fix required action in logic

Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>

.cursor/rules/build-and-deployment.mdc

@@ -0,0 +1,61 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# Build & Deployment Best Practices
+
+## Build Process
+
+### Running Builds
+- Use `pnpm build` from project root for full build
+- Monitor for React hooks warnings and fix them immediately
+- Ensure all TypeScript errors are resolved before deployment
+
+### Common Build Issues & Fixes
+
+#### React Hooks Warnings
+- Capture ref values in variables within useEffect cleanup
+- Avoid accessing `.current` directly in cleanup functions
+- Pattern for fixing ref cleanup warnings:
+```typescript
+useEffect(() => {
+  const currentRef = myRef.current;
+  return () => {
+    if (currentRef) {
+      currentRef.cleanup();
+    }
+  };
+}, []);
+```
+
+#### Test Failures During Build
+- Ensure all test mocks include required constants like `SESSION_MAX_AGE`
+- Mock Next.js navigation hooks properly: `useParams`, `useRouter`, `useSearchParams`
+- Remove unused imports and constants from test files
+- Use literal values instead of imported constants when the constant isn't actually needed
+
+### Test Execution
+- Run `pnpm test` to execute all tests
+- Use `pnpm test -- --run filename.test.tsx` for specific test files
+- Fix test failures before merging code
+- Ensure 100% test coverage for new components
+
+### Performance Monitoring
+- Monitor build times and optimize if necessary
+- Watch for memory usage during builds
+- Use proper caching strategies for faster rebuilds
+
+### Deployment Checklist
+1. All tests passing
+2. Build completes without warnings
+3. TypeScript compilation successful
+4. No linter errors
+5. Database migrations applied (if any)
+6. Environment variables configured
+
+### EKS Deployment Considerations
+- Ensure latest code is deployed to all pods
+- Monitor AWS RDS Performance Insights for database issues
+- Verify environment-specific configurations
+- Check pod health and resource usage

.cursor/rules/cache-optimization.mdc

@@ -0,0 +1,414 @@
+---
+description: Caching rules for performance improvements
+globs: 
+alwaysApply: false
+---
+# Cache Optimization Patterns for Formbricks
+
+## Cache Strategy Overview
+
+Formbricks uses a **hybrid caching approach** optimized for enterprise scale:
+
+- **Redis** for persistent cross-request caching  
+- **React `cache()`** for request-level deduplication
+- **NO Next.js `unstable_cache()`** - avoid for reliability
+
+## Key Files
+
+### Core Cache Infrastructure
+- [apps/web/modules/cache/lib/service.ts](mdc:apps/web/modules/cache/lib/service.ts) - Redis cache service
+- [apps/web/modules/cache/lib/withCache.ts](mdc:apps/web/modules/cache/lib/withCache.ts) - Cache wrapper utilities
+- [apps/web/modules/cache/lib/cacheKeys.ts](mdc:apps/web/modules/cache/lib/cacheKeys.ts) - Enterprise cache key patterns and utilities
+
+### Environment State Caching (Critical Endpoint)
+- [apps/web/app/api/v1/client/[environmentId]/environment/route.ts](mdc:apps/web/app/api/v1/client/[environmentId]/environment/route.ts) - Main endpoint serving hundreds of thousands of SDK clients
+- [apps/web/app/api/v1/client/[environmentId]/environment/lib/data.ts](mdc:apps/web/app/api/v1/client/[environmentId]/environment/lib/data.ts) - Optimized data layer with caching
+
+## Enterprise-Grade Cache Key Patterns
+
+**Always use** the `createCacheKey` utilities from [cacheKeys.ts](mdc:apps/web/modules/cache/lib/cacheKeys.ts):
+
+```typescript
+// ✅ Correct patterns
+createCacheKey.environment.state(environmentId)     // "fb:env:abc123:state"
+createCacheKey.organization.billing(organizationId) // "fb:org:xyz789:billing"
+createCacheKey.license.status(organizationId)       // "fb:license:org123:status"
+createCacheKey.user.permissions(userId, orgId)      // "fb:user:456:org:123:permissions"
+
+// ❌ Never use flat keys - collision-prone
+"environment_abc123"
+"user_data_456"
+```
+
+## When to Use Each Cache Type
+
+### Use React `cache()` for Request Deduplication
+```typescript
+// ✅ Prevents multiple calls within same request
+export const getEnterpriseLicense = reactCache(async () => {
+  // Complex license validation logic
+});
+```
+
+### Use `withCache()` for Simple Database Queries
+```typescript
+// ✅ Simple caching with automatic fallback (TTL in milliseconds)
+export const getActionClasses = (environmentId: string) => {
+  return withCache(() => fetchActionClassesFromDB(environmentId), {
+    key: createCacheKey.environment.actionClasses(environmentId),
+    ttl: 60 * 30 * 1000, // 30 minutes in milliseconds
+  })();
+};
+```
+
+### Use Explicit Redis Cache for Complex Business Logic
+```typescript
+// ✅ Full control for high-stakes endpoints
+export const getEnvironmentState = async (environmentId: string) => {
+  const cached = await environmentStateCache.getEnvironmentState(environmentId);
+  if (cached) return cached;
+  
+  const fresh = await buildComplexState(environmentId);
+  await environmentStateCache.setEnvironmentState(environmentId, fresh);
+  return fresh;
+};
+```
+
+## Caching Decision Framework
+
+### When TO Add Caching
+
+```typescript
+// ✅ Expensive operations that benefit from caching
+- Database queries (>10ms typical)
+- External API calls (>50ms typical)  
+- Complex computations (>5ms)
+- File system operations
+- Heavy data transformations
+
+// Example: Database query with complex joins (TTL in milliseconds)
+export const getEnvironmentWithDetails = withCache(
+  async (environmentId: string) => {
+    return prisma.environment.findUnique({
+      where: { id: environmentId },
+      include: { /* complex joins */ }
+    });
+  },
+  { key: createCacheKey.environment.details(environmentId), ttl: 60 * 30 * 1000 } // 30 minutes
+)();
+```
+
+### When NOT to Add Caching
+
+```typescript
+// ❌ Don't cache these operations - minimal overhead
+- Simple property access (<0.1ms)
+- Basic transformations (<1ms)
+- Functions that just call already-cached functions
+- Pure computation without I/O
+
+// ❌ Bad example: Redundant caching
+const getCachedLicenseFeatures = withCache(
+  async () => {
+    const license = await getEnterpriseLicense(); // Already cached!
+    return license.active ? license.features : null; // Just property access
+  },
+  { key: "license-features", ttl: 1800 * 1000 } // 30 minutes in milliseconds
+);
+
+// ✅ Good example: Simple and efficient
+const getLicenseFeatures = async () => {
+  const license = await getEnterpriseLicense(); // Already cached
+  return license.active ? license.features : null; // 0.1ms overhead
+};
+```
+
+### Computational Overhead Analysis
+
+Before adding caching, analyze the overhead:
+
+```typescript
+// ✅ High overhead - CACHE IT
+- Database queries: ~10-100ms
+- External APIs: ~50-500ms  
+- File I/O: ~5-50ms
+- Complex algorithms: >5ms
+
+// ❌ Low overhead - DON'T CACHE
+- Property access: ~0.001ms
+- Simple lookups: ~0.1ms
+- Basic validation: ~1ms
+- Type checks: ~0.01ms
+
+// Example decision tree:
+const expensiveOperation = async () => {
+  return prisma.query(); // 50ms - CACHE IT
+};
+
+const cheapOperation = (data: any) => {
+  return data.property; // 0.001ms - DON'T CACHE
+};
+```
+
+### Avoid Cache Wrapper Anti-Pattern
+
+```typescript
+// ❌ Don't create wrapper functions just for caching
+const getCachedUserPermissions = withCache(
+  async (userId: string) => getUserPermissions(userId),
+  { key: createCacheKey.user.permissions(userId), ttl: 3600 * 1000 } // 1 hour in milliseconds
+);
+
+// ✅ Add caching directly to the original function
+export const getUserPermissions = withCache(
+  async (userId: string) => {
+    return prisma.user.findUnique({
+      where: { id: userId },
+      include: { permissions: true }
+    });
+  },
+  { key: createCacheKey.user.permissions(userId), ttl: 3600 * 1000 } // 1 hour in milliseconds
+);
+```
+
+## TTL Coordination Strategy
+
+### Multi-Layer Cache Coordination
+For endpoints serving client SDKs, coordinate TTLs across layers:
+
+```typescript
+// Client SDK cache (expiresAt) - longest TTL for fewer requests
+const CLIENT_TTL = 60 * 60;           // 1 hour (seconds for client)
+
+// Server Redis cache - shorter TTL ensures fresh data for clients  
+const SERVER_TTL = 60 * 30 * 1000;   // 30 minutes in milliseconds
+
+// HTTP cache headers (seconds)
+const BROWSER_TTL = 60 * 60;         // 1 hour (max-age)
+const CDN_TTL = 60 * 30;             // 30 minutes (s-maxage)
+const CORS_TTL = 60 * 60;            // 1 hour (balanced approach)
+```
+
+### Standard TTL Guidelines (in milliseconds for cache-manager + Keyv)
+```typescript
+// Configuration data - rarely changes
+const CONFIG_TTL = 60 * 60 * 24 * 1000;     // 24 hours
+
+// User data - moderate frequency  
+const USER_TTL = 60 * 60 * 2 * 1000;        // 2 hours
+
+// Survey data - changes moderately
+const SURVEY_TTL = 60 * 15 * 1000;          // 15 minutes
+
+// Billing data - expensive to compute
+const BILLING_TTL = 60 * 30 * 1000;         // 30 minutes
+
+// Action classes - infrequent changes
+const ACTION_CLASS_TTL = 60 * 30 * 1000;    // 30 minutes
+```
+
+## High-Frequency Endpoint Optimization
+
+### Performance Patterns for High-Volume Endpoints
+
+```typescript
+// ✅ Optimized high-frequency endpoint pattern
+export const GET = async (request: NextRequest, props: { params: Promise<{ id: string }> }) => {
+  const params = await props.params;
+
+  try {
+    // Simple validation (avoid Zod for high-frequency)
+    if (!params.id || typeof params.id !== 'string') {
+      return responses.badRequestResponse("ID is required", undefined, true);
+    }
+
+    // Single optimized query with caching
+    const data = await getOptimizedData(params.id);
+
+    return responses.successResponse(
+      {
+        data,
+        expiresAt: new Date(Date.now() + CLIENT_TTL * 1000), // SDK cache duration
+      },
+      true,
+      "public, s-maxage=1800, max-age=3600, stale-while-revalidate=1800, stale-if-error=3600"
+    );
+  } catch (err) {
+    // Simplified error handling for performance
+    if (err instanceof ResourceNotFoundError) {
+      return responses.notFoundResponse(err.resourceType, err.resourceId);
+    }
+    logger.error({ error: err, url: request.url }, "Error in high-frequency endpoint");
+    return responses.internalServerErrorResponse(err.message, true);
+  }
+};
+```
+
+### Avoid These Performance Anti-Patterns
+
+```typescript
+// ❌ Avoid for high-frequency endpoints
+const inputValidation = ZodSchema.safeParse(input);     // Too slow
+const startTime = Date.now(); logger.debug(...);       // Logging overhead
+const { data, revalidateEnvironment } = await get();   // Complex return types
+```
+
+### CORS Optimization
+```typescript
+// ✅ Balanced CORS caching (not too aggressive)
+export const OPTIONS = async (): Promise<Response> => {
+  return responses.successResponse(
+    {},
+    true,
+    "public, s-maxage=3600, max-age=3600" // 1 hour balanced approach
+  );
+};
+```
+
+## Redis Cache Migration from Next.js
+
+### Avoid Legacy Next.js Patterns
+```typescript
+// ❌ Old Next.js unstable_cache pattern (avoid)
+const getCachedData = unstable_cache(
+  async (id) => fetchData(id),
+  ['cache-key'],
+  { tags: ['environment'], revalidate: 900 }
+);
+
+// ❌ Don't use revalidateEnvironment flags with Redis
+return { data, revalidateEnvironment: true }; // This gets cached incorrectly!
+
+// ✅ New Redis pattern with withCache (TTL in milliseconds)
+export const getCachedData = (id: string) => 
+  withCache(
+    () => fetchData(id),
+    {
+      key: createCacheKey.environment.data(id),
+      ttl: 60 * 15 * 1000, // 15 minutes in milliseconds
+    }
+  )();
+```
+
+### Remove Revalidation Logic
+When migrating from Next.js `unstable_cache`:
+- Remove `revalidateEnvironment` or similar flags
+- Remove tag-based invalidation logic  
+- Use TTL-based expiration instead
+- Handle one-time updates (like `appSetupCompleted`) directly in cache
+
+## Data Layer Optimization
+
+### Single Query Pattern
+```typescript
+// ✅ Optimize with single database query
+export const getOptimizedEnvironmentData = async (environmentId: string) => {
+  return prisma.environment.findUniqueOrThrow({
+    where: { id: environmentId },
+    include: {
+      project: { 
+        select: { id: true, recontactDays: true, /* ... */ }
+      },
+      organization: {
+        select: { id: true, billing: true }
+      },
+      surveys: {
+        where: { status: "inProgress" },
+        select: { id: true, name: true, /* ... */ }
+      },
+      actionClasses: {
+        select: { id: true, name: true, /* ... */ }
+      }
+    }
+  });
+};
+
+// ❌ Avoid multiple separate queries
+const environment = await getEnvironment(id);
+const organization = await getOrganization(environment.organizationId);  
+const surveys = await getSurveys(id);
+const actionClasses = await getActionClasses(id);
+```
+
+## Invalidation Best Practices
+
+**Always use explicit key-based invalidation:**
+
+```typescript
+// ✅ Clear and debuggable
+await invalidateCache(createCacheKey.environment.state(environmentId));
+await invalidateCache([
+  createCacheKey.environment.surveys(environmentId),
+  createCacheKey.environment.actionClasses(environmentId)
+]);
+
+// ❌ Avoid complex tag systems
+await invalidateByTags(["environment", "survey"]); // Don't do this
+```
+
+## Critical Performance Targets
+
+### High-Frequency Endpoint Goals
+- **Cache hit ratio**: >85%
+- **Response time P95**: <200ms  
+- **Database load reduction**: >60%
+- **HTTP cache duration**: 1hr browser, 30min Cloudflare
+- **SDK refresh interval**: 1 hour with 30min server cache
+
+### Performance Monitoring
+- Use **existing elastic cache analytics** for metrics
+- Log cache errors and warnings (not debug info)
+- Track database query reduction
+- Monitor response times for cached endpoints
+- **Avoid performance logging** in high-frequency endpoints
+
+## Error Handling Pattern
+
+Always provide fallback to fresh data on cache errors:
+
+```typescript
+try {
+  const cached = await cache.get(key);
+  if (cached) return cached;
+  
+  const fresh = await fetchFresh();
+  await cache.set(key, fresh, ttl); // ttl in milliseconds
+  return fresh;
+} catch (error) {
+  // ✅ Always fallback to fresh data
+  logger.warn("Cache error, fetching fresh", { key, error });
+  return fetchFresh();
+}
+```
+
+## Common Pitfalls to Avoid
+
+1. **Never use Next.js `unstable_cache()`** - unreliable in production
+2. **Don't use revalidation flags with Redis** - they get cached incorrectly
+3. **Avoid Zod validation** for simple parameters in high-frequency endpoints
+4. **Don't add performance logging** to high-frequency endpoints
+5. **Coordinate TTLs** between client and server caches
+6. **Don't over-engineer** with complex tag systems  
+7. **Avoid caching rapidly changing data** (real-time metrics)
+8. **Always validate cache keys** to prevent collisions
+9. **Don't add redundant caching layers** - analyze computational overhead first
+10. **Avoid cache wrapper functions** - add caching directly to expensive operations
+11. **Don't cache property access or simple transformations** - overhead is negligible
+12. **Analyze the full call chain** before adding caching to avoid double-caching
+13. **Remember TTL is in milliseconds** for cache-manager + Keyv stack (not seconds)
+
+## Monitoring Strategy
+
+- Use **existing elastic cache analytics** for metrics
+- Log cache errors and warnings  
+- Track database query reduction
+- Monitor response times for cached endpoints
+- **Don't add custom metrics** that duplicate existing monitoring
+
+## Important Notes
+
+### TTL Units
+- **cache-manager + Keyv**: TTL in **milliseconds**
+- **Direct Redis commands**: TTL in **seconds** (EXPIRE, SETEX) or **milliseconds** (PEXPIRE, PSETEX)
+- **HTTP cache headers**: TTL in **seconds** (max-age, s-maxage)
+- **Client SDK**: TTL in **seconds** (expiresAt calculation)

.cursor/rules/database-performance.mdc

@@ -0,0 +1,41 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# Database Performance & Prisma Best Practices
+
+## Critical Performance Rules
+
+### Response Count Queries
+- **NEVER** use `skip`/`offset` with `prisma.response.count()` - this causes expensive subqueries with OFFSET
+- Always use only `where` clauses for count operations: `prisma.response.count({ where: { ... } })`
+- For pagination, separate count queries from data queries
+- Reference: [apps/web/lib/response/service.ts](mdc:apps/web/lib/response/service.ts) line 654-686
+
+### Prisma Query Optimization
+- Use proper indexes defined in [packages/database/schema.prisma](mdc:packages/database/schema.prisma)
+- Leverage existing indexes: `@@index([surveyId, createdAt])`, `@@index([createdAt])`
+- Use cursor-based pagination for large datasets instead of offset-based
+- Cache frequently accessed data using React Cache and custom cache tags
+
+### Date Range Filtering
+- When filtering by `createdAt`, always use indexed queries
+- Combine with `surveyId` for optimal performance: `{ surveyId, createdAt: { gte: start, lt: end } }`
+- Avoid complex WHERE clauses that can't utilize indexes
+
+### Count vs Data Separation
+- Always separate count queries from data fetching queries
+- Use `Promise.all()` to run count and data queries in parallel
+- Example pattern from [apps/web/modules/api/v2/management/responses/lib/response.ts](mdc:apps/web/modules/api/v2/management/responses/lib/response.ts):
+```typescript
+const [responses, totalCount] = await Promise.all([
+  prisma.response.findMany(query),
+  prisma.response.count({ where: whereClause }),
+]);
+```
+
+### Monitoring & Debugging
+- Monitor AWS RDS Performance Insights for problematic queries
+- Look for queries with OFFSET in count operations - these indicate performance issues
+- Use proper error handling with `DatabaseError` for Prisma exceptions

