fix: add adjustkeys in trace operator cte builder

2026-05-19 08:20:34 +01:00 · 2026-05-19 01:05:26 +05:30
23 changed files with 428 additions and 965 deletions
--- a/frontend/src/components/RolesSelect/RolesSelect.tsx
+++ b/frontend/src/components/RolesSelect/RolesSelect.tsx
@@ -144,7 +144,6 @@ function RolesSelect(props: RolesSelectProps): JSX.Element {
 				loading={loading}
 				notFoundContent={notFoundContent}
 				options={options}
-				optionFilterProp="label"
 				optionRender={(option): JSX.Element => (
 					<Checkbox
 						checked={value.includes(option.value as string)}
@@ -163,7 +162,6 @@ function RolesSelect(props: RolesSelectProps): JSX.Element {
 	return (
 		<Select
 			id={id}
-			showSearch
 			value={value || undefined}
 			onChange={onChange}
 			placeholder={placeholder}
@@ -172,7 +170,6 @@ function RolesSelect(props: RolesSelectProps): JSX.Element {
 			loading={loading}
 			notFoundContent={notFoundContent}
 			options={options}
-			optionFilterProp="label"
 			getPopupContainer={getPopupContainer}
 			disabled={disabled}
 		/>
--- a/frontend/src/constants/features.ts
+++ b/frontend/src/constants/features.ts
@@ -10,5 +10,4 @@ export enum FeatureKeys {
 	ONBOARDING_V3 = 'onboarding_v3',
 	DOT_METRICS_ENABLED = 'dot_metrics_enabled',
 	USE_JSON_BODY = 'use_json_body',
-	USE_FINE_GRAINED_AUTHZ = 'use_fine_grained_authz',
 }
--- a/frontend/src/container/FormAlertRules/index.tsx
+++ b/frontend/src/container/FormAlertRules/index.tsx
@@ -5,8 +5,7 @@ import { useQueryClient } from 'react-query';
 import { useSelector } from 'react-redux';
 import { useLocation } from 'react-router-dom';
 import { BellDot, CircleAlert, ExternalLink, Save } from '@signozhq/icons';
-import { Button, FormInstance, SelectProps } from 'antd';
-import { ConfirmDialog } from '@signozhq/ui/dialog';
+import { Button, FormInstance, Modal, SelectProps } from 'antd';
 import { Typography } from '@signozhq/ui/typography';
 import logEvent from 'api/common/logEvent';
 import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
@@ -163,7 +162,6 @@ function FormAlertRules({
 	const alertTypeFromURL = urlQuery.get(QueryParams.ruleType);

 	const [detectionMethod, setDetectionMethod] = useState<string | null>(null);
-	const [isConfirmSaveOpen, setIsConfirmSaveOpen] = useState(false);

 	useEffect(() => {
 		if (!isEqual(currentQuery.unit, yAxisUnit)) {
@@ -579,16 +577,19 @@ function FormAlertRules({
 			});

 			// invalidate rule in cache
-			await ruleCache.invalidateQueries([
+			ruleCache.invalidateQueries([
 				REACT_QUERY_KEY.ALERT_RULE_DETAILS,
 				`${ruleId}`,
 			]);

-			urlQuery.delete(QueryParams.compositeQuery);
-			urlQuery.delete(QueryParams.panelTypes);
-			urlQuery.delete(QueryParams.ruleId);
-			urlQuery.delete(QueryParams.relativeTime);
-			safeNavigate(`${ROUTES.LIST_ALL_ALERT}?${urlQuery.toString()}`);
+			// eslint-disable-next-line sonarjs/no-identical-functions
+			setTimeout(() => {
+				urlQuery.delete(QueryParams.compositeQuery);
+				urlQuery.delete(QueryParams.panelTypes);
+				urlQuery.delete(QueryParams.ruleId);
+				urlQuery.delete(QueryParams.relativeTime);
+				safeNavigate(`${ROUTES.LIST_ALL_ALERT}?${urlQuery.toString()}`);
+			}, 2000);
 		} catch (e) {
 			const apiError = convertToApiError(e as AxiosError<RenderErrorResponseDTO>);
 			logData = {
@@ -624,9 +625,24 @@ function FormAlertRules({
 		urlQuery,
 	]);

-	const onSaveHandler = useCallback(() => {
-		setIsConfirmSaveOpen(true);
-	}, []);
+	const onSaveHandler = useCallback(async () => {
+		const content = (
+			<Typography.Text>
+				{' '}
+				{t('confirm_save_content_part1')}{' '}
+				<QueryTypeTag queryType={currentQuery.queryType} />{' '}
+				{t('confirm_save_content_part2')}
+			</Typography.Text>
+		);
+		Modal.confirm({
+			icon: <CircleAlert size="md" />,
+			title: t('confirm_save_title'),
+			centered: true,
+			content,
+			onOk: saveRule,
+			className: 'create-alert-modal',
+		});
+	}, [t, saveRule, currentQuery]);

 	const onTestRuleHandler = useCallback(async () => {
 		if (!isFormValid()) {
@@ -972,27 +988,6 @@ function FormAlertRules({
 					</ButtonContainer>
 				</MainFormContainer>
 			</div>
-
-			<ConfirmDialog
-				open={isConfirmSaveOpen}
-				onOpenChange={setIsConfirmSaveOpen}
-				title={t('confirm_save_title')}
-				titleIcon={<CircleAlert size={14} />}
-				confirmText="OK"
-				confirmColor="primary"
-				onConfirm={async (): Promise<boolean> => {
-					await saveRule();
-					return true;
-				}}
-				onCancel={() => setIsConfirmSaveOpen(false)}
-				width="narrow"
-			>
-				<Typography.Text>
-					{t('confirm_save_content_part1')}{' '}
-					<QueryTypeTag queryType={currentQuery.queryType} />{' '}
-					{t('confirm_save_content_part2')}
-				</Typography.Text>
-			</ConfirmDialog>
 		</>
 	);
 }
--- a/frontend/src/container/ListOfDashboard/DashboardActions.module.scss
+++ b/frontend/src/container/ListOfDashboard/DashboardActions.module.scss
@@ -1,36 +0,0 @@
-.actionContent {
-	display: flex;
-	flex-direction: column;
-}
-
-.actionBtn {
-	display: flex;
-	padding: 8px;
-	height: unset;
-	align-items: center;
-	gap: 6px;
-	color: var(--l2-foreground);
-	font-family: Inter;
-	font-size: 12px;
-	font-weight: 400;
-	line-height: normal;
-	letter-spacing: 0.14px;
-
-	:global(.ant-icon-btn) {
-		margin-inline-end: 0px;
-	}
-}
-
-.deleteBtn {
-	composes: actionBtn;
-	color: var(--danger-background) !important;
-	border-top: 1px solid var(--l1-border);
-}
-
-.deleteBtn:hover {
-	background-color: color-mix(in srgb, var(--l1-foreground) 12%, transparent);
-}
-
-.deleteModal :global(.ant-modal-confirm-body) {
-	align-items: center;
-}
--- a/frontend/src/container/ListOfDashboard/DashboardList.styles.scss
+++ b/frontend/src/container/ListOfDashboard/DashboardList.styles.scss
@@ -745,6 +745,52 @@
 		box-shadow: 4px 10px 16px 2px rgba(0, 0, 0, 0.2);
 		backdrop-filter: blur(20px);
 		padding: 0px;
+
+		.dashboard-action-content {
+			.section-1 {
+				display: flex;
+				flex-direction: column;
+
+				.action-btn {
+					display: flex;
+					padding: 8px;
+					height: unset;
+					align-items: center;
+					gap: 6px;
+					color: var(--l2-foreground);
+					font-family: Inter;
+					font-size: 12px;
+					font-style: normal;
+					font-weight: 400;
+					line-height: normal;
+					letter-spacing: 0.14px;
+
+					.ant-icon-btn {
+						margin-inline-end: 0px;
+					}
+				}
+			}
+
+			.section-2 {
+				display: flex;
+				flex-direction: column;
+				border-top: 1px solid var(--l1-border);
+
+				.ant-typography {
+					display: flex;
+					padding: 12px 8px;
+					align-items: center;
+					gap: 6px;
+					color: var(--bg-cherry-400) !important;
+					font-family: Inter;
+					font-size: 12px;
+					font-style: normal;
+					font-weight: 400;
+					line-height: normal;
+					letter-spacing: 0.14px;
+				}
+			}
+		}
 	}
 }

--- a/frontend/src/container/ListOfDashboard/DashboardsList.tsx
+++ b/frontend/src/container/ListOfDashboard/DashboardsList.tsx
@@ -102,7 +102,6 @@ import {
 	filterDashboards,
 } from './utils';

-import styles from './DashboardActions.module.scss';
 import './DashboardList.styles.scss';

