Merge branch 'main' into fix/resource-query

fix: comment fixed
2026-05-14 22:20:31 +01:00 · 2026-05-14 17:00:31 +05:30 · 2026-05-14 16:59:00 +05:30 · 2026-05-14 16:58:27 +05:30 · 2026-05-14 16:48:32 +05:30 · 2026-05-14 16:47:03 +05:30
106 changed files with 12078 additions and 5259 deletions
--- a/cmd/authz.go
+++ b/cmd/authz.go
@@ -66,10 +66,9 @@ func runGenerateAuthz(_ context.Context) error {
 	registry := coretypes.NewRegistry()

 	allowedResources := map[string]bool{
-		coretypes.NewResourceRef(coretypes.ResourceServiceAccount).String():              true,
-		coretypes.NewResourceRef(coretypes.ResourceMetaResourcesServiceAccount).String(): true,
-		coretypes.NewResourceRef(coretypes.ResourceRole).String():                        true,
-		coretypes.NewResourceRef(coretypes.ResourceMetaResourcesRole).String():           true,
+		coretypes.NewResourceRef(coretypes.ResourceServiceAccount).String():        true,
+		coretypes.NewResourceRef(coretypes.ResourceRole).String():                  true,
+		coretypes.NewResourceRef(coretypes.ResourceMetaResourceFactorAPIKey).String(): true,
 	}

 	allowedTypes := map[string]bool{}
--- a/cmd/community/server.go
+++ b/cmd/community/server.go
@@ -29,7 +29,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
-	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/retention"
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
@@ -104,8 +103,8 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e

 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, authtypes.NewRegistry()), nil
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing, tagModule tag.Module) dashboard.Module {
-			return impldashboard.NewModule(impldashboard.NewStore(store), store, settings, analytics, orgGetter, queryParser, tagModule)
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing) dashboard.Module {
+			return impldashboard.NewModule(impldashboard.NewStore(store), settings, analytics, orgGetter, queryParser)
 		},
 		func(_ licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return noopgateway.NewProviderFactory()
--- a/cmd/enterprise/Dockerfile.with-web.integration
+++ b/cmd/enterprise/Dockerfile.with-web.integration
@@ -3,7 +3,7 @@ FROM node:22-bookworm AS build
 WORKDIR /opt/
 COPY ./frontend/ ./
 ENV NODE_OPTIONS=--max-old-space-size=8192
-RUN CI=1 npm i -g pnpm
+RUN CI=1 npm i -g pnpm@10
 RUN CI=1 pnpm install
 RUN CI=1 pnpm build

--- a/cmd/enterprise/server.go
+++ b/cmd/enterprise/server.go
@@ -48,7 +48,6 @@ import (
 	pkgcloudintegration "github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
-	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/retention"
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
@@ -152,8 +151,8 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 			}
 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, licensing, onBeforeRoleDelete, authtypes.NewRegistry()), nil
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing, tagModule tag.Module) dashboard.Module {
-			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), store, settings, analytics, orgGetter, queryParser, querier, licensing, tagModule)
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
+			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), settings, analytics, orgGetter, queryParser, querier, licensing)
 		},
 		func(licensing licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return httpgateway.NewProviderFactory(licensing)
--- a/docs/api/openapi.yml
+++ b/docs/api/openapi.yml
--- a/ee/authz/openfgaauthz/provider.go
+++ b/ee/authz/openfgaauthz/provider.go
@@ -87,7 +87,7 @@ func (provider *provider) BatchCheck(ctx context.Context, tupleReq map[string]*o
 }

 func (provider *provider) CheckTransactions(ctx context.Context, subject string, orgID valuer.UUID, transactions []*authtypes.Transaction) ([]*authtypes.TransactionWithAuthorization, error) {
-	tuples, err := authtypes.NewTuplesFromTransactions(transactions, subject, orgID)
+	tuples, correlations, err := authtypes.NewTuplesFromTransactionsWithCorrelations(transactions, subject, orgID)
 	if err != nil {
 		return nil, err
 	}
@@ -99,10 +99,21 @@ func (provider *provider) CheckTransactions(ctx context.Context, subject string,

 	results := make([]*authtypes.TransactionWithAuthorization, len(transactions))
 	for i, txn := range transactions {
-		result := batchResults[txn.ID.StringValue()]
+		txnID := txn.ID.StringValue()
+		authorized := batchResults[txnID].Authorized
+
+		if !authorized {
+			for _, correlationID := range correlations[txnID] {
+				if result, exists := batchResults[correlationID]; exists && result.Authorized {
+					authorized = true
+					break
+				}
+			}
+		}
+
 		results[i] = &authtypes.TransactionWithAuthorization{
 			Transaction: txn,
-			Authorized:  result.Authorized,
+			Authorized:  authorized,
 		}
 	}
 	return results, nil
--- a/ee/authz/openfgaschema/base.fga
+++ b/ee/authz/openfgaschema/base.fga
@@ -7,17 +7,27 @@ type organization

 type user
  relations
+    define create: [user, serviceaccount, role#assignee]
+    define list: [user, serviceaccount, role#assignee]
+
    define read: [user, serviceaccount, role#assignee]
    define update: [user, serviceaccount, role#assignee]
    define delete: [user, serviceaccount, role#assignee]
+
    define attach: [user, serviceaccount, role#assignee]
+    define detach: [user, serviceaccount, role#assignee]

 type serviceaccount
  relations
+    define create: [user, serviceaccount, role#assignee]
+    define list: [user, serviceaccount, role#assignee]
+
    define read: [user, serviceaccount, role#assignee]
    define update: [user, serviceaccount, role#assignee]
    define delete: [user, serviceaccount, role#assignee]
+
    define attach: [user, serviceaccount, role#assignee]
+    define detach: [user, serviceaccount, role#assignee]

 type anonymous

@@ -25,25 +35,28 @@ type role
  relations
    define assignee: [user, serviceaccount, anonymous]

+    define create: [user, serviceaccount, role#assignee]
+    define list: [user, serviceaccount, role#assignee]
+
    define read: [user, serviceaccount, role#assignee]
    define update: [user, serviceaccount, role#assignee]
    define delete: [user, serviceaccount, role#assignee]
-    define attach: [user, serviceaccount, role#assignee]

-type metaresources
+    define attach: [user, serviceaccount, role#assignee]
+    define detach: [user, serviceaccount, role#assignee]
+
+type metaresource
  relations
    define create: [user, serviceaccount, role#assignee]
    define list: [user, serviceaccount, role#assignee]

-type metaresource
-  relations
-      define read: [user, serviceaccount, anonymous, role#assignee]
-      define update: [user, serviceaccount, role#assignee]
-      define delete: [user, serviceaccount, role#assignee]
+    define read: [user, serviceaccount, anonymous, role#assignee]
+    define update: [user, serviceaccount, role#assignee]
+    define delete: [user, serviceaccount, role#assignee]

-      define block: [user, serviceaccount, role#assignee]
+    define block: [user, serviceaccount, role#assignee]


 type telemetryresource
  relations
-      define read: [user, serviceaccount, role#assignee]
+    define read: [user, serviceaccount, role#assignee]
--- a/ee/modules/dashboard/impldashboard/module.go
+++ b/ee/modules/dashboard/impldashboard/module.go
@@ -11,10 +11,8 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
@@ -32,9 +30,9 @@ type module struct {
 	licensing          licensing.Licensing
 }

-func NewModule(store dashboardtypes.Store, sqlstore sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing, tagModule tag.Module) dashboard.Module {
+func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
 	scopedProviderSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard")
-	pkgDashboardModule := pkgimpldashboard.NewModule(store, sqlstore, settings, analytics, orgGetter, queryParser, tagModule)
+	pkgDashboardModule := pkgimpldashboard.NewModule(store, settings, analytics, orgGetter, queryParser)

 	return &module{
 		pkgDashboardModule: pkgDashboardModule,
@@ -199,18 +197,6 @@ func (module *module) Create(ctx context.Context, orgID valuer.UUID, createdBy s
 	return module.pkgDashboardModule.Create(ctx, orgID, createdBy, creator, data)
 }

-func (module *module) CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error) {
-	return module.pkgDashboardModule.CreateV2(ctx, orgID, createdBy, creator, postable)
-}
-
-func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error) {
-	return module.pkgDashboardModule.GetV2(ctx, orgID, id)
-}
-
-func (module *module) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error) {
-	return module.pkgDashboardModule.UpdateV2(ctx, orgID, id, updatedBy, updateable)
-}
-
 func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.Dashboard, error) {
 	return module.pkgDashboardModule.Get(ctx, orgID, id)
 }
--- a/frontend/.npmrc
+++ b/frontend/.npmrc
@@ -1,4 +1,5 @@
 registry = 'https://registry.npmjs.org/'
+engine-strict=true

 public-hoist-pattern[]=@commitlint*
 public-hoist-pattern[]=commitlint
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -4,6 +4,7 @@
  "description": "",
  "type": "module",
  "scripts": {
+    "preinstall": "npx only-allow pnpm",
    "i18n:generate-hash": "node ./i18-generate-hash.cjs",
    "dev": "vite",
    "build": "vite build",
@@ -26,7 +27,8 @@
    "generate:api": "orval --config ./orval.config.ts && sh scripts/post-types-generation.sh"
  },
  "engines": {
-    "node": ">=22.0.0"
+    "node": ">=22.0.0",
+    "pnpm": ">=10.0.0 <11.0.0"
  },
  "author": "",
  "license": "ISC",
--- a/frontend/public/locales/en-GB/dashboard.json
+++ b/frontend/public/locales/en-GB/dashboard.json
@@ -26,5 +26,6 @@
 	"dashboard_unsave_changes": "There are unsaved changes in the Query builder, please stage and run the query or the changes will be lost. Press OK to discard.",
 	"dashboard_save_changes": "Your graph built with {{queryTag}} query will be saved. Press OK to confirm.",
 	"your_graph_build_with": "Your graph built with",
-	"dashboard_ok_confirm": "query will be saved. Press OK to confirm."
+	"dashboard_ok_confirm": "query will be saved. Press OK to confirm.",
+	"variable_name_already_exists": "Variable \"{{name}}\" already exists"
 }
--- a/frontend/public/locales/en/dashboard.json
+++ b/frontend/public/locales/en/dashboard.json
@@ -30,5 +30,6 @@
 	"dashboard_unsave_changes": "There are unsaved changes in the Query builder, please stage and run the query or the changes will be lost. Press OK to discard.",
 	"dashboard_save_changes": "Your graph built with {{queryTag}} query will be saved. Press OK to confirm.",
 	"your_graph_build_with": "Your graph built with",
-	"dashboard_ok_confirm": "query will be saved. Press OK to confirm."
+	"dashboard_ok_confirm": "query will be saved. Press OK to confirm.",
+	"variable_name_already_exists": "Variable \"{{name}}\" already exists"
 }
--- a/frontend/src/api/generated/services/dashboard/index.ts
+++ b/frontend/src/api/generated/services/dashboard/index.ts
@@ -18,15 +18,11 @@ import type {
 } from 'react-query';

 import type {
-	CreateDashboardV2201,
 	CreatePublicDashboard201,
 	CreatePublicDashboardPathParameters,
-	DashboardtypesPostableDashboardV2DTO,
 	DashboardtypesPostablePublicDashboardDTO,
 	DashboardtypesUpdatablePublicDashboardDTO,
 	DeletePublicDashboardPathParameters,
-	GetDashboardV2200,
-	GetDashboardV2PathParameters,
 	GetPublicDashboard200,
 	GetPublicDashboardData200,
 	GetPublicDashboardDataPathParameters,
@@ -34,8 +30,6 @@ import type {
 	GetPublicDashboardWidgetQueryRange200,
 	GetPublicDashboardWidgetQueryRangePathParameters,
 	RenderErrorResponseDTO,
-	UpdateDashboardV2200,
-	UpdateDashboardV2PathParameters,
 	UpdatePublicDashboardPathParameters,
 } from '../sigNoz.schemas';

@@ -640,289 +634,3 @@ export const invalidateGetPublicDashboardWidgetQueryRange = async (

 	return queryClient;
 };
-
-/**
- * This endpoint creates a v2-shape dashboard with structured metadata, a typed data tree, and resolved tags.
- * @summary Create dashboard (v2)
- */
-export const createDashboardV2 = (
-	dashboardtypesPostableDashboardV2DTO: BodyType<DashboardtypesPostableDashboardV2DTO>,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<CreateDashboardV2201>({
-		url: `/api/v2/dashboards`,
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		data: dashboardtypesPostableDashboardV2DTO,
-		signal,
-	});
-};
-
-export const getCreateDashboardV2MutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createDashboardV2>>,
-		TError,
-		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof createDashboardV2>>,
-	TError,
-	{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
-	TContext
-> => {
-	const mutationKey = ['createDashboardV2'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-			'mutationKey' in options.mutation &&
-			options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof createDashboardV2>>,
-		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> }
-	> = (props) => {
-		const { data } = props ?? {};
-
-		return createDashboardV2(data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type CreateDashboardV2MutationResult = NonNullable<
-	Awaited<ReturnType<typeof createDashboardV2>>
->;
-export type CreateDashboardV2MutationBody =
-	BodyType<DashboardtypesPostableDashboardV2DTO>;
-export type CreateDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Create dashboard (v2)
- */
-export const useCreateDashboardV2 = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof createDashboardV2>>,
-		TError,
-		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof createDashboardV2>>,
-	TError,
-	{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
-	TContext
-> => {
-	const mutationOptions = getCreateDashboardV2MutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
-/**
- * This endpoint returns a v2-shape dashboard with its tags and public sharing config (if any).
- * @summary Get dashboard (v2)
- */
-export const getDashboardV2 = (
-	{ id }: GetDashboardV2PathParameters,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<GetDashboardV2200>({
-		url: `/api/v2/dashboards/${id}`,
-		method: 'GET',
-		signal,
-	});
-};
-
-export const getGetDashboardV2QueryKey = ({
-	id,
-}: GetDashboardV2PathParameters) => {
-	return [`/api/v2/dashboards/${id}`] as const;
-};
-
-export const getGetDashboardV2QueryOptions = <
-	TData = Awaited<ReturnType<typeof getDashboardV2>>,
-	TError = ErrorType<RenderErrorResponseDTO>,
->(
-	{ id }: GetDashboardV2PathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getDashboardV2>>,
-			TError,
-			TData
-		>;
-	},
-) => {
-	const { query: queryOptions } = options ?? {};
-
-	const queryKey = queryOptions?.queryKey ?? getGetDashboardV2QueryKey({ id });
-
-	const queryFn: QueryFunction<Awaited<ReturnType<typeof getDashboardV2>>> = ({
-		signal,
-	}) => getDashboardV2({ id }, signal);
-
-	return {
-		queryKey,
-		queryFn,
-		enabled: !!id,
-		...queryOptions,
-	} as UseQueryOptions<
-		Awaited<ReturnType<typeof getDashboardV2>>,
-		TError,
-		TData
-	> & { queryKey: QueryKey };
-};
-
-export type GetDashboardV2QueryResult = NonNullable<
-	Awaited<ReturnType<typeof getDashboardV2>>
->;
-export type GetDashboardV2QueryError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Get dashboard (v2)
- */
-
-export function useGetDashboardV2<
-	TData = Awaited<ReturnType<typeof getDashboardV2>>,
-	TError = ErrorType<RenderErrorResponseDTO>,
->(
-	{ id }: GetDashboardV2PathParameters,
-	options?: {
-		query?: UseQueryOptions<
-			Awaited<ReturnType<typeof getDashboardV2>>,
-			TError,
-			TData
-		>;
-	},
-): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
-	const queryOptions = getGetDashboardV2QueryOptions({ id }, options);
-
-	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
-		queryKey: QueryKey;
-	};
-
-	query.queryKey = queryOptions.queryKey;
-
-	return query;
-}
-
-/**
- * @summary Get dashboard (v2)
- */
-export const invalidateGetDashboardV2 = async (
-	queryClient: QueryClient,
-	{ id }: GetDashboardV2PathParameters,
-	options?: InvalidateOptions,
-): Promise<QueryClient> => {
-	await queryClient.invalidateQueries(
-		{ queryKey: getGetDashboardV2QueryKey({ id }) },
-		options,
-	);
-
-	return queryClient;
-};
-
-/**
- * This endpoint updates a v2-shape dashboard's metadata, data, and tag set. Locked dashboards are rejected.
- * @summary Update dashboard (v2)
- */
-export const updateDashboardV2 = (
-	{ id }: UpdateDashboardV2PathParameters,
-	dashboardtypesPostableDashboardV2DTO: BodyType<DashboardtypesPostableDashboardV2DTO>,
-) => {
-	return GeneratedAPIInstance<UpdateDashboardV2200>({
-		url: `/api/v2/dashboards/${id}`,
-		method: 'PUT',
-		headers: { 'Content-Type': 'application/json' },
-		data: dashboardtypesPostableDashboardV2DTO,
-	});
-};
-
-export const getUpdateDashboardV2MutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateDashboardV2>>,
-		TError,
-		{
-			pathParams: UpdateDashboardV2PathParameters;
-			data: BodyType<DashboardtypesPostableDashboardV2DTO>;
-		},
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof updateDashboardV2>>,
-	TError,
-	{
-		pathParams: UpdateDashboardV2PathParameters;
-		data: BodyType<DashboardtypesPostableDashboardV2DTO>;
-	},
-	TContext
-> => {
-	const mutationKey = ['updateDashboardV2'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-			'mutationKey' in options.mutation &&
-			options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof updateDashboardV2>>,
-		{
-			pathParams: UpdateDashboardV2PathParameters;
-			data: BodyType<DashboardtypesPostableDashboardV2DTO>;
-		}
-	> = (props) => {
-		const { pathParams, data } = props ?? {};
-
-		return updateDashboardV2(pathParams, data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type UpdateDashboardV2MutationResult = NonNullable<
-	Awaited<ReturnType<typeof updateDashboardV2>>
->;
-export type UpdateDashboardV2MutationBody =
-	BodyType<DashboardtypesPostableDashboardV2DTO>;
-export type UpdateDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary Update dashboard (v2)
- */
-export const useUpdateDashboardV2 = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof updateDashboardV2>>,
-		TError,
-		{
-			pathParams: UpdateDashboardV2PathParameters;
-			data: BodyType<DashboardtypesPostableDashboardV2DTO>;
-		},
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof updateDashboardV2>>,
-	TError,
-	{
-		pathParams: UpdateDashboardV2PathParameters;
-		data: BodyType<DashboardtypesPostableDashboardV2DTO>;
-	},
-	TContext
-> => {
-	const mutationOptions = getUpdateDashboardV2MutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
--- a/frontend/src/api/generated/services/inframonitoring/index.ts
+++ b/frontend/src/api/generated/services/inframonitoring/index.ts
@@ -15,16 +15,20 @@ import type {
 	InframonitoringtypesPostableClustersDTO,
 	InframonitoringtypesPostableDeploymentsDTO,
 	InframonitoringtypesPostableHostsDTO,
+	InframonitoringtypesPostableJobsDTO,
 	InframonitoringtypesPostableNamespacesDTO,
 	InframonitoringtypesPostableNodesDTO,
 	InframonitoringtypesPostablePodsDTO,
+	InframonitoringtypesPostableStatefulSetsDTO,
 	InframonitoringtypesPostableVolumesDTO,
 	ListClusters200,
 	ListDeployments200,
 	ListHosts200,
+	ListJobs200,
 	ListNamespaces200,
 	ListNodes200,
 	ListPods200,
+	ListStatefulSets200,
 	ListVolumes200,
 	RenderErrorResponseDTO,
 } from '../sigNoz.schemas';
@@ -284,6 +288,90 @@ export const useListHosts = <

 	return useMutation(mutationOptions);
 };
+/**
+ * Returns a paginated list of Kubernetes Jobs with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the job, plus average CPU/memory request and limit utilization (jobCPURequest, jobCPULimit, jobMemoryRequest, jobMemoryLimit). Each row also reports the latest known job-level counters from kube-state-metrics: desiredSuccessfulPods (k8s.job.desired_successful_pods, the target completion count), activePods (k8s.job.active_pods), failedPods (k8s.job.failed_pods, cumulative across the lifetime of the job), and successfulPods (k8s.job.successful_pods, cumulative). It also reports per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value); note podCountsByPhase.failed (current pod-phase) is distinct from failedPods (cumulative job kube-state-metric). Each job includes metadata attributes (k8s.job.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.job.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by jobs in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_successful_pods / active_pods / failed_pods / successful_pods, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (jobCPU, jobCPURequest, jobCPULimit, jobMemory, jobMemoryRequest, jobMemoryLimit, desiredSuccessfulPods, activePods, failedPods, successfulPods) return -1 as a sentinel when no data is available for that field.
+ * @summary List Jobs for Infra Monitoring
+ */
+export const listJobs = (
+	inframonitoringtypesPostableJobsDTO: BodyType<InframonitoringtypesPostableJobsDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<ListJobs200>({
+		url: `/api/v2/infra_monitoring/jobs`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: inframonitoringtypesPostableJobsDTO,
+		signal,
+	});
+};
+
+export const getListJobsMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof listJobs>>,
+		TError,
+		{ data: BodyType<InframonitoringtypesPostableJobsDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof listJobs>>,
+	TError,
+	{ data: BodyType<InframonitoringtypesPostableJobsDTO> },
+	TContext
+> => {
+	const mutationKey = ['listJobs'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof listJobs>>,
+		{ data: BodyType<InframonitoringtypesPostableJobsDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return listJobs(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type ListJobsMutationResult = NonNullable<
+	Awaited<ReturnType<typeof listJobs>>
+>;
+export type ListJobsMutationBody =
+	BodyType<InframonitoringtypesPostableJobsDTO>;
+export type ListJobsMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary List Jobs for Infra Monitoring
+ */
+export const useListJobs = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof listJobs>>,
+		TError,
+		{ data: BodyType<InframonitoringtypesPostableJobsDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof listJobs>>,
+	TError,
+	{ data: BodyType<InframonitoringtypesPostableJobsDTO> },
+	TContext
+> => {
+	const mutationOptions = getListJobsMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
 /**
 * Returns a paginated list of Kubernetes namespaces with key aggregated pod metrics: CPU usage and memory working set (summed across pods in the group), plus per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value in the window). Each namespace includes metadata attributes (k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.namespace.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / memory, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (namespaceCPU, namespaceMemory) return -1 as a sentinel when no data is available for that field.
 * @summary List Namespaces for Infra Monitoring
@@ -620,3 +708,87 @@ export const useListVolumes = <

 	return useMutation(mutationOptions);
 };
+/**
+ * Returns a paginated list of Kubernetes StatefulSets with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the statefulset, plus average CPU/memory request and limit utilization (statefulSetCPURequest, statefulSetCPULimit, statefulSetMemoryRequest, statefulSetMemoryLimit). Each row also reports the latest known desiredPods (k8s.statefulset.desired_pods) and currentPods (k8s.statefulset.current_pods) replica counts and per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value). Each statefulset includes metadata attributes (k8s.statefulset.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.statefulset.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by statefulsets in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_pods / current_pods, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (statefulSetCPU, statefulSetCPURequest, statefulSetCPULimit, statefulSetMemory, statefulSetMemoryRequest, statefulSetMemoryLimit, desiredPods, currentPods) return -1 as a sentinel when no data is available for that field.
+ * @summary List StatefulSets for Infra Monitoring
+ */
+export const listStatefulSets = (
+	inframonitoringtypesPostableStatefulSetsDTO: BodyType<InframonitoringtypesPostableStatefulSetsDTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<ListStatefulSets200>({
+		url: `/api/v2/infra_monitoring/statefulsets`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: inframonitoringtypesPostableStatefulSetsDTO,
+		signal,
+	});
+};
+
+export const getListStatefulSetsMutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof listStatefulSets>>,
+		TError,
+		{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof listStatefulSets>>,
+	TError,
+	{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> },
+	TContext
+> => {
+	const mutationKey = ['listStatefulSets'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof listStatefulSets>>,
+		{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return listStatefulSets(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type ListStatefulSetsMutationResult = NonNullable<
+	Awaited<ReturnType<typeof listStatefulSets>>
+>;
+export type ListStatefulSetsMutationBody =
+	BodyType<InframonitoringtypesPostableStatefulSetsDTO>;
+export type ListStatefulSetsMutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary List StatefulSets for Infra Monitoring
+ */
+export const useListStatefulSets = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof listStatefulSets>>,
+		TError,
+		{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof listStatefulSets>>,
+	TError,
+	{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> },
+	TContext
+> => {
+	const mutationOptions = getListStatefulSetsMutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
--- a/frontend/src/api/generated/services/sigNoz.schemas.ts
+++ b/frontend/src/api/generated/services/sigNoz.schemas.ts
--- a/frontend/src/api/v5/queryRange/prepareQueryRangePayloadV5.ts
+++ b/frontend/src/api/v5/queryRange/prepareQueryRangePayloadV5.ts
@@ -437,11 +437,16 @@ export function convertTraceOperatorToV5(
 				panelType,
 			);

-			// Skip aggregation for raw request type
+			// Skip aggregation for raw request type. Force dataSource to traces so
+			// createAggregation never takes the metrics branch (which would emit a
+			// metricName field the backend rejects for trace operators).
 			const aggregations =
 				requestType === 'raw'
 					? undefined
-					: createAggregation(traceOperatorData, panelType);
+					: createAggregation(
+							{ ...traceOperatorData, dataSource: DataSource.TRACES },
+							panelType,
+						);

 			const spec: QueryEnvelope['spec'] = {
 				name: queryName,
--- a/frontend/src/components/CustomTimePicker/CustomTimePicker.tsx
+++ b/frontend/src/components/CustomTimePicker/CustomTimePicker.tsx
@@ -596,6 +596,7 @@ function CustomTimePicker({
 				>
 					<Input
 						ref={inputRef}
+						autoComplete="off"
 						className={cx(
 							'timeSelection-input',
 							inputStatus === CustomTimePickerInputStatus.ERROR ? 'error' : '',
--- a/frontend/src/components/QueryBuilderV2/tests/utils.test.ts
+++ b/frontend/src/components/QueryBuilderV2/tests/utils.test.ts
@@ -1155,7 +1155,7 @@ describe('removeKeysFromExpression', () => {
 	});

 	describe('Real-world scenarios', () => {
-		it('should handle multiple variable instances of same key', () => {
+		it('should remove at most one variable expression per key', () => {
 			const expression =
 				"deployment.environment = $env1 deployment.environment = $env2 deployment.environment = 'default'";
 			const result = removeKeysFromExpression(
@@ -1164,9 +1164,11 @@ describe('removeKeysFromExpression', () => {
 				true,
 			);

-			// Should remove one occurence as this case in itself is invalid to have multiple variable expressions for the same key
+			// Should remove one occurrence — having multiple $-value clauses for the
+			// same key is invalid. The first is removed; subsequent $ clauses and
+			// literal-value clauses are preserved.
 			expect(result).toBe(
-				"deployment.environment = $env1 deployment.environment = 'default'",
+				"deployment.environment = $env2 AND deployment.environment = 'default'",
 			);
 		});

@@ -1199,6 +1201,186 @@ describe('removeKeysFromExpression', () => {
 			expect(pairs).toHaveLength(2);
 		});
 	});
+
+	describe('ANTLR-based removal — operator precedence (AND binds tighter than OR)', () => {
+		it('preserves OR when removing from a mixed AND/OR expression', () => {
+			// a AND b OR c — grammar parses as (a AND b) OR c
+			// removing b collapses the AND group to just a, OR is preserved
+			expect(
+				removeKeysFromExpression("a = '1' AND b = '2' OR c = '3'", ['b']),
+			).toBe("a = '1' OR c = '3'");
+		});
+
+		it('preserves correct conjunctions in a four-term mixed expression', () => {
+			// a AND b OR c AND d — removing b collapses first AND group to a
+			expect(
+				removeKeysFromExpression("a = '1' AND b = '2' OR c = '3' AND d = '4'", [
+					'b',
+				]),
+			).toBe("a = '1' OR c = '3' AND d = '4'");
+		});
+
+		it('preserves correct conjunctions when removing from a trailing AND group', () => {
+			// a OR b AND c OR d — removing c collapses second AND group to b
+			expect(
+				removeKeysFromExpression("a = '1' OR b = '2' AND c = '3' OR d = '4'", [
+					'c',
+				]),
+			).toBe("a = '1' OR b = '2' OR d = '4'");
+		});
+	});
+
+	describe('ANTLR-based removal — parenthesised expressions', () => {
+		it('removes last clause without leaving a dangling AND', () => {
+			const expression =
+				'(deployment.environment = $deployment.environment AND service.name = $service.name AND top_level_operation IN [$top_level_operation])';
+			expect(
+				removeKeysFromExpression(expression, ['top_level_operation'], true),
+			).toBe(
+				'(deployment.environment = $deployment.environment AND service.name = $service.name)',
+			);
+		});
+
+		it('removes first clause without leaving a dangling AND', () => {
+			expect(
+				removeKeysFromExpression(
+					'(deployment.environment = $deployment.environment AND service.name = $service.name)',
+					['deployment.environment'],
+					true,
+				),
+			).toBe('service.name = $service.name');
+		});
+
+		it('removes middle clause without disturbing surrounding AND', () => {
+			expect(
+				removeKeysFromExpression(
+					'(deployment.environment = $deployment.environment AND service.name = $service.name AND region = $region)',
+					['service.name'],
+					true,
+				),
+			).toBe(
+				'(deployment.environment = $deployment.environment AND region = $region)',
+			);
+		});
+
+		it('drops the empty paren group when its only child is removed', () => {
+			// (a) OR (b) — removing a must not leave () OR (b = '2')
+			// The remaining single-clause group has its redundant parens stripped too
+			expect(removeKeysFromExpression("(a = '1') OR (b = '2')", ['a'])).toBe(
+				"b = '2'",
+			);
+		});
+
+		it('handles OR inside parentheses without leaving dangling OR', () => {
+			expect(
+				removeKeysFromExpression(
+					'(service.name = $service.name OR operation = $operation)',
+					['operation'],
+					true,
+				),
+			).toBe('service.name = $service.name');
+		});
+	});
+
+	describe('ANTLR-based removal — BETWEEN, EXISTS, and other operators', () => {
+		it('removes a BETWEEN clause without treating its AND as a conjunction', () => {
+			// BETWEEN x AND y — the AND is part of the operator, not a conjunction
+			expect(
+				removeKeysFromExpression("a BETWEEN 1 AND 10 AND b = '2'", ['a']),
+			).toBe("b = '2'");
+		});
+
+		it('removes a NOT BETWEEN clause without treating its AND as a conjunction', () => {
+			expect(
+				removeKeysFromExpression("a NOT BETWEEN 1 AND 10 AND b = '2'", ['a']),
+			).toBe("b = '2'");
+		});
+
+		it('removes an EXISTS clause (no value token)', () => {
+			expect(removeKeysFromExpression("a = '1' AND b EXISTS", ['b'])).toBe(
+				"a = '1'",
+			);
+		});
+
+		it('removes a NOT EXISTS clause', () => {
+			expect(removeKeysFromExpression("a = '1' AND b NOT EXISTS", ['b'])).toBe(
+				"a = '1'",
+			);
+		});
+
+		it('removes an IN clause correctly', () => {
+			expect(
+				removeKeysFromExpression("service IN ['api', 'web'] AND status = 'ok'", [
+					'service',
+				]),
+			).toBe("status = 'ok'");
+		});
+
+		it('removes a NOT IN clause correctly', () => {
+			expect(
+				removeKeysFromExpression(
+					"service NOT IN ['api', 'web'] AND status = 'ok'",
+					['service'],
+				),
+			).toBe("status = 'ok'");
+		});
+
+		it('removes a CONTAINS clause correctly', () => {
+			expect(
+				removeKeysFromExpression("message CONTAINS 'error' AND service = 'api'", [
+					'message',
+				]),
+			).toBe("service = 'api'");
+		});
+
+		it('removes a LIKE clause correctly', () => {
+			expect(
+				removeKeysFromExpression("message LIKE '%error%' AND service = 'api'", [
+					'message',
+				]),
+			).toBe("service = 'api'");
+		});
+
+		it('removes a NOT LIKE clause correctly', () => {
+			expect(
+				removeKeysFromExpression("message NOT LIKE '%error%' AND service = 'api'", [
+					'message',
+				]),
+			).toBe("service = 'api'");
+		});
+	});
+
+	describe('ANTLR-based removal — AND/OR precedence combinations', () => {
+		it('handles a AND b AND c OR d: removing b leaves a AND c OR d', () => {
+			// AND binds tighter than OR, so this parses as (a AND b AND c) OR d
+			expect(
+				removeKeysFromExpression("a = '1' AND b = '2' AND c = '3' OR d = '4'", [
+					'b',
+				]),
+			).toBe("a = '1' AND c = '3' OR d = '4'");
+		});
+	});
+
+	describe('ANTLR-based removal — deeply nested expressions', () => {
+		const nestedExpr =
+			"((deployment.environment = $env1 OR deployment.environment = 'default') AND service.name = $svc1)";
+
+		it('removes service.name variable — outer and inner single-child parens both drop', () => {
+			// After removal: inner OR group keeps parens (2 items), outer group drops
+			// parens (1 item remains)
+			expect(removeKeysFromExpression(nestedExpr, ['service.name'], true)).toBe(
+				"(deployment.environment = $env1 OR deployment.environment = 'default')",
+			);
+		});
+
+		it('removes deployment.environment variable — inner OR collapses, outer parens kept', () => {
+			// Only the $env1 variable clause is removed; 'default' literal stays.
+			// Inner paren drops (single item left), outer paren stays (2 AND items remain).
+			expect(
+				removeKeysFromExpression(nestedExpr, ['deployment.environment'], true),
+			).toBe("(deployment.environment = 'default' AND service.name = $svc1)");
+		});
+	});
 });

 describe('formatValueForExpression', () => {
--- a/frontend/src/components/QueryBuilderV2/utils.ts
+++ b/frontend/src/components/QueryBuilderV2/utils.ts
@@ -1,4 +1,7 @@
 /* eslint-disable sonarjs/cognitive-complexity */
+import { CharStreams, CommonTokenStream, ParserRuleContext } from 'antlr4';
+import { cloneDeep, isEqual, sortBy } from 'lodash-es';
+import { v4 as uuid } from 'uuid';
 import { createAggregation } from 'api/v5/queryRange/prepareQueryRangePayloadV5';
 import {
 	DEPRECATED_OPERATORS_MAP,
@@ -6,7 +9,16 @@ import {
 	QUERY_BUILDER_FUNCTIONS,
 } from 'constants/antlrQueryConstants';
 import { getOperatorValue } from 'container/QueryBuilder/filters/QueryBuilderSearch/utils';
-import { cloneDeep, isEqual, sortBy } from 'lodash-es';
+import FilterQueryLexer from 'parser/FilterQueryLexer';
+import FilterQueryParser, {
+	AndExpressionContext,
+	ComparisonContext,
+	InClauseContext,
+	NotInClauseContext,
+	OrExpressionContext,
+	PrimaryContext,
+	UnaryExpressionContext,
+} from 'parser/FilterQueryParser';
 import { IQueryPair } from 'types/antlrQueryTypes';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import {
@@ -26,7 +38,6 @@ import { DataSource, ReduceOperators } from 'types/common/queryBuilder';
 import { extractQueryPairs } from 'utils/queryContextUtils';
 import { isQuoted, unquote } from 'utils/stringUtils';
 import { isFunctionOperator, isNonValueOperator } from 'utils/tokenUtils';
-import { v4 as uuid } from 'uuid';

 /**
 * Check if an operator requires array values (like IN, NOT IN)
@@ -513,97 +524,201 @@ export const convertFiltersToExpressionWithExistingQuery = (
 };

 /**
- * Removes specified key-value pairs from a logical query expression string.
+ * Removes clauses for specified keys from a filter query expression.
 *
- * This function parses the given query expression and removes any query pairs
- * whose keys match those in the `keysToRemove` array. It also removes any trailing
- * logical conjunctions (e.g., `AND`, `OR`) and whitespace that follow the matched pairs,
- * ensuring that the resulting expression remains valid and clean.
+ * Uses an ANTLR parse-tree traversal over the existing FilterQuery grammar so that
+ * compound predicates like `BETWEEN x AND y`, `EXISTS`, and `IN (...)` are treated
+ * as atomic nodes — their internal tokens are never confused with top-level AND/OR
+ * conjunctions. Surviving siblings are rejoined with the correct operator at each
+ * level of the tree, producing no dangling operators regardless of expression shape.
+ * If the expression cannot be parsed, it is returned unchanged.
 *
- * @param expression - The full query string.
- * @param keysToRemove - An array of keys (case-insensitive) that should be removed from the expression.
- * @param removeOnlyVariableExpressions - When true, only removes key-value pairs where the value is a variable (starts with $). When false, uses the original behavior.
- * @returns A new expression string with the specified keys and their associated clauses removed.
+ * @param expression - The full filter query string.
+ * @param keysToRemove - Keys (case-insensitive) whose clauses should be dropped.
+ * @param removeOnlyVariableExpressions - Controls which clauses are eligible for removal:
+ *   - `false` (default): removes all clauses for the key regardless of value.
+ *   - `true`: removes only the first clause whose value contains any `$`.
+ *   - `string` (e.g. `"$service.name"`): removes only the clause whose value exactly
+ *     matches that string — preferred when the specific variable reference is known.
+ * @returns The rewritten expression, or an empty string if all clauses were removed.
 */
 export const removeKeysFromExpression = (
 	expression: string,
 	keysToRemove: string[],
-	removeOnlyVariableExpressions = false,
+	removeOnlyVariableExpressions: string | boolean = false,
 ): string => {
 	if (!keysToRemove || keysToRemove.length === 0) {
 		return expression;
 	}
-
-	let updatedExpression = expression;
-
-	if (updatedExpression) {
-		keysToRemove.forEach((key) => {
-			// Extract key-value query pairs from the expression
-			const existingQueryPairs = extractQueryPairs(updatedExpression);
-
-			let queryPairsMap: Map<string, IQueryPair>;
-
-			if (existingQueryPairs.length > 0) {
-				// Filter query pairs based on the removeOnlyVariableExpressions flag
-				const filteredQueryPairs = removeOnlyVariableExpressions
-					? existingQueryPairs.filter((pair) => {
-							const pairKey = pair.key?.trim().toLowerCase();
-							const matchesKey = pairKey === `${key}`.trim().toLowerCase();
-							if (!matchesKey) {
-								return false;
-							}
-							const value = pair.value?.toString().trim();
-							return value && value.includes('$');
-						})
-					: existingQueryPairs;
-
-				// Build a map for quick lookup of query pairs by their lowercase trimmed keys
-				queryPairsMap = new Map(
-					filteredQueryPairs.map((pair) => {
-						const key = pair.key.trim().toLowerCase();
-						return [key, pair];
-					}),
-				);
-
-				// Lookup the current query pair using the attribute key (case-insensitive)
-				const currentQueryPair = queryPairsMap.get(`${key}`.trim().toLowerCase());
-				if (currentQueryPair && currentQueryPair.isComplete) {
-					// Determine the start index of the query pair (fallback order: key → operator → value)
-					const queryPairStart =
-						currentQueryPair.position.keyStart ??
-						currentQueryPair.position.operatorStart ??
-						currentQueryPair.position.valueStart;
-					// Determine the end index of the query pair (fallback order: value → operator → key)
-					let queryPairEnd =
-						currentQueryPair.position.valueEnd ??
-						currentQueryPair.position.operatorEnd ??
-						currentQueryPair.position.keyEnd;
-					// Get the part of the expression that comes after the current query pair
-					const expressionAfterPair = `${updatedExpression.slice(queryPairEnd + 1)}`;
-					// Match optional spaces and an optional conjunction (AND/OR), case-insensitive
-					const conjunctionOrSpacesRegex = /^(\s*((AND|OR)\s+)?)/i;
-					const match = expressionAfterPair.match(conjunctionOrSpacesRegex);
-					if (match && match.length > 0) {
-						// If match is found, extend the queryPairEnd to include the matched part
-						queryPairEnd += match[0].length;
-					}
-					// Remove the full query pair (including any conjunction/whitespace) from the expression
-					updatedExpression = `${updatedExpression.slice(
-						0,
-						queryPairStart,
-					)}${updatedExpression.slice(queryPairEnd + 1)}`.trim();
-				}
-			}
-		});
-
-		// Clean up any remaining trailing AND/OR operators and extra whitespace
-		updatedExpression = updatedExpression
-			.replace(/\s+(AND|OR)\s*$/i, '') // Remove trailing AND/OR
-			.replace(/^(AND|OR)\s+/i, '') // Remove leading AND/OR
-			.trim();
+	if (!expression.trim()) {
+		return expression;
 	}