.cursor/rules/database.mdc

@@ -0,0 +1,101 @@
+---
+description: >
+  This rule provides comprehensive knowledge about the Formbricks database structure, relationships, 
+  and data patterns. It should be used **only when the agent explicitly requests database schema-level 
+  details** to support tasks such as: writing/debugging Prisma queries, designing/reviewing data models, 
+  investigating multi-tenancy behavior, creating API endpoints, or understanding data relationships.
+globs: []
+alwaysApply: agent-requested
+---
+# Formbricks Database Schema Reference
+
+This rule provides a reference to the Formbricks database structure. For the most up-to-date and complete schema definitions, please refer to the schema.prisma file directly.
+
+## Database Overview
+
+Formbricks uses PostgreSQL with Prisma ORM. The schema is designed for multi-tenancy with strong data isolation between organizations.
+
+### Core Hierarchy
+```
+Organization
+└── Project
+    └── Environment (production/development)
+        ├── Survey
+        ├── Contact
+        ├── ActionClass
+        └── Integration
+```
+
+## Schema Reference
+
+For the complete and up-to-date database schema, please refer to:
+- Main schema: `packages/database/schema.prisma`
+- JSON type definitions: `packages/database/json-types.ts`
+
+The schema.prisma file contains all model definitions, relationships, enums, and field types. The json-types.ts file contains TypeScript type definitions for JSON fields.
+
+## Data Access Patterns
+
+### Multi-tenancy
+- All data is scoped by Organization
+- Environment-level isolation for surveys and contacts
+- Project-level grouping for related surveys
+
+### Soft Deletion
+Some models use soft deletion patterns:
+- Check `isActive` fields where present
+- Use proper filtering in queries
+
+### Cascading Deletes
+Configured cascade relationships:
+- Organization deletion cascades to all child entities
+- Survey deletion removes responses, displays, triggers
+- Contact deletion removes attributes and responses
+
+## Common Query Patterns
+
+### Survey with Responses
+```typescript
+// Include response count and latest responses
+const survey = await prisma.survey.findUnique({
+  where: { id: surveyId },
+  include: {
+    responses: {
+      take: 10,
+      orderBy: { createdAt: 'desc' }
+    },
+    _count: {
+      select: { responses: true }
+    }
+  }
+});
+```
+
+### Environment Scoping
+```typescript
+// Always scope by environment
+const surveys = await prisma.survey.findMany({
+  where: {
+    environmentId: environmentId,
+    // Additional filters...
+  }
+});
+```
+
+### Contact with Attributes
+```typescript
+const contact = await prisma.contact.findUnique({
+  where: { id: contactId },
+  include: {
+    attributes: {
+      include: {
+        attributeKey: true
+      }
+    }
+  }
+});
+```
+
+This schema supports Formbricks' core functionality: multi-tenant survey management, user targeting, response collection, and analysis, all while maintaining strict data isolation and security.
+
+

.cursor/rules/documentations.mdc

@@ -0,0 +1,23 @@
+---
+description: Guideline for writing end-user facing documentation in the apps/docs folder
+globs: 
+alwaysApply: false
+---
+Follow these instructions and guidelines when asked to write documentation in the apps/docs folder
+
+Follow this structure to write the title, describtion and pick a matching icon and insert it at the top of the MDX file:
+
+---
+title: "FEATURE NAME"
+description: "1 concise sentence to describe WHEN the feature is being used and FOR WHAT BENEFIT."
+icon: "link"
+---
+
+- Description: 1 concise sentence to describe WHEN the feature is being used and FOR WHAT BENEFIT.
+- Make ample use of the Mintlify components you can find here https://mintlify.com/docs/llms.txt
+- In all Headlines, only capitalize the current feature and nothing else, to Camel Case
+- If a feature is part of the Enterprise Edition, use this note:
+
+<Note>
+  FEATURE NAME is part of the @Enterprise Edition. 
+</Note>

.cursor/rules/eks-alb-optimization.mdc

@@ -0,0 +1,152 @@
+---
+description:
+globs:
+alwaysApply: false
+---
+# EKS & ALB Optimization Guide for Error Reduction
+
+## Infrastructure Overview
+
+This project uses AWS EKS with Application Load Balancer (ALB) for the Formbricks application. The infrastructure has been optimized to minimize ELB 502/504 errors through careful configuration of connection handling, health checks, and pod lifecycle management.
+
+## Key Infrastructure Files
+
+### Terraform Configuration
+- **Main Infrastructure**: [infra/terraform/main.tf](mdc:infra/terraform/main.tf) - EKS cluster, VPC, Karpenter, and core AWS resources
+- **Monitoring**: [infra/terraform/cloudwatch.tf](mdc:infra/terraform/cloudwatch.tf) - CloudWatch alarms for 502/504 error tracking and alerting
+- **Database**: [infra/terraform/rds.tf](mdc:infra/terraform/rds.tf) - Aurora PostgreSQL configuration
+
+### Helm Configuration
+- **Production**: [infra/formbricks-cloud-helm/values.yaml.gotmpl](mdc:infra/formbricks-cloud-helm/values.yaml.gotmpl) - Optimized ALB and pod configurations
+- **Staging**: [infra/formbricks-cloud-helm/values-staging.yaml.gotmpl](mdc:infra/formbricks-cloud-helm/values-staging.yaml.gotmpl) - Staging environment with spot instances
+- **Deployment**: [infra/formbricks-cloud-helm/helmfile.yaml.gotmpl](mdc:infra/formbricks-cloud-helm/helmfile.yaml.gotmpl) - Multi-environment Helm releases
+
+## ALB Optimization Patterns
+
+### Connection Handling Optimizations
+```yaml
+# Key ALB annotations for reducing 502/504 errors
+alb.ingress.kubernetes.io/load-balancer-attributes: |
+  idle_timeout.timeout_seconds=120,
+  connection_logs.s3.enabled=false,
+  access_logs.s3.enabled=false
+
+alb.ingress.kubernetes.io/target-group-attributes: |
+  deregistration_delay.timeout_seconds=30,
+  stickiness.enabled=false,
+  load_balancing.algorithm.type=least_outstanding_requests,
+  target_group_health.dns_failover.minimum_healthy_targets.count=1
+```
+
+### Health Check Configuration
+- **Interval**: 15 seconds for faster detection of unhealthy targets
+- **Timeout**: 5 seconds to prevent false positives
+- **Thresholds**: 2 healthy, 3 unhealthy for balanced responsiveness
+- **Path**: `/health` endpoint optimized for < 100ms response time
+
+## Pod Lifecycle Management
+
+### Graceful Shutdown Pattern
+```yaml
+# PreStop hook to allow connection draining
+lifecycle:
+  preStop:
+    exec:
+      command: ["/bin/sh", "-c", "sleep 15"]
+
+# Termination grace period for complete cleanup
+terminationGracePeriodSeconds: 45
+```
+
+### Health Probe Strategy
+- **Startup Probe**: 5s initial delay, 5s interval, max 60s startup time
+- **Readiness Probe**: 10s delay, 10s interval for traffic readiness
+- **Liveness Probe**: 30s delay, 30s interval for container health
+
+### Rolling Update Configuration
+```yaml
+strategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxUnavailable: 25%  # Maintain capacity during updates
+    maxSurge: 50%        # Allow faster rollouts
+```
+
+## Karpenter Node Management
+
+### Node Lifecycle Optimization
+- **Startup Taints**: Prevent traffic during node initialization
+- **Graceful Shutdown**: 30s grace period for pod eviction
+- **Consolidation Delay**: 60s to reduce unnecessary churn
+- **Eviction Policies**: Configured for smooth pod migrations
+
+### Instance Selection
+- **Families**: c8g, c7g, m8g, m7g, r8g, r7g (ARM64 Graviton)
+- **Sizes**: 2, 4, 8 vCPUs for cost optimization
+- **Bottlerocket AMI**: Enhanced security and performance
+
+## Monitoring & Alerting
+
+### Critical ALB Metrics
+1. **ELB 502 Errors**: Threshold 20 over 5 minutes
+2. **ELB 504 Errors**: Threshold 15 over 5 minutes  
+3. **Target Connection Errors**: Threshold 50 over 5 minutes
+4. **4XX Errors**: Threshold 100 over 10 minutes (client issues)
+
+### Expected Improvements
+- **60-80% reduction** in ELB 502 errors
+- **Faster recovery** during pod restarts
+- **Better connection reuse** efficiency
+- **Improved autoscaling** responsiveness
+
+## Deployment Patterns
+
+### Infrastructure Updates
+1. **Terraform First**: Apply infrastructure changes via [infra/deploy-improvements.sh](mdc:infra/deploy-improvements.sh)
+2. **Helm Second**: Deploy application configurations
+3. **Verification**: Check pod status, endpoints, and ALB health
+4. **Monitoring**: Watch CloudWatch metrics for 24-48 hours
+
+### Environment-Specific Configurations
+- **Production**: On-demand instances, stricter resource limits
+- **Staging**: Spot instances, rate limiting disabled, relaxed resources
+
+## Troubleshooting Patterns
+
+### 502 Error Investigation
+1. Check pod readiness and health probe status
+2. Verify ALB target group health
+3. Review deregistration timing during deployments
+4. Monitor connection pool utilization
+
+### 504 Error Analysis  
+1. Check application response times
+2. Verify timeout configurations (ALB: 120s, App: aligned)
+3. Review database query performance
+4. Monitor resource utilization during traffic spikes
+
+### Connection Error Patterns
+1. Verify Karpenter node lifecycle timing
+2. Check pod termination grace periods
+3. Review ALB connection draining settings
+4. Monitor cluster autoscaling events
+
+## Best Practices
+
+### When Making Changes
+- **Test in staging first** with same configurations
+- **Monitor metrics** for 24-48 hours after changes
+- **Use gradual rollouts** with proper health checks
+- **Maintain ALB timeout alignment** across all layers
+
+### Performance Optimization
+- **Health endpoint** should respond < 100ms consistently  
+- **Connection pooling** aligned with ALB idle timeouts
+- **Resource requests/limits** tuned for consistent performance
+- **Graceful shutdown** implemented in application code
+
+### Monitoring Strategy
+- **Real-time alerts** for error rate spikes
+- **Trend analysis** for connection patterns
+- **Capacity planning** based on LCU usage
+- **4XX pattern analysis** for client behavior insights

.cursor/rules/formbricks-architecture.mdc

@@ -0,0 +1,334 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# Formbricks Architecture & Patterns
+
+## Monorepo Structure
+
+### Apps Directory
+- `apps/web/` - Main Next.js web application
+- `packages/` - Shared packages and utilities
+
+### Key Directories in Web App
+```
+apps/web/
+├── app/                    # Next.js 13+ app directory
+│   ├── (app)/             # Main application routes
+│   ├── (auth)/            # Authentication routes
+│   ├── api/               # API routes
+│   └── share/             # Public sharing routes
+├── components/            # Shared components
+├── lib/                   # Utility functions and services
+└── modules/               # Feature-specific modules
+```
+
+## Routing Patterns
+
+### App Router Structure
+The application uses Next.js 13+ app router with route groups:
+
+```
+(app)/environments/[environmentId]/
+├── surveys/[surveyId]/
+│   ├── (analysis)/        # Analysis views
+│   │   ├── responses/     # Response management
+│   │   ├── summary/       # Survey summary
+│   │   └── hooks/         # Analysis-specific hooks
+│   ├── edit/              # Survey editing
+│   └── settings/          # Survey settings
+```
+
+### Dynamic Routes
+- `[environmentId]` - Environment-specific routes
+- `[surveyId]` - Survey-specific routes
+- `[sharingKey]` - Public sharing routes
+
+## Service Layer Pattern
+
+### Service Organization
+Services are organized by domain in `apps/web/lib/`:
+
+```typescript
+// Example: Response service
+// apps/web/lib/response/service.ts
+export const getResponseCountAction = async ({
+  surveyId,
+  filterCriteria,
+}: {
+  surveyId: string;
+  filterCriteria: any;
+}) => {
+  // Service implementation
+};
+```
+
+### Action Pattern
+Server actions follow a consistent pattern:
+
+```typescript
+// Action wrapper for service calls
+export const getResponseCountAction = async (params) => {
+  try {
+    const result = await responseService.getCount(params);
+    return { data: result };
+  } catch (error) {
+    return { error: error.message };
+  }
+};
+```
+
+## Context Patterns
+
+### Provider Structure
+Context providers follow a consistent pattern:
+
+```typescript
+// Provider component
+export const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) => {
+  const [selectedFilter, setSelectedFilter] = useState(defaultFilter);
+  
+  const value = {
+    selectedFilter,
+    setSelectedFilter,
+    // ... other state and methods
+  };
+
+  return (
+    <ResponseFilterContext.Provider value={value}>
+      {children}
+    </ResponseFilterContext.Provider>
+  );
+};
+
+// Hook for consuming context
+export const useResponseFilter = () => {
+  const context = useContext(ResponseFilterContext);
+  if (!context) {
+    throw new Error('useResponseFilter must be used within ResponseFilterProvider');
+  }
+  return context;
+};
+```
+
+### Context Composition
+Multiple contexts are often composed together:
+
+```typescript
+// Layout component with multiple providers
+export default function AnalysisLayout({ children }: { children: React.ReactNode }) {
+  return (
+    <ResponseFilterProvider>
+      <ResponseCountProvider>
+        {children}
+      </ResponseCountProvider>
+    </ResponseFilterProvider>
+  );
+}
+```
+
+## Component Patterns
+
+### Page Components
+Page components are located in the app directory and follow this pattern:
+
+```typescript
+// apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/page.tsx
+export default function ResponsesPage() {
+  return (
+    <div>
+      <ResponsesTable />
+      <ResponsesPagination />
+    </div>
+  );
+}
+```
+
+### Component Organization
+- **Pages** - Route components in app directory
+- **Components** - Reusable UI components
+- **Modules** - Feature-specific components and logic
+
+### Shared Components
+Common components are in `apps/web/components/`:
+- UI components (buttons, inputs, modals)
+- Layout components (headers, sidebars)
+- Data display components (tables, charts)
+
+## Hook Patterns
+
+### Custom Hook Structure
+Custom hooks follow consistent patterns:
+
+```typescript
+export const useResponseCount = ({ 
+  survey, 
+  initialCount 
+}: {
+  survey: TSurvey;
+  initialCount?: number;
+}) => {
+  const [responseCount, setResponseCount] = useState(initialCount ?? 0);
+  const [isLoading, setIsLoading] = useState(false);
+  
+  // Hook logic...
+  
+  return {
+    responseCount,
+    isLoading,
+    refetch,
+  };
+};
+```
+
+### Hook Dependencies
+- Use context hooks for shared state
+- Implement proper cleanup with AbortController
+- Optimize dependency arrays to prevent unnecessary re-renders
+
+## Data Fetching Patterns
+
+### Server Actions
+The app uses Next.js server actions for data fetching:
+
+```typescript
+// Server action
+export async function getResponsesAction(params: GetResponsesParams) {
+  const responses = await getResponses(params);
+  return { data: responses };
+}
+
+// Client usage
+const { data } = await getResponsesAction(params);
+```
+
+### Error Handling
+Consistent error handling across the application:
+
+```typescript
+try {
+  const result = await apiCall();
+  return { data: result };
+} catch (error) {
+  console.error("Operation failed:", error);
+  return { error: error.message };
+}
+```
+
+## Type Safety
+
+### Type Organization
+Types are organized in packages:
+- `@formbricks/types` - Shared type definitions
+- Local types in component/hook files
+
+### Common Types
+```typescript
+import { TSurvey } from "@formbricks/types/surveys/types";
+import { TResponse } from "@formbricks/types/responses";
+import { TEnvironment } from "@formbricks/types/environment";
+```
+
+## State Management
+
+### Local State
+- Use `useState` for component-specific state
+- Use `useReducer` for complex state logic
+- Use refs for mutable values that don't trigger re-renders
+
+### Global State
+- React Context for feature-specific shared state
+- URL state for filters and pagination
+- Server state through server actions
+
+## Performance Considerations
+
+### Code Splitting
+- Dynamic imports for heavy components
+- Route-based code splitting with app router
+- Lazy loading for non-critical features
+
+### Caching Strategy
+- Server-side caching for database queries
+- Client-side caching with React Query (where applicable)
+- Static generation for public pages
+
+## Testing Strategy
+
+### Test Organization
+```
+component/
+├── Component.tsx
+├── Component.test.tsx
+└── hooks/
+    ├── useHook.ts
+    └── useHook.test.tsx
+```
+
+### Test Patterns
+- Unit tests for utilities and services
+- Integration tests for components with context
+- Hook tests with proper mocking
+
+## Build & Deployment
+
+### Build Process
+- TypeScript compilation
+- Next.js build optimization
+- Asset optimization and bundling
+
+### Environment Configuration
+- Environment-specific configurations
+- Feature flags for gradual rollouts
+- Database connection management
+
+## Security Patterns
+
+### Authentication
+- Session-based authentication
+- Environment-based access control
+- API route protection
+
+### Data Validation
+- Input validation on both client and server
+- Type-safe API contracts
+- Sanitization of user inputs
+
+## Monitoring & Observability
+
+### Error Tracking
+- Client-side error boundaries
+- Server-side error logging
+- Performance monitoring
+
+### Analytics
+- User interaction tracking
+- Performance metrics
+- Database query monitoring
+
+## Best Practices Summary
+
+### Code Organization
+- ✅ Follow the established directory structure
+- ✅ Use consistent naming conventions
+- ✅ Separate concerns (UI, logic, data)
+- ✅ Keep components focused and small
+
+### Performance
+- ✅ Implement proper loading states
+- ✅ Use AbortController for async operations
+- ✅ Optimize database queries
+- ✅ Implement proper caching strategies
+
+### Type Safety
+- ✅ Use TypeScript throughout
+- ✅ Define proper interfaces for props
+- ✅ Use type guards for runtime validation
+- ✅ Leverage shared type packages
+
+### Testing
+- ✅ Write tests for critical functionality
+- ✅ Mock external dependencies properly
+- ✅ Test error scenarios and edge cases
+- ✅ Maintain good test coverage

