deletions))
+		if err := server.write(ctx, nil, deletions[idx:end]); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (server *Server) write(ctx context.Context, additions []*openfgav1.TupleKey, deletions []*openfgav1.TupleKey) error {
 	if len(additions) == 0 && len(deletions) == 0 {
 		return nil
 	}

pkg/authz/signozauthzapi/handler.go

@@ -36,14 +36,14 @@ func (handler *handler) Create(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	role := authtypes.NewRole(req.Name, req.Description, authtypes.RoleTypeCustom, valuer.MustNewUUID(claims.OrgID))
-	err = handler.authz.Create(ctx, valuer.MustNewUUID(claims.OrgID), role)
+	roleWithTransactionGroups := authtypes.NewRoleWithTransactionGroups(req.Name, req.Description, authtypes.RoleTypeCustom, valuer.MustNewUUID(claims.OrgID), req.TransactionGroups)
+	err = handler.authz.Create(ctx, valuer.MustNewUUID(claims.OrgID), roleWithTransactionGroups)
 	if err != nil {
 		render.Error(rw, err)
 		return
 	}
 
-	render.Success(rw, http.StatusCreated, types.Identifiable{ID: role.ID})
+	render.Success(rw, http.StatusCreated, types.Identifiable{ID: roleWithTransactionGroups.ID})
 }
 
 func (handler *handler) Get(rw http.ResponseWriter, r *http.Request) {
@@ -65,13 +65,13 @@ func (handler *handler) Get(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	role, err := handler.authz.Get(ctx, valuer.MustNewUUID(claims.OrgID), roleID)
+	roleWithTransactionGroups, err := handler.authz.GetWithTransactionGroups(ctx, valuer.MustNewUUID(claims.OrgID), roleID)
 	if err != nil {
 		render.Error(rw, err)
 		return
 	}
 
-	render.Success(rw, http.StatusOK, role)
+	render.Success(rw, http.StatusOK, roleWithTransactionGroups)
 }
 
 func (handler *handler) GetObjects(rw http.ResponseWriter, r *http.Request) {
@@ -224,6 +224,48 @@ func (handler *handler) PatchObjects(rw http.ResponseWriter, r *http.Request) {
 	render.Success(rw, http.StatusNoContent, nil)
 }
 
+func (handler *handler) Update(rw http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id, err := valuer.NewUUID(mux.Vars(r)["id"])
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := new(authtypes.UpdatableRole)
+	if err := binding.JSON.BindBody(r.Body, req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	role, err := handler.authz.Get(ctx, valuer.MustNewUUID(claims.OrgID), id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	roleWithTransactionGroups := authtypes.MakeRoleWithTransactionGroups(role, nil)
+	err = roleWithTransactionGroups.Update(req.Description, req.TransactionGroups)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	err = handler.authz.Update(ctx, valuer.MustNewUUID(claims.OrgID), roleWithTransactionGroups)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}
+
 func (handler *handler) Delete(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 	claims, err := authtypes.ClaimsFromContext(ctx)

pkg/flagger/registry.go

@@ -3,15 +3,16 @@ package flagger
 import "github.com/SigNoz/signoz/pkg/types/featuretypes"
 
 var (
-	FeatureUseSpanMetrics      = featuretypes.MustNewName("use_span_metrics")
-	FeatureKafkaSpanEval       = featuretypes.MustNewName("kafka_span_eval")
-	FeatureHideRootUser        = featuretypes.MustNewName("hide_root_user")
-	FeatureGetMetersFromZeus   = featuretypes.MustNewName("get_meters_from_zeus")
-	FeaturePutMetersInZeus     = featuretypes.MustNewName("put_meters_in_zeus")
-	FeatureUseMeterReporter    = featuretypes.MustNewName("use_meter_reporter")
-	FeatureUseJSONBody         = featuretypes.MustNewName("use_json_body")
-	FeatureUseFineGrainedAuthz = featuretypes.MustNewName("use_fine_grained_authz")
-	FeatureUseDashboardV2      = featuretypes.MustNewName("use_dashboard_v2")
+	FeatureUseSpanMetrics        = featuretypes.MustNewName("use_span_metrics")
+	FeatureKafkaSpanEval         = featuretypes.MustNewName("kafka_span_eval")
+	FeatureHideRootUser          = featuretypes.MustNewName("hide_root_user")
+	FeatureGetMetersFromZeus     = featuretypes.MustNewName("get_meters_from_zeus")
+	FeaturePutMetersInZeus       = featuretypes.MustNewName("put_meters_in_zeus")
+	FeatureUseMeterReporter      = featuretypes.MustNewName("use_meter_reporter")
+	FeatureUseJSONBody           = featuretypes.MustNewName("use_json_body")
+	FeatureUseFineGrainedAuthz   = featuretypes.MustNewName("use_fine_grained_authz")
+	FeatureUseDashboardV2        = featuretypes.MustNewName("use_dashboard_v2")
+	FeatureEnableAIObservability = featuretypes.MustNewName("enable_ai_observability")
 )
 
 func MustNewRegistry() featuretypes.Registry {
@@ -88,6 +89,14 @@ func MustNewRegistry() featuretypes.Registry {
 			DefaultVariant: featuretypes.MustNewName("disabled"),
 			Variants:       featuretypes.NewBooleanVariants(),
 		},
+		&featuretypes.Feature{
+			Name:           FeatureEnableAIObservability,
+			Kind:           featuretypes.KindBoolean,
+			Stage:          featuretypes.StageExperimental,
+			Description:    "Controls whether ai observability is enabled",
+			DefaultVariant: featuretypes.MustNewName("disabled"),
+			Variants:       featuretypes.NewBooleanVariants(),
+		},
 	)
 	if err != nil {
 		panic(err)

pkg/modules/inframonitoring/implinframonitoring/handler.go

@@ -22,30 +22,6 @@ func NewHandler(m inframonitoring.Module) inframonitoring.Handler {
 	}
 }
 
-func (h *handler) GetOnboarding(rw http.ResponseWriter, req *http.Request) {
-	claims, err := authtypes.ClaimsFromContext(req.Context())
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID := valuer.MustNewUUID(claims.OrgID)
-
-	var parsedReq inframonitoringtypes.PostableOnboarding
-	if err := binding.Query.BindQuery(req.URL.Query(), &parsedReq); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	result, err := h.module.GetOnboarding(req.Context(), orgID, &parsedReq)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusOK, result)
-}
-
 func (h *handler) ListHosts(rw http.ResponseWriter, req *http.Request) {
 	claims, err := authtypes.ClaimsFromContext(req.Context())
 	if err != nil {

pkg/modules/inframonitoring/implinframonitoring/helpers.go

@@ -473,96 +473,6 @@ func (m *module) getMetricsExistenceAndEarliestTime(ctx context.Context, metricN
 	return missingMetrics, globalMinFirstReported, nil
 }
 
-// getMetricsExistence returns, for each requested metric name, whether it has ever
-// been reported (present in signoz_metrics.distributed_metadata). No time window.
-func (m *module) getMetricsExistence(ctx context.Context, metricNames []string) (map[string]bool, error) {
-	present := make(map[string]bool, len(metricNames))
-	for _, n := range metricNames {
-		present[n] = false
-	}
-	if len(metricNames) == 0 {
-		return present, nil
-	}
-
-	sb := sqlbuilder.NewSelectBuilder()
-	sb.Select("metric_name", "count(*) AS cnt")
-	sb.From(fmt.Sprintf("%s.%s", telemetrymetrics.DBName, telemetrymetrics.AttributesMetadataTableName))
-	sb.Where(sb.In("metric_name", sqlbuilder.List(metricNames)))
-	sb.GroupBy("metric_name")
-
-	query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
-
-	rows, err := m.telemetryStore.ClickhouseDB().Query(ctx, query, args...)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var name string
-		var cnt uint64
-		if err := rows.Scan(&name, &cnt); err != nil {
-			return nil, err
-		}
-		if cnt > 0 {
-			present[name] = true
-		}
-	}
-	if err := rows.Err(); err != nil {
-		return nil, err
-	}
-
-	return present, nil
-}
-
-// getAttributesExistence returns, for each requested attrName, whether it has ever
-// been reported as a label on any of the given metricNames. Presence is checked
-// against distributed_metadata without a time-range filter.
-func (m *module) getAttributesExistence(ctx context.Context, metricNames, attrNames []string) (map[string]bool, error) {
-	present := make(map[string]bool, len(attrNames))
-	for _, a := range attrNames {
-		present[a] = false
-	}
-	if len(attrNames) == 0 {
-		return present, nil
-	}
-	if len(metricNames) == 0 {
-		return nil, errors.NewInternalf(errors.CodeInternal, "getAttributesExistence: metricNames must not be empty")
-	}
-	sb := sqlbuilder.NewSelectBuilder()
-	sb.Select("attr_name", "count(*) AS cnt")
-	sb.From(fmt.Sprintf("%s.%s", telemetrymetrics.DBName, telemetrymetrics.AttributesMetadataTableName))
-	sb.Where(
-		sb.In("metric_name", sqlbuilder.List(metricNames)),
-		sb.In("attr_name", sqlbuilder.List(attrNames)),
-	)
-	sb.GroupBy("attr_name")
-
-	query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
-
-	rows, err := m.telemetryStore.ClickhouseDB().Query(ctx, query, args...)
-	if err != nil {
-		return nil, err
-	}
-	defer rows.Close()
-
-	for rows.Next() {
-		var name string
-		var cnt uint64
-		if err := rows.Scan(&name, &cnt); err != nil {
-			return nil, err
-		}
-		if name != "" && cnt > 0 {
-			present[name] = true
-		}
-	}
-	if err := rows.Err(); err != nil {
-		return nil, err
-	}
-
-	return present, nil
-}
-
 // getMetadata fetches the latest values of additionalCols for each unique combination of groupBy keys,
 // within the given time range and metric names. It uses argMax(tuple(...), unix_milli) to ensure
 // we always pick attribute values from the latest timestamp for each group.

pkg/modules/inframonitoring/implinframonitoring/internaltypes.go

@@ -1,7 +1,5 @@
 package implinframonitoring
 
-import "github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
-
 // The types in this file are only used within the implinframonitoring package, and are not exposed outside.
 // They are primarily used for internal processing and structuring of data within the module's implementation.
 
