Merge branch 'main' into issue-5004

docs/api/openapi.yml

@@ -2342,6 +2342,8 @@ components:
           type: boolean
         org_id:
           type: string
+        source:
+          $ref: '#/components/schemas/DashboardtypesSource'
         updatedAt:
           format: date-time
           type: string
@@ -2371,6 +2373,12 @@ components:
         timeRangeEnabled:
           type: boolean
       type: object
+    DashboardtypesSource:
+      enum:
+      - user
+      - system
+      - integration
+      type: string
     DashboardtypesStorableDashboardData:
       additionalProperties: {}
       type: object

ee/modules/dashboard/impldashboard/module.go

@@ -49,6 +49,14 @@ func (module *module) CreatePublic(ctx context.Context, orgID valuer.UUID, publi
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}
 
+	dashboard, err := module.Get(ctx, orgID, publicDashboard.DashboardID)
+	if err != nil {
+		return err
+	}
+	if err := dashboard.ErrIfNotPublishable(); err != nil {
+		return err
+	}
+
 	storablePublicDashboard, err := module.store.GetPublic(ctx, publicDashboard.DashboardID.StringValue())
 	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
 		return err
@@ -129,6 +137,14 @@ func (module *module) UpdatePublic(ctx context.Context, orgID valuer.UUID, publi
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}
 
+	dashboard, err := module.Get(ctx, orgID, publicDashboard.DashboardID)
+	if err != nil {
+		return err
+	}
+	if err := dashboard.ErrIfNotPublishable(); err != nil {
+		return err
+	}
+
 	return module.store.UpdatePublic(ctx, dashboardtypes.NewStorablePublicDashboardFromPublicDashboard(publicDashboard))
 }
 
@@ -138,6 +154,10 @@ func (module *module) Delete(ctx context.Context, orgID valuer.UUID, id valuer.U
 		return err
 	}
 
+	if err := dashboard.ErrIfNotDeletable(); err != nil {
+		return err
+	}
+
 	if dashboard.Locked {
 		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "dashboard is locked, please unlock the dashboard to be delete it")
 	}
@@ -168,6 +188,14 @@ func (module *module) DeletePublic(ctx context.Context, orgID valuer.UUID, dashb
 		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
 	}
 
+	dashboard, err := module.Get(ctx, orgID, dashboardID)
+	if err != nil {
+		return err
+	}
+	if err := dashboard.ErrIfNotPublishable(); err != nil {
+		return err
+	}
+
 	err = module.store.DeletePublic(ctx, dashboardID.StringValue())
 	if err != nil {
 		return err

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -2999,6 +2999,11 @@ export interface CoretypesPatchableObjectsDTO {
 	deletions: CoretypesObjectGroupDTO[] | null;
 }
 
+export enum DashboardtypesSourceDTO {
+	user = 'user',
+	system = 'system',
+	integration = 'integration',
+}
 export interface DashboardtypesDashboardDTO {
 	/**
 	 * @type string
@@ -3022,6 +3027,7 @@ export interface DashboardtypesDashboardDTO {
 	 * @type string
 	 */
 	org_id?: string;
+	source?: DashboardtypesSourceDTO;
 	/**
 	 * @type string
 	 * @format date-time

go.mod

@@ -11,7 +11,6 @@ require (
 	github.com/SigNoz/signoz-otel-collector v0.144.3
 	github.com/antlr4-go/antlr/v4 v4.13.1
 	github.com/antonmedv/expr v1.15.3
-	github.com/bytedance/sonic v1.14.1
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/coreos/go-oidc/v3 v3.17.0
 	github.com/dgraph-io/ristretto/v2 v2.3.0
@@ -113,6 +112,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/sts v1.41.9 // indirect
 	github.com/aws/smithy-go v1.24.2 // indirect
 	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.14.1 // indirect
 	github.com/bytedance/sonic/loader v0.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/emersion/go-sasl v0.0.0-20241020182733-b788ff22d5a6 // indirect

pkg/modules/dashboard/impldashboard/module.go

@@ -38,7 +38,7 @@ func NewModule(store dashboardtypes.Store, settings factory.ProviderSettings, an
 }
 
 func (module *module) Create(ctx context.Context, orgID valuer.UUID, createdBy string, creator valuer.UUID, postableDashboard dashboardtypes.PostableDashboard) (*dashboardtypes.Dashboard, error) {
-	dashboard, err := dashboardtypes.NewDashboard(orgID, createdBy, postableDashboard)
+	dashboard, err := dashboardtypes.NewDashboard(orgID, createdBy, dashboardtypes.SourceUser, postableDashboard)
 	if err != nil {
 		return nil, err
 	}
@@ -72,7 +72,16 @@ func (module *module) List(ctx context.Context, orgID valuer.UUID) ([]*dashboard
 		return nil, err
 	}
 
