Merge branch 'nv/patch-dashboard' into nv/v2-list-dashboard

# Conflicts:
#	pkg/modules/tag/impltag/module.go
#	pkg/modules/tag/tag.go
#	pkg/types/tagtypes/tag_test.go

cmd/authz.go

@@ -66,9 +66,10 @@ func runGenerateAuthz(_ context.Context) error {
 	registry := coretypes.NewRegistry()
 
 	allowedResources := map[string]bool{
-		coretypes.NewResourceRef(coretypes.ResourceServiceAccount).String():        true,
-		coretypes.NewResourceRef(coretypes.ResourceRole).String():                  true,
-		coretypes.NewResourceRef(coretypes.ResourceMetaResourceFactorAPIKey).String(): true,
+		coretypes.NewResourceRef(coretypes.ResourceServiceAccount).String():              true,
+		coretypes.NewResourceRef(coretypes.ResourceMetaResourcesServiceAccount).String(): true,
+		coretypes.NewResourceRef(coretypes.ResourceRole).String():                        true,
+		coretypes.NewResourceRef(coretypes.ResourceMetaResourcesRole).String():           true,
 	}
 
 	allowedTypes := map[string]bool{}

cmd/community/server.go

@@ -29,6 +29,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/retention"
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
@@ -103,8 +104,8 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 
 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, authtypes.NewRegistry()), nil
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing) dashboard.Module {
-			return impldashboard.NewModule(impldashboard.NewStore(store), settings, analytics, orgGetter, queryParser)
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, _ querier.Querier, _ licensing.Licensing, tagModule tag.Module) dashboard.Module {
+			return impldashboard.NewModule(impldashboard.NewStore(store), store, settings, analytics, orgGetter, queryParser, tagModule)
 		},
 		func(_ licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return noopgateway.NewProviderFactory()

cmd/enterprise/Dockerfile.with-web.integration

@@ -3,7 +3,7 @@ FROM node:22-bookworm AS build
 WORKDIR /opt/
 COPY ./frontend/ ./
 ENV NODE_OPTIONS=--max-old-space-size=8192
-RUN CI=1 npm i -g pnpm@10
+RUN CI=1 npm i -g pnpm
 RUN CI=1 pnpm install
 RUN CI=1 pnpm build
 

cmd/enterprise/server.go

@@ -48,6 +48,7 @@ import (
 	pkgcloudintegration "github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/retention"
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
@@ -151,8 +152,8 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 			}
 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, licensing, onBeforeRoleDelete, authtypes.NewRegistry()), nil
 		},
-		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
-			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), settings, analytics, orgGetter, queryParser, querier, licensing)
+		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing, tagModule tag.Module) dashboard.Module {
+			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), store, settings, analytics, orgGetter, queryParser, querier, licensing, tagModule)
 		},
 		func(licensing licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config] {
 			return httpgateway.NewProviderFactory(licensing)

ee/authz/openfgaauthz/provider.go

@@ -87,7 +87,7 @@ func (provider *provider) BatchCheck(ctx context.Context, tupleReq map[string]*o
 }
 
 func (provider *provider) CheckTransactions(ctx context.Context, subject string, orgID valuer.UUID, transactions []*authtypes.Transaction) ([]*authtypes.TransactionWithAuthorization, error) {
-	tuples, correlations, err := authtypes.NewTuplesFromTransactionsWithCorrelations(transactions, subject, orgID)
+	tuples, err := authtypes.NewTuplesFromTransactions(transactions, subject, orgID)
 	if err != nil {
 		return nil, err
 	}
@@ -99,21 +99,10 @@ func (provider *provider) CheckTransactions(ctx context.Context, subject string,
 
 	results := make([]*authtypes.TransactionWithAuthorization, len(transactions))
 	for i, txn := range transactions {
-		txnID := txn.ID.StringValue()
-		authorized := batchResults[txnID].Authorized
-
-		if !authorized {
-			for _, correlationID := range correlations[txnID] {
-				if result, exists := batchResults[correlationID]; exists && result.Authorized {
-					authorized = true
-					break
-				}
-			}
-		}
-
+		result := batchResults[txn.ID.StringValue()]
 		results[i] = &authtypes.TransactionWithAuthorization{
 			Transaction: txn,
-			Authorized:  authorized,
+			Authorized:  result.Authorized,
 		}
 	}
 	return results, nil

ee/authz/openfgaschema/base.fga

@@ -7,27 +7,17 @@ type organization
 
 type user
   relations
-    define create: [user, serviceaccount, role#assignee]
-    define list: [user, serviceaccount, role#assignee]
-
     define read: [user, serviceaccount, role#assignee]
     define update: [user, serviceaccount, role#assignee]
     define delete: [user, serviceaccount, role#assignee]
-
     define attach: [user, serviceaccount, role#assignee]
-    define detach: [user, serviceaccount, role#assignee]
 
 type serviceaccount
   relations
-    define create: [user, serviceaccount, role#assignee]
-    define list: [user, serviceaccount, role#assignee]
-
     define read: [user, serviceaccount, role#assignee]
     define update: [user, serviceaccount, role#assignee]
     define delete: [user, serviceaccount, role#assignee]
-
     define attach: [user, serviceaccount, role#assignee]
-    define detach: [user, serviceaccount, role#assignee]
 
 type anonymous
 
@@ -35,28 +25,25 @@ type role
   relations
     define assignee: [user, serviceaccount, anonymous]
 
-    define create: [user, serviceaccount, role#assignee]
-    define list: [user, serviceaccount, role#assignee]
-
     define read: [user, serviceaccount, role#assignee]
     define update: [user, serviceaccount, role#assignee]
     define delete: [user, serviceaccount, role#assignee]
-
     define attach: [user, serviceaccount, role#assignee]
-    define detach: [user, serviceaccount, role#assignee]
 
-type metaresource
+type metaresources
   relations
     define create: [user, serviceaccount, role#assignee]
     define list: [user, serviceaccount, role#assignee]
 
-    define read: [user, serviceaccount, anonymous, role#assignee]
-    define update: [user, serviceaccount, role#assignee]
-    define delete: [user, serviceaccount, role#assignee]
+type metaresource
+  relations
+      define read: [user, serviceaccount, anonymous, role#assignee]
+      define update: [user, serviceaccount, role#assignee]
+      define delete: [user, serviceaccount, role#assignee]
 
-    define block: [user, serviceaccount, role#assignee]
+      define block: [user, serviceaccount, role#assignee]
 
 
 type telemetryresource
   relations
-    define read: [user, serviceaccount, role#assignee]
+      define read: [user, serviceaccount, role#assignee]

ee/modules/dashboard/impldashboard/module.go

@@ -11,8 +11,10 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
@@ -30,9 +32,9 @@ type module struct {
 	licensing          licensing.Licensing
 }
 
-func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
+func NewModule(store dashboardtypes.Store, sqlstore sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing, tagModule tag.Module) dashboard.Module {
 	scopedProviderSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard")
-	pkgDashboardModule := pkgimpldashboard.NewModule(store, settings, analytics, orgGetter, queryParser)
+	pkgDashboardModule := pkgimpldashboard.NewModule(store, sqlstore, settings, analytics, orgGetter, queryParser, tagModule)
 
 	return &module{
 		pkgDashboardModule: pkgDashboardModule,
@@ -197,6 +199,80 @@ func (module *module) Create(ctx context.Context, orgID valuer.UUID, createdBy s
 	return module.pkgDashboardModule.Create(ctx, orgID, createdBy, creator, data)
 }
 
+func (module *module) CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.CreateV2(ctx, orgID, createdBy, creator, postable)
+}
+
+func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.GetV2(ctx, orgID, id)
+}
+
+func (module *module) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.UpdateV2(ctx, orgID, id, updatedBy, updateable)
+}
+
+func (module *module) PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	return module.pkgDashboardModule.PatchV2(ctx, orgID, id, updatedBy, patch)
+}
+
+func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
+	return module.pkgDashboardModule.LockUnlockV2(ctx, orgID, id, updatedBy, isAdmin, lock)
+}
+
+func (module *module) CreatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, postable dashboardtypes.PostablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	if _, err := module.licensing.GetActive(ctx, orgID); err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	existing, err := module.pkgDashboardModule.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	if existing.PublicConfig != nil {
+		return nil, errors.Newf(errors.TypeAlreadyExists, dashboardtypes.ErrCodePublicDashboardAlreadyExists, "dashboard with id %s is already public", id)
+	}
+
+	publicDashboard := dashboardtypes.NewPublicDashboard(postable.TimeRangeEnabled, postable.DefaultTimeRange, id)
+	if err := module.store.CreatePublic(ctx, dashboardtypes.NewStorablePublicDashboardFromPublicDashboard(publicDashboard)); err != nil {
+		return nil, err
+	}
+
+	existing.PublicConfig = publicDashboard
+	return existing, nil
+}
+
+func (module *module) UpdatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatable dashboardtypes.UpdatablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	if _, err := module.licensing.GetActive(ctx, orgID); err != nil {
+		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	existing, err := module.pkgDashboardModule.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	if existing.PublicConfig == nil {
+		return nil, errors.Newf(errors.TypeNotFound, dashboardtypes.ErrCodePublicDashboardNotFound, "dashboard with id %s isn't public", id)
+	}
+
+	existing.PublicConfig.Update(updatable.TimeRangeEnabled, updatable.DefaultTimeRange)
+	if err := module.store.UpdatePublic(ctx, dashboardtypes.NewStorablePublicDashboardFromPublicDashboard(existing.PublicConfig)); err != nil {
+		return nil, err
+	}
+	return existing, nil
+}
+
+func (module *module) ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *dashboardtypes.ListDashboardsV2Params) (*dashboardtypes.ListableDashboardV2, error) {
+	return module.pkgDashboardModule.ListV2(ctx, orgID, userID, params)
+}
+
+func (module *module) PinV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, id valuer.UUID) error {
+	return module.pkgDashboardModule.PinV2(ctx, orgID, userID, id)
+}
+
+func (module *module) UnpinV2(ctx context.Context, userID valuer.UUID, id valuer.UUID) error {
+	return module.pkgDashboardModule.UnpinV2(ctx, userID, id)
+}
+
 func (module *module) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.Dashboard, error) {
 	return module.pkgDashboardModule.Get(ctx, orgID, id)
 }

ee/sqlstore/postgressqlstore/listfilter_test.go

@@ -0,0 +1,65 @@
+package postgressqlstore
+
+// Lives in this package (rather than the listfilter package) so it can use
+// the unexported newFormatter constructor without driving a real Postgres
+// connection. Covers the only listfilter cases whose emitted SQL differs
+// between SQLite and Postgres — the ones that go through JSONExtractString
+// (`name`, `description`). All other operators (=, !=, BETWEEN, LIKE, IN,
+// EXISTS, lower(...)) emit identical ANSI SQL on both dialects and are
+// covered by the SQLite tests in the listfilter package itself.
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/uptrace/bun/dialect/pgdialect"
+
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes/listfilter"
+)
+
+func TestListFilterCompile_Postgres(t *testing.T) {
+	f := newFormatter(pgdialect.New())
+
+	cases := []struct {
+		name     string
+		query    string
+		wantSQL  string
+		wantArgs []any
+	}{
+		{
+			name:     "name = uses Postgres -> / ->> chain",
+			query:    `name = 'overview'`,
+			wantSQL:  `"dashboard"."data"->'data'->'display'->>'name' = ?`,
+			wantArgs: []any{"overview"},
+		},
+		{
+			name:     "name CONTAINS — same JSON path, LIKE pattern",
+			query:    `name CONTAINS 'overview'`,
+			wantSQL:  `"dashboard"."data"->'data'->'display'->>'name' LIKE ?`,
+			wantArgs: []any{"%overview%"},
+		},
+		{
+			name:     "name ILIKE — LOWER wraps the JSON path",
+			query:    `name ILIKE 'Prod%'`,
+			wantSQL:  `lower("dashboard"."data"->'data'->'display'->>'name') LIKE LOWER(?)`,
+			wantArgs: []any{"Prod%"},
+		},
+		{
+			name:     "description = follows the same path shape",
+			query:    `description = 'd1'`,
+			wantSQL:  `"dashboard"."data"->'data'->'display'->>'description' = ?`,
+			wantArgs: []any{"d1"},
+		},
+	}
+
+	for _, c := range cases {
+		t.Run(c.name, func(t *testing.T) {
+			out, err := listfilter.Compile(c.query, f)
+			require.NoError(t, err)
+			require.NotNil(t, out)
+			assert.Equal(t, c.wantSQL, out.SQL)
+			assert.Equal(t, c.wantArgs, out.Args)
+		})
+	}
+}

frontend/.husky/commit-msg

@@ -5,15 +5,9 @@ cd frontend && pnpm run commitlint --edit $1
 
 branch="$(git rev-parse --abbrev-ref HEAD)"
 
-if [ -n "$TERM" ] && [ "$TERM" != "dumb" ]; then
-  color_red="$(tput setaf 1)"
-  bold="$(tput bold)"
-  reset="$(tput sgr0)"
-else
-  color_red=""
-  bold=""
-  reset=""
-fi
+color_red="$(tput setaf 1)"
+bold="$(tput bold)"
+reset="$(tput sgr0)"
 
 if [ "$branch" = "main" ]; then
   echo "${color_red}${bold}You can't commit directly to the main branch${reset}"

frontend/.npmrc

@@ -1,5 +1,4 @@
 registry = 'https://registry.npmjs.org/'
-engine-strict=true
 
 public-hoist-pattern[]=@commitlint*
 public-hoist-pattern[]=commitlint

frontend/package.json

@@ -4,7 +4,6 @@
   "description": "",
   "type": "module",
   "scripts": {
-    "preinstall": "npx only-allow pnpm",
     "i18n:generate-hash": "node ./i18-generate-hash.cjs",
     "dev": "vite",
     "build": "vite build",
@@ -27,8 +26,7 @@
     "generate:api": "orval --config ./orval.config.ts && sh scripts/post-types-generation.sh"
   },
   "engines": {
-    "node": ">=22.0.0",
-    "pnpm": ">=10.0.0 <11.0.0"
+    "node": ">=22.0.0"
   },
   "author": "",
   "license": "ISC",
@@ -53,7 +51,7 @@
     "@signozhq/design-tokens": "2.1.4",
     "@signozhq/icons": "0.4.0",
     "@signozhq/resizable": "0.0.2",
-    "@signozhq/ui": "0.0.19",
+    "@signozhq/ui": "0.0.18",
     "@tanstack/react-table": "8.21.3",
     "@tanstack/react-virtual": "3.13.22",
     "@uiw/codemirror-theme-copilot": "4.23.11",

frontend/pnpm-lock.yaml

@@ -89,8 +89,8 @@ importers:
         specifier: 0.0.2
         version: 0.0.2(@types/react@18.0.26)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
       '@signozhq/ui':
-        specifier: 0.0.19
-        version: 0.0.19(@emotion/is-prop-valid@1.2.0)(@signozhq/icons@0.4.0)(@types/react-dom@18.0.10)(@types/react@18.0.26)(react-dom@18.2.0(react@18.2.0))(react-router-dom@5.3.4(react@18.2.0))(react-router@6.27.0(react@18.2.0))(react@18.2.0)
+        specifier: 0.0.18
+        version: 0.0.18(@emotion/is-prop-valid@1.2.0)(@signozhq/icons@0.4.0)(@types/react-dom@18.0.10)(@types/react@18.0.26)(react-dom@18.2.0(react@18.2.0))(react-router-dom@5.3.4(react@18.2.0))(react-router@6.27.0(react@18.2.0))(react@18.2.0)
       '@tanstack/react-table':
         specifier: 8.21.3
         version: 8.21.3(react-dom@18.2.0(react@18.2.0))(react@18.2.0)
@@ -1907,105 +1907,89 @@ packages:
     resolution: {integrity: sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-arm@1.2.4':
     resolution: {integrity: sha512-bFI7xcKFELdiNCVov8e44Ia4u2byA+l3XtsAj+Q8tfCwO6BQ8iDojYdvoPMqsKDkuoOo+X6HZA0s0q11ANMQ8A==}
     cpu: [arm]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-ppc64@1.2.4':
     resolution: {integrity: sha512-FMuvGijLDYG6lW+b/UvyilUWu5Ayu+3r2d1S8notiGCIyYU/76eig1UfMmkZ7vwgOrzKzlQbFSuQfgm7GYUPpA==}
     cpu: [ppc64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-riscv64@1.2.4':
     resolution: {integrity: sha512-oVDbcR4zUC0ce82teubSm+x6ETixtKZBh/qbREIOcI3cULzDyb18Sr/Wcyx7NRQeQzOiHTNbZFF1UwPS2scyGA==}
     cpu: [riscv64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-s390x@1.2.4':
     resolution: {integrity: sha512-qmp9VrzgPgMoGZyPvrQHqk02uyjA0/QrTO26Tqk6l4ZV0MPWIW6LTkqOIov+J1yEu7MbFQaDpwdwJKhbJvuRxQ==}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linux-x64@1.2.4':
     resolution: {integrity: sha512-tJxiiLsmHc9Ax1bz3oaOYBURTXGIRDODBqhveVHonrHJ9/+k89qbLl0bcJns+e4t4rvaNBxaEZsFtSfAdquPrw==}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-libvips-linuxmusl-arm64@1.2.4':
     resolution: {integrity: sha512-FVQHuwx1IIuNow9QAbYUzJ+En8KcVm9Lk5+uGUQJHaZmMECZmOlix9HnH7n1TRkXMS0pGxIJokIVB9SuqZGGXw==}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@img/sharp-libvips-linuxmusl-x64@1.2.4':
     resolution: {integrity: sha512-+LpyBk7L44ZIXwz/VYfglaX/okxezESc6UxDSoyo2Ks6Jxc4Y7sGjpgU9s4PMgqgjj1gZCylTieNamqA1MF7Dg==}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@img/sharp-linux-arm64@0.34.5':
     resolution: {integrity: sha512-bKQzaJRY/bkPOXyKx5EVup7qkaojECG6NLYswgktOZjaXecSAeCWiZwwiFf3/Y+O1HrauiE3FVsGxFg8c24rZg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-arm@0.34.5':
     resolution: {integrity: sha512-9dLqsvwtg1uuXBGZKsxem9595+ujv0sJ6Vi8wcTANSFpwV/GONat5eCkzQo/1O6zRIkh0m/8+5BjrRr7jDUSZw==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [arm]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-ppc64@0.34.5':
     resolution: {integrity: sha512-7zznwNaqW6YtsfrGGDA6BRkISKAAE1Jo0QdpNYXNMHu2+0dTrPflTLNkpc8l7MUP5M16ZJcUvysVWWrMefZquA==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [ppc64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-riscv64@0.34.5':
     resolution: {integrity: sha512-51gJuLPTKa7piYPaVs8GmByo7/U7/7TZOq+cnXJIHZKavIRHAP77e3N2HEl3dgiqdD/w0yUfiJnII77PuDDFdw==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [riscv64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-s390x@0.34.5':
     resolution: {integrity: sha512-nQtCk0PdKfho3eC5MrbQoigJ2gd1CgddUMkabUj+rBevs8tZ2cULOx46E7oyX+04WGfABgIwmMC0VqieTiR4jg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linux-x64@0.34.5':
     resolution: {integrity: sha512-MEzd8HPKxVxVenwAa+JRPwEC7QFjoPWuS5NZnBt6B3pu7EG2Ge0id1oLHZpPJdn3OQK+BQDiw9zStiHBTJQQQQ==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@img/sharp-linuxmusl-arm64@0.34.5':
     resolution: {integrity: sha512-fprJR6GtRsMt6Kyfq44IsChVZeGN97gTD331weR1ex1c1rypDEABN6Tm2xa1wE6lYb5DdEnk03NZPqA7Id21yg==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@img/sharp-linuxmusl-x64@0.34.5':
     resolution: {integrity: sha512-Jg8wNT1MUzIvhBFxViqrEhWDGzqymo3sV7z7ZsaWbZNDLXRJZoRGrjulp60YYtV4wfY8VIKcWidjojlLcWrd8Q==}
     engines: {node: ^18.17.0 || ^20.3.0 || >=21.0.0}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@img/sharp-wasm32@0.34.5':
     resolution: {integrity: sha512-OdWTEiVkY2PHwqkbBI8frFxQQFekHaSSkUIJkwzclWZe64O1X4UlUjqqqLaPbUpMOQk6FBu/HtlGXNblIs0huw==}
@@ -2360,56 +2344,48 @@ packages:
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@oxfmt/binding-linux-arm64-musl@0.47.0':
     resolution: {integrity: sha512-IxtQC/sbBi4ubbY+MdwdanRWrG9InQJVZqyMsBa5IUaQcnSg86gQme574HxXMC1p4bo4YhV99zQ+wNnGCvEgzw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@oxfmt/binding-linux-ppc64-gnu@0.47.0':
     resolution: {integrity: sha512-EWXEhOMbWO0q6eJSbu0QLkU8cKi0ljlYLngeDs2Ocu/pm1rrLwyQiYzlFbdnMRURI4w9ndr1sI9rSbhlJ5o23Q==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [ppc64]
     os: [linux]
-    libc: [glibc]
 
   '@oxfmt/binding-linux-riscv64-gnu@0.47.0':
     resolution: {integrity: sha512-tZrjS11TUiDuEpRaqdk8K9F9xETRyKXfuZKmdeW+Gj7coBnm7+8sBEfyt033EAFEQSlkniAXvBLh+Qja2ioGBQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [riscv64]
     os: [linux]
-    libc: [glibc]
 
   '@oxfmt/binding-linux-riscv64-musl@0.47.0':
     resolution: {integrity: sha512-KBFy+2CFKUCZzYwX2ZOPQKck1vjQbz+hextuc19G4r0WRJwadfAeuQMQRQvB+Ivc8brlbOVg7et8K7E467440g==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [riscv64]
     os: [linux]
-    libc: [musl]
 
   '@oxfmt/binding-linux-s390x-gnu@0.47.0':
     resolution: {integrity: sha512-REUPFKVGSiK99B+9eaPhluEVglzaoj/SMykNC5SUiV2RSsBfV5lWN7Y0iCIc251Wz3GaeAGZsJ/zj3gjarxdFg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@oxfmt/binding-linux-x64-gnu@0.47.0':
     resolution: {integrity: sha512-KVftVSVEDeIfRW3TIeLe3aNI/iY4m1fu5mDwHcisKMZSCMKLkrhFsjowC7o9RoqNPxbbglm2+/6KAKBIts2t0Q==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@oxfmt/binding-linux-x64-musl@0.47.0':
     resolution: {integrity: sha512-DTsmGEaA2860Aq5VUyDO8/MT9NFxwVL93RnRYmpMwK6DsSkThmvEpqoUDDljziEpAedMRG19SCogrNbINSbLUQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@oxfmt/binding-openharmony-arm64@0.47.0':
     resolution: {integrity: sha512-8r5BDro7fLOBoq1JXHLVSs55OlrxQhEso4HVo0TcY7OXJUPYfjPoOaYL5us+yIwqyP9rQwN+rxuiNFSmaxSuOQ==}
@@ -2512,56 +2488,48 @@ packages:
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@oxlint/binding-linux-arm64-musl@1.62.0':
     resolution: {integrity: sha512-8eCy3FCDuWUM5hWujAv6heMvfZPbcCOU3SdQUAkixZLu5bSzOkNfirJiLGoQFO943xceOKkiQRMQNzH++jM3WA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@oxlint/binding-linux-ppc64-gnu@1.62.0':
     resolution: {integrity: sha512-NjQ7K7tpTPDe9J+yq8p/s/J0E7lRCkK2uDBDqvT4XIT6f4Z0tlnr59OBg/WcrmVHER1AbrcfyxhGTXgcG8ytWg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [ppc64]
     os: [linux]
-    libc: [glibc]
 
   '@oxlint/binding-linux-riscv64-gnu@1.62.0':
     resolution: {integrity: sha512-oKZed9gmSwze29dEt3/Wnsv6l/Ygw/FUst+8Kfpv2SGeS/glEoTGZAMQw37SVyzFV76UTHJN2snGgxK2t2+8ow==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [riscv64]
     os: [linux]
-    libc: [glibc]
 
   '@oxlint/binding-linux-riscv64-musl@1.62.0':
     resolution: {integrity: sha512-gBjBxQ+9lGpAYq+ELqw0w8QXsBnkZclFc7GRX2r0LnEVn3ZTEqeIKpKcGjucmp76Q53bvJD0i4qBWBhcfhSfGA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [riscv64]
     os: [linux]
-    libc: [musl]
 
   '@oxlint/binding-linux-s390x-gnu@1.62.0':
     resolution: {integrity: sha512-Ew2Kxs9EQ9/mbAIJ2hvocMC0wsOu6YKzStI2eFBDt+Td5O8seVC/oxgRIHqCcl5sf5ratA1nozQBAuv7tphkHg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@oxlint/binding-linux-x64-gnu@1.62.0':
     resolution: {integrity: sha512-5z25jcAA0gfKyVwz71A0VXgaPlocPoTAxhlv/hgoK6tlCrfoNuw7haWbDHvGMfjXhdic4EqVXGRv5XsTqFnbRQ==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@oxlint/binding-linux-x64-musl@1.62.0':
     resolution: {integrity: sha512-IWpHmMB6ZDllPvqWDkG6AmXrN7JF5e/c4g/0PuURsmlK+vHoYZPB70rr4u1bn3I4LsKCSpqqfveyx6UCOC8wdg==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@oxlint/binding-openharmony-arm64@1.62.0':
     resolution: {integrity: sha512-fjlSxxrD5pA594vkyikCS9MnPRjQawW6/BLgyTYkO+73wwPlYjkcZ7LSd974l0Q2zkHQmu4DPvJFLYA7o8xrxQ==}
@@ -2616,42 +2584,36 @@ packages:
     engines: {node: '>= 10.0.0'}
     cpu: [arm]
     os: [linux]
-    libc: [glibc]
 
   '@parcel/watcher-linux-arm-musl@2.5.1':
     resolution: {integrity: sha512-6E+m/Mm1t1yhB8X412stiKFG3XykmgdIOqhjWj+VL8oHkKABfu/gjFj8DvLrYVHSBNC+/u5PeNrujiSQ1zwd1Q==}
     engines: {node: '>= 10.0.0'}
     cpu: [arm]
     os: [linux]
-    libc: [musl]
 
   '@parcel/watcher-linux-arm64-glibc@2.5.1':
     resolution: {integrity: sha512-LrGp+f02yU3BN9A+DGuY3v3bmnFUggAITBGriZHUREfNEzZh/GO06FF5u2kx8x+GBEUYfyTGamol4j3m9ANe8w==}
     engines: {node: '>= 10.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@parcel/watcher-linux-arm64-musl@2.5.1':
     resolution: {integrity: sha512-cFOjABi92pMYRXS7AcQv9/M1YuKRw8SZniCDw0ssQb/noPkRzA+HBDkwmyOJYp5wXcsTrhxO0zq1U11cK9jsFg==}
     engines: {node: '>= 10.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@parcel/watcher-linux-x64-glibc@2.5.1':
     resolution: {integrity: sha512-GcESn8NZySmfwlTsIur+49yDqSny2IhPeZfXunQi48DMugKeZ7uy1FX83pO0X22sHntJ4Ub+9k34XQCX+oHt2A==}
     engines: {node: '>= 10.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@parcel/watcher-linux-x64-musl@2.5.1':
     resolution: {integrity: sha512-n0E2EQbatQ3bXhcH2D1XIAANAcTZkQICBPVaxMeaCVBtOpBZpWJuf7LwyWPSBDITb7In8mqQgJ7gH8CILCURXg==}
     engines: {node: '>= 10.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@parcel/watcher-win32-arm64@2.5.1':
     resolution: {integrity: sha512-RFzklRvmc3PkjKjry3hLF9wD7ppR4AKcWNzH7kXR7GUe0Igb3Nz8fyPwtZCSquGrhU5HhUNDr/mKBqj7tqA2Vw==}
@@ -3512,28 +3474,24 @@ packages:
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@rolldown/binding-linux-arm64-musl@1.0.0-beta.53':
     resolution: {integrity: sha512-bGe5EBB8FVjHBR1mOLOPEFg1Lp3//7geqWkU5NIhxe+yH0W8FVrQ6WRYOap4SUTKdklD/dC4qPLREkMMQ855FA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@rolldown/binding-linux-x64-gnu@1.0.0-beta.53':
     resolution: {integrity: sha512-qL+63WKVQs1CMvFedlPt0U9PiEKJOAL/bsHMKUDS6Vp2Q+YAv/QLPu8rcvkfIMvQ0FPU2WL0aX4eWwF6e/GAnA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@rolldown/binding-linux-x64-musl@1.0.0-beta.53':
     resolution: {integrity: sha512-VGl9JIGjoJh3H8Mb+7xnVqODajBmrdOOb9lxWXdcmxyI+zjB2sux69br0hZJDTyLJfvBoYm439zPACYbCjGRmw==}
     engines: {node: ^20.19.0 || >=22.12.0}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@rolldown/binding-openharmony-arm64@1.0.0-beta.53':
     resolution: {integrity: sha512-B4iIserJXuSnNzA5xBLFUIjTfhNy7d9sq4FUMQY3GhQWGVhS2RWWzzDnkSU6MUt7/aHUrep0CdQfXUJI9D3W7A==}
@@ -3686,8 +3644,8 @@ packages:
     peerDependencies:
       react: ^18.2.0
 
-  '@signozhq/ui@0.0.19':
-    resolution: {integrity: sha512-2q6aRxN/PR4PlR2xJZAREEuvLPiDFggfFKzCW2Z5vHVVbrgnvZHWD1jPUuwszfEg0ceH3UvkwqceO7wN4uRJAA==}
+  '@signozhq/ui@0.0.18':
+    resolution: {integrity: sha512-1p3ALh76kafiz5yX7ReNKVcHDt2od7CcZD/Vx9i2adTwTeynkLJcEfVoXoJD3oh1kKTleooOiOjRyxlA7VzmSA==}
     peerDependencies:
       '@signozhq/icons': 0.3.0
       react: ^18.2.0
@@ -4308,49 +4266,41 @@ packages:
     resolution: {integrity: sha512-34gw7PjDGB9JgePJEmhEqBhWvCiiWCuXsL9hYphDF7crW7UgI05gyBAi6MF58uGcMOiOqSJ2ybEeCvHcq0BCmQ==}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   '@unrs/resolver-binding-linux-arm64-musl@1.11.1':
     resolution: {integrity: sha512-RyMIx6Uf53hhOtJDIamSbTskA99sPHS96wxVE/bJtePJJtpdKGXO1wY90oRdXuYOGOTuqjT8ACccMc4K6QmT3w==}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   '@unrs/resolver-binding-linux-ppc64-gnu@1.11.1':
     resolution: {integrity: sha512-D8Vae74A4/a+mZH0FbOkFJL9DSK2R6TFPC9M+jCWYia/q2einCubX10pecpDiTmkJVUH+y8K3BZClycD8nCShA==}
     cpu: [ppc64]
     os: [linux]
-    libc: [glibc]
 
   '@unrs/resolver-binding-linux-riscv64-gnu@1.11.1':
     resolution: {integrity: sha512-frxL4OrzOWVVsOc96+V3aqTIQl1O2TjgExV4EKgRY09AJ9leZpEg8Ak9phadbuX0BA4k8U5qtvMSQQGGmaJqcQ==}
     cpu: [riscv64]
     os: [linux]
-    libc: [glibc]
 
   '@unrs/resolver-binding-linux-riscv64-musl@1.11.1':
     resolution: {integrity: sha512-mJ5vuDaIZ+l/acv01sHoXfpnyrNKOk/3aDoEdLO/Xtn9HuZlDD6jKxHlkN8ZhWyLJsRBxfv9GYM2utQ1SChKew==}
     cpu: [riscv64]
     os: [linux]
-    libc: [musl]
 
   '@unrs/resolver-binding-linux-s390x-gnu@1.11.1':
     resolution: {integrity: sha512-kELo8ebBVtb9sA7rMe1Cph4QHreByhaZ2QEADd9NzIQsYNQpt9UkM9iqr2lhGr5afh885d/cB5QeTXSbZHTYPg==}
     cpu: [s390x]
     os: [linux]
-    libc: [glibc]
 
   '@unrs/resolver-binding-linux-x64-gnu@1.11.1':
     resolution: {integrity: sha512-C3ZAHugKgovV5YvAMsxhq0gtXuwESUKc5MhEtjBpLoHPLYM+iuwSj3lflFwK3DPm68660rZ7G8BMcwSro7hD5w==}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   '@unrs/resolver-binding-linux-x64-musl@1.11.1':
     resolution: {integrity: sha512-rV0YSoyhK2nZ4vEswT/QwqzqQXw5I6CjoaYMOX0TqBlWhojUf8P94mvI7nuJTeaCkkds3QE4+zS8Ko+GdXuZtA==}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   '@unrs/resolver-binding-wasm32-wasi@1.11.1':
     resolution: {integrity: sha512-5u4RkfxJm+Ng7IWgkzi3qrFOvLvQYnPBmjmZQ8+szTK/b31fQCnleNl1GgEt7nIsZRIf5PLhPwT0WM+q45x/UQ==}
@@ -4417,7 +4367,7 @@ packages:
     resolution: {integrity: sha512-VIcFLdRi/VYRU8OL/puL7QXMYafHmqOnwTZY50U1JPlCNj30PxCMx65c494b1K9be9hX83KVt0+gTEwTWLqToA==}
     engines: {node: ^20.19.0 || >=22.12.0}
     peerDependencies:
-      vite: ^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0
+      vite: npm:rolldown-vite@7.3.1
 
   '@webassemblyjs/ast@1.14.1':
     resolution: {integrity: sha512-nuBEDgQfm1ccRp/8bCQrx1frohyufl4JlbMMZ4P1wpeOfDhF6FQkxZJ1b/e+PLwr6X1Nhw6OLme5usuBWYBvuQ==}
@@ -7244,28 +7194,24 @@ packages:
     engines: {node: '>= 12.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [glibc]
 
   lightningcss-linux-arm64-musl@1.31.1:
     resolution: {integrity: sha512-mVZ7Pg2zIbe3XlNbZJdjs86YViQFoJSpc41CbVmKBPiGmC4YrfeOyz65ms2qpAobVd7WQsbW4PdsSJEMymyIMg==}
     engines: {node: '>= 12.0.0'}
     cpu: [arm64]
     os: [linux]
-    libc: [musl]
 
   lightningcss-linux-x64-gnu@1.31.1:
     resolution: {integrity: sha512-xGlFWRMl+0KvUhgySdIaReQdB4FNudfUTARn7q0hh/V67PVGCs3ADFjw+6++kG1RNd0zdGRlEKa+T13/tQjPMA==}
     engines: {node: '>= 12.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [glibc]
 
   lightningcss-linux-x64-musl@1.31.1:
     resolution: {integrity: sha512-eowF8PrKHw9LpoZii5tdZwnBcYDxRw2rRCyvAXLi34iyeYfqCQNA9rmUM0ce62NlPhCvof1+9ivRaTY6pSKDaA==}
     engines: {node: '>= 12.0.0'}
     cpu: [x64]
     os: [linux]
-    libc: [musl]
 
   lightningcss-win32-arm64-msvc@1.31.1:
     resolution: {integrity: sha512-aJReEbSEQzx1uBlQizAOBSjcmr9dCdL3XuC/6HLXAxmtErsj2ICo5yYggg1qOODQMtnjNQv2UHb9NpOuFtYe4w==}
@@ -10293,7 +10239,7 @@ packages:
       oxlint: '>=1'
       stylelint: '>=16'
       typescript: '*'
-      vite: '>=5.4.21'
+      vite: npm:rolldown-vite@7.3.1
       vls: '*'
       vti: '*'
       vue-tsc: ~2.2.10 || ^3.0.0
@@ -10322,12 +10268,12 @@ packages:
   vite-plugin-compression@0.5.1:
     resolution: {integrity: sha512-5QJKBDc+gNYVqL/skgFAP81Yuzo9R+EAf19d+EtsMF/i8kFUpNi3J/H01QD3Oo8zBQn+NzoCIFkpPLynoOzaJg==}
     peerDependencies:
-      vite: '>=2.0.0'
+      vite: npm:rolldown-vite@7.3.1
 
   vite-plugin-html@3.2.2:
     resolution: {integrity: sha512-vb9C9kcdzcIo/Oc3CLZVS03dL5pDlOFuhGlZYDCJ840BhWl/0nGeZWf3Qy7NlOayscY4Cm/QRgULCQkEZige5Q==}
     peerDependencies:
-      vite: '>=2.0.0'
+      vite: npm:rolldown-vite@7.3.1
 
   vite-plugin-image-optimizer@2.0.3:
     resolution: {integrity: sha512-1vrFOTcpSvv6DCY7h8UXab4wqMAjTJB/ndOzG/Kmj1oDOuPF6mbjkNQoGzzCEYeWGe7qU93jc8oQqvoJ57al3A==}
@@ -10335,7 +10281,7 @@ packages:
     peerDependencies:
       sharp: '>=0.34.0'
       svgo: '>=4'
-      vite: '>=5'
+      vite: npm:rolldown-vite@7.3.1
     peerDependenciesMeta:
       sharp:
         optional: true
@@ -10345,7 +10291,7 @@ packages:
   vite-tsconfig-paths@6.1.1:
     resolution: {integrity: sha512-2cihq7zliibCCZ8P9cKJrQBkfgdvcFkOOc3Y02o3GWUDLgqjWsZudaoiuOwO/gzTzy17cS5F7ZPo4bsnS4DGkg==}
     peerDependencies:
-      vite: '*'
+      vite: npm:rolldown-vite@7.3.1
 
   void-elements@3.1.0:
     resolution: {integrity: sha512-Dhxzh5HZuiHQhbvTW9AMetFfBHDMYpo23Uo9btPXgdYP+3T5S+p+jgNy7spra+veYhBP2dCSgxR/i2Y02h5/6w==}
@@ -13955,7 +13901,7 @@ snapshots:
       - react-dom
       - tailwindcss
 