 // eslint-disable-next-line sonarjs/cognitive-complexity
@@ -437,53 +436,57 @@ function DashboardsList(): JSX.Element {
 							{action && (
 								<Popover
 									content={
-										<div className={styles.actionContent}>
-											<Button
-												type="text"
-												className={styles.actionBtn}
-												icon={<Expand size={12} />}
-												onClick={onClickHandler}
-											>
-												View
-											</Button>
-											<Button
-												type="text"
-												className={styles.actionBtn}
-												icon={<SquareArrowOutUpRight size={12} />}
-												onClick={(e): void => {
-													e.stopPropagation();
-													e.preventDefault();
-													openInNewTab(getLink());
-												}}
-											>
-												Open in New Tab
-											</Button>
-											<Button
-												type="text"
-												className={styles.actionBtn}
-												icon={<Link2 size={12} />}
-												onClick={(e): void => {
-													e.stopPropagation();
-													e.preventDefault();
-													setCopy(getAbsoluteUrl(getLink()));
-												}}
-											>
-												Copy Link
-											</Button>
-											<Button
-												type="text"
-												className={styles.actionBtn}
-												icon={<FileJson size={12} />}
-												onClick={handleJsonExport}
-											>
-												Export JSON
-											</Button>
-											<DeleteButton
-												name={dashboard.name}
-												id={dashboard.id}
-												isLocked={dashboard.isLocked}
-												createdBy={dashboard.createdBy}
-											/>
+										<div className="dashboard-action-content">
+											<section className="section-1">
+												<Button
+													type="text"
+													className="action-btn"
+													icon={<Expand size={12} />}
+													onClick={onClickHandler}
+												>
+													View
+												</Button>
+												<Button
+													type="text"
+													className="action-btn"
+													icon={<SquareArrowOutUpRight size={12} />}
+													onClick={(e): void => {
+														e.stopPropagation();
+														e.preventDefault();
+														openInNewTab(getLink());
+													}}
+												>
+													Open in New Tab
+												</Button>
+												<Button
+													type="text"
+													className="action-btn"
+													icon={<Link2 size={12} />}
+													onClick={(e): void => {
+														e.stopPropagation();
+														e.preventDefault();
+														setCopy(getAbsoluteUrl(getLink()));
+													}}
+												>
+													Copy Link
+												</Button>
+												<Button
+													type="text"
+													className="action-btn"
+													icon={<FileJson size={12} />}
+													onClick={handleJsonExport}
+												>
+													Export JSON
+												</Button>
+											</section>
+											<section className="section-2">
+												<DeleteButton
+													name={dashboard.name}
+													id={dashboard.id}
+													isLocked={dashboard.isLocked}
+													createdBy={dashboard.createdBy}
+												/>
+											</section>
 										</div>
 									}
 									placement="bottomRight"
--- a/frontend/src/container/ListOfDashboard/TableComponents/DeleteButton.styles.scss
+++ b/frontend/src/container/ListOfDashboard/TableComponents/DeleteButton.styles.scss
@@ -0,0 +1,9 @@
+.delete-modal {
+	.ant-modal-confirm-body {
+		align-items: center;
+	}
+}
+
+.delete-btn:hover {
+	background-color: color-mix(in srgb, var(--l1-foreground) 12%, transparent);
+}
--- a/frontend/src/container/ListOfDashboard/TableComponents/DeleteButton.tsx
+++ b/frontend/src/container/ListOfDashboard/TableComponents/DeleteButton.tsx
@@ -2,7 +2,7 @@ import { useCallback } from 'react';
 import { useTranslation } from 'react-i18next';
 import { useQueryClient } from 'react-query';
 import { CircleAlert, Trash2 } from '@signozhq/icons';
-import { Button, Modal, Tooltip } from 'antd';
+import { Flex, Modal, Tooltip } from 'antd';
 import { Typography } from '@signozhq/ui/typography';
 import { REACT_QUERY_KEY } from 'constants/reactQueryKeys';
 import ROUTES from 'constants/routes';
@@ -12,8 +12,10 @@ import history from 'lib/history';
 import { useAppContext } from 'providers/App/App';
 import { USER_ROLES } from 'types/roles';

-import styles from '../DashboardActions.module.scss';
 import { Data } from '../DashboardsList';
+import { TableLinkText } from './styles';
+
+import './DeleteButton.styles.scss';

 interface DeleteButtonProps {
 	createdBy: string;
@@ -83,7 +85,7 @@ export function DeleteButton({
 				},
 			},
 			centered: true,
-			className: styles.deleteModal,
+			className: 'delete-modal',
 		});
 	}, [
 		modal,
@@ -107,16 +109,10 @@ export function DeleteButton({
 		return '';
 	};

-	const isDisabled = isLocked || (user.role === USER_ROLES.VIEWER && !isAuthor);
-
 	return (
 		<>
 			<Tooltip placement="left" title={getDeleteTooltipContent()}>
-				<Button
-					type="text"
-					className={styles.deleteBtn}
-					icon={<Trash2 size={12} />}
-					disabled={isDisabled}
+				<TableLinkText
 					onClick={(e): void => {
 						e.preventDefault();
 						e.stopPropagation();
@@ -124,9 +120,13 @@ export function DeleteButton({
 							openConfirmationDialog();
 						}
 					}}
+					className="delete-btn"
+					disabled={isLocked || (user.role === USER_ROLES.VIEWER && !isAuthor)}
 				>
-					Delete Dashboard
-				</Button>
+					<Flex align="center" justify="center" gap={4}>
+						<Trash2 size={14} /> Delete dashboard
+					</Flex>
+				</TableLinkText>
 			</Tooltip>

 			{contextHolder}
--- a/frontend/src/container/ListOfDashboard/TableComponents/styles.ts
+++ b/frontend/src/container/ListOfDashboard/TableComponents/styles.ts
@@ -0,0 +1,8 @@
+import styled from 'styled-components';
+
+export const TableLinkText = styled.span<{ disabled: boolean }>`
+	color: var(--destructive);
+	cursor: ${({ disabled }): string => (disabled ? 'not-allowed' : 'pointer')};
+	${({ disabled }): string => (disabled ? 'opacity: 0.5;' : '')}
+	padding: var(--spacing-3) var(--spacing-4);
+`;
--- a/frontend/src/container/RolesSettings/RoleDetails/RoleDetailsPage.tsx
+++ b/frontend/src/container/RolesSettings/RoleDetails/RoleDetailsPage.tsx
@@ -21,13 +21,14 @@ import {
 	buildRoleUpdatePermission,
 } from 'hooks/useAuthZ/permissions/role.permissions';
 import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
-import { useRolesFeatureGate } from 'hooks/useRolesFeatureGate';

 import type { AuthzResources } from '../utils';
 import ErrorInPlace from 'components/ErrorInPlace/ErrorInPlace';
 import ROUTES from 'constants/routes';
 import { capitalize } from 'lodash-es';
+import { useAppContext } from 'providers/App/App';
 import { useErrorModal } from 'providers/ErrorModalProvider';
+import { LicenseStatus } from 'types/api/licensesV3/getActive';
 import { RoleType } from 'types/roles';
 import { handleApiError, toAPIError } from 'utils/errorUtils';

@@ -53,8 +54,7 @@ function RoleDetailsPage(): JSX.Element {

 	const queryClient = useQueryClient();
 	const { showErrorModal } = useErrorModal();
-	const { isRolesEnabled, isLoading: isRolesGateLoading } =
-		useRolesFeatureGate();
+	const { activeLicense, isFetchingActiveLicense } = useAppContext();

 	const authzResources: AuthzResources = permissionsType.data;

@@ -161,7 +161,7 @@ function RoleDetailsPage(): JSX.Element {
 		},
 	});

-	if (isRolesGateLoading) {
+	if (isFetchingActiveLicense) {
 		return (
 			<div className="role-details-page">
 				<Skeleton
@@ -173,7 +173,7 @@ function RoleDetailsPage(): JSX.Element {
 		);
 	}

-	if (!isRolesEnabled) {
+	if (activeLicense?.status !== LicenseStatus.VALID) {
 		return <Redirect to={ROUTES.ROLES_SETTINGS} />;
 	}

--- a/frontend/src/container/RolesSettings/RoleDetails/tests/RoleDetailsPage.test.tsx
+++ b/frontend/src/container/RolesSettings/RoleDetails/tests/RoleDetailsPage.test.tsx
@@ -7,7 +7,6 @@ import { server } from 'mocks-server/server';
 import { rest } from 'msw';
 import { Route, Switch } from 'react-router-dom';
 import {
-	defaultFeatureFlags,
 	fireEvent,
 	render,
 	screen,
@@ -15,7 +14,6 @@ import {
 	waitFor,
 	within,
 } from 'tests/test-utils';
-import { FeatureKeys } from 'constants/features';
 import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
 import {
 	invalidLicense,
@@ -256,34 +254,6 @@ describe('RoleDetailsPage', () => {
 		).resolves.toBeInTheDocument();
 	});

-	it('redirects to the roles list when fine-grained authz flag is inactive', async () => {
-		render(
-			<Switch>
-				<Route path="/settings/roles/:roleId">
-					<RoleDetailsPage />
-				</Route>
-				<Route path="/settings/roles" exact>
-					<div data-testid="roles-list-redirect-target" />
-				</Route>
-			</Switch>,
-			undefined,
-			{
-				initialRoute: `/settings/roles/${CUSTOM_ROLE_ID}`,
-				appContextOverrides: {
-					featureFlags: defaultFeatureFlags.map((f) =>
-						f.name === FeatureKeys.USE_FINE_GRAINED_AUTHZ
-							? { ...f, active: false }
-							: f,
-					),
-				},
-			},
-		);
-
-		await expect(
-			screen.findByTestId('roles-list-redirect-target'),
-		).resolves.toBeInTheDocument();
-	});
-
 	describe('permission side panel', () => {
 		beforeEach(() => {
 			// Both hooks mocked so data renders synchronously — no React Query scheduler or MSW round-trip.
--- a/frontend/src/container/RolesSettings/RolesComponents/RolesListingTable.tsx
+++ b/frontend/src/container/RolesSettings/RolesComponents/RolesListingTable.tsx
@@ -9,10 +9,11 @@ import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
 import ROUTES from 'constants/routes';
 import { RoleListPermission } from 'hooks/useAuthZ/permissions/role.permissions';
 import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
-import { useRolesFeatureGate } from 'hooks/useRolesFeatureGate';
 import useUrlQuery from 'hooks/useUrlQuery';
 import LineClampedText from 'periscope/components/LineClampedText/LineClampedText';
+import { useAppContext } from 'providers/App/App';
 import { useTimezone } from 'providers/Timezone';
+import { LicenseStatus } from 'types/api/licensesV3/getActive';
 import { RoleType } from 'types/roles';
 import { toAPIError } from 'utils/errorUtils';

