feat: system dashboards

2026-04-23 04:10:29 +01:00 · 2026-04-12 21:57:53 +05:30
1269 changed files with 56163 additions and 49671 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -16,38 +16,38 @@ go.mod @therealpandey

 # Scaffold Owners

-/pkg/config/ @therealpandey
-/pkg/errors/ @therealpandey
-/pkg/factory/ @therealpandey
-/pkg/types/ @therealpandey
-/pkg/valuer/ @therealpandey
-/cmd/ @therealpandey
-.golangci.yml @therealpandey
+/pkg/config/ @vikrantgupta25
+/pkg/errors/ @vikrantgupta25
+/pkg/factory/ @vikrantgupta25
+/pkg/types/ @vikrantgupta25
+/pkg/valuer/ @vikrantgupta25
+/cmd/ @vikrantgupta25
+.golangci.yml @vikrantgupta25

 # Zeus Owners

-/pkg/zeus/ @therealpandey
-/ee/zeus/ @therealpandey
-/pkg/licensing/ @therealpandey
-/ee/licensing/ @therealpandey
+/pkg/zeus/ @vikrantgupta25
+/ee/zeus/ @vikrantgupta25
+/pkg/licensing/ @vikrantgupta25
+/ee/licensing/ @vikrantgupta25

 # SQL Owners

-/pkg/sqlmigration/ @therealpandey
-/ee/sqlmigration/ @therealpandey
-/pkg/sqlschema/ @therealpandey
-/ee/sqlschema/ @therealpandey
+/pkg/sqlmigration/ @vikrantgupta25
+/ee/sqlmigration/ @vikrantgupta25
+/pkg/sqlschema/ @vikrantgupta25
+/ee/sqlschema/ @vikrantgupta25

 # Analytics Owners

-/pkg/analytics/ @therealpandey
-/pkg/statsreporter/ @therealpandey
+/pkg/analytics/ @vikrantgupta25
+/pkg/statsreporter/ @vikrantgupta25

 # Emailing Owners

-/pkg/emailing/ @therealpandey
-/pkg/types/emailtypes/ @therealpandey
-/templates/email/ @therealpandey
+/pkg/emailing/ @vikrantgupta25
+/pkg/types/emailtypes/ @vikrantgupta25
+/templates/email/ @vikrantgupta25

 # Querier Owners

@@ -97,23 +97,23 @@ go.mod @therealpandey

 # AuthN / AuthZ Owners

-/pkg/authz/ @therealpandey
-/ee/authz/ @therealpandey
-/pkg/authn/ @therealpandey
-/ee/authn/ @therealpandey
-/pkg/modules/user/ @therealpandey
-/pkg/modules/session/ @therealpandey
-/pkg/modules/organization/ @therealpandey
-/pkg/modules/authdomain/ @therealpandey
-/pkg/modules/role/ @therealpandey
+/pkg/authz/ @vikrantgupta25
+/ee/authz/ @vikrantgupta25
+/pkg/authn/ @vikrantgupta25
+/ee/authn/ @vikrantgupta25
+/pkg/modules/user/ @vikrantgupta25
+/pkg/modules/session/ @vikrantgupta25
+/pkg/modules/organization/ @vikrantgupta25
+/pkg/modules/authdomain/ @vikrantgupta25
+/pkg/modules/role/ @vikrantgupta25

 # IdentN Owners
-/pkg/identn/ @therealpandey
-/pkg/http/middleware/identn.go @therealpandey
+/pkg/identn/ @vikrantgupta25
+/pkg/http/middleware/identn.go @vikrantgupta25

 # Integration tests

-/tests/integration/ @therealpandey
+/tests/integration/ @vikrantgupta25

 # OpenAPI types generator

--- a/.github/workflows/e2eci.yaml
+++ b/.github/workflows/e2eci.yaml
@@ -1,70 +0,0 @@
-name: e2eci
-
-on:
-  pull_request:
-    types:
-      - labeled
-  pull_request_target:
-    types:
-      - labeled
-
-jobs:
-  test:
-    strategy:
-      fail-fast: false
-      matrix:
-        project:
-          - chromium
-    if: |
-      ((github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
-      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))) && contains(github.event.pull_request.labels.*.name, 'safe-to-e2e')
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4
-      - name: python
-        uses: actions/setup-python@v5
-        with:
-          python-version: 3.13
-      - name: uv
-        uses: astral-sh/setup-uv@v4
-      - name: node
-        uses: actions/setup-node@v4
-        with:
-          node-version: lts/*
-      - name: python-install
-        run: |
-          cd tests && uv sync
-      - name: yarn-install
-        run: |
-          cd tests/e2e && yarn install --frozen-lockfile
-      - name: playwright-browsers
-        run: |
-          cd tests/e2e && yarn playwright install --with-deps ${{ matrix.project }}
-      - name: bring-up-stack
-        run: |
-          cd tests && \
-            uv run pytest \
-            --basetemp=./tmp/ \
-            -vv --reuse --with-web \
-            e2e/bootstrap/setup.py::test_setup
-      - name: playwright-test
-        run: |
-          cd tests/e2e && \
-            yarn playwright test --project=${{ matrix.project }}
-      - name: teardown-stack
-        if: always()
-        run: |
-          cd tests && \
-            uv run pytest \
-            --basetemp=./tmp/ \
-            -vv --teardown \
-            e2e/bootstrap/setup.py::test_teardown
-      - name: upload-artifacts
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: playwright-artifacts-${{ matrix.project }}
-          path: tests/e2e/artifacts/
-          retention-days: 5
--- a/.github/workflows/integrationci.yaml
+++ b/.github/workflows/integrationci.yaml
@@ -25,11 +25,11 @@ jobs:
        uses: astral-sh/setup-uv@v4
      - name: install
        run: |
-          cd tests && uv sync
+          cd tests/integration && uv sync
      - name: fmt
        run: |
          make py-fmt
-          git diff --exit-code -- tests/
+          git diff --exit-code -- tests/integration/
      - name: lint
        run: |
          make py-lint
@@ -37,21 +37,21 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        suite:
-          - alerts
+        src:
+          - bootstrap
+          - passwordauthn
          - callbackauthn
          - cloudintegrations
          - dashboard
-          - ingestionkeys
          - logspipelines
-          - passwordauthn
          - preference
          - querier
-          - rawexportdata
          - role
+          - ttl
+          - alerts
+          - ingestionkeys
          - rootuser
          - serviceaccount
-          - ttl
        sqlstore-provider:
          - postgres
          - sqlite
@@ -79,9 +79,8 @@ jobs:
        uses: astral-sh/setup-uv@v4
      - name: install
        run: |
-          cd tests && uv sync
+          cd tests/integration && uv sync
      - name: webdriver
-        if: matrix.suite == 'callbackauthn'
        run: |
          wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
          echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | sudo tee -a /etc/apt/sources.list.d/google-chrome.list
@@ -100,10 +99,10 @@ jobs:
          google-chrome-stable --version
      - name: run
        run: |
-          cd tests && \
+          cd tests/integration && \
            uv run pytest \
            --basetemp=./tmp/ \
-            integration/tests/${{matrix.suite}} \
+            src/${{matrix.src}} \
            --sqlstore-provider ${{matrix.sqlstore-provider}} \
            --sqlite-mode ${{matrix.sqlite-mode}} \
            --postgres-version ${{matrix.postgres-version}} \
--- a/.github/workflows/run-e2e.yaml
+++ b/.github/workflows/run-e2e.yaml
@@ -0,0 +1,62 @@
+name: e2eci
+
+on:
+  workflow_dispatch:
+    inputs:
+      userRole:
+        description: "Role of the user (ADMIN, EDITOR, VIEWER)"
+        required: true
+        type: choice
+        options:
+          - ADMIN
+          - EDITOR
+          - VIEWER
+
+jobs:
+  test:
+    name: Run Playwright Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: lts/*
+
+      - name: Mask secrets and input
+        run: |
+          echo "::add-mask::${{ secrets.BASE_URL }}"
+          echo "::add-mask::${{ secrets.LOGIN_USERNAME }}"
+          echo "::add-mask::${{ secrets.LOGIN_PASSWORD }}"
+          echo "::add-mask::${{ github.event.inputs.userRole }}"
+
+      - name: Install dependencies
+        working-directory: frontend
+        run: |
+          npm install -g yarn
+          yarn
+
+      - name: Install Playwright Browsers
+        working-directory: frontend
+        run: yarn playwright install --with-deps
+
+      - name: Run Playwright Tests
+        working-directory: frontend
+        run: |
+          BASE_URL="${{ secrets.BASE_URL }}" \
+          LOGIN_USERNAME="${{ secrets.LOGIN_USERNAME }}" \
+          LOGIN_PASSWORD="${{ secrets.LOGIN_PASSWORD }}" \
+          USER_ROLE="${{ github.event.inputs.userRole }}" \
+          yarn playwright test
+
+      - name: Upload Playwright Report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: playwright-report
+          path: frontend/playwright-report/
+          retention-days: 30
--- a/22
+++ b/22
@@ -201,26 +201,26 @@ docker-buildx-enterprise: go-build-enterprise js-build
 # python commands
 ##############################################################
 .PHONY: py-fmt
-py-fmt: ## Run black across the shared tests project
-	@cd tests && uv run black .
+py-fmt: ## Run black for integration tests
+	@cd tests/integration && uv run black .

 .PHONY: py-lint
-py-lint: ## Run lint across the shared tests project
-	@cd tests && uv run isort .
-	@cd tests && uv run autoflake .
-	@cd tests && uv run pylint .
+py-lint: ## Run lint for integration tests
+	@cd tests/integration && uv run isort .
+	@cd tests/integration && uv run autoflake .
+	@cd tests/integration && uv run pylint .

 .PHONY: py-test-setup
-py-test-setup: ## Bring up the shared SigNoz backend used by integration and e2e tests
-	@cd tests && uv run pytest --basetemp=./tmp/ -vv --reuse --capture=no integration/bootstrap/setup.py::test_setup
+py-test-setup: ## Runs integration tests
+	@cd tests/integration && uv run pytest --basetemp=./tmp/ -vv --reuse --capture=no src/bootstrap/setup.py::test_setup

 .PHONY: py-test-teardown
-py-test-teardown: ## Tear down the shared SigNoz backend
-	@cd tests && uv run pytest --basetemp=./tmp/ -vv --teardown --capture=no  integration/bootstrap/setup.py::test_teardown
+py-test-teardown: ## Runs integration tests with teardown
+	@cd tests/integration && uv run pytest --basetemp=./tmp/ -vv --teardown --capture=no  src/bootstrap/setup.py::test_teardown

 .PHONY: py-test
 py-test: ## Runs integration tests
-	@cd tests && uv run pytest --basetemp=./tmp/ -vv --capture=no integration/tests/
+	@cd tests/integration && uv run pytest --basetemp=./tmp/ -vv --capture=no src/

 .PHONY: py-clean
 py-clean: ## Clear all pycache and pytest cache from tests directory recursively
--- a/cmd/community/server.go
+++ b/cmd/community/server.go
@@ -7,7 +7,6 @@ import (
 	"github.com/spf13/cobra"

 	"github.com/SigNoz/signoz/cmd"
-	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/analytics"
 	"github.com/SigNoz/signoz/pkg/auditor"
 	"github.com/SigNoz/signoz/pkg/authn"
@@ -15,33 +14,22 @@ import (
 	"github.com/SigNoz/signoz/pkg/authz/openfgaauthz"
 	"github.com/SigNoz/signoz/pkg/authz/openfgaschema"
 	"github.com/SigNoz/signoz/pkg/authz/openfgaserver"
-	"github.com/SigNoz/signoz/pkg/cache"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/gateway"
 	"github.com/SigNoz/signoz/pkg/gateway/noopgateway"
-	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/licensing/nooplicensing"
-	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
-	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
-	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/queryparser"
-	"github.com/SigNoz/signoz/pkg/ruler"
-	"github.com/SigNoz/signoz/pkg/ruler/signozruler"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/sqlschema"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/telemetrystore"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/SigNoz/signoz/pkg/zeus/noopzeus"
@@ -83,7 +71,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		},
 		signoz.NewEmailingProviderFactories(),
 		signoz.NewCacheProviderFactories(),
-		signoz.NewWebProviderFactories(config.Global),
+		signoz.NewWebProviderFactories(),
 		func(sqlstore sqlstore.SQLStore) factory.NamedMap[factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config]] {
 			return signoz.NewSQLSchemaProviderFactories(sqlstore)
 		},
@@ -112,12 +100,6 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		func(ps factory.ProviderSettings, q querier.Querier, a analytics.Analytics) querier.Handler {
 			return querier.NewHandler(ps, q, a)
 		},
-		func(_ sqlstore.SQLStore, _ global.Global, _ zeus.Zeus, _ gateway.Gateway, _ licensing.Licensing, _ serviceaccount.Module, _ cloudintegration.Config) (cloudintegration.Module, error) {
-			return implcloudintegration.NewModule(), nil
-		},
-		func(c cache.Cache, am alertmanager.Alertmanager, ss sqlstore.SQLStore, ts telemetrystore.TelemetryStore, ms telemetrytypes.MetadataStore, p prometheus.Prometheus, og organization.Getter, rsh rulestatehistory.Module, q querier.Querier, qp queryparser.QueryParser) factory.NamedMap[factory.ProviderFactory[ruler.Ruler, ruler.Config]] {
-			return factory.MustNewNamedMap(signozruler.NewFactory(c, am, ss, ts, ms, p, og, rsh, q, qp, nil, nil))
-		},
 	)
 	if err != nil {
 		logger.ErrorContext(ctx, "failed to create signoz", errors.Attr(err))
--- a/cmd/enterprise/server.go
+++ b/cmd/enterprise/server.go
@@ -17,47 +17,31 @@ import (
 	"github.com/SigNoz/signoz/ee/gateway/httpgateway"
 	enterpriselicensing "github.com/SigNoz/signoz/ee/licensing"
 	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
-	"github.com/SigNoz/signoz/ee/modules/cloudintegration/implcloudintegration"
-	"github.com/SigNoz/signoz/ee/modules/cloudintegration/implcloudintegration/implcloudprovider"
 	"github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard"
 	eequerier "github.com/SigNoz/signoz/ee/querier"
 	enterpriseapp "github.com/SigNoz/signoz/ee/query-service/app"
-	eerules "github.com/SigNoz/signoz/ee/query-service/rules"
 	"github.com/SigNoz/signoz/ee/sqlschema/postgressqlschema"
 	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
 	enterprisezeus "github.com/SigNoz/signoz/ee/zeus"
 	"github.com/SigNoz/signoz/ee/zeus/httpzeus"
-	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/analytics"
 	"github.com/SigNoz/signoz/pkg/auditor"
 	"github.com/SigNoz/signoz/pkg/authn"
 	"github.com/SigNoz/signoz/pkg/authz"
-	"github.com/SigNoz/signoz/pkg/cache"
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/gateway"
-	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
-	pkgcloudintegration "github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
-	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
-	"github.com/SigNoz/signoz/pkg/ruler"
-	"github.com/SigNoz/signoz/pkg/ruler/signozruler"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/sqlschema"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
-	"github.com/SigNoz/signoz/pkg/telemetrystore"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/SigNoz/signoz/pkg/zeus"
 )
@@ -105,7 +89,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		},
 		signoz.NewEmailingProviderFactories(),
 		signoz.NewCacheProviderFactories(),
-		signoz.NewWebProviderFactories(config.Global),
+		signoz.NewWebProviderFactories(),
 		func(sqlstore sqlstore.SQLStore) factory.NamedMap[factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config]] {
 			existingFactories := signoz.NewSQLSchemaProviderFactories(sqlstore)
 			if err := existingFactories.Add(postgressqlschema.NewFactory(sqlstore)); err != nil {
@@ -143,6 +127,7 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 				return nil, err
 			}
 			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx), openfgaDataStore, licensing, dashboardModule), nil
+
 		},
 		func(store sqlstore.SQLStore, settings factory.ProviderSettings, analytics analytics.Analytics, orgGetter organization.Getter, queryParser queryparser.QueryParser, querier querier.Querier, licensing licensing.Licensing) dashboard.Module {
 			return impldashboard.NewModule(pkgimpldashboard.NewStore(store), settings, analytics, orgGetter, queryParser, querier, licensing)
@@ -161,24 +146,8 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 			communityHandler := querier.NewHandler(ps, q, a)
 			return eequerier.NewHandler(ps, q, communityHandler)
 		},
-		func(sqlStore sqlstore.SQLStore, global global.Global, zeus zeus.Zeus, gateway gateway.Gateway, licensing licensing.Licensing, serviceAccount serviceaccount.Module, config cloudintegration.Config) (cloudintegration.Module, error) {
-			defStore := pkgcloudintegration.NewServiceDefinitionStore()
-			awsCloudProviderModule, err := implcloudprovider.NewAWSCloudProvider(defStore)
-			if err != nil {
-				return nil, err
-			}
-			azureCloudProviderModule := implcloudprovider.NewAzureCloudProvider()
-			cloudProvidersMap := map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProviderModule{
-				cloudintegrationtypes.CloudProviderTypeAWS:   awsCloudProviderModule,
-				cloudintegrationtypes.CloudProviderTypeAzure: azureCloudProviderModule,
-			}
-
-			return implcloudintegration.NewModule(pkgcloudintegration.NewStore(sqlStore), global, zeus, gateway, licensing, serviceAccount, cloudProvidersMap, config)
-		},
-		func(c cache.Cache, am alertmanager.Alertmanager, ss sqlstore.SQLStore, ts telemetrystore.TelemetryStore, ms telemetrytypes.MetadataStore, p prometheus.Prometheus, og organization.Getter, rsh rulestatehistory.Module, q querier.Querier, qp queryparser.QueryParser) factory.NamedMap[factory.ProviderFactory[ruler.Ruler, ruler.Config]] {
-			return factory.MustNewNamedMap(signozruler.NewFactory(c, am, ss, ts, ms, p, og, rsh, q, qp, eerules.PrepareTaskFunc, eerules.TestNotification))
-		},
 	)
+
 	if err != nil {
 		logger.ErrorContext(ctx, "failed to create signoz", errors.Attr(err))
 		return err
--- a/conf/example.yaml
+++ b/conf/example.yaml
@@ -6,8 +6,6 @@
 ##################### Global #####################
 global:
  # the url under which the signoz apiserver is externally reachable.
-  # the path component (e.g. /signoz in https://example.com/signoz) is used
-  # as the base path for all HTTP routes (both API and web frontend).
  external_url: <unset>
  # the url where the SigNoz backend receives telemetry data (traces, metrics, logs) from instrumented applications.
  ingestion_url: <unset>
@@ -52,8 +50,8 @@ pprof:
 web:
  # Whether to enable the web frontend
  enabled: true
-  # The index file to use as the SPA entrypoint.
-  index: index.html
+  # The prefix to serve web on
+  prefix: /
  # The directory containing the static build files.
  directory: /etc/signoz/web