@@ -31,50 +29,3 @@ type nodeConditionCounts struct {
 	Ready    int
 	NotReady int
 }
-
-// bucketSplit carries the up-to-six entries a single spec bucket contributes
-// to an onboarding response. Any field may be nil if the bucket doesn't
-// populate that dimension.
-type bucketSplit struct {
-	PresentDefault  *inframonitoringtypes.MetricsComponentEntry
-	PresentOptional *inframonitoringtypes.MetricsComponentEntry
-	PresentAttrs    *inframonitoringtypes.AttributesComponentEntry
-	MissingDefault  *inframonitoringtypes.MissingMetricsComponentEntry
-	MissingOptional *inframonitoringtypes.MissingMetricsComponentEntry
-	MissingAttrs    *inframonitoringtypes.MissingAttributesComponentEntry
-}
-
-// onboardingComponentBucket is a single collector component's contribution
-// toward a single infra-monitoring tab's readiness. Any of the three dimension
-// slices (DefaultMetrics, OptionalMetrics, RequiredAttrs) may be empty — the
-// bucketizer in Phase 4 skips empty dimensions.
-type onboardingComponentBucket struct {
-	Component         inframonitoringtypes.AssociatedComponent
-	DefaultMetrics    []string
-	OptionalMetrics   []string
-	RequiredAttrs     []string
-	DocumentationLink string
-}
-
-// onboardingSpec defines, for one OnboardingType, the full set of
-// component-scoped buckets that must be satisfied for the tab to be ready.
-type onboardingSpec struct {
-	Buckets []onboardingComponentBucket
-}
-
-func (s onboardingSpec) getAllMetrics() []string {
-	var out []string
-	for _, b := range s.Buckets {
-		out = append(out, b.DefaultMetrics...)
-		out = append(out, b.OptionalMetrics...)
-	}
-	return out
-}
-
-func (s onboardingSpec) getAllAttrs() []string {
-	var out []string
-	for _, b := range s.Buckets {
-		out = append(out, b.RequiredAttrs...)
-	}
-	return out
-}

pkg/modules/inframonitoring/implinframonitoring/module.go

@@ -49,84 +49,6 @@ func NewModule(
 	}
 }
 
-// GetOnboarding runs a per-type readiness check: for the requested
-// infra-monitoring tab, reports which required metrics and attributes are
-// present vs missing, grouped by the collector component that produces them.
-// Ready is true iff every missing list is empty.
-func (m *module) GetOnboarding(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableOnboarding) (*inframonitoringtypes.Onboarding, error) {
-	if err := req.Validate(); err != nil {
-		return nil, err
-	}
-
-	spec, err := getSpecForType(req.Type)
-	if err != nil {
-		return nil, err
-	}
-
-	allMetrics := spec.getAllMetrics()
-	allAttrs := spec.getAllAttrs()
-
-	presentMetrics, err := m.getMetricsExistence(ctx, allMetrics)
-	if err != nil {
-		return nil, err
-	}
-	missingMetricsMap := make(map[string]bool, len(allMetrics))
-	for _, name := range allMetrics {
-		if !presentMetrics[name] {
-			missingMetricsMap[name] = true
-		}
-	}
-
-	presentAttrs, err := m.getAttributesExistence(ctx, allMetrics, allAttrs)
-	if err != nil {
-		return nil, err
-	}
-	missingAttrsMap := make(map[string]bool, len(allAttrs))
-	for _, name := range allAttrs {
-		if !presentAttrs[name] {
-			missingAttrsMap[name] = true
-		}
-	}
-
-	resp := &inframonitoringtypes.Onboarding{
-		Type:                         req.Type,
-		PresentDefaultEnabledMetrics: []inframonitoringtypes.MetricsComponentEntry{},
-		PresentOptionalMetrics:       []inframonitoringtypes.MetricsComponentEntry{},
-		PresentRequiredAttributes:    []inframonitoringtypes.AttributesComponentEntry{},
-		MissingDefaultEnabledMetrics: []inframonitoringtypes.MissingMetricsComponentEntry{},
-		MissingOptionalMetrics:       []inframonitoringtypes.MissingMetricsComponentEntry{},
-		MissingRequiredAttributes:    []inframonitoringtypes.MissingAttributesComponentEntry{},
-	}
-
-	for _, b := range spec.Buckets {
-		s := splitBucket(b, missingMetricsMap, missingAttrsMap)
-		if s.PresentDefault != nil {
-			resp.PresentDefaultEnabledMetrics = append(resp.PresentDefaultEnabledMetrics, *s.PresentDefault)
-		}
-		if s.PresentOptional != nil {
-			resp.PresentOptionalMetrics = append(resp.PresentOptionalMetrics, *s.PresentOptional)
-		}
-		if s.PresentAttrs != nil {
-			resp.PresentRequiredAttributes = append(resp.PresentRequiredAttributes, *s.PresentAttrs)
-		}
-		if s.MissingDefault != nil {
-			resp.MissingDefaultEnabledMetrics = append(resp.MissingDefaultEnabledMetrics, *s.MissingDefault)
-		}
-		if s.MissingOptional != nil {
-			resp.MissingOptionalMetrics = append(resp.MissingOptionalMetrics, *s.MissingOptional)
-		}
-		if s.MissingAttrs != nil {
-			resp.MissingRequiredAttributes = append(resp.MissingRequiredAttributes, *s.MissingAttrs)
-		}
-	}
-
-	resp.Ready = len(resp.MissingDefaultEnabledMetrics) == 0 &&
-		len(resp.MissingOptionalMetrics) == 0 &&
-		len(resp.MissingRequiredAttributes) == 0
-
-	return resp, nil
-}
-
 func (m *module) ListHosts(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableHosts) (*inframonitoringtypes.Hosts, error) {
 	ctx = m.withInfraMonitoringContext(ctx, "ListHosts")
 

pkg/modules/inframonitoring/implinframonitoring/onboarding.go

@@ -1,114 +0,0 @@
-package implinframonitoring
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
-)
-
-// splitBucket partitions one component bucket's metric and attribute lists
-// against the module-wide missing sets into up to six response entries.
-// Empty partitions are left nil so callers can skip them.
-func splitBucket(b onboardingComponentBucket, missingMetrics, missingAttrs map[string]bool) bucketSplit {
-	var s bucketSplit
-	presentDef, missDef := partitionList(b.DefaultMetrics, missingMetrics)
-	if len(presentDef) > 0 {
-		s.PresentDefault = &inframonitoringtypes.MetricsComponentEntry{
-			Metrics:             presentDef,
-			AssociatedComponent: b.Component,
-		}
-	}
-	if len(missDef) > 0 {
-		s.MissingDefault = &inframonitoringtypes.MissingMetricsComponentEntry{
-			MetricsComponentEntry: inframonitoringtypes.MetricsComponentEntry{
-				Metrics:             missDef,
-				AssociatedComponent: b.Component,
-			},
-			Message:           buildMissingDefaultMetricsMessage(missDef, b.Component.Name),
-			DocumentationLink: b.DocumentationLink,
-		}
-	}
-
-	presentOpt, missOpt := partitionList(b.OptionalMetrics, missingMetrics)
-	if len(presentOpt) > 0 {
-		s.PresentOptional = &inframonitoringtypes.MetricsComponentEntry{
-			Metrics:             presentOpt,
-			AssociatedComponent: b.Component,
-		}
-	}
-	if len(missOpt) > 0 {
-		s.MissingOptional = &inframonitoringtypes.MissingMetricsComponentEntry{
-			MetricsComponentEntry: inframonitoringtypes.MetricsComponentEntry{
-				Metrics:             missOpt,
-				AssociatedComponent: b.Component,
-			},
-			Message:           buildMissingOptionalMetricsMessage(missOpt, b.Component.Name),
-			DocumentationLink: b.DocumentationLink,
-		}
-	}
-
-	presentA, missA := partitionList(b.RequiredAttrs, missingAttrs)
-	if len(presentA) > 0 {
-		s.PresentAttrs = &inframonitoringtypes.AttributesComponentEntry{
-			Attributes:          presentA,
-			AssociatedComponent: b.Component,
-		}
-	}
-	if len(missA) > 0 {
-		s.MissingAttrs = &inframonitoringtypes.MissingAttributesComponentEntry{
-			AttributesComponentEntry: inframonitoringtypes.AttributesComponentEntry{
-				Attributes:          missA,
-				AssociatedComponent: b.Component,
-			},
-			Message:           buildMissingRequiredAttrsMessage(missA, b.Component.Name),
-			DocumentationLink: b.DocumentationLink,
-		}
-	}
-
-	return s
-}
-
-// getSpecForType returns the onboardingSpec for a given OnboardingType, or an error if the type is invalid.
-func getSpecForType(t inframonitoringtypes.OnboardingType) (*onboardingSpec, error) {
-	spec, ok := onboardingSpecs[t]
-	if !ok {
-		return nil, errors.NewInvalidInputf(errors.CodeInvalidInput, "no onboarding spec for type: %s", t)
-	}
-	return &spec, nil
-}
-
-// partitionList splits items into those NOT in `missing` and those in `missing`.
-// Preserves input order.
-func partitionList(items []string, missing map[string]bool) (present, miss []string) {
-	for _, x := range items {
-		if missing[x] {
-			miss = append(miss, x)
-		} else {
-			present = append(present, x)
-		}
-	}
-	return present, miss
-}
-
-func buildMissingDefaultMetricsMessage(metrics []string, componentName string) string {
-	return fmt.Sprintf(
-		"Missing default metrics %s from %s. Learn how to configure here.",
-		strings.Join(metrics, ", "), componentName,
-	)
-}
-
-func buildMissingOptionalMetricsMessage(metrics []string, componentName string) string {
-	return fmt.Sprintf(
-		"Missing optional metrics %s from %s. Learn how to enable here.",
-		strings.Join(metrics, ", "), componentName,
-	)
-}
-
-func buildMissingRequiredAttrsMessage(attrs []string, componentName string) string {
-	return fmt.Sprintf(
-		"Missing required attributes %s from %s. Learn how to configure here.",
-		strings.Join(attrs, ", "), componentName,
-	)
-}