.cursor/rules/performance-optimization.mdc

@@ -0,0 +1,5 @@
+---
+description:
+globs:
+alwaysApply: false
+---

.cursor/rules/react-context-patterns.mdc

@@ -0,0 +1,52 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# React Context & Provider Patterns
+
+## Context Provider Best Practices
+
+### Provider Implementation
+- Use TypeScript interfaces for provider props with optional `initialCount` for testing
+- Implement proper cleanup in `useEffect` to avoid React hooks warnings
+- Reference: [apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/ResponseCountProvider.tsx](mdc:apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/ResponseCountProvider.tsx)
+
+### Cleanup Pattern for Refs
+```typescript
+useEffect(() => {
+  const currentPendingRequests = pendingRequests.current;
+  const currentAbortController = abortController.current;
+  
+  return () => {
+    if (currentAbortController) {
+      currentAbortController.abort();
+    }
+    currentPendingRequests.clear();
+  };
+}, []);
+```
+
+### Testing Context Providers
+- Always wrap components using context in the provider during tests
+- Use `initialCount` prop for predictable test scenarios
+- Mock context dependencies like `useParams`, `useResponseFilter`
+- Example from [apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.test.tsx](mdc:apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.test.tsx):
+
+```typescript
+render(
+  <ResponseCountProvider survey={dummySurvey} initialCount={5}>
+    <ComponentUnderTest />
+  </ResponseCountProvider>
+);
+```
+
+### Required Mocks for Context Testing
+- Mock `next/navigation` with `useParams` returning environment and survey IDs
+- Mock response filter context and actions
+- Mock API actions that the provider depends on
+
+### Context Hook Usage
+- Create custom hooks like `useResponseCountContext()` for consuming context
+- Provide meaningful error messages when context is used outside provider
+- Use context for shared state that multiple components need to access

.cursor/rules/react-context-providers.mdc

@@ -0,0 +1,5 @@
+---
+description:
+globs:
+alwaysApply: false
+---

.cursor/rules/storybook-component-migration.mdc

@@ -0,0 +1,216 @@
+---
+description: Migrate deprecated UI components to a unified component
+globs: 
+alwaysApply: false
+---
+# Component Migration Automation Rule
+
+## Overview
+This rule automates the migration of deprecated components to new component systems in React/TypeScript codebases.
+
+## Trigger
+When the user requests component migration (e.g., "migrate [DeprecatedComponent] to [NewComponent]" or "component migration").
+
+## Process
+
+### Step 1: Discovery and Planning
+1. **Identify migration parameters:**
+   - Ask user for deprecated component name (e.g., "Modal")
+   - Ask user for new component name(s) (e.g., "Dialog")
+   - Ask for any components to exclude (e.g., "ModalWithTabs")
+   - Ask for specific import paths if needed
+
+2. **Scan codebase** for deprecated components:
+   - Search for `import.*[DeprecatedComponent]` patterns
+   - Exclude specified components that should not be migrated
+   - List all found components with file paths
+   - Present numbered list to user for confirmation
+
+### Step 2: Component-by-Component Migration
+For each component, follow this exact sequence:
+
+#### 2.1 Component Migration
+- **Import changes:**
+  - Ask user to provide the new import structure
+  - Example transformation pattern:
+  ```typescript
+  // FROM:
+  import { [DeprecatedComponent] } from "@/components/ui/[DeprecatedComponent]"
+  
+  // TO:
+  import {
+    [NewComponent],
+    [NewComponentPart1],
+    [NewComponentPart2],
+    // ... other parts
+  } from "@/components/ui/[NewComponent]"
+  ```
+
+- **Props transformation:**
+  - Ask user for prop mapping rules (e.g., `open` → `open`, `setOpen` → `onOpenChange`)
+  - Ask for props to remove (e.g., `noPadding`, `closeOnOutsideClick`, `size`)
+  - Apply transformations based on user specifications
+
+- **Structure transformation:**
+  - Ask user for the new component structure pattern
+  - Apply the transformation maintaining all functionality
+  - Preserve all existing logic, state management, and event handlers
+
+#### 2.2 Wait for User Approval
+- Present the migration changes
+- Wait for explicit user approval before proceeding
+- If rejected, ask for specific feedback and iterate
+#### 2.3 Re-read and Apply Additional Changes
+- Re-read the component file to capture any user modifications
+- Apply any additional improvements the user made
+- Ensure all changes are incorporated
+
+#### 2.4 Test File Updates
+- **Find corresponding test file** (same name with `.test.tsx` or `.test.ts`)
+- **Update test mocks:**
+  - Ask user for new component mock structure
+  - Replace old component mocks with new ones
+  - Example pattern:
+  ```typescript
+  // Add to test setup:
+  jest.mock("@/components/ui/[NewComponent]", () => ({
+    [NewComponent]: ({ children, [props] }: any) => ([mock implementation]),
+    [NewComponentPart1]: ({ children }: any) => <div data-testid="[new-component-part1]">{children}</div>,
+    [NewComponentPart2]: ({ children }: any) => <div data-testid="[new-component-part2]">{children}</div>,
+    // ... other parts
+  }));
+  ```
+- **Update test expectations:**
+  - Change test IDs from old component to new component
+  - Update any component-specific assertions
+  - Ensure all new component parts used in the component are mocked
+
+#### 2.5 Run Tests and Optimize
+- Execute `Node package manager test -- ComponentName.test.tsx`
+- Fix any failing tests
+- Optimize code quality (imports, formatting, etc.)
+- Re-run tests until all pass
+- **Maximum 3 iterations** - if still failing, ask user for guidance
+
+#### 2.6 Wait for Final Approval
+- Present test results and any optimizations made
+- Wait for user approval of the complete migration
+- If rejected, iterate based on feedback
+
+#### 2.7 Git Commit
+- Run: `git add .`
+- Run: `git commit -m "migrate [ComponentName] from [DeprecatedComponent] to [NewComponent]"`
+- Confirm commit was successful
+
+### Step 3: Final Report Generation
+After all components are migrated, generate a comprehensive GitHub PR report:
+
+#### PR Title
+```
+feat: migrate [DeprecatedComponent] components to [NewComponent] system
+```
+
+#### PR Description Template
+```markdown
+## 🔄 [DeprecatedComponent] to [NewComponent] Migration
+
+### Overview
+Migrated [X] [DeprecatedComponent] components to the new [NewComponent] component system to modernize the UI architecture and improve consistency.
+
+### Components Migrated
+[List each component with file path]
+
+### Technical Changes
+- **Imports:** Replaced `[DeprecatedComponent]` with `[NewComponent], [NewComponentParts...]`
+- **Props:** [List prop transformations]
+- **Structure:** Implemented proper [NewComponent] component hierarchy
+- **Styling:** [Describe styling changes]
+- **Tests:** Updated all test mocks and expectations
+
+### Migration Pattern
+```typescript
+// Before
+<[DeprecatedComponent] [oldProps]>
+  [oldStructure]
+</[DeprecatedComponent]>
+
+// After
+<[NewComponent] [newProps]>
+  [newStructure]
+</[NewComponent]>
+```
+
+### Testing
+- ✅ All existing tests updated and passing
+- ✅ Component functionality preserved
+- ✅ UI/UX behavior maintained
+
+### How to Test This PR
+1. **Functional Testing:**
+   - Navigate to each migrated component's usage
+   - Verify [component] opens and closes correctly
+   - Test all interactive elements within [components]
+   - Confirm styling and layout are preserved
+
+2. **Automated Testing:**
+   ```bash
+   Node package manager test
+   ```
+
+3. **Visual Testing:**
+   - Check that all [components] maintain proper styling
+   - Verify responsive behavior
+   - Test keyboard navigation and accessibility
+
+### Breaking Changes
+[List any breaking changes or state "None - this is a drop-in replacement maintaining all existing functionality."]
+
+### Notes
+- [Any excluded components] were preserved as they already use [NewComponent] internally
+- All form validation and complex state management preserved
+- Enhanced code quality with better imports and formatting
+```
+
+## Special Considerations
+
+### Excluded Components
+- **DO NOT MIGRATE** components specified by user as exclusions
+- They may already use the new component internally or have other reasons
+- Inform user these are skipped and why
+
+### Complex Components
+- Preserve all existing functionality (forms, validation, state management)
+- Maintain prop interfaces
+- Keep all event handlers and callbacks
+- Preserve accessibility features
+
+### Test Coverage
+- Ensure all new component parts are mocked when used
+- Mock all new component parts that appear in the component
+- Update test IDs from old component to new component
+- Maintain all existing test scenarios
+
+### Error Handling
+- If tests fail after 3 iterations, stop and ask user for guidance
+- If component is too complex, ask user for specific guidance
+- If unsure about functionality preservation, ask for clarification
+
+### Migration Patterns
+- Always ask user for specific migration patterns before starting
+- Confirm import structures, prop mappings, and component hierarchies
+- Adapt to different component architectures (simple replacements, complex restructuring, etc.)
+
+## Success Criteria
+- All deprecated components successfully migrated to new components
+- All tests passing
+- No functionality lost
+- Code quality maintained or improved
+- User approval on each component
+- Successful git commits for each migration
+- Comprehensive PR report generated
+
+## Usage Examples
+- "migrate Modal to Dialog"
+- "migrate Button to NewButton" 
+- "migrate Card to ModernCard"
+- "component migration" (will prompt for details) 

.cursor/rules/storybook-create-new-story.mdc

@@ -0,0 +1,177 @@
+---
+description: Create a story in Storybook for a given component
+globs:
+alwaysApply: false
+---
+
+# Formbricks Storybook Stories
+
+## When generating Storybook stories for Formbricks components:
+
+### 1. **File Structure**
+- Create `stories.tsx` (not `.stories.tsx`) in component directory
+- Use exact import: `import { Meta, StoryObj } from "@storybook/react-vite";`
+- Import component from `"./index"`
+
+### 2. **Story Structure Template**
+```tsx
+import { Meta, StoryObj } from "@storybook/react-vite";
+import { ComponentName } from "./index";
+
+// For complex components with configurable options
+// consider this as an example the options need to reflect the props types
+interface StoryOptions {
+  showIcon: boolean;
+  numberOfElements: number;
+  customLabels: string[];
+}
+
+type StoryProps = React.ComponentProps<typeof ComponentName> & StoryOptions;
+
+const meta: Meta<StoryProps> = {
+  title: "UI/ComponentName",
+  component: ComponentName,
+  tags: ["autodocs"],
+  parameters: {
+    layout: "centered",
+    controls: { sort: "alpha", exclude: [] },
+    docs: {
+      description: {
+        component: "The **ComponentName** component provides [description].",
+      },
+    },
+  },
+  argTypes: {
+    // Organize in exactly these categories: Behavior, Appearance, Content
+  },
+};
+
+export default meta;
+type Story = StoryObj<typeof ComponentName> & { args: StoryOptions };
+```
+
+### 3. **ArgTypes Organization**
+Organize ALL argTypes into exactly three categories:
+- **Behavior**: disabled, variant, onChange, etc.
+- **Appearance**: size, color, layout, styling, etc.  
+- **Content**: text, icons, numberOfElements, etc.
+
+Format:
+```tsx
+argTypes: {
+  propName: {
+    control: "select" | "boolean" | "text" | "number",
+    options: ["option1", "option2"], // for select
+    description: "Clear description",
+    table: {
+      category: "Behavior" | "Appearance" | "Content",
+      type: { summary: "string" },
+      defaultValue: { summary: "default" },
+    },
+    order: 1,
+  },
+}
+```
+
+### 4. **Required Stories**
+Every component must include:
+- `Default`: Most common use case
+- `Disabled`: If component supports disabled state
+- `WithIcon`: If component supports icons
+- Variant stories for each variant (Primary, Secondary, Error, etc.)
+- Edge case stories (ManyElements, LongText, CustomStyling)
+
+### 5. **Story Format**
+```tsx
+export const Default: Story = {
+  args: {
+    // Props with realistic values
+  },
+};
+
+export const EdgeCase: Story = {
+  args: { /* ... */ },
+  parameters: {
+    docs: {
+      description: {
+        story: "Use this when [specific scenario].",
+      },
+    },
+  },
+};
+```
+
+### 6. **Dynamic Content Pattern**
+For components with dynamic content, create render function:
+```tsx
+const renderComponent = (args: StoryProps) => {
+  const { numberOfElements, showIcon, customLabels } = args;
+  
+  // Generate dynamic content
+  const elements = Array.from({ length: numberOfElements }, (_, i) => ({
+    id: `element-${i}`,
+    label: customLabels[i] || `Element ${i + 1}`,
+    icon: showIcon ? <IconComponent /> : undefined,
+  }));
+  
+  return <ComponentName {...args} elements={elements} />;
+};
+
+export const Dynamic: Story = {
+  render: renderComponent,
+  args: {
+    numberOfElements: 3,
+    showIcon: true,
+    customLabels: ["First", "Second", "Third"],
+  },
+};
+```
+
+### 7. **State Management**
+For interactive components:
+```tsx
+import { useState } from "react";
+
+const ComponentWithState = (args: any) => {
+  const [value, setValue] = useState(args.defaultValue);
+  
+  return (
+    <ComponentName
+      {...args}
+      value={value}
+      onChange={(newValue) => {
+        setValue(newValue);
+        args.onChange?.(newValue);
+      }}
+    />
+  );
+};
+
+export const Interactive: Story = {
+  render: ComponentWithState,
+  args: { defaultValue: "initial" },
+};
+```
+
+### 8. **Quality Requirements**
+- Include component description in parameters.docs
+- Add story documentation for non-obvious use cases
+- Test edge cases (overflow, empty states, many elements)
+- Ensure no TypeScript errors
+- Use realistic prop values
+- Include at least 3-5 story variants
+- Example values need to be in the context of survey application
+
+### 9. **Naming Conventions**
+- **Story titles**: "UI/ComponentName"
+- **Story exports**: PascalCase (Default, WithIcon, ManyElements)
+- **Categories**: "Behavior", "Appearance", "Content" (exact spelling)
+- **Props**: camelCase matching component props
+
+### 10. **Special Cases**
+- **Generic components**: Remove `component` from meta if type conflicts
+- **Form components**: Include Invalid, WithValue stories
+- **Navigation**: Include ManyItems stories
+- **Modals, Dropdowns and Popups **: Include trigger and content structure
+
+## Generate stories that are comprehensive, well-documented, and reflect all component states and edge cases. 