@@ -84,9 +82,6 @@ sqlstore:
  provider: sqlite
  # The maximum number of open connections to the database.
  max_open_conns: 100
-  # The maximum amount of time a connection may be reused.
-  # If max_conn_lifetime == 0, connections are not closed due to a connection's age.
-  max_conn_lifetime: 0
  sqlite:
    # The path to the SQLite database file.
    path: /var/lib/signoz/signoz.db
@@ -400,10 +395,3 @@ auditor:
      max_interval: 30s
      # The total maximum time spent retrying.
      max_elapsed_time: 60s
-
-##################### Cloud Integration #####################
-cloudintegration:
-  # cloud integration agent configuration
-  agent:
-    # The version of the cloud integration agent.
-    version: v0.0.8
--- a/deploy/docker-swarm/docker-compose.ha.yaml
+++ b/deploy/docker-swarm/docker-compose.ha.yaml
@@ -190,7 +190,7 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:v0.119.0
+    image: signoz/signoz:v0.118.0
    ports:
      - "8080:8080" # signoz port
    #   - "6060:6060"     # pprof port
--- a/deploy/docker-swarm/docker-compose.yaml
+++ b/deploy/docker-swarm/docker-compose.yaml
@@ -117,7 +117,7 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:v0.119.0
+    image: signoz/signoz:v0.118.0
    ports:
      - "8080:8080" # signoz port
    volumes:
--- a/deploy/docker/docker-compose.ha.yaml
+++ b/deploy/docker/docker-compose.ha.yaml
@@ -181,7 +181,7 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.119.0}
+    image: signoz/signoz:${VERSION:-v0.118.0}
    container_name: signoz
    ports:
      - "8080:8080" # signoz port
--- a/deploy/docker/docker-compose.yaml
+++ b/deploy/docker/docker-compose.yaml
@@ -109,7 +109,7 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.119.0}
+    image: signoz/signoz:${VERSION:-v0.118.0}
    container_name: signoz
    ports:
      - "8080:8080" # signoz port
--- a/docs/api/openapi.yml
+++ b/docs/api/openapi.yml
--- a/docs/contributing/go/integration.md
+++ b/docs/contributing/go/integration.md
@@ -0,0 +1,216 @@
+# Integration Tests
+
+SigNoz uses integration tests to verify that different components work together correctly in a real environment. These tests run against actual services (ClickHouse, PostgreSQL, etc.) to ensure end-to-end functionality.
+
+## How to set up the integration test environment?
+
+### Prerequisites
+
+Before running integration tests, ensure you have the following installed:
+
+- Python 3.13+
+- [uv](https://docs.astral.sh/uv/getting-started/installation/)
+- Docker (for containerized services)
+
+### Initial Setup
+
+1. Navigate to the integration tests directory:
+```bash
+cd tests/integration
+```
+
+2. Install dependencies using uv:
+```bash
+uv sync
+```
+
+> **_NOTE:_**  the build backend could throw an error while installing `psycopg2`, pleae see https://www.psycopg.org/docs/install.html#build-prerequisites
+
+### Starting the Test Environment
+
+To spin up all the containers necessary for writing integration tests and keep them running:
+
+```bash
+uv run pytest --basetemp=./tmp/ -vv --reuse src/bootstrap/setup.py::test_setup
+```
+
+This command will:
+- Start all required services (ClickHouse, PostgreSQL, Zookeeper, etc.)
+- Keep containers running due to the `--reuse` flag
+- Verify that the setup is working correctly
+
+### Stopping the Test Environment
+
+When you're done writing integration tests, clean up the environment:
+
+```bash
+uv run pytest --basetemp=./tmp/ -vv --teardown -s src/bootstrap/setup.py::test_teardown
+```
+
+This will destroy the running integration test setup and clean up resources.
+
+## Understanding the Integration Test Framework
+
+Python and pytest form the foundation of the integration testing framework. Testcontainers are used to spin up disposable integration environments. Wiremock is used to spin up **test doubles** of other services.
+
+- **Why Python/pytest?** It's expressive, low-boilerplate, and has powerful fixture capabilities that make integration testing straightforward. Extensive libraries for HTTP requests, JSON handling, and data analysis (numpy) make it easier to test APIs and verify data
+- **Why testcontainers?** They let us spin up isolated dependencies that match our production environment without complex setup.
+- **Why wiremock?** Well maintained, documented and extensible.
+
+```
+.
+├── conftest.py
+├── fixtures
+│   ├── __init__.py
+│   ├── auth.py
+│   ├── clickhouse.py
+│   ├── fs.py
+│   ├── http.py
+│   ├── migrator.py
+│   ├── network.py
+│   ├── postgres.py
+│   ├── signoz.py
+│   ├── sql.py
+│   ├── sqlite.py
+│   ├── types.py
+│   └── zookeeper.py
+├── uv.lock
+├── pyproject.toml
+└── src
+    └── bootstrap
+        ├── __init__.py
+        ├── 01_database.py
+        ├── 02_register.py
+        └── 03_license.py
+```
+
+Each test suite follows some important principles:
+
+1. **Organization**: Test suites live under `src/` in self-contained packages. Fixtures (a pytest concept) live inside `fixtures/`.
+2. **Execution Order**: Files are prefixed with two-digit numbers (`01_`, `02_`, `03_`) to ensure sequential execution.
+3. **Time Constraints**: Each suite should complete in under 10 minutes (setup takes ~4 mins).
+
+### Test Suite Design
+
+Test suites should target functional domains or subsystems within SigNoz. When designing a test suite, consider these principles:
+
+- **Functional Cohesion**: Group tests around a specific capability or service boundary
+- **Data Flow**: Follow the path of data through related components
+- **Change Patterns**: Components frequently modified together should be tested together
+
+The exact boundaries for modules are intentionally flexible, allowing teams to define logical groupings based on their specific context and knowledge of the system.
+
+Eg: The **bootstrap** integration test suite validates core system functionality:
+
+- Database initialization
+- Version check
+
+Other test suites can be **pipelines, auth, querier.**
+
+## How to write an integration test?
+
+Now start writing an integration test. Create a new file `src/bootstrap/05_version.py` and paste the following:
+
+```python
+import requests
+
+from fixtures import types
+from fixtures.logger import setup_logger
+
+logger = setup_logger(__name__)
+
+def test_version(signoz: types.SigNoz) -> None:
+    response = requests.get(signoz.self.host_config.get("/api/v1/version"), timeout=2)
+    logger.info(response)
+```
+
+We have written a simple test which calls the `version` endpoint of the container in step 1. In **order to just run this function, run the following command:**
+
+```bash
+uv run pytest --basetemp=./tmp/ -vv --reuse src/bootstrap/05_version.py::test_version
+```
+
+> Note: The `--reuse` flag is used to reuse the environment if it is already running. Always use this flag when writing and running integration tests. If you don't use this flag, the environment will be destroyed and recreated every time you run the test.
+
+Here's another example of how to write a more comprehensive integration test:
+
+```python
+from http import HTTPStatus
+import requests
+from fixtures import types
+from fixtures.logger import setup_logger
+
+logger = setup_logger(__name__)
+
+def test_user_registration(signoz: types.SigNoz) -> None:
+    """Test user registration functionality."""
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/register"),
+        json={
+            "name": "testuser",
+            "orgId": "",
+            "orgName": "test.org",
+            "email": "test@example.com",
+            "password": "password123Z$",
+        },
+        timeout=2,
+    )
+
+    assert response.status_code == HTTPStatus.OK
+    assert response.json()["setupCompleted"] is True
+```
+
+## How to run integration tests?
+
+### Running All Tests
+
+```bash
+uv run pytest --basetemp=./tmp/ -vv --reuse src/
+```
+
+### Running Specific Test Categories
+
+```bash
+uv run pytest --basetemp=./tmp/ -vv --reuse src/<suite>
+
+# Run querier tests
+uv run pytest --basetemp=./tmp/ -vv --reuse src/querier/
+# Run auth tests
+uv run pytest --basetemp=./tmp/ -vv --reuse src/auth/
+```
+
+### Running Individual Tests
+
+```bash
+uv run pytest --basetemp=./tmp/ -vv --reuse src/<suite>/<file>.py::test_name
+
+# Run test_register in file 01_register.py in passwordauthn suite
+uv run pytest --basetemp=./tmp/ -vv --reuse src/passwordauthn/01_register.py::test_register
+```
+
+## How to configure different options for integration tests?
+
+Tests can be configured using pytest options:
+
+- `--sqlstore-provider` - Choose database provider (default: postgres)
+- `--sqlite-mode` - SQLite journal mode: `delete` or `wal` (default: delete). Only relevant when `--sqlstore-provider=sqlite`.
+- `--postgres-version` - PostgreSQL version (default: 15)
+- `--clickhouse-version` - ClickHouse version (default: 25.5.6)
+- `--zookeeper-version` - Zookeeper version (default: 3.7.1)
+
+Example:
+```bash
+uv run pytest --basetemp=./tmp/ -vv --reuse --sqlstore-provider=postgres --postgres-version=14 src/auth/
+```
+
+## What should I remember?
+
+- **Always use the `--reuse` flag** when setting up the environment to keep containers running
+- **Use the `--teardown` flag** when cleaning up to avoid resource leaks
+- **Follow the naming convention** with two-digit numeric prefixes (`01_`, `02_`) for test execution order
+- **Use proper timeouts** in HTTP requests to avoid hanging tests
+- **Clean up test data** between tests to avoid interference
+- **Use descriptive test names** that clearly indicate what is being tested
+- **Leverage fixtures** for common setup and authentication
+- **Test both success and failure scenarios** to ensure robust functionality
+- **`--sqlite-mode=wal` does not work on macOS.** The integration test environment runs SigNoz inside a Linux container with the SQLite database file mounted from the macOS host. WAL mode requires shared memory between connections, and connections crossing the VM boundary (macOS host ↔ Linux container) cannot share the WAL index, resulting in `SQLITE_IOERR_SHORT_READ`. WAL mode is tested in CI on Linux only.
--- a/docs/contributing/go/readme.md
+++ b/docs/contributing/go/readme.md
@@ -15,8 +15,8 @@ We **recommend** (almost enforce) reviewing these guides before contributing to
 - [Endpoint](endpoint.md) - HTTP endpoint patterns
 - [Flagger](flagger.md) - Feature flag patterns
 - [Handler](handler.md) - HTTP handler patterns
+- [Integration](integration.md) - Integration testing
 - [Provider](provider.md) - Dependency injection and provider patterns
 - [Packages](packages.md) - Naming, layout, and conventions for `pkg/` packages
 - [Service](service.md) - Managed service lifecycle with `factory.Service`
 - [SQL](sql.md) - Database and SQL patterns
- [Types](types.md) - Domain types, request/response bodies, and storage rows in `pkg/types/`
--- a/docs/contributing/go/types.md
+++ b/docs/contributing/go/types.md
@@ -1,152 +0,0 @@
-# Types
-
-Domain types in `pkg/types/<domain>/` live on three serialization boundaries — inbound HTTP, outbound HTTP, and SQL — on top of an in-memory domain representation. SigNoz's convention is **core-type-first**: every domain defines a single canonical type `X`, and specialized flavors (`PostableX`, `GettableX`, `UpdatableX`, `StorableX`) are introduced **only when they actually differ from `X`**. This guide spells out when each flavor is warranted and how they relate to each other.
-
-Before reading, make sure you have read [abstractions.md](abstractions.md) — the rules here build on its guidance that every new type must earn its place.
-
-## The core type is required
-
-Every domain package in `pkg/types/<domain>/` defines exactly one core type `X`: `AuthDomain`, `Channel`, `Rule`, `Dashboard`, `Role`, `PlannedMaintenance`. This is the canonical in-memory representation of the domain object. Domain methods, validation invariants, and business logic hang off `X` — not off the flavor types.
-
-Two rules shape how the core type behaves:
-
- **Conversions can be either `New<Output>From<Input>` or a receiver-style `(x *X) ToY()` method.** Either form is fine; pick whichever reads best at the call site:
-
-    ```go
-    // Constructor form
-    func NewGettableAuthDomainFromAuthDomain(d *AuthDomain, info *AuthNProviderInfo) *GettableAuthDomain
-
-    // Receiver form
-    func (m *PlannedMaintenanceWithRules) ToPlannedMaintenance() *PlannedMaintenance
-    ```
- **`X` can double as the storage row** when the DB shape would be identical. `Channel` embeds `bun.BaseModel` directly, and there is no `StorableChannel`. This is the preferred shape when it works.
-
-Domain packages under `pkg/types/` must not import from other `pkg/` packages. Keep the core type's methods lightweight and push orchestration out to the module layer.
-
-## Add a flavor only when it differs
-
-For each of the four flavors, create it only if its shape diverges from `X`. If a flavor would have the same fields and tags as `X`, reuse `X` directly, or declare a type alias. Every flavor must earn its place per [abstractions.md](abstractions.md) rule 6 ("Wrappers must add semantics, not just rename").
-
-| Flavor       | Create it when it differs in…                                                                                                                                                                                                     |
-| ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `PostableX`  | JSON shape differs from `X` — typically no `Id`, no audit fields, no server-computed fields. Often owns input validation via `Validate()` or a custom `UnmarshalJSON`.                                                            |
-| `GettableX`  | Response shape adds server-computed fields that are not persisted — e.g., `GettableAuthDomain` adds `AuthNProviderInfo`, which is resolved at read time.                                                                          |
-| `UpdatableX` | Only a strict subset of `PostableX` is replaceable on PUT. If the updatable shape equals `PostableX`, reuse `PostableX`.                                                                                                          |
-| `StorableX`  | DB row shape differs from `X` — usually `X` carries nested typed config while `StorableX` carries a flat `Data string` JSON column, plus bun tags, audit mixins, and an `OrgID`. If `X` already has those, skip the flavor.       |
-
-The failure mode this rule exists to prevent: minting all four flavors on reflex for every new resource, even when two or three are structurally identical. Each unnecessary flavor is another type contributors must understand and another conversion that can drift.
-
-## Worked examples
-
-### Channel — core type only
-
-```go
-type Channels         = []*Channel
-type GettableChannels = []*Channel
-
-type Channel struct {
-    bun.BaseModel `bun:"table:notification_channel"`
-    types.Identifiable
-    types.TimeAuditable
-    Name  string `json:"name"  required:"true" bun:"name"`
-    Type  string `json:"type"  required:"true" bun:"type"`
-    Data  string `json:"data"  required:"true" bun:"data"`
-    OrgID string `json:"orgId" required:"true" bun:"org_id"`
-}
-```
-
-`Channel` is both the domain type and the bun row. `GettableChannels` is a **type alias** because `*Channel` already serializes correctly as a response. There is no `StorableChannel`, `PostableChannel`, or `UpdatableChannel` — those would be identical to `Channel` and so do not exist. Prefer this shape when it works.
-
-### AuthDomain — all four flavors
-
-```go
-type AuthDomain struct {
-    storableAuthDomain *StorableAuthDomain
-    authDomainConfig   *AuthDomainConfig
-}
-
-type StorableAuthDomain struct {
-    bun.BaseModel `bun:"table:auth_domain"`
-    types.Identifiable
-    Name  string      `bun:"name"`
-    Data  string      `bun:"data"`  // AuthDomainConfig serialized as JSON
-    OrgID valuer.UUID `bun:"org_id"`
-    types.TimeAuditable
-}
-
-type PostableAuthDomain struct {
-    Config AuthDomainConfig `json:"config"`
-    Name   string           `json:"name"`
-}
-
-type UpdateableAuthDomain struct {
-    Config AuthDomainConfig `json:"config"` // Name intentionally absent
-}
-
-type GettableAuthDomain struct {
-    *StorableAuthDomain
-    *AuthDomainConfig
-    AuthNProviderInfo *AuthNProviderInfo `json:"authNProviderInfo"`
-}
-```
-
-Each flavor exists for a concrete reason:
-
- `StorableAuthDomain` stores the typed config as an opaque `Data string` column, so the schema does not need to migrate every time a config field is added.
- `PostableAuthDomain` carries the config as a structured object (not a string) for the request.
- `UpdateableAuthDomain` excludes `Name` because a domain's name cannot change after creation.
- `GettableAuthDomain` adds `AuthNProviderInfo`, which is derived at read time and never persisted.
-
-The core `AuthDomain` holds the two live halves — `storableAuthDomain` and `authDomainConfig` — and owns business methods such as `Update(config)`. Conversions use the `New<Output>From<Input>` form: `NewAuthDomainFromConfig`, `NewAuthDomainFromStorableAuthDomain`, `NewGettableAuthDomainFromAuthDomain`.
-
-## Conventions that tie the flavors together
-
- **Conversions** use either a `New<Output>From<Input>` constructor — e.g. `NewChannelFromReceiver`, `NewGettableAuthDomainFromAuthDomain` — or a receiver-style `ToY()` method. Both forms coexist in the codebase; use whichever fits the call site.
- **Validation belongs on the core type `X`.** Putting it on `X` means every write path — HTTP create, HTTP update, in-process migration, replay — runs the same checks. `Validate()` on `PostableX` is reserved for checks that are specific to the request shape and do not apply to `X`. `UnmarshalJSON` on `PostableX` is a separate tool that lives there because decoding only happens at the HTTP boundary — `PostableAuthDomain.UnmarshalJSON` rejecting a malformed domain name at decode time is the canonical example.
-
-    ```go
-    // Domain invariants: every write path re-runs these.
-    func (x *X) Validate() error { ... }
-
-    // Request-shape-only: checks that do not apply once the value is persisted.
-    func (p *PostableX) Validate() error { ... }
-    ```
- **Type aliases, not wrappers**, when two shapes are identical. `type GettableChannels = []*Channel` is correct because it adds no semantics beyond the underlying type.
- **Serialization tags** follow [handler.md](handler.md): `required:"true"` means the JSON key must be present, `nullable:"true"` is required on any slice or map that may serialize as `null`, and types with a fixed value set must implement `Enum() []any`.
-
-## A note on `UpdatableX` and `PatchableX`
-
- `UpdatableX` — the body for PUT (full replace) when the shape is a strict subset of `PostableX`. If the updatable shape equals `PostableX`, reuse `PostableX`.
- `PatchableX` — the body for PATCH (partial update); only the fields a client is allowed to patch. For example, `PatchableRole` carries a single `Description` field even though `Role` has many — clients may patch the description but not anything else.
-
-    ```go
-    type PatchableRole struct {
-        Description string `json:"description"`
-    }
-    ```
-
-Both are optional. Do not introduce them if `PostableX` already covers the case.
-
-## What to avoid
-
- **Do not mint a flavor that mirrors the core type.** If `StorableX` would have the same fields as `X`, use `X` directly with `bun.BaseModel` embedded. `Channel` is the canonical example.
- **Do not bolt domain methods onto `StorableX`.** Storage types are data carriers. Domain methods live on `X`.
- **Do not invent new suffixes** (`Creatable`, `Fetchable`, `Savable`). The core type plus `Postable` / `Gettable` / `Updatable` / `Patchable` / `Storable` covers every case that exists today.
- **Spelling — `Updatable`, not `Updateable`.** `Updateable` is a common typo. Prefer the shorter form when introducing new types, and rename any stragglers you come across.
- **Spelling — `Storable`, not `Storeable`.** `Storeable` is a common typo. Prefer the shorter form when introducing new types, and rename any stragglers you come across.
-
-## What should I remember?
-
- Every domain package defines the core type `X`. Only `X` is mandatory.
- Add `PostableX` / `GettableX` / `UpdatableX` / `StorableX` one at a time, only when the shape actually diverges from `X`.
- Domain logic lives on `X`, not on the flavor types.
- Conversions can be a `New<Output>From<Input>` constructor or a receiver-style `ToY()` method — pick whichever reads best at the call site.
- Use a type alias when two shapes are truly identical.
- `pkg/types/<domain>/` must not import from other `pkg/` packages.
-
-## Further reading
-
- [abstractions.md](abstractions.md) — when to introduce a new type at all.
- [handler.md](handler.md) — struct tag rules at the HTTP boundary.
- [packages.md](packages.md) — where types live under `pkg/types/`.
- [sql.md](sql.md) — star-schema requirements for `StorableX`.
--- a/docs/contributing/onboarding.md
+++ b/docs/contributing/onboarding.md
@@ -7,12 +7,12 @@ This guide explains how to add new data sources to the SigNoz onboarding flow. T
 The configuration is located at:

 ```
-frontend/src/container/OnboardingV2Container/onboarding-configs/onboarding-config-with-links.ts
+frontend/src/container/OnboardingV2Container/onboarding-configs/onboarding-config-with-links.json
 ```

-## Structure Overview
+## JSON Structure Overview

-The configuration file exports a TypeScript array (`onboardingConfigWithLinks`) containing data source objects. Each object represents a selectable option in the onboarding flow. SVG logos are imported as ES modules at the top of the file.
+The configuration file is a JSON array containing data source objects. Each object represents a selectable option in the onboarding flow.