pkg/modules/inframonitoring/implinframonitoring/onboarding_constants.go

@@ -1,397 +0,0 @@
-package implinframonitoring
-
-import "github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
-
-// Component names — the 5 OTel collector receivers/processors that produce
-// metrics and resource attributes consumed by infra-monitoring tabs. Bare
-// strings on purpose (not wrapped enums) — the list is open-ended enough that
-// an enum adds more friction than value.
-const (
-	componentNameHostMetricsReceiver        = "hostmetricsreceiver"
-	componentNameKubeletStatsReceiver       = "kubeletstatsreceiver"
-	componentNameK8sClusterReceiver         = "k8sclusterreceiver"
-	componentNameResourceDetectionProcessor = "resourcedetectionprocessor"
-	componentNameK8sAttributesProcessor     = "k8sattributesprocessor"
-)
-
-// Documentation links — one per component. User-facing; emitted on missing-entries.
-const (
-	docLinkHostMetricsReceiver        = "https://signoz.io/docs/infrastructure-monitoring/user-guides/hostmetrics/#configure-the-hostmetrics-receiver"
-	docLinkKubeletStatsReceiver       = "https://signoz.io/docs/infrastructure-monitoring/user-guides/k8s-metrics/#setup-kubelet-stats-receiver"
-	docLinkK8sClusterReceiver         = "https://signoz.io/docs/infrastructure-monitoring/user-guides/k8s-metrics/#setup-k8s-cluster-receiver"
-	docLinkResourceDetectionProcessor = "https://signoz.io/docs/infrastructure-monitoring/user-guides/hostmetrics/#configure-the-resourcedetection-processor"
-	docLinkK8sAttributesProcessor     = "https://signoz.io/docs/infrastructure-monitoring/user-guides/k8s-metrics/#3-setup-k8sattributesprocessor-to-enable-kubernetes-metadata"
-)
-
-var (
-	componentHostMetricsReceiver = inframonitoringtypes.AssociatedComponent{
-		Type: inframonitoringtypes.OnboardingComponentTypeReceiver,
-		Name: componentNameHostMetricsReceiver,
-	}
-	componentKubeletStatsReceiver = inframonitoringtypes.AssociatedComponent{
-		Type: inframonitoringtypes.OnboardingComponentTypeReceiver,
-		Name: componentNameKubeletStatsReceiver,
-	}
-	componentK8sClusterReceiver = inframonitoringtypes.AssociatedComponent{
-		Type: inframonitoringtypes.OnboardingComponentTypeReceiver,
-		Name: componentNameK8sClusterReceiver,
-	}
-	componentResourceDetectionProcessor = inframonitoringtypes.AssociatedComponent{
-		Type: inframonitoringtypes.OnboardingComponentTypeProcessor,
-		Name: componentNameResourceDetectionProcessor,
-	}
-	componentK8sAttributesProcessor = inframonitoringtypes.AssociatedComponent{
-		Type: inframonitoringtypes.OnboardingComponentTypeProcessor,
-		Name: componentNameK8sAttributesProcessor,
-	}
-)
-
-// onboardingSpecs is the single lookup table the module consults for a type's
-// readiness contract. Every OnboardingType value must have an entry here.
-var onboardingSpecs = map[inframonitoringtypes.OnboardingType]onboardingSpec{
-	inframonitoringtypes.OnboardingTypeHosts:        hostsSpec,
-	inframonitoringtypes.OnboardingTypeProcesses:    processesSpec,
-	inframonitoringtypes.OnboardingTypePods:         podsSpec,
-	inframonitoringtypes.OnboardingTypeNodes:        nodesSpec,
-	inframonitoringtypes.OnboardingTypeDeployments:  deploymentsSpec,
-	inframonitoringtypes.OnboardingTypeDaemonsets:   daemonsetsSpec,
-	inframonitoringtypes.OnboardingTypeStatefulsets: statefulsetsSpec,
-	inframonitoringtypes.OnboardingTypeJobs:         jobsSpec,
-	inframonitoringtypes.OnboardingTypeNamespaces:   namespacesSpec,
-	inframonitoringtypes.OnboardingTypeClusters:     clustersSpec,
-	inframonitoringtypes.OnboardingTypeVolumes:      volumesSpec,
-}
-
-// Per-type specs. Every metric and attribute is spelled out in its own spec
-// on purpose — no shared slices, no concatenation helpers. Repetition is
-// cheaper than indirection when auditing what each tab actually requires.
-
-var hostsSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentHostMetricsReceiver,
-			DefaultMetrics: []string{
-				"system.cpu.time",
-				"system.memory.usage",
-				"system.cpu.load_average.15m",
-				"system.filesystem.usage",
-			},
-			DocumentationLink: docLinkHostMetricsReceiver,
-		},
-		{
-			Component:         componentResourceDetectionProcessor,
-			RequiredAttrs:     []string{"host.name"},
-			DocumentationLink: docLinkResourceDetectionProcessor,
-		},
-	},
-}
-
-var processesSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentHostMetricsReceiver,
-			DefaultMetrics: []string{
-				"process.cpu.time",
-				"process.memory.usage",
-			},
-			RequiredAttrs:     []string{"process.pid"},
-			DocumentationLink: docLinkHostMetricsReceiver,
-		},
-	},
-}
-
-var podsSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentKubeletStatsReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.cpu.usage",
-				"k8s.pod.memory.working_set",
-			},
-			OptionalMetrics: []string{
-				"k8s.pod.cpu_request_utilization",
-				"k8s.pod.cpu_limit_utilization",
-				"k8s.pod.memory_request_utilization",
-				"k8s.pod.memory_limit_utilization",
-			},
-			DocumentationLink: docLinkKubeletStatsReceiver,
-		},
-		{
-			Component:         componentK8sClusterReceiver,
-			DefaultMetrics:    []string{"k8s.pod.phase"},
-			DocumentationLink: docLinkK8sClusterReceiver,
-		},
-		{
-			Component:         componentK8sAttributesProcessor,
-			RequiredAttrs:     []string{"k8s.pod.uid"},
-			DocumentationLink: docLinkK8sAttributesProcessor,
-		},
-	},
-}
-
-var nodesSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentKubeletStatsReceiver,
-			DefaultMetrics: []string{
-				"k8s.node.cpu.usage",
-				"k8s.node.memory.working_set",
-			},
-			DocumentationLink: docLinkKubeletStatsReceiver,
-		},
-		{
-			Component: componentK8sClusterReceiver,
-			DefaultMetrics: []string{
-				"k8s.node.allocatable_cpu",
-				"k8s.node.allocatable_memory", // k8s.node.allocatable_cpu and k8s.node.allocatable_memory are
-				// controlled by allocatable_types_to_report config option (Check // https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/4f9a578b210a6dcb9f9bf47942f27208b5765298/receiver/k8sclusterreceiver/metadata.yaml#L805-L806)
-				"k8s.node.condition_ready", // # k8s.node.condition_* metrics (k8s.node.condition_ready, k8s.node.condition_memory_pressure, etc) are controlled# by node_conditions_to_report config option.
-				//  By default, only k8s.node.condition_ready is enabled. (Check https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/4f9a578b210a6dcb9f9bf47942f27208b5765298/receiver/k8sclusterreceiver/metadata.yaml#L802)
-				"k8s.pod.phase", // pod counts per node by phase
-			},
-			DocumentationLink: docLinkK8sClusterReceiver,
-		},
-		{
-			Component:         componentK8sAttributesProcessor,
-			RequiredAttrs:     []string{"k8s.node.name"},
-			DocumentationLink: docLinkK8sAttributesProcessor,
-		},
-	},
-}
-
-var deploymentsSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentKubeletStatsReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.cpu.usage",
-				"k8s.pod.memory.working_set",
-			},
-			OptionalMetrics: []string{
-				"k8s.pod.cpu_request_utilization",
-				"k8s.pod.cpu_limit_utilization",
-				"k8s.pod.memory_request_utilization",
-				"k8s.pod.memory_limit_utilization",
-			},
-			DocumentationLink: docLinkKubeletStatsReceiver,
-		},
-		{
-			Component: componentK8sClusterReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.phase",
-				"k8s.deployment.desired",
-				"k8s.deployment.available",
-			},
-			DocumentationLink: docLinkK8sClusterReceiver,
-		},
-		{
-			Component:         componentK8sAttributesProcessor,
-			RequiredAttrs:     []string{"k8s.deployment.name", "k8s.namespace.name"},
-			DocumentationLink: docLinkK8sAttributesProcessor,
-		},
-		{
-			Component:         componentResourceDetectionProcessor,
-			RequiredAttrs:     []string{"k8s.cluster.name"},
-			DocumentationLink: docLinkResourceDetectionProcessor,
-		},
-	},
-}
-
-var daemonsetsSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentKubeletStatsReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.cpu.usage",
-				"k8s.pod.memory.working_set",
-			},
-			OptionalMetrics: []string{
-				"k8s.pod.cpu_request_utilization",
-				"k8s.pod.cpu_limit_utilization",
-				"k8s.pod.memory_request_utilization",
-				"k8s.pod.memory_limit_utilization",
-			},
-			DocumentationLink: docLinkKubeletStatsReceiver,
-		},
-		{
-			Component: componentK8sClusterReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.phase",
-				"k8s.daemonset.desired_scheduled_nodes",
-				"k8s.daemonset.current_scheduled_nodes",
-			},
-			DocumentationLink: docLinkK8sClusterReceiver,
-		},
-		{
-			Component:         componentK8sAttributesProcessor,
-			RequiredAttrs:     []string{"k8s.daemonset.name", "k8s.namespace.name"},
-			DocumentationLink: docLinkK8sAttributesProcessor,
-		},
-		{
-			Component:         componentResourceDetectionProcessor,
-			RequiredAttrs:     []string{"k8s.cluster.name"},
-			DocumentationLink: docLinkResourceDetectionProcessor,
-		},
-	},
-}
-
-var statefulsetsSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentKubeletStatsReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.cpu.usage",
-				"k8s.pod.memory.working_set",
-			},
-			OptionalMetrics: []string{
-				"k8s.pod.cpu_request_utilization",
-				"k8s.pod.cpu_limit_utilization",
-				"k8s.pod.memory_request_utilization",
-				"k8s.pod.memory_limit_utilization",
-			},
-			DocumentationLink: docLinkKubeletStatsReceiver,
-		},
-		{
-			Component: componentK8sClusterReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.phase",
-				"k8s.statefulset.desired_pods",
-				"k8s.statefulset.current_pods",
-			},
-			DocumentationLink: docLinkK8sClusterReceiver,
-		},
-		{
-			Component:         componentK8sAttributesProcessor,
-			RequiredAttrs:     []string{"k8s.statefulset.name", "k8s.namespace.name"},
-			DocumentationLink: docLinkK8sAttributesProcessor,
-		},
-		{
-			Component:         componentResourceDetectionProcessor,
-			RequiredAttrs:     []string{"k8s.cluster.name"},
-			DocumentationLink: docLinkResourceDetectionProcessor,
-		},
-	},
-}
-
-var jobsSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentKubeletStatsReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.cpu.usage",
-				"k8s.pod.memory.working_set",
-			},
-			OptionalMetrics: []string{
-				"k8s.pod.cpu_request_utilization",
-				"k8s.pod.cpu_limit_utilization",
-				"k8s.pod.memory_request_utilization",
-				"k8s.pod.memory_limit_utilization",
-			},
-			DocumentationLink: docLinkKubeletStatsReceiver,
-		},
-		{
-			Component: componentK8sClusterReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.phase",
-				"k8s.job.desired_successful_pods",
-				"k8s.job.active_pods",
-				"k8s.job.failed_pods",
-				"k8s.job.successful_pods",
-			},
-			DocumentationLink: docLinkK8sClusterReceiver,
-		},
-		{
-			Component:         componentK8sAttributesProcessor,
-			RequiredAttrs:     []string{"k8s.job.name", "k8s.namespace.name"},
-			DocumentationLink: docLinkK8sAttributesProcessor,
-		},
-		{
-			Component:         componentResourceDetectionProcessor,
-			RequiredAttrs:     []string{"k8s.cluster.name"},
-			DocumentationLink: docLinkResourceDetectionProcessor,
-		},
-	},
-}
-
-var namespacesSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentKubeletStatsReceiver,
-			DefaultMetrics: []string{
-				"k8s.pod.cpu.usage",
-				"k8s.pod.memory.working_set",
-			},
-			DocumentationLink: docLinkKubeletStatsReceiver,
-		},
-		{
-			Component:         componentK8sClusterReceiver,
-			DefaultMetrics:    []string{"k8s.pod.phase"},
-			DocumentationLink: docLinkK8sClusterReceiver,
-		},
-		{
-			Component:         componentK8sAttributesProcessor,
-			RequiredAttrs:     []string{"k8s.namespace.name"},
-			DocumentationLink: docLinkK8sAttributesProcessor,
-		},
-		{
-			Component:         componentResourceDetectionProcessor,
-			RequiredAttrs:     []string{"k8s.cluster.name"},
-			DocumentationLink: docLinkResourceDetectionProcessor,
-		},
-	},
-}
-
-var clustersSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentKubeletStatsReceiver,
-			DefaultMetrics: []string{
-				"k8s.node.cpu.usage",
-				"k8s.node.memory.working_set",
-			},
-			DocumentationLink: docLinkKubeletStatsReceiver,
-		},
-		{
-			Component: componentK8sClusterReceiver,
-			DefaultMetrics: []string{
-				"k8s.node.allocatable_cpu",
-				"k8s.node.allocatable_memory", //k8s.node.allocatable_cpu and k8s.node.allocatable_memory are
-				// controlled by allocatable_types_to_report config option (Check // https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/4f9a578b210a6dcb9f9bf47942f27208b5765298/receiver/k8sclusterreceiver/metadata.yaml#L805-L806)
-				"k8s.node.condition_ready", // node counts by readiness
-				"k8s.pod.phase",            // pod counts per cluster by phase
-			},
-			DocumentationLink: docLinkK8sClusterReceiver,
-		},
-		{
-			Component:         componentResourceDetectionProcessor,
-			RequiredAttrs:     []string{"k8s.cluster.name"},
-			DocumentationLink: docLinkResourceDetectionProcessor,
-		},
-	},
-}
-
-var volumesSpec = onboardingSpec{
-	Buckets: []onboardingComponentBucket{
-		{
-			Component: componentKubeletStatsReceiver,
-			DefaultMetrics: []string{
-				"k8s.volume.available",
-				"k8s.volume.capacity",
-				"k8s.volume.inodes",
-				"k8s.volume.inodes.free",
-				"k8s.volume.inodes.used",
-			},
-			DocumentationLink: docLinkKubeletStatsReceiver,
-		},
-		{
-			Component:         componentK8sAttributesProcessor,
-			RequiredAttrs:     []string{"k8s.persistentvolumeclaim.name", "k8s.namespace.name"},
-			DocumentationLink: docLinkK8sAttributesProcessor,
-		},
-		{
-			Component:         componentResourceDetectionProcessor,
-			RequiredAttrs:     []string{"k8s.cluster.name"},
-			DocumentationLink: docLinkResourceDetectionProcessor,
-		},
-	},
-}

