feat: delete dashboard v2 API (#11299)

* feat: delete dashboard v2 API

* fix: fix post merge build and spec errors

.github/workflows/integrationci.yaml

@@ -52,6 +52,7 @@ jobs:
           - rootuser
           - serviceaccount
           - querier_json_body
+          - querier_skip_resource_fingerprint
           - ttl
         sqlstore-provider:
           - postgres

docs/api/openapi.yml

@@ -2645,6 +2645,42 @@ components:
         legend:
           $ref: '#/components/schemas/DashboardtypesLegend'
       type: object
+    DashboardtypesJSONPatchDocument:
+      items:
+        $ref: '#/components/schemas/DashboardtypesJSONPatchOperation'
+      nullable: true
+      type: array
+    DashboardtypesJSONPatchOperation:
+      properties:
+        from:
+          description: Source JSON Pointer for move/copy ops; ignored for other ops.
+          type: string
+        op:
+          enum:
+          - add
+          - remove
+          - replace
+          - move
+          - copy
+          - test
+          type: string
+        path:
+          description: JSON Pointer (RFC 6901) into the dashboard's postable shape
+            — e.g. /spec/display/name, /spec/panels/<id>, /spec/panels/<id>/spec/queries/0,
+            /tags/-.
+          type: string
+        value:
+          description: 'Value to add/replace/test against. The expected type depends
+            on the path. Common shapes (see referenced schemas for the exact field
+            set): /spec/panels/<id> takes a DashboardtypesPanel; /spec/panels/<id>/spec/queries/N
+            (or /-) takes a DashboardtypesQuery; /spec/variables/N takes a DashboardtypesVariable;
+            /spec/layouts/N takes a DashboardtypesLayout; /tags/N (or /-) takes a
+            TagtypesPostableTag; /spec/display/name and other leaf string fields take
+            a string. Required for add/replace/test; ignored for remove/move/copy.'
+      required:
+      - op
+      - path
+      type: object
     DashboardtypesLayout:
       oneOf:
       - $ref: '#/components/schemas/DashboardtypesLayoutEnvelopeGithubComPersesPersesPkgModelApiV1DashboardGridLayoutSpec'
@@ -2716,6 +2752,67 @@ components:
           nullable: true
           type: string
       type: object
+    DashboardtypesListableDashboardV2:
+      properties:
+        dashboards:
+          items:
+            $ref: '#/components/schemas/DashboardtypesListedDashboardV2'
+          type: array
+        total:
+          format: int64
+          type: integer
+      required:
+      - dashboards
+      - total
+      type: object
+    DashboardtypesListedDashboardV2:
+      properties:
+        createdAt:
+          format: date-time
+          type: string
+        createdBy:
+          type: string
+        id:
+          type: string
+        locked:
+          type: boolean
+        name:
+          type: string
+        orgId:
+          type: string
+        pinned:
+          type: boolean
+        schemaVersion:
+          type: string
+        source:
+          $ref: '#/components/schemas/DashboardtypesSource'
+        spec:
+          $ref: '#/components/schemas/DashboardtypesListedDashboardV2Spec'
+        tags:
+          items:
+            $ref: '#/components/schemas/TagtypesPostableTag'
+          type: array
+        updatedAt:
+          format: date-time
+          type: string
+        updatedBy:
+          type: string
+      required:
+      - id
+      - orgId
+      - locked
+      - source
+      - schemaVersion
+      - name
+      - pinned
+      - tags
+      - spec
+      type: object
+    DashboardtypesListedDashboardV2Spec:
+      properties:
+        display:
+          $ref: '#/components/schemas/CommonDisplay'
+      type: object
     DashboardtypesNumberPanelSpec:
       properties:
         formatting:
@@ -12799,6 +12896,75 @@ paths:
       tags:
       - preferences
   /api/v2/dashboards:
+    get:
+      deprecated: false
+      description: Returns a page of v2-shape dashboards for the calling user's org.
+        Supports a filter DSL (`query`), sort (`updated_at`/`created_at`/`title`),
+        order (`asc`/`desc`), and offset-based pagination (`limit`/`offset`). Pinned
+        dashboards float to the top of each page.
+      operationId: ListDashboardsV2
+      parameters:
+      - in: query
+        name: query
+        schema:
+          type: string
+      - in: query
+        name: sort
+        schema:
+          type: string
+      - in: query
+        name: order
+        schema:
+          type: string
+      - in: query
+        name: limit
+        schema:
+          type: integer
+      - in: query
+        name: offset
+        schema:
+          type: integer
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/DashboardtypesListableDashboardV2'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: List dashboards (v2)
+      tags:
+      - dashboard
     post:
       deprecated: false
       description: This endpoint creates a dashboard in the v2 format that follows
@@ -12851,6 +13017,50 @@ paths:
       tags:
       - dashboard
   /api/v2/dashboards/{id}:
+    delete:
+      deprecated: false
+      description: This endpoint deletes a v2-shape dashboard along with its tag relations.
+        Locked dashboards are rejected.
+      operationId: DeleteDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - EDITOR
+      - tokenizer:
+        - EDITOR
+      summary: Delete dashboard (v2)
+      tags:
+      - dashboard
     get:
       deprecated: false
       description: This endpoint returns a v2-shape dashboard.
@@ -12902,6 +13112,302 @@ paths:
       summary: Get dashboard (v2)
       tags:
       - dashboard
+    patch:
+      deprecated: false
+      description: This endpoint applies an RFC 6902 JSON Patch to a v2-shape dashboard.
+        The patch is applied against the postable view of the dashboard (metadata,
+        data, tags), so individual panels, queries, variables, layouts, or tags can
+        be updated without re-sending the rest of the dashboard. Locked dashboards
+        are rejected.
+      operationId: PatchDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/DashboardtypesJSONPatchDocument'
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/DashboardtypesGettableDashboardV2'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - EDITOR
+      - tokenizer:
+        - EDITOR
+      summary: Patch dashboard (v2)
+      tags:
+      - dashboard
+    put:
+      deprecated: false
+      description: This endpoint updates a v2-shape dashboard's metadata, data, and
+        tag set. Locked dashboards are rejected.
+      operationId: UpdateDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/DashboardtypesPostableDashboardV2'
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/DashboardtypesGettableDashboardV2'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - EDITOR
+      - tokenizer:
+        - EDITOR
+      summary: Update dashboard (v2)
+      tags:
+      - dashboard
+  /api/v2/dashboards/{id}/lock:
+    delete:
+      deprecated: false
+      description: This endpoint unlocks a v2-shape dashboard. Only the dashboard's
+        creator or an org admin may lock or unlock.
+      operationId: UnlockDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - EDITOR
+      - tokenizer:
+        - EDITOR
+      summary: Unlock dashboard (v2)
+      tags:
+      - dashboard
+    put:
+      deprecated: false
+      description: This endpoint locks a v2-shape dashboard. Only the dashboard's
+        creator or an org admin may lock or unlock.
+      operationId: LockDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - EDITOR
+      - tokenizer:
+        - EDITOR
+      summary: Lock dashboard (v2)
+      tags:
+      - dashboard
+  /api/v2/dashboards/{id}/pins/me:
+    delete:
+      deprecated: false
+      description: Removes the pin for the calling user. Idempotent — unpinning a
+        dashboard that wasn't pinned still returns 204.
+      operationId: UnpinDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: Unpin a dashboard for the current user (v2)
+      tags:
+      - dashboard
+    put:
+      deprecated: false
+      description: Pins the dashboard for the calling user. A user can pin at most
+        10 dashboards; pinning when at the limit returns 409. Re-pinning an already-pinned
+        dashboard is a no-op success.
+      operationId: PinDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: Pin a dashboard for the current user (v2)
+      tags:
+      - dashboard
   /api/v2/factor_password/forgot:
     post:
       deprecated: false

ee/modules/dashboard/impldashboard/module.go

@@ -221,6 +221,39 @@ func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UU
 	return module.pkgDashboardModule.GetV2(ctx, orgID, id)
 }
 
+func (module *module) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.UpdateV2(ctx, orgID, id, updatedBy, updateable)
+}
+
+func (module *module) PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.PatchV2(ctx, orgID, id, updatedBy, patch)
+}
+
+func (module *module) DeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error {
+	return module.store.RunInTx(ctx, func(ctx context.Context) error {
+		if err := module.store.DeletePublic(ctx, id.String()); err != nil && !errors.Ast(err, errors.TypeNotFound) {
+			return err
+		}
+		return module.pkgDashboardModule.DeleteV2(ctx, orgID, id)
+	})
+}
+
+func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
+	return module.pkgDashboardModule.LockUnlockV2(ctx, orgID, id, updatedBy, isAdmin, lock)
+}
+
+func (module *module) ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *dashboardtypes.ListDashboardsV2Params) (*dashboardtypes.ListableDashboardV2, error) {
+	return module.pkgDashboardModule.ListV2(ctx, orgID, userID, params)
+}
+
+func (module *module) PinV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, id valuer.UUID) error {
+	return module.pkgDashboardModule.PinV2(ctx, orgID, userID, id)
+}
+
+func (module *module) UnpinV2(ctx context.Context, userID valuer.UUID, id valuer.UUID) error {
+	return module.pkgDashboardModule.UnpinV2(ctx, userID, id)
+}
+
 func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.Dashboard, error) {
 	return module.pkgDashboardModule.Get(ctx, orgID, id)
 }

ee/sqlstore/postgressqlstore/listfilter_test.go

@@ -0,0 +1,65 @@
+package postgressqlstore
+
+// Lives in this package (rather than the listfilter package) so it can use
+// the unexported newFormatter constructor without driving a real Postgres
+// connection. Covers the only listfilter cases whose emitted SQL differs
+// between SQLite and Postgres — the ones that go through JSONExtractString
+// (`name`, `description`). All other operators (=, !=, BETWEEN, LIKE, IN,
+// EXISTS, lower(...)) emit identical ANSI SQL on both dialects and are
+// covered by the SQLite tests in the listfilter package itself.
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/uptrace/bun/dialect/pgdialect"
+
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes/listfilter"
+)
+
+func TestListFilterCompile_Postgres(t *testing.T) {
+	f := newFormatter(pgdialect.New())
+
+	cases := []struct {
+		name     string
+		query    string
+		wantSQL  string
+		wantArgs []any
+	}{
+		{
+			name:     "name = uses Postgres -> / ->> chain",
+			query:    `name = 'overview'`,
+			wantSQL:  `"dashboard"."data"->'data'->'display'->>'name' = ?`,
+			wantArgs: []any{"overview"},
+		},
+		{
+			name:     "name CONTAINS — same JSON path, LIKE pattern",
+			query:    `name CONTAINS 'overview'`,
+			wantSQL:  `"dashboard"."data"->'data'->'display'->>'name' LIKE ?`,
+			wantArgs: []any{"%overview%"},
+		},
+		{
+			name:     "name ILIKE — LOWER wraps the JSON path",
+			query:    `name ILIKE 'Prod%'`,
+			wantSQL:  `lower("dashboard"."data"->'data'->'display'->>'name') LIKE LOWER(?)`,
+			wantArgs: []any{"Prod%"},
+		},
+		{
+			name:     "description = follows the same path shape",
+			query:    `description = 'd1'`,
+			wantSQL:  `"dashboard"."data"->'data'->'display'->>'description' = ?`,
+			wantArgs: []any{"d1"},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			out, err := listfilter.Compile(c.query, f)
+			require.NoError(t, err)
+			require.NotNil(t, out)
+			assert.Equal(t, c.wantSQL, out.SQL)
+			assert.Equal(t, c.wantArgs, out.Args)
+		})
+	}
+}

frontend/src/api/generated/services/dashboard/index.ts

@@ -21,9 +21,11 @@ import type {
 	CreateDashboardV2201,
 	CreatePublicDashboard201,
 	CreatePublicDashboardPathParameters,
+	DashboardtypesJSONPatchDocumentDTO,
 	DashboardtypesPostableDashboardV2DTO,
 	DashboardtypesPostablePublicDashboardDTO,
 	DashboardtypesUpdatablePublicDashboardDTO,
+	DeleteDashboardV2PathParameters,
 	DeletePublicDashboardPathParameters,
 	GetDashboardV2200,
 	GetDashboardV2PathParameters,
@@ -33,7 +35,17 @@ import type {
 	GetPublicDashboardPathParameters,
 	GetPublicDashboardWidgetQueryRange200,
 	GetPublicDashboardWidgetQueryRangePathParameters,
+	ListDashboardsV2200,
+	ListDashboardsV2Params,
+	LockDashboardV2PathParameters,
+	PatchDashboardV2200,
+	PatchDashboardV2PathParameters,
+	PinDashboardV2PathParameters,
 	RenderErrorResponseDTO,
+	UnlockDashboardV2PathParameters,
+	UnpinDashboardV2PathParameters,
+	UpdateDashboardV2200,
+	UpdateDashboardV2PathParameters,
 	UpdatePublicDashboardPathParameters,
 } from '../sigNoz.schemas';
 
@@ -633,6 +645,103 @@ export const invalidateGetPublicDashboardWidgetQueryRange = async (
 	return queryClient;
 };
 
+/**
+ * Returns a page of v2-shape dashboards for the calling user's org. Supports a filter DSL (`query`), sort (`updated_at`/`created_at`/`title`), order (`asc`/`desc`), and offset-based pagination (`limit`/`offset`). Pinned dashboards float to the top of each page.
+ * @summary List dashboards (v2)
+ */
+export const listDashboardsV2 = (
+	params?: ListDashboardsV2Params,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<ListDashboardsV2200>({
+		url: `/api/v2/dashboards`,
+		method: 'GET',
+		params,
+		signal,
+	});
+};
+
+export const getListDashboardsV2QueryKey = (
+	params?: ListDashboardsV2Params,
+) => {
+	return [`/api/v2/dashboards`, ...(params ? [params] : [])] as const;
+};
+
+export const getListDashboardsV2QueryOptions = <
+	TData = Awaited<ReturnType<typeof listDashboardsV2>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(
+	params?: ListDashboardsV2Params,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof listDashboardsV2>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getListDashboardsV2QueryKey(params);
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof listDashboardsV2>>> = ({
+		signal,
+	}) => listDashboardsV2(params, signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof listDashboardsV2>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type ListDashboardsV2QueryResult = NonNullable<
+	Awaited<ReturnType<typeof listDashboardsV2>>
+>;
+export type ListDashboardsV2QueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary List dashboards (v2)
+ */
+
+export function useListDashboardsV2<
+	TData = Awaited<ReturnType<typeof listDashboardsV2>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(
+	params?: ListDashboardsV2Params,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof listDashboardsV2>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getListDashboardsV2QueryOptions(params, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	return { ...query, queryKey: queryOptions.queryKey };
+}
+
+/**
+ * @summary List dashboards (v2)
+ */
+export const invalidateListDashboardsV2 = async (
+	queryClient: QueryClient,
+	params?: ListDashboardsV2Params,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getListDashboardsV2QueryKey(params) },
+		options,
+	);
+
+	return queryClient;
+};
+
 /**
  * This endpoint creates a dashboard in the v2 format that follows Perses spec.
  * @summary Create dashboard (v2)
@@ -716,6 +825,85 @@ export const useCreateDashboardV2 = <
 > => {
 	return useMutation(getCreateDashboardV2MutationOptions(options));
 };
+/**
+ * This endpoint deletes a v2-shape dashboard along with its tag relations. Locked dashboards are rejected.
+ * @summary Delete dashboard (v2)
+ */
+export const deleteDashboardV2 = (
+	{ id }: DeleteDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'DELETE',
+		signal,
+	});
+};
+
+export const getDeleteDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteDashboardV2>>,
+		TError,
+		{ pathParams: DeleteDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof deleteDashboardV2>>,
+	TError,
+	{ pathParams: DeleteDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['deleteDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof deleteDashboardV2>>,
+		{ pathParams: DeleteDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return deleteDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type DeleteDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof deleteDashboardV2>>
+>;
+
+export type DeleteDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Delete dashboard (v2)
+ */
+export const useDeleteDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteDashboardV2>>,
+		TError,
+		{ pathParams: DeleteDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof deleteDashboardV2>>,
+	TError,
+	{ pathParams: DeleteDashboardV2PathParameters },
+	TContext
+> => {
+	return useMutation(getDeleteDashboardV2MutationOptions(options));
+};
 /**
  * This endpoint returns a v2-shape dashboard.
  * @summary Get dashboard (v2)
@@ -816,3 +1004,518 @@ export const invalidateGetDashboardV2 = async (
 
 	return queryClient;
 };
+
+/**
+ * This endpoint applies an RFC 6902 JSON Patch to a v2-shape dashboard. The patch is applied against the postable view of the dashboard (metadata, data, tags), so individual panels, queries, variables, layouts, or tags can be updated without re-sending the rest of the dashboard. Locked dashboards are rejected.
+ * @summary Patch dashboard (v2)
+ */
+export const patchDashboardV2 = (
+	{ id }: PatchDashboardV2PathParameters,
+	dashboardtypesJSONPatchDocumentDTONull?: BodyType<DashboardtypesJSONPatchDocumentDTO | null> | null,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<PatchDashboardV2200>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'PATCH',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesJSONPatchDocumentDTONull,
+		signal,
+	});
+};
+
+export const getPatchDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof patchDashboardV2>>,
+		TError,
+		{
+			pathParams: PatchDashboardV2PathParameters;
+			data?: BodyType<DashboardtypesJSONPatchDocumentDTO | null>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof patchDashboardV2>>,
+	TError,
+	{
+		pathParams: PatchDashboardV2PathParameters;
+		data?: BodyType<DashboardtypesJSONPatchDocumentDTO | null>;
+	},
+	TContext
+> => {
+	const mutationKey = ['patchDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof patchDashboardV2>>,
+		{
+			pathParams: PatchDashboardV2PathParameters;
+			data?: BodyType<DashboardtypesJSONPatchDocumentDTO | null>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return patchDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type PatchDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof patchDashboardV2>>
+>;
+export type PatchDashboardV2MutationBody =
+	| BodyType<DashboardtypesJSONPatchDocumentDTO | null>
+	| undefined;
+export type PatchDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Patch dashboard (v2)
+ */
+export const usePatchDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof patchDashboardV2>>,
+		TError,
+		{
+			pathParams: PatchDashboardV2PathParameters;
+			data?: BodyType<DashboardtypesJSONPatchDocumentDTO | null>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof patchDashboardV2>>,
+	TError,
+	{
+		pathParams: PatchDashboardV2PathParameters;
+		data?: BodyType<DashboardtypesJSONPatchDocumentDTO | null>;
+	},
+	TContext
+> => {
+	return useMutation(getPatchDashboardV2MutationOptions(options));
+};
+/**
+ * This endpoint updates a v2-shape dashboard's metadata, data, and tag set. Locked dashboards are rejected.
+ * @summary Update dashboard (v2)
+ */
+export const updateDashboardV2 = (
+	{ id }: UpdateDashboardV2PathParameters,
+	dashboardtypesPostableDashboardV2DTO?: BodyType<DashboardtypesPostableDashboardV2DTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<UpdateDashboardV2200>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesPostableDashboardV2DTO,
+		signal,
+	});
+};
+
+export const getUpdateDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdateDashboardV2PathParameters;
+			data?: BodyType<DashboardtypesPostableDashboardV2DTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdateDashboardV2PathParameters;
+		data?: BodyType<DashboardtypesPostableDashboardV2DTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updateDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateDashboardV2>>,
+		{
+			pathParams: UpdateDashboardV2PathParameters;
+			data?: BodyType<DashboardtypesPostableDashboardV2DTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updateDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateDashboardV2>>
+>;
+export type UpdateDashboardV2MutationBody =
+	| BodyType<DashboardtypesPostableDashboardV2DTO>
+	| undefined;
+export type UpdateDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update dashboard (v2)
+ */
+export const useUpdateDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdateDashboardV2PathParameters;
+			data?: BodyType<DashboardtypesPostableDashboardV2DTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdateDashboardV2PathParameters;
+		data?: BodyType<DashboardtypesPostableDashboardV2DTO>;
+	},
+	TContext
+> => {
+	return useMutation(getUpdateDashboardV2MutationOptions(options));
+};
+/**
+ * This endpoint unlocks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.
+ * @summary Unlock dashboard (v2)
+ */
+export const unlockDashboardV2 = (
+	{ id }: UnlockDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/lock`,
+		method: 'DELETE',
+		signal,
+	});
+};
+
+export const getUnlockDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unlockDashboardV2>>,
+		TError,
+		{ pathParams: UnlockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof unlockDashboardV2>>,
+	TError,
+	{ pathParams: UnlockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['unlockDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof unlockDashboardV2>>,
+		{ pathParams: UnlockDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return unlockDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UnlockDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof unlockDashboardV2>>
+>;
+
+export type UnlockDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Unlock dashboard (v2)
+ */
+export const useUnlockDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unlockDashboardV2>>,
+		TError,
+		{ pathParams: UnlockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof unlockDashboardV2>>,
+	TError,
+	{ pathParams: UnlockDashboardV2PathParameters },
+	TContext
+> => {
+	return useMutation(getUnlockDashboardV2MutationOptions(options));
+};
+/**
+ * This endpoint locks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.
+ * @summary Lock dashboard (v2)
+ */
+export const lockDashboardV2 = (
+	{ id }: LockDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/lock`,
+		method: 'PUT',
+		signal,
+	});
+};
+
+export const getLockDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof lockDashboardV2>>,
+		TError,
+		{ pathParams: LockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof lockDashboardV2>>,
+	TError,
+	{ pathParams: LockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['lockDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof lockDashboardV2>>,
+		{ pathParams: LockDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return lockDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type LockDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof lockDashboardV2>>
+>;
+
+export type LockDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Lock dashboard (v2)
+ */
+export const useLockDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof lockDashboardV2>>,
+		TError,
+		{ pathParams: LockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof lockDashboardV2>>,
+	TError,
+	{ pathParams: LockDashboardV2PathParameters },
+	TContext
+> => {
+	return useMutation(getLockDashboardV2MutationOptions(options));
+};
+/**
+ * Removes the pin for the calling user. Idempotent — unpinning a dashboard that wasn't pinned still returns 204.
+ * @summary Unpin a dashboard for the current user (v2)
+ */
+export const unpinDashboardV2 = (
+	{ id }: UnpinDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/pins/me`,
+		method: 'DELETE',
+		signal,
+	});
+};
+
+export const getUnpinDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unpinDashboardV2>>,
+		TError,
+		{ pathParams: UnpinDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof unpinDashboardV2>>,
+	TError,
+	{ pathParams: UnpinDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['unpinDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof unpinDashboardV2>>,
+		{ pathParams: UnpinDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return unpinDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UnpinDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof unpinDashboardV2>>
+>;
+
+export type UnpinDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Unpin a dashboard for the current user (v2)
+ */
+export const useUnpinDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unpinDashboardV2>>,
+		TError,
+		{ pathParams: UnpinDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof unpinDashboardV2>>,
+	TError,
+	{ pathParams: UnpinDashboardV2PathParameters },
+	TContext
+> => {
+	return useMutation(getUnpinDashboardV2MutationOptions(options));
+};
+/**
+ * Pins the dashboard for the calling user. A user can pin at most 10 dashboards; pinning when at the limit returns 409. Re-pinning an already-pinned dashboard is a no-op success.
+ * @summary Pin a dashboard for the current user (v2)
+ */
+export const pinDashboardV2 = (
+	{ id }: PinDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/pins/me`,
+		method: 'PUT',
+		signal,
+	});
+};
+
+export const getPinDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof pinDashboardV2>>,
+		TError,
+		{ pathParams: PinDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof pinDashboardV2>>,
+	TError,
+	{ pathParams: PinDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['pinDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof pinDashboardV2>>,
+		{ pathParams: PinDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return pinDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type PinDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof pinDashboardV2>>
+>;
+
+export type PinDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Pin a dashboard for the current user (v2)
+ */
+export const usePinDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof pinDashboardV2>>,
+		TError,
+		{ pathParams: PinDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof pinDashboardV2>>,
+	TError,
+	{ pathParams: PinDashboardV2PathParameters },
+	TContext
+> => {
+	return useMutation(getPinDashboardV2MutationOptions(options));
+};

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -4653,6 +4653,110 @@ export interface DashboardtypesGettablePublicDashboardDataDTO {
 	publicDashboard?: DashboardtypesGettablePublicDasbhboardDTO;
 }
 
+export enum DashboardtypesJSONPatchOperationDTOOp {
+	add = 'add',
+	remove = 'remove',
+	replace = 'replace',
+	move = 'move',
+	copy = 'copy',
+	test = 'test',
+}
+export interface DashboardtypesJSONPatchOperationDTO {
+	/**
+	 * @type string
+	 * @description Source JSON Pointer for move/copy ops; ignored for other ops.
+	 */
+	from?: string;
+	/**
+	 * @enum add,remove,replace,move,copy,test
+	 * @type string
+	 */
+	op: DashboardtypesJSONPatchOperationDTOOp;
+	/**
+	 * @type string
+	 * @description JSON Pointer (RFC 6901) into the dashboard's postable shape — e.g. /spec/display/name, /spec/panels/<id>, /spec/panels/<id>/spec/queries/0, /tags/-.
+	 */
+	path: string;
+	/**
+	 * @description Value to add/replace/test against. The expected type depends on the path. Common shapes (see referenced schemas for the exact field set): /spec/panels/<id> takes a DashboardtypesPanel; /spec/panels/<id>/spec/queries/N (or /-) takes a DashboardtypesQuery; /spec/variables/N takes a DashboardtypesVariable; /spec/layouts/N takes a DashboardtypesLayout; /tags/N (or /-) takes a TagtypesPostableTag; /spec/display/name and other leaf string fields take a string. Required for add/replace/test; ignored for remove/move/copy.
+	 */
+	value?: unknown;
+}
+
+/**
+ * @nullable
+ */
+export type DashboardtypesJSONPatchDocumentDTO =
+	| DashboardtypesJSONPatchOperationDTO[]
+	| null;
+
+export interface DashboardtypesListedDashboardV2SpecDTO {
+	display?: CommonDisplayDTO;
+}
+
+export interface DashboardtypesListedDashboardV2DTO {
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	createdAt?: string;
+	/**
+	 * @type string
+	 */
+	createdBy?: string;
+	/**
+	 * @type string
+	 */
+	id: string;
+	/**
+	 * @type boolean
+	 */
+	locked: boolean;
+	/**
+	 * @type string
+	 */
+	name: string;
+	/**
+	 * @type string
+	 */
+	orgId: string;
+	/**
+	 * @type boolean
+	 */
+	pinned: boolean;
+	/**
+	 * @type string
+	 */
+	schemaVersion: string;
+	source: DashboardtypesSourceDTO;
+	spec: DashboardtypesListedDashboardV2SpecDTO;
+	/**
+	 * @type array
+	 */
+	tags: TagtypesPostableTagDTO[];
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	updatedAt?: string;
+	/**
+	 * @type string
+	 */
+	updatedBy?: string;
+}
+
+export interface DashboardtypesListableDashboardV2DTO {
+	/**
+	 * @type array
+	 */
+	dashboards: DashboardtypesListedDashboardV2DTO[];
+	/**
+	 * @type integer
+	 * @format int64
+	 */
+	total: number;
+}
+
 export enum DashboardtypesPanelPluginKindDTO {
 	'signoz/TimeSeriesPanel' = 'signoz/TimeSeriesPanel',
 	'signoz/BarChartPanel' = 'signoz/BarChartPanel',
@@ -9457,6 +9561,42 @@ export type GetUserPreference200 = {
 export type UpdateUserPreferencePathParameters = {
 	name: string;
 };
+export type ListDashboardsV2Params = {
+	/**
+	 * @type string
+	 * @description undefined
+	 */
+	query?: string;
+	/**
+	 * @type string
+	 * @description undefined
+	 */
+	sort?: string;
+	/**
+	 * @type string
+	 * @description undefined
+	 */
+	order?: string;
+	/**
+	 * @type integer
+	 * @description undefined
+	 */
+	limit?: number;
+	/**
+	 * @type integer
+	 * @description undefined
+	 */
+	offset?: number;
+};
+
+export type ListDashboardsV2200 = {
+	data: DashboardtypesListableDashboardV2DTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
 export type CreateDashboardV2201 = {
 	data: DashboardtypesGettableDashboardV2DTO;
 	/**
@@ -9465,6 +9605,9 @@ export type CreateDashboardV2201 = {
 	status: string;
 };
 
+export type DeleteDashboardV2PathParameters = {
+	id: string;
+};
 export type GetDashboardV2PathParameters = {
 	id: string;
 };
@@ -9476,6 +9619,40 @@ export type GetDashboardV2200 = {
 	status: string;
 };
 
+export type PatchDashboardV2PathParameters = {
+	id: string;
+};
+export type PatchDashboardV2200 = {
+	data: DashboardtypesGettableDashboardV2DTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
+export type UpdateDashboardV2PathParameters = {
+	id: string;
+};
+export type UpdateDashboardV2200 = {
+	data: DashboardtypesGettableDashboardV2DTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
+export type UnlockDashboardV2PathParameters = {
+	id: string;
+};
+export type LockDashboardV2PathParameters = {
+	id: string;
+};
+export type UnpinDashboardV2PathParameters = {
+	id: string;
+};
+export type PinDashboardV2PathParameters = {
+	id: string;
+};
 export type GetFeatures200 = {
 	/**
 	 * @type array

frontend/src/components/CustomTimePicker/CustomTimePickerPopoverContent.tsx

@@ -359,8 +359,7 @@ function CustomTimePickerPopoverContent({
 						<Clock
 							color={Color.BG_ROBIN_400}
 							className="timezone-container__clock-icon"
-							height={12}
-							width={12}
+							size={14}
 						/>
 