-	return dashboardtypes.NewDashboardsFromStorableDashboards(storableDashboards), nil
+	// system dashboards are hidden from the listing endpoint but still gettable by id.
+	filtered := make([]*dashboardtypes.StorableDashboard, 0, len(storableDashboards))
+	for _, storable := range storableDashboards {
+		if storable.Source == dashboardtypes.SourceSystem {
+			continue
+		}
+		filtered = append(filtered, storable)
+	}
+
+	return dashboardtypes.NewDashboardsFromStorableDashboards(filtered), nil
 }
 
 func (module *module) Update(ctx context.Context, orgID valuer.UUID, id valuer.UUID, updatedBy string, updatableDashboard dashboardtypes.UpdatableDashboard, diff int) (*dashboardtypes.Dashboard, error) {
@@ -81,6 +90,10 @@ func (module *module) Update(ctx context.Context, orgID valuer.UUID, id valuer.U
 		return nil, err
 	}
 
+	if err := dashboard.ErrIfNotMutable(); err != nil {
+		return nil, err
+	}
+
 	err = dashboard.Update(ctx, updatableDashboard, updatedBy, diff)
 	if err != nil {
 		return nil, err
@@ -105,6 +118,10 @@ func (module *module) LockUnlock(ctx context.Context, orgID valuer.UUID, id valu
 		return err
 	}
 
+	if err := dashboard.ErrIfNotLockable(); err != nil {
+		return err
+	}
+
 	err = dashboard.LockUnlock(lock, isAdmin, updatedBy)
 	if err != nil {
 		return err
@@ -128,6 +145,10 @@ func (module *module) Delete(ctx context.Context, orgID valuer.UUID, id valuer.U
 		return err
 	}
 
+	if err := dashboard.ErrIfNotDeletable(); err != nil {
+		return err
+	}
+
 	if dashboard.Locked {
 		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "dashboard is locked, please unlock the dashboard to be delete it")
 	}

pkg/querier/consume.go

@@ -12,10 +12,8 @@ import (
 	"time"
 
 	"github.com/ClickHouse/clickhouse-go/v2/lib/driver"
-	"github.com/SigNoz/signoz/pkg/errors"
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
-	"github.com/bytedance/sonic"
 )
 
 var (
@@ -24,8 +22,6 @@ var (
 	// written clickhouse query. The column alias indcate which value is
 	// to be considered as final result (or target).
 	legacyReservedColumnTargetAliases = []string{"__result", "__value", "result", "res", "value"}
-
-	CodeFailUnmarshalJSONColumn = errors.MustNewCode("fail_unmarshal_json_column")
 )
 
 // consume reads every row and shapes it into the payload expected for the
@@ -397,16 +393,11 @@ func readAsRaw(rows driver.Rows, queryName string) (*qbtypes.RawData, error) {
 
 			// de-reference the typed pointer to any
 			val := reflect.ValueOf(cellPtr).Elem().Interface()
-			// Post-process JSON columns: unmarshal bytes into map[string]any
+			// Post-process JSON columns: normalize into String value
 			if strings.HasPrefix(strings.ToUpper(colTypes[i].DatabaseTypeName()), "JSON") {
 				switch x := val.(type) {
 				case []byte:
-					var m map[string]any
-					err := sonic.Unmarshal(x, &m)
-					if err != nil {
-						return nil, errors.WrapInternalf(err, CodeFailUnmarshalJSONColumn, "failed to unmarshal JSON column %s", name)
-					}
-					val = m
+					val = string(x)
 				default:
 					// already a structured type (map[string]any, []any, etc.)
 				}

pkg/querier/postprocess.go

@@ -12,12 +12,9 @@ import (
 	"github.com/SigNoz/govaluate"
 
 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/flagger"
-	"github.com/SigNoz/signoz/pkg/types/featuretypes"
 	"github.com/SigNoz/signoz/pkg/querybuilder"
 	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 )
 