-  '@signozhq/ui@0.0.19(@emotion/is-prop-valid@1.2.0)(@signozhq/icons@0.4.0)(@types/react-dom@18.0.10)(@types/react@18.0.26)(react-dom@18.2.0(react@18.2.0))(react-router-dom@5.3.4(react@18.2.0))(react-router@6.27.0(react@18.2.0))(react@18.2.0)':
+  '@signozhq/ui@0.0.18(@emotion/is-prop-valid@1.2.0)(@signozhq/icons@0.4.0)(@types/react-dom@18.0.10)(@types/react@18.0.26)(react-dom@18.2.0(react@18.2.0))(react-router-dom@5.3.4(react@18.2.0))(react-router@6.27.0(react@18.2.0))(react@18.2.0)':
     dependencies:
       '@chenglou/pretext': 0.0.5
       '@radix-ui/react-checkbox': 1.3.3(@types/react-dom@18.0.10)(@types/react@18.0.26)(react-dom@18.2.0(react@18.2.0))(react@18.2.0)

frontend/public/locales/en-GB/dashboard.json

@@ -26,6 +26,5 @@
 	"dashboard_unsave_changes": "There are unsaved changes in the Query builder, please stage and run the query or the changes will be lost. Press OK to discard.",
 	"dashboard_save_changes": "Your graph built with {{queryTag}} query will be saved. Press OK to confirm.",
 	"your_graph_build_with": "Your graph built with",
-	"dashboard_ok_confirm": "query will be saved. Press OK to confirm.",
-	"variable_name_already_exists": "Variable \"{{name}}\" already exists"
+	"dashboard_ok_confirm": "query will be saved. Press OK to confirm."
 }

frontend/public/locales/en/dashboard.json

@@ -30,6 +30,5 @@
 	"dashboard_unsave_changes": "There are unsaved changes in the Query builder, please stage and run the query or the changes will be lost. Press OK to discard.",
 	"dashboard_save_changes": "Your graph built with {{queryTag}} query will be saved. Press OK to confirm.",
 	"your_graph_build_with": "Your graph built with",
-	"dashboard_ok_confirm": "query will be saved. Press OK to confirm.",
-	"variable_name_already_exists": "Variable \"{{name}}\" already exists"
+	"dashboard_ok_confirm": "query will be saved. Press OK to confirm."
 }

frontend/src/api/generated/services/dashboard/index.ts

@@ -18,19 +18,34 @@ import type {
 } from 'react-query';
 
 import type {
+	CreateDashboardV2201,
 	CreatePublicDashboard201,
 	CreatePublicDashboardPathParameters,
+	CreatePublicDashboardV2200,
+	CreatePublicDashboardV2PathParameters,
+	DashboardtypesJSONPatchDocumentDTO,
+	DashboardtypesPostableDashboardV2DTO,
 	DashboardtypesPostablePublicDashboardDTO,
 	DashboardtypesUpdatablePublicDashboardDTO,
 	DeletePublicDashboardPathParameters,
+	GetDashboardV2200,
+	GetDashboardV2PathParameters,
 	GetPublicDashboard200,
 	GetPublicDashboardData200,
 	GetPublicDashboardDataPathParameters,
 	GetPublicDashboardPathParameters,
 	GetPublicDashboardWidgetQueryRange200,
 	GetPublicDashboardWidgetQueryRangePathParameters,
+	LockDashboardV2PathParameters,
+	PatchDashboardV2200,
+	PatchDashboardV2PathParameters,
 	RenderErrorResponseDTO,
+	UnlockDashboardV2PathParameters,
+	UpdateDashboardV2200,
+	UpdateDashboardV2PathParameters,
 	UpdatePublicDashboardPathParameters,
+	UpdatePublicDashboardV2200,
+	UpdatePublicDashboardV2PathParameters,
 } from '../sigNoz.schemas';
 
 import { GeneratedAPIInstance } from '../../../generatedAPIInstance';
@@ -634,3 +649,739 @@ export const invalidateGetPublicDashboardWidgetQueryRange = async (
 
 	return queryClient;
 };
+
+/**
+ * This endpoint creates a v2-shape dashboard with structured metadata, a typed data tree, and resolved tags.
+ * @summary Create dashboard (v2)
+ */
+export const createDashboardV2 = (
+	dashboardtypesPostableDashboardV2DTO: BodyType<DashboardtypesPostableDashboardV2DTO>,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<CreateDashboardV2201>({
+		url: `/api/v2/dashboards`,
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesPostableDashboardV2DTO,
+		signal,
+	});
+};
+
+export const getCreateDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createDashboardV2>>,
+		TError,
+		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createDashboardV2>>,
+	TError,
+	{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+	TContext
+> => {
+	const mutationKey = ['createDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createDashboardV2>>,
+		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> }
+	> = (props) => {
+		const { data } = props ?? {};
+
+		return createDashboardV2(data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreateDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof createDashboardV2>>
+>;
+export type CreateDashboardV2MutationBody =
+	BodyType<DashboardtypesPostableDashboardV2DTO>;
+export type CreateDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Create dashboard (v2)
+ */
+export const useCreateDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createDashboardV2>>,
+		TError,
+		{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createDashboardV2>>,
+	TError,
+	{ data: BodyType<DashboardtypesPostableDashboardV2DTO> },
+	TContext
+> => {
+	const mutationOptions = getCreateDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint returns a v2-shape dashboard with its tags and public sharing config (if any).
+ * @summary Get dashboard (v2)
+ */
+export const getDashboardV2 = (
+	{ id }: GetDashboardV2PathParameters,
+	signal?: AbortSignal,
+) => {
+	return GeneratedAPIInstance<GetDashboardV2200>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'GET',
+		signal,
+	});
+};
+
+export const getGetDashboardV2QueryKey = ({
+	id,
+}: GetDashboardV2PathParameters) => {
+	return [`/api/v2/dashboards/${id}`] as const;
+};
+
+export const getGetDashboardV2QueryOptions = <
+	TData = Awaited<ReturnType<typeof getDashboardV2>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(
+	{ id }: GetDashboardV2PathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getDashboardV2>>,
+			TError,
+			TData
+		>;
+	},
+) => {
+	const { query: queryOptions } = options ?? {};
+
+	const queryKey = queryOptions?.queryKey ?? getGetDashboardV2QueryKey({ id });
+
+	const queryFn: QueryFunction<Awaited<ReturnType<typeof getDashboardV2>>> = ({
+		signal,
+	}) => getDashboardV2({ id }, signal);
+
+	return {
+		queryKey,
+		queryFn,
+		enabled: !!id,
+		...queryOptions,
+	} as UseQueryOptions<
+		Awaited<ReturnType<typeof getDashboardV2>>,
+		TError,
+		TData
+	> & { queryKey: QueryKey };
+};
+
+export type GetDashboardV2QueryResult = NonNullable<
+	Awaited<ReturnType<typeof getDashboardV2>>
+>;
+export type GetDashboardV2QueryError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Get dashboard (v2)
+ */
+
+export function useGetDashboardV2<
+	TData = Awaited<ReturnType<typeof getDashboardV2>>,
+	TError = ErrorType<RenderErrorResponseDTO>,
+>(
+	{ id }: GetDashboardV2PathParameters,
+	options?: {
+		query?: UseQueryOptions<
+			Awaited<ReturnType<typeof getDashboardV2>>,
+			TError,
+			TData
+		>;
+	},
+): UseQueryResult<TData, TError> & { queryKey: QueryKey } {
+	const queryOptions = getGetDashboardV2QueryOptions({ id }, options);
+
+	const query = useQuery(queryOptions) as UseQueryResult<TData, TError> & {
+		queryKey: QueryKey;
+	};
+
+	query.queryKey = queryOptions.queryKey;
+
+	return query;
+}
+
+/**
+ * @summary Get dashboard (v2)
+ */
+export const invalidateGetDashboardV2 = async (
+	queryClient: QueryClient,
+	{ id }: GetDashboardV2PathParameters,
+	options?: InvalidateOptions,
+): Promise<QueryClient> => {
+	await queryClient.invalidateQueries(
+		{ queryKey: getGetDashboardV2QueryKey({ id }) },
+		options,
+	);
+
+	return queryClient;
+};
+
+/**
+ * This endpoint applies an RFC 6902 JSON Patch to a v2-shape dashboard. The patch is applied against the postable view of the dashboard (metadata, data, tags), so individual panels, queries, variables, layouts, or tags can be updated without re-sending the rest of the dashboard. Locked dashboards are rejected.
+ * @summary Patch dashboard (v2)
+ */
+export const patchDashboardV2 = (
+	{ id }: PatchDashboardV2PathParameters,
+	dashboardtypesJSONPatchDocumentDTO: BodyType<DashboardtypesJSONPatchDocumentDTO>,
+) => {
+	return GeneratedAPIInstance<PatchDashboardV2200>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'PATCH',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesJSONPatchDocumentDTO,
+	});
+};
+
+export const getPatchDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof patchDashboardV2>>,
+		TError,
+		{
+			pathParams: PatchDashboardV2PathParameters;
+			data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof patchDashboardV2>>,
+	TError,
+	{
+		pathParams: PatchDashboardV2PathParameters;
+		data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['patchDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof patchDashboardV2>>,
+		{
+			pathParams: PatchDashboardV2PathParameters;
+			data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return patchDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type PatchDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof patchDashboardV2>>
+>;
+export type PatchDashboardV2MutationBody =
+	BodyType<DashboardtypesJSONPatchDocumentDTO>;
+export type PatchDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Patch dashboard (v2)
+ */
+export const usePatchDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof patchDashboardV2>>,
+		TError,
+		{
+			pathParams: PatchDashboardV2PathParameters;
+			data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof patchDashboardV2>>,
+	TError,
+	{
+		pathParams: PatchDashboardV2PathParameters;
+		data: BodyType<DashboardtypesJSONPatchDocumentDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getPatchDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint updates a v2-shape dashboard's metadata, data, and tag set. Locked dashboards are rejected.
+ * @summary Update dashboard (v2)
+ */
+export const updateDashboardV2 = (
+	{ id }: UpdateDashboardV2PathParameters,
+	dashboardtypesPostableDashboardV2DTO: BodyType<DashboardtypesPostableDashboardV2DTO>,
+) => {
+	return GeneratedAPIInstance<UpdateDashboardV2200>({
+		url: `/api/v2/dashboards/${id}`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesPostableDashboardV2DTO,
+	});
+};
+
+export const getUpdateDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdateDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updateDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdateDashboardV2PathParameters;
+		data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updateDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updateDashboardV2>>,
+		{
+			pathParams: UpdateDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updateDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdateDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof updateDashboardV2>>
+>;
+export type UpdateDashboardV2MutationBody =
+	BodyType<DashboardtypesPostableDashboardV2DTO>;
+export type UpdateDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update dashboard (v2)
+ */
+export const useUpdateDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updateDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdateDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updateDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdateDashboardV2PathParameters;
+		data: BodyType<DashboardtypesPostableDashboardV2DTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getUpdateDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint unlocks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.
+ * @summary Unlock dashboard (v2)
+ */
+export const unlockDashboardV2 = ({ id }: UnlockDashboardV2PathParameters) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/lock`,
+		method: 'DELETE',
+	});
+};
+
+export const getUnlockDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unlockDashboardV2>>,
+		TError,
+		{ pathParams: UnlockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof unlockDashboardV2>>,
+	TError,
+	{ pathParams: UnlockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['unlockDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof unlockDashboardV2>>,
+		{ pathParams: UnlockDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return unlockDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UnlockDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof unlockDashboardV2>>
+>;
+
+export type UnlockDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Unlock dashboard (v2)
+ */
+export const useUnlockDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof unlockDashboardV2>>,
+		TError,
+		{ pathParams: UnlockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof unlockDashboardV2>>,
+	TError,
+	{ pathParams: UnlockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationOptions = getUnlockDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint locks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.
+ * @summary Lock dashboard (v2)
+ */
+export const lockDashboardV2 = ({ id }: LockDashboardV2PathParameters) => {
+	return GeneratedAPIInstance<string>({
+		url: `/api/v2/dashboards/${id}/lock`,
+		method: 'PUT',
+	});
+};
+
+export const getLockDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof lockDashboardV2>>,
+		TError,
+		{ pathParams: LockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof lockDashboardV2>>,
+	TError,
+	{ pathParams: LockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationKey = ['lockDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof lockDashboardV2>>,
+		{ pathParams: LockDashboardV2PathParameters }
+	> = (props) => {
+		const { pathParams } = props ?? {};
+
+		return lockDashboardV2(pathParams);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type LockDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof lockDashboardV2>>
+>;
+
+export type LockDashboardV2MutationError = ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Lock dashboard (v2)
+ */
+export const useLockDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof lockDashboardV2>>,
+		TError,
+		{ pathParams: LockDashboardV2PathParameters },
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof lockDashboardV2>>,
+	TError,
+	{ pathParams: LockDashboardV2PathParameters },
+	TContext
+> => {
+	const mutationOptions = getLockDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint creates the public sharing config for a v2 dashboard and returns the dashboard with the new public config attached. Lock state does not gate this endpoint.
+ * @summary Make a dashboard v2 public
+ */
+export const createPublicDashboardV2 = (
+	{ id }: CreatePublicDashboardV2PathParameters,
+	dashboardtypesPostablePublicDashboardDTO: BodyType<DashboardtypesPostablePublicDashboardDTO>,
+) => {
+	return GeneratedAPIInstance<CreatePublicDashboardV2200>({
+		url: `/api/v2/dashboards/${id}/public`,
+		method: 'PATCH',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesPostablePublicDashboardDTO,
+	});
+};
+
+export const getCreatePublicDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createPublicDashboardV2>>,
+		TError,
+		{
+			pathParams: CreatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof createPublicDashboardV2>>,
+	TError,
+	{
+		pathParams: CreatePublicDashboardV2PathParameters;
+		data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['createPublicDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof createPublicDashboardV2>>,
+		{
+			pathParams: CreatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return createPublicDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type CreatePublicDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof createPublicDashboardV2>>
+>;
+export type CreatePublicDashboardV2MutationBody =
+	BodyType<DashboardtypesPostablePublicDashboardDTO>;
+export type CreatePublicDashboardV2MutationError =
+	ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Make a dashboard v2 public
+ */
+export const useCreatePublicDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof createPublicDashboardV2>>,
+		TError,
+		{
+			pathParams: CreatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof createPublicDashboardV2>>,
+	TError,
+	{
+		pathParams: CreatePublicDashboardV2PathParameters;
+		data: BodyType<DashboardtypesPostablePublicDashboardDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getCreatePublicDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};
+/**
+ * This endpoint updates the public sharing config (time range settings) of an already-public v2 dashboard. Lock state does not gate this endpoint.
+ * @summary Update public sharing config for a dashboard v2
+ */
+export const updatePublicDashboardV2 = (
+	{ id }: UpdatePublicDashboardV2PathParameters,
+	dashboardtypesUpdatablePublicDashboardDTO: BodyType<DashboardtypesUpdatablePublicDashboardDTO>,
+) => {
+	return GeneratedAPIInstance<UpdatePublicDashboardV2200>({
+		url: `/api/v2/dashboards/${id}/public`,
+		method: 'PUT',
+		headers: { 'Content-Type': 'application/json' },
+		data: dashboardtypesUpdatablePublicDashboardDTO,
+	});
+};
+
+export const getUpdatePublicDashboardV2MutationOptions = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+		},
+		TContext
+	>;
+}): UseMutationOptions<
+	Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdatePublicDashboardV2PathParameters;
+		data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+	},
+	TContext
+> => {
+	const mutationKey = ['updatePublicDashboardV2'];
+	const { mutation: mutationOptions } = options
+		? options.mutation &&
+			'mutationKey' in options.mutation &&
+			options.mutation.mutationKey
+			? options
+			: { ...options, mutation: { ...options.mutation, mutationKey } }
+		: { mutation: { mutationKey } };
+
+	const mutationFn: MutationFunction<
+		Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+		{
+			pathParams: UpdatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+		}
+	> = (props) => {
+		const { pathParams, data } = props ?? {};
+
+		return updatePublicDashboardV2(pathParams, data);
+	};
+
+	return { mutationFn, ...mutationOptions };
+};
+
+export type UpdatePublicDashboardV2MutationResult = NonNullable<
+	Awaited<ReturnType<typeof updatePublicDashboardV2>>
+>;
+export type UpdatePublicDashboardV2MutationBody =
+	BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+export type UpdatePublicDashboardV2MutationError =
+	ErrorType<RenderErrorResponseDTO>;
+
+/**
+ * @summary Update public sharing config for a dashboard v2
+ */
+export const useUpdatePublicDashboardV2 = <
+	TError = ErrorType<RenderErrorResponseDTO>,
+	TContext = unknown,
+>(options?: {
+	mutation?: UseMutationOptions<
+		Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+		TError,
+		{
+			pathParams: UpdatePublicDashboardV2PathParameters;
+			data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+		},
+		TContext
+	>;
+}): UseMutationResult<
+	Awaited<ReturnType<typeof updatePublicDashboardV2>>,
+	TError,
+	{
+		pathParams: UpdatePublicDashboardV2PathParameters;
+		data: BodyType<DashboardtypesUpdatablePublicDashboardDTO>;
+	},
+	TContext
+> => {
+	const mutationOptions = getUpdatePublicDashboardV2MutationOptions(options);
+
+	return useMutation(mutationOptions);
+};

frontend/src/api/generated/services/inframonitoring/index.ts

@@ -15,20 +15,16 @@ import type {
 	InframonitoringtypesPostableClustersDTO,
 	InframonitoringtypesPostableDeploymentsDTO,
 	InframonitoringtypesPostableHostsDTO,
-	InframonitoringtypesPostableJobsDTO,
 	InframonitoringtypesPostableNamespacesDTO,
 	InframonitoringtypesPostableNodesDTO,
 	InframonitoringtypesPostablePodsDTO,
-	InframonitoringtypesPostableStatefulSetsDTO,
 	InframonitoringtypesPostableVolumesDTO,
 	ListClusters200,
 	ListDeployments200,
 	ListHosts200,
-	ListJobs200,
 	ListNamespaces200,
 	ListNodes200,
 	ListPods200,
-	ListStatefulSets200,
 	ListVolumes200,
 	RenderErrorResponseDTO,
 } from '../sigNoz.schemas';
@@ -288,90 +284,6 @@ export const useListHosts = <
 
 	return useMutation(mutationOptions);
 };
-/**
- * Returns a paginated list of Kubernetes Jobs with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the job, plus average CPU/memory request and limit utilization (jobCPURequest, jobCPULimit, jobMemoryRequest, jobMemoryLimit). Each row also reports the latest known job-level counters from kube-state-metrics: desiredSuccessfulPods (k8s.job.desired_successful_pods, the target completion count), activePods (k8s.job.active_pods), failedPods (k8s.job.failed_pods, cumulative across the lifetime of the job), and successfulPods (k8s.job.successful_pods, cumulative). It also reports per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value); note podCountsByPhase.failed (current pod-phase) is distinct from failedPods (cumulative job kube-state-metric). Each job includes metadata attributes (k8s.job.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.job.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by jobs in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_successful_pods / active_pods / failed_pods / successful_pods, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (jobCPU, jobCPURequest, jobCPULimit, jobMemory, jobMemoryRequest, jobMemoryLimit, desiredSuccessfulPods, activePods, failedPods, successfulPods) return -1 as a sentinel when no data is available for that field.
- * @summary List Jobs for Infra Monitoring
- */
-export const listJobs = (
-	inframonitoringtypesPostableJobsDTO: BodyType<InframonitoringtypesPostableJobsDTO>,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<ListJobs200>({
-		url: `/api/v2/infra_monitoring/jobs`,
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		data: inframonitoringtypesPostableJobsDTO,
-		signal,
-	});
-};
-
-export const getListJobsMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof listJobs>>,
-		TError,
-		{ data: BodyType<InframonitoringtypesPostableJobsDTO> },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof listJobs>>,
-	TError,
-	{ data: BodyType<InframonitoringtypesPostableJobsDTO> },
-	TContext
-> => {
-	const mutationKey = ['listJobs'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-			'mutationKey' in options.mutation &&
-			options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof listJobs>>,
-		{ data: BodyType<InframonitoringtypesPostableJobsDTO> }
-	> = (props) => {
-		const { data } = props ?? {};
-
-		return listJobs(data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type ListJobsMutationResult = NonNullable<
-	Awaited<ReturnType<typeof listJobs>>
->;
-export type ListJobsMutationBody =
-	BodyType<InframonitoringtypesPostableJobsDTO>;
-export type ListJobsMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary List Jobs for Infra Monitoring
- */
-export const useListJobs = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof listJobs>>,
-		TError,
-		{ data: BodyType<InframonitoringtypesPostableJobsDTO> },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof listJobs>>,
-	TError,
-	{ data: BodyType<InframonitoringtypesPostableJobsDTO> },
-	TContext
-> => {
-	const mutationOptions = getListJobsMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};
 /**
  * Returns a paginated list of Kubernetes namespaces with key aggregated pod metrics: CPU usage and memory working set (summed across pods in the group), plus per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value in the window). Each namespace includes metadata attributes (k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.namespace.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / memory, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (namespaceCPU, namespaceMemory) return -1 as a sentinel when no data is available for that field.
  * @summary List Namespaces for Infra Monitoring
@@ -708,87 +620,3 @@ export const useListVolumes = <
 
 	return useMutation(mutationOptions);
 };
-/**
- * Returns a paginated list of Kubernetes StatefulSets with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the statefulset, plus average CPU/memory request and limit utilization (statefulSetCPURequest, statefulSetCPULimit, statefulSetMemoryRequest, statefulSetMemoryLimit). Each row also reports the latest known desiredPods (k8s.statefulset.desired_pods) and currentPods (k8s.statefulset.current_pods) replica counts and per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value). Each statefulset includes metadata attributes (k8s.statefulset.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.statefulset.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by statefulsets in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_pods / current_pods, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (statefulSetCPU, statefulSetCPURequest, statefulSetCPULimit, statefulSetMemory, statefulSetMemoryRequest, statefulSetMemoryLimit, desiredPods, currentPods) return -1 as a sentinel when no data is available for that field.
- * @summary List StatefulSets for Infra Monitoring
- */
-export const listStatefulSets = (
-	inframonitoringtypesPostableStatefulSetsDTO: BodyType<InframonitoringtypesPostableStatefulSetsDTO>,
-	signal?: AbortSignal,
-) => {
-	return GeneratedAPIInstance<ListStatefulSets200>({
-		url: `/api/v2/infra_monitoring/statefulsets`,
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		data: inframonitoringtypesPostableStatefulSetsDTO,
-		signal,
-	});
-};
-
-export const getListStatefulSetsMutationOptions = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof listStatefulSets>>,
-		TError,
-		{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> },
-		TContext
-	>;
-}): UseMutationOptions<
-	Awaited<ReturnType<typeof listStatefulSets>>,
-	TError,
-	{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> },
-	TContext
-> => {
-	const mutationKey = ['listStatefulSets'];
-	const { mutation: mutationOptions } = options
-		? options.mutation &&
-			'mutationKey' in options.mutation &&
-			options.mutation.mutationKey
-			? options
-			: { ...options, mutation: { ...options.mutation, mutationKey } }
-		: { mutation: { mutationKey } };
-
-	const mutationFn: MutationFunction<
-		Awaited<ReturnType<typeof listStatefulSets>>,
-		{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> }
-	> = (props) => {
-		const { data } = props ?? {};
-
-		return listStatefulSets(data);
-	};
-
-	return { mutationFn, ...mutationOptions };
-};
-
-export type ListStatefulSetsMutationResult = NonNullable<
-	Awaited<ReturnType<typeof listStatefulSets>>
->;
-export type ListStatefulSetsMutationBody =
-	BodyType<InframonitoringtypesPostableStatefulSetsDTO>;
-export type ListStatefulSetsMutationError = ErrorType<RenderErrorResponseDTO>;
-
-/**
- * @summary List StatefulSets for Infra Monitoring
- */
-export const useListStatefulSets = <
-	TError = ErrorType<RenderErrorResponseDTO>,
-	TContext = unknown,
->(options?: {
-	mutation?: UseMutationOptions<
-		Awaited<ReturnType<typeof listStatefulSets>>,
-		TError,
-		{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> },
-		TContext
-	>;
-}): UseMutationResult<
-	Awaited<ReturnType<typeof listStatefulSets>>,
-	TError,
-	{ data: BodyType<InframonitoringtypesPostableStatefulSetsDTO> },
-	TContext
-> => {
-	const mutationOptions = getListStatefulSetsMutationOptions(options);
-
-	return useMutation(mutationOptions);
-};

frontend/src/api/v5/queryRange/prepareQueryRangePayloadV5.ts

@@ -437,16 +437,11 @@ export function convertTraceOperatorToV5(
 				panelType,
 			);
 
-			// Skip aggregation for raw request type. Force dataSource to traces so
-			// createAggregation never takes the metrics branch (which would emit a
-			// metricName field the backend rejects for trace operators).
+			// Skip aggregation for raw request type
 			const aggregations =
 				requestType === 'raw'
 					? undefined
-					: createAggregation(
-							{ ...traceOperatorData, dataSource: DataSource.TRACES },
-							panelType,
-						);
+					: createAggregation(traceOperatorData, panelType);
 
 			const spec: QueryEnvelope['spec'] = {
 				name: queryName,

frontend/src/components/CustomTimePicker/CustomTimePicker.tsx

@@ -596,7 +596,6 @@ function CustomTimePicker({
 				>
 					<Input
 						ref={inputRef}
-						autoComplete="off"
 						className={cx(
 							'timeSelection-input',
 							inputStatus === CustomTimePickerInputStatus.ERROR ? 'error' : '',

frontend/src/components/HeaderRightSection/HeaderRightSection.tsx

@@ -2,7 +2,7 @@ import { useCallback, useState } from 'react';
 import { useLocation } from 'react-router-dom';
 import { Dot, Sparkles } from '@signozhq/icons';
 import { Button } from '@signozhq/ui/button';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import { Popover } from 'antd';
 import logEvent from 'api/common/logEvent';
 import {
@@ -97,7 +97,7 @@ function HeaderRightSection({
 						</span>
 					) : null}
 
-					<TooltipSimple title="AI Assistant">
+					<Tooltip title="AI Assistant">
 						<Button
 							variant="solid"
 							color="secondary"
@@ -113,7 +113,7 @@ function HeaderRightSection({
 						>
 							AI Assistant
 						</Button>
-					</TooltipSimple>
+					</Tooltip>
 				</div>
 			)}
 

frontend/src/components/QueryBuilderV2/__tests__/utils.test.ts

@@ -1155,7 +1155,7 @@ describe('removeKeysFromExpression', () => {
 	});
 
 	describe('Real-world scenarios', () => {
-		it('should remove at most one variable expression per key', () => {
+		it('should handle multiple variable instances of same key', () => {
 			const expression =
 				"deployment.environment = $env1 deployment.environment = $env2 deployment.environment = 'default'";
 			const result = removeKeysFromExpression(
@@ -1164,11 +1164,9 @@ describe('removeKeysFromExpression', () => {
 				true,
 			);
 
-			// Should remove one occurrence — having multiple $-value clauses for the
-			// same key is invalid. The first is removed; subsequent $ clauses and
-			// literal-value clauses are preserved.
+			// Should remove one occurence as this case in itself is invalid to have multiple variable expressions for the same key
 			expect(result).toBe(
-				"deployment.environment = $env2 AND deployment.environment = 'default'",
+				"deployment.environment = $env1 deployment.environment = 'default'",
 			);
 		});
 
@@ -1201,186 +1199,6 @@ describe('removeKeysFromExpression', () => {
 			expect(pairs).toHaveLength(2);
 		});
 	});
-
-	describe('ANTLR-based removal — operator precedence (AND binds tighter than OR)', () => {
-		it('preserves OR when removing from a mixed AND/OR expression', () => {
-			// a AND b OR c — grammar parses as (a AND b) OR c
-			// removing b collapses the AND group to just a, OR is preserved
-			expect(
-				removeKeysFromExpression("a = '1' AND b = '2' OR c = '3'", ['b']),
-			).toBe("a = '1' OR c = '3'");
-		});
-
-		it('preserves correct conjunctions in a four-term mixed expression', () => {
-			// a AND b OR c AND d — removing b collapses first AND group to a
-			expect(
-				removeKeysFromExpression("a = '1' AND b = '2' OR c = '3' AND d = '4'", [
-					'b',
-				]),
-			).toBe("a = '1' OR c = '3' AND d = '4'");
-		});
-
-		it('preserves correct conjunctions when removing from a trailing AND group', () => {
-			// a OR b AND c OR d — removing c collapses second AND group to b
-			expect(
-				removeKeysFromExpression("a = '1' OR b = '2' AND c = '3' OR d = '4'", [
-					'c',
-				]),
-			).toBe("a = '1' OR b = '2' OR d = '4'");
-		});
-	});
-
-	describe('ANTLR-based removal — parenthesised expressions', () => {
-		it('removes last clause without leaving a dangling AND', () => {
-			const expression =
-				'(deployment.environment = $deployment.environment AND service.name = $service.name AND top_level_operation IN [$top_level_operation])';
-			expect(
-				removeKeysFromExpression(expression, ['top_level_operation'], true),
-			).toBe(
-				'(deployment.environment = $deployment.environment AND service.name = $service.name)',
-			);
-		});
-
-		it('removes first clause without leaving a dangling AND', () => {
-			expect(
-				removeKeysFromExpression(
-					'(deployment.environment = $deployment.environment AND service.name = $service.name)',
-					['deployment.environment'],
-					true,
-				),
-			).toBe('service.name = $service.name');
-		});
-
-		it('removes middle clause without disturbing surrounding AND', () => {
-			expect(
-				removeKeysFromExpression(
-					'(deployment.environment = $deployment.environment AND service.name = $service.name AND region = $region)',
-					['service.name'],
-					true,
-				),
-			).toBe(
-				'(deployment.environment = $deployment.environment AND region = $region)',
-			);
-		});
-
-		it('drops the empty paren group when its only child is removed', () => {
-			// (a) OR (b) — removing a must not leave () OR (b = '2')
-			// The remaining single-clause group has its redundant parens stripped too
-			expect(removeKeysFromExpression("(a = '1') OR (b = '2')", ['a'])).toBe(
-				"b = '2'",
-			);
-		});
-
-		it('handles OR inside parentheses without leaving dangling OR', () => {
-			expect(
-				removeKeysFromExpression(
-					'(service.name = $service.name OR operation = $operation)',
-					['operation'],
-					true,
-				),
-			).toBe('service.name = $service.name');
-		});
-	});
-
-	describe('ANTLR-based removal — BETWEEN, EXISTS, and other operators', () => {
-		it('removes a BETWEEN clause without treating its AND as a conjunction', () => {
-			// BETWEEN x AND y — the AND is part of the operator, not a conjunction
-			expect(
-				removeKeysFromExpression("a BETWEEN 1 AND 10 AND b = '2'", ['a']),
-			).toBe("b = '2'");
-		});
-
-		it('removes a NOT BETWEEN clause without treating its AND as a conjunction', () => {
-			expect(
-				removeKeysFromExpression("a NOT BETWEEN 1 AND 10 AND b = '2'", ['a']),
-			).toBe("b = '2'");
-		});
-
-		it('removes an EXISTS clause (no value token)', () => {
-			expect(removeKeysFromExpression("a = '1' AND b EXISTS", ['b'])).toBe(
-				"a = '1'",
-			);
-		});
-
-		it('removes a NOT EXISTS clause', () => {
-			expect(removeKeysFromExpression("a = '1' AND b NOT EXISTS", ['b'])).toBe(
-				"a = '1'",
-			);
-		});
-
-		it('removes an IN clause correctly', () => {
-			expect(
-				removeKeysFromExpression("service IN ['api', 'web'] AND status = 'ok'", [
-					'service',
-				]),
-			).toBe("status = 'ok'");
-		});
-
-		it('removes a NOT IN clause correctly', () => {
-			expect(
-				removeKeysFromExpression(
-					"service NOT IN ['api', 'web'] AND status = 'ok'",
-					['service'],
-				),
-			).toBe("status = 'ok'");
-		});
-
-		it('removes a CONTAINS clause correctly', () => {
-			expect(
-				removeKeysFromExpression("message CONTAINS 'error' AND service = 'api'", [
-					'message',
-				]),
-			).toBe("service = 'api'");
-		});
-
-		it('removes a LIKE clause correctly', () => {
-			expect(
-				removeKeysFromExpression("message LIKE '%error%' AND service = 'api'", [
-					'message',
-				]),
-			).toBe("service = 'api'");
-		});
-
-		it('removes a NOT LIKE clause correctly', () => {
-			expect(
-				removeKeysFromExpression("message NOT LIKE '%error%' AND service = 'api'", [
-					'message',
-				]),
-			).toBe("service = 'api'");
-		});
-	});
-
-	describe('ANTLR-based removal — AND/OR precedence combinations', () => {
-		it('handles a AND b AND c OR d: removing b leaves a AND c OR d', () => {
-			// AND binds tighter than OR, so this parses as (a AND b AND c) OR d
-			expect(
-				removeKeysFromExpression("a = '1' AND b = '2' AND c = '3' OR d = '4'", [
-					'b',
-				]),
-			).toBe("a = '1' AND c = '3' OR d = '4'");
-		});
-	});
-
-	describe('ANTLR-based removal — deeply nested expressions', () => {
-		const nestedExpr =
-			"((deployment.environment = $env1 OR deployment.environment = 'default') AND service.name = $svc1)";
-
-		it('removes service.name variable — outer and inner single-child parens both drop', () => {
-			// After removal: inner OR group keeps parens (2 items), outer group drops
-			// parens (1 item remains)
-			expect(removeKeysFromExpression(nestedExpr, ['service.name'], true)).toBe(
-				"(deployment.environment = $env1 OR deployment.environment = 'default')",
-			);
-		});
-
-		it('removes deployment.environment variable — inner OR collapses, outer parens kept', () => {
-			// Only the $env1 variable clause is removed; 'default' literal stays.
-			// Inner paren drops (single item left), outer paren stays (2 AND items remain).
-			expect(
-				removeKeysFromExpression(nestedExpr, ['deployment.environment'], true),
-			).toBe("(deployment.environment = 'default' AND service.name = $svc1)");
-		});
-	});
 });
 
 describe('formatValueForExpression', () => {

frontend/src/components/QueryBuilderV2/utils.ts

@@ -1,7 +1,4 @@
 /* eslint-disable sonarjs/cognitive-complexity */
-import { CharStreams, CommonTokenStream, ParserRuleContext } from 'antlr4';
-import { cloneDeep, isEqual, sortBy } from 'lodash-es';
-import { v4 as uuid } from 'uuid';
 import { createAggregation } from 'api/v5/queryRange/prepareQueryRangePayloadV5';
 import {
 	DEPRECATED_OPERATORS_MAP,
@@ -9,16 +6,7 @@ import {
 	QUERY_BUILDER_FUNCTIONS,
 } from 'constants/antlrQueryConstants';
 import { getOperatorValue } from 'container/QueryBuilder/filters/QueryBuilderSearch/utils';
-import FilterQueryLexer from 'parser/FilterQueryLexer';
-import FilterQueryParser, {
-	AndExpressionContext,
-	ComparisonContext,
-	InClauseContext,
-	NotInClauseContext,
-	OrExpressionContext,
-	PrimaryContext,
-	UnaryExpressionContext,
-} from 'parser/FilterQueryParser';
+import { cloneDeep, isEqual, sortBy } from 'lodash-es';
 import { IQueryPair } from 'types/antlrQueryTypes';
 import { BaseAutocompleteData } from 'types/api/queryBuilder/queryAutocompleteResponse';
 import {
@@ -38,6 +26,7 @@ import { DataSource, ReduceOperators } from 'types/common/queryBuilder';
 import { extractQueryPairs } from 'utils/queryContextUtils';
 import { isQuoted, unquote } from 'utils/stringUtils';
 import { isFunctionOperator, isNonValueOperator } from 'utils/tokenUtils';
+import { v4 as uuid } from 'uuid';
 
 /**
  * Check if an operator requires array values (like IN, NOT IN)
@@ -524,201 +513,97 @@ export const convertFiltersToExpressionWithExistingQuery = (
 };
 
 /**
- * Removes clauses for specified keys from a filter query expression.
+ * Removes specified key-value pairs from a logical query expression string.
  *
- * Uses an ANTLR parse-tree traversal over the existing FilterQuery grammar so that
- * compound predicates like `BETWEEN x AND y`, `EXISTS`, and `IN (...)` are treated
- * as atomic nodes — their internal tokens are never confused with top-level AND/OR
- * conjunctions. Surviving siblings are rejoined with the correct operator at each
- * level of the tree, producing no dangling operators regardless of expression shape.
- * If the expression cannot be parsed, it is returned unchanged.
+ * This function parses the given query expression and removes any query pairs
+ * whose keys match those in the `keysToRemove` array. It also removes any trailing
+ * logical conjunctions (e.g., `AND`, `OR`) and whitespace that follow the matched pairs,
+ * ensuring that the resulting expression remains valid and clean.
  *
- * @param expression - The full filter query string.
- * @param keysToRemove - Keys (case-insensitive) whose clauses should be dropped.
- * @param removeOnlyVariableExpressions - Controls which clauses are eligible for removal:
- *   - `false` (default): removes all clauses for the key regardless of value.
- *   - `true`: removes only the first clause whose value contains any `$`.
- *   - `string` (e.g. `"$service.name"`): removes only the clause whose value exactly
- *     matches that string — preferred when the specific variable reference is known.
- * @returns The rewritten expression, or an empty string if all clauses were removed.
+ * @param expression - The full query string.
+ * @param keysToRemove - An array of keys (case-insensitive) that should be removed from the expression.
+ * @param removeOnlyVariableExpressions - When true, only removes key-value pairs where the value is a variable (starts with $). When false, uses the original behavior.
+ * @returns A new expression string with the specified keys and their associated clauses removed.
  */
 export const removeKeysFromExpression = (
 	expression: string,
 	keysToRemove: string[],
-	removeOnlyVariableExpressions: string | boolean = false,
+	removeOnlyVariableExpressions = false,
 ): string => {
 	if (!keysToRemove || keysToRemove.length === 0) {
 		return expression;
 	}
-	if (!expression.trim()) {
-		return expression;
-	}
 
-	const keysSet = new Set(keysToRemove.map((k) => k.trim().toLowerCase()));
-	// Tracks keys for which a variable expression has already been removed.
-	// Having multiple $-value clauses for the same key is invalid; we remove at most one.
-	const removedVariableKeys = new Set<string>();
+	let updatedExpression = expression;
 
-	const chars = CharStreams.fromString(expression);
-	const lexer = new FilterQueryLexer(chars);
-	lexer.removeErrorListeners();
-	const tokenStream = new CommonTokenStream(lexer);
-	const parser = new FilterQueryParser(tokenStream);
-	parser.removeErrorListeners();
+	if (updatedExpression) {
+		keysToRemove.forEach((key) => {
+			// Extract key-value query pairs from the expression
+			const existingQueryPairs = extractQueryPairs(updatedExpression);
 
-	const tree = parser.query();
+			let queryPairsMap: Map<string, IQueryPair>;
 
-	// If the expression couldn't be parsed, return it unchanged rather than mangling it
-	if (parser.syntaxErrorsCount > 0) {
-		return expression;
-	}
+			if (existingQueryPairs.length > 0) {
+				// Filter query pairs based on the removeOnlyVariableExpressions flag
+				const filteredQueryPairs = removeOnlyVariableExpressions
+					? existingQueryPairs.filter((pair) => {
+							const pairKey = pair.key?.trim().toLowerCase();
+							const matchesKey = pairKey === `${key}`.trim().toLowerCase();
+							if (!matchesKey) {
+								return false;
+							}
+							const value = pair.value?.toString().trim();
+							return value && value.includes('$');
+						})
+					: existingQueryPairs;
 
-	// Extract original source text for a node, preserving the user's exact formatting
-	const src = (ctx: ParserRuleContext): string =>
-		expression.slice(ctx.start.start, (ctx.stop ?? ctx.start).stop + 1);
+				// Build a map for quick lookup of query pairs by their lowercase trimmed keys
+				queryPairsMap = new Map(
+					filteredQueryPairs.map((pair) => {
+						const key = pair.key.trim().toLowerCase();
+						return [key, pair];
+					}),
+				);
 
