fix: wrap naked errors

* feat: delete dashboard v2 API

* fix: fix post merge build and spec errors

.github/workflows/integrationci.yaml

@@ -39,7 +39,6 @@ jobs:
       matrix:
         suite:
           - alerts
-          - basepath
           - callbackauthn
           - cloudintegrations
           - dashboard
@@ -84,7 +83,7 @@ jobs:
         run: |
           cd tests && uv sync
       - name: webdriver
-        if: matrix.suite == 'callbackauthn' || matrix.suite == 'basepath'
+        if: matrix.suite == 'callbackauthn'
         run: |
           wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
           echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | sudo tee -a /etc/apt/sources.list.d/google-chrome.list

cmd/community/server.go

@@ -91,7 +91,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		sqlstoreProviderFactories(),
 		signoz.NewTelemetryStoreProviderFactories(),
 		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
-			return signoz.NewAuthNs(ctx, providerSettings, store, licensing, config.Global)
+			return signoz.NewAuthNs(ctx, providerSettings, store, licensing)
 		},
 		func(ctx context.Context, sqlstore sqlstore.SQLStore, config authz.Config, _ licensing.Licensing, _ []authz.OnBeforeRoleDelete) (factory.ProviderFactory[authz.AuthZ, authz.Config], error) {
 			openfgaDataStore, err := openfgaserver.NewSQLStore(sqlstore, config)

cmd/enterprise/server.go

@@ -107,17 +107,17 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		sqlstoreProviderFactories(),
 		signoz.NewTelemetryStoreProviderFactories(),
 		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
-			samlCallbackAuthN, err := samlcallbackauthn.New(ctx, store, licensing, config.Global)
+			samlCallbackAuthN, err := samlcallbackauthn.New(ctx, store, licensing)
 			if err != nil {
 				return nil, err
 			}
 
-			oidcCallbackAuthN, err := oidccallbackauthn.New(store, licensing, providerSettings, config.Global)
+			oidcCallbackAuthN, err := oidccallbackauthn.New(store, licensing, providerSettings)
 			if err != nil {
 				return nil, err
 			}
 
-			authNs, err := signoz.NewAuthNs(ctx, providerSettings, store, licensing, config.Global)
+			authNs, err := signoz.NewAuthNs(ctx, providerSettings, store, licensing)
 			if err != nil {
 				return nil, err
 			}

conf/example.yaml

@@ -440,17 +440,6 @@ traces:
     max_depth_to_auto_expand: 5
     # Threshold below which all spans are returned without windowing.
     max_limit_to_select_all_spans: 10000
-  flamegraph:
-    # Maximum number of BFS depth levels included in a windowed response.
-    max_selected_levels: 50
-    # Maximum spans per level before sampling is applied.
-    max_spans_per_level: 100
-    # Number of highest-latency spans always included when sampling a level.
-    sampling_top_latency_count: 5
-    # Number of timestamp buckets used for uniform sampling within a level.
-    sampling_bucket_count: 50
-    # Threshold below which all spans are returned without windowing or sampling.
-    select_all_spans_limit: 100000
 
 ##################### Authz #################################
 authz:

docs/api/openapi.yml

@@ -1360,7 +1360,6 @@ components:
       - sqs
       - storageaccountsblob
       - cdnprofile
-      - aks
       type: string
     CloudintegrationtypesServiceMetadata:
       properties:
@@ -2653,7 +2652,7 @@ components:
           $ref: '#/components/schemas/DashboardtypesDashboardSpec'
         tags:
           items:
-            $ref: '#/components/schemas/TagtypesPostableTag'
+            $ref: '#/components/schemas/TagtypesGettableTag'
           nullable: true
           type: array
         updatedAt:
@@ -2771,6 +2770,11 @@ components:
       - solid
       - dashed
       type: string
+    DashboardtypesListOrder:
+      enum:
+      - asc
+      - desc
+      type: string
     DashboardtypesListPanelSpec:
       properties:
         selectFields:
@@ -2778,6 +2782,12 @@ components:
             $ref: '#/components/schemas/TelemetrytypesTelemetryFieldKey'
           type: array
       type: object
+    DashboardtypesListSort:
+      enum:
+      - updated_at
+      - created_at
+      - name
+      type: string
     DashboardtypesListVariableSpec:
       properties:
         allowAllValue:
@@ -2800,6 +2810,74 @@ components:
           nullable: true
           type: string
       type: object
+    DashboardtypesListableDashboardV2:
+      properties:
+        dashboards:
+          items:
+            $ref: '#/components/schemas/DashboardtypesListedDashboardV2'
+          type: array
+        tags:
+          items:
+            $ref: '#/components/schemas/TagtypesGettableTag'
+          type: array
+        total:
+          format: int64
+          type: integer
+      required:
+      - dashboards
+      - total
+      - tags
+      type: object
+    DashboardtypesListedDashboardV2:
+      properties:
+        createdAt:
+          format: date-time
+          type: string
+        createdBy:
+          type: string
+        id:
+          type: string
+        image:
+          type: string
+        locked:
+          type: boolean
+        name:
+          type: string
+        orgId:
+          type: string
+        pinned:
+          type: boolean
+        schemaVersion:
+          type: string
+        source:
+          $ref: '#/components/schemas/DashboardtypesSource'
+        spec:
+          $ref: '#/components/schemas/DashboardtypesListedDashboardV2Spec'
+        tags:
+          items:
+            $ref: '#/components/schemas/TagtypesGettableTag'
+          type: array
+        updatedAt:
+          format: date-time
+          type: string
+        updatedBy:
+          type: string
+      required:
+      - id
+      - orgId
+      - locked
+      - source
+      - schemaVersion
+      - name
+      - pinned
+      - tags
+      - spec
+      type: object
+    DashboardtypesListedDashboardV2Spec:
+      properties:
+        display:
+          $ref: '#/components/schemas/CommonDisplay'
+      type: object
     DashboardtypesNumberPanelSpec:
       properties:
         formatting:
@@ -6639,70 +6717,6 @@ components:
       - attribute
       - resource
       type: string
-    SpantypesFlamegraphSpan:
-      properties:
-        attributes:
-          additionalProperties: {}
-          type: object
-        durationNano:
-          minimum: 0
-          type: integer
-        event:
-          items:
-            $ref: '#/components/schemas/SpantypesEvent'
-          type: array
-        hasError:
-          type: boolean
-        level:
-          format: int64
-          type: integer
-        name:
-          type: string
-        parentSpanId:
-          type: string
-        resource:
-          additionalProperties:
-            type: string
-          type: object
-        spanId:
-          type: string
-        timestamp:
-          minimum: 0
-          type: integer
-      required:
-      - spanId
-      - parentSpanId
-      - timestamp
-      - durationNano
-      - hasError
-      - name
-      - level
-      - event
-      - attributes
-      - resource
-      type: object
-    SpantypesGettableFlamegraphTrace:
-      properties:
-        endTimestampMillis:
-          format: int64
-          type: integer
-        hasMore:
-          type: boolean
-        spans:
-          items:
-            items:
-              $ref: '#/components/schemas/SpantypesFlamegraphSpan'
-            type: array
-          type: array
-        startTimestampMillis:
-          format: int64
-          type: integer
-      required:
-      - spans
-      - startTimestampMillis
-      - endTimestampMillis
-      - hasMore
-      type: object
     SpantypesGettableSpanMapperGroups:
       properties:
         items:
@@ -6768,15 +6782,6 @@ components:
         traceId:
           type: string
       type: object
-    SpantypesPostableFlamegraph:
-      properties:
-        selectFields:
-          items:
-            $ref: '#/components/schemas/TelemetrytypesTelemetryFieldKey'
-          type: array
-        selectedSpanId:
-          type: string
-      type: object
     SpantypesPostableSpanMapper:
       properties:
         config:
@@ -7072,6 +7077,16 @@ components:
       required:
       - references
       type: object
+    TagtypesGettableTag:
+      properties:
+        key:
+          type: string
+        value:
+          type: string
+      required:
+      - key
+      - value
+      type: object
     TagtypesPostableTag:
       properties:
         key:
@@ -13107,6 +13122,80 @@ paths:
       tags:
       - preferences
   /api/v2/dashboards:
+    get:
+      deprecated: false
+      description: Returns a page of v2-shape dashboards for the calling user's org.
+        Supports a filter DSL (`query`), sort (`updated_at`/`created_at`/`name`),
+        order (`asc`/`desc`), and offset-based pagination (`limit`/`offset`).
+      operationId: ListDashboardsV2
+      parameters:
+      - in: query
+        name: query
+        schema:
+          type: string
+      - in: query
+        name: sort
+        schema:
+          $ref: '#/components/schemas/DashboardtypesListSort'
+      - in: query
+        name: order
+        schema:
+          $ref: '#/components/schemas/DashboardtypesListOrder'
+      - in: query
+        name: limit
+        schema:
+          type: integer
+      - in: query
+        name: offset
+        schema:
+          type: integer
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                properties:
+                  data:
+                    $ref: '#/components/schemas/DashboardtypesListableDashboardV2'
+                  status:
+                    type: string
+                required:
+                - status
+                - data
+                type: object
+          description: OK
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: List dashboards (v2)
+      tags:
+      - dashboard
     post:
       deprecated: false
       description: This endpoint creates a dashboard in the v2 format that follows
@@ -13165,6 +13254,62 @@ paths:
       tags:
       - dashboard
   /api/v2/dashboards/{id}:
+    delete:
+      deprecated: false
+      description: This endpoint deletes a v2-shape dashboard along with its tag relations.
+        Locked dashboards are rejected.
+      operationId: DeleteDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - EDITOR
+      - tokenizer:
+        - EDITOR
+      summary: Delete dashboard (v2)
+      tags:
+      - dashboard
     get:
       deprecated: false
       description: This endpoint returns a v2-shape dashboard.
@@ -13484,6 +13629,120 @@ paths:
       summary: Lock dashboard (v2)
       tags:
       - dashboard
+  /api/v2/dashboards/{id}/pins/me:
+    delete:
+      deprecated: false
+      description: Removes the pin for the calling user. Idempotent — unpinning a
+        dashboard that wasn't pinned still returns 204.
+      operationId: UnpinDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: Unpin a dashboard for the current user (v2)
+      tags:
+      - dashboard
+    put:
+      deprecated: false
+      description: Pins the dashboard for the calling user. A user can pin at most
+        10 dashboards; pinning when at the limit returns 409. Re-pinning an already-pinned
+        dashboard is a no-op success.
+      operationId: PinDashboardV2
+      parameters:
+      - in: path
+        name: id
+        required: true
+        schema:
+          type: string
+      responses:
+        "204":
+          content:
+            application/json:
+              schema:
+                type: string
+          description: No Content
+        "400":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Bad Request
+        "401":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Unauthorized
+        "403":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Forbidden
+        "404":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Not Found
+        "409":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Conflict
+        "500":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/RenderErrorResponse'
+          description: Internal Server Error
+      security:
+      - api_key:
+        - VIEWER
+      - tokenizer:
+        - VIEWER
+      summary: Pin a dashboard for the current user (v2)
+      tags:
+      - dashboard
   /api/v2/factor_password/forgot:
     post:
       deprecated: false
@@ -20609,75 +20868,6 @@ paths:
       summary: Put profile in Zeus for a deployment.
       tags:
       - zeus
-  /api/v3/traces/{traceID}/flamegraph:
-    post:
-      deprecated: false
-      description: Returns the flamegraph view of spans for a given trace ID.
-      operationId: GetFlamegraph
-      parameters:
-      - in: path
-        name: traceID
-        required: true
-        schema:
-          type: string
-      requestBody:
-        content:
-          application/json:
-            schema:
-              $ref: '#/components/schemas/SpantypesPostableFlamegraph'
-      responses:
-        "200":
-          content:
-            application/json:
-              schema:
-                properties:
-                  data:
-                    $ref: '#/components/schemas/SpantypesGettableFlamegraphTrace'
-                  status:
-                    type: string
-                required:
-                - status
-                - data
-                type: object
-          description: OK
-        "400":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Bad Request
-        "401":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Unauthorized
-        "403":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Forbidden
-        "404":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Not Found
-        "500":
-          content:
-            application/json:
-              schema:
-                $ref: '#/components/schemas/RenderErrorResponse'
-          description: Internal Server Error
-      security:
-      - api_key:
-        - VIEWER
-      - tokenizer:
-        - VIEWER
-      summary: Get flamegraph view for a trace
-      tags:
-      - tracedetail
   /api/v3/traces/{traceID}/waterfall:
     post:
       deprecated: false

ee/authn/callbackauthn/oidccallbackauthn/authn.go

@@ -5,12 +5,10 @@ import (
 	"fmt"
 	"log/slog"
 	"net/url"
-	"path"
 
 	"github.com/SigNoz/signoz/pkg/authn"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/http/client"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
@@ -28,14 +26,13 @@ var defaultScopes []string = []string{"email", "profile", oidc.ScopeOpenID}
 var _ authn.CallbackAuthN = (*AuthN)(nil)
 
 type AuthN struct {
-	settings     factory.ScopedProviderSettings
-	store        authtypes.AuthNStore
-	licensing    licensing.Licensing
-	httpClient   *client.Client
-	globalConfig global.Config
+	settings   factory.ScopedProviderSettings
+	store      authtypes.AuthNStore
+	licensing  licensing.Licensing
+	httpClient *client.Client
 }
 
-func New(store authtypes.AuthNStore, licensing licensing.Licensing, providerSettings factory.ProviderSettings, globalConfig global.Config) (*AuthN, error) {
+func New(store authtypes.AuthNStore, licensing licensing.Licensing, providerSettings factory.ProviderSettings) (*AuthN, error) {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/ee/authn/callbackauthn/oidccallbackauthn")
 
 	httpClient, err := client.New(providerSettings.Logger, providerSettings.TracerProvider, providerSettings.MeterProvider)
@@ -44,11 +41,10 @@ func New(store authtypes.AuthNStore, licensing licensing.Licensing, providerSett
 	}
 
 	return &AuthN{
-		settings:     settings,
-		store:        store,
-		licensing:    licensing,
-		httpClient:   httpClient,
-		globalConfig: globalConfig,
+		settings:   settings,
+		store:      store,
+		licensing:  licensing,
+		httpClient: httpClient,
 	}, nil
 }
 
@@ -201,7 +197,7 @@ func (a *AuthN) oidcProviderAndoauth2Config(ctx context.Context, siteURL *url.UR
 		RedirectURL: (&url.URL{
 			Scheme: siteURL.Scheme,
 			Host:   siteURL.Host,
-			Path:   path.Join(a.globalConfig.ExternalPath(), redirectPath),
+			Path:   redirectPath,
 		}).String(),
 	}, nil
 }

ee/authn/callbackauthn/samlcallbackauthn/authn.go

@@ -6,12 +6,10 @@ import (
 	"encoding/base64"
 	"encoding/pem"
 	"net/url"
-	"path"
 	"strings"
 
 	"github.com/SigNoz/signoz/pkg/authn"
 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
@@ -26,16 +24,14 @@ const (
 var _ authn.CallbackAuthN = (*AuthN)(nil)
 
 type AuthN struct {
-	store        authtypes.AuthNStore
-	licensing    licensing.Licensing
-	globalConfig global.Config
+	store     authtypes.AuthNStore
+	licensing licensing.Licensing
 }
 
-func New(ctx context.Context, store authtypes.AuthNStore, licensing licensing.Licensing, globalConfig global.Config) (*AuthN, error) {
+func New(ctx context.Context, store authtypes.AuthNStore, licensing licensing.Licensing) (*AuthN, error) {
 	return &AuthN{
-		store:        store,
-		licensing:    licensing,
-		globalConfig: globalConfig,
+		store:     store,
+		licensing: licensing,
 	}, nil
 }
 
@@ -136,7 +132,7 @@ func (a *AuthN) serviceProvider(siteURL *url.URL, authDomain *authtypes.AuthDoma
 		return nil, err
 	}
 
-	acsURL := &url.URL{Scheme: siteURL.Scheme, Host: siteURL.Host, Path: path.Join(a.globalConfig.ExternalPath(), redirectPath)}
+	acsURL := &url.URL{Scheme: siteURL.Scheme, Host: siteURL.Host, Path: redirectPath}
 
 	// Note:
 	// The ServiceProviderIssuer is the client id in case of keycloak. Since we set it to the host here, we need to set the client id == host in keycloak.

ee/modules/dashboard/impldashboard/module.go

@@ -229,10 +229,31 @@ func (module *module) PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.
 	return module.pkgDashboardModule.PatchV2(ctx, orgID, id, updatedBy, patch)
 }
 
+func (module *module) DeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error {
+	return module.store.RunInTx(ctx, func(ctx context.Context) error {
+		if err := module.store.DeletePublic(ctx, id.String()); err != nil && !errors.Ast(err, errors.TypeNotFound) {
+			return err
+		}
+		return module.pkgDashboardModule.DeleteV2(ctx, orgID, id)
+	})
+}
+
 func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
 	return module.pkgDashboardModule.LockUnlockV2(ctx, orgID, id, updatedBy, isAdmin, lock)
 }
 
+func (module *module) ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *dashboardtypes.ListDashboardsV2Params) (*dashboardtypes.ListableDashboardV2, error) {
+	return module.pkgDashboardModule.ListV2(ctx, orgID, userID, params)
+}
+
+func (module *module) PinV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, id valuer.UUID) error {
+	return module.pkgDashboardModule.PinV2(ctx, orgID, userID, id)
+}
+
+func (module *module) UnpinV2(ctx context.Context, userID valuer.UUID, id valuer.UUID) error {
+	return module.pkgDashboardModule.UnpinV2(ctx, userID, id)
+}
+
 func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.Dashboard, error) {
 	return module.pkgDashboardModule.Get(ctx, orgID, id)
 }

ee/sqlstore/postgressqlstore/formatter.go

@@ -16,10 +16,11 @@ func newFormatter(dialect schema.Dialect) sqlstore.SQLFormatter {
 }
 
 func (f *formatter) JSONExtractString(column, path string) []byte {
-	var sql []byte
-	sql = f.bunf.AppendIdent(sql, column)
-	sql = append(sql, f.convertJSONPathToPostgres(path)...)
-	return sql
+	ops := f.convertJSONPathToPostgres(path)
+	if len(ops) == 0 {
+		return f.bunf.AppendIdent(nil, column)
+	}
+	return append(f.TextToJsonColumn(column), ops...)
 }
 
 func (f *formatter) JSONType(column, path string) []byte {

ee/sqlstore/postgressqlstore/formatter_test.go

@@ -18,19 +18,19 @@ func TestJSONExtractString(t *testing.T) {
 			name:     "simple path",
 			column:   "data",
 			path:     "$.field",
-			expected: `"data"->>'field'`,
+			expected: `"data"::jsonb->>'field'`,
 		},
 		{
 			name:     "nested path",
 			column:   "metadata",
 			path:     "$.user.name",
-			expected: `"metadata"->'user'->>'name'`,
+			expected: `"metadata"::jsonb->'user'->>'name'`,
 		},
 		{
 			name:     "deeply nested path",
 			column:   "json_col",
 			path:     "$.level1.level2.level3",
-			expected: `"json_col"->'level1'->'level2'->>'level3'`,
+			expected: `"json_col"::jsonb->'level1'->'level2'->>'level3'`,
 		},
 		{
 			name:     "root path",

ee/sqlstore/postgressqlstore/listfilter_test.go

@@ -0,0 +1,65 @@
+package postgressqlstore
+
+// Lives in this package (rather than the listfilter package) so it can use
+// the unexported newFormatter constructor without driving a real Postgres
+// connection. Covers the only listfilter cases whose emitted SQL differs
+// between SQLite and Postgres — the ones that go through JSONExtractString
+// (`name`, `description`). All other operators (=, !=, BETWEEN, LIKE, IN,
+// EXISTS, lower(...)) emit identical ANSI SQL on both dialects and are
+// covered by the SQLite tests in the listfilter package itself.
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/uptrace/bun/dialect/pgdialect"
+
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes/listfilter"
+)
+
+func TestListFilterCompile_Postgres(t *testing.T) {
+	f := newFormatter(pgdialect.New())
+
+	cases := []struct {
+		name     string
+		query    string
+		wantSQL  string
+		wantArgs []any
+	}{
+		{
+			name:     "name = uses Postgres -> / ->> chain",
+			query:    `name = 'overview'`,
+			wantSQL:  `"dashboard"."data"::jsonb->'spec'->'display'->>'name' = ?`,
+			wantArgs: []any{"overview"},
+		},
+		{
+			name:     "name CONTAINS — same JSON path, LIKE pattern",
+			query:    `name CONTAINS 'overview'`,
+			wantSQL:  `"dashboard"."data"::jsonb->'spec'->'display'->>'name' LIKE ? ESCAPE '\'`,
+			wantArgs: []any{"%overview%"},
+		},
+		{
+			name:     "name ILIKE — LOWER wraps the JSON path",
+			query:    `name ILIKE 'Prod%'`,
+			wantSQL:  `lower("dashboard"."data"::jsonb->'spec'->'display'->>'name') LIKE LOWER(?) ESCAPE '\'`,
+			wantArgs: []any{"Prod%"},
+		},
+		{
+			name:     "description = follows the same path shape",
+			query:    `description = 'd1'`,
+			wantSQL:  `"dashboard"."data"::jsonb->'spec'->'display'->>'description' = ?`,
+			wantArgs: []any{"d1"},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			out, err := listfilter.Compile(c.query, f)
+			require.NoError(t, err)
+			require.NotNil(t, out)
+			assert.Equal(t, c.wantSQL, out.SQL)
+			assert.Equal(t, c.wantArgs, out.Args)
+		})
+	}
+}

frontend/src/api/generated/services/dashboard/index.ts

@@ -26,6 +26,7 @@ import type {
 	DashboardtypesPostablePublicDashboardDTO,
 	DashboardtypesUpdatableDashboardV2DTO,
 	DashboardtypesUpdatablePublicDashboardDTO,
+	DeleteDashboardV2PathParameters,
 	DeletePublicDashboardPathParameters,
 	GetDashboardV2200,
 	GetDashboardV2PathParameters,
@@ -35,11 +36,15 @@ import type {
 	GetPublicDashboardPathParameters,
 	GetPublicDashboardWidgetQueryRange200,
 	GetPublicDashboardWidgetQueryRangePathParameters,
+	ListDashboardsV2200,
+	ListDashboardsV2Params,
 	LockDashboardV2PathParameters,
 	PatchDashboardV2200,
 	PatchDashboardV2PathParameters,
+	PinDashboardV2PathParameters,
 	RenderErrorResponseDTO,
 	UnlockDashboardV2PathParameters,
+	UnpinDashboardV2PathParameters,
 	UpdateDashboardV2200,
 	UpdateDashboardV2PathParameters,
 	UpdatePublicDashboardPathParameters,
@@ -641,6 +646,103 @@ export const invalidateGetPublicDashboardWidgetQueryRange = async (
 	return queryClient;
 };
 
+/**
+ * Returns a page of v2-shape dashboards for the calling user's org. Supports a filter DSL (`query`), sort (`updated_at`/`created_at`/`name`), order (`asc`/`desc`), and offset-based pagination (`limit`/`offset`).
+ * @summary List dashboards (v2)
+ */
+export const listDashboardsV2 = (
+	params?: ListDashboardsV2Params,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<ListDashboardsV2200>({
+		url: `/api/v2/dashboards`,
+		method: 'GET',
+		params,
+		signal,
+	});
+};
+
+export const getListDashboardsV2QueryKey = (
+	params?: ListDashboardsV2Params,
+) => {
+	return [`/api/v2/dashboards`, ...(params ? [params] : [])] as const;
+};
+
+export const getListDashboardsV2QueryOptions = <
+	TData = Awaited<ReturnType<typeof listDashboardsV2>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(
+	params?: ListDashboardsV2Params,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof listDashboardsV2>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getListDashboardsV2QueryKey(params);
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof listDashboardsV2>>> = ({
+		signal,
+	}) => listDashboardsV2(params, signal);
+
+	return { queryKey, queryFn, ...queryOptions } as UseQueryOptions<
+		Awaited<ReturnType<typeof listDashboardsV2>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type ListDashboardsV2QueryResult = NonNullable<
+	Awaited<ReturnType<typeof listDashboardsV2>>
+>;
+export type ListDashboardsV2QueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary List dashboards (v2)
+ */
+
+export function useListDashboardsV2<
+	TData = Awaited<ReturnType<typeof listDashboardsV2>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(
+	params?: ListDashboardsV2Params,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof listDashboardsV2>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getListDashboardsV2QueryOptions(params, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	return { ...query, queryKey: queryOptions.queryKey };
+}
+
+/**
+ * @summary List dashboards (v2)
+ */
+export const invalidateListDashboardsV2 = async (
+	queryClient: QueryClient,
+	params?: ListDashboardsV2Params,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getListDashboardsV2QueryKey(params) },
+		options,
+	);
+
+	return queryClient;
+};
+
 /**
  * This endpoint creates a dashboard in the v2 format that follows Perses spec.
  * @summary Create dashboard (v2)
@@ -724,6 +826,85 @@ export const useCreateDashboardV2 = <
 > => {
 	return useMutation(getCreateDashboardV2MutationOptions(options));
 };
+/**
+ * This endpoint deletes a v2-shape dashboard along with its tag relations. Locked dashboards are rejected.
+ * @summary Delete dashboard (v2)
+ */
+export const deleteDashboardV2 = (
+	{ id }: DeleteDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'DELETE',
+		signal,
+	});
+};
+
+export const getDeleteDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteDashboardV2>>,
+		TError,
+		{ pathParams: DeleteDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof deleteDashboardV2>>,
+	TError,
+	{ pathParams: DeleteDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['deleteDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof deleteDashboardV2>>,
+		{ pathParams: DeleteDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return deleteDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type DeleteDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof deleteDashboardV2>>
+>;
+
+export type DeleteDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Delete dashboard (v2)
+ */
+export const useDeleteDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof deleteDashboardV2>>,
+		TError,
+		{ pathParams: DeleteDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof deleteDashboardV2>>,
+	TError,
+	{ pathParams: DeleteDashboardV2PathParameters },
+	TContext
+> => {
+	return useMutation(getDeleteDashboardV2MutationOptions(options));
+};
 /**
  * This endpoint returns a v2-shape dashboard.
  * @summary Get dashboard (v2)
@@ -1181,3 +1362,161 @@ export const useLockDashboardV2 = <
 > => {
 	return useMutation(getLockDashboardV2MutationOptions(options));
 };
+/**
+ * Removes the pin for the calling user. Idempotent — unpinning a dashboard that wasn't pinned still returns 204.
+ * @summary Unpin a dashboard for the current user (v2)
+ */
+export const unpinDashboardV2 = (
+	{ id }: UnpinDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/pins/me`,
+		method: 'DELETE',
+		signal,
+	});
+};
+
+export const getUnpinDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unpinDashboardV2>>,
+		TError,
+		{ pathParams: UnpinDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof unpinDashboardV2>>,
+	TError,
+	{ pathParams: UnpinDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['unpinDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof unpinDashboardV2>>,
+		{ pathParams: UnpinDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return unpinDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UnpinDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof unpinDashboardV2>>
+>;
+
+export type UnpinDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Unpin a dashboard for the current user (v2)
+ */
+export const useUnpinDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unpinDashboardV2>>,
+		TError,
+		{ pathParams: UnpinDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof unpinDashboardV2>>,
+	TError,
+	{ pathParams: UnpinDashboardV2PathParameters },
+	TContext
+> => {
+	return useMutation(getUnpinDashboardV2MutationOptions(options));
+};
+/**
+ * Pins the dashboard for the calling user. A user can pin at most 10 dashboards; pinning when at the limit returns 409. Re-pinning an already-pinned dashboard is a no-op success.
+ * @summary Pin a dashboard for the current user (v2)
+ */
+export const pinDashboardV2 = (
+	{ id }: PinDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/pins/me`,
+		method: 'PUT',
+		signal,
+	});
+};
+
+export const getPinDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof pinDashboardV2>>,
+		TError,
+		{ pathParams: PinDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof pinDashboardV2>>,
+	TError,
+	{ pathParams: PinDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['pinDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof pinDashboardV2>>,
+		{ pathParams: PinDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return pinDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type PinDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof pinDashboardV2>>
+>;
+
+export type PinDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Pin a dashboard for the current user (v2)
+ */
+export const usePinDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof pinDashboardV2>>,
+		TError,
+		{ pathParams: PinDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof pinDashboardV2>>,
+	TError,
+	{ pathParams: PinDashboardV2PathParameters },
+	TContext
+> => {
+	return useMutation(getPinDashboardV2MutationOptions(options));
+};

