feat(global-time-store): add support to context, url persistence, store persistence, drift handle

* feat: base path config setup and plugin for gotmpl generation at build time

* feat: changed output path to dir level

* feat: refactor the interceptor and added gotmpl into gitignore

* feat: removed plugin and serving the index.html only as the template

* feat: updated the html template

* feat: updated base path utils and fixed navigation and translations

* feat: code refactor around feedbacks

* feat: applied suggested patch changes

* feat: code refactor around feedbacks

* feat(base-path): mirgate rule to oxlint

* feat(base-path): fix lint issues

* feat(base-path): replace window.open with openInNewTab for internal paths

* feat(base-path): migrate remaining pattern for window.location.origin + path

* feat(base-path): configure local dev setup

* feat(base-path): migrate backend bound urls and eslint upgrade to error (#11028)

* feat(base-path): migrate backend bound urls and eslint upgrade to error

* feat(base-path): migrated the new files added after rebase with main

* feat(base-path): updated lint error comment to oxlint

* feat(base-path): getScopedKey - scope storage keys to base path

* feat(base-path): scope localStorage wrapper keys via getScopedKey

* feat(base-path): sessionStorage wrappers + scope useLocalStorage via wrappers

* feat(base-path): route direct localStorage calls through scoped wrappers

* feat(base-path): route direct sessionStorage calls through scoped wrappers

* feat(base-path): eslint rule, ban direct localStorage/sessionStorage access

* fix(base-path): prepend withBasePath to livetail SSE URL in dev mode

* fix(base-path): rename loadModule to loadStorageModule to avoid TS global scope collision

* feat(base-path): migrated more cases

* feat(base-path): fix lint issues

* feat(base-path): added rule to oxlint and added oxlint disables

* feat(base-path): added localstorage fallback scope

* feat(base-path): replace window.open with openInNewTab for internal paths

* feat(base-path): migrate remaining pattern for window.location.origin + path

* feat(base-path): migrate backend bound urls and eslint upgrade to error (#11028)

* feat(base-path): migrate backend bound urls and eslint upgrade to error

* feat(base-path): migrated the new files added after rebase with main

* feat(base-path): updated lint error comment to oxlint

.github/workflows/e2eci.yaml

@@ -9,6 +9,27 @@ on:
       - labeled
 
 jobs:
+  fmtlint:
+    if: |
+      ((github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
+      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))) && contains(github.event.pull_request.labels.*.name, 'safe-to-e2e')
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: node
+        uses: actions/setup-node@v4
+        with:
+          node-version: lts/*
+      - name: install
+        run: |
+          cd tests/e2e && yarn install --frozen-lockfile
+      - name: fmt
+        run: |
+          cd tests/e2e && yarn fmt:check
+      - name: lint
+        run: |
+          cd tests/e2e && yarn lint
   test:
     strategy:
       fail-fast: false

Makefile

@@ -201,14 +201,12 @@ docker-buildx-enterprise: go-build-enterprise js-build
 # python commands
 ##############################################################
 .PHONY: py-fmt
-py-fmt: ## Run black across the shared tests project
-	@cd tests && uv run black .
+py-fmt: ## Run ruff format across the shared tests project
+	@cd tests && uv run ruff format .
 
 .PHONY: py-lint
-py-lint: ## Run lint across the shared tests project
-	@cd tests && uv run isort .
-	@cd tests && uv run autoflake .
-	@cd tests && uv run pylint .
+py-lint: ## Run ruff check across the shared tests project
+	@cd tests && uv run ruff check --fix .
 
 .PHONY: py-test-setup
 py-test-setup: ## Bring up the shared SigNoz backend used by integration and e2e tests

cmd/community/server.go

@@ -92,7 +92,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
 			return signoz.NewAuthNs(ctx, providerSettings, store, licensing)
 		},
-		func(ctx context.Context, sqlstore sqlstore.SQLStore, _ licensing.Licensing, _ dashboard.Module) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
+		func(ctx context.Context, sqlstore sqlstore.SQLStore, _ licensing.Licensing, _ []authz.OnBeforeRoleDelete, _ dashboard.Module) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
 			openfgaDataStore, err := openfgaserver.NewSQLStore(sqlstore)
 			if err != nil {
 				return nil, err

cmd/enterprise/server.go

@@ -137,12 +137,12 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 
 			return authNs, nil
 		},
-		func(ctx context.Context, sqlstore sqlstore.SQLStore, licensing licensing.Licensing, dashboardModule dashboard.Module) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
+		func(ctx context.Context, sqlstore sqlstore.SQLStore, licensing licensing.Licensing, onBeforeRoleDelete []authz.OnBeforeRoleDelete, dashboardModule dashboard.Module) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
 			openfgaDataStore, err := openfgaserver.NewSQLStore(sqlstore)
 			if err != nil {
 				return nil, err
 			}
-			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, licensing, dashboardModule), nil
+			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, licensing, onBeforeRoleDelete, dashboardModule), nil
 		},
 		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
 			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), settings, analytics, orgGetter, queryParser, querier, licensing)

conf/example.yaml

@@ -407,3 +407,11 @@ cloudintegration:
   agent:
     # The version of the cloud integration agent.
     version: v0.0.8
+
+##################### Authz #################################
+authz:
+  # Specifies the authz provider to use.
+  provider: openfga
+  openfga:
+    # maximum tuples allowed per openfga write operation.
+    max_tuples_per_write: 100

docs/api/openapi.yml

@@ -668,8 +668,8 @@ components:
       properties:
         aws:
           $ref: '#/components/schemas/CloudintegrationtypesAWSAccountConfig'
-      required:
-      - aws
+        azure:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureAccountConfig'
       type: object
     CloudintegrationtypesAgentReport:
       nullable: true
@@ -693,6 +693,90 @@ components:
           nullable: true
           type: array
       type: object
+    CloudintegrationtypesAzureAccountConfig:
+      properties:
+        deploymentRegion:
+          type: string
+        resourceGroups:
+          items:
+            type: string
+          type: array
+      required:
+      - deploymentRegion
+      - resourceGroups
+      type: object
+    CloudintegrationtypesAzureConnectionArtifact:
+      properties:
+        cliCommand:
+          type: string
+        cloudPowerShellCommand:
+          type: string
+      required:
+      - cliCommand
+      - cloudPowerShellCommand
+      type: object
+    CloudintegrationtypesAzureIntegrationConfig:
+      properties:
+        deploymentRegion:
+          type: string
+        resourceGroups:
+          items:
+            type: string
+          type: array
+        telemetryCollectionStrategy:
+          items:
+            $ref: '#/components/schemas/CloudintegrationtypesAzureTelemetryCollectionStrategy'
+          type: array
+      required:
+      - deploymentRegion
+      - resourceGroups
+      - telemetryCollectionStrategy
+      type: object
+    CloudintegrationtypesAzureLogsCollectionStrategy:
+      properties:
+        categoryGroups:
+          items:
+            type: string
+          type: array
+      required:
+      - categoryGroups
+      type: object
+    CloudintegrationtypesAzureMetricsCollectionStrategy:
+      type: object
+    CloudintegrationtypesAzureServiceConfig:
+      properties:
+        logs:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureServiceLogsConfig'
+        metrics:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureServiceMetricsConfig'
+      required:
+      - logs
+      - metrics
+      type: object
+    CloudintegrationtypesAzureServiceLogsConfig:
+      properties:
+        enabled:
+          type: boolean
+      type: object
+    CloudintegrationtypesAzureServiceMetricsConfig:
+      properties:
+        enabled:
+          type: boolean
+      type: object
+    CloudintegrationtypesAzureTelemetryCollectionStrategy:
+      properties:
+        logs:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureLogsCollectionStrategy'
+        metrics:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureMetricsCollectionStrategy'
+        resourceProvider:
+          type: string
+        resourceType:
+          type: string
+      required:
+      - resourceProvider
+      - resourceType
+      type: object
     CloudintegrationtypesCloudIntegrationService:
       nullable: true
       properties:
@@ -737,8 +821,8 @@ components:
       properties:
         aws:
           $ref: '#/components/schemas/CloudintegrationtypesAWSConnectionArtifact'
-      required:
-      - aws
+        azure:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureConnectionArtifact'
       type: object
     CloudintegrationtypesCredentials:
       properties:
@@ -910,8 +994,8 @@ components:
       properties:
         aws:
           $ref: '#/components/schemas/CloudintegrationtypesAWSPostableAccountConfig'
-      required:
-      - aws
+        azure:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureAccountConfig'
       type: object
     CloudintegrationtypesPostableAgentCheckIn:
       properties:
@@ -934,8 +1018,8 @@ components:
       properties:
         aws:
           $ref: '#/components/schemas/CloudintegrationtypesAWSIntegrationConfig'
-      required:
-      - aws
+        azure:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureIntegrationConfig'
       type: object
     CloudintegrationtypesService:
       properties:
@@ -972,8 +1056,8 @@ components:
       properties:
         aws:
           $ref: '#/components/schemas/CloudintegrationtypesAWSServiceConfig'
-      required:
-      - aws
+        azure:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureServiceConfig'
       type: object
     CloudintegrationtypesServiceID:
       enum:
@@ -990,6 +1074,8 @@ components:
       - s3sync
       - sns
       - sqs
+      - storageaccountsblob
+      - cdnprofile
       type: string
     CloudintegrationtypesServiceMetadata:
       properties:
@@ -1018,16 +1104,32 @@ components:
       properties:
         aws:
           $ref: '#/components/schemas/CloudintegrationtypesAWSTelemetryCollectionStrategy'
-      required:
-      - aws
+        azure:
+          $ref: '#/components/schemas/CloudintegrationtypesAzureTelemetryCollectionStrategy'
       type: object
     CloudintegrationtypesUpdatableAccount:
       properties:
         config:
-          $ref: '#/components/schemas/CloudintegrationtypesAccountConfig'
+          $ref: '#/components/schemas/CloudintegrationtypesUpdatableAccountConfig'
       required:
       - config
       type: object
+    CloudintegrationtypesUpdatableAccountConfig:
+      properties:
+        aws:
+          $ref: '#/components/schemas/CloudintegrationtypesAWSAccountConfig'
+        azure:
+          $ref: '#/components/schemas/CloudintegrationtypesUpdatableAzureAccountConfig'
+      type: object
+    CloudintegrationtypesUpdatableAzureAccountConfig:
+      properties:
+        resourceGroups:
+          items:
+            type: string
+          type: array
+      required:
+      - resourceGroups
+      type: object
     CloudintegrationtypesUpdatableService:
       properties:
         config:
@@ -2406,155 +2508,6 @@ components:
       - list
       - grouped_list
       type: string
-    LlmpricingruletypesGettablePricingRules:
-      properties:
-        items:
-          items:
-            $ref: '#/components/schemas/LlmpricingruletypesLLMPricingRule'
-          nullable: true
-          type: array
-        limit:
-          type: integer
-        offset:
-          type: integer
-        total:
-          type: integer
-      required:
-      - items
-      - total
-      - offset
-      - limit
-      type: object
-    LlmpricingruletypesLLMPricingRule:
-      properties:
-        cacheMode:
-          $ref: '#/components/schemas/LlmpricingruletypesLLMPricingRuleCacheMode'
-        costCacheRead:
-          format: double
-          type: number
-        costCacheWrite:
-          format: double
-          type: number
-        costInput:
-          format: double
-          type: number
-        costOutput:
-          format: double
-          type: number
-        createdAt:
-          format: date-time
-          type: string
-        createdBy:
-          type: string
-        enabled:
-          type: boolean
-        id:
-          type: string
-        isOverride:
-          type: boolean
-        modelName:
-          type: string
-        modelPattern:
-          items:
-            type: string
-          nullable: true
-          type: array
-        orgId:
-          type: string
-        sourceId:
-          type: string
-        syncedAt:
-          format: date-time
-          nullable: true
-          type: string
-        unit:
-          $ref: '#/components/schemas/LlmpricingruletypesLLMPricingRuleUnit'
-        updatedAt:
-          format: date-time
-          type: string
-        updatedBy:
-          type: string
-      required:
-      - id
-      - orgId
-      - modelName
-      - modelPattern
-      - unit
-      - cacheMode
-      - costInput
-      - costOutput
-      - costCacheRead
-      - costCacheWrite
-      - isOverride
-      - enabled
-      type: object
-    LlmpricingruletypesLLMPricingRuleCacheMode:
-      enum:
-      - subtract
-      - additive
-      - unknown
-      type: string
-    LlmpricingruletypesLLMPricingRuleUnit:
-      enum:
-      - per_million_tokens
-      type: string
-    LlmpricingruletypesUpdatableLLMPricingRule:
-      properties:
-        cacheMode:
-          $ref: '#/components/schemas/LlmpricingruletypesLLMPricingRuleCacheMode'
-        costCacheRead:
-          format: double
-          type: number
-        costCacheWrite:
-          format: double
-          type: number
-        costInput:
-          format: double
-          type: number
-        costOutput:
-          format: double
-          type: number
-        enabled:
-          type: boolean
-        id:
-          nullable: true
-          type: string
-        isOverride:
-          nullable: true
-          type: boolean
-        modelName:
-          type: string
-        modelPattern:
-          items:
-            type: string
-          nullable: true
-          type: array
-        sourceId:
-          nullable: true
-          type: string
-        unit:
-          $ref: '#/components/schemas/LlmpricingruletypesLLMPricingRuleUnit'
-      required:
-      - modelName
-      - modelPattern
-      - unit
-      - cacheMode
-      - costInput
-      - costOutput
-      - costCacheRead
-      - costCacheWrite
-      - enabled
-      type: object
-    LlmpricingruletypesUpdatableLLMPricingRules:
-      properties:
-        rules:
-          items:
-            $ref: '#/components/schemas/LlmpricingruletypesUpdatableLLMPricingRule'
-          nullable: true
-          type: array
-      required:
-      - rules
-      type: object
     MetricsexplorertypesInspectMetricsRequest:
       properties:
         end:
@@ -7245,218 +7198,6 @@ paths:
       summary: Create bulk invite
       tags:
       - users
-  /api/v1/llm_pricing_rules:
-    get:
-      deprecated: false
-      description: Returns all LLM pricing rules for the authenticated org, with pagination.
-      operationId: ListLLMPricingRules
-      parameters:
-      - in: query
-        name: offset
-        schema:
-          type: integer
-      - in: query
-        name: limit
-        schema:
-          type: integer
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/LlmpricingruletypesGettablePricingRules'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - VIEWER
-      - tokenizer:
-        - VIEWER
-      summary: List pricing rules
-      tags:
-      - llmpricingrules
-    put:
-      deprecated: false
-      description: Single write endpoint used by both the user and the Zeus sync job.
-        Per-rule match is by id, then sourceId, then insert. Override rows (is_override=true)
-        are fully preserved when the request does not provide isOverride; only synced_at
-        is stamped.
-      operationId: UpdateLLMPricingRules
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/LlmpricingruletypesUpdatableLLMPricingRules'
-      responses:
-        "204":
-          description: No Content
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Bulk update pricing rules
-      tags:
-      - llmpricingrules
-  /api/v1/llm_pricing_rules/{id}:
-    delete:
-      deprecated: false
-      description: Hard-deletes a pricing rule. If auto-synced, it will be recreated
-        on the next sync cycle.
-      operationId: DeleteLLMPricingRule
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "204":
-          description: No Content
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - ADMIN
-      - tokenizer:
-        - ADMIN
-      summary: Delete a pricing rule
-      tags:
-      - llmpricingrules
-    get:
-      deprecated: false
-      description: Returns a single LLM pricing rule by ID.
-      operationId: GetLLMPricingRule
-      parameters:
-      - in: path
-        name: id
-        required: true
-        schema:
-          type: string
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/LlmpricingruletypesLLMPricingRule'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - VIEWER
-      - tokenizer:
-        - VIEWER
-      summary: Get a pricing rule
-      tags:
-      - llmpricingrules
   /api/v1/logs/promote_paths:
     get:
       deprecated: false
@@ -8168,7 +7909,7 @@ paths:
       summary: Patch role
       tags:
       - role
-  /api/v1/roles/{id}/relation/{relation}/objects:
+  /api/v1/roles/{id}/relations/{relation}/objects:
     get:
       deprecated: false
       description: Gets all objects connected to the specified role via a given relation

ee/authz/openfgaauthz/provider.go

@@ -20,20 +20,23 @@ import (
 )
 
 type provider struct {
-	pkgAuthzService authz.AuthZ
-	openfgaServer   *openfgaserver.Server
-	licensing       licensing.Licensing
-	store           authtypes.RoleStore
-	registry        []authz.RegisterTypeable
+	config             authz.Config
+	pkgAuthzService    authz.AuthZ
+	openfgaServer      *openfgaserver.Server
+	licensing          licensing.Licensing
+	store              authtypes.RoleStore
+	registry           []authz.RegisterTypeable
+	settings           factory.ScopedProviderSettings
+	onBeforeRoleDelete []authz.OnBeforeRoleDelete
 }
 
-func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, registry ...authz.RegisterTypeable) factory.ProviderFactory[authz.AuthZ, authz.Config] {
+func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, onBeforeRoleDelete []authz.OnBeforeRoleDelete, registry ...authz.RegisterTypeable) factory.ProviderFactory[authz.AuthZ, authz.Config] {
 	return factory.NewProviderFactory(factory.MustNewName("openfga"), func(ctx context.Context, ps factory.ProviderSettings, config authz.Config) (authz.AuthZ, error) {
-		return newOpenfgaProvider(ctx, ps, config, sqlstore, openfgaSchema, openfgaDataStore, licensing, registry)
+		return newOpenfgaProvider(ctx, ps, config, sqlstore, openfgaSchema, openfgaDataStore, licensing, onBeforeRoleDelete, registry)
 	})
 }
 
-func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings, config authz.Config, sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, registry []authz.RegisterTypeable) (authz.AuthZ, error) {
+func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings, config authz.Config, sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile, openfgaDataStore storage.OpenFGADatastore, licensing licensing.Licensing, onBeforeRoleDelete []authz.OnBeforeRoleDelete, registry []authz.RegisterTypeable) (authz.AuthZ, error) {
 	pkgOpenfgaAuthzProvider := pkgopenfgaauthz.NewProviderFactory(sqlstore, openfgaSchema, openfgaDataStore)
 	pkgAuthzService, err := pkgOpenfgaAuthzProvider.New(ctx, settings, config)
 	if err != nil {
@@ -45,12 +48,17 @@ func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings,
 		return nil, err
 	}
 
+	scopedSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/ee/authz/openfgaauthz")
+
 	return &provider{
-		pkgAuthzService: pkgAuthzService,
-		openfgaServer:   openfgaServer,
-		licensing:       licensing,
-		store:           sqlauthzstore.NewSqlAuthzStore(sqlstore),
-		registry:        registry,
+		config:             config,
+		pkgAuthzService:    pkgAuthzService,
+		openfgaServer:      openfgaServer,
+		licensing:          licensing,
+		store:              sqlauthzstore.NewSqlAuthzStore(sqlstore),
+		registry:           registry,
+		settings:           scopedSettings,
+		onBeforeRoleDelete: onBeforeRoleDelete,
 	}, nil
 }
 
@@ -78,14 +86,40 @@ func (provider *provider) BatchCheck(ctx context.Context, tupleReq map[string]*o
 	return provider.openfgaServer.BatchCheck(ctx, tupleReq)
 }
 
-func (provider *provider) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, typeable authtypes.Typeable) ([]*authtypes.Object, error) {
-	return provider.openfgaServer.ListObjects(ctx, subject, relation, typeable)
+func (provider *provider) CheckTransactions(ctx context.Context, subject string, orgID valuer.UUID, transactions []*authtypes.Transaction) ([]*authtypes.TransactionWithAuthorization, error) {
+	tuples, err := authtypes.NewTuplesFromTransactions(transactions, subject, orgID)
+	if err != nil {
+		return nil, err
+	}
+
+	batchResults, err := provider.openfgaServer.BatchCheck(ctx, tuples)
+	if err != nil {
+		return nil, err
+	}
+
+	results := make([]*authtypes.TransactionWithAuthorization, len(transactions))
+	for i, txn := range transactions {
+		result := batchResults[txn.ID.StringValue()]
+		results[i] = &authtypes.TransactionWithAuthorization{
+			Transaction: txn,
+			Authorized:  result.Authorized,
+		}
+	}
+	return results, nil
+}
+
+func (provider *provider) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType authtypes.Type) ([]*authtypes.Object, error) {
+	return provider.openfgaServer.ListObjects(ctx, subject, relation, objectType)
 }
 
 func (provider *provider) Write(ctx context.Context, additions []*openfgav1.TupleKey, deletions []*openfgav1.TupleKey) error {
 	return provider.openfgaServer.Write(ctx, additions, deletions)
 }
 
+func (provider *provider) ReadTuples(ctx context.Context, tupleKey *openfgav1.ReadRequestTupleKey) ([]*openfgav1.TupleKey, error) {
+	return provider.openfgaServer.ReadTuples(ctx, tupleKey)
+}
+
 func (provider *provider) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*authtypes.Role, error) {
 	return provider.pkgAuthzService.Get(ctx, orgID, id)
 }
@@ -146,7 +180,7 @@ func (provider *provider) Create(ctx context.Context, orgID valuer.UUID, role *a
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}
 
