feat: implement database seeding strategy

Co-authored-by: Johannes <johannes@formbricks.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>

.cursor/commands/create-question.md

@@ -0,0 +1,352 @@
+# Create New Question Element
+
+Use this command to scaffold a new question element component in `packages/survey-ui/src/elements/`.
+
+## Usage
+
+When creating a new question type (e.g., `single-select`, `rating`, `nps`), follow these steps:
+
+1. **Create the component file** `{question-type}.tsx` with this structure:
+
+```typescript
+import * as React from "react";
+import { ElementHeader } from "../components/element-header";
+import { useTextDirection } from "../hooks/use-text-direction";
+import { cn } from "../lib/utils";
+
+interface {QuestionType}Props {
+    /** Unique identifier for the element container */
+    elementId: string;
+    /** The main question or prompt text displayed as the headline */
+    headline: string;
+    /** Optional descriptive text displayed below the headline */
+    description?: string;
+    /** Unique identifier for the input/control group */
+    inputId: string;
+    /** Current value */
+    value?: {ValueType};
+    /** Callback function called when the value changes */
+    onChange: (value: {ValueType}) => void;
+    /** Whether the field is required (shows asterisk indicator) */
+    required?: boolean;
+    /** Error message to display */
+    errorMessage?: string;
+    /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
+    dir?: "ltr" | "rtl" | "auto";
+    /** Whether the controls are disabled */
+    disabled?: boolean;
+    // Add question-specific props here
+}
+
+function {QuestionType}({
+    elementId,
+    headline,
+    description,
+    inputId,
+    value,
+    onChange,
+    required = false,
+    errorMessage,
+    dir = "auto",
+    disabled = false,
+    // ... question-specific props
+}: {QuestionType}Props): React.JSX.Element {
+    // Ensure value is always the correct type (handle undefined/null)
+    const currentValue = value ?? {defaultValue};
+    
+    // Detect text direction from content
+    const detectedDir = useTextDirection({
+        dir,
+        textContent: [headline, description ?? "", /* add other text content from question */],
+    });
+
+    return (
+        <div className="w-full space-y-4" id={elementId} dir={detectedDir}>
+            {/* Headline */}
+            <ElementHeader 
+                headline={headline} 
+                description={description} 
+                required={required} 
+                htmlFor={inputId} 
+            />
+
+            {/* Question-specific controls */}
+            {/* TODO: Add your question-specific UI here */}
+
+            {/* Error message */}
+            {errorMessage && (
+                <div className="text-destructive flex items-center gap-1 text-sm" dir={detectedDir}>
+                    <span>{errorMessage}</span>
+                </div>
+            )}
+        </div>
+    );
+}
+
+export { {QuestionType} };
+export type { {QuestionType}Props };
+```
+
+2. **Create the Storybook file** `{question-type}.stories.tsx`:
+
+```typescript
+import type { Decorator, Meta, StoryObj } from "@storybook/react";
+import React from "react";
+import { {QuestionType}, type {QuestionType}Props } from "./{question-type}";
+
+// Styling options for the StylingPlayground story
+interface StylingOptions {
+    // Question styling
+    questionHeadlineFontFamily: string;
+    questionHeadlineFontSize: string;
+    questionHeadlineFontWeight: string;
+    questionHeadlineColor: string;
+    questionDescriptionFontFamily: string;
+    questionDescriptionFontWeight: string;
+    questionDescriptionFontSize: string;
+    questionDescriptionColor: string;
+    // Add component-specific styling options here
+}
+
+type StoryProps = {QuestionType}Props & Partial<StylingOptions>;
+
+const meta: Meta<StoryProps> = {
+    title: "UI-package/Elements/{QuestionType}",
+    component: {QuestionType},
+    parameters: {
+        layout: "centered",
+        docs: {
+            description: {
+                component: "A complete {question type} question element...",
+            },
+        },
+    },
+    tags: ["autodocs"],
+    argTypes: {
+        headline: {
+            control: "text",
+            description: "The main question text",
+            table: { category: "Content" },
+        },
+        description: {
+            control: "text",
+            description: "Optional description or subheader text",
+            table: { category: "Content" },
+        },
+        value: {
+            control: "object",
+            description: "Current value",
+            table: { category: "State" },
+        },
+        required: {
+            control: "boolean",
+            description: "Whether the field is required",
+            table: { category: "Validation" },
+        },
+        errorMessage: {
+            control: "text",
+            description: "Error message to display",
+            table: { category: "Validation" },
+        },
+        dir: {
+            control: { type: "select" },
+            options: ["ltr", "rtl", "auto"],
+            description: "Text direction for RTL support",
+            table: { category: "Layout" },
+        },
+        disabled: {
+            control: "boolean",
+            description: "Whether the controls are disabled",
+            table: { category: "State" },
+        },
+        onChange: {
+            action: "changed",
+            table: { category: "Events" },
+        },
+        // Add question-specific argTypes here
+    },
+};
+
+export default meta;
+type Story = StoryObj<StoryProps>;
+
+// Decorator to apply CSS variables from story args
+const withCSSVariables: Decorator<StoryProps> = (Story, context) => {
+    const args = context.args as StoryProps;
+    const {
+        questionHeadlineFontFamily,
+        questionHeadlineFontSize,
+        questionHeadlineFontWeight,
+        questionHeadlineColor,
+        questionDescriptionFontFamily,
+        questionDescriptionFontSize,
+        questionDescriptionFontWeight,
+        questionDescriptionColor,
+        // Extract component-specific styling options
+    } = args;
+
+    const cssVarStyle: React.CSSProperties & Record<string, string | undefined> = {
+        "--fb-question-headline-font-family": questionHeadlineFontFamily,
+        "--fb-question-headline-font-size": questionHeadlineFontSize,
+        "--fb-question-headline-font-weight": questionHeadlineFontWeight,
+        "--fb-question-headline-color": questionHeadlineColor,
+        "--fb-question-description-font-family": questionDescriptionFontFamily,
+        "--fb-question-description-font-size": questionDescriptionFontSize,
+        "--fb-question-description-font-weight": questionDescriptionFontWeight,
+        "--fb-question-description-color": questionDescriptionColor,
+        // Add component-specific CSS variables
+    };
+
+    return (
+        <div style={cssVarStyle} className="w-[600px]">
+            <Story />
+        </div>
+    );
+};
+
+export const StylingPlayground: Story = {
+    args: {
+        headline: "Example question?",
+        description: "Example description",
+        // Default styling values
+        questionHeadlineFontFamily: "system-ui, sans-serif",
+        questionHeadlineFontSize: "1.125rem",
+        questionHeadlineFontWeight: "600",
+        questionHeadlineColor: "#1e293b",
+        questionDescriptionFontFamily: "system-ui, sans-serif",
+        questionDescriptionFontSize: "0.875rem",
+        questionDescriptionFontWeight: "400",
+        questionDescriptionColor: "#64748b",
+        // Add component-specific default values
+    },
+    argTypes: {
+        // Question styling argTypes
+        questionHeadlineFontFamily: {
+            control: "text",
+            table: { category: "Question Styling" },
+        },
+        questionHeadlineFontSize: {
+            control: "text",
+            table: { category: "Question Styling" },
+        },
+        questionHeadlineFontWeight: {
+            control: "text",
+            table: { category: "Question Styling" },
+        },
+        questionHeadlineColor: {
+            control: "color",
+            table: { category: "Question Styling" },
+        },
+        questionDescriptionFontFamily: {
+            control: "text",
+            table: { category: "Question Styling" },
+        },
+        questionDescriptionFontSize: {
+            control: "text",
+            table: { category: "Question Styling" },
+        },
+        questionDescriptionFontWeight: {
+            control: "text",
+            table: { category: "Question Styling" },
+        },
+        questionDescriptionColor: {
+            control: "color",
+            table: { category: "Question Styling" },
+        },
+        // Add component-specific argTypes
+    },
+    decorators: [withCSSVariables],
+};
+
+export const Default: Story = {
+    args: {
+        headline: "Example question?",
+        // Add default props
+    },
+};
+
+export const WithDescription: Story = {
+    args: {
+        headline: "Example question?",
+        description: "Example description text",
+    },
+};
+
+export const Required: Story = {
+    args: {
+        headline: "Example question?",
+        required: true,
+    },
+};
+
+export const WithError: Story = {
+    args: {
+        headline: "Example question?",
+        errorMessage: "This field is required",
+        required: true,
+    },
+};
+
+export const Disabled: Story = {
+    args: {
+        headline: "Example question?",
+        disabled: true,
+    },
+};
+
+export const RTL: Story = {
+    args: {
+        headline: "مثال على السؤال؟",
+        description: "مثال على الوصف",
+        // Add RTL-specific props
+    },
+};
+```
+
+3. **Add CSS variables** to `packages/survey-ui/src/styles/globals.css` if needed:
+
+```css
+/* Component-specific CSS variables */
+--fb-{component}-{property}: {default-value};
+```
+
+4. **Export from** `packages/survey-ui/src/index.ts`:
+
+```typescript
+export { {QuestionType}, type {QuestionType}Props } from "./elements/{question-type}";
+```
+
+## Key Requirements
+
+- ✅ Always use `ElementHeader` component for headline/description
+- ✅ Always use `useTextDirection` hook for RTL support
+- ✅ Always handle undefined/null values safely (e.g., `Array.isArray(value) ? value : []`)
+- ✅ Always include error message display if applicable
+- ✅ Always support disabled state if applicable
+- ✅ Always add JSDoc comments to props interface
+- ✅ Always create Storybook stories with styling playground
+- ✅ Always export types from component file
+- ✅ Always add to index.ts exports
+
+## Examples
+
+- `open-text.tsx` - Text input/textarea question (string value)
+- `multi-select.tsx` - Multiple checkbox selection (string[] value)
+
+## Checklist
+
+When creating a new question element, verify:
+
+- [ ] Component file created with proper structure
+- [ ] Props interface with JSDoc comments for all props
+- [ ] Uses `ElementHeader` component (don't duplicate header logic)
+- [ ] Uses `useTextDirection` hook for RTL support
+- [ ] Handles undefined/null values safely
+- [ ] Storybook file created with styling playground
+- [ ] Includes common stories: Default, WithDescription, Required, WithError, Disabled, RTL
+- [ ] CSS variables added to `globals.css` if component needs custom styling
+- [ ] Exported from `index.ts` with types
+- [ ] TypeScript types properly exported
+- [ ] Error message display included if applicable
+- [ ] Disabled state supported if applicable
+

.cursor/rules/cache-optimization.mdc

@@ -179,14 +179,14 @@ For endpoints serving client SDKs, coordinate TTLs across layers:
 
 ```typescript
 // Client SDK cache (expiresAt) - longest TTL for fewer requests
-const CLIENT_TTL = 60 * 60;           // 1 hour (seconds for client)
+const CLIENT_TTL = 60;           // 1 minute (seconds for client)
 
 // Server Redis cache - shorter TTL ensures fresh data for clients  
-const SERVER_TTL = 60 * 30 * 1000;   // 30 minutes in milliseconds
+const SERVER_TTL = 60 * 1000;   // 1 minutes in milliseconds
 
 // HTTP cache headers (seconds)
-const BROWSER_TTL = 60 * 60;         // 1 hour (max-age)
-const CDN_TTL = 60 * 30;             // 30 minutes (s-maxage)
+const BROWSER_TTL = 60;         // 1 minute (max-age)
+const CDN_TTL = 60;             // 1 minute (s-maxage)
 const CORS_TTL = 60 * 60;            // 1 hour (balanced approach)
 ```
 

.cursor/rules/database.mdc

@@ -1,13 +1,8 @@
 ---
 description: >
-  This rule provides comprehensive knowledge about the Formbricks database structure, relationships, 
-  and data patterns. It should be used **only when the agent explicitly requests database schema-level 
-  details** to support tasks such as: writing/debugging Prisma queries, designing/reviewing data models, 
-  investigating multi-tenancy behavior, creating API endpoints, or understanding data relationships.
-globs: []
-alwaysApply: agent-requested
+globs: schema.prisma
+alwaysApply: false
 ---
-
 # Formbricks Database Schema Reference
 
 This rule provides a reference to the Formbricks database structure. For the most up-to-date and complete schema definitions, please refer to the schema.prisma file directly.

.cursor/rules/eks-alb-optimization.mdc

@@ -1,152 +0,0 @@
----
-description:
-globs:
-alwaysApply: false
----
-# EKS & ALB Optimization Guide for Error Reduction
-
-## Infrastructure Overview
-
-This project uses AWS EKS with Application Load Balancer (ALB) for the Formbricks application. The infrastructure has been optimized to minimize ELB 502/504 errors through careful configuration of connection handling, health checks, and pod lifecycle management.
-
-## Key Infrastructure Files
-
-### Terraform Configuration
-- **Main Infrastructure**: [infra/terraform/main.tf](mdc:infra/terraform/main.tf) - EKS cluster, VPC, Karpenter, and core AWS resources
-- **Monitoring**: [infra/terraform/cloudwatch.tf](mdc:infra/terraform/cloudwatch.tf) - CloudWatch alarms for 502/504 error tracking and alerting
-- **Database**: [infra/terraform/rds.tf](mdc:infra/terraform/rds.tf) - Aurora PostgreSQL configuration
-
-### Helm Configuration
-- **Production**: [infra/formbricks-cloud-helm/values.yaml.gotmpl](mdc:infra/formbricks-cloud-helm/values.yaml.gotmpl) - Optimized ALB and pod configurations
-- **Staging**: [infra/formbricks-cloud-helm/values-staging.yaml.gotmpl](mdc:infra/formbricks-cloud-helm/values-staging.yaml.gotmpl) - Staging environment with spot instances
-- **Deployment**: [infra/formbricks-cloud-helm/helmfile.yaml.gotmpl](mdc:infra/formbricks-cloud-helm/helmfile.yaml.gotmpl) - Multi-environment Helm releases
-
-## ALB Optimization Patterns
-
-### Connection Handling Optimizations
-```yaml
-# Key ALB annotations for reducing 502/504 errors
-alb.ingress.kubernetes.io/load-balancer-attributes: |
-  idle_timeout.timeout_seconds=120,
-  connection_logs.s3.enabled=false,
-  access_logs.s3.enabled=false
-
-alb.ingress.kubernetes.io/target-group-attributes: |
-  deregistration_delay.timeout_seconds=30,
-  stickiness.enabled=false,
-  load_balancing.algorithm.type=least_outstanding_requests,
-  target_group_health.dns_failover.minimum_healthy_targets.count=1
-```
-
-### Health Check Configuration
-- **Interval**: 15 seconds for faster detection of unhealthy targets
-- **Timeout**: 5 seconds to prevent false positives
-- **Thresholds**: 2 healthy, 3 unhealthy for balanced responsiveness
-- **Path**: `/health` endpoint optimized for < 100ms response time
-
-## Pod Lifecycle Management
-
-### Graceful Shutdown Pattern
-```yaml
-# PreStop hook to allow connection draining
-lifecycle:
-  preStop:
-    exec:
-      command: ["/bin/sh", "-c", "sleep 15"]
-
-# Termination grace period for complete cleanup
-terminationGracePeriodSeconds: 45
-```
-
-### Health Probe Strategy
-- **Startup Probe**: 5s initial delay, 5s interval, max 60s startup time
-- **Readiness Probe**: 10s delay, 10s interval for traffic readiness
-- **Liveness Probe**: 30s delay, 30s interval for container health
-
-### Rolling Update Configuration
-```yaml
-strategy:
-  type: RollingUpdate
-  rollingUpdate:
-    maxUnavailable: 25%  # Maintain capacity during updates
-    maxSurge: 50%        # Allow faster rollouts
-```
-
-## Karpenter Node Management
-
-### Node Lifecycle Optimization
-- **Startup Taints**: Prevent traffic during node initialization
-- **Graceful Shutdown**: 30s grace period for pod eviction
-- **Consolidation Delay**: 60s to reduce unnecessary churn
-- **Eviction Policies**: Configured for smooth pod migrations
-
-### Instance Selection
-- **Families**: c8g, c7g, m8g, m7g, r8g, r7g (ARM64 Graviton)
-- **Sizes**: 2, 4, 8 vCPUs for cost optimization
-- **Bottlerocket AMI**: Enhanced security and performance
-
-## Monitoring & Alerting
-
-### Critical ALB Metrics
-1. **ELB 502 Errors**: Threshold 20 over 5 minutes
-2. **ELB 504 Errors**: Threshold 15 over 5 minutes  
-3. **Target Connection Errors**: Threshold 50 over 5 minutes
-4. **4XX Errors**: Threshold 100 over 10 minutes (client issues)
-
-### Expected Improvements
-- **60-80% reduction** in ELB 502 errors
-- **Faster recovery** during pod restarts
-- **Better connection reuse** efficiency
-- **Improved autoscaling** responsiveness
-
-## Deployment Patterns
-
-### Infrastructure Updates
-1. **Terraform First**: Apply infrastructure changes via [infra/deploy-improvements.sh](mdc:infra/deploy-improvements.sh)
-2. **Helm Second**: Deploy application configurations
-3. **Verification**: Check pod status, endpoints, and ALB health
-4. **Monitoring**: Watch CloudWatch metrics for 24-48 hours
-
-### Environment-Specific Configurations
-- **Production**: On-demand instances, stricter resource limits
-- **Staging**: Spot instances, rate limiting disabled, relaxed resources
-
-## Troubleshooting Patterns
-
-### 502 Error Investigation
-1. Check pod readiness and health probe status
-2. Verify ALB target group health
-3. Review deregistration timing during deployments
-4. Monitor connection pool utilization
-
-### 504 Error Analysis  
-1. Check application response times
-2. Verify timeout configurations (ALB: 120s, App: aligned)
-3. Review database query performance
-4. Monitor resource utilization during traffic spikes
-
-### Connection Error Patterns
-1. Verify Karpenter node lifecycle timing
-2. Check pod termination grace periods
-3. Review ALB connection draining settings
-4. Monitor cluster autoscaling events
-
-## Best Practices
-
-### When Making Changes
-- **Test in staging first** with same configurations
-- **Monitor metrics** for 24-48 hours after changes
-- **Use gradual rollouts** with proper health checks
-- **Maintain ALB timeout alignment** across all layers
-
-### Performance Optimization
-- **Health endpoint** should respond < 100ms consistently  
-- **Connection pooling** aligned with ALB idle timeouts
-- **Resource requests/limits** tuned for consistent performance
-- **Graceful shutdown** implemented in application code
-
-### Monitoring Strategy
-- **Real-time alerts** for error rate spikes
-- **Trend analysis** for connection patterns
-- **Capacity planning** based on LCU usage
-- **4XX pattern analysis** for client behavior insights

.cursor/rules/i18n-management.mdc

@@ -0,0 +1,457 @@
+---
+title: i18n Management with Lingo.dev
+description: Guidelines for managing internationalization (i18n) with Lingo.dev, including translation workflow, key validation, and best practices
+---
+
+# i18n Management with Lingo.dev
+
+This rule defines the workflow and best practices for managing internationalization (i18n) in the Formbricks project using Lingo.dev.
+
+## Overview
+
+Formbricks uses [Lingo.dev](https://lingo.dev) for managing translations across multiple languages. The translation workflow includes:
+
+1. **Translation Keys**: Defined in code using the `t()` function from `react-i18next`
+2. **Translation Files**: JSON files stored in `apps/web/locales/` for each supported language
+3. **Validation**: Automated scanning to detect missing and unused translation keys
+4. **CI/CD**: Pre-commit hooks and GitHub Actions to enforce translation quality
+
+## Translation Workflow
+
+### 1. Using Translations in Code
+
+When adding translatable text in the web app, use the `t()` function or `<Trans>` component:
+
+**Using the `t()` function:**
+```tsx
+import { useTranslate } from "@/lib/i18n/translate";
+
+const MyComponent = () => {
+  const { t } = useTranslate();
+  
+  return (
+    <div>
+      <h1>{t("common.welcome")}</h1>
+      <p>{t("pages.dashboard.description")}</p>
+    </div>
+  );
+};
+```
+
+**Using the `<Trans>` component (for text with HTML elements):**
+```tsx
+import { Trans } from "react-i18next";
+
+const MyComponent = () => {
+  return (
+    <div>
+      <p>
+        <Trans
+          i18nKey="auth.terms_agreement"
+          components={{ 
+            link: <a href="/terms" />,
+            b: <b />
+          }}
+        />
+      </p>
+    </div>
+  );
+};
+```
+
+**Key Naming Conventions:**
+- Use dot notation for nested keys: `section.subsection.key`
+- Use descriptive names: `auth.login.success_message` not `auth.msg1`
+- Group related keys together: `auth.*`, `errors.*`, `common.*`
+- Use lowercase with underscores: `user_profile_settings` not `UserProfileSettings`
+
+### 2. Translation File Structure
+
+Translation files are located in `apps/web/locales/` and use the following naming convention:
+- `en-US.json` (English - United States, default)
+- `de-DE.json` (German)
+- `fr-FR.json` (French)
+- `pt-BR.json` (Portuguese - Brazil)
+- etc.
+
+**File Structure:**
+```json
+{
+  "common": {
+    "welcome": "Welcome",
+    "save": "Save",
+    "cancel": "Cancel"
+  },
+  "auth": {
+    "login": {
+      "title": "Login",
+      "email_placeholder": "Enter your email",
+      "password_placeholder": "Enter your password"
+    }
+  }
+}
+```
+
+### 3. Adding New Translation Keys
+
+When adding new translation keys:
+
+1. **Add the key in your code** using `t("your.new.key")`
+2. **Add translation for that key in en-US.json file**
+3. **Run the translation workflow:**
+   ```bash
+   pnpm i18n
+   ```
+   This will:
+   - Generate translations for all languages using Lingo.dev
+   - Validate that all keys are present and used
+
+4. **Review and commit** the generated translation files
+
+### 4. Available Scripts
+
+```bash
+# Generate translations using Lingo.dev
+pnpm generate-translations
+
+# Scan and validate translation keys
+pnpm scan-translations
+
+# Full workflow: generate + validate
+pnpm i18n
+
+# Validate only (without generation)
+pnpm i18n:validate
+```
+
+## Translation Key Validation
+
+### Automated Validation
+
+The project includes automated validation that runs:
+- **Pre-commit hook**: Validates translations before allowing commits (when `LINGODOTDEV_API_KEY` is set)
+- **GitHub Actions**: Validates translations on every PR and push to main
+
+### Validation Rules
+
+The validation script (`scan-translations.ts`) checks for:
+
+1. **Missing Keys**: Translation keys used in code but not present in translation files
+2. **Unused Keys**: Translation keys present in translation files but not used in code
+3. **Incomplete Translations**: Keys that exist in the default language (`en-US`) but are missing in target languages
+
+**What gets scanned:**
+- All `.ts` and `.tsx` files in `apps/web/`
+- Both `t()` function calls and `<Trans i18nKey="">` components
+- All locale files (`de-DE.json`, `fr-FR.json`, `ja-JP.json`, etc.)
+
+**What gets excluded:**
+- Test files (`*.test.ts`, `*.test.tsx`, `*.spec.ts`, `*.spec.tsx`)
+- Build directories (`node_modules`, `dist`, `build`, `.next`, `coverage`)
+- Locale files themselves (from code scanning)
+
+**Note:** Test files are excluded because they often use mock or example translation keys for testing purposes that don't need to exist in production translation files.
+
+### Fixing Validation Errors
+
+#### Missing Keys
+
+If you encounter missing key errors:
+
+```
+❌ MISSING KEYS (2):
+
+   These keys are used in code but not found in translation files:
+
+   • auth.signup.email_required
+   • settings.profile.update_success
+```
+
+**Resolution:**
+1. Ensure that translations for those keys are present in en-US.json .  
+2. Run `pnpm generate-translations` to have Lingo.dev generate the missing translations
+3. OR manually add the keys to `apps/web/locales/en-US.json`:
+   ```json
+   {
+     "auth": {
+       "signup": {
+         "email_required": "Email is required"
+       }
+     },
+     "settings": {
+       "profile": {
+         "update_success": "Profile updated successfully"
+       }
+     }
+   }
+   ```
+3. Run `pnpm scan-translations` to verify
+4. Commit the changes
+
+#### Unused Keys
+
+If you encounter unused key errors:
+
+```
+⚠️  UNUSED KEYS (1):
+
+   These keys exist in translation files but are not used in code:
+
+   • old.deprecated.key
+```
+
+**Resolution:**
+1. If the key is truly unused, remove it from all translation files
+2. If the key should be used, add it to your code using `t("old.deprecated.key")`
+3. Run `pnpm scan-translations` to verify
+4. Commit the changes
+
+#### Incomplete Translations
+
+If you encounter incomplete translation errors:
+
+```
+⚠️  INCOMPLETE TRANSLATIONS:
+
+   Some keys from en-US are missing in target languages:
+
+   📝 de-DE (5 missing keys):
+      • auth.new_feature.title
+      • auth.new_feature.description
+      • settings.advanced.option
+      ... and 2 more
+```
+
+**Resolution:**
+1. **Recommended:** Run `pnpm generate-translations` to have Lingo.dev automatically translate the missing keys
+2. **Manual:** Add the missing keys to the target language files:
+   ```bash
+   # Copy the structure from en-US.json and translate the values
+   # For example, in de-DE.json:
+   {
+     "auth": {
+       "new_feature": {
+         "title": "Neues Feature",
+         "description": "Beschreibung des neuen Features"
+       }
+     }
+   }
+   ```
+3. Run `pnpm scan-translations` to verify all translations are complete
+4. Commit the changes
+
+## Pre-commit Hook Behavior
+
+The pre-commit hook will:
+
+1. Run `lint-staged` for code formatting
+2. If `LINGODOTDEV_API_KEY` is set:
+   - Generate translations using Lingo.dev
+   - Validate translation keys
+   - Auto-add updated locale files to the commit
+   - **Block the commit** if validation fails
+3. If `LINGODOTDEV_API_KEY` is not set:
+   - Skip translation validation (for community contributors)
+   - Show a warning message
+
+## Environment Variables
+
+### LINGODOTDEV_API_KEY
+
+This is the API key for Lingo.dev integration.
+
+**For Core Team:**
+- Add to your local `.env` file
+- Required for running translation generation
+
+**For Community Contributors:**
+- Not required for local development
+- Translation validation will be skipped
+- The CI will still validate translations
+
+## Best Practices
+
+### 1. Keep Keys Organized
+
+Group related keys together:
+```json
+{
+  "auth": {
+    "login": { ... },
+    "signup": { ... },
+    "forgot_password": { ... }
+  },
+  "dashboard": {
+    "header": { ... },
+    "sidebar": { ... }
+  }
+}
+```
+
+### 2. Avoid Hardcoded Strings
+
+**❌ Bad:**
+```tsx
+<button>Click here</button>
+```
+
+**✅ Good:**
+```tsx
+<button>{t("common.click_here")}</button>
+```
+
+### 3. Use Interpolation for Dynamic Content
+
+**❌ Bad:**
+```tsx
+{t("welcome")} {userName}!
+```
+
+**✅ Good:**
+```tsx
+{t("auth.welcome_message", { userName })}
+```
+
+With translation:
+```json
+{
+  "auth": {
+    "welcome_message": "Welcome, {userName}!"
+  }
+}
+```
+
+### 4. Avoid Dynamic Key Construction
+
+**❌ Bad:**
+```tsx
+const key = `errors.${errorCode}`;
+t(key);
+```
+
+**✅ Good:**
+```tsx
+switch (errorCode) {
+  case "401":
+    return t("errors.unauthorized");
+  case "404":
+    return t("errors.not_found");
+  default:
+    return t("errors.unknown");
+}
+```
+
+### 5. Test Translation Keys
+
+When adding new features:
+1. Add translation keys
+2. Test in multiple languages using the language switcher
+3. Ensure text doesn't overflow in longer translations (German, French)
+4. Run `pnpm scan-translations` before committing
+
+## Troubleshooting
+
+### Issue: Pre-commit hook fails with validation errors
+
+**Solution:**
+```bash
+# Run the full i18n workflow
+pnpm i18n
+
+# Fix any missing or unused keys
+# Then commit again
+git add .
+git commit -m "your message"
+```
+
+### Issue: Translation validation passes locally but fails in CI
+
+**Solution:**
+- Ensure all translation files are committed
+- Check that `scan-translations.ts` hasn't been modified
+- Verify that locale files are properly formatted JSON
+
+### Issue: Cannot commit because of missing translations
+
+**Solution:**
+```bash
+# If you have LINGODOTDEV_API_KEY:
+pnpm generate-translations
+
+# If you don't have the API key (community contributor):
+# Manually add the missing keys to en-US.json
+# Then run validation:
+pnpm scan-translations
+```
+
+### Issue: Getting "unused keys" for keys that are used
+
+**Solution:**
+- The script scans `.ts` and `.tsx` files only
+- If keys are used in other file types, they may be flagged
+- Verify the key is actually used with `grep -r "your.key" apps/web/`
+- If it's a false positive, consider updating the scanning patterns in `scan-translations.ts`
+
+## AI Assistant Guidelines
+
+When assisting with i18n-related tasks, always:
+
+1. **Use the `t()` function** for all user-facing text
+2. **Follow key naming conventions** (lowercase, dots for nesting)
+3. **Run validation** after making changes: `pnpm scan-translations`
+4. **Fix missing keys** by adding them to `en-US.json`
+5. **Remove unused keys** from all translation files
+6. **Test the pre-commit hook** if making changes to translation workflow
+7. **Update this rule file** if translation workflow changes
+
+### Fixing Missing Translation Keys
+
+When the AI encounters missing translation key errors:
+
+1. Identify the missing keys from the error output
+2. Determine the appropriate section and naming for each key
+3. Add the keys to `apps/web/locales/en-US.json` with meaningful English text
+4. Ensure proper JSON structure and nesting
+5. Run `pnpm scan-translations` to verify
+6. Inform the user that other language files will be updated via Lingo.dev
+
+**Example:**
+```typescript
+// Error: Missing key "settings.api.rate_limit_exceeded"
+
+// Add to en-US.json:
+{
+  "settings": {
+    "api": {
+      "rate_limit_exceeded": "API rate limit exceeded. Please try again later."
+    }
+  }
+}
+```
+
+### Removing Unused Translation Keys
+
+When the AI encounters unused translation key errors:
+
+1. Verify the keys are truly unused by searching the codebase
+2. Remove the keys from `apps/web/locales/en-US.json`
+3. Note that removal from other language files can be handled via Lingo.dev
+4. Run `pnpm scan-translations` to verify
+
+## Migration Notes
+
+This project previously used Tolgee for translations. As of this migration:
+
+- **Old scripts**: `tolgee-pull` is deprecated (kept for reference)
+- **New scripts**: Use `pnpm i18n` or `pnpm generate-translations`
+- **Old workflows**: `tolgee.yml` and `tolgee-missing-key-check.yml` removed
+- **New workflow**: `translation-check.yml` handles all validation
+
+---
+
+**Last Updated:** October 14, 2025
+**Related Files:**
+- `scan-translations.ts` - Translation validation script
+- `.husky/pre-commit` - Pre-commit hook with i18n validation
+- `.github/workflows/translation-check.yml` - CI workflow for translation validation
+- `apps/web/locales/*.json` - Translation files

.cursor/rules/performance-optimization.mdc

@@ -1,5 +0,0 @@
----
-description:
-globs:
-alwaysApply: false
----

.cursor/rules/react-context-providers.mdc

@@ -1,5 +0,0 @@
----
-description:
-globs:
-alwaysApply: false
----

.cursor/rules/review-and-refine.mdc

@@ -0,0 +1,179 @@
+---
+description: Apply these quality standards before finalizing code changes to ensure DRY principles, React best practices, TypeScript conventions, and maintainable code.
+globs:
+alwaysApply: false
+---
+
+# Review & Refine
+
+Before finalizing any code changes, review your implementation against these quality standards:
+
+## Core Principles
+
+### DRY (Don't Repeat Yourself)
+
+- Extract duplicated logic into reusable functions or hooks
+- If the same code appears in multiple places, consolidate it
+- Create helper functions at appropriate scope (component-level, module-level, or utility files)
+- Avoid copy-pasting code blocks
+
+### Code Reduction
+
+- Remove unnecessary code, comments, and abstractions
+- Prefer built-in solutions over custom implementations
+- Consolidate similar logic
+- Remove dead code and unused imports
+- Question if every line of code is truly needed
+
+## React Best Practices
+
+### Component Design
+
+- Keep components focused on a single responsibility
+- Extract complex logic into custom hooks
+- Prefer composition over prop drilling
+- Use children props and render props when appropriate
+- Keep component files under 300 lines when possible
+
+### Hooks Usage
+
+- Follow Rules of Hooks (only call at top level, only in React functions)
+- Extract complex `useEffect` logic into custom hooks
+- Use `useMemo` and `useCallback` only when you have a measured performance issue
+- Declare dependencies arrays correctly - don't ignore exhaustive-deps warnings
+- Keep `useEffect` focused on a single concern
+
+### State Management
+
+- Colocate state as close as possible to where it's used
+- Lift state only when necessary
+- Use `useReducer` for complex state logic with multiple sub-values
+- Avoid derived state - compute values during render instead
+- Don't store values in state that can be computed from props
+
+### Event Handlers
+
+- Name event handlers with `handle` prefix (e.g., `handleClick`, `handleSubmit`)
+- Extract complex event handler logic into separate functions
+- Avoid inline arrow functions in JSX when they contain complex logic
+
+## TypeScript Best Practices
+
+### Type Safety
+
+- Prefer type inference over explicit types when possible
+- Use `const` assertions for literal types
+- Avoid `any` - use `unknown` if type is truly unknown
+- Use discriminated unions for complex conditional logic
+- Leverage type guards and narrowing
+
+### Interface & Type Usage
+
+- Use existing types from `@formbricks/types` - don't recreate them
+- Prefer `interface` for object shapes that might be extended
+- Prefer `type` for unions, intersections, and mapped types
+- Define types close to where they're used unless they're shared
+- Export types from index files for shared types
+
+### Type Assertions
+
+- Avoid type assertions (`as`) when possible
+- Use type guards instead of assertions
+- Only assert when you have more information than TypeScript
+
+## Code Organization
+
+### Separation of Concerns
+
+- Separate business logic from UI rendering
+- Extract API calls into separate functions or modules
+- Keep data transformation separate from component logic
+- Use custom hooks for stateful logic that doesn't render UI
+
+### Function Clarity
+
+- Functions should do one thing well
+- Name functions clearly and descriptively
+- Keep functions small (aim for under 20 lines)
+- Extract complex conditionals into named boolean variables or functions
+- Avoid deep nesting (max 3 levels)
+
+### File Structure
+
+- Group related functions together
+- Order declarations logically (types → hooks → helpers → component)
+- Keep imports organized (external → internal → relative)
+- Consider splitting large files by concern
+
+## Additional Quality Checks
+
+### Performance
+
+- Don't optimize prematurely - measure first
+- Avoid creating new objects/arrays/functions in render unnecessarily
+- Use keys properly in lists (stable, unique identifiers)
+- Lazy load heavy components when appropriate
+
+### Accessibility
+
+- Use semantic HTML elements
+- Include ARIA labels where needed
+- Ensure keyboard navigation works
+- Check color contrast and focus states
+
+### Error Handling
+
+- Handle error states in components
+- Provide user feedback for failed operations
+- Use error boundaries for component errors
+- Log errors appropriately (avoid swallowing errors silently)
+
+### Naming Conventions
+
+- Use descriptive names (avoid abbreviations unless very common)
+- Boolean variables/props should sound like yes/no questions (`isLoading`, `hasError`, `canEdit`)
+- Arrays should be plural (`users`, `choices`, `items`)
+- Event handlers: `handleX` in components, `onX` for props
+- Constants in UPPER_SNAKE_CASE only for true constants
+
+### Code Readability
+
+- Prefer early returns to reduce nesting
+- Use destructuring to make code clearer
+- Break complex expressions into named variables
+- Add comments only when code can't be made self-explanatory
+- Use whitespace to group related code
+
+### Testing Considerations
+
+- Write code that's easy to test (pure functions, clear inputs/outputs)
+- Avoid hard-to-mock dependencies when possible
+- Keep side effects at the edges of your code
+
+## Review Checklist
+
+Before submitting your changes, ask yourself:
+
+1. **DRY**: Is there any duplicated logic I can extract?
+2. **Clarity**: Would another developer understand this code easily?
+3. **Simplicity**: Is this the simplest solution that works?
+4. **Types**: Am I using TypeScript effectively?
+5. **React**: Am I following React idioms and best practices?
+6. **Performance**: Are there obvious performance issues?
+7. **Separation**: Are concerns properly separated?
+8. **Testing**: Is this code testable?
+9. **Maintenance**: Will this be easy to change in 6 months?
+10. **Deletion**: Can I remove any code and still accomplish the goal?
+
+## When to Apply This Rule
+
+Apply this rule:
+
+- After implementing a feature but before marking it complete
+- When you notice your code feels "messy" or complex
+- Before requesting code review
+- When you see yourself copy-pasting code
+- After receiving feedback about code quality
+
+Don't let perfect be the enemy of good, but always strive for:
+**Simple, readable, maintainable code that does one thing well.**

.cursor/rules/testing-patterns.mdc

@@ -1,322 +0,0 @@
----
-description: 
-globs: 
-alwaysApply: false
----
-# Testing Patterns & Best Practices
-
-## Running Tests
-
-### Test Commands
-From the **root directory** (formbricks/):
-- `npm test` - Run all tests across all packages (recommended for CI/full testing)
-- `npm run test:coverage` - Run all tests with coverage reports
-- `npm run test:e2e` - Run end-to-end tests with Playwright
-
-From the **apps/web directory** (apps/web/):
-- `npm run test` - Run only web app tests (fastest for development)
-- `npm run test:coverage` - Run web app tests with coverage
-- `npm run test -- <file-pattern>` - Run specific test files
-
-### Examples
-```bash
-# Run all tests from root (takes ~3 minutes, runs 790 test files with 5334+ tests)
-npm test
-
-# Run specific test file from apps/web (fastest for development)
-npm run test -- modules/cache/lib/service.test.ts
-
-# Run tests matching pattern from apps/web  
-npm run test -- modules/ee/license-check/lib/license.test.ts
-
-# Run with coverage from root
-npm run test:coverage
-
-# Run specific test with watch mode from apps/web (for development)
-npm run test -- --watch modules/cache/lib/service.test.ts
-
-# Run tests for a specific directory from apps/web
-npm run test -- modules/cache/
-```
-
-### Performance Tips
-- **For development**: Use `apps/web` directory commands to run only web app tests
-- **For CI/validation**: Use root directory commands to run all packages
-- **For specific features**: Use file patterns to target specific test files
-- **For debugging**: Use `--watch` mode for continuous testing during development
-
-### Test File Organization
-- Place test files in the **same directory** as the source file
-- Use `.test.ts` for utility/service tests (Node environment)
-- Use `.test.tsx` for React component tests (jsdom environment)
-
-## Test File Naming & Environment
-
-### File Extensions
-- Use `.test.tsx` for React component/hook tests (runs in jsdom environment)
-- Use `.test.ts` for utility/service tests (runs in Node environment)
-- The vitest config uses `environmentMatchGlobs` to automatically set jsdom for `.tsx` files
-
-### Test Structure
-```typescript
-// Import the mocked functions first
-import { useHook } from "@/path/to/hook";
-import { serviceFunction } from "@/path/to/service";
-import { renderHook, waitFor } from "@testing-library/react";
-import { beforeEach, describe, expect, test, vi } from "vitest";
-
-// Mock dependencies
-vi.mock("@/path/to/hook", () => ({
-  useHook: vi.fn(),
-}));
-
-describe("ComponentName", () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-    // Setup default mocks
-  });
-
-  test("descriptive test name", async () => {
-    // Test implementation
-  });
-});
-```
-
-## React Hook Testing
-
-### Context Mocking
-When testing hooks that use React Context:
-```typescript
-vi.mocked(useResponseFilter).mockReturnValue({
-  selectedFilter: {
-    filter: [],
-    responseStatus: "all",
-  },
-  setSelectedFilter: vi.fn(),
-  selectedOptions: {
-    questionOptions: [],
-    questionFilterOptions: [],
-  },
-  setSelectedOptions: vi.fn(),
-  dateRange: { from: new Date(), to: new Date() },
-  setDateRange: vi.fn(),
-  resetState: vi.fn(),
-});
-```
-
-### Testing Async Hooks
-- Always use `waitFor` for async operations
-- Test both loading and completed states
-- Verify API calls with correct parameters
-
-```typescript
-test("fetches data on mount", async () => {
-  const { result } = renderHook(() => useHook());
-  
-  expect(result.current.isLoading).toBe(true);
-  
-  await waitFor(() => {
-    expect(result.current.isLoading).toBe(false);
-  });
-  
-  expect(result.current.data).toBe(expectedData);
-  expect(vi.mocked(apiCall)).toHaveBeenCalledWith(expectedParams);
-});
-```
-
-### Testing Hook Dependencies
-To test useEffect dependencies, ensure mocks return different values:
-```typescript
-// First render
-mockGetFormattedFilters.mockReturnValue(mockFilters);
-
-// Change dependency and trigger re-render
-const newMockFilters = { ...mockFilters, finished: true };
-mockGetFormattedFilters.mockReturnValue(newMockFilters);
-rerender();
-```
-
-## Performance Testing
-
-### Race Condition Testing
-Test AbortController implementation:
-```typescript
-test("cancels previous request when new request is made", async () => {
-  let resolveFirst: (value: any) => void;
-  let resolveSecond: (value: any) => void;
-
-  const firstPromise = new Promise((resolve) => {
-    resolveFirst = resolve;
-  });
-  const secondPromise = new Promise((resolve) => {
-    resolveSecond = resolve;
-  });
-
-  vi.mocked(apiCall)
-    .mockReturnValueOnce(firstPromise as any)
-    .mockReturnValueOnce(secondPromise as any);
-
-  const { result } = renderHook(() => useHook());
-  
-  // Trigger second request
-  result.current.refetch();
-  
-  // Resolve in order - first should be cancelled
-  resolveFirst!({ data: 100 });
-  resolveSecond!({ data: 200 });
-
-  await waitFor(() => {
-    expect(result.current.isLoading).toBe(false);
-  });
-
-  // Should have result from second request
-  expect(result.current.data).toBe(200);
-});
-```
-
-### Cleanup Testing
-```typescript
-test("cleans up on unmount", () => {
-  const abortSpy = vi.spyOn(AbortController.prototype, "abort");
-  
-  const { unmount } = renderHook(() => useHook());
-  unmount();
-  
-  expect(abortSpy).toHaveBeenCalled();
-  abortSpy.mockRestore();
-});
-```
-
-## Error Handling Testing
-
-### API Error Testing
-```typescript
-test("handles API errors gracefully", async () => {
-  const consoleSpy = vi.spyOn(console, "error").mockImplementation(() => {});
-  vi.mocked(apiCall).mockRejectedValue(new Error("API Error"));
-
-  const { result } = renderHook(() => useHook());
-
-  await waitFor(() => {
-    expect(result.current.isLoading).toBe(false);
-  });
-
-  expect(consoleSpy).toHaveBeenCalledWith("Error message:", expect.any(Error));
-  expect(result.current.data).toBe(fallbackValue);
-  
-  consoleSpy.mockRestore();
-});
-```
-
-### Cancelled Request Testing
-```typescript
-test("does not update state for cancelled requests", async () => {
-  const consoleSpy = vi.spyOn(console, "error").mockImplementation(() => {});
-
-  let rejectFirst: (error: any) => void;
-  const firstPromise = new Promise((_, reject) => {
-    rejectFirst = reject;
-  });
-
-  vi.mocked(apiCall)
-    .mockReturnValueOnce(firstPromise as any)
-    .mockResolvedValueOnce({ data: 42 });
-
-  const { result } = renderHook(() => useHook());
-  result.current.refetch();
-
-  const abortError = new Error("Request cancelled");
-  rejectFirst!(abortError);
-
-  await waitFor(() => {
-    expect(result.current.isLoading).toBe(false);
-  });
-
-  // Should not log error for cancelled request
-  expect(consoleSpy).not.toHaveBeenCalled();
-  consoleSpy.mockRestore();
-});
-```
-
-## Type Safety in Tests
-
-### Mock Type Assertions
-Use type assertions for edge cases:
-```typescript
-vi.mocked(apiCall).mockResolvedValue({
-  data: null as any, // For testing null handling
-});
-
-vi.mocked(apiCall).mockResolvedValue({
-  data: undefined as any, // For testing undefined handling
-});
-```
-
-### Proper Mock Typing
-Ensure mocks match the actual interface:
-```typescript
-const mockSurvey: TSurvey = {
-  id: "survey-123",
-  name: "Test Survey",
-  // ... other required properties
-} as unknown as TSurvey; // Use when partial mocking is needed
-```
-
-## Common Test Patterns
-
-### Testing State Changes
-```typescript
-test("updates state correctly", async () => {
-  const { result } = renderHook(() => useHook());
-  
-  // Initial state
-  expect(result.current.value).toBe(initialValue);
-  
-  // Trigger change
-  result.current.updateValue(newValue);
-  
-  // Verify change
-  expect(result.current.value).toBe(newValue);
-});
-```
-
-### Testing Multiple Scenarios
-```typescript
-test("handles different modes", async () => {
-  // Test regular mode
-  vi.mocked(useParams).mockReturnValue({ surveyId: "123" });
-  const { rerender } = renderHook(() => useHook());
-  
-  await waitFor(() => {
-    expect(vi.mocked(regularApi)).toHaveBeenCalled();
-  });
-  
-  rerender();
-  
-  await waitFor(() => {
-    expect(vi.mocked(sharingApi)).toHaveBeenCalled();
-  });
-});
-```
-
-## Test Organization
-
-### Comprehensive Test Coverage
-For hooks, ensure you test:
-- ✅ Initialization (with/without initial values)
-- ✅ Data fetching (success/error cases)
-- ✅ State updates and refetching
-- ✅ Dependency changes triggering effects
-- ✅ Manual actions (refetch, reset)
-- ✅ Race condition prevention
-- ✅ Cleanup on unmount
-- ✅ Mode switching (if applicable)
-- ✅ Edge cases (null/undefined data)
-
-### Test Naming
-Use descriptive test names that explain the scenario:
-- ✅ "initializes with initial count"
-- ✅ "fetches response count on mount for regular survey"
-- ✅ "cancels previous request when new request is made"
-- ❌ "test hook"
-- ❌ "it works"

.cursor/rules/testing.mdc

@@ -1,7 +0,0 @@
----
-description: Whenever the user asks to write or update a test file for .tsx or .ts files.
-globs: 
-alwaysApply: false
----
-Use the rules in this file when writing tests [copilot-instructions.md](mdc:.github/copilot-instructions.md).
-After writing the tests, run them and check if there's any issue with the tests and if all of them are passing. Fix the issues and rerun the tests until all pass.