 // queryInfo holds common query properties.
@@ -53,7 +50,7 @@ func getQueryName(spec any) string {
 	return getqueryInfo(spec).Name
 }
 
-func (q *querier) postProcessResults(ctx context.Context, orgID valuer.UUID, results map[string]any, req *qbtypes.QueryRangeRequest) (map[string]any, error) {
+func (q *querier) postProcessResults(ctx context.Context, results map[string]any, req *qbtypes.QueryRangeRequest) (map[string]any, error) {
 	// Convert results to typed format for processing
 	typedResults := make(map[string]*qbtypes.Result)
 	for name, result := range results {
@@ -72,7 +69,6 @@ func (q *querier) postProcessResults(ctx context.Context, orgID valuer.UUID, res
 		case qbtypes.QueryBuilderQuery[qbtypes.LogAggregation]:
 			if result, ok := typedResults[spec.Name]; ok {
 				result = postProcessBuilderQuery(q, result, spec, req)
-				result = q.postProcessLogBody(ctx, orgID, result, req)
 				typedResults[spec.Name] = result
 			}
 		case qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]:
@@ -1050,33 +1046,3 @@ func (q *querier) calculateFormulaStep(expression string, req *qbtypes.QueryRang
 
 	return result
 }
-
-// postProcessLogBody removes the "message" key from the body map when it is empty.
-// Only runs for raw list queries with the use_json_body feature enabled.
-func (q *querier) postProcessLogBody(ctx context.Context, orgID valuer.UUID, result *qbtypes.Result, req *qbtypes.QueryRangeRequest) *qbtypes.Result {
-	if req.RequestType != qbtypes.RequestTypeRaw {
-		return result
-	}
-	if !q.fl.BooleanOrEmpty(ctx, flagger.FeatureUseJSONBody, featuretypes.NewFlaggerEvaluationContext(orgID)) {
-		return result
-	}
-	rawData, ok := result.Value.(*qbtypes.RawData)
-	if !ok {
-		return result
-	}
-	for _, row := range rawData.Rows {
-		bodyMap, ok := row.Data["body"].(map[string]any)
-		if !ok {
-			continue
-		}
-		if msg, exists := bodyMap["message"]; exists {
-			switch v := msg.(type) {
-			case string:
-				if v == "" {
-					delete(bodyMap, "message")
-				}
-			}
-		}
-	}
-	return result
-}

pkg/querier/querier.go

@@ -16,7 +16,6 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/query-service/utils"
 	"github.com/SigNoz/signoz/pkg/querybuilder"
@@ -36,7 +35,6 @@ var (
 
 type querier struct {
 	logger                   *slog.Logger
-	fl                       flagger.Flagger
 	telemetryStore           telemetrystore.TelemetryStore
 	metadataStore            telemetrytypes.MetadataStore
 	promEngine               prometheus.Prometheus
@@ -64,12 +62,10 @@ func New(
 	meterStmtBuilder qbtypes.StatementBuilder[qbtypes.MetricAggregation],
 	traceOperatorStmtBuilder qbtypes.TraceOperatorStatementBuilder,
 	bucketCache BucketCache,
-	flagger flagger.Flagger,
 ) *querier {
 	querierSettings := factory.NewScopedProviderSettings(settings, "github.com/SigNoz/signoz/pkg/querier")
 	return &querier{
 		logger:                   querierSettings.Logger(),
-		fl:                       flagger,
 		telemetryStore:           telemetryStore,
 		metadataStore:            metadataStore,
 		promEngine:               promEngine,
@@ -688,7 +684,7 @@ func (q *querier) run(
 	}
 
 	gomaps.Copy(results, preseededResults)
-	processedResults, err := q.postProcessResults(ctx, orgID, results, req)
+	processedResults, err := q.postProcessResults(ctx, results, req)
 	if err != nil {
 		return nil, err
 	}

pkg/querier/querier_test.go

@@ -7,7 +7,6 @@ import (
 
 	cmock "github.com/srikanthccv/ClickHouse-go-mock"
 