-	return provider.store.Create(ctx, authtypes.NewStorableRoleFromRole(role))
+	return provider.store.Create(ctx, role)
 }
 
 func (provider *provider) GetOrCreate(ctx context.Context, orgID valuer.UUID, role *authtypes.Role) (*authtypes.Role, error) {
@@ -163,10 +197,10 @@ func (provider *provider) GetOrCreate(ctx context.Context, orgID valuer.UUID, ro
 	}
 
 	if existingRole != nil {
-		return authtypes.NewRoleFromStorableRole(existingRole), nil
+		return existingRole, nil
 	}
 
-	err = provider.store.Create(ctx, authtypes.NewStorableRoleFromRole(role))
+	err = provider.store.Create(ctx, role)
 	if err != nil {
 		return nil, err
 	}
@@ -175,14 +209,13 @@ func (provider *provider) GetOrCreate(ctx context.Context, orgID valuer.UUID, ro
 }
 
 func (provider *provider) GetResources(_ context.Context) []*authtypes.Resource {
-	typeables := make([]authtypes.Typeable, 0)
-	for _, register := range provider.registry {
-		typeables = append(typeables, register.MustGetTypeables()...)
-	}
-
-	typeables = append(typeables, provider.MustGetTypeables()...)
 	resources := make([]*authtypes.Resource, 0)
-	for _, typeable := range typeables {
+	for _, register := range provider.registry {
+		for _, typeable := range register.MustGetTypeables() {
+			resources = append(resources, &authtypes.Resource{Name: typeable.Name(), Type: typeable.Type()})
+		}
+	}
+	for _, typeable := range provider.MustGetTypeables() {
 		resources = append(resources, &authtypes.Resource{Name: typeable.Name(), Type: typeable.Type()})
 	}
 
@@ -201,21 +234,23 @@ func (provider *provider) GetObjects(ctx context.Context, orgID valuer.UUID, id
 	}
 
 	objects := make([]*authtypes.Object, 0)
-	for _, resource := range provider.GetResources(ctx) {
-		if slices.Contains(authtypes.TypeableRelations[resource.Type], relation) {
-			resourceObjects, err := provider.
-				ListObjects(
-					ctx,
-					authtypes.MustNewSubject(authtypes.TypeableRole, storableRole.Name, orgID, &authtypes.RelationAssignee),
-					relation,
-					authtypes.MustNewTypeableFromType(resource.Type, resource.Name),
-				)
-			if err != nil {
-				return nil, err
-			}
-
-			objects = append(objects, resourceObjects...)
+	for _, objectType := range provider.getUniqueTypes() {
+		if !slices.Contains(authtypes.TypeableRelations[objectType], relation) {
+			continue
 		}
+
+		resourceObjects, err := provider.
+			ListObjects(
+				ctx,
+				authtypes.MustNewSubject(authtypes.TypeableRole, storableRole.Name, orgID, &authtypes.RelationAssignee),
+				relation,
+				objectType,
+			)
+		if err != nil {
+			return nil, err
+		}
+
+		objects = append(objects, resourceObjects...)
 	}
 
 	return objects, nil
@@ -227,7 +262,7 @@ func (provider *provider) Patch(ctx context.Context, orgID valuer.UUID, role *au
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}
 
-	return provider.store.Update(ctx, orgID, authtypes.NewStorableRoleFromRole(role))
+	return provider.store.Update(ctx, orgID, role)
 }
 
 func (provider *provider) PatchObjects(ctx context.Context, orgID valuer.UUID, name string, relation authtypes.Relation, additions, deletions []*authtypes.Object) error {
@@ -260,17 +295,26 @@ func (provider *provider) Delete(ctx context.Context, orgID valuer.UUID, id valu
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}
 
-	storableRole, err := provider.store.Get(ctx, orgID, id)
+	role, err := provider.store.Get(ctx, orgID, id)
 	if err != nil {
 		return err
 	}
 
-	role := authtypes.NewRoleFromStorableRole(storableRole)
 	err = role.ErrIfManaged()
 	if err != nil {
 		return err
 	}
 
+	for _, cb := range provider.onBeforeRoleDelete {
+		if err := cb(ctx, orgID, id); err != nil {
+			return err
+		}
+	}
+
+	if err := provider.deleteTuples(ctx, role.Name, orgID); err != nil {
+		return errors.WithAdditionalf(err, "failed to delete tuples for the role: %s", role.Name)
+	}
+
 	return provider.store.Delete(ctx, orgID, id)
 }
 
@@ -346,3 +390,62 @@ func (provider *provider) getManagedRoleTransactionTuples(orgID valuer.UUID) ([]
 
 	return tuples, nil
 }
+
+func (provider *provider) deleteTuples(ctx context.Context, roleName string, orgID valuer.UUID) error {
+	subject := authtypes.MustNewSubject(authtypes.TypeableRole, roleName, orgID, &authtypes.RelationAssignee)
+
+	tuples := make([]*openfgav1.TupleKey, 0)
+	for _, objectType := range provider.getUniqueTypes() {
+		typeTuples, err := provider.ReadTuples(ctx, &openfgav1.ReadRequestTupleKey{
+			User:   subject,
+			Object: objectType.StringValue() + ":",
+		})
+		if err != nil {
+			return err
+		}
+		tuples = append(tuples, typeTuples...)
+	}
+
+	if len(tuples) == 0 {
+		return nil
+	}
+
+	for idx := 0; idx < len(tuples); idx += provider.config.OpenFGA.MaxTuplesPerWrite {
+		end := idx + provider.config.OpenFGA.MaxTuplesPerWrite
+		if end > len(tuples) {
+			end = len(tuples)
+		}
+
+		err := provider.Write(ctx, nil, tuples[idx:end])
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (provider *provider) getUniqueTypes() []authtypes.Type {
+	seen := make(map[string]struct{})
+	uniqueTypes := make([]authtypes.Type, 0)
+	for _, register := range provider.registry {
+		for _, typeable := range register.MustGetTypeables() {
+			typeKey := typeable.Type().StringValue()
+			if _, ok := seen[typeKey]; ok {
+				continue
+			}
+			seen[typeKey] = struct{}{}
+			uniqueTypes = append(uniqueTypes, typeable.Type())
+		}
+	}
+	for _, typeable := range provider.MustGetTypeables() {
+		typeKey := typeable.Type().StringValue()
+		if _, ok := seen[typeKey]; ok {
+			continue
+		}
+		seen[typeKey] = struct{}{}
+		uniqueTypes = append(uniqueTypes, typeable.Type())
+	}
+
+	return uniqueTypes
+}

ee/authz/openfgaserver/server.go

@@ -110,10 +110,14 @@ func (server *Server) BatchCheck(ctx context.Context, tupleReq map[string]*openf
 	return server.pkgAuthzService.BatchCheck(ctx, tupleReq)
 }
 
-func (server *Server) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, typeable authtypes.Typeable) ([]*authtypes.Object, error) {
-	return server.pkgAuthzService.ListObjects(ctx, subject, relation, typeable)
+func (server *Server) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, objectType authtypes.Type) ([]*authtypes.Object, error) {
+	return server.pkgAuthzService.ListObjects(ctx, subject, relation, objectType)
 }
 
 func (server *Server) Write(ctx context.Context, additions []*openfgav1.TupleKey, deletions []*openfgav1.TupleKey) error {
 	return server.pkgAuthzService.Write(ctx, additions, deletions)
 }
+
+func (server *Server) ReadTuples(ctx context.Context, tupleKey *openfgav1.ReadRequestTupleKey) ([]*openfgav1.TupleKey, error) {
+	return server.pkgAuthzService.ReadTuples(ctx, tupleKey)
+}

ee/query-service/app/server.go

@@ -12,7 +12,6 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/cache/memorycache"
 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/modules/llmpricingrule/impllmpricingrule"
 
 	"github.com/gorilla/handlers"
 
@@ -112,11 +111,9 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 	}
 
 	// initiate agent config handler
-	llmCostFeature := impllmpricingrule.NewLLMCostFeature(signoz.Modules.LLMPricingRule)
-
 	agentConfMgr, err := agentConf.Initiate(&agentConf.ManagerOptions{
 		Store:         signoz.SQLStore,
-		AgentFeatures: []agentConf.AgentFeature{logParsingPipelineController, llmCostFeature},
+		AgentFeatures: []agentConf.AgentFeature{logParsingPipelineController},
 	})
 	if err != nil {
 		return nil, err

frontend/.oxlintrc.json

@@ -286,6 +286,20 @@
     // Prevents useStore.getState() - export standalone actions instead
     "signoz/no-navigator-clipboard": "error",
     // Prevents navigator.clipboard - use useCopyToClipboard hook instead (disabled in tests via override)
+    "signoz/no-raw-absolute-path": "error",
+    // Prevents window.open(path), window.location.origin + path, window.location.href = path
+    "no-restricted-globals": [
+      "error",
+      {
+        "name": "localStorage",
+        "message": "Use scoped wrappers from api/browser/localstorage/ instead (ensures keys are prefixed when served under a URL base path)."
+      },
+      {
+        "name": "sessionStorage",
+        "message": "Use scoped wrappers from api/browser/sessionstorage/ instead (ensures keys are prefixed when served under a URL base path)."
+      }
+    ],
+    // Prevents direct localStorage/sessionStorage access — use scoped wrappers
     "no-restricted-imports": [
       "error",
       {
@@ -597,8 +611,11 @@
       "rules": {
         "import/first": "off",
         // Should ignore due to mocks
-        "signoz/no-navigator-clipboard": "off"
-        // Tests can use navigator.clipboard directly
+        "signoz/no-navigator-clipboard": "off",
+        // Tests can use navigator.clipboard directly,
+        "signoz/no-raw-absolute-path":"off",
+        "no-restricted-globals": "off"
+        // Tests need raw localStorage/sessionStorage to seed DOM state for isolation
       }
     },
     {

frontend/.stylelintrc.cjs

@@ -1,3 +1,4 @@
+// oxlint-disable-next-line typescript/no-require-imports
 const path = require('path');
 
 module.exports = {

frontend/e2e/test-plan/README.md

@@ -1,29 +0,0 @@
-# SigNoz E2E Test Plan
-
-This directory contains the structured test plan for the SigNoz application. Each subfolder corresponds to a main module or feature area, and contains scenario files for all user journeys, edge cases, and cross-module flows. These documents serve as the basis for generating Playwright MCP-driven E2E tests.
-
-## Structure
-
-- Each main module (e.g., logs, traces, dashboards, alerts, settings, etc.) has its own folder or markdown file.
-- Each file contains detailed scenario templates, including preconditions, step-by-step actions, and expected outcomes.
-- Use these documents to write, review, and update test cases as the application evolves.
-
-## Folders & Files
-
-- `logs/` — Logs module scenarios
-- `traces/` — Traces module scenarios
-- `metrics/` — Metrics module scenarios
-- `dashboards/` — Dashboards module scenarios
-- `alerts/` — Alerts module scenarios
-- `services/` — Services module scenarios
-- `settings/` — Settings and all sub-settings scenarios
-- `onboarding/` — Onboarding and signup flows
-- `navigation/` — Navigation, sidebar, and cross-module flows
-- `exceptions/` — Exception and error handling scenarios
-- `external-apis/` — External API monitoring scenarios
-- `messaging-queues/` — Messaging queue scenarios
-- `infrastructure/` — Infrastructure monitoring scenarios
-- `help-support/` — Help & support scenarios
-- `user-preferences/` — User preferences and personalization scenarios
-- `service-map/` — Service map scenarios
-- `saved-views/` — Saved views scenarios

frontend/e2e/test-plan/settings/README.md

@@ -1,16 +0,0 @@
-# Settings Module Test Plan
-
-This folder contains E2E test scenarios for the Settings module and all sub-settings.
-
-## Scenario Categories
-
-- General settings (org/workspace, branding, version info)
-- Billing settings
-- Members & SSO
-- Custom domain
-- Integrations
-- Notification channels
-- API keys
-- Ingestion
-- Account settings (profile, password, preferences)
-- Keyboard shortcuts

frontend/e2e/test-plan/settings/account-settings.md

@@ -1,43 +0,0 @@
-# Account Settings E2E Scenarios (Updated)
-
-## 1. Update Name
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Click 'Update name' button
-  2. Edit name field in the modal/dialog
-  3. Save changes
-- **Expected:** Name is updated in the UI
-
-## 2. Update Email
-
-- **Note:** The email field is not editable in the current UI.
-
-## 3. Reset Password
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Click 'Reset password' button
-  2. Complete reset flow (modal/dialog or external flow)
-- **Expected:** Password is reset
-
-## 4. Toggle 'Adapt to my timezone'
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Toggle 'Adapt to my timezone' switch
-- **Expected:** Timezone adapts accordingly (UI feedback/confirmation should be checked)
-
-## 5. Toggle Theme (Dark/Light)
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Toggle theme radio buttons ('Dark', 'Light Beta')
-- **Expected:** Theme changes
-
-## 6. Toggle Sidebar Always Open
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Toggle 'Keep the primary sidebar always open' switch
-- **Expected:** Sidebar remains open/closed as per toggle

frontend/e2e/test-plan/settings/api-keys.md

@@ -1,26 +0,0 @@
-# API Keys E2E Scenarios (Updated)
-
-## 1. Create a New API Key
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'New Key' button
-  2. Enter details in the modal/dialog
-  3. Click 'Save'
-- **Expected:** API key is created and listed in the table
-
-## 2. Revoke an API Key
-
-- **Precondition:** API key exists
-- **Steps:**
-  1. In the table, locate the API key row
-  2. Click the revoke/delete button (icon button in the Action column)
-  3. Confirm if prompted
-- **Expected:** API key is revoked/removed from the table
-
-## 3. View API Key Usage
-
-- **Precondition:** API key exists
-- **Steps:**
-  1. View the 'Last used' and 'Expired' columns in the table
-- **Expected:** Usage data is displayed for each API key

frontend/e2e/test-plan/settings/billing.md

@@ -1,17 +0,0 @@
-# Billing Settings E2E Scenarios (Updated)
-
-## 1. View Billing Information
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Navigate to Billing Settings
-  2. Wait for the billing chart/data to finish loading
-- **Expected:**
-  - Billing heading and subheading are displayed
-  - Usage/cost table is visible with columns: Unit, Data Ingested, Price per Unit, Cost (Billing period to date)
-  - "Download CSV" and "Manage Billing" buttons are present and enabled after loading
-  - Test clicking "Download CSV" and "Manage Billing" for expected behavior (e.g., file download, navigation, or modal)
-
-> Note: If these features are expected to trigger specific flows, document the observed behavior for each button.
-
-

frontend/e2e/test-plan/settings/custom-domain.md

@@ -1,18 +0,0 @@
-# Custom Domain E2E Scenarios (Updated)
-
-## 1. Add or Update Custom Domain
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'Customize team’s URL' button
-  2. In the 'Customize your team’s URL' dialog, enter the preferred subdomain
-  3. Click 'Apply Changes'
-- **Expected:** Domain is set/updated for the team (UI feedback/confirmation should be checked)
-
-## 2. Verify Domain Ownership
-
-- **Note:** No explicit 'Verify' button or flow is present in the current UI. If verification is required, it may be handled automatically or via support.
-
-## 3. Remove a Custom Domain
-
-- **Note:** No explicit 'Remove' button or flow is present in the current UI. The only available action is to update the subdomain.

frontend/e2e/test-plan/settings/general.md

@@ -1,31 +0,0 @@
-# General Settings E2E Scenarios
-
-## 1. View General Settings
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Navigate to General Settings
-- **Expected:** General settings are displayed
-
-## 2. Update Organization/Workspace Name
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Edit organization/workspace name
-  2. Save changes
-- **Expected:** Name is updated and visible
-
-## 3. Update Logo or Branding
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Upload new logo/branding
-  2. Save changes
-- **Expected:** Branding is updated
-
-## 4. View Version/Build Info
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. View version/build info section
-- **Expected:** Version/build info is displayed

frontend/e2e/test-plan/settings/ingestion.md

@@ -1,20 +0,0 @@
-# Ingestion E2E Scenarios (Updated)
-
-## 1. View Ingestion Sources
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Navigate to the Integrations page
-- **Expected:** List of available data sources/integrations is displayed
-
-## 2. Configure Ingestion Sources
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'Configure' for a data source/integration
-  2. Complete the configuration flow (modal or page, as available)
-- **Expected:** Source is configured (UI feedback/confirmation should be checked)
-
-## 3. Disable/Enable Ingestion
-
-- **Note:** No visible enable/disable toggle for ingestion sources in the current UI. Ingestion is managed via the Integrations configuration flows.

frontend/e2e/test-plan/settings/integrations.md

@@ -1,51 +0,0 @@
-# Integrations E2E Scenarios (Updated)
-
-## 1. View List of Available Integrations
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Navigate to Integrations
-- **Expected:** List of integrations is displayed, each with a name, description, and 'Configure' button
-
-## 2. Search Integrations by Name/Type
-
-- **Precondition:** Integrations exist
-- **Steps:**
-  1. Enter search/filter criteria in the 'Search for an integration...' box
-- **Expected:** Only matching integrations are shown
-
-## 3. Connect a New Integration
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'Configure' for an integration
-  2. Complete the configuration flow (modal or page, as available)
-- **Expected:** Integration is connected/configured (UI feedback/confirmation should be checked)
-
-## 4. Disconnect an Integration
-
-- **Note:** No visible 'Disconnect' button in the main list. This may be available in the configuration flow for a connected integration.
-
-## 5. Configure Integration Settings
-
-- **Note:** Configuration is handled in the flow after clicking 'Configure' for an integration.
-
-## 6. Test Integration Connection
-
-- **Note:** No visible 'Test Connection' button in the main list. This may be available in the configuration flow.
-
-## 7. View Integration Status/Logs
-
-- **Note:** No visible status/logs section in the main list. This may be available in the configuration flow.
-
-## 8. Filter Integrations by Category
-
-- **Note:** No explicit category filter in the current UI, only a search box.
-
-## 9. View Integration Documentation/Help
-
-- **Note:** No visible 'Help/Docs' button in the main list. This may be available in the configuration flow.
-
-## 10. Update Integration Configuration
-
-- **Note:** Configuration is handled in the flow after clicking 'Configure' for an integration.

