chore: tf testing

Signed-off-by: Shivanshu Raj Shrivastava <shivanshu1333@gmail.com>
chore: tf testing
2025-04-29 15:57:41 +05:30 · 2025-04-29 15:49:35 +05:30
2920 changed files with 92158 additions and 377932 deletions
--- a/.devenv/docker/clickhouse/compose.yaml
+++ b/.devenv/docker/clickhouse/compose.yaml
@@ -1,6 +1,7 @@
 services:
+
  clickhouse:
-    image: clickhouse/clickhouse-server:25.10.1
+    image: clickhouse/clickhouse-server:24.1.2-alpine
    container_name: clickhouse
    volumes:
      - ${PWD}/fs/etc/clickhouse-server/config.d/config.xml:/etc/clickhouse-server/config.d/config.xml
@@ -23,10 +24,9 @@ services:
      retries: 3
    depends_on:
      - zookeeper
-    environment:
-      - CLICKHOUSE_SKIP_USER_SETUP=1
+
  zookeeper:
-    image: signoz/zookeeper:3.7.1
+    image: bitnami/zookeeper:3.7.1
    container_name: zookeeper
    volumes:
      - ${PWD}/fs/tmp/zookeeper:/bitnami/zookeeper
@@ -41,8 +41,9 @@ services:
      interval: 30s
      timeout: 5s
      retries: 3
+
  schema-migrator-sync:
-    image: signoz/signoz-schema-migrator:v0.129.12
+    image: signoz/signoz-schema-migrator:0.111.29
    container_name: schema-migrator-sync
    command:
      - sync
@@ -54,8 +55,9 @@ services:
      clickhouse:
        condition: service_healthy
    restart: on-failure
+
  schema-migrator-async:
-    image: signoz/signoz-schema-migrator:v0.129.12
+    image: signoz/signoz-schema-migrator:0.111.29
    container_name: schema-migrator-async
    command:
      - async
--- a/.devenv/docker/signoz-otel-collector/compose.yaml
+++ b/.devenv/docker/signoz-otel-collector/compose.yaml
@@ -1,29 +0,0 @@
-services:
-  signoz-otel-collector:
-    image: signoz/signoz-otel-collector:v0.129.6
-    container_name: signoz-otel-collector-dev
-    command:
-      - --config=/etc/otel-collector-config.yaml
-      - --feature-gates=-pkg.translator.prometheus.NormalizeName
-    volumes:
-      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml
-    environment:
-      - OTEL_RESOURCE_ATTRIBUTES=host.name=signoz-host,os.type=linux
-      - LOW_CARDINAL_EXCEPTION_GROUPING=false
-    ports:
-      - "4317:4317" # OTLP gRPC receiver
-      - "4318:4318" # OTLP HTTP receiver
-      - "13133:13133" # health check extension
-    healthcheck:
-      test:
-        - CMD
-        - wget
-        - --spider
-        - -q
-        - localhost:13133
-      interval: 30s
-      timeout: 5s
-      retries: 3
-    restart: unless-stopped
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
--- a/.devenv/docker/signoz-otel-collector/otel-collector-config.yaml
+++ b/.devenv/docker/signoz-otel-collector/otel-collector-config.yaml
@@ -1,96 +0,0 @@
-receivers:
-  otlp:
-    protocols:
-      grpc:
-        endpoint: 0.0.0.0:4317
-      http:
-        endpoint: 0.0.0.0:4318
-  prometheus:
-    config:
-      global:
-        scrape_interval: 60s
-      scrape_configs:
-        - job_name: otel-collector
-          static_configs:
-          - targets:
-              - localhost:8888
-            labels:
-              job_name: otel-collector
-
-processors:
-  batch:
-    send_batch_size: 10000
-    send_batch_max_size: 11000
-    timeout: 10s
-  resourcedetection:
-    # Using OTEL_RESOURCE_ATTRIBUTES envvar, env detector adds custom labels.
-    detectors: [env, system]
-    timeout: 2s
-  signozspanmetrics/delta:
-    metrics_exporter: signozclickhousemetrics
-    metrics_flush_interval: 60s
-    latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
-    dimensions_cache_size: 100000
-    aggregation_temporality: AGGREGATION_TEMPORALITY_DELTA
-    enable_exp_histogram: true
-    dimensions:
-      - name: service.namespace
-        default: default
-      - name: deployment.environment
-        default: default
-      # This is added to ensure the uniqueness of the timeseries
-      # Otherwise, identical timeseries produced by multiple replicas of
-      # collectors result in incorrect APM metrics
-      - name: signoz.collector.id
-      - name: service.version
-      - name: browser.platform
-      - name: browser.mobile
-      - name: k8s.cluster.name
-      - name: k8s.node.name
-      - name: k8s.namespace.name
-      - name: host.name
-      - name: host.type
-      - name: container.name
-
-extensions:
-  health_check:
-    endpoint: 0.0.0.0:13133
-  pprof:
-    endpoint: 0.0.0.0:1777
-
-exporters:
-  clickhousetraces:
-    datasource: tcp://host.docker.internal:9000/signoz_traces
-    low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
-    use_new_schema: true
-  signozclickhousemetrics:
-    dsn: tcp://host.docker.internal:9000/signoz_metrics
-  clickhouselogsexporter:
-    dsn: tcp://host.docker.internal:9000/signoz_logs
-    timeout: 10s
-    use_new_schema: true
-
-service:
-  telemetry:
-    logs:
-      encoding: json
-  extensions:
-    - health_check
-    - pprof
-  pipelines:
-    traces:
-      receivers: [otlp]
-      processors: [signozspanmetrics/delta, batch]
-      exporters: [clickhousetraces]
-    metrics:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [signozclickhousemetrics]
-    metrics/prometheus:
-      receivers: [prometheus]
-      processors: [batch]
-      exporters: [signozclickhousemetrics]
-    logs:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [clickhouselogsexporter]
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -2,90 +2,12 @@
 # Owners are automatically requested for review for PRs that changes code
 # that they own.

-/frontend/ @YounixM @aks07
+/frontend/ @YounixM
 /frontend/src/container/MetricsApplication @srikanthccv
 /frontend/src/container/NewWidget/RightContainer/types.ts @srikanthccv
-
-# Onboarding
-/frontend/src/container/OnboardingV2Container/onboarding-configs/onboarding-config-with-links.json @makeavish
-/frontend/src/container/OnboardingV2Container/AddDataSource/AddDataSource.tsx @makeavish
-
-# Dashboard, Alert, Metrics, Service Map, Services
-/frontend/src/container/ListOfDashboard/ @srikanthccv
-/frontend/src/container/NewDashboard/ @srikanthccv
-/frontend/src/pages/DashboardsListPage/ @srikanthccv
-/frontend/src/pages/DashboardWidget/ @srikanthccv
-/frontend/src/pages/NewDashboard/ @srikanthccv
-/frontend/src/providers/Dashboard/ @srikanthccv
-
-# Alerts
-/frontend/src/container/AlertHistory/ @srikanthccv
-/frontend/src/container/AllAlertChannels/ @srikanthccv
-/frontend/src/container/AnomalyAlertEvaluationView/ @srikanthccv
-/frontend/src/container/CreateAlertChannels/ @srikanthccv
-/frontend/src/container/CreateAlertRule/ @srikanthccv
-/frontend/src/container/EditAlertChannels/ @srikanthccv
-/frontend/src/container/FormAlertChannels/ @srikanthccv
-/frontend/src/container/FormAlertRules/ @srikanthccv
-/frontend/src/container/ListAlertRules/ @srikanthccv
-/frontend/src/container/TriggeredAlerts/ @srikanthccv
-/frontend/src/pages/AlertChannelCreate/ @srikanthccv
-/frontend/src/pages/AlertDetails/ @srikanthccv
-/frontend/src/pages/AlertHistory/ @srikanthccv
-/frontend/src/pages/AlertList/ @srikanthccv
-/frontend/src/pages/CreateAlert/ @srikanthccv
-/frontend/src/providers/Alert.tsx @srikanthccv
-
-# Metrics
-/frontend/src/container/MetricsExplorer/ @srikanthccv
-/frontend/src/pages/MetricsApplication/ @srikanthccv
-/frontend/src/pages/MetricsExplorer/ @srikanthccv
-
-# Services and Service Map
-/frontend/src/container/ServiceApplication/ @srikanthccv
-/frontend/src/container/ServiceTable/ @srikanthccv
-/frontend/src/pages/Services/ @srikanthccv
-/frontend/src/pages/ServiceTopLevelOperations/ @srikanthccv
-/frontend/src/container/Home/Services/ @srikanthccv
-
 /deploy/ @SigNoz/devops
 .github @SigNoz/devops
-
-# Scaffold Owners
-/pkg/config/ @therealpandey
-/pkg/errors/ @therealpandey
-/pkg/factory/ @therealpandey
-/pkg/types/ @therealpandey
-/pkg/valuer/ @therealpandey
-/cmd/ @therealpandey
-.golangci.yml @therealpandey
-
-# Zeus Owners
-/pkg/zeus/ @vikrantgupta25
-/ee/zeus/ @vikrantgupta25
-/pkg/licensing/ @vikrantgupta25
-/ee/licensing/ @vikrantgupta25
-
-# SQL Owners
-/pkg/sqlmigration/ @vikrantgupta25
-/ee/sqlmigration/ @vikrantgupta25
-/pkg/sqlschema/ @vikrantgupta25
-/ee/sqlschema/ @vikrantgupta25
-
-# Analytics Owners
-/pkg/analytics/ @vikrantgupta25
-/pkg/statsreporter/ @vikrantgupta25
-
-# Querier Owners
-/pkg/querier/ @srikanthccv
-/pkg/variables/ @srikanthccv
-/pkg/types/querybuildertypes/ @srikanthccv
-/pkg/querybuilder/ @srikanthccv
-/pkg/telemetrylogs/ @srikanthccv
-/pkg/telemetrymetadata/ @srikanthccv
-/pkg/telemetrymetrics/ @srikanthccv
-/pkg/telemetrytraces/ @srikanthccv
-
-# AuthN / AuthZ Owners 
-
-/pkg/authz/ @vikrantgupta25 @therealpandey
+/pkg/config/ @grandwizard28
+/pkg/errors/ @grandwizard28
+/pkg/factory/ @grandwizard28
+/pkg/types/ @grandwizard28
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,72 +1,17 @@
-## 📄 Summary
+### Summary

-<!-- Describe the purpose of the PR in a few sentences. What does it fix/add/update? -->
+<!-- ✍️ A clear and concise description...-->

---
+#### Related Issues / PR's

-## ✅ Changes
+<!-- ✍️ Add the issues being resolved here and related PR's where applicable  -->

- [ ] Feature: Brief description
- [ ] Bug fix: Brief description
+#### Screenshots

---
+NA

-## 🏷️ Required: Add Relevant Labels
+<!-- ✍️ Add screenshots of before and after changes where applicable-->

-> ⚠️ **Manually add appropriate labels in the PR sidebar**  
-Please select one or more labels (as applicable):
+#### Affected Areas and Manually Tested Areas

-ex:
-
- `frontend`
- `backend`
- `devops`
- `bug`
- `enhancement`
- `ui`
- `test`
-
---
-
-## 👥 Reviewers
-
-> Tag the relevant teams for review:
-
- frontend / backend / devops
-
---
-
-## 🧪 How to Test
-
-<!-- Describe how reviewers can test this PR -->
-1. ...
-2. ...
-3. ...
-
---
-
-## 🔍 Related Issues
-
-<!-- Reference any related issues (e.g. Fixes #123, Closes #456) -->
-Closes #
-
---
-
-## 📸 Screenshots / Screen Recording (if applicable / mandatory for UI related changes)
-
-<!-- Add screenshots or GIFs to help visualize changes -->
-
---
-
-## 📋 Checklist
-
- [ ] Dev Review
- [ ] Test cases added (Unit/ Integration / E2E)
- [ ] Manually tested the changes
-
-
---
-
-## 👀 Notes for Reviewers
-
-<!-- Anything reviewers should keep in mind while reviewing -->
+<!-- ✍️ Add details of blast radius and dev testing areas where applicable-->
--- a/.github/workflows/build-community.yaml
+++ b/.github/workflows/build-community.yaml
@@ -3,8 +3,8 @@ name: build-community
 on:
  push:
    tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
-      - "v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+"
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+      - 'v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+'

 defaults:
  run:
@@ -62,21 +62,20 @@ jobs:
    secrets: inherit
    with:
      PRIMUS_REF: main
-      GO_VERSION: 1.24
      GO_NAME: signoz-community
      GO_INPUT_ARTIFACT_CACHE_KEY: community-jsbuild-${{ github.sha }}
      GO_INPUT_ARTIFACT_PATH: frontend/build
-      GO_BUILD_CONTEXT: ./cmd/community
+      GO_BUILD_CONTEXT: ./pkg/query-service
      GO_BUILD_FLAGS: >-
        -tags timetzdata
-        -ldflags='-s -w
+        -ldflags='-linkmode external -extldflags \"-static\" -s -w
        -X github.com/SigNoz/signoz/pkg/version.version=${{ needs.prepare.outputs.version }}
        -X github.com/SigNoz/signoz/pkg/version.variant=community
        -X github.com/SigNoz/signoz/pkg/version.hash=${{ needs.prepare.outputs.hash }}
        -X github.com/SigNoz/signoz/pkg/version.time=${{ needs.prepare.outputs.time }}
-        -X github.com/SigNoz/signoz/pkg/version.branch=${{ needs.prepare.outputs.branch }}
-        -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr'
+        -X github.com/SigNoz/signoz/pkg/version.branch=${{ needs.prepare.outputs.branch }}'
+      GO_CGO_ENABLED: 1
      DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
-      DOCKER_DOCKERFILE_PATH: ./cmd/community/Dockerfile.multi-arch
+      DOCKER_DOCKERFILE_PATH: ./pkg/query-service/Dockerfile.multi-arch
      DOCKER_MANIFEST: true
      DOCKER_PROVIDERS: dockerhub
--- a/.github/workflows/build-enterprise.yaml
+++ b/.github/workflows/build-enterprise.yaml
@@ -67,9 +67,8 @@ jobs:
          echo 'TUNNEL_URL="${{ secrets.TUNNEL_URL }}"' >> frontend/.env
          echo 'TUNNEL_DOMAIN="${{ secrets.TUNNEL_DOMAIN }}"' >> frontend/.env
          echo 'POSTHOG_KEY="${{ secrets.POSTHOG_KEY }}"' >> frontend/.env
-          echo 'PYLON_APP_ID="${{ secrets.PYLON_APP_ID }}"' >> frontend/.env
-          echo 'APPCUES_APP_ID="${{ secrets.APPCUES_APP_ID }}"' >> frontend/.env
-          echo 'PYLON_IDENTITY_SECRET="${{ secrets.PYLON_IDENTITY_SECRET }}"' >> frontend/.env
+          echo 'CUSTOMERIO_ID="${{ secrets.CUSTOMERIO_ID }}"' >> frontend/.env
+          echo 'CUSTOMERIO_SITE_ID="${{ secrets.CUSTOMERIO_SITE_ID }}"' >> frontend/.env
      - name: cache-dotenv
        uses: actions/cache@v4
        with:
@@ -85,7 +84,7 @@ jobs:
      JS_INPUT_ARTIFACT_CACHE_KEY: enterprise-dotenv-${{ github.sha }}
      JS_INPUT_ARTIFACT_PATH: frontend/.env
      JS_OUTPUT_ARTIFACT_CACHE_KEY: enterprise-jsbuild-${{ github.sha }}
-      JS_OUTPUT_ARTIFACT_PATH: frontend/build
+      JS_OUTPUT_ARTIFACT_PATH: frontend/build 
      DOCKER_BUILD: false
      DOCKER_MANIFEST: false
  go-build:
@@ -94,13 +93,12 @@ jobs:
    secrets: inherit
    with:
      PRIMUS_REF: main
-      GO_VERSION: 1.24
      GO_INPUT_ARTIFACT_CACHE_KEY: enterprise-jsbuild-${{ github.sha }}
      GO_INPUT_ARTIFACT_PATH: frontend/build
-      GO_BUILD_CONTEXT: ./cmd/enterprise
+      GO_BUILD_CONTEXT: ./ee/query-service
      GO_BUILD_FLAGS: >-
        -tags timetzdata
-        -ldflags='-s -w
+        -ldflags='-linkmode external -extldflags \"-static\" -s -w
        -X github.com/SigNoz/signoz/pkg/version.version=${{ needs.prepare.outputs.version }}
        -X github.com/SigNoz/signoz/pkg/version.variant=enterprise
        -X github.com/SigNoz/signoz/pkg/version.hash=${{ needs.prepare.outputs.hash }}
@@ -108,9 +106,10 @@ jobs:
        -X github.com/SigNoz/signoz/pkg/version.branch=${{ needs.prepare.outputs.branch }}
        -X github.com/SigNoz/signoz/ee/zeus.url=https://api.signoz.cloud
        -X github.com/SigNoz/signoz/ee/zeus.deprecatedURL=https://license.signoz.io
-        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1
-        -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr'
+        -X github.com/SigNoz/signoz/ee/query-service/constants.ZeusURL=https://api.signoz.cloud
+        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1'
+      GO_CGO_ENABLED: 1
      DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
-      DOCKER_DOCKERFILE_PATH: ./cmd/enterprise/Dockerfile.multi-arch
+      DOCKER_DOCKERFILE_PATH: ./ee/query-service/Dockerfile.multi-arch
      DOCKER_MANIFEST: true
      DOCKER_PROVIDERS: ${{ needs.prepare.outputs.docker_providers }}
--- a/.github/workflows/build-staging.yaml
+++ b/.github/workflows/build-staging.yaml
@@ -64,11 +64,8 @@ jobs:
        run: |
          mkdir -p frontend
          echo 'CI=1' > frontend/.env
-          echo 'TUNNEL_URL="${{ secrets.NP_TUNNEL_URL }}"' >> frontend/.env
-          echo 'TUNNEL_DOMAIN="${{ secrets.NP_TUNNEL_DOMAIN }}"' >> frontend/.env
-          echo 'PYLON_APP_ID="${{ secrets.NP_PYLON_APP_ID }}"' >> frontend/.env
-          echo 'APPCUES_APP_ID="${{ secrets.NP_APPCUES_APP_ID }}"' >> frontend/.env
-          echo 'PYLON_IDENTITY_SECRET="${{ secrets.NP_PYLON_IDENTITY_SECRET }}"' >> frontend/.env
+          echo 'TUNNEL_URL=https://telemetry.staging.signoz.cloud/tunnel' >> frontend/.env
+          echo 'TUNNEL_DOMAIN=https://telemetry.staging.signoz.cloud' >> frontend/.env
      - name: cache-dotenv
        uses: actions/cache@v4
        with:
@@ -93,13 +90,12 @@ jobs:
    secrets: inherit
    with:
      PRIMUS_REF: main
-      GO_VERSION: 1.24
      GO_INPUT_ARTIFACT_CACHE_KEY: staging-jsbuild-${{ github.sha }}
      GO_INPUT_ARTIFACT_PATH: frontend/build
-      GO_BUILD_CONTEXT: ./cmd/enterprise
+      GO_BUILD_CONTEXT: ./ee/query-service
      GO_BUILD_FLAGS: >-
        -tags timetzdata
-        -ldflags='-s -w
+        -ldflags='-linkmode external -extldflags \"-static\" -s -w
        -X github.com/SigNoz/signoz/pkg/version.version=${{ needs.prepare.outputs.version }}
        -X github.com/SigNoz/signoz/pkg/version.variant=enterprise
        -X github.com/SigNoz/signoz/pkg/version.hash=${{ needs.prepare.outputs.hash }}
@@ -107,10 +103,11 @@ jobs:
        -X github.com/SigNoz/signoz/pkg/version.branch=${{ needs.prepare.outputs.branch }}
        -X github.com/SigNoz/signoz/ee/zeus.url=https://api.staging.signoz.cloud
        -X github.com/SigNoz/signoz/ee/zeus.deprecatedURL=https://license.staging.signoz.cloud
-        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.staging.signoz.cloud/api/v1
-        -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr'
+        -X github.com/SigNoz/signoz/ee/query-service/constants.ZeusURL=https://api.staging.signoz.cloud
+        -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.staging.signoz.cloud/api/v1'
+      GO_CGO_ENABLED: 1
      DOCKER_BASE_IMAGES: '{"alpine": "alpine:3.20.3"}'
-      DOCKER_DOCKERFILE_PATH: ./cmd/enterprise/Dockerfile.multi-arch
+      DOCKER_DOCKERFILE_PATH: ./ee/query-service/Dockerfile.multi-arch
      DOCKER_MANIFEST: true
      DOCKER_PROVIDERS: gcp
  staging:
@@ -124,4 +121,4 @@ jobs:
      GITHUB_SILENT: true
      GITHUB_REPOSITORY_NAME: charts-saas-v3-staging
      GITHUB_EVENT_NAME: releaser
-      GITHUB_EVENT_PAYLOAD: '{"deployment": "${{ needs.prepare.outputs.deployment }}", "signoz_version": "${{ needs.prepare.outputs.version }}"}'
+      GITHUB_EVENT_PAYLOAD: "{\"deployment\": \"${{ needs.prepare.outputs.deployment }}\", \"signoz_version\": \"${{ needs.prepare.outputs.version }}\"}"
--- a/.github/workflows/goci.yaml
+++ b/.github/workflows/goci.yaml
@@ -18,7 +18,6 @@ jobs:
    with:
      PRIMUS_REF: main
      GO_TEST_CONTEXT: ./...
-      GO_VERSION: 1.24
  fmt:
    if: |
      (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
@@ -27,7 +26,6 @@ jobs:
    secrets: inherit
    with:
      PRIMUS_REF: main
-      GO_VERSION: 1.24
  lint:
    if: |
      (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
@@ -36,16 +34,6 @@ jobs:
    secrets: inherit
    with:
      PRIMUS_REF: main
-      GO_VERSION: 1.24
-  deps:
-    if: |
-      (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
-      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))
-    uses: signoz/primus.workflows/.github/workflows/go-deps.yaml@main
-    secrets: inherit
-    with:
-      PRIMUS_REF: main
-      GO_VERSION: 1.24
  build:
    if: |
      (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
@@ -57,7 +45,7 @@ jobs:
      - name: go-install
        uses: actions/setup-go@v5
        with:
-          go-version: "1.24"
+          go-version: "1.22"
      - name: qemu-install
        uses: docker/setup-qemu-action@v3
      - name: aarch64-install
--- a/.github/workflows/gor-signoz-community.yaml
+++ b/.github/workflows/gor-signoz-community.yaml
@@ -36,7 +36,7 @@ jobs:
          - ubuntu-latest
          - macos-latest
    env:
-      CONFIG_PATH: cmd/community/.goreleaser.yaml
+      CONFIG_PATH: pkg/query-service/.goreleaser.yaml
    runs-on: ${{ matrix.os }}
    steps:
      - name: checkout
@@ -58,7 +58,7 @@ jobs:
      - name: setup-go
        uses: actions/setup-go@v5
        with:
-          go-version: "1.24"
+          go-version: "1.22"
      - name: cross-compilation-tools
        if: matrix.os == 'ubuntu-latest'
        run: |
@@ -100,7 +100,7 @@ jobs:
    needs: build
    env:
      DOCKER_CLI_EXPERIMENTAL: "enabled"
-      WORKDIR: cmd/community
+      WORKDIR: pkg/query-service
    steps:
      - name: checkout
        uses: actions/checkout@v4
@@ -122,7 +122,7 @@ jobs:
      - name: setup-go
        uses: actions/setup-go@v5
        with:
-          go-version: "1.24"
+          go-version: "1.22"

      # copy the caches from build
      - name: get-sha
--- a/.github/workflows/gor-signoz.yaml
+++ b/.github/workflows/gor-signoz.yaml
@@ -33,9 +33,8 @@ jobs:
          echo 'TUNNEL_URL="${{ secrets.TUNNEL_URL }}"' >> .env
          echo 'TUNNEL_DOMAIN="${{ secrets.TUNNEL_DOMAIN }}"' >> .env
          echo 'POSTHOG_KEY="${{ secrets.POSTHOG_KEY }}"' >> .env
-          echo 'PYLON_APP_ID="${{ secrets.PYLON_APP_ID }}"' >> .env
-          echo 'APPCUES_APP_ID="${{ secrets.APPCUES_APP_ID }}"' >> .env
-          echo 'PYLON_IDENTITY_SECRET="${{ secrets.PYLON_IDENTITY_SECRET }}"' >> .env
+          echo 'CUSTOMERIO_ID="${{ secrets.CUSTOMERIO_ID }}"' >> .env
+          echo 'CUSTOMERIO_SITE_ID="${{ secrets.CUSTOMERIO_SITE_ID }}"' >> .env
      - name: build-frontend
        run:  make js-build
      - name: upload-frontend-artifact
@@ -51,7 +50,7 @@ jobs:
          - ubuntu-latest
          - macos-latest
    env:
-      CONFIG_PATH: cmd/enterprise/.goreleaser.yaml
+      CONFIG_PATH: ee/query-service/.goreleaser.yaml
    runs-on: ${{ matrix.os }}
    steps:
      - name: checkout
@@ -73,7 +72,7 @@ jobs:
      - name: setup-go
        uses: actions/setup-go@v5
        with:
-          go-version: "1.24"
+          go-version: "1.22"
      - name: cross-compilation-tools
        if: matrix.os == 'ubuntu-latest'
        run: |
@@ -136,7 +135,7 @@ jobs:
      - name: setup-go
        uses: actions/setup-go@v5
        with:
-          go-version: "1.24"
+          go-version: "1.22"

      # copy the caches from build
      - name: get-sha
--- a/.github/workflows/integrationci.yaml
+++ b/.github/workflows/integrationci.yaml
@@ -15,19 +15,14 @@ jobs:
      matrix:
        src:
          - bootstrap
-          - passwordauthn
-          - callbackauthn
-          - cloudintegrations
-          - dashboard
-          - querier
-          - ttl
        sqlstore-provider:
          - postgres
          - sqlite
        clickhouse-version:
-          - 25.5.6
+          - 24.1.2-alpine
+          - 24.12-alpine
        schema-migrator-version:
-          - v0.129.7
+          - v0.111.38
        postgres-version:
          - 15
    if: |
@@ -46,20 +41,6 @@ jobs:
          python -m pip install poetry==2.1.2
          python -m poetry config virtualenvs.in-project true
          cd tests/integration && poetry install --no-root
-      - name: webdriver
-        run: |
-          wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
-          echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | sudo tee -a /etc/apt/sources.list.d/google-chrome.list
-          sudo apt-get update -qqy
-          sudo apt-get -qqy install google-chrome-stable
-          CHROME_VERSION=$(google-chrome-stable --version)
-          CHROME_FULL_VERSION=${CHROME_VERSION%%.*}
-          CHROME_MAJOR_VERSION=${CHROME_FULL_VERSION//[!0-9]}
-          sudo rm /etc/apt/sources.list.d/google-chrome.list
-          export CHROMEDRIVER_VERSION=`curl -s https://googlechromelabs.github.io/chrome-for-testing/LATEST_RELEASE_${CHROME_MAJOR_VERSION%%.*}`
-          curl -L -O "https://storage.googleapis.com/chrome-for-testing-public/${CHROMEDRIVER_VERSION}/linux64/chromedriver-linux64.zip"
-          unzip chromedriver-linux64.zip && chmod +x chromedriver && sudo mv chromedriver /usr/local/bin
-          chromedriver -version
      - name: run
        run: |
          cd tests/integration && \
--- a/.github/workflows/prereleaser.yaml
+++ b/.github/workflows/prereleaser.yaml
@@ -1,6 +1,10 @@
 name: prereleaser

 on:
+  # schedule every wednesday 6:30 AM UTC (12:00 PM IST)
+  schedule:
+    - cron: '30 6 * * 3'
+
  # allow manual triggering of the workflow by a maintainer
  workflow_dispatch:
    inputs:
--- a/.github/workflows/run-e2e.yaml
+++ b/.github/workflows/run-e2e.yaml
@@ -1,62 +0,0 @@
-name: e2eci
-
-on:
-  workflow_dispatch:
-    inputs:
-      userRole:
-        description: "Role of the user (ADMIN, EDITOR, VIEWER)"
-        required: true
-        type: choice
-        options:
-          - ADMIN
-          - EDITOR
-          - VIEWER
-
-jobs:
-  test:
-    name: Run Playwright Tests
-    runs-on: ubuntu-latest
-    timeout-minutes: 60
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: lts/*
-
-      - name: Mask secrets and input
-        run: |
-          echo "::add-mask::${{ secrets.BASE_URL }}"
-          echo "::add-mask::${{ secrets.LOGIN_USERNAME }}"
-          echo "::add-mask::${{ secrets.LOGIN_PASSWORD }}"
-          echo "::add-mask::${{ github.event.inputs.userRole }}"
-
-      - name: Install dependencies
-        working-directory: frontend
-        run: |
-          npm install -g yarn
-          yarn
-
-      - name: Install Playwright Browsers
-        working-directory: frontend
-        run: yarn playwright install --with-deps
-
-      - name: Run Playwright Tests
-        working-directory: frontend
-        run: |
-          BASE_URL="${{ secrets.BASE_URL }}" \
-          LOGIN_USERNAME="${{ secrets.LOGIN_USERNAME }}" \
-          LOGIN_PASSWORD="${{ secrets.LOGIN_PASSWORD }}" \
-          USER_ROLE="${{ github.event.inputs.userRole }}" \
-          yarn playwright test
-
-      - name: Upload Playwright Report
-        uses: actions/upload-artifact@v4
-        if: always()
-        with:
-          name: playwright-report
-          path: frontend/playwright-report/
-          retention-days: 30
--- a/.gitignore
+++ b/.gitignore
@@ -49,7 +49,6 @@ ee/query-service/tests/test-deploy/data/
 # local data
 *.backup
 *.db
-**/db
 /deploy/docker/clickhouse-setup/data/
 /deploy/docker-swarm/clickhouse-setup/data/
 bin/
@@ -61,13 +60,14 @@ ee/query-service/db

 e2e/node_modules/
 e2e/test-results/
+e2e/playwright-report/
 e2e/blob-report/
+e2e/playwright/.cache/
 e2e/.auth

 # go
 vendor/
 **/main/**
-__debug_bin**

 # git-town
 .git-branches.toml
@@ -87,8 +87,6 @@ queries.active
 .devenv/**/tmp/**
 .qodo

-.dev
-
 ### Python ###
 # Byte-compiled / optimized / DLL files
 __pycache__/
@@ -231,6 +229,4 @@ poetry.toml
 # LSP config files
 pyrightconfig.json

-
-# cursor files
-frontend/.cursor/
+# End of https://www.toptal.com/developers/gitignore/api/python
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,63 +0,0 @@
-version: "2"
-linters:
-  default: none
-  enable:
-    - bodyclose
-    - depguard
-    - errcheck
-    - forbidigo
-    - govet
-    - iface
-    - ineffassign
-    - misspell
-    - nilnil
-    - sloglint
-    - unparam
-    - unused
-  settings:
-    depguard:
-      rules:
-        noerrors:
-          deny:
-            - pkg: errors
-              desc: Do not use errors package. Use github.com/SigNoz/signoz/pkg/errors instead.
-        nozap:
-          deny:
-            - pkg: go.uber.org/zap
-              desc: Do not use zap logger. Use slog instead.
-    forbidigo:
-      forbid:
-        - pattern: fmt.Errorf
-        - pattern: ^(fmt\.Print.*|print|println)$
-    iface:
-      enable:
-        - identical
-    sloglint:
-      no-mixed-args: true
-      kv-only: true
-      no-global: all
-      context: all
-      static-msg: true
-      key-naming-case: snake
-  exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-    paths:
-      - pkg/query-service
-      - ee/query-service
-      - scripts/
-      - tmp/
-      - third_party$
-      - builtin$
-      - examples$
-formatters:
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
--- a/ADVOCATE.md
+++ b/ADVOCATE.md
@@ -1,62 +0,0 @@
-# SigNoz Community Advocate Program
-
-Our community is filled with passionate developers who love SigNoz and have been helping spread the word about observability across the world. The SigNoz Community Advocate Program is our way of recognizing these incredible community members and creating deeper collaboration opportunities.
-
-## What is the SigNoz Community Advocate Program?
-
-The SigNoz Community Advocate Program celebrates and supports community members who are already passionate about observability and helping fellow developers. If you're someone who loves discussing SigNoz, helping others with their implementations, or sharing knowledge about observability practices, this program is designed with you in mind.
-
-Our advocates are the heart of the SigNoz community, helping other developers succeed with observability and providing valuable insights that help us build better products.
-
-## What Do Advocates Do?
-
-1. **Community Support**
-
-    - Help fellow developers in our Slack community and GitHub Discussions
-    - Answer questions and share solutions
-    - Guide newcomers through SigNoz self-host implementations
-
-2. **Knowledge Sharing**
-
-    - Spread awareness about observability best practices on developer forums
-    - Create content like blog posts, social media posts, and videos
-    - Host local meetups and events in their regions
-
-3. **Product Collaboration**
-
-    - Provide insights on features, changes, and improvements the community needs
-    - Beta test new features and provide early feedback
-    - Help us understand real-world use cases and pain points
-
-## What's In It For You?
-
-**Recognition & Swag**
-
- Official recognition as a SigNoz advocate
- Welcome hamper upon joining
- Exclusive swag box within your first 3 months
- Feature on our website (with your permission)
-
-**Early Access**
-
- First look at new features and updates
- Direct line to the SigNoz team for feedback and suggestions
- Opportunity to influence product roadmap
-
-**Community Impact**
-
- Help shape the observability landscape
- Build your reputation in the developer community
- Connect with like-minded developers globally
-
-## How Does It Work?
-
-Currently, the SigNoz Community Advocate Program is **invite-only**. We're starting with a small group of passionate community members who have already been making a difference.
-
-We'll be working closely with our first advocates to shape the program details, benefits, and structure based on what works best for everyone involved.
-
-If you're interested in learning more about the program or want to get more involved in the SigNoz community, join our [Slack community](https://signoz-community.slack.com/) and let us know!
-
---
-
-*The SigNoz Community Advocate Program recognizes and celebrates the amazing community members who are already passionate about helping fellow developers succeed with observability.*
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -78,5 +78,3 @@ Need assistance? Join our Slack community:

 - Set up your [development environment](docs/contributing/development.md)
 - Deploy and observe [SigNoz in action with OpenTelemetry Demo Application](docs/otel-demo-docs.md)
- Explore the [SigNoz Community Advocate Program](ADVOCATE.md), which recognises contributors who support the community, share their expertise, and help shape SigNoz's future.
- Write [integration tests](docs/contributing/go/integration.md)
--- a/2
+++ b/2
@@ -2,7 +2,7 @@ Copyright (c) 2020-present SigNoz Inc.

 Portions of this software are licensed as follows:

-* All content that resides under the "ee/" and the "cmd/enterprise/" directory of this repository, if that directory exists, is licensed under the license defined in "ee/LICENSE".
+* All content that resides under the "ee/" directory of this repository, if that directory exists, is licensed under the license defined in "ee/LICENSE".
 * All third party components incorporated into the SigNoz Software are licensed under the original license provided by the owner of the applicable component.
 * Content outside of the above mentioned directories or restrictions above is available under the "MIT Expat" license as defined below.

--- a/53
+++ b/53
@@ -20,18 +20,18 @@ GO_BUILD_LDFLAG_LICENSE_SIGNOZ_IO 	= -X github.com/SigNoz/signoz/ee/zeus.depreca

 GO_BUILD_VERSION_LDFLAGS 		= -X github.com/SigNoz/signoz/pkg/version.version=$(VERSION) -X github.com/SigNoz/signoz/pkg/version.hash=$(COMMIT_SHORT_SHA) -X github.com/SigNoz/signoz/pkg/version.time=$(TIMESTAMP) -X github.com/SigNoz/signoz/pkg/version.branch=$(BRANCH_NAME)
 GO_BUILD_ARCHS_COMMUNITY 		= $(addprefix go-build-community-,$(ARCHS))
-GO_BUILD_CONTEXT_COMMUNITY 		= $(SRC)/cmd/community
+GO_BUILD_CONTEXT_COMMUNITY 		= $(SRC)/pkg/query-service
 GO_BUILD_LDFLAGS_COMMUNITY 		= $(GO_BUILD_VERSION_LDFLAGS) -X github.com/SigNoz/signoz/pkg/version.variant=community
 GO_BUILD_ARCHS_ENTERPRISE 		= $(addprefix go-build-enterprise-,$(ARCHS))
 GO_BUILD_ARCHS_ENTERPRISE_RACE  = $(addprefix go-build-enterprise-race-,$(ARCHS))
-GO_BUILD_CONTEXT_ENTERPRISE 	= $(SRC)/cmd/enterprise
+GO_BUILD_CONTEXT_ENTERPRISE 	= $(SRC)/ee/query-service
 GO_BUILD_LDFLAGS_ENTERPRISE 	= $(GO_BUILD_VERSION_LDFLAGS) -X github.com/SigNoz/signoz/pkg/version.variant=enterprise $(GO_BUILD_LDFLAG_ZEUS_URL) $(GO_BUILD_LDFLAG_LICENSE_SIGNOZ_IO)

 DOCKER_BUILD_ARCHS_COMMUNITY 	= $(addprefix docker-build-community-,$(ARCHS))
-DOCKERFILE_COMMUNITY 			= $(SRC)/cmd/community/Dockerfile
+DOCKERFILE_COMMUNITY 			= $(SRC)/pkg/query-service/Dockerfile
 DOCKER_REGISTRY_COMMUNITY 		?= docker.io/signoz/signoz-community
 DOCKER_BUILD_ARCHS_ENTERPRISE 	= $(addprefix docker-build-enterprise-,$(ARCHS))
-DOCKERFILE_ENTERPRISE 			= $(SRC)/cmd/enterprise/Dockerfile
+DOCKERFILE_ENTERPRISE 			= $(SRC)/ee/query-service/Dockerfile
 DOCKER_REGISTRY_ENTERPRISE 		?= docker.io/signoz/signoz
 JS_BUILD_CONTEXT 				= $(SRC)/frontend

@@ -61,23 +61,6 @@ devenv-postgres: ## Run postgres in devenv
 	@cd .devenv/docker/postgres; \
 	docker compose -f compose.yaml up -d

-.PHONY: devenv-signoz-otel-collector
-devenv-signoz-otel-collector: ## Run signoz-otel-collector in devenv (requires clickhouse to be running)
-	@cd .devenv/docker/signoz-otel-collector; \
-	docker compose -f compose.yaml up -d
-
-.PHONY: devenv-up
-devenv-up: devenv-clickhouse devenv-signoz-otel-collector ## Start both clickhouse and signoz-otel-collector for local development
-	@echo "Development environment is ready!"
-	@echo "   - ClickHouse: http://localhost:8123"
-	@echo "   - Signoz OTel Collector: grpc://localhost:4317, http://localhost:4318"
-
-.PHONY: devenv-clickhouse-clean
-devenv-clickhouse-clean: ## Clean all ClickHouse data from filesystem
-	@echo "Removing ClickHouse data..."
-	@rm -rf .devenv/docker/clickhouse/fs/tmp/*
-	@echo "ClickHouse data cleaned!"
-
 ##############################################################
 # go commands
 ##############################################################
@@ -90,9 +73,12 @@ go-run-enterprise: ## Runs the enterprise go backend server
 	SIGNOZ_ALERTMANAGER_PROVIDER=signoz \
 	SIGNOZ_TELEMETRYSTORE_PROVIDER=clickhouse \
 	SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_DSN=tcp://127.0.0.1:9000 \
-	SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_CLUSTER=cluster \
 	go run -race \
-		$(GO_BUILD_CONTEXT_ENTERPRISE)/*.go server
+		$(GO_BUILD_CONTEXT_ENTERPRISE)/main.go \
+		--config ./conf/prometheus.yml \
+		--cluster cluster \
+		--use-logs-new-schema true \
+		--use-trace-new-schema true

 .PHONY: go-test
 go-test: ## Runs go unit tests
@@ -107,9 +93,12 @@ go-run-community: ## Runs the community go backend server
 	SIGNOZ_ALERTMANAGER_PROVIDER=signoz \
 	SIGNOZ_TELEMETRYSTORE_PROVIDER=clickhouse \
 	SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_DSN=tcp://127.0.0.1:9000 \
-	SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_CLUSTER=cluster \
 	go run -race \
-		$(GO_BUILD_CONTEXT_COMMUNITY)/*.go server
+		$(GO_BUILD_CONTEXT_COMMUNITY)/main.go \
+		--config ./conf/prometheus.yml \
+		--cluster cluster \
+		--use-logs-new-schema true \
+		--use-trace-new-schema true

 .PHONY: go-build-community $(GO_BUILD_ARCHS_COMMUNITY)
 go-build-community: ## Builds the go backend server for community
@@ -118,9 +107,9 @@ $(GO_BUILD_ARCHS_COMMUNITY): go-build-community-%: $(TARGET_DIR)
 	@mkdir -p $(TARGET_DIR)/$(OS)-$*
 	@echo ">> building binary $(TARGET_DIR)/$(OS)-$*/$(NAME)-community"
 	@if [ $* = "arm64" ]; then \
-		GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_COMMUNITY) -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME)-community -ldflags "-s -w $(GO_BUILD_LDFLAGS_COMMUNITY)"; \
+		CC=aarch64-linux-gnu-gcc CGO_ENABLED=1 GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_COMMUNITY) -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME)-community -ldflags "-linkmode external -extldflags '-static' -s -w $(GO_BUILD_LDFLAGS_COMMUNITY)"; \
 	else \
-		GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_COMMUNITY) -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME)-community -ldflags "-s -w $(GO_BUILD_LDFLAGS_COMMUNITY)"; \
+		CGO_ENABLED=1 GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_COMMUNITY) -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME)-community -ldflags "-linkmode external -extldflags '-static' -s -w $(GO_BUILD_LDFLAGS_COMMUNITY)"; \
 	fi


@@ -131,9 +120,9 @@ $(GO_BUILD_ARCHS_ENTERPRISE): go-build-enterprise-%: $(TARGET_DIR)
 	@mkdir -p $(TARGET_DIR)/$(OS)-$*
 	@echo ">> building binary $(TARGET_DIR)/$(OS)-$*/$(NAME)"
 	@if [ $* = "arm64" ]; then \
-		GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_ENTERPRISE) -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME) -ldflags "-s -w $(GO_BUILD_LDFLAGS_ENTERPRISE)"; \
+		CC=aarch64-linux-gnu-gcc CGO_ENABLED=1 GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_ENTERPRISE) -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME) -ldflags "-linkmode external -extldflags '-static' -s -w $(GO_BUILD_LDFLAGS_ENTERPRISE)"; \
 	else \
-		GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_ENTERPRISE) -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME) -ldflags "-s -w $(GO_BUILD_LDFLAGS_ENTERPRISE)"; \
+		CGO_ENABLED=1 GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_ENTERPRISE) -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME) -ldflags "-linkmode external -extldflags '-static' -s -w $(GO_BUILD_LDFLAGS_ENTERPRISE)"; \
 	fi