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -2651,7 +2651,6 @@ export enum CloudintegrationtypesServiceIDDTO {
 	sqs = 'sqs',
 	storageaccountsblob = 'storageaccountsblob',
 	cdnprofile = 'cdnprofile',
-	aks = 'aks',
 }
 export type CloudintegrationtypesCloudIntegrationServiceDTOAnyOf = {
 	/**
@@ -4620,7 +4619,7 @@ export interface DashboardtypesDashboardSpecDTO {
 export enum DashboardtypesDatasourcePluginKindDTO {
 	'signoz/Datasource' = 'signoz/Datasource',
 }
-export interface TagtypesPostableTagDTO {
+export interface TagtypesGettableTagDTO {
 	/**
 	 * @type string
 	 */
@@ -4670,7 +4669,7 @@ export interface DashboardtypesGettableDashboardV2DTO {
 	/**
 	 * @type array,null
 	 */
-	tags: TagtypesPostableTagDTO[] | null;
+	tags: TagtypesGettableTagDTO[] | null;
 	/**
 	 * @type string
 	 * @format date-time
@@ -4728,6 +4727,90 @@ export interface DashboardtypesJSONPatchOperationDTO {
 	value?: unknown;
 }
 
+export enum DashboardtypesListOrderDTO {
+	asc = 'asc',
+	desc = 'desc',
+}
+export enum DashboardtypesListSortDTO {
+	updated_at = 'updated_at',
+	created_at = 'created_at',
+	name = 'name',
+}
+export interface DashboardtypesListedDashboardV2SpecDTO {
+	display?: CommonDisplayDTO;
+}
+
+export interface DashboardtypesListedDashboardV2DTO {
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	createdAt?: string;
+	/**
+	 * @type string
+	 */
+	createdBy?: string;
+	/**
+	 * @type string
+	 */
+	id: string;
+	/**
+	 * @type string
+	 */
+	image?: string;
+	/**
+	 * @type boolean
+	 */
+	locked: boolean;
+	/**
+	 * @type string
+	 */
+	name: string;
+	/**
+	 * @type string
+	 */
+	orgId: string;
+	/**
+	 * @type boolean
+	 */
+	pinned: boolean;
+	/**
+	 * @type string
+	 */
+	schemaVersion: string;
+	source: DashboardtypesSourceDTO;
+	spec: DashboardtypesListedDashboardV2SpecDTO;
+	/**
+	 * @type array
+	 */
+	tags: TagtypesGettableTagDTO[];
+	/**
+	 * @type string
+	 * @format date-time
+	 */
+	updatedAt?: string;
+	/**
+	 * @type string
+	 */
+	updatedBy?: string;
+}
+
+export interface DashboardtypesListableDashboardV2DTO {
+	/**
+	 * @type array
+	 */
+	dashboards: DashboardtypesListedDashboardV2DTO[];
+	/**
+	 * @type array
+	 */
+	tags: TagtypesGettableTagDTO[];
+	/**
+	 * @type integer
+	 * @format int64
+	 */
+	total: number;
+}
+
 export enum DashboardtypesPanelPluginKindDTO {
 	'signoz/TimeSeriesPanel' = 'signoz/TimeSeriesPanel',
 	'signoz/BarChartPanel' = 'signoz/BarChartPanel',
@@ -4744,6 +4827,17 @@ export type DashboardtypesPatchableDashboardV2DTO =
 	| DashboardtypesJSONPatchOperationDTO[]
 	| null;
 
+export interface TagtypesPostableTagDTO {
+	/**
+	 * @type string
+	 */
+	key: string;
+	/**
+	 * @type string
+	 */
+	value: string;
+}
+
 export interface DashboardtypesPostableDashboardV2DTO {
 	/**
 	 * @type boolean
@@ -7770,77 +7864,6 @@ export enum SpantypesFieldContextDTO {
 	attribute = 'attribute',
 	resource = 'resource',
 }
-export type SpantypesFlamegraphSpanDTOAttributes = { [key: string]: unknown };
-
-export type SpantypesFlamegraphSpanDTOResource = { [key: string]: string };
-
-export interface SpantypesFlamegraphSpanDTO {
-	/**
-	 * @type object
-	 */
-	attributes: SpantypesFlamegraphSpanDTOAttributes;
-	/**
-	 * @type integer
-	 * @minimum 0
-	 */
-	durationNano: number;
-	/**
-	 * @type array
-	 */
-	event: SpantypesEventDTO[];
-	/**
-	 * @type boolean
-	 */
-	hasError: boolean;
-	/**
-	 * @type integer
-	 * @format int64
-	 */
-	level: number;
-	/**
-	 * @type string
-	 */
-	name: string;
-	/**
-	 * @type string
-	 */
-	parentSpanId: string;
-	/**
-	 * @type object
-	 */
-	resource: SpantypesFlamegraphSpanDTOResource;
-	/**
-	 * @type string
-	 */
-	spanId: string;
-	/**
-	 * @type integer
-	 * @minimum 0
-	 */
-	timestamp: number;
-}
-
-export interface SpantypesGettableFlamegraphTraceDTO {
-	/**
-	 * @type integer
-	 * @format int64
-	 */
-	endTimestampMillis: number;
-	/**
-	 * @type boolean
-	 */
-	hasMore: boolean;
-	/**
-	 * @type array
-	 */
-	spans: SpantypesFlamegraphSpanDTO[][];
-	/**
-	 * @type integer
-	 * @format int64
-	 */
-	startTimestampMillis: number;
-}
-
 export type SpantypesSpanMapperGroupConditionDTOAnyOf = {
 	/**
 	 * @type array,null
@@ -8142,17 +8165,6 @@ export interface SpantypesGettableWaterfallTraceDTO {
 	uncollapsedSpans?: string[] | null;
 }
 
-export interface SpantypesPostableFlamegraphDTO {
-	/**
-	 * @type array
-	 */
-	selectFields?: TelemetrytypesTelemetryFieldKeyDTO[];
-	/**
-	 * @type string
-	 */
-	selectedSpanId?: string;
-}
-
 export enum SpantypesSpanMapperOperationDTO {
 	move = 'move',
 	copy = 'copy',
@@ -9659,6 +9671,40 @@ export type GetUserPreference200 = {
 export type UpdateUserPreferencePathParameters = {
 	name: string;
 };
+export type ListDashboardsV2Params = {
+	/**
+	 * @type string
+	 * @description undefined
+	 */
+	query?: string;
+	/**
+	 * @description undefined
+	 */
+	sort?: DashboardtypesListSortDTO;
+	/**
+	 * @description undefined
+	 */
+	order?: DashboardtypesListOrderDTO;
+	/**
+	 * @type integer
+	 * @description undefined
+	 */
+	limit?: number;
+	/**
+	 * @type integer
+	 * @description undefined
+	 */
+	offset?: number;
+};
+
+export type ListDashboardsV2200 = {
+	data: DashboardtypesListableDashboardV2DTO;
+	/**
+	 * @type string
+	 */
+	status: string;
+};
+
 export type CreateDashboardV2201 = {
 	data: DashboardtypesGettableDashboardV2DTO;
 	/**
@@ -9667,6 +9713,9 @@ export type CreateDashboardV2201 = {
 	status: string;
 };
 
+export type DeleteDashboardV2PathParameters = {
+	id: string;
+};
 export type GetDashboardV2PathParameters = {
 	id: string;
 };
@@ -9706,6 +9755,12 @@ export type UnlockDashboardV2PathParameters = {
 export type LockDashboardV2PathParameters = {
 	id: string;
 };
+export type UnpinDashboardV2PathParameters = {
+	id: string;
+};
+export type PinDashboardV2PathParameters = {
+	id: string;
+};
 export type GetFeatures200 = {
 	/**
 	 * @type array
@@ -10507,17 +10562,6 @@ export type GetHosts200 = {
 	status: string;
 };
 
-export type GetFlamegraphPathParameters = {
-	traceID: string;
-};
-export type GetFlamegraph200 = {
-	data: SpantypesGettableFlamegraphTraceDTO;
-	/**
-	 * @type string
-	 */
-	status: string;
-};
-
 export type GetWaterfallPathParameters = {
 	traceID: string;
 };

frontend/src/api/generated/services/tracedetail/index.ts

@@ -12,8 +12,6 @@ import type {
 } from 'react-query';
 
 import type {
-	GetFlamegraph200,
-	GetFlamegraphPathParameters,
 	GetTraceAggregations200,
 	GetTraceAggregationsPathParameters,
 	GetWaterfall200,
@@ -21,7 +19,6 @@ import type {
 	GetWaterfallV4200,
 	GetWaterfallV4PathParameters,
 	RenderErrorResponseDTO,
-	SpantypesPostableFlamegraphDTO,
 	SpantypesPostableTraceAggregationsDTO,
 	SpantypesPostableWaterfallDTO,
 } from '../sigNoz.schemas';
@@ -129,105 +126,6 @@ export const useGetTraceAggregations = <
 > => {
 	return useMutation(getGetTraceAggregationsMutationOptions(options));
 };
-/**
- * Returns the flamegraph view of spans for a given trace ID.
- * @summary Get flamegraph view for a trace
- */
-export const getFlamegraph = (
-	{ traceID }: GetFlamegraphPathParameters,
-	spantypesPostableFlamegraphDTO?: BodyType<SpantypesPostableFlamegraphDTO>,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<GetFlamegraph200>({
-		url: `/api/v3/traces/${traceID}/flamegraph`,
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		data: spantypesPostableFlamegraphDTO,
-		signal,
-	});
-};
-
-export const getGetFlamegraphMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof getFlamegraph>>,
-		TError,
-		{
-			pathParams: GetFlamegraphPathParameters;
-			data?: BodyType<SpantypesPostableFlamegraphDTO>;
-		},
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof getFlamegraph>>,
-	TError,
-	{
-		pathParams: GetFlamegraphPathParameters;
-		data?: BodyType<SpantypesPostableFlamegraphDTO>;
-	},
-	TContext
-> => {
-	const mutationKey = ['getFlamegraph'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-			'mutationKey' in options.mutation &&
-			options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof getFlamegraph>>,
-		{
-			pathParams: GetFlamegraphPathParameters;
-			data?: BodyType<SpantypesPostableFlamegraphDTO>;
-		}
-	> = (props) => {
-		const { pathParams, data } = props ?? {};
-
-		return getFlamegraph(pathParams, data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type GetFlamegraphMutationResult = NonNullable<
-	Awaited<ReturnType<typeof getFlamegraph>>
->;
-export type GetFlamegraphMutationBody =
-	| BodyType<SpantypesPostableFlamegraphDTO>
-	| undefined;
-export type GetFlamegraphMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Get flamegraph view for a trace
- */
-export const useGetFlamegraph = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof getFlamegraph>>,
-		TError,
-		{
-			pathParams: GetFlamegraphPathParameters;
-			data?: BodyType<SpantypesPostableFlamegraphDTO>;
-		},
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof getFlamegraph>>,
-	TError,
-	{
-		pathParams: GetFlamegraphPathParameters;
-		data?: BodyType<SpantypesPostableFlamegraphDTO>;
-	},
-	TContext
-> => {
-	return useMutation(getGetFlamegraphMutationOptions(options));
-};
 /**
  * Returns the waterfall view of spans for a given trace ID with tree structure, metadata, and windowed pagination
  * @summary Get waterfall view for a trace

frontend/src/container/InfraMonitoringK8s/Deployments/constants.ts

@@ -72,7 +72,7 @@ export const deploymentWidgetInfo = [
 		yAxisUnit: '',
 	},
 	{
-		title: 'Memory usage, request, limits',
+		title: 'Memory usage, request, limits)',
 		yAxisUnit: 'bytes',
 	},
 	{

frontend/src/container/InfraMonitoringK8s/Jobs/constants.ts

@@ -69,7 +69,7 @@ export const jobWidgetInfo = [
 		yAxisUnit: '',
 	},
 	{
-		title: 'Memory Usage',
+		title: 'Memory usage, request, limits',
 		yAxisUnit: 'bytes',
 	},
 	{

frontend/src/container/InfraMonitoringK8s/Namespaces/constants.ts

@@ -703,7 +703,7 @@ export const getNamespaceMetricsQueryPayload = (
 							],
 							having: [],
 							legend: `{{${k8sPodNameKey}}}`,
-							limit: 10,
+							limit: 20,
 							orderBy: [],
 							queryName: 'A',
 							reduceTo: ReduceOperators.AVG,
@@ -1014,8 +1014,8 @@ export const getNamespaceMetricsQueryPayload = (
 										id: '5f2a55c5',
 										key: {
 											dataType: DataTypes.String,
-											id: k8sNamespaceNameKey,
-											key: k8sNamespaceNameKey,
+											id: k8sStatefulsetNameKey,
+											key: k8sStatefulsetNameKey,
 											type: 'tag',
 										},
 										op: '=',

frontend/src/container/InfraMonitoringK8s/Volumes/constants.ts

@@ -317,9 +317,9 @@ export const getVolumeMetricsQueryPayload = (
 						{
 							aggregateAttribute: {
 								dataType: DataTypes.Float64,
-								id: 'k8s_volume_inodes_used--float64--Gauge--true',
+								id: 'k8s_volume_inodes_used--float64----true',
 								key: k8sVolumeInodesUsedKey,
-								type: 'Gauge',
+								type: '',
 							},
 							aggregateOperator: 'avg',
 							dataSource: DataSource.METRICS,
@@ -409,9 +409,9 @@ export const getVolumeMetricsQueryPayload = (
 						{
 							aggregateAttribute: {
 								dataType: DataTypes.Float64,
-								id: 'k8s_volume_inodes--float64--Gauge--true',
+								id: 'k8s_volume_inodes--float64----true',
 								key: k8sVolumeInodesKey,
-								type: 'Gauge',
+								type: '',
 							},
 							aggregateOperator: 'avg',
 							dataSource: DataSource.METRICS,
@@ -501,9 +501,9 @@ export const getVolumeMetricsQueryPayload = (
 						{
 							aggregateAttribute: {
 								dataType: DataTypes.Float64,
-								id: 'k8s_volume_inodes_free--float64--Gauge--true',
+								id: 'k8s_volume_inodes_free--float64----true',
 								key: k8sVolumeInodesFreeKey,
-								type: 'Gauge',
+								type: '',
 							},
 							aggregateOperator: 'avg',
 							dataSource: DataSource.METRICS,

frontend/src/container/LogDetailedView/InfraMetrics/constants.ts

@@ -1619,9 +1619,6 @@ export const getHostQueryPayload = (
 	const diskOpTimeKey = dotMetricsEnabled
 		? 'system.disk.operation_time'
 		: 'system_disk_operation_time';
-	const diskOpsKey = dotMetricsEnabled
-		? 'system.disk.operations'
-		: 'system_disk_operations';
 	const diskPendingKey = dotMetricsEnabled
 		? 'system.disk.pending_operations'
 		: 'system_disk_pending_operations';
@@ -2378,24 +2375,9 @@ export const getHostQueryPayload = (
 								op: 'AND',
 							},
 							functions: [],
-							groupBy: [
-								{
-									dataType: DataTypes.String,
-									id: 'direction--string--tag--false',
-
-									key: 'direction',
-									type: 'tag',
-								},
-								{
-									dataType: DataTypes.String,
-									id: 'device--string--tag--false',
-
-									key: 'device',
-									type: 'tag',
-								},
-							],
+							groupBy: [],
 							having: [],
-							legend: '{{device}}::{{direction}}',
+							legend: 'system disk io',
 							limit: null,
 							orderBy: [],
 							queryName: 'A',
@@ -2427,9 +2409,9 @@ export const getHostQueryPayload = (
 						{
 							aggregateAttribute: {
 								dataType: DataTypes.Float64,
-								id: 'system_disk_operations--float64--Sum--true',
+								id: 'system_disk_operation_time--float64--Sum--true',
 
-								key: diskOpsKey,
+								key: diskOpTimeKey,
 								type: 'Sum',
 							},
 							aggregateOperator: 'rate',
@@ -2439,7 +2421,7 @@ export const getHostQueryPayload = (
 							filters: {
 								items: [
 									{
-										id: 'diskops_f1',
+										id: 'diskop_f1',
 										key: {
 											dataType: DataTypes.String,
 											id: 'host_name--string--tag--false',
@@ -2472,7 +2454,7 @@ export const getHostQueryPayload = (
 							],
 							having: [
 								{
-									columnName: `SUM(${diskOpsKey})`,
+									columnName: `SUM(${diskOpTimeKey})`,
 									op: '>',
 									value: 0,
 								},
@@ -2575,88 +2557,6 @@ export const getHostQueryPayload = (
 			start,
 			end,
 		},
-		{
-			selectedTime: 'GLOBAL_TIME',
-			graphType: PANEL_TYPES.TIME_SERIES,
-			query: {
-				builder: {
-					queryData: [
-						{
-							aggregateAttribute: {
-								dataType: DataTypes.Float64,
-								id: 'system_disk_operation_time--float64--Sum--true',
-
-								key: diskOpTimeKey,
-								type: 'Sum',
-							},
-							aggregateOperator: 'rate',
-							dataSource: DataSource.METRICS,
-							disabled: false,
-							expression: 'A',
-							filters: {
-								items: [
-									{
-										id: 'diskoptime_f1',
-										key: {
-											dataType: DataTypes.String,
-											id: 'host_name--string--tag--false',
-
-											key: hostNameKey,
-											type: 'tag',
-										},
-										op: '=',
-										value: hostName,
-									},
-								],
-								op: 'AND',
-							},
-							functions: [],
-							groupBy: [
-								{
-									dataType: DataTypes.String,
-									id: 'device--string--tag--false',
-
-									key: 'device',
-									type: 'tag',
-								},
-								{
-									dataType: DataTypes.String,
-									id: 'direction--string--tag--false',
-
-									key: 'direction',
-									type: 'tag',
-								},
-							],
-							having: [
-								{
-									columnName: `SUM(${diskOpTimeKey})`,
-									op: '>',
-									value: 0,
-								},
-							],
-							legend: '{{device}}::{{direction}}',
-							limit: null,
-							orderBy: [],
-							queryName: 'A',
-							reduceTo: ReduceOperators.AVG,
-							spaceAggregation: 'sum',
-							stepInterval: 60,
-							timeAggregation: 'rate',
-						},
-					],
-					queryFormulas: [],
-					queryTraceOperator: [],
-				},
-				clickhouse_sql: [{ disabled: false, legend: '', name: 'A', query: '' }],
-				id: 'a8b3d2e1-4f5c-4a6b-9c8d-7e2f1a0b3c4f',
-				promql: [{ disabled: false, legend: '', name: 'A', query: '' }],
-				queryType: EQueryType.QUERY_BUILDER,
-			},
-			variables: {},
-			formatForWeb: false,
-			start,
-			end,
-		},
 	];
 };
 
@@ -2731,5 +2631,5 @@ export const hostWidgetInfo = [
 	{ title: 'System disk io (bytes transferred)', yAxisUnit: 'bytes' },
 	{ title: 'System disk operations/s', yAxisUnit: 'short' },
 	{ title: 'Queue size', yAxisUnit: 'short' },
-	{ title: 'System disk operation time/s', yAxisUnit: 's' },
+	{ title: 'Disk operations time', yAxisUnit: 's' },
 ];

pkg/apiserver/signozapiserver/dashboard.go

@@ -14,6 +14,23 @@ import (
 )
 
 func (provider *provider) addDashboardRoutes(router *mux.Router) error {
+	if err := router.Handle("/api/v2/dashboards", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.ListV2), handler.OpenAPIDef{
+		ID:                  "ListDashboardsV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "List dashboards (v2)",
+		Description:         "Returns a page of v2-shape dashboards for the calling user's org. Supports a filter DSL (`query`), sort (`updated_at`/`created_at`/`name`), order (`asc`/`desc`), and offset-based pagination (`limit`/`offset`).",
+		Request:             new(dashboardtypes.ListDashboardsV2Params),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.ListableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{http.StatusBadRequest},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v2/dashboards", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.CreateV2), handler.OpenAPIDef{
 		ID:                  "CreateDashboardV2",
 		Tags:                []string{"dashboard"},
@@ -89,6 +106,23 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		return err
 	}
 
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.DeleteV2), handler.OpenAPIDef{
+		ID:                  "DeleteDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Delete dashboard (v2)",
+		Description:         "This endpoint deletes a v2-shape dashboard along with its tag relations. Locked dashboards are rejected.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v2/dashboards/{id}/lock", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.LockV2), handler.OpenAPIDef{
 		ID:                  "LockDashboardV2",
 		Tags:                []string{"dashboard"},
@@ -123,6 +157,42 @@ func (provider *provider) addDashboardRoutes(router *mux.Router) error {
 		return err
 	}
 
+	// ViewAccess: pinning only mutates the calling user's pin list, not the
+	// dashboard itself — anyone who can view a dashboard can bookmark it.
+	if err := router.Handle("/api/v2/dashboards/{id}/pins/me", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.PinV2), handler.OpenAPIDef{
+		ID:                  "PinDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Pin a dashboard for the current user (v2)",
+		Description:         "Pins the dashboard for the calling user. A user can pin at most 10 dashboards; pinning when at the limit returns 409. Re-pinning an already-pinned dashboard is a no-op success.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound, http.StatusConflict},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/pins/me", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.UnpinV2), handler.OpenAPIDef{
+		ID:                  "UnpinDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Unpin a dashboard for the current user (v2)",
+		Description:         "Removes the pin for the calling user. Idempotent — unpinning a dashboard that wasn't pinned still returns 204.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{http.StatusBadRequest},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/dashboards/{id}/public", handler.New(provider.authzMiddleware.AdminAccess(provider.dashboardHandler.CreatePublic), handler.OpenAPIDef{
 		ID:                  "CreatePublicDashboard",
 		Tags:                []string{"dashboard"},

pkg/apiserver/signozapiserver/tracedetail.go

@@ -67,24 +67,5 @@ func (provider *provider) addTraceDetailRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v3/traces/{traceID}/flamegraph", handler.New(
-		provider.authzMiddleware.ViewAccess(provider.traceDetailHandler.GetFlamegraph),
-		handler.OpenAPIDef{
-			ID:                  "GetFlamegraph",
-			Tags:                []string{"tracedetail"},
-			Summary:             "Get flamegraph view for a trace",
-			Description:         "Returns the flamegraph view of spans for a given trace ID.",
-			Request:             new(spantypes.PostableFlamegraph),
-			RequestContentType:  "application/json",
-			Response:            new(spantypes.GettableFlamegraphTrace),
-			ResponseContentType: "application/json",
-			SuccessStatusCode:   http.StatusOK,
-			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
-			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
-		},
-	)).Methods(http.MethodPost).GetError(); err != nil {
-		return err
-	}
-
 	return nil
 }

pkg/authn/callbackauthn/googlecallbackauthn/authn.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"log/slog"
 	"net/url"
-	"path"
 
 	"github.com/coreos/go-oidc/v3/oidc"
 	"golang.org/x/oauth2"
@@ -15,7 +14,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/authn"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/http/client"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
@@ -31,13 +29,12 @@ var scopes []string = []string{"email", "profile"}
 var _ authn.CallbackAuthN = (*AuthN)(nil)
 
 type AuthN struct {
-	store        authtypes.AuthNStore
-	settings     factory.ScopedProviderSettings
-	httpClient   *client.Client
-	globalConfig global.Config
+	store      authtypes.AuthNStore
+	settings   factory.ScopedProviderSettings
+	httpClient *client.Client
 }
 
-func New(ctx context.Context, store authtypes.AuthNStore, providerSettings factory.ProviderSettings, globalConfig global.Config) (*AuthN, error) {
+func New(ctx context.Context, store authtypes.AuthNStore, providerSettings factory.ProviderSettings) (*AuthN, error) {
 	settings := factory.NewScopedProviderSettings(providerSettings, "github.com/SigNoz/signoz/pkg/authn/callbackauthn/googlecallbackauthn")
 
 	httpClient, err := client.New(settings.Logger(), providerSettings.TracerProvider, providerSettings.MeterProvider)
@@ -46,10 +43,9 @@ func New(ctx context.Context, store authtypes.AuthNStore, providerSettings facto
 	}
 
 	return &AuthN{
-		store:        store,
-		settings:     settings,
-		httpClient:   httpClient,
-		globalConfig: globalConfig,
+		store:      store,
+		settings:   settings,
+		httpClient: httpClient,
 	}, nil
 }
 