 ## Data Source Object Keys

@@ -24,7 +24,7 @@ The configuration file exports a TypeScript array (`onboardingConfigWithLinks`)
 | `label` | `string` | Display name shown to users (e.g., `"AWS EC2"`) |
 | `tags` | `string[]` | Array of category tags for grouping (e.g., `["AWS"]`, `["database"]`) |
 | `module` | `string` | Destination module after onboarding completion |
-| `imgUrl` | `string` | Imported SVG URL **(SVG required)** (e.g., `import ec2Url from '@/assets/Logos/ec2.svg'`, then use `ec2Url`) |
+| `imgUrl` | `string` | Path to the logo/icon **(SVG required)** (e.g., `"/Logos/ec2.svg"`) |

 ### Optional Keys

@@ -57,34 +57,36 @@ The `module` key determines where users are redirected after completing onboardi

 The `question` object enables multi-step selection flows:

-```ts
-question: {
-  desc: 'What would you like to monitor?',
-  type: 'select',
-  helpText: 'Choose the telemetry type you want to collect.',
-  helpLink: '/docs/azure-monitoring/overview/',
-  helpLinkText: 'Read the guide →',
-  options: [
-    {
-      key: 'logging',
-      label: 'Logs',
-      imgUrl: azureVmUrl,
-      link: '/docs/azure-monitoring/app-service/logging/',
-    },
-    {
-      key: 'metrics',
-      label: 'Metrics',
-      imgUrl: azureVmUrl,
-      link: '/docs/azure-monitoring/app-service/metrics/',
-    },
-    {
-      key: 'tracing',
-      label: 'Traces',
-      imgUrl: azureVmUrl,
-      link: '/docs/azure-monitoring/app-service/tracing/',
-    },
-  ],
-},
+```json
+{
+  "question": {
+    "desc": "What would you like to monitor?",
+    "type": "select",
+    "helpText": "Choose the telemetry type you want to collect.",
+    "helpLink": "/docs/azure-monitoring/overview/",
+    "helpLinkText": "Read the guide →",
+    "options": [
+        {
+            "key": "logging",
+            "label": "Logs",
+            "imgUrl": "/Logos/azure-vm.svg",
+            "link": "/docs/azure-monitoring/app-service/logging/"
+        },
+        {
+            "key": "metrics",
+            "label": "Metrics",
+            "imgUrl": "/Logos/azure-vm.svg",
+            "link": "/docs/azure-monitoring/app-service/metrics/"
+        },
+        {
+            "key": "tracing",
+            "label": "Traces",
+            "imgUrl": "/Logos/azure-vm.svg",
+            "link": "/docs/azure-monitoring/app-service/tracing/"
+        }
+    ]
+  }
+}
 ```

 ### Question Keys
@@ -104,161 +106,152 @@ Options can be simple (direct link) or nested (with another question):

 ### Simple Option (Direct Link)

-```ts
+```json
 {
-  key: 'aws-ec2-logs',
-  label: 'Logs',
-  imgUrl: ec2Url,
-  link: '/docs/userguide/collect_logs_from_file/',
-},
+  "key": "aws-ec2-logs",
+  "label": "Logs",
+  "imgUrl": "/Logos/ec2.svg",
+  "link": "/docs/userguide/collect_logs_from_file/"
+}
 ```

 ### Option with Internal Redirect

-```ts
+```json
 {
-  key: 'aws-ec2-metrics-one-click',
-  label: 'One Click AWS',
-  imgUrl: ec2Url,
-  link: '/integrations?integration=aws-integration&service=ec2',
-  internalRedirect: true,
-},
+  "key": "aws-ec2-metrics-one-click",
+  "label": "One Click AWS",
+  "imgUrl": "/Logos/ec2.svg",
+  "link": "/integrations?integration=aws-integration&service=ec2",
+  "internalRedirect": true
+}
 ```

 > **Important**: Set `internalRedirect: true` only for internal app routes (like `/integrations?...`). Docs links should NOT have this flag.

 ### Nested Option (Multi-step Flow)

-```ts
+```json
 {
-  key: 'aws-ec2-metrics',
-  label: 'Metrics',
-  imgUrl: ec2Url,
-  question: {
-    desc: 'How would you like to set up monitoring?',
-    helpText: 'Choose your setup method.',
-    options: [...],
-  },
-},
+  "key": "aws-ec2-metrics",
+  "label": "Metrics",
+  "imgUrl": "/Logos/ec2.svg",
+  "question": {
+    "desc": "How would you like to set up monitoring?",
+    "helpText": "Choose your setup method.",
+    "options": [...]
+  }
+}
 ```

 ## Examples

 ### Simple Data Source (Direct Link)

-```ts
-import elbUrl from '@/assets/Logos/elb.svg';
-
-// inside the onboardingConfigWithLinks array:
+```json
 {
-  dataSource: 'aws-elb',
-  label: 'AWS ELB',
-  tags: ['AWS'],
-  module: 'logs',
-  relatedSearchKeywords: [
-    'aws',
-    'aws elb',
-    'elb logs',
-    'elastic load balancer',
+  "dataSource": "aws-elb",
+  "label": "AWS ELB",
+  "tags": ["AWS"],
+  "module": "logs",
+  "relatedSearchKeywords": [
+    "aws",
+    "aws elb",
+    "elb logs",
+    "elastic load balancer"
  ],
-  imgUrl: elbUrl,
-  link: '/docs/aws-monitoring/elb/',
-},
+  "imgUrl": "/Logos/elb.svg",
+  "link": "/docs/aws-monitoring/elb/"
+}
 ```

 ### Data Source with Single Question Level

-```ts
-import azureVmUrl from '@/assets/Logos/azure-vm.svg';
-
-// inside the onboardingConfigWithLinks array:
+```json
 {
-  dataSource: 'app-service',
-  label: 'App Service',
-  imgUrl: azureVmUrl,
-  tags: ['Azure'],
-  module: 'apm',
-  relatedSearchKeywords: ['azure', 'app service'],
-  question: {
-    desc: 'What telemetry data do you want to visualise?',
-    type: 'select',
-    options: [
+  "dataSource": "app-service",
+  "label": "App Service",
+  "imgUrl": "/Logos/azure-vm.svg",
+  "tags": ["Azure"],
+  "module": "apm",
+  "relatedSearchKeywords": ["azure", "app service"],
+  "question": {
+    "desc": "What telemetry data do you want to visualise?",
+    "type": "select",
+    "options": [
      {
-        key: 'logging',
-        label: 'Logs',
-        imgUrl: azureVmUrl,
-        link: '/docs/azure-monitoring/app-service/logging/',
+        "key": "logging",
+        "label": "Logs",
+        "imgUrl": "/Logos/azure-vm.svg",
+        "link": "/docs/azure-monitoring/app-service/logging/"
      },
      {
-        key: 'metrics',
-        label: 'Metrics',
-        imgUrl: azureVmUrl,
-        link: '/docs/azure-monitoring/app-service/metrics/',
+        "key": "metrics",
+        "label": "Metrics",
+        "imgUrl": "/Logos/azure-vm.svg",
+        "link": "/docs/azure-monitoring/app-service/metrics/"
      },
      {
-        key: 'tracing',
-        label: 'Traces',
-        imgUrl: azureVmUrl,
-        link: '/docs/azure-monitoring/app-service/tracing/',
-      },
-    ],
-  },
-},
+        "key": "tracing",
+        "label": "Traces",
+        "imgUrl": "/Logos/azure-vm.svg",
+        "link": "/docs/azure-monitoring/app-service/tracing/"
+      }
+    ]
+  }
+}
 ```