 .PHONY: go-build-enterprise-race $(GO_BUILD_ARCHS_ENTERPRISE_RACE)
@@ -143,9 +132,9 @@ $(GO_BUILD_ARCHS_ENTERPRISE_RACE): go-build-enterprise-race-%: $(TARGET_DIR)
 	@mkdir -p $(TARGET_DIR)/$(OS)-$*
 	@echo ">> building binary $(TARGET_DIR)/$(OS)-$*/$(NAME)"
 	@if [ $* = "arm64" ]; then \
-		GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_ENTERPRISE) -race -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME) -ldflags "-s -w $(GO_BUILD_LDFLAGS_ENTERPRISE)"; \
+		CC=aarch64-linux-gnu-gcc CGO_ENABLED=1 GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_ENTERPRISE) -race -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME) -ldflags "-linkmode external -extldflags '-static' -s -w $(GO_BUILD_LDFLAGS_ENTERPRISE)"; \
 	else \
-		GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_ENTERPRISE) -race -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME) -ldflags "-s -w $(GO_BUILD_LDFLAGS_ENTERPRISE)"; \
+		CGO_ENABLED=1 GOARCH=$* GOOS=$(OS) go build -C $(GO_BUILD_CONTEXT_ENTERPRISE) -race -tags timetzdata -o $(TARGET_DIR)/$(OS)-$*/$(NAME) -ldflags "-linkmode external -extldflags '-static' -s -w $(GO_BUILD_LDFLAGS_ENTERPRISE)"; \
 	fi

 ##############################################################
@@ -212,4 +201,4 @@ py-lint: ## Run lint for integration tests

 .PHONY: py-test
 py-test: ## Runs integration tests
-	@cd tests/integration && poetry run pytest --basetemp=./tmp/ -vv --capture=no src/
+	@cd tests/integration && poetry run pytest --basetemp=./tmp/ -vv --capture=no src/
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@
 <p align="center">All your logs, metrics, and traces in one place. Monitor your application, spot issues before they occur and troubleshoot downtime quickly with rich context. SigNoz is a cost-effective open-source alternative to Datadog and New Relic. Visit <a href="https://signoz.io" target="_blank">signoz.io</a> for the full documentation, tutorials, and guide.</p>

 <p align="center">
+    <img alt="Downloads" src="https://img.shields.io/docker/pulls/signoz/query-service?label=Docker Downloads"> </a>
    <img alt="GitHub issues" src="https://img.shields.io/github/issues/signoz/signoz"> </a>
    <a href="https://twitter.com/intent/tweet?text=Monitor%20your%20applications%20and%20troubleshoot%20problems%20with%20SigNoz,%20an%20open-source%20alternative%20to%20DataDog,%20NewRelic.&url=https://signoz.io/&via=SigNozHQ&hashtags=opensource,signoz,observability"> 
        <img alt="tweet" src="https://img.shields.io/twitter/url/http/shields.io.svg?style=social"> </a> 
@@ -230,13 +231,11 @@ Not sure how to get started? Just ping us on `#contributing` in our [slack commu
 - [Shaheer Kochai](https://github.com/ahmadshaheer)
 - [Amlan Kumar Nandy](https://github.com/amlannandy)
 - [Sahil Khan](https://github.com/sawhil)
- [Aditya Singh](https://github.com/aks07)
- [Abhi Kumar](https://github.com/ahrefabhi)

 #### DevOps

 - [Prashant Shahi](https://github.com/prashant-shahi)
- [Vibhu Pandey](https://github.com/therealpandey)
+- [Vibhu Pandey](https://github.com/grandwizard28)

 <br /><br />

--- a/cmd/community/main.go
+++ b/cmd/community/main.go
@@ -1,18 +0,0 @@
-package main
-
-import (
-	"log/slog"
-
-	"github.com/SigNoz/signoz/cmd"
-	"github.com/SigNoz/signoz/pkg/instrumentation"
-)
-
-func main() {
-	// initialize logger for logging in the cmd/ package. This logger is different from the logger used in the application.
-	logger := instrumentation.NewLogger(instrumentation.Config{Logs: instrumentation.LogsConfig{Level: slog.LevelInfo}})
-
-	// register a list of commands to the root command
-	registerServer(cmd.RootCmd, logger)
-
-	cmd.Execute(logger)
-}
--- a/cmd/community/server.go
+++ b/cmd/community/server.go
@@ -1,122 +0,0 @@
-package main
-
-import (
-	"context"
-	"log/slog"
-
-	"github.com/SigNoz/signoz/cmd"
-	"github.com/SigNoz/signoz/ee/authz/openfgaauthz"
-	"github.com/SigNoz/signoz/ee/authz/openfgaschema"
-	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
-	"github.com/SigNoz/signoz/pkg/analytics"
-	"github.com/SigNoz/signoz/pkg/authn"
-	"github.com/SigNoz/signoz/pkg/authz"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/licensing/nooplicensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/query-service/app"
-	"github.com/SigNoz/signoz/pkg/signoz"
-	"github.com/SigNoz/signoz/pkg/sqlschema"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/version"
-	"github.com/SigNoz/signoz/pkg/zeus"
-	"github.com/SigNoz/signoz/pkg/zeus/noopzeus"
-	"github.com/spf13/cobra"
-)
-
-func registerServer(parentCmd *cobra.Command, logger *slog.Logger) {
-	var flags signoz.DeprecatedFlags
-
-	serverCmd := &cobra.Command{
-		Use:                "server",
-		Short:              "Run the SigNoz server",
-		FParseErrWhitelist: cobra.FParseErrWhitelist{UnknownFlags: true},
-		RunE: func(currCmd *cobra.Command, args []string) error {
-			config, err := cmd.NewSigNozConfig(currCmd.Context(), logger, flags)
-			if err != nil {
-				return err
-			}
-
-			return runServer(currCmd.Context(), config, logger)
-		},
-	}
-
-	flags.RegisterFlags(serverCmd)
-	parentCmd.AddCommand(serverCmd)
-}
-
-func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) error {
-	// print the version
-	version.Info.PrettyPrint(config.Version)
-
-	// add enterprise sqlstore factories to the community sqlstore factories
-	sqlstoreFactories := signoz.NewSQLStoreProviderFactories()
-	if err := sqlstoreFactories.Add(postgressqlstore.NewFactory(sqlstorehook.NewLoggingFactory())); err != nil {
-		logger.ErrorContext(ctx, "failed to add postgressqlstore factory", "error", err)
-		return err
-	}
-
-	signoz, err := signoz.New(
-		ctx,
-		config,
-		zeus.Config{},
-		noopzeus.NewProviderFactory(),
-		licensing.Config{},
-		func(_ sqlstore.SQLStore, _ zeus.Zeus, _ organization.Getter, _ analytics.Analytics) factory.ProviderFactory[licensing.Licensing, licensing.Config] {
-			return nooplicensing.NewFactory()
-		},
-		signoz.NewEmailingProviderFactories(),
-		signoz.NewCacheProviderFactories(),
-		signoz.NewWebProviderFactories(),
-		func(sqlstore sqlstore.SQLStore) factory.NamedMap[factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config]] {
-			return signoz.NewSQLSchemaProviderFactories(sqlstore)
-		},
-		signoz.NewSQLStoreProviderFactories(),
-		signoz.NewTelemetryStoreProviderFactories(),
-		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
-			return signoz.NewAuthNs(ctx, providerSettings, store, licensing)
-		},
-		func(ctx context.Context, sqlstore sqlstore.SQLStore) factory.ProviderFactory[authz.AuthZ, authz.Config] {
-			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx))
-		},
-	)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to create signoz", "error", err)
-		return err
-	}
-
-	server, err := app.NewServer(config, signoz)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to create server", "error", err)
-		return err
-	}
-
-	if err := server.Start(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start server", "error", err)
-		return err
-	}
-
-	signoz.Start(ctx)
-
-	if err := signoz.Wait(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start signoz", "error", err)
-		return err
-	}
-
-	err = server.Stop(ctx)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop server", "error", err)
-		return err
-	}
-
-	err = signoz.Stop(ctx)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop signoz", "error", err)
-		return err
-	}
-
-	return nil
-}
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -1,31 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"log/slog"
-
-	"github.com/SigNoz/signoz/pkg/config"
-	"github.com/SigNoz/signoz/pkg/config/envprovider"
-	"github.com/SigNoz/signoz/pkg/config/fileprovider"
-	"github.com/SigNoz/signoz/pkg/signoz"
-)
-
-func NewSigNozConfig(ctx context.Context, logger *slog.Logger, flags signoz.DeprecatedFlags) (signoz.Config, error) {
-	config, err := signoz.NewConfig(
-		ctx,
-		logger,
-		config.ResolverConfig{
-			Uris: []string{"env:"},
-			ProviderFactories: []config.ProviderFactory{
-				envprovider.NewFactory(),
-				fileprovider.NewFactory(),
-			},
-		},
-		flags,
-	)
-	if err != nil {
-		return signoz.Config{}, err
-	}
-
-	return config, nil
-}
--- a/cmd/enterprise/main.go
+++ b/cmd/enterprise/main.go
@@ -1,18 +0,0 @@
-package main
-
-import (
-	"log/slog"
-
-	"github.com/SigNoz/signoz/cmd"
-	"github.com/SigNoz/signoz/pkg/instrumentation"
-)
-
-func main() {
-	// initialize logger for logging in the cmd/ package. This logger is different from the logger used in the application.
-	logger := instrumentation.NewLogger(instrumentation.Config{Logs: instrumentation.LogsConfig{Level: slog.LevelInfo}})
-
-	// register a list of commands to the root command
-	registerServer(cmd.RootCmd, logger)
-
-	cmd.Execute(logger)
-}
--- a/cmd/enterprise/server.go
+++ b/cmd/enterprise/server.go
@@ -1,151 +0,0 @@
-package main
-
-import (
-	"context"
-	"log/slog"
-	"time"
-
-	"github.com/SigNoz/signoz/cmd"
-	"github.com/SigNoz/signoz/ee/authn/callbackauthn/oidccallbackauthn"
-	"github.com/SigNoz/signoz/ee/authn/callbackauthn/samlcallbackauthn"
-	"github.com/SigNoz/signoz/ee/authz/openfgaauthz"
-	"github.com/SigNoz/signoz/ee/authz/openfgaschema"
-	enterpriselicensing "github.com/SigNoz/signoz/ee/licensing"
-	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
-	enterpriseapp "github.com/SigNoz/signoz/ee/query-service/app"
-	"github.com/SigNoz/signoz/ee/sqlschema/postgressqlschema"
-	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
-	enterprisezeus "github.com/SigNoz/signoz/ee/zeus"
-	"github.com/SigNoz/signoz/ee/zeus/httpzeus"
-	"github.com/SigNoz/signoz/pkg/analytics"
-	"github.com/SigNoz/signoz/pkg/authn"
-	"github.com/SigNoz/signoz/pkg/authz"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/signoz"
-	"github.com/SigNoz/signoz/pkg/sqlschema"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/version"
-	"github.com/SigNoz/signoz/pkg/zeus"
-	"github.com/spf13/cobra"
-)
-
-func registerServer(parentCmd *cobra.Command, logger *slog.Logger) {
-	var flags signoz.DeprecatedFlags
-
-	serverCmd := &cobra.Command{
-		Use:                "server",
-		Short:              "Run the SigNoz server",
-		FParseErrWhitelist: cobra.FParseErrWhitelist{UnknownFlags: true},
-		RunE: func(currCmd *cobra.Command, args []string) error {
-			config, err := cmd.NewSigNozConfig(currCmd.Context(), logger, flags)
-			if err != nil {
-				return err
-			}
-
-			return runServer(currCmd.Context(), config, logger)
-		},
-	}
-
-	flags.RegisterFlags(serverCmd)
-	parentCmd.AddCommand(serverCmd)
-}
-
-func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) error {
-	// print the version
-	version.Info.PrettyPrint(config.Version)
-
-	// add enterprise sqlstore factories to the community sqlstore factories
-	sqlstoreFactories := signoz.NewSQLStoreProviderFactories()
-	if err := sqlstoreFactories.Add(postgressqlstore.NewFactory(sqlstorehook.NewLoggingFactory(), sqlstorehook.NewInstrumentationFactory())); err != nil {
-		logger.ErrorContext(ctx, "failed to add postgressqlstore factory", "error", err)
-		return err
-	}
-
-	signoz, err := signoz.New(
-		ctx,
-		config,
-		enterprisezeus.Config(),
-		httpzeus.NewProviderFactory(),
-		enterpriselicensing.Config(24*time.Hour, 3),
-		func(sqlstore sqlstore.SQLStore, zeus zeus.Zeus, orgGetter organization.Getter, analytics analytics.Analytics) factory.ProviderFactory[licensing.Licensing, licensing.Config] {
-			return httplicensing.NewProviderFactory(sqlstore, zeus, orgGetter, analytics)
-		},
-		signoz.NewEmailingProviderFactories(),
-		signoz.NewCacheProviderFactories(),
-		signoz.NewWebProviderFactories(),
-		func(sqlstore sqlstore.SQLStore) factory.NamedMap[factory.ProviderFactory[sqlschema.SQLSchema, sqlschema.Config]] {
-			existingFactories := signoz.NewSQLSchemaProviderFactories(sqlstore)
-			if err := existingFactories.Add(postgressqlschema.NewFactory(sqlstore)); err != nil {
-				panic(err)
-			}
-
-			return existingFactories
-		},
-		sqlstoreFactories,
-		signoz.NewTelemetryStoreProviderFactories(),
-		func(ctx context.Context, providerSettings factory.ProviderSettings, store authtypes.AuthNStore, licensing licensing.Licensing) (map[authtypes.AuthNProvider]authn.AuthN, error) {
-			samlCallbackAuthN, err := samlcallbackauthn.New(ctx, store, licensing)
-			if err != nil {
-				return nil, err
-			}
-
-			oidcCallbackAuthN, err := oidccallbackauthn.New(store, licensing, providerSettings)
-			if err != nil {
-				return nil, err
-			}
-
-			authNs, err := signoz.NewAuthNs(ctx, providerSettings, store, licensing)
-			if err != nil {
-				return nil, err
-			}
-
-			authNs[authtypes.AuthNProviderSAML] = samlCallbackAuthN
-			authNs[authtypes.AuthNProviderOIDC] = oidcCallbackAuthN
-
-			return authNs, nil
-		},
-		func(ctx context.Context, sqlstore sqlstore.SQLStore) factory.ProviderFactory[authz.AuthZ, authz.Config] {
-			return openfgaauthz.NewProviderFactory(sqlstore, openfgaschema.NewSchema().Get(ctx))
-		},
-	)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to create signoz", "error", err)
-		return err
-	}
-
-	server, err := enterpriseapp.NewServer(config, signoz)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to create server", "error", err)
-		return err
-	}
-
-	if err := server.Start(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start server", "error", err)
-		return err
-	}
-
-	signoz.Start(ctx)
-
-	if err := signoz.Wait(ctx); err != nil {
-		logger.ErrorContext(ctx, "failed to start signoz", "error", err)
-		return err
-	}
-
-	err = server.Stop(ctx)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop server", "error", err)
-		return err
-	}
-
-	err = signoz.Stop(ctx)
-	if err != nil {
-		logger.ErrorContext(ctx, "failed to stop signoz", "error", err)
-		return err
-	}
-
-	return nil
-}
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -1,33 +0,0 @@
-package cmd
-
-import (
-	"log/slog"
-	"os"
-
-	"github.com/SigNoz/signoz/pkg/version"
-	"github.com/spf13/cobra"
-	"go.uber.org/zap" //nolint:depguard
-)
-
-var RootCmd = &cobra.Command{
-	Use:               "signoz",
-	Short:             "OpenTelemetry-Native Logs, Metrics and Traces in a single pane",
-	Version:           version.Info.Version(),
-	SilenceUsage:      true,
-	SilenceErrors:     true,
-	CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
-}
-
-func Execute(logger *slog.Logger) {
-	zapLogger := newZapLogger()
-	zap.ReplaceGlobals(zapLogger)
-	defer func() {
-		_ = zapLogger.Sync()
-	}()
-
-	err := RootCmd.Execute()
-	if err != nil {
-		logger.ErrorContext(RootCmd.Context(), "error running command", "error", err)
-		os.Exit(1)
-	}
-}
--- a/cmd/zap.go
+++ b/cmd/zap.go
@@ -1,15 +0,0 @@
-package cmd
-
-import (
-	"go.uber.org/zap"         //nolint:depguard
-	"go.uber.org/zap/zapcore" //nolint:depguard
-)
-
-// Deprecated: Use `NewLogger` from `pkg/instrumentation` instead.
-func newZapLogger() *zap.Logger {
-	config := zap.NewProductionConfig()
-	config.EncoderConfig.TimeKey = "timestamp"
-	config.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
-	logger, _ := config.Build()
-	return logger
-}
--- a/conf/example.yaml
+++ b/conf/example.yaml
@@ -1,5 +1,5 @@
 ##################### SigNoz Configuration Example #####################
-#
+# 
 # Do not modify this file
 #

@@ -47,10 +47,10 @@ cache:
  provider: memory
  # memory: Uses in-memory caching.
  memory:
-    # Max items for the in-memory cache (10x the entries)
-    num_counters: 100000
-    # Total cost in bytes allocated bounded cache
-    max_cost: 67108864
+    # Time-to-live for cache entries in memory. Specify the duration in ns
+    ttl: 60000000000
+    # The interval at which the cache will be cleaned up
+    cleanupInterval: 1m
  # redis: Uses Redis as the caching backend.
  redis:
    # The hostname or IP address of the Redis server.
@@ -58,7 +58,7 @@ cache:
    # The port on which the Redis server is running. Default is usually 6379.
    port: 6379
    # The password for authenticating with the Redis server, if required.
-    password:
+    password: 
    # The Redis database number to use
    db: 0

@@ -71,10 +71,6 @@ sqlstore:
  sqlite:
    # The path to the SQLite database file.
    path: /var/lib/signoz/signoz.db
-    # Mode is the mode to use for the sqlite database.
-    mode: delete
-    # BusyTimeout is the timeout for the sqlite database to wait for a lock.
-    busy_timeout: 10s

 ##################### APIServer #####################
 apiserver:
@@ -94,15 +90,6 @@ apiserver:
      - /api/v1/version
      - /

-##################### Querier #####################
-querier:
-  # The TTL for cached query results.
-  cache_ttl: 168h
-  # The interval for recent data that should not be cached.
-  flux_interval: 5m
-  # The maximum number of concurrent queries for missing ranges.
-  max_concurrent_queries: 4
-
 ##################### TelemetryStore #####################
 telemetrystore:
  # Maximum number of idle connections in the connection pool.
@@ -116,17 +103,13 @@ telemetrystore:
  clickhouse:
    # The DSN to use for clickhouse.
    dsn: tcp://localhost:9000
-    # The cluster name to use for clickhouse.
-    cluster: cluster
    # The query settings for clickhouse.
    settings:
      max_execution_time: 0
      max_execution_time_leaf: 0
      timeout_before_checking_execution_speed: 0
      max_bytes_to_read: 0
-      max_result_rows: 0
-      ignore_data_skipping_indices: ""
-      secondary_indices_enable_bulk_filtering: false
+      max_result_rows_for_ch_query: 0

 ##################### Prometheus #####################
 prometheus:
@@ -141,7 +124,10 @@ prometheus:
 ##################### Alertmanager #####################
 alertmanager:
  # Specifies the alertmanager provider to use.
-  provider: signoz
+  provider: legacy
+  legacy:
+    # The API URL (with prefix) of the legacy Alertmanager instance.
+    api_url: http://localhost:9093/api
  signoz:
    # The poll interval for periodically syncing the alertmanager with the config in the store.
    poll_interval: 1m
@@ -178,96 +164,3 @@ alertmanager:
      maintenance_interval: 15m
      # Retention of the notification logs.
      retention: 120h
-
-##################### Emailing #####################
-emailing:
-  # Whether to enable emailing.
-  enabled: false
-  templates:
-    # The directory containing the email templates. This directory should contain a list of files defined at pkg/types/emailtypes/template.go.
-    directory: /opt/signoz/conf/templates/email
-  smtp:
-    # The SMTP server address.
-    address: localhost:25
-    # The email address to use for the SMTP server.
-    from:
-    # The hello message to use for the SMTP server.
-    hello:
-    # The static headers to send with the email.
-    headers: {}
-    auth:
-      # The username to use for the SMTP server.
-      username:
-      # The password to use for the SMTP server.
-      password:
-      # The secret to use for the SMTP server.
-      secret:
-      # The identity to use for the SMTP server.
-      identity:
-    tls:
-      # Whether to enable TLS. It should be false in most cases since the authentication mechanism should use the STARTTLS extension instead.
-      enabled: false
-      # Whether to skip TLS verification.
-      insecure_skip_verify: false
-      # The path to the CA file.
-      ca_file_path:
-      # The path to the key file.
-      key_file_path:
-      # The path to the certificate file.
-      cert_file_path:
-
-##################### Sharder (experimental) #####################
-sharder:
-  # Specifies the sharder provider to use.
-  provider: noop
-  single:
-    # The org id to which this instance belongs to.
-    org_id: org_id
-
-##################### Analytics #####################
-analytics:
-  # Whether to enable analytics.
-  enabled: false
-  segment:
-    # The key to use for segment.
-    key: ""
-
-##################### StatsReporter #####################
-statsreporter:
-  # Whether to enable stats reporter. This is used to provide valuable insights to the SigNoz team. It does not collect any sensitive/PII data.
-  enabled: true
-  # The interval at which the stats are collected.
-  interval: 6h
-  collect:
-    # Whether to collect identities and traits (emails).
-    identities: true
-
-##################### Gateway (License only) #####################
-gateway:
-  # The URL of the gateway's api.
-  url: http://localhost:8080
-
-##################### Tokenizer #####################
-tokenizer:
-  # Specifies the tokenizer provider to use.
-  provider: jwt
-  lifetime:
-    # The duration for which a user can be idle before being required to authenticate.
-    idle: 168h
-    # The duration for which a user can remain logged in before being asked to login.
-    max: 720h
-  rotation:
-    # The interval to rotate tokens in.
-    interval: 30m
-    # The duration for which the previous token pair remains valid after a token pair is rotated.
-    duration: 60s
-  jwt:
-    # The secret to sign the JWT tokens.
-    secret: secret
-  opaque:
-    gc:
-      # The interval to perform garbage collection.
-      interval: 1h
-    token:
-      # The maximum number of tokens a user can have. This limits the number of concurrent sessions a user can have.
-      max_per_user: 5
--- a/deploy/docker-swarm/docker-compose.ha.yaml
+++ b/deploy/docker-swarm/docker-compose.ha.yaml
@@ -11,7 +11,7 @@ x-common: &common
      max-file: "3"
 x-clickhouse-defaults: &clickhouse-defaults
  !!merge <<: *common
-  image: clickhouse/clickhouse-server:25.10.1
+  image: clickhouse/clickhouse-server:24.1.2-alpine
  tty: true
  deploy:
    labels:
@@ -37,11 +37,9 @@ x-clickhouse-defaults: &clickhouse-defaults
    nofile:
      soft: 262144
      hard: 262144
-  environment:
-    - CLICKHOUSE_SKIP_USER_SETUP=1
 x-zookeeper-defaults: &zookeeper-defaults
  !!merge <<: *common
-  image: signoz/zookeeper:3.7.1
+  image: bitnami/zookeeper:3.7.1
  user: root
  deploy:
    labels:
@@ -65,7 +63,7 @@ x-db-depend: &db-depend
 services:
  init-clickhouse:
    !!merge <<: *common
-    image: clickhouse/clickhouse-server:25.10.1
+    image: clickhouse/clickhouse-server:24.1.2-alpine
    command:
      - bash
      - -c
@@ -176,9 +174,11 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:v0.103.0
+    image: signoz/signoz:v0.80.0
    command:
      - --config=/root/config/prometheus.yml
+      - --use-logs-new-schema=true
+      - --use-trace-new-schema=true
    ports:
      - "8080:8080" # signoz port
    #   - "6060:6060"     # pprof port
@@ -196,7 +196,6 @@ services:
      - TELEMETRY_ENABLED=true
      - DEPLOYMENT_TYPE=docker-swarm
      - SIGNOZ_JWT_SECRET=secret
-      - DOT_METRICS_ENABLED=true
    healthcheck:
      test:
        - CMD
@@ -209,7 +208,7 @@ services:
      retries: 3
  otel-collector:
    !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:v0.129.12
+    image: signoz/signoz-otel-collector:v0.111.39
    command:
      - --config=/etc/otel-collector-config.yaml
      - --manager-config=/etc/manager-config.yaml
@@ -233,7 +232,7 @@ services:
      - signoz
  schema-migrator:
    !!merge <<: *common
-    image: signoz/signoz-schema-migrator:v0.129.12
+    image: signoz/signoz-schema-migrator:v0.111.39
    deploy:
      restart_policy:
        condition: on-failure
--- a/deploy/docker-swarm/docker-compose.yaml
+++ b/deploy/docker-swarm/docker-compose.yaml
@@ -11,7 +11,7 @@ x-common: &common
      max-file: "3"
 x-clickhouse-defaults: &clickhouse-defaults
  !!merge <<: *common
-  image: clickhouse/clickhouse-server:25.10.1
+  image: clickhouse/clickhouse-server:24.1.2-alpine
  tty: true
  deploy:
    labels:
@@ -36,11 +36,9 @@ x-clickhouse-defaults: &clickhouse-defaults
    nofile:
      soft: 262144
      hard: 262144
-  environment:
-    - CLICKHOUSE_SKIP_USER_SETUP=1
 x-zookeeper-defaults: &zookeeper-defaults
  !!merge <<: *common
-  image: signoz/zookeeper:3.7.1
+  image: bitnami/zookeeper:3.7.1
  user: root
  deploy:
    labels:
@@ -62,7 +60,7 @@ x-db-depend: &db-depend
 services:
  init-clickhouse:
    !!merge <<: *common
-    image: clickhouse/clickhouse-server:25.10.1
+    image: clickhouse/clickhouse-server:24.1.2-alpine
    command:
      - bash
      - -c
@@ -102,32 +100,28 @@ services:
    #   - "9000:9000"
    #   - "8123:8123"
    #   - "9181:9181"
-
-    configs:
-      - source: clickhouse-config
-        target: /etc/clickhouse-server/config.xml
-      - source: clickhouse-users
-        target: /etc/clickhouse-server/users.xml
-      - source: clickhouse-custom-function
-        target: /etc/clickhouse-server/custom-function.xml
-      - source: clickhouse-cluster
-        target: /etc/clickhouse-server/config.d/cluster.xml
    volumes:
+      - ../common/clickhouse/config.xml:/etc/clickhouse-server/config.xml
+      - ../common/clickhouse/users.xml:/etc/clickhouse-server/users.xml
+      - ../common/clickhouse/custom-function.xml:/etc/clickhouse-server/custom-function.xml
+      - ../common/clickhouse/user_scripts:/var/lib/clickhouse/user_scripts/
+      - ../common/clickhouse/cluster.xml:/etc/clickhouse-server/config.d/cluster.xml
      - clickhouse:/var/lib/clickhouse/
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:v0.103.0
+    image: signoz/signoz:v0.80.0
    command:
      - --config=/root/config/prometheus.yml
+      - --use-logs-new-schema=true
+      - --use-trace-new-schema=true
    ports:
      - "8080:8080" # signoz port
    #   - "6060:6060"     # pprof port
    volumes:
+      - ../common/signoz/prometheus.yml:/root/config/prometheus.yml
+      - ../common/dashboards:/root/config/dashboards
      - sqlite:/var/lib/signoz/
-    configs:
-      - source: signoz-prometheus-config
-        target: /root/config/prometheus.yml
    environment:
      - SIGNOZ_ALERTMANAGER_PROVIDER=signoz
      - SIGNOZ_TELEMETRYSTORE_CLICKHOUSE_DSN=tcp://clickhouse:9000
@@ -137,7 +131,6 @@ services:
      - GODEBUG=netdns=go
      - TELEMETRY_ENABLED=true
      - DEPLOYMENT_TYPE=docker-swarm
-      - DOT_METRICS_ENABLED=true
    healthcheck:
      test:
        - CMD
@@ -150,17 +143,15 @@ services:
      retries: 3
  otel-collector:
    !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:v0.129.12
+    image: signoz/signoz-otel-collector:v0.111.39
    command:
      - --config=/etc/otel-collector-config.yaml
      - --manager-config=/etc/manager-config.yaml
      - --copy-path=/var/tmp/collector-config.yaml
      - --feature-gates=-pkg.translator.prometheus.NormalizeName
-    configs:
-      - source: otel-collector-config
-        target: /etc/otel-collector-config.yaml
-      - source: otel-manager-config
-        target: /etc/manager-config.yaml
+    volumes:
+      - ./otel-collector-config.yaml:/etc/otel-collector-config.yaml
+      - ../common/signoz/otel-collector-opamp-config.yaml:/etc/manager-config.yaml
    environment:
      - OTEL_RESOURCE_ATTRIBUTES=host.name={{.Node.Hostname}},os.type={{.Node.Platform.OS}}
      - LOW_CARDINAL_EXCEPTION_GROUPING=false
@@ -176,7 +167,7 @@ services:
      - signoz
  schema-migrator:
    !!merge <<: *common
-    image: signoz/signoz-schema-migrator:v0.129.12
+    image: signoz/signoz-schema-migrator:v0.111.39
    deploy:
      restart_policy:
        condition: on-failure
@@ -197,24 +188,3 @@ volumes:
    name: signoz-sqlite
  zookeeper-1:
    name: signoz-zookeeper-1
-configs:
-  clickhouse-config:
-    file: ../common/clickhouse/config.xml
-  clickhouse-users:
-    file: ../common/clickhouse/users.xml
-  clickhouse-custom-function:
-    file: ../common/clickhouse/custom-function.xml
-  clickhouse-cluster:
-    file: ../common/clickhouse/cluster.xml
-  signoz-prometheus-config:
-    file: ../common/signoz/prometheus.yml
-  # If you have multiple dashboard files, you can list them individually:
-  # dashboard-foo:
-  #   file: ../common/dashboards/foo.json
-  # dashboard-bar:
-  #   file: ../common/dashboards/bar.json
-
-  otel-collector-config:
-    file: ./otel-collector-config.yaml
-  otel-manager-config:
-    file: ../common/signoz/otel-collector-opamp-config.yaml
--- a/deploy/docker-swarm/otel-collector-config.yaml
+++ b/deploy/docker-swarm/otel-collector-config.yaml
@@ -1,10 +1,3 @@
-connectors:
-  signozmeter:
-    metrics_flush_interval: 1h
-    dimensions:
-      - name: service.name
-      - name: deployment.environment
-      - name: host.name
 receivers:
  otlp:
    protocols:
@@ -28,16 +21,12 @@ processors:
    send_batch_size: 10000
    send_batch_max_size: 11000
    timeout: 10s
-  batch/meter:
-    send_batch_max_size: 25000
-    send_batch_size: 20000
-    timeout: 1s
  resourcedetection:
    # Using OTEL_RESOURCE_ATTRIBUTES envvar, env detector adds custom labels.
    detectors: [env, system]
    timeout: 2s
  signozspanmetrics/delta:
-    metrics_exporter: signozclickhousemetrics
+    metrics_exporter: clickhousemetricswrite
    metrics_flush_interval: 60s
    latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
    dimensions_cache_size: 100000
@@ -71,21 +60,25 @@ exporters:
    datasource: tcp://clickhouse:9000/signoz_traces
    low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
    use_new_schema: true
+  clickhousemetricswrite:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
+    resource_to_telemetry_conversion:
+      enabled: true
+  clickhousemetricswrite/prometheus:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
  signozclickhousemetrics:
    dsn: tcp://clickhouse:9000/signoz_metrics
  clickhouselogsexporter:
    dsn: tcp://clickhouse:9000/signoz_logs
    timeout: 10s
    use_new_schema: true
-  signozclickhousemeter:
-    dsn: tcp://clickhouse:9000/signoz_meter
-    timeout: 45s
-    sending_queue:
-      enabled: false
+  # debug: {}
 service:
  telemetry:
    logs:
      encoding: json
+    metrics:
+      address: 0.0.0.0:8888
  extensions:
    - health_check
    - pprof
@@ -93,20 +86,16 @@ service:
    traces:
      receivers: [otlp]
      processors: [signozspanmetrics/delta, batch]
-      exporters: [clickhousetraces, signozmeter]
+      exporters: [clickhousetraces]
    metrics:
      receivers: [otlp]
      processors: [batch]
-      exporters: [signozclickhousemetrics, signozmeter]
+      exporters: [clickhousemetricswrite, signozclickhousemetrics]
    metrics/prometheus:
      receivers: [prometheus]
      processors: [batch]
-      exporters: [signozclickhousemetrics, signozmeter]
+      exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
    logs:
      receivers: [otlp]
      processors: [batch]
-      exporters: [clickhouselogsexporter, signozmeter]
-    metrics/meter:
-      receivers: [signozmeter]
-      processors: [batch/meter]
-      exporters: [signozclickhousemeter]
+      exporters: [clickhouselogsexporter]
--- a/deploy/docker/docker-compose.ha.yaml
+++ b/deploy/docker/docker-compose.ha.yaml
@@ -10,7 +10,7 @@ x-common: &common
 x-clickhouse-defaults: &clickhouse-defaults
  !!merge <<: *common
  # addding non LTS version due to this fix https://github.com/ClickHouse/ClickHouse/commit/32caf8716352f45c1b617274c7508c86b7d1afab
-  image: clickhouse/clickhouse-server:25.10.1
+  image: clickhouse/clickhouse-server:24.1.2-alpine
  tty: true
  labels:
    signoz.io/scrape: "true"
@@ -40,11 +40,9 @@ x-clickhouse-defaults: &clickhouse-defaults
    nofile:
      soft: 262144
      hard: 262144
-  environment:
-    - CLICKHOUSE_SKIP_USER_SETUP=1
 x-zookeeper-defaults: &zookeeper-defaults
  !!merge <<: *common
-  image: signoz/zookeeper:3.7.1
+  image: bitnami/zookeeper:3.7.1
  user: root
  labels:
    signoz.io/scrape: "true"
@@ -67,7 +65,7 @@ x-db-depend: &db-depend
 services:
  init-clickhouse:
    !!merge <<: *common
-    image: clickhouse/clickhouse-server:25.10.1
+    image: clickhouse/clickhouse-server:24.1.2-alpine
    container_name: signoz-init-clickhouse
    command:
      - bash
@@ -179,10 +177,12 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.103.0}
+    image: signoz/signoz:${VERSION:-v0.80.0}
    container_name: signoz
    command:
      - --config=/root/config/prometheus.yml
+      - --use-logs-new-schema=true
+      - --use-trace-new-schema=true
    ports:
      - "8080:8080" # signoz port
    #   - "6060:6060"     # pprof port
@@ -199,7 +199,6 @@ services:
      - GODEBUG=netdns=go
      - TELEMETRY_ENABLED=true
      - DEPLOYMENT_TYPE=docker-standalone-amd
-      - DOT_METRICS_ENABLED=true
    healthcheck:
      test:
        - CMD
@@ -213,7 +212,7 @@ services:
  # TODO: support otel-collector multiple replicas. Nginx/Traefik for loadbalancing?
  otel-collector:
    !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.129.12}
+    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.111.39}
    container_name: signoz-otel-collector
    command:
      - --config=/etc/otel-collector-config.yaml
@@ -239,7 +238,7 @@ services:
        condition: service_healthy
  schema-migrator-sync:
    !!merge <<: *common
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.129.12}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.39}
    container_name: schema-migrator-sync
    command:
      - sync
@@ -250,7 +249,7 @@ services:
        condition: service_healthy
  schema-migrator-async:
    !!merge <<: *db-depend
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.129.12}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.39}
    container_name: schema-migrator-async
    command:
      - async
--- a/deploy/docker/docker-compose.yaml
+++ b/deploy/docker/docker-compose.yaml
@@ -9,7 +9,8 @@ x-common: &common
      max-file: "3"
 x-clickhouse-defaults: &clickhouse-defaults
  !!merge <<: *common
-  image: clickhouse/clickhouse-server:25.10.1
+  # addding non LTS version due to this fix https://github.com/ClickHouse/ClickHouse/commit/32caf8716352f45c1b617274c7508c86b7d1afab
+  image: clickhouse/clickhouse-server:24.1.2-alpine
  tty: true
  labels:
    signoz.io/scrape: "true"
@@ -35,11 +36,9 @@ x-clickhouse-defaults: &clickhouse-defaults
    nofile:
      soft: 262144
      hard: 262144
-  environment:
-    - CLICKHOUSE_SKIP_USER_SETUP=1
 x-zookeeper-defaults: &zookeeper-defaults
  !!merge <<: *common
-  image: signoz/zookeeper:3.7.1
+  image: bitnami/zookeeper:3.7.1
  user: root
  labels:
    signoz.io/scrape: "true"
@@ -62,7 +61,7 @@ x-db-depend: &db-depend
 services:
  init-clickhouse:
    !!merge <<: *common
-    image: clickhouse/clickhouse-server:25.10.1
+    image: clickhouse/clickhouse-server:24.1.2-alpine
    container_name: signoz-init-clickhouse
    command:
      - bash
@@ -111,10 +110,12 @@ services:
      # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
  signoz:
    !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.103.0}
+    image: signoz/signoz:${VERSION:-v0.80.0}
    container_name: signoz
    command:
      - --config=/root/config/prometheus.yml
+      - --use-logs-new-schema=true
+      - --use-trace-new-schema=true
    ports:
      - "8080:8080" # signoz port
    #   - "6060:6060"     # pprof port
@@ -131,7 +132,6 @@ services:
      - GODEBUG=netdns=go
      - TELEMETRY_ENABLED=true
      - DEPLOYMENT_TYPE=docker-standalone-amd
-      - DOT_METRICS_ENABLED=true
    healthcheck:
      test:
        - CMD
@@ -144,7 +144,7 @@ services:
      retries: 3
  otel-collector:
    !!merge <<: *db-depend
-    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.129.12}
+    image: signoz/signoz-otel-collector:${OTELCOL_TAG:-v0.111.39}
    container_name: signoz-otel-collector
    command:
      - --config=/etc/otel-collector-config.yaml
@@ -166,7 +166,7 @@ services:
        condition: service_healthy
  schema-migrator-sync:
    !!merge <<: *common
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.129.12}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.39}
    container_name: schema-migrator-sync
    command:
      - sync
@@ -178,7 +178,7 @@ services:
    restart: on-failure
  schema-migrator-async:
    !!merge <<: *db-depend
-    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.129.12}
+    image: signoz/signoz-schema-migrator:${OTELCOL_TAG:-v0.111.39}
    container_name: schema-migrator-async
    command:
      - async
--- a/deploy/docker/otel-collector-config.yaml
+++ b/deploy/docker/otel-collector-config.yaml
@@ -1,10 +1,3 @@
-connectors:
-  signozmeter:
-    metrics_flush_interval: 1h
-    dimensions:
-      - name: service.name
-      - name: deployment.environment
-      - name: host.name
 receivers:
  otlp:
    protocols:
@@ -28,16 +21,12 @@ processors:
    send_batch_size: 10000
    send_batch_max_size: 11000
    timeout: 10s
-  batch/meter:
-    send_batch_max_size: 25000
-    send_batch_size: 20000
-    timeout: 1s
  resourcedetection:
    # Using OTEL_RESOURCE_ATTRIBUTES envvar, env detector adds custom labels.
    detectors: [env, system]
    timeout: 2s
  signozspanmetrics/delta:
-    metrics_exporter: signozclickhousemetrics
+    metrics_exporter: clickhousemetricswrite
    metrics_flush_interval: 60s
    latency_histogram_buckets: [100us, 1ms, 2ms, 6ms, 10ms, 50ms, 100ms, 250ms, 500ms, 1000ms, 1400ms, 2000ms, 5s, 10s, 20s, 40s, 60s ]
    dimensions_cache_size: 100000
@@ -71,21 +60,25 @@ exporters:
    datasource: tcp://clickhouse:9000/signoz_traces
    low_cardinal_exception_grouping: ${env:LOW_CARDINAL_EXCEPTION_GROUPING}
    use_new_schema: true
+  clickhousemetricswrite:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
+    resource_to_telemetry_conversion:
+      enabled: true
+  clickhousemetricswrite/prometheus:
+    endpoint: tcp://clickhouse:9000/signoz_metrics
  signozclickhousemetrics:
    dsn: tcp://clickhouse:9000/signoz_metrics
  clickhouselogsexporter:
    dsn: tcp://clickhouse:9000/signoz_logs
    timeout: 10s
    use_new_schema: true
-  signozclickhousemeter:
-    dsn: tcp://clickhouse:9000/signoz_meter
-    timeout: 45s
-    sending_queue:
-      enabled: false
+  # debug: {}
 service:
  telemetry:
    logs:
      encoding: json
+    metrics:
+      address: 0.0.0.0:8888
  extensions:
    - health_check
    - pprof
@@ -93,20 +86,16 @@ service:
    traces:
      receivers: [otlp]
      processors: [signozspanmetrics/delta, batch]
-      exporters: [clickhousetraces, signozmeter]
+      exporters: [clickhousetraces]
    metrics:
      receivers: [otlp]
      processors: [batch]
-      exporters: [signozclickhousemetrics, signozmeter]
+      exporters: [clickhousemetricswrite, signozclickhousemetrics]
    metrics/prometheus:
      receivers: [prometheus]
      processors: [batch]
-      exporters: [signozclickhousemetrics, signozmeter]
+      exporters: [clickhousemetricswrite/prometheus, signozclickhousemetrics]
    logs:
      receivers: [otlp]
      processors: [batch]
-      exporters: [clickhouselogsexporter, signozmeter]
-    metrics/meter:
-      receivers: [signozmeter]
-      processors: [batch/meter]
-      exporters: [signozclickhousemeter]
+      exporters: [clickhouselogsexporter]
--- a/deploy/install.sh
+++ b/deploy/install.sh
@@ -93,7 +93,7 @@ check_os() {
            ;;
        Red\ Hat*)
            desired_os=1
-            os="rhel"
+            os="red hat"
            package_manager="yum"
            ;;
        CentOS*)
--- a/docs/contributing/development.md
+++ b/docs/contributing/development.md
@@ -13,6 +13,8 @@ Before diving in, make sure you have these tools installed:
  - Download from [go.dev/dl](https://go.dev/dl/)
  - Check [go.mod](../../go.mod#L3) for the minimum version

+- **GCC** - Required for CGO dependencies
+  - Download from [gcc.gnu.org](https://gcc.gnu.org/)

 - **Node** - Powers our frontend
  - Download from [nodejs.org](https://nodejs.org)
@@ -42,35 +44,20 @@ Before diving in, make sure you have these tools installed:

 SigNoz has three main components: Clickhouse, Backend, and Frontend. Let's set them up one by one.