-	return updatedExpression;
+	const keysSet = new Set(keysToRemove.map((k) => k.trim().toLowerCase()));
+	// Tracks keys for which a variable expression has already been removed.
+	// Having multiple $-value clauses for the same key is invalid; we remove at most one.
+	const removedVariableKeys = new Set<string>();
+
+	const chars = CharStreams.fromString(expression);
+	const lexer = new FilterQueryLexer(chars);
+	lexer.removeErrorListeners();
+	const tokenStream = new CommonTokenStream(lexer);
+	const parser = new FilterQueryParser(tokenStream);
+	parser.removeErrorListeners();
+
+	const tree = parser.query();
+
+	// If the expression couldn't be parsed, return it unchanged rather than mangling it
+	if (parser.syntaxErrorsCount > 0) {
+		return expression;
+	}
+
+	// Extract original source text for a node, preserving the user's exact formatting
+	const src = (ctx: ParserRuleContext): string =>
+		expression.slice(ctx.start.start, (ctx.stop ?? ctx.start).stop + 1);
+
+	// Returns null when the entire node should be dropped.
+	// isSingle = true means the result is a single, non-compound expression at
+	// this level (no AND/OR between sibling clauses), which lets the paren
+	// visitor decide whether wrapping is still needed.
+	type VisitResult = { text: string; isSingle: boolean } | null;
+
+	function visitOrExpression(ctx: OrExpressionContext): VisitResult {
+		const parts = ctx
+			.andExpression_list()
+			.map(visitAndExpression)
+			.filter((r): r is NonNullable<VisitResult> => r !== null);
+		if (parts.length === 0) {
+			return null;
+		}
+		// Single surviving branch — pass its isSingle straight through so the
+		// paren visitor can decide whether to keep the outer parens.
+		if (parts.length === 1) {
+			return parts[0];
+		}
+		return { text: parts.map((p) => p.text).join(' OR '), isSingle: false };
+	}
+
+	function visitAndExpression(ctx: AndExpressionContext): VisitResult {
+		const parts = ctx
+			.unaryExpression_list()
+			.map(visitUnaryExpression)
+			.filter((r): r is NonNullable<VisitResult> => r !== null);
+		if (parts.length === 0) {
+			return null;
+		}
+		if (parts.length === 1) {
+			return { text: parts[0].text, isSingle: true };
+		}
+		return { text: parts.map((p) => p.text).join(' AND '), isSingle: false };
+	}
+
+	function visitUnaryExpression(ctx: UnaryExpressionContext): VisitResult {
+		const primaryResult = visitPrimary(ctx.primary());
+		if (primaryResult === null) {
+			return null;
+		}
+		return ctx.NOT()
+			? { text: `NOT ${primaryResult.text}`, isSingle: true }
+			: primaryResult;
+	}
+
+	function visitPrimary(ctx: PrimaryContext): VisitResult {
+		// Parenthesised sub-expression: ( orExpression )
+		const orCtx = ctx.orExpression();
+		if (orCtx) {
+			const inner = visitOrExpression(orCtx);
+			if (inner === null) {
+				return null;
+			}
+			// Drop redundant parens when the group collapses to a single clause;
+			// keep them when multiple clauses remain (operator-precedence matters).
+			if (inner.isSingle) {
+				return { text: inner.text, isSingle: true };
+			}
+			return { text: `(${inner.text})`, isSingle: true };
+		}
+
+		const compCtx = ctx.comparison();
+		if (compCtx) {
+			const result = visitComparison(compCtx);
+			return result !== null ? { text: result, isSingle: true } : null;
+		}
+
+		// functionCall, fullText, bare key, bare value — keep verbatim
+		return { text: src(ctx), isSingle: true };
+	}
+
+	function visitComparison(ctx: ComparisonContext): string | null {
+		const keyText = ctx.key().getText().trim().toLowerCase();
+
+		if (!keysSet.has(keyText)) {
+			return src(ctx);
+		}
+
+		if (removeOnlyVariableExpressions) {
+			// Scope the value check to value nodes only — not the full comparison text —
+			// so a key that contains '$' does not trigger removal when the value is a
+			// literal. The ANTLR4 runtime returns null from getTypedRuleContext when a
+			// rule is absent, despite the non-nullable TypeScript signatures.
+			const inCtx = ctx.inClause() as unknown as InClauseContext | null;
+			const notInCtx = ctx.notInClause() as unknown as NotInClauseContext | null;
+			// When a specific variable string is supplied, require an exact match so we
+			// never accidentally remove a different $-valued clause for the same key.
+			const matchesVariable = (text: string): boolean =>
+				typeof removeOnlyVariableExpressions === 'string'
+					? text === removeOnlyVariableExpressions
+					: text.includes('$');
+
+			const valueHasVariable = (): boolean => {
+				// Simple comparisons: key = $var, BETWEEN $v1 AND $v2, etc.
+				if (ctx.value_list().some((v) => matchesVariable(v.getText()))) {
+					return true;
+				}
+				// IN $var (bare single value) or IN ($v1, $v2) (value list)
+				if (inCtx) {
+					const bare = inCtx.value() as unknown as { getText(): string } | null;
+					if (bare && matchesVariable(bare.getText())) {
+						return true;
+					}
+					const list = inCtx.valueList() as unknown as {
+						value_list(): { getText(): string }[];
+					} | null;
+					if (list && list.value_list().some((v) => matchesVariable(v.getText()))) {
+						return true;
+					}
+				}
+				// NOT IN $var or NOT IN ($v1, $v2)
+				if (notInCtx) {
+					const bare = notInCtx.value() as unknown as { getText(): string } | null;
+					if (bare && matchesVariable(bare.getText())) {
+						return true;
+					}
+					const list = notInCtx.valueList() as unknown as {
+						value_list(): { getText(): string }[];
+					} | null;
+					if (list && list.value_list().some((v) => matchesVariable(v.getText()))) {
+						return true;
+					}
+				}
+				return false;
+			};
+
+			if (valueHasVariable()) {
+				if (removedVariableKeys.has(keyText)) {
+					return src(ctx);
+				}
+				removedVariableKeys.add(keyText);
+				return null;
+			}
+			return src(ctx);
+		}
+
+		return null;
+	}
+
+	const result = visitOrExpression(tree.expression().orExpression());
+	return result?.text ?? '';
 };

 /**
--- a/frontend/src/components/createGuardedRoute/createGuardedRoute.test.tsx
+++ b/frontend/src/components/createGuardedRoute/createGuardedRoute.test.tsx
@@ -360,8 +360,7 @@ describe('createGuardedRoute', () => {
 				const obj = payload[0]?.object;
 				const kind = obj?.resource?.kind;
 				const selector = obj?.selector ?? '*';
-				const objectStr =
-					obj?.resource?.type === 'metaresources' ? kind : `${kind}:${selector}`;
+				const objectStr = `${kind}:${selector}`;
 				requestedObjects.push(objectStr ?? '');

 				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));
--- a/frontend/src/container/CreateAlertV2/Footer/utils.tsx
+++ b/frontend/src/container/CreateAlertV2/Footer/utils.tsx
@@ -220,6 +220,7 @@ export function buildCreateThresholdAlertRulePayload(
 		builderQueries: {
 			...mapQueryDataToApi(query.builder.queryData, 'queryName').data,
 			...mapQueryDataToApi(query.builder.queryFormulas, 'queryName').data,
+			...mapQueryDataToApi(query.builder.queryTraceOperator, 'queryName').data,
 		},
 		promQueries: mapQueryDataToApi(query.promql, 'name').data,
 		chQueries: mapQueryDataToApi(query.clickhouse_sql, 'name').data,
--- a/frontend/src/container/DashboardContainer/DashboardVariablesSelection/useDashboardVariableUpdate.ts
+++ b/frontend/src/container/DashboardContainer/DashboardVariablesSelection/useDashboardVariableUpdate.ts
@@ -1,5 +1,7 @@
 /* eslint-disable sonarjs/cognitive-complexity */
 import { useCallback } from 'react';
+import { useTranslation } from 'react-i18next';
+import { toast } from '@signozhq/ui/sonner';
 import { useAddDynamicVariableToPanels } from 'hooks/dashboard/useAddDynamicVariableToPanels';
 import { updateLocalStorageDashboardVariable } from 'hooks/dashboard/useDashboardFromLocalStorage';
 import { useUpdateDashboard } from 'hooks/dashboard/useUpdateDashboard';
@@ -48,6 +50,7 @@ export const useDashboardVariableUpdate =
 		);
 		const addDynamicVariableToPanels = useAddDynamicVariableToPanels();
 		const updateMutation = useUpdateDashboard();
+		const { t } = useTranslation('dashboard');

 		const onValueUpdate = useCallback(
 			(
@@ -177,6 +180,14 @@ export const useDashboardVariableUpdate =
 				// Get current dashboard variables
 				const currentVariables = dashboardData.data.variables || {};

+				const nameExists = Object.values(currentVariables).some(
+					(v) => v.name === name,
+				);
+				if (nameExists) {
+					toast.error(t('variable_name_already_exists', { name, ns: 'dashboard' }));
+					return;
+				}
+
 				// Create tableRowData like Dashboard Settings does
 				const tableRowData = [];
 				const variableOrderArr = [];
@@ -202,21 +213,20 @@ export const useDashboardVariableUpdate =
 				// Create new variable
 				const nextOrder =
 					variableOrderArr.length > 0 ? Math.max(...variableOrderArr) + 1 : 0;
-				const newVariable: any = {
+				const newVariable: IDashboardVariable = {
 					id: uuidv4(),
 					name,
-					type: 'DYNAMIC' as const,
+					type: 'DYNAMIC',
 					description,
 					order: nextOrder,
 					selectedValue: value,
 					allSelected: false,
 					haveCustomValuesSelected: false,
-					sort: 'ASC' as const,
+					sort: 'ASC',
 					multiSelect: true,
 					showALLOption: true,
 					dynamicVariablesAttribute: name,
 					dynamicVariablesSource: source,
-					dynamicVariablesWidgetIds: [],
 					queryValue: '',
 				};

--- a/frontend/src/container/ListAlertRules/ToggleAlertState.tsx
+++ b/frontend/src/container/ListAlertRules/ToggleAlertState.tsx
@@ -1,6 +1,8 @@
 import { Dispatch, SetStateAction, useState } from 'react';
+import { useQueryClient } from 'react-query';
 import { patchRulePartial } from 'api/alerts/patchRulePartial';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
+import { invalidateGetRuleByID } from 'api/generated/services/rules';
 import type {
 	RenderErrorResponseDTO,
 	RuletypesRuleDTO,
@@ -28,6 +30,7 @@ function ToggleAlertState({

 	const { notifications } = useNotifications();
 	const { showErrorModal } = useErrorModal();
+	const queryClient = useQueryClient();

 	const onToggleHandler = async (
 		id: string,
@@ -60,6 +63,9 @@ function ToggleAlertState({
 				loading: false,
 				payload: updatedRule,
 			}));
+
+			invalidateGetRuleByID(queryClient, { id });
+
 			notifications.success({
 				message: 'Success',
 			});
--- a/frontend/src/hooks/useAuthZ/permissions.type.ts
+++ b/frontend/src/hooks/useAuthZ/permissions.type.ts
@@ -4,12 +4,8 @@ export default {
 	data: {
 		resources: [
 			{
-				kind: 'role',
-				type: 'metaresources',
-			},
-			{
-				kind: 'serviceaccount',
-				type: 'metaresources',
+				kind: 'factor-api-key',
+				type: 'metaresource',
 			},
 			{
 				kind: 'role',
@@ -22,12 +18,13 @@ export default {
 		],
 		relations: {
 			assignee: ['role'],
-			attach: ['role', 'serviceaccount'],
-			create: ['metaresources'],
-			delete: ['role', 'serviceaccount'],
-			list: ['metaresources'],
-			read: ['role', 'serviceaccount'],
-			update: ['role', 'serviceaccount'],
+			attach: ['metaresource', 'role', 'serviceaccount'],
+			create: ['metaresource', 'role', 'serviceaccount'],
+			delete: ['metaresource', 'role', 'serviceaccount'],
+			detach: ['metaresource', 'role', 'serviceaccount'],
+			list: ['metaresource', 'role', 'serviceaccount'],
+			read: ['metaresource', 'role', 'serviceaccount'],
+			update: ['metaresource', 'role', 'serviceaccount'],
 		},
 	},
 } as const;
--- a/frontend/src/hooks/useAuthZ/utils.ts
+++ b/frontend/src/hooks/useAuthZ/utils.ts
@@ -80,19 +80,6 @@ export function permissionToTransactionDto(
 	permission: BrandedPermission,
 ): AuthtypesTransactionDTO {
 	const { relation, object: objectStr } = parsePermission(permission);
-	const directType = resolveType(relation, objectStr);
-	if (directType === 'metaresources') {
-		return {
-			relation: relation as AuthtypesRelationDTO,
-			object: {
-				resource: {
-					kind: objectStr as ResourceName,
-					type: directType as CoretypesTypeDTO,
-				},
-				selector: '*',
-			},
-		};
-	}
 	const { resourceName, selector } = splitObjectString(objectStr);
 	const type = resolveType(relation, resourceName) ?? 'metaresource';

@@ -117,9 +104,6 @@ export function gettableTransactionToPermission(
 	} = item;
 	const resourceName = String(resource.kind);
 	const selectorStr = typeof selector === 'string' ? selector : '*';
-	const objectStr =
-		resource.type === 'metaresources'
-			? resourceName
-			: `${resourceName}${ObjectSeparator}${selectorStr}`;
+	const objectStr = `${resourceName}${ObjectSeparator}${selectorStr}`;
 	return `${relation}${PermissionSeparator}${objectStr}` as BrandedPermission;
 }
--- a/frontend/src/lib/newQueryBuilder/queryBuilderMappers/mapQueryDataFromApi.ts
+++ b/frontend/src/lib/newQueryBuilder/queryBuilderMappers/mapQueryDataFromApi.ts
@@ -53,7 +53,9 @@ const mapQueryFromV5 = (compositeQuery: ICompositeMetricQuery): Query => {
 			}
 		} else if (q.type === 'builder_trace_operator') {
 			if (spec.name) {
-				builderQueries[spec.name] = spec as unknown as IBuilderTraceOperator;
+				builderQueries[spec.name] = convertBuilderQueryToIBuilderQuery(
+					spec as BuilderQuery,
+				) as IBuilderTraceOperator;
 				builderQueryTypes[spec.name] = 'builder_trace_operator';
 			}
 		} else if (q.type === 'promql') {
--- a/frontend/src/pages/AlertDetails/AlertHeader/AlertState/AlertState.tsx
+++ b/frontend/src/pages/AlertDetails/AlertHeader/AlertState/AlertState.tsx
@@ -17,7 +17,7 @@ export default function AlertState({
 	let label;
 	const isDarkMode = useIsDarkMode();
 	switch (state) {
-		case 'no-data':
+		case 'nodata':
 			icon = (
 				<CircleOff
 					size={18}
--- a/frontend/src/pages/AlertDetails/hooks.tsx
+++ b/frontend/src/pages/AlertDetails/hooks.tsx
@@ -12,6 +12,7 @@ import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import {
 	createRule,
 	deleteRuleByID,
+	invalidateGetRuleByID,
 	updateRuleByID,
 	useGetRuleByID,
 	useListRules,
@@ -408,6 +409,7 @@ export const useAlertRuleStatusToggle = ({
 		{
 			onSuccess: (data) => {
 				setAlertRuleState(data.data.state);
+				invalidateGetRuleByID(queryClient, { id: ruleId });
 				queryClient.refetchQueries([REACT_QUERY_KEY.ALERT_RULE_DETAILS, ruleId]);
 				notifications.success({
 					message: `Alert has been ${
@@ -416,6 +418,7 @@ export const useAlertRuleStatusToggle = ({
 				});
 			},
 			onError: (error) => {
+				invalidateGetRuleByID(queryClient, { id: ruleId });
 				queryClient.refetchQueries([REACT_QUERY_KEY.ALERT_RULE_DETAILS, ruleId]);
 				showErrorModal(
 					convertToApiError(error as AxiosError<RenderErrorResponseDTO>) as APIError,
--- a/frontend/src/types/api/alerts/def.ts
+++ b/frontend/src/types/api/alerts/def.ts
@@ -109,7 +109,8 @@ export type AlertRuleTimelineTableResponsePayload = {
 		labels: AlertLabelsProps['labels'];
 	};
 };
-type AlertState = 'firing' | 'normal' | 'no-data' | 'muted';
+
+type AlertState = 'firing' | 'normal' | 'nodata' | 'muted';

 export interface AlertRuleTimelineGraphResponse {
 	start: number;
--- a/pkg/apiserver/signozapiserver/dashboard.go
+++ b/pkg/apiserver/signozapiserver/dashboard.go
@@ -14,57 +14,6 @@ import (
 )

 func (provider *provider) addDashboardRoutes(router *mux.Router) error {
-	if err := router.Handle("/api/v2/dashboards", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.CreateV2), handler.OpenAPIDef{
-		ID:                  "CreateDashboardV2",
-		Tags:                []string{"dashboard"},
-		Summary:             "Create dashboard (v2)",
-		Description:         "This endpoint creates a v2-shape dashboard with structured metadata, a typed data tree, and resolved tags.",
-		Request:             new(dashboardtypes.PostableDashboardV2),
-		RequestContentType:  "application/json",
-		Response:            new(dashboardtypes.GettableDashboardV2),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusCreated,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
-	})).Methods(http.MethodPost).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.GetV2), handler.OpenAPIDef{
-		ID:                  "GetDashboardV2",
-		Tags:                []string{"dashboard"},
-		Summary:             "Get dashboard (v2)",
-		Description:         "This endpoint returns a v2-shape dashboard with its tags and public sharing config (if any).",
-		Request:             nil,
-		RequestContentType:  "",
-		Response:            new(dashboardtypes.GettableDashboardV2),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
-	})).Methods(http.MethodGet).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.UpdateV2), handler.OpenAPIDef{
-		ID:                  "UpdateDashboardV2",
-		Tags:                []string{"dashboard"},
-		Summary:             "Update dashboard (v2)",
-		Description:         "This endpoint updates a v2-shape dashboard's metadata, data, and tag set. Locked dashboards are rejected.",
-		Request:             new(dashboardtypes.UpdateableDashboardV2),
-		RequestContentType:  "application/json",
-		Response:            new(dashboardtypes.GettableDashboardV2),
-		ResponseContentType: "application/json",
-		SuccessStatusCode:   http.StatusOK,
-		ErrorStatusCodes:    []int{},
-		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
-	})).Methods(http.MethodPut).GetError(); err != nil {
-		return err
-	}
-
 	if err := router.Handle("/api/v1/dashboards/{id}/public", handler.New(provider.authzMiddleware.AdminAccess(provider.dashboardHandler.CreatePublic), handler.OpenAPIDef{
 		ID:                  "CreatePublicDashboard",
 		Tags:                []string{"dashboard"},
--- a/pkg/apiserver/signozapiserver/inframonitoring.go
+++ b/pkg/apiserver/signozapiserver/inframonitoring.go
@@ -143,5 +143,43 @@ func (provider *provider) addInfraMonitoringRoutes(router *mux.Router) error {
 		return err
 	}

+	if err := router.Handle("/api/v2/infra_monitoring/statefulsets", handler.New(
+		provider.authzMiddleware.ViewAccess(provider.infraMonitoringHandler.ListStatefulSets),
+		handler.OpenAPIDef{
+			ID:                  "ListStatefulSets",
+			Tags:                []string{"inframonitoring"},
+			Summary:             "List StatefulSets for Infra Monitoring",
+			Description:         "Returns a paginated list of Kubernetes StatefulSets with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the statefulset, plus average CPU/memory request and limit utilization (statefulSetCPURequest, statefulSetCPULimit, statefulSetMemoryRequest, statefulSetMemoryLimit). Each row also reports the latest known desiredPods (k8s.statefulset.desired_pods) and currentPods (k8s.statefulset.current_pods) replica counts and per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value). Each statefulset includes metadata attributes (k8s.statefulset.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.statefulset.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by statefulsets in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_pods / current_pods, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (statefulSetCPU, statefulSetCPURequest, statefulSetCPULimit, statefulSetMemory, statefulSetMemoryRequest, statefulSetMemoryLimit, desiredPods, currentPods) return -1 as a sentinel when no data is available for that field.",
+			Request:             new(inframonitoringtypes.PostableStatefulSets),
+			RequestContentType:  "application/json",
+			Response:            new(inframonitoringtypes.StatefulSets),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+		})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/infra_monitoring/jobs", handler.New(
+		provider.authzMiddleware.ViewAccess(provider.infraMonitoringHandler.ListJobs),
+		handler.OpenAPIDef{
+			ID:                  "ListJobs",
+			Tags:                []string{"inframonitoring"},
+			Summary:             "List Jobs for Infra Monitoring",
+			Description:         "Returns a paginated list of Kubernetes Jobs with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the job, plus average CPU/memory request and limit utilization (jobCPURequest, jobCPULimit, jobMemoryRequest, jobMemoryLimit). Each row also reports the latest known job-level counters from kube-state-metrics: desiredSuccessfulPods (k8s.job.desired_successful_pods, the target completion count), activePods (k8s.job.active_pods), failedPods (k8s.job.failed_pods, cumulative across the lifetime of the job), and successfulPods (k8s.job.successful_pods, cumulative). It also reports per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value); note podCountsByPhase.failed (current pod-phase) is distinct from failedPods (cumulative job kube-state-metric). Each job includes metadata attributes (k8s.job.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.job.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by jobs in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_successful_pods / active_pods / failed_pods / successful_pods, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (jobCPU, jobCPURequest, jobCPULimit, jobMemory, jobMemoryRequest, jobMemoryLimit, desiredSuccessfulPods, activePods, failedPods, successfulPods) return -1 as a sentinel when no data is available for that field.",
+			Request:             new(inframonitoringtypes.PostableJobs),
+			RequestContentType:  "application/json",
+			Response:            new(inframonitoringtypes.Jobs),
+			ResponseContentType: "application/json",
+			SuccessStatusCode:   http.StatusOK,
+			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized},
+			Deprecated:          false,
+			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+		})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
 	return nil
 }
--- a/pkg/apiserver/signozapiserver/role.go
+++ b/pkg/apiserver/signozapiserver/role.go
@@ -7,11 +7,14 @@ import (
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )

 func (provider *provider) addRoleRoutes(router *mux.Router) error {
-	if err := router.Handle("/api/v1/roles", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.Create), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles", handler.New(provider.authzMiddleware.Check(provider.authzHandler.Create, authtypes.Relation{Verb: coretypes.VerbCreate}, coretypes.ResourceRole, roleCollectionSelectorCallback, []string{
+		authtypes.SigNozAdminRoleName,
+	}), handler.OpenAPIDef{
 		ID:                  "CreateRole",
 		Tags:                []string{"role"},
 		Summary:             "Create role",
@@ -23,12 +26,14 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbCreate)}),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/roles", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.List), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles", handler.New(provider.authzMiddleware.Check(provider.authzHandler.List, authtypes.Relation{Verb: coretypes.VerbList}, coretypes.ResourceRole, roleCollectionSelectorCallback, []string{
+		authtypes.SigNozAdminRoleName,
+	}), handler.OpenAPIDef{
 		ID:                  "ListRoles",
 		Tags:                []string{"role"},
 		Summary:             "List roles",
@@ -40,12 +45,14 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbList)}),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.Get), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.Check(provider.authzHandler.Get, authtypes.Relation{Verb: coretypes.VerbRead}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
+		authtypes.SigNozAdminRoleName,
+	}), handler.OpenAPIDef{
 		ID:                  "GetRole",
 		Tags:                []string{"role"},
 		Summary:             "Get role",
@@ -57,12 +64,14 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbRead)}),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/roles/{id}/relations/{relation}/objects", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.GetObjects), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}/relations/{relation}/objects", handler.New(provider.authzMiddleware.Check(provider.authzHandler.GetObjects, authtypes.Relation{Verb: coretypes.VerbRead}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
+		authtypes.SigNozAdminRoleName,
+	}), handler.OpenAPIDef{
 		ID:                  "GetObjects",
 		Tags:                []string{"role"},
 		Summary:             "Get objects for a role by relation",
@@ -74,12 +83,14 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbRead)}),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.Patch), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.Check(provider.authzHandler.Patch, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
+		authtypes.SigNozAdminRoleName,
+	}), handler.OpenAPIDef{
 		ID:                  "PatchRole",
 		Tags:                []string{"role"},
 		Summary:             "Patch role",
@@ -91,12 +102,14 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbUpdate)}),
 	})).Methods(http.MethodPatch).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/roles/{id}/relations/{relation}/objects", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.PatchObjects), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}/relations/{relation}/objects", handler.New(provider.authzMiddleware.Check(provider.authzHandler.PatchObjects, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
+		authtypes.SigNozAdminRoleName,
+	}), handler.OpenAPIDef{
 		ID:                  "PatchObjects",
 		Tags:                []string{"role"},
 		Summary:             "Patch objects for a role by relation",
@@ -108,12 +121,14 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbUpdate)}),
 	})).Methods(http.MethodPatch).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.Delete), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.Check(provider.authzHandler.Delete, authtypes.Relation{Verb: coretypes.VerbDelete}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
+		authtypes.SigNozAdminRoleName,
+	}), handler.OpenAPIDef{
 		ID:                  "DeleteRole",
 		Tags:                []string{"role"},
 		Summary:             "Delete role",
@@ -125,10 +140,33 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbDelete)}),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}

 	return nil
 }
+
+func roleCollectionSelectorCallback(_ *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
+	return []coretypes.Selector{
+		coretypes.TypeRole.MustSelector(coretypes.WildCardSelectorString),
+	}, nil
+}
+
+func (provider *provider) roleInstanceSelectorCallback(req *http.Request, claims authtypes.Claims) ([]coretypes.Selector, error) {
+	roleID, err := valuer.NewUUID(mux.Vars(req)["id"])
+	if err != nil {
+		return nil, err
+	}
+
+	role, err := provider.authzService.Get(req.Context(), valuer.MustNewUUID(claims.OrgID), roleID)
+	if err != nil {
+		return nil, err
+	}
+
+	return []coretypes.Selector{
+		coretypes.TypeRole.MustSelector(role.Name),
+		coretypes.TypeRole.MustSelector(coretypes.WildCardSelectorString),
+	}, nil
+}
--- a/pkg/apiserver/signozapiserver/serviceaccount.go
+++ b/pkg/apiserver/signozapiserver/serviceaccount.go
@@ -17,7 +17,7 @@ import (
 )

 func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
-	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.Create, authtypes.Relation{Verb: coretypes.VerbCreate}, coretypes.ResourceMetaResourcesServiceAccount, serviceAccountCollectionSelectorCallback, []string{
+	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.Create, authtypes.Relation{Verb: coretypes.VerbCreate}, coretypes.ResourceServiceAccount, serviceAccountCollectionSelectorCallback, []string{
 		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "CreateServiceAccount",
@@ -31,12 +31,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourcesServiceAccount.Scope(coretypes.VerbCreate)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbCreate)}),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.List, authtypes.Relation{Verb: coretypes.VerbList}, coretypes.ResourceMetaResourcesServiceAccount, serviceAccountCollectionSelectorCallback, []string{
+	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.List, authtypes.Relation{Verb: coretypes.VerbList}, coretypes.ResourceServiceAccount, serviceAccountCollectionSelectorCallback, []string{
 		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "ListServiceAccounts",
@@ -50,7 +50,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourcesServiceAccount.Scope(coretypes.VerbList)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbList)}),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -135,10 +135,10 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 	}

 	if err := router.Handle("/api/v1/service_accounts/{id}/roles/{rid}", handler.New(provider.authzMiddleware.CheckAll(provider.serviceAccountHandler.DeleteRole, []middleware.AuthZCheckGroup{
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbAttach}, Resource: coretypes.ResourceServiceAccount, SelectorCallback: serviceAccountInstanceSelectorCallback, Roles: []string{
+		{{Relation: authtypes.Relation{Verb: coretypes.VerbDetach}, Resource: coretypes.ResourceServiceAccount, SelectorCallback: serviceAccountInstanceSelectorCallback, Roles: []string{
 			authtypes.SigNozAdminRoleName,
 		}}},
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbAttach}, Resource: coretypes.ResourceRole, SelectorCallback: provider.roleAttachSelectorFromPath, Roles: []string{
+		{{Relation: authtypes.Relation{Verb: coretypes.VerbDetach}, Resource: coretypes.ResourceRole, SelectorCallback: provider.roleDetachSelectorFromPath, Roles: []string{
 			authtypes.SigNozAdminRoleName,
 		}}},
 	}), handler.OpenAPIDef{
@@ -153,7 +153,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbAttach), coretypes.ResourceRole.Scope(coretypes.VerbAttach)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbDetach), coretypes.ResourceRole.Scope(coretypes.VerbDetach)}),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -213,8 +213,13 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		return err
 	}

-	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.CreateFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, []string{
-		authtypes.SigNozAdminRoleName,
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authzMiddleware.CheckAll(provider.serviceAccountHandler.CreateFactorAPIKey, []middleware.AuthZCheckGroup{
+		{{Relation: authtypes.Relation{Verb: coretypes.VerbCreate}, Resource: coretypes.ResourceMetaResourceFactorAPIKey, SelectorCallback: factorAPIKeyCollectionSelectorCallback, Roles: []string{
+			authtypes.SigNozAdminRoleName,
+		}}},
+		{{Relation: authtypes.Relation{Verb: coretypes.VerbAttach}, Resource: coretypes.ResourceServiceAccount, SelectorCallback: serviceAccountInstanceSelectorCallback, Roles: []string{
+			authtypes.SigNozAdminRoleName,
+		}}},
 	}), handler.OpenAPIDef{
 		ID:                  "CreateServiceAccountKey",
 		Tags:                []string{"serviceaccount"},
@@ -227,12 +232,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourceFactorAPIKey.Scope(coretypes.VerbCreate), coretypes.ResourceServiceAccount.Scope(coretypes.VerbAttach)}),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.ListFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbRead}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, []string{
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.ListFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbList}, coretypes.ResourceMetaResourceFactorAPIKey, factorAPIKeyCollectionSelectorCallback, []string{
 		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "ListServiceAccountKeys",
@@ -246,12 +251,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbRead)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourceFactorAPIKey.Scope(coretypes.VerbList)}),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.UpdateFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, []string{
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.UpdateFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceMetaResourceFactorAPIKey, factorAPIKeyInstanceSelectorCallback, []string{
 		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "UpdateServiceAccountKey",
@@ -265,13 +270,18 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourceFactorAPIKey.Scope(coretypes.VerbUpdate)}),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}

-	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.RevokeFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, []string{
-		authtypes.SigNozAdminRoleName,
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authzMiddleware.CheckAll(provider.serviceAccountHandler.RevokeFactorAPIKey, []middleware.AuthZCheckGroup{
+		{{Relation: authtypes.Relation{Verb: coretypes.VerbDelete}, Resource: coretypes.ResourceMetaResourceFactorAPIKey, SelectorCallback: factorAPIKeyInstanceSelectorCallback, Roles: []string{
+			authtypes.SigNozAdminRoleName,
+		}}},
+		{{Relation: authtypes.Relation{Verb: coretypes.VerbDetach}, Resource: coretypes.ResourceServiceAccount, SelectorCallback: serviceAccountInstanceSelectorCallback, Roles: []string{
+			authtypes.SigNozAdminRoleName,
+		}}},
 	}), handler.OpenAPIDef{
 		ID:                  "RevokeServiceAccountKey",
 		Tags:                []string{"serviceaccount"},
@@ -284,7 +294,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourceFactorAPIKey.Scope(coretypes.VerbDelete), coretypes.ResourceServiceAccount.Scope(coretypes.VerbDetach)}),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -292,7 +302,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 	return nil
 }

-func (provider *provider) roleAttachSelectorFromPath(req *http.Request, claims authtypes.Claims) ([]coretypes.Selector, error) {
+func (provider *provider) roleDetachSelectorFromPath(req *http.Request, claims authtypes.Claims) ([]coretypes.Selector, error) {
 	roleID, err := valuer.NewUUID(mux.Vars(req)["rid"])
 	if err != nil {
 		return nil, err
@@ -333,9 +343,28 @@ func (provider *provider) roleAttachSelectorFromBody(req *http.Request, claims a
 	}, nil
 }

+func factorAPIKeyCollectionSelectorCallback(_ *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
+	return []coretypes.Selector{
+		coretypes.TypeMetaResource.MustSelector(coretypes.WildCardSelectorString),
+	}, nil
+}
+
+func factorAPIKeyInstanceSelectorCallback(req *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
+	fid := mux.Vars(req)["fid"]
+	fidSelector, err := coretypes.TypeMetaResource.Selector(fid)
+	if err != nil {
+		return nil, err
+	}
+
+	return []coretypes.Selector{
+		fidSelector,
+		coretypes.TypeMetaResource.MustSelector(coretypes.WildCardSelectorString),
+	}, nil
+}
+
 func serviceAccountCollectionSelectorCallback(_ *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
 	return []coretypes.Selector{
-		coretypes.TypeMetaResources.MustSelector(coretypes.WildCardSelectorString),
+		coretypes.TypeServiceAccount.MustSelector(coretypes.WildCardSelectorString),
 	}, nil
 }

--- a/pkg/authz/signozauthzapi/handler.go
+++ b/pkg/authz/signozauthzapi/handler.go
@@ -169,7 +169,7 @@ func (handler *handler) Patch(rw http.ResponseWriter, r *http.Request) {
 		return
 	}

-	render.Success(rw, http.StatusAccepted, nil)
+	render.Success(rw, http.StatusNoContent, nil)
 }

 func (handler *handler) PatchObjects(rw http.ResponseWriter, r *http.Request) {
--- a/pkg/modules/dashboard/dashboard.go
+++ b/pkg/modules/dashboard/dashboard.go
@@ -49,16 +49,6 @@ type Module interface {
 	GetByMetricNames(ctx context.Context, orgID valuer.UUID, metricNames []string) (map[string][]map[string]string, error)

 	statsreporter.StatsCollector
-
-	// ════════════════════════════════════════════════════════════════════════
-	// v2 dashboard methods
-	// ════════════════════════════════════════════════════════════════════════
-
-	CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error)
-
-	GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error)
-
-	UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error)
 }

 type Handler interface {
@@ -81,13 +71,4 @@ type Handler interface {
 	LockUnlock(http.ResponseWriter, *http.Request)

 	Delete(http.ResponseWriter, *http.Request)
-
-	// ════════════════════════════════════════════════════════════════════════
-	// v2 dashboard methods
-	// ════════════════════════════════════════════════════════════════════════
-	CreateV2(http.ResponseWriter, *http.Request)
-
-	GetV2(http.ResponseWriter, *http.Request)
-
-	UpdateV2(http.ResponseWriter, *http.Request)
 }
--- a/pkg/modules/dashboard/impldashboard/module.go
+++ b/pkg/modules/dashboard/impldashboard/module.go
@@ -10,9 +10,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/queryparser"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
@@ -22,24 +20,20 @@ import (

 type module struct {
 	store       dashboardtypes.Store
-	sqlstore    sqlstore.SQLStore
 	settings    factory.ScopedProviderSettings
 	analytics   analytics.Analytics
 	orgGetter   organization.Getter
 	queryParser queryparser.QueryParser
-	tagModule   tag.Module
 }

-func NewModule(store dashboardtypes.Store, sqlstore sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, tagModule tag.Module) dashboard.Module {
+func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser) dashboard.Module {
 	scopedProviderSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard")
 	return &module{
 		store:       store,
-		sqlstore:    sqlstore,
 		settings:    scopedProviderSettings,
 		analytics:   analytics,
 		orgGetter:   orgGetter,
 		queryParser: queryParser,
-		tagModule:   tagModule,
 	}
 }

--- a/pkg/modules/dashboard/impldashboard/store.go
+++ b/pkg/modules/dashboard/impldashboard/store.go
@@ -2,11 +2,9 @@ package impldashboard

 import (
 	"context"
-	"time"

 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
@@ -65,73 +63,6 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 	return storableDashboard, nil
 }

