Merge branch 'main' of https://github.com/formbricks/formbricks into fix/duplicate-tag

.env.example

@@ -210,6 +210,8 @@ UNKEY_ROOT_KEY=
 # The SENTRY_AUTH_TOKEN variable is picked up by the Sentry Build Plugin.
 # It's used automatically by Sentry during the build for authentication when uploading source maps.
 # SENTRY_AUTH_TOKEN=
+# The SENTRY_ENVIRONMENT is the environment which the error will belong to in the Sentry dashboard
+# SENTRY_ENVIRONMENT=
 
 # Configure the minimum role for user management from UI(owner, manager, disabled)
 # USER_MANAGEMENT_MINIMUM_ROLE="manager"

.github/actions/upload-sentry-sourcemaps/action.yml

@@ -0,0 +1,121 @@
+name: 'Upload Sentry Sourcemaps'
+description: 'Extract sourcemaps from Docker image and upload to Sentry'
+
+inputs:
+  docker_image:
+    description: 'Docker image to extract sourcemaps from'
+    required: true
+  release_version:
+    description: 'Sentry release version (e.g., v1.2.3)'
+    required: true
+  sentry_auth_token:
+    description: 'Sentry authentication token'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Validate Sentry auth token
+      shell: bash
+      run: |
+        set -euo pipefail
+        echo "🔐 Validating Sentry authentication token..."
+
+        # Assign token to local variable for secure handling
+        SENTRY_TOKEN="${{ inputs.sentry_auth_token }}"
+
+        # Test the token by making a simple API call to Sentry
+        response=$(curl -s -w "%{http_code}" -o /tmp/sentry_response.json \
+          -H "Authorization: Bearer $SENTRY_TOKEN" \
+          "https://sentry.io/api/0/organizations/formbricks/")
+
+        http_code=$(echo "$response" | tail -n1)
+
+        if [ "$http_code" != "200" ]; then
+          echo "❌ Error: Invalid Sentry auth token (HTTP $http_code)"
+          echo "Please check your SENTRY_AUTH_TOKEN is correct and has the necessary permissions."
+          if [ -f /tmp/sentry_response.json ]; then
+            echo "Response body:"
+            cat /tmp/sentry_response.json
+          fi
+          exit 1
+        fi
+
+        echo "✅ Sentry auth token validated successfully"
+
+        # Clean up temp file
+        rm -f /tmp/sentry_response.json
+
+    - name: Extract sourcemaps from Docker image
+      shell: bash
+      run: |
+        set -euo pipefail
+        echo "📦 Extracting sourcemaps from Docker image: ${{ inputs.docker_image }}"
+
+        # Create temporary container from the image and capture its ID
+        echo "Creating temporary container..."
+        CONTAINER_ID=$(docker create "${{ inputs.docker_image }}")
+        echo "Container created with ID: $CONTAINER_ID"
+
+        # Set up cleanup function to ensure container is removed on script exit
+        cleanup_container() {
+          # Capture the current exit code to preserve it
+          local original_exit_code=$?
+          
+          echo "🧹 Cleaning up Docker container..."
+          
+          # Remove the container if it exists (ignore errors if already removed)
+          if [ -n "$CONTAINER_ID" ]; then
+            docker rm -f "$CONTAINER_ID" 2>/dev/null || true
+            echo "Container $CONTAINER_ID removed"
+          fi
+          
+          # Exit with the original exit code to preserve script success/failure status
+          exit $original_exit_code
+        }
+        
+        # Register cleanup function to run on script exit (success or failure)
+        trap cleanup_container EXIT
+
+        # Extract .next directory containing sourcemaps
+        docker cp "$CONTAINER_ID:/home/nextjs/apps/web/.next" ./extracted-next
+
+        # Verify sourcemaps exist
+        if [ ! -d "./extracted-next/static/chunks" ]; then
+          echo "❌ Error: .next/static/chunks directory not found in Docker image"
+          echo "Expected structure: /home/nextjs/apps/web/.next/static/chunks/"
+          exit 1
+        fi
+
+        sourcemap_count=$(find ./extracted-next/static/chunks -name "*.map" | wc -l)
+        echo "✅ Found $sourcemap_count sourcemap files"
+
+        if [ "$sourcemap_count" -eq 0 ]; then
+          echo "❌ Error: No sourcemap files found. Check that productionBrowserSourceMaps is enabled."
+          exit 1
+        fi
+
+    - name: Create Sentry release and upload sourcemaps
+      uses: getsentry/action-release@v3
+      env:
+        SENTRY_AUTH_TOKEN: ${{ inputs.sentry_auth_token }}
+        SENTRY_ORG: formbricks
+        SENTRY_PROJECT: formbricks-cloud
+      with:
+        environment: production
+        version: ${{ inputs.release_version }}
+        sourcemaps: './extracted-next/'
+
+    - name: Clean up extracted files
+      shell: bash
+      if: always()
+      run: |
+        set -euo pipefail
+        # Clean up extracted files
+        rm -rf ./extracted-next
+        echo "🧹 Cleaned up extracted files"

.github/workflows/formbricks-release.yml

@@ -32,3 +32,25 @@ jobs:
     with:
       VERSION: v${{ needs.docker-build.outputs.VERSION }}
       ENVIRONMENT: "prod"
+
+  upload-sentry-sourcemaps:
+    name: Upload Sentry Sourcemaps
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    needs:
+      - docker-build
+      - deploy-formbricks-cloud
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Upload Sentry Sourcemaps
+        uses: ./.github/actions/upload-sentry-sourcemaps
+        continue-on-error: true
+        with:
+          docker_image: ghcr.io/formbricks/formbricks:v${{ needs.docker-build.outputs.VERSION }}
+          release_version: v${{ needs.docker-build.outputs.VERSION }}
+          sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }}

.github/workflows/upload-sentry-sourcemaps.yml

@@ -0,0 +1,46 @@
+name: Upload Sentry Sourcemaps (Manual)
+
+on:
+  workflow_dispatch:
+    inputs:
+      docker_image:
+        description: "Docker image to extract sourcemaps from"
+        required: true
+        type: string
+      release_version:
+        description: "Release version (e.g., v1.2.3)"
+        required: true
+        type: string
+      tag_version:
+        description: "Docker image tag (leave empty to use release_version)"
+        required: false
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  upload-sourcemaps:
+    name: Upload Sourcemaps to Sentry
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Set Docker Image
+        run: |
+          if [ -n "${{ inputs.tag_version }}" ]; then
+            echo "DOCKER_IMAGE=${{ inputs.docker_image }}:${{ inputs.tag_version }}" >> $GITHUB_ENV
+          else
+            echo "DOCKER_IMAGE=${{ inputs.docker_image }}:${{ inputs.release_version }}" >> $GITHUB_ENV
+          fi
+
+      - name: Upload Sourcemaps to Sentry
+        uses: ./.github/actions/upload-sentry-sourcemaps
+        with:
+          docker_image: ${{ env.DOCKER_IMAGE }}
+          release_version: ${{ inputs.release_version }}
+          sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }} 

apps/web/Dockerfile

@@ -25,21 +25,9 @@ RUN corepack prepare pnpm@9.15.9 --activate
 # Install necessary build tools and compilers
 RUN apk update && apk add --no-cache cmake g++ gcc jq make openssl-dev python3
 
-# BuildKit secret handling without hardcoded fallback values
-# This approach relies entirely on secrets passed from GitHub Actions
-RUN echo '#!/bin/sh' > /tmp/read-secrets.sh && \
-    echo 'if [ -f "/run/secrets/database_url" ]; then' >> /tmp/read-secrets.sh && \
-    echo '  export DATABASE_URL=$(cat /run/secrets/database_url)' >> /tmp/read-secrets.sh && \
-    echo 'else' >> /tmp/read-secrets.sh && \
-    echo '  echo "DATABASE_URL secret not found. Build may fail if this is required."' >> /tmp/read-secrets.sh && \
-    echo 'fi' >> /tmp/read-secrets.sh && \
-    echo 'if [ -f "/run/secrets/encryption_key" ]; then' >> /tmp/read-secrets.sh && \
-    echo '  export ENCRYPTION_KEY=$(cat /run/secrets/encryption_key)' >> /tmp/read-secrets.sh && \
-    echo 'else' >> /tmp/read-secrets.sh && \
-    echo '  echo "ENCRYPTION_KEY secret not found. Build may fail if this is required."' >> /tmp/read-secrets.sh && \
-    echo 'fi' >> /tmp/read-secrets.sh && \
-    echo 'exec "$@"' >> /tmp/read-secrets.sh && \
-    chmod +x /tmp/read-secrets.sh
+# Copy the secrets handling script
+COPY apps/web/scripts/docker/read-secrets.sh /tmp/read-secrets.sh
+RUN chmod +x /tmp/read-secrets.sh
 
 # Increase Node.js memory limit as a regular build argument
 ARG NODE_OPTIONS="--max_old_space_size=4096"
@@ -62,6 +50,9 @@ RUN touch apps/web/.env
 # Install the dependencies
 RUN pnpm install --ignore-scripts
 
+# Build the database package first
+RUN pnpm build --filter=@formbricks/database
+
 # Build the project using our secret reader script
 # This mounts the secrets only during this build step without storing them in layers
 RUN --mount=type=secret,id=database_url \
@@ -106,20 +97,8 @@ RUN chown -R nextjs:nextjs ./apps/web/public && chmod -R 755 ./apps/web/public
 COPY --from=installer /app/packages/database/schema.prisma ./packages/database/schema.prisma
 RUN chown nextjs:nextjs ./packages/database/schema.prisma && chmod 644 ./packages/database/schema.prisma
 
-COPY --from=installer /app/packages/database/package.json ./packages/database/package.json
-RUN chown nextjs:nextjs ./packages/database/package.json && chmod 644 ./packages/database/package.json
-
-COPY --from=installer /app/packages/database/migration ./packages/database/migration
-RUN chown -R nextjs:nextjs ./packages/database/migration && chmod -R 755 ./packages/database/migration
-
-COPY --from=installer /app/packages/database/src ./packages/database/src
-RUN chown -R nextjs:nextjs ./packages/database/src && chmod -R 755 ./packages/database/src
-
-COPY --from=installer /app/packages/database/node_modules ./packages/database/node_modules
-RUN chown -R nextjs:nextjs ./packages/database/node_modules && chmod -R 755 ./packages/database/node_modules
-
-COPY --from=installer /app/packages/logger/dist ./packages/database/node_modules/@formbricks/logger/dist
-RUN chown -R nextjs:nextjs ./packages/database/node_modules/@formbricks/logger/dist && chmod -R 755 ./packages/database/node_modules/@formbricks/logger/dist
+COPY --from=installer /app/packages/database/dist ./packages/database/dist
+RUN chown -R nextjs:nextjs ./packages/database/dist && chmod -R 755 ./packages/database/dist
 
 COPY --from=installer /app/node_modules/@prisma/client ./node_modules/@prisma/client
 RUN chown -R nextjs:nextjs ./node_modules/@prisma/client && chmod -R 755 ./node_modules/@prisma/client
@@ -142,12 +121,14 @@ RUN chmod -R 755 ./node_modules/@noble/hashes
 COPY --from=installer /app/node_modules/zod ./node_modules/zod
 RUN chmod -R 755 ./node_modules/zod
 
-RUN npm install --ignore-scripts -g tsx typescript pino-pretty 
 RUN npm install -g prisma
 
+# Create a startup script to handle the conditional logic
+COPY --from=installer /app/apps/web/scripts/docker/next-start.sh /home/nextjs/start.sh
+RUN chown nextjs:nextjs /home/nextjs/start.sh && chmod +x /home/nextjs/start.sh
+
 EXPOSE 3000
-ENV HOSTNAME "0.0.0.0"
-ENV NODE_ENV="production"
+ENV HOSTNAME="0.0.0.0"
 USER nextjs
 