@@ -182,7 +178,7 @@ func (a *AuthN) oauth2Config(siteURL *url.URL, authDomain *authtypes.AuthDomain,
 		RedirectURL: (&url.URL{
 			Scheme: siteURL.Scheme,
 			Host:   siteURL.Host,
-			Path:   path.Join(a.globalConfig.ExternalPath(), redirectPath),
+			Path:   redirectPath,
 		}).String(),
 	}
 }

pkg/modules/cloudintegration/implcloudintegration/fs/definitions/azure/aks/icon.svg

@@ -1 +0,0 @@
-<svg id="uuid-c6c3f75e-5369-448e-b895-3f99fb11bebe" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 18 18"><path d="M7.456.608c-.902-.411-1.909-.559-2.898-.417.053.041.086.107.082.179l-.082,1.405c.879-.183,1.827-.043,2.65.469.338.21.639.474.892.781,0,0,.024.027.061.069.091.104.26.299.334.402.006.031-.004.062-.026.084-.001.001-.002.002-.003.004l-.052.048-.765.681c-.039.035-.042.095-.007.134.017.019.04.03.065.031l1.107.065,1.402.082c.072.004.138-.029.179-.083.025-.033.041-.073.044-.117l.147-2.513c.003-.052-.037-.097-.089-.1-.025-.001-.049.007-.068.024l-.764.682v.003c-.106-.164-.22-.319-.34-.467-.516-.636-1.159-1.122-1.869-1.445Z" fill="#0078d4"/><path d="M4.441.147L1.932,0c-.052-.003-.097.037-.1.09-.001.025.007.049.024.068l.681.766h.003c-.159.104-.311.214-.455.331-.629.509-1.111,1.143-1.436,1.842-.424.913-.578,1.937-.434,2.942.041-.053.107-.086.179-.082l1.402.082c-.183-.881-.043-1.83.468-2.655.209-.338.473-.64.78-.893,0,0,.029-.026.072-.064.104-.092.297-.259.399-.332.031-.006.062.004.084.026.001.001.002.002.003.003l.048.052.679.766c.035.039.095.042.134.008.019-.017.03-.04.031-.065l.064-1.109.082-1.405c.004-.072-.029-.138-.082-.179-.033-.025-.073-.041-.117-.044Z" fill="#46a0de"/><path d="M10.411,5.611c.025-.363.013-.73-.039-1.095-.041.053-.107.086-.179.082l-1.402-.082c.038.186.062.374.071.564l1.55.53Z" fill="#155ea1"/><path d="M3.576,9.604l.271-.049,1.845-.343c-.095-.084-.155-.206-.155-.34v-.025c-.733.051-1.487-.119-2.159-.536-.338-.21-.639-.474-.892-.781,0,0-.024-.027-.061-.069-.091-.104-.26-.299-.334-.402-.006-.031.004-.062.026-.084.001-.001.002-.002.003-.004l.052-.048.765-.681c.039-.035.042-.095.007-.134-.017-.019-.04-.03-.065-.031l-1.107-.065-1.402-.082c-.072-.004-.138.029-.179.083-.025.033-.041.073-.044.117L0,8.645c-.003.052.037.097.089.1.025.001.049-.007.068-.024l.764-.682v-.003c.106.164.22.319.34.467.516.636,1.159,1.122,1.869,1.445.026.012.053.021.08.033.029-.188.173-.342.365-.376Z" fill="#8dc8e8"/><g><polygon points="8.241 5.343 5.968 5.765 5.968 8.87 8.241 9.355 10.522 8.44 10.522 6.123 8.241 5.343" fill="#8661c5"/><path d="M8.328,9.307l2.082-.844c.048-.019.084-.061.095-.111v-2.102c-.004-.064-.044-.119-.103-.143l-2.106-.716h-.095l-2.066.382c-.066.017-.114.075-.119.143v2.81c-.002.073.048.136.119.151l2.09.438c.035.004.07.002.103-.008Z" fill="none"/><path d="M5.968,5.765v3.105l2.297.486v-3.98l-2.297.39ZM6.938,8.631l-.644-.127v-2.388l.644-.103v2.619ZM7.939,8.814l-.739-.119v-2.73l.739-.127v2.977Z" fill="#56407f"/><polygon points="13.16 5.383 10.887 5.805 10.887 8.909 13.16 9.395 15.433 8.471 15.433 6.163 13.16 5.383" fill="#8661c5"/><path d="M10.887,5.805v3.105l2.281.486v-3.98l-2.281.39ZM11.849,8.67l-.644-.127v-2.388l.644-.103v2.619ZM12.85,8.854l-.739-.119v-2.73l.739-.135v2.985Z" fill="#56407f"/><polygon points="5.912 9.626 3.639 10.048 3.639 13.152 5.912 13.638 8.193 12.722 8.193 10.406 5.912 9.626" fill="#8661c5"/><path d="M3.632,10.048v3.081l2.297.486v-3.98l-2.297.414ZM4.593,12.921l-.644-.135v-2.388l.644-.111v2.635ZM5.602,13.128l-.739-.119v-2.762l.739-.127v3.009Z" fill="#56407f"/><polygon points="10.816 9.594 8.543 10.016 8.543 13.12 10.816 13.614 13.089 12.69 13.089 10.374 10.816 9.594" fill="#8661c5"/><path d="M8.543,10.016v3.112l2.289.486v-3.98l-2.289.382ZM9.504,12.889l-.644-.135v-2.388l.644-.111v2.635ZM10.506,13.065l-.739-.119v-2.73l.739-.127v2.977Z" fill="#56407f"/><polygon points="15.719 9.634 13.446 10.056 13.446 13.16 15.719 13.646 18 12.73 18 10.414 15.719 9.634" fill="#8661c5"/><path d="M13.446,10.056v3.073l2.297.486v-3.98l-2.297.422ZM14.416,12.929l-.644-.135v-2.388l.644-.111v2.635ZM15.417,13.104l-.739-.119v-2.73l.739-.127v2.977Z" fill="#56407f"/><polygon points="8.185 13.956 5.912 14.37 5.912 17.475 8.185 17.968 10.466 17.045 10.466 14.736 8.185 13.956" fill="#8661c5"/><path d="M8.273,17.904l2.074-.796c.06-.021.099-.08.095-.143v-2.07c.012-.076-.031-.149-.103-.175l-2.098-.716c-.031-.012-.065-.012-.095,0l-2.066.374c-.074.012-.128.076-.127.151v2.818c-.002.073.048.136.119.151l2.09.406c.036.012.075.012.111,0Z" fill="none"/><path d="M5.912,14.37v3.105l2.297.494v-4.044l-2.297.446ZM6.882,17.244l-.644-.135v-2.388l.644-.111v2.635ZM7.883,17.427l-.739-.119v-2.738l.739-.127v2.985Z" fill="#56407f"/><polygon points="13.097 13.988 10.824 14.41 10.824 17.514 13.097 18 15.377 17.085 15.377 14.768 13.097 13.988" fill="#8661c5"/><path d="M10.824,14.41v3.105l2.297.486v-3.98l-2.297.39ZM11.793,17.284l-.644-.135v-2.388l.644-.111v2.635ZM12.795,17.459l-.739-.119v-2.73l.739-.127v2.977Z" fill="#56407f"/></g></svg>

pkg/modules/cloudintegration/implcloudintegration/fs/definitions/azure/aks/integration.json

@@ -1,293 +0,0 @@
-{
-  "id": "aks",
-  "title": "Azure Kubernetes Service (AKS)",
-  "icon": "file://icon.svg",
-  "overview": "file://overview.md",
-  "supportedSignals": {
-    "metrics": true,
-    "logs": true
-  },
-  "dataCollected": {
-    "metrics": [
-      {
-        "name": "azure_kube_pod_status_ready_average",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_kube_pod_status_ready_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_kube_pod_status_phase_average",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_kube_pod_status_phase_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_kube_node_status_condition_average",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_kube_node_status_condition_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_cpu_usage_millicores_average",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_cpu_usage_millicores_maximum",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_cpu_usage_percentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_cpu_usage_percentage_maximum",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_disk_usage_bytes_average",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_disk_usage_bytes_maximum",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_disk_usage_percentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_disk_usage_percentage_maximum",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_memory_rss_bytes_average",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_memory_rss_bytes_maximum",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_memory_rss_percentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_memory_rss_percentage_maximum",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_memory_working_set_bytes_average",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_memory_working_set_bytes_maximum",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_memory_working_set_percentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_memory_working_set_percentage_maximum",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_network_in_bytes_average",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_network_in_bytes_maximum",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_network_out_bytes_average",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_node_network_out_bytes_maximum",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_apiserver_current_inflight_requests_average",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_apiserver_current_inflight_requests_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_apiserver_cpu_usage_percentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_apiserver_cpu_usage_percentage_maximum",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_apiserver_memory_usage_percentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_apiserver_memory_usage_percentage_maximum",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_etcd_cpu_usage_percentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_etcd_cpu_usage_percentage_maximum",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_etcd_database_usage_percentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_etcd_database_usage_percentage_maximum",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_etcd_memory_usage_percentage_average",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_etcd_memory_usage_percentage_maximum",
-        "unit": "Percent",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_kube_node_status_allocatable_cpu_cores_average",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_kube_node_status_allocatable_cpu_cores_total",
-        "unit": "Count",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_kube_node_status_allocatable_memory_bytes_average",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      },
-      {
-        "name": "azure_kube_node_status_allocatable_memory_bytes_total",
-        "unit": "Bytes",
-        "type": "Gauge",
-        "description": ""
-      }
-    ],
-    "logs": [
-      {
-        "name": "Resource ID",
-        "path": "resources.azure.resource.id",
-        "type": "string"
-      }
-    ]
-  },
-  "telemetryCollectionStrategy": {
-    "azure": {
-      "resourceProvider": "Microsoft.ContainerService",
-      "resourceType": "managedClusters",
-      "metrics": {},
-      "logs": {
-        "categoryGroups": ["allLogs"]
-      }
-    }
-  },
-  "assets": {
-    "dashboards": [
-      {
-        "id": "overview",
-        "title": "Azure Kubernetes Service (AKS) Overview",
-        "description": "Overview of Azure Kubernetes Service (AKS) metrics",
-        "definition": "file://assets/dashboards/overview.json"
-      }
-    ]
-  }
-}

pkg/modules/cloudintegration/implcloudintegration/fs/definitions/azure/aks/overview.md

@@ -1,3 +0,0 @@
-### Monitor Azure Kubernetes Service (AKS) with SigNoz
-
-Collect key AKS metrics and view them with an out of the box dashboard.

pkg/modules/dashboard/dashboard.go

@@ -61,11 +61,19 @@ type Module interface {
 
 	GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error)
 
+	ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *dashboardtypes.ListDashboardsV2Params) (*dashboardtypes.ListableDashboardV2, error)
+
 	UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updatable dashboardtypes.UpdatableDashboardV2) (*dashboardtypes.DashboardV2, error)
 
 	LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error
 
 	PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	PinV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, id valuer.UUID) error
+
+	UnpinV2(ctx context.Context, userID valuer.UUID, id valuer.UUID) error
+
+	DeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error
 }
 
 type Handler interface {
@@ -96,6 +104,8 @@ type Handler interface {
 
 	GetV2(http.ResponseWriter, *http.Request)
 
+	ListV2(http.ResponseWriter, *http.Request)
+
 	UpdateV2(http.ResponseWriter, *http.Request)
 
 	LockV2(http.ResponseWriter, *http.Request)
@@ -103,4 +113,10 @@ type Handler interface {
 	UnlockV2(http.ResponseWriter, *http.Request)
 
 	PatchV2(http.ResponseWriter, *http.Request)
+
+	PinV2(http.ResponseWriter, *http.Request)
+
+	UnpinV2(http.ResponseWriter, *http.Request)
+
+	DeleteV2(http.ResponseWriter, *http.Request)
 }

pkg/modules/dashboard/impldashboard/store.go

@@ -2,10 +2,12 @@ package impldashboard
 
 import (
 	"context"
+	"strings"
 
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes/listfilter"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -63,6 +65,96 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 	return storableDashboard, nil
 }
 
+// ListV2 emits the joined dashboard ⨝ user_dashboard_preference query the spec
+// calls for. Aliases:
+//
+//	dashboard                  — the visitor expects this
+//	user_dashboard_preference  AS preference  — only used inside this query
+//
+// Sort is "is_pinned DESC, <sort> <order>" so pinned dashboards float to the
+// top inside the requested ordering. Name-sort goes through the same
+// JSONExtractString path the visitor uses for name/description filtering.
+func (store *store) ListV2(
+	ctx context.Context,
+	orgID valuer.UUID,
+	userID valuer.UUID,
+	params *dashboardtypes.ListDashboardsV2Params,
+) ([]*dashboardtypes.DashboardListRow, int64, error) {
+	compiled, err := listfilter.Compile(params.Query, store.sqlstore.Formatter())
+	if err != nil {
+		return nil, 0, err
+	}
+	type listedRow struct {
+		*dashboardtypes.StorableDashboard `bun:",extend"`
+
+		IsPinned bool  `bun:"is_pinned"`
+		Total    int64 `bun:"total"`
+	}
+
+	rows := make([]*listedRow, 0)
+
+	q := store.sqlstore.
+		BunDB().
+		NewSelect().
+		Model(&rows).
+		ColumnExpr("dashboard.id, dashboard.org_id, dashboard.name, dashboard.data, dashboard.locked, dashboard.source, dashboard.created_at, dashboard.created_by, dashboard.updated_at, dashboard.updated_by").
+		ColumnExpr("CASE WHEN preference.is_pinned THEN 1 ELSE 0 END AS is_pinned").
+		ColumnExpr("COUNT(*) OVER () AS total").
+		Join("LEFT JOIN user_dashboard_preference AS preference ON preference.user_id = ? AND preference.dashboard_id = dashboard.id", userID).
+		Where("dashboard.org_id = ?", orgID).
+		Where("dashboard.source != ?", dashboardtypes.SourceSystem)
+
+	if compiled != nil {
+		q = q.Where(compiled.SQL, compiled.Args...)
+	}
+
+	sortExpr, err := store.sortExprForListV2(params.Sort)
+	if err != nil {
+		return nil, 0, err
+	}
+	q = q.
+		OrderExpr("is_pinned DESC").
+		OrderExpr(sortExpr + " " + strings.ToUpper(params.Order.StringValue())).
+		Limit(params.Limit).
+		Offset(params.Offset)
+
+	if err := q.Scan(ctx); err != nil {
+		return nil, 0, errors.WrapInternalf(err, errors.CodeInternal, "couldn't list dashboards")
+	}
+
+	// COUNT(*) OVER () is computed pre-LIMIT, so any returned row carries the
+	// full filter total. Empty result page => zero matches.
+	var total int64
+	if len(rows) > 0 {
+		total = rows[0].Total
+	}
+
+	out := make([]*dashboardtypes.DashboardListRow, len(rows))
+	for i, r := range rows {
+		out[i] = &dashboardtypes.DashboardListRow{
+			Dashboard: r.StorableDashboard,
+			Pinned:    r.IsPinned,
+		}
+	}
+	return out, total, nil
+}
+
+// sortExprForListV2 maps a sort enum to the SQL expression to plug into
+// ORDER BY. Title-sort routes through the SQLFormatter so it stays
+// dialect-aware (matches what listfilter/visitor does for the name filter).
+func (store *store) sortExprForListV2(sort dashboardtypes.ListSort) (string, error) {
+	switch sort {
+	case dashboardtypes.ListSortUpdatedAt:
+		return "dashboard.updated_at", nil
+	case dashboardtypes.ListSortCreatedAt:
+		return "dashboard.created_at", nil
+	case dashboardtypes.ListSortName:
+		return string(store.sqlstore.Formatter().JSONExtractString("dashboard.data", "$.spec.display.name")), nil
+	}
+	return "", errors.Newf(errors.TypeInvalidInput, dashboardtypes.ErrCodeDashboardListInvalid,
+		"unsupported sort field %q", sort)
+}
+
 func (store *store) GetPublic(ctx context.Context, dashboardID string) (*dashboardtypes.StorablePublicDashboard, error) {
 	storable := new(dashboardtypes.StorablePublicDashboard)
 	err := store.
@@ -217,3 +309,70 @@ func (store *store) RunInTx(ctx context.Context, cb func(ctx context.Context) er
 		return cb(ctx)
 	})
 }
+
+// PinForUser combines the count check, the existence check, and the upsert in
+// a single statement so the limit gate and the insert can't drift between two
+// round-trips. The count and existence checks gate on is_pinned = true so they
+// stay correct once the row carries preferences other than the pin.
+//
+//	pin exists? | pinned count < 10? | WHERE passes?           | effect                              | rows
+//	------------|--------------------|-------------------------|-------------------------------------|-----
+//	no          | yes                | yes (count branch)      | INSERT new pinned row               | 1
+//	no          | no                 | no                      | nothing (limit hit)                 | 0
+//	yes         | yes                | yes (count branch)      | INSERT → conflict → UPDATE is_pinned| 1
+//	yes         | no                 | yes (EXISTS OR branch)  | INSERT → conflict → UPDATE is_pinned| 1
+//
+// rows = 0 is the only signal of a real limit hit.
+func (store *store) PinForUser(ctx context.Context, preference *dashboardtypes.UserDashboardPreference) error {
+	res, err := store.sqlstore.BunDBCtx(ctx).NewRaw(`
+		INSERT INTO user_dashboard_preference (user_id, dashboard_id, org_id, is_pinned)
+		SELECT ?, ?, ?, true
+		WHERE (SELECT COUNT(*) FROM user_dashboard_preference WHERE user_id = ? AND is_pinned = true) < ?
+		   OR EXISTS (SELECT 1 FROM user_dashboard_preference WHERE user_id = ? AND dashboard_id = ? AND is_pinned = true)
+		ON CONFLICT (user_id, dashboard_id) DO UPDATE SET is_pinned = true
+	`,
+		preference.UserID, preference.DashboardID, preference.OrgID,
+		preference.UserID, dashboardtypes.MaxPinnedDashboardsPerUser,
+		preference.UserID, preference.DashboardID,
+	).Exec(ctx)
+	if err != nil {
+		return errors.WrapInternalf(err, errors.CodeInternal, "couldn't pin dashboard for user")
+	}
+	rows, err := res.RowsAffected()
+	if err != nil {
+		return errors.WrapInternalf(err, errors.CodeInternal, "couldn't read pin result")
+	}
+	if rows == 0 {
+		return errors.Newf(errors.TypeAlreadyExists, dashboardtypes.ErrCodePinnedDashboardLimitHit,
+			"cannot pin more than %d dashboards", dashboardtypes.MaxPinnedDashboardsPerUser)
+	}
+	return nil
+}
+
+// UnpinForUser deletes the user's preference row. This is fine while is_pinned
+// is the only preference stored; once the row carries other preferences this
+// must become an UPDATE that clears is_pinned instead of dropping the row.
+func (store *store) UnpinForUser(ctx context.Context, userID valuer.UUID, dashboardID valuer.UUID) error {
+	_, err := store.sqlstore.BunDBCtx(ctx).
+		NewDelete().
+		Model((*dashboardtypes.UserDashboardPreference)(nil)).
+		Where("user_id = ?", userID).
+		Where("dashboard_id = ?", dashboardID).
+		Exec(ctx)
+	if err != nil {
+		return errors.WrapInternalf(err, errors.CodeInternal, "couldn't unpin dashboard for user")
+	}
+	return nil
+}
+
+func (store *store) DeletePreferencesForDashboard(ctx context.Context, dashboardID valuer.UUID) error {
+	_, err := store.sqlstore.BunDBCtx(ctx).
+		NewDelete().
+		Model((*dashboardtypes.UserDashboardPreference)(nil)).
+		Where("dashboard_id = ?", dashboardID).
+		Exec(ctx)
+	if err != nil {
+		return errors.WrapInternalf(err, errors.CodeInternal, "couldn't delete dashboard preferences")
+	}
+	return nil
+}

pkg/modules/dashboard/impldashboard/v2_handler.go

@@ -42,6 +42,38 @@ func (handler *handler) CreateV2(rw http.ResponseWriter, r *http.Request) {
 	render.Success(rw, http.StatusCreated, dashboard.ToGettableDashboardV2())
 }
 
+func (handler *handler) ListV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID := valuer.MustNewUUID(claims.OrgID)
+	userID := valuer.MustNewUUID(claims.IdentityID())
+
+	params := new(dashboardtypes.ListDashboardsV2Params)
+	if err := binding.Query.BindQuery(r.URL.Query(), params); err != nil {
+		render.Error(rw, err)
+		return
+	}
+	if err := params.Validate(); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	out, err := handler.module.ListV2(ctx, orgID, userID, params)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, out)
+}
+
 func (handler *handler) GetV2(rw http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
 	defer cancel()
@@ -205,3 +237,79 @@ func (handler *handler) PatchV2(rw http.ResponseWriter, r *http.Request) {
 
 	render.Success(rw, http.StatusOK, dashboard.ToGettableDashboardV2())
 }
+
+func (handler *handler) PinV2(rw http.ResponseWriter, r *http.Request) {
+	handler.pinUnpinV2(rw, r, true)
+}
+
+func (handler *handler) UnpinV2(rw http.ResponseWriter, r *http.Request) {
+	handler.pinUnpinV2(rw, r, false)
+}
+
+func (handler *handler) pinUnpinV2(rw http.ResponseWriter, r *http.Request, pin bool) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID := valuer.MustNewUUID(claims.OrgID)
+	userID := valuer.MustNewUUID(claims.IdentityID())
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	if pin {
+		err = handler.module.PinV2(ctx, orgID, userID, dashboardID)
+	} else {
+		err = handler.module.UnpinV2(ctx, userID, dashboardID)
+	}
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}
+
+func (handler *handler) DeleteV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID := valuer.MustNewUUID(claims.OrgID)
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	if err := handler.module.DeleteV2(ctx, orgID, dashboardID); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}

pkg/modules/dashboard/impldashboard/v2_module.go

@@ -42,6 +42,29 @@ func (m *module) CreateV2(ctx context.Context, orgID valuer.UUID, createdBy stri
 	return dashboard, nil
 }
 
+func (module *module) ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *dashboardtypes.ListDashboardsV2Params) (*dashboardtypes.ListableDashboardV2, error) {
+	rows, total, err := module.store.ListV2(ctx, orgID, userID, params)
+	if err != nil {
+		return nil, err
+	}
+
+	dashboardIDs := make([]valuer.UUID, len(rows))
+	for i, r := range rows {
+		dashboardIDs[i] = r.Dashboard.ID
+	}
+	tagsByDashboard, err := module.tagModule.ListForResources(ctx, orgID, coretypes.KindDashboard, dashboardIDs)
+	if err != nil {
+		return nil, err
+	}
+
+	allTags, err := module.tagModule.List(ctx, orgID, coretypes.KindDashboard)
+	if err != nil {
+		return nil, err
+	}
+
+	return dashboardtypes.NewListableDashboardV2(rows, total, tagsByDashboard, allTags)
+}
+
 func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error) {
 	storable, err := module.store.Get(ctx, orgID, id)
 	if err != nil {
@@ -135,6 +158,27 @@ func (module *module) PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.
 	return existing, nil
 }
 
+func (module *module) DeleteV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) error {
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return err
+	}
+	if err := existing.CanDelete(); err != nil {
+		return err
+	}
+
+	return module.store.RunInTx(ctx, func(ctx context.Context) error {
+		// Syncing to an empty tag set drops every tag link for the dashboard.
+		if _, err := module.tagModule.SyncTags(ctx, orgID, coretypes.KindDashboard, id, nil); err != nil {
+			return err
+		}
+		if err := module.store.DeletePreferencesForDashboard(ctx, id); err != nil {
+			return err
+		}
+		return module.store.Delete(ctx, orgID, id)
+	})
+}
+
 func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
 	existing, err := module.GetV2(ctx, orgID, id)
 	if err != nil {
@@ -149,3 +193,14 @@ func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id va
 	}
 	return module.store.Update(ctx, orgID, storable)
 }
+
+func (module *module) PinV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, id valuer.UUID) error {
+	if _, err := module.GetV2(ctx, orgID, id); err != nil {
+		return err
+	}
+	return module.store.PinForUser(ctx, dashboardtypes.NewUserDashboardPreference(orgID, userID, id))
+}
+
+func (module *module) UnpinV2(ctx context.Context, userID valuer.UUID, id valuer.UUID) error {
+	return module.store.UnpinForUser(ctx, userID, id)
+}

pkg/modules/session/implsession/handler.go

@@ -4,11 +4,9 @@ import (
 	"context"
 	"net/http"
 	"net/url"
-	"path"
 	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/http/binding"
 	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/modules/session"
@@ -17,12 +15,11 @@ import (
 )
 
 type handler struct {
-	module       session.Module
-	globalConfig global.Config
+	module session.Module
 }
 
-func NewHandler(module session.Module, globalConfig global.Config) session.Handler {
-	return &handler{module: module, globalConfig: globalConfig}
+func NewHandler(module session.Module) session.Handler {
+	return &handler{module: module}
 }
 
 func (handler *handler) GetSessionContext(rw http.ResponseWriter, req *http.Request) {
@@ -161,13 +158,13 @@ func (handler *handler) DeleteSession(rw http.ResponseWriter, req *http.Request)
 	render.Success(rw, http.StatusNoContent, nil)
 }
 
-func (handler *handler) getRedirectURLFromErr(err error) string {
+func (*handler) getRedirectURLFromErr(err error) string {
 	values := errors.AsURLValues(err)
 	values.Add("callbackauthnerr", "true")
 
 	return (&url.URL{
 		// When UI is being served on a prefix, we need to redirect to the login page on the prefix.
-		Path:     path.Join(handler.globalConfig.ExternalPath(), "/login"),
+		Path:     "/login",
 		RawQuery: values.Encode(),
 	}).String()
 }

pkg/modules/tag/impltag/module.go

@@ -67,6 +67,10 @@ func (m *module) syncLinksForResource(ctx context.Context, orgID valuer.UUID, ki
 	})
 }
 