frontend/e2e/test-plan/settings/keyboard-shortcuts.md

@@ -1,19 +0,0 @@
-# Keyboard Shortcuts E2E Scenarios (Updated)
-
-## 1. View Keyboard Shortcuts
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Navigate to Keyboard Shortcuts
-- **Expected:** Shortcuts are displayed in categorized tables (Global, Logs Explorer, Query Builder, Dashboard)
-
-## 2. Customize Keyboard Shortcuts (if supported)
-
-- **Note:** Customization is not available in the current UI. Shortcuts are view-only.
-
-## 3. Use Keyboard Shortcuts for Navigation/Actions
-
-- **Precondition:** User is logged in
-- **Steps:**
-  1. Use shortcut for navigation/action (e.g., shift+s for Services, cmd+enter for running query)
-- **Expected:** Navigation/action is performed as per shortcut

frontend/e2e/test-plan/settings/members-sso.md

@@ -1,49 +0,0 @@
-# Members & SSO E2E Scenarios (Updated)
-
-## 1. Invite a New Member
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'Invite Members' button
-  2. In the 'Invite team members' dialog, enter email address, name (optional), and select role
-  3. (Optional) Click 'Add another team member' to invite more
-  4. Click 'Invite team members' to send invite(s)
-- **Expected:** Pending invite appears in the 'Pending Invites' table
-
-## 2. Remove a Member
-
-- **Precondition:** User is admin, member exists
-- **Steps:**
-  1. In the 'Members' table, locate the member row
-  2. Click 'Delete' in the Action column
-  3. Confirm removal if prompted
-- **Expected:** Member is removed from the table
-
-## 3. Update Member Roles
-
-- **Precondition:** User is admin, member exists
-- **Steps:**
-  1. In the 'Members' table, locate the member row
-  2. Click 'Edit' in the Action column
-  3. Change role in the edit dialog/modal
-  4. Save changes
-- **Expected:** Member role is updated in the table
-
-## 4. Configure SSO
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. In the 'Authenticated Domains' section, locate the domain row
-  2. Click 'Configure SSO' or 'Edit Google Auth' as available
-  3. Complete SSO provider configuration in the modal/dialog
-  4. Save settings
-- **Expected:** SSO is configured for the domain
-
-## 5. Login via SSO
-
-- **Precondition:** SSO is configured
-- **Steps:**
-  1. Log out from the app
-  2. On the login page, click 'Login with SSO'
-  3. Complete SSO login flow
-- **Expected:** User is logged in via SSO

frontend/e2e/test-plan/settings/notification-channels.md

@@ -1,39 +0,0 @@
-# Notification Channels E2E Scenarios (Updated)
-
-## 1. Add a New Notification Channel
-
-- **Precondition:** User is admin
-- **Steps:**
-  1. Click 'New Alert Channel' button
-  2. In the 'New Notification Channel' form, fill in required fields (Name, Type, Webhook URL, etc.)
-  3. (Optional) Toggle 'Send resolved alerts'
-  4. (Optional) Click 'Test' to send a test notification
-  5. Click 'Save' to add the channel
-- **Expected:** Channel is added and listed in the table
-
-## 2. Test Notification Channel
-
-- **Precondition:** Channel is being created or edited
-- **Steps:**
-  1. In the 'New Notification Channel' or 'Edit Notification Channel' form, click 'Test'
-- **Expected:** Test notification is sent (UI feedback/confirmation should be checked)
-
-## 3. Remove a Notification Channel
-
-- **Precondition:** Channel is added
-- **Steps:**
-  1. In the table, locate the channel row
-  2. Click 'Delete' in the Action column
-  3. Confirm removal if prompted
-- **Expected:** Channel is removed from the table
-
-## 4. Update Notification Channel Settings
-
-- **Precondition:** Channel is added
-- **Steps:**
-  1. In the table, locate the channel row
-  2. Click 'Edit' in the Action column
-  3. In the 'Edit Notification Channel' form, update fields as needed
-  4. (Optional) Click 'Test' to send a test notification
-  5. Click 'Save' to update the channel
-- **Expected:** Settings are updated

frontend/e2e/test-plan/validation-report.md

@@ -1,199 +0,0 @@
-# SigNoz Test Plan Validation Report
-
-This report documents the validation of the E2E test plan against the current live application using Playwright MCP. Each module is reviewed for coverage, gaps, and required updates.
-
----
-
-## Home Module
-
-- **Coverage:**
-  - Widgets for logs, traces, metrics, dashboards, alerts, services, saved views, onboarding checklist
-  - Quick access buttons: Explore Logs, Create dashboard, Create an alert
-- **Gaps/Updates:**
-  - Add scenarios for checklist interactions (e.g., “I’ll do this later”, progress tracking)
-  - Add scenarios for Saved Views and cross-module links
-  - Add scenario for onboarding checklist completion
-
----
-
-## Logs Module
-
-- **Coverage:**
-  - Explorer, Pipelines, Views tabs
-  - Filtering by service, environment, severity, host, k8s, etc.
-  - Search, save view, create alert, add to dashboard, export, view mode switching
-- **Gaps/Updates:**
-  - Add scenario for quick filter customization
-  - Add scenario for “Old Explorer” button
-  - Add scenario for frequency chart toggle
-  - Add scenario for “Stage & Run Query” workflow
-
----
-
-## Traces Module
-
-- **Coverage:**
-  - Tabs: Explorer, Funnels, Views
-  - Filtering by name, error status, duration, environment, function, service, RPC, status code, HTTP, trace ID, etc.
-  - Search, save view, create alert, add to dashboard, export, view mode switching (List, Traces, Time Series, Table)
-  - Pagination, quick filter customization, group by, aggregation
-- **Gaps/Updates:**
-  - Add scenario for quick filter customization
-  - Add scenario for “Stage & Run Query” workflow
-  - Add scenario for all view modes (List, Traces, Time Series, Table)
-  - Add scenario for group by/aggregation
-  - Add scenario for trace detail navigation (clicking on trace row)
-  - Add scenario for Funnels tab (create/edit/delete funnel)
-  - Add scenario for Views tab (manage saved views)
-
----
-
-## Metrics Module
-
-- **Coverage:**
-  - Tabs: Summary, Explorer, Views
-  - Filtering by metric, type, unit, etc.
-  - Search, save view, add to dashboard, export, view mode switching (chart, table, proportion view)
-  - Pagination, group by, aggregation, custom queries
-- **Gaps/Updates:**
-  - Add scenario for Proportion View in Summary
-  - Add scenario for all view modes (chart, table, proportion)
-  - Add scenario for group by/aggregation
-  - Add scenario for custom queries in Explorer
-  - Add scenario for Views tab (manage saved views)
-
----
-
-## Dashboards Module
-
-- **Coverage:**
-  - List, search, and filter dashboards
-  - Create new dashboard (button and template link)
-  - Edit, delete, and view dashboard details
-  - Add/edit/delete widgets (implied by dashboard detail)
-  - Pagination through dashboards
-- **Gaps/Updates:**
-  - Add scenario for browsing dashboard templates (external link)
-  - Add scenario for requesting new template
-  - Add scenario for dashboard owner and creation info
-  - Add scenario for dashboard tags and filtering by tags
-  - Add scenario for dashboard sharing (if available)
-  - Add scenario for dashboard image/preview
-
----
-
-## Messaging Queues Module
-
-- **Coverage:**
-  - Overview tab: queue metrics, filters (Service Name, Span Name, Msg System, Destination, Kind)
-  - Search across all columns
-  - Pagination of queue data
-  - Sync and Share buttons
-  - Tabs for Kafka and Celery
-- **Gaps/Updates:**
-  - Add scenario for Kafka tab (detailed metrics, actions)
-  - Add scenario for Celery tab (detailed metrics, actions)
-  - Add scenario for filter combinations and edge cases
-  - Add scenario for sharing queue data
-  - Add scenario for time range selection
-
----
-
-## External APIs Module
-
-- **Coverage:**
-  - Accessed via side navigation under MORE
-  - Explorer tab: domain, endpoints, last used, rate, error %, avg. latency
-  - Filters: Deployment Environment, Service Name, Rpc Method, Show IP addresses
-  - Table pagination
-  - Share and Stage & Run Query buttons
-- **Gaps/Updates:**
-  - Add scenario for customizing quick filters
-  - Add scenario for running and staging queries
-  - Add scenario for sharing API data
-  - Add scenario for edge cases in filters and table data
-
----
-
-## Alerts Module
-
-- **Coverage:**
-  - Alert Rules tab: list, search, create (New Alert), edit, delete, enable/disable, severity, labels, actions
-  - Triggered Alerts tab (visible in tablist)
-  - Configuration tab (visible in tablist)
-  - Table pagination
-- **Gaps/Updates:**
-  - Add scenario for triggered alerts (view, acknowledge, resolve)
-  - Add scenario for alert configuration (settings, integrations)
-  - Add scenario for edge cases in alert creation and management
-  - Add scenario for searching and filtering alerts
-
----
-
-## Integrations Module
-
-- **Coverage:**
-  - Integrations tab: list, search, configure (e.g., AWS), request new integration
-  - One-click setup for AWS monitoring
-  - Request more integrations (form)
-- **Gaps/Updates:**
-  - Add scenario for configuring integrations (step-by-step)
-  - Add scenario for searching and filtering integrations
-  - Add scenario for requesting new integrations
-  - Add scenario for edge cases (e.g., failed configuration)
-
----
-
-## Exceptions Module
-
-- **Coverage:**
-  - All Exceptions: list, search, filter (Deployment Environment, Service Name, Host Name, K8s Cluster/Deployment/Namespace, Net Peer Name)
-  - Table: Exception Type, Error Message, Count, Last Seen, First Seen, Application
-  - Pagination
-  - Exception detail links
-  - Share and Stage & Run Query buttons
-- **Gaps/Updates:**
-  - Add scenario for exception detail view
-  - Add scenario for advanced filtering and edge cases
-  - Add scenario for sharing and running queries
-  - Add scenario for error grouping and navigation
-
----
-
-## Service Map Module
-
-- **Coverage:**
-  - Service Map visualization (main graph)
-  - Filters: environment, resource attributes
-  - Time range selection
-  - Sync and Share buttons
-- **Gaps/Updates:**
-  - Add scenario for interacting with the map (zoom, pan, select service)
-  - Add scenario for filtering and edge cases
-  - Add scenario for sharing the map
-  - Add scenario for time range and environment combinations
-
----
-
-## Billing Module
-
-- **Coverage:**
-  - Billing overview: cost monitoring, invoices, CSV download (disabled), manage billing (disabled)
-  - Teams Cloud section
-  - Billing table: Unit, Data Ingested, Price per Unit, Cost (Billing period to date)
-- **Gaps/Updates:**
-  - Add scenario for invoice download and management (when enabled)
-  - Add scenario for cost monitoring and edge cases
-  - Add scenario for billing table data validation
-  - Add scenario for permissions and access control
-
----
-
-## Usage Explorer Module
-
-- **Status:**
-  - Not accessible in the current environment. Removing from test plan flows.
-
----
-
-## [Next modules will be filled as validation proceeds]

frontend/e2e/tests/settings/account-settings/account-settings-settings.spec.ts

@@ -1,42 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Account Settings - View and Assert Static Controls', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Assert General section and controls (confirmed by DOM)
-	await expect(
-		page.getByLabel('My Settings').getByText('General'),
-	).toBeVisible();
-	await expect(page.getByText('Manage your account settings.')).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Update name' })).toBeVisible();
-	await expect(
-		page.getByRole('button', { name: 'Reset password' }),
-	).toBeVisible();
-
-	// Assert User Preferences section and controls (confirmed by DOM)
-	await expect(page.getByText('User Preferences')).toBeVisible();
-	await expect(
-		page.getByText('Tailor the SigNoz console to work according to your needs.'),
-	).toBeVisible();
-	await expect(page.getByText('Select your theme')).toBeVisible();
-
-	const themeSelector = page.getByTestId('theme-selector');
-
-	await expect(themeSelector.getByText('Dark')).toBeVisible();
-	await expect(themeSelector.getByText('Light')).toBeVisible();
-	await expect(themeSelector.getByText('System')).toBeVisible();
-
-	await expect(page.getByTestId('timezone-adaptation-switch')).toBeVisible();
-	await expect(page.getByTestId('side-nav-pinned-switch')).toBeVisible();
-});

frontend/e2e/tests/settings/api-keys/api-keys-settings.spec.ts

@@ -1,42 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('API Keys Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click API Keys tab in the settings sidebar (by data-testid)
-	await page.getByTestId('api-keys').click();
-
-	// Assert heading and subheading
-	await expect(page.getByRole('heading', { name: 'API Keys' })).toBeVisible();
-	await expect(
-		page.getByText('Create and manage API keys for the SigNoz API'),
-	).toBeVisible();
-
-	// Assert presence of New Key button
-	const newKeyBtn = page.getByRole('button', { name: 'New Key' });
-	await expect(newKeyBtn).toBeVisible();
-
-	// Assert table columns
-	await expect(page.getByText('Last used').first()).toBeVisible();
-	await expect(page.getByText('Expired').first()).toBeVisible();
-
-	// Assert at least one API key row with action buttons
-	// Select the first action cell's first button (icon button)
-	const firstActionCell = page.locator('table tr').nth(1).locator('td').last();
-	const deleteBtn = firstActionCell.locator('button').first();
-	await expect(deleteBtn).toBeVisible();
-});

frontend/e2e/tests/settings/billing/billing-settings.spec.ts

@@ -1,71 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-// E2E: Billing Settings - View Billing Information and Button Actions
-
-test('View Billing Information and Button Actions', async ({
-	page,
-	context,
-}) => {
-	// Ensure user is logged in
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Billing tab in the settings sidebar (by data-testid)
-	await page.getByTestId('billing').click();
-
-	// Wait for billing chart/data to finish loading
-	await page.getByText('loading').first().waitFor({ state: 'hidden' });
-
-	// Assert visibility of subheading (unique)
-	await expect(
-		page.getByText(
-			'Manage your billing information, invoices, and monitor costs.',
-		),
-	).toBeVisible();
-	// Assert visibility of Teams Cloud heading
-	await expect(page.getByRole('heading', { name: 'Teams Cloud' })).toBeVisible();
-
-	// Assert presence of summary and detailed tables
-	await expect(page.getByText('TOTAL SPENT')).toBeVisible();
-	await expect(page.getByText('Data Ingested')).toBeVisible();
-	await expect(page.getByText('Price per Unit')).toBeVisible();
-	await expect(page.getByText('Cost (Billing period to date)')).toBeVisible();
-
-	// Assert presence of alert and note
-	await expect(
-		page.getByText('Your current billing period is from', { exact: false }),
-	).toBeVisible();
-	await expect(
-		page.getByText('Billing metrics are updated once every 24 hours.'),
-	).toBeVisible();
-
-	// Test Download CSV button
-	const [download] = await Promise.all([
-		page.waitForEvent('download'),
-		page.getByRole('button', { name: 'cloud-download Download CSV' }).click(),
-	]);
-	// Optionally, check download file name
-	expect(download.suggestedFilename()).toContain('billing_usage');
-
-	// Test Manage Billing button (opens Stripe in new tab)
-	const [newPage] = await Promise.all([
-		context.waitForEvent('page'),
-		page.getByTestId('header-billing-button').click(),
-	]);
-	await newPage.waitForLoadState();
-	expect(newPage.url()).toContain('stripe.com');
-	await newPage.close();
-});

frontend/e2e/tests/settings/custom-domain/custom-domain-settings.spec.ts

@@ -1,52 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Custom Domain Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Custom Domain tab in the settings sidebar (by data-testid)
-	await page.getByTestId('custom-domain').click();
-
-	// Wait for custom domain chart/data to finish loading
-	await page.getByText('loading').first().waitFor({ state: 'hidden' });
-
-	// Assert heading and subheading
-	await expect(
-		page.getByRole('heading', { name: 'Custom Domain Settings' }),
-	).toBeVisible();
-	await expect(
-		page.getByText('Personalize your workspace domain effortlessly.'),
-	).toBeVisible();
-
-	// Assert presence of Customize team’s URL button
-	const customizeBtn = page.getByRole('button', {
-		name: 'Customize team’s URL',
-	});
-	await expect(customizeBtn).toBeVisible();
-	await customizeBtn.click();
-
-	// Assert modal/dialog fields and buttons
-	await expect(
-		page.getByRole('dialog', { name: 'Customize your team’s URL' }),
-	).toBeVisible();
-	await expect(page.getByLabel('Team’s URL subdomain')).toBeVisible();
-	await expect(
-		page.getByRole('button', { name: 'Apply Changes' }),
-	).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Close' })).toBeVisible();
-	// Close the modal
-	await page.getByRole('button', { name: 'Close' }).click();
-});

frontend/e2e/tests/settings/general/general-settings.spec.ts

@@ -1,32 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('View General Settings', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click General tab in the settings sidebar (by data-testid)
-	await page.getByTestId('general').click();
-
-	// Wait for General tab to be visible
-	await page.getByRole('tabpanel', { name: 'General' }).waitFor();
-
-	// Assert visibility of definitive/static elements
-	await expect(page.getByRole('heading', { name: 'Metrics' })).toBeVisible();
-	await expect(page.getByRole('heading', { name: 'Traces' })).toBeVisible();
-	await expect(page.getByRole('heading', { name: 'Logs' })).toBeVisible();
-	await expect(page.getByText('Please')).toBeVisible();
-	await expect(page.getByRole('link', { name: 'email us' })).toBeVisible();
-});

frontend/e2e/tests/settings/ingestion/ingestion-settings.spec.ts

@@ -1,48 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Ingestion Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Ingestion tab in the settings sidebar (by data-testid)
-	await page.getByTestId('ingestion').click();
-
-	// Assert heading and subheading (Integrations page)
-	await expect(
-		page.getByRole('heading', { name: 'Integrations' }),
-	).toBeVisible();
-	await expect(
-		page.getByText('Manage Integrations for this workspace'),
-	).toBeVisible();
-
-	// Assert presence of search box
-	await expect(
-		page.getByPlaceholder('Search for an integration...'),
-	).toBeVisible();
-
-	// Assert at least one data source with Configure button
-	const configureBtn = page.getByRole('button', { name: 'Configure' }).first();
-	await expect(configureBtn).toBeVisible();
-
-	// Assert Request more integrations section
-	await expect(
-		page.getByText(
-			"Can't find what you’re looking for? Request more integrations",
-		),
-	).toBeVisible();
-	await expect(page.getByPlaceholder('Enter integration name...')).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Submit' })).toBeVisible();
-});

frontend/e2e/tests/settings/integrations/integrations-settings.spec.ts

@@ -1,48 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Integrations Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Integrations tab in the settings sidebar (by data-testid)
-	await page.getByTestId('integrations').click();
-
-	// Assert heading and subheading
-	await expect(
-		page.getByRole('heading', { name: 'Integrations' }),
-	).toBeVisible();
-	await expect(
-		page.getByText('Manage Integrations for this workspace'),
-	).toBeVisible();
-
-	// Assert presence of search box
-	await expect(
-		page.getByPlaceholder('Search for an integration...'),
-	).toBeVisible();
-
-	// Assert at least one integration with Configure button
-	const configureBtn = page.getByRole('button', { name: 'Configure' }).first();
-	await expect(configureBtn).toBeVisible();
-
-	// Assert Request more integrations section
-	await expect(
-		page.getByText(
-			"Can't find what you’re looking for? Request more integrations",
-		),
-	).toBeVisible();
-	await expect(page.getByPlaceholder('Enter integration name...')).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Submit' })).toBeVisible();
-});

frontend/e2e/tests/settings/members-sso/members-sso-settings.spec.ts

@@ -1,56 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Members & SSO Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Members & SSO tab in the settings sidebar (by data-testid)
-	await page.getByTestId('members-sso').click();
-
-	// Assert headings and tables
-	await expect(
-		page.getByRole('heading', { name: /Members \(\d+\)/ }),
-	).toBeVisible();
-	await expect(
-		page.getByRole('heading', { name: /Pending Invites \(\d+\)/ }),
-	).toBeVisible();
-	await expect(
-		page.getByRole('heading', { name: 'Authenticated Domains' }),
-	).toBeVisible();
-
-	// Assert Invite Members button is visible and clickable
-	const inviteBtn = page.getByRole('button', { name: /Invite Members/ });
-	await expect(inviteBtn).toBeVisible();
-	await inviteBtn.click();
-	// Assert Invite Members modal/dialog appears (modal title is unique)
-	await expect(page.getByText('Invite team members').first()).toBeVisible();
-	// Close the modal (use unique 'Close' button)
-	await page.getByRole('button', { name: 'Close' }).click();
-
-	// Assert Edit and Delete buttons are present for at least one member
-	const editBtn = page.getByRole('button', { name: /Edit/ }).first();
-	const deleteBtn = page.getByRole('button', { name: /Delete/ }).first();
-	await expect(editBtn).toBeVisible();
-	await expect(deleteBtn).toBeVisible();
-
-	// Assert Add Domains button is visible
-	await expect(page.getByRole('button', { name: /Add Domains/ })).toBeVisible();
-	// Assert Configure SSO or Edit Google Auth button is visible for at least one domain
-	const ssoBtn = page
-		.getByRole('button', { name: /Configure SSO|Edit Google Auth/ })
-		.first();
-	await expect(ssoBtn).toBeVisible();
-});

frontend/e2e/tests/settings/notification-channels/notification-channels-settings.spec.ts