 # Prepare volume for uploads
@@ -158,12 +139,4 @@ VOLUME /home/nextjs/apps/web/uploads/
 RUN mkdir -p /home/nextjs/apps/web/saml-connection
 VOLUME /home/nextjs/apps/web/saml-connection
 
-CMD if [ "${DOCKER_CRON_ENABLED:-1}" = "1" ]; then \
-      echo "Starting cron jobs..."; \
-      supercronic -quiet /app/docker/cronjobs & \
-    else \
-      echo "Docker cron jobs are disabled via DOCKER_CRON_ENABLED=0"; \
-    fi; \
-    (cd packages/database && npm run db:migrate:deploy) && \
-    (cd packages/database && npm run db:create-saml-database:deploy) && \
-    exec node apps/web/server.js
+CMD ["/home/nextjs/start.sh"]

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.test.tsx

@@ -94,6 +94,7 @@ describe("LandingSidebar component", () => {
       organizationId: "o1",
       redirect: true,
       callbackUrl: "/auth/login",
+      clearEnvironmentId: true,
     });
   });
 });

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.tsx

@@ -130,6 +130,7 @@ export const LandingSidebar = ({
                   organizationId: organization.id,
                   redirect: true,
                   callbackUrl: "/auth/login",
+                  clearEnvironmentId: true,
                 });
               }}
               icon={<LogOutIcon className="mr-2 h-4 w-4" strokeWidth={1.5} />}>

apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.test.tsx

@@ -221,7 +221,6 @@ describe("MainNavigation", () => {
     vi.mocked(useSignOut).mockReturnValue({ signOut: mockSignOut });
 
     // Set up localStorage spy on the mocked localStorage
-    const removeItemSpy = vi.spyOn(window.localStorage, "removeItem");
 
     render(<MainNavigation {...defaultProps} />);
 
@@ -243,23 +242,18 @@ describe("MainNavigation", () => {
     const logoutButton = screen.getByText("common.logout");
     await userEvent.click(logoutButton);
 
-    // Verify localStorage.removeItem is called with the correct key
-    expect(removeItemSpy).toHaveBeenCalledWith("formbricks-environment-id");
-
     expect(mockSignOut).toHaveBeenCalledWith({
       reason: "user_initiated",
       redirectUrl: "/auth/login",
       organizationId: "org1",
       redirect: false,
       callbackUrl: "/auth/login",
+      clearEnvironmentId: true,
     });
 
     await waitFor(() => {
       expect(mockRouterPush).toHaveBeenCalledWith("/auth/login");
     });
-
-    // Clean up spy
-    removeItemSpy.mockRestore();
   });
 
   test("handles organization switching", async () => {

apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.tsx

@@ -4,7 +4,6 @@ import { getLatestStableFbReleaseAction } from "@/app/(app)/environments/[enviro
 import { NavigationLink } from "@/app/(app)/environments/[environmentId]/components/NavigationLink";
 import FBLogo from "@/images/formbricks-wordmark.svg";
 import { cn } from "@/lib/cn";
-import { FORMBRICKS_ENVIRONMENT_ID_LS } from "@/lib/localStorage";
 import { getAccessFlags } from "@/lib/membership/utils";
 import { capitalizeFirstLetter } from "@/lib/utils/strings";
 import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
@@ -391,14 +390,13 @@ export const MainNavigation = ({
 
                   <DropdownMenuItem
                     onClick={async () => {
-                      localStorage.removeItem(FORMBRICKS_ENVIRONMENT_ID_LS);
-
                       const route = await signOutWithAudit({
                         reason: "user_initiated",
                         redirectUrl: "/auth/login",
                         organizationId: organization.id,
                         redirect: false,
                         callbackUrl: "/auth/login",
+                        clearEnvironmentId: true,
                       });
                       router.push(route?.url || "/auth/login"); // NOSONAR // We want to check for empty strings
                     }}

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/actions.ts

@@ -13,7 +13,7 @@ import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/co
 import { rateLimit } from "@/lib/utils/rate-limit";
 import { updateBrevoCustomer } from "@/modules/auth/lib/brevo";
 import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
-import { sendVerificationNewEmail } from "@/modules/email";
+import { sendForgotPasswordEmail, sendVerificationNewEmail } from "@/modules/email";
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
 import {
@@ -162,3 +162,21 @@ export const removeAvatarAction = authenticatedActionClient.schema(ZRemoveAvatar
     }
   )
 );
+
+export const resetPasswordAction = authenticatedActionClient.action(
+  withAuditLogging(
+    "passwordReset",
+    "user",
+    async ({ ctx }: { ctx: AuthenticatedActionClientCtx; parsedInput: undefined }) => {
+      if (ctx.user.identityProvider !== "email") {
+        throw new OperationNotAllowedError("auth.reset-password.not-allowed");
+      }
+
+      await sendForgotPasswordEmail(ctx.user);
+
+      ctx.auditLoggingCtx.userId = ctx.user.id;
+
+      return { success: true };
+    }
+  )
+);

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/EditProfileDetailsForm.test.tsx

@@ -3,7 +3,7 @@ import userEvent from "@testing-library/user-event";
 import toast from "react-hot-toast";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { TUser } from "@formbricks/types/user";
-import { updateUserAction } from "../actions";
+import { resetPasswordAction, updateUserAction } from "../actions";
 import { EditProfileDetailsForm } from "./EditProfileDetailsForm";
 
 const mockUser = {
@@ -24,6 +24,8 @@ const mockUser = {
   objective: "other",
 } as unknown as TUser;
 
+vi.mock("next-auth/react", () => ({ signOut: vi.fn() }));
+
 // Mock window.location.reload
 const originalLocation = window.location;
 beforeEach(() => {
@@ -35,6 +37,11 @@ beforeEach(() => {
 
 vi.mock("@/app/(app)/environments/[environmentId]/settings/(account)/profile/actions", () => ({
   updateUserAction: vi.fn(),
+  resetPasswordAction: vi.fn(),
+}));
+
+vi.mock("@/modules/auth/forgot-password/actions", () => ({
+  forgotPasswordAction: vi.fn(),
 }));
 
 afterEach(() => {
@@ -50,7 +57,13 @@ describe("EditProfileDetailsForm", () => {
   test("renders with initial user data and updates successfully", async () => {
     vi.mocked(updateUserAction).mockResolvedValue({ ...mockUser, name: "New Name" } as any);
 
-    render(<EditProfileDetailsForm user={mockUser} emailVerificationDisabled={true} />);
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={true}
+        isPasswordResetEnabled={false}
+      />
+    );
 
     const nameInput = screen.getByPlaceholderText("common.full_name");
     expect(nameInput).toHaveValue(mockUser.name);
@@ -91,7 +104,13 @@ describe("EditProfileDetailsForm", () => {
     const errorMessage = "Update failed";
     vi.mocked(updateUserAction).mockRejectedValue(new Error(errorMessage));
 
-    render(<EditProfileDetailsForm user={mockUser} emailVerificationDisabled={false} />);
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={false}
+      />
+    );
 
     const nameInput = screen.getByPlaceholderText("common.full_name");
     await userEvent.clear(nameInput);
@@ -109,7 +128,13 @@ describe("EditProfileDetailsForm", () => {
   });
 
   test("update button is disabled initially and enables on change", async () => {
-    render(<EditProfileDetailsForm user={mockUser} emailVerificationDisabled={false} />);
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={false}
+      />
+    );
     const updateButton = screen.getByText("common.update");
     expect(updateButton).toBeDisabled();
 
@@ -117,4 +142,68 @@ describe("EditProfileDetailsForm", () => {
     await userEvent.type(nameInput, " updated");
     expect(updateButton).toBeEnabled();
   });
+
+  test("reset password button works", async () => {
+    vi.mocked(resetPasswordAction).mockResolvedValue({ data: { success: true } });
+
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={true}
+      />
+    );
+
+    const resetButton = screen.getByRole("button", { name: "auth.forgot-password.reset_password" });
+    await userEvent.click(resetButton);
+
+    await waitFor(() => {
+      expect(resetPasswordAction).toHaveBeenCalled();
+    });
+
+    await waitFor(() => {
+      expect(toast.success).toHaveBeenCalledWith("auth.forgot-password.email-sent.heading");
+    });
+  });
+
+  test("reset password button handles error correctly", async () => {
+    const errorMessage = "Reset failed";
+    vi.mocked(resetPasswordAction).mockResolvedValue({ serverError: errorMessage });
+
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={true}
+      />
+    );
+
+    const resetButton = screen.getByRole("button", { name: "auth.forgot-password.reset_password" });
+    await userEvent.click(resetButton);
+
+    await waitFor(() => {
+      expect(resetPasswordAction).toHaveBeenCalled();
+    });
+
+    await waitFor(() => {
+      expect(toast.error).toHaveBeenCalledWith(errorMessage);
+    });
+  });
+
+  test("reset password button shows loading state", async () => {
+    vi.mocked(resetPasswordAction).mockImplementation(() => new Promise(() => {})); // Never resolves
+
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={true}
+      />
+    );
+
+    const resetButton = screen.getByRole("button", { name: "auth.forgot-password.reset_password" });
+    await userEvent.click(resetButton);
+
+    expect(resetButton).toBeDisabled();
+  });
 });

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/EditProfileDetailsForm.tsx

@@ -14,6 +14,7 @@ import {
 } from "@/modules/ui/components/dropdown-menu";
 import { FormControl, FormError, FormField, FormItem, FormLabel } from "@/modules/ui/components/form";
 import { Input } from "@/modules/ui/components/input";
+import { Label } from "@/modules/ui/components/label";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { useTranslate } from "@tolgee/react";
 import { ChevronDownIcon } from "lucide-react";
@@ -22,7 +23,7 @@ import { FormProvider, SubmitHandler, useForm } from "react-hook-form";
 import toast from "react-hot-toast";
 import { z } from "zod";
 import { TUser, TUserUpdateInput, ZUser, ZUserEmail } from "@formbricks/types/user";
-import { updateUserAction } from "../actions";
+import { resetPasswordAction, updateUserAction } from "../actions";
 
 // Schema & types
 const ZEditProfileNameFormSchema = ZUser.pick({ name: true, locale: true, email: true }).extend({
@@ -30,13 +31,17 @@ const ZEditProfileNameFormSchema = ZUser.pick({ name: true, locale: true, email:
 });
 type TEditProfileNameForm = z.infer<typeof ZEditProfileNameFormSchema>;
 
+interface IEditProfileDetailsFormProps {
+  user: TUser;
+  isPasswordResetEnabled?: boolean;
+  emailVerificationDisabled: boolean;
+}
+
 export const EditProfileDetailsForm = ({
   user,
+  isPasswordResetEnabled,
   emailVerificationDisabled,
-}: {
-  user: TUser;
-  emailVerificationDisabled: boolean;
-}) => {
+}: IEditProfileDetailsFormProps) => {
   const { t } = useTranslate();
 
   const form = useForm<TEditProfileNameForm>({
@@ -50,6 +55,8 @@ export const EditProfileDetailsForm = ({
   });
 
   const { isSubmitting, isDirty } = form.formState;
+
+  const [isResettingPassword, setIsResettingPassword] = useState(false);
   const [showModal, setShowModal] = useState(false);
   const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
 
@@ -90,6 +97,7 @@ export const EditProfileDetailsForm = ({
           redirectUrl: "/email-change-without-verification-success",
           redirect: true,
           callbackUrl: "/email-change-without-verification-success",
+          clearEnvironmentId: true,
         });
         return;
       }
@@ -121,6 +129,28 @@ export const EditProfileDetailsForm = ({
     }
   };
 