 ### Data Source with Nested Questions (2-3 Levels)

-```ts
-import ec2Url from '@/assets/Logos/ec2.svg';
-
-// inside the onboardingConfigWithLinks array:
+```json
 {
-  dataSource: 'aws-ec2',
-  label: 'AWS EC2',
-  tags: ['AWS'],
-  module: 'logs',
-  relatedSearchKeywords: ['aws', 'aws ec2', 'ec2 logs', 'ec2 metrics'],
-  imgUrl: ec2Url,
-  question: {
-    desc: 'What would you like to monitor for AWS EC2?',
-    type: 'select',
-    helpText: 'Choose the type of telemetry data you want to collect.',
-    options: [
+  "dataSource": "aws-ec2",
+  "label": "AWS EC2",
+  "tags": ["AWS"],
+  "module": "logs",
+  "relatedSearchKeywords": ["aws", "aws ec2", "ec2 logs", "ec2 metrics"],
+  "imgUrl": "/Logos/ec2.svg",
+  "question": {
+    "desc": "What would you like to monitor for AWS EC2?",
+    "type": "select",
+    "helpText": "Choose the type of telemetry data you want to collect.",
+    "options": [
      {
-        key: 'aws-ec2-logs',
-        label: 'Logs',
-        imgUrl: ec2Url,
-        link: '/docs/userguide/collect_logs_from_file/',
+        "key": "aws-ec2-logs",
+        "label": "Logs",
+        "imgUrl": "/Logos/ec2.svg",
+        "link": "/docs/userguide/collect_logs_from_file/"
      },
      {
-        key: 'aws-ec2-metrics',
-        label: 'Metrics',
-        imgUrl: ec2Url,
-        question: {
-          desc: 'How would you like to set up EC2 Metrics monitoring?',
-          helpText: 'One Click uses AWS CloudWatch integration. Manual setup uses OpenTelemetry.',
-          helpLink: '/docs/aws-monitoring/one-click-vs-manual/',
-          helpLinkText: 'Read the comparison guide →',
-          options: [
+        "key": "aws-ec2-metrics",
+        "label": "Metrics",
+        "imgUrl": "/Logos/ec2.svg",
+        "question": {
+          "desc": "How would you like to set up EC2 Metrics monitoring?",
+          "helpText": "One Click uses AWS CloudWatch integration. Manual setup uses OpenTelemetry.",
+          "helpLink": "/docs/aws-monitoring/one-click-vs-manual/",
+          "helpLinkText": "Read the comparison guide →",
+          "options": [
            {
-              key: 'aws-ec2-metrics-one-click',
-              label: 'One Click AWS',
-              imgUrl: ec2Url,
-              link: '/integrations?integration=aws-integration&service=ec2',
-              internalRedirect: true,
+              "key": "aws-ec2-metrics-one-click",
+              "label": "One Click AWS",
+              "imgUrl": "/Logos/ec2.svg",
+              "link": "/integrations?integration=aws-integration&service=ec2",
+              "internalRedirect": true
            },
            {
-              key: 'aws-ec2-metrics-manual',
-              label: 'Manual Setup',
-              imgUrl: ec2Url,
-              link: '/docs/tutorial/opentelemetry-binary-usage-in-virtual-machine/',
-            },
-          ],
-        },
-      },
-    ],
-  },
-},
+              "key": "aws-ec2-metrics-manual",
+              "label": "Manual Setup",
+              "imgUrl": "/Logos/ec2.svg",
+              "link": "/docs/tutorial/opentelemetry-binary-usage-in-virtual-machine/"
+            }
+          ]
+        }
+      }
+    ]
+  }
+}
 ```

 ## Best Practices
@@ -277,16 +270,11 @@ import ec2Url from '@/assets/Logos/ec2.svg';

 ### 3. Logos

- Place logo files in `src/assets/Logos/`
+- Place logo files in `public/Logos/`
 - Use SVG format
- Import the SVG at the top of the file and reference the imported variable:
-  ```ts
-  import myServiceUrl from '@/assets/Logos/my-service.svg';
-  // then in the config object:
-  imgUrl: myServiceUrl,
-  ```
+- Reference as `"/Logos/your-logo.svg"`
 - **Fetching Icons**: New icons can be easily fetched from [OpenBrand](https://openbrand.sh/). Use the pattern `https://openbrand.sh/?url=<TARGET_URL>`, where `<TARGET_URL>` is the URL-encoded link to the service's website. For example, to get Render's logo, use [https://openbrand.sh/?url=https%3A%2F%2Frender.com](https://openbrand.sh/?url=https%3A%2F%2Frender.com).
- **Optimize new SVGs**: Run any newly downloaded SVGs through an optimizer like [SVGOMG (svgo)](https://svgomg.net/) or use `npx svgo src/assets/Logos/your-logo.svg` to minimise their size before committing.
+- **Optimize new SVGs**: Run any newly downloaded SVGs through an optimizer like [SVGOMG (svgo)](https://svgomg.net/) or use `npx svgo public/Logos/your-logo.svg` to minimise their size before committing.

 ### 4. Links

@@ -302,8 +290,8 @@ import ec2Url from '@/assets/Logos/ec2.svg';

 ## Adding a New Data Source

-1. Add the logo SVG to `src/assets/Logos/` and add a top-level import in the config file (e.g., `import myServiceUrl from '@/assets/Logos/my-service.svg'`)
-2. Add your data source object to the `onboardingConfigWithLinks` array, referencing the imported variable for `imgUrl`
+1. Add your data source object to the JSON array
+2. Ensure the logo exists in `public/Logos/`
 3. Test the flow locally with `yarn dev`
 4. Validation:
   - Navigate to the [onboarding page](http://localhost:3301/get-started-with-signoz-cloud) on your local machine
--- a/docs/contributing/tests/e2e.md
+++ b/docs/contributing/tests/e2e.md
@@ -1,261 +0,0 @@
-# E2E Tests
-
-SigNoz uses end-to-end tests to verify the frontend works correctly against a real backend. These tests use Playwright to drive a real browser against a containerized SigNoz stack that pytest brings up — the same fixture graph integration tests use, with an extra HTTP seeder container for per-spec telemetry seeding.
-
-## How to set up the E2E test environment?
-
-### Prerequisites
-
-Before running E2E tests, ensure you have the following installed:
-
- Python 3.13+
- [uv](https://docs.astral.sh/uv/getting-started/installation/)
- Docker (for containerized services)
- Node 18+ and Yarn
-
-### Initial Setup
-
-1. Install Python deps for the shared tests project:
-```bash
-cd tests
-uv sync
-```
-
-2. Install Node deps and Playwright browsers:
-```bash
-cd e2e
-yarn install
-yarn install:browsers   # one-time Playwright browser install
-```
-
-### Starting the Test Environment
-
-To spin up the backend stack (SigNoz, ClickHouse, Postgres, Zookeeper, Zeus mock, gateway mock, seeder, migrator-with-web) and keep it running:
-
-```bash
-cd tests
-uv run pytest --basetemp=./tmp/ -vv --reuse --with-web \
-  e2e/bootstrap/setup.py::test_setup
-```
-
-This command will:
- Bring up all containers via pytest fixtures
- Register the admin user (`admin@integration.test` / `password123Z$`)
- Apply the enterprise license (via a WireMock stub of Zeus) and dismiss the org-onboarding prompt so specs can navigate directly to feature pages
- Start the HTTP seeder container (`tests/seeder/` — exposing `/telemetry/{traces,logs,metrics}` POST + DELETE)
- Write backend coordinates to `tests/e2e/.env.local` (loaded by `playwright.config.ts` via dotenv)
- Keep containers running via the `--reuse` flag
-
-The `--with-web` flag builds the frontend into the SigNoz container — required for E2E. The build takes ~4 mins on a cold start.
-
-### Stopping the Test Environment
-
-When you're done writing E2E tests, clean up the environment:
-
-```bash
-cd tests
-uv run pytest --basetemp=./tmp/ -vv --teardown \
-  e2e/bootstrap/setup.py::test_teardown
-```
-
-## Understanding the E2E Test Framework
-
-Playwright drives a real browser (Chromium / Firefox / WebKit) against the running SigNoz frontend. The backend is brought up by the same pytest fixture graph integration tests use, so both suites share one source of truth for container lifecycle, license seeding, and test-user accounts.
-
- **Why Playwright?** First-class TypeScript support, network interception, automatic wait-for-visibility, built-in trace viewer that captures every request/response the UI triggers — so specs rarely need separate API probes alongside UI clicks.
- **Why pytest for lifecycle?** The integration suite already owns container bring-up. Reusing it keeps the E2E stack exactly in sync with the integration stack and avoids a parallel lifecycle framework.
- **Why a separate seeder container?** Per-spec telemetry seeding (traces / logs / metrics) needs a thin HTTP wrapper around the ClickHouse insert helpers so a browser spec can POST from inside the test. The seeder lives at `tests/seeder/`, is built from `tests/Dockerfile.seeder`, and reuses the same `fixtures/{traces,logs,metrics}.py` as integration tests.
-
-```
-tests/
-├── fixtures/                  # shared with integration (see integration.md)
-├── integration/               # pytest integration suite
-├── seeder/                    # standalone HTTP seeder container
-│   ├── __init__.py
-│   ├── Dockerfile
-│   └── server.py              # FastAPI app wrapping fixtures.{traces,logs,metrics}
-└── e2e/
-    ├── package.json
-    ├── playwright.config.ts   # loads .env + .env.local via dotenv
-    ├── .env.example           # staging-mode template
-    ├── .env.local             # generated by bootstrap/setup.py (gitignored)
-    ├── bootstrap/
-    │   └── setup.py           # test_setup / test_teardown — pytest lifecycle
-    ├── fixtures/
-    │   └── auth.ts            # authedPage Playwright fixture + per-worker storageState cache
-    ├── tests/                 # Playwright .spec.ts files, one dir per feature area
-    │   └── alerts/
-    │       └── alerts.spec.ts
-    └── artifacts/             # per-run output (gitignored)
-        ├── html/              # HTML reporter output
-        ├── json/              # JSON reporter output
-        └── results/           # per-test traces / screenshots / videos on failure
-```
-
-Each spec follows these principles:
-
-1. **Directory per feature**: `tests/e2e/tests/<feature>/*.spec.ts`. Cross-resource junction concerns (e.g. cascade-delete) go in their own file, not packed into one giant spec.
-2. **Test titles use `TC-NN`**: `test('TC-01 alerts page — tabs render', ...)`. Preserves ordering at a glance and maps to external coverage tracking.
-3. **UI-first**: drive flows through the UI. Playwright traces capture every BE request/response the UI triggers, so asserting on UI outcomes implicitly validates BE contracts. Reach for direct `page.request.*` only when the test's *purpose* is asserting a response contract (use `page.waitForResponse` on a UI click) or when a specific UI step is structurally flaky (e.g. Ant DatePicker calendar-cell indices) — and even then try UI first.
-4. **Self-contained state**: each spec creates what it needs and cleans up in `try/finally`. No global pre-seeding fixtures.
-
-## How to write an E2E test?
-
-Create a new file `tests/e2e/tests/alerts/smoke.spec.ts`:
-
-```typescript
-import { test, expect } from '../../fixtures/auth';
-
-test('TC-01 alerts page — tabs render', async ({ authedPage: page }) => {
-  await page.goto('/alerts');
-  await expect(page.getByRole('tab', { name: /alert rules/i })).toBeVisible();
-  await expect(page.getByRole('tab', { name: /configuration/i })).toBeVisible();
-});
-```
-
-The `authedPage` fixture (from `tests/e2e/fixtures/auth.ts`) gives you a `Page` whose browser context is already authenticated as the admin user. First use per worker triggers one login; the resulting `storageState` is held in memory and reused for later requests.
-
-To run just this test (assuming the stack is up via `test_setup`):
-
-```bash
-cd tests/e2e
-npx playwright test tests/alerts/smoke.spec.ts --project=chromium
-```
-
-Here's a more comprehensive example that exercises a CRUD flow via the UI:
-
-```typescript
-import { test, expect } from '../../fixtures/auth';
-
-test.describe.configure({ mode: 'serial' });
-
-test('TC-02 alerts list — create, toggle, delete', async ({ authedPage: page }) => {
-  await page.goto('/alerts?tab=AlertRules');
-  const name = 'smoke-rule';
-
-  // Seed via UI — click "New Alert", fill form, save.
-  await page.getByRole('button', { name: /new alert/i }).click();
-  await page.getByTestId('alert-name-input').fill(name);
-  // ... fill metric / threshold / save ...
-
-  // Find the row and exercise the action menu.
-  const row = page.locator('tr', { hasText: name });
-  await expect(row).toBeVisible();
-  await row.locator('[data-testid="alert-actions"] button').first().click();
-
-  // waitForResponse captures the network call the UI triggers — no parallel fetch needed.
-  const patchWait = page.waitForResponse(
-    (r) => r.url().includes('/rules/') && r.request().method() === 'PATCH',
-  );
-  await page.getByRole('menuitem').filter({ hasText: /^disable$/i }).click();
-  await patchWait;
-  await expect(row).toContainText(/disabled/i);
-});
-```
-
-### Locator priority
-
-1. `getByRole('button', { name: 'Submit' })`
-2. `getByLabel('Email')`
-3. `getByPlaceholder('...')`
-4. `getByText('...')`
-5. `getByTestId('...')`
-6. `locator('.ant-select')` — last resort (Ant Design dropdowns often have no semantic alternative)
-
-## How to run E2E tests?
-
-### Running All Tests
-
-With the stack already up, from `tests/e2e/`:
-
-```bash
-yarn test                 # headless, all projects
-```
-
-### Running Specific Projects
-
-```bash
-yarn test:chromium        # chromium only
-yarn test:firefox
-yarn test:webkit
-```
-
-### Running Specific Tests
-
-```bash
-cd tests/e2e
-
-# Single feature dir
-npx playwright test tests/alerts/ --project=chromium
-
-# Single file
-npx playwright test tests/alerts/alerts.spec.ts --project=chromium
-
-# Single test by title grep
-npx playwright test --project=chromium -g "TC-01"
-```
-
-### Iterative modes
-
-```bash
-yarn test:ui              # Playwright UI mode — watch + step through
-yarn test:headed          # headed browser
-yarn test:debug           # Playwright inspector, pause-on-breakpoint
-yarn codegen              # record-and-replay locator generation
-yarn report               # open the last HTML report (artifacts/html)
-```
-
-### Staging fallback
-
-Point `SIGNOZ_E2E_BASE_URL` at a remote env via `.env` — no local backend bring-up, no `.env.local` generated, Playwright hits the URL directly:
-
-```bash
-cd tests/e2e
-cp .env.example .env      # fill SIGNOZ_E2E_USERNAME / PASSWORD
-yarn test:staging
-```
-
-## How to configure different options for E2E tests?
-
-### Environment variables
-
-| Variable | Description |
-|---|---|
-| `SIGNOZ_E2E_BASE_URL` | Base URL the browser targets. Written by `bootstrap/setup.py` for local mode; set manually for staging. |
-| `SIGNOZ_E2E_USERNAME` | Admin email. Bootstrap writes `admin@integration.test`. |
-| `SIGNOZ_E2E_PASSWORD` | Admin password. Bootstrap writes the integration-test default. |
-| `SIGNOZ_E2E_SEEDER_URL` | Seeder HTTP base URL — hit by specs that need per-test telemetry. |
-
-Loading order in `playwright.config.ts`: `.env` first (user-provided, staging), then `.env.local` with `override: true` (bootstrap-generated, local mode). Anything already set in `process.env` at yarn-test time wins because dotenv doesn't touch vars that are already present.
-
-### Playwright options
-
-The full `playwright.config.ts` is the source of truth. Common things to tweak:
-
- `projects` — Chromium / Firefox / WebKit are enabled by default. Disable to speed up iteration.
- `retries` — `2` on CI (`process.env.CI`), `0` locally.
- `fullyParallel: true` — files run in parallel by worker; within a file, use `test.describe.configure({ mode: 'serial' })` if tests share list pages / mutate shared state.
- `trace: 'on-first-retry'`, `screenshot: 'only-on-failure'`, `video: 'retain-on-failure'` — default diagnostic artifacts land in `artifacts/results/<test>/`.
-
-### Pytest options (bootstrap side)
-
-The same pytest flags integration tests expose work here, since E2E reuses the shared fixture graph:
-
- `--reuse` — keep containers warm between runs (required for all iteration).
- `--teardown` — tear everything down.
- `--with-web` — build the frontend into the SigNoz container. **Required for E2E**; integration tests don't need it.
- `--sqlstore-provider`, `--postgres-version`, `--clickhouse-version`, etc. — see `docs/contributing/integration.md`.
-
-## What should I remember?
-
- **Always use the `--reuse` flag** when setting up the E2E stack. `--with-web` adds a ~4 min frontend build; you only want to pay that once.
- **Don't teardown before setup.** `--reuse` correctly handles partially-set-up state, so chaining teardown → setup wastes time.
- **Prefer UI-driven flows.** Playwright captures BE requests in the trace; a parallel `fetch` probe is almost always redundant. Drop to `page.request.*` only when the UI can't reach what you need.
- **Use `page.waitForResponse` on UI clicks** to assert BE contracts — it still exercises the UI trigger path.
- **Title every test `TC-NN <short description>`** — keeps the suite navigable and reportable.
- **Split by resource, not by regression suite.** One spec per feature resource; cross-resource junction concerns (cascade-delete, linked-edit) get their own file.
- **Use short descriptive resource names** (`alerts-list-rule`, `labels-rule`, `downtime-once`) — no timestamp disambiguation. Each test owns its resources and cleans up in `try/finally`.
- **Never commit `test.only`** — a pre-commit check or CI runs with `forbidOnly: true`.
- **Prefer explicit waits over `page.waitForTimeout(ms)`.** `await expect(locator).toBeVisible()` is always better than `waitForTimeout(5000)`.
- **Unique test names won't save you from shared-tenant state.** When two tests hit the same list page, either serialize (`describe.configure({ mode: 'serial' })`) or isolate cleanup religiously.
- **Artifacts go to `tests/e2e/artifacts/`** — HTML report at `artifacts/html`, traces at `artifacts/results/<test>/`. All gitignored; archive the dir in CI.
--- a/docs/contributing/tests/integration.md
+++ b/docs/contributing/tests/integration.md
@@ -1,251 +0,0 @@
-# Integration Tests
-
-SigNoz uses integration tests to verify that different components work together correctly in a real environment. These tests run against actual services (ClickHouse, PostgreSQL, SigNoz, Zeus mock, Keycloak, etc.) spun up as containers, so suites exercise the same code paths production does.
-
-## How to set up the integration test environment?
-
-### Prerequisites
-
-Before running integration tests, ensure you have the following installed:
-
- Python 3.13+
- [uv](https://docs.astral.sh/uv/getting-started/installation/)
- Docker (for containerized services)
-
-### Initial Setup
-
-1. Navigate to the shared tests project:
-```bash
-cd tests
-```
-
-2. Install dependencies using uv:
-```bash
-uv sync
-```
-
-> **_NOTE:_** the build backend could throw an error while installing `psycopg2`, please see https://www.psycopg.org/docs/install.html#build-prerequisites
-
-### Starting the Test Environment
-
-To spin up all the containers necessary for writing integration tests and keep them running:
-
-```bash
-make py-test-setup
-```
-
-Under the hood this runs, from `tests/`:
-
-```bash
-uv run pytest --basetemp=./tmp/ -vv --reuse integration/bootstrap/setup.py::test_setup
-```
-
-This command will:
- Start all required services (ClickHouse, PostgreSQL, Zookeeper, SigNoz, Zeus mock, gateway mock)
- Register an admin user
- Keep containers running via the `--reuse` flag
-
-### Stopping the Test Environment