 						<span className="timezone__name">{timezone.name}</span>

frontend/src/components/FieldsSelector/AddedFields.tsx

@@ -144,10 +144,7 @@ function AddedFields({
 										field={field}
 										onRemove={handleRemove}
 										allowDrag={allowDrag}
-										isRequired={
-											requiredFields.includes(field.name) ||
-											requiredFields.includes(field.key as string)
-										}
+										isRequired={requiredFields.includes(field.key as string)}
 									/>
 								))}
 							</SortableContext>

frontend/src/components/FieldsSelector/__tests__/AddedFields.test.tsx

@@ -25,7 +25,7 @@ describe('AddedFields — requiredFields', () => {
 		expect(screen.getAllByRole('button', { name: /remove/i })).toHaveLength(3);
 	});
 
-	it('hides the Remove button for fields whose name is in requiredFields', () => {
+	it('hides the Remove button for fields whose composite key is in requiredFields', () => {
 		const fields = [makeField('a'), makeField('b'), makeField('c')];
 
 		render(
@@ -33,7 +33,7 @@ describe('AddedFields — requiredFields', () => {
 				inputValue=""
 				fields={fields}
 				onFieldsChange={jest.fn()}
-				requiredFields={['a', 'c']}
+				requiredFields={['log.a', 'log.c']}
 			/>,
 		);
 
@@ -50,7 +50,7 @@ describe('AddedFields — requiredFields', () => {
 				inputValue=""
 				fields={fields}
 				onFieldsChange={jest.fn()}
-				requiredFields={['a']}
+				requiredFields={['log.a']}
 			/>,
 		);
 
@@ -58,9 +58,9 @@ describe('AddedFields — requiredFields', () => {
 		expect(screen.getByText('b')).toBeInTheDocument();
 	});
 
-	it('locks all variants of a required name regardless of fieldContext', () => {
-		// Two `body` fields with different contexts — both should lock when
-		// `body` is in requiredFields.
+	it('locks ONLY the canonical variant — a same-name field from another context stays removable', () => {
+		// Two `body` fields with different contexts. requiredFields holds the
+		// canonical composite key only, so the attribute variant is deletable.
 		const fields = [makeField('body', 'log'), makeField('body', 'attribute')];
 
 		render(
@@ -68,41 +68,6 @@ describe('AddedFields — requiredFields', () => {
 				inputValue=""
 				fields={fields}
 				onFieldsChange={jest.fn()}
-				requiredFields={['body']}
-			/>,
-		);
-
-		// Both 'body' variants locked → zero Remove buttons.
-		expect(screen.queryAllByRole('button', { name: /remove/i })).toHaveLength(0);
-	});
-
-	it('treats requiredFields as exact-name match (substring does not lock)', () => {
-		const fields = [makeField('body'), makeField('body_extra')];
-
-		render(
-			<AddedFields
-				inputValue=""
-				fields={fields}
-				onFieldsChange={jest.fn()}
-				requiredFields={['body']}
-			/>,
-		);
-
-		// 'body' locked, 'body_extra' removable.
-		expect(screen.getAllByRole('button', { name: /remove/i })).toHaveLength(1);
-	});
-
-	it('also accepts composite IDs in requiredFields (locks a specific variant)', () => {
-		// Two `body` fields with different contexts.
-		const fields = [makeField('body', 'log'), makeField('body', 'attribute')];
-
-		render(
-			<AddedFields
-				inputValue=""
-				fields={fields}
-				onFieldsChange={jest.fn()}
-				// Composite ID — locks ONLY the log variant, attribute variant stays
-				// removable.
 				requiredFields={['log.body']}
 			/>,
 		);
@@ -110,4 +75,37 @@ describe('AddedFields — requiredFields', () => {
 		// One Remove button: the attribute variant. log variant is locked.
 		expect(screen.getAllByRole('button', { name: /remove/i })).toHaveLength(1);
 	});
+
+	it('does not lock anything when a bare name is passed (composite key required)', () => {
+		// Bare `body` no longer matches — matching is composite-key only now.
+		const fields = [makeField('body', 'log'), makeField('body', 'attribute')];
+
+		render(
+			<AddedFields
+				inputValue=""
+				fields={fields}
+				onFieldsChange={jest.fn()}
+				requiredFields={['body']}
+			/>,
+		);
+
+		// Neither variant locked → both removable.
+		expect(screen.getAllByRole('button', { name: /remove/i })).toHaveLength(2);
+	});
+
+	it('treats requiredFields as exact composite-key match (substring does not lock)', () => {
+		const fields = [makeField('body'), makeField('body_extra')];
+
+		render(
+			<AddedFields
+				inputValue=""
+				fields={fields}
+				onFieldsChange={jest.fn()}
+				requiredFields={['log.body']}
+			/>,
+		);
+
+		// 'log.body' locked, 'log.body_extra' removable.
+		expect(screen.getAllByRole('button', { name: /remove/i })).toHaveLength(1);
+	});
 });

frontend/src/components/Logs/TableView/__tests__/useLogsTableColumns.test.tsx

@@ -10,9 +10,9 @@ jest.mock('providers/Timezone', () => ({
 	}),
 }));
 
-const field = (name: string): IField => ({
+const field = (name: string, type = ''): IField => ({
 	name,
-	type: '',
+	type,
 	dataType: 'string',
 });
 
@@ -38,18 +38,16 @@ describe('useLogsTableColumns — selectColumns-order respected', () => {
 			useLogsTableColumns({
 				fields: [
 					field('service.name'),
-					field('body'),
+					field('body', 'log'),
 					field('request.id'),
-					field('timestamp'),
+					field('timestamp', 'log'),
 				],
 				fontSize: FontSize.SMALL,
 			}),
 		);
 
-		// body/timestamp are NOT pinned to fixed positions — they appear where the
-		// caller placed them in `fields`. body/timestamp use composite IDs
-		// ('log.body', 'log.timestamp') since their fieldContext is fixed; user
-		// fields here have empty `type` so their composite collapses to bare name.
+		// body/timestamp appear where the caller placed them, keyed by their
+		// composite IDs ('log.*'); contextless user fields collapse to bare name.
 		expect(result.current.map((c) => c.id)).toStrictEqual([
 			'state-indicator',
 			'service.name',
@@ -59,6 +57,43 @@ describe('useLogsTableColumns — selectColumns-order respected', () => {
 		]);
 	});
 
+	it('renders a same-name field from another context as a DISTINCT column (no collision)', () => {
+		const { result } = renderHook(() =>
+			useLogsTableColumns({
+				fields: [field('body', 'log'), field('body', 'attribute')],
+				fontSize: FontSize.SMALL,
+			}),
+		);
+
+		const byId = new Map(result.current.map((c) => [c.id, c]));
+		// Attribute variant is its own column, not a duplicate 'log.body'.
+		expect(result.current.map((c) => c.id)).toStrictEqual([
+			'state-indicator',
+			'log.body',
+			'attribute.body',
+		]);
+		expect(byId.get('log.body')?.enableRemove).toBe(false);
+		expect(byId.get('attribute.body')?.enableRemove).toBe(true);
+	});
+
+	it('applies the same distinct-column treatment to timestamp variants', () => {
+		const { result } = renderHook(() =>
+			useLogsTableColumns({
+				fields: [field('timestamp', 'log'), field('timestamp', 'attribute')],
+				fontSize: FontSize.SMALL,
+			}),
+		);
+
+		const byId = new Map(result.current.map((c) => [c.id, c]));
+		expect(result.current.map((c) => c.id)).toStrictEqual([
+			'state-indicator',
+			'log.timestamp',
+			'attribute.timestamp',
+		]);
+		expect(byId.get('log.timestamp')?.enableRemove).toBe(false);
+		expect(byId.get('attribute.timestamp')?.enableRemove).toBe(true);
+	});
+
 	it('skips the synthetic "id" field name', () => {
 		const { result } = renderHook(() =>
 			useLogsTableColumns({
@@ -77,7 +112,11 @@ describe('useLogsTableColumns — selectColumns-order respected', () => {
 	it('uses the special body/timestamp coldefs (canBeHidden=false), not the generic user field def', () => {
 		const { result } = renderHook(() =>
 			useLogsTableColumns({
-				fields: [field('body'), field('timestamp'), field('user_field')],
+				fields: [
+					field('body', 'log'),
+					field('timestamp', 'log'),
+					field('user_field'),
+				],
 				fontSize: FontSize.SMALL,
 			}),
 		);

frontend/src/components/Logs/TableView/useLogsTableColumns.tsx

@@ -96,15 +96,18 @@ export function useLogsTableColumns({
 			),
 		});
 
+		// Match body/timestamp by composite key, not bare name — else a variant
+		// like `attribute.body` collapses onto `log.body`, duplicating the column.
 		const fieldCols = fields
 			.map((f): TableColumnDef<ILog> | null => {
 				if (f.name === 'id') {
 					return null;
 				}
-				if (f.name === 'timestamp') {
+				const compositeKey = buildCompositeKey(f.name, f.type);
+				if (compositeKey === timestampCol.id) {
 					return timestampCol;
 				}
-				if (f.name === 'body') {
+				if (compositeKey === bodyCol.id) {
 					return bodyCol;
 				}
 				return makeUserFieldCol(f);

frontend/src/components/NewSelect/styles.scss

@@ -109,6 +109,16 @@ $custom-border-color: #2c3044;
 		color: color-mix(in srgb, var(--l2-foreground) 45%, transparent);
 	}
 
+	.ant-select-clear {
+		background-color: var(--l2-background);
+		color: var(--l2-foreground);
+		font-size: 12px;
+
+		&:hover {
+			color: var(--l1-foreground);
+		}
+	}
+
 	// Customize tags in multiselect (dark mode by default)
 	.ant-select-selection-item {
 		background-color: var(--l1-border);
@@ -392,7 +402,9 @@ $custom-border-color: #2c3044;
 // Custom dropdown styles for multi-select
 .custom-multiselect-dropdown {
 	padding: 8px 0 0 0;
-	max-height: 350px;
+	// Tall enough to hold the react-virtuoso list (<=300px) + header/footer
+	// so only the list scrolls (avoids a second scrollbar on this container).
+	max-height: 410px;
 	overflow-y: auto;
 	overflow-x: hidden;
 	scrollbar-width: thin;
@@ -483,8 +495,12 @@ $custom-border-color: #2c3044;
 		.option-checkbox {
 			width: 100%;
 
-			> span:not(.ant-checkbox) {
-				width: 100%;
+			// @signozhq/ui Checkbox renders children inside a <label> that is
+			// content-sized by default. Make it fill the row (min-width: 0 lets it
+			// shrink) so the option text below can truncate instead of overflowing.
+			> label {
+				flex: 1 1 auto;
+				min-width: 0;
 			}
 
 			.all-option-text {
@@ -501,7 +517,12 @@ $custom-border-color: #2c3044;
 				width: 100%;
 
 				.option-label-text {
+					flex: 1 1 auto;
+					min-width: 0;
 					margin-bottom: 0;
+					overflow: hidden;
+					white-space: nowrap;
+					text-overflow: ellipsis;
 				}
 
 				.option-badge {
@@ -514,26 +535,30 @@ $custom-border-color: #2c3044;
 				}
 			}
 
-			.only-btn {
-				display: none;
-			}
+			// Size the buttons to the row's resting content height (20px) and fully
+			// override antd's default 32px Button box, so revealing them on hover
+			// never changes the row height.
+			.only-btn,
 			.toggle-btn {
 				display: none;
-			}
+				align-items: center;
+				justify-content: center;
+				height: 18px;
+				min-height: 0;
+				padding: 0 6px;
+				font-size: 12px;
+				line-height: 1;
+				border: none;
+				box-shadow: none;
 
-			.only-btn:hover {
-				background-color: unset;
-			}
-			.toggle-btn:hover {
-				background-color: unset;
+				&:hover {
+					background-color: unset;
+				}
 			}
 
 			.option-content:hover {
 				.only-btn {
 					display: flex;
-					align-items: center;
-					justify-content: center;
-					height: 21px;
 				}
 				.toggle-btn {
 					display: none;
@@ -548,9 +573,6 @@ $custom-border-color: #2c3044;
 		.option-checkbox:hover {
 			.toggle-btn {
 				display: flex;
-				align-items: center;
-				justify-content: center;
-				height: 21px;
 			}
 			.option-badge {
 				display: none;

frontend/src/container/AlertHistory/Statistics/StatsCard/StatsCard.styles.scss

@@ -67,8 +67,8 @@
 	gap: 4px;
 
 	&--success {
-		background: color-mix(in srgb, var(--success-background) 10%, transparent);
-		color: var(--success-foreground);
+		background: color-mix(in srgb, var(--text-forest-500) 10%, transparent);
+		color: var(--text-forest-400);
 	}
 
 	&--error {

frontend/src/container/CreateAlertV2/NotificationSettings/styles.scss

@@ -153,6 +153,7 @@
 				font-size: 10px;
 				color: var(--l2-foreground);
 				margin-top: 4px;
+				display: block;
 			}
 		}
 

frontend/src/container/DashboardContainer/DashboardSettings/DashboardSettingsContent.styles.scss

@@ -47,18 +47,10 @@
 		}
 
 		.ant-tabs-tab-active {
-			.overview-btn {
-				border-radius: 2px 0px 0px 2px;
-				background: var(--l1-border);
-			}
-
-			.variables-btn {
-				border-radius: 2px 0px 0px 2px;
-				background: var(--l1-border);
-			}
-
+			.overview-btn,
+			.variables-btn,
 			.public-dashboard-btn {
-				border-radius: 2px 0px 0px 2px;
+				color: var(--primary-background);
 				background: var(--l1-border);
 			}
 		}

frontend/src/container/DashboardContainer/DashboardSettings/DashboardVariableSettings/VariableItem/VariableItem.styles.scss

@@ -127,6 +127,15 @@
 					align-items: center;
 					justify-content: center;
 					gap: 4px;
+
+					.sidenav-beta-tag {
+						margin-left: 4px;
+					}
+
+					div {
+						display: flex;
+						align-items: center;
+					}
 				}
 
 				.variable-type-btn + .variable-type-btn {
@@ -177,6 +186,7 @@
 
 		.multiple-values-section {
 			justify-content: space-between;
+			align-items: flex-start;
 			margin-bottom: 0;
 
 			.typography-variables {
@@ -193,6 +203,7 @@
 
 		.all-option-section {
 			justify-content: space-between;
+			align-items: flex-start;
 			margin-bottom: 0;
 
 			.typography-variables {

frontend/src/container/DashboardContainer/DashboardSettings/DashboardVariableSettings/VariableItem/VariableItem.tsx

@@ -518,7 +518,6 @@ function VariableItem({
 										size={14}
 										style={{
 											color: isDarkMode ? Color.BG_VANILLA_100 : Color.BG_INK_500,
-											marginTop: 1,
 										}}
 									/>
 								}
@@ -614,7 +613,6 @@ function VariableItem({
 												size={14}
 												style={{
 													color: isDarkMode ? Color.BG_VANILLA_100 : Color.BG_INK_500,
-													marginTop: 1,
 												}}
 											/>
 										}

frontend/src/container/FormAlertRules/QuerySection.styles.scss

@@ -19,6 +19,7 @@
 		}
 		.ant-btn-default {
 			border-color: transparent;
+			box-shadow: none;
 		}
 	}
 	.ant-tabs-tab-active {

frontend/src/container/OptionsMenu/__test__/ensureLogsRequiredColumns.test.ts

@@ -67,13 +67,23 @@ describe('ensureLogsRequiredColumns', () => {
 		]);
 	});
 
-	it('does not duplicate if a required column appears twice in the input', () => {
-		// Tolerant of malformed input — invariant only adds *missing* required
-		// columns; it does not deduplicate existing entries (that's a separate
-		// concern, not its job).
+	it('collapses composite-key duplicates in the input', () => {
+		// Two identical `body` entries → deduped to one, then timestamp prepended.
 		const input = [BODY, BODY, ATTR_A];
 		const result = ensureLogsRequiredColumns(input);
-		expect(result.filter((c) => c.name === 'timestamp')).toHaveLength(1);
-		expect(result[0]).toStrictEqual(TIMESTAMP);
+		expect(result).toStrictEqual([TIMESTAMP, BODY, ATTR_A]);
+		expect(result.filter((c) => c.name === 'body')).toHaveLength(1);
+	});
+
+	it('keeps same-name fields with different contexts as distinct columns', () => {
+		// Different composite keys → both legitimate, neither deduped.
+		const ATTR_BODY: TelemetryFieldKey = {
+			name: 'body',
+			signal: 'logs',
+			fieldContext: 'attribute',
+			fieldDataType: 'string',
+		};
+		const input = [TIMESTAMP, BODY, ATTR_BODY];
+		expect(ensureLogsRequiredColumns(input)).toStrictEqual(input);
 	});
 });

frontend/src/container/OptionsMenu/constants.ts

@@ -2,6 +2,7 @@ import { TelemetryFieldKey } from 'api/v5/v5';
 import { DataSource } from 'types/common/queryBuilder';
 
 import { FontSize, OptionsQuery } from './types';
+import { buildCompositeKey } from './utils';
 
 export const URL_OPTIONS = 'options';
 
@@ -35,22 +36,48 @@ export const defaultLogsSelectedColumns: TelemetryFieldKey[] = [
 	},
 ];
 
-export const LOGS_REQUIRED_COLUMNS = ['timestamp', 'body'] as const;
+// Names that must always be present in logs selectColumns (writer invariant).
+const LOGS_REQUIRED_COLUMN_NAMES = defaultLogsSelectedColumns.map(
+	(c) => c.name,
+);
 
-/**
- * Always-on invariant: every logs selectColumns array must contain `body` and
- * `timestamp`. Applied at both loader and writer boundaries so the picker, the
- * table, and persisted state can never diverge into a "missing required
- * column" state.
- */
+// Composite keys (not bare names) so the picker locks ONLY the canonical
+// `log.body`/`log.timestamp` — a same-name variant like `attribute.body` stays
+// removable.
+export const LOGS_REQUIRED_COLUMNS = defaultLogsSelectedColumns.map((c) =>
+	buildCompositeKey(c.name, c.fieldContext),
+);
+
+// Drop composite-key duplicates (never legitimate — they only come from
+// corrupted state). Returns the same array reference when nothing to dedupe.
+export function dedupeColumnsByCompositeKey(
+	columns: TelemetryFieldKey[],
+): TelemetryFieldKey[] {
+	const seen = new Set<string>();
+	let hasDuplicate = false;
+	const deduped = columns.filter((c) => {
+		const key = buildCompositeKey(c.name, c.fieldContext);
+		if (seen.has(key)) {
+			hasDuplicate = true;
+			return false;
+		}
+		seen.add(key);
+		return true;
+	});
+	return hasDuplicate ? deduped : columns;
+}
+
+// Logs selectColumns invariant: no composite-key duplicates, and body +
+// timestamp always present. Applied at loader + writer boundaries.
 export function ensureLogsRequiredColumns(
 	columns: TelemetryFieldKey[],
 ): TelemetryFieldKey[] {
-	const missing = LOGS_REQUIRED_COLUMNS.filter(
-		(name) => !columns.some((c) => c.name === name),
+	const deduped = dedupeColumnsByCompositeKey(columns);
+	const missing = LOGS_REQUIRED_COLUMN_NAMES.filter(
+		(name) => !deduped.some((c) => c.name === name),
 	);
 	if (missing.length === 0) {
-		return columns;
+		return deduped;
 	}
 	const defaultsByName = new Map(
 		defaultLogsSelectedColumns.map((c) => [c.name, c]),
@@ -58,7 +85,7 @@ export function ensureLogsRequiredColumns(
 	const prepended = missing
 		.map((name) => defaultsByName.get(name))
 		.filter((c): c is TelemetryFieldKey => c !== undefined);
-	return [...prepended, ...columns];
+	return [...prepended, ...deduped];
 }
 
 export const defaultTraceSelectedColumns: TelemetryFieldKey[] = [

frontend/src/container/OrganizationSettings/AuthDomain/CreateEdit/CreateEdit.tsx

@@ -103,7 +103,7 @@ function CreateOrEdit(props: CreateOrEditProps): JSX.Element {
 
 		return {
 			...rest,
-			...(domainToAdminEmail && { domainToAdminEmail }),
+			domainToAdminEmail: domainToAdminEmail ?? {},
 		};
 	}, [form]);
 
@@ -129,7 +129,7 @@ function CreateOrEdit(props: CreateOrEditProps): JSX.Element {
 
 		return {
 			...rest,
-			...(groupMappings && { groupMappings }),
+			groupMappings: groupMappings ?? {},
 		};
 	}, [form]);
 

frontend/src/container/OrganizationSettings/AuthDomain/CreateEdit/CreateEdit.utils.test.ts

@@ -0,0 +1,144 @@
+import { AuthtypesAuthNProviderDTO } from 'api/generated/services/sigNoz.schemas';
+
+import {
+	convertDomainMappingsToList,
+	convertDomainMappingsToRecord,
+	convertGroupMappingsToList,
+	convertGroupMappingsToRecord,
+	prepareInitialValues,
+} from './CreateEdit.utils';
+
+describe('convertGroupMappingsToRecord', () => {
+	it('returns undefined for an empty list', () => {
+		expect(convertGroupMappingsToRecord([])).toBeUndefined();
+	});
+
+	it('returns undefined when input is undefined', () => {
+		expect(convertGroupMappingsToRecord(undefined)).toBeUndefined();
+	});
+
+	it('converts entries to a Record', () => {
+		expect(
+			convertGroupMappingsToRecord([
+				{ groupName: 'admins', role: 'ADMIN' },
+				{ groupName: 'viewers', role: 'VIEWER' },
+			]),
+		).toStrictEqual({ admins: 'ADMIN', viewers: 'VIEWER' });
+	});
+
+	it('skips entries with missing groupName or role', () => {
+		expect(
+			convertGroupMappingsToRecord([
+				{ groupName: 'admins', role: 'ADMIN' },
+				{ groupName: '', role: 'VIEWER' },
+				{ role: 'EDITOR' },
+			]),
+		).toStrictEqual({ admins: 'ADMIN' });
+	});
+});
+
+describe('convertDomainMappingsToRecord', () => {
+	it('returns undefined for an empty list', () => {
+		expect(convertDomainMappingsToRecord([])).toBeUndefined();
+	});
+
+	it('returns undefined when input is undefined', () => {
+		expect(convertDomainMappingsToRecord(undefined)).toBeUndefined();
+	});
+
+	it('converts entries to a Record', () => {
+		expect(
+			convertDomainMappingsToRecord([
+				{ domain: 'example.com', adminEmail: 'admin@example.com' },
+				{ domain: 'corp.io', adminEmail: 'it@corp.io' },
+			]),
+		).toStrictEqual({
+			'example.com': 'admin@example.com',
+			'corp.io': 'it@corp.io',
+		});
+	});
+});
+
+describe('round-trip fidelity', () => {
+	it('Record → list → Record preserves group mappings', () => {
+		const original = { admins: 'ADMIN', devs: 'EDITOR', viewers: 'VIEWER' };
+		expect(
+			convertGroupMappingsToRecord(convertGroupMappingsToList(original)),
+		).toStrictEqual(original);
+	});
+
+	it('Record → list → Record preserves domain mappings', () => {
+		const original = {
+			'example.com': 'admin@example.com',
+			'corp.io': 'it@corp.io',
+		};
+		expect(
+			convertDomainMappingsToRecord(convertDomainMappingsToList(original)),
+		).toStrictEqual(original);
+	});
+});
+
+describe('prepareInitialValues', () => {
+	it('returns empty defaults when no record is provided', () => {
+		expect(prepareInitialValues(undefined)).toStrictEqual({
+			name: '',
+			ssoEnabled: false,
+			ssoType: '',
+		});
+	});
+
+	it('hydrates groupMappings Record into groupMappingsList for the form', () => {
+		const result = prepareInitialValues({
+			id: 'domain-1',
+			name: 'example.com',
+			config: {
+				ssoEnabled: true,
+				ssoType: AuthtypesAuthNProviderDTO.saml,
+				roleMapping: {
+					defaultRole: 'VIEWER',
+					useRoleAttribute: false,
+					groupMappings: { admins: 'ADMIN', viewers: 'VIEWER' },
+				},
+			},
+		});
+
+		expect(result.roleMapping?.groupMappingsList).toStrictEqual([
+			{ groupName: 'admins', role: 'ADMIN' },
+			{ groupName: 'viewers', role: 'VIEWER' },
+		]);
+	});
+
+	it('hydrates domainToAdminEmail Record into domainToAdminEmailList for the form', () => {
+		const result = prepareInitialValues({
+			id: 'domain-1',
+			name: 'example.com',
+			config: {
+				ssoEnabled: true,
+				ssoType: AuthtypesAuthNProviderDTO.google_auth,
+				googleAuthConfig: {
+					clientId: 'id',
+					clientSecret: 'secret',
+					domainToAdminEmail: { 'example.com': 'admin@example.com' },
+				},
+			},
+		});
+
+		expect(result.googleAuthConfig?.domainToAdminEmailList).toStrictEqual([
+			{ domain: 'example.com', adminEmail: 'admin@example.com' },
+		]);
+	});
+
+	it('sets groupMappingsList to empty array when roleMapping has no groupMappings', () => {
+		const result = prepareInitialValues({
+			id: 'domain-1',
+			name: 'example.com',
+			config: {
+				ssoEnabled: true,
+				ssoType: AuthtypesAuthNProviderDTO.oidc,
+				roleMapping: { defaultRole: 'VIEWER', useRoleAttribute: true },
+			},
+		});
+
+		expect(result.roleMapping?.groupMappingsList).toStrictEqual([]);
+	});
+});

frontend/src/container/OrganizationSettings/AuthDomain/__tests__/CreateEdit.payload.test.tsx

@@ -0,0 +1,169 @@
+import { fireEvent, render, screen, waitFor } from 'tests/test-utils';
+import { rest, server } from 'mocks-server/server';
+
+import CreateEdit from '../CreateEdit/CreateEdit';
+import {
+	AUTH_DOMAINS_UPDATE_ENDPOINT,
+	mockDomainWithRoleMapping,
+	mockGoogleAuthWithWorkspaceGroups,
+	mockUpdateSuccessResponse,
+} from './mocks';
+
+// The real @signozhq/ui/button has internal effects that prevent form.validateFields()
+// from resolving inside act(). Mirror the pattern from SSOEnforcementToggle.test.tsx
+// which mocks @signozhq/ui/switch for the same reason.
+jest.mock('@signozhq/ui/button', () => ({
+	...jest.requireActual('@signozhq/ui/button'),
+	Button: ({
+		children,
+		onClick,
+		loading,
+		disabled,
+		'aria-label': ariaLabel,
+		prefix,
+		suffix,
+	}: {
+		children?: React.ReactNode;
+		onClick?: React.MouseEventHandler<HTMLButtonElement>;
+		loading?: boolean;
+		disabled?: boolean;
+		'aria-label'?: string;
+		prefix?: React.ReactNode;
+		suffix?: React.ReactNode;
+	}) => (
+		<button
+			type="button"
+			onClick={onClick}
+			disabled={disabled || loading}
+			aria-label={ariaLabel}
+		>
+			{prefix}
+			{children}
+			{suffix}
+		</button>
+	),
+}));
+
+describe('CreateEdit — save payload correctness', () => {
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('sends groupMappings: {} when all group mappings are deleted', async () => {
+		let capturedPayload: unknown = null;
+
+		server.use(
+			rest.put(AUTH_DOMAINS_UPDATE_ENDPOINT, async (req, res, ctx) => {
+				capturedPayload = await req.json();
+				return res(ctx.status(200), ctx.json(mockUpdateSuccessResponse));
+			}),
+		);
+
+		render(
+			<CreateEdit
+				isCreate={false}
+				record={mockDomainWithRoleMapping}
+				onClose={jest.fn()}
+			/>,
+		);
+
+		// Open the Role Mapping collapse (Ant Design Collapse responds to click events)
+		fireEvent.click(screen.getByText(/role mapping \(advanced\)/i));
+
+		// Wait for the 3 group mapping rows to appear
+		await waitFor(() =>
+			expect(
+				screen.getAllByRole('button', { name: /remove mapping/i }),
+			).toHaveLength(3),
+		);
+
+		// Delete each row; re-query after each removal
+		fireEvent.click(
+			screen.getAllByRole('button', { name: /remove mapping/i })[0],
+		);
+		await waitFor(() =>
+			expect(
+				screen.getAllByRole('button', { name: /remove mapping/i }),
+			).toHaveLength(2),
+		);
+
+		fireEvent.click(
+			screen.getAllByRole('button', { name: /remove mapping/i })[0],
+		);
+		await waitFor(() =>
+			expect(
+				screen.getAllByRole('button', { name: /remove mapping/i }),
+			).toHaveLength(1),
+		);
+
+		fireEvent.click(
+			screen.getAllByRole('button', { name: /remove mapping/i })[0],
+		);
+		await waitFor(() =>
+			expect(
+				screen.queryAllByRole('button', { name: /remove mapping/i }),
+			).toHaveLength(0),
+		);
+
+		// Submit — MSW intercepts the PUT request
+		fireEvent.click(screen.getByRole('button', { name: /save changes/i }));
+
+		await waitFor(() => expect(capturedPayload).not.toBeNull());
+
+		expect(capturedPayload).toMatchObject({
+			config: expect.objectContaining({
+				roleMapping: expect.objectContaining({ groupMappings: {} }),
+			}),
+		});
+	});
+
+	it('sends domainToAdminEmail: {} when all domain mappings are deleted', async () => {
+		let capturedPayload: unknown = null;
+
+		server.use(
+			rest.put(AUTH_DOMAINS_UPDATE_ENDPOINT, async (req, res, ctx) => {
+				capturedPayload = await req.json();
+				return res(ctx.status(200), ctx.json(mockUpdateSuccessResponse));
+			}),
+		);
+
+		render(
+			<CreateEdit
+				isCreate={false}
+				record={mockGoogleAuthWithWorkspaceGroups}
+				onClose={jest.fn()}
+			/>,
+		);
+
+		// Open the Google Workspace Groups collapse
+		fireEvent.click(screen.getByText(/google workspace groups/i));
+
+		// Wait for the single domain mapping row
+		await waitFor(() =>
+			expect(
+				screen.getByRole('button', { name: /remove mapping/i }),
+			).toBeInTheDocument(),
+		);
+
+		// Delete the row
+		fireEvent.click(screen.getByRole('button', { name: /remove mapping/i }));
+		await waitFor(() =>
+			expect(
+				screen.queryAllByRole('button', { name: /remove mapping/i }),
+			).toHaveLength(0),
+		);
+
+		// Submit
+		fireEvent.click(screen.getByRole('button', { name: /save changes/i }));
+
+		await waitFor(() => expect(capturedPayload).not.toBeNull());
+
+		expect(capturedPayload).toMatchObject({
+			config: expect.objectContaining({
+				googleAuthConfig: expect.objectContaining({
+					domainToAdminEmail: {},
+				}),
+			}),
+		});
+	});
+});

frontend/src/container/PlannedDowntime/PlannedDowntime.styles.scss

@@ -72,8 +72,20 @@
 	.alert-rule-scope {
 		margin-bottom: 12px;
 