+  const handleResetPassword = async () => {
+    setIsResettingPassword(true);
+
+    const result = await resetPasswordAction();
+    if (result?.data) {
+      toast.success(t("auth.forgot-password.email-sent.heading"));
+
+      await signOutWithAudit({
+        reason: "password_reset",
+        redirectUrl: "/auth/login",
+        redirect: true,
+        callbackUrl: "/auth/login",
+        clearEnvironmentId: true,
+      });
+    } else {
+      const errorMessage = getFormattedErrorMessage(result);
+      toast.error(t(errorMessage));
+    }
+
+    setIsResettingPassword(false);
+  };
+
   return (
     <>
       <FormProvider {...form}>
@@ -205,6 +235,26 @@ export const EditProfileDetailsForm = ({
             )}
           />
 
+          {isPasswordResetEnabled && (
+            <div className="mt-4 space-y-2">
+              <Label htmlFor="reset-password">{t("auth.forgot-password.reset_password")}</Label>
+              <p className="mt-1 text-sm text-slate-500">
+                {t("auth.forgot-password.reset_password_description")}
+              </p>
+              <div className="flex items-center justify-between gap-2">
+                <Input type="email" id="reset-password" defaultValue={user.email} disabled />
+                <Button
+                  onClick={handleResetPassword}
+                  loading={isResettingPassword}
+                  disabled={isResettingPassword}
+                  size="default"
+                  variant="secondary">
+                  {t("auth.forgot-password.reset_password")}
+                </Button>
+              </div>
+            </div>
+          )}
+
           <Button
             type="submit"
             className="mt-4"

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/page.test.tsx

@@ -12,7 +12,8 @@ import Page from "./page";
 
 // Mock services and utils
 vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: true,
+  IS_FORMBRICKS_CLOUD: 1,
+  PASSWORD_RESET_DISABLED: 1,
   EMAIL_VERIFICATION_DISABLED: true,
 }));
 vi.mock("@/lib/organization/service", () => ({

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/page.tsx

@@ -1,6 +1,6 @@
 import { AccountSettingsNavbar } from "@/app/(app)/environments/[environmentId]/settings/(account)/components/AccountSettingsNavbar";
 import { AccountSecurity } from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/components/AccountSecurity";
-import { EMAIL_VERIFICATION_DISABLED, IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { EMAIL_VERIFICATION_DISABLED, IS_FORMBRICKS_CLOUD, PASSWORD_RESET_DISABLED } from "@/lib/constants";
 import { getOrganizationsWhereUserIsSingleOwner } from "@/lib/organization/service";
 import { getUser } from "@/lib/user/service";
 import { getIsMultiOrgEnabled, getIsTwoFactorAuthEnabled } from "@/modules/ee/license-check/lib/utils";
@@ -32,6 +32,8 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
     throw new Error(t("common.user_not_found"));
   }
 
+  const isPasswordResetEnabled = !PASSWORD_RESET_DISABLED && user.identityProvider === "email";
+
   return (
     <PageContentWrapper>
       <PageHeader pageTitle={t("common.account_settings")}>
@@ -42,7 +44,11 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
           <SettingsCard
             title={t("environments.settings.profile.personal_information")}
             description={t("environments.settings.profile.update_personal_info")}>
-            <EditProfileDetailsForm emailVerificationDisabled={EMAIL_VERIFICATION_DISABLED} user={user} />
+            <EditProfileDetailsForm
+              user={user}
+              emailVerificationDisabled={EMAIL_VERIFICATION_DISABLED}
+              isPasswordResetEnabled={isPasswordResetEnabled}
+            />
           </SettingsCard>
           <SettingsCard
             title={t("common.avatar")}

apps/web/app/layout.test.tsx

@@ -31,6 +31,8 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SENTRY_RELEASE: "mock-sentry-release",
+  SENTRY_ENVIRONMENT: "mock-sentry-environment",
 }));
 
 vi.mock("@/tolgee/language", () => ({
@@ -59,9 +61,18 @@ vi.mock("@/tolgee/client", () => ({
 }));
 
 vi.mock("@/app/sentry/SentryProvider", () => ({
-  SentryProvider: ({ children, sentryDsn }: { children: React.ReactNode; sentryDsn?: string }) => (
+  SentryProvider: ({
+    children,
+    sentryDsn,
+    sentryRelease,
+  }: {
+    children: React.ReactNode;
+    sentryDsn?: string;
+    sentryRelease?: string;
+  }) => (
     <div data-testid="sentry-provider">
       SentryProvider: {sentryDsn}
+      {sentryRelease && ` - Release: ${sentryRelease}`}
       {children}
     </div>
   ),

apps/web/app/layout.tsx

@@ -1,5 +1,5 @@
 import { SentryProvider } from "@/app/sentry/SentryProvider";
-import { IS_PRODUCTION, SENTRY_DSN } from "@/lib/constants";
+import { IS_PRODUCTION, SENTRY_DSN, SENTRY_ENVIRONMENT, SENTRY_RELEASE } from "@/lib/constants";
 import { TolgeeNextProvider } from "@/tolgee/client";
 import { getLocale } from "@/tolgee/language";
 import { getTolgee } from "@/tolgee/server";
@@ -25,7 +25,11 @@ const RootLayout = async ({ children }: { children: React.ReactNode }) => {
   return (
     <html lang={locale} translate="no">
       <body className="flex h-dvh flex-col transition-all ease-in-out">
-        <SentryProvider sentryDsn={SENTRY_DSN} isEnabled={IS_PRODUCTION}>
+        <SentryProvider
+          sentryDsn={SENTRY_DSN}
+          sentryRelease={SENTRY_RELEASE}
+          sentryEnvironment={SENTRY_ENVIRONMENT}
+          isEnabled={IS_PRODUCTION}>
           <TolgeeNextProvider language={locale} staticData={staticData as unknown as TolgeeStaticData}>
             {children}
           </TolgeeNextProvider>

apps/web/app/sentry/SentryProvider.test.tsx

@@ -48,6 +48,24 @@ describe("SentryProvider", () => {
     );
   });
 
+  test("calls Sentry.init with sentryRelease when provided", () => {
+    const initSpy = vi.spyOn(Sentry, "init").mockImplementation(() => undefined);
+    const testRelease = "v1.2.3";
+
+    render(
+      <SentryProvider sentryDsn={sentryDsn} sentryRelease={testRelease} isEnabled>
+        <div data-testid="child">Test Content</div>
+      </SentryProvider>
+    );
+
+    expect(initSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        dsn: sentryDsn,
+        release: testRelease,
+      })
+    );
+  });
+
   test("does not call Sentry.init when sentryDsn is not provided", () => {
     const initSpy = vi.spyOn(Sentry, "init").mockImplementation(() => undefined);
 

apps/web/app/sentry/SentryProvider.tsx

@@ -6,14 +6,24 @@ import { useEffect } from "react";
 interface SentryProviderProps {
   children: React.ReactNode;
   sentryDsn?: string;
+  sentryRelease?: string;
+  sentryEnvironment?: string;
   isEnabled?: boolean;
 }
 
-export const SentryProvider = ({ children, sentryDsn, isEnabled }: SentryProviderProps) => {
+export const SentryProvider = ({
+  children,
+  sentryDsn,
+  sentryRelease,
+  sentryEnvironment,
+  isEnabled,
+}: SentryProviderProps) => {
   useEffect(() => {
     if (sentryDsn && isEnabled) {
       Sentry.init({
         dsn: sentryDsn,
+        release: sentryRelease,
+        environment: sentryEnvironment,
 
         // No tracing while Sentry doesn't update to telemetry 2.0.0 - https://github.com/getsentry/sentry-javascript/issues/15737
         tracesSampleRate: 0,

apps/web/lib/constants.ts

@@ -233,8 +233,8 @@ export enum STRIPE_PROJECT_NAMES {
 }
 
 export enum STRIPE_PRICE_LOOKUP_KEYS {
-  STARTUP_MONTHLY = "formbricks_startup_monthly",
-  STARTUP_YEARLY = "formbricks_startup_yearly",
+  STARTUP_MAY25_MONTHLY = "STARTUP_MAY25_MONTHLY",
+  STARTUP_MAY25_YEARLY = "STARTUP_MAY25_YEARLY",
   SCALE_MONTHLY = "formbricks_scale_monthly",
   SCALE_YEARLY = "formbricks_scale_yearly",
 }
@@ -273,6 +273,24 @@ export const RECAPTCHA_SITE_KEY = env.RECAPTCHA_SITE_KEY;
 export const RECAPTCHA_SECRET_KEY = env.RECAPTCHA_SECRET_KEY;
 export const IS_RECAPTCHA_CONFIGURED = Boolean(RECAPTCHA_SITE_KEY && RECAPTCHA_SECRET_KEY);
 
+// Use the app version for Sentry release (updated during build in production)
+// Fallback to environment variable if package.json is not accessible
+export const SENTRY_RELEASE = (() => {
+  if (process.env.NODE_ENV !== "production") {
+    return undefined;
+  }
+
+  // Try to read from package.json with proper error handling
+  try {
+    const pkg = require("../package.json");
+    return pkg.version === "0.0.0" ? undefined : `v${pkg.version}`;
+  } catch {
+    // If package.json can't be read (e.g., in some deployment scenarios),
+    // return undefined and let Sentry work without release tracking
+    return undefined;
+  }
+})();
+export const SENTRY_ENVIRONMENT = env.SENTRY_ENVIRONMENT;
 export const SENTRY_DSN = env.SENTRY_DSN;
 
 export const PROMETHEUS_ENABLED = env.PROMETHEUS_ENABLED === "1";

apps/web/lib/env.ts

@@ -127,6 +127,7 @@ export const env = createEnv({
       .string()
       .transform((val) => parseInt(val))
       .optional(),
+    SENTRY_ENVIRONMENT: z.string().optional(),
   },
 
   /*
@@ -225,5 +226,6 @@ export const env = createEnv({
     AUDIT_LOG_ENABLED: process.env.AUDIT_LOG_ENABLED,
     AUDIT_LOG_GET_USER_IP: process.env.AUDIT_LOG_GET_USER_IP,
     SESSION_MAX_AGE: process.env.SESSION_MAX_AGE,
+    SENTRY_ENVIRONMENT: process.env.SENTRY_ENVIRONMENT,
   },
 });

apps/web/modules/account/components/DeleteAccountModal/index.test.tsx

@@ -1,4 +1,3 @@
-import { FORMBRICKS_ENVIRONMENT_ID_LS } from "@/lib/localStorage";
 import { cleanup, fireEvent, render, screen, waitFor } from "@testing-library/react";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { TOrganization } from "@formbricks/types/organizations";
@@ -100,8 +99,6 @@ describe("DeleteAccountModal", () => {
       />
     );
 
-    const removeItemSpy = vi.spyOn(window.localStorage, "removeItem");
-
     const input = screen.getByTestId("deleteAccountConfirmation");
     fireEvent.change(input, { target: { value: mockUser.email } });
 
@@ -113,8 +110,8 @@ describe("DeleteAccountModal", () => {
       expect(mockSignOut).toHaveBeenCalledWith({
         reason: "account_deletion",
         redirect: false, // Updated to match new implementation
+        clearEnvironmentId: true,
       });
-      expect(removeItemSpy).toHaveBeenCalledWith(FORMBRICKS_ENVIRONMENT_ID_LS);
       expect(window.location.replace).toHaveBeenCalledWith("/auth/login");
       expect(mockSetOpen).toHaveBeenCalledWith(false);
     });
@@ -151,15 +148,13 @@ describe("DeleteAccountModal", () => {
     const form = screen.getByTestId("deleteAccountForm");
     fireEvent.submit(form);
 