-### 1. Setting up ClickHouse
+### 1. Setting up Clickhouse

-First, we need to get ClickHouse running:
+First, we need to get Clickhouse running:

 ```bash
 make devenv-clickhouse
 ```

 This command:
- Starts ClickHouse in a single-shard, single-replica cluster
+- Starts Clickhouse in a single-shard, single-replica cluster
 - Sets up Zookeeper
 - Runs the latest schema migrations

-### 2. Setting up SigNoz OpenTelemetry Collector
-
-Next, start the OpenTelemetry Collector to receive telemetry data:
-
-```bash
-make devenv-signoz-otel-collector
-```
-
-This command:
- Starts the SigNoz OpenTelemetry Collector
- Listens on port 4317 (gRPC) and 4318 (HTTP) for incoming telemetry data
- Forwards data to ClickHouse for storage
-
-> 💡 **Quick Setup**: Use `make devenv-up` to start both ClickHouse and OTel Collector together
-
-### 3. Starting the Backend
+### 2. Starting the Backend

 1. Run the backend server:
   ```bash
@@ -86,24 +73,19 @@ This command:

 > 💡 **Tip**: The API server runs at `http://localhost:8080/` by default

-### 4. Setting up the Frontend
+### 3. Setting up the Frontend

-1. Navigate to the frontend directory:
-   ```bash
-   cd frontend
-   ```
-
-2. Install dependencies:
+1. Install dependencies:
   ```bash
   yarn install
   ```

-3. Create a `.env` file in this directory:
+2. Create a `.env` file in the `frontend` directory:
   ```env
   FRONTEND_API_ENDPOINT=http://localhost:8080
   ```

-4. Start the development server:
+3. Start the development server:
   ```bash
   yarn dev
   ```
@@ -111,25 +93,3 @@ This command:
 > 💡 **Tip**: `yarn dev` will automatically rebuild when you make changes to the code

 Now you're all set to start developing! Happy coding! 🎉
-
-## Verifying Your Setup
-To verify everything is working correctly:
-
-1. **Check ClickHouse**: `curl http://localhost:8123/ping` (should return "Ok.")
-2. **Check OTel Collector**: `curl http://localhost:13133` (should return health status)
-3. **Check Backend**: `curl http://localhost:8080/api/v1/health` (should return `{"status":"ok"}`)
-4. **Check Frontend**: Open `http://localhost:3301` in your browser
-
-## How to send test data?
-
-You can now send telemetry data to your local SigNoz instance:
-
- **OTLP gRPC**: `localhost:4317`
- **OTLP HTTP**: `localhost:4318`
-
-For example, using `curl` to send a test trace:
-```bash
-curl -X POST http://localhost:4318/v1/traces \
-  -H "Content-Type: application/json" \
-  -d '{"resourceSpans":[{"resource":{"attributes":[{"key":"service.name","value":{"stringValue":"test-service"}}]},"scopeSpans":[{"spans":[{"traceId":"12345678901234567890123456789012","spanId":"1234567890123456","name":"test-span","startTimeUnixNano":"1609459200000000000","endTimeUnixNano":"1609459201000000000"}]}]}]}'
-```
--- a/docs/contributing/go/endpoint.md
+++ b/docs/contributing/go/endpoint.md
@@ -1,51 +0,0 @@
-# Endpoint
-
-This guide outlines the recommended approach for designing endpoints, with a focus on entity relationships, RESTful structure, and examples from the codebase.
-
-## How do we design an endpoint?
-
-### Understand the core entities and their relationships
-
-Start with understanding the core entities and their relationships. For example:
-
- **Organization**: an organization can have multiple users
-
-### Structure Endpoints RESTfully
-
-Endpoints should reflect the resource hierarchy and follow RESTful conventions. Use clear, **pluralized resource names** and versioning. For example:
-
- `POST /v1/organizations` — Create an organization
- `GET /v1/organizations/:id` — Get an organization by id
- `DELETE /v1/organizations/:id` — Delete an organization by id
- `PUT /v1/organizations/:id` — Update an organization by id
- `GET /v1/organizations/:id/users` — Get all users in an organization
- `GET /v1/organizations/me/users` — Get all users in my organization
-
-Think in terms of resource navigation in a file system. For example, to find your organization, you would navigate to the root of the file system and then to the `organizations` directory. To find a user in an organization, you would navigate to the `organizations` directory and then to the `id` directory.
-
-```bash
-v1/
-├── organizations/
-│   └── 123/
-│       └── users/
-```
-
-`me` endpoints are special. They are used to determine the actual id via some auth/external mechanism. For `me` endpoints, think of the `me` directory being symlinked to your organization directory. For example, if you are a part of the organization `123`, the `me` directory will be symlinked to `/v1/organizations/123`:
-
-```bash
-v1/
-├── organizations/
-│   └── me/ -> symlink to /v1/organizations/123
-│       └── users/
-│   └── 123/
-│       └── users/
-```
-
-> 💡 **Note**: There are various ways to structure endpoints. Some prefer to use singular resource names instead of `me`. Others prefer to use singular resource names for all endpoints. We have, however, chosen to standardize our endpoints in the manner described above.
-
-## What should I remember?
-
- Use clear, **plural resource names**
- Use `me` endpoints for determining the actual id via some auth mechanism
-
-> 💡 **Note**: When in doubt, diagram the relationships and walk through the user flows as if navigating a file system. This will help you design endpoints that are both logical and user-friendly.
--- a/docs/contributing/go/errors.md
+++ b/docs/contributing/go/errors.md
@@ -1,103 +0,0 @@
-# Errors
-
-SigNoz includes its own structured [errors](/pkg/errors/errors.go) package. It's built on top of Go's `error` interface, extending it to add additional context that helps provide more meaningful error messages throughout the application.
-
-## How to use it?
-
-To use the SigNoz structured errors package, use these functions instead of the standard library alternatives:
-
-```go
-// Instead of errors.New()
-errors.New(typ, code, message)
-
-// Instead of fmt.Errorf()
-errors.Newf(typ, code, message, args...)
-```
-
-### Typ
-The Typ (read as Type, defined as `typ`) is used to categorize errors across the codebase and is loosely coupled with HTTP/GRPC status codes. All predefined types can be found in [pkg/errors/type.go](/pkg/errors/type.go). For example:
-
- `TypeInvalidInput` - Indicates invalid input was provided
- `TypeNotFound` - Indicates a resource was not found
-
-By design, `typ` is unexported and cannot be declared outside of [errors](/pkg/errors/errors.go) package. This ensures that it is consistent across the codebase and is used in a way that is meaningful.
-
-### Code
-Codes are used to provide more granular categorization within types. For instance, a type of `TypeInvalidInput` might have codes like `CodeInvalidEmail` or `CodeInvalidPassword`.
-
-To create new error codes, use the `errors.MustNewCode` function:
-
-```go
-var (
-    CodeThingAlreadyExists = errors.MustNewCode("thing_already_exists")
-    CodeThingNotFound = errors.MustNewCode("thing_not_found")
-)
-```
-
-> 💡 **Note**: Error codes must match the regex `^[a-z_]+$` otherwise the code will panic.
-
-## Show me some examples
-
-### Using the error
-A basic example of using the error:
-
-```go
-var (
-    CodeThingAlreadyExists = errors.MustNewCode("thing_already_exists")
-)
-
-func CreateThing(id string) error {
-  t, err := thing.GetFromStore(id)
-  if err != nil {
-    if errors.As(err, errors.TypeNotFound) {
-        // thing was not found, create it
-        return thing.Create(id)
-    }
-
-    // something else went wrong, wrap the error with more context
-    return errors.Wrapf(err, errors.TypeInternal, errors.CodeUnknown, "failed to get thing from store")
-  }
-
-  return errors.Newf(errors.TypeAlreadyExists, CodeThingAlreadyExists, "thing with id %s already exists", id)
-}
-```
-
-### Changing the error
-Sometimes you may want to change the error while preserving the message:
-
-```go
-func GetUserSecurely(id string) (*User, error) {
-    user, err := repository.GetUser(id)
-    if err != nil {
-        if errors.Ast(err, errors.TypeNotFound) {
-            // Convert NotFound to Forbidden for security reasons
-            return nil, errors.New(errors.TypeForbidden, errors.CodeAccessDenied, "access denied to requested resource")
-        }
-        return nil, err
-    }
-    return user, nil
-}
-```
-
-## Why do we need this?
-
-In a large codebase like SigNoz, error handling is critical for maintaining reliability, debuggability, and a good user experience. We believe that it is the **responsibility of a function** to return **well-defined** errors that **accurately describe what went wrong**. With our structured error system:
-
- Functions can create precise errors with appropriate additional context
- Callers can make informed decisions based on the additional context
- Error context is preserved and enhanced as it moves up the call stack
-
-The caller (which can be another function or a HTTP/gRPC handler or something else entirely), can then choose to use this error to take appropriate actions such as:
-
- A function can branch into different paths based on the context
- An HTTP/gRPC handler can derive the correct status code and message from the error and send it to the client
- Logging systems can capture structured error information for better diagnostics
-
-Although there might be cases where this might seem too verbose, it makes the code more maintainable and consistent. A little verbose code is better than clever code that doesn't provide enough context.
-
-## What should I remember?
-
- Think about error handling as you write your code, not as an afterthought.
- Always use the [errors](/pkg/errors/errors.go) package instead of the standard library's `errors.New()` or `fmt.Errorf()`.
- Always assign appropriate codes to errors when creating them instead of using the "catch all" error codes defined in [pkg/errors/code.go](/pkg/errors/code.go).
- Use `errors.Wrapf()` to add context to errors while preserving the original when appropriate.
--- a/docs/contributing/go/integration.md
+++ b/docs/contributing/go/integration.md
@@ -1,213 +0,0 @@
-# Integration Tests
-
-SigNoz uses integration tests to verify that different components work together correctly in a real environment. These tests run against actual services (ClickHouse, PostgreSQL, etc.) to ensure end-to-end functionality.
-
-## How to set up the integration test environment?
-
-### Prerequisites
-
-Before running integration tests, ensure you have the following installed:
-
- Python 3.13+
- Poetry (for dependency management)
- Docker (for containerized services)
-
-### Initial Setup
-
-1. Navigate to the integration tests directory:
-```bash
-cd tests/integration
-```
-
-2. Install dependencies using Poetry:
-```bash
-poetry install --no-root
-```
-
-### Starting the Test Environment
-
-To spin up all the containers necessary for writing integration tests and keep them running:
-
-```bash
-poetry run pytest --basetemp=./tmp/ -vv --reuse src/bootstrap/setup.py::test_setup
-```
-
-This command will:
- Start all required services (ClickHouse, PostgreSQL, Zookeeper, etc.)
- Keep containers running due to the `--reuse` flag
- Verify that the setup is working correctly
-
-### Stopping the Test Environment
-
-When you're done writing integration tests, clean up the environment:
-
-```bash
-poetry run pytest --basetemp=./tmp/ -vv --teardown -s src/bootstrap/setup.py::test_teardown
-```
-
-This will destroy the running integration test setup and clean up resources.
-
-## Understanding the Integration Test Framework
-
-Python and pytest form the foundation of the integration testing framework. Testcontainers are used to spin up disposable integration environments. Wiremock is used to spin up **test doubles** of other services.
-
- **Why Python/pytest?** It's expressive, low-boilerplate, and has powerful fixture capabilities that make integration testing straightforward. Extensive libraries for HTTP requests, JSON handling, and data analysis (numpy) make it easier to test APIs and verify data
- **Why testcontainers?** They let us spin up isolated dependencies that match our production environment without complex setup.
- **Why wiremock?** Well maintained, documented and extensible.
-
-```
-.
-├── conftest.py
-├── fixtures
-│   ├── __init__.py
-│   ├── auth.py
-│   ├── clickhouse.py
-│   ├── fs.py
-│   ├── http.py
-│   ├── migrator.py
-│   ├── network.py
-│   ├── postgres.py
-│   ├── signoz.py
-│   ├── sql.py
-│   ├── sqlite.py
-│   ├── types.py
-│   └── zookeeper.py
-├── poetry.lock
-├── pyproject.toml
-└── src
-    └── bootstrap
-        ├── __init__.py
-        ├── a_database.py
-        ├── b_register.py
-        └── c_license.py
-```
-
-Each test suite follows some important principles:
-
-1. **Organization**: Test suites live under `src/` in self-contained packages. Fixtures (a pytest concept) live inside `fixtures/`.
-2. **Execution Order**: Files are prefixed with `a_`, `b_`, `c_` to ensure sequential execution.
-3. **Time Constraints**: Each suite should complete in under 10 minutes (setup takes ~4 mins).
-
-### Test Suite Design
-
-Test suites should target functional domains or subsystems within SigNoz. When designing a test suite, consider these principles:
-
- **Functional Cohesion**: Group tests around a specific capability or service boundary
- **Data Flow**: Follow the path of data through related components
- **Change Patterns**: Components frequently modified together should be tested together
-
-The exact boundaries for modules are intentionally flexible, allowing teams to define logical groupings based on their specific context and knowledge of the system.
-
-Eg: The **bootstrap** integration test suite validates core system functionality:
-
- Database initialization
- Version check
-
-Other test suites can be **pipelines, auth, querier.**
-
-## How to write an integration test?
-
-Now start writing an integration test. Create a new file `src/bootstrap/e_version.py` and paste the following:
-
-```python
-import requests
-
-from fixtures import types
-from fixtures.logger import setup_logger
-
-logger = setup_logger(__name__)
-
-def test_version(signoz: types.SigNoz) -> None:
-    response = requests.get(signoz.self.host_config.get("/api/v1/version"), timeout=2)
-    logger.info(response)
-```
-
-We have written a simple test which calls the `version` endpoint of the container in step 1. In **order to just run this function, run the following command:**
-
-```bash
-poetry run pytest --basetemp=./tmp/ -vv --reuse src/bootstrap/e_version.py::test_version
-```
-
-> Note: The `--reuse` flag is used to reuse the environment if it is already running. Always use this flag when writing and running integration tests. If you don't use this flag, the environment will be destroyed and recreated every time you run the test.
-
-Here's another example of how to write a more comprehensive integration test:
-
-```python
-from http import HTTPStatus
-import requests
-from fixtures import types
-from fixtures.logger import setup_logger
-
-logger = setup_logger(__name__)
-
-def test_user_registration(signoz: types.SigNoz) -> None:
-    """Test user registration functionality."""
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/register"),
-        json={
-            "name": "testuser",
-            "orgId": "",
-            "orgName": "test.org",
-            "email": "test@example.com",
-            "password": "password123Z$",
-        },
-        timeout=2,
-    )
-    
-    assert response.status_code == HTTPStatus.OK
-    assert response.json()["setupCompleted"] is True
-```
-
-## How to run integration tests?
-
-### Running All Tests
-
-```bash
-poetry run pytest --basetemp=./tmp/ -vv --reuse src/
-```
-
-### Running Specific Test Categories
-
-```bash
-poetry run pytest --basetemp=./tmp/ -vv --reuse src/<suite>
-
-# Run querier tests
-poetry run pytest --basetemp=./tmp/ -vv --reuse src/querier/
-# Run auth tests
-poetry run pytest --basetemp=./tmp/ -vv --reuse src/auth/
-```
-
-### Running Individual Tests
-
-```bash
-poetry run pytest --basetemp=./tmp/ -vv --reuse src/<suite>/<file>.py::test_name
-
-# Run test_register in file a_register.py in auth suite
-poetry run pytest --basetemp=./tmp/ -vv --reuse src/auth/a_register.py::test_register
-```
-
-## How to configure different options for integration tests?
-
-Tests can be configured using pytest options:
-
- `--sqlstore-provider` - Choose database provider (default: postgres)
- `--postgres-version` - PostgreSQL version (default: 15)
- `--clickhouse-version` - ClickHouse version (default: 25.5.6)
- `--zookeeper-version` - Zookeeper version (default: 3.7.1)
-
-Example:
-```bash
-poetry run pytest --basetemp=./tmp/ -vv --reuse --sqlstore-provider=postgres --postgres-version=14 src/auth/
-```
-
-
-## What should I remember?
-
- **Always use the `--reuse` flag** when setting up the environment to keep containers running
- **Use the `--teardown` flag** when cleaning up to avoid resource leaks
- **Follow the naming convention** with alphabetical prefixes for test execution order
- **Use proper timeouts** in HTTP requests to avoid hanging tests
- **Clean up test data** between tests to avoid interference
- **Use descriptive test names** that clearly indicate what is being tested
- **Leverage fixtures** for common setup and authentication
- **Test both success and failure scenarios** to ensure robust functionality
--- a/docs/contributing/go/provider.md
+++ b/docs/contributing/go/provider.md
@@ -1,106 +0,0 @@
-# Provider
-
-SigNoz is built on the provider pattern, a design approach where code is organized into providers that handle specific application responsibilities. Providers act as adapter components that integrate with external services and deliver required functionality to the application.
-
-> 💡 **Note**: Coming from a DDD background? Providers are similar (not exactly the same) to adapter/infrastructure services.
-
-## How to create a new provider?
-
-To create a new provider, create a directory in the `pkg/` directory named after your provider. The provider package consists of four key components:
-
- **Interface** (`pkg/<name>/<name>.go`): Defines the provider's interface. Other packages should import this interface to use the provider.
- **Config** (`pkg/<name>/config.go`): Contains provider configuration, implementing the `factory.Config` interface from [factory/config.go](/pkg/factory/config.go).
- **Implementation** (`pkg/<name>/<implname><name>/provider.go`): Contains the provider implementation, including a `NewProvider` function that returns a `factory.Provider` interface from [factory/provider.go](/pkg/factory/provider.go).
- **Mock** (`pkg/<name>/<name>test.go`): Provides mocks for the provider, typically used by dependent packages for unit testing.
-
-For example, the [prometheus](/pkg/prometheus) provider delivers a prometheus engine to the application:
-
- `pkg/prometheus/prometheus.go` - Interface definition
- `pkg/prometheus/config.go` - Configuration
- `pkg/prometheus/clickhouseprometheus/provider.go` - Clickhouse-powered implementation
- `pkg/prometheus/prometheustest/provider.go` - Mock implementation
-
-## How to wire it up?
-
-The `pkg/signoz` package contains the inversion of control container responsible for wiring providers. It handles instantiation, configuration, and assembly of providers based on configuration metadata.
-
-> 💡 **Note**: Coming from a Java background? Providers are similar to Spring beans.
-
-Wiring up a provider involves three steps:
-
-1. Wiring up the configuration
-Add your config from `pkg/<name>/config.go` to the `pkg/signoz/config.Config` struct and in new factories:
-
-```go
-type Config struct {
-    ...
-	MyProvider myprovider.Config `mapstructure:"myprovider"`
-    ...
-}
-
-func NewConfig(ctx context.Context, resolverConfig config.ResolverConfig, ....) (Config, error) {
-    ...
-	configFactories := []factory.ConfigFactory{
-        myprovider.NewConfigFactory(),
-	}
-    ...
-}
-```
-
-2. Wiring up the provider
-Add available provider implementations in `pkg/signoz/provider.go`:
-
-```go
-func NewMyProviderFactories() factory.NamedMap[factory.ProviderFactory[myprovider.MyProvider, myprovider.Config]] {
-	return factory.MustNewNamedMap(
-        myproviderone.NewFactory(),
-        myprovidertwo.NewFactory(),
-	)
-}
-```
-
-3. Instantiate the provider by adding it to the `SigNoz` struct in `pkg/signoz/signoz.go`:
-
-```go
-type SigNoz struct {
-    ...
-    MyProvider myprovider.MyProvider
-    ...
-}
-
-func New(...) (*SigNoz, error) {
-    ...
-    myprovider, err := myproviderone.New(ctx, settings, config.MyProvider, "one/two")
-    if err != nil {
-        return nil, err
-    }
-    ...
-}
-```
-
-## How to use it?
-
-To use a provider, import its interface. For example, to use the prometheus provider, import `pkg/prometheus/prometheus.go`:
-
-```go
-import "github.com/SigNoz/signoz/pkg/prometheus/prometheus"
-
-func CreateSomething(ctx context.Context, prometheus prometheus.Prometheus) {
-    ...
-    prometheus.DoSomething()
-    ...
-}
-```
-
-## Why do we need this?
-
-Like any dependency injection framework, providers decouple the codebase from implementation details. This is especially valuable in SigNoz's large codebase, where we need to swap implementations without changing dependent code. The provider pattern offers several benefits apart from the obvious one of decoupling:
-
- Configuration is **defined with each provider and centralized in one place**, making it easier to understand and manage through various methods (environment variables, config files, etc.)
- Provider mocking is **straightforward for unit testing**, with a consistent pattern for locating mocks
- **Multiple implementations** of the same provider are **supported**, as demonstrated by our sqlstore provider
-
-## What should I remember?
-
- Use the provider pattern wherever applicable.
- Always create a provider **irrespective of the number of implementations**. This makes it easier to add new implementations in the future.
--- a/docs/contributing/go/readme.md
+++ b/docs/contributing/go/readme.md
@@ -1,11 +0,0 @@
-# Go
-
-This document provides an overview of contributing to the SigNoz backend written in Go. The SigNoz backend is built with Go, focusing on performance, maintainability, and developer experience. We strive for clean, idiomatic code that follows established Go practices while addressing the unique needs of an observability platform.
-
-We adhere to three primary style guides as our foundation:
-
- [Effective Go](https://go.dev/doc/effective_go) - For writing idiomatic Go code
- [Code Review Comments](https://go.dev/wiki/CodeReviewComments) - For understanding common comments in code reviews
- [Google Style Guide](https://google.github.io/styleguide/go/) - Additional practices from Google
-
-We **recommend** (almost enforce) reviewing these guides before contributing to the codebase. They provide valuable insights into writing idiomatic Go code and will help you understand our approach to backend development. In addition, we have a few additional rules that make certain areas stricter than the above which can be found in area-specific files in this package.
--- a/docs/contributing/go/sql.md
+++ b/docs/contributing/go/sql.md
@@ -1,94 +0,0 @@
-# SQL
-SigNoz utilizes a relational database to store metadata including organization information, user data and other settings.
-
-## How to use it?
-
-The database interface is defined in [SQLStore](/pkg/sqlstore/sqlstore.go). SigNoz leverages the Bun ORM to interact with the underlying database. To access the database instance, use the `BunDBCtx` function. For operations that require transactions across multiple database operations, use the `RunInTxCtx` function. This function embeds a transaction in the context, which propagates through various functions in the callback.
-
-```go
-type Thing struct {
-	bun.BaseModel
-
-	ID            types.Identifiable  `bun:",embed"`
-	SomeColumn    string              `bun:"some_column"`
-	TimeAuditable types.TimeAuditable `bun:",embed"`
-	OrgID         string              `bun:"org_id"`
-}
-
-func GetThing(ctx context.Context, id string) (*Thing, error) {
-	thing := new(Thing)
-	err := sqlstore.
-        BunDBCtx(ctx).
-        NewSelect().
-        Model(thing).
-        Where("id = ?", id).
-        Scan(ctx)
-
-    return thing, err
-}
-
-func CreateThing(ctx context.Context, thing *Thing) error {
-	return sqlstore.
-        BunDBCtx(ctx).
-        NewInsert().
-        Model(thing).
-        Exec(ctx)
-}
-```
-
-> 💡 **Note**: Always use line breaks while working with SQL queries to enhance code readability.
-
-> 💡 **Note**: Always use the `new` function to create new instances of structs.
-
-## What are hooks?
-
-Hooks are user-defined functions that execute before and/or after specific database operations. These hooks are particularly useful for generating telemetry data such as logs, traces, and metrics, providing visibility into database interactions. Hooks are defined in the [SQLStoreHook](/pkg/sqlstore/sqlstore.go) interface.
-
-## How is the schema designed?
-
-SigNoz implements a star schema design with the organizations table as the central entity. All other tables link to the organizations table via foreign key constraints on the `org_id` column. This design ensures that every entity within the system is either directly or indirectly associated with an organization.
-
-```mermaid
-erDiagram
-    ORGANIZATIONS {
-        string id PK
-        timestamp created_at
-        timestamp updated_at
-    }
-    ENTITY_A {
-        string id PK
-        timestamp created_at
-        timestamp updated_at
-        string org_id FK
-    }
-    ENTITY_B {
-        string id PK
-        timestamp created_at
-        timestamp updated_at
-        string org_id FK
-    }
-    
-    ORGANIZATIONS ||--o{ ENTITY_A : contains
-    ORGANIZATIONS ||--o{ ENTITY_B : contains
-```
-
-> 💡 **Note**: There are rare exceptions to the above star schema design. Consult with the maintainers before deviating from the above design.
-
-All tables follow a consistent primary key pattern using a `id` column (referenced by the `types.Identifiable` struct) and include `created_at` and `updated_at` columns (referenced by the `types.TimeAuditable` struct) for audit purposes.
-
-## How to write migrations?
-
-For schema migrations, use the [SQLMigration](/pkg/sqlmigration/sqlmigration.go) interface and write the migration in the same package. When creating migrations, adhere to these guidelines:
-
- Do not implement **`ON CASCADE` foreign key constraints**. Deletion operations should be handled explicitly in application logic rather than delegated to the database.
- Do not **import types from the types package** in the `sqlmigration` package. Instead, define the required types within the migration package itself. This practice ensures migration stability as the core types evolve over time.
- Do not implement **`Down` migrations**. As the codebase matures, we may introduce this capability, but for now, the `Down` function should remain empty.
- Always write **idempotent** migrations. This means that if the migration is run multiple times, it should not cause an error.
- A migration which is **dependent on the underlying dialect** (sqlite, postgres, etc) should be written as part of the [SQLDialect](/pkg/sqlstore/sqlstore.go) interface. The implementation needs to go in the dialect specific package of the respective database.
-
-## What should I remember?
-
- Use `BunDBCtx` and `RunInTxCtx` to access the database instance and execute transactions respectively.
- While designing new tables, ensure the consistency of `id`, `created_at`, `updated_at` and an `org_id` column with a foreign key constraint to the `organizations` table (unless the table serves as a transitive entity not directly associated with an organization but indirectly associated with one).
- Implement deletion logic in the application rather than relying on cascading deletes in the database.
- While writing migrations, adhere to the guidelines mentioned above.
--- a/docs/otel-demo-docs.md
+++ b/docs/otel-demo-docs.md
@@ -16,7 +16,7 @@ __Table of Contents__
  - [Prerequisites](#prerequisites-1)
  - [Install Helm Repo and Charts](#install-helm-repo-and-charts)
  - [Start the OpenTelemetry Demo App](#start-the-opentelemetry-demo-app-1)
-  - [Monitor with SigNoz (Kubernetes)](#monitor-with-signoz-kubernetes)
+  - [Moniitor with SigNoz (Kubernetes)](#monitor-with-signoz-kubernetes)
 - [What's next](#whats-next)


@@ -103,19 +103,9 @@ Remember to replace the region and ingestion key with proper values as obtained

 Both SigNoz and OTel demo app [frontend-proxy service, to be accurate] share common port allocation at 8080. To prevent port allocation conflicts, modify the OTel demo application config to use port 8081 as the `ENVOY_PORT` value as shown below, and run docker compose command.

-Also, both SigNoz and OTel Demo App have the same `PROMETHEUS_PORT` configured, by default both of them try to start at `9090`, which may cause either of them to fail depending upon which one acquires it first. To prevent this, we need to mofify the value of `PROMETHEUS_PORT` too.
-
-
 ```sh
-ENVOY_PORT=8081 PROMETHEUS_PORT=9091 docker compose up -d
+ENVOY_PORT=8081 docker compose up -d
 ```
-
-Alternatively, we can modify these values using the `.env` file too, which reduces the command as just:
-
-```sh
-docker compose up -d
-```
-
 This spins up multiple microservices, with OpenTelemetry instrumentation enabled. you can verify this by,
 ```sh
 docker compose ps -a
--- a/ee/anomaly/daily.go
+++ b/ee/anomaly/daily.go
@@ -1,34 +0,0 @@
-package anomaly
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type DailyProvider struct {
-	BaseSeasonalProvider
-}
-
-var _ BaseProvider = (*DailyProvider)(nil)
-
-func (dp *DailyProvider) GetBaseSeasonalProvider() *BaseSeasonalProvider {
-	return &dp.BaseSeasonalProvider
-}
-
-func NewDailyProvider(opts ...GenericProviderOption[*DailyProvider]) *DailyProvider {
-	dp := &DailyProvider{
-		BaseSeasonalProvider: BaseSeasonalProvider{},
-	}
-
-	for _, opt := range opts {
-		opt(dp)
-	}
-
-	return dp
-}
-
-func (p *DailyProvider) GetAnomalies(ctx context.Context, orgID valuer.UUID, req *AnomaliesRequest) (*AnomaliesResponse, error) {
-	req.Seasonality = SeasonalityDaily
-	return p.getAnomalies(ctx, orgID, req)
-}
--- a/ee/anomaly/hourly.go
+++ b/ee/anomaly/hourly.go
@@ -1,35 +0,0 @@
-package anomaly
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type HourlyProvider struct {
-	BaseSeasonalProvider
-}
-
-var _ BaseProvider = (*HourlyProvider)(nil)
-
-func (hp *HourlyProvider) GetBaseSeasonalProvider() *BaseSeasonalProvider {
-	return &hp.BaseSeasonalProvider
-}
-
-// NewHourlyProvider now uses the generic option type
-func NewHourlyProvider(opts ...GenericProviderOption[*HourlyProvider]) *HourlyProvider {
-	hp := &HourlyProvider{
-		BaseSeasonalProvider: BaseSeasonalProvider{},
-	}
-
-	for _, opt := range opts {
-		opt(hp)
-	}
-
-	return hp
-}
-
-func (p *HourlyProvider) GetAnomalies(ctx context.Context, orgID valuer.UUID, req *AnomaliesRequest) (*AnomaliesResponse, error) {
-	req.Seasonality = SeasonalityHourly
-	return p.getAnomalies(ctx, orgID, req)
-}
--- a/ee/anomaly/params.go
+++ b/ee/anomaly/params.go
@@ -1,223 +0,0 @@
-package anomaly
-
-import (
-	"time"
-
-	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Seasonality struct{ valuer.String }
-
-var (
-	SeasonalityHourly = Seasonality{valuer.NewString("hourly")}
-	SeasonalityDaily  = Seasonality{valuer.NewString("daily")}
-	SeasonalityWeekly = Seasonality{valuer.NewString("weekly")}
-)
-
-var (
-	oneWeekOffset = uint64(24 * 7 * time.Hour.Milliseconds())
-	oneDayOffset  = uint64(24 * time.Hour.Milliseconds())
-	oneHourOffset = uint64(time.Hour.Milliseconds())
-	fiveMinOffset = uint64(5 * time.Minute.Milliseconds())
-)
-
-func (s Seasonality) IsValid() bool {
-	switch s {
-	case SeasonalityHourly, SeasonalityDaily, SeasonalityWeekly:
-		return true
-	default:
-		return false
-	}
-}
-
-type AnomaliesRequest struct {
-	Params      qbtypes.QueryRangeRequest
-	Seasonality Seasonality
-}
-
-type AnomaliesResponse struct {
-	Results []*qbtypes.TimeSeriesData
-}
-
-// anomalyParams is the params for anomaly detection
-// prediction = avg(past_period_query) + avg(current_season_query) - mean(past_season_query, past2_season_query, past3_season_query)
-//
-//	                  ^                                  ^
-//		              |                                  |
-//			(rounded value for past peiod)    +      (seasonal growth)
-//
-// score = abs(value - prediction) / stddev (current_season_query)
-type anomalyQueryParams struct {
-	// CurrentPeriodQuery is the query range params for period user is looking at or eval window
-	// Example: (now-5m, now), (now-30m, now), (now-1h, now)
-	// The results obtained from this query are used to compare with predicted values
-	// and to detect anomalies
-	CurrentPeriodQuery qbtypes.QueryRangeRequest
-	// PastPeriodQuery is the query range params for past period of seasonality
-	// Example: For weekly seasonality, (now-1w-5m, now-1w)
-	//        : For daily seasonality, (now-1d-5m, now-1d)
-	//        : For hourly seasonality, (now-1h-5m, now-1h)
-	PastPeriodQuery qbtypes.QueryRangeRequest
-	// CurrentSeasonQuery is the query range params for current period (seasonal)
-	// Example: For weekly seasonality, this is the query range params for the (now-1w-5m, now)
-	//        : For daily seasonality, this is the query range params for the (now-1d-5m, now)
-	//        : For hourly seasonality, this is the query range params for the (now-1h-5m, now)
-	CurrentSeasonQuery qbtypes.QueryRangeRequest
-	// PastSeasonQuery is the query range params for past seasonal period to the current season
-	// Example: For weekly seasonality, this is the query range params for the (now-2w-5m, now-1w)
-	//        : For daily seasonality, this is the query range params for the (now-2d-5m, now-1d)
-	//        : For hourly seasonality, this is the query range params for the (now-2h-5m, now-1h)
-	PastSeasonQuery qbtypes.QueryRangeRequest
-	// Past2SeasonQuery is the query range params for past 2 seasonal period to the current season
-	// Example: For weekly seasonality, this is the query range params for the (now-3w-5m, now-2w)
-	//        : For daily seasonality, this is the query range params for the (now-3d-5m, now-2d)
-	//        : For hourly seasonality, this is the query range params for the (now-3h-5m, now-2h)
-	Past2SeasonQuery qbtypes.QueryRangeRequest
-	// Past3SeasonQuery is the query range params for past 3 seasonal period to the current season
-	// Example: For weekly seasonality, this is the query range params for the (now-4w-5m, now-3w)
-	//        : For daily seasonality, this is the query range params for the (now-4d-5m, now-3d)
-	//        : For hourly seasonality, this is the query range params for the (now-4h-5m, now-3h)
-	Past3SeasonQuery qbtypes.QueryRangeRequest
-}
-
-func prepareAnomalyQueryParams(req qbtypes.QueryRangeRequest, seasonality Seasonality) *anomalyQueryParams {
-	start := req.Start
-	end := req.End
-
-	currentPeriodQuery := qbtypes.QueryRangeRequest{
-		Start:          start,
-		End:            end,
-		RequestType:    qbtypes.RequestTypeTimeSeries,
-		CompositeQuery: req.CompositeQuery,
-		NoCache:        false,
-	}
-
-	var pastPeriodStart, pastPeriodEnd uint64
-
-	switch seasonality {
-	// for one week period, we fetch the data from the past week with 5 min offset
-	case SeasonalityWeekly:
-		pastPeriodStart = start - oneWeekOffset - fiveMinOffset
-		pastPeriodEnd = end - oneWeekOffset
-	// for one day period, we fetch the data from the past day with 5 min offset
-	case SeasonalityDaily:
-		pastPeriodStart = start - oneDayOffset - fiveMinOffset
-		pastPeriodEnd = end - oneDayOffset
-	// for one hour period, we fetch the data from the past hour with 5 min offset
-	case SeasonalityHourly:
-		pastPeriodStart = start - oneHourOffset - fiveMinOffset
-		pastPeriodEnd = end - oneHourOffset
-	}
-
-	pastPeriodQuery := qbtypes.QueryRangeRequest{
-		Start:          pastPeriodStart,
-		End:            pastPeriodEnd,
-		RequestType:    qbtypes.RequestTypeTimeSeries,
-		CompositeQuery: req.CompositeQuery,
-		NoCache:        false,
-	}
-
-	// seasonality growth trend
-	var currentGrowthPeriodStart, currentGrowthPeriodEnd uint64
-	switch seasonality {
-	case SeasonalityWeekly:
-		currentGrowthPeriodStart = start - oneWeekOffset
-		currentGrowthPeriodEnd = start
-	case SeasonalityDaily:
-		currentGrowthPeriodStart = start - oneDayOffset
-		currentGrowthPeriodEnd = start
-	case SeasonalityHourly:
-		currentGrowthPeriodStart = start - oneHourOffset
-		currentGrowthPeriodEnd = start
-	}
-
-	currentGrowthQuery := qbtypes.QueryRangeRequest{
-		Start:          currentGrowthPeriodStart,
-		End:            currentGrowthPeriodEnd,
-		RequestType:    qbtypes.RequestTypeTimeSeries,
-		CompositeQuery: req.CompositeQuery,
-		NoCache:        false,
-	}
-
-	var pastGrowthPeriodStart, pastGrowthPeriodEnd uint64
-	switch seasonality {
-	case SeasonalityWeekly:
-		pastGrowthPeriodStart = start - 2*oneWeekOffset
-		pastGrowthPeriodEnd = start - 1*oneWeekOffset
-	case SeasonalityDaily:
-		pastGrowthPeriodStart = start - 2*oneDayOffset
-		pastGrowthPeriodEnd = start - 1*oneDayOffset
-	case SeasonalityHourly:
-		pastGrowthPeriodStart = start - 2*oneHourOffset
-		pastGrowthPeriodEnd = start - 1*oneHourOffset
-	}
-
-	pastGrowthQuery := qbtypes.QueryRangeRequest{
-		Start:          pastGrowthPeriodStart,
-		End:            pastGrowthPeriodEnd,
-		RequestType:    qbtypes.RequestTypeTimeSeries,
-		CompositeQuery: req.CompositeQuery,
-		NoCache:        false,
-	}
-
-	var past2GrowthPeriodStart, past2GrowthPeriodEnd uint64
-	switch seasonality {
-	case SeasonalityWeekly:
-		past2GrowthPeriodStart = start - 3*oneWeekOffset
-		past2GrowthPeriodEnd = start - 2*oneWeekOffset
-	case SeasonalityDaily:
-		past2GrowthPeriodStart = start - 3*oneDayOffset
-		past2GrowthPeriodEnd = start - 2*oneDayOffset
-	case SeasonalityHourly:
-		past2GrowthPeriodStart = start - 3*oneHourOffset
-		past2GrowthPeriodEnd = start - 2*oneHourOffset
-	}
-
-	past2GrowthQuery := qbtypes.QueryRangeRequest{
-		Start:          past2GrowthPeriodStart,
-		End:            past2GrowthPeriodEnd,
-		RequestType:    qbtypes.RequestTypeTimeSeries,
-		CompositeQuery: req.CompositeQuery,
-		NoCache:        false,
-	}
-
-	var past3GrowthPeriodStart, past3GrowthPeriodEnd uint64
-	switch seasonality {
-	case SeasonalityWeekly:
-		past3GrowthPeriodStart = start - 4*oneWeekOffset
-		past3GrowthPeriodEnd = start - 3*oneWeekOffset
-	case SeasonalityDaily:
-		past3GrowthPeriodStart = start - 4*oneDayOffset
-		past3GrowthPeriodEnd = start - 3*oneDayOffset
-	case SeasonalityHourly:
-		past3GrowthPeriodStart = start - 4*oneHourOffset
-		past3GrowthPeriodEnd = start - 3*oneHourOffset
-	}
-
-	past3GrowthQuery := qbtypes.QueryRangeRequest{
-		Start:          past3GrowthPeriodStart,
-		End:            past3GrowthPeriodEnd,
-		RequestType:    qbtypes.RequestTypeTimeSeries,
-		CompositeQuery: req.CompositeQuery,
-		NoCache:        false,
-	}
-
-	return &anomalyQueryParams{
-		CurrentPeriodQuery: currentPeriodQuery,
-		PastPeriodQuery:    pastPeriodQuery,
-		CurrentSeasonQuery: currentGrowthQuery,
-		PastSeasonQuery:    pastGrowthQuery,
-		Past2SeasonQuery:   past2GrowthQuery,
-		Past3SeasonQuery:   past3GrowthQuery,
-	}
-}
-
-type anomalyQueryResults struct {
-	CurrentPeriodResults []*qbtypes.TimeSeriesData
-	PastPeriodResults    []*qbtypes.TimeSeriesData
-	CurrentSeasonResults []*qbtypes.TimeSeriesData
-	PastSeasonResults    []*qbtypes.TimeSeriesData
-	Past2SeasonResults   []*qbtypes.TimeSeriesData
-	Past3SeasonResults   []*qbtypes.TimeSeriesData
-}
--- a/ee/anomaly/provider.go
+++ b/ee/anomaly/provider.go
@@ -1,11 +0,0 @@
-package anomaly
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Provider interface {
-	GetAnomalies(ctx context.Context, orgID valuer.UUID, req *AnomaliesRequest) (*AnomaliesResponse, error)
-}
--- a/ee/anomaly/seasonal.go
+++ b/ee/anomaly/seasonal.go
@@ -1,465 +0,0 @@
-package anomaly
-
-import (
-	"context"
-	"log/slog"
-	"math"
-
-	"github.com/SigNoz/signoz/pkg/querier"
-	"github.com/SigNoz/signoz/pkg/valuer"
-
-	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
-)
-
-var (
-	// TODO(srikanthccv): make this configurable?
-	movingAvgWindowSize = 7
-)
-
-// BaseProvider is an interface that includes common methods for all provider types
-type BaseProvider interface {
-	GetBaseSeasonalProvider() *BaseSeasonalProvider
-}
-
-// GenericProviderOption is a generic type for provider options
-type GenericProviderOption[T BaseProvider] func(T)
-
-func WithQuerier[T BaseProvider](querier querier.Querier) GenericProviderOption[T] {
-	return func(p T) {
-		p.GetBaseSeasonalProvider().querier = querier
-	}
-}
-
-func WithLogger[T BaseProvider](logger *slog.Logger) GenericProviderOption[T] {
-	return func(p T) {
-		p.GetBaseSeasonalProvider().logger = logger
-	}
-}
-
-type BaseSeasonalProvider struct {
-	querier querier.Querier
-	logger  *slog.Logger
-}
-
-func (p *BaseSeasonalProvider) getQueryParams(req *AnomaliesRequest) *anomalyQueryParams {
-	if !req.Seasonality.IsValid() {
-		req.Seasonality = SeasonalityDaily
-	}
-	return prepareAnomalyQueryParams(req.Params, req.Seasonality)
-}
-
-func (p *BaseSeasonalProvider) toTSResults(ctx context.Context, resp *qbtypes.QueryRangeResponse) []*qbtypes.TimeSeriesData {
-
-	tsData := []*qbtypes.TimeSeriesData{}
-
-	if resp == nil {
-		p.logger.InfoContext(ctx, "nil response from query range")
-		return tsData
-	}
-
-	for _, item := range resp.Data.Results {
-		if resultData, ok := item.(*qbtypes.TimeSeriesData); ok {
-			tsData = append(tsData, resultData)
-		}
-	}
-
-	return tsData
-}
-
-func (p *BaseSeasonalProvider) getResults(ctx context.Context, orgID valuer.UUID, params *anomalyQueryParams) (*anomalyQueryResults, error) {
-	// TODO(srikanthccv): parallelize this?
-	p.logger.InfoContext(ctx, "fetching results for current period", "anomaly_current_period_query", params.CurrentPeriodQuery)
-	currentPeriodResults, err := p.querier.QueryRange(ctx, orgID, &params.CurrentPeriodQuery)
-	if err != nil {
-		return nil, err
-	}
-
-	p.logger.InfoContext(ctx, "fetching results for past period", "anomaly_past_period_query", params.PastPeriodQuery)
-	pastPeriodResults, err := p.querier.QueryRange(ctx, orgID, &params.PastPeriodQuery)
-	if err != nil {
-		return nil, err
-	}
-
-	p.logger.InfoContext(ctx, "fetching results for current season", "anomaly_current_season_query", params.CurrentSeasonQuery)
-	currentSeasonResults, err := p.querier.QueryRange(ctx, orgID, &params.CurrentSeasonQuery)
-	if err != nil {
-		return nil, err
-	}
-
-	p.logger.InfoContext(ctx, "fetching results for past season", "anomaly_past_season_query", params.PastSeasonQuery)
-	pastSeasonResults, err := p.querier.QueryRange(ctx, orgID, &params.PastSeasonQuery)
-	if err != nil {
-		return nil, err
-	}
-
-	p.logger.InfoContext(ctx, "fetching results for past 2 season", "anomaly_past_2season_query", params.Past2SeasonQuery)
-	past2SeasonResults, err := p.querier.QueryRange(ctx, orgID, &params.Past2SeasonQuery)
-	if err != nil {
-		return nil, err
-	}
-
-	p.logger.InfoContext(ctx, "fetching results for past 3 season", "anomaly_past_3season_query", params.Past3SeasonQuery)
-	past3SeasonResults, err := p.querier.QueryRange(ctx, orgID, &params.Past3SeasonQuery)
-	if err != nil {
-		return nil, err
-	}
-
-	return &anomalyQueryResults{
-		CurrentPeriodResults: p.toTSResults(ctx, currentPeriodResults),
-		PastPeriodResults:    p.toTSResults(ctx, pastPeriodResults),
-		CurrentSeasonResults: p.toTSResults(ctx, currentSeasonResults),
-		PastSeasonResults:    p.toTSResults(ctx, pastSeasonResults),
-		Past2SeasonResults:   p.toTSResults(ctx, past2SeasonResults),
-		Past3SeasonResults:   p.toTSResults(ctx, past3SeasonResults),
-	}, nil
-}
-
-// getMatchingSeries gets the matching series from the query result
-// for the given series
-func (p *BaseSeasonalProvider) getMatchingSeries(_ context.Context, queryResult *qbtypes.TimeSeriesData, series *qbtypes.TimeSeries) *qbtypes.TimeSeries {
-	if queryResult == nil || len(queryResult.Aggregations) == 0 || len(queryResult.Aggregations[0].Series) == 0 {
-		return nil
-	}
-
-	for _, curr := range queryResult.Aggregations[0].Series {
-		currLabelsKey := qbtypes.GetUniqueSeriesKey(curr.Labels)
-		seriesLabelsKey := qbtypes.GetUniqueSeriesKey(series.Labels)
-		if currLabelsKey == seriesLabelsKey {
-			return curr
-		}
-	}
-	return nil
-}
-
-func (p *BaseSeasonalProvider) getAvg(series *qbtypes.TimeSeries) float64 {
-	if series == nil || len(series.Values) == 0 {
-		return 0
-	}
-	var sum float64
-	for _, smpl := range series.Values {
-		sum += smpl.Value
-	}
-	return sum / float64(len(series.Values))
-}
-
-func (p *BaseSeasonalProvider) getStdDev(series *qbtypes.TimeSeries) float64 {
-	if series == nil || len(series.Values) == 0 {
-		return 0
-	}
-	avg := p.getAvg(series)
-	var sum float64
-	for _, smpl := range series.Values {
-		sum += math.Pow(smpl.Value-avg, 2)
-	}
-	return math.Sqrt(sum / float64(len(series.Values)))
-}
-
-// getMovingAvg gets the moving average for the given series
-// for the given window size and start index
-func (p *BaseSeasonalProvider) getMovingAvg(series *qbtypes.TimeSeries, movingAvgWindowSize, startIdx int) float64 {