.env.example

@@ -9,8 +9,12 @@
 WEBAPP_URL=http://localhost:3000
 
 # Required for next-auth. Should be the same as WEBAPP_URL
+# If your pplication uses a custom base path, specify the route to the API endpoint in full, e.g. NEXTAUTH_URL=https://example.com/custom-route/api/auth
 NEXTAUTH_URL=http://localhost:3000
 
+# Can be used to deploy the application under a sub-path of a domain. This can only be set at build time
+# BASE_PATH=
+
 # Encryption keys
 # Please set both for now, we will change this in the future
 
@@ -189,8 +193,9 @@ REDIS_URL=redis://localhost:6379
 # The below is used for Rate Limiting (uses In-Memory LRU Cache if not provided) (You can use a service like Webdis for this)
 # REDIS_HTTP_URL:
 
-# INTERCOM_APP_ID=
-# INTERCOM_SECRET_KEY=
+# Chatwoot
+# CHATWOOT_BASE_URL=
+# CHATWOOT_WEBSITE_TOKEN=
 
 # Enable Prometheus metrics
 # PROMETHEUS_ENABLED=
@@ -214,3 +219,7 @@ REDIS_URL=redis://localhost:6379
 # AUDIT_LOG_ENABLED=0
 # If the ip should be added in the log or not. Default 0
 # AUDIT_LOG_GET_USER_IP=0
+
+
+# Lingo.dev API key for translation generation
+LINGODOTDEV_API_KEY=your_api_key_here

.github/actions/build-and-push-docker/action.yml

@@ -0,0 +1,319 @@
+name: Build and Push Docker Image
+description: |
+  Unified Docker build and push action for both ECR and GHCR registries.
+
+  Supports:
+  - ECR builds for Formbricks Cloud deployment
+  - GHCR builds for community self-hosting
+  - Automatic version resolution and tagging
+  - Conditional signing and deployment tags
+
+inputs:
+  registry_type:
+    description: "Registry type: 'ecr' or 'ghcr'"
+    required: true
+
+  # Version input
+  version:
+    description: "Explicit version (SemVer only, e.g., 1.2.3). If provided, this version is used directly. If empty, version is auto-generated from branch name."
+    required: false
+  experimental_mode:
+    description: "Enable experimental timestamped versions"
+    required: false
+    default: "false"
+
+  # ECR specific inputs
+  ecr_registry:
+    description: "ECR registry URL (required for ECR builds)"
+    required: false
+  ecr_repository:
+    description: "ECR repository name (required for ECR builds)"
+    required: false
+  ecr_region:
+    description: "ECR AWS region (required for ECR builds)"
+    required: false
+  aws_role_arn:
+    description: "AWS role ARN for ECR authentication (required for ECR builds)"
+    required: false
+
+  # GHCR specific inputs
+  ghcr_image_name:
+    description: "GHCR image name (required for GHCR builds)"
+    required: false
+
+  # Deployment options
+  deploy_production:
+    description: "Tag image for production deployment"
+    required: false
+    default: "false"
+  deploy_staging:
+    description: "Tag image for staging deployment"
+    required: false
+    default: "false"
+  is_prerelease:
+    description: "Whether this is a prerelease (auto-tags for staging/production)"
+    required: false
+    default: "false"
+  make_latest:
+    description: "Whether to tag as latest/production (from GitHub release 'Set as the latest release' option)"
+    required: false
+    default: "false"
+
+  # Build options
+  dockerfile:
+    description: "Path to Dockerfile"
+    required: false
+    default: "apps/web/Dockerfile"
+  context:
+    description: "Build context"
+    required: false
+    default: "."
+
+outputs:
+  image_tag:
+    description: "Resolved image tag used for the build"
+    value: ${{ steps.version.outputs.version }}
+  registry_tags:
+    description: "Complete registry tags that were pushed"
+    value: ${{ steps.build.outputs.tags }}
+  image_digest:
+    description: "Image digest from the build"
+    value: ${{ steps.build.outputs.digest }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Validate inputs
+      shell: bash
+      env:
+        REGISTRY_TYPE: ${{ inputs.registry_type }}
+        ECR_REGISTRY: ${{ inputs.ecr_registry }}
+        ECR_REPOSITORY: ${{ inputs.ecr_repository }}
+        ECR_REGION: ${{ inputs.ecr_region }}
+        AWS_ROLE_ARN: ${{ inputs.aws_role_arn }}
+        GHCR_IMAGE_NAME: ${{ inputs.ghcr_image_name }}
+      run: |
+        set -euo pipefail
+
+        if [[ "$REGISTRY_TYPE" != "ecr" && "$REGISTRY_TYPE" != "ghcr" ]]; then
+          echo "ERROR: registry_type must be 'ecr' or 'ghcr', got: $REGISTRY_TYPE"
+          exit 1
+        fi
+
+        if [[ "$REGISTRY_TYPE" == "ecr" ]]; then
+          if [[ -z "$ECR_REGISTRY" || -z "$ECR_REPOSITORY" || -z "$ECR_REGION" || -z "$AWS_ROLE_ARN" ]]; then
+            echo "ERROR: ECR builds require ecr_registry, ecr_repository, ecr_region, and aws_role_arn"
+            exit 1
+          fi
+        fi
+
+        if [[ "$REGISTRY_TYPE" == "ghcr" ]]; then
+          if [[ -z "$GHCR_IMAGE_NAME" ]]; then
+            echo "ERROR: GHCR builds require ghcr_image_name"
+            exit 1
+          fi
+        fi
+
+        echo "SUCCESS: Input validation passed for $REGISTRY_TYPE build"
+
+    - name: Resolve Docker version
+      id: version
+      uses: ./.github/actions/resolve-docker-version
+      with:
+        version: ${{ inputs.version }}
+        current_branch: ${{ github.ref_name }}
+        experimental_mode: ${{ inputs.experimental_mode }}
+
+    - name: Update package.json version
+      uses: ./.github/actions/update-package-version
+      with:
+        version: ${{ steps.version.outputs.version }}
+
+    - name: Configure AWS credentials (ECR only)
+      if: ${{ inputs.registry_type == 'ecr' }}
+      uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.2.0
+      with:
+        role-to-assume: ${{ inputs.aws_role_arn }}
+        aws-region: ${{ inputs.ecr_region }}
+
+    - name: Log in to Amazon ECR (ECR only)
+      if: ${{ inputs.registry_type == 'ecr' }}
+      uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+
+    - name: Set up Docker build tools
+      uses: ./.github/actions/docker-build-setup
+      with:
+        registry: ${{ inputs.registry_type == 'ghcr' && 'ghcr.io' || '' }}
+        setup_cosign: ${{ inputs.registry_type == 'ghcr' && 'true' || 'false' }}
+        skip_login_on_pr: ${{ inputs.registry_type == 'ghcr' && 'true' || 'false' }}
+
+    - name: Build ECR tag list
+      if: ${{ inputs.registry_type == 'ecr' }}
+      id: ecr-tags
+      shell: bash
+      env:
+        IMAGE_TAG: ${{ steps.version.outputs.version }}
+        ECR_REGISTRY: ${{ inputs.ecr_registry }}
+        ECR_REPOSITORY: ${{ inputs.ecr_repository }}
+        DEPLOY_PRODUCTION: ${{ inputs.deploy_production }}
+        DEPLOY_STAGING: ${{ inputs.deploy_staging }}
+        IS_PRERELEASE: ${{ inputs.is_prerelease }}
+        MAKE_LATEST: ${{ inputs.make_latest }}
+      run: |
+        set -euo pipefail
+
+        # Start with the base image tag
+        TAGS="${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}"
+
+        # Handle automatic tagging based on release type
+        if [[ "${IS_PRERELEASE}" == "true" ]]; then
+          TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:staging"
+          echo "Adding staging tag for prerelease"
+        elif [[ "${IS_PRERELEASE}" == "false" && "${MAKE_LATEST}" == "true" ]]; then
+          TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:production"
+          echo "Adding production tag for stable release marked as latest"
+        fi
+
+        # Handle manual deployment overrides
+        if [[ "${DEPLOY_PRODUCTION}" == "true" ]]; then
+          TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:production"
+          echo "Adding production tag (manual override)"
+        fi
+        if [[ "${DEPLOY_STAGING}" == "true" ]]; then
+          TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:staging"
+          echo "Adding staging tag (manual override)"
+        fi
+
+        echo "ECR tags generated:"
+        echo -e "${TAGS}"
+
+        {
+          echo "tags<<EOF"
+          echo -e "${TAGS}"
+          echo "EOF"
+        } >> "${GITHUB_OUTPUT}"
+
+    - name: Generate additional GHCR tags for releases
+      if: ${{ inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'false' && (github.event_name == 'workflow_call' || github.event_name == 'release' || github.event_name == 'workflow_dispatch') }}
+      id: ghcr-extra-tags
+      shell: bash
+      env:
+        VERSION: ${{ steps.version.outputs.version }}
+        IMAGE_NAME: ${{ inputs.ghcr_image_name }}
+        IS_PRERELEASE: ${{ inputs.is_prerelease }}
+        MAKE_LATEST: ${{ inputs.make_latest }}
+      run: |
+        set -euo pipefail
+
+        # Start with base version tag
+        TAGS="ghcr.io/${IMAGE_NAME}:${VERSION}"
+
+        # For proper SemVer releases, add major.minor and major tags
+        if [[ "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+          # Extract major and minor versions
+          MAJOR=$(echo "${VERSION}" | cut -d. -f1)
+          MINOR=$(echo "${VERSION}" | cut -d. -f2)
+          
+          TAGS="${TAGS}\nghcr.io/${IMAGE_NAME}:${MAJOR}.${MINOR}"
+          TAGS="${TAGS}\nghcr.io/${IMAGE_NAME}:${MAJOR}"
+          
+          echo "Added SemVer tags: ${MAJOR}.${MINOR}, ${MAJOR}"
+        fi
+
+        # Add latest tag for stable releases marked as latest
+        if [[ "${IS_PRERELEASE}" == "false" && "${MAKE_LATEST}" == "true" ]]; then
+          TAGS="${TAGS}\nghcr.io/${IMAGE_NAME}:latest"
+          echo "Added latest tag for stable release marked as latest"
+        fi
+
+        echo "Generated GHCR tags:"
+        echo -e "${TAGS}"
+
+        # Debug: Show what will be passed to Docker build
+        echo "DEBUG: Tags for Docker build step:"
+        echo -e "${TAGS}"
+
+        {
+          echo "tags<<EOF"
+          echo -e "${TAGS}"
+          echo "EOF"
+        } >> "${GITHUB_OUTPUT}"
+
+    - name: Build GHCR metadata (experimental)
+      if: ${{ inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'true' }}
+      id: ghcr-meta-experimental
+      uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+      with:
+        images: ghcr.io/${{ inputs.ghcr_image_name }}
+        tags: |
+          type=ref,event=branch
+          type=raw,value=${{ steps.version.outputs.version }}
+
+    - name: Debug Docker build tags
+      shell: bash
+      run: |
+        echo "=== DEBUG: Docker Build Configuration ==="
+        echo "Registry Type: ${{ inputs.registry_type }}"
+        echo "Experimental Mode: ${{ inputs.experimental_mode }}"
+        echo "Event Name: ${{ github.event_name }}"
+        echo "Is Prerelease: ${{ inputs.is_prerelease }}"
+        echo "Make Latest: ${{ inputs.make_latest }}"
+        echo "Version: ${{ steps.version.outputs.version }}"
+
+        if [[ "${{ inputs.registry_type }}" == "ecr" ]]; then
+          echo "ECR Tags: ${{ steps.ecr-tags.outputs.tags }}"
+        elif [[ "${{ inputs.experimental_mode }}" == "true" ]]; then
+          echo "GHCR Experimental Tags: ${{ steps.ghcr-meta-experimental.outputs.tags }}"
+        else
+          echo "GHCR Extra Tags: ${{ steps.ghcr-extra-tags.outputs.tags }}"
+        fi
+
+    - name: Build and push Docker image
+      id: build
+      uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
+      with:
+        project: tw0fqmsx3c
+        token: ${{ env.DEPOT_PROJECT_TOKEN }}
+        context: ${{ inputs.context }}
+        file: ${{ inputs.dockerfile }}
+        platforms: linux/amd64,linux/arm64
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ inputs.registry_type == 'ecr' && steps.ecr-tags.outputs.tags || (inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'true' && steps.ghcr-meta-experimental.outputs.tags) || (inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'false' && steps.ghcr-extra-tags.outputs.tags) || (inputs.registry_type == 'ghcr' && format('ghcr.io/{0}:{1}', inputs.ghcr_image_name, steps.version.outputs.version)) || (inputs.registry_type == 'ecr' && format('{0}/{1}:{2}', inputs.ecr_registry, inputs.ecr_repository, steps.version.outputs.version)) }}
+        labels: ${{ inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'true' && steps.ghcr-meta-experimental.outputs.labels || '' }}
+        secrets: |
+          database_url=${{ env.DUMMY_DATABASE_URL }}
+          encryption_key=${{ env.DUMMY_ENCRYPTION_KEY }}
+          redis_url=${{ env.DUMMY_REDIS_URL }}
+          sentry_auth_token=${{ env.SENTRY_AUTH_TOKEN }}
+      env:
+        DEPOT_PROJECT_TOKEN: ${{ env.DEPOT_PROJECT_TOKEN }}
+        DUMMY_DATABASE_URL: ${{ env.DUMMY_DATABASE_URL }}
+        DUMMY_ENCRYPTION_KEY: ${{ env.DUMMY_ENCRYPTION_KEY }}
+        DUMMY_REDIS_URL: ${{ env.DUMMY_REDIS_URL }}
+        SENTRY_AUTH_TOKEN: ${{ env.SENTRY_AUTH_TOKEN }}
+
+    - name: Sign GHCR image (GHCR only)
+      if: ${{ inputs.registry_type == 'ghcr' && (github.event_name == 'workflow_call' || github.event_name == 'release' || github.event_name == 'workflow_dispatch') }}
+      shell: bash
+      env:
+        TAGS: ${{ inputs.experimental_mode == 'true' && steps.ghcr-meta-experimental.outputs.tags || steps.ghcr-extra-tags.outputs.tags }}
+        DIGEST: ${{ steps.build.outputs.digest }}
+      run: |
+        set -euo pipefail
+        echo "${TAGS}" | xargs -I {} cosign sign --yes "{}@${DIGEST}"
+
+    - name: Output build summary
+      shell: bash
+      env:
+        REGISTRY_TYPE: ${{ inputs.registry_type }}
+        IMAGE_TAG: ${{ steps.version.outputs.version }}
+        VERSION_SOURCE: ${{ steps.version.outputs.source }}
+      run: |
+        echo "SUCCESS: Built and pushed Docker image to $REGISTRY_TYPE"
+        echo "Image Tag: $IMAGE_TAG (source: $VERSION_SOURCE)"
+        if [[ "$REGISTRY_TYPE" == "ecr" ]]; then
+          echo "ECR Registry: ${{ inputs.ecr_registry }}"
+          echo "ECR Repository: ${{ inputs.ecr_repository }}"
+        else
+          echo "GHCR Image: ghcr.io/${{ inputs.ghcr_image_name }}"
+        fi

.github/actions/docker-build-setup/action.yml

@@ -0,0 +1,106 @@
+name: Docker Build Setup
+description: |
+  Sets up common Docker build tools and authentication with security validation.
+
+  Security Features:
+  - Registry URL validation
+  - Input sanitization
+  - Conditional setup based on event type
+  - Post-setup verification
+
+  Supports Depot CLI, Cosign signing, and Docker registry authentication.
+
+inputs:
+  registry:
+    description: "Docker registry hostname to login to (e.g., ghcr.io, registry.example.com:5000). No paths allowed."
+    required: false
+    default: "ghcr.io"
+  setup_cosign:
+    description: "Whether to install cosign for image signing"
+    required: false
+    default: "true"
+  skip_login_on_pr:
+    description: "Whether to skip registry login on pull requests"
+    required: false
+    default: "true"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Validate inputs
+      shell: bash
+      env:
+        REGISTRY: ${{ inputs.registry }}
+        SETUP_COSIGN: ${{ inputs.setup_cosign }}
+        SKIP_LOGIN_ON_PR: ${{ inputs.skip_login_on_pr }}
+      run: |
+        set -euo pipefail
+
+        # Security: Validate registry input - must be hostname[:port] only, no paths
+        # Allow empty registry for cases where login is handled externally (e.g., ECR)
+        if [[ -n "$REGISTRY" ]]; then
+          if [[ "$REGISTRY" =~ / ]]; then
+            echo "ERROR: Invalid registry format: $REGISTRY"
+            echo "Registry must be host[:port] with no path (e.g., 'ghcr.io' or 'registry.example.com:5000')"
+            echo "Path components like 'ghcr.io/org' are not allowed as they break docker login"
+            exit 1
+          fi
+
+          # Validate hostname with optional port format
+          if [[ ! "$REGISTRY" =~ ^[a-zA-Z0-9.-]+(\:[0-9]+)?$ ]]; then
+            echo "ERROR: Invalid registry hostname format: $REGISTRY"
+            echo "Registry must be a valid hostname optionally with port (e.g., 'ghcr.io' or 'registry.example.com:5000')"
+            exit 1
+          fi
+        fi
+
+        # Validate boolean inputs
+        if [[ "$SETUP_COSIGN" != "true" && "$SETUP_COSIGN" != "false" ]]; then
+          echo "ERROR: setup_cosign must be 'true' or 'false', got: $SETUP_COSIGN"
+          exit 1
+        fi
+
+        if [[ "$SKIP_LOGIN_ON_PR" != "true" && "$SKIP_LOGIN_ON_PR" != "false" ]]; then
+          echo "ERROR: skip_login_on_pr must be 'true' or 'false', got: $SKIP_LOGIN_ON_PR"
+          exit 1
+        fi
+
+        echo "SUCCESS: Input validation passed"
+
+    - name: Set up Depot CLI
+      uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
+
+    - name: Install cosign
+      # Install cosign when requested AND when we might actually sign images
+      # (i.e., non-PR contexts or when we login on PRs)
+      if: ${{ inputs.setup_cosign == 'true' && (inputs.skip_login_on_pr == 'false' || github.event_name != 'pull_request') }}
+      uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
+
+    - name: Log into registry
+      if: ${{ inputs.registry != '' && (inputs.skip_login_on_pr == 'false' || github.event_name != 'pull_request') }}
+      uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+
+    - name: Verify setup completion
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        # Verify Depot CLI is available
+        if ! command -v depot >/dev/null 2>&1; then
+          echo "ERROR: Depot CLI not found in PATH"
+          exit 1
+        fi
+
+        # Verify cosign if it should be installed (same conditions as install step)
+        if [[ "${{ inputs.setup_cosign }}" == "true" ]] && [[ "${{ inputs.skip_login_on_pr }}" == "false" || "${{ github.event_name }}" != "pull_request" ]]; then
+          if ! command -v cosign >/dev/null 2>&1; then
+            echo "ERROR: Cosign not found in PATH despite being requested"
+            exit 1
+          fi
+        fi
+
+        echo "SUCCESS: Docker build setup completed successfully"

.github/actions/resolve-docker-version/action.yml

@@ -0,0 +1,192 @@
+name: Resolve Docker Version
+description: |
+  Resolves and validates Docker-compatible SemVer versions for container builds with comprehensive security.
+
+  Security Features:
+  - Command injection protection
+  - Input sanitization and validation
+  - Docker tag character restrictions
+  - Length limits and boundary checks
+  - Safe branch name handling
+
+  Supports multiple modes: release, manual override, branch auto-detection, and experimental timestamped versions.
+
+inputs:
+  version:
+    description: "Explicit version (SemVer only, e.g., 1.2.3-beta). If provided, this version is used directly. If empty, version is auto-generated from branch name."
+    required: false
+  current_branch:
+    description: "Current branch name for auto-detection"
+    required: true
+  experimental_mode:
+    description: "Enable experimental mode with timestamp-based versions"
+    required: false
+    default: "false"
+
+outputs:
+  version:
+    description: "Resolved Docker-compatible SemVer version"
+    value: ${{ steps.resolve.outputs.version }}
+  source:
+    description: "Source of version (release|override|branch)"
+    value: ${{ steps.resolve.outputs.source }}
+  normalized:
+    description: "Whether the version was normalized (true/false)"
+    value: ${{ steps.resolve.outputs.normalized }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Resolve and validate Docker version
+      id: resolve
+      shell: bash
+      env:
+        EXPLICIT_VERSION: ${{ inputs.version }}
+        CURRENT_BRANCH: ${{ inputs.current_branch }}
+        EXPERIMENTAL_MODE: ${{ inputs.experimental_mode }}
+      run: |
+        set -euo pipefail
+
+        # Function to validate SemVer format (Docker-compatible, no '+' build metadata)
+        validate_semver() {
+          local version="$1"
+          local context="$2"
+          
+          if [[ ! "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then
+            echo "ERROR: Invalid $context format. Must be semver without build metadata (e.g., 1.2.3, 1.2.3-alpha)"
+            echo "Provided: $version"
+            echo "Note: Docker tags cannot contain '+' characters. Use prerelease identifiers instead."
+            exit 1
+          fi
+        }
+
+        # Function to generate branch-based version
+        generate_branch_version() {
+          local branch="$1"
+          local use_timestamp="${2:-true}"
+          local timestamp
+          
+          if [[ "$use_timestamp" == "true" ]]; then
+            timestamp=$(date +%s)
+          else
+            timestamp=""
+          fi
+          
+          # Sanitize branch name for Docker compatibility
+          local sanitized_branch=$(echo "$branch" | sed 's/[^a-zA-Z0-9.-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
+          
+          # Additional safety: truncate if too long (reserve space for prefix and timestamp)
+          if (( ${#sanitized_branch} > 80 )); then
+            sanitized_branch="${sanitized_branch:0:80}"
+            echo "INFO: Branch name truncated for Docker compatibility" >&2
+          fi
+          local version
+          
+          # Generate version based on branch name (unified approach)
+          # All branches get alpha versions with sanitized branch name
+          if [[ -n "$timestamp" ]]; then
+            version="0.0.0-alpha-$sanitized_branch-$timestamp"
+            echo "INFO: Branch '$branch' detected - alpha version: $version" >&2
+          else
+            version="0.0.0-alpha-$sanitized_branch"
+            echo "INFO: Branch '$branch' detected - alpha version: $version" >&2
+          fi
+          
+          echo "$version"
+        }
+
+
+        # Input validation and sanitization
+        if [[ -z "$CURRENT_BRANCH" ]]; then
+          echo "ERROR: current_branch input is required"
+          exit 1
+        fi
+
+        # Security: Validate inputs to prevent command injection
+        # Use grep to check for dangerous characters (more reliable than bash regex)
+        validate_input() {
+          local input="$1"
+          local name="$2"
+          
+          # Check for dangerous characters using grep
+          if echo "$input" | grep -q '[;|&`$(){}\\[:space:]]'; then
+            echo "ERROR: $name contains potentially dangerous characters: $input"
+            echo "Input should only contain letters, numbers, hyphens, underscores, dots, and forward slashes"
+            return 1
+          fi
+          
+          return 0
+        }
+
+        # Validate current branch
+        if ! validate_input "$CURRENT_BRANCH" "Branch name"; then
+          exit 1
+        fi
+
+        # Validate explicit version if provided
+        if [[ -n "$EXPLICIT_VERSION" ]] && ! validate_input "$EXPLICIT_VERSION" "Explicit version"; then
+          exit 1
+        fi
+
+        # Main resolution logic (ultra-simplified)
+        NORMALIZED="false"
+
+        if [[ -n "$EXPLICIT_VERSION" ]]; then
+          # Use provided explicit version (from either workflow_call or manual input)
+          validate_semver "$EXPLICIT_VERSION" "explicit version"
+          
+          # Normalize to lowercase for Docker/ECR compatibility
+          RESOLVED_VERSION="${EXPLICIT_VERSION,,}"
+          if [[ "$EXPLICIT_VERSION" != "$RESOLVED_VERSION" ]]; then
+            NORMALIZED="true"
+            echo "INFO: Original version contained uppercase characters, normalized: $EXPLICIT_VERSION -> $RESOLVED_VERSION"
+          fi
+          
+          SOURCE="explicit"
+          echo "INFO: Using explicit version: $RESOLVED_VERSION"
+          
+        else
+          # Auto-generate version from branch name
+          if [[ "$EXPERIMENTAL_MODE" == "true" ]]; then
+            # Use timestamped version generation
+            echo "INFO: Experimental mode: generating timestamped version from branch: $CURRENT_BRANCH"
+            RESOLVED_VERSION=$(generate_branch_version "$CURRENT_BRANCH" "true")
+            SOURCE="experimental"
+          else
+            # Standard branch version (no timestamp)
+            echo "INFO: Auto-detecting version from branch: $CURRENT_BRANCH"
+            RESOLVED_VERSION=$(generate_branch_version "$CURRENT_BRANCH" "false")
+            SOURCE="branch"
+          fi
+          echo "Generated version: $RESOLVED_VERSION"
+        fi
+
+        # Final validation - ensure result is valid Docker tag
+        if [[ -z "$RESOLVED_VERSION" ]]; then
+          echo "ERROR: Failed to resolve version"
+          exit 1
+        fi
+
+        if (( ${#RESOLVED_VERSION} > 128 )); then
+          echo "ERROR: Version must be at most 128 characters (Docker limitation)"
+          echo "Generated version: $RESOLVED_VERSION (${#RESOLVED_VERSION} chars)"
+          exit 1
+        fi
+
+        if [[ ! "$RESOLVED_VERSION" =~ ^[a-z0-9._-]+$ ]]; then
+          echo "ERROR: Version contains invalid characters for Docker tags"
+          echo "Version: $RESOLVED_VERSION"
+          exit 1
+        fi
+
+        if [[ "$RESOLVED_VERSION" =~ ^[.-] || "$RESOLVED_VERSION" =~ [.-]$ ]]; then
+          echo "ERROR: Version must not start or end with '.' or '-'"
+          echo "Version: $RESOLVED_VERSION"
+          exit 1
+        fi
+
+        # Output results
+        echo "SUCCESS: Resolved Docker version: $RESOLVED_VERSION (source: $SOURCE)"
+        echo "version=$RESOLVED_VERSION" >> $GITHUB_OUTPUT
+        echo "source=$SOURCE" >> $GITHUB_OUTPUT
+        echo "normalized=$NORMALIZED" >> $GITHUB_OUTPUT

.github/actions/update-package-version/action.yml

@@ -0,0 +1,160 @@
+name: Update Package Version
+description: |
+  Safely updates package.json version with comprehensive validation and atomic operations.
+
+  Security Features:
+  - Path traversal protection
+  - SemVer validation with length limits
+  - Atomic file operations with backup/recovery
+  - JSON validation before applying changes
+
+  This action is designed to be secure by default and prevent common attack vectors.
+
+inputs:
+  version:
+    description: "Version to set in package.json (must be valid SemVer)"
+    required: true
+  package_path:
+    description: "Path to package.json file"
+    required: false
+    default: "./apps/web/package.json"
+
+outputs:
+  updated_version:
+    description: "The version that was actually set in package.json"
+    value: ${{ steps.update.outputs.updated_version }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Update and verify package.json version
+      id: update
+      shell: bash
+      env:
+        VERSION: ${{ inputs.version }}
+        PACKAGE_PATH: ${{ inputs.package_path }}
+      run: |
+        set -euo pipefail
+
+        # Validate inputs
+        if [[ -z "$VERSION" ]]; then
+          echo "ERROR: version input is required"
+          exit 1
+        fi
+
+        # Security: Validate package_path to prevent path traversal attacks
+        # Only allow paths within the workspace and must end with package.json
+        if [[ "$PACKAGE_PATH" =~ \.\./|^/|^~ ]]; then
+          echo "ERROR: Invalid package path - path traversal detected: $PACKAGE_PATH"
+          echo "Package path must be relative to workspace root and cannot contain '../', start with '/', or '~'"
+          exit 1
+        fi
+
+        if [[ ! "$PACKAGE_PATH" =~ package\.json$ ]]; then
+          echo "ERROR: Package path must end with 'package.json': $PACKAGE_PATH"
+          exit 1
+        fi
+
+        # Resolve to absolute path within workspace for additional security
+        WORKSPACE_ROOT="${GITHUB_WORKSPACE:-$(pwd)}"
+
+        # Use realpath to resolve both paths and handle symlinks properly
+        WORKSPACE_ROOT=$(realpath "$WORKSPACE_ROOT")
+        RESOLVED_PATH=$(realpath "${WORKSPACE_ROOT}/${PACKAGE_PATH}")
+
+        # Ensure WORKSPACE_ROOT has a trailing slash for proper prefix matching
+        WORKSPACE_ROOT="${WORKSPACE_ROOT}/"
+
+        # Use shell string matching to ensure RESOLVED_PATH is within workspace
+        # This is more secure than regex and handles edge cases properly
+        if [[ "$RESOLVED_PATH" != "$WORKSPACE_ROOT"* ]]; then
+          echo "ERROR: Resolved path is outside workspace: $RESOLVED_PATH"
+          echo "Workspace root: $WORKSPACE_ROOT"
+          exit 1
+        fi
+
+        if [[ ! -f "$RESOLVED_PATH" ]]; then
+          echo "ERROR: package.json not found at: $RESOLVED_PATH"
+          exit 1
+        fi
+
+        # Use resolved path for operations
+        PACKAGE_PATH="$RESOLVED_PATH"
+
+        # Validate SemVer format with additional security checks
+        if [[ ${#VERSION} -gt 128 ]]; then
+          echo "ERROR: Version string too long (${#VERSION} chars, max 128): $VERSION"
+          exit 1
+        fi
+
+        if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then
+          echo "ERROR: Invalid SemVer format: $VERSION"
+          echo "Expected format: MAJOR.MINOR.PATCH[-PRERELEASE]"
+          echo "Only alphanumeric characters, dots, and hyphens allowed in prerelease"
+          exit 1
+        fi
+
+        # Additional validation: Check for reasonable version component sizes
+        # Extract base version (MAJOR.MINOR.PATCH) without prerelease/build metadata
+        if [[ "$VERSION" =~ ^([0-9]+\.[0-9]+\.[0-9]+) ]]; then
+          BASE_VERSION="${BASH_REMATCH[1]}"
+        else
+          echo "ERROR: Could not extract base version from: $VERSION"
+          exit 1
+        fi
+
+        # Split version components safely
+        IFS='.' read -ra VERSION_PARTS <<< "$BASE_VERSION"
+
+        # Validate component sizes (should have exactly 3 parts due to regex above)
+        if (( ${VERSION_PARTS[0]} > 999 || ${VERSION_PARTS[1]} > 999 || ${VERSION_PARTS[2]} > 999 )); then
+          echo "ERROR: Version components too large (max 999 each): $VERSION"
+          echo "Components: ${VERSION_PARTS[0]}.${VERSION_PARTS[1]}.${VERSION_PARTS[2]}"
+          exit 1
+        fi
+
+        echo "Updating package.json version to: $VERSION"
+
+        # Create backup for atomic operations
+        BACKUP_PATH="${PACKAGE_PATH}.backup.$$"
+        cp "$PACKAGE_PATH" "$BACKUP_PATH"
+
+        # Use jq to safely update the version field with error handling
+        if ! jq --arg version "$VERSION" '.version = $version' "$PACKAGE_PATH" > "${PACKAGE_PATH}.tmp"; then
+          echo "ERROR: jq failed to process package.json"
+          rm -f "${PACKAGE_PATH}.tmp" "$BACKUP_PATH"
+          exit 1
+        fi
+
+        # Validate the generated JSON before applying changes
+        if ! jq empty "${PACKAGE_PATH}.tmp" 2>/dev/null; then
+          echo "ERROR: Generated invalid JSON"
+          rm -f "${PACKAGE_PATH}.tmp" "$BACKUP_PATH"
+          exit 1
+        fi
+
+        # Atomic move operation
+        if ! mv "${PACKAGE_PATH}.tmp" "$PACKAGE_PATH"; then
+          echo "ERROR: Failed to update package.json"
+          # Restore backup
+          mv "$BACKUP_PATH" "$PACKAGE_PATH"
+          exit 1
+        fi
+
+        # Verify the update was successful
+        UPDATED_VERSION=$(jq -r '.version' "$PACKAGE_PATH" 2>/dev/null)
+
+        if [[ "$UPDATED_VERSION" != "$VERSION" ]]; then
+          echo "ERROR: Version update failed!"
+          echo "Expected: $VERSION"
+          echo "Actual: $UPDATED_VERSION"
+          # Restore backup
+          mv "$BACKUP_PATH" "$PACKAGE_PATH"
+          exit 1
+        fi
+
+        # Clean up backup on success
+        rm -f "$BACKUP_PATH"
+
+        echo "SUCCESS: Updated package.json version to: $UPDATED_VERSION"
+        echo "updated_version=$UPDATED_VERSION" >> $GITHUB_OUTPUT

.github/copilot-instructions.md

@@ -1,32 +0,0 @@
-# Testing Instructions
-
-When generating test files inside the "/app/web" path, follow these rules:
-
-- You are an experienced senior software engineer
-- Use vitest
-- Ensure 100% code coverage
-- Add as few comments as possible
-- The test file should be located in the same folder as the original file
-- Use the `test` function instead of `it`
-- Follow the same test pattern used for other files in the package where the file is located
-- All imports should be at the top of the file, not inside individual tests
-- For mocking inside "test" blocks use "vi.mocked"
-- If the file is located in the "packages/survey" path, use "@testing-library/preact" instead of "@testing-library/react"
-- Don't mock functions that are already mocked in the "apps/web/vitestSetup.ts" file
-- When using "screen.getByText" check for the tolgee string if it is being used in the file.
-- The types for mocked variables can be found in the "packages/types" path. Be sure that every imported type exists before using it. Don't create types that are not already in the codebase.
-- When mocking data check if the properties added are part of the type of the object being mocked. Only specify known properties, don't use properties that are not part of the type.
-  
-If it's a test for a ".tsx" file, follow these extra instructions:
-
-- Add this code inside the "describe" block and before any test:
-
-afterEach(() => {
-    cleanup();
-});
-
-- The "afterEach" function should only have the "cleanup()" line inside it and should be adde to the "vitest" imports.
-- For click events, import userEvent from "@testing-library/user-event"
-- Mock other components that can make the text more complex and but at the same time mocking it wouldn't make the test flaky. It's ok to leave basic and simple components.
-- You don't need to mock @tolgee/react
-- Use "import "@testing-library/jest-dom/vitest";"

.github/workflows/build-and-push-ecr.yml

@@ -1,12 +1,16 @@
-name: Build & Push Docker to ECR
+name: Build Cloud Deployment Images
+
+# This workflow builds Formbricks Docker images for ECR deployment:
+# - workflow_call: Used by releases with explicit SemVer versions
+# - workflow_dispatch: Auto-detects version from current branch or uses override
 
 on:
   workflow_dispatch:
     inputs:
-      image_tag:
-        description: "Image tag to push (e.g., v3.16.1, main)"
-        required: true
-        default: "v3.16.1"
+      version_override:
+        description: "Override version (SemVer only, e.g., 1.2.3). Leave empty to auto-detect from branch."
+        required: false
+        type: string
       deploy_production:
         description: "Tag image for production deployment"
         required: false
@@ -17,6 +21,29 @@ on:
         required: false
         default: false
         type: boolean
+  workflow_call:
+    inputs:
+      image_tag:
+        description: "Image tag to push (required for workflow_call)"
+        required: true
+        type: string
+      IS_PRERELEASE:
+        description: "Whether this is a prerelease (auto-tags for staging/production)"
+        required: false
+        type: boolean
+        default: false
+      MAKE_LATEST:
+        description: "Whether to tag for production (from GitHub release 'Set as the latest release' option)"
+        required: false
+        type: boolean
+        default: false
+    outputs:
+      IMAGE_TAG:
+        description: "Normalized image tag used for the build"
+        value: ${{ jobs.build-and-push.outputs.IMAGE_TAG }}
+      TAGS:
+        description: "Newline-separated list of ECR tags pushed"
+        value: ${{ jobs.build-and-push.outputs.TAGS }}
 
 permissions:
   contents: read
@@ -27,14 +54,15 @@ env:
   # ECR settings are sourced from repository/environment variables for portability across envs/forks
   ECR_REGISTRY: ${{ vars.ECR_REGISTRY }}
   ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
-  DOCKERFILE: apps/web/Dockerfile
-  CONTEXT: .
 