-		.ant-radio-wrapper {
-			color: var(--l1-foreground);
+		// `.createForm label` styles field labels (font-weight 500, 14px,
+		// 6px bottom padding). Those bleed into the @signozhq/ui RadioGroup
+		// option labels, making them bold and vertically misaligned with the
+		// radio control. Reset them back to plain option-text styling.
+		label {
+			padding: 0;
+			font-weight: 400;
+			line-height: normal;
+		}
+
+		// Loosen the design-system default (grid gap 0.5rem) between options.
+		.silence-alerts-radio-group {
+			margin-top: 8px;
+			gap: 12px;
 		}
 	}
 
@@ -144,10 +156,7 @@
 			display: flex;
 			align-items: center;
 			gap: 8px;
-
-			.ant-btn {
-				margin-top: 8px;
-			}
+			margin-top: 12px;
 		}
 
 		.schedule-created-at {

frontend/src/container/PlannedDowntime/PlannedDowntimeForm.tsx

@@ -54,8 +54,7 @@ import {
 } from './PlannedDowntimeutils';
 
 import './PlannedDowntime.styles.scss';
-import { RadioGroupItem } from '@signozhq/ui/radio-group';
-import { RadioGroup } from '@signozhq/ui/radio-group';
+import { RadioGroupItem, RadioGroup } from '@signozhq/ui/radio-group';
 
 dayjs.locale('en');
 dayjs.extend(utc);
@@ -471,7 +470,7 @@ export function PlannedDowntimeForm(
 						initialValue="specific"
 						className="alert-rule-scope"
 					>
-						<RadioGroup>
+						<RadioGroup className="silence-alerts-radio-group">
 							<RadioGroupItem value="all">All alert rules</RadioGroupItem>
 							<RadioGroupItem value="specific">Specific alert rules</RadioGroupItem>
 						</RadioGroup>

frontend/src/container/RoutingPolicies/styles.scss

@@ -35,10 +35,7 @@
 			display: flex;
 			align-items: center;
 			gap: 8px;
-
-			.ant-btn {
-				margin-top: 8px;
-			}
+			margin-top: 12px;
 		}
 
 		.routing-policies-table {

frontend/src/container/TopNav/AutoRefreshV2/AutoRefreshV2.styles.scss

@@ -8,7 +8,7 @@
 			139deg,
 			color-mix(in srgb, var(--card) 80%, transparent) 0%,
 			color-mix(in srgb, var(--card) 90%, transparent) 98.68%
-		);
+		) !important;
 		box-shadow: 4px 10px 16px 2px rgba(0, 0, 0, 0.2);
 		backdrop-filter: blur(20px);
 		padding: 0;
@@ -34,9 +34,9 @@
 }
 
 .refresh-interval-text {
-	padding: 12px 14px 8px 14px;
+	padding: 12px 14px 8px 14px !important;
 	color: var(--muted-foreground);
-	font-size: 11px;
+	font-size: 13px;
 	font-style: normal;
 	font-weight: 500;
 	line-height: 18px; /* 163.636% */

frontend/src/pages/MetricsExplorer/MetricsExplorerPage.styles.scss

@@ -9,7 +9,7 @@
 	}
 
 	.ant-tabs-nav {
-		padding: 0 8px;
+		padding-left: 16px;
 		margin-bottom: 0px;
 
 		&::before {

go.mod

@@ -89,6 +89,7 @@ require (
 	gonum.org/v1/gonum v0.17.0
 	google.golang.org/api v0.272.0
 	google.golang.org/protobuf v1.36.11
+	gopkg.in/evanphx/json-patch.v4 v4.13.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.35.3

pkg/apiserver/signozapiserver/dashboard.go

@@ -14,6 +14,23 @@ import (
 )
 
 func (provider *provider) addDashboardRoutes(router *mux.Router) error {
+	if err := router.Handle("/api/v2/dashboards", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.ListV2), handler.OpenAPIDef{
+		ID:                  "ListDashboardsV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "List dashboards (v2)",
+		Description:         "Returns a page of v2-shape dashboards for the calling user's org. Supports a filter DSL (`query`), sort (`updated_at`/`created_at`/`title`), order (`asc`/`desc`), and offset-based pagination (`limit`/`offset`). Pinned dashboards float to the top of each page.",
+		Request:             new(dashboardtypes.ListDashboardsV2Params),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.ListableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v2/dashboards", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.CreateV2), handler.OpenAPIDef{
 		ID:                  "CreateDashboardV2",
 		Tags:                []string{"dashboard"},
@@ -48,6 +65,133 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		return err
 	}
 
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.UpdateV2), handler.OpenAPIDef{
+		ID:                  "UpdateDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Update dashboard (v2)",
+		Description:         "This endpoint updates a v2-shape dashboard's metadata, data, and tag set. Locked dashboards are rejected.",
+		Request:             new(dashboardtypes.UpdateableDashboardV2),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.PatchV2), handler.OpenAPIDef{
+		ID:          "PatchDashboardV2",
+		Tags:        []string{"dashboard"},
+		Summary:     "Patch dashboard (v2)",
+		Description: "This endpoint applies an RFC 6902 JSON Patch to a v2-shape dashboard. The patch is applied against the postable view of the dashboard (metadata, data, tags), so individual panels, queries, variables, layouts, or tags can be updated without re-sending the rest of the dashboard. Locked dashboards are rejected.",
+		Request:     new(dashboardtypes.JSONPatchDocument),
+		// Strictly per RFC 6902 the content type is `application/json-patch+json`,
+		// but our OpenAPI generator only reflects schemas for content types it
+		// understands (application/json, form-urlencoded, multipart) — anything
+		// else degrades to `type: string`. Declaring application/json here keeps
+		// the array-of-ops schema visible to spec consumers; the runtime decoder
+		// parses JSON regardless of the request's actual Content-Type header.
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPatch).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.DeleteV2), handler.OpenAPIDef{
+		ID:                  "DeleteDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Delete dashboard (v2)",
+		Description:         "This endpoint deletes a v2-shape dashboard along with its tag relations. Locked dashboards are rejected.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/lock", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.LockV2), handler.OpenAPIDef{
+		ID:                  "LockDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Lock dashboard (v2)",
+		Description:         "This endpoint locks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/lock", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.UnlockV2), handler.OpenAPIDef{
+		ID:                  "UnlockDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Unlock dashboard (v2)",
+		Description:         "This endpoint unlocks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	// ViewAccess: pinning only mutates the calling user's pin list, not the
+	// dashboard itself — anyone who can view a dashboard can bookmark it.
+	if err := router.Handle("/api/v2/dashboards/{id}/pins/me", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.PinV2), handler.OpenAPIDef{
+		ID:                  "PinDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Pin a dashboard for the current user (v2)",
+		Description:         "Pins the dashboard for the calling user. A user can pin at most 10 dashboards; pinning when at the limit returns 409. Re-pinning an already-pinned dashboard is a no-op success.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/pins/me", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.UnpinV2), handler.OpenAPIDef{
+		ID:                  "UnpinDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Unpin a dashboard for the current user (v2)",
+		Description:         "Removes the pin for the calling user. Idempotent — unpinning a dashboard that wasn't pinned still returns 204.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/dashboards/{id}/public", handler.New(provider.authzMiddleware.AdminAccess(provider.dashboardHandler.CreatePublic), handler.OpenAPIDef{
 		ID:                  "CreatePublicDashboard",
 		Tags:                []string{"dashboard"},

pkg/modules/cloudintegration/implcloudintegration/fs/definitions/azure/appservice/icon.svg

@@ -1 +0,0 @@
-<svg id="b70acf0a-34b4-4bdf-9024-7496043ff915" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 18 18"><defs><radialGradient id="e2cf8746-c9a8-4eee-86c2-4951983c6032" cx="13428.81" cy="3518.86" r="56.67" gradientTransform="translate(-2005.33 -518.83) scale(0.15)" gradientUnits="userSpaceOnUse"><stop offset="0.18" stop-color="#5ea0ef"/><stop offset="1" stop-color="#0078d4"/></radialGradient><linearGradient id="bdd213dd-d313-473c-8ff4-0133fd3a9033" x1="4.4" y1="11.48" x2="4.37" y2="7.53" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#ccc"/><stop offset="1" stop-color="#fcfcfc"/></linearGradient><linearGradient id="afcc63c5-3649-4476-a742-bcb53a569f3c" x1="10.13" y1="15.45" x2="10.13" y2="11.9" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#ccc"/><stop offset="1" stop-color="#fcfcfc"/></linearGradient><linearGradient id="bd873f0b-9954-4aa5-a3df-9f4c64e8729d" x1="14.18" y1="11.15" x2="14.18" y2="7.38" gradientUnits="userSpaceOnUse"><stop offset="0" stop-color="#ccc"/><stop offset="1" stop-color="#fcfcfc"/></linearGradient></defs><title>Icon-web-41</title><path id="ee75dd06-1aca-4f76-9d11-d05a284020ad" d="M14.21,15.72A8.5,8.5,0,0,1,3.79,2.28l.09-.06a8.5,8.5,0,0,1,10.33,13.5" fill="url(#e2cf8746-c9a8-4eee-86c2-4951983c6032)"/><path d="M6.69,7.23A13,13,0,0,1,15.6,3.65a8.47,8.47,0,0,0-1.49-1.44,14.34,14.34,0,0,0-4.69,1.1A12.54,12.54,0,0,0,5.34,6.13,2.76,2.76,0,0,1,6.69,7.23Z" fill="#fff" opacity="0.6"/><path d="M2.48,10.65a17.86,17.86,0,0,0-.83,2.62,7.82,7.82,0,0,0,.62.92c.18.23.35.44.55.65A17.94,17.94,0,0,1,3.9,11.37,2.76,2.76,0,0,1,2.48,10.65Z" fill="#fff" opacity="0.6"/><path d="M3.46,6.11a12,12,0,0,1-.69-2.94,8.15,8.15,0,0,0-1.1,1.45A12.69,12.69,0,0,0,2.24,7,2.69,2.69,0,0,1,3.46,6.11Z" fill="#f2f2f2" opacity="0.55"/><circle cx="4.38" cy="8.68" r="2.73" fill="url(#bdd213dd-d313-473c-8ff4-0133fd3a9033)"/><path d="M8.36,13.67A1.77,1.77,0,0,1,8.9,12.4a11.88,11.88,0,0,1-2.53-1.86,2.74,2.74,0,0,1-1.49.83,13.1,13.1,0,0,0,1.45,1.28A12.12,12.12,0,0,0,8.38,13.9,1.79,1.79,0,0,1,8.36,13.67Z" fill="#f2f2f2" opacity="0.55"/><path d="M14.66,13.88a12,12,0,0,1-2.76-.32.41.41,0,0,1,0,.11,1.75,1.75,0,0,1-.51,1.24,13.69,13.69,0,0,0,3.42.24A8.21,8.21,0,0,0,16,13.81,11.5,11.5,0,0,1,14.66,13.88Z" fill="#f2f2f2" opacity="0.55"/><circle cx="10.13" cy="13.67" r="1.78" fill="url(#afcc63c5-3649-4476-a742-bcb53a569f3c)"/><path d="M12.32,8.93a1.83,1.83,0,0,1,.61-1A25.5,25.5,0,0,1,8.47,3.79a16.91,16.91,0,0,1-2-2.92,7.64,7.64,0,0,0-1.09.42A18.14,18.14,0,0,0,7.53,4.47,26.44,26.44,0,0,0,12.32,8.93Z" fill="#f2f2f2" opacity="0.7"/><circle cx="14.18" cy="9.27" r="1.89" fill="url(#bd873f0b-9954-4aa5-a3df-9f4c64e8729d)"/><path d="M17.35,10.54,17,10.37l0,0-.3-.16-.06,0L16.38,10l-.07,0L16,9.8a1.76,1.76,0,0,1-.64.92c.12.08.25.15.38.22l.08.05.35.19,0,0,.86.45h0a8.63,8.63,0,0,0,.29-1.11Z" fill="#f2f2f2" opacity="0.55"/><circle cx="4.38" cy="8.68" r="2.73" fill="url(#bdd213dd-d313-473c-8ff4-0133fd3a9033)"/><circle cx="10.13" cy="13.67" r="1.78" fill="url(#afcc63c5-3649-4476-a742-bcb53a569f3c)"/></svg>

pkg/modules/cloudintegration/implcloudintegration/fs/definitions/azure/appservice/integration.json

@@ -1,185 +0,0 @@
-{
-  "id": "appservice",
-  "title": "App Services",
-  "icon": "file://icon.svg",
-  "overview": "file://overview.md",
-  "supportedSignals": {
-    "metrics": true,
-    "logs": true
-  },
-  "dataCollected": {
-    "metrics": [
-      {
-        "name": "azure_activewebsocketconnections_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_averagewebsocketconnectionduration_average",
-        "unit": "Milliseconds",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_backendhealthpercentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_backendrequestcount_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_backendrequestlatency_average",
-        "unit": "Milliseconds",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_billableresponsesize_total",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_bytehitratio_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_originhealthpercentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_originlatency_average",
-        "unit": "Milliseconds",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_originrequestcount_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_originshieldoriginrequestcount_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_originshieldratelimitrequestcount_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_originshieldrequestcount_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_originshieldrequestsize_total",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_percentage4xx_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_percentage5xx_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_requestcount_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_requestsize_total",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_responsesize_total",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_totallatency_average",
-        "unit": "Milliseconds",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_webapplicationfirewallrequestcount_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_webapplicationfirewallcaptcharequestcount_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_webapplicationfirewalljsrequestcount_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_websocketconnections_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      }
-    ],
-    "logs": [
-      {
-        "name": "Resource ID",
-        "path": "resources.azure.resource.id",
-        "type": "string"
-      }
-    ]
-  },
-  "telemetryCollectionStrategy": {
-    "azure": {
-      "resourceProvider": "Microsoft.Web",
-      "resourceType": "sites",
-      "metrics": {},
-      "logs": {
-        "categoryGroups": ["allLogs"]
-      }
-    }
-  },
-  "assets": {
-    "dashboards": [
-      {
-        "id": "overview",
-        "title": "App Services Overview",
-        "description": "Overview of App Services metrics",
-        "definition": "file://assets/dashboards/overview.json"
-      }
-    ]
-  }
-}

pkg/modules/cloudintegration/implcloudintegration/fs/definitions/azure/appservice/overview.md

@@ -1,5 +0,0 @@
-### Monitor Azure App Services with SigNoz
-
-Collect key App Services metrics and view them with an out of the box dashboard.
-
-Note: This integration DO NOT collect metrics for any database that was setup with your App Service (if any).

pkg/modules/dashboard/dashboard.go

@@ -60,6 +60,20 @@ type Module interface {
 	CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, source dashboardtypes.Source, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error)
 
 	GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error)
+
+	ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *dashboardtypes.ListDashboardsV2Params) (*dashboardtypes.ListableDashboardV2, error)
+
+	UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error
+
+	PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	PinV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, id valuer.UUID) error
+
+	UnpinV2(ctx context.Context, userID valuer.UUID, id valuer.UUID) error
+
+	DeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error
 }
 
 type Handler interface {
@@ -89,4 +103,20 @@ type Handler interface {
 	CreateV2(http.ResponseWriter, *http.Request)
 
 	GetV2(http.ResponseWriter, *http.Request)
+
+	ListV2(http.ResponseWriter, *http.Request)
+
+	UpdateV2(http.ResponseWriter, *http.Request)
+
+	LockV2(http.ResponseWriter, *http.Request)
+
+	UnlockV2(http.ResponseWriter, *http.Request)
+
+	PatchV2(http.ResponseWriter, *http.Request)
+
+	PinV2(http.ResponseWriter, *http.Request)
+
+	UnpinV2(http.ResponseWriter, *http.Request)
+
+	DeleteV2(http.ResponseWriter, *http.Request)
 }

pkg/modules/dashboard/impldashboard/store.go

@@ -2,10 +2,14 @@ package impldashboard
 
 import (
 	"context"
+	"strings"
+	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes/listfilter"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -63,6 +67,115 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 	return storableDashboard, nil
 }
 
+// ListV2 emits the joined dashboard ⨝ pinned_dashboard ⨝ public_dashboard
+// query the spec calls for. Aliases:
+//
+//	dashboard         — the visitor expects this
+//	pinned_dashboard  AS pin  — only used inside this query
+//	public_dashboard  AS pd   — the visitor expects this
+//
+// Sort is "is_pinned DESC, <sort> <order>" so pinned dashboards float to the
+// top inside the requested ordering. Title-sort goes through the same
+// JSONExtractString path the visitor uses for name/description filtering.
+func (store *store) ListV2(
+	ctx context.Context,
+	orgID valuer.UUID,
+	userID valuer.UUID,
+	params *dashboardtypes.ListDashboardsV2Params,
+) ([]*dashboardtypes.DashboardListRow, int64, error) {
+	compiled, err := listfilter.Compile(params.Query, store.sqlstore.Formatter())
+	if err != nil {
+		return nil, 0, err
+	}
+	type listedRow struct {
+		*dashboardtypes.StorableDashboard `bun:",extend"`
+
+		IsPinned bool  `bun:"is_pinned"`
+		Total    int64 `bun:"total"`
+
+		PublicID               *valuer.UUID `bun:"public_id"`
+		PublicCreatedAt        *time.Time   `bun:"public_created_at"`
+		PublicUpdatedAt        *time.Time   `bun:"public_updated_at"`
+		PublicTimeRangeEnabled *bool        `bun:"public_time_range_enabled"`
+		PublicDefaultTimeRange *string      `bun:"public_default_time_range"`
+	}
+
+	rows := make([]*listedRow, 0)
+
+	q := store.sqlstore.
+		BunDB().
+		NewSelect().
+		Model(&rows).
+		ColumnExpr("dashboard.id, dashboard.org_id, dashboard.data, dashboard.locked, dashboard.source, dashboard.created_at, dashboard.created_by, dashboard.updated_at, dashboard.updated_by").
+		ColumnExpr("CASE WHEN pin.user_id IS NOT NULL THEN 1 ELSE 0 END AS is_pinned").
+		ColumnExpr("COUNT(*) OVER () AS total").
+		ColumnExpr("pd.id AS public_id, pd.created_at AS public_created_at, pd.updated_at AS public_updated_at, pd.time_range_enabled AS public_time_range_enabled, pd.default_time_range AS public_default_time_range").
+		Join("LEFT JOIN pinned_dashboard AS pin ON pin.user_id = ? AND pin.dashboard_id = dashboard.id", userID).
+		Join("LEFT JOIN public_dashboard AS pd ON pd.dashboard_id = dashboard.id").
+		Where("dashboard.org_id = ?", orgID).
+		Where("dashboard.source != ?", dashboardtypes.SourceSystem)
+
+	if compiled != nil {
+		q = q.Where(compiled.SQL, compiled.Args...)
+	}
+
+	sortExpr, err := store.sortExprForListV2(params.Sort)
+	if err != nil {
+		return nil, 0, err
+	}
+	q = q.
+		OrderExpr("is_pinned DESC").
+		OrderExpr(sortExpr + " " + strings.ToUpper(string(params.Order))).
+		Limit(params.Limit).
+		Offset(params.Offset)
+
+	if err := q.Scan(ctx); err != nil {
+		return nil, 0, err
+	}
+
+	// COUNT(*) OVER () is computed pre-LIMIT, so any returned row carries the
+	// full filter total. Empty result page => zero matches.
+	var total int64
+	if len(rows) > 0 {
+		total = rows[0].Total
+	}
+
+	out := make([]*dashboardtypes.DashboardListRow, len(rows))
+	for i, r := range rows {
+		row := &dashboardtypes.DashboardListRow{
+			Dashboard: r.StorableDashboard,
+			Pinned:    r.IsPinned,
+		}
+		if r.PublicID != nil {
+			row.Public = &dashboardtypes.StorablePublicDashboard{
+				Identifiable:     types.Identifiable{ID: *r.PublicID},
+				TimeAuditable:    types.TimeAuditable{CreatedAt: *r.PublicCreatedAt, UpdatedAt: *r.PublicUpdatedAt},
+				TimeRangeEnabled: *r.PublicTimeRangeEnabled,
+				DefaultTimeRange: *r.PublicDefaultTimeRange,
+				DashboardID:      r.ID.StringValue(),
+			}
+		}
+		out[i] = row
+	}
+	return out, total, nil
+}
+
+// sortExprForListV2 maps a sort enum to the SQL expression to plug into
+// ORDER BY. Title-sort routes through the SQLFormatter so it stays
+// dialect-aware (matches what listfilter/visitor does for the name filter).
+func (store *store) sortExprForListV2(sort dashboardtypes.ListSort) (string, error) {
+	switch sort {
+	case dashboardtypes.ListSortUpdatedAt:
+		return "dashboard.updated_at", nil
+	case dashboardtypes.ListSortCreatedAt:
+		return "dashboard.created_at", nil
+	case dashboardtypes.ListSortName:
+		return string(store.sqlstore.Formatter().JSONExtractString("dashboard.data", "$.data.display.name")), nil
+	}
+	return "", errors.Newf(errors.TypeInvalidInput, dashboardtypes.ErrCodeDashboardListInvalid,
+		"unsupported sort field %q", sort)
+}
+
 func (store *store) GetPublic(ctx context.Context, dashboardID string) (*dashboardtypes.StorablePublicDashboard, error) {
 	storable := new(dashboardtypes.StorablePublicDashboard)
 	err := store.
@@ -153,7 +266,7 @@ func (store *store) ListPublic(ctx context.Context, orgID valuer.UUID) ([]*dashb
 func (store *store) Update(ctx context.Context, orgID valuer.UUID, storableDashboard *dashboardtypes.StorableDashboard) error {
 	_, err := store.
 		sqlstore.
-		BunDB().
+		BunDBCtx(ctx).
 		NewUpdate().
 		Model(storableDashboard).
 		WherePK().
@@ -217,3 +330,51 @@ func (store *store) RunInTx(ctx context.Context, cb func(ctx context.Context) er
 		return cb(ctx)
 	})
 }
+
+// PinForUser combines the count check, the existence check, and the upsert in
+// a single statement so the limit gate and the insert can't drift between two
+// round-trips.
+//
+//	pin exists? | count < 10? | WHERE passes?           | effect                            | rows
+//	------------|-------------|-------------------------|-----------------------------------|-----
+//	no          | yes         | yes (count branch)      | INSERT new row                    | 1
+//	no          | no          | no                      | nothing (limit hit)               | 0
+//	yes         | yes         | yes (count branch)      | INSERT → conflict → no-op UPDATE  | 1
+//	yes         | no          | yes (EXISTS OR branch)  | INSERT → conflict → no-op UPDATE  | 1
+//
+// rows = 0 is the only signal of a real limit hit.
+func (store *store) PinForUser(ctx context.Context, pd *dashboardtypes.PinnedDashboard) error {
+	res, err := store.sqlstore.BunDBCtx(ctx).NewRaw(`
+		INSERT INTO pinned_dashboard (user_id, dashboard_id, org_id, pinned_at)
+		SELECT ?, ?, ?, ?
+		WHERE (SELECT COUNT(*) FROM pinned_dashboard WHERE user_id = ?) < ?
+		   OR EXISTS (SELECT 1 FROM pinned_dashboard WHERE user_id = ? AND dashboard_id = ?)
+		ON CONFLICT (user_id, dashboard_id) DO UPDATE SET user_id = EXCLUDED.user_id
+	`,
+		pd.UserID, pd.DashboardID, pd.OrgID, pd.PinnedAt,
+		pd.UserID, dashboardtypes.MaxPinnedDashboardsPerUser,
+		pd.UserID, pd.DashboardID,
+	).Exec(ctx)
+	if err != nil {
+		return err
+	}
+	rows, err := res.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if rows == 0 {
+		return errors.Newf(errors.TypeAlreadyExists, dashboardtypes.ErrCodePinnedDashboardLimitHit,
+			"cannot pin more than %d dashboards", dashboardtypes.MaxPinnedDashboardsPerUser)
+	}
+	return nil
+}
+
+func (store *store) UnpinForUser(ctx context.Context, userID valuer.UUID, dashboardID valuer.UUID) error {
+	_, err := store.sqlstore.BunDBCtx(ctx).
+		NewDelete().
+		Model((*dashboardtypes.PinnedDashboard)(nil)).
+		Where("user_id = ?", userID).
+		Where("dashboard_id = ?", dashboardID).
+		Exec(ctx)
+	return err
+}

pkg/modules/dashboard/impldashboard/v2_handler.go

@@ -2,6 +2,7 @@ package impldashboard
 
 import (
 	"context"
+	"encoding/json"
 	"net/http"
 	"time"
 
@@ -9,6 +10,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/http/binding"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
@@ -41,6 +43,47 @@ func (handler *handler) CreateV2(rw http.ResponseWriter, r *http.Request) {
 	render.Success(rw, http.StatusCreated, dashboard.ToGettableDashboardV2())
 }
 
+func (handler *handler) ListV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	userID, err := valuer.NewUUID(claims.IdentityID())
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	params := new(dashboardtypes.ListDashboardsV2Params)
+	if err := binding.Query.BindQuery(r.URL.Query(), params); err != nil {
+		render.Error(rw, err)
+		return
+	}
+	if err := params.Validate(); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	out, err := handler.module.ListV2(ctx, orgID, userID, params)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, out)
+}
+
 func (handler *handler) GetV2(rw http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
@@ -72,3 +115,236 @@ func (handler *handler) GetV2(rw http.ResponseWriter, r *http.Request) {
 
 	render.Success(rw, http.StatusOK, dashboard.ToGettableDashboardV2())
 }
+
+func (handler *handler) LockV2(rw http.ResponseWriter, r *http.Request) {
+	handler.lockUnlockV2(rw, r, true)
+}
+
+func (handler *handler) UnlockV2(rw http.ResponseWriter, r *http.Request) {
+	handler.lockUnlockV2(rw, r, false)
+}
+
+func (handler *handler) lockUnlockV2(rw http.ResponseWriter, r *http.Request, lock bool) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	isAdmin := false
+	selectors := []coretypes.Selector{
+		coretypes.TypeRole.MustSelector(authtypes.SigNozAdminRoleName),
+	}
+	err = handler.authz.CheckWithTupleCreation(
+		ctx,
+		claims,
+		valuer.MustNewUUID(claims.OrgID),
+		authtypes.Relation{Verb: coretypes.VerbAssignee},
+		coretypes.NewResourceRole(),
+		selectors,
+		selectors,
+	)
+	if err == nil {
+		isAdmin = true
+	}
+
+	if err := handler.module.LockUnlockV2(ctx, orgID, dashboardID, claims.Email, isAdmin, lock); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}
+
+func (handler *handler) UpdateV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.UpdateableDashboardV2{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.UpdateV2(ctx, orgID, dashboardID, claims.Email, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboard.ToGettableDashboardV2())
+}
+
+func (handler *handler) PatchV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.PatchableDashboardV2{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.PatchV2(ctx, orgID, dashboardID, claims.Email, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboard.ToGettableDashboardV2())
+}
+
+func (handler *handler) PinV2(rw http.ResponseWriter, r *http.Request) {
+	handler.pinUnpinV2(rw, r, true)
+}
+
+func (handler *handler) UnpinV2(rw http.ResponseWriter, r *http.Request) {
+	handler.pinUnpinV2(rw, r, false)
+}
+
+func (handler *handler) pinUnpinV2(rw http.ResponseWriter, r *http.Request, pin bool) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	userID, err := valuer.NewUUID(claims.IdentityID())
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	if pin {
+		err = handler.module.PinV2(ctx, orgID, userID, dashboardID)
+	} else {
+		err = handler.module.UnpinV2(ctx, userID, dashboardID)
+	}
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}
+
+func (handler *handler) DeleteV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	if err := handler.module.DeleteV2(ctx, orgID, dashboardID); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}

pkg/modules/dashboard/impldashboard/v2_module.go

@@ -2,6 +2,7 @@ package impldashboard
 
 import (
 	"context"
+	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types/coretypes"
@@ -42,6 +43,24 @@ func (m *module) CreateV2(ctx context.Context, orgID valuer.UUID, createdBy stri
 	return dashboard, nil
 }
 