-func (store *store) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.StorableDashboard, *dashboardtypes.StorablePublicDashboard, error) {
-	type joinedRow struct {
-		*dashboardtypes.StorableDashboard `bun:",extend"`
-
-		PublicID               *valuer.UUID `bun:"public_id"`
-		PublicCreatedAt        *time.Time   `bun:"public_created_at"`
-		PublicUpdatedAt        *time.Time   `bun:"public_updated_at"`
-		PublicTimeRangeEnabled *bool        `bun:"public_time_range_enabled"`
-		PublicDefaultTimeRange *string      `bun:"public_default_time_range"`
-	}
-
-	row := &joinedRow{StorableDashboard: new(dashboardtypes.StorableDashboard)}
-	err := store.
-		sqlstore.
-		BunDB().
-		NewSelect().
-		Model(row).
-		ColumnExpr("dashboard.id, dashboard.org_id, dashboard.data, dashboard.locked, dashboard.created_at, dashboard.created_by, dashboard.updated_at, dashboard.updated_by").
-		ColumnExpr("pd.id AS public_id, pd.created_at AS public_created_at, pd.updated_at AS public_updated_at, pd.time_range_enabled AS public_time_range_enabled, pd.default_time_range AS public_default_time_range").
-		Join("LEFT JOIN public_dashboard AS pd ON pd.dashboard_id = dashboard.id").
-		Where("dashboard.id = ?", id).
-		Where("dashboard.org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, nil, store.sqlstore.WrapNotFoundErrf(err, dashboardtypes.ErrCodeDashboardNotFound, "dashboard with id %s doesn't exist", id)
-	}
-
-	if row.PublicID == nil {
-		return row.StorableDashboard, nil, nil
-	}
-	public := &dashboardtypes.StorablePublicDashboard{
-		Identifiable:     types.Identifiable{ID: *row.PublicID},
-		TimeAuditable:    types.TimeAuditable{CreatedAt: *row.PublicCreatedAt, UpdatedAt: *row.PublicUpdatedAt},
-		TimeRangeEnabled: *row.PublicTimeRangeEnabled,
-		DefaultTimeRange: *row.PublicDefaultTimeRange,
-		DashboardID:      row.ID.StringValue(),
-	}
-	return row.StorableDashboard, public, nil
-}
-
-func (store *store) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, data dashboardtypes.StorableDashboardData) error {
-	res, err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewUpdate().
-		Model((*dashboardtypes.StorableDashboard)(nil)).
-		Set("data = ?", data).
-		Set("updated_by = ?", updatedBy).
-		Set("updated_at = ?", time.Now()).
-		Where("id = ?", id).
-		Where("org_id = ?", orgID).
-		Exec(ctx)
-	if err != nil {
-		return err
-	}
-	rows, err := res.RowsAffected()
-	if err != nil {
-		return err
-	}
-	// Defends against the race where a delete lands between the caller's
-	// pre-update GetV2 and this update.
-	if rows == 0 {
-		return errors.Newf(errors.TypeNotFound, dashboardtypes.ErrCodeDashboardNotFound, "dashboard with id %s doesn't exist", id)
-	}
-	return nil
-}
-
 func (store *store) GetPublic(ctx context.Context, dashboardID string) (*dashboardtypes.StorablePublicDashboard, error) {
 	storable := new(dashboardtypes.StorablePublicDashboard)
 	err := store.
--- a/pkg/modules/dashboard/impldashboard/v2_handler.go
+++ b/pkg/modules/dashboard/impldashboard/v2_handler.go
@@ -1,124 +0,0 @@
-package impldashboard
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/gorilla/mux"
-)
-
-func (handler *handler) CreateV2(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	req := dashboardtypes.PostableDashboardV2{}
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	dashboard, err := handler.module.CreateV2(ctx, orgID, claims.Email, valuer.MustNewUUID(claims.IdentityID()), req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusCreated, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
-}
-
-func (handler *handler) GetV2(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id := mux.Vars(r)["id"]
-	if id == "" {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
-		return
-	}
-	dashboardID, err := valuer.NewUUID(id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	dashboard, err := handler.module.GetV2(ctx, orgID, dashboardID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
-}
-
-func (handler *handler) UpdateV2(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	id := mux.Vars(r)["id"]
-	if id == "" {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
-		return
-	}
-	dashboardID, err := valuer.NewUUID(id)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	req := dashboardtypes.UpdateableDashboardV2{}
-	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	dashboard, err := handler.module.UpdateV2(ctx, orgID, dashboardID, claims.Email, req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
-}
--- a/pkg/modules/dashboard/impldashboard/v2_module.go
+++ b/pkg/modules/dashboard/impldashboard/v2_module.go
@@ -1,92 +0,0 @@
-package impldashboard
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-func (module *module) CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error) {
-	if err := postable.Validate(); err != nil {
-		return nil, err
-	}
-
-	dashboard := dashboardtypes.NewDashboardV2(orgID, createdBy, postable, nil)
-	var storableDashboard *dashboardtypes.StorableDashboard
-
-	err := module.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
-		resolvedTags, err := module.tagModule.SyncTags(ctx, orgID, coretypes.KindDashboard, dashboard.ID, postable.Tags)
-		if err != nil {
-			return err
-		}
-		dashboard.Info.Tags = resolvedTags
-
-		storable, err := dashboard.ToStorableDashboard()
-		if err != nil {
-			return err
-		}
-		storableDashboard = storable
-		return module.store.Create(ctx, storable)
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	module.analytics.TrackUser(ctx, orgID.String(), creator.String(), "Dashboard Created", dashboardtypes.NewStatsFromStorableDashboards([]*dashboardtypes.StorableDashboard{storableDashboard}))
-	return dashboard, nil
-}
-
-func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error) {
-	storable, public, err := module.store.GetV2(ctx, orgID, id)
-	if err != nil {
-		return nil, err
-	}
-
-	tags, err := module.tagModule.ListForResource(ctx, orgID, coretypes.KindDashboard, id)
-	if err != nil {
-		return nil, err
-	}
-
-	return dashboardtypes.NewDashboardV2FromStorable(storable, public, tags)
-}
-
-func (module *module) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error) {
-	if err := updateable.Validate(); err != nil {
-		return nil, err
-	}
-
-	existing, err := module.GetV2(ctx, orgID, id)
-	if err != nil {
-		return nil, err
-	}
-	// Locked-dashboard / state gate — independent of tags, so run it before the tx.
-	if err := existing.CanUpdate(); err != nil {
-		return nil, err
-	}
-
-	err = module.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
-		resolvedTags, err := module.tagModule.SyncTags(ctx, orgID, coretypes.KindDashboard, id, updateable.Tags)
-		if err != nil {
-			return err
-		}
-
-		err = existing.Update(updateable, updatedBy, resolvedTags)
-		if err != nil {
-			return err
-		}
-
-		storable, err := existing.ToStorableDashboard()
-		if err != nil {
-			return err
-		}
-
-		return module.store.UpdateV2(ctx, orgID, id, updatedBy, storable.Data)
-	})
-	if err != nil {
-		return nil, err
-	}
-
-	return existing, nil
-}
--- a/pkg/modules/inframonitoring/implinframonitoring/handler.go
+++ b/pkg/modules/inframonitoring/implinframonitoring/handler.go
@@ -189,3 +189,51 @@ func (h *handler) ListDeployments(rw http.ResponseWriter, req *http.Request) {

 	render.Success(rw, http.StatusOK, result)
 }
+
+func (h *handler) ListStatefulSets(rw http.ResponseWriter, req *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(req.Context())
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID := valuer.MustNewUUID(claims.OrgID)
+
+	var parsedReq inframonitoringtypes.PostableStatefulSets
+	if err := binding.JSON.BindBody(req.Body, &parsedReq); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	result, err := h.module.ListStatefulSets(req.Context(), orgID, &parsedReq)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, result)
+}
+
+func (h *handler) ListJobs(rw http.ResponseWriter, req *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(req.Context())
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID := valuer.MustNewUUID(claims.OrgID)
+
+	var parsedReq inframonitoringtypes.PostableJobs
+	if err := binding.JSON.BindBody(req.Body, &parsedReq); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	result, err := h.module.ListJobs(req.Context(), orgID, &parsedReq)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, result)
+}
--- a/pkg/modules/inframonitoring/implinframonitoring/jobs.go
+++ b/pkg/modules/inframonitoring/implinframonitoring/jobs.go
@@ -0,0 +1,156 @@
+package implinframonitoring
+
+import (
+	"context"
+	"slices"
+
+	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+// buildJobRecords assembles the page records. Pod phase counts come from
+// phaseCounts in both modes; every row is a group of pods (one job in
+// list mode, an arbitrary roll-up in grouped_list mode), so there's no
+// per-row "current phase" concept.
+func buildJobRecords(
+	resp *qbtypes.QueryRangeResponse,
+	pageGroups []map[string]string,
+	groupBy []qbtypes.GroupByKey,
+	metadataMap map[string]map[string]string,
+	phaseCounts map[string]podPhaseCounts,
+) []inframonitoringtypes.JobRecord {
+	metricsMap := parseFullQueryResponse(resp, groupBy)
+
+	records := make([]inframonitoringtypes.JobRecord, 0, len(pageGroups))
+	for _, labels := range pageGroups {
+		compositeKey := compositeKeyFromLabels(labels, groupBy)
+		jobName := labels[jobNameAttrKey]
+
+		record := inframonitoringtypes.JobRecord{ // initialize with default values
+			JobName:               jobName,
+			JobCPU:                -1,
+			JobCPURequest:         -1,
+			JobCPULimit:           -1,
+			JobMemory:             -1,
+			JobMemoryRequest:      -1,
+			JobMemoryLimit:        -1,
+			DesiredSuccessfulPods: -1,
+			ActivePods:            -1,
+			FailedPods:            -1,
+			SuccessfulPods:        -1,
+			Meta:                  map[string]string{},
+		}
+
+		if metrics, ok := metricsMap[compositeKey]; ok {
+			if v, exists := metrics["A"]; exists {
+				record.JobCPU = v
+			}
+			if v, exists := metrics["B"]; exists {
+				record.JobCPURequest = v
+			}
+			if v, exists := metrics["C"]; exists {
+				record.JobCPULimit = v
+			}
+			if v, exists := metrics["D"]; exists {
+				record.JobMemory = v
+			}
+			if v, exists := metrics["E"]; exists {
+				record.JobMemoryRequest = v
+			}
+			if v, exists := metrics["F"]; exists {
+				record.JobMemoryLimit = v
+			}
+			if v, exists := metrics["H"]; exists {
+				record.DesiredSuccessfulPods = int(v)
+			}
+			if v, exists := metrics["I"]; exists {
+				record.ActivePods = int(v)
+			}
+			if v, exists := metrics["J"]; exists {
+				record.FailedPods = int(v)
+			}
+			if v, exists := metrics["K"]; exists {
+				record.SuccessfulPods = int(v)
+			}
+		}
+
+		if phaseCountsForGroup, ok := phaseCounts[compositeKey]; ok {
+			record.PodCountsByPhase = inframonitoringtypes.PodCountsByPhase{
+				Pending:   phaseCountsForGroup.Pending,
+				Running:   phaseCountsForGroup.Running,
+				Succeeded: phaseCountsForGroup.Succeeded,
+				Failed:    phaseCountsForGroup.Failed,
+				Unknown:   phaseCountsForGroup.Unknown,
+			}
+		}
+
+		if attrs, ok := metadataMap[compositeKey]; ok {
+			for k, v := range attrs {
+				record.Meta[k] = v
+			}
+		}
+
+		records = append(records, record)
+	}
+	return records
+}
+
+func (m *module) getTopJobGroups(
+	ctx context.Context,
+	orgID valuer.UUID,
+	req *inframonitoringtypes.PostableJobs,
+	metadataMap map[string]map[string]string,
+) ([]map[string]string, error) {
+	orderByKey := req.OrderBy.Key.Name
+	queryNamesForOrderBy := orderByToJobsQueryNames[orderByKey]
+	rankingQueryName := queryNamesForOrderBy[len(queryNamesForOrderBy)-1]
+
+	topReq := &qbtypes.QueryRangeRequest{
+		Start:       uint64(req.Start),
+		End:         uint64(req.End),
+		RequestType: qbtypes.RequestTypeScalar,
+		CompositeQuery: qbtypes.CompositeQuery{
+			Queries: make([]qbtypes.QueryEnvelope, 0, len(queryNamesForOrderBy)),
+		},
+	}
+
+	for _, envelope := range m.newJobsTableListQuery().CompositeQuery.Queries {
+		if !slices.Contains(queryNamesForOrderBy, envelope.GetQueryName()) {
+			continue
+		}
+		copied := envelope
+		if copied.Type == qbtypes.QueryTypeBuilder {
+			existingExpr := ""
+			if f := copied.GetFilter(); f != nil {
+				existingExpr = f.Expression
+			}
+			reqFilterExpr := ""
+			if req.Filter != nil {
+				reqFilterExpr = req.Filter.Expression
+			}
+			merged := mergeFilterExpressions(existingExpr, reqFilterExpr)
+			copied.SetFilter(&qbtypes.Filter{Expression: merged})
+			copied.SetGroupBy(req.GroupBy)
+		}
+		topReq.CompositeQuery.Queries = append(topReq.CompositeQuery.Queries, copied)
+	}
+
+	resp, err := m.querier.QueryRange(ctx, orgID, topReq)
+	if err != nil {
+		return nil, err
+	}
+
+	allMetricGroups := parseAndSortGroups(resp, rankingQueryName, req.GroupBy, req.OrderBy.Direction)
+	return paginateWithBackfill(allMetricGroups, metadataMap, req.GroupBy, req.Offset, req.Limit), nil
+}
+
+func (m *module) getJobsTableMetadata(ctx context.Context, req *inframonitoringtypes.PostableJobs) (map[string]map[string]string, error) {
+	var nonGroupByAttrs []string
+	for _, key := range jobAttrKeysForMetadata {
+		if !isKeyInGroupByAttrs(req.GroupBy, key) {
+			nonGroupByAttrs = append(nonGroupByAttrs, key)
+		}
+	}
+	return m.getMetadata(ctx, jobsTableMetricNamesList, req.GroupBy, nonGroupByAttrs, req.Filter, req.Start, req.End)
+}
--- a/pkg/modules/inframonitoring/implinframonitoring/jobs_constants.go
+++ b/pkg/modules/inframonitoring/implinframonitoring/jobs_constants.go
@@ -0,0 +1,278 @@
+package implinframonitoring
+
+import (
+	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
+	"github.com/SigNoz/signoz/pkg/types/metrictypes"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+)
+
+const (
+	jobNameAttrKey     = "k8s.job.name"
+	jobsBaseFilterExpr = "k8s.job.name != ''"
+)
+
+var jobNameGroupByKey = qbtypes.GroupByKey{
+	TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+		Name:          jobNameAttrKey,
+		FieldContext:  telemetrytypes.FieldContextResource,
+		FieldDataType: telemetrytypes.FieldDataTypeString,
+	},
+}
+
+// jobsTableMetricNamesList drives the existence/retention check.
+// Includes k8s.pod.phase even though phase isn't part of the QB composite query —
+// it is queried separately via getPerGroupPodPhaseCounts, and we want the
+// response to short-circuit cleanly when the phase metric is absent.
+var jobsTableMetricNamesList = []string{
+	"k8s.pod.phase",
+	"k8s.pod.cpu.usage",
+	"k8s.pod.cpu_request_utilization",
+	"k8s.pod.cpu_limit_utilization",
+	"k8s.pod.memory.working_set",
+	"k8s.pod.memory_request_utilization",
+	"k8s.pod.memory_limit_utilization",
+	"k8s.job.active_pods",
+	"k8s.job.failed_pods",
+	"k8s.job.successful_pods",
+	"k8s.job.desired_successful_pods",
+}
+
+// Carried forward from v1 jobAttrsToEnrich
+// (pkg/query-service/app/inframetrics/jobs.go:31-35).
+var jobAttrKeysForMetadata = []string{
+	"k8s.job.name",
+	"k8s.namespace.name",
+	"k8s.cluster.name",
+}
+
+// orderByToJobsQueryNames maps the orderBy column to the query name
+// used for ranking job groups. v2 B/C/E/F are direct metrics, no
+// formula deps — so unlike v1 we don't carry A/D.
+var orderByToJobsQueryNames = map[string][]string{
+	inframonitoringtypes.JobsOrderByCPU:                   {"A"},
+	inframonitoringtypes.JobsOrderByCPURequest:            {"B"},
+	inframonitoringtypes.JobsOrderByCPULimit:              {"C"},
+	inframonitoringtypes.JobsOrderByMemory:                {"D"},
+	inframonitoringtypes.JobsOrderByMemoryRequest:         {"E"},
+	inframonitoringtypes.JobsOrderByMemoryLimit:           {"F"},
+	inframonitoringtypes.JobsOrderByDesiredSuccessfulPods: {"H"},
+	inframonitoringtypes.JobsOrderByActivePods:            {"I"},
+	inframonitoringtypes.JobsOrderByFailedPods:            {"J"},
+	inframonitoringtypes.JobsOrderBySuccessfulPods:        {"K"},
+}
+
+// newJobsTableListQuery builds the composite QB v5 request for the jobs list.
+// Ten builder queries: A..F roll up pod-level metrics by job, H/I/J/K take the
+// latest job-level desired/active/failed/successful counts. Restarts (v1 query G)
+// is intentionally omitted to match the v2 pods/deployments pattern.
+//
+// Every builder query carries the base filter `jobsBaseFilterExpr`. Reason:
+// pod-level metrics (A..F) are emitted for every pod regardless of whether the
+// pod belongs to a Job; only Job-owned pods carry the `k8s.job.name` resource
+// attribute. Without this filter, standalone pods and pods owned by other
+// workloads (Deployment/StatefulSet/DaemonSet/...) collapse into a single
+// empty-string group under the default groupBy.
+func (m *module) newJobsTableListQuery() *qbtypes.QueryRangeRequest {
+	queries := []qbtypes.QueryEnvelope{
+		// Query A: k8s.pod.cpu.usage — sum of pod CPU within the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "A",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.cpu.usage",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query B: k8s.pod.cpu_request_utilization — avg across pods in the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "B",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.cpu_request_utilization",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationAvg,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query C: k8s.pod.cpu_limit_utilization — avg across pods in the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "C",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.cpu_limit_utilization",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationAvg,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query D: k8s.pod.memory.working_set — sum of pod memory within the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "D",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.memory.working_set",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query E: k8s.pod.memory_request_utilization — avg across pods in the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "E",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.memory_request_utilization",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationAvg,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query F: k8s.pod.memory_limit_utilization — avg across pods in the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "F",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.memory_limit_utilization",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationAvg,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query H: k8s.job.desired_successful_pods — latest known desired completion count per group.
+		// v1 used TimeAggregationAnyLast (v3) → mapped to TimeAggregationLatest in v5;
+		// SpaceAggregationSum + ReduceToLast preserve v1's "latest, summed across the group".
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "H",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.job.desired_successful_pods",
+						TimeAggregation:  metrictypes.TimeAggregationLatest,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToLast,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query I: k8s.job.active_pods — latest known active pod count per group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "I",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.job.active_pods",
+						TimeAggregation:  metrictypes.TimeAggregationLatest,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToLast,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query J: k8s.job.failed_pods — cumulative failed pod count per group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "J",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.job.failed_pods",
+						TimeAggregation:  metrictypes.TimeAggregationLatest,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToLast,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query K: k8s.job.successful_pods — cumulative successful pod count per group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "K",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.job.successful_pods",
+						TimeAggregation:  metrictypes.TimeAggregationLatest,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToLast,
+					},
+				},
+				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
+				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
+				Disabled: false,
+			},
+		},
+	}
+
+	return &qbtypes.QueryRangeRequest{
+		RequestType: qbtypes.RequestTypeScalar,
+		CompositeQuery: qbtypes.CompositeQuery{
+			Queries: queries,
+		},
+	}
+}
--- a/pkg/modules/inframonitoring/implinframonitoring/module.go
+++ b/pkg/modules/inframonitoring/implinframonitoring/module.go
@@ -706,3 +706,197 @@ func (m *module) ListDeployments(ctx context.Context, orgID valuer.UUID, req *in

 	return resp, nil
 }
+
+func (m *module) ListStatefulSets(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableStatefulSets) (*inframonitoringtypes.StatefulSets, error) {
+	if err := req.Validate(); err != nil {
+		return nil, err
+	}
+
+	resp := &inframonitoringtypes.StatefulSets{}
+
+	if req.OrderBy == nil {
+		req.OrderBy = &qbtypes.OrderBy{
+			Key: qbtypes.OrderByKey{
+				TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+					Name: inframonitoringtypes.StatefulSetsOrderByCPU,
+				},
+			},
+			Direction: qbtypes.OrderDirectionDesc,
+		}
+	}
+
+	if len(req.GroupBy) == 0 {
+		req.GroupBy = []qbtypes.GroupByKey{statefulSetNameGroupByKey}
+		resp.Type = inframonitoringtypes.ResponseTypeList
+	} else {
+		resp.Type = inframonitoringtypes.ResponseTypeGroupedList
+	}
+
+	// Bake the workload base filter into req.Filter so all downstream helpers pick it up.
+	if req.Filter == nil {
+		req.Filter = &qbtypes.Filter{}
+	}
+	req.Filter.Expression = mergeFilterExpressions(statefulSetsBaseFilterExpr, req.Filter.Expression)
+
+	missingMetrics, minFirstReportedUnixMilli, err := m.getMetricsExistenceAndEarliestTime(ctx, statefulSetsTableMetricNamesList)
+	if err != nil {
+		return nil, err
+	}
+	if len(missingMetrics) > 0 {
+		resp.RequiredMetricsCheck = inframonitoringtypes.RequiredMetricsCheck{MissingMetrics: missingMetrics}
+		resp.Records = []inframonitoringtypes.StatefulSetRecord{}
+		resp.Total = 0
+		return resp, nil
+	}
+	if req.End < int64(minFirstReportedUnixMilli) {
+		resp.EndTimeBeforeRetention = true
+		resp.Records = []inframonitoringtypes.StatefulSetRecord{}
+		resp.Total = 0
+		return resp, nil
+	}
+	resp.RequiredMetricsCheck = inframonitoringtypes.RequiredMetricsCheck{MissingMetrics: []string{}}
+
+	metadataMap, err := m.getStatefulSetsTableMetadata(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+
+	resp.Total = len(metadataMap)
+
+	pageGroups, err := m.getTopStatefulSetGroups(ctx, orgID, req, metadataMap)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(pageGroups) == 0 {
+		resp.Records = []inframonitoringtypes.StatefulSetRecord{}
+		return resp, nil
+	}
+
+	filterExpr := ""
+	if req.Filter != nil {
+		filterExpr = req.Filter.Expression
+	}
+
+	fullQueryReq := buildFullQueryRequest(req.Start, req.End, filterExpr, req.GroupBy, pageGroups, m.newStatefulSetsTableListQuery())
+	queryResp, err := m.querier.QueryRange(ctx, orgID, fullQueryReq)
+	if err != nil {
+		return nil, err
+	}
+
+	// Reuse the pods phase-counts CTE function via a temp struct — it reads only
+	// Start/End/Filter/GroupBy from PostablePods. Pods owned by a StatefulSet carry
+	// k8s.statefulset.name as a resource attribute, so default-groupBy gives
+	// per-statefulset phase counts automatically.
+	phaseCounts, err := m.getPerGroupPodPhaseCounts(ctx, &inframonitoringtypes.PostablePods{
+		Start:   req.Start,
+		End:     req.End,
+		Filter:  req.Filter,
+		GroupBy: req.GroupBy,
+	}, pageGroups)
+	if err != nil {
+		return nil, err
+	}
+
+	resp.Records = buildStatefulSetRecords(queryResp, pageGroups, req.GroupBy, metadataMap, phaseCounts)
+	resp.Warning = queryResp.Warning
+
+	return resp, nil
+}
+
+func (m *module) ListJobs(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableJobs) (*inframonitoringtypes.Jobs, error) {
+	if err := req.Validate(); err != nil {
+		return nil, err
+	}
+
+	resp := &inframonitoringtypes.Jobs{}
+
+	if req.OrderBy == nil {
+		req.OrderBy = &qbtypes.OrderBy{
+			Key: qbtypes.OrderByKey{
+				TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+					Name: inframonitoringtypes.JobsOrderByCPU,
+				},
+			},
+			Direction: qbtypes.OrderDirectionDesc,
+		}
+	}
+
+	if len(req.GroupBy) == 0 {
+		req.GroupBy = []qbtypes.GroupByKey{jobNameGroupByKey}
+		resp.Type = inframonitoringtypes.ResponseTypeList
+	} else {
+		resp.Type = inframonitoringtypes.ResponseTypeGroupedList
+	}
+
+	// Bake the jobs base filter into req.Filter so all downstream helpers pick it up.
+	if req.Filter == nil {
+		req.Filter = &qbtypes.Filter{}
+	}
+	req.Filter.Expression = mergeFilterExpressions(jobsBaseFilterExpr, req.Filter.Expression)
+
+	missingMetrics, minFirstReportedUnixMilli, err := m.getMetricsExistenceAndEarliestTime(ctx, jobsTableMetricNamesList)
+	if err != nil {
+		return nil, err
+	}
+	if len(missingMetrics) > 0 {
+		resp.RequiredMetricsCheck = inframonitoringtypes.RequiredMetricsCheck{MissingMetrics: missingMetrics}
+		resp.Records = []inframonitoringtypes.JobRecord{}
+		resp.Total = 0
+		return resp, nil
+	}
+	if req.End < int64(minFirstReportedUnixMilli) {
+		resp.EndTimeBeforeRetention = true
+		resp.Records = []inframonitoringtypes.JobRecord{}
+		resp.Total = 0
+		return resp, nil
+	}
+	resp.RequiredMetricsCheck = inframonitoringtypes.RequiredMetricsCheck{MissingMetrics: []string{}}
+
+	metadataMap, err := m.getJobsTableMetadata(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+
+	resp.Total = len(metadataMap)
+
+	pageGroups, err := m.getTopJobGroups(ctx, orgID, req, metadataMap)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(pageGroups) == 0 {
+		resp.Records = []inframonitoringtypes.JobRecord{}
+		return resp, nil
+	}
+
+	filterExpr := ""
+	if req.Filter != nil {
+		filterExpr = req.Filter.Expression
+	}
+
+	fullQueryReq := buildFullQueryRequest(req.Start, req.End, filterExpr, req.GroupBy, pageGroups, m.newJobsTableListQuery())
+	queryResp, err := m.querier.QueryRange(ctx, orgID, fullQueryReq)
+	if err != nil {
+		return nil, err
+	}
+
+	// Reuse the pods phase-counts CTE function via a temp struct — it reads only
+	// Start/End/Filter/GroupBy from PostablePods. Pods owned by a Job carry
+	// k8s.job.name as a resource attribute, so default-groupBy gives
+	// per-job phase counts automatically.
+	phaseCounts, err := m.getPerGroupPodPhaseCounts(ctx, &inframonitoringtypes.PostablePods{
+		Start:   req.Start,
+		End:     req.End,
+		Filter:  req.Filter,
+		GroupBy: req.GroupBy,
+	}, pageGroups)
+	if err != nil {
+		return nil, err
+	}
+
+	resp.Records = buildJobRecords(queryResp, pageGroups, req.GroupBy, metadataMap, phaseCounts)
+	resp.Warning = queryResp.Warning
+
+	return resp, nil
+}
--- a/pkg/modules/inframonitoring/implinframonitoring/statefulsets.go
+++ b/pkg/modules/inframonitoring/implinframonitoring/statefulsets.go
@@ -0,0 +1,148 @@
+package implinframonitoring
+
+import (
+	"context"
+	"slices"
+
+	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+// buildStatefulSetRecords assembles the page records. Pod phase counts come from
+// phaseCounts in both modes; every row is a group of pods (one statefulset in
+// list mode, an arbitrary roll-up in grouped_list mode), so there's no
+// per-row "current phase" concept.
+func buildStatefulSetRecords(
+	resp *qbtypes.QueryRangeResponse,
+	pageGroups []map[string]string,
+	groupBy []qbtypes.GroupByKey,
+	metadataMap map[string]map[string]string,
+	phaseCounts map[string]podPhaseCounts,
+) []inframonitoringtypes.StatefulSetRecord {
+	metricsMap := parseFullQueryResponse(resp, groupBy)
+
+	records := make([]inframonitoringtypes.StatefulSetRecord, 0, len(pageGroups))
+	for _, labels := range pageGroups {
+		compositeKey := compositeKeyFromLabels(labels, groupBy)
+		statefulSetName := labels[statefulSetNameAttrKey]
+
+		record := inframonitoringtypes.StatefulSetRecord{ // initialize with default values
+			StatefulSetName:          statefulSetName,
+			StatefulSetCPU:           -1,
+			StatefulSetCPURequest:    -1,
+			StatefulSetCPULimit:      -1,
+			StatefulSetMemory:        -1,
+			StatefulSetMemoryRequest: -1,
+			StatefulSetMemoryLimit:   -1,
+			DesiredPods:              -1,
+			CurrentPods:              -1,
+			Meta:                     map[string]string{},
+		}
+
+		if metrics, ok := metricsMap[compositeKey]; ok {
+			if v, exists := metrics["A"]; exists {
+				record.StatefulSetCPU = v
+			}
+			if v, exists := metrics["B"]; exists {
+				record.StatefulSetCPURequest = v
+			}
+			if v, exists := metrics["C"]; exists {
+				record.StatefulSetCPULimit = v
+			}
+			if v, exists := metrics["D"]; exists {
+				record.StatefulSetMemory = v
+			}
+			if v, exists := metrics["E"]; exists {
+				record.StatefulSetMemoryRequest = v
+			}
+			if v, exists := metrics["F"]; exists {
+				record.StatefulSetMemoryLimit = v
+			}
+			if v, exists := metrics["H"]; exists {
+				record.DesiredPods = int(v)
+			}
+			if v, exists := metrics["I"]; exists {
+				record.CurrentPods = int(v)
+			}
+		}
+
+		if phaseCountsForGroup, ok := phaseCounts[compositeKey]; ok {
+			record.PodCountsByPhase = inframonitoringtypes.PodCountsByPhase{
+				Pending:   phaseCountsForGroup.Pending,
+				Running:   phaseCountsForGroup.Running,
+				Succeeded: phaseCountsForGroup.Succeeded,
+				Failed:    phaseCountsForGroup.Failed,
+				Unknown:   phaseCountsForGroup.Unknown,
+			}
+		}
+
+		if attrs, ok := metadataMap[compositeKey]; ok {
+			for k, v := range attrs {
+				record.Meta[k] = v
+			}
+		}
+
+		records = append(records, record)
+	}
+	return records
+}
+
+func (m *module) getTopStatefulSetGroups(
+	ctx context.Context,
+	orgID valuer.UUID,
+	req *inframonitoringtypes.PostableStatefulSets,
+	metadataMap map[string]map[string]string,
+) ([]map[string]string, error) {
+	orderByKey := req.OrderBy.Key.Name
+	queryNamesForOrderBy := orderByToStatefulSetsQueryNames[orderByKey]
+	rankingQueryName := queryNamesForOrderBy[len(queryNamesForOrderBy)-1]
+
+	topReq := &qbtypes.QueryRangeRequest{
+		Start:       uint64(req.Start),
+		End:         uint64(req.End),
+		RequestType: qbtypes.RequestTypeScalar,
+		CompositeQuery: qbtypes.CompositeQuery{
+			Queries: make([]qbtypes.QueryEnvelope, 0, len(queryNamesForOrderBy)),
+		},
+	}
+
+	for _, envelope := range m.newStatefulSetsTableListQuery().CompositeQuery.Queries {
+		if !slices.Contains(queryNamesForOrderBy, envelope.GetQueryName()) {
+			continue
+		}
+		copied := envelope
+		if copied.Type == qbtypes.QueryTypeBuilder {
+			existingExpr := ""
+			if f := copied.GetFilter(); f != nil {
+				existingExpr = f.Expression
+			}
+			reqFilterExpr := ""
+			if req.Filter != nil {
+				reqFilterExpr = req.Filter.Expression
+			}
+			merged := mergeFilterExpressions(existingExpr, reqFilterExpr)
+			copied.SetFilter(&qbtypes.Filter{Expression: merged})
+			copied.SetGroupBy(req.GroupBy)
+		}
+		topReq.CompositeQuery.Queries = append(topReq.CompositeQuery.Queries, copied)
+	}
+
+	resp, err := m.querier.QueryRange(ctx, orgID, topReq)
+	if err != nil {
+		return nil, err
+	}
+
+	allMetricGroups := parseAndSortGroups(resp, rankingQueryName, req.GroupBy, req.OrderBy.Direction)
+	return paginateWithBackfill(allMetricGroups, metadataMap, req.GroupBy, req.Offset, req.Limit), nil
+}
+
+func (m *module) getStatefulSetsTableMetadata(ctx context.Context, req *inframonitoringtypes.PostableStatefulSets) (map[string]map[string]string, error) {
+	var nonGroupByAttrs []string
+	for _, key := range statefulSetAttrKeysForMetadata {
+		if !isKeyInGroupByAttrs(req.GroupBy, key) {
+			nonGroupByAttrs = append(nonGroupByAttrs, key)
+		}
+	}
+	return m.getMetadata(ctx, statefulSetsTableMetricNamesList, req.GroupBy, nonGroupByAttrs, req.Filter, req.Start, req.End)
+}
--- a/pkg/modules/inframonitoring/implinframonitoring/statefulsets_constants.go
+++ b/pkg/modules/inframonitoring/implinframonitoring/statefulsets_constants.go
@@ -0,0 +1,254 @@
+package implinframonitoring
+
+import (
+	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
+	"github.com/SigNoz/signoz/pkg/types/metrictypes"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+)
+
+const (
+	statefulSetNameAttrKey     = "k8s.statefulset.name"
+	statefulSetsBaseFilterExpr = "k8s.statefulset.name != ''"
+)
+
+var statefulSetNameGroupByKey = qbtypes.GroupByKey{
+	TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+		Name:          statefulSetNameAttrKey,
+		FieldContext:  telemetrytypes.FieldContextResource,
+		FieldDataType: telemetrytypes.FieldDataTypeString,
+	},
+}
+
+// statefulSetsTableMetricNamesList drives the existence/retention check.
+// Includes k8s.pod.phase even though phase isn't part of the QB composite query —
+// it is queried separately via getPerGroupPodPhaseCounts, and we want the
+// response to short-circuit cleanly when the phase metric is absent.
+var statefulSetsTableMetricNamesList = []string{
+	"k8s.pod.phase",
+	"k8s.pod.cpu.usage",
+	"k8s.pod.cpu_request_utilization",
+	"k8s.pod.cpu_limit_utilization",
+	"k8s.pod.memory.working_set",
+	"k8s.pod.memory_request_utilization",
+	"k8s.pod.memory_limit_utilization",
+	"k8s.statefulset.desired_pods",
+	"k8s.statefulset.current_pods",
+}
+
+// Carried forward from v1 statefulSetAttrsToEnrich
+// (pkg/query-service/app/inframetrics/statefulsets.go:29-33).
+var statefulSetAttrKeysForMetadata = []string{
+	"k8s.statefulset.name",
+	"k8s.namespace.name",
+	"k8s.cluster.name",
+}
+
+// orderByToStatefulSetsQueryNames maps the orderBy column to the query name
+// used for ranking statefulset groups. v2 B/C/E/F are direct metrics, no
+// formula deps — so unlike v1 we don't carry A/D.
+var orderByToStatefulSetsQueryNames = map[string][]string{
+	inframonitoringtypes.StatefulSetsOrderByCPU:           {"A"},
+	inframonitoringtypes.StatefulSetsOrderByCPURequest:    {"B"},
+	inframonitoringtypes.StatefulSetsOrderByCPULimit:      {"C"},
+	inframonitoringtypes.StatefulSetsOrderByMemory:        {"D"},
+	inframonitoringtypes.StatefulSetsOrderByMemoryRequest: {"E"},
+	inframonitoringtypes.StatefulSetsOrderByMemoryLimit:   {"F"},
+	inframonitoringtypes.StatefulSetsOrderByDesiredPods:   {"H"},
+	inframonitoringtypes.StatefulSetsOrderByCurrentPods:   {"I"},
+}
+
+// newStatefulSetsTableListQuery builds the composite QB v5 request for the statefulsets list.
+// Eight builder queries: A..F roll up pod-level metrics by statefulset, H/I take the
+// latest statefulset-level desired/current counts. Restarts (v1 query G) is intentionally
+// omitted to match the v2 pods/deployments pattern.
+//
+// Every builder query carries a base filter `k8s.statefulset.name != ”`.
+// Reason: pod-level metrics (A..F) are emitted for every pod regardless of whether the
+// pod belongs to a StatefulSet; only StatefulSet-owned pods carry the
+// `k8s.statefulset.name` resource attribute. Without this filter, standalone pods and
+// pods owned by other workloads (Deployment/DaemonSet/Job/...) collapse into a single
+// empty-string group under the default groupBy. v1's GetStatefulSetList applied the same
+// filter via FilterOperatorExists; this matches v1 parity. The base filter merges
+// cleanly with user filters via mergeFilterExpressions / buildFullQueryRequest.
+func (m *module) newStatefulSetsTableListQuery() *qbtypes.QueryRangeRequest {
+	queries := []qbtypes.QueryEnvelope{
+		// Query A: k8s.pod.cpu.usage — sum of pod CPU within the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "A",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.cpu.usage",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter: &qbtypes.Filter{
+					Expression: statefulSetsBaseFilterExpr,
+				},
+				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query B: k8s.pod.cpu_request_utilization — avg across pods in the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "B",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.cpu_request_utilization",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationAvg,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter: &qbtypes.Filter{
+					Expression: statefulSetsBaseFilterExpr,
+				},
+				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query C: k8s.pod.cpu_limit_utilization — avg across pods in the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "C",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.cpu_limit_utilization",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationAvg,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter: &qbtypes.Filter{
+					Expression: statefulSetsBaseFilterExpr,
+				},
+				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query D: k8s.pod.memory.working_set — sum of pod memory within the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "D",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.memory.working_set",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter: &qbtypes.Filter{
+					Expression: statefulSetsBaseFilterExpr,
+				},
+				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query E: k8s.pod.memory_request_utilization — avg across pods in the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "E",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.memory_request_utilization",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationAvg,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter: &qbtypes.Filter{
+					Expression: statefulSetsBaseFilterExpr,
+				},
+				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query F: k8s.pod.memory_limit_utilization — avg across pods in the group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "F",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.pod.memory_limit_utilization",
+						TimeAggregation:  metrictypes.TimeAggregationAvg,
+						SpaceAggregation: metrictypes.SpaceAggregationAvg,
+						ReduceTo:         qbtypes.ReduceToAvg,
+					},
+				},
+				Filter: &qbtypes.Filter{
+					Expression: statefulSetsBaseFilterExpr,
+				},
+				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query H: k8s.statefulset.desired_pods — latest known desired replica count per group.
+		// v1 used TimeAggregationAnyLast (v3) → mapped to TimeAggregationLatest in v5;
+		// SpaceAggregationSum + ReduceToLast preserve v1's "latest, summed across the group".
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "H",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.statefulset.desired_pods",
+						TimeAggregation:  metrictypes.TimeAggregationLatest,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToLast,
+					},
+				},
+				Filter: &qbtypes.Filter{
+					Expression: statefulSetsBaseFilterExpr,
+				},
+				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
+				Disabled: false,
+			},
+		},
+		// Query I: k8s.statefulset.current_pods — latest known current replica count per group.
+		{
+			Type: qbtypes.QueryTypeBuilder,
+			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
+				Name:   "I",
+				Signal: telemetrytypes.SignalMetrics,
+				Aggregations: []qbtypes.MetricAggregation{
+					{
+						MetricName:       "k8s.statefulset.current_pods",
+						TimeAggregation:  metrictypes.TimeAggregationLatest,
+						SpaceAggregation: metrictypes.SpaceAggregationSum,
+						ReduceTo:         qbtypes.ReduceToLast,
+					},
+				},
+				Filter: &qbtypes.Filter{
+					Expression: statefulSetsBaseFilterExpr,
+				},
+				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
+				Disabled: false,
+			},
+		},
+	}
+
+	return &qbtypes.QueryRangeRequest{
+		RequestType: qbtypes.RequestTypeScalar,
+		CompositeQuery: qbtypes.CompositeQuery{
+			Queries: queries,
+		},
+	}
+}
--- a/pkg/modules/inframonitoring/inframonitoring.go
+++ b/pkg/modules/inframonitoring/inframonitoring.go
@@ -16,6 +16,8 @@ type Handler interface {
 	ListClusters(http.ResponseWriter, *http.Request)
 	ListVolumes(http.ResponseWriter, *http.Request)
 	ListDeployments(http.ResponseWriter, *http.Request)
+	ListStatefulSets(http.ResponseWriter, *http.Request)
+	ListJobs(http.ResponseWriter, *http.Request)
 }

 type Module interface {
@@ -26,4 +28,6 @@ type Module interface {
 	ListClusters(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableClusters) (*inframonitoringtypes.Clusters, error)
 	ListVolumes(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableVolumes) (*inframonitoringtypes.Volumes, error)
 	ListDeployments(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableDeployments) (*inframonitoringtypes.Deployments, error)
+	ListStatefulSets(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableStatefulSets) (*inframonitoringtypes.StatefulSets, error)
+	ListJobs(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableJobs) (*inframonitoringtypes.Jobs, error)
 }
--- a/pkg/modules/spanpercentile/implspanpercentile/module.go
+++ b/pkg/modules/spanpercentile/implspanpercentile/module.go
@@ -52,7 +52,7 @@ func (m *module) GetSpanPercentile(ctx context.Context, orgID valuer.UUID, req *

 func transformToSpanPercentileResponse(queryResult *qbtypes.QueryRangeResponse) (*spanpercentiletypes.SpanPercentileResponse, error) {
 	if len(queryResult.Data.Results) == 0 {
-		return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "no data returned from query")
+		return nil, errors.New(errors.TypeNotFound, errors.CodeNotFound, "no spans found matching the specified criteria")
 	}

 	scalarData, ok := queryResult.Data.Results[0].(*qbtypes.ScalarData)
@@ -61,7 +61,7 @@ func transformToSpanPercentileResponse(queryResult *qbtypes.QueryRangeResponse)
 	}

 	if len(scalarData.Data) == 0 {
-		return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "no rows returned from query")
+		return nil, errors.New(errors.TypeNotFound, errors.CodeNotFound, "no spans found matching the specified criteria")
 	}