 jobs:
   build-and-push:
     name: Build and Push
     runs-on: ubuntu-latest
     timeout-minutes: 45
+    outputs:
+      IMAGE_TAG: ${{ steps.build.outputs.image_tag }}
+      TAGS: ${{ steps.build.outputs.registry_tags }}
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
@@ -44,125 +72,23 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Validate image tag input
-        shell: bash
-        env:
-          IMAGE_TAG: ${{ inputs.image_tag }}
-        run: |
-          set -euo pipefail
-          if [[ -z "${IMAGE_TAG}" ]]; then
-            echo "❌ Image tag is required (non-empty)."
-            exit 1
-          fi
-          if (( ${#IMAGE_TAG} > 128 )); then
-            echo "❌ Image tag must be at most 128 characters."
-            exit 1
-          fi
-          if [[ ! "${IMAGE_TAG}" =~ ^[a-z0-9._-]+$ ]]; then
-            echo "❌ Image tag may only contain lowercase letters, digits, '.', '_' and '-'."
-            exit 1
-          fi
-          if [[ "${IMAGE_TAG}" =~ ^[.-] || "${IMAGE_TAG}" =~ [.-]$ ]]; then
-            echo "❌ Image tag must not start or end with '.' or '-'."
-            exit 1
-          fi
-
-      - name: Validate required variables
-        shell: bash
-        env:
-          ECR_REGISTRY: ${{ env.ECR_REGISTRY }}
-          ECR_REPOSITORY: ${{ env.ECR_REPOSITORY }}
-          ECR_REGION: ${{ env.ECR_REGION }}
-        run: |
-          set -euo pipefail
-          if [[ -z "${ECR_REGISTRY}" || -z "${ECR_REPOSITORY}" || -z "${ECR_REGION}" ]]; then
-            echo "ECR_REGION, ECR_REGISTRY and ECR_REPOSITORY must be set via repository or environment variables (Settings → Variables)."
-            exit 1
-          fi
-
-      - name: Update package.json version
-        shell: bash
-        env:
-          IMAGE_TAG: ${{ inputs.image_tag }}
-        run: |
-          set -euo pipefail
-          
-          # Remove 'v' prefix if present (e.g., v3.16.1 -> 3.16.1)
-          VERSION="${IMAGE_TAG#v}"
-          
-          # Validate SemVer format (major.minor.patch with optional prerelease and build metadata)
-          if [[ ! "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ ]]; then
-            echo "❌ Error: Invalid version format after extraction. Must be SemVer (e.g., 1.2.3, 1.2.3-alpha, 1.2.3+build.1)"
-            echo "Original input: ${IMAGE_TAG}"
-            echo "Extracted version: ${VERSION}"
-            echo "Expected format: MAJOR.MINOR.PATCH[-PRERELEASE][+BUILDMETADATA]"
-            exit 1
-          fi
-          
-          echo "✅ Valid SemVer format detected: ${VERSION}"
-          echo "Updating package.json version to: ${VERSION}"
-          sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${VERSION}\"/" ./apps/web/package.json
-          cat ./apps/web/package.json | grep version
-
-      - name: Build tag list
-        id: tags
-        shell: bash
-        env:
-          IMAGE_TAG: ${{ inputs.image_tag }}
-          DEPLOY_PRODUCTION: ${{ inputs.deploy_production }}
-          DEPLOY_STAGING: ${{ inputs.deploy_staging }}
-          ECR_REGISTRY: ${{ env.ECR_REGISTRY }}
-          ECR_REPOSITORY: ${{ env.ECR_REPOSITORY }}
-        run: |
-          set -euo pipefail
-
-          # Start with the base image tag
-          TAGS="${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}"
-
-          # Add production tag if requested
-          if [[ "${DEPLOY_PRODUCTION}" == "true" ]]; then
-            TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:production"
-          fi
-
-          # Add staging tag if requested
-          if [[ "${DEPLOY_STAGING}" == "true" ]]; then
-            TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:staging"
-          fi
-
-          # Output for debugging
-          echo "Generated tags:"
-          echo -e "${TAGS}"
-
-          # Set output for next step (escape newlines for GitHub Actions)
-          {
-            echo "tags<<EOF"
-            echo -e "${TAGS}"
-            echo "EOF"
-          } >> "${GITHUB_OUTPUT}"
-
-      - name: Configure AWS credentials (OIDC)
-        uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a
+      - name: Build and push cloud deployment image
+        id: build
+        uses: ./.github/actions/build-and-push-docker
         with:
-          role-to-assume: ${{ secrets.AWS_ECR_PUSH_ROLE_ARN }}
-          aws-region: ${{ env.ECR_REGION }}
-
-      - name: Log in to Amazon ECR
-        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076
-
-      - name: Set up Depot CLI
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
-
-      - name: Build and push image (Depot remote builder)
-        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
-        with:
-          project: tw0fqmsx3c
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          context: ${{ env.CONTEXT }}
-          file: ${{ env.DOCKERFILE }}
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.tags.outputs.tags }}
-          secrets: |
-            database_url=${{ secrets.DUMMY_DATABASE_URL }}
-            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
-            sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}
+          registry_type: "ecr"
+          ecr_registry: ${{ env.ECR_REGISTRY }}
+          ecr_repository: ${{ env.ECR_REPOSITORY }}
+          ecr_region: ${{ env.ECR_REGION }}
+          aws_role_arn: ${{ secrets.AWS_ECR_PUSH_ROLE_ARN }}
+          version: ${{ inputs.version_override || inputs.image_tag }}
+          deploy_production: ${{ inputs.deploy_production }}
+          deploy_staging: ${{ inputs.deploy_staging }}
+          is_prerelease: ${{ inputs.IS_PRERELEASE }}
+          make_latest: ${{ inputs.MAKE_LATEST }}
+        env:
+          DEPOT_PROJECT_TOKEN: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          DUMMY_DATABASE_URL: ${{ secrets.DUMMY_DATABASE_URL }}
+          DUMMY_ENCRYPTION_KEY: ${{ secrets.DUMMY_ENCRYPTION_KEY }}
+          DUMMY_REDIS_URL: ${{ secrets.DUMMY_REDIS_URL }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}

.github/workflows/deploy-formbricks-cloud.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
     inputs:
       VERSION:
-        description: "The version of the Docker image to release, full image tag if image tag is v0.0.0 enter v0.0.0."
+        description: "The version of the Docker image to release (clean SemVer, e.g., 1.2.3)"
         required: true
         type: string
       REPOSITORY:

.github/workflows/e2e.yml

@@ -3,26 +3,20 @@ name: E2E Tests
 on:
   workflow_call:
     secrets:
-      AZURE_CLIENT_ID:
-        required: false
-      AZURE_TENANT_ID:
-        required: false
-      AZURE_SUBSCRIPTION_ID:
-        required: false
       PLAYWRIGHT_SERVICE_URL:
         required: false
+      PLAYWRIGHT_SERVICE_ACCESS_TOKEN:
+        required: false
       ENTERPRISE_LICENSE_KEY:
         required: true
       # Add other secrets if necessary
   workflow_dispatch:
 
 env:
-  TELEMETRY_DISABLED: 1
   TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
   TURBO_TEAM: ${{ vars.TURBO_TEAM }}
 
 permissions:
-  id-token: write
   contents: read
   actions: read
 
@@ -33,7 +27,7 @@ jobs:
     timeout-minutes: 60
     services:
       postgres:
-        image: pgvector/pgvector:pg17
+        image: pgvector/pgvector@sha256:9ae02a756ba16a2d69dd78058e25915e36e189bb36ddf01ceae86390d7ed786a
         env:
           POSTGRES_DB: postgres
           POSTGRES_USER: postgres
@@ -41,7 +35,7 @@ jobs:
         ports:
           - 5432:5432
         options: >-
-          --health-cmd="pg_isready -U testuser"
+          --health-cmd="pg_isready -U postgres"
           --health-interval=10s
           --health-timeout=5s
           --health-retries=5
@@ -49,25 +43,15 @@ jobs:
         image: valkey/valkey@sha256:12ba4f45a7c3e1d0f076acd616cb230834e75a77e8516dde382720af32832d6d
         ports:
           - 6379:6379
-      minio:
-        image: bitnami/minio:2025.7.23-debian-12-r5
-        env:
-          MINIO_ROOT_USER: minioadmin
-          MINIO_ROOT_PASSWORD: minioadmin
-        ports:
-          - 9000:9000
-        options: >-
-          --health-cmd="curl -fsS http://localhost:9000/minio/health/live || exit 1"
-          --health-interval=10s
-          --health-timeout=5s
-          --health-retries=20
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
-          egress-policy: allow
+          egress-policy: audit
           allowed-endpoints: |
             ee.formbricks.com:443
+            registry-1.docker.io:443
+            docker.io:443
 
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ./.github/actions/dangerous-git-checkout
@@ -101,8 +85,8 @@ jobs:
           echo "S3_REGION=us-east-1" >> .env
           echo "S3_BUCKET_NAME=formbricks-e2e" >> .env
           echo "S3_ENDPOINT_URL=http://localhost:9000" >> .env
-          echo "S3_ACCESS_KEY=minioadmin" >> .env
-          echo "S3_SECRET_KEY=minioadmin" >> .env
+          echo "S3_ACCESS_KEY=devminio" >> .env
+          echo "S3_SECRET_KEY=devminio123" >> .env
           echo "S3_FORCE_PATH_STYLE=1" >> .env
         shell: bash
 
@@ -122,6 +106,22 @@ jobs:
           chmod +x "${MC_BIN}"
           sudo mv "${MC_BIN}" /usr/local/bin/mc
 
+      - name: Start MinIO Server
+        run: |
+          set -euo pipefail
+
+          # Start MinIO server in background
+          docker run -d \
+            --name minio-server \
+            -p 9000:9000 \
+            -p 9001:9001 \
+            -e MINIO_ROOT_USER=devminio \
+            -e MINIO_ROOT_PASSWORD=devminio123 \
+            minio/minio:RELEASE.2025-09-07T16-13-09Z \
+            server /data --console-address :9001
+
+          echo "MinIO server started"
+
       - name: Wait for MinIO and create S3 bucket
         run: |
           set -euo pipefail
@@ -142,7 +142,7 @@ jobs:
             exit 1
           fi
 
-          mc alias set local http://localhost:9000 minioadmin minioadmin
+          mc alias set local http://localhost:9000 devminio devminio123
           mc mb --ignore-existing local/formbricks-e2e
 
       - name: Build App
@@ -160,6 +160,12 @@ jobs:
           cd apps/web && pnpm vitest run modules/core/rate-limit/rate-limit-load.test.ts
         shell: bash
 
+      - name: Run Cache Integration Tests
+        run: |
+          echo "Running cache integration tests with Redis/Valkey..."
+          cd packages/cache && pnpm vitest run src/cache-integration.test.ts
+        shell: bash
+
       - name: Check for Enterprise License
         run: |
           LICENSE_KEY=$(grep '^ENTERPRISE_LICENSE_KEY=' .env | cut -d'=' -f2-)
@@ -169,6 +175,12 @@ jobs:
           fi
           echo "License key length: ${#LICENSE_KEY}"
 
+      - name: Disable rate limiting for E2E tests
+        run: |
+          echo "RATE_LIMITING_DISABLED=1" >> .env
+          echo "Rate limiting disabled for E2E tests"
+        shell: bash
+
       - name: Run App
         run: |
           echo "Starting app with enterprise license..."
@@ -190,31 +202,32 @@ jobs:
       - name: Install Playwright
         run: pnpm exec playwright install --with-deps
 
-      - name: Set Azure Secret Variables
-        run: |
-          if [[ -n "${{ secrets.AZURE_CLIENT_ID }}" && -n "${{ secrets.AZURE_TENANT_ID }}" && -n "${{ secrets.AZURE_SUBSCRIPTION_ID }}" ]]; then
-            echo "AZURE_ENABLED=true" >> $GITHUB_ENV
-          else
-            echo "AZURE_ENABLED=false" >> $GITHUB_ENV
-          fi
-
-      - name: Azure login
-        if: env.AZURE_ENABLED == 'true'
-        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
-        with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-
-      - name: Run E2E Tests (Azure)
-        if: env.AZURE_ENABLED == 'true'
+      - name: Determine Playwright execution mode
+        shell: bash
         env:
           PLAYWRIGHT_SERVICE_URL: ${{ secrets.PLAYWRIGHT_SERVICE_URL }}
+          PLAYWRIGHT_SERVICE_ACCESS_TOKEN: ${{ secrets.PLAYWRIGHT_SERVICE_ACCESS_TOKEN }}
         run: |
-          pnpm test-e2e:azure
+          set -euo pipefail
+
+          if [[ -n "${PLAYWRIGHT_SERVICE_URL}" && -n "${PLAYWRIGHT_SERVICE_ACCESS_TOKEN}" ]]; then
+            echo "PW_MODE=service" >> "$GITHUB_ENV"
+          else
+            echo "PW_MODE=local" >> "$GITHUB_ENV"
+          fi
+
+      - name: Run E2E Tests (Playwright Service)
+        if: env.PW_MODE == 'service'
+        env:
+          PLAYWRIGHT_SERVICE_URL: ${{ secrets.PLAYWRIGHT_SERVICE_URL }}
+          PLAYWRIGHT_SERVICE_ACCESS_TOKEN: ${{ secrets.PLAYWRIGHT_SERVICE_ACCESS_TOKEN }}
+          CI: true
+        run: pnpm test-e2e:azure
 
       - name: Run E2E Tests (Local)
-        if: env.AZURE_ENABLED == 'false'
+        if: env.PW_MODE == 'local'
+        env:
+          CI: true
         run: |
           pnpm test:e2e
 

.github/workflows/formbricks-release.yml

@@ -8,16 +8,103 @@ permissions:
   contents: read
 
 jobs:
-  docker-build:
-    name: Build & release docker image
+  check-latest-release:
+    name: Check if this is the latest release
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    permissions:
+      contents: read
+    outputs:
+      is_latest: ${{ steps.compare_tags.outputs.is_latest }}
+    # This job determines if the current release was marked as "Set as the latest release"
+    # by comparing it with the latest release from GitHub API
+    steps:
+      - name: Harden the runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Get latest release tag from API
+        id: get_latest_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+        run: |
+          set -euo pipefail
+          
+          # Get the latest release tag from GitHub API with error handling
+          echo "Fetching latest release from GitHub API..."
+          
+          # Use curl with error handling - API returns 404 if no releases exist
+          http_code=$(curl -s -w "%{http_code}" -H "Authorization: token ${GITHUB_TOKEN}" \
+            "https://api.github.com/repos/${REPO}/releases/latest" -o /tmp/latest_release.json)
+          
+          if [[ "$http_code" == "404" ]]; then
+            echo "⚠️  No previous releases found (404). This appears to be the first release."
+            echo "latest_release=" >> $GITHUB_OUTPUT
+          elif [[ "$http_code" == "200" ]]; then
+            latest_release=$(jq -r .tag_name /tmp/latest_release.json)
+            if [[ "$latest_release" == "null" || -z "$latest_release" ]]; then
+              echo "⚠️  API returned null/empty tag_name. Treating as first release."
+              echo "latest_release=" >> $GITHUB_OUTPUT
+            else
+              echo "Latest release from API: ${latest_release}"
+              echo "latest_release=${latest_release}" >> $GITHUB_OUTPUT
+            fi
+          else
+            echo "❌ GitHub API error (HTTP ${http_code}). Treating as first release."
+            echo "latest_release=" >> $GITHUB_OUTPUT
+          fi
+          
+          echo "Current release tag: ${{ github.event.release.tag_name }}"
+
+      - name: Compare release tags
+        id: compare_tags
+        env:
+          CURRENT_TAG: ${{ github.event.release.tag_name }}
+          LATEST_TAG: ${{ steps.get_latest_release.outputs.latest_release }}
+        run: |
+          set -euo pipefail
+          
+          # Handle first release case (no previous releases)
+          if [[ -z "${LATEST_TAG}" ]]; then
+            echo "🎉 This is the first release (${CURRENT_TAG}) - treating as latest"
+            echo "is_latest=true" >> $GITHUB_OUTPUT
+          elif [[ "${CURRENT_TAG}" == "${LATEST_TAG}" ]]; then
+            echo "✅ This release (${CURRENT_TAG}) is marked as the latest release"
+            echo "is_latest=true" >> $GITHUB_OUTPUT
+          else
+            echo "ℹ️  This release (${CURRENT_TAG}) is not the latest release (latest: ${LATEST_TAG})"
+            echo "is_latest=false" >> $GITHUB_OUTPUT
+          fi
+  docker-build-community:
+    name: Build & release community docker image
     permissions:
       contents: read
       packages: write
       id-token: write
     uses: ./.github/workflows/release-docker-github.yml
     secrets: inherit
+    needs:
+      - check-latest-release
     with:
       IS_PRERELEASE: ${{ github.event.release.prerelease }}
+      MAKE_LATEST: ${{ needs.check-latest-release.outputs.is_latest == 'true' }}
+
+  docker-build-cloud:
+    name: Build & push Formbricks Cloud to ECR
+    permissions:
+      contents: read
+      id-token: write
+    uses: ./.github/workflows/build-and-push-ecr.yml
+    secrets: inherit
+    with:
+      image_tag: ${{ needs.docker-build-community.outputs.VERSION }}
+      IS_PRERELEASE: ${{ github.event.release.prerelease }}
+      MAKE_LATEST: ${{ needs.check-latest-release.outputs.is_latest == 'true' }}
+    needs:
+      - check-latest-release
+      - docker-build-community
 
   helm-chart-release:
     name: Release Helm Chart
@@ -27,22 +114,44 @@ jobs:
     uses: ./.github/workflows/release-helm-chart.yml
     secrets: inherit
     needs:
-      - docker-build
+      - docker-build-community
     with:
-      VERSION: ${{ needs.docker-build.outputs.VERSION }}
+      VERSION: ${{ needs.docker-build-community.outputs.VERSION }}
 
-  deploy-formbricks-cloud:
-    name: Deploy Helm Chart to Formbricks Cloud
-    permissions:
-      contents: read
-      id-token: write
-    secrets: inherit
-    uses: ./.github/workflows/deploy-formbricks-cloud.yml
+  verify-cloud-build:
+    name: Verify Cloud Build Outputs
+    runs-on: ubuntu-latest
+    timeout-minutes: 5 # Simple verification should be quick
     needs:
-      - docker-build
-      - helm-chart-release
+      - docker-build-cloud
+    steps:
+      - name: Harden the runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Display ECR build outputs
+        env:
+          IMAGE_TAG: ${{ needs.docker-build-cloud.outputs.IMAGE_TAG }}
+          TAGS: ${{ needs.docker-build-cloud.outputs.TAGS }}
+        run: |
+          set -euo pipefail
+
+          echo "✅ ECR Build Completed Successfully"
+          echo "Image Tag: ${IMAGE_TAG}"
+          echo "ECR Tags:"
+          printf '%s\n' "${TAGS}"
+
+  move-stable-tag:
+    name: Move stable tag to release
+    permissions:
+      contents: write # Required for tag push operations in called workflow
+    uses: ./.github/workflows/move-stable-tag.yml
+    needs:
+      - check-latest-release
+      - docker-build-community # Ensure release is successful first
     with:
-      VERSION: v${{ needs.docker-build.outputs.VERSION }}
-      ENVIRONMENT: ${{ github.event.release.prerelease && 'staging' || 'production' }}
-
-
+      release_tag: ${{ github.event.release.tag_name }}
+      commit_sha: ${{ github.sha }}
+      is_prerelease: ${{ github.event.release.prerelease }}
+      make_latest: ${{ needs.check-latest-release.outputs.is_latest == 'true' }}

.github/workflows/move-stable-tag.yml

@@ -0,0 +1,101 @@
+name: Move Stable Tag
+
+on:
+  workflow_call:
+    inputs:
+      release_tag:
+        description: "The release tag name (e.g., 1.2.3)"
+        required: true
+        type: string
+      commit_sha:
+        description: "The commit SHA to point the stable tag to"
+        required: true
+        type: string
+      is_prerelease:
+        description: "Whether this is a prerelease (stable tag won't be moved for prereleases)"
+        required: false
+        type: boolean
+        default: false
+      make_latest:
+        description: "Whether to move stable tag (from GitHub release 'Set as the latest release' option)"
+        required: false
+        type: boolean
+        default: false
+
+permissions:
+  contents: read
+
+# Prevent concurrent stable tag operations to avoid race conditions
+concurrency:
+  group: move-stable-tag-${{ github.repository }}
+  cancel-in-progress: true
+
+jobs:
+  move-stable-tag:
+    name: Move stable tag to release
+    runs-on: ubuntu-latest
+    timeout-minutes: 10 # Prevent hung git operations
+    permissions:
+      contents: write # Required to push tags
+    # Only move stable tag for non-prerelease versions AND when make_latest is true
+    if: ${{ !inputs.is_prerelease && inputs.make_latest }}
+    steps:
+      - name: Harden the runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # Full history needed for tag operations
+
+      - name: Validate inputs
+        env:
+          RELEASE_TAG: ${{ inputs.release_tag }}
+          COMMIT_SHA: ${{ inputs.commit_sha }}
+        run: |
+          set -euo pipefail
+
+          # Validate release tag format
+          if [[ ! "$RELEASE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ ]]; then
+            echo "❌ Error: Invalid release tag format. Expected format: 1.2.3, 1.2.3-alpha"
+            echo "Provided: $RELEASE_TAG"
+            exit 1
+          fi
+
+          # Validate commit SHA format (40 character hex)
+          if [[ ! "$COMMIT_SHA" =~ ^[a-f0-9]{40}$ ]]; then
+            echo "❌ Error: Invalid commit SHA format. Expected 40 character hex string"
+            echo "Provided: $COMMIT_SHA"
+            exit 1
+          fi
+
+          echo "✅ Input validation passed"
+          echo "Release tag: $RELEASE_TAG"
+          echo "Commit SHA: $COMMIT_SHA"
+
+      - name: Move stable tag
+        env:
+          RELEASE_TAG: ${{ inputs.release_tag }}
+          COMMIT_SHA: ${{ inputs.commit_sha }}
+        run: |
+          set -euo pipefail
+
+          # Configure git
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Verify the commit exists
+          if ! git cat-file -e "$COMMIT_SHA"; then
+            echo "❌ Error: Commit $COMMIT_SHA does not exist in this repository"
+            exit 1
+          fi
+
+          # Move stable tag to the release commit
+          echo "📌 Moving stable tag to commit: $COMMIT_SHA (release: $RELEASE_TAG)"
+          git tag -f stable "$COMMIT_SHA"
+          git push origin stable --force
+
+          echo "✅ Successfully moved stable tag to release $RELEASE_TAG"
+          echo "🔗 Stable tag now points to: https://github.com/${{ github.repository }}/commit/$COMMIT_SHA"

.github/workflows/pr-size-check.yml

@@ -0,0 +1,165 @@
+name: PR Size Check
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  check-pr-size:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    
+    steps:
+      - name: Harden the runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+      
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+      
+      - name: Check PR size
+        id: check-size
+        run: |
+          set -euo pipefail
+          
+          # Fetch the base branch
+          git fetch origin "${{ github.base_ref }}"
+          
+          # Get diff stats
+          diff_output=$(git diff --numstat "origin/${{ github.base_ref }}"...HEAD)
+          
+          # Count lines, excluding:
+          # - Test files (*.test.ts, *.spec.tsx, etc.)
+          # - Locale files (locales/*.json, i18n/*.json)
+          # - Lock files (pnpm-lock.yaml, package-lock.json, yarn.lock)
+          # - Generated files (dist/, coverage/, build/, .next/)
+          # - Storybook stories (*.stories.tsx)
+          
+          total_additions=0
+          total_deletions=0
+          counted_files=0
+          excluded_files=0
+          
+          while IFS=$'\t' read -r additions deletions file; do
+            # Skip if additions or deletions are "-" (binary files)
+            if [ "$additions" = "-" ] || [ "$deletions" = "-" ]; then
+              continue
+            fi
+            
+            # Check if file should be excluded
+            case "$file" in
+              *.test.ts|*.test.tsx|*.spec.ts|*.spec.tsx|*.test.js|*.test.jsx|*.spec.js|*.spec.jsx)
+                excluded_files=$((excluded_files + 1))
+                continue
+                ;;
+              */locales/*.json|*/i18n/*.json)
+                excluded_files=$((excluded_files + 1))
+                continue
+                ;;
+              pnpm-lock.yaml|package-lock.json|yarn.lock)
+                excluded_files=$((excluded_files + 1))
+                continue
+                ;;
+              dist/*|coverage/*|build/*|node_modules/*|test-results/*|playwright-report/*|.next/*|*.tsbuildinfo)
+                excluded_files=$((excluded_files + 1))
+                continue
+                ;;
+              *.stories.ts|*.stories.tsx|*.stories.js|*.stories.jsx)
+                excluded_files=$((excluded_files + 1))
+                continue
+                ;;
+            esac
+            
+            total_additions=$((total_additions + additions))
+            total_deletions=$((total_deletions + deletions))
+            counted_files=$((counted_files + 1))
+          done <<EOF
+          ${diff_output}
+          EOF
+          
+          total_changes=$((total_additions + total_deletions))
+          
+          echo "counted_files=${counted_files}" >> "${GITHUB_OUTPUT}"
+          echo "excluded_files=${excluded_files}" >> "${GITHUB_OUTPUT}"
+          echo "total_additions=${total_additions}" >> "${GITHUB_OUTPUT}"
+          echo "total_deletions=${total_deletions}" >> "${GITHUB_OUTPUT}"
+          echo "total_changes=${total_changes}" >> "${GITHUB_OUTPUT}"
+          
+          # Set flag if PR is too large (> 800 lines)
+          if [ ${total_changes} -gt 800 ]; then
+            echo "is_too_large=true" >> "${GITHUB_OUTPUT}"
+          else
+            echo "is_too_large=false" >> "${GITHUB_OUTPUT}"
+          fi
+      
+      - name: Comment on PR if too large
+        if: steps.check-size.outputs.is_too_large == 'true'
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const totalChanges = ${{ steps.check-size.outputs.total_changes }};
+            const countedFiles = ${{ steps.check-size.outputs.counted_files }};
+            const excludedFiles = ${{ steps.check-size.outputs.excluded_files }};
+            const additions = ${{ steps.check-size.outputs.total_additions }};
+            const deletions = ${{ steps.check-size.outputs.total_deletions }};
+            
+            const body = `## 🚨 PR Size Warning
+            
+This PR has approximately **${totalChanges} lines** of changes (${additions} additions, ${deletions} deletions across ${countedFiles} files).
+
+Large PRs (>800 lines) are significantly harder to review and increase the chance of merge conflicts. Consider splitting this into smaller, self-contained PRs.
+
+### 💡 Suggestions:
+- **Split by feature or module** - Break down into logical, independent pieces
+- **Create a sequence of PRs** - Each building on the previous one
+- **Branch off PR branches** - Don't wait for reviews to continue dependent work
+
+### 📊 What was counted:
+- ✅ Source files, stylesheets, configuration files
+- ❌ Excluded ${excludedFiles} files (tests, locales, locks, generated files)
+
+### 📚 Guidelines:
+- **Ideal:** 300-500 lines per PR
+- **Warning:** 500-800 lines
+- **Critical:** 800+ lines ⚠️
+
+If this large PR is unavoidable (e.g., migration, dependency update, major refactor), please explain in the PR description why it couldn't be split.`;
+            
+            // Check if we already commented
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+            
+            const botComment = comments.find(comment => 
+              comment.user.type === 'Bot' && 
+              comment.body.includes('🚨 PR Size Warning')
+            );
+            
+            if (botComment) {
+              // Update existing comment
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+                body: body
+              });
+            } else {
+              // Create new comment
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                body: body
+              });
+            }
+

.github/workflows/release-docker-github-experimental.yml

@@ -1,39 +1,31 @@
-name: Docker Release to Github Experimental
+name: Build Community Testing Images
 
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+# This workflow builds experimental/testing versions of Formbricks for self-hosting customers
+# to test fixes and features before official releases. Images are pushed to GHCR with
+# timestamped experimental versions for easy identification and testing.
 
 on:
   workflow_dispatch:
-
-env:
-  # Use docker.io for Docker Hub if empty
-  REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}-experimental
-  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-  TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
+    inputs:
+      version_override:
+        description: "Override version (SemVer only, e.g., 1.2.3-beta). Leave empty for auto-generated experimental version."
+        required: false
+        type: string
 
 permissions:
   contents: read
+  packages: write
+  id-token: write
 
 jobs:
-  build:
+  build-community-testing:
+    name: Build Community Testing Image
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
-      id-token: write
-
-
+    timeout-minutes: 45
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
           egress-policy: audit
 
@@ -42,110 +34,17 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Generate SemVer version from branch or tag
-        id: generate_version
+      - name: Build and push community testing image
+        uses: ./.github/actions/build-and-push-docker
+        with:
+          registry_type: "ghcr"
+          ghcr_image_name: "${{ github.repository }}-experimental"
+          experimental_mode: "true"
+          version: ${{ inputs.version_override }}
         env:
-          REF_NAME: ${{ github.ref_name }}
-          REF_TYPE: ${{ github.ref_type }}
-        run: |
-          # Get reference name and type from environment variables
-          echo "Reference type: $REF_TYPE"
-          echo "Reference name: $REF_NAME"
-
-          # Create unique timestamped version for testing sourcemap resolution
-          TIMESTAMP=$(date +%s)
-          
-          if [[ "$REF_TYPE" == "tag" ]]; then
-            # If running from a tag, use the tag name + timestamp
-            if [[ "$REF_NAME" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
-              # Tag looks like a SemVer, use it directly (remove 'v' prefix if present)
-              BASE_VERSION=$(echo "$REF_NAME" | sed 's/^v//')
-              VERSION="${BASE_VERSION}-${TIMESTAMP}"
-              echo "Using SemVer tag with timestamp: $VERSION"
-            else
-              # Tag is not SemVer, treat as prerelease
-              SANITIZED_TAG=$(echo "$REF_NAME" | sed 's/[^a-zA-Z0-9.-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
-              VERSION="0.0.0-${SANITIZED_TAG}-${TIMESTAMP}"
-              echo "Using tag as prerelease with timestamp: $VERSION"
-            fi
-          else
-            # Running from branch, use branch name as prerelease + timestamp
-            SANITIZED_BRANCH=$(echo "$REF_NAME" | sed 's/[^a-zA-Z0-9.-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
-            VERSION="0.0.0-${SANITIZED_BRANCH}-${TIMESTAMP}"
-            echo "Using branch as prerelease with timestamp: $VERSION"
-          fi
-
-          echo "VERSION=$VERSION" >> $GITHUB_ENV
-          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
-          echo "Generated SemVer version: $VERSION"
-
-      - name: Update package.json version
-        run: |
-          sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${{ env.VERSION }}\"/" ./apps/web/package.json
-          cat ./apps/web/package.json | grep version
-
-      - name: Set up Depot CLI
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
-
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            type=ref,event=branch
-            type=raw,value=${{ env.VERSION }}
-
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
-      - name: Build and push Docker image
-        id: build-and-push
-        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
-        with:
-          project: tw0fqmsx3c
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          context: .
-          file: ./apps/web/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          secrets: |
-            database_url=${{ secrets.DUMMY_DATABASE_URL }}
-            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
-            sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}
-
-
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes "{}@${DIGEST}"
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEPOT_PROJECT_TOKEN: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          DUMMY_DATABASE_URL: ${{ secrets.DUMMY_DATABASE_URL }}
+          DUMMY_ENCRYPTION_KEY: ${{ secrets.DUMMY_ENCRYPTION_KEY }}
+          DUMMY_REDIS_URL: ${{ secrets.DUMMY_REDIS_URL }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}

.github/workflows/release-docker-github.yml

@@ -1,4 +1,4 @@
-name: Docker Release to Github
+name: Release Community Docker Images
 
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
@@ -13,6 +13,11 @@ on:
         required: false
         type: boolean
         default: false
+      MAKE_LATEST:
+        description: "Whether to tag as latest (from GitHub release 'Set as the latest release' option)"
+        required: false
+        type: boolean
+        default: false
     outputs:
       VERSION:
         description: release version
@@ -23,8 +28,6 @@ env:
   REGISTRY: ghcr.io
   # github.repository as <account>/<repo>
   IMAGE_NAME: ${{ github.repository }}
-  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-  TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
 
 permissions:
   contents: read
@@ -32,6 +35,7 @@ permissions:
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 45
     permissions:
       contents: read
       packages: write
@@ -44,103 +48,61 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
           egress-policy: audit
 
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Get Release Tag
+      - name: Extract release version from tag
         id: extract_release_tag
         run: |
-          # Extract version from tag (e.g., refs/tags/v1.2.3 -> 1.2.3)
-          TAG="$GITHUB_REF"
-          TAG=${TAG#refs/tags/v}
+          set -euo pipefail
 
-          # Validate the extracted tag format
-          if [[ ! "$TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ ]]; then
-            echo "❌ Error: Invalid release tag format after extraction. Must be semver (e.g., 1.2.3, 1.2.3-alpha)"
-            echo "Original ref: $GITHUB_REF"
-            echo "Extracted tag: $TAG"
+          # Extract tag name with fallback logic for different trigger contexts
+          if [[ -n "${RELEASE_TAG:-}" ]]; then
+            TAG="$RELEASE_TAG"
+            echo "Using RELEASE_TAG override: $TAG"
+          elif [[ "$GITHUB_REF_NAME" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]] || [[ "$GITHUB_REF_NAME" =~ ^v[0-9] ]]; then
+            TAG="$GITHUB_REF_NAME"
+            echo "Using GITHUB_REF_NAME (looks like tag): $TAG"
+          else
+            # Fallback: extract from GITHUB_REF for direct tag triggers
+            TAG="${GITHUB_REF#refs/tags/}"
+            if [[ -z "$TAG" || "$TAG" == "$GITHUB_REF" ]]; then
+              TAG="$GITHUB_REF_NAME"
+              echo "Using GITHUB_REF_NAME as final fallback: $TAG"
+            else
+              echo "Extracted from GITHUB_REF: $TAG"
+            fi
+          fi
+
+          # Strip v-prefix if present (normalize to clean SemVer)
+          TAG=${TAG#[vV]}
+
+          # Validate SemVer format (supports prereleases like 4.0.0-rc.1)
+          if [[ ! "$TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then
+            echo "ERROR: Invalid tag format '$TAG'. Expected SemVer (e.g., 1.2.3, 4.0.0-rc.1)"
             exit 1
           fi
 
-          # Safely add to environment variables
-          echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV
-
           echo "VERSION=$TAG" >> $GITHUB_OUTPUT
-          echo "Using tag-based version: $TAG"
+          echo "Using version: $TAG"
 
-      - name: Update package.json version
-        run: |
-          sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${{ env.RELEASE_TAG }}\"/" ./apps/web/package.json
-          cat ./apps/web/package.json | grep version
-
-      - name: Set up Depot CLI
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
-
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+      - name: Build and push community release image
+        id: build
+        uses: ./.github/actions/build-and-push-docker
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            # Default semver tags (version, major.minor, major)
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            # Only tag as 'latest' for stable releases (not prereleases)
-            type=raw,value=latest,enable=${{ !inputs.IS_PRERELEASE  }}
-
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
-      - name: Build and push Docker image
-        id: build-and-push
-        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
-        with:
-          project: tw0fqmsx3c
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          context: .
-          file: ./apps/web/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          secrets: |
-            database_url=${{ secrets.DUMMY_DATABASE_URL }}
-            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
-            sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
+          registry_type: "ghcr"
+          ghcr_image_name: ${{ env.IMAGE_NAME }}
+          version: ${{ steps.extract_release_tag.outputs.VERSION }}
+          is_prerelease: ${{ inputs.IS_PRERELEASE }}
+          make_latest: ${{ inputs.MAKE_LATEST }}
         env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEPOT_PROJECT_TOKEN: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          DUMMY_DATABASE_URL: ${{ secrets.DUMMY_DATABASE_URL }}
+          DUMMY_ENCRYPTION_KEY: ${{ secrets.DUMMY_ENCRYPTION_KEY }}
+          DUMMY_REDIS_URL: ${{ secrets.DUMMY_REDIS_URL }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}

.github/workflows/release-helm-chart.yml

@@ -19,7 +19,7 @@ jobs:
       contents: read
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
           egress-policy: audit
 
@@ -59,14 +59,35 @@ jobs:
         uses: dcarbone/install-yq-action@4075b4dca348d74bd83f2bf82d30f25d7c54539b # v1.3.1
 
       - name: Update Chart.yaml with new version
+        env:
+          VERSION: ${{ env.VERSION }}
         run: |
-          yq -i ".version = \"$VERSION\"" helm-chart/Chart.yaml
-          yq -i ".appVersion = \"v$VERSION\"" helm-chart/Chart.yaml
+          set -euo pipefail
+
+          echo "Updating Chart.yaml with version: ${VERSION}"
+          yq -i ".version = \"${VERSION}\"" helm-chart/Chart.yaml
+          yq -i ".appVersion = \"${VERSION}\"" helm-chart/Chart.yaml
+
+          echo "✅ Successfully updated Chart.yaml"
 
       - name: Package Helm chart
+        env:
+          VERSION: ${{ env.VERSION }}
         run: |
+          set -euo pipefail
+
+          echo "Packaging Helm chart version: ${VERSION}"
           helm package ./helm-chart
 
+          echo "✅ Successfully packaged formbricks-${VERSION}.tgz"
+
       - name: Push Helm chart to GitHub Container Registry
+        env:
+          VERSION: ${{ env.VERSION }}
         run: |
-          helm push "formbricks-$VERSION.tgz" oci://ghcr.io/formbricks/helm-charts
+          set -euo pipefail
+
+          echo "Pushing Helm chart to registry: formbricks-${VERSION}.tgz"
+          helm push "formbricks-${VERSION}.tgz" oci://ghcr.io/formbricks/helm-charts
+
+          echo "✅ Successfully pushed Helm chart to registry"

.github/workflows/terraform-plan-and-apply.yml

@@ -1,86 +0,0 @@
-name: "Terraform"
-
-on:
-  workflow_dispatch:
-  # TODO: enable it back when migration is completed.
-  push:
-    branches:
-      - main
-    paths:
-      - "infra/terraform/**"
-  pull_request:
-    branches:
-      - main
-    paths:
-      - "infra/terraform/**"
-
-permissions:
-  contents: read
-
-jobs:
-  terraform:
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      pull-requests: write
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Tailscale
-        uses: tailscale/github-action@84a3f23bb4d843bcf4da6cf824ec1be473daf4de # v3.2.3
-        with:
-          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
-          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
-          tags: tag:github
-
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0
-        with:
-          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
-          aws-region: "eu-central-1"
-
-      - name: Setup Terraform
-        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
-
-      - name: Terraform Format
-        id: fmt
-        run: terraform fmt -check -recursive
-        continue-on-error: true
-        working-directory: infra/terraform
-
-      - name: Terraform Init
-        id: init
-        run: terraform init
-        working-directory: infra/terraform
-
-      - name: Terraform Validate
-        id: validate
-        run: terraform validate
-        working-directory: infra/terraform
-
-      - name: Terraform Plan
-        id: plan
-        run: terraform plan -out .planfile
-        working-directory: infra/terraform
-
-      - name: Post PR comment
-        uses: borchero/terraform-plan-comment@434458316f8f24dd073cd2561c436cce41dc8f34 # v2.4.1
-        if: always() && github.ref != 'refs/heads/main' && (steps.plan.outcome == 'success' || steps.plan.outcome == 'failure')
-        with:
-          token: ${{ github.token }}
-          planfile: .planfile
-          working-directory: "infra/terraform"
-
-      - name: Terraform Apply
-        id: apply
-        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-        run: terraform apply .planfile
-        working-directory: "infra/terraform"

.github/workflows/tolgee-missing-key-check.yml

@@ -1,51 +0,0 @@
-name: Check Missing Translations
-
-permissions:
-  contents: read
-
-on:
-  workflow_dispatch:
-  pull_request_target:
-    types: [opened, synchronize, reopened]
-
-jobs:
-  check-missing-translations:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-        with:
-          ref: ${{ github.event.pull_request.base.ref }}
-
-      - name: Checkout PR
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      - name: Setup Node.js
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
-        with:
-          node-version: 18
-
-      - name: Install Tolgee CLI
-        run: npm install -g @tolgee/cli
-
-      - name: Compare Tolgee Keys
-        id: compare
-        run: |
-          tolgee compare --api-key ${{ secrets.TOLGEE_API_KEY }} > compare_output.txt
-          cat compare_output.txt
-
-      - name: Check for Missing Translations
-        run: |
-          if grep -q "new key found" compare_output.txt; then
-            echo "New keys found that may require translations:"
-            exit 1
-          else
-            echo "No new keys found."
-          fi

.github/workflows/tolgee.yml

@@ -1,95 +0,0 @@
-name: Tolgee Tagging on PR Merge
-permissions:
-  contents: read
-
-on:
-  pull_request_target:
-    types: [closed]
-    branches:
-      - main
-
-jobs:
-  tag-production-keys:
-    name: Tag Production Keys
-    runs-on: ubuntu-latest
-    if: github.event.pull_request.merged == true
-
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0 # This ensures we get the full git history
-
-      - name: Get source branch name
-        id: branch-name
-        env:
-          RAW_BRANCH: ${{ github.head_ref }}
-        run: |
-          # Validate and sanitize branch name - only allow alphanumeric, dots, underscores, hyphens, and forward slashes
-          SOURCE_BRANCH=$(echo "$RAW_BRANCH" | sed 's/[^a-zA-Z0-9._\/-]//g')
-
-          # Additional validation - ensure branch name is not empty after sanitization
-          if [[ -z "$SOURCE_BRANCH" ]]; then
-            echo "❌ Error: Branch name is empty after sanitization"
-            echo "Original branch: $RAW_BRANCH"
-            exit 1
-          fi
-
-          # Safely add to environment variables using GitHub's recommended method
-          # This prevents environment variable injection attacks
-          echo "SOURCE_BRANCH<<EOF" >> $GITHUB_ENV
-          echo "$SOURCE_BRANCH" >> $GITHUB_ENV
-          echo "EOF" >> $GITHUB_ENV
-
-          echo "Detected source branch: $SOURCE_BRANCH"
-
-      - name: Setup Node.js
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
-        with:
-          node-version: 18 # Ensure compatibility with your project
-
-      - name: Install Tolgee CLI
-        run: npm install -g @tolgee/cli
-
-      - name: Tag Production Keys
-        run: |
-          npx tolgee tag \
-            --api-key ${{ secrets.TOLGEE_API_KEY }} \
-            --filter-extracted \
-            --filter-tag "draft:${SOURCE_BRANCH}" \
-            --tag production \
-            --untag "draft:${SOURCE_BRANCH}"
-
-      - name: Tag unused production keys as Deprecated
-        run: |
-          npx tolgee tag \
-            --api-key ${{ secrets.TOLGEE_API_KEY }} \
-            --filter-not-extracted --filter-tag production \
-            --tag deprecated --untag production
-
-      - name: Tag unused draft:current-branch keys as Deprecated
-        run: |
-          npx tolgee tag \
-            --api-key ${{ secrets.TOLGEE_API_KEY }} \
-            --filter-not-extracted --filter-tag "draft:${SOURCE_BRANCH}" \
-            --tag deprecated --untag "draft:${SOURCE_BRANCH}"
-
-      - name: Sync with backup
-        run: |
-          npx tolgee sync \
-            --api-key ${{ secrets.TOLGEE_API_KEY }} \
-            --backup ./tolgee-backup \
-            --continue-on-warning \
-            --yes
-
-      - name: Upload backup as artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
-        with:
-          name: tolgee-backup-${{ github.sha }}
-          path: ./tolgee-backup
-          retention-days: 90