pkg/modules/inframonitoring/implinframonitoring/onboarding_test.go

@@ -1,246 +0,0 @@
-package implinframonitoring
-
-import (
-	"testing"
-
-	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
-	"github.com/stretchr/testify/require"
-)
-
-// Component used across splitBucket cases — it's a processor so the test
-// doesn't carry any receiver semantics.
-var testComponent = inframonitoringtypes.AssociatedComponent{
-	Type: inframonitoringtypes.OnboardingComponentTypeReceiver,
-	Name: "testreceiver",
-}
-
-const testDocLink = "https://example.com/docs"
-
-func TestSplitBucket(t *testing.T) {
-	type want struct {
-		presentDefault  []string
-		presentOptional []string
-		presentAttrs    []string
-		missingDefault  []string
-		missingOptional []string
-		missingAttrs    []string
-	}
-
-	tests := []struct {
-		name           string
-		bucket         onboardingComponentBucket
-		missingMetrics map[string]bool
-		missingAttrs   map[string]bool
-		want           want
-	}{
-		{
-			name:           "empty bucket — nothing to emit",
-			bucket:         onboardingComponentBucket{Component: testComponent, DocumentationLink: testDocLink},
-			missingMetrics: map[string]bool{},
-			missingAttrs:   map[string]bool{},
-			want:           want{},
-		},
-		{
-			name: "all default metrics present",
-			bucket: onboardingComponentBucket{
-				Component:         testComponent,
-				DefaultMetrics:    []string{"m1", "m2"},
-				DocumentationLink: testDocLink,
-			},
-			missingMetrics: map[string]bool{},
-			missingAttrs:   map[string]bool{},
-			want: want{
-				presentDefault: []string{"m1", "m2"},
-			},
-		},
-		{
-			name: "all default metrics missing",
-			bucket: onboardingComponentBucket{
-				Component:         testComponent,
-				DefaultMetrics:    []string{"m1", "m2"},
-				DocumentationLink: testDocLink,
-			},
-			missingMetrics: map[string]bool{"m1": true, "m2": true},
-			missingAttrs:   map[string]bool{},
-			want: want{
-				missingDefault: []string{"m1", "m2"},
-			},
-		},
-		{
-			name: "mixed default metrics",
-			bucket: onboardingComponentBucket{
-				Component:         testComponent,
-				DefaultMetrics:    []string{"m1", "m2", "m3"},
-				DocumentationLink: testDocLink,
-			},
-			missingMetrics: map[string]bool{"m2": true},
-			missingAttrs:   map[string]bool{},
-			want: want{
-				presentDefault: []string{"m1", "m3"},
-				missingDefault: []string{"m2"},
-			},
-		},
-		{
-			name: "only optional metrics — all missing",
-			bucket: onboardingComponentBucket{
-				Component:         testComponent,
-				OptionalMetrics:   []string{"opt1", "opt2"},
-				DocumentationLink: testDocLink,
-			},
-			missingMetrics: map[string]bool{"opt1": true, "opt2": true},
-			missingAttrs:   map[string]bool{},
-			want: want{
-				missingOptional: []string{"opt1", "opt2"},
-			},
-		},
-		{
-			name: "only required attrs — all present",
-			bucket: onboardingComponentBucket{
-				Component:         testComponent,
-				RequiredAttrs:     []string{"a1", "a2"},
-				DocumentationLink: testDocLink,
-			},
-			missingMetrics: map[string]bool{},
-			missingAttrs:   map[string]bool{},
-			want: want{
-				presentAttrs: []string{"a1", "a2"},
-			},
-		},
-		{
-			name: "only required attrs — all missing",
-			bucket: onboardingComponentBucket{
-				Component:         testComponent,
-				RequiredAttrs:     []string{"a1"},
-				DocumentationLink: testDocLink,
-			},
-			missingMetrics: map[string]bool{},
-			missingAttrs:   map[string]bool{"a1": true},
-			want: want{
-				missingAttrs: []string{"a1"},
-			},
-		},
-		{
-			name: "every dimension populated on both sides",
-			bucket: onboardingComponentBucket{
-				Component:         testComponent,
-				DefaultMetrics:    []string{"d1", "d2"},
-				OptionalMetrics:   []string{"o1", "o2"},
-				RequiredAttrs:     []string{"a1", "a2"},
-				DocumentationLink: testDocLink,
-			},
-			missingMetrics: map[string]bool{"d2": true, "o1": true},
-			missingAttrs:   map[string]bool{"a2": true},
-			want: want{
-				presentDefault:  []string{"d1"},
-				missingDefault:  []string{"d2"},
-				presentOptional: []string{"o2"},
-				missingOptional: []string{"o1"},
-				presentAttrs:    []string{"a1"},
-				missingAttrs:    []string{"a2"},
-			},
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got := splitBucket(tt.bucket, tt.missingMetrics, tt.missingAttrs)
-
-			requireMetricsEntry(t, "presentDefault", got.PresentDefault, tt.want.presentDefault)
-			requireMetricsEntry(t, "presentOptional", got.PresentOptional, tt.want.presentOptional)
-			requireAttrsEntry(t, "presentAttrs", got.PresentAttrs, tt.want.presentAttrs)
-
-			requireMissingMetrics(t, "missingDefault", got.MissingDefault, tt.want.missingDefault)
-			requireMissingMetrics(t, "missingOptional", got.MissingOptional, tt.want.missingOptional)
-			requireMissingAttrs(t, "missingAttrs", got.MissingAttrs, tt.want.missingAttrs)
-		})
-	}
-}
-
-func TestPartitionList(t *testing.T) {
-	present, missing := partitionList(
-		[]string{"a", "b", "c", "d"},
-		map[string]bool{"b": true, "d": true},
-	)
-	require.Equal(t, []string{"a", "c"}, present)
-	require.Equal(t, []string{"b", "d"}, missing)
-}
-
-func TestMissingMessageTemplates(t *testing.T) {
-	require.Equal(t,
-		"Missing default metrics m1, m2 from comp. Learn how to configure here.",
-		buildMissingDefaultMetricsMessage([]string{"m1", "m2"}, "comp"),
-	)
-	require.Equal(t,
-		"Missing optional metrics m1 from comp. Learn how to enable here.",
-		buildMissingOptionalMetricsMessage([]string{"m1"}, "comp"),
-	)
-	require.Equal(t,
-		"Missing required attributes a1 from comp. Learn how to configure here.",
-		buildMissingRequiredAttrsMessage([]string{"a1"}, "comp"),
-	)
-	require.Equal(t,
-		"Missing required attributes a1, a2 from comp. Learn how to configure here.",
-		buildMissingRequiredAttrsMessage([]string{"a1", "a2"}, "comp"),
-	)
-}
-
-// TestOnboardingSpecs_CoverAllTypes ensures the spec map has an entry for
-// every OnboardingType — prevents silently shipping an onboarding type that
-// has no spec and would 500 at runtime.
-func TestOnboardingSpecs_CoverAllTypes(t *testing.T) {
-	for _, tp := range inframonitoringtypes.ValidOnboardingTypes {
-		_, ok := onboardingSpecs[tp]
-		require.True(t, ok, "missing onboarding spec for type %s", tp)
-	}
-	require.Len(t, onboardingSpecs, len(inframonitoringtypes.ValidOnboardingTypes))
-}
-
-// --- helpers ---
-
-func requireMetricsEntry(t *testing.T, name string, got *inframonitoringtypes.MetricsComponentEntry, wantMetrics []string) {
-	t.Helper()
-	if len(wantMetrics) == 0 {
-		require.Nil(t, got, name)
-		return
-	}
-	require.NotNil(t, got, name)
-	require.Equal(t, wantMetrics, got.Metrics, name)
-	require.Equal(t, testComponent, got.AssociatedComponent, name)
-}
-
-func requireAttrsEntry(t *testing.T, name string, got *inframonitoringtypes.AttributesComponentEntry, wantAttrs []string) {
-	t.Helper()
-	if len(wantAttrs) == 0 {
-		require.Nil(t, got, name)
-		return
-	}
-	require.NotNil(t, got, name)
-	require.Equal(t, wantAttrs, got.Attributes, name)
-	require.Equal(t, testComponent, got.AssociatedComponent, name)
-}
-
-func requireMissingMetrics(t *testing.T, name string, got *inframonitoringtypes.MissingMetricsComponentEntry, wantMetrics []string) {
-	t.Helper()
-	if len(wantMetrics) == 0 {
-		require.Nil(t, got, name)
-		return
-	}
-	require.NotNil(t, got, name)
-	require.Equal(t, wantMetrics, got.Metrics, name)
-	require.Equal(t, testComponent, got.AssociatedComponent, name)
-	require.NotEmpty(t, got.Message, name)
-	require.Equal(t, testDocLink, got.DocumentationLink, name)
-}
-
-func requireMissingAttrs(t *testing.T, name string, got *inframonitoringtypes.MissingAttributesComponentEntry, wantAttrs []string) {
-	t.Helper()
-	if len(wantAttrs) == 0 {
-		require.Nil(t, got, name)
-		return
-	}
-	require.NotNil(t, got, name)
-	require.Equal(t, wantAttrs, got.Attributes, name)
-	require.Equal(t, testComponent, got.AssociatedComponent, name)
-	require.NotEmpty(t, got.Message, name)
-	require.Equal(t, testDocLink, got.DocumentationLink, name)
-}

pkg/modules/inframonitoring/inframonitoring.go

@@ -20,7 +20,6 @@ type Handler interface {
 	ListStatefulSets(http.ResponseWriter, *http.Request)
 	ListJobs(http.ResponseWriter, *http.Request)
 	ListDaemonSets(http.ResponseWriter, *http.Request)
-	GetOnboarding(http.ResponseWriter, *http.Request)
 }
 
 type Module interface {
@@ -35,5 +34,4 @@ type Module interface {
 	ListStatefulSets(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableStatefulSets) (*inframonitoringtypes.StatefulSets, error)
 	ListJobs(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableJobs) (*inframonitoringtypes.Jobs, error)
 	ListDaemonSets(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableDaemonSets) (*inframonitoringtypes.DaemonSets, error)
-	GetOnboarding(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableOnboarding) (*inframonitoringtypes.Onboarding, error)
 }

pkg/modules/llmpricingrule/impllmpricingrule/handler.go

@@ -54,7 +54,7 @@ func (h *handler) List(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	rules, total, err := h.module.List(ctx, orgID, q.Offset, q.Limit)
+	rules, total, err := h.module.List(ctx, orgID, q.Offset, q.Limit, q.Search, q.IsOverride)
 	if err != nil {
 		render.Error(rw, err)
 		return

pkg/modules/llmpricingrule/impllmpricingrule/module.go

@@ -21,8 +21,8 @@ func NewModule(store llmpricingruletypes.Store) llmpricingrule.Module {
 	return &module{store: store}
 }
 