-	// Returns null when the entire node should be dropped.
-	// isSingle = true means the result is a single, non-compound expression at
-	// this level (no AND/OR between sibling clauses), which lets the paren
-	// visitor decide whether wrapping is still needed.
-	type VisitResult = { text: string; isSingle: boolean } | null;
-
-	function visitOrExpression(ctx: OrExpressionContext): VisitResult {
-		const parts = ctx
-			.andExpression_list()
-			.map(visitAndExpression)
-			.filter((r): r is NonNullable<VisitResult> => r !== null);
-		if (parts.length === 0) {
-			return null;
-		}
-		// Single surviving branch — pass its isSingle straight through so the
-		// paren visitor can decide whether to keep the outer parens.
-		if (parts.length === 1) {
-			return parts[0];
-		}
-		return { text: parts.map((p) => p.text).join(' OR '), isSingle: false };
-	}
-
-	function visitAndExpression(ctx: AndExpressionContext): VisitResult {
-		const parts = ctx
-			.unaryExpression_list()
-			.map(visitUnaryExpression)
-			.filter((r): r is NonNullable<VisitResult> => r !== null);
-		if (parts.length === 0) {
-			return null;
-		}
-		if (parts.length === 1) {
-			return { text: parts[0].text, isSingle: true };
-		}
-		return { text: parts.map((p) => p.text).join(' AND '), isSingle: false };
-	}
-
-	function visitUnaryExpression(ctx: UnaryExpressionContext): VisitResult {
-		const primaryResult = visitPrimary(ctx.primary());
-		if (primaryResult === null) {
-			return null;
-		}
-		return ctx.NOT()
-			? { text: `NOT ${primaryResult.text}`, isSingle: true }
-			: primaryResult;
-	}
-
-	function visitPrimary(ctx: PrimaryContext): VisitResult {
-		// Parenthesised sub-expression: ( orExpression )
-		const orCtx = ctx.orExpression();
-		if (orCtx) {
-			const inner = visitOrExpression(orCtx);
-			if (inner === null) {
-				return null;
+				// Lookup the current query pair using the attribute key (case-insensitive)
+				const currentQueryPair = queryPairsMap.get(`${key}`.trim().toLowerCase());
+				if (currentQueryPair && currentQueryPair.isComplete) {
+					// Determine the start index of the query pair (fallback order: key → operator → value)
+					const queryPairStart =
+						currentQueryPair.position.keyStart ??
+						currentQueryPair.position.operatorStart ??
+						currentQueryPair.position.valueStart;
+					// Determine the end index of the query pair (fallback order: value → operator → key)
+					let queryPairEnd =
+						currentQueryPair.position.valueEnd ??
+						currentQueryPair.position.operatorEnd ??
+						currentQueryPair.position.keyEnd;
+					// Get the part of the expression that comes after the current query pair
+					const expressionAfterPair = `${updatedExpression.slice(queryPairEnd + 1)}`;
+					// Match optional spaces and an optional conjunction (AND/OR), case-insensitive
+					const conjunctionOrSpacesRegex = /^(\s*((AND|OR)\s+)?)/i;
+					const match = expressionAfterPair.match(conjunctionOrSpacesRegex);
+					if (match && match.length > 0) {
+						// If match is found, extend the queryPairEnd to include the matched part
+						queryPairEnd += match[0].length;
+					}
+					// Remove the full query pair (including any conjunction/whitespace) from the expression
+					updatedExpression = `${updatedExpression.slice(
+						0,
+						queryPairStart,
+					)}${updatedExpression.slice(queryPairEnd + 1)}`.trim();
+				}
 			}
-			// Drop redundant parens when the group collapses to a single clause;
-			// keep them when multiple clauses remain (operator-precedence matters).
-			if (inner.isSingle) {
-				return { text: inner.text, isSingle: true };
-			}
-			return { text: `(${inner.text})`, isSingle: true };
-		}
+		});
 
-		const compCtx = ctx.comparison();
-		if (compCtx) {
-			const result = visitComparison(compCtx);
-			return result !== null ? { text: result, isSingle: true } : null;
-		}
-
-		// functionCall, fullText, bare key, bare value — keep verbatim
-		return { text: src(ctx), isSingle: true };
+		// Clean up any remaining trailing AND/OR operators and extra whitespace
+		updatedExpression = updatedExpression
+			.replace(/\s+(AND|OR)\s*$/i, '') // Remove trailing AND/OR
+			.replace(/^(AND|OR)\s+/i, '') // Remove leading AND/OR
+			.trim();
 	}
 
-	function visitComparison(ctx: ComparisonContext): string | null {
-		const keyText = ctx.key().getText().trim().toLowerCase();
-
-		if (!keysSet.has(keyText)) {
-			return src(ctx);
-		}
-
-		if (removeOnlyVariableExpressions) {
-			// Scope the value check to value nodes only — not the full comparison text —
-			// so a key that contains '$' does not trigger removal when the value is a
-			// literal. The ANTLR4 runtime returns null from getTypedRuleContext when a
-			// rule is absent, despite the non-nullable TypeScript signatures.
-			const inCtx = ctx.inClause() as unknown as InClauseContext | null;
-			const notInCtx = ctx.notInClause() as unknown as NotInClauseContext | null;
-			// When a specific variable string is supplied, require an exact match so we
-			// never accidentally remove a different $-valued clause for the same key.
-			const matchesVariable = (text: string): boolean =>
-				typeof removeOnlyVariableExpressions === 'string'
-					? text === removeOnlyVariableExpressions
-					: text.includes('$');
-
-			const valueHasVariable = (): boolean => {
-				// Simple comparisons: key = $var, BETWEEN $v1 AND $v2, etc.
-				if (ctx.value_list().some((v) => matchesVariable(v.getText()))) {
-					return true;
-				}
-				// IN $var (bare single value) or IN ($v1, $v2) (value list)
-				if (inCtx) {
-					const bare = inCtx.value() as unknown as { getText(): string } | null;
-					if (bare && matchesVariable(bare.getText())) {
-						return true;
-					}
-					const list = inCtx.valueList() as unknown as {
-						value_list(): { getText(): string }[];
-					} | null;
-					if (list && list.value_list().some((v) => matchesVariable(v.getText()))) {
-						return true;
-					}
-				}
-				// NOT IN $var or NOT IN ($v1, $v2)
-				if (notInCtx) {
-					const bare = notInCtx.value() as unknown as { getText(): string } | null;
-					if (bare && matchesVariable(bare.getText())) {
-						return true;
-					}
-					const list = notInCtx.valueList() as unknown as {
-						value_list(): { getText(): string }[];
-					} | null;
-					if (list && list.value_list().some((v) => matchesVariable(v.getText()))) {
-						return true;
-					}
-				}
-				return false;
-			};
-
-			if (valueHasVariable()) {
-				if (removedVariableKeys.has(keyText)) {
-					return src(ctx);
-				}
-				removedVariableKeys.add(keyText);
-				return null;
-			}
-			return src(ctx);
-		}
-
-		return null;
-	}
-
-	const result = visitOrExpression(tree.expression().orExpression());
-	return result?.text ?? '';
+	return updatedExpression;
 };
 
 /**

frontend/src/components/createGuardedRoute/createGuardedRoute.test.tsx

@@ -360,7 +360,8 @@ describe('createGuardedRoute', () => {
 				const obj = payload[0]?.object;
 				const kind = obj?.resource?.kind;
 				const selector = obj?.selector ?? '*';
-				const objectStr = `${kind}:${selector}`;
+				const objectStr =
+					obj?.resource?.type === 'metaresources' ? kind : `${kind}:${selector}`;
 				requestedObjects.push(objectStr ?? '');
 
 				return res(ctx.status(200), ctx.json(authzMockResponse(payload, [true])));

frontend/src/container/AIAssistant/AIAssistantDrawer/AIAssistantDrawer.tsx

@@ -1,7 +1,7 @@
 import { useCallback } from 'react';
 import { useHistory } from 'react-router-dom';
 import { Button } from '@signozhq/ui/button';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import { Drawer } from 'antd';
 import ROUTES from 'constants/routes';
 import { Maximize2, MessageSquare, Plus, X } from '@signozhq/icons';
@@ -52,7 +52,7 @@ export default function AIAssistantDrawer(): JSX.Element {
 					</div>
 
 					<div>
-						<TooltipSimple title="New conversation">
+						<Tooltip title="New conversation">
 							<Button
 								variant="ghost"
 								size="icon"
@@ -62,9 +62,9 @@ export default function AIAssistantDrawer(): JSX.Element {
 							>
 								<Plus size={16} />
 							</Button>
-						</TooltipSimple>
+						</Tooltip>
 
-						<TooltipSimple title="Open full screen">
+						<Tooltip title="Open full screen">
 							<Button
 								variant="ghost"
 								size="icon"
@@ -75,9 +75,9 @@ export default function AIAssistantDrawer(): JSX.Element {
 							>
 								<Maximize2 size={16} />
 							</Button>
-						</TooltipSimple>
+						</Tooltip>
 
-						<TooltipSimple title="Close">
+						<Tooltip title="Close">
 							<Button
 								variant="ghost"
 								size="icon"
@@ -87,7 +87,7 @@ export default function AIAssistantDrawer(): JSX.Element {
 							>
 								<X size={16} />
 							</Button>
-						</TooltipSimple>
+						</Tooltip>
 					</div>
 				</div>
 			}

frontend/src/container/AIAssistant/AIAssistantModal/AIAssistantModal.tsx

@@ -2,7 +2,7 @@ import { useCallback, useEffect, useState } from 'react';
 import { createPortal } from 'react-dom';
 import { useHistory } from 'react-router-dom';
 import { Button } from '@signozhq/ui/button';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import ROUTES from 'constants/routes';
 import { History, Maximize2, Minus, Plus, Sparkles, X } from '@signozhq/icons';
 
@@ -132,7 +132,7 @@ export default function AIAssistantModal(): JSX.Element | null {
 						</div>
 
 						<div className={styles.actions}>
-							<TooltipSimple title={showHistory ? 'Back to chat' : 'Conversations'}>
+							<Tooltip title={showHistory ? 'Back to chat' : 'Conversations'}>
 								<Button
 									variant="ghost"
 									size="icon"
@@ -142,9 +142,9 @@ export default function AIAssistantModal(): JSX.Element | null {
 								>
 									<History size={14} />
 								</Button>
-							</TooltipSimple>
+							</Tooltip>
 
-							<TooltipSimple title="New conversation">
+							<Tooltip title="New conversation">
 								<Button
 									variant="ghost"
 									size="icon"
@@ -153,9 +153,9 @@ export default function AIAssistantModal(): JSX.Element | null {
 								>
 									<Plus size={14} />
 								</Button>
-							</TooltipSimple>
+							</Tooltip>
 
-							<TooltipSimple title="Open full screen">
+							<Tooltip title="Open full screen">
 								<Button
 									variant="ghost"
 									size="icon"
@@ -165,9 +165,9 @@ export default function AIAssistantModal(): JSX.Element | null {
 								>
 									<Maximize2 size={14} />
 								</Button>
-							</TooltipSimple>
+							</Tooltip>
 
-							<TooltipSimple title="Minimize to side panel">
+							<Tooltip title="Minimize to side panel">
 								<Button
 									variant="ghost"
 									size="icon"
@@ -176,9 +176,9 @@ export default function AIAssistantModal(): JSX.Element | null {
 								>
 									<Minus size={14} />
 								</Button>
-							</TooltipSimple>
+							</Tooltip>
 
-							<TooltipSimple title="Close">
+							<Tooltip title="Close">
 								<Button
 									variant="ghost"
 									size="icon"
@@ -187,7 +187,7 @@ export default function AIAssistantModal(): JSX.Element | null {
 								>
 									<X size={14} />
 								</Button>
-							</TooltipSimple>
+							</Tooltip>
 						</div>
 					</div>
 

frontend/src/container/AIAssistant/AIAssistantPanel/AIAssistantPanel.tsx

@@ -1,7 +1,7 @@
 import { useCallback, useLayoutEffect, useRef, useState } from 'react';
 import { matchPath, useHistory, useLocation } from 'react-router-dom';
 import { Button } from '@signozhq/ui/button';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import ROUTES from 'constants/routes';
 import { History, Maximize2, Plus, Sparkles, X } from '@signozhq/icons';
 
@@ -125,7 +125,7 @@ export default function AIAssistantPanel(): JSX.Element | null {
 					</div>
 
 					<div className={styles.actions}>
-						<TooltipSimple title={showHistory ? 'Back to chat' : 'Conversations'}>
+						<Tooltip title={showHistory ? 'Back to chat' : 'Conversations'}>
 							<Button
 								variant="ghost"
 								size="icon"
@@ -135,9 +135,9 @@ export default function AIAssistantPanel(): JSX.Element | null {
 							>
 								<History size={14} />
 							</Button>
-						</TooltipSimple>
+						</Tooltip>
 
-						<TooltipSimple title="New conversation">
+						<Tooltip title="New conversation">
 							<Button
 								variant="ghost"
 								size="icon"
@@ -147,9 +147,9 @@ export default function AIAssistantPanel(): JSX.Element | null {
 							>
 								<Plus size={14} />
 							</Button>
-						</TooltipSimple>
+						</Tooltip>
 
-						<TooltipSimple title="Open full screen">
+						<Tooltip title="Open full screen">
 							<Button
 								variant="ghost"
 								size="icon"
@@ -160,9 +160,9 @@ export default function AIAssistantPanel(): JSX.Element | null {
 							>
 								<Maximize2 size={14} />
 							</Button>
-						</TooltipSimple>
+						</Tooltip>
 
-						<TooltipSimple title="Close">
+						<Tooltip title="Close">
 							<Button
 								variant="ghost"
 								size="icon"
@@ -172,7 +172,7 @@ export default function AIAssistantPanel(): JSX.Element | null {
 							>
 								<X size={14} />
 							</Button>
-						</TooltipSimple>
+						</Tooltip>
 					</div>
 				</div>
 

frontend/src/container/AIAssistant/AIAssistantTrigger/AIAssistantTrigger.tsx

@@ -1,6 +1,6 @@
 import { matchPath, useLocation } from 'react-router-dom';
 import { Button } from '@signozhq/ui/button';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import ROUTES from 'constants/routes';
 import { Bot } from '@signozhq/icons';
 
@@ -30,7 +30,7 @@ export default function AIAssistantTrigger(): JSX.Element | null {
 	}
 
 	return (
-		<TooltipSimple title="AI Assistant">
+		<Tooltip title="AI Assistant">
 			<Button
 				variant="solid"
 				color="primary"
@@ -40,6 +40,6 @@ export default function AIAssistantTrigger(): JSX.Element | null {
 			>
 				<Bot size={20} />
 			</Button>
-		</TooltipSimple>
+		</Tooltip>
 	);
 }

frontend/src/container/AIAssistant/components/ActionsSection/ActionsSection.tsx

@@ -12,7 +12,7 @@ import {
 import cx from 'classnames';
 import { v4 as uuidv4 } from 'uuid';
 import { Button } from '@signozhq/ui/button';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import type { MessageActionDTO } from 'api/ai-assistant/sigNozAIAssistantAPI.schemas';
 import {
 	ApplyFilterSignalDTO,
@@ -524,9 +524,9 @@ export default function ActionsSection({
 					);
 
 					return tooltip ? (
-						<TooltipSimple key={key} title={tooltip}>
+						<Tooltip key={key} title={tooltip}>
 							{chip}
-						</TooltipSimple>
+						</Tooltip>
 					) : (
 						<span key={key}>{chip}</span>
 					);

frontend/src/container/AIAssistant/components/ChatInput/ChatInput.tsx

@@ -5,7 +5,7 @@ import { Badge } from '@signozhq/ui/badge';
 import { Button } from '@signozhq/ui/button';
 import { Input } from '@signozhq/ui/input';
 import { Popover, PopoverContent, PopoverTrigger } from '@signozhq/ui/popover';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import type { UploadFile } from 'antd';
 import {
 	getListRulesQueryKey,
@@ -899,7 +899,7 @@ export default function ChatInput({
 								</div>
 							</div>
 						) : (
-							<TooltipSimple title="Voice input">
+							<Tooltip title="Voice input">
 								<Button
 									variant="ghost"
 									size="icon"
@@ -910,11 +910,11 @@ export default function ChatInput({
 								>
 									<Mic size={14} />
 								</Button>
-							</TooltipSimple>
+							</Tooltip>
 						))}
 
 					{isStreaming && onCancel ? (
-						<TooltipSimple title="Stop generating">
+						<Tooltip title="Stop generating">
 							<Button
 								variant="solid"
 								size="icon"
@@ -924,7 +924,7 @@ export default function ChatInput({
 							>
 								<Square size={10} fill="currentColor" strokeWidth={0} />
 							</Button>
-						</TooltipSimple>
+						</Tooltip>
 					) : (
 						<Button
 							variant="solid"

frontend/src/container/AIAssistant/components/ConversationsList/ConversationsList.tsx

@@ -2,7 +2,7 @@ import { useEffect, useMemo, useState } from 'react';
 import cx from 'classnames';
 import { Button } from '@signozhq/ui/button';
 import { Input } from '@signozhq/ui/input';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import { Plus, Search } from '@signozhq/icons';
 
 import { useAIAssistantStore } from '../../store/useAIAssistantStore';
@@ -157,7 +157,7 @@ export default function ConversationsList({
 				{isLoadingThreads && <HeaderLoadingDots />}
 
 				{!isLoadingThreads && showAddNewConversation && (
-					<TooltipSimple title="New conversation">
+					<Tooltip title="New conversation">
 						<Button
 							variant="solid"
 							size="sm"
@@ -167,7 +167,7 @@ export default function ConversationsList({
 						>
 							<Plus size={12} />
 						</Button>
-					</TooltipSimple>
+					</Tooltip>
 				)}
 			</div>
 

frontend/src/container/AIAssistant/components/MessageFeedback/MessageFeedback.tsx

@@ -3,7 +3,7 @@ import cx from 'classnames';
 import { useCopyToClipboard } from 'react-use';
 import { Button } from '@signozhq/ui/button';
 import { DialogWrapper } from '@signozhq/ui/dialog';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import { Check, Copy, RefreshCw, ThumbsDown, ThumbsUp } from '@signozhq/icons';
 import { useTimezone } from 'providers/Timezone';
@@ -126,7 +126,7 @@ export default function MessageFeedback({
 		<>
 			<div className={cx(styles.feedback, { [styles.visible]: isLastAssistant })}>
 				<div className={styles.actions}>
-					<TooltipSimple title={copied ? 'Copied!' : 'Copy'}>
+					<Tooltip title={copied ? 'Copied!' : 'Copy'}>
 						<Button
 							className={styles.btn}
 							size="icon"
@@ -136,9 +136,9 @@ export default function MessageFeedback({
 						>
 							{copied ? <Check size={12} /> : <Copy size={12} />}
 						</Button>
-					</TooltipSimple>
+					</Tooltip>
 
-					<TooltipSimple title="Good response">
+					<Tooltip title="Good response">
 						<Button
 							className={cx(styles.btn, { [styles.votedUp]: vote === 'positive' })}
 							size="icon"
@@ -148,9 +148,9 @@ export default function MessageFeedback({
 						>
 							<ThumbsUp size={12} />
 						</Button>
-					</TooltipSimple>
+					</Tooltip>
 
-					<TooltipSimple title="Bad response">
+					<Tooltip title="Bad response">
 						<Button
 							className={cx(styles.btn, {
 								[styles.votedDown]: vote === 'negative',
@@ -162,10 +162,10 @@ export default function MessageFeedback({
 						>
 							<ThumbsDown size={12} />
 						</Button>
-					</TooltipSimple>
+					</Tooltip>
 
 					{onRegenerate && (
-						<TooltipSimple title="Regenerate">
+						<Tooltip title="Regenerate">
 							<Button
 								className={styles.btn}
 								size="icon"
@@ -175,7 +175,7 @@ export default function MessageFeedback({
 							>
 								<RefreshCw size={12} />
 							</Button>
-						</TooltipSimple>
+						</Tooltip>
 					)}
 				</div>
 

frontend/src/container/AIAssistant/components/UserMessageActions/UserMessageActions.tsx

@@ -1,7 +1,7 @@
 import { useCallback, useState } from 'react';
 import { useCopyToClipboard } from 'react-use';
 import { Button } from '@signozhq/ui/button';
-import { TooltipSimple } from '@signozhq/ui/tooltip';
+import { Tooltip } from '@signozhq/ui/tooltip';
 import { Check, Copy } from '@signozhq/icons';
 
 import { Message } from '../../types';
@@ -32,7 +32,7 @@ export default function UserMessageActions({
 
 	return (
 		<div className={styles.actions}>
-			<TooltipSimple title={copied ? 'Copied!' : 'Copy'}>
+			<Tooltip title={copied ? 'Copied!' : 'Copy'}>
 				<Button
 					className={styles.btn}
 					size="icon"
@@ -42,7 +42,7 @@ export default function UserMessageActions({
 				>
 					{copied ? <Check size={12} /> : <Copy size={12} />}
 				</Button>
-			</TooltipSimple>
+			</Tooltip>
 		</div>
 	);
 }

frontend/src/container/CreateAlertV2/Footer/utils.tsx

@@ -220,7 +220,6 @@ export function buildCreateThresholdAlertRulePayload(
 		builderQueries: {
 			...mapQueryDataToApi(query.builder.queryData, 'queryName').data,
 			...mapQueryDataToApi(query.builder.queryFormulas, 'queryName').data,
-			...mapQueryDataToApi(query.builder.queryTraceOperator, 'queryName').data,
 		},
 		promQueries: mapQueryDataToApi(query.promql, 'name').data,
 		chQueries: mapQueryDataToApi(query.clickhouse_sql, 'name').data,

frontend/src/container/CustomDomainSettings/__tests__/CustomDomainSettings.test.tsx

@@ -1,6 +1,6 @@
 import { GetHosts200 } from 'api/generated/services/sigNoz.schemas';
 import { rest, server } from 'mocks-server/server';
-import { fireEvent, render, screen, waitFor } from 'tests/test-utils';
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
 
 import CustomDomainSettings from '../CustomDomainSettings';
 
@@ -44,20 +44,18 @@ const mockHostsResponse: GetHosts200 = {
 };
 
 describe('CustomDomainSettings', () => {
-	beforeEach(() => {
-		server.use(
-			rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
-				res(ctx.status(200), ctx.json(mockHostsResponse)),
-			),
-		);
-	});
-
 	afterEach(() => {
 		server.resetHandlers();
 		mockToastCustom.mockClear();
 	});
 
 	it('renders active host URL in the trigger button', async () => {
+		server.use(
+			rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(mockHostsResponse)),
+			),
+		);
+
 		render(<CustomDomainSettings />);
 
 		// The active host is the non-default one (custom-host)
@@ -65,11 +63,20 @@ describe('CustomDomainSettings', () => {
 	});
 
 	it('opens edit modal when clicking the edit button', async () => {
+		server.use(
+			rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(mockHostsResponse)),
+			),
+		);
+
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		render(<CustomDomainSettings />);
 
 		await screen.findByText(/custom-host\.test\.cloud/i);
 
-		fireEvent.click(screen.getByRole('button', { name: /edit workspace link/i }));
+		await user.click(
+			screen.getByRole('button', { name: /edit workspace link/i }),
+		);
 
 		expect(
 			screen.getByRole('dialog', { name: /edit workspace link/i }),
@@ -82,20 +89,28 @@ describe('CustomDomainSettings', () => {
 		let capturedBody: Record<string, unknown> = {};
 
 		server.use(
+			rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(mockHostsResponse)),
+			),
 			rest.put(ZEUS_HOSTS_ENDPOINT, async (req, res, ctx) => {
 				capturedBody = await req.json<Record<string, unknown>>();
 				return res(ctx.status(200), ctx.json({}));
 			}),
 		);
 
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		render(<CustomDomainSettings />);
 
 		await screen.findByText(/custom-host\.test\.cloud/i);
-		fireEvent.click(screen.getByRole('button', { name: /edit workspace link/i }));
+		await user.click(
+			screen.getByRole('button', { name: /edit workspace link/i }),
+		);
 
+		// The input is inside the modal — find it by its role
 		const input = screen.getByRole('textbox');
-		fireEvent.change(input, { target: { value: 'myteam' } });
-		fireEvent.click(screen.getByRole('button', { name: /apply changes/i }));
+		await user.clear(input);
+		await user.type(input, 'myteam');
+		await user.click(screen.getByRole('button', { name: /apply changes/i }));
 
 		await waitFor(() => {
 			expect(capturedBody).toStrictEqual({ name: 'myteam' });
@@ -104,6 +119,9 @@ describe('CustomDomainSettings', () => {
 
 	it('shows contact support option when domain update returns 409', async () => {
 		server.use(
+			rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(mockHostsResponse)),
+			),
 			rest.put(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
 				res(
 					ctx.status(409),
@@ -112,14 +130,18 @@ describe('CustomDomainSettings', () => {
 			),
 		);
 
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		render(<CustomDomainSettings />);
 
 		await screen.findByText(/custom-host\.test\.cloud/i);
-		fireEvent.click(screen.getByRole('button', { name: /edit workspace link/i }));
+		await user.click(
+			screen.getByRole('button', { name: /edit workspace link/i }),
+		);
 
 		const input = screen.getByRole('textbox');
-		fireEvent.change(input, { target: { value: 'myteam' } });
-		fireEvent.click(screen.getByRole('button', { name: /apply changes/i }));
+		await user.clear(input);
+		await user.type(input, 'myteam');
+		await user.click(screen.getByRole('button', { name: /apply changes/i }));
 
 		await expect(
 			screen.findByRole('button', { name: /contact support/i }),
@@ -127,14 +149,24 @@ describe('CustomDomainSettings', () => {
 	});
 
 	it('shows validation error when subdomain is less than 3 characters', async () => {
+		server.use(
+			rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(mockHostsResponse)),
+			),
+		);
+
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		render(<CustomDomainSettings />);
 
 		await screen.findByText(/custom-host\.test\.cloud/i);
-		fireEvent.click(screen.getByRole('button', { name: /edit workspace link/i }));
+		await user.click(
+			screen.getByRole('button', { name: /edit workspace link/i }),
+		);
 
 		const input = screen.getByRole('textbox');
-		fireEvent.change(input, { target: { value: 'ab' } });
-		fireEvent.click(screen.getByRole('button', { name: /apply changes/i }));
+		await user.clear(input);
+		await user.type(input, 'ab');
+		await user.click(screen.getByRole('button', { name: /apply changes/i }));
 
 		expect(
 			screen.getByText(/minimum 3 characters required/i),
@@ -142,12 +174,19 @@ describe('CustomDomainSettings', () => {
 	});
 
 	it('shows all workspace URLs as links in the dropdown', async () => {
+		server.use(
+			rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(mockHostsResponse)),
+			),
+		);
+
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		render(<CustomDomainSettings />);
 
 		await screen.findByText(/custom-host\.test\.cloud/i);
 
 		// Open the URL dropdown
-		fireEvent.click(
+		await user.click(
 			screen.getByRole('button', { name: /custom-host\.test\.cloud/i }),
 		);
 
@@ -168,19 +207,26 @@ describe('CustomDomainSettings', () => {
 
 	it('calls toast.custom with new URL after successful domain update', async () => {
 		server.use(
+			rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(mockHostsResponse)),
+			),
 			rest.put(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
 				res(ctx.status(200), ctx.json({})),
 			),
 		);
 
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		render(<CustomDomainSettings />);
 
 		await screen.findByText(/custom-host\.test\.cloud/i);
-		fireEvent.click(screen.getByRole('button', { name: /edit workspace link/i }));
+		await user.click(
+			screen.getByRole('button', { name: /edit workspace link/i }),
+		);
 
 		const input = screen.getByRole('textbox');
-		fireEvent.change(input, { target: { value: 'myteam' } });
-		fireEvent.click(screen.getByRole('button', { name: /apply changes/i }));
+		await user.clear(input);
+		await user.type(input, 'myteam');
+		await user.click(screen.getByRole('button', { name: /apply changes/i }));
 
 		// Verify toast.custom was called
 		await waitFor(() => {
@@ -197,6 +243,12 @@ describe('CustomDomainSettings', () => {
 
 	describe('Workspace Name rendering', () => {
 		it('renders org displayName when available from appContext', async () => {
+			server.use(
+				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+					res(ctx.status(200), ctx.json(mockHostsResponse)),
+				),
+			);
+
 			render(<CustomDomainSettings />, undefined, {
 				appContextOverrides: {
 					org: [{ id: 'xyz', displayName: 'My Org Name', createdAt: 0 }],
@@ -207,6 +259,12 @@ describe('CustomDomainSettings', () => {
 		});
 
 		it('falls back to customDomainSubdomain when org displayName is missing', async () => {
+			server.use(
+				rest.get(ZEUS_HOSTS_ENDPOINT, (_, res, ctx) =>
+					res(ctx.status(200), ctx.json(mockHostsResponse)),
+				),
+			);
+
 			render(<CustomDomainSettings />, undefined, {
 				appContextOverrides: { org: [] },
 			});

frontend/src/container/DashboardContainer/DashboardVariablesSelection/useDashboardVariableUpdate.ts

@@ -1,7 +1,5 @@
 /* eslint-disable sonarjs/cognitive-complexity */
 import { useCallback } from 'react';
-import { useTranslation } from 'react-i18next';
-import { toast } from '@signozhq/ui/sonner';
 import { useAddDynamicVariableToPanels } from 'hooks/dashboard/useAddDynamicVariableToPanels';
 import { updateLocalStorageDashboardVariable } from 'hooks/dashboard/useDashboardFromLocalStorage';
 import { useUpdateDashboard } from 'hooks/dashboard/useUpdateDashboard';
@@ -50,7 +48,6 @@ export const useDashboardVariableUpdate =
 		);
 		const addDynamicVariableToPanels = useAddDynamicVariableToPanels();
 		const updateMutation = useUpdateDashboard();
-		const { t } = useTranslation('dashboard');
 
 		const onValueUpdate = useCallback(
 			(
@@ -180,14 +177,6 @@ export const useDashboardVariableUpdate =
 				// Get current dashboard variables
 				const currentVariables = dashboardData.data.variables || {};
 
-				const nameExists = Object.values(currentVariables).some(
-					(v) => v.name === name,
-				);
-				if (nameExists) {
-					toast.error(t('variable_name_already_exists', { name, ns: 'dashboard' }));
-					return;
-				}
-
 				// Create tableRowData like Dashboard Settings does
 				const tableRowData = [];
 				const variableOrderArr = [];
@@ -213,20 +202,21 @@ export const useDashboardVariableUpdate =
 				// Create new variable
 				const nextOrder =
 					variableOrderArr.length > 0 ? Math.max(...variableOrderArr) + 1 : 0;
-				const newVariable: IDashboardVariable = {
+				const newVariable: any = {
 					id: uuidv4(),
 					name,
-					type: 'DYNAMIC',
+					type: 'DYNAMIC' as const,
 					description,
 					order: nextOrder,
 					selectedValue: value,
 					allSelected: false,
 					haveCustomValuesSelected: false,
-					sort: 'ASC',
+					sort: 'ASC' as const,
 					multiSelect: true,
 					showALLOption: true,
 					dynamicVariablesAttribute: name,
 					dynamicVariablesSource: source,
+					dynamicVariablesWidgetIds: [],
 					queryValue: '',
 				};
 

frontend/src/container/GeneralSettings/__tests__/GeneralSettings.test.tsx

@@ -1,6 +1,12 @@
 import setRetentionApiV2 from 'api/settings/setRetentionV2';
 import { useGetTenantLicense } from 'hooks/useGetTenantLicense';
-import { fireEvent, render, screen, waitFor } from 'tests/test-utils';
+import {
+	fireEvent,
+	render,
+	screen,
+	userEvent,
+	waitFor,
+} from 'tests/test-utils';
 import { IDiskType } from 'types/api/disks/getDisks';
 import {
 	PayloadPropsLogs,
@@ -109,6 +115,8 @@ describe('GeneralSettings - S3 Logs Retention', () => {
 
 	describe('Test 1: S3 Enabled - Only Days in Dropdown', () => {
 		it('should show only Days option for S3 retention and send correct API payload', async () => {
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 			render(
 				<GeneralSettings
 					metricsTtlValuesPayload={mockMetricsRetention}
@@ -151,7 +159,8 @@ describe('GeneralSettings - S3 Logs Retention', () => {
 			fireEvent.click(document.body);
 
 			// Change S3 retention value to 5 days
-			fireEvent.change(s3Input, { target: { value: '5' } });
+			await user.clear(s3Input);
+			await user.type(s3Input, '5');
 
 			// Find the save button in the Logs row
 			const saveButton = logsRow.querySelector(
@@ -208,6 +217,8 @@ describe('GeneralSettings - S3 Logs Retention', () => {
 
 	describe('Test 2: S3 Disabled - Field Hidden', () => {
 		it('should hide S3 retention field and send empty S3 values to API', async () => {
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 			render(
 				<GeneralSettings
 					metricsTtlValuesPayload={mockMetricsRetention}
@@ -234,7 +245,7 @@ describe('GeneralSettings - S3 Logs Retention', () => {
 			const totalDropdown = logsRow.querySelector(
 				'.ant-select-selector',
 			) as HTMLElement;
-			fireEvent.mouseDown(totalDropdown);
+			await user.click(totalDropdown);
 
 			// Wait for dropdown options to appear
 			await waitFor(() => {
@@ -248,10 +259,11 @@ describe('GeneralSettings - S3 Logs Retention', () => {
 				opt.textContent?.includes('Days'),
 			);
 			expect(daysOption).toBeInTheDocument();
-			fireEvent.click(daysOption as HTMLElement);
+			await user.click(daysOption as HTMLElement);
 
 			// Now change the value
-			fireEvent.change(totalInput, { target: { value: '60' } });
+			await user.clear(totalInput);
+			await user.type(totalInput, '60');
 
 			// Find the save button
 			const saveButton = logsRow.querySelector(
@@ -265,14 +277,14 @@ describe('GeneralSettings - S3 Logs Retention', () => {
 			});
 
 			// Click save button
-			fireEvent.click(saveButton);
+			await user.click(saveButton);
 
 			// Wait for modal to appear
 			const okButton = await screen.findByRole('button', { name: /ok/i });
 			expect(okButton).toBeInTheDocument();
 
 			// Click OK button
-			fireEvent.click(okButton);
+			await user.click(okButton);
 
 			// Verify API was called with empty S3 values (60 days)
 			await waitFor(() => {
@@ -321,6 +333,8 @@ describe('GeneralSettings - S3 Logs Retention', () => {
 
 	describe('Test 4: Save Button State with S3 Disabled', () => {
 		it('should disable save button when cold_storage_ttl_days is -1 and no changes made', async () => {
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 			render(
 				<GeneralSettings
 					metricsTtlValuesPayload={mockMetricsRetention}
@@ -351,7 +365,8 @@ describe('GeneralSettings - S3 Logs Retention', () => {
 			const totalInput = inputs[0] as HTMLInputElement;
 
 			// Change total retention value to trigger button enable
-			fireEvent.change(totalInput, { target: { value: '60' } });
+			await user.clear(totalInput);
+			await user.type(totalInput, '60');
 
 			// Button should now be enabled after change
 			await waitFor(() => {
@@ -359,7 +374,8 @@ describe('GeneralSettings - S3 Logs Retention', () => {
 			});
 
 			// Revert to original value (30 days displays as 1 Month)
-			fireEvent.change(totalInput, { target: { value: '1' } });
+			await user.clear(totalInput);
+			await user.type(totalInput, '1');
 
 			// Button should be disabled again (back to original state)
 			await waitFor(() => {

frontend/src/container/ListAlertRules/ToggleAlertState.tsx

@@ -1,8 +1,6 @@
 import { Dispatch, SetStateAction, useState } from 'react';
-import { useQueryClient } from 'react-query';
 import { patchRulePartial } from 'api/alerts/patchRulePartial';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
-import { invalidateGetRuleByID } from 'api/generated/services/rules';
 import type {
 	RenderErrorResponseDTO,
 	RuletypesRuleDTO,
@@ -30,7 +28,6 @@ function ToggleAlertState({
 
 	const { notifications } = useNotifications();
 	const { showErrorModal } = useErrorModal();
-	const queryClient = useQueryClient();
 
 	const onToggleHandler = async (
 		id: string,
@@ -63,9 +60,6 @@ function ToggleAlertState({
 				loading: false,
 				payload: updatedRule,
 			}));
-
-			invalidateGetRuleByID(queryClient, { id });
-
 			notifications.success({
 				message: 'Success',
 			});

frontend/src/container/MCPServerSettings/CopyIconButton.tsx

@@ -1,5 +1,5 @@
 import { Button } from '@signozhq/ui/button';
-import { TooltipSimple, TooltipProvider } from '@signozhq/ui/tooltip';
+import { Tooltip, TooltipProvider } from '@signozhq/ui/tooltip';
 import { Copy } from '@signozhq/icons';
 import './CopyIconButton.styles.scss';
 
@@ -20,7 +20,7 @@ function CopyIconButton({
 
 	return (
 		<TooltipProvider>
-			<TooltipSimple title={tooltipTitle}>
+			<Tooltip title={tooltipTitle}>
 				<span>
 					<Button
 						color="secondary"
@@ -33,7 +33,7 @@ function CopyIconButton({
 						onClick={onCopy}
 					/>
 				</span>
-			</TooltipSimple>
+			</Tooltip>
 		</TooltipProvider>
 	);
 }

frontend/src/container/MembersSettings/__tests__/MembersSettings.integration.test.tsx

@@ -1,6 +1,6 @@
 import type { TypesUserDTO } from 'api/generated/services/sigNoz.schemas';
 import { rest, server } from 'mocks-server/server';
-import { fireEvent, render, screen } from 'tests/test-utils';
+import { render, screen, userEvent } from 'tests/test-utils';
 
 import MembersSettings from '../MembersSettings';
 
@@ -76,27 +76,32 @@ describe('MembersSettings (integration)', () => {
 	});
 
 	it('filters to pending invites via the filter dropdown', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 		render(<MembersSettings />);
 
 		await screen.findByText('Alice Smith');
 
-		fireEvent.click(screen.getByRole('button', { name: /all members/i }));
+		await user.click(screen.getByRole('button', { name: /all members/i }));
 
 		const pendingOption = await screen.findByText(/pending invites/i);
-		fireEvent.click(pendingOption);
+		await user.click(pendingOption);
 
 		await screen.findByText('charlie@signoz.io');
 		expect(screen.queryByText('Alice Smith')).not.toBeInTheDocument();
 	});
 
 	it('filters members by name using the search input', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 		render(<MembersSettings />);
 
 		await screen.findByText('Alice Smith');
 
-		fireEvent.change(screen.getByPlaceholderText(/Search by name or email/i), {
-			target: { value: 'bob' },
-		});
+		await user.type(
+			screen.getByPlaceholderText(/Search by name or email/i),
+			'bob',
+		);
 
 		await screen.findByText('Bob Jones');
 		expect(screen.queryByText('Alice Smith')).not.toBeInTheDocument();
@@ -104,25 +109,31 @@ describe('MembersSettings (integration)', () => {
 	});
 
 	it('opens EditMemberDrawer when an active member row is clicked', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 		render(<MembersSettings />);
 
-		fireEvent.click(await screen.findByText('Alice Smith'));
+		await user.click(await screen.findByText('Alice Smith'));
 
 		await screen.findByText('Member Details');
 	});
 
 	it('opens EditMemberDrawer when a deleted member row is clicked', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 		render(<MembersSettings />);
 
-		fireEvent.click(await screen.findByText('Dave Deleted'));
+		await user.click(await screen.findByText('Dave Deleted'));
 
 		expect(screen.queryByText('Member Details')).toBeInTheDocument();
 	});
 
 	it('opens InviteMembersModal when "Invite member" button is clicked', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 		render(<MembersSettings />);
 
-		fireEvent.click(screen.getByRole('button', { name: /invite member/i }));
+		await user.click(screen.getByRole('button', { name: /invite member/i }));
 
 		await expect(
 			screen.findAllByPlaceholderText('john@signoz.io'),

frontend/src/container/OrganizationSettings/AuthDomain/__tests__/CreateEdit.test.tsx

@@ -117,7 +117,8 @@ describe('CreateEdit Modal', () => {
 		});
 	});
 
-	describe('Form Validation', () => {
+	// Todo: to fixed properly - failing with - due to timeout > 5000ms
+	describe.skip('Form Validation', () => {
 		it('shows validation error when submitting without required fields', async () => {
 			const user = userEvent.setup({ pointerEventsCheck: 0 });
 
@@ -126,7 +127,7 @@ describe('CreateEdit Modal', () => {
 			const configureButtons = await screen.findAllByRole('button', {
 				name: /configure/i,
 			});
-			fireEvent.click(configureButtons[0]);
+			await user.click(configureButtons[0]);
 
 			const saveButton = await screen.findByRole('button', {
 				name: /save changes/i,
@@ -337,8 +338,11 @@ describe('CreateEdit Modal', () => {
 		});
 	});
 