-	"github.com/SigNoz/signoz/pkg/flagger/flaggertest"
 	"github.com/SigNoz/signoz/pkg/instrumentation/instrumentationtest"
 	"github.com/SigNoz/signoz/pkg/telemetrystore"
 	"github.com/SigNoz/signoz/pkg/telemetrystore/telemetrystoretest"
@@ -45,15 +44,14 @@ func TestQueryRange_MetricTypeMissing(t *testing.T) {
 		providerSettings,
 		nil, // telemetryStore
 		metadataStore,
-		nil,                // prometheus
-		nil,                // traceStmtBuilder
-		nil,                // logStmtBuilder
-		nil,                // auditStmtBuilder
-		nil,                // metricStmtBuilder
-		nil,                // meterStmtBuilder
-		nil,                // traceOperatorStmtBuilder
-		nil,                // bucketCache
-		flaggertest.New(t), // flagger
+		nil, // prometheus
+		nil, // traceStmtBuilder
+		nil, // logStmtBuilder
+		nil, // auditStmtBuilder
+		nil, // metricStmtBuilder
+		nil, // meterStmtBuilder
+		nil, // traceOperatorStmtBuilder
+		nil, // bucketCache
 	)
 
 	req := &qbtypes.QueryRangeRequest{
@@ -118,7 +116,6 @@ func TestQueryRange_MetricTypeFromStore(t *testing.T) {
 		nil,                      // meterStmtBuilder
 		nil,                      // traceOperatorStmtBuilder
 		nil,                      // bucketCache
-		flaggertest.New(t),       // flagger
 	)
 
 	req := &qbtypes.QueryRangeRequest{

pkg/querier/signozquerier/provider.go

@@ -186,6 +186,5 @@ func newProvider(
 		meterStmtBuilder,
 		traceOperatorStmtBuilder,
 		bucketCache,
-		flagger,
 	), nil
 }

pkg/query-service/app/integrations/manager.go

@@ -348,7 +348,8 @@ func (m *Manager) GetInstalledIntegrationDashboardById(
 						CreatedBy: author,
 						UpdatedBy: author,
 					},
-					OrgID: orgId,
+					OrgID:  orgId,
+					Source: dashboardtypes.SourceIntegration,
 				}, nil
 			}
 		}
@@ -387,7 +388,8 @@ func (m *Manager) GetDashboardsForInstalledIntegrations(
 							CreatedBy: author,
 							UpdatedBy: author,
 						},
-						OrgID: orgId,
+						OrgID:  orgId,
+						Source: dashboardtypes.SourceIntegration,
 					})
 				}
 			}

pkg/query-service/rules/setups_test.go

@@ -53,7 +53,6 @@ func prepareQuerierForMetrics(t *testing.T, telemetryStore telemetrystore.Teleme
 		nil, // meterStmtBuilder
 		nil, // traceOperatorStmtBuilder
 		nil, // bucketCache
-		flagger,
 	), metadataStore
 }
 
@@ -103,7 +102,6 @@ func prepareQuerierForLogs(t *testing.T, telemetryStore telemetrystore.Telemetry
 		nil,            // meterStmtBuilder
 		nil,            // traceOperatorStmtBuilder
 		nil,            // bucketCache
-		fl,
 	)
 }
 
@@ -148,6 +146,5 @@ func prepareQuerierForTraces(t *testing.T, telemetryStore telemetrystore.Telemet
 		nil,              // meterStmtBuilder
 		nil,              // traceOperatorStmtBuilder
 		nil,              // bucketCache
-		fl,
 	)
 }

pkg/signoz/provider.go

@@ -204,6 +204,7 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewAddTagsFactory(sqlstore, sqlschema),
 		sqlmigration.NewAddRoleCRUDTuplesFactory(sqlstore),
 		sqlmigration.NewAddIntegrationDashboardFactory(sqlstore, sqlschema),
+		sqlmigration.NewAddSourceToDashboardFactory(sqlstore, sqlschema),
 	)
 }
 