@@ -31,7 +32,8 @@ interface RolesListingTableProps {
 function RolesListingTable({
 	searchQuery,
 }: RolesListingTableProps): JSX.Element {
-	const { isRolesEnabled } = useRolesFeatureGate();
+	const { activeLicense } = useAppContext();
+	const isValidLicense = activeLicense?.status === LicenseStatus.VALID;

 	const { permissions: listPerms, isLoading: isAuthZLoading } = useAuthZ([
 		RoleListPermission,
@@ -206,11 +208,11 @@ function RolesListingTable({
 	const renderRow = (role: AuthtypesRoleDTO): JSX.Element => (
 		<div
 			key={role.id}
-			className={`roles-table-row${isRolesEnabled ? ' roles-table-row--clickable' : ''}`}
-			role={isRolesEnabled ? 'button' : undefined}
-			tabIndex={isRolesEnabled ? 0 : undefined}
+			className={`roles-table-row${isValidLicense ? ' roles-table-row--clickable' : ''}`}
+			role={isValidLicense ? 'button' : undefined}
+			tabIndex={isValidLicense ? 0 : undefined}
 			onClick={
-				isRolesEnabled
+				isValidLicense
 					? (): void => {
 							if (role.id) {
 								navigateToRole(role.id, role.name);
@@ -219,7 +221,7 @@ function RolesListingTable({
 					: undefined
 			}
 			onKeyDown={
-				isRolesEnabled
+				isValidLicense
 					? (e): void => {
 							if ((e.key === 'Enter' || e.key === ' ') && role.id) {
 								navigateToRole(role.id, role.name);
--- a/frontend/src/container/RolesSettings/RolesSettings.tsx
+++ b/frontend/src/container/RolesSettings/RolesSettings.tsx
@@ -4,7 +4,8 @@ import { Button } from '@signozhq/ui/button';
 import { Input } from '@signozhq/ui/input';
 import AuthZTooltip from 'components/AuthZTooltip/AuthZTooltip';
 import { RoleCreatePermission } from 'hooks/useAuthZ/permissions/role.permissions';
-import { useRolesFeatureGate } from 'hooks/useRolesFeatureGate';
+import { useAppContext } from 'providers/App/App';
+import { LicenseStatus } from 'types/api/licensesV3/getActive';

 import CreateRoleModal from './RolesComponents/CreateRoleModal';
 import RolesListingTable from './RolesComponents/RolesListingTable';
@@ -14,7 +15,8 @@ import './RolesSettings.styles.scss';
 function RolesSettings(): JSX.Element {
 	const [searchQuery, setSearchQuery] = useState('');
 	const [isCreateModalOpen, setIsCreateModalOpen] = useState(false);
-	const { isRolesEnabled } = useRolesFeatureGate();
+	const { activeLicense } = useAppContext();
+	const isValidLicense = activeLicense?.status === LicenseStatus.VALID;

 	return (
 		<div className="roles-settings" data-testid="roles-settings">
@@ -40,7 +42,7 @@ function RolesSettings(): JSX.Element {
 						value={searchQuery}
 						onChange={(e): void => setSearchQuery(e.target.value)}
 					/>
-					{isRolesEnabled && (
+					{isValidLicense && (
 						<AuthZTooltip checks={[RoleCreatePermission]}>
 							<Button
 								variant="solid"
--- a/frontend/src/container/RolesSettings/tests/RolesSettings.test.tsx
+++ b/frontend/src/container/RolesSettings/tests/RolesSettings.test.tsx
@@ -4,13 +4,7 @@ import {
 } from 'mocks-server/__mockdata__/roles';
 import { server } from 'mocks-server/server';
 import { rest } from 'msw';
-import {
-	defaultFeatureFlags,
-	fireEvent,
-	render,
-	screen,
-} from 'tests/test-utils';
-import { FeatureKeys } from 'constants/features';
+import { fireEvent, render, screen } from 'tests/test-utils';
 import { useAuthZ } from 'hooks/useAuthZ/useAuthZ';
 import { invalidLicense, mockUseAuthZGrantAll } from 'tests/authz-test-utils';

@@ -182,30 +176,6 @@ describe('RolesSettings', () => {
 		}
 	});

-	it('hides the create button and disables row clicks when fine-grained authz flag is inactive', async () => {
-		render(<RolesSettings />, undefined, {
-			appContextOverrides: {
-				featureFlags: defaultFeatureFlags.map((f) =>
-					f.name === FeatureKeys.USE_FINE_GRAINED_AUTHZ
-						? { ...f, active: false }
-						: f,
-				),
-			},
-		});
-
-		await expect(screen.findByText('signoz-admin')).resolves.toBeInTheDocument();
-
-		expect(
-			screen.queryByRole('button', { name: /custom role/i }),
-		).not.toBeInTheDocument();
-
-		const rows = document.querySelectorAll('.roles-table-row');
-		rows.forEach((row) => {
-			expect(row).not.toHaveClass('roles-table-row--clickable');
-			expect(row.getAttribute('role')).not.toBe('button');
-		});
-	});
-
 	it('hides the create button and disables row clicks when license is not valid', async () => {
 		render(<RolesSettings />, undefined, {
 			appContextOverrides: { activeLicense: invalidLicense },
--- a/frontend/src/hooks/useRolesFeatureGate.ts
+++ b/frontend/src/hooks/useRolesFeatureGate.ts
@@ -1,27 +0,0 @@
-import { FeatureKeys } from 'constants/features';
-import { useAppContext } from 'providers/App/App';
-import { LicenseStatus } from 'types/api/licensesV3/getActive';
-
-export const useRolesFeatureGate = (): {
-	isRolesEnabled: boolean;
-	isLoading: boolean;
-} => {
-	const {
-		activeLicense,
-		featureFlags,
-		isFetchingActiveLicense,
-		isFetchingFeatureFlags,
-	} = useAppContext();
-
-	const isValidLicense = activeLicense?.status === LicenseStatus.VALID;
-	const isFineGrainedAuthzEnabled =
-		featureFlags?.find((f) => f.name === FeatureKeys.USE_FINE_GRAINED_AUTHZ)
-			?.active ?? false;
-
-	return {
-		isRolesEnabled: isValidLicense && isFineGrainedAuthzEnabled,
-		isLoading:
-			(isFetchingActiveLicense && !activeLicense) ||
-			(isFetchingFeatureFlags && !featureFlags),
-	};
-};
--- a/frontend/src/tests/test-utils.tsx
+++ b/frontend/src/tests/test-utils.tsx
@@ -105,59 +105,6 @@ jest.mock('react-i18next', () => ({
 	}),
 }));

-export const defaultFeatureFlags = [
-	{ name: FeatureKeys.SSO, active: true, usage: 0, usage_limit: -1, route: '' },
-	{
-		name: FeatureKeys.USE_SPAN_METRICS,
-		active: false,
-		usage: 0,
-		usage_limit: -1,
-		route: '',
-	},
-	{
-		name: FeatureKeys.GATEWAY,
-		active: true,
-		usage: 0,
-		usage_limit: -1,
-		route: '',
-	},
-	{
-		name: FeatureKeys.PREMIUM_SUPPORT,
-		active: true,
-		usage: 0,
-		usage_limit: -1,
-		route: '',
-	},
-	{
-		name: FeatureKeys.ANOMALY_DETECTION,
-		active: true,
-		usage: 0,
-		usage_limit: -1,
-		route: '',
-	},
-	{
-		name: FeatureKeys.ONBOARDING,
-		active: true,
-		usage: 0,
-		usage_limit: -1,
-		route: '',
-	},
-	{
-		name: FeatureKeys.CHAT_SUPPORT,
-		active: true,
-		usage: 0,
-		usage_limit: -1,
-		route: '',
-	},
-	{
-		name: FeatureKeys.USE_FINE_GRAINED_AUTHZ,
-		active: true,
-		usage: 0,
-		usage_limit: -1,
-		route: '',
-	},
-];
-
 export function getAppContextMock(
 	role: string,
 	appContextOverrides?: Partial<IAppContext>,
@@ -221,7 +168,57 @@ export function getAppContextMock(
 		hasEditPermission: role === USER_ROLES.ADMIN || role === USER_ROLES.EDITOR,
 		isFetchingUser: false,
 		userFetchError: null,
-		featureFlags: defaultFeatureFlags,
+		featureFlags: [
+			{
+				name: FeatureKeys.SSO,
+				active: true,
+				usage: 0,
+				usage_limit: -1,
+				route: '',
+			},
+			{
+				name: FeatureKeys.USE_SPAN_METRICS,
+				active: false,
+				usage: 0,
+				usage_limit: -1,
+				route: '',
+			},
+			{
+				name: FeatureKeys.GATEWAY,
+				active: true,
+				usage: 0,
+				usage_limit: -1,
+				route: '',
+			},
+			{
+				name: FeatureKeys.PREMIUM_SUPPORT,
+				active: true,
+				usage: 0,
+				usage_limit: -1,
+				route: '',
+			},
+			{
+				name: FeatureKeys.ANOMALY_DETECTION,
+				active: true,
+				usage: 0,
+				usage_limit: -1,
+				route: '',
+			},
+			{
+				name: FeatureKeys.ONBOARDING,
+				active: true,
+				usage: 0,
+				usage_limit: -1,
+				route: '',
+			},
+			{
+				name: FeatureKeys.CHAT_SUPPORT,
+				active: true,
+				usage: 0,
+				usage_limit: -1,
+				route: '',
+			},
+		],
 		isFetchingFeatureFlags: false,
 		featureFlagsFetchError: null,
 		hostsData: null,
--- a/pkg/telemetrytraces/statement_builder.go
+++ b/pkg/telemetrytraces/statement_builder.go
@@ -124,7 +124,7 @@ func (b *traceQueryStatementBuilder) Build(
 		-------------------------------- End of tech debt ----------------------------
 	*/

-	query = b.adjustKeys(ctx, keys, query, requestType)
+	adjustTraceKeys(ctx, b.logger, keys, &query, requestType)

 	// Create SQL builder
 	q := sqlbuilder.NewSelectBuilder()
@@ -193,24 +193,25 @@ func getKeySelectors(query qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation])
 	return keySelectors
 }

-func (b *traceQueryStatementBuilder) adjustKeys(ctx context.Context, keys map[string][]*telemetrytypes.TelemetryFieldKey, query qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation], requestType qbtypes.RequestType) qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation] {
-
-	// add deprecated fields only during statement building
-	// why?
-	// 1. to not fail filter expression that use deprecated cols
-	// 2. this could have been moved to metadata fetching itself, however, that
-	// would mean, they also show up in suggestions we we don't want to do
-	// 3. reason for not doing a simple append is to keep intrinsic/calculated field first so that it gets
-	// priority in multi_if sql expression
+// mergeDeprecatedTraceKeys prepends deprecated intrinsic/calculated trace field
+// definitions to the keys map so that filter expressions referencing deprecated
+// columns continue to resolve. Prepending keeps the intrinsic/calculated entry
+// first so it wins in the multi_if SQL expression.
+func mergeDeprecatedTraceKeys(keys map[string][]*telemetrytypes.TelemetryFieldKey) {
 	for fieldKeyName, fieldKey := range IntrinsicFieldsDeprecated {
 		keys[fieldKeyName] = append([]*telemetrytypes.TelemetryFieldKey{&fieldKey}, keys[fieldKeyName]...)
 	}
 	for fieldKeyName, fieldKey := range CalculatedFieldsDeprecated {
 		keys[fieldKeyName] = append([]*telemetrytypes.TelemetryFieldKey{&fieldKey}, keys[fieldKeyName]...)
 	}
+}
+
+func adjustTraceKeys(ctx context.Context, logger *slog.Logger, keys map[string][]*telemetrytypes.TelemetryFieldKey, query *qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation], requestType qbtypes.RequestType) {
+
+	mergeDeprecatedTraceKeys(keys)

 	// Adjust keys for alias expressions in aggregations
-	actions := querybuilder.AdjustKeysForAliasExpressions(&query, requestType)
+	actions := querybuilder.AdjustKeysForAliasExpressions(query, requestType)

 	/*
 		Check if user is using multiple contexts or data types for same field name
@@ -228,7 +229,7 @@ func (b *traceQueryStatementBuilder) adjustKeys(ctx context.Context, keys map[st
 		and make it just http.status_code and remove the duplicate entry.
 	*/

-	actions = append(actions, querybuilder.AdjustDuplicateKeys(&query)...)
+	actions = append(actions, querybuilder.AdjustDuplicateKeys(query)...)