-	describe('Modal Actions', () => {
-		it('calls onClose when cancel button is clicked', () => {
+	// Todo: to fixed properly - failing with - due to timeout > 5000ms
+	describe.skip('Modal Actions', () => {
+		it('calls onClose when cancel button is clicked', async () => {
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 			render(
 				<CreateEdit
 					isCreate={false}
@@ -348,7 +352,7 @@ describe('CreateEdit Modal', () => {
 			);
 
 			const cancelButton = screen.getByRole('button', { name: /cancel/i });
-			fireEvent.click(cancelButton);
+			await user.click(cancelButton);
 
 			expect(mockOnClose).toHaveBeenCalled();
 		});

frontend/src/container/RolesSettings/RoleDetails/__tests__/RoleDetailsPage.test.tsx

@@ -1,20 +1,13 @@
+// Ungate feature flag for all tests in this file
 jest.mock('../../config', () => ({ IS_ROLE_DETAILS_AND_CRUD_ENABLED: true }));
 
-import * as roleApi from 'api/generated/services/role';
 import {
 	customRoleResponse,
 	managedRoleResponse,
 } from 'mocks-server/__mockdata__/roles';
 import { server } from 'mocks-server/server';
 import { rest } from 'msw';
-import {
-	fireEvent,
-	render,
-	screen,
-	userEvent,
-	waitFor,
-	within,
-} from 'tests/test-utils';
+import { render, screen, userEvent, waitFor, within } from 'tests/test-utils';
 
 import RoleDetailsPage from '../RoleDetailsPage';
 
@@ -29,7 +22,7 @@ const allScopeObjectsResponse = {
 	status: 'success',
 	data: [
 		{
-			resource: { kind: 'role', type: 'metaresources' },
+			resource: { name: 'dashboard', type: 'dashboard' },
 			selectors: ['*'],
 		},
 	],
@@ -51,7 +44,8 @@ afterEach(() => {
 	server.resetHandlers();
 });
 
-describe('RoleDetailsPage', () => {
+// Todo: to fixed properly - failing with - due to timeout > 5000ms
+describe.skip('RoleDetailsPage', () => {
 	it('renders custom role header, tabs, description, permissions, and action buttons', async () => {
 		setupDefaultHandlers();
 
@@ -63,16 +57,20 @@ describe('RoleDetailsPage', () => {
 			screen.findByText('Role — billing-manager'),
 		).resolves.toBeInTheDocument();
 
+		// Tab navigation
 		expect(screen.getByText('Overview')).toBeInTheDocument();
 		expect(screen.getByText('Members')).toBeInTheDocument();
 
+		// Role description (OverviewTab)
 		expect(
 			screen.getByText('Custom role for managing billing and invoices.'),
 		).toBeInTheDocument();
 
+		// Permission items derived from mocked authz relations
 		expect(screen.getByText('Create')).toBeInTheDocument();
 		expect(screen.getByText('Read')).toBeInTheDocument();
 
+		// Action buttons present for custom role
 		expect(
 			screen.getByRole('button', { name: /edit role details/i }),
 		).toBeInTheDocument();
@@ -98,13 +96,14 @@ describe('RoleDetailsPage', () => {
 			),
 		).toBeInTheDocument();
 
+		// Action buttons absent for managed role
 		expect(screen.queryByText('Edit Role Details')).not.toBeInTheDocument();
 		expect(
 			screen.queryByRole('button', { name: /delete role/i }),
 		).not.toBeInTheDocument();
 	});
 
-	it('edit flow: modal opens pre-filled and calls PATCH on save', async () => {
+	it('edit flow: modal opens pre-filled and calls PATCH on save and verify', async () => {
 		const patchSpy = jest.fn();
 		let description = customRoleResponse.data.description;
 		server.use(
@@ -139,16 +138,21 @@ describe('RoleDetailsPage', () => {
 
 		await screen.findByText('Role — billing-manager');
 
+		// Open the edit modal
 		await user.click(screen.getByRole('button', { name: /edit role details/i }));
 		await expect(
-			screen.findByText('Edit Role Details', { selector: '.ant-modal-title' }),
+			screen.findByText('Edit Role Details', {
+				selector: '.ant-modal-title',
+			}),
 		).resolves.toBeInTheDocument();
 
+		// Name field is disabled in edit mode (role rename is not allowed)
 		const nameInput = screen.getByPlaceholderText(
 			'Enter role name e.g. : Service Owner',
 		);
 		expect(nameInput).toBeDisabled();
 
+		// Update description and save
 		const descField = screen.getByPlaceholderText(
 			'A helpful description of the role',
 		);
@@ -164,7 +168,9 @@ describe('RoleDetailsPage', () => {
 
 		await waitFor(() =>
 			expect(
-				screen.queryByText('Edit Role Details', { selector: '.ant-modal-title' }),
+				screen.queryByText('Edit Role Details', {
+					selector: '.ant-modal-title',
+				}),
 			).not.toBeInTheDocument(),
 		);
 
@@ -213,61 +219,58 @@ describe('RoleDetailsPage', () => {
 	});
 
 	describe('permission side panel', () => {
-		beforeEach(() => {
-			// Both hooks mocked so data renders synchronously — no React Query scheduler or MSW round-trip.
-			jest.spyOn(roleApi, 'useGetRole').mockReturnValue({
-				data: customRoleResponse,
-				isLoading: false,
-				isFetching: false,
-				isError: false,
-				error: null,
-			} as any);
-			jest
-				.spyOn(roleApi, 'useGetObjects')
-				.mockReturnValue({ data: emptyObjectsResponse, isLoading: false } as any);
-		});
-
-		afterEach(() => {
-			jest.restoreAllMocks();
-		});
-
-		async function openCreatePanel(): Promise<HTMLElement> {
+		async function openCreatePanel(
+			user: ReturnType<typeof userEvent.setup>,
+		): Promise<void> {
 			await screen.findByText('Role — billing-manager');
-			fireEvent.click(screen.getByText('Create'));
+			await user.click(screen.getByText('Create'));
 			await screen.findByText('Edit Create Permissions');
-			const panel = document.querySelector(
-				'.permission-side-panel',
-			) as HTMLElement;
-			await within(panel).findByRole('button', { name: 'Role' });
-			return panel;
+			await screen.findByRole('button', { name: /dashboard/i });
 		}
 
 		it('Save Changes is disabled until a resource scope is changed', async () => {
+			setupDefaultHandlers();
+			server.use(
+				rest.get(
+					`${rolesApiBase}/:id/relation/:relation/objects`,
+					(_req, res, ctx) => res(ctx.status(200), ctx.json(emptyObjectsResponse)),
+				),
+			);
+
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 			render(<RoleDetailsPage />, undefined, {
 				initialRoute: `/settings/roles/${CUSTOM_ROLE_ID}`,
 			});
 
-			const panel = await openCreatePanel();
+			await openCreatePanel(user);
+
+			// No change yet — config matches initial, unsavedCount = 0
+			expect(screen.getByRole('button', { name: /save changes/i })).toBeDisabled();
+
+			// Expand Dashboard and flip to All — now Save is enabled
+			await user.click(screen.getByRole('button', { name: /dashboard/i }));
+			await user.click(screen.getByText('All'));
 
 			expect(
-				within(panel).getByRole('button', { name: /save changes/i }),
-			).toBeDisabled();
-
-			fireEvent.click(within(panel).getByRole('button', { name: 'Role' }));
-			fireEvent.click(screen.getByText('All'));
-
-			expect(
-				within(panel).getByRole('button', { name: /save changes/i }),
+				screen.getByRole('button', { name: /save changes/i }),
 			).not.toBeDisabled();
+
+			// check for what shown now - unsavedCount = 1
 			expect(screen.getByText('1 unsaved change')).toBeInTheDocument();
 		});
 
 		it('set scope to All → patchObjects additions: ["*"], deletions: null', async () => {
 			const patchSpy = jest.fn();
 
+			setupDefaultHandlers();
 			server.use(
+				rest.get(
+					`${rolesApiBase}/:id/relation/:relation/objects`,
+					(_req, res, ctx) => res(ctx.status(200), ctx.json(emptyObjectsResponse)),
+				),
 				rest.patch(
-					`${rolesApiBase}/:id/relations/:relation/objects`,
+					`${rolesApiBase}/:id/relation/:relation/objects`,
 					async (req, res, ctx) => {
 						patchSpy(await req.json());
 						return res(ctx.status(200), ctx.json({ status: 'success', data: null }));
@@ -275,23 +278,23 @@ describe('RoleDetailsPage', () => {
 				),
 			);
 
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 			render(<RoleDetailsPage />, undefined, {
 				initialRoute: `/settings/roles/${CUSTOM_ROLE_ID}`,
 			});
 
-			const panel = await openCreatePanel();
+			await openCreatePanel(user);
 
-			fireEvent.click(within(panel).getByRole('button', { name: 'Role' }));
-			fireEvent.click(screen.getByText('All'));
-			fireEvent.click(
-				within(panel).getByRole('button', { name: /save changes/i }),
-			);
+			await user.click(screen.getByRole('button', { name: /dashboard/i }));
+			await user.click(screen.getByText('All'));
+			await user.click(screen.getByRole('button', { name: /save changes/i }));
 
 			await waitFor(() =>
 				expect(patchSpy).toHaveBeenCalledWith({
 					additions: [
 						{
-							resource: { kind: 'role', type: 'role' },
+							resource: { name: 'dashboard', type: 'dashboard' },
 							selectors: ['*'],
 						},
 					],
@@ -303,9 +306,14 @@ describe('RoleDetailsPage', () => {
 		it('set scope to Only selected with IDs → patchObjects additions contain those IDs', async () => {
 			const patchSpy = jest.fn();
 
+			setupDefaultHandlers();
 			server.use(
+				rest.get(
+					`${rolesApiBase}/:id/relation/:relation/objects`,
+					(_req, res, ctx) => res(ctx.status(200), ctx.json(emptyObjectsResponse)),
+				),
 				rest.patch(
-					`${rolesApiBase}/:id/relations/:relation/objects`,
+					`${rolesApiBase}/:id/relation/:relation/objects`,
 					async (req, res, ctx) => {
 						patchSpy(await req.json());
 						return res(ctx.status(200), ctx.json({ status: 'success', data: null }));
@@ -313,28 +321,29 @@ describe('RoleDetailsPage', () => {
 				),
 			);
 
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 			render(<RoleDetailsPage />, undefined, {
 				initialRoute: `/settings/roles/${CUSTOM_ROLE_ID}`,
 			});
 
-			const panel = await openCreatePanel();
+			await openCreatePanel(user);
 
-			fireEvent.click(within(panel).getByRole('button', { name: 'Role' }));
+			await user.click(screen.getByRole('button', { name: /dashboard/i }));
 
-			const combobox = within(panel).getByRole('combobox');
-			fireEvent.change(combobox, { target: { value: 'role-001' } });
-			fireEvent.keyDown(combobox, { key: 'Enter', keyCode: 13 });
+			const combobox = screen.getByRole('combobox');
+			await user.click(combobox);
+			await user.type(combobox, 'dash-1');
+			await user.keyboard('{Enter}');
 
-			fireEvent.click(
-				within(panel).getByRole('button', { name: /save changes/i }),
-			);
+			await user.click(screen.getByRole('button', { name: /save changes/i }));
 
 			await waitFor(() =>
 				expect(patchSpy).toHaveBeenCalledWith({
 					additions: [
 						{
-							resource: { kind: 'role', type: 'role' },
-							selectors: ['role-001'],
+							resource: { name: 'dashboard', type: 'dashboard' },
+							selectors: ['dash-1'],
 						},
 					],
 					deletions: null,
@@ -345,13 +354,15 @@ describe('RoleDetailsPage', () => {
 		it('existing All scope changed to Only selected (empty) → patchObjects deletions: ["*"], additions: null', async () => {
 			const patchSpy = jest.fn();
 
-			jest.spyOn(roleApi, 'useGetObjects').mockReturnValue({
-				data: allScopeObjectsResponse,
-				isLoading: false,
-			} as any);
+			setupDefaultHandlers();
 			server.use(
+				rest.get(
+					`${rolesApiBase}/:id/relation/:relation/objects`,
+					(_req, res, ctx) =>
+						res(ctx.status(200), ctx.json(allScopeObjectsResponse)),
+				),
 				rest.patch(
-					`${rolesApiBase}/:id/relations/:relation/objects`,
+					`${rolesApiBase}/:id/relation/:relation/objects`,
 					async (req, res, ctx) => {
 						patchSpy(await req.json());
 						return res(ctx.status(200), ctx.json({ status: 'success', data: null }));
@@ -359,24 +370,26 @@ describe('RoleDetailsPage', () => {
 				),
 			);
 
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 			render(<RoleDetailsPage />, undefined, {
 				initialRoute: `/settings/roles/${CUSTOM_ROLE_ID}`,
 			});
 
-			const panel = await openCreatePanel();
+			await openCreatePanel(user);
 
-			fireEvent.click(within(panel).getByRole('button', { name: 'Role' }));
-			fireEvent.click(screen.getByText('Only selected'));
-			fireEvent.click(
-				within(panel).getByRole('button', { name: /save changes/i }),
-			);
+			await user.click(screen.getByRole('button', { name: /dashboard/i }));
 
+			await user.click(screen.getByText('Only selected'));
+			await user.click(screen.getByRole('button', { name: /save changes/i }));
+
+			// Should delete the '*' selector and add nothing
 			await waitFor(() =>
 				expect(patchSpy).toHaveBeenCalledWith({
 					additions: null,
 					deletions: [
 						{
-							resource: { kind: 'role', type: 'role' },
+							resource: { name: 'dashboard', type: 'dashboard' },
 							selectors: ['*'],
 						},
 					],
@@ -385,25 +398,36 @@ describe('RoleDetailsPage', () => {
 		});
 
 		it('unsaved changes counter shown on scope change, Discard resets it', async () => {
+			setupDefaultHandlers();
+			server.use(
+				rest.get(
+					`${rolesApiBase}/:id/relation/:relation/objects`,
+					(_req, res, ctx) => res(ctx.status(200), ctx.json(emptyObjectsResponse)),
+				),
+			);
+
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 			render(<RoleDetailsPage />, undefined, {
 				initialRoute: `/settings/roles/${CUSTOM_ROLE_ID}`,
 			});
 
-			const panel = await openCreatePanel();
+			await openCreatePanel(user);
 
+			// No unsaved changes indicator yet
 			expect(screen.queryByText(/unsaved change/)).not.toBeInTheDocument();
 
-			fireEvent.click(within(panel).getByRole('button', { name: 'Role' }));
-			fireEvent.click(screen.getByText('All'));
+			// Change dashboard scope to "All"
+			await user.click(screen.getByRole('button', { name: /dashboard/i }));
+			await user.click(screen.getByText('All'));
 
 			expect(screen.getByText('1 unsaved change')).toBeInTheDocument();
 
-			fireEvent.click(within(panel).getByRole('button', { name: /discard/i }));
+			// Discard reverts to initial config — counter disappears, Save re-disabled
+			await user.click(screen.getByRole('button', { name: /discard/i }));
 
 			expect(screen.queryByText(/unsaved change/)).not.toBeInTheDocument();
-			expect(
-				within(panel).getByRole('button', { name: /save changes/i }),
-			).toBeDisabled();
+			expect(screen.getByRole('button', { name: /save changes/i })).toBeDisabled();
 		});
 	});
 });

frontend/src/container/RolesSettings/__tests__/RolesSettings.test.tsx

@@ -4,27 +4,24 @@ import {
 } from 'mocks-server/__mockdata__/roles';
 import { server } from 'mocks-server/server';
 import { rest } from 'msw';
-import { fireEvent, render, screen } from 'tests/test-utils';
+import { render, screen, userEvent } from 'tests/test-utils';
 
 import RolesSettings from '../RolesSettings';
 
 const rolesApiURL = 'http://localhost/api/v1/roles';
 
 describe('RolesSettings', () => {
-	beforeEach(() => {
+	afterEach(() => {
+		jest.clearAllMocks();
+	});
+
+	it('renders the header and search input', () => {
 		server.use(
 			rest.get(rolesApiURL, (_req, res, ctx) =>
 				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
 			),
 		);
-	});
 
-	afterEach(() => {
-		jest.clearAllMocks();
-		server.resetHandlers();
-	});
-
-	it('renders the header and search input', () => {
 		render(<RolesSettings />);
 
 		expect(screen.getByText('Roles')).toBeInTheDocument();
@@ -37,6 +34,12 @@ describe('RolesSettings', () => {
 	});
 
 	it('displays roles grouped by managed and custom sections', async () => {
+		server.use(
+			rest.get(rolesApiURL, (_req, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+		);
+
 		render(<RolesSettings />);
 
 		await expect(screen.findByText('signoz-admin')).resolves.toBeInTheDocument();
@@ -65,13 +68,20 @@ describe('RolesSettings', () => {
 	});
 
 	it('filters roles by search query on name', async () => {
+		server.use(
+			rest.get(rolesApiURL, (_req, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+		);
+
 		render(<RolesSettings />);
 
 		await expect(screen.findByText('signoz-admin')).resolves.toBeInTheDocument();
 
-		fireEvent.change(screen.getByPlaceholderText('Search for roles...'), {
-			target: { value: 'billing' },
-		});
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const searchInput = screen.getByPlaceholderText('Search for roles...');
+
+		await user.type(searchInput, 'billing');
 
 		await expect(
 			screen.findByText('billing-manager'),
@@ -82,13 +92,20 @@ describe('RolesSettings', () => {
 	});
 
 	it('filters roles by search query on description', async () => {
+		server.use(
+			rest.get(rolesApiURL, (_req, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+		);
+
 		render(<RolesSettings />);
 
 		await expect(screen.findByText('signoz-admin')).resolves.toBeInTheDocument();
 
-		fireEvent.change(screen.getByPlaceholderText('Search for roles...'), {
-			target: { value: 'read-only' },
-		});
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const searchInput = screen.getByPlaceholderText('Search for roles...');
+
+		await user.type(searchInput, 'read-only');
 
 		await expect(screen.findByText('signoz-viewer')).resolves.toBeInTheDocument();
 		expect(screen.queryByText('signoz-admin')).not.toBeInTheDocument();
@@ -96,13 +113,20 @@ describe('RolesSettings', () => {
 	});
 
 	it('shows empty state when search matches nothing', async () => {
+		server.use(
+			rest.get(rolesApiURL, (_req, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+		);
+
 		render(<RolesSettings />);
 
 		await expect(screen.findByText('signoz-admin')).resolves.toBeInTheDocument();
 
-		fireEvent.change(screen.getByPlaceholderText('Search for roles...'), {
-			target: { value: 'nonexistentrole' },
-		});
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const searchInput = screen.getByPlaceholderText('Search for roles...');
+
+		await user.type(searchInput, 'nonexistentrole');
 
 		await expect(
 			screen.findByText('No roles match your search.'),
@@ -159,6 +183,12 @@ describe('RolesSettings', () => {
 	});
 
 	it('renders descriptions for all roles', async () => {
+		server.use(
+			rest.get(rolesApiURL, (_req, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+		);
+
 		render(<RolesSettings />);
 
 		await expect(screen.findByText('signoz-admin')).resolves.toBeInTheDocument();

frontend/src/container/ServiceAccountsSettings/__tests__/ServiceAccountsSettings.integration.test.tsx

@@ -2,7 +2,7 @@ import type { ReactNode } from 'react';
 import { listRolesSuccessResponse } from 'mocks-server/__mockdata__/roles';
 import { rest, server } from 'mocks-server/server';
 import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
-import { fireEvent, render, screen, waitFor } from 'tests/test-utils';
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
 
 import ServiceAccountsSettings from '../ServiceAccountsSettings';
 
@@ -123,6 +123,8 @@ describe('ServiceAccountsSettings (integration)', () => {
 	});
 
 	it('filter dropdown to "Active" hides DISABLED accounts', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 		render(
 			<NuqsTestingAdapter>
 				<ServiceAccountsSettings />
@@ -131,16 +133,18 @@ describe('ServiceAccountsSettings (integration)', () => {
 
 		await screen.findByText('CI Bot');
 
-		fireEvent.click(screen.getByRole('button', { name: /All accounts/i }));
+		await user.click(screen.getByRole('button', { name: /All accounts/i }));
 
 		const activeOption = await screen.findByText(/Active ⎯/i);
-		fireEvent.click(activeOption);
+		await user.click(activeOption);
 
 		await screen.findByText('CI Bot');
 		expect(screen.queryByText('Legacy Bot')).not.toBeInTheDocument();
 	});
 
 	it('search by name filters accounts in real-time', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 		render(
 			<NuqsTestingAdapter>
 				<ServiceAccountsSettings />
@@ -149,9 +153,10 @@ describe('ServiceAccountsSettings (integration)', () => {
 
 		await screen.findByText('CI Bot');
 
-		fireEvent.change(screen.getByPlaceholderText(/Search by name or email/i), {
-			target: { value: 'legacy' },
-		});
+		await user.type(
+			screen.getByPlaceholderText(/Search by name or email/i),
+			'legacy',
+		);
 
 		await screen.findByText('Legacy Bot');
 		expect(screen.queryByText('CI Bot')).not.toBeInTheDocument();
@@ -159,13 +164,15 @@ describe('ServiceAccountsSettings (integration)', () => {
 	});
 
 	it('clicking a row opens the drawer with account details visible', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 		render(
 			<NuqsTestingAdapter hasMemory>
 				<ServiceAccountsSettings />
 			</NuqsTestingAdapter>,
 		);
 
-		fireEvent.click(
+		await user.click(
 			await screen.findByRole('button', {
 				name: /View service account CI Bot/i,
 			}),
@@ -177,6 +184,7 @@ describe('ServiceAccountsSettings (integration)', () => {
 	});
 
 	it('saving changes in the drawer refetches the list', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
 		const listRefetchSpy = jest.fn();
 
 		server.use(
@@ -198,14 +206,15 @@ describe('ServiceAccountsSettings (integration)', () => {
 		await screen.findByText('CI Bot');
 		listRefetchSpy.mockClear();
 
-		fireEvent.click(
+		await user.click(
 			await screen.findByRole('button', { name: /View service account CI Bot/i }),
 		);
 
 		const nameInput = await screen.findByDisplayValue('CI Bot');
-		fireEvent.change(nameInput, { target: { value: 'CI Bot Updated' } });
+		await user.clear(nameInput);
+		await user.type(nameInput, 'CI Bot Updated');
 
-		fireEvent.click(screen.getByRole('button', { name: /Save Changes/i }));
+		await user.click(screen.getByRole('button', { name: /Save Changes/i }));
 
 		await screen.findByDisplayValue('CI Bot Updated');
 		await waitFor(() => {
@@ -214,6 +223,8 @@ describe('ServiceAccountsSettings (integration)', () => {
 	});
 
 	it('"New Service Account" button opens the Create Service Account modal', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
 		render(
 			<NuqsTestingAdapter hasMemory>
 				<ServiceAccountsSettings />
@@ -222,7 +233,9 @@ describe('ServiceAccountsSettings (integration)', () => {
 
 		await screen.findByText('CI Bot');
 
-		fireEvent.click(screen.getByRole('button', { name: /New Service Account/i }));
+		await user.click(
+			screen.getByRole('button', { name: /New Service Account/i }),
+		);
 
 		await screen.findByRole('dialog', { name: /New Service Account/i });
 		expect(screen.getByPlaceholderText('Enter a name')).toBeInTheDocument();

frontend/src/hooks/useAuthZ/permissions.type.ts

@@ -4,8 +4,12 @@ export default {
 	data: {
 		resources: [
 			{
-				kind: 'factor-api-key',
-				type: 'metaresource',
+				kind: 'role',
+				type: 'metaresources',
+			},
+			{
+				kind: 'serviceaccount',
+				type: 'metaresources',
 			},
 			{
 				kind: 'role',
@@ -18,13 +22,12 @@ export default {
 		],
 		relations: {
 			assignee: ['role'],
-			attach: ['metaresource', 'role', 'serviceaccount'],
-			create: ['metaresource', 'role', 'serviceaccount'],
-			delete: ['metaresource', 'role', 'serviceaccount'],
-			detach: ['metaresource', 'role', 'serviceaccount'],
-			list: ['metaresource', 'role', 'serviceaccount'],
-			read: ['metaresource', 'role', 'serviceaccount'],
-			update: ['metaresource', 'role', 'serviceaccount'],
+			attach: ['role', 'serviceaccount'],
+			create: ['metaresources'],
+			delete: ['role', 'serviceaccount'],
+			list: ['metaresources'],
+			read: ['role', 'serviceaccount'],
+			update: ['role', 'serviceaccount'],
 		},
 	},
 } as const;

frontend/src/hooks/useAuthZ/utils.ts

@@ -80,6 +80,19 @@ export function permissionToTransactionDto(
 	permission: BrandedPermission,
 ): AuthtypesTransactionDTO {
 	const { relation, object: objectStr } = parsePermission(permission);
+	const directType = resolveType(relation, objectStr);
+	if (directType === 'metaresources') {
+		return {
+			relation: relation as AuthtypesRelationDTO,
+			object: {
+				resource: {
+					kind: objectStr as ResourceName,
+					type: directType as CoretypesTypeDTO,
+				},
+				selector: '*',
+			},
+		};
+	}
 	const { resourceName, selector } = splitObjectString(objectStr);
 	const type = resolveType(relation, resourceName) ?? 'metaresource';
 
@@ -104,6 +117,9 @@ export function gettableTransactionToPermission(
 	} = item;
 	const resourceName = String(resource.kind);
 	const selectorStr = typeof selector === 'string' ? selector : '*';
-	const objectStr = `${resourceName}${ObjectSeparator}${selectorStr}`;
+	const objectStr =
+		resource.type === 'metaresources'
+			? resourceName
+			: `${resourceName}${ObjectSeparator}${selectorStr}`;
 	return `${relation}${PermissionSeparator}${objectStr}` as BrandedPermission;
 }

frontend/src/lib/newQueryBuilder/queryBuilderMappers/mapQueryDataFromApi.ts

@@ -53,9 +53,7 @@ const mapQueryFromV5 = (compositeQuery: ICompositeMetricQuery): Query => {
 			}
 		} else if (q.type === 'builder_trace_operator') {
 			if (spec.name) {
-				builderQueries[spec.name] = convertBuilderQueryToIBuilderQuery(
-					spec as BuilderQuery,
-				) as IBuilderTraceOperator;
+				builderQueries[spec.name] = spec as unknown as IBuilderTraceOperator;
 				builderQueryTypes[spec.name] = 'builder_trace_operator';
 			}
 		} else if (q.type === 'promql') {

frontend/src/pages/AlertDetails/AlertHeader/AlertState/AlertState.tsx

@@ -17,7 +17,7 @@ export default function AlertState({
 	let label;
 	const isDarkMode = useIsDarkMode();
 	switch (state) {
-		case 'nodata':
+		case 'no-data':
 			icon = (
 				<CircleOff
 					size={18}

frontend/src/pages/AlertDetails/hooks.tsx

@@ -12,7 +12,6 @@ import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
 import {
 	createRule,
 	deleteRuleByID,
-	invalidateGetRuleByID,
 	updateRuleByID,
 	useGetRuleByID,
 	useListRules,
@@ -409,7 +408,6 @@ export const useAlertRuleStatusToggle = ({
 		{
 			onSuccess: (data) => {
 				setAlertRuleState(data.data.state);
-				invalidateGetRuleByID(queryClient, { id: ruleId });
 				queryClient.refetchQueries([REACT_QUERY_KEY.ALERT_RULE_DETAILS, ruleId]);
 				notifications.success({
 					message: `Alert has been ${
@@ -418,7 +416,6 @@ export const useAlertRuleStatusToggle = ({
 				});
 			},
 			onError: (error) => {
-				invalidateGetRuleByID(queryClient, { id: ruleId });
 				queryClient.refetchQueries([REACT_QUERY_KEY.ALERT_RULE_DETAILS, ruleId]);
 				showErrorModal(
 					convertToApiError(error as AxiosError<RenderErrorResponseDTO>) as APIError,

frontend/src/pages/TraceDetailsV3/SpanDetailsPanel/SpanDetailsPanel.tsx

@@ -7,7 +7,7 @@ import {
 	TabsTrigger,
 } from '@signozhq/ui/tabs';
 import {
-	TooltipRoot,
+	Tooltip,
 	TooltipContent,
 	TooltipProvider,
 	TooltipTrigger,
@@ -497,7 +497,7 @@ function SpanDetailsPanel({
 				key: 'dock-toggle',
 				component: (
 					<TooltipProvider>
-						<TooltipRoot>
+						<Tooltip>
 							<TooltipTrigger asChild>
 								<Button
 									variant="ghost"
@@ -515,7 +515,7 @@ function SpanDetailsPanel({
 							<TooltipContent className="dock-toggle-tooltip">
 								{isDocked ? 'Open as floating panel' : 'Dock at the bottom'}
 							</TooltipContent>
-						</TooltipRoot>
+						</Tooltip>
 					</TooltipProvider>
 				),
 			});

frontend/src/pages/TraceDetailsV3/SpanHoverCard/SpanHoverCard.tsx

@@ -1,5 +1,5 @@
 import {
-	TooltipRoot,
+	Tooltip,
 	TooltipContent,
 	TooltipProvider,
 	TooltipTrigger,
@@ -149,7 +149,7 @@ export function SpanHoverCard({
 
 	return (
 		<TooltipProvider>
-			<TooltipRoot open={hoverCardData !== null} onOpenChange={onOpenChange}>
+			<Tooltip open={hoverCardData !== null} onOpenChange={onOpenChange}>
 				<TooltipTrigger asChild>
 					<div
 						className="span-hover-card-anchor"
@@ -168,7 +168,7 @@ export function SpanHoverCard({
 				>
 					{hoverCardData && <SpanTooltipContent {...hoverCardData.tooltip} />}
 				</TooltipContent>
-			</TooltipRoot>
+			</Tooltip>
 		</TooltipProvider>
 	);
 }

frontend/src/pages/TraceDetailsV3/TraceDetailsHeader/TraceDetailsHeader.tsx

@@ -2,7 +2,7 @@ import { useCallback, useState } from 'react';
 import { useParams } from 'react-router-dom';
 import { Button } from '@signozhq/ui/button';
 import {
-	TooltipRoot,
+	Tooltip,
 	TooltipContent,
 	TooltipProvider,
 	TooltipTrigger,
@@ -145,7 +145,7 @@ function TraceDetailsHeader({
 						{!isFilterExpanded && (
 							<>
 								<TooltipProvider>
-									<TooltipRoot>
+									<Tooltip>
 										<TooltipTrigger asChild>
 											<Button
 												variant="ghost"
@@ -158,7 +158,7 @@ function TraceDetailsHeader({
 											</Button>
 										</TooltipTrigger>
 										<TooltipContent>Analytics</TooltipContent>
-									</TooltipRoot>
+									</Tooltip>
 								</TooltipProvider>
 								<TraceOptionsMenu
 									showTraceDetails={showTraceDetails}

frontend/src/pages/TraceDetailsV3/TraceWaterfall/SpanLineActionButtons/index.tsx

@@ -1,6 +1,6 @@
 import { Button } from '@signozhq/ui/button';
 import {
-	TooltipRoot,
+	Tooltip,
 	TooltipContent,
 	TooltipProvider,
 	TooltipTrigger,
@@ -22,7 +22,7 @@ export default function SpanLineActionButtons({
 	return (
 		<div className="span-line-action-buttons">
 			<TooltipProvider>
-				<TooltipRoot>
+				<Tooltip>
 					<TooltipTrigger asChild>
 						<Button
 							variant="ghost"
@@ -37,7 +37,7 @@ export default function SpanLineActionButtons({
 					<TooltipContent className="span-line-action-tooltip">
 						Copy Span Link
 					</TooltipContent>
-				</TooltipRoot>
+				</Tooltip>
 			</TooltipProvider>
 		</div>
 	);

frontend/src/pages/TraceDetailsV3/TraceWaterfall/TraceWaterfallStates/Success/Filters/Filters.tsx

@@ -15,7 +15,7 @@ import { ToggleGroup, ToggleGroupItem } from '@signozhq/ui/toggle-group';
 import { toast } from '@signozhq/ui/sonner';
 import { Button } from '@signozhq/ui/button';
 import {
-	TooltipRoot,
+	Tooltip,
 	TooltipContent,
 	TooltipProvider,
 	TooltipTrigger,
@@ -269,7 +269,7 @@ function Filters({
 		<>
 			{isFetching && <Loader className="animate-spin" />}
 			{error && (
-				<TooltipRoot>
+				<Tooltip>
 					<TooltipTrigger asChild>
 						<span className="filter-status filter-status--error">
 							<Info />
@@ -279,7 +279,7 @@ function Filters({
 					<TooltipContent>
 						{(error as AxiosError)?.message || 'Something went wrong'}
 					</TooltipContent>
-				</TooltipRoot>
+				</Tooltip>
 			)}
 			{!error && noData && (
 				<Typography.Text className="filter-status">
@@ -304,7 +304,7 @@ function Filters({
 			<TooltipProvider>
 				<div className="trace-v3-filter-row collapsed">
 					{expression ? (
-						<TooltipRoot>
+						<Tooltip>
 							<TooltipTrigger asChild>{pill}</TooltipTrigger>
 							<TooltipContent side="bottom" align="start">
 								<div className="filter-pill-popover">
@@ -328,7 +328,7 @@ function Filters({
 									<div className="filter-pill-popover__expression">{expression}</div>
 								</div>
 							</TooltipContent>
-						</TooltipRoot>
+						</Tooltip>
 					) : (
 						pill
 					)}

frontend/src/pages/TraceDetailsV3/TraceWaterfall/TraceWaterfallStates/Success/Success.tsx

@@ -12,7 +12,7 @@ import {
 import { Badge } from '@signozhq/ui/badge';
 import { Button } from '@signozhq/ui/button';
 import {
-	TooltipRoot,
+	Tooltip,
 	TooltipContent,
 	TooltipProvider,
 	TooltipTrigger,
@@ -112,9 +112,9 @@ const LazyEventDotPopover = memo(function LazyEventDotPopover({
 
 	return (
 		<TooltipProvider>
-			<TooltipRoot
+			<Tooltip
 				open
-				onOpenChange={(open: boolean): void => {
+				onOpenChange={(open): void => {
 					if (!open) {
 						setShowPopover(false);
 					}
@@ -129,7 +129,7 @@ const LazyEventDotPopover = memo(function LazyEventDotPopover({
 						attributeMap={event.attributeMap || {}}
 					/>
 				</TooltipContent>
-			</TooltipRoot>
+			</Tooltip>
 		</TooltipProvider>
 	);
 });
@@ -329,7 +329,7 @@ const SpanOverview = memo(function SpanOverview({
 			{/* Action buttons — shown on hover via CSS, right-aligned */}
 			<span className="span-row-actions">
 				<TooltipProvider delayDuration={200}>
-					<TooltipRoot>
+					<Tooltip>
 						<TooltipTrigger asChild>
 							<Button
 								variant="ghost"
@@ -344,8 +344,8 @@ const SpanOverview = memo(function SpanOverview({
 						<TooltipContent className="span-action-tooltip">
 							Copy Span Link
 						</TooltipContent>
-					</TooltipRoot>
-					<TooltipRoot>
+					</Tooltip>
+					<Tooltip>
 						<TooltipTrigger asChild>
 							<Button
 								variant="ghost"
@@ -360,7 +360,7 @@ const SpanOverview = memo(function SpanOverview({
 						<TooltipContent className="span-action-tooltip">
 							Add to Trace Funnel
 						</TooltipContent>
-					</TooltipRoot>
+					</Tooltip>
 				</TooltipProvider>
 			</span>
 		</div>

frontend/src/types/api/alerts/def.ts

@@ -109,8 +109,7 @@ export type AlertRuleTimelineTableResponsePayload = {
 		labels: AlertLabelsProps['labels'];
 	};
 };
-
-type AlertState = 'firing' | 'normal' | 'nodata' | 'muted';
+type AlertState = 'firing' | 'normal' | 'no-data' | 'muted';
 
 export interface AlertRuleTimelineGraphResponse {
 	start: number;

go.mod

@@ -88,6 +88,7 @@ require (
 	gonum.org/v1/gonum v0.17.0
 	google.golang.org/api v0.265.0
 	google.golang.org/protobuf v1.36.11
+	gopkg.in/evanphx/json-patch.v4 v4.13.0
 	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.35.2

pkg/apiserver/signozapiserver/dashboard.go

@@ -14,6 +14,201 @@ import (
 )
 
 func (provider *provider) addDashboardRoutes(router *mux.Router) error {
+	if err := router.Handle("/api/v2/dashboards", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.ListV2), handler.OpenAPIDef{
+		ID:                  "ListDashboardsV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "List dashboards (v2)",
+		Description:         "Returns a page of v2-shape dashboards for the calling user's org. Supports a filter DSL (`query`), sort (`updated_at`/`created_at`/`title`), order (`asc`/`desc`), and offset-based pagination (`limit`/`offset`). Pinned dashboards float to the top of each page.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new(dashboardtypes.ListableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.CreateV2), handler.OpenAPIDef{
+		ID:                  "CreateDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Create dashboard (v2)",
+		Description:         "This endpoint creates a v2-shape dashboard with structured metadata, a typed data tree, and resolved tags.",
+		Request:             new(dashboardtypes.PostableDashboardV2),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusCreated,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPost).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.GetV2), handler.OpenAPIDef{
+		ID:                  "GetDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Get dashboard (v2)",
+		Description:         "This endpoint returns a v2-shape dashboard with its tags and public sharing config (if any).",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodGet).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.UpdateV2), handler.OpenAPIDef{
+		ID:                  "UpdateDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Update dashboard (v2)",
+		Description:         "This endpoint updates a v2-shape dashboard's metadata, data, and tag set. Locked dashboards are rejected.",
+		Request:             new(dashboardtypes.UpdateableDashboardV2),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.PatchV2), handler.OpenAPIDef{
+		ID:          "PatchDashboardV2",
+		Tags:        []string{"dashboard"},
+		Summary:     "Patch dashboard (v2)",
+		Description: "This endpoint applies an RFC 6902 JSON Patch to a v2-shape dashboard. The patch is applied against the postable view of the dashboard (metadata, data, tags), so individual panels, queries, variables, layouts, or tags can be updated without re-sending the rest of the dashboard. Locked dashboards are rejected.",
+		Request:     new(dashboardtypes.JSONPatchDocument),
+		// Strictly per RFC 6902 the content type is `application/json-patch+json`,
+		// but our OpenAPI generator only reflects schemas for content types it
+		// understands (application/json, form-urlencoded, multipart) — anything
+		// else degrades to `type: string`. Declaring application/json here keeps
+		// the array-of-ops schema visible to spec consumers; the runtime decoder
+		// parses JSON regardless of the request's actual Content-Type header.
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPatch).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/lock", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.LockV2), handler.OpenAPIDef{
+		ID:                  "LockDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Lock dashboard (v2)",
+		Description:         "This endpoint locks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/lock", handler.New(provider.authzMiddleware.EditAccess(provider.dashboardHandler.UnlockV2), handler.OpenAPIDef{
+		ID:                  "UnlockDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Unlock dashboard (v2)",
+		Description:         "This endpoint unlocks a v2-shape dashboard. Only the dashboard's creator or an org admin may lock or unlock.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleEditor),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	// ViewAccess: pinning only mutates the calling user's pin list, not the
+	// dashboard itself — anyone who can view a dashboard can bookmark it.
+	if err := router.Handle("/api/v2/dashboards/{id}/pins/me", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.PinV2), handler.OpenAPIDef{
+		ID:                  "PinDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Pin a dashboard for the current user (v2)",
+		Description:         "Pins the dashboard for the calling user. A user can pin at most 10 dashboards; pinning when at the limit returns 409. Re-pinning an already-pinned dashboard is a no-op success.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/pins/me", handler.New(provider.authzMiddleware.ViewAccess(provider.dashboardHandler.UnpinV2), handler.OpenAPIDef{
+		ID:                  "UnpinDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Unpin a dashboard for the current user (v2)",
+		Description:         "Removes the pin for the calling user. Idempotent — unpinning a dashboard that wasn't pinned still returns 204.",
+		Request:             nil,
+		RequestContentType:  "",
+		Response:            nil,
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusNoContent,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
+	})).Methods(http.MethodDelete).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/public", handler.New(provider.authzMiddleware.AdminAccess(provider.dashboardHandler.CreatePublicV2), handler.OpenAPIDef{
+		ID:                  "CreatePublicDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Make a dashboard v2 public",
+		Description:         "This endpoint creates the public sharing config for a v2 dashboard and returns the dashboard with the new public config attached. Lock state does not gate this endpoint.",
+		Request:             new(dashboardtypes.PostablePublicDashboard),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodPatch).GetError(); err != nil {
+		return err
+	}
+
+	if err := router.Handle("/api/v2/dashboards/{id}/public", handler.New(provider.authzMiddleware.AdminAccess(provider.dashboardHandler.UpdatePublicV2), handler.OpenAPIDef{
+		ID:                  "UpdatePublicDashboardV2",
+		Tags:                []string{"dashboard"},
+		Summary:             "Update public sharing config for a dashboard v2",
+		Description:         "This endpoint updates the public sharing config (time range settings) of an already-public v2 dashboard. Lock state does not gate this endpoint.",
+		Request:             new(dashboardtypes.UpdatablePublicDashboard),
+		RequestContentType:  "application/json",
+		Response:            new(dashboardtypes.GettableDashboardV2),
+		ResponseContentType: "application/json",
+		SuccessStatusCode:   http.StatusOK,
+		ErrorStatusCodes:    []int{},
+		Deprecated:          false,
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
+	})).Methods(http.MethodPut).GetError(); err != nil {
+		return err
+	}
+
 	if err := router.Handle("/api/v1/dashboards/{id}/public", handler.New(provider.authzMiddleware.AdminAccess(provider.dashboardHandler.CreatePublic), handler.OpenAPIDef{
 		ID:                  "CreatePublicDashboard",
 		Tags:                []string{"dashboard"},