-    const removeItemSpy = vi.spyOn(window.localStorage, "removeItem");
-
     await waitFor(() => {
       expect(deleteUserAction).toHaveBeenCalled();
       expect(mockSignOut).toHaveBeenCalledWith({
         reason: "account_deletion",
         redirect: false, // Updated to match new implementation
+        clearEnvironmentId: true,
       });
-      expect(removeItemSpy).toHaveBeenCalledWith(FORMBRICKS_ENVIRONMENT_ID_LS);
       expect(window.location.replace).toHaveBeenCalledWith(
         "https://app.formbricks.com/s/clri52y3z8f221225wjdhsoo2"
       );

apps/web/modules/account/components/DeleteAccountModal/index.tsx

@@ -1,6 +1,5 @@
 "use client";
 
-import { FORMBRICKS_ENVIRONMENT_ID_LS } from "@/lib/localStorage";
 import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { DeleteDialog } from "@/modules/ui/components/delete-dialog";
 import { Input } from "@/modules/ui/components/input";
@@ -39,12 +38,11 @@ export const DeleteAccountModal = ({
       setDeleting(true);
       await deleteUserAction();
 
-      localStorage.removeItem(FORMBRICKS_ENVIRONMENT_ID_LS);
-
       // Sign out with account deletion reason (no automatic redirect)
       await signOutWithAudit({
         reason: "account_deletion",
         redirect: false, // Prevent NextAuth automatic redirect
+        clearEnvironmentId: true,
       });
 
       // Manual redirect after signOut completes

apps/web/modules/auth/actions/sign-out.ts

@@ -13,7 +13,13 @@ export const logSignOutAction = async (
   userId: string,
   userEmail: string,
   context: {
-    reason?: "user_initiated" | "account_deletion" | "email_change" | "session_timeout" | "forced_logout";
+    reason?:
+      | "user_initiated"
+      | "account_deletion"
+      | "email_change"
+      | "session_timeout"
+      | "forced_logout"
+      | "password_reset";
     redirectUrl?: string;
     organizationId?: string;
   }

apps/web/modules/auth/forgot-password/actions.ts

@@ -1,9 +1,11 @@
 "use server";
 
+import { PASSWORD_RESET_DISABLED } from "@/lib/constants";
 import { actionClient } from "@/lib/utils/action-client";
 import { getUserByEmail } from "@/modules/auth/lib/user";
 import { sendForgotPasswordEmail } from "@/modules/email";
 import { z } from "zod";
+import { OperationNotAllowedError } from "@formbricks/types/errors";
 import { ZUserEmail } from "@formbricks/types/user";
 
 const ZForgotPasswordAction = z.object({
@@ -13,9 +15,15 @@ const ZForgotPasswordAction = z.object({
 export const forgotPasswordAction = actionClient
   .schema(ZForgotPasswordAction)
   .action(async ({ parsedInput }) => {
+    if (PASSWORD_RESET_DISABLED) {
+      throw new OperationNotAllowedError("Password reset is disabled");
+    }
+
     const user = await getUserByEmail(parsedInput.email);
-    if (user) {
+
+    if (user && user.identityProvider === "email") {
       await sendForgotPasswordEmail(user);
     }
+
     return { success: true };
   });

apps/web/modules/auth/hooks/use-sign-out.ts

@@ -1,13 +1,21 @@
+import { FORMBRICKS_ENVIRONMENT_ID_LS } from "@/lib/localStorage";
 import { logSignOutAction } from "@/modules/auth/actions/sign-out";
 import { signOut } from "next-auth/react";
 import { logger } from "@formbricks/logger";
 
 interface UseSignOutOptions {
-  reason?: "user_initiated" | "account_deletion" | "email_change" | "session_timeout" | "forced_logout";
+  reason?:
+    | "user_initiated"
+    | "account_deletion"
+    | "email_change"
+    | "session_timeout"
+    | "forced_logout"
+    | "password_reset";
   redirectUrl?: string;
   organizationId?: string;
   redirect?: boolean;
   callbackUrl?: string;
+  clearEnvironmentId?: boolean;
 }
 
 interface SessionUser {
@@ -36,6 +44,10 @@ export const useSignOut = (sessionUser?: SessionUser | null) => {
       }
     }
 
+    if (options?.clearEnvironmentId) {
+      localStorage.removeItem(FORMBRICKS_ENVIRONMENT_ID_LS);
+    }
+
     // Call NextAuth signOut
     return await signOut({
       redirect: options?.redirect,

apps/web/modules/auth/lib/user.ts

@@ -78,6 +78,7 @@ export const getUserByEmail = reactCache(async (email: string) => {
         email: true,
         emailVerified: true,
         isActive: true,
+        identityProvider: true,
       },
     });
 

apps/web/modules/auth/lib/utils.ts

@@ -283,7 +283,13 @@ export const logSignOut = (
   userId: string,
   userEmail: string,
   context?: {
-    reason?: "user_initiated" | "account_deletion" | "email_change" | "session_timeout" | "forced_logout";
+    reason?:
+      | "user_initiated"
+      | "account_deletion"
+      | "email_change"
+      | "session_timeout"
+      | "forced_logout"
+      | "password_reset";
     redirectUrl?: string;
     organizationId?: string;
   }

apps/web/modules/ee/audit-logs/types/audit-log.ts

@@ -50,6 +50,7 @@ export const ZAuditAction = z.enum([
   "twoFactorRequired",
   "emailVerificationAttempted",
   "userSignedOut",
+  "passwordReset",
 ]);
 export const ZActor = z.enum(["user", "api", "system"]);
 export const ZAuditStatus = z.enum(["success", "failure"]);

apps/web/modules/ee/billing/api/lib/constants.ts

@@ -1,87 +1,87 @@
 import { TFnType } from "@tolgee/react";
 
-export const getCloudPricingData = (t: TFnType) => {
-  return {
-    plans: [
-      {
-        name: t("environments.settings.billing.free"),
-        id: "free",
-        featured: false,
-        description: t("environments.settings.billing.free_description"),
-        price: { monthly: "$0", yearly: "$0" },
-        mainFeatures: [
-          t("environments.settings.billing.unlimited_surveys"),
-          t("environments.settings.billing.unlimited_team_members"),
-          t("environments.settings.billing.3_projects"),
-          t("environments.settings.billing.1500_monthly_responses"),
-          t("environments.settings.billing.2000_monthly_identified_users"),
-          t("environments.settings.billing.website_surveys"),
-          t("environments.settings.billing.app_surveys"),
-          t("environments.settings.billing.unlimited_apps_websites"),
-          t("environments.settings.billing.link_surveys"),
-          t("environments.settings.billing.email_embedded_surveys"),
-          t("environments.settings.billing.logic_jumps_hidden_fields_recurring_surveys"),
-          t("environments.settings.billing.api_webhooks"),
-          t("environments.settings.billing.all_integrations"),
-          t("environments.settings.billing.all_surveying_features"),
-        ],
-        href: "https://app.formbricks.com/auth/signup?plan=free",
-      },
-      {
-        name: t("environments.settings.billing.startup"),
-        id: "startup",
-        featured: false,
-        description: t("environments.settings.billing.startup_description"),
-        price: { monthly: "$39", yearly: "$390 " },
-        mainFeatures: [
-          t("environments.settings.billing.everything_in_free"),
-          t("environments.settings.billing.unlimited_surveys"),
-          t("environments.settings.billing.remove_branding"),
-          t("environments.settings.billing.email_support"),
-          t("environments.settings.billing.3_projects"),
-          t("environments.settings.billing.5000_monthly_responses"),
-          t("environments.settings.billing.7500_monthly_identified_users"),
-        ],
-        href: "https://app.formbricks.com/auth/signup?plan=startup",
-      },
-      {
-        name: t("environments.settings.billing.scale"),
-        id: "scale",
-        featured: true,
-        description: t("environments.settings.billing.scale_description"),
-        price: { monthly: "$149", yearly: "$1,490" },
-        mainFeatures: [
-          t("environments.settings.billing.everything_in_startup"),
-          t("environments.settings.billing.team_access_roles"),
-          t("environments.settings.billing.multi_language_surveys"),
-          t("environments.settings.billing.advanced_targeting"),
-          t("environments.settings.billing.priority_support"),
-          t("environments.settings.billing.5_projects"),
-          t("environments.settings.billing.10000_monthly_responses"),
-          t("environments.settings.billing.30000_monthly_identified_users"),
-        ],
-        href: "https://app.formbricks.com/auth/signup?plan=scale",
-      },
-      {
-        name: t("environments.settings.billing.enterprise"),
-        id: "enterprise",
-        featured: false,
-        description: t("environments.settings.billing.enterprise_description"),
-        price: {
-          monthly: t("environments.settings.billing.say_hi"),
-          yearly: t("environments.settings.billing.say_hi"),
-        },
-        mainFeatures: [
-          t("environments.settings.billing.everything_in_scale"),
-          t("environments.settings.billing.custom_project_limit"),
-          t("environments.settings.billing.custom_miu_limit"),
-          t("environments.settings.billing.premium_support_with_slas"),
-          t("environments.settings.billing.uptime_sla_99"),
-          t("environments.settings.billing.customer_success_manager"),
-          t("environments.settings.billing.technical_onboarding"),
-        ],
-        href: "https://cal.com/johannes/enterprise-cloud",
-      },
+export type TPricingPlan = {
+  id: string;
+  name: string;
+  featured: boolean;
+  CTA?: string;
+  description: string;
+  price: {
+    monthly: string;
+    yearly: string;
+  };
+  mainFeatures: string[];
+  href?: string;
+};
+
+export const getCloudPricingData = (t: TFnType): { plans: TPricingPlan[] } => {
+  const freePlan: TPricingPlan = {
+    id: "free",
+    name: t("environments.settings.billing.free"),
+    featured: false,
+    description: t("environments.settings.billing.free_description"),
+    price: { monthly: "$0", yearly: "$0" },
+    mainFeatures: [
+      t("environments.settings.billing.unlimited_surveys"),
+      t("environments.settings.billing.1000_monthly_responses"),
+      t("environments.settings.billing.2000_contacts"),
+      t("environments.settings.billing.1_project"),
+      t("environments.settings.billing.unlimited_team_members"),
+      t("environments.settings.billing.link_surveys"),
+      t("environments.settings.billing.website_surveys"),
+      t("environments.settings.billing.app_surveys"),
+      t("environments.settings.billing.ios_android_sdks"),
+      t("environments.settings.billing.email_embedded_surveys"),
+      t("environments.settings.billing.logic_jumps_hidden_fields_recurring_surveys"),
+      t("environments.settings.billing.api_webhooks"),
+      t("environments.settings.billing.all_integrations"),
+      t("environments.settings.billing.hosted_in_frankfurt") + "  🇪🇺",
     ],
   };
+
+  const startupPlan: TPricingPlan = {
+    id: "startup",
+    name: t("environments.settings.billing.startup"),
+    featured: true,
+    CTA: t("common.start_free_trial"),
+    description: t("environments.settings.billing.startup_description"),
+    price: { monthly: "$49", yearly: "$490" },
+    mainFeatures: [
+      t("environments.settings.billing.everything_in_free"),
+      t("environments.settings.billing.5000_monthly_responses"),
+      t("environments.settings.billing.7500_contacts"),
+      t("environments.settings.billing.3_projects"),
+      t("environments.settings.billing.remove_branding"),
+      t("environments.settings.billing.email_follow_ups"),
+      t("environments.settings.billing.attribute_based_targeting"),
+    ],
+  };
+
+  const customPlan: TPricingPlan = {
+    id: "enterprise",
+    name: t("environments.settings.billing.custom"),
+    featured: false,
+    CTA: t("common.request_pricing"),
+    description: t("environments.settings.billing.enterprise_description"),
+    price: {
+      monthly: t("environments.settings.billing.custom"),
+      yearly: t("environments.settings.billing.custom"),
+    },
+    mainFeatures: [
+      t("environments.settings.billing.everything_in_startup"),
+      t("environments.settings.billing.custom_response_limit"),
+      t("environments.settings.billing.custom_contacts_limit"),
+      t("environments.settings.billing.custom_project_limit"),
+      t("environments.settings.billing.team_access_roles"),
+      t("environments.project.languages.multi_language_surveys"),
+      t("environments.settings.enterprise.saml_sso"),
+      t("environments.settings.billing.uptime_sla_99"),
+      t("environments.settings.billing.premium_support_with_slas"),
+    ],
+    href: "https://app.formbricks.com/s/cm7k8esy20001jp030fh8a9o5?source=billingView&delivery=cloud",
+  };
+
+  return {
+    plans: [freePlan, startupPlan, customPlan],
+  };
 };