 	/*
 		Now adjust each key to have correct context and data type
@@ -236,24 +237,24 @@ func (b *traceQueryStatementBuilder) adjustKeys(ctx context.Context, keys map[st
 		Reason for doing this is to not create an unexpected behavior for users
 	*/
 	for idx := range query.SelectFields {
-		actions = append(actions, b.adjustKey(&query.SelectFields[idx], keys)...)
+		actions = append(actions, adjustTraceKey(&query.SelectFields[idx], keys)...)
 	}
 	for idx := range query.GroupBy {
-		actions = append(actions, b.adjustKey(&query.GroupBy[idx].TelemetryFieldKey, keys)...)
+		actions = append(actions, adjustTraceKey(&query.GroupBy[idx].TelemetryFieldKey, keys)...)
 	}
 	for idx := range query.Order {
-		actions = append(actions, b.adjustKey(&query.Order[idx].Key.TelemetryFieldKey, keys)...)
+		actions = append(actions, adjustTraceKey(&query.Order[idx].Key.TelemetryFieldKey, keys)...)
 	}

 	for _, action := range actions {
 		// TODO: change to debug level once we are confident about the behavior
-		b.logger.InfoContext(ctx, "key adjustment action", slog.String("action", action))
+		logger.InfoContext(ctx, "key adjustment action", slog.String("action", action))
 	}
-
-	return query
 }

-func (b *traceQueryStatementBuilder) adjustKey(key *telemetrytypes.TelemetryFieldKey, keys map[string][]*telemetrytypes.TelemetryFieldKey) []string {
+// adjustTraceKey resolves a single TelemetryFieldKey against the keys map,
+// preferring intrinsic/calculated field definitions when the name matches one.
+func adjustTraceKey(key *telemetrytypes.TelemetryFieldKey, keys map[string][]*telemetrytypes.TelemetryFieldKey) []string {

 	// for recording actions taken
 	actions := []string{}
--- a/pkg/telemetrytraces/stmt_builder_test.go
+++ b/pkg/telemetrytraces/stmt_builder_test.go
@@ -1125,28 +1125,13 @@ func TestAdjustKey(t *testing.T) {
 		},
 	}

-	fm := NewFieldMapper()
-	cb := NewConditionBuilder(fm)
-	mockMetadataStore := telemetrytypestest.NewMockMetadataStore()
-	fl := flaggertest.New(t)
-	aggExprRewriter := querybuilder.NewAggExprRewriter(instrumentationtest.New().ToProviderSettings(), nil, fm, cb, nil, fl)
-	statementBuilder := NewTraceQueryStatementBuilder(
-		instrumentationtest.New().ToProviderSettings(),
-		mockMetadataStore,
-		fm,
-		cb,
-		aggExprRewriter,
-		nil,
-		fl,
-	)
-
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
 			// Create a copy of the input key to avoid modifying the original
 			key := c.inputKey

 			// Call adjustKey
-			statementBuilder.adjustKey(&key, c.keysMap)
+			adjustTraceKey(&key, c.keysMap)

 			// Verify the key was adjusted as expected
 			require.Equal(t, c.expectedKey.Name, key.Name, "key name should match")
@@ -1424,7 +1409,7 @@ func TestAdjustKeys(t *testing.T) {
 			}

 			// Call adjustKeys
-			c.query = statementBuilder.adjustKeys(context.Background(), keysMapCopy, c.query, qbtypes.RequestTypeScalar)
+			adjustTraceKeys(context.Background(), statementBuilder.logger, keysMapCopy, &c.query, qbtypes.RequestTypeScalar)

 			// Verify select fields were adjusted
 			if c.expectedSelectFields != nil {
--- a/pkg/telemetrytraces/trace_operator_cte_builder.go
+++ b/pkg/telemetrytraces/trace_operator_cte_builder.go
@@ -70,39 +70,12 @@ func (b *traceOperatorCTEBuilder) build(ctx context.Context, requestType qbtypes

 	selectFromCTE := rootCTEName
 	if b.operator.ReturnSpansFrom != "" {
-		sourceQueryCTE := b.queryToCTEName[b.operator.ReturnSpansFrom]
-		if sourceQueryCTE == "" {
+		selectFromCTE = b.queryToCTEName[b.operator.ReturnSpansFrom]
+		if selectFromCTE == "" {
 			return nil, errors.NewInvalidInputf(errors.CodeInvalidInput,
 				"returnSpansFrom references query '%s' which has no corresponding CTE",
 				b.operator.ReturnSpansFrom)
 		}
-		filteredCTEName := fmt.Sprintf("__return_from_%s", b.operator.ReturnSpansFrom)
-
-		// DISTINCT is essential here. The operator CTE (rootCTEName) holds one row
-		// per matching *span*, not one row per matching *trace*. A single trace can
-		// satisfy the operator through multiple spans — e.g. for "A -> B", every
-		// A-span that is an indirect ancestor of any B-span appears as a separate
-		// row. If we joined sourceQueryCTE directly against rootCTEName on trace_id,
-		// each source span would be duplicated once for every operator-matching span
-		// on the same trace. DISTINCT collapses rootCTEName to one row per trace_id,
-		// making the join a clean membership test with no fan-out.
-		matchingTracedSB := sqlbuilder.NewSelectBuilder()
-		matchingTracedSB.Select("DISTINCT trace_id")
-		matchingTracedSB.From(rootCTEName)
-		matchedTracesSQL, matchedTracesArgs := matchingTracedSB.BuildWithFlavor(sqlbuilder.ClickHouse)
-
-		filteredSB := sqlbuilder.NewSelectBuilder()
-		filteredSB.Select("src.*")
-		filteredSB.From(fmt.Sprintf("%s AS src", sourceQueryCTE))
-		filteredSB.JoinWithOption(
-			sqlbuilder.InnerJoin,
-			fmt.Sprintf("(%s) AS matched_traces", matchedTracesSQL),
-			"src.trace_id = matched_traces.trace_id",
-		)
-		filteredSQL, filteredArgs := filteredSB.BuildWithFlavor(sqlbuilder.ClickHouse, matchedTracesArgs...)
-
-		b.addCTE(filteredCTEName, filteredSQL, filteredArgs, []string{sourceQueryCTE, rootCTEName})
-		selectFromCTE = filteredCTEName
 	}

 	finalStmt, err := b.buildFinalQuery(ctx, selectFromCTE, requestType)
@@ -224,6 +197,14 @@ func (b *traceOperatorCTEBuilder) buildQueryCTE(ctx context.Context, queryName s
 	}
 	b.stmtBuilder.logger.DebugContext(ctx, "Retrieved keys for query", slog.String("query_name", queryName), slog.Int("keys_count", len(keys)))

+	// RequestTypeRaw is correct here regardless of the operator's outer
+	// request type: this CTE is a raw projection of spans matching the filter
+	// (no aggregations, no GroupBy, no OrderBy) — aggregation/grouping happens
+	// in buildFinalQuery on top of the CTE. AdjustKeysForAliasExpressions
+	// (the only requestType-sensitive step inside adjustTraceKeys) is a
+	// no-op for raw.
+	adjustTraceKeys(ctx, b.stmtBuilder.logger, keys, query, qbtypes.RequestTypeRaw)
+
 	// Build resource filter CTE for this specific query
 	resourceFilterCTEName := fmt.Sprintf("__resource_filter_%s", cteName)
 	resourceStmt, err := b.buildResourceFilterCTE(ctx, *query)
@@ -425,21 +406,28 @@ func (b *traceOperatorCTEBuilder) buildNotCTE(leftCTE, rightCTE string) (string,
 }

 func (b *traceOperatorCTEBuilder) buildFinalQuery(ctx context.Context, selectFromCTE string, requestType qbtypes.RequestType) (*qbtypes.Statement, error) {
+	keySelectors := b.getKeySelectors()
+	keys, _, err := b.stmtBuilder.metadataStore.GetKeysMulti(ctx, keySelectors)
+	if err != nil {
+		return nil, err
+	}
+	b.adjustOperatorKeys(keys)
+
 	switch requestType {
 	case qbtypes.RequestTypeRaw:
-		return b.buildListQuery(ctx, selectFromCTE)
+		return b.buildListQuery(ctx, selectFromCTE, keys)
 	case qbtypes.RequestTypeTimeSeries:
-		return b.buildTimeSeriesQuery(ctx, selectFromCTE)
+		return b.buildTimeSeriesQuery(ctx, selectFromCTE, keys)
 	case qbtypes.RequestTypeTrace:
-		return b.buildTraceQuery(ctx, selectFromCTE)
+		return b.buildTraceQuery(ctx, selectFromCTE, keys)
 	case qbtypes.RequestTypeScalar:
-		return b.buildScalarQuery(ctx, selectFromCTE)
+		return b.buildScalarQuery(ctx, selectFromCTE, keys)
 	default:
 		return nil, errors.NewInvalidInputf(errors.CodeInvalidInput, "unsupported request type: %s", requestType)
 	}
 }

-func (b *traceOperatorCTEBuilder) buildListQuery(ctx context.Context, selectFromCTE string) (*qbtypes.Statement, error) {
+func (b *traceOperatorCTEBuilder) buildListQuery(ctx context.Context, selectFromCTE string, keys map[string][]*telemetrytypes.TelemetryFieldKey) (*qbtypes.Statement, error) {
 	sb := sqlbuilder.NewSelectBuilder()

 	// Select core fields
@@ -461,22 +449,6 @@ func (b *traceOperatorCTEBuilder) buildListQuery(ctx context.Context, selectFrom
 		"parent_span_id": true,
 	}