 	row := scalarData.Data[0]
--- a/pkg/modules/tag/impltag/module.go
+++ b/pkg/modules/tag/impltag/module.go
@@ -1,76 +0,0 @@
-package impltag
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/modules/tag"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/types/tagtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type module struct {
-	store tagtypes.Store
-}
-
-func NewModule(store tagtypes.Store) tag.Module {
-	return &module{store: store}
-}
-
-func (m *module) SyncTags(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, postable []tagtypes.PostableTag) ([]*tagtypes.Tag, error) {
-	var tags []*tagtypes.Tag
-	err := m.store.RunInTx(ctx, func(ctx context.Context) error {
-		resolved, err := m.createMany(ctx, orgID, kind, postable)
-		if err != nil {
-			return err
-		}
-		tagIDs := make([]valuer.UUID, len(resolved))
-		for i, t := range resolved {
-			tagIDs[i] = t.ID
-		}
-		if err := m.syncLinksForResource(ctx, orgID, kind, resourceID, tagIDs); err != nil {
-			return err
-		}
-		tags = resolved
-		return nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	return tags, nil
-}
-
-func (m *module) createMany(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, postable []tagtypes.PostableTag) ([]*tagtypes.Tag, error) {
-	if len(postable) == 0 {
-		return []*tagtypes.Tag{}, nil
-	}
-
-	toCreate, matched, err := m.resolve(ctx, orgID, kind, postable)
-	if err != nil {
-		return nil, err
-	}
-
-	created, err := m.store.CreateOrGet(ctx, toCreate)
-	if err != nil {
-		return nil, err
-	}
-
-	return append(matched, created...), nil
-}
-
-func (m *module) syncLinksForResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, tagIDs []valuer.UUID) error {
-	return m.store.RunInTx(ctx, func(ctx context.Context) error {
-		if err := m.store.CreateRelations(ctx, tagtypes.NewTagRelations(kind, resourceID, tagIDs)); err != nil {
-			return err
-		}
-		return m.store.DeleteRelationsExcept(ctx, orgID, kind, resourceID, tagIDs)
-	})
-}
-
-func (m *module) ListForResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID) ([]*tagtypes.Tag, error) {
-	return m.store.ListByResource(ctx, orgID, kind, resourceID)
-}
-
-func (m *module) ListForResources(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceIDs []valuer.UUID) (map[valuer.UUID][]*tagtypes.Tag, error) {
-	return m.store.ListByResources(ctx, orgID, kind, resourceIDs)
-}
--- a/pkg/modules/tag/impltag/resolve.go
+++ b/pkg/modules/tag/impltag/resolve.go
@@ -1,59 +0,0 @@
-package impltag
-
-import (
-	"context"
-	"strings"
-
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/types/tagtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-// resolve canonicalizes a batch of user-supplied (key, value) tag pairs against
-// the existing tags for an org. Lookup is case-insensitive on both key and
-// value (matching the storage uniqueness rule); when an existing row matches,
-// its display casing is reused. Inputs are deduped on (LOWER(key), LOWER(value));
-// the first input's casing wins on collisions. Returns:
-//   - toCreate: new Tag rows the caller should insert (with pre-generated IDs)
-//   - matched: existing rows the caller's input already pointed to. They
-//     already carry authoritative IDs from the store.
-func (m *module) resolve(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, postable []tagtypes.PostableTag) ([]*tagtypes.Tag, []*tagtypes.Tag, error) {
-	if len(postable) == 0 {
-		return nil, nil, nil
-	}
-
-	existing, err := m.store.List(ctx, orgID, kind)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	lowercaseTagsMap := make(map[string]*tagtypes.Tag, len(existing))
-	for _, t := range existing {
-		mapKey := strings.ToLower(t.Key) + "\x00" + strings.ToLower(t.Value)
-		lowercaseTagsMap[mapKey] = t
-	}
-
-	seenInRequestAlready := make(map[string]struct{}, len(postable)) // postable can have the same tag multiple times
-	toCreate := make([]*tagtypes.Tag, 0)
-	matched := make([]*tagtypes.Tag, 0)
-
-	for _, p := range postable {
-		key, value, err := tagtypes.ValidatePostableTag(p)
-		if err != nil {
-			return nil, nil, err
-		}
-		lookup := strings.ToLower(key) + "\x00" + strings.ToLower(value)
-		if _, dup := seenInRequestAlready[lookup]; dup {
-			continue
-		}
-		seenInRequestAlready[lookup] = struct{}{}
-
-		if existingTag, ok := lowercaseTagsMap[lookup]; ok {
-			matched = append(matched, existingTag)
-			continue
-		}
-		toCreate = append(toCreate, tagtypes.NewTag(orgID, kind, key, value))
-	}
-
-	return toCreate, matched, nil
-}
--- a/pkg/modules/tag/impltag/resolve_test.go
+++ b/pkg/modules/tag/impltag/resolve_test.go
@@ -1,112 +0,0 @@
-package impltag
-
-import (
-	"context"
-	"strings"
-	"testing"
-
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/types/tagtypes"
-	"github.com/SigNoz/signoz/pkg/types/tagtypes/tagtypestest"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-var testKind = coretypes.KindDashboard
-
-func TestModule_Resolve(t *testing.T) {
-	t.Run("empty input does not hit store", func(t *testing.T) {
-		store := tagtypestest.NewStore()
-		m := &module{store: store}
-
-		toCreate, matched, err := m.resolve(context.Background(), valuer.GenerateUUID(), testKind, nil)
-		require.NoError(t, err)
-		assert.Empty(t, toCreate)
-		assert.Empty(t, matched)
-		assert.Zero(t, store.ListCallCount, "should not hit store when input is empty")
-	})
-
-	t.Run("creates missing pairs and reuses existing", func(t *testing.T) {
-		orgID := valuer.GenerateUUID()
-		dbTag := tagtypes.NewTag(orgID, testKind, "team", "Pulse")
-		dbTag2 := tagtypes.NewTag(orgID, testKind, "Database", "redis")
-		store := tagtypestest.NewStore()
-		store.Tags = []*tagtypes.Tag{dbTag, dbTag2}
-		m := &module{store: store}
-
-		toCreate, matched, err := m.resolve(context.Background(), orgID, testKind, []tagtypes.PostableTag{
-			{Key: "team", Value: "events"},    // new
-			{Key: "DATABASE", Value: "REDIS"}, // case-only conflict
-			{Key: "Brand", Value: "New"},      // new
-		})
-		require.NoError(t, err)
-
-		createdLowerKVs := []string{}
-		for _, tg := range toCreate {
-			createdLowerKVs = append(createdLowerKVs, strings.ToLower(tg.Key)+"\x00"+strings.ToLower(tg.Value))
-		}
-		assert.ElementsMatch(t, []string{"team\x00events", "brand\x00new"}, createdLowerKVs,
-			"only the two missing pairs should be returned for insertion")
-
-		require.Len(t, matched, 1, "DATABASE:REDIS should hit the existing 'Database:redis' tag")
-		assert.Same(t, dbTag2, matched[0], "matched should return the existing pointer with its authoritative ID")
-	})
-
-	t.Run("dedupes inputs that map to the same lower(key)+lower(value)", func(t *testing.T) {
-		orgID := valuer.GenerateUUID()
-		store := tagtypestest.NewStore()
-		m := &module{store: store}
-
-		toCreate, matched, err := m.resolve(context.Background(), orgID, testKind, []tagtypes.PostableTag{
-			{Key: "Foo", Value: "Bar"},
-			{Key: "foo", Value: "bar"},
-			{Key: "FOO", Value: "BAR"},
-		})
-		require.NoError(t, err)
-
-		require.Empty(t, matched)
-		require.Len(t, toCreate, 1, "duplicate inputs must collapse into a single insert")
-		assert.Equal(t, "Foo", toCreate[0].Key, "first input's casing wins")
-		assert.Equal(t, "Bar", toCreate[0].Value, "first input's casing wins")
-	})
-
-	t.Run("preserves existing casing on case-only match", func(t *testing.T) {
-		orgID := valuer.GenerateUUID()
-		dbTag := tagtypes.NewTag(orgID, testKind, "Team", "Pulse")
-		store := tagtypestest.NewStore()
-		store.Tags = []*tagtypes.Tag{dbTag}
-		m := &module{store: store}
-
-		toCreate, matched, err := m.resolve(context.Background(), orgID, testKind, []tagtypes.PostableTag{
-			{Key: "team", Value: "PULSE"},
-		})
-		require.NoError(t, err)
-
-		assert.Empty(t, toCreate)
-		require.Len(t, matched, 1)
-		assert.Equal(t, "Team", matched[0].Key)
-		assert.Equal(t, "Pulse", matched[0].Value)
-	})
-
-	t.Run("propagates validation error from any input", func(t *testing.T) {
-		store := tagtypestest.NewStore()
-		m := &module{store: store}
-
-		_, _, err := m.resolve(context.Background(), valuer.GenerateUUID(), testKind, []tagtypes.PostableTag{
-			{Key: "team", Value: "pulse"},
-			{Key: "", Value: "x"},
-		})
-		require.Error(t, err)
-	})
-
-	t.Run("propagates regex validation error", func(t *testing.T) {
-		store := tagtypestest.NewStore()
-		m := &module{store: store}
-
-		_, _, err := m.resolve(context.Background(), valuer.GenerateUUID(), testKind, []tagtypes.PostableTag{
-			{Key: "team!eng", Value: "pulse"},
-		})
-		require.Error(t, err)
-	})
-}
--- a/pkg/modules/tag/impltag/store.go
+++ b/pkg/modules/tag/impltag/store.go
@@ -1,148 +0,0 @@
-package impltag
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/types/tagtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/uptrace/bun"
-)
-
-type store struct {
-	sqlstore sqlstore.SQLStore
-}
-
-func NewStore(sqlstore sqlstore.SQLStore) tagtypes.Store {
-	return &store{sqlstore: sqlstore}
-}
-
-func (s *store) List(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind) ([]*tagtypes.Tag, error) {
-	tags := make([]*tagtypes.Tag, 0)
-	err := s.sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&tags).
-		Where("org_id = ?", orgID).
-		Where("kind = ?", kind).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return tags, nil
-}
-
-func (s *store) ListByResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID) ([]*tagtypes.Tag, error) {
-	tags := make([]*tagtypes.Tag, 0)
-	err := s.sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&tags).
-		Join("JOIN tag_relation AS tr ON tr.tag_id = tag.id").
-		Where("tr.kind = ?", kind).
-		Where("tr.resource_id = ?", resourceID).
-		Where("tag.org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return tags, nil
-}
-
-func (s *store) ListByResources(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceIDs []valuer.UUID) (map[valuer.UUID][]*tagtypes.Tag, error) {
-	if len(resourceIDs) == 0 {
-		return map[valuer.UUID][]*tagtypes.Tag{}, nil
-	}
-
-	type joinedRow struct {
-		tagtypes.Tag `bun:",extend"`
-		ResourceID   valuer.UUID `bun:"resource_id"`
-	}
-
-	rows := make([]*joinedRow, 0)
-	err := s.sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(&rows).
-		ColumnExpr("tag.*, tr.resource_id").
-		Join("JOIN tag_relation AS tr ON tr.tag_id = tag.id").
-		Where("tr.kind = ?", kind).
-		Where("tr.resource_id IN (?)", bun.In(resourceIDs)).
-		Where("tag.org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	out := make(map[valuer.UUID][]*tagtypes.Tag)
-	for _, r := range rows {
-		tag := r.Tag
-		out[r.ResourceID] = append(out[r.ResourceID], &tag)
-	}
-	return out, nil
-}
-
-func (s *store) CreateOrGet(ctx context.Context, tags []*tagtypes.Tag) ([]*tagtypes.Tag, error) {
-	if len(tags) == 0 {
-		return tags, nil
-	}
-	// DO UPDATE on a self-set is a deliberate no-op write whose only purpose
-	// is to make RETURNING fire on conflicting rows. Without it, RETURNING is
-	// silent on the conflict path and we'd have to refetch by (key, value) to
-	// learn the existing rows' IDs after a concurrent-insert race. Setting
-	// key = tag.key (the existing row's value) preserves the first writer's
-	// casing on case-only collisions.
-	err := s.sqlstore.
-		BunDBCtx(ctx).
-		NewInsert().
-		Model(&tags).
-		On("CONFLICT (org_id, kind, (LOWER(key)), (LOWER(value))) DO UPDATE").
-		Set("key = tag.key").
-		Returning("*").
-		Scan(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return tags, nil
-}
-
-func (s *store) CreateRelations(ctx context.Context, relations []*tagtypes.TagRelation) error {
-	if len(relations) == 0 {
-		return nil
-	}
-	_, err := s.sqlstore.
-		BunDBCtx(ctx).
-		NewInsert().
-		Model(&relations).
-		On("CONFLICT (kind, resource_id, tag_id) DO NOTHING").
-		Exec(ctx)
-	return err
-}
-
-func (s *store) DeleteRelationsExcept(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, keepTagIDs []valuer.UUID) error {
-	// Scope the delete to the caller's org via a subquery on tag — bun's
-	// DELETE-with-JOIN syntax isn't uniformly portable across Postgres/SQLite.
-	tagIDsToDelete := s.sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		TableExpr("tag").
-		Column("id").
-		Where("org_id = ?", orgID)
-	if len(keepTagIDs) > 0 {
-		tagIDsToDelete = tagIDsToDelete.Where("id NOT IN (?)", bun.In(keepTagIDs))
-	}
-	_, err := s.sqlstore.
-		BunDBCtx(ctx).
-		NewDelete().
-		Model((*tagtypes.TagRelation)(nil)).
-		Where("kind = ?", kind).
-		Where("resource_id = ?", resourceID).
-		Where("tag_id IN (?)", tagIDsToDelete).
-		Exec(ctx)
-	return err
-}
-
-func (s *store) RunInTx(ctx context.Context, cb func(ctx context.Context) error) error {
-	return s.sqlstore.RunInTxCtx(ctx, nil, cb)
-}
--- a/pkg/modules/tag/impltag/store_test.go
+++ b/pkg/modules/tag/impltag/store_test.go
@@ -1,147 +0,0 @@
-package impltag
-
-import (
-	"context"
-	"path/filepath"
-	"strings"
-	"testing"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/factory/factorytest"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/sqlstore/sqlitesqlstore"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/types/tagtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/uptrace/bun"
-)
-
-func newTestStore(t *testing.T) sqlstore.SQLStore {
-	t.Helper()
-	dbPath := filepath.Join(t.TempDir(), "test.db")
-	store, err := sqlitesqlstore.New(context.Background(), factorytest.NewSettings(), sqlstore.Config{
-		Provider: "sqlite",
-		Connection: sqlstore.ConnectionConfig{
-			MaxOpenConns:    1,
-			MaxConnLifetime: 0,
-		},
-		Sqlite: sqlstore.SqliteConfig{
-			Path:            dbPath,
-			Mode:            "wal",
-			BusyTimeout:     5 * time.Second,
-			TransactionMode: "deferred",
-		},
-	})
-	require.NoError(t, err)
-
-	_, err = store.BunDB().NewCreateTable().
-		Model((*tagtypes.Tag)(nil)).
-		IfNotExists().
-		Exec(context.Background())
-	require.NoError(t, err)
-
-	_, err = store.BunDB().Exec(`CREATE UNIQUE INDEX IF NOT EXISTS uq_tag_org_kind_lower_key_lower_value ON tag (org_id, kind, LOWER(key), LOWER(value))`)
-	require.NoError(t, err)
-	return store
-}
-
-var dashboardKind = coretypes.KindDashboard
-
-func tagsByLowerKeyValue(t *testing.T, db *bun.DB) map[string]*tagtypes.Tag {
-	t.Helper()
-	all := make([]*tagtypes.Tag, 0)
-	require.NoError(t, db.NewSelect().Model(&all).Scan(context.Background()))
-	out := map[string]*tagtypes.Tag{}
-	for _, tag := range all {
-		out[strings.ToLower(tag.Key)+"\x00"+strings.ToLower(tag.Value)] = tag
-	}
-	return out
-}
-
-func TestStore_Create_PopulatesIDsOnFreshInsert(t *testing.T) {
-	ctx := context.Background()
-	sqlstore := newTestStore(t)
-	s := NewStore(sqlstore)
-
-	orgID := valuer.GenerateUUID()
-	tagA := tagtypes.NewTag(orgID, dashboardKind, "tag", "Database")
-	tagB := tagtypes.NewTag(orgID, dashboardKind, "team", "BLR")
-	preIDA := tagA.ID
-	preIDB := tagB.ID
-
-	got, err := s.CreateOrGet(ctx, []*tagtypes.Tag{tagA, tagB})
-	require.NoError(t, err)
-	require.Len(t, got, 2)
-
-	// No race → pre-generated IDs stand. The slice is what we passed in,
-	// confirming Scan didn't reallocate.
-	assert.Equal(t, preIDA, got[0].ID)
-	assert.Equal(t, preIDB, got[1].ID)
-
-	// And the rows are in the DB.
-	stored := tagsByLowerKeyValue(t, sqlstore.BunDB())
-	require.Contains(t, stored, "tag\x00database")
-	require.Contains(t, stored, "team\x00blr")
-	assert.Equal(t, preIDA, stored["tag\x00database"].ID)
-	assert.Equal(t, preIDB, stored["team\x00blr"].ID)
-}
-
-func TestStore_Create_ConflictReturnsExistingRowID(t *testing.T) {
-	ctx := context.Background()
-	sqlstore := newTestStore(t)
-	s := NewStore(sqlstore)
-
-	orgID := valuer.GenerateUUID()
-
-	// Simulate a concurrent insert: someone else has already inserted "tag:Database".
-	winner := tagtypes.NewTag(orgID, dashboardKind, "tag", "Database")
-	_, err := s.CreateOrGet(ctx, []*tagtypes.Tag{winner})
-	require.NoError(t, err)
-	winnerID := winner.ID
-
-	// Now our request runs with a different pre-generated ID for the same
-	// (key, value) — case differs but the functional unique index collapses
-	// them. RETURNING should overwrite our stale ID with winner's ID.
-	loser := tagtypes.NewTag(orgID, dashboardKind, "TAG", "DATABASE")
-	loserPreID := loser.ID
-	require.NotEqual(t, winnerID, loserPreID, "pre-generated IDs must differ for this test to be meaningful")
-
-	got, err := s.CreateOrGet(ctx, []*tagtypes.Tag{loser})
-	require.NoError(t, err)
-	require.Len(t, got, 1)
-
-	assert.Equal(t, winnerID, got[0].ID, "returned slice should carry the existing row's ID, not our stale one")
-	assert.Equal(t, winnerID, loser.ID, "input slice element is mutated in place")
-
-	// And the DB still has exactly one row for that (lower(key), lower(value)) — winner's, with winner's casing.
-	stored := tagsByLowerKeyValue(t, sqlstore.BunDB())
-	require.Len(t, stored, 1)
-	assert.Equal(t, winnerID, stored["tag\x00database"].ID)
-	assert.Equal(t, "tag", stored["tag\x00database"].Key, "winner's casing preserved in key")
-	assert.Equal(t, "Database", stored["tag\x00database"].Value, "winner's casing preserved in value")
-}
-
-func TestStore_Create_MixedFreshAndConflict(t *testing.T) {
-	ctx := context.Background()
-	sqlstore := newTestStore(t)
-	s := NewStore(sqlstore)
-
-	orgID := valuer.GenerateUUID()
-	pre := tagtypes.NewTag(orgID, dashboardKind, "tag", "Database")
-	_, err := s.CreateOrGet(ctx, []*tagtypes.Tag{pre})
-	require.NoError(t, err)
-	preExistingID := pre.ID
-
-	conflict := tagtypes.NewTag(orgID, dashboardKind, "tag", "Database")
-	fresh := tagtypes.NewTag(orgID, dashboardKind, "team", "BLR")
-	freshPreID := fresh.ID
-
-	got, err := s.CreateOrGet(ctx, []*tagtypes.Tag{conflict, fresh})
-	require.NoError(t, err)
-	require.Len(t, got, 2)
-
-	assert.Equal(t, preExistingID, got[0].ID, "conflicting row's ID overwritten with the existing row's")
-	assert.Equal(t, freshPreID, got[1].ID, "fresh row's pre-generated ID is preserved")
-}
--- a/pkg/modules/tag/tag.go
+++ b/pkg/modules/tag/tag.go
@@ -1,20 +0,0 @@
-package tag
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/types/tagtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Module interface {
-	// SyncTags resolves the given postable tags (creating new rows as needed)
-	// and reconciles the resource's links to exactly that set, all in one transaction.
-	SyncTags(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, postable []tagtypes.PostableTag) ([]*tagtypes.Tag, error)
-
-	ListForResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID) ([]*tagtypes.Tag, error)
-
-	// Resources with no tags are absent from the returned map.
-	ListForResources(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceIDs []valuer.UUID) (map[valuer.UUID][]*tagtypes.Tag, error)
-}
--- a/pkg/query-service/model/alerting.go
+++ b/pkg/query-service/model/alerting.go
@@ -134,7 +134,7 @@ type RuleStateHistory struct {
 	// One of ["normal", "firing"]
 	OverallState        AlertState `json:"overallState" ch:"overall_state"`
 	OverallStateChanged bool       `json:"overallStateChanged" ch:"overall_state_changed"`
-	// One of ["normal", "firing", "no_data", "muted"]
+	// One of ["normal", "firing", "nodata", "muted"]
 	State        AlertState   `json:"state" ch:"state"`
 	StateChanged bool         `json:"stateChanged" ch:"state_changed"`
 	UnixMilli    int64        `json:"unixMilli" ch:"unix_milli"`
--- a/pkg/signoz/handler_test.go
+++ b/pkg/signoz/handler_test.go
@@ -17,7 +17,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
 	"github.com/SigNoz/signoz/pkg/modules/retention/implretention"
-	"github.com/SigNoz/signoz/pkg/modules/tag/impltag"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
@@ -46,8 +45,7 @@ func TestNewHandlers(t *testing.T) {
 	emailing := emailingtest.New()
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
-	tagModule := impltag.NewModule(impltag.NewStore(sqlstore))
-	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), sqlstore, providerSettings, nil, orgGetter, queryParser, tagModule)
+	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)

 	flagger, err := flagger.New(context.Background(), instrumentationtest.New().ToProviderSettings(), flagger.Config{}, flagger.MustNewRegistry())
 	require.NoError(t, err)
@@ -55,9 +53,8 @@ func TestNewHandlers(t *testing.T) {
 	userRoleStore := impluser.NewUserRoleStore(sqlstore, providerSettings)

 	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings), userRoleStore, flagger)
-
 	retentionGetter := implretention.NewGetter(implretention.NewStore(sqlstore))
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, nil, nil, retentionGetter, flagger, tagModule)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, nil, nil, retentionGetter, flagger)

 	querierHandler := querier.NewHandler(providerSettings, nil, nil)
 	registryHandler := factory.NewHandler(nil)
--- a/pkg/signoz/module.go
+++ b/pkg/signoz/module.go
@@ -45,7 +45,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/spanmapper/implspanmapper"
 	"github.com/SigNoz/signoz/pkg/modules/spanpercentile"
 	"github.com/SigNoz/signoz/pkg/modules/spanpercentile/implspanpercentile"
-	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/tracedetail"
 	"github.com/SigNoz/signoz/pkg/modules/tracedetail/impltracedetail"
 	"github.com/SigNoz/signoz/pkg/modules/tracefunnel"
@@ -89,7 +88,6 @@ type Modules struct {
 	TraceDetail      tracedetail.Module
 	SpanMapper       spanmapper.Module
 	LLMPricingRule   llmpricingrule.Module
-	Tag              tag.Module
 }

 func NewModules(
@@ -115,7 +113,6 @@ func NewModules(
 	cloudIntegrationModule cloudintegration.Module,
 	retentionGetter retention.Getter,
 	fl flagger.Flagger,
-	tagModule tag.Module,
 ) Modules {
 	quickfilter := implquickfilter.NewModule(implquickfilter.NewStore(sqlstore))
 	orgSetter := implorganization.NewSetter(implorganization.NewStore(sqlstore), alertmanager, quickfilter)
@@ -148,6 +145,5 @@ func NewModules(
 		TraceDetail:      impltracedetail.NewModule(impltracedetail.NewTraceStore(telemetryStore), providerSettings, config.TraceDetail),
 		SpanMapper:       implspanmapper.NewModule(implspanmapper.NewStore(sqlstore)),
 		LLMPricingRule:   impllmpricingrule.NewModule(impllmpricingrule.NewStore(sqlstore)),
-		Tag:              tagModule,
 	}
 }
--- a/pkg/signoz/module_test.go
+++ b/pkg/signoz/module_test.go
@@ -19,7 +19,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/retention/implretention"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount/implserviceaccount"
-	"github.com/SigNoz/signoz/pkg/modules/tag/impltag"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/sharder"
@@ -47,8 +46,7 @@ func TestNewModules(t *testing.T) {
 	emailing := emailingtest.New()
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
-	tagModule := impltag.NewModule(impltag.NewStore(sqlstore))
-	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), sqlstore, providerSettings, nil, orgGetter, queryParser, tagModule)
+	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)

 	flagger, err := flagger.New(context.Background(), instrumentationtest.New().ToProviderSettings(), flagger.Config{}, flagger.MustNewRegistry())
 	require.NoError(t, err)
@@ -60,8 +58,7 @@ func TestNewModules(t *testing.T) {
 	serviceAccount := implserviceaccount.NewModule(implserviceaccount.NewStore(sqlstore), nil, nil, nil, providerSettings, serviceaccount.Config{})

 	retentionGetter := implretention.NewGetter(implretention.NewStore(sqlstore))
-
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, serviceAccount, implcloudintegration.NewModule(), retentionGetter, flagger, tagModule)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, serviceAccount, implcloudintegration.NewModule(), retentionGetter, flagger)

 	reflectVal := reflect.ValueOf(modules)
 	for i := 0; i < reflectVal.NumField(); i++ {
--- a/pkg/signoz/provider.go
+++ b/pkg/signoz/provider.go
@@ -200,7 +200,7 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewAddServiceAccountManagedRoleTransactionsFactory(sqlstore),
 		sqlmigration.NewAddSpanMapperFactory(sqlstore, sqlschema),
 		sqlmigration.NewAddLLMPricingRulesFactory(sqlstore, sqlschema),
-		sqlmigration.NewAddTagsFactory(sqlstore, sqlschema),
+		sqlmigration.NewMigrateMetaresourcesTuplesFactory(sqlstore),
 	)
 }

--- a/pkg/signoz/signoz.go
+++ b/pkg/signoz/signoz.go
@@ -32,8 +32,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount/implserviceaccount"
-	"github.com/SigNoz/signoz/pkg/modules/tag"
-	"github.com/SigNoz/signoz/pkg/modules/tag/impltag"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
@@ -107,7 +105,7 @@ func New(
 	telemetrystoreProviderFactories factory.NamedMap[factory.ProviderFactory[telemetrystore.TelemetryStore, telemetrystore.Config]],
 	authNsCallback func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error),
 	authzCallback func(context.Context, sqlstore.SQLStore, authz.Config, licensing.Licensing, []authz.OnBeforeRoleDelete) (factory.ProviderFactory[authz.AuthZ, authz.Config], error),
-	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, queryparser.QueryParser, querier.Querier, licensing.Licensing, tag.Module) dashboard.Module,
+	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, queryparser.QueryParser, querier.Querier, licensing.Licensing) dashboard.Module,
 	gatewayProviderFactory func(licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config],
 	auditorProviderFactories func(licensing.Licensing) factory.NamedMap[factory.ProviderFactory[auditor.Auditor, auditor.Config]],
 	meterReporterProviderFactories func(context.Context, factory.ProviderSettings, flagger.Flagger, licensing.Licensing, telemetrystore.TelemetryStore, retention.Getter, organization.Getter, zeus.Zeus) (factory.NamedMap[factory.ProviderFactory[meterreporter.Reporter, meterreporter.Config]], string),
@@ -334,13 +332,8 @@ func New(
 	// Initialize query parser (needed for dashboard module)
 	queryParser := queryparser.New(providerSettings)

-	// Initialize tag module — shared across modules that link entities to tags
-	// (currently dashboard; future: alerts, RBAC). Built once here and injected
-	// where needed.
-	tagModule := impltag.NewModule(impltag.NewStore(sqlstore))
-
-	// Initialize dashboard module (needed for authz registry)
-	dashboard := dashboardModuleCallback(sqlstore, providerSettings, analytics, orgGetter, queryParser, querier, licensing, tagModule)
+	// Initialize dashboard module
+	dashboard := dashboardModuleCallback(sqlstore, providerSettings, analytics, orgGetter, queryParser, querier, licensing)

 	// Initialize user getter
 	userGetter := impluser.NewGetter(userStore, userRoleStore, flagger)
@@ -462,7 +455,7 @@ func New(
 	}

 	// Initialize all modules
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter, userRoleStore, serviceAccount, cloudIntegrationModule, retentionGetter, flagger, tagModule)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter, userRoleStore, serviceAccount, cloudIntegrationModule, retentionGetter, flagger)

 	// Initialize ruler from the variant-specific provider factories
 	rulerInstance, err := factory.NewProviderFromNamedMap(ctx, providerSettings, config.Ruler, rulerProviderFactories(cache, alertmanager, sqlstore, telemetrystore, telemetryMetadataStore, prometheus, orgGetter, modules.RuleStateHistory, querier, queryParser), "signoz")
--- a/pkg/sqlmigration/081_add_tags.go
+++ b/pkg/sqlmigration/081_add_tags.go
@@ -1,114 +0,0 @@
-package sqlmigration
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/sqlschema"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/uptrace/bun"
-	"github.com/uptrace/bun/migrate"
-)
-
-type addTags struct {
-	sqlstore  sqlstore.SQLStore
-	sqlschema sqlschema.SQLSchema
-}
-
-func NewAddTagsFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
-	return factory.NewProviderFactory(factory.MustNewName("add_tags"), func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
-		return &addTags{
-			sqlstore:  sqlstore,
-			sqlschema: sqlschema,
-		}, nil
-	})
-}
-
-func (migration *addTags) Register(migrations *migrate.Migrations) error {
-	return migrations.Register(migration.Up, migration.Down)
-}
-
-func (migration *addTags) Up(ctx context.Context, db *bun.DB) error {
-	tx, err := db.BeginTx(ctx, nil)
-	if err != nil {
-		return err
-	}
-
-	defer func() {
-		_ = tx.Rollback()
-	}()
-
-	sqls := [][]byte{}
-
-	tagTableSQLs := migration.sqlschema.Operator().CreateTable(&sqlschema.Table{
-		Name: "tag",
-		Columns: []*sqlschema.Column{
-			{Name: "id", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "key", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "value", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "org_id", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "kind", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "created_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false},
-			{Name: "updated_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false},
-		},
-		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{ColumnNames: []sqlschema.ColumnName{"id"}},
-		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
-			{
-				ReferencingColumnName: sqlschema.ColumnName("org_id"),
-				ReferencedTableName:   sqlschema.TableName("organizations"),
-				ReferencedColumnName:  sqlschema.ColumnName("id"),
-			},
-		},
-	})
-	sqls = append(sqls, tagTableSQLs...)
-
-	// Case-insensitive uniqueness on (org_id, kind, key, value) — both Postgres
-	// and SQLite (modernc 3.50.x) support expression indexes.
-	tagUniqueIndexSQLs := migration.sqlschema.Operator().CreateIndex(
-		(&sqlschema.UniqueIndex{
-			TableName:   "tag",
-			ColumnNames: []sqlschema.ColumnName{"org_id", "kind", "key", "value"},
-			Expressions: []string{"org_id", "kind", "LOWER(key)", "LOWER(value)"},
-		}).Named("uq_tag_org_kind_lower_key_lower_value"),
-	)
-	sqls = append(sqls, tagUniqueIndexSQLs...)
-
-	tagRelationsTableSQLs := migration.sqlschema.Operator().CreateTable(&sqlschema.Table{
-		Name: "tag_relation",
-		Columns: []*sqlschema.Column{
-			{Name: "id", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "kind", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "resource_id", DataType: sqlschema.DataTypeText, Nullable: false},
-			{Name: "tag_id", DataType: sqlschema.DataTypeText, Nullable: false},
-		},
-		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{ColumnNames: []sqlschema.ColumnName{"id"}},
-		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
-			{
-				ReferencingColumnName: sqlschema.ColumnName("tag_id"),
-				ReferencedTableName:   sqlschema.TableName("tag"),
-				ReferencedColumnName:  sqlschema.ColumnName("id"),
-			},
-		},
-	})
-	sqls = append(sqls, tagRelationsTableSQLs...)
-
-	tagRelationUniqueIndexSQLs := migration.sqlschema.Operator().CreateIndex(
-		&sqlschema.UniqueIndex{
-			TableName:   "tag_relation",
-			ColumnNames: []sqlschema.ColumnName{"kind", "resource_id", "tag_id"},
-		},
-	)
-	sqls = append(sqls, tagRelationUniqueIndexSQLs...)
-
-	for _, sql := range sqls {
-		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
-			return err
-		}
-	}
-
-	return tx.Commit()
-}
-
-func (migration *addTags) Down(_ context.Context, _ *bun.DB) error {
-	return nil
-}
--- a/pkg/sqlmigration/081_migrate_metaresources_tuples.go
+++ b/pkg/sqlmigration/081_migrate_metaresources_tuples.go
@@ -0,0 +1,175 @@
+package sqlmigration
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/oklog/ulid/v2"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/dialect"
+	"github.com/uptrace/bun/migrate"
+)
+
+type migrateMetaresourcesTuples struct {
+	sqlstore sqlstore.SQLStore
+}
+
+func NewMigrateMetaresourcesTuplesFactory(sqlstore sqlstore.SQLStore) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(factory.MustNewName("migrate_metaresources_tuples"), func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+		return &migrateMetaresourcesTuples{sqlstore: sqlstore}, nil
+	})
+}
+
+func (migration *migrateMetaresourcesTuples) Register(migrations *migrate.Migrations) error {
+	return migrations.Register(migration.Up, migration.Down)
+}
+
+// migrationTuple describes a single FGA tuple to insert.
+type migrationTuple struct {
+	roleName   string // "signoz-admin", "signoz-editor", "signoz-viewer"
+	objectType string // "serviceaccount", "user", "role", "metaresource"
+	objectName string // "serviceaccount", "user", "role", etc.
+	relation   string // "create", "list", "detach", etc.
+}
+
+func (migration *migrateMetaresourcesTuples) Up(ctx context.Context, db *bun.DB) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	var storeID string
+	err = tx.QueryRowContext(ctx, `SELECT id FROM store WHERE name = ? LIMIT 1`, "signoz").Scan(&storeID)
+	if err != nil {
+		return err
+	}
+
+	// Fetch all orgs.
+	var orgIDs []string
+	rows, err := tx.QueryContext(ctx, `SELECT id FROM organizations`)
+	if err != nil {
+		return err
+	}
+	defer rows.Close()
+	for rows.Next() {
+		var orgID string
+		if err := rows.Scan(&orgID); err != nil {
+			return err
+		}
+		orgIDs = append(orgIDs, orgID)
+	}
+
+	isPG := migration.sqlstore.BunDB().Dialect().Name() == dialect.PG
+
+	// Step 1: Delete all tuples with the old "metaresources" object_type.
+	for _, orgID := range orgIDs {
+		if isPG {
+			_, err = tx.ExecContext(ctx, `DELETE FROM tuple WHERE store = ? AND object_type = ? AND object_id LIKE ?`,
+				storeID, "metaresources", "organization/"+orgID+"/%")
+		} else {
+			_, err = tx.ExecContext(ctx, `DELETE FROM tuple WHERE store = ? AND object_type = ? AND object_id LIKE ?`,
+				storeID, "metaresources", "organization/"+orgID+"/%")
+		}
+
+		if err != nil {
+			return err
+		}
+	}
+
+	// Step 2: Insert replacement tuples.
+	// For types with their own FGA type (user, serviceaccount, role), create/list
+	// go on the type directly. For all other resources, create/list go on "metaresource".
+	// Also add new detach tuples for role/user/serviceaccount.
+	tuples := []migrationTuple{
+		// New detach tuples for admin
+		{authtypes.SigNozAdminRoleName, "role", "role", "detach"},
+		{authtypes.SigNozAdminRoleName, "serviceaccount", "serviceaccount", "detach"},
+		// Replacement create/list for user/serviceaccount/role (moved from metaresources to own types)
+		{authtypes.SigNozAdminRoleName, "serviceaccount", "serviceaccount", "create"},
+		{authtypes.SigNozAdminRoleName, "serviceaccount", "serviceaccount", "list"},
+		{authtypes.SigNozAdminRoleName, "role", "role", "create"},
+		{authtypes.SigNozAdminRoleName, "role", "role", "list"},
+		// Replacement create/list for resources that move from "metaresources" to "metaresource"
+		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "create"},
+		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "list"},
+		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "read"},
+		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "update"},
+		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "delete"},
+	}
+
+	for _, orgID := range orgIDs {
+		for _, tuple := range tuples {
+			entropy := ulid.DefaultEntropy()
+			now := time.Now().UTC()
+			tupleID := ulid.MustNew(ulid.Timestamp(now), entropy).String()
+
+			objectID := "organization/" + orgID + "/" + tuple.objectName + "/*"
+			roleSubject := "organization/" + orgID + "/role/" + tuple.roleName
+
+			if isPG {
+				user := "role:" + roleSubject + "#assignee"
+				result, err := tx.ExecContext(ctx, `
+					INSERT INTO tuple (store, object_type, object_id, relation, _user, user_type, ulid, inserted_at)
+					VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+					ON CONFLICT (store, object_type, object_id, relation, _user) DO NOTHING`,
+					storeID, tuple.objectType, objectID, tuple.relation, user, "userset", tupleID, now,
+				)
+				if err != nil {
+					return err
+				}
+				rowsAffected, err := result.RowsAffected()
+				if err != nil {
+					return err
+				}
+				if rowsAffected == 0 {
+					continue
+				}
+				_, err = tx.ExecContext(ctx, `
+					INSERT INTO changelog (store, object_type, object_id, relation, _user, operation, ulid, inserted_at)
+					VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+					ON CONFLICT (store, ulid, object_type) DO NOTHING`,
+					storeID, tuple.objectType, objectID, tuple.relation, user, "TUPLE_OPERATION_WRITE", tupleID, now,
+				)
+				if err != nil {
+					return err
+				}
+			} else {
+				result, err := tx.ExecContext(ctx, `
+					INSERT INTO tuple (store, object_type, object_id, relation, user_object_type, user_object_id, user_relation, user_type, ulid, inserted_at)
+					VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+					ON CONFLICT (store, object_type, object_id, relation, user_object_type, user_object_id, user_relation) DO NOTHING`,
+					storeID, tuple.objectType, objectID, tuple.relation, "role", roleSubject, "assignee", "userset", tupleID, now,
+				)
+				if err != nil {
+					return err
+				}
+				rowsAffected, err := result.RowsAffected()
+				if err != nil {
+					return err
+				}
+				if rowsAffected == 0 {
+					continue
+				}
+				_, err = tx.ExecContext(ctx, `
+					INSERT INTO changelog (store, object_type, object_id, relation, user_object_type, user_object_id, user_relation, operation, ulid, inserted_at)
+					VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+					ON CONFLICT (store, ulid, object_type) DO NOTHING`,
+					storeID, tuple.objectType, objectID, tuple.relation, "role", roleSubject, "assignee", 0, tupleID, now,
+				)
+				if err != nil {
+					return err
+				}
+			}
+		}
+	}
+
+	return tx.Commit()
+}
+
+func (migration *migrateMetaresourcesTuples) Down(context.Context, *bun.DB) error {
+	return nil
+}
--- a/pkg/sqlschema/index.go
+++ b/pkg/sqlschema/index.go
@@ -1,8 +1,6 @@
 package sqlschema

 import (
-	"fmt"
-	"hash/fnv"
 	"slices"
 	"strings"

@@ -51,23 +49,9 @@ type Index interface {
 	ToDropSQL(fmter SQLFormatter) []byte
 }

-// UniqueIndex models a unique index on a table.
-//
-// In the common case the index keys on plain columns: set only ColumnNames and
-// the SQL is emitted with each column identifier-quoted by the formatter
-// (`CREATE UNIQUE INDEX uq_t_a_b ON t (a, b)`).
-//
-// For functional indexes (e.g. case-insensitive uniqueness on `LOWER(col)`),
-// set Expressions to the raw SQL parts and use ColumnNames as metadata for
-// "which columns does this index touch". When Expressions is non-empty, it
-// overrides ColumnNames for SQL emission — each entry is written verbatim, so
-// the caller owns well-formedness — and the auto-generated name uses a hash
-// suffix instead of a readable column join because expressions aren't valid
-// identifier fragments.
 type UniqueIndex struct {
 	TableName   TableName
 	ColumnNames []ColumnName
-	Expressions []string
 	name        string
 }

@@ -87,28 +71,16 @@ func (index *UniqueIndex) Name() string {
 		}
 		b.WriteString(string(column))
 	}
-
-	if len(index.Expressions) > 0 {
-		if len(index.ColumnNames) > 0 {
-			b.WriteString("_")
-		}
-		hasher := fnv.New32a()
-		_, _ = hasher.Write([]byte(strings.Join(index.Expressions, "\x00")))
-		fmt.Fprintf(&b, "%08x", hasher.Sum32())
-	}
 	return b.String()
 }

 func (index *UniqueIndex) Named(name string) Index {
 	copyOfColumnNames := make([]ColumnName, len(index.ColumnNames))
 	copy(copyOfColumnNames, index.ColumnNames)
-	copyOfExpressions := make([]string, len(index.Expressions))
-	copy(copyOfExpressions, index.Expressions)

 	return &UniqueIndex{
 		TableName:   index.TableName,
 		ColumnNames: copyOfColumnNames,
-		Expressions: copyOfExpressions,
 		name:        name,
 	}
 }
@@ -129,18 +101,7 @@ func (index *UniqueIndex) Equals(other Index) bool {
 	if other.Type() != IndexTypeUnique {
 		return false
 	}
-	otherUnique, ok := other.(*UniqueIndex)
-	if !ok {
-		return false
-	}
-	// Plain and functional indexes produce different SQL even if their column
-	// sets overlap; require both shapes to match.
-	if (len(index.Expressions) == 0) != (len(otherUnique.Expressions) == 0) {
-		return false
-	}
-	if len(index.Expressions) > 0 && !slices.Equal(index.Expressions, otherUnique.Expressions) {
-		return false
-	}
+
 	return index.Name() == other.Name() && slices.Equal(index.Columns(), other.Columns())
 }

@@ -153,20 +114,12 @@ func (index *UniqueIndex) ToCreateSQL(fmter SQLFormatter) []byte {
 	sql = fmter.AppendIdent(sql, string(index.TableName))
 	sql = append(sql, " ("...)