-
-When you're done writing integration tests, clean up the environment:
-
-```bash
-make py-test-teardown
-```
-
-Which runs:
-
-```bash
-uv run pytest --basetemp=./tmp/ -vv --teardown integration/bootstrap/setup.py::test_teardown
-```
-
-This destroys the running integration test setup and cleans up resources.
-
-## Understanding the Integration Test Framework
-
-Python and pytest form the foundation of the integration testing framework. Testcontainers are used to spin up disposable integration environments. WireMock is used to spin up **test doubles** of external services (Zeus cloud API, gateway, etc.).
-
- **Why Python/pytest?** It's expressive, low-boilerplate, and has powerful fixture capabilities that make integration testing straightforward. Extensive libraries for HTTP requests, JSON handling, and data analysis (numpy) make it easier to test APIs and verify data.
- **Why testcontainers?** They let us spin up isolated dependencies that match our production environment without complex setup.
- **Why WireMock?** Well maintained, documented, and extensible.
-
-```
-tests/
-├── conftest.py              # pytest_plugins registration
-├── pyproject.toml
-├── uv.lock
-├── fixtures/                # shared fixture library (flat package)
-│   ├── __init__.py
-│   ├── auth.py              # admin/editor/viewer users, tokens, license
-│   ├── clickhouse.py
-│   ├── http.py              # WireMock helpers
-│   ├── keycloak.py          # IdP container
-│   ├── postgres.py
-│   ├── signoz.py            # SigNoz-backend container
-│   ├── sql.py
-│   ├── types.py
-│   └── ...                  # logs, metrics, traces, alerts, dashboards, ...
-├── integration/
-│   ├── bootstrap/
-│   │   └── setup.py         # test_setup / test_teardown
-│   ├── testdata/            # JSON / JSONL / YAML inputs per suite
-│   └── tests/               # one directory per feature area
-│       ├── alerts/
-│       │   ├── 01_*.py      # numbered suite files
-│       │   └── conftest.py  # optional suite-local fixtures
-│       ├── auditquerier/
-│       ├── cloudintegrations/
-│       ├── dashboard/
-│       ├── passwordauthn/
-│       ├── querier/
-│       └── ...
-└── e2e/                     # Playwright suite (see docs/contributing/e2e.md)
-```
-
-Each test suite follows these principles:
-
-1. **Organization**: Suites live under `tests/integration/tests/` in self-contained packages. Shared fixtures live in the top-level `tests/fixtures/` package so the e2e tree can reuse them.
-2. **Execution Order**: Files are prefixed with two-digit numbers (`01_`, `02_`, `03_`) to ensure sequential execution when tests depend on ordering.
-3. **Time Constraints**: Each suite should complete in under 10 minutes (setup takes ~4 mins).
-
-### Test Suite Design
-
-Test suites should target functional domains or subsystems within SigNoz. When designing a test suite, consider these principles:
-
- **Functional Cohesion**: Group tests around a specific capability or service boundary
- **Data Flow**: Follow the path of data through related components
- **Change Patterns**: Components frequently modified together should be tested together
-
-The exact boundaries for suites are intentionally flexible, allowing contributors to define logical groupings based on their domain knowledge. Current suites cover alerts, audit querier, callback authn, cloud integrations, dashboards, ingestion keys, logs pipelines, password authn, preferences, querier, raw export data, roles, root user, service accounts, and TTL.
-
-## How to write an integration test?
-
-Now start writing an integration test. Create a new file `tests/integration/tests/bootstrap/01_version.py` and paste the following:
-
-```python
-import requests
-
-from fixtures import types
-from fixtures.logger import setup_logger
-
-logger = setup_logger(__name__)
-
-
-def test_version(signoz: types.SigNoz) -> None:
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/version"),
-        timeout=2,
-    )
-    logger.info(response)
-```
-
-We have written a simple test which calls the `version` endpoint of the SigNoz backend. **To run just this function, run the following command:**
-
-```bash
-cd tests
-uv run pytest --basetemp=./tmp/ -vv --reuse \
-  integration/tests/bootstrap/01_version.py::test_version
-```
-
-> **Note:** The `--reuse` flag is used to reuse the environment if it is already running. Always use this flag when writing and running integration tests. Without it the environment is destroyed and recreated every run.
-
-Here's another example of how to write a more comprehensive integration test:
-
-```python
-from http import HTTPStatus
-import requests
-from fixtures import types
-from fixtures.logger import setup_logger
-
-logger = setup_logger(__name__)
-
-
-def test_user_registration(signoz: types.SigNoz) -> None:
-    """Test user registration functionality."""
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/register"),
-        json={
-            "name": "testuser",
-            "orgId": "",
-            "orgName": "test.org",
-            "email": "test@example.com",
-            "password": "password123Z$",
-        },
-        timeout=2,
-    )
-
-    assert response.status_code == HTTPStatus.OK
-    assert response.json()["setupCompleted"] is True
-```
-
-Test inputs (JSON fixtures, expected payloads) go under `tests/integration/testdata/<suite>/` and are loaded via `fixtures.fs.get_testdata_file_path`.
-
-## How to run integration tests?
-
-### Running All Tests
-
-```bash
-make py-test
-```
-
-Which runs:
-
-```bash
-uv run pytest --basetemp=./tmp/ -vv integration/tests/
-```
-
-### Running Specific Test Categories
-
-```bash
-cd tests
-uv run pytest --basetemp=./tmp/ -vv --reuse integration/tests/<suite>/
-
-# Run querier tests
-uv run pytest --basetemp=./tmp/ -vv --reuse integration/tests/querier/
-# Run passwordauthn tests
-uv run pytest --basetemp=./tmp/ -vv --reuse integration/tests/passwordauthn/
-```
-
-### Running Individual Tests
-
-```bash
-uv run pytest --basetemp=./tmp/ -vv --reuse \
-  integration/tests/<suite>/<file>.py::test_name
-
-# Run test_register in 01_register.py in the passwordauthn suite
-uv run pytest --basetemp=./tmp/ -vv --reuse \
-  integration/tests/passwordauthn/01_register.py::test_register
-```
-
-## How to configure different options for integration tests?
-
-Tests can be configured using pytest options:
-
- `--sqlstore-provider` — Choose the SQL store provider (default: `postgres`)
- `--sqlite-mode` — SQLite journal mode: `delete` or `wal` (default: `delete`). Only relevant when `--sqlstore-provider=sqlite`.
- `--postgres-version` — PostgreSQL version (default: `15`)
- `--clickhouse-version` — ClickHouse version (default: `25.5.6`)
- `--zookeeper-version` — Zookeeper version (default: `3.7.1`)
- `--schema-migrator-version` — SigNoz schema migrator version (default: `v0.144.2`)
-
-Example:
-
-```bash
-uv run pytest --basetemp=./tmp/ -vv --reuse \
-  --sqlstore-provider=postgres --postgres-version=14 \
-  integration/tests/passwordauthn/
-```
-
-## What should I remember?
-
- **Always use the `--reuse` flag** when setting up the environment or running tests to keep containers warm. Without it every run rebuilds the stack (~4 mins).
- **Use the `--teardown` flag** only when cleaning up — mixing `--teardown` with `--reuse` is a contradiction.
- **Do not pre-emptively teardown before setup.** If the stack is partially up, `--reuse` picks up from wherever it is. `make py-test-teardown` then `make py-test-setup` wastes minutes.
- **Follow the naming convention** with two-digit numeric prefixes (`01_`, `02_`) for ordered test execution within a suite.
- **Use proper timeouts** in HTTP requests to avoid hanging tests (`timeout=5` is typical).
- **Clean up test data** between tests in the same suite to avoid interference — or rely on a fresh SigNoz container if you need full isolation.
- **Use descriptive test names** that clearly indicate what is being tested.
- **Leverage fixtures** for common setup. The shared fixture package is at `tests/fixtures/` — reuse before adding new ones.
- **Test both success and failure scenarios** (4xx / 5xx paths) to ensure robust functionality.
- **Run `make py-fmt` and `make py-lint` before committing** Python changes — black + isort + autoflake + pylint.
- **`--sqlite-mode=wal` does not work on macOS.** The integration test environment runs SigNoz inside a Linux container with the SQLite database file mounted from the macOS host. WAL mode requires shared memory between connections, and connections crossing the VM boundary (macOS host ↔ Linux container) cannot share the WAL index, resulting in `SQLITE_IOERR_SHORT_READ`. WAL mode is tested in CI on Linux only.
--- a/ee/modules/cloudintegration/implcloudintegration/implcloudprovider/awscloudprovider.go
+++ b/ee/modules/cloudintegration/implcloudintegration/implcloudprovider/awscloudprovider.go
@@ -1,127 +0,0 @@
-package implcloudprovider
-
-import (
-	"context"
-	"fmt"
-	"net/url"
-	"sort"
-
-	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
-	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-)
-
-type awscloudprovider struct {
-	serviceDefinitions cloudintegrationtypes.ServiceDefinitionStore
-}
-
-func NewAWSCloudProvider(defStore cloudintegrationtypes.ServiceDefinitionStore) (cloudintegration.CloudProviderModule, error) {
-	return &awscloudprovider{serviceDefinitions: defStore}, nil
-}
-
-func (provider *awscloudprovider) GetConnectionArtifact(ctx context.Context, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.GetConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
-	baseURL := fmt.Sprintf(cloudintegrationtypes.CloudFormationQuickCreateBaseURL.StringValue(), req.Config.AWS.DeploymentRegion)
-	u, _ := url.Parse(baseURL)
-
-	q := u.Query()
-	q.Set("region", req.Config.AWS.DeploymentRegion)
-	u.Fragment = "/stacks/quickcreate"
-
-	u.RawQuery = q.Encode()
-
-	q = u.Query()
-	q.Set("stackName", cloudintegrationtypes.AgentCloudFormationBaseStackName.StringValue())
-	q.Set("templateURL", fmt.Sprintf(cloudintegrationtypes.AgentCloudFormationTemplateS3Path.StringValue(), req.Config.AgentVersion))
-	q.Set("param_SigNozIntegrationAgentVersion", req.Config.AgentVersion)
-	q.Set("param_SigNozApiUrl", req.Credentials.SigNozAPIURL)
-	q.Set("param_SigNozApiKey", req.Credentials.SigNozAPIKey)
-	q.Set("param_SigNozAccountId", account.ID.StringValue())
-	q.Set("param_IngestionUrl", req.Credentials.IngestionURL)
-	q.Set("param_IngestionKey", req.Credentials.IngestionKey)
-
-	return &cloudintegrationtypes.ConnectionArtifact{
-		AWS: cloudintegrationtypes.NewAWSConnectionArtifact(u.String() + "?&" + q.Encode()), // this format is required by AWS
-	}, nil
-}
-
-func (provider *awscloudprovider) ListServiceDefinitions(ctx context.Context) ([]*cloudintegrationtypes.ServiceDefinition, error) {
-	return provider.serviceDefinitions.List(ctx, cloudintegrationtypes.CloudProviderTypeAWS)
-}
-
-func (provider *awscloudprovider) GetServiceDefinition(ctx context.Context, serviceID cloudintegrationtypes.ServiceID) (*cloudintegrationtypes.ServiceDefinition, error) {
-	serviceDef, err := provider.serviceDefinitions.Get(ctx, cloudintegrationtypes.CloudProviderTypeAWS, serviceID)
-	if err != nil {
-		return nil, err
-	}
-
-	// override cloud integration dashboard id
-	for index, dashboard := range serviceDef.Assets.Dashboards {
-		serviceDef.Assets.Dashboards[index].ID = cloudintegrationtypes.GetCloudIntegrationDashboardID(cloudintegrationtypes.CloudProviderTypeAWS, serviceID.StringValue(), dashboard.ID)
-	}
-
-	return serviceDef, nil
-}
-
-func (provider *awscloudprovider) BuildIntegrationConfig(
-	ctx context.Context,
-	account *cloudintegrationtypes.Account,
-	services []*cloudintegrationtypes.StorableCloudIntegrationService,
-) (*cloudintegrationtypes.ProviderIntegrationConfig, error) {
-	// Sort services for deterministic output
-	sort.Slice(services, func(i, j int) bool {
-		return services[i].Type.StringValue() < services[j].Type.StringValue()
-	})
-
-	compiledMetrics := new(cloudintegrationtypes.AWSMetricsCollectionStrategy)
-	compiledLogs := new(cloudintegrationtypes.AWSLogsCollectionStrategy)
-	var compiledS3Buckets map[string][]string
-
-	for _, storedSvc := range services {
-		svcCfg, err := cloudintegrationtypes.NewServiceConfigFromJSON(cloudintegrationtypes.CloudProviderTypeAWS, storedSvc.Config)
-		if err != nil {
-			return nil, err
-		}
-
-		svcDef, err := provider.GetServiceDefinition(ctx, storedSvc.Type)
-		if err != nil {
-			return nil, err
-		}
-
-		strategy := svcDef.TelemetryCollectionStrategy.AWS
-		logsEnabled := svcCfg.IsLogsEnabled(cloudintegrationtypes.CloudProviderTypeAWS)
-
-		// S3Sync: logs come directly from configured S3 buckets, not CloudWatch subscriptions
-		if storedSvc.Type == cloudintegrationtypes.AWSServiceS3Sync {
-			if logsEnabled && svcCfg.AWS.Logs.S3Buckets != nil {
-				compiledS3Buckets = svcCfg.AWS.Logs.S3Buckets
-			}
-			// no need to go ahead as the code block specifically checks for the S3Sync service
-			continue
-		}
-
-		if logsEnabled && strategy.Logs != nil {
-			compiledLogs.Subscriptions = append(compiledLogs.Subscriptions, strategy.Logs.Subscriptions...)
-		}
-
-		metricsEnabled := svcCfg.IsMetricsEnabled(cloudintegrationtypes.CloudProviderTypeAWS)
-
-		if metricsEnabled && strategy.Metrics != nil {
-			compiledMetrics.StreamFilters = append(compiledMetrics.StreamFilters, strategy.Metrics.StreamFilters...)
-		}
-	}
-
-	collectionStrategy := new(cloudintegrationtypes.AWSTelemetryCollectionStrategy)
-
-	if len(compiledMetrics.StreamFilters) > 0 {
-		collectionStrategy.Metrics = compiledMetrics
-	}
-	if len(compiledLogs.Subscriptions) > 0 {
-		collectionStrategy.Logs = compiledLogs
-	}
-	if compiledS3Buckets != nil {
-		collectionStrategy.S3Buckets = compiledS3Buckets
-	}
-
-	return &cloudintegrationtypes.ProviderIntegrationConfig{
-		AWS: cloudintegrationtypes.NewAWSIntegrationConfig(account.Config.AWS.Regions, collectionStrategy),
-	}, nil
-}
--- a/ee/modules/cloudintegration/implcloudintegration/implcloudprovider/azurecloudprovider.go
+++ b/ee/modules/cloudintegration/implcloudintegration/implcloudprovider/azurecloudprovider.go
@@ -1,34 +0,0 @@
-package implcloudprovider
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
-	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-)
-
-type azurecloudprovider struct{}
-
-func NewAzureCloudProvider() cloudintegration.CloudProviderModule {
-	return &azurecloudprovider{}
-}
-
-func (provider *azurecloudprovider) GetConnectionArtifact(ctx context.Context, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.GetConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
-	panic("implement me")
-}
-
-func (provider *azurecloudprovider) ListServiceDefinitions(ctx context.Context) ([]*cloudintegrationtypes.ServiceDefinition, error) {
-	panic("implement me")
-}
-
-func (provider *azurecloudprovider) GetServiceDefinition(ctx context.Context, serviceID cloudintegrationtypes.ServiceID) (*cloudintegrationtypes.ServiceDefinition, error) {
-	panic("implement me")
-}
-
-func (provider *azurecloudprovider) BuildIntegrationConfig(
-	ctx context.Context,
-	account *cloudintegrationtypes.Account,
-	services []*cloudintegrationtypes.StorableCloudIntegrationService,
-) (*cloudintegrationtypes.ProviderIntegrationConfig, error) {
-	panic("implement me")
-}
--- a/ee/modules/cloudintegration/implcloudintegration/module.go
+++ b/ee/modules/cloudintegration/implcloudintegration/module.go
@@ -1,540 +0,0 @@
-package implcloudintegration
-
-import (
-	"context"
-	"fmt"
-	"sort"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/gateway"
-	"github.com/SigNoz/signoz/pkg/global"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
-	"github.com/SigNoz/signoz/pkg/modules/serviceaccount"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/types/serviceaccounttypes"
-	"github.com/SigNoz/signoz/pkg/types/zeustypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/SigNoz/signoz/pkg/zeus"
-)
-
-type module struct {
-	store             cloudintegrationtypes.Store
-	gateway           gateway.Gateway
-	zeus              zeus.Zeus
-	licensing         licensing.Licensing
-	global            global.Global
-	serviceAccount    serviceaccount.Module
-	cloudProvidersMap map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProviderModule
-	config            cloudintegration.Config
-}
-
-func NewModule(
-	store cloudintegrationtypes.Store,
-	global global.Global,
-	zeus zeus.Zeus,
-	gateway gateway.Gateway,
-	licensing licensing.Licensing,
-	serviceAccount serviceaccount.Module,
-	cloudProvidersMap map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProviderModule,
-	config cloudintegration.Config,
-) (cloudintegration.Module, error) {
-	return &module{
-		store:             store,
-		global:            global,
-		zeus:              zeus,
-		gateway:           gateway,
-		licensing:         licensing,
-		serviceAccount:    serviceAccount,
-		cloudProvidersMap: cloudProvidersMap,
-		config:            config,
-	}, nil
-}
-
-// GetConnectionCredentials returns credentials required to generate connection artifact. eg. apiKey, ingestionKey etc.
-// It will return creds it can deduce and return empty value for others.
-func (module *module) GetConnectionCredentials(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.Credentials, error) {
-	// get license to get the deployment details
-	license, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	// get deployment details from zeus, ignore error
-	respBytes, _ := module.zeus.GetDeployment(ctx, license.Key)
-
-	var signozAPIURL string
-
-	if len(respBytes) > 0 {
-		// parse deployment details, ignore error, if client is asking api url every time check for possible error
-		deployment, _ := zeustypes.NewGettableDeployment(respBytes)
-		if deployment != nil {
-			signozAPIURL, _ = cloudintegrationtypes.GetSigNozAPIURLFromDeployment(deployment)
-		}
-	}
-
-	// ignore error
-	apiKey, _ := module.getOrCreateAPIKey(ctx, orgID, provider)
-
-	// ignore error
-	ingestionKey, _ := module.getOrCreateIngestionKey(ctx, orgID, provider)
-
-	return cloudintegrationtypes.NewCredentials(
-		signozAPIURL,
-		apiKey,
-		module.global.GetConfig(ctx).IngestionURL,
-		ingestionKey,
-	), nil
-}
-
-func (module *module) CreateAccount(ctx context.Context, account *cloudintegrationtypes.Account) error {
-	_, err := module.licensing.GetActive(ctx, account.OrgID)
-	if err != nil {
-		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	storableCloudIntegration, err := cloudintegrationtypes.NewStorableCloudIntegration(account)
-	if err != nil {
-		return err
-	}
-
-	return module.store.CreateAccount(ctx, storableCloudIntegration)
-}
-
-func (module *module) GetConnectionArtifact(ctx context.Context, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.GetConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
-	_, err := module.licensing.GetActive(ctx, account.OrgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	cloudProviderModule, err := module.getCloudProvider(account.Provider)
-	if err != nil {
-		return nil, err
-	}
-
-	req.Config.SetAgentVersion(module.config.Agent.Version)
-	return cloudProviderModule.GetConnectionArtifact(ctx, account, req)