@@ -1,57 +0,0 @@
-import { expect, test } from '@playwright/test';
-
-import { ensureLoggedIn } from '../../../utils/login.util';
-
-test('Notification Channels Settings - View and Interact', async ({ page }) => {
-	await ensureLoggedIn(page);
-
-	// 1. Open the sidebar settings menu using data-testid
-	await page.getByTestId('settings-nav-item').click();
-
-	// 2. Click Account Settings in the dropdown (by role/name or data-testid if available)
-	await page.getByRole('menuitem', { name: 'Account Settings' }).click();
-
-	// Assert the main tabpanel/heading (confirmed by DOM)
-	await expect(page.getByTestId('settings-page-title')).toBeVisible();
-
-	// Focus on the settings page sidenav
-	await page.getByTestId('settings-page-sidenav').focus();
-
-	// Click Notification Channels tab in the settings sidebar (by data-testid)
-	await page.getByTestId('notification-channels').click();
-
-	// Wait for loading to finish
-	await page.getByText('loading').first().waitFor({ state: 'hidden' });
-
-	// Assert presence of New Alert Channel button
-	const newChannelBtn = page.getByRole('button', { name: /New Alert Channel/ });
-	await expect(newChannelBtn).toBeVisible();
-
-	// Assert table columns
-	await expect(page.getByText('Name')).toBeVisible();
-	await expect(page.getByText('Type')).toBeVisible();
-	await expect(page.getByText('Action')).toBeVisible();
-
-	// Click New Alert Channel and assert modal fields/buttons
-	await newChannelBtn.click();
-	await expect(
-		page.getByRole('heading', { name: 'New Notification Channel' }),
-	).toBeVisible();
-	await expect(page.getByLabel('Name')).toBeVisible();
-	await expect(page.getByLabel('Type')).toBeVisible();
-	await expect(page.getByLabel('Webhook URL')).toBeVisible();
-	await expect(
-		page.getByRole('switch', { name: 'Send resolved alerts' }),
-	).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Save' })).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Test' })).toBeVisible();
-	await expect(page.getByRole('button', { name: 'Back' })).toBeVisible();
-	// Close modal
-	await page.getByRole('button', { name: 'Back' }).click();
-
-	// Assert Edit and Delete buttons for at least one channel
-	const editBtn = page.getByRole('button', { name: 'Edit' }).first();
-	const deleteBtn = page.getByRole('button', { name: 'Delete' }).first();
-	await expect(editBtn).toBeVisible();
-	await expect(deleteBtn).toBeVisible();
-});

frontend/e2e/utils/login.util.ts

@@ -1,35 +0,0 @@
-import { Page } from '@playwright/test';
-
-// Read credentials from environment variables
-const username = process.env.LOGIN_USERNAME;
-const password = process.env.LOGIN_PASSWORD;
-const baseURL = process.env.BASE_URL;
-
-/**
- * Ensures the user is logged in. If not, performs the login steps.
- * Follows the MCP process step-by-step.
- */
-export async function ensureLoggedIn(page: Page): Promise<void> {
-	// if already in home page, return
-	if (await page.url().includes('/home')) {
-		return;
-	}
-
-	if (!username || !password) {
-		throw new Error(
-			'E2E_EMAIL and E2E_PASSWORD environment variables must be set.',
-		);
-	}
-
-	await page.goto(`${baseURL}/login`);
-	await page.getByTestId('email').click();
-	await page.getByTestId('email').fill(username);
-	await page.getByTestId('initiate_login').click();
-	await page.getByTestId('password').click();
-	await page.getByTestId('password').fill(password);
-	await page.getByRole('button', { name: 'Login' }).click();
-
-	await page
-		.getByText('Hello there, Welcome to your')
-		.waitFor({ state: 'visible' });
-}

frontend/index.html

@@ -2,6 +2,7 @@
 <html lang="en">
 	<head>
 		<meta charset="utf-8" />
+		<base href="[[.BaseHref]]" />
 		<meta
 			http-equiv="Cache-Control"
 			content="no-cache, no-store, must-revalidate, max-age: 0"
@@ -39,12 +40,12 @@
 		<meta
 			data-react-helmet="true"
 			property="og:image"
-			content="/images/signoz-hero-image.webp"
+			content="[[.BaseHref]]images/signoz-hero-image.webp"
 		/>
 		<meta
 			data-react-helmet="true"
 			name="twitter:image"
-			content="/images/signoz-hero-image.webp"
+			content="[[.BaseHref]]images/signoz-hero-image.webp"
 		/>
 		<meta
 			data-react-helmet="true"
@@ -59,7 +60,7 @@
 		<meta data-react-helmet="true" name="docusaurus_locale" content="en" />
 		<meta data-react-helmet="true" name="docusaurus_tag" content="default" />
 		<meta name="robots" content="noindex" />
-		<link data-react-helmet="true" rel="shortcut icon" href="/favicon.ico" />
+		<link data-react-helmet="true" rel="shortcut icon" href="favicon.ico" />
 	</head>
 	<body data-theme="default">
 		<script>
@@ -67,8 +68,14 @@
 			// Mirrors the logic in ThemeProvider (hooks/useDarkMode/index.tsx).
 			(function () {
 				try {
-					var theme = localStorage.getItem('THEME');
-					var autoSwitch = localStorage.getItem('THEME_AUTO_SWITCH') === 'true';
+					// When served under a URL prefix (e.g. /signoz/), storage keys are scoped
+					// to that prefix by the React app (see utils/storage.ts getScopedKey).
+					// Read the <base> tag — already populated by the Go template — to derive
+					// the same prefix here, before any JS module has loaded.
+					var basePath = (document.querySelector('base') || {}).getAttribute('href') || '/';
+					var prefix = basePath === '/' ? '' : basePath;
+					var theme = localStorage.getItem(prefix + 'THEME');
+					var autoSwitch = localStorage.getItem(prefix + 'THEME_AUTO_SWITCH') === 'true';
 					if (autoSwitch) {
 						theme = window.matchMedia('(prefers-color-scheme: dark)').matches
 							? 'dark'
@@ -136,7 +143,7 @@
 				})(document, 'script');
 			}
 		</script>
-		<link rel="stylesheet" href="/css/uPlot.min.css" />
+		<link rel="stylesheet" href="css/uPlot.min.css" />
 		<script type="module" src="./src/index.tsx"></script>
 	</body>
 </html>

frontend/package.json

@@ -44,7 +44,6 @@
     "@mdx-js/loader": "2.3.0",
     "@mdx-js/react": "2.3.0",
     "@monaco-editor/react": "^4.3.1",
-    "@playwright/test": "1.55.1",
     "@radix-ui/react-tabs": "1.0.4",
     "@radix-ui/react-tooltip": "1.0.7",
     "@sentry/react": "8.41.0",

frontend/playwright.config.ts

@@ -1,95 +0,0 @@
-import { defineConfig, devices } from '@playwright/test';
-import dotenv from 'dotenv';
-import path from 'path';
-
-// Read from ".env" file.
-dotenv.config({ path: path.resolve(__dirname, '.env') });
-
-/**
- * Read environment variables from file.
- * https://github.com/motdotla/dotenv
- */
-// import dotenv from 'dotenv';
-// import path from 'path';
-// dotenv.config({ path: path.resolve(__dirname, '.env') });
-
-/**
- * See https://playwright.dev/docs/test-configuration.
- */
-export default defineConfig({
-	testDir: './e2e/tests',
-	/* Run tests in files in parallel */
-	fullyParallel: true,
-	/* Fail the build on CI if you accidentally left test.only in the source code. */
-	forbidOnly: !!process.env.CI,
-	/* Retry on CI only */
-	retries: process.env.CI ? 2 : 0,
-	/* Run tests in parallel even in CI - optimized for GitHub Actions free tier */
-	workers: process.env.CI ? 2 : undefined,
-	/* Reporter to use. See https://playwright.dev/docs/test-reporters */
-	reporter: 'html',
-	/* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
-	use: {
-		/* Base URL to use in actions like `await page.goto('/')`. */
-		baseURL:
-			process.env.SIGNOZ_E2E_BASE_URL || 'https://app.us.staging.signoz.cloud',
-
-		/* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
-		trace: 'on-first-retry',
-		colorScheme: 'dark',
-		locale: 'en-US',
-		viewport: { width: 1280, height: 720 },
-	},
-
-	/* Configure projects for major browsers */
-	projects: [
-		{
-			name: 'chromium',
-			use: {
-				launchOptions: { args: ['--start-maximized'] },
-				viewport: null,
-				colorScheme: 'dark',
-				locale: 'en-US',
-				baseURL: 'https://app.us.staging.signoz.cloud',
-				trace: 'on-first-retry',
-			},
-		},
-
-		{
-			name: 'firefox',
-			use: { ...devices['Desktop Firefox'] },
-		},
-
-		{
-			name: 'webkit',
-			use: { ...devices['Desktop Safari'] },
-		},
-
-		/* Test against mobile viewports. */
-		// {
-		//   name: 'Mobile Chrome',
-		//   use: { ...devices['Pixel 5'] },
-		// },
-		// {
-		//   name: 'Mobile Safari',
-		//   use: { ...devices['iPhone 12'] },
-		// },
-
-		/* Test against branded browsers. */
-		// {
-		//   name: 'Microsoft Edge',
-		//   use: { ...devices['Desktop Edge'], channel: 'msedge' },
-		// },
-		// {
-		//   name: 'Google Chrome',
-		//   use: { ...devices['Desktop Chrome'], channel: 'chrome' },
-		// },
-	],
-
-	/* Run your local dev server before starting the tests */
-	// webServer: {
-	//   command: 'npm run start',
-	//   url: 'http://localhost:3000',
-	//   reuseExistingServer: !process.env.CI,
-	// },
-});

frontend/plugins/rules/no-raw-absolute-path.mjs

@@ -0,0 +1,152 @@
+/**
+ * Rule: no-raw-absolute-path
+ *
+ * Catches patterns that break at runtime when the app is served from a
+ * sub-path (e.g. /signoz/):
+ *
+ *   1. window.open(path, '_blank')
+ *      → use openInNewTab(path) which calls withBasePath internally
+ *
+ *   2. window.location.origin + path  /  `${window.location.origin}${path}`
+ *      → use getAbsoluteUrl(path)
+ *
+ *   3. frontendBaseUrl: window.location.origin  (bare origin usage)
+ *      → use getBaseUrl() to include the base path
+ *
+ *   4. window.location.href = path
+ *      → use withBasePath(path) or navigate() for internal navigation
+ *
+ * External URLs (first arg starts with "http") are explicitly allowed.
+ */
+
+function isOriginAccess(node) {
+	return (
+		node.type === 'MemberExpression' &&
+		!node.computed &&
+		node.property.name === 'origin' &&
+		node.object.type === 'MemberExpression' &&
+		!node.object.computed &&
+		node.object.property.name === 'location' &&
+		node.object.object.type === 'Identifier' &&
+		node.object.object.name === 'window'
+	);
+}
+
+function isHrefAccess(node) {
+	return (
+		node.type === 'MemberExpression' &&
+		!node.computed &&
+		node.property.name === 'href' &&
+		node.object.type === 'MemberExpression' &&
+		!node.object.computed &&
+		node.object.property.name === 'location' &&
+		node.object.object.type === 'Identifier' &&
+		node.object.object.name === 'window'
+	);
+}
+
+function isExternalUrl(node) {
+	if (node.type === 'Literal' && typeof node.value === 'string') {
+		return node.value.startsWith('http://') || node.value.startsWith('https://');
+	}
+	if (node.type === 'TemplateLiteral' && node.quasis.length > 0) {
+		const raw = node.quasis[0].value.raw;
+		return raw.startsWith('http://') || raw.startsWith('https://');
+	}
+	return false;
+}
+
+
+// window.open(withBasePath(x)) and window.open(getAbsoluteUrl(x)) are already safe.
+function isSafeHelperCall(node) {
+	return (
+		node.type === 'CallExpression' &&
+		node.callee.type === 'Identifier' &&
+		(node.callee.name === 'withBasePath' || node.callee.name === 'getAbsoluteUrl')
+	);
+}
+
+export default {
+	meta: {
+		type: 'suggestion',
+		docs: {
+			description:
+				'Disallow raw window.open and origin-concatenation patterns that miss the runtime base path',
+			category: 'Base Path Safety',
+		},
+		schema: [],
+		messages: {
+			windowOpen:
+				'Use openInNewTab(path) instead of window.open(path, "_blank") — openInNewTab prepends the base path automatically.',
+			originConcat:
+				'Use getAbsoluteUrl(path) instead of window.location.origin + path — getAbsoluteUrl prepends the base path automatically.',
+			originDirect:
+				'Use getBaseUrl() instead of window.location.origin — getBaseUrl includes the base path.',
+			hrefAssign:
+				'Use withBasePath(path) or navigate() instead of window.location.href = path — ensures the base path is included.',
+		},
+	},
+
+	create(context) {
+		return {
+			// window.open(path, ...) — allow only external first-arg URLs
+			CallExpression(node) {
+				const { callee, arguments: args } = node;
+				if (
+					callee.type !== 'MemberExpression' ||
+					callee.object.type !== 'Identifier' ||
+					callee.object.name !== 'window' ||
+					callee.property.name !== 'open'
+				)
+					{return;}
+				if (args.length === 0) {return;}
+				if (isExternalUrl(args[0])) {return;}
+				if (isSafeHelperCall(args[0])) {return;}
+
+				context.report({ node, messageId: 'windowOpen' });
+			},
+
+			// window.location.origin + path
+			BinaryExpression(node) {
+				if (node.operator !== '+') {return;}
+				if (isOriginAccess(node.left) || isOriginAccess(node.right)) {
+					context.report({ node, messageId: 'originConcat' });
+				}
+			},
+
+			// `${window.location.origin}${path}`
+			TemplateLiteral(node) {
+				if (node.expressions.some(isOriginAccess)) {
+					context.report({ node, messageId: 'originConcat' });
+				}
+			},
+
+			// window.location.origin used directly (not in concatenation)
+			// Catches: frontendBaseUrl: window.location.origin
+			MemberExpression(node) {
+				if (!isOriginAccess(node)) {return;}
+
+				const parent = node.parent;
+				// Skip if parent is BinaryExpression with + (handled by BinaryExpression visitor)
+				if (parent.type === 'BinaryExpression' && parent.operator === '+') {return;}
+				// Skip if inside TemplateLiteral (handled by TemplateLiteral visitor)
+				if (parent.type === 'TemplateLiteral') {return;}
+
+				context.report({ node, messageId: 'originDirect' });
+			},
+
+			// window.location.href = path
+			AssignmentExpression(node) {
+				if (node.operator !== '=') {return;}
+				if (!isHrefAccess(node.left)) {return;}
+
+				// Allow external URLs
+				if (isExternalUrl(node.right)) {return;}
+				// Allow safe helper calls
+				if (isSafeHelperCall(node.right)) {return;}
+
+				context.report({ node, messageId: 'hrefAssign' });
+			},
+		};
+	},
+};

frontend/plugins/signoz.mjs

@@ -8,6 +8,7 @@
 import noZustandGetStateInHooks from './rules/no-zustand-getstate-in-hooks.mjs';
 import noNavigatorClipboard from './rules/no-navigator-clipboard.mjs';
 import noUnsupportedAssetPattern from './rules/no-unsupported-asset-pattern.mjs';
+import noRawAbsolutePath from './rules/no-raw-absolute-path.mjs';
 
 export default {
 	meta: {
@@ -17,5 +18,6 @@ export default {
 		'no-zustand-getstate-in-hooks': noZustandGetStateInHooks,
 		'no-navigator-clipboard': noNavigatorClipboard,
 		'no-unsupported-asset-pattern': noUnsupportedAssetPattern,
+		'no-raw-absolute-path': noRawAbsolutePath,
 	},
 };

frontend/prompts/generate-e2e-test.md

@@ -1,16 +0,0 @@
-RULE: All test code for this repo must be generated by following the step-by-step Playwright MCP process as described below.
-
-- You are a playwright test generator.
-- You are given a scenario and you need to generate a playwright test for it.
-- Use login util if not logged in.
-- DO NOT generate test code based on the scenario alone.
-- DO run steps one by one using the tools provided by the Playwright MCP.
-- Only after all steps are completed, emit a Playwright TypeScript test that uses @playwright/test based on message history
-- Gather correct selectors before writing the test
-- DO NOT valiate for dynamic content in the tests, only validate for the correctness with meta data
-- Always inspect the DOM at each navigation or interaction step to determine the correct selector for the next action. Do not assume selectors, confirm via inspection before proceeding.
-- Assert visibility of definitive/static elements in the UI (such as labels, headings, or section titles) rather than dynamic values or content that may change between runs.
-- Save generated test file in the tests directory
-- Execute the test file and iterate until the test passes
-
-

frontend/src/ReactI18/index.tsx

@@ -2,6 +2,7 @@ import { initReactI18next } from 'react-i18next';
 import i18n from 'i18next';
 import LanguageDetector from 'i18next-browser-languagedetector';
 import Backend from 'i18next-http-backend';
+import { getBasePath } from 'utils/basePath';
 
 import cacheBursting from '../../i18n-translations-hash.json';
 
@@ -24,7 +25,7 @@ i18n
 				const ns = namespace[0];
 				const pathkey = `/${language}/${ns}`;
 				const hash = cacheBursting[pathkey as keyof typeof cacheBursting] || '';
-				return `/locales/${language}/${namespace}.json?h=${hash}`;
+				return `${getBasePath()}locales/${language}/${namespace}.json?h=${hash}`;
 			},
 		},
 		react: {

frontend/src/api/browser/localstorage/__tests__/get.test.ts

@@ -0,0 +1,130 @@
+/**
+ * localstorage/get — lazy migration tests.
+ *
+ * basePath is memoized at module init, so each describe block re-imports the
+ * module with a fresh DOM state via jest.isolateModules.
+ */
+
+type GetModule = typeof import('../get');
+
+function loadGetModule(href: string): GetModule {
+	const base = document.createElement('base');
+	base.setAttribute('href', href);
+	document.head.append(base);
+
+	let mod!: GetModule;
+	jest.isolateModules(() => {
+		// oxlint-disable-next-line typescript-eslint/no-require-imports, typescript-eslint/no-var-requires
+		mod = require('../get');
+	});
+	return mod;
+}
+
+afterEach(() => {
+	for (const el of document.head.querySelectorAll('base')) {
+		el.remove();
+	}
+	localStorage.clear();
+});
+
+describe('get — root path "/"', () => {
+	it('reads the bare key', () => {
+		const { default: get } = loadGetModule('/');
+		localStorage.setItem('AUTH_TOKEN', 'tok');
+		expect(get('AUTH_TOKEN')).toBe('tok');
+	});
+
+	it('returns null when key is absent', () => {
+		const { default: get } = loadGetModule('/');
+		expect(get('MISSING')).toBeNull();
+	});
+
+	it('does NOT promote bare keys (no-op at root)', () => {
+		const { default: get } = loadGetModule('/');
+		localStorage.setItem('THEME', 'light');
+		get('THEME');
+		// bare key must still be present — no migration at root
+		expect(localStorage.getItem('THEME')).toBe('light');
+	});
+});
+
+describe('get — prefixed path "/signoz/"', () => {
+	it('reads an already-scoped key directly', () => {
+		const { default: get } = loadGetModule('/signoz/');
+		localStorage.setItem('/signoz/AUTH_TOKEN', 'scoped-tok');
+		expect(get('AUTH_TOKEN')).toBe('scoped-tok');
+	});
+
+	it('returns null when neither scoped nor bare key exists', () => {
+		const { default: get } = loadGetModule('/signoz/');
+		expect(get('MISSING')).toBeNull();
+	});
+
+	it('lazy-migrates bare key to scoped key on first read', () => {
+		const { default: get } = loadGetModule('/signoz/');
+		localStorage.setItem('AUTH_TOKEN', 'old-tok');
+
+		const result = get('AUTH_TOKEN');
+
+		expect(result).toBe('old-tok');
+		expect(localStorage.getItem('/signoz/AUTH_TOKEN')).toBe('old-tok');
+		expect(localStorage.getItem('AUTH_TOKEN')).toBeNull();
+	});
+
+	it('scoped key takes precedence over bare key', () => {
+		const { default: get } = loadGetModule('/signoz/');
+		localStorage.setItem('AUTH_TOKEN', 'bare-tok');
+		localStorage.setItem('/signoz/AUTH_TOKEN', 'scoped-tok');
+
+		expect(get('AUTH_TOKEN')).toBe('scoped-tok');
+		// bare key left untouched — scoped already existed
+		expect(localStorage.getItem('AUTH_TOKEN')).toBe('bare-tok');
+	});
+
+	it('subsequent reads after migration use scoped key (no double-write)', () => {
+		const { default: get } = loadGetModule('/signoz/');
+		localStorage.setItem('THEME', 'dark');
+
+		get('THEME'); // triggers migration
+		localStorage.removeItem('THEME'); // simulate bare key gone
+
+		// second read still finds the scoped key
+		expect(get('THEME')).toBe('dark');
+	});
+});
+
+describe('get — two-prefix isolation', () => {
+	it('/signoz/ and /testing/ do not share migrated values', () => {
+		localStorage.setItem('THEME', 'light');
+
+		const base1 = document.createElement('base');
+		base1.setAttribute('href', '/signoz/');
+		document.head.append(base1);
+		let getSignoz!: GetModule['default'];
+		jest.isolateModules(() => {
+			// oxlint-disable-next-line typescript-eslint/no-require-imports, typescript-eslint/no-var-requires
+			getSignoz = require('../get').default;
+		});
+		base1.remove();
+
+		// migrate bare → /signoz/THEME
+		getSignoz('THEME');
+
+		const base2 = document.createElement('base');
+		base2.setAttribute('href', '/testing/');
+		document.head.append(base2);
+		let getTesting!: GetModule['default'];
+		jest.isolateModules(() => {
+			// oxlint-disable-next-line typescript-eslint/no-require-imports, typescript-eslint/no-var-requires
+			getTesting = require('../get').default;
+		});
+		base2.remove();
+
+		// /testing/ prefix: bare key already gone, scoped key does not exist
+		expect(getTesting('THEME')).toBeNull();
+		expect(localStorage.getItem('/signoz/THEME')).toBe('light');
+		expect(localStorage.getItem('/testing/THEME')).toBeNull();
+	});
+});
+
+export {};

frontend/src/api/browser/localstorage/get.ts

@@ -1,7 +1,26 @@
+/* oxlint-disable no-restricted-globals */
+import { getBasePath } from 'utils/basePath';
+import { getScopedKey } from 'utils/storage';
+
 const get = (key: string): string | null => {
 	try {
-		return localStorage.getItem(key);
-	} catch (e) {
+		const scopedKey = getScopedKey(key);
+		const value = localStorage.getItem(scopedKey);
+
+		// Lazy migration: if running under a URL prefix and the scoped key doesn't
+		// exist yet, fall back to the bare key (written by a previous root deployment).
+		// Promote it to the scoped key and remove the bare key so future reads are fast.
+		if (value === null && getBasePath() !== '/') {
+			const bare = localStorage.getItem(key);
+			if (bare !== null) {
+				localStorage.setItem(scopedKey, bare);
+				localStorage.removeItem(key);
+				return bare;
+			}
+		}
+
+		return value;
+	} catch {
 		return '';
 	}
 };

frontend/src/api/browser/localstorage/remove.ts

@@ -1,8 +1,11 @@
+/* oxlint-disable no-restricted-globals */
+import { getScopedKey } from 'utils/storage';
+
 const remove = (key: string): boolean => {
 	try {
-		window.localStorage.removeItem(key);
+		localStorage.removeItem(getScopedKey(key));
 		return true;
-	} catch (e) {
+	} catch {
 		return false;
 	}
 };