-	if len(index.Expressions) > 0 {
-		for i, expr := range index.Expressions {
-			if i > 0 {
-				sql = append(sql, ", "...)
-			}
-			sql = append(sql, expr...)
-		}
-	} else {
-		for i, column := range index.ColumnNames {
-			if i > 0 {
-				sql = append(sql, ", "...)
-			}
-			sql = fmter.AppendIdent(sql, string(column))
+	for i, column := range index.ColumnNames {
+		if i > 0 {
+			sql = append(sql, ", "...)
 		}
+
+		sql = fmter.AppendIdent(sql, string(column))
 	}

 	sql = append(sql, ")"...)
--- a/pkg/sqlschema/index_test.go
+++ b/pkg/sqlschema/index_test.go
@@ -38,43 +38,6 @@ func TestIndexToCreateSQL(t *testing.T) {
 			},
 			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "my_index" ON "users" ("id", "name", "email")`,
 		},
-		{
-			name: "Unique_Functional_SingleExpression",
-			index: &UniqueIndex{
-				TableName:   "users",
-				ColumnNames: []ColumnName{"email"},
-				Expressions: []string{"LOWER(email)"},
-			},
-			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "uq_users_email_1e5a87f1" ON "users" (LOWER(email))`,
-		},
-		{
-			name: "Unique_Functional_MixedColumnsAndExpressions",
-			index: &UniqueIndex{
-				TableName:   "tag",
-				ColumnNames: []ColumnName{"org_id", "kind", "key", "value"},
-				Expressions: []string{"org_id", "kind", "LOWER(key)", "LOWER(value)"},
-			},
-			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "uq_tag_org_id_kind_key_value_57e8f81f" ON "tag" (org_id, kind, LOWER(key), LOWER(value))`,
-		},
-		{
-			name: "Unique_Functional_ComplexExpression",
-			index: &UniqueIndex{
-				TableName:   "users",
-				ColumnNames: []ColumnName{"first_name", "last_name"},
-				Expressions: []string{"LOWER(TRIM(first_name) || ' ' || TRIM(last_name))"},
-			},
-			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "uq_users_first_name_last_name_adb1ff53" ON "users" (LOWER(TRIM(first_name) || ' ' || TRIM(last_name)))`,
-		},
-		{
-			name: "Unique_Functional_Named",
-			index: &UniqueIndex{
-				TableName:   "tag",
-				ColumnNames: []ColumnName{"org_id", "kind", "key", "value"},
-				Expressions: []string{"org_id", "kind", "LOWER(key)", "LOWER(value)"},
-				name:        "uq_tag_org_kind_lower_key_lower_value",
-			},
-			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "uq_tag_org_kind_lower_key_lower_value" ON "tag" (org_id, kind, LOWER(key), LOWER(value))`,
-		},
 		{
 			name: "PartialUnique_1Column",
 			index: &PartialUniqueIndex{
@@ -266,47 +229,6 @@ func TestIndexEquals(t *testing.T) {
 			},
 			equals: false,
 		},
-		{
-			name: "Unique_Functional_Same",
-			a: &UniqueIndex{
-				TableName:   "users",
-				ColumnNames: []ColumnName{"email"},
-				Expressions: []string{"LOWER(email)"},
-			},
-			b: &UniqueIndex{
-				TableName:   "users",
-				ColumnNames: []ColumnName{"email"},
-				Expressions: []string{"LOWER(email)"},
-			},
-			equals: true,
-		},
-		{
-			name: "Unique_Functional_DifferentExpressions",
-			a: &UniqueIndex{
-				TableName:   "users",
-				ColumnNames: []ColumnName{"email"},
-				Expressions: []string{"LOWER(email)"},
-			},
-			b: &UniqueIndex{
-				TableName:   "users",
-				ColumnNames: []ColumnName{"email"},
-				Expressions: []string{"UPPER(email)"},
-			},
-			equals: false,
-		},
-		{
-			name: "Unique_Functional_NotEqualToPlainSameColumns",
-			a: &UniqueIndex{
-				TableName:   "users",
-				ColumnNames: []ColumnName{"email"},
-				Expressions: []string{"LOWER(email)"},
-			},
-			b: &UniqueIndex{
-				TableName:   "users",
-				ColumnNames: []ColumnName{"email"},
-			},
-			equals: false,
-		},
 	}

 	for _, testCase := range testCases {
@@ -316,75 +238,6 @@ func TestIndexEquals(t *testing.T) {
 	}
 }

-func TestUniqueIndexFunctionalName(t *testing.T) {
-	t.Run("autogen uses uq_<table>_<hash>", func(t *testing.T) {
-		idx := &UniqueIndex{
-			TableName:   "tag",
-			ColumnNames: []ColumnName{"org_id", "kind", "key", "value"},
-			Expressions: []string{"org_id", "kind", "LOWER(key)", "LOWER(value)"},
-		}
-		assert.Equal(t, "uq_tag_org_id_kind_key_value_57e8f81f", idx.Name())
-	})
-
-	t.Run("same expressions produce the same name", func(t *testing.T) {
-		a := &UniqueIndex{
-			TableName:   "users",
-			Expressions: []string{"LOWER(email)"},
-		}
-		b := &UniqueIndex{
-			TableName:   "users",
-			Expressions: []string{"LOWER(email)"},
-		}
-		assert.Equal(t, a.Name(), b.Name())
-	})
-
-	t.Run("different expressions produce different names", func(t *testing.T) {
-		a := &UniqueIndex{
-			TableName:   "users",
-			Expressions: []string{"LOWER(email)"},
-		}
-		b := &UniqueIndex{
-			TableName:   "users",
-			Expressions: []string{"UPPER(email)"},
-		}
-		assert.NotEqual(t, a.Name(), b.Name())
-	})
-
-	t.Run("expressions in different order produce different names", func(t *testing.T) {
-		a := &UniqueIndex{
-			TableName:   "tag",
-			Expressions: []string{"org_id", "LOWER(key)"},
-		}
-		b := &UniqueIndex{
-			TableName:   "tag",
-			Expressions: []string{"LOWER(key)", "org_id"},
-		}
-		assert.NotEqual(t, a.Name(), b.Name())
-	})
-
-	t.Run("functional autogen differs from plain autogen for same columns", func(t *testing.T) {
-		plain := &UniqueIndex{
-			TableName:   "users",
-			ColumnNames: []ColumnName{"email"},
-		}
-		functional := &UniqueIndex{
-			TableName:   "users",
-			ColumnNames: []ColumnName{"email"},
-			Expressions: []string{"LOWER(email)"},
-		}
-		assert.Equal(t, "uq_users_email", plain.Name())
-		assert.NotEqual(t, plain.Name(), functional.Name())
-	})
-
-	t.Run("Named() override wins over hash", func(t *testing.T) {
-		idx := (&UniqueIndex{
-			TableName:   "tag",
-			Expressions: []string{"org_id", "LOWER(key)"},
-		}).Named("my_functional_index")
-		assert.Equal(t, "my_functional_index", idx.Name())
-	})
-}
-
 func TestPartialUniqueIndexName(t *testing.T) {
 	a := &PartialUniqueIndex{
 		TableName:   "users",
--- a/pkg/telemetrylogs/condition_builder.go
+++ b/pkg/telemetrylogs/condition_builder.go
@@ -41,7 +41,7 @@ func (c *conditionBuilder) conditionFor(
 	// TODO(Piyush): Update this to support multiple JSON columns based on evolutions
 	for _, column := range columns {
 		// TODO(Tushar): thread orgID here to evaluate correctly
-		if column.Type.GetType() == schema.ColumnTypeEnumJSON && c.fl.BooleanOrEmpty(ctx, flagger.FeatureUseJSONBody, featuretypes.NewFlaggerEvaluationContext(valuer.UUID{})) && key.Name != messageSubField {
+		if column.Type.GetType() == schema.ColumnTypeEnumJSON && key.FieldContext == telemetrytypes.FieldContextBody && c.fl.BooleanOrEmpty(ctx, flagger.FeatureUseJSONBody, featuretypes.NewFlaggerEvaluationContext(valuer.UUID{})) && key.Name != messageSubField {
 			valueType, value := InferDataType(value, operator, key)
 			cond, err := NewJSONConditionBuilder(key, valueType).buildJSONCondition(operator, value, sb)
 			if err != nil {
--- a/pkg/telemetrylogs/json_stmt_builder_test.go
+++ b/pkg/telemetrylogs/json_stmt_builder_test.go
@@ -33,7 +33,7 @@ func (t TestExpected) GetQuery() string {
 }

 func TestJSONStmtBuilder_TimeSeries(t *testing.T) {
-	statementBuilder := buildJSONTestStatementBuilder(t, false)
+	statementBuilder, _ := buildJSONTestStatementBuilder(t, false)

 	cases := []struct {
 		name                string
@@ -171,7 +171,7 @@ func TestStmtBuilderTimeSeriesBodyGroupByPromoted(t *testing.T) {
 */

 func TestJSONStmtBuilder_PrimitivePaths(t *testing.T) {
-	statementBuilder := buildJSONTestStatementBuilder(t, false)
+	statementBuilder, _ := buildJSONTestStatementBuilder(t, false)
 	cases := []struct {
 		name        string
 		filter      string
@@ -494,7 +494,7 @@ func TestStatementBuilderListQueryBodyPromoted(t *testing.T) {
 */

 func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
-	statementBuilder := buildJSONTestStatementBuilder(t, false)
+	statementBuilder, _ := buildJSONTestStatementBuilder(t, false)
 	cases := []struct {
 		name        string
 		filter      string
@@ -799,7 +799,7 @@ func TestJSONStmtBuilder_ArrayPaths(t *testing.T) {
 }

 func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
-	statementBuilder := buildJSONTestStatementBuilder(t, true)
+	statementBuilder, _ := buildJSONTestStatementBuilder(t, true)
 	cases := []struct {
 		name        string
 		query       qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]
@@ -918,7 +918,7 @@ func TestJSONStmtBuilder_IndexedPaths(t *testing.T) {
 }

 func TestJSONStmtBuilder_SelectField(t *testing.T) {
-	statementBuilder := buildJSONTestStatementBuilder(t, false)
+	statementBuilder, _ := buildJSONTestStatementBuilder(t, false)

 	cases := []struct {
 		name                string
@@ -1006,7 +1006,7 @@ func TestJSONStmtBuilder_SelectField(t *testing.T) {
 }

 func TestJSONStmtBuilder_OrderBy(t *testing.T) {
-	statementBuilder := buildJSONTestStatementBuilder(t, false)
+	statementBuilder, _ := buildJSONTestStatementBuilder(t, false)

 	cases := []struct {
 		name                string
@@ -1082,6 +1082,69 @@ func TestJSONStmtBuilder_OrderBy(t *testing.T) {
 	}
 }

+func TestResourceAggrAndGroupBy_WithJSONEnabled(t *testing.T) {
+	statementBuilder, metadataStore := buildJSONTestStatementBuilder(t, false)
+	releaseTime := time.Date(2024, 1, 15, 10, 0, 0, 0, time.UTC)
+	keysMap := buildCompleteFieldKeyMap(releaseTime)
+	for _, keys := range keysMap {
+		for _, key := range keys {
+			metadataStore.SetKey(key)
+		}
+	}
+
+	cases := []struct {
+		name                string
+		requestType         qbtypes.RequestType
+		query               qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]
+		expected            qbtypes.Statement
+		expectedErrContains string
+	}{
+		{
+			name:        "resource_aggregation_and_group_by_with_json_enabled",
+			requestType: qbtypes.RequestTypeTimeSeries,
+			query: qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]{
+				Signal:       telemetrytypes.SignalLogs,
+				StepInterval: qbtypes.Step{Duration: 30 * time.Second},
+				GroupBy: []qbtypes.GroupByKey{
+					{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: "region",
+						},
+					},
+				},
+				Filter: &qbtypes.Filter{
+					Expression: "user.name exists",
+				},
+				Aggregations: []qbtypes.LogAggregation{
+					{
+						Expression: "count_distinct(service.name)",
+					},
+				},
+			},
+			expected: qbtypes.Statement{
+				Query:    "SELECT toStartOfInterval(fromUnixTimestamp64Nano(timestamp), INTERVAL 30 SECOND) AS ts, toString(multiIf(resource.`region`::String IS NOT NULL, resource.`region`::String, NULL)) AS `region`, countDistinct(multiIf(resource.`service.name`::String IS NOT NULL, resource.`service.name`::String, NULL)) AS __result_0 FROM signoz_logs.distributed_logs_v2 WHERE ((dynamicElement(body_v2.`user.name`, 'String') IS NOT NULL) OR mapContains(attributes_string, 'user.name') = ?) AND timestamp >= ? AND ts_bucket_start >= ? AND timestamp < ? AND ts_bucket_start <= ? GROUP BY ts, `region`",
+				Args:     []any{true, "1747947419000000000", uint64(1747945619), "1747983448000000000", uint64(1747983448)},
+				Warnings: []string{"Key `user.name` is ambiguous, found 2 different combinations of field context / data type: [name=user.name,context=body,datatype=string name=user.name,context=attribute,datatype=string]."},
+			},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			q, err := statementBuilder.Build(context.Background(), 1747947419000, 1747983448000, c.requestType, c.query, nil)
+			if c.expectedErrContains != "" {
+				require.Error(t, err)
+				require.Contains(t, err.Error(), c.expectedErrContains)
+			} else {
+				require.NoError(t, err)
+				require.Equal(t, c.expected.Query, q.Query)
+				require.Equal(t, c.expected.Args, q.Args)
+				require.Equal(t, c.expected.Warnings, q.Warnings)
+			}
+		})
+	}
+}
+
 func buildTestTelemetryMetadataStore(t *testing.T, addIndexes bool) *telemetrytypestest.MockMetadataStore {
 	mockMetadataStore := telemetrytypestest.NewMockMetadataStore()
 	mockMetadataStore.SetStaticFields(IntrinsicFields)
@@ -1123,7 +1186,7 @@ func buildTestTelemetryMetadataStore(t *testing.T, addIndexes bool) *telemetryty
 	return mockMetadataStore
 }

-func buildJSONTestStatementBuilder(t *testing.T, addIndexes bool) *logQueryStatementBuilder {
+func buildJSONTestStatementBuilder(t *testing.T, addIndexes bool) (*logQueryStatementBuilder, *telemetrytypestest.MockMetadataStore) {
 	t.Helper()

 	mockMetadataStore := buildTestTelemetryMetadataStore(t, addIndexes)
@@ -1144,5 +1207,5 @@ func buildJSONTestStatementBuilder(t *testing.T, addIndexes bool) *logQueryState
 		fl,
 	)

-	return statementBuilder
+	return statementBuilder, mockMetadataStore
 }
--- a/pkg/types/authtypes/tuple.go
+++ b/pkg/types/authtypes/tuple.go
@@ -47,6 +47,42 @@ func NewTuplesFromTransactions(transactions []*Transaction, subject string, orgI
 	return tuples, nil
 }

+// NewTuplesFromTransactionsWithCorrelations converts transactions to tuples for BatchCheck,
+// and for each transaction whose selector is not already a wildcard, generates an additional
+// tuple with the wildcard selector. This ensures that permissions granted via wildcard
+// selectors (e.g., dashboard:*) are checked alongside exact selectors (e.g., dashboard:abc-123).
+//
+// Returns:
+//   - tuples: all tuples to check (exact + correlated), keyed by transaction ID or generated correlation ID
+//   - correlations: maps transaction ID to a slice of correlation IDs for the additional tuples
+func NewTuplesFromTransactionsWithCorrelations(transactions []*Transaction, subject string, orgID valuer.UUID) (tuples map[string]*openfgav1.TupleKey, correlations map[string][]string, err error) {
+	tuples = make(map[string]*openfgav1.TupleKey)
+	correlations = make(map[string][]string)
+
+	for _, txn := range transactions {
+		resource, err := coretypes.NewResourceFromTypeAndKind(txn.Object.Resource.Type, txn.Object.Resource.Kind)
+		if err != nil {
+			return nil, nil, err
+		}
+
+		txnID := txn.ID.StringValue()
+
+		txnTuples := NewTuples(resource, subject, txn.Relation, []coretypes.Selector{txn.Object.Selector}, orgID)
+		tuples[txnID] = txnTuples[0]
+
+		if txn.Object.Selector.String() != coretypes.WildCardSelectorString {
+			wildcardSelector := txn.Object.Resource.Type.MustSelector(coretypes.WildCardSelectorString)
+			wildcardTuples := NewTuples(resource, subject, txn.Relation, []coretypes.Selector{wildcardSelector}, orgID)
+
+			correlationID := valuer.GenerateUUID().StringValue()
+			tuples[correlationID] = wildcardTuples[0]
+			correlations[txnID] = append(correlations[txnID], correlationID)
+		}
+	}
+
+	return tuples, correlations, nil
+}
+
 // NewTuplesFromTransactionsWithManagedRoles converts transactions to tuples for BatchCheck.
 // Direct role-assignment transactions (TypeRole + VerbAssignee) produce one tuple keyed by txn ID.
 // Other transactions are expanded via managedRolesByTransaction into role-assignee checks, keyed by "txnID:roleName".
--- a/pkg/types/coretypes/registry_managed_role.go
+++ b/pkg/types/coretypes/registry_managed_role.go
@@ -18,46 +18,49 @@ const (

 var ManagedRoleToTransactions = map[string][]Transaction{
 	SigNozAdminRoleName: {
-		// role attach — admin can attach/detach role assignments
+		// role attach/detach — admin can attach/detach role assignments
 		{Verb: VerbAttach, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
-		// user attach — admin can attach roles to any user
+		{Verb: VerbDetach, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
+		// user attach/detach — admin can attach/detach roles to any user
 		{Verb: VerbAttach, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
-		// serviceaccount attach — admin can attach roles to any SA
+		{Verb: VerbDetach, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
+		// serviceaccount attach/detach — admin can attach/detach roles to any SA
 		{Verb: VerbAttach, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
+		{Verb: VerbDetach, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
 		// auth-domain — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindAuthDomain}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindAuthDomain}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
 		// cloud-integration — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindCloudIntegration}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindCloudIntegration}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
 		// cloud-integration-service — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
 		// integration — viewer/editor/admin (install/uninstall via ViewAccess)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		// factor-api-key — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindFactorAPIKey}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindFactorAPIKey}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
 		// factor-password — admin can issue and inspect reset tokens; users change their own password via OpenAccess
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorPassword}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindFactorPassword}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindFactorPassword}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorPassword}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorPassword}, WildCardSelectorString)},
 		// license — admin only.
 		// Uniform LCRUD shape; actual ee routes are POST /api/v3/licenses (create
 		// = Activate), PUT /api/v3/licenses (update = Refresh), GET
@@ -67,8 +70,8 @@ var ManagedRoleToTransactions = map[string][]Transaction{
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLicense}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLicense}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
 		// subscription — admin only.
 		// Uniform LCRUD shape; actual ee routes are POST /api/v1/checkout
 		// (create), POST /api/v1/portal (update — opens Stripe portal), GET
@@ -78,123 +81,121 @@ var ManagedRoleToTransactions = map[string][]Transaction{
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSubscription}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSubscription}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
 		// organization — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeOrganization, Kind: KindOrganization}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeOrganization, Kind: KindOrganization}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindOrganization}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindOrganization}, WildCardSelectorString)},
 		// org-preference — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindOrgPreference}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindOrgPreference}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
 		// public-dashboard — admin manages, anonymous reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPublicDashboard}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPublicDashboard}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
 		// role — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRole}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRole}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
 		// serviceaccount — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindServiceAccount}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindServiceAccount}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
 		// session — admin can revoke and list
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSession}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSession}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSession}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSession}, WildCardSelectorString)},
 		// user — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUser}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUser}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
 		// dashboard — full CRUD (also held by editor)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		// pipeline — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		// planned-maintenance — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		// rule — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		// saved-view — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		// trace-funnel — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		// ingestion-key — editor+admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionKey}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionKey}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		// ingestion-limit — editor+admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionLimit}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionLimit}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		// notification-channel — admin writes, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindNotificationChannel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindNotificationChannel}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		// route-policy — admin writes, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRoutePolicy}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRoutePolicy}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		// apdex-setting — admin updates, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindApdexSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
 		// quick-filter — admin updates, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindQuickFilter}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
 		// ttl-setting — admin updates, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTTLSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
 		// user-preference — every authenticated user can read+update their own
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUserPreference}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
 		// telemetry — read on each signal (logs/traces/metrics); schema permits read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindLogs}, WildCardSelectorString)},
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindTraces}, WildCardSelectorString)},
@@ -207,86 +208,86 @@ var ManagedRoleToTransactions = map[string][]Transaction{
 		// logs-field — editor+admin update (POST overwrites field config), viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLogsField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
 		// traces-field — editor+admin update, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTracesField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
 	},
 	SigNozEditorRoleName: {
 		// dashboard — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		// pipeline — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		// planned-maintenance — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		// rule — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		// saved-view — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		// trace-funnel — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		// integration — viewer/editor/admin
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		// ingestion-key — editor+admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionKey}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionKey}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		// ingestion-limit — editor+admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionLimit}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionLimit}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		// notification-channel — read only (admin writes)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindNotificationChannel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		// route-policy — read only (admin writes)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRoutePolicy}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		// apdex-setting — read only (admin updates)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindApdexSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
 		// quick-filter — read only (admin updates)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindQuickFilter}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
 		// ttl-setting — read only (admin updates)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTTLSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
 		// user-preference — every authenticated user can read+update their own
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUserPreference}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
 		// telemetry — read on each signal
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindLogs}, WildCardSelectorString)},
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindTraces}, WildCardSelectorString)},
@@ -294,66 +295,66 @@ var ManagedRoleToTransactions = map[string][]Transaction{
 		// logs-field — editor reads+updates
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLogsField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
 		// traces-field — editor reads+updates
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTracesField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
 	},
 	SigNozViewerRoleName: {
 		// dashboard — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		// pipeline — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		// planned-maintenance — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		// rule — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		// saved-view — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		// trace-funnel — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		// integration — viewer/editor/admin (install/uninstall via ViewAccess)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		// notification-channel — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindNotificationChannel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		// route-policy — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRoutePolicy}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		// apdex-setting — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindApdexSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
 		// quick-filter — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindQuickFilter}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
 		// ttl-setting — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTTLSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
 		// user-preference — every authenticated user can read+update their own
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUserPreference}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
 		// telemetry — read on each signal
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindLogs}, WildCardSelectorString)},
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindTraces}, WildCardSelectorString)},
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindMetrics}, WildCardSelectorString)},
 		// logs-field — viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLogsField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
 		// traces-field — viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTracesField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
 	},
 	SigNozAnonymousRoleName: {
 		// public-dashboard — anonymous read
--- a/pkg/types/coretypes/registry_resource.go
+++ b/pkg/types/coretypes/registry_resource.go
@@ -6,138 +6,76 @@ var Resources = []Resource{
 	ResourceRole,
 	ResourceServiceAccount,
 	ResourceUser,
-	ResourceMetaResourcesRole,
-	ResourceMetaResourcesOrganization,
-	ResourceMetaResourcesServiceAccount,
-	ResourceMetaResourcesUser,
 	ResourceMetaResourceNotificationChannel,
-	ResourceMetaResourcesNotificationChannel,
 	ResourceMetaResourceRoutePolicy,
-	ResourceMetaResourcesRoutePolicy,
 	ResourceMetaResourceApdexSetting,
-	ResourceMetaResourcesApdexSetting,
 	ResourceMetaResourceAuthDomain,
-	ResourceMetaResourcesAuthDomain,
 	ResourceMetaResourceSession,
-	ResourceMetaResourcesSession,
 	ResourceMetaResourceCloudIntegration,
-	ResourceMetaResourcesCloudIntegration,
 	ResourceMetaResourceCloudIntegrationService,
-	ResourceMetaResourcesCloudIntegrationService,
 	ResourceMetaResourceIntegration,
-	ResourceMetaResourcesIntegration,
 	ResourceMetaResourceDashboard,
-	ResourceMetaResourcesDashboard,
 	ResourceMetaResourcePublicDashboard,
-	ResourceMetaResourcesPublicDashboard,
 	ResourceMetaResourceIngestionKey,
-	ResourceMetaResourcesIngestionKey,
 	ResourceMetaResourceIngestionLimit,
-	ResourceMetaResourcesIngestionLimit,
 	ResourceMetaResourcePipeline,
-	ResourceMetaResourcesPipeline,
 	ResourceMetaResourceUserPreference,
-	ResourceMetaResourcesUserPreference,
 	ResourceMetaResourceOrgPreference,
-	ResourceMetaResourcesOrgPreference,
 	ResourceMetaResourceQuickFilter,
-	ResourceMetaResourcesQuickFilter,
 	ResourceMetaResourceTTLSetting,
-	ResourceMetaResourcesTTLSetting,
 	ResourceMetaResourceRule,
-	ResourceMetaResourcesRule,
 	ResourceMetaResourcePlannedMaintenance,
-	ResourceMetaResourcesPlannedMaintenance,
 	ResourceMetaResourceSavedView,
-	ResourceMetaResourcesSavedView,
 	ResourceMetaResourceTraceFunnel,
-	ResourceMetaResourcesTraceFunnel,
 	ResourceMetaResourceFactorPassword,
-	ResourceMetaResourcesFactorPassword,
 	ResourceMetaResourceFactorAPIKey,
-	ResourceMetaResourcesFactorAPIKey,
 	ResourceMetaResourceLicense,
-	ResourceMetaResourcesLicense,
 	ResourceMetaResourceSubscription,
-	ResourceMetaResourcesSubscription,
 	ResourceTelemetryResourceLogs,
 	ResourceTelemetryResourceTraces,
 	ResourceTelemetryResourceMetrics,
 	ResourceTelemetryResourceAuditLogs,
 	ResourceTelemetryResourceMeterMetrics,
 	ResourceMetaResourceLogsField,
-	ResourceMetaResourcesLogsField,
 	ResourceMetaResourceTracesField,
-	ResourceMetaResourcesTracesField,
 }

 var (
-	ResourceAnonymous                            Resource = NewResourceAnonymous()
-	ResourceOrganization                                  = NewResourceOrganization()
-	ResourceRole                                          = NewResourceRole()
-	ResourceServiceAccount                                = NewResourceServiceAccount()
-	ResourceUser                                          = NewResourceUser()
-	ResourceMetaResourcesRole                             = NewResourceMetaResources(KindRole)
-	ResourceMetaResourcesOrganization                     = NewResourceMetaResources(KindOrganization)
-	ResourceMetaResourcesServiceAccount                   = NewResourceMetaResources(KindServiceAccount)
-	ResourceMetaResourcesUser                             = NewResourceMetaResources(KindUser)
-	ResourceMetaResourceNotificationChannel               = NewResourceMetaResource(KindNotificationChannel)
-	ResourceMetaResourcesNotificationChannel              = NewResourceMetaResources(KindNotificationChannel)
-	ResourceMetaResourceRoutePolicy                       = NewResourceMetaResource(KindRoutePolicy)
-	ResourceMetaResourcesRoutePolicy                      = NewResourceMetaResources(KindRoutePolicy)
-	ResourceMetaResourceApdexSetting                      = NewResourceMetaResource(KindApdexSetting)
-	ResourceMetaResourcesApdexSetting                     = NewResourceMetaResources(KindApdexSetting)
-	ResourceMetaResourceAuthDomain                        = NewResourceMetaResource(KindAuthDomain)
-	ResourceMetaResourcesAuthDomain                       = NewResourceMetaResources(KindAuthDomain)
-	ResourceMetaResourceSession                           = NewResourceMetaResource(KindSession)
-	ResourceMetaResourcesSession                          = NewResourceMetaResources(KindSession)
-	ResourceMetaResourceCloudIntegration                  = NewResourceMetaResource(KindCloudIntegration)
-	ResourceMetaResourcesCloudIntegration                 = NewResourceMetaResources(KindCloudIntegration)
-	ResourceMetaResourceCloudIntegrationService           = NewResourceMetaResource(KindCloudIntegrationService)
-	ResourceMetaResourcesCloudIntegrationService          = NewResourceMetaResources(KindCloudIntegrationService)
-	ResourceMetaResourceIntegration                       = NewResourceMetaResource(KindIntegration)
-	ResourceMetaResourcesIntegration                      = NewResourceMetaResources(KindIntegration)
-	ResourceMetaResourceDashboard                         = NewResourceMetaResource(KindDashboard)
-	ResourceMetaResourcesDashboard                        = NewResourceMetaResources(KindDashboard)
-	ResourceMetaResourcePublicDashboard                   = NewResourceMetaResource(KindPublicDashboard)
-	ResourceMetaResourcesPublicDashboard                  = NewResourceMetaResources(KindPublicDashboard)
-	ResourceMetaResourceIngestionKey                      = NewResourceMetaResource(KindIngestionKey)
-	ResourceMetaResourcesIngestionKey                     = NewResourceMetaResources(KindIngestionKey)
-	ResourceMetaResourceIngestionLimit                    = NewResourceMetaResource(KindIngestionLimit)
-	ResourceMetaResourcesIngestionLimit                   = NewResourceMetaResources(KindIngestionLimit)
-	ResourceMetaResourcePipeline                          = NewResourceMetaResource(KindPipeline)
-	ResourceMetaResourcesPipeline                         = NewResourceMetaResources(KindPipeline)
-	ResourceMetaResourceUserPreference                    = NewResourceMetaResource(KindUserPreference)
-	ResourceMetaResourcesUserPreference                   = NewResourceMetaResources(KindUserPreference)
-	ResourceMetaResourceOrgPreference                     = NewResourceMetaResource(KindOrgPreference)
-	ResourceMetaResourcesOrgPreference                    = NewResourceMetaResources(KindOrgPreference)
-	ResourceMetaResourceQuickFilter                       = NewResourceMetaResource(KindQuickFilter)
-	ResourceMetaResourcesQuickFilter                      = NewResourceMetaResources(KindQuickFilter)
-	ResourceMetaResourceTTLSetting                        = NewResourceMetaResource(KindTTLSetting)
-	ResourceMetaResourcesTTLSetting                       = NewResourceMetaResources(KindTTLSetting)
-	ResourceMetaResourceRule                              = NewResourceMetaResource(KindRule)
-	ResourceMetaResourcesRule                             = NewResourceMetaResources(KindRule)
-	ResourceMetaResourcePlannedMaintenance                = NewResourceMetaResource(KindPlannedMaintenance)
-	ResourceMetaResourcesPlannedMaintenance               = NewResourceMetaResources(KindPlannedMaintenance)
-	ResourceMetaResourceSavedView                         = NewResourceMetaResource(KindSavedView)
-	ResourceMetaResourcesSavedView                        = NewResourceMetaResources(KindSavedView)
-	ResourceMetaResourceTraceFunnel                       = NewResourceMetaResource(KindTraceFunnel)
-	ResourceMetaResourcesTraceFunnel                      = NewResourceMetaResources(KindTraceFunnel)
-	ResourceMetaResourceFactorPassword                    = NewResourceMetaResource(KindFactorPassword)
-	ResourceMetaResourcesFactorPassword                   = NewResourceMetaResources(KindFactorPassword)
-	ResourceMetaResourceFactorAPIKey                      = NewResourceMetaResource(KindFactorAPIKey)
-	ResourceMetaResourcesFactorAPIKey                     = NewResourceMetaResources(KindFactorAPIKey)
-	ResourceMetaResourceLicense                           = NewResourceMetaResource(KindLicense)
-	ResourceMetaResourcesLicense                          = NewResourceMetaResources(KindLicense)
-	ResourceMetaResourceSubscription                      = NewResourceMetaResource(KindSubscription)
-	ResourceMetaResourcesSubscription                     = NewResourceMetaResources(KindSubscription)
-	ResourceTelemetryResourceLogs                         = NewResourceTelemetryResource(KindLogs)
-	ResourceTelemetryResourceTraces                       = NewResourceTelemetryResource(KindTraces)
-	ResourceTelemetryResourceMetrics                      = NewResourceTelemetryResource(KindMetrics)
-	ResourceTelemetryResourceAuditLogs                    = NewResourceTelemetryResource(KindAuditLogs)
-	ResourceTelemetryResourceMeterMetrics                 = NewResourceTelemetryResource(KindMeterMetrics)
-	ResourceMetaResourceLogsField                         = NewResourceMetaResource(KindLogsField)
-	ResourceMetaResourcesLogsField                        = NewResourceMetaResources(KindLogsField)
-	ResourceMetaResourceTracesField                       = NewResourceMetaResource(KindTracesField)
-	ResourceMetaResourcesTracesField                      = NewResourceMetaResources(KindTracesField)
+	ResourceAnonymous                           Resource = NewResourceAnonymous()
+	ResourceOrganization                                 = NewResourceOrganization()
+	ResourceRole                                         = NewResourceRole()
+	ResourceServiceAccount                               = NewResourceServiceAccount()
+	ResourceUser                                         = NewResourceUser()
+	ResourceMetaResourceNotificationChannel              = NewResourceMetaResource(KindNotificationChannel)
+	ResourceMetaResourceRoutePolicy                      = NewResourceMetaResource(KindRoutePolicy)
+	ResourceMetaResourceApdexSetting                     = NewResourceMetaResource(KindApdexSetting)
+	ResourceMetaResourceAuthDomain                       = NewResourceMetaResource(KindAuthDomain)
+	ResourceMetaResourceSession                          = NewResourceMetaResource(KindSession)
+	ResourceMetaResourceCloudIntegration                 = NewResourceMetaResource(KindCloudIntegration)
+	ResourceMetaResourceCloudIntegrationService          = NewResourceMetaResource(KindCloudIntegrationService)
+	ResourceMetaResourceIntegration                      = NewResourceMetaResource(KindIntegration)
+	ResourceMetaResourceDashboard                        = NewResourceMetaResource(KindDashboard)
+	ResourceMetaResourcePublicDashboard                  = NewResourceMetaResource(KindPublicDashboard)
+	ResourceMetaResourceIngestionKey                     = NewResourceMetaResource(KindIngestionKey)
+	ResourceMetaResourceIngestionLimit                   = NewResourceMetaResource(KindIngestionLimit)
+	ResourceMetaResourcePipeline                         = NewResourceMetaResource(KindPipeline)
+	ResourceMetaResourceUserPreference                   = NewResourceMetaResource(KindUserPreference)
+	ResourceMetaResourceOrgPreference                    = NewResourceMetaResource(KindOrgPreference)
+	ResourceMetaResourceQuickFilter                      = NewResourceMetaResource(KindQuickFilter)
+	ResourceMetaResourceTTLSetting                       = NewResourceMetaResource(KindTTLSetting)
+	ResourceMetaResourceRule                             = NewResourceMetaResource(KindRule)
+	ResourceMetaResourcePlannedMaintenance               = NewResourceMetaResource(KindPlannedMaintenance)
+	ResourceMetaResourceSavedView                        = NewResourceMetaResource(KindSavedView)
+	ResourceMetaResourceTraceFunnel                      = NewResourceMetaResource(KindTraceFunnel)
+	ResourceMetaResourceFactorPassword                   = NewResourceMetaResource(KindFactorPassword)
+	ResourceMetaResourceFactorAPIKey                     = NewResourceMetaResource(KindFactorAPIKey)
+	ResourceMetaResourceLicense                          = NewResourceMetaResource(KindLicense)
+	ResourceMetaResourceSubscription                     = NewResourceMetaResource(KindSubscription)
+	ResourceTelemetryResourceLogs                        = NewResourceTelemetryResource(KindLogs)
+	ResourceTelemetryResourceTraces                      = NewResourceTelemetryResource(KindTraces)
+	ResourceTelemetryResourceMetrics                     = NewResourceTelemetryResource(KindMetrics)
+	ResourceTelemetryResourceAuditLogs                   = NewResourceTelemetryResource(KindAuditLogs)
+	ResourceTelemetryResourceMeterMetrics                = NewResourceTelemetryResource(KindMeterMetrics)
+	ResourceMetaResourceLogsField                        = NewResourceMetaResource(KindLogsField)
+	ResourceMetaResourceTracesField                      = NewResourceMetaResource(KindTracesField)
 )
--- a/pkg/types/coretypes/registry_type.go
+++ b/pkg/types/coretypes/registry_type.go
@@ -13,17 +13,15 @@ var Types = []Type{
 	TypeRole,
 	TypeOrganization,
 	TypeMetaResource,
-	TypeMetaResources,
 	TypeTelemetryResource,
 }

 var (
-	TypeUser              = Type{valuer.NewString("user"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbAttach, VerbRead, VerbUpdate, VerbDelete}}
-	TypeServiceAccount    = Type{valuer.NewString("serviceaccount"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbAttach, VerbRead, VerbUpdate, VerbDelete}}
+	TypeUser              = Type{valuer.NewString("user"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbCreate, VerbList, VerbRead, VerbUpdate, VerbDelete, VerbAttach, VerbDetach}}
+	TypeServiceAccount    = Type{valuer.NewString("serviceaccount"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbCreate, VerbList, VerbRead, VerbUpdate, VerbDelete, VerbAttach, VerbDetach}}
 	TypeAnonymous         = Type{valuer.NewString("anonymous"), regexp.MustCompile(`^\*$`), []Verb{}}
-	TypeRole              = Type{valuer.NewString("role"), regexp.MustCompile(`^([a-z-]{1,50}|\*)$`), []Verb{VerbAssignee, VerbAttach, VerbRead, VerbUpdate, VerbDelete}}
+	TypeRole              = Type{valuer.NewString("role"), regexp.MustCompile(`^([a-z-]{1,50}|\*)$`), []Verb{VerbAssignee, VerbCreate, VerbList, VerbRead, VerbUpdate, VerbDelete, VerbAttach, VerbDetach}}
 	TypeOrganization      = Type{valuer.NewString("organization"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbRead, VerbUpdate, VerbDelete}}
-	TypeMetaResource      = Type{valuer.NewString("metaresource"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbRead, VerbUpdate, VerbDelete}}
-	TypeMetaResources     = Type{valuer.NewString("metaresources"), regexp.MustCompile(`^\*$`), []Verb{VerbCreate, VerbList}}
+	TypeMetaResource      = Type{valuer.NewString("metaresource"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbCreate, VerbList, VerbRead, VerbUpdate, VerbDelete, VerbAttach, VerbDetach}}
 	TypeTelemetryResource = Type{valuer.NewString("telemetryresource"), regexp.MustCompile(`^\*$`), []Verb{VerbRead}}
 )
--- a/pkg/types/coretypes/registry_verb.go
+++ b/pkg/types/coretypes/registry_verb.go
@@ -10,6 +10,7 @@ var Verbs = []Verb{
 	VerbList,
 	VerbAssignee,
 	VerbAttach,
+	VerbDetach,
 }

 var (
@@ -20,4 +21,5 @@ var (
 	VerbList     = Verb{valuer.NewString("list"), "listed"}
 	VerbAssignee = Verb{valuer.NewString("assignee"), "assigned"}
 	VerbAttach   = Verb{valuer.NewString("attach"), "attached"}
+	VerbDetach   = Verb{valuer.NewString("detach"), "detached"}
 )
--- a/pkg/types/coretypes/resource_metaresources.go
+++ b/pkg/types/coretypes/resource_metaresources.go
@@ -1,34 +0,0 @@
-package coretypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type resourceMetaResources struct {
-	kind Kind
-}
-
-func NewResourceMetaResources(kind Kind) Resource {
-	return &resourceMetaResources{kind: kind}
-}
-
-func (*resourceMetaResources) Type() Type {
-	return TypeMetaResources
-}
-
-func (resourceMetaResources *resourceMetaResources) Kind() Kind {
-	return resourceMetaResources.kind
-}
-
-// example: metaresources:organization/0199c47d-f61b-7833-bc5f-c0730f12f046/dashboards
-func (resourceMetaResources *resourceMetaResources) Prefix(orgID valuer.UUID) string {
-	return resourceMetaResources.Type().StringValue() + ":" + "organization" + "/" + orgID.StringValue() + "/" + resourceMetaResources.Kind().String()
-}
-
-func (resourceMetaResources *resourceMetaResources) Object(orgID valuer.UUID, selector string) string {
-	return resourceMetaResources.Prefix(orgID) + "/" + selector
-}
-
-func (resourceMetaResources *resourceMetaResources) Scope(verb Verb) string {
-	return resourceMetaResources.Kind().String() + ":" + verb.StringValue()
-}
--- a/pkg/types/coretypes/type.go
+++ b/pkg/types/coretypes/type.go
@@ -33,8 +33,8 @@ func NewType(input string) (Type, error) {
 		return TypeOrganization, nil
 	case "metaresource":
 		return TypeMetaResource, nil
-	case "metaresources":
-		return TypeMetaResources, nil
+	case "telemetryresource":
+		return TypeTelemetryResource, nil
 	default:
 		return Type{}, errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidType, "invalid type: %s", input)
 	}
@@ -80,7 +80,7 @@ func (typed Type) Enum() []any {
 		TypeRole,
 		TypeOrganization,
 		TypeMetaResource,
-		TypeMetaResources,
+		TypeTelemetryResource,
 	}
 }

--- a/pkg/types/coretypes/verb.go
+++ b/pkg/types/coretypes/verb.go
@@ -30,6 +30,8 @@ func NewVerb(verb string) (Verb, error) {
 		return VerbAssignee, nil
 	case "attach":
 		return VerbAttach, nil
+	case "detach":
+		return VerbDetach, nil
 	default:
 		return Verb{}, errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidVerb, "verb %s is invalid, valid verbs are: %s", verb, Verb{}.Enum())
 	}
@@ -44,6 +46,7 @@ func (Verb) Enum() []any {
 		VerbList,
 		VerbAssignee,
 		VerbAttach,
+		VerbDetach,
 	}
 }