-	if series == nil || len(series.Values) == 0 {
-		return 0
-	}
-	if startIdx >= len(series.Values)-movingAvgWindowSize {
-		startIdx = int(math.Max(0, float64(len(series.Values)-movingAvgWindowSize)))
-	}
-	var sum float64
-	points := series.Values[startIdx:]
-	windowSize := int(math.Min(float64(movingAvgWindowSize), float64(len(points))))
-	for i := 0; i < windowSize; i++ {
-		sum += points[i].Value
-	}
-	avg := sum / float64(windowSize)
-	return avg
-}
-
-func (p *BaseSeasonalProvider) getMean(floats ...float64) float64 {
-	if len(floats) == 0 {
-		return 0
-	}
-	var sum float64
-	for _, f := range floats {
-		sum += f
-	}
-	return sum / float64(len(floats))
-}
-
-func (p *BaseSeasonalProvider) getPredictedSeries(
-	ctx context.Context,
-	series, prevSeries, currentSeasonSeries, pastSeasonSeries, past2SeasonSeries, past3SeasonSeries *qbtypes.TimeSeries,
-) *qbtypes.TimeSeries {
-	predictedSeries := &qbtypes.TimeSeries{
-		Labels: series.Labels,
-		Values: make([]*qbtypes.TimeSeriesValue, 0),
-	}
-
-	// for each point in the series, get the predicted value
-	// the predicted value is the moving average (with window size = 7) of the previous period series
-	// plus the average of the current season series
-	// minus the mean of the past season series, past2 season series and past3 season series
-	for idx, curr := range series.Values {
-		movingAvg := p.getMovingAvg(prevSeries, movingAvgWindowSize, idx)
-		avg := p.getAvg(currentSeasonSeries)
-		mean := p.getMean(p.getAvg(pastSeasonSeries), p.getAvg(past2SeasonSeries), p.getAvg(past3SeasonSeries))
-		predictedValue := movingAvg + avg - mean
-
-		if predictedValue < 0 {
-			// this should not happen (except when the data has extreme outliers)
-			// we will use the moving avg of the previous period series in this case
-			p.logger.WarnContext(ctx, "predicted value is less than 0 for series", "anomaly_predicted_value", predictedValue, "anomaly_labels", series.Labels)
-			predictedValue = p.getMovingAvg(prevSeries, movingAvgWindowSize, idx)
-		}
-
-		p.logger.DebugContext(ctx, "predicted value for series",
-			"anomaly_moving_avg", movingAvg,
-			"anomaly_avg", avg,
-			"anomaly_mean", mean,
-			"anomaly_labels", series.Labels,
-			"anomaly_predicted_value", predictedValue,
-			"anomaly_curr", curr.Value,
-		)
-		predictedSeries.Values = append(predictedSeries.Values, &qbtypes.TimeSeriesValue{
-			Timestamp: curr.Timestamp,
-			Value:     predictedValue,
-		})
-	}
-
-	return predictedSeries
-}
-
-// getBounds gets the upper and lower bounds for the given series
-// for the given z score threshold
-// moving avg of the previous period series + z score threshold * std dev of the series
-// moving avg of the previous period series - z score threshold * std dev of the series
-func (p *BaseSeasonalProvider) getBounds(
-	series, predictedSeries, weekSeries *qbtypes.TimeSeries,
-	zScoreThreshold float64,
-) (*qbtypes.TimeSeries, *qbtypes.TimeSeries) {
-	upperBoundSeries := &qbtypes.TimeSeries{
-		Labels: series.Labels,
-		Values: make([]*qbtypes.TimeSeriesValue, 0),
-	}
-
-	lowerBoundSeries := &qbtypes.TimeSeries{
-		Labels: series.Labels,
-		Values: make([]*qbtypes.TimeSeriesValue, 0),
-	}
-
-	for idx, curr := range series.Values {
-		upperBound := p.getMovingAvg(predictedSeries, movingAvgWindowSize, idx) + zScoreThreshold*p.getStdDev(weekSeries)
-		lowerBound := p.getMovingAvg(predictedSeries, movingAvgWindowSize, idx) - zScoreThreshold*p.getStdDev(weekSeries)
-		upperBoundSeries.Values = append(upperBoundSeries.Values, &qbtypes.TimeSeriesValue{
-			Timestamp: curr.Timestamp,
-			Value:     upperBound,
-		})
-		lowerBoundSeries.Values = append(lowerBoundSeries.Values, &qbtypes.TimeSeriesValue{
-			Timestamp: curr.Timestamp,
-			Value:     math.Max(lowerBound, 0),
-		})
-	}
-
-	return upperBoundSeries, lowerBoundSeries
-}
-
-// getExpectedValue gets the expected value for the given series
-// for the given index
-// prevSeriesAvg + currentSeasonSeriesAvg - mean of past season series, past2 season series and past3 season series
-func (p *BaseSeasonalProvider) getExpectedValue(
-	_, prevSeries, currentSeasonSeries, pastSeasonSeries, past2SeasonSeries, past3SeasonSeries *qbtypes.TimeSeries, idx int,
-) float64 {
-	prevSeriesAvg := p.getMovingAvg(prevSeries, movingAvgWindowSize, idx)
-	currentSeasonSeriesAvg := p.getAvg(currentSeasonSeries)
-	pastSeasonSeriesAvg := p.getAvg(pastSeasonSeries)
-	past2SeasonSeriesAvg := p.getAvg(past2SeasonSeries)
-	past3SeasonSeriesAvg := p.getAvg(past3SeasonSeries)
-	return prevSeriesAvg + currentSeasonSeriesAvg - p.getMean(pastSeasonSeriesAvg, past2SeasonSeriesAvg, past3SeasonSeriesAvg)
-}
-
-// getScore gets the anomaly score for the given series
-// for the given index
-// (value - expectedValue) / std dev of the series
-func (p *BaseSeasonalProvider) getScore(
-	series, prevSeries, weekSeries, weekPrevSeries, past2SeasonSeries, past3SeasonSeries *qbtypes.TimeSeries, value float64, idx int,
-) float64 {
-	expectedValue := p.getExpectedValue(series, prevSeries, weekSeries, weekPrevSeries, past2SeasonSeries, past3SeasonSeries, idx)
-	if expectedValue < 0 {
-		expectedValue = p.getMovingAvg(prevSeries, movingAvgWindowSize, idx)
-	}
-	return (value - expectedValue) / p.getStdDev(weekSeries)
-}
-
-// getAnomalyScores gets the anomaly scores for the given series
-// for the given index
-// (value - expectedValue) / std dev of the series
-func (p *BaseSeasonalProvider) getAnomalyScores(
-	series, prevSeries, currentSeasonSeries, pastSeasonSeries, past2SeasonSeries, past3SeasonSeries *qbtypes.TimeSeries,
-) *qbtypes.TimeSeries {
-	anomalyScoreSeries := &qbtypes.TimeSeries{
-		Labels: series.Labels,
-		Values: make([]*qbtypes.TimeSeriesValue, 0),
-	}
-
-	for idx, curr := range series.Values {
-		anomalyScore := p.getScore(series, prevSeries, currentSeasonSeries, pastSeasonSeries, past2SeasonSeries, past3SeasonSeries, curr.Value, idx)
-		anomalyScoreSeries.Values = append(anomalyScoreSeries.Values, &qbtypes.TimeSeriesValue{
-			Timestamp: curr.Timestamp,
-			Value:     anomalyScore,
-		})
-	}
-
-	return anomalyScoreSeries
-}
-
-func (p *BaseSeasonalProvider) getAnomalies(ctx context.Context, orgID valuer.UUID, req *AnomaliesRequest) (*AnomaliesResponse, error) {
-	anomalyParams := p.getQueryParams(req)
-	anomalyQueryResults, err := p.getResults(ctx, orgID, anomalyParams)
-	if err != nil {
-		return nil, err
-	}
-
-	currentPeriodResults := make(map[string]*qbtypes.TimeSeriesData)
-	for _, result := range anomalyQueryResults.CurrentPeriodResults {
-		currentPeriodResults[result.QueryName] = result
-	}
-
-	pastPeriodResults := make(map[string]*qbtypes.TimeSeriesData)
-	for _, result := range anomalyQueryResults.PastPeriodResults {
-		pastPeriodResults[result.QueryName] = result
-	}
-
-	currentSeasonResults := make(map[string]*qbtypes.TimeSeriesData)
-	for _, result := range anomalyQueryResults.CurrentSeasonResults {
-		currentSeasonResults[result.QueryName] = result
-	}
-
-	pastSeasonResults := make(map[string]*qbtypes.TimeSeriesData)
-	for _, result := range anomalyQueryResults.PastSeasonResults {
-		pastSeasonResults[result.QueryName] = result
-	}
-
-	past2SeasonResults := make(map[string]*qbtypes.TimeSeriesData)
-	for _, result := range anomalyQueryResults.Past2SeasonResults {
-		past2SeasonResults[result.QueryName] = result
-	}
-
-	past3SeasonResults := make(map[string]*qbtypes.TimeSeriesData)
-	for _, result := range anomalyQueryResults.Past3SeasonResults {
-		past3SeasonResults[result.QueryName] = result
-	}
-
-	for _, result := range currentPeriodResults {
-		funcs := req.Params.FuncsForQuery(result.QueryName)
-
-		var zScoreThreshold float64
-		for _, f := range funcs {
-			if f.Name == qbtypes.FunctionNameAnomaly {
-				for _, arg := range f.Args {
-					if arg.Name != "z_score_threshold" {
-						continue
-					}
-					value, ok := arg.Value.(float64)
-					if ok {
-						zScoreThreshold = value
-					} else {
-						p.logger.InfoContext(ctx, "z_score_threshold not provided, defaulting")
-						zScoreThreshold = 3
-					}
-					break
-				}
-			}
-		}
-
-		pastPeriodResult, ok := pastPeriodResults[result.QueryName]
-		if !ok {
-			continue
-		}
-		currentSeasonResult, ok := currentSeasonResults[result.QueryName]
-		if !ok {
-			continue
-		}
-		pastSeasonResult, ok := pastSeasonResults[result.QueryName]
-		if !ok {
-			continue
-		}
-		past2SeasonResult, ok := past2SeasonResults[result.QueryName]
-		if !ok {
-			continue
-		}
-		past3SeasonResult, ok := past3SeasonResults[result.QueryName]
-		if !ok {
-			continue
-		}
-
-		// no data;
-		if len(result.Aggregations) == 0 {
-			continue
-		}
-
-		aggOfInterest := result.Aggregations[0]
-
-		for _, series := range aggOfInterest.Series {
-
-			pastPeriodSeries := p.getMatchingSeries(ctx, pastPeriodResult, series)
-			currentSeasonSeries := p.getMatchingSeries(ctx, currentSeasonResult, series)
-			pastSeasonSeries := p.getMatchingSeries(ctx, pastSeasonResult, series)
-			past2SeasonSeries := p.getMatchingSeries(ctx, past2SeasonResult, series)
-			past3SeasonSeries := p.getMatchingSeries(ctx, past3SeasonResult, series)
-
-			stdDev := p.getStdDev(currentSeasonSeries)
-			p.logger.InfoContext(ctx, "calculated standard deviation for series", "anomaly_std_dev", stdDev, "anomaly_labels", series.Labels)
-
-			prevSeriesAvg := p.getAvg(pastPeriodSeries)
-			currentSeasonSeriesAvg := p.getAvg(currentSeasonSeries)
-			pastSeasonSeriesAvg := p.getAvg(pastSeasonSeries)
-			past2SeasonSeriesAvg := p.getAvg(past2SeasonSeries)
-			past3SeasonSeriesAvg := p.getAvg(past3SeasonSeries)
-			p.logger.InfoContext(ctx, "calculated mean for series",
-				"anomaly_prev_series_avg", prevSeriesAvg,
-				"anomaly_current_season_series_avg", currentSeasonSeriesAvg,
-				"anomaly_past_season_series_avg", pastSeasonSeriesAvg,
-				"anomaly_past_2season_series_avg", past2SeasonSeriesAvg,
-				"anomaly_past_3season_series_avg", past3SeasonSeriesAvg,
-				"anomaly_labels", series.Labels,
-			)
-
-			predictedSeries := p.getPredictedSeries(
-				ctx,
-				series,
-				pastPeriodSeries,
-				currentSeasonSeries,
-				pastSeasonSeries,
-				past2SeasonSeries,
-				past3SeasonSeries,
-			)
-			aggOfInterest.PredictedSeries = append(aggOfInterest.PredictedSeries, predictedSeries)
-
-			upperBoundSeries, lowerBoundSeries := p.getBounds(
-				series,
-				predictedSeries,
-				currentSeasonSeries,
-				zScoreThreshold,
-			)
-			aggOfInterest.UpperBoundSeries = append(aggOfInterest.UpperBoundSeries, upperBoundSeries)
-			aggOfInterest.LowerBoundSeries = append(aggOfInterest.LowerBoundSeries, lowerBoundSeries)
-
-			anomalyScoreSeries := p.getAnomalyScores(
-				series,
-				pastPeriodSeries,
-				currentSeasonSeries,
-				pastSeasonSeries,
-				past2SeasonSeries,
-				past3SeasonSeries,
-			)
-			aggOfInterest.AnomalyScores = append(aggOfInterest.AnomalyScores, anomalyScoreSeries)
-		}
-	}
-
-	results := make([]*qbtypes.TimeSeriesData, 0, len(currentPeriodResults))
-	for _, result := range currentPeriodResults {
-		results = append(results, result)
-	}
-
-	return &AnomaliesResponse{
-		Results: results,
-	}, nil
-}
--- a/ee/anomaly/weekly.go
+++ b/ee/anomaly/weekly.go
@@ -1,34 +0,0 @@
-package anomaly
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type WeeklyProvider struct {
-	BaseSeasonalProvider
-}
-
-var _ BaseProvider = (*WeeklyProvider)(nil)
-
-func (wp *WeeklyProvider) GetBaseSeasonalProvider() *BaseSeasonalProvider {
-	return &wp.BaseSeasonalProvider
-}
-
-func NewWeeklyProvider(opts ...GenericProviderOption[*WeeklyProvider]) *WeeklyProvider {
-	wp := &WeeklyProvider{
-		BaseSeasonalProvider: BaseSeasonalProvider{},
-	}
-
-	for _, opt := range opts {
-		opt(wp)
-	}
-
-	return wp
-}
-
-func (p *WeeklyProvider) GetAnomalies(ctx context.Context, orgID valuer.UUID, req *AnomaliesRequest) (*AnomaliesResponse, error) {
-	req.Seasonality = SeasonalityWeekly
-	return p.getAnomalies(ctx, orgID, req)
-}
--- a/ee/authn/callbackauthn/oidccallbackauthn/authn.go
+++ b/ee/authn/callbackauthn/oidccallbackauthn/authn.go
@@ -1,191 +0,0 @@
-package oidccallbackauthn
-
-import (
-	"context"
-	"net/url"
-
-	"github.com/SigNoz/signoz/pkg/authn"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/http/client"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/coreos/go-oidc/v3/oidc"
-	"golang.org/x/oauth2"
-)
-
-const (
-	redirectPath string = "/api/v1/complete/oidc"
-)
-
-var (
-	scopes []string = []string{"email", oidc.ScopeOpenID}
-)
-
-var _ authn.CallbackAuthN = (*AuthN)(nil)
-
-type AuthN struct {
-	store      authtypes.AuthNStore
-	licensing  licensing.Licensing
-	httpClient *client.Client
-}
-
-func New(store authtypes.AuthNStore, licensing licensing.Licensing, providerSettings factory.ProviderSettings) (*AuthN, error) {
-	httpClient, err := client.New(providerSettings.Logger, providerSettings.TracerProvider, providerSettings.MeterProvider)
-	if err != nil {
-		return nil, err
-	}
-
-	return &AuthN{
-		store:      store,
-		licensing:  licensing,
-		httpClient: httpClient,
-	}, nil
-}
-
-func (a *AuthN) LoginURL(ctx context.Context, siteURL *url.URL, authDomain *authtypes.AuthDomain) (string, error) {
-	if authDomain.AuthDomainConfig().AuthNProvider != authtypes.AuthNProviderOIDC {
-		return "", errors.Newf(errors.TypeInternal, authtypes.ErrCodeAuthDomainMismatch, "domain type is not oidc")
-	}
-
-	_, oauth2Config, err := a.oidcProviderAndoauth2Config(ctx, siteURL, authDomain)
-	if err != nil {
-		return "", err
-	}
-
-	return oauth2Config.AuthCodeURL(authtypes.NewState(siteURL, authDomain.StorableAuthDomain().ID).URL.String()), nil
-}
-
-func (a *AuthN) HandleCallback(ctx context.Context, query url.Values) (*authtypes.CallbackIdentity, error) {
-	if err := query.Get("error"); err != "" {
-		return nil, errors.Newf(errors.TypeInternal, errors.CodeInternal, "oidc: error while authenticating").WithAdditional(query.Get("error_description"))
-	}
-
-	state, err := authtypes.NewStateFromString(query.Get("state"))
-	if err != nil {
-		return nil, errors.Newf(errors.TypeInvalidInput, authtypes.ErrCodeInvalidState, "oidc: invalid state").WithAdditional(err.Error())
-	}
-
-	authDomain, err := a.store.GetAuthDomainFromID(ctx, state.DomainID)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = a.licensing.GetActive(ctx, authDomain.StorableAuthDomain().OrgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	oidcProvider, oauth2Config, err := a.oidcProviderAndoauth2Config(ctx, state.URL, authDomain)
-	if err != nil {
-		return nil, err
-	}
-
-	ctx = context.WithValue(ctx, oauth2.HTTPClient, a.httpClient.Client())
-	token, err := oauth2Config.Exchange(ctx, query.Get("code"))
-	if err != nil {
-		var retrieveError *oauth2.RetrieveError
-		if errors.As(err, &retrieveError) {
-			return nil, errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "oidc: failed to get token").WithAdditional(retrieveError.ErrorDescription).WithAdditional(string(retrieveError.Body))
-		}
-
-		return nil, errors.Newf(errors.TypeInternal, errors.CodeInternal, "oidc: failed to get token").WithAdditional(err.Error())
-	}
-
-	claims, err := a.claimsFromIDToken(ctx, authDomain, oidcProvider, token)
-	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
-		return nil, err
-	}
-
-	if claims == nil && authDomain.AuthDomainConfig().OIDC.GetUserInfo {
-		claims, err = a.claimsFromUserInfo(ctx, oidcProvider, token)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	emailClaim, ok := claims[authDomain.AuthDomainConfig().OIDC.ClaimMapping.Email].(string)
-	if !ok {
-		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "oidc: missing email in claims")
-	}
-
-	email, err := valuer.NewEmail(emailClaim)
-	if err != nil {
-		return nil, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "oidc: failed to parse email").WithAdditional(err.Error())
-	}
-
-	if !authDomain.AuthDomainConfig().OIDC.InsecureSkipEmailVerified {
-		emailVerifiedClaim, ok := claims["email_verified"].(bool)
-		if !ok {
-			return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "oidc: missing email_verified in claims")
-		}
-
-		if !emailVerifiedClaim {
-			return nil, errors.New(errors.TypeForbidden, errors.CodeForbidden, "oidc: email is not verified")
-		}
-	}
-
-	return authtypes.NewCallbackIdentity("", email, authDomain.StorableAuthDomain().OrgID, state), nil
-}
-
-func (a *AuthN) oidcProviderAndoauth2Config(ctx context.Context, siteURL *url.URL, authDomain *authtypes.AuthDomain) (*oidc.Provider, *oauth2.Config, error) {
-	if authDomain.AuthDomainConfig().OIDC.IssuerAlias != "" {
-		ctx = oidc.InsecureIssuerURLContext(ctx, authDomain.AuthDomainConfig().OIDC.IssuerAlias)
-	}
-
-	oidcProvider, err := oidc.NewProvider(ctx, authDomain.AuthDomainConfig().OIDC.Issuer)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	return oidcProvider, &oauth2.Config{
-		ClientID:     authDomain.AuthDomainConfig().OIDC.ClientID,
-		ClientSecret: authDomain.AuthDomainConfig().OIDC.ClientSecret,
-		Endpoint:     oidcProvider.Endpoint(),
-		Scopes:       scopes,
-		RedirectURL: (&url.URL{
-			Scheme: siteURL.Scheme,
-			Host:   siteURL.Host,
-			Path:   redirectPath,
-		}).String(),
-	}, nil
-}
-
-func (a *AuthN) claimsFromIDToken(ctx context.Context, authDomain *authtypes.AuthDomain, provider *oidc.Provider, token *oauth2.Token) (map[string]any, error) {
-	rawIDToken, ok := token.Extra("id_token").(string)
-	if !ok {
-		return nil, errors.New(errors.TypeNotFound, errors.CodeNotFound, "oidc: no id_token in token response")
-	}
-
-	verifier := provider.Verifier(&oidc.Config{ClientID: authDomain.AuthDomainConfig().OIDC.ClientID})
-	idToken, err := verifier.Verify(ctx, rawIDToken)
-	if err != nil {
-		return nil, errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "oidc: failed to verify token").WithAdditional(err.Error())
-	}
-
-	var claims map[string]any
-	if err := idToken.Claims(&claims); err != nil {
-		return nil, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "oidc: failed to decode claims").WithAdditional(err.Error())
-	}
-
-	return claims, nil
-}
-
-func (a *AuthN) claimsFromUserInfo(ctx context.Context, provider *oidc.Provider, token *oauth2.Token) (map[string]any, error) {
-	var claims map[string]any
-
-	userInfo, err := provider.UserInfo(ctx, oauth2.StaticTokenSource(&oauth2.Token{
-		AccessToken: token.AccessToken,
-		TokenType:   "Bearer", // The UserInfo endpoint requires a bearer token as per RFC6750
-	}))
-	if err != nil {
-		return nil, errors.Newf(errors.TypeInternal, errors.CodeInternal, "oidc: failed to get user info").WithAdditional(err.Error())
-	}
-
-	if err := userInfo.Claims(&claims); err != nil {
-		return nil, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "oidc: failed to decode claims").WithAdditional(err.Error())
-	}
-
-	return claims, nil
-}
--- a/ee/authn/callbackauthn/samlcallbackauthn/authn.go
+++ b/ee/authn/callbackauthn/samlcallbackauthn/authn.go
@@ -1,155 +0,0 @@
-package samlcallbackauthn
-
-import (
-	"context"
-	"crypto/x509"
-	"encoding/base64"
-	"encoding/pem"
-	"net/url"
-	"strings"
-
-	"github.com/SigNoz/signoz/pkg/authn"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	saml2 "github.com/russellhaering/gosaml2"
-	dsig "github.com/russellhaering/goxmldsig"
-)
-
-const (
-	redirectPath string = "/api/v1/complete/saml"
-)
-
-var _ authn.CallbackAuthN = (*AuthN)(nil)
-
-type AuthN struct {
-	store     authtypes.AuthNStore
-	licensing licensing.Licensing
-}
-
-func New(ctx context.Context, store authtypes.AuthNStore, licensing licensing.Licensing) (*AuthN, error) {
-	return &AuthN{
-		store:     store,
-		licensing: licensing,
-	}, nil
-}
-
-func (a *AuthN) LoginURL(ctx context.Context, siteURL *url.URL, authDomain *authtypes.AuthDomain) (string, error) {
-	if authDomain.AuthDomainConfig().AuthNProvider != authtypes.AuthNProviderSAML {
-		return "", errors.Newf(errors.TypeInternal, authtypes.ErrCodeAuthDomainMismatch, "saml: domain type is not saml")
-	}
-
-	sp, err := a.serviceProvider(siteURL, authDomain)
-	if err != nil {
-		return "", err
-	}
-
-	url, err := sp.BuildAuthURL(authtypes.NewState(siteURL, authDomain.StorableAuthDomain().ID).URL.String())
-	if err != nil {
-		return "", err
-	}
-
-	return url, nil
-}
-
-func (a *AuthN) HandleCallback(ctx context.Context, formValues url.Values) (*authtypes.CallbackIdentity, error) {
-	state, err := authtypes.NewStateFromString(formValues.Get("RelayState"))
-	if err != nil {
-		return nil, errors.New(errors.TypeInvalidInput, authtypes.ErrCodeInvalidState, "saml: invalid state").WithAdditional(err.Error())
-	}
-
-	authDomain, err := a.store.GetAuthDomainFromID(ctx, state.DomainID)
-	if err != nil {
-		return nil, err
-	}
-
-	_, err = a.licensing.GetActive(ctx, authDomain.StorableAuthDomain().OrgID)
-	if err != nil {
-		return nil, errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
-	}
-
-	sp, err := a.serviceProvider(state.URL, authDomain)
-	if err != nil {
-		return nil, err
-	}
-
-	assertionInfo, err := sp.RetrieveAssertionInfo(formValues.Get("SAMLResponse"))
-	if err != nil {
-		if errors.As(err, &saml2.ErrVerification{}) {
-			return nil, errors.New(errors.TypeForbidden, errors.CodeForbidden, err.Error())
-		}
-
-		if errors.As(err, &saml2.ErrMissingElement{}) {
-			return nil, errors.New(errors.TypeNotFound, errors.CodeNotFound, err.Error())
-		}
-
-		return nil, err
-	}
-
-	if assertionInfo.WarningInfo.InvalidTime {
-		return nil, errors.New(errors.TypeForbidden, errors.CodeForbidden, "saml: expired saml response")
-	}
-
-	email, err := valuer.NewEmail(assertionInfo.NameID)
-	if err != nil {
-		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "saml: invalid email").WithAdditional("The nameID assertion is used to retrieve the email address, please check your IDP configuration and try again.")
-	}
-
-	return authtypes.NewCallbackIdentity("", email, authDomain.StorableAuthDomain().OrgID, state), nil
-}
-
-func (a *AuthN) serviceProvider(siteURL *url.URL, authDomain *authtypes.AuthDomain) (*saml2.SAMLServiceProvider, error) {
-	certStore, err := a.getCertificateStore(authDomain)
-	if err != nil {
-		return nil, err
-	}
-
-	acsURL := &url.URL{Scheme: siteURL.Scheme, Host: siteURL.Host, Path: redirectPath}
-
-	// Note:
-	// The ServiceProviderIssuer is the client id in case of keycloak. Since we set it to the host here, we need to set the client id == host in keycloak.
-	// For AWSSSO, this is the value of Application SAML audience.
-	return &saml2.SAMLServiceProvider{
-		IdentityProviderSSOURL:      authDomain.AuthDomainConfig().SAML.SamlIdp,
-		IdentityProviderIssuer:      authDomain.AuthDomainConfig().SAML.SamlEntity,
-		ServiceProviderIssuer:       siteURL.Host,
-		AssertionConsumerServiceURL: acsURL.String(),
-		SignAuthnRequests:           !authDomain.AuthDomainConfig().SAML.InsecureSkipAuthNRequestsSigned,
-		AllowMissingAttributes:      true,
-		IDPCertificateStore:         certStore,
-		SPKeyStore:                  dsig.RandomKeyStoreForTest(),
-	}, nil
-}
-
-func (a *AuthN) getCertificateStore(authDomain *authtypes.AuthDomain) (dsig.X509CertificateStore, error) {
-	certStore := &dsig.MemoryX509CertificateStore{
-		Roots: []*x509.Certificate{},
-	}
-
-	var certBytes []byte
-	if strings.Contains(authDomain.AuthDomainConfig().SAML.SamlCert, "-----BEGIN CERTIFICATE-----") {
-		block, _ := pem.Decode([]byte(authDomain.AuthDomainConfig().SAML.SamlCert))
-		if block == nil {
-			return certStore, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "no valid pem cert found")
-		}
-
-		certBytes = block.Bytes
-	} else {
-		certData, err := base64.StdEncoding.DecodeString(authDomain.AuthDomainConfig().SAML.SamlCert)
-		if err != nil {
-			return certStore, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to read certificate: %s", err.Error())
-		}
-
-		certBytes = certData
-	}
-
-	idpCert, err := x509.ParseCertificate(certBytes)
-	if err != nil {
-		return certStore, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to prepare saml request, invalid cert: %s", err.Error())
-	}
-
-	certStore.Roots = append(certStore.Roots, idpCert)
-
-	return certStore, nil
-}
--- a/ee/authz/openfgaauthz/provider.go
+++ b/ee/authz/openfgaauthz/provider.go
@@ -1,98 +0,0 @@
-package openfgaauthz
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/authz"
-	pkgopenfgaauthz "github.com/SigNoz/signoz/pkg/authz/openfgaauthz"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	openfgav1 "github.com/openfga/api/proto/openfga/v1"
-	openfgapkgtransformer "github.com/openfga/language/pkg/go/transformer"
-)
-
-type provider struct {
-	pkgAuthzService authz.AuthZ
-}
-
-func NewProviderFactory(sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile) factory.ProviderFactory[authz.AuthZ, authz.Config] {
-	return factory.NewProviderFactory(factory.MustNewName("openfga"), func(ctx context.Context, ps factory.ProviderSettings, config authz.Config) (authz.AuthZ, error) {
-		return newOpenfgaProvider(ctx, ps, config, sqlstore, openfgaSchema)
-	})
-}
-
-func newOpenfgaProvider(ctx context.Context, settings factory.ProviderSettings, config authz.Config, sqlstore sqlstore.SQLStore, openfgaSchema []openfgapkgtransformer.ModuleFile) (authz.AuthZ, error) {
-	pkgOpenfgaAuthzProvider := pkgopenfgaauthz.NewProviderFactory(sqlstore, openfgaSchema)
-	pkgAuthzService, err := pkgOpenfgaAuthzProvider.New(ctx, settings, config)
-	if err != nil {
-		return nil, err
-	}
-
-	return &provider{
-		pkgAuthzService: pkgAuthzService,
-	}, nil
-}
-
-func (provider *provider) Start(ctx context.Context) error {
-	return provider.pkgAuthzService.Start(ctx)
-}
-
-func (provider *provider) Stop(ctx context.Context) error {
-	return provider.pkgAuthzService.Stop(ctx)
-}
-
-func (provider *provider) Check(ctx context.Context, tuple *openfgav1.TupleKey) error {
-	return provider.pkgAuthzService.Check(ctx, tuple)
-}
-
-func (provider *provider) CheckWithTupleCreation(ctx context.Context, claims authtypes.Claims, orgID valuer.UUID, relation authtypes.Relation, _ authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector) error {
-	subject, err := authtypes.NewSubject(authtypes.TypeableUser, claims.UserID, orgID, nil)
-	if err != nil {
-		return err
-	}
-
-	tuples, err := typeable.Tuples(subject, relation, selectors, orgID)
-	if err != nil {
-		return err
-	}
-
-	err = provider.BatchCheck(ctx, tuples)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (provider *provider) CheckWithTupleCreationWithoutClaims(ctx context.Context, orgID valuer.UUID, relation authtypes.Relation, _ authtypes.Relation, typeable authtypes.Typeable, selectors []authtypes.Selector) error {
-	subject, err := authtypes.NewSubject(authtypes.TypeableAnonymous, authtypes.AnonymousUser.String(), orgID, nil)
-	if err != nil {
-		return err
-	}
-
-	tuples, err := typeable.Tuples(subject, relation, selectors, orgID)
-	if err != nil {
-		return err
-	}
-
-	err = provider.BatchCheck(ctx, tuples)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (provider *provider) BatchCheck(ctx context.Context, tuples []*openfgav1.TupleKey) error {
-	return provider.pkgAuthzService.BatchCheck(ctx, tuples)
-}
-
-func (provider *provider) ListObjects(ctx context.Context, subject string, relation authtypes.Relation, typeable authtypes.Typeable) ([]*authtypes.Object, error) {
-	return provider.pkgAuthzService.ListObjects(ctx, subject, relation, typeable)
-}
-
-func (provider *provider) Write(ctx context.Context, additions []*openfgav1.TupleKey, deletions []*openfgav1.TupleKey) error {
-	return provider.pkgAuthzService.Write(ctx, additions, deletions)
-}
--- a/ee/authz/openfgaschema/base.fga
+++ b/ee/authz/openfgaschema/base.fga
@@ -1,40 +0,0 @@
-module base
-
-type organisation 
-  relations
-    define read: [user, role#assignee]
-    define update: [user, role#assignee]
-
-type user
-  relations
-    define read: [user, role#assignee]
-    define update: [user, role#assignee]
-    define delete: [user, role#assignee]
-
-type anonymous
-
-type role 
-  relations
-    define assignee: [user, anonymous]
-
-    define read: [user, role#assignee]
-    define update: [user, role#assignee]
-    define delete: [user, role#assignee]
-
-type metaresources
-  relations
-    define create: [user, role#assignee]
-    define list: [user, role#assignee]
-
-type metaresource
-  relations
-      define read: [user, anonymous, role#assignee]
-      define update: [user, role#assignee]
-      define delete: [user, role#assignee]
-
-      define block: [user, role#assignee]
-
-
-type telemetryresource
-  relations
-      define read: [user, role#assignee]
--- a/ee/authz/openfgaschema/schema.go
+++ b/ee/authz/openfgaschema/schema.go
@@ -1,29 +0,0 @@
-package openfgaschema
-
-import (
-	"context"
-	_ "embed"
-
-	"github.com/SigNoz/signoz/pkg/authz"
-	openfgapkgtransformer "github.com/openfga/language/pkg/go/transformer"
-)
-
-var (
-	//go:embed base.fga
-	baseDSL string
-)
-
-type schema struct{}
-
-func NewSchema() authz.Schema {
-	return &schema{}
-}
-
-func (schema *schema) Get(ctx context.Context) []openfgapkgtransformer.ModuleFile {
-	return []openfgapkgtransformer.ModuleFile{
-		{
-			Name:     "base.fga",
-			Contents: baseDSL,
-		},
-	}
-}
--- a/ee/http/middleware/pat.go
+++ b/ee/http/middleware/pat.go
@@ -0,0 +1,91 @@
+package middleware
+
+import (
+	"net/http"
+	"time"
+
+	eeTypes "github.com/SigNoz/signoz/ee/types"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"go.uber.org/zap"
+)
+
+type Pat struct {
+	store   sqlstore.SQLStore
+	uuid    *authtypes.UUID
+	headers []string
+}
+
+func NewPat(store sqlstore.SQLStore, headers []string) *Pat {
+	return &Pat{store: store, uuid: authtypes.NewUUID(), headers: headers}
+}
+
+func (p *Pat) Wrap(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var values []string
+		var patToken string
+		var pat eeTypes.StorablePersonalAccessToken
+
+		for _, header := range p.headers {
+			values = append(values, r.Header.Get(header))
+		}
+
+		ctx, err := p.uuid.ContextFromRequest(r.Context(), values...)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+		patToken, ok := authtypes.UUIDFromContext(ctx)
+		if !ok {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		err = p.store.BunDB().NewSelect().Model(&pat).Where("token = ?", patToken).Scan(r.Context())
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		if pat.ExpiresAt < time.Now().Unix() && pat.ExpiresAt != 0 {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		// get user from db
+		user := types.User{}
+		err = p.store.BunDB().NewSelect().Model(&user).Where("id = ?", pat.UserID).Scan(r.Context())
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		role, err := authtypes.NewRole(user.Role)
+		if err != nil {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		jwt := authtypes.Claims{
+			UserID: user.ID,
+			Role:   role,
+			Email:  user.Email,
+			OrgID:  user.OrgID,
+		}
+
+		ctx = authtypes.NewContextWithClaims(ctx, jwt)
+
+		r = r.WithContext(ctx)
+
+		next.ServeHTTP(w, r)
+
+		pat.LastUsed = time.Now().Unix()
+		_, err = p.store.BunDB().NewUpdate().Model(&pat).Column("last_used").Where("token = ?", patToken).Where("revoked = false").Exec(r.Context())
+		if err != nil {
+			zap.L().Error("Failed to update PAT last used in db, err: %v", zap.Error(err))
+		}
+
+	})
+
+}
--- a/ee/licensing/config.go
+++ b/ee/licensing/config.go
@@ -1,26 +0,0 @@
-package licensing
-
-import (
-	"sync"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/licensing"
-)
-
-var (
-	config licensing.Config
-	once   sync.Once
-)
-
-// initializes the licensing configuration
-func Config(pollInterval time.Duration, failureThreshold int) licensing.Config {
-	once.Do(func() {
-		config = licensing.Config{PollInterval: pollInterval, FailureThreshold: failureThreshold}
-		if err := config.Validate(); err != nil {
-			panic(errors.WrapInternalf(err, errors.CodeInternal, "invalid licensing config"))
-		}
-	})
-
-	return config
-}
--- a/ee/licensing/httplicensing/api.go
+++ b/ee/licensing/httplicensing/api.go
@@ -1,168 +0,0 @@
-package httplicensing
-
-import (
-	"context"
-	"encoding/json"
-	"net/http"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type licensingAPI struct {
-	licensing licensing.Licensing
-}
-
-func NewLicensingAPI(licensing licensing.Licensing) licensing.API {
-	return &licensingAPI{licensing: licensing}
-}
-
-func (api *licensingAPI) Activate(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	req := new(licensetypes.PostableLicense)
-	err = json.NewDecoder(r.Body).Decode(&req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	err = api.licensing.Activate(r.Context(), orgID, req.Key)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusAccepted, nil)
-}
-
-func (api *licensingAPI) GetActive(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	license, err := api.licensing.GetActive(r.Context(), orgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	gettableLicense := licensetypes.NewGettableLicense(license.Data, license.Key)
-	render.Success(rw, http.StatusOK, gettableLicense)
-}
-
-func (api *licensingAPI) Refresh(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	err = api.licensing.Refresh(r.Context(), orgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusNoContent, nil)
-}
-
-func (api *licensingAPI) Checkout(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	req := new(licensetypes.PostableSubscription)
-	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	gettableSubscription, err := api.licensing.Checkout(ctx, orgID, req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusCreated, gettableSubscription)
-}
-
-func (api *licensingAPI) Portal(rw http.ResponseWriter, r *http.Request) {
-	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
-	defer cancel()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	req := new(licensetypes.PostableSubscription)
-	if err := json.NewDecoder(r.Body).Decode(req); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	gettableSubscription, err := api.licensing.Portal(ctx, orgID, req)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	render.Success(rw, http.StatusCreated, gettableSubscription)
-}
--- a/ee/licensing/httplicensing/provider.go
+++ b/ee/licensing/httplicensing/provider.go
@@ -1,249 +0,0 @@
-package httplicensing
-
-import (
-	"context"
-	"encoding/json"
-	"time"
-
-	"github.com/SigNoz/signoz/ee/licensing/licensingstore/sqllicensingstore"
-	"github.com/SigNoz/signoz/pkg/analytics"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/factory"
-	"github.com/SigNoz/signoz/pkg/licensing"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/analyticstypes"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/SigNoz/signoz/pkg/zeus"
-	"github.com/tidwall/gjson"
-)
-
-type provider struct {
-	store     licensetypes.Store
-	zeus      zeus.Zeus
-	config    licensing.Config
-	settings  factory.ScopedProviderSettings
-	orgGetter organization.Getter
-	analytics analytics.Analytics
-	stopChan  chan struct{}
-}
-
-func NewProviderFactory(store sqlstore.SQLStore, zeus zeus.Zeus, orgGetter organization.Getter, analytics analytics.Analytics) factory.ProviderFactory[licensing.Licensing, licensing.Config] {
-	return factory.NewProviderFactory(factory.MustNewName("http"), func(ctx context.Context, providerSettings factory.ProviderSettings, config licensing.Config) (licensing.Licensing, error) {
-		return New(ctx, providerSettings, config, store, zeus, orgGetter, analytics)
-	})
-}
-
-func New(ctx context.Context, ps factory.ProviderSettings, config licensing.Config, sqlstore sqlstore.SQLStore, zeus zeus.Zeus, orgGetter organization.Getter, analytics analytics.Analytics) (licensing.Licensing, error) {
-	settings := factory.NewScopedProviderSettings(ps, "github.com/SigNoz/signoz/ee/licensing/httplicensing")
-	licensestore := sqllicensingstore.New(sqlstore)
-	return &provider{
-		store:     licensestore,
-		zeus:      zeus,
-		config:    config,
-		settings:  settings,
-		orgGetter: orgGetter,
-		stopChan:  make(chan struct{}),
-		analytics: analytics,
-	}, nil
-}
-
-func (provider *provider) Start(ctx context.Context) error {
-	tick := time.NewTicker(provider.config.PollInterval)
-	defer tick.Stop()
-
-	err := provider.Validate(ctx)
-	if err != nil {
-		provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", "error", err)
-	}
-
-	for {
-		select {
-		case <-provider.stopChan:
-			return nil
-		case <-tick.C:
-			err := provider.Validate(ctx)
-			if err != nil {
-				provider.settings.Logger().ErrorContext(ctx, "failed to validate license from upstream server", "error", err)
-			}
-		}
-	}
-}
-
-func (provider *provider) Stop(ctx context.Context) error {
-	provider.settings.Logger().DebugContext(ctx, "license validation stopped")
-	close(provider.stopChan)
-	return nil
-}
-
-func (provider *provider) Validate(ctx context.Context) error {
-	organizations, err := provider.orgGetter.ListByOwnedKeyRange(ctx)
-	if err != nil {
-		return err
-	}
-
-	for _, organization := range organizations {
-		err := provider.Refresh(ctx, organization.ID)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (provider *provider) Activate(ctx context.Context, organizationID valuer.UUID, key string) error {
-	data, err := provider.zeus.GetLicense(ctx, key)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "unable to fetch license data with upstream server")
-	}
-
-	license, err := licensetypes.NewLicense(data, organizationID)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to create license entity")
-	}
-
-	storableLicense := licensetypes.NewStorableLicenseFromLicense(license)
-	err = provider.store.Create(ctx, storableLicense)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (provider *provider) GetActive(ctx context.Context, organizationID valuer.UUID) (*licensetypes.License, error) {
-	storableLicenses, err := provider.store.GetAll(ctx, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	activeLicense, err := licensetypes.GetActiveLicenseFromStorableLicenses(storableLicenses, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	return activeLicense, nil
-}
-
-func (provider *provider) Refresh(ctx context.Context, organizationID valuer.UUID) error {
-	activeLicense, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return nil
-		}
-		provider.settings.Logger().ErrorContext(ctx, "license validation failed", "org_id", organizationID.StringValue())
-		return err
-	}
-
-	data, err := provider.zeus.GetLicense(ctx, activeLicense.Key)
-	if err != nil {
-		if time.Since(activeLicense.LastValidatedAt) > time.Duration(provider.config.FailureThreshold)*provider.config.PollInterval {
-			activeLicense.UpdateFeatures(licensetypes.BasicPlan)
-			updatedStorableLicense := licensetypes.NewStorableLicenseFromLicense(activeLicense)
-			err = provider.store.Update(ctx, organizationID, updatedStorableLicense)
-			if err != nil {
-				return err
-			}
-
-			return nil
-		}
-		return err
-	}
-
-	err = activeLicense.Update(data)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to create license entity from license data")
-	}
-
-	updatedStorableLicense := licensetypes.NewStorableLicenseFromLicense(activeLicense)
-	err = provider.store.Update(ctx, organizationID, updatedStorableLicense)
-	if err != nil {
-		return err
-	}
-
-	stats := licensetypes.NewStatsFromLicense(activeLicense)
-	provider.analytics.Send(ctx,
-		analyticstypes.Track{
-			UserId:     "stats_" + organizationID.String(),
-			Event:      "License Updated",
-			Properties: analyticstypes.NewPropertiesFromMap(stats),
-			Context: &analyticstypes.Context{
-				Extra: map[string]interface{}{
-					analyticstypes.KeyGroupID: organizationID.String(),
-				},
-			},
-		},
-		analyticstypes.Group{
-			UserId:  "stats_" + organizationID.String(),
-			GroupId: organizationID.String(),
-			Traits:  analyticstypes.NewTraitsFromMap(stats),
-		},
-	)
-
-	return nil
-}
-
-func (provider *provider) Checkout(ctx context.Context, organizationID valuer.UUID, postableSubscription *licensetypes.PostableSubscription) (*licensetypes.GettableSubscription, error) {
-	activeLicense, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	body, err := json.Marshal(postableSubscription)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to marshal checkout payload")
-	}
-
-	response, err := provider.zeus.GetCheckoutURL(ctx, activeLicense.Key, body)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to generate checkout session")
-	}
-
-	return &licensetypes.GettableSubscription{RedirectURL: gjson.GetBytes(response, "url").String()}, nil
-}
-
-func (provider *provider) Portal(ctx context.Context, organizationID valuer.UUID, postableSubscription *licensetypes.PostableSubscription) (*licensetypes.GettableSubscription, error) {
-	activeLicense, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		return nil, err
-	}
-
-	body, err := json.Marshal(postableSubscription)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInvalidInput, errors.CodeInvalidInput, "failed to marshal portal payload")
-	}
-
-	response, err := provider.zeus.GetPortalURL(ctx, activeLicense.Key, body)
-	if err != nil {
-		return nil, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to generate portal session")
-	}
-
-	return &licensetypes.GettableSubscription{RedirectURL: gjson.GetBytes(response, "url").String()}, nil
-}
-
-func (provider *provider) GetFeatureFlags(ctx context.Context, organizationID valuer.UUID) ([]*licensetypes.Feature, error) {
-	license, err := provider.GetActive(ctx, organizationID)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return licensetypes.BasicPlan, nil
-		}
-		return nil, err
-	}
-
-	return license.Features, nil
-}
-
-func (provider *provider) Collect(ctx context.Context, orgID valuer.UUID) (map[string]any, error) {
-	activeLicense, err := provider.GetActive(ctx, orgID)
-	if err != nil {
-		if errors.Ast(err, errors.TypeNotFound) {
-			return map[string]any{}, nil
-		}
-
-		return nil, err
-	}
-
-	return licensetypes.NewStatsFromLicense(activeLicense), nil
-}
--- a/ee/licensing/licensingstore/sqllicensingstore/store.go
+++ b/ee/licensing/licensingstore/sqllicensingstore/store.go
@@ -1,81 +0,0 @@
-package sqllicensingstore
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/sqlstore"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type store struct {
-	sqlstore sqlstore.SQLStore
-}
-
-func New(sqlstore sqlstore.SQLStore) licensetypes.Store {
-	return &store{sqlstore}
-}
-
-func (store *store) Create(ctx context.Context, storableLicense *licensetypes.StorableLicense) error {
-	_, err := store.
-		sqlstore.
-		BunDB().
-		NewInsert().
-		Model(storableLicense).
-		Exec(ctx)
-	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, errors.CodeAlreadyExists, "license with ID: %s already exists", storableLicense.ID)
-	}
-
-	return nil
-}
-
-func (store *store) Get(ctx context.Context, organizationID valuer.UUID, licenseID valuer.UUID) (*licensetypes.StorableLicense, error) {
-	storableLicense := new(licensetypes.StorableLicense)
-	err := store.
-		sqlstore.
-		BunDB().
-		NewSelect().
-		Model(storableLicense).
-		Where("org_id = ?", organizationID).
-		Where("id = ?", licenseID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, errors.CodeNotFound, "license with ID: %s does not exist", licenseID)
-	}
-
-	return storableLicense, nil
-}
-
-func (store *store) GetAll(ctx context.Context, organizationID valuer.UUID) ([]*licensetypes.StorableLicense, error) {
-	storableLicenses := make([]*licensetypes.StorableLicense, 0)
-	err := store.
-		sqlstore.
-		BunDB().
-		NewSelect().
-		Model(&storableLicenses).
-		Where("org_id = ?", organizationID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, errors.CodeNotFound, "licenses for organizationID: %s does not exists", organizationID)
-	}
-
-	return storableLicenses, nil
-}
-
-func (store *store) Update(ctx context.Context, organizationID valuer.UUID, storableLicense *licensetypes.StorableLicense) error {
-	_, err := store.
-		sqlstore.
-		BunDB().
-		NewUpdate().
-		Model(storableLicense).
-		WherePK().
-		Where("org_id = ?", organizationID).
-		Exec(ctx)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "unable to update license with ID: %s", storableLicense.ID)
-	}
-
-	return nil
-}
--- a/ee/query-service/.dockerignore
+++ b/ee/query-service/.dockerignore
@@ -0,0 +1,4 @@
+.vscode
+README.md
+signoz.db
+bin
--- a/ee/query-service/.goreleaser.yaml
+++ b/ee/query-service/.goreleaser.yaml
@@ -11,7 +11,13 @@ before:
 builds:
  - id: signoz
    binary: bin/signoz
-    main: ./cmd/enterprise
+    main: ee/query-service/main.go
+    env:
+      - CGO_ENABLED=1
+      - >-
+        {{- if eq .Os "linux" }}
+          {{- if eq .Arch "arm64" }}CC=aarch64-linux-gnu-gcc{{- end }}
+        {{- end }}
    goos:
      - linux
      - darwin
@@ -31,8 +37,10 @@ builds:
      - -X github.com/SigNoz/signoz/pkg/version.branch={{ .Branch }}
      - -X github.com/SigNoz/signoz/ee/zeus.url=https://api.signoz.cloud
      - -X github.com/SigNoz/signoz/ee/zeus.deprecatedURL=https://license.signoz.io
+      - -X github.com/SigNoz/signoz/ee/query-service/constants.ZeusURL=https://api.signoz.cloud
      - -X github.com/SigNoz/signoz/ee/query-service/constants.LicenseSignozIo=https://license.signoz.io/api/v1
-      - -X github.com/SigNoz/signoz/pkg/analytics.key=9kRrJ7oPCGPEJLF6QjMPLt5bljFhRQBr
+      - >-
+        {{- if eq .Os "linux" }}-linkmode external -extldflags '-static'{{- end }}
    mod_timestamp: "{{ .CommitTimestamp }}"
    tags:
      - timetzdata
--- a/ee/query-service/Dockerfile
+++ b/ee/query-service/Dockerfile
@@ -11,9 +11,11 @@ RUN apk update && \