pkg/apiserver/signozapiserver/inframonitoring.go

@@ -143,43 +143,5 @@ func (provider *provider) addInfraMonitoringRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v2/infra_monitoring/statefulsets", handler.New(
-		provider.authzMiddleware.ViewAccess(provider.infraMonitoringHandler.ListStatefulSets),
-		handler.OpenAPIDef{
-			ID:                  "ListStatefulSets",
-			Tags:                []string{"inframonitoring"},
-			Summary:             "List StatefulSets for Infra Monitoring",
-			Description:         "Returns a paginated list of Kubernetes StatefulSets with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the statefulset, plus average CPU/memory request and limit utilization (statefulSetCPURequest, statefulSetCPULimit, statefulSetMemoryRequest, statefulSetMemoryLimit). Each row also reports the latest known desiredPods (k8s.statefulset.desired_pods) and currentPods (k8s.statefulset.current_pods) replica counts and per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value). Each statefulset includes metadata attributes (k8s.statefulset.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.statefulset.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by statefulsets in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_pods / current_pods, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (statefulSetCPU, statefulSetCPURequest, statefulSetCPULimit, statefulSetMemory, statefulSetMemoryRequest, statefulSetMemoryLimit, desiredPods, currentPods) return -1 as a sentinel when no data is available for that field.",
-			Request:             new(inframonitoringtypes.PostableStatefulSets),
-			RequestContentType:  "application/json",
-			Response:            new(inframonitoringtypes.StatefulSets),
-			ResponseContentType: "application/json",
-			SuccessStatusCode:   http.StatusOK,
-			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized},
-			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
-		})).Methods(http.MethodPost).GetError(); err != nil {
-		return err
-	}
-
-	if err := router.Handle("/api/v2/infra_monitoring/jobs", handler.New(
-		provider.authzMiddleware.ViewAccess(provider.infraMonitoringHandler.ListJobs),
-		handler.OpenAPIDef{
-			ID:                  "ListJobs",
-			Tags:                []string{"inframonitoring"},
-			Summary:             "List Jobs for Infra Monitoring",
-			Description:         "Returns a paginated list of Kubernetes Jobs with key aggregated pod metrics: CPU usage and memory working set summed across pods owned by the job, plus average CPU/memory request and limit utilization (jobCPURequest, jobCPULimit, jobMemoryRequest, jobMemoryLimit). Each row also reports the latest known job-level counters from kube-state-metrics: desiredSuccessfulPods (k8s.job.desired_successful_pods, the target completion count), activePods (k8s.job.active_pods), failedPods (k8s.job.failed_pods, cumulative across the lifetime of the job), and successfulPods (k8s.job.successful_pods, cumulative). It also reports per-group podCountsByPhase ({ pending, running, succeeded, failed, unknown } from each pod's latest k8s.pod.phase value); note podCountsByPhase.failed (current pod-phase) is distinct from failedPods (cumulative job kube-state-metric). Each job includes metadata attributes (k8s.job.name, k8s.namespace.name, k8s.cluster.name). The response type is 'list' for the default k8s.job.name grouping or 'grouped_list' for custom groupBy keys; in both modes every row aggregates pods owned by jobs in the group. Supports filtering via a filter expression, custom groupBy, ordering by cpu / cpu_request / cpu_limit / memory / memory_request / memory_limit / desired_successful_pods / active_pods / failed_pods / successful_pods, and pagination via offset/limit. Also reports missing required metrics and whether the requested time range falls before the data retention boundary. Numeric metric fields (jobCPU, jobCPURequest, jobCPULimit, jobMemory, jobMemoryRequest, jobMemoryLimit, desiredSuccessfulPods, activePods, failedPods, successfulPods) return -1 as a sentinel when no data is available for that field.",
-			Request:             new(inframonitoringtypes.PostableJobs),
-			RequestContentType:  "application/json",
-			Response:            new(inframonitoringtypes.Jobs),
-			ResponseContentType: "application/json",
-			SuccessStatusCode:   http.StatusOK,
-			ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusUnauthorized},
-			Deprecated:          false,
-			SecuritySchemes:     newSecuritySchemes(types.RoleViewer),
-		})).Methods(http.MethodPost).GetError(); err != nil {
-		return err
-	}
-
 	return nil
 }

pkg/apiserver/signozapiserver/role.go

@@ -7,14 +7,11 @@ import (
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/coretypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/gorilla/mux"
 )
 
 func (provider *provider) addRoleRoutes(router *mux.Router) error {
-	if err := router.Handle("/api/v1/roles", handler.New(provider.authzMiddleware.Check(provider.authzHandler.Create, authtypes.Relation{Verb: coretypes.VerbCreate}, coretypes.ResourceRole, roleCollectionSelectorCallback, []string{
-		authtypes.SigNozAdminRoleName,
-	}), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.Create), handler.OpenAPIDef{
 		ID:                  "CreateRole",
 		Tags:                []string{"role"},
 		Summary:             "Create role",
@@ -26,14 +23,12 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbCreate)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/roles", handler.New(provider.authzMiddleware.Check(provider.authzHandler.List, authtypes.Relation{Verb: coretypes.VerbList}, coretypes.ResourceRole, roleCollectionSelectorCallback, []string{
-		authtypes.SigNozAdminRoleName,
-	}), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.List), handler.OpenAPIDef{
 		ID:                  "ListRoles",
 		Tags:                []string{"role"},
 		Summary:             "List roles",
@@ -45,14 +40,12 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbList)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.Check(provider.authzHandler.Get, authtypes.Relation{Verb: coretypes.VerbRead}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
-		authtypes.SigNozAdminRoleName,
-	}), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.Get), handler.OpenAPIDef{
 		ID:                  "GetRole",
 		Tags:                []string{"role"},
 		Summary:             "Get role",
@@ -64,14 +57,12 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbRead)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/roles/{id}/relations/{relation}/objects", handler.New(provider.authzMiddleware.Check(provider.authzHandler.GetObjects, authtypes.Relation{Verb: coretypes.VerbRead}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
-		authtypes.SigNozAdminRoleName,
-	}), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}/relations/{relation}/objects", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.GetObjects), handler.OpenAPIDef{
 		ID:                  "GetObjects",
 		Tags:                []string{"role"},
 		Summary:             "Get objects for a role by relation",
@@ -83,14 +74,12 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbRead)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.Check(provider.authzHandler.Patch, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
-		authtypes.SigNozAdminRoleName,
-	}), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.Patch), handler.OpenAPIDef{
 		ID:                  "PatchRole",
 		Tags:                []string{"role"},
 		Summary:             "Patch role",
@@ -102,14 +91,12 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPatch).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/roles/{id}/relations/{relation}/objects", handler.New(provider.authzMiddleware.Check(provider.authzHandler.PatchObjects, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
-		authtypes.SigNozAdminRoleName,
-	}), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}/relations/{relation}/objects", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.PatchObjects), handler.OpenAPIDef{
 		ID:                  "PatchObjects",
 		Tags:                []string{"role"},
 		Summary:             "Patch objects for a role by relation",
@@ -121,14 +108,12 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusBadRequest, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodPatch).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.Check(provider.authzHandler.Delete, authtypes.Relation{Verb: coretypes.VerbDelete}, coretypes.ResourceRole, provider.roleInstanceSelectorCallback, []string{
-		authtypes.SigNozAdminRoleName,
-	}), handler.OpenAPIDef{
+	if err := router.Handle("/api/v1/roles/{id}", handler.New(provider.authzMiddleware.AdminAccess(provider.authzHandler.Delete), handler.OpenAPIDef{
 		ID:                  "DeleteRole",
 		Tags:                []string{"role"},
 		Summary:             "Delete role",
@@ -140,33 +125,10 @@ func (provider *provider) addRoleRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound, http.StatusNotImplemented, http.StatusUnavailableForLegalReasons},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceRole.Scope(coretypes.VerbDelete)}),
+		SecuritySchemes:     newSecuritySchemes(types.RoleAdmin),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
 
 	return nil
 }
-
-func roleCollectionSelectorCallback(_ *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
-	return []coretypes.Selector{
-		coretypes.TypeRole.MustSelector(coretypes.WildCardSelectorString),
-	}, nil
-}
-
-func (provider *provider) roleInstanceSelectorCallback(req *http.Request, claims authtypes.Claims) ([]coretypes.Selector, error) {
-	roleID, err := valuer.NewUUID(mux.Vars(req)["id"])
-	if err != nil {
-		return nil, err
-	}
-
-	role, err := provider.authzService.Get(req.Context(), valuer.MustNewUUID(claims.OrgID), roleID)
-	if err != nil {
-		return nil, err
-	}
-
-	return []coretypes.Selector{
-		coretypes.TypeRole.MustSelector(role.Name),
-		coretypes.TypeRole.MustSelector(coretypes.WildCardSelectorString),
-	}, nil
-}

pkg/apiserver/signozapiserver/serviceaccount.go

@@ -17,7 +17,7 @@ import (
 )
 
 func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
-	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.Create, authtypes.Relation{Verb: coretypes.VerbCreate}, coretypes.ResourceServiceAccount, serviceAccountCollectionSelectorCallback, []string{
+	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.Create, authtypes.Relation{Verb: coretypes.VerbCreate}, coretypes.ResourceMetaResourcesServiceAccount, serviceAccountCollectionSelectorCallback, []string{
 		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "CreateServiceAccount",
@@ -31,12 +31,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbCreate)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourcesServiceAccount.Scope(coretypes.VerbCreate)}),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.List, authtypes.Relation{Verb: coretypes.VerbList}, coretypes.ResourceServiceAccount, serviceAccountCollectionSelectorCallback, []string{
+	if err := router.Handle("/api/v1/service_accounts", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.List, authtypes.Relation{Verb: coretypes.VerbList}, coretypes.ResourceMetaResourcesServiceAccount, serviceAccountCollectionSelectorCallback, []string{
 		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "ListServiceAccounts",
@@ -50,7 +50,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbList)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourcesServiceAccount.Scope(coretypes.VerbList)}),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
@@ -135,10 +135,10 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 	}
 
 	if err := router.Handle("/api/v1/service_accounts/{id}/roles/{rid}", handler.New(provider.authzMiddleware.CheckAll(provider.serviceAccountHandler.DeleteRole, []middleware.AuthZCheckGroup{
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbDetach}, Resource: coretypes.ResourceServiceAccount, SelectorCallback: serviceAccountInstanceSelectorCallback, Roles: []string{
+		{{Relation: authtypes.Relation{Verb: coretypes.VerbAttach}, Resource: coretypes.ResourceServiceAccount, SelectorCallback: serviceAccountInstanceSelectorCallback, Roles: []string{
 			authtypes.SigNozAdminRoleName,
 		}}},
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbDetach}, Resource: coretypes.ResourceRole, SelectorCallback: provider.roleDetachSelectorFromPath, Roles: []string{
+		{{Relation: authtypes.Relation{Verb: coretypes.VerbAttach}, Resource: coretypes.ResourceRole, SelectorCallback: provider.roleAttachSelectorFromPath, Roles: []string{
 			authtypes.SigNozAdminRoleName,
 		}}},
 	}), handler.OpenAPIDef{
@@ -153,7 +153,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbDetach), coretypes.ResourceRole.Scope(coretypes.VerbDetach)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbAttach), coretypes.ResourceRole.Scope(coretypes.VerbAttach)}),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -213,13 +213,8 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authzMiddleware.CheckAll(provider.serviceAccountHandler.CreateFactorAPIKey, []middleware.AuthZCheckGroup{
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbCreate}, Resource: coretypes.ResourceMetaResourceFactorAPIKey, SelectorCallback: factorAPIKeyCollectionSelectorCallback, Roles: []string{
-			authtypes.SigNozAdminRoleName,
-		}}},
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbAttach}, Resource: coretypes.ResourceServiceAccount, SelectorCallback: serviceAccountInstanceSelectorCallback, Roles: []string{
-			authtypes.SigNozAdminRoleName,
-		}}},
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.CreateFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, []string{
+		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "CreateServiceAccountKey",
 		Tags:                []string{"serviceaccount"},
@@ -232,12 +227,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusCreated,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusConflict},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourceFactorAPIKey.Scope(coretypes.VerbCreate), coretypes.ResourceServiceAccount.Scope(coretypes.VerbAttach)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
 	})).Methods(http.MethodPost).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.ListFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbList}, coretypes.ResourceMetaResourceFactorAPIKey, factorAPIKeyCollectionSelectorCallback, []string{
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.ListFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbRead}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, []string{
 		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "ListServiceAccountKeys",
@@ -251,12 +246,12 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusOK,
 		ErrorStatusCodes:    []int{},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourceFactorAPIKey.Scope(coretypes.VerbList)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbRead)}),
 	})).Methods(http.MethodGet).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.UpdateFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceMetaResourceFactorAPIKey, factorAPIKeyInstanceSelectorCallback, []string{
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.UpdateFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, []string{
 		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "UpdateServiceAccountKey",
@@ -270,18 +265,13 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusBadRequest, http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourceFactorAPIKey.Scope(coretypes.VerbUpdate)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
 	})).Methods(http.MethodPut).GetError(); err != nil {
 		return err
 	}
 
-	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authzMiddleware.CheckAll(provider.serviceAccountHandler.RevokeFactorAPIKey, []middleware.AuthZCheckGroup{
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbDelete}, Resource: coretypes.ResourceMetaResourceFactorAPIKey, SelectorCallback: factorAPIKeyInstanceSelectorCallback, Roles: []string{
-			authtypes.SigNozAdminRoleName,
-		}}},
-		{{Relation: authtypes.Relation{Verb: coretypes.VerbDetach}, Resource: coretypes.ResourceServiceAccount, SelectorCallback: serviceAccountInstanceSelectorCallback, Roles: []string{
-			authtypes.SigNozAdminRoleName,
-		}}},
+	if err := router.Handle("/api/v1/service_accounts/{id}/keys/{fid}", handler.New(provider.authzMiddleware.Check(provider.serviceAccountHandler.RevokeFactorAPIKey, authtypes.Relation{Verb: coretypes.VerbUpdate}, coretypes.ResourceServiceAccount, serviceAccountInstanceSelectorCallback, []string{
+		authtypes.SigNozAdminRoleName,
 	}), handler.OpenAPIDef{
 		ID:                  "RevokeServiceAccountKey",
 		Tags:                []string{"serviceaccount"},
@@ -294,7 +284,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 		SuccessStatusCode:   http.StatusNoContent,
 		ErrorStatusCodes:    []int{http.StatusNotFound},
 		Deprecated:          false,
-		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceMetaResourceFactorAPIKey.Scope(coretypes.VerbDelete), coretypes.ResourceServiceAccount.Scope(coretypes.VerbDetach)}),
+		SecuritySchemes:     newScopedSecuritySchemes([]string{coretypes.ResourceServiceAccount.Scope(coretypes.VerbUpdate)}),
 	})).Methods(http.MethodDelete).GetError(); err != nil {
 		return err
 	}
@@ -302,7 +292,7 @@ func (provider *provider) addServiceAccountRoutes(router *mux.Router) error {
 	return nil
 }
 
-func (provider *provider) roleDetachSelectorFromPath(req *http.Request, claims authtypes.Claims) ([]coretypes.Selector, error) {
+func (provider *provider) roleAttachSelectorFromPath(req *http.Request, claims authtypes.Claims) ([]coretypes.Selector, error) {
 	roleID, err := valuer.NewUUID(mux.Vars(req)["rid"])
 	if err != nil {
 		return nil, err
@@ -343,28 +333,9 @@ func (provider *provider) roleAttachSelectorFromBody(req *http.Request, claims a
 	}, nil
 }
 
-func factorAPIKeyCollectionSelectorCallback(_ *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
-	return []coretypes.Selector{
-		coretypes.TypeMetaResource.MustSelector(coretypes.WildCardSelectorString),
-	}, nil
-}
-
-func factorAPIKeyInstanceSelectorCallback(req *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
-	fid := mux.Vars(req)["fid"]
-	fidSelector, err := coretypes.TypeMetaResource.Selector(fid)
-	if err != nil {
-		return nil, err
-	}
-
-	return []coretypes.Selector{
-		fidSelector,
-		coretypes.TypeMetaResource.MustSelector(coretypes.WildCardSelectorString),
-	}, nil
-}
-
 func serviceAccountCollectionSelectorCallback(_ *http.Request, _ authtypes.Claims) ([]coretypes.Selector, error) {
 	return []coretypes.Selector{
-		coretypes.TypeServiceAccount.MustSelector(coretypes.WildCardSelectorString),
+		coretypes.TypeMetaResources.MustSelector(coretypes.WildCardSelectorString),
 	}, nil
 }
 

pkg/authz/signozauthzapi/handler.go

@@ -169,7 +169,7 @@ func (handler *handler) Patch(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	render.Success(rw, http.StatusNoContent, nil)
+	render.Success(rw, http.StatusAccepted, nil)
 }
 
 func (handler *handler) PatchObjects(rw http.ResponseWriter, r *http.Request) {

pkg/modules/dashboard/dashboard.go

@@ -49,6 +49,30 @@ type Module interface {
 	GetByMetricNames(ctx context.Context, orgID valuer.UUID, metricNames []string) (map[string][]map[string]string, error)
 
 	statsreporter.StatsCollector
+
+	// ════════════════════════════════════════════════════════════════════════
+	// v2 dashboard methods
+	// ════════════════════════════════════════════════════════════════════════
+
+	CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error)
+
+	ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *dashboardtypes.ListDashboardsV2Params) (*dashboardtypes.ListableDashboardV2, error)
+
+	UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error)
+
+	LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error
+
+	CreatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, postable dashboardtypes.PostablePublicDashboard) (*dashboardtypes.DashboardV2, error)
+
+	UpdatePublicV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatable dashboardtypes.UpdatablePublicDashboard) (*dashboardtypes.DashboardV2, error)
+
+	PinV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, id valuer.UUID) error
+
+	UnpinV2(ctx context.Context, userID valuer.UUID, id valuer.UUID) error
 }
 
 type Handler interface {
@@ -71,4 +95,29 @@ type Handler interface {
 	LockUnlock(http.ResponseWriter, *http.Request)
 
 	Delete(http.ResponseWriter, *http.Request)
+
+	// ════════════════════════════════════════════════════════════════════════
+	// v2 dashboard methods
+	// ════════════════════════════════════════════════════════════════════════
+	CreateV2(http.ResponseWriter, *http.Request)
+
+	GetV2(http.ResponseWriter, *http.Request)
+
+	ListV2(http.ResponseWriter, *http.Request)
+
+	UpdateV2(http.ResponseWriter, *http.Request)
+
+	PatchV2(http.ResponseWriter, *http.Request)
+
+	LockV2(http.ResponseWriter, *http.Request)
+
+	UnlockV2(http.ResponseWriter, *http.Request)
+
+	CreatePublicV2(http.ResponseWriter, *http.Request)
+
+	UpdatePublicV2(http.ResponseWriter, *http.Request)
+
+	PinV2(http.ResponseWriter, *http.Request)
+
+	UnpinV2(http.ResponseWriter, *http.Request)
 }

pkg/modules/dashboard/impldashboard/module.go

@@ -10,7 +10,9 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/queryparser"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/coretypes"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
@@ -20,20 +22,24 @@ import (
 
 type module struct {
 	store       dashboardtypes.Store
+	sqlstore    sqlstore.SQLStore
 	settings    factory.ScopedProviderSettings
 	analytics   analytics.Analytics
 	orgGetter   organization.Getter
 	queryParser queryparser.QueryParser
+	tagModule   tag.Module
 }
 
-func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser) dashboard.Module {
+func NewModule(store dashboardtypes.Store, sqlstore sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, tagModule tag.Module) dashboard.Module {
 	scopedProviderSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard")
 	return &module{
 		store:       store,
+		sqlstore:    sqlstore,
 		settings:    scopedProviderSettings,
 		analytics:   analytics,
 		orgGetter:   orgGetter,
 		queryParser: queryParser,
+		tagModule:   tagModule,
 	}
 }
 

pkg/modules/dashboard/impldashboard/store.go

@@ -2,10 +2,14 @@ package impldashboard
 
 import (
 	"context"
+	"strings"
+	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes/listfilter"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/uptrace/bun"
 )
@@ -63,6 +67,201 @@ func (store *store) Get(ctx context.Context, orgID valuer.UUID, id valuer.UUID)
 	return storableDashboard, nil
 }
 
+func (store *store) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.StorableDashboard, *dashboardtypes.StorablePublicDashboard, error) {
+	type joinedRow struct {
+		*dashboardtypes.StorableDashboard `bun:",extend"`
+
+		PublicID               *valuer.UUID `bun:"public_id"`
+		PublicCreatedAt        *time.Time   `bun:"public_created_at"`
+		PublicUpdatedAt        *time.Time   `bun:"public_updated_at"`
+		PublicTimeRangeEnabled *bool        `bun:"public_time_range_enabled"`
+		PublicDefaultTimeRange *string      `bun:"public_default_time_range"`
+	}
+
+	row := &joinedRow{StorableDashboard: new(dashboardtypes.StorableDashboard)}
+	err := store.
+		sqlstore.
+		BunDB().
+		NewSelect().
+		Model(row).
+		ColumnExpr("dashboard.id, dashboard.org_id, dashboard.data, dashboard.locked, dashboard.created_at, dashboard.created_by, dashboard.updated_at, dashboard.updated_by").
+		ColumnExpr("pd.id AS public_id, pd.created_at AS public_created_at, pd.updated_at AS public_updated_at, pd.time_range_enabled AS public_time_range_enabled, pd.default_time_range AS public_default_time_range").
+		Join("LEFT JOIN public_dashboard AS pd ON pd.dashboard_id = dashboard.id").
+		Where("dashboard.id = ?", id).
+		Where("dashboard.org_id = ?", orgID).
+		Scan(ctx)
+	if err != nil {
+		return nil, nil, store.sqlstore.WrapNotFoundErrf(err, dashboardtypes.ErrCodeDashboardNotFound, "dashboard with id %s doesn't exist", id)
+	}
+
+	if row.PublicID == nil {
+		return row.StorableDashboard, nil, nil
+	}
+	public := &dashboardtypes.StorablePublicDashboard{
+		Identifiable:     types.Identifiable{ID: *row.PublicID},
+		TimeAuditable:    types.TimeAuditable{CreatedAt: *row.PublicCreatedAt, UpdatedAt: *row.PublicUpdatedAt},
+		TimeRangeEnabled: *row.PublicTimeRangeEnabled,
+		DefaultTimeRange: *row.PublicDefaultTimeRange,
+		DashboardID:      row.ID.StringValue(),
+	}
+	return row.StorableDashboard, public, nil
+}
+
+// ListV2 emits the joined dashboard ⨝ pinned_dashboard ⨝ public_dashboard
+// query the spec calls for. Aliases:
+//
+//	dashboard         — the visitor expects this
+//	pinned_dashboard  AS pin  — only used inside this query
+//	public_dashboard  AS pd   — the visitor expects this
+//
+// Sort is "is_pinned DESC, <sort> <order>" so pinned dashboards float to the
+// top inside the requested ordering. Title-sort goes through the same
+// JSONExtractString path the visitor uses for name/description filtering.
+func (store *store) ListV2(
+	ctx context.Context,
+	orgID valuer.UUID,
+	userID valuer.UUID,
+	params *dashboardtypes.ListDashboardsV2Params,
+) ([]*dashboardtypes.DashboardListRow, bool, error) {
+	compiled, err := listfilter.Compile(params.Query, store.sqlstore.Formatter())
+	if err != nil {
+		return nil, false, err
+	}
+	type listedRow struct {
+		*dashboardtypes.StorableDashboard `bun:",extend"`
+
+		IsPinned bool `bun:"is_pinned"`
+
+		PublicID               *valuer.UUID `bun:"public_id"`
+		PublicCreatedAt        *time.Time   `bun:"public_created_at"`
+		PublicUpdatedAt        *time.Time   `bun:"public_updated_at"`
+		PublicTimeRangeEnabled *bool        `bun:"public_time_range_enabled"`
+		PublicDefaultTimeRange *string      `bun:"public_default_time_range"`
+	}
+
+	rows := make([]*listedRow, 0)
+
+	q := store.sqlstore.
+		BunDB().
+		NewSelect().
+		Model(&rows).
+		ColumnExpr("dashboard.id, dashboard.org_id, dashboard.data, dashboard.locked, dashboard.created_at, dashboard.created_by, dashboard.updated_at, dashboard.updated_by").
+		ColumnExpr("CASE WHEN pin.user_id IS NOT NULL THEN 1 ELSE 0 END AS is_pinned").
+		ColumnExpr("pd.id AS public_id, pd.created_at AS public_created_at, pd.updated_at AS public_updated_at, pd.time_range_enabled AS public_time_range_enabled, pd.default_time_range AS public_default_time_range").
+		Join("LEFT JOIN pinned_dashboard AS pin ON pin.user_id = ? AND pin.dashboard_id = dashboard.id", userID).
+		Join("LEFT JOIN public_dashboard AS pd ON pd.dashboard_id = dashboard.id").
+		Where("dashboard.org_id = ?", orgID)
+
+	if compiled != nil {
+		q = q.Where(compiled.SQL, compiled.Args...)
+	}
+
+	sortExpr, err := store.sortExprForListV2(params.Sort)
+	if err != nil {
+		return nil, false, err
+	}
+	q = q.
+		OrderExpr("is_pinned DESC").
+		OrderExpr(sortExpr + " " + strings.ToUpper(string(params.Order))).
+		Limit(params.Limit + 1).
+		Offset(params.Offset)
+
+	if err := q.Scan(ctx); err != nil {
+		return nil, false, err
+	}
+
+	hasMore := len(rows) > params.Limit
+	if hasMore {
+		rows = rows[:params.Limit]
+	}
+
+	out := make([]*dashboardtypes.DashboardListRow, len(rows))
+	for i, r := range rows {
+		row := &dashboardtypes.DashboardListRow{
+			Dashboard: r.StorableDashboard,
+			Pinned:    r.IsPinned,
+		}
+		if r.PublicID != nil {
+			row.Public = &dashboardtypes.StorablePublicDashboard{
+				Identifiable:     types.Identifiable{ID: *r.PublicID},
+				TimeAuditable:    types.TimeAuditable{CreatedAt: *r.PublicCreatedAt, UpdatedAt: *r.PublicUpdatedAt},
+				TimeRangeEnabled: *r.PublicTimeRangeEnabled,
+				DefaultTimeRange: *r.PublicDefaultTimeRange,
+				DashboardID:      r.ID.StringValue(),
+			}
+		}
+		out[i] = row
+	}
+	return out, hasMore, nil
+}
+
+// sortExprForListV2 maps a sort enum to the SQL expression to plug into
+// ORDER BY. Title-sort routes through the SQLFormatter so it stays
+// dialect-aware (matches what listfilter/visitor does for the name filter).
+func (store *store) sortExprForListV2(sort dashboardtypes.ListSort) (string, error) {
+	switch sort {
+	case dashboardtypes.ListSortUpdatedAt:
+		return "dashboard.updated_at", nil
+	case dashboardtypes.ListSortCreatedAt:
+		return "dashboard.created_at", nil
+	case dashboardtypes.ListSortName:
+		return string(store.sqlstore.Formatter().JSONExtractString("dashboard.data", "$.data.display.name")), nil
+	}
+	return "", errors.Newf(errors.TypeInvalidInput, dashboardtypes.ErrCodeDashboardListInvalid,
+		"unsupported sort field %q", sort)
+}
+
+func (store *store) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, data dashboardtypes.StorableDashboardData) error {
+	res, err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewUpdate().
+		Model((*dashboardtypes.StorableDashboard)(nil)).
+		Set("data = ?", data).
+		Set("updated_by = ?", updatedBy).
+		Set("updated_at = ?", time.Now()).
+		Where("id = ?", id).
+		Where("org_id = ?", orgID).
+		Exec(ctx)
+	if err != nil {
+		return err
+	}
+	rows, err := res.RowsAffected()
+	if err != nil {
+		return err
+	}
+	// Defends against the race where a delete lands between the caller's
+	// pre-update GetV2 and this update.
+	if rows == 0 {
+		return errors.Newf(errors.TypeNotFound, dashboardtypes.ErrCodeDashboardNotFound, "dashboard with id %s doesn't exist", id)
+	}
+	return nil
+}
+
+func (store *store) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, locked bool, updatedBy string) error {
+	res, err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewUpdate().
+		Model((*dashboardtypes.StorableDashboard)(nil)).
+		Set("locked = ?", locked).
+		Set("updated_by = ?", updatedBy).
+		Set("updated_at = ?", time.Now()).
+		Where("id = ?", id).
+		Exec(ctx)
+	if err != nil {
+		return err
+	}
+	rows, err := res.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if rows == 0 {
+		return errors.Newf(errors.TypeNotFound, dashboardtypes.ErrCodeDashboardNotFound, "dashboard with id %s doesn't exist", id)
+	}
+	return nil
+}
+
 func (store *store) GetPublic(ctx context.Context, dashboardID string) (*dashboardtypes.StorablePublicDashboard, error) {
 	storable := new(dashboardtypes.StorablePublicDashboard)
 	err := store.
@@ -217,3 +416,51 @@ func (store *store) RunInTx(ctx context.Context, cb func(ctx context.Context) er
 		return cb(ctx)
 	})
 }
+
+// PinForUser combines the count check, the existence check, and the upsert in
+// a single statement so the limit gate and the insert can't drift between two
+// round-trips.
+//
+//	pin exists? | count < 10? | WHERE passes?           | effect                            | rows
+//	------------|-------------|-------------------------|-----------------------------------|-----
+//	no          | yes         | yes (count branch)      | INSERT new row                    | 1
+//	no          | no          | no                      | nothing (limit hit)               | 0
+//	yes         | yes         | yes (count branch)      | INSERT → conflict → no-op UPDATE  | 1
+//	yes         | no          | yes (EXISTS OR branch)  | INSERT → conflict → no-op UPDATE  | 1
+//
+// rows = 0 is the only signal of a real limit hit.
+func (store *store) PinForUser(ctx context.Context, pd *dashboardtypes.PinnedDashboard) error {
+	res, err := store.sqlstore.BunDBCtx(ctx).NewRaw(`
+		INSERT INTO pinned_dashboard (user_id, dashboard_id, org_id, pinned_at)
+		SELECT ?, ?, ?, ?
+		WHERE (SELECT COUNT(*) FROM pinned_dashboard WHERE user_id = ?) < ?
+		   OR EXISTS (SELECT 1 FROM pinned_dashboard WHERE user_id = ? AND dashboard_id = ?)
+		ON CONFLICT (user_id, dashboard_id) DO UPDATE SET user_id = EXCLUDED.user_id
+	`,
+		pd.UserID, pd.DashboardID, pd.OrgID, pd.PinnedAt,
+		pd.UserID, dashboardtypes.MaxPinnedDashboardsPerUser,
+		pd.UserID, pd.DashboardID,
+	).Exec(ctx)
+	if err != nil {
+		return err
+	}
+	rows, err := res.RowsAffected()
+	if err != nil {
+		return err
+	}
+	if rows == 0 {
+		return errors.Newf(errors.TypeAlreadyExists, dashboardtypes.ErrCodePinnedDashboardLimitHit,
+			"cannot pin more than %d dashboards", dashboardtypes.MaxPinnedDashboardsPerUser)
+	}
+	return nil
+}
+
+func (store *store) UnpinForUser(ctx context.Context, userID valuer.UUID, dashboardID valuer.UUID) error {
+	_, err := store.sqlstore.BunDBCtx(ctx).
+		NewDelete().
+		Model((*dashboardtypes.PinnedDashboard)(nil)).
+		Where("user_id = ?", userID).
+		Where("dashboard_id = ?", dashboardID).
+		Exec(ctx)
+	return err
+}

pkg/modules/dashboard/impldashboard/v2_handler.go

@@ -0,0 +1,407 @@
+package impldashboard
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/binding"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/gorilla/mux"
+)
+
+func (handler *handler) CreateV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.PostableDashboardV2{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.CreateV2(ctx, orgID, claims.Email, valuer.MustNewUUID(claims.IdentityID()), req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusCreated, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) ListV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	userID, err := valuer.NewUUID(claims.IdentityID())
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	params := new(dashboardtypes.ListDashboardsV2Params)
+	if err := binding.Query.BindQuery(r.URL.Query(), params); err != nil {
+		render.Error(rw, err)
+		return
+	}
+	if err := params.Validate(); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	out, err := handler.module.ListV2(ctx, orgID, userID, params)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, out)
+}
+
+func (handler *handler) GetV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.GetV2(ctx, orgID, dashboardID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) LockV2(rw http.ResponseWriter, r *http.Request) {
+	handler.lockUnlockV2(rw, r, true)
+}
+
+func (handler *handler) UnlockV2(rw http.ResponseWriter, r *http.Request) {
+	handler.lockUnlockV2(rw, r, false)
+}
+
+func (handler *handler) lockUnlockV2(rw http.ResponseWriter, r *http.Request, lock bool) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	isAdmin := false
+	selectors := []coretypes.Selector{
+		coretypes.TypeRole.MustSelector(authtypes.SigNozAdminRoleName),
+	}
+	err = handler.authz.CheckWithTupleCreation(
+		ctx,
+		claims,
+		valuer.MustNewUUID(claims.OrgID),
+		authtypes.Relation{Verb: coretypes.VerbAssignee},
+		coretypes.NewResourceRole(),
+		selectors,
+		selectors,
+	)
+	if err == nil {
+		isAdmin = true
+	}
+
+	if err := handler.module.LockUnlockV2(ctx, orgID, dashboardID, claims.Email, isAdmin, lock); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}
+
+func (handler *handler) UpdateV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.UpdateableDashboardV2{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.UpdateV2(ctx, orgID, dashboardID, claims.Email, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) PatchV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.PatchableDashboardV2{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.PatchV2(ctx, orgID, dashboardID, claims.Email, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) CreatePublicV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.PostablePublicDashboard{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.CreatePublicV2(ctx, orgID, dashboardID, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}
+
+func (handler *handler) PinV2(rw http.ResponseWriter, r *http.Request) {
+	handler.pinUnpinV2(rw, r, true)
+}
+
+func (handler *handler) UnpinV2(rw http.ResponseWriter, r *http.Request) {
+	handler.pinUnpinV2(rw, r, false)
+}
+
+func (handler *handler) pinUnpinV2(rw http.ResponseWriter, r *http.Request, pin bool) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	userID, err := valuer.NewUUID(claims.IdentityID())
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	if pin {
+		err = handler.module.PinV2(ctx, orgID, userID, dashboardID)
+	} else {
+		err = handler.module.UnpinV2(ctx, userID, dashboardID)
+	}
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusNoContent, nil)
+}
+
+func (handler *handler) UpdatePublicV2(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	orgID, err := valuer.NewUUID(claims.OrgID)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	id := mux.Vars(r)["id"]
+	if id == "" {
+		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is missing in the path"))
+		return
+	}
+	dashboardID, err := valuer.NewUUID(id)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	req := dashboardtypes.UpdatablePublicDashboard{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	dashboard, err := handler.module.UpdatePublicV2(ctx, orgID, dashboardID, req)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, dashboardtypes.NewGettableDashboardV2FromDashboardV2(dashboard))
+}