--- a/pkg/types/dashboardtypes/perses_dashboard.go
+++ b/pkg/types/dashboardtypes/perses_dashboard.go
@@ -1,253 +0,0 @@
-package dashboardtypes
-
-import (
-	"bytes"
-	"encoding/json"
-	"strings"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/tagtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-const (
-	SchemaVersion       = "v6"
-	MaxTagsPerDashboard = 5
-)
-
-type DSLKey string
-
-const (
-	DSLKeyName        DSLKey = "name"
-	DSLKeyDescription DSLKey = "description"
-	DSLKeyCreatedAt   DSLKey = "created_at"
-	DSLKeyUpdatedAt   DSLKey = "updated_at"
-	DSLKeyCreatedBy   DSLKey = "created_by"
-	DSLKeyLocked      DSLKey = "locked"
-	DSLKeyPublic      DSLKey = "public"
-)
-
-// reservedDSLKeys are dashboard column-level filter names in the list-query DSL.
-// A tag whose key collides with one of these would make the DSL ambiguous, so
-// they're rejected (case-insensitively) at write time.
-var reservedDSLKeys = map[DSLKey]struct{}{
-	DSLKeyName:        {},
-	DSLKeyDescription: {},
-	DSLKeyCreatedAt:   {},
-	DSLKeyUpdatedAt:   {},
-	DSLKeyCreatedBy:   {},
-	DSLKeyLocked:      {},
-	DSLKeyPublic:      {},
-}
-
-type DashboardV2 struct {
-	types.Identifiable
-	types.TimeAuditable
-	types.UserAuditable
-
-	OrgID        valuer.UUID      `json:"orgId"`
-	Locked       bool             `json:"locked"`
-	Info         DashboardInfo    `json:"info"`
-	PublicConfig *PublicDashboard `json:"publicConfig,omitempty"`
-}
-
-// DashboardInfo is the serializable view of a dashboard's contents — what the UI renders as "the dashboard JSON".
-type DashboardInfo struct {
-	StoredDashboardInfo
-	Tags []*tagtypes.Tag `json:"tags,omitempty"`
-}
-
-// StoredDashboardInfo is exactly what serializes into the dashboard.data column.
-type StoredDashboardInfo struct {
-	Metadata DashboardMetadata `json:"metadata"`
-	Data     DashboardData     `json:"data"`
-}
-
-type DashboardMetadata struct {
-	SchemaVersion   string `json:"schemaVersion"`
-	Image           string `json:"image,omitempty"`
-	UploadedGrafana bool   `json:"uploadedGrafana"`
-}
-
-type PostableDashboardV2 struct {
-	StoredDashboardInfo
-	Tags []tagtypes.PostableTag `json:"tags,omitempty"`
-}
-
-type UpdateableDashboardV2 = PostableDashboardV2
-
-func (p *PostableDashboardV2) UnmarshalJSON(data []byte) error {
-	dec := json.NewDecoder(bytes.NewReader(data))
-	dec.DisallowUnknownFields()
-	type alias PostableDashboardV2
-	var tmp alias
-	if err := dec.Decode(&tmp); err != nil {
-		return errors.WrapInvalidInputf(err, ErrCodeDashboardInvalidInput, "%s", err.Error())
-	}
-	*p = PostableDashboardV2(tmp)
-	return p.Validate()
-}
-
-func (p *PostableDashboardV2) Validate() error {
-	if p.Metadata.SchemaVersion != SchemaVersion {
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "metadata.schemaVersion must be %q, got %q", SchemaVersion, p.Metadata.SchemaVersion)
-	}
-	if p.Data.Display == nil || p.Data.Display.Name == "" {
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "data.display.name is required")
-	}
-	if err := p.validateTags(); err != nil {
-		return err
-	}
-	return p.Data.Validate()
-}
-
-func (p *PostableDashboardV2) validateTags() error {
-	if len(p.Tags) > MaxTagsPerDashboard {
-		return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "a dashboard can have at most %d tags", MaxTagsPerDashboard)
-	}
-	for _, tag := range p.Tags {
-		if _, reserved := reservedDSLKeys[DSLKey(strings.ToLower(strings.TrimSpace(tag.Key)))]; reserved {
-			return errors.NewInvalidInputf(ErrCodeDashboardInvalidInput, "tag key %q is reserved", tag.Key)
-		}
-	}
-	return nil
-}
-
-type GettableDashboardV2 struct {
-	types.Identifiable
-	types.TimeAuditable
-	types.UserAuditable
-
-	OrgID        valuer.UUID               `json:"orgId"`
-	Locked       bool                      `json:"locked"`
-	Info         GettableDashboardInfo     `json:"info"`
-	PublicConfig *GettablePublicDasbhboard `json:"publicConfig,omitempty"`
-}
-
-type GettableDashboardInfo struct {
-	StoredDashboardInfo
-	Tags []*tagtypes.GettableTag `json:"tags,omitempty"`
-}
-
-func NewGettableDashboardV2FromDashboardV2(dashboard *DashboardV2) *GettableDashboardV2 {
-	gettable := &GettableDashboardV2{
-		Identifiable:  dashboard.Identifiable,
-		TimeAuditable: dashboard.TimeAuditable,
-		UserAuditable: dashboard.UserAuditable,
-		OrgID:         dashboard.OrgID,
-		Locked:        dashboard.Locked,
-		Info: GettableDashboardInfo{
-			StoredDashboardInfo: dashboard.Info.StoredDashboardInfo,
-			Tags:                tagtypes.NewGettableTagsFromTags(dashboard.Info.Tags),
-		},
-	}
-	if dashboard.PublicConfig != nil {
-		gettable.PublicConfig = NewGettablePublicDashboard(dashboard.PublicConfig)
-	}
-	return gettable
-}
-
-func NewDashboardV2(orgID valuer.UUID, createdBy string, postable PostableDashboardV2, resolvedTags []*tagtypes.Tag) *DashboardV2 {
-	now := time.Now()
-
-	return &DashboardV2{
-		Identifiable:  types.Identifiable{ID: valuer.GenerateUUID()},
-		TimeAuditable: types.TimeAuditable{CreatedAt: now, UpdatedAt: now},
-		UserAuditable: types.UserAuditable{CreatedBy: createdBy, UpdatedBy: createdBy},
-		OrgID:         orgID,
-		Locked:        false,
-		Info: DashboardInfo{
-			StoredDashboardInfo: StoredDashboardInfo{
-				Metadata: postable.Metadata,
-				Data:     postable.Data,
-			},
-			Tags: resolvedTags,
-		},
-	}
-}
-
-// rejects rows that don't carry a v2-shape blob — those are pre-migration v1 dashboards that the v2 API can't render.
-func NewDashboardV2FromStorable(storable *StorableDashboard, public *StorablePublicDashboard, tags []*tagtypes.Tag) (*DashboardV2, error) {
-	metadata, _ := storable.Data["metadata"].(map[string]any)
-	if metadata == nil || metadata["schemaVersion"] != SchemaVersion {
-		return nil, errors.Newf(errors.TypeUnsupported, ErrCodeDashboardInvalidData, "dashboard %s is not in %s schema", storable.ID, SchemaVersion)
-	}
-
-	raw, err := json.Marshal(storable.Data)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "marshal stored v2 dashboard data")
-	}
-	var stored StoredDashboardInfo
-	if err := json.Unmarshal(raw, &stored); err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "unmarshal stored v2 dashboard data")
-	}
-
-	var publicConfig *PublicDashboard
-	if public != nil {
-		publicConfig = NewPublicDashboardFromStorablePublicDashboard(public)
-	}
-
-	return &DashboardV2{
-		Identifiable:  storable.Identifiable,
-		TimeAuditable: storable.TimeAuditable,
-		UserAuditable: storable.UserAuditable,
-		OrgID:         storable.OrgID,
-		Locked:        storable.Locked,
-		Info: DashboardInfo{
-			StoredDashboardInfo: stored,
-			Tags:                tags,
-		},
-		PublicConfig: publicConfig,
-	}, nil
-}
-
-func (d *DashboardV2) CanUpdate() error {
-	if d.Locked {
-		return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "cannot update a locked dashboard, please unlock the dashboard to update")
-	}
-	return nil
-}
-
-func (d *DashboardV2) Update(updateable UpdateableDashboardV2, updatedBy string, resolvedTags []*tagtypes.Tag) error {
-	if err := d.CanUpdate(); err != nil {
-		return err
-	}
-	d.Info.Metadata = updateable.Metadata
-	d.Info.Data = updateable.Data
-	d.Info.Tags = resolvedTags
-	d.UpdatedBy = updatedBy
-	d.UpdatedAt = time.Now()
-	return nil
-}
-
-// ToStorableDashboard packages a Dashboard into the bun row that goes into
-// the dashboard table. Tags are intentionally omitted — they live in
-// tag_relations and are inserted separately by the caller.
-func (d *DashboardV2) ToStorableDashboard() (*StorableDashboard, error) {
-	data, err := d.Info.toStorableDashboardData()
-	if err != nil {
-		return nil, err
-	}
-	return &StorableDashboard{
-		Identifiable:  types.Identifiable{ID: d.ID},
-		TimeAuditable: d.TimeAuditable,
-		UserAuditable: d.UserAuditable,
-		OrgID:         d.OrgID,
-		Locked:        d.Locked,
-		Data:          data,
-	}, nil
-}
-
-func (s StoredDashboardInfo) toStorableDashboardData() (StorableDashboardData, error) {
-	raw, err := json.Marshal(s)
-	if err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "marshal v2 dashboard data")
-	}
-	out := StorableDashboardData{}
-	if err := json.Unmarshal(raw, &out); err != nil {
-		return nil, errors.WrapInternalf(err, errors.CodeInternal, "unmarshal v2 dashboard data")
-	}
-	return out, nil
-}
--- a/pkg/types/dashboardtypes/store.go
+++ b/pkg/types/dashboardtypes/store.go
@@ -32,11 +32,4 @@ type Store interface {
 	DeletePublic(context.Context, string) error

 	RunInTx(context.Context, func(context.Context) error) error
-
-	// ════════════════════════════════════════════════════════════════════════
-	// v2 dashboard methods
-	// ════════════════════════════════════════════════════════════════════════
-	GetV2(context.Context, valuer.UUID, valuer.UUID) (*StorableDashboard, *StorablePublicDashboard, error)
-
-	UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, data StorableDashboardData) error
 }
--- a/pkg/types/inframonitoringtypes/jobs.go
+++ b/pkg/types/inframonitoringtypes/jobs.go
@@ -0,0 +1,107 @@
+package inframonitoringtypes
+
+import (
+	"encoding/json"
+	"slices"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+)
+
+type Jobs struct {
+	Type                   ResponseType           `json:"type" required:"true"`
+	Records                []JobRecord            `json:"records" required:"true"`
+	Total                  int                    `json:"total" required:"true"`
+	RequiredMetricsCheck   RequiredMetricsCheck   `json:"requiredMetricsCheck" required:"true"`
+	EndTimeBeforeRetention bool                   `json:"endTimeBeforeRetention" required:"true"`
+	Warning                *qbtypes.QueryWarnData `json:"warning,omitempty"`
+}
+
+type JobRecord struct {
+	JobName               string            `json:"jobName" required:"true"`
+	JobCPU                float64           `json:"jobCPU" required:"true"`
+	JobCPURequest         float64           `json:"jobCPURequest" required:"true"`
+	JobCPULimit           float64           `json:"jobCPULimit" required:"true"`
+	JobMemory             float64           `json:"jobMemory" required:"true"`
+	JobMemoryRequest      float64           `json:"jobMemoryRequest" required:"true"`
+	JobMemoryLimit        float64           `json:"jobMemoryLimit" required:"true"`
+	DesiredSuccessfulPods int               `json:"desiredSuccessfulPods" required:"true"`
+	ActivePods            int               `json:"activePods" required:"true"`
+	FailedPods            int               `json:"failedPods" required:"true"`
+	SuccessfulPods        int               `json:"successfulPods" required:"true"`
+	PodCountsByPhase      PodCountsByPhase  `json:"podCountsByPhase" required:"true"`
+	Meta                  map[string]string `json:"meta" required:"true"`
+}
+
+// PostableJobs is the request body for the v2 jobs list API.
+type PostableJobs struct {
+	Start   int64                `json:"start" required:"true"`
+	End     int64                `json:"end" required:"true"`
+	Filter  *qbtypes.Filter      `json:"filter"`
+	GroupBy []qbtypes.GroupByKey `json:"groupBy"`
+	OrderBy *qbtypes.OrderBy     `json:"orderBy"`
+	Offset  int                  `json:"offset"`
+	Limit   int                  `json:"limit" required:"true"`
+}
+
+// Validate ensures PostableJobs contains acceptable values.
+func (req *PostableJobs) Validate() error {
+	if req == nil {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "request is nil")
+	}
+
+	if req.Start <= 0 {
+		return errors.NewInvalidInputf(
+			errors.CodeInvalidInput,
+			"invalid start time %d: start must be greater than 0",
+			req.Start,
+		)
+	}
+
+	if req.End <= 0 {
+		return errors.NewInvalidInputf(
+			errors.CodeInvalidInput,
+			"invalid end time %d: end must be greater than 0",
+			req.End,
+		)
+	}
+
+	if req.Start >= req.End {
+		return errors.NewInvalidInputf(
+			errors.CodeInvalidInput,
+			"invalid time range: start (%d) must be less than end (%d)",
+			req.Start,
+			req.End,
+		)
+	}
+
+	if req.Limit < 1 || req.Limit > 5000 {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "limit must be between 1 and 5000")
+	}
+
+	if req.Offset < 0 {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "offset cannot be negative")
+	}
+
+	if req.OrderBy != nil {
+		if !slices.Contains(JobsValidOrderByKeys, req.OrderBy.Key.Name) {
+			return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid order by key: %s", req.OrderBy.Key.Name)
+		}
+		if req.OrderBy.Direction != qbtypes.OrderDirectionAsc && req.OrderBy.Direction != qbtypes.OrderDirectionDesc {
+			return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid order by direction: %s", req.OrderBy.Direction)
+		}
+	}
+
+	return nil
+}
+
+// UnmarshalJSON validates input immediately after decoding.
+func (req *PostableJobs) UnmarshalJSON(data []byte) error {
+	type raw PostableJobs
+	var decoded raw
+	if err := json.Unmarshal(data, &decoded); err != nil {
+		return err
+	}
+	*req = PostableJobs(decoded)
+	return req.Validate()
+}
--- a/pkg/types/inframonitoringtypes/jobs_constants.go
+++ b/pkg/types/inframonitoringtypes/jobs_constants.go
@@ -0,0 +1,27 @@
+package inframonitoringtypes
+
+const (
+	JobsOrderByCPU                   = "cpu"
+	JobsOrderByCPURequest            = "cpu_request"
+	JobsOrderByCPULimit              = "cpu_limit"
+	JobsOrderByMemory                = "memory"
+	JobsOrderByMemoryRequest         = "memory_request"
+	JobsOrderByMemoryLimit           = "memory_limit"
+	JobsOrderByDesiredSuccessfulPods = "desired_successful_pods"
+	JobsOrderByActivePods            = "active_pods"
+	JobsOrderByFailedPods            = "failed_pods"
+	JobsOrderBySuccessfulPods        = "successful_pods"
+)
+
+var JobsValidOrderByKeys = []string{
+	JobsOrderByCPU,
+	JobsOrderByCPURequest,
+	JobsOrderByCPULimit,
+	JobsOrderByMemory,
+	JobsOrderByMemoryRequest,
+	JobsOrderByMemoryLimit,
+	JobsOrderByDesiredSuccessfulPods,
+	JobsOrderByActivePods,
+	JobsOrderByFailedPods,
+	JobsOrderBySuccessfulPods,
+}
--- a/pkg/types/inframonitoringtypes/jobs_test.go
+++ b/pkg/types/inframonitoringtypes/jobs_test.go
@@ -0,0 +1,309 @@
+package inframonitoringtypes
+
+import (
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPostableJobs_Validate(t *testing.T) {
+	tests := []struct {
+		name    string
+		req     *PostableJobs
+		wantErr bool
+	}{
+		{
+			name: "valid request",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: false,
+		},
+		{
+			name:    "nil request",
+			req:     nil,
+			wantErr: true,
+		},
+		{
+			name: "start time zero",
+			req: &PostableJobs{
+				Start:  0,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "start time negative",
+			req: &PostableJobs{
+				Start:  -1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "end time zero",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    0,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "start time greater than end time",
+			req: &PostableJobs{
+				Start:  2000,
+				End:    1000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "start time equal to end time",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    1000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "limit zero",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  0,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "limit negative",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  -10,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "limit exceeds max",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  5001,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "offset negative",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: -5,
+			},
+			wantErr: true,
+		},
+		{
+			name: "orderBy nil is valid",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key cpu and direction asc",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: JobsOrderByCPU,
+						},
+					},
+					Direction: qbtypes.OrderDirectionAsc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key memory_limit and direction desc",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: JobsOrderByMemoryLimit,
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key desired_successful_pods and direction desc",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: JobsOrderByDesiredSuccessfulPods,
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key active_pods and direction asc",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: JobsOrderByActivePods,
+						},
+					},
+					Direction: qbtypes.OrderDirectionAsc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key failed_pods",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: JobsOrderByFailedPods,
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key successful_pods",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: JobsOrderBySuccessfulPods,
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with restarts key is rejected",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: "restarts",
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "orderBy with invalid key",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: "unknown",
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "orderBy with valid key but invalid direction",
+			req: &PostableJobs{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: JobsOrderByCPU,
+						},
+					},
+					Direction: qbtypes.OrderDirection{String: valuer.NewString("invalid")},
+				},
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := tt.req.Validate()
+			if tt.wantErr {
+				require.Error(t, err)
+				require.True(t, errors.Ast(err, errors.TypeInvalidInput), "expected error to be of type InvalidInput")
+			} else {
+				require.NoError(t, err)
+			}
+		})
+	}
+}
--- a/pkg/types/inframonitoringtypes/statefulsets.go
+++ b/pkg/types/inframonitoringtypes/statefulsets.go
@@ -0,0 +1,105 @@
+package inframonitoringtypes
+
+import (
+	"encoding/json"
+	"slices"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+)
+
+type StatefulSets struct {
+	Type                   ResponseType           `json:"type" required:"true"`
+	Records                []StatefulSetRecord    `json:"records" required:"true"`
+	Total                  int                    `json:"total" required:"true"`
+	RequiredMetricsCheck   RequiredMetricsCheck   `json:"requiredMetricsCheck" required:"true"`
+	EndTimeBeforeRetention bool                   `json:"endTimeBeforeRetention" required:"true"`
+	Warning                *qbtypes.QueryWarnData `json:"warning,omitempty"`
+}
+
+type StatefulSetRecord struct {
+	StatefulSetName          string            `json:"statefulSetName" required:"true"`
+	StatefulSetCPU           float64           `json:"statefulSetCPU" required:"true"`
+	StatefulSetCPURequest    float64           `json:"statefulSetCPURequest" required:"true"`
+	StatefulSetCPULimit      float64           `json:"statefulSetCPULimit" required:"true"`
+	StatefulSetMemory        float64           `json:"statefulSetMemory" required:"true"`
+	StatefulSetMemoryRequest float64           `json:"statefulSetMemoryRequest" required:"true"`
+	StatefulSetMemoryLimit   float64           `json:"statefulSetMemoryLimit" required:"true"`
+	DesiredPods              int               `json:"desiredPods" required:"true"`
+	CurrentPods              int               `json:"currentPods" required:"true"`
+	PodCountsByPhase         PodCountsByPhase  `json:"podCountsByPhase" required:"true"`
+	Meta                     map[string]string `json:"meta" required:"true"`
+}
+
+// PostableStatefulSets is the request body for the v2 statefulsets list API.
+type PostableStatefulSets struct {
+	Start   int64                `json:"start" required:"true"`
+	End     int64                `json:"end" required:"true"`
+	Filter  *qbtypes.Filter      `json:"filter"`
+	GroupBy []qbtypes.GroupByKey `json:"groupBy"`
+	OrderBy *qbtypes.OrderBy     `json:"orderBy"`
+	Offset  int                  `json:"offset"`
+	Limit   int                  `json:"limit" required:"true"`
+}
+
+// Validate ensures PostableStatefulSets contains acceptable values.
+func (req *PostableStatefulSets) Validate() error {
+	if req == nil {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "request is nil")
+	}
+
+	if req.Start <= 0 {
+		return errors.NewInvalidInputf(
+			errors.CodeInvalidInput,
+			"invalid start time %d: start must be greater than 0",
+			req.Start,
+		)
+	}
+
+	if req.End <= 0 {
+		return errors.NewInvalidInputf(
+			errors.CodeInvalidInput,
+			"invalid end time %d: end must be greater than 0",
+			req.End,
+		)
+	}
+
+	if req.Start >= req.End {
+		return errors.NewInvalidInputf(
+			errors.CodeInvalidInput,
+			"invalid time range: start (%d) must be less than end (%d)",
+			req.Start,
+			req.End,
+		)
+	}
+
+	if req.Limit < 1 || req.Limit > 5000 {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "limit must be between 1 and 5000")
+	}
+
+	if req.Offset < 0 {
+		return errors.NewInvalidInputf(errors.CodeInvalidInput, "offset cannot be negative")
+	}
+
+	if req.OrderBy != nil {
+		if !slices.Contains(StatefulSetsValidOrderByKeys, req.OrderBy.Key.Name) {
+			return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid order by key: %s", req.OrderBy.Key.Name)
+		}
+		if req.OrderBy.Direction != qbtypes.OrderDirectionAsc && req.OrderBy.Direction != qbtypes.OrderDirectionDesc {
+			return errors.NewInvalidInputf(errors.CodeInvalidInput, "invalid order by direction: %s", req.OrderBy.Direction)
+		}
+	}
+
+	return nil
+}
+
+// UnmarshalJSON validates input immediately after decoding.
+func (req *PostableStatefulSets) UnmarshalJSON(data []byte) error {
+	type raw PostableStatefulSets
+	var decoded raw
+	if err := json.Unmarshal(data, &decoded); err != nil {
+		return err
+	}
+	*req = PostableStatefulSets(decoded)
+	return req.Validate()
+}
--- a/pkg/types/inframonitoringtypes/statefulsets_constants.go
+++ b/pkg/types/inframonitoringtypes/statefulsets_constants.go
@@ -0,0 +1,23 @@
+package inframonitoringtypes
+
+const (
+	StatefulSetsOrderByCPU           = "cpu"
+	StatefulSetsOrderByCPURequest    = "cpu_request"
+	StatefulSetsOrderByCPULimit      = "cpu_limit"
+	StatefulSetsOrderByMemory        = "memory"
+	StatefulSetsOrderByMemoryRequest = "memory_request"
+	StatefulSetsOrderByMemoryLimit   = "memory_limit"
+	StatefulSetsOrderByDesiredPods   = "desired_pods"
+	StatefulSetsOrderByCurrentPods   = "current_pods"
+)
+
+var StatefulSetsValidOrderByKeys = []string{
+	StatefulSetsOrderByCPU,
+	StatefulSetsOrderByCPURequest,
+	StatefulSetsOrderByCPULimit,
+	StatefulSetsOrderByMemory,
+	StatefulSetsOrderByMemoryRequest,
+	StatefulSetsOrderByMemoryLimit,
+	StatefulSetsOrderByDesiredPods,
+	StatefulSetsOrderByCurrentPods,
+}
--- a/pkg/types/inframonitoringtypes/statefulsets_test.go
+++ b/pkg/types/inframonitoringtypes/statefulsets_test.go
@@ -0,0 +1,273 @@
+package inframonitoringtypes
+
+import (
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPostableStatefulSets_Validate(t *testing.T) {
+	tests := []struct {
+		name    string
+		req     *PostableStatefulSets
+		wantErr bool
+	}{
+		{
+			name: "valid request",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: false,
+		},
+		{
+			name:    "nil request",
+			req:     nil,
+			wantErr: true,
+		},
+		{
+			name: "start time zero",
+			req: &PostableStatefulSets{
+				Start:  0,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "start time negative",
+			req: &PostableStatefulSets{
+				Start:  -1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "end time zero",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    0,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "start time greater than end time",
+			req: &PostableStatefulSets{
+				Start:  2000,
+				End:    1000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "start time equal to end time",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    1000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "limit zero",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  0,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "limit negative",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  -10,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "limit exceeds max",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  5001,
+				Offset: 0,
+			},
+			wantErr: true,
+		},
+		{
+			name: "offset negative",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: -5,
+			},
+			wantErr: true,
+		},
+		{
+			name: "orderBy nil is valid",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key cpu and direction asc",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: StatefulSetsOrderByCPU,
+						},
+					},
+					Direction: qbtypes.OrderDirectionAsc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key memory_limit and direction desc",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: StatefulSetsOrderByMemoryLimit,
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key desired_pods and direction desc",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: StatefulSetsOrderByDesiredPods,
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with valid key current_pods and direction asc",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: StatefulSetsOrderByCurrentPods,
+						},
+					},
+					Direction: qbtypes.OrderDirectionAsc,
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "orderBy with restarts key is rejected",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: "restarts",
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "orderBy with invalid key",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: "unknown",
+						},
+					},
+					Direction: qbtypes.OrderDirectionDesc,
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "orderBy with valid key but invalid direction",
+			req: &PostableStatefulSets{
+				Start:  1000,
+				End:    2000,
+				Limit:  100,
+				Offset: 0,
+				OrderBy: &qbtypes.OrderBy{
+					Key: qbtypes.OrderByKey{
+						TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
+							Name: StatefulSetsOrderByCPU,
+						},
+					},
+					Direction: qbtypes.OrderDirection{String: valuer.NewString("invalid")},
+				},
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := tt.req.Validate()
+			if tt.wantErr {
+				require.Error(t, err)
+				require.True(t, errors.Ast(err, errors.TypeInvalidInput), "expected error to be of type InvalidInput")
+			} else {
+				require.NoError(t, err)
+			}
+		})
+	}
+}
--- a/pkg/types/tagtypes/store.go
+++ b/pkg/types/tagtypes/store.go
@@ -1,30 +0,0 @@
-package tagtypes
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Store interface {
-	List(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind) ([]*Tag, error)
-
-	ListByResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID) ([]*Tag, error)
-
-	ListByResources(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceIDs []valuer.UUID) (map[valuer.UUID][]*Tag, error)
-
-	// CreateOrGet upserts the given tags and returns them with authoritative IDs.
-	// On conflict on (org_id, kind, LOWER(key), LOWER(value)) — which
-	// happens only when a concurrent insert raced ours, including casing-only
-	// collisions — the returned entry carries the existing row's ID rather
-	// than the pre-generated one in the input.
-	CreateOrGet(ctx context.Context, tags []*Tag) ([]*Tag, error)
-
-	// CreateRelations inserts tag-resource relations. Conflicts on the composite primary key are ignored.
-	CreateRelations(ctx context.Context, relations []*TagRelation) error
-
-	DeleteRelationsExcept(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, keepTagIDs []valuer.UUID) error
-
-	RunInTx(ctx context.Context, cb func(ctx context.Context) error) error
-}
--- a/pkg/types/tagtypes/tag.go
+++ b/pkg/types/tagtypes/tag.go
@@ -1,113 +0,0 @@
-package tagtypes
-
-import (
-	"regexp"
-	"strings"
-	"time"
-	"unicode/utf8"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/uptrace/bun"
-)
-
-const (
-	MAX_LEN_TAG_KEY   = 32
-	MAX_LEN_TAG_VALUE = 32
-)
-
-var (
-	tagKeyRegex   = regexp.MustCompile(`^[a-zA-Z$_@{#][a-zA-Z0-9$_@#{}:/-]*$`)
-	tagValueRegex = regexp.MustCompile(`^[a-zA-Z0-9$_@#{}:.+=/-]*$`)
-
-	ErrCodeTagInvalidKey   = errors.MustNewCode("tag_invalid_key")
-	ErrCodeTagInvalidValue = errors.MustNewCode("tag_invalid_value")
-	ErrCodeTagNotFound     = errors.MustNewCode("tag_not_found")
-)
-
-type Tag struct {
-	bun.BaseModel `bun:"table:tag,alias:tag"`
-
-	types.Identifiable
-	types.TimeAuditable
-	Key   string         `json:"key" required:"true" bun:"key,type:text,notnull"`
-	Value string         `json:"value" required:"true" bun:"value,type:text,notnull"`
-	OrgID valuer.UUID    `json:"orgId" required:"true" bun:"org_id,type:text,notnull"`
-	Kind  coretypes.Kind `json:"kind" required:"true" bun:"kind,type:text,notnull"`
-}
-
-type PostableTag struct {
-	Key   string `json:"key" required:"true"`
-	Value string `json:"value" required:"true"`
-}
-
-type GettableTag = PostableTag
-
-func NewGettableTagFromTag(tag *Tag) *GettableTag {
-	return &GettableTag{Key: tag.Key, Value: tag.Value}
-}
-
-func NewGettableTagsFromTags(tags []*Tag) []*GettableTag {
-	out := make([]*GettableTag, len(tags))
-	for i, t := range tags {
-		out[i] = NewGettableTagFromTag(t)
-	}
-	return out
-}
-
-func NewPostableTagFromTag(tag *Tag) PostableTag {
-	return PostableTag{Key: tag.Key, Value: tag.Value}
-}
-
-func NewPostableTagsFromTags(tags []*Tag) []PostableTag {
-	out := make([]PostableTag, len(tags))
-	for i, t := range tags {
-		out[i] = NewPostableTagFromTag(t)
-	}
-	return out
-}
-
-func NewTag(orgID valuer.UUID, kind coretypes.Kind, key, value string) *Tag {
-	now := time.Now()
-	return &Tag{
-		Identifiable: types.Identifiable{ID: valuer.GenerateUUID()},
-		TimeAuditable: types.TimeAuditable{
-			CreatedAt: now,
-			UpdatedAt: now,
-		},
-		Key:   key,
-		Value: value,
-		OrgID: orgID,
-		Kind:  kind,
-	}
-}
-
-// ValidatePostableTag trims and validates a user-supplied (key, value) pair.
-// Returns the cleaned values on success. Entity-specific reserved-key checks
-// (e.g. dashboard column names that would collide with the list-query DSL) are
-// the caller's responsibility — perform them before calling into the tag module.
-func ValidatePostableTag(p PostableTag) (string, string, error) {
-	key := strings.TrimSpace(p.Key)
-	value := strings.TrimSpace(p.Value)
-	if key == "" {
-		return "", "", errors.Newf(errors.TypeInvalidInput, ErrCodeTagInvalidKey, "tag key cannot be empty")
-	}
-	if value == "" {
-		return "", "", errors.Newf(errors.TypeInvalidInput, ErrCodeTagInvalidValue, "tag value cannot be empty")
-	}
-	if !tagKeyRegex.MatchString(key) {
-		return "", "", errors.Newf(errors.TypeInvalidInput, ErrCodeTagInvalidKey, "tag key %q contains disallowed characters", key)
-	}
-	if !tagValueRegex.MatchString(value) {
-		return "", "", errors.Newf(errors.TypeInvalidInput, ErrCodeTagInvalidValue, "tag value %q contains disallowed characters", value)
-	}
-	if utf8.RuneCountInString(key) > MAX_LEN_TAG_KEY {
-		return "", "", errors.Newf(errors.TypeInvalidInput, ErrCodeTagInvalidKey, "tag key %q exceeds the %d-character limit", key, MAX_LEN_TAG_KEY)
-	}
-	if utf8.RuneCountInString(value) > MAX_LEN_TAG_VALUE {
-		return "", "", errors.Newf(errors.TypeInvalidInput, ErrCodeTagInvalidValue, "tag value %q exceeds the %d-character limit", value, MAX_LEN_TAG_VALUE)
-	}
-	return key, value, nil
-}
--- a/pkg/types/tagtypes/tag_relation.go
+++ b/pkg/types/tagtypes/tag_relation.go
@@ -1,34 +0,0 @@
-package tagtypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/uptrace/bun"
-)
-
-type TagRelation struct {
-	bun.BaseModel `bun:"table:tag_relation,alias:tag_relation"`
-
-	types.Identifiable
-	Kind       coretypes.Kind `json:"kind" required:"true" bun:"kind,type:text,notnull"`
-	ResourceID valuer.UUID    `json:"resourceId" required:"true" bun:"resource_id,type:text,notnull"`
-	TagID      valuer.UUID    `json:"tagId" required:"true" bun:"tag_id,type:text,notnull"`
-}
-
-func NewTagRelation(kind coretypes.Kind, resourceID valuer.UUID, tagID valuer.UUID) *TagRelation {
-	return &TagRelation{
-		Identifiable: types.Identifiable{ID: valuer.GenerateUUID()},
-		Kind:         kind,
-		ResourceID:   resourceID,
-		TagID:        tagID,
-	}
-}
-
-func NewTagRelations(kind coretypes.Kind, resourceID valuer.UUID, tagIDs []valuer.UUID) []*TagRelation {
-	relations := make([]*TagRelation, 0, len(tagIDs))
-	for _, tagID := range tagIDs {
-		relations = append(relations, NewTagRelation(kind, resourceID, tagID))
-	}
-	return relations
-}
--- a/pkg/types/tagtypes/tag_test.go
+++ b/pkg/types/tagtypes/tag_test.go
@@ -1,69 +0,0 @@
-package tagtypes
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestValidatePostableTag(t *testing.T) {
-	tests := []struct {
-		name      string
-		input     PostableTag
-		wantKey   string
-		wantValue string
-		wantError bool
-	}{
-		{name: "simple pair", input: PostableTag{Key: "team", Value: "pulse"}, wantKey: "team", wantValue: "pulse"},
-		{name: "preserves casing", input: PostableTag{Key: "Team", Value: "Pulse"}, wantKey: "Team", wantValue: "Pulse"},
-		{name: "trims key", input: PostableTag{Key: "  team  ", Value: "pulse"}, wantKey: "team", wantValue: "pulse"},
-		{name: "trims value", input: PostableTag{Key: "team", Value: "  pulse  "}, wantKey: "team", wantValue: "pulse"},
-
-		{name: "empty key rejected", input: PostableTag{Key: "", Value: "pulse"}, wantError: true},
-		{name: "empty value rejected", input: PostableTag{Key: "team", Value: ""}, wantError: true},
-		{name: "whitespace-only key rejected", input: PostableTag{Key: "   ", Value: "pulse"}, wantError: true},
-		{name: "whitespace-only value rejected", input: PostableTag{Key: "team", Value: "   "}, wantError: true},
-
-		{name: "slash accepted", input: PostableTag{Key: "team/eng", Value: "pulse/events"}, wantKey: "team/eng", wantValue: "pulse/events"},
-		{name: "colon accepted", input: PostableTag{Key: "team:eng", Value: "env:prod"}, wantKey: "team:eng", wantValue: "env:prod"},
-		{name: "extra punctuation accepted in both", input: PostableTag{Key: "a_b-c@d#e$f{g}h", Value: "a_b-c@d#e$f{g}h"}, wantKey: "a_b-c@d#e$f{g}h", wantValue: "a_b-c@d#e$f{g}h"},
-
-		// Key is strict; value allows the extra `. + =` plus leading digits.
-		{name: "dot in key rejected", input: PostableTag{Key: "team.eng", Value: "pulse"}, wantError: true},
-		{name: "dot in value accepted", input: PostableTag{Key: "team", Value: "pulse.events"}, wantKey: "team", wantValue: "pulse.events"},
-		{name: "plus in key rejected", input: PostableTag{Key: "team+eng", Value: "pulse"}, wantError: true},
-		{name: "plus in value accepted", input: PostableTag{Key: "team", Value: "a+b"}, wantKey: "team", wantValue: "a+b"},
-		{name: "equals in key rejected", input: PostableTag{Key: "team=eng", Value: "pulse"}, wantError: true},
-		{name: "equals in value accepted", input: PostableTag{Key: "team", Value: "a=b"}, wantKey: "team", wantValue: "a=b"},
-		{name: "leading digit in key rejected", input: PostableTag{Key: "2024team", Value: "pulse"}, wantError: true},
-		{name: "leading digit in value accepted", input: PostableTag{Key: "team", Value: "2024_team"}, wantKey: "team", wantValue: "2024_team"},
-
-		{name: "unicode letter in key rejected", input: PostableTag{Key: "チーム", Value: "pulse"}, wantError: true},
-		{name: "unicode letter in value rejected", input: PostableTag{Key: "team", Value: "東京"}, wantError: true},
-
-		{name: "internal space in key rejected", input: PostableTag{Key: "team eng", Value: "pulse"}, wantError: true},
-		{name: "internal space in value rejected", input: PostableTag{Key: "team", Value: "pulse two"}, wantError: true},
-
-		{name: "disallowed char in key rejected", input: PostableTag{Key: "team!eng", Value: "pulse"}, wantError: true},
-		{name: "disallowed char in value rejected", input: PostableTag{Key: "team", Value: "pulse!one"}, wantError: true},
-		{name: "control char rejected", input: PostableTag{Key: "team\tone", Value: "pulse"}, wantError: true},
-
-		{name: "key at the 32-char limit accepted", input: PostableTag{Key: "abcdefghijklmnopabcdefghijklmnop", Value: "pulse"}, wantKey: "abcdefghijklmnopabcdefghijklmnop", wantValue: "pulse"},
-		{name: "value at the 32-char limit accepted", input: PostableTag{Key: "team", Value: "abcdefghijklmnopabcdefghijklmnop"}, wantKey: "team", wantValue: "abcdefghijklmnopabcdefghijklmnop"},
-		{name: "key over the 32-char limit rejected", input: PostableTag{Key: "abcdefghijklmnopabcdefghijklmnopq", Value: "pulse"}, wantError: true},
-		{name: "value over the 32-char limit rejected", input: PostableTag{Key: "team", Value: "abcdefghijklmnopabcdefghijklmnopq"}, wantError: true},
-	}
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			gotKey, gotValue, err := ValidatePostableTag(tc.input)
-			if tc.wantError {
-				require.Error(t, err)
-				return
-			}
-			require.NoError(t, err)
-			assert.Equal(t, tc.wantKey, gotKey)
-			assert.Equal(t, tc.wantValue, gotValue)
-		})
-	}
-}
--- a/pkg/types/tagtypes/tagtypestest/store.go
+++ b/pkg/types/tagtypes/tagtypestest/store.go
@@ -1,53 +0,0 @@
-package tagtypestest
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/types/tagtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-// MockStore is an in-memory tagtypes.MockStore implementation for tests. Most methods
-// are inert no-ops; List returns the contents of Tags and increments
-// ListCallCount so tests can assert on lookup behavior. Set Tags directly to
-// preload fixtures.
-type MockStore struct {
-	Tags          []*tagtypes.Tag
-	ListCallCount int
-}
-
-func NewStore() *MockStore {
-	return &MockStore{}
-}
-
-func (s *MockStore) List(_ context.Context, _ valuer.UUID, _ coretypes.Kind) ([]*tagtypes.Tag, error) {
-	s.ListCallCount++
-	out := make([]*tagtypes.Tag, len(s.Tags))
-	copy(out, s.Tags)
-	return out, nil
-}
-
-func (s *MockStore) CreateOrGet(_ context.Context, tags []*tagtypes.Tag) ([]*tagtypes.Tag, error) {
-	return tags, nil
-}
-
-func (s *MockStore) CreateRelations(_ context.Context, _ []*tagtypes.TagRelation) error {
-	return nil
-}
-
-func (s *MockStore) ListByResource(_ context.Context, _ valuer.UUID, _ coretypes.Kind, _ valuer.UUID) ([]*tagtypes.Tag, error) {
-	return []*tagtypes.Tag{}, nil
-}
-
-func (s *MockStore) ListByResources(_ context.Context, _ valuer.UUID, _ coretypes.Kind, _ []valuer.UUID) (map[valuer.UUID][]*tagtypes.Tag, error) {
-	return map[valuer.UUID][]*tagtypes.Tag{}, nil
-}
-
-func (s *MockStore) DeleteRelationsExcept(_ context.Context, _ valuer.UUID, _ coretypes.Kind, _ valuer.UUID, _ []valuer.UUID) error {
-	return nil
-}
-
-func (s *MockStore) RunInTx(ctx context.Context, cb func(ctx context.Context) error) error {
-	return cb(ctx)
-}
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -27,6 +27,7 @@ pytest_plugins = [
    "fixtures.seeder",
    "fixtures.serviceaccount",
    "fixtures.role",
+    "fixtures.seed_golden_dataset",
 ]


--- a/tests/e2e/.npmrc
+++ b/tests/e2e/.npmrc
@@ -0,0 +1 @@
+engine-strict=true
--- a/tests/e2e/bootstrap/global.setup.ts
+++ b/tests/e2e/bootstrap/global.setup.ts
@@ -0,0 +1,13 @@
+import { expect, test as setup } from '@playwright/test';
+
+const seederUrl = process.env.SIGNOZ_E2E_SEEDER_URL ?? '';
+
+setup('refresh golden dataset', async ({ request }) => {
+	expect(seederUrl, 'SIGNOZ_E2E_SEEDER_URL not set').not.toBe('');
+	const response = await request.post(`${seederUrl}/seed/golden`, {
+		timeout: 120_000,
+	});
+	expect(response.ok()).toBeTruthy();
+	// eslint-disable-next-line no-console
+	console.log(`[setup] refreshed golden dataset: ${await response.text()}`);
+});
--- a/tests/e2e/bootstrap/global.teardown.ts
+++ b/tests/e2e/bootstrap/global.teardown.ts
@@ -0,0 +1,13 @@
+import { expect, test as teardown } from '@playwright/test';
+
+const seederUrl = process.env.SIGNOZ_E2E_SEEDER_URL ?? '';
+
+teardown('clear seeded telemetry', async ({ request }) => {
+	expect(seederUrl, 'SIGNOZ_E2E_SEEDER_URL not set').not.toBe('');
+	for (const signal of ['metrics', 'traces', 'logs'] as const) {
+		const response = await request.delete(`${seederUrl}/telemetry/${signal}`, {
+			timeout: 60_000,
+		});
+		expect(response.ok()).toBeTruthy();
+	}
+});
--- a/tests/e2e/bootstrap/setup.py
+++ b/tests/e2e/bootstrap/setup.py
@@ -2,6 +2,7 @@ import os
 from pathlib import Path

 import pytest
+import requests

 from fixtures import types
 from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
@@ -39,5 +40,17 @@ def test_teardown(
    create_user_admin: types.Operation,  # pylint: disable=unused-argument
    apply_license: types.Operation,  # pylint: disable=unused-argument
    seeder: types.TestContainerDocker,  # pylint: disable=unused-argument
+    pytestconfig: pytest.Config,
 ) -> None:
-    """Fixture dependencies trigger container teardown via --teardown."""
+    """Truncate seeded telemetry; containers come down via fixture
+    dependency under `--teardown`."""
+    cached = pytestconfig.cache.get("seeder", None)
+    if not cached:
+        return
+    restored = types.TestContainerDocker.from_cache(cached)
+    base = restored.host_configs["8080"].base().rstrip("/")
+    for signal in ("metrics", "traces", "logs"):
+        try:
+            requests.delete(f"{base}/telemetry/{signal}", timeout=30).raise_for_status()
+        except Exception as e:  # pylint: disable=broad-exception-caught
+            print(f"seeder DELETE /telemetry/{signal} failed: {e}")
--- a/tests/e2e/package.json
+++ b/tests/e2e/package.json
@@ -4,6 +4,7 @@
  "description": "E2E tests for SigNoz frontend with Playwright",
  "main": "index.js",
  "scripts": {
+    "preinstall": "npx only-allow pnpm",
    "test": "playwright test",
    "test:staging": "SIGNOZ_E2E_BASE_URL=https://app.us.staging.signoz.cloud playwright test",
    "test:ui": "playwright test --ui",
@@ -41,6 +42,7 @@
    "typescript": "^5.0.0"
  },
  "engines": {
-    "node": ">=18.0.0"
+    "node": ">=18.0.0",
+    "pnpm": ">=10.0.0 <11.0.0"
  }
 }
--- a/tests/e2e/playwright.config.ts
+++ b/tests/e2e/playwright.config.ts
@@ -50,12 +50,36 @@ export default defineConfig({
 		viewport: { width: 1280, height: 720 },
 	},