.cursor/rules/testing-patterns.mdc

@@ -0,0 +1,327 @@
+---
+description: 
+globs: 
+alwaysApply: false
+---
+# Testing Patterns & Best Practices
+
+## Running Tests
+
+### Test Commands
+From the **root directory** (formbricks/):
+- `npm test` - Run all tests across all packages (recommended for CI/full testing)
+- `npm run test:coverage` - Run all tests with coverage reports
+- `npm run test:e2e` - Run end-to-end tests with Playwright
+
+From the **apps/web directory** (apps/web/):
+- `npm run test` - Run only web app tests (fastest for development)
+- `npm run test:coverage` - Run web app tests with coverage
+- `npm run test -- <file-pattern>` - Run specific test files
+
+### Examples
+```bash
+# Run all tests from root (takes ~3 minutes, runs 790 test files with 5334+ tests)
+npm test
+
+# Run specific test file from apps/web (fastest for development)
+npm run test -- modules/cache/lib/service.test.ts
+
+# Run tests matching pattern from apps/web  
+npm run test -- modules/ee/license-check/lib/license.test.ts
+
+# Run with coverage from root
+npm run test:coverage
+
+# Run specific test with watch mode from apps/web (for development)
+npm run test -- --watch modules/cache/lib/service.test.ts
+
+# Run tests for a specific directory from apps/web
+npm run test -- modules/cache/
+```
+
+### Performance Tips
+- **For development**: Use `apps/web` directory commands to run only web app tests
+- **For CI/validation**: Use root directory commands to run all packages
+- **For specific features**: Use file patterns to target specific test files
+- **For debugging**: Use `--watch` mode for continuous testing during development
+
+### Test File Organization
+- Place test files in the **same directory** as the source file
+- Use `.test.ts` for utility/service tests (Node environment)
+- Use `.test.tsx` for React component tests (jsdom environment)
+
+## Test File Naming & Environment
+
+### File Extensions
+- Use `.test.tsx` for React component/hook tests (runs in jsdom environment)
+- Use `.test.ts` for utility/service tests (runs in Node environment)
+- The vitest config uses `environmentMatchGlobs` to automatically set jsdom for `.tsx` files
+
+### Test Structure
+```typescript
+// Import the mocked functions first
+import { useHook } from "@/path/to/hook";
+import { serviceFunction } from "@/path/to/service";
+import { renderHook, waitFor } from "@testing-library/react";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+
+// Mock dependencies
+vi.mock("@/path/to/hook", () => ({
+  useHook: vi.fn(),
+}));
+
+describe("ComponentName", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Setup default mocks
+  });
+
+  test("descriptive test name", async () => {
+    // Test implementation
+  });
+});
+```
+
+## React Hook Testing
+
+### Context Mocking
+When testing hooks that use React Context:
+```typescript
+vi.mocked(useResponseFilter).mockReturnValue({
+  selectedFilter: {
+    filter: [],
+    onlyComplete: false,
+  },
+  setSelectedFilter: vi.fn(),
+  selectedOptions: {
+    questionOptions: [],
+    questionFilterOptions: [],
+  },
+  setSelectedOptions: vi.fn(),
+  dateRange: { from: new Date(), to: new Date() },
+  setDateRange: vi.fn(),
+  resetState: vi.fn(),
+});
+```
+
+### Testing Async Hooks
+- Always use `waitFor` for async operations
+- Test both loading and completed states
+- Verify API calls with correct parameters
+
+```typescript
+test("fetches data on mount", async () => {
+  const { result } = renderHook(() => useHook());
+  
+  expect(result.current.isLoading).toBe(true);
+  
+  await waitFor(() => {
+    expect(result.current.isLoading).toBe(false);
+  });
+  
+  expect(result.current.data).toBe(expectedData);
+  expect(vi.mocked(apiCall)).toHaveBeenCalledWith(expectedParams);
+});
+```
+
+### Testing Hook Dependencies
+To test useEffect dependencies, ensure mocks return different values:
+```typescript
+// First render
+mockGetFormattedFilters.mockReturnValue(mockFilters);
+
+// Change dependency and trigger re-render
+const newMockFilters = { ...mockFilters, finished: true };
+mockGetFormattedFilters.mockReturnValue(newMockFilters);
+rerender();
+```
+
+## Performance Testing
+
+### Race Condition Testing
+Test AbortController implementation:
+```typescript
+test("cancels previous request when new request is made", async () => {
+  let resolveFirst: (value: any) => void;
+  let resolveSecond: (value: any) => void;
+
+  const firstPromise = new Promise((resolve) => {
+    resolveFirst = resolve;
+  });
+  const secondPromise = new Promise((resolve) => {
+    resolveSecond = resolve;
+  });
+
+  vi.mocked(apiCall)
+    .mockReturnValueOnce(firstPromise as any)
+    .mockReturnValueOnce(secondPromise as any);
+
+  const { result } = renderHook(() => useHook());
+  
+  // Trigger second request
+  result.current.refetch();
+  
+  // Resolve in order - first should be cancelled
+  resolveFirst!({ data: 100 });
+  resolveSecond!({ data: 200 });
+
+  await waitFor(() => {
+    expect(result.current.isLoading).toBe(false);
+  });
+
+  // Should have result from second request
+  expect(result.current.data).toBe(200);
+});
+```
+
+### Cleanup Testing
+```typescript
+test("cleans up on unmount", () => {
+  const abortSpy = vi.spyOn(AbortController.prototype, "abort");
+  
+  const { unmount } = renderHook(() => useHook());
+  unmount();
+  
+  expect(abortSpy).toHaveBeenCalled();
+  abortSpy.mockRestore();
+});
+```
+
+## Error Handling Testing
+
+### API Error Testing
+```typescript
+test("handles API errors gracefully", async () => {
+  const consoleSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+  vi.mocked(apiCall).mockRejectedValue(new Error("API Error"));
+
+  const { result } = renderHook(() => useHook());
+
+  await waitFor(() => {
+    expect(result.current.isLoading).toBe(false);
+  });
+
+  expect(consoleSpy).toHaveBeenCalledWith("Error message:", expect.any(Error));
+  expect(result.current.data).toBe(fallbackValue);
+  
+  consoleSpy.mockRestore();
+});
+```
+
+### Cancelled Request Testing
+```typescript
+test("does not update state for cancelled requests", async () => {
+  const consoleSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+
+  let rejectFirst: (error: any) => void;
+  const firstPromise = new Promise((_, reject) => {
+    rejectFirst = reject;
+  });
+
+  vi.mocked(apiCall)
+    .mockReturnValueOnce(firstPromise as any)
+    .mockResolvedValueOnce({ data: 42 });
+
+  const { result } = renderHook(() => useHook());
+  result.current.refetch();
+
+  const abortError = new Error("Request cancelled");
+  rejectFirst!(abortError);
+
+  await waitFor(() => {
+    expect(result.current.isLoading).toBe(false);
+  });
+
+  // Should not log error for cancelled request
+  expect(consoleSpy).not.toHaveBeenCalled();
+  consoleSpy.mockRestore();
+});
+```
+
+## Type Safety in Tests
+
+### Mock Type Assertions
+Use type assertions for edge cases:
+```typescript
+vi.mocked(apiCall).mockResolvedValue({
+  data: null as any, // For testing null handling
+});
+
+vi.mocked(apiCall).mockResolvedValue({
+  data: undefined as any, // For testing undefined handling
+});
+```
+
+### Proper Mock Typing
+Ensure mocks match the actual interface:
+```typescript
+const mockSurvey: TSurvey = {
+  id: "survey-123",
+  name: "Test Survey",
+  // ... other required properties
+} as unknown as TSurvey; // Use when partial mocking is needed
+```
+
+## Common Test Patterns
+
+### Testing State Changes
+```typescript
+test("updates state correctly", async () => {
+  const { result } = renderHook(() => useHook());
+  
+  // Initial state
+  expect(result.current.value).toBe(initialValue);
+  
+  // Trigger change
+  result.current.updateValue(newValue);
+  
+  // Verify change
+  expect(result.current.value).toBe(newValue);
+});
+```
+
+### Testing Multiple Scenarios
+```typescript
+test("handles different modes", async () => {
+  // Test regular mode
+  vi.mocked(useParams).mockReturnValue({ surveyId: "123" });
+  const { rerender } = renderHook(() => useHook());
+  
+  await waitFor(() => {
+    expect(vi.mocked(regularApi)).toHaveBeenCalled();
+  });
+  
+  // Test sharing mode
+  vi.mocked(useParams).mockReturnValue({ 
+    surveyId: "123", 
+    sharingKey: "share-123" 
+  });
+  rerender();
+  
+  await waitFor(() => {
+    expect(vi.mocked(sharingApi)).toHaveBeenCalled();
+  });
+});
+```
+
+## Test Organization
+
+### Comprehensive Test Coverage
+For hooks, ensure you test:
+- ✅ Initialization (with/without initial values)
+- ✅ Data fetching (success/error cases)
+- ✅ State updates and refetching
+- ✅ Dependency changes triggering effects
+- ✅ Manual actions (refetch, reset)
+- ✅ Race condition prevention
+- ✅ Cleanup on unmount
+- ✅ Mode switching (if applicable)
+- ✅ Edge cases (null/undefined data)
+
+### Test Naming
+Use descriptive test names that explain the scenario:
+- ✅ "initializes with initial count"
+- ✅ "fetches response count on mount for regular survey"
+- ✅ "cancels previous request when new request is made"
+- ❌ "test hook"
+- ❌ "it works"

.cursor/rules/testing.mdc

@@ -0,0 +1,7 @@
+---
+description: Whenever the user asks to write or update a test file for .tsx or .ts files.
+globs: 
+alwaysApply: false
+---
+Use the rules in this file when writing tests [copilot-instructions.md](mdc:.github/copilot-instructions.md).
+After writing the tests, run them and check if there's any issue with the tests and if all of them are passing. Fix the issues and rerun the tests until all pass.

.env.example

@@ -80,8 +80,8 @@ S3_ENDPOINT_URL=
 # Force path style for S3 compatible storage (0 for disabled, 1 for enabled)
 S3_FORCE_PATH_STYLE=0
 
-# Set this URL to add a custom domain to your survey links(default is WEBAPP_URL)
-# SURVEY_URL=https://survey.example.com
+# Set this URL to add a public domain for all your client facing routes(default is WEBAPP_URL)
+# PUBLIC_URL=https://survey.example.com
 
 #####################
 # Disable Features  #
@@ -189,8 +189,7 @@ ENTERPRISE_LICENSE_KEY=
 UNSPLASH_ACCESS_KEY=
 
 # The below is used for Next Caching (uses In-Memory from Next Cache if not provided)
-# You can also add more configuration to Redis using the redis.conf file in the root directory
-# REDIS_URL=redis://localhost:6379
+REDIS_URL=redis://localhost:6379
 
 # The below is used for Rate Limiting (uses In-Memory LRU Cache if not provided) (You can use a service like Webdis for this)
 # REDIS_HTTP_URL:
@@ -210,6 +209,16 @@ UNKEY_ROOT_KEY=
 # The SENTRY_AUTH_TOKEN variable is picked up by the Sentry Build Plugin.
 # It's used automatically by Sentry during the build for authentication when uploading source maps.
 # SENTRY_AUTH_TOKEN=
+# The SENTRY_ENVIRONMENT is the environment which the error will belong to in the Sentry dashboard
+# SENTRY_ENVIRONMENT=
 
-# Disable the user management from UI 
-# DISABLE_USER_MANAGEMENT=1
+# Configure the minimum role for user management from UI(owner, manager, disabled)
+# USER_MANAGEMENT_MINIMUM_ROLE="manager"
+
+# Configure the maximum age for the session in seconds. Default is 86400 (24 hours)
+# SESSION_MAX_AGE=86400
+
+# Audit logs options. Default 0.
+# AUDIT_LOG_ENABLED=0
+# If the ip should be added in the log or not. Default 0
+# AUDIT_LOG_GET_USER_IP=0

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -1,6 +1,7 @@
 name: Feature request
 description: "Suggest an idea for this project \U0001F680"
 type: feature
+projects: "formbricks/21"
 body:
   - type: textarea
     id: problem-description

.github/ISSUE_TEMPLATE/task.yml

@@ -1,11 +0,0 @@
-name: Task (internal)
-description: "Template for creating a task. Used by the Formbricks Team only \U0001f4e5"
-type: task
-body:
-  - type: textarea
-    id: task-summary
-    attributes:
-      label: Task description
-      description: A clear detailed-rich description of the task.
-    validations:
-      required: true

.github/actions/upload-sentry-sourcemaps/action.yml

@@ -0,0 +1,125 @@
+name: 'Upload Sentry Sourcemaps'
+description: 'Extract sourcemaps from Docker image and upload to Sentry'
+
+inputs:
+  docker_image:
+    description: 'Docker image to extract sourcemaps from'
+    required: true
+  release_version:
+    description: 'Sentry release version (e.g., v1.2.3)'
+    required: true
+  sentry_auth_token:
+    description: 'Sentry authentication token'
+    required: true
+  environment:
+    description: 'Sentry environment (e.g., production, staging)'
+    required: false
+    default: 'staging'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Validate Sentry auth token
+      shell: bash
+      run: |
+        set -euo pipefail
+        echo "🔐 Validating Sentry authentication token..."
+
+        # Assign token to local variable for secure handling
+        SENTRY_TOKEN="${{ inputs.sentry_auth_token }}"
+
+        # Test the token by making a simple API call to Sentry
+        response=$(curl -s -w "%{http_code}" -o /tmp/sentry_response.json \
+          -H "Authorization: Bearer $SENTRY_TOKEN" \
+          "https://sentry.io/api/0/organizations/formbricks/")
+
+        http_code=$(echo "$response" | tail -n1)
+
+        if [ "$http_code" != "200" ]; then
+          echo "❌ Error: Invalid Sentry auth token (HTTP $http_code)"
+          echo "Please check your SENTRY_AUTH_TOKEN is correct and has the necessary permissions."
+          if [ -f /tmp/sentry_response.json ]; then
+            echo "Response body:"
+            cat /tmp/sentry_response.json
+          fi
+          exit 1
+        fi
+
+        echo "✅ Sentry auth token validated successfully"
+
+        # Clean up temp file
+        rm -f /tmp/sentry_response.json
+
+    - name: Extract sourcemaps from Docker image
+      shell: bash
+      run: |
+        set -euo pipefail
+        echo "📦 Extracting sourcemaps from Docker image: ${{ inputs.docker_image }}"
+
+        # Create temporary container from the image and capture its ID
+        echo "Creating temporary container..."
+        CONTAINER_ID=$(docker create "${{ inputs.docker_image }}")
+        echo "Container created with ID: $CONTAINER_ID"
+
+        # Set up cleanup function to ensure container is removed on script exit
+        cleanup_container() {
+          # Capture the current exit code to preserve it
+          local original_exit_code=$?
+          
+          echo "🧹 Cleaning up Docker container..."
+          
+          # Remove the container if it exists (ignore errors if already removed)
+          if [ -n "$CONTAINER_ID" ]; then
+            docker rm -f "$CONTAINER_ID" 2>/dev/null || true
+            echo "Container $CONTAINER_ID removed"
+          fi
+          
+          # Exit with the original exit code to preserve script success/failure status
+          exit $original_exit_code
+        }
+        
+        # Register cleanup function to run on script exit (success or failure)
+        trap cleanup_container EXIT
+
+        # Extract .next directory containing sourcemaps
+        docker cp "$CONTAINER_ID:/home/nextjs/apps/web/.next" ./extracted-next
+
+        # Verify sourcemaps exist
+        if [ ! -d "./extracted-next/static/chunks" ]; then
+          echo "❌ Error: .next/static/chunks directory not found in Docker image"
+          echo "Expected structure: /home/nextjs/apps/web/.next/static/chunks/"
+          exit 1
+        fi
+
+        sourcemap_count=$(find ./extracted-next/static/chunks -name "*.map" | wc -l)
+        echo "✅ Found $sourcemap_count sourcemap files"
+
+        if [ "$sourcemap_count" -eq 0 ]; then
+          echo "❌ Error: No sourcemap files found. Check that productionBrowserSourceMaps is enabled."
+          exit 1
+        fi
+
+    - name: Create Sentry release and upload sourcemaps
+      uses: getsentry/action-release@v3
+      env:
+        SENTRY_AUTH_TOKEN: ${{ inputs.sentry_auth_token }}
+        SENTRY_ORG: formbricks
+        SENTRY_PROJECT: formbricks-cloud
+      with:
+        environment: ${{ inputs.environment }}
+        version: ${{ inputs.release_version }}
+        sourcemaps: './extracted-next/'
+
+    - name: Clean up extracted files
+      shell: bash
+      if: always()
+      run: |
+        set -euo pipefail
+        # Clean up extracted files
+        rm -rf ./extracted-next
+        echo "🧹 Cleaned up extracted files"

.github/workflows/deploy-formbricks-cloud.yml

@@ -4,34 +4,34 @@ on:
   workflow_dispatch:
     inputs:
       VERSION:
-        description: 'The version of the Docker image to release, full image tag if image tag is v0.0.0 enter v0.0.0.'
+        description: "The version of the Docker image to release, full image tag if image tag is v0.0.0 enter v0.0.0."
         required: true
         type: string
       REPOSITORY:
-        description: 'The repository to use for the Docker image'
+        description: "The repository to use for the Docker image"
         required: false
         type: string
-        default: 'ghcr.io/formbricks/formbricks'
+        default: "ghcr.io/formbricks/formbricks"
       ENVIRONMENT:
-        description: 'The environment to deploy to'
+        description: "The environment to deploy to"
         required: true
         type: choice
         options:
-          - stage
-          - prod
+          - staging
+          - production
   workflow_call:
     inputs:
       VERSION:
-        description: 'The version of the Docker image to release'
+        description: "The version of the Docker image to release"
         required: true
         type: string
       REPOSITORY:
-        description: 'The repository to use for the Docker image'
+        description: "The repository to use for the Docker image"
         required: false
         type: string
-        default: 'ghcr.io/formbricks/formbricks'
+        default: "ghcr.io/formbricks/formbricks"
       ENVIRONMENT:
-        description: 'The environment to deploy to'
+        description: "The environment to deploy to"
         required: true
         type: string
 
@@ -52,6 +52,7 @@ jobs:
           oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
           oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
           tags: tag:github
+          args: --accept-routes
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0
@@ -66,8 +67,8 @@ jobs:
           AWS_REGION: eu-central-1
 
       - uses: helmfile/helmfile-action@v2
-        name: Deploy Formbricks Cloud Prod
-        if: inputs.ENVIRONMENT == 'prod'
+        name: Deploy Formbricks Cloud Production
+        if: inputs.ENVIRONMENT == 'production'
         env:
           VERSION: ${{ inputs.VERSION }}
           REPOSITORY: ${{ inputs.REPOSITORY }}
@@ -75,7 +76,7 @@ jobs:
           FORMBRICKS_INGRESS_CERT_ARN: ${{ secrets.FORMBRICKS_INGRESS_CERT_ARN }}
           FORMBRICKS_ROLE_ARN: ${{ secrets.FORMBRICKS_ROLE_ARN }}
         with:
-          helmfile-version: 'v1.0.0'
+          helmfile-version: "v1.0.0"
           helm-plugins: >
             https://github.com/databus23/helm-diff,
             https://github.com/jkroepke/helm-secrets
@@ -84,15 +85,15 @@ jobs:
           helmfile-workdirectory: infra/formbricks-cloud-helm
 
       - uses: helmfile/helmfile-action@v2
-        name: Deploy Formbricks Cloud Stage
-        if: inputs.ENVIRONMENT == 'stage'
+        name: Deploy Formbricks Cloud Staging
+        if: inputs.ENVIRONMENT == 'staging'
         env:
           VERSION: ${{ inputs.VERSION }}
           REPOSITORY: ${{ inputs.REPOSITORY }}
           FORMBRICKS_INGRESS_CERT_ARN: ${{ secrets.STAGE_FORMBRICKS_INGRESS_CERT_ARN }}
           FORMBRICKS_ROLE_ARN: ${{ secrets.STAGE_FORMBRICKS_ROLE_ARN }}
         with:
-          helmfile-version: 'v1.0.0'
+          helmfile-version: "v1.0.0"
           helm-plugins: >
             https://github.com/databus23/helm-diff,
             https://github.com/jkroepke/helm-secrets
@@ -100,3 +101,43 @@ jobs:
           helmfile-auto-init: "false"
           helmfile-workdirectory: infra/formbricks-cloud-helm
 