-func (module *module) List(ctx context.Context, orgID valuer.UUID, offset, limit int) ([]*llmpricingruletypes.LLMPricingRule, int, error) {
-	return module.store.List(ctx, orgID, offset, limit)
+func (module *module) List(ctx context.Context, orgID valuer.UUID, offset, limit int, search string, isOverride *bool) ([]*llmpricingruletypes.LLMPricingRule, int, error) {
+	return module.store.List(ctx, orgID, offset, limit, search, isOverride)
 }
 
 func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*llmpricingruletypes.LLMPricingRule, error) {
@@ -108,7 +108,7 @@ func (module *module) RecommendAgentConfig(orgID valuer.UUID, currentConfYaml []
 }
 
 func (module *module) getEnabledRules(ctx context.Context, orgID valuer.UUID) ([]*llmpricingruletypes.LLMPricingRule, error) {
-	rules, _, err := module.List(ctx, orgID, 0, 10000)
+	rules, _, err := module.List(ctx, orgID, 0, 10000, "", nil)
 	if err != nil {
 		return nil, err
 	}

pkg/modules/llmpricingrule/impllmpricingrule/store.go

@@ -17,14 +17,25 @@ func NewStore(sqlstore sqlstore.SQLStore) llmpricingruletypes.Store {
 	return &store{sqlstore: sqlstore}
 }
 
-func (store *store) List(ctx context.Context, orgID valuer.UUID, offset, limit int) ([]*llmpricingruletypes.LLMPricingRule, int, error) {
+func (store *store) List(ctx context.Context, orgID valuer.UUID, offset, limit int, search string, isOverride *bool) ([]*llmpricingruletypes.LLMPricingRule, int, error) {
 	rules := make([]*llmpricingruletypes.LLMPricingRule, 0)
 
-	count, err := store.sqlstore.
+	query := store.sqlstore.
 		BunDBCtx(ctx).
 		NewSelect().
 		Model(&rules).
-		Where("org_id = ?", orgID).
+		Where("org_id = ?", orgID)
+
+	if search != "" {
+		like := "%" + search + "%"
+		query = query.Where("(LOWER(model) LIKE LOWER(?) OR LOWER(provider) LIKE LOWER(?))", like, like)
+	}
+
+	if isOverride != nil {
+		query = query.Where("is_override = ?", *isOverride)
+	}
+
+	count, err := query.
 		Order("created_at DESC").
 		Offset(offset).
 		Limit(limit).

pkg/modules/llmpricingrule/llmpricingrule.go

@@ -13,7 +13,7 @@ type Module interface {
 	// Since this module interacts with OpAMP, it must implement the AgentFeature interface.
 	agentConf.AgentFeature
 
-	List(ctx context.Context, orgID valuer.UUID, offset, limit int) ([]*llmpricingruletypes.LLMPricingRule, int, error)
+	List(ctx context.Context, orgID valuer.UUID, offset, limit int, search string, isOverride *bool) ([]*llmpricingruletypes.LLMPricingRule, int, error)
 	Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*llmpricingruletypes.LLMPricingRule, error)
 	CreateOrUpdate(ctx context.Context, orgID valuer.UUID, userEmail string, rules []*llmpricingruletypes.UpdatableLLMPricingRule) (err error)
 	Delete(ctx context.Context, orgID, id valuer.UUID) error

pkg/query-service/app/http_handler.go

@@ -1678,6 +1678,15 @@ func (aH *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 		Route:      "",
 	})
 
+	aiObservability := aH.Signoz.Flagger.BooleanOrEmpty(r.Context(), flagger.FeatureEnableAIObservability, evalCtx)
+	featureSet = append(featureSet, &licensetypes.Feature{
+		Name:       valuer.NewString(flagger.FeatureEnableAIObservability.String()),
+		Active:     aiObservability,
+		Usage:      0,
+		UsageLimit: -1,
+		Route:      "",
+	})
+
 	if constants.IsDotMetricsEnabled {
 		for idx, feature := range featureSet {
 			if feature.Name == licensetypes.DotMetricsEnabled {

pkg/types/authtypes/role.go

@@ -20,6 +20,7 @@ var (
 	ErrCodeRoleEmptyPatch                   = errors.MustNewCode("role_empty_patch")
 	ErrCodeInvalidTypeRelation              = errors.MustNewCode("role_invalid_type_relation")
 	ErrCodeRoleNotFound                     = errors.MustNewCode("role_not_found")
+	ErrCodeRoleAlreadyExists                = errors.MustNewCode("role_already_exists")
 	ErrCodeRoleFailedTransactionsFromString = errors.MustNewCode("role_failed_transactions_from_string")
 	ErrCodeRoleUnsupported                  = errors.MustNewCode("role_unsupported")
 	ErrCodeRoleHasUserAssignees             = errors.MustNewCode("role_has_user_assignees")
@@ -72,9 +73,20 @@ type Role struct {
 	OrgID       valuer.UUID   `bun:"org_id,type:string" json:"orgId" required:"true"`
 }
 
+type RoleWithTransactionGroups struct {
+	*Role
+	TransactionGroups TransactionGroups `json:"transactionGroups" required:"true" nullable:"false"`
+}
+
 type PostableRole struct {
-	Name        string `json:"name" required:"true"`
-	Description string `json:"description"`
+	Name              string            `json:"name" required:"true"`
+	Description       string            `json:"description" required:"true"`
+	TransactionGroups TransactionGroups `json:"transactionGroups" required:"true" nullable:"false"`
+}
+
+type UpdatableRole struct {
+	Description       string            `json:"description" required:"true"`
+	TransactionGroups TransactionGroups `json:"transactionGroups" required:"true" nullable:"false"`
 }
 
 type PatchableRole struct {
@@ -97,6 +109,22 @@ func NewRole(name, description string, roleType valuer.String, orgID valuer.UUID
 	}
 }
 
+func NewRoleWithTransactionGroups(name, description string, roleType valuer.String, orgID valuer.UUID, transactionGroups TransactionGroups) *RoleWithTransactionGroups {
+	role := NewRole(name, description, roleType, orgID)
+
+	return &RoleWithTransactionGroups{
+		Role:              role,
+		TransactionGroups: transactionGroups,
+	}
+}
+
+func MakeRoleWithTransactionGroups(role *Role, transactionGroups TransactionGroups) *RoleWithTransactionGroups {
+	return &RoleWithTransactionGroups{
+		Role:              role,
+		TransactionGroups: transactionGroups,
+	}
+}
+
 func NewManagedRoles(orgID valuer.UUID) []*Role {
 	return []*Role{
 		NewRole(SigNozAdminRoleName, SigNozAdminRoleDescription, RoleTypeManaged, orgID),
@@ -118,6 +146,18 @@ func (role *Role) PatchMetadata(description string) error {
 	return nil
 }
 
+func (role *RoleWithTransactionGroups) Update(description string, transactionGroups TransactionGroups) error {
+	err := role.ErrIfManaged()
+	if err != nil {
+		return err
+	}
+
+	role.Description = description
+	role.TransactionGroups = transactionGroups
+	role.UpdatedAt = time.Now()
+	return nil
+}
+
 func (role *Role) ErrIfManaged() error {
 	if role.Type == RoleTypeManaged {
 		return errors.Newf(errors.TypeInvalidInput, ErrCodeRoleInvalidInput, "cannot edit/delete managed role: %s", role.Name)
@@ -127,31 +167,58 @@ func (role *Role) ErrIfManaged() error {
 }
 
 func (role *PostableRole) UnmarshalJSON(data []byte) error {
-	type shadowPostableRole struct {
-		Name        string `json:"name"`
-		Description string `json:"description"`
-	}
+	type Alias PostableRole
+	var temp Alias
 
-	var shadowRole shadowPostableRole
-	if err := json.Unmarshal(data, &shadowRole); err != nil {
+	if err := json.Unmarshal(data, &temp); err != nil {
 		return err
 	}
 
-	if shadowRole.Name == "" {
+	if temp.Name == "" {
 		return errors.New(errors.TypeInvalidInput, ErrCodeRoleInvalidInput, "name is missing from the request")
 	}
 
-	if match := roleNameRegex.MatchString(shadowRole.Name); !match {
+	if match := roleNameRegex.MatchString(temp.Name); !match {
 		return errors.New(errors.TypeInvalidInput, ErrCodeRoleInvalidInput, "name must contain only lowercase letters (a-z) and hyphens (-), and be at most 50 characters long.")
 	}
 
-	if strings.HasPrefix(shadowRole.Name, managedRolePrefix) {
+	if strings.HasPrefix(temp.Name, managedRolePrefix) {
 		return errors.Newf(errors.TypeInvalidInput, ErrCodeRoleInvalidInput, "role name cannot start with %q as it is reserved for SigNoz managed roles.", managedRolePrefix)
 	}
 
-	role.Name = shadowRole.Name
-	role.Description = shadowRole.Description
+	if temp.TransactionGroups == nil {
+		return errors.New(errors.TypeInvalidInput, ErrCodeRoleInvalidInput, "transactionGroups is required").WithAdditional("send an empty array to create a role with no transaction groups")
+	}
 
+	role.Name = temp.Name
+	role.Description = temp.Description
+	role.TransactionGroups = temp.TransactionGroups
+	return nil
+}
+
+func (role *UpdatableRole) UnmarshalJSON(data []byte) error {
+	shadow := struct {
+		Description       *string           `json:"description"`
+		TransactionGroups TransactionGroups `json:"transactionGroups"`
+	}{}
+
+	if err := json.Unmarshal(data, &shadow); err != nil {
+		return err
+	}
+
+	// A pointer distinguishes an omitted/null description from an explicit empty string: the field
+	// must be sent (update reconciles to exactly what is given), but an empty string is allowed so a
+	// caller can deliberately clear the description.
+	if shadow.Description == nil {
+		return errors.New(errors.TypeInvalidInput, ErrCodeRoleInvalidInput, "description is required").WithAdditional("send an empty string to clear the description")
+	}
+
+	if shadow.TransactionGroups == nil {
+		return errors.New(errors.TypeInvalidInput, ErrCodeRoleInvalidInput, "transactionGroups is required").WithAdditional("send an empty array to clear the role's transaction groups")
+	}
+
+	role.Description = *shadow.Description
+	role.TransactionGroups = shadow.TransactionGroups
 	return nil
 }
 

pkg/types/authtypes/transaction.go

@@ -13,6 +13,13 @@ type Transaction struct {
 	Object   coretypes.Object `json:"object" required:"true"`
 }
 
+type TransactionGroup struct {
+	Relation    Relation              `json:"relation" required:"true"`
+	ObjectGroup coretypes.ObjectGroup `json:"objectGroup" required:"true"`
+}
+
+type TransactionGroups []*TransactionGroup
+
 type GettableTransaction struct {
 	Relation   Relation         `json:"relation" required:"true"`
 	Object     coretypes.Object `json:"object" required:"true"`
@@ -32,6 +39,18 @@ func NewTransaction(relation Relation, object coretypes.Object) (*Transaction, e
 	return &Transaction{ID: valuer.GenerateUUID(), Relation: relation, Object: object}, nil
 }
 
+func NewTransactionGroup(relation Relation, objectGroup coretypes.ObjectGroup) (*TransactionGroup, error) {
+	if err := coretypes.ErrIfVerbNotValidForResource(relation.Verb, objectGroup.Resource); err != nil {
+		return nil, err
+	}
+
+	if _, err := coretypes.NewObjectsFromObjectGroup(objectGroup); err != nil {
+		return nil, err
+	}
+
+	return &TransactionGroup{Relation: relation, ObjectGroup: objectGroup}, nil
+}
+
 func NewGettableTransaction(results []*TransactionWithAuthorization) []*GettableTransaction {
 	gettableTransactions := make([]*GettableTransaction, len(results))
 	for i, result := range results {
@@ -45,6 +64,10 @@ func NewGettableTransaction(results []*TransactionWithAuthorization) []*Gettable
 	return gettableTransactions
 }
 
+func (groups TransactionGroups) Diff(desired TransactionGroups) (additions, deletions TransactionGroups) {
+	return desired.subtract(groups), groups.subtract(desired)
+}
+
 func (transaction *Transaction) UnmarshalJSON(data []byte) error {
 	var shadow = struct {
 		Relation Relation
@@ -65,6 +88,71 @@ func (transaction *Transaction) UnmarshalJSON(data []byte) error {
 	return nil
 }
 