-	// Browser projects. No project-level auth — specs opt in via the
-	// authedPage fixture in tests/e2e/fixtures/auth.ts, which logs a user
-	// in on first use and caches the resulting storageState per worker.
+	// `setup` runs `bootstrap/global.setup.ts` once before any browser
+	// project — refreshes the golden dataset so chart-data assertions
+	// land inside default panel time windows. Per
+	// https://playwright.dev/docs/test-global-setup-teardown#option-1-project-dependencies.
 	projects: [
-		{ name: 'chromium', use: devices['Desktop Chrome'] },
-		{ name: 'firefox', use: devices['Desktop Firefox'] },
-		{ name: 'webkit', use: devices['Desktop Safari'] },
+		{
+			name: 'setup',
+			testDir: './bootstrap',
+			testMatch: /global\.setup\.ts/,
+			teardown: 'teardown',
+		},
+		{
+			name: 'teardown',
+			testDir: './bootstrap',
+			testMatch: /global\.teardown\.ts/,
+		},
+		{
+			name: 'chromium',
+			use: devices['Desktop Chrome'],
+			dependencies: ['setup'],
+		},
+		{
+			name: 'firefox',
+			use: devices['Desktop Firefox'],
+			dependencies: ['setup'],
+		},
+		{
+			name: 'webkit',
+			use: devices['Desktop Safari'],
+			dependencies: ['setup'],
+		},
 	],
 });
--- a/tests/e2e/tsconfig.json
+++ b/tests/e2e/tsconfig.json
@@ -18,6 +18,6 @@
    "outDir": "./dist",
    "rootDir": "."
  },
-  "include": ["tests/**/*.ts", "helpers/**/*.ts", "fixtures/**/*.ts", "playwright.config.ts"],
+  "include": ["tests/**/*.ts", "helpers/**/*.ts", "fixtures/**/*.ts", "bootstrap/**/*.ts", "playwright.config.ts"],
  "exclude": ["node_modules", "dist"]
 }
--- a/tests/e2e/yarn.lock
+++ b/tests/e2e/yarn.lock
@@ -1,352 +0,0 @@
-# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
-# yarn lockfile v1
-
-
-"@oxfmt/binding-android-arm-eabi@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-android-arm-eabi/-/binding-android-arm-eabi-0.41.0.tgz#09438448ab9479730582cd00fb86e4c33795a364"
-  integrity sha512-REfrqeMKGkfMP+m/ScX4f5jJBSmVNYcpoDF8vP8f8eYPDuPGZmzp56NIUsYmx3h7f6NzC6cE3gqh8GDWrJHCKw==
-
-"@oxfmt/binding-android-arm64@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-android-arm64/-/binding-android-arm64-0.41.0.tgz#b01eef08ff2a6be90f5805fe28339ec0130a955c"
-  integrity sha512-s0b1dxNgb2KomspFV2LfogC2XtSJB42POXF4bMCLJyvQmAGos4ZtjGPfQreToQEaY0FQFjz3030ggI36rF1q5g==
-
-"@oxfmt/binding-darwin-arm64@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-darwin-arm64/-/binding-darwin-arm64-0.41.0.tgz#a2e24b7c52d40e3bb01939fa9c994d56923294ce"
-  integrity sha512-EGXGualADbv/ZmamE7/2DbsrYmjoPlAmHEpTL4vapLF4EfVD6fr8/uQDFnPJkUBjiSWFJZtFNsGeN1B6V3owmA==
-
-"@oxfmt/binding-darwin-x64@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-darwin-x64/-/binding-darwin-x64-0.41.0.tgz#c114c0a30195a65cfe0247e2ffd000416df4d4bc"
-  integrity sha512-WxySJEvdQQYMmyvISH3qDpTvoS0ebnIP63IMxLLWowJyPp/AAH0hdWtlo+iGNK5y3eVfa5jZguwNaQkDKWpGSw==
-
-"@oxfmt/binding-freebsd-x64@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-freebsd-x64/-/binding-freebsd-x64-0.41.0.tgz#a9057a31860ec79970a16b5a0a801a51fab99168"
-  integrity sha512-Y2kzMkv3U3oyuYaR4wTfGjOTYTXiFC/hXmG0yVASKkbh02BJkvD98Ij8bIevr45hNZ0DmZEgqiXF+9buD4yMYQ==
-
-"@oxfmt/binding-linux-arm-gnueabihf@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-0.41.0.tgz#1a2be3cbbf2d9e90808858ba8fc38b24023ac44c"
-  integrity sha512-ptazDjdUyhket01IjPTT6ULS1KFuBfTUU97osTP96X5y/0oso+AgAaJzuH81oP0+XXyrWIHbRzozSAuQm4p48g==
-
-"@oxfmt/binding-linux-arm-musleabihf@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-arm-musleabihf/-/binding-linux-arm-musleabihf-0.41.0.tgz#f0a12feca29bfaf7437d94c32919ff3ac60c213f"
-  integrity sha512-UkoL2OKxFD+56bPEBcdGn+4juTW4HRv/T6w1dIDLnvKKWr6DbarB/mtHXlADKlFiJubJz8pRkttOR7qjYR6lTA==
-
-"@oxfmt/binding-linux-arm64-gnu@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-0.41.0.tgz#b304c7ede72119f7fe7ce7861007c0ee6eb60c08"
-  integrity sha512-gofu0PuumSOHYczD8p62CPY4UF6ee+rSLZJdUXkpwxg6pILiwSDBIouPskjF/5nF3A7QZTz2O9KFNkNxxFN9tA==
-
-"@oxfmt/binding-linux-arm64-musl@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-arm64-musl/-/binding-linux-arm64-musl-0.41.0.tgz#295d6ce8d846ca1a287165bf4ff6e7b3cd51f823"
-  integrity sha512-VfVZxL0+6RU86T8F8vKiDBa+iHsr8PAjQmKGBzSCAX70b6x+UOMFl+2dNihmKmUwqkCazCPfYjt6SuAPOeQJ3g==
-
-"@oxfmt/binding-linux-ppc64-gnu@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-0.41.0.tgz#6c702f37bd69bb88bf78264eef5df9dbcdcada49"
-  integrity sha512-bwzokz2eGvdfJbc0i+zXMJ4BBjQPqg13jyWpEEZDOrBCQ91r8KeY2Mi2kUeuMTZNFXju+jcAbAbpyJxRGla0eg==
-
-"@oxfmt/binding-linux-riscv64-gnu@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-riscv64-gnu/-/binding-linux-riscv64-gnu-0.41.0.tgz#9dac4f7f4cf10d94ade5a109554f810a43525595"
-  integrity sha512-POLM//PCH9uqDeNDwWL3b3DkMmI3oI2cU6hwc2lnztD1o7dzrQs3R9nq555BZ6wI7t2lyhT9CS+CRaz5X0XqLA==
-
-"@oxfmt/binding-linux-riscv64-musl@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-riscv64-musl/-/binding-linux-riscv64-musl-0.41.0.tgz#ddd573ad4fc8e5d017ab27177eaabea700d68754"
-  integrity sha512-NNK7PzhFqLUwx/G12Xtm6scGv7UITvyGdAR5Y+TlqsG+essnuRWR4jRNODWRjzLZod0T3SayRbnkSIWMBov33w==
-
-"@oxfmt/binding-linux-s390x-gnu@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-0.41.0.tgz#3300ee81681382c1ec0a4013807c362c27ef4821"
-  integrity sha512-qVf/zDC5cN9eKe4qI/O/m445er1IRl6swsSl7jHkqmOSVfknwCe5JXitYjZca+V/cNJSU/xPlC5EFMabMMFDpw==
-
-"@oxfmt/binding-linux-x64-gnu@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-x64-gnu/-/binding-linux-x64-gnu-0.41.0.tgz#be9068d48bb521eea83ea6bea2b0e08b39d7638b"
-  integrity sha512-ojxYWu7vUb6ysYqVCPHuAPVZHAI40gfZ0PDtZAMwVmh2f0V8ExpPIKoAKr7/8sNbAXJBBpZhs2coypIo2jJX4w==
-
-"@oxfmt/binding-linux-x64-musl@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-linux-x64-musl/-/binding-linux-x64-musl-0.41.0.tgz#e0232abd879874823213b71016042d001a740acb"
-  integrity sha512-O2exZLBxoCMIv2vlvcbkdedazJPTdG0VSup+0QUCfYQtx751zCZNboX2ZUOiQ/gDTdhtXvSiot0h6GEGkOyalA==
-
-"@oxfmt/binding-openharmony-arm64@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-openharmony-arm64/-/binding-openharmony-arm64-0.41.0.tgz#3e5893cde8cae02494cbb5493de9c46613e77058"
-  integrity sha512-N+31/VoL+z+NNBt8viy3I4NaIdPbiYeOnB884LKqvXldaE2dRztdPv3q5ipfZYv0RwFp7JfqS4I27K/DSHCakg==
-
-"@oxfmt/binding-win32-arm64-msvc@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-0.41.0.tgz#31d8dfeeddc855dbecc9f45d11cd892635d2e42f"
-  integrity sha512-Z7NAtu/RN8kjCQ1y5oDD0nTAeRswh3GJ93qwcW51srmidP7XPBmZbLlwERu1W5veCevQJtPS9xmkpcDTYsGIwQ==
-
-"@oxfmt/binding-win32-ia32-msvc@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-0.41.0.tgz#873fb408a3e8952fae67763b225e4ea77356e926"
-  integrity sha512-uNxxP3l4bJ6VyzIeRqCmBU2Q0SkCFgIhvx9/9dJ9V8t/v+jP1IBsuaLwCXGR8JPHtkj4tFp+RHtUmU2ZYAUpMA==
-
-"@oxfmt/binding-win32-x64-msvc@0.41.0":
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/@oxfmt/binding-win32-x64-msvc/-/binding-win32-x64-msvc-0.41.0.tgz#0adf46bca6908c6b49c790e598f4972b6f4cd191"
-  integrity sha512-49ZSpbZ1noozyPapE8SUOSm3IN0Ze4b5nkO+4+7fq6oEYQQJFhE0saj5k/Gg4oewVPdjn0L3ZFeWk2Vehjcw7A==
-
-"@oxlint-tsgolint/darwin-arm64@0.20.0":
-  version "0.20.0"
-  resolved "https://registry.yarnpkg.com/@oxlint-tsgolint/darwin-arm64/-/darwin-arm64-0.20.0.tgz#6d704883904fa6e5fc922a7cef882bad4c734a0b"
-  integrity sha512-KKQcIHZHMxqpHUA1VXIbOG6chNCFkUWbQy6M+AFVtPKkA/3xAeJkJ3njoV66bfzwPHRcWQO+kcj5XqtbkjakoA==
-
-"@oxlint-tsgolint/darwin-x64@0.20.0":
-  version "0.20.0"
-  resolved "https://registry.yarnpkg.com/@oxlint-tsgolint/darwin-x64/-/darwin-x64-0.20.0.tgz#676d7a1cf82216d91e9bc143f676e7dbe59ce596"
-  integrity sha512-7HeVMuclGfG+NLZi2ybY0T4fMI7/XxO/208rJk+zEIloKkVnlh11Wd241JMGwgNFXn+MLJbOqOfojDb2Dt4L1g==
-
-"@oxlint-tsgolint/linux-arm64@0.20.0":
-  version "0.20.0"
-  resolved "https://registry.yarnpkg.com/@oxlint-tsgolint/linux-arm64/-/linux-arm64-0.20.0.tgz#5a2e67cf18394b6b868301cf3d84c8b8be7ab6b9"
-  integrity sha512-zxhUwz+WSxE6oWlZLK2z2ps9yC6ebmgoYmjAl0Oa48+GqkZ56NVgo+wb8DURNv6xrggzHStQxqQxe3mK51HZag==
-
-"@oxlint-tsgolint/linux-x64@0.20.0":
-  version "0.20.0"
-  resolved "https://registry.yarnpkg.com/@oxlint-tsgolint/linux-x64/-/linux-x64-0.20.0.tgz#68468ad9253668748736191b6a7af51ae737c0a4"
-  integrity sha512-/1l6FnahC9im8PK+Ekkx/V3yetO/PzZnJegE2FXcv/iXEhbeVxP/ouiTYcUQu9shT1FWJCSNti1VJHH+21Y1dg==
-
-"@oxlint-tsgolint/win32-arm64@0.20.0":
-  version "0.20.0"
-  resolved "https://registry.yarnpkg.com/@oxlint-tsgolint/win32-arm64/-/win32-arm64-0.20.0.tgz#32a0eba60f0a88cd6d6d53cc03eb1b2e43ca0c50"
-  integrity sha512-oPZ5Yz8sVdo7P/5q+i3IKeix31eFZ55JAPa1+RGPoe9PoaYVsdMvR6Jvib6YtrqoJnFPlg3fjEjlEPL8VBKYJA==
-
-"@oxlint-tsgolint/win32-x64@0.20.0":
-  version "0.20.0"
-  resolved "https://registry.yarnpkg.com/@oxlint-tsgolint/win32-x64/-/win32-x64-0.20.0.tgz#90d5582b1df2ae877b2c5d7620e3a55acf9cc45f"
-  integrity sha512-4stx8RHj3SP9vQyRF/yZbz5igtPvYMEUR8CUoha4BVNZihi39DpCR8qkU7lpjB5Ga1DRMo2pHaA4bdTOMaY4mw==
-
-"@oxlint/binding-android-arm-eabi@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-android-arm-eabi/-/binding-android-arm-eabi-1.61.0.tgz#c7a8fb22ac3084d6f4c873cdc9779f4f9e38b805"
-  integrity sha512-6eZBPgiigK5txqoVgRqxbaxiom4lM8AP8CyKPPvpzKnQ3iFRFOIDc+0AapF+qsUSwjOzr5SGk4SxQDpQhkSJMQ==
-
-"@oxlint/binding-android-arm64@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-android-arm64/-/binding-android-arm64-1.61.0.tgz#5fe7c707e12513ede292da015d13e93781771e9f"
-  integrity sha512-CkwLR69MUnyv5wjzebvbbtTSUwqLxM35CXE79bHqDIK+NtKmPEUpStTcLQRZMCo4MP0qRT6TXIQVpK0ZVScnMA==
-
-"@oxlint/binding-darwin-arm64@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-darwin-arm64/-/binding-darwin-arm64-1.61.0.tgz#1f58a4c592b76e293e5b9072cc0e4e7a5bef8191"
-  integrity sha512-8JbefTkbmvqkqWjmQrHke+MdpgT2UghhD/ktM4FOQSpGeCgbMToJEKdl9zwhr/YWTl92i4QI1KiTwVExpcUN8A==
-
-"@oxlint/binding-darwin-x64@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-darwin-x64/-/binding-darwin-x64-1.61.0.tgz#eade7425cc943c3146f3e0f0fb4d08d615ee78a9"
-  integrity sha512-uWpoxDT47hTnDLcdEh5jVbso8rlTTu5o0zuqa9J8E0JAKmIWn7kGFEIB03Pycn2hd2vKxybPGLhjURy/9We5FQ==
-
-"@oxlint/binding-freebsd-x64@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-freebsd-x64/-/binding-freebsd-x64-1.61.0.tgz#8d82382a07ce4895c91694a810dee7f39866951b"
-  integrity sha512-K/o4hEyW7flfMel0iBVznmMBt7VIMHGdjADocHKpK1DUF9erpWnJ+BSSWd2W0c8K3mPtpph+CuHzRU6CI3l9jQ==
-
-"@oxlint/binding-linux-arm-gnueabihf@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.61.0.tgz#df76a5700651cda73ca5578de7308f9479b7cb1b"
-  integrity sha512-P6040ZkcyweJ0Po9yEFqJCdvZnf3VNCGs1SIHgXDf8AAQNC6ID/heXQs9iSgo2FH7gKaKq32VWc59XZwL34C5Q==
-
-"@oxlint/binding-linux-arm-musleabihf@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-arm-musleabihf/-/binding-linux-arm-musleabihf-1.61.0.tgz#b198e5697cfb6cc55eff5ab5b9766732e143492d"
-  integrity sha512-bwxrGCzTZkuB+THv2TQ1aTkVEfv5oz8sl+0XZZCpoYzErJD8OhPQOTA0ENPd1zJz8QsVdSzSrS2umKtPq4/JXg==
-
-"@oxlint/binding-linux-arm64-gnu@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.61.0.tgz#a5cdae7ef9f9b79526ef764fb174bb362c3737ee"
-  integrity sha512-vkhb9/wKguMkLlrm3FoJW/Xmdv31GgYAE+x8lxxQ+7HeOxXUySI0q36a3NTVIuQUdLzxCI1zzMGsk1o37FOe3w==
-
-"@oxlint/binding-linux-arm64-musl@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.61.0.tgz#227f6d94a3c00140a88ea338436783bd9da6f4ae"
-  integrity sha512-bl1dQh8LnVqsj6oOQAcxwbuOmNJkwc4p6o//HTBZhNTzJy21TLDwAviMqUFNUxDHkPGpmdKTSN4tWTjLryP8xg==
-
-"@oxlint/binding-linux-ppc64-gnu@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.61.0.tgz#e504e6cd8691fe460b202599d4c962fc7ad98f94"
-  integrity sha512-QoOX6KB2IiEpyOj/HKqaxi+NQHPnOgNgnr22n9N4ANJCzXkUlj1UmeAbFb4PpqdlHIzvGDM5xZ0OKtcLq9RhiQ==
-
-"@oxlint/binding-linux-riscv64-gnu@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-riscv64-gnu/-/binding-linux-riscv64-gnu-1.61.0.tgz#efe70d9e570756fe19fb60d05a39dd58e9e0f32d"
-  integrity sha512-1TGcTerjY6p152wCof3oKElccq3xHljS/Mucp04gV/4ATpP6nO7YNnp7opEg6SHkv2a57/b4b8Ndm9znJ1/qAw==
-
-"@oxlint/binding-linux-riscv64-musl@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-riscv64-musl/-/binding-linux-riscv64-musl-1.61.0.tgz#f9c42095192f235b03a5d3d1f1fbfb45002d5a93"
-  integrity sha512-65wXEmZIrX2ADwC8i/qFL4EWLSbeuBpAm3suuX1vu4IQkKd+wLT/HU/BOl84kp91u2SxPkPDyQgu4yrqp8vwVA==
-
-"@oxlint/binding-linux-s390x-gnu@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.61.0.tgz#23773cd6f8087f98c54383caccb98808fab6cca0"
-  integrity sha512-TVvhgMvor7Qa6COeXxCJ7ENOM+lcAOGsQ0iUdPSCv2hxb9qSHLQ4XF1h50S6RE1gBOJ0WV3rNukg4JJJP1LWRA==
-
-"@oxlint/binding-linux-x64-gnu@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.61.0.tgz#f46b036cf74b382c03f6a00e18cd1ae53096517f"
-  integrity sha512-SjpS5uYuFoDnDdZPwZE59ndF95AsY47R5MliuneTWR1pDm2CxGJaYXbKULI71t5TVfLQUWmrHEGRL9xvuq6dnA==
-
-"@oxlint/binding-linux-x64-musl@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-linux-x64-musl/-/binding-linux-x64-musl-1.61.0.tgz#cff6c4c24de0863cecbce1c1f43adcafacd9011d"
-  integrity sha512-gGfAeGD4sNJGILZbc/yKcIimO9wQnPMoYp9swAaKeEtwsSQAbU+rsdQze5SBtIP6j0QDzeYd4XSSUCRCF+LIeQ==
-
-"@oxlint/binding-openharmony-arm64@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-openharmony-arm64/-/binding-openharmony-arm64-1.61.0.tgz#9fdd87fc10c2c51c510470f7c4136ab2df9ee7b3"
-  integrity sha512-OlVT0LrG/ct33EVtWRyR+B/othwmDWeRxfi13wUdPeb3lAT5TgTcFDcfLfarZtzB4W1nWF/zICMgYdkggX2WmQ==
-
-"@oxlint/binding-win32-arm64-msvc@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.61.0.tgz#25a87f62859a6703f2520d665f98f6c0f88a70e0"
-  integrity sha512-vI//NZPJk6DToiovPtaiwD4iQ7kO1r5ReWQD0sOOyKRtP3E2f6jxin4uvwi3OvDzHA2EFfd7DcZl5dtkQh7g1w==
-
-"@oxlint/binding-win32-ia32-msvc@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-win32-ia32-msvc/-/binding-win32-ia32-msvc-1.61.0.tgz#06f7df42b074f28ef27540d38be69875e5d5afcb"
-  integrity sha512-0ySj4/4zd2XjePs3XAQq7IigIstN4LPQZgCyigX5/ERMLjdWAJfnxcTsrtxZxuij8guJW8foXuHmhGxW0H4dDA==
-
-"@oxlint/binding-win32-x64-msvc@1.61.0":
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/@oxlint/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.61.0.tgz#7bc84b261bb8b515ade20f1044547cc8bbee44ce"
-  integrity sha512-0xgSiyeqDLDZxXoe9CVJrOx3TUVsfyoOY7cNi03JbItNcC9WCZqrSNdrAbHONxhSPaVh/lzfnDcON1RqSUMhHw==
-
-"@playwright/test@^1.57.0-alpha-2025-10-09":
-  version "1.57.0-alpha-2025-10-11"
-  resolved "https://registry.yarnpkg.com/@playwright/test/-/test-1.57.0-alpha-2025-10-11.tgz#75f6fac2f98fcff6e4bae1c907b48ad0b1a33bea"
-  integrity sha512-xqp2RNcLCPSUAYCrP3+rYZ4LFlESvWqjjpFegjNbun7wLcGvUt9Mh+RHBvgeZAhMxxuVde78XO9Y888UYFH9ew==
-  dependencies:
-    playwright "1.57.0-alpha-2025-10-11"
-
-"@types/node@^20.0.0":
-  version "20.19.20"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-20.19.20.tgz#116f5432a1e6383415a57cf5e00b5ac9b2a2ad03"
-  integrity sha512-2Q7WS25j4pS1cS8yw3d6buNCVJukOTeQ39bAnwR6sOJbaxvyCGebzTMypDFN82CxBLnl+lSWVdCCWbRY6y9yZQ==
-  dependencies:
-    undici-types "~6.21.0"
-
-dotenv@^16.0.0:
-  version "16.6.1"
-  resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.6.1.tgz#773f0e69527a8315c7285d5ee73c4459d20a8020"
-  integrity sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==
-
-eslint-plugin-playwright@^2.10.2:
-  version "2.10.2"
-  resolved "https://registry.yarnpkg.com/eslint-plugin-playwright/-/eslint-plugin-playwright-2.10.2.tgz#1f0bef35c0b9f996a6987a401e6d4e6a3a015861"
-  integrity sha512-0N+2OWc3NZbOZ0gK8mp2TK6Qu3UWcJTQ9rqU0UM2yRJXgT758pvpY0lsOLIySfbyFrLqn3TcXjixbmcK90VnuQ==
-  dependencies:
-    globals "^17.3.0"
-
-fsevents@2.3.2:
-  version "2.3.2"
-  resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.2.tgz#8a526f78b8fdf4623b709e0b975c52c24c02fd1a"
-  integrity sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==
-
-globals@^17.3.0:
-  version "17.5.0"
-  resolved "https://registry.yarnpkg.com/globals/-/globals-17.5.0.tgz#a82c641d898f8dfbe0e81f66fdff7d0de43f88c6"
-  integrity sha512-qoV+HK2yFl/366t2/Cb3+xxPUo5BuMynomoDmiaZBIdbs+0pYbjfZU+twLhGKp4uCZ/+NbtpVepH5bGCxRyy2g==
-
-oxfmt@^0.41.0:
-  version "0.41.0"
-  resolved "https://registry.yarnpkg.com/oxfmt/-/oxfmt-0.41.0.tgz#7dbfb63d19704a85412f36678c3ace092ce88673"
-  integrity sha512-sKLdJZdQ3bw6x9qKiT7+eID4MNEXlDHf5ZacfIircrq6Qwjk0L6t2/JQlZZrVHTXJawK3KaMuBoJnEJPcqCEdg==
-  dependencies:
-    tinypool "2.1.0"
-  optionalDependencies:
-    "@oxfmt/binding-android-arm-eabi" "0.41.0"
-    "@oxfmt/binding-android-arm64" "0.41.0"
-    "@oxfmt/binding-darwin-arm64" "0.41.0"
-    "@oxfmt/binding-darwin-x64" "0.41.0"
-    "@oxfmt/binding-freebsd-x64" "0.41.0"
-    "@oxfmt/binding-linux-arm-gnueabihf" "0.41.0"
-    "@oxfmt/binding-linux-arm-musleabihf" "0.41.0"
-    "@oxfmt/binding-linux-arm64-gnu" "0.41.0"
-    "@oxfmt/binding-linux-arm64-musl" "0.41.0"
-    "@oxfmt/binding-linux-ppc64-gnu" "0.41.0"
-    "@oxfmt/binding-linux-riscv64-gnu" "0.41.0"
-    "@oxfmt/binding-linux-riscv64-musl" "0.41.0"
-    "@oxfmt/binding-linux-s390x-gnu" "0.41.0"
-    "@oxfmt/binding-linux-x64-gnu" "0.41.0"
-    "@oxfmt/binding-linux-x64-musl" "0.41.0"
-    "@oxfmt/binding-openharmony-arm64" "0.41.0"
-    "@oxfmt/binding-win32-arm64-msvc" "0.41.0"
-    "@oxfmt/binding-win32-ia32-msvc" "0.41.0"
-    "@oxfmt/binding-win32-x64-msvc" "0.41.0"
-
-oxlint-tsgolint@^0.20.0:
-  version "0.20.0"
-  resolved "https://registry.yarnpkg.com/oxlint-tsgolint/-/oxlint-tsgolint-0.20.0.tgz#e011319219faa572faf340c40d65708404b37e10"
-  integrity sha512-/Uc9TQyN1l8w9QNvXtVHYtz+SzDJHKpb5X0UnHodl0BVzijUPk0LPlDOHAvogd1UI+iy9ZSF6gQxEqfzUxCULQ==
-  optionalDependencies:
-    "@oxlint-tsgolint/darwin-arm64" "0.20.0"
-    "@oxlint-tsgolint/darwin-x64" "0.20.0"
-    "@oxlint-tsgolint/linux-arm64" "0.20.0"
-    "@oxlint-tsgolint/linux-x64" "0.20.0"
-    "@oxlint-tsgolint/win32-arm64" "0.20.0"
-    "@oxlint-tsgolint/win32-x64" "0.20.0"
-
-oxlint@^1.59.0:
-  version "1.61.0"
-  resolved "https://registry.yarnpkg.com/oxlint/-/oxlint-1.61.0.tgz#e714742cfe7b815713feb14600b0ffe963d539a4"
-  integrity sha512-ZC0ALuhDZ6ivOFG+sy0D0pEDN49EvsId98zVlmYdkcXHsEM14m/qTNUEsUpiFiCVbpIxYtVBmmLE87nsbUHohQ==
-  optionalDependencies:
-    "@oxlint/binding-android-arm-eabi" "1.61.0"
-    "@oxlint/binding-android-arm64" "1.61.0"
-    "@oxlint/binding-darwin-arm64" "1.61.0"
-    "@oxlint/binding-darwin-x64" "1.61.0"
-    "@oxlint/binding-freebsd-x64" "1.61.0"
-    "@oxlint/binding-linux-arm-gnueabihf" "1.61.0"
-    "@oxlint/binding-linux-arm-musleabihf" "1.61.0"
-    "@oxlint/binding-linux-arm64-gnu" "1.61.0"
-    "@oxlint/binding-linux-arm64-musl" "1.61.0"
-    "@oxlint/binding-linux-ppc64-gnu" "1.61.0"
-    "@oxlint/binding-linux-riscv64-gnu" "1.61.0"
-    "@oxlint/binding-linux-riscv64-musl" "1.61.0"
-    "@oxlint/binding-linux-s390x-gnu" "1.61.0"
-    "@oxlint/binding-linux-x64-gnu" "1.61.0"
-    "@oxlint/binding-linux-x64-musl" "1.61.0"
-    "@oxlint/binding-openharmony-arm64" "1.61.0"
-    "@oxlint/binding-win32-arm64-msvc" "1.61.0"
-    "@oxlint/binding-win32-ia32-msvc" "1.61.0"
-    "@oxlint/binding-win32-x64-msvc" "1.61.0"
-
-playwright-core@1.57.0-alpha-2025-10-11:
-  version "1.57.0-alpha-2025-10-11"
-  resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.57.0-alpha-2025-10-11.tgz#b444b75542a43bc354e512d076344d9258997e9c"
-  integrity sha512-X6KAunryZlslAdEdlN5gIIP3sFU6Uot3vzLoGCZ9SNv0JvXd6e2g7ArjnpOQld36yKszq8J+wQJRlIvdXkIvRw==
-
-playwright@1.57.0-alpha-2025-10-11:
-  version "1.57.0-alpha-2025-10-11"
-  resolved "https://registry.yarnpkg.com/playwright/-/playwright-1.57.0-alpha-2025-10-11.tgz#af67a28d64b39fe57eea454b2b312e98bfff02a5"
-  integrity sha512-a80kAd59up/kURcKE7THLzx3lN6a1G9RhsgP9ZfLGL7WtnOhOdRLxbHwmjWUG11ybEDeYNpj1qwT02MT4R+rew==
-  dependencies:
-    playwright-core "1.57.0-alpha-2025-10-11"
-  optionalDependencies:
-    fsevents "2.3.2"
-
-tinypool@2.1.0:
-  version "2.1.0"
-  resolved "https://registry.yarnpkg.com/tinypool/-/tinypool-2.1.0.tgz#303a671d6ef68d03c9512cdc9a47c86b8a85f20c"
-  integrity sha512-Pugqs6M0m7Lv1I7FtxN4aoyToKg1C4tu+/381vH35y8oENM/Ai7f7C4StcoK4/+BSw9ebcS8jRiVrORFKCALLw==
-
-typescript@^5.0.0:
-  version "5.9.3"
-  resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.9.3.tgz#5b4f59e15310ab17a216f5d6cf53ee476ede670f"
-  integrity sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==
-
-undici-types@~6.21.0:
-  version "6.21.0"
-  resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-6.21.0.tgz#691d00af3909be93a7faa13be61b3a5b50ef12cb"
-  integrity sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==
--- a/tests/fixtures/querier.py
+++ b/tests/fixtures/querier.py
@@ -450,6 +450,35 @@ def build_scalar_query(
    return {"type": "builder_query", "spec": spec}