-	// Get keys for selectFields
-	keySelectors := b.getKeySelectors()
-	for _, field := range b.operator.SelectFields {
-		keySelectors = append(keySelectors, &telemetrytypes.FieldKeySelector{
-			Name:          field.Name,
-			Signal:        telemetrytypes.SignalTraces,
-			FieldContext:  field.FieldContext,
-			FieldDataType: field.FieldDataType,
-		})
-	}
-
-	keys, _, err := b.stmtBuilder.metadataStore.GetKeysMulti(ctx, keySelectors)
-	if err != nil {
-		return nil, err
-	}
-
 	// Add selectFields using ColumnExpressionFor since we now have all base table columns
 	for _, field := range b.operator.SelectFields {
 		if selectedFields[field.Name] {
@@ -526,6 +498,22 @@ func (b *traceOperatorCTEBuilder) buildListQuery(ctx context.Context, selectFrom
 	}, nil
 }

+// adjustOperatorKeys merges deprecated trace field definitions into keys and
+// reconciles each operator-level SelectFields/GroupBy/Order key against the
+// keys map, mirroring the per-field portion of adjustTraceKeys.
+func (b *traceOperatorCTEBuilder) adjustOperatorKeys(keys map[string][]*telemetrytypes.TelemetryFieldKey) {
+	mergeDeprecatedTraceKeys(keys)
+	for idx := range b.operator.SelectFields {
+		adjustTraceKey(&b.operator.SelectFields[idx], keys)
+	}
+	for idx := range b.operator.GroupBy {
+		adjustTraceKey(&b.operator.GroupBy[idx].TelemetryFieldKey, keys)
+	}
+	for idx := range b.operator.Order {
+		adjustTraceKey(&b.operator.Order[idx].Key.TelemetryFieldKey, keys)
+	}
+}
+
 func (b *traceOperatorCTEBuilder) getKeySelectors() []*telemetrytypes.FieldKeySelector {
 	var keySelectors []*telemetrytypes.FieldKeySelector

@@ -553,6 +541,15 @@ func (b *traceOperatorCTEBuilder) getKeySelectors() []*telemetrytypes.FieldKeySe
 		})
 	}

+	for _, sf := range b.operator.SelectFields {
+		keySelectors = append(keySelectors, &telemetrytypes.FieldKeySelector{
+			Name:          sf.Name,
+			Signal:        telemetrytypes.SignalTraces,
+			FieldContext:  sf.FieldContext,
+			FieldDataType: sf.FieldDataType,
+		})
+	}
+
 	for i := range keySelectors {
 		keySelectors[i].Signal = telemetrytypes.SignalTraces
 	}
@@ -560,7 +557,7 @@ func (b *traceOperatorCTEBuilder) getKeySelectors() []*telemetrytypes.FieldKeySe
 	return keySelectors
 }

-func (b *traceOperatorCTEBuilder) buildTimeSeriesQuery(ctx context.Context, selectFromCTE string) (*qbtypes.Statement, error) {
+func (b *traceOperatorCTEBuilder) buildTimeSeriesQuery(ctx context.Context, selectFromCTE string, keys map[string][]*telemetrytypes.TelemetryFieldKey) (*qbtypes.Statement, error) {
 	sb := sqlbuilder.NewSelectBuilder()

 	sb.Select(fmt.Sprintf(
@@ -568,12 +565,6 @@ func (b *traceOperatorCTEBuilder) buildTimeSeriesQuery(ctx context.Context, sele
 		int64(b.operator.StepInterval.Seconds()),
 	))

-	keySelectors := b.getKeySelectors()
-	keys, _, err := b.stmtBuilder.metadataStore.GetKeysMulti(ctx, keySelectors)
-	if err != nil {
-		return nil, err
-	}
-
 	var allGroupByArgs []any

 	for _, gb := range b.operator.GroupBy {
@@ -652,8 +643,7 @@ func (b *traceOperatorCTEBuilder) buildTimeSeriesQuery(ctx context.Context, sele
 	combinedArgs := append(allGroupByArgs, allAggChArgs...)

 	// Add HAVING clause if specified
-	err = b.addHavingClause(sb)
-	if err != nil {
+	if err := b.addHavingClause(sb); err != nil {
 		return nil, err
 	}

@@ -680,17 +670,11 @@ func (b *traceOperatorCTEBuilder) buildTraceSummaryCTE(selectFromCTE string) {
 	b.addCTE("trace_summary", sql, args, []string{"all_spans", selectFromCTE})
 }

-func (b *traceOperatorCTEBuilder) buildTraceQuery(ctx context.Context, selectFromCTE string) (*qbtypes.Statement, error) {
+func (b *traceOperatorCTEBuilder) buildTraceQuery(ctx context.Context, selectFromCTE string, keys map[string][]*telemetrytypes.TelemetryFieldKey) (*qbtypes.Statement, error) {
 	b.buildTraceSummaryCTE(selectFromCTE)

 	sb := sqlbuilder.NewSelectBuilder()

-	keySelectors := b.getKeySelectors()
-	keys, _, err := b.stmtBuilder.metadataStore.GetKeysMulti(ctx, keySelectors)
-	if err != nil {
-		return nil, err
-	}
-
 	var allGroupByArgs []any

 	for _, gb := range b.operator.GroupBy {
@@ -772,8 +756,7 @@ func (b *traceOperatorCTEBuilder) buildTraceQuery(ctx context.Context, selectFro
 		sb.GroupBy(groupByKeys...)
 	}

-	err = b.addHavingClause(sb)
-	if err != nil {
+	if err := b.addHavingClause(sb); err != nil {
 		return nil, err
 	}

@@ -829,15 +812,9 @@ func (b *traceOperatorCTEBuilder) buildTraceQuery(ctx context.Context, selectFro
 	}, nil
 }

-func (b *traceOperatorCTEBuilder) buildScalarQuery(ctx context.Context, selectFromCTE string) (*qbtypes.Statement, error) {
+func (b *traceOperatorCTEBuilder) buildScalarQuery(ctx context.Context, selectFromCTE string, keys map[string][]*telemetrytypes.TelemetryFieldKey) (*qbtypes.Statement, error) {
 	sb := sqlbuilder.NewSelectBuilder()

-	keySelectors := b.getKeySelectors()
-	keys, _, err := b.stmtBuilder.metadataStore.GetKeysMulti(ctx, keySelectors)
-	if err != nil {
-		return nil, err
-	}
-
 	var allGroupByArgs []any

 	for _, gb := range b.operator.GroupBy {
@@ -919,8 +896,7 @@ func (b *traceOperatorCTEBuilder) buildScalarQuery(ctx context.Context, selectFr
 	combinedArgs := append(allGroupByArgs, allAggChArgs...)

 	// Add HAVING clause if specified
-	err = b.addHavingClause(sb)
-	if err != nil {
+	if err := b.addHavingClause(sb); err != nil {
 		return nil, err
 	}