+func (module *module) ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *dashboardtypes.ListDashboardsV2Params) (*dashboardtypes.ListableDashboardV2, error) {
+	rows, total, err := module.store.ListV2(ctx, orgID, userID, params)
+	if err != nil {
+		return nil, err
+	}
+
+	dashboardIDs := make([]valuer.UUID, len(rows))
+	for i, r := range rows {
+		dashboardIDs[i] = r.Dashboard.ID
+	}
+	tagsByDashboard, err := module.tagModule.ListForResources(ctx, orgID, coretypes.KindDashboard, dashboardIDs)
+	if err != nil {
+		return nil, err
+	}
+
+	return dashboardtypes.NewListableDashboardV2(rows, total, tagsByDashboard)
+}
+
 func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error) {
 	storable, err := module.store.Get(ctx, orgID, id)
 	if err != nil {
@@ -55,3 +74,131 @@ func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UU
 
 	return storable.ToDashboardV2(tags)
 }
+
+func (module *module) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	if err := updateable.Validate(); err != nil {
+		return nil, err
+	}
+
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	// Locked-dashboard / state gate — independent of tags, so run it before the tx.
+	if err := existing.CanUpdate(); err != nil {
+		return nil, err
+	}
+
+	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
+		resolvedTags, err := module.tagModule.SyncTags(ctx, orgID, coretypes.KindDashboard, id, updateable.Tags)
+		if err != nil {
+			return err
+		}
+
+		err = existing.Update(updateable, updatedBy, resolvedTags)
+		if err != nil {
+			return err
+		}
+
+		storable, err := existing.ToStorableDashboard()
+		if err != nil {
+			return err
+		}
+
+		return module.store.Update(ctx, orgID, storable)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return existing, nil
+}
+
+func (module *module) PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	// Locked-dashboard / state gate — independent of tags, so run it before the tx.
+	if err := existing.CanUpdate(); err != nil {
+		return nil, err
+	}
+
+	updateable, err := patch.Apply(existing)
+	if err != nil {
+		return nil, err
+	}
+
+	err = module.store.RunInTx(ctx, func(ctx context.Context) error {
+		resolvedTags, err := module.tagModule.SyncTags(ctx, orgID, coretypes.KindDashboard, id, updateable.Tags)
+		if err != nil {
+			return err
+		}
+
+		err = existing.Update(*updateable, updatedBy, resolvedTags)
+		if err != nil {
+			return err
+		}
+
+		storable, err := existing.ToStorableDashboard()
+		if err != nil {
+			return err
+		}
+
+		return module.store.Update(ctx, orgID, storable)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return existing, nil
+}
+
+func (module *module) DeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error {
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return err
+	}
+	if existing.Locked {
+		return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "cannot delete a locked dashboard, please unlock the dashboard to delete")
+	}
+
+	return module.store.RunInTx(ctx, func(ctx context.Context) error {
+		// Syncing to an empty tag set drops every tag link for the dashboard.
+		if _, err := module.tagModule.SyncTags(ctx, orgID, coretypes.KindDashboard, id, nil); err != nil {
+			return err
+		}
+		return module.store.Delete(ctx, orgID, id)
+	})
+}
+
+func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return err
+	}
+	if err := existing.LockUnlock(lock, isAdmin, updatedBy); err != nil {
+		return err
+	}
+	storable, err := existing.ToStorableDashboard()
+	if err != nil {
+		return err
+	}
+	return module.store.Update(ctx, orgID, storable)
+}
+
+func (module *module) PinV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, id valuer.UUID) error {
+	if _, err := module.GetV2(ctx, orgID, id); err != nil {
+		return err
+	}
+	return module.store.PinForUser(ctx, &dashboardtypes.PinnedDashboard{
+		UserID:      userID,
+		DashboardID: id,
+		OrgID:       orgID,
+		PinnedAt:    time.Now(),
+	})
+}
+
+func (module *module) UnpinV2(ctx context.Context, userID valuer.UUID, id valuer.UUID) error {
+	return module.store.UnpinForUser(ctx, userID, id)
+}

pkg/parser/filterquery/parse.go

@@ -0,0 +1,33 @@
+package filterquery
+
+import (
+	"fmt"
+
+	grammar "github.com/SigNoz/signoz/pkg/parser/filterquery/grammar"
+	"github.com/antlr4-go/antlr/v4"
+)
+
+func Parse(query string) (antlr.ParseTree, *antlr.CommonTokenStream, *ErrorCollector) {
+	collector := NewErrorCollector()
+	lexer := grammar.NewFilterQueryLexer(antlr.NewInputStream(query))
+	lexer.RemoveErrorListeners()
+	lexer.AddErrorListener(collector)
+	tokens := antlr.NewCommonTokenStream(lexer, 0)
+	parser := grammar.NewFilterQueryParser(tokens)
+	parser.RemoveErrorListeners()
+	parser.AddErrorListener(collector)
+	return parser.Query(), tokens, collector
+}
+
+type ErrorCollector struct {
+	*antlr.DefaultErrorListener
+	Errors []string
+}
+
+func NewErrorCollector() *ErrorCollector {
+	return &ErrorCollector{}
+}
+
+func (c *ErrorCollector) SyntaxError(_ antlr.Recognizer, _ any, line, column int, msg string, _ antlr.RecognitionException) {
+	c.Errors = append(c.Errors, fmt.Sprintf("syntax error at %d:%d — %s", line, column, msg))
+}

pkg/querier/config.go

@@ -7,6 +7,12 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 )
 
+type SkipResourceFingerprint struct {
+	Enabled bool `yaml:"enabled" mapstructure:"enabled"`
+	// If count of fingerprint is above threshold, skip the fingerprint subquery and filter on main table instead.
+	Threshold uint64 `yaml:"threshold" mapstructure:"threshold"`
+}
+
 // Config represents the configuration for the querier.
 type Config struct {
 	// CacheTTL is the TTL for cached query results
@@ -15,6 +21,8 @@ type Config struct {
 	FluxInterval time.Duration `yaml:"flux_interval" mapstructure:"flux_interval"`
 	// MaxConcurrentQueries is the maximum number of concurrent queries for missing ranges
 	MaxConcurrentQueries int `yaml:"max_concurrent_queries" mapstructure:"max_concurrent_queries"`
+	// SkipResourceFingerprint configures when the resource fingerprint subquery is skipped in favor of main-table filtering.
+	SkipResourceFingerprint SkipResourceFingerprint `yaml:"skip_resource_fingerprint" mapstructure:"skip_resource_fingerprint"`
 }
 
 // NewConfigFactory creates a new config factory for querier.
@@ -28,6 +36,10 @@ func newConfig() factory.Config {
 		CacheTTL:             168 * time.Hour,
 		FluxInterval:         5 * time.Minute,
 		MaxConcurrentQueries: 4,
+		SkipResourceFingerprint: SkipResourceFingerprint{
+			Enabled:   false,
+			Threshold: 100000,
+		},
 	}
 }
 
@@ -42,6 +54,9 @@ func (c Config) Validate() error {
 	if c.MaxConcurrentQueries <= 0 {
 		return errors.NewInvalidInputf(errors.CodeInvalidInput, "max_concurrent_queries must be positive, got %v", c.MaxConcurrentQueries)
 	}
+	if c.SkipResourceFingerprint.Enabled && c.SkipResourceFingerprint.Threshold == 0 {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "skip_resource_fingerprint.threshold must be > 0 when enabled")
+	}
 	return nil
 }
 

pkg/querier/signozquerier/provider.go

@@ -88,6 +88,8 @@ func newProvider(
 		traceAggExprRewriter,
 		telemetryStore,
 		flagger,
+		cfg.SkipResourceFingerprint.Enabled,
+		cfg.SkipResourceFingerprint.Threshold,
 	)
 
 	// Create trace operator statement builder
@@ -121,6 +123,9 @@ func newProvider(
 		telemetrylogs.DefaultFullTextColumn,
 		telemetrylogs.GetBodyJSONKey,
 		flagger,
+		telemetryStore,
+		cfg.SkipResourceFingerprint.Enabled,
+		cfg.SkipResourceFingerprint.Threshold,
 	)
 
 	// Create audit statement builder

pkg/query-service/rules/setups_test.go

@@ -89,6 +89,9 @@ func prepareQuerierForLogs(t *testing.T, telemetryStore telemetrystore.Telemetry
 		telemetrylogs.DefaultFullTextColumn,
 		telemetrylogs.GetBodyJSONKey,
 		fl,
+		nil,
+		false,
+		100000,
 	)
 
 	return querier.New(
@@ -134,6 +137,8 @@ func prepareQuerierForTraces(t *testing.T, telemetryStore telemetrystore.Telemet
 		traceAggExprRewriter,
 		telemetryStore,
 		fl,
+		false,
+		100000,
 	)
 
 	return querier.New(

pkg/signoz/provider.go

@@ -211,6 +211,7 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewAddDashboardNameFactory(sqlstore, sqlschema),
 		sqlmigration.NewFixChangelogOperationTypeFactory(sqlstore, sqlschema),
 		sqlmigration.NewCloudIntegrationRemoveCascadeDeleteFactory(sqlschema),
+		sqlmigration.NewAddPinnedDashboardFactory(sqlstore, sqlschema),
 	)
 }
 

pkg/sqlmigration/092_add_pinned_dashboard.go

@@ -0,0 +1,67 @@
+package sqlmigration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addPinnedDashboard struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewAddPinnedDashboardFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(factory.MustNewName("add_pinned_dashboard"), func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+		return &addPinnedDashboard{
+			sqlstore:  sqlstore,
+			sqlschema: sqlschema,
+		}, nil
+	})
+}
+
+func (migration *addPinnedDashboard) Register(migrations *migrate.Migrations) error {
+	return migrations.Register(migration.Up, migration.Down)
+}
+
+func (migration *addPinnedDashboard) Up(ctx context.Context, db *bun.DB) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	sqls := migration.sqlschema.Operator().CreateTable(&sqlschema.Table{
+		Name: "pinned_dashboard",
+		Columns: []*sqlschema.Column{
+			{Name: "user_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "dashboard_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "org_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "pinned_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false, Default: "current_timestamp"},
+		},
+		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{ColumnNames: []sqlschema.ColumnName{"user_id", "dashboard_id"}},
+		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
+			{
+				ReferencingColumnName: sqlschema.ColumnName("org_id"),
+				ReferencedTableName:   sqlschema.TableName("organizations"),
+				ReferencedColumnName:  sqlschema.ColumnName("id"),
+			},
+		},
+	})
+
+	for _, sql := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	return tx.Commit()
+}
+
+func (migration *addPinnedDashboard) Down(_ context.Context, _ *bun.DB) error {
+	return nil
+}

pkg/telemetrylogs/json_stmt_builder_test.go

@@ -1205,6 +1205,9 @@ func buildJSONTestStatementBuilder(t *testing.T, addIndexes bool) (*logQueryStat
 		DefaultFullTextColumn,
 		GetBodyJSONKey,
 		fl,
+		nil,
+		false,
+		100000,
 	)
 
 	return statementBuilder, mockMetadataStore

pkg/telemetrylogs/statement_builder.go

@@ -11,6 +11,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/querybuilder"
 	"github.com/SigNoz/signoz/pkg/telemetryresourcefilter"
+	"github.com/SigNoz/signoz/pkg/telemetrystore"
 	"github.com/SigNoz/signoz/pkg/types/featuretypes"
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
@@ -19,13 +20,14 @@ import (
 )
 
 type logQueryStatementBuilder struct {
-	logger                    *slog.Logger
-	metadataStore             telemetrytypes.MetadataStore
-	fm                        qbtypes.FieldMapper
-	cb                        qbtypes.ConditionBuilder
-	resourceFilterStmtBuilder qbtypes.StatementBuilder[qbtypes.LogAggregation]
-	aggExprRewriter           qbtypes.AggExprRewriter
-	fl                        flagger.Flagger
+	logger                         *slog.Logger
+	metadataStore                  telemetrytypes.MetadataStore
+	fm                             qbtypes.FieldMapper
+	cb                             qbtypes.ConditionBuilder
+	resourceFilterResolver         *telemetryresourcefilter.ResourceFingerprintResolver[qbtypes.LogAggregation]
+	aggExprRewriter                qbtypes.AggExprRewriter
+	fl                             flagger.Flagger
+	skipResourceFingerprintEnabled bool
 
 	fullTextColumn *telemetrytypes.TelemetryFieldKey
 	jsonKeyToKey   qbtypes.JsonKeyToFieldFunc
@@ -42,10 +44,13 @@ func NewLogQueryStatementBuilder(
 	fullTextColumn *telemetrytypes.TelemetryFieldKey,
 	jsonKeyToKey qbtypes.JsonKeyToFieldFunc,
 	fl flagger.Flagger,
+	telemetryStore telemetrystore.TelemetryStore,
+	skipResourceFingerprintEnable bool,
+	skipResourceFingerprintThreshold uint64,
 ) *logQueryStatementBuilder {
 	logsSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/pkg/telemetrylogs")
 
-	resourceFilterStmtBuilder := telemetryresourcefilter.New[qbtypes.LogAggregation](
+	resourceFilterResolver := telemetryresourcefilter.NewResolver[qbtypes.LogAggregation](
 		settings,
 		DBName,
 		LogsResourceV2TableName,
@@ -55,18 +60,21 @@ func NewLogQueryStatementBuilder(
 		fullTextColumn,
 		jsonKeyToKey,
 		fl,
+		telemetryStore,
+		skipResourceFingerprintThreshold,
 	)
 
 	return &logQueryStatementBuilder{
-		logger:                    logsSettings.Logger(),
-		metadataStore:             metadataStore,
-		fm:                        fieldMapper,
-		cb:                        conditionBuilder,
-		resourceFilterStmtBuilder: resourceFilterStmtBuilder,
-		aggExprRewriter:           aggExprRewriter,
-		fl:                        fl,
-		fullTextColumn:            fullTextColumn,
-		jsonKeyToKey:              jsonKeyToKey,
+		logger:                         logsSettings.Logger(),
+		metadataStore:                  metadataStore,
+		fm:                             fieldMapper,
+		cb:                             conditionBuilder,
+		resourceFilterResolver:         resourceFilterResolver,
+		aggExprRewriter:                aggExprRewriter,
+		fl:                             fl,
+		skipResourceFingerprintEnabled: skipResourceFingerprintEnable,
+		fullTextColumn:                 fullTextColumn,
+		jsonKeyToKey:                   jsonKeyToKey,
 	}
 }
 
@@ -271,9 +279,11 @@ func (b *logQueryStatementBuilder) buildListQuery(
 		bodyJSONEnabled = b.fl.BooleanOrEmpty(ctx, flagger.FeatureUseJSONBody, featuretypes.NewFlaggerEvaluationContext(valuer.UUID{}))
 	)
 
-	if frag, args, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables); err != nil {
+	frag, args, skipResourceFilter, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables)
+	if err != nil {
 		return nil, err
-	} else if frag != "" {
+	}
+	if frag != "" {
 		cteFragments = append(cteFragments, frag)
 		cteArgs = append(cteArgs, args)
 	}
@@ -315,7 +325,7 @@ func (b *logQueryStatementBuilder) buildListQuery(
 
 	sb.From(fmt.Sprintf("%s.%s", DBName, LogsV2TableName))
 	// Add filter conditions
-	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables)
+	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables, skipResourceFilter)
 
 	if err != nil {
 		return nil, err
@@ -373,9 +383,11 @@ func (b *logQueryStatementBuilder) buildTimeSeriesQuery(
 		bodyJSONEnabled = b.fl.BooleanOrEmpty(ctx, flagger.FeatureUseJSONBody, featuretypes.NewFlaggerEvaluationContext(valuer.UUID{}))
 	)
 
-	if frag, args, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables); err != nil {
+	frag, args, skipResourceFilter, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables)
+	if err != nil {
 		return nil, err
-	} else if frag != "" {
+	}
+	if frag != "" {
 		cteFragments = append(cteFragments, frag)
 		cteArgs = append(cteArgs, args)
 	}
@@ -419,7 +431,7 @@ func (b *logQueryStatementBuilder) buildTimeSeriesQuery(
 	// Add FROM clause
 	sb.From(fmt.Sprintf("%s.%s", DBName, LogsV2TableName))
 
-	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables)
+	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables, skipResourceFilter)
 
 	if err != nil {
 		return nil, err
@@ -531,9 +543,11 @@ func (b *logQueryStatementBuilder) buildScalarQuery(
 		bodyJSONEnabled = b.fl.BooleanOrEmpty(ctx, flagger.FeatureUseJSONBody, featuretypes.NewFlaggerEvaluationContext(valuer.UUID{}))
 	)
 
-	if frag, args, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables); err != nil {
+	frag, args, skipResourceFilter, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables)
+	if err != nil {
 		return nil, err
-	} else if frag != "" && !skipResourceCTE {
+	}
+	if frag != "" && !skipResourceCTE {
 		cteFragments = append(cteFragments, frag)
 		cteArgs = append(cteArgs, args)
 	}
@@ -576,7 +590,7 @@ func (b *logQueryStatementBuilder) buildScalarQuery(
 	sb.From(fmt.Sprintf("%s.%s", DBName, LogsV2TableName))
 
 	// Add filter conditions
-	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables)
+	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables, skipResourceFilter)
 
 	if err != nil {
 		return nil, err
@@ -640,6 +654,7 @@ func (b *logQueryStatementBuilder) addFilterCondition(
 	query qbtypes.QueryBuilderQuery[qbtypes.LogAggregation],
 	keys map[string][]*telemetrytypes.TelemetryFieldKey,
 	variables map[string]qbtypes.VariableItem,
+	skipResourceFilter bool,
 ) (querybuilder.PreparedWhereClause, error) {
 
 	var preparedWhereClause querybuilder.PreparedWhereClause
@@ -656,7 +671,7 @@ func (b *logQueryStatementBuilder) addFilterCondition(
 			ConditionBuilder:   b.cb,
 			FieldKeys:          keys,
 			BodyJSONEnabled:    bodyJSONEnabled,
-			SkipResourceFilter: true,
+			SkipResourceFilter: skipResourceFilter,
 			FullTextColumn:     b.fullTextColumn,
 			JsonKeyToKey:       b.jsonKeyToKey,
 			Variables:          variables,
@@ -707,33 +722,30 @@ func (b *logQueryStatementBuilder) maybeAttachResourceFilter(
 	query qbtypes.QueryBuilderQuery[qbtypes.LogAggregation],
 	start, end uint64,
 	variables map[string]qbtypes.VariableItem,
-) (cteSQL string, cteArgs []any, err error) {
+) (cteSQL string, cteArgs []any, skipResourceFilter bool, err error) {
 
-	stmt, err := b.buildResourceFilterCTE(ctx, query, start, end, variables)
+	if b.skipResourceFingerprintEnabled {
+		decision, err := b.resourceFilterResolver.Resolve(ctx, query, start, end, variables)
+		if err != nil {
+			return "", nil, true, err
+		}
+		switch decision {
+		case qbtypes.ResourceFilterResolveKindNoOp:
+			return "", nil, true, nil
+		case qbtypes.ResourceFilterResolveKindFallback:
+			return "", nil, false, nil
+		}
+	}
+
+	stmt, err := b.resourceFilterResolver.StatementBuilder().Build(
+		ctx, start, end, qbtypes.RequestTypeRaw, query, variables,
+	)
 	if err != nil {
-		return "", nil, err
+		return "", nil, true, err
 	}
 	if stmt == nil {
-		return "", nil, nil
+		return "", nil, true, nil
 	}
-
 	sb.Where("resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter)")
-
-	return fmt.Sprintf("__resource_filter AS (%s)", stmt.Query), stmt.Args, nil
-}
-
-func (b *logQueryStatementBuilder) buildResourceFilterCTE(
-	ctx context.Context,
-	query qbtypes.QueryBuilderQuery[qbtypes.LogAggregation],
-	start, end uint64,
-	variables map[string]qbtypes.VariableItem,
-) (*qbtypes.Statement, error) {
-	return b.resourceFilterStmtBuilder.Build(
-		ctx,
-		start,
-		end,
-		qbtypes.RequestTypeRaw,
-		query,
-		variables,
-	)
+	return fmt.Sprintf("__resource_filter AS (%s)", stmt.Query), stmt.Args, true, nil
 }

pkg/telemetrylogs/stmt_builder_test.go

@@ -2,19 +2,36 @@ package telemetrylogs
 
 import (
 	"context"
+	"regexp"
 	"testing"
 	"time"
 
+	cmock "github.com/SigNoz/clickhouse-go-mock"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/flagger/flaggertest"
 	"github.com/SigNoz/signoz/pkg/instrumentation/instrumentationtest"
 	"github.com/SigNoz/signoz/pkg/querybuilder"
+	"github.com/SigNoz/signoz/pkg/telemetrystore"
+	"github.com/SigNoz/signoz/pkg/telemetrystore/telemetrystoretest"
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes/telemetrytypestest"
 	"github.com/stretchr/testify/require"
 )
 
+type regexQueryMatcher struct{}
+
+func (m *regexQueryMatcher) Match(expectedSQL, actualSQL string) error {
+	re, err := regexp.Compile(expectedSQL)
+	if err != nil {
+		return err
+	}
+	if !re.MatchString(actualSQL) {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "expected query to match %s, got %s", expectedSQL, actualSQL)
+	}
+	return nil
+}
+
 func TestStatementBuilderTimeSeries(t *testing.T) {
 	// Create a test release time
 	releaseTime := time.Date(2024, 1, 15, 10, 0, 0, 0, time.UTC)
@@ -212,6 +229,9 @@ func TestStatementBuilderTimeSeries(t *testing.T) {
 		DefaultFullTextColumn,
 		GetBodyJSONKey,
 		fl,
+		nil,
+		false,
+		100000,
 	)
 
 	for _, c := range cases {
@@ -353,6 +373,9 @@ func TestStatementBuilderListQuery(t *testing.T) {
 		DefaultFullTextColumn,
 		GetBodyJSONKey,
 		fl,
+		nil,
+		false,
+		100000,
 	)
 
 	for _, c := range cases {
@@ -499,6 +522,9 @@ func TestStatementBuilderListQueryResourceTests(t *testing.T) {
 		DefaultFullTextColumn,
 		GetBodyJSONKey,
 		fl,
+		nil,
+		false,
+		100000,
 	)
 
 	for _, c := range cases {
@@ -575,6 +601,9 @@ func TestStatementBuilderTimeSeriesBodyGroupBy(t *testing.T) {
 		DefaultFullTextColumn,
 		GetBodyJSONKey,
 		fl,
+		nil,
+		false,
+		100000,
 	)
 
 	for _, c := range cases {
@@ -670,6 +699,9 @@ func TestStatementBuilderListQueryServiceCollision(t *testing.T) {
 		DefaultFullTextColumn,
 		GetBodyJSONKey,
 		fl,
+		nil,
+		false,
+		100000,
 	)
 
 	for _, c := range cases {
@@ -894,6 +926,9 @@ func TestAdjustKey(t *testing.T) {
 		DefaultFullTextColumn,
 		GetBodyJSONKey,
 		fl,
+		nil,
+		false,
+		100000,
 	)
 
 	for _, c := range cases {
@@ -1039,6 +1074,9 @@ func TestStmtBuilderBodyField(t *testing.T) {
 				DefaultFullTextColumn,
 				GetBodyJSONKey,
 				fl,
+				nil,
+				false,
+				100000,
 			)
 
 			q, err := statementBuilder.Build(context.Background(), 1747947419000, 1747983448000, c.requestType, c.query, nil)
@@ -1138,6 +1176,9 @@ func TestStmtBuilderBodyFullTextSearch(t *testing.T) {
 				DefaultFullTextColumn,
 				GetBodyJSONKey,
 				fl,
+				nil,
+				false,
+				100000,
 			)
 
 			q, err := statementBuilder.Build(context.Background(), 1747947419000, 1747983448000, c.requestType, c.query, nil)
@@ -1157,3 +1198,110 @@ func TestStmtBuilderBodyFullTextSearch(t *testing.T) {
 		})
 	}
 }
+
+// TestSkipResourceFingerprintLogs exercises the three resolver outcomes for
+// logs: use-CTE (count < threshold), fallback (count >= threshold), and the
+// legacy path (feature disabled).
+func TestSkipResourceFingerprintLogs(t *testing.T) {
+	const (
+		startMs   = uint64(1747947419000)
+		endMs     = uint64(1747983448000)
+		threshold = uint64(10)
+	)
+
+	query := qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
+		Signal: telemetrytypes.SignalLogs,
+		Filter: &qbtypes.Filter{
+			Expression: "service.name = 'redis-manual'",
+		},
+		Limit: 5,
+	}
+
+	t.Run("disabled uses the legacy CTE", func(t *testing.T) {
+		sb := newSkipResourceFingerprintLogsBuilder(t, nil, false, threshold)
+
+		stmt, err := sb.Build(context.Background(), startMs, endMs, qbtypes.RequestTypeRaw, query, nil)
+		require.NoError(t, err)
+		require.Contains(t, stmt.Query, "__resource_filter AS (SELECT fingerprint")
+		require.Contains(t, stmt.Query, "resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter)")
+	})
+
+	t.Run("CTE attached when count below threshold", func(t *testing.T) {
+		mockStore := telemetrystoretest.New(telemetrystore.Config{}, &regexQueryMatcher{})
+		mock := mockStore.Mock()
+
+		mock.ExpectQueryRow(`SELECT count\(\) FROM \(SELECT fingerprint FROM signoz_logs\.distributed_logs_v2_resource`).
+			WillReturnRow(cmock.NewRow([]cmock.ColumnType{
+				{Name: "count", Type: "UInt64"},
+			}, []any{uint64(2)}))
+
+		sb := newSkipResourceFingerprintLogsBuilder(t, mockStore, true, threshold)
+
+		stmt, err := sb.Build(context.Background(), startMs, endMs, qbtypes.RequestTypeRaw, query, nil)
+		require.NoError(t, err)
+
+		require.Contains(t, stmt.Query, "__resource_filter AS (SELECT fingerprint")
+		require.Contains(t, stmt.Query, "resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter)")
+
+		require.NoError(t, mock.ExpectationsWereMet())
+	})
+
+	t.Run("fallback when count at or above threshold", func(t *testing.T) {
+		mockStore := telemetrystoretest.New(telemetrystore.Config{}, &regexQueryMatcher{})
+		mock := mockStore.Mock()
+
+		mock.ExpectQueryRow(`SELECT count\(\) FROM \(SELECT fingerprint FROM signoz_logs\.distributed_logs_v2_resource`).
+			WillReturnRow(cmock.NewRow([]cmock.ColumnType{
+				{Name: "count", Type: "UInt64"},
+			}, []any{threshold}))
+
+		sb := newSkipResourceFingerprintLogsBuilder(t, mockStore, true, threshold)
+
+		stmt, err := sb.Build(context.Background(), startMs, endMs, qbtypes.RequestTypeRaw, query, nil)
+		require.NoError(t, err)
+
+		require.NotContains(t, stmt.Query, "__resource_filter AS")
+		require.NotContains(t, stmt.Query, "resource_fingerprint")
+		require.Contains(t, stmt.Query, "service.name")
+
+		require.NoError(t, mock.ExpectationsWereMet())
+	})
+}
+
+func newSkipResourceFingerprintLogsBuilder(
+	t *testing.T,
+	telemetryStore telemetrystore.TelemetryStore,
+	skipEnable bool,
+	threshold uint64,
+) *logQueryStatementBuilder {
+	t.Helper()
+
+	fl := flaggertest.New(t)
+	fm := NewFieldMapper(fl)
+	cb := NewConditionBuilder(fm, fl)
+	mockMetadataStore := telemetrytypestest.NewMockMetadataStore()
+	mockMetadataStore.KeysMap = buildCompleteFieldKeyMap(time.Date(2024, 1, 15, 10, 0, 0, 0, time.UTC))
+
+	aggExprRewriter := querybuilder.NewAggExprRewriter(
+		instrumentationtest.New().ToProviderSettings(),
+		DefaultFullTextColumn,
+		fm,
+		cb,
+		GetBodyJSONKey,
+		fl,
+	)
+
+	return NewLogQueryStatementBuilder(
+		instrumentationtest.New().ToProviderSettings(),
+		mockMetadataStore,
+		fm,
+		cb,
+		aggExprRewriter,
+		DefaultFullTextColumn,
+		GetBodyJSONKey,
+		fl,
+		telemetryStore,
+		skipEnable,
+		threshold,
+	)
+}

pkg/telemetryresourcefilter/fingerprint_resolver.go

@@ -0,0 +1,77 @@
+package telemetryresourcefilter
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/flagger"
+	"github.com/SigNoz/signoz/pkg/telemetrystore"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+)
+
+type ResourceFingerprintResolver[T any] struct {
+	stmtBuilder    *resourceFilterStatementBuilder[T]
+	telemetryStore telemetrystore.TelemetryStore
+	threshold      uint64
+}
+
+func NewResolver[T any](
+	settings factory.ProviderSettings,
+	dbName string,
+	tableName string,
+	signal telemetrytypes.Signal,
+	source telemetrytypes.Source,
+	metadataStore telemetrytypes.MetadataStore,
+	fullTextColumn *telemetrytypes.TelemetryFieldKey,
+	jsonKeyToKey qbtypes.JsonKeyToFieldFunc,
+	fl flagger.Flagger,
+	telemetryStore telemetrystore.TelemetryStore,
+	threshold uint64,
+) *ResourceFingerprintResolver[T] {
+	return &ResourceFingerprintResolver[T]{
+		stmtBuilder: New[T](
+			settings,
+			dbName,
+			tableName,
+			signal,
+			source,
+			metadataStore,
+			fullTextColumn,
+			jsonKeyToKey,
+			fl,
+		),
+		telemetryStore: telemetryStore,
+		threshold:      threshold,
+	}
+}
+
+func (r *ResourceFingerprintResolver[T]) StatementBuilder() qbtypes.StatementBuilder[T] {
+	return r.stmtBuilder
+}
+
+func (r *ResourceFingerprintResolver[T]) Resolve(
+	ctx context.Context,
+	query qbtypes.QueryBuilderQuery[T],
+	start, end uint64,
+	variables map[string]qbtypes.VariableItem,
+) (qbtypes.ResourceFilterResolveKind, error) {
+	countStmt, err := r.stmtBuilder.BuildCount(ctx, start, end, query, variables)
+	if err != nil {
+		return qbtypes.ResourceFilterResolveKindNoOp, err
+	}
+	if countStmt == nil {
+		return qbtypes.ResourceFilterResolveKindNoOp, nil
+	}
+
+	var count uint64
+	row := r.telemetryStore.ClickhouseDB().QueryRow(ctx, countStmt.Query, countStmt.Args...)
+	if err := row.Scan(&count); err != nil {
+		return qbtypes.ResourceFilterResolveKindNoOp, err
+	}
+
+	if count >= r.threshold {
+		return qbtypes.ResourceFilterResolveKindFallback, nil
+	}
+	return qbtypes.ResourceFilterResolveKindUseCTE, nil
+}

pkg/telemetryresourcefilter/statement_builder.go

@@ -127,6 +127,25 @@ func (b *resourceFilterStatementBuilder[T]) Build(
 	}, nil
 }
 