 COPY ./target/${OS}-${TARGETARCH}/signoz /root/signoz
+COPY ./conf/prometheus.yml /root/config/prometheus.yml
 COPY ./templates/email /root/templates
 COPY frontend/build/ /etc/signoz/web/

 RUN chmod 755 /root /root/signoz

-ENTRYPOINT ["./signoz", "server"]
+ENTRYPOINT ["./signoz"]
+CMD ["-config", "/root/config/prometheus.yml"]
--- a/ee/query-service/Dockerfile.integration
+++ b/ee/query-service/Dockerfile.integration
@@ -1,12 +1,4 @@
-FROM node:18-bullseye AS build
-
-WORKDIR /opt/
-COPY ./frontend/ ./
-ENV NODE_OPTIONS=--max-old-space-size=8192
-RUN CI=1 yarn install
-RUN CI=1 yarn build
-
-FROM golang:1.24-bullseye
+FROM golang:1.22-bullseye

 ARG OS="linux"
 ARG TARGETARCH
@@ -31,7 +23,6 @@ COPY go.mod go.sum ./

 RUN go mod download

-COPY ./cmd/ ./cmd/
 COPY ./ee/ ./ee/
 COPY ./pkg/ ./pkg/
 COPY ./templates/email /root/templates
@@ -40,8 +31,6 @@ COPY Makefile Makefile
 RUN TARGET_DIR=/root ARCHS=${TARGETARCH} ZEUS_URL=${ZEUSURL} LICENSE_URL=${ZEUSURL}/api/v1 make go-build-enterprise-race
 RUN mv /root/linux-${TARGETARCH}/signoz /root/signoz

-COPY --from=build /opt/build ./web/
-
 RUN chmod 755 /root /root/signoz

-ENTRYPOINT ["/root/signoz", "server"]
+ENTRYPOINT ["/root/signoz"]
--- a/ee/query-service/Dockerfile.multi-arch
+++ b/ee/query-service/Dockerfile.multi-arch
@@ -12,9 +12,11 @@ RUN apk update && \
    rm -rf /var/cache/apk/*

 COPY ./target/${OS}-${ARCH}/signoz /root/signoz
+COPY ./conf/prometheus.yml /root/config/prometheus.yml
 COPY ./templates/email /root/templates
 COPY frontend/build/ /etc/signoz/web/

 RUN chmod 755 /root /root/signoz

-ENTRYPOINT ["./signoz", "server"]
+ENTRYPOINT ["./signoz"]
+CMD ["-config", "/root/config/prometheus.yml"]
--- a/ee/query-service/anomaly/daily.go
+++ b/ee/query-service/anomaly/daily.go
@@ -5,7 +5,6 @@ import (

 	querierV2 "github.com/SigNoz/signoz/pkg/query-service/app/querier/v2"
 	"github.com/SigNoz/signoz/pkg/query-service/app/queryBuilder"
-	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type DailyProvider struct {
@@ -38,7 +37,7 @@ func NewDailyProvider(opts ...GenericProviderOption[*DailyProvider]) *DailyProvi
 	return dp
 }

-func (p *DailyProvider) GetAnomalies(ctx context.Context, orgID valuer.UUID, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error) {
+func (p *DailyProvider) GetAnomalies(ctx context.Context, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error) {
 	req.Seasonality = SeasonalityDaily
-	return p.getAnomalies(ctx, orgID, req)
+	return p.getAnomalies(ctx, req)
 }
--- a/ee/query-service/anomaly/hourly.go
+++ b/ee/query-service/anomaly/hourly.go
@@ -5,7 +5,6 @@ import (

 	querierV2 "github.com/SigNoz/signoz/pkg/query-service/app/querier/v2"
 	"github.com/SigNoz/signoz/pkg/query-service/app/queryBuilder"
-	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type HourlyProvider struct {
@@ -38,7 +37,7 @@ func NewHourlyProvider(opts ...GenericProviderOption[*HourlyProvider]) *HourlyPr
 	return hp
 }

-func (p *HourlyProvider) GetAnomalies(ctx context.Context, orgID valuer.UUID, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error) {
+func (p *HourlyProvider) GetAnomalies(ctx context.Context, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error) {
 	req.Seasonality = SeasonalityHourly
-	return p.getAnomalies(ctx, orgID, req)
+	return p.getAnomalies(ctx, req)
 }
--- a/ee/query-service/anomaly/provider.go
+++ b/ee/query-service/anomaly/provider.go
@@ -2,10 +2,8 @@ package anomaly

 import (
 	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type Provider interface {
-	GetAnomalies(ctx context.Context, orgID valuer.UUID, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error)
+	GetAnomalies(ctx context.Context, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error)
 }
--- a/ee/query-service/anomaly/seasonal.go
+++ b/ee/query-service/anomaly/seasonal.go
@@ -5,12 +5,11 @@ import (
 	"math"
 	"time"

-	"github.com/SigNoz/signoz/pkg/cache"
+	"github.com/SigNoz/signoz/pkg/query-service/cache"
 	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
 	v3 "github.com/SigNoz/signoz/pkg/query-service/model/v3"
 	"github.com/SigNoz/signoz/pkg/query-service/postprocess"
 	"github.com/SigNoz/signoz/pkg/query-service/utils/labels"
-	"github.com/SigNoz/signoz/pkg/valuer"
 	"go.uber.org/zap"
 )

@@ -60,9 +59,9 @@ func (p *BaseSeasonalProvider) getQueryParams(req *GetAnomaliesRequest) *anomaly
 	return prepareAnomalyQueryParams(req.Params, req.Seasonality)
 }

-func (p *BaseSeasonalProvider) getResults(ctx context.Context, orgID valuer.UUID, params *anomalyQueryParams) (*anomalyQueryResults, error) {
+func (p *BaseSeasonalProvider) getResults(ctx context.Context, params *anomalyQueryParams) (*anomalyQueryResults, error) {
 	zap.L().Info("fetching results for current period", zap.Any("currentPeriodQuery", params.CurrentPeriodQuery))
-	currentPeriodResults, _, err := p.querierV2.QueryRange(ctx, orgID, params.CurrentPeriodQuery)
+	currentPeriodResults, _, err := p.querierV2.QueryRange(ctx, params.CurrentPeriodQuery)
 	if err != nil {
 		return nil, err
 	}
@@ -73,7 +72,7 @@ func (p *BaseSeasonalProvider) getResults(ctx context.Context, orgID valuer.UUID
 	}

 	zap.L().Info("fetching results for past period", zap.Any("pastPeriodQuery", params.PastPeriodQuery))
-	pastPeriodResults, _, err := p.querierV2.QueryRange(ctx, orgID, params.PastPeriodQuery)
+	pastPeriodResults, _, err := p.querierV2.QueryRange(ctx, params.PastPeriodQuery)
 	if err != nil {
 		return nil, err
 	}
@@ -84,7 +83,7 @@ func (p *BaseSeasonalProvider) getResults(ctx context.Context, orgID valuer.UUID
 	}

 	zap.L().Info("fetching results for current season", zap.Any("currentSeasonQuery", params.CurrentSeasonQuery))
-	currentSeasonResults, _, err := p.querierV2.QueryRange(ctx, orgID, params.CurrentSeasonQuery)
+	currentSeasonResults, _, err := p.querierV2.QueryRange(ctx, params.CurrentSeasonQuery)
 	if err != nil {
 		return nil, err
 	}
@@ -95,7 +94,7 @@ func (p *BaseSeasonalProvider) getResults(ctx context.Context, orgID valuer.UUID
 	}

 	zap.L().Info("fetching results for past season", zap.Any("pastSeasonQuery", params.PastSeasonQuery))
-	pastSeasonResults, _, err := p.querierV2.QueryRange(ctx, orgID, params.PastSeasonQuery)
+	pastSeasonResults, _, err := p.querierV2.QueryRange(ctx, params.PastSeasonQuery)
 	if err != nil {
 		return nil, err
 	}
@@ -106,7 +105,7 @@ func (p *BaseSeasonalProvider) getResults(ctx context.Context, orgID valuer.UUID
 	}

 	zap.L().Info("fetching results for past 2 season", zap.Any("past2SeasonQuery", params.Past2SeasonQuery))
-	past2SeasonResults, _, err := p.querierV2.QueryRange(ctx, orgID, params.Past2SeasonQuery)
+	past2SeasonResults, _, err := p.querierV2.QueryRange(ctx, params.Past2SeasonQuery)
 	if err != nil {
 		return nil, err
 	}
@@ -117,7 +116,7 @@ func (p *BaseSeasonalProvider) getResults(ctx context.Context, orgID valuer.UUID
 	}

 	zap.L().Info("fetching results for past 3 season", zap.Any("past3SeasonQuery", params.Past3SeasonQuery))
-	past3SeasonResults, _, err := p.querierV2.QueryRange(ctx, orgID, params.Past3SeasonQuery)
+	past3SeasonResults, _, err := p.querierV2.QueryRange(ctx, params.Past3SeasonQuery)
 	if err != nil {
 		return nil, err
 	}
@@ -336,9 +335,9 @@ func (p *BaseSeasonalProvider) getAnomalyScores(
 	return anomalyScoreSeries
 }

-func (p *BaseSeasonalProvider) getAnomalies(ctx context.Context, orgID valuer.UUID, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error) {
+func (p *BaseSeasonalProvider) getAnomalies(ctx context.Context, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error) {
 	anomalyParams := p.getQueryParams(req)
-	anomalyQueryResults, err := p.getResults(ctx, orgID, anomalyParams)
+	anomalyQueryResults, err := p.getResults(ctx, anomalyParams)
 	if err != nil {
 		return nil, err
 	}
--- a/ee/query-service/anomaly/weekly.go
+++ b/ee/query-service/anomaly/weekly.go
@@ -5,7 +5,6 @@ import (

 	querierV2 "github.com/SigNoz/signoz/pkg/query-service/app/querier/v2"
 	"github.com/SigNoz/signoz/pkg/query-service/app/queryBuilder"
-	"github.com/SigNoz/signoz/pkg/valuer"
 )

 type WeeklyProvider struct {
@@ -37,7 +36,7 @@ func NewWeeklyProvider(opts ...GenericProviderOption[*WeeklyProvider]) *WeeklyPr
 	return wp
 }

-func (p *WeeklyProvider) GetAnomalies(ctx context.Context, orgID valuer.UUID, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error) {
+func (p *WeeklyProvider) GetAnomalies(ctx context.Context, req *GetAnomaliesRequest) (*GetAnomaliesResponse, error) {
 	req.Seasonality = SeasonalityWeekly
-	return p.getAnomalies(ctx, orgID, req)
+	return p.getAnomalies(ctx, req)
 }
--- a/ee/query-service/app/api/api.go
+++ b/ee/query-service/app/api/api.go
@@ -5,40 +5,47 @@ import (
 	"net/http/httputil"
 	"time"

-	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
+	"github.com/SigNoz/signoz/ee/query-service/dao"
 	"github.com/SigNoz/signoz/ee/query-service/integrations/gateway"
+	"github.com/SigNoz/signoz/ee/query-service/interfaces"
+	"github.com/SigNoz/signoz/ee/query-service/license"
 	"github.com/SigNoz/signoz/ee/query-service/usage"
 	"github.com/SigNoz/signoz/pkg/alertmanager"
 	"github.com/SigNoz/signoz/pkg/apis/fields"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
-	querierAPI "github.com/SigNoz/signoz/pkg/querier"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
-	"github.com/SigNoz/signoz/pkg/query-service/interfaces"
+	"github.com/SigNoz/signoz/pkg/query-service/cache"
+	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	rules "github.com/SigNoz/signoz/pkg/query-service/rules"
 	"github.com/SigNoz/signoz/pkg/signoz"
-	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/gorilla/mux"
 )

 type APIHandlerOptions struct {
-	DataConnector                 interfaces.Reader
+	DataConnector                 interfaces.DataConnector
+	PreferSpanMetrics             bool
+	AppDao                        dao.ModelDao
 	RulesManager                  *rules.Manager
 	UsageManager                  *usage.Manager
+	FeatureFlags                  baseint.FeatureLookup
+	LicenseManager                *license.Manager
 	IntegrationsController        *integrations.Controller
 	CloudIntegrationsController   *cloudintegrations.Controller
 	LogsParsingPipelineController *logparsingpipeline.LogParsingPipelineController
+	Cache                         cache.Cache
 	Gateway                       *httputil.ReverseProxy
 	GatewayUrl                    string
 	// Querier Influx Interval
-	FluxInterval time.Duration
+	FluxInterval      time.Duration
+	UseLogsNewSchema  bool
+	UseTraceNewSchema bool
+	JWT               *authtypes.JWT
 }

 type APIHandler struct {
@@ -50,16 +57,18 @@ type APIHandler struct {
 func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz) (*APIHandler, error) {
 	baseHandler, err := baseapp.NewAPIHandler(baseapp.APIHandlerOpts{
 		Reader:                        opts.DataConnector,
+		PreferSpanMetrics:             opts.PreferSpanMetrics,
+		AppDao:                        opts.AppDao,
 		RuleManager:                   opts.RulesManager,
+		FeatureFlags:                  opts.FeatureFlags,
 		IntegrationsController:        opts.IntegrationsController,
 		CloudIntegrationsController:   opts.CloudIntegrationsController,
 		LogsParsingPipelineController: opts.LogsParsingPipelineController,
+		Cache:                         opts.Cache,
 		FluxInterval:                  opts.FluxInterval,
 		AlertmanagerAPI:               alertmanager.NewAPI(signoz.Alertmanager),
-		LicensingAPI:                  httplicensing.NewLicensingAPI(signoz.Licensing),
-		FieldsAPI:                     fields.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.TelemetryStore),
+		FieldsAPI:                     fields.NewAPI(signoz.TelemetryStore),
 		Signoz:                        signoz,
-		QuerierAPI:                    querierAPI.NewAPI(signoz.Instrumentation.ToProviderSettings(), signoz.Querier, signoz.Analytics),
 	})

 	if err != nil {
@@ -73,82 +82,102 @@ func NewAPIHandler(opts APIHandlerOptions, signoz *signoz.SigNoz) (*APIHandler,
 	return ah, nil
 }

+func (ah *APIHandler) FF() baseint.FeatureLookup {
+	return ah.opts.FeatureFlags
+}
+
 func (ah *APIHandler) RM() *rules.Manager {
 	return ah.opts.RulesManager
 }

+func (ah *APIHandler) LM() *license.Manager {
+	return ah.opts.LicenseManager
+}
+
 func (ah *APIHandler) UM() *usage.Manager {
 	return ah.opts.UsageManager
 }

+func (ah *APIHandler) AppDao() dao.ModelDao {
+	return ah.opts.AppDao
+}
+
 func (ah *APIHandler) Gateway() *httputil.ReverseProxy {
 	return ah.opts.Gateway
 }

+func (ah *APIHandler) CheckFeature(f string) bool {
+	err := ah.FF().CheckFeature(f)
+	return err == nil
+}
+
 // RegisterRoutes registers routes for this handler on the given router
 func (ah *APIHandler) RegisterRoutes(router *mux.Router, am *middleware.AuthZ) {
 	// note: add ee override methods first

 	// routes available only in ee version
-	router.HandleFunc("/api/v1/features", am.ViewAccess(ah.getFeatureFlags)).Methods(http.MethodGet)
+
+	router.HandleFunc("/api/v1/featureFlags",
+		am.OpenAccess(ah.getFeatureFlags)).
+		Methods(http.MethodGet)
+
+	router.HandleFunc("/api/v1/loginPrecheck",
+		am.OpenAccess(ah.precheckLogin)).
+		Methods(http.MethodGet)

 	// paid plans specific routes
-	router.HandleFunc("/api/v1/complete/saml", am.OpenAccess(ah.Signoz.Handlers.Session.CreateSessionBySAMLCallback)).Methods(http.MethodPost)
-	router.HandleFunc("/api/v1/complete/oidc", am.OpenAccess(ah.Signoz.Handlers.Session.CreateSessionByOIDCCallback)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/complete/saml",
+		am.OpenAccess(ah.receiveSAML)).
+		Methods(http.MethodPost)
+
+	router.HandleFunc("/api/v1/complete/google",
+		am.OpenAccess(ah.receiveGoogleAuth)).
+		Methods(http.MethodGet)
+
+	router.HandleFunc("/api/v1/orgs/{orgId}/domains",
+		am.AdminAccess(ah.listDomainsByOrg)).
+		Methods(http.MethodGet)
+
+	router.HandleFunc("/api/v1/domains",
+		am.AdminAccess(ah.postDomain)).
+		Methods(http.MethodPost)
+
+	router.HandleFunc("/api/v1/domains/{id}",
+		am.AdminAccess(ah.putDomain)).
+		Methods(http.MethodPut)
+
+	router.HandleFunc("/api/v1/domains/{id}",
+		am.AdminAccess(ah.deleteDomain)).
+		Methods(http.MethodDelete)

 	// base overrides
 	router.HandleFunc("/api/v1/version", am.OpenAccess(ah.getVersion)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/invite/{token}", am.OpenAccess(ah.getInvite)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/register", am.OpenAccess(ah.registerUser)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/login", am.OpenAccess(ah.loginUser)).Methods(http.MethodPost)

-	router.HandleFunc("/api/v1/checkout", am.AdminAccess(ah.LicensingAPI.Checkout)).Methods(http.MethodPost)
+	// PAT APIs
+	router.HandleFunc("/api/v1/pats", am.AdminAccess(ah.createPAT)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/pats", am.AdminAccess(ah.getPATs)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/pats/{id}", am.AdminAccess(ah.updatePAT)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v1/pats/{id}", am.AdminAccess(ah.revokePAT)).Methods(http.MethodDelete)
+
+	router.HandleFunc("/api/v1/checkout", am.AdminAccess(ah.checkout)).Methods(http.MethodPost)
 	router.HandleFunc("/api/v1/billing", am.AdminAccess(ah.getBilling)).Methods(http.MethodGet)
-	router.HandleFunc("/api/v1/portal", am.AdminAccess(ah.LicensingAPI.Portal)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v1/portal", am.AdminAccess(ah.portalSession)).Methods(http.MethodPost)

-	// dashboards
-	router.HandleFunc("/api/v1/dashboards/{id}/public", am.AdminAccess(ah.Signoz.Handlers.Dashboard.CreatePublic)).Methods(http.MethodPost)
-	router.HandleFunc("/api/v1/dashboards/{id}/public", am.AdminAccess(ah.Signoz.Handlers.Dashboard.GetPublic)).Methods(http.MethodGet)
-	router.HandleFunc("/api/v1/dashboards/{id}/public", am.AdminAccess(ah.Signoz.Handlers.Dashboard.UpdatePublic)).Methods(http.MethodPut)
-	router.HandleFunc("/api/v1/dashboards/{id}/public", am.AdminAccess(ah.Signoz.Handlers.Dashboard.DeletePublic)).Methods(http.MethodDelete)
-
-	// public access for dashboards
-	router.HandleFunc("/api/v1/public/dashboards/{id}", am.CheckWithoutClaims(
-		ah.Signoz.Handlers.Dashboard.GetPublicData,
-		authtypes.RelationRead, authtypes.RelationRead,
-		dashboardtypes.TypeableMetaResourcePublicDashboard,
-		func(req *http.Request, orgs []*types.Organization) ([]authtypes.Selector, valuer.UUID, error) {
-			id, err := valuer.NewUUID(mux.Vars(req)["id"])
-			if err != nil {
-				return nil, valuer.UUID{}, err
-			}
-
-			return ah.Signoz.Modules.Dashboard.GetPublicDashboardOrgAndSelectors(req.Context(), id, orgs)
-		})).Methods(http.MethodGet)
-
-	router.HandleFunc("/api/v1/public/dashboards/{id}/widgets/{index}/query_range", am.CheckWithoutClaims(
-		ah.Signoz.Handlers.Dashboard.GetPublicWidgetQueryRange,
-		authtypes.RelationRead, authtypes.RelationRead,
-		dashboardtypes.TypeableMetaResourcePublicDashboard,
-		func(req *http.Request, orgs []*types.Organization) ([]authtypes.Selector, valuer.UUID, error) {
-			id, err := valuer.NewUUID(mux.Vars(req)["id"])
-			if err != nil {
-				return nil, valuer.UUID{}, err
-			}
-
-			return ah.Signoz.Modules.Dashboard.GetPublicDashboardOrgAndSelectors(req.Context(), id, orgs)
-		})).Methods(http.MethodGet)
+	router.HandleFunc("/api/v1/dashboards/{uuid}/lock", am.EditAccess(ah.lockDashboard)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v1/dashboards/{uuid}/unlock", am.EditAccess(ah.unlockDashboard)).Methods(http.MethodPut)

 	// v3
-	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.LicensingAPI.Activate)).Methods(http.MethodPost)
-	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.LicensingAPI.Refresh)).Methods(http.MethodPut)
-	router.HandleFunc("/api/v3/licenses/active", am.ViewAccess(ah.LicensingAPI.GetActive)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v3/licenses", am.ViewAccess(ah.listLicensesV3)).Methods(http.MethodGet)
+	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.applyLicenseV3)).Methods(http.MethodPost)
+	router.HandleFunc("/api/v3/licenses", am.AdminAccess(ah.refreshLicensesV3)).Methods(http.MethodPut)
+	router.HandleFunc("/api/v3/licenses/active", am.ViewAccess(ah.getActiveLicenseV3)).Methods(http.MethodGet)

 	// v4
 	router.HandleFunc("/api/v4/query_range", am.ViewAccess(ah.queryRangeV4)).Methods(http.MethodPost)

-	// v5
-	router.HandleFunc("/api/v5/query_range", am.ViewAccess(ah.queryRangeV5)).Methods(http.MethodPost)
-
-	router.HandleFunc("/api/v5/substitute_vars", am.ViewAccess(ah.QuerierAPI.ReplaceVariables)).Methods(http.MethodPost)
-
 	// Gateway
 	router.PathPrefix(gateway.RoutePrefix).HandlerFunc(am.EditAccess(ah.ServeGatewayHTTP))

--- a/ee/query-service/app/api/auth.go
+++ b/ee/query-service/app/api/auth.go
@@ -0,0 +1,341 @@
+package api
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+
+	"github.com/gorilla/mux"
+	"go.uber.org/zap"
+
+	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	baseauth "github.com/SigNoz/signoz/pkg/query-service/auth"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+)
+
+func parseRequest(r *http.Request, req interface{}) error {
+	defer r.Body.Close()
+	requestBody, err := io.ReadAll(r.Body)
+	if err != nil {
+		return err
+	}
+
+	err = json.Unmarshal(requestBody, &req)
+	return err
+}
+
+// loginUser overrides base handler and considers SSO case.
+func (ah *APIHandler) loginUser(w http.ResponseWriter, r *http.Request) {
+
+	req := basemodel.LoginRequest{}
+	err := parseRequest(r, &req)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	ctx := context.Background()
+
+	if req.Email != "" && ah.CheckFeature(model.SSO) {
+		var apierr basemodel.BaseApiError
+		_, apierr = ah.AppDao().CanUsePassword(ctx, req.Email)
+		if apierr != nil && !apierr.IsNil() {
+			RespondError(w, apierr, nil)
+		}
+	}
+
+	// if all looks good, call auth
+	resp, err := baseauth.Login(ctx, &req, ah.opts.JWT)
+	if ah.HandleError(w, err, http.StatusUnauthorized) {
+		return
+	}
+
+	ah.WriteJSON(w, r, resp)
+}
+
+// registerUser registers a user and responds with a precheck
+// so the front-end can decide the login method
+func (ah *APIHandler) registerUser(w http.ResponseWriter, r *http.Request) {
+
+	if !ah.CheckFeature(model.SSO) {
+		ah.APIHandler.Register(w, r)
+		return
+	}
+
+	ctx := context.Background()
+	var req *baseauth.RegisterRequest
+
+	defer r.Body.Close()
+	requestBody, err := io.ReadAll(r.Body)
+	if err != nil {
+		zap.L().Error("received no input in api", zap.Error(err))
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	err = json.Unmarshal(requestBody, &req)
+
+	if err != nil {
+		zap.L().Error("received invalid user registration request", zap.Error(err))
+		RespondError(w, model.BadRequest(fmt.Errorf("failed to register user")), nil)
+		return
+	}
+
+	// get invite object
+	invite, err := baseauth.ValidateInvite(ctx, req)
+	if err != nil {
+		zap.L().Error("failed to validate invite token", zap.Error(err))
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if invite == nil {
+		zap.L().Error("failed to validate invite token: it is either empty or invalid", zap.Error(err))
+		RespondError(w, model.BadRequest(basemodel.ErrSignupFailed{}), nil)
+		return
+	}
+
+	// get auth domain from email domain
+	domain, apierr := ah.AppDao().GetDomainByEmail(ctx, invite.Email)
+	if apierr != nil {
+		zap.L().Error("failed to get domain from email", zap.Error(apierr))
+		RespondError(w, model.InternalError(basemodel.ErrSignupFailed{}), nil)
+	}
+
+	precheckResp := &basemodel.PrecheckResponse{
+		SSO:    false,
+		IsUser: false,
+	}
+
+	if domain != nil && domain.SsoEnabled {
+		// sso is enabled, create user and respond precheck data
+		user, apierr := baseauth.RegisterInvitedUser(ctx, req, true)
+		if apierr != nil {
+			RespondError(w, apierr, nil)
+			return
+		}
+
+		var precheckError basemodel.BaseApiError
+
+		precheckResp, precheckError = ah.AppDao().PrecheckLogin(ctx, user.Email, req.SourceUrl)
+		if precheckError != nil {
+			RespondError(w, precheckError, precheckResp)
+		}
+
+	} else {
+		// no-sso, validate password
+		if err := baseauth.ValidatePassword(req.Password); err != nil {
+			RespondError(w, model.InternalError(fmt.Errorf("password is not in a valid format")), nil)
+			return
+		}
+
+		_, registerError := baseauth.Register(ctx, req, ah.Signoz.Alertmanager, ah.Signoz.Modules.Organization)
+		if !registerError.IsNil() {
+			RespondError(w, apierr, nil)
+			return
+		}
+
+		precheckResp.IsUser = true
+	}
+
+	ah.Respond(w, precheckResp)
+}
+
+// getInvite returns the invite object details for the given invite token. We do not need to
+// protect this API because invite token itself is meant to be private.
+func (ah *APIHandler) getInvite(w http.ResponseWriter, r *http.Request) {
+	token := mux.Vars(r)["token"]
+	sourceUrl := r.URL.Query().Get("ref")
+
+	inviteObject, err := baseauth.GetInvite(r.Context(), token, ah.Signoz.Modules.Organization)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	resp := model.GettableInvitation{
+		InvitationResponseObject: inviteObject,
+	}
+
+	precheck, apierr := ah.AppDao().PrecheckLogin(r.Context(), inviteObject.Email, sourceUrl)
+	resp.Precheck = precheck
+
+	if apierr != nil {
+		RespondError(w, apierr, resp)
+	}
+
+	ah.WriteJSON(w, r, resp)
+}
+
+// PrecheckLogin enables browser login page to display appropriate
+// login methods
+func (ah *APIHandler) precheckLogin(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
+
+	email := r.URL.Query().Get("email")
+	sourceUrl := r.URL.Query().Get("ref")
+
+	resp, apierr := ah.AppDao().PrecheckLogin(ctx, email, sourceUrl)
+	if apierr != nil {
+		RespondError(w, apierr, resp)
+	}
+
+	ah.Respond(w, resp)
+}
+
+func handleSsoError(w http.ResponseWriter, r *http.Request, redirectURL string) {
+	ssoError := []byte("Login failed. Please contact your system administrator")
+	dst := make([]byte, base64.StdEncoding.EncodedLen(len(ssoError)))
+	base64.StdEncoding.Encode(dst, ssoError)
+
+	http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectURL, string(dst)), http.StatusSeeOther)
+}
+
+// receiveGoogleAuth completes google OAuth response and forwards a request
+// to front-end to sign user in
+func (ah *APIHandler) receiveGoogleAuth(w http.ResponseWriter, r *http.Request) {
+	redirectUri := constants.GetDefaultSiteURL()
+	ctx := context.Background()
+
+	if !ah.CheckFeature(model.SSO) {
+		zap.L().Error("[receiveGoogleAuth] sso requested but feature unavailable in org domain")
+		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently)
+		return
+	}
+
+	q := r.URL.Query()
+	if errType := q.Get("error"); errType != "" {
+		zap.L().Error("[receiveGoogleAuth] failed to login with google auth", zap.String("error", errType), zap.String("error_description", q.Get("error_description")))
+		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "failed to login through SSO "), http.StatusMovedPermanently)
+		return
+	}
+
+	relayState := q.Get("state")
+	zap.L().Debug("[receiveGoogleAuth] relay state received", zap.String("state", relayState))
+
+	parsedState, err := url.Parse(relayState)
+	if err != nil || relayState == "" {
+		zap.L().Error("[receiveGoogleAuth] failed to process response - invalid response from IDP", zap.Error(err), zap.Any("request", r))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	// upgrade redirect url from the relay state for better accuracy
+	redirectUri = fmt.Sprintf("%s://%s%s", parsedState.Scheme, parsedState.Host, "/login")
+
+	// fetch domain by parsing relay state.
+	domain, err := ah.AppDao().GetDomainFromSsoResponse(ctx, parsedState)
+	if err != nil {
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	// now that we have domain, use domain to fetch sso settings.
+	// prepare google callback handler using parsedState -
+	// which contains redirect URL (front-end endpoint)
+	callbackHandler, err := domain.PrepareGoogleOAuthProvider(parsedState)
+	if err != nil {
+		zap.L().Error("[receiveGoogleAuth] failed to prepare google oauth provider", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	identity, err := callbackHandler.HandleCallback(r)
+	if err != nil {
+		zap.L().Error("[receiveGoogleAuth] failed to process HandleCallback ", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	nextPage, err := ah.AppDao().PrepareSsoRedirect(ctx, redirectUri, identity.Email, ah.opts.JWT)
+	if err != nil {
+		zap.L().Error("[receiveGoogleAuth] failed to generate redirect URI after successful login ", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	http.Redirect(w, r, nextPage, http.StatusSeeOther)
+}
+
+// receiveSAML completes a SAML request and gets user logged in
+func (ah *APIHandler) receiveSAML(w http.ResponseWriter, r *http.Request) {
+	// this is the source url that initiated the login request
+	redirectUri := constants.GetDefaultSiteURL()
+	ctx := context.Background()
+
+	if !ah.CheckFeature(model.SSO) {
+		zap.L().Error("[receiveSAML] sso requested but feature unavailable in org domain")
+		http.Redirect(w, r, fmt.Sprintf("%s?ssoerror=%s", redirectUri, "feature unavailable, please upgrade your billing plan to access this feature"), http.StatusMovedPermanently)
+		return
+	}
+
+	err := r.ParseForm()
+	if err != nil {
+		zap.L().Error("[receiveSAML] failed to process response - invalid response from IDP", zap.Error(err), zap.Any("request", r))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	// the relay state is sent when a login request is submitted to
+	// Idp.
+	relayState := r.FormValue("RelayState")
+	zap.L().Debug("[receiveML] relay state", zap.String("relayState", relayState))
+
+	parsedState, err := url.Parse(relayState)
+	if err != nil || relayState == "" {
+		zap.L().Error("[receiveSAML] failed to process response - invalid response from IDP", zap.Error(err), zap.Any("request", r))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	// upgrade redirect url from the relay state for better accuracy
+	redirectUri = fmt.Sprintf("%s://%s%s", parsedState.Scheme, parsedState.Host, "/login")
+
+	// fetch domain by parsing relay state.
+	domain, err := ah.AppDao().GetDomainFromSsoResponse(ctx, parsedState)
+	if err != nil {
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	sp, err := domain.PrepareSamlRequest(parsedState)
+	if err != nil {
+		zap.L().Error("[receiveSAML] failed to prepare saml request for domain", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	assertionInfo, err := sp.RetrieveAssertionInfo(r.FormValue("SAMLResponse"))
+	if err != nil {
+		zap.L().Error("[receiveSAML] failed to retrieve assertion info from  saml response", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	if assertionInfo.WarningInfo.InvalidTime {
+		zap.L().Error("[receiveSAML] expired saml response", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	email := assertionInfo.NameID
+	if email == "" {
+		zap.L().Error("[receiveSAML] invalid email in the SSO response", zap.String("domain", domain.String()))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	nextPage, err := ah.AppDao().PrepareSsoRedirect(ctx, redirectUri, email, ah.opts.JWT)
+	if err != nil {
+		zap.L().Error("[receiveSAML] failed to generate redirect URI after successful login ", zap.String("domain", domain.String()), zap.Error(err))
+		handleSsoError(w, r, redirectUri)
+		return
+	}
+
+	http.Redirect(w, r, nextPage, http.StatusSeeOther)
+}
--- a/ee/query-service/app/api/cloudIntegrations.go
+++ b/ee/query-service/app/api/cloudIntegrations.go
@@ -10,13 +10,14 @@ import (
 	"strings"
 	"time"

-	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/ee/query-service/constants"
+	eeTypes "github.com/SigNoz/signoz/ee/types"
 	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/query-service/auth"
 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/google/uuid"
 	"github.com/gorilla/mux"
 	"go.uber.org/zap"
 )
@@ -35,12 +36,6 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		return
 	}

-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
 	cloudProvider := mux.Vars(r)["cloudProvider"]
 	if cloudProvider != "aws" {
 		RespondError(w, basemodel.BadRequest(fmt.Errorf(
@@ -61,9 +56,11 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		SigNozAPIKey: apiKey,
 	}

-	license, err := ah.Signoz.Licensing.GetActive(r.Context(), orgID)
-	if err != nil {
-		render.Error(w, err)
+	license, apiErr := ah.LM().GetRepo().GetActiveLicense(r.Context())
+	if apiErr != nil {
+		RespondError(w, basemodel.WrapApiError(
+			apiErr, "couldn't look for active license",
+		), nil)
 		return
 	}

@@ -76,7 +73,7 @@ func (ah *APIHandler) CloudIntegrationsGenerateConnectionParams(w http.ResponseW
 		return
 	}

-	ingestionUrl, signozApiUrl, apiErr := ah.getIngestionUrlAndSigNozAPIUrl(r.Context(), license.Key)
+	ingestionUrl, signozApiUrl, apiErr := getIngestionUrlAndSigNozAPIUrl(r.Context(), license.Key)
 	if apiErr != nil {
 		RespondError(w, basemodel.WrapApiError(
 			apiErr, "couldn't deduce ingestion url and signoz api url",
@@ -119,14 +116,7 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId
 		return "", apiErr
 	}

-	orgIdUUID, err := valuer.NewUUID(orgId)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't parse orgId: %w", err,
-		))
-	}
-
-	allPats, err := ah.Signoz.Modules.User.ListAPIKeys(ctx, orgIdUUID)
+	allPats, err := ah.AppDao().ListPATs(ctx, orgId)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't list PATs: %w", err,
@@ -143,79 +133,112 @@ func (ah *APIHandler) getOrCreateCloudIntegrationPAT(ctx context.Context, orgId
 		zap.String("cloudProvider", cloudProvider),
 	)