+func (m *module) List(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind) ([]*tagtypes.Tag, error) {
+	return m.store.List(ctx, orgID, kind)
+}
+
 func (m *module) ListForResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID) ([]*tagtypes.Tag, error) {
 	return m.store.ListByResource(ctx, orgID, kind, resourceID)
 }

pkg/modules/tag/tag.go

@@ -13,6 +13,9 @@ type Module interface {
 	// and reconciles the resource's links to exactly that set, all in one transaction.
 	SyncTags(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, postable []tagtypes.PostableTag) ([]*tagtypes.Tag, error)
 
+	// List returns every tag of the given kind in the org.
+	List(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind) ([]*tagtypes.Tag, error)
+
 	ListForResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID) ([]*tagtypes.Tag, error)
 
 	// Resources with no tags are absent from the returned map.

pkg/modules/tracedetail/config.go

@@ -6,16 +6,7 @@ import (
 )
 
 type Config struct {
-	Waterfall  WaterfallConfig  `mapstructure:"waterfall"`
-	Flamegraph FlamegraphConfig `mapstructure:"flamegraph"`
-}
-
-type FlamegraphConfig struct {
-	MaxSelectedLevels            int  `mapstructure:"max_selected_levels"`
-	MaxSpansPerLevel             int  `mapstructure:"max_spans_per_level"`
-	SamplingTopLatencySpansCount int  `mapstructure:"sampling_top_latency_count"`
-	SamplingBucketCount          int  `mapstructure:"sampling_bucket_count"`
-	SelectAllSpansLimit          uint `mapstructure:"select_all_spans_limit"`
+	Waterfall WaterfallConfig `mapstructure:"waterfall"`
 }
 
 type WaterfallConfig struct {
@@ -38,13 +29,6 @@ func newConfig() factory.Config {
 			MaxDepthToAutoExpand:     5,
 			MaxLimitToSelectAllSpans: 10_000,
 		},
-		Flamegraph: FlamegraphConfig{
-			MaxSelectedLevels:            50,
-			MaxSpansPerLevel:             100,
-			SamplingTopLatencySpansCount: 5,
-			SamplingBucketCount:          50,
-			SelectAllSpansLimit:          100_000,
-		},
 	}
 }
 
@@ -58,20 +42,5 @@ func (c Config) Validate() error {
 	if c.Waterfall.MaxLimitToSelectAllSpans == 0 {
 		return errors.NewInvalidInputf(errors.CodeInvalidInput, "traces.waterfall.max_limit_to_select_all_spans must be positive")
 	}
-	if c.Flamegraph.MaxSelectedLevels <= 0 {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "tracedetail.flamegraph.level_limit must be positive, got %d", c.Flamegraph.MaxSelectedLevels)
-	}
-	if c.Flamegraph.MaxSpansPerLevel <= 0 {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "tracedetail.flamegraph.spans_per_level must be positive, got %d", c.Flamegraph.MaxSpansPerLevel)
-	}
-	if c.Flamegraph.SamplingTopLatencySpansCount < 0 {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "tracedetail.flamegraph.top_latency_count cannot be negative, got %d", c.Flamegraph.SamplingTopLatencySpansCount)
-	}
-	if c.Flamegraph.SamplingBucketCount <= 0 {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "tracedetail.flamegraph.bucket_count must be positive, got %d", c.Flamegraph.SamplingBucketCount)
-	}
-	if c.Flamegraph.SelectAllSpansLimit == 0 {
-		return errors.NewInvalidInputf(errors.CodeInvalidInput, "tracedetail.flamegraph.max_limit_to_select_all_spans must be positive")
-	}
 	return nil
 }

pkg/modules/tracedetail/impltracedetail/handler.go

@@ -80,19 +80,3 @@ func (h *handler) GetTraceAggregations(rw http.ResponseWriter, r *http.Request)
 
 	render.Success(rw, http.StatusOK, result)
 }
-
-func (h *handler) GetFlamegraph(rw http.ResponseWriter, r *http.Request) {
-	req := new(spantypes.PostableFlamegraph)
-	if err := binding.JSON.BindBody(r.Body, req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	result, err := h.module.GetFlamegraph(r.Context(), mux.Vars(r)["traceID"], req.SelectedSpanID, req.SelectFields)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusOK, result)
-}

pkg/modules/tracedetail/impltracedetail/module.go

@@ -7,7 +7,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/tracedetail"
 	"github.com/SigNoz/signoz/pkg/types/spantypes"
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"go.opentelemetry.io/otel/metric"
 )
 
@@ -165,17 +164,6 @@ func (m *module) GetTraceAggregations(ctx context.Context, traceID string, req *
 	return &spantypes.GettableTraceAggregations{Aggregations: results}, nil
 }
 
-func (m *module) GetFlamegraph(ctx context.Context, traceID string, selectedSpanID string, selectFields []telemetrytypes.TelemetryFieldKey) (*spantypes.GettableFlamegraphTrace, error) {
-	summary, err := m.store.GetTraceSummary(ctx, traceID)
-	if err != nil {
-		return nil, err
-	}
-	if summary.NumSpans <= uint64(m.config.Flamegraph.SelectAllSpansLimit) {
-		return m.getFullFlamegraph(ctx, traceID, summary, selectFields)
-	}
-	return m.getWindowedFlamegraph(ctx, traceID, selectedSpanID, summary, selectFields)
-}
-
 // getWindowedWaterfall builds the waterfall tree with minimal data and then returns only a window of full spans.
 func (m *module) getWindowedWaterfall(ctx context.Context, traceID, selectedSpanID string, uncollapsedSpans []string, start, end time.Time) (*spantypes.GettableWaterfallTrace, error) {
 	// Step 1: minimal fetch → build full tree → select visible window
@@ -216,47 +204,3 @@ func (m *module) getWindowedWaterfall(ctx context.Context, traceID, selectedSpan
 		waterfallTrace, selectedSpans, uncollapsedSpans, false, nil,
 	), nil
 }
-
-func (m *module) getFullFlamegraph(ctx context.Context, traceID string, summary *spantypes.TraceSummary, selectFields []telemetrytypes.TelemetryFieldKey) (*spantypes.GettableFlamegraphTrace, error) {
-	fullSpans, err := m.store.GetFlamegraphSpans(ctx, traceID, summary.Start, summary.End, nil)
-	if err != nil {
-		return nil, err
-	}
-	if len(fullSpans) == 0 {
-		return nil, spantypes.ErrTraceNotFound
-	}
-	flamegraphTrace := spantypes.NewFlamegraphTraceFromStorable(fullSpans, selectFields)
-	return spantypes.NewGettableFlamegraphTrace(flamegraphTrace.GetAllLevels(), summary.Start.UnixMilli(), summary.End.UnixMilli(), false), nil
-}
-
-// getWindowedFlamegraph returns a window of a max levels and max sampled spans per level around the selected span.
-func (m *module) getWindowedFlamegraph(ctx context.Context, traceID, selectedSpanID string, summary *spantypes.TraceSummary, selectFields []telemetrytypes.TelemetryFieldKey) (*spantypes.GettableFlamegraphTrace, error) {
-	minimalSpans, err := m.store.GetMinimalSpans(ctx, traceID, summary.Start, summary.End)
-	if err != nil {
-		return nil, err
-	}
-	if len(minimalSpans) == 0 {
-		return nil, spantypes.ErrTraceNotFound
-	}
-
-	flamegraphTrace := spantypes.NewFlamegraphTraceFromMinimal(minimalSpans)
-	minimalSpans = nil //nolint:ineffassign,wastedassign // release backing array before further db calls
-
-	cfg := m.config.Flamegraph
-	selectedSpans := flamegraphTrace.GetSelectedLevels(selectedSpanID, cfg.MaxSelectedLevels, cfg.MaxSpansPerLevel, cfg.SamplingTopLatencySpansCount, cfg.SamplingBucketCount)
-	if len(selectedSpans) == 0 {
-		return nil, spantypes.ErrTraceNotFound
-	}
-
-	fullSpans, err := m.store.GetFlamegraphSpans(ctx, traceID, summary.Start, summary.End, spantypes.FlamegraphWindowSpanIDs(selectedSpans))
-	if err != nil {
-		return nil, err
-	}
-
-	return spantypes.NewGettableFlamegraphTrace(
-		flamegraphTrace.EnrichSelectedSpans(selectedSpans, fullSpans, selectFields),
-		summary.Start.UnixMilli(),
-		summary.End.UnixMilli(),
-		true,
-	), nil
-}

pkg/modules/tracedetail/impltracedetail/store.go

@@ -154,47 +154,6 @@ func (s *traceStore) GetTraceSpansByIDs(ctx context.Context, traceID string, sta
 	return spans, nil
 }
 
-func (s *traceStore) GetFlamegraphSpans(ctx context.Context, traceID string, start, end time.Time, spanIDs []string) ([]spantypes.StorableSpan, error) {
-	sb := sqlbuilder.NewSelectBuilder()
-	sb.Select(
-		"span_id",
-		"any(parent_span_id) AS parent_span_id",
-		"any(timestamp) AS timestamp",
-		"any(duration_nano) AS duration_nano",
-		"any(has_error) AS has_error",
-		"any(name) AS name",
-		"any(events) AS events",
-		"any(attributes_string) AS attributes_string",
-		"any(attributes_number) AS attributes_number",
-		"any(attributes_bool) AS attributes_bool",
-		"any(resources_string) AS resources_string",
-	)
-	sb.From(fmt.Sprintf("%s.%s", spantypes.TraceDB, spantypes.TraceTable))
-	conditions := []string{
-		sb.E("trace_id", traceID),
-		sb.GE("ts_bucket_start", start.Unix()-1800),
-		sb.LE("ts_bucket_start", end.Unix()),
-	}
-	if len(spanIDs) > 0 {
-		ids := make([]any, len(spanIDs))
-		for i, id := range spanIDs {
-			ids[i] = id
-		}
-		conditions = append(conditions, sb.In("span_id", ids...))
-	}
-	sb.Where(conditions...)
-	sb.GroupBy("span_id")
-	sb.OrderByAsc("timestamp")
-	sb.OrderByAsc("name")
-	query, args := sb.BuildWithFlavor(sqlbuilder.ClickHouse)
-
-	var spans []spantypes.StorableSpan
-	if err := s.telemetryStore.ClickhouseDB().Select(ctx, &spans, query, args...); err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "error querying flamegraph spans")
-	}
-	return spans, nil
-}
-
 func (s *traceStore) GetSpanCountByField(ctx context.Context, traceID string, summary *spantypes.TraceSummary, fieldKey telemetrytypes.TelemetryFieldKey) (map[string]uint64, error) {
 	fieldExpr, err := buildFieldExpr(fieldKey)
 	if err != nil {

pkg/modules/tracedetail/impltracedetail/store_test.go

@@ -91,30 +91,6 @@ func TestGetSpanCountByField(t *testing.T) {
 	}
 }
 
-func TestGetFlamegraphSpans(t *testing.T) {
-	baseSQL := "SELECT span_id, any(parent_span_id) AS parent_span_id, any(timestamp) AS timestamp, any(duration_nano) AS duration_nano, any(has_error) AS has_error, any(name) AS name, any(events) AS events, any(attributes_string) AS attributes_string, any(attributes_number) AS attributes_number, any(attributes_bool) AS attributes_bool, any(resources_string) AS resources_string FROM signoz_traces.distributed_signoz_index_v3 WHERE trace_id = ? AND ts_bucket_start >= ? AND ts_bucket_start <= ? GROUP BY span_id ORDER BY timestamp ASC, name ASC"
-	withSpanIDsSQL := "SELECT span_id, any(parent_span_id) AS parent_span_id, any(timestamp) AS timestamp, any(duration_nano) AS duration_nano, any(has_error) AS has_error, any(name) AS name, any(events) AS events, any(attributes_string) AS attributes_string, any(attributes_number) AS attributes_number, any(attributes_bool) AS attributes_bool, any(resources_string) AS resources_string FROM signoz_traces.distributed_signoz_index_v3 WHERE trace_id = ? AND ts_bucket_start >= ? AND ts_bucket_start <= ? AND span_id IN (?, ?) GROUP BY span_id ORDER BY timestamp ASC, name ASC"
-
-	tests := []struct {
-		name    string
-		spanIDs []string
-		sql     string
-	}{
-		{name: "NoSpanIDs_GeneratesBaseSQL", spanIDs: nil, sql: baseSQL},
-		{name: "WithSpanIDs_GeneratesInClauseSQL", spanIDs: []string{"span-1", "span-2"}, sql: withSpanIDsSQL},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			s := newTestStore(sqlmock.QueryMatcherRegexp)
-			s.Mock().ExpectSelect(regexp.QuoteMeta(tc.sql)).
-				WillReturnRows(cmock.NewRows(nil, nil))
-			_, _ = s.Store().GetFlamegraphSpans(context.Background(), testTraceID, testStart, testEnd, tc.spanIDs)
-			assert.NoError(t, s.Mock().ExpectationsWereMet())
-		})
-	}
-}
-
 func TestGetSpanDurationByField(t *testing.T) {
 
 	expectedSQL := "WITH all_spans AS (SELECT DISTINCT ON (span_id) resource.`service.name`::String AS field_value, toUnixTimestamp64Nano(timestamp) AS start_ns, start_ns + duration_nano AS end_ns FROM signoz_traces.distributed_signoz_index_v3 WHERE trace_id = ? AND ts_bucket_start >= ? AND ts_bucket_start <= ? AND notEmpty(field_value) ORDER BY timestamp ASC, name ASC), effective_start AS (SELECT field_value, end_ns, greatest(start_ns, ifNull(max(end_ns) OVER (PARTITION BY field_value ORDER BY start_ns ROWS BETWEEN UNBOUNDED PRECEDING AND 1 PRECEDING), toUInt64(0))) AS effective_start_ns FROM all_spans) SELECT field_value, sum(toUInt64(greatest(end_ns - effective_start_ns, 0))) AS total_ns FROM effective_start GROUP BY field_value"

pkg/modules/tracedetail/tracedetail.go

@@ -5,7 +5,6 @@ import (
 	"net/http"
 
 	"github.com/SigNoz/signoz/pkg/types/spantypes"
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 )
 
 // Handler exposes HTTP handlers for trace detail APIs.
@@ -13,7 +12,6 @@ type Handler interface {
 	GetWaterfall(http.ResponseWriter, *http.Request)
 	GetWaterfallV4(http.ResponseWriter, *http.Request)
 	GetTraceAggregations(http.ResponseWriter, *http.Request)
-	GetFlamegraph(http.ResponseWriter, *http.Request)
 }
 
 // Module defines the business logic for trace detail operations.
@@ -21,5 +19,4 @@ type Module interface {
 	GetWaterfall(ctx context.Context, traceID string, req *spantypes.PostableWaterfall) (*spantypes.GettableWaterfallTrace, error)
 	GetWaterfallV4(ctx context.Context, traceID string, selectedSpanID string, uncollapsedSpans []string, selectAllLimit uint) (*spantypes.GettableWaterfallTrace, error)
 	GetTraceAggregations(ctx context.Context, traceID string, req *spantypes.PostableTraceAggregations) (*spantypes.GettableTraceAggregations, error)
-	GetFlamegraph(ctx context.Context, traceID string, selectedSpanID string, selectFields []telemetrytypes.TelemetryFieldKey) (*spantypes.GettableFlamegraphTrace, error)
 }

pkg/parser/filterquery/parse.go

@@ -0,0 +1,33 @@
+package filterquery
+
+import (
+	"fmt"
+
+	grammar "github.com/SigNoz/signoz/pkg/parser/filterquery/grammar"
+	"github.com/antlr4-go/antlr/v4"
+)
+
+func Parse(query string) (antlr.ParseTree, *antlr.CommonTokenStream, *ErrorCollector) {
+	collector := NewErrorCollector()
+	lexer := grammar.NewFilterQueryLexer(antlr.NewInputStream(query))
+	lexer.RemoveErrorListeners()
+	lexer.AddErrorListener(collector)
+	tokens := antlr.NewCommonTokenStream(lexer, 0)
+	parser := grammar.NewFilterQueryParser(tokens)
+	parser.RemoveErrorListeners()
+	parser.AddErrorListener(collector)
+	return parser.Query(), tokens, collector
+}
+
+type ErrorCollector struct {
+	*antlr.DefaultErrorListener
+	Errors []string
+}
+
+func NewErrorCollector() *ErrorCollector {
+	return &ErrorCollector{}
+}
+
+func (c *ErrorCollector) SyntaxError(_ antlr.Recognizer, _ any, line, column int, msg string, _ antlr.RecognitionException) {
+	c.Errors = append(c.Errors, fmt.Sprintf("syntax error at %d:%d — %s", line, column, msg))
+}

pkg/signoz/authn.go

@@ -7,15 +7,14 @@ import (
 	"github.com/SigNoz/signoz/pkg/authn/callbackauthn/googlecallbackauthn"
 	"github.com/SigNoz/signoz/pkg/authn/passwordauthn/emailpasswordauthn"
 	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 )
 
-func NewAuthNs(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing, globalConfig global.Config) (map[authtypes.AuthNProvider]authn.AuthN, error) {
+func NewAuthNs(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
 	emailPasswordAuthN := emailpasswordauthn.New(store)
 
-	googleCallbackAuthN, err := googlecallbackauthn.New(ctx, store, providerSettings, globalConfig)
+	googleCallbackAuthN, err := googlecallbackauthn.New(ctx, store, providerSettings)
 	if err != nil {
 		return nil, err
 	}

pkg/signoz/provider.go

@@ -211,6 +211,7 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewAddDashboardNameFactory(sqlstore, sqlschema),
 		sqlmigration.NewFixChangelogOperationTypeFactory(sqlstore, sqlschema),
 		sqlmigration.NewCloudIntegrationRemoveCascadeDeleteFactory(sqlschema),
+		sqlmigration.NewAddUserDashboardPreferenceFactory(sqlstore, sqlschema),
 	)
 }
 
@@ -275,14 +276,14 @@ func NewQuerierProviderFactories(telemetryStore telemetrystore.TelemetryStore, p
 	)
 }
 
-func NewAPIServerProviderFactories(orgGetter organization.Getter, authz authz.AuthZ, modules Modules, handlers Handlers, globalConfig global.Config) factory.NamedMap[factory.ProviderFactory[apiserver.APIServer, apiserver.Config]] {
+func NewAPIServerProviderFactories(orgGetter organization.Getter, authz authz.AuthZ, modules Modules, handlers Handlers) factory.NamedMap[factory.ProviderFactory[apiserver.APIServer, apiserver.Config]] {
 	return factory.MustNewNamedMap(
 		signozapiserver.NewFactory(
 			orgGetter,
 			authz,
 			implorganization.NewHandler(modules.OrgGetter, modules.OrgSetter),
 			impluser.NewHandler(modules.UserSetter, modules.UserGetter),
-			implsession.NewHandler(modules.Session, globalConfig),
+			implsession.NewHandler(modules.Session),
 			implauthdomain.NewHandler(modules.AuthDomain),
 			implpreference.NewHandler(modules.Preference),
 			handlers.Global,

pkg/signoz/provider_test.go

@@ -95,7 +95,6 @@ func TestNewProviderFactories(t *testing.T) {
 			nil,
 			Modules{},
 			Handlers{},
-			global.Config{},
 		)
 	})
 }

pkg/signoz/signoz.go

@@ -542,7 +542,7 @@ func New(
 		ctx,
 		providerSettings,
 		config.APIServer,
-		NewAPIServerProviderFactories(orgGetter, authz, modules, handlers, config.Global),
+		NewAPIServerProviderFactories(orgGetter, authz, modules, handlers),
 		"signoz",
 	)
 	if err != nil {

pkg/sqlmigration/092_add_user_dashboard_preference.go

@@ -0,0 +1,67 @@
+package sqlmigration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addUserDashboardPreference struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewAddUserDashboardPreferenceFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(factory.MustNewName("add_user_dashboard_preference"), func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+		return &addUserDashboardPreference{
+			sqlstore:  sqlstore,
+			sqlschema: sqlschema,
+		}, nil
+	})
+}
+
+func (migration *addUserDashboardPreference) Register(migrations *migrate.Migrations) error {
+	return migrations.Register(migration.Up, migration.Down)
+}
+
+func (migration *addUserDashboardPreference) Up(ctx context.Context, db *bun.DB) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	sqls := migration.sqlschema.Operator().CreateTable(&sqlschema.Table{
+		Name: "user_dashboard_preference",
+		Columns: []*sqlschema.Column{
+			{Name: "user_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "dashboard_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "org_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "is_pinned", DataType: sqlschema.DataTypeBoolean, Nullable: false, Default: "false"},
+		},
+		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{ColumnNames: []sqlschema.ColumnName{"user_id", "dashboard_id"}},
+		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
+			{
+				ReferencingColumnName: sqlschema.ColumnName("org_id"),
+				ReferencedTableName:   sqlschema.TableName("organizations"),
+				ReferencedColumnName:  sqlschema.ColumnName("id"),
+			},
+		},
+	})
+
+	for _, sql := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	return tx.Commit()
+}
+
+func (migration *addUserDashboardPreference) Down(_ context.Context, _ *bun.DB) error {
+	return nil
+}

pkg/types/cloudintegrationtypes/serviceid.go

@@ -27,7 +27,6 @@ var (
 	// Azure services.
 	AzureServiceStorageAccountsBlob = ServiceID{valuer.NewString("storageaccountsblob")}
 	AzureServiceCDNProfile          = ServiceID{valuer.NewString("cdnprofile")}
-	AzureServiceAKS                 = ServiceID{valuer.NewString("aks")}
 )
 
 func (ServiceID) Enum() []any {
@@ -47,7 +46,6 @@ func (ServiceID) Enum() []any {
 		AWSServiceSQS,
 		AzureServiceStorageAccountsBlob,
 		AzureServiceCDNProfile,
-		AzureServiceAKS,
 	}
 }
 
@@ -71,7 +69,6 @@ var SupportedServices = map[CloudProviderType][]ServiceID{
 	CloudProviderTypeAzure: {
 		AzureServiceStorageAccountsBlob,
 		AzureServiceCDNProfile,
-		AzureServiceAKS,
 	},
 }
 

pkg/types/dashboardtypes/list_v2.go

@@ -0,0 +1,159 @@
+package dashboardtypes
+
+import (
+	"slices"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/perses/spec/go/common"
+)
+
+const (
+	DefaultListLimit = 20
+	MaxListLimit     = 200
+)
+
+// ListSort is the sort field for the dashboard list endpoint. The value is a
+// stable enum so callers can't ask for arbitrary columns.
+type ListSort struct{ valuer.String }
+
+var (
+	ListSortUpdatedAt = ListSort{valuer.NewString("updated_at")}
+	ListSortCreatedAt = ListSort{valuer.NewString("created_at")}
+	ListSortName      = ListSort{valuer.NewString("name")}
+)
+
+func (ListSort) Enum() []any {
+	return []any{ListSortUpdatedAt, ListSortCreatedAt, ListSortName}
+}
+
+func (s ListSort) IsValid() bool {
+	return slices.ContainsFunc(s.Enum(), func(v any) bool { return v == s })
+}
+
+type ListOrder struct{ valuer.String }
+
+var (
+	ListOrderAsc  = ListOrder{valuer.NewString("asc")}
+	ListOrderDesc = ListOrder{valuer.NewString("desc")}
+)
+
+func (ListOrder) Enum() []any {
+	return []any{ListOrderAsc, ListOrderDesc}
+}
+
+func (o ListOrder) IsValid() bool {
+	return slices.ContainsFunc(o.Enum(), func(v any) bool { return v == o })
+}
+
+var ErrCodeDashboardListInvalid = errors.MustNewCode("dashboard_list_invalid")
+
+type ListDashboardsV2Params struct {
+	Query  string    `query:"query"`
+	Sort   ListSort  `query:"sort"`
+	Order  ListOrder `query:"order"`
+	Limit  int       `query:"limit"`
+	Offset int       `query:"offset"`
+}
+
+// Validate fills in defaults (sort=updated_at, order=desc, limit=20) and
+// rejects out-of-allowlist sort/order values and bad limit/offset. Limit is
+// clamped to MaxListLimit on the high side. Sort/order are case-insensitive —
+// valuer.String lowercases them at bind time.
+func (p *ListDashboardsV2Params) Validate() error {
+	if p.Sort.IsZero() {
+		p.Sort = ListSortUpdatedAt
+	} else if !p.Sort.IsValid() {
+		return errors.NewInvalidInputf(ErrCodeDashboardListInvalid,
+			"invalid sort %q — expected one of: `updated_at`, `created_at`, `name`", p.Sort)
+	}
+
+	if p.Order.IsZero() {
+		p.Order = ListOrderDesc
+	} else if !p.Order.IsValid() {
+		return errors.NewInvalidInputf(ErrCodeDashboardListInvalid,
+			"invalid order %q — expected `asc` or `desc`", p.Order)
+	}
+
+	if p.Limit == 0 {
+		p.Limit = DefaultListLimit
+	} else if p.Limit < 0 {
+		return errors.NewInvalidInputf(ErrCodeDashboardListInvalid,
+			"invalid limit %d — must be a positive integer", p.Limit)
+	} else if p.Limit > MaxListLimit {
+		p.Limit = MaxListLimit
+	}
+
+	if p.Offset < 0 {
+		return errors.NewInvalidInputf(ErrCodeDashboardListInvalid,
+			"invalid offset %d — must be a non-negative integer", p.Offset)
+	}
+
+	return nil
+}
+
+type listedDashboardV2 struct {
+	types.Identifiable
+	types.TimeAuditable
+	types.UserAuditable
+
+	OrgID         valuer.UUID             `json:"orgId" required:"true"`
+	Locked        bool                    `json:"locked" required:"true"`
+	Source        Source                  `json:"source" required:"true"`
+	SchemaVersion string                  `json:"schemaVersion" required:"true"`
+	Name          string                  `json:"name" required:"true"`
+	Pinned        bool                    `json:"pinned" required:"true"`
+	Image         string                  `json:"image,omitempty"`
+	Tags          []*tagtypes.GettableTag `json:"tags" required:"true" nullable:"false"`
+	Spec          listedDashboardV2Spec   `json:"spec" required:"true"`
+}
+
+type listedDashboardV2Spec struct {
+	Display *common.Display `json:"display,omitempty"`
+}
+
+type ListableDashboardV2 struct {
+	Dashboards []*listedDashboardV2    `json:"dashboards" required:"true" nullable:"false"`
+	Total      int64                   `json:"total" required:"true"`
+	Tags       []*tagtypes.GettableTag `json:"tags" required:"true" nullable:"false"`
+}
+
+// DashboardListRow is the per-row shape Store.ListV2 returns. Bundles the
+// joined dashboard / user_dashboard_preference data so the module layer can
+// attach tags and assemble the gettable view.
+type DashboardListRow struct {
+	Dashboard *StorableDashboard
+	Pinned    bool
+}
+
+func NewListableDashboardV2(rows []*DashboardListRow, total int64, tagsByEntity map[valuer.UUID][]*tagtypes.Tag, allTags []*tagtypes.Tag) (*ListableDashboardV2, error) {
+	dashboards := make([]*listedDashboardV2, len(rows))
+	for i, r := range rows {
+		v2, err := r.Dashboard.ToDashboardV2(tagsByEntity[r.Dashboard.ID])
+		if err != nil {
+			return nil, err
+		}
+
+		dashboards[i] = &listedDashboardV2{
+			Identifiable:  v2.Identifiable,
+			TimeAuditable: v2.TimeAuditable,
+			UserAuditable: v2.UserAuditable,
+			OrgID:         v2.OrgID,
+			Locked:        v2.Locked,
+			Source:        v2.Source,
+			SchemaVersion: v2.SchemaVersion,
+			Name:          v2.Name,
+			Pinned:        r.Pinned,
+			Image:         v2.Image,
+			Tags:          tagtypes.NewGettableTagsFromTags(v2.Tags),
+			Spec:          listedDashboardV2Spec{Display: v2.Spec.Display},
+		}
+	}
+	return &ListableDashboardV2{
+		Dashboards: dashboards,
+		Total:      total,
+		Tags:       tagtypes.NewGettableTagsFromTags(allTags),
+	}, nil
+}