+// BuildCount returns a statement that counts the distinct fingerprints matching
+// the resource filter. Returns (nil, nil) when the filter is a no-op.
+func (b *resourceFilterStatementBuilder[T]) BuildCount(
+	ctx context.Context,
+	start uint64,
+	end uint64,
+	query qbtypes.QueryBuilderQuery[T],
+	variables map[string]qbtypes.VariableItem,
+) (*qbtypes.Statement, error) {
+	inner, err := b.Build(ctx, start, end, qbtypes.RequestTypeRaw, query, variables)
+	if err != nil || inner == nil {
+		return nil, err
+	}
+	return &qbtypes.Statement{
+		Query: fmt.Sprintf("SELECT count() FROM (%s)", inner.Query),
+		Args:  inner.Args,
+	}, nil
+}
+
 // addConditions adds both filter and time conditions to the query.
 // Returns true (isNoOp) when the filter expression evaluated to no resource conditions,
 // meaning the CTE would select all fingerprints and should be skipped entirely.

pkg/telemetrytraces/statement_builder.go

@@ -24,13 +24,13 @@ var (
 )
 
 type traceQueryStatementBuilder struct {
-	logger                    *slog.Logger
-	metadataStore             telemetrytypes.MetadataStore
-	fm                        qbtypes.FieldMapper
-	cb                        qbtypes.ConditionBuilder
-	resourceFilterStmtBuilder qbtypes.StatementBuilder[qbtypes.TraceAggregation]
-	aggExprRewriter           qbtypes.AggExprRewriter
-	telemetryStore            telemetrystore.TelemetryStore
+	logger                         *slog.Logger
+	metadataStore                  telemetrytypes.MetadataStore
+	fm                             qbtypes.FieldMapper
+	cb                             qbtypes.ConditionBuilder
+	resourceFilterResolver         *telemetryresourcefilter.ResourceFingerprintResolver[qbtypes.TraceAggregation]
+	aggExprRewriter                qbtypes.AggExprRewriter
+	skipResourceFingerprintEnabled bool
 }
 
 var _ qbtypes.StatementBuilder[qbtypes.TraceAggregation] = (*traceQueryStatementBuilder)(nil)
@@ -43,10 +43,12 @@ func NewTraceQueryStatementBuilder(
 	aggExprRewriter qbtypes.AggExprRewriter,
 	telemetryStore telemetrystore.TelemetryStore,
 	flagger flagger.Flagger,
+	skipResourceFingerprintEnable bool,
+	skipResourceFingerprintThreshold uint64,
 ) *traceQueryStatementBuilder {
 	tracesSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/pkg/telemetrytraces")
 
-	resourceFilterStmtBuilder := telemetryresourcefilter.New[qbtypes.TraceAggregation](
+	resourceFilterResolver := telemetryresourcefilter.NewResolver[qbtypes.TraceAggregation](
 		settings,
 		DBName,
 		TracesResourceV3TableName,
@@ -56,16 +58,18 @@ func NewTraceQueryStatementBuilder(
 		nil,
 		nil,
 		flagger,
+		telemetryStore,
+		skipResourceFingerprintThreshold,
 	)
 
 	return &traceQueryStatementBuilder{
-		logger:                    tracesSettings.Logger(),
-		metadataStore:             metadataStore,
-		fm:                        fieldMapper,
-		cb:                        conditionBuilder,
-		resourceFilterStmtBuilder: resourceFilterStmtBuilder,
-		aggExprRewriter:           aggExprRewriter,
-		telemetryStore:            telemetryStore,
+		logger:                         tracesSettings.Logger(),
+		metadataStore:                  metadataStore,
+		fm:                             fieldMapper,
+		cb:                             conditionBuilder,
+		resourceFilterResolver:         resourceFilterResolver,
+		aggExprRewriter:                aggExprRewriter,
+		skipResourceFingerprintEnabled: skipResourceFingerprintEnable,
 	}
 }
 
@@ -308,9 +312,11 @@ func (b *traceQueryStatementBuilder) buildListQuery(
 		cteArgs      [][]any
 	)
 
-	if frag, args, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables); err != nil {
+	frag, args, skipResourceFilter, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables)
+	if err != nil {
 		return nil, err
-	} else if frag != "" {
+	}
+	if frag != "" {
 		cteFragments = append(cteFragments, frag)
 		cteArgs = append(cteArgs, args)
 	}
@@ -328,7 +334,7 @@ func (b *traceQueryStatementBuilder) buildListQuery(
 	sb.From(fmt.Sprintf("%s.%s", DBName, SpanIndexV3TableName))
 
 	// Add filter conditions
-	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables)
+	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables, skipResourceFilter)
 	if err != nil {
 		return nil, err
 	}
@@ -389,15 +395,17 @@ func (b *traceQueryStatementBuilder) buildTraceQuery(
 		cteArgs      [][]any
 	)
 
-	if frag, args, err := b.maybeAttachResourceFilter(ctx, distSB, query, start, end, variables); err != nil {
+	frag, args, skipResourceFilter, err := b.maybeAttachResourceFilter(ctx, distSB, query, start, end, variables)
+	if err != nil {
 		return nil, err
-	} else if frag != "" {
+	}
+	if frag != "" {
 		cteFragments = append(cteFragments, frag)
 		cteArgs = append(cteArgs, args)
 	}
 
 	// Add filter conditions
-	preparedWhereClause, err := b.addFilterCondition(ctx, distSB, start, end, query, keys, variables)
+	preparedWhereClause, err := b.addFilterCondition(ctx, distSB, start, end, query, keys, variables, skipResourceFilter)
 	if err != nil {
 		return nil, err
 	}
@@ -498,9 +506,11 @@ func (b *traceQueryStatementBuilder) buildTimeSeriesQuery(
 		cteArgs      [][]any
 	)
 
-	if frag, args, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables); err != nil {
+	frag, args, skipResourceFilter, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables)
+	if err != nil {
 		return nil, err
-	} else if frag != "" {
+	}
+	if frag != "" {
 		cteFragments = append(cteFragments, frag)
 		cteArgs = append(cteArgs, args)
 	}
@@ -541,7 +551,7 @@ func (b *traceQueryStatementBuilder) buildTimeSeriesQuery(
 	}
 
 	sb.From(fmt.Sprintf("%s.%s", DBName, SpanIndexV3TableName))
-	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables)
+	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables, skipResourceFilter)
 	if err != nil {
 		return nil, err
 	}
@@ -650,9 +660,11 @@ func (b *traceQueryStatementBuilder) buildScalarQuery(
 		cteArgs      [][]any
 	)
 
-	if frag, args, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables); err != nil {
+	frag, args, skipResourceFilter, err := b.maybeAttachResourceFilter(ctx, sb, query, start, end, variables)
+	if err != nil {
 		return nil, err
-	} else if frag != "" && !skipResourceCTE {
+	}
+	if frag != "" && !skipResourceCTE {
 		cteFragments = append(cteFragments, frag)
 		cteArgs = append(cteArgs, args)
 	}
@@ -694,7 +706,7 @@ func (b *traceQueryStatementBuilder) buildScalarQuery(
 	sb.From(fmt.Sprintf("%s.%s", DBName, SpanIndexV3TableName))
 
 	// Add filter conditions
-	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables)
+	preparedWhereClause, err := b.addFilterCondition(ctx, sb, start, end, query, keys, variables, skipResourceFilter)
 	if err != nil {
 		return nil, err
 	}
@@ -757,6 +769,7 @@ func (b *traceQueryStatementBuilder) addFilterCondition(
 	query qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation],
 	keys map[string][]*telemetrytypes.TelemetryFieldKey,
 	variables map[string]qbtypes.VariableItem,
+	skipResourceFilter bool,
 ) (querybuilder.PreparedWhereClause, error) {
 
 	var preparedWhereClause querybuilder.PreparedWhereClause
@@ -770,7 +783,7 @@ func (b *traceQueryStatementBuilder) addFilterCondition(
 			FieldMapper:        b.fm,
 			ConditionBuilder:   b.cb,
 			FieldKeys:          keys,
-			SkipResourceFilter: true,
+			SkipResourceFilter: skipResourceFilter,
 			Variables:          variables,
 			StartNs:            start,
 			EndNs:              end,
@@ -811,34 +824,30 @@ func (b *traceQueryStatementBuilder) maybeAttachResourceFilter(
 	query qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation],
 	start, end uint64,
 	variables map[string]qbtypes.VariableItem,
-) (cteSQL string, cteArgs []any, err error) {
+) (cteSQL string, cteArgs []any, skipResourceFilter bool, err error) {
 
-	stmt, err := b.buildResourceFilterCTE(ctx, query, start, end, variables)
+	if b.skipResourceFingerprintEnabled {
+		decision, err := b.resourceFilterResolver.Resolve(ctx, query, start, end, variables)
+		if err != nil {
+			return "", nil, true, err
+		}
+		switch decision {
+		case qbtypes.ResourceFilterResolveKindNoOp:
+			return "", nil, true, nil
+		case qbtypes.ResourceFilterResolveKindFallback:
+			return "", nil, false, nil
+		}
+	}
+
+	stmt, err := b.resourceFilterResolver.StatementBuilder().Build(
+		ctx, start, end, qbtypes.RequestTypeRaw, query, variables,
+	)
 	if err != nil {
-		return "", nil, err
+		return "", nil, true, err
 	}
 	if stmt == nil {
-		return "", nil, nil
+		return "", nil, true, nil
 	}
-
 	sb.Where("resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter)")
-
-	return fmt.Sprintf("__resource_filter AS (%s)", stmt.Query), stmt.Args, nil
-}
-
-func (b *traceQueryStatementBuilder) buildResourceFilterCTE(
-	ctx context.Context,
-	query qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation],
-	start, end uint64,
-	variables map[string]qbtypes.VariableItem,
-) (*qbtypes.Statement, error) {
-
-	return b.resourceFilterStmtBuilder.Build(
-		ctx,
-		start,
-		end,
-		qbtypes.RequestTypeRaw,
-		query,
-		variables,
-	)
+	return fmt.Sprintf("__resource_filter AS (%s)", stmt.Query), stmt.Args, true, nil
 }

pkg/telemetrytraces/stmt_builder_test.go

@@ -2,19 +2,36 @@ package telemetrytraces
 
 import (
 	"context"
+	"regexp"
 	"testing"
 	"time"
 
+	cmock "github.com/SigNoz/clickhouse-go-mock"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/flagger/flaggertest"
 	"github.com/SigNoz/signoz/pkg/instrumentation/instrumentationtest"
 	"github.com/SigNoz/signoz/pkg/querybuilder"
+	"github.com/SigNoz/signoz/pkg/telemetrystore"
+	"github.com/SigNoz/signoz/pkg/telemetrystore/telemetrystoretest"
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes/telemetrytypestest"
 	"github.com/stretchr/testify/require"
 )
 
+type regexQueryMatcher struct{}
+
+func (m *regexQueryMatcher) Match(expectedSQL, actualSQL string) error {
+	re, err := regexp.Compile(expectedSQL)
+	if err != nil {
+		return err
+	}
+	if !re.MatchString(actualSQL) {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "expected query to match %s, got %s", expectedSQL, actualSQL)
+	}
+	return nil
+}
+
 func TestStatementBuilder(t *testing.T) {
 	// releaseTime is chosen so it lands inside the standard [1747947419000, 1747983448000]ms
 	// test window, keeping the multiIf SQL form for resource fields.
@@ -370,6 +387,8 @@ func TestStatementBuilder(t *testing.T) {
 		aggExprRewriter,
 		nil,
 		fl,
+		false,
+		100000,
 	)
 
 	vars := map[string]qbtypes.VariableItem{
@@ -666,6 +685,8 @@ func TestStatementBuilderListQuery(t *testing.T) {
 		aggExprRewriter,
 		nil,
 		fl,
+		false,
+		100000,
 	)
 
 	for _, c := range cases {
@@ -794,6 +815,8 @@ func TestStatementBuilderListQueryWithCorruptData(t *testing.T) {
 				aggExprRewriter,
 				nil,
 				fl,
+				false,
+				100000,
 			)
 
 			q, err := statementBuilder.Build(context.Background(), 1747947419000, 1747983448000, c.requestType, c.query, nil)
@@ -864,6 +887,8 @@ func TestStatementBuilderGroupByResourceEvolution(t *testing.T) {
 		aggExprRewriter,
 		nil,
 		fl,
+		false,
+		100000,
 	)
 
 	query := qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation]{
@@ -1029,6 +1054,8 @@ func TestStatementBuilderTraceQuery(t *testing.T) {
 		aggExprRewriter,
 		nil,
 		fl,
+		false,
+		100000,
 	)
 
 	for _, c := range cases {
@@ -1561,3 +1588,115 @@ func TestAdjustKeys(t *testing.T) {
 		})
 	}
 }
+
+// TestSkipResourceFingerprint exercises the three resolver outcomes when
+// skip_resource_fingerprint is enabled: use-CTE (count < threshold),
+// fallback (count >= threshold), and the legacy path (feature disabled).
+func TestSkipResourceFingerprint(t *testing.T) {
+	const (
+		startMs   = uint64(1747947419000)
+		endMs     = uint64(1747983448000)
+		threshold = uint64(10)
+	)
+
+	query := qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation]{
+		Signal: telemetrytypes.SignalTraces,
+		Filter: &qbtypes.Filter{
+			Expression: "service.name = 'redis-manual'",
+		},
+		SelectFields: []telemetrytypes.TelemetryFieldKey{
+			{
+				Name:          "name",
+				FieldContext:  telemetrytypes.FieldContextSpan,
+				FieldDataType: telemetrytypes.FieldDataTypeString,
+			},
+		},
+		Limit: 5,
+	}
+
+	t.Run("disabled uses the legacy CTE", func(t *testing.T) {
+		sb := newSkipResourceFingerprintBuilder(t, nil, false, threshold)
+
+		stmt, err := sb.Build(context.Background(), startMs, endMs, qbtypes.RequestTypeRaw, query, nil)
+		require.NoError(t, err)
+		require.Contains(t, stmt.Query, "__resource_filter AS (SELECT fingerprint")
+		require.Contains(t, stmt.Query, "resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter)")
+	})
+
+	t.Run("CTE attached when count below threshold", func(t *testing.T) {
+		mockStore := telemetrystoretest.New(telemetrystore.Config{}, &regexQueryMatcher{})
+		mock := mockStore.Mock()
+
+		// Only the count query runs against the telemetry store; the CTE
+		// itself is embedded as SQL in the main query (no extra round trip).
+		mock.ExpectQueryRow(`SELECT count\(\) FROM \(SELECT fingerprint FROM signoz_traces\.distributed_traces_v3_resource`).
+			WillReturnRow(cmock.NewRow([]cmock.ColumnType{
+				{Name: "count", Type: "UInt64"},
+			}, []any{uint64(2)}))
+
+		sb := newSkipResourceFingerprintBuilder(t, mockStore, true, threshold)
+
+		stmt, err := sb.Build(context.Background(), startMs, endMs, qbtypes.RequestTypeRaw, query, nil)
+		require.NoError(t, err)
+
+		require.Contains(t, stmt.Query, "__resource_filter AS (SELECT fingerprint")
+		require.Contains(t, stmt.Query, "resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter)")
+
+		require.NoError(t, mock.ExpectationsWereMet())
+	})
+
+	t.Run("fallback when count at or above threshold", func(t *testing.T) {
+		mockStore := telemetrystoretest.New(telemetrystore.Config{}, &regexQueryMatcher{})
+		mock := mockStore.Mock()
+
+		mock.ExpectQueryRow(`SELECT count\(\) FROM \(SELECT fingerprint FROM signoz_traces\.distributed_traces_v3_resource`).
+			WillReturnRow(cmock.NewRow([]cmock.ColumnType{
+				{Name: "count", Type: "UInt64"},
+			}, []any{threshold}))
+
+		sb := newSkipResourceFingerprintBuilder(t, mockStore, true, threshold)
+
+		stmt, err := sb.Build(context.Background(), startMs, endMs, qbtypes.RequestTypeRaw, query, nil)
+		require.NoError(t, err)
+
+		require.NotContains(t, stmt.Query, "__resource_filter AS")
+		require.NotContains(t, stmt.Query, "resource_fingerprint")
+		// resource conditions are pushed onto the main table via the
+		// resource.`service.name` / resources_string lookup
+		require.Contains(t, stmt.Query, "service.name")
+
+		require.NoError(t, mock.ExpectationsWereMet())
+	})
+}
+
+func newSkipResourceFingerprintBuilder(
+	t *testing.T,
+	telemetryStore telemetrystore.TelemetryStore,
+	skipEnable bool,
+	threshold uint64,
+) *traceQueryStatementBuilder {
+	t.Helper()
+
+	fm := NewFieldMapper()
+	cb := NewConditionBuilder(fm)
+	mockMetadataStore := telemetrytypestest.NewMockMetadataStore()
+	releaseTime := time.Date(2025, 5, 22, 22, 0, 0, 0, time.UTC)
+	mockMetadataStore.KeysMap = buildCompleteFieldKeyMap(releaseTime)
+
+	fl := flaggertest.New(t)
+	aggExprRewriter := querybuilder.NewAggExprRewriter(
+		instrumentationtest.New().ToProviderSettings(), nil, fm, cb, nil, fl,
+	)
+
+	return NewTraceQueryStatementBuilder(
+		instrumentationtest.New().ToProviderSettings(),
+		mockMetadataStore,
+		fm,
+		cb,
+		aggExprRewriter,
+		telemetryStore,
+		fl,
+		skipEnable,
+		threshold,
+	)
+}

pkg/telemetrytraces/trace_operator_cte_builder_test.go

@@ -25,7 +25,7 @@ func newTestTraceOperatorStatementBuilder(t *testing.T) *traceOperatorStatementB
 	aggExprRewriter := querybuilder.NewAggExprRewriter(instrumentationtest.New().ToProviderSettings(), nil, fm, cb, nil, fl)
 	traceStmtBuilder := NewTraceQueryStatementBuilder(
 		instrumentationtest.New().ToProviderSettings(),
-		mockMetadataStore, fm, cb, aggExprRewriter, nil, fl,
+		mockMetadataStore, fm, cb, aggExprRewriter, nil, fl, false, 100000,
 	)
 	return NewTraceOperatorStatementBuilder(
 		instrumentationtest.New().ToProviderSettings(),

pkg/telemetrytraces/trace_time_range_test.go

@@ -6,13 +6,13 @@ import (
 	"testing"
 	"time"
 
+	"github.com/SigNoz/signoz/pkg/flagger/flaggertest"
 	"github.com/SigNoz/signoz/pkg/instrumentation/instrumentationtest"
 	"github.com/SigNoz/signoz/pkg/querybuilder"
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes/telemetrytypestest"
 	"github.com/stretchr/testify/assert"
-	"github.com/SigNoz/signoz/pkg/flagger/flaggertest"
 	"github.com/stretchr/testify/require"
 )
 
@@ -46,8 +46,10 @@ func TestTraceTimeRangeOptimization(t *testing.T) {
 		fm,
 		cb,
 		aggExprRewriter,
-		nil, // telemetryStore is nil - optimization won't happen but code path is tested
+		nil, // telemetryStore is nil - adaptive path is disabled
 		fl,
+		false,
+		100000,
 	)
 
 	tests := []struct {

pkg/types/cloudintegrationtypes/serviceid.go

@@ -27,7 +27,6 @@ var (
 	// Azure services.
 	AzureServiceStorageAccountsBlob = ServiceID{valuer.NewString("storageaccountsblob")}
 	AzureServiceCDNProfile          = ServiceID{valuer.NewString("cdnprofile")}
-	AzureServiceAppService          = ServiceID{valuer.NewString("appservice")}
 )
 
 func (ServiceID) Enum() []any {
@@ -47,7 +46,6 @@ func (ServiceID) Enum() []any {
 		AWSServiceSQS,
 		AzureServiceStorageAccountsBlob,
 		AzureServiceCDNProfile,
-		AzureServiceAppService,
 	}
 }
 
@@ -71,7 +69,6 @@ var SupportedServices = map[CloudProviderType][]ServiceID{
 	CloudProviderTypeAzure: {
 		AzureServiceStorageAccountsBlob,
 		AzureServiceCDNProfile,
-		AzureServiceAppService,
 	},
 }
 

pkg/types/dashboardtypes/list_v2.go

@@ -0,0 +1,150 @@
+package dashboardtypes
+
+import (
+	"strings"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/perses/perses/pkg/model/api/v1/common"
+)
+
+const (
+	DefaultListLimit = 20
+	MaxListLimit     = 200
+)
+
+// ListSort is the sort field for the dashboard list endpoint. The value is a
+// stable enum so callers can't ask for arbitrary columns.
+type ListSort string
+
+const (
+	ListSortUpdatedAt ListSort = "updated_at"
+	ListSortCreatedAt ListSort = "created_at"
+	ListSortName      ListSort = "name"
+)
+
+type ListOrder string
+
+const (
+	ListOrderAsc  ListOrder = "asc"
+	ListOrderDesc ListOrder = "desc"
+)
+
+var ErrCodeDashboardListInvalid = errors.MustNewCode("dashboard_list_invalid")
+
+type ListDashboardsV2Params struct {
+	Query  string    `query:"query"`
+	Sort   ListSort  `query:"sort"`
+	Order  ListOrder `query:"order"`
+	Limit  int       `query:"limit"`
+	Offset int       `query:"offset"`
+}
+
+// Validate fills in defaults (sort=updated_at, order=desc, limit=20) and
+// rejects out-of-allowlist sort/order values and bad limit/offset. Limit is
+// clamped to MaxListLimit on the high side. Lowercases sort/order so callers
+// can pass them in any case.
+func (p *ListDashboardsV2Params) Validate() error {
+	if p.Sort == "" {
+		p.Sort = ListSortUpdatedAt
+	} else {
+		p.Sort = ListSort(strings.ToLower(string(p.Sort)))
+		switch p.Sort {
+		case ListSortUpdatedAt, ListSortCreatedAt, ListSortName:
+		default:
+			return errors.NewInvalidInputf(ErrCodeDashboardListInvalid,
+				"invalid sort %q — expected one of: updated_at, created_at, name", p.Sort)
+		}
+	}
+
+	if p.Order == "" {
+		p.Order = ListOrderDesc
+	} else {
+		p.Order = ListOrder(strings.ToLower(string(p.Order)))
+		switch p.Order {
+		case ListOrderAsc, ListOrderDesc:
+		default:
+			return errors.NewInvalidInputf(ErrCodeDashboardListInvalid,
+				"invalid order %q — expected asc or desc", p.Order)
+		}
+	}
+
+	if p.Limit == 0 {
+		p.Limit = DefaultListLimit
+	} else if p.Limit < 0 {
+		return errors.NewInvalidInputf(ErrCodeDashboardListInvalid,
+			"invalid limit %d — must be a positive integer", p.Limit)
+	} else if p.Limit > MaxListLimit {
+		p.Limit = MaxListLimit
+	}
+
+	if p.Offset < 0 {
+		return errors.NewInvalidInputf(ErrCodeDashboardListInvalid,
+			"invalid offset %d — must be a non-negative integer", p.Offset)
+	}
+
+	return nil
+}
+
+type listedDashboardV2 struct {
+	types.Identifiable
+	types.TimeAuditable
+	types.UserAuditable
+
+	OrgID         valuer.UUID             `json:"orgId" required:"true"`
+	Locked        bool                    `json:"locked" required:"true"`
+	Source        Source                  `json:"source" required:"true"`
+	SchemaVersion string                  `json:"schemaVersion" required:"true"`
+	Name          string                  `json:"name" required:"true"`
+	Pinned        bool                    `json:"pinned" required:"true"`
+	Tags          []*tagtypes.GettableTag `json:"tags" required:"true" nullable:"false"`
+	Spec          listedDashboardV2Spec   `json:"spec" required:"true"`
+}
+
+type listedDashboardV2Spec struct {
+	Display *common.Display `json:"display,omitempty"`
+}
+
+type ListableDashboardV2 struct {
+	Dashboards []*listedDashboardV2 `json:"dashboards" required:"true" nullable:"false"`
+	Total      int64                `json:"total" required:"true"`
+}
+
+// DashboardListRow is the per-row shape Store.ListV2 returns. Bundles the
+// joined dashboard / public_dashboard / pinned_dashboard data so the module
+// layer can attach tags and assemble the gettable view.
+type DashboardListRow struct {
+	Dashboard *StorableDashboard
+	Public    *StorablePublicDashboard // nil if no public_dashboard row exists
+	Pinned    bool
+}
+
+func NewListableDashboardV2(rows []*DashboardListRow, total int64, tagsByEntity map[valuer.UUID][]*tagtypes.Tag) (*ListableDashboardV2, error) {
+	dashboards := make([]*listedDashboardV2, len(rows))
+	for i, r := range rows {
+		v2, err := r.Dashboard.ToDashboardV2(tagsByEntity[r.Dashboard.ID])
+		if err != nil {
+			return nil, err
+		}
+
+		dashboards[i] = &listedDashboardV2{
+			Identifiable:  v2.Identifiable,
+			TimeAuditable: v2.TimeAuditable,
+			UserAuditable: v2.UserAuditable,
+			OrgID:         v2.OrgID,
+			Locked:        v2.Locked,
+			Source:        v2.Source,
+			SchemaVersion: v2.SchemaVersion,
+			Name:          v2.Name,
+			Pinned:        r.Pinned,
+			Tags:          tagtypes.NewGettableTagsFromTags(v2.Tags),
+			Spec:          listedDashboardV2Spec{Display: v2.Spec.Display},
+		}
+	}
+	return &ListableDashboardV2{
+		Dashboards: dashboards,
+		Total:      total,
+	}, nil
+}

pkg/types/dashboardtypes/listfilter/constants.go

@@ -0,0 +1,61 @@
+package listfilter
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	qbtypesv5 "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+)
+
+var ErrCodeDashboardListFilterInvalid = errors.MustNewCode("dashboard_list_filter_invalid")
+
+// reservedOps lists the operators each reserved (column-level) DSL key accepts.
+// Any non-reserved key is treated as a tag key and uses tagKeyOps.
+var reservedOps = map[dashboardtypes.DSLKey]map[qbtypesv5.FilterOperator]struct{}{
+	dashboardtypes.DSLKeyName:        stringSearchOps(),
+	dashboardtypes.DSLKeyDescription: stringSearchOps(),
+	dashboardtypes.DSLKeyCreatedAt:   numericRangeOps(),
+	dashboardtypes.DSLKeyUpdatedAt:   numericRangeOps(),
+	dashboardtypes.DSLKeyCreatedBy:   stringSearchOps(),
+	dashboardtypes.DSLKeyLocked:      opsSet(qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual),
+	dashboardtypes.DSLKeyPublic:      opsSet(qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual),
+}
+
+// tagKeyOps applies to every non-reserved DSL key — the operator targets the
+// tag's value with an implicit case-insensitive match on the tag's key.
+var tagKeyOps = opsSet(
+	qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual,
+	qbtypesv5.FilterOperatorLike, qbtypesv5.FilterOperatorNotLike,
+	qbtypesv5.FilterOperatorILike, qbtypesv5.FilterOperatorNotILike,
+	qbtypesv5.FilterOperatorContains, qbtypesv5.FilterOperatorNotContains,
+	qbtypesv5.FilterOperatorRegexp, qbtypesv5.FilterOperatorNotRegexp,
+	qbtypesv5.FilterOperatorIn, qbtypesv5.FilterOperatorNotIn,
+	qbtypesv5.FilterOperatorExists, qbtypesv5.FilterOperatorNotExists,
+)
+
+func stringSearchOps() map[qbtypesv5.FilterOperator]struct{} {
+	return opsSet(
+		qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual,
+		qbtypesv5.FilterOperatorLike, qbtypesv5.FilterOperatorNotLike,
+		qbtypesv5.FilterOperatorILike, qbtypesv5.FilterOperatorNotILike,
+		qbtypesv5.FilterOperatorContains, qbtypesv5.FilterOperatorNotContains,
+		qbtypesv5.FilterOperatorRegexp, qbtypesv5.FilterOperatorNotRegexp,
+		qbtypesv5.FilterOperatorIn, qbtypesv5.FilterOperatorNotIn,
+	)
+}
+
+func numericRangeOps() map[qbtypesv5.FilterOperator]struct{} {
+	return opsSet(
+		qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual,
+		qbtypesv5.FilterOperatorLessThan, qbtypesv5.FilterOperatorLessThanOrEq,
+		qbtypesv5.FilterOperatorGreaterThan, qbtypesv5.FilterOperatorGreaterThanOrEq,
+		qbtypesv5.FilterOperatorBetween, qbtypesv5.FilterOperatorNotBetween,
+	)
+}
+
+func opsSet(ops ...qbtypesv5.FilterOperator) map[qbtypesv5.FilterOperator]struct{} {
+	m := make(map[qbtypesv5.FilterOperator]struct{}, len(ops))
+	for _, op := range ops {
+		m[op] = struct{}{}
+	}
+	return m
+}