+func (transactionGroup *TransactionGroup) UnmarshalJSON(data []byte) error {
+	var shadow = struct {
+		Relation    Relation
+		ObjectGroup coretypes.ObjectGroup
+	}{}
+
+	err := json.Unmarshal(data, &shadow)
+	if err != nil {
+		return err
+	}
+
+	group, err := NewTransactionGroup(shadow.Relation, shadow.ObjectGroup)
+	if err != nil {
+		return err
+	}
+
+	*transactionGroup = *group
+	return nil
+}
+
 func (transaction *Transaction) TransactionKey() string {
 	return transaction.Relation.StringValue() + ":" + transaction.Object.Resource.Type.StringValue() + ":" + transaction.Object.Resource.Kind.String()
 }
+
+func (groups TransactionGroups) subtract(other TransactionGroups) TransactionGroups {
+	otherSelectors := other.selectorSet()
+
+	order := make([]string, 0)
+	grouped := make(map[string]*TransactionGroup)
+	for _, group := range groups {
+		for _, selector := range group.ObjectGroup.Selectors {
+			if _, ok := otherSelectors[group.selectorKey(selector)]; ok {
+				continue
+			}
+
+			groupKey := group.Relation.StringValue() + "|" + group.ObjectGroup.Resource.String()
+			out, ok := grouped[groupKey]
+			if !ok {
+				out = &TransactionGroup{Relation: group.Relation, ObjectGroup: coretypes.ObjectGroup{Resource: group.ObjectGroup.Resource, Selectors: make([]coretypes.Selector, 0)}}
+				grouped[groupKey] = out
+				order = append(order, groupKey)
+			}
+			out.ObjectGroup.Selectors = append(out.ObjectGroup.Selectors, selector)
+		}
+	}
+
+	result := make(TransactionGroups, 0, len(order))
+	for _, key := range order {
+		result = append(result, grouped[key])
+	}
+
+	return result
+}
+
+func (groups TransactionGroups) selectorSet() map[string]struct{} {
+	set := make(map[string]struct{})
+	for _, group := range groups {
+		for _, selector := range group.ObjectGroup.Selectors {
+			set[group.selectorKey(selector)] = struct{}{}
+		}
+	}
+
+	return set
+}
+
+func (group *TransactionGroup) selectorKey(selector coretypes.Selector) string {
+	return group.Relation.StringValue() + "|" + group.ObjectGroup.Resource.String() + "|" + selector.String()
+}

pkg/types/authtypes/tuple.go

@@ -47,14 +47,58 @@ func NewTuplesFromTransactions(transactions []*Transaction, subject string, orgI
 	return tuples, nil
 }
 
-// NewTuplesFromTransactionsWithCorrelations converts transactions to tuples for BatchCheck,
-// and for each transaction whose selector is not already a wildcard, generates an additional
-// tuple with the wildcard selector. This ensures that permissions granted via wildcard
-// selectors (e.g., dashboard:*) are checked alongside exact selectors (e.g., dashboard:abc-123).
-//
-// Returns:
-//   - tuples: all tuples to check (exact + correlated), keyed by transaction ID or generated correlation ID
-//   - correlations: maps transaction ID to a slice of correlation IDs for the additional tuples
+func NewTuplesFromTransactionGroups(name string, orgID valuer.UUID, transactionGroups []*TransactionGroup) ([]*openfgav1.TupleKey, error) {
+	tuples := make([]*openfgav1.TupleKey, 0)
+	subject := MustNewSubject(coretypes.NewResourceRole(), name, orgID, &coretypes.VerbAssignee)
+
+	for _, transactionGroup := range transactionGroups {
+		if err := coretypes.ErrIfVerbNotValidForResource(transactionGroup.Relation.Verb, transactionGroup.ObjectGroup.Resource); err != nil {
+			return nil, err
+		}
+
+		resource, err := coretypes.NewResourceFromTypeAndKind(transactionGroup.ObjectGroup.Resource.Type, transactionGroup.ObjectGroup.Resource.Kind)
+		if err != nil {
+			return nil, err
+		}
+
+		objectGroupTuples := NewTuples(resource, subject, transactionGroup.Relation, transactionGroup.ObjectGroup.Selectors, orgID)
+		tuples = append(tuples, objectGroupTuples...)
+	}
+
+	return tuples, nil
+}
+
+func MustNewTransactionGroupsFromTuples(tuples []*openfgav1.TupleKey) []*TransactionGroup {
+	objectsByRelation := make(map[string][]*coretypes.Object)
+
+	for _, tuple := range tuples {
+		verb, err := coretypes.NewVerb(tuple.GetRelation())
+		if err != nil {
+			panic(err)
+		}
+
+		object := coretypes.MustNewObjectFromString(tuple.GetObject())
+		objectsByRelation[verb.StringValue()] = append(objectsByRelation[verb.StringValue()], object)
+	}
+
+	transactionGroups := make([]*TransactionGroup, 0)
+	for _, verb := range coretypes.Verbs {
+		objects := objectsByRelation[verb.StringValue()]
+		if len(objects) == 0 {
+			continue
+		}
+
+		for _, objectGroup := range coretypes.NewObjectGroupsFromObjects(objects) {
+			transactionGroups = append(transactionGroups, &TransactionGroup{
+				Relation:    Relation{Verb: verb},
+				ObjectGroup: *objectGroup,
+			})
+		}
+	}
+
+	return transactionGroups
+}
+
 func NewTuplesFromTransactionsWithCorrelations(transactions []*Transaction, subject string, orgID valuer.UUID) (tuples map[string]*openfgav1.TupleKey, correlations map[string][]string, err error) {
 	tuples = make(map[string]*openfgav1.TupleKey)
 	correlations = make(map[string][]string)
@@ -83,10 +127,6 @@ func NewTuplesFromTransactionsWithCorrelations(transactions []*Transaction, subj
 	return tuples, correlations, nil
 }
 
-// NewTuplesFromTransactionsWithManagedRoles converts transactions to tuples for BatchCheck.
-// Direct role-assignment transactions (TypeRole + VerbAssignee) produce one tuple keyed by txn ID.
-// Other transactions are expanded via managedRolesByTransaction into role-assignee checks, keyed by "txnID:roleName".
-// Transactions with no managed role mapping are marked as pre-resolved (false) in the returned map.
 func NewTuplesFromTransactionsWithManagedRoles(
 	transactions []*Transaction,
 	subject string,
@@ -131,10 +171,6 @@ func NewTuplesFromTransactionsWithManagedRoles(
 	return tuples, preResolved, roleCorrelations, nil
 }
 
-// NewTransactionWithAuthorizationFromBatchResults merges batch check results into an ordered
-// slice of TransactionWithAuthorization matching the input transactions order.
-// preResolved contains txn IDs whose authorization was determined without BatchCheck.
-// roleCorrelations maps txn IDs to correlation IDs used for managed role checks.
 func NewTransactionWithAuthorizationFromBatchResults(
 	transactions []*Transaction,
 	batchResults map[string]*TupleKeyAuthorization,

pkg/types/coretypes/object.go

@@ -9,6 +9,7 @@ import (
 
 var (
 	ErrCodeInvalidPatchObject = errors.MustNewCode("authz_invalid_patch_objects")
+	ErrCodeInvalidObject      = errors.MustNewCode("authz_invalid_object")
 )
 
 type Object struct {

pkg/types/inframonitoringtypes/onboarding.go

@@ -1,83 +0,0 @@
-package inframonitoringtypes
-
-import (
-	"slices"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-)
-
-// PostableOnboarding is the request for GET /api/v2/infra_monitoring/onboarding.
-// The single `type` query param selects which infra-monitoring subsection the
-// readiness check runs for.
-type PostableOnboarding struct {
-	Type OnboardingType `query:"type" required:"true"`
-}
-
-// Validate rejects empty/unknown onboarding types.
-func (req *PostableOnboarding) Validate() error {
-	if req == nil {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "request is nil")
-	}
-
-	if req.Type.IsZero() {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "type is required")
-	}
-
-	if !slices.Contains(ValidOnboardingTypes, req.Type) {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid type: %s", req.Type)
-	}
-
-	return nil
-}
-
-// Onboarding is the response for GET /api/v2/infra_monitoring/onboarding.
-//
-// The three present/missing pairs partition a type's requirements into three
-// dimensions — default-enabled metrics, optional metrics, required attributes —
-// each bucketed by the collector component (receiver or processor) that
-// produces it. Ready is true iff every Missing* array is empty.
-type Onboarding struct {
-	Type                         OnboardingType                    `json:"type" required:"true"`
-	Ready                        bool                              `json:"ready" required:"true"`
-	PresentDefaultEnabledMetrics []MetricsComponentEntry           `json:"presentDefaultEnabledMetrics" required:"true"`
-	PresentOptionalMetrics       []MetricsComponentEntry           `json:"presentOptionalMetrics" required:"true"`
-	PresentRequiredAttributes    []AttributesComponentEntry        `json:"presentRequiredAttributes" required:"true"`
-	MissingDefaultEnabledMetrics []MissingMetricsComponentEntry    `json:"missingDefaultEnabledMetrics" required:"true"`
-	MissingOptionalMetrics       []MissingMetricsComponentEntry    `json:"missingOptionalMetrics" required:"true"`
-	MissingRequiredAttributes    []MissingAttributesComponentEntry `json:"missingRequiredAttributes" required:"true"`
-}
-
-// AssociatedComponent identifies the collector receiver or processor that a
-// metric or attribute originates from. Name is free-form (e.g. "kubeletstatsreceiver").
-type AssociatedComponent struct {
-	Type OnboardingComponentType `json:"type" required:"true"`
-	Name string                  `json:"name" required:"true"`
-}
-
-// MetricsComponentEntry lists metrics that share a single associated component.
-type MetricsComponentEntry struct {
-	Metrics             []string            `json:"metrics" required:"true"`
-	AssociatedComponent AssociatedComponent `json:"associatedComponent" required:"true"`
-}
-
-// AttributesComponentEntry lists resource attributes that share a single associated component.
-type AttributesComponentEntry struct {
-	Attributes          []string            `json:"attributes" required:"true"`
-	AssociatedComponent AssociatedComponent `json:"associatedComponent" required:"true"`
-}
-
-// MissingMetricsComponentEntry extends MetricsComponentEntry with a user-facing
-// message and a docs link for fixing the missing metrics.
-type MissingMetricsComponentEntry struct {
-	MetricsComponentEntry
-	Message           string `json:"message" required:"true"`
-	DocumentationLink string `json:"documentationLink" required:"true"`
-}
-
-// MissingAttributesComponentEntry extends AttributesComponentEntry with a user-facing
-// message and a docs link for fixing the missing attributes.
-type MissingAttributesComponentEntry struct {
-	AttributesComponentEntry
-	Message           string `json:"message" required:"true"`
-	DocumentationLink string `json:"documentationLink" required:"true"`
-}