--- a/pkg/telemetrytraces/trace_operator_cte_builder_test.go
+++ b/pkg/telemetrytraces/trace_operator_cte_builder_test.go
@@ -385,82 +385,6 @@ func TestTraceOperatorStatementBuilder(t *testing.T) {
 			},
 			expectedErr: nil,
 		},
-		{
-			name:        "returnSpansFrom B: A -> B return B spans filtered by operator",
-			requestType: qbtypes.RequestTypeRaw,
-			operator: qbtypes.QueryBuilderTraceOperator{
-				Expression:      "A -> B",
-				ReturnSpansFrom: "B",
-				Limit:           10,
-			},
-			compositeQuery: &qbtypes.CompositeQuery{
-				Queries: []qbtypes.QueryEnvelope{
-					{
-						Type: qbtypes.QueryTypeBuilder,
-						Spec: qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation]{
-							Name:   "A",
-							Signal: telemetrytypes.SignalTraces,
-							Filter: &qbtypes.Filter{Expression: "service.name = 'gateway'"},
-						},
-					},
-					{
-						Type: qbtypes.QueryTypeBuilder,
-						Spec: qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation]{
-							Name:   "B",
-							Signal: telemetrytypes.SignalTraces,
-							Filter: &qbtypes.Filter{Expression: "service.name = 'database'"},
-						},
-					},
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH toDateTime64(1747947419000000000, 9) AS t_from, toDateTime64(1747983448000000000, 9) AS t_to, 1747945619 AS bucket_from, 1747983448 AS bucket_to, all_spans AS (SELECT *, resource_string_service$$name AS `service.name` FROM signoz_traces.distributed_signoz_index_v3 WHERE timestamp >= ? AND timestamp < ? AND ts_bucket_start >= ? AND ts_bucket_start <= ?), __resource_filter_A AS (SELECT fingerprint FROM signoz_traces.distributed_traces_v3_resource WHERE (simpleJSONExtractString(labels, 'service.name') = ? AND labels LIKE ? AND labels LIKE ?) AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?), A AS (SELECT * FROM signoz_traces.distributed_signoz_index_v3 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter_A) AND timestamp >= ? AND timestamp < ? AND ts_bucket_start >= ? AND ts_bucket_start <= ?), __resource_filter_B AS (SELECT fingerprint FROM signoz_traces.distributed_traces_v3_resource WHERE (simpleJSONExtractString(labels, 'service.name') = ? AND labels LIKE ? AND labels LIKE ?) AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?), B AS (SELECT * FROM signoz_traces.distributed_signoz_index_v3 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter_B) AND timestamp >= ? AND timestamp < ? AND ts_bucket_start >= ? AND ts_bucket_start <= ?), A_INDIR_DESC_B AS (WITH RECURSIVE up AS (SELECT d.trace_id, d.span_id, d.parent_span_id, 0 AS depth FROM B AS d UNION ALL SELECT p.trace_id, p.span_id, p.parent_span_id, up.depth + 1 FROM all_spans AS p JOIN up ON p.trace_id = up.trace_id AND p.span_id = up.parent_span_id WHERE up.depth < 100) SELECT DISTINCT a.* FROM A AS a GLOBAL INNER JOIN (SELECT DISTINCT trace_id, span_id FROM up WHERE depth > 0 ) AS ancestors ON ancestors.trace_id = a.trace_id AND ancestors.span_id = a.span_id), __return_from_B AS (SELECT src.* FROM B AS src INNER JOIN (SELECT DISTINCT trace_id FROM A_INDIR_DESC_B) AS matched_traces ON src.trace_id = matched_traces.trace_id) SELECT timestamp, trace_id, span_id, name, duration_nano, parent_span_id FROM __return_from_B ORDER BY timestamp DESC LIMIT ? SETTINGS distributed_product_mode='allow', max_memory_usage=10000000000",
-				Args:  []any{"1747947419000000000", "1747983448000000000", uint64(1747945619), uint64(1747983448), "gateway", "%service.name%", "%service.name\":\"gateway%", uint64(1747945619), uint64(1747983448), "1747947419000000000", "1747983448000000000", uint64(1747945619), uint64(1747983448), "database", "%service.name%", "%service.name\":\"database%", uint64(1747945619), uint64(1747983448), "1747947419000000000", "1747983448000000000", uint64(1747945619), uint64(1747983448), 10},
-			},
-			expectedErr: nil,
-		},
-		{
-			name:        "returnSpansFrom C: (A -> B) && C return C spans filtered by operator",
-			requestType: qbtypes.RequestTypeRaw,
-			operator: qbtypes.QueryBuilderTraceOperator{
-				Expression:      "(A -> B) && C",
-				ReturnSpansFrom: "C",
-				Limit:           10,
-			},
-			compositeQuery: &qbtypes.CompositeQuery{
-				Queries: []qbtypes.QueryEnvelope{
-					{
-						Type: qbtypes.QueryTypeBuilder,
-						Spec: qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation]{
-							Name:   "A",
-							Signal: telemetrytypes.SignalTraces,
-							Filter: &qbtypes.Filter{Expression: "service.name = 'gateway'"},
-						},
-					},
-					{
-						Type: qbtypes.QueryTypeBuilder,
-						Spec: qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation]{
-							Name:   "B",
-							Signal: telemetrytypes.SignalTraces,
-							Filter: &qbtypes.Filter{Expression: "service.name = 'database'"},
-						},
-					},
-					{
-						Type: qbtypes.QueryTypeBuilder,
-						Spec: qbtypes.QueryBuilderQuery[qbtypes.TraceAggregation]{
-							Name:   "C",
-							Signal: telemetrytypes.SignalTraces,
-							Filter: &qbtypes.Filter{Expression: "service.name = 'auth'"},
-						},
-					},
-				},
-			},
-			expected: qbtypes.Statement{
-				Query: "WITH toDateTime64(1747947419000000000, 9) AS t_from, toDateTime64(1747983448000000000, 9) AS t_to, 1747945619 AS bucket_from, 1747983448 AS bucket_to, all_spans AS (SELECT *, resource_string_service$$name AS `service.name` FROM signoz_traces.distributed_signoz_index_v3 WHERE timestamp >= ? AND timestamp < ? AND ts_bucket_start >= ? AND ts_bucket_start <= ?), __resource_filter_A AS (SELECT fingerprint FROM signoz_traces.distributed_traces_v3_resource WHERE (simpleJSONExtractString(labels, 'service.name') = ? AND labels LIKE ? AND labels LIKE ?) AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?), A AS (SELECT * FROM signoz_traces.distributed_signoz_index_v3 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter_A) AND timestamp >= ? AND timestamp < ? AND ts_bucket_start >= ? AND ts_bucket_start <= ?), __resource_filter_B AS (SELECT fingerprint FROM signoz_traces.distributed_traces_v3_resource WHERE (simpleJSONExtractString(labels, 'service.name') = ? AND labels LIKE ? AND labels LIKE ?) AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?), B AS (SELECT * FROM signoz_traces.distributed_signoz_index_v3 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter_B) AND timestamp >= ? AND timestamp < ? AND ts_bucket_start >= ? AND ts_bucket_start <= ?), A_INDIR_DESC_B AS (WITH RECURSIVE up AS (SELECT d.trace_id, d.span_id, d.parent_span_id, 0 AS depth FROM B AS d UNION ALL SELECT p.trace_id, p.span_id, p.parent_span_id, up.depth + 1 FROM all_spans AS p JOIN up ON p.trace_id = up.trace_id AND p.span_id = up.parent_span_id WHERE up.depth < 100) SELECT DISTINCT a.* FROM A AS a GLOBAL INNER JOIN (SELECT DISTINCT trace_id, span_id FROM up WHERE depth > 0 ) AS ancestors ON ancestors.trace_id = a.trace_id AND ancestors.span_id = a.span_id), __resource_filter_C AS (SELECT fingerprint FROM signoz_traces.distributed_traces_v3_resource WHERE (simpleJSONExtractString(labels, 'service.name') = ? AND labels LIKE ? AND labels LIKE ?) AND seen_at_ts_bucket_start >= ? AND seen_at_ts_bucket_start <= ?), C AS (SELECT * FROM signoz_traces.distributed_signoz_index_v3 WHERE resource_fingerprint GLOBAL IN (SELECT fingerprint FROM __resource_filter_C) AND timestamp >= ? AND timestamp < ? AND ts_bucket_start >= ? AND ts_bucket_start <= ?), A_INDIR_DESC_B_AND_C AS (SELECT l.* FROM A_INDIR_DESC_B AS l INNER JOIN C AS r ON l.trace_id = r.trace_id), __return_from_C AS (SELECT src.* FROM C AS src INNER JOIN (SELECT DISTINCT trace_id FROM A_INDIR_DESC_B_AND_C) AS matched_traces ON src.trace_id = matched_traces.trace_id) SELECT timestamp, trace_id, span_id, name, duration_nano, parent_span_id FROM __return_from_C ORDER BY timestamp DESC LIMIT ? SETTINGS distributed_product_mode='allow', max_memory_usage=10000000000",
-				Args:  []any{"1747947419000000000", "1747983448000000000", uint64(1747945619), uint64(1747983448), "gateway", "%service.name%", "%service.name\":\"gateway%", uint64(1747945619), uint64(1747983448), "1747947419000000000", "1747983448000000000", uint64(1747945619), uint64(1747983448), "database", "%service.name%", "%service.name\":\"database%", uint64(1747945619), uint64(1747983448), "1747947419000000000", "1747983448000000000", uint64(1747945619), uint64(1747983448), "auth", "%service.name%", "%service.name\":\"auth%", uint64(1747945619), uint64(1747983448), "1747947419000000000", "1747983448000000000", uint64(1747945619), uint64(1747983448), 10},
-			},
-			expectedErr: nil,
-		},
 	}

 	fm := NewFieldMapper()
--- a/tests/fixtures/querier.py
+++ b/tests/fixtures/querier.py
@@ -72,7 +72,6 @@ class TraceOperatorQuery:
    return_spans_from: str | None = None
    limit: int | None = None
    order: list[OrderBy] | None = None
-    select_fields: list[TelemetryFieldKey] | None = None

    def to_dict(self) -> dict:
        spec: dict[str, Any] = {
@@ -85,8 +84,6 @@ class TraceOperatorQuery:
            spec["limit"] = self.limit
        if self.order:
            spec["order"] = [o.to_dict() if hasattr(o, "to_dict") else o for o in self.order]
-        if self.select_fields:
-            spec["selectFields"] = [f.to_dict() for f in self.select_fields]
        return {"type": "builder_trace_operator", "spec": spec}


--- a/tests/integration/tests/querier/04_traces.py
+++ b/tests/integration/tests/querier/04_traces.py
@@ -693,6 +693,134 @@ def test_traces_list_with_corrupt_data(
                assert data[key] == value