+      - name: Purge Cloudflare Cache
+        if: ${{ inputs.ENVIRONMENT == 'production' || inputs.ENVIRONMENT == 'staging' }}
+        env:
+          CF_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
+          CF_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+        run: |
+          # Set hostname based on environment
+          if [[ "${{ inputs.ENVIRONMENT }}" == "production" ]]; then
+            PURGE_HOST="app.formbricks.com"
+          else
+            PURGE_HOST="stage.app.formbricks.com"
+          fi
+
+          echo "Purging Cloudflare cache for host: $PURGE_HOST (environment: ${{ inputs.ENVIRONMENT }}, zone: $CF_ZONE_ID)"
+
+          # Prepare JSON payload for selective cache purge
+          json_payload=$(cat << EOF
+          {
+            "hosts": ["$PURGE_HOST"]
+          }
+          EOF
+          )
+
+          # Make API call to Cloudflare
+          response=$(curl -s -X POST \
+            "https://api.cloudflare.com/client/v4/zones/$CF_ZONE_ID/purge_cache" \
+            -H "Authorization: Bearer $CF_API_TOKEN" \
+            -H "Content-Type: application/json" \
+            --data "$json_payload")
+
+          echo "Cloudflare API response: $response"
+
+          # Verify the operation was successful
+          if [[ "$(echo "$response" | jq -r .success)" == "true" ]]; then
+            echo "✅ Successfully purged cache for $PURGE_HOST"
+          else
+            echo "❌ Cloudflare cache purge failed"
+            echo "Error details: $(echo "$response" | jq -r .errors)"
+            exit 1
+          fi

.github/workflows/e2e.yml

@@ -45,6 +45,16 @@ jobs:
           --health-interval=10s
           --health-timeout=5s
           --health-retries=5
+      valkey:
+        image: valkey/valkey:8.1.1
+        ports:
+          - 6379:6379
+        options: >-
+          --entrypoint "valkey-server"
+          --health-cmd="valkey-cli ping"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=5
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
@@ -79,6 +89,7 @@ jobs:
           sed -i "s/CRON_SECRET=.*/CRON_SECRET=${RANDOM_KEY}/" .env
           sed -i "s/NEXTAUTH_SECRET=.*/NEXTAUTH_SECRET=${RANDOM_KEY}/" .env
           sed -i "s/ENTERPRISE_LICENSE_KEY=.*/ENTERPRISE_LICENSE_KEY=${{ secrets.ENTERPRISE_LICENSE_KEY }}/" .env
+          sed -i "s|REDIS_URL=.*|REDIS_URL=redis://localhost:6379|" .env
           echo "" >> .env
           echo "E2E_TESTING=1" >> .env
         shell: bash
@@ -92,6 +103,12 @@ jobs:
           # pnpm prisma migrate deploy
           pnpm db:migrate:dev
 
+      - name: Run Rate Limiter Load Tests
+        run: |
+          echo "Running rate limiter load tests with Redis/Valkey..."
+          cd apps/web && pnpm vitest run modules/core/rate-limit/rate-limit-load.test.ts
+        shell: bash
+
       - name: Check for Enterprise License
         run: |
           LICENSE_KEY=$(grep '^ENTERPRISE_LICENSE_KEY=' .env | cut -d'=' -f2-)

.github/workflows/formbricks-release.yml

@@ -1,17 +1,22 @@
 name: Build, release & deploy Formbricks images
 
 on:
-  workflow_dispatch:
-  push:
-    tags:
-      - "v*"
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+env:
+  ENVIRONMENT: ${{ github.event.release.prerelease && 'staging' || 'production' }}
 
 jobs:
   docker-build:
-    name: Build & release stable docker image
-    if: startsWith(github.ref, 'refs/tags/v')
+    name: Build & release docker image
     uses: ./.github/workflows/release-docker-github.yml
     secrets: inherit
+    with:
+      IS_PRERELEASE: ${{ github.event.release.prerelease }}
 
   helm-chart-release:
     name: Release Helm Chart
@@ -31,4 +36,27 @@ jobs:
       - helm-chart-release
     with:
       VERSION: v${{ needs.docker-build.outputs.VERSION }}
-      ENVIRONMENT: "prod"
+      ENVIRONMENT: ${{ env.ENVIRONMENT }}
+
+  upload-sentry-sourcemaps:
+    name: Upload Sentry Sourcemaps
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    needs:
+      - docker-build
+      - deploy-formbricks-cloud
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Upload Sentry Sourcemaps
+        uses: ./.github/actions/upload-sentry-sourcemaps
+        continue-on-error: true
+        with:
+          docker_image: ghcr.io/formbricks/formbricks:v${{ needs.docker-build.outputs.VERSION }}
+          release_version: v${{ needs.docker-build.outputs.VERSION }}
+          sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          environment: ${{ env.ENVIRONMENT }}

.github/workflows/pr.yml

@@ -10,8 +10,6 @@ permissions:
 
 on:
   pull_request:
-    branches:
-      - main
   merge_group:
   workflow_dispatch:
 

.github/workflows/release-docker-github-experimental.yml

@@ -29,6 +29,10 @@ jobs:
       # with sigstore/fulcio when running outside of PRs.
       id-token: write
 
+    outputs:
+      DOCKER_IMAGE: ${{ steps.extract_image_info.outputs.DOCKER_IMAGE }}
+      RELEASE_VERSION: ${{ steps.extract_image_info.outputs.RELEASE_VERSION }}
+
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
@@ -38,6 +42,56 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
+      - name: Generate SemVer version from branch or tag
+        id: generate_version
+        run: |
+          # Get reference name and type
+          REF_NAME="${{ github.ref_name }}"
+          REF_TYPE="${{ github.ref_type }}"
+
+          echo "Reference type: $REF_TYPE"
+          echo "Reference name: $REF_NAME"
+
+          if [[ "$REF_TYPE" == "tag" ]]; then
+            # If running from a tag, use the tag name
+            if [[ "$REF_NAME" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
+              # Tag looks like a SemVer, use it directly (remove 'v' prefix if present)
+              VERSION=$(echo "$REF_NAME" | sed 's/^v//')
+              echo "Using SemVer tag: $VERSION"
+            else
+              # Tag is not SemVer, treat as prerelease
+              SANITIZED_TAG=$(echo "$REF_NAME" | sed 's/[^a-zA-Z0-9.-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
+              VERSION="0.0.0-$SANITIZED_TAG"
+              echo "Using tag as prerelease: $VERSION"
+            fi
+          else
+            # Running from branch, use branch name as prerelease
+            SANITIZED_BRANCH=$(echo "$REF_NAME" | sed 's/[^a-zA-Z0-9.-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
+            VERSION="0.0.0-$SANITIZED_BRANCH"
+            echo "Using branch as prerelease: $VERSION"
+          fi
+
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
+          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
+          echo "Generated SemVer version: $VERSION"
+
+      - name: Update package.json version
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: |
+          cd ./apps/web
+          npm version $VERSION --no-git-tag-version
+          echo "Updated version to: $(npm pkg get version)"
+
+      - name: Set Sentry environment in .env
+        run: |
+          if ! grep -q "^SENTRY_ENVIRONMENT=staging$" .env 2>/dev/null; then
+            echo "SENTRY_ENVIRONMENT=staging" >> .env
+            echo "Added SENTRY_ENVIRONMENT=staging to .env file"
+          else
+            echo "SENTRY_ENVIRONMENT=staging already exists in .env file"
+          fi
+
       - name: Set up Depot CLI
         uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
 
@@ -83,6 +137,21 @@ jobs:
             database_url=${{ secrets.DUMMY_DATABASE_URL }}
             encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
 
+      - name: Extract image info for sourcemap upload
+        id: extract_image_info
+        run: |
+          # Use the first readable tag from metadata action output
+          DOCKER_IMAGE=$(echo "${{ steps.meta.outputs.tags }}" | head -n1 | xargs)
+          echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
+
+          # Use the generated version for Sentry release
+          RELEASE_VERSION="$VERSION"
+          echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
+
+          echo "Docker image: $DOCKER_IMAGE"
+          echo "Release version: $RELEASE_VERSION"
+          echo "Available tags: ${{ steps.meta.outputs.tags }}"
+
       # Sign the resulting Docker image digest except on PRs.
       # This will only write to the public Rekor transparency log when the Docker
       # repository is public to avoid leaking data.  If you would like to publish
@@ -97,3 +166,25 @@ jobs:
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
         run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+
+  upload-sentry-sourcemaps:
+    name: Upload Sentry Sourcemaps
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    needs:
+      - build
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Upload Sentry Sourcemaps
+        uses: ./.github/actions/upload-sentry-sourcemaps
+        continue-on-error: true
+        with:
+          docker_image: ${{ needs.build.outputs.DOCKER_IMAGE }}
+          release_version: ${{ needs.build.outputs.RELEASE_VERSION }}
+          sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          environment: staging

.github/workflows/release-docker-github.yml

@@ -7,6 +7,12 @@ name: Docker Release to Github
 
 on:
   workflow_call:
+    inputs:
+      IS_PRERELEASE:
+        description: 'Whether this is a prerelease (affects latest tag)'
+        required: false
+        type: boolean
+        default: false
     outputs:
       VERSION:
         description: release version
@@ -45,10 +51,12 @@ jobs:
       - name: Get Release Tag
         id: extract_release_tag
         run: |
+          # Extract version from tag (e.g., refs/tags/v1.2.3 -> 1.2.3)
           TAG=${{ github.ref }}
           TAG=${TAG#refs/tags/v}
           echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV
           echo "VERSION=$TAG" >> $GITHUB_OUTPUT
+          echo "Using tag-based version: $TAG"
 
       - name: Update package.json version
         run: |
@@ -81,6 +89,13 @@ jobs:
         uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # Default semver tags (version, major.minor, major)
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            # Only tag as 'latest' for stable releases (not prereleases)
+            type=raw,value=latest,enable=${{ inputs.IS_PRERELEASE != 'true' }}
 
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action

.github/workflows/sonarqube.yml

@@ -43,6 +43,7 @@ jobs:
           sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=${RANDOM_KEY}/" .env
           sed -i "s/CRON_SECRET=.*/CRON_SECRET=${RANDOM_KEY}/" .env
           sed -i "s/NEXTAUTH_SECRET=.*/NEXTAUTH_SECRET=${RANDOM_KEY}/" .env
+          sed -i "s|REDIS_URL=.*|REDIS_URL=|" .env
 
       - name: Run tests with coverage
         run: |

.github/workflows/test.yml

@@ -41,6 +41,7 @@ jobs:
           sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=${RANDOM_KEY}/" .env
           sed -i "s/CRON_SECRET=.*/CRON_SECRET=${RANDOM_KEY}/" .env
           sed -i "s/NEXTAUTH_SECRET=.*/NEXTAUTH_SECRET=${RANDOM_KEY}/" .env
+          sed -i "s|REDIS_URL=.*|REDIS_URL=|" .env
 
       - name: Test
         run: pnpm test

.github/workflows/upload-sentry-sourcemaps.yml

@@ -0,0 +1,46 @@
+name: Upload Sentry Sourcemaps (Manual)
+
+on:
+  workflow_dispatch:
+    inputs:
+      docker_image:
+        description: "Docker image to extract sourcemaps from"
+        required: true
+        type: string
+      release_version:
+        description: "Release version (e.g., v1.2.3)"
+        required: true
+        type: string
+      tag_version:
+        description: "Docker image tag (leave empty to use release_version)"
+        required: false
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  upload-sourcemaps:
+    name: Upload Sourcemaps to Sentry
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Set Docker Image
+        run: |
+          if [ -n "${{ inputs.tag_version }}" ]; then
+            echo "DOCKER_IMAGE=${{ inputs.docker_image }}:${{ inputs.tag_version }}" >> $GITHUB_ENV
+          else
+            echo "DOCKER_IMAGE=${{ inputs.docker_image }}:${{ inputs.release_version }}" >> $GITHUB_ENV
+          fi
+
+      - name: Upload Sourcemaps to Sentry
+        uses: ./.github/actions/upload-sentry-sourcemaps
+        with:
+          docker_image: ${{ env.DOCKER_IMAGE }}
+          release_version: ${{ inputs.release_version }}
+          sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }} 

.gitignore

@@ -73,3 +73,4 @@ infra/terraform/.terraform/
 /.idea/
 /*.iml
 packages/ios/FormbricksSDK/FormbricksSDK.xcodeproj/project.xcworkspace/xcuserdata
+.cursorrules

CONTRIBUTING.md

@@ -14,17 +14,7 @@ Are you brimming with brilliant ideas? For new features that can elevate Formbri
 
 ## 🛠 Crafting Pull Requests
 
-Ready to dive into the code and make a real impact? Here's your path:
-
-1. **Read our Best Practices**: [It takes 5 minutes](https://formbricks.com/docs/developer-docs/contributing/get-started) but will help you save hours 🤓
-
-1. **Fork the Repository:** Fork our repository or use [Gitpod](https://gitpod.io) or use [Github Codespaces](https://github.com/features/codespaces) to get started instantly.
-
-1. **Tweak and Transform:** Work your coding magic and apply your changes.
-
-1. **Pull Request Act:** If you're ready to go, craft a new pull request closely following our PR template 🙏
-
-Would you prefer a chat before you dive into a lot of work? [Github Discussions](https://github.com/formbricks/formbricks/discussions) is your harbor. Share your thoughts, and we'll meet you there with open arms. We're responsive and friendly, promise!
+For the time being, we don't have the capacity to properly facilitate community contributions. It's a lot of engineering attention often spent on issues which don't follow our prioritization, so we've decided to only facilitate community code contributions in rare exceptions in the coming months.
 
 ## 🚀 Aspiring Features
 

README.md

@@ -192,7 +192,7 @@ Here are a few options:
 
 - Upvote issues with 👍 reaction so we know what the demand for a particular issue is to prioritize it within the roadmap.
 
-Please check out [our contribution guide](https://formbricks.com/docs/developer-docs/contributing/get-started) and our [list of open issues](https://github.com/formbricks/formbricks/issues) for more information.
+- Note: For the time being, we can only facilitate code contributions as an exception.
 
 ## All Thanks To Our Contributors
 

apps/storybook/.storybook/main.ts

@@ -14,10 +14,9 @@ const config: StorybookConfig = {
   addons: [
     getAbsolutePath("@storybook/addon-onboarding"),
     getAbsolutePath("@storybook/addon-links"),
-    getAbsolutePath("@storybook/addon-essentials"),
     getAbsolutePath("@chromatic-com/storybook"),
-    getAbsolutePath("@storybook/addon-interactions"),
     getAbsolutePath("@storybook/addon-a11y"),
+    getAbsolutePath("@storybook/addon-docs"),
   ],
   framework: {
     name: getAbsolutePath("@storybook/react-vite"),

apps/storybook/.storybook/preview.ts

@@ -1,5 +1,21 @@
-import type { Preview } from "@storybook/react";
+import type { Preview } from "@storybook/react-vite";
+import { TolgeeProvider } from "@tolgee/react";
+import React from "react";
 import "../../web/modules/ui/globals.css";
+import { TolgeeBase } from "../../web/tolgee/shared";
+
+// Create a Storybook-specific Tolgee decorator
+const withTolgee = (Story: any) => {
+  const tolgee = TolgeeBase().init({
+    tagNewKeys: [], // No branch tagging in Storybook
+  });
+
+  return React.createElement(
+    TolgeeProvider,
+    { tolgee, fallback: "Loading", ssr: { language: "en", staticData: {} } },
+    React.createElement(Story)
+  );
+};
 
 const preview: Preview = {
   parameters: {
@@ -10,6 +26,7 @@ const preview: Preview = {
       },
     },
   },
+  decorators: [withTolgee],
 };
 
 export default preview;

apps/storybook/package.json

@@ -11,28 +11,22 @@
     "clean": "rimraf .turbo node_modules dist storybook-static"
   },
   "dependencies": {
-    "eslint-plugin-react-refresh": "0.4.20",
-    "react": "19.1.0",
-    "react-dom": "19.1.0"
+    "eslint-plugin-react-refresh": "0.4.20"
   },
   "devDependencies": {
-    "@chromatic-com/storybook": "3.2.6",
-    "@storybook/addon-a11y": "8.6.12",
-    "@storybook/addon-essentials": "8.6.12",
-    "@storybook/addon-interactions": "8.6.12",
-    "@storybook/addon-links": "8.6.12",
-    "@storybook/addon-onboarding": "8.6.12",
-    "@storybook/blocks": "8.6.12",
-    "@storybook/react": "8.6.12",
-    "@storybook/react-vite": "8.6.12",
-    "@storybook/test": "8.6.12",
+    "@chromatic-com/storybook": "^4.0.1",
+    "@storybook/addon-a11y": "9.0.15",
+    "@storybook/addon-links": "9.0.15",
+    "@storybook/addon-onboarding": "9.0.15",
+    "@storybook/react-vite": "9.0.15",
     "@typescript-eslint/eslint-plugin": "8.32.0",
     "@typescript-eslint/parser": "8.32.0",
     "@vitejs/plugin-react": "4.4.1",
     "esbuild": "0.25.4",
-    "eslint-plugin-storybook": "0.12.0",
+    "eslint-plugin-storybook": "9.0.15",
     "prop-types": "15.8.1",
-    "storybook": "8.6.12",
-    "vite": "6.3.5"
+    "storybook": "9.0.15",
+    "vite": "6.3.5",
+    "@storybook/addon-docs": "9.0.15"
   }
 }

apps/storybook/src/stories/Configure.mdx

@@ -1,4 +1,4 @@
-import { Meta } from "@storybook/blocks";
+import { Meta } from "@storybook/addon-docs/blocks";
 
 import Accessibility from "./assets/accessibility.png";
 import AddonLibrary from "./assets/addon-library.png";

apps/web/Dockerfile

@@ -25,21 +25,9 @@ RUN corepack prepare pnpm@9.15.9 --activate
 # Install necessary build tools and compilers
 RUN apk update && apk add --no-cache cmake g++ gcc jq make openssl-dev python3
 