.github/workflows/translation-check.yml

@@ -0,0 +1,63 @@
+name: Translation Validation
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths:
+      - "apps/web/**/*.ts"
+      - "apps/web/**/*.tsx"
+      - "apps/web/locales/**/*.json"
+      - "scan-translations.ts"
+  push:
+    branches:
+      - main
+    paths:
+      - "apps/web/**/*.ts"
+      - "apps/web/**/*.tsx"
+      - "apps/web/locales/**/*.json"
+      - "scan-translations.ts"
+
+jobs:
+  validate-translations:
+    name: Validate Translation Keys
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Setup Node.js
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        with:
+          node-version: 18
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d # v3.0.0
+        with:
+          version: 9.15.9
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Validate translation keys
+        run: |
+          echo ""
+          echo "🔍 Validating translation keys..."
+          echo ""
+          pnpm run scan-translations
+
+      - name: Summary
+        if: success()
+        run: |
+          echo ""
+          echo "✅ Translation validation completed successfully!"
+          echo ""

.gitignore

@@ -56,19 +56,6 @@ packages/database/migrations
 branch.json
 .vercel
 
-# Terraform
-infra/terraform/.terraform/
-**/.terraform.lock.hcl
-**/terraform.tfstate
-**/terraform.tfstate.*
-**/crash.log
-**/override.tf
-**/override.tf.json
-**/*.tfvars
-**/*.tfvars.json
-**/.terraformrc
-**/terraform.rc
-
 # IntelliJ IDEA
 /.idea/
 /*.iml

.husky/pre-commit

@@ -10,12 +10,34 @@ fi
 
 pnpm lint-staged
 
-# Run tolgee-pull if branch.json exists and NEXT_PUBLIC_TOLGEE_API_KEY is not set
-if [ -f branch.json ]; then
-  if [ -z "$NEXT_PUBLIC_TOLGEE_API_KEY" ]; then
-    echo "Skipping tolgee-pull: NEXT_PUBLIC_TOLGEE_API_KEY is not set"
+# Run Lingo.dev i18n workflow if LINGODOTDEV_API_KEY is set
+if [ -n "$LINGODOTDEV_API_KEY" ]; then
+  echo ""
+  echo "🌍 Running Lingo.dev translation workflow..."
+  echo ""
+  
+  # Run translation generation and validation
+  if pnpm run i18n; then
+    echo ""
+    echo "✅ Translation validation passed"
+    echo ""
+    # Add updated locale files to git
+    git add apps/web/locales/*.json
   else
-    pnpm run tolgee-pull
-    git add apps/web/locales
+    echo ""
+    echo "❌ Translation validation failed!"
+    echo ""
+    echo "Please fix the translation issues above before committing:"
+    echo "  • Add missing translation keys to your locale files"
+    echo "  • Remove unused translation keys"
+    echo ""
+    echo "Or run 'pnpm i18n' to see the detailed report"
+    echo ""
+    exit 1
   fi
+else
+  echo ""
+  echo "⚠️  Skipping translation validation: LINGODOTDEV_API_KEY is not set"
+  echo "   (This is expected for community contributors)"
+  echo ""
 fi

.tolgeerc.json

@@ -1,51 +0,0 @@
-{
-  "$schema": "https://docs.tolgee.io/cli-schema.json",
-  "format": "JSON_TOLGEE",
-  "patterns": ["./apps/web/**/*.ts?(x)"],
-  "projectId": 10304,
-  "pull": {
-    "path": "./apps/web/locales"
-  },
-  "push": {
-    "files": [
-      {
-        "language": "en-US",
-        "path": "./apps/web/locales/en-US.json"
-      },
-      {
-        "language": "de-DE",
-        "path": "./apps/web/locales/de-DE.json"
-      },
-      {
-        "language": "fr-FR",
-        "path": "./apps/web/locales/fr-FR.json"
-      },
-      {
-        "language": "pt-BR",
-        "path": "./apps/web/locales/pt-BR.json"
-      },
-      {
-        "language": "zh-Hant-TW",
-        "path": "./apps/web/locales/zh-Hant-TW.json"
-      },
-      {
-        "language": "pt-PT",
-        "path": "./apps/web/locales/pt-PT.json"
-      },
-      {
-        "language": "ro-RO",
-        "path": "./apps/web/locales/ro-RO.json"
-      },
-      {
-        "language": "ja-JP",
-        "path": "./apps/web/locales/ja-JP.json"
-      },
-      {
-        "language": "zh-Hans-CN",
-        "path": "./apps/web/locales/zh-Hans-CN.json"
-      }
-    ],
-    "forceMode": "OVERRIDE"
-  },
-  "strictNamespace": false
-}

.vscode/settings.json

@@ -1,6 +1,10 @@
 {
   "eslint.validate": ["javascript", "javascriptreact", "typescript", "typescriptreact"],
-  "eslint.workingDirectories": [{ "mode": "auto" }],
+  "eslint.workingDirectories": [
+    {
+      "mode": "auto"
+    }
+  ],
   "javascript.updateImportsOnFileMove.enabled": "always",
   "sonarlint.connectedMode.project": {
     "connectionId": "formbricks",

AGENTS.md

@@ -0,0 +1,28 @@
+# Repository Guidelines
+
+## Project Structure & Module Organization
+
+Formbricks runs as a pnpm/turbo monorepo. `apps/web` is the Next.js product surface, with feature modules under `app/` and `modules/`, assets in `public/` and `images/`, and Playwright specs in `apps/web/playwright/`. `apps/storybook` renders reusable UI pieces for review. Shared logic lives in `packages/*`: `database` (Prisma schemas/migrations), `surveys`, `js-core`, `types`, plus linting and TypeScript presets (`config-*`). Deployment collateral is kept in `docs/`, `docker/`, and `helm-chart/`. Unit tests sit next to their source as `*.test.ts` or inside `__tests__`.
+
+## Build, Test & Development Commands
+
+- `pnpm install` — install workspace dependencies pinned by `pnpm-lock.yaml`.
+- `pnpm db:up` / `pnpm db:down` — start/stop the Docker services backing the app.
+- `pnpm dev` — run all app and worker dev servers in parallel via Turborepo.
+- `pnpm build` — generate production builds for every package and app.
+- `pnpm lint` — apply the shared ESLint rules across the workspace.
+- `pnpm test` / `pnpm test:coverage` — execute Vitest suites with optional coverage.
+- `pnpm test:e2e` — launch the Playwright browser regression suite.
+- `pnpm db:migrate:dev` — apply Prisma migrations against the dev database.
+
+## Coding Style & Naming Conventions
+
+TypeScript, React, and Prisma are the primary languages. Use the shared ESLint presets (`@formbricks/eslint-config`) and Prettier preset (110-char width, semicolons, double quotes, sorted import groups). Two-space indentation is standard; prefer `PascalCase` for React components and folders under `modules/`, `camelCase` for functions/variables, and `SCREAMING_SNAKE_CASE` only for constants. When adding mocks, place them inside `__mocks__` so import ordering stays stable.
+
+## Testing Guidelines
+
+Prefer Vitest with Testing Library for logic in `.ts` files, keeping specs colocated with the code they exercise (`utility.test.ts`). Do not write tests for `.tsx` files—React components are covered by Playwright E2E tests instead. Mock network and storage boundaries through helpers from `@formbricks/*`. Run `pnpm test` before opening a PR and `pnpm test:coverage` when touching critical flows; keep coverage from regressing. End-to-end scenarios belong in `apps/web/playwright`, using descriptive filenames (`billing.spec.ts`) and tagging slow suites with `@slow` when necessary.
+
+## Commit & Pull Request Guidelines
+
+Commits follow a lightweight Conventional Commit format (`fix:`, `chore:`, `feat:`) and usually append the PR number, e.g. `fix: update OpenAPI schema (#6617)`. Keep commits scoped and lint-clean. Pull requests should outline the problem, summarize the solution, and link to issues or product specs. Attach screenshots or gifs for UI-facing work, list any migrations or env changes, and paste the output of relevant commands (`pnpm test`, `pnpm lint`, `pnpm db:migrate:dev`) so reviewers can verify readiness.

apps/storybook/.storybook/main.ts

@@ -1,8 +1,11 @@
 import type { StorybookConfig } from "@storybook/react-vite";
 import { createRequire } from "module";
-import { dirname, join } from "path";
+import { dirname, join, resolve } from "path";
+import { fileURLToPath } from "url";
 
 const require = createRequire(import.meta.url);
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
 
 /**
  * This function is used to resolve the absolute path of a package.
@@ -13,7 +16,7 @@ function getAbsolutePath(value: string): any {
 }
 
 const config: StorybookConfig = {
-  stories: ["../src/**/*.mdx", "../../web/modules/ui/**/stories.@(js|jsx|mjs|ts|tsx)"],
+  stories: ["../src/**/*.mdx", "../../../packages/survey-ui/src/**/*.stories.@(js|jsx|mjs|ts|tsx)"],
   addons: [
     getAbsolutePath("@storybook/addon-onboarding"),
     getAbsolutePath("@storybook/addon-links"),
@@ -25,5 +28,25 @@ const config: StorybookConfig = {
     name: getAbsolutePath("@storybook/react-vite"),
     options: {},
   },
+  async viteFinal(config) {
+    const surveyUiPath = resolve(__dirname, "../../../packages/survey-ui/src");
+    const rootPath = resolve(__dirname, "../../../");
+
+    // Configure server to allow files from outside the storybook directory
+    config.server = config.server || {};
+    config.server.fs = {
+      ...config.server.fs,
+      allow: [...(config.server.fs?.allow || []), rootPath],
+    };
+
+    // Configure simple alias resolution
+    config.resolve = config.resolve || {};
+    config.resolve.alias = {
+      ...config.resolve.alias,
+      "@": surveyUiPath,
+    };
+
+    return config;
+  },
 };
 export default config;

apps/storybook/.storybook/preview.ts

@@ -1,32 +1,6 @@
 import type { Preview } from "@storybook/react-vite";
-import { TolgeeProvider } from "@tolgee/react";
 import React from "react";
-// Import translation data for Storybook
-import enUSTranslations from "../../web/locales/en-US.json";
-import "../../web/modules/ui/globals.css";
-import { TolgeeBase } from "../../web/tolgee/shared";
-
-// Create a Storybook-specific Tolgee decorator
-const withTolgee = (Story: any) => {
-  const tolgee = TolgeeBase().init({
-    tagNewKeys: [], // No branch tagging in Storybook
-  });
-
-  return React.createElement(
-    TolgeeProvider,
-    {
-      tolgee,
-      fallback: "Loading",
-      ssr: {
-        language: "en-US",
-        staticData: {
-          "en-US": enUSTranslations,
-        },
-      },
-    },
-    React.createElement(Story)
-  );
-};
+import "../../../packages/survey-ui/src/styles/globals.css";
 
 const preview: Preview = {
   parameters: {
@@ -35,9 +9,23 @@ const preview: Preview = {
         color: /(background|color)$/i,
         date: /Date$/i,
       },
+      expanded: true,
+    },
+    backgrounds: {
+      default: "light",
     },
   },
-  decorators: [withTolgee],
+  decorators: [
+    (Story) =>
+      React.createElement(
+        "div",
+        {
+          id: "fbjs",
+          className: "w-full h-full min-h-screen p-4 bg-background font-sans antialiased text-foreground",
+        },
+        React.createElement(Story)
+      ),
+  ],
 };
 
 export default preview;

apps/storybook/package.json

@@ -11,22 +11,24 @@
     "clean": "rimraf .turbo node_modules dist storybook-static"
   },
   "dependencies": {
-    "eslint-plugin-react-refresh": "0.4.20"
+    "@formbricks/survey-ui": "workspace:*",
+    "eslint-plugin-react-refresh": "0.4.24"
   },
   "devDependencies": {
-    "@chromatic-com/storybook": "^4.0.1",
-    "@storybook/addon-a11y": "9.0.15",
-    "@storybook/addon-links": "9.0.15",
-    "@storybook/addon-onboarding": "9.0.15",
-    "@storybook/react-vite": "9.0.15",
-    "@typescript-eslint/eslint-plugin": "8.32.0",
-    "@typescript-eslint/parser": "8.32.0",
-    "@vitejs/plugin-react": "4.4.1",
-    "esbuild": "0.25.4",
-    "eslint-plugin-storybook": "9.0.15",
+    "@chromatic-com/storybook": "^4.1.3",
+    "@storybook/addon-a11y": "10.0.8",
+    "@storybook/addon-links": "10.0.8",
+    "@storybook/addon-onboarding": "10.0.8",
+    "@storybook/react-vite": "10.0.8",
+    "@typescript-eslint/eslint-plugin": "8.48.0",
+    "@tailwindcss/vite": "4.1.17",
+    "@typescript-eslint/parser": "8.48.0",
+    "@vitejs/plugin-react": "5.1.1",
+    "esbuild": "0.27.0",
+    "eslint-plugin-storybook": "10.0.8",
     "prop-types": "15.8.1",
-    "storybook": "9.0.15",
-    "vite": "6.3.6",
-    "@storybook/addon-docs": "9.0.15"
+    "storybook": "10.0.8",
+    "vite": "7.2.4",
+    "@storybook/addon-docs": "10.0.8"
   }
 }

apps/storybook/postcss.config.js

@@ -1,6 +0,0 @@
-export default {
-  plugins: {
-    tailwindcss: {},
-    autoprefixer: {},
-  },
-};

apps/storybook/tailwind.config.js

@@ -1,7 +1,15 @@
 /** @type {import('tailwindcss').Config} */
-import base from "../web/tailwind.config";
+import surveyUi from "../../packages/survey-ui/tailwind.config";
 
 export default {
-  ...base,
-  content: ["./index.html", "./src/**/*.{js,ts,jsx,tsx}", "../web/modules/ui/**/*.{js,ts,jsx,tsx}"],
+  content: [
+    "./index.html",
+    "./src/**/*.{js,ts,jsx,tsx}",
+    "../../packages/survey-ui/src/**/*.{js,ts,jsx,tsx}",
+  ],
+  theme: {
+    extend: {
+      ...surveyUi.theme?.extend,
+    },
+  },
 };

apps/storybook/vite.config.ts

@@ -1,16 +1,17 @@
+import tailwindcss from "@tailwindcss/vite";
 import react from "@vitejs/plugin-react";
 import path from "path";
 import { defineConfig } from "vite";
 
 // https://vitejs.dev/config/
 export default defineConfig({
-  plugins: [react()],
+  plugins: [react(), tailwindcss()],
   define: {
     "process.env": {},
   },
   resolve: {
     alias: {
-      "@": path.resolve(__dirname, "../web"),
+      "@formbricks/survey-ui": path.resolve(__dirname, "../../packages/survey-ui/src"),
     },
   },
 });

apps/web/Dockerfile

@@ -37,6 +37,10 @@ ENV NODE_OPTIONS=${NODE_OPTIONS}
 # but needs explicit declaration for some build systems (like Depot)
 ARG TARGETARCH
 
+# Base path for the application (optional)
+ARG BASE_PATH=""
+ENV BASE_PATH=${BASE_PATH}
+
 # Set the working directory
 WORKDIR /app
 
@@ -73,8 +77,8 @@ RUN jq -r '.devDependencies.prisma' packages/database/package.json > /prisma_ver
 #
 FROM base AS runner
 
-RUN npm install --ignore-scripts -g corepack@latest 
-RUN corepack enable
+RUN npm install --ignore-scripts -g corepack@latest && \
+    corepack enable
 
 RUN apk add --no-cache curl \
     && apk add --no-cache supercronic \
@@ -124,7 +128,7 @@ RUN chmod -R 755 ./node_modules/@noble/hashes
 COPY --from=installer /app/node_modules/zod ./node_modules/zod
 RUN chmod -R 755 ./node_modules/zod
 
-RUN npm install -g prisma
+RUN npm install -g prisma@6
 
 # Create a startup script to handle the conditional logic
 COPY --from=installer /app/apps/web/scripts/docker/next-start.sh /home/nextjs/start.sh
@@ -134,12 +138,13 @@ EXPOSE 3000
 ENV HOSTNAME="0.0.0.0"
 USER nextjs
 
-# Prepare volume for uploads
-RUN mkdir -p /home/nextjs/apps/web/uploads/
-VOLUME /home/nextjs/apps/web/uploads/
+# Prepare pnpm as the nextjs user to ensure it's available at runtime
+# Prepare volumes for uploads and SAML connections
+RUN corepack prepare pnpm@9.15.9 --activate && \
+    mkdir -p /home/nextjs/apps/web/uploads/ && \
+    mkdir -p /home/nextjs/apps/web/saml-connection
 
-# Prepare volume for SAML preloaded connection
-RUN mkdir -p /home/nextjs/apps/web/saml-connection
+VOLUME /home/nextjs/apps/web/uploads/
 VOLUME /home/nextjs/apps/web/saml-connection
 
 CMD ["/home/nextjs/start.sh"]

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.test.tsx

@@ -1,79 +0,0 @@
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render, screen } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { ConnectWithFormbricks } from "./ConnectWithFormbricks";
-
-// Mocks before import
-const pushMock = vi.fn();
-const refreshMock = vi.fn();
-vi.mock("@tolgee/react", () => ({ useTranslate: () => ({ t: (key: string) => key }) }));
-vi.mock("next/navigation", () => ({ useRouter: vi.fn(() => ({ push: pushMock, refresh: refreshMock })) }));
-vi.mock("./OnboardingSetupInstructions", () => ({
-  OnboardingSetupInstructions: () => <div data-testid="instructions" />,
-}));
-
-afterEach(() => {
-  cleanup();
-  vi.clearAllMocks();
-});
-
-describe("ConnectWithFormbricks", () => {
-  const environment = { id: "env1" } as any;
-  const webAppUrl = "http://app";
-  const channel = {} as any;
-
-  test("renders waiting state when appSetupCompleted is false", () => {
-    render(
-      <ConnectWithFormbricks
-        environment={environment}
-        publicDomain={webAppUrl}
-        appSetupCompleted={false}
-        channel={channel}
-      />
-    );
-    expect(screen.getByTestId("instructions")).toBeInTheDocument();
-    expect(screen.getByText("environments.connect.waiting_for_your_signal")).toBeInTheDocument();
-  });
-
-  test("renders success state when appSetupCompleted is true", () => {
-    render(
-      <ConnectWithFormbricks
-        environment={environment}
-        publicDomain={webAppUrl}
-        appSetupCompleted={true}
-        channel={channel}
-      />
-    );
-    expect(screen.getByText("environments.connect.congrats")).toBeInTheDocument();
-    expect(screen.getByText("environments.connect.connection_successful_message")).toBeInTheDocument();
-  });
-
-  test("clicking finish button navigates to surveys", async () => {
-    render(
-      <ConnectWithFormbricks
-        environment={environment}
-        publicDomain={webAppUrl}
-        appSetupCompleted={true}
-        channel={channel}
-      />
-    );
-    const button = screen.getByRole("button", { name: "environments.connect.finish_onboarding" });
-    await userEvent.click(button);
-    expect(pushMock).toHaveBeenCalledWith(`/environments/${environment.id}/surveys`);
-  });
-
-  test("refresh is called on visibilitychange to visible", () => {
-    render(
-      <ConnectWithFormbricks
-        environment={environment}
-        publicDomain={webAppUrl}
-        appSetupCompleted={false}
-        channel={channel}
-      />
-    );
-    Object.defineProperty(document, "visibilityState", { value: "visible", configurable: true });
-    document.dispatchEvent(new Event("visibilitychange"));
-    expect(refreshMock).toHaveBeenCalled();
-  });
-});

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.tsx

@@ -1,13 +1,13 @@
 "use client";
 
-import { cn } from "@/lib/cn";
-import { Button } from "@/modules/ui/components/button";
-import { useTranslate } from "@tolgee/react";
 import { ArrowRight } from "lucide-react";
 import { useRouter } from "next/navigation";
 import { useEffect } from "react";
+import { useTranslation } from "react-i18next";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TProjectConfigChannel } from "@formbricks/types/project";
+import { cn } from "@/lib/cn";
+import { Button } from "@/modules/ui/components/button";
 import { OnboardingSetupInstructions } from "./OnboardingSetupInstructions";
 
 interface ConnectWithFormbricksProps {
@@ -23,7 +23,7 @@ export const ConnectWithFormbricks = ({
   appSetupCompleted,
   channel,
 }: ConnectWithFormbricksProps) => {
-  const { t } = useTranslate();
+  const { t } = useTranslation();
   const router = useRouter();
   const handleFinishOnboarding = async () => {
     router.push(`/environments/${environment.id}/surveys`);

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.test.tsx

@@ -1,103 +0,0 @@
-import { cleanup, render, screen } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import toast from "react-hot-toast";
-import { afterEach, beforeAll, describe, expect, test, vi } from "vitest";
-import { OnboardingSetupInstructions } from "./OnboardingSetupInstructions";
-
-// Mock react-hot-toast so we can assert that a success message is shown
-vi.mock("react-hot-toast", () => ({
-  __esModule: true,
-  default: {
-    success: vi.fn(),
-  },
-}));
-
-// Set up a spy for navigator.clipboard.writeText so it becomes a ViTest spy.
-beforeAll(() => {
-  Object.defineProperty(navigator, "clipboard", {
-    configurable: true,
-    writable: true,
-    value: {
-      // Using a mockResolvedValue resolves the promise as writeText is async.
-      writeText: vi.fn().mockResolvedValue(undefined),
-    },
-  });
-});
-
-describe("OnboardingSetupInstructions", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  // Provide some default props for testing
-  const defaultProps = {
-    environmentId: "env-123",
-    publicDomain: "https://example.com",
-    channel: "app" as const, // Assuming channel is either "app" or "website"
-    appSetupCompleted: false,
-  };
-
-  test("renders HTML tab content by default", () => {
-    render(<OnboardingSetupInstructions {...defaultProps} />);
-
-    // Since the default active tab is "html", we check for a unique text
-    expect(
-      screen.getByText(/environments.connect.insert_this_code_into_the_head_tag_of_your_website/i)
-    ).toBeInTheDocument();
-
-    // The HTML snippet contains a marker comment
-    expect(screen.getByText("START")).toBeInTheDocument();
-
-    // Verify the "Copy Code" button is present
-    expect(screen.getByRole("button", { name: /common.copy_code/i })).toBeInTheDocument();
-  });
-
-  test("renders NPM tab content when selected", async () => {
-    render(<OnboardingSetupInstructions {...defaultProps} />);
-    const user = userEvent.setup();
-
-    // Click on the "NPM" tab to switch views.
-    const npmTab = screen.getByText("NPM");
-    await user.click(npmTab);
-
-    // Check that the install commands are present
-    expect(screen.getByText(/npm install @formbricks\/js/)).toBeInTheDocument();
-    expect(screen.getByText(/yarn add @formbricks\/js/)).toBeInTheDocument();
-
-    // Verify the "Read Docs" link has the correct URL (based on channel prop)
-    const readDocsLink = screen.getByRole("link", { name: /common.read_docs/i });
-    expect(readDocsLink).toHaveAttribute("href", "https://formbricks.com/docs/app-surveys/framework-guides");
-  });
-
-  test("copies HTML snippet to clipboard and shows success toast when Copy Code button is clicked", async () => {
-    render(<OnboardingSetupInstructions {...defaultProps} />);
-    const user = userEvent.setup();
-
-    const writeTextSpy = vi.spyOn(navigator.clipboard, "writeText");
-
-    // Click the "Copy Code" button
-    const copyButton = screen.getByRole("button", { name: /common.copy_code/i });
-    await user.click(copyButton);
-
-    // Ensure navigator.clipboard.writeText was called.
-    expect(writeTextSpy).toHaveBeenCalled();
-    const writtenText = (navigator.clipboard.writeText as any).mock.calls[0][0] as string;
-
-    // Check that the pasted snippet contains the expected environment values
-    expect(writtenText).toContain('var appUrl = "https://example.com"');
-    expect(writtenText).toContain('var environmentId = "env-123"');
-
-    // Verify that a success toast was shown
-    expect(toast.success).toHaveBeenCalledWith("common.copied_to_clipboard");
-  });
-
-  test("renders step-by-step manual link with correct URL in HTML tab", () => {
-    render(<OnboardingSetupInstructions {...defaultProps} />);
-    const manualLink = screen.getByRole("link", { name: /common.step_by_step_manual/i });
-    expect(manualLink).toHaveAttribute(
-      "href",
-      "https://formbricks.com/docs/app-surveys/framework-guides#html"
-    );
-  });
-});

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.tsx

@@ -1,15 +1,15 @@
 "use client";
 
-import { Button } from "@/modules/ui/components/button";
-import { CodeBlock } from "@/modules/ui/components/code-block";
-import { Html5Icon, NpmIcon } from "@/modules/ui/components/icons";
-import { TabBar } from "@/modules/ui/components/tab-bar";
-import { useTranslate } from "@tolgee/react";
 import Link from "next/link";
 import "prismjs/themes/prism.css";
 import { useState } from "react";
 import toast from "react-hot-toast";
+import { useTranslation } from "react-i18next";
 import { TProjectConfigChannel } from "@formbricks/types/project";
+import { Button } from "@/modules/ui/components/button";
+import { CodeBlock } from "@/modules/ui/components/code-block";
+import { Html5Icon, NpmIcon } from "@/modules/ui/components/icons";
+import { TabBar } from "@/modules/ui/components/tab-bar";
 
 const tabs = [
   { id: "html", label: "HTML", icon: <Html5Icon /> },
@@ -29,7 +29,7 @@ export const OnboardingSetupInstructions = ({
   channel,
   appSetupCompleted,
 }: OnboardingSetupInstructionsProps) => {
-  const { t } = useTranslate();
+  const { t } = useTranslation();
   const [activeTab, setActiveTab] = useState(tabs[0].id);
   const htmlSnippetForAppSurveys = `<!-- START Formbricks Surveys -->
   <script type="text/javascript">

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/page.tsx

@@ -1,12 +1,12 @@
+import { XIcon } from "lucide-react";
+import Link from "next/link";
 import { ConnectWithFormbricks } from "@/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks";
 import { getEnvironment } from "@/lib/environment/service";
 import { getPublicDomain } from "@/lib/getPublicUrl";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
+import { getTranslate } from "@/lingodotdev/server";
 import { Button } from "@/modules/ui/components/button";
 import { Header } from "@/modules/ui/components/header";
-import { getTranslate } from "@/tolgee/server";
-import { XIcon } from "lucide-react";
-import Link from "next/link";
 
 interface ConnectPageProps {
   params: Promise<{

apps/web/app/(app)/(onboarding)/environments/[environmentId]/layout.test.tsx

@@ -1,147 +0,0 @@
-import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
-import { cleanup, render, screen } from "@testing-library/react";
-import { getServerSession } from "next-auth";
-import { redirect } from "next/navigation";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import OnboardingLayout from "./layout";
-
-vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: false,
-  IS_PRODUCTION: false,
-  IS_DEVELOPMENT: true,
-  E2E_TESTING: false,
-  WEBAPP_URL: "http://localhost:3000",
-  PUBLIC_URL: "http://localhost:3000/survey",
-  ENCRYPTION_KEY: "mock-encryption-key",
-  CRON_SECRET: "mock-cron-secret",
-  DEFAULT_BRAND_COLOR: "#64748b",
-  FB_LOGO_URL: "https://mock-logo-url.com/logo.png",
-  PRIVACY_URL: "http://localhost:3000/privacy",
-  TERMS_URL: "http://localhost:3000/terms",
-  IMPRINT_URL: "http://localhost:3000/imprint",
-  IMPRINT_ADDRESS: "Mock Address",
-  PASSWORD_RESET_DISABLED: false,
-  EMAIL_VERIFICATION_DISABLED: false,
-  GOOGLE_OAUTH_ENABLED: false,
-  GITHUB_OAUTH_ENABLED: false,
-  AZURE_OAUTH_ENABLED: false,
-  OIDC_OAUTH_ENABLED: false,
-  SAML_OAUTH_ENABLED: false,
-  SAML_XML_DIR: "./mock-saml-connection",
-  SIGNUP_ENABLED: true,
-  EMAIL_AUTH_ENABLED: true,
-  INVITE_DISABLED: false,
-  SLACK_CLIENT_SECRET: "mock-slack-secret",
-  SLACK_CLIENT_ID: "mock-slack-id",
-  SLACK_AUTH_URL: "https://mock-slack-auth-url.com",
-  GOOGLE_SHEETS_CLIENT_ID: "mock-google-sheets-id",
-  GOOGLE_SHEETS_CLIENT_SECRET: "mock-google-sheets-secret",
-  GOOGLE_SHEETS_REDIRECT_URL: "http://localhost:3000/google-sheets-redirect",
-  NOTION_OAUTH_CLIENT_ID: "mock-notion-id",
-  NOTION_OAUTH_CLIENT_SECRET: "mock-notion-secret",
-  NOTION_REDIRECT_URI: "http://localhost:3000/notion-redirect",
-  NOTION_AUTH_URL: "https://mock-notion-auth-url.com",
-  AIRTABLE_CLIENT_ID: "mock-airtable-id",
-  SMTP_HOST: "mock-smtp-host",
-  SMTP_PORT: "587",
-  SMTP_SECURE_ENABLED: false,
-  SMTP_USER: "mock-smtp-user",
-  SMTP_PASSWORD: "mock-smtp-password",
-  SMTP_AUTHENTICATED: true,
-  SMTP_REJECT_UNAUTHORIZED_TLS: true,
-  MAIL_FROM: "mock@mail.com",
-  MAIL_FROM_NAME: "Mock Mail",
-  NEXTAUTH_SECRET: "mock-nextauth-secret",
-  ITEMS_PER_PAGE: 30,
-  SURVEYS_PER_PAGE: 12,
-  RESPONSES_PER_PAGE: 25,
-  TEXT_RESPONSES_PER_PAGE: 5,
-  INSIGHTS_PER_PAGE: 10,
-  DOCUMENTS_PER_PAGE: 10,
-  MAX_RESPONSES_FOR_INSIGHT_GENERATION: 500,
-  MAX_OTHER_OPTION_LENGTH: 250,
-  ENTERPRISE_LICENSE_KEY: "ABC",
-  GITHUB_ID: "mock-github-id",
-  GITHUB_SECRET: "mock-github-secret",
-  GITHUB_OAUTH_URL: "https://mock-github-auth-url.com",
-  AZURE_ID: "mock-azure-id",
-  AZUREAD_CLIENT_ID: "mock-azure-client-id",
-  AZUREAD_CLIENT_SECRET: "mock-azure-client-secret",
-  GOOGLE_CLIENT_ID: "mock-google-client-id",
-  GOOGLE_CLIENT_SECRET: "mock-google-client-secret",
-  GOOGLE_OAUTH_URL: "https://mock-google-auth-url.com",
-  AZURE_OAUTH_URL: "https://mock-azure-auth-url.com",
-  OIDC_ID: "mock-oidc-id",
-  OIDC_OAUTH_URL: "https://mock-oidc-auth-url.com",
-  SAML_ID: "mock-saml-id",
-  SAML_OAUTH_URL: "https://mock-saml-auth-url.com",
-  SAML_METADATA_URL: "https://mock-saml-metadata-url.com",
-  AZUREAD_TENANT_ID: "mock-azure-tenant-id",
-  AZUREAD_OAUTH_URL: "https://mock-azuread-auth-url.com",
-  OIDC_DISPLAY_NAME: "Mock OIDC",
-  OIDC_CLIENT_ID: "mock-oidc-client-id",
-  OIDC_CLIENT_SECRET: "mock-oidc-client-secret",
-  OIDC_REDIRECT_URL: "http://localhost:3000/oidc-redirect",
-  OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
-  OIDC_ISSUER: "https://mock-oidc-issuer.com",
-  OIDC_SIGNING_ALGORITHM: "RS256",
-  SESSION_MAX_AGE: 1000,
-  REDIS_URL: undefined,
-  AUDIT_LOG_ENABLED: true,
-}));
-
-vi.mock("next/navigation", () => ({
-  redirect: vi.fn(),
-}));
-
-vi.mock("next-auth", () => ({
-  getServerSession: vi.fn(),
-}));
-
-vi.mock("@/lib/environment/auth", () => ({
-  hasUserEnvironmentAccess: vi.fn(),
-}));
-
-describe("OnboardingLayout", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  test("redirects to login if session is missing", async () => {
-    vi.mocked(getServerSession).mockResolvedValueOnce(null);
-
-    await OnboardingLayout({
-      params: { environmentId: "env1" },
-      children: <div>Test Content</div>,
-    });
-
-    expect(redirect).toHaveBeenCalledWith("/auth/login");
-  });
-
-  test("throws AuthorizationError if user lacks access", async () => {
-    vi.mocked(getServerSession).mockResolvedValueOnce({ user: { id: "user1" } });
-    vi.mocked(hasUserEnvironmentAccess).mockResolvedValueOnce(false);
-
-    await expect(
-      OnboardingLayout({
-        params: { environmentId: "env1" },
-        children: <div>Test Content</div>,
-      })
-    ).rejects.toThrow("User is not authorized to access this environment");
-  });
-
-  test("renders children if user has access", async () => {
-    vi.mocked(getServerSession).mockResolvedValueOnce({ user: { id: "user1" } });
-    vi.mocked(hasUserEnvironmentAccess).mockResolvedValueOnce(true);
-
-    const result = await OnboardingLayout({
-      params: { environmentId: "env1" },
-      children: <div data-testid="child">Test Content</div>,
-    });
-
-    render(result);
-
-    expect(screen.getByTestId("child")).toHaveTextContent("Test Content");
-  });
-});

apps/web/app/(app)/(onboarding)/environments/[environmentId]/layout.tsx

@@ -1,8 +1,8 @@
-import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
-import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { AuthorizationError } from "@formbricks/types/errors";
+import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
+import { authOptions } from "@/modules/auth/lib/authOptions";
 
 const OnboardingLayout = async (props) => {
   const params = await props.params;

apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/components/XMTemplateList.test.tsx

@@ -1,76 +0,0 @@
-import { createSurveyAction } from "@/modules/survey/components/template-list/actions";
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render, screen } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import toast from "react-hot-toast";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { XMTemplateList } from "./XMTemplateList";
-
-// Prepare push mock and module mocks before importing component
-const pushMock = vi.fn();
-vi.mock("@tolgee/react", () => ({ useTranslate: () => ({ t: (key: string) => key }) }));
-vi.mock("next/navigation", () => ({ useRouter: vi.fn(() => ({ push: pushMock })) }));
-vi.mock("react-hot-toast", () => ({ default: { error: vi.fn() } }));
-vi.mock("@/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates", () => ({
-  getXMTemplates: (t: any) => [
-    { id: 1, name: "tmpl1" },
-    { id: 2, name: "tmpl2" },
-  ],
-}));
-vi.mock("@/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/utils", () => ({
-  replacePresetPlaceholders: (template: any, project: any) => ({ ...template, projectId: project.id }),
-}));
-vi.mock("@/modules/survey/components/template-list/actions", () => ({ createSurveyAction: vi.fn() }));
-vi.mock("@/lib/utils/helper", () => ({ getFormattedErrorMessage: () => "formatted-error" }));
-vi.mock("@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer", () => ({
-  OnboardingOptionsContainer: ({ options }: { options: any[] }) => (
-    <div>
-      {options.map((opt, idx) => (
-        <button key={idx} data-testid={`option-${idx}`} onClick={opt.onClick}>
-          {opt.title}
-        </button>
-      ))}
-    </div>
-  ),
-}));
-
-// Reset mocks between tests
-afterEach(() => {
-  cleanup();
-  vi.clearAllMocks();
-});
-
-describe("XMTemplateList component", () => {
-  const project = { id: "proj1" } as any;
-  const user = { id: "user1" } as any;
-  const environmentId = "env1";
-
-  test("creates survey and navigates on success", async () => {
-    // Mock successful survey creation
-    vi.mocked(createSurveyAction).mockResolvedValue({ data: { id: "survey1" } } as any);
-
-    render(<XMTemplateList project={project} user={user} environmentId={environmentId} />);
-
-    const option0 = screen.getByTestId("option-0");
-    await userEvent.click(option0);
-
-    expect(createSurveyAction).toHaveBeenCalledWith({
-      environmentId,
-      surveyBody: expect.objectContaining({ id: 1, projectId: "proj1", type: "link", createdBy: "user1" }),
-    });
-    expect(pushMock).toHaveBeenCalledWith(`/environments/${environmentId}/surveys/survey1/edit?mode=cx`);
-  });
-
-  test("shows error toast on failure", async () => {
-    // Mock failed survey creation
-    vi.mocked(createSurveyAction).mockResolvedValue({ error: "err" } as any);
-
-    render(<XMTemplateList project={project} user={user} environmentId={environmentId} />);
-
-    const option1 = screen.getByTestId("option-1");
-    await userEvent.click(option1);
-
-    expect(createSurveyAction).toHaveBeenCalled();
-    expect(toast.error).toHaveBeenCalledWith("formatted-error");
-  });
-});

apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/components/XMTemplateList.tsx

@@ -1,19 +1,19 @@
 "use client";
 
+import { ActivityIcon, ShoppingCartIcon, SmileIcon, StarIcon, ThumbsUpIcon, UsersIcon } from "lucide-react";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import toast from "react-hot-toast";
+import { useTranslation } from "react-i18next";
+import { TProject } from "@formbricks/types/project";
+import { TSurveyCreateInput } from "@formbricks/types/surveys/types";
+import { TXMTemplate } from "@formbricks/types/templates";
+import { TUser } from "@formbricks/types/user";
 import { replacePresetPlaceholders } from "@/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/utils";
 import { getXMTemplates } from "@/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates";
 import { OnboardingOptionsContainer } from "@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { createSurveyAction } from "@/modules/survey/components/template-list/actions";
-import { useTranslate } from "@tolgee/react";
-import { ActivityIcon, ShoppingCartIcon, SmileIcon, StarIcon, ThumbsUpIcon, UsersIcon } from "lucide-react";
-import { useRouter } from "next/navigation";
-import { useState } from "react";
-import toast from "react-hot-toast";
-import { TProject } from "@formbricks/types/project";
-import { TSurveyCreateInput } from "@formbricks/types/surveys/types";
-import { TXMTemplate } from "@formbricks/types/templates";
-import { TUser } from "@formbricks/types/user";
 
 interface XMTemplateListProps {
   project: TProject;
@@ -23,7 +23,7 @@ interface XMTemplateListProps {
 
 export const XMTemplateList = ({ project, user, environmentId }: XMTemplateListProps) => {
   const [activeTemplateId, setActiveTemplateId] = useState<number | null>(null);
-  const { t } = useTranslate();
+  const { t } = useTranslation();
   const router = useRouter();
 
   const createSurvey = async (activeTemplate: TXMTemplate) => {

apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/utils.test.ts

@@ -32,14 +32,22 @@ const mockProject: TProject = {
 };
 const mockTemplate: TXMTemplate = {
   name: "$[projectName] Survey",
-  questions: [
+  blocks: [
     {
-      id: "q1",
-      inputType: "text",
-      type: "email" as any,
-      headline: { default: "$[projectName] Question" },
-      required: false,
-      charLimit: { enabled: true, min: 400, max: 1000 },
+      id: "block1",
+      name: "Block 1",
+      elements: [
+        {
+          id: "q1",
+          type: "openText" as const,
+          inputType: "text" as const,
+          headline: { default: "$[projectName] Question" },
+          subheader: { default: "" },
+          required: false,
+          placeholder: { default: "" },
+          charLimit: 1000,
+        },
+      ],
     },
   ],
   endings: [
@@ -66,9 +74,9 @@ describe("replacePresetPlaceholders", () => {
     expect(result.name).toBe("Test Project Survey");
   });
 
-  test("replaces projectName placeholder in question headline", () => {
+  test("replaces projectName placeholder in element headline", () => {
     const result = replacePresetPlaceholders(mockTemplate, mockProject);
-    expect(result.questions[0].headline.default).toBe("Test Project Question");
+    expect(result.blocks[0].elements[0].headline.default).toBe("Test Project Question");
   });
 
   test("returns a new object without mutating the original template", () => {

apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/utils.ts

@@ -1,13 +1,16 @@
-import { replaceQuestionPresetPlaceholders } from "@/lib/utils/templates";
 import { TProject } from "@formbricks/types/project";
+import { TSurveyBlock } from "@formbricks/types/surveys/blocks";
 import { TXMTemplate } from "@formbricks/types/templates";
+import { replaceElementPresetPlaceholders } from "@/lib/utils/templates";
 
 // replace all occurences of projectName with the actual project name in the current template
-export const replacePresetPlaceholders = (template: TXMTemplate, project: TProject) => {
+export const replacePresetPlaceholders = (template: TXMTemplate, project: TProject): TXMTemplate => {
   const survey = structuredClone(template);
-  survey.name = survey.name.replace("$[projectName]", project.name);
-  survey.questions = survey.questions.map((question) => {
-    return replaceQuestionPresetPlaceholders(question, project);
-  });
-  return { ...template, ...survey };
+
+  const modifiedBlocks = survey.blocks.map((block: TSurveyBlock) => ({
+    ...block,
+    elements: block.elements.map((element) => replaceElementPresetPlaceholders(element, project)),
+  }));
+
+  return { ...survey, name: survey.name.replace("$[projectName]", project.name), blocks: modifiedBlocks };
 };

apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates.test.ts

@@ -1,6 +1,6 @@
 import "@testing-library/jest-dom/vitest";
 import { cleanup } from "@testing-library/preact";
-import { TFnType } from "@tolgee/react";
+import { TFunction } from "i18next";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { getXMSurveyDefault, getXMTemplates } from "./xm-templates";
 