pkg/types/dashboardtypes/listfilter/constants.go

@@ -0,0 +1,60 @@
+package listfilter
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	qbtypesv5 "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+)
+
+var ErrCodeDashboardListFilterInvalid = errors.MustNewCode("dashboard_list_filter_invalid")
+
+// reservedOps lists the operators each reserved (column-level) DSL key accepts.
+// Any non-reserved key is treated as a tag key and uses tagKeyOps.
+var reservedOps = map[dashboardtypes.DSLKey]map[qbtypesv5.FilterOperator]struct{}{
+	dashboardtypes.DSLKeyName:        stringSearchOps(),
+	dashboardtypes.DSLKeyDescription: stringSearchOps(),
+	dashboardtypes.DSLKeyCreatedAt:   numericRangeOps(),
+	dashboardtypes.DSLKeyUpdatedAt:   numericRangeOps(),
+	dashboardtypes.DSLKeyCreatedBy:   stringSearchOps(),
+	dashboardtypes.DSLKeyLocked:      opsSet(qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual),
+}
+
+// tagKeyOps applies to every non-reserved DSL key — the operator targets the
+// tag's value with an implicit case-insensitive match on the tag's key.
+var tagKeyOps = opsSet(
+	qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual,
+	qbtypesv5.FilterOperatorLike, qbtypesv5.FilterOperatorNotLike,
+	qbtypesv5.FilterOperatorILike, qbtypesv5.FilterOperatorNotILike,
+	qbtypesv5.FilterOperatorContains, qbtypesv5.FilterOperatorNotContains,
+	qbtypesv5.FilterOperatorRegexp, qbtypesv5.FilterOperatorNotRegexp,
+	qbtypesv5.FilterOperatorIn, qbtypesv5.FilterOperatorNotIn,
+	qbtypesv5.FilterOperatorExists, qbtypesv5.FilterOperatorNotExists,
+)
+
+func stringSearchOps() map[qbtypesv5.FilterOperator]struct{} {
+	return opsSet(
+		qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual,
+		qbtypesv5.FilterOperatorLike, qbtypesv5.FilterOperatorNotLike,
+		qbtypesv5.FilterOperatorILike, qbtypesv5.FilterOperatorNotILike,
+		qbtypesv5.FilterOperatorContains, qbtypesv5.FilterOperatorNotContains,
+		qbtypesv5.FilterOperatorRegexp, qbtypesv5.FilterOperatorNotRegexp,
+		qbtypesv5.FilterOperatorIn, qbtypesv5.FilterOperatorNotIn,
+	)
+}
+
+func numericRangeOps() map[qbtypesv5.FilterOperator]struct{} {
+	return opsSet(
+		qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual,
+		qbtypesv5.FilterOperatorLessThan, qbtypesv5.FilterOperatorLessThanOrEq,
+		qbtypesv5.FilterOperatorGreaterThan, qbtypesv5.FilterOperatorGreaterThanOrEq,
+		qbtypesv5.FilterOperatorBetween, qbtypesv5.FilterOperatorNotBetween,
+	)
+}
+
+func opsSet(ops ...qbtypesv5.FilterOperator) map[qbtypesv5.FilterOperator]struct{} {
+	m := make(map[qbtypesv5.FilterOperator]struct{}, len(ops))
+	for _, op := range ops {
+		m[op] = struct{}{}
+	}
+	return m
+}

pkg/types/dashboardtypes/listfilter/listfilter.go

@@ -0,0 +1,39 @@
+package listfilter
+
+import (
+	"strings"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+)
+
+type Compiled struct {
+	SQL  string
+	Args []any
+}
+
+func Compile(query string, formatter sqlstore.SQLFormatter) (*Compiled, error) {
+	if len(query) == 0 {
+		return nil, nil //nolint:nilnil
+	}
+
+	queryVisitor := newVisitor(formatter)
+	sql, args, syntaxErrs := queryVisitor.compile(query)
+
+	if len(syntaxErrs) > 0 {
+		return nil, errors.NewInvalidInputf(ErrCodeDashboardListFilterInvalid,
+			"invalid filter query: %s", strings.Join(syntaxErrs, "; "))
+	}
+	if len(queryVisitor.errors) > 0 {
+		return nil, errors.NewInvalidInputf(ErrCodeDashboardListFilterInvalid,
+			"invalid filter query: %s", strings.Join(queryVisitor.errors, "; "))
+	}
+	if sql == "" {
+		return nil, nil //nolint:nilnil
+	}
+
+	return &Compiled{
+		SQL:  sql,
+		Args: args,
+	}, nil
+}

pkg/types/dashboardtypes/listfilter/listfilter_test.go

@@ -0,0 +1,504 @@
+package listfilter
+
+import (
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/DATA-DOG/go-sqlmock"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstoretest"
+)
+
+type compileCase struct {
+	subtestName              string
+	dslQueryToCompile        string
+	nilExpected              bool
+	expectedSQL              string
+	expectedArgs             []any
+	expectedErrShouldContain string
+}
+
+// kindArg is the tag_relation.kind value bound into every tag EXISTS subquery
+// (stored double-encoded, hence the embedded quotes). It leads each tag
+// predicate's args, ahead of the tag key.
+const kindArg = `"dashboard"`
+
+func runCompileCases(t *testing.T, cases []compileCase) {
+	t.Helper()
+	for _, c := range cases {
+		t.Run(c.subtestName, func(t *testing.T) {
+			out, err := Compile(c.dslQueryToCompile, formatter(t))
+
+			if c.expectedErrShouldContain != "" {
+				require.Error(t, err)
+				assert.Contains(t, strings.ToLower(err.Error()), strings.ToLower(c.expectedErrShouldContain))
+				return
+			}
+
+			require.NoError(t, err)
+			if c.nilExpected {
+				assert.Nil(t, out)
+				return
+			}
+			require.NotNil(t, out)
+
+			if c.expectedSQL != "" {
+				assert.Equal(t, normalizeSQL(c.expectedSQL), normalizeSQL(out.SQL))
+			}
+			if c.expectedArgs != nil {
+				require.Len(t, out.Args, len(c.expectedArgs))
+				for i, want := range c.expectedArgs {
+					// time.Time values can carry semantically-equal instants
+					// in different *Location representations (UTC vs Local vs
+					// FixedZone). Compare via .Equal() instead of DeepEqual.
+					if wantT, ok := want.(time.Time); ok {
+						gotT, ok := out.Args[i].(time.Time)
+						require.True(t, ok, "arg[%d]: want time.Time, got %T", i, out.Args[i])
+						assert.True(t, wantT.Equal(gotT), "arg[%d]: want %s, got %s", i, wantT, gotT)
+						continue
+					}
+					assert.Equal(t, want, out.Args[i], "arg[%d]", i)
+				}
+			}
+		})
+	}
+}
+
+func TestCompile_Empty(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{subtestName: "empty query yields nil", dslQueryToCompile: "", nilExpected: true},
+	})
+}
+
+func TestCompile_Name(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "name =",
+			dslQueryToCompile: `name = 'overview'`,
+			expectedSQL:       `json_extract("dashboard"."data", '$.spec.display.name') = ?`,
+			expectedArgs:      []any{"overview"},
+		},
+		{
+			// QUOTED_TEXT in the grammar covers both '…' and "…" — visitor
+			// strips whichever quote pair surrounds the value.
+			subtestName:       "name = with double-quoted value",
+			dslQueryToCompile: `name = "something"`,
+			expectedSQL:       `json_extract("dashboard"."data", '$.spec.display.name') = ?`,
+			expectedArgs:      []any{"something"},
+		},
+		{
+			subtestName:       "name CONTAINS",
+			dslQueryToCompile: `name CONTAINS 'overview'`,
+			expectedSQL:       `json_extract("dashboard"."data", '$.spec.display.name') LIKE ? ESCAPE '\'`,
+			expectedArgs:      []any{"%overview%"},
+		},
+		{
+			subtestName:       "name ILIKE — emitted as LOWER(col) LIKE LOWER(?) for dialect parity",
+			dslQueryToCompile: `name ILIKE 'Prod%'`,
+			expectedSQL:       `lower(json_extract("dashboard"."data", '$.spec.display.name')) LIKE LOWER(?) ESCAPE '\'`,
+			expectedArgs:      []any{"Prod%"},
+		},
+		{
+			subtestName:       "CONTAINS escapes % in user input",
+			dslQueryToCompile: `name CONTAINS '50%'`,
+			expectedSQL:       `json_extract("dashboard"."data", '$.spec.display.name') LIKE ? ESCAPE '\'`,
+			expectedArgs:      []any{`%50\%%`},
+		},
+	})
+}
+
+func TestCompile_CreatedByLocked(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "created_by LIKE",
+			dslQueryToCompile: `created_by LIKE '%@signoz.io'`,
+			expectedSQL:       `dashboard.created_by LIKE ? ESCAPE '\'`,
+			expectedArgs:      []any{"%@signoz.io"},
+		},
+		{
+			subtestName:       "locked = true",
+			dslQueryToCompile: `locked = true`,
+			expectedSQL:       `dashboard.locked = ?`,
+			expectedArgs:      []any{true},
+		},
+	})
+}
+
+func TestCompile_Timestamps(t *testing.T) {
+	ist := time.FixedZone("+05:30", 5*60*60+30*60)
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "created_at >= RFC3339",
+			dslQueryToCompile: `created_at >= '2026-03-10T00:00:00Z'`,
+			expectedSQL:       `dashboard.created_at >= ?`,
+			expectedArgs:      []any{time.Date(2026, 3, 10, 0, 0, 0, 0, time.UTC)},
+		},
+		{
+			subtestName:       "updated_at BETWEEN",
+			dslQueryToCompile: `updated_at BETWEEN '2026-03-10T00:00:00Z' AND '2026-03-20T00:00:00Z'`,
+			expectedSQL:       `dashboard.updated_at BETWEEN ? AND ?`,
+			expectedArgs: []any{
+				time.Date(2026, 3, 10, 0, 0, 0, 0, time.UTC),
+				time.Date(2026, 3, 20, 0, 0, 0, 0, time.UTC),
+			},
+		},
+		{
+			subtestName:       "created_at >= IST timestamp",
+			dslQueryToCompile: `created_at >= '2026-03-10T05:30:00+05:30'`,
+			expectedSQL:       `dashboard.created_at >= ?`,
+			expectedArgs:      []any{time.Date(2026, 3, 10, 5, 30, 0, 0, ist)},
+		},
+	})
+}
+
+// Tag operators wrap each predicate in EXISTS / NOT EXISTS. Any non-reserved
+// key is a tag key — `team = 'pulse'` matches a tag with key=team value=pulse,
+// `tag = 'prod'` matches a tag with key=tag value=prod, and so on.
+func TestCompile_Tag(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "team = wraps in EXISTS",
+			dslQueryToCompile: `team = 'pulse'`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{kindArg, "team", "pulse"},
+		},
+		{
+			subtestName:       "tag = is just a regular tag-key filter",
+			dslQueryToCompile: `tag = 'database'`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{kindArg, "tag", "database"},
+		},
+		{
+			subtestName:       "team != wraps in NOT EXISTS with positive inner",
+			dslQueryToCompile: `team != 'pulse'`,
+			expectedSQL: `
+				NOT EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{kindArg, "team", "pulse"},
+		},
+		{
+			subtestName:       "team IN — inner is single placeholder list on t.value",
+			dslQueryToCompile: `team IN ['pulse', 'events']`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value IN (?, ?)
+				)`,
+			expectedArgs: []any{kindArg, "team", "pulse", "events"},
+		},
+		{
+			subtestName:       "team NOT IN",
+			dslQueryToCompile: `team NOT IN ['pulse', 'events']`,
+			expectedSQL: `
+				NOT EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value IN (?, ?)
+				)`,
+			expectedArgs: []any{kindArg, "team", "pulse", "events"},
+		},
+		{
+			subtestName:       "team LIKE — wildcard on value",
+			dslQueryToCompile: `team LIKE 'pulse%'`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value LIKE ? ESCAPE '\'
+				)`,
+			expectedArgs: []any{kindArg, "team", "pulse%"},
+		},
+		{
+			subtestName:       "team NOT LIKE",
+			dslQueryToCompile: `team NOT LIKE 'staging%'`,
+			expectedSQL: `
+				NOT EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value LIKE ? ESCAPE '\'
+				)`,
+			expectedArgs: []any{kindArg, "team", "staging%"},
+		},
+		{
+			subtestName:       "database EXISTS — asserts a tag with key=database is present",
+			dslQueryToCompile: `database EXISTS`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+				)`,
+			expectedArgs: []any{kindArg, "database"},
+		},
+		{
+			subtestName:       "database NOT EXISTS",
+			dslQueryToCompile: `database NOT EXISTS`,
+			expectedSQL: `
+				NOT EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+				)`,
+			expectedArgs: []any{kindArg, "database"},
+		},
+		{
+			subtestName:       "tag-key matching is case-insensitive — TEAM lowercased",
+			dslQueryToCompile: `TEAM = 'pulse'`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{kindArg, "team", "pulse"},
+		},
+	})
+}
+
+func TestCompile_BooleanComposition(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "AND chain — flat arg list",
+			dslQueryToCompile: `locked = true AND created_by = 'a@b.com'`,
+			expectedSQL:       `dashboard.locked = ? AND dashboard.created_by = ?`,
+			expectedArgs:      []any{true, "a@b.com"},
+		},
+		{
+			subtestName:       "OR chain",
+			dslQueryToCompile: `locked = true OR created_by = 'a@b.com'`,
+			expectedSQL:       `dashboard.locked = ? OR dashboard.created_by = ?`,
+			expectedArgs:      []any{true, "a@b.com"},
+		},
+		{
+			subtestName:       "parens preserve precedence",
+			dslQueryToCompile: `(locked = true OR locked = false) AND created_by = 'a@b.com'`,
+			expectedSQL:       `(dashboard.locked = ? OR dashboard.locked = ?) AND dashboard.created_by = ?`,
+			expectedArgs:      []any{true, false, "a@b.com"},
+		},
+	})
+}
+
+// Distinct from operator-suffix negation (NOT IN / NOT LIKE / NOT EXISTS).
+// Driven by the unaryExpression rule (`NOT? primary`), so NOT binds to
+// exactly one primary and only widens via parens.
+func TestCompile_NOT(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "NOT on a single comparison",
+			dslQueryToCompile: `NOT name = 'foo'`,
+			expectedSQL:       `NOT (json_extract("dashboard"."data", '$.spec.display.name') = ?)`,
+			expectedArgs:      []any{"foo"},
+		},
+		{
+			subtestName:       "NOT binds tightly to its primary in an AND chain",
+			dslQueryToCompile: `NOT name = 'foo' AND created_by = 'alice'`,
+			expectedSQL:       `NOT (json_extract("dashboard"."data", '$.spec.display.name') = ?) AND dashboard.created_by = ?`,
+			expectedArgs:      []any{"foo", "alice"},
+		},
+		{
+			subtestName:       "NOT applied to the second term in an AND chain",
+			dslQueryToCompile: `locked = true AND NOT name = 'foo'`,
+			expectedSQL:       `dashboard.locked = ? AND NOT (json_extract("dashboard"."data", '$.spec.display.name') = ?)`,
+			expectedArgs:      []any{true, "foo"},
+		},
+		{
+			subtestName:       "NOT around a parenthesized OR",
+			dslQueryToCompile: `NOT (locked = true OR created_by = 'a@b.com')`,
+			expectedSQL:       `NOT ((dashboard.locked = ? OR dashboard.created_by = ?))`,
+			expectedArgs:      []any{true, "a@b.com"},
+		},
+		{
+			subtestName:       "double NOT via parens",
+			dslQueryToCompile: `NOT (NOT name = 'foo')`,
+			expectedSQL:       `NOT (NOT (json_extract("dashboard"."data", '$.spec.display.name') = ?))`,
+			expectedArgs:      []any{"foo"},
+		},
+		{
+			subtestName:       "NOT on a tag equality",
+			dslQueryToCompile: `NOT team = 'pulse'`,
+			expectedSQL: `
+				NOT (
+					EXISTS (
+						SELECT 1 FROM tag_relation tr
+						JOIN tag t ON t.id = tr.tag_id
+						WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+						AND LOWER(t.key) = LOWER(?)
+						AND t.value = ?
+					)
+				)`,
+			expectedArgs: []any{kindArg, "team", "pulse"},
+		},
+		{
+			subtestName:       "NOT team = ... AND name = ...",
+			dslQueryToCompile: `NOT team = 'pulse' AND name = 'overview'`,
+			expectedSQL: `
+				NOT (
+					EXISTS (
+						SELECT 1 FROM tag_relation tr
+						JOIN tag t ON t.id = tr.tag_id
+						WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+						AND LOWER(t.key) = LOWER(?)
+						AND t.value = ?
+					)
+				)
+				AND json_extract("dashboard"."data", '$.spec.display.name') = ?`,
+			expectedArgs: []any{kindArg, "team", "pulse", "overview"},
+		},
+	})
+}
+
+func TestCompile_ComplexExamples(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:       "name CONTAINS + tag LIKE + created_by + database =",
+			dslQueryToCompile: `name CONTAINS 'overview' AND tag LIKE 'prod%' AND created_by = 'naman.verma@signoz.io' AND database = 'mongo'`,
+			expectedSQL: `
+				json_extract("dashboard"."data", '$.spec.display.name') LIKE ? ESCAPE '\'
+				AND EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value LIKE ? ESCAPE '\'
+				)
+				AND dashboard.created_by = ?
+				AND EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value = ?
+				)`,
+			expectedArgs: []any{"%overview%", kindArg, "tag", "prod%", "naman.verma@signoz.io", kindArg, "database", "mongo"},
+		},
+		{
+			subtestName:       "team IN AND database EXISTS",
+			dslQueryToCompile: `team IN ['pulse', 'events'] AND database EXISTS`,
+			expectedSQL: `
+				EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+					AND t.value IN (?, ?)
+				)
+				AND EXISTS (
+					SELECT 1 FROM tag_relation tr
+					JOIN tag t ON t.id = tr.tag_id
+					WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+					AND LOWER(t.key) = LOWER(?)
+				)`,
+			expectedArgs: []any{kindArg, "team", "pulse", "events", kindArg, "database"},
+		},
+		{
+			subtestName:       "nested OR / AND with parens",
+			dslQueryToCompile: `(database IN ['sql', 'redis', 'mongo'] OR name LIKE '%database%') AND (team = 'pulse' OR name LIKE '%pulse%')`,
+			expectedSQL: `
+				(
+					EXISTS (
+						SELECT 1 FROM tag_relation tr
+						JOIN tag t ON t.id = tr.tag_id
+						WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+						AND LOWER(t.key) = LOWER(?)
+						AND t.value IN (?, ?, ?)
+					)
+					OR json_extract("dashboard"."data", '$.spec.display.name') LIKE ? ESCAPE '\'
+				)
+				AND (
+					EXISTS (
+						SELECT 1 FROM tag_relation tr
+						JOIN tag t ON t.id = tr.tag_id
+						WHERE tr.kind = ? AND tr.resource_id = dashboard.id
+						AND LOWER(t.key) = LOWER(?)
+						AND t.value = ?
+					)
+					OR json_extract("dashboard"."data", '$.spec.display.name') LIKE ? ESCAPE '\'
+				)`,
+			expectedArgs: []any{kindArg, "database", "sql", "redis", "mongo", "%database%", kindArg, "team", "pulse", "%pulse%"},
+		},
+	})
+}
+
+func TestCompile_Rejections(t *testing.T) {
+	runCompileCases(t, []compileCase{
+		{
+			subtestName:              "rejects op outside per-reserved-key allowlist",
+			dslQueryToCompile:        `name BETWEEN 'a' AND 'z'`,
+			expectedErrShouldContain: "operator",
+		},
+		{
+			subtestName:              "rejects BETWEEN on a tag key",
+			dslQueryToCompile:        `team BETWEEN 'a' AND 'z'`,
+			expectedErrShouldContain: "operator",
+		},
+		{
+			subtestName:              "rejects non-bool on locked",
+			dslQueryToCompile:        `locked = 'yes'`,
+			expectedErrShouldContain: "boolean",
+		},
+		{
+			subtestName:              "rejects non-RFC3339 timestamp",
+			dslQueryToCompile:        `created_at >= 'not-a-date'`,
+			expectedErrShouldContain: "RFC3339",
+		},
+		{
+			subtestName:              "rejects REGEXP — not yet supported",
+			dslQueryToCompile:        `name REGEXP '.*'`,
+			expectedErrShouldContain: "REGEXP",
+		},
+		{
+			subtestName:              "rejects syntax error from grammar",
+			dslQueryToCompile:        `name = `,
+			expectedErrShouldContain: "syntax",
+		},
+	})
+}
+
+func formatter(t *testing.T) sqlstore.SQLFormatter {
+	t.Helper()
+	p := sqlstoretest.New(sqlstore.Config{Provider: "sqlite"}, sqlmock.QueryMatcherEqual)
+	return p.Formatter()
+}
+
+func normalizeSQL(s string) string {
+	s = strings.Join(strings.Fields(s), " ")
+	s = strings.ReplaceAll(s, "( ", "(")
+	s = strings.ReplaceAll(s, " )", ")")
+	return s
+}