pkg/modules/dashboard/impldashboard/v2_module.go

@@ -0,0 +1,192 @@
+package impldashboard
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+func (module *module) CreateV2(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postable dashboardtypes.PostableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	if err := postable.Validate(); err != nil {
+		return nil, err
+	}
+
+	dashboard := dashboardtypes.NewDashboardV2(orgID, createdBy, postable, nil)
+	var storableDashboard *dashboardtypes.StorableDashboard
+
+	err := module.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
+		resolvedTags, err := module.tagModule.SyncTags(ctx, orgID, coretypes.KindDashboard, dashboard.ID, postable.Tags)
+		if err != nil {
+			return err
+		}
+		dashboard.Info.Tags = resolvedTags
+
+		storable, err := dashboard.ToStorableDashboard()
+		if err != nil {
+			return err
+		}
+		storableDashboard = storable
+		return module.store.Create(ctx, storable)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	module.analytics.TrackUser(ctx, orgID.String(), creator.String(), "Dashboard Created", dashboardtypes.NewStatsFromStorableDashboards([]*dashboardtypes.StorableDashboard{storableDashboard}))
+	return dashboard, nil
+}
+
+// ListV2 calls the store for the joined page (the store owns DSL compilation
+// and limit+1/hasMore detection), batch-fetches tags for the returned
+// dashboard ids, and hands off to the type-side constructor for assembly.
+func (module *module) ListV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, params *dashboardtypes.ListDashboardsV2Params) (*dashboardtypes.ListableDashboardV2, error) {
+	rows, hasMore, err := module.store.ListV2(ctx, orgID, userID, params)
+	if err != nil {
+		return nil, err
+	}
+
+	dashboardIDs := make([]valuer.UUID, len(rows))
+	for i, r := range rows {
+		dashboardIDs[i] = r.Dashboard.ID
+	}
+	tagsByDashboard, err := module.tagModule.ListForResources(ctx, orgID, coretypes.KindDashboard, dashboardIDs)
+	if err != nil {
+		return nil, err
+	}
+
+	return dashboardtypes.NewListableDashboardV2(rows, tagsByDashboard, hasMore)
+}
+
+func (module *module) GetV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*dashboardtypes.DashboardV2, error) {
+	storable, public, err := module.store.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+
+	tags, err := module.tagModule.ListForResource(ctx, orgID, coretypes.KindDashboard, id)
+	if err != nil {
+		return nil, err
+	}
+
+	return dashboardtypes.NewDashboardV2FromStorable(storable, public, tags)
+}
+
+func (module *module) UpdateV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updateable dashboardtypes.UpdateableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	if err := updateable.Validate(); err != nil {
+		return nil, err
+	}
+
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	// Locked-dashboard / state gate — independent of tags, so run it before the tx.
+	if err := existing.CanUpdate(); err != nil {
+		return nil, err
+	}
+
+	err = module.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
+		resolvedTags, err := module.tagModule.SyncTags(ctx, orgID, coretypes.KindDashboard, id, updateable.Tags)
+		if err != nil {
+			return err
+		}
+
+		err = existing.Update(updateable, updatedBy, resolvedTags)
+		if err != nil {
+			return err
+		}
+
+		storable, err := existing.ToStorableDashboard()
+		if err != nil {
+			return err
+		}
+
+		return module.store.UpdateV2(ctx, orgID, id, updatedBy, storable.Data)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return existing, nil
+}
+
+func (module *module) PatchV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, patch dashboardtypes.PatchableDashboardV2) (*dashboardtypes.DashboardV2, error) {
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return nil, err
+	}
+	// Locked-dashboard / state gate — independent of tags, so run it before the tx.
+	if err := existing.CanUpdate(); err != nil {
+		return nil, err
+	}
+
+	updateable, err := patch.Apply(existing)
+	if err != nil {
+		return nil, err
+	}
+
+	err = module.sqlstore.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
+		resolvedTags, err := module.tagModule.SyncTags(ctx, orgID, coretypes.KindDashboard, id, updateable.Tags)
+		if err != nil {
+			return err
+		}
+
+		err = existing.Update(*updateable, updatedBy, resolvedTags)
+		if err != nil {
+			return err
+		}
+
+		storable, err := existing.ToStorableDashboard()
+		if err != nil {
+			return err
+		}
+
+		return module.store.UpdateV2(ctx, orgID, id, updatedBy, storable.Data)
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return existing, nil
+}
+
+// CreatePublicV2 is not supported in the community build.
+func (module *module) CreatePublicV2(_ context.Context, _ valuer.UUID, _ valuer.UUID, _ dashboardtypes.PostablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	return nil, errors.Newf(errors.TypeUnsupported, dashboardtypes.ErrCodePublicDashboardUnsupported, "not implemented")
+}
+
+// UpdatePublicV2 is not supported in the community build.
+func (module *module) UpdatePublicV2(_ context.Context, _ valuer.UUID, _ valuer.UUID, _ dashboardtypes.UpdatablePublicDashboard) (*dashboardtypes.DashboardV2, error) {
+	return nil, errors.Newf(errors.TypeUnsupported, dashboardtypes.ErrCodePublicDashboardUnsupported, "not implemented")
+}
+
+func (module *module) LockUnlockV2(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, isAdmin bool, lock bool) error {
+	existing, err := module.GetV2(ctx, orgID, id)
+	if err != nil {
+		return err
+	}
+	if err := existing.LockUnlock(lock, isAdmin, updatedBy); err != nil {
+		return err
+	}
+	return module.store.LockUnlockV2(ctx, orgID, id, lock, updatedBy)
+}
+
+func (module *module) PinV2(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, id valuer.UUID) error {
+	if _, err := module.GetV2(ctx, orgID, id); err != nil {
+		return err
+	}
+	return module.store.PinForUser(ctx, &dashboardtypes.PinnedDashboard{
+		UserID:      userID,
+		DashboardID: id,
+		OrgID:       orgID,
+		PinnedAt:    time.Now(),
+	})
+}
+
+func (module *module) UnpinV2(ctx context.Context, userID valuer.UUID, id valuer.UUID) error {
+	return module.store.UnpinForUser(ctx, userID, id)
+}

pkg/modules/inframonitoring/implinframonitoring/handler.go

@@ -189,51 +189,3 @@ func (h *handler) ListDeployments(rw http.ResponseWriter, req *http.Request) {
 
 	render.Success(rw, http.StatusOK, result)
 }
-
-func (h *handler) ListStatefulSets(rw http.ResponseWriter, req *http.Request) {
-	claims, err := authtypes.ClaimsFromContext(req.Context())
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID := valuer.MustNewUUID(claims.OrgID)
-
-	var parsedReq inframonitoringtypes.PostableStatefulSets
-	if err := binding.JSON.BindBody(req.Body, &parsedReq); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	result, err := h.module.ListStatefulSets(req.Context(), orgID, &parsedReq)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusOK, result)
-}
-
-func (h *handler) ListJobs(rw http.ResponseWriter, req *http.Request) {
-	claims, err := authtypes.ClaimsFromContext(req.Context())
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID := valuer.MustNewUUID(claims.OrgID)
-
-	var parsedReq inframonitoringtypes.PostableJobs
-	if err := binding.JSON.BindBody(req.Body, &parsedReq); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	result, err := h.module.ListJobs(req.Context(), orgID, &parsedReq)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusOK, result)
-}

pkg/modules/inframonitoring/implinframonitoring/jobs.go

@@ -1,156 +0,0 @@
-package implinframonitoring
-
-import (
-	"context"
-	"slices"
-
-	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
-	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-// buildJobRecords assembles the page records. Pod phase counts come from
-// phaseCounts in both modes; every row is a group of pods (one job in
-// list mode, an arbitrary roll-up in grouped_list mode), so there's no
-// per-row "current phase" concept.
-func buildJobRecords(
-	resp *qbtypes.QueryRangeResponse,
-	pageGroups []map[string]string,
-	groupBy []qbtypes.GroupByKey,
-	metadataMap map[string]map[string]string,
-	phaseCounts map[string]podPhaseCounts,
-) []inframonitoringtypes.JobRecord {
-	metricsMap := parseFullQueryResponse(resp, groupBy)
-
-	records := make([]inframonitoringtypes.JobRecord, 0, len(pageGroups))
-	for _, labels := range pageGroups {
-		compositeKey := compositeKeyFromLabels(labels, groupBy)
-		jobName := labels[jobNameAttrKey]
-
-		record := inframonitoringtypes.JobRecord{ // initialize with default values
-			JobName:               jobName,
-			JobCPU:                -1,
-			JobCPURequest:         -1,
-			JobCPULimit:           -1,
-			JobMemory:             -1,
-			JobMemoryRequest:      -1,
-			JobMemoryLimit:        -1,
-			DesiredSuccessfulPods: -1,
-			ActivePods:            -1,
-			FailedPods:            -1,
-			SuccessfulPods:        -1,
-			Meta:                  map[string]string{},
-		}
-
-		if metrics, ok := metricsMap[compositeKey]; ok {
-			if v, exists := metrics["A"]; exists {
-				record.JobCPU = v
-			}
-			if v, exists := metrics["B"]; exists {
-				record.JobCPURequest = v
-			}
-			if v, exists := metrics["C"]; exists {
-				record.JobCPULimit = v
-			}
-			if v, exists := metrics["D"]; exists {
-				record.JobMemory = v
-			}
-			if v, exists := metrics["E"]; exists {
-				record.JobMemoryRequest = v
-			}
-			if v, exists := metrics["F"]; exists {
-				record.JobMemoryLimit = v
-			}
-			if v, exists := metrics["H"]; exists {
-				record.DesiredSuccessfulPods = int(v)
-			}
-			if v, exists := metrics["I"]; exists {
-				record.ActivePods = int(v)
-			}
-			if v, exists := metrics["J"]; exists {
-				record.FailedPods = int(v)
-			}
-			if v, exists := metrics["K"]; exists {
-				record.SuccessfulPods = int(v)
-			}
-		}
-
-		if phaseCountsForGroup, ok := phaseCounts[compositeKey]; ok {
-			record.PodCountsByPhase = inframonitoringtypes.PodCountsByPhase{
-				Pending:   phaseCountsForGroup.Pending,
-				Running:   phaseCountsForGroup.Running,
-				Succeeded: phaseCountsForGroup.Succeeded,
-				Failed:    phaseCountsForGroup.Failed,
-				Unknown:   phaseCountsForGroup.Unknown,
-			}
-		}
-
-		if attrs, ok := metadataMap[compositeKey]; ok {
-			for k, v := range attrs {
-				record.Meta[k] = v
-			}
-		}
-
-		records = append(records, record)
-	}
-	return records
-}
-
-func (m *module) getTopJobGroups(
-	ctx context.Context,
-	orgID valuer.UUID,
-	req *inframonitoringtypes.PostableJobs,
-	metadataMap map[string]map[string]string,
-) ([]map[string]string, error) {
-	orderByKey := req.OrderBy.Key.Name
-	queryNamesForOrderBy := orderByToJobsQueryNames[orderByKey]
-	rankingQueryName := queryNamesForOrderBy[len(queryNamesForOrderBy)-1]
-
-	topReq := &qbtypes.QueryRangeRequest{
-		Start:       uint64(req.Start),
-		End:         uint64(req.End),
-		RequestType: qbtypes.RequestTypeScalar,
-		CompositeQuery: qbtypes.CompositeQuery{
-			Queries: make([]qbtypes.QueryEnvelope, 0, len(queryNamesForOrderBy)),
-		},
-	}
-
-	for _, envelope := range m.newJobsTableListQuery().CompositeQuery.Queries {
-		if !slices.Contains(queryNamesForOrderBy, envelope.GetQueryName()) {
-			continue
-		}
-		copied := envelope
-		if copied.Type == qbtypes.QueryTypeBuilder {
-			existingExpr := ""
-			if f := copied.GetFilter(); f != nil {
-				existingExpr = f.Expression
-			}
-			reqFilterExpr := ""
-			if req.Filter != nil {
-				reqFilterExpr = req.Filter.Expression
-			}
-			merged := mergeFilterExpressions(existingExpr, reqFilterExpr)
-			copied.SetFilter(&qbtypes.Filter{Expression: merged})
-			copied.SetGroupBy(req.GroupBy)
-		}
-		topReq.CompositeQuery.Queries = append(topReq.CompositeQuery.Queries, copied)
-	}
-
-	resp, err := m.querier.QueryRange(ctx, orgID, topReq)
-	if err != nil {
-		return nil, err
-	}
-
-	allMetricGroups := parseAndSortGroups(resp, rankingQueryName, req.GroupBy, req.OrderBy.Direction)
-	return paginateWithBackfill(allMetricGroups, metadataMap, req.GroupBy, req.Offset, req.Limit), nil
-}
-
-func (m *module) getJobsTableMetadata(ctx context.Context, req *inframonitoringtypes.PostableJobs) (map[string]map[string]string, error) {
-	var nonGroupByAttrs []string
-	for _, key := range jobAttrKeysForMetadata {
-		if !isKeyInGroupByAttrs(req.GroupBy, key) {
-			nonGroupByAttrs = append(nonGroupByAttrs, key)
-		}
-	}
-	return m.getMetadata(ctx, jobsTableMetricNamesList, req.GroupBy, nonGroupByAttrs, req.Filter, req.Start, req.End)
-}

pkg/modules/inframonitoring/implinframonitoring/jobs_constants.go

@@ -1,278 +0,0 @@
-package implinframonitoring
-
-import (
-	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
-	"github.com/SigNoz/signoz/pkg/types/metrictypes"
-	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
-)
-
-const (
-	jobNameAttrKey     = "k8s.job.name"
-	jobsBaseFilterExpr = "k8s.job.name != ''"
-)
-
-var jobNameGroupByKey = qbtypes.GroupByKey{
-	TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-		Name:          jobNameAttrKey,
-		FieldContext:  telemetrytypes.FieldContextResource,
-		FieldDataType: telemetrytypes.FieldDataTypeString,
-	},
-}
-
-// jobsTableMetricNamesList drives the existence/retention check.
-// Includes k8s.pod.phase even though phase isn't part of the QB composite query —
-// it is queried separately via getPerGroupPodPhaseCounts, and we want the
-// response to short-circuit cleanly when the phase metric is absent.
-var jobsTableMetricNamesList = []string{
-	"k8s.pod.phase",
-	"k8s.pod.cpu.usage",
-	"k8s.pod.cpu_request_utilization",
-	"k8s.pod.cpu_limit_utilization",
-	"k8s.pod.memory.working_set",
-	"k8s.pod.memory_request_utilization",
-	"k8s.pod.memory_limit_utilization",
-	"k8s.job.active_pods",
-	"k8s.job.failed_pods",
-	"k8s.job.successful_pods",
-	"k8s.job.desired_successful_pods",
-}
-
-// Carried forward from v1 jobAttrsToEnrich
-// (pkg/query-service/app/inframetrics/jobs.go:31-35).
-var jobAttrKeysForMetadata = []string{
-	"k8s.job.name",
-	"k8s.namespace.name",
-	"k8s.cluster.name",
-}
-
-// orderByToJobsQueryNames maps the orderBy column to the query name
-// used for ranking job groups. v2 B/C/E/F are direct metrics, no
-// formula deps — so unlike v1 we don't carry A/D.
-var orderByToJobsQueryNames = map[string][]string{
-	inframonitoringtypes.JobsOrderByCPU:                   {"A"},
-	inframonitoringtypes.JobsOrderByCPURequest:            {"B"},
-	inframonitoringtypes.JobsOrderByCPULimit:              {"C"},
-	inframonitoringtypes.JobsOrderByMemory:                {"D"},
-	inframonitoringtypes.JobsOrderByMemoryRequest:         {"E"},
-	inframonitoringtypes.JobsOrderByMemoryLimit:           {"F"},
-	inframonitoringtypes.JobsOrderByDesiredSuccessfulPods: {"H"},
-	inframonitoringtypes.JobsOrderByActivePods:            {"I"},
-	inframonitoringtypes.JobsOrderByFailedPods:            {"J"},
-	inframonitoringtypes.JobsOrderBySuccessfulPods:        {"K"},
-}
-
-// newJobsTableListQuery builds the composite QB v5 request for the jobs list.
-// Ten builder queries: A..F roll up pod-level metrics by job, H/I/J/K take the
-// latest job-level desired/active/failed/successful counts. Restarts (v1 query G)
-// is intentionally omitted to match the v2 pods/deployments pattern.
-//
-// Every builder query carries the base filter `jobsBaseFilterExpr`. Reason:
-// pod-level metrics (A..F) are emitted for every pod regardless of whether the
-// pod belongs to a Job; only Job-owned pods carry the `k8s.job.name` resource
-// attribute. Without this filter, standalone pods and pods owned by other
-// workloads (Deployment/StatefulSet/DaemonSet/...) collapse into a single
-// empty-string group under the default groupBy.
-func (m *module) newJobsTableListQuery() *qbtypes.QueryRangeRequest {
-	queries := []qbtypes.QueryEnvelope{
-		// Query A: k8s.pod.cpu.usage — sum of pod CPU within the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "A",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.cpu.usage",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query B: k8s.pod.cpu_request_utilization — avg across pods in the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "B",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.cpu_request_utilization",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationAvg,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query C: k8s.pod.cpu_limit_utilization — avg across pods in the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "C",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.cpu_limit_utilization",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationAvg,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query D: k8s.pod.memory.working_set — sum of pod memory within the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "D",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.memory.working_set",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query E: k8s.pod.memory_request_utilization — avg across pods in the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "E",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.memory_request_utilization",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationAvg,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query F: k8s.pod.memory_limit_utilization — avg across pods in the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "F",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.memory_limit_utilization",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationAvg,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query H: k8s.job.desired_successful_pods — latest known desired completion count per group.
-		// v1 used TimeAggregationAnyLast (v3) → mapped to TimeAggregationLatest in v5;
-		// SpaceAggregationSum + ReduceToLast preserve v1's "latest, summed across the group".
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "H",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.job.desired_successful_pods",
-						TimeAggregation:  metrictypes.TimeAggregationLatest,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToLast,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query I: k8s.job.active_pods — latest known active pod count per group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "I",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.job.active_pods",
-						TimeAggregation:  metrictypes.TimeAggregationLatest,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToLast,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query J: k8s.job.failed_pods — cumulative failed pod count per group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "J",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.job.failed_pods",
-						TimeAggregation:  metrictypes.TimeAggregationLatest,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToLast,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query K: k8s.job.successful_pods — cumulative successful pod count per group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "K",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.job.successful_pods",
-						TimeAggregation:  metrictypes.TimeAggregationLatest,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToLast,
-					},
-				},
-				Filter:   &qbtypes.Filter{Expression: jobsBaseFilterExpr},
-				GroupBy:  []qbtypes.GroupByKey{jobNameGroupByKey},
-				Disabled: false,
-			},
-		},
-	}
-
-	return &qbtypes.QueryRangeRequest{
-		RequestType: qbtypes.RequestTypeScalar,
-		CompositeQuery: qbtypes.CompositeQuery{
-			Queries: queries,
-		},
-	}
-}

pkg/modules/inframonitoring/implinframonitoring/module.go

@@ -706,197 +706,3 @@ func (m *module) ListDeployments(ctx context.Context, orgID valuer.UUID, req *in
 
 	return resp, nil
 }
-
-func (m *module) ListStatefulSets(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableStatefulSets) (*inframonitoringtypes.StatefulSets, error) {
-	if err := req.Validate(); err != nil {
-		return nil, err
-	}
-
-	resp := &inframonitoringtypes.StatefulSets{}
-
-	if req.OrderBy == nil {
-		req.OrderBy = &qbtypes.OrderBy{
-			Key: qbtypes.OrderByKey{
-				TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-					Name: inframonitoringtypes.StatefulSetsOrderByCPU,
-				},
-			},
-			Direction: qbtypes.OrderDirectionDesc,
-		}
-	}
-
-	if len(req.GroupBy) == 0 {
-		req.GroupBy = []qbtypes.GroupByKey{statefulSetNameGroupByKey}
-		resp.Type = inframonitoringtypes.ResponseTypeList
-	} else {
-		resp.Type = inframonitoringtypes.ResponseTypeGroupedList
-	}
-
-	// Bake the workload base filter into req.Filter so all downstream helpers pick it up.
-	if req.Filter == nil {
-		req.Filter = &qbtypes.Filter{}
-	}
-	req.Filter.Expression = mergeFilterExpressions(statefulSetsBaseFilterExpr, req.Filter.Expression)
-
-	missingMetrics, minFirstReportedUnixMilli, err := m.getMetricsExistenceAndEarliestTime(ctx, statefulSetsTableMetricNamesList)
-	if err != nil {
-		return nil, err
-	}
-	if len(missingMetrics) > 0 {
-		resp.RequiredMetricsCheck = inframonitoringtypes.RequiredMetricsCheck{MissingMetrics: missingMetrics}
-		resp.Records = []inframonitoringtypes.StatefulSetRecord{}
-		resp.Total = 0
-		return resp, nil
-	}
-	if req.End < int64(minFirstReportedUnixMilli) {
-		resp.EndTimeBeforeRetention = true
-		resp.Records = []inframonitoringtypes.StatefulSetRecord{}
-		resp.Total = 0
-		return resp, nil
-	}
-	resp.RequiredMetricsCheck = inframonitoringtypes.RequiredMetricsCheck{MissingMetrics: []string{}}
-
-	metadataMap, err := m.getStatefulSetsTableMetadata(ctx, req)
-	if err != nil {
-		return nil, err
-	}
-
-	resp.Total = len(metadataMap)
-
-	pageGroups, err := m.getTopStatefulSetGroups(ctx, orgID, req, metadataMap)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(pageGroups) == 0 {
-		resp.Records = []inframonitoringtypes.StatefulSetRecord{}
-		return resp, nil
-	}
-
-	filterExpr := ""
-	if req.Filter != nil {
-		filterExpr = req.Filter.Expression
-	}
-
-	fullQueryReq := buildFullQueryRequest(req.Start, req.End, filterExpr, req.GroupBy, pageGroups, m.newStatefulSetsTableListQuery())
-	queryResp, err := m.querier.QueryRange(ctx, orgID, fullQueryReq)
-	if err != nil {
-		return nil, err
-	}
-
-	// Reuse the pods phase-counts CTE function via a temp struct — it reads only
-	// Start/End/Filter/GroupBy from PostablePods. Pods owned by a StatefulSet carry
-	// k8s.statefulset.name as a resource attribute, so default-groupBy gives
-	// per-statefulset phase counts automatically.
-	phaseCounts, err := m.getPerGroupPodPhaseCounts(ctx, &inframonitoringtypes.PostablePods{
-		Start:   req.Start,
-		End:     req.End,
-		Filter:  req.Filter,
-		GroupBy: req.GroupBy,
-	}, pageGroups)
-	if err != nil {
-		return nil, err
-	}
-
-	resp.Records = buildStatefulSetRecords(queryResp, pageGroups, req.GroupBy, metadataMap, phaseCounts)
-	resp.Warning = queryResp.Warning
-
-	return resp, nil
-}
-
-func (m *module) ListJobs(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableJobs) (*inframonitoringtypes.Jobs, error) {
-	if err := req.Validate(); err != nil {
-		return nil, err
-	}
-
-	resp := &inframonitoringtypes.Jobs{}
-
-	if req.OrderBy == nil {
-		req.OrderBy = &qbtypes.OrderBy{
-			Key: qbtypes.OrderByKey{
-				TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-					Name: inframonitoringtypes.JobsOrderByCPU,
-				},
-			},
-			Direction: qbtypes.OrderDirectionDesc,
-		}
-	}
-
-	if len(req.GroupBy) == 0 {
-		req.GroupBy = []qbtypes.GroupByKey{jobNameGroupByKey}
-		resp.Type = inframonitoringtypes.ResponseTypeList
-	} else {
-		resp.Type = inframonitoringtypes.ResponseTypeGroupedList
-	}
-
-	// Bake the jobs base filter into req.Filter so all downstream helpers pick it up.
-	if req.Filter == nil {
-		req.Filter = &qbtypes.Filter{}
-	}
-	req.Filter.Expression = mergeFilterExpressions(jobsBaseFilterExpr, req.Filter.Expression)
-
-	missingMetrics, minFirstReportedUnixMilli, err := m.getMetricsExistenceAndEarliestTime(ctx, jobsTableMetricNamesList)
-	if err != nil {
-		return nil, err
-	}
-	if len(missingMetrics) > 0 {
-		resp.RequiredMetricsCheck = inframonitoringtypes.RequiredMetricsCheck{MissingMetrics: missingMetrics}
-		resp.Records = []inframonitoringtypes.JobRecord{}
-		resp.Total = 0
-		return resp, nil
-	}
-	if req.End < int64(minFirstReportedUnixMilli) {
-		resp.EndTimeBeforeRetention = true
-		resp.Records = []inframonitoringtypes.JobRecord{}
-		resp.Total = 0
-		return resp, nil
-	}
-	resp.RequiredMetricsCheck = inframonitoringtypes.RequiredMetricsCheck{MissingMetrics: []string{}}
-
-	metadataMap, err := m.getJobsTableMetadata(ctx, req)
-	if err != nil {
-		return nil, err
-	}
-
-	resp.Total = len(metadataMap)
-
-	pageGroups, err := m.getTopJobGroups(ctx, orgID, req, metadataMap)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(pageGroups) == 0 {
-		resp.Records = []inframonitoringtypes.JobRecord{}
-		return resp, nil
-	}
-
-	filterExpr := ""
-	if req.Filter != nil {
-		filterExpr = req.Filter.Expression
-	}
-
-	fullQueryReq := buildFullQueryRequest(req.Start, req.End, filterExpr, req.GroupBy, pageGroups, m.newJobsTableListQuery())
-	queryResp, err := m.querier.QueryRange(ctx, orgID, fullQueryReq)
-	if err != nil {
-		return nil, err
-	}
-
-	// Reuse the pods phase-counts CTE function via a temp struct — it reads only
-	// Start/End/Filter/GroupBy from PostablePods. Pods owned by a Job carry
-	// k8s.job.name as a resource attribute, so default-groupBy gives
-	// per-job phase counts automatically.
-	phaseCounts, err := m.getPerGroupPodPhaseCounts(ctx, &inframonitoringtypes.PostablePods{
-		Start:   req.Start,
-		End:     req.End,
-		Filter:  req.Filter,
-		GroupBy: req.GroupBy,
-	}, pageGroups)
-	if err != nil {
-		return nil, err
-	}
-
-	resp.Records = buildJobRecords(queryResp, pageGroups, req.GroupBy, metadataMap, phaseCounts)
-	resp.Warning = queryResp.Warning
-
-	return resp, nil
-}

pkg/modules/inframonitoring/implinframonitoring/statefulsets.go

@@ -1,148 +0,0 @@
-package implinframonitoring
-
-import (
-	"context"
-	"slices"
-
-	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
-	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-// buildStatefulSetRecords assembles the page records. Pod phase counts come from
-// phaseCounts in both modes; every row is a group of pods (one statefulset in
-// list mode, an arbitrary roll-up in grouped_list mode), so there's no
-// per-row "current phase" concept.
-func buildStatefulSetRecords(
-	resp *qbtypes.QueryRangeResponse,
-	pageGroups []map[string]string,
-	groupBy []qbtypes.GroupByKey,
-	metadataMap map[string]map[string]string,
-	phaseCounts map[string]podPhaseCounts,
-) []inframonitoringtypes.StatefulSetRecord {
-	metricsMap := parseFullQueryResponse(resp, groupBy)
-
-	records := make([]inframonitoringtypes.StatefulSetRecord, 0, len(pageGroups))
-	for _, labels := range pageGroups {
-		compositeKey := compositeKeyFromLabels(labels, groupBy)
-		statefulSetName := labels[statefulSetNameAttrKey]
-
-		record := inframonitoringtypes.StatefulSetRecord{ // initialize with default values
-			StatefulSetName:          statefulSetName,
-			StatefulSetCPU:           -1,
-			StatefulSetCPURequest:    -1,
-			StatefulSetCPULimit:      -1,
-			StatefulSetMemory:        -1,
-			StatefulSetMemoryRequest: -1,
-			StatefulSetMemoryLimit:   -1,
-			DesiredPods:              -1,
-			CurrentPods:              -1,
-			Meta:                     map[string]string{},
-		}
-
-		if metrics, ok := metricsMap[compositeKey]; ok {
-			if v, exists := metrics["A"]; exists {
-				record.StatefulSetCPU = v
-			}
-			if v, exists := metrics["B"]; exists {
-				record.StatefulSetCPURequest = v
-			}
-			if v, exists := metrics["C"]; exists {
-				record.StatefulSetCPULimit = v
-			}
-			if v, exists := metrics["D"]; exists {
-				record.StatefulSetMemory = v
-			}
-			if v, exists := metrics["E"]; exists {
-				record.StatefulSetMemoryRequest = v
-			}
-			if v, exists := metrics["F"]; exists {
-				record.StatefulSetMemoryLimit = v
-			}
-			if v, exists := metrics["H"]; exists {
-				record.DesiredPods = int(v)
-			}
-			if v, exists := metrics["I"]; exists {
-				record.CurrentPods = int(v)
-			}
-		}
-
-		if phaseCountsForGroup, ok := phaseCounts[compositeKey]; ok {
-			record.PodCountsByPhase = inframonitoringtypes.PodCountsByPhase{
-				Pending:   phaseCountsForGroup.Pending,
-				Running:   phaseCountsForGroup.Running,
-				Succeeded: phaseCountsForGroup.Succeeded,
-				Failed:    phaseCountsForGroup.Failed,
-				Unknown:   phaseCountsForGroup.Unknown,
-			}
-		}
-
-		if attrs, ok := metadataMap[compositeKey]; ok {
-			for k, v := range attrs {
-				record.Meta[k] = v
-			}
-		}
-
-		records = append(records, record)
-	}
-	return records
-}
-
-func (m *module) getTopStatefulSetGroups(
-	ctx context.Context,
-	orgID valuer.UUID,
-	req *inframonitoringtypes.PostableStatefulSets,
-	metadataMap map[string]map[string]string,
-) ([]map[string]string, error) {
-	orderByKey := req.OrderBy.Key.Name
-	queryNamesForOrderBy := orderByToStatefulSetsQueryNames[orderByKey]
-	rankingQueryName := queryNamesForOrderBy[len(queryNamesForOrderBy)-1]
-
-	topReq := &qbtypes.QueryRangeRequest{
-		Start:       uint64(req.Start),
-		End:         uint64(req.End),
-		RequestType: qbtypes.RequestTypeScalar,
-		CompositeQuery: qbtypes.CompositeQuery{
-			Queries: make([]qbtypes.QueryEnvelope, 0, len(queryNamesForOrderBy)),
-		},
-	}
-
-	for _, envelope := range m.newStatefulSetsTableListQuery().CompositeQuery.Queries {
-		if !slices.Contains(queryNamesForOrderBy, envelope.GetQueryName()) {
-			continue
-		}
-		copied := envelope
-		if copied.Type == qbtypes.QueryTypeBuilder {
-			existingExpr := ""
-			if f := copied.GetFilter(); f != nil {
-				existingExpr = f.Expression
-			}
-			reqFilterExpr := ""
-			if req.Filter != nil {
-				reqFilterExpr = req.Filter.Expression
-			}
-			merged := mergeFilterExpressions(existingExpr, reqFilterExpr)
-			copied.SetFilter(&qbtypes.Filter{Expression: merged})
-			copied.SetGroupBy(req.GroupBy)
-		}
-		topReq.CompositeQuery.Queries = append(topReq.CompositeQuery.Queries, copied)
-	}
-
-	resp, err := m.querier.QueryRange(ctx, orgID, topReq)
-	if err != nil {
-		return nil, err
-	}
-
-	allMetricGroups := parseAndSortGroups(resp, rankingQueryName, req.GroupBy, req.OrderBy.Direction)
-	return paginateWithBackfill(allMetricGroups, metadataMap, req.GroupBy, req.Offset, req.Limit), nil
-}
-
-func (m *module) getStatefulSetsTableMetadata(ctx context.Context, req *inframonitoringtypes.PostableStatefulSets) (map[string]map[string]string, error) {
-	var nonGroupByAttrs []string
-	for _, key := range statefulSetAttrKeysForMetadata {
-		if !isKeyInGroupByAttrs(req.GroupBy, key) {
-			nonGroupByAttrs = append(nonGroupByAttrs, key)
-		}
-	}
-	return m.getMetadata(ctx, statefulSetsTableMetricNamesList, req.GroupBy, nonGroupByAttrs, req.Filter, req.Start, req.End)
-}

pkg/modules/inframonitoring/implinframonitoring/statefulsets_constants.go

@@ -1,254 +0,0 @@
-package implinframonitoring
-
-import (
-	"github.com/SigNoz/signoz/pkg/types/inframonitoringtypes"
-	"github.com/SigNoz/signoz/pkg/types/metrictypes"
-	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
-)
-
-const (
-	statefulSetNameAttrKey     = "k8s.statefulset.name"
-	statefulSetsBaseFilterExpr = "k8s.statefulset.name != ''"
-)
-
-var statefulSetNameGroupByKey = qbtypes.GroupByKey{
-	TelemetryFieldKey: telemetrytypes.TelemetryFieldKey{
-		Name:          statefulSetNameAttrKey,
-		FieldContext:  telemetrytypes.FieldContextResource,
-		FieldDataType: telemetrytypes.FieldDataTypeString,
-	},
-}
-
-// statefulSetsTableMetricNamesList drives the existence/retention check.
-// Includes k8s.pod.phase even though phase isn't part of the QB composite query —
-// it is queried separately via getPerGroupPodPhaseCounts, and we want the
-// response to short-circuit cleanly when the phase metric is absent.
-var statefulSetsTableMetricNamesList = []string{
-	"k8s.pod.phase",
-	"k8s.pod.cpu.usage",
-	"k8s.pod.cpu_request_utilization",
-	"k8s.pod.cpu_limit_utilization",
-	"k8s.pod.memory.working_set",
-	"k8s.pod.memory_request_utilization",
-	"k8s.pod.memory_limit_utilization",
-	"k8s.statefulset.desired_pods",
-	"k8s.statefulset.current_pods",
-}
-
-// Carried forward from v1 statefulSetAttrsToEnrich
-// (pkg/query-service/app/inframetrics/statefulsets.go:29-33).
-var statefulSetAttrKeysForMetadata = []string{
-	"k8s.statefulset.name",
-	"k8s.namespace.name",
-	"k8s.cluster.name",
-}
-
-// orderByToStatefulSetsQueryNames maps the orderBy column to the query name
-// used for ranking statefulset groups. v2 B/C/E/F are direct metrics, no
-// formula deps — so unlike v1 we don't carry A/D.
-var orderByToStatefulSetsQueryNames = map[string][]string{
-	inframonitoringtypes.StatefulSetsOrderByCPU:           {"A"},
-	inframonitoringtypes.StatefulSetsOrderByCPURequest:    {"B"},
-	inframonitoringtypes.StatefulSetsOrderByCPULimit:      {"C"},
-	inframonitoringtypes.StatefulSetsOrderByMemory:        {"D"},
-	inframonitoringtypes.StatefulSetsOrderByMemoryRequest: {"E"},
-	inframonitoringtypes.StatefulSetsOrderByMemoryLimit:   {"F"},
-	inframonitoringtypes.StatefulSetsOrderByDesiredPods:   {"H"},
-	inframonitoringtypes.StatefulSetsOrderByCurrentPods:   {"I"},
-}
-
-// newStatefulSetsTableListQuery builds the composite QB v5 request for the statefulsets list.
-// Eight builder queries: A..F roll up pod-level metrics by statefulset, H/I take the
-// latest statefulset-level desired/current counts. Restarts (v1 query G) is intentionally
-// omitted to match the v2 pods/deployments pattern.
-//
-// Every builder query carries a base filter `k8s.statefulset.name != ”`.
-// Reason: pod-level metrics (A..F) are emitted for every pod regardless of whether the
-// pod belongs to a StatefulSet; only StatefulSet-owned pods carry the
-// `k8s.statefulset.name` resource attribute. Without this filter, standalone pods and
-// pods owned by other workloads (Deployment/DaemonSet/Job/...) collapse into a single
-// empty-string group under the default groupBy. v1's GetStatefulSetList applied the same
-// filter via FilterOperatorExists; this matches v1 parity. The base filter merges
-// cleanly with user filters via mergeFilterExpressions / buildFullQueryRequest.
-func (m *module) newStatefulSetsTableListQuery() *qbtypes.QueryRangeRequest {
-	queries := []qbtypes.QueryEnvelope{
-		// Query A: k8s.pod.cpu.usage — sum of pod CPU within the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "A",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.cpu.usage",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: statefulSetsBaseFilterExpr,
-				},
-				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query B: k8s.pod.cpu_request_utilization — avg across pods in the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "B",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.cpu_request_utilization",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationAvg,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: statefulSetsBaseFilterExpr,
-				},
-				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query C: k8s.pod.cpu_limit_utilization — avg across pods in the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "C",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.cpu_limit_utilization",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationAvg,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: statefulSetsBaseFilterExpr,
-				},
-				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query D: k8s.pod.memory.working_set — sum of pod memory within the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "D",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.memory.working_set",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: statefulSetsBaseFilterExpr,
-				},
-				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query E: k8s.pod.memory_request_utilization — avg across pods in the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "E",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.memory_request_utilization",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationAvg,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: statefulSetsBaseFilterExpr,
-				},
-				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query F: k8s.pod.memory_limit_utilization — avg across pods in the group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "F",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.pod.memory_limit_utilization",
-						TimeAggregation:  metrictypes.TimeAggregationAvg,
-						SpaceAggregation: metrictypes.SpaceAggregationAvg,
-						ReduceTo:         qbtypes.ReduceToAvg,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: statefulSetsBaseFilterExpr,
-				},
-				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query H: k8s.statefulset.desired_pods — latest known desired replica count per group.
-		// v1 used TimeAggregationAnyLast (v3) → mapped to TimeAggregationLatest in v5;
-		// SpaceAggregationSum + ReduceToLast preserve v1's "latest, summed across the group".
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "H",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.statefulset.desired_pods",
-						TimeAggregation:  metrictypes.TimeAggregationLatest,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToLast,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: statefulSetsBaseFilterExpr,
-				},
-				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
-				Disabled: false,
-			},
-		},
-		// Query I: k8s.statefulset.current_pods — latest known current replica count per group.
-		{
-			Type: qbtypes.QueryTypeBuilder,
-			Spec: qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]{
-				Name:   "I",
-				Signal: telemetrytypes.SignalMetrics,
-				Aggregations: []qbtypes.MetricAggregation{
-					{
-						MetricName:       "k8s.statefulset.current_pods",
-						TimeAggregation:  metrictypes.TimeAggregationLatest,
-						SpaceAggregation: metrictypes.SpaceAggregationSum,
-						ReduceTo:         qbtypes.ReduceToLast,
-					},
-				},
-				Filter: &qbtypes.Filter{
-					Expression: statefulSetsBaseFilterExpr,
-				},
-				GroupBy:  []qbtypes.GroupByKey{statefulSetNameGroupByKey},
-				Disabled: false,
-			},
-		},
-	}
-
-	return &qbtypes.QueryRangeRequest{
-		RequestType: qbtypes.RequestTypeScalar,
-		CompositeQuery: qbtypes.CompositeQuery{
-			Queries: queries,
-		},
-	}
-}

pkg/modules/inframonitoring/inframonitoring.go

@@ -16,8 +16,6 @@ type Handler interface {
 	ListClusters(http.ResponseWriter, *http.Request)
 	ListVolumes(http.ResponseWriter, *http.Request)
 	ListDeployments(http.ResponseWriter, *http.Request)
-	ListStatefulSets(http.ResponseWriter, *http.Request)
-	ListJobs(http.ResponseWriter, *http.Request)
 }
 
 type Module interface {
@@ -28,6 +26,4 @@ type Module interface {
 	ListClusters(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableClusters) (*inframonitoringtypes.Clusters, error)
 	ListVolumes(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableVolumes) (*inframonitoringtypes.Volumes, error)
 	ListDeployments(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableDeployments) (*inframonitoringtypes.Deployments, error)
-	ListStatefulSets(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableStatefulSets) (*inframonitoringtypes.StatefulSets, error)
-	ListJobs(ctx context.Context, orgID valuer.UUID, req *inframonitoringtypes.PostableJobs) (*inframonitoringtypes.Jobs, error)
 }

pkg/modules/spanpercentile/implspanpercentile/module.go

@@ -52,7 +52,7 @@ func (m *module) GetSpanPercentile(ctx context.Context, orgID valuer.UUID, req *
 
 func transformToSpanPercentileResponse(queryResult *qbtypes.QueryRangeResponse) (*spanpercentiletypes.SpanPercentileResponse, error) {
 	if len(queryResult.Data.Results) == 0 {
-		return nil, errors.New(errors.TypeNotFound, errors.CodeNotFound, "no spans found matching the specified criteria")
+		return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "no data returned from query")
 	}
 
 	scalarData, ok := queryResult.Data.Results[0].(*qbtypes.ScalarData)
@@ -61,7 +61,7 @@ func transformToSpanPercentileResponse(queryResult *qbtypes.QueryRangeResponse)
 	}
 
 	if len(scalarData.Data) == 0 {
-		return nil, errors.New(errors.TypeNotFound, errors.CodeNotFound, "no spans found matching the specified criteria")
+		return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "no rows returned from query")
 	}
 
 	row := scalarData.Data[0]