@@ -14,13 +14,13 @@ describe("xm-templates", () => {
   });
 
   test("getXMSurveyDefault returns default survey template", () => {
-    const tMock = vi.fn((key) => key) as TFnType;
+    const tMock = vi.fn((key) => key) as TFunction;
     const result = getXMSurveyDefault(tMock);
 
     expect(result).toEqual({
       name: "",
       endings: expect.any(Array),
-      questions: [],
+      blocks: [],
       styling: {
         overwriteThemeStyling: true,
       },
@@ -29,7 +29,7 @@ describe("xm-templates", () => {
   });
 
   test("getXMTemplates returns all templates", () => {
-    const tMock = vi.fn((key) => key) as TFnType;
+    const tMock = vi.fn((key) => key) as TFunction;
     const result = getXMTemplates(tMock);
 
     expect(result).toHaveLength(6);
@@ -44,7 +44,7 @@ describe("xm-templates", () => {
   test("getXMTemplates handles errors gracefully", async () => {
     const tMock = vi.fn(() => {
       throw new Error("Test error");
-    }) as TFnType;
+    }) as TFunction;
 
     const result = getXMTemplates(tMock);
 

apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates.ts

@@ -1,21 +1,23 @@
-import {
-  buildCTAQuestion,
-  buildNPSQuestion,
-  buildOpenTextQuestion,
-  buildRatingQuestion,
-  getDefaultEndingCard,
-} from "@/app/lib/survey-builder";
 import { createId } from "@paralleldrive/cuid2";
-import { TFnType } from "@tolgee/react";
+import { TFunction } from "i18next";
 import { logger } from "@formbricks/logger";
 import { TXMTemplate } from "@formbricks/types/templates";
+import {
+  buildBlock,
+  buildCTAElement,
+  buildNPSElement,
+  buildOpenTextElement,
+  buildRatingElement,
+  createBlockJumpLogic,
+} from "@/app/lib/survey-block-builder";
+import { getDefaultEndingCard } from "@/app/lib/survey-builder";
 
-export const getXMSurveyDefault = (t: TFnType): TXMTemplate => {
+export const getXMSurveyDefault = (t: TFunction): TXMTemplate => {
   try {
     return {
       name: "",
       endings: [getDefaultEndingCard([], t)],
-      questions: [],
+      blocks: [],
       styling: {
         overwriteThemeStyling: true,
       },
@@ -26,45 +28,72 @@ export const getXMSurveyDefault = (t: TFnType): TXMTemplate => {
   }
 };
 
-const npsSurvey = (t: TFnType): TXMTemplate => {
+const npsSurvey = (t: TFunction): TXMTemplate => {
   return {
     ...getXMSurveyDefault(t),
     name: t("templates.nps_survey_name"),
-    questions: [
-      buildNPSQuestion({
-        headline: t("templates.nps_survey_question_1_headline"),
-        required: true,
-        lowerLabel: t("templates.nps_survey_question_1_lower_label"),
-        upperLabel: t("templates.nps_survey_question_1_upper_label"),
-        isColorCodingEnabled: true,
+    blocks: [
+      buildBlock({
+        name: "Block 1",
+        elements: [
+          buildNPSElement({
+            headline: t("templates.nps_survey_question_1_headline"),
+            required: true,
+            lowerLabel: t("templates.nps_survey_question_1_lower_label"),
+            upperLabel: t("templates.nps_survey_question_1_upper_label"),
+            isColorCodingEnabled: true,
+          }),
+        ],
         t,
       }),
-      buildOpenTextQuestion({
-        headline: t("templates.nps_survey_question_2_headline"),
-        required: false,
-        inputType: "text",
+      buildBlock({
+        name: "Block 2",
+        elements: [
+          buildOpenTextElement({
+            headline: t("templates.nps_survey_question_2_headline"),
+            required: false,
+            inputType: "text",
+          }),
+        ],
         t,
       }),
-      buildOpenTextQuestion({
-        headline: t("templates.nps_survey_question_3_headline"),
-        required: false,
-        inputType: "text",
+      buildBlock({
+        name: "Block 3",
+        elements: [
+          buildOpenTextElement({
+            headline: t("templates.nps_survey_question_3_headline"),
+            required: false,
+            inputType: "text",
+          }),
+        ],
         t,
       }),
     ],
   };
 };
 
-const starRatingSurvey = (t: TFnType): TXMTemplate => {
-  const reusableQuestionIds = [createId(), createId(), createId()];
+const starRatingSurvey = (t: TFunction): TXMTemplate => {
+  const reusableElementIds = [createId(), createId(), createId()];
+  const block3Id = createId(); // Pre-generate Block 3 ID for logic reference
   const defaultSurvey = getXMSurveyDefault(t);
 
   return {
     ...defaultSurvey,
     name: t("templates.star_rating_survey_name"),
-    questions: [
-      buildRatingQuestion({
-        id: reusableQuestionIds[0],
+    blocks: [
+      buildBlock({
+        name: "Block 1",
+        elements: [
+          buildRatingElement({
+            id: reusableElementIds[0],
+            range: 5,
+            scale: "number",
+            headline: t("templates.star_rating_survey_question_1_headline"),
+            required: true,
+            lowerLabel: t("templates.star_rating_survey_question_1_lower_label"),
+            upperLabel: t("templates.star_rating_survey_question_1_upper_label"),
+          }),
+        ],
         logic: [
           {
             id: createId(),
@@ -75,8 +104,8 @@ const starRatingSurvey = (t: TFnType): TXMTemplate => {
                 {
                   id: createId(),
                   leftOperand: {
-                    value: reusableQuestionIds[0],
-                    type: "question",
+                    value: reusableElementIds[0],
+                    type: "element",
                   },
                   operator: "isLessThanOrEqual",
                   rightOperand: {
@@ -89,80 +118,72 @@ const starRatingSurvey = (t: TFnType): TXMTemplate => {
             actions: [
               {
                 id: createId(),
-                objective: "jumpToQuestion",
-                target: reusableQuestionIds[2],
+                objective: "jumpToBlock",
+                target: block3Id,
               },
             ],
           },
         ],
-        range: 5,
-        scale: "number",
-        headline: t("templates.star_rating_survey_question_1_headline"),
-        required: true,
-        lowerLabel: t("templates.star_rating_survey_question_1_lower_label"),
-        upperLabel: t("templates.star_rating_survey_question_1_upper_label"),
         t,
       }),
-      buildCTAQuestion({
-        id: reusableQuestionIds[1],
-        html: t("templates.star_rating_survey_question_2_html"),
-        logic: [
-          {
-            id: createId(),
-            conditions: {
-              id: createId(),
-              connector: "and",
-              conditions: [
-                {
-                  id: createId(),
-                  leftOperand: {
-                    value: reusableQuestionIds[1],
-                    type: "question",
-                  },
-                  operator: "isClicked",
-                },
-              ],
-            },
-            actions: [
-              {
-                id: createId(),
-                objective: "jumpToQuestion",
-                target: defaultSurvey.endings[0].id,
-              },
-            ],
-          },
+      buildBlock({
+        name: "Block 2",
+        elements: [
+          buildCTAElement({
+            id: reusableElementIds[1],
+            subheader: t("templates.star_rating_survey_question_2_html"),
+            headline: t("templates.star_rating_survey_question_2_headline"),
+            required: false,
+            buttonUrl: "https://formbricks.com/github",
+            buttonExternal: true,
+            ctaButtonLabel: t("templates.star_rating_survey_question_2_button_label"),
+          }),
         ],
-        headline: t("templates.star_rating_survey_question_2_headline"),
-        required: true,
-        buttonUrl: "https://formbricks.com/github",
-        buttonLabel: t("templates.star_rating_survey_question_2_button_label"),
-        buttonExternal: true,
+        logic: [createBlockJumpLogic(reusableElementIds[1], defaultSurvey.endings[0].id, "isClicked")],
         t,
       }),
-      buildOpenTextQuestion({
-        id: reusableQuestionIds[2],
-        headline: t("templates.star_rating_survey_question_3_headline"),
-        required: true,
-        subheader: t("templates.star_rating_survey_question_3_subheader"),
+      buildBlock({
+        id: block3Id,
+        name: "Block 3",
+        elements: [
+          buildOpenTextElement({
+            id: reusableElementIds[2],
+            headline: t("templates.star_rating_survey_question_3_headline"),
+            required: true,
+            subheader: t("templates.star_rating_survey_question_3_subheader"),
+            placeholder: t("templates.star_rating_survey_question_3_placeholder"),
+            inputType: "text",
+          }),
+        ],
         buttonLabel: t("templates.star_rating_survey_question_3_button_label"),
-        placeholder: t("templates.star_rating_survey_question_3_placeholder"),
-        inputType: "text",
         t,
       }),
     ],
   };
 };
 
-const csatSurvey = (t: TFnType): TXMTemplate => {
-  const reusableQuestionIds = [createId(), createId(), createId()];
+const csatSurvey = (t: TFunction): TXMTemplate => {
+  const reusableElementIds = [createId(), createId(), createId()];
+  const block3Id = createId(); // Pre-generate Block 3 ID for logic reference
   const defaultSurvey = getXMSurveyDefault(t);
 
   return {
     ...defaultSurvey,
     name: t("templates.csat_survey_name"),
-    questions: [
-      buildRatingQuestion({
-        id: reusableQuestionIds[0],
+    blocks: [
+      buildBlock({
+        name: "Block 1",
+        elements: [
+          buildRatingElement({
+            id: reusableElementIds[0],
+            range: 5,
+            scale: "smiley",
+            headline: t("templates.csat_survey_question_1_headline"),
+            required: true,
+            lowerLabel: t("templates.csat_survey_question_1_lower_label"),
+            upperLabel: t("templates.csat_survey_question_1_upper_label"),
+          }),
+        ],
         logic: [
           {
             id: createId(),
@@ -173,8 +194,8 @@ const csatSurvey = (t: TFnType): TXMTemplate => {
                 {
                   id: createId(),
                   leftOperand: {
-                    value: reusableQuestionIds[0],
-                    type: "question",
+                    value: reusableElementIds[0],
+                    type: "element",
                   },
                   operator: "isLessThanOrEqual",
                   rightOperand: {
@@ -187,101 +208,103 @@ const csatSurvey = (t: TFnType): TXMTemplate => {
             actions: [
               {
                 id: createId(),
-                objective: "jumpToQuestion",
-                target: reusableQuestionIds[2],
+                objective: "jumpToBlock",
+                target: block3Id,
               },
             ],
           },
         ],
-        range: 5,
-        scale: "smiley",
-        headline: t("templates.csat_survey_question_1_headline"),
-        required: true,
-        lowerLabel: t("templates.csat_survey_question_1_lower_label"),
-        upperLabel: t("templates.csat_survey_question_1_upper_label"),
         t,
       }),
-      buildOpenTextQuestion({
-        id: reusableQuestionIds[1],
-        logic: [
-          {
-            id: createId(),
-            conditions: {
-              id: createId(),
-              connector: "and",
-              conditions: [
-                {
-                  id: createId(),
-                  leftOperand: {
-                    value: reusableQuestionIds[1],
-                    type: "question",
-                  },
-                  operator: "isSubmitted",
-                },
-              ],
-            },
-            actions: [
-              {
-                id: createId(),
-                objective: "jumpToQuestion",
-                target: defaultSurvey.endings[0].id,
-              },
-            ],
-          },
+      buildBlock({
+        name: "Block 2",
+        elements: [
+          buildOpenTextElement({
+            id: reusableElementIds[1],
+            headline: t("templates.csat_survey_question_2_headline"),
+            required: false,
+            placeholder: t("templates.csat_survey_question_2_placeholder"),
+            inputType: "text",
+          }),
         ],
-        headline: t("templates.csat_survey_question_2_headline"),
-        required: false,
-        placeholder: t("templates.csat_survey_question_2_placeholder"),
-        inputType: "text",
+        logic: [createBlockJumpLogic(reusableElementIds[1], defaultSurvey.endings[0].id, "isSubmitted")],
         t,
       }),
-      buildOpenTextQuestion({
-        id: reusableQuestionIds[2],
-        headline: t("templates.csat_survey_question_3_headline"),
-        required: false,
-        placeholder: t("templates.csat_survey_question_3_placeholder"),
-        inputType: "text",
+      buildBlock({
+        id: block3Id,
+        name: "Block 3",
+        elements: [
+          buildOpenTextElement({
+            id: reusableElementIds[2],
+            headline: t("templates.csat_survey_question_3_headline"),
+            required: false,
+            placeholder: t("templates.csat_survey_question_3_placeholder"),
+            inputType: "text",
+          }),
+        ],
         t,
       }),
     ],
   };
 };
 
-const cessSurvey = (t: TFnType): TXMTemplate => {
+const cessSurvey = (t: TFunction): TXMTemplate => {
   return {
     ...getXMSurveyDefault(t),
     name: t("templates.cess_survey_name"),
-    questions: [
-      buildRatingQuestion({
-        range: 5,
-        scale: "number",
-        headline: t("templates.cess_survey_question_1_headline"),
-        required: true,
-        lowerLabel: t("templates.cess_survey_question_1_lower_label"),
-        upperLabel: t("templates.cess_survey_question_1_upper_label"),
+    blocks: [
+      buildBlock({
+        name: "Block 1",
+        elements: [
+          buildRatingElement({
+            range: 5,
+            scale: "number",
+            headline: t("templates.cess_survey_question_1_headline"),
+            required: true,
+            lowerLabel: t("templates.cess_survey_question_1_lower_label"),
+            upperLabel: t("templates.cess_survey_question_1_upper_label"),
+          }),
+        ],
         t,
       }),
-      buildOpenTextQuestion({
-        headline: t("templates.cess_survey_question_2_headline"),
-        required: true,
-        placeholder: t("templates.cess_survey_question_2_placeholder"),
-        inputType: "text",
+      buildBlock({
+        name: "Block 2",
+        elements: [
+          buildOpenTextElement({
+            headline: t("templates.cess_survey_question_2_headline"),
+            required: true,
+            placeholder: t("templates.cess_survey_question_2_placeholder"),
+            inputType: "text",
+          }),
+        ],
         t,
       }),
     ],
   };
 };
 
-const smileysRatingSurvey = (t: TFnType): TXMTemplate => {
-  const reusableQuestionIds = [createId(), createId(), createId()];
+const smileysRatingSurvey = (t: TFunction): TXMTemplate => {
+  const reusableElementIds = [createId(), createId(), createId()];
+  const block3Id = createId(); // Pre-generate Block 3 ID for logic reference
   const defaultSurvey = getXMSurveyDefault(t);
 
   return {
     ...defaultSurvey,
     name: t("templates.smileys_survey_name"),
-    questions: [
-      buildRatingQuestion({
-        id: reusableQuestionIds[0],
+    blocks: [
+      buildBlock({
+        name: "Block 1",
+        elements: [
+          buildRatingElement({
+            id: reusableElementIds[0],
+            range: 5,
+            scale: "smiley",
+            headline: t("templates.smileys_survey_question_1_headline"),
+            required: true,
+            lowerLabel: t("templates.smileys_survey_question_1_lower_label"),
+            upperLabel: t("templates.smileys_survey_question_1_upper_label"),
+          }),
+        ],
         logic: [
           {
             id: createId(),
@@ -292,8 +315,8 @@ const smileysRatingSurvey = (t: TFnType): TXMTemplate => {
                 {
                   id: createId(),
                   leftOperand: {
-                    value: reusableQuestionIds[0],
-                    type: "question",
+                    value: reusableElementIds[0],
+                    type: "element",
                   },
                   operator: "isLessThanOrEqual",
                   rightOperand: {
@@ -306,100 +329,95 @@ const smileysRatingSurvey = (t: TFnType): TXMTemplate => {
             actions: [
               {
                 id: createId(),
-                objective: "jumpToQuestion",
-                target: reusableQuestionIds[2],
+                objective: "jumpToBlock",
+                target: block3Id,
               },
             ],
           },
         ],
-        range: 5,
-        scale: "smiley",
-        headline: t("templates.smileys_survey_question_1_headline"),
-        required: true,
-        lowerLabel: t("templates.smileys_survey_question_1_lower_label"),
-        upperLabel: t("templates.smileys_survey_question_1_upper_label"),
         t,
       }),
-      buildCTAQuestion({
-        id: reusableQuestionIds[1],
-        html: t("templates.smileys_survey_question_2_html"),
-        logic: [
-          {
-            id: createId(),
-            conditions: {
-              id: createId(),
-              connector: "and",
-              conditions: [
-                {
-                  id: createId(),
-                  leftOperand: {
-                    value: reusableQuestionIds[1],
-                    type: "question",
-                  },
-                  operator: "isClicked",
-                },
-              ],
-            },
-            actions: [
-              {
-                id: createId(),
-                objective: "jumpToQuestion",
-                target: defaultSurvey.endings[0].id,
-              },
-            ],
-          },
+      buildBlock({
+        name: "Block 2",
+        elements: [
+          buildCTAElement({
+            id: reusableElementIds[1],
+            subheader: t("templates.smileys_survey_question_2_html"),
+            headline: t("templates.smileys_survey_question_2_headline"),
+            required: false,
+            buttonUrl: "https://formbricks.com/github",
+            buttonExternal: true,
+            ctaButtonLabel: t("templates.smileys_survey_question_2_button_label"),
+          }),
         ],
-        headline: t("templates.smileys_survey_question_2_headline"),
-        required: true,
-        buttonUrl: "https://formbricks.com/github",
-        buttonLabel: t("templates.smileys_survey_question_2_button_label"),
-        buttonExternal: true,
+        logic: [createBlockJumpLogic(reusableElementIds[1], defaultSurvey.endings[0].id, "isClicked")],
         t,
       }),
-      buildOpenTextQuestion({
-        id: reusableQuestionIds[2],
-        headline: t("templates.smileys_survey_question_3_headline"),
-        required: true,
-        subheader: t("templates.smileys_survey_question_3_subheader"),
+      buildBlock({
+        id: block3Id,
+        name: "Block 3",
+        elements: [
+          buildOpenTextElement({
+            id: reusableElementIds[2],
+            headline: t("templates.smileys_survey_question_3_headline"),
+            required: true,
+            subheader: t("templates.smileys_survey_question_3_subheader"),
+            placeholder: t("templates.smileys_survey_question_3_placeholder"),
+            inputType: "text",
+          }),
+        ],
         buttonLabel: t("templates.smileys_survey_question_3_button_label"),
-        placeholder: t("templates.smileys_survey_question_3_placeholder"),
-        inputType: "text",
         t,
       }),
     ],
   };
 };
 
-const enpsSurvey = (t: TFnType): TXMTemplate => {
+const enpsSurvey = (t: TFunction): TXMTemplate => {
   return {
     ...getXMSurveyDefault(t),
     name: t("templates.enps_survey_name"),
-    questions: [
-      buildNPSQuestion({
-        headline: t("templates.enps_survey_question_1_headline"),
-        required: false,
-        lowerLabel: t("templates.enps_survey_question_1_lower_label"),
-        upperLabel: t("templates.enps_survey_question_1_upper_label"),
-        isColorCodingEnabled: true,
+    blocks: [
+      buildBlock({
+        name: "Block 1",
+        elements: [
+          buildNPSElement({
+            headline: t("templates.enps_survey_question_1_headline"),
+            required: false,
+            lowerLabel: t("templates.enps_survey_question_1_lower_label"),
+            upperLabel: t("templates.enps_survey_question_1_upper_label"),
+            isColorCodingEnabled: true,
+          }),
+        ],
         t,
       }),
-      buildOpenTextQuestion({
-        headline: t("templates.enps_survey_question_2_headline"),
-        required: false,
-        inputType: "text",
+      buildBlock({
+        name: "Block 2",
+        elements: [
+          buildOpenTextElement({
+            headline: t("templates.enps_survey_question_2_headline"),
+            required: false,
+            inputType: "text",
+          }),
+        ],
         t,
       }),
-      buildOpenTextQuestion({
-        headline: t("templates.enps_survey_question_3_headline"),
-        required: false,
-        inputType: "text",
+      buildBlock({
+        name: "Block 3",
+        elements: [
+          buildOpenTextElement({
+            headline: t("templates.enps_survey_question_3_headline"),
+            required: false,
+            inputType: "text",
+          }),
+        ],
         t,
       }),
     ],
   };
 };
 
-export const getXMTemplates = (t: TFnType): TXMTemplate[] => {
+export const getXMTemplates = (t: TFunction): TXMTemplate[] => {
   try {
     return [
       npsSurvey(t),

apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/page.tsx

@@ -1,15 +1,15 @@
+import { XIcon } from "lucide-react";
+import { getServerSession } from "next-auth";
+import Link from "next/link";
 import { XMTemplateList } from "@/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/components/XMTemplateList";
 import { getEnvironment } from "@/lib/environment/service";
 import { getProjectByEnvironmentId, getUserProjects } from "@/lib/project/service";
 import { getUser } from "@/lib/user/service";
 import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
+import { getTranslate } from "@/lingodotdev/server";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { Button } from "@/modules/ui/components/button";
 import { Header } from "@/modules/ui/components/header";
-import { getTranslate } from "@/tolgee/server";
-import { XIcon } from "lucide-react";
-import { getServerSession } from "next-auth";
-import Link from "next/link";
 
 interface XMTemplatePageProps {
   params: Promise<{

apps/web/app/(app)/(onboarding)/lib/onboarding.ts

@@ -1,12 +1,12 @@
 "use server";
 
-import { TOrganizationTeam } from "@/app/(app)/(onboarding)/types/onboarding";
-import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { ZId } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
+import { TOrganizationTeam } from "@/app/(app)/(onboarding)/types/onboarding";
+import { validateInputs } from "@/lib/utils/validate";
 
 export const getTeamsByOrganizationId = reactCache(
   async (organizationId: string): Promise<TOrganizationTeam[] | null> => {

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.test.tsx

@@ -1,82 +0,0 @@
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render, screen } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { LandingSidebar } from "./landing-sidebar";
-
-// Mock constants that this test needs
-vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: false,
-  WEBAPP_URL: "http://localhost:3000",
-}));
-
-// Mock server actions that this test needs
-vi.mock("@/modules/auth/actions/sign-out", () => ({
-  logSignOutAction: vi.fn().mockResolvedValue(undefined),
-}));
-
-// Module mocks must be declared before importing the component
-vi.mock("@tolgee/react", () => ({
-  useTranslate: () => ({ t: (key: string) => key, isLoading: false }),
-}));
-
-// Mock our useSignOut hook
-const mockSignOut = vi.fn();
-vi.mock("@/modules/auth/hooks/use-sign-out", () => ({
-  useSignOut: () => ({
-    signOut: mockSignOut,
-  }),
-}));
-
-vi.mock("next/navigation", () => ({ useRouter: () => ({ push: vi.fn() }) }));
-vi.mock("@/modules/organization/components/CreateOrganizationModal", () => ({
-  CreateOrganizationModal: ({ open }: { open: boolean }) => (
-    <div data-testid={open ? "modal-open" : "modal-closed"} />
-  ),
-}));
-vi.mock("@/modules/ui/components/avatars", () => ({
-  ProfileAvatar: ({ userId }: { userId: string }) => <div data-testid="avatar">{userId}</div>,
-}));
-
-// Ensure mocks are reset between tests
-afterEach(() => {
-  cleanup();
-  vi.clearAllMocks();
-});
-
-describe("LandingSidebar component", () => {
-  const user = { id: "u1", name: "Alice", email: "alice@example.com" } as any;
-  const organization = { id: "o1", name: "orgOne" } as any;
-
-  test("renders logo, avatar, and initial modal closed", () => {
-    render(<LandingSidebar user={user} organization={organization} />);
-
-    // Formbricks logo
-    expect(screen.getByAltText("environments.formbricks_logo")).toBeInTheDocument();
-    // Profile avatar
-    expect(screen.getByTestId("avatar")).toHaveTextContent("u1");
-    // CreateOrganizationModal should be closed initially
-    expect(screen.getByTestId("modal-closed")).toBeInTheDocument();
-  });
-
-  test("clicking logout triggers signOut", async () => {
-    render(<LandingSidebar user={user} organization={organization} />);
-
-    // Open user dropdown by clicking on avatar trigger
-    const trigger = screen.getByTestId("avatar").parentElement;
-    if (trigger) await userEvent.click(trigger);
-
-    // Click logout menu item
-    const logoutItem = await screen.findByText("common.logout");
-    await userEvent.click(logoutItem);
-
-    expect(mockSignOut).toHaveBeenCalledWith({
-      reason: "user_initiated",
-      redirectUrl: "/auth/login",
-      organizationId: "o1",
-      redirect: true,
-      callbackUrl: "/auth/login",
-      clearEnvironmentId: true,
-    });
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.tsx

@@ -1,8 +1,14 @@
 "use client";
 
+import { ArrowUpRightIcon, ChevronRightIcon, LogOutIcon } from "lucide-react";
+import Image from "next/image";
+import Link from "next/link";
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { TOrganization } from "@formbricks/types/organizations";
+import { TUser } from "@formbricks/types/user";
 import FBLogo from "@/images/formbricks-wordmark.svg";
 import { cn } from "@/lib/cn";
-import { capitalizeFirstLetter } from "@/lib/utils/strings";
 import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { CreateOrganizationModal } from "@/modules/organization/components/CreateOrganizationModal";
 import { ProfileAvatar } from "@/modules/ui/components/avatars";
@@ -12,13 +18,6 @@ import {
   DropdownMenuItem,
   DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
-import { useTranslate } from "@tolgee/react";
-import { ArrowUpRightIcon, ChevronRightIcon, LogOutIcon } from "lucide-react";
-import Image from "next/image";
-import Link from "next/link";
-import { useState } from "react";
-import { TOrganization } from "@formbricks/types/organizations";
-import { TUser } from "@formbricks/types/user";
 
 interface LandingSidebarProps {
   user: TUser;
@@ -28,7 +27,7 @@ interface LandingSidebarProps {
 export const LandingSidebar = ({ user, organization }: LandingSidebarProps) => {
   const [openCreateOrganizationModal, setOpenCreateOrganizationModal] = useState<boolean>(false);
 
-  const { t } = useTranslate();
+  const { t } = useTranslation();
   const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
 
   const dropdownNavigation = [
@@ -66,10 +65,8 @@ export const LandingSidebar = ({ user, organization }: LandingSidebarProps) => {
                   )}>
                   {user?.name ? <span>{user?.name}</span> : <span>{user?.email}</span>}
                 </p>
-                <p
-                  title={capitalizeFirstLetter(organization?.name)}
-                  className="truncate text-sm text-slate-500">
-                  {capitalizeFirstLetter(organization?.name)}
+                <p title={organization?.name} className="truncate text-sm text-slate-500">
+                  {organization?.name}
                 </p>
               </div>
               <ChevronRightIcon className={cn("h-5 w-5 shrink-0 text-slate-700 hover:text-slate-500")} />

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/layout.test.tsx

@@ -1,187 +0,0 @@
-import { getEnvironments } from "@/lib/environment/service";
-import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
-import { getUserProjects } from "@/lib/project/service";
-import "@testing-library/jest-dom/vitest";
-import { cleanup } from "@testing-library/preact";
-import { getServerSession } from "next-auth";
-import { notFound, redirect } from "next/navigation";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import LandingLayout from "./layout";
-
-vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: false,
-  IS_PRODUCTION: false,
-  IS_DEVELOPMENT: true,
-  E2E_TESTING: false,
-  WEBAPP_URL: "http://localhost:3000",
-  PUBLIC_URL: "http://localhost:3000/survey",
-  ENCRYPTION_KEY: "mock-encryption-key",
-  CRON_SECRET: "mock-cron-secret",
-  DEFAULT_BRAND_COLOR: "#64748b",
-  FB_LOGO_URL: "https://mock-logo-url.com/logo.png",
-  PRIVACY_URL: "http://localhost:3000/privacy",
-  TERMS_URL: "http://localhost:3000/terms",
-  IMPRINT_URL: "http://localhost:3000/imprint",
-  IMPRINT_ADDRESS: "Mock Address",
-  PASSWORD_RESET_DISABLED: false,
-  EMAIL_VERIFICATION_DISABLED: false,
-  GOOGLE_OAUTH_ENABLED: false,
-  GITHUB_OAUTH_ENABLED: false,
-  AZURE_OAUTH_ENABLED: false,
-  OIDC_OAUTH_ENABLED: false,
-  SAML_OAUTH_ENABLED: false,
-  SAML_XML_DIR: "./mock-saml-connection",
-  SIGNUP_ENABLED: true,
-  EMAIL_AUTH_ENABLED: true,
-  INVITE_DISABLED: false,
-  SLACK_CLIENT_SECRET: "mock-slack-secret",
-  SLACK_CLIENT_ID: "mock-slack-id",
-  SLACK_AUTH_URL: "https://mock-slack-auth-url.com",
-  GOOGLE_SHEETS_CLIENT_ID: "mock-google-sheets-id",
-  GOOGLE_SHEETS_CLIENT_SECRET: "mock-google-sheets-secret",
-  GOOGLE_SHEETS_REDIRECT_URL: "http://localhost:3000/google-sheets-redirect",
-  NOTION_OAUTH_CLIENT_ID: "mock-notion-id",
-  NOTION_OAUTH_CLIENT_SECRET: "mock-notion-secret",
-  NOTION_REDIRECT_URI: "http://localhost:3000/notion-redirect",
-  NOTION_AUTH_URL: "https://mock-notion-auth-url.com",
-  AIRTABLE_CLIENT_ID: "mock-airtable-id",
-  SMTP_HOST: "mock-smtp-host",
-  SMTP_PORT: "587",
-  SMTP_SECURE_ENABLED: false,
-  SMTP_USER: "mock-smtp-user",
-  SMTP_PASSWORD: "mock-smtp-password",
-  SMTP_AUTHENTICATED: true,
-  SMTP_REJECT_UNAUTHORIZED_TLS: true,
-  MAIL_FROM: "mock@mail.com",
-  MAIL_FROM_NAME: "Mock Mail",
-  NEXTAUTH_SECRET: "mock-nextauth-secret",
-  ITEMS_PER_PAGE: 30,
-  SURVEYS_PER_PAGE: 12,
-  RESPONSES_PER_PAGE: 25,
-  TEXT_RESPONSES_PER_PAGE: 5,
-  INSIGHTS_PER_PAGE: 10,
-  DOCUMENTS_PER_PAGE: 10,
-  MAX_RESPONSES_FOR_INSIGHT_GENERATION: 500,
-  MAX_OTHER_OPTION_LENGTH: 250,
-  ENTERPRISE_LICENSE_KEY: "ABC",
-  GITHUB_ID: "mock-github-id",
-  GITHUB_SECRET: "mock-github-secret",
-  GITHUB_OAUTH_URL: "https://mock-github-auth-url.com",
-  AZURE_ID: "mock-azure-id",
-  AZUREAD_CLIENT_ID: "mock-azure-client-id",
-  AZUREAD_CLIENT_SECRET: "mock-azure-client-secret",
-  GOOGLE_CLIENT_ID: "mock-google-client-id",
-  GOOGLE_CLIENT_SECRET: "mock-google-client-secret",
-  GOOGLE_OAUTH_URL: "https://mock-google-auth-url.com",
-  AZURE_OAUTH_URL: "https://mock-azure-auth-url.com",
-  OIDC_ID: "mock-oidc-id",
-  OIDC_OAUTH_URL: "https://mock-oidc-auth-url.com",
-  SAML_ID: "mock-saml-id",
-  SAML_OAUTH_URL: "https://mock-saml-auth-url.com",
-  SAML_METADATA_URL: "https://mock-saml-metadata-url.com",
-  AZUREAD_TENANT_ID: "mock-azure-tenant-id",
-  AZUREAD_OAUTH_URL: "https://mock-azuread-auth-url.com",
-  OIDC_DISPLAY_NAME: "Mock OIDC",
-  OIDC_CLIENT_ID: "mock-oidc-client-id",
-  OIDC_CLIENT_SECRET: "mock-oidc-client-secret",
-  OIDC_REDIRECT_URL: "http://localhost:3000/oidc-redirect",
-  OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
-  OIDC_ISSUER: "https://mock-oidc-issuer.com",
-  OIDC_SIGNING_ALGORITHM: "RS256",
-  SESSION_MAX_AGE: 1000,
-  REDIS_URL: undefined,
-  AUDIT_LOG_ENABLED: true,
-}));
-
-vi.mock("@/lib/environment/service");
-vi.mock("@/lib/membership/service");
-vi.mock("@/lib/project/service");
-vi.mock("next-auth");
-vi.mock("next/navigation");
-
-afterEach(() => {
-  cleanup();
-});
-
-describe("LandingLayout", () => {
-  test("redirects to login if no session exists", async () => {
-    vi.mocked(getServerSession).mockResolvedValue(null);
-
-    const props = { params: { organizationId: "org-123" }, children: <div>Child Content</div> };
-
-    await LandingLayout(props);
-
-    expect(vi.mocked(redirect)).toHaveBeenCalledWith("/auth/login");
-  });
-
-  test("returns notFound if no membership is found", async () => {
-    vi.mocked(getServerSession).mockResolvedValue({ user: { id: "user-123" } });
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue(null);
-
-    const props = { params: { organizationId: "org-123" }, children: <div>Child Content</div> };
-
-    await LandingLayout(props);
-
-    expect(vi.mocked(notFound)).toHaveBeenCalled();
-  });
-
-  test("redirects to production environment if available", async () => {
-    vi.mocked(getServerSession).mockResolvedValue({ user: { id: "user-123" } });
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue({
-      organizationId: "org-123",
-      userId: "user-123",
-      accepted: true,
-      role: "owner",
-    });
-    vi.mocked(getUserProjects).mockResolvedValue([
-      {
-        id: "proj-123",
-        organizationId: "org-123",
-        createdAt: new Date("2023-01-01"),
-        updatedAt: new Date("2023-01-02"),
-        name: "Project 1",
-        styling: { allowStyleOverwrite: true },
-        recontactDays: 30,
-        inAppSurveyBranding: true,
-        linkSurveyBranding: true,
-      } as any,
-    ]);
-    vi.mocked(getEnvironments).mockResolvedValue([
-      {
-        id: "env-123",
-        type: "production",
-        projectId: "proj-123",
-        createdAt: new Date("2023-01-01"),
-        updatedAt: new Date("2023-01-02"),
-        appSetupCompleted: true,
-      },
-    ]);
-
-    const props = { params: { organizationId: "org-123" }, children: <div>Child Content</div> };
-
-    await LandingLayout(props);
-
-    expect(vi.mocked(redirect)).toHaveBeenCalledWith("/environments/env-123/");
-  });
-
-  test("renders children if no projects or production environment exist", async () => {
-    vi.mocked(getServerSession).mockResolvedValue({ user: { id: "user-123" } });
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue({
-      organizationId: "org-123",
-      userId: "user-123",
-      accepted: true,
-      role: "owner",
-    });
-    vi.mocked(getUserProjects).mockResolvedValue([]);
-
-    const props = { params: { organizationId: "org-123" }, children: <div>Child Content</div> };
-
-    const result = await LandingLayout(props);
-
-    expect(result).toEqual(
-      <>
-        <div>Child Content</div>
-      </>
-    );
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/layout.tsx

@@ -1,9 +1,9 @@
+import { getServerSession } from "next-auth";
+import { notFound, redirect } from "next/navigation";
 import { getEnvironments } from "@/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getUserProjects } from "@/lib/project/service";
 import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getServerSession } from "next-auth";
-import { notFound, redirect } from "next/navigation";
 
 const LandingLayout = async (props) => {
   const params = await props.params;

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.test.tsx

@@ -1,227 +0,0 @@
-import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
-import { getOrganizationsByUserId } from "@/lib/organization/service";
-import { getUser } from "@/lib/user/service";
-import { getOrganizationAuth } from "@/modules/organization/lib/utils";
-import { getTranslate } from "@/tolgee/server";
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render, screen } from "@testing-library/react";
-import { notFound, redirect } from "next/navigation";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-
-vi.mock("@/modules/ee/license-check/lib/license", () => ({
-  getEnterpriseLicense: vi.fn().mockResolvedValue({
-    active: true,
-    features: { isMultiOrgEnabled: true },
-    lastChecked: new Date(),
-    isPendingDowngrade: false,
-    fallbackLevel: "live",
-  }),
-  getLicenseFeatures: vi.fn().mockResolvedValue({ isMultiOrgEnabled: true }),
-}));
-
-vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: false,
-  IS_PRODUCTION: false,
-  IS_DEVELOPMENT: true,
-  E2E_TESTING: false,
-  WEBAPP_URL: "http://localhost:3000",
-  ENCRYPTION_KEY: "mock-encryption-key",
-  CRON_SECRET: "mock-cron-secret",
-  DEFAULT_BRAND_COLOR: "#64748b",
-  FB_LOGO_URL: "https://mock-logo-url.com/logo.png",
-  PRIVACY_URL: "http://localhost:3000/privacy",
-  TERMS_URL: "http://localhost:3000/terms",
-  IMPRINT_URL: "http://localhost:3000/imprint",
-  IMPRINT_ADDRESS: "Mock Address",
-  PASSWORD_RESET_DISABLED: false,
-  EMAIL_VERIFICATION_DISABLED: false,
-  GOOGLE_OAUTH_ENABLED: false,
-  GITHUB_OAUTH_ENABLED: false,
-  AZURE_OAUTH_ENABLED: false,
-  OIDC_OAUTH_ENABLED: false,
-  SAML_OAUTH_ENABLED: false,
-  SAML_XML_DIR: "./mock-saml-connection",
-  SIGNUP_ENABLED: true,
-  EMAIL_AUTH_ENABLED: true,
-  INVITE_DISABLED: false,
-  SLACK_CLIENT_SECRET: "mock-slack-secret",
-  SLACK_CLIENT_ID: "mock-slack-id",
-  SLACK_AUTH_URL: "https://mock-slack-auth-url.com",
-  GOOGLE_SHEETS_CLIENT_ID: "mock-google-sheets-id",
-  GOOGLE_SHEETS_CLIENT_SECRET: "mock-google-sheets-secret",
-  GOOGLE_SHEETS_REDIRECT_URL: "http://localhost:3000/google-sheets-redirect",
-  NOTION_OAUTH_CLIENT_ID: "mock-notion-id",
-  NOTION_OAUTH_CLIENT_SECRET: "mock-notion-secret",
-  NOTION_REDIRECT_URI: "http://localhost:3000/notion-redirect",
-  NOTION_AUTH_URL: "https://mock-notion-auth-url.com",
-  AIRTABLE_CLIENT_ID: "mock-airtable-id",
-  SMTP_HOST: "mock-smtp-host",
-  SMTP_PORT: "587",
-  SMTP_SECURE_ENABLED: false,
-  SMTP_USER: "mock-smtp-user",
-  SMTP_PASSWORD: "mock-smtp-password",
-  SMTP_AUTHENTICATED: true,
-  SMTP_REJECT_UNAUTHORIZED_TLS: true,
-  MAIL_FROM: "mock@mail.com",
-  MAIL_FROM_NAME: "Mock Mail",
-  NEXTAUTH_SECRET: "mock-nextauth-secret",
-  ITEMS_PER_PAGE: 30,
-  SURVEYS_PER_PAGE: 12,
-  RESPONSES_PER_PAGE: 25,
-  TEXT_RESPONSES_PER_PAGE: 5,
-  INSIGHTS_PER_PAGE: 10,
-  DOCUMENTS_PER_PAGE: 10,
-  MAX_RESPONSES_FOR_INSIGHT_GENERATION: 500,
-  MAX_OTHER_OPTION_LENGTH: 250,
-  ENTERPRISE_LICENSE_KEY: "ABC",
-  GITHUB_ID: "mock-github-id",
-  GITHUB_SECRET: "mock-github-secret",
-  GITHUB_OAUTH_URL: "https://mock-github-auth-url.com",
-  AZURE_ID: "mock-azure-id",
-  AZUREAD_CLIENT_ID: "mock-azure-client-id",
-  AZUREAD_CLIENT_SECRET: "mock-azure-client-secret",
-  GOOGLE_CLIENT_ID: "mock-google-client-id",
-  GOOGLE_CLIENT_SECRET: "mock-google-client-secret",
-  GOOGLE_OAUTH_URL: "https://mock-google-auth-url.com",
-  AZURE_OAUTH_URL: "https://mock-azure-auth-url.com",
-  OIDC_ID: "mock-oidc-id",
-  OIDC_OAUTH_URL: "https://mock-oidc-auth-url.com",
-  SAML_ID: "mock-saml-id",
-  SAML_OAUTH_URL: "https://mock-saml-auth-url.com",
-  SAML_METADATA_URL: "https://mock-saml-metadata-url.com",
-  AZUREAD_TENANT_ID: "mock-azure-tenant-id",
-  AZUREAD_OAUTH_URL: "https://mock-azuread-auth-url.com",
-  OIDC_DISPLAY_NAME: "Mock OIDC",
-  OIDC_CLIENT_ID: "mock-oidc-client-id",
-  OIDC_CLIENT_SECRET: "mock-oidc-client-secret",
-  OIDC_REDIRECT_URL: "http://localhost:3000/oidc-redirect",
-  OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
-  OIDC_ISSUER: "https://mock-oidc-issuer.com",
-  OIDC_SIGNING_ALGORITHM: "RS256",
-  SESSION_MAX_AGE: 1000,
-  REDIS_URL: undefined,
-  AUDIT_LOG_ENABLED: true,
-}));
-
-vi.mock("@/lib/getPublicUrl", () => ({
-  getPublicDomain: vi.fn().mockReturnValue("http://localhost:3000"),
-}));
-
-vi.mock("@/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar", () => ({
-  LandingSidebar: () => <div data-testid="landing-sidebar" />,
-}));
-vi.mock("@/app/(app)/environments/[environmentId]/components/project-and-org-switch", () => ({
-  ProjectAndOrgSwitch: () => <div data-testid="project-and-org-switch" />,
-}));
-vi.mock("@/modules/organization/lib/utils");
-vi.mock("@/lib/user/service");
-vi.mock("@/lib/organization/service");
-vi.mock("@/lib/membership/service");
-vi.mock("@/tolgee/server");
-vi.mock("next/navigation", () => ({
-  redirect: vi.fn(() => "REDIRECT_STUB"),
-  notFound: vi.fn(() => "NOT_FOUND_STUB"),
-  usePathname: vi.fn(() => "/organizations/org1"),
-  useRouter: vi.fn(() => ({
-    push: vi.fn(),
-    replace: vi.fn(),
-    back: vi.fn(),
-    forward: vi.fn(),
-    refresh: vi.fn(),
-  })),
-}));
-
-// Mock the React cache function
-vi.mock("react", async () => {
-  const actual = await vi.importActual("react");
-  return {
-    ...actual,
-    cache: (fn: any) => fn,
-  };
-});
-
-describe("Page component", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  beforeEach(() => {
-    vi.resetModules();
-  });
-
-  test("redirects to login if no user session", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValue({ session: {}, organization: {} } as any);
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: true,
-        features: { isMultiOrgEnabled: true },
-        lastChecked: new Date(),
-        isPendingDowngrade: false,
-        fallbackLevel: "live",
-      }),
-      getLicenseFeatures: vi.fn().mockResolvedValue({ isMultiOrgEnabled: true }),
-    }));
-    const { default: Page } = await import("./page");
-    const result = await Page({ params: { organizationId: "org1" } });
-    expect(redirect).toHaveBeenCalledWith("/auth/login");
-    expect(result).toBe("REDIRECT_STUB");
-  });
-
-  test("returns notFound if user does not exist", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValue({
-      session: { user: { id: "user1" } },
-      organization: {},
-    } as any);
-    vi.mocked(getUser).mockResolvedValue(null);
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: true,
-        features: { isMultiOrgEnabled: true },
-        lastChecked: new Date(),
-        isPendingDowngrade: false,
-        fallbackLevel: "live",
-      }),
-      getLicenseFeatures: vi.fn().mockResolvedValue({ isMultiOrgEnabled: true }),
-    }));
-    const { default: Page } = await import("./page");
-    const result = await Page({ params: { organizationId: "org1" } });
-    expect(notFound).toHaveBeenCalled();
-    expect(result).toBe("NOT_FOUND_STUB");
-  });
-
-  test("renders header and sidebar for authenticated user", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValue({
-      session: { user: { id: "user1" } },
-      organization: { id: "org1", billing: { plan: "free" } },
-    } as any);
-    vi.mocked(getUser).mockResolvedValue({ id: "user1", name: "Test User" } as any);
-    vi.mocked(getOrganizationsByUserId).mockResolvedValue([{ id: "org1", name: "Org One" } as any]);
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue({
-      organizationId: "org1",
-      userId: "user1",
-      accepted: true,
-      role: "member",
-    } as any);
-    vi.mocked(getTranslate).mockResolvedValue((props: any) =>
-      typeof props === "string" ? props : props.key || ""
-    );
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: true,
-        features: { isMultiOrgEnabled: true },
-        lastChecked: new Date(),
-        isPendingDowngrade: false,
-        fallbackLevel: "live",
-      }),
-      getLicenseFeatures: vi.fn().mockResolvedValue({ isMultiOrgEnabled: true }),
-    }));
-    const { default: Page } = await import("./page");
-    const element = await Page({ params: { organizationId: "org1" } });
-    render(element as React.ReactElement);
-    expect(screen.getByTestId("landing-sidebar")).toBeInTheDocument();
-    expect(screen.getByTestId("project-and-org-switch")).toBeInTheDocument();
-    expect(screen.getByText("organizations.landing.no_projects_warning_title")).toBeInTheDocument();
-    expect(screen.getByText("organizations.landing.no_projects_warning_subtitle")).toBeInTheDocument();
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.tsx