pkg/types/dashboardtypes/listfilter/visitor.go

@@ -0,0 +1,603 @@
+package listfilter
+
+import (
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/parser/filterquery"
+	grammar "github.com/SigNoz/signoz/pkg/parser/filterquery/grammar"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	qbtypesv5 "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/antlr4-go/antlr/v4"
+	sqlbuilder "github.com/huandu/go-sqlbuilder"
+)
+
+// bunPlaceholderFlavor is any flavor that renders `?` placeholders, which bun
+// re-binds to the actual backend (e.g. `$1` for Postgres) at query time.
+const bunPlaceholderFlavor = sqlbuilder.SQLite
+
+type visitor struct {
+	grammar.BaseFilterQueryVisitor
+	selectBuilder *sqlbuilder.SelectBuilder
+	formatter     sqlstore.SQLFormatter
+	errors        []string
+}
+
+func newVisitor(formatter sqlstore.SQLFormatter) *visitor {
+	return &visitor{
+		selectBuilder: sqlbuilder.NewSelectBuilder(),
+		formatter:     formatter,
+	}
+}
+
+// compile turns the parse tree into `?`-placeholder WHERE SQL + arguments for bun.
+func (v *visitor) compile(query string) (string, []any, []string) {
+	tree, _, collector := filterquery.Parse(query)
+	if len(collector.Errors) > 0 {
+		return "", nil, collector.Errors
+	}
+	condition, _ := v.visit(tree).(string)
+	if condition == "" {
+		return "", nil, nil
+	}
+	whereExpression := stripOuterParens(condition)
+	sql, arguments := v.selectBuilder.Args.CompileWithFlavor(whereExpression, bunPlaceholderFlavor)
+	return sql, arguments, nil
+}
+
+func (v *visitor) visit(tree antlr.ParseTree) any {
+	if tree == nil {
+		return nil
+	}
+	return tree.Accept(v)
+}
+
+// ════════════════════════════════════════════════════════════════════════
+// methods from grammar.BaseFilterQueryVisitor that are overridden
+// ════════════════════════════════════════════════════════════════════════
+
+func (v *visitor) VisitQuery(ctx *grammar.QueryContext) any {
+	return v.visit(ctx.Expression())
+}
+
+func (v *visitor) VisitExpression(ctx *grammar.ExpressionContext) any {
+	return v.visit(ctx.OrExpression())
+}
+
+func (v *visitor) VisitOrExpression(ctx *grammar.OrExpressionContext) any {
+	parts := ctx.AllAndExpression()
+	conditions := make([]string, 0, len(parts))
+	for _, part := range parts {
+		if condition, ok := v.visit(part).(string); ok && condition != "" {
+			conditions = append(conditions, condition)
+		}
+	}
+	switch len(conditions) {
+	case 0:
+		return ""
+	case 1:
+		return conditions[0]
+	default:
+		return v.selectBuilder.Or(conditions...)
+	}
+}
+
+func (v *visitor) VisitAndExpression(ctx *grammar.AndExpressionContext) any {
+	parts := ctx.AllUnaryExpression()
+	conditions := make([]string, 0, len(parts))
+	for _, part := range parts {
+		if condition, ok := v.visit(part).(string); ok && condition != "" {
+			conditions = append(conditions, condition)
+		}
+	}
+	switch len(conditions) {
+	case 0:
+		return ""
+	case 1:
+		return conditions[0]
+	default:
+		return v.selectBuilder.And(conditions...)
+	}
+}
+
+func (v *visitor) VisitUnaryExpression(ctx *grammar.UnaryExpressionContext) any {
+	condition, _ := v.visit(ctx.Primary()).(string)
+	if condition == "" {
+		return ""
+	}
+	if ctx.NOT() != nil {
+		return fmt.Sprintf("NOT (%s)", condition)
+	}
+	return condition
+}
+
+func (v *visitor) VisitPrimary(ctx *grammar.PrimaryContext) any {
+	if ctx.OrExpression() != nil {
+		return v.visit(ctx.OrExpression())
+	}
+	if ctx.Comparison() != nil {
+		return v.visit(ctx.Comparison())
+	}
+	// Bare keys, values, full text, and function calls are not part of the
+	// dashboard list DSL.
+	v.addError("unsupported expression %q — every term must be of the form `key OP value`", ctx.GetText())
+	return ""
+}
+
+// VisitComparison dispatches a single `key OP value` term. A key that matches
+// a reserved DSL key (name, description, etc.) becomes a column-level
+// predicate; any other identifier is treated as a tag key — the operator
+// applies to the tag's value, with a case-insensitive match on the tag's key.
+func (v *visitor) VisitComparison(ctx *grammar.ComparisonContext) any {
+	key := strings.ToLower(strings.TrimSpace(ctx.Key().GetText()))
+
+	operation, ok := v.extractOperation(ctx)
+	if !ok {
+		return ""
+	}
+
+	if allowedOperations, isReserved := reservedOps[dashboardtypes.DSLKey(key)]; isReserved {
+		return v.visitComparisonForReservedKeys(ctx, operation, dashboardtypes.DSLKey(key), allowedOperations)
+	}
+	return v.visitComparisonForTags(ctx, operation, key)
+}
+
+func (v *visitor) visitComparisonForReservedKeys(ctx *grammar.ComparisonContext, operation qbtypesv5.FilterOperator, key dashboardtypes.DSLKey, allowedOperations map[qbtypesv5.FilterOperator]struct{}) string {
+	if _, allowed := allowedOperations[operation]; !allowed {
+		v.addError("operator %s is not allowed for key %q", operationName(operation), key)
+		return ""
+	}
+	switch key {
+	case dashboardtypes.DSLKeyName:
+		return v.buildJSONStringComparison(ctx, operation, dashboardtypes.DSLKeyName, "$.spec.display.name")
+	case dashboardtypes.DSLKeyDescription:
+		return v.buildJSONStringComparison(ctx, operation, dashboardtypes.DSLKeyDescription, "$.spec.display.description")
+	case dashboardtypes.DSLKeyCreatedAt:
+		return v.buildTimestampComparison(ctx, operation, "dashboard.created_at")
+	case dashboardtypes.DSLKeyUpdatedAt:
+		return v.buildTimestampComparison(ctx, operation, "dashboard.updated_at")
+	case dashboardtypes.DSLKeyCreatedBy:
+		return v.buildStringComparison(ctx, operation, dashboardtypes.DSLKeyCreatedBy, "dashboard.created_by")
+	case dashboardtypes.DSLKeyLocked:
+		return v.buildBoolComparison(ctx, operation, "dashboard.locked")
+	}
+	v.addError("no handler for reserved key %q", key)
+	return ""
+}
+
+func (v *visitor) visitComparisonForTags(ctx *grammar.ComparisonContext, operation qbtypesv5.FilterOperator, tagKey string) string {
+	if _, allowed := tagKeyOps[operation]; !allowed {
+		v.addError("operator %s is not allowed on a tag-key filter", operationName(operation))
+		return ""
+	}
+	return v.buildTagComparison(ctx, operation, tagKey)
+}
+
+func (v *visitor) extractOperation(ctx *grammar.ComparisonContext) (qbtypesv5.FilterOperator, bool) {
+	// For operators that take an optional leading NOT, Inverse() maps each to
+	// its Not<X> counterpart.
+	maybeNot := func(operation qbtypesv5.FilterOperator) qbtypesv5.FilterOperator {
+		if ctx.NOT() != nil {
+			return operation.Inverse()
+		}
+		return operation
+	}
+	switch {
+	case ctx.EQUALS() != nil:
+		return qbtypesv5.FilterOperatorEqual, true
+	case ctx.NOT_EQUALS() != nil, ctx.NEQ() != nil:
+		return qbtypesv5.FilterOperatorNotEqual, true
+	case ctx.LT() != nil:
+		return qbtypesv5.FilterOperatorLessThan, true
+	case ctx.LE() != nil:
+		return qbtypesv5.FilterOperatorLessThanOrEq, true
+	case ctx.GT() != nil:
+		return qbtypesv5.FilterOperatorGreaterThan, true
+	case ctx.GE() != nil:
+		return qbtypesv5.FilterOperatorGreaterThanOrEq, true
+	case ctx.BETWEEN() != nil:
+		return maybeNot(qbtypesv5.FilterOperatorBetween), true
+	case ctx.LIKE() != nil:
+		return maybeNot(qbtypesv5.FilterOperatorLike), true
+	case ctx.ILIKE() != nil:
+		return maybeNot(qbtypesv5.FilterOperatorILike), true
+	case ctx.CONTAINS() != nil:
+		return maybeNot(qbtypesv5.FilterOperatorContains), true
+	case ctx.REGEXP() != nil:
+		return maybeNot(qbtypesv5.FilterOperatorRegexp), true
+	case ctx.InClause() != nil:
+		return qbtypesv5.FilterOperatorIn, true
+	case ctx.NotInClause() != nil:
+		return qbtypesv5.FilterOperatorNotIn, true
+	case ctx.EXISTS() != nil:
+		return maybeNot(qbtypesv5.FilterOperatorExists), true
+	}
+	v.addError("could not determine operator in expression %q", ctx.GetText())
+	return qbtypesv5.FilterOperatorUnknown, false
+}
+
+// ─── per-key emitters ────────────────────────────────────────────────────────
+
+func (v *visitor) buildJSONStringComparison(ctx *grammar.ComparisonContext, operation qbtypesv5.FilterOperator, key dashboardtypes.DSLKey, jsonPath string) string {
+	columnExpression := string(v.formatter.JSONExtractString("dashboard.data", jsonPath))
+	return v.buildStringOperation(v.selectBuilder, ctx, operation, columnExpression, string(key))
+}
+
+func (v *visitor) buildStringComparison(ctx *grammar.ComparisonContext, operation qbtypesv5.FilterOperator, key dashboardtypes.DSLKey, columnExpression string) string {
+	return v.buildStringOperation(v.selectBuilder, ctx, operation, columnExpression, string(key))
+}
+
+// buildStringOperation covers all the operators the spec allows on text-shaped keys
+// (name, description, created_by, and a tag's value). Placeholders are interned
+// into builder — the outer builder for column predicates, the subquery builder for
+// tag-value predicates — so nested EXISTS arguments thread correctly.
+func (v *visitor) buildStringOperation(builder *sqlbuilder.SelectBuilder, ctx *grammar.ComparisonContext, operation qbtypesv5.FilterOperator, columnExpression, keyForError string) string {
+	switch operation {
+	case qbtypesv5.FilterOperatorEqual:
+		val, ok := v.extractSingleStringValue(ctx, keyForError)
+		if !ok {
+			return ""
+		}
+		return builder.Equal(columnExpression, val)
+	case qbtypesv5.FilterOperatorNotEqual:
+		val, ok := v.extractSingleStringValue(ctx, keyForError)
+		if !ok {
+			return ""
+		}
+		return builder.NotEqual(columnExpression, val)
+	case qbtypesv5.FilterOperatorLike, qbtypesv5.FilterOperatorNotLike:
+		val, ok := v.extractSingleStringValue(ctx, keyForError)
+		if !ok {
+			return ""
+		}
+		like := "LIKE"
+		if operation == qbtypesv5.FilterOperatorNotLike {
+			like = "NOT LIKE"
+		}
+		// The user's % and _ stay as wildcards; ESCAPE pins backslash as the escape
+		// char so a literal `\` in the pattern is read the same on both dialects —
+		// Postgres defaults to `\`, SQLite has no default escape.
+		return fmt.Sprintf("%s %s %s ESCAPE '\\'", columnExpression, like, builder.Var(val))
+	case qbtypesv5.FilterOperatorILike, qbtypesv5.FilterOperatorNotILike:
+		val, ok := v.extractSingleStringValue(ctx, keyForError)
+		if !ok {
+			return ""
+		}
+		// SQLite has no ILIKE keyword and Postgres LIKE is case-sensitive — emit
+		// LOWER(col) LIKE LOWER(?) so behavior is identical on both dialects. ESCAPE
+		// pins backslash as the escape char (Postgres default; SQLite has none).
+		lowerColumn := string(v.formatter.LowerExpression(columnExpression))
+		like := "LIKE"
+		if operation == qbtypesv5.FilterOperatorNotILike {
+			like = "NOT LIKE"
+		}
+		return fmt.Sprintf("%s %s LOWER(%s) ESCAPE '\\'", lowerColumn, like, builder.Var(val))
+	case qbtypesv5.FilterOperatorContains, qbtypesv5.FilterOperatorNotContains:
+		val, ok := v.extractSingleStringValue(ctx, keyForError)
+		if !ok {
+			return ""
+		}
+		like := "LIKE"
+		if operation == qbtypesv5.FilterOperatorNotContains {
+			like = "NOT LIKE"
+		}
+		// Escape the user's % and _ so they match literally, then wrap in wildcards.
+		// ESCAPE declares the backslash we just injected as the escape char — needed
+		// on SQLite (no default) and a harmless restatement of the Postgres default.
+		escaped := strings.NewReplacer(`\`, `\\`, `%`, `\%`, `_`, `\_`).Replace(val)
+		return fmt.Sprintf("%s %s %s ESCAPE '\\'", columnExpression, like, builder.Var("%"+escaped+"%"))
+	case qbtypesv5.FilterOperatorRegexp, qbtypesv5.FilterOperatorNotRegexp:
+		v.addError("REGEXP filtering on %q is not yet supported", keyForError)
+		return ""
+	case qbtypesv5.FilterOperatorIn, qbtypesv5.FilterOperatorNotIn:
+		values, ok := v.extractStringValueList(ctx, keyForError)
+		if !ok {
+			return ""
+		}
+		arguments := make([]any, len(values))
+		for i, s := range values {
+			arguments[i] = s
+		}
+		if operation == qbtypesv5.FilterOperatorNotIn {
+			return builder.NotIn(columnExpression, arguments...)
+		}
+		return builder.In(columnExpression, arguments...)
+	}
+	v.addError("operator %s on %q is not implemented", operationName(operation), keyForError)
+	return ""
+}
+
+func (v *visitor) buildTimestampComparison(ctx *grammar.ComparisonContext, operation qbtypesv5.FilterOperator, columnExpression string) string {
+	switch operation {
+	case qbtypesv5.FilterOperatorEqual, qbtypesv5.FilterOperatorNotEqual,
+		qbtypesv5.FilterOperatorLessThan, qbtypesv5.FilterOperatorLessThanOrEq,
+		qbtypesv5.FilterOperatorGreaterThan, qbtypesv5.FilterOperatorGreaterThanOrEq:
+		t, ok := v.extractSingleTimestampValue(ctx)
+		if !ok {
+			return ""
+		}
+		switch operation {
+		case qbtypesv5.FilterOperatorEqual:
+			return v.selectBuilder.Equal(columnExpression, t)
+		case qbtypesv5.FilterOperatorNotEqual:
+			return v.selectBuilder.NotEqual(columnExpression, t)
+		case qbtypesv5.FilterOperatorLessThan:
+			return v.selectBuilder.LessThan(columnExpression, t)
+		case qbtypesv5.FilterOperatorLessThanOrEq:
+			return v.selectBuilder.LessEqualThan(columnExpression, t)
+		case qbtypesv5.FilterOperatorGreaterThan:
+			return v.selectBuilder.GreaterThan(columnExpression, t)
+		case qbtypesv5.FilterOperatorGreaterThanOrEq:
+			return v.selectBuilder.GreaterEqualThan(columnExpression, t)
+		}
+	case qbtypesv5.FilterOperatorBetween, qbtypesv5.FilterOperatorNotBetween:
+		timestamps, ok := v.extractTwoTimestampValues(ctx)
+		if !ok {
+			return ""
+		}
+		if operation == qbtypesv5.FilterOperatorNotBetween {
+			return v.selectBuilder.NotBetween(columnExpression, timestamps[0], timestamps[1])
+		}
+		return v.selectBuilder.Between(columnExpression, timestamps[0], timestamps[1])
+	}
+	v.addError("operator %s on timestamp is not implemented", operationName(operation))
+	return ""
+}
+
+func (v *visitor) buildBoolComparison(ctx *grammar.ComparisonContext, operation qbtypesv5.FilterOperator, columnExpression string) string {
+	b, ok := v.extractSingleBoolValue(ctx)
+	if !ok {
+		return ""
+	}
+	if operation == qbtypesv5.FilterOperatorNotEqual {
+		return v.selectBuilder.NotEqual(columnExpression, b)
+	}
+	return v.selectBuilder.Equal(columnExpression, b)
+}
+
+func (v *visitor) buildTagComparison(ctx *grammar.ComparisonContext, operation qbtypesv5.FilterOperator, tagKey string) string {
+	subqueryBuilder := sqlbuilder.NewSelectBuilder()
+
+	if operation == qbtypesv5.FilterOperatorExists || operation == qbtypesv5.FilterOperatorNotExists {
+		buildSubqueryForTagKey(subqueryBuilder, tagKey)
+	} else {
+		// All other tag operators take the positive form of the value predicate
+		// and toggle the EXISTS wrapper for negation. Inverse() flips Not<X> → <X>.
+		positiveOperation := operation
+		if operation.IsNegativeOperator() {
+			positiveOperation = operation.Inverse()
+		}
+		valuePredicate := v.buildStringOperation(subqueryBuilder, ctx, positiveOperation, "t.value", tagKey)
+		if valuePredicate == "" {
+			return ""
+		}
+		buildSubqueryForTagKeyAndValue(subqueryBuilder, tagKey, valuePredicate)
+	}
+
+	if operation.IsNegativeOperator() {
+		return v.selectBuilder.NotExists(subqueryBuilder)
+	}
+	return v.selectBuilder.Exists(subqueryBuilder)
+}
+
+func buildSubqueryForTagKey(subqueryBuilder *sqlbuilder.SelectBuilder, tagKey string) *sqlbuilder.SelectBuilder {
+	const dashboardTagKind = `"dashboard"`
+
+	return subqueryBuilder.
+		Select("1").
+		From("tag_relation tr").
+		Join("tag t", "t.id = tr.tag_id").
+		Where(
+			subqueryBuilder.Equal("tr.kind", dashboardTagKind),
+			"tr.resource_id = dashboard.id",
+			"LOWER(t.key) = LOWER("+subqueryBuilder.Var(tagKey)+")",
+		)
+}
+
+func buildSubqueryForTagKeyAndValue(subqueryBuilder *sqlbuilder.SelectBuilder, tagKey, valuePredicate string) *sqlbuilder.SelectBuilder {
+	return buildSubqueryForTagKey(subqueryBuilder, tagKey).Where(valuePredicate)
+}
+
+// ─── value extraction helpers ───────────────────────────────────────────────
+
+func (v *visitor) addError(format string, arguments ...any) {
+	v.errors = append(v.errors, fmt.Sprintf(format, arguments...))
+}
+
+func (v *visitor) extractSingleStringValue(ctx *grammar.ComparisonContext, keyForError string) (string, bool) {
+	values := ctx.AllValue()
+	if len(values) != 1 {
+		v.addError("expected exactly one value for %q", keyForError)
+		return "", false
+	}
+	return v.extractStringValue(values[0], keyForError)
+}
+
+func (v *visitor) extractSingleBoolValue(ctx *grammar.ComparisonContext) (bool, bool) {
+	values := ctx.AllValue()
+	if len(values) != 1 {
+		v.addError("expected a single boolean (true/false)")
+		return false, false
+	}
+	return v.extractBoolValue(values[0])
+}
+
+func (v *visitor) extractSingleTimestampValue(ctx *grammar.ComparisonContext) (time.Time, bool) {
+	values := ctx.AllValue()
+	if len(values) != 1 {
+		v.addError("expected a single RFC3339 timestamp")
+		return time.Time{}, false
+	}
+	return v.extractTimestampValue(values[0])
+}
+
+func (v *visitor) extractTwoTimestampValues(ctx *grammar.ComparisonContext) ([2]time.Time, bool) {
+	values := ctx.AllValue()
+	if len(values) != 2 {
+		v.addError("BETWEEN expects two RFC3339 timestamps")
+		return [2]time.Time{}, false
+	}
+	a, ok1 := v.extractTimestampValue(values[0])
+	b, ok2 := v.extractTimestampValue(values[1])
+	if !ok1 || !ok2 {
+		return [2]time.Time{}, false
+	}
+	return [2]time.Time{a, b}, true
+}
+
+func (v *visitor) extractStringValueList(ctx *grammar.ComparisonContext, keyForError string) ([]string, bool) {
+	var valuesCtx []grammar.IValueContext
+	switch {
+	case ctx.InClause() != nil:
+		inClause := ctx.InClause()
+		if inClause.ValueList() != nil {
+			valuesCtx = inClause.ValueList().AllValue()
+		} else {
+			valuesCtx = []grammar.IValueContext{inClause.Value()}
+		}
+	case ctx.NotInClause() != nil:
+		notInClause := ctx.NotInClause()
+		if notInClause.ValueList() != nil {
+			valuesCtx = notInClause.ValueList().AllValue()
+		} else {
+			valuesCtx = []grammar.IValueContext{notInClause.Value()}
+		}
+	default:
+		v.addError("IN clause is missing for %q", keyForError)
+		return nil, false
+	}
+	if len(valuesCtx) == 0 {
+		v.addError("IN list for %q is empty", keyForError)
+		return nil, false
+	}
+	out := make([]string, 0, len(valuesCtx))
+	for _, valueContext := range valuesCtx {
+		s, ok := v.extractStringValue(valueContext, keyForError)
+		if !ok {
+			return nil, false
+		}
+		out = append(out, s)
+	}
+	return out, true
+}
+
+func (v *visitor) extractStringValue(ctx grammar.IValueContext, keyForError string) (string, bool) {
+	if ctx.QUOTED_TEXT() != nil {
+		return trimQuotes(ctx.QUOTED_TEXT().GetText()), true
+	}
+	if ctx.KEY() != nil {
+		// Bare tokens are accepted as strings, mirroring the FilterQuery lexer's
+		// treatment of unquoted identifiers on the value side.
+		return ctx.KEY().GetText(), true
+	}
+	v.addError("expected a string value for %q, got %q", keyForError, ctx.GetText())
+	return "", false
+}
+
+func (v *visitor) extractBoolValue(ctx grammar.IValueContext) (bool, bool) {
+	if ctx.BOOL() == nil {
+		v.addError("expected a boolean (true/false), got %q", ctx.GetText())
+		return false, false
+	}
+	return strings.EqualFold(ctx.BOOL().GetText(), "true"), true
+}
+
+func (v *visitor) extractTimestampValue(ctx grammar.IValueContext) (time.Time, bool) {
+	if ctx.QUOTED_TEXT() == nil {
+		v.addError("expected an RFC3339 timestamp string, got %q", ctx.GetText())
+		return time.Time{}, false
+	}
+	raw := trimQuotes(ctx.QUOTED_TEXT().GetText())
+	t, err := time.Parse(time.RFC3339, raw)
+	if err != nil {
+		v.addError("invalid RFC3339 timestamp %q: %s", raw, err.Error())
+		return time.Time{}, false
+	}
+	return t, true
+}
+
+// ─── operator spelling ───────────────────────────────────────────────────────
+
+// operationName returns the user-facing spelling of a FilterOperator, used only in
+// error messages — go-sqlbuilder's Cond helpers emit the SQL keywords.
+func operationName(operation qbtypesv5.FilterOperator) string {
+	switch operation {
+	case qbtypesv5.FilterOperatorEqual:
+		return "="
+	case qbtypesv5.FilterOperatorNotEqual:
+		return "!="
+	case qbtypesv5.FilterOperatorLessThan:
+		return "<"
+	case qbtypesv5.FilterOperatorLessThanOrEq:
+		return "<="
+	case qbtypesv5.FilterOperatorGreaterThan:
+		return ">"
+	case qbtypesv5.FilterOperatorGreaterThanOrEq:
+		return ">="
+	case qbtypesv5.FilterOperatorBetween:
+		return "BETWEEN"
+	case qbtypesv5.FilterOperatorNotBetween:
+		return "NOT BETWEEN"
+	case qbtypesv5.FilterOperatorLike:
+		return "LIKE"
+	case qbtypesv5.FilterOperatorNotLike:
+		return "NOT LIKE"
+	case qbtypesv5.FilterOperatorILike:
+		return "ILIKE"
+	case qbtypesv5.FilterOperatorNotILike:
+		return "NOT ILIKE"
+	case qbtypesv5.FilterOperatorContains:
+		return "CONTAINS"
+	case qbtypesv5.FilterOperatorNotContains:
+		return "NOT CONTAINS"
+	case qbtypesv5.FilterOperatorRegexp:
+		return "REGEXP"
+	case qbtypesv5.FilterOperatorNotRegexp:
+		return "NOT REGEXP"
+	case qbtypesv5.FilterOperatorIn:
+		return "IN"
+	case qbtypesv5.FilterOperatorNotIn:
+		return "NOT IN"
+	case qbtypesv5.FilterOperatorExists:
+		return "EXISTS"
+	case qbtypesv5.FilterOperatorNotExists:
+		return "NOT EXISTS"
+	}
+	return "?"
+}
+
+func trimQuotes(s string) string {
+	if len(s) >= 2 {
+		if (s[0] == '"' && s[len(s)-1] == '"') || (s[0] == '\'' && s[len(s)-1] == '\'') {
+			s = s[1 : len(s)-1]
+		}
+	}
+	s = strings.ReplaceAll(s, `\\`, `\`)
+	s = strings.ReplaceAll(s, `\'`, `'`)
+	return s
+}
+
+// stripOuterParens drops the single redundant enclosing pair that
+// go-sqlbuilder's top-level And/Or wraps the whole expression in, so the
+// emitted WHERE reads cleanly. It only strips when the first `(` matches the
+// final `)` — `NOT (...)` or `(a) AND (b)` are left untouched.
+func stripOuterParens(s string) string {
+	if len(s) < 2 || s[0] != '(' || s[len(s)-1] != ')' {
+		return s
+	}
+	depth := 0
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '(':
+			depth++
+		case ')':
+			depth--
+			if depth == 0 && i != len(s)-1 {
+				return s
+			}
+		}
+	}
+	return s[1 : len(s)-1]
+}

pkg/types/dashboardtypes/perses_dashboard.go

@@ -31,7 +31,7 @@ const (
 	DSLKeyUpdatedAt   DSLKey = "updated_at"
 	DSLKeyCreatedBy   DSLKey = "created_by"
 	DSLKeyLocked      DSLKey = "locked"
-	DSLKeyPublic      DSLKey = "public"
+	DSLKeySource      DSLKey = "source"
 )
 
 // reservedDSLKeys are dashboard column-level filter names in the list-query DSL.
@@ -44,7 +44,7 @@ var reservedDSLKeys = map[DSLKey]struct{}{
 	DSLKeyUpdatedAt:   {},
 	DSLKeyCreatedBy:   {},
 	DSLKeyLocked:      {},
-	DSLKeyPublic:      {},
+	DSLKeySource:      {},
 }
 
 type DashboardV2 struct {
@@ -110,6 +110,16 @@ func (d *DashboardV2) LockUnlock(lock bool, isAdmin bool, updatedBy string) erro
 	return nil
 }
 
+func (d *DashboardV2) CanDelete() error {
+	if d.Locked {
+		return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "cannot delete a locked dashboard, please unlock the dashboard to delete")
+	}
+	if d.Source == SourceSystem {
+		return errors.Newf(errors.TypeInvalidInput, ErrCodeDashboardImmutable, "system dashboards cannot be deleted")
+	}
+	return nil
+}
+
 type DashboardV2MetadataBase struct {
 	SchemaVersion string `json:"schemaVersion" required:"true"`
 	Image         string `json:"image,omitempty"`

pkg/types/dashboardtypes/store.go

@@ -32,4 +32,18 @@ type Store interface {
 	DeletePublic(context.Context, string) error
 