-# BuildKit secret handling without hardcoded fallback values
-# This approach relies entirely on secrets passed from GitHub Actions
-RUN echo '#!/bin/sh' > /tmp/read-secrets.sh && \
-    echo 'if [ -f "/run/secrets/database_url" ]; then' >> /tmp/read-secrets.sh && \
-    echo '  export DATABASE_URL=$(cat /run/secrets/database_url)' >> /tmp/read-secrets.sh && \
-    echo 'else' >> /tmp/read-secrets.sh && \
-    echo '  echo "DATABASE_URL secret not found. Build may fail if this is required."' >> /tmp/read-secrets.sh && \
-    echo 'fi' >> /tmp/read-secrets.sh && \
-    echo 'if [ -f "/run/secrets/encryption_key" ]; then' >> /tmp/read-secrets.sh && \
-    echo '  export ENCRYPTION_KEY=$(cat /run/secrets/encryption_key)' >> /tmp/read-secrets.sh && \
-    echo 'else' >> /tmp/read-secrets.sh && \
-    echo '  echo "ENCRYPTION_KEY secret not found. Build may fail if this is required."' >> /tmp/read-secrets.sh && \
-    echo 'fi' >> /tmp/read-secrets.sh && \
-    echo 'exec "$@"' >> /tmp/read-secrets.sh && \
-    chmod +x /tmp/read-secrets.sh
+# Copy the secrets handling script
+COPY apps/web/scripts/docker/read-secrets.sh /tmp/read-secrets.sh
+RUN chmod +x /tmp/read-secrets.sh
 
 # Increase Node.js memory limit as a regular build argument
 ARG NODE_OPTIONS="--max_old_space_size=4096"
@@ -62,6 +50,9 @@ RUN touch apps/web/.env
 # Install the dependencies
 RUN pnpm install --ignore-scripts
 
+# Build the database package first
+RUN pnpm build --filter=@formbricks/database
+
 # Build the project using our secret reader script
 # This mounts the secrets only during this build step without storing them in layers
 RUN --mount=type=secret,id=database_url \
@@ -106,20 +97,8 @@ RUN chown -R nextjs:nextjs ./apps/web/public && chmod -R 755 ./apps/web/public
 COPY --from=installer /app/packages/database/schema.prisma ./packages/database/schema.prisma
 RUN chown nextjs:nextjs ./packages/database/schema.prisma && chmod 644 ./packages/database/schema.prisma
 
-COPY --from=installer /app/packages/database/package.json ./packages/database/package.json
-RUN chown nextjs:nextjs ./packages/database/package.json && chmod 644 ./packages/database/package.json
-
-COPY --from=installer /app/packages/database/migration ./packages/database/migration
-RUN chown -R nextjs:nextjs ./packages/database/migration && chmod -R 755 ./packages/database/migration
-
-COPY --from=installer /app/packages/database/src ./packages/database/src
-RUN chown -R nextjs:nextjs ./packages/database/src && chmod -R 755 ./packages/database/src
-
-COPY --from=installer /app/packages/database/node_modules ./packages/database/node_modules
-RUN chown -R nextjs:nextjs ./packages/database/node_modules && chmod -R 755 ./packages/database/node_modules
-
-COPY --from=installer /app/packages/logger/dist ./packages/database/node_modules/@formbricks/logger/dist
-RUN chown -R nextjs:nextjs ./packages/database/node_modules/@formbricks/logger/dist && chmod -R 755 ./packages/database/node_modules/@formbricks/logger/dist
+COPY --from=installer /app/packages/database/dist ./packages/database/dist
+RUN chown -R nextjs:nextjs ./packages/database/dist && chmod -R 755 ./packages/database/dist
 
 COPY --from=installer /app/node_modules/@prisma/client ./node_modules/@prisma/client
 RUN chown -R nextjs:nextjs ./node_modules/@prisma/client && chmod -R 755 ./node_modules/@prisma/client
@@ -142,12 +121,14 @@ RUN chmod -R 755 ./node_modules/@noble/hashes
 COPY --from=installer /app/node_modules/zod ./node_modules/zod
 RUN chmod -R 755 ./node_modules/zod
 
-RUN npm install --ignore-scripts -g tsx typescript pino-pretty 
 RUN npm install -g prisma
 
+# Create a startup script to handle the conditional logic
+COPY --from=installer /app/apps/web/scripts/docker/next-start.sh /home/nextjs/start.sh
+RUN chown nextjs:nextjs /home/nextjs/start.sh && chmod +x /home/nextjs/start.sh
+
 EXPOSE 3000
-ENV HOSTNAME "0.0.0.0"
-ENV NODE_ENV="production"
+ENV HOSTNAME="0.0.0.0"
 USER nextjs
 
 # Prepare volume for uploads
@@ -158,12 +139,4 @@ VOLUME /home/nextjs/apps/web/uploads/
 RUN mkdir -p /home/nextjs/apps/web/saml-connection
 VOLUME /home/nextjs/apps/web/saml-connection
 
-CMD if [ "${DOCKER_CRON_ENABLED:-1}" = "1" ]; then \
-      echo "Starting cron jobs..."; \
-      supercronic -quiet /app/docker/cronjobs & \
-    else \
-      echo "Docker cron jobs are disabled via DOCKER_CRON_ENABLED=0"; \
-    fi; \
-    (cd packages/database && npm run db:migrate:deploy) && \
-    (cd packages/database && npm run db:create-saml-database:deploy) && \
-    exec node apps/web/server.js
+CMD ["/home/nextjs/start.sh"]

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.test.tsx

@@ -27,7 +27,7 @@ describe("ConnectWithFormbricks", () => {
     render(
       <ConnectWithFormbricks
         environment={environment}
-        webAppUrl={webAppUrl}
+        publicDomain={webAppUrl}
         widgetSetupCompleted={false}
         channel={channel}
       />
@@ -40,7 +40,7 @@ describe("ConnectWithFormbricks", () => {
     render(
       <ConnectWithFormbricks
         environment={environment}
-        webAppUrl={webAppUrl}
+        publicDomain={webAppUrl}
         widgetSetupCompleted={true}
         channel={channel}
       />
@@ -53,7 +53,7 @@ describe("ConnectWithFormbricks", () => {
     render(
       <ConnectWithFormbricks
         environment={environment}
-        webAppUrl={webAppUrl}
+        publicDomain={webAppUrl}
         widgetSetupCompleted={true}
         channel={channel}
       />
@@ -67,7 +67,7 @@ describe("ConnectWithFormbricks", () => {
     render(
       <ConnectWithFormbricks
         environment={environment}
-        webAppUrl={webAppUrl}
+        publicDomain={webAppUrl}
         widgetSetupCompleted={false}
         channel={channel}
       />

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.tsx

@@ -12,14 +12,14 @@ import { OnboardingSetupInstructions } from "./OnboardingSetupInstructions";
 
 interface ConnectWithFormbricksProps {
   environment: TEnvironment;
-  webAppUrl: string;
+  publicDomain: string;
   widgetSetupCompleted: boolean;
   channel: TProjectConfigChannel;
 }
 
 export const ConnectWithFormbricks = ({
   environment,
-  webAppUrl,
+  publicDomain,
   widgetSetupCompleted,
   channel,
 }: ConnectWithFormbricksProps) => {
@@ -49,7 +49,7 @@ export const ConnectWithFormbricks = ({
         <div className="flex w-1/2 flex-col space-y-4">
           <OnboardingSetupInstructions
             environmentId={environment.id}
-            webAppUrl={webAppUrl}
+            publicDomain={publicDomain}
             channel={channel}
             widgetSetupCompleted={widgetSetupCompleted}
           />

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.test.tsx

@@ -33,7 +33,7 @@ describe("OnboardingSetupInstructions", () => {
   // Provide some default props for testing
   const defaultProps = {
     environmentId: "env-123",
-    webAppUrl: "https://example.com",
+    publicDomain: "https://example.com",
     channel: "app" as const, // Assuming channel is either "app" or "website"
     widgetSetupCompleted: false,
   };

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.tsx

@@ -18,14 +18,14 @@ const tabs = [
 
 interface OnboardingSetupInstructionsProps {
   environmentId: string;
-  webAppUrl: string;
+  publicDomain: string;
   channel: TProjectConfigChannel;
   widgetSetupCompleted: boolean;
 }
 
 export const OnboardingSetupInstructions = ({
   environmentId,
-  webAppUrl,
+  publicDomain,
   channel,
   widgetSetupCompleted,
 }: OnboardingSetupInstructionsProps) => {
@@ -34,7 +34,7 @@ export const OnboardingSetupInstructions = ({
   const htmlSnippetForAppSurveys = `<!-- START Formbricks Surveys -->
   <script type="text/javascript">
   !function(){
-      var appUrl = "${webAppUrl}";
+      var appUrl = "${publicDomain}";
       var environmentId = "${environmentId}";
       var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=appUrl+"/js/formbricks.umd.cjs",t.onload=function(){window.formbricks?window.formbricks.setup({environmentId:environmentId,appUrl:appUrl}):console.error("Formbricks library failed to load properly. The formbricks object is not available.");};var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e)}();
   </script>
@@ -44,7 +44,7 @@ export const OnboardingSetupInstructions = ({
   const htmlSnippetForWebsiteSurveys = `<!-- START Formbricks Surveys -->
   <script type="text/javascript">
   !function(){
-    var appUrl = "${webAppUrl}";
+    var appUrl = "${publicDomain}";
     var environmentId = "${environmentId}";
     var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=appUrl+"/js/formbricks.umd.cjs",t.onload=function(){window.formbricks?window.formbricks.setup({environmentId:environmentId,appUrl:appUrl}):console.error("Formbricks library failed to load properly. The formbricks object is not available.");};var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e)}();
   </script>
@@ -57,7 +57,7 @@ export const OnboardingSetupInstructions = ({
   if (typeof window !== "undefined") {
     formbricks.setup({
       environmentId: "${environmentId}",
-      appUrl: "${webAppUrl}",
+      appUrl: "${publicDomain}",
     });
   }
   
@@ -75,7 +75,7 @@ export const OnboardingSetupInstructions = ({
   if (typeof window !== "undefined") {
     formbricks.setup({
       environmentId: "${environmentId}",
-      appUrl: "${webAppUrl}",
+      appUrl: "${publicDomain}",
     });
   }
   

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/page.tsx

@@ -1,6 +1,6 @@
 import { ConnectWithFormbricks } from "@/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks";
-import { WEBAPP_URL } from "@/lib/constants";
 import { getEnvironment } from "@/lib/environment/service";
+import { getPublicDomain } from "@/lib/getPublicUrl";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
 import { Button } from "@/modules/ui/components/button";
 import { Header } from "@/modules/ui/components/header";
@@ -30,6 +30,8 @@ const Page = async (props: ConnectPageProps) => {
 
   const channel = project.config.channel || null;
 
+  const publicDomain = getPublicDomain();
+
   return (
     <div className="flex min-h-full flex-col items-center justify-center py-10">
       <Header title={t("environments.connect.headline")} subtitle={t("environments.connect.subtitle")} />
@@ -39,7 +41,7 @@ const Page = async (props: ConnectPageProps) => {
       </div>
       <ConnectWithFormbricks
         environment={environment}
-        webAppUrl={WEBAPP_URL}
+        publicDomain={publicDomain}
         widgetSetupCompleted={environment.appSetupCompleted}
         channel={channel}
       />

apps/web/app/(app)/(onboarding)/environments/[environmentId]/layout.test.tsx

@@ -11,7 +11,7 @@ vi.mock("@/lib/constants", () => ({
   IS_DEVELOPMENT: true,
   E2E_TESTING: false,
   WEBAPP_URL: "http://localhost:3000",
-  SURVEY_URL: "http://localhost:3000/survey",
+  PUBLIC_URL: "http://localhost:3000/survey",
   ENCRYPTION_KEY: "mock-encryption-key",
   CRON_SECRET: "mock-cron-secret",
   DEFAULT_BRAND_COLOR: "#64748b",
@@ -85,6 +85,9 @@ vi.mock("@/lib/constants", () => ({
   OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
   OIDC_ISSUER: "https://mock-oidc-issuer.com",
   OIDC_SIGNING_ALGORITHM: "RS256",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("next/navigation", () => ({

apps/web/app/(app)/(onboarding)/lib/onboarding.test.ts

@@ -12,20 +12,6 @@ vi.mock("@formbricks/database", () => ({
   },
 }));
 
-vi.mock("@/lib/cache", () => ({
-  cache: (fn: any) => fn,
-}));
-
-vi.mock("@/lib/cache/team", () => ({
-  teamCache: {
-    tag: { byOrganizationId: vi.fn((id: string) => `organization-${id}-teams`) },
-  },
-}));
-
-vi.mock("@/lib/utils/validate", () => ({
-  validateInputs: vi.fn(),
-}));
-
 describe("getTeamsByOrganizationId", () => {
   beforeEach(() => {
     vi.clearAllMocks();

apps/web/app/(app)/(onboarding)/lib/onboarding.ts

@@ -1,8 +1,6 @@
 "use server";
 
 import { TOrganizationTeam } from "@/app/(app)/(onboarding)/types/onboarding";
-import { cache } from "@/lib/cache";
-import { teamCache } from "@/lib/cache/team";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
@@ -11,38 +9,31 @@ import { ZId } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
 
 export const getTeamsByOrganizationId = reactCache(
-  async (organizationId: string): Promise<TOrganizationTeam[] | null> =>
-    cache(
-      async () => {
-        validateInputs([organizationId, ZId]);
-        try {
-          const teams = await prisma.team.findMany({
-            where: {
-              organizationId,
-            },
-            select: {
-              id: true,
-              name: true,
-            },
-          });
+  async (organizationId: string): Promise<TOrganizationTeam[] | null> => {
+    validateInputs([organizationId, ZId]);
+    try {
+      const teams = await prisma.team.findMany({
+        where: {
+          organizationId,
+        },
+        select: {
+          id: true,
+          name: true,
+        },
+      });
 
-          const projectTeams = teams.map((team) => ({
-            id: team.id,
-            name: team.name,
-          }));
+      const projectTeams = teams.map((team) => ({
+        id: team.id,
+        name: team.name,
+      }));
 
-          return projectTeams;
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            throw new DatabaseError(error.message);
-          }
-
-          throw error;
-        }
-      },
-      [`getTeamsByOrganizationId-${organizationId}`],
-      {
-        tags: [teamCache.tag.byOrganizationId(organizationId)],
+      return projectTeams;
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+        throw new DatabaseError(error.message);
       }
-    )()
+
+      throw error;
+    }
+  }
 );

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.test.tsx

@@ -1,15 +1,33 @@
 import "@testing-library/jest-dom/vitest";
 import { cleanup, render, screen } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
-import { signOut } from "next-auth/react";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { LandingSidebar } from "./landing-sidebar";
 
+// Mock constants that this test needs
+vi.mock("@/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: false,
+  WEBAPP_URL: "http://localhost:3000",
+}));
+
+// Mock server actions that this test needs
+vi.mock("@/modules/auth/actions/sign-out", () => ({
+  logSignOutAction: vi.fn().mockResolvedValue(undefined),
+}));
+
 // Module mocks must be declared before importing the component
 vi.mock("@tolgee/react", () => ({
   useTranslate: () => ({ t: (key: string) => key, isLoading: false }),
 }));
-vi.mock("next-auth/react", () => ({ signOut: vi.fn() }));
+
+// Mock our useSignOut hook
+const mockSignOut = vi.fn();
+vi.mock("@/modules/auth/hooks/use-sign-out", () => ({
+  useSignOut: () => ({
+    signOut: mockSignOut,
+  }),
+}));
+
 vi.mock("next/navigation", () => ({ useRouter: () => ({ push: vi.fn() }) }));
 vi.mock("@/modules/organization/components/CreateOrganizationModal", () => ({
   CreateOrganizationModal: ({ open }: { open: boolean }) => (
@@ -70,6 +88,13 @@ describe("LandingSidebar component", () => {
     const logoutItem = await screen.findByText("common.logout");
     await userEvent.click(logoutItem);
 
-    expect(signOut).toHaveBeenCalledWith({ callbackUrl: "/auth/login" });
+    expect(mockSignOut).toHaveBeenCalledWith({
+      reason: "user_initiated",
+      redirectUrl: "/auth/login",
+      organizationId: "o1",
+      redirect: true,
+      callbackUrl: "/auth/login",
+      clearEnvironmentId: true,
+    });
   });
 });

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.tsx

@@ -3,6 +3,7 @@
 import FBLogo from "@/images/formbricks-wordmark.svg";
 import { cn } from "@/lib/cn";
 import { capitalizeFirstLetter } from "@/lib/utils/strings";
+import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { CreateOrganizationModal } from "@/modules/organization/components/CreateOrganizationModal";
 import { ProfileAvatar } from "@/modules/ui/components/avatars";
 import {
@@ -20,7 +21,6 @@ import {
 } from "@/modules/ui/components/dropdown-menu";
 import { useTranslate } from "@tolgee/react";
 import { ArrowUpRightIcon, ChevronRightIcon, LogOutIcon, PlusIcon } from "lucide-react";
-import { signOut } from "next-auth/react";
 import Image from "next/image";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
@@ -44,6 +44,7 @@ export const LandingSidebar = ({
   const [openCreateOrganizationModal, setOpenCreateOrganizationModal] = useState<boolean>(false);
 
   const { t } = useTranslate();
+  const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
 
   const router = useRouter();
 
@@ -123,7 +124,14 @@ export const LandingSidebar = ({
 
             <DropdownMenuItem
               onClick={async () => {
-                await signOut({ callbackUrl: "/auth/login" });
+                await signOutWithAudit({
+                  reason: "user_initiated",
+                  redirectUrl: "/auth/login",
+                  organizationId: organization.id,
+                  redirect: true,
+                  callbackUrl: "/auth/login",
+                  clearEnvironmentId: true,
+                });
               }}
               icon={<LogOutIcon className="mr-2 h-4 w-4" strokeWidth={1.5} />}>
               {t("common.logout")}