pkg/sqlmigration/085_add_source_to_dashboard.go

@@ -0,0 +1,79 @@
+package sqlmigration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addSourceToDashboard struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewAddSourceToDashboardFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(
+		factory.MustNewName("add_source_to_dashboard"),
+		func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+			return &addSourceToDashboard{sqlstore: sqlstore, sqlschema: sqlschema}, nil
+		},
+	)
+}
+
+func (migration *addSourceToDashboard) Register(migrations *migrate.Migrations) error {
+	return migrations.Register(migration.Up, migration.Down)
+}
+
+func (migration *addSourceToDashboard) Up(ctx context.Context, db *bun.DB) error {
+	// dashboard is referenced by public_dashboard and integration_dashboard;
+	// FK enforcement must be off for the SQLite recreate-table fallback.
+	if err := migration.sqlschema.ToggleFKEnforcement(ctx, db, false); err != nil {
+		return err
+	}
+
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	table, uniqueConstraints, err := migration.sqlschema.GetTable(ctx, sqlschema.TableName("dashboard"))
+	if err != nil {
+		return err
+	}
+
+	sourceColumn := &sqlschema.Column{
+		Name:     sqlschema.ColumnName("source"),
+		DataType: sqlschema.DataTypeText,
+		Nullable: false,
+	}
+
+	// backfill existing rows with 'user' before the NOT NULL flip.
+	sqls := migration.sqlschema.Operator().AddColumn(table, uniqueConstraints, sourceColumn, "user")
+
+	for _, sql := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	if err := tx.Commit(); err != nil {
+		return err
+	}
+
+	if err := migration.sqlschema.ToggleFKEnforcement(ctx, db, true); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (migration *addSourceToDashboard) Down(context.Context, *bun.DB) error {
+	return nil
+}

pkg/types/cloudintegrationtypes/service.go

@@ -366,6 +366,7 @@ func GetDashboardsFromAssets(
 				CreatedBy: author,
 				UpdatedBy: author,
 			},
+			Source: dashboardtypes.SourceIntegration,
 		})
 	}
 

pkg/types/dashboardtypes/dashboard.go

@@ -2,8 +2,10 @@ package dashboardtypes
 
 import (
 	"context"
+	"database/sql/driver"
 	"encoding/json"
 	"log/slog"
+	"slices"
 	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -19,8 +21,66 @@ var (
 	ErrCodeDashboardNotFound           = errors.MustNewCode("dashboard_not_found")
 	ErrCodeDashboardInvalidData        = errors.MustNewCode("dashboard_invalid_data")
 	ErrCodeDashboardInvalidWidgetQuery = errors.MustNewCode("dashboard_invalid_widget_query")
+	ErrCodeDashboardInvalidSource      = errors.MustNewCode("dashboard_invalid_source")
+	ErrCodeDashboardImmutable          = errors.MustNewCode("dashboard_immutable")
 )
 
+type Source struct {
+	valuer.String
+}
+
+var (
+	SourceUser        = Source{valuer.NewString("user")}
+	SourceSystem      = Source{valuer.NewString("system")}
+	SourceIntegration = Source{valuer.NewString("integration")}
+)
+
+func (Source) Enum() []any {
+	return []any{SourceUser, SourceSystem, SourceIntegration}
+}
+
+func (s Source) IsValid() bool {
+	return slices.ContainsFunc(s.Enum(), func(v any) bool { return v == s })
+}
+
+// Value rejects anything outside the enum so unknown values can't be written.
+func (s Source) Value() (driver.Value, error) {
+	if !s.IsValid() {
+		return nil, errors.Newf(errors.TypeInvalidInput, ErrCodeDashboardInvalidSource, "invalid dashboard source %q, must be one of user, system, integration", s.StringValue())
+	}
+	return s.StringValue(), nil
+}
+
+// Scan is lenient on read; deliberate choice to not break
+// reads. Strictness lives in Value.
+func (s *Source) Scan(src any) error {
+	if src == nil {
+		return errors.Newf(errors.TypeInternal, errors.CodeInternal, "dashboard source: cannot scan nil")
+	}
+
+	var val string
+	switch v := src.(type) {
+	case string:
+		val = v
+	case []byte:
+		val = string(v)
+	default:
+		return errors.Newf(errors.TypeInternal, errors.CodeInternal, "dashboard source: cannot scan %T", src)
+	}
+
+	*s = Source{valuer.NewString(val)}
+	return nil
+}
+
+// NewSource validates a caller-supplied source string.
+func NewSource(source string) (Source, error) {
+	candidate := Source{valuer.NewString(source)}
+	if !candidate.IsValid() {
+		return Source{}, errors.Newf(errors.TypeInvalidInput, ErrCodeDashboardInvalidSource, "invalid dashboard source %q, must be one of user, system, integration", source)
+	}
+	return candidate, nil
+}
+
 type StorableDashboard struct {
 	bun.BaseModel `bun:"table:dashboard,alias:dashboard"`
 