+@pytest.mark.parametrize(
+    "payload,status_code,results",
+    [
+        # Case 1: builder CTE filters use deprecated intrinsic field durationNano
+        pytest.param(
+            [
+                {
+                    "type": "builder_query",
+                    "spec": {
+                        "name": "A",
+                        "signal": "traces",
+                        "disabled": True,
+                        "filter": {"expression": 'durationNano = "3s"'},
+                    },
+                },
+                {
+                    "type": "builder_query",
+                    "spec": {
+                        "name": "B",
+                        "signal": "traces",
+                        "disabled": True,
+                        "filter": {"expression": 'durationNano = "5s"'},
+                    },
+                },
+                {
+                    "type": "builder_trace_operator",
+                    "spec": {
+                        "name": "C",
+                        "expression": "A => B",
+                        "limit": 1,
+                    },
+                },
+            ],
+            HTTPStatus.OK,
+            lambda x: {
+                "duration_nano": x[0].duration_nano,
+                "name": x[0].name,
+                "parent_span_id": x[0].parent_span_id,
+                "span_id": x[0].span_id,
+                "timestamp": format_timestamp(x[0].timestamp),
+                "trace_id": x[0].trace_id,
+            },  # type: Callable[[List[Traces]], Dict[str, Any]]
+        ),
+        # Case 2: builder CTE filter uses deprecated calculated field responseStatusCode
+        pytest.param(
+            [
+                {
+                    "type": "builder_query",
+                    "spec": {
+                        "name": "A",
+                        "signal": "traces",
+                        "disabled": True,
+                        "filter": {"expression": 'responseStatusCode = "200"'},
+                    },
+                },
+                {
+                    "type": "builder_query",
+                    "spec": {
+                        "name": "B",
+                        "signal": "traces",
+                        "disabled": True,
+                        "filter": {"expression": 'durationNano = "5s"'},
+                    },
+                },
+                {
+                    "type": "builder_trace_operator",
+                    "spec": {
+                        "name": "C",
+                        "expression": "A => B",
+                        "limit": 1,
+                    },
+                },
+            ],
+            HTTPStatus.OK,
+            lambda x: {
+                "duration_nano": x[0].duration_nano,
+                "name": x[0].name,
+                "parent_span_id": x[0].parent_span_id,
+                "span_id": x[0].span_id,
+                "timestamp": format_timestamp(x[0].timestamp),
+                "trace_id": x[0].trace_id,
+            },  # type: Callable[[List[Traces]], Dict[str, Any]]
+        ),
+    ],
+)
+def test_traces_operator_cte_with_adjusted_keys(
+    signoz: types.SigNoz,
+    create_user_admin: None,  # pylint: disable=unused-argument
+    get_token: Callable[[str, str], str],
+    insert_traces: Callable[[list[Traces]], None],
+    payload: list[dict[str, Any]],
+    status_code: HTTPStatus,
+    results: Callable[[list[Traces]], dict[str, Any]],
+) -> None:
+    """
+    Trace operators compile each referenced disabled builder query into a CTE.
+    Those CTE filters must adjust deprecated trace keys before preparing the
+    where clause, otherwise these payloads fail with "key not found".
+    """
+    traces = generate_traces_with_corrupt_metadata()
+    insert_traces(traces)
+
+    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = make_query_request(
+        signoz,
+        token,
+        start_ms=int((datetime.now(tz=UTC) - timedelta(minutes=5)).timestamp() * 1000),
+        end_ms=int(datetime.now(tz=UTC).timestamp() * 1000),
+        request_type="raw",
+        queries=payload,
+    )
+
+    assert response.status_code == status_code, response.text
+
+    if response.status_code == HTTPStatus.OK:
+        operator_result = find_named_result(response.json()["data"]["data"]["results"], "C")
+        assert operator_result is not None
+        rows = operator_result["rows"]
+        if not results(traces):
+            assert rows is None
+        else:
+            assert rows is not None
+            data = rows[0]["data"]
+            for key, value in results(traces).items():
+                assert data[key] == value
+
+
@pytest.mark.parametrize(
    "order_by,aggregation_alias,expected_status",
    [
--- a/tests/integration/tests/querier/15_trace_operator.py
+++ b/tests/integration/tests/querier/15_trace_operator.py
@@ -1,483 +0,0 @@
-"""
-Integration tests for TraceOperatorQuery (builder_trace_operator) through the
-/api/v5/query_range endpoint.
-
-Covers:
-1. Basic trace operator (A => B) — returns matched spans from the correct trace.
-2. Order by a field absent from selectFields — must not return a server error.
-   Guards against the ClickHouse NOT_FOUND_COLUMN_IN_BLOCK regression where
-   ordering by a column absent from an outer SELECT caused a query failure.
-3. Expression operators (=>, ->, &&, ||, A NOT B) with and without returnSpansFrom.
-"""
-
-from collections.abc import Callable
-from dataclasses import dataclass, field
-from datetime import UTC, datetime, timedelta
-from http import HTTPStatus
-
-import pytest
-
-from fixtures import types
-from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
-from fixtures.querier import (
-    OrderBy,
-    TelemetryFieldKey,
-    TraceOperatorQuery,
-    make_query_request,
-)
-from fixtures.traces import TraceIdGenerator, Traces, TracesKind, TracesStatusCode
-
-# ---------------------------------------------------------------------------
-# Shared helpers
-# ---------------------------------------------------------------------------
-
-
-@dataclass
-class _SpanDef:
-    """Span spec relative to 'now'. parent_idx=-1 for root spans."""
-
-    name: str
-    service: str
-    op_type: str
-    duration_s: int
-    time_offset_s: int
-    parent_idx: int = -1
-    extra_attrs: dict = field(default_factory=dict)
-
-
-def _build_trace(now: datetime, trace_id: str, spans: list[_SpanDef]) -> list[Traces]:
-    span_ids = [TraceIdGenerator.span_id() for _ in spans]
-    result = []
-    for defn, span_id in zip(spans, span_ids):
-        parent_id = "" if defn.parent_idx < 0 else span_ids[defn.parent_idx]
-        kind = TracesKind.SPAN_KIND_SERVER if defn.parent_idx < 0 else TracesKind.SPAN_KIND_INTERNAL
-        result.append(
-            Traces(
-                timestamp=now - timedelta(seconds=defn.time_offset_s),
-                duration=timedelta(seconds=defn.duration_s),
-                trace_id=trace_id,
-                span_id=span_id,
-                parent_span_id=parent_id,
-                name=defn.name,
-                kind=kind,
-                status_code=TracesStatusCode.STATUS_CODE_OK,
-                status_message="",
-                resources={"service.name": defn.service},
-                attributes={"operation.type": defn.op_type, **defn.extra_attrs},
-            )
-        )
-    return result
-
-
-def _builder_query(name: str, filter_expr: str, limit: int = 100) -> dict:
-    return {
-        "type": "builder_query",
-        "spec": {
-            "name": name,
-            "signal": "traces",
-            "filter": {"expression": filter_expr},
-            "limit": limit,
-        },
-    }
-
-
-# ---------------------------------------------------------------------------
-# Order-by variants
-# ---------------------------------------------------------------------------
-# Each case uses a unique op_type prefix so spans inserted by earlier
-# parametrize runs (shared DB session) are never picked up by later ones.
-
-
-@dataclass
-class _OrderByCase:
-    id: str
-    trace1_spans: list[_SpanDef]
-    trace2_spans: list[_SpanDef]
-    filter_a: str
-    filter_b: str
-    expression: str
-    select_fields: list[TelemetryFieldKey] | None
-    order: list[OrderBy]
-    expected_rows: list[dict]  # ordered; each dict is a partial match against row data
-
-
-_ORDER_BY_CASES: list[_OrderByCase] = [
-    # Order by attribute absent from selectFields — NOT_FOUND_COLUMN_IN_BLOCK regression guard.
-    _OrderByCase(
-        id="field_not_in_select",
-        trace1_spans=[
-            _SpanDef("fnis-gp", "svc-a", "fnis-grandparent", 5, 10, extra_attrs={"http.method": "POST"}),
-            _SpanDef("fnis-mid", "svc-a", "fnis-middle", 3, 9, parent_idx=0),
-            _SpanDef("fnis-gc", "svc-a", "fnis-grandchild", 1, 8, parent_idx=1),
-        ],
-        trace2_spans=[
-            _SpanDef("fnis-gp", "svc-b", "fnis-grandparent", 5, 7, extra_attrs={"http.method": "GET"}),
-            _SpanDef("fnis-mid", "svc-b", "fnis-middle", 3, 6, parent_idx=0),
-            _SpanDef("fnis-gc", "svc-b", "fnis-grandchild", 1, 5, parent_idx=1),
-        ],
-        filter_a="operation.type = 'fnis-grandparent'",
-        filter_b="operation.type = 'fnis-grandchild'",
-        expression="A -> B",
-        select_fields=[TelemetryFieldKey(name="service.name", field_data_type="string", field_context="resource")],
-        order=[
-            OrderBy(
-                key=TelemetryFieldKey(name="http.method", field_data_type="string", field_context="attribute"),
-                direction="desc",
-            )
-        ],
-        # POST > GET in DESC → svc-a first
-        expected_rows=[{"service.name": "svc-a"}, {"service.name": "svc-b"}],
-    ),
-    # Order by a core span field (duration_nano) with no explicit selectFields.
-    _OrderByCase(
-        id="core_span_field",
-        trace1_spans=[
-            _SpanDef("csf-parent-long", "svc-long", "csf-parent", 5, 10),
-            _SpanDef("csf-child-long", "svc-long", "csf-child", 1, 9, parent_idx=0),
-        ],
-        trace2_spans=[
-            _SpanDef("csf-parent-short", "svc-short", "csf-parent", 1, 8),
-            _SpanDef("csf-child-short", "svc-short", "csf-child", 1, 7, parent_idx=0),
-        ],
-        filter_a="operation.type = 'csf-parent'",
-        filter_b="operation.type = 'csf-child'",
-        expression="A => B",
-        select_fields=None,
-        order=[OrderBy(key=TelemetryFieldKey(name="duration_nano", field_context="span"), direction="desc")],
-        # 5 s parent first, 1 s parent second
-        expected_rows=[{"name": "csf-parent-long"}, {"name": "csf-parent-short"}],
-    ),
-    # Order by a non-core attribute that IS in selectFields — checks ordering and field presence.
-    _OrderByCase(
-        id="non_core_field_in_select",
-        trace1_spans=[
-            _SpanDef("ncis-parent-post", "svc-post", "ncis-parent", 3, 10, extra_attrs={"http.method": "POST"}),
-            _SpanDef("ncis-child-post", "svc-post", "ncis-child", 1, 9, parent_idx=0),
-        ],
-        trace2_spans=[
-            _SpanDef("ncis-parent-get", "svc-get", "ncis-parent", 3, 8, extra_attrs={"http.method": "GET"}),
-            _SpanDef("ncis-child-get", "svc-get", "ncis-child", 1, 7, parent_idx=0),
-        ],
-        filter_a="operation.type = 'ncis-parent'",
-        filter_b="operation.type = 'ncis-child'",
-        expression="A => B",
-        select_fields=[TelemetryFieldKey(name="http.method", field_data_type="string", field_context="attribute")],
-        order=[
-            OrderBy(
-                key=TelemetryFieldKey(name="http.method", field_data_type="string", field_context="attribute"),
-                direction="desc",
-            )
-        ],
-        # POST > GET in DESC; http.method must appear in both rows (it is in selectFields)
-        expected_rows=[{"http.method": "POST"}, {"http.method": "GET"}],
-    ),
-]
-
-
-@pytest.mark.parametrize("case", [pytest.param(c, id=c.id) for c in _ORDER_BY_CASES])
-def test_trace_operator_query_order_by(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-    insert_traces: Callable[[list[Traces]], None],