pkg/types/dashboardtypes/listfilter/listfilter.go

@@ -0,0 +1,39 @@
+package listfilter
+
+import (
+	"strings"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+)
+
+type Compiled struct {
+	SQL  string
+	Args []any
+}
+
+func Compile(query string, formatter sqlstore.SQLFormatter) (*Compiled, error) {
+	if len(query) == 0 {
+		return nil, nil
+	}
+
+	queryVisitor := newVisitor(formatter)
+	frag, syntaxErrs := queryVisitor.compile(query)
+
+	if len(syntaxErrs) > 0 {
+		return nil, errors.NewInvalidInputf(ErrCodeDashboardListFilterInvalid,
+			"invalid filter query: %s", strings.Join(syntaxErrs, "; "))
+	}
+	if len(queryVisitor.errors) > 0 {
+		return nil, errors.NewInvalidInputf(ErrCodeDashboardListFilterInvalid,
+			"invalid filter query: %s", strings.Join(queryVisitor.errors, "; "))
+	}
+	if frag == nil || frag.sql == "" {
+		return nil, nil
+	}
+
+	return &Compiled{
+		SQL:  frag.sql,
+		Args: frag.args,
+	}, nil
+}

pkg/types/dashboardtypes/listfilter/listfilter_test.go

@@ -0,0 +1,507 @@
+package listfilter
+
+import (
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstoretest"
+)
+
+type compileCase struct {
+	subtestName              string
+	dslQueryToCompile        string
+	nilExpected              bool
+	expectedSQL              string
+	expectedArgs             []any
+	expectedErrShouldContain string
+}
+
+func runCompileCases(t *testing.T, cases []compileCase) {
+	t.Helper()
+	for _, c := range cases {
+		t.Run(c.subtestName, func(t *testing.T) {
+			out, err := Compile(c.dslQueryToCompile, formatter(t))
+
+			if c.expectedErrShouldContain != "" {
+				require.Error(t, err)
+				assert.Contains(t, strings.ToLower(err.Error()), strings.ToLower(c.expectedErrShouldContain))
+				return
+			}
+
+			require.NoError(t, err)
+			if c.nilExpected {
+				assert.Nil(t, out)
+				return
+			}
+			require.NotNil(t, out)
+
+			if c.expectedSQL != "" {
+				assert.Equal(t, normalizeSQL(c.expectedSQL), normalizeSQL(out.SQL))
+			}
+			if c.expectedArgs != nil {
+				require.Len(t, out.Args, len(c.expectedArgs))
+				for i, want := range c.expectedArgs {
+					// time.Time values can carry semantically-equal instants
+					// in different *Location representations (UTC vs Local vs
+					// FixedZone). Compare via .Equal() instead of DeepEqual.
+					if wantT, ok := want.(time.Time); ok {
+						gotT, ok := out.Args[i].(time.Time)
+						require.True(t, ok, "arg[%d]: want time.Time, got %T", i, out.Args[i])
+						assert.True(t, wantT.Equal(gotT), "arg[%d]: want %s, got %s", i, wantT, gotT)
+						continue
+					}
+					assert.Equal(t, want, out.Args[i], "arg[%d]", i)
+				}
+			}
+		})
+	}
+}
+
+func TestCompile_Empty(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{subtestName: "empty query yields nil", dslQueryToCompile: "", nilExpected: true},
+	})
+}
+
+func TestCompile_Name(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "name =",
+			dslQueryToCompile: `name = 'overview'`,
+			expectedSQL:       `json_extract("dashboard"."data", '$.spec.display.name') = ?`,
+			expectedArgs:      []any{"overview"},
+		},
+		{
+			// QUOTED_TEXT in the grammar covers both '…' and "…" — visitor
+			// strips whichever quote pair surrounds the value.
+			subtestName:       "name = with double-quoted value",
+			dslQueryToCompile: `name = "something"`,
+			expectedSQL:       `json_extract("dashboard"."data", '$.spec.display.name') = ?`,
+			expectedArgs:      []any{"something"},
+		},
+		{
+			subtestName:       "name CONTAINS",
+			dslQueryToCompile: `name CONTAINS 'overview'`,
+			expectedSQL:       `json_extract("dashboard"."data", '$.spec.display.name') LIKE ?`,
+			expectedArgs:      []any{"%overview%"},
+		},
+		{
+			subtestName:       "name ILIKE — emitted as LOWER(col) LIKE LOWER(?) for dialect parity",
+			dslQueryToCompile: `name ILIKE 'Prod%'`,
+			expectedSQL:       `lower(json_extract("dashboard"."data", '$.spec.display.name')) LIKE LOWER(?)`,
+			expectedArgs:      []any{"Prod%"},
+		},
+		{
+			subtestName:       "CONTAINS escapes % in user input",
+			dslQueryToCompile: `name CONTAINS '50%'`,
+			expectedSQL:       `json_extract("dashboard"."data", '$.spec.display.name') LIKE ?`,
+			expectedArgs:      []any{`%50\%%`},
+		},
+	})
+}
+
+func TestCompile_CreatedByLocked(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "created_by LIKE",
+			dslQueryToCompile: `created_by LIKE '%@signoz.io'`,
+			expectedSQL:       `dashboard.created_by LIKE ?`,
+			expectedArgs:      []any{"%@signoz.io"},
+		},
+		{
+			subtestName:       "locked = true",
+			dslQueryToCompile: `locked = true`,
+			expectedSQL:       `dashboard.locked = ?`,
+			expectedArgs:      []any{true},
+		},
+	})
+}
+
+func TestCompile_Public(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{subtestName: "public = true", dslQueryToCompile: `public = true`, expectedSQL: `pd.id IS NOT NULL`},
+		{subtestName: "public = false", dslQueryToCompile: `public = false`, expectedSQL: `pd.id IS NULL`},
+		{subtestName: "public != true", dslQueryToCompile: `public != true`, expectedSQL: `pd.id IS NULL`},
+	})
+}
+
+func TestCompile_Timestamps(t *testing.T) {
+	ist := time.FixedZone("+05:30", 5*60*60+30*60)
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "created_at >= RFC3339",
+			dslQueryToCompile: `created_at >= '2026-03-10T00:00:00Z'`,
+			expectedSQL:       `dashboard.created_at >= ?`,
+			expectedArgs:      []any{time.Date(2026, 3, 10, 0, 0, 0, 0, time.UTC)},
+		},
+		{
+			subtestName:       "updated_at BETWEEN",
+			dslQueryToCompile: `updated_at BETWEEN '2026-03-10T00:00:00Z' AND '2026-03-20T00:00:00Z'`,
+			expectedSQL:       `dashboard.updated_at BETWEEN ? AND ?`,
+			expectedArgs: []any{
+				time.Date(2026, 3, 10, 0, 0, 0, 0, time.UTC),
+				time.Date(2026, 3, 20, 0, 0, 0, 0, time.UTC),
+			},
+		},
+		{
+			subtestName:       "created_at >= IST timestamp",
+			dslQueryToCompile: `created_at >= '2026-03-10T05:30:00+05:30'`,
+			expectedSQL:       `dashboard.created_at >= ?`,
+			expectedArgs:      []any{time.Date(2026, 3, 10, 5, 30, 0, 0, ist)},
+		},
+	})
+}
+
+// Tag operators wrap each predicate in EXISTS / NOT EXISTS. Any non-reserved
+// key is a tag key — `team = 'pulse'` matches a tag with key=team value=pulse,
+// `tag = 'prod'` matches a tag with key=tag value=prod, and so on.
+func TestCompile_Tag(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "team = wraps in EXISTS",
+			dslQueryToCompile: `team = 'pulse'`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{"team", "pulse"},
+		},
+		{
+			subtestName:       "tag = is just a regular tag-key filter",
+			dslQueryToCompile: `tag = 'database'`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{"tag", "database"},
+		},
+		{
+			subtestName:       "team != wraps in NOT EXISTS with positive inner",
+			dslQueryToCompile: `team != 'pulse'`,
+			expectedSQL: `
+				NOT EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{"team", "pulse"},
+		},
+		{
+			subtestName:       "team IN — inner is single placeholder list on t.value",
+			dslQueryToCompile: `team IN ['pulse', 'events']`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value IN (?, ?)
+				)`,
+			expectedArgs: []any{"team", "pulse", "events"},
+		},
+		{
+			subtestName:       "team NOT IN",
+			dslQueryToCompile: `team NOT IN ['pulse', 'events']`,
+			expectedSQL: `
+				NOT EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value IN (?, ?)
+				)`,
+			expectedArgs: []any{"team", "pulse", "events"},
+		},
+		{
+			subtestName:       "team LIKE — wildcard on value",
+			dslQueryToCompile: `team LIKE 'pulse%'`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value LIKE ?
+				)`,
+			expectedArgs: []any{"team", "pulse%"},
+		},
+		{
+			subtestName:       "team NOT LIKE",
+			dslQueryToCompile: `team NOT LIKE 'staging%'`,
+			expectedSQL: `
+				NOT EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value LIKE ?
+				)`,
+			expectedArgs: []any{"team", "staging%"},
+		},
+		{
+			subtestName:       "database EXISTS — asserts a tag with key=database is present",
+			dslQueryToCompile: `database EXISTS`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+				)`,
+			expectedArgs: []any{"database"},
+		},
+		{
+			subtestName:       "database NOT EXISTS",
+			dslQueryToCompile: `database NOT EXISTS`,
+			expectedSQL: `
+				NOT EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+				)`,
+			expectedArgs: []any{"database"},
+		},
+		{
+			subtestName:       "tag-key matching is case-insensitive — TEAM lowercased",
+			dslQueryToCompile: `TEAM = 'pulse'`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{"team", "pulse"},
+		},
+	})
+}
+
+func TestCompile_BooleanComposition(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "AND chain — flat arg list",
+			dslQueryToCompile: `locked = true AND public = true`,
+			expectedSQL:       `dashboard.locked = ? AND pd.id IS NOT NULL`,
+			expectedArgs:      []any{true},
+		},
+		{
+			subtestName:       "OR chain",
+			dslQueryToCompile: `locked = true OR public = true`,
+			expectedSQL:       `dashboard.locked = ? OR pd.id IS NOT NULL`,
+			expectedArgs:      []any{true},
+		},
+		{
+			subtestName:       "parens preserve precedence",
+			dslQueryToCompile: `(locked = true OR public = true) AND created_by = 'a@b.com'`,
+			expectedSQL:       `(dashboard.locked = ? OR pd.id IS NOT NULL) AND dashboard.created_by = ?`,
+			expectedArgs:      []any{true, "a@b.com"},
+		},
+	})
+}
+
+// Distinct from operator-suffix negation (NOT IN / NOT LIKE / NOT EXISTS).
+// Driven by the unaryExpression rule (`NOT? primary`), so NOT binds to
+// exactly one primary and only widens via parens.
+func TestCompile_NOT(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "NOT on a single comparison",
+			dslQueryToCompile: `NOT name = 'foo'`,
+			expectedSQL:       `NOT (json_extract("dashboard"."data", '$.spec.display.name') = ?)`,
+			expectedArgs:      []any{"foo"},
+		},
+		{
+			subtestName:       "NOT binds tightly to its primary in an AND chain",
+			dslQueryToCompile: `NOT name = 'foo' AND created_by = 'alice'`,
+			expectedSQL:       `NOT (json_extract("dashboard"."data", '$.spec.display.name') = ?) AND dashboard.created_by = ?`,
+			expectedArgs:      []any{"foo", "alice"},
+		},
+		{
+			subtestName:       "NOT applied to the second term in an AND chain",
+			dslQueryToCompile: `locked = true AND NOT name = 'foo'`,
+			expectedSQL:       `dashboard.locked = ? AND NOT (json_extract("dashboard"."data", '$.spec.display.name') = ?)`,
+			expectedArgs:      []any{true, "foo"},
+		},
+		{
+			subtestName:       "NOT around a parenthesized OR",
+			dslQueryToCompile: `NOT (locked = true OR public = true)`,
+			expectedSQL:       `NOT ((dashboard.locked = ? OR pd.id IS NOT NULL))`,
+			expectedArgs:      []any{true},
+		},
+		{
+			subtestName:       "double NOT via parens",
+			dslQueryToCompile: `NOT (NOT name = 'foo')`,
+			expectedSQL:       `NOT ((NOT (json_extract("dashboard"."data", '$.spec.display.name') = ?)))`,
+			expectedArgs:      []any{"foo"},
+		},
+		{
+			subtestName:       "NOT on a tag equality",
+			dslQueryToCompile: `NOT team = 'pulse'`,
+			expectedSQL: `
+				NOT (
+					EXISTS (
+						SELECT 1 FROM tag_relation tr
+						JOIN tag t ON t.id = tr.tag_id
+						WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+						AND LOWER(t.key) = LOWER(?)
+						AND t.value = ?
+					)
+				)`,
+			expectedArgs: []any{"team", "pulse"},
+		},
+		{
+			subtestName:       "NOT team = ... AND name = ...",
+			dslQueryToCompile: `NOT team = 'pulse' AND name = 'overview'`,
+			expectedSQL: `
+				NOT (
+					EXISTS (
+						SELECT 1 FROM tag_relation tr
+						JOIN tag t ON t.id = tr.tag_id
+						WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+						AND LOWER(t.key) = LOWER(?)
+						AND t.value = ?
+					)
+				)
+				AND json_extract("dashboard"."data", '$.spec.display.name') = ?`,
+			expectedArgs: []any{"team", "pulse", "overview"},
+		},
+	})
+}
+
+func TestCompile_ComplexExamples(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "name CONTAINS + tag LIKE + created_by + database =",
+			dslQueryToCompile: `name CONTAINS 'overview' AND tag LIKE 'prod%' AND created_by = 'naman.verma@signoz.io' AND database = 'mongo'`,
+			expectedSQL: `
+				json_extract("dashboard"."data", '$.spec.display.name') LIKE ?
+				AND EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value LIKE ?
+				)
+				AND dashboard.created_by = ?
+				AND EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{"%overview%", "tag", "prod%", "naman.verma@signoz.io", "database", "mongo"},
+		},
+		{
+			subtestName:       "team IN AND database EXISTS",
+			dslQueryToCompile: `team IN ['pulse', 'events'] AND database EXISTS`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value IN (?, ?)
+				)
+				AND EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+				)`,
+			expectedArgs: []any{"team", "pulse", "events", "database"},
+		},
+		{
+			subtestName:       "nested OR / AND with parens",
+			dslQueryToCompile: `(database IN ['sql', 'redis', 'mongo'] OR name LIKE '%database%') AND (team = 'pulse' OR name LIKE '%pulse%')`,
+			expectedSQL: `
+				(
+					EXISTS (
+						SELECT 1 FROM tag_relation tr
+						JOIN tag t ON t.id = tr.tag_id
+						WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+						AND LOWER(t.key) = LOWER(?)
+						AND t.value IN (?, ?, ?)
+					)
+					OR json_extract("dashboard"."data", '$.spec.display.name') LIKE ?
+				)
+				AND (
+					EXISTS (
+						SELECT 1 FROM tag_relation tr
+						JOIN tag t ON t.id = tr.tag_id
+						WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id
+						AND LOWER(t.key) = LOWER(?)
+						AND t.value = ?
+					)
+					OR json_extract("dashboard"."data", '$.spec.display.name') LIKE ?
+				)`,
+			expectedArgs: []any{"database", "sql", "redis", "mongo", "%database%", "team", "pulse", "%pulse%"},
+		},
+	})
+}
+
+func TestCompile_Rejections(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:              "rejects op outside per-reserved-key allowlist",
+			dslQueryToCompile:        `name BETWEEN 'a' AND 'z'`,
+			expectedErrShouldContain: "operator",
+		},
+		{
+			subtestName:              "rejects BETWEEN on a tag key",
+			dslQueryToCompile:        `team BETWEEN 'a' AND 'z'`,
+			expectedErrShouldContain: "operator",
+		},
+		{
+			subtestName:              "rejects non-bool on locked",
+			dslQueryToCompile:        `locked = 'yes'`,
+			expectedErrShouldContain: "boolean",
+		},
+		{
+			subtestName:              "rejects non-RFC3339 timestamp",
+			dslQueryToCompile:        `created_at >= 'not-a-date'`,
+			expectedErrShouldContain: "RFC3339",
+		},
+		{
+			subtestName:              "rejects REGEXP — not yet supported",
+			dslQueryToCompile:        `name REGEXP '.*'`,
+			expectedErrShouldContain: "REGEXP",
+		},
+		{
+			subtestName:              "rejects syntax error from grammar",
+			dslQueryToCompile:        `name = `,
+			expectedErrShouldContain: "syntax",
+		},
+	})
+}
+
+func formatter(t *testing.T) sqlstore.SQLFormatter {
+	t.Helper()
+	p := sqlstoretest.New(sqlstore.Config{Provider: "sqlite"}, sqlmock.QueryMatcherEqual)
+	return p.Formatter()
+}
+
+func normalizeSQL(s string) string {
+	s = strings.Join(strings.Fields(s), " ")
+	s = strings.ReplaceAll(s, "( ", "(")
+	s = strings.ReplaceAll(s, " )", ")")
+	return s
+}