apps/web/modules/ee/billing/components/pricing-card.tsx

@@ -8,19 +8,10 @@ import { useTranslate } from "@tolgee/react";
 import { CheckIcon } from "lucide-react";
 import { useMemo, useState } from "react";
 import { TOrganization, TOrganizationBillingPeriod } from "@formbricks/types/organizations";
+import { TPricingPlan } from "../api/lib/constants";
 
 interface PricingCardProps {
-  plan: {
-    id: string;
-    name: string;
-    featured: boolean;
-    price: {
-      monthly: string;
-      yearly: string;
-    };
-    mainFeatures: string[];
-    href: string;
-  };
+  plan: TPricingPlan;
   planPeriod: TOrganizationBillingPeriod;
   organization: TOrganization;
   onUpgrade: () => Promise<void>;
@@ -28,7 +19,6 @@ interface PricingCardProps {
   projectFeatureKeys: {
     FREE: string;
     STARTUP: string;
-    SCALE: string;
     ENTERPRISE: string;
   };
 }
@@ -72,18 +62,33 @@ export const PricingCard = ({
       return null;
     }
 
-    if (plan.id !== projectFeatureKeys.ENTERPRISE && plan.id !== projectFeatureKeys.FREE) {
+    if (plan.id === projectFeatureKeys.ENTERPRISE) {
+      return (
+        <Button
+          variant="outline"
+          loading={loading}
+          onClick={() => {
+            window.open(plan.href, "_blank", "noopener,noreferrer");
+          }}
+          className="flex justify-center bg-white">
+          {t(plan.CTA ?? "common.request_pricing")}
+        </Button>
+      );
+    }
+
+    if (plan.id === projectFeatureKeys.STARTUP) {
       if (organization.billing.plan === projectFeatureKeys.FREE) {
         return (
           <Button
             loading={loading}
+            variant="default"
             onClick={async () => {
               setLoading(true);
               await onUpgrade();
               setLoading(false);
             }}
             className="flex justify-center">
-            {t("common.start_free_trial")}
+            {t(plan.CTA ?? "common.start_free_trial")}
           </Button>
         );
       }
@@ -100,15 +105,20 @@ export const PricingCard = ({
       );
     }
 
-    return <></>;
+    return null;
   }, [
     isCurrentPlan,
     loading,
     onUpgrade,
     organization.billing.plan,
+    plan.CTA,
+    plan.featured,
+    plan.href,
     plan.id,
     projectFeatureKeys.ENTERPRISE,
     projectFeatureKeys.FREE,
+    projectFeatureKeys.STARTUP,
+    t,
   ]);
 
   return (
@@ -147,7 +157,7 @@ export const PricingCard = ({
                   : plan.price.yearly
                 : t(plan.price.monthly)}
             </p>
-            {plan.name !== "Enterprise" && (
+            {plan.id !== projectFeatureKeys.ENTERPRISE && (
               <div className="text-sm leading-5">
                 <p className={plan.featured ? "text-slate-700" : "text-slate-600"}>
                   / {planPeriod === "monthly" ? "Month" : "Year"}
@@ -171,16 +181,9 @@ export const PricingCard = ({
               {t("environments.settings.billing.manage_subscription")}
             </Button>
           )}
-
-          {organization.billing.plan !== plan.id && plan.id === projectFeatureKeys.ENTERPRISE && (
-            <Button loading={loading} onClick={() => onUpgrade()} className="flex justify-center">
-              {t("environments.settings.billing.contact_us")}
-            </Button>
-          )}
         </div>
         <div className="mt-8 flow-root sm:mt-10">
           <ul
-            role="list"
             className={cn(
               plan.featured
                 ? "divide-slate-900/5 border-slate-900/5 text-slate-600"
@@ -193,7 +196,6 @@ export const PricingCard = ({
                   className={cn(plan.featured ? "text-brand-dark" : "text-slate-500", "h-6 w-5 flex-none")}
                   aria-hidden="true"
                 />
-
                 {t(mainFeature)}
               </li>
             ))}

apps/web/modules/ee/billing/components/pricing-table.tsx

@@ -21,15 +21,12 @@ interface PricingTableProps {
   responseCount: number;
   projectCount: number;
   stripePriceLookupKeys: {
-    STARTUP_MONTHLY: string;
-    STARTUP_YEARLY: string;
-    SCALE_MONTHLY: string;
-    SCALE_YEARLY: string;
+    STARTUP_MAY25_MONTHLY: string;
+    STARTUP_MAY25_YEARLY: string;
   };
   projectFeatureKeys: {
     FREE: string;
     STARTUP: string;
-    SCALE: string;
     ENTERPRISE: string;
   };
   hasBillingRights: boolean;
@@ -102,35 +99,32 @@ export const PricingTable = ({
         throw new Error(t("common.something_went_wrong_please_try_again"));
       }
     } catch (err) {
-      toast.error(t("environments.settings.billing.unable_to_upgrade_plan"));
+      if (err instanceof Error) {
+        toast.error(err.message);
+      } else {
+        toast.error(t("environments.settings.billing.unable_to_upgrade_plan"));
+      }
     }
   };
 
   const onUpgrade = async (planId: string) => {
-    if (planId === "scale") {
-      await upgradePlan(
-        planPeriod === "monthly" ? stripePriceLookupKeys.SCALE_MONTHLY : stripePriceLookupKeys.SCALE_YEARLY
-      );
-      return;
-    }
-
     if (planId === "startup") {
       await upgradePlan(
         planPeriod === "monthly"
-          ? stripePriceLookupKeys.STARTUP_MONTHLY
-          : stripePriceLookupKeys.STARTUP_YEARLY
+          ? stripePriceLookupKeys.STARTUP_MAY25_MONTHLY
+          : stripePriceLookupKeys.STARTUP_MAY25_YEARLY
       );
       return;
     }
 
-    if (planId === "enterprise") {
-      window.location.href = "https://cal.com/johannes/license";
+    if (planId === "custom") {
+      window.location.href =
+        "https://app.formbricks.com/s/cm7k8esy20001jp030fh8a9o5?source=billingView&delivery=cloud";
       return;
     }
 
     if (planId === "free") {
       toast.error(t("environments.settings.billing.everybody_has_the_free_plan_by_default"));
-      return;
     }
   };
 
@@ -233,7 +227,7 @@ export const PricingTable = ({
 
             <div
               className={cn(
-                "relative mx-8 flex flex-col gap-4 pb-12",
+                "relative mx-8 flex flex-col gap-4 pb-6",
                 projectsUnlimitedCheck && "mb-0 mt-4 flex-row pb-0"
               )}>
               <p className="text-md font-semibold text-slate-700">{t("common.projects")}</p>
@@ -282,7 +276,7 @@ export const PricingTable = ({
                   </span>
                 </button>
               </div>
-              <div className="relative mx-auto grid max-w-md grid-cols-1 gap-y-8 lg:mx-0 lg:-mb-14 lg:max-w-none lg:grid-cols-4">
+              <div className="relative mx-auto grid max-w-md grid-cols-1 gap-y-8 lg:mx-0 lg:-mb-14 lg:max-w-none lg:grid-cols-3">
                 <div
                   className="hidden lg:absolute lg:inset-x-px lg:bottom-0 lg:top-4 lg:block lg:rounded-xl lg:rounded-t-2xl lg:border lg:border-slate-200 lg:bg-slate-100 lg:pb-8 lg:ring-1 lg:ring-white/10"
                   aria-hidden="true"

apps/web/modules/email/components/preview-email-template.tsx

@@ -60,11 +60,7 @@ const getRatingContent = (scale: string, i: number, range: number, isColorCoding
     );
   }
   if (scale === "number") {
-    return (
-      <Text className="m-0 h-[44px] text-center text-[14px] leading-[44px]">
-        {i + 1}
-      </Text>
-    );
+    return <Text className="m-0 h-[44px] text-center text-[14px] leading-[44px]">{i + 1}</Text>;
   }
   if (scale === "star") {
     return <Text className="m-auto text-3xl">⭐</Text>;
@@ -232,8 +228,8 @@ export async function PreviewEmailTemplate({
                           { "rounded-l-lg border-l": i === 0 },
                           { "rounded-r-lg": i === firstQuestion.range - 1 },
                           firstQuestion.isColorCodingEnabled &&
-                          firstQuestion.scale === "number" &&
-                          `border border-t-[6px] border-t-${getRatingNumberOptionColor(firstQuestion.range, i + 1)}`,
+                            firstQuestion.scale === "number" &&
+                            `border border-t-[6px] border-t-${getRatingNumberOptionColor(firstQuestion.range, i + 1)}`,
                           firstQuestion.scale === "star" && "border-transparent"
                         )}
                         href={`${urlWithPrefilling}${firstQuestion.id}=${(i + 1).toString()}`}

apps/web/modules/survey/components/question-form-input/index.tsx

@@ -129,9 +129,9 @@ export const QuestionFormInput = ({
       (question &&
         (id.includes(".")
           ? // Handle nested properties
-          (question[id.split(".")[0] as keyof TSurveyQuestion] as any)?.[id.split(".")[1]]
+            (question[id.split(".")[0] as keyof TSurveyQuestion] as any)?.[id.split(".")[1]]
           : // Original behavior
-          (question[id as keyof TSurveyQuestion] as TI18nString))) ||
+            (question[id as keyof TSurveyQuestion] as TI18nString))) ||
       createI18nString("", surveyLanguageCodes)
     );
   }, [
@@ -351,8 +351,9 @@ export const QuestionFormInput = ({
                         <div className="h-10 w-full"></div>
                         <div
                           ref={highlightContainerRef}
-                          className={`no-scrollbar absolute top-0 z-0 mt-0.5 flex h-10 w-full overflow-scroll whitespace-nowrap px-3 py-2 text-center text-sm text-transparent ${localSurvey.languages?.length > 1 ? "pr-24" : ""
-                            }`}
+                          className={`no-scrollbar absolute top-0 z-0 mt-0.5 flex h-10 w-full overflow-scroll whitespace-nowrap px-3 py-2 text-center text-sm text-transparent ${
+                            localSurvey.languages?.length > 1 ? "pr-24" : ""
+                          }`}
                           dir="auto"
                           key={highlightedJSX.toString()}>
                           {highlightedJSX}
@@ -379,8 +380,9 @@ export const QuestionFormInput = ({
                           maxLength={maxLength}
                           ref={inputRef}
                           onBlur={onBlur}
-                          className={`absolute top-0 text-black caret-black ${localSurvey.languages?.length > 1 ? "pr-24" : ""
-                            } ${className}`}
+                          className={`absolute top-0 text-black caret-black ${
+                            localSurvey.languages?.length > 1 ? "pr-24" : ""
+                          } ${className}`}
                           isInvalid={
                             isInvalid &&
                             text[usedLanguageCode]?.trim() === "" &&

apps/web/modules/survey/editor/components/end-screen-form.tsx

@@ -42,7 +42,7 @@ export const EndScreenForm = ({
 
   const [showEndingCardCTA, setshowEndingCardCTA] = useState<boolean>(
     endingCard.type === "endScreen" &&
-    (!!getLocalizedValue(endingCard.buttonLabel, selectedLanguageCode) || !!endingCard.buttonLink)
+      (!!getLocalizedValue(endingCard.buttonLabel, selectedLanguageCode) || !!endingCard.buttonLink)
   );
   return (
     <form>

apps/web/modules/ui/components/client-logout/index.test.tsx

@@ -3,14 +3,6 @@ import { render } from "@testing-library/react";
 import { type MockedFunction, beforeEach, describe, expect, test, vi } from "vitest";
 import { ClientLogout } from "./index";
 