pkg/modules/tag/impltag/module.go

@@ -0,0 +1,76 @@
+package impltag
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/modules/tag"
+	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type module struct {
+	store tagtypes.Store
+}
+
+func NewModule(store tagtypes.Store) tag.Module {
+	return &module{store: store}
+}
+
+func (m *module) SyncTags(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, postable []tagtypes.PostableTag) ([]*tagtypes.Tag, error) {
+	var tags []*tagtypes.Tag
+	err := m.store.RunInTx(ctx, func(ctx context.Context) error {
+		resolved, err := m.createMany(ctx, orgID, kind, postable)
+		if err != nil {
+			return err
+		}
+		tagIDs := make([]valuer.UUID, len(resolved))
+		for i, t := range resolved {
+			tagIDs[i] = t.ID
+		}
+		if err := m.syncLinksForResource(ctx, orgID, kind, resourceID, tagIDs); err != nil {
+			return err
+		}
+		tags = resolved
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return tags, nil
+}
+
+func (m *module) createMany(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, postable []tagtypes.PostableTag) ([]*tagtypes.Tag, error) {
+	if len(postable) == 0 {
+		return []*tagtypes.Tag{}, nil
+	}
+
+	toCreate, matched, err := m.resolve(ctx, orgID, kind, postable)
+	if err != nil {
+		return nil, err
+	}
+
+	created, err := m.store.CreateOrGet(ctx, toCreate)
+	if err != nil {
+		return nil, err
+	}
+
+	return append(matched, created...), nil
+}
+
+func (m *module) syncLinksForResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, tagIDs []valuer.UUID) error {
+	return m.store.RunInTx(ctx, func(ctx context.Context) error {
+		if err := m.store.CreateRelations(ctx, tagtypes.NewTagRelations(kind, resourceID, tagIDs)); err != nil {
+			return err
+		}
+		return m.store.DeleteRelationsExcept(ctx, orgID, kind, resourceID, tagIDs)
+	})
+}
+
+func (m *module) ListForResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID) ([]*tagtypes.Tag, error) {
+	return m.store.ListByResource(ctx, orgID, kind, resourceID)
+}
+
+func (m *module) ListForResources(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceIDs []valuer.UUID) (map[valuer.UUID][]*tagtypes.Tag, error) {
+	return m.store.ListByResources(ctx, orgID, kind, resourceIDs)
+}

pkg/modules/tag/impltag/resolve.go

@@ -0,0 +1,59 @@
+package impltag
+
+import (
+	"context"
+	"strings"
+
+	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+// resolve canonicalizes a batch of user-supplied (key, value) tag pairs against
+// the existing tags for an org. Lookup is case-insensitive on both key and
+// value (matching the storage uniqueness rule); when an existing row matches,
+// its display casing is reused. Inputs are deduped on (LOWER(key), LOWER(value));
+// the first input's casing wins on collisions. Returns:
+//   - toCreate: new Tag rows the caller should insert (with pre-generated IDs)
+//   - matched: existing rows the caller's input already pointed to. They
+//     already carry authoritative IDs from the store.
+func (m *module) resolve(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, postable []tagtypes.PostableTag) ([]*tagtypes.Tag, []*tagtypes.Tag, error) {
+	if len(postable) == 0 {
+		return nil, nil, nil
+	}
+
+	existing, err := m.store.List(ctx, orgID, kind)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	lowercaseTagsMap := make(map[string]*tagtypes.Tag, len(existing))
+	for _, t := range existing {
+		mapKey := strings.ToLower(t.Key) + "\x00" + strings.ToLower(t.Value)
+		lowercaseTagsMap[mapKey] = t
+	}
+
+	seenInRequestAlready := make(map[string]struct{}, len(postable)) // postable can have the same tag multiple times
+	toCreate := make([]*tagtypes.Tag, 0)
+	matched := make([]*tagtypes.Tag, 0)
+
+	for _, p := range postable {
+		key, value, err := tagtypes.ValidatePostableTag(p)
+		if err != nil {
+			return nil, nil, err
+		}
+		lookup := strings.ToLower(key) + "\x00" + strings.ToLower(value)
+		if _, dup := seenInRequestAlready[lookup]; dup {
+			continue
+		}
+		seenInRequestAlready[lookup] = struct{}{}
+
+		if existingTag, ok := lowercaseTagsMap[lookup]; ok {
+			matched = append(matched, existingTag)
+			continue
+		}
+		toCreate = append(toCreate, tagtypes.NewTag(orgID, kind, key, value))
+	}
+
+	return toCreate, matched, nil
+}

pkg/modules/tag/impltag/resolve_test.go

@@ -0,0 +1,112 @@
+package impltag
+
+import (
+	"context"
+	"strings"
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes/tagtypestest"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+var testKind = coretypes.KindDashboard
+
+func TestModule_Resolve(t *testing.T) {
+	t.Run("empty input does not hit store", func(t *testing.T) {
+		store := tagtypestest.NewStore()
+		m := &module{store: store}
+
+		toCreate, matched, err := m.resolve(context.Background(), valuer.GenerateUUID(), testKind, nil)
+		require.NoError(t, err)
+		assert.Empty(t, toCreate)
+		assert.Empty(t, matched)
+		assert.Zero(t, store.ListCallCount, "should not hit store when input is empty")
+	})
+
+	t.Run("creates missing pairs and reuses existing", func(t *testing.T) {
+		orgID := valuer.GenerateUUID()
+		dbTag := tagtypes.NewTag(orgID, testKind, "team", "Pulse")
+		dbTag2 := tagtypes.NewTag(orgID, testKind, "Database", "redis")
+		store := tagtypestest.NewStore()
+		store.Tags = []*tagtypes.Tag{dbTag, dbTag2}
+		m := &module{store: store}
+
+		toCreate, matched, err := m.resolve(context.Background(), orgID, testKind, []tagtypes.PostableTag{
+			{Key: "team", Value: "events"},    // new
+			{Key: "DATABASE", Value: "REDIS"}, // case-only conflict
+			{Key: "Brand", Value: "New"},      // new
+		})
+		require.NoError(t, err)
+
+		createdLowerKVs := []string{}
+		for _, tg := range toCreate {
+			createdLowerKVs = append(createdLowerKVs, strings.ToLower(tg.Key)+"\x00"+strings.ToLower(tg.Value))
+		}
+		assert.ElementsMatch(t, []string{"team\x00events", "brand\x00new"}, createdLowerKVs,
+			"only the two missing pairs should be returned for insertion")
+
+		require.Len(t, matched, 1, "DATABASE:REDIS should hit the existing 'Database:redis' tag")
+		assert.Same(t, dbTag2, matched[0], "matched should return the existing pointer with its authoritative ID")
+	})
+
+	t.Run("dedupes inputs that map to the same lower(key)+lower(value)", func(t *testing.T) {
+		orgID := valuer.GenerateUUID()
+		store := tagtypestest.NewStore()
+		m := &module{store: store}
+
+		toCreate, matched, err := m.resolve(context.Background(), orgID, testKind, []tagtypes.PostableTag{
+			{Key: "Foo", Value: "Bar"},
+			{Key: "foo", Value: "bar"},
+			{Key: "FOO", Value: "BAR"},
+		})
+		require.NoError(t, err)
+
+		require.Empty(t, matched)
+		require.Len(t, toCreate, 1, "duplicate inputs must collapse into a single insert")
+		assert.Equal(t, "Foo", toCreate[0].Key, "first input's casing wins")
+		assert.Equal(t, "Bar", toCreate[0].Value, "first input's casing wins")
+	})
+
+	t.Run("preserves existing casing on case-only match", func(t *testing.T) {
+		orgID := valuer.GenerateUUID()
+		dbTag := tagtypes.NewTag(orgID, testKind, "Team", "Pulse")
+		store := tagtypestest.NewStore()
+		store.Tags = []*tagtypes.Tag{dbTag}
+		m := &module{store: store}
+
+		toCreate, matched, err := m.resolve(context.Background(), orgID, testKind, []tagtypes.PostableTag{
+			{Key: "team", Value: "PULSE"},
+		})
+		require.NoError(t, err)
+
+		assert.Empty(t, toCreate)
+		require.Len(t, matched, 1)
+		assert.Equal(t, "Team", matched[0].Key)
+		assert.Equal(t, "Pulse", matched[0].Value)
+	})
+
+	t.Run("propagates validation error from any input", func(t *testing.T) {
+		store := tagtypestest.NewStore()
+		m := &module{store: store}
+
+		_, _, err := m.resolve(context.Background(), valuer.GenerateUUID(), testKind, []tagtypes.PostableTag{
+			{Key: "team", Value: "pulse"},
+			{Key: "", Value: "x"},
+		})
+		require.Error(t, err)
+	})
+
+	t.Run("propagates regex validation error", func(t *testing.T) {
+		store := tagtypestest.NewStore()
+		m := &module{store: store}
+
+		_, _, err := m.resolve(context.Background(), valuer.GenerateUUID(), testKind, []tagtypes.PostableTag{
+			{Key: "team!eng", Value: "pulse"},
+		})
+		require.Error(t, err)
+	})
+}

pkg/modules/tag/impltag/store.go

@@ -0,0 +1,148 @@
+package impltag
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/uptrace/bun"
+)
+
+type store struct {
+	sqlstore sqlstore.SQLStore
+}
+
+func NewStore(sqlstore sqlstore.SQLStore) tagtypes.Store {
+	return &store{sqlstore: sqlstore}
+}
+
+func (s *store) List(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind) ([]*tagtypes.Tag, error) {
+	tags := make([]*tagtypes.Tag, 0)
+	err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(&tags).
+		Where("org_id = ?", orgID).
+		Where("kind = ?", kind).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return tags, nil
+}
+
+func (s *store) ListByResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID) ([]*tagtypes.Tag, error) {
+	tags := make([]*tagtypes.Tag, 0)
+	err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(&tags).
+		Join("JOIN tag_relation AS tr ON tr.tag_id = tag.id").
+		Where("tr.kind = ?", kind).
+		Where("tr.resource_id = ?", resourceID).
+		Where("tag.org_id = ?", orgID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return tags, nil
+}
+
+func (s *store) ListByResources(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceIDs []valuer.UUID) (map[valuer.UUID][]*tagtypes.Tag, error) {
+	if len(resourceIDs) == 0 {
+		return map[valuer.UUID][]*tagtypes.Tag{}, nil
+	}
+
+	type joinedRow struct {
+		tagtypes.Tag `bun:",extend"`
+		ResourceID   valuer.UUID `bun:"resource_id"`
+	}
+
+	rows := make([]*joinedRow, 0)
+	err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(&rows).
+		ColumnExpr("tag.*, tr.resource_id").
+		Join("JOIN tag_relation AS tr ON tr.tag_id = tag.id").
+		Where("tr.kind = ?", kind).
+		Where("tr.resource_id IN (?)", bun.In(resourceIDs)).
+		Where("tag.org_id = ?", orgID).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	out := make(map[valuer.UUID][]*tagtypes.Tag)
+	for _, r := range rows {
+		tag := r.Tag
+		out[r.ResourceID] = append(out[r.ResourceID], &tag)
+	}
+	return out, nil
+}
+
+func (s *store) CreateOrGet(ctx context.Context, tags []*tagtypes.Tag) ([]*tagtypes.Tag, error) {
+	if len(tags) == 0 {
+		return tags, nil
+	}
+	// DO UPDATE on a self-set is a deliberate no-op write whose only purpose
+	// is to make RETURNING fire on conflicting rows. Without it, RETURNING is
+	// silent on the conflict path and we'd have to refetch by (key, value) to
+	// learn the existing rows' IDs after a concurrent-insert race. Setting
+	// key = tag.key (the existing row's value) preserves the first writer's
+	// casing on case-only collisions.
+	err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewInsert().
+		Model(&tags).
+		On("CONFLICT (org_id, kind, (LOWER(key)), (LOWER(value))) DO UPDATE").
+		Set("key = tag.key").
+		Returning("*").
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return tags, nil
+}
+
+func (s *store) CreateRelations(ctx context.Context, relations []*tagtypes.TagRelation) error {
+	if len(relations) == 0 {
+		return nil
+	}
+	_, err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewInsert().
+		Model(&relations).
+		On("CONFLICT (kind, resource_id, tag_id) DO NOTHING").
+		Exec(ctx)
+	return err
+}
+
+func (s *store) DeleteRelationsExcept(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, keepTagIDs []valuer.UUID) error {
+	// Scope the delete to the caller's org via a subquery on tag — bun's
+	// DELETE-with-JOIN syntax isn't uniformly portable across Postgres/SQLite.
+	tagIDsToDelete := s.sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		TableExpr("tag").
+		Column("id").
+		Where("org_id = ?", orgID)
+	if len(keepTagIDs) > 0 {
+		tagIDsToDelete = tagIDsToDelete.Where("id NOT IN (?)", bun.In(keepTagIDs))
+	}
+	_, err := s.sqlstore.
+		BunDBCtx(ctx).
+		NewDelete().
+		Model((*tagtypes.TagRelation)(nil)).
+		Where("kind = ?", kind).
+		Where("resource_id = ?", resourceID).
+		Where("tag_id IN (?)", tagIDsToDelete).
+		Exec(ctx)
+	return err
+}
+
+func (s *store) RunInTx(ctx context.Context, cb func(ctx context.Context) error) error {
+	return s.sqlstore.RunInTxCtx(ctx, nil, cb)
+}

pkg/modules/tag/impltag/store_test.go

@@ -0,0 +1,147 @@
+package impltag
+
+import (
+	"context"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/factory/factorytest"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/sqlstore/sqlitesqlstore"
+	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/uptrace/bun"
+)
+
+func newTestStore(t *testing.T) sqlstore.SQLStore {
+	t.Helper()
+	dbPath := filepath.Join(t.TempDir(), "test.db")
+	store, err := sqlitesqlstore.New(context.Background(), factorytest.NewSettings(), sqlstore.Config{
+		Provider: "sqlite",
+		Connection: sqlstore.ConnectionConfig{
+			MaxOpenConns:    1,
+			MaxConnLifetime: 0,
+		},
+		Sqlite: sqlstore.SqliteConfig{
+			Path:            dbPath,
+			Mode:            "wal",
+			BusyTimeout:     5 * time.Second,
+			TransactionMode: "deferred",
+		},
+	})
+	require.NoError(t, err)
+
+	_, err = store.BunDB().NewCreateTable().
+		Model((*tagtypes.Tag)(nil)).
+		IfNotExists().
+		Exec(context.Background())
+	require.NoError(t, err)
+
+	_, err = store.BunDB().Exec(`CREATE UNIQUE INDEX IF NOT EXISTS uq_tag_org_kind_lower_key_lower_value ON tag (org_id, kind, LOWER(key), LOWER(value))`)
+	require.NoError(t, err)
+	return store
+}
+
+var dashboardKind = coretypes.KindDashboard
+
+func tagsByLowerKeyValue(t *testing.T, db *bun.DB) map[string]*tagtypes.Tag {
+	t.Helper()
+	all := make([]*tagtypes.Tag, 0)
+	require.NoError(t, db.NewSelect().Model(&all).Scan(context.Background()))
+	out := map[string]*tagtypes.Tag{}
+	for _, tag := range all {
+		out[strings.ToLower(tag.Key)+"\x00"+strings.ToLower(tag.Value)] = tag
+	}
+	return out
+}
+
+func TestStore_Create_PopulatesIDsOnFreshInsert(t *testing.T) {
+	ctx := context.Background()
+	sqlstore := newTestStore(t)
+	s := NewStore(sqlstore)
+
+	orgID := valuer.GenerateUUID()
+	tagA := tagtypes.NewTag(orgID, dashboardKind, "tag", "Database")
+	tagB := tagtypes.NewTag(orgID, dashboardKind, "team", "BLR")
+	preIDA := tagA.ID
+	preIDB := tagB.ID
+
+	got, err := s.CreateOrGet(ctx, []*tagtypes.Tag{tagA, tagB})
+	require.NoError(t, err)
+	require.Len(t, got, 2)
+
+	// No race → pre-generated IDs stand. The slice is what we passed in,
+	// confirming Scan didn't reallocate.
+	assert.Equal(t, preIDA, got[0].ID)
+	assert.Equal(t, preIDB, got[1].ID)
+
+	// And the rows are in the DB.
+	stored := tagsByLowerKeyValue(t, sqlstore.BunDB())
+	require.Contains(t, stored, "tag\x00database")
+	require.Contains(t, stored, "team\x00blr")
+	assert.Equal(t, preIDA, stored["tag\x00database"].ID)
+	assert.Equal(t, preIDB, stored["team\x00blr"].ID)
+}
+
+func TestStore_Create_ConflictReturnsExistingRowID(t *testing.T) {
+	ctx := context.Background()
+	sqlstore := newTestStore(t)
+	s := NewStore(sqlstore)
+
+	orgID := valuer.GenerateUUID()
+
+	// Simulate a concurrent insert: someone else has already inserted "tag:Database".
+	winner := tagtypes.NewTag(orgID, dashboardKind, "tag", "Database")
+	_, err := s.CreateOrGet(ctx, []*tagtypes.Tag{winner})
+	require.NoError(t, err)
+	winnerID := winner.ID
+
+	// Now our request runs with a different pre-generated ID for the same
+	// (key, value) — case differs but the functional unique index collapses
+	// them. RETURNING should overwrite our stale ID with winner's ID.
+	loser := tagtypes.NewTag(orgID, dashboardKind, "TAG", "DATABASE")
+	loserPreID := loser.ID
+	require.NotEqual(t, winnerID, loserPreID, "pre-generated IDs must differ for this test to be meaningful")
+
+	got, err := s.CreateOrGet(ctx, []*tagtypes.Tag{loser})
+	require.NoError(t, err)
+	require.Len(t, got, 1)
+
+	assert.Equal(t, winnerID, got[0].ID, "returned slice should carry the existing row's ID, not our stale one")
+	assert.Equal(t, winnerID, loser.ID, "input slice element is mutated in place")
+
+	// And the DB still has exactly one row for that (lower(key), lower(value)) — winner's, with winner's casing.
+	stored := tagsByLowerKeyValue(t, sqlstore.BunDB())
+	require.Len(t, stored, 1)
+	assert.Equal(t, winnerID, stored["tag\x00database"].ID)
+	assert.Equal(t, "tag", stored["tag\x00database"].Key, "winner's casing preserved in key")
+	assert.Equal(t, "Database", stored["tag\x00database"].Value, "winner's casing preserved in value")
+}
+
+func TestStore_Create_MixedFreshAndConflict(t *testing.T) {
+	ctx := context.Background()
+	sqlstore := newTestStore(t)
+	s := NewStore(sqlstore)
+
+	orgID := valuer.GenerateUUID()
+	pre := tagtypes.NewTag(orgID, dashboardKind, "tag", "Database")
+	_, err := s.CreateOrGet(ctx, []*tagtypes.Tag{pre})
+	require.NoError(t, err)
+	preExistingID := pre.ID
+
+	conflict := tagtypes.NewTag(orgID, dashboardKind, "tag", "Database")
+	fresh := tagtypes.NewTag(orgID, dashboardKind, "team", "BLR")
+	freshPreID := fresh.ID
+
+	got, err := s.CreateOrGet(ctx, []*tagtypes.Tag{conflict, fresh})
+	require.NoError(t, err)
+	require.Len(t, got, 2)
+
+	assert.Equal(t, preExistingID, got[0].ID, "conflicting row's ID overwritten with the existing row's")
+	assert.Equal(t, freshPreID, got[1].ID, "fresh row's pre-generated ID is preserved")
+}

pkg/modules/tag/tag.go

@@ -0,0 +1,20 @@
+package tag
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/types/coretypes"
+	"github.com/SigNoz/signoz/pkg/types/tagtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type Module interface {
+	// SyncTags resolves the given postable tags (creating new rows as needed)
+	// and reconciles the resource's links to exactly that set, all in one transaction.
+	SyncTags(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID, postable []tagtypes.PostableTag) ([]*tagtypes.Tag, error)
+
+	ListForResource(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceID valuer.UUID) ([]*tagtypes.Tag, error)
+
+	// Resources with no tags are absent from the returned map.
+	ListForResources(ctx context.Context, orgID valuer.UUID, kind coretypes.Kind, resourceIDs []valuer.UUID) (map[valuer.UUID][]*tagtypes.Tag, error)
+}

pkg/parser/filterquery/parse.go

@@ -0,0 +1,33 @@
+package filterquery
+
+import (
+	"fmt"
+
+	grammar "github.com/SigNoz/signoz/pkg/parser/filterquery/grammar"
+	"github.com/antlr4-go/antlr/v4"
+)
+
+func Parse(query string) (antlr.ParseTree, *antlr.CommonTokenStream, *ErrorCollector) {
+	collector := NewErrorCollector()
+	lexer := grammar.NewFilterQueryLexer(antlr.NewInputStream(query))
+	lexer.RemoveErrorListeners()
+	lexer.AddErrorListener(collector)
+	tokens := antlr.NewCommonTokenStream(lexer, 0)
+	parser := grammar.NewFilterQueryParser(tokens)
+	parser.RemoveErrorListeners()
+	parser.AddErrorListener(collector)
+	return parser.Query(), tokens, collector
+}
+
+type ErrorCollector struct {
+	*antlr.DefaultErrorListener
+	Errors []string
+}
+
+func NewErrorCollector() *ErrorCollector {
+	return &ErrorCollector{}
+}
+
+func (c *ErrorCollector) SyntaxError(_ antlr.Recognizer, _ any, line, column int, msg string, _ antlr.RecognitionException) {
+	c.Errors = append(c.Errors, fmt.Sprintf("syntax error at %d:%d — %s", line, column, msg))
+}

pkg/query-service/model/alerting.go

@@ -134,7 +134,7 @@ type RuleStateHistory struct {
 	// One of ["normal", "firing"]
 	OverallState        AlertState `json:"overallState" ch:"overall_state"`
 	OverallStateChanged bool       `json:"overallStateChanged" ch:"overall_state_changed"`
-	// One of ["normal", "firing", "nodata", "muted"]
+	// One of ["normal", "firing", "no_data", "muted"]
 	State        AlertState   `json:"state" ch:"state"`
 	StateChanged bool         `json:"stateChanged" ch:"state_changed"`
 	UnixMilli    int64        `json:"unixMilli" ch:"unix_milli"`

pkg/signoz/handler_test.go

@@ -17,6 +17,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
 	"github.com/SigNoz/signoz/pkg/modules/retention/implretention"
+	"github.com/SigNoz/signoz/pkg/modules/tag/impltag"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
@@ -45,7 +46,8 @@ func TestNewHandlers(t *testing.T) {
 	emailing := emailingtest.New()
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
-	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)
+	tagModule := impltag.NewModule(impltag.NewStore(sqlstore))
+	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), sqlstore, providerSettings, nil, orgGetter, queryParser, tagModule)
 
 	flagger, err := flagger.New(context.Background(), instrumentationtest.New().ToProviderSettings(), flagger.Config{}, flagger.MustNewRegistry())
 	require.NoError(t, err)
@@ -53,8 +55,9 @@ func TestNewHandlers(t *testing.T) {
 	userRoleStore := impluser.NewUserRoleStore(sqlstore, providerSettings)
 
 	userGetter := impluser.NewGetter(impluser.NewStore(sqlstore, providerSettings), userRoleStore, flagger)
+
 	retentionGetter := implretention.NewGetter(implretention.NewStore(sqlstore))
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, nil, nil, retentionGetter, flagger)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, nil, nil, retentionGetter, flagger, tagModule)
 
 	querierHandler := querier.NewHandler(providerSettings, nil, nil)
 	registryHandler := factory.NewHandler(nil)

pkg/signoz/module.go

@@ -45,6 +45,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/spanmapper/implspanmapper"
 	"github.com/SigNoz/signoz/pkg/modules/spanpercentile"
 	"github.com/SigNoz/signoz/pkg/modules/spanpercentile/implspanpercentile"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
 	"github.com/SigNoz/signoz/pkg/modules/tracedetail"
 	"github.com/SigNoz/signoz/pkg/modules/tracedetail/impltracedetail"
 	"github.com/SigNoz/signoz/pkg/modules/tracefunnel"
@@ -88,6 +89,7 @@ type Modules struct {
 	TraceDetail      tracedetail.Module
 	SpanMapper       spanmapper.Module
 	LLMPricingRule   llmpricingrule.Module
+	Tag              tag.Module
 }
 
 func NewModules(
@@ -113,6 +115,7 @@ func NewModules(
 	cloudIntegrationModule cloudintegration.Module,
 	retentionGetter retention.Getter,
 	fl flagger.Flagger,
+	tagModule tag.Module,
 ) Modules {
 	quickfilter := implquickfilter.NewModule(implquickfilter.NewStore(sqlstore))
 	orgSetter := implorganization.NewSetter(implorganization.NewStore(sqlstore), alertmanager, quickfilter)
@@ -145,5 +148,6 @@ func NewModules(
 		TraceDetail:      impltracedetail.NewModule(impltracedetail.NewTraceStore(telemetryStore), providerSettings, config.TraceDetail),
 		SpanMapper:       implspanmapper.NewModule(implspanmapper.NewStore(sqlstore)),
 		LLMPricingRule:   impllmpricingrule.NewModule(impllmpricingrule.NewStore(sqlstore)),
+		Tag:              tagModule,
 	}
 }

pkg/signoz/module_test.go

@@ -19,6 +19,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/retention/implretention"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount/implserviceaccount"
+	"github.com/SigNoz/signoz/pkg/modules/tag/impltag"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/sharder"
@@ -46,7 +47,8 @@ func TestNewModules(t *testing.T) {
 	emailing := emailingtest.New()
 	queryParser := queryparser.New(providerSettings)
 	require.NoError(t, err)
-	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), providerSettings, nil, orgGetter, queryParser)
+	tagModule := impltag.NewModule(impltag.NewStore(sqlstore))
+	dashboardModule := impldashboard.NewModule(impldashboard.NewStore(sqlstore), sqlstore, providerSettings, nil, orgGetter, queryParser, tagModule)
 
 	flagger, err := flagger.New(context.Background(), instrumentationtest.New().ToProviderSettings(), flagger.Config{}, flagger.MustNewRegistry())
 	require.NoError(t, err)
@@ -58,7 +60,8 @@ func TestNewModules(t *testing.T) {
 	serviceAccount := implserviceaccount.NewModule(implserviceaccount.NewStore(sqlstore), nil, nil, nil, providerSettings, serviceaccount.Config{})
 
 	retentionGetter := implretention.NewGetter(implretention.NewStore(sqlstore))
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, serviceAccount, implcloudintegration.NewModule(), retentionGetter, flagger)
+
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, nil, nil, nil, nil, nil, nil, nil, queryParser, Config{}, dashboardModule, userGetter, userRoleStore, serviceAccount, implcloudintegration.NewModule(), retentionGetter, flagger, tagModule)
 
 	reflectVal := reflect.ValueOf(modules)
 	for i := 0; i < reflectVal.NumField(); i++ {

pkg/signoz/provider.go

@@ -200,7 +200,8 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewAddServiceAccountManagedRoleTransactionsFactory(sqlstore),
 		sqlmigration.NewAddSpanMapperFactory(sqlstore, sqlschema),
 		sqlmigration.NewAddLLMPricingRulesFactory(sqlstore, sqlschema),
-		sqlmigration.NewMigrateMetaresourcesTuplesFactory(sqlstore),
+		sqlmigration.NewAddTagsFactory(sqlstore, sqlschema),
+		sqlmigration.NewAddPinnedDashboardFactory(sqlstore, sqlschema),
 	)
 }
 

pkg/signoz/signoz.go

@@ -32,6 +32,8 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
 	"github.com/SigNoz/signoz/pkg/modules/serviceaccount/implserviceaccount"
+	"github.com/SigNoz/signoz/pkg/modules/tag"
+	"github.com/SigNoz/signoz/pkg/modules/tag/impltag"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
@@ -105,7 +107,7 @@ func New(
 	telemetrystoreProviderFactories factory.NamedMap[factory.ProviderFactory[telemetrystore.TelemetryStore, telemetrystore.Config]],
 	authNsCallback func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error),
 	authzCallback func(context.Context, sqlstore.SQLStore, authz.Config, licensing.Licensing, []authz.OnBeforeRoleDelete) (factory.ProviderFactory[authz.AuthZ, authz.Config], error),
-	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, queryparser.QueryParser, querier.Querier, licensing.Licensing) dashboard.Module,
+	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, queryparser.QueryParser, querier.Querier, licensing.Licensing, tag.Module) dashboard.Module,
 	gatewayProviderFactory func(licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config],
 	auditorProviderFactories func(licensing.Licensing) factory.NamedMap[factory.ProviderFactory[auditor.Auditor, auditor.Config]],
 	meterReporterProviderFactories func(context.Context, factory.ProviderSettings, flagger.Flagger, licensing.Licensing, telemetrystore.TelemetryStore, retention.Getter, organization.Getter, zeus.Zeus) (factory.NamedMap[factory.ProviderFactory[meterreporter.Reporter, meterreporter.Config]], string),
@@ -332,8 +334,13 @@ func New(
 	// Initialize query parser (needed for dashboard module)
 	queryParser := queryparser.New(providerSettings)
 
-	// Initialize dashboard module
-	dashboard := dashboardModuleCallback(sqlstore, providerSettings, analytics, orgGetter, queryParser, querier, licensing)
+	// Initialize tag module — shared across modules that link entities to tags
+	// (currently dashboard; future: alerts, RBAC). Built once here and injected
+	// where needed.
+	tagModule := impltag.NewModule(impltag.NewStore(sqlstore))
+
+	// Initialize dashboard module (needed for authz registry)
+	dashboard := dashboardModuleCallback(sqlstore, providerSettings, analytics, orgGetter, queryParser, querier, licensing, tagModule)
 
 	// Initialize user getter
 	userGetter := impluser.NewGetter(userStore, userRoleStore, flagger)
@@ -455,7 +462,7 @@ func New(
 	}
 
 	// Initialize all modules
-	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter, userRoleStore, serviceAccount, cloudIntegrationModule, retentionGetter, flagger)
+	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter, userRoleStore, serviceAccount, cloudIntegrationModule, retentionGetter, flagger, tagModule)
 
 	// Initialize ruler from the variant-specific provider factories
 	rulerInstance, err := factory.NewProviderFromNamedMap(ctx, providerSettings, config.Ruler, rulerProviderFactories(cache, alertmanager, sqlstore, telemetrystore, telemetryMetadataStore, prometheus, orgGetter, modules.RuleStateHistory, querier, queryParser), "signoz")

pkg/sqlmigration/080_add_pinned_dashboard.go

@@ -0,0 +1,71 @@
+package sqlmigration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addPinnedDashboard struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewAddPinnedDashboardFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(factory.MustNewName("add_pinned_dashboard"), func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+		return &addPinnedDashboard{
+			sqlstore:  sqlstore,
+			sqlschema: sqlschema,
+		}, nil
+	})
+}
+
+func (migration *addPinnedDashboard) Register(migrations *migrate.Migrations) error {
+	return migrations.Register(migration.Up, migration.Down)
+}
+
+func (migration *addPinnedDashboard) Up(ctx context.Context, db *bun.DB) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	// Composite PK on (user_id, dashboard_id) prevents accidental double-pins
+	// for the same user/dashboard pair. Only org_id carries an FK — user_id and
+	// dashboard_id mirror tag_relations and skip FKs because cascade deletes
+	// are disabled at the platform level (see tags spec).
+	sqls := migration.sqlschema.Operator().CreateTable(&sqlschema.Table{
+		Name: "pinned_dashboard",
+		Columns: []*sqlschema.Column{
+			{Name: "user_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "dashboard_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "org_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "pinned_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false, Default: "current_timestamp"},
+		},
+		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{ColumnNames: []sqlschema.ColumnName{"user_id", "dashboard_id"}},
+		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
+			{
+				ReferencingColumnName: sqlschema.ColumnName("org_id"),
+				ReferencedTableName:   sqlschema.TableName("organizations"),
+				ReferencedColumnName:  sqlschema.ColumnName("id"),
+			},
+		},
+	})
+
+	for _, sql := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	return tx.Commit()
+}
+
+func (migration *addPinnedDashboard) Down(_ context.Context, _ *bun.DB) error {
+	return nil
+}

pkg/sqlmigration/081_add_tags.go

@@ -0,0 +1,114 @@
+package sqlmigration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addTags struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewAddTagsFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(factory.MustNewName("add_tags"), func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+		return &addTags{
+			sqlstore:  sqlstore,
+			sqlschema: sqlschema,
+		}, nil
+	})
+}
+
+func (migration *addTags) Register(migrations *migrate.Migrations) error {
+	return migrations.Register(migration.Up, migration.Down)
+}
+
+func (migration *addTags) Up(ctx context.Context, db *bun.DB) error {
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	sqls := [][]byte{}
+
+	tagTableSQLs := migration.sqlschema.Operator().CreateTable(&sqlschema.Table{
+		Name: "tag",
+		Columns: []*sqlschema.Column{
+			{Name: "id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "key", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "value", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "org_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "kind", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "created_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false},
+			{Name: "updated_at", DataType: sqlschema.DataTypeTimestamp, Nullable: false},
+		},
+		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{ColumnNames: []sqlschema.ColumnName{"id"}},
+		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
+			{
+				ReferencingColumnName: sqlschema.ColumnName("org_id"),
+				ReferencedTableName:   sqlschema.TableName("organizations"),
+				ReferencedColumnName:  sqlschema.ColumnName("id"),
+			},
+		},
+	})
+	sqls = append(sqls, tagTableSQLs...)
+
+	// Case-insensitive uniqueness on (org_id, kind, key, value) — both Postgres
+	// and SQLite (modernc 3.50.x) support expression indexes.
+	tagUniqueIndexSQLs := migration.sqlschema.Operator().CreateIndex(
+		(&sqlschema.UniqueIndex{
+			TableName:   "tag",
+			ColumnNames: []sqlschema.ColumnName{"org_id", "kind", "key", "value"},
+			Expressions: []string{"org_id", "kind", "LOWER(key)", "LOWER(value)"},
+		}).Named("uq_tag_org_kind_lower_key_lower_value"),
+	)
+	sqls = append(sqls, tagUniqueIndexSQLs...)
+
+	tagRelationsTableSQLs := migration.sqlschema.Operator().CreateTable(&sqlschema.Table{
+		Name: "tag_relation",
+		Columns: []*sqlschema.Column{
+			{Name: "id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "kind", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "resource_id", DataType: sqlschema.DataTypeText, Nullable: false},
+			{Name: "tag_id", DataType: sqlschema.DataTypeText, Nullable: false},
+		},
+		PrimaryKeyConstraint: &sqlschema.PrimaryKeyConstraint{ColumnNames: []sqlschema.ColumnName{"id"}},
+		ForeignKeyConstraints: []*sqlschema.ForeignKeyConstraint{
+			{
+				ReferencingColumnName: sqlschema.ColumnName("tag_id"),
+				ReferencedTableName:   sqlschema.TableName("tag"),
+				ReferencedColumnName:  sqlschema.ColumnName("id"),
+			},
+		},
+	})
+	sqls = append(sqls, tagRelationsTableSQLs...)
+
+	tagRelationUniqueIndexSQLs := migration.sqlschema.Operator().CreateIndex(
+		&sqlschema.UniqueIndex{
+			TableName:   "tag_relation",
+			ColumnNames: []sqlschema.ColumnName{"kind", "resource_id", "tag_id"},
+		},
+	)
+	sqls = append(sqls, tagRelationUniqueIndexSQLs...)
+
+	for _, sql := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	return tx.Commit()
+}
+
+func (migration *addTags) Down(_ context.Context, _ *bun.DB) error {
+	return nil
+}

pkg/sqlmigration/081_migrate_metaresources_tuples.go

@@ -1,175 +0,0 @@
-package sqlmigration
-
-import (
-	"context"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/oklog/ulid/v2"
-	"github.com/uptrace/bun"
-	"github.com/uptrace/bun/dialect"
-	"github.com/uptrace/bun/migrate"
-)
-
-type migrateMetaresourcesTuples struct {
-	sqlstore sqlstore.SQLStore
-}
-
-func NewMigrateMetaresourcesTuplesFactory(sqlstore sqlstore.SQLStore) factory.ProviderFactory[SQLMigration, Config] {
-	return factory.NewProviderFactory(factory.MustNewName("migrate_metaresources_tuples"), func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
-		return &migrateMetaresourcesTuples{sqlstore: sqlstore}, nil
-	})
-}
-
-func (migration *migrateMetaresourcesTuples) Register(migrations *migrate.Migrations) error {
-	return migrations.Register(migration.Up, migration.Down)
-}
-
-// migrationTuple describes a single FGA tuple to insert.
-type migrationTuple struct {
-	roleName   string // "signoz-admin", "signoz-editor", "signoz-viewer"
-	objectType string // "serviceaccount", "user", "role", "metaresource"
-	objectName string // "serviceaccount", "user", "role", etc.
-	relation   string // "create", "list", "detach", etc.
-}
-
-func (migration *migrateMetaresourcesTuples) Up(ctx context.Context, db *bun.DB) error {
-	tx, err := db.BeginTx(ctx, nil)
-	if err != nil {
-		return err
-	}
-	defer func() { _ = tx.Rollback() }()
-
-	var storeID string
-	err = tx.QueryRowContext(ctx, `SELECT id FROM store WHERE name = ? LIMIT 1`, "signoz").Scan(&storeID)
-	if err != nil {
-		return err
-	}
-
-	// Fetch all orgs.
-	var orgIDs []string
-	rows, err := tx.QueryContext(ctx, `SELECT id FROM organizations`)
-	if err != nil {
-		return err
-	}
-	defer rows.Close()
-	for rows.Next() {
-		var orgID string
-		if err := rows.Scan(&orgID); err != nil {
-			return err
-		}
-		orgIDs = append(orgIDs, orgID)
-	}
-
-	isPG := migration.sqlstore.BunDB().Dialect().Name() == dialect.PG
-
-	// Step 1: Delete all tuples with the old "metaresources" object_type.
-	for _, orgID := range orgIDs {
-		if isPG {
-			_, err = tx.ExecContext(ctx, `DELETE FROM tuple WHERE store = ? AND object_type = ? AND object_id LIKE ?`,
-				storeID, "metaresources", "organization/"+orgID+"/%")
-		} else {
-			_, err = tx.ExecContext(ctx, `DELETE FROM tuple WHERE store = ? AND object_type = ? AND object_id LIKE ?`,
-				storeID, "metaresources", "organization/"+orgID+"/%")
-		}
-
-		if err != nil {
-			return err
-		}
-	}
-
-	// Step 2: Insert replacement tuples.
-	// For types with their own FGA type (user, serviceaccount, role), create/list
-	// go on the type directly. For all other resources, create/list go on "metaresource".
-	// Also add new detach tuples for role/user/serviceaccount.
-	tuples := []migrationTuple{
-		// New detach tuples for admin
-		{authtypes.SigNozAdminRoleName, "role", "role", "detach"},
-		{authtypes.SigNozAdminRoleName, "serviceaccount", "serviceaccount", "detach"},
-		// Replacement create/list for user/serviceaccount/role (moved from metaresources to own types)
-		{authtypes.SigNozAdminRoleName, "serviceaccount", "serviceaccount", "create"},
-		{authtypes.SigNozAdminRoleName, "serviceaccount", "serviceaccount", "list"},
-		{authtypes.SigNozAdminRoleName, "role", "role", "create"},
-		{authtypes.SigNozAdminRoleName, "role", "role", "list"},
-		// Replacement create/list for resources that move from "metaresources" to "metaresource"
-		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "create"},
-		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "list"},
-		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "read"},
-		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "update"},
-		{authtypes.SigNozAdminRoleName, "metaresource", "factor-api-key", "delete"},
-	}
-
-	for _, orgID := range orgIDs {
-		for _, tuple := range tuples {
-			entropy := ulid.DefaultEntropy()
-			now := time.Now().UTC()
-			tupleID := ulid.MustNew(ulid.Timestamp(now), entropy).String()
-
-			objectID := "organization/" + orgID + "/" + tuple.objectName + "/*"
-			roleSubject := "organization/" + orgID + "/role/" + tuple.roleName
-
-			if isPG {
-				user := "role:" + roleSubject + "#assignee"
-				result, err := tx.ExecContext(ctx, `
-					INSERT INTO tuple (store, object_type, object_id, relation, _user, user_type, ulid, inserted_at)
-					VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-					ON CONFLICT (store, object_type, object_id, relation, _user) DO NOTHING`,
-					storeID, tuple.objectType, objectID, tuple.relation, user, "userset", tupleID, now,
-				)
-				if err != nil {
-					return err
-				}
-				rowsAffected, err := result.RowsAffected()
-				if err != nil {
-					return err
-				}
-				if rowsAffected == 0 {
-					continue
-				}
-				_, err = tx.ExecContext(ctx, `
-					INSERT INTO changelog (store, object_type, object_id, relation, _user, operation, ulid, inserted_at)
-					VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-					ON CONFLICT (store, ulid, object_type) DO NOTHING`,
-					storeID, tuple.objectType, objectID, tuple.relation, user, "TUPLE_OPERATION_WRITE", tupleID, now,
-				)
-				if err != nil {
-					return err
-				}
-			} else {
-				result, err := tx.ExecContext(ctx, `
-					INSERT INTO tuple (store, object_type, object_id, relation, user_object_type, user_object_id, user_relation, user_type, ulid, inserted_at)
-					VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-					ON CONFLICT (store, object_type, object_id, relation, user_object_type, user_object_id, user_relation) DO NOTHING`,
-					storeID, tuple.objectType, objectID, tuple.relation, "role", roleSubject, "assignee", "userset", tupleID, now,
-				)
-				if err != nil {
-					return err
-				}
-				rowsAffected, err := result.RowsAffected()
-				if err != nil {
-					return err
-				}
-				if rowsAffected == 0 {
-					continue
-				}
-				_, err = tx.ExecContext(ctx, `
-					INSERT INTO changelog (store, object_type, object_id, relation, user_object_type, user_object_id, user_relation, operation, ulid, inserted_at)
-					VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-					ON CONFLICT (store, ulid, object_type) DO NOTHING`,
-					storeID, tuple.objectType, objectID, tuple.relation, "role", roleSubject, "assignee", 0, tupleID, now,
-				)
-				if err != nil {
-					return err
-				}
-			}
-		}
-	}
-
-	return tx.Commit()
-}
-
-func (migration *migrateMetaresourcesTuples) Down(context.Context, *bun.DB) error {
-	return nil
-}

pkg/sqlschema/index.go

@@ -1,6 +1,8 @@
 package sqlschema
 
 import (
+	"fmt"
+	"hash/fnv"
 	"slices"
 	"strings"
 
@@ -49,9 +51,23 @@ type Index interface {
 	ToDropSQL(fmter SQLFormatter) []byte
 }
 
+// UniqueIndex models a unique index on a table.
+//
+// In the common case the index keys on plain columns: set only ColumnNames and
+// the SQL is emitted with each column identifier-quoted by the formatter
+// (`CREATE UNIQUE INDEX uq_t_a_b ON t (a, b)`).
+//
+// For functional indexes (e.g. case-insensitive uniqueness on `LOWER(col)`),
+// set Expressions to the raw SQL parts and use ColumnNames as metadata for
+// "which columns does this index touch". When Expressions is non-empty, it
+// overrides ColumnNames for SQL emission — each entry is written verbatim, so
+// the caller owns well-formedness — and the auto-generated name uses a hash
+// suffix instead of a readable column join because expressions aren't valid
+// identifier fragments.
 type UniqueIndex struct {
 	TableName   TableName
 	ColumnNames []ColumnName
+	Expressions []string
 	name        string
 }
 
@@ -71,16 +87,28 @@ func (index *UniqueIndex) Name() string {
 		}
 		b.WriteString(string(column))
 	}
+
+	if len(index.Expressions) > 0 {
+		if len(index.ColumnNames) > 0 {
+			b.WriteString("_")
+		}
+		hasher := fnv.New32a()
+		_, _ = hasher.Write([]byte(strings.Join(index.Expressions, "\x00")))
+		fmt.Fprintf(&b, "%08x", hasher.Sum32())
+	}
 	return b.String()
 }
 
 func (index *UniqueIndex) Named(name string) Index {
 	copyOfColumnNames := make([]ColumnName, len(index.ColumnNames))
 	copy(copyOfColumnNames, index.ColumnNames)
+	copyOfExpressions := make([]string, len(index.Expressions))
+	copy(copyOfExpressions, index.Expressions)
 
 	return &UniqueIndex{
 		TableName:   index.TableName,
 		ColumnNames: copyOfColumnNames,
+		Expressions: copyOfExpressions,
 		name:        name,
 	}
 }
@@ -101,7 +129,18 @@ func (index *UniqueIndex) Equals(other Index) bool {
 	if other.Type() != IndexTypeUnique {
 		return false
 	}
-
+	otherUnique, ok := other.(*UniqueIndex)
+	if !ok {
+		return false
+	}
+	// Plain and functional indexes produce different SQL even if their column
+	// sets overlap; require both shapes to match.
+	if (len(index.Expressions) == 0) != (len(otherUnique.Expressions) == 0) {
+		return false
+	}
+	if len(index.Expressions) > 0 && !slices.Equal(index.Expressions, otherUnique.Expressions) {
+		return false
+	}
 	return index.Name() == other.Name() && slices.Equal(index.Columns(), other.Columns())
 }
 
@@ -114,12 +153,20 @@ func (index *UniqueIndex) ToCreateSQL(fmter SQLFormatter) []byte {
 	sql = fmter.AppendIdent(sql, string(index.TableName))
 	sql = append(sql, " ("...)
 