frontend/src/api/browser/localstorage/set.ts

@@ -1,8 +1,11 @@
+/* oxlint-disable no-restricted-globals */
+import { getScopedKey } from 'utils/storage';
+
 const set = (key: string, value: string): boolean => {
 	try {
-		localStorage.setItem(key, value);
+		localStorage.setItem(getScopedKey(key), value);
 		return true;
-	} catch (e) {
+	} catch {
 		return false;
 	}
 };

frontend/src/api/browser/sessionstorage/__tests__/get.test.ts

@@ -0,0 +1,81 @@
+/**
+ * sessionstorage/get — lazy migration tests.
+ * Mirrors the localStorage get tests; same logic, different storage.
+ */
+
+type GetModule = typeof import('../get');
+
+function loadGetModule(href: string): GetModule {
+	const base = document.createElement('base');
+	base.setAttribute('href', href);
+	document.head.append(base);
+
+	let mod!: GetModule;
+	jest.isolateModules(() => {
+		// oxlint-disable-next-line typescript-eslint/no-require-imports, typescript-eslint/no-var-requires
+		mod = require('../get');
+	});
+	return mod;
+}
+
+afterEach(() => {
+	for (const el of document.head.querySelectorAll('base')) {
+		el.remove();
+	}
+	sessionStorage.clear();
+});
+
+describe('get — root path "/"', () => {
+	it('reads the bare key', () => {
+		const { default: get } = loadGetModule('/');
+		sessionStorage.setItem('retry-lazy-refreshed', 'true');
+		expect(get('retry-lazy-refreshed')).toBe('true');
+	});
+
+	it('returns null when key is absent', () => {
+		const { default: get } = loadGetModule('/');
+		expect(get('MISSING')).toBeNull();
+	});
+
+	it('does NOT promote bare keys at root', () => {
+		const { default: get } = loadGetModule('/');
+		sessionStorage.setItem('retry-lazy-refreshed', 'true');
+		get('retry-lazy-refreshed');
+		expect(sessionStorage.getItem('retry-lazy-refreshed')).toBe('true');
+	});
+});
+
+describe('get — prefixed path "/signoz/"', () => {
+	it('reads an already-scoped key directly', () => {
+		const { default: get } = loadGetModule('/signoz/');
+		sessionStorage.setItem('/signoz/retry-lazy-refreshed', 'true');
+		expect(get('retry-lazy-refreshed')).toBe('true');
+	});
+
+	it('returns null when neither scoped nor bare key exists', () => {
+		const { default: get } = loadGetModule('/signoz/');
+		expect(get('MISSING')).toBeNull();
+	});
+
+	it('lazy-migrates bare key to scoped key on first read', () => {
+		const { default: get } = loadGetModule('/signoz/');
+		sessionStorage.setItem('retry-lazy-refreshed', 'true');
+
+		const result = get('retry-lazy-refreshed');
+
+		expect(result).toBe('true');
+		expect(sessionStorage.getItem('/signoz/retry-lazy-refreshed')).toBe('true');
+		expect(sessionStorage.getItem('retry-lazy-refreshed')).toBeNull();
+	});
+
+	it('scoped key takes precedence over bare key', () => {
+		const { default: get } = loadGetModule('/signoz/');
+		sessionStorage.setItem('retry-lazy-refreshed', 'bare');
+		sessionStorage.setItem('/signoz/retry-lazy-refreshed', 'scoped');
+
+		expect(get('retry-lazy-refreshed')).toBe('scoped');
+		expect(sessionStorage.getItem('retry-lazy-refreshed')).toBe('bare');
+	});
+});
+
+export {};

frontend/src/api/browser/sessionstorage/get.ts

@@ -0,0 +1,27 @@
+/* oxlint-disable no-restricted-globals */
+import { getBasePath } from 'utils/basePath';
+import { getScopedKey } from 'utils/storage';
+
+const get = (key: string): string | null => {
+	try {
+		const scopedKey = getScopedKey(key);
+		const value = sessionStorage.getItem(scopedKey);
+
+		// Lazy migration: same pattern as localStorage — promote bare keys written
+		// by a previous root deployment to the scoped key on first read.
+		if (value === null && getBasePath() !== '/') {
+			const bare = sessionStorage.getItem(key);
+			if (bare !== null) {
+				sessionStorage.setItem(scopedKey, bare);
+				sessionStorage.removeItem(key);
+				return bare;
+			}
+		}
+
+		return value;
+	} catch {
+		return '';
+	}
+};
+
+export default get;

frontend/src/api/browser/sessionstorage/remove.ts

@@ -0,0 +1,13 @@
+/* oxlint-disable no-restricted-globals */
+import { getScopedKey } from 'utils/storage';
+
+const remove = (key: string): boolean => {
+	try {
+		sessionStorage.removeItem(getScopedKey(key));
+		return true;
+	} catch {
+		return false;
+	}
+};
+
+export default remove;

frontend/src/api/browser/sessionstorage/set.ts

@@ -0,0 +1,13 @@
+/* oxlint-disable no-restricted-globals */
+import { getScopedKey } from 'utils/storage';
+
+const set = (key: string, value: string): boolean => {
+	try {
+		sessionStorage.setItem(getScopedKey(key), value);
+		return true;
+	} catch {
+		return false;
+	}
+};
+
+export default set;

frontend/src/api/generated/services/llmpricingrules/index.ts

@@ -1,398 +0,0 @@
-/**
- * ! Do not edit manually
- * * The file has been auto-generated using Orval for SigNoz
- * * regenerate with 'yarn generate:api'
- * SigNoz
- */
-import { useMutation, useQuery } from 'react-query';
-import type {
-	InvalidateOptions,
-	MutationFunction,
-	QueryClient,
-	QueryFunction,
-	QueryKey,
-	UseMutationOptions,
-	UseMutationResult,
-	UseQueryOptions,
-	UseQueryResult,
-} from 'react-query';
-
-import type {
-	DeleteLLMPricingRulePathParameters,
-	GetLLMPricingRule200,
-	GetLLMPricingRulePathParameters,
-	ListLLMPricingRules200,
-	ListLLMPricingRulesParams,
-	LlmpricingruletypesUpdatableLLMPricingRulesDTO,
-	RenderErrorResponseDTO,
-} from '../sigNoz.schemas';
-
-import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
-import type { ErrorType, BodyType } from '../../../generatedAPIInstance';
-
-/**
- * Returns all LLM pricing rules for the authenticated org, with pagination.
- * @summary List pricing rules
- */
-export const listLLMPricingRules = (
-	params?: ListLLMPricingRulesParams,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<ListLLMPricingRules200>({
-		url: `/api/v1/llm_pricing_rules`,
-		method: 'GET',
-		params,
-		signal,
-	});
-};
-
-export const getListLLMPricingRulesQueryKey = (
-	params?: ListLLMPricingRulesParams,
-) => {
-	return [`/api/v1/llm_pricing_rules`, ...(params ? [params] : [])] as const;
-};
-
-export const getListLLMPricingRulesQueryOptions = <
-	TData = Awaited<ReturnType<typeof listLLMPricingRules>>,
-	TError = ErrorType<RenderErrorResponseDTO>,
->(
-	params?: ListLLMPricingRulesParams,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof listLLMPricingRules>>,
-			TError,
-			TData
-		>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey =
-		queryOptions?.queryKey ?? getListLLMPricingRulesQueryKey(params);
-
-	const queryFn: QueryFunction<
-		Awaited<ReturnType<typeof listLLMPricingRules>>
-	> = ({ signal }) => listLLMPricingRules(params, signal);
-
-	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
-		Awaited<ReturnType<typeof listLLMPricingRules>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type ListLLMPricingRulesQueryResult = NonNullable<
-	Awaited<ReturnType<typeof listLLMPricingRules>>
->;
-export type ListLLMPricingRulesQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary List pricing rules
- */
-
-export function useListLLMPricingRules<
-	TData = Awaited<ReturnType<typeof listLLMPricingRules>>,
-	TError = ErrorType<RenderErrorResponseDTO>,
->(
-	params?: ListLLMPricingRulesParams,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof listLLMPricingRules>>,
-			TError,
-			TData
-		>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getListLLMPricingRulesQueryOptions(params, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary List pricing rules
- */
-export const invalidateListLLMPricingRules = async (
-	queryClient: QueryClient,
-	params?: ListLLMPricingRulesParams,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getListLLMPricingRulesQueryKey(params) },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * Single write endpoint used by both the user and the Zeus sync job. Per-rule match is by id, then sourceId, then insert. Override rows (is_override=true) are fully preserved when the request does not provide isOverride; only synced_at is stamped.
- * @summary Bulk update pricing rules
- */
-export const updateLLMPricingRules = (
-	llmpricingruletypesUpdatableLLMPricingRulesDTO: BodyType<LlmpricingruletypesUpdatableLLMPricingRulesDTO>,
-) => {
-	return GeneratedAPIInstance<void>({
-		url: `/api/v1/llm_pricing_rules`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: llmpricingruletypesUpdatableLLMPricingRulesDTO,
-	});
-};
-
-export const getUpdateLLMPricingRulesMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateLLMPricingRules>>,
-		TError,
-		{ data: BodyType<LlmpricingruletypesUpdatableLLMPricingRulesDTO> },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateLLMPricingRules>>,
-	TError,
-	{ data: BodyType<LlmpricingruletypesUpdatableLLMPricingRulesDTO> },
-	TContext
-> => {
-	const mutationKey = ['updateLLMPricingRules'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-			'mutationKey' in options.mutation &&
-			options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateLLMPricingRules>>,
-		{ data: BodyType<LlmpricingruletypesUpdatableLLMPricingRulesDTO> }
-	> = (props) => {
-		const { data } = props ?? {};
-
-		return updateLLMPricingRules(data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateLLMPricingRulesMutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateLLMPricingRules>>
->;
-export type UpdateLLMPricingRulesMutationBody =
-	BodyType<LlmpricingruletypesUpdatableLLMPricingRulesDTO>;
-export type UpdateLLMPricingRulesMutationError =
-	ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Bulk update pricing rules
- */
-export const useUpdateLLMPricingRules = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateLLMPricingRules>>,
-		TError,
-		{ data: BodyType<LlmpricingruletypesUpdatableLLMPricingRulesDTO> },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateLLMPricingRules>>,
-	TError,
-	{ data: BodyType<LlmpricingruletypesUpdatableLLMPricingRulesDTO> },
-	TContext
-> => {
-	const mutationOptions = getUpdateLLMPricingRulesMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * Hard-deletes a pricing rule. If auto-synced, it will be recreated on the next sync cycle.
- * @summary Delete a pricing rule
- */
-export const deleteLLMPricingRule = ({
-	id,
-}: DeleteLLMPricingRulePathParameters) => {
-	return GeneratedAPIInstance<void>({
-		url: `/api/v1/llm_pricing_rules/${id}`,
-		method: 'DELETE',
-	});
-};
-
-export const getDeleteLLMPricingRuleMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof deleteLLMPricingRule>>,
-		TError,
-		{ pathParams: DeleteLLMPricingRulePathParameters },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof deleteLLMPricingRule>>,
-	TError,
-	{ pathParams: DeleteLLMPricingRulePathParameters },
-	TContext
-> => {
-	const mutationKey = ['deleteLLMPricingRule'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-			'mutationKey' in options.mutation &&
-			options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof deleteLLMPricingRule>>,
-		{ pathParams: DeleteLLMPricingRulePathParameters }
-	> = (props) => {
-		const { pathParams } = props ?? {};
-
-		return deleteLLMPricingRule(pathParams);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type DeleteLLMPricingRuleMutationResult = NonNullable<
-	Awaited<ReturnType<typeof deleteLLMPricingRule>>
->;
-
-export type DeleteLLMPricingRuleMutationError =
-	ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Delete a pricing rule
- */
-export const useDeleteLLMPricingRule = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof deleteLLMPricingRule>>,
-		TError,
-		{ pathParams: DeleteLLMPricingRulePathParameters },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof deleteLLMPricingRule>>,
-	TError,
-	{ pathParams: DeleteLLMPricingRulePathParameters },
-	TContext
-> => {
-	const mutationOptions = getDeleteLLMPricingRuleMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * Returns a single LLM pricing rule by ID.
- * @summary Get a pricing rule
- */
-export const getLLMPricingRule = (
-	{ id }: GetLLMPricingRulePathParameters,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<GetLLMPricingRule200>({
-		url: `/api/v1/llm_pricing_rules/${id}`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getGetLLMPricingRuleQueryKey = ({
-	id,
-}: GetLLMPricingRulePathParameters) => {
-	return [`/api/v1/llm_pricing_rules/${id}`] as const;
-};
-
-export const getGetLLMPricingRuleQueryOptions = <
-	TData = Awaited<ReturnType<typeof getLLMPricingRule>>,
-	TError = ErrorType<RenderErrorResponseDTO>,
->(
-	{ id }: GetLLMPricingRulePathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getLLMPricingRule>>,
-			TError,
-			TData
-		>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey =
-		queryOptions?.queryKey ?? getGetLLMPricingRuleQueryKey({ id });
-
-	const queryFn: QueryFunction<
-		Awaited<ReturnType<typeof getLLMPricingRule>>
-	> = ({ signal }) => getLLMPricingRule({ id }, signal);
-
-	return {
-		queryKey,
-		queryFn,
-		enabled: !!id,
-		...queryOptions,
-	} as UseQueryOptions<
-		Awaited<ReturnType<typeof getLLMPricingRule>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type GetLLMPricingRuleQueryResult = NonNullable<
-	Awaited<ReturnType<typeof getLLMPricingRule>>
->;
-export type GetLLMPricingRuleQueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Get a pricing rule
- */
-
-export function useGetLLMPricingRule<
-	TData = Awaited<ReturnType<typeof getLLMPricingRule>>,
-	TError = ErrorType<RenderErrorResponseDTO>,
->(
-	{ id }: GetLLMPricingRulePathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getLLMPricingRule>>,
-			TError,
-			TData
-		>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetLLMPricingRuleQueryOptions({ id }, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary Get a pricing rule
- */
-export const invalidateGetLLMPricingRule = async (
-	queryClient: QueryClient,
-	{ id }: GetLLMPricingRulePathParameters,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getGetLLMPricingRuleQueryKey({ id }) },
-		options,
-	);
-
-	return queryClient;
-};

frontend/src/api/generated/services/role/index.ts

@@ -471,7 +471,7 @@ export const getObjects = (
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<GetObjects200>({
-		url: `/api/v1/roles/${id}/relation/${relation}/objects`,
+		url: `/api/v1/roles/${id}/relations/${relation}/objects`,
 		method: 'GET',
 		signal,
 	});
@@ -481,7 +481,7 @@ export const getGetObjectsQueryKey = ({
 	id,
 	relation,
 }: GetObjectsPathParameters) => {
-	return [`/api/v1/roles/${id}/relation/${relation}/objects`] as const;
+	return [`/api/v1/roles/${id}/relations/${relation}/objects`] as const;
 };
 
 export const getGetObjectsQueryOptions = <
@@ -574,7 +574,7 @@ export const patchObjects = (
 	authtypesPatchableObjectsDTO: BodyType<AuthtypesPatchableObjectsDTO>,
 ) => {
 	return GeneratedAPIInstance<string>({
-		url: `/api/v1/roles/${id}/relation/${relation}/objects`,
+		url: `/api/v1/roles/${id}/relations/${relation}/objects`,
 		method: 'PATCH',
 		headers: { 'Content-Type': 'application/json' },
 		data: authtypesPatchableObjectsDTO,

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -795,7 +795,8 @@ export interface CloudintegrationtypesAccountDTO {
 }
 
 export interface CloudintegrationtypesAccountConfigDTO {
-	aws: CloudintegrationtypesAWSAccountConfigDTO;
+	aws?: CloudintegrationtypesAWSAccountConfigDTO;
+	azure?: CloudintegrationtypesAzureAccountConfigDTO;
 }
 
 /**
@@ -829,6 +830,86 @@ export interface CloudintegrationtypesAssetsDTO {
 	dashboards?: CloudintegrationtypesDashboardDTO[] | null;
 }
 
+export interface CloudintegrationtypesAzureAccountConfigDTO {
+	/**
+	 * @type string
+	 */
+	deploymentRegion: string;
+	/**
+	 * @type array
+	 */
+	resourceGroups: string[];
+}
+
+export interface CloudintegrationtypesAzureConnectionArtifactDTO {
+	/**
+	 * @type string
+	 */
+	cliCommand: string;
+	/**
+	 * @type string
+	 */
+	cloudPowerShellCommand: string;
+}
+
+export interface CloudintegrationtypesAzureIntegrationConfigDTO {
+	/**
+	 * @type string
+	 */
+	deploymentRegion: string;
+	/**
+	 * @type array
+	 */
+	resourceGroups: string[];
+	/**
+	 * @type array
+	 */
+	telemetryCollectionStrategy: CloudintegrationtypesAzureTelemetryCollectionStrategyDTO[];
+}
+
+export interface CloudintegrationtypesAzureLogsCollectionStrategyDTO {
+	/**
+	 * @type array
+	 */
+	categoryGroups: string[];
+}
+
+export interface CloudintegrationtypesAzureMetricsCollectionStrategyDTO {
+	[key: string]: unknown;
+}
+
+export interface CloudintegrationtypesAzureServiceConfigDTO {
+	logs: CloudintegrationtypesAzureServiceLogsConfigDTO;
+	metrics: CloudintegrationtypesAzureServiceMetricsConfigDTO;
+}
+
+export interface CloudintegrationtypesAzureServiceLogsConfigDTO {
+	/**
+	 * @type boolean
+	 */
+	enabled?: boolean;
+}
+
+export interface CloudintegrationtypesAzureServiceMetricsConfigDTO {
+	/**
+	 * @type boolean
+	 */
+	enabled?: boolean;
+}
+
+export interface CloudintegrationtypesAzureTelemetryCollectionStrategyDTO {
+	logs?: CloudintegrationtypesAzureLogsCollectionStrategyDTO;
+	metrics?: CloudintegrationtypesAzureMetricsCollectionStrategyDTO;
+	/**
+	 * @type string
+	 */
+	resourceProvider: string;
+	/**
+	 * @type string
+	 */
+	resourceType: string;
+}
+
 /**
  * @nullable
  */
@@ -890,7 +971,8 @@ export interface CloudintegrationtypesCollectedMetricDTO {
 }
 
 export interface CloudintegrationtypesConnectionArtifactDTO {
-	aws: CloudintegrationtypesAWSConnectionArtifactDTO;
+	aws?: CloudintegrationtypesAWSConnectionArtifactDTO;
+	azure?: CloudintegrationtypesAzureConnectionArtifactDTO;
 }
 
 export interface CloudintegrationtypesCredentialsDTO {
@@ -1074,7 +1156,8 @@ export interface CloudintegrationtypesPostableAccountDTO {
 }
 
 export interface CloudintegrationtypesPostableAccountConfigDTO {
-	aws: CloudintegrationtypesAWSPostableAccountConfigDTO;
+	aws?: CloudintegrationtypesAWSPostableAccountConfigDTO;
+	azure?: CloudintegrationtypesAzureAccountConfigDTO;
 }
 