pkg/types/dashboardtypes/listfilter/visitor.go

@@ -0,0 +1,592 @@
+package listfilter
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/parser/filterquery"
+	grammar "github.com/SigNoz/signoz/pkg/parser/filterquery/grammar"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	qbtypesv5 "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/antlr4-go/antlr/v4"
+)
+
+// fragment is one composable WHERE fragment. sql uses `?` placeholders;
+// args lines up positionally with the placeholders.
+type fragment struct {
+	sql  string
+	args []any
+}
+
+func newFragment(sql string, args ...any) *fragment {
+	return &fragment{sql: sql, args: args}
+}
+
+type visitor struct {
+	grammar.BaseFilterQueryVisitor
+	formatter sqlstore.SQLFormatter
+	errors    []string
+}
+
+func newVisitor(formatter sqlstore.SQLFormatter) *visitor {
+	return &visitor{
+		formatter: formatter,
+	}
+}
+
+// Emitted WHERE fragment uses aliases `dashboard` and `pd` (public_dashboard).
+func (v *visitor) compile(query string) (*fragment, []string) {
+	tree, _, collector := filterquery.Parse(query)
+	if len(collector.Errors) > 0 {
+		return nil, collector.Errors
+	}
+	frag, _ := v.visit(tree).(*fragment)
+	return frag, nil
+}
+
+func (v *visitor) visit(tree antlr.ParseTree) any {
+	if tree == nil {
+		return nil
+	}
+	return tree.Accept(v)
+}
+
+// ════════════════════════════════════════════════════════════════════════
+// methods from grammar.BaseFilterQueryVisitor that are overridden
+// ════════════════════════════════════════════════════════════════════════
+
+func (v *visitor) VisitQuery(ctx *grammar.QueryContext) any {
+	return v.visit(ctx.Expression())
+}
+
+func (v *visitor) VisitExpression(ctx *grammar.ExpressionContext) any {
+	return v.visit(ctx.OrExpression())
+}
+
+func (v *visitor) VisitOrExpression(ctx *grammar.OrExpressionContext) any {
+	parts := ctx.AllAndExpression()
+	frags := make([]*fragment, 0, len(parts))
+	for _, p := range parts {
+		if f, ok := v.visit(p).(*fragment); ok && f != nil {
+			frags = append(frags, f)
+		}
+	}
+	return joinFragments(frags, "OR")
+}
+
+func (v *visitor) VisitAndExpression(ctx *grammar.AndExpressionContext) any {
+	parts := ctx.AllUnaryExpression()
+	frags := make([]*fragment, 0, len(parts))
+	for _, p := range parts {
+		if f, ok := v.visit(p).(*fragment); ok && f != nil {
+			frags = append(frags, f)
+		}
+	}
+	return joinFragments(frags, "AND")
+}
+
+func (v *visitor) VisitUnaryExpression(ctx *grammar.UnaryExpressionContext) any {
+	f, _ := v.visit(ctx.Primary()).(*fragment)
+	if f == nil {
+		return nil
+	}
+	if ctx.NOT() != nil {
+		return newFragment("NOT ("+f.sql+")", f.args...)
+	}
+	return f
+}
+
+func (v *visitor) VisitPrimary(ctx *grammar.PrimaryContext) any {
+	if ctx.OrExpression() != nil {
+		f, _ := v.visit(ctx.OrExpression()).(*fragment)
+		if f == nil {
+			return nil
+		}
+		return newFragment("("+f.sql+")", f.args...)
+	}
+	if ctx.Comparison() != nil {
+		return v.visit(ctx.Comparison())
+	}
+	// Bare keys, values, full text, and function calls are not part of the
+	// dashboard list DSL.
+	v.addErr("unsupported expression %q — every term must be of the form `key OP value`", ctx.GetText())
+	return nil
+}
+
+// VisitComparison dispatches a single `key OP value` term. A key that matches
+// a reserved DSL key (name, description, etc.) becomes a column-level
+// predicate; any other identifier is treated as a tag key — the operator
+// applies to the tag's value, with a case-insensitive match on the tag's key.
+func (v *visitor) VisitComparison(ctx *grammar.ComparisonContext) any {
+	key, ok := v.parseKey(ctx)
+	if !ok {
+		return nil
+	}
+
+	op, ok := v.opFromContext(ctx)
+	if !ok {
+		return nil
+	}
+
+	if reservedOpSet, isReserved := reservedOps[dashboardtypes.DSLKey(key)]; isReserved {
+		if _, allowed := reservedOpSet[op]; !allowed {
+			v.addErr("operator %s is not allowed for key %q", opName(op), key)
+			return nil
+		}
+		switch dashboardtypes.DSLKey(key) {
+		case dashboardtypes.DSLKeyName:
+			return v.emitJSONStringComparison(ctx, op, "$.spec.display.name")
+		case dashboardtypes.DSLKeyDescription:
+			return v.emitJSONStringComparison(ctx, op, "$.spec.display.description")
+		case dashboardtypes.DSLKeyCreatedAt:
+			return v.emitTimestampComparison(ctx, op, "dashboard.created_at")
+		case dashboardtypes.DSLKeyUpdatedAt:
+			return v.emitTimestampComparison(ctx, op, "dashboard.updated_at")
+		case dashboardtypes.DSLKeyCreatedBy:
+			return v.emitStringComparison(ctx, op, "dashboard.created_by")
+		case dashboardtypes.DSLKeyLocked:
+			return v.emitBoolComparison(ctx, op, "dashboard.locked")
+		case dashboardtypes.DSLKeyPublic:
+			return v.emitPublicComparison(ctx, op)
+		}
+	}
+
+	if _, allowed := tagKeyOps[op]; !allowed {
+		v.addErr("operator %s is not allowed on a tag-key filter", opName(op))
+		return nil
+	}
+	return v.emitTagComparison(ctx, op, key)
+}
+
+func (v *visitor) parseKey(ctx *grammar.ComparisonContext) (string, bool) {
+	keyText := strings.ToLower(strings.TrimSpace(ctx.Key().GetText()))
+	if keyText == "" {
+		v.addErr("filter key cannot be empty")
+		return "", false
+	}
+	return keyText, true
+}
+
+func (v *visitor) opFromContext(ctx *grammar.ComparisonContext) (qbtypesv5.FilterOperator, bool) {
+	switch {
+	case ctx.EQUALS() != nil:
+		return qbtypesv5.FilterOperatorEqual, true
+	case ctx.NOT_EQUALS() != nil, ctx.NEQ() != nil:
+		return qbtypesv5.FilterOperatorNotEqual, true
+	case ctx.LT() != nil:
+		return qbtypesv5.FilterOperatorLessThan, true
+	case ctx.LE() != nil:
+		return qbtypesv5.FilterOperatorLessThanOrEq, true
+	case ctx.GT() != nil:
+		return qbtypesv5.FilterOperatorGreaterThan, true
+	case ctx.GE() != nil:
+		return qbtypesv5.FilterOperatorGreaterThanOrEq, true
+	case ctx.BETWEEN() != nil:
+		if ctx.NOT() != nil {
+			return qbtypesv5.FilterOperatorNotBetween, true
+		}
+		return qbtypesv5.FilterOperatorBetween, true
+	case ctx.LIKE() != nil:
+		if ctx.NOT() != nil {
+			return qbtypesv5.FilterOperatorNotLike, true
+		}
+		return qbtypesv5.FilterOperatorLike, true
+	case ctx.ILIKE() != nil:
+		if ctx.NOT() != nil {
+			return qbtypesv5.FilterOperatorNotILike, true
+		}
+		return qbtypesv5.FilterOperatorILike, true
+	case ctx.CONTAINS() != nil:
+		if ctx.NOT() != nil {
+			return qbtypesv5.FilterOperatorNotContains, true
+		}
+		return qbtypesv5.FilterOperatorContains, true
+	case ctx.REGEXP() != nil:
+		if ctx.NOT() != nil {
+			return qbtypesv5.FilterOperatorNotRegexp, true
+		}
+		return qbtypesv5.FilterOperatorRegexp, true
+	case ctx.InClause() != nil:
+		return qbtypesv5.FilterOperatorIn, true
+	case ctx.NotInClause() != nil:
+		return qbtypesv5.FilterOperatorNotIn, true
+	case ctx.EXISTS() != nil:
+		if ctx.NOT() != nil {
+			return qbtypesv5.FilterOperatorNotExists, true
+		}
+		return qbtypesv5.FilterOperatorExists, true
+	}
+	v.addErr("could not determine operator in expression %q", ctx.GetText())
+	return qbtypesv5.FilterOperatorUnknown, false
+}
+
+// ─── per-key emitters ────────────────────────────────────────────────────────
+
+func (v *visitor) emitJSONStringComparison(ctx *grammar.ComparisonContext, op qbtypesv5.FilterOperator, jsonPath string) *fragment {
+	colExpr := string(v.formatter.JSONExtractString("dashboard.data", jsonPath))
+	return v.emitStringOp(ctx, op, colExpr, string(dashboardtypes.DSLKeyName))
+}
+
+func (v *visitor) emitStringComparison(ctx *grammar.ComparisonContext, op qbtypesv5.FilterOperator, colExpr string) *fragment {
+	return v.emitStringOp(ctx, op, colExpr, string(dashboardtypes.DSLKeyCreatedBy))
+}
+
+// emitStringOp covers all the operators the spec allows on text-shaped keys
+// (name, description, created_by). Tag uses a separate emitter that wraps each
+// produced fragment in an EXISTS subquery.
+func (v *visitor) emitStringOp(ctx *grammar.ComparisonContext, op qbtypesv5.FilterOperator, colExpr, keyForErr string) *fragment {
+	switch op {
+	case qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual,
+		qbtypesv5.FilterOperatorLike, qbtypesv5.FilterOperatorNotLike:
+		val, ok := v.singleString(ctx, keyForErr)
+		if !ok {
+			return nil
+		}
+		return newFragment(colExpr+" "+opName(op)+" ?", val)
+	case qbtypesv5.FilterOperatorILike, qbtypesv5.FilterOperatorNotILike:
+		val, ok := v.singleString(ctx, keyForErr)
+		if !ok {
+			return nil
+		}
+		// SQLite has no ILIKE keyword and Postgres LIKE is case-sensitive — emit
+		// LOWER(col) LIKE LOWER(?) so behavior is identical on both dialects.
+		lowerCol := string(v.formatter.LowerExpression(colExpr))
+		return newFragment(lowerCol+" "+opName(iLikeToLike(op))+" LOWER(?)", val)
+	case qbtypesv5.FilterOperatorContains, qbtypesv5.FilterOperatorNotContains:
+		val, ok := v.singleString(ctx, keyForErr)
+		if !ok {
+			return nil
+		}
+		return newFragment(colExpr+" "+opName(containsToLike(op))+" ?", "%"+escapeLike(val)+"%")
+	case qbtypesv5.FilterOperatorRegexp, qbtypesv5.FilterOperatorNotRegexp:
+		v.addErr("REGEXP filtering on %q is not yet supported", keyForErr)
+		return nil
+	case qbtypesv5.FilterOperatorIn, qbtypesv5.FilterOperatorNotIn:
+		vals, ok := v.stringList(ctx, keyForErr)
+		if !ok {
+			return nil
+		}
+		return inFragment(colExpr, op, vals)
+	}
+	v.addErr("operator %s on %q is not implemented", opName(op), keyForErr)
+	return nil
+}
+
+func (v *visitor) emitTimestampComparison(ctx *grammar.ComparisonContext, op qbtypesv5.FilterOperator, colExpr string) *fragment {
+	switch op {
+	case qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual,
+		qbtypesv5.FilterOperatorLessThan, qbtypesv5.FilterOperatorLessThanOrEq,
+		qbtypesv5.FilterOperatorGreaterThan, qbtypesv5.FilterOperatorGreaterThanOrEq:
+		t, ok := v.singleTimestamp(ctx)
+		if !ok {
+			return nil
+		}
+		return newFragment(colExpr+" "+opName(op)+" ?", t)
+	case qbtypesv5.FilterOperatorBetween, qbtypesv5.FilterOperatorNotBetween:
+		ts, ok := v.twoTimestamps(ctx)
+		if !ok {
+			return nil
+		}
+		return newFragment(colExpr+" "+opName(op)+" ? AND ?", ts[0], ts[1])
+	}
+	v.addErr("operator %s on timestamp is not implemented", opName(op))
+	return nil
+}
+
+func (v *visitor) emitBoolComparison(ctx *grammar.ComparisonContext, op qbtypesv5.FilterOperator, colExpr string) *fragment {
+	b, ok := v.singleBool(ctx)
+	if !ok {
+		return nil
+	}
+	return newFragment(colExpr+" "+opName(op)+" ?", b)
+}
+
+// emitPublicComparison renders `public = true|false` against the LEFT-joined
+// public_dashboard alias `pd`. The spec says public is a virtual column whose
+// truthiness is the existence of a row in public_dashboard.
+func (v *visitor) emitPublicComparison(ctx *grammar.ComparisonContext, op qbtypesv5.FilterOperator) *fragment {
+	b, ok := v.singleBool(ctx)
+	if !ok {
+		return nil
+	}
+	want := b
+	if op == qbtypesv5.FilterOperatorNotEqual {
+		want = !b
+	}
+	if want {
+		return newFragment("pd.id IS NOT NULL")
+	}
+	return newFragment("pd.id IS NULL")
+}
+
+// TODO: drop the extra quotes once coretypes.Kind stops being double-encoded
+// in the tag_relation.kind column.
+const tagSubqueryPrefix = "SELECT 1 FROM tag_relation tr JOIN tag t ON t.id = tr.tag_id " +
+	`WHERE tr.kind = '"dashboard"' AND tr.resource_id = dashboard.id ` +
+	"AND LOWER(t.key) = LOWER(?)"
+
+// emitTagComparison wraps the inner predicate in EXISTS (or NOT EXISTS for the
+// negated operators). The inner predicate matches the tag's key
+// case-insensitively and applies the user's operator to the tag's value.
+// EXISTS / NOT EXISTS skip the value predicate — they assert the existence
+// (or absence) of any tag with the given key.
+func (v *visitor) emitTagComparison(ctx *grammar.ComparisonContext, op qbtypesv5.FilterOperator, key string) *fragment {
+	if op == qbtypesv5.FilterOperatorExists || op == qbtypesv5.FilterOperatorNotExists {
+		wrapper := "EXISTS"
+		if op == qbtypesv5.FilterOperatorNotExists {
+			wrapper = "NOT EXISTS"
+		}
+		return newFragment(wrapper+" ("+tagSubqueryPrefix+")", key)
+	}
+
+	// All other tag operators take the positive form of the value predicate
+	// and toggle the EXISTS wrapper for negation. Inverse() flips Not<X> → <X>.
+	negated := op.IsNegativeOperator()
+	posOp := op
+	if negated {
+		posOp = op.Inverse()
+	}
+	inner := v.emitStringOp(ctx, posOp, "t.value", key)
+	if inner == nil {
+		return nil
+	}
+	wrapper := "EXISTS"
+	if negated {
+		wrapper = "NOT EXISTS"
+	}
+	args := append([]any{key}, inner.args...)
+	return newFragment(wrapper+" ("+tagSubqueryPrefix+" AND "+inner.sql+")", args...)
+}
+
+// ─── value extraction helpers ───────────────────────────────────────────────
+
+func (v *visitor) addErr(format string, args ...any) {
+	v.errors = append(v.errors, fmt.Sprintf(format, args...))
+}
+
+func (v *visitor) singleString(ctx *grammar.ComparisonContext, keyForErr string) (string, bool) {
+	values := ctx.AllValue()
+	if len(values) != 1 {
+		v.addErr("expected exactly one value for %q", keyForErr)
+		return "", false
+	}
+	return v.stringValue(values[0], keyForErr)
+}
+
+func (v *visitor) singleBool(ctx *grammar.ComparisonContext) (bool, bool) {
+	values := ctx.AllValue()
+	if len(values) != 1 {
+		v.addErr("expected a single boolean (true/false)")
+		return false, false
+	}
+	return v.boolValue(values[0])
+}
+
+func (v *visitor) singleTimestamp(ctx *grammar.ComparisonContext) (time.Time, bool) {
+	values := ctx.AllValue()
+	if len(values) != 1 {
+		v.addErr("expected a single RFC3339 timestamp")
+		return time.Time{}, false
+	}
+	return v.timestampValue(values[0])
+}
+
+func (v *visitor) twoTimestamps(ctx *grammar.ComparisonContext) ([2]time.Time, bool) {
+	values := ctx.AllValue()
+	if len(values) != 2 {
+		v.addErr("BETWEEN expects two RFC3339 timestamps")
+		return [2]time.Time{}, false
+	}
+	a, ok1 := v.timestampValue(values[0])
+	b, ok2 := v.timestampValue(values[1])
+	if !ok1 || !ok2 {
+		return [2]time.Time{}, false
+	}
+	return [2]time.Time{a, b}, true
+}
+
+func (v *visitor) stringList(ctx *grammar.ComparisonContext, keyForErr string) ([]string, bool) {
+	var valuesCtx []grammar.IValueContext
+	switch {
+	case ctx.InClause() != nil:
+		ic := ctx.InClause()
+		if ic.ValueList() != nil {
+			valuesCtx = ic.ValueList().AllValue()
+		} else {
+			valuesCtx = []grammar.IValueContext{ic.Value()}
+		}
+	case ctx.NotInClause() != nil:
+		nc := ctx.NotInClause()
+		if nc.ValueList() != nil {
+			valuesCtx = nc.ValueList().AllValue()
+		} else {
+			valuesCtx = []grammar.IValueContext{nc.Value()}
+		}
+	default:
+		v.addErr("IN clause is missing for %q", keyForErr)
+		return nil, false
+	}
+	if len(valuesCtx) == 0 {
+		v.addErr("IN list for %q is empty", keyForErr)
+		return nil, false
+	}
+	out := make([]string, 0, len(valuesCtx))
+	for _, vc := range valuesCtx {
+		s, ok := v.stringValue(vc, keyForErr)
+		if !ok {
+			return nil, false
+		}
+		out = append(out, s)
+	}
+	return out, true
+}
+
+func (v *visitor) stringValue(ctx grammar.IValueContext, keyForErr string) (string, bool) {
+	if ctx.QUOTED_TEXT() != nil {
+		return trimQuotes(ctx.QUOTED_TEXT().GetText()), true
+	}
+	if ctx.KEY() != nil {
+		// Bare tokens are accepted as strings, mirroring the FilterQuery lexer's
+		// treatment of unquoted identifiers on the value side.
+		return ctx.KEY().GetText(), true
+	}
+	v.addErr("expected a string value for %q, got %q", keyForErr, ctx.GetText())
+	return "", false
+}
+
+func (v *visitor) boolValue(ctx grammar.IValueContext) (bool, bool) {
+	if ctx.BOOL() == nil {
+		v.addErr("expected a boolean (true/false), got %q", ctx.GetText())
+		return false, false
+	}
+	return strings.EqualFold(ctx.BOOL().GetText(), "true"), true
+}
+
+func (v *visitor) timestampValue(ctx grammar.IValueContext) (time.Time, bool) {
+	if ctx.QUOTED_TEXT() == nil {
+		v.addErr("expected an RFC3339 timestamp string, got %q", ctx.GetText())
+		return time.Time{}, false
+	}
+	raw := trimQuotes(ctx.QUOTED_TEXT().GetText())
+	t, err := time.Parse(time.RFC3339, raw)
+	if err != nil {
+		v.addErr("invalid RFC3339 timestamp %q: %s", raw, err.Error())
+		return time.Time{}, false
+	}
+	return t, true
+}
+
+// ─── fragment helpers ────────────────────────────────────────────────────────
+
+func joinFragments(frags []*fragment, conn string) *fragment {
+	if len(frags) == 0 {
+		return nil
+	}
+	if len(frags) == 1 {
+		return frags[0]
+	}
+	parts := make([]string, len(frags))
+	args := make([]any, 0)
+	for i, f := range frags {
+		parts[i] = f.sql
+		args = append(args, f.args...)
+	}
+	return newFragment(strings.Join(parts, " "+conn+" "), args...)
+}
+
+func inFragment(colExpr string, op qbtypesv5.FilterOperator, vals []string) *fragment {
+	placeholders := strings.Repeat("?, ", len(vals))
+	placeholders = placeholders[:len(placeholders)-2]
+	args := make([]any, len(vals))
+	for i, s := range vals {
+		args[i] = s
+	}
+	return newFragment(colExpr+" "+opName(op)+" ("+placeholders+")", args...)
+}
+
+// opName returns the user-facing spelling of a FilterOperator. For the
+// operators we emit directly into SQL (=, !=, <, LIKE, IN, BETWEEN, …) the
+// spelling doubles as the SQL keyword. For the operators we don't emit
+// directly (ILIKE, CONTAINS, REGEXP, EXISTS, NOT EXISTS) it's only used in
+// error messages.
+func opName(op qbtypesv5.FilterOperator) string {
+	switch op {
+	case qbtypesv5.FilterOperatorEqual:
+		return "="
+	case qbtypesv5.FilterOperatorNotEqual:
+		return "!="
+	case qbtypesv5.FilterOperatorLessThan:
+		return "<"
+	case qbtypesv5.FilterOperatorLessThanOrEq:
+		return "<="
+	case qbtypesv5.FilterOperatorGreaterThan:
+		return ">"
+	case qbtypesv5.FilterOperatorGreaterThanOrEq:
+		return ">="
+	case qbtypesv5.FilterOperatorBetween:
+		return "BETWEEN"
+	case qbtypesv5.FilterOperatorNotBetween:
+		return "NOT BETWEEN"
+	case qbtypesv5.FilterOperatorLike:
+		return "LIKE"
+	case qbtypesv5.FilterOperatorNotLike:
+		return "NOT LIKE"
+	case qbtypesv5.FilterOperatorILike:
+		return "ILIKE"
+	case qbtypesv5.FilterOperatorNotILike:
+		return "NOT ILIKE"
+	case qbtypesv5.FilterOperatorContains:
+		return "CONTAINS"
+	case qbtypesv5.FilterOperatorNotContains:
+		return "NOT CONTAINS"
+	case qbtypesv5.FilterOperatorRegexp:
+		return "REGEXP"
+	case qbtypesv5.FilterOperatorNotRegexp:
+		return "NOT REGEXP"
+	case qbtypesv5.FilterOperatorIn:
+		return "IN"
+	case qbtypesv5.FilterOperatorNotIn:
+		return "NOT IN"
+	case qbtypesv5.FilterOperatorExists:
+		return "EXISTS"
+	case qbtypesv5.FilterOperatorNotExists:
+		return "NOT EXISTS"
+	}
+	return "?"
+}
+
+// iLikeToLike maps ILIKE → LIKE for the LOWER(col) LIKE LOWER(?) emission.
+func iLikeToLike(op qbtypesv5.FilterOperator) qbtypesv5.FilterOperator {
+	if op == qbtypesv5.FilterOperatorNotILike {
+		return qbtypesv5.FilterOperatorNotLike
+	}
+	return qbtypesv5.FilterOperatorLike
+}
+
+// containsToLike maps CONTAINS → LIKE for the LIKE '%val%' emission.
+func containsToLike(op qbtypesv5.FilterOperator) qbtypesv5.FilterOperator {
+	if op == qbtypesv5.FilterOperatorNotContains {
+		return qbtypesv5.FilterOperatorNotLike
+	}
+	return qbtypesv5.FilterOperatorLike
+}
+
+// escapeLike escapes the LIKE meta-characters % and _ in user input so that a
+// CONTAINS query of `50%` doesn't match every value containing `50`.
+func escapeLike(s string) string {
+	r := strings.NewReplacer(`\`, `\\`, `%`, `\%`, `_`, `\_`)
+	return r.Replace(s)
+}
+
+func trimQuotes(s string) string {
+	if len(s) >= 2 {
+		if (s[0] == '"' && s[len(s)-1] == '"') || (s[0] == '\'' && s[len(s)-1] == '\'') {
+			s = s[1 : len(s)-1]
+		}
+	}
+	s = strings.ReplaceAll(s, `\\`, `\`)
+	s = strings.ReplaceAll(s, `\'`, `'`)
+	return s
+}

pkg/types/dashboardtypes/perses_dashboard.go

@@ -13,6 +13,8 @@ import (
 	"github.com/SigNoz/signoz/pkg/types/tagtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/perses/perses/pkg/model/api/v1/common"
+	"github.com/swaggest/jsonschema-go"
+	jsonpatch "gopkg.in/evanphx/json-patch.v4"
 	"k8s.io/apimachinery/pkg/util/validation"
 )
 
@@ -32,6 +34,7 @@ const (
 	DSLKeyCreatedBy   DSLKey = "created_by"
 	DSLKeyLocked      DSLKey = "locked"
 	DSLKeyPublic      DSLKey = "public"
+	DSLKeySource      DSLKey = "source"
 )
 
 // reservedDSLKeys are dashboard column-level filter names in the list-query DSL.
@@ -45,6 +48,7 @@ var reservedDSLKeys = map[DSLKey]struct{}{
 	DSLKeyCreatedBy:   {},
 	DSLKeyLocked:      {},
 	DSLKeyPublic:      {},
+	DSLKeySource:      {},
 }
 
 type DashboardV2 struct {
@@ -62,6 +66,54 @@ type DashboardV2 struct {
 	Spec DashboardSpec   `json:"spec" required:"true"`
 }
 
+func (d *DashboardV2) CanUpdate() error {
+	if d.Source == SourceIntegration {
+		return errors.Newf(errors.TypeInvalidInput, ErrCodeDashboardImmutable, "integration dashboards cannot be modified")
+	}
+	if d.Locked {
+		return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "cannot update a locked dashboard, please unlock the dashboard to update")
+	}
+	return nil
+}
+
+func (d *DashboardV2) Update(updateable UpdateableDashboardV2, updatedBy string, resolvedTags []*tagtypes.Tag) error {
+	if err := d.CanUpdate(); err != nil {
+		return err
+	}
+	if updateable.Name != d.Name {
+		return errors.NewInvalidInputf(ErrCodeDashboardImmutable, "name is immutable; cannot change from %q to %q", d.Name, updateable.Name)
+	}
+	d.DashboardV2MetadataBase = updateable.DashboardV2MetadataBase
+	d.Tags = resolvedTags
+	d.Spec = updateable.Spec
+	d.UpdatedBy = updatedBy
+	d.UpdatedAt = time.Now()
+	return nil
+}
+
+func (d *DashboardV2) CanLockUnlock(isAdmin bool, updatedBy string) error {
+	if d.Source == SourceIntegration {
+		return errors.Newf(errors.TypeInvalidInput, ErrCodeDashboardImmutable, "integration dashboards cannot be locked or unlocked")
+	}
+	if d.Source == SourceSystem {
+		return errors.Newf(errors.TypeInvalidInput, ErrCodeDashboardImmutable, "system dashboards cannot be locked or unlocked")
+	}
+	if d.CreatedBy != updatedBy && !isAdmin {
+		return errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "you are not authorized to lock/unlock this dashboard")
+	}
+	return nil
+}
+
+func (d *DashboardV2) LockUnlock(lock bool, isAdmin bool, updatedBy string) error {
+	if err := d.CanLockUnlock(isAdmin, updatedBy); err != nil {
+		return err
+	}
+	d.Locked = lock
+	d.UpdatedBy = updatedBy
+	d.UpdatedAt = time.Now()
+	return nil
+}
+
 type DashboardV2MetadataBase struct {
 	SchemaVersion string `json:"schemaVersion" required:"true"`
 	Image         string `json:"image,omitempty"`
@@ -263,6 +315,87 @@ func (s StorableDashboardV2Data) toStorableDashboardData() (StorableDashboardDat
 
 type StorableDashboardV2Metadata = DashboardV2MetadataBase
 
+// ════════════════════════════════════════════════════════════════════════
+// Updateable
+// ════════════════════════════════════════════════════════════════════════
+
+type UpdateableDashboardV2 = PostableDashboardV2
+
+func (d DashboardV2) toUpdateableDashboardV2() UpdateableDashboardV2 {
+	return PostableDashboardV2{
+		DashboardV2MetadataBase: d.DashboardV2MetadataBase,
+		Name:                    d.Name,
+		Tags:                    tagtypes.NewPostableTagsFromTags(d.Tags),
+		Spec:                    d.Spec,
+	}
+}
+
+// ════════════════════════════════════════════════════════════════════════
+// Patchable
+// ════════════════════════════════════════════════════════════════════════
+
+// PatchableDashboardV2 is an RFC 6902 JSON Patch document applied against a
+// PostableDashboardV2-shaped view of an existing dashboard. Patch ops can
+// target any field — including individual entries inside `data.panels`,
+// `data.panels.<id>.spec.queries`, or `tags` — without re-sending the rest of
+// the dashboard.
+type PatchableDashboardV2 struct {
+	patch jsonpatch.Patch
+}
+
+// JSONPatchDocument is the OpenAPI-facing schema for an RFC 6902 patch body.
+// PatchableDashboardV2 has only an internal `jsonpatch.Patch` field, so the
+// reflector would emit an empty schema; the handler def points at this type
+// instead so consumers see the array-of-ops shape.
+type JSONPatchDocument []JSONPatchOperation
+
+// JSONPatchOperation is one RFC 6902 op. Not every field is valid on every
+// op kind (e.g. `value` is required for add/replace/test, ignored for remove;
+// `from` is required for move/copy) — the JSON Patch RFC governs that.
+type JSONPatchOperation struct {
+	Op    string `json:"op" required:"true"`
+	Path  string `json:"path" required:"true" description:"JSON Pointer (RFC 6901) into the dashboard's postable shape — e.g. /spec/display/name, /spec/panels/<id>, /spec/panels/<id>/spec/queries/0, /tags/-."`
+	Value any    `json:"value,omitempty" description:"Value to add/replace/test against. The expected type depends on the path. Common shapes (see referenced schemas for the exact field set): /spec/panels/<id> takes a DashboardtypesPanel; /spec/panels/<id>/spec/queries/N (or /-) takes a DashboardtypesQuery; /spec/variables/N takes a DashboardtypesVariable; /spec/layouts/N takes a DashboardtypesLayout; /tags/N (or /-) takes a TagtypesPostableTag; /spec/display/name and other leaf string fields take a string. Required for add/replace/test; ignored for remove/move/copy."`
+	From  string `json:"from,omitempty" description:"Source JSON Pointer for move/copy ops; ignored for other ops."`
+}
+
+// PrepareJSONSchema constrains the `op` field to the six RFC 6902 verbs.
+func (JSONPatchOperation) PrepareJSONSchema(s *jsonschema.Schema) error {
+	op, ok := s.Properties["op"]
+	if !ok || op.TypeObject == nil {
+		return errors.NewInternalf(errors.CodeInternal, "JSONPatchOperation schema missing `op` property")
+	}
+	op.TypeObject.WithEnum("add", "remove", "replace", "move", "copy", "test")
+	s.Properties["op"] = op
+	return nil
+}
+
+func (p *PatchableDashboardV2) UnmarshalJSON(data []byte) error {
+	patch, err := jsonpatch.DecodePatch(data)
+	if err != nil {
+		return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s", err.Error())
+	}
+	p.patch = patch
+	return nil
+}
+
+func (p PatchableDashboardV2) Apply(existing *DashboardV2) (*UpdateableDashboardV2, error) {
+	existingAsUpdateable := existing.toUpdateableDashboardV2()
+	raw, err := json.Marshal(existingAsUpdateable)
+	if err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "marshal existing dashboard for patch")
+	}
+	patched, err := p.patch.Apply(raw)
+	if err != nil {
+		return nil, errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s", err.Error())
+	}
+	out := &UpdateableDashboardV2{}
+	if err := json.Unmarshal(patched, out); err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // ════════════════════════════════════════════════════════════════════════
 // Convertors
 // ════════════════════════════════════════════════════════════════════════