-}
-
-func (module *module) GetAccount(ctx context.Context, orgID valuer.UUID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.Account, error) {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	storableAccount, err := module.store.GetAccountByID(ctx, orgID, accountID, provider)
-	if err != nil {
-		return nil, err
-	}
-
-	return cloudintegrationtypes.NewAccountFromStorable(storableAccount)
-}
-
-func (module *module) GetConnectedAccount(ctx context.Context, orgID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.Account, error) {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	storableAccount, err := module.store.GetConnectedAccount(ctx, orgID, accountID, provider)
-	if err != nil {
-		return nil, err
-	}
-
-	return cloudintegrationtypes.NewAccountFromStorable(storableAccount)
-}
-
-// ListAccounts return only agent connected accounts.
-func (module *module) ListAccounts(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) ([]*cloudintegrationtypes.Account, error) {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	storableAccounts, err := module.store.ListConnectedAccounts(ctx, orgID, provider)
-	if err != nil {
-		return nil, err
-	}
-
-	return cloudintegrationtypes.NewAccountsFromStorables(storableAccounts)
-}
-
-func (module *module) AgentCheckIn(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, req *cloudintegrationtypes.AgentCheckInRequest) (*cloudintegrationtypes.AgentCheckInResponse, error) {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	connectedAccount, err := module.store.GetConnectedAccountByProviderAccountID(ctx, orgID, req.ProviderAccountID, provider)
-	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
-		return nil, err
-	}
-
-	// If a different integration is already connected to this provider account ID, reject the check-in.
-	// Allow re-check-in from the same integration (e.g. agent restarting).
-	if connectedAccount != nil && connectedAccount.ID != req.CloudIntegrationID {
-		errMessage := fmt.Sprintf("provider account id %s is already connected to cloud integration id %s", req.ProviderAccountID, connectedAccount.ID)
-		return nil, errors.New(errors.TypeAlreadyExists, cloudintegrationtypes.ErrCodeCloudIntegrationAlreadyConnected, errMessage)
-	}
-
-	account, err := module.store.GetAccountByID(ctx, orgID, req.CloudIntegrationID, provider)
-	if err != nil {
-		return nil, err
-	}
-
-	// If account has been removed (disconnected), return a minimal response with empty integration config.
-	// The agent uses this response to clean up resources
-	if account.RemovedAt != nil {
-		return cloudintegrationtypes.NewAgentCheckInResponse(
-			req.ProviderAccountID,
-			account.ID.StringValue(),
-			new(cloudintegrationtypes.ProviderIntegrationConfig),
-			account.RemovedAt,
-		), nil
-	}
-
-	// update account with cloud provider account id and agent report (heartbeat)
-	account.Update(&req.ProviderAccountID, cloudintegrationtypes.NewAgentReport(req.Data))
-
-	err = module.store.UpdateAccount(ctx, account)
-	if err != nil {
-		return nil, err
-	}
-
-	// Get account as domain object for config access (enabled regions, etc.)
-	domainAccount, err := cloudintegrationtypes.NewAccountFromStorable(account)
-	if err != nil {
-		return nil, err
-	}
-
-	cloudProvider, err := module.getCloudProvider(provider)
-	if err != nil {
-		return nil, err
-	}
-
-	storedServices, err := module.store.ListServices(ctx, req.CloudIntegrationID)
-	if err != nil {
-		return nil, err
-	}
-
-	// Delegate integration config building entirely to the provider module
-	integrationConfig, err := cloudProvider.BuildIntegrationConfig(ctx, domainAccount, storedServices)
-	if err != nil {
-		return nil, err
-	}
-
-	return cloudintegrationtypes.NewAgentCheckInResponse(
-		req.ProviderAccountID,
-		account.ID.StringValue(),
-		integrationConfig,
-		account.RemovedAt,
-	), nil
-}
-
-func (module *module) UpdateAccount(ctx context.Context, account *cloudintegrationtypes.Account) error {
-	_, err := module.licensing.GetActive(ctx, account.OrgID)
-	if err != nil {
-		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	storableAccount, err := cloudintegrationtypes.NewStorableCloudIntegration(account)
-	if err != nil {
-		return err
-	}
-
-	return module.store.UpdateAccount(ctx, storableAccount)
-}
-
-func (module *module) DisconnectAccount(ctx context.Context, orgID valuer.UUID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) error {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	return module.store.RemoveAccount(ctx, orgID, accountID, provider)
-}
-
-func (module *module) ListServicesMetadata(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, integrationID valuer.UUID) ([]*cloudintegrationtypes.ServiceMetadata, error) {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	cloudProvider, err := module.getCloudProvider(provider)
-	if err != nil {
-		return nil, err
-	}
-
-	serviceDefinitions, err := cloudProvider.ListServiceDefinitions(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	enabledServiceIDs := map[string]bool{}
-	if !integrationID.IsZero() {
-		storedServices, err := module.store.ListServices(ctx, integrationID)
-		if err != nil {
-			return nil, err
-		}
-
-		for _, svc := range storedServices {
-			serviceConfig, err := cloudintegrationtypes.NewServiceConfigFromJSON(provider, svc.Config)
-			if err != nil {
-				return nil, err
-			}
-
-			if serviceConfig.IsServiceEnabled(provider) {
-				enabledServiceIDs[svc.Type.StringValue()] = true
-			}
-		}
-	}
-
-	resp := make([]*cloudintegrationtypes.ServiceMetadata, 0, len(serviceDefinitions))
-	for _, serviceDefinition := range serviceDefinitions {
-		resp = append(resp, cloudintegrationtypes.NewServiceMetadata(*serviceDefinition, enabledServiceIDs[serviceDefinition.ID]))
-	}
-
-	return resp, nil
-}
-
-func (module *module) GetService(ctx context.Context, orgID valuer.UUID, serviceID cloudintegrationtypes.ServiceID, provider cloudintegrationtypes.CloudProviderType, cloudIntegrationID valuer.UUID) (*cloudintegrationtypes.Service, error) {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	cloudProvider, err := module.getCloudProvider(provider)
-	if err != nil {
-		return nil, err
-	}
-
-	serviceDefinition, err := cloudProvider.GetServiceDefinition(ctx, serviceID)
-	if err != nil {
-		return nil, err
-	}
-
-	var integrationService *cloudintegrationtypes.CloudIntegrationService
-
-	if !cloudIntegrationID.IsZero() {
-		storedService, err := module.store.GetServiceByServiceID(ctx, cloudIntegrationID, serviceID)
-		if err != nil && !errors.Ast(err, errors.TypeNotFound) {
-			return nil, err
-		}
-		if storedService != nil {
-			serviceConfig, err := cloudintegrationtypes.NewServiceConfigFromJSON(provider, storedService.Config)
-			if err != nil {
-				return nil, err
-			}
-
-			integrationService = cloudintegrationtypes.NewCloudIntegrationServiceFromStorable(storedService, serviceConfig)
-		}
-	}
-
-	return cloudintegrationtypes.NewService(*serviceDefinition, integrationService), nil
-}
-
-func (module *module) CreateService(ctx context.Context, orgID valuer.UUID, service *cloudintegrationtypes.CloudIntegrationService, provider cloudintegrationtypes.CloudProviderType) error {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	cloudProvider, err := module.getCloudProvider(provider)
-	if err != nil {
-		return err
-	}
-
-	serviceDefinition, err := cloudProvider.GetServiceDefinition(ctx, service.Type)
-	if err != nil {
-		return err
-	}
-
-	configJSON, err := service.Config.ToJSON(provider, service.Type, &serviceDefinition.SupportedSignals)
-	if err != nil {
-		return err
-	}
-
-	return module.store.CreateService(ctx, cloudintegrationtypes.NewStorableCloudIntegrationService(service, string(configJSON)))
-}
-
-func (module *module) UpdateService(ctx context.Context, orgID valuer.UUID, integrationService *cloudintegrationtypes.CloudIntegrationService, provider cloudintegrationtypes.CloudProviderType) error {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	cloudProvider, err := module.getCloudProvider(provider)
-	if err != nil {
-		return err
-	}
-
-	serviceDefinition, err := cloudProvider.GetServiceDefinition(ctx, integrationService.Type)
-	if err != nil {
-		return err
-	}
-
-	configJSON, err := integrationService.Config.ToJSON(provider, integrationService.Type, &serviceDefinition.SupportedSignals)
-	if err != nil {
-		return err
-	}
-
-	storableService := cloudintegrationtypes.NewStorableCloudIntegrationService(integrationService, string(configJSON))
-
-	return module.store.UpdateService(ctx, storableService)
-}
-
-func (module *module) GetDashboardByID(ctx context.Context, orgID valuer.UUID, id string) (*dashboardtypes.Dashboard, error) {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	_, _, _, err = cloudintegrationtypes.ParseCloudIntegrationDashboardID(id)
-	if err != nil {
-		return nil, err
-	}
-
-	allDashboards, err := module.listDashboards(ctx, orgID)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, d := range allDashboards {
-		if d.ID == id {
-			return d, nil
-		}
-	}
-
-	return nil, errors.New(errors.TypeNotFound, cloudintegrationtypes.ErrCodeCloudIntegrationNotFound, "cloud integration dashboard not found")
-}
-
-func (module *module) ListDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error) {
-	_, err := module.licensing.GetActive(ctx, orgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	return module.listDashboards(ctx, orgID)
-}
-
-func (module *module) Collect(ctx context.Context, orgID valuer.UUID) (map[string]any, error) {
-	stats := make(map[string]any)
-
-	// get connected accounts for AWS
-	awsAccountsCount, err := module.store.CountConnectedAccounts(ctx, orgID, cloudintegrationtypes.CloudProviderTypeAWS)
-	if err == nil {
-		stats["cloudintegration.aws.connectedaccounts.count"] = awsAccountsCount
-	}
-
-	// NOTE: not adding stats for services for now.
-
-	// TODO: add more cloud providers when supported
-
-	return stats, nil
-}
-
-func (module *module) getCloudProvider(provider cloudintegrationtypes.CloudProviderType) (cloudintegration.CloudProviderModule, error) {
-	if cloudProviderModule, ok := module.cloudProvidersMap[provider]; ok {
-		return cloudProviderModule, nil
-	}
-
-	return nil, errors.NewInvalidInputf(cloudintegrationtypes.ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
-}
-
-func (module *module) getOrCreateIngestionKey(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (string, error) {
-	keyName := cloudintegrationtypes.NewIngestionKeyName(provider)
-
-	result, err := module.gateway.SearchIngestionKeysByName(ctx, orgID, keyName, 1, 10)
-	if err != nil {
-		return "", errors.WrapInternalf(err, errors.CodeInternal, "couldn't search ingestion keys")
-	}
-
-	// ideally there should be only one key per cloud integration provider
-	if len(result.Keys) > 0 {
-		return result.Keys[0].Value, nil
-	}
-
-	createdIngestionKey, err := module.gateway.CreateIngestionKey(ctx, orgID, keyName, []string{"integration"}, time.Time{})
-	if err != nil {
-		return "", errors.WrapInternalf(err, errors.CodeInternal, "couldn't create ingestion key")
-	}
-
-	return createdIngestionKey.Value, nil
-}
-
-func (module *module) getOrCreateAPIKey(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (string, error) {
-	domain := module.serviceAccount.Config().Email.Domain
-	serviceAccount := serviceaccounttypes.NewServiceAccount("integration", domain, serviceaccounttypes.ServiceAccountStatusActive, orgID)
-	serviceAccount, err := module.serviceAccount.GetOrCreate(ctx, orgID, serviceAccount)
-	if err != nil {
-		return "", err
-	}
-	err = module.serviceAccount.SetRoleByName(ctx, orgID, serviceAccount.ID, authtypes.SigNozViewerRoleName)
-	if err != nil {
-		return "", err
-	}
-
-	factorAPIKey, err := serviceAccount.NewFactorAPIKey(provider.StringValue(), 0)
-	if err != nil {
-		return "", err
-	}
-
-	factorAPIKey, err = module.serviceAccount.GetOrCreateFactorAPIKey(ctx, factorAPIKey)
-	if err != nil {
-		return "", err
-	}
-	return factorAPIKey.Key, nil
-}
-
-func (module *module) listDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error) {
-	var allDashboards []*dashboardtypes.Dashboard
-
-	for provider := range module.cloudProvidersMap {
-		cloudProvider, err := module.getCloudProvider(provider)
-		if err != nil {
-			return nil, err
-		}
-
-		connectedAccounts, err := module.store.ListConnectedAccounts(ctx, orgID, provider)
-		if err != nil {
-			return nil, err
-		}
-
-		for _, storableAccount := range connectedAccounts {
-			storedServices, err := module.store.ListServices(ctx, storableAccount.ID)
-			if err != nil {
-				return nil, err
-			}
-
-			for _, storedSvc := range storedServices {
-				serviceConfig, err := cloudintegrationtypes.NewServiceConfigFromJSON(provider, storedSvc.Config)
-				if err != nil || !serviceConfig.IsMetricsEnabled(provider) {
-					continue
-				}
-
-				svcDef, err := cloudProvider.GetServiceDefinition(ctx, storedSvc.Type)
-				if err != nil || svcDef == nil {
-					continue
-				}
-
-				dashboards := cloudintegrationtypes.GetDashboardsFromAssets(
-					storedSvc.Type.StringValue(),
-					orgID,
-					provider,
-					storableAccount.CreatedAt,
-					svcDef.Assets,
-				)
-				allDashboards = append(allDashboards, dashboards...)
-			}
-		}
-	}
-
-	sort.Slice(allDashboards, func(i, j int) bool {
-		return allDashboards[i].ID < allDashboards[j].ID
-	})
-
-	return allDashboards, nil
-}
--- a/ee/query-service/app/api/api.go
+++ b/ee/query-service/app/api/api.go
@@ -6,6 +6,7 @@ import (

 	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
 	"github.com/SigNoz/signoz/ee/query-service/usage"
+	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/global"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
@@ -14,6 +15,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
 	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	rules "github.com/SigNoz/signoz/pkg/query-service/rules"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/version"
@@ -22,6 +24,7 @@ import (

 type APIHandlerOptions struct {
 	DataConnector                 interfaces.Reader
+	RulesManager                  *rules.Manager
 	UsageManager                  *usage.Manager
 	IntegrationsController        *integrations.Controller
 	CloudIntegrationsController   *cloudintegrations.Controller
@@ -41,10 +44,12 @@ type APIHandler struct {
 func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz, config signoz.Config) (*APIHandler, error) {
 	baseHandler, err := baseapp.NewAPIHandler(baseapp.APIHandlerOpts{
 		Reader:                        opts.DataConnector,
+		RuleManager:                   opts.RulesManager,
 		IntegrationsController:        opts.IntegrationsController,
 		CloudIntegrationsController:   opts.CloudIntegrationsController,
 		LogsParsingPipelineController: opts.LogsParsingPipelineController,
 		FluxInterval:                  opts.FluxInterval,
+		AlertmanagerAPI:               alertmanager.NewAPI(signoz.Alertmanager),
 		LicensingAPI:                  httplicensing.NewLicensingAPI(signoz.Licensing),
 		Signoz:                        signoz,
 		QueryParserAPI:                queryparser.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.QueryParser),
@@ -61,6 +66,10 @@ func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz, config signoz.
 	return ah, nil
 }

+func (ah *APIHandler) RM() *rules.Manager {
+	return ah.opts.RulesManager
+}
+
 func (ah *APIHandler) UM() *usage.Manager {
 	return ah.opts.UsageManager
 }
--- a/ee/query-service/app/api/license.go
+++ b/ee/query-service/app/api/license.go
@@ -7,10 +7,6 @@ import (

 	"github.com/SigNoz/signoz/ee/query-service/constants"
 	"github.com/SigNoz/signoz/ee/query-service/model"
-	"github.com/SigNoz/signoz/pkg/flagger"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/featuretypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type DayWiseBreakdown struct {
@@ -49,17 +45,15 @@ type details struct {
 	BillTotal float64         `json:"billTotal"`
 }

-type billingData struct {
-	BillingPeriodStart int64   `json:"billingPeriodStart"`
-	BillingPeriodEnd   int64   `json:"billingPeriodEnd"`
-	Details            details `json:"details"`
-	Discount           float64 `json:"discount"`
-	SubscriptionStatus string  `json:"subscriptionStatus"`
-}
-
 type billingDetails struct {
-	Status string      `json:"status"`
-	Data   billingData `json:"data"`
+	Status string `json:"status"`
+	Data   struct {
+		BillingPeriodStart int64   `json:"billingPeriodStart"`
+		BillingPeriodEnd   int64   `json:"billingPeriodEnd"`
+		Details            details `json:"details"`
+		Discount           float64 `json:"discount"`
+		SubscriptionStatus string  `json:"subscriptionStatus"`
+	} `json:"data"`
 }

 func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
@@ -70,33 +64,6 @@ func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		RespondError(w, model.InternalError(err), nil)
-		return
-	}
-
-	orgID := valuer.MustNewUUID(claims.OrgID)
-	evalCtx := featuretypes.NewFlaggerEvaluationContext(orgID)
-	useZeus := ah.Signoz.Flagger.BooleanOrEmpty(r.Context(), flagger.FeatureGetMetersFromZeus, evalCtx)
-
-	if useZeus {
-		data, err := ah.Signoz.Zeus.GetMeters(r.Context(), licenseKey)
-		if err != nil {
-			RespondError(w, model.InternalError(err), nil)
-			return
-		}
-
-		var billing billingData
-		if err := json.Unmarshal(data, &billing); err != nil {
-			RespondError(w, model.InternalError(err), nil)
-			return
-		}
-
-		ah.Respond(w, billing)
-		return
-	}
-
 	billingURL := fmt.Sprintf("%s/usage?licenseKey=%s", constants.LicenseSignozIo, licenseKey)

 	hClient := &http.Client{}
@@ -112,11 +79,13 @@ func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	// decode response body
 	var billingResponse billingDetails
 	if err := json.NewDecoder(billingResp.Body).Decode(&billingResponse); err != nil {
 		RespondError(w, model.InternalError(err), nil)
 		return
 	}

+	// TODO(srikanthccv):Fetch the current day usage and add it to the response
 	ah.Respond(w, billingResponse.Data)
 }
--- a/ee/query-service/app/server.go
+++ b/ee/query-service/app/server.go
@@ -12,6 +12,10 @@ import (

 	"github.com/SigNoz/signoz/pkg/cache/memorycache"
 	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/queryparser"
+	"github.com/SigNoz/signoz/pkg/ruler/rulestore/sqlrulestore"
+	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"

 	"github.com/gorilla/handlers"

@@ -19,10 +23,18 @@ import (
 	"github.com/soheilhy/cmux"

 	"github.com/SigNoz/signoz/ee/query-service/app/api"
+	"github.com/SigNoz/signoz/ee/query-service/rules"
 	"github.com/SigNoz/signoz/ee/query-service/usage"
+	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/cache"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
+	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/rulestatehistory"
+	"github.com/SigNoz/signoz/pkg/prometheus"
+	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/signoz"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/telemetrystore"
 	"github.com/SigNoz/signoz/pkg/web"

 	"log/slog"
@@ -37,6 +49,7 @@ import (
 	opAmpModel "github.com/SigNoz/signoz/pkg/query-service/app/opamp/model"
 	baseconst "github.com/SigNoz/signoz/pkg/query-service/constants"
 	"github.com/SigNoz/signoz/pkg/query-service/healthcheck"