 /**
@@ -1109,7 +1192,8 @@ export interface CloudintegrationtypesPostableAgentCheckInDTO {
 }
 
 export interface CloudintegrationtypesProviderIntegrationConfigDTO {
-	aws: CloudintegrationtypesAWSIntegrationConfigDTO;
+	aws?: CloudintegrationtypesAWSIntegrationConfigDTO;
+	azure?: CloudintegrationtypesAzureIntegrationConfigDTO;
 }
 
 export interface CloudintegrationtypesServiceDTO {
@@ -1137,7 +1221,8 @@ export interface CloudintegrationtypesServiceDTO {
 }
 
 export interface CloudintegrationtypesServiceConfigDTO {
-	aws: CloudintegrationtypesAWSServiceConfigDTO;
+	aws?: CloudintegrationtypesAWSServiceConfigDTO;
+	azure?: CloudintegrationtypesAzureServiceConfigDTO;
 }
 
 export enum CloudintegrationtypesServiceIDDTO {
@@ -1154,6 +1239,8 @@ export enum CloudintegrationtypesServiceIDDTO {
 	s3sync = 's3sync',
 	sns = 'sns',
 	sqs = 'sqs',
+	storageaccountsblob = 'storageaccountsblob',
+	cdnprofile = 'cdnprofile',
 }
 export interface CloudintegrationtypesServiceMetadataDTO {
 	/**
@@ -1186,11 +1273,24 @@ export interface CloudintegrationtypesSupportedSignalsDTO {
 }
 
 export interface CloudintegrationtypesTelemetryCollectionStrategyDTO {
-	aws: CloudintegrationtypesAWSTelemetryCollectionStrategyDTO;
+	aws?: CloudintegrationtypesAWSTelemetryCollectionStrategyDTO;
+	azure?: CloudintegrationtypesAzureTelemetryCollectionStrategyDTO;
 }
 
 export interface CloudintegrationtypesUpdatableAccountDTO {
-	config: CloudintegrationtypesAccountConfigDTO;
+	config: CloudintegrationtypesUpdatableAccountConfigDTO;
+}
+
+export interface CloudintegrationtypesUpdatableAccountConfigDTO {
+	aws?: CloudintegrationtypesAWSAccountConfigDTO;
+	azure?: CloudintegrationtypesUpdatableAzureAccountConfigDTO;
+}
+
+export interface CloudintegrationtypesUpdatableAzureAccountConfigDTO {
+	/**
+	 * @type array
+	 */
+	resourceGroups: string[];
 }
 
 export interface CloudintegrationtypesUpdatableServiceDTO {
@@ -3178,173 +3278,6 @@ export enum InframonitoringtypesResponseTypeDTO {
 	list = 'list',
 	grouped_list = 'grouped_list',
 }
-export interface LlmpricingruletypesGettablePricingRulesDTO {
-	/**
-	 * @type array
-	 * @nullable true
-	 */
-	items: LlmpricingruletypesLLMPricingRuleDTO[] | null;
-	/**
-	 * @type integer
-	 */
-	limit: number;
-	/**
-	 * @type integer
-	 */
-	offset: number;
-	/**
-	 * @type integer
-	 */
-	total: number;
-}
-
-export interface LlmpricingruletypesLLMPricingRuleDTO {
-	cacheMode: LlmpricingruletypesLLMPricingRuleCacheModeDTO;
-	/**
-	 * @type number
-	 * @format double
-	 */
-	costCacheRead: number;
-	/**
-	 * @type number
-	 * @format double
-	 */
-	costCacheWrite: number;
-	/**
-	 * @type number
-	 * @format double
-	 */
-	costInput: number;
-	/**
-	 * @type number
-	 * @format double
-	 */
-	costOutput: number;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	createdAt?: Date;
-	/**
-	 * @type string
-	 */
-	createdBy?: string;
-	/**
-	 * @type boolean
-	 */
-	enabled: boolean;
-	/**
-	 * @type string
-	 */
-	id: string;
-	/**
-	 * @type boolean
-	 */
-	isOverride: boolean;
-	/**
-	 * @type string
-	 */
-	modelName: string;
-	/**
-	 * @type array
-	 * @nullable true
-	 */
-	modelPattern: string[] | null;
-	/**
-	 * @type string
-	 */
-	orgId: string;
-	/**
-	 * @type string
-	 */
-	sourceId?: string;
-	/**
-	 * @type string
-	 * @format date-time
-	 * @nullable true
-	 */
-	syncedAt?: Date | null;
-	unit: LlmpricingruletypesLLMPricingRuleUnitDTO;
-	/**
-	 * @type string
-	 * @format date-time
-	 */
-	updatedAt?: Date;
-	/**
-	 * @type string
-	 */
-	updatedBy?: string;
-}
-
-export enum LlmpricingruletypesLLMPricingRuleCacheModeDTO {
-	subtract = 'subtract',
-	additive = 'additive',
-	unknown = 'unknown',
-}
-export enum LlmpricingruletypesLLMPricingRuleUnitDTO {
-	per_million_tokens = 'per_million_tokens',
-}
-export interface LlmpricingruletypesUpdatableLLMPricingRuleDTO {
-	cacheMode: LlmpricingruletypesLLMPricingRuleCacheModeDTO;
-	/**
-	 * @type number
-	 * @format double
-	 */
-	costCacheRead: number;
-	/**
-	 * @type number
-	 * @format double
-	 */
-	costCacheWrite: number;
-	/**
-	 * @type number
-	 * @format double
-	 */
-	costInput: number;
-	/**
-	 * @type number
-	 * @format double
-	 */
-	costOutput: number;
-	/**
-	 * @type boolean
-	 */
-	enabled: boolean;
-	/**
-	 * @type string
-	 * @nullable true
-	 */
-	id?: string | null;
-	/**
-	 * @type boolean
-	 * @nullable true
-	 */
-	isOverride?: boolean | null;
-	/**
-	 * @type string
-	 */
-	modelName: string;
-	/**
-	 * @type array
-	 * @nullable true
-	 */
-	modelPattern: string[] | null;
-	/**
-	 * @type string
-	 * @nullable true
-	 */
-	sourceId?: string | null;
-	unit: LlmpricingruletypesLLMPricingRuleUnitDTO;
-}
-
-export interface LlmpricingruletypesUpdatableLLMPricingRulesDTO {
-	/**
-	 * @type array
-	 * @nullable true
-	 */
-	rules: LlmpricingruletypesUpdatableLLMPricingRuleDTO[] | null;
-}
-
 export interface MetricsexplorertypesInspectMetricsRequestDTO {
 	/**
 	 * @type integer
@@ -6490,41 +6423,6 @@ export type CreateInvite201 = {
 	status: string;
 };
 
-export type ListLLMPricingRulesParams = {
-	/**
-	 * @type integer
-	 * @description undefined
-	 */
-	offset?: number;
-	/**
-	 * @type integer
-	 * @description undefined
-	 */
-	limit?: number;
-};
-
-export type ListLLMPricingRules200 = {
-	data: LlmpricingruletypesGettablePricingRulesDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
-export type DeleteLLMPricingRulePathParameters = {
-	id: string;
-};
-export type GetLLMPricingRulePathParameters = {
-	id: string;
-};
-export type GetLLMPricingRule200 = {
-	data: LlmpricingruletypesLLMPricingRuleDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
 export type ListPromotedAndIndexedPaths200 = {
 	/**
 	 * @type array

frontend/src/api/generatedAPIInstance.ts

@@ -1,5 +1,6 @@
 import {
 	interceptorRejected,
+	interceptorsRequestBasePath,
 	interceptorsRequestResponse,
 	interceptorsResponse,
 } from 'api';
@@ -17,7 +18,9 @@ export const GeneratedAPIInstance = <T>(
 	return generatedAPIAxiosInstance({ ...config }).then(({ data }) => data);
 };
 
+generatedAPIAxiosInstance.interceptors.request.use(interceptorsRequestBasePath);
 generatedAPIAxiosInstance.interceptors.request.use(interceptorsRequestResponse);
+generatedAPIAxiosInstance.interceptors.request.use(interceptorsRequestBasePath);
 generatedAPIAxiosInstance.interceptors.response.use(
 	interceptorsResponse,
 	interceptorRejected,

frontend/src/api/index.ts

@@ -11,6 +11,7 @@ import axios, {
 import { ENVIRONMENT } from 'constants/env';
 import { Events } from 'constants/events';
 import { LOCALSTORAGE } from 'constants/localStorage';
+import { getBasePath } from 'utils/basePath';
 import { eventEmitter } from 'utils/getEventEmitter';
 
 import apiV1, { apiAlertManager, apiV2, apiV3, apiV4, apiV5 } from './apiV1';
@@ -67,6 +68,39 @@ export const interceptorsRequestResponse = (
 	return value;
 };
 
+// Strips the leading '/' from path and joins with base — idempotent if already prefixed.
+// e.g. prependBase('/signoz/', '/api/v1/') → '/signoz/api/v1/'
+function prependBase(base: string, path: string): string {
+	return path.startsWith(base) ? path : base + path.slice(1);
+}
+
+// Prepends the runtime base path to outgoing requests so API calls work under
+// a URL prefix (e.g. /signoz/api/v1/…). No-op for root deployments and dev
+// (dev baseURL is a full http:// URL, not an absolute path).
+export const interceptorsRequestBasePath = (
+	value: InternalAxiosRequestConfig,
+): InternalAxiosRequestConfig => {
+	const basePath = getBasePath();
+	if (basePath === '/') {
+		return value;
+	}
+
+	if (value.baseURL?.startsWith('/')) {
+		// Production relative baseURL: '/api/v1/' → '/signoz/api/v1/'
+		value.baseURL = prependBase(basePath, value.baseURL);
+	} else if (value.baseURL?.startsWith('http')) {
+		// Dev absolute baseURL (VITE_FRONTEND_API_ENDPOINT): 'https://host/api/v1/' → 'https://host/signoz/api/v1/'
+		const url = new URL(value.baseURL);
+		url.pathname = prependBase(basePath, url.pathname);
+		value.baseURL = url.toString();
+	} else if (!value.baseURL && value.url?.startsWith('/')) {
+		// Orval-generated client (empty baseURL, path in url): '/api/signoz/v1/rules' → '/signoz/api/signoz/v1/rules'
+		value.url = prependBase(basePath, value.url);
+	}
+
+	return value;
+};
+
 export const interceptorRejected = async (
 	value: AxiosResponse<any>,
 ): Promise<AxiosResponse<any>> => {
@@ -133,6 +167,7 @@ const instance = axios.create({
 });
 
 instance.interceptors.request.use(interceptorsRequestResponse);
+instance.interceptors.request.use(interceptorsRequestBasePath);
 instance.interceptors.response.use(interceptorsResponse, interceptorRejected);
 
 export const AxiosAlertManagerInstance = axios.create({
@@ -147,6 +182,7 @@ ApiV2Instance.interceptors.response.use(
 	interceptorRejected,
 );
 ApiV2Instance.interceptors.request.use(interceptorsRequestResponse);
+ApiV2Instance.interceptors.request.use(interceptorsRequestBasePath);
 
 // axios V3
 export const ApiV3Instance = axios.create({
@@ -158,6 +194,7 @@ ApiV3Instance.interceptors.response.use(
 	interceptorRejected,
 );
 ApiV3Instance.interceptors.request.use(interceptorsRequestResponse);
+ApiV3Instance.interceptors.request.use(interceptorsRequestBasePath);
 //
 
 // axios V4
@@ -170,6 +207,7 @@ ApiV4Instance.interceptors.response.use(
 	interceptorRejected,
 );
 ApiV4Instance.interceptors.request.use(interceptorsRequestResponse);
+ApiV4Instance.interceptors.request.use(interceptorsRequestBasePath);
 //
 
 // axios V5
@@ -182,6 +220,7 @@ ApiV5Instance.interceptors.response.use(
 	interceptorRejected,
 );
 ApiV5Instance.interceptors.request.use(interceptorsRequestResponse);
+ApiV5Instance.interceptors.request.use(interceptorsRequestBasePath);
 //
 
 // axios Base
@@ -194,6 +233,7 @@ LogEventAxiosInstance.interceptors.response.use(
 	interceptorRejectedBase,
 );
 LogEventAxiosInstance.interceptors.request.use(interceptorsRequestResponse);
+LogEventAxiosInstance.interceptors.request.use(interceptorsRequestBasePath);
 //
 
 AxiosAlertManagerInstance.interceptors.response.use(
@@ -201,6 +241,7 @@ AxiosAlertManagerInstance.interceptors.response.use(
 	interceptorRejected,
 );
 AxiosAlertManagerInstance.interceptors.request.use(interceptorsRequestResponse);
+AxiosAlertManagerInstance.interceptors.request.use(interceptorsRequestBasePath);
 
 export { apiV1 };
 export default instance;

frontend/src/api/logs/livetail.ts

@@ -3,13 +3,16 @@ import getLocalStorageKey from 'api/browser/localstorage/get';
 import { ENVIRONMENT } from 'constants/env';
 import { LOCALSTORAGE } from 'constants/localStorage';
 import { EventSourcePolyfill } from 'event-source-polyfill';
+import { withBasePath } from 'utils/basePath';
 
 // 10 min in ms
 const TIMEOUT_IN_MS = 10 * 60 * 1000;
 
 export const LiveTail = (queryParams: string): EventSourcePolyfill =>
 	new EventSourcePolyfill(
-		`${ENVIRONMENT.baseURL}${apiV1}logs/tail?${queryParams}`,
+		ENVIRONMENT.baseURL
+			? `${ENVIRONMENT.baseURL}${apiV1}logs/tail?${queryParams}`
+			: withBasePath(`${apiV1}logs/tail?${queryParams}`),
 		{
 			headers: {
 				Authorization: `Bearer ${getLocalStorageKey(LOCALSTORAGE.AUTH_TOKEN)}`,

frontend/src/components/CeleryTask/useNavigateToExplorer.ts

@@ -12,6 +12,7 @@ import { AppState } from 'store/reducers';
 import { Query, TagFilterItem } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource, MetricAggregateOperator } from 'types/common/queryBuilder';
 import { GlobalReducer } from 'types/reducer/globalTime';
+import { withBasePath } from 'utils/basePath';
 
 export interface NavigateToExplorerProps {
 	filters: TagFilterItem[];
@@ -133,7 +134,7 @@ export function useNavigateToExplorer(): (
 				QueryParams.compositeQuery
 			}=${JSONCompositeQuery}`;
 
-			window.open(newExplorerPath, sameTab ? '_self' : '_blank');
+			window.open(withBasePath(newExplorerPath), sameTab ? '_self' : '_blank');
 		},
 		[
 			prepareQuery,

frontend/src/components/ChatSupportGateway/ChatSupportGateway.tsx

@@ -9,6 +9,7 @@ import { CreditCard, MessageSquareText, X } from 'lucide-react';
 import { SuccessResponseV2 } from 'types/api';
 import { CheckoutSuccessPayloadProps } from 'types/api/billing/checkout';
 import APIError from 'types/api/error';
+import { getBaseUrl } from 'utils/basePath';
 
 export default function ChatSupportGateway(): JSX.Element {
 	const { notifications } = useNotifications();
@@ -54,7 +55,7 @@ export default function ChatSupportGateway(): JSX.Element {
 		});
 
 		updateCreditCard({
-			url: window.location.origin,
+			url: getBaseUrl(),
 		});
 	};
 

frontend/src/components/EditMemberDrawer/EditMemberDrawer.tsx

@@ -28,6 +28,7 @@ import { useAppContext } from 'providers/App/App';
 import { useErrorModal } from 'providers/ErrorModalProvider';
 import { useTimezone } from 'providers/Timezone';
 import APIError from 'types/api/error';
+import { getAbsoluteUrl } from 'utils/basePath';
 import { toAPIError } from 'utils/errorUtils';
 
 import DeleteMemberDialog from './DeleteMemberDialog';
@@ -381,7 +382,7 @@ function EditMemberDrawer({
 				pathParams: { id: member.id },
 			});
 			if (response?.data?.token) {
-				const link = `${window.location.origin}/password-reset?token=${response.data.token}`;
+				const link = getAbsoluteUrl(`/password-reset?token=${response.data.token}`);
 				setResetLink(link);
 				setResetLinkExpiresAt(
 					response.data.expiresAt

frontend/src/components/HeaderRightSection/ShareURLModal.tsx

@@ -13,6 +13,7 @@ import GetMinMax from 'lib/getMinMax';
 import { Check, Info, Link2 } from 'lucide-react';
 import { AppState } from 'store/reducers';
 import { GlobalReducer } from 'types/reducer/globalTime';
+import { getAbsoluteUrl } from 'utils/basePath';
 
 const routesToBeSharedWithTime = [
 	ROUTES.LOGS_EXPLORER,
@@ -80,17 +81,13 @@ function ShareURLModal(): JSX.Element {
 
 				urlQuery.delete(QueryParams.relativeTime);
 
-				currentUrl = `${window.location.origin}${
-					location.pathname
-				}?${urlQuery.toString()}`;
+				currentUrl = getAbsoluteUrl(`${location.pathname}?${urlQuery.toString()}`);
 			} else {
 				urlQuery.delete(QueryParams.startTime);
 				urlQuery.delete(QueryParams.endTime);
 
 				urlQuery.set(QueryParams.relativeTime, selectedTime);
-				currentUrl = `${window.location.origin}${
-					location.pathname
-				}?${urlQuery.toString()}`;
+				currentUrl = getAbsoluteUrl(`${location.pathname}?${urlQuery.toString()}`);
 			}
 		}
 

frontend/src/components/InviteMembersModal/InviteMembersModal.tsx

@@ -17,6 +17,7 @@ import { useErrorModal } from 'providers/ErrorModalProvider';
 import APIError from 'types/api/error';
 import { ROLES } from 'types/roles';
 import { EMAIL_REGEX } from 'utils/app';
+import { getBaseUrl } from 'utils/basePath';
 import { popupContainer } from 'utils/selectPopupContainer';
 import { v4 as uuid } from 'uuid';
 
@@ -191,7 +192,7 @@ function InviteMembersModal({
 					email: row.email.trim(),
 					name: '',
 					role: row.role as ROLES,
-					frontendBaseUrl: window.location.origin,
+					frontendBaseUrl: getBaseUrl(),
 				});
 			} else {
 				await inviteUsers({
@@ -199,7 +200,7 @@ function InviteMembersModal({
 						email: row.email.trim(),
 						name: '',
 						role: row.role,
-						frontendBaseUrl: window.location.origin,
+						frontendBaseUrl: getBaseUrl(),
 					})),
 				});
 			}

frontend/src/components/LaunchChatSupport/LaunchChatSupport.tsx

@@ -14,6 +14,7 @@ import { useAppContext } from 'providers/App/App';
 import { SuccessResponseV2 } from 'types/api';
 import { CheckoutSuccessPayloadProps } from 'types/api/billing/checkout';
 import APIError from 'types/api/error';
+import { getBaseUrl } from 'utils/basePath';
 
 import './LaunchChatSupport.styles.scss';
 
@@ -154,7 +155,7 @@ function LaunchChatSupport({
 		});
 
 		updateCreditCard({
-			url: window.location.origin,
+			url: getBaseUrl(),
 		});
 	};
 

frontend/src/components/LearnMore/LearnMore.tsx

@@ -1,6 +1,7 @@
 import { Color } from '@signozhq/design-tokens';
 import { Button } from 'antd';
 import { ArrowUpRight } from 'lucide-react';
+import { openInNewTab } from 'utils/navigation';
 
 import './LearnMore.styles.scss';
 
@@ -14,7 +15,7 @@ function LearnMore({ text, url, onClick }: LearnMoreProps): JSX.Element {
 	const handleClick = (): void => {
 		onClick?.();
 		if (url) {
-			window.open(url, '_blank');
+			openInNewTab(url);
 		}
 	};
 	return (

frontend/src/components/MessagingQueueHealthCheck/AttributeCheckList.tsx

@@ -20,6 +20,7 @@ import {
 	KAFKA_SETUP_DOC_LINK,
 	MessagingQueueHealthCheckService,
 } from 'pages/MessagingQueues/MessagingQueuesUtils';
+import { openInNewTab } from 'utils/navigation';
 import { v4 as uuid } from 'uuid';
 
 import './MessagingQueueHealthCheck.styles.scss';
@@ -76,7 +77,7 @@ function ErrorTitleAndKey({
 		if (isCloudUserVal && !!link) {
 			history.push(link);
 		} else {
-			window.open(KAFKA_SETUP_DOC_LINK, '_blank');
+			openInNewTab(KAFKA_SETUP_DOC_LINK);
 		}
 	};
 	return {

frontend/src/components/QueryBuilderV2/QueryV2/previousQuery.utils.ts

@@ -1,10 +1,13 @@
+import getSessionStorageApi from 'api/browser/sessionstorage/get';
+import removeSessionStorageApi from 'api/browser/sessionstorage/remove';
+import setSessionStorageApi from 'api/browser/sessionstorage/set';
 import { IBuilderQuery } from 'types/api/queryBuilder/queryBuilderData';
 
 export const PREVIOUS_QUERY_KEY = 'previousQuery';
 
 function getPreviousQueryFromStore(): Record<string, IBuilderQuery> {
 	try {
-		const raw = sessionStorage.getItem(PREVIOUS_QUERY_KEY);
+		const raw = getSessionStorageApi(PREVIOUS_QUERY_KEY);
 		if (!raw) {
 			return {};
 		}
@@ -17,7 +20,7 @@ function getPreviousQueryFromStore(): Record<string, IBuilderQuery> {
 
 function writePreviousQueryToStore(store: Record<string, IBuilderQuery>): void {
 	try {
-		sessionStorage.setItem(PREVIOUS_QUERY_KEY, JSON.stringify(store));
+		setSessionStorageApi(PREVIOUS_QUERY_KEY, JSON.stringify(store));
 	} catch {
 		// ignore quota or serialization errors
 	}
@@ -63,7 +66,7 @@ export const removeKeyFromPreviousQuery = (key: string): void => {
 
 export const clearPreviousQuery = (): void => {
 	try {
-		sessionStorage.removeItem(PREVIOUS_QUERY_KEY);
+		removeSessionStorageApi(PREVIOUS_QUERY_KEY);
 	} catch {
 		// no-op
 	}

frontend/src/components/ResizeTable/DynamicColumnTable.tsx

@@ -108,8 +108,7 @@ function DynamicColumnTable({
 		// Update URL with new page number while preserving other params
 		urlQuery.set('page', page.toString());
 
-		const newUrl = `${window.location.pathname}?${urlQuery.toString()}`;
-		safeNavigate(newUrl);
+		safeNavigate({ search: `?${urlQuery.toString()}` });
 
 		// Call original pagination handler if provided
 		if (pagination?.onChange && !!pageSize) {

frontend/src/components/ResizeTable/utils.ts

@@ -1,3 +1,6 @@
+import getLocalStorageKey from 'api/browser/localstorage/get';
+import setLocalStorageKey from 'api/browser/localstorage/set';
+
 import { DynamicColumnsKey } from './contants';
 import {
 	GetNewColumnDataFunction,
@@ -12,7 +15,7 @@ export const getVisibleColumns: GetVisibleColumnsFunction = ({
 }) => {
 	let columnVisibilityData: { [key: string]: boolean };
 	try {
-		const storedData = localStorage.getItem(tablesource);
+		const storedData = getLocalStorageKey(tablesource);
 		if (typeof storedData === 'string' && dynamicColumns) {
 			columnVisibilityData = JSON.parse(storedData);
 			return dynamicColumns.filter((column) => {
@@ -28,7 +31,7 @@ export const getVisibleColumns: GetVisibleColumnsFunction = ({
 			initialColumnVisibility[key] = false;
 		});
 