-	newPAT, err := types.NewStorableAPIKey(
+	newPAT := eeTypes.NewGettablePAT(
 		integrationPATName,
+		authtypes.RoleViewer.String(),
 		integrationUser.ID,
-		types.RoleViewer,
 		0,
 	)
+	integrationPAT, err := ah.AppDao().CreatePAT(ctx, orgId, newPAT)
 	if err != nil {
 		return "", basemodel.InternalError(fmt.Errorf(
 			"couldn't create cloud integration PAT: %w", err,
 		))
 	}
-
-	err = ah.Signoz.Modules.User.CreateAPIKey(ctx, newPAT)
-	if err != nil {
-		return "", basemodel.InternalError(fmt.Errorf(
-			"couldn't create cloud integration PAT: %w", err,
-		))
-	}
-	return newPAT.Token, nil
+	return integrationPAT.Token, nil
 }

 func (ah *APIHandler) getOrCreateCloudIntegrationUser(
 	ctx context.Context, orgId string, cloudProvider string,
 ) (*types.User, *basemodel.ApiError) {
-	cloudIntegrationUserName := fmt.Sprintf("%s-integration", cloudProvider)
-	email := valuer.MustNewEmail(fmt.Sprintf("%s@signoz.io", cloudIntegrationUserName))
+	cloudIntegrationUser := fmt.Sprintf("%s-integration", cloudProvider)
+	email := fmt.Sprintf("%s@signoz.io", cloudIntegrationUser)

-	cloudIntegrationUser, err := types.NewUser(cloudIntegrationUserName, email, types.RoleViewer, valuer.MustNewUUID(orgId))
-	if err != nil {
-		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration user: %w", err))
+	// TODO(nitya): there should be orgId here
+	integrationUserResult, apiErr := ah.AppDao().GetUserByEmail(ctx, email)
+	if apiErr != nil {
+		return nil, basemodel.WrapApiError(apiErr, "couldn't look for integration user")
 	}

-	password := types.MustGenerateFactorPassword(cloudIntegrationUser.ID.StringValue())
-
-	cloudIntegrationUser, err = ah.Signoz.Modules.User.GetOrCreateUser(ctx, cloudIntegrationUser, user.WithFactorPassword(password))
-	if err != nil {
-		return nil, basemodel.InternalError(fmt.Errorf("couldn't look for integration user: %w", err))
+	if integrationUserResult != nil {
+		return &integrationUserResult.User, nil
 	}

-	return cloudIntegrationUser, nil
+	zap.L().Info(
+		"cloud integration user not found. Attempting to create the user",
+		zap.String("cloudProvider", cloudProvider),
+	)
+
+	newUser := &types.User{
+		ID:    uuid.New().String(),
+		Name:  cloudIntegrationUser,
+		Email: email,
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: time.Now(),
+		},
+		OrgID: orgId,
+	}
+
+	newUser.Role = authtypes.RoleViewer.String()
+
+	passwordHash, err := auth.PasswordHash(uuid.NewString())
+	if err != nil {
+		return nil, basemodel.InternalError(fmt.Errorf(
+			"couldn't hash random password for cloud integration user: %w", err,
+		))
+	}
+	newUser.Password = passwordHash
+
+	integrationUser, apiErr := ah.AppDao().CreateUser(ctx, newUser, false)
+	if apiErr != nil {
+		return nil, basemodel.WrapApiError(apiErr, "couldn't create cloud integration user")
+	}
+
+	return integrationUser, nil
 }

-func (ah *APIHandler) getIngestionUrlAndSigNozAPIUrl(ctx context.Context, licenseKey string) (
+func getIngestionUrlAndSigNozAPIUrl(ctx context.Context, licenseKey string) (
 	string, string, *basemodel.ApiError,
 ) {
-	// TODO: remove this struct from here
+	url := fmt.Sprintf(
+		"%s%s",
+		strings.TrimSuffix(constants.ZeusURL, "/"),
+		"/v2/deployments/me",
+	)
+
 	type deploymentResponse struct {
-		Name        string `json:"name"`
-		ClusterInfo struct {
-			Region struct {
-				DNS string `json:"dns"`
-			} `json:"region"`
-		} `json:"cluster"`
+		Status string `json:"status"`
+		Error  string `json:"error"`
+		Data   struct {
+			Name string `json:"name"`
+
+			ClusterInfo struct {
+				Region struct {
+					DNS string `json:"dns"`
+				} `json:"region"`
+			} `json:"cluster"`
+		} `json:"data"`
 	}

-	respBytes, err := ah.Signoz.Zeus.GetDeployment(ctx, licenseKey)
-	if err != nil {
+	resp, apiErr := requestAndParseResponse[deploymentResponse](
+		ctx, url, map[string]string{"X-Signoz-Cloud-Api-Key": licenseKey}, nil,
+	)
+
+	if apiErr != nil {
+		return "", "", basemodel.WrapApiError(
+			apiErr, "couldn't query for deployment info",
+		)
+	}
+
+	if resp.Status != "success" {
 		return "", "", basemodel.InternalError(fmt.Errorf(
-			"couldn't query for deployment info: error: %w", err,
+			"couldn't query for deployment info: status: %s, error: %s",
+			resp.Status, resp.Error,
 		))
 	}

-	resp := new(deploymentResponse)
-
-	err = json.Unmarshal(respBytes, resp)
-	if err != nil {
-		return "", "", basemodel.InternalError(fmt.Errorf(
-			"couldn't unmarshal deployment info response: error: %w", err,
-		))
-	}
-
-	regionDns := resp.ClusterInfo.Region.DNS
-	deploymentName := resp.Name
+	regionDns := resp.Data.ClusterInfo.Region.DNS
+	deploymentName := resp.Data.Name

 	if len(regionDns) < 1 || len(deploymentName) < 1 {
 		// Fail early if actual response structure and expectation here ever diverge
--- a/ee/query-service/app/api/dashboard.go
+++ b/ee/query-service/app/api/dashboard.go
@@ -0,0 +1,63 @@
+package api
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/query-service/app/dashboards"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/gorilla/mux"
+)
+
+func (ah *APIHandler) lockDashboard(w http.ResponseWriter, r *http.Request) {
+	ah.lockUnlockDashboard(w, r, true)
+}
+
+func (ah *APIHandler) unlockDashboard(w http.ResponseWriter, r *http.Request) {
+	ah.lockUnlockDashboard(w, r, false)
+}
+
+func (ah *APIHandler) lockUnlockDashboard(w http.ResponseWriter, r *http.Request, lock bool) {
+	// Locking can only be done by the owner of the dashboard
+	// or an admin
+
+	// - Fetch the dashboard
+	// - Check if the user is the owner or an admin
+	// - If yes, lock/unlock the dashboard
+	// - If no, return 403
+
+	// Get the dashboard UUID from the request
+	uuid := mux.Vars(r)["uuid"]
+	if strings.HasPrefix(uuid, "integration") {
+		render.Error(w, errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "dashboards created by integrations cannot be modified"))
+		return
+	}
+
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, errors.Newf(errors.TypeUnauthenticated, errors.CodeUnauthenticated, "unauthenticated"))
+		return
+	}
+
+	dashboard, err := dashboards.GetDashboard(r.Context(), claims.OrgID, uuid)
+	if err != nil {
+		render.Error(w, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to get dashboard"))
+		return
+	}
+
+	if err := claims.IsAdmin(); err != nil && (dashboard.CreatedBy != claims.Email) {
+		render.Error(w, errors.Newf(errors.TypeForbidden, errors.CodeForbidden, "You are not authorized to lock/unlock this dashboard"))
+		return
+	}
+
+	// Lock/Unlock the dashboard
+	err = dashboards.LockUnlockDashboard(r.Context(), claims.OrgID, uuid, lock)
+	if err != nil {
+		render.Error(w, errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to lock/unlock dashboard"))
+		return
+	}
+
+	ah.Respond(w, "Dashboard updated successfully")
+}
--- a/ee/query-service/app/api/domains.go
+++ b/ee/query-service/app/api/domains.go
@@ -0,0 +1,91 @@
+package api
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/ee/types"
+	"github.com/google/uuid"
+	"github.com/gorilla/mux"
+)
+
+func (ah *APIHandler) listDomainsByOrg(w http.ResponseWriter, r *http.Request) {
+	orgId := mux.Vars(r)["orgId"]
+	domains, apierr := ah.AppDao().ListDomains(context.Background(), orgId)
+	if apierr != nil {
+		RespondError(w, apierr, domains)
+		return
+	}
+	ah.Respond(w, domains)
+}
+
+func (ah *APIHandler) postDomain(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
+
+	req := types.GettableOrgDomain{}
+
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if err := req.ValidNew(); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if apierr := ah.AppDao().CreateDomain(ctx, &req); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, &req)
+}
+
+func (ah *APIHandler) putDomain(w http.ResponseWriter, r *http.Request) {
+	ctx := context.Background()
+
+	domainIdStr := mux.Vars(r)["id"]
+	domainId, err := uuid.Parse(domainIdStr)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	req := types.GettableOrgDomain{StorableOrgDomain: types.StorableOrgDomain{ID: domainId}}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+	req.ID = domainId
+	if err := req.Valid(nil); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+	}
+
+	if apierr := ah.AppDao().UpdateDomain(ctx, &req); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, &req)
+}
+
+func (ah *APIHandler) deleteDomain(w http.ResponseWriter, r *http.Request) {
+	domainIdStr := mux.Vars(r)["id"]
+
+	domainId, err := uuid.Parse(domainIdStr)
+	if err != nil {
+		RespondError(w, model.BadRequest(fmt.Errorf("invalid domain id")), nil)
+		return
+	}
+
+	apierr := ah.AppDao().DeleteDomain(context.Background(), domainId)
+	if apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+	ah.Respond(w, nil)
+}
--- a/ee/query-service/app/api/featureFlags.go
+++ b/ee/query-service/app/api/featureFlags.go
@@ -9,29 +9,13 @@ import (
 	"time"

 	"github.com/SigNoz/signoz/ee/query-service/constants"
-	pkgError "github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"go.uber.org/zap"
 )

 func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(w, pkgError.Newf(pkgError.TypeInvalidInput, pkgError.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	featureSet, err := ah.Signoz.Licensing.GetFeatureFlags(r.Context(), orgID)
+	featureSet, err := ah.FF().GetFeatureFlags()
 	if err != nil {
 		ah.HandleError(w, err, http.StatusInternalServerError)
 		return
@@ -39,7 +23,7 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {

 	if constants.FetchFeatures == "true" {
 		zap.L().Debug("fetching license")
-		license, err := ah.Signoz.Licensing.GetActive(ctx, orgID)
+		license, err := ah.LM().GetRepo().GetActiveLicense(ctx)
 		if err != nil {
 			zap.L().Error("failed to fetch license", zap.Error(err))
 		} else if license == nil {
@@ -59,17 +43,10 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {
 		}
 	}

-	if constants.IsPreferSpanMetrics {
-		for idx, feature := range featureSet {
-			if feature.Name == licensetypes.UseSpanMetrics {
-				featureSet[idx].Active = true
-			}
-		}
-	}
-
-	if constants.IsDotMetricsEnabled {
-		for idx, feature := range featureSet {
-			if feature.Name == licensetypes.DotMetricsEnabled {
+	if ah.opts.PreferSpanMetrics {
+		for idx := range featureSet {
+			feature := &featureSet[idx]
+			if feature.Name == basemodel.UseSpanMetrics {
 				featureSet[idx].Active = true
 			}
 		}
@@ -80,7 +57,7 @@ func (ah *APIHandler) getFeatureFlags(w http.ResponseWriter, r *http.Request) {

 // fetchZeusFeatures makes an HTTP GET request to the /zeusFeatures endpoint
 // and returns the FeatureSet.
-func fetchZeusFeatures(url, licenseKey string) ([]*licensetypes.Feature, error) {
+func fetchZeusFeatures(url, licenseKey string) (basemodel.FeatureSet, error) {
 	// Check if the URL is empty
 	if url == "" {
 		return nil, fmt.Errorf("url is empty")
@@ -139,28 +116,28 @@ func fetchZeusFeatures(url, licenseKey string) ([]*licensetypes.Feature, error)
 }

 type ZeusFeaturesResponse struct {
-	Status string                  `json:"status"`
-	Data   []*licensetypes.Feature `json:"data"`
+	Status string               `json:"status"`
+	Data   basemodel.FeatureSet `json:"data"`
 }

 // MergeFeatureSets merges two FeatureSet arrays with precedence to zeusFeatures.
-func MergeFeatureSets(zeusFeatures, internalFeatures []*licensetypes.Feature) []*licensetypes.Feature {
+func MergeFeatureSets(zeusFeatures, internalFeatures basemodel.FeatureSet) basemodel.FeatureSet {
 	// Create a map to store the merged features
-	featureMap := make(map[string]*licensetypes.Feature)
+	featureMap := make(map[string]basemodel.Feature)

 	// Add all features from the otherFeatures set to the map
 	for _, feature := range internalFeatures {
-		featureMap[feature.Name.StringValue()] = feature
+		featureMap[feature.Name] = feature
 	}

 	// Add all features from the zeusFeatures set to the map
 	// If a feature already exists (i.e., same name), the zeusFeature will overwrite it
 	for _, feature := range zeusFeatures {
-		featureMap[feature.Name.StringValue()] = feature
+		featureMap[feature.Name] = feature
 	}

 	// Convert the map back to a FeatureSet slice
-	var mergedFeatures []*licensetypes.Feature
+	var mergedFeatures basemodel.FeatureSet
 	for _, feature := range featureMap {
 		mergedFeatures = append(mergedFeatures, feature)
 	}
--- a/ee/query-service/app/api/featureFlags_test.go
+++ b/ee/query-service/app/api/featureFlags_test.go
@@ -3,79 +3,78 @@ package api
 import (
 	"testing"

-	"github.com/SigNoz/signoz/pkg/types/licensetypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 	"github.com/stretchr/testify/assert"
 )

 func TestMergeFeatureSets(t *testing.T) {
 	tests := []struct {
 		name             string
-		zeusFeatures     []*licensetypes.Feature
-		internalFeatures []*licensetypes.Feature
-		expected         []*licensetypes.Feature
+		zeusFeatures     basemodel.FeatureSet
+		internalFeatures basemodel.FeatureSet
+		expected         basemodel.FeatureSet
 	}{
 		{
 			name:             "empty zeusFeatures and internalFeatures",
-			zeusFeatures:     []*licensetypes.Feature{},
-			internalFeatures: []*licensetypes.Feature{},
-			expected:         []*licensetypes.Feature{},
+			zeusFeatures:     basemodel.FeatureSet{},
+			internalFeatures: basemodel.FeatureSet{},
+			expected:         basemodel.FeatureSet{},
 		},
 		{
 			name: "non-empty zeusFeatures and empty internalFeatures",
-			zeusFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
-			internalFeatures: []*licensetypes.Feature{},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			internalFeatures: basemodel.FeatureSet{},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
 		},
 		{
 			name:         "empty zeusFeatures and non-empty internalFeatures",
-			zeusFeatures: []*licensetypes.Feature{},
-			internalFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{},
+			internalFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
 		},
 		{
 			name: "non-empty zeusFeatures and non-empty internalFeatures with no conflicts",
-			zeusFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature3"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature3", Active: false},
 			},
-			internalFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature2"), Active: true},
-				{Name: valuer.NewString("Feature4"), Active: false},
+			internalFeatures: basemodel.FeatureSet{
+				{Name: "Feature2", Active: true},
+				{Name: "Feature4", Active: false},
 			},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: true},
-				{Name: valuer.NewString("Feature3"), Active: false},
-				{Name: valuer.NewString("Feature4"), Active: false},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: true},
+				{Name: "Feature3", Active: false},
+				{Name: "Feature4", Active: false},
 			},
 		},
 		{
 			name: "non-empty zeusFeatures and non-empty internalFeatures with conflicts",
-			zeusFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
+			zeusFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
 			},
-			internalFeatures: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: false},
-				{Name: valuer.NewString("Feature3"), Active: true},
+			internalFeatures: basemodel.FeatureSet{
+				{Name: "Feature1", Active: false},
+				{Name: "Feature3", Active: true},
 			},
-			expected: []*licensetypes.Feature{
-				{Name: valuer.NewString("Feature1"), Active: true},
-				{Name: valuer.NewString("Feature2"), Active: false},
-				{Name: valuer.NewString("Feature3"), Active: true},
+			expected: basemodel.FeatureSet{
+				{Name: "Feature1", Active: true},
+				{Name: "Feature2", Active: false},
+				{Name: "Feature3", Active: true},
 			},
 		},
 	}
--- a/ee/query-service/app/api/gateway.go
+++ b/ee/query-service/app/api/gateway.go
@@ -5,26 +5,10 @@ import (
 	"strings"

 	"github.com/SigNoz/signoz/ee/query-service/integrations/gateway"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 )

 func (ah *APIHandler) ServeGatewayHTTP(rw http.ResponseWriter, req *http.Request) {
 	ctx := req.Context()
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
 	validPath := false
 	for _, allowedPrefix := range gateway.AllowedPrefix {
 		if strings.HasPrefix(req.URL.Path, gateway.RoutePrefix+allowedPrefix) {
@@ -38,9 +22,9 @@ func (ah *APIHandler) ServeGatewayHTTP(rw http.ResponseWriter, req *http.Request
 		return
 	}

-	license, err := ah.Signoz.Licensing.GetActive(ctx, orgID)
+	license, err := ah.LM().GetRepo().GetActiveLicense(ctx)
 	if err != nil {
-		render.Error(rw, err)
+		RespondError(rw, err, nil)
 		return
 	}

--- a/ee/query-service/app/api/license.go
+++ b/ee/query-service/app/api/license.go
@@ -6,7 +6,11 @@ import (
 	"net/http"

 	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/integrations/signozio"
 	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	"github.com/SigNoz/signoz/pkg/query-service/telemetry"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 )

 type DayWiseBreakdown struct {
@@ -45,6 +49,10 @@ type details struct {
 	BillTotal float64         `json:"billTotal"`
 }

+type Redirect struct {
+	RedirectURL string `json:"redirectURL"`
+}
+
 type billingDetails struct {
 	Status string `json:"status"`
 	Data   struct {
@@ -56,6 +64,97 @@ type billingDetails struct {
 	} `json:"data"`
 }

+type ApplyLicenseRequest struct {
+	LicenseKey string `json:"key"`
+}
+
+func (ah *APIHandler) listLicensesV3(w http.ResponseWriter, r *http.Request) {
+	ah.listLicensesV2(w, r)
+}
+
+func (ah *APIHandler) getActiveLicenseV3(w http.ResponseWriter, r *http.Request) {
+	activeLicense, err := ah.LM().GetRepo().GetActiveLicenseV3(r.Context())
+	if err != nil {
+		RespondError(w, &model.ApiError{Typ: model.ErrorInternal, Err: err}, nil)
+		return
+	}
+
+	// return 404 not found if there is no active license
+	if activeLicense == nil {
+		RespondError(w, &model.ApiError{Typ: model.ErrorNotFound, Err: fmt.Errorf("no active license found")}, nil)
+		return
+	}
+
+	// TODO deprecate this when we move away from key for stripe
+	activeLicense.Data["key"] = activeLicense.Key
+	render.Success(w, http.StatusOK, activeLicense.Data)
+}
+
+// this function is called by zeus when inserting licenses in the query-service
+func (ah *APIHandler) applyLicenseV3(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	var licenseKey ApplyLicenseRequest
+	if err := json.NewDecoder(r.Body).Decode(&licenseKey); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	if licenseKey.LicenseKey == "" {
+		RespondError(w, model.BadRequest(fmt.Errorf("license key is required")), nil)
+		return
+	}
+
+	_, err = ah.LM().ActivateV3(r.Context(), licenseKey.LicenseKey)
+	if err != nil {
+		telemetry.GetInstance().SendEvent(telemetry.TELEMETRY_LICENSE_ACT_FAILED, map[string]interface{}{"err": err.Error()}, claims.Email, true, false)
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusAccepted, nil)
+}
+
+func (ah *APIHandler) refreshLicensesV3(w http.ResponseWriter, r *http.Request) {
+	err := ah.LM().RefreshLicense(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	render.Success(w, http.StatusNoContent, nil)
+}
+
+func getCheckoutPortalResponse(redirectURL string) *Redirect {
+	return &Redirect{RedirectURL: redirectURL}
+}
+
+func (ah *APIHandler) checkout(w http.ResponseWriter, r *http.Request) {
+	checkoutRequest := &model.CheckoutRequest{}
+	if err := json.NewDecoder(r.Body).Decode(checkoutRequest); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	license := ah.LM().GetActiveLicense()
+	if license == nil {
+		RespondError(w, model.BadRequestStr("cannot proceed with checkout without license key"), nil)
+		return
+	}
+
+	redirectUrl, err := signozio.CheckoutSession(r.Context(), checkoutRequest, license.Key, ah.Signoz.Zeus)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	ah.Respond(w, getCheckoutPortalResponse(redirectUrl))
+}
+
 func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 	licenseKey := r.URL.Query().Get("licenseKey")

@@ -89,3 +188,71 @@ func (ah *APIHandler) getBilling(w http.ResponseWriter, r *http.Request) {
 	// TODO(srikanthccv):Fetch the current day usage and add it to the response
 	ah.Respond(w, billingResponse.Data)
 }
+
+func convertLicenseV3ToLicenseV2(licenses []*model.LicenseV3) []model.License {
+	licensesV2 := []model.License{}
+	for _, l := range licenses {
+		planKeyFromPlanName, ok := model.MapOldPlanKeyToNewPlanName[l.PlanName]
+		if !ok {
+			planKeyFromPlanName = model.Basic
+		}
+		licenseV2 := model.License{
+			Key:               l.Key,
+			ActivationId:      "",
+			PlanDetails:       "",
+			FeatureSet:        l.Features,
+			ValidationMessage: "",
+			IsCurrent:         l.IsCurrent,
+			LicensePlan: model.LicensePlan{
+				PlanKey:    planKeyFromPlanName,
+				ValidFrom:  l.ValidFrom,
+				ValidUntil: l.ValidUntil,
+				Status:     l.Status},
+		}
+		licensesV2 = append(licensesV2, licenseV2)
+	}
+	return licensesV2
+}
+
+func (ah *APIHandler) listLicensesV2(w http.ResponseWriter, r *http.Request) {
+	licensesV3, apierr := ah.LM().GetLicensesV3(r.Context())
+	if apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+	licenses := convertLicenseV3ToLicenseV2(licensesV3)
+
+	resp := model.Licenses{
+		TrialStart:                   -1,
+		TrialEnd:                     -1,
+		OnTrial:                      false,
+		WorkSpaceBlock:               false,
+		TrialConvertedToSubscription: false,
+		GracePeriodEnd:               -1,
+		Licenses:                     licenses,
+	}
+
+	ah.Respond(w, resp)
+}
+
+func (ah *APIHandler) portalSession(w http.ResponseWriter, r *http.Request) {
+	portalRequest := &model.PortalRequest{}
+	if err := json.NewDecoder(r.Body).Decode(portalRequest); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	license := ah.LM().GetActiveLicense()
+	if license == nil {
+		RespondError(w, model.BadRequestStr("cannot request the portal session without license key"), nil)
+		return
+	}
+
+	redirectUrl, err := signozio.PortalSession(r.Context(), portalRequest, license.Key, ah.Signoz.Zeus)
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	ah.Respond(w, getCheckoutPortalResponse(redirectUrl))
+}
--- a/ee/query-service/app/api/pat.go
+++ b/ee/query-service/app/api/pat.go
@@ -0,0 +1,187 @@
+package api
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"slices"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	eeTypes "github.com/SigNoz/signoz/ee/types"
+	"github.com/SigNoz/signoz/pkg/errors"
+	errorsV2 "github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/http/render"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/gorilla/mux"
+	"go.uber.org/zap"
+)
+
+func (ah *APIHandler) createPAT(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	req := model.CreatePATRequestBody{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	pat := eeTypes.NewGettablePAT(
+		req.Name,
+		req.Role,
+		claims.UserID,
+		req.ExpiresInDays,
+	)
+	err = validatePATRequest(pat)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	zap.L().Info("Got Create PAT request", zap.Any("pat", pat))
+	var apierr basemodel.BaseApiError
+	if pat, apierr = ah.AppDao().CreatePAT(r.Context(), claims.OrgID, pat); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, &pat)
+}
+
+func validatePATRequest(req eeTypes.GettablePAT) error {
+	_, err := authtypes.NewRole(req.Role)
+	if err != nil {
+		return err
+	}
+
+	if req.ExpiresAt < 0 {
+		return fmt.Errorf("valid expiresAt is required")
+	}
+
+	if req.Name == "" {
+		return fmt.Errorf("valid name is required")
+	}
+
+	return nil
+}
+
+func (ah *APIHandler) updatePAT(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	req := eeTypes.GettablePAT{}
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	idStr := mux.Vars(r)["id"]
+	id, err := valuer.NewUUID(idStr)
+	if err != nil {
+		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is not a valid uuid-v7"))
+		return
+	}
+
+	//get the pat
+	existingPAT, paterr := ah.AppDao().GetPATByID(r.Context(), claims.OrgID, id)
+	if paterr != nil {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, paterr.Error()))
+		return
+	}
+
+	// get the user
+	createdByUser, usererr := ah.AppDao().GetUser(r.Context(), existingPAT.UserID)
+	if usererr != nil {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, usererr.Error()))
+		return
+	}
+
+	if slices.Contains(types.AllIntegrationUserEmails, types.IntegrationUserEmail(createdByUser.Email)) {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, "integration user pat cannot be updated"))
+		return
+	}
+
+	err = validatePATRequest(req)
+	if err != nil {
+		RespondError(w, model.BadRequest(err), nil)
+		return
+	}
+
+	req.UpdatedByUserID = claims.UserID
+	req.UpdatedAt = time.Now()
+	zap.L().Info("Got UpdateSteps PAT request", zap.Any("pat", req))
+	var apierr basemodel.BaseApiError
+	if apierr = ah.AppDao().UpdatePAT(r.Context(), claims.OrgID, req, id); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, map[string]string{"data": "pat updated successfully"})
+}
+
+func (ah *APIHandler) getPATs(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	pats, apierr := ah.AppDao().ListPATs(r.Context(), claims.OrgID)
+	if apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+
+	ah.Respond(w, pats)
+}
+
+func (ah *APIHandler) revokePAT(w http.ResponseWriter, r *http.Request) {
+	claims, err := authtypes.ClaimsFromContext(r.Context())
+	if err != nil {
+		render.Error(w, err)
+		return
+	}
+
+	idStr := mux.Vars(r)["id"]
+	id, err := valuer.NewUUID(idStr)
+	if err != nil {
+		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "id is not a valid uuid-v7"))
+		return
+	}
+
+	//get the pat
+	existingPAT, paterr := ah.AppDao().GetPATByID(r.Context(), claims.OrgID, id)
+	if paterr != nil {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, paterr.Error()))
+		return
+	}
+
+	// get the user
+	createdByUser, usererr := ah.AppDao().GetUser(r.Context(), existingPAT.UserID)
+	if usererr != nil {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, usererr.Error()))
+		return
+	}
+
+	if slices.Contains(types.AllIntegrationUserEmails, types.IntegrationUserEmail(createdByUser.Email)) {
+		render.Error(w, errorsV2.Newf(errorsV2.TypeInvalidInput, errorsV2.CodeInvalidInput, "integration user pat cannot be updated"))
+		return
+	}
+
+	zap.L().Info("Revoke PAT with id", zap.String("id", id.StringValue()))
+	if apierr := ah.AppDao().RevokePAT(r.Context(), claims.OrgID, id, claims.UserID); apierr != nil {
+		RespondError(w, apierr, nil)
+		return
+	}
+	ah.Respond(w, map[string]string{"data": "pat revoked successfully"})
+}
--- a/ee/query-service/app/api/queryrange.go
+++ b/ee/query-service/app/api/queryrange.go
@@ -2,39 +2,19 @@ package api

 import (
 	"bytes"
-	"context"
-	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
-	"runtime/debug"

-	anomalyV2 "github.com/SigNoz/signoz/ee/anomaly"
 	"github.com/SigNoz/signoz/ee/query-service/anomaly"
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/http/render"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/query-service/app/queryBuilder"
 	"github.com/SigNoz/signoz/pkg/query-service/model"
 	v3 "github.com/SigNoz/signoz/pkg/query-service/model/v3"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
 	"go.uber.org/zap"
-
-	qbtypes "github.com/SigNoz/signoz/pkg/types/querybuildertypes/querybuildertypesv5"
 )

 func (aH *APIHandler) queryRangeV4(w http.ResponseWriter, r *http.Request) {
-	claims, err := authtypes.ClaimsFromContext(r.Context())
-	if err != nil {
-		render.Error(w, err)
-		return
-	}
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(w, err)
-		return
-	}

 	bodyBytes, _ := io.ReadAll(r.Body)
 	r.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
@@ -49,7 +29,7 @@ func (aH *APIHandler) queryRangeV4(w http.ResponseWriter, r *http.Request) {
 	queryRangeParams.Version = "v4"

 	// add temporality for each metric
-	temporalityErr := aH.PopulateTemporality(r.Context(), orgID, queryRangeParams)
+	temporalityErr := aH.PopulateTemporality(r.Context(), queryRangeParams)
 	if temporalityErr != nil {
 		zap.L().Error("Error while adding temporality for metrics", zap.Error(temporalityErr))
 		RespondError(w, &model.ApiError{Typ: model.ErrorInternal, Err: temporalityErr}, nil)
@@ -105,30 +85,30 @@ func (aH *APIHandler) queryRangeV4(w http.ResponseWriter, r *http.Request) {
 		switch seasonality {
 		case anomaly.SeasonalityWeekly:
 			provider = anomaly.NewWeeklyProvider(
-				anomaly.WithCache[*anomaly.WeeklyProvider](aH.Signoz.Cache),
+				anomaly.WithCache[*anomaly.WeeklyProvider](aH.opts.Cache),
 				anomaly.WithKeyGenerator[*anomaly.WeeklyProvider](queryBuilder.NewKeyGenerator()),
 				anomaly.WithReader[*anomaly.WeeklyProvider](aH.opts.DataConnector),
 			)
 		case anomaly.SeasonalityDaily:
 			provider = anomaly.NewDailyProvider(
-				anomaly.WithCache[*anomaly.DailyProvider](aH.Signoz.Cache),
+				anomaly.WithCache[*anomaly.DailyProvider](aH.opts.Cache),
 				anomaly.WithKeyGenerator[*anomaly.DailyProvider](queryBuilder.NewKeyGenerator()),
 				anomaly.WithReader[*anomaly.DailyProvider](aH.opts.DataConnector),
 			)
 		case anomaly.SeasonalityHourly:
 			provider = anomaly.NewHourlyProvider(
-				anomaly.WithCache[*anomaly.HourlyProvider](aH.Signoz.Cache),
+				anomaly.WithCache[*anomaly.HourlyProvider](aH.opts.Cache),
 				anomaly.WithKeyGenerator[*anomaly.HourlyProvider](queryBuilder.NewKeyGenerator()),
 				anomaly.WithReader[*anomaly.HourlyProvider](aH.opts.DataConnector),
 			)
 		default:
 			provider = anomaly.NewDailyProvider(
-				anomaly.WithCache[*anomaly.DailyProvider](aH.Signoz.Cache),
+				anomaly.WithCache[*anomaly.DailyProvider](aH.opts.Cache),
 				anomaly.WithKeyGenerator[*anomaly.DailyProvider](queryBuilder.NewKeyGenerator()),
 				anomaly.WithReader[*anomaly.DailyProvider](aH.opts.DataConnector),
 			)
 		}
-		anomalies, err := provider.GetAnomalies(r.Context(), orgID, &anomaly.GetAnomaliesRequest{Params: queryRangeParams})
+		anomalies, err := provider.GetAnomalies(r.Context(), &anomaly.GetAnomaliesRequest{Params: queryRangeParams})
 		if err != nil {
 			RespondError(w, &model.ApiError{Typ: model.ErrorInternal, Err: err}, nil)
 			return
@@ -143,139 +123,3 @@ func (aH *APIHandler) queryRangeV4(w http.ResponseWriter, r *http.Request) {
 		aH.QueryRangeV4(w, r)
 	}
 }
-
-func extractSeasonality(anomalyQuery *qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation]) anomalyV2.Seasonality {
-	for _, fn := range anomalyQuery.Functions {
-		if fn.Name == qbtypes.FunctionNameAnomaly {
-			for _, arg := range fn.Args {
-				if arg.Name == "seasonality" {
-					if seasonalityStr, ok := arg.Value.(string); ok {
-						switch seasonalityStr {
-						case "weekly":
-							return anomalyV2.SeasonalityWeekly
-						case "hourly":
-							return anomalyV2.SeasonalityHourly
-						}
-					}
-				}
-			}
-		}
-	}
-	return anomalyV2.SeasonalityDaily // default
-}
-
-func createAnomalyProvider(aH *APIHandler, seasonality anomalyV2.Seasonality) anomalyV2.Provider {
-	switch seasonality {
-	case anomalyV2.SeasonalityWeekly:
-		return anomalyV2.NewWeeklyProvider(
-			anomalyV2.WithQuerier[*anomalyV2.WeeklyProvider](aH.Signoz.Querier),
-			anomalyV2.WithLogger[*anomalyV2.WeeklyProvider](aH.Signoz.Instrumentation.Logger()),
-		)
-	case anomalyV2.SeasonalityHourly:
-		return anomalyV2.NewHourlyProvider(
-			anomalyV2.WithQuerier[*anomalyV2.HourlyProvider](aH.Signoz.Querier),
-			anomalyV2.WithLogger[*anomalyV2.HourlyProvider](aH.Signoz.Instrumentation.Logger()),
-		)
-	default:
-		return anomalyV2.NewDailyProvider(
-			anomalyV2.WithQuerier[*anomalyV2.DailyProvider](aH.Signoz.Querier),
-			anomalyV2.WithLogger[*anomalyV2.DailyProvider](aH.Signoz.Instrumentation.Logger()),
-		)
-	}
-}
-
-func (aH *APIHandler) handleAnomalyQuery(ctx context.Context, orgID valuer.UUID, anomalyQuery *qbtypes.QueryBuilderQuery[qbtypes.MetricAggregation], queryRangeRequest qbtypes.QueryRangeRequest) (*anomalyV2.AnomaliesResponse, error) {
-	seasonality := extractSeasonality(anomalyQuery)
-	provider := createAnomalyProvider(aH, seasonality)
-
-	return provider.GetAnomalies(ctx, orgID, &anomalyV2.AnomaliesRequest{Params: queryRangeRequest})
-}
-
-func (aH *APIHandler) queryRangeV5(rw http.ResponseWriter, req *http.Request) {
-
-	bodyBytes, err := io.ReadAll(req.Body)
-	if err != nil {
-		render.Error(rw, errors.NewInvalidInputf(errors.CodeInvalidInput, "failed to read request body: %v", err))
-		return
-	}
-	req.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-
-	ctx := req.Context()
-
-	claims, err := authtypes.ClaimsFromContext(ctx)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	var queryRangeRequest qbtypes.QueryRangeRequest
-	if err := json.NewDecoder(req.Body).Decode(&queryRangeRequest); err != nil {
-		render.Error(rw, errors.NewInvalidInputf(errors.CodeInvalidInput, "failed to decode request body: %v", err))
-		return
-	}
-
-	defer func() {
-		if r := recover(); r != nil {
-			stackTrace := string(debug.Stack())
-
-			queryJSON, _ := json.Marshal(queryRangeRequest)
-
-			aH.Signoz.Instrumentation.Logger().ErrorContext(ctx, "panic in QueryRange",
-				"error", r,
-				"user", claims.UserID,
-				"payload", string(queryJSON),
-				"stacktrace", stackTrace,
-			)
-
-			render.Error(rw, errors.NewInternalf(
-				errors.CodeInternal,
-				"Something went wrong on our end. It's not you, it's us. Our team is notified about it. Reach out to support if issue persists.",
-			))
-		}
-	}()
-
-	if err := queryRangeRequest.Validate(); err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	orgID, err := valuer.NewUUID(claims.OrgID)
-	if err != nil {
-		render.Error(rw, err)
-		return
-	}
-
-	if anomalyQuery, ok := queryRangeRequest.IsAnomalyRequest(); ok {
-		anomalies, err := aH.handleAnomalyQuery(ctx, orgID, anomalyQuery, queryRangeRequest)
-		if err != nil {
-			render.Error(rw, errors.NewInternalf(errors.CodeInternal, "failed to get anomalies: %v", err))
-			return
-		}
-
-		results := []any{}
-		for _, item := range anomalies.Results {
-			results = append(results, item)
-		}
-
-		finalResp := &qbtypes.QueryRangeResponse{
-			Type: queryRangeRequest.RequestType,
-			Data: struct {
-				Results []any `json:"results"`
-			}{
-				Results: results,
-			},
-			Meta: struct {
-				RowsScanned  uint64 `json:"rowsScanned"`
-				BytesScanned uint64 `json:"bytesScanned"`
-				DurationMS   uint64 `json:"durationMs"`
-			}{},
-		}
-
-		render.Success(rw, http.StatusOK, finalResp)
-		return
-	} else {
-		// regular query range request, let the querier handle it
-		req.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-		aH.QuerierAPI.QueryRange(rw, req)
-	}
-}
--- a/ee/query-service/app/db/reader.go
+++ b/ee/query-service/app/db/reader.go
@@ -0,0 +1,35 @@
+package db
+
+import (
+	"time"
+
+	"github.com/ClickHouse/clickhouse-go/v2"
+
+	"github.com/SigNoz/signoz/pkg/cache"
+	"github.com/SigNoz/signoz/pkg/prometheus"
+	basechr "github.com/SigNoz/signoz/pkg/query-service/app/clickhouseReader"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/telemetrystore"
+)
+
+type ClickhouseReader struct {
+	conn  clickhouse.Conn
+	appdb sqlstore.SQLStore
+	*basechr.ClickHouseReader
+}
+
+func NewDataConnector(
+	sqlDB sqlstore.SQLStore,
+	telemetryStore telemetrystore.TelemetryStore,
+	prometheus prometheus.Prometheus,
+	cluster string,
+	fluxIntervalForTraceDetail time.Duration,
+	cache cache.Cache,
+) *ClickhouseReader {
+	chReader := basechr.NewReader(sqlDB, telemetryStore, prometheus, cluster, fluxIntervalForTraceDetail, cache)
+	return &ClickhouseReader{
+		conn:             telemetryStore.ClickhouseDB(),
+		appdb:            sqlDB,
+		ClickHouseReader: chReader,
+	}
+}
--- a/ee/query-service/app/server.go
+++ b/ee/query-service/app/server.go
@@ -3,110 +3,154 @@ package app
 import (
 	"context"
 	"fmt"
-	"log/slog"
 	"net"
 	"net/http"
 	_ "net/http/pprof" // http profiler
-	"slices"
-
-	"github.com/SigNoz/signoz/pkg/cache/memorycache"
-	"github.com/SigNoz/signoz/pkg/ruler/rulestore/sqlrulestore"
-	"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux"
-	"go.opentelemetry.io/otel/propagation"
+	"time"

 	"github.com/gorilla/handlers"
+	"github.com/jmoiron/sqlx"

+	eemiddleware "github.com/SigNoz/signoz/ee/http/middleware"
 	"github.com/SigNoz/signoz/ee/query-service/app/api"
+	"github.com/SigNoz/signoz/ee/query-service/app/db"
+	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/dao"
 	"github.com/SigNoz/signoz/ee/query-service/integrations/gateway"
 	"github.com/SigNoz/signoz/ee/query-service/rules"
-	"github.com/SigNoz/signoz/ee/query-service/usage"
 	"github.com/SigNoz/signoz/pkg/alertmanager"
-	"github.com/SigNoz/signoz/pkg/cache"
 	"github.com/SigNoz/signoz/pkg/http/middleware"
-	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/prometheus"
-	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/signoz"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/telemetrystore"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/web"
 	"github.com/rs/cors"
 	"github.com/soheilhy/cmux"

+	licensepkg "github.com/SigNoz/signoz/ee/query-service/license"
+	"github.com/SigNoz/signoz/ee/query-service/usage"
+
 	"github.com/SigNoz/signoz/pkg/query-service/agentConf"
 	baseapp "github.com/SigNoz/signoz/pkg/query-service/app"
-	"github.com/SigNoz/signoz/pkg/query-service/app/clickhouseReader"
 	"github.com/SigNoz/signoz/pkg/query-service/app/cloudintegrations"
+	"github.com/SigNoz/signoz/pkg/query-service/app/dashboards"
+	baseexplorer "github.com/SigNoz/signoz/pkg/query-service/app/explorer"
 	"github.com/SigNoz/signoz/pkg/query-service/app/integrations"
 	"github.com/SigNoz/signoz/pkg/query-service/app/logparsingpipeline"
 	"github.com/SigNoz/signoz/pkg/query-service/app/opamp"
 	opAmpModel "github.com/SigNoz/signoz/pkg/query-service/app/opamp/model"
+	"github.com/SigNoz/signoz/pkg/query-service/cache"
 	baseconst "github.com/SigNoz/signoz/pkg/query-service/constants"
 	"github.com/SigNoz/signoz/pkg/query-service/healthcheck"
 	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
 	baserules "github.com/SigNoz/signoz/pkg/query-service/rules"
+	"github.com/SigNoz/signoz/pkg/query-service/telemetry"
 	"github.com/SigNoz/signoz/pkg/query-service/utils"
 	"go.uber.org/zap"
 )

-// Server runs HTTP, Mux and a grpc server
+type ServerOptions struct {
+	Config                     signoz.Config
+	SigNoz                     *signoz.SigNoz
+	HTTPHostPort               string
+	PrivateHostPort            string
+	PreferSpanMetrics          bool
+	CacheConfigPath            string
+	FluxInterval               string
+	FluxIntervalForTraceDetail string
+	Cluster                    string
+	GatewayUrl                 string
+	Jwt                        *authtypes.JWT
+}
+
+// Server runs HTTP api service
 type Server struct {
-	config      signoz.Config
-	signoz      *signoz.SigNoz
-	ruleManager *baserules.Manager
+	serverOptions *ServerOptions
+	ruleManager   *baserules.Manager

 	// public http router
-	httpConn     net.Listener
-	httpServer   *http.Server
-	httpHostPort string
+	httpConn   net.Listener
+	httpServer *http.Server

-	opampServer *opamp.Server
+	// private http
+	privateConn net.Listener
+	privateHTTP *http.Server

 	// Usage manager
 	usageManager *usage.Manager

+	opampServer *opamp.Server
+
 	unavailableChannel chan healthcheck.Status
 }

+// HealthCheckStatus returns health check status channel a client can subscribe to
+func (s Server) HealthCheckStatus() chan healthcheck.Status {
+	return s.unavailableChannel
+}
+
 // NewServer creates and initializes Server
-func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
-	gatewayProxy, err := gateway.NewProxy(config.Gateway.URL.String(), gateway.RoutePrefix)
+func NewServer(serverOptions *ServerOptions) (*Server, error) {
+	modelDao, err := dao.InitDao(serverOptions.SigNoz.SQLStore)
 	if err != nil {
 		return nil, err
 	}

-	cacheForTraceDetail, err := memorycache.New(context.TODO(), signoz.Instrumentation.ToProviderSettings(), cache.Config{
-		Provider: "memory",
-		Memory: cache.Memory{
-			NumCounters: 10 * 10000,
-			MaxCost:     1 << 27, // 128 MB
-		},
-	})
+	if err := baseexplorer.InitWithDSN(serverOptions.SigNoz.SQLStore); err != nil {
+		return nil, err
+	}
+
+	if err := dashboards.InitDB(serverOptions.SigNoz.SQLStore); err != nil {
+		return nil, err
+	}
+
+	gatewayProxy, err := gateway.NewProxy(serverOptions.GatewayUrl, gateway.RoutePrefix)
 	if err != nil {
 		return nil, err
 	}