+	baserules "github.com/SigNoz/signoz/pkg/query-service/rules"
 	"github.com/SigNoz/signoz/pkg/query-service/utils"
 )

@@ -44,6 +57,7 @@ import (
 type Server struct {
 	config      signoz.Config
 	signoz      *signoz.SigNoz
+	ruleManager *baserules.Manager

 	// public http router
 	httpConn     net.Listener
@@ -83,6 +97,24 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 		nil,
 	)

+	rm, err := makeRulesManager(
+		signoz.Cache,
+		signoz.Alertmanager,
+		signoz.SQLStore,
+		signoz.TelemetryStore,
+		signoz.TelemetryMetadataStore,
+		signoz.Prometheus,
+		signoz.Modules.OrgGetter,
+		signoz.Modules.RuleStateHistory,
+		signoz.Querier,
+		signoz.Instrumentation.ToProviderSettings(),
+		signoz.QueryParser,
+	)
+
+	if err != nil {
+		return nil, err
+	}
+
 	// initiate opamp
 	opAmpModel.Init(signoz.SQLStore, signoz.Instrumentation.Logger(), signoz.Modules.OrgGetter)

@@ -120,7 +152,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 	}

 	// start the usagemanager
-	usageManager, err := usage.New(signoz.Licensing, signoz.TelemetryStore.ClickhouseDB(), signoz.Zeus, signoz.Modules.OrgGetter, signoz.Flagger)
+	usageManager, err := usage.New(signoz.Licensing, signoz.TelemetryStore.ClickhouseDB(), signoz.Zeus, signoz.Modules.OrgGetter)
 	if err != nil {
 		return nil, err
 	}
@@ -131,6 +163,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {

 	apiOpts := api.APIHandlerOptions{
 		DataConnector:                 reader,
+		RulesManager:                  rm,
 		UsageManager:                  usageManager,
 		IntegrationsController:        integrationsController,
 		CloudIntegrationsController:   cloudIntegrationsController,
@@ -147,7 +180,8 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {

 	s := &Server{
 		config:             config,
-		signoz:       signoz,
+		signoz:             signoz,
+		ruleManager:        rm,
 		httpHostPort:       baseconst.HTTPHostPort,
 		unavailableChannel: make(chan healthcheck.Status),
 		usageManager:       usageManager,
@@ -228,20 +262,6 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 		return nil, err
 	}

-	routePrefix := s.config.Global.ExternalPath()
-	if routePrefix != "" {
-		prefixed := http.StripPrefix(routePrefix, handler)
-		handler = http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-			switch req.URL.Path {
-			case "/api/v1/health", "/api/v2/healthz", "/api/v2/readyz", "/api/v2/livez":
-				r.ServeHTTP(w, req)
-				return
-			}
-
-			prefixed.ServeHTTP(w, req)
-		})
-	}
-
 	return &http.Server{
 		Handler: handler,
 	}, nil
@@ -268,6 +288,8 @@ func (s *Server) initListeners() error {

 // Start listening on http and private http port concurrently
 func (s *Server) Start(ctx context.Context) error {
+	s.ruleManager.Start(ctx)
+
 	err := s.initListeners()
 	if err != nil {
 		return err
@@ -311,9 +333,47 @@ func (s *Server) Stop(ctx context.Context) error {

 	s.opampServer.Stop()

+	if s.ruleManager != nil {
+		s.ruleManager.Stop(ctx)
+	}
+
 	// stop usage manager
 	s.usageManager.Stop(ctx)

 	return nil
 }

+func makeRulesManager(cache cache.Cache, alertmanager alertmanager.Alertmanager, sqlstore sqlstore.SQLStore, telemetryStore telemetrystore.TelemetryStore, metadataStore telemetrytypes.MetadataStore, prometheus prometheus.Prometheus, orgGetter organization.Getter, ruleStateHistoryModule rulestatehistory.Module, querier querier.Querier, providerSettings factory.ProviderSettings, queryParser queryparser.QueryParser) (*baserules.Manager, error) {
+	ruleStore := sqlrulestore.NewRuleStore(sqlstore, queryParser, providerSettings)
+	maintenanceStore := sqlrulestore.NewMaintenanceStore(sqlstore)
+	// create manager opts
+	managerOpts := &baserules.ManagerOptions{
+		TelemetryStore:         telemetryStore,
+		MetadataStore:          metadataStore,
+		Prometheus:             prometheus,
+		Context:                context.Background(),
+		Querier:                querier,
+		Logger:                 providerSettings.Logger,
+		Cache:                  cache,
+		EvalDelay:              baseconst.GetEvalDelay(),
+		PrepareTaskFunc:        rules.PrepareTaskFunc,
+		PrepareTestRuleFunc:    rules.TestNotification,
+		Alertmanager:           alertmanager,
+		OrgGetter:              orgGetter,
+		RuleStore:              ruleStore,
+		MaintenanceStore:       maintenanceStore,
+		SQLStore:               sqlstore,
+		QueryParser:            queryParser,
+		RuleStateHistoryModule: ruleStateHistoryModule,
+	}
+
+	// create Manager
+	manager, err := baserules.NewManager(managerOpts)
+	if err != nil {
+		return nil, fmt.Errorf("rule manager error: %v", err)
+	}
+
+	slog.Info("rules manager is ready")
+
+	return manager, nil
+}
--- a/ee/query-service/usage/manager.go
+++ b/ee/query-service/usage/manager.go
@@ -16,11 +16,9 @@ import (

 	"github.com/SigNoz/signoz/ee/query-service/model"
 	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/flagger"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/query-service/utils/encryption"
-	"github.com/SigNoz/signoz/pkg/types/featuretypes"
 	"github.com/SigNoz/signoz/pkg/zeus"
 )

@@ -45,18 +43,15 @@ type Manager struct {
 	zeus zeus.Zeus

 	orgGetter organization.Getter
-
-	flagger flagger.Flagger
 }

-func New(licenseService licensing.Licensing, clickhouseConn clickhouse.Conn, zeus zeus.Zeus, orgGetter organization.Getter, flagger flagger.Flagger) (*Manager, error) {
+func New(licenseService licensing.Licensing, clickhouseConn clickhouse.Conn, zeus zeus.Zeus, orgGetter organization.Getter) (*Manager, error) {
 	m := &Manager{
 		clickhouseConn: clickhouseConn,
 		licenseService: licenseService,
 		scheduler:      gocron.NewScheduler(time.UTC).Every(1).Day().At("00:00"), // send usage every at 00:00 UTC
 		zeus:           zeus,
 		orgGetter:      orgGetter,
-		flagger:        flagger,
 	}
 	return m, nil
 }
@@ -173,14 +168,7 @@ func (lm *Manager) UploadUsage(ctx context.Context) {
 			return
 		}

-		evalCtx := featuretypes.NewFlaggerEvaluationContext(organization.ID)
-		useZeus := lm.flagger.BooleanOrEmpty(ctx, flagger.FeaturePutMetersInZeus, evalCtx)
-
-		if useZeus {
-			errv2 = lm.zeus.PutMetersV2(ctx, payload.LicenseKey.String(), body)
-		} else {
-			errv2 = lm.zeus.PutMeters(ctx, payload.LicenseKey.String(), body)
-		}
+		errv2 = lm.zeus.PutMeters(ctx, payload.LicenseKey.String(), body)
 		if errv2 != nil {
 			slog.ErrorContext(ctx, "failed to upload usage", errors.Attr(errv2))
 			// not returning error here since it is captured in the failed count
--- a/ee/sqlstore/postgressqlstore/provider.go
+++ b/ee/sqlstore/postgressqlstore/provider.go
@@ -54,7 +54,6 @@ func New(ctx context.Context, providerSettings factory.ProviderSettings, config

 	// Set the maximum number of open connections
 	pgConfig.MaxConns = int32(config.Connection.MaxOpenConns)
-	pgConfig.MaxConnLifetime = config.Connection.MaxConnLifetime

 	// Use pgxpool to create a connection pool
 	pool, err := pgxpool.NewWithConfig(ctx, pgConfig)
--- a/ee/zeus/httpzeus/provider.go
+++ b/ee/zeus/httpzeus/provider.go
@@ -109,21 +109,6 @@ func (provider *Provider) GetDeployment(ctx context.Context, key string) ([]byte
 	return []byte(gjson.GetBytes(response, "data").String()), nil
 }

-func (provider *Provider) GetMeters(ctx context.Context, key string) ([]byte, error) {
-	response, err := provider.do(
-		ctx,
-		provider.config.URL.JoinPath("/v1/meters"),
-		http.MethodGet,
-		key,
-		nil,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	return []byte(gjson.GetBytes(response, "data").String()), nil
-}
-
 func (provider *Provider) PutMeters(ctx context.Context, key string, data []byte) error {
 	_, err := provider.do(
 		ctx,
@@ -136,18 +121,6 @@ func (provider *Provider) PutMeters(ctx context.Context, key string, data []byte
 	return err
 }

-func (provider *Provider) PutMetersV2(ctx context.Context, key string, data []byte) error {
-	_, err := provider.do(
-		ctx,
-		provider.config.URL.JoinPath("/v1/meters"),
-		http.MethodPost,
-		key,
-		data,
-	)
-
-	return err
-}
-
 func (provider *Provider) PutProfile(ctx context.Context, key string, profile *zeustypes.PostableProfile) error {
 	body, err := json.Marshal(profile)
 	if err != nil {
--- a/frontend/.eslintignore
+++ b/frontend/.eslintignore
@@ -1,7 +1,5 @@
 node_modules
 build
-eslint-rules/
-stylelint-rules/
 *.typegen.ts
 i18-generate-hash.js
 src/parser/TraceOperatorParser/**
--- a/frontend/.eslintrc.cjs
+++ b/frontend/.eslintrc.cjs
@@ -1,10 +1,3 @@
-// eslint-disable-next-line @typescript-eslint/no-var-requires
-const path = require('path');
-// eslint-disable-next-line @typescript-eslint/no-var-requires
-const rulesDirPlugin = require('eslint-plugin-rulesdir');
-// eslint-rules/ always points to frontend/eslint-rules/ regardless of workspace root.
-rulesDirPlugin.RULES_DIR = path.join(__dirname, 'eslint-rules');
-
 /**
 * ESLint Configuration for SigNoz Frontend
 */
@@ -39,7 +32,6 @@ module.exports = {
 		sourceType: 'module',
 	},
 	plugins: [
-		'rulesdir', // Local custom rules
 		'react', // React-specific rules
 		'@typescript-eslint', // TypeScript linting
 		'simple-import-sort', // Auto-sort imports
@@ -64,9 +56,6 @@ module.exports = {
 		},
 	},
 	rules: {
-		// Asset migration — base-path safety
-		'rulesdir/no-unsupported-asset-pattern': 'error',
-
 		// Code quality rules
 		'prefer-const': 'error', // Enforces const for variables never reassigned
 		'no-var': 'error', // Disallows var, enforces let/const
--- a/frontend/.stylelintrc.cjs
+++ b/frontend/.stylelintrc.cjs
@@ -1,9 +0,0 @@
-const path = require('path');
-
-module.exports = {
-	plugins: [path.join(__dirname, 'stylelint-rules/no-unsupported-asset-url.js')],
-	customSyntax: 'postcss-scss',
-	rules: {
-		'local/no-unsupported-asset-url': true,
-	},
-};
--- a/frontend/mocks/fileMock.ts
+++ b/frontend/mocks/fileMock.ts
@@ -1 +0,0 @@
-export default 'test-file-stub';
--- a/frontend/eslint-rules/no-unsupported-asset-pattern.js
+++ b/frontend/eslint-rules/no-unsupported-asset-pattern.js
@@ -1,390 +0,0 @@
-'use strict';
-
-/**
- * ESLint rule: no-unsupported-asset-pattern
- *
- * Enforces that all asset references (SVG, PNG, etc.) go through Vite's module
- * pipeline via ES imports (`import fooUrl from '@/assets/...'`) rather than
- * hard-coded strings or public/ paths.
- *
- * Why this matters: when the app is served from a sub-path (base-path deployment),
- * Vite rewrites ES import URLs automatically. String literals and public/ references
- * bypass that rewrite and break at runtime.
- *
- * Covers four AST patterns:
- *   1. Literal        — plain string: "/Icons/logo.svg"
- *   2. TemplateLiteral — template string: `/Icons/${name}.svg`
- *   3. BinaryExpression — concatenation: "/Icons/" + name + ".svg"
- *   4. ImportDeclaration / ImportExpression — static & dynamic imports
- */
-
-const {
-	hasAssetExtension,
-	containsAssetExtension,
-	extractUrlPath,
-	isAbsolutePath,
-	isPublicRelative,
-	isRelativePublicDir,
-	isValidAssetImport,
-	isExternalUrl,
-} = require('./shared/asset-patterns');
-
-// Known public/ sub-directories that should never appear in dynamic asset paths.
-const PUBLIC_DIR_SEGMENTS = ['/Icons/', '/Images/', '/Logos/', '/svgs/'];
-
-/**
- * Recursively extracts the static string parts from a binary `+` expression or
- * template literal.  Returns `[null]` for any dynamic (non-string) node so
- * callers can detect that the prefix became unknowable.
- *
- * Example: `"/Icons/" + iconName + ".svg"` → ["/Icons/", null, ".svg"]
- */
-function collectBinaryStringParts(node) {
-	if (node.type === 'Literal' && typeof node.value === 'string')
-		return [node.value];
-	if (node.type === 'BinaryExpression' && node.operator === '+') {
-		return [
-			...collectBinaryStringParts(node.left),
-			...collectBinaryStringParts(node.right),
-		];
-	}
-	if (node.type === 'TemplateLiteral') {
-		return node.quasis.map((q) => q.value.raw);
-	}
-	// Unknown / dynamic node — signals "prefix is no longer fully static"
-	return [null];
-}
-
-module.exports = {
-	meta: {
-		type: 'problem',
-		docs: {
-			description:
-				'Disallow Vite-unsafe asset reference patterns that break runtime base-path deployments',
-			category: 'Asset Migration',
-			recommended: true,
-		},
-		schema: [],
-		messages: {
-			absoluteString:
-				'Absolute asset path "{{ value }}" is not base-path-safe. ' +
-				"Use an ES import instead: import fooUrl from '@/assets/...' and reference the variable.",
-			templateLiteral:
-				'Dynamic asset path with absolute prefix is not base-path-safe. ' +
-				"Use new URL('./asset.svg', import.meta.url).href for dynamic asset paths.",
-			absoluteImport:
-				'Asset imported via absolute path is not supported. ' +
-				"Use import fooUrl from '@/assets/...' instead.",
-			publicImport:
-				"Assets in public/ bypass Vite's module pipeline — their URLs are not base-path-aware and will break when the app is served from a sub-path (e.g. /app/). " +
-				"Use an ES import instead: import fooUrl from '@/assets/...' so Vite injects the correct base path.",
-			relativePublicString:
-				'Relative public-dir path "{{ value }}" is not base-path-safe. ' +
-				"Use an ES import instead: import fooUrl from '@/assets/...' and reference the variable.",
-			invalidAssetImport:
-				"Asset '{{ src }}' must be imported from src/assets/ using either '@/assets/...' " +
-				'or a relative path into src/assets/.',
-		},
-	},
-
-	create(context) {
-		return {
-			/**
-			 * Catches plain string literals used as asset paths, e.g.:
-			 *   src="/Icons/logo.svg"   or   url("../public/Images/bg.png")
-			 *
-			 * Import declaration sources are skipped here — handled by ImportDeclaration.
-			 * Also unwraps CSS `url(...)` wrappers before checking.
-			 */
-			Literal(node) {
-				if (node.parent && node.parent.type === 'ImportDeclaration') {
-					return;
-				}
-				const value = node.value;
-				if (typeof value !== 'string') return;
-				if (isExternalUrl(value)) return;
-
-				if (isAbsolutePath(value) && containsAssetExtension(value)) {
-					context.report({
-						node,
-						messageId: 'absoluteString',
-						data: { value },
-					});
-					return;
-				}
-
-				if (isRelativePublicDir(value) && containsAssetExtension(value)) {
-					context.report({
-						node,
-						messageId: 'relativePublicString',
-						data: { value },
-					});
-					return;
-				}
-
-				// Catches relative paths that start with "public/" e.g. 'public/Logos/aws-dark.svg'.
-				// isRelativePublicDir only covers known sub-dirs (Icons/, Logos/, etc.),
-				// so this handles the case where the full "public/" prefix is written explicitly.
-				if (isPublicRelative(value) && containsAssetExtension(value)) {
-					context.report({
-						node,
-						messageId: 'relativePublicString',
-						data: { value },
-					});
-					return;
-				}
-
-				// Also check the path inside a CSS url("...") wrapper
-				const urlPath = extractUrlPath(value);
-				if (urlPath && isExternalUrl(urlPath)) return;
-				if (urlPath && isAbsolutePath(urlPath) && containsAssetExtension(urlPath)) {
-					context.report({
-						node,
-						messageId: 'absoluteString',
-						data: { value: urlPath },
-					});
-					return;
-				}
-				if (
-					urlPath &&
-					isRelativePublicDir(urlPath) &&
-					containsAssetExtension(urlPath)
-				) {
-					context.report({
-						node,
-						messageId: 'relativePublicString',
-						data: { value: urlPath },
-					});
-					return;
-				}
-				if (
-					urlPath &&
-					isPublicRelative(urlPath) &&
-					containsAssetExtension(urlPath)
-				) {
-					context.report({
-						node,
-						messageId: 'relativePublicString',
-						data: { value: urlPath },
-					});
-				}
-			},
-
-			/**
-			 * Catches template literals used as asset paths, e.g.:
-			 *   `/Icons/${name}.svg`
-			 *   `url('/Images/${bg}.png')`
-			 */
-			TemplateLiteral(node) {
-				const quasis = node.quasis;
-				if (!quasis || quasis.length === 0) return;
-
-				const firstQuasi = quasis[0].value.raw;
-				if (isExternalUrl(firstQuasi)) return;
-
-				const hasAssetExt = quasis.some((q) => containsAssetExtension(q.value.raw));
-
-				if (isAbsolutePath(firstQuasi) && hasAssetExt) {
-					context.report({
-						node,
-						messageId: 'templateLiteral',
-					});
-					return;
-				}
-
-				if (isRelativePublicDir(firstQuasi) && hasAssetExt) {
-					context.report({
-						node,
-						messageId: 'relativePublicString',
-						data: { value: firstQuasi },
-					});
-					return;
-				}
-
-				// Expression-first template with known public-dir segment: `${base}/Icons/foo.svg`
-				const hasPublicSegment = quasis.some((q) =>
-					PUBLIC_DIR_SEGMENTS.some((seg) => q.value.raw.includes(seg)),
-				);
-				if (hasPublicSegment && hasAssetExt) {
-					context.report({
-						node,
-						messageId: 'templateLiteral',
-					});
-					return;
-				}
-
-				// No-interpolation template (single quasi): treat like a plain string
-				// and also unwrap any css url(...) wrapper.
-				if (quasis.length === 1) {
-					// Check the raw string first (no url() wrapper)
-					if (isPublicRelative(firstQuasi) && hasAssetExt) {
-						context.report({
-							node,
-							messageId: 'relativePublicString',
-							data: { value: firstQuasi },
-						});
-						return;
-					}
-
-					const urlPath = extractUrlPath(firstQuasi);
-					if (urlPath && isExternalUrl(urlPath)) return;
-					if (urlPath && isAbsolutePath(urlPath) && hasAssetExtension(urlPath)) {
-						context.report({
-							node,
-							messageId: 'templateLiteral',
-						});
-						return;
-					}
-					if (
-						urlPath &&
-						isRelativePublicDir(urlPath) &&
-						hasAssetExtension(urlPath)
-					) {
-						context.report({
-							node,
-							messageId: 'relativePublicString',
-							data: { value: urlPath },
-						});
-						return;
-					}
-					if (urlPath && isPublicRelative(urlPath) && hasAssetExtension(urlPath)) {
-						context.report({
-							node,
-							messageId: 'relativePublicString',
-							data: { value: urlPath },
-						});
-					}
-					return;
-				}
-
-				// CSS url() with an absolute path inside a multi-quasi template, e.g.:
-				//   `url('/Icons/${name}.svg')`
-				if (firstQuasi.includes('url(') && hasAssetExt) {
-					const urlMatch = firstQuasi.match(/^url\(\s*['"]?\//);
-					if (urlMatch) {
-						context.report({
-							node,
-							messageId: 'templateLiteral',
-						});
-					}
-				}
-			},
-
-			/**
-			 * Catches string concatenation used to build asset paths, e.g.:
-			 *   "/Icons/" + name + ".svg"
-			 *
-			 * Collects the leading static parts (before the first dynamic value)
-			 * to determine the path prefix. If any part carries a known asset
-			 * extension, the expression is flagged.
-			 */
-			BinaryExpression(node) {
-				if (node.operator !== '+') return;
-
-				const parts = collectBinaryStringParts(node);
-				// Collect only the leading static parts; stop at the first dynamic (null) part
-				const prefixParts = [];
-				for (const part of parts) {
-					if (part === null) break;
-					prefixParts.push(part);
-				}
-				const staticPrefix = prefixParts.join('');
-
-				if (isExternalUrl(staticPrefix)) return;
-
-				const hasExt = parts.some(
-					(part) => part !== null && containsAssetExtension(part),
-				);