-		localStorage.setItem(tablesource, JSON.stringify(initialColumnVisibility));
+		setLocalStorageKey(tablesource, JSON.stringify(initialColumnVisibility));
 	} catch (error) {
 		console.error(error);
 	}
@@ -42,14 +45,14 @@ export const setVisibleColumns = ({
 	dynamicColumns,
 }: SetVisibleColumnsProps): void => {
 	try {
-		const storedData = localStorage.getItem(tablesource);
+		const storedData = getLocalStorageKey(tablesource);
 		if (typeof storedData === 'string' && dynamicColumns) {
 			const columnVisibilityData = JSON.parse(storedData);
 			const { key } = dynamicColumns[index];
 			if (key) {
 				columnVisibilityData[key] = checked;
 			}
-			localStorage.setItem(tablesource, JSON.stringify(columnVisibilityData));
+			setLocalStorageKey(tablesource, JSON.stringify(columnVisibilityData));
 		}
 	} catch (error) {
 		console.error(error);

frontend/src/container/ApiMonitoring/Explorer/Domains/DomainDetails/components/DependentServices.tsx

@@ -9,6 +9,7 @@ import {
 } from 'container/ApiMonitoring/utils';
 import { UnfoldVertical } from 'lucide-react';
 import { SuccessResponse } from 'types/api';
+import { openInNewTab } from 'utils/navigation';
 
 import emptyStateUrl from '@/assets/Icons/emptyState.svg';
 
@@ -94,20 +95,14 @@ function DependentServices({
 					}}
 					onRow={(record): { onClick: () => void; className: string } => ({
 						onClick: (): void => {
-							const url = new URL(
-								`/services/${
-									record.serviceData.serviceName &&
-									record.serviceData.serviceName !== '-'
-										? record.serviceData.serviceName
-										: ''
-								}`,
-								window.location.origin,
-							);
+							const serviceName =
+								record.serviceData.serviceName && record.serviceData.serviceName !== '-'
+									? record.serviceData.serviceName
+									: '';
 							const urlQuery = new URLSearchParams();
 							urlQuery.set(QueryParams.startTime, timeRange.startTime.toString());
 							urlQuery.set(QueryParams.endTime, timeRange.endTime.toString());
-							url.search = urlQuery.toString();
-							window.open(url.toString(), '_blank');
+							openInNewTab(`/services/${serviceName}?${urlQuery.toString()}`);
 						},
 						className: 'clickable-row',
 					})}

frontend/src/container/AppLayout/index.tsx

@@ -73,6 +73,7 @@ import {
 import { UserPreference } from 'types/api/preferences/preference';
 import AppReducer from 'types/reducer/app';
 import { USER_ROLES } from 'types/roles';
+import { getBaseUrl } from 'utils/basePath';
 import { showErrorNotification } from 'utils/error';
 import { eventEmitter } from 'utils/getEventEmitter';
 import {
@@ -461,7 +462,7 @@ function AppLayout(props: AppLayoutProps): JSX.Element {
 
 	const handleFailedPayment = useCallback((): void => {
 		manageCreditCard({
-			url: window.location.origin,
+			url: getBaseUrl(),
 		});
 	}, [manageCreditCard]);
 

frontend/src/container/BillingContainer/BillingContainer.tsx

@@ -31,6 +31,7 @@ import { isEmpty, pick } from 'lodash-es';
 import { useAppContext } from 'providers/App/App';
 import { SuccessResponseV2 } from 'types/api';
 import { CheckoutSuccessPayloadProps } from 'types/api/billing/checkout';
+import { getBaseUrl } from 'utils/basePath';
 import { getFormattedDate, getRemainingDays } from 'utils/timeUtils';
 
 import { BillingUsageGraph } from './BillingUsageGraph/BillingUsageGraph';
@@ -324,7 +325,7 @@ export default function BillingContainer(): JSX.Element {
 			});
 
 			updateCreditCard({
-				url: window.location.origin,
+				url: getBaseUrl(),
 			});
 		} else {
 			logEvent('Billing : Manage Billing', {
@@ -333,7 +334,7 @@ export default function BillingContainer(): JSX.Element {
 			});
 
 			manageCreditCard({
-				url: window.location.origin,
+				url: getBaseUrl(),
 			});
 		}
 		// eslint-disable-next-line react-hooks/exhaustive-deps

frontend/src/container/CreateAlertRule/SelectAlertType/index.tsx

@@ -7,6 +7,7 @@ import { FeatureKeys } from 'constants/features';
 import { useAppContext } from 'providers/App/App';
 import { AlertTypes } from 'types/api/alerts/alertTypes';
 import { isModifierKeyPressed } from 'utils/app';
+import { openInNewTab } from 'utils/navigation';
 
 import { getOptionList } from './config';
 import { AlertTypeCard, SelectTypeContainer } from './styles';
@@ -55,7 +56,7 @@ function SelectAlertType({ onSelect }: SelectAlertTypeProps): JSX.Element {
 			page: 'New alert data source selection page',
 		});
 
-		window.open(url, '_blank');
+		openInNewTab(url);
 	}
 	const renderOptions = useMemo(
 		() => (

frontend/src/container/CreateAlertV2/AlertCondition/utils.tsx

@@ -14,6 +14,7 @@ import { IUser } from 'providers/App/types';
 import { Query } from 'types/api/queryBuilder/queryBuilderData';
 import { EQueryType } from 'types/common/dashboard';
 import { USER_ROLES } from 'types/roles';
+import { openInNewTab } from 'utils/navigation';
 
 import { ROUTING_POLICIES_ROUTE } from './constants';
 import { RoutingPolicyBannerProps } from './types';
@@ -387,7 +388,7 @@ export function NotificationChannelsNotFoundContent({
 							style={{ padding: '0 4px' }}
 							type="link"
 							onClick={(): void => {
-								window.open(ROUTES.CHANNELS_NEW, '_blank');
+								openInNewTab(ROUTES.CHANNELS_NEW);
 							}}
 						>
 							here.

frontend/src/container/CustomDomainSettings/CustomDomainSettings.tsx

@@ -46,6 +46,7 @@ function DomainUpdateToast({
 					className="custom-domain-toast-visit-btn"
 					suffix={<ExternalLink size={12} />}
 					onClick={(): void => {
+						// oxlint-disable-next-line signoz/no-raw-absolute-path
 						window.open(url, '_blank', 'noopener,noreferrer');
 					}}
 				>
@@ -74,10 +75,8 @@ export default function CustomDomainSettings(): JSX.Element {
 	const [isPollingEnabled, setIsPollingEnabled] = useState(false);
 	const [hosts, setHosts] = useState<ZeustypesHostDTO[] | null>(null);
 
-	const [
-		updateDomainError,
-		setUpdateDomainError,
-	] = useState<AxiosError<RenderErrorResponseDTO> | null>(null);
+	const [updateDomainError, setUpdateDomainError] =
+		useState<AxiosError<RenderErrorResponseDTO> | null>(null);
 
 	const [customDomainSubdomain, setCustomDomainSubdomain] = useState<
 		string | undefined
@@ -90,10 +89,8 @@ export default function CustomDomainSettings(): JSX.Element {
 		refetch: refetchHosts,
 	} = useGetHosts();
 
-	const {
-		mutate: updateSubDomain,
-		isLoading: isLoadingUpdateCustomDomain,
-	} = usePutHost<AxiosError<RenderErrorResponseDTO>>();
+	const { mutate: updateSubDomain, isLoading: isLoadingUpdateCustomDomain } =
+		usePutHost<AxiosError<RenderErrorResponseDTO>>();
 
 	const stripProtocol = (url: string): string => url?.split('://')[1] ?? url;
 
@@ -137,7 +134,7 @@ export default function CustomDomainSettings(): JSX.Element {
 			{
 				onSuccess: () => {
 					setIsPollingEnabled(true);
-					refetchHosts();
+					void refetchHosts();
 					setIsEditModalOpen(false);
 					setCustomDomainSubdomain(subdomain);
 					const newUrl = `https://${subdomain}.${dnsSuffix}`;

frontend/src/container/DashboardContainer/DashboardSettings/PublicDashboard/index.tsx

@@ -15,6 +15,8 @@ import { useDashboardStore } from 'providers/Dashboard/store/useDashboardStore';
 import { PublicDashboardMetaProps } from 'types/api/dashboard/public/getMeta';
 import APIError from 'types/api/error';
 import { USER_ROLES } from 'types/roles';
+import { getAbsoluteUrl } from 'utils/basePath';
+import { openInNewTab } from 'utils/navigation';
 
 import './PublicDashboard.styles.scss';
 
@@ -212,7 +214,7 @@ function PublicDashboardSetting(): JSX.Element {
 
 		try {
 			setCopyPublicDashboardURL(
-				`${window.location.origin}${publicDashboardResponse?.data?.publicPath}`,
+				getAbsoluteUrl(publicDashboardResponse?.data?.publicPath ?? ''),
 			);
 			toast.success('Copied Public Dashboard URL successfully');
 		} catch (error) {
@@ -221,7 +223,7 @@ function PublicDashboardSetting(): JSX.Element {
 	};
 
 	const publicDashboardURL = useMemo(
-		() => `${window.location.origin}${publicDashboardResponse?.data?.publicPath}`,
+		() => getAbsoluteUrl(publicDashboardResponse?.data?.publicPath ?? ''),
 		[publicDashboardResponse],
 	);
 
@@ -294,7 +296,7 @@ function PublicDashboardSetting(): JSX.Element {
 								icon={<ExternalLink size={12} />}
 								onClick={(): void => {
 									if (publicDashboardURL) {
-										window.open(publicDashboardURL, '_blank');
+										openInNewTab(publicDashboardURL);
 									}
 								}}
 							/>

frontend/src/container/DashboardContainer/components/DashboardHeader/DashboardBreadcrumbs.tsx

@@ -1,5 +1,6 @@
 import { useCallback, useRef } from 'react';
 import { Button } from 'antd';
+import getSessionStorageApi from 'api/browser/sessionstorage/get';
 import ROUTES from 'constants/routes';
 import { DASHBOARDS_LIST_QUERY_PARAMS_STORAGE_KEY } from 'hooks/dashboard/useDashboardsListQueryParams';
 import { useSafeNavigate } from 'hooks/useSafeNavigate';
@@ -26,7 +27,7 @@ function DashboardBreadcrumbs(): JSX.Element {
 	const { title = '', image = Base64Icons[0] } = selectedData || {};
 
 	const goToListPage = useCallback(() => {
-		const dashboardsListQueryParamsString = sessionStorage.getItem(
+		const dashboardsListQueryParamsString = getSessionStorageApi(
 			DASHBOARDS_LIST_QUERY_PARAMS_STORAGE_KEY,
 		);
 

frontend/src/container/DashboardContainer/visualization/panels/utils/legendVisibilityUtils.ts

@@ -1,3 +1,6 @@
+import getLocalStorageKey from 'api/browser/localstorage/get';
+import removeLocalStorageKey from 'api/browser/localstorage/remove';
+import setLocalStorageKey from 'api/browser/localstorage/set';
 import { LOCALSTORAGE } from 'constants/localStorage';
 
 import { GraphVisibilityState, SeriesVisibilityItem } from '../types';
@@ -12,7 +15,7 @@ export function getStoredSeriesVisibility(
 	widgetId: string,
 ): SeriesVisibilityItem[] | null {
 	try {
-		const storedData = localStorage.getItem(LOCALSTORAGE.GRAPH_VISIBILITY_STATES);
+		const storedData = getLocalStorageKey(LOCALSTORAGE.GRAPH_VISIBILITY_STATES);
 
 		if (!storedData) {
 			return null;
@@ -29,7 +32,7 @@ export function getStoredSeriesVisibility(
 	} catch (error) {
 		if (error instanceof SyntaxError) {
 			// If the stored data is malformed, remove it
-			localStorage.removeItem(LOCALSTORAGE.GRAPH_VISIBILITY_STATES);
+			removeLocalStorageKey(LOCALSTORAGE.GRAPH_VISIBILITY_STATES);
 		}
 		// Silently handle parsing errors - fall back to default visibility
 		return null;
@@ -42,7 +45,7 @@ export function updateSeriesVisibilityToLocalStorage(
 ): void {
 	let visibilityStates: GraphVisibilityState[] = [];
 	try {
-		const storedData = localStorage.getItem(LOCALSTORAGE.GRAPH_VISIBILITY_STATES);
+		const storedData = getLocalStorageKey(LOCALSTORAGE.GRAPH_VISIBILITY_STATES);
 		visibilityStates = JSON.parse(storedData || '[]');
 	} catch (error) {
 		if (error instanceof SyntaxError) {
@@ -63,7 +66,7 @@ export function updateSeriesVisibilityToLocalStorage(
 		];
 	}
 
-	localStorage.setItem(
+	setLocalStorageKey(
 		LOCALSTORAGE.GRAPH_VISIBILITY_STATES,
 		JSON.stringify(visibilityStates),
 	);

frontend/src/container/ExplorerOptions/ExplorerOptions.tsx

@@ -22,6 +22,8 @@ import {
 	Tooltip,
 	Typography,
 } from 'antd';
+import getLocalStorageKey from 'api/browser/localstorage/get';
+import setLocalStorageKey from 'api/browser/localstorage/set';
 import logEvent from 'api/common/logEvent';
 import { TelemetryFieldKey } from 'api/v5/v5';
 import axios from 'axios';
@@ -472,7 +474,7 @@ function ExplorerOptions({
 		value: string;
 	}): void => {
 		// Retrieve stored views from local storage
-		const storedViews = localStorage.getItem(PRESERVED_VIEW_LOCAL_STORAGE_KEY);
+		const storedViews = getLocalStorageKey(PRESERVED_VIEW_LOCAL_STORAGE_KEY);
 
 		// Initialize or parse the stored views
 		const updatedViews: PreservedViewsInLocalStorage = storedViews
@@ -486,7 +488,7 @@ function ExplorerOptions({
 		};
 
 		// Save the updated views back to local storage
-		localStorage.setItem(
+		setLocalStorageKey(
 			PRESERVED_VIEW_LOCAL_STORAGE_KEY,
 			JSON.stringify(updatedViews),
 		);
@@ -537,7 +539,7 @@ function ExplorerOptions({
 
 	const removeCurrentViewFromLocalStorage = (): void => {
 		// Retrieve stored views from local storage
-		const storedViews = localStorage.getItem(PRESERVED_VIEW_LOCAL_STORAGE_KEY);
+		const storedViews = getLocalStorageKey(PRESERVED_VIEW_LOCAL_STORAGE_KEY);
 
 		if (storedViews) {
 			// Parse the stored views
@@ -547,7 +549,7 @@ function ExplorerOptions({
 			delete parsedViews[PRESERVED_VIEW_TYPE];
 
 			// Update local storage with the modified views
-			localStorage.setItem(
+			setLocalStorageKey(
 				PRESERVED_VIEW_LOCAL_STORAGE_KEY,
 				JSON.stringify(parsedViews),
 			);
@@ -672,7 +674,7 @@ function ExplorerOptions({
 		}
 
 		const parsedPreservedView = JSON.parse(
-			localStorage.getItem(PRESERVED_VIEW_LOCAL_STORAGE_KEY) || '{}',
+			getLocalStorageKey(PRESERVED_VIEW_LOCAL_STORAGE_KEY) || '{}',
 		);
 
 		const preservedView = parsedPreservedView[PRESERVED_VIEW_TYPE] || {};

frontend/src/container/ExplorerOptions/utils.ts

@@ -1,4 +1,6 @@
 import { Color } from '@signozhq/design-tokens';
+import getLocalStorageKey from 'api/browser/localstorage/get';
+import setLocalStorageKey from 'api/browser/localstorage/set';
 import { showErrorNotification } from 'components/ExplorerCard/utils';
 import { LOCALSTORAGE } from 'constants/localStorage';
 import { QueryParams } from 'constants/query';
@@ -71,7 +73,7 @@ export const generateRGBAFromHex = (hex: string, opacity: number): string =>
 
 export const getExplorerToolBarVisibility = (dataSource: string): boolean => {
 	try {
-		const showExplorerToolbar = localStorage.getItem(
+		const showExplorerToolbar = getLocalStorageKey(
 			LOCALSTORAGE.SHOW_EXPLORER_TOOLBAR,
 		);
 		if (showExplorerToolbar === null) {
@@ -84,7 +86,7 @@ export const getExplorerToolBarVisibility = (dataSource: string): boolean => {
 				[DataSource.TRACES]: true,
 				[DataSource.LOGS]: true,
 			};
-			localStorage.setItem(
+			setLocalStorageKey(
 				LOCALSTORAGE.SHOW_EXPLORER_TOOLBAR,
 				JSON.stringify(parsedShowExplorerToolbar),
 			);
@@ -103,13 +105,13 @@ export const setExplorerToolBarVisibility = (
 	dataSource: string,
 ): void => {
 	try {
-		const showExplorerToolbar = localStorage.getItem(
+		const showExplorerToolbar = getLocalStorageKey(
 			LOCALSTORAGE.SHOW_EXPLORER_TOOLBAR,
 		);
 		if (showExplorerToolbar) {
 			const parsedShowExplorerToolbar = JSON.parse(showExplorerToolbar);
 			parsedShowExplorerToolbar[dataSource] = value;
-			localStorage.setItem(
+			setLocalStorageKey(
 				LOCALSTORAGE.SHOW_EXPLORER_TOOLBAR,
 				JSON.stringify(parsedShowExplorerToolbar),
 			);

frontend/src/container/ForgotPassword/index.tsx

@@ -9,6 +9,7 @@ import ROUTES from 'constants/routes';
 import history from 'lib/history';
 import APIError from 'types/api/error';
 import { OrgSessionContext } from 'types/api/v2/sessions/context/get';
+import { getBaseUrl } from 'utils/basePath';
 
 import tvUrl from '@/assets/svgs/tv.svg';
 
@@ -104,7 +105,7 @@ function ForgotPassword({
 			data: {
 				email: values.email,
 				orgId: currentOrgId,
-				frontendBaseURL: window.location.origin,
+				frontendBaseURL: getBaseUrl(),
 			},
 		});
 	}, [form, forgotPasswordMutate, initialOrgId, hasMultipleOrgs]);

frontend/src/container/FormAlertRules/BasicInfo.tsx

@@ -15,6 +15,7 @@ import { AlertDef, Labels } from 'types/api/alerts/def';
 import { Channels } from 'types/api/channels/getAll';
 import APIError from 'types/api/error';
 import { requireErrorMessage } from 'utils/form/requireErrorMessage';
+import { openInNewTab } from 'utils/navigation';
 import { popupContainer } from 'utils/selectPopupContainer';
 
 import ChannelSelect from './ChannelSelect';
@@ -87,7 +88,7 @@ function BasicInfo({
 			dataSource: ALERTS_DATA_SOURCE_MAP[alertDef?.alertType as AlertTypes],
 			ruleId: isNewRule ? 0 : alertDef?.id,
 		});
-		window.open(ROUTES.CHANNELS_NEW, '_blank');
+		openInNewTab(ROUTES.CHANNELS_NEW);
 		// eslint-disable-next-line react-hooks/exhaustive-deps
 	}, []);
 	const hasLoggedEvent = useRef(false);

frontend/src/container/FormAlertRules/index.tsx

@@ -55,6 +55,7 @@ import { DataSource } from 'types/common/queryBuilder';
 import { GlobalReducer } from 'types/reducer/globalTime';
 import { isModifierKeyPressed } from 'utils/app';
 import { compositeQueryToQueryEnvelope } from 'utils/compositeQueryToQueryEnvelope';
+import { openInNewTab } from 'utils/navigation';
 
 import BasicInfo from './BasicInfo';
 import ChartPreview from './ChartPreview';
@@ -777,7 +778,7 @@ function FormAlertRules({
 				queryType: currentQuery.queryType,
 				link: url,
 			});
-			window.open(url, '_blank');
+			openInNewTab(url);
 		}
 	}
 

frontend/src/container/GridCardLayout/GridCard/FullView/utils.ts

@@ -1,3 +1,5 @@
+import getLocalStorageKey from 'api/browser/localstorage/get';
+import setLocalStorageKey from 'api/browser/localstorage/set';
 import { LOCALSTORAGE } from 'constants/localStorage';
 import getLabelName from 'lib/getLabelName';
 import { QueryData } from 'types/api/widgets/getQuery';
@@ -100,7 +102,7 @@ export const saveLegendEntriesToLocalStorage = ({
 
 	try {
 		existingEntries = JSON.parse(
-			localStorage.getItem(LOCALSTORAGE.GRAPH_VISIBILITY_STATES) || '[]',
+			getLocalStorageKey(LOCALSTORAGE.GRAPH_VISIBILITY_STATES) || '[]',
 		);
 	} catch (error) {
 		console.error('Error parsing LEGEND_GRAPH from local storage', error);
@@ -115,7 +117,7 @@ export const saveLegendEntriesToLocalStorage = ({
 	}
 
 	try {
-		localStorage.setItem(
+		setLocalStorageKey(
 			LOCALSTORAGE.GRAPH_VISIBILITY_STATES,
 			JSON.stringify(existingEntries),
 		);

frontend/src/container/GridCardLayout/GridCard/utils.ts

@@ -1,5 +1,6 @@
 /* eslint-disable sonarjs/cognitive-complexity */
 import type { NotificationInstance } from 'antd/es/notification/interface';
+import getLocalStorageKey from 'api/browser/localstorage/get';
 import { NavigateToExplorerProps } from 'components/CeleryTask/useNavigateToExplorer';
 import { LOCALSTORAGE } from 'constants/localStorage';
 import { PANEL_TYPES } from 'constants/queryBuilder';
@@ -44,8 +45,8 @@ export const getLocalStorageGraphVisibilityState = ({
 		],
 	};
 