+def build_raw_query(
+    name: str,
+    signal: str,
+    *,
+    order: list[dict] | None = None,
+    limit: int | None = None,
+    filter_expression: str | None = None,
+    step_interval: int = DEFAULT_STEP_INTERVAL,
+    disabled: bool = False,
+) -> dict:
+    spec: dict[str, Any] = {
+        "name": name,
+        "signal": signal,
+        "stepInterval": step_interval,
+        "disabled": disabled,
+    }
+
+    if order:
+        spec["order"] = order
+
+    if limit is not None:
+        spec["limit"] = limit
+
+    if filter_expression:
+        spec["filter"] = {"expression": filter_expression}
+
+    return {"type": "builder_query", "spec": spec}
+
+
 def build_group_by_field(
    name: str,
    field_data_type: str = "string",
--- a/tests/fixtures/seed_golden_dataset.py
+++ b/tests/fixtures/seed_golden_dataset.py
@@ -0,0 +1,361 @@
+"""Golden dataset fixture — seeds OTel-demo-shaped metrics, traces, and
+logs into ClickHouse via the seeder on every test_setup invocation.
+
+Timestamps are rebased to `now` so panels with default time windows
+always find data. To refresh the dataset shape on disk, run
+`uv run python -m fixtures.seed_golden_dataset regenerate`.
+"""
+
+from __future__ import annotations
+
+import datetime
+import json
+import logging
+import os
+import random
+from collections.abc import Iterator
+from pathlib import Path
+
+import pytest
+import requests
+
+from fixtures import types
+
+logger = logging.getLogger(__name__)
+
+_GOLDEN_DIR = Path(__file__).resolve().parent.parent / "seeder" / "golden"
+METRICS_PATH = _GOLDEN_DIR / "otel-demo-metrics-golden.jsonl"
+TRACES_PATH = _GOLDEN_DIR / "otel-demo-traces-golden.jsonl"
+LOGS_PATH = _GOLDEN_DIR / "otel-demo-logs-golden.jsonl"
+
+
+# ─── Generator ───────────────────────────────────────────────────────────
+
+_SERVICES = [
+    "adservice",
+    "cartservice",
+    "checkoutservice",
+    "currencyservice",
+    "frontend",
+    "paymentservice",
+    "productcatalogservice",
+    "shippingservice",
+]
+_OPERATIONS = {
+    "adservice": ["/ads/get", "/ads/list"],
+    "cartservice": ["/cart/add", "/cart/get", "/cart/empty"],
+    "checkoutservice": ["/checkout"],
+    "currencyservice": ["/currency/convert"],
+    "frontend": ["/", "/product", "/checkout"],
+    "paymentservice": ["/payment/charge"],
+    "productcatalogservice": ["/products/list", "/products/get"],
+    "shippingservice": ["/shipping/quote", "/shipping/ship"],
+}
+_DB_SERVICES = {"cartservice", "productcatalogservice"}
+_ENV = "production"
+_BUCKET_MINUTES = 5
+_WINDOW_HOURS = 6
+
+
+def _generate_metrics() -> list[dict]:
+    rng = random.Random(20260511)
+    samples: list[dict] = []
+    n_buckets = (_WINDOW_HOURS * 60) // _BUCKET_MINUTES
+    base_counter = 1000
+
+    for service in _SERVICES:
+        for operation in _OPERATIONS[service]:
+            for status in ("STATUS_CODE_OK", "STATUS_CODE_ERROR"):
+                weight = 9 if status == "STATUS_CODE_OK" else 1
+                counter = base_counter
+                latency_sum = 0
+                for i in range(n_buckets):
+                    minutes_ago = (_WINDOW_HOURS * 60) - (i + 1) * _BUCKET_MINUTES
+                    bucket_calls = int(weight * (50 + 20 * (1 + i % 12 / 12.0) + rng.randint(0, 10)))
+                    counter += bucket_calls
+                    latency_sum += bucket_calls * rng.randint(100_000, 500_000)
+                    resource_attrs = {
+                        "service.name": service,
+                        "deployment.environment": _ENV,
+                        "k8s.namespace.name": f"signoz-{service}",
+                    }
+                    point_attrs = {
+                        "operation": operation,
+                        "status_code": status,
+                        "span_kind": "SPAN_KIND_SERVER",
+                    }
+                    for name, value in (
+                        ("signoz_calls_total", counter),
+                        ("signoz_latency_count", counter),
+                        ("signoz_latency_sum", latency_sum),
+                    ):
+                        samples.append(
+                            {
+                                "metric_name": name,
+                                "minutes_ago": minutes_ago,
+                                "value": value,
+                                "resource_attributes": resource_attrs,
+                                "attributes": point_attrs,
+                                "is_monotonic": True,
+                            }
+                        )
+        if service in _DB_SERVICES:
+            db_counter = 0
+            for i in range(n_buckets):
+                minutes_ago = (_WINDOW_HOURS * 60) - (i + 1) * _BUCKET_MINUTES
+                db_counter += 20 + rng.randint(0, 15)
+                samples.append(
+                    {
+                        "metric_name": "signoz_db_latency_count",
+                        "minutes_ago": minutes_ago,
+                        "value": db_counter,
+                        "resource_attributes": {
+                            "service.name": service,
+                            "deployment.environment": _ENV,
+                            "k8s.namespace.name": f"signoz-{service}",
+                        },
+                        "attributes": {
+                            "db.system": "postgresql" if service == "cartservice" else "mongodb",
+                        },
+                        "is_monotonic": True,
+                    }
+                )
+    return samples
+
+
+def _generate_traces() -> list[dict]:
+    rng = random.Random(20260512)
+    samples: list[dict] = []
+    n_buckets = 12
+    for service in _SERVICES:
+        for operation in _OPERATIONS[service]:
+            for i in range(n_buckets):
+                minutes_ago = int((_WINDOW_HOURS * 60) - i * (_WINDOW_HOURS * 60 / n_buckets))
+                http_status = "500" if rng.random() < 0.05 else "200"
+                samples.append(
+                    {
+                        "name": f"{service} {operation}",
+                        "kind": "SERVER",
+                        "minutes_ago": minutes_ago,
+                        "duration_ms": rng.randint(50, 500),
+                        "status": "ERROR" if http_status == "500" else "OK",
+                        "resource_attributes": {
+                            "service.name": service,
+                            "deployment.environment": _ENV,
+                            "k8s.namespace.name": f"signoz-{service}",
+                        },
+                        "attributes": {
+                            "http.method": "GET" if "get" in operation.lower() or operation == "/" else "POST",
+                            "http.route": operation,
+                            "http.status_code": http_status,
+                        },
+                    }
+                )
+    return samples
+
+
+_LOG_SEVERITIES = [("INFO", 0.85), ("WARN", 0.10), ("ERROR", 0.05)]
+_LOG_BODIES = {
+    "INFO": ["Handled request", "Cache hit", "Connection established"],
+    "WARN": ["Slow response detected", "Cache miss", "Retrying upstream call"],
+    "ERROR": ["Upstream call failed", "Database query timed out", "Auth failed"],
+}
+
+
+def _generate_logs() -> list[dict]:
+    rng = random.Random(20260512)
+    samples: list[dict] = []
+    n_buckets = 24
+    for service in _SERVICES:
+        for i in range(n_buckets):
+            minutes_ago = int((_WINDOW_HOURS * 60) - i * (_WINDOW_HOURS * 60 / n_buckets))
+            r = rng.random()
+            cumulative = 0.0
+            severity = "INFO"
+            for name, weight in _LOG_SEVERITIES:
+                cumulative += weight
+                if r < cumulative:
+                    severity = name
+                    break
+            samples.append(
+                {
+                    "body": f"[{service}] {rng.choice(_LOG_BODIES[severity])}",
+                    "severity": severity,
+                    "minutes_ago": minutes_ago,
+                    "resource_attributes": {
+                        "service.name": service,
+                        "deployment.environment": _ENV,
+                        "k8s.namespace.name": f"signoz-{service}",
+                    },
+                    "attributes": {"logger.name": f"{service}.app"},
+                }
+            )
+    return samples
+
+
+def _write_jsonl(path: Path, samples: list[dict]) -> None:
+    path.parent.mkdir(parents=True, exist_ok=True)
+    with path.open("w") as f:
+        for s in samples:
+            f.write(json.dumps(s, separators=(",", ":")))
+            f.write("\n")
+
+
+def regenerate() -> dict[str, int]:
+    metrics = _generate_metrics()
+    traces = _generate_traces()
+    logs = _generate_logs()
+    _write_jsonl(METRICS_PATH, metrics)
+    _write_jsonl(TRACES_PATH, traces)
+    _write_jsonl(LOGS_PATH, logs)
+    return {"metrics": len(metrics), "traces": len(traces), "logs": len(logs)}
+
+
+# ─── Loader ──────────────────────────────────────────────────────────────
+
+
+_KIND_TO_INT = {
+    "UNSPECIFIED": 0,
+    "INTERNAL": 1,
+    "SERVER": 2,
+    "CLIENT": 3,
+    "PRODUCER": 4,
+    "CONSUMER": 5,
+}
+_STATUS_TO_INT = {"UNSET": 0, "OK": 1, "ERROR": 2}
+
+
+def _read_jsonl(path: Path) -> Iterator[dict]:
+    with path.open() as f:
+        for line in f:
+            line = line.strip()
+            if line:
+                yield json.loads(line)
+
+
+def _iso_minus_minutes(now: datetime.datetime, minutes: float) -> str:
+    ts = now - datetime.timedelta(minutes=minutes)
+    return ts.replace(tzinfo=datetime.UTC).isoformat().replace("+00:00", "Z")
+
+
+def _rebased_metric(sample: dict, now: datetime.datetime) -> dict:
+    out = {k: v for k, v in sample.items() if k != "minutes_ago"}
+    out["timestamp"] = _iso_minus_minutes(now, sample["minutes_ago"])
+    return out
+
+
+def _rebased_trace(sample: dict, now: datetime.datetime) -> dict:
+    return {
+        "timestamp": _iso_minus_minutes(now, sample["minutes_ago"]),
+        "duration": f"PT{sample['duration_ms'] / 1000:.3f}S",
+        "trace_id": sample.get("trace_id") or os.urandom(16).hex(),
+        "span_id": sample.get("span_id") or os.urandom(8).hex(),
+        "name": sample["name"],
+        "kind": _KIND_TO_INT.get(str(sample.get("kind", "SERVER")).upper(), 2),
+        "status_code": _STATUS_TO_INT.get(str(sample.get("status", "UNSET")).upper(), 0),
+        "resources": sample.get("resource_attributes", {}),
+        "attributes": sample.get("attributes", {}),
+    }
+
+
+def _rebased_log(sample: dict, now: datetime.datetime) -> dict:
+    return {
+        "timestamp": _iso_minus_minutes(now, sample["minutes_ago"]),
+        "body": sample["body"],
+        "severity_text": str(sample.get("severity", "INFO")).upper(),
+        "resources": sample.get("resource_attributes", {}),
+        "attributes": sample.get("attributes", {}),
+    }
+
+
+def _post_batches(url: str, rows: Iterator[dict], batch_size: int, timeout: int) -> int:
+    batch: list[dict] = []
+    total = 0
+    for row in rows:
+        batch.append(row)
+        if len(batch) >= batch_size:
+            response = requests.post(url, json=batch, timeout=timeout)
+            response.raise_for_status()
+            total += len(batch)
+            batch = []
+    if batch:
+        response = requests.post(url, json=batch, timeout=timeout)
+        response.raise_for_status()
+        total += len(batch)
+    return total
+
+
+def seed(
+    seeder_base_url: str,
+    *,
+    batch_size: int = 500,
+    timeout: int = 60,
+    clear_first: bool = True,
+) -> dict[str, int]:
+    """Wipe each signal table (via DELETE /telemetry/<signal>) and replay
+    the golden dataset with timestamps rebased to `now`. Each call leaves
+    the stack in the exact state the JSONL files describe — chart-data
+    assertions are reproducible across sessions regardless of how many
+    earlier sessions seeded."""
+    for path in (METRICS_PATH, TRACES_PATH, LOGS_PATH):
+        if not path.exists():
+            raise FileNotFoundError(f"golden dataset missing at {path} — run `uv run python -m fixtures.seed_golden_dataset regenerate`")
+
+    now = datetime.datetime.now(datetime.UTC).replace(microsecond=0, tzinfo=None)
+    base = seeder_base_url.rstrip("/")
+    if clear_first:
+        for signal in ("metrics", "traces", "logs"):
+            requests.delete(f"{base}/telemetry/{signal}", timeout=timeout).raise_for_status()
+    counts = {
+        "metrics": _post_batches(
+            base + "/telemetry/metrics",
+            (_rebased_metric(s, now) for s in _read_jsonl(METRICS_PATH)),
+            batch_size,
+            timeout,
+        ),
+        "traces": _post_batches(
+            base + "/telemetry/traces",
+            (_rebased_trace(s, now) for s in _read_jsonl(TRACES_PATH)),
+            batch_size,
+            timeout,
+        ),
+        "logs": _post_batches(
+            base + "/telemetry/logs",
+            (_rebased_log(s, now) for s in _read_jsonl(LOGS_PATH)),
+            batch_size,
+            timeout,
+        ),
+    }
+    logger.info("seeded through %s: %s", base, counts)
+    return counts
+
+
+# ─── Fixture ─────────────────────────────────────────────────────────────
+
+
+@pytest.fixture(name="golden_dataset", scope="package")
+def golden_dataset(seeder: types.TestContainerDocker) -> dict[str, int]:
+    """Seed metrics + traces + logs into the running stack via the
+    seeder. Runs unconditionally on every test_setup invocation so the
+    rebased timestamps always anchor against `now`."""
+    return seed(seeder.host_configs["8080"].base())
+
+
+if __name__ == "__main__":
+    import sys
+
+    logging.basicConfig(level=logging.INFO)
+    if len(sys.argv) < 2:
+        sys.stderr.write("usage: seed_golden_dataset.py seed <seeder-base-url> | regenerate\n")
+        sys.exit(2)
+    cmd = sys.argv[1]
+    if cmd == "regenerate":
+        print(f"wrote {regenerate()}")
+    elif cmd == "seed":
+        if len(sys.argv) != 3:
+            sys.stderr.write("usage: seed_golden_dataset.py seed <seeder-base-url>\n")
+            sys.exit(2)
+        print(f"seeded {seed(sys.argv[2])}")
+    else:
+        sys.stderr.write(f"unknown command: {cmd}\n")
+        sys.exit(2)
--- a/tests/integration/tests/dashboard/03_v2_dashboard.py
+++ b/tests/integration/tests/dashboard/03_v2_dashboard.py
@@ -1,191 +0,0 @@
-import json
-from collections.abc import Callable
-from http import HTTPStatus
-from pathlib import Path
-
-import requests
-
-from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
-from fixtures.types import Operation, SigNoz
-
-_PERSES_FIXTURE = (
-    Path(__file__).parents[4]
-    / "pkg/types/dashboardtypes/dashboardtypesv2/testdata/perses.json"
-)
-
-
-def _post_dashboard(signoz: SigNoz, token: str, body: dict) -> requests.Response:
-    return requests.post(
-        signoz.self.host_configs["8080"].get("/api/v2/dashboards"),
-        json=body,
-        headers={"Authorization": f"Bearer {token}"},
-        timeout=2,
-    )
-
-
-def test_empty_body_rejected_for_missing_schema_version(
-    signoz: SigNoz,
-    create_user_admin: Operation,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-):
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    response = _post_dashboard(signoz, admin_token, {})
-
-    assert response.status_code == HTTPStatus.BAD_REQUEST
-    body = response.json()
-    assert body["status"] == "error"
-    assert body["error"]["code"] == "dashboard_invalid_input"
-    assert body["error"]["message"] == 'metadata.schemaVersion must be "v6", got ""'
-
-
-def test_missing_display_name_rejected(
-    signoz: SigNoz,
-    create_user_admin: Operation,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-):
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    response = _post_dashboard(signoz, admin_token, {"metadata": {"schemaVersion": "v6"}})
-
-    assert response.status_code == HTTPStatus.BAD_REQUEST
-    body = response.json()
-    assert body["status"] == "error"
-    assert body["error"]["code"] == "dashboard_invalid_input"
-    assert body["error"]["message"] == "data.display.name is required"
-
-
-def test_minimal_valid_body_creates_dashboard(
-    signoz: SigNoz,
-    create_user_admin: Operation,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-):
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    response = _post_dashboard(
-        signoz,
-        admin_token,
-        {
-            "metadata": {"schemaVersion": "v6"},
-            "data": {"display": {"name": "test name"}},
-        },
-    )
-
-    assert response.status_code == HTTPStatus.CREATED
-    body = response.json()
-    assert body["status"] == "success"
-    data = body["data"]
-    assert data["info"]["data"]["display"]["name"] == "test name"
-    assert data["info"]["metadata"]["schemaVersion"] == "v6"
-
-
-def test_unknown_root_field_rejected(
-    signoz: SigNoz,
-    create_user_admin: Operation,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-):
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    response = _post_dashboard(
-        signoz,
-        admin_token,
-        {
-            "metadata": {"schemaVersion": "v6"},
-            "data": {"display": {"name": "test name"}},
-            "unknownfieldattheroot": "shouldgiveanerror",
-        },
-    )
-
-    assert response.status_code == HTTPStatus.BAD_REQUEST
-    body = response.json()
-    assert body["status"] == "error"
-    assert body["error"]["code"] == "dashboard_invalid_input"
-    assert body["error"]["message"] == 'json: unknown field "unknownfieldattheroot"'
-
-
-def test_unknown_nested_field_rejected(
-    signoz: SigNoz,
-    create_user_admin: Operation,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-):
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    response = _post_dashboard(
-        signoz,
-        admin_token,
-        {
-            "metadata": {"schemaVersion": "v6"},
-            "data": {
-                "display": {
-                    "name": "test name",
-                    "unknownfieldinside": "shouldgiveanerror",
-                },
-            },
-        },
-    )
-
-    assert response.status_code == HTTPStatus.BAD_REQUEST
-    body = response.json()
-    assert body["status"] == "error"
-    assert body["error"]["code"] == "dashboard_invalid_input"
-    assert body["error"]["message"] == 'json: unknown field "unknownfieldinside"'
-
-
-def test_perses_fixture_creates_dashboard(
-    signoz: SigNoz,
-    create_user_admin: Operation,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-):
-    """The perses.json fixture is the kitchen-sink dashboard the schema tests
-    use; round-tripping it through the create API exercises the full plugin
-    surface end-to-end."""
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    data = json.loads(_PERSES_FIXTURE.read_text())
-    response = _post_dashboard(
-        signoz,
-        admin_token,
-        {"metadata": {"schemaVersion": "v6"}, "data": data},
-    )
-
-    assert response.status_code == HTTPStatus.CREATED
-    body = response.json()
-    assert body["status"] == "success"
-    assert body["data"]["info"]["data"]["display"]["name"] == data["display"]["name"]
-
-
-def test_tag_casing_is_inherited_from_existing_parent(
-    signoz: SigNoz,
-    create_user_admin: Operation,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-):
-    """A second dashboard tagged with a sibling under a casing-variant parent
-    path should adopt the existing parent's casing while keeping the
-    user-supplied casing for the new leaf segment."""
-    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-
-    first = _post_dashboard(
-        signoz,
-        admin_token,
-        {
-            "metadata": {"schemaVersion": "v6"},
-            "data": {"display": {"name": "dac"}},
-            "tags": [{"name": "engineering/US/NYC"}],
-        },
-    )
-    assert first.status_code == HTTPStatus.CREATED
-    first_tags = first.json()["data"]["info"]["tags"]
-    assert first_tags == [{"name": "engineering/US/NYC"}]
-
-    second = _post_dashboard(
-        signoz,
-        admin_token,
-        {
-            "metadata": {"schemaVersion": "v6"},
-            "data": {"display": {"name": "dac"}},
-            "tags": [{"name": "engineering/us/SF"}],
-        },
-    )
-    assert second.status_code == HTTPStatus.CREATED
-    second_tags = second.json()["data"]["info"]["tags"]
-    assert second_tags == [{"name": "engineering/US/SF"}]
--- a/tests/integration/tests/querier_json_body/01_logs_json_body_new_qb.py
+++ b/tests/integration/tests/querier_json_body/01_logs_json_body_new_qb.py
@@ -11,6 +11,7 @@ from fixtures.logs import Logs
 from fixtures.querier import (
    build_logs_aggregation,
    build_order_by,
+    build_raw_query,
    build_scalar_query,
    get_column_data_from_response,
    get_rows,
@@ -27,28 +28,33 @@ def _run_query_case(signoz: types.SigNoz, token: str, now: datetime, case: dict[
    start_ms = case.get("startMs", int((now - timedelta(seconds=10)).timestamp() * 1000))
    end_ms = case.get("endMs", int(now.timestamp() * 1000))

-    aggregation = case.get("aggregation")
-    if aggregation and not isinstance(aggregation, list):
-        aggregations = [build_logs_aggregation(aggregation)]
-    elif aggregation:
-        aggregations = aggregation
+    if case["requestType"] == "raw":
+        query = build_raw_query(
+            name=case["name"],
+            signal="logs",
+            filter_expression=case.get("expression"),
+            order=case.get("order") or [build_order_by("timestamp", "desc")],
+            limit=case.get("limit", 100),
+            step_interval=case.get("stepInterval") or 60,
+        )
    else:
-        aggregations = []
-
-    order = case.get("order")
-    if order is None and case["requestType"] == "raw":
-        order = [build_order_by("timestamp", "desc")]
-
-    query = build_scalar_query(
-        name=case["name"],
-        signal="logs",
-        aggregations=aggregations,
-        group_by=case.get("groupBy"),
-        order=order,
-        limit=case.get("limit", 100),
-        filter_expression=case.get("expression"),
-        step_interval=case.get("stepInterval") or 60,
-    )
+        aggregation = case.get("aggregation")
+        if aggregation and not isinstance(aggregation, list):
+            aggregations = [build_logs_aggregation(aggregation)]
+        elif aggregation:
+            aggregations = aggregation
+        else:
+            aggregations = []
+        query = build_scalar_query(
+            name=case["name"],
+            signal="logs",
+            aggregations=aggregations,
+            group_by=case.get("groupBy"),
+            order=case.get("order"),
+            limit=case.get("limit", 100),
+            filter_expression=case.get("expression"),
+            step_interval=case.get("stepInterval") or 60,
+        )

    response = make_query_request(
        signoz=signoz,
@@ -636,10 +642,9 @@ def test_select_order_by(
    end_ms = int(now.timestamp() * 1000)

    def _run(case: dict[str, Any]) -> None:
-        query = build_scalar_query(
+        query = build_raw_query(
            name=case["name"],
            signal="logs",
-            aggregations=[build_logs_aggregation("count()")],
            order=case["order"],
            limit=100,
            step_interval=60,
--- a/tests/integration/tests/querier_json_body/02_non_body_fields.py
+++ b/tests/integration/tests/querier_json_body/02_non_body_fields.py
@@ -0,0 +1,285 @@
+import json
+from collections.abc import Callable
+from datetime import UTC, datetime, timedelta
+from typing import Any
+
+import requests
+
+from fixtures import types
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
+from fixtures.logs import Logs
+from fixtures.querier import (
+    build_group_by_field,
+    build_logs_aggregation,
+    build_order_by,
+    build_raw_query,
+    build_scalar_query,
+    get_rows,
+    get_scalar_table_data,
+    make_query_request,
+)
+
+
+def _raw(
+    signoz: types.SigNoz,
+    token: str,
+    start_ms: int,
+    end_ms: int,
+    name: str,
+    *,
+    expression: str | None = None,
+    order: list[dict] | None = None,
+    limit: int = 100,
+) -> requests.Response:
+    q = build_raw_query(
+        name=name,
+        signal="logs",
+        filter_expression=expression,
+        order=order or [build_order_by("timestamp", "desc")],
+        limit=limit,
+        step_interval=60,
+    )
+    r = make_query_request(signoz, token, start_ms, end_ms, queries=[q], request_type="raw")
+    assert r.status_code == 200, f"HTTP {r.status_code} for '{name}': {r.text}"
+    return r
+
+
+def _scalar(
+    signoz: types.SigNoz,
+    token: str,
+    start_ms: int,
+    end_ms: int,
+    name: str,
+    aggregation: str,
+    *,
+    expression: str | None = None,
+    group_by: list[dict] | None = None,
+) -> requests.Response:
+    q = build_scalar_query(
+        name=name,
+        signal="logs",
+        aggregations=[build_logs_aggregation(aggregation)],
+        filter_expression=expression,
+        group_by=group_by,
+        step_interval=60,
+    )
+    r = make_query_request(signoz, token, start_ms, end_ms, queries=[q], request_type="scalar")
+    assert r.status_code == 200, f"HTTP {r.status_code} for '{name}': {r.text}"
+    return r
+
+
+def _body_users(response: requests.Response) -> set[str | None]:
+    return {json.loads(row["data"]["body"]).get("user") for row in get_rows(response)}
+
+
+def _body_scores(response: requests.Response) -> list[int | None]:
+    return [json.loads(row["data"]["body"]).get("score") for row in get_rows(response)]
+
+
+def _services(response: requests.Response) -> list[str]:
+    return [row["data"]["resources_string"].get("service.name", "") for row in get_rows(response)]
+
+
+def _counts(response: requests.Response) -> dict[str, Any]:
+    return {str(row[0]): row[-1] for row in get_scalar_table_data(response.json()) if row}
+
+
+def _run_case(
+    signoz: types.SigNoz,
+    token: str,
+    start_ms: int,
+    end_ms: int,
+    case: dict[str, Any],
+) -> None:
+    if case["requestType"] == "raw":
+        response = _raw(signoz, token, start_ms, end_ms, case["name"], expression=case.get("expression"), order=case.get("order"))
+    else:
+        response = _scalar(signoz, token, start_ms, end_ms, case["name"], case["aggregation"], expression=case.get("expression"), group_by=case.get("groupBy"))
+    assert case["validate"](response), f"Validation failed for '{case['name']}': {response.json()}"
+
+
+# ============================================================================
+# Filter · GroupBy · Aggregation — non-body fields across all three contexts
+#
+# Five cases, one dataset. Each case crosses a different combination of
+# resource attr / log attr / top-level field in WHERE, GROUP BY, and agg:
+#
+#   case 1  filter      resource + log attr + top-level in WHERE       (raw)
+#   case 2  group by    resource × top-level multi-key                 (scalar)
+#   case 3  aggregation count_distinct(log attr) grouped by top-level  (scalar)
+#   case 4  agg+filter  count by resource, body-field WHERE guard       (scalar)
+#   case 5  agg+filter  count_distinct(resource) by log attr, top-level filter (scalar)
+#
+# Data landscape (5 logs):
+#   log1 — auth-svc, GET,    INFO,  score=80,  user=alice
+#   log2 — auth-svc, POST,   ERROR, score=90,  user=bob
+#   log3 — auth-svc, GET,    INFO,  score=60,  user=carol
+#   log4 — api-gw,   GET,    WARN,  score=70,  user=diana
+#   log5 — worker,   DELETE, ERROR, score=100, user=eve
+# ============================================================================
+
+
+def test_non_body_filter_groupby_aggregation(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[list[Logs]], None],
+    export_json_types: Callable[[list[Logs]], None],
+) -> None:
+    now = datetime.now(tz=UTC)
+    start_ms = int((now - timedelta(seconds=10)).timestamp() * 1000)
+    end_ms = int(now.timestamp() * 1000)
+
+    log_data = [
+        ("auth-svc", "GET", "INFO", {"score": 80, "user": "alice"}),
+        ("auth-svc", "POST", "ERROR", {"score": 90, "user": "bob"}),
+        ("auth-svc", "GET", "INFO", {"score": 60, "user": "carol"}),
+        ("api-gw", "GET", "WARN", {"score": 70, "user": "diana"}),
+        ("worker", "DELETE", "ERROR", {"score": 100, "user": "eve"}),
+    ]
+    logs_list = [
+        Logs(
+            timestamp=now - timedelta(seconds=len(log_data) - i),
+            resources={"service.name": svc},
+            attributes={"http.method": method},
+            body_v2=json.dumps(body),
+            body_promoted="",
+            severity_text=sev,
+        )
+        for i, (svc, method, sev, body) in enumerate(log_data)
+    ]
+    export_json_types(logs_list)
+    insert_logs(logs_list)
+    token = get_token(email=USER_ADMIN_EMAIL, password=USER_ADMIN_PASSWORD)
+
+    cases = [
+        # 1. Filter — resource + log attr + top-level in WHERE (all three non-body contexts at once)
+        {
+            "name": "filter.cross_context",
+            "requestType": "raw",
+            "expression": 'service.name = "auth-svc" AND http.method = "GET" AND severity_text = "INFO"',
+            "validate": lambda r: len(get_rows(r)) == 2 and _body_users(r) == {"alice", "carol"},
+        },
+        # 2. GroupBy — resource × top-level multi-key, no filter
+        #    Proves both contexts resolve correctly as simultaneous GROUP BY keys.
+        {
+            "name": "groupby.resource_x_toplevel",
+            "requestType": "scalar",
+            "expression": None,
+            "groupBy": [build_group_by_field("service.name"), {"name": "severity_text"}],
+            "aggregation": "count()",
+            # auth-svc+INFO=2, auth-svc+ERROR=1, api-gw+WARN=1, worker+ERROR=1
+            "validate": lambda r: (p := {(str(row[0]), str(row[1])): row[-1] for row in get_scalar_table_data(r.json()) if len(row) >= 3}) and p.get(("auth-svc", "INFO")) == 2 and p.get(("auth-svc", "ERROR")) == 1 and p.get(("api-gw", "WARN")) == 1 and p.get(("worker", "ERROR")) == 1,
+        },
+        # 3. Aggregation — count_distinct(log attr) grouped by top-level
+        #    ERROR logs use {POST, DELETE} → 2 distinct methods; INFO/WARN use only GET → 1.
+        {
+            "name": "agg.count_distinct_attr_by_toplevel",
+            "requestType": "scalar",
+            "expression": None,
+            "groupBy": [{"name": "severity_text"}],
+            "aggregation": "count_distinct(http.method)",
+            "validate": lambda r: (rows := _counts(r)) and int(rows["INFO"]) == 1 and int(rows["ERROR"]) == 2 and int(rows["WARN"]) == 1,
+        },
+        # 4. Aggregation + body filter — count by resource WHERE body score >= 80
+        #    Body field gates the logs; non-body field drives the GROUP BY.
+        {
+            "name": "agg.count_by_resource_body_filter",
+            "requestType": "scalar",
+            "expression": "score >= 80",
+            "groupBy": [build_group_by_field("service.name")],
+            "aggregation": "count()",
+            # score>=80: alice(80), bob(90), eve(100) → auth-svc: 2, worker: 1; api-gw excluded
+            "validate": lambda r: (rows := _counts(r)) and int(rows["auth-svc"]) == 2 and int(rows["worker"]) == 1 and "api-gw" not in rows,
+        },
+        # 5. Aggregation + top-level filter — count_distinct(resource) grouped by log attr
+        #    Aggregates a resource attr, groups by a log attr, filtered by a top-level field.
+        {
+            "name": "agg.count_distinct_resource_by_attr_toplevel_filter",
+            "requestType": "scalar",
+            "expression": "severity_text IN ['INFO', 'WARN']",
+            "groupBy": [{"name": "http.method"}],
+            "aggregation": "count_distinct(service.name)",
+            # INFO/WARN logs: GET(auth-svc×2, api-gw) → 2 distinct svcs; POST/DELETE excluded
+            "validate": lambda r: (rows := _counts(r)) and int(rows["GET"]) == 2 and "POST" not in rows and "DELETE" not in rows,
+        },
+    ]
+
+    for case in cases:
+        case.setdefault("groupBy", None)
+        _run_case(signoz, token, start_ms, end_ms, case)
+
+
+# ============================================================================
+# OrderBy — non-body fields as primary sort keys
+#
+# Four cases cover every non-body context as the primary ORDER BY key:
+#   orderby.service_asc          resource attr    (service.name ASC)
+#   orderby.timestamp_desc       top-level        (timestamp DESC)
+#   orderby.severity_asc         top-level        (severity_text ASC)
+#   orderby.multi_method_then_score  log attr primary, body path secondary
+#
+# Data landscape:
+#   log1 — svc-a, GET,    INFO, score=80, ts=now-4s
+#   log2 — svc-a, POST,   INFO, score=90, ts=now-3s
+#   log3 — svc-b, GET,    WARN, score=60, ts=now-2s
+#   log4 — svc-b, DELETE, WARN, score=70, ts=now-1s
+# ============================================================================
+
+
+def test_non_body_orderby(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_logs: Callable[[list[Logs]], None],
+    export_json_types: Callable[[list[Logs]], None],
+) -> None:
+    now = datetime.now(tz=UTC)
+    start_ms = int((now - timedelta(seconds=10)).timestamp() * 1000)
+    end_ms = int(now.timestamp() * 1000)
+
+    logs_list = [
+        Logs(timestamp=now - timedelta(seconds=4), resources={"service.name": "svc-a"}, attributes={"http.method": "GET"}, body_v2=json.dumps({"score": 80}), body_promoted="", severity_text="INFO"),
+        Logs(timestamp=now - timedelta(seconds=3), resources={"service.name": "svc-a"}, attributes={"http.method": "POST"}, body_v2=json.dumps({"score": 90}), body_promoted="", severity_text="INFO"),
+        Logs(timestamp=now - timedelta(seconds=2), resources={"service.name": "svc-b"}, attributes={"http.method": "GET"}, body_v2=json.dumps({"score": 60}), body_promoted="", severity_text="WARN"),
+        Logs(timestamp=now - timedelta(seconds=1), resources={"service.name": "svc-b"}, attributes={"http.method": "DELETE"}, body_v2=json.dumps({"score": 70}), body_promoted="", severity_text="WARN"),
+    ]
+    export_json_types(logs_list)
+    insert_logs(logs_list)
+    token = get_token(email=USER_ADMIN_EMAIL, password=USER_ADMIN_PASSWORD)
+
+    cases = [
+        # resource attr ASC: svc-a×2 before svc-b×2
+        {
+            "name": "orderby.service_asc",
+            "requestType": "raw",
+            "order": [build_order_by("service.name", "asc")],
+            "validate": lambda r: len(get_rows(r)) == 4 and _services(r)[:2] == ["svc-a", "svc-a"] and _services(r)[2:] == ["svc-b", "svc-b"],
+        },
+        # top-level timestamp DESC: ts-1s(svc-b/70), ts-2s(svc-b/60), ts-3s(svc-a/90), ts-4s(svc-a/80)
+        {
+            "name": "orderby.timestamp_desc",
+            "requestType": "raw",
+            "order": [build_order_by("timestamp", "desc")],
+            "validate": lambda r: len(get_rows(r)) == 4 and _body_scores(r) == [70, 60, 90, 80] and _services(r) == ["svc-b", "svc-b", "svc-a", "svc-a"],
+        },
+        # top-level severity_text ASC: INFO(svc-a×2) before WARN(svc-b×2)
+        {
+            "name": "orderby.severity_asc",
+            "requestType": "raw",
+            "order": [build_order_by("severity_text", "asc")],
+            "validate": lambda r: len(get_rows(r)) == 4 and _services(r)[:2] == ["svc-a", "svc-a"] and _services(r)[2:] == ["svc-b", "svc-b"],
+        },
+        # multi-key: http.method ASC then score ASC — DELETE(70), GET(60,80), POST(90)
+        {
+            "name": "orderby.multi_method_then_score",
+            "requestType": "raw",
+            "order": [build_order_by("http.method", "asc"), build_order_by("score", "asc")],
+            # DELETE < GET < POST alphabetically; within GET scores go 60→80
+            "validate": lambda r: len(get_rows(r)) == 4 and _body_scores(r) == [70, 60, 80, 90],
+        },
+    ]
+
+    for case in cases:
+        case.setdefault("groupBy", None)
+        _run_case(signoz, token, start_ms, end_ms, case)
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Piyush Singariya	ac80e44782	Merge branch 'main' into fix/resource-query	2026-05-14 17:00:31 +05:30
Piyush Singariya	c141ac92c3	Merge branch 'main' into fix/resource-query	2026-05-14 16:59:00 +05:30
Piyush Singariya	9e3851af71	fix: comment fixed	2026-05-14 16:58:27 +05:30
Piyush Singariya	eb02171a81	Merge branch 'main' into fix/resource-query	2026-05-14 16:48:32 +05:30
Piyush Singariya	b0eceff9c6	fix: comment remove	2026-05-14 16:47:03 +05:30
Vikrant Gupta	edb30f29c1	feat(authz): introduce detach relationship (#11298 ) * feat(authz): introduce detach relationship * feat(authz): attach and detach for parent child heirarchy * feat(authz): fix the openapi spec generated schemas * feat(authz): add integration tests * feat(authz): add telemetry metaresource * feat(authz): fix the http response and integration tests * feat(authz): generate frontend openapi schema * feat(authz): remove unwanted tuples	2026-05-14 11:06:17 +00:00
Vikrant Gupta	d6f4b051e6	chore(authz): add support for wildcard selectors (#11310 )	2026-05-14 11:05:37 +00:00
Ashwin Bhatkal	7bc6ce7551	chore: pin pnpm version in package.json and enforce via preinstall (#11303 ) * test: fix pnpm version in package json and npmrc * test: remove packageManager as it shows wrong error message	2026-05-14 10:59:05 +00:00
Piyush Singariya	d8b61addd2	Merge branch 'main' into fix/resource-query	2026-05-14 16:28:44 +05:30
Piyush Singariya	e2927f6deb	chore: bring in new fixture for building raw query	2026-05-14 16:28:13 +05:30
Piyush Singariya	9a8a70a66f	fix: fmt py	2026-05-14 16:23:36 +05:30
Nikhil Mantri	3b9ee4901e	feat(infra-monitoring): v2 jobs list api (#11148 ) * chore: baseline setup * chore: endpoint detail update * chore: added logic for hosts v3 api * fix: bug fix * chore: disk usage * chore: added validate function * chore: added some unit tests * chore: return status as a string * chore: yarn generate api * chore: removed isSendingK8sAgentsMetricsCode * chore: moved funcs * chore: added validation on order by * chore: added pods list logic * chore: updated openapi yml * chore: updated spec * chore: pods api meta start time * chore: nil pointer check * chore: nil pointer dereference fix in req.Filter * chore: added temporalities of metrics * chore: added pods metrics temporality * chore: unified composite key function * chore: code improvements * chore: added pods list api updates * chore: hostStatusNone added for clarity that this field can be left empty as well in payload * chore: yarn generate api * chore: return errors from getMetadata and lint fix * chore: return errors from getMetadata and lint fix * chore: added hostName logic * chore: modified getMetadata query * chore: add type for response and files rearrange * chore: warnings added passing from queryResponse warning to host lists response struct * chore: added better metrics existence check * chore: added a TODO remark * chore: added required metrics check * chore: distributed samples table to local table change for get metadata * chore: frontend fix * chore: endpoint correction * chore: endpoint modification openapi * chore: escape backtick to prevent sql injection * chore: rearrage * chore: improvements * chore: validate order by to validate function * chore: improved description * chore: added TODOs and made filterByStatus a part of filter struct * chore: ignore empty string hosts in get active hosts * feat(infra-monitoring): v2 hosts list - return counts of active & inactive hosts for custom group by attributes (#10956) * chore: add functionality for showing active and inactive counts in custom group by * chore: bug fix * chore: added subquery for active and total count * chore: ignore empty string hosts in get active hosts * fix: sinceUnixMilli for determining active hosts compute once per request * chore: refactor code * chore: rename HostsList -> ListHosts * chore: rearrangement * chore: inframonitoring types renaming * chore: added types package * chore: file structure further breakdown for clarity * chore: comments correction * chore: removed temporalities * chore: pods code restructuring * chore: comments resolve * chore: added json tag required: true * chore: removed pod metric temporalities * chore: removed internal server error * chore: added status unauthorized * chore: remove a defensive nil map check, the function ensure non-nil map when err nil * chore: cleanup and rename * chore: make sort stable in case of tiebreaker by comparing composite group by keys * chore: regen api client for inframonitoring Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: added phase counts feature * chore: added queries for pod phase counts in custom group by * chore: added required tags * chore: added support for pod phase unknown * chore: removed pods - order by phase * chore: improved api description to document -1 as no data in numeric fields * fix: rebase fixes * chore: added unknown phase count * fix: isPodUIDInGroupBy in buildPodRecords * chore: 3 cte --> 2 cte * chore: pod phase with local table of time series as counts * chore: comment correction * chore: corrected comment * chore: value column for samples table added * chore: removed query G for phase counts * chore: rename variable * chore: added PodPhaseNum constants to types * feat(infra-monitoring): v2 pods list apis - phase counts when custom grouping (#11088) * chore: added phase counts feature * chore: added queries for pod phase counts in custom group by * chore: added unknown phase count * fix: isPodUIDInGroupBy in buildPodRecords * chore: 3 cte --> 2 cte * chore: pod phase with local table of time series as counts * chore: comment correction * chore: corrected comment * chore: value column for samples table added * chore: removed query G for phase counts * chore: rename variable * chore: added PodPhaseNum constants to types * chore: nodes list v2 full blown * chore: metadata fix * chore: updated comment * chore: namespaces code * chore: v2 nodes api * chore: rename * chore: v2 clusters list api * chore: namespaces code * chore: rename * chore: review clusters PR * chore: pvcs code added * chore: updated endpoint and spec * chore: pvcs todo * chore: added condition * chore: added filter * chore: added code for deployments * chore: query nit * chore: statefulsets code added * chore: base filter added * chore: added base deployments change * chore: added base condition * chore: v2 jobs list api added * chore: added pod phase counts * chore: for pods and nodes, replace none with no_data * chore: node and pod counts structs added * chore: namespace record uses PodCountsByPhase * chore: cluster record uses PodCountsByPhase, NodeCountsByReadiness * chore: deployment record uses PodCountsByPhase * chore: statefulset record uses PodCountsByPhase * chore: job record uses PodCountsByPhase * chore: metrics existence check * chore: statefulset metrics added * chore: added jobs metrics * chore: added metrics --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Ashwin Bhatkal <ashwin96@gmail.com>	2026-05-14 10:49:21 +00:00
Piyush Singariya	426095b713	chore: compressing tests into max 5	2026-05-14 16:19:14 +05:30
Piyush Singariya	c3058205b4	fix: uvx checks	2026-05-14 15:50:11 +05:30
Piyush Singariya	69e5977ab9	chore: comment fix	2026-05-14 15:33:22 +05:30
Piyush Singariya	19d04d005e	chore: fmt py	2026-05-14 15:31:38 +05:30
Piyush Singariya	cee826f703	Merge branch 'main' into fix/resource-query	2026-05-14 15:30:21 +05:30
Piyush Singariya	5b9f864f6e	chore: run non body tests in json enabled	2026-05-14 15:29:59 +05:30
Rinky Devi	2517f69b65	Fix: dangling and syntax in dashboard filter ( #10674 ) (#11243 ) * fix: dangling AND in parenthesized filter expression * fix: duplicate variable name via drilldown unguarded * fix: resolved few fixes * fix: scope variable expression removal to comparison values * fix: resolved the comments * fix: updated more tests	2026-05-14 09:22:51 +00:00
Ashwin Bhatkal	5363dc6b0e	test: new playwright project to seed data (#11271 ) * test: new playwright project to seed data * test: add teardown bits * test: move from fixtures to seeder * test: format file * test: format file + update lockfile	2026-05-14 08:37:40 +00:00
Piyush Singariya	d24f0c13cc	fix: package tests	2026-05-14 13:44:25 +05:30
Piyush Singariya	f70333630a	test: add unit test for resource tags in json enabled flagger	2026-05-14 13:36:24 +05:30
Piyush Singariya	078b4c93d7	revert: stmt builder test changes	2026-05-14 13:19:30 +05:30
Piyush Singariya	9145f33ae8	Merge branch 'main' into fix/resource-query	2026-05-14 12:49:43 +05:30
Piyush Singariya	7bb67ba2cb	fix: update test suite	2026-05-14 12:47:37 +05:30
Nikhil Mantri	83fa73c3e8	feat(infra-monitoring): v2 statefulsets list api (#11146 ) * chore: baseline setup * chore: endpoint detail update * chore: added logic for hosts v3 api * fix: bug fix * chore: disk usage * chore: added validate function * chore: added some unit tests * chore: return status as a string * chore: yarn generate api * chore: removed isSendingK8sAgentsMetricsCode * chore: moved funcs * chore: added validation on order by * chore: added pods list logic * chore: updated openapi yml * chore: updated spec * chore: pods api meta start time * chore: nil pointer check * chore: nil pointer dereference fix in req.Filter * chore: added temporalities of metrics * chore: added pods metrics temporality * chore: unified composite key function * chore: code improvements * chore: added pods list api updates * chore: hostStatusNone added for clarity that this field can be left empty as well in payload * chore: yarn generate api * chore: return errors from getMetadata and lint fix * chore: return errors from getMetadata and lint fix * chore: added hostName logic * chore: modified getMetadata query * chore: add type for response and files rearrange * chore: warnings added passing from queryResponse warning to host lists response struct * chore: added better metrics existence check * chore: added a TODO remark * chore: added required metrics check * chore: distributed samples table to local table change for get metadata * chore: frontend fix * chore: endpoint correction * chore: endpoint modification openapi * chore: escape backtick to prevent sql injection * chore: rearrage * chore: improvements * chore: validate order by to validate function * chore: improved description * chore: added TODOs and made filterByStatus a part of filter struct * chore: ignore empty string hosts in get active hosts * feat(infra-monitoring): v2 hosts list - return counts of active & inactive hosts for custom group by attributes (#10956) * chore: add functionality for showing active and inactive counts in custom group by * chore: bug fix * chore: added subquery for active and total count * chore: ignore empty string hosts in get active hosts * fix: sinceUnixMilli for determining active hosts compute once per request * chore: refactor code * chore: rename HostsList -> ListHosts * chore: rearrangement * chore: inframonitoring types renaming * chore: added types package * chore: file structure further breakdown for clarity * chore: comments correction * chore: removed temporalities * chore: pods code restructuring * chore: comments resolve * chore: added json tag required: true * chore: removed pod metric temporalities * chore: removed internal server error * chore: added status unauthorized * chore: remove a defensive nil map check, the function ensure non-nil map when err nil * chore: cleanup and rename * chore: make sort stable in case of tiebreaker by comparing composite group by keys * chore: regen api client for inframonitoring Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore: added phase counts feature * chore: added queries for pod phase counts in custom group by * chore: added required tags * chore: added support for pod phase unknown * chore: removed pods - order by phase * chore: improved api description to document -1 as no data in numeric fields * fix: rebase fixes * chore: added unknown phase count * fix: isPodUIDInGroupBy in buildPodRecords * chore: 3 cte --> 2 cte * chore: pod phase with local table of time series as counts * chore: comment correction * chore: corrected comment * chore: value column for samples table added * chore: removed query G for phase counts * chore: rename variable * chore: added PodPhaseNum constants to types * feat(infra-monitoring): v2 pods list apis - phase counts when custom grouping (#11088) * chore: added phase counts feature * chore: added queries for pod phase counts in custom group by * chore: added unknown phase count * fix: isPodUIDInGroupBy in buildPodRecords * chore: 3 cte --> 2 cte * chore: pod phase with local table of time series as counts * chore: comment correction * chore: corrected comment * chore: value column for samples table added * chore: removed query G for phase counts * chore: rename variable * chore: added PodPhaseNum constants to types * chore: nodes list v2 full blown * chore: metadata fix * chore: updated comment * chore: namespaces code * chore: v2 nodes api * chore: rename * chore: v2 clusters list api * chore: namespaces code * chore: rename * chore: review clusters PR * chore: pvcs code added * chore: updated endpoint and spec * chore: pvcs todo * chore: added condition * chore: added filter * chore: added code for deployments * chore: query nit * chore: statefulsets code added * chore: base filter added * chore: added base deployments change * chore: added base condition * chore: added pod phase counts * chore: for pods and nodes, replace none with no_data * chore: node and pod counts structs added * chore: namespace record uses PodCountsByPhase * chore: cluster record uses PodCountsByPhase, NodeCountsByReadiness * chore: deployment record uses PodCountsByPhase * chore: statefulset record uses PodCountsByPhase * chore: metrics existence check * chore: statefulset metrics added * chore: availablePods -> renamed to currentPods * chore: restored to main --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Ashwin Bhatkal <ashwin96@gmail.com>	2026-05-14 06:07:36 +00:00
Piyush Singariya	02311ede99	fix: query fix in conditionFor	2026-05-14 11:31:35 +05:30
Nikhil Soni	59a757f9bb	fix: use 404 consitantly for missing spans (#11289 ) While calculating span percentile, if there are no spans to compare to, return 404	2026-05-14 05:52:28 +00:00
Abhi kumar	16267e3172	fix: added fix for traceoperator not getting saved in alerts (#11208 )	2026-05-14 05:16:30 +00:00
Ashutosh Sharma	b236a29a99	fix(time-picker): disable browser autofill on time selection input (#11247 ) Some checks failed build-staging / prepare (push) Has been cancelled Details build-staging / js-build (push) Has been cancelled Details build-staging / go-build (push) Has been cancelled Details build-staging / staging (push) Has been cancelled Details Release Drafter / update_release_draft (push) Has been cancelled Details Browser autofill was interfering with the custom time selection input. Added autoComplete='off' to prevent browser from suggesting values. Fixes #5875	2026-05-13 20:24:35 +00:00
Jatinderjit Singh	828459ab30	fix missing icon for nodata alerts (#11292 )	2026-05-13 19:44:58 +00:00
Jatinderjit Singh	b572e30045	fix(alerts): invalidate rule cache after disable/enable toggle (#11295 ) * fix(alerts): invalidate rule cache after disable/enable toggle The toggle calls patchRulePartial but never invalidated the useGetRuleByID react-query cache. With refetchOnMount disabled on the edit page, saving the form sent back the stale disabled value and reverted the toggle. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * reuse existing function to invalidate rule cache --------- Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-13 19:42:36 +00:00