pkg/types/dashboardtypes/perses_dashboard_patch_test.go

@@ -0,0 +1,566 @@
+package dashboardtypes
+
+import (
+	"encoding/json"
+	"strings"
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// basePostableJSON is the postable shape of a small but realistic v2
+// dashboard used as the base document for patch tests. Each panel carries
+// one builder query in the same shape production dashboards use
+// (aggregations, filter, groupBy populated), and the dashboard has one
+// variable — the variable is not patched in any test here, that's
+// covered in a separate variable-focused suite.
+const basePostableJSON = `{
+	"schemaVersion": "v6",
+	"name": "service-overview",
+	"tags": [{"key": "team", "value": "alpha"}, {"key": "env", "value": "prod"}],
+	"spec": {
+		"display": {"name": "Service overview"},
+		"variables": [
+			{
+				"kind": "ListVariable",
+				"spec": {
+					"name": "service",
+					"allowAllValue": true,
+					"allowMultiple": false,
+					"plugin": {
+						"kind": "signoz/DynamicVariable",
+						"spec": {"name": "service.name", "signal": "metrics"}
+					}
+				}
+			}
+		],
+		"panels": {
+			"p1": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/TimeSeriesPanel", "spec": {}},
+					"queries": [
+						{
+							"kind": "TimeSeriesQuery",
+							"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+								"name": "A",
+								"signal": "metrics",
+								"aggregations": [{
+									"metricName": "signoz_calls_total",
+									"temporality": "cumulative",
+									"timeAggregation": "rate",
+									"spaceAggregation": "sum"
+								}],
+								"filter": {"expression": "service.name IN $service"},
+								"groupBy": [{"name": "service.name", "fieldDataType": "string", "fieldContext": "tag"}]
+							}}}
+						}
+					]
+				}
+			},
+			"p2": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/NumberPanel", "spec": {}},
+					"queries": [
+						{
+							"kind": "TimeSeriesQuery",
+							"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+								"name": "X",
+								"signal": "metrics",
+								"aggregations": [{
+									"metricName": "signoz_latency_count",
+									"temporality": "cumulative",
+									"timeAggregation": "rate",
+									"spaceAggregation": "sum"
+								}]
+							}}}
+						}
+					]
+				}
+			}
+		},
+		"layouts": [
+			{
+				"kind": "Grid",
+				"spec": {
+					"display": {"title": "Row 1"},
+					"items": [
+						{"x": 0, "y": 0, "width": 6, "height": 6, "content": {"$ref": "#/spec/panels/p1"}},
+						{"x": 6, "y": 0, "width": 6, "height": 6, "content": {"$ref": "#/spec/panels/p2"}}
+					]
+				}
+			}
+		],
+		"duration": "1h"
+	}
+}`
+
+func TestPatchableDashboardV2_Apply(t *testing.T) {
+	// Apply doesn't mutate the input *DashboardV2 — it marshals it to
+	// JSON, applies the patch, and unmarshals the result into a fresh
+	// struct. Sharing one base across subtests is safe.
+	var p PostableDashboardV2
+	require.NoError(t, json.Unmarshal([]byte(basePostableJSON), &p), "base postable JSON must validate")
+	testOrgID := valuer.GenerateUUID()
+	base := p.NewDashboardV2(testOrgID, "somecreatedthisiguess@signoz.io", SourceUser)
+	base.Tags = []*tagtypes.Tag{
+		{Key: "team", Value: "alpha"},
+		{Key: "env", Value: "prod"},
+	}
+
+	decode := func(t *testing.T, body string) PatchableDashboardV2 {
+		t.Helper()
+		var patch PatchableDashboardV2
+		require.NoError(t, json.Unmarshal([]byte(body), &patch))
+		return patch
+	}
+
+	// jsonOf marshals the patched dashboard back to JSON so subtests can
+	// assert on field values without reaching into the typed plugin specs.
+	jsonOf := func(t *testing.T, out *UpdateableDashboardV2) string {
+		t.Helper()
+		raw, err := json.Marshal(out)
+		require.NoError(t, err)
+		return string(raw)
+	}
+
+	// ─────────────────────────────────────────────────────────────────
+	// Successful patches
+	// ─────────────────────────────────────────────────────────────────
+
+	t.Run("no-op preserves all fields", func(t *testing.T) {
+		out, err := decode(t, `[]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, base.DashboardV2MetadataBase, out.DashboardV2MetadataBase)
+		assert.Equal(t, tagtypes.NewPostableTagsFromTags(base.Tags), out.Tags)
+		assert.Equal(t, base.Spec.Display.Name, out.Spec.Display.Name)
+		require.Equal(t, len(base.Spec.Panels), len(out.Spec.Panels))
+		for k, panel := range base.Spec.Panels {
+			require.Contains(t, out.Spec.Panels, k)
+			assert.Equal(t, panel.Spec.Plugin.Kind, out.Spec.Panels[k].Spec.Plugin.Kind)
+		}
+		assert.Len(t, out.Tags, len(base.Tags))
+		assert.Len(t, out.Spec.Variables, len(base.Spec.Variables))
+		assert.Len(t, out.Spec.Layouts, len(base.Spec.Layouts))
+	})
+
+	t.Run("add metadata image", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "add", "path": "/image", "value": "https://example.com/img.png"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "https://example.com/img.png", out.Image)
+		assert.Equal(t, SchemaVersion, out.SchemaVersion, "schemaVersion preserved")
+	})
+
+	t.Run("replace display name", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/spec/display/name", "value": "Renamed"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "Renamed", out.Spec.Display.Name)
+	})
+
+	// Per RFC 6902 § 4.1, `add` on an existing object member replaces the
+	// existing value rather than erroring — same effect as `replace`.
+	t.Run("add overwrites existing display name", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "add", "path": "/spec/display/name", "value": "Overwritten"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "Overwritten", out.Spec.Display.Name)
+	})
+
+	t.Run("add data refreshInterval", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "add", "path": "/spec/refreshInterval", "value": "30s"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "30s", string(out.Spec.RefreshInterval))
+	})
+
+	t.Run("add panel leaves others untouched", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "add",
+			"path": "/spec/panels/p3",
+			"value": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/TablePanel", "spec": {}},
+					"queries": [{
+						"kind": "TimeSeriesQuery",
+						"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+							"name": "A",
+							"signal": "logs",
+							"aggregations": [{"expression": "count()"}]
+						}}}
+					}]
+				}
+			}
+		}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Len(t, out.Spec.Panels, 3)
+		assert.Contains(t, out.Spec.Panels, "p3")
+		// Plugin specs round-trip through MarshalJSON which resolves defaults
+		// (e.g. timePreference → "global_time"), so compare the serialized
+		// shape rather than the in-memory structs to skip that normalization.
+		for _, id := range []string{"p1", "p2"} {
+			wantJSON, err := json.Marshal(base.Spec.Panels[id])
+			require.NoError(t, err)
+			gotJSON, err := json.Marshal(out.Spec.Panels[id])
+			require.NoError(t, err)
+			assert.JSONEq(t, string(wantJSON), string(gotJSON), "panel %s untouched", id)
+		}
+	})
+
+	t.Run("replace single panel", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "replace",
+			"path": "/spec/panels/p2",
+			"value": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/BarChartPanel", "spec": {}},
+					"queries": [{
+						"kind": "TimeSeriesQuery",
+						"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+							"name": "A",
+							"signal": "metrics",
+							"aggregations": [{
+								"metricName": "signoz_calls_total",
+								"temporality": "cumulative",
+								"timeAggregation": "rate",
+								"spaceAggregation": "sum"
+							}]
+						}}}
+					}]
+				}
+			}
+		}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, PanelPluginKind("signoz/BarChartPanel"), out.Spec.Panels["p2"].Spec.Plugin.Kind)
+		assert.Equal(t, PanelPluginKind("signoz/TimeSeriesPanel"), out.Spec.Panels["p1"].Spec.Plugin.Kind, "p1 untouched")
+	})
+
+	// Removing a panel realistically also drops its layout item — exercise
+	// the multi-op shape the UI sends.
+	t.Run("remove panel and its layout item", func(t *testing.T) {
+		out, err := decode(t, `[
+			{"op": "remove", "path": "/spec/panels/p2"},
+			{"op": "remove", "path": "/spec/layouts/0/spec/items/1"}
+		]`).Apply(base)
+		require.NoError(t, err)
+		assert.Len(t, out.Spec.Panels, 1)
+		assert.Contains(t, out.Spec.Panels, "p1")
+		assert.NotContains(t, out.Spec.Panels, "p2")
+		raw := jsonOf(t, out)
+		assert.NotContains(t, raw, `"$ref":"#/spec/panels/p2"`)
+		assert.Contains(t, raw, `"$ref":"#/spec/panels/p1"`)
+	})
+
+	// The headline use case: edit a single field of a single query inside
+	// one panel without re-sending any other part of the dashboard.
+	t.Run("rename single query inside panel", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "replace",
+			"path": "/spec/panels/p1/spec/queries/0/spec/plugin/spec/name",
+			"value": "renamed"
+		}]`).Apply(base)
+		require.NoError(t, err)
+
+		require.Len(t, out.Spec.Panels["p1"].Spec.Queries, 1)
+		assert.Contains(t, jsonOf(t, out), `"name":"renamed"`)
+	})
+
+	// Replace a query at a specific index — swaps query "A" out for "B"
+	// without re-sending the rest of the panel.
+	t.Run("replace query at index", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "replace",
+			"path": "/spec/panels/p1/spec/queries/0",
+			"value": {
+				"kind": "TimeSeriesQuery",
+				"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+					"name": "B",
+					"signal": "metrics",
+					"aggregations": [{
+						"metricName": "signoz_db_calls_total",
+						"temporality": "cumulative",
+						"timeAggregation": "rate",
+						"spaceAggregation": "sum"
+					}]
+				}}}
+			}
+		}]`).Apply(base)
+		require.NoError(t, err)
+		require.Len(t, out.Spec.Panels["p1"].Spec.Queries, 1)
+		raw := jsonOf(t, out)
+		assert.Contains(t, raw, `"name":"B"`)
+		assert.NotContains(t, raw, `"name":"A"`)
+	})
+
+	// ─────────────────────────────────────────────────────────────────
+	// Layout edits
+	// ─────────────────────────────────────────────────────────────────
+
+	t.Run("move panel by editing layout x coordinate", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/spec/layouts/0/spec/items/0/x", "value": 6}]`).Apply(base)
+		require.NoError(t, err)
+		raw := jsonOf(t, out)
+		// The first item used to live at x=0, now lives at x=6.
+		assert.Contains(t, raw, `"x":6,"y":0,"width":6,"height":6,"content":{"$ref":"#/spec/panels/p1"}`)
+	})
+
+	t.Run("resize panel by editing layout width", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/spec/layouts/0/spec/items/0/width", "value": 12}]`).Apply(base)
+		require.NoError(t, err)
+		raw := jsonOf(t, out)
+		assert.Contains(t, raw, `"width":12`)
+	})
+
+	t.Run("rename layout row title", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/spec/layouts/0/spec/display/title", "value": "Latency"}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Contains(t, jsonOf(t, out), `"title":"Latency"`)
+	})
+
+	t.Run("append layout item", func(t *testing.T) {
+		out, err := decode(t, `[{
+			"op": "add",
+			"path": "/spec/layouts/0/spec/items/-",
+			"value": {"x": 0, "y": 6, "width": 12, "height": 6, "content": {"$ref": "#/spec/panels/p1"}}
+		}]`).Apply(base)
+		require.NoError(t, err)
+		// Item count went 2 → 3.
+		raw := jsonOf(t, out)
+		assert.Equal(t, 3, strings.Count(raw, `"$ref":"#/spec/panels/`))
+	})
+
+	// Composing add-panel + add-layout-item is the realistic shape of the
+	// "add a new chart to my dashboard" UI flow — exercise it end-to-end.
+	t.Run("add panel and corresponding layout item", func(t *testing.T) {
+		out, err := decode(t, `[
+			{
+				"op": "add",
+				"path": "/spec/panels/p3",
+				"value": {
+					"kind": "Panel",
+					"spec": {
+						"plugin": {"kind": "signoz/TablePanel", "spec": {}},
+						"queries": [{
+							"kind": "TimeSeriesQuery",
+							"spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+								"name": "A",
+								"signal": "logs",
+								"aggregations": [{"expression": "count()"}]
+							}}}
+						}]
+					}
+				}
+			},
+			{
+				"op": "add",
+				"path": "/spec/layouts/0/spec/items/-",
+				"value": {"x": 0, "y": 6, "width": 12, "height": 6, "content": {"$ref": "#/spec/panels/p3"}}
+			}
+		]`).Apply(base)
+		require.NoError(t, err)
+		assert.Len(t, out.Spec.Panels, 3)
+		raw := jsonOf(t, out)
+		assert.Contains(t, raw, `"$ref":"#/spec/panels/p3"`)
+	})
+
+	t.Run("append tag", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "add", "path": "/tags/-", "value": {"key": "env", "value": "staging"}}]`).Apply(base)
+		require.NoError(t, err)
+		require.Len(t, out.Tags, 3)
+		assert.Equal(t, "env", out.Tags[2].Key)
+		assert.Equal(t, "staging", out.Tags[2].Value)
+	})
+
+	t.Run("append tag when none exist", func(t *testing.T) {
+		noTagsBase := &DashboardV2{
+			DashboardV2MetadataBase: base.DashboardV2MetadataBase,
+			Name:                    base.Name,
+			Tags:                    nil,
+			Spec:                    base.Spec,
+		}
+		out, err := decode(t, `[{"op": "add", "path": "/tags/-", "value": {"key": "team", "value": "new"}}]`).Apply(noTagsBase)
+		require.NoError(t, err)
+		require.Len(t, out.Tags, 1)
+		assert.Equal(t, "team", out.Tags[0].Key)
+		assert.Equal(t, "new", out.Tags[0].Value)
+	})
+
+	t.Run("replace tag value", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/tags/0/value", "value": "beta"}]`).Apply(base)
+		require.NoError(t, err)
+		require.Len(t, out.Tags, 2)
+		assert.Equal(t, "team", out.Tags[0].Key)
+		assert.Equal(t, "beta", out.Tags[0].Value)
+		assert.Equal(t, "env", out.Tags[1].Key, "tag at index 1 untouched")
+		assert.Equal(t, "prod", out.Tags[1].Value, "tag at index 1 untouched")
+		for _, tag := range out.Tags {
+			assert.NotEqual(t, "alpha", tag.Value, "old tag value must be gone")
+		}
+	})
+
+	t.Run("multiple ops applied in order", func(t *testing.T) {
+		out, err := decode(t, `[
+			{"op": "replace", "path": "/spec/display/name", "value": "Multi-step"},
+			{"op": "remove",  "path": "/spec/panels/p2"},
+			{"op": "add",     "path": "/tags/-", "value": {"key": "env", "value": "staging"}}
+		]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "Multi-step", out.Spec.Display.Name)
+		assert.Len(t, out.Spec.Panels, 1)
+		assert.Len(t, out.Tags, 3)
+	})
+
+	// `test` is an RFC 6902 precondition op: aborts the patch if the value
+	// at the path doesn't equal the supplied value. Used for optimistic
+	// concurrency. Here it matches, so the subsequent ops apply.
+	t.Run("test op passes", func(t *testing.T) {
+		out, err := decode(t, `[
+			{"op": "test",    "path": "/spec/display/name", "value": "Service overview"},
+			{"op": "replace", "path": "/spec/display/name", "value": "Confirmed"}
+		]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, "Confirmed", out.Spec.Display.Name)
+	})
+
+	// ─────────────────────────────────────────────────────────────────
+	// Failure cases
+	// ─────────────────────────────────────────────────────────────────
+
+	t.Run("decode rejects non-array body", func(t *testing.T) {
+		var patch PatchableDashboardV2
+		err := json.Unmarshal([]byte(`{"op": "replace"}`), &patch)
+		require.Error(t, err)
+	})
+
+	t.Run("decode rejects malformed JSON", func(t *testing.T) {
+		var patch PatchableDashboardV2
+		// Outer json.Unmarshal rejects non-JSON before PatchableDashboardV2's
+		// UnmarshalJSON runs, so the error is a stdlib SyntaxError rather
+		// than the InvalidInput-classified wrap.
+		err := json.Unmarshal([]byte(`not json`), &patch)
+		require.Error(t, err)
+	})
+
+	// `test` precondition fails — the whole patch is rejected, including
+	// the subsequent replace.
+	t.Run("test op failure rejected", func(t *testing.T) {
+		_, err := decode(t, `[
+			{"op": "test", "path": "/spec/display/name", "value": "Wrong"},
+			{"op": "replace", "path": "/spec/display/name", "value": "Should not apply"}
+		]`).Apply(base)
+		require.Error(t, err)
+	})
+
+	t.Run("remove at missing path rejected", func(t *testing.T) {
+		_, err := decode(t, `[{"op": "remove", "path": "/spec/panels/does-not-exist"}]`).Apply(base)
+		require.Error(t, err)
+	})
+
+	t.Run("remove schemaVersion rejected", func(t *testing.T) {
+		_, err := decode(t, `[{"op": "remove", "path": "/schemaVersion"}]`).Apply(base)
+		require.Error(t, err)
+	})
+
+	t.Run("wrong schemaVersion rejected", func(t *testing.T) {
+		_, err := decode(t, `[{"op": "replace", "path": "/schemaVersion", "value": "v5"}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), SchemaVersion)
+	})
+
+	t.Run("empty display name defaults to dashboard name", func(t *testing.T) {
+		out, err := decode(t, `[{"op": "replace", "path": "/spec/display/name", "value": ""}]`).Apply(base)
+		require.NoError(t, err)
+		assert.Equal(t, base.Name, out.Spec.Display.Name, "empty display.name should default from name")
+	})
+
+	t.Run("unknown top-level field rejected", func(t *testing.T) {
+		_, err := decode(t, `[{"op": "add", "path": "/bogus", "value": 42}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "bogus")
+	})
+
+	t.Run("invalid panel kind rejected", func(t *testing.T) {
+		_, err := decode(t, `[{
+			"op": "replace",
+			"path": "/spec/panels/p1",
+			"value": {
+				"kind": "Panel",
+				"spec": {"plugin": {"kind": "signoz/NotAPanel", "spec": {}}}
+			}
+		}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "NotAPanel")
+	})
+
+	t.Run("query kind incompatible with panel rejected", func(t *testing.T) {
+		// PromQLQuery is not allowed on ListPanel — verify the cross-check
+		// in Validate still runs after a patch.
+		_, err := decode(t, `[{
+			"op": "replace",
+			"path": "/spec/panels/p2",
+			"value": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/ListPanel", "spec": {}},
+					"queries": [{"kind": "TimeSeriesQuery", "spec": {"plugin": {"kind": "signoz/PromQLQuery", "spec": {"name": "A", "query": "up"}}}}]
+				}
+			}
+		}]`).Apply(base)
+		require.Error(t, err)
+	})
+
+	t.Run("removing the only query rejected", func(t *testing.T) {
+		// Validate requires exactly one query per panel — leaving zero is rejected.
+		_, err := decode(t, `[{"op": "remove", "path": "/spec/panels/p2/spec/queries/0"}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "panel must have one query")
+	})
+
+	t.Run("two direct queries rejected", func(t *testing.T) {
+		// Validate requires exactly one query per panel. To display multiple
+		// data sources in one panel, wrap them in a CompositeQuery (see the
+		// "replace query with composite" subtest below).
+		_, err := decode(t, `[{
+			"op": "replace",
+			"path": "/spec/panels/p1",
+			"value": {
+				"kind": "Panel",
+				"spec": {
+					"plugin": {"kind": "signoz/TimeSeriesPanel", "spec": {}},
+					"queries": [
+						{"kind": "TimeSeriesQuery", "spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+							"name": "A", "signal": "metrics",
+							"aggregations": [{"metricName": "signoz_calls_total", "temporality": "cumulative", "timeAggregation": "rate", "spaceAggregation": "sum"}]
+						}}}},
+						{"kind": "TimeSeriesQuery", "spec": {"plugin": {"kind": "signoz/BuilderQuery", "spec": {
+							"name": "B", "signal": "metrics",
+							"aggregations": [{"metricName": "signoz_db_calls_total", "temporality": "cumulative", "timeAggregation": "rate", "spaceAggregation": "sum"}]
+						}}}}
+					]
+				}
+			}
+		}]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "panel must have one query")
+	})
+
+	t.Run("too many tags rejected", func(t *testing.T) {
+		// Base already has 2 tags; add 9 more to exceed MaxTagsPerDashboard (10).
+		_, err := decode(t, `[
+			{"op": "add", "path": "/tags/-", "value": {"key": "t", "value": "1"}},
+			{"op": "add", "path": "/tags/-", "value": {"key": "t", "value": "2"}},
+			{"op": "add", "path": "/tags/-", "value": {"key": "t", "value": "3"}},
+			{"op": "add", "path": "/tags/-", "value": {"key": "t", "value": "4"}},
+			{"op": "add", "path": "/tags/-", "value": {"key": "t", "value": "5"}},
+			{"op": "add", "path": "/tags/-", "value": {"key": "t", "value": "6"}},
+			{"op": "add", "path": "/tags/-", "value": {"key": "t", "value": "7"}},
+			{"op": "add", "path": "/tags/-", "value": {"key": "t", "value": "8"}},
+			{"op": "add", "path": "/tags/-", "value": {"key": "t", "value": "9"}}
+		]`).Apply(base)
+		require.Error(t, err)
+		require.Contains(t, err.Error(), "at most")
+	})
+}

pkg/types/dashboardtypes/pinned_dashboard.go

@@ -0,0 +1,22 @@
+package dashboardtypes
+
+import (
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+)
+
+const MaxPinnedDashboardsPerUser = 10
+
+var ErrCodePinnedDashboardLimitHit = errors.MustNewCode("pinned_dashboard_limit_hit")
+
+type PinnedDashboard struct {
+	bun.BaseModel `bun:"table:pinned_dashboard,alias:pinned_dashboard"`
+
+	UserID      valuer.UUID `bun:"user_id,pk,type:text"`
+	DashboardID valuer.UUID `bun:"dashboard_id,pk,type:text"`
+	OrgID       valuer.UUID `bun:"org_id,type:text,notnull"`
+	PinnedAt    time.Time   `bun:"pinned_at,notnull,default:current_timestamp"`
+}

pkg/types/dashboardtypes/store.go

@@ -32,4 +32,16 @@ type Store interface {
 	DeletePublic(context.Context, string) error
 
 	RunInTx(context.Context, func(context.Context) error) error
+
+	// ════════════════════════════════════════════════════════════════════════
+	// v2 dashboard methods
+	// ════════════════════════════════════════════════════════════════════════
+
+	// int64 return is the total row count for the filter (pre-limit/offset),
+	ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *ListDashboardsV2Params) ([]*DashboardListRow, int64, error)
+
+	// Returns ErrCodePinnedDashboardLimitHit when the user is at MaxPinnedDashboardsPerUser.
+	PinForUser(ctx context.Context, pd *PinnedDashboard) error
+
+	UnpinForUser(ctx context.Context, userID valuer.UUID, dashboardID valuer.UUID) error
 }

pkg/types/querybuildertypes/querybuildertypesv5/resource_filter_resolve.go

@@ -0,0 +1,9 @@
+package querybuildertypesv5
+
+type ResourceFilterResolveKind int
+
+const (
+	ResourceFilterResolveKindNoOp ResourceFilterResolveKind = iota
+	ResourceFilterResolveKindUseCTE
+	ResourceFilterResolveKindFallback
+)

tests/integration/tests/dashboard/03_v2_dashboard.py

@@ -0,0 +1,288 @@
+import json
+from collections.abc import Callable
+from http import HTTPStatus
+from pathlib import Path
+
+import pytest
+import requests
+
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
+from fixtures.types import Operation, SigNoz
+
+_PERSES_FIXTURE = (
+    Path(__file__).parents[4]
+    / "pkg/types/dashboardtypes/dashboardtypesv2/testdata/perses.json"
+)
+
+
+def _post_dashboard(signoz: SigNoz, token: str, body: dict) -> requests.Response:
+    return requests.post(
+        signoz.self.host_configs["8080"].get("/api/v2/dashboards"),
+        json=body,
+        headers={"Authorization": f"Bearer {token}"},
+        timeout=2,
+    )
+
+
+def test_empty_body_rejected_for_missing_schema_version(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(signoz, admin_token, {})
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["status"] == "error"
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == 'metadata.schemaVersion must be "v6", got ""'
+
+
+def test_missing_display_name_rejected(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(signoz, admin_token, {"metadata": {"schemaVersion": "v6"}})
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["status"] == "error"
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == "data.display.name is required"
+
+
+def test_minimal_valid_body_creates_dashboard(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {"display": {"name": "test name"}},
+        },
+    )
+
+    assert response.status_code == HTTPStatus.CREATED
+    body = response.json()
+    assert body["status"] == "success"
+    data = body["data"]
+    assert data["info"]["data"]["display"]["name"] == "test name"
+    assert data["info"]["metadata"]["schemaVersion"] == "v6"
+
+
+def test_unknown_root_field_rejected(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {"display": {"name": "test name"}},
+            "unknownfieldattheroot": "shouldgiveanerror",
+        },
+    )
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["status"] == "error"
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == 'json: unknown field "unknownfieldattheroot"'
+
+
+def test_unknown_nested_field_rejected(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {
+                "display": {
+                    "name": "test name",
+                    "unknownfieldinside": "shouldgiveanerror",
+                },
+            },
+        },
+    )
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["status"] == "error"
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == 'json: unknown field "unknownfieldinside"'
+
+
+def test_perses_fixture_creates_dashboard(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    """The perses.json fixture is the kitchen-sink dashboard the schema tests
+    use; round-tripping it through the create API exercises the full plugin
+    surface end-to-end."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    data = json.loads(_PERSES_FIXTURE.read_text())
+    response = _post_dashboard(
+        signoz,
+        admin_token,
+        {"metadata": {"schemaVersion": "v6"}, "data": data},
+    )
+
+    assert response.status_code == HTTPStatus.CREATED
+    body = response.json()
+    assert body["status"] == "success"
+    assert body["data"]["info"]["data"]["display"]["name"] == data["display"]["name"]
+
+
+def test_tag_casing_is_inherited_from_existing_parent(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    """A second dashboard tagged with a sibling under a casing-variant parent
+    path should adopt the existing parent's casing while keeping the
+    user-supplied casing for the new leaf segment."""
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    first = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {"display": {"name": "dac"}},
+            "tags": [{"name": "engineering/US/NYC"}],
+        },
+    )
+    assert first.status_code == HTTPStatus.CREATED
+    first_tags = first.json()["data"]["info"]["tags"]
+    assert first_tags == [{"name": "engineering/US/NYC"}]
+
+    second = _post_dashboard(
+        signoz,
+        admin_token,
+        {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {"display": {"name": "dac"}},
+            "tags": [{"name": "engineering/us/SF"}],
+        },
+    )
+    assert second.status_code == HTTPStatus.CREATED
+    second_tags = second.json()["data"]["info"]["tags"]
+    assert second_tags == [{"name": "engineering/US/SF"}]
+
+
+# ─── list filter DSL ─────────────────────────────────────────────────────────
+# All fixtures carry a marker tag so each test query can be ANDed with
+# `tag = '__lst_v2_filter_test'` server-side. That guarantees no leakage
+# from any other test file/module sharing the session-scoped DB. The marker
+# rules out a `tag NOT EXISTS` case (a fixture that's no-tags by design
+# can't also carry the marker) — that operator is covered by the visitor
+# unit tests in pkg/types/dashboardtypes/listfilter.
+
+_LIST_FIXTURE_MARKER_TAG = "__lst_v2_filter_test"
+
+_LIST_FIXTURE_DASHBOARDS = [
+    ("lst-overview-prod", ["team/pulse", "prod", "team/frontend"]),
+    ("lst-overview-dev", ["team/pulse", "dev"]),
+    ("lst-database-prod", ["team/storage", "prod", "database/postgres"]),
+    ("lst-database-test", ["team/storage", "test", "database/redis"]),
+    ("lst-frontend-team", ["team/pulse", "team/frontend"]),
+]
+
+
+@pytest.fixture(name="list_fixture_dashboards", scope="module")
+def list_fixture_dashboards(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+) -> None:
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    for name, tags in _LIST_FIXTURE_DASHBOARDS:
+        body: dict = {
+            "metadata": {"schemaVersion": "v6"},
+            "data": {"display": {"name": name}},
+            "tags": [{"name": t} for t in [*tags, _LIST_FIXTURE_MARKER_TAG]],
+        }
+        response = _post_dashboard(signoz, admin_token, body)
+        assert response.status_code == HTTPStatus.CREATED, response.text
+
+
+@pytest.mark.parametrize(
+    ("filter_query", "expected_names"),
+    [
+        (
+            "name = 'lst-overview-prod' AND tag = 'team/frontend'",
+            {"lst-overview-prod"},
+        ),
+        (
+            "name LIKE 'database/%' AND tag = 'team/storage'",
+            {"lst-database-prod", "lst-database-test"},
+        ),
+        (
+            "(name CONTAINS 'overview' OR name CONTAINS 'frontend') AND tag NOT IN ['dev']",
+            {"lst-overview-prod", "lst-frontend-team"},
+        ),
+        (
+            "NOT tag = 'prod' AND name CONTAINS 'lst-'",
+            {"lst-overview-dev", "lst-database-test", "lst-frontend-team"},
+        ),
+        (
+            "tag = 'team/pulse' AND tag != 'dev'",
+            {"lst-overview-prod", "lst-frontend-team"},
+        ),
+        (
+            "tag IN ['dev', 'test'] OR name = 'lst-overview-prod'",
+            {"lst-overview-dev", "lst-database-test", "lst-overview-prod"},
+        ),
+        (
+            "tag = 'team/pulse' AND tag LIKE 'database/%'",
+            {"lst-overview-dev", "lst-database-test", "lst-overview-prod"},
+        ),
+    ],
+)
+def test_list_v2_filter_dsl(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    list_fixture_dashboards: None,  # pylint: disable=unused-argument
+    filter_query: str,
+    expected_names: set[str],
+):
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    scoped_query = f"({filter_query}) AND tag = '{_LIST_FIXTURE_MARKER_TAG}'"
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v2/dashboards"),
+        params={"query": scoped_query, "limit": 200},
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.OK, response.text
+    body = response.json()
+    assert body["status"] == "success"
+
+    returned_names = {
+        d["info"]["data"]["display"]["name"] for d in body["data"]["dashboards"]
+    }
+    assert returned_names == expected_names

tests/integration/tests/querier_skip_resource_fingerprint/01_skip_resource_fingerprint.py

@@ -0,0 +1,105 @@
+"""
+Transparency check for the skip_resource_fingerprint optimization (traces and logs).
+
+At or above the configured fingerprint threshold the optimization pushes resource
+conditions onto the main spans/logs table instead of the fingerprint CTE. That
+rewrite must change ClickHouse performance, never the rows: each test runs the same
+query against the primary instance (optimization on, threshold=2) and
+`signoz_fingerprint` (optimization off) and asserts the responses are identical.
+"""
+
+from collections.abc import Callable
+from datetime import UTC, datetime, timedelta
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
+from fixtures.logs import Logs
+from fixtures.querier import (
+    BuilderQuery,
+    OrderBy,
+    TelemetryFieldKey,
+    assert_identical_query_response,
+    get_rows,
+    make_query_request,
+)
+from fixtures.traces import Traces
+
+
+def test_skip_resource_fingerprint_traces_fallback_matches_fingerprint(
+    signoz: types.SigNoz,
+    signoz_fingerprint: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_traces: Callable[[list[Traces]], None],
+) -> None:
+    """A >= 2-fingerprint filter drives the fallback path; rows must match the fingerprint baseline."""
+    now = datetime.now(tz=UTC).replace(second=0, microsecond=0)
+
+    # 3 distinct services share one env (3 fingerprints > threshold 2 -> fallback);
+    # the 4th has a different env and must be excluded.
+    env = {"deployment.environment": "skip-fallback"}
+    insert_traces(
+        [
+            Traces(timestamp=now - timedelta(seconds=10), resources={"service.name": "skip-fb-svc-a", **env}),
+            Traces(timestamp=now - timedelta(seconds=9), resources={"service.name": "skip-fb-svc-b", **env}),
+            Traces(timestamp=now - timedelta(seconds=8), resources={"service.name": "skip-fb-svc-c", **env}),
+            Traces(timestamp=now - timedelta(seconds=7), resources={"service.name": "skip-fb-other", "deployment.environment": "skip-other"}),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    query = BuilderQuery(
+        signal="traces",
+        limit=50,
+        order=[OrderBy(TelemetryFieldKey("timestamp"), "asc")],
+        filter_expression="deployment.environment = 'skip-fallback'",
+        select_fields=[TelemetryFieldKey("service.name", "string", "resource")],
+    ).to_dict()
+
+    start_ms = int((datetime.now(tz=UTC) - timedelta(minutes=5)).timestamp() * 1000)
+    end_ms = int(datetime.now(tz=UTC).timestamp() * 1000)
+    optimized = make_query_request(signoz, token, start_ms=start_ms, end_ms=end_ms, request_type="raw", queries=[query])
+    fingerprint = make_query_request(signoz_fingerprint, token, start_ms=start_ms, end_ms=end_ms, request_type="raw", queries=[query])
+
+    assert len(get_rows(optimized)) == 3
+    assert_identical_query_response(optimized, fingerprint)
+
+
+def test_skip_resource_fingerprint_logs_fallback_matches_fingerprint(
+    signoz: types.SigNoz,
+    signoz_fingerprint: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[list[Logs]], None],
+) -> None:
+    """A >= 2-fingerprint filter drives the fallback path; rows must match the fingerprint baseline."""
+    now = datetime.now(tz=UTC)
+
+    # 3 distinct services share one env (3 fingerprints > threshold 2 -> fallback);
+    # the 4th has a different env and must be excluded.
+    env = {"deployment.environment": "skip-logs-fallback"}
+    insert_logs(
+        [
+            Logs(timestamp=now - timedelta(seconds=10), resources={"service.name": "skip-logs-fb-svc-a", **env}, body="a"),
+            Logs(timestamp=now - timedelta(seconds=9), resources={"service.name": "skip-logs-fb-svc-b", **env}, body="b"),
+            Logs(timestamp=now - timedelta(seconds=8), resources={"service.name": "skip-logs-fb-svc-c", **env}, body="c"),
+            Logs(timestamp=now - timedelta(seconds=7), resources={"service.name": "skip-logs-fb-other", "deployment.environment": "skip-logs-other"}, body="noise"),
+        ]
+    )
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    query = BuilderQuery(
+        signal="logs",
+        limit=50,
+        order=[OrderBy(TelemetryFieldKey("timestamp"), "asc")],
+        filter_expression="deployment.environment = 'skip-logs-fallback'",
+        select_fields=[TelemetryFieldKey("service.name", "string", "resource"), TelemetryFieldKey("body")],
+    ).to_dict()
+
+    start_ms = int((datetime.now(tz=UTC) - timedelta(minutes=5)).timestamp() * 1000)
+    end_ms = int(datetime.now(tz=UTC).timestamp() * 1000)
+    optimized = make_query_request(signoz, token, start_ms=start_ms, end_ms=end_ms, request_type="raw", queries=[query])
+    fingerprint = make_query_request(signoz_fingerprint, token, start_ms=start_ms, end_ms=end_ms, request_type="raw", queries=[query])
+
+    assert len(get_rows(optimized)) == 3
+    assert_identical_query_response(optimized, fingerprint)

tests/integration/tests/querier_skip_resource_fingerprint/conftest.py

@@ -0,0 +1,71 @@
+import pytest
+from testcontainers.core.container import Network
+
+from fixtures import types
+from fixtures.signoz import create_signoz
+
+
+@pytest.fixture(name="signoz", scope="package")
+def signoz_skip_resource_fingerprint(
+    network: Network,
+    migrator: types.Operation,  # pylint: disable=unused-argument
+    zeus: types.TestContainerDocker,
+    gateway: types.TestContainerDocker,
+    sqlstore: types.TestContainerSQL,
+    clickhouse: types.TestContainerClickhouse,
+    request: pytest.FixtureRequest,
+    pytestconfig: pytest.Config,
+) -> types.SigNoz:
+    """
+    Package-scoped SigNoz instance with the skip_resource_fingerprint
+    optimization enabled and a low threshold so the fallback resolver path is
+    exercised (filters matching >= 2 fingerprints skip the fingerprint CTE).
+    """
+    return create_signoz(
+        network=network,
+        zeus=zeus,
+        gateway=gateway,
+        sqlstore=sqlstore,
+        clickhouse=clickhouse,
+        request=request,
+        pytestconfig=pytestconfig,
+        cache_key="signoz-skip-resource-fingerprint",
+        env_overrides={
+            "SIGNOZ_QUERIER_SKIP__RESOURCE__FINGERPRINT_ENABLED": True,
+            "SIGNOZ_QUERIER_SKIP__RESOURCE__FINGERPRINT_THRESHOLD": 2,
+        },
+    )
+
+
+@pytest.fixture(name="signoz_fingerprint", scope="package")
+def signoz_fingerprint(
+    network: Network,
+    migrator: types.Operation,  # pylint: disable=unused-argument
+    zeus: types.TestContainerDocker,
+    gateway: types.TestContainerDocker,
+    sqlstore: types.TestContainerSQL,
+    clickhouse: types.TestContainerClickhouse,
+    request: pytest.FixtureRequest,
+    pytestconfig: pytest.Config,
+) -> types.SigNoz:
+    """
+    A second SigNoz instance with the optimization disabled, so every query
+    resolves resource filters through the fingerprint CTE (the path the primary
+    also takes below the threshold). It shares the same ClickHouse (telemetry)
+    and sqlstore (users) as the primary instance, which lets a single admin
+    token authenticate against both and lets the tests diff the optimized
+    result against this fingerprint baseline for the same query and data.
+    """
+    return create_signoz(
+        network=network,
+        zeus=zeus,
+        gateway=gateway,
+        sqlstore=sqlstore,
+        clickhouse=clickhouse,
+        request=request,
+        pytestconfig=pytestconfig,
+        cache_key="signoz-skip-resource-fingerprint-baseline",
+        env_overrides={
+            "SIGNOZ_QUERIER_SKIP__RESOURCE__FINGERPRINT_ENABLED": False,
+        },
+    )