@@ -1,15 +1,14 @@
+import { notFound, redirect } from "next/navigation";
 import { LandingSidebar } from "@/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar";
 import { ProjectAndOrgSwitch } from "@/app/(app)/environments/[environmentId]/components/project-and-org-switch";
 import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getAccessFlags } from "@/lib/membership/utils";
-import { getOrganizationsByUserId } from "@/lib/organization/service";
 import { getUser } from "@/lib/user/service";
+import { getTranslate } from "@/lingodotdev/server";
 import { getIsMultiOrgEnabled } from "@/modules/ee/license-check/lib/utils";
 import { getOrganizationAuth } from "@/modules/organization/lib/utils";
 import { Header } from "@/modules/ui/components/header";
-import { getTranslate } from "@/tolgee/server";
-import { notFound, redirect } from "next/navigation";
 
 const Page = async (props) => {
   const params = await props.params;
@@ -24,8 +23,6 @@ const Page = async (props) => {
   const user = await getUser(session.user.id);
   if (!user) return notFound();
 
-  const organizations = await getOrganizationsByUserId(session.user.id);
-
   const isMultiOrgEnabled = await getIsMultiOrgEnabled();
 
   const membership = await getMembershipByUserIdOrganizationId(session.user.id, organization.id);
@@ -37,11 +34,10 @@ const Page = async (props) => {
       <div className="flex-1">
         <div className="flex h-full flex-col">
           <div className="p-6">
-            {/* we only need to render organization breadcrumb on this page, so we pass some default value without actually calculating them to ProjectAndOrgSwitch component  */}
+            {/* we only need to render organization breadcrumb on this page, organizations/projects are lazy-loaded */}
             <ProjectAndOrgSwitch
               currentOrganizationId={organization.id}
-              organizations={organizations}
-              projects={[]}
+              currentOrganizationName={organization.name}
               isMultiOrgEnabled={isMultiOrgEnabled}
               organizationProjectsLimit={0}
               isFormbricksCloud={IS_FORMBRICKS_CLOUD}

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/layout.test.tsx

@@ -1,159 +0,0 @@
-import { canUserAccessOrganization } from "@/lib/organization/auth";
-import { getOrganization } from "@/lib/organization/service";
-import { getUser } from "@/lib/user/service";
-import "@testing-library/jest-dom/vitest";
-import { act, cleanup, render, screen } from "@testing-library/react";
-import { getServerSession } from "next-auth";
-import { redirect } from "next/navigation";
-import React from "react";
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import { TOrganization } from "@formbricks/types/organizations";
-import { TUser } from "@formbricks/types/user";
-import ProjectOnboardingLayout from "./layout";
-
-// Mock all the modules and functions that this layout uses:
-
-vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: false,
-  POSTHOG_API_KEY: "mock-posthog-api-key",
-  POSTHOG_HOST: "mock-posthog-host",
-  IS_POSTHOG_CONFIGURED: true,
-  ENCRYPTION_KEY: "mock-encryption-key",
-  ENTERPRISE_LICENSE_KEY: "mock-enterprise-license-key",
-  GITHUB_ID: "mock-github-id",
-  GITHUB_SECRET: "test-githubID",
-  GOOGLE_CLIENT_ID: "test-google-client-id",
-  GOOGLE_CLIENT_SECRET: "test-google-client-secret",
-  AZUREAD_CLIENT_ID: "test-azuread-client-id",
-  AZUREAD_CLIENT_SECRET: "test-azure",
-  AZUREAD_TENANT_ID: "test-azuread-tenant-id",
-  OIDC_DISPLAY_NAME: "test-oidc-display-name",
-  OIDC_CLIENT_ID: "test-oidc-client-id",
-  OIDC_ISSUER: "test-oidc-issuer",
-  OIDC_CLIENT_SECRET: "test-oidc-client-secret",
-  OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
-  WEBAPP_URL: "test-webapp-url",
-  IS_PRODUCTION: false,
-  SESSION_MAX_AGE: 1000,
-  REDIS_URL: undefined,
-  AUDIT_LOG_ENABLED: true,
-}));
-
-vi.mock("next-auth", () => ({
-  getServerSession: vi.fn(),
-}));
-vi.mock("next/navigation", () => ({
-  redirect: vi.fn(),
-}));
-vi.mock("@/lib/organization/auth", () => ({
-  canUserAccessOrganization: vi.fn(),
-}));
-vi.mock("@/lib/organization/service", () => ({
-  getOrganization: vi.fn(),
-}));
-vi.mock("@/lib/user/service", () => ({
-  getUser: vi.fn(),
-}));
-vi.mock("@/tolgee/server", () => ({
-  getTranslate: vi.fn(() => {
-    // Return a mock translator that just returns the key
-    return (key: string) => key;
-  }),
-}));
-
-// mock the child components
-vi.mock("@/app/(app)/environments/[environmentId]/components/PosthogIdentify", () => ({
-  PosthogIdentify: () => <div data-testid="posthog-identify" />,
-}));
-vi.mock("@/modules/ui/components/toaster-client", () => ({
-  ToasterClient: () => <div data-testid="toaster-client" />,
-}));
-
-describe("ProjectOnboardingLayout", () => {
-  beforeEach(() => {
-    cleanup();
-  });
-
-  test("redirects to /auth/login if there is no session", async () => {
-    // Mock no session
-    vi.mocked(getServerSession).mockResolvedValueOnce(null);
-
-    const layoutElement = await ProjectOnboardingLayout({
-      params: { organizationId: "org-123" },
-      children: <div data-testid="child-content">Hello!</div>,
-    });
-
-    expect(redirect).toHaveBeenCalledWith("/auth/login");
-    // Layout returns nothing after redirect
-    expect(layoutElement).toBeUndefined();
-  });
-
-  test("throws an error if user does not exist", async () => {
-    vi.mocked(getServerSession).mockResolvedValueOnce({
-      user: { id: "user-123" },
-    });
-    vi.mocked(getUser).mockResolvedValueOnce(null); // no user in DB
-
-    await expect(
-      ProjectOnboardingLayout({
-        params: { organizationId: "org-123" },
-        children: <div data-testid="child-content">Hello!</div>,
-      })
-    ).rejects.toThrow("common.user_not_found");
-  });
-
-  test("throws AuthorizationError if user cannot access organization", async () => {
-    vi.mocked(getServerSession).mockResolvedValueOnce({ user: { id: "user-123" } });
-    vi.mocked(getUser).mockResolvedValueOnce({ id: "user-123" } as TUser);
-    vi.mocked(canUserAccessOrganization).mockResolvedValueOnce(false);
-
-    await expect(
-      ProjectOnboardingLayout({
-        params: { organizationId: "org-123" },
-        children: <div data-testid="child-content">Child</div>,
-      })
-    ).rejects.toThrow("common.not_authorized");
-  });
-
-  test("throws an error if organization does not exist", async () => {
-    vi.mocked(getServerSession).mockResolvedValueOnce({ user: { id: "user-123" } });
-    vi.mocked(getUser).mockResolvedValueOnce({ id: "user-123" } as TUser);
-    vi.mocked(canUserAccessOrganization).mockResolvedValueOnce(true);
-    vi.mocked(getOrganization).mockResolvedValueOnce(null);
-
-    await expect(
-      ProjectOnboardingLayout({
-        params: { organizationId: "org-123" },
-        children: <div data-testid="child-content">Hello!</div>,
-      })
-    ).rejects.toThrow("common.organization_not_found");
-  });
-
-  test("renders child content plus PosthogIdentify & ToasterClient if everything is valid", async () => {
-    // Provide valid data
-    vi.mocked(getServerSession).mockResolvedValueOnce({ user: { id: "user-123" } });
-    vi.mocked(getUser).mockResolvedValueOnce({ id: "user-123", name: "Test User" } as TUser);
-    vi.mocked(canUserAccessOrganization).mockResolvedValueOnce(true);
-    vi.mocked(getOrganization).mockResolvedValueOnce({
-      id: "org-123",
-      name: "Test Org",
-      billing: {
-        plan: "enterprise",
-      },
-    } as TOrganization);
-
-    let layoutElement: React.ReactNode;
-    // Because it's an async server component, do it in an act
-    await act(async () => {
-      layoutElement = await ProjectOnboardingLayout({
-        params: { organizationId: "org-123" },
-        children: <div data-testid="child-content">Hello!</div>,
-      });
-      render(layoutElement);
-    });
-
-    expect(screen.getByTestId("child-content")).toHaveTextContent("Hello!");
-    expect(screen.getByTestId("posthog-identify")).toBeInTheDocument();
-    expect(screen.getByTestId("toaster-client")).toBeInTheDocument();
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/layout.tsx

@@ -1,14 +1,12 @@
-import { PosthogIdentify } from "@/app/(app)/environments/[environmentId]/components/PosthogIdentify";
-import { IS_POSTHOG_CONFIGURED } from "@/lib/constants";
-import { canUserAccessOrganization } from "@/lib/organization/auth";
-import { getOrganization } from "@/lib/organization/service";
-import { getUser } from "@/lib/user/service";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { ToasterClient } from "@/modules/ui/components/toaster-client";
-import { getTranslate } from "@/tolgee/server";
 import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { AuthorizationError } from "@formbricks/types/errors";
+import { canUserAccessOrganization } from "@/lib/organization/auth";
+import { getOrganization } from "@/lib/organization/service";
+import { getUser } from "@/lib/user/service";
+import { getTranslate } from "@/lingodotdev/server";
+import { authOptions } from "@/modules/auth/lib/authOptions";
+import { ToasterClient } from "@/modules/ui/components/toaster-client";
 
 const ProjectOnboardingLayout = async (props) => {
   const params = await props.params;
@@ -40,14 +38,6 @@ const ProjectOnboardingLayout = async (props) => {
 
   return (
     <div className="flex-1 bg-slate-50">
-      <PosthogIdentify
-        session={session}
-        user={user}
-        organizationId={organization.id}
-        organizationName={organization.name}
-        organizationBilling={organization.billing}
-        isPosthogEnabled={IS_POSTHOG_CONFIGURED}
-      />
       <ToasterClient />
       {children}
     </div>

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/channel/page.test.tsx

@@ -1,88 +0,0 @@
-import { getUserProjects } from "@/lib/project/service";
-import { getOrganizationAuth } from "@/modules/organization/lib/utils";
-import { getTranslate } from "@/tolgee/server";
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render, screen } from "@testing-library/react";
-import { redirect } from "next/navigation";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import Page from "./page";
-
-const mockTranslate = vi.fn((key) => key);
-
-// Module mocks must be declared before importing the component
-vi.mock("@/lib/project/service", () => ({ getUserProjects: vi.fn() }));
-vi.mock("@/modules/organization/lib/utils", () => ({ getOrganizationAuth: vi.fn() }));
-vi.mock("@/tolgee/server", () => ({ getTranslate: vi.fn() }));
-vi.mock("next/navigation", () => ({ redirect: vi.fn(() => "REDIRECT_STUB") }));
-vi.mock("@/modules/ui/components/header", () => ({
-  Header: ({ title, subtitle }: { title: string; subtitle: string }) => (
-    <div>
-      <h1>{title}</h1>
-      <p>{subtitle}</p>
-    </div>
-  ),
-}));
-vi.mock("@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer", () => ({
-  OnboardingOptionsContainer: ({ options }: { options: any[] }) => (
-    <div data-testid="options">{options.map((o) => o.title).join(",")}</div>
-  ),
-}));
-vi.mock("next/link", () => ({
-  default: ({ href, children }: { href: string; children: React.ReactNode }) => <a href={href}>{children}</a>,
-}));
-
-describe("Page component", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  const params = Promise.resolve({ organizationId: "org1" });
-
-  test("redirects to login if no user session", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValue({ session: {} } as any);
-
-    const result = await Page({ params });
-
-    expect(redirect).toHaveBeenCalledWith("/auth/login");
-    expect(result).toBe("REDIRECT_STUB");
-  });
-
-  test("renders header, options, and close button when projects exist", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValue({ session: { user: { id: "user1" } } } as any);
-    vi.mocked(getTranslate).mockResolvedValue(mockTranslate);
-    vi.mocked(getUserProjects).mockResolvedValue([{ id: 1 }] as any);
-
-    const element = await Page({ params });
-    render(element as React.ReactElement);
-
-    // Header title and subtitle
-    expect(screen.getByRole("heading", { level: 1 })).toHaveTextContent(
-      "organizations.projects.new.channel.channel_select_title"
-    );
-    expect(
-      screen.getByText("organizations.projects.new.channel.channel_select_subtitle")
-    ).toBeInTheDocument();
-
-    // Options container with correct titles
-    expect(screen.getByTestId("options")).toHaveTextContent(
-      "organizations.projects.new.channel.link_and_email_surveys," +
-        "organizations.projects.new.channel.in_product_surveys"
-    );
-
-    // Close button link rendered when projects >=1
-    const closeLink = screen.getByRole("link");
-    expect(closeLink).toHaveAttribute("href", "/");
-  });
-
-  test("does not render close button when no projects", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValue({ session: { user: { id: "user1" } } } as any);
-    vi.mocked(getTranslate).mockResolvedValue(mockTranslate);
-    vi.mocked(getUserProjects).mockResolvedValue([]);
-
-    const element = await Page({ params });
-    render(element as React.ReactElement);
-
-    expect(screen.queryByRole("link")).toBeNull();
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/channel/page.tsx

@@ -1,12 +1,12 @@
-import { OnboardingOptionsContainer } from "@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer";
-import { getUserProjects } from "@/lib/project/service";
-import { getOrganizationAuth } from "@/modules/organization/lib/utils";
-import { Button } from "@/modules/ui/components/button";
-import { Header } from "@/modules/ui/components/header";
-import { getTranslate } from "@/tolgee/server";
 import { PictureInPicture2Icon, SendIcon, XIcon } from "lucide-react";
 import Link from "next/link";
 import { redirect } from "next/navigation";
+import { OnboardingOptionsContainer } from "@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer";
+import { getUserProjects } from "@/lib/project/service";
+import { getTranslate } from "@/lingodotdev/server";
+import { getOrganizationAuth } from "@/modules/organization/lib/utils";
+import { Button } from "@/modules/ui/components/button";
+import { Header } from "@/modules/ui/components/header";
 
 interface ChannelPageProps {
   params: Promise<{

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/layout.test.tsx

@@ -1,223 +0,0 @@
-import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
-import { getOrganization } from "@/lib/organization/service";
-import { getOrganizationProjectsCount } from "@/lib/project/service";
-import { getOrganizationProjectsLimit } from "@/modules/ee/license-check/lib/utils";
-import "@testing-library/jest-dom/vitest";
-import { cleanup } from "@testing-library/react";
-import { getServerSession } from "next-auth";
-import { notFound, redirect } from "next/navigation";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { TMembership } from "@formbricks/types/memberships";
-import { TOrganization } from "@formbricks/types/organizations";
-import OnboardingLayout from "./layout";
-
-// Mock environment variables
-vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: false,
-  POSTHOG_API_KEY: "mock-posthog-api-key",
-  POSTHOG_HOST: "mock-posthog-host",
-  IS_POSTHOG_CONFIGURED: true,
-  ENCRYPTION_KEY: "mock-encryption-key",
-  ENTERPRISE_LICENSE_KEY: "mock-enterprise-license-key",
-  GITHUB_ID: "mock-github-id",
-  GITHUB_SECRET: "test-githubID",
-  GOOGLE_CLIENT_ID: "test-google-client-id",
-  GOOGLE_CLIENT_SECRET: "test-google-client-secret",
-  AZUREAD_CLIENT_ID: "test-azuread-client-id",
-  AZUREAD_CLIENT_SECRET: "test-azure",
-  AZUREAD_TENANT_ID: "test-azuread-tenant-id",
-  OIDC_DISPLAY_NAME: "test-oidc-display-name",
-  OIDC_CLIENT_ID: "test-oidc-client-id",
-  OIDC_ISSUER: "test-oidc-issuer",
-  OIDC_CLIENT_SECRET: "test-oidc-client-secret",
-  OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
-  WEBAPP_URL: "test-webapp-url",
-  IS_PRODUCTION: false,
-  SESSION_MAX_AGE: 1000,
-  REDIS_URL: undefined,
-  AUDIT_LOG_ENABLED: true,
-}));
-
-// Mock dependencies
-vi.mock("next-auth", () => ({
-  getServerSession: vi.fn(),
-}));
-
-vi.mock("@/lib/membership/service", () => ({
-  getMembershipByUserIdOrganizationId: vi.fn(),
-}));
-
-vi.mock("@/lib/organization/service", () => ({
-  getOrganization: vi.fn(),
-}));
-
-vi.mock("@/lib/project/service", () => ({
-  getOrganizationProjectsCount: vi.fn(),
-}));
-
-vi.mock("@/modules/ee/license-check/lib/utils", () => ({
-  getOrganizationProjectsLimit: vi.fn(),
-}));
-
-vi.mock("@/tolgee/server", () => ({
-  getTranslate: async () => (key: string) => key,
-}));
-
-describe("OnboardingLayout", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  test("redirects to login if no session", async () => {
-    vi.mocked(getServerSession).mockResolvedValue(null);
-
-    const props = {
-      params: { organizationId: "test-org-id" },
-      children: <div>Test Child</div>,
-    };
-
-    await OnboardingLayout(props);
-    expect(redirect).toHaveBeenCalledWith("/auth/login");
-  });
-
-  test("returns not found if user is member or billing", async () => {
-    const mockSession = {
-      user: { id: "test-user-id" },
-    };
-    vi.mocked(getServerSession).mockResolvedValue(mockSession as any);
-
-    const mockMembership: TMembership = {
-      organizationId: "test-org-id",
-      userId: "test-user-id",
-      accepted: true,
-      role: "member",
-    };
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue(mockMembership);
-
-    const props = {
-      params: { organizationId: "test-org-id" },
-      children: <div>Test Child</div>,
-    };
-
-    await OnboardingLayout(props);
-    expect(notFound).toHaveBeenCalled();
-  });
-
-  test("throws error if organization is not found", async () => {
-    const mockSession = {
-      user: { id: "test-user-id" },
-    };
-    vi.mocked(getServerSession).mockResolvedValue(mockSession as any);
-
-    const mockMembership: TMembership = {
-      organizationId: "test-org-id",
-      userId: "test-user-id",
-      accepted: true,
-      role: "owner",
-    };
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue(mockMembership);
-    vi.mocked(getOrganization).mockResolvedValue(null);
-
-    const props = {
-      params: { organizationId: "test-org-id" },
-      children: <div>Test Child</div>,
-    };
-
-    await expect(OnboardingLayout(props)).rejects.toThrow("common.organization_not_found");
-  });
-
-  test("redirects to home if project limit is reached", async () => {
-    const mockSession = {
-      user: { id: "test-user-id" },
-    };
-    vi.mocked(getServerSession).mockResolvedValue(mockSession as any);
-
-    const mockMembership: TMembership = {
-      organizationId: "test-org-id",
-      userId: "test-user-id",
-      accepted: true,
-      role: "owner",
-    };
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue(mockMembership);
-
-    const mockOrganization: TOrganization = {
-      id: "test-org-id",
-      name: "Test Org",
-      createdAt: new Date(),
-      updatedAt: new Date(),
-      isAIEnabled: false,
-      billing: {
-        stripeCustomerId: null,
-        plan: "free",
-        period: "monthly",
-        limits: {
-          projects: 3,
-          monthly: {
-            responses: 1500,
-            miu: 2000,
-          },
-        },
-        periodStart: new Date(),
-      },
-    };
-    vi.mocked(getOrganization).mockResolvedValue(mockOrganization);
-    vi.mocked(getOrganizationProjectsLimit).mockResolvedValue(3);
-    vi.mocked(getOrganizationProjectsCount).mockResolvedValue(3);
-
-    const props = {
-      params: { organizationId: "test-org-id" },
-      children: <div>Test Child</div>,
-    };
-
-    await OnboardingLayout(props);
-    expect(redirect).toHaveBeenCalledWith("/");
-  });
-
-  test("renders children when all conditions are met", async () => {
-    const mockSession = {
-      user: { id: "test-user-id" },
-    };
-    vi.mocked(getServerSession).mockResolvedValue(mockSession as any);
-
-    const mockMembership: TMembership = {
-      organizationId: "test-org-id",
-      userId: "test-user-id",
-      accepted: true,
-      role: "owner",
-    };
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue(mockMembership);
-
-    const mockOrganization: TOrganization = {
-      id: "test-org-id",
-      name: "Test Org",
-      createdAt: new Date(),
-      updatedAt: new Date(),
-      isAIEnabled: false,
-      billing: {
-        stripeCustomerId: null,
-        plan: "free",
-        period: "monthly",
-        limits: {
-          projects: 3,
-          monthly: {
-            responses: 1500,
-            miu: 2000,
-          },
-        },
-        periodStart: new Date(),
-      },
-    };
-    vi.mocked(getOrganization).mockResolvedValue(mockOrganization);
-    vi.mocked(getOrganizationProjectsLimit).mockResolvedValue(3);
-    vi.mocked(getOrganizationProjectsCount).mockResolvedValue(2);
-
-    const props = {
-      params: { organizationId: "test-org-id" },
-      children: <div>Test Child</div>,
-    };
-
-    const result = await OnboardingLayout(props);
-    expect(result).toEqual(<>{props.children}</>);
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/layout.tsx

@@ -1,12 +1,12 @@
+import { getServerSession } from "next-auth";
+import { notFound, redirect } from "next/navigation";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getAccessFlags } from "@/lib/membership/utils";
 import { getOrganization } from "@/lib/organization/service";
 import { getOrganizationProjectsCount } from "@/lib/project/service";
+import { getTranslate } from "@/lingodotdev/server";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getOrganizationProjectsLimit } from "@/modules/ee/license-check/lib/utils";
-import { getTranslate } from "@/tolgee/server";
-import { getServerSession } from "next-auth";
-import { notFound, redirect } from "next/navigation";
 
 const OnboardingLayout = async (props) => {
   const params = await props.params;

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/mode/page.test.tsx

@@ -1,72 +0,0 @@
-import { getUserProjects } from "@/lib/project/service";
-import { getOrganizationAuth } from "@/modules/organization/lib/utils";
-import { getTranslate } from "@/tolgee/server";
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render, screen } from "@testing-library/react";
-import { redirect } from "next/navigation";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import Page from "./page";
-
-const mockTranslate = vi.fn((key) => key);
-
-vi.mock("@/modules/organization/lib/utils", () => ({ getOrganizationAuth: vi.fn() }));
-vi.mock("@/lib/project/service", () => ({ getUserProjects: vi.fn() }));
-vi.mock("@/tolgee/server", () => ({ getTranslate: vi.fn() }));
-vi.mock("next/navigation", () => ({ redirect: vi.fn() }));
-vi.mock("next/link", () => ({
-  __esModule: true,
-  default: ({ href, children }: any) => <a href={href}>{children}</a>,
-}));
-vi.mock("@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer", () => ({
-  OnboardingOptionsContainer: ({ options }: any) => (
-    <div data-testid="options">{options.map((o: any) => o.title).join(",")}</div>
-  ),
-}));
-vi.mock("@/modules/ui/components/header", () => ({ Header: ({ title }: any) => <h1>{title}</h1> }));
-vi.mock("@/modules/ui/components/button", () => ({
-  Button: ({ children, ...props }: any) => <button {...props}>{children}</button>,
-}));
-
-describe("Mode Page", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  const params = Promise.resolve({ organizationId: "org1" });
-
-  test("redirects to login if no session user", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValueOnce({ session: {} } as any);
-    await Page({ params });
-    expect(redirect).toHaveBeenCalledWith("/auth/login");
-  });
-
-  test("renders header and options without close link when no projects", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValueOnce({ session: { user: { id: "u1" } } } as any);
-    vi.mocked(getTranslate).mockResolvedValue(mockTranslate);
-    vi.mocked(getUserProjects).mockResolvedValueOnce([] as any);
-
-    const element = await Page({ params });
-    render(element as React.ReactElement);
-
-    expect(screen.getByRole("heading", { level: 1 })).toHaveTextContent(
-      "organizations.projects.new.mode.what_are_you_here_for"
-    );
-    expect(screen.getByTestId("options")).toHaveTextContent(
-      "organizations.projects.new.mode.formbricks_surveys," + "organizations.projects.new.mode.formbricks_cx"
-    );
-    expect(screen.queryByRole("link")).toBeNull();
-  });
-
-  test("renders close link when projects exist", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValueOnce({ session: { user: { id: "u1" } } } as any);
-    vi.mocked(getTranslate).mockResolvedValue(mockTranslate);
-    vi.mocked(getUserProjects).mockResolvedValueOnce([{ id: "p1" } as any]);
-
-    const element = await Page({ params });
-    render(element as React.ReactElement);
-
-    const link = screen.getByRole("link");
-    expect(link).toHaveAttribute("href", "/");
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/mode/page.tsx

@@ -1,12 +1,12 @@
-import { OnboardingOptionsContainer } from "@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer";
-import { getUserProjects } from "@/lib/project/service";
-import { getOrganizationAuth } from "@/modules/organization/lib/utils";
-import { Button } from "@/modules/ui/components/button";
-import { Header } from "@/modules/ui/components/header";
-import { getTranslate } from "@/tolgee/server";
 import { HeartIcon, ListTodoIcon, XIcon } from "lucide-react";
 import Link from "next/link";
 import { redirect } from "next/navigation";
+import { OnboardingOptionsContainer } from "@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer";
+import { getUserProjects } from "@/lib/project/service";
+import { getTranslate } from "@/lingodotdev/server";
+import { getOrganizationAuth } from "@/modules/organization/lib/utils";
+import { Button } from "@/modules/ui/components/button";
+import { Header } from "@/modules/ui/components/header";
 
 interface ModePageProps {
   params: Promise<{

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings.test.tsx

@@ -1,124 +0,0 @@
-import { createProjectAction } from "@/app/(app)/environments/[environmentId]/actions";
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render, screen } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { toast } from "react-hot-toast";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { ProjectSettings } from "./ProjectSettings";
-
-// Mocks before imports
-const pushMock = vi.fn();
-vi.mock("next/navigation", () => ({ useRouter: () => ({ push: pushMock }) }));
-vi.mock("@tolgee/react", () => ({ useTranslate: () => ({ t: (key: string) => key }) }));
-vi.mock("react-hot-toast", () => ({ toast: { error: vi.fn() } }));
-vi.mock("@/app/(app)/environments/[environmentId]/actions", () => ({ createProjectAction: vi.fn() }));
-vi.mock("@/lib/utils/helper", () => ({ getFormattedErrorMessage: () => "formatted-error" }));
-vi.mock("@/modules/ui/components/color-picker", () => ({
-  ColorPicker: ({ color, onChange }: any) => (
-    <button data-testid="color-picker" onClick={() => onChange("#000")}>
-      {color}
-    </button>
-  ),
-}));
-vi.mock("@/modules/ui/components/input", () => ({
-  Input: ({ value, onChange, placeholder }: any) => (
-    <input placeholder={placeholder} value={value} onChange={(e) => onChange((e.target as any).value)} />
-  ),
-}));
-vi.mock("@/modules/ui/components/multi-select", () => ({
-  MultiSelect: ({ value, options, onChange }: any) => (
-    <select
-      data-testid="multi-select"
-      multiple
-      value={value}
-      onChange={(e) => onChange(Array.from((e.target as any).selectedOptions).map((o: any) => o.value))}>
-      {options.map((o: any) => (
-        <option key={o.value} value={o.value}>
-          {o.label}
-        </option>
-      ))}
-    </select>
-  ),
-}));
-vi.mock("@/modules/ui/components/survey", () => ({
-  SurveyInline: () => <div data-testid="survey-inline" />,
-}));
-vi.mock("@/lib/templates", () => ({ previewSurvey: () => ({}) }));
-vi.mock("@/modules/ee/teams/team-list/components/create-team-modal", () => ({
-  CreateTeamModal: ({ open }: any) => <div data-testid={open ? "team-modal-open" : "team-modal-closed"} />,
-}));
-
-// Clean up after each test
-afterEach(() => {
-  cleanup();
-  vi.clearAllMocks();
-  localStorage.clear();
-});
-
-describe("ProjectSettings component", () => {
-  const baseProps = {
-    organizationId: "org1",
-    projectMode: "cx",
-    industry: "ind",
-    defaultBrandColor: "#fff",
-    organizationTeams: [],
-    isAccessControlAllowed: false,
-    userProjectsCount: 0,
-  } as any;
-
-  const fillAndSubmit = async () => {
-    const nameInput = screen.getByPlaceholderText("e.g. Formbricks");
-    await userEvent.clear(nameInput);
-    await userEvent.type(nameInput, "TestProject");
-    const nextButton = screen.getByRole("button", { name: "common.next" });
-    await userEvent.click(nextButton);
-  };
-
-  test("successful createProject for link channel navigates to surveys and clears localStorage", async () => {
-    (createProjectAction as any).mockResolvedValue({
-      data: { environments: [{ id: "env123", type: "production" }] },
-    });
-    render(<ProjectSettings {...baseProps} channel="link" projectMode="cx" />);
-    await fillAndSubmit();
-    expect(createProjectAction).toHaveBeenCalledWith({
-      organizationId: "org1",
-      data: expect.objectContaining({ teamIds: [] }),
-    });
-    expect(pushMock).toHaveBeenCalledWith("/environments/env123/surveys");
-    expect(localStorage.getItem("FORMBRICKS_SURVEYS_FILTERS_KEY_LS")).toBeNull();
-  });
-
-  test("successful createProject for app channel navigates to connect", async () => {
-    (createProjectAction as any).mockResolvedValue({
-      data: { environments: [{ id: "env456", type: "production" }] },
-    });
-    render(<ProjectSettings {...baseProps} channel="app" projectMode="cx" />);
-    await fillAndSubmit();
-    expect(pushMock).toHaveBeenCalledWith("/environments/env456/connect");
-  });
-
-  test("successful createProject for cx mode navigates to xm-templates when channel is neither link nor app", async () => {
-    (createProjectAction as any).mockResolvedValue({
-      data: { environments: [{ id: "env789", type: "production" }] },
-    });
-    render(<ProjectSettings {...baseProps} channel="unknown" projectMode="cx" />);
-    await fillAndSubmit();
-    expect(pushMock).toHaveBeenCalledWith("/environments/env789/xm-templates");
-  });
-
-  test("shows error toast on createProject error response", async () => {
-    (createProjectAction as any).mockResolvedValue({ error: "err" });
-    render(<ProjectSettings {...baseProps} channel="link" projectMode="cx" />);
-    await fillAndSubmit();
-    expect(toast.error).toHaveBeenCalledWith("formatted-error");
-  });
-
-  test("shows error toast on exception", async () => {
-    (createProjectAction as any).mockImplementation(() => {
-      throw new Error("fail");
-    });
-    render(<ProjectSettings {...baseProps} channel="link" projectMode="cx" />);
-    await fillAndSubmit();
-    expect(toast.error).toHaveBeenCalledWith("organizations.projects.new.settings.project_creation_failed");
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings.tsx

@@ -1,5 +1,19 @@
 "use client";
 
+import { zodResolver } from "@hookform/resolvers/zod";
+import Image from "next/image";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { useForm } from "react-hook-form";
+import { toast } from "react-hot-toast";
+import { useTranslation } from "react-i18next";
+import {
+  TProjectConfigChannel,
+  TProjectConfigIndustry,
+  TProjectMode,
+  TProjectUpdateInput,
+  ZProjectUpdateInput,
+} from "@formbricks/types/project";
 import { createProjectAction } from "@/app/(app)/environments/[environmentId]/actions";
 import { previewSurvey } from "@/app/lib/templates";
 import { FORMBRICKS_SURVEYS_FILTERS_KEY_LS } from "@/lib/localStorage";
@@ -20,20 +34,6 @@ import {
 import { Input } from "@/modules/ui/components/input";
 import { MultiSelect } from "@/modules/ui/components/multi-select";
 import { SurveyInline } from "@/modules/ui/components/survey";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { useTranslate } from "@tolgee/react";
-import Image from "next/image";
-import { useRouter } from "next/navigation";
-import { useState } from "react";
-import { useForm } from "react-hook-form";
-import { toast } from "react-hot-toast";
-import {
-  TProjectConfigChannel,
-  TProjectConfigIndustry,
-  TProjectMode,
-  TProjectUpdateInput,
-  ZProjectUpdateInput,
-} from "@formbricks/types/project";
 
 interface ProjectSettingsProps {
   organizationId: string;
@@ -44,6 +44,7 @@ interface ProjectSettingsProps {
   organizationTeams: TOrganizationTeam[];
   isAccessControlAllowed: boolean;
   userProjectsCount: number;
+  publicDomain: string;
 }
 
 export const ProjectSettings = ({
@@ -55,11 +56,12 @@ export const ProjectSettings = ({
   organizationTeams,
   isAccessControlAllowed = false,
   userProjectsCount,
+  publicDomain,
 }: ProjectSettingsProps) => {
   const [createTeamModalOpen, setCreateTeamModalOpen] = useState(false);
 
   const router = useRouter();
-  const { t } = useTranslate();
+  const { t } = useTranslation();
   const addProject = async (data: TProjectUpdateInput) => {
     try {
       const createProjectResponse = await createProjectAction({
@@ -231,6 +233,7 @@ export const ProjectSettings = ({
         <p className="text-sm text-slate-400">{t("common.preview")}</p>
         <div className="z-0 h-3/4 w-3/4">
           <SurveyInline
+            appUrl={publicDomain}
             isPreviewMode={true}
             survey={previewSurvey(projectName || "my Product", t)}
             styling={{ brandColor: { light: brandColor } }}

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/page.test.tsx

@@ -1,106 +0,0 @@
-import { getTeamsByOrganizationId } from "@/app/(app)/(onboarding)/lib/onboarding";
-import { getUserProjects } from "@/lib/project/service";
-import { getAccessControlPermission } from "@/modules/ee/license-check/lib/utils";
-import { getOrganizationAuth } from "@/modules/organization/lib/utils";
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render, screen } from "@testing-library/react";
-import { redirect } from "next/navigation";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import Page from "./page";
-
-vi.mock("@/lib/constants", () => ({ DEFAULT_BRAND_COLOR: "#fff" }));
-// Mocks before component import
-vi.mock("@/app/(app)/(onboarding)/lib/onboarding", () => ({ getTeamsByOrganizationId: vi.fn() }));
-vi.mock("@/lib/project/service", () => ({ getUserProjects: vi.fn() }));
-vi.mock("@/modules/ee/license-check/lib/utils", () => ({ getAccessControlPermission: vi.fn() }));
-vi.mock("@/modules/organization/lib/utils", () => ({ getOrganizationAuth: vi.fn() }));
-vi.mock("@/tolgee/server", () => ({ getTranslate: () => Promise.resolve((key: string) => key) }));
-vi.mock("next/navigation", () => ({ redirect: vi.fn() }));
-vi.mock("next/link", () => ({
-  __esModule: true,
-  default: ({ href, children }: any) => <a href={href}>{children}</a>,
-}));
-vi.mock("@/modules/ui/components/header", () => ({
-  Header: ({ title, subtitle }: any) => (
-    <div>
-      <h1>{title}</h1>
-      <p>{subtitle}</p>
-    </div>
-  ),
-}));
-vi.mock("@/modules/ui/components/button", () => ({
-  Button: ({ children, ...props }: any) => <button {...props}>{children}</button>,
-}));
-vi.mock(
-  "@/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings",
-  () => ({
-    ProjectSettings: (props: any) => <div data-testid="project-settings" data-mode={props.projectMode} />,
-  })
-);
-
-// Cleanup after each test
-afterEach(() => {
-  cleanup();
-  vi.clearAllMocks();
-});
-
-describe("ProjectSettingsPage", () => {
-  const params = Promise.resolve({ organizationId: "org1" });
-  const searchParams = Promise.resolve({ channel: "link", industry: "other", mode: "cx" } as any);
-
-  test("redirects to login when no session user", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValueOnce({ session: {} } as any);
-    await Page({ params, searchParams });
-    expect(redirect).toHaveBeenCalledWith("/auth/login");
-  });
-
-  test("throws when teams not found", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValueOnce({
-      session: { user: { id: "u1" } },
-      organization: { billing: { plan: "basic" } },
-    } as any);
-    vi.mocked(getUserProjects).mockResolvedValueOnce([] as any);
-    vi.mocked(getTeamsByOrganizationId).mockResolvedValueOnce(null as any);
-    vi.mocked(getAccessControlPermission).mockResolvedValueOnce(false as any);
-
-    await expect(Page({ params, searchParams })).rejects.toThrow("common.organization_teams_not_found");
-  });
-
-  test("renders header, settings and close link when projects exist", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValueOnce({
-      session: { user: { id: "u1" } },
-      organization: { billing: { plan: "basic" } },
-    } as any);
-    vi.mocked(getUserProjects).mockResolvedValueOnce([{ id: "p1" }] as any);
-    vi.mocked(getTeamsByOrganizationId).mockResolvedValueOnce([{ id: "t1", name: "Team1" }] as any);
-    vi.mocked(getAccessControlPermission).mockResolvedValueOnce(true as any);
-
-    const element = await Page({ params, searchParams });
-    render(element as React.ReactElement);
-
-    // Header
-    expect(screen.getByRole("heading", { level: 1 })).toHaveTextContent(
-      "organizations.projects.new.settings.project_settings_title"
-    );
-    // ProjectSettings stub receives mode prop
-    expect(screen.getByTestId("project-settings")).toHaveAttribute("data-mode", "cx");
-    // Close link for existing projects
-    const link = screen.getByRole("link");
-    expect(link).toHaveAttribute("href", "/");
-  });
-
-  test("renders without close link when no projects", async () => {
-    vi.mocked(getOrganizationAuth).mockResolvedValueOnce({
-      session: { user: { id: "u1" } },
-      organization: { billing: { plan: "basic" } },
-    } as any);
-    vi.mocked(getUserProjects).mockResolvedValueOnce([] as any);
-    vi.mocked(getTeamsByOrganizationId).mockResolvedValueOnce([{ id: "t1", name: "Team1" }] as any);
-    vi.mocked(getAccessControlPermission).mockResolvedValueOnce(true as any);
-
-    const element = await Page({ params, searchParams });
-    render(element as React.ReactElement);
-
-    expect(screen.queryByRole("link")).toBeNull();
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/page.tsx