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/layout.test.tsx

@@ -14,7 +14,7 @@ vi.mock("@/lib/constants", () => ({
   IS_DEVELOPMENT: true,
   E2E_TESTING: false,
   WEBAPP_URL: "http://localhost:3000",
-  SURVEY_URL: "http://localhost:3000/survey",
+  PUBLIC_URL: "http://localhost:3000/survey",
   ENCRYPTION_KEY: "mock-encryption-key",
   CRON_SECRET: "mock-cron-secret",
   DEFAULT_BRAND_COLOR: "#64748b",
@@ -88,6 +88,9 @@ vi.mock("@/lib/constants", () => ({
   OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
   OIDC_ISSUER: "https://mock-oidc-issuer.com",
   OIDC_SIGNING_ALGORITHM: "RS256",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("@/lib/environment/service");

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.test.tsx

@@ -23,7 +23,6 @@ vi.mock("@/lib/constants", () => ({
   IS_DEVELOPMENT: true,
   E2E_TESTING: false,
   WEBAPP_URL: "http://localhost:3000",
-  SURVEY_URL: "http://localhost:3000/survey",
   ENCRYPTION_KEY: "mock-encryption-key",
   CRON_SECRET: "mock-cron-secret",
   DEFAULT_BRAND_COLOR: "#64748b",
@@ -97,6 +96,9 @@ vi.mock("@/lib/constants", () => ({
   OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
   OIDC_ISSUER: "https://mock-oidc-issuer.com",
   OIDC_SIGNING_ALGORITHM: "RS256",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("@/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar", () => ({

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/layout.test.tsx

@@ -34,6 +34,9 @@ vi.mock("@/lib/constants", () => ({
   OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("next-auth", () => ({

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/layout.test.tsx

@@ -33,6 +33,9 @@ vi.mock("@/lib/constants", () => ({
   OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
 }));
 
 // Mock dependencies

apps/web/app/(app)/environments/[environmentId]/(contacts)/contacts/[contactId]/page.test.tsx

@@ -25,6 +25,15 @@ vi.mock("@/lib/constants", () => ({
   SMTP_HOST: "mock-smtp-host",
   SMTP_PORT: "mock-smtp-port",
   IS_POSTHOG_CONFIGURED: true,
+  SESSION_MAX_AGE: 1000,
+  AUDIT_LOG_ENABLED: 1,
+  REDIS_URL: undefined,
+}));
+
+vi.mock("@/lib/env", () => ({
+  env: {
+    PUBLIC_URL: "https://public-domain.com",
+  },
 }));
 
 describe("Contact Page Re-export", () => {

apps/web/app/(app)/environments/[environmentId]/actions.ts

@@ -4,7 +4,9 @@ import { getOrganization } from "@/lib/organization/service";
 import { getOrganizationProjectsCount } from "@/lib/project/service";
 import { updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import {
   getOrganizationProjectsLimit,
   getRoleManagementPermission,
@@ -20,62 +22,69 @@ const ZCreateProjectAction = z.object({
   data: ZProjectUpdateInput,
 });
 
-export const createProjectAction = authenticatedActionClient
-  .schema(ZCreateProjectAction)
-  .action(async ({ parsedInput, ctx }) => {
-    const { user } = ctx;
+export const createProjectAction = authenticatedActionClient.schema(ZCreateProjectAction).action(
+  withAuditLogging(
+    "created",
+    "project",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const { user } = ctx;
 
-    const organizationId = parsedInput.organizationId;
+      const organizationId = parsedInput.organizationId;
 
-    await checkAuthorizationUpdated({
-      userId: user.id,
-      organizationId: parsedInput.organizationId,
-      access: [
-        {
-          data: parsedInput.data,
-          schema: ZProjectUpdateInput,
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-      ],
-    });
+      await checkAuthorizationUpdated({
+        userId: user.id,
+        organizationId: parsedInput.organizationId,
+        access: [
+          {
+            data: parsedInput.data,
+            schema: ZProjectUpdateInput,
+            type: "organization",
+            roles: ["owner", "manager"],
+          },
+        ],
+      });
 
-    const organization = await getOrganization(organizationId);
+      const organization = await getOrganization(organizationId);
 
-    if (!organization) {
-      throw new Error("Organization not found");
-    }
-
-    const organizationProjectsLimit = await getOrganizationProjectsLimit(organization.billing.limits);
-    const organizationProjectsCount = await getOrganizationProjectsCount(organization.id);
-
-    if (organizationProjectsCount >= organizationProjectsLimit) {
-      throw new OperationNotAllowedError("Organization project limit reached");
-    }
-
-    if (parsedInput.data.teamIds && parsedInput.data.teamIds.length > 0) {
-      const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
-
-      if (!canDoRoleManagement) {
-        throw new OperationNotAllowedError("You do not have permission to manage roles");
+      if (!organization) {
+        throw new Error("Organization not found");
       }
+
+      const organizationProjectsLimit = await getOrganizationProjectsLimit(organization.billing.limits);
+      const organizationProjectsCount = await getOrganizationProjectsCount(organization.id);
+
+      if (organizationProjectsCount >= organizationProjectsLimit) {
+        throw new OperationNotAllowedError("Organization project limit reached");
+      }
+
+      if (parsedInput.data.teamIds && parsedInput.data.teamIds.length > 0) {
+        const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
+
+        if (!canDoRoleManagement) {
+          throw new OperationNotAllowedError("You do not have permission to manage roles");
+        }
+      }
+
+      const project = await createProject(parsedInput.organizationId, parsedInput.data);
+      const updatedNotificationSettings = {
+        ...user.notificationSettings,
+        alert: {
+          ...user.notificationSettings?.alert,
+        },
+        weeklySummary: {
+          ...user.notificationSettings?.weeklySummary,
+          [project.id]: true,
+        },
+      };
+
+      await updateUser(user.id, {
+        notificationSettings: updatedNotificationSettings,
+      });
+
+      ctx.auditLoggingCtx.organizationId = organizationId;
+      ctx.auditLoggingCtx.projectId = project.id;
+      ctx.auditLoggingCtx.newObject = project;
+      return project;
     }
-
-    const project = await createProject(parsedInput.organizationId, parsedInput.data);
-    const updatedNotificationSettings = {
-      ...user.notificationSettings,
-      alert: {
-        ...user.notificationSettings?.alert,
-      },
-      weeklySummary: {
-        ...user.notificationSettings?.weeklySummary,
-        [project.id]: true,
-      },
-    };
-
-    await updateUser(user.id, {
-      notificationSettings: updatedNotificationSettings,
-    });
-
-    return project;
-  });
+  )
+);

apps/web/app/(app)/environments/[environmentId]/actions/actions.ts

@@ -1,11 +1,12 @@
 "use server";
 
 import { deleteActionClass, getActionClass, updateActionClass } from "@/lib/actionClass/service";
-import { cache } from "@/lib/cache";
 import { getSurveysByActionClassId } from "@/lib/survey/service";
 import { actionClient, authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
 import { getOrganizationIdFromActionClassId, getProjectIdFromActionClassId } from "@/lib/utils/helper";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { z } from "zod";
 import { ZActionClassInput } from "@formbricks/types/action-classes";
 import { ZId } from "@formbricks/types/common";
@@ -15,63 +16,80 @@ const ZDeleteActionClassAction = z.object({
   actionClassId: ZId,
 });
 
-export const deleteActionClassAction = authenticatedActionClient
-  .schema(ZDeleteActionClassAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromActionClassId(parsedInput.actionClassId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          minPermission: "readWrite",
-          projectId: await getProjectIdFromActionClassId(parsedInput.actionClassId),
-        },
-      ],
-    });
-
-    await deleteActionClass(parsedInput.actionClassId);
-  });
+export const deleteActionClassAction = authenticatedActionClient.schema(ZDeleteActionClassAction).action(
+  withAuditLogging(
+    "deleted",
+    "actionClass",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const organizationId = await getOrganizationIdFromActionClassId(parsedInput.actionClassId);
+      await checkAuthorizationUpdated({
+        userId: ctx.user.id,
+        organizationId,
+        access: [
+          {
+            type: "organization",
+            roles: ["owner", "manager"],
+          },
+          {
+            type: "projectTeam",
+            minPermission: "readWrite",
+            projectId: await getProjectIdFromActionClassId(parsedInput.actionClassId),
+          },
+        ],
+      });
+      ctx.auditLoggingCtx.organizationId = organizationId;
+      ctx.auditLoggingCtx.actionClassId = parsedInput.actionClassId;
+      ctx.auditLoggingCtx.oldObject = await getActionClass(parsedInput.actionClassId);
+      return await deleteActionClass(parsedInput.actionClassId);
+    }
+  )
+);
 
 const ZUpdateActionClassAction = z.object({
   actionClassId: ZId,
   updatedAction: ZActionClassInput,
 });
 
-export const updateActionClassAction = authenticatedActionClient
-  .schema(ZUpdateActionClassAction)
-  .action(async ({ ctx, parsedInput }) => {
-    const actionClass = await getActionClass(parsedInput.actionClassId);
-    if (actionClass === null) {
-      throw new ResourceNotFoundError("ActionClass", parsedInput.actionClassId);
+export const updateActionClassAction = authenticatedActionClient.schema(ZUpdateActionClassAction).action(
+  withAuditLogging(
+    "updated",
+    "actionClass",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const actionClass = await getActionClass(parsedInput.actionClassId);
+      if (actionClass === null) {
+        throw new ResourceNotFoundError("ActionClass", parsedInput.actionClassId);
+      }
+
+      const organizationId = await getOrganizationIdFromActionClassId(parsedInput.actionClassId);
+
+      await checkAuthorizationUpdated({
+        userId: ctx.user.id,
+        organizationId,
+        access: [
+          {
+            type: "organization",
+            roles: ["owner", "manager"],
+          },
+          {
+            type: "projectTeam",
+            minPermission: "readWrite",
+            projectId: await getProjectIdFromActionClassId(parsedInput.actionClassId),
+          },
+        ],
+      });
+      ctx.auditLoggingCtx.organizationId = organizationId;
+      ctx.auditLoggingCtx.actionClassId = parsedInput.actionClassId;
+      ctx.auditLoggingCtx.oldObject = actionClass;
+      const result = await updateActionClass(
+        actionClass.environmentId,
+        parsedInput.actionClassId,
+        parsedInput.updatedAction
+      );
+      ctx.auditLoggingCtx.newObject = result;
+      return result;
     }
-
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromActionClassId(parsedInput.actionClassId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          minPermission: "readWrite",
-          projectId: await getProjectIdFromActionClassId(parsedInput.actionClassId),
-        },
-      ],
-    });
-
-    return await updateActionClass(
-      actionClass.environmentId,
-      parsedInput.actionClassId,
-      parsedInput.updatedAction
-    );
-  });
+  )
+);
 
 const ZGetActiveInactiveSurveysAction = z.object({
   actionClassId: ZId,
@@ -104,31 +122,24 @@ export const getActiveInactiveSurveysAction = authenticatedActionClient
     return response;
   });
 
-const getLatestStableFbRelease = async (): Promise<string | null> =>
-  cache(
-    async () => {
-      try {
-        const res = await fetch("https://api.github.com/repos/formbricks/formbricks/releases");
-        const releases = await res.json();
+const getLatestStableFbRelease = async (): Promise<string | null> => {
+  try {
+    const res = await fetch("https://api.github.com/repos/formbricks/formbricks/releases");
+    const releases = await res.json();
 
-        if (Array.isArray(releases)) {
-          const latestStableReleaseTag = releases.filter((release) => !release.prerelease)?.[0]
-            ?.tag_name as string;
-          if (latestStableReleaseTag) {
-            return latestStableReleaseTag;
-          }
-        }
-
-        return null;
-      } catch (err) {
-        return null;
+    if (Array.isArray(releases)) {
+      const latestStableReleaseTag = releases.filter((release) => !release.prerelease)?.[0]
+        ?.tag_name as string;
+      if (latestStableReleaseTag) {
+        return latestStableReleaseTag;
       }
-    },
-    ["latest-fb-release"],
-    {
-      revalidate: 60 * 60 * 24, // 24 hours
     }
-  )();
+
+    return null;
+  } catch (err) {
+    return null;
+  }
+};
 
 export const getLatestStableFbReleaseAction = actionClient.action(async () => {
   return await getLatestStableFbRelease();

apps/web/app/(app)/environments/[environmentId]/actions/components/ActionDetailModal.test.tsx

@@ -1,5 +1,5 @@
-import { ModalWithTabs } from "@/modules/ui/components/modal-with-tabs";
-import { cleanup, render } from "@testing-library/react";
+import { cleanup, render, screen } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { TActionClass } from "@formbricks/types/action-classes";
 import { TEnvironment } from "@formbricks/types/environment";
@@ -8,23 +8,40 @@ import { ActionDetailModal } from "./ActionDetailModal";
 // Import mocked components
 import { ActionSettingsTab } from "./ActionSettingsTab";
 
-// Mock child components
-vi.mock("@/modules/ui/components/modal-with-tabs", () => ({
-  ModalWithTabs: vi.fn(({ tabs, icon, label, description, open, setOpen }) => (
-    <div data-testid="modal-with-tabs">
-      <span data-testid="modal-label">{label}</span>
-      <span data-testid="modal-description">{description}</span>
-      <span data-testid="modal-open">{open.toString()}</span>
-      <button onClick={() => setOpen(false)}>Close</button>
-      {icon}
-      {tabs.map((tab) => (
-        <div key={tab.title}>
-          <h2>{tab.title}</h2>
-          {tab.children}
-        </div>
-      ))}
-    </div>
-  )),
+// Mock the Dialog components
+vi.mock("@/modules/ui/components/dialog", () => ({
+  Dialog: ({
+    open,
+    onOpenChange,
+    children,
+  }: {
+    open: boolean;
+    onOpenChange: (open: boolean) => void;
+    children: React.ReactNode;
+  }) =>
+    open ? (
+      <div data-testid="dialog">
+        {children}
+        <button data-testid="dialog-close" onClick={() => onOpenChange(false)}>
+          Close
+        </button>
+      </div>
+    ) : null,
+  DialogContent: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="dialog-content">{children}</div>
+  ),
+  DialogHeader: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="dialog-header">{children}</div>
+  ),
+  DialogTitle: ({ children }: { children: React.ReactNode }) => (
+    <h2 data-testid="dialog-title">{children}</h2>
+  ),
+  DialogDescription: ({ children }: { children: React.ReactNode }) => (
+    <p data-testid="dialog-description">{children}</p>
+  ),
+  DialogBody: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="dialog-body">{children}</div>
+  ),
 }));
 
 vi.mock("./ActionActivityTab", () => ({
@@ -44,6 +61,22 @@ vi.mock("@/app/(app)/environments/[environmentId]/actions/utils", () => ({
   },
 }));
 
+// Mock useTranslate
+vi.mock("@tolgee/react", () => ({
+  useTranslate: () => ({
+    t: (key: string) => {
+      const translations = {
+        "common.activity": "Activity",
+        "common.settings": "Settings",
+        "common.no_code": "No Code",
+        "common.action": "Action",
+        "common.code": "Code",
+      };
+      return translations[key] || key;
+    },
+  }),
+}));
+
 const mockEnvironmentId = "test-env-id";
 const mockSetOpen = vi.fn();
 
@@ -89,58 +122,68 @@ describe("ActionDetailModal", () => {
     vi.clearAllMocks(); // Clear mocks after each test
   });
 
-  test("renders ModalWithTabs with correct props", () => {
+  test("renders correctly when open", () => {
     render(<ActionDetailModal {...defaultProps} />);
 
-    const mockedModalWithTabs = vi.mocked(ModalWithTabs);
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-title")).toHaveTextContent("Test Action");
+    expect(screen.getByTestId("dialog-description")).toHaveTextContent("This is a test action");
+    expect(screen.getByTestId("code-icon")).toBeInTheDocument();
+    expect(screen.getByText("Activity")).toBeInTheDocument();
+    expect(screen.getByText("Settings")).toBeInTheDocument();
+    // Only the first tab (Activity) should be active initially
+    expect(screen.getByTestId("action-activity-tab")).toBeInTheDocument();
+    expect(screen.queryByTestId("action-settings-tab")).not.toBeInTheDocument();
+  });
 
-    expect(mockedModalWithTabs).toHaveBeenCalled();
-    const props = mockedModalWithTabs.mock.calls[0][0];
+  test("does not render when open is false", () => {
+    render(<ActionDetailModal {...defaultProps} open={false} />);
+    expect(screen.queryByTestId("dialog")).not.toBeInTheDocument();
+  });
 
-    // Check basic props
-    expect(props.open).toBe(true);
-    expect(props.setOpen).toBe(mockSetOpen);
-    expect(props.label).toBe(mockActionClass.name);
-    expect(props.description).toBe(mockActionClass.description);
+  test("switches tabs correctly", async () => {
+    const user = userEvent.setup();
+    render(<ActionDetailModal {...defaultProps} />);
 
-    // Check icon data-testid based on the mock for the default 'code' type
-    expect(props.icon).toBeDefined();
-    if (!props.icon) {
-      throw new Error("Icon prop is not defined");
-    }
-    expect((props.icon as any).props["data-testid"]).toBe("code-icon");
+    // Initially shows activity tab (first tab is active)
+    expect(screen.getByTestId("action-activity-tab")).toBeInTheDocument();
+    expect(screen.queryByTestId("action-settings-tab")).not.toBeInTheDocument();
 
-    // Check tabs structure
-    expect(props.tabs).toHaveLength(2);
-    expect(props.tabs[0].title).toBe("common.activity");
-    expect(props.tabs[1].title).toBe("common.settings");
+    // Click settings tab
+    const settingsTab = screen.getByText("Settings");
+    await user.click(settingsTab);
 
-    // Check if the correct mocked components are used as children
-    // Access the mocked functions directly
-    const mockedActionActivityTab = vi.mocked(ActionActivityTab);
-    const mockedActionSettingsTab = vi.mocked(ActionSettingsTab);
+    // Now shows settings tab content
+    expect(screen.queryByTestId("action-activity-tab")).not.toBeInTheDocument();
+    expect(screen.getByTestId("action-settings-tab")).toBeInTheDocument();
 