-// Mock the localStorage
-const mockRemoveItem = vi.fn();
-Object.defineProperty(window, "localStorage", {
-  value: {
-    removeItem: mockRemoveItem,
-  },
-});
-
 // Mock next-auth/react
 const mockSignOut = vi.fn();
 vi.mock("@/modules/auth/hooks/use-sign-out", () => ({
@@ -37,6 +29,7 @@ describe("ClientLogout", () => {
       redirectUrl: "/auth/login",
       redirect: false,
       callbackUrl: "/auth/login",
+      clearEnvironmentId: true,
     });
   });
 
@@ -50,14 +43,10 @@ describe("ClientLogout", () => {
       redirectUrl: "/auth/login",
       redirect: false,
       callbackUrl: "/auth/login",
+      clearEnvironmentId: true,
     });
   });
 
-  test("removes environment ID from localStorage", () => {
-    render(<ClientLogout />);
-    expect(mockRemoveItem).toHaveBeenCalledWith("formbricks-environment-id");
-  });
-
   test("renders null", () => {
     const { container } = render(<ClientLogout />);
     expect(container.firstChild).toBeNull();

apps/web/modules/ui/components/client-logout/index.tsx

@@ -1,6 +1,5 @@
 "use client";
 
-import { FORMBRICKS_ENVIRONMENT_ID_LS } from "@/lib/localStorage";
 import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { useEffect } from "react";
 
@@ -8,12 +7,12 @@ export const ClientLogout = () => {
   const { signOut: signOutWithAudit } = useSignOut();
 
   useEffect(() => {
-    localStorage.removeItem(FORMBRICKS_ENVIRONMENT_ID_LS);
     signOutWithAudit({
       reason: "forced_logout",
       redirectUrl: "/auth/login",
       redirect: false,
       callbackUrl: "/auth/login",
+      clearEnvironmentId: true,
     });
   });
   return null;

apps/web/next.config.mjs

@@ -20,7 +20,7 @@ const nextConfig = {
   cacheMaxMemorySize: 0, // disable default in-memory caching
   output: "standalone",
   poweredByHeader: false,
-  productionBrowserSourceMaps: false,
+  productionBrowserSourceMaps: true,
   serverExternalPackages: ["@aws-sdk", "@opentelemetry/instrumentation", "pino", "pino-pretty"],
   outputFileTracingIncludes: {
     "/api/auth/**/*": ["../../node_modules/jose/**/*"],
@@ -425,6 +425,7 @@ const sentryOptions = {
 
   org: "formbricks",
   project: "formbricks-cloud",
+  environment: process.env.SENTRY_ENVIRONMENT,
 
   // Only print logs for uploading source maps in CI
   silent: true,
@@ -434,11 +435,23 @@ const sentryOptions = {
 
   // Automatically tree-shake Sentry logger statements to reduce bundle size
   disableLogger: true,
+
+  // Disable automatic release management
+  automaticVercelMonitors: false,
+  autoUploadSourceMaps: false,
+  hideSourceMaps: false,
+  
+  // Don't automatically create releases - we handle this in GitHub Actions
+  release: {
+    create: false,
+    deploy: false,
+    setCommits: false,
+  },
 };
 
 const exportConfig =
-  process.env.SENTRY_DSN && process.env.NODE_ENV === "production"
-    ? withSentryConfig(nextConfig, sentryOptions)
-    : nextConfig;
+  (process.env.SENTRY_DSN && process.env.NODE_ENV === "production")
+    ? withSentryConfig(nextConfig, sentryOptions) :
+    nextConfig;
 
 export default exportConfig;

apps/web/package.json

@@ -14,7 +14,7 @@
     "test": "dotenv -e ../../.env -- vitest run",
     "test:coverage": "dotenv -e ../../.env -- vitest run --coverage",
     "generate-api-specs": "dotenv -e ../../.env tsx ./modules/api/v2/openapi-document.ts > ../../docs/api-v2-reference/openapi.yml",
-    "merge-client-endpoints": "tsx ./scripts/merge-client-endpoints.ts",
+    "merge-client-endpoints": "tsx ./scripts/openapi/merge-client-endpoints.ts",
     "generate-and-merge-api-specs": "npm run generate-api-specs && npm run merge-client-endpoints"
   },
   "dependencies": {

apps/web/scripts/docker/next-start.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -eu
+export NODE_ENV=production
+if [ "${DOCKER_CRON_ENABLED:-1}" = "1" ]; then
+  echo "Starting cron jobs...";
+  supercronic -quiet /app/docker/cronjobs &
+else
+  echo "Docker cron jobs are disabled via DOCKER_CRON_ENABLED=0";
+fi;
+(cd packages/database && npm run db:migrate:deploy) &&
+(cd packages/database && npm run db:create-saml-database:deploy) &&
+exec node apps/web/server.js

apps/web/scripts/docker/read-secrets.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -eu
+if [ -f "/run/secrets/database_url" ]; then
+  export DATABASE_URL=$(cat /run/secrets/database_url)
+else
+  echo "DATABASE_URL secret not found. Build may fail if this is required."
+fi
+
+if [ -f "/run/secrets/encryption_key" ]; then
+  export ENCRYPTION_KEY=$(cat /run/secrets/encryption_key)
+else
+  echo "ENCRYPTION_KEY secret not found. Build may fail if this is required."
+fi
+
+exec "$@" 

apps/web/sentry.edge.config.ts

@@ -2,7 +2,7 @@
 // The config you add here will be used whenever one of the edge features is loaded.
 // Note that this config is unrelated to the Vercel Edge Runtime and is also required when running locally.
 // https://docs.sentry.io/platforms/javascript/guides/nextjs/
-import { SENTRY_DSN } from "@/lib/constants";
+import { SENTRY_DSN, SENTRY_ENVIRONMENT, SENTRY_RELEASE } from "@/lib/constants";
 import * as Sentry from "@sentry/nextjs";
 import { logger } from "@formbricks/logger";
 
@@ -11,6 +11,8 @@ if (SENTRY_DSN) {
 
   Sentry.init({
     dsn: SENTRY_DSN,
+    release: SENTRY_RELEASE,
+    environment: SENTRY_ENVIRONMENT,
 
     // No tracing while Sentry doesn't update to telemetry 2.0.0 - https://github.com/getsentry/sentry-javascript/issues/15737
     tracesSampleRate: 0,

apps/web/sentry.server.config.ts

@@ -1,7 +1,7 @@
 // This file configures the initialization of Sentry on the server.
 // The config you add here will be used whenever the server handles a request.
 // https://docs.sentry.io/platforms/javascript/guides/nextjs/
-import { SENTRY_DSN } from "@/lib/constants";
+import { SENTRY_DSN, SENTRY_ENVIRONMENT, SENTRY_RELEASE } from "@/lib/constants";
 import * as Sentry from "@sentry/nextjs";
 import { logger } from "@formbricks/logger";
 
@@ -10,6 +10,8 @@ if (SENTRY_DSN) {
 
   Sentry.init({
     dsn: SENTRY_DSN,
+    release: SENTRY_RELEASE,
+    environment: SENTRY_ENVIRONMENT,
 
     // No tracing while Sentry doesn't update to telemetry 2.0.0 - https://github.com/getsentry/sentry-javascript/issues/15737
     tracesSampleRate: 0,

docker/docker-compose.yml

@@ -82,6 +82,8 @@ x-environment: &environment
     # SENTRY_DSN:
     # It's used for authentication when uploading source maps to Sentry, to make errors more readable.
     # SENTRY_AUTH_TOKEN:
+    # The SENTRY_ENVIRONMENT is used to identify the environment in Sentry.
+    # SENTRY_ENVIRONMENT:
 
     ################################################### OPTIONAL (STORAGE) ###################################################
 

docs/self-hosting/configuration/environment-variables.mdx

@@ -54,7 +54,7 @@ These variables are present inside your machine's docker-compose file. Restart t
 | STRIPE_SECRET_KEY            | Secret key for Stripe integration.                                                                                   | optional                                                |                                                                           |
 | STRIPE_WEBHOOK_SECRET        | Webhook secret for Stripe integration.                                                                               | optional                                                |                                                                           |
 | TELEMETRY_DISABLED           | Disables telemetry if set to 1.                                                                                      | optional                                                |                                                                           |
-| DEFAULT_BRAND_COLOR          | Default brand color for your app (Can be overwritten from the UI as well).                                           | optional                                                | #64748b                                                                   |
+| DEFAULT_BRAND_COLOR          | Default brand color for your app (Can be overwritten from the UI as well).                                           | optional                                                | #64748b                                                                 |
 | DEFAULT_ORGANIZATION_ID      | Automatically assign new users to a specific organization when joining                                               | optional                                                |                                                                           |
 | OIDC_DISPLAY_NAME            | Display name for Custom OpenID Connect Provider                                                                      | optional                                                |                                                                           |
 | OIDC_CLIENT_ID               | Client ID for Custom OpenID Connect Provider                                                                         | optional (required if OIDC auth is enabled)             |                                                                           |
@@ -68,6 +68,7 @@ These variables are present inside your machine's docker-compose file. Restart t
 | DOCKER_CRON_ENABLED          | Controls whether cron jobs run in the Docker image. Set to 0 to disable (useful for cluster setups).                 | optional                                                | 1                                                                         |
 | DEFAULT_TEAM_ID              | Default team ID for new users.                                                                                       | optional                                                |                                                                           |
 | SENTRY_DSN                   | Set this to track errors and monitor performance in Sentry.                                                          | optional                                                |                                                                           |
+| SENTRY_ENVIRONMENT           | Set this to identify the environment in Sentry                                                                       | optional                                                |                                                                           |
 | SENTRY_AUTH_TOKEN            | Set this if you want to make errors more readable in Sentry.                                                         | optional                                                |                                                                           |
 | SESSION_MAX_AGE              | Configure the maximum age for the session in seconds.                                                                | optional                                                | 86400 (24 hours)                                                          |
 | USER_MANAGEMENT_MINIMUM_ROLE | Set this to control which roles can access user management features. Accepted values: "owner", "manager", "disabled" | optional                                                | manager                                                                   |