@@ -1,16 +1,17 @@
-import { getTeamsByOrganizationId } from "@/app/(app)/(onboarding)/lib/onboarding";
-import { ProjectSettings } from "@/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings";
-import { DEFAULT_BRAND_COLOR } from "@/lib/constants";
-import { getUserProjects } from "@/lib/project/service";
-import { getAccessControlPermission } from "@/modules/ee/license-check/lib/utils";
-import { getOrganizationAuth } from "@/modules/organization/lib/utils";
-import { Button } from "@/modules/ui/components/button";
-import { Header } from "@/modules/ui/components/header";
-import { getTranslate } from "@/tolgee/server";
 import { XIcon } from "lucide-react";
 import Link from "next/link";
 import { redirect } from "next/navigation";
 import { TProjectConfigChannel, TProjectConfigIndustry, TProjectMode } from "@formbricks/types/project";
+import { getTeamsByOrganizationId } from "@/app/(app)/(onboarding)/lib/onboarding";
+import { ProjectSettings } from "@/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings";
+import { DEFAULT_BRAND_COLOR } from "@/lib/constants";
+import { getPublicDomain } from "@/lib/getPublicUrl";
+import { getUserProjects } from "@/lib/project/service";
+import { getTranslate } from "@/lingodotdev/server";
+import { getAccessControlPermission } from "@/modules/ee/license-check/lib/utils";
+import { getOrganizationAuth } from "@/modules/organization/lib/utils";
+import { Button } from "@/modules/ui/components/button";
+import { Header } from "@/modules/ui/components/header";
 
 interface ProjectSettingsPageProps {
   params: Promise<{
@@ -47,6 +48,8 @@ const Page = async (props: ProjectSettingsPageProps) => {
     throw new Error(t("common.organization_teams_not_found"));
   }
 
+  const publicDomain = getPublicDomain();
+
   return (
     <div className="flex min-h-full min-w-full flex-col items-center justify-center space-y-12">
       <Header
@@ -62,6 +65,7 @@ const Page = async (props: ProjectSettingsPageProps) => {
         organizationTeams={organizationTeams}
         isAccessControlAllowed={isAccessControlAllowed}
         userProjectsCount={projects.length}
+        publicDomain={publicDomain}
       />
       {projects.length >= 1 && (
         <Button

apps/web/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer.test.tsx

@@ -1,106 +0,0 @@
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render, screen } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { Home, Settings } from "lucide-react";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { OnboardingOptionsContainer } from "./OnboardingOptionsContainer";
-
-describe("OnboardingOptionsContainer", () => {
-  afterEach(() => {
-    cleanup();
-  });
-
-  test("renders options with links", () => {
-    const options = [
-      {
-        title: "Test Option",
-        description: "Test Description",
-        icon: Home,
-        href: "/test",
-      },
-    ];
-
-    render(<OnboardingOptionsContainer options={options} />);
-    expect(screen.getByText("Test Option")).toBeInTheDocument();
-    expect(screen.getByText("Test Description")).toBeInTheDocument();
-  });
-
-  test("renders options with onClick handler", () => {
-    const onClickMock = vi.fn();
-    const options = [
-      {
-        title: "Click Option",
-        description: "Click Description",
-        icon: Home,
-        onClick: onClickMock,
-      },
-    ];
-
-    render(<OnboardingOptionsContainer options={options} />);
-    expect(screen.getByText("Click Option")).toBeInTheDocument();
-    expect(screen.getByText("Click Description")).toBeInTheDocument();
-  });
-
-  test("renders options with iconText", () => {
-    const options = [
-      {
-        title: "Icon Text Option",
-        description: "Icon Text Description",
-        icon: Home,
-        iconText: "Custom Icon Text",
-      },
-    ];
-
-    render(<OnboardingOptionsContainer options={options} />);
-    expect(screen.getByText("Custom Icon Text")).toBeInTheDocument();
-  });
-
-  test("renders options with loading state", () => {
-    const options = [
-      {
-        title: "Loading Option",
-        description: "Loading Description",
-        icon: Home,
-        isLoading: true,
-      },
-    ];
-
-    render(<OnboardingOptionsContainer options={options} />);
-    expect(screen.getByText("Loading Option")).toBeInTheDocument();
-  });
-
-  test("renders multiple options", () => {
-    const options = [
-      {
-        title: "First Option",
-        description: "First Description",
-        icon: Home,
-      },
-      {
-        title: "Second Option",
-        description: "Second Description",
-        icon: Settings,
-      },
-    ];
-
-    render(<OnboardingOptionsContainer options={options} />);
-    expect(screen.getByText("First Option")).toBeInTheDocument();
-    expect(screen.getByText("Second Option")).toBeInTheDocument();
-  });
-
-  test("calls onClick handler when clicking an option", async () => {
-    const onClickMock = vi.fn();
-    const options = [
-      {
-        title: "Click Option",
-        description: "Click Description",
-        icon: Home,
-        onClick: onClickMock,
-      },
-    ];
-
-    render(<OnboardingOptionsContainer options={options} />);
-    await userEvent.click(screen.getByText("Click Option"));
-    expect(onClickMock).toHaveBeenCalledTimes(1);
-  });
-});

apps/web/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer.tsx

@@ -1,7 +1,7 @@
-import { OptionCard } from "@/modules/ui/components/option-card";
 import { LucideProps } from "lucide-react";
 import Link from "next/link";
 import { ForwardRefExoticComponent, RefAttributes } from "react";
+import { OptionCard } from "@/modules/ui/components/option-card";
 
 interface OnboardingOptionsContainerProps {
   options: {

apps/web/app/(app)/(survey-editor)/environments/[environmentId]/layout.test.tsx

@@ -1,114 +0,0 @@
-import { getEnvironment } from "@/lib/environment/service";
-import { environmentIdLayoutChecks } from "@/modules/environments/lib/utils";
-import { cleanup, render, screen } from "@testing-library/react";
-import { Session } from "next-auth";
-import { redirect } from "next/navigation";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TOrganization } from "@formbricks/types/organizations";
-import { TUser } from "@formbricks/types/user";
-import SurveyEditorEnvironmentLayout from "./layout";
-
-// Mock sub-components to render identifiable elements
-vi.mock("@/modules/ui/components/environmentId-base-layout", () => ({
-  EnvironmentIdBaseLayout: ({ children, environmentId }: any) => (
-    <div data-testid="EnvironmentIdBaseLayout">
-      {environmentId}
-      {children}
-    </div>
-  ),
-}));
-
-// Mocks for dependencies
-vi.mock("@/modules/environments/lib/utils", () => ({
-  environmentIdLayoutChecks: vi.fn(),
-}));
-vi.mock("@/lib/environment/service", () => ({
-  getEnvironment: vi.fn(),
-}));
-vi.mock("next/navigation", () => ({
-  redirect: vi.fn(),
-}));
-
-describe("SurveyEditorEnvironmentLayout", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  test("renders successfully when environment is found", async () => {
-    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
-      t: ((key: string) => key) as any, // Mock translation function, we don't need to implement it for the test
-      session: { user: { id: "user1" } } as Session,
-      user: { id: "user1", email: "user1@example.com" } as TUser,
-      organization: { id: "org1", name: "Org1", billing: {} } as TOrganization,
-    });
-    vi.mocked(getEnvironment).mockResolvedValueOnce({ id: "env1" } as TEnvironment);
-
-    const result = await SurveyEditorEnvironmentLayout({
-      params: Promise.resolve({ environmentId: "env1" }),
-      children: <div data-testid="child">Survey Editor Content</div>,
-    });
-
-    render(result);
-
-    expect(screen.getByTestId("EnvironmentIdBaseLayout")).toHaveTextContent("env1");
-    expect(screen.getByTestId("child")).toHaveTextContent("Survey Editor Content");
-  });
-
-  test("throws an error when environment is not found", async () => {
-    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
-      t: ((key: string) => key) as any,
-      session: { user: { id: "user1" } } as Session,
-      user: { id: "user1", email: "user1@example.com" } as TUser,
-      organization: { id: "org1", name: "Org1", billing: {} } as TOrganization,
-    });
-    vi.mocked(getEnvironment).mockResolvedValueOnce(null);
-
-    await expect(
-      SurveyEditorEnvironmentLayout({
-        params: Promise.resolve({ environmentId: "env1" }),
-        children: <div>Content</div>,
-      })
-    ).rejects.toThrow("common.environment_not_found");
-  });
-
-  test("calls redirect when session is null", async () => {
-    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
-      t: ((key: string) => key) as any,
-      session: undefined as unknown as Session,
-      user: undefined as unknown as TUser,
-      organization: { id: "org1", name: "Org1", billing: {} } as TOrganization,
-    });
-    vi.mocked(redirect).mockImplementationOnce(() => {
-      throw new Error("Redirect called");
-    });
-
-    await expect(
-      SurveyEditorEnvironmentLayout({
-        params: Promise.resolve({ environmentId: "env1" }),
-        children: <div>Content</div>,
-      })
-    ).rejects.toThrow("Redirect called");
-  });
-
-  test("throws error if user is null", async () => {
-    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
-      t: ((key: string) => key) as any,
-      session: { user: { id: "user1" } } as Session,
-      user: undefined as unknown as TUser,
-      organization: { id: "org1", name: "Org1", billing: {} } as TOrganization,
-    });
-
-    vi.mocked(redirect).mockImplementationOnce(() => {
-      throw new Error("Redirect called");
-    });
-
-    await expect(
-      SurveyEditorEnvironmentLayout({
-        params: Promise.resolve({ environmentId: "env1" }),
-        children: <div>Content</div>,
-      })
-    ).rejects.toThrow("common.user_not_found");
-  });
-});

apps/web/app/(app)/(survey-editor)/environments/[environmentId]/layout.tsx

@@ -1,14 +1,13 @@
+import { redirect } from "next/navigation";
 import { getEnvironment } from "@/lib/environment/service";
 import { environmentIdLayoutChecks } from "@/modules/environments/lib/utils";
-import { EnvironmentIdBaseLayout } from "@/modules/ui/components/environmentId-base-layout";
-import { redirect } from "next/navigation";
 
 const SurveyEditorEnvironmentLayout = async (props) => {
   const params = await props.params;
 
   const { children } = props;
 
-  const { t, session, user, organization } = await environmentIdLayoutChecks(params.environmentId);
+  const { t, session, user } = await environmentIdLayoutChecks(params.environmentId);
 
   if (!session) {
     return redirect(`/auth/login`);
@@ -25,15 +24,9 @@ const SurveyEditorEnvironmentLayout = async (props) => {
   }
 
   return (
-    <EnvironmentIdBaseLayout
-      environmentId={params.environmentId}
-      session={session}
-      user={user}
-      organization={organization}>
-      <div className="flex h-screen flex-col">
-        <div className="h-full overflow-y-auto bg-slate-50">{children}</div>
-      </div>
-    </EnvironmentIdBaseLayout>
+    <div className="flex h-screen flex-col">
+      <div className="h-full overflow-y-auto bg-slate-50">{children}</div>
+    </div>
   );
 };
 

apps/web/app/(app)/billing-confirmation/components/ConfirmationPage.tsx

@@ -1,17 +1,17 @@
 "use client";
 
-import { Button } from "@/modules/ui/components/button";
-import { Confetti } from "@/modules/ui/components/confetti";
-import { useTranslate } from "@tolgee/react";
 import Link from "next/link";
 import { useEffect, useState } from "react";
+import { useTranslation } from "react-i18next";
+import { Button } from "@/modules/ui/components/button";
+import { Confetti } from "@/modules/ui/components/confetti";
 
 interface ConfirmationPageProps {
   environmentId: string;
 }
 
 export const ConfirmationPage = ({ environmentId }: ConfirmationPageProps) => {
-  const { t } = useTranslate();
+  const { t } = useTranslation();
   const [showConfetti, setShowConfetti] = useState(false);
   useEffect(() => {
     setShowConfetti(true);

apps/web/app/(app)/environments/[environmentId]/(contacts)/contacts/[contactId]/page.test.tsx

@@ -1,43 +0,0 @@
-import { SingleContactPage } from "@/modules/ee/contacts/[contactId]/page";
-import { describe, expect, test, vi } from "vitest";
-import Page from "./page";
-
-// mock constants
-vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: false,
-  ENCRYPTION_KEY: "test",
-  ENTERPRISE_LICENSE_KEY: "test",
-  GITHUB_ID: "test",
-  GITHUB_SECRET: "test",
-  GOOGLE_CLIENT_ID: "test",
-  GOOGLE_CLIENT_SECRET: "test",
-  AZUREAD_CLIENT_ID: "mock-azuread-client-id",
-  AZUREAD_CLIENT_SECRET: "mock-azure-client-secret",
-  AZUREAD_TENANT_ID: "mock-azuread-tenant-id",
-  OIDC_CLIENT_ID: "mock-oidc-client-id",
-  OIDC_CLIENT_SECRET: "mock-oidc-client-secret",
-  OIDC_ISSUER: "mock-oidc-issuer",
-  OIDC_DISPLAY_NAME: "mock-oidc-display-name",
-  OIDC_SIGNING_ALGORITHM: "mock-oidc-signing-algorithm",
-  WEBAPP_URL: "mock-webapp-url",
-  IS_PRODUCTION: true,
-  FB_LOGO_URL: "https://example.com/mock-logo.png",
-  SMTP_HOST: "mock-smtp-host",
-  SMTP_PORT: "mock-smtp-port",
-  IS_POSTHOG_CONFIGURED: true,
-  SESSION_MAX_AGE: 1000,
-  AUDIT_LOG_ENABLED: 1,
-  REDIS_URL: undefined,
-}));
-
-vi.mock("@/lib/env", () => ({
-  env: {
-    PUBLIC_URL: "https://public-domain.com",
-  },
-}));
-
-describe("Contact Page Re-export", () => {
-  test("should re-export SingleContactPage", () => {
-    expect(Page).toBe(SingleContactPage);
-  });
-});

apps/web/app/(app)/environments/[environmentId]/(contacts)/contacts/page.test.tsx

@@ -1,15 +0,0 @@
-import { ContactsPage } from "@/modules/ee/contacts/page";
-import { describe, expect, test, vi } from "vitest";
-import Page from "./page";
-
-// Mock the actual ContactsPage component
-vi.mock("@/modules/ee/contacts/page", () => ({
-  ContactsPage: () => <div data-testid="contacts-page">Mock Contacts Page</div>,
-}));
-
-describe("Contacts Page Re-export", () => {
-  test("should re-export ContactsPage from the EE module", () => {
-    // Assert that the default export 'Page' is the same as the mocked 'ContactsPage'
-    expect(Page).toBe(ContactsPage);
-  });
-});

apps/web/app/(app)/environments/[environmentId]/(contacts)/segments/page.test.tsx

@@ -1,18 +0,0 @@
-import { cleanup, render, screen } from "@testing-library/react";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import SegmentsPageWrapper from "./page";
-
-vi.mock("@/modules/ee/contacts/segments/page", () => ({
-  SegmentsPage: vi.fn(() => <div>SegmentsPageMock</div>),
-}));
-
-describe("SegmentsPageWrapper", () => {
-  afterEach(() => {
-    cleanup();
-  });
-
-  test("renders the SegmentsPage component", () => {
-    render(<SegmentsPageWrapper params={{ environmentId: "test-env" } as any} />);
-    expect(screen.getByText("SegmentsPageMock")).toBeInTheDocument();
-  });
-});

apps/web/app/(app)/environments/[environmentId]/actions.ts

@@ -1,5 +1,10 @@
 "use server";
 
+import { z } from "zod";
+import { ZId } from "@formbricks/types/common";
+import { OperationNotAllowedError } from "@formbricks/types/errors";
+import { ZProjectUpdateInput } from "@formbricks/types/project";
+import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getOrganization } from "@/lib/organization/service";
 import { getOrganizationProjectsCount } from "@/lib/project/service";
 import { updateUser } from "@/lib/user/service";
@@ -12,10 +17,8 @@ import {
   getOrganizationProjectsLimit,
 } from "@/modules/ee/license-check/lib/utils";
 import { createProject } from "@/modules/projects/settings/lib/project";
-import { z } from "zod";
-import { ZId } from "@formbricks/types/common";
-import { OperationNotAllowedError } from "@formbricks/types/errors";
-import { ZProjectUpdateInput } from "@formbricks/types/project";
+import { getOrganizationsByUserId } from "./lib/organization";
+import { getProjectsByUserId } from "./lib/project";
 
 const ZCreateProjectAction = z.object({
   organizationId: ZId,
@@ -84,3 +87,59 @@ export const createProjectAction = authenticatedActionClient.schema(ZCreateProje
     }
   )
 );
+
+const ZGetOrganizationsForSwitcherAction = z.object({
+  organizationId: ZId, // Changed from environmentId to avoid extra query
+});
+
+/**
+ * Fetches organizations list for switcher dropdown.
+ * Called on-demand when user opens the organization switcher.
+ */
+export const getOrganizationsForSwitcherAction = authenticatedActionClient
+  .schema(ZGetOrganizationsForSwitcherAction)
+  .action(async ({ ctx, parsedInput }) => {
+    await checkAuthorizationUpdated({
+      userId: ctx.user.id,
+      organizationId: parsedInput.organizationId,
+      access: [
+        {
+          type: "organization",
+          roles: ["owner", "manager", "member", "billing"],
+        },
+      ],
+    });
+
+    return await getOrganizationsByUserId(ctx.user.id);
+  });
+
+const ZGetProjectsForSwitcherAction = z.object({
+  organizationId: ZId, // Changed from environmentId to avoid extra query
+});
+
+/**
+ * Fetches projects list for switcher dropdown.
+ * Called on-demand when user opens the project switcher.
+ */
+export const getProjectsForSwitcherAction = authenticatedActionClient
+  .schema(ZGetProjectsForSwitcherAction)
+  .action(async ({ ctx, parsedInput }) => {
+    await checkAuthorizationUpdated({
+      userId: ctx.user.id,
+      organizationId: parsedInput.organizationId,
+      access: [
+        {
+          type: "organization",
+          roles: ["owner", "manager", "member", "billing"],
+        },
+      ],
+    });
+
+    // Need membership for getProjectsByUserId (1 DB query)
+    const membership = await getMembershipByUserIdOrganizationId(ctx.user.id, parsedInput.organizationId);
+    if (!membership) {
+      throw new Error("Membership not found");
+    }
+
+    return await getProjectsByUserId(ctx.user.id, membership);
+  });

apps/web/app/(app)/environments/[environmentId]/components/EnvironmentLayout.test.tsx

@@ -1,472 +0,0 @@
-import { getOrganizationsByUserId } from "@/app/(app)/environments/[environmentId]/lib/organization";
-import { getProjectsByUserId } from "@/app/(app)/environments/[environmentId]/lib/project";
-import { getEnvironment, getEnvironments } from "@/lib/environment/service";
-import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
-import { getAccessFlags } from "@/lib/membership/utils";
-import {
-  getMonthlyActiveOrganizationPeopleCount,
-  getMonthlyOrganizationResponseCount,
-  getOrganizationByEnvironmentId,
-} from "@/lib/organization/service";
-import { getUser } from "@/lib/user/service";
-import {
-  getAccessControlPermission,
-  getOrganizationProjectsLimit,
-} from "@/modules/ee/license-check/lib/utils";
-import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
-import { getTeamsByOrganizationId } from "@/modules/ee/teams/team-list/lib/team";
-import { cleanup, render, screen } from "@testing-library/react";
-import type { Session } from "next-auth";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TMembership } from "@formbricks/types/memberships";
-import { TOrganization } from "@formbricks/types/organizations";
-import { TProject } from "@formbricks/types/project";
-import { TUser } from "@formbricks/types/user";
-
-// Mock services and utils
-vi.mock("@/lib/environment/service", () => ({
-  getEnvironment: vi.fn(),
-  getEnvironments: vi.fn(),
-}));
-vi.mock("@/lib/organization/service", () => ({
-  getOrganizationByEnvironmentId: vi.fn(),
-  getMonthlyActiveOrganizationPeopleCount: vi.fn(),
-  getMonthlyOrganizationResponseCount: vi.fn(),
-}));
-vi.mock("@/lib/user/service", () => ({
-  getUser: vi.fn(),
-}));
-vi.mock("@/lib/membership/service", () => ({
-  getMembershipByUserIdOrganizationId: vi.fn(),
-}));
-vi.mock("@/lib/membership/utils", () => ({
-  getAccessFlags: vi.fn(() => ({ isMember: true })), // Default to member for simplicity
-}));
-vi.mock("@/modules/ee/license-check/lib/utils", () => ({
-  getOrganizationProjectsLimit: vi.fn(),
-  getAccessControlPermission: vi.fn(),
-}));
-vi.mock("@/modules/ee/teams/lib/roles", () => ({
-  getProjectPermissionByUserId: vi.fn(),
-}));
-vi.mock("@/modules/ee/teams/team-list/lib/team", () => ({
-  getTeamsByOrganizationId: vi.fn(),
-}));
-vi.mock("@/tolgee/server", () => ({
-  getTranslate: async () => (key: string) => key,
-}));
-vi.mock("@/app/(app)/environments/[environmentId]/lib/organization", () => ({
-  getOrganizationsByUserId: vi.fn(),
-}));
-vi.mock("@/app/(app)/environments/[environmentId]/lib/project", () => ({
-  getProjectsByUserId: vi.fn(),
-}));
-vi.mock("@formbricks/database", () => ({
-  prisma: {
-    project: {
-      findMany: vi.fn(),
-    },
-    organization: {
-      findMany: vi.fn(),
-    },
-  },
-}));
-
-let mockIsFormbricksCloud = false;
-let mockIsDevelopment = false;
-
-vi.mock("@/lib/constants", () => ({
-  get IS_FORMBRICKS_CLOUD() {
-    return mockIsFormbricksCloud;
-  },
-  get IS_DEVELOPMENT() {
-    return mockIsDevelopment;
-  },
-}));
-
-// Mock components
-vi.mock("@/app/(app)/environments/[environmentId]/components/MainNavigation", () => ({
-  MainNavigation: ({ organizationTeams, isAccessControlAllowed }: any) => (
-    <div data-testid="main-navigation">
-      MainNavigation
-      <div data-testid="organization-teams">{JSON.stringify(organizationTeams || [])}</div>
-      <div data-testid="is-access-control-allowed">{isAccessControlAllowed?.toString() || "false"}</div>
-    </div>
-  ),
-}));
-vi.mock("@/app/(app)/environments/[environmentId]/components/TopControlBar", () => ({
-  TopControlBar: () => <div data-testid="top-control-bar">TopControlBar</div>,
-}));
-vi.mock("@/modules/ui/components/limits-reached-banner", () => ({
-  LimitsReachedBanner: () => <div data-testid="limits-banner">LimitsReachedBanner</div>,
-}));
-vi.mock("@/modules/ui/components/pending-downgrade-banner", () => ({
-  PendingDowngradeBanner: ({
-    isPendingDowngrade,
-    active,
-  }: {
-    isPendingDowngrade: boolean;
-    active: boolean;
-  }) =>
-    isPendingDowngrade && active ? <div data-testid="downgrade-banner">PendingDowngradeBanner</div> : null,
-}));
-
-const mockUser = {
-  id: "user-1",
-  name: "Test User",
-  email: "test@example.com",
-  emailVerified: new Date(),
-  twoFactorEnabled: false,
-  identityProvider: "email",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  notificationSettings: { alert: {} },
-} as unknown as TUser;
-
-const mockOrganization = {
-  id: "org-1",
-  name: "Test Org",
-  billing: {
-    plan: "free",
-    limits: {},
-  },
-} as unknown as TOrganization;
-
-const mockEnvironment: TEnvironment = {
-  id: "env-1",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  type: "production",
-  projectId: "proj-1",
-  appSetupCompleted: true,
-};
-
-const mockProject: TProject = {
-  id: "proj-1",
-  name: "Test Project",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  organizationId: "org-1",
-  environments: [mockEnvironment],
-} as unknown as TProject;
-
-const mockMembership: TMembership = {
-  organizationId: "org-1",
-  userId: "user-1",
-  accepted: true,
-  role: "owner",
-};
-
-const mockLicense = {
-  plan: "free",
-  active: false,
-  lastChecked: new Date(),
-  features: { isMultiOrgEnabled: false },
-} as any;
-
-const mockProjectPermission = {
-  userId: "user-1",
-  projectId: "proj-1",
-  role: "admin",
-} as any;
-
-const mockOrganizationTeams = [
-  {
-    id: "team-1",
-    name: "Development Team",
-  },
-  {
-    id: "team-2",
-    name: "Marketing Team",
-  },
-];
-
-const mockSession: Session = {
-  user: {
-    id: "user-1",
-  },
-  expires: new Date(Date.now() + 3600 * 1000).toISOString(),
-};
-
-describe("EnvironmentLayout", () => {
-  beforeEach(() => {
-    vi.mocked(getUser).mockResolvedValue(mockUser);
-    vi.mocked(getEnvironment).mockResolvedValue(mockEnvironment);
-    vi.mocked(getOrganizationsByUserId).mockResolvedValue([
-      { id: mockOrganization.id, name: mockOrganization.name },
-    ]);
-    vi.mocked(getOrganizationByEnvironmentId).mockResolvedValue(mockOrganization);
-    vi.mocked(getProjectsByUserId).mockResolvedValue([{ id: mockProject.id, name: mockProject.name }]);
-    vi.mocked(getEnvironments).mockResolvedValue([mockEnvironment]);
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue(mockMembership);
-    vi.mocked(getMonthlyActiveOrganizationPeopleCount).mockResolvedValue(100);
-    vi.mocked(getMonthlyOrganizationResponseCount).mockResolvedValue(500);
-    vi.mocked(getOrganizationProjectsLimit).mockResolvedValue(null as any);
-    vi.mocked(getProjectPermissionByUserId).mockResolvedValue(mockProjectPermission);
-    vi.mocked(getTeamsByOrganizationId).mockResolvedValue(mockOrganizationTeams);
-    vi.mocked(getAccessControlPermission).mockResolvedValue(true);
-    mockIsDevelopment = false;
-    mockIsFormbricksCloud = false;
-  });
-
-  afterEach(() => {
-    cleanup();
-    vi.resetAllMocks();
-  });
-
-  test("renders correctly with default props", async () => {
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    render(
-      await EnvironmentLayout({
-        environmentId: "env-1",
-        session: mockSession,
-        children: <div>Child Content</div>,
-      })
-    );
-    expect(screen.getByTestId("main-navigation")).toBeInTheDocument();
-    expect(screen.getByTestId("top-control-bar")).toBeInTheDocument();
-    expect(screen.getByText("Child Content")).toBeInTheDocument();
-    expect(screen.queryByTestId("dev-banner")).not.toBeInTheDocument();
-    expect(screen.queryByTestId("limits-banner")).not.toBeInTheDocument();
-    expect(screen.queryByTestId("downgrade-banner")).not.toBeInTheDocument();
-  });
-
-  test("renders LimitsReachedBanner in Formbricks Cloud", async () => {
-    mockIsFormbricksCloud = true;
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    render(
-      await EnvironmentLayout({
-        environmentId: "env-1",
-        session: mockSession,
-        children: <div>Child Content</div>,
-      })
-    );
-    expect(screen.getByTestId("limits-banner")).toBeInTheDocument();
-    expect(vi.mocked(getMonthlyActiveOrganizationPeopleCount)).toHaveBeenCalledWith(mockOrganization.id);
-    expect(vi.mocked(getMonthlyOrganizationResponseCount)).toHaveBeenCalledWith(mockOrganization.id);
-  });
-
-  test("renders PendingDowngradeBanner when pending downgrade", async () => {
-    const pendingLicense = { ...mockLicense, isPendingDowngrade: true, active: true };
-    vi.mocked(getOrganizationProjectsLimit).mockResolvedValue(null as any);
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue(pendingLicense),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    render(
-      await EnvironmentLayout({
-        environmentId: "env-1",
-        session: mockSession,
-        children: <div>Child Content</div>,
-      })
-    );
-    expect(screen.getByTestId("downgrade-banner")).toBeInTheDocument();
-  });
-
-  test("handles empty organizationTeams array", async () => {
-    vi.mocked(getTeamsByOrganizationId).mockResolvedValue([]);
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    render(
-      await EnvironmentLayout({
-        environmentId: "env-1",
-        session: mockSession,
-        children: <div>Child Content</div>,
-      })
-    );
-
-    expect(screen.getByTestId("organization-teams")).toHaveTextContent("[]");
-  });
-
-  test("handles null organizationTeams", async () => {
-    vi.mocked(getTeamsByOrganizationId).mockResolvedValue(null);
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    render(
-      await EnvironmentLayout({
-        environmentId: "env-1",
-        session: mockSession,
-        children: <div>Child Content</div>,
-      })
-    );
-
-    expect(screen.getByTestId("organization-teams")).toHaveTextContent("[]");
-  });
-
-  test("handles isAccessControlAllowed false", async () => {
-    vi.mocked(getAccessControlPermission).mockResolvedValue(false);
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    render(
-      await EnvironmentLayout({
-        environmentId: "env-1",
-        session: mockSession,
-        children: <div>Child Content</div>,
-      })
-    );
-
-    expect(screen.getByTestId("is-access-control-allowed")).toHaveTextContent("false");
-  });
-
-  test("throws error if user not found", async () => {
-    vi.mocked(getUser).mockResolvedValue(null);
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    await expect(EnvironmentLayout({ environmentId: "env-1", session: mockSession })).rejects.toThrow(
-      "common.user_not_found"
-    );
-  });
-
-  test("throws error if organization not found", async () => {
-    vi.mocked(getOrganizationByEnvironmentId).mockResolvedValue(null);
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    await expect(EnvironmentLayout({ environmentId: "env-1", session: mockSession })).rejects.toThrow(
-      "common.organization_not_found"
-    );
-  });
-
-  test("throws error if environment not found", async () => {
-    vi.mocked(getEnvironment).mockResolvedValue(null);
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    await expect(EnvironmentLayout({ environmentId: "env-1", session: mockSession })).rejects.toThrow(
-      "common.environment_not_found"
-    );
-  });
-
-  test("throws error if projects, environments or organizations not found", async () => {
-    vi.mocked(getProjectsByUserId).mockResolvedValue(null as any);
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    await expect(EnvironmentLayout({ environmentId: "env-1", session: mockSession })).rejects.toThrow(
-      "environments.projects_environments_organizations_not_found"
-    );
-  });
-
-  test("throws error if member has no project permission", async () => {
-    vi.mocked(getAccessFlags).mockReturnValue({ isMember: true } as any);
-    vi.mocked(getProjectPermissionByUserId).mockResolvedValue(null);
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    await expect(EnvironmentLayout({ environmentId: "env-1", session: mockSession })).rejects.toThrow(
-      "common.project_permission_not_found"
-    );
-  });
-});

apps/web/app/(app)/environments/[environmentId]/components/EnvironmentLayout.tsx

@@ -1,104 +1,51 @@
 import { MainNavigation } from "@/app/(app)/environments/[environmentId]/components/MainNavigation";
 import { TopControlBar } from "@/app/(app)/environments/[environmentId]/components/TopControlBar";
-import { getOrganizationsByUserId } from "@/app/(app)/environments/[environmentId]/lib/organization";
-import { getProjectsByUserId } from "@/app/(app)/environments/[environmentId]/lib/project";
 import { IS_DEVELOPMENT, IS_FORMBRICKS_CLOUD } from "@/lib/constants";
-import { getEnvironment, getEnvironments } from "@/lib/environment/service";
-import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
+import { getPublicDomain } from "@/lib/getPublicUrl";
 import { getAccessFlags } from "@/lib/membership/utils";
-import {
-  getMonthlyActiveOrganizationPeopleCount,
-  getMonthlyOrganizationResponseCount,
-  getOrganizationByEnvironmentId,
-} from "@/lib/organization/service";
-import { getUser } from "@/lib/user/service";
-import { getEnterpriseLicense } from "@/modules/ee/license-check/lib/license";
-import {
-  getAccessControlPermission,
-  getOrganizationProjectsLimit,
-} from "@/modules/ee/license-check/lib/utils";
-import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
+import { getTranslate } from "@/lingodotdev/server";
+import { getOrganizationProjectsLimit } from "@/modules/ee/license-check/lib/utils";
+import { TEnvironmentLayoutData } from "@/modules/environments/types/environment-auth";
 import { LimitsReachedBanner } from "@/modules/ui/components/limits-reached-banner";
 import { PendingDowngradeBanner } from "@/modules/ui/components/pending-downgrade-banner";
-import { getTranslate } from "@/tolgee/server";
-import type { Session } from "next-auth";
 
 interface EnvironmentLayoutProps {
-  environmentId: string;
-  session: Session;
+  layoutData: TEnvironmentLayoutData;
   children?: React.ReactNode;
 }
 
-export const EnvironmentLayout = async ({ environmentId, session, children }: EnvironmentLayoutProps) => {
+export const EnvironmentLayout = async ({ layoutData, children }: EnvironmentLayoutProps) => {
   const t = await getTranslate();
-  const [user, environment, organizations, organization] = await Promise.all([
-    getUser(session.user.id),
-    getEnvironment(environmentId),
-    getOrganizationsByUserId(session.user.id),
-    getOrganizationByEnvironmentId(environmentId),
-  ]);
+  const publicDomain = getPublicDomain();
 
-  if (!user) {
-    throw new Error(t("common.user_not_found"));
-  }
+  // Destructure all data from props (NO database queries)
+  const {
+    user,
+    environment,
+    organization,
+    membership,
+    project, // Current project details
+    environments, // All project environments (for environment switcher)
+    isAccessControlAllowed,
+    projectPermission,
+    license,
+    peopleCount,
+    responseCount,
+  } = layoutData;
 
-  if (!organization) {
-    throw new Error(t("common.organization_not_found"));
-  }
+  // Calculate derived values (no queries)
+  const { isMember, isOwner, isManager } = getAccessFlags(membership.role);
 
-  if (!environment) {
-    throw new Error(t("common.environment_not_found"));
-  }
-
-  const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organization.id);
-  if (!currentUserMembership) {
-    throw new Error(t("common.membership_not_found"));
-  }
-  const membershipRole = currentUserMembership?.role;
-
-  const [projects, environments, isAccessControlAllowed] = await Promise.all([
-    getProjectsByUserId(user.id, currentUserMembership),
-    getEnvironments(environment.projectId),
-    getAccessControlPermission(organization.billing.plan),
-  ]);
-
-  if (!projects || !environments || !organizations) {
-    throw new Error(t("environments.projects_environments_organizations_not_found"));
-  }
-
-  const { isMember } = getAccessFlags(membershipRole);
-
-  const { features, lastChecked, isPendingDowngrade, active } = await getEnterpriseLicense();
-
-  const projectPermission = await getProjectPermissionByUserId(session.user.id, environment.projectId);
+  const { features, lastChecked, isPendingDowngrade, active } = license;
+  const isMultiOrgEnabled = features?.isMultiOrgEnabled ?? false;
+  const organizationProjectsLimit = await getOrganizationProjectsLimit(organization.billing.limits);
+  const isOwnerOrManager = isOwner || isManager;
 
+  // Validate that project permission exists for members
   if (isMember && !projectPermission) {
     throw new Error(t("common.project_permission_not_found"));
   }
 
-  const isMultiOrgEnabled = features?.isMultiOrgEnabled ?? false;
-
-  let peopleCount = 0;
-  let responseCount = 0;
-
-  if (IS_FORMBRICKS_CLOUD) {
-    [peopleCount, responseCount] = await Promise.all([
-      getMonthlyActiveOrganizationPeopleCount(organization.id),
-      getMonthlyOrganizationResponseCount(organization.id),
-    ]);
-  }
-
-  const organizationProjectsLimit = await getOrganizationProjectsLimit(organization.billing.limits);
-
-  // Find the current project from the projects array
-  const project = projects.find((p) => p.id === environment.projectId);
-  if (!project) {
-    throw new Error(t("common.project_not_found"));
-  }
-
-  const { isManager, isOwner } = getAccessFlags(membershipRole);
-  const isOwnerOrManager = isManager || isOwner;
-
   return (
     <div className="flex h-screen min-h-screen flex-col overflow-hidden">
       {IS_FORMBRICKS_CLOUD && (
@@ -122,26 +69,25 @@ export const EnvironmentLayout = async ({ environmentId, session, children }: En
         <MainNavigation
           environment={environment}
           organization={organization}
-          projects={projects}
           user={user}
+          project={{ id: project.id, name: project.name }}
           isFormbricksCloud={IS_FORMBRICKS_CLOUD}
           isDevelopment={IS_DEVELOPMENT}
-          membershipRole={membershipRole}
+          membershipRole={membership.role}
+          publicDomain={publicDomain}
         />
         <div id="mainContent" className="flex flex-1 flex-col overflow-hidden bg-slate-50">
           <TopControlBar
             environments={environments}
             currentOrganizationId={organization.id}
-            organizations={organizations}
             currentProjectId={project.id}
-            projects={projects}
             isMultiOrgEnabled={isMultiOrgEnabled}
             organizationProjectsLimit={organizationProjectsLimit}
             isFormbricksCloud={IS_FORMBRICKS_CLOUD}
             isLicenseActive={active}
             isOwnerOrManager={isOwnerOrManager}
             isAccessControlAllowed={isAccessControlAllowed}
-            membershipRole={membershipRole}
+            membershipRole={membership.role}
           />
           <div className="flex-1 overflow-y-auto">{children}</div>
         </div>

apps/web/app/(app)/environments/[environmentId]/components/EnvironmentStorageHandler.test.tsx

@@ -1,33 +0,0 @@
-import { FORMBRICKS_ENVIRONMENT_ID_LS } from "@/lib/localStorage";
-import { render } from "@testing-library/react";
-import { describe, expect, test, vi } from "vitest";
-import EnvironmentStorageHandler from "./EnvironmentStorageHandler";
-
-describe("EnvironmentStorageHandler", () => {
-  test("sets environmentId in localStorage on mount", () => {
-    const setItemSpy = vi.spyOn(Storage.prototype, "setItem");
-    const testEnvironmentId = "test-env-123";
-
-    render(<EnvironmentStorageHandler environmentId={testEnvironmentId} />);
-
-    expect(setItemSpy).toHaveBeenCalledWith(FORMBRICKS_ENVIRONMENT_ID_LS, testEnvironmentId);
-    setItemSpy.mockRestore();
-  });
-
-  test("updates environmentId in localStorage when prop changes", () => {
-    const setItemSpy = vi.spyOn(Storage.prototype, "setItem");
-    const initialEnvironmentId = "test-env-initial";
-    const updatedEnvironmentId = "test-env-updated";
-
-    const { rerender } = render(<EnvironmentStorageHandler environmentId={initialEnvironmentId} />);
-
-    expect(setItemSpy).toHaveBeenCalledWith(FORMBRICKS_ENVIRONMENT_ID_LS, initialEnvironmentId);
-
-    rerender(<EnvironmentStorageHandler environmentId={updatedEnvironmentId} />);
-
-    expect(setItemSpy).toHaveBeenCalledWith(FORMBRICKS_ENVIRONMENT_ID_LS, updatedEnvironmentId);
-    expect(setItemSpy).toHaveBeenCalledTimes(2); // Called on mount and on rerender with new prop
-
-    setItemSpy.mockRestore();
-  });
-});

apps/web/app/(app)/environments/[environmentId]/components/EnvironmentStorageHandler.tsx

@@ -1,7 +1,7 @@
 "use client";
 
-import { FORMBRICKS_ENVIRONMENT_ID_LS } from "@/lib/localStorage";
 import { useEffect } from "react";
+import { FORMBRICKS_ENVIRONMENT_ID_LS } from "@/lib/localStorage";
 
 interface EnvironmentStorageHandlerProps {
   environmentId: string;

apps/web/app/(app)/environments/[environmentId]/components/EnvironmentSwitch.test.tsx