 	RunInTx(context.Context, func(context.Context) error) error
+
+	// ════════════════════════════════════════════════════════════════════════
+	// v2 dashboard methods
+	// ════════════════════════════════════════════════════════════════════════
+
+	// int64 return is the total row count for the filter (pre-limit/offset),
+	ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *ListDashboardsV2Params) ([]*DashboardListRow, int64, error)
+
+	// Returns ErrCodePinnedDashboardLimitHit when the user is at MaxPinnedDashboardsPerUser.
+	PinForUser(ctx context.Context, preference *UserDashboardPreference) error
+
+	UnpinForUser(ctx context.Context, userID valuer.UUID, dashboardID valuer.UUID) error
+
+	DeletePreferencesForDashboard(ctx context.Context, dashboardID valuer.UUID) error
 }

pkg/types/dashboardtypes/user_dashboard_preference.go

@@ -0,0 +1,30 @@
+package dashboardtypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+)
+
+const MaxPinnedDashboardsPerUser = 10
+
+var ErrCodePinnedDashboardLimitHit = errors.MustNewCode("pinned_dashboard_limit_hit")
+
+// Only the pin is tracked for now; more preferences can be added later.
+type UserDashboardPreference struct {
+	bun.BaseModel `bun:"table:user_dashboard_preference,alias:user_dashboard_preference"`
+
+	UserID      valuer.UUID `bun:"user_id,pk,type:text"`
+	DashboardID valuer.UUID `bun:"dashboard_id,pk,type:text"`
+	OrgID       valuer.UUID `bun:"org_id,type:text,notnull"`
+	IsPinned    bool        `bun:"is_pinned,notnull,default:false"`
+}
+
+func NewUserDashboardPreference(orgID, userID, dashboardID valuer.UUID) *UserDashboardPreference {
+	return &UserDashboardPreference{
+		UserID:      userID,
+		DashboardID: dashboardID,
+		OrgID:       orgID,
+		IsPinned:    true,
+	}
+}

pkg/types/spantypes/flamegraph_span.go

@@ -1,102 +0,0 @@
-package spantypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
-)
-
-type FlamegraphSpan struct {
-	SpanID       string            `json:"spanId" required:"true"`
-	ParentSpanID string            `json:"parentSpanId" required:"true"`
-	Timestamp    uint64            `json:"timestamp" required:"true"`
-	DurationNano uint64            `json:"durationNano" required:"true"`
-	HasError     bool              `json:"hasError" required:"true"`
-	Name         string            `json:"name" required:"true"`
-	Level        int64             `json:"level" required:"true"`
-	Events       []Event           `json:"event" required:"true" nullable:"false"`
-	Attributes   map[string]any    `json:"attributes" required:"true" nullable:"false"`
-	Resource     map[string]string `json:"resource" required:"true" nullable:"false"`
-	Children     []*FlamegraphSpan `json:"-"` // internal tree use only
-}
-
-// FlamegraphLevel groups span IDs at a single level within the selected window.
-type FlamegraphLevel struct {
-	Level   int64
-	SpanIDs []string
-}
-
-type PostableFlamegraph struct {
-	SelectedSpanID string                             `json:"selectedSpanId"`
-	SelectFields   []telemetrytypes.TelemetryFieldKey `json:"selectFields,omitempty"`
-}
-
-// GettableFlamegraphTrace is the response for the v3 flamegraph API.
-type GettableFlamegraphTrace struct {
-	Spans                [][]*FlamegraphSpan `json:"spans" required:"true" nullable:"false"`
-	StartTimestampMillis int64               `json:"startTimestampMillis" required:"true"`
-	EndTimestampMillis   int64               `json:"endTimestampMillis" required:"true"`
-	HasMore              bool                `json:"hasMore" required:"true"`
-}
-
-func NewGettableFlamegraphTrace(spans [][]*FlamegraphSpan, startMs, endMs int64, hasMore bool) *GettableFlamegraphTrace {
-	return &GettableFlamegraphTrace{
-		Spans:                spans,
-		StartTimestampMillis: startMs,
-		EndTimestampMillis:   endMs,
-		HasMore:              hasMore,
-	}
-}
-
-func NewFlamegraphSpanFromStorable(s *StorableSpan, level int64, selectFields []telemetrytypes.TelemetryFieldKey) *FlamegraphSpan {
-	span := &FlamegraphSpan{
-		SpanID:       s.SpanID,
-		ParentSpanID: s.ParentSpanID,
-		Timestamp:    uint64(s.StartTime.UnixNano()),
-		DurationNano: s.DurationNano,
-		HasError:     s.HasError,
-		Name:         s.Name,
-		Level:        level,
-		Events:       s.UnmarshalledEvents(),
-		Attributes:   make(map[string]any),
-		Resource:     make(map[string]string),
-	}
-	if len(selectFields) == 0 {
-		return span
-	}
-	for _, field := range selectFields {
-		switch field.FieldContext {
-		case telemetrytypes.FieldContextResource:
-			if v, ok := s.ResourcesString[field.Name]; ok && v != "" {
-				span.Resource[field.Name] = v
-			}
-		case telemetrytypes.FieldContextAttribute:
-			if v := s.AttributeValue(field.Name); v != nil {
-				span.Attributes[field.Name] = v
-			}
-		}
-	}
-	return span
-}
-
-func NewMissingParentFlamegraphSpan(node *FlamegraphSpan) *FlamegraphSpan {
-	return &FlamegraphSpan{
-		SpanID:       node.ParentSpanID,
-		Name:         "Missing Span",
-		Timestamp:    node.Timestamp,
-		DurationNano: node.DurationNano,
-		Events:       []Event{},
-		Children:     []*FlamegraphSpan{node},
-	}
-}
-
-// FlamegraphWindowSpanIDs collects all span IDs from a level window into a flat slice.
-func FlamegraphWindowSpanIDs(window []FlamegraphLevel) []string {
-	total := 0
-	for _, lvl := range window {
-		total += len(lvl.SpanIDs)
-	}
-	ids := make([]string, 0, total)
-	for _, lvl := range window {
-		ids = append(ids, lvl.SpanIDs...)
-	}
-	return ids
-}

pkg/types/spantypes/flamegraph_trace.go

@@ -1,111 +0,0 @@
-package spantypes
-
-import (
-	"sort"
-
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
-)
-
-// FlamegraphTrace holds the level wise tree built from minimal spans.
-type FlamegraphTrace struct {
-	roots     []*FlamegraphSpan
-	nodeByID  map[string]*FlamegraphSpan
-	startTime uint64
-	endTime   uint64
-}
-
-func NewFlamegraphTraceFromMinimal(spans []MinimalSpan) *FlamegraphTrace {
-	t := &FlamegraphTrace{
-		nodeByID: make(map[string]*FlamegraphSpan, len(spans)),
-	}
-	for i := range spans {
-		node := spans[i].ToFlamegraphSpan()
-		t.updateTimeRange(node.Timestamp, node.DurationNano)
-		t.nodeByID[node.SpanID] = node
-	}
-	t.buildSpanTree()
-	return t
-}
-
-func NewFlamegraphTraceFromStorable(spans []StorableSpan, selectFields []telemetrytypes.TelemetryFieldKey) *FlamegraphTrace {
-	t := &FlamegraphTrace{
-		nodeByID: make(map[string]*FlamegraphSpan, len(spans)),
-	}
-	for i := range spans {
-		node := NewFlamegraphSpanFromStorable(&spans[i], 0, selectFields) // level is set later by BFS
-		t.updateTimeRange(node.Timestamp, node.DurationNano)
-		t.nodeByID[node.SpanID] = node
-	}
-	t.buildSpanTree()
-	return t
-}
-
-func (t *FlamegraphTrace) GetAllLevels() [][]*FlamegraphSpan {
-	return nil
-}
-
-// GetSelectedLevels returns the window of levels around selectedSpanID with sampling applied to dense levels.
-func (t *FlamegraphTrace) GetSelectedLevels(selectedSpanID string, levelLimit, spansPerLevel, topLatencyCount, bucketCount int) []FlamegraphLevel {
-	return nil
-}
-
-func (t *FlamegraphTrace) EnrichSelectedSpans(selectedSpans []FlamegraphLevel, fullSpans []StorableSpan, selectFields []telemetrytypes.TelemetryFieldKey) [][]*FlamegraphSpan {
-	fullByID := make(map[string]*StorableSpan, len(fullSpans))
-	for i := range fullSpans {
-		fullByID[fullSpans[i].SpanID] = &fullSpans[i]
-	}
-
-	result := make([][]*FlamegraphSpan, len(selectedSpans))
-	for i, lvl := range selectedSpans {
-		result[i] = make([]*FlamegraphSpan, 0, len(lvl.SpanIDs))
-		for _, spanID := range lvl.SpanIDs {
-			if full, ok := fullByID[spanID]; ok {
-				result[i] = append(result[i], NewFlamegraphSpanFromStorable(full, lvl.Level, selectFields))
-			} else if lean, ok := t.nodeByID[spanID]; ok {
-				result[i] = append(result[i], lean)
-			}
-		}
-	}
-	return result
-}
-
-func (t *FlamegraphTrace) updateTimeRange(timestamp, durationNano uint64) {
-	if t.startTime == 0 || timestamp < t.startTime {
-		t.startTime = timestamp
-	}
-	if end := timestamp + durationNano; end > t.endTime {
-		t.endTime = end
-	}
-}
-
-func (t *FlamegraphTrace) buildSpanTree() {
-	for _, node := range t.nodeByID {
-		if node.ParentSpanID != "" {
-			if parent, ok := t.nodeByID[node.ParentSpanID]; ok {
-				parent.Children = append(parent.Children, node)
-			} else {
-				missing := NewMissingParentFlamegraphSpan(node)
-				t.nodeByID[missing.SpanID] = missing
-				t.roots = append(t.roots, missing)
-			}
-		} else if flamegraphSpanIndex(t.roots, node.SpanID) == -1 {
-			t.roots = append(t.roots, node)
-		}
-	}
-
-	sort.Slice(t.roots, func(i, j int) bool {
-		if t.roots[i].Timestamp == t.roots[j].Timestamp {
-			return t.roots[i].SpanID < t.roots[j].SpanID
-		}
-		return t.roots[i].Timestamp < t.roots[j].Timestamp
-	})
-}
-
-func flamegraphSpanIndex(spans []*FlamegraphSpan, spanID string) int {
-	for i, s := range spans {
-		if s.SpanID == spanID {
-			return i
-		}
-	}
-	return -1
-}

pkg/types/spantypes/store.go

@@ -30,7 +30,6 @@ type TraceStore interface {
 	GetTraceSpans(ctx context.Context, traceID string, summary *TraceSummary) ([]StorableSpan, error)
 	GetMinimalSpans(ctx context.Context, traceID string, start, end time.Time) ([]MinimalSpan, error)
 	GetTraceSpansByIDs(ctx context.Context, traceID string, start, end time.Time, spanIDs []string) ([]StorableSpan, error)
-	GetFlamegraphSpans(ctx context.Context, traceID string, start, end time.Time, spanIDs []string) ([]StorableSpan, error)
 
 	GetSpanCountByField(ctx context.Context, traceID string, summary *TraceSummary, fieldKey telemetrytypes.TelemetryFieldKey) (map[string]uint64, error)
 	GetSpanDurationByField(ctx context.Context, traceID string, summary *TraceSummary, fieldKey telemetrytypes.TelemetryFieldKey) (map[string]uint64, error)

pkg/types/spantypes/waterfall_span.go

@@ -164,17 +164,6 @@ func (item *MinimalSpan) ToWaterfallSpan(traceID string) *WaterfallSpan {
 	}
 }
 
-func (item *MinimalSpan) ToFlamegraphSpan() *FlamegraphSpan {
-	return &FlamegraphSpan{
-		SpanID:       item.SpanID,
-		ParentSpanID: item.ParentSpanID,
-		Timestamp:    uint64(item.StartTime.UnixNano()),
-		DurationNano: item.DurationNano,
-		HasError:     item.HasError,
-		Children:     make([]*FlamegraphSpan, 0),
-	}
-}
-
 // NewMissingWaterfallSpan creates a synthetic placeholder span for a parent that has no recorded data.
 func NewMissingWaterfallSpan(spanID, traceID string, timeUnixNano, durationNano uint64) *WaterfallSpan {
 	return &WaterfallSpan{
@@ -278,19 +267,6 @@ func (ws *WaterfallSpan) getPathToSelectedSpanID(selectedSpanID string) ([]strin
 	return nil, false
 }
 
-func (item *StorableSpan) AttributeValue(name string) any {
-	if v, ok := item.AttributesString[name]; ok {
-		return v
-	}
-	if v, ok := item.AttributesNumber[name]; ok {
-		return v
-	}
-	if v, ok := item.AttributesBool[name]; ok {
-		return v
-	}
-	return nil
-}
-
 func (item *StorableSpan) Attributes() map[string]any {
 	attributes := make(map[string]any, len(item.AttributesString)+len(item.AttributesNumber)+len(item.AttributesBool))
 	for k, v := range item.AttributesString {
@@ -320,7 +296,7 @@ func (item *StorableSpan) UnmarshalledEvents() []Event {
 func (item *StorableSpan) UnmarshalledRefs() []OtelSpanRef {
 	refs := []OtelSpanRef{}
 	if err := json.Unmarshal([]byte(item.References), &refs); err != nil {
-		return []OtelSpanRef{} // skip malformed values
+		return nil // skip malformed values
 	}
 	return refs
 }

pkg/types/tagtypes/tag.go

@@ -43,7 +43,7 @@ type PostableTag struct {
 	Value string `json:"value" required:"true"`
 }
 
-type GettableTag = PostableTag
+type GettableTag PostableTag
 
 func NewGettableTagFromTag(tag *Tag) *GettableTag {
 	return &GettableTag{Key: tag.Key, Value: tag.Value}

tests/fixtures/auth.py

@@ -56,18 +56,11 @@ def _login(signoz: types.SigNoz, email: str, password: str) -> str:
     return login.json()["data"]["accessToken"]
 
 
-def register_admin(
-    signoz: types.SigNoz,
-    request: pytest.FixtureRequest,
-    pytestconfig: pytest.Config,
-    cache_key: str = "create_user_admin",
-    base_path: str = "",
-) -> types.Operation:
-    """Register the first admin (creates the org), under base_path. Reuse-wrapped."""
-
-    def create() -> types.Operation:
+@pytest.fixture(name="create_user_admin", scope="package")
+def create_user_admin(signoz: types.SigNoz, request: pytest.FixtureRequest, pytestconfig: pytest.Config) -> types.Operation:
+    def create() -> None:
         response = requests.post(
-            signoz.self.host_configs["8080"].get(f"{base_path}/api/v1/register"),
+            signoz.self.host_configs["8080"].get("/api/v1/register"),
             json={
                 "name": USER_ADMIN_NAME,
                 "orgName": "",
@@ -90,7 +83,7 @@ def register_admin(
     return reuse.wrap(
         request,
         pytestconfig,
-        cache_key,
+        "create_user_admin",
         lambda: types.Operation(name=""),
         create,
         delete,
@@ -98,86 +91,86 @@ def register_admin(
     )
 
 
-@pytest.fixture(name="create_user_admin", scope="package")
-def create_user_admin(signoz: types.SigNoz, request: pytest.FixtureRequest, pytestconfig: pytest.Config) -> types.Operation:
-    return register_admin(signoz, request, pytestconfig)
-
-
-def session_context_getter(signoz: types.SigNoz, base_path: str = "") -> Callable[[str], dict]:
-    """Build a callable that fetches the session context for an email (under base_path)."""
-
-    def fetch_session_context(email: str) -> dict:
+@pytest.fixture(name="get_session_context", scope="function")
+def get_session_context(signoz: types.SigNoz) -> Callable[[str, str], str]:
+    def _get_session_context(email: str) -> str:
         response = requests.get(
-            signoz.self.host_configs["8080"].get(f"{base_path}/api/v2/sessions/context"),
-            params={"email": email, "ref": f"{signoz.self.host_configs['8080'].base()}"},
+            signoz.self.host_configs["8080"].get("/api/v2/sessions/context"),
+            params={
+                "email": email,
+                "ref": f"{signoz.self.host_configs['8080'].base()}",
+            },
             timeout=5,
         )
+
         assert response.status_code == HTTPStatus.OK
         return response.json()["data"]
 
-    return fetch_session_context
-
-
-@pytest.fixture(name="get_session_context", scope="function")
-def get_session_context(signoz: types.SigNoz) -> Callable[[str], dict]:
-    return session_context_getter(signoz)
-
-
-def token_getter(signoz: types.SigNoz, base_path: str = "") -> Callable[[str, str], str]:
-    """Build a callable that logs in (email/password) and returns the access token (under base_path)."""
-
-    def fetch_token(email: str, password: str) -> str:
-        context = requests.get(
-            signoz.self.host_configs["8080"].get(f"{base_path}/api/v2/sessions/context"),
-            params={"email": email, "ref": f"{signoz.self.host_configs['8080'].base()}"},
-            timeout=5,
-        )
-        assert context.status_code == HTTPStatus.OK
-        org_id = context.json()["data"]["orgs"][0]["id"]
-
-        login = requests.post(
-            signoz.self.host_configs["8080"].get(f"{base_path}/api/v2/sessions/email_password"),
-            json={"email": email, "password": password, "orgId": org_id},
-            timeout=5,
-        )
-        assert login.status_code == HTTPStatus.OK
-        return login.json()["data"]["accessToken"]
-
-    return fetch_token
+    return _get_session_context
 
 
 @pytest.fixture(name="get_token", scope="function")
 def get_token(signoz: types.SigNoz) -> Callable[[str, str], str]:
-    return token_getter(signoz)
-
-
-def tokens_getter(signoz: types.SigNoz, base_path: str = "") -> Callable[[str, str], tuple[str, str]]:
-    """Build a callable that logs in and returns the (access, refresh) token pair (under base_path)."""
-
-    def fetch_tokens(email: str, password: str) -> tuple[str, str]:
-        context = requests.get(
-            signoz.self.host_configs["8080"].get(f"{base_path}/api/v2/sessions/context"),
-            params={"email": email, "ref": f"{signoz.self.host_configs['8080'].base()}"},
+    def _get_token(email: str, password: str) -> str:
+        response = requests.get(
+            signoz.self.host_configs["8080"].get("/api/v2/sessions/context"),
+            params={
+                "email": email,
+                "ref": f"{signoz.self.host_configs['8080'].base()}",
+            },
             timeout=5,
         )
-        assert context.status_code == HTTPStatus.OK
-        org_id = context.json()["data"]["orgs"][0]["id"]
 
-        login = requests.post(
-            signoz.self.host_configs["8080"].get(f"{base_path}/api/v2/sessions/email_password"),
-            json={"email": email, "password": password, "orgId": org_id},
+        assert response.status_code == HTTPStatus.OK
+        org_id = response.json()["data"]["orgs"][0]["id"]
+
+        response = requests.post(
+            signoz.self.host_configs["8080"].get("/api/v2/sessions/email_password"),
+            json={
+                "email": email,
+                "password": password,
+                "orgId": org_id,
+            },
             timeout=5,
         )
-        assert login.status_code == HTTPStatus.OK
-        data = login.json()["data"]
-        return data["accessToken"], data["refreshToken"]
 
-    return fetch_tokens
+        assert response.status_code == HTTPStatus.OK
+        return response.json()["data"]["accessToken"]
+
+    return _get_token
 
 
 @pytest.fixture(name="get_tokens", scope="function")
 def get_tokens(signoz: types.SigNoz) -> Callable[[str, str], tuple[str, str]]:
-    return tokens_getter(signoz)
+    def _get_tokens(email: str, password: str) -> str:
+        response = requests.get(
+            signoz.self.host_configs["8080"].get("/api/v2/sessions/context"),
+            params={
+                "email": email,
+                "ref": f"{signoz.self.host_configs['8080'].base()}",
+            },
+            timeout=5,
+        )
+
+        assert response.status_code == HTTPStatus.OK
+        org_id = response.json()["data"]["orgs"][0]["id"]
+
+        response = requests.post(
+            signoz.self.host_configs["8080"].get("/api/v2/sessions/email_password"),
+            json={
+                "email": email,
+                "password": password,
+                "orgId": org_id,
+            },
+            timeout=5,
+        )
+
+        assert response.status_code == HTTPStatus.OK
+        access_token = response.json()["data"]["accessToken"]
+        refresh_token = response.json()["data"]["refreshToken"]
+        return access_token, refresh_token
+
+    return _get_tokens
 
 
 @pytest.fixture(name="apply_license", scope="package")
@@ -277,7 +270,6 @@ def add_license(
     signoz: types.SigNoz,
     make_http_mocks: Callable[[types.TestContainerDocker, list[Mapping]], None],
     get_token: Callable[[str, str], str],  # pylint: disable=redefined-outer-name
-    base_path: str = "",
 ) -> None:
     make_http_mocks(
         signoz.zeus,
@@ -316,7 +308,7 @@ def add_license(
     access_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
 
     response = requests.post(
-        url=signoz.self.host_configs["8080"].get(f"{base_path}/api/v3/licenses"),
+        url=signoz.self.host_configs["8080"].get("/api/v3/licenses"),
         json={"key": "secret-key"},
         headers={"Authorization": "Bearer " + access_token},
         timeout=5,

tests/integration/tests/basepath/01_oidc.py

@@ -1,126 +0,0 @@
-from collections.abc import Callable
-from http import HTTPStatus
-from urllib.parse import urlparse
-
-import requests
-from selenium import webdriver
-from wiremock.resources.mappings import Mapping
-
-from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD, add_license, assert_user_has_role
-from fixtures.types import Operation, SigNoz, TestContainerDocker, TestContainerIDP
-
-# SigNoz is served under /signoz, so the OIDC callback registered with the IdP
-# must include the prefix to match the backend-generated redirect URI.
-BASE_PATH = "/signoz"
-OIDC_CALLBACK_PATH = f"{BASE_PATH}/api/v1/complete/oidc"
-
-
-def test_apply_license(
-    signoz: SigNoz,
-    create_user_admin: Operation,  # pylint: disable=unused-argument
-    make_http_mocks: Callable[[TestContainerDocker, list[Mapping]], None],
-    get_token: Callable[[str, str], str],
-) -> None:
-    """
-    Applies a license to the signoz instance. add_license is a plain function
-    called from the test (function scope), so the function-scoped make_http_mocks
-    fixture is safe to use; base_path prefixes the licensing API call.
-    """
-    add_license(signoz, make_http_mocks, get_token, base_path=BASE_PATH)
-
-
-def test_create_auth_domain(
-    signoz: SigNoz,
-    idp: TestContainerIDP,  # pylint: disable=unused-argument
-    create_oidc_client: Callable[[str, str], None],
-    get_oidc_settings: Callable[[str], dict],
-    get_token: Callable[[str, str], str],
-) -> None:
-    """
-    Creates an OIDC auth domain in SigNoz served under a base path. The callback
-    registered with the IdP carries the /signoz prefix.
-    """
-    client_id = f"oidc.basepath.test.{signoz.self.host_configs['8080'].address}:{signoz.self.host_configs['8080'].port}"
-    # Create an oidc client in the idp with the prefixed callback.
-    create_oidc_client(client_id, OIDC_CALLBACK_PATH)
-
-    # Get the oidc settings from keycloak.
-    settings = get_oidc_settings(client_id)
-
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/signoz/api/v1/domains"),
-        json={
-            "name": "oidc.basepath.test",
-            "config": {
-                "ssoEnabled": True,
-                "ssoType": "oidc",
-                "oidcConfig": {
-                    "clientId": settings["client_id"],
-                    "clientSecret": settings["client_secret"],
-                    # Change the hostname of the issuer to the internal resolvable hostname of the idp
-                    "issuer": f"{idp.container.container_configs['6060'].get(urlparse(settings['issuer']).path)}",
-                    "issuerAlias": settings["issuer"],
-                    "getUserInfo": True,
-                },
-            },
-        },
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-
-    assert response.status_code == HTTPStatus.CREATED
-
-
-def test_oidc_authn(
-    signoz: SigNoz,
-    idp: TestContainerIDP,
-    driver: webdriver.Chrome,
-    create_user_idp: Callable[[str, str, bool, str, str], None],
-    idp_login: Callable[[str, str], None],
-    get_token: Callable[[str, str], str],
-    get_session_context: Callable[[str], dict],
-) -> None:
-    """
-    Tests the OIDC authn flow when SigNoz is served under a base path. The login
-    URL the backend produces (and thus the IdP callback) carries the /signoz
-    prefix; the e2e browser login must complete and create the user.
-    """
-    # Create a user in the idp.
-    create_user_idp("viewer@oidc.basepath.test", "password123", True)
-
-    # Get the session context from signoz which will give the OIDC login URL.
-    session_context = get_session_context("viewer@oidc.basepath.test")
-
-    assert len(session_context["orgs"]) == 1
-    assert len(session_context["orgs"][0]["authNSupport"]["callback"]) == 1
-
-    url = session_context["orgs"][0]["authNSupport"]["callback"][0]["url"]
-
-    # change the url to the external resolvable hostname of the idp
-    parsed_url = urlparse(url)
-    actual_url = f"{idp.container.host_configs['6060'].get(parsed_url.path)}?{parsed_url.query}"
-
-    driver.get(actual_url)
-    idp_login("viewer@oidc.basepath.test", "password123")
-
-    # Assert that the user was created in signoz (lookup under the base path).
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    users = requests.get(
-        signoz.self.host_configs["8080"].get("/signoz/api/v2/users"),
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=5,
-    )
-    assert users.status_code == HTTPStatus.OK, users.text
-    user = next((u for u in users.json()["data"] if u["email"] == "viewer@oidc.basepath.test"), None)
-    assert user is not None, "User with email 'viewer@oidc.basepath.test' not found"
-
-    user_with_roles = requests.get(
-        signoz.self.host_configs["8080"].get(f"/signoz/api/v2/users/{user['id']}"),
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=5,
-    )
-    assert user_with_roles.status_code == HTTPStatus.OK, user_with_roles.text
-    assert_user_has_role(user_with_roles.json()["data"], "signoz-viewer")