@@ -30,6 +90,7 @@ type StorableDashboard struct {
 	Data   StorableDashboardData `bun:"data,type:text,notnull"`
 	Locked bool                  `bun:"locked,notnull,default:false"`
 	OrgID  valuer.UUID           `bun:"org_id,notnull"`
+	Source Source                `bun:"source,type:text,notnull"`
 }
 
 type Dashboard struct {
@@ -40,6 +101,7 @@ type Dashboard struct {
 	Data   StorableDashboardData `json:"data"`
 	Locked bool                  `json:"locked"`
 	OrgID  valuer.UUID           `json:"org_id"`
+	Source Source                `json:"source"`
 }
 
 type LockUnlockDashboard struct {
@@ -64,6 +126,10 @@ func NewStorableDashboardFromDashboard(dashboard *Dashboard) (*StorableDashboard
 		return nil, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "id is not a valid uuid")
 	}
 
+	if !dashboard.Source.IsValid() {
+		return nil, errors.Newf(errors.TypeInvalidInput, ErrCodeDashboardInvalidSource, "invalid dashboard source %q", dashboard.Source.StringValue())
+	}
+
 	return &StorableDashboard{
 		Identifiable: types.Identifiable{
 			ID: dashboardID,
@@ -79,10 +145,15 @@ func NewStorableDashboardFromDashboard(dashboard *Dashboard) (*StorableDashboard
 		OrgID:  dashboard.OrgID,
 		Data:   dashboard.Data,
 		Locked: dashboard.Locked,
+		Source: dashboard.Source,
 	}, nil
 }
 
-func NewDashboard(orgID valuer.UUID, createdBy string, storableDashboardData StorableDashboardData) (*Dashboard, error) {
+func NewDashboard(orgID valuer.UUID, createdBy string, source Source, storableDashboardData StorableDashboardData) (*Dashboard, error) {
+	if !source.IsValid() {
+		return nil, errors.Newf(errors.TypeInvalidInput, ErrCodeDashboardInvalidSource, "invalid dashboard source %q", source.StringValue())
+	}
+
 	currentTime := time.Now()
 
 	return &Dashboard{
@@ -98,6 +169,7 @@ func NewDashboard(orgID valuer.UUID, createdBy string, storableDashboardData Sto
 		OrgID:  orgID,
 		Data:   storableDashboardData,
 		Locked: false,
+		Source: source,
 	}, nil
 }
 
@@ -115,6 +187,7 @@ func NewDashboardFromStorableDashboard(storableDashboard *StorableDashboard) *Da
 		OrgID:  storableDashboard.OrgID,
 		Data:   storableDashboard.Data,
 		Locked: storableDashboard.Locked,
+		Source: storableDashboard.Source,
 	}
 }
 
@@ -147,6 +220,7 @@ func NewGettableDashboardFromDashboard(dashboard *Dashboard) (*GettableDashboard
 		OrgID:         dashboard.OrgID,
 		Data:          dashboard.Data,
 		Locked:        dashboard.Locked,
+		Source:        dashboard.Source,
 	}, nil
 }
 
@@ -238,6 +312,43 @@ func (storableDashboardData *StorableDashboardData) GetWidgetIds() []string {
 	return widgetIds
 }
 
+func (dashboard *Dashboard) ErrIfNotMutable() error {
+	if dashboard.Source == SourceIntegration {
+		return errors.Newf(errors.TypeForbidden, ErrCodeDashboardImmutable, "integration dashboards cannot be modified")
+	}
+	return nil
+}
+
+func (dashboard *Dashboard) ErrIfNotDeletable() error {
+	if err := dashboard.ErrIfNotMutable(); err != nil {
+		return err
+	}
+	if dashboard.Source == SourceSystem {
+		return errors.Newf(errors.TypeForbidden, ErrCodeDashboardImmutable, "system dashboards cannot be deleted")
+	}
+	return nil
+}
+
+func (dashboard *Dashboard) ErrIfNotLockable() error {
+	if err := dashboard.ErrIfNotMutable(); err != nil {
+		return err
+	}
+	if dashboard.Source == SourceSystem {
+		return errors.Newf(errors.TypeForbidden, ErrCodeDashboardImmutable, "system dashboards cannot be locked or unlocked")
+	}
+	return nil
+}
+
+func (dashboard *Dashboard) ErrIfNotPublishable() error {
+	if err := dashboard.ErrIfNotMutable(); err != nil {
+		return err
+	}
+	if dashboard.Source == SourceSystem {
+		return errors.Newf(errors.TypeForbidden, ErrCodeDashboardImmutable, "system dashboards cannot be made public")
+	}
+	return nil
+}
+
 func (dashboard *Dashboard) CanUpdate(ctx context.Context, data StorableDashboardData, diff int) error {
 	if dashboard.Locked {
 		return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "cannot update a locked dashboard, please unlock the dashboard to update")