@@ -1,149 +0,0 @@
-import { cleanup, render, screen, waitFor } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { TEnvironment } from "@formbricks/types/environment";
-import { EnvironmentSwitch } from "./EnvironmentSwitch";
-
-// Mock next/navigation
-const mockPush = vi.fn();
-vi.mock("next/navigation", () => ({
-  useRouter: vi.fn(() => ({
-    push: mockPush,
-  })),
-}));
-
-// Mock @tolgee/react
-vi.mock("@tolgee/react", () => ({
-  useTranslate: () => ({
-    t: (key: string) => key,
-  }),
-}));
-
-const mockEnvironmentDev: TEnvironment = {
-  id: "dev-env-id",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  type: "development",
-  projectId: "project-id",
-  appSetupCompleted: true,
-};
-
-const mockEnvironmentProd: TEnvironment = {
-  id: "prod-env-id",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  type: "production",
-  projectId: "project-id",
-  appSetupCompleted: true,
-};
-
-const mockEnvironments = [mockEnvironmentDev, mockEnvironmentProd];
-
-describe("EnvironmentSwitch", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  test("renders checked when environment is development", () => {
-    render(<EnvironmentSwitch environment={mockEnvironmentDev} environments={mockEnvironments} />);
-    const switchElement = screen.getByRole("switch");
-    expect(switchElement).toBeChecked();
-    expect(screen.getByText("common.dev_env")).toHaveClass("text-orange-800");
-  });
-
-  test("renders unchecked when environment is production", () => {
-    render(<EnvironmentSwitch environment={mockEnvironmentProd} environments={mockEnvironments} />);
-    const switchElement = screen.getByRole("switch");
-    expect(switchElement).not.toBeChecked();
-    expect(screen.getByText("common.dev_env")).not.toHaveClass("text-orange-800");
-  });
-
-  test("calls router.push with development environment ID when toggled from production", async () => {
-    render(<EnvironmentSwitch environment={mockEnvironmentProd} environments={mockEnvironments} />);
-    const switchElement = screen.getByRole("switch");
-
-    expect(switchElement).not.toBeChecked();
-    await userEvent.click(switchElement);
-
-    // Check loading state (switch disabled)
-    expect(switchElement).toBeDisabled();
-
-    // Check router push call
-    await waitFor(() => {
-      expect(mockPush).toHaveBeenCalledWith(`/environments/${mockEnvironmentDev.id}/`);
-    });
-
-    // Check visual state change (though state update happens before navigation)
-    // In a real scenario, the component would re-render with the new environment prop after navigation.
-    // Here, we simulate the state change directly for testing the toggle logic.
-    await waitFor(() => {
-      // Re-render or check internal state if possible, otherwise check mock calls
-      // Since the component manages its own state, we can check the visual state after click
-      expect(switchElement).toBeChecked(); // State updates immediately
-    });
-  });
-
-  test("calls router.push with production environment ID when toggled from development", async () => {
-    render(<EnvironmentSwitch environment={mockEnvironmentDev} environments={mockEnvironments} />);
-    const switchElement = screen.getByRole("switch");
-
-    expect(switchElement).toBeChecked();
-    await userEvent.click(switchElement);
-
-    // Check loading state (switch disabled)
-    expect(switchElement).toBeDisabled();
-
-    // Check router push call
-    await waitFor(() => {
-      expect(mockPush).toHaveBeenCalledWith(`/environments/${mockEnvironmentProd.id}/`);
-    });
-
-    // Check visual state change
-    await waitFor(() => {
-      expect(switchElement).not.toBeChecked(); // State updates immediately
-    });
-  });
-
-  test("does not call router.push if target environment is not found", async () => {
-    const incompleteEnvironments = [mockEnvironmentProd]; // Only production exists
-    render(<EnvironmentSwitch environment={mockEnvironmentProd} environments={incompleteEnvironments} />);
-    const switchElement = screen.getByRole("switch");
-
-    await userEvent.click(switchElement); // Try to toggle to development
-
-    await waitFor(() => {
-      expect(switchElement).toBeDisabled(); // Loading state still set
-    });
-
-    // router.push should not be called because dev env is missing
-    expect(mockPush).not.toHaveBeenCalled();
-
-    // State still updates visually
-    await waitFor(() => {
-      expect(switchElement).toBeChecked();
-    });
-  });
-
-  test("toggles using the label click", async () => {
-    render(<EnvironmentSwitch environment={mockEnvironmentProd} environments={mockEnvironments} />);
-    const labelElement = screen.getByText("common.dev_env");
-    const switchElement = screen.getByRole("switch");
-
-    expect(switchElement).not.toBeChecked();
-    await userEvent.click(labelElement); // Click the label
-
-    // Check loading state (switch disabled)
-    expect(switchElement).toBeDisabled();
-
-    // Check router push call
-    await waitFor(() => {
-      expect(mockPush).toHaveBeenCalledWith(`/environments/${mockEnvironmentDev.id}/`);
-    });
-
-    // Check visual state change
-    await waitFor(() => {
-      expect(switchElement).toBeChecked();
-    });
-  });
-});

apps/web/app/(app)/environments/[environmentId]/components/EnvironmentSwitch.tsx

@@ -1,12 +1,12 @@
 "use client";
 
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import { useTranslation } from "react-i18next";
+import { TEnvironment } from "@formbricks/types/environment";
 import { cn } from "@/lib/cn";
 import { Label } from "@/modules/ui/components/label";
 import { Switch } from "@/modules/ui/components/switch";
-import { useTranslate } from "@tolgee/react";
-import { useRouter } from "next/navigation";
-import { useState } from "react";
-import { TEnvironment } from "@formbricks/types/environment";
 
 interface EnvironmentSwitchProps {
   environment: TEnvironment;
@@ -14,7 +14,7 @@ interface EnvironmentSwitchProps {
 }
 
 export const EnvironmentSwitch = ({ environment, environments }: EnvironmentSwitchProps) => {
-  const { t } = useTranslate();
+  const { t } = useTranslation();
   const router = useRouter();
   const [isEnvSwitchChecked, setIsEnvSwitchChecked] = useState(environment?.type === "development");
   const [isLoading, setIsLoading] = useState(false);

apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.test.tsx

@@ -1,286 +0,0 @@
-import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
-import { getLatestStableFbReleaseAction } from "@/modules/projects/settings/(setup)/app-connection/actions";
-import { cleanup, render, screen, waitFor } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { usePathname, useRouter } from "next/navigation";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TOrganization } from "@formbricks/types/organizations";
-import { TProject } from "@formbricks/types/project";
-import { TUser } from "@formbricks/types/user";
-import { MainNavigation } from "./MainNavigation";
-
-// Mock constants that this test needs
-vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: false,
-  WEBAPP_URL: "http://localhost:3000",
-}));
-
-// Mock server actions that this test needs
-vi.mock("@/modules/auth/actions/sign-out", () => ({
-  logSignOutAction: vi.fn().mockResolvedValue(undefined),
-}));
-
-// Mock dependencies
-vi.mock("next/navigation", () => ({
-  useRouter: vi.fn(() => ({ push: vi.fn() })),
-  usePathname: vi.fn(() => "/environments/env1/surveys"),
-}));
-vi.mock("next-auth/react", () => ({
-  signOut: vi.fn(),
-}));
-vi.mock("@/modules/auth/hooks/use-sign-out", () => ({
-  useSignOut: vi.fn(() => ({ signOut: vi.fn() })),
-}));
-vi.mock("@/modules/projects/settings/(setup)/app-connection/actions", () => ({
-  getLatestStableFbReleaseAction: vi.fn(),
-}));
-vi.mock("@/app/lib/formbricks", () => ({
-  formbricksLogout: vi.fn(),
-}));
-vi.mock("@/lib/membership/utils", () => ({
-  getAccessFlags: (role?: string) => ({
-    isAdmin: role === "admin",
-    isOwner: role === "owner",
-    isManager: role === "manager",
-    isMember: role === "member",
-    isBilling: role === "billing",
-  }),
-}));
-vi.mock("@/modules/organization/components/CreateOrganizationModal", () => ({
-  CreateOrganizationModal: ({ open }: { open: boolean }) =>
-    open ? <div data-testid="create-org-modal">Create Org Modal</div> : null,
-}));
-vi.mock("@/modules/ui/components/avatars", () => ({
-  ProfileAvatar: () => <div data-testid="profile-avatar">Avatar</div>,
-}));
-vi.mock("next/image", () => ({
-  // eslint-disable-next-line @next/next/no-img-element
-  default: (props: any) => <img alt="test" {...props} />,
-}));
-vi.mock("../../../../../package.json", () => ({
-  version: "1.0.0",
-}));
-
-// Mock localStorage
-const localStorageMock = (() => {
-  let store: Record<string, string> = {};
-  return {
-    getItem: (key: string) => store[key] || null,
-    setItem: (key: string, value: string) => {
-      store[key] = value.toString();
-    },
-    removeItem: (key: string) => {
-      delete store[key];
-    },
-    clear: () => {
-      store = {};
-    },
-  };
-})();
-Object.defineProperty(window, "localStorage", { value: localStorageMock });
-
-// Mock data
-const mockEnvironment: TEnvironment = {
-  id: "env1",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  type: "production",
-  projectId: "proj1",
-  appSetupCompleted: true,
-};
-const mockUser = {
-  id: "user1",
-  name: "Test User",
-  email: "test@example.com",
-  emailVerified: new Date(),
-  twoFactorEnabled: false,
-  identityProvider: "email",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  notificationSettings: { alert: {} },
-  role: "project_manager",
-  objective: "other",
-} as unknown as TUser;
-
-const mockOrganization = {
-  id: "org1",
-  name: "Test Org",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  billing: { stripeCustomerId: null, plan: "free", limits: { monthly: { responses: null } } } as any,
-} as unknown as TOrganization;
-
-const mockOrganizations: TOrganization[] = [
-  mockOrganization,
-  { ...mockOrganization, id: "org2", name: "Another Org" },
-];
-const mockProject: TProject = {
-  id: "proj1",
-  name: "Test Project",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  organizationId: "org1",
-  environments: [mockEnvironment],
-  config: { channel: "website" },
-} as unknown as TProject;
-const mockProjects: TProject[] = [mockProject];
-
-const defaultProps = {
-  environment: mockEnvironment,
-  organizations: mockOrganizations,
-  user: mockUser,
-  organization: mockOrganization,
-  projects: mockProjects,
-  isMultiOrgEnabled: true,
-  isFormbricksCloud: false,
-  isDevelopment: false,
-  membershipRole: "owner" as const,
-  organizationProjectsLimit: 5,
-  isLicenseActive: true,
-  isAccessControlAllowed: true,
-};
-
-describe("MainNavigation", () => {
-  let mockRouterPush: ReturnType<typeof vi.fn>;
-
-  beforeEach(() => {
-    mockRouterPush = vi.fn();
-    vi.mocked(useRouter).mockReturnValue({ push: mockRouterPush } as any);
-    vi.mocked(usePathname).mockReturnValue("/environments/env1/surveys");
-    vi.mocked(getLatestStableFbReleaseAction).mockResolvedValue({ data: null }); // Default: no new version
-    localStorage.clear();
-  });
-
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  test("renders expanded by default and collapses on toggle", async () => {
-    render(<MainNavigation {...defaultProps} />);
-    // Assuming the toggle button is the only one initially without an accessible name
-    // A more specific selector like data-testid would be better if available.
-    const toggleButton = screen.getByRole("button", { name: "" });
-
-    // Check initial state (expanded)
-    expect(screen.getByAltText("environments.formbricks_logo")).toBeInTheDocument();
-    // Check localStorage is not set initially after clear()
-    expect(localStorage.getItem("isMainNavCollapsed")).toBeNull();
-
-    // Click to collapse
-    await userEvent.click(toggleButton);
-
-    // Check state after first toggle (collapsed)
-    await waitFor(() => {
-      // Check that the attribute eventually becomes true
-      // Check that localStorage is updated
-      expect(localStorage.getItem("isMainNavCollapsed")).toBe("true");
-    });
-    // Check that the logo is eventually hidden
-    await waitFor(() => {
-      expect(screen.queryByAltText("environments.formbricks_logo")).not.toBeInTheDocument();
-    });
-
-    // Click to expand
-    await userEvent.click(toggleButton);
-
-    // Check state after second toggle (expanded)
-    await waitFor(() => {
-      // Check that the attribute eventually becomes false
-      // Check that localStorage is updated
-      expect(localStorage.getItem("isMainNavCollapsed")).toBe("false");
-    });
-    // Check that the logo is eventually visible
-    await waitFor(() => {
-      expect(screen.getByAltText("environments.formbricks_logo")).toBeInTheDocument();
-    });
-  });
-
-  test("renders user dropdown and handles logout", async () => {
-    const mockSignOut = vi.fn().mockResolvedValue({ url: "/auth/login" });
-    vi.mocked(useSignOut).mockReturnValue({ signOut: mockSignOut });
-
-    // Set up localStorage spy on the mocked localStorage
-
-    render(<MainNavigation {...defaultProps} />);
-
-    // Find the avatar and get its parent div which acts as the trigger
-    const userTrigger = screen.getByTestId("profile-avatar").parentElement!;
-    expect(userTrigger).toBeInTheDocument(); // Ensure the trigger element is found
-    await userEvent.click(userTrigger);
-
-    // Wait for the dropdown content to appear
-    await waitFor(() => {
-      expect(screen.getByText("common.account")).toBeInTheDocument();
-    });
-
-    expect(screen.getByText("common.documentation")).toBeInTheDocument();
-    expect(screen.getByText("common.logout")).toBeInTheDocument();
-
-    const logoutButton = screen.getByText("common.logout");
-    await userEvent.click(logoutButton);
-
-    expect(mockSignOut).toHaveBeenCalledWith({
-      reason: "user_initiated",
-      redirectUrl: "/auth/login",
-      organizationId: "org1",
-      redirect: false,
-      callbackUrl: "/auth/login",
-      clearEnvironmentId: true,
-    });
-
-    await waitFor(() => {
-      expect(mockRouterPush).toHaveBeenCalledWith("/auth/login");
-    });
-  });
-
-  test("hides new version banner for members or if no new version", async () => {
-    // Test for member
-    vi.mocked(getLatestStableFbReleaseAction).mockResolvedValue({ data: "v1.1.0" });
-    render(<MainNavigation {...defaultProps} membershipRole="member" />);
-    let toggleButton = screen.getByRole("button", { name: "" });
-    await userEvent.click(toggleButton);
-    await waitFor(() => {
-      expect(screen.queryByText("common.new_version_available", { exact: false })).not.toBeInTheDocument();
-    });
-    cleanup(); // Clean up before next render
-
-    // Test for no new version
-    vi.mocked(getLatestStableFbReleaseAction).mockResolvedValue({ data: null });
-    render(<MainNavigation {...defaultProps} membershipRole="owner" />);
-    toggleButton = screen.getByRole("button", { name: "" });
-    await userEvent.click(toggleButton);
-    await waitFor(() => {
-      expect(screen.queryByText("common.new_version_available", { exact: false })).not.toBeInTheDocument();
-    });
-  });
-
-  test("hides main nav and project switcher if user role is billing", () => {
-    render(<MainNavigation {...defaultProps} membershipRole="billing" />);
-    expect(screen.queryByRole("link", { name: /common.surveys/ })).not.toBeInTheDocument();
-    expect(screen.queryByTestId("project-switcher")).not.toBeInTheDocument();
-  });
-
-  test("passes isAccessControlAllowed props to ProjectSwitcher", () => {
-    render(<MainNavigation {...defaultProps} />);
-
-    // Test basic navigation structure is rendered (aside element with complementary role)
-    expect(screen.getByRole("complementary")).toBeInTheDocument();
-    expect(screen.getByTestId("profile-avatar")).toBeInTheDocument();
-  });
-
-  test("handles no organizationTeams", () => {
-    render(<MainNavigation {...defaultProps} />);
-
-    // Test that navigation renders correctly with no teams
-    expect(screen.getByRole("complementary")).toBeInTheDocument();
-  });
-
-  test("handles isAccessControlAllowed false", () => {
-    render(<MainNavigation {...defaultProps} />);
-
-    // Test that navigation renders correctly with access control disabled
-    expect(screen.getByRole("complementary")).toBeInTheDocument();
-  });
-});

apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.tsx

@@ -1,21 +1,5 @@
 "use client";
 
-import { NavigationLink } from "@/app/(app)/environments/[environmentId]/components/NavigationLink";
-import { isNewerVersion } from "@/app/(app)/environments/[environmentId]/lib/utils";
-import FBLogo from "@/images/formbricks-wordmark.svg";
-import { cn } from "@/lib/cn";
-import { getAccessFlags } from "@/lib/membership/utils";
-import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
-import { getLatestStableFbReleaseAction } from "@/modules/projects/settings/(setup)/app-connection/actions";
-import { ProfileAvatar } from "@/modules/ui/components/avatars";
-import { Button } from "@/modules/ui/components/button";
-import {
-  DropdownMenu,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuTrigger,
-} from "@/modules/ui/components/dropdown-menu";
-import { useTranslate } from "@tolgee/react";
 import {
   ArrowUpRightIcon,
   ChevronRightIcon,
@@ -32,40 +16,57 @@ import Image from "next/image";
 import Link from "next/link";
 import { usePathname, useRouter } from "next/navigation";
 import { useEffect, useMemo, useState } from "react";
+import { useTranslation } from "react-i18next";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TOrganizationRole } from "@formbricks/types/memberships";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TUser } from "@formbricks/types/user";
+import { NavigationLink } from "@/app/(app)/environments/[environmentId]/components/NavigationLink";
+import { isNewerVersion } from "@/app/(app)/environments/[environmentId]/lib/utils";
+import FBLogo from "@/images/formbricks-wordmark.svg";
+import { cn } from "@/lib/cn";
+import { getAccessFlags } from "@/lib/membership/utils";
+import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
+import { getLatestStableFbReleaseAction } from "@/modules/projects/settings/(setup)/app-connection/actions";
+import { ProfileAvatar } from "@/modules/ui/components/avatars";
+import { Button } from "@/modules/ui/components/button";
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from "@/modules/ui/components/dropdown-menu";
 import packageJson from "../../../../../package.json";
 
 interface NavigationProps {
   environment: TEnvironment;
   user: TUser;
   organization: TOrganization;
-  projects: { id: string; name: string }[];
+  project: { id: string; name: string };
   isFormbricksCloud: boolean;
   isDevelopment: boolean;
   membershipRole?: TOrganizationRole;
+  publicDomain: string;
 }
 
 export const MainNavigation = ({
   environment,
   organization,
   user,
-  projects,
+  project,
   membershipRole,
   isFormbricksCloud,
   isDevelopment,
+  publicDomain,
 }: NavigationProps) => {
   const router = useRouter();
   const pathname = usePathname();
-  const { t } = useTranslate();
-  const [isCollapsed, setIsCollapsed] = useState(true);
+  const { t } = useTranslation();
+  const [isCollapsed, setIsCollapsed] = useState(false);
   const [isTextVisible, setIsTextVisible] = useState(true);
   const [latestVersion, setLatestVersion] = useState("");
   const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
 
-  const project = projects.find((project) => project.id === environment.projectId);
   const { isManager, isOwner, isBilling } = getAccessFlags(membershipRole);
 
   const isOwnerOrManager = isManager || isOwner;
@@ -287,15 +288,16 @@ export const MainNavigation = ({
                   {/* Logout */}
                   <DropdownMenuItem
                     onClick={async () => {
+                      const loginUrl = `${publicDomain}/auth/login`;
                       const route = await signOutWithAudit({
                         reason: "user_initiated",
-                        redirectUrl: "/auth/login",
+                        redirectUrl: loginUrl,
                         organizationId: organization.id,
                         redirect: false,
-                        callbackUrl: "/auth/login",
+                        callbackUrl: loginUrl,
                         clearEnvironmentId: true,
                       });
-                      router.push(route?.url || "/auth/login"); // NOSONAR // We want to check for empty strings
+                      router.push(route?.url || loginUrl); // NOSONAR // We want to check for empty strings
                     }}
                     icon={<LogOutIcon className="mr-2 h-4 w-4" strokeWidth={1.5} />}>
                     {t("common.logout")}

apps/web/app/(app)/environments/[environmentId]/components/NavbarLoading.test.tsx

@@ -1,21 +0,0 @@
-import { cleanup, render, screen } from "@testing-library/react";
-import { afterEach, describe, expect, test } from "vitest";
-import { NavbarLoading } from "./NavbarLoading";
-
-describe("NavbarLoading", () => {
-  afterEach(() => {
-    cleanup();
-  });
-
-  test("renders the correct number of skeleton elements", () => {
-    render(<NavbarLoading />);
-
-    // Find all divs with the animate-pulse class
-    const skeletonElements = screen.getAllByText((content, element) => {
-      return element?.tagName.toLowerCase() === "div" && element.classList.contains("animate-pulse");
-    });
-
-    // There are 8 skeleton divs in the component
-    expect(skeletonElements).toHaveLength(8);
-  });
-});

apps/web/app/(app)/environments/[environmentId]/components/NavigationLink.test.tsx

@@ -1,105 +0,0 @@
-import { cleanup, render, screen, within } from "@testing-library/react";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { NavigationLink } from "./NavigationLink";
-
-// Mock next/link
-vi.mock("next/link", () => ({
-  default: ({ children, href }: { children: React.ReactNode; href: string }) => <a href={href}>{children}</a>,
-}));
-
-// Mock tooltip components
-vi.mock("@/modules/ui/components/tooltip", () => ({
-  Tooltip: ({ children }: { children: React.ReactNode }) => <div data-testid="tooltip">{children}</div>,
-  TooltipContent: ({ children }: { children: React.ReactNode }) => (
-    <div data-testid="tooltip-content">{children}</div>
-  ),
-  TooltipProvider: ({ children }: { children: React.ReactNode }) => (
-    <div data-testid="tooltip-provider">{children}</div>
-  ),
-  TooltipTrigger: ({ children }: { children: React.ReactNode }) => (
-    <div data-testid="tooltip-trigger">{children}</div>
-  ),
-}));
-
-const defaultProps = {
-  href: "/test-link",
-  isActive: false,
-  isCollapsed: false,
-  children: <svg data-testid="icon" />,
-  linkText: "Test Link Text",
-  isTextVisible: true,
-};
-
-describe("NavigationLink", () => {
-  afterEach(() => {
-    cleanup();
-  });
-
-  test("renders expanded link correctly (inactive, text visible)", () => {
-    render(<NavigationLink {...defaultProps} />);
-    const linkElement = screen.getByRole("link");
-    const listItem = linkElement.closest("li");
-    const textSpan = screen.getByText(defaultProps.linkText);
-
-    expect(linkElement).toHaveAttribute("href", defaultProps.href);
-    expect(screen.getByTestId("icon")).toBeInTheDocument();
-    expect(textSpan).toBeInTheDocument();
-    expect(textSpan).toHaveClass("opacity-0");
-    expect(listItem).not.toHaveClass("bg-slate-50"); // inactiveClass check
-    expect(listItem).toHaveClass("hover:bg-slate-50"); // inactiveClass check
-    expect(screen.queryByTestId("tooltip-provider")).not.toBeInTheDocument();
-  });
-
-  test("renders expanded link correctly (active, text hidden)", () => {
-    render(<NavigationLink {...defaultProps} isActive={true} isTextVisible={false} />);
-    const linkElement = screen.getByRole("link");
-    const listItem = linkElement.closest("li");
-    const textSpan = screen.getByText(defaultProps.linkText);
-
-    expect(linkElement).toHaveAttribute("href", defaultProps.href);
-    expect(screen.getByTestId("icon")).toBeInTheDocument();
-    expect(textSpan).toBeInTheDocument();
-    expect(textSpan).toHaveClass("opacity-100");
-    expect(listItem).toHaveClass("bg-slate-50"); // activeClass check
-    expect(listItem).toHaveClass("border-brand-dark"); // activeClass check
-    expect(screen.queryByTestId("tooltip-provider")).not.toBeInTheDocument();
-  });
-
-  test("renders collapsed link correctly (inactive)", () => {
-    render(<NavigationLink {...defaultProps} isCollapsed={true} />);
-    const linkElement = screen.getByRole("link");
-    const listItem = linkElement.closest("li");
-
-    expect(linkElement).toHaveAttribute("href", defaultProps.href);
-    expect(screen.getByTestId("icon")).toBeInTheDocument();
-    // Check text is NOT directly within the list item
-    expect(within(listItem!).queryByText(defaultProps.linkText)).not.toBeInTheDocument();
-    expect(listItem).not.toHaveClass("bg-slate-50"); // inactiveClass check
-    expect(listItem).toHaveClass("hover:bg-slate-50"); // inactiveClass check
-
-    // Check tooltip elements
-    expect(screen.getByTestId("tooltip-provider")).toBeInTheDocument();
-    expect(screen.getByTestId("tooltip")).toBeInTheDocument();
-    expect(screen.getByTestId("tooltip-trigger")).toBeInTheDocument();
-    // Check text IS within the tooltip content mock
-    expect(screen.getByTestId("tooltip-content")).toHaveTextContent(defaultProps.linkText);
-  });
-
-  test("renders collapsed link correctly (active)", () => {
-    render(<NavigationLink {...defaultProps} isCollapsed={true} isActive={true} />);
-    const linkElement = screen.getByRole("link");
-    const listItem = linkElement.closest("li");
-
-    expect(linkElement).toHaveAttribute("href", defaultProps.href);
-    expect(screen.getByTestId("icon")).toBeInTheDocument();
-    // Check text is NOT directly within the list item
-    expect(within(listItem!).queryByText(defaultProps.linkText)).not.toBeInTheDocument();
-    expect(listItem).toHaveClass("bg-slate-50"); // activeClass check
-    expect(listItem).toHaveClass("border-brand-dark"); // activeClass check
-
-    // Check tooltip elements
-    expect(screen.getByTestId("tooltip-provider")).toBeInTheDocument();
-    // Check text IS within the tooltip content mock
-    expect(screen.getByTestId("tooltip-content")).toHaveTextContent(defaultProps.linkText);
-  });
-});

apps/web/app/(app)/environments/[environmentId]/components/NavigationLink.tsx

@@ -1,7 +1,7 @@
-import { cn } from "@/lib/cn";
-import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
 import Link from "next/link";
 import React from "react";
+import { cn } from "@/lib/cn";
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
 
 interface NavigationLinkProps {
   href: string;

apps/web/app/(app)/environments/[environmentId]/components/PosthogIdentify.test.tsx

@@ -1,145 +0,0 @@
-import "@testing-library/jest-dom/vitest";
-import { cleanup, render } from "@testing-library/react";
-import { Session } from "next-auth";
-import { usePostHog } from "posthog-js/react";
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import { TOrganizationBilling } from "@formbricks/types/organizations";
-import { TUser } from "@formbricks/types/user";
-import { PosthogIdentify } from "./PosthogIdentify";
-
-type PartialPostHog = Partial<ReturnType<typeof usePostHog>>;
-
-vi.mock("posthog-js/react", () => ({
-  usePostHog: vi.fn(),
-}));
-
-describe("PosthogIdentify", () => {
-  beforeEach(() => {
-    cleanup();
-  });
-
-  test("identifies the user and sets groups when isPosthogEnabled is true", () => {
-    const mockIdentify = vi.fn();
-    const mockGroup = vi.fn();
-
-    const mockPostHog: PartialPostHog = {
-      identify: mockIdentify,
-      group: mockGroup,
-    };
-
-    vi.mocked(usePostHog).mockReturnValue(mockPostHog as ReturnType<typeof usePostHog>);
-
-    render(
-      <PosthogIdentify
-        session={{ user: { id: "user-123" } } as Session}
-        user={
-          {
-            name: "Test User",
-            email: "test@example.com",
-          } as TUser
-        }
-        environmentId="env-456"
-        organizationId="org-789"
-        organizationName="Test Org"
-        organizationBilling={
-          {
-            plan: "enterprise",
-            limits: { monthly: { responses: 1000, miu: 5000 }, projects: 10 },
-          } as TOrganizationBilling
-        }
-        isPosthogEnabled
-      />
-    );
-
-    // verify that identify is called with the session user id + extra info
-    expect(mockIdentify).toHaveBeenCalledWith("user-123", {
-      name: "Test User",
-      email: "test@example.com",
-    });
-
-    // environment + organization groups
-    expect(mockGroup).toHaveBeenCalledTimes(2);
-    expect(mockGroup).toHaveBeenCalledWith("environment", "env-456", { name: "env-456" });
-    expect(mockGroup).toHaveBeenCalledWith("organization", "org-789", {
-      name: "Test Org",
-      plan: "enterprise",
-      responseLimit: 1000,
-      miuLimit: 5000,
-    });
-  });
-
-  test("does nothing if isPosthogEnabled is false", () => {
-    const mockIdentify = vi.fn();
-    const mockGroup = vi.fn();
-
-    const mockPostHog: PartialPostHog = {
-      identify: mockIdentify,
-      group: mockGroup,
-    };
-
-    vi.mocked(usePostHog).mockReturnValue(mockPostHog as ReturnType<typeof usePostHog>);
-
-    render(
-      <PosthogIdentify
-        session={{ user: { id: "user-123" } } as Session}
-        user={{ name: "Test User", email: "test@example.com" } as TUser}
-        isPosthogEnabled={false}
-      />
-    );
-
-    expect(mockIdentify).not.toHaveBeenCalled();
-    expect(mockGroup).not.toHaveBeenCalled();
-  });
-
-  test("does nothing if session user is missing", () => {
-    const mockIdentify = vi.fn();
-    const mockGroup = vi.fn();
-
-    const mockPostHog: PartialPostHog = {
-      identify: mockIdentify,
-      group: mockGroup,
-    };
-
-    vi.mocked(usePostHog).mockReturnValue(mockPostHog as ReturnType<typeof usePostHog>);
-
-    render(
-      <PosthogIdentify
-        // no user in session
-        session={{} as any}
-        user={{ name: "Test User", email: "test@example.com" } as TUser}
-        isPosthogEnabled
-      />
-    );
-
-    // Because there's no session.user, we skip identify
-    expect(mockIdentify).not.toHaveBeenCalled();
-    expect(mockGroup).not.toHaveBeenCalled();
-  });
-
-  test("identifies user but does not group if environmentId/organizationId not provided", () => {
-    const mockIdentify = vi.fn();
-    const mockGroup = vi.fn();
-
-    const mockPostHog: PartialPostHog = {
-      identify: mockIdentify,
-      group: mockGroup,
-    };
-
-    vi.mocked(usePostHog).mockReturnValue(mockPostHog as ReturnType<typeof usePostHog>);
-
-    render(
-      <PosthogIdentify
-        session={{ user: { id: "user-123" } } as Session}
-        user={{ name: "Test User", email: "test@example.com" } as TUser}
-        isPosthogEnabled
-      />
-    );
-
-    expect(mockIdentify).toHaveBeenCalledWith("user-123", {
-      name: "Test User",
-      email: "test@example.com",
-    });
-    // No environmentId or organizationId => no group calls
-    expect(mockGroup).not.toHaveBeenCalled();
-  });
-});

apps/web/app/(app)/environments/[environmentId]/components/PosthogIdentify.tsx

@@ -1,61 +0,0 @@
-"use client";
-
-import type { Session } from "next-auth";
-import { usePostHog } from "posthog-js/react";
-import { useEffect } from "react";
-import { TOrganizationBilling } from "@formbricks/types/organizations";
-import { TUser } from "@formbricks/types/user";
-
-interface PosthogIdentifyProps {
-  session: Session;
-  user: TUser;
-  environmentId?: string;
-  organizationId?: string;
-  organizationName?: string;
-  organizationBilling?: TOrganizationBilling;
-  isPosthogEnabled: boolean;
-}
-
-export const PosthogIdentify = ({
-  session,
-  user,
-  environmentId,
-  organizationId,
-  organizationName,
-  organizationBilling,
-  isPosthogEnabled,
-}: PosthogIdentifyProps) => {
-  const posthog = usePostHog();
-
-  useEffect(() => {
-    if (isPosthogEnabled && session.user && posthog) {
-      posthog.identify(session.user.id, {
-        name: user.name,
-        email: user.email,
-      });
-      if (environmentId) {
-        posthog.group("environment", environmentId, { name: environmentId });
-      }
-      if (organizationId) {
-        posthog.group("organization", organizationId, {
-          name: organizationName,
-          plan: organizationBilling?.plan,
-          responseLimit: organizationBilling?.limits.monthly.responses,
-          miuLimit: organizationBilling?.limits.monthly.miu,
-        });
-      }
-    }
-  }, [
-    posthog,
-    session.user,
-    environmentId,
-    organizationId,
-    organizationName,
-    organizationBilling,
-    user.name,
-    user.email,
-    isPosthogEnabled,
-  ]);
-
-  return null;
-};

apps/web/app/(app)/environments/[environmentId]/components/ProjectNavItem.test.tsx

@@ -1,40 +0,0 @@
-import { cleanup, render, screen } from "@testing-library/react";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { ProjectNavItem } from "./ProjectNavItem";
-
-describe("ProjectNavItem", () => {
-  afterEach(() => {
-    cleanup();
-  });
-
-  const defaultProps = {
-    href: "/test-path",
-    children: <span>Test Child</span>,
-  };
-
-  test("renders correctly when active", () => {
-    render(<ProjectNavItem {...defaultProps} isActive={true} />);
-
-    const linkElement = screen.getByRole("link");
-    const listItem = linkElement.closest("li");
-
-    expect(linkElement).toHaveAttribute("href", "/test-path");
-    expect(screen.getByText("Test Child")).toBeInTheDocument();
-    expect(listItem).toHaveClass("bg-slate-50");
-    expect(listItem).toHaveClass("font-semibold");
-    expect(listItem).not.toHaveClass("hover:bg-slate-50");
-  });
-
-  test("renders correctly when inactive", () => {
-    render(<ProjectNavItem {...defaultProps} isActive={false} />);
-
-    const linkElement = screen.getByRole("link");
-    const listItem = linkElement.closest("li");
-
-    expect(linkElement).toHaveAttribute("href", "/test-path");
-    expect(screen.getByText("Test Child")).toBeInTheDocument();
-    expect(listItem).not.toHaveClass("bg-slate-50");
-    expect(listItem).not.toHaveClass("font-semibold");
-    expect(listItem).toHaveClass("hover:bg-slate-50");
-  });
-});

apps/web/app/(app)/environments/[environmentId]/components/ResponseFilterContext.test.tsx

@@ -1,140 +0,0 @@
-import { QuestionOptions } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/QuestionsComboBox";
-import { QuestionFilterOptions } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/ResponseFilter";
-import { getTodayDate } from "@/app/lib/surveys/surveys";
-import { cleanup, render, screen } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { ResponseFilterProvider, useResponseFilter } from "./ResponseFilterContext";
-
-// Mock the getTodayDate function
-vi.mock("@/app/lib/surveys/surveys", () => ({
-  getTodayDate: vi.fn(),
-}));
-
-const mockToday = new Date("2024-01-15T00:00:00.000Z");
-const mockFromDate = new Date("2024-01-01T00:00:00.000Z");
-
-// Test component to use the hook
-const TestComponent = () => {
-  const {
-    selectedFilter,
-    setSelectedFilter,
-    selectedOptions,
-    setSelectedOptions,
-    dateRange,
-    setDateRange,
-    resetState,
-  } = useResponseFilter();
-
-  return (
-    <div>
-      <div data-testid="responseStatus">{selectedFilter.responseStatus}</div>
-      <div data-testid="filterLength">{selectedFilter.filter.length}</div>
-      <div data-testid="questionOptionsLength">{selectedOptions.questionOptions.length}</div>
-      <div data-testid="questionFilterOptionsLength">{selectedOptions.questionFilterOptions.length}</div>
-      <div data-testid="dateFrom">{dateRange.from?.toISOString()}</div>
-      <div data-testid="dateTo">{dateRange.to?.toISOString()}</div>
-
-      <button
-        onClick={() =>
-          setSelectedFilter({
-            filter: [
-              {
-                questionType: { id: "q1", label: "Question 1" },
-                filterType: { filterValue: "value1", filterComboBoxValue: "option1" },
-              },
-            ],
-            responseStatus: "complete",
-          })
-        }>
-        Update Filter
-      </button>
-      <button
-        onClick={() =>
-          setSelectedOptions({
-            questionOptions: [{ header: "q1" } as unknown as QuestionOptions],
-            questionFilterOptions: [{ id: "qFilterOpt1" } as unknown as QuestionFilterOptions],
-          })
-        }>
-        Update Options
-      </button>
-      <button onClick={() => setDateRange({ from: mockFromDate, to: mockToday })}>Update Date Range</button>
-      <button onClick={resetState}>Reset State</button>
-    </div>
-  );
-};
-
-describe("ResponseFilterContext", () => {
-  beforeEach(() => {
-    vi.mocked(getTodayDate).mockReturnValue(mockToday);
-  });
-
-  afterEach(() => {
-    cleanup();
-    vi.resetAllMocks();
-  });
-
-  test("should provide initial state values", () => {
-    render(
-      <ResponseFilterProvider>
-        <TestComponent />
-      </ResponseFilterProvider>
-    );
-
-    expect(screen.getByTestId("responseStatus").textContent).toBe("all");
-    expect(screen.getByTestId("filterLength").textContent).toBe("0");
-    expect(screen.getByTestId("questionOptionsLength").textContent).toBe("0");
-    expect(screen.getByTestId("questionFilterOptionsLength").textContent).toBe("0");
-    expect(screen.getByTestId("dateFrom").textContent).toBe("");
-    expect(screen.getByTestId("dateTo").textContent).toBe(mockToday.toISOString());
-  });
-
-  test("should update selectedFilter state", async () => {
-    render(
-      <ResponseFilterProvider>
-        <TestComponent />
-      </ResponseFilterProvider>
-    );
-
-    const updateButton = screen.getByText("Update Filter");
-    await userEvent.click(updateButton);
-
-    expect(screen.getByTestId("responseStatus").textContent).toBe("complete");
-    expect(screen.getByTestId("filterLength").textContent).toBe("1");
-  });
-
-  test("should update selectedOptions state", async () => {
-    render(
-      <ResponseFilterProvider>
-        <TestComponent />
-      </ResponseFilterProvider>
-    );
-
-    const updateButton = screen.getByText("Update Options");
-    await userEvent.click(updateButton);
-
-    expect(screen.getByTestId("questionOptionsLength").textContent).toBe("1");
-    expect(screen.getByTestId("questionFilterOptionsLength").textContent).toBe("1");
-  });
-
-  test("should update dateRange state", async () => {
-    render(
-      <ResponseFilterProvider>
-        <TestComponent />
-      </ResponseFilterProvider>
-    );
-
-    const updateButton = screen.getByText("Update Date Range");
-    await userEvent.click(updateButton);
-
-    expect(screen.getByTestId("dateFrom").textContent).toBe(mockFromDate.toISOString());
-    expect(screen.getByTestId("dateTo").textContent).toBe(mockToday.toISOString());
-  });
-
-  test("should throw error when useResponseFilter is used outside of Provider", () => {
-    // Hide console error temporarily
-    const consoleErrorMock = vi.spyOn(console, "error").mockImplementation(() => {});
-    expect(() => render(<TestComponent />)).toThrow("useFilterDate must be used within a FilterDateProvider");
-    consoleErrorMock.mockRestore();
-  });
-});

apps/web/app/(app)/environments/[environmentId]/components/TopControlBar.tsx

@@ -1,17 +1,15 @@
 "use client";
 
+import { TEnvironment } from "@formbricks/types/environment";
+import { TOrganizationRole } from "@formbricks/types/memberships";
 import { ProjectAndOrgSwitch } from "@/app/(app)/environments/[environmentId]/components/project-and-org-switch";
 import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
 import { getAccessFlags } from "@/lib/membership/utils";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TOrganizationRole } from "@formbricks/types/memberships";
 
 interface TopControlBarProps {
   environments: TEnvironment[];
   currentOrganizationId: string;
-  organizations: { id: string; name: string }[];
   currentProjectId: string;
-  projects: { id: string; name: string }[];
   isMultiOrgEnabled: boolean;
   organizationProjectsLimit: number;
   isFormbricksCloud: boolean;
@@ -24,9 +22,7 @@ interface TopControlBarProps {
 export const TopControlBar = ({
   environments,
   currentOrganizationId,
-  organizations,
   currentProjectId,
-  projects,
   isMultiOrgEnabled,
   organizationProjectsLimit,
   isFormbricksCloud,
@@ -46,9 +42,7 @@ export const TopControlBar = ({
         currentEnvironmentId={environment.id}
         environments={environments}
         currentOrganizationId={currentOrganizationId}
-        organizations={organizations}
         currentProjectId={currentProjectId}
-        projects={projects}
         isMultiOrgEnabled={isMultiOrgEnabled}
         organizationProjectsLimit={organizationProjectsLimit}
         isFormbricksCloud={isFormbricksCloud}

apps/web/app/(app)/environments/[environmentId]/components/WidgetStatusIndicator.test.tsx

@@ -1,104 +0,0 @@
-import { cleanup, render, screen } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { TEnvironment } from "@formbricks/types/environment";
-import { WidgetStatusIndicator } from "./WidgetStatusIndicator";
-
-// Mock next/navigation
-const mockRefresh = vi.fn();
-vi.mock("next/navigation", () => ({
-  useRouter: () => ({
-    refresh: mockRefresh,
-  }),
-}));
-
-// Mock lucide-react icons
-vi.mock("lucide-react", () => ({
-  AlertTriangleIcon: () => <div data-testid="alert-icon">AlertTriangleIcon</div>,
-  CheckIcon: () => <div data-testid="check-icon">CheckIcon</div>,
-  RotateCcwIcon: () => <div data-testid="refresh-icon">RotateCcwIcon</div>,
-}));
-
-// Mock Button component
-vi.mock("@/modules/ui/components/button", () => ({
-  Button: ({ children, onClick, ...props }: any) => (
-    <button onClick={onClick} {...props}>
-      {children}
-    </button>
-  ),
-}));
-
-const mockEnvironmentNotImplemented: TEnvironment = {
-  id: "env-not-implemented",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  type: "development",
-  projectId: "proj1",
-  appSetupCompleted: false, // Not implemented state
-};
-
-const mockEnvironmentRunning: TEnvironment = {
-  id: "env-running",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  type: "production",
-  projectId: "proj1",
-  appSetupCompleted: true, // Running state
-};
-
-describe("WidgetStatusIndicator", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  test("renders correctly for 'notImplemented' state", () => {
-    render(<WidgetStatusIndicator environment={mockEnvironmentNotImplemented} />);
-
-    // Check icon
-    expect(screen.getByTestId("alert-icon")).toBeInTheDocument();
-    expect(screen.queryByTestId("check-icon")).not.toBeInTheDocument();
-
-    // Check texts
-    expect(
-      screen.getByText("environments.project.app-connection.formbricks_sdk_not_connected")
-    ).toBeInTheDocument();
-    expect(
-      screen.getByText("environments.project.app-connection.formbricks_sdk_not_connected_description")
-    ).toBeInTheDocument();
-
-    // Check button
-    const recheckButton = screen.getByRole("button", { name: /environments.project.app-connection.recheck/ });
-    expect(recheckButton).toBeInTheDocument();
-    expect(screen.getByTestId("refresh-icon")).toBeInTheDocument();
-  });
-
-  test("renders correctly for 'running' state", () => {
-    render(<WidgetStatusIndicator environment={mockEnvironmentRunning} />);
-
-    // Check icon
-    expect(screen.getByTestId("check-icon")).toBeInTheDocument();
-    expect(screen.queryByTestId("alert-icon")).not.toBeInTheDocument();
-
-    // Check texts
-    expect(screen.getByText("environments.project.app-connection.receiving_data")).toBeInTheDocument();
-    expect(
-      screen.getByText("environments.project.app-connection.formbricks_sdk_connected")
-    ).toBeInTheDocument();
-
-    // Check button absence
-    expect(
-      screen.queryByRole("button", { name: /environments.project.app-connection.recheck/ })
-    ).not.toBeInTheDocument();
-    expect(screen.queryByTestId("refresh-icon")).not.toBeInTheDocument();
-  });
-
-  test("calls router.refresh when 'Recheck' button is clicked", async () => {
-    render(<WidgetStatusIndicator environment={mockEnvironmentNotImplemented} />);
-
-    const recheckButton = screen.getByRole("button", { name: /environments.project.app-connection.recheck/ });
-    await userEvent.click(recheckButton);
-
-    expect(mockRefresh).toHaveBeenCalledTimes(1);
-  });
-});