packages/database/package.json

@@ -3,23 +3,41 @@
   "packageManager": "pnpm@9.15.9",
   "private": true,
   "version": "0.1.0",
-  "main": "./src/index.ts",
+  "main": "./dist/index.cjs",
+  "types": "./dist/index.d.ts",
+  "type": "module",
   "files": [
-    "src"
+    "dist",
+    "schema.prisma",
+    "migration"
   ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    },
+    "./types/*": {
+      "import": "./types/*.ts"
+    },
+    "./zod/*": {
+      "import": "./zod/*.ts"
+    }
+  },
   "scripts": {
-    "clean": "rimraf .turbo node_modules",
-    "db:migrate:deploy": "env DATABASE_URL=\"${MIGRATE_DATABASE_URL:-$DATABASE_URL}\" tsx ./src/scripts/apply-migrations.ts",
-    "db:migrate:dev": "dotenv -e ../../.env -- sh -c \"pnpm prisma generate && tsx ./src/scripts/apply-migrations.ts\"",
-    "db:create-saml-database:deploy": "env SAML_DATABASE_URL=\"${SAML_DATABASE_URL}\" tsx ./src/scripts/create-saml-database.ts",
-    "db:create-saml-database:dev": "dotenv -e ../../.env -- tsx ./src/scripts/create-saml-database.ts",
+    "clean": "rimraf .turbo node_modules dist",
+    "build": "pnpm generate && vite build",
+    "dev": "vite build --watch",
+    "db:migrate:deploy": "env DATABASE_URL=\"${MIGRATE_DATABASE_URL:-$DATABASE_URL}\" node ./dist/scripts/apply-migrations.js",
+    "db:migrate:dev": "dotenv -e ../../.env -- sh -c \"pnpm prisma generate && node ./dist/scripts/apply-migrations.js\"",
+    "db:create-saml-database:deploy": "env SAML_DATABASE_URL=\"${SAML_DATABASE_URL}\" node ./dist/scripts/create-saml-database.js",
+    "db:create-saml-database:dev": "dotenv -e ../../.env -- node ./dist/scripts/create-saml-database.js",
     "db:push": "prisma db push --accept-data-loss",
     "db:setup": "pnpm db:migrate:dev && pnpm db:create-saml-database:dev",
     "db:start": "pnpm db:setup",
     "format": "prisma format",
     "generate": "prisma generate",
     "lint": "eslint ./src --fix",
-    "build": "pnpm generate",
     "generate-data-migration": "tsx ./src/scripts/generate-data-migration.ts",
     "create-migration": "dotenv -e ../../.env -- tsx ./src/scripts/create-migration.ts"
   },
@@ -34,8 +52,11 @@
     "@formbricks/config-typescript": "workspace:*",
     "@formbricks/eslint-config": "workspace:*",
     "dotenv-cli": "8.0.0",
+    "glob": "11.0.2",
     "prisma": "6.7.0",
     "prisma-json-types-generator": "3.4.1",
-    "ts-node": "10.9.2"
+    "ts-node": "10.9.2",
+    "vite": "6.3.5",
+    "vite-plugin-dts": "4.5.3"
   }
 }

packages/database/src/client.ts

@@ -1,6 +1,6 @@
 import { PrismaClient } from "@prisma/client";
 
-const prismaClientSingleton = () => {
+const prismaClientSingleton = (): PrismaClient => {
   return new PrismaClient({
     datasources: { db: { url: process.env.DATABASE_URL } },
     ...(process.env.DEBUG === "1" && {
@@ -15,6 +15,6 @@ const globalForPrisma = globalThis as unknown as {
   prisma: PrismaClientSingleton | undefined;
 };
 
-export const prisma = globalForPrisma.prisma ?? prismaClientSingleton();
+export const prisma: PrismaClient = globalForPrisma.prisma ?? prismaClientSingleton();
 
 if (process.env.NODE_ENV !== "production") globalForPrisma.prisma = prisma;

packages/database/src/scripts/create-migration.ts

@@ -2,10 +2,14 @@ import { exec } from "node:child_process";
 import fs from "node:fs/promises";
 import path from "node:path";
 import readline from "node:readline";
+import { fileURLToPath } from "node:url";
 import { promisify } from "node:util";
 import { logger } from "@formbricks/logger";
 import { applyMigrations } from "./migration-runner";
 
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
 const execAsync = promisify(exec);
 const rl = readline.createInterface({
   input: process.stdin,

packages/database/src/scripts/generate-data-migration.ts

@@ -2,8 +2,12 @@ import { createId } from "@paralleldrive/cuid2";
 import fs from "node:fs/promises";
 import path from "node:path";
 import readline from "node:readline";
+import { fileURLToPath } from "node:url";
 import { logger } from "@formbricks/logger";
 
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
 const rl = readline.createInterface({
   input: process.stdin,
   output: process.stdout,

packages/database/src/scripts/migration-runner.ts

@@ -2,9 +2,12 @@ import { type Prisma, PrismaClient } from "@prisma/client";
 import { exec } from "node:child_process";
 import fs from "node:fs/promises";
 import path from "node:path";
+import { fileURLToPath } from "node:url";
 import { promisify } from "node:util";
 import { logger } from "@formbricks/logger";
 
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
 const execAsync = promisify(exec);
 
 export interface DataMigrationContext {
@@ -24,7 +27,12 @@ export interface MigrationScript {
 
 const prisma = new PrismaClient();
 const TRANSACTION_TIMEOUT = 30 * 60 * 1000; // 30 minutes
-const MIGRATIONS_DIR = path.resolve(__dirname, "../../migration");
+
+// Determine if we're running from built or source code
+const isBuilt = __filename.split(path.sep).includes("dist");
+const MIGRATIONS_DIR = isBuilt
+  ? path.resolve(__dirname, "../migration") // From dist/scripts to dist/migration
+  : path.resolve(__dirname, "../../migration"); // From src/scripts to migration
 const PRISMA_MIGRATIONS_DIR = path.resolve(__dirname, "../../migrations");
 
 const runMigrations = async (migrations: MigrationScript[]): Promise<void> => {
@@ -194,11 +202,13 @@ const loadMigrations = async (): Promise<MigrationScript[]> => {
     const files = await fs.readdir(migrationPath);
 
     const hasSchemaMigration = files.includes("migration.sql");
-    const hasDataMigration = files.includes("migration.ts");
+    // Check for the appropriate data migration file extension based on build status
+    const dataMigrationFileName = isBuilt ? "migration.js" : "migration.ts";
+    const hasDataMigration = files.includes(dataMigrationFileName);
 
     if (hasSchemaMigration && hasDataMigration) {
       throw new Error(
-        `Migration directory ${dirName} has both migration.sql and migration.ts. This should not happen.`
+        `Migration directory ${dirName} has both migration.sql and ${dataMigrationFileName}. This should not happen.`
       );
     }
 
@@ -233,7 +243,8 @@ const loadMigrations = async (): Promise<MigrationScript[]> => {
       }
 
       // It's a data migration, dynamically import and extract the scripts
-      const modulePath = path.join(migrationPath, "migration.ts");
+      // Use .js extension when running from built code, .ts when running from source
+      const modulePath = path.join(migrationPath, dataMigrationFileName);
       const mod = (await import(modulePath)) as Record<string, MigrationScript | undefined>;
 
       // Check each export in the module for a DataMigrationScript (type: "data")
@@ -245,7 +256,7 @@ const loadMigrations = async (): Promise<MigrationScript[]> => {
       }
     } else {
       logger.warn(
-        `Migration directory ${dirName} doesn't have migration.sql or data-migration.ts. Skipping...`
+        `Migration directory ${dirName} doesn't have migration.sql or ${dataMigrationFileName}. Skipping...`
       );
     }
   }
@@ -271,7 +282,11 @@ const loadMigrations = async (): Promise<MigrationScript[]> => {
 export async function applyMigrations(): Promise<void> {
   try {
     const allMigrations = await loadMigrations();
-    logger.info(`Loaded ${allMigrations.length.toString()} migrations from ${MIGRATIONS_DIR}`);
+    logger.info(
+      `Loaded ${allMigrations.length.toString()} migrations from ${MIGRATIONS_DIR} (source: ${
+        isBuilt ? "dist" : "src"
+      })`
+    );
     await runMigrations(allMigrations);
   } catch (error) {
     await prisma.$disconnect();

packages/database/vite.config.ts

@@ -0,0 +1,80 @@
+import { promises as fs } from "fs";
+import { glob } from "glob";
+import { dirname, resolve } from "path";
+import { Plugin, UserConfig, defineConfig } from "vite";
+import dts from "vite-plugin-dts";
+
+const copySqlMigrationsPlugin: Plugin = {
+  name: "copy-sql-migrations",
+  async writeBundle() {
+    const sqlFiles = await glob("migration/**/migration.sql", { cwd: __dirname });
+
+    await Promise.all(
+      sqlFiles.map(async (file) => {
+        const srcPath = resolve(__dirname, file);
+        const destPath = resolve(__dirname, "dist", file);
+        await fs.mkdir(dirname(destPath), { recursive: true });
+        await fs.copyFile(srcPath, destPath);
+      })
+    );
+  },
+};
+
+export default defineConfig(async (): Promise<UserConfig> => {
+  const migrationTsFiles = await glob("migration/**/migration.ts", { cwd: __dirname });
+  const migrationEntries = migrationTsFiles.reduce((acc: Record<string, string>, file: string) => {
+    const dir = dirname(file);
+    const entryName = `${dir}/migration`;
+    acc[entryName] = resolve(__dirname, file);
+    return acc;
+  }, {});
+
+  return {
+    resolve: {
+      alias: {
+        "@": resolve(__dirname, "src"),
+      },
+    },
+    build: {
+      rollupOptions: {
+        input: {
+          index: resolve(__dirname, "src/index.ts"),
+          "scripts/apply-migrations": resolve(__dirname, "src/scripts/apply-migrations.ts"),
+          "scripts/create-saml-database": resolve(__dirname, "src/scripts/create-saml-database.ts"),
+          "scripts/migration-runner": resolve(__dirname, "src/scripts/migration-runner.ts"),
+          ...migrationEntries,
+        },
+        output: [
+          {
+            format: "esm",
+            entryFileNames: "[name].js",
+            chunkFileNames: "[name].js",
+          },
+          {
+            format: "cjs",
+            entryFileNames: "[name].cjs",
+            chunkFileNames: "[name].cjs",
+          },
+        ],
+        external: [
+          // External dependencies that should not be bundled
+          "@prisma/client",
+          "zod",
+          "zod-openapi",
+          "@paralleldrive/cuid2",
+        ],
+      },
+      emptyOutDir: true,
+      ssr: true, // Server-side rendering mode for Node.js
+    },
+    plugins: [
+      dts({
+        rollupTypes: false,
+        include: ["src/**/*"],
+        exclude: ["src/**/*.test.ts", "src/**/*.spec.ts"],
+        insertTypesEntry: true,
+      }),
+      copySqlMigrationsPlugin,
+    ],
+  };
+});

packages/database/zod/surveys.ts

@@ -1,4 +1,4 @@
-import { type Survey, SurveyStatus, SurveyType } from "@prisma/client";
+import { SurveyStatus, SurveyType } from "@prisma/client";
 import { z } from "zod";
 import { extendZodWithOpenApi } from "zod-openapi";
 // eslint-disable-next-line import/no-relative-packages -- Need to import from parent package
@@ -92,10 +92,10 @@ const ZSurveyBase = z.object({
   }),
   questions: z.array(ZSurveyQuestion).openapi({
     description: "The questions of the survey",
-  }) as z.ZodType<Survey["questions"]>,
+  }),
   endings: z.array(ZSurveyEnding).default([]).openapi({
     description: "The endings of the survey",
-  }) as z.ZodType<Survey["endings"]>,
+  }),
   thankYouCard: z
     .object({
       enabled: z.boolean(),
@@ -115,7 +115,7 @@ const ZSurveyBase = z.object({
     }),
   variables: z.array(ZSurveyVariable).openapi({
     description: "Survey variables",
-  }) as z.ZodType<Survey["variables"]>,
+  }),
   displayOption: z.enum(["displayOnce", "displayMultiple", "displaySome", "respondMultiple"]).openapi({
     description: "Display options for the survey",
   }),
@@ -219,10 +219,10 @@ const ZSurveyBase = z.object({
   }),
   displayPercentage: z.number().nullable().openapi({
     description: "The display percentage of the survey",
-  }) as z.ZodType<Survey["displayPercentage"]>,
+  }),
 });
 