pkg/types/dashboardtypes/dashboard_test.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func makeTestWidgets(ids ...string) []interface{} {
@@ -19,6 +20,68 @@ func makeTestWidgets(ids ...string) []interface{} {
 	return widgets
 }
 
+func TestSourceEnum(t *testing.T) {
+	t.Run("valid sources round-trip through Value/Scan", func(t *testing.T) {
+		for _, src := range []Source{SourceUser, SourceSystem, SourceIntegration} {
+			val, err := src.Value()
+			require.NoError(t, err)
+
+			var got Source
+			require.NoError(t, got.Scan(val))
+			assert.Equal(t, src, got)
+		}
+	})
+
+	t.Run("invalid source is rejected by Value", func(t *testing.T) {
+		bogus := Source{valuer.NewString("hacker")}
+		_, err := bogus.Value()
+		assert.Error(t, err)
+	})
+
+	t.Run("Scan tolerates unknown strings, Value still rejects them", func(t *testing.T) {
+		var got Source
+		require.NoError(t, got.Scan("future_source"))
+		assert.Equal(t, "future_source", got.StringValue())
+		assert.False(t, got.IsValid())
+
+		_, err := got.Value()
+		assert.Error(t, err)
+	})
+
+	t.Run("NewSource validates input", func(t *testing.T) {
+		s, err := NewSource("USER")
+		require.NoError(t, err)
+		assert.Equal(t, SourceUser, s)
+
+		_, err = NewSource("nope")
+		assert.Error(t, err)
+	})
+}
+
+func TestErrIfNotMutable_BySource(t *testing.T) {
+	cases := []struct {
+		source       Source
+		mutable      bool
+		deletable    bool
+		lockable     bool
+		publishable  bool
+	}{
+		{SourceUser, true, true, true, true},
+		{SourceSystem, true, false, false, false},
+		{SourceIntegration, false, false, false, false},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.source.StringValue(), func(t *testing.T) {
+			d := &Dashboard{Source: tc.source}
+			assert.Equal(t, tc.mutable, d.ErrIfNotMutable() == nil)
+			assert.Equal(t, tc.deletable, d.ErrIfNotDeletable() == nil)
+			assert.Equal(t, tc.lockable, d.ErrIfNotLockable() == nil)
+			assert.Equal(t, tc.publishable, d.ErrIfNotPublishable() == nil)
+		})
+	}
+}
+
 func TestCanUpdate_MultipleDeletions_ByDiff(t *testing.T) {
 	testCases := []struct {
 		name    string
@@ -66,7 +129,7 @@ func TestCanUpdate_MultipleDeletions_ByDiff(t *testing.T) {
 			initial := StorableDashboardData{
 				"widgets": makeTestWidgets("a", "b", "c"),
 			}
-			d, err := NewDashboard(orgID, "tester", initial)
+			d, err := NewDashboard(orgID, "tester", SourceUser, initial)
 			assert.NoError(t, err)
 
 			updated := StorableDashboardData{

tests/integration/tests/querier_json_body/01_logs_json_body_new_qb.py

@@ -21,7 +21,7 @@ from fixtures.querier import (
 
 
 def _get_bodies(response: requests.Response) -> list[dict[str, Any]]:
-    return [row["data"]["body"] for row in get_rows(response)]
+    return [json.loads(row["data"]["body"]) for row in get_rows(response)]
 
 
 def _run_query_case(signoz: types.SigNoz, token: str, now: datetime, case: dict[str, Any]) -> None:
@@ -1188,7 +1188,7 @@ def test_message_searches(
     token = get_token(email=USER_ADMIN_EMAIL, password=USER_ADMIN_PASSWORD)
 
     def _body_messages(response: requests.Response) -> list[str]:
-        return [row["data"]["body"].get("message", "") for row in get_rows(response)]
+        return [json.loads(row["data"]["body"]).get("message", "") for row in get_rows(response)]
 
     payment_messages = {
         "Payment processed successfully",