-	reader := clickhouseReader.NewReader(
-		signoz.SQLStore,
-		signoz.TelemetryStore,
-		signoz.Prometheus,
-		signoz.TelemetryStore.Cluster(),
-		config.Querier.FluxInterval,
-		cacheForTraceDetail,
-		signoz.Cache,
-		nil,
+	// initiate license manager
+	lm, err := licensepkg.StartManager(serverOptions.SigNoz.SQLStore.SQLxDB(), serverOptions.SigNoz.SQLStore, serverOptions.SigNoz.Zeus)
+	if err != nil {
+		return nil, err
+	}
+
+	// set license manager as feature flag provider in dao
+	modelDao.SetFlagProvider(lm)
+
+	fluxIntervalForTraceDetail, err := time.ParseDuration(serverOptions.FluxIntervalForTraceDetail)
+	if err != nil {
+		return nil, err
+	}
+
+	reader := db.NewDataConnector(
+		serverOptions.SigNoz.SQLStore,
+		serverOptions.SigNoz.TelemetryStore,
+		serverOptions.SigNoz.Prometheus,
+		serverOptions.Cluster,
+		fluxIntervalForTraceDetail,
+		serverOptions.SigNoz.Cache,
 	)

+	var c cache.Cache
+	if serverOptions.CacheConfigPath != "" {
+		cacheOpts, err := cache.LoadFromYAMLCacheConfigFile(serverOptions.CacheConfigPath)
+		if err != nil {
+			return nil, err
+		}
+		c = cache.NewCache(cacheOpts)
+	}
+
 	rm, err := makeRulesManager(
+		serverOptions.SigNoz.SQLStore.SQLxDB(),
 		reader,
-		signoz.Cache,
-		signoz.Alertmanager,
-		signoz.SQLStore,
-		signoz.TelemetryStore,
-		signoz.Prometheus,
-		signoz.Modules.OrgGetter,
-		signoz.Querier,
-		signoz.Instrumentation.Logger(),
+		c,
+		serverOptions.SigNoz.Alertmanager,
+		serverOptions.SigNoz.SQLStore,
+		serverOptions.SigNoz.TelemetryStore,
+		serverOptions.SigNoz.Prometheus,
 	)

 	if err != nil {
@@ -114,16 +158,19 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 	}

 	// initiate opamp
-	opAmpModel.Init(signoz.SQLStore, signoz.Instrumentation.Logger(), signoz.Modules.OrgGetter)
+	_, err = opAmpModel.InitDB(serverOptions.SigNoz.SQLStore.SQLxDB())
+	if err != nil {
+		return nil, err
+	}

-	integrationsController, err := integrations.NewController(signoz.SQLStore)
+	integrationsController, err := integrations.NewController(serverOptions.SigNoz.SQLStore)
 	if err != nil {
 		return nil, fmt.Errorf(
 			"couldn't create integrations controller: %w", err,
 		)
 	}

-	cloudIntegrationsController, err := cloudintegrations.NewController(signoz.SQLStore)
+	cloudIntegrationsController, err := cloudintegrations.NewController(serverOptions.SigNoz.SQLStore)
 	if err != nil {
 		return nil, fmt.Errorf(
 			"couldn't create cloud provider integrations controller: %w", err,
@@ -132,8 +179,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {

 	// ingestion pipelines manager
 	logParsingPipelineController, err := logparsingpipeline.NewLogParsingPipelinesController(
-		signoz.SQLStore,
-		integrationsController.GetPipelinesForInstalledIntegrations,
+		serverOptions.SigNoz.SQLStore, integrationsController.GetPipelinesForInstalledIntegrations,
 	)
 	if err != nil {
 		return nil, err
@@ -141,7 +187,7 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {

 	// initiate agent config handler
 	agentConfMgr, err := agentConf.Initiate(&agentConf.ManagerOptions{
-		Store:         signoz.SQLStore,
+		DB:            serverOptions.SigNoz.SQLStore.SQLxDB(),
 		AgentFeatures: []agentConf.AgentFeature{logParsingPipelineController},
 	})
 	if err != nil {
@@ -149,42 +195,54 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {
 	}

 	// start the usagemanager
-	usageManager, err := usage.New(signoz.Licensing, signoz.TelemetryStore.ClickhouseDB(), signoz.Zeus, signoz.Modules.OrgGetter)
+	usageManager, err := usage.New(modelDao, lm.GetRepo(), serverOptions.SigNoz.TelemetryStore.ClickhouseDB(), serverOptions.SigNoz.Zeus)
 	if err != nil {
 		return nil, err
 	}
-	err = usageManager.Start(context.Background())
+	err = usageManager.Start()
+	if err != nil {
+		return nil, err
+	}
+
+	telemetry.GetInstance().SetReader(reader)
+	telemetry.GetInstance().SetSaasOperator(constants.SaasSegmentKey)
+
+	fluxInterval, err := time.ParseDuration(serverOptions.FluxInterval)
 	if err != nil {
 		return nil, err
 	}

 	apiOpts := api.APIHandlerOptions{
 		DataConnector:                 reader,
+		PreferSpanMetrics:             serverOptions.PreferSpanMetrics,
+		AppDao:                        modelDao,
 		RulesManager:                  rm,
 		UsageManager:                  usageManager,
+		FeatureFlags:                  lm,
+		LicenseManager:                lm,
 		IntegrationsController:        integrationsController,
 		CloudIntegrationsController:   cloudIntegrationsController,
 		LogsParsingPipelineController: logParsingPipelineController,
-		FluxInterval:                  config.Querier.FluxInterval,
+		Cache:                         c,
+		FluxInterval:                  fluxInterval,
 		Gateway:                       gatewayProxy,
-		GatewayUrl:                    config.Gateway.URL.String(),
+		GatewayUrl:                    serverOptions.GatewayUrl,
+		JWT:                           serverOptions.Jwt,
 	}

-	apiHandler, err := api.NewAPIHandler(apiOpts, signoz)
+	apiHandler, err := api.NewAPIHandler(apiOpts, serverOptions.SigNoz)
 	if err != nil {
 		return nil, err
 	}

 	s := &Server{
-		config:             config,
-		signoz:             signoz,
 		ruleManager:        rm,
-		httpHostPort:       baseconst.HTTPHostPort,
+		serverOptions:      serverOptions,
 		unavailableChannel: make(chan healthcheck.Status),
 		usageManager:       usageManager,
 	}

-	httpServer, err := s.createPublicServer(apiHandler, signoz.Web)
+	httpServer, err := s.createPublicServer(apiHandler, serverOptions.SigNoz.Web)

 	if err != nil {
 		return nil, err
@@ -192,41 +250,70 @@ func NewServer(config signoz.Config, signoz *signoz.SigNoz) (*Server, error) {

 	s.httpServer = httpServer

+	privateServer, err := s.createPrivateServer(apiHandler)
+	if err != nil {
+		return nil, err
+	}
+
+	s.privateHTTP = privateServer
+
 	s.opampServer = opamp.InitializeServer(
-		&opAmpModel.AllAgents, agentConfMgr, signoz.Instrumentation,
+		&opAmpModel.AllAgents, agentConfMgr,
 	)

+	errorList := reader.PreloadMetricsMetadata(context.Background())
+	for _, er := range errorList {
+		zap.L().Error("failed to preload metrics metadata", zap.Error(er))
+	}
+
 	return s, nil
 }

-// HealthCheckStatus returns health check status channel a client can subscribe to
-func (s Server) HealthCheckStatus() chan healthcheck.Status {
-	return s.unavailableChannel
+func (s *Server) createPrivateServer(apiHandler *api.APIHandler) (*http.Server, error) {
+
+	r := baseapp.NewRouter()
+
+	r.Use(middleware.NewAuth(zap.L(), s.serverOptions.Jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}).Wrap)
+	r.Use(eemiddleware.NewPat(s.serverOptions.SigNoz.SQLStore, []string{"SIGNOZ-API-KEY"}).Wrap)
+	r.Use(middleware.NewTimeout(zap.L(),
+		s.serverOptions.Config.APIServer.Timeout.ExcludedRoutes,
+		s.serverOptions.Config.APIServer.Timeout.Default,
+		s.serverOptions.Config.APIServer.Timeout.Max,
+	).Wrap)
+	r.Use(middleware.NewAnalytics(zap.L()).Wrap)
+	r.Use(middleware.NewLogging(zap.L(), s.serverOptions.Config.APIServer.Logging.ExcludedRoutes).Wrap)
+
+	apiHandler.RegisterPrivateRoutes(r)
+
+	c := cors.New(cors.Options{
+		//todo(amol): find out a way to add exact domain or
+		// ip here for alert manager
+		AllowedOrigins: []string{"*"},
+		AllowedMethods: []string{"GET", "DELETE", "POST", "PUT", "PATCH"},
+		AllowedHeaders: []string{"Accept", "Authorization", "Content-Type", "SIGNOZ-API-KEY", "X-SIGNOZ-QUERY-ID", "Sec-WebSocket-Protocol"},
+	})
+
+	handler := c.Handler(r)
+	handler = handlers.CompressHandler(handler)
+
+	return &http.Server{
+		Handler: handler,
+	}, nil
 }

 func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*http.Server, error) {
 	r := baseapp.NewRouter()
-	am := middleware.NewAuthZ(s.signoz.Instrumentation.Logger(), s.signoz.Modules.OrgGetter, s.signoz.Authz)
+	am := middleware.NewAuthZ(s.serverOptions.SigNoz.Instrumentation.Logger())

-	r.Use(otelmux.Middleware(
-		"apiserver",
-		otelmux.WithMeterProvider(s.signoz.Instrumentation.MeterProvider()),
-		otelmux.WithTracerProvider(s.signoz.Instrumentation.TracerProvider()),
-		otelmux.WithPropagators(propagation.NewCompositeTextMapPropagator(propagation.Baggage{}, propagation.TraceContext{})),
-		otelmux.WithFilter(func(r *http.Request) bool {
-			return !slices.Contains([]string{"/api/v1/health"}, r.URL.Path)
-		}),
-		otelmux.WithPublicEndpoint(),
-	))
-	r.Use(middleware.NewAuthN([]string{"Authorization", "Sec-WebSocket-Protocol"}, s.signoz.Sharder, s.signoz.Tokenizer, s.signoz.Instrumentation.Logger()).Wrap)
-	r.Use(middleware.NewAPIKey(s.signoz.SQLStore, []string{"SIGNOZ-API-KEY"}, s.signoz.Instrumentation.Logger(), s.signoz.Sharder).Wrap)
-	r.Use(middleware.NewTimeout(s.signoz.Instrumentation.Logger(),
-		s.config.APIServer.Timeout.ExcludedRoutes,
-		s.config.APIServer.Timeout.Default,
-		s.config.APIServer.Timeout.Max,
+	r.Use(middleware.NewAuth(zap.L(), s.serverOptions.Jwt, []string{"Authorization", "Sec-WebSocket-Protocol"}).Wrap)
+	r.Use(eemiddleware.NewPat(s.serverOptions.SigNoz.SQLStore, []string{"SIGNOZ-API-KEY"}).Wrap)
+	r.Use(middleware.NewTimeout(zap.L(),
+		s.serverOptions.Config.APIServer.Timeout.ExcludedRoutes,
+		s.serverOptions.Config.APIServer.Timeout.Default,
+		s.serverOptions.Config.APIServer.Timeout.Max,
 	).Wrap)
-	r.Use(middleware.NewLogging(s.signoz.Instrumentation.Logger(), s.config.APIServer.Logging.ExcludedRoutes).Wrap)
-	r.Use(middleware.NewComment().Wrap)
+	r.Use(middleware.NewAnalytics(zap.L()).Wrap)
+	r.Use(middleware.NewLogging(zap.L(), s.serverOptions.Config.APIServer.Logging.ExcludedRoutes).Wrap)

 	apiHandler.RegisterRoutes(r, am)
 	apiHandler.RegisterLogsRoutes(r, am)
@@ -236,7 +323,6 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 	apiHandler.RegisterQueryRangeV3Routes(r, am)
 	apiHandler.RegisterInfraMetricsRoutes(r, am)
 	apiHandler.RegisterQueryRangeV4Routes(r, am)
-	apiHandler.RegisterQueryRangeV5Routes(r, am)
 	apiHandler.RegisterWebSocketPaths(r, am)
 	apiHandler.RegisterMessagingQueuesRoutes(r, am)
 	apiHandler.RegisterThirdPartyApiRoutes(r, am)
@@ -267,7 +353,7 @@ func (s *Server) createPublicServer(apiHandler *api.APIHandler, web web.Web) (*h
 func (s *Server) initListeners() error {
 	// listen on public port
 	var err error
-	publicHostPort := s.httpHostPort
+	publicHostPort := s.serverOptions.HTTPHostPort
 	if publicHostPort == "" {
 		return fmt.Errorf("baseconst.HTTPHostPort is required")
 	}
@@ -277,7 +363,20 @@ func (s *Server) initListeners() error {
 		return err
 	}

-	zap.L().Info(fmt.Sprintf("Query server started listening on %s...", s.httpHostPort))
+	zap.L().Info(fmt.Sprintf("Query server started listening on %s...", s.serverOptions.HTTPHostPort))
+
+	// listen on private port to support internal services
+	privateHostPort := s.serverOptions.PrivateHostPort
+
+	if privateHostPort == "" {
+		return fmt.Errorf("baseconst.PrivateHostPort is required")
+	}
+
+	s.privateConn, err = net.Listen("tcp", privateHostPort)
+	if err != nil {
+		return err
+	}
+	zap.L().Info(fmt.Sprintf("Query server started listening on private port %s...", s.serverOptions.PrivateHostPort))

 	return nil
 }
@@ -297,7 +396,7 @@ func (s *Server) Start(ctx context.Context) error {
 	}

 	go func() {
-		zap.L().Info("Starting HTTP server", zap.Int("port", httpPort), zap.String("addr", s.httpHostPort))
+		zap.L().Info("Starting HTTP server", zap.Int("port", httpPort), zap.String("addr", s.serverOptions.HTTPHostPort))

 		switch err := s.httpServer.Serve(s.httpConn); err {
 		case nil, http.ErrServerClosed, cmux.ErrListenerClosed:
@@ -317,6 +416,26 @@ func (s *Server) Start(ctx context.Context) error {
 		}
 	}()

+	var privatePort int
+	if port, err := utils.GetPort(s.privateConn.Addr()); err == nil {
+		privatePort = port
+	}
+
+	go func() {
+		zap.L().Info("Starting Private HTTP server", zap.Int("port", privatePort), zap.String("addr", s.serverOptions.PrivateHostPort))
+
+		switch err := s.privateHTTP.Serve(s.privateConn); err {
+		case nil, http.ErrServerClosed, cmux.ErrListenerClosed:
+			// normal exit, nothing to do
+			zap.L().Info("private http server closed")
+		default:
+			zap.L().Error("Could not start private HTTP server", zap.Error(err))
+		}
+
+		s.unavailableChannel <- healthcheck.Unavailable
+
+	}()
+
 	go func() {
 		zap.L().Info("Starting OpAmp Websocket server", zap.String("addr", baseconst.OpAmpWsEndpoint))
 		err := s.opampServer.Start(baseconst.OpAmpWsEndpoint)
@@ -329,9 +448,15 @@ func (s *Server) Start(ctx context.Context) error {
 	return nil
 }

-func (s *Server) Stop(ctx context.Context) error {
+func (s *Server) Stop() error {
 	if s.httpServer != nil {
-		if err := s.httpServer.Shutdown(ctx); err != nil {
+		if err := s.httpServer.Shutdown(context.Background()); err != nil {
+			return err
+		}
+	}
+
+	if s.privateHTTP != nil {
+		if err := s.privateHTTP.Shutdown(context.Background()); err != nil {
 			return err
 		}
 	}
@@ -339,36 +464,38 @@ func (s *Server) Stop(ctx context.Context) error {
 	s.opampServer.Stop()

 	if s.ruleManager != nil {
-		s.ruleManager.Stop(ctx)
+		s.ruleManager.Stop(context.Background())
 	}

 	// stop usage manager
-	s.usageManager.Stop(ctx)
+	s.usageManager.Stop()

 	return nil
 }

-func makeRulesManager(ch baseint.Reader, cache cache.Cache, alertmanager alertmanager.Alertmanager, sqlstore sqlstore.SQLStore, telemetryStore telemetrystore.TelemetryStore, prometheus prometheus.Prometheus, orgGetter organization.Getter, querier querier.Querier, logger *slog.Logger) (*baserules.Manager, error) {
-	ruleStore := sqlrulestore.NewRuleStore(sqlstore)
-	maintenanceStore := sqlrulestore.NewMaintenanceStore(sqlstore)
+func makeRulesManager(
+	db *sqlx.DB,
+	ch baseint.Reader,
+	cache cache.Cache,
+	alertmanager alertmanager.Alertmanager,
+	sqlstore sqlstore.SQLStore,
+	telemetryStore telemetrystore.TelemetryStore,
+	prometheus prometheus.Prometheus,
+) (*baserules.Manager, error) {
 	// create manager opts
 	managerOpts := &baserules.ManagerOptions{
 		TelemetryStore:      telemetryStore,
 		Prometheus:          prometheus,
+		DBConn:              db,
 		Context:             context.Background(),
 		Logger:              zap.L(),
 		Reader:              ch,
-		Querier:             querier,
-		SLogger:             logger,
 		Cache:               cache,
 		EvalDelay:           baseconst.GetEvalDelay(),
 		PrepareTaskFunc:     rules.PrepareTaskFunc,
 		PrepareTestRuleFunc: rules.TestNotification,
 		Alertmanager:        alertmanager,
-		OrgGetter:           orgGetter,
-		RuleStore:           ruleStore,
-		MaintenanceStore:    maintenanceStore,
-		SqlStore:            sqlstore,
+		SQLStore:            sqlstore,
 	}

 	// create Manager
--- a/ee/query-service/constants/constants.go
+++ b/ee/query-service/constants/constants.go
@@ -4,12 +4,18 @@ import (
 	"os"
 )

+const (
+	DefaultSiteURL = "https://localhost:8080"
+)
+
 var LicenseSignozIo = "https://license.signoz.io/api/v1"
 var LicenseAPIKey = GetOrDefaultEnv("SIGNOZ_LICENSE_API_KEY", "")
 var SaasSegmentKey = GetOrDefaultEnv("SIGNOZ_SAAS_SEGMENT_KEY", "")
 var FetchFeatures = GetOrDefaultEnv("FETCH_FEATURES", "false")
 var ZeusFeaturesURL = GetOrDefaultEnv("ZEUS_FEATURES_URL", "ZeusFeaturesURL")
-var BodyJSONQueryEnabled = GetOrDefaultEnv("BODY_JSON_QUERY_ENABLED", "false") == "true"
+
+// this is set via build time variable
+var ZeusURL = "https://api.signoz.cloud"

 func GetOrDefaultEnv(key string, fallback string) string {
 	v := os.Getenv(key)
@@ -21,17 +27,9 @@ func GetOrDefaultEnv(key string, fallback string) string {