-export const ZSurvey = ZSurveyBase satisfies z.ZodType<Survey>;
+export const ZSurvey = ZSurveyBase;
 
 export const ZSurveyWithoutQuestionType = ZSurveyBase.omit({
   questions: true,

pnpm-lock.yaml

@@ -645,6 +645,9 @@ importers:
       dotenv-cli:
         specifier: 8.0.0
         version: 8.0.0
+      glob:
+        specifier: 11.0.2
+        version: 11.0.2
       prisma:
         specifier: 6.7.0
         version: 6.7.0(typescript@5.8.3)
@@ -654,6 +657,12 @@ importers:
       ts-node:
         specifier: 10.9.2
         version: 10.9.2(@types/node@22.15.18)(typescript@5.8.3)
+      vite:
+        specifier: 6.3.5
+        version: 6.3.5(@types/node@22.15.18)(jiti@2.4.2)(terser@5.39.1)(tsx@4.19.4)(yaml@2.8.0)
+      vite-plugin-dts:
+        specifier: 4.5.3
+        version: 4.5.3(@types/node@22.15.18)(rollup@4.40.2)(typescript@5.8.3)(vite@6.3.5(@types/node@22.15.18)(jiti@2.4.2)(terser@5.39.1)(tsx@4.19.4)(yaml@2.8.0))
 
   packages/i18n-utils:
     devDependencies:

sonar-project.properties

@@ -21,5 +21,5 @@ sonar.scm.exclusions.disabled=false
 sonar.sourceEncoding=UTF-8
 
 # Coverage
-sonar.coverage.exclusions=**/*.test.*,**/*.spec.*,**/*.mdx,**/*.config.mts,**/*.config.ts,**/constants.ts,**/route.ts,**/route.tsx,**/types/**,**/types.ts,**/stories.*,**/*.mock.*,**/mocks/**,**/__mocks__/**,**/openapi.ts,**/openapi-document.ts,**/instrumentation.ts,scripts/merge-client-endpoints.ts,**/playwright/**,**/Dockerfile,**/*.config.cjs,**/*.css,**/templates.ts,**/actions.ts,apps/web/modules/ui/components/icons/*,**/*.json,apps/web/vitestSetup.ts,packages/js-core/src/index.ts,apps/web/tailwind.config.js,apps/web/postcss.config.js,apps/web/next.config.mjs,apps/web/scripts/**,packages/js-core/vitest.setup.ts,**/*.mjs,apps/web/modules/auth/lib/mock-data.ts,apps/web/modules/analysis/components/SingleResponseCard/components/Smileys.tsx,packages/surveys/src/components/general/smileys.tsx,**/cache.ts,apps/web/app/**/billing-confirmation/**,apps/web/modules/ee/billing/**,apps/web/modules/ee/multi-language-surveys/**,apps/web/modules/email/**,apps/web/modules/integrations/**,apps/web/modules/setup/**/intro/**,apps/web/modules/setup/**/signup/**,apps/web/modules/setup/**/layout.tsx,apps/web/modules/survey/follow-ups/**,apps/web/app/share/**,apps/web/lib/shortUrl/**,apps/web/modules/ee/contacts/[contactId]/**,apps/web/modules/ee/contacts/components/**,apps/web/modules/ee/two-factor-auth/**,apps/web/lib/posthogServer.ts,apps/web/lib/slack/**,apps/web/lib/notion/**,apps/web/lib/googleSheet/**,apps/web/app/api/google-sheet/**,apps/web/app/api/billing/**,apps/web/lib/airtable/**,apps/web/app/api/v1/integrations/**,apps/web/lib/env.ts,**/instrumentation-node.ts,**/cache/**,**/*.svg,apps/web/modules/ui/components/icons/**,apps/web/modules/ui/components/table/**
-sonar.cpd.exclusions=**/*.test.*,**/*.spec.*,**/*.mdx,**/*.config.mts,**/*.config.ts,**/constants.ts,**/route.ts,**/route.tsx,**/types/**,**/types.ts,**/stories.*,**/*.mock.*,**/mocks/**,**/__mocks__/**,**/openapi.ts,**/openapi-document.ts,**/instrumentation.ts,scripts/merge-client-endpoints.ts,**/playwright/**,**/Dockerfile,**/*.config.cjs,**/*.css,**/templates.ts,**/actions.ts,apps/web/modules/ui/components/icons/*,**/*.json,apps/web/vitestSetup.ts,apps/web/tailwind.config.js,apps/web/postcss.config.js,apps/web/next.config.mjs,apps/web/scripts/**,packages/js-core/vitest.setup.ts,packages/js-core/src/index.ts,**/*.mjs,apps/web/modules/auth/lib/mock-data.ts,apps/web/modules/analysis/components/SingleResponseCard/components/Smileys.tsx,packages/surveys/src/components/general/smileys.tsx,**/cache.ts,apps/web/app/**/billing-confirmation/**,apps/web/modules/ee/billing/**,apps/web/modules/ee/multi-language-surveys/**,apps/web/modules/email/**,apps/web/modules/integrations/**,apps/web/modules/setup/**/intro/**,apps/web/modules/setup/**/signup/**,apps/web/modules/setup/**/layout.tsx,apps/web/modules/survey/follow-ups/**,apps/web/app/share/**,apps/web/lib/shortUrl/**,apps/web/modules/ee/contacts/[contactId]/**,apps/web/modules/ee/contacts/components/**,apps/web/modules/ee/two-factor-auth/**,apps/web/lib/posthogServer.ts,apps/web/lib/slack/**,apps/web/lib/notion/**,apps/web/lib/googleSheet/**,apps/web/app/api/google-sheet/**,apps/web/app/api/billing/**,apps/web/lib/airtable/**,apps/web/app/api/v1/integrations/**,apps/web/lib/env.ts,**/instrumentation-node.ts,**/cache/**,**/*.svg,apps/web/modules/ui/components/icons/**,apps/web/modules/ui/components/table/**
+sonar.coverage.exclusions=**/*.test.*,**/*.spec.*,**/*.mdx,**/*.config.mts,**/*.config.ts,**/constants.ts,**/route.ts,**/route.tsx,**/types/**,**/types.ts,**/stories.*,**/*.mock.*,**/mocks/**,**/__mocks__/**,**/openapi.ts,**/openapi-document.ts,**/instrumentation.ts,scripts/openapi/merge-client-endpoints.ts,**/playwright/**,**/Dockerfile,**/*.config.cjs,**/*.css,**/templates.ts,**/actions.ts,apps/web/modules/ui/components/icons/*,**/*.json,apps/web/vitestSetup.ts,packages/js-core/src/index.ts,apps/web/tailwind.config.js,apps/web/postcss.config.js,apps/web/next.config.mjs,apps/web/scripts/**,packages/js-core/vitest.setup.ts,**/*.mjs,apps/web/modules/auth/lib/mock-data.ts,apps/web/modules/analysis/components/SingleResponseCard/components/Smileys.tsx,packages/surveys/src/components/general/smileys.tsx,**/cache.ts,apps/web/app/**/billing-confirmation/**,apps/web/modules/ee/billing/**,apps/web/modules/ee/multi-language-surveys/**,apps/web/modules/email/**,apps/web/modules/integrations/**,apps/web/modules/setup/**/intro/**,apps/web/modules/setup/**/signup/**,apps/web/modules/setup/**/layout.tsx,apps/web/modules/survey/follow-ups/**,apps/web/app/share/**,apps/web/lib/shortUrl/**,apps/web/modules/ee/contacts/[contactId]/**,apps/web/modules/ee/contacts/components/**,apps/web/modules/ee/two-factor-auth/**,apps/web/lib/posthogServer.ts,apps/web/lib/slack/**,apps/web/lib/notion/**,apps/web/lib/googleSheet/**,apps/web/app/api/google-sheet/**,apps/web/app/api/billing/**,apps/web/lib/airtable/**,apps/web/app/api/v1/integrations/**,apps/web/lib/env.ts,**/instrumentation-node.ts,**/cache/**,**/*.svg,apps/web/modules/ui/components/icons/**,apps/web/modules/ui/components/table/**
+sonar.cpd.exclusions=**/*.test.*,**/*.spec.*,**/*.mdx,**/*.config.mts,**/*.config.ts,**/constants.ts,**/route.ts,**/route.tsx,**/types/**,**/types.ts,**/stories.*,**/*.mock.*,**/mocks/**,**/__mocks__/**,**/openapi.ts,**/openapi-document.ts,**/instrumentation.ts,scripts/openapi/merge-client-endpoints.ts,**/playwright/**,**/Dockerfile,**/*.config.cjs,**/*.css,**/templates.ts,**/actions.ts,apps/web/modules/ui/components/icons/*,**/*.json,apps/web/vitestSetup.ts,apps/web/tailwind.config.js,apps/web/postcss.config.js,apps/web/next.config.mjs,apps/web/scripts/**,packages/js-core/vitest.setup.ts,packages/js-core/src/index.ts,**/*.mjs,apps/web/modules/auth/lib/mock-data.ts,apps/web/modules/analysis/components/SingleResponseCard/components/Smileys.tsx,packages/surveys/src/components/general/smileys.tsx,**/cache.ts,apps/web/app/**/billing-confirmation/**,apps/web/modules/ee/billing/**,apps/web/modules/ee/multi-language-surveys/**,apps/web/modules/email/**,apps/web/modules/integrations/**,apps/web/modules/setup/**/intro/**,apps/web/modules/setup/**/signup/**,apps/web/modules/setup/**/layout.tsx,apps/web/modules/survey/follow-ups/**,apps/web/app/share/**,apps/web/lib/shortUrl/**,apps/web/modules/ee/contacts/[contactId]/**,apps/web/modules/ee/contacts/components/**,apps/web/modules/ee/two-factor-auth/**,apps/web/lib/posthogServer.ts,apps/web/lib/slack/**,apps/web/lib/notion/**,apps/web/lib/googleSheet/**,apps/web/app/api/google-sheet/**,apps/web/app/api/billing/**,apps/web/lib/airtable/**,apps/web/app/api/v1/integrations/**,apps/web/lib/env.ts,**/instrumentation-node.ts,**/cache/**,**/*.svg,apps/web/modules/ui/components/icons/**,apps/web/modules/ui/components/table/**

turbo.json

@@ -6,7 +6,7 @@
       "outputs": ["dist/**"]
     },
     "@formbricks/database#lint": {
-      "dependsOn": ["@formbricks/logger#build"]
+      "dependsOn": ["@formbricks/logger#build", "@formbricks/database#build"]
     },
     "@formbricks/database#setup": {
       "dependsOn": ["db:up"]
@@ -30,6 +30,9 @@
       "dependsOn": ["@formbricks/database#db:setup"],
       "persistent": true
     },
+    "@formbricks/js-core#lint": {
+      "dependsOn": ["@formbricks/database#build"]
+    },
     "@formbricks/react-native#build": {
       "dependsOn": ["^build", "@formbricks/database#build"],
       "outputs": ["dist/**"]
@@ -58,10 +61,10 @@
       "persistent": true
     },
     "@formbricks/web#test": {
-      "dependsOn": ["@formbricks/logger#build"]
+      "dependsOn": ["@formbricks/logger#build", "@formbricks/database#build"]
     },
     "@formbricks/web#test:coverage": {
-      "dependsOn": ["@formbricks/logger#build"]
+      "dependsOn": ["@formbricks/logger#build", "@formbricks/database#build"]
     },
     "build": {
       "dependsOn": ["^build"],
@@ -143,6 +146,7 @@
         "SAML_DATABASE_URL",
         "SESSION_MAX_AGE",
         "SENTRY_DSN",
+        "SENTRY_ENVIRONMENT",
         "SLACK_CLIENT_ID",
         "SLACK_CLIENT_SECRET",
         "SMTP_HOST",
@@ -205,7 +209,7 @@
     },
     "db:setup": {
       "cache": false,
-      "dependsOn": ["@formbricks/logger#build"],
+      "dependsOn": ["@formbricks/logger#build", "@formbricks/database#build"],
       "outputs": []
     },
     "db:start": {