-	for i, column := range index.ColumnNames {
-		if i > 0 {
-			sql = append(sql, ", "...)
+	if len(index.Expressions) > 0 {
+		for i, expr := range index.Expressions {
+			if i > 0 {
+				sql = append(sql, ", "...)
+			}
+			sql = append(sql, expr...)
+		}
+	} else {
+		for i, column := range index.ColumnNames {
+			if i > 0 {
+				sql = append(sql, ", "...)
+			}
+			sql = fmter.AppendIdent(sql, string(column))
 		}
-
-		sql = fmter.AppendIdent(sql, string(column))
 	}
 
 	sql = append(sql, ")"...)

pkg/sqlschema/index_test.go

@@ -38,6 +38,43 @@ func TestIndexToCreateSQL(t *testing.T) {
 			},
 			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "my_index" ON "users" ("id", "name", "email")`,
 		},
+		{
+			name: "Unique_Functional_SingleExpression",
+			index: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Expressions: []string{"LOWER(email)"},
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "uq_users_email_1e5a87f1" ON "users" (LOWER(email))`,
+		},
+		{
+			name: "Unique_Functional_MixedColumnsAndExpressions",
+			index: &UniqueIndex{
+				TableName:   "tag",
+				ColumnNames: []ColumnName{"org_id", "kind", "key", "value"},
+				Expressions: []string{"org_id", "kind", "LOWER(key)", "LOWER(value)"},
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "uq_tag_org_id_kind_key_value_57e8f81f" ON "tag" (org_id, kind, LOWER(key), LOWER(value))`,
+		},
+		{
+			name: "Unique_Functional_ComplexExpression",
+			index: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"first_name", "last_name"},
+				Expressions: []string{"LOWER(TRIM(first_name) || ' ' || TRIM(last_name))"},
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "uq_users_first_name_last_name_adb1ff53" ON "users" (LOWER(TRIM(first_name) || ' ' || TRIM(last_name)))`,
+		},
+		{
+			name: "Unique_Functional_Named",
+			index: &UniqueIndex{
+				TableName:   "tag",
+				ColumnNames: []ColumnName{"org_id", "kind", "key", "value"},
+				Expressions: []string{"org_id", "kind", "LOWER(key)", "LOWER(value)"},
+				name:        "uq_tag_org_kind_lower_key_lower_value",
+			},
+			sql: `CREATE UNIQUE INDEX IF NOT EXISTS "uq_tag_org_kind_lower_key_lower_value" ON "tag" (org_id, kind, LOWER(key), LOWER(value))`,
+		},
 		{
 			name: "PartialUnique_1Column",
 			index: &PartialUniqueIndex{
@@ -229,6 +266,47 @@ func TestIndexEquals(t *testing.T) {
 			},
 			equals: false,
 		},
+		{
+			name: "Unique_Functional_Same",
+			a: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Expressions: []string{"LOWER(email)"},
+			},
+			b: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Expressions: []string{"LOWER(email)"},
+			},
+			equals: true,
+		},
+		{
+			name: "Unique_Functional_DifferentExpressions",
+			a: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Expressions: []string{"LOWER(email)"},
+			},
+			b: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Expressions: []string{"UPPER(email)"},
+			},
+			equals: false,
+		},
+		{
+			name: "Unique_Functional_NotEqualToPlainSameColumns",
+			a: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+				Expressions: []string{"LOWER(email)"},
+			},
+			b: &UniqueIndex{
+				TableName:   "users",
+				ColumnNames: []ColumnName{"email"},
+			},
+			equals: false,
+		},
 	}
 
 	for _, testCase := range testCases {
@@ -238,6 +316,75 @@ func TestIndexEquals(t *testing.T) {
 	}
 }
 
+func TestUniqueIndexFunctionalName(t *testing.T) {
+	t.Run("autogen uses uq_<table>_<hash>", func(t *testing.T) {
+		idx := &UniqueIndex{
+			TableName:   "tag",
+			ColumnNames: []ColumnName{"org_id", "kind", "key", "value"},
+			Expressions: []string{"org_id", "kind", "LOWER(key)", "LOWER(value)"},
+		}
+		assert.Equal(t, "uq_tag_org_id_kind_key_value_57e8f81f", idx.Name())
+	})
+
+	t.Run("same expressions produce the same name", func(t *testing.T) {
+		a := &UniqueIndex{
+			TableName:   "users",
+			Expressions: []string{"LOWER(email)"},
+		}
+		b := &UniqueIndex{
+			TableName:   "users",
+			Expressions: []string{"LOWER(email)"},
+		}
+		assert.Equal(t, a.Name(), b.Name())
+	})
+
+	t.Run("different expressions produce different names", func(t *testing.T) {
+		a := &UniqueIndex{
+			TableName:   "users",
+			Expressions: []string{"LOWER(email)"},
+		}
+		b := &UniqueIndex{
+			TableName:   "users",
+			Expressions: []string{"UPPER(email)"},
+		}
+		assert.NotEqual(t, a.Name(), b.Name())
+	})
+
+	t.Run("expressions in different order produce different names", func(t *testing.T) {
+		a := &UniqueIndex{
+			TableName:   "tag",
+			Expressions: []string{"org_id", "LOWER(key)"},
+		}
+		b := &UniqueIndex{
+			TableName:   "tag",
+			Expressions: []string{"LOWER(key)", "org_id"},
+		}
+		assert.NotEqual(t, a.Name(), b.Name())
+	})
+
+	t.Run("functional autogen differs from plain autogen for same columns", func(t *testing.T) {
+		plain := &UniqueIndex{
+			TableName:   "users",
+			ColumnNames: []ColumnName{"email"},
+		}
+		functional := &UniqueIndex{
+			TableName:   "users",
+			ColumnNames: []ColumnName{"email"},
+			Expressions: []string{"LOWER(email)"},
+		}
+		assert.Equal(t, "uq_users_email", plain.Name())
+		assert.NotEqual(t, plain.Name(), functional.Name())
+	})
+
+	t.Run("Named() override wins over hash", func(t *testing.T) {
+		idx := (&UniqueIndex{
+			TableName:   "tag",
+			Expressions: []string{"org_id", "LOWER(key)"},
+		}).Named("my_functional_index")
+		assert.Equal(t, "my_functional_index", idx.Name())
+	})
+}
+
 func TestPartialUniqueIndexName(t *testing.T) {
 	a := &PartialUniqueIndex{
 		TableName:   "users",

pkg/types/authtypes/tuple.go

@@ -47,42 +47,6 @@ func NewTuplesFromTransactions(transactions []*Transaction, subject string, orgI
 	return tuples, nil
 }
 
-// NewTuplesFromTransactionsWithCorrelations converts transactions to tuples for BatchCheck,
-// and for each transaction whose selector is not already a wildcard, generates an additional
-// tuple with the wildcard selector. This ensures that permissions granted via wildcard
-// selectors (e.g., dashboard:*) are checked alongside exact selectors (e.g., dashboard:abc-123).
-//
-// Returns:
-//   - tuples: all tuples to check (exact + correlated), keyed by transaction ID or generated correlation ID
-//   - correlations: maps transaction ID to a slice of correlation IDs for the additional tuples
-func NewTuplesFromTransactionsWithCorrelations(transactions []*Transaction, subject string, orgID valuer.UUID) (tuples map[string]*openfgav1.TupleKey, correlations map[string][]string, err error) {
-	tuples = make(map[string]*openfgav1.TupleKey)
-	correlations = make(map[string][]string)
-
-	for _, txn := range transactions {
-		resource, err := coretypes.NewResourceFromTypeAndKind(txn.Object.Resource.Type, txn.Object.Resource.Kind)
-		if err != nil {
-			return nil, nil, err
-		}
-
-		txnID := txn.ID.StringValue()
-
-		txnTuples := NewTuples(resource, subject, txn.Relation, []coretypes.Selector{txn.Object.Selector}, orgID)
-		tuples[txnID] = txnTuples[0]
-
-		if txn.Object.Selector.String() != coretypes.WildCardSelectorString {
-			wildcardSelector := txn.Object.Resource.Type.MustSelector(coretypes.WildCardSelectorString)
-			wildcardTuples := NewTuples(resource, subject, txn.Relation, []coretypes.Selector{wildcardSelector}, orgID)
-
-			correlationID := valuer.GenerateUUID().StringValue()
-			tuples[correlationID] = wildcardTuples[0]
-			correlations[txnID] = append(correlations[txnID], correlationID)
-		}
-	}
-
-	return tuples, correlations, nil
-}
-
 // NewTuplesFromTransactionsWithManagedRoles converts transactions to tuples for BatchCheck.
 // Direct role-assignment transactions (TypeRole + VerbAssignee) produce one tuple keyed by txn ID.
 // Other transactions are expanded via managedRolesByTransaction into role-assignee checks, keyed by "txnID:roleName".

pkg/types/coretypes/registry_managed_role.go

@@ -18,49 +18,46 @@ const (
 
 var ManagedRoleToTransactions = map[string][]Transaction{
 	SigNozAdminRoleName: {
-		// role attach/detach — admin can attach/detach role assignments
+		// role attach — admin can attach/detach role assignments
 		{Verb: VerbAttach, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
-		{Verb: VerbDetach, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
-		// user attach/detach — admin can attach/detach roles to any user
+		// user attach — admin can attach roles to any user
 		{Verb: VerbAttach, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
-		{Verb: VerbDetach, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
-		// serviceaccount attach/detach — admin can attach/detach roles to any SA
+		// serviceaccount attach — admin can attach roles to any SA
 		{Verb: VerbAttach, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
-		{Verb: VerbDetach, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
 		// auth-domain — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindAuthDomain}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindAuthDomain}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindAuthDomain}, WildCardSelectorString)},
 		// cloud-integration — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegration}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindCloudIntegration}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindCloudIntegration}, WildCardSelectorString)},
 		// cloud-integration-service — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindCloudIntegrationService}, WildCardSelectorString)},
 		// integration — viewer/editor/admin (install/uninstall via ViewAccess)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
 		// factor-api-key — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorAPIKey}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindFactorAPIKey}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindFactorAPIKey}, WildCardSelectorString)},
 		// factor-password — admin can issue and inspect reset tokens; users change their own password via OpenAccess
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorPassword}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorPassword}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindFactorPassword}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindFactorPassword}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindFactorPassword}, WildCardSelectorString)},
 		// license — admin only.
 		// Uniform LCRUD shape; actual ee routes are POST /api/v3/licenses (create
 		// = Activate), PUT /api/v3/licenses (update = Refresh), GET
@@ -70,8 +67,8 @@ var ManagedRoleToTransactions = map[string][]Transaction{
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLicense}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLicense}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLicense}, WildCardSelectorString)},
 		// subscription — admin only.
 		// Uniform LCRUD shape; actual ee routes are POST /api/v1/checkout
 		// (create), POST /api/v1/portal (update — opens Stripe portal), GET
@@ -81,121 +78,123 @@ var ManagedRoleToTransactions = map[string][]Transaction{
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSubscription}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSubscription}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSubscription}, WildCardSelectorString)},
 		// organization — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeOrganization, Kind: KindOrganization}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeOrganization, Kind: KindOrganization}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindOrganization}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindOrganization}, WildCardSelectorString)},
 		// org-preference — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindOrgPreference}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindOrgPreference}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindOrgPreference}, WildCardSelectorString)},
 		// public-dashboard — admin manages, anonymous reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPublicDashboard}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPublicDashboard}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPublicDashboard}, WildCardSelectorString)},
 		// role — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeRole, Kind: KindRole}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRole}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRole}, WildCardSelectorString)},
 		// serviceaccount — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeServiceAccount, Kind: KindServiceAccount}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindServiceAccount}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindServiceAccount}, WildCardSelectorString)},
 		// session — admin can revoke and list
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSession}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSession}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSession}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSession}, WildCardSelectorString)},
 		// user — admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeUser, Kind: KindUser}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUser}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUser}, WildCardSelectorString)},
 		// dashboard — full CRUD (also held by editor)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
 		// pipeline — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
 		// planned-maintenance — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		// rule — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
 		// saved-view — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
 		// trace-funnel — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		// ingestion-key — editor+admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionKey}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionKey}, WildCardSelectorString)},
 		// ingestion-limit — editor+admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionLimit}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		// notification-channel — admin writes, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindNotificationChannel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		// route-policy — admin writes, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRoutePolicy}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		// apdex-setting — admin updates, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindApdexSetting}, WildCardSelectorString)},
 		// quick-filter — admin updates, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindQuickFilter}, WildCardSelectorString)},
 		// ttl-setting — admin updates, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTTLSetting}, WildCardSelectorString)},
 		// user-preference — every authenticated user can read+update their own
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUserPreference}, WildCardSelectorString)},
 		// telemetry — read on each signal (logs/traces/metrics); schema permits read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindLogs}, WildCardSelectorString)},
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindTraces}, WildCardSelectorString)},
@@ -208,86 +207,86 @@ var ManagedRoleToTransactions = map[string][]Transaction{
 		// logs-field — editor+admin update (POST overwrites field config), viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLogsField}, WildCardSelectorString)},
 		// traces-field — editor+admin update, viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTracesField}, WildCardSelectorString)},
 	},
 	SigNozEditorRoleName: {
 		// dashboard — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
 		// pipeline — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
 		// planned-maintenance — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		// rule — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
 		// saved-view — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
 		// trace-funnel — full CRUD
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		// integration — viewer/editor/admin
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
 		// ingestion-key — editor+admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionKey}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionKey}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionKey}, WildCardSelectorString)},
 		// ingestion-limit — editor+admin only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIngestionLimit}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionLimit}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIngestionLimit}, WildCardSelectorString)},
 		// notification-channel — read only (admin writes)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		// route-policy — read only (admin writes)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		// apdex-setting — read only (admin updates)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindApdexSetting}, WildCardSelectorString)},
 		// quick-filter — read only (admin updates)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindQuickFilter}, WildCardSelectorString)},
 		// ttl-setting — read only (admin updates)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTTLSetting}, WildCardSelectorString)},
 		// user-preference — every authenticated user can read+update their own
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUserPreference}, WildCardSelectorString)},
 		// telemetry — read on each signal
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindLogs}, WildCardSelectorString)},
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindTraces}, WildCardSelectorString)},
@@ -295,66 +294,66 @@ var ManagedRoleToTransactions = map[string][]Transaction{
 		// logs-field — editor reads+updates
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLogsField}, WildCardSelectorString)},
 		// traces-field — editor reads+updates
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTracesField}, WildCardSelectorString)},
 	},
 	SigNozViewerRoleName: {
 		// dashboard — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindDashboard}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindDashboard}, WildCardSelectorString)},
 		// pipeline — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPipeline}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPipeline}, WildCardSelectorString)},
 		// planned-maintenance — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindPlannedMaintenance}, WildCardSelectorString)},
 		// rule — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRule}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRule}, WildCardSelectorString)},
 		// saved-view — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindSavedView}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindSavedView}, WildCardSelectorString)},
 		// trace-funnel — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTraceFunnel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTraceFunnel}, WildCardSelectorString)},
 		// integration — viewer/editor/admin (install/uninstall via ViewAccess)
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
 		{Verb: VerbDelete, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbCreate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindIntegration}, WildCardSelectorString)},
 		// notification-channel — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindNotificationChannel}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindNotificationChannel}, WildCardSelectorString)},
 		// route-policy — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindRoutePolicy}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindRoutePolicy}, WildCardSelectorString)},
 		// apdex-setting — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindApdexSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindApdexSetting}, WildCardSelectorString)},
 		// quick-filter — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindQuickFilter}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindQuickFilter}, WildCardSelectorString)},
 		// ttl-setting — read only
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTTLSetting}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTTLSetting}, WildCardSelectorString)},
 		// user-preference — every authenticated user can read+update their own
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
 		{Verb: VerbUpdate, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindUserPreference}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindUserPreference}, WildCardSelectorString)},
 		// telemetry — read on each signal
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindLogs}, WildCardSelectorString)},
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindTraces}, WildCardSelectorString)},
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeTelemetryResource, Kind: KindMetrics}, WildCardSelectorString)},
 		// logs-field — viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindLogsField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindLogsField}, WildCardSelectorString)},
 		// traces-field — viewer reads
 		{Verb: VerbRead, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
-		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResource, Kind: KindTracesField}, WildCardSelectorString)},
+		{Verb: VerbList, Object: *MustNewObject(ResourceRef{Type: TypeMetaResources, Kind: KindTracesField}, WildCardSelectorString)},
 	},
 	SigNozAnonymousRoleName: {
 		// public-dashboard — anonymous read

pkg/types/coretypes/registry_resource.go

@@ -6,76 +6,138 @@ var Resources = []Resource{
 	ResourceRole,
 	ResourceServiceAccount,
 	ResourceUser,
+	ResourceMetaResourcesRole,
+	ResourceMetaResourcesOrganization,
+	ResourceMetaResourcesServiceAccount,
+	ResourceMetaResourcesUser,
 	ResourceMetaResourceNotificationChannel,
+	ResourceMetaResourcesNotificationChannel,
 	ResourceMetaResourceRoutePolicy,
+	ResourceMetaResourcesRoutePolicy,
 	ResourceMetaResourceApdexSetting,
+	ResourceMetaResourcesApdexSetting,
 	ResourceMetaResourceAuthDomain,
+	ResourceMetaResourcesAuthDomain,
 	ResourceMetaResourceSession,
+	ResourceMetaResourcesSession,
 	ResourceMetaResourceCloudIntegration,
+	ResourceMetaResourcesCloudIntegration,
 	ResourceMetaResourceCloudIntegrationService,
+	ResourceMetaResourcesCloudIntegrationService,
 	ResourceMetaResourceIntegration,
+	ResourceMetaResourcesIntegration,
 	ResourceMetaResourceDashboard,
+	ResourceMetaResourcesDashboard,
 	ResourceMetaResourcePublicDashboard,
+	ResourceMetaResourcesPublicDashboard,
 	ResourceMetaResourceIngestionKey,
+	ResourceMetaResourcesIngestionKey,
 	ResourceMetaResourceIngestionLimit,
+	ResourceMetaResourcesIngestionLimit,
 	ResourceMetaResourcePipeline,
+	ResourceMetaResourcesPipeline,
 	ResourceMetaResourceUserPreference,
+	ResourceMetaResourcesUserPreference,
 	ResourceMetaResourceOrgPreference,
+	ResourceMetaResourcesOrgPreference,
 	ResourceMetaResourceQuickFilter,
+	ResourceMetaResourcesQuickFilter,
 	ResourceMetaResourceTTLSetting,
+	ResourceMetaResourcesTTLSetting,
 	ResourceMetaResourceRule,
+	ResourceMetaResourcesRule,
 	ResourceMetaResourcePlannedMaintenance,
+	ResourceMetaResourcesPlannedMaintenance,
 	ResourceMetaResourceSavedView,
+	ResourceMetaResourcesSavedView,
 	ResourceMetaResourceTraceFunnel,
+	ResourceMetaResourcesTraceFunnel,
 	ResourceMetaResourceFactorPassword,
+	ResourceMetaResourcesFactorPassword,
 	ResourceMetaResourceFactorAPIKey,
+	ResourceMetaResourcesFactorAPIKey,
 	ResourceMetaResourceLicense,
+	ResourceMetaResourcesLicense,
 	ResourceMetaResourceSubscription,
+	ResourceMetaResourcesSubscription,
 	ResourceTelemetryResourceLogs,
 	ResourceTelemetryResourceTraces,
 	ResourceTelemetryResourceMetrics,
 	ResourceTelemetryResourceAuditLogs,
 	ResourceTelemetryResourceMeterMetrics,
 	ResourceMetaResourceLogsField,
+	ResourceMetaResourcesLogsField,
 	ResourceMetaResourceTracesField,
+	ResourceMetaResourcesTracesField,
 }
 
 var (
-	ResourceAnonymous                           Resource = NewResourceAnonymous()
-	ResourceOrganization                                 = NewResourceOrganization()
-	ResourceRole                                         = NewResourceRole()
-	ResourceServiceAccount                               = NewResourceServiceAccount()
-	ResourceUser                                         = NewResourceUser()
-	ResourceMetaResourceNotificationChannel              = NewResourceMetaResource(KindNotificationChannel)
-	ResourceMetaResourceRoutePolicy                      = NewResourceMetaResource(KindRoutePolicy)
-	ResourceMetaResourceApdexSetting                     = NewResourceMetaResource(KindApdexSetting)
-	ResourceMetaResourceAuthDomain                       = NewResourceMetaResource(KindAuthDomain)
-	ResourceMetaResourceSession                          = NewResourceMetaResource(KindSession)
-	ResourceMetaResourceCloudIntegration                 = NewResourceMetaResource(KindCloudIntegration)
-	ResourceMetaResourceCloudIntegrationService          = NewResourceMetaResource(KindCloudIntegrationService)
-	ResourceMetaResourceIntegration                      = NewResourceMetaResource(KindIntegration)
-	ResourceMetaResourceDashboard                        = NewResourceMetaResource(KindDashboard)
-	ResourceMetaResourcePublicDashboard                  = NewResourceMetaResource(KindPublicDashboard)
-	ResourceMetaResourceIngestionKey                     = NewResourceMetaResource(KindIngestionKey)
-	ResourceMetaResourceIngestionLimit                   = NewResourceMetaResource(KindIngestionLimit)
-	ResourceMetaResourcePipeline                         = NewResourceMetaResource(KindPipeline)
-	ResourceMetaResourceUserPreference                   = NewResourceMetaResource(KindUserPreference)
-	ResourceMetaResourceOrgPreference                    = NewResourceMetaResource(KindOrgPreference)
-	ResourceMetaResourceQuickFilter                      = NewResourceMetaResource(KindQuickFilter)
-	ResourceMetaResourceTTLSetting                       = NewResourceMetaResource(KindTTLSetting)
-	ResourceMetaResourceRule                             = NewResourceMetaResource(KindRule)
-	ResourceMetaResourcePlannedMaintenance               = NewResourceMetaResource(KindPlannedMaintenance)
-	ResourceMetaResourceSavedView                        = NewResourceMetaResource(KindSavedView)
-	ResourceMetaResourceTraceFunnel                      = NewResourceMetaResource(KindTraceFunnel)
-	ResourceMetaResourceFactorPassword                   = NewResourceMetaResource(KindFactorPassword)
-	ResourceMetaResourceFactorAPIKey                     = NewResourceMetaResource(KindFactorAPIKey)
-	ResourceMetaResourceLicense                          = NewResourceMetaResource(KindLicense)
-	ResourceMetaResourceSubscription                     = NewResourceMetaResource(KindSubscription)
-	ResourceTelemetryResourceLogs                        = NewResourceTelemetryResource(KindLogs)
-	ResourceTelemetryResourceTraces                      = NewResourceTelemetryResource(KindTraces)
-	ResourceTelemetryResourceMetrics                     = NewResourceTelemetryResource(KindMetrics)
-	ResourceTelemetryResourceAuditLogs                   = NewResourceTelemetryResource(KindAuditLogs)
-	ResourceTelemetryResourceMeterMetrics                = NewResourceTelemetryResource(KindMeterMetrics)
-	ResourceMetaResourceLogsField                        = NewResourceMetaResource(KindLogsField)
-	ResourceMetaResourceTracesField                      = NewResourceMetaResource(KindTracesField)
+	ResourceAnonymous                            Resource = NewResourceAnonymous()
+	ResourceOrganization                                  = NewResourceOrganization()
+	ResourceRole                                          = NewResourceRole()
+	ResourceServiceAccount                                = NewResourceServiceAccount()
+	ResourceUser                                          = NewResourceUser()
+	ResourceMetaResourcesRole                             = NewResourceMetaResources(KindRole)
+	ResourceMetaResourcesOrganization                     = NewResourceMetaResources(KindOrganization)
+	ResourceMetaResourcesServiceAccount                   = NewResourceMetaResources(KindServiceAccount)
+	ResourceMetaResourcesUser                             = NewResourceMetaResources(KindUser)
+	ResourceMetaResourceNotificationChannel               = NewResourceMetaResource(KindNotificationChannel)
+	ResourceMetaResourcesNotificationChannel              = NewResourceMetaResources(KindNotificationChannel)
+	ResourceMetaResourceRoutePolicy                       = NewResourceMetaResource(KindRoutePolicy)
+	ResourceMetaResourcesRoutePolicy                      = NewResourceMetaResources(KindRoutePolicy)
+	ResourceMetaResourceApdexSetting                      = NewResourceMetaResource(KindApdexSetting)
+	ResourceMetaResourcesApdexSetting                     = NewResourceMetaResources(KindApdexSetting)
+	ResourceMetaResourceAuthDomain                        = NewResourceMetaResource(KindAuthDomain)
+	ResourceMetaResourcesAuthDomain                       = NewResourceMetaResources(KindAuthDomain)
+	ResourceMetaResourceSession                           = NewResourceMetaResource(KindSession)
+	ResourceMetaResourcesSession                          = NewResourceMetaResources(KindSession)
+	ResourceMetaResourceCloudIntegration                  = NewResourceMetaResource(KindCloudIntegration)
+	ResourceMetaResourcesCloudIntegration                 = NewResourceMetaResources(KindCloudIntegration)
+	ResourceMetaResourceCloudIntegrationService           = NewResourceMetaResource(KindCloudIntegrationService)
+	ResourceMetaResourcesCloudIntegrationService          = NewResourceMetaResources(KindCloudIntegrationService)
+	ResourceMetaResourceIntegration                       = NewResourceMetaResource(KindIntegration)
+	ResourceMetaResourcesIntegration                      = NewResourceMetaResources(KindIntegration)
+	ResourceMetaResourceDashboard                         = NewResourceMetaResource(KindDashboard)
+	ResourceMetaResourcesDashboard                        = NewResourceMetaResources(KindDashboard)
+	ResourceMetaResourcePublicDashboard                   = NewResourceMetaResource(KindPublicDashboard)
+	ResourceMetaResourcesPublicDashboard                  = NewResourceMetaResources(KindPublicDashboard)
+	ResourceMetaResourceIngestionKey                      = NewResourceMetaResource(KindIngestionKey)
+	ResourceMetaResourcesIngestionKey                     = NewResourceMetaResources(KindIngestionKey)
+	ResourceMetaResourceIngestionLimit                    = NewResourceMetaResource(KindIngestionLimit)
+	ResourceMetaResourcesIngestionLimit                   = NewResourceMetaResources(KindIngestionLimit)
+	ResourceMetaResourcePipeline                          = NewResourceMetaResource(KindPipeline)
+	ResourceMetaResourcesPipeline                         = NewResourceMetaResources(KindPipeline)
+	ResourceMetaResourceUserPreference                    = NewResourceMetaResource(KindUserPreference)
+	ResourceMetaResourcesUserPreference                   = NewResourceMetaResources(KindUserPreference)
+	ResourceMetaResourceOrgPreference                     = NewResourceMetaResource(KindOrgPreference)
+	ResourceMetaResourcesOrgPreference                    = NewResourceMetaResources(KindOrgPreference)
+	ResourceMetaResourceQuickFilter                       = NewResourceMetaResource(KindQuickFilter)
+	ResourceMetaResourcesQuickFilter                      = NewResourceMetaResources(KindQuickFilter)
+	ResourceMetaResourceTTLSetting                        = NewResourceMetaResource(KindTTLSetting)
+	ResourceMetaResourcesTTLSetting                       = NewResourceMetaResources(KindTTLSetting)
+	ResourceMetaResourceRule                              = NewResourceMetaResource(KindRule)
+	ResourceMetaResourcesRule                             = NewResourceMetaResources(KindRule)
+	ResourceMetaResourcePlannedMaintenance                = NewResourceMetaResource(KindPlannedMaintenance)
+	ResourceMetaResourcesPlannedMaintenance               = NewResourceMetaResources(KindPlannedMaintenance)
+	ResourceMetaResourceSavedView                         = NewResourceMetaResource(KindSavedView)
+	ResourceMetaResourcesSavedView                        = NewResourceMetaResources(KindSavedView)
+	ResourceMetaResourceTraceFunnel                       = NewResourceMetaResource(KindTraceFunnel)
+	ResourceMetaResourcesTraceFunnel                      = NewResourceMetaResources(KindTraceFunnel)
+	ResourceMetaResourceFactorPassword                    = NewResourceMetaResource(KindFactorPassword)
+	ResourceMetaResourcesFactorPassword                   = NewResourceMetaResources(KindFactorPassword)
+	ResourceMetaResourceFactorAPIKey                      = NewResourceMetaResource(KindFactorAPIKey)
+	ResourceMetaResourcesFactorAPIKey                     = NewResourceMetaResources(KindFactorAPIKey)
+	ResourceMetaResourceLicense                           = NewResourceMetaResource(KindLicense)
+	ResourceMetaResourcesLicense                          = NewResourceMetaResources(KindLicense)
+	ResourceMetaResourceSubscription                      = NewResourceMetaResource(KindSubscription)
+	ResourceMetaResourcesSubscription                     = NewResourceMetaResources(KindSubscription)
+	ResourceTelemetryResourceLogs                         = NewResourceTelemetryResource(KindLogs)
+	ResourceTelemetryResourceTraces                       = NewResourceTelemetryResource(KindTraces)
+	ResourceTelemetryResourceMetrics                      = NewResourceTelemetryResource(KindMetrics)
+	ResourceTelemetryResourceAuditLogs                    = NewResourceTelemetryResource(KindAuditLogs)
+	ResourceTelemetryResourceMeterMetrics                 = NewResourceTelemetryResource(KindMeterMetrics)
+	ResourceMetaResourceLogsField                         = NewResourceMetaResource(KindLogsField)
+	ResourceMetaResourcesLogsField                        = NewResourceMetaResources(KindLogsField)
+	ResourceMetaResourceTracesField                       = NewResourceMetaResource(KindTracesField)
+	ResourceMetaResourcesTracesField                      = NewResourceMetaResources(KindTracesField)
 )

pkg/types/coretypes/registry_type.go

@@ -13,15 +13,17 @@ var Types = []Type{
 	TypeRole,
 	TypeOrganization,
 	TypeMetaResource,
+	TypeMetaResources,
 	TypeTelemetryResource,
 }
 
 var (
-	TypeUser              = Type{valuer.NewString("user"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbCreate, VerbList, VerbRead, VerbUpdate, VerbDelete, VerbAttach, VerbDetach}}
-	TypeServiceAccount    = Type{valuer.NewString("serviceaccount"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbCreate, VerbList, VerbRead, VerbUpdate, VerbDelete, VerbAttach, VerbDetach}}
+	TypeUser              = Type{valuer.NewString("user"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbAttach, VerbRead, VerbUpdate, VerbDelete}}
+	TypeServiceAccount    = Type{valuer.NewString("serviceaccount"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbAttach, VerbRead, VerbUpdate, VerbDelete}}
 	TypeAnonymous         = Type{valuer.NewString("anonymous"), regexp.MustCompile(`^\*$`), []Verb{}}
-	TypeRole              = Type{valuer.NewString("role"), regexp.MustCompile(`^([a-z-]{1,50}|\*)$`), []Verb{VerbAssignee, VerbCreate, VerbList, VerbRead, VerbUpdate, VerbDelete, VerbAttach, VerbDetach}}
+	TypeRole              = Type{valuer.NewString("role"), regexp.MustCompile(`^([a-z-]{1,50}|\*)$`), []Verb{VerbAssignee, VerbAttach, VerbRead, VerbUpdate, VerbDelete}}
 	TypeOrganization      = Type{valuer.NewString("organization"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbRead, VerbUpdate, VerbDelete}}
-	TypeMetaResource      = Type{valuer.NewString("metaresource"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbCreate, VerbList, VerbRead, VerbUpdate, VerbDelete, VerbAttach, VerbDetach}}
+	TypeMetaResource      = Type{valuer.NewString("metaresource"), regexp.MustCompile(`^(^[0-9a-f]{8}(?:\-[0-9a-f]{4}){3}-[0-9a-f]{12}$|\*)$`), []Verb{VerbRead, VerbUpdate, VerbDelete}}
+	TypeMetaResources     = Type{valuer.NewString("metaresources"), regexp.MustCompile(`^\*$`), []Verb{VerbCreate, VerbList}}
 	TypeTelemetryResource = Type{valuer.NewString("telemetryresource"), regexp.MustCompile(`^\*$`), []Verb{VerbRead}}
 )

pkg/types/coretypes/registry_verb.go

@@ -10,7 +10,6 @@ var Verbs = []Verb{
 	VerbList,
 	VerbAssignee,
 	VerbAttach,
-	VerbDetach,
 }
 
 var (
@@ -21,5 +20,4 @@ var (
 	VerbList     = Verb{valuer.NewString("list"), "listed"}
 	VerbAssignee = Verb{valuer.NewString("assignee"), "assigned"}
 	VerbAttach   = Verb{valuer.NewString("attach"), "attached"}
-	VerbDetach   = Verb{valuer.NewString("detach"), "detached"}
 )

pkg/types/coretypes/resource_metaresources.go

@@ -0,0 +1,34 @@
+package coretypes
+
+import (
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type resourceMetaResources struct {
+	kind Kind
+}
+
+func NewResourceMetaResources(kind Kind) Resource {
+	return &resourceMetaResources{kind: kind}
+}
+
+func (*resourceMetaResources) Type() Type {
+	return TypeMetaResources
+}
+
+func (resourceMetaResources *resourceMetaResources) Kind() Kind {
+	return resourceMetaResources.kind
+}
+
+// example: metaresources:organization/0199c47d-f61b-7833-bc5f-c0730f12f046/dashboards
+func (resourceMetaResources *resourceMetaResources) Prefix(orgID valuer.UUID) string {
+	return resourceMetaResources.Type().StringValue() + ":" + "organization" + "/" + orgID.StringValue() + "/" + resourceMetaResources.Kind().String()
+}
+
+func (resourceMetaResources *resourceMetaResources) Object(orgID valuer.UUID, selector string) string {
+	return resourceMetaResources.Prefix(orgID) + "/" + selector
+}
+
+func (resourceMetaResources *resourceMetaResources) Scope(verb Verb) string {
+	return resourceMetaResources.Kind().String() + ":" + verb.StringValue()
+}

pkg/types/coretypes/type.go

@@ -33,8 +33,8 @@ func NewType(input string) (Type, error) {
 		return TypeOrganization, nil
 	case "metaresource":
 		return TypeMetaResource, nil
-	case "telemetryresource":
-		return TypeTelemetryResource, nil
+	case "metaresources":
+		return TypeMetaResources, nil
 	default:
 		return Type{}, errors.Newf(errors.TypeInvalidInput, ErrCodeInvalidType, "invalid type: %s", input)
 	}
@@ -80,7 +80,7 @@ func (typed Type) Enum() []any {
 		TypeRole,
 		TypeOrganization,
 		TypeMetaResource,
-		TypeTelemetryResource,
+		TypeMetaResources,
 	}
 }