-	if (localStorage.getItem(LOCALSTORAGE.GRAPH_VISIBILITY_STATES) !== null) {
-		const legendGraphFromLocalStore = localStorage.getItem(
+	if (getLocalStorageKey(LOCALSTORAGE.GRAPH_VISIBILITY_STATES) !== null) {
+		const legendGraphFromLocalStore = getLocalStorageKey(
 			LOCALSTORAGE.GRAPH_VISIBILITY_STATES,
 		);
 		let legendFromLocalStore: {
@@ -94,8 +95,8 @@ export const getGraphVisibilityStateOnDataChange = ({
 		graphVisibilityStates: Array(options.series.length).fill(true),
 		legendEntry: showAllDataSet(options),
 	};
-	if (localStorage.getItem(LOCALSTORAGE.GRAPH_VISIBILITY_STATES) !== null) {
-		const legendGraphFromLocalStore = localStorage.getItem(
+	if (getLocalStorageKey(LOCALSTORAGE.GRAPH_VISIBILITY_STATES) !== null) {
+		const legendGraphFromLocalStore = getLocalStorageKey(
 			LOCALSTORAGE.GRAPH_VISIBILITY_STATES,
 		);
 		let legendFromLocalStore: {

frontend/src/container/Home/Dashboards/Dashboards.tsx

@@ -10,6 +10,7 @@ import Card from 'periscope/components/Card/Card';
 import { useAppContext } from 'providers/App/App';
 import { Dashboard } from 'types/api/dashboard/getAll';
 import { USER_ROLES } from 'types/roles';
+import { openInNewTab } from 'utils/navigation';
 
 import dialsUrl from '@/assets/Icons/dials.svg';
 
@@ -114,7 +115,7 @@ export default function Dashboards({
 							dashboardName: dashboard.data.title,
 						});
 						if (event.metaKey || event.ctrlKey) {
-							window.open(getLink(), '_blank');
+							openInNewTab(getLink());
 						} else {
 							safeNavigate(getLink());
 						}

frontend/src/container/Home/DataSourceInfo/DataSourceInfo.tsx

@@ -9,6 +9,7 @@ import { Link2 } from 'lucide-react';
 import Card from 'periscope/components/Card/Card';
 import { useAppContext } from 'providers/App/App';
 import { LicensePlatform } from 'types/api/licensesV3/getActive';
+import { openInNewTab } from 'utils/navigation';
 
 import containerPlusUrl from '@/assets/Icons/container-plus.svg';
 import helloWaveUrl from '@/assets/Icons/hello-wave.svg';
@@ -51,7 +52,7 @@ function DataSourceInfo({
 		if (activeLicense && activeLicense.platform === LicensePlatform.CLOUD) {
 			history.push(ROUTES.GET_STARTED_WITH_CLOUD);
 		} else {
-			window?.open(DOCS_LINKS.ADD_DATA_SOURCE, '_blank', 'noopener noreferrer');
+			openInNewTab(DOCS_LINKS.ADD_DATA_SOURCE);
 		}
 	};
 

frontend/src/container/Home/HomeChecklist/HomeChecklist.tsx

@@ -8,6 +8,7 @@ import { ArrowRight, ArrowRightToLine, BookOpenText } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
 import { LicensePlatform } from 'types/api/licensesV3/getActive';
 import { USER_ROLES } from 'types/roles';
+import { openInNewTab } from 'utils/navigation';
 
 import './HomeChecklist.styles.scss';
 
@@ -99,11 +100,7 @@ function HomeChecklist({
 														) {
 															history.push(item.toRoute || '');
 														} else {
-															window?.open(
-																item.docsLink || '',
-																'_blank',
-																'noopener noreferrer',
-															);
+															openInNewTab(item.docsLink || '');
 														}
 													}}
 												>
@@ -119,7 +116,7 @@ function HomeChecklist({
 																step: item.id,
 															});
 
-															window?.open(item.docsLink, '_blank', 'noopener noreferrer');
+															openInNewTab(item.docsLink ?? '');
 														}}
 													>
 														<BookOpenText size={16} />

frontend/src/container/Home/Services/ServiceMetrics.tsx

@@ -31,6 +31,7 @@ import { GlobalReducer } from 'types/reducer/globalTime';
 import { Tags } from 'types/reducer/trace';
 import { USER_ROLES } from 'types/roles';
 import { isModifierKeyPressed } from 'utils/app';
+import { openInNewTab } from 'utils/navigation';
 
 import triangleRulerUrl from '@/assets/Icons/triangle-ruler.svg';
 
@@ -79,11 +80,7 @@ const EmptyState = memo(
 								) {
 									history.push(ROUTES.GET_STARTED_WITH_CLOUD);
 								} else {
-									window?.open(
-										DOCS_LINKS.ADD_DATA_SOURCE,
-										'_blank',
-										'noopener noreferrer',
-									);
+									openInNewTab(DOCS_LINKS.ADD_DATA_SOURCE);
 								}
 							}}
 						>

frontend/src/container/Home/Services/ServiceTraces.tsx

@@ -17,6 +17,7 @@ import { ServicesList } from 'types/api/metrics/getService';
 import { GlobalReducer } from 'types/reducer/globalTime';
 import { USER_ROLES } from 'types/roles';
 import { isModifierKeyPressed } from 'utils/app';
+import { openInNewTab } from 'utils/navigation';
 
 import triangleRulerUrl from '@/assets/Icons/triangle-ruler.svg';
 
@@ -133,11 +134,7 @@ export default function ServiceTraces({
 									) {
 										history.push(ROUTES.GET_STARTED_WITH_CLOUD);
 									} else {
-										window?.open(
-											DOCS_LINKS.ADD_DATA_SOURCE,
-											'_blank',
-											'noopener noreferrer',
-										);
+										openInNewTab(DOCS_LINKS.ADD_DATA_SOURCE);
 									}
 								}}
 							>

frontend/src/container/InfraMonitoringK8s/Base/K8sBaseDetails.tsx

@@ -51,6 +51,7 @@ import {
 	LogsAggregatorOperator,
 	TracesAggregatorOperator,
 } from 'types/common/queryBuilder';
+import { openInNewTab } from 'utils/navigation';
 import { v4 as uuidv4 } from 'uuid';
 
 import { filterDuplicateFilters } from '../commonUtils';
@@ -569,10 +570,7 @@ function K8sBaseDetails<T>({
 
 			urlQuery.set('compositeQuery', JSON.stringify(compositeQuery));
 
-			window.open(
-				`${window.location.origin}${ROUTES.LOGS_EXPLORER}?${urlQuery.toString()}`,
-				'_blank',
-			);
+			openInNewTab(`${ROUTES.LOGS_EXPLORER}?${urlQuery.toString()}`);
 		} else if (selectedView === VIEW_TYPES.TRACES) {
 			const compositeQuery = {
 				...initialQueryState,
@@ -591,10 +589,7 @@ function K8sBaseDetails<T>({
 
 			urlQuery.set('compositeQuery', JSON.stringify(compositeQuery));
 
-			window.open(
-				`${window.location.origin}${ROUTES.TRACES_EXPLORER}?${urlQuery.toString()}`,
-				'_blank',
-			);
+			openInNewTab(`${ROUTES.TRACES_EXPLORER}?${urlQuery.toString()}`);
 		}
 	};
 

frontend/src/container/Integrations/CloudIntegration/AmazonWebServices/ServiceDashboards/ServiceDashboards.tsx

@@ -4,6 +4,7 @@ import {
 	CloudintegrationtypesServiceDTO,
 } from 'api/generated/services/sigNoz.schemas';
 import { useSafeNavigate } from 'hooks/useSafeNavigate';
+import { withBasePath } from 'utils/basePath';
 
 import './ServiceDashboards.styles.scss';
 
@@ -44,7 +45,11 @@ function ServiceDashboards({
 									return;
 								}
 								if (event.metaKey || event.ctrlKey) {
-									window.open(dashboardUrl, '_blank', 'noopener,noreferrer');
+									window.open(
+										withBasePath(dashboardUrl),
+										'_blank',
+										'noopener,noreferrer',
+									);
 									return;
 								}
 								safeNavigate(dashboardUrl);
@@ -54,7 +59,11 @@ function ServiceDashboards({
 									return;
 								}
 								if (event.button === 1) {
-									window.open(dashboardUrl, '_blank', 'noopener,noreferrer');
+									window.open(
+										withBasePath(dashboardUrl),
+										'_blank',
+										'noopener,noreferrer',
+									);
 								}
 							}}
 							onKeyDown={(event): void => {

frontend/src/container/ListAlertRules/AlertsEmptyState/AlertInfoCard.tsx

@@ -1,5 +1,6 @@
 import { ArrowRightOutlined } from '@ant-design/icons';
 import { Typography } from 'antd';
+import { openInNewTab } from 'utils/navigation';
 
 interface AlertInfoCardProps {
 	header: string;
@@ -19,7 +20,7 @@ function AlertInfoCard({
 			className="alert-info-card"
 			onClick={(): void => {
 				onClick();
-				window.open(link, '_blank');
+				openInNewTab(link);
 			}}
 		>
 			<div className="alert-card-text">

frontend/src/container/ListAlertRules/AlertsEmptyState/InfoLinkText.tsx

@@ -1,5 +1,6 @@
 import { ArrowRightOutlined, PlayCircleFilled } from '@ant-design/icons';
 import { Flex, Typography } from 'antd';
+import { openInNewTab } from 'utils/navigation';
 
 interface InfoLinkTextProps {
 	infoText: string;
@@ -20,7 +21,7 @@ function InfoLinkText({
 		<Flex
 			onClick={(): void => {
 				onClick();
-				window.open(link, '_blank');
+				openInNewTab(link);
 			}}
 			className="info-link-container"
 		>

frontend/src/container/ListOfDashboard/DashboardsList.tsx

@@ -28,6 +28,8 @@ import {
 	Typography,
 } from 'antd';
 import type { TableProps } from 'antd/lib';
+import getLocalStorageKey from 'api/browser/localstorage/get';
+import setLocalStorageKey from 'api/browser/localstorage/set';
 import logEvent from 'api/common/logEvent';
 import createDashboard from 'api/v1/dashboards/create';
 import { AxiosError } from 'axios';
@@ -83,6 +85,8 @@ import {
 } from 'types/api/dashboard/getAll';
 import APIError from 'types/api/error';
 import { isModifierKeyPressed } from 'utils/app';
+import { getAbsoluteUrl } from 'utils/basePath';
+import { openInNewTab } from 'utils/navigation';
 
 import awwSnapUrl from '@/assets/Icons/awwSnap.svg';
 import dashboardsUrl from '@/assets/Icons/dashboards.svg';
@@ -145,7 +149,7 @@ function DashboardsList(): JSX.Element {
 	);
 
 	const getLocalStorageDynamicColumns = (): DashboardDynamicColumns => {
-		const dashboardDynamicColumnsString = localStorage.getItem('dashboard');
+		const dashboardDynamicColumnsString = getLocalStorageKey('dashboard');
 		let dashboardDynamicColumns: DashboardDynamicColumns = {
 			createdAt: true,
 			createdBy: true,
@@ -159,7 +163,7 @@ function DashboardsList(): JSX.Element {
 				);
 
 				if (isEmpty(tempDashboardDynamicColumns)) {
-					localStorage.setItem('dashboard', JSON.stringify(dashboardDynamicColumns));
+					setLocalStorageKey('dashboard', JSON.stringify(dashboardDynamicColumns));
 				} else {
 					dashboardDynamicColumns = { ...tempDashboardDynamicColumns };
 				}
@@ -167,7 +171,7 @@ function DashboardsList(): JSX.Element {
 				console.error(error);
 			}
 		} else {
-			localStorage.setItem('dashboard', JSON.stringify(dashboardDynamicColumns));
+			setLocalStorageKey('dashboard', JSON.stringify(dashboardDynamicColumns));
 		}
 
 		return dashboardDynamicColumns;
@@ -181,7 +185,7 @@ function DashboardsList(): JSX.Element {
 		visibleColumns: DashboardDynamicColumns,
 	): void {
 		try {
-			localStorage.setItem('dashboard', JSON.stringify(visibleColumns));
+			setLocalStorageKey('dashboard', JSON.stringify(visibleColumns));
 		} catch (error) {
 			console.error(error);
 		}
@@ -457,7 +461,7 @@ function DashboardsList(): JSX.Element {
 													onClick={(e): void => {
 														e.stopPropagation();
 														e.preventDefault();
-														window.open(getLink(), '_blank');
+														openInNewTab(getLink());
 													}}
 												>
 													Open in New Tab
@@ -469,7 +473,7 @@ function DashboardsList(): JSX.Element {
 													onClick={(e): void => {
 														e.stopPropagation();
 														e.preventDefault();
-														setCopy(`${window.location.origin}${getLink()}`);
+														setCopy(getAbsoluteUrl(getLink()));
 													}}
 												>
 													Copy Link

frontend/src/container/ListOfDashboard/TableComponents/Name.tsx

@@ -1,6 +1,7 @@
 import { LockFilled } from '@ant-design/icons';
 import ROUTES from 'constants/routes';
 import history from 'lib/history';
+import { openInNewTab } from 'utils/navigation';
 
 import { Data } from '../DashboardsList';
 import { TableLinkText } from './styles';
@@ -12,7 +13,7 @@ function Name(name: Data['name'], data: Data): JSX.Element {
 
 	const onClickHandler = (event: React.MouseEvent<HTMLElement>): void => {
 		if (event.metaKey || event.ctrlKey) {
-			window.open(getLink(), '_blank');
+			openInNewTab(getLink());
 		} else {
 			history.push(getLink());
 		}

frontend/src/container/LogDetailedView/ContextView/ContextLogRenderer.tsx

@@ -17,6 +17,7 @@ import useUrlQuery from 'hooks/useUrlQuery';
 import { ILog } from 'types/api/logs/log';
 import { Query, TagFilter } from 'types/api/queryBuilder/queryBuilderData';
 import { DataSource, StringOperators } from 'types/common/queryBuilder';
+import { withBasePath } from 'utils/basePath';
 
 import { useContextLogData } from './useContextLogData';
 
@@ -116,7 +117,7 @@ function ContextLogRenderer({
 			);
 
 			const link = `${ROUTES.LOGS_EXPLORER}?${urlQuery.toString()}`;
-			window.open(link, '_blank', 'noopener,noreferrer');
+			window.open(withBasePath(link), '_blank', 'noopener,noreferrer');
 		},
 		[query, urlQuery],
 	);

frontend/src/container/LogDetailedView/TableView.tsx

@@ -34,6 +34,7 @@ import { SET_DETAILED_LOG_DATA } from 'types/actions/logs';
 import { IField } from 'types/api/logs/fields';
 import { ILog } from 'types/api/logs/log';
 import { DataTypes } from 'types/api/queryBuilder/queryAutocompleteResponse';
+import { openInNewTab } from 'utils/navigation';
 
 import { ActionItemProps } from './ActionItem';
 import FieldRenderer from './FieldRenderer';
@@ -191,7 +192,7 @@ function TableView({
 
 			if (event.ctrlKey || event.metaKey) {
 				// open the trace in new tab
-				window.open(route, '_blank');
+				openInNewTab(route);
 			} else {
 				history.push(route);
 			}

frontend/src/container/Login/index.tsx

@@ -60,10 +60,8 @@ function Login(): JSX.Element {
 	const [sessionsContext, setSessionsContext] = useState<SessionsContext>();
 	const [isSubmitting, setIsSubmitting] = useState<boolean>(false);
 	const [sessionsOrgId, setSessionsOrgId] = useState<string>('');
-	const [
-		sessionsContextLoading,
-		setIsLoadingSessionsContext,
-	] = useState<boolean>(false);
+	const [sessionsContextLoading, setIsLoadingSessionsContext] =
+		useState<boolean>(false);
 	const [form] = Form.useForm<FormValues>();
 	const [errorMessage, setErrorMessage] = useState<APIError>();
 
@@ -213,6 +211,7 @@ function Login(): JSX.Element {
 			if (isCallbackAuthN) {
 				const url = form.getFieldValue('url');
 
+				// oxlint-disable-next-line signoz/no-raw-absolute-path
 				window.location.href = url;
 			}
 		} catch (error) {
@@ -328,7 +327,6 @@ function Login(): JSX.Element {
 								data-testid="email"
 								required
 								placeholder="e.g. john@signoz.io"
-								autoFocus
 								disabled={versionLoading}
 								className="login-form-input"
 								onPressEnter={onNextHandler}

frontend/src/container/LogsExplorerList/TanStackTableView/index.tsx

@@ -34,6 +34,7 @@ import ROUTES from 'constants/routes';
 import { useActiveLog } from 'hooks/logs/useActiveLog';
 import { useIsDarkMode } from 'hooks/useDarkMode';
 import useDragColumns from 'hooks/useDragColumns';
+import { getAbsoluteUrl } from 'utils/basePath';
 
 import { infinityDefaultStyles } from '../InfinityTableView/config';
 import { TanStackTableStyled } from '../InfinityTableView/styles';
@@ -239,7 +240,7 @@ const TanStackTableView = forwardRef<TableVirtuosoHandle, InfinityTableProps>(
 				urlQuery.delete(QueryParams.activeLogId);
 				urlQuery.delete(QueryParams.relativeTime);
 				urlQuery.set(QueryParams.activeLogId, `"${logId}"`);
-				const link = `${window.location.origin}${pathname}?${urlQuery.toString()}`;
+				const link = getAbsoluteUrl(`${pathname}?${urlQuery.toString()}`);
 
 				setCopy(link);
 				toast.success('Copied to clipboard', { position: 'top-right' });

frontend/src/container/MetricsApplication/utils.ts

@@ -1,5 +1,6 @@
 import { QueryParams } from 'constants/query';
 import ROUTES from 'constants/routes';
+import { withBasePath } from 'utils/basePath';
 
 import { TopOperationList } from './TopOperationsTable';
 import { NavigateToTraceProps } from './types';
@@ -37,7 +38,7 @@ export const navigateToTrace = ({
 	}=${JSONCompositeQuery}`;
 
 	if (openInNewTab) {
-		window.open(newTraceExplorerPath, '_blank');
+		window.open(withBasePath(newTraceExplorerPath), '_blank');
 	} else {
 		safeNavigate(newTraceExplorerPath);
 	}

frontend/src/container/MetricsExplorer/MetricDetails/DashboardsAndAlertsPopover.tsx

@@ -9,6 +9,7 @@ import {
 import { QueryParams } from 'constants/query';
 import ROUTES from 'constants/routes';
 import { Bell, Grid } from 'lucide-react';
+import { openInNewTab } from 'utils/navigation';
 import { pluralize } from 'utils/pluralize';
 
 import { DashboardsAndAlertsPopoverProps } from './types';
@@ -67,9 +68,8 @@ function DashboardsAndAlertsPopover({
 					<Typography.Link
 						key={alert.alertId}
 						onClick={(): void => {
-							window.open(
+							openInNewTab(
 								`${ROUTES.ALERT_OVERVIEW}?${QueryParams.ruleId}=${alert.alertId}`,
-								'_blank',
 							);
 						}}
 						className="dashboards-popover-content-item"
@@ -90,11 +90,10 @@ function DashboardsAndAlertsPopover({
 					<Typography.Link
 						key={dashboard.dashboardId}
 						onClick={(): void => {
-							window.open(
+							openInNewTab(
 								generatePath(ROUTES.DASHBOARD, {
 									dashboardId: dashboard.dashboardId,
 								}),
-								'_blank',
 							);
 						}}
 						className="dashboards-popover-content-item"

frontend/src/container/NewWidget/RightContainer/ContextLinks/UpdateContextLinks.tsx

@@ -18,6 +18,7 @@ import {
 import useContextVariables from 'hooks/dashboard/useContextVariables';
 import { Plus, Trash2 } from 'lucide-react';
 import { ContextLinkProps, Widgets } from 'types/api/dashboard/getAll';
+import { getBaseUrl } from 'utils/basePath';
 
 import VariablesDropdown from './VariablesDropdown';
 
@@ -84,7 +85,7 @@ function UpdateContextLinks({
 	);
 
 	// Function to get current domain
-	const getCurrentDomain = (): string => window.location.origin;
+	const getCurrentDomain = (): string => getBaseUrl();
 
 	// Function to handle variable selection from dropdown
 	const handleVariableSelect = (