 // constant functions that override env vars

-const DotMetricsEnabled = "DOT_METRICS_ENABLED"
-
-var IsDotMetricsEnabled = false
-var IsPreferSpanMetrics = false
-
-func init() {
-	if GetOrDefaultEnv(DotMetricsEnabled, "true") == "true" {
-		IsDotMetricsEnabled = true
-	}
-
-	if GetOrDefaultEnv("USE_SPAN_METRICS", "false") == "true" {
-		IsPreferSpanMetrics = true
-	}
+// GetDefaultSiteURL returns default site url, primarily
+// used to send saml request and allowing backend to
+// handle http redirect
+func GetDefaultSiteURL() string {
+	return GetOrDefaultEnv("SIGNOZ_SITE_URL", DefaultSiteURL)
 }
--- a/ee/query-service/dao/factory.go
+++ b/ee/query-service/dao/factory.go
@@ -0,0 +1,10 @@
+package dao
+
+import (
+	"github.com/SigNoz/signoz/ee/query-service/dao/sqlite"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+)
+
+func InitDao(sqlStore sqlstore.SQLStore) (ModelDao, error) {
+	return sqlite.InitDB(sqlStore)
+}
--- a/ee/query-service/dao/interface.go
+++ b/ee/query-service/dao/interface.go
@@ -0,0 +1,44 @@
+package dao
+
+import (
+	"context"
+	"net/url"
+
+	"github.com/SigNoz/signoz/ee/types"
+	basedao "github.com/SigNoz/signoz/pkg/query-service/dao"
+	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/google/uuid"
+	"github.com/uptrace/bun"
+)
+
+type ModelDao interface {
+	basedao.ModelDao
+
+	// SetFlagProvider sets the feature lookup provider
+	SetFlagProvider(flags baseint.FeatureLookup)
+
+	DB() *bun.DB
+
+	// auth methods
+	CanUsePassword(ctx context.Context, email string) (bool, basemodel.BaseApiError)
+	PrepareSsoRedirect(ctx context.Context, redirectUri, email string, jwt *authtypes.JWT) (redirectURL string, apierr basemodel.BaseApiError)
+	GetDomainFromSsoResponse(ctx context.Context, relayState *url.URL) (*types.GettableOrgDomain, error)
+
+	// org domain (auth domains) CRUD ops
+	ListDomains(ctx context.Context, orgId string) ([]types.GettableOrgDomain, basemodel.BaseApiError)
+	GetDomain(ctx context.Context, id uuid.UUID) (*types.GettableOrgDomain, basemodel.BaseApiError)
+	CreateDomain(ctx context.Context, d *types.GettableOrgDomain) basemodel.BaseApiError
+	UpdateDomain(ctx context.Context, domain *types.GettableOrgDomain) basemodel.BaseApiError
+	DeleteDomain(ctx context.Context, id uuid.UUID) basemodel.BaseApiError
+	GetDomainByEmail(ctx context.Context, email string) (*types.GettableOrgDomain, basemodel.BaseApiError)
+
+	CreatePAT(ctx context.Context, orgID string, p types.GettablePAT) (types.GettablePAT, basemodel.BaseApiError)
+	UpdatePAT(ctx context.Context, orgID string, p types.GettablePAT, id valuer.UUID) basemodel.BaseApiError
+	GetPAT(ctx context.Context, pat string) (*types.GettablePAT, basemodel.BaseApiError)
+	GetPATByID(ctx context.Context, orgID string, id valuer.UUID) (*types.GettablePAT, basemodel.BaseApiError)
+	ListPATs(ctx context.Context, orgID string) ([]types.GettablePAT, basemodel.BaseApiError)
+	RevokePAT(ctx context.Context, orgID string, id valuer.UUID, userID string) basemodel.BaseApiError
+}
--- a/ee/query-service/dao/sqlite/auth.go
+++ b/ee/query-service/dao/sqlite/auth.go
@@ -0,0 +1,191 @@
+package sqlite
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/constants"
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	baseauth "github.com/SigNoz/signoz/pkg/query-service/auth"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/query-service/utils"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+)
+
+func (m *modelDao) createUserForSAMLRequest(ctx context.Context, email string) (*types.User, basemodel.BaseApiError) {
+	// get auth domain from email domain
+	domain, apierr := m.GetDomainByEmail(ctx, email)
+	if apierr != nil {
+		zap.L().Error("failed to get domain from email", zap.Error(apierr))
+		return nil, model.InternalErrorStr("failed to get domain from email")
+	}
+	if domain == nil {
+		zap.L().Error("email domain does not match any authenticated domain", zap.String("email", email))
+		return nil, model.InternalErrorStr("email domain does not match any authenticated domain")
+	}
+
+	hash, err := baseauth.PasswordHash(utils.GeneratePassowrd())
+	if err != nil {
+		zap.L().Error("failed to generate password hash when registering a user via SSO redirect", zap.Error(err))
+		return nil, model.InternalErrorStr("failed to generate password hash")
+	}
+
+	user := &types.User{
+		ID:       uuid.New().String(),
+		Name:     "",
+		Email:    email,
+		Password: hash,
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: time.Now(),
+		},
+		ProfilePictureURL: "", // Currently unused
+		Role:              authtypes.RoleViewer.String(),
+		OrgID:             domain.OrgID,
+	}
+
+	user, apiErr := m.CreateUser(ctx, user, false)
+	if apiErr != nil {
+		zap.L().Error("CreateUser failed", zap.Error(apiErr))
+		return nil, apiErr
+	}
+
+	return user, nil
+
+}
+
+// PrepareSsoRedirect prepares redirect page link after SSO response
+// is successfully parsed (i.e. valid email is available)
+func (m *modelDao) PrepareSsoRedirect(ctx context.Context, redirectUri, email string, jwt *authtypes.JWT) (redirectURL string, apierr basemodel.BaseApiError) {
+
+	userPayload, apierr := m.GetUserByEmail(ctx, email)
+	if !apierr.IsNil() {
+		zap.L().Error("failed to get user with email received from auth provider", zap.String("error", apierr.Error()))
+		return "", model.BadRequestStr("invalid user email received from the auth provider")
+	}
+
+	user := &types.User{}
+
+	if userPayload == nil {
+		newUser, apiErr := m.createUserForSAMLRequest(ctx, email)
+		user = newUser
+		if apiErr != nil {
+			zap.L().Error("failed to create user with email received from auth provider", zap.Error(apiErr))
+			return "", apiErr
+		}
+	} else {
+		user = &userPayload.User
+	}
+
+	tokenStore, err := baseauth.GenerateJWTForUser(user, jwt)
+	if err != nil {
+		zap.L().Error("failed to generate token for SSO login user", zap.Error(err))
+		return "", model.InternalErrorStr("failed to generate token for the user")
+	}
+
+	return fmt.Sprintf("%s?jwt=%s&usr=%s&refreshjwt=%s",
+		redirectUri,
+		tokenStore.AccessJwt,
+		user.ID,
+		tokenStore.RefreshJwt), nil
+}
+
+func (m *modelDao) CanUsePassword(ctx context.Context, email string) (bool, basemodel.BaseApiError) {
+	domain, apierr := m.GetDomainByEmail(ctx, email)
+	if apierr != nil {
+		return false, apierr
+	}
+
+	if domain != nil && domain.SsoEnabled {
+		// sso is enabled, check if the user has admin role
+		userPayload, baseapierr := m.GetUserByEmail(ctx, email)
+
+		if baseapierr != nil || userPayload == nil {
+			return false, baseapierr
+		}
+
+		if userPayload.Role != authtypes.RoleAdmin.String() {
+			return false, model.BadRequest(fmt.Errorf("auth method not supported"))
+		}
+
+	}
+
+	return true, nil
+}
+
+// PrecheckLogin is called when the login or signup page is loaded
+// to check sso login is to be prompted
+func (m *modelDao) PrecheckLogin(ctx context.Context, email, sourceUrl string) (*basemodel.PrecheckResponse, basemodel.BaseApiError) {
+
+	// assume user is valid unless proven otherwise
+	resp := &basemodel.PrecheckResponse{IsUser: true, CanSelfRegister: false}
+
+	// check if email is a valid user
+	userPayload, baseApiErr := m.GetUserByEmail(ctx, email)
+	if baseApiErr != nil {
+		return resp, baseApiErr
+	}
+
+	if userPayload == nil {
+		resp.IsUser = false
+	}
+
+	ssoAvailable := true
+	err := m.checkFeature(model.SSO)
+	if err != nil {
+		switch err.(type) {
+		case basemodel.ErrFeatureUnavailable:
+			// do nothing, just skip sso
+			ssoAvailable = false
+		default:
+			zap.L().Error("feature check failed", zap.String("featureKey", model.SSO), zap.Error(err))
+			return resp, model.BadRequestStr(err.Error())
+		}
+	}
+
+	if ssoAvailable {
+
+		resp.IsUser = true
+
+		// find domain from email
+		orgDomain, apierr := m.GetDomainByEmail(ctx, email)
+		if apierr != nil {
+			zap.L().Error("failed to get org domain from email", zap.String("email", email), zap.Error(apierr.ToError()))
+			return resp, apierr
+		}
+
+		if orgDomain != nil && orgDomain.SsoEnabled {
+			// saml is enabled for this domain, lets prepare sso url
+
+			if sourceUrl == "" {
+				sourceUrl = constants.GetDefaultSiteURL()
+			}
+
+			// parse source url that generated the login request
+			var err error
+			escapedUrl, _ := url.QueryUnescape(sourceUrl)
+			siteUrl, err := url.Parse(escapedUrl)
+			if err != nil {
+				zap.L().Error("failed to parse referer", zap.Error(err))
+				return resp, model.InternalError(fmt.Errorf("failed to generate login request"))
+			}
+
+			// build Idp URL that will authenticat the user
+			// the front-end will redirect user to this url
+			resp.SsoUrl, err = orgDomain.BuildSsoUrl(siteUrl)
+
+			if err != nil {
+				zap.L().Error("failed to prepare saml request for domain", zap.String("domain", orgDomain.Name), zap.Error(err))
+				return resp, model.InternalError(err)
+			}
+
+			// set SSO to true, as the url is generated correctly
+			resp.SSO = true
+		}
+	}
+	return resp, nil
+}
--- a/ee/query-service/dao/sqlite/domain.go
+++ b/ee/query-service/dao/sqlite/domain.go
@@ -0,0 +1,272 @@
+package sqlite
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/ee/types"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	ossTypes "github.com/SigNoz/signoz/pkg/types"
+	"github.com/google/uuid"
+	"go.uber.org/zap"
+)
+
+// GetDomainFromSsoResponse uses relay state received from IdP to fetch
+// user domain. The domain is further used to process validity of the response.
+// when sending login request to IdP we send relay state as URL (site url)
+// with domainId or domainName as query parameter.
+func (m *modelDao) GetDomainFromSsoResponse(ctx context.Context, relayState *url.URL) (*types.GettableOrgDomain, error) {
+	// derive domain id from relay state now
+	var domainIdStr string
+	var domainNameStr string
+	var domain *types.GettableOrgDomain
+
+	for k, v := range relayState.Query() {
+		if k == "domainId" && len(v) > 0 {
+			domainIdStr = strings.Replace(v[0], ":", "-", -1)
+		}
+		if k == "domainName" && len(v) > 0 {
+			domainNameStr = v[0]
+		}
+	}
+
+	if domainIdStr != "" {
+		domainId, err := uuid.Parse(domainIdStr)
+		if err != nil {
+			zap.L().Error("failed to parse domainId from relay state", zap.Error(err))
+			return nil, fmt.Errorf("failed to parse domainId from IdP response")
+		}
+
+		domain, err = m.GetDomain(ctx, domainId)
+		if (err != nil) || domain == nil {
+			zap.L().Error("failed to find domain from domainId received in IdP response", zap.Error(err))
+			return nil, fmt.Errorf("invalid credentials")
+		}
+	}
+
+	if domainNameStr != "" {
+
+		domainFromDB, err := m.GetDomainByName(ctx, domainNameStr)
+		domain = domainFromDB
+		if (err != nil) || domain == nil {
+			zap.L().Error("failed to find domain from domainName received in IdP response", zap.Error(err))
+			return nil, fmt.Errorf("invalid credentials")
+		}
+	}
+	if domain != nil {
+		return domain, nil
+	}
+
+	return nil, fmt.Errorf("failed to find domain received in IdP response")
+}
+
+// GetDomainByName returns org domain for a given domain name
+func (m *modelDao) GetDomainByName(ctx context.Context, name string) (*types.GettableOrgDomain, basemodel.BaseApiError) {
+
+	stored := types.StorableOrgDomain{}
+	err := m.DB().NewSelect().
+		Model(&stored).
+		Where("name = ?", name).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, model.BadRequest(fmt.Errorf("invalid domain name"))
+		}
+		return nil, model.InternalError(err)
+	}
+
+	domain := &types.GettableOrgDomain{StorableOrgDomain: stored}
+	if err := domain.LoadConfig(stored.Data); err != nil {
+		return nil, model.InternalError(err)
+	}
+	return domain, nil
+}
+
+// GetDomain returns org domain for a given domain id
+func (m *modelDao) GetDomain(ctx context.Context, id uuid.UUID) (*types.GettableOrgDomain, basemodel.BaseApiError) {
+
+	stored := types.StorableOrgDomain{}
+	err := m.DB().NewSelect().
+		Model(&stored).
+		Where("id = ?", id).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, model.BadRequest(fmt.Errorf("invalid domain id"))
+		}
+		return nil, model.InternalError(err)
+	}
+
+	domain := &types.GettableOrgDomain{StorableOrgDomain: stored}
+	if err := domain.LoadConfig(stored.Data); err != nil {
+		return nil, model.InternalError(err)
+	}
+	return domain, nil
+}
+
+// ListDomains gets the list of auth domains by org id
+func (m *modelDao) ListDomains(ctx context.Context, orgId string) ([]types.GettableOrgDomain, basemodel.BaseApiError) {
+	domains := []types.GettableOrgDomain{}
+
+	stored := []types.StorableOrgDomain{}
+	err := m.DB().NewSelect().
+		Model(&stored).
+		Where("org_id = ?", orgId).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return domains, nil
+		}
+		return nil, model.InternalError(err)
+	}
+
+	for _, s := range stored {
+		domain := types.GettableOrgDomain{StorableOrgDomain: s}
+		if err := domain.LoadConfig(s.Data); err != nil {
+			zap.L().Error("ListDomains() failed", zap.Error(err))
+		}
+		domains = append(domains, domain)
+	}
+
+	return domains, nil
+}
+
+// CreateDomain creates  a new auth domain
+func (m *modelDao) CreateDomain(ctx context.Context, domain *types.GettableOrgDomain) basemodel.BaseApiError {
+
+	if domain.ID == uuid.Nil {
+		domain.ID = uuid.New()
+	}
+
+	if domain.OrgID == "" || domain.Name == "" {
+		return model.BadRequest(fmt.Errorf("domain creation failed, missing fields: OrgID, Name "))
+	}
+
+	configJson, err := json.Marshal(domain)
+	if err != nil {
+		zap.L().Error("failed to unmarshal domain config", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain creation failed"))
+	}
+
+	storableDomain := types.StorableOrgDomain{
+		ID:            domain.ID,
+		Name:          domain.Name,
+		OrgID:         domain.OrgID,
+		Data:          string(configJson),
+		TimeAuditable: ossTypes.TimeAuditable{CreatedAt: time.Now(), UpdatedAt: time.Now()},
+	}
+
+	_, err = m.DB().NewInsert().
+		Model(&storableDomain).
+		Exec(ctx)
+
+	if err != nil {
+		zap.L().Error("failed to insert domain in db", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain creation failed"))
+	}
+
+	return nil
+}
+
+// UpdateDomain updates stored config params for a domain
+func (m *modelDao) UpdateDomain(ctx context.Context, domain *types.GettableOrgDomain) basemodel.BaseApiError {
+
+	if domain.ID == uuid.Nil {
+		zap.L().Error("domain update failed", zap.Error(fmt.Errorf("OrgDomain.Id is null")))
+		return model.InternalError(fmt.Errorf("domain update failed"))
+	}
+
+	configJson, err := json.Marshal(domain)
+	if err != nil {
+		zap.L().Error("domain update failed", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain update failed"))
+	}
+
+	storableDomain := &types.StorableOrgDomain{
+		ID:            domain.ID,
+		Name:          domain.Name,
+		OrgID:         domain.OrgID,
+		Data:          string(configJson),
+		TimeAuditable: ossTypes.TimeAuditable{UpdatedAt: time.Now()},
+	}
+
+	_, err = m.DB().NewUpdate().
+		Model(storableDomain).
+		Column("data", "updated_at").
+		WherePK().
+		Exec(ctx)
+
+	if err != nil {
+		zap.L().Error("domain update failed", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain update failed"))
+	}
+
+	return nil
+}
+
+// DeleteDomain deletes an org domain
+func (m *modelDao) DeleteDomain(ctx context.Context, id uuid.UUID) basemodel.BaseApiError {
+
+	if id == uuid.Nil {
+		zap.L().Error("domain delete failed", zap.Error(fmt.Errorf("OrgDomain.Id is null")))
+		return model.InternalError(fmt.Errorf("domain delete failed"))
+	}
+
+	storableDomain := &types.StorableOrgDomain{ID: id}
+	_, err := m.DB().NewDelete().
+		Model(storableDomain).
+		WherePK().
+		Exec(ctx)
+
+	if err != nil {
+		zap.L().Error("domain delete failed", zap.Error(err))
+		return model.InternalError(fmt.Errorf("domain delete failed"))
+	}
+
+	return nil
+}
+
+func (m *modelDao) GetDomainByEmail(ctx context.Context, email string) (*types.GettableOrgDomain, basemodel.BaseApiError) {
+
+	if email == "" {
+		return nil, model.BadRequest(fmt.Errorf("could not find auth domain, missing fields: email "))
+	}
+
+	components := strings.Split(email, "@")
+	if len(components) < 2 {
+		return nil, model.BadRequest(fmt.Errorf("invalid email address"))
+	}
+
+	parsedDomain := components[1]
+
+	stored := types.StorableOrgDomain{}
+	err := m.DB().NewSelect().
+		Model(&stored).
+		Where("name = ?", parsedDomain).
+		Limit(1).
+		Scan(ctx)
+
+	if err != nil {
+		if err == sql.ErrNoRows {
+			return nil, nil
+		}
+		return nil, model.InternalError(err)
+	}
+
+	domain := &types.GettableOrgDomain{StorableOrgDomain: stored}
+	if err := domain.LoadConfig(stored.Data); err != nil {
+		return nil, model.InternalError(err)
+	}
+	return domain, nil
+}
--- a/ee/query-service/dao/sqlite/modelDao.go
+++ b/ee/query-service/dao/sqlite/modelDao.go
@@ -0,0 +1,46 @@
+package sqlite
+
+import (
+	"fmt"
+
+	basedao "github.com/SigNoz/signoz/pkg/query-service/dao"
+	basedsql "github.com/SigNoz/signoz/pkg/query-service/dao/sqlite"
+	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+)
+
+type modelDao struct {
+	*basedsql.ModelDaoSqlite
+	flags baseint.FeatureLookup
+}
+
+// SetFlagProvider sets the feature lookup provider
+func (m *modelDao) SetFlagProvider(flags baseint.FeatureLookup) {
+	m.flags = flags
+}
+
+// CheckFeature confirms if a feature is available
+func (m *modelDao) checkFeature(key string) error {
+	if m.flags == nil {
+		return fmt.Errorf("flag provider not set")
+	}
+
+	return m.flags.CheckFeature(key)
+}
+
+// InitDB creates and extends base model DB repository
+func InitDB(sqlStore sqlstore.SQLStore) (*modelDao, error) {
+	dao, err := basedsql.InitDB(sqlStore)
+	if err != nil {
+		return nil, err
+	}
+	// set package variable so dependent base methods (e.g. AuthCache)  will work
+	basedao.SetDB(dao)
+	m := &modelDao{ModelDaoSqlite: dao}
+	return m, nil
+}
+
+func (m *modelDao) DB() *bun.DB {
+	return m.ModelDaoSqlite.DB()
+}
--- a/ee/query-service/dao/sqlite/pat.go
+++ b/ee/query-service/dao/sqlite/pat.go
@@ -0,0 +1,198 @@
+package sqlite
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/ee/types"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	ossTypes "github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/valuer"
+
+	"go.uber.org/zap"
+)
+
+func (m *modelDao) CreatePAT(ctx context.Context, orgID string, p types.GettablePAT) (types.GettablePAT, basemodel.BaseApiError) {
+	p.StorablePersonalAccessToken.OrgID = orgID
+	p.StorablePersonalAccessToken.ID = valuer.GenerateUUID()
+	_, err := m.DB().NewInsert().
+		Model(&p.StorablePersonalAccessToken).
+		Exec(ctx)
+	if err != nil {
+		zap.L().Error("Failed to insert PAT in db, err: %v", zap.Error(err))
+		return types.GettablePAT{}, model.InternalError(fmt.Errorf("PAT insertion failed"))
+	}
+
+	createdByUser, _ := m.GetUser(ctx, p.UserID)
+	if createdByUser == nil {
+		p.CreatedByUser = types.PatUser{
+			NotFound: true,
+		}
+	} else {
+		p.CreatedByUser = types.PatUser{
+			User: ossTypes.User{
+				ID:    createdByUser.ID,
+				Name:  createdByUser.Name,
+				Email: createdByUser.Email,
+				TimeAuditable: ossTypes.TimeAuditable{
+					CreatedAt: createdByUser.CreatedAt,
+					UpdatedAt: createdByUser.UpdatedAt,
+				},
+				ProfilePictureURL: createdByUser.ProfilePictureURL,
+			},
+			NotFound: false,
+		}
+	}
+	return p, nil
+}
+
+func (m *modelDao) UpdatePAT(ctx context.Context, orgID string, p types.GettablePAT, id valuer.UUID) basemodel.BaseApiError {
+	_, err := m.DB().NewUpdate().
+		Model(&p.StorablePersonalAccessToken).
+		Column("role", "name", "updated_at", "updated_by_user_id").
+		Where("id = ?", id.StringValue()).
+		Where("org_id = ?", orgID).
+		Where("revoked = false").
+		Exec(ctx)
+	if err != nil {
+		zap.L().Error("Failed to update PAT in db, err: %v", zap.Error(err))
+		return model.InternalError(fmt.Errorf("PAT update failed"))
+	}
+	return nil
+}
+
+func (m *modelDao) ListPATs(ctx context.Context, orgID string) ([]types.GettablePAT, basemodel.BaseApiError) {
+	pats := []types.StorablePersonalAccessToken{}
+
+	if err := m.DB().NewSelect().
+		Model(&pats).
+		Where("revoked = false").
+		Where("org_id = ?", orgID).
+		Order("updated_at DESC").
+		Scan(ctx); err != nil {
+		zap.L().Error("Failed to fetch PATs err: %v", zap.Error(err))
+		return nil, model.InternalError(fmt.Errorf("failed to fetch PATs"))
+	}
+
+	patsWithUsers := []types.GettablePAT{}
+	for i := range pats {
+		patWithUser := types.GettablePAT{
+			StorablePersonalAccessToken: pats[i],
+		}
+
+		createdByUser, _ := m.GetUser(ctx, pats[i].UserID)
+		if createdByUser == nil {
+			patWithUser.CreatedByUser = types.PatUser{
+				NotFound: true,
+			}
+		} else {
+			patWithUser.CreatedByUser = types.PatUser{
+				User: ossTypes.User{
+					ID:    createdByUser.ID,
+					Name:  createdByUser.Name,
+					Email: createdByUser.Email,
+					TimeAuditable: ossTypes.TimeAuditable{
+						CreatedAt: createdByUser.CreatedAt,
+						UpdatedAt: createdByUser.UpdatedAt,
+					},
+					ProfilePictureURL: createdByUser.ProfilePictureURL,
+				},
+				NotFound: false,
+			}
+		}
+
+		updatedByUser, _ := m.GetUser(ctx, pats[i].UpdatedByUserID)
+		if updatedByUser == nil {
+			patWithUser.UpdatedByUser = types.PatUser{
+				NotFound: true,
+			}
+		} else {
+			patWithUser.UpdatedByUser = types.PatUser{
+				User: ossTypes.User{
+					ID:    updatedByUser.ID,
+					Name:  updatedByUser.Name,
+					Email: updatedByUser.Email,
+					TimeAuditable: ossTypes.TimeAuditable{
+						CreatedAt: updatedByUser.CreatedAt,
+						UpdatedAt: updatedByUser.UpdatedAt,
+					},
+					ProfilePictureURL: updatedByUser.ProfilePictureURL,
+				},
+				NotFound: false,
+			}
+		}
+
+		patsWithUsers = append(patsWithUsers, patWithUser)
+	}
+	return patsWithUsers, nil
+}
+
+func (m *modelDao) RevokePAT(ctx context.Context, orgID string, id valuer.UUID, userID string) basemodel.BaseApiError {
+	updatedAt := time.Now().Unix()
+	_, err := m.DB().NewUpdate().
+		Model(&types.StorablePersonalAccessToken{}).
+		Set("revoked = ?", true).
+		Set("updated_by_user_id = ?", userID).
+		Set("updated_at = ?", updatedAt).
+		Where("id = ?", id.StringValue()).
+		Where("org_id = ?", orgID).
+		Exec(ctx)
+	if err != nil {
+		zap.L().Error("Failed to revoke PAT in db, err: %v", zap.Error(err))
+		return model.InternalError(fmt.Errorf("PAT revoke failed"))
+	}
+	return nil
+}
+
+func (m *modelDao) GetPAT(ctx context.Context, token string) (*types.GettablePAT, basemodel.BaseApiError) {
+	pats := []types.StorablePersonalAccessToken{}
+
+	if err := m.DB().NewSelect().
+		Model(&pats).
+		Where("token = ?", token).
+		Where("revoked = false").
+		Scan(ctx); err != nil {
+		return nil, model.InternalError(fmt.Errorf("failed to fetch PAT"))
+	}
+
+	if len(pats) != 1 {
+		return nil, &model.ApiError{
+			Typ: model.ErrorInternal,
+			Err: fmt.Errorf("found zero or multiple PATs with same token, %s", token),
+		}
+	}
+
+	patWithUser := types.GettablePAT{
+		StorablePersonalAccessToken: pats[0],
+	}
+
+	return &patWithUser, nil
+}
+
+func (m *modelDao) GetPATByID(ctx context.Context, orgID string, id valuer.UUID) (*types.GettablePAT, basemodel.BaseApiError) {
+	pats := []types.StorablePersonalAccessToken{}
+
+	if err := m.DB().NewSelect().
+		Model(&pats).
+		Where("id = ?", id.StringValue()).
+		Where("org_id = ?", orgID).
+		Where("revoked = false").
+		Scan(ctx); err != nil {
+		return nil, model.InternalError(fmt.Errorf("failed to fetch PAT"))
+	}
+
+	if len(pats) != 1 {
+		return nil, &model.ApiError{
+			Typ: model.ErrorInternal,
+			Err: fmt.Errorf("found zero or multiple PATs with same token"),
+		}
+	}
+
+	patWithUser := types.GettablePAT{
+		StorablePersonalAccessToken: pats[0],
+	}
+
+	return &patWithUser, nil
+}
--- a/ee/query-service/integrations/signozio/signozio.go
+++ b/ee/query-service/integrations/signozio/signozio.go
@@ -0,0 +1,67 @@
+package signozio
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	"github.com/SigNoz/signoz/pkg/zeus"
+	"github.com/tidwall/gjson"
+)
+
+func ValidateLicenseV3(ctx context.Context, licenseKey string, zeus zeus.Zeus) (*model.LicenseV3, error) {
+	data, err := zeus.GetLicense(ctx, licenseKey)
+	if err != nil {
+		return nil, err
+	}
+
+	var m map[string]any
+	if err = json.Unmarshal(data, &m); err != nil {
+		return nil, err
+	}
+
+	license, err := model.NewLicenseV3(m)
+	if err != nil {
+		return nil, err
+	}
+
+	return license, nil
+}
+
+// SendUsage reports the usage of signoz to license server
+func SendUsage(ctx context.Context, usage model.UsagePayload, zeus zeus.Zeus) error {
+	body, err := json.Marshal(usage)
+	if err != nil {
+		return err
+	}
+
+	return zeus.PutMeters(ctx, usage.LicenseKey.String(), body)
+}
+
+func CheckoutSession(ctx context.Context, checkoutRequest *model.CheckoutRequest, licenseKey string, zeus zeus.Zeus) (string, error) {
+	body, err := json.Marshal(checkoutRequest)
+	if err != nil {
+		return "", err
+	}
+
+	response, err := zeus.GetCheckoutURL(ctx, licenseKey, body)
+	if err != nil {
+		return "", err
+	}
+
+	return gjson.GetBytes(response, "url").String(), nil
+}
+
+func PortalSession(ctx context.Context, portalRequest *model.PortalRequest, licenseKey string, zeus zeus.Zeus) (string, error) {
+	body, err := json.Marshal(portalRequest)
+	if err != nil {
+		return "", err
+	}
+
+	response, err := zeus.GetPortalURL(ctx, licenseKey, body)
+	if err != nil {
+		return "", err
+	}
+
+	return gjson.GetBytes(response, "url").String(), nil
+}
--- a/ee/query-service/interfaces/connector.go
+++ b/ee/query-service/interfaces/connector.go
@@ -0,0 +1,11 @@
+package interfaces
+
+import (
+	baseint "github.com/SigNoz/signoz/pkg/query-service/interfaces"
+)
+
+// Connector defines methods for interaction
+// with o11y data. for example - clickhouse
+type DataConnector interface {
+	baseint.Reader
+}
--- a/ee/query-service/license/db.go
+++ b/ee/query-service/license/db.go
@@ -0,0 +1,248 @@
+package license
+
+import (
+	"context"
+	"database/sql"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+	"github.com/mattn/go-sqlite3"
+
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"go.uber.org/zap"
+)
+
+// Repo is license repo. stores license keys in a secured DB
+type Repo struct {
+	db    *sqlx.DB
+	store sqlstore.SQLStore
+}
+
+// NewLicenseRepo initiates a new license repo
+func NewLicenseRepo(db *sqlx.DB, store sqlstore.SQLStore) Repo {
+	return Repo{
+		db:    db,
+		store: store,
+	}
+}
+
+func (r *Repo) GetLicensesV3(ctx context.Context) ([]*model.LicenseV3, error) {
+	licensesData := []model.LicenseDB{}
+	licenseV3Data := []*model.LicenseV3{}
+
+	query := "SELECT id,key,data FROM licenses_v3"
+
+	err := r.db.Select(&licensesData, query)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get licenses from db: %v", err)
+	}
+
+	for _, l := range licensesData {
+		var licenseData map[string]interface{}
+		err := json.Unmarshal([]byte(l.Data), &licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal data into licenseData : %v", err)
+		}
+
+		license, err := model.NewLicenseV3WithIDAndKey(l.ID, l.Key, licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get licenses v3 schema : %v", err)
+		}
+		licenseV3Data = append(licenseV3Data, license)
+	}
+
+	return licenseV3Data, nil
+}
+
+// GetActiveLicense fetches the latest active license from DB.
+// If the license is not present, expect a nil license and a nil error in the output.
+func (r *Repo) GetActiveLicense(ctx context.Context) (*model.License, *basemodel.ApiError) {
+	activeLicenseV3, err := r.GetActiveLicenseV3(ctx)
+	if err != nil {
+		return nil, basemodel.InternalError(fmt.Errorf("failed to get active licenses from db: %v", err))
+	}
+
+	if activeLicenseV3 == nil {
+		return nil, nil
+	}
+	activeLicenseV2 := model.ConvertLicenseV3ToLicenseV2(activeLicenseV3)
+	return activeLicenseV2, nil
+}
+
+func (r *Repo) GetActiveLicenseV3(ctx context.Context) (*model.LicenseV3, error) {
+	var err error
+	licenses := []model.LicenseDB{}
+
+	query := "SELECT id,key,data FROM licenses_v3"
+
+	err = r.db.Select(&licenses, query)
+	if err != nil {
+		return nil, basemodel.InternalError(fmt.Errorf("failed to get active licenses from db: %v", err))
+	}
+
+	var active *model.LicenseV3
+	for _, l := range licenses {
+		var licenseData map[string]interface{}
+		err := json.Unmarshal([]byte(l.Data), &licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal data into licenseData : %v", err)
+		}
+
+		license, err := model.NewLicenseV3WithIDAndKey(l.ID, l.Key, licenseData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get licenses v3 schema : %v", err)
+		}
+
+		if active == nil &&
+			(license.ValidFrom != 0) &&
+			(license.ValidUntil == -1 || license.ValidUntil > time.Now().Unix()) {
+			active = license
+		}
+		if active != nil &&
+			license.ValidFrom > active.ValidFrom &&
+			(license.ValidUntil == -1 || license.ValidUntil > time.Now().Unix()) {
+			active = license
+		}
+	}
+
+	return active, nil
+}
+
+// InsertLicenseV3 inserts a new license v3 in db
+func (r *Repo) InsertLicenseV3(ctx context.Context, l *model.LicenseV3) *model.ApiError {
+
+	query := `INSERT INTO licenses_v3 (id, key, data) VALUES ($1, $2, $3)`
+
+	// licsense is the entity of zeus so putting the entire license here without defining schema
+	licenseData, err := json.Marshal(l.Data)
+	if err != nil {
+		return &model.ApiError{Typ: basemodel.ErrorBadData, Err: err}
+	}
+
+	_, err = r.db.ExecContext(ctx,
+		query,
+		l.ID,
+		l.Key,
+		string(licenseData),
+	)
+
+	if err != nil {
+		if sqliteErr, ok := err.(sqlite3.Error); ok {
+			if sqliteErr.ExtendedCode == sqlite3.ErrConstraintUnique {
+				zap.L().Error("error in inserting license data: ", zap.Error(sqliteErr))
+				return &model.ApiError{Typ: model.ErrorConflict, Err: sqliteErr}
+			}
+		}
+		zap.L().Error("error in inserting license data: ", zap.Error(err))
+		return &model.ApiError{Typ: basemodel.ErrorExec, Err: err}
+	}
+
+	return nil
+}
+
+// UpdateLicenseV3 updates a new license v3 in db
+func (r *Repo) UpdateLicenseV3(ctx context.Context, l *model.LicenseV3) error {
+
+	// the key and id for the license can't change so only update the data here!
+	query := `UPDATE licenses_v3 SET data=$1 WHERE id=$2;`
+
+	license, err := json.Marshal(l.Data)
+	if err != nil {
+		return fmt.Errorf("insert license failed: license marshal error")
+	}
+	_, err = r.db.ExecContext(ctx,
+		query,
+		license,
+		l.ID,
+	)
+
+	if err != nil {
+		zap.L().Error("error in updating license data: ", zap.Error(err))
+		return fmt.Errorf("failed to update license in db: %v", err)
+	}
+
+	return nil
+}
+
+func (r *Repo) CreateFeature(req *types.FeatureStatus) *basemodel.ApiError {
+
+	_, err := r.store.BunDB().NewInsert().
+		Model(req).
+		Exec(context.Background())
+	if err != nil {
+		return &basemodel.ApiError{Typ: basemodel.ErrorInternal, Err: err}
+	}
+	return nil
+}
+
+func (r *Repo) GetFeature(featureName string) (types.FeatureStatus, error) {
+	var feature types.FeatureStatus
+
+	err := r.store.BunDB().NewSelect().
+		Model(&feature).
+		Where("name = ?", featureName).
+		Scan(context.Background())
+
+	if err != nil {
+		return feature, err
+	}
+	if feature.Name == "" {
+		return feature, basemodel.ErrFeatureUnavailable{Key: featureName}
+	}
+	return feature, nil
+}
+
+func (r *Repo) GetAllFeatures() ([]basemodel.Feature, error) {
+
+	var feature []basemodel.Feature
+
+	err := r.db.Select(&feature,
+		`SELECT * FROM feature_status;`)
+	if err != nil {
+		return feature, err
+	}
+
+	return feature, nil
+}
+
+func (r *Repo) UpdateFeature(req types.FeatureStatus) error {
+
+	_, err := r.store.BunDB().NewUpdate().
+		Model(&req).
+		Where("name = ?", req.Name).
+		Exec(context.Background())
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (r *Repo) InitFeatures(req []types.FeatureStatus) error {
+	// get a feature by name, if it doesn't exist, create it. If it does exist, update it.
+	for _, feature := range req {
+		currentFeature, err := r.GetFeature(feature.Name)
+		if err != nil && err == sql.ErrNoRows {
+			err := r.CreateFeature(&feature)
+			if err != nil {
+				return err
+			}
+			continue
+		} else if err != nil {
+			return err
+		}
+		feature.Usage = int(currentFeature.Usage)
+		if feature.Usage >= feature.UsageLimit && feature.UsageLimit != -1 {
+			feature.Active = false
+		}
+		err = r.UpdateFeature(feature)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
--- a/ee/query-service/license/manager.go
+++ b/ee/query-service/license/manager.go
@@ -0,0 +1,318 @@
+package license
+
+import (
+	"context"
+	"sync/atomic"
+	"time"
+
+	"github.com/jmoiron/sqlx"
+
+	"sync"
+
+	baseconstants "github.com/SigNoz/signoz/pkg/query-service/constants"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/zeus"
+
+	validate "github.com/SigNoz/signoz/ee/query-service/integrations/signozio"
+	"github.com/SigNoz/signoz/ee/query-service/model"
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/SigNoz/signoz/pkg/query-service/telemetry"
+	"go.uber.org/zap"
+)
+
+var LM *Manager
+
+// validate and update license every 24 hours
+var validationFrequency = 24 * 60 * time.Minute
+
+type Manager struct {
+	repo             *Repo
+	zeus             zeus.Zeus
+	mutex            sync.Mutex
+	validatorRunning bool
+	// end the license validation, this is important to gracefully
+	// stopping validation and protect in-consistent updates
+	done chan struct{}
+	// terminated waits for the validate go routine to end
+	terminated chan struct{}
+	// last time the license was validated
+	lastValidated int64
+	// keep track of validation failure attempts
+	failedAttempts uint64
+	// keep track of active license and features
+	activeLicenseV3 *model.LicenseV3
+	activeFeatures  basemodel.FeatureSet
+}
+
+func StartManager(db *sqlx.DB, store sqlstore.SQLStore, zeus zeus.Zeus, features ...basemodel.Feature) (*Manager, error) {
+	if LM != nil {
+		return LM, nil
+	}
+
+	repo := NewLicenseRepo(db, store)
+	m := &Manager{
+		repo: &repo,
+		zeus: zeus,
+	}
+	if err := m.start(features...); err != nil {
+		return m, err
+	}
+
+	LM = m
+	return m, nil
+}
+
+// start loads active license in memory and initiates validator
+func (lm *Manager) start(features ...basemodel.Feature) error {
+	return lm.LoadActiveLicenseV3(features...)
+}
+
+func (lm *Manager) Stop() {
+	close(lm.done)
+	<-lm.terminated
+}
+
+func (lm *Manager) SetActiveV3(l *model.LicenseV3, features ...basemodel.Feature) {
+	lm.mutex.Lock()
+	defer lm.mutex.Unlock()
+
+	if l == nil {
+		return
+	}
+
+	lm.activeLicenseV3 = l
+	lm.activeFeatures = append(l.Features, features...)
+	// set default features
+	setDefaultFeatures(lm)
+
+	err := lm.InitFeatures(lm.activeFeatures)
+	if err != nil {
+		zap.L().Panic("Couldn't activate features", zap.Error(err))
+	}
+	if !lm.validatorRunning {
+		// we want to make sure only one validator runs,
+		// we already have lock() so good to go
+		lm.validatorRunning = true
+		go lm.ValidatorV3(context.Background())
+	}
+
+}
+
+func setDefaultFeatures(lm *Manager) {
+	lm.activeFeatures = append(lm.activeFeatures, baseconstants.DEFAULT_FEATURE_SET...)
+}
+
+func (lm *Manager) LoadActiveLicenseV3(features ...basemodel.Feature) error {
+	active, err := lm.repo.GetActiveLicenseV3(context.Background())
+	if err != nil {
+		return err
+	}
+
+	if active != nil {
+		lm.SetActiveV3(active, features...)
+	} else {
+		zap.L().Info("No active license found, defaulting to basic plan")
+		// if no active license is found, we default to basic(free) plan with all default features
+		lm.activeFeatures = model.BasicPlan
+		setDefaultFeatures(lm)
+		err := lm.InitFeatures(lm.activeFeatures)
+		if err != nil {
+			zap.L().Error("Couldn't initialize features", zap.Error(err))
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (lm *Manager) GetLicensesV3(ctx context.Context) (response []*model.LicenseV3, apiError *model.ApiError) {
+
+	licenses, err := lm.repo.GetLicensesV3(ctx)
+	if err != nil {
+		return nil, model.InternalError(err)
+	}
+
+	for _, l := range licenses {
+		if lm.activeLicenseV3 != nil && l.Key == lm.activeLicenseV3.Key {
+			l.IsCurrent = true
+		}
+		if l.ValidUntil == -1 {
+			// for subscriptions, there is no end-date as such
+			// but for showing user some validity we default one year timespan
+			l.ValidUntil = l.ValidFrom + 31556926
+		}
+		response = append(response, l)
+	}
+
+	return response, nil
+}
+
+// Validator validates license after an epoch of time
+func (lm *Manager) ValidatorV3(ctx context.Context) {
+	zap.L().Info("ValidatorV3 started!")
+	defer close(lm.terminated)
+
+	tick := time.NewTicker(validationFrequency)
+	defer tick.Stop()
+
+	_ = lm.ValidateV3(ctx)
+	for {
+		select {
+		case <-lm.done:
+			return
+		default:
+			select {
+			case <-lm.done:
+				return
+			case <-tick.C:
+				_ = lm.ValidateV3(ctx)
+			}
+		}
+
+	}
+}
+
+func (lm *Manager) RefreshLicense(ctx context.Context) error {
+	license, err := validate.ValidateLicenseV3(ctx, lm.activeLicenseV3.Key, lm.zeus)
+	if err != nil {
+		return err
+	}
+
+	err = lm.repo.UpdateLicenseV3(ctx, license)
+	if err != nil {
+		return err
+	}
+	lm.SetActiveV3(license)
+
+	return nil
+}
+
+func (lm *Manager) ValidateV3(ctx context.Context) (reterr error) {
+	if lm.activeLicenseV3 == nil {
+		return nil
+	}
+
+	defer func() {
+		lm.mutex.Lock()
+
+		lm.lastValidated = time.Now().Unix()
+		if reterr != nil {
+			zap.L().Error("License validation completed with error", zap.Error(reterr))
+
+			atomic.AddUint64(&lm.failedAttempts, 1)
+			// default to basic plan if validation fails for three consecutive times
+			if atomic.LoadUint64(&lm.failedAttempts) > 3 {
+				zap.L().Error("License validation completed with error for three consecutive times, defaulting to basic plan", zap.String("license_id", lm.activeLicenseV3.ID), zap.Bool("license_validation", false))
+				lm.activeLicenseV3 = nil
+				lm.activeFeatures = model.BasicPlan
+				setDefaultFeatures(lm)
+				err := lm.InitFeatures(lm.activeFeatures)
+				if err != nil {
+					zap.L().Error("Couldn't initialize features", zap.Error(err))
+				}
+				lm.done <- struct{}{}
+				lm.validatorRunning = false
+			}
+
+			telemetry.GetInstance().SendEvent(telemetry.TELEMETRY_LICENSE_CHECK_FAILED,
+				map[string]interface{}{"err": reterr.Error()}, "", true, false)
+		} else {
+			// reset the failed attempts counter
+			atomic.StoreUint64(&lm.failedAttempts, 0)
+			zap.L().Info("License validation completed with no errors")
+		}
+
+		lm.mutex.Unlock()
+	}()
+
+	err := lm.RefreshLicense(ctx)
+
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (lm *Manager) ActivateV3(ctx context.Context, licenseKey string) (*model.LicenseV3, error) {
+	license, err := validate.ValidateLicenseV3(ctx, licenseKey, lm.zeus)
+	if err != nil {
+		return nil, err
+	}
+
+	// insert the new license to the sqlite db
+	modelErr := lm.repo.InsertLicenseV3(ctx, license)
+	if modelErr != nil {
+		zap.L().Error("failed to activate license", zap.Error(modelErr))
+		return nil, modelErr
+	}
+
+	// license is valid, activate it
+	lm.SetActiveV3(license)
+	return license, nil
+}
+
+func (lm *Manager) GetActiveLicense() *model.LicenseV3 {
+	return lm.activeLicenseV3
+}
+
+// CheckFeature will be internally used by backend routines
+// for feature gating
+func (lm *Manager) CheckFeature(featureKey string) error {
+	feature, err := lm.repo.GetFeature(featureKey)
+	if err != nil {
+		return err
+	}
+	if feature.Active {
+		return nil
+	}
+	return basemodel.ErrFeatureUnavailable{Key: featureKey}
+}
+
+// GetFeatureFlags returns current active features
+func (lm *Manager) GetFeatureFlags() (basemodel.FeatureSet, error) {
+	return lm.repo.GetAllFeatures()
+}
+
+func (lm *Manager) InitFeatures(features basemodel.FeatureSet) error {
+	featureStatus := make([]types.FeatureStatus, len(features))
+	for i, f := range features {
+		featureStatus[i] = types.FeatureStatus{
+			Name:       f.Name,
+			Active:     f.Active,
+			Usage:      int(f.Usage),
+			UsageLimit: int(f.UsageLimit),
+			Route:      f.Route,
+		}
+	}
+	return lm.repo.InitFeatures(featureStatus)
+}
+
+func (lm *Manager) UpdateFeatureFlag(feature basemodel.Feature) error {
+	return lm.repo.UpdateFeature(types.FeatureStatus{
+		Name:       feature.Name,
+		Active:     feature.Active,
+		Usage:      int(feature.Usage),
+		UsageLimit: int(feature.UsageLimit),
+		Route:      feature.Route,
+	})
+}
+
+func (lm *Manager) GetFeatureFlag(key string) (basemodel.Feature, error) {
+	featureStatus, err := lm.repo.GetFeature(key)
+	if err != nil {
+		return basemodel.Feature{}, err
+	}
+	return basemodel.Feature{
+		Name:       featureStatus.Name,
+		Active:     featureStatus.Active,
+		Usage:      int64(featureStatus.Usage),
+		UsageLimit: int64(featureStatus.UsageLimit),
+		Route:      featureStatus.Route,
+	}, nil
+}
+
+// GetRepo return the license repo
+func (lm *Manager) GetRepo() *Repo {
+	return lm.repo
+}
--- a/ee/query-service/main.go
+++ b/ee/query-service/main.go
@@ -0,0 +1,173 @@
+package main
+
+import (
+	"context"
+	"flag"
+	"os"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/query-service/app"
+	"github.com/SigNoz/signoz/ee/sqlstore/postgressqlstore"
+	"github.com/SigNoz/signoz/ee/zeus"
+	"github.com/SigNoz/signoz/ee/zeus/httpzeus"
+	"github.com/SigNoz/signoz/pkg/config"
+	"github.com/SigNoz/signoz/pkg/config/envprovider"
+	"github.com/SigNoz/signoz/pkg/config/fileprovider"
+	baseconst "github.com/SigNoz/signoz/pkg/query-service/constants"
+	"github.com/SigNoz/signoz/pkg/signoz"
+	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/version"
+
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"
+)
+
+// Deprecated: Please use the logger from pkg/instrumentation.
+func initZapLog() *zap.Logger {
+	config := zap.NewProductionConfig()
+	config.EncoderConfig.TimeKey = "timestamp"
+	config.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
+	logger, _ := config.Build()
+	return logger
+}
+
+func main() {
+	var promConfigPath, skipTopLvlOpsPath string
+
+	// disables rule execution but allows change to the rule definition
+	var disableRules bool
+
+	// the url used to build link in the alert messages in slack and other systems
+	var ruleRepoURL string
+	var cluster string
+
+	var useLogsNewSchema bool
+	var useTraceNewSchema bool
+	var cacheConfigPath, fluxInterval, fluxIntervalForTraceDetail string
+	var preferSpanMetrics bool
+
+	var maxIdleConns int
+	var maxOpenConns int
+	var dialTimeout time.Duration
+	var gatewayUrl string
+	var useLicensesV3 bool
+
+	// Deprecated
+	flag.BoolVar(&useLogsNewSchema, "use-logs-new-schema", false, "use logs_v2 schema for logs")
+	// Deprecated
+	flag.BoolVar(&useTraceNewSchema, "use-trace-new-schema", false, "use new schema for traces")
+	// Deprecated
+	flag.StringVar(&promConfigPath, "config", "./config/prometheus.yml", "(prometheus config to read metrics)")
+	// Deprecated
+	flag.StringVar(&skipTopLvlOpsPath, "skip-top-level-ops", "", "(config file to skip top level operations)")
+	// Deprecated
+	flag.BoolVar(&disableRules, "rules.disable", false, "(disable rule evaluation)")
+	flag.BoolVar(&preferSpanMetrics, "prefer-span-metrics", false, "(prefer span metrics for service level metrics)")
+	// Deprecated
+	flag.IntVar(&maxIdleConns, "max-idle-conns", 50, "(number of connections to maintain in the pool.)")
+	// Deprecated
+	flag.IntVar(&maxOpenConns, "max-open-conns", 100, "(max connections for use at any time.)")
+	// Deprecated
+	flag.DurationVar(&dialTimeout, "dial-timeout", 5*time.Second, "(the maximum time to establish a connection.)")
+	// Deprecated
+	flag.StringVar(&ruleRepoURL, "rules.repo-url", baseconst.AlertHelpPage, "(host address used to build rule link in alert messages)")
+	flag.StringVar(&cacheConfigPath, "experimental.cache-config", "", "(cache config to use)")
+	flag.StringVar(&fluxInterval, "flux-interval", "5m", "(the interval to exclude data from being cached to avoid incorrect cache for data in motion)")
+	flag.StringVar(&fluxIntervalForTraceDetail, "flux-interval-trace-detail", "2m", "(the interval to exclude data from being cached to avoid incorrect cache for trace data in motion)")
+	flag.StringVar(&cluster, "cluster", "cluster", "(cluster name - defaults to 'cluster')")
+	flag.StringVar(&gatewayUrl, "gateway-url", "", "(url to the gateway)")
+	// Deprecated
+	flag.BoolVar(&useLicensesV3, "use-licenses-v3", false, "use licenses_v3 schema for licenses")
+	flag.Parse()
+
+	loggerMgr := initZapLog()
+	zap.ReplaceGlobals(loggerMgr)
+	defer loggerMgr.Sync() // flushes buffer, if any
+
+	config, err := signoz.NewConfig(context.Background(), config.ResolverConfig{
+		Uris: []string{"env:"},
+		ProviderFactories: []config.ProviderFactory{
+			envprovider.NewFactory(),
+			fileprovider.NewFactory(),
+		},
+	}, signoz.DeprecatedFlags{
+		MaxIdleConns: maxIdleConns,
+		MaxOpenConns: maxOpenConns,
+		DialTimeout:  dialTimeout,
+		Config:       promConfigPath,
+	})
+	if err != nil {
+		zap.L().Fatal("Failed to create config", zap.Error(err))
+	}
+
+	version.Info.PrettyPrint(config.Version)
+
+	sqlStoreFactories := signoz.NewSQLStoreProviderFactories()
+	if err := sqlStoreFactories.Add(postgressqlstore.NewFactory(sqlstorehook.NewLoggingFactory())); err != nil {
+		zap.L().Fatal("Failed to add postgressqlstore factory", zap.Error(err))
+	}
+
+	signoz, err := signoz.New(
+		context.Background(),
+		config,
+		zeus.Config(),
+		httpzeus.NewProviderFactory(),
+		signoz.NewCacheProviderFactories(),
+		signoz.NewWebProviderFactories(),
+		sqlStoreFactories,
+		signoz.NewTelemetryStoreProviderFactories(),
+	)
+	if err != nil {
+		zap.L().Fatal("Failed to create signoz", zap.Error(err))
+	}
+
+	jwtSecret := os.Getenv("SIGNOZ_JWT_SECRET")
+
+	if len(jwtSecret) == 0 {
+		zap.L().Warn("No JWT secret key is specified.")
+	} else {
+		zap.L().Info("JWT secret key set successfully.")
+	}
+
+	jwt := authtypes.NewJWT(jwtSecret, 30*time.Minute, 30*24*time.Hour)
+
+	serverOptions := &app.ServerOptions{
+		Config:                     config,
+		SigNoz:                     signoz,
+		HTTPHostPort:               baseconst.HTTPHostPort,
+		PreferSpanMetrics:          preferSpanMetrics,
+		PrivateHostPort:            baseconst.PrivateHostPort,
+		CacheConfigPath:            cacheConfigPath,
+		FluxInterval:               fluxInterval,
+		FluxIntervalForTraceDetail: fluxIntervalForTraceDetail,
+		Cluster:                    cluster,
+		GatewayUrl:                 gatewayUrl,
+		Jwt:                        jwt,
+	}
+
+	server, err := app.NewServer(serverOptions)
+	if err != nil {
+		zap.L().Fatal("Failed to create server", zap.Error(err))
+	}
+
+	if err := server.Start(context.Background()); err != nil {
+		zap.L().Fatal("Could not start server", zap.Error(err))
+	}
+
+	signoz.Start(context.Background())
+
+	if err := signoz.Wait(context.Background()); err != nil {
+		zap.L().Fatal("Failed to start signoz", zap.Error(err))
+	}
+
+	err = server.Stop()
+	if err != nil {
+		zap.L().Fatal("Failed to stop server", zap.Error(err))
+	}
+
+	err = signoz.Stop(context.Background())
+	if err != nil {
+		zap.L().Fatal("Failed to stop signoz", zap.Error(err))
+	}
+}
--- a/ee/query-service/model/auth.go
+++ b/ee/query-service/model/auth.go
@@ -0,0 +1,12 @@
+package model
+
+import (
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+)
+
+// GettableInvitation overrides base object and adds precheck into
+// response
+type GettableInvitation struct {
+	*basemodel.InvitationResponseObject
+	Precheck *basemodel.PrecheckResponse `json:"precheck"`
+}
--- a/ee/query-service/model/errors.go
+++ b/ee/query-service/model/errors.go
@@ -1,7 +1,7 @@
 package model

 import (
-	"errors"
+	"fmt"

 	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
 )
@@ -57,7 +57,7 @@ func Unauthorized(err error) *ApiError {
 func BadRequestStr(s string) *ApiError {
 	return &ApiError{
 		Typ: basemodel.ErrorBadData,
-		Err: errors.New(s),
+		Err: fmt.Errorf(s),
 	}
 }

@@ -73,7 +73,7 @@ func InternalError(err error) *ApiError {
 func InternalErrorStr(s string) *ApiError {
 	return &ApiError{
 		Typ: basemodel.ErrorInternal,
-		Err: errors.New(s),
+		Err: fmt.Errorf(s),
 	}
 }

--- a/ee/query-service/model/license.go
+++ b/ee/query-service/model/license.go
@@ -0,0 +1,244 @@
+package model
+
+import (
+	"encoding/json"
+	"fmt"
+	"reflect"
+	"time"
+
+	basemodel "github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/pkg/errors"
+)
+
+type License struct {
+	Key          string    `json:"key" db:"key"`
+	ActivationId string    `json:"activationId" db:"activationId"`
+	CreatedAt    time.Time `db:"created_at"`
+
+	// PlanDetails contains the encrypted plan info
+	PlanDetails string `json:"planDetails" db:"planDetails"`
+
+	// stores parsed license details
+	LicensePlan
+
+	FeatureSet basemodel.FeatureSet
+
+	// populated in case license has any errors
+	ValidationMessage string `db:"validationMessage"`
+
+	// used only for sending details to front-end
+	IsCurrent bool `json:"isCurrent"`
+}
+
+func (l *License) MarshalJSON() ([]byte, error) {
+
+	return json.Marshal(&struct {
+		Key               string    `json:"key" db:"key"`
+		ActivationId      string    `json:"activationId" db:"activationId"`
+		ValidationMessage string    `db:"validationMessage"`
+		IsCurrent         bool      `json:"isCurrent"`
+		PlanKey           string    `json:"planKey"`
+		ValidFrom         time.Time `json:"ValidFrom"`
+		ValidUntil        time.Time `json:"ValidUntil"`
+		Status            string    `json:"status"`
+	}{
+		Key:               l.Key,
+		ActivationId:      l.ActivationId,
+		IsCurrent:         l.IsCurrent,
+		PlanKey:           l.PlanKey,
+		ValidFrom:         time.Unix(l.ValidFrom, 0),
+		ValidUntil:        time.Unix(l.ValidUntil, 0),
+		Status:            l.Status,
+		ValidationMessage: l.ValidationMessage,
+	})
+}
+
+type LicensePlan struct {
+	PlanKey    string `json:"planKey"`
+	ValidFrom  int64  `json:"validFrom"`
+	ValidUntil int64  `json:"validUntil"`
+	Status     string `json:"status"`
+}
+
+type Licenses struct {
+	TrialStart                   int64     `json:"trialStart"`
+	TrialEnd                     int64     `json:"trialEnd"`
+	OnTrial                      bool      `json:"onTrial"`
+	WorkSpaceBlock               bool      `json:"workSpaceBlock"`
+	TrialConvertedToSubscription bool      `json:"trialConvertedToSubscription"`
+	GracePeriodEnd               int64     `json:"gracePeriodEnd"`
+	Licenses                     []License `json:"licenses"`
+}
+
+type SubscriptionServerResp struct {
+	Status string   `json:"status"`
+	Data   Licenses `json:"data"`
+}
+
+type Plan struct {
+	Name string `json:"name"`
+}
+
+type LicenseDB struct {
+	ID   string `json:"id"`
+	Key  string `json:"key"`
+	Data string `json:"data"`
+}
+type LicenseV3 struct {
+	ID         string
+	Key        string
+	Data       map[string]interface{}
+	PlanName   string
+	Features   basemodel.FeatureSet
+	Status     string
+	IsCurrent  bool
+	ValidFrom  int64
+	ValidUntil int64
+}
+
+func extractKeyFromMapStringInterface[T any](data map[string]interface{}, key string) (T, error) {
+	var zeroValue T
+	if val, ok := data[key]; ok {
+		if value, ok := val.(T); ok {
+			return value, nil
+		}
+		return zeroValue, fmt.Errorf("%s key is not a valid %s", key, reflect.TypeOf(zeroValue))
+	}
+	return zeroValue, fmt.Errorf("%s key is missing", key)
+}
+
+func NewLicenseV3(data map[string]interface{}) (*LicenseV3, error) {
+	var features basemodel.FeatureSet
+
+	// extract id from data
+	licenseID, err := extractKeyFromMapStringInterface[string](data, "id")
+	if err != nil {
+		return nil, err
+	}
+	delete(data, "id")
+
+	// extract key from data
+	licenseKey, err := extractKeyFromMapStringInterface[string](data, "key")
+	if err != nil {
+		return nil, err
+	}
+	delete(data, "key")
+
+	// extract status from data
+	status, err := extractKeyFromMapStringInterface[string](data, "status")
+	if err != nil {
+		return nil, err
+	}
+
+	planMap, err := extractKeyFromMapStringInterface[map[string]any](data, "plan")
+	if err != nil {
+		return nil, err
+	}
+
+	planName, err := extractKeyFromMapStringInterface[string](planMap, "name")
+	if err != nil {
+		return nil, err
+	}
+	// if license status is invalid then default it to basic
+	if status == LicenseStatusInvalid {
+		planName = PlanNameBasic
+	}
+
+	featuresFromZeus := basemodel.FeatureSet{}
+	if _features, ok := data["features"]; ok {
+		featuresData, err := json.Marshal(_features)
+		if err != nil {
+			return nil, errors.Wrap(err, "failed to marshal features data")
+		}
+
+		if err := json.Unmarshal(featuresData, &featuresFromZeus); err != nil {
+			return nil, errors.Wrap(err, "failed to unmarshal features data")
+		}
+	}
+
+	switch planName {
+	case PlanNameEnterprise:
+		features = append(features, EnterprisePlan...)
+	case PlanNameBasic:
+		features = append(features, BasicPlan...)
+	default:
+		features = append(features, BasicPlan...)
+	}
+
+	if len(featuresFromZeus) > 0 {
+		for _, feature := range featuresFromZeus {
+			exists := false
+			for i, existingFeature := range features {
+				if existingFeature.Name == feature.Name {
+					features[i] = feature // Replace existing feature
+					exists = true
+					break
+				}
+			}
+			if !exists {
+				features = append(features, feature) // Append if it doesn't exist
+			}
+		}
+	}
+	data["features"] = features
+
+	_validFrom, err := extractKeyFromMapStringInterface[float64](data, "valid_from")
+	if err != nil {
+		_validFrom = 0
+	}
+	validFrom := int64(_validFrom)
+
+	_validUntil, err := extractKeyFromMapStringInterface[float64](data, "valid_until")
+	if err != nil {
+		_validUntil = 0
+	}
+	validUntil := int64(_validUntil)
+
+	return &LicenseV3{
+		ID:         licenseID,
+		Key:        licenseKey,
+		Data:       data,
+		PlanName:   planName,
+		Features:   features,
+		ValidFrom:  validFrom,
+		ValidUntil: validUntil,
+		Status:     status,
+	}, nil
+
+}
+
+func NewLicenseV3WithIDAndKey(id string, key string, data map[string]interface{}) (*LicenseV3, error) {
+	licenseDataWithIdAndKey := data
+	licenseDataWithIdAndKey["id"] = id
+	licenseDataWithIdAndKey["key"] = key
+	return NewLicenseV3(licenseDataWithIdAndKey)
+}
+
+func ConvertLicenseV3ToLicenseV2(l *LicenseV3) *License {
+	planKeyFromPlanName, ok := MapOldPlanKeyToNewPlanName[l.PlanName]
+	if !ok {
+		planKeyFromPlanName = Basic
+	}
+	return &License{
+		Key:               l.Key,
+		ActivationId:      "",
+		PlanDetails:       "",
+		FeatureSet:        l.Features,
+		ValidationMessage: "",
+		IsCurrent:         l.IsCurrent,
+		LicensePlan: LicensePlan{
+			PlanKey:    planKeyFromPlanName,
+			ValidFrom:  l.ValidFrom,
+			ValidUntil: l.ValidUntil,
+			Status:     l.Status},
+	}
+
+}
+
+type CheckoutRequest struct {
+	SuccessURL string `json:"url"`
+}
+
+type PortalRequest struct {
+	SuccessURL string `json:"url"`
+}
--- a/ee/query-service/model/license_test.go
+++ b/ee/query-service/model/license_test.go
@@ -0,0 +1,170 @@
+package model
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/SigNoz/signoz/pkg/query-service/model"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewLicenseV3(t *testing.T) {
+	testCases := []struct {
+		name     string
+		data     []byte
+		pass     bool
+		expected *LicenseV3
+		error    error
+	}{
+		{
+			name:  "Error for missing license id",
+			data:  []byte(`{}`),
+			pass:  false,
+			error: errors.New("id key is missing"),
+		},
+		{
+			name:  "Error for license id not being a valid string",
+			data:  []byte(`{"id": 10}`),
+			pass:  false,
+			error: errors.New("id key is not a valid string"),
+		},
+		{
+			name:  "Error for missing license key",
+			data:  []byte(`{"id":"does-not-matter"}`),
+			pass:  false,
+			error: errors.New("key key is missing"),
+		},
+		{
+			name:  "Error for invalid string license key",
+			data:  []byte(`{"id":"does-not-matter","key":10}`),
+			pass:  false,
+			error: errors.New("key key is not a valid string"),
+		},
+		{
+			name:  "Error for missing license status",
+			data:  []byte(`{"id":"does-not-matter", "key": "does-not-matter","category":"FREE"}`),
+			pass:  false,
+			error: errors.New("status key is missing"),
+		},
+		{
+			name:  "Error for invalid string license status",
+			data:  []byte(`{"id":"does-not-matter","key": "does-not-matter", "category":"FREE", "status":10}`),
+			pass:  false,
+			error: errors.New("status key is not a valid string"),
+		},
+		{
+			name:  "Error for missing license plan",
+			data:  []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE"}`),
+			pass:  false,
+			error: errors.New("plan key is missing"),
+		},
+		{
+			name:  "Error for invalid json license plan",
+			data:  []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":10}`),
+			pass:  false,
+			error: errors.New("plan key is not a valid map[string]interface {}"),
+		},
+		{
+			name:  "Error for invalid license plan",
+			data:  []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":{}}`),
+			pass:  false,
+			error: errors.New("name key is missing"),
+		},
+		{
+			name: "Parse the entire license properly",
+			data: []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":{"name":"ENTERPRISE"},"valid_from": 1730899309,"valid_until": -1}`),
+			pass: true,
+			expected: &LicenseV3{
+				ID:  "does-not-matter",
+				Key: "does-not-matter-key",
+				Data: map[string]interface{}{
+					"plan": map[string]interface{}{
+						"name": "ENTERPRISE",
+					},
+					"category":    "FREE",
+					"status":      "ACTIVE",
+					"valid_from":  float64(1730899309),
+					"valid_until": float64(-1),
+				},
+				PlanName:   PlanNameEnterprise,
+				ValidFrom:  1730899309,
+				ValidUntil: -1,
+				Status:     "ACTIVE",
+				IsCurrent:  false,
+				Features:   model.FeatureSet{},
+			},
+		},
+		{
+			name: "Fallback to basic plan if license status is invalid",
+			data: []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"INVALID","plan":{"name":"ENTERPRISE"},"valid_from": 1730899309,"valid_until": -1}`),
+			pass: true,
+			expected: &LicenseV3{
+				ID:  "does-not-matter",
+				Key: "does-not-matter-key",
+				Data: map[string]interface{}{
+					"plan": map[string]interface{}{
+						"name": "ENTERPRISE",
+					},
+					"category":    "FREE",
+					"status":      "INVALID",
+					"valid_from":  float64(1730899309),
+					"valid_until": float64(-1),
+				},
+				PlanName:   PlanNameBasic,
+				ValidFrom:  1730899309,
+				ValidUntil: -1,
+				Status:     "INVALID",
+				IsCurrent:  false,
+				Features:   model.FeatureSet{},
+			},
+		},
+		{
+			name: "fallback states for validFrom and validUntil",
+			data: []byte(`{"id":"does-not-matter","key":"does-not-matter-key","category":"FREE","status":"ACTIVE","plan":{"name":"ENTERPRISE"},"valid_from":1234.456,"valid_until":5678.567}`),
+			pass: true,
+			expected: &LicenseV3{
+				ID:  "does-not-matter",
+				Key: "does-not-matter-key",
+				Data: map[string]interface{}{
+					"plan": map[string]interface{}{
+						"name": "ENTERPRISE",
+					},
+					"valid_from":  1234.456,
+					"valid_until": 5678.567,
+					"category":    "FREE",
+					"status":      "ACTIVE",
+				},
+				PlanName:   PlanNameEnterprise,
+				ValidFrom:  1234,
+				ValidUntil: 5678,
+				Status:     "ACTIVE",
+				IsCurrent:  false,
+				Features:   model.FeatureSet{},
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		var licensePayload map[string]interface{}
+		err := json.Unmarshal(tc.data, &licensePayload)
+		require.NoError(t, err)
+		license, err := NewLicenseV3(licensePayload)
+		if license != nil {
+			license.Features = make(model.FeatureSet, 0)
+			delete(license.Data, "features")
+		}
+
+		if tc.pass {
+			require.NoError(t, err)
+			require.NotNil(t, license)
+			assert.Equal(t, tc.expected, license)
+		} else {
+			require.Error(t, err)
+			assert.EqualError(t, err, tc.error.Error())
+			require.Nil(t, license)
+		}
+
+	}
+}
--- a/ee/query-service/model/pat.go
+++ b/ee/query-service/model/pat.go
@@ -0,0 +1,7 @@
+package model
+
+type CreatePATRequestBody struct {
+	Name          string `json:"name"`
+	Role          string `json:"role"`
+	ExpiresInDays int64  `json:"expiresInDays"`
+}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Shivanshu Raj Shrivastava	aa24227a99	chore: tf testing Signed-off-by: Shivanshu Raj Shrivastava <shivanshu1333@gmail.com>	2025-04-29 15:57:41 +05:30
Shivanshu Raj Shrivastava	bd3794b7d4	chore: tf testing Signed-off-by: Shivanshu Raj Shrivastava <shivanshu1333@gmail.com>	2025-04-29 15:49:35 +05:30