pkg/types/inframonitoringtypes/onboarding_constants.go

@@ -1,71 +0,0 @@
-package inframonitoringtypes
-
-import "github.com/SigNoz/signoz/pkg/valuer"
-
-// OnboardingType identifies a single infra-monitoring subsection (UI tab).
-// One value per v1/v2 list API we surface in the infra-monitoring section.
-type OnboardingType struct {
-	valuer.String
-}
-
-var (
-	OnboardingTypeHosts        = OnboardingType{valuer.NewString("hosts")}
-	OnboardingTypeProcesses    = OnboardingType{valuer.NewString("processes")}
-	OnboardingTypePods         = OnboardingType{valuer.NewString("pods")}
-	OnboardingTypeNodes        = OnboardingType{valuer.NewString("nodes")}
-	OnboardingTypeDeployments  = OnboardingType{valuer.NewString("deployments")}
-	OnboardingTypeDaemonsets   = OnboardingType{valuer.NewString("daemonsets")}
-	OnboardingTypeStatefulsets = OnboardingType{valuer.NewString("statefulsets")}
-	OnboardingTypeJobs         = OnboardingType{valuer.NewString("jobs")}
-	OnboardingTypeNamespaces   = OnboardingType{valuer.NewString("namespaces")}
-	OnboardingTypeClusters     = OnboardingType{valuer.NewString("clusters")}
-	OnboardingTypeVolumes      = OnboardingType{valuer.NewString("volumes")}
-)
-
-func (OnboardingType) Enum() []any {
-	return []any{
-		OnboardingTypeHosts,
-		OnboardingTypeProcesses,
-		OnboardingTypePods,
-		OnboardingTypeNodes,
-		OnboardingTypeDeployments,
-		OnboardingTypeDaemonsets,
-		OnboardingTypeStatefulsets,
-		OnboardingTypeJobs,
-		OnboardingTypeNamespaces,
-		OnboardingTypeClusters,
-		OnboardingTypeVolumes,
-	}
-}
-
-var ValidOnboardingTypes = []OnboardingType{
-	OnboardingTypeHosts,
-	OnboardingTypeProcesses,
-	OnboardingTypePods,
-	OnboardingTypeNodes,
-	OnboardingTypeDeployments,
-	OnboardingTypeDaemonsets,
-	OnboardingTypeStatefulsets,
-	OnboardingTypeJobs,
-	OnboardingTypeNamespaces,
-	OnboardingTypeClusters,
-	OnboardingTypeVolumes,
-}
-
-// OnboardingComponentType tags each AssociatedComponent as either a receiver or a processor.
-// Only these two values are ever written by the module.
-type OnboardingComponentType struct {
-	valuer.String
-}
-
-var (
-	OnboardingComponentTypeReceiver  = OnboardingComponentType{valuer.NewString("receiver")}
-	OnboardingComponentTypeProcessor = OnboardingComponentType{valuer.NewString("processor")}
-)
-
-func (OnboardingComponentType) Enum() []any {
-	return []any{
-		OnboardingComponentTypeReceiver,
-		OnboardingComponentTypeProcessor,
-	}
-}

pkg/types/inframonitoringtypes/onboarding_test.go

@@ -1,110 +0,0 @@
-package inframonitoringtypes
-
-import (
-	"testing"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/stretchr/testify/require"
-)
-
-func TestPostableOnboarding_Validate(t *testing.T) {
-	tests := []struct {
-		name    string
-		req     *PostableOnboarding
-		wantErr bool
-	}{
-		{
-			name:    "nil request",
-			req:     nil,
-			wantErr: true,
-		},
-		{
-			name:    "empty type",
-			req:     &PostableOnboarding{},
-			wantErr: true,
-		},
-		{
-			name:    "unknown type",
-			req:     &PostableOnboarding{Type: OnboardingType{valuer.NewString("foo")}},
-			wantErr: true,
-		},
-		{
-			name:    "hosts",
-			req:     &PostableOnboarding{Type: OnboardingTypeHosts},
-			wantErr: false,
-		},
-		{
-			name:    "processes",
-			req:     &PostableOnboarding{Type: OnboardingTypeProcesses},
-			wantErr: false,
-		},
-		{
-			name:    "pods",
-			req:     &PostableOnboarding{Type: OnboardingTypePods},
-			wantErr: false,
-		},
-		{
-			name:    "nodes",
-			req:     &PostableOnboarding{Type: OnboardingTypeNodes},
-			wantErr: false,
-		},
-		{
-			name:    "deployments",
-			req:     &PostableOnboarding{Type: OnboardingTypeDeployments},
-			wantErr: false,
-		},
-		{
-			name:    "daemonsets",
-			req:     &PostableOnboarding{Type: OnboardingTypeDaemonsets},
-			wantErr: false,
-		},
-		{
-			name:    "statefulsets",
-			req:     &PostableOnboarding{Type: OnboardingTypeStatefulsets},
-			wantErr: false,
-		},
-		{
-			name:    "jobs",
-			req:     &PostableOnboarding{Type: OnboardingTypeJobs},
-			wantErr: false,
-		},
-		{
-			name:    "namespaces",
-			req:     &PostableOnboarding{Type: OnboardingTypeNamespaces},
-			wantErr: false,
-		},
-		{
-			name:    "clusters",
-			req:     &PostableOnboarding{Type: OnboardingTypeClusters},
-			wantErr: false,
-		},
-		{
-			name:    "volumes",
-			req:     &PostableOnboarding{Type: OnboardingTypeVolumes},
-			wantErr: false,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			err := tt.req.Validate()
-			if tt.wantErr {
-				require.Error(t, err)
-				require.True(t, errors.Ast(err, errors.TypeInvalidInput), "expected error to be of type InvalidInput")
-			} else {
-				require.NoError(t, err)
-			}
-		})
-	}
-}
-
-// TestValidOnboardingTypes_MatchesEnum ensures the ValidOnboardingTypes slice
-// stays in sync with the Enum() list — both must cover every OnboardingType value.
-func TestValidOnboardingTypes_MatchesEnum(t *testing.T) {
-	enum := OnboardingType{}.Enum()
-	require.Equal(t, len(enum), len(ValidOnboardingTypes))
-	for i, v := range enum {
-		require.Equal(t, v, ValidOnboardingTypes[i])
-	}
-}

pkg/types/llmpricingruletypes/pricing.go

@@ -125,8 +125,10 @@ type UpdatableLLMPricingRules struct {
 }
 
 type ListPricingRulesQuery struct {
-	Offset int `query:"offset" json:"offset"`
-	Limit  int `query:"limit"  json:"limit"`
+	Offset     int    `query:"offset" json:"offset"`
+	Limit      int    `query:"limit"  json:"limit"`
+	Search     string `query:"q" json:"q"`
+	IsOverride *bool  `query:"isOverride" json:"isOverride"`
 }
 
 type GettablePricingRules struct {

pkg/types/llmpricingruletypes/store.go

@@ -7,7 +7,7 @@ import (
 )
 
 type Store interface {
-	List(ctx context.Context, orgID valuer.UUID, offset, limit int) ([]*LLMPricingRule, int, error)
+	List(ctx context.Context, orgID valuer.UUID, offset, limit int, search string, isOverride *bool) ([]*LLMPricingRule, int, error)
 	Get(ctx context.Context, orgID, id valuer.UUID) (*LLMPricingRule, error)
 	GetBySourceID(ctx context.Context, orgID, sourceID valuer.UUID) (*LLMPricingRule, error)
 	Create(ctx context.Context, rule *LLMPricingRule) error

tests/fixtures/role.py

@@ -26,10 +26,10 @@ def find_role_by_name(signoz: types.SigNoz, token: str, name: str) -> str:
 
 
 def create_custom_role(signoz: types.SigNoz, token: str, name: str) -> str:
-    """Create a custom role and return its ID."""
+    """Create a custom role and return its ID. transactionGroups is required (send [] for none)."""
     resp = requests.post(
         signoz.self.host_configs["8080"].get(ROLES_BASE),
-        json={"name": name},
+        json={"name": name, "transactionGroups": []},
         headers={"Authorization": f"Bearer {token}"},
         timeout=5,
     )