tests/integration/tests/basepath/02_saml.py

@@ -1,117 +0,0 @@
-from collections.abc import Callable
-from http import HTTPStatus
-
-import requests
-from selenium import webdriver
-from wiremock.resources.mappings import Mapping
-
-from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD, add_license, assert_user_has_role
-from fixtures.types import Operation, SigNoz, TestContainerDocker, TestContainerIDP
-
-# SigNoz is served under /signoz, so the SAML ACS registered with the IdP must
-# include the prefix to match the backend-generated AssertionConsumerServiceURL.
-BASE_PATH = "/signoz"
-SAML_CALLBACK_PATH = f"{BASE_PATH}/api/v1/complete/saml"
-
-
-def test_apply_license(
-    signoz: SigNoz,
-    create_user_admin: Operation,  # pylint: disable=unused-argument
-    make_http_mocks: Callable[[TestContainerDocker, list[Mapping]], None],
-    get_token: Callable[[str, str], str],
-) -> None:
-    """
-    Applies a license to the signoz instance. add_license is a plain function
-    called from the test (function scope), so the function-scoped make_http_mocks
-    fixture is safe to use; base_path prefixes the licensing API call.
-    """
-    add_license(signoz, make_http_mocks, get_token, base_path=BASE_PATH)
-
-
-def test_create_auth_domain(
-    signoz: SigNoz,
-    idp: TestContainerIDP,  # pylint: disable=unused-argument
-    create_saml_client: Callable[[str, str], None],
-    get_saml_settings: Callable[[], dict],
-    get_token: Callable[[str, str], str],
-) -> None:
-    """
-    Creates a SAML auth domain in SigNoz served under a base path. The ACS
-    registered with the IdP carries the /signoz prefix.
-    """
-    # Create a saml client in the idp with the prefixed ACS.
-    create_saml_client("saml.basepath.test", SAML_CALLBACK_PATH)
-
-    # Get the saml settings from keycloak.
-    settings = get_saml_settings()
-
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/signoz/api/v1/domains"),
-        json={
-            "name": "saml.basepath.test",
-            "config": {
-                "ssoEnabled": True,
-                "ssoType": "saml",
-                "samlConfig": {
-                    "samlEntity": settings["entityID"],
-                    "samlIdp": settings["singleSignOnServiceLocation"],
-                    "samlCert": settings["certificate"],
-                },
-            },
-        },
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=2,
-    )
-
-    assert response.status_code == HTTPStatus.CREATED
-
-
-def test_saml_authn(
-    signoz: SigNoz,
-    idp: TestContainerIDP,  # pylint: disable=unused-argument
-    driver: webdriver.Chrome,
-    create_user_idp: Callable[[str, str, bool, str, str], None],
-    idp_login: Callable[[str, str], None],
-    get_token: Callable[[str, str], str],
-    get_session_context: Callable[[str], dict],
-) -> None:
-    """
-    Tests the SAML authn flow when SigNoz is served under a base path. The
-    AssertionConsumerServiceURL in the AuthnRequest carries the /signoz prefix;
-    the e2e browser login must complete and create the user.
-    """
-    # Create a user in the idp.
-    create_user_idp("viewer@saml.basepath.test", "password", True)
-
-    # Get the session context from signoz which will give the SAML login URL.
-    session_context = get_session_context("viewer@saml.basepath.test")
-
-    assert len(session_context["orgs"]) == 1
-    assert len(session_context["orgs"][0]["authNSupport"]["callback"]) == 1
-
-    url = session_context["orgs"][0]["authNSupport"]["callback"][0]["url"]
-
-    driver.get(url)
-    idp_login("viewer@saml.basepath.test", "password")
-
-    # Assert that the user was created in signoz (lookup under the base path).
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    users = requests.get(
-        signoz.self.host_configs["8080"].get("/signoz/api/v2/users"),
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=5,
-    )
-    assert users.status_code == HTTPStatus.OK, users.text
-    user = next((u for u in users.json()["data"] if u["email"] == "viewer@saml.basepath.test"), None)
-    assert user is not None, "User with email 'viewer@saml.basepath.test' not found"
-
-    user_with_roles = requests.get(
-        signoz.self.host_configs["8080"].get(f"/signoz/api/v2/users/{user['id']}"),
-        headers={"Authorization": f"Bearer {admin_token}"},
-        timeout=5,
-    )
-    assert user_with_roles.status_code == HTTPStatus.OK, user_with_roles.text
-    assert_user_has_role(user_with_roles.json()["data"], "signoz-viewer")

tests/integration/tests/basepath/conftest.py

@@ -1,57 +0,0 @@
-from collections.abc import Callable
-
-import pytest
-from testcontainers.core.container import Network
-
-from fixtures import types
-from fixtures.auth import register_admin, session_context_getter, token_getter
-from fixtures.signoz import create_signoz
-
-# SigNoz is served under this URL path prefix for the base-path suite. The auth
-# helpers from fixtures/auth.py are reused via their factories with this prefix,
-# so these fixtures shadow the same-named root ones without duplicating logic.
-# Only the path component is read by global.ExternalPath(), which derives the
-# http.StripPrefix route prefix.
-BASE_PATH = "/signoz"
-
-
-@pytest.fixture(name="signoz", scope="package")
-def signoz_base_path(  # pylint: disable=too-many-arguments,too-many-positional-arguments
-    network: Network,
-    zeus: types.TestContainerDocker,
-    gateway: types.TestContainerDocker,
-    sqlstore: types.TestContainerSQL,
-    clickhouse: types.TestContainerClickhouse,
-    request: pytest.FixtureRequest,
-    pytestconfig: pytest.Config,
-) -> types.SigNoz:
-    """
-    Package-scoped SigNoz served under BASE_PATH. Sets SIGNOZ_GLOBAL_EXTERNAL__URL
-    with the prefix so the backend derives the http.StripPrefix route prefix.
-    """
-    return create_signoz(
-        network=network,
-        zeus=zeus,
-        gateway=gateway,
-        sqlstore=sqlstore,
-        clickhouse=clickhouse,
-        request=request,
-        pytestconfig=pytestconfig,
-        cache_key="signoz_base_path",
-        env_overrides={"SIGNOZ_GLOBAL_EXTERNAL__URL": f"http://localhost:8080{BASE_PATH}"},
-    )
-
-
-@pytest.fixture(name="create_user_admin", scope="package")
-def create_user_admin_base_path(signoz: types.SigNoz, request: pytest.FixtureRequest, pytestconfig: pytest.Config) -> types.Operation:
-    return register_admin(signoz, request, pytestconfig, cache_key="create_user_admin_base_path", base_path=BASE_PATH)
-
-
-@pytest.fixture(name="get_token", scope="function")
-def get_token(signoz: types.SigNoz) -> Callable[[str, str], str]:
-    return token_getter(signoz, BASE_PATH)
-
-
-@pytest.fixture(name="get_session_context", scope="function")
-def get_session_context(signoz: types.SigNoz) -> Callable[[str], dict]:
-    return session_context_getter(signoz, BASE_PATH)

tests/integration/tests/cloudintegrations/05_services.py

@@ -483,7 +483,7 @@ def test_enable_metrics_provisions_dashboards(
     assert isinstance(dashboards_in_service, list) and len(dashboards_in_service) > 0, "assets.dashboards should be non-empty after enabling metrics"
     provisioned_ids = set()
     for dash in dashboards_in_service:
-        assert "integrationDashboard" in dash, "Integration dashboard entry missing"
+        assert "integrationDashboard" in dash, f"Integration dashboard entry missing"
         try:
             uuid.UUID(dash["integrationDashboard"]["id"])
         except ValueError as err:

tests/integration/tests/dashboard/03_v2_dashboard.py

@@ -0,0 +1,654 @@
+import uuid
+from collections.abc import Callable
+from http import HTTPStatus
+
+import pytest
+import requests
+
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
+from fixtures.types import Operation, SigNoz
+
+# The v2 dashboard API. Request shape (current):
+#   {"schemaVersion": "v6", "name": "<dns-1123-label>",
+#    "spec": {"display": {"name": "<human name>"}},
+#    "tags": [{"key": "...", "value": "..."}]}
+# `name` is a DNS-1123 label identifier and is immutable after create;
+# `spec.display.name` is the human-facing title used for name-sort/name-filter.
+
+_BASE = "/api/v2/dashboards"
+_TIMEOUT = 5
+
+
+def _headers(token: str) -> dict:
+    return {"Authorization": f"Bearer {token}"}
+
+
+def _url(signoz: SigNoz, path: str = "") -> str:
+    return signoz.self.host_configs["8080"].get(f"{_BASE}{path}")
+
+
+def _create(signoz: SigNoz, token: str, body: dict) -> requests.Response:
+    return requests.post(_url(signoz), json=body, headers=_headers(token), timeout=_TIMEOUT)
+
+
+def _get(signoz: SigNoz, token: str, dashboard_id: str) -> requests.Response:
+    return requests.get(_url(signoz, f"/{dashboard_id}"), headers=_headers(token), timeout=_TIMEOUT)
+
+
+def _list(signoz: SigNoz, token: str, **params: object) -> requests.Response:
+    return requests.get(
+        _url(signoz),
+        params={k: v for k, v in params.items() if v is not None},
+        headers=_headers(token),
+        timeout=_TIMEOUT,
+    )
+
+
+def _update(signoz: SigNoz, token: str, dashboard_id: str, body: dict) -> requests.Response:
+    return requests.put(
+        _url(signoz, f"/{dashboard_id}"),
+        json=body,
+        headers=_headers(token),
+        timeout=_TIMEOUT,
+    )
+
+
+def _delete(signoz: SigNoz, token: str, dashboard_id: str) -> requests.Response:
+    return requests.delete(_url(signoz, f"/{dashboard_id}"), headers=_headers(token), timeout=_TIMEOUT)
+
+
+def _lock(signoz: SigNoz, token: str, dashboard_id: str, lock: bool) -> requests.Response:
+    method = requests.put if lock else requests.delete
+    return method(
+        _url(signoz, f"/{dashboard_id}/lock"),
+        headers=_headers(token),
+        timeout=_TIMEOUT,
+    )
+
+
+def _pin(signoz: SigNoz, token: str, dashboard_id: str, pin: bool) -> requests.Response:
+    method = requests.put if pin else requests.delete
+    return method(
+        _url(signoz, f"/{dashboard_id}/pins/me"),
+        headers=_headers(token),
+        timeout=_TIMEOUT,
+    )
+
+
+def _minimal_body(name: str, display: str, tags: list[dict] | None = None) -> dict:
+    return {
+        "schemaVersion": "v6",
+        "name": name,
+        "spec": {"display": {"name": display}},
+        "tags": tags or [],
+    }
+
+
+# ─── failure cases (create no dashboards) ────────────────────────────────────
+
+
+def test_create_rejects_wrong_schema_version(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _create(signoz, token, {})
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["status"] == "error"
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == 'schemaVersion must be "v6", got ""'
+
+
+def test_create_rejects_missing_name(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _create(signoz, token, {"schemaVersion": "v6"})
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    body = response.json()
+    assert body["error"]["code"] == "dashboard_invalid_input"
+    assert body["error"]["message"] == "name is required"
+
+
+def test_create_rejects_non_dns_name(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _create(signoz, token, _minimal_body(name="Not A Label", display="Not A Label"))
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    assert response.json()["error"]["code"] == "dashboard_invalid_input"
+
+
+def test_create_rejects_unknown_field(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    body = _minimal_body("rejects-unknown", "Rejects Unknown")
+    body["unknownfield"] = "boom"
+    response = _create(signoz, token, body)
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    assert response.json()["error"]["code"] == "dashboard_invalid_input"
+    assert "unknown field" in response.json()["error"]["message"]
+
+
+def test_create_rejects_reserved_tag_key(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    body = _minimal_body("rejects-reserved", "Rejects Reserved", [{"key": "source", "value": "x"}])
+    response = _create(signoz, token, body)
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    assert response.json()["error"]["code"] == "dashboard_invalid_input"
+
+
+def test_create_rejects_too_many_tags(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    tags = [{"key": f"k{i}", "value": "v"} for i in range(11)]
+    response = _create(signoz, token, _minimal_body("too-many-tags", "Too Many", tags))
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    assert response.json()["error"]["code"] == "dashboard_invalid_input"
+
+
+@pytest.mark.parametrize(
+    "params",
+    [
+        {"sort": "bogus"},
+        {"order": "bogus"},
+        {"limit": -1},
+        {"offset": -1},
+    ],
+)
+def test_list_rejects_invalid_params(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    params: dict,
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _list(signoz, token, **params)
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    assert response.json()["error"]["code"] == "dashboard_list_invalid"
+
+
+def test_get_rejects_malformed_id(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _get(signoz, token, "not-a-uuid")
+
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+
+
+def test_get_missing_dashboard_returns_not_found(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _get(signoz, token, str(uuid.uuid4()))
+
+    assert response.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_delete_missing_dashboard_returns_not_found(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _delete(signoz, token, str(uuid.uuid4()))
+
+    assert response.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_pin_missing_dashboard_returns_not_found(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+):
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = _pin(signoz, token, str(uuid.uuid4()), pin=True)
+
+    assert response.status_code == HTTPStatus.NOT_FOUND
+
+
+# ─── lifecycle ───────────────────────────────────────────────────────────────
+# A single end-to-end flow through create → get → list/filter/sort → pin →
+# update → lock → delete. Every fixture dashboard carries a unique suite marker
+# tag so list queries can be scoped server-side, isolating this test from any
+# other dashboards sharing the session DB.
+
+def _display_names(body: dict) -> list[str]:
+    return [d["spec"]["display"]["name"] for d in body["data"]["dashboards"]]
+
+
+def _delete_suite(signoz: SigNoz, token: str, suite_filter: str) -> None:
+    response = _list(signoz, token, query=suite_filter, limit=500)
+    if response.status_code != HTTPStatus.OK:
+        return
+    for dashboard in response.json()["data"]["dashboards"]:
+        _delete(signoz, token, dashboard["id"])
+
+
+def test_dashboard_v2_lifecycle(  # pylint: disable=too-many-locals,too-many-statements
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    request: pytest.FixtureRequest,
+):
+    suite_filter = "suite = 'lifecyclev2'"
+    suite_tag = {"key": "suite", "value": "lifecyclev2"}
+
+    def _scoped(query: str) -> str:
+        return f"({query}) AND {suite_filter}"
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    request.addfinalizer(lambda: _delete_suite(signoz, token, suite_filter))
+
+    fixtures = [
+        (
+            "lc-alpha",
+            "Alpha Overview",
+            [{"key": "team", "value": "pulse"}, {"key": "env", "value": "prod"}],
+        ),
+        (
+            "lc-beta",
+            "Beta Overview",
+            [{"key": "team", "value": "pulse"}, {"key": "env", "value": "dev"}],
+        ),
+        (
+            "lc-gamma",
+            "Gamma Storage",
+            [{"key": "team", "value": "storage"}, {"key": "env", "value": "prod"}],
+        ),
+        (
+            "lc-delta",
+            "Delta Storage",
+            [
+                {"key": "team", "value": "storage"},
+                {"key": "env", "value": "dev"},
+                {"key": "tier", "value": "critical"},
+            ],
+        ),
+        (
+            "lc-epsilon",
+            "Epsilon Metrics",
+            [
+                {"key": "team", "value": "metrics"},
+                {"key": "env", "value": "staging"},
+                {"key": "tier", "value": "critical"},
+            ],
+        ),
+        (
+            "lc-zeta",
+            "Zeta Overview",
+            [{"key": "team", "value": "pulse"}, {"key": "env", "value": "staging"}],
+        ),
+    ]
+
+    # ── stage 1: create ──────────────────────────────────────────────────────
+    ids: dict[str, str] = {}
+    for name, display, tags in fixtures:
+        response = _create(signoz, token, _minimal_body(name, display, [suite_tag, *tags]))
+        assert response.status_code == HTTPStatus.CREATED, response.text
+        ids[name] = response.json()["data"]["id"]
+
+    # TODO: re-enable once the dashboard name unique index lands — creating a
+    # second dashboard with an existing name should conflict (409). Until the
+    # index exists, duplicate names are silently allowed.
+    # response = _create(signoz, token, _minimal_body("lc-alpha", "Alpha Dupe"))
+    # assert response.status_code == HTTPStatus.CONFLICT, response.text
+
+    # ── stage 2: get one and verify the round-tripped shape ──────────────────
+    response = _get(signoz, token, ids["lc-alpha"])
+    assert response.status_code == HTTPStatus.OK, response.text
+    alpha = response.json()["data"]
+    assert alpha["id"] == ids["lc-alpha"]
+    assert alpha["name"] == "lc-alpha"
+    assert alpha["spec"]["display"]["name"] == "Alpha Overview"
+    assert alpha["schemaVersion"] == "v6"
+    assert alpha["source"] == "user"
+    assert alpha["locked"] is False
+    assert {"key": "team", "value": "pulse"} in alpha["tags"]
+
+    # ── stage 3: list everything in the suite ────────────────────────────────
+    response = _list(signoz, token, query=suite_filter, limit=200)
+    assert response.status_code == HTTPStatus.OK, response.text
+    body = response.json()
+    assert body["data"]["total"] == 6
+    assert set(_display_names(body)) == {
+        "Alpha Overview",
+        "Beta Overview",
+        "Gamma Storage",
+        "Delta Storage",
+        "Epsilon Metrics",
+        "Zeta Overview",
+    }
+
+    # ── stage 4: filter DSL ──────────────────────────────────────────────────
+    cases = [
+        (
+            "team = 'pulse'",
+            {"Alpha Overview", "Beta Overview", "Zeta Overview"},
+        ),
+        (
+            "env = 'prod'",
+            {"Alpha Overview", "Gamma Storage"},
+        ),
+        (
+            "name CONTAINS 'Overview'",
+            {"Alpha Overview", "Beta Overview", "Zeta Overview"},
+        ),
+        (
+            "env IN ['dev', 'test']",
+            {"Beta Overview", "Delta Storage"},
+        ),
+        (
+            "name LIKE 'Delta%'",
+            {"Delta Storage"},
+        ),
+        (
+            "team LIKE 'stor%'",
+            {"Gamma Storage", "Delta Storage"},
+        ),
+        (
+            "name ILIKE '%storage'",
+            {"Gamma Storage", "Delta Storage"},
+        ),
+        (
+            "name NOT CONTAINS 'Overview'",
+            {"Gamma Storage", "Delta Storage", "Epsilon Metrics"},
+        ),
+        (
+            "name NOT LIKE '%Storage'",
+            {
+                "Alpha Overview",
+                "Beta Overview",
+                "Epsilon Metrics",
+                "Zeta Overview",
+            },
+        ),
+        (
+            "name NOT ILIKE 'alpha%'",
+            {
+                "Beta Overview",
+                "Gamma Storage",
+                "Delta Storage",
+                "Epsilon Metrics",
+                "Zeta Overview",
+            },
+        ),
+        (
+            "team = 'pulse' AND env = 'prod'",
+            {"Alpha Overview"},
+        ),
+        (
+            "team = 'storage' OR env = 'staging'",
+            {
+                "Gamma Storage",
+                "Delta Storage",
+                "Epsilon Metrics",
+                "Zeta Overview",
+            },
+        ),
+        (
+            "tier EXISTS",
+            {"Delta Storage", "Epsilon Metrics"},
+        ),
+        (
+            "tier NOT EXISTS",
+            {
+                "Alpha Overview",
+                "Beta Overview",
+                "Gamma Storage",
+                "Zeta Overview",
+            },
+        ),
+        (
+            "NOT team = 'pulse'",
+            {"Gamma Storage", "Delta Storage", "Epsilon Metrics"},
+        ),
+        (
+            "(team = 'pulse' OR team = 'storage') AND env = 'prod'",
+            {"Alpha Overview", "Gamma Storage"},
+        ),
+        (
+            "NOT (team = 'storage' OR env = 'staging')",
+            {"Alpha Overview", "Beta Overview"},
+        ),
+        (
+            "team IN ['pulse', 'metrics'] AND tier EXISTS",
+            {"Epsilon Metrics"},
+        ),
+        (
+            "name CONTAINS 'Storage' AND env = 'dev'",
+            {"Delta Storage"},
+        ),
+    ]
+    for query, expected in cases:
+        response = _list(signoz, token, query=_scoped(query), limit=200)
+        assert response.status_code == HTTPStatus.OK, response.text
+        assert set(_display_names(response.json())) == expected, query
+
+    # ── stage 5: name sort honours order ─────────────────────────────────────
+    response = _list(signoz, token, query=suite_filter, sort="name", order="asc", limit=200)
+    assert _display_names(response.json()) == [
+        "Alpha Overview",
+        "Beta Overview",
+        "Delta Storage",
+        "Epsilon Metrics",
+        "Gamma Storage",
+        "Zeta Overview",
+    ]
+    response = _list(signoz, token, query=suite_filter, sort="name", order="desc", limit=200)
+    assert _display_names(response.json()) == [
+        "Zeta Overview",
+        "Gamma Storage",
+        "Epsilon Metrics",
+        "Delta Storage",
+        "Beta Overview",
+        "Alpha Overview",
+    ]
+
+    # ── stage 6: pinning floats a dashboard to the top of any ordering ───────
+    assert _pin(signoz, token, ids["lc-gamma"], pin=True).status_code == HTTPStatus.NO_CONTENT
+    response = _list(signoz, token, query=suite_filter, sort="name", order="asc", limit=200)
+    dashboards = response.json()["data"]["dashboards"]
+    assert dashboards[0]["name"] == "lc-gamma"
+    assert dashboards[0]["pinned"] is True
+    assert all(d["pinned"] is False for d in dashboards[1:])
+
+    # ── stage 7: unpinning restores the natural ordering ─────────────────────
+    assert _pin(signoz, token, ids["lc-gamma"], pin=False).status_code == HTTPStatus.NO_CONTENT
+    response = _list(signoz, token, query=suite_filter, sort="name", order="asc", limit=200)
+    assert _display_names(response.json()) == [
+        "Alpha Overview",
+        "Beta Overview",
+        "Delta Storage",
+        "Epsilon Metrics",
+        "Gamma Storage",
+        "Zeta Overview",
+    ]
+
+    # ── stage 8: update mutates the spec but keeps the immutable name ────────
+    update_body = _minimal_body(
+        "lc-alpha",
+        "Alpha Overview",
+        [
+            suite_tag,
+            {"key": "team", "value": "pulse"},
+            {"key": "env", "value": "prod"},
+        ],
+    )
+    update_body["spec"]["display"]["description"] = "now with a description"
+    response = _update(signoz, token, ids["lc-alpha"], update_body)
+    assert response.status_code == HTTPStatus.OK, response.text
+    response = _get(signoz, token, ids["lc-alpha"])
+    assert response.json()["data"]["spec"]["display"]["description"] == "now with a description"
+
+    # ── stage 9: a locked dashboard rejects updates until unlocked ───────────
+    assert _lock(signoz, token, ids["lc-beta"], lock=True).status_code == HTTPStatus.NO_CONTENT
+    beta_body = _minimal_body(
+        "lc-beta",
+        "Beta Overview",
+        [suite_tag, {"key": "team", "value": "pulse"}, {"key": "env", "value": "dev"}],
+    )
+    response = _update(signoz, token, ids["lc-beta"], beta_body)
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    assert _lock(signoz, token, ids["lc-beta"], lock=False).status_code == HTTPStatus.NO_CONTENT
+    assert _update(signoz, token, ids["lc-beta"], beta_body).status_code == HTTPStatus.OK
+
+    # ── stage 10: delete removes the dashboard from get and list ─────────────
+    assert _delete(signoz, token, ids["lc-gamma"]).status_code == HTTPStatus.NO_CONTENT
+    assert _get(signoz, token, ids["lc-gamma"]).status_code == HTTPStatus.NOT_FOUND
+    response = _list(signoz, token, query=suite_filter, limit=200)
+    assert response.json()["data"]["total"] == 5
+    assert set(_display_names(response.json())) == {
+        "Alpha Overview",
+        "Beta Overview",
+        "Delta Storage",
+        "Epsilon Metrics",
+        "Zeta Overview",
+    }
+
+def test_dashboard_v2_pin_limit(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    request: pytest.FixtureRequest,
+):
+    suite_filter = "suite = 'pinlimitv2'"
+    suite_tag = {"key": "suite", "value": "pinlimitv2"}
+    max_pinned = 10
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    request.addfinalizer(lambda: _delete_suite(signoz, token, suite_filter))
+
+    ids: list[str] = []
+    for i in range(max_pinned + 1):
+        response = _create(signoz, token, _minimal_body(f"pl-{i}", f"Pin Limit {i}", [suite_tag]))
+        assert response.status_code == HTTPStatus.CREATED, response.text
+        ids.append(response.json()["data"]["id"])
+
+    # pinning up to the limit succeeds
+    for dashboard_id in ids[:max_pinned]:
+        assert _pin(signoz, token, dashboard_id, pin=True).status_code == HTTPStatus.NO_CONTENT
+
+    # re-pinning an already-pinned dashboard is an idempotent no-op, even at the limit
+    assert _pin(signoz, token, ids[0], pin=True).status_code == HTTPStatus.NO_CONTENT
+
+    # the 11th distinct pin is rejected with the typed limit error
+    response = _pin(signoz, token, ids[max_pinned], pin=True)
+    assert response.status_code == HTTPStatus.CONFLICT, response.text
+    assert response.json()["error"]["code"] == "pinned_dashboard_limit_hit"
+
+    # unpinning frees a slot, so the previously-rejected dashboard can now be pinned
+    assert _pin(signoz, token, ids[0], pin=False).status_code == HTTPStatus.NO_CONTENT
+    assert _pin(signoz, token, ids[max_pinned], pin=True).status_code == HTTPStatus.NO_CONTENT
+
+
+# ─── LIKE escaping ───────────────────────────────────────────────────────────
+# Backslash is the LIKE escape character, declared explicitly via ESCAPE '\' on
+# every emitted LIKE/ILIKE. Postgres defaults to backslash; sqlite has no default
+# escape, so without the clause the two dialects disagree on any pattern carrying
+# a backslash. Two ways a backslash shows up: CONTAINS injects its own to escape
+# the user's % and _ (so `50%` matches literally), and LIKE/ILIKE pass through a
+# user-supplied `\%` / `\_`. These cases assert literal-match semantics so a
+# dialect that drops the escape fails here. Backslash-bearing queries use raw
+# python strings so the backslash reaches the DSL verbatim.
+
+def test_dashboard_v2_like_escaping(
+    signoz: SigNoz,
+    create_user_admin: Operation,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    request: pytest.FixtureRequest,
+):
+    suite_filter = "suite = 'likeescape'"
+    suite_tag = {"key": "suite", "value": "likeescape"}
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+    request.addfinalizer(lambda: _delete_suite(signoz, token, suite_filter))
+
+    fixtures = [
+        ("esc-pct", "Cost 50% Report"),
+        ("esc-pct-plain", "Cost 5000 Report"),
+        ("esc-underscore", "user_id panel"),
+        ("esc-underscore-wild", "userXid panel"),
+    ]
+    for name, display in fixtures:
+        response = _create(signoz, token, _minimal_body(name, display, [suite_tag]))
+        assert response.status_code == HTTPStatus.CREATED, response.text
+
+    cases = [
+        (
+            "name CONTAINS '50%'",
+            {"Cost 50% Report"},
+        ),
+        (
+            "name CONTAINS 'user_id'",
+            {"user_id panel"},
+        ),
+        (
+            "name NOT CONTAINS '50%'",
+            {"Cost 5000 Report", "user_id panel", "userXid panel"},
+        ),
+        (
+            r"name LIKE 'Cost 50\% Report'",
+            {"Cost 50% Report"},
+        ),
+        (
+            r"name ILIKE 'cost 50\% report'",
+            {"Cost 50% Report"},
+        ),
+        (
+            r"name LIKE 'user\_id panel'",
+            {"user_id panel"},
+        ),
+        (
+            r"name NOT LIKE 'user\_id panel'",
+            {"Cost 50% Report", "Cost 5000 Report", "userXid panel"},
+        ),
+    ]
+    for query, expected in cases:
+        response = _list(
+            signoz,
+            token,
+            query=f"({query}) AND {suite_filter}",
+            limit=200,
+        )
+        assert response.status_code == HTTPStatus.OK, response.text
+        assert set(_display_names(response.json())) == expected, query