-
-				if (isAbsolutePath(staticPrefix) && hasExt) {
-					context.report({
-						node,
-						messageId: 'templateLiteral',
-					});
-					return;
-				}
-
-				if (isPublicRelative(staticPrefix) && hasExt) {
-					context.report({
-						node,
-						messageId: 'relativePublicString',
-						data: { value: staticPrefix },
-					});
-					return;
-				}
-
-				if (isRelativePublicDir(staticPrefix) && hasExt) {
-					context.report({
-						node,
-						messageId: 'relativePublicString',
-						data: { value: staticPrefix },
-					});
-				}
-			},
-
-			/**
-			 * Catches static asset imports that don't go through src/assets/, e.g.:
-			 *   import logo from '/public/Icons/logo.svg'   ← absolute path
-			 *   import logo from '../../public/logo.svg'    ← relative into public/
-			 *   import logo from '../somewhere/logo.svg'    ← outside src/assets/
-			 *
-			 * Valid pattern: import fooUrl from '@/assets/...' or relative within src/assets/
-			 */
-			ImportDeclaration(node) {
-				const src = node.source.value;
-				if (typeof src !== 'string') return;
-				if (!hasAssetExtension(src)) return;
-
-				if (isAbsolutePath(src)) {
-					context.report({ node, messageId: 'absoluteImport' });
-					return;
-				}
-
-				if (isPublicRelative(src)) {
-					context.report({ node, messageId: 'publicImport' });
-					return;
-				}
-
-				if (!isValidAssetImport(src)) {
-					context.report({
-						node,
-						messageId: 'invalidAssetImport',
-						data: { src },
-					});
-				}
-			},
-
-			/**
-			 * Same checks as ImportDeclaration but for dynamic imports:
-			 *   const logo = await import('/Icons/logo.svg')
-			 *
-			 * Only literal sources are checked; fully dynamic expressions are ignored
-			 * since their paths cannot be statically analysed.
-			 */
-			ImportExpression(node) {
-				const src = node.source;
-				if (!src || src.type !== 'Literal' || typeof src.value !== 'string') return;
-				const value = src.value;
-				if (!hasAssetExtension(value)) return;
-
-				if (isAbsolutePath(value)) {
-					context.report({ node, messageId: 'absoluteImport' });
-					return;
-				}
-
-				if (isPublicRelative(value)) {
-					context.report({ node, messageId: 'publicImport' });
-					return;
-				}
-
-				if (!isValidAssetImport(value)) {
-					context.report({
-						node,
-						messageId: 'invalidAssetImport',
-						data: { src: value },
-					});
-				}
-			},
-		};
-	},
-};
--- a/frontend/eslint-rules/package.json
+++ b/frontend/eslint-rules/package.json
@@ -1,3 +0,0 @@
-{
-  "type": "commonjs"
-}
--- a/frontend/eslint-rules/shared/asset-patterns.js
+++ b/frontend/eslint-rules/shared/asset-patterns.js
@@ -1,121 +0,0 @@
-'use strict';
-
-const ALLOWED_ASSET_EXTENSIONS = [
-	'.svg',
-	'.png',
-	'.webp',
-	'.jpg',
-	'.jpeg',
-	'.gif',
-];
-
-/**
- * Returns true if the string ends with an asset extension.
- * e.g. "/Icons/foo.svg" → true, "/Icons/foo.svg.bak" → false
- */
-function hasAssetExtension(str) {
-	if (typeof str !== 'string') return false;
-	return ALLOWED_ASSET_EXTENSIONS.some((ext) => str.endsWith(ext));
-}
-
-// Like hasAssetExtension but also matches mid-string with boundary check,
-// e.g. "/foo.svg?v=1" → true, "/icons.svg-dir/" → true (- is non-alphanumeric boundary)
-function containsAssetExtension(str) {
-	if (typeof str !== 'string') return false;
-	return ALLOWED_ASSET_EXTENSIONS.some((ext) => {
-		const idx = str.indexOf(ext);
-		if (idx === -1) return false;
-		const afterIdx = idx + ext.length;
-		// Broad boundary (any non-alphanumeric) is intentional — the real guard against
-		// false positives is the upstream conditions (isAbsolutePath, isRelativePublicDir, etc.)
-		// that must pass before this is reached. "/icons.svg-dir/" → true (- is a boundary).
-		return afterIdx >= str.length || /[^a-zA-Z0-9]/.test(str[afterIdx]);
-	});
-}
-
-/**
- * Extracts the asset path from a CSS url() wrapper.
- * Handles single quotes, double quotes, unquoted, and whitespace variations.
- * e.g.
- *   "url('/Icons/foo.svg')" → "/Icons/foo.svg"
- *   "url( '../assets/bg.png' )" → "../assets/bg.png"
- *   "url(/Icons/foo.svg)" → "/Icons/foo.svg"
- * Returns null if the string is not a url() wrapper.
- */
-function extractUrlPath(str) {
-	if (typeof str !== 'string') return null;
-	// Match url( [whitespace] [quote?] path [quote?] [whitespace] )
-	// Capture group: [^'")\s]+ matches path until quote, closing paren, or whitespace
-	const match = str.match(/^url\(\s*['"]?([^'")\s]+)['"]?\s*\)$/);
-	return match ? match[1] : null;
-}
-
-/**
- * Returns true if the string is an absolute path (starts with /).
- * Absolute paths in url() bypass <base href> and fail under any URL prefix.
- */
-function isAbsolutePath(str) {
-	if (typeof str !== 'string') return false;
-	return str.startsWith('/') && !str.startsWith('//');
-}
-
-/**
- * Returns true if the path imports from the public/ directory.
- * Relative imports into public/ cause asset duplication in dist/.
- */
-function isPublicRelative(str) {
-	if (typeof str !== 'string') return false;
-	return str.includes('/public/') || str.startsWith('public/');
-}
-
-/**
- * Returns true if the string is a relative reference into a known public-dir folder.
- * e.g. "Icons/foo.svg", `Logos/aws-dark.svg`, "Images/bg.png"
- * These bypass Vite's module pipeline even without a leading slash.
- */
-const PUBLIC_DIR_SEGMENTS = ['Icons/', 'Images/', 'Logos/', 'svgs/'];
-
-function isRelativePublicDir(str) {
-	if (typeof str !== 'string') return false;
-	return PUBLIC_DIR_SEGMENTS.some((seg) => str.startsWith(seg));
-}
-
-/**
- * Returns true if an asset import path is valid (goes through Vite's module pipeline).
- * Valid: @/assets/..., any relative path containing /assets/, or node_modules packages.
- * Invalid: absolute paths, public/ dir, or relative paths outside src/assets/.
- */
-function isValidAssetImport(str) {
-	if (typeof str !== 'string') return false;
-	if (str.startsWith('@/assets/')) return true;
-	if (str.includes('/assets/')) return true;
-	// Not starting with . or / means it's a node_modules package — always valid
-	if (!str.startsWith('.') && !str.startsWith('/')) return true;
-	return false;
-}
-
-/**
- * Returns true if the string is an external URL.
- * Used to avoid false positives on CDN/API URLs with asset extensions.
- */
-function isExternalUrl(str) {
-	if (typeof str !== 'string') return false;
-	return (
-		str.startsWith('http://') ||
-		str.startsWith('https://') ||
-		str.startsWith('//')
-	);
-}
-
-module.exports = {
-	ALLOWED_ASSET_EXTENSIONS,
-	PUBLIC_DIR_SEGMENTS,
-	hasAssetExtension,
-	containsAssetExtension,
-	extractUrlPath,
-	isAbsolutePath,
-	isPublicRelative,
-	isRelativePublicDir,
-	isValidAssetImport,
-	isExternalUrl,
-};
--- a/frontend/index.html
+++ b/frontend/index.html
@@ -62,29 +62,6 @@
 		<link data-react-helmet="true" rel="shortcut icon" href="/favicon.ico" />
 	</head>
 	<body data-theme="default">
-		<script>
-			// Apply theme class synchronously before React renders to prevent flash.
-			// Mirrors the logic in ThemeProvider (hooks/useDarkMode/index.tsx).
-			(function () {
-				try {
-					var theme = localStorage.getItem('THEME');
-					var autoSwitch = localStorage.getItem('THEME_AUTO_SWITCH') === 'true';
-					if (autoSwitch) {
-						theme = window.matchMedia('(prefers-color-scheme: dark)').matches
-							? 'dark'
-							: 'light';
-					}
-					if (theme === 'light') {
-						document.body.classList.add('lightMode');
-					} else {
-						// Default to dark when no preference is stored
-						document.body.classList.add('dark', 'darkMode');
-					}
-				} catch (e) {
-					document.body.classList.add('dark', 'darkMode');
-				}
-			})();
-		</script>
 		<noscript>You need to enable JavaScript to run this app.</noscript>
 		<div id="root"></div>

--- a/frontend/jest.config.ts
+++ b/frontend/jest.config.ts
@@ -11,11 +11,7 @@ const config: Config.InitialOptions = {
 	moduleFileExtensions: ['ts', 'tsx', 'js', 'json'],
 	modulePathIgnorePatterns: ['dist'],
 	moduleNameMapper: {
-		'\\.(png|jpg|jpeg|gif|svg|webp|avif|ico|bmp|tiff)$':
-			'<rootDir>/__mocks__/fileMock.ts',
-		'^@/(.*)$': '<rootDir>/src/$1',
 		'\\.(css|less|scss)$': '<rootDir>/__mocks__/cssMock.ts',
-		'\\.module\\.mjs$': '<rootDir>/__mocks__/cssMock.ts',
 		'\\.md$': '<rootDir>/__mocks__/cssMock.ts',
 		'^uplot$': '<rootDir>/__mocks__/uplotMock.ts',
 		'^@signozhq/resizable$': '<rootDir>/__mocks__/resizableMock.tsx',
@@ -45,7 +41,7 @@ const config: Config.InitialOptions = {
 		'^.+\\.(js|jsx)$': 'babel-jest',
 	},
 	transformIgnorePatterns: [
-		'node_modules/(?!(lodash-es|react-dnd|core-dnd|@react-dnd|dnd-core|react-dnd-html5-backend|axios|@signozhq/design-tokens|@signozhq/table|@signozhq/calendar|@signozhq/input|@signozhq/popover|@signozhq/button|@signozhq/*|date-fns|d3-interpolate|d3-color|api|@codemirror|@lezer|@marijn|@grafana|nuqs)/)',
+		'node_modules/(?!(lodash-es|react-dnd|core-dnd|@react-dnd|dnd-core|react-dnd-html5-backend|axios|@signozhq/design-tokens|@signozhq/table|@signozhq/calendar|@signozhq/input|@signozhq/popover|@signozhq/button|@signozhq/sonner|@signozhq/*|date-fns|d3-interpolate|d3-color|api|@codemirror|@lezer|@marijn|@grafana|nuqs)/)',
 	],
 	setupFilesAfterEnv: ['<rootDir>/jest.setup.ts'],
 	testPathIgnorePatterns: ['/node_modules/', '/public/'],
--- a/frontend/jest.setup.ts
+++ b/frontend/jest.setup.ts
@@ -24,30 +24,6 @@ window.matchMedia =
 		};
 	};

-// Patch getComputedStyle to handle CSS parsing errors from @signozhq/* packages.
-// These packages inject CSS at import time via style-inject / vite-plugin-css-injected-by-js.
-// jsdom's nwsapi cannot parse some of the injected selectors (e.g. Tailwind's :animate-in),
-// causing SyntaxErrors during getComputedStyle / getByRole calls.
-const _origGetComputedStyle = window.getComputedStyle;
-window.getComputedStyle = function (
-	elt: Element,
-	pseudoElt?: string | null,
-): CSSStyleDeclaration {
-	try {
-		return _origGetComputedStyle.call(window, elt, pseudoElt);
-	} catch {
-		// Return a minimal CSSStyleDeclaration so callers (testing-library, Radix UI)
-		// see the element as visible and without animations.
-		return ({
-			display: '',
-			visibility: '',
-			opacity: '1',
-			animationName: 'none',
-			getPropertyValue: () => '',
-		} as unknown) as CSSStyleDeclaration;
-	}
-};
-
 beforeAll(() => server.listen());

 afterEach(() => server.resetHandlers());
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -10,10 +10,9 @@
    "preview": "vite preview",
    "prettify": "prettier --write .",
    "fmt": "prettier --check .",
-    "lint": "eslint ./src && stylelint \"src/**/*.scss\"",
+    "lint": "eslint ./src",
    "lint:generated": "eslint ./src/api/generated --fix",
    "lint:fix": "eslint ./src --fix",
-    "lint:styles": "stylelint \"src/**/*.scss\"",
    "jest": "jest",
    "jest:coverage": "jest --coverage",
    "jest:watch": "jest --watch",
@@ -48,23 +47,26 @@
    "@radix-ui/react-tooltip": "1.0.7",
    "@sentry/react": "8.41.0",
    "@sentry/vite-plugin": "2.22.6",
-    "@signozhq/button": "0.0.5",
-    "@signozhq/calendar": "0.1.1",
-    "@signozhq/callout": "0.0.4",
-    "@signozhq/checkbox": "0.0.4",
-    "@signozhq/combobox": "0.0.4",
-    "@signozhq/command": "0.0.2",
-    "@signozhq/design-tokens": "2.1.4",
-    "@signozhq/dialog": "0.0.4",
-    "@signozhq/drawer": "0.0.6",
+    "@signozhq/badge": "0.0.2",
+    "@signozhq/button": "0.0.2",
+    "@signozhq/calendar": "0.0.0",
+    "@signozhq/callout": "0.0.2",
+    "@signozhq/checkbox": "0.0.2",
+    "@signozhq/combobox": "0.0.2",
+    "@signozhq/command": "0.0.0",
+    "@signozhq/design-tokens": "2.1.1",
+    "@signozhq/dialog": "^0.0.2",
+    "@signozhq/drawer": "0.0.4",
    "@signozhq/icons": "0.1.0",
-    "@signozhq/input": "0.0.4",
-    "@signozhq/popover": "0.1.2",
-    "@signozhq/radio-group": "0.0.4",
-    "@signozhq/resizable": "0.0.2",
-    "@signozhq/tabs": "0.0.11",
-    "@signozhq/table": "0.3.8",
-    "@signozhq/toggle-group": "0.0.3",
+    "@signozhq/input": "0.0.2",
+    "@signozhq/popover": "0.0.0",
+    "@signozhq/radio-group": "0.0.2",
+    "@signozhq/resizable": "0.0.0",
+    "@signozhq/sonner": "0.1.0",
+    "@signozhq/switch": "0.0.2",
+    "@signozhq/table": "0.3.7",
+    "@signozhq/toggle-group": "0.0.1",
+    "@signozhq/tooltip": "0.0.2",
    "@signozhq/ui": "0.0.5",
    "@tanstack/react-table": "8.21.3",
    "@tanstack/react-virtual": "3.13.22",
@@ -227,7 +229,6 @@
    "eslint-plugin-prettier": "^4.0.0",
    "eslint-plugin-react": "^7.24.0",
    "eslint-plugin-react-hooks": "^4.3.0",
-    "eslint-plugin-rulesdir": "0.2.2",
    "eslint-plugin-simple-import-sort": "^7.0.0",
    "eslint-plugin-sonarjs": "^0.12.0",
    "husky": "^7.0.4",
@@ -243,7 +244,6 @@
    "orval": "7.18.0",
    "portfinder-sync": "^0.0.2",
    "postcss": "8.5.6",
-    "postcss-scss": "4.0.9",
    "prettier": "2.2.1",
    "prop-types": "15.8.1",
    "react-hooks-testing-library": "0.6.0",
@@ -251,8 +251,6 @@
    "redux-mock-store": "1.5.4",
    "sass": "1.97.3",
    "sharp": "0.34.5",
-    "stylelint": "17.7.0",
-    "stylelint-scss": "7.0.0",
    "svgo": "4.0.0",
    "ts-api-utils": "2.4.0",
    "ts-jest": "29.4.6",
--- a/frontend/src/assets/Icons/alert_emoji.svg
+++ b/frontend/src/assets/Icons/alert_emoji.svg
--- a/frontend/src/assets/Icons/awwSnap.svg
+++ b/frontend/src/assets/Icons/awwSnap.svg
--- a/frontend/src/assets/Icons/beacon.svg
+++ b/frontend/src/assets/Icons/beacon.svg
--- a/frontend/src/assets/Icons/broom.svg
+++ b/frontend/src/assets/Icons/broom.svg
--- a/frontend/src/assets/Icons/cable-car.svg
+++ b/frontend/src/assets/Icons/cable-car.svg
--- a/frontend/src/assets/Icons/circus-tent.svg
+++ b/frontend/src/assets/Icons/circus-tent.svg
--- a/frontend/src/assets/Icons/configure.svg
+++ b/frontend/src/assets/Icons/configure.svg
--- a/frontend/src/assets/Icons/construction.svg
+++ b/frontend/src/assets/Icons/construction.svg
--- a/frontend/src/assets/Icons/container-plus.svg
+++ b/frontend/src/assets/Icons/container-plus.svg
--- a/frontend/src/assets/Icons/cracker.svg
+++ b/frontend/src/assets/Icons/cracker.svg
--- a/frontend/src/assets/Icons/dashboard.svg
+++ b/frontend/src/assets/Icons/dashboard.svg
--- a/frontend/src/assets/Icons/dashboard_emoji.svg
+++ b/frontend/src/assets/Icons/dashboard_emoji.svg
--- a/frontend/src/assets/Icons/dashboards.svg
+++ b/frontend/src/assets/Icons/dashboards.svg
--- a/frontend/src/assets/Icons/dials.svg
+++ b/frontend/src/assets/Icons/dials.svg
--- a/frontend/src/assets/Icons/eight-ball.svg
+++ b/frontend/src/assets/Icons/eight-ball.svg
--- a/frontend/src/assets/Icons/empty-funnel-icon.svg
+++ b/frontend/src/assets/Icons/empty-funnel-icon.svg
--- a/frontend/src/assets/Icons/emptyState.svg
+++ b/frontend/src/assets/Icons/emptyState.svg
--- a/frontend/src/assets/Icons/floppy-disc.svg
+++ b/frontend/src/assets/Icons/floppy-disc.svg
--- a/frontend/src/assets/Icons/funnel-add.svg
+++ b/frontend/src/assets/Icons/funnel-add.svg
--- a/frontend/src/assets/Icons/group.svg
+++ b/frontend/src/assets/Icons/group.svg
--- a/frontend/src/assets/Icons/groupBy.svg
+++ b/frontend/src/assets/Icons/groupBy.svg
--- a/frontend/src/assets/Icons/hello-wave.svg
+++ b/frontend/src/assets/Icons/hello-wave.svg
--- a/frontend/src/assets/Icons/hurray.svg
+++ b/frontend/src/assets/Icons/hurray.svg
--- a/frontend/src/assets/Icons/infraContainers.svg
+++ b/frontend/src/assets/Icons/infraContainers.svg
--- a/frontend/src/assets/Icons/landscape.svg
+++ b/frontend/src/assets/Icons/landscape.svg
--- a/frontend/src/assets/Icons/loading-plane.gif
+++ b/frontend/src/assets/Icons/loading-plane.gif
--- a/frontend/src/assets/Icons/logs.svg
+++ b/frontend/src/assets/Icons/logs.svg
--- a/frontend/src/assets/Icons/no-data.svg
+++ b/frontend/src/assets/Icons/no-data.svg
--- a/frontend/src/assets/Icons/play-back.svg
+++ b/frontend/src/assets/Icons/play-back.svg
--- a/frontend/src/assets/Icons/redis-logo.svg
+++ b/frontend/src/assets/Icons/redis-logo.svg
--- a/frontend/src/assets/Icons/solid-check-circle.svg
+++ b/frontend/src/assets/Icons/solid-check-circle.svg
--- a/frontend/src/assets/Icons/solid-info-circle.svg
+++ b/frontend/src/assets/Icons/solid-info-circle.svg
--- a/frontend/src/assets/Icons/solid-x-circle.svg
+++ b/frontend/src/assets/Icons/solid-x-circle.svg
--- a/frontend/src/assets/Icons/spinner-half-blue.svg
+++ b/frontend/src/assets/Icons/spinner-half-blue.svg
--- a/frontend/src/assets/Icons/spinner.svg
+++ b/frontend/src/assets/Icons/spinner.svg
--- a/frontend/src/assets/Icons/status-inprogress-pill.svg
+++ b/frontend/src/assets/Icons/status-inprogress-pill.svg
--- a/frontend/src/assets/Icons/status-skipped-pill.svg
+++ b/frontend/src/assets/Icons/status-skipped-pill.svg
--- a/frontend/src/assets/Icons/tetra-pack.svg
+++ b/frontend/src/assets/Icons/tetra-pack.svg
--- a/frontend/src/assets/Icons/tools.svg
+++ b/frontend/src/assets/Icons/tools.svg
--- a/frontend/src/assets/Icons/triangle-ruler.svg
+++ b/frontend/src/assets/Icons/triangle-ruler.svg
--- a/frontend/src/assets/Icons/wrench.svg
+++ b/frontend/src/assets/Icons/wrench.svg
--- a/frontend/src/assets/Images/activeDot.svg
+++ b/frontend/src/assets/Images/activeDot.svg
--- a/frontend/src/assets/Images/allInOne.svg
+++ b/frontend/src/assets/Images/allInOne.svg
--- a/frontend/src/assets/Images/allInOneLightMode.svg
+++ b/frontend/src/assets/Images/allInOneLightMode.svg
--- a/frontend/src/assets/Images/blankDashboardTemplatePreview.svg
+++ b/frontend/src/assets/Images/blankDashboardTemplatePreview.svg
--- a/frontend/src/assets/Images/cloud.svg
+++ b/frontend/src/assets/Images/cloud.svg
--- a/frontend/src/assets/Images/dotted-divider.svg
+++ b/frontend/src/assets/Images/dotted-divider.svg
--- a/frontend/src/assets/Images/eyesEmoji.svg
+++ b/frontend/src/assets/Images/eyesEmoji.svg
--- a/frontend/src/assets/Images/feature-graphic-correlation.svg
+++ b/frontend/src/assets/Images/feature-graphic-correlation.svg
--- a/frontend/src/assets/Images/integrations-hero-bg.png
+++ b/frontend/src/assets/Images/integrations-hero-bg.png
--- a/frontend/src/assets/Images/notFound404.png
+++ b/frontend/src/assets/Images/notFound404.png
--- a/frontend/src/assets/Images/perilianBackground.svg
+++ b/frontend/src/assets/Images/perilianBackground.svg
--- a/frontend/src/assets/Images/redisTemplatePreview.svg
+++ b/frontend/src/assets/Images/redisTemplatePreview.svg
--- a/frontend/src/assets/Images/signoz-hero-image.webp
+++ b/frontend/src/assets/Images/signoz-hero-image.webp
--- a/frontend/src/assets/Logos/agno.svg
+++ b/frontend/src/assets/Logos/agno.svg
--- a/frontend/src/assets/Logos/amazon-bedrock.svg
+++ b/frontend/src/assets/Logos/amazon-bedrock.svg
--- a/frontend/src/assets/Logos/amazon-msk.svg
+++ b/frontend/src/assets/Logos/amazon-msk.svg
--- a/frontend/src/assets/Logos/android-java-monitoring.svg
+++ b/frontend/src/assets/Logos/android-java-monitoring.svg
--- a/frontend/src/assets/Logos/android-kotlin-monitoring.svg
+++ b/frontend/src/assets/Logos/android-kotlin-monitoring.svg
--- a/frontend/src/assets/Logos/angular.svg
+++ b/frontend/src/assets/Logos/angular.svg
--- a/frontend/src/assets/Logos/anthropic-api-monitoring.svg
+++ b/frontend/src/assets/Logos/anthropic-api-monitoring.svg
--- a/Show More
+++ b/Show More