tests/integration/tests/inframonitoring/11_onboarding.py

@@ -1,327 +0,0 @@
-"""Integration tests for the v2 infra-monitoring onboarding endpoint.
-
-GET /api/v2/infra_monitoring/onboarding?type=<t> reports per-tab readiness:
-for each collector component it lists which required/optional metrics and
-required attributes are present vs missing. `ready` is true iff every missing
-list is empty (optional gaps DO block).
-
-Presence is checked against distributed_metadata with NO time window
-(pkg/modules/inframonitoring/implinframonitoring/helpers.go:423,:479): a metric
-is present iff it was ever ingested; an attribute is present iff it appears as a
-label on any of that type's spec metrics. So seeding here is purely "make these
-(metric, label) rows exist" — no start/end, no value math. insert_metrics is
-function-scoped and truncates metadata on teardown, so (serial suite) each test
-sees only its own seeds.
-
-SPECS mirrors pkg/modules/inframonitoring/implinframonitoring/onboarding_constants.go
-and is the contract lock: if a Go spec changes, the matching assertion fails.
-"""
-
-from datetime import UTC, datetime
-from http import HTTPStatus
-
-import pytest
-import requests
-
-from fixtures import types
-from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
-from fixtures.metrics import Metrics
-
-ENDPOINT = "/api/v2/infra_monitoring/onboarding"
-
-# Component names (onboarding_constants.go:9-15) + their type + docs link.
-HMR = "hostmetricsreceiver"
-KSR = "kubeletstatsreceiver"
-KCR = "k8sclusterreceiver"
-RDP = "resourcedetectionprocessor"
-KAP = "k8sattributesprocessor"
-
-COMPONENT_TYPE = {HMR: "receiver", KSR: "receiver", KCR: "receiver", RDP: "processor", KAP: "processor"}
-
-_PODS_OPT = [
-    "k8s.pod.cpu_request_utilization",
-    "k8s.pod.cpu_limit_utilization",
-    "k8s.pod.memory_request_utilization",
-    "k8s.pod.memory_limit_utilization",
-]
-
-# Mirror of onboardingSpecs: type -> {default|optional: {component: [metrics]}, attrs: {component: [attrs]}}.
-SPECS = {
-    "hosts": {
-        "default": {HMR: ["system.cpu.time", "system.memory.usage", "system.cpu.load_average.15m", "system.filesystem.usage"]},
-        "optional": {},
-        "attrs": {RDP: ["host.name"]},
-    },
-    "processes": {
-        "default": {HMR: ["process.cpu.time", "process.memory.usage"]},
-        "optional": {},
-        "attrs": {HMR: ["process.pid"]},
-    },
-    "pods": {
-        "default": {KSR: ["k8s.pod.cpu.usage", "k8s.pod.memory.working_set"], KCR: ["k8s.pod.phase"]},
-        "optional": {KSR: list(_PODS_OPT)},
-        "attrs": {KAP: ["k8s.pod.uid"]},
-    },
-    "nodes": {
-        "default": {
-            KSR: ["k8s.node.cpu.usage", "k8s.node.memory.working_set"],
-            KCR: ["k8s.node.allocatable_cpu", "k8s.node.allocatable_memory", "k8s.node.condition_ready", "k8s.pod.phase"],
-        },
-        "optional": {},
-        "attrs": {KAP: ["k8s.node.name"]},
-    },
-    "deployments": {
-        "default": {KSR: ["k8s.pod.cpu.usage", "k8s.pod.memory.working_set"], KCR: ["k8s.pod.phase", "k8s.deployment.desired", "k8s.deployment.available"]},
-        "optional": {KSR: list(_PODS_OPT)},
-        "attrs": {KAP: ["k8s.deployment.name", "k8s.namespace.name"], RDP: ["k8s.cluster.name"]},
-    },
-    "daemonsets": {
-        "default": {KSR: ["k8s.pod.cpu.usage", "k8s.pod.memory.working_set"], KCR: ["k8s.pod.phase", "k8s.daemonset.desired_scheduled_nodes", "k8s.daemonset.current_scheduled_nodes"]},
-        "optional": {KSR: list(_PODS_OPT)},
-        "attrs": {KAP: ["k8s.daemonset.name", "k8s.namespace.name"], RDP: ["k8s.cluster.name"]},
-    },
-    "statefulsets": {
-        "default": {KSR: ["k8s.pod.cpu.usage", "k8s.pod.memory.working_set"], KCR: ["k8s.pod.phase", "k8s.statefulset.desired_pods", "k8s.statefulset.current_pods"]},
-        "optional": {KSR: list(_PODS_OPT)},
-        "attrs": {KAP: ["k8s.statefulset.name", "k8s.namespace.name"], RDP: ["k8s.cluster.name"]},
-    },
-    "jobs": {
-        "default": {KSR: ["k8s.pod.cpu.usage", "k8s.pod.memory.working_set"], KCR: ["k8s.pod.phase", "k8s.job.desired_successful_pods", "k8s.job.active_pods", "k8s.job.failed_pods", "k8s.job.successful_pods"]},
-        "optional": {KSR: list(_PODS_OPT)},
-        "attrs": {KAP: ["k8s.job.name", "k8s.namespace.name"], RDP: ["k8s.cluster.name"]},
-    },
-    "namespaces": {
-        "default": {KSR: ["k8s.pod.cpu.usage", "k8s.pod.memory.working_set"], KCR: ["k8s.pod.phase"]},
-        "optional": {},
-        "attrs": {KAP: ["k8s.namespace.name"], RDP: ["k8s.cluster.name"]},
-    },
-    "clusters": {
-        "default": {KSR: ["k8s.node.cpu.usage", "k8s.node.memory.working_set"], KCR: ["k8s.node.allocatable_cpu", "k8s.node.allocatable_memory", "k8s.node.condition_ready", "k8s.pod.phase"]},
-        "optional": {},
-        "attrs": {RDP: ["k8s.cluster.name"]},
-    },
-    "volumes": {
-        "default": {KSR: ["k8s.volume.available", "k8s.volume.capacity", "k8s.volume.inodes", "k8s.volume.inodes.free", "k8s.volume.inodes.used"]},
-        "optional": {},
-        "attrs": {KAP: ["k8s.persistentvolumeclaim.name", "k8s.namespace.name"], RDP: ["k8s.cluster.name"]},
-    },
-}
-
-ALL_TYPES = list(SPECS.keys())
-
-
-# --- helpers ---
-
-
-def _all(d: dict) -> list:
-    """Flatten a {component: [items]} map to a flat list."""
-    return [x for items in d.values() for x in items]
-
-
-def _all_metrics(t: str) -> list:
-    return _all(SPECS[t]["default"]) + _all(SPECS[t]["optional"])
-
-
-def _attr_labels(t: str, drop: str | None = None) -> dict:
-    """Labels carrying every required attr (so they resolve present), minus `drop`."""
-    return {a: f"v-{a}" for a in _all(SPECS[t]["attrs"]) if a != drop}
-
-
-# Marker label so every seeded metric registers in distributed_metadata even when
-# `labels` is empty (insert_metrics writes a metadata row per label). Non-spec, so it
-# is never counted as a present required attribute.
-_SEED_MARKER = {"test.seed.marker": "1"}
-
-
-def _seed(insert_metrics, metric_names: list, labels: dict) -> None:
-    now = datetime.now(tz=UTC).replace(microsecond=0)
-    insert_metrics([Metrics(metric_name=m, labels={**_SEED_MARKER, **labels}, timestamp=now, value=1.0) for m in metric_names])
-
-
-def _request(signoz: types.SigNoz, token: str, type_: str | None):
-    params = {} if type_ is None else {"type": type_}
-    return requests.get(
-        signoz.self.host_configs["8080"].get(ENDPOINT),
-        headers={"authorization": f"Bearer {token}"},
-        params=params,
-        timeout=5,
-    )
-
-
-def _grouped(entries: list, field: str) -> dict:
-    """{component_name: set(items)} from a present/missing entry list; also asserts
-    each entry's associatedComponent.type matches the known component type."""
-    out: dict = {}
-    for e in entries:
-        comp = e["associatedComponent"]
-        assert comp["type"] == COMPONENT_TYPE[comp["name"]], f"wrong type for {comp!r}"
-        out.setdefault(comp["name"], set()).update(e[field])
-    return out
-
-
-def _exp(d: dict) -> dict:
-    return {comp: set(items) for comp, items in d.items()}
-
-
-def _check_missing_entries(entries: list) -> None:
-    """Every missing entry carries a non-empty message + a non-empty docs link
-    (exact link not asserted — links are subject to change)."""
-    for e in entries:
-        assert e["message"], f"empty message: {e!r}"
-        assert e["documentationLink"], f"empty doc link: {e!r}"
-
-
-# Parametrize cases derived from SPECS.
-_DEFAULT_CASES = [  # one representative dropped default metric per type
-    pytest.param(t, comp, ms[0], id=f"{t}-{ms[0]}") for t in ALL_TYPES for comp, ms in [next(iter(SPECS[t]["default"].items()))]
-]
-_OPTIONAL_CASES = [  # types that have optional metrics
-    pytest.param(t, comp, ms[0], id=f"{t}-{ms[0]}") for t in ALL_TYPES for comp, ms in SPECS[t]["optional"].items() if ms
-]
-_ATTR_CASES = [pytest.param(t, comp, a, id=f"{t}-{a}") for t in ALL_TYPES for comp, attrs in SPECS[t]["attrs"].items() for a in attrs]
-
-
-@pytest.mark.parametrize(
-    "type_,err_substr",
-    [
-        pytest.param(None, "type is required", id="missing_type"),
-        pytest.param("foo", "invalid type", id="invalid_type"),
-    ],
-)
-def test_onboarding_validation_errors(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token,
-    type_,
-    err_substr: str,
-) -> None:
-    """Missing/unknown `type` query param → 400 invalid_input."""
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    response = _request(signoz, token, type_)
-    assert response.status_code == HTTPStatus.BAD_REQUEST, response.text
-    error = response.json()["error"]
-    assert error["code"] == "invalid_input"
-
-
-@pytest.mark.parametrize("type_", ALL_TYPES)
-def test_onboarding_empty_backend(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token,
-    insert_metrics,  # noqa: ARG001  ensures metadata is truncated around this test
-    type_: str,
-) -> None:
-    """No data ingested → not ready; every default metric + required attr reported
-    missing (bucketed by component, with message + docs link); present lists empty."""
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    data = _request(signoz, token, type_).json()["data"]
-
-    assert data["ready"] is False
-    assert data["presentDefaultEnabledMetrics"] == []
-    assert data["presentOptionalMetrics"] == []
-    assert data["presentRequiredAttributes"] == []
-    assert _grouped(data["missingDefaultEnabledMetrics"], "metrics") == _exp(SPECS[type_]["default"])
-    assert _grouped(data["missingOptionalMetrics"], "metrics") == _exp(SPECS[type_]["optional"])
-    assert _grouped(data["missingRequiredAttributes"], "attributes") == _exp(SPECS[type_]["attrs"])
-    _check_missing_entries(data["missingDefaultEnabledMetrics"])
-    _check_missing_entries(data["missingOptionalMetrics"])
-    _check_missing_entries(data["missingRequiredAttributes"])
-
-
-@pytest.mark.parametrize("type_", ALL_TYPES)
-def test_onboarding_all_present_ready(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token,
-    insert_metrics,
-    type_: str,
-) -> None:
-    """Every default+optional metric seeded carrying all required attrs → ready;
-    present buckets exactly match the spec, all missing lists empty."""
-    _seed(insert_metrics, _all_metrics(type_), _attr_labels(type_))
-
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    data = _request(signoz, token, type_).json()["data"]
-
-    assert data["type"] == type_
-    assert data["ready"] is True
-    assert data["missingDefaultEnabledMetrics"] == []
-    assert data["missingOptionalMetrics"] == []
-    assert data["missingRequiredAttributes"] == []
-    assert _grouped(data["presentDefaultEnabledMetrics"], "metrics") == _exp(SPECS[type_]["default"])
-    assert _grouped(data["presentOptionalMetrics"], "metrics") == _exp(SPECS[type_]["optional"])
-    assert _grouped(data["presentRequiredAttributes"], "attributes") == _exp(SPECS[type_]["attrs"])
-
-
-@pytest.mark.parametrize("type_,component,metric", _DEFAULT_CASES)
-def test_onboarding_missing_default_metric(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token,
-    insert_metrics,
-    type_: str,
-    component: str,
-    metric: str,
-) -> None:
-    """One default metric never ingested (everything else present) → that metric is
-    in missingDefaultEnabledMetrics under its component; not ready."""
-    seed = [m for m in _all_metrics(type_) if m != metric]
-    _seed(insert_metrics, seed, _attr_labels(type_))
-
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    data = _request(signoz, token, type_).json()["data"]
-
-    assert data["ready"] is False
-    assert metric in _grouped(data["missingDefaultEnabledMetrics"], "metrics").get(component, set())
-    assert data["missingOptionalMetrics"] == []
-    assert data["missingRequiredAttributes"] == []
-    _check_missing_entries(data["missingDefaultEnabledMetrics"])
-
-
-@pytest.mark.parametrize("type_,component,metric", _OPTIONAL_CASES)
-def test_onboarding_missing_optional_metric(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token,
-    insert_metrics,
-    type_: str,
-    component: str,
-    metric: str,
-) -> None:
-    """One optional metric missing → reported in missingOptionalMetrics and (locked
-    decision) NOT ready, even though all default metrics + attrs are present."""
-    seed = [m for m in _all_metrics(type_) if m != metric]
-    _seed(insert_metrics, seed, _attr_labels(type_))
-
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    data = _request(signoz, token, type_).json()["data"]
-
-    assert data["ready"] is False
-    assert metric in _grouped(data["missingOptionalMetrics"], "metrics").get(component, set())
-    assert data["missingDefaultEnabledMetrics"] == []
-    assert data["missingRequiredAttributes"] == []
-    _check_missing_entries(data["missingOptionalMetrics"])
-
-
-@pytest.mark.parametrize("type_,component,attr", _ATTR_CASES)
-def test_onboarding_missing_required_attribute(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token,
-    insert_metrics,
-    type_: str,
-    component: str,
-    attr: str,
-) -> None:
-    """All metrics present but one required attr never seen on any of them → that
-    attr is in missingRequiredAttributes under its component; not ready."""
-    _seed(insert_metrics, _all_metrics(type_), _attr_labels(type_, drop=attr))
-
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    data = _request(signoz, token, type_).json()["data"]
-
-    assert data["ready"] is False
-    assert attr in _grouped(data["missingRequiredAttributes"], "attributes").get(component, set())
-    assert data["missingDefaultEnabledMetrics"] == []
-    assert data["missingOptionalMetrics"] == []
-    _check_missing_entries(data["missingRequiredAttributes"])

tests/integration/tests/role/03_fga.py

@@ -63,7 +63,7 @@ def test_create_role_with_signoz_prefix_rejected(
     for name in ("signoz-custom", "signozcustom"):
         resp = requests.post(
             signoz.self.host_configs["8080"].get(ROLES_BASE),
-            json={"name": name},
+            json={"name": name, "transactionGroups": []},
             headers={"Authorization": f"Bearer {admin_token}"},
             timeout=5,
         )
@@ -175,7 +175,7 @@ def test_role_readonly_forbidden_operations(
     # Create role — forbidden.
     resp = requests.post(
         signoz.self.host_configs["8080"].get(ROLES_BASE),
-        json={"name": "role-fga-should-fail"},
+        json={"name": "role-fga-should-fail", "transactionGroups": []},
         headers={"Authorization": f"Bearer {token}"},
         timeout=5,
     )
@@ -238,7 +238,7 @@ def test_role_grant_write_permissions(
     # Create role — now allowed.
     resp = requests.post(
         signoz.self.host_configs["8080"].get(ROLES_BASE),
-        json={"name": "role-fga-write-test"},
+        json={"name": "role-fga-write-test", "transactionGroups": []},
         headers={"Authorization": f"Bearer {custom_token}"},
         timeout=5,
     )