-    case: _OrderByCase,
-) -> None:
-    """
-    Verifies that trace operator queries honour the order-by clause.
-
-    Cases:
-    - field_not_in_select: order by attribute absent from selectFields
-      (NOT_FOUND_COLUMN_IN_BLOCK regression guard).
-    - core_span_field: order by duration_nano with no explicit selectFields.
-    - non_core_field_in_select: order by attribute present in selectFields.
-    """
-    now = datetime.now(tz=UTC).replace(second=0, microsecond=0)
-    trace_id_1 = TraceIdGenerator.trace_id()
-    trace_id_2 = TraceIdGenerator.trace_id()
-
-    insert_traces(_build_trace(now, trace_id_1, case.trace1_spans) + _build_trace(now, trace_id_2, case.trace2_spans) + _build_trace(now, TraceIdGenerator.trace_id(), [_SpanDef("noise-span", "svc-noise", "noise-op", 1, 2)]))
-
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    start_ms = int((now - timedelta(minutes=5)).timestamp() * 1000)
-    end_ms = int(now.timestamp() * 1000)
-
-    response = make_query_request(
-        signoz,
-        token,
-        start_ms=start_ms,
-        end_ms=end_ms,
-        request_type="raw",
-        queries=[
-            _builder_query("A", case.filter_a),
-            _builder_query("B", case.filter_b),
-            TraceOperatorQuery(
-                name="C",
-                expression=case.expression,
-                return_spans_from="A",
-                limit=100,
-                select_fields=case.select_fields,
-                order=case.order,
-            ).to_dict(),
-        ],
-    )
-
-    assert response.status_code == HTTPStatus.OK, response.text
-    assert response.json()["status"] == "success"
-
-    results = response.json()["data"]["data"]["results"]
-    assert len(results) == 1
-    rows = results[0].get("rows") or []
-    assert len(rows) == len(case.expected_rows)
-
-    for i, (row, expected) in enumerate(zip(rows, case.expected_rows)):
-        for key, value in expected.items():
-            assert row["data"].get(key) == value, f"[{case.id}] row {i}: expected {key}={value!r}, got {row['data'].get(key)!r}"
-
-
-# ---------------------------------------------------------------------------
-# Operator × returnSpansFrom matrix
-# ---------------------------------------------------------------------------
-# Each case uses a unique op_type prefix so DB rows from earlier parametrize
-# runs never contaminate later ones (the session-level ClickHouse is shared).
-#
-# Operators tested: => -> && || (A NOT B)
-# For each operator two cases:
-#   "default"  — returnSpansFrom="" → result comes from the expression's root CTE
-#   "return_A" — returnSpansFrom="A" → result comes from the A sub-query CTE
-#
-# Root-CTE semantics:
-#   =>        A spans that have a DIRECT child matching B
-#   ->        A spans that are ancestors of any B span
-#   &&        A spans from traces that also contain a B span
-#   ||        UNION of A spans and B spans
-#   A NOT B   A spans from traces that contain no B span
-
-
-@dataclass
-class _ExprCase:
-    id: str
-    traces: list[list[_SpanDef]]  # one inner list per trace
-    filter_a: str
-    filter_b: str
-    expression: str
-    return_spans_from: str  # "" → use expression root CTE
-    expected_names: set[str]  # span.name values that must appear (exact set)
-
-
-_EXPR_CASES: list[_ExprCase] = [
-    # ── A => B (direct child) ────────────────────────────────────────────────
-    # "default": root CTE = A spans that have a direct B child
-    _ExprCase(
-        id="direct_child_default",
-        traces=[
-            [
-                _SpanDef("dcd-root", "svc-dcd-a", "dcd-root", 5, 10),
-                _SpanDef("dcd-leaf", "svc-dcd-a", "dcd-leaf", 2, 9, parent_idx=0),
-            ],
-            [_SpanDef("dcd-root-only", "svc-dcd-b", "dcd-root", 2, 7)],  # A but no B child
-        ],
-        filter_a="operation.type = 'dcd-root'",
-        filter_b="operation.type = 'dcd-leaf'",
-        expression="A => B",
-        return_spans_from="",
-        expected_names={"dcd-root"},  # only the root that HAS a direct child
-    ),
-    # "return_A": returns ALL A spans, bypassing the expression filter
-    _ExprCase(
-        id="direct_child_return_A",
-        traces=[
-            [
-                _SpanDef("dca-root", "svc-dca-a", "dca-root", 5, 10),
-                _SpanDef("dca-leaf", "svc-dca-a", "dca-leaf", 2, 9, parent_idx=0),
-            ],
-            [_SpanDef("dca-root-only", "svc-dca-b", "dca-root", 2, 7)],
-        ],
-        filter_a="operation.type = 'dca-root'",
-        filter_b="operation.type = 'dca-leaf'",
-        expression="A => B",
-        return_spans_from="A",
-        expected_names={"dca-root", "dca-root-only"},
-    ),
-    # ── A -> B (indirect descendant) ─────────────────────────────────────────
-    _ExprCase(
-        id="indirect_descendant_default",
-        traces=[
-            [
-                _SpanDef("idd-gp", "svc-idd-a", "idd-gp", 5, 10),
-                _SpanDef("idd-mid", "svc-idd-a", "idd-mid", 3, 9, parent_idx=0),
-                _SpanDef("idd-gc", "svc-idd-a", "idd-gc", 1, 8, parent_idx=1),
-            ],
-            [_SpanDef("idd-gp-only", "svc-idd-b", "idd-gp", 2, 7)],  # A but no B descendant
-        ],
-        filter_a="operation.type = 'idd-gp'",
-        filter_b="operation.type = 'idd-gc'",
-        expression="A -> B",
-        return_spans_from="",
-        expected_names={"idd-gp"},
-    ),
-    _ExprCase(
-        id="indirect_descendant_return_A",
-        traces=[
-            [
-                _SpanDef("ida-gp", "svc-ida-a", "ida-gp", 5, 10),
-                _SpanDef("ida-mid", "svc-ida-a", "ida-mid", 3, 9, parent_idx=0),
-                _SpanDef("ida-gc", "svc-ida-a", "ida-gc", 1, 8, parent_idx=1),
-            ],
-            [_SpanDef("ida-gp-only", "svc-ida-b", "ida-gp", 2, 7)],
-        ],
-        filter_a="operation.type = 'ida-gp'",
-        filter_b="operation.type = 'ida-gc'",
-        expression="A -> B",
-        return_spans_from="A",
-        expected_names={"ida-gp", "ida-gp-only"},
-    ),
-    # ── A && B ────────────────────────────────────────────────────────────────
-    _ExprCase(
-        id="and_default",
-        traces=[
-            [
-                _SpanDef("and-root", "svc-and-a", "and-root", 5, 10),
-                _SpanDef("and-leaf", "svc-and-a", "and-leaf", 2, 9, parent_idx=0),
-            ],
-            [_SpanDef("and-root-only", "svc-and-b", "and-root", 2, 7)],  # A but no B in trace
-        ],
-        filter_a="operation.type = 'and-root'",
-        filter_b="operation.type = 'and-leaf'",
-        expression="A && B",
-        return_spans_from="",
-        expected_names={"and-root"},  # A from traces that also contain B
-    ),
-    _ExprCase(
-        id="and_return_A",
-        traces=[
-            [
-                _SpanDef("ana-root", "svc-ana-a", "ana-root", 5, 10),
-                _SpanDef("ana-leaf", "svc-ana-a", "ana-leaf", 2, 9, parent_idx=0),
-            ],
-            [_SpanDef("ana-root-only", "svc-ana-b", "ana-root", 2, 7)],
-        ],
-        filter_a="operation.type = 'ana-root'",
-        filter_b="operation.type = 'ana-leaf'",
-        expression="A && B",
-        return_spans_from="A",
-        expected_names={"ana-root", "ana-root-only"},
-    ),
-    # ── A || B ────────────────────────────────────────────────────────────────
-    _ExprCase(
-        id="or_default",
-        traces=[
-            [_SpanDef("ord-a-span", "svc-ord-a", "ord-a", 5, 10)],
-            [_SpanDef("ord-b-span", "svc-ord-b", "ord-b", 2, 7)],
-        ],
-        filter_a="operation.type = 'ord-a'",
-        filter_b="operation.type = 'ord-b'",
-        expression="A || B",
-        return_spans_from="",
-        expected_names={"ord-a-span", "ord-b-span"},  # UNION of both A and B
-    ),
-    _ExprCase(
-        id="or_return_A",
-        traces=[
-            [_SpanDef("ora-a-span", "svc-ora-a", "ora-a", 5, 10)],
-            [_SpanDef("ora-b-span", "svc-ora-b", "ora-b", 2, 7)],
-        ],
-        filter_a="operation.type = 'ora-a'",
-        filter_b="operation.type = 'ora-b'",
-        expression="A || B",
-        return_spans_from="A",
-        expected_names={"ora-a-span"},
-    ),
-    # ── A NOT B (binary not) ──────────────────────────────────────────────────
-    # Unary NOT A is skipped: its root CTE reads from all_spans (unbounded by
-    # filter), making row counts non-deterministic across a shared test session.
-    _ExprCase(
-        id="not_binary_default",
-        traces=[
-            [
-                _SpanDef("nbd-root-with-child", "svc-nbd-a", "nbd-root", 5, 10),
-                _SpanDef("nbd-child", "svc-nbd-a", "nbd-child", 2, 9, parent_idx=0),
-            ],
-            [_SpanDef("nbd-root-no-child", "svc-nbd-b", "nbd-root", 2, 7)],  # A, no B
-        ],
-        filter_a="operation.type = 'nbd-root'",
-        filter_b="operation.type = 'nbd-child'",
-        expression="A NOT B",
-        return_spans_from="",
-        expected_names={"nbd-root-no-child"},  # A from traces that have no B
-    ),
-    _ExprCase(
-        id="not_binary_return_A",
-        traces=[
-            [
-                _SpanDef("nba-root-with-child", "svc-nba-a", "nba-root", 5, 10),
-                _SpanDef("nba-child", "svc-nba-a", "nba-child", 2, 9, parent_idx=0),
-            ],
-            [_SpanDef("nba-root-no-child", "svc-nba-b", "nba-root", 2, 7)],
-        ],
-        filter_a="operation.type = 'nba-root'",
-        filter_b="operation.type = 'nba-child'",
-        expression="A NOT B",
-        return_spans_from="A",
-        expected_names={"nba-root-with-child", "nba-root-no-child"},  # ALL A spans
-    ),
-]
-
-
-@pytest.mark.parametrize("case", [pytest.param(c, id=c.id) for c in _EXPR_CASES])
-def test_trace_operator_expressions(
-    signoz: types.SigNoz,
-    create_user_admin: None,  # pylint: disable=unused-argument
-    get_token: Callable[[str, str], str],
-    insert_traces: Callable[[list[Traces]], None],
-    case: _ExprCase,
-) -> None:
-    """
-    Matrix of expression operators × returnSpansFrom settings.
-
-    For each operator (=>, ->, &&, ||, A NOT B) two cases verify:
-    - default (returnSpansFrom=""): result comes from the expression's root CTE,
-      so only spans satisfying the full structural predicate are returned.
-    - return_A (returnSpansFrom="A"): result comes from the raw A sub-query CTE,
-      bypassing the structural filter, returning ALL spans matching filter A.
-    """
-    now = datetime.now(tz=UTC).replace(second=0, microsecond=0)
-
-    all_spans: list[Traces] = []
-    for span_defs in case.traces:
-        all_spans.extend(_build_trace(now, TraceIdGenerator.trace_id(), span_defs))
-    # Noise: op_type "noise-op" matches no filter in any case; surfacing it would
-    # mean a filter regression, which the set-equality assertion below would catch.
-    all_spans.extend(_build_trace(now, TraceIdGenerator.trace_id(), [_SpanDef("noise-span", "svc-noise", "noise-op", 1, 2)]))
-    insert_traces(all_spans)
-
-    token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
-    start_ms = int((now - timedelta(minutes=5)).timestamp() * 1000)
-    end_ms = int(now.timestamp() * 1000)
-
-    response = make_query_request(
-        signoz,
-        token,
-        start_ms=start_ms,
-        end_ms=end_ms,
-        request_type="raw",
-        queries=[
-            _builder_query("A", case.filter_a),
-            _builder_query("B", case.filter_b),
-            TraceOperatorQuery(
-                name="C",
-                expression=case.expression,
-                return_spans_from=case.return_spans_from,
-                limit=100,
-            ).to_dict(),
-        ],
-    )
-
-    assert response.status_code == HTTPStatus.OK, response.text
-    assert response.json()["status"] == "success"
-
-    results = response.json()["data"]["data"]["results"]
-    assert len(results) == 1
-    rows = results[0].get("rows") or []
-
-    actual_names = {row["data"]["name"] for row in rows}
-    assert actual_names == case.expected_names, f"[{case.id}] expected spans {case.expected_names}, got {actual_names}"