-    if (!props.tabs[0].children || !props.tabs[1].children) {
-      throw new Error("Tabs children are not defined");
-    }
+    // Click activity tab again
+    const activityTab = screen.getByText("Activity");
+    await user.click(activityTab);
 
-    expect((props.tabs[0].children as any).type).toBe(mockedActionActivityTab);
-    expect((props.tabs[1].children as any).type).toBe(mockedActionSettingsTab);
+    // Back to activity tab content
+    expect(screen.getByTestId("action-activity-tab")).toBeInTheDocument();
+    expect(screen.queryByTestId("action-settings-tab")).not.toBeInTheDocument();
+  });
 
-    // Check props passed to child components
-    const activityTabProps = (props.tabs[0].children as any).props;
-    expect(activityTabProps.otherEnvActionClasses).toBe(mockOtherEnvActionClasses);
-    expect(activityTabProps.otherEnvironment).toBe(mockOtherEnvironment);
-    expect(activityTabProps.isReadOnly).toBe(false);
-    expect(activityTabProps.environment).toBe(mockEnvironment);
-    expect(activityTabProps.actionClass).toBe(mockActionClass);
-    expect(activityTabProps.environmentId).toBe(mockEnvironmentId);
+  test("resets to first tab when modal is reopened", async () => {
+    const user = userEvent.setup();
+    const { rerender } = render(<ActionDetailModal {...defaultProps} />);
 
-    const settingsTabProps = (props.tabs[1].children as any).props;
-    expect(settingsTabProps.actionClass).toBe(mockActionClass);
-    expect(settingsTabProps.actionClasses).toBe(mockActionClasses);
-    expect(settingsTabProps.setOpen).toBe(mockSetOpen);
-    expect(settingsTabProps.isReadOnly).toBe(false);
+    // Switch to settings tab
+    const settingsTab = screen.getByText("Settings");
+    await user.click(settingsTab);
+    expect(screen.getByTestId("action-settings-tab")).toBeInTheDocument();
+
+    // Close modal
+    rerender(<ActionDetailModal {...defaultProps} open={false} />);
+
+    // Reopen modal
+    rerender(<ActionDetailModal {...defaultProps} open={true} />);
+
+    // Should be back to activity tab (first tab)
+    expect(screen.getByTestId("action-activity-tab")).toBeInTheDocument();
+    expect(screen.queryByTestId("action-settings-tab")).not.toBeInTheDocument();
   });
 
   test("renders correct icon based on action type", () => {
@@ -148,33 +191,68 @@ describe("ActionDetailModal", () => {
     const noCodeAction: TActionClass = { ...mockActionClass, type: "noCode" } as TActionClass;
     render(<ActionDetailModal {...defaultProps} actionClass={noCodeAction} />);
 
-    const mockedModalWithTabs = vi.mocked(ModalWithTabs);
-    const props = mockedModalWithTabs.mock.calls[0][0];
+    expect(screen.getByTestId("nocode-icon")).toBeInTheDocument();
+    expect(screen.queryByTestId("code-icon")).not.toBeInTheDocument();
+  });
 
-    // Expect the 'nocode-icon' based on the updated mock and action type
-    expect(props.icon).toBeDefined();
+  test("handles action without description", () => {
+    const actionWithoutDescription = { ...mockActionClass, description: "" };
+    render(<ActionDetailModal {...defaultProps} actionClass={actionWithoutDescription} />);
 
-    if (!props.icon) {
-      throw new Error("Icon prop is not defined");
-    }
+    expect(screen.getByTestId("dialog-title")).toHaveTextContent("Test Action");
+    expect(screen.getByTestId("dialog-description")).toHaveTextContent("Code action");
+  });
 
-    expect((props.icon as any).props["data-testid"]).toBe("nocode-icon");
+  test("passes correct props to ActionActivityTab", () => {
+    render(<ActionDetailModal {...defaultProps} />);
+
+    const mockedActionActivityTab = vi.mocked(ActionActivityTab);
+    expect(mockedActionActivityTab).toHaveBeenCalledWith(
+      {
+        otherEnvActionClasses: mockOtherEnvActionClasses,
+        otherEnvironment: mockOtherEnvironment,
+        isReadOnly: false,
+        environment: mockEnvironment,
+        actionClass: mockActionClass,
+        environmentId: mockEnvironmentId,
+      },
+      undefined
+    );
+  });
+
+  test("passes correct props to ActionSettingsTab when tab is active", async () => {
+    const user = userEvent.setup();
+    render(<ActionDetailModal {...defaultProps} />);
+
+    // ActionSettingsTab should not be called initially since first tab is active
+    const mockedActionSettingsTab = vi.mocked(ActionSettingsTab);
+    expect(mockedActionSettingsTab).not.toHaveBeenCalled();
+
+    // Click the settings tab to activate ActionSettingsTab
+    const settingsTab = screen.getByText("Settings");
+    await user.click(settingsTab);
+
+    // Now ActionSettingsTab should be called with correct props
+    expect(mockedActionSettingsTab).toHaveBeenCalledWith(
+      {
+        actionClass: mockActionClass,
+        actionClasses: mockActionClasses,
+        setOpen: mockSetOpen,
+        isReadOnly: false,
+      },
+      undefined
+    );
   });
 
   test("passes isReadOnly prop correctly", () => {
     render(<ActionDetailModal {...defaultProps} isReadOnly={true} />);
-    // Access the mocked component directly
-    const mockedModalWithTabs = vi.mocked(ModalWithTabs);
-    const props = mockedModalWithTabs.mock.calls[0][0];
 
-    if (!props.tabs[0].children || !props.tabs[1].children) {
-      throw new Error("Tabs children are not defined");
-    }
-
-    const activityTabProps = (props.tabs[0].children as any).props;
-    expect(activityTabProps.isReadOnly).toBe(true);
-
-    const settingsTabProps = (props.tabs[1].children as any).props;
-    expect(settingsTabProps.isReadOnly).toBe(true);
+    const mockedActionActivityTab = vi.mocked(ActionActivityTab);
+    expect(mockedActionActivityTab).toHaveBeenCalledWith(
+      expect.objectContaining({
+        isReadOnly: true,
+      }),
+      undefined
+    );
   });
 });

apps/web/app/(app)/environments/[environmentId]/actions/components/ActionDetailModal.tsx

@@ -59,6 +59,16 @@ export const ActionDetailModal = ({
     },
   ];
 
+  const typeDescription = () => {
+    if (actionClass.description) return actionClass.description;
+    else
+      return (
+        (actionClass.type && actionClass.type === "noCode" ? t("common.no_code") : t("common.code")) +
+        " " +
+        t("common.action").toLowerCase()
+      );
+  };
+
   return (
     <>
       <ModalWithTabs
@@ -67,7 +77,7 @@ export const ActionDetailModal = ({
         tabs={tabs}
         icon={ACTION_TYPE_ICON_LOOKUP[actionClass.type]}
         label={actionClass.name}
-        description={actionClass.description || ""}
+        description={typeDescription()}
       />
     </>
   );

apps/web/app/(app)/environments/[environmentId]/actions/components/ActionRowData.tsx

@@ -11,22 +11,21 @@ export const ActionClassDataRow = ({
   locale: TUserLocale;
 }) => {
   return (
-    <div className="m-2 grid h-16 grid-cols-6 content-center rounded-lg transition-colors ease-in-out hover:bg-slate-100">
-      <div className="col-span-4 flex items-center pl-6 text-sm">
-        <div className="flex items-center">
-          <div className="h-5 w-5 flex-shrink-0 text-slate-500">
+    <div className="m-2 grid grid-cols-6 content-center rounded-lg transition-colors ease-in-out hover:bg-slate-100">
+      <div className="col-span-4 flex items-start py-3 pl-6 text-sm">
+        <div className="flex w-full items-center gap-4">
+          <div className="mt-1 h-5 w-5 flex-shrink-0 text-slate-500">
             {ACTION_TYPE_ICON_LOOKUP[actionClass.type]}
           </div>
-          <div className="ml-4 text-left">
-            <div className="font-medium text-slate-900">{actionClass.name}</div>
-            <div className="text-xs text-slate-400">{actionClass.description}</div>
+          <div className="text-left">
+            <div className="break-words font-medium text-slate-900">{actionClass.name}</div>
+            <div className="break-words text-xs text-slate-400">{actionClass.description}</div>
           </div>
         </div>
       </div>
       <div className="col-span-2 my-auto whitespace-nowrap text-center text-sm text-slate-500">
         {timeSince(actionClass.createdAt.toString(), locale)}
       </div>
-      <div className="text-center"></div>
     </div>
   );
 };

apps/web/app/(app)/environments/[environmentId]/actions/components/ActionSettingsTab.tsx

@@ -210,14 +210,13 @@ export const ActionSettingsTab = ({
             )}
           </div>
 
-          <div className="flex justify-between border-t border-slate-200 py-6">
-            <div>
+          <div className="flex justify-between gap-x-2 border-slate-200 pt-4">
+            <div className="flex items-center gap-x-2">
               {!isReadOnly ? (
                 <Button
                   type="button"
                   variant="destructive"
                   onClick={() => setOpenDeleteDialog(true)}
-                  className="mr-3"
                   id="deleteActionModalTrigger">
                   <TrashIcon />
                   {t("common.delete")}

apps/web/app/(app)/environments/[environmentId]/actions/components/AddActionModal.test.tsx

@@ -22,14 +22,29 @@ vi.mock("@/modules/ui/components/button", () => ({
   ),
 }));
 
-vi.mock("@/modules/ui/components/modal", () => ({
-  Modal: ({ children, open, setOpen, ...props }: any) =>
+vi.mock("@/modules/ui/components/dialog", () => ({
+  Dialog: ({ children, open, onOpenChange }: any) =>
     open ? (
-      <div data-testid="modal" {...props}>
+      <div data-testid="dialog" role="dialog">
         {children}
-        <button onClick={() => setOpen(false)}>Close Modal</button>
+        <button onClick={() => onOpenChange(false)}>Close Dialog</button>
       </div>
     ) : null,
+  DialogContent: ({ children, ...props }: any) => (
+    <div data-testid="dialog-content" {...props}>
+      {children}
+    </div>
+  ),
+  DialogHeader: ({ children }: any) => <div data-testid="dialog-header">{children}</div>,
+  DialogTitle: ({ children, className }: any) => (
+    <h2 data-testid="dialog-title" className={className}>
+      {children}
+    </h2>
+  ),
+  DialogDescription: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="dialog-description">{children}</div>
+  ),
+  DialogBody: ({ children }: any) => <div data-testid="dialog-body">{children}</div>,
 }));
 
 vi.mock("@tolgee/react", () => ({
@@ -70,17 +85,21 @@ describe("AddActionModal", () => {
     );
     expect(screen.getByRole("button", { name: "common.add_action" })).toBeInTheDocument();
     expect(screen.getByTestId("plus-icon")).toBeInTheDocument();
-    expect(screen.queryByTestId("modal")).not.toBeInTheDocument();
+    expect(screen.queryByTestId("dialog")).not.toBeInTheDocument();
   });
 
-  test("opens the modal when the 'Add Action' button is clicked", async () => {
+  test("opens the dialog when the 'Add Action' button is clicked", async () => {
     render(
       <AddActionModal environmentId={environmentId} actionClasses={mockActionClasses} isReadOnly={false} />
     );
     const addButton = screen.getByRole("button", { name: "common.add_action" });
     await userEvent.click(addButton);
 
-    expect(screen.getByTestId("modal")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-content")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-header")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-title")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-body")).toBeInTheDocument();
     expect(screen.getByTestId("mouse-pointer-icon")).toBeInTheDocument();
     expect(screen.getByText("environments.actions.track_new_user_action")).toBeInTheDocument();
     expect(
@@ -108,35 +127,35 @@ describe("AddActionModal", () => {
     expect(props.setActionClasses).toBeInstanceOf(Function);
   });
 
-  test("closes the modal when the close button (simulated) is clicked", async () => {
+  test("closes the dialog when the close button (simulated) is clicked", async () => {
     render(
       <AddActionModal environmentId={environmentId} actionClasses={mockActionClasses} isReadOnly={false} />
     );
     const addButton = screen.getByRole("button", { name: "common.add_action" });
     await userEvent.click(addButton);
 
-    expect(screen.getByTestId("modal")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
 
-    // Simulate closing via the mocked Modal's close button
-    const closeModalButton = screen.getByText("Close Modal");
-    await userEvent.click(closeModalButton);
+    // Simulate closing via the mocked Dialog's close button
+    const closeDialogButton = screen.getByText("Close Dialog");
+    await userEvent.click(closeDialogButton);
 
-    expect(screen.queryByTestId("modal")).not.toBeInTheDocument();
+    expect(screen.queryByTestId("dialog")).not.toBeInTheDocument();
   });
 
-  test("closes the modal when setOpen is called from CreateNewActionTab", async () => {
+  test("closes the dialog when setOpen is called from CreateNewActionTab", async () => {
     render(
       <AddActionModal environmentId={environmentId} actionClasses={mockActionClasses} isReadOnly={false} />
     );
     const addButton = screen.getByRole("button", { name: "common.add_action" });
     await userEvent.click(addButton);
 
-    expect(screen.getByTestId("modal")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
 
     // Simulate closing via the mocked CreateNewActionTab's button
     const closeFromTabButton = screen.getByText("Close from Tab");
     await userEvent.click(closeFromTabButton);
 
-    expect(screen.queryByTestId("modal")).not.toBeInTheDocument();
+    expect(screen.queryByTestId("dialog")).not.toBeInTheDocument();
   });
 });

apps/web/app/(app)/environments/[environmentId]/actions/components/AddActionModal.tsx

@@ -2,7 +2,14 @@
 
 import { CreateNewActionTab } from "@/modules/survey/editor/components/create-new-action-tab";
 import { Button } from "@/modules/ui/components/button";
-import { Modal } from "@/modules/ui/components/modal";
+import {
+  Dialog,
+  DialogBody,
+  DialogContent,
+  DialogDescription,
+  DialogHeader,
+  DialogTitle,
+} from "@/modules/ui/components/dialog";
 import { useTranslate } from "@tolgee/react";
 import { MousePointerClickIcon, PlusIcon } from "lucide-react";
 import { useState } from "react";
@@ -26,36 +33,26 @@ export const AddActionModal = ({ environmentId, actionClasses, isReadOnly }: Add
         {t("common.add_action")}
         <PlusIcon />
       </Button>
-      <Modal open={open} setOpen={setOpen} noPadding closeOnOutsideClick={false} restrictOverflow>
-        <div className="flex h-full flex-col rounded-lg">
-          <div className="rounded-t-lg bg-slate-100">
-            <div className="flex w-full items-center justify-between p-6">
-              <div className="flex items-center space-x-2">
-                <div className="mr-1.5 h-6 w-6 text-slate-500">
-                  <MousePointerClickIcon className="h-5 w-5" />
-                </div>
-                <div>
-                  <div className="text-xl font-medium text-slate-700">
-                    {t("environments.actions.track_new_user_action")}
-                  </div>
-                  <div className="text-sm text-slate-500">
-                    {t("environments.actions.track_user_action_to_display_surveys_or_create_user_segment")}
-                  </div>
-                </div>
-              </div>
-            </div>
-          </div>
-        </div>
-        <div className="px-6 py-4">
-          <CreateNewActionTab
-            actionClasses={newActionClasses}
-            environmentId={environmentId}
-            isReadOnly={isReadOnly}
-            setActionClasses={setNewActionClasses}
-            setOpen={setOpen}
-          />
-        </div>
-      </Modal>
+      <Dialog open={open} onOpenChange={setOpen}>
+        <DialogContent disableCloseOnOutsideClick>
+          <DialogHeader>
+            <MousePointerClickIcon />
+            <DialogTitle>{t("environments.actions.track_new_user_action")}</DialogTitle>
+            <DialogDescription>
+              {t("environments.actions.track_user_action_to_display_surveys_or_create_user_segment")}
+            </DialogDescription>
+          </DialogHeader>
+          <DialogBody>
+            <CreateNewActionTab
+              actionClasses={newActionClasses}
+              environmentId={environmentId}
+              isReadOnly={isReadOnly}
+              setActionClasses={setNewActionClasses}
+              setOpen={setOpen}
+            />
+          </DialogBody>
+        </DialogContent>
+      </Dialog>
     </>
   );
 };

apps/web/app/(app)/environments/[environmentId]/components/EnvironmentLayout.tsx

@@ -101,6 +101,7 @@ export const EnvironmentLayout = async ({ environmentId, session, children }: En
         isPendingDowngrade={isPendingDowngrade ?? false}
         active={active}
         environmentId={environment.id}
+        locale={user.locale}
       />
 
       <div className="flex h-full">

apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.test.tsx

@@ -1,6 +1,6 @@
+import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { cleanup, render, screen, waitFor } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
-import { signOut } from "next-auth/react";
 import { usePathname, useRouter } from "next/navigation";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { TEnvironment } from "@formbricks/types/environment";
@@ -10,6 +10,17 @@ import { TUser } from "@formbricks/types/user";
 import { getLatestStableFbReleaseAction } from "../actions/actions";
 import { MainNavigation } from "./MainNavigation";
 
+// Mock constants that this test needs
+vi.mock("@/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: false,
+  WEBAPP_URL: "http://localhost:3000",
+}));
+
+// Mock server actions that this test needs
+vi.mock("@/modules/auth/actions/sign-out", () => ({
+  logSignOutAction: vi.fn().mockResolvedValue(undefined),
+}));
+
 // Mock dependencies
 vi.mock("next/navigation", () => ({
   useRouter: vi.fn(() => ({ push: vi.fn() })),
@@ -18,6 +29,9 @@ vi.mock("next/navigation", () => ({
 vi.mock("next-auth/react", () => ({
   signOut: vi.fn(),
 }));
+vi.mock("@/modules/auth/hooks/use-sign-out", () => ({
+  useSignOut: vi.fn(() => ({ signOut: vi.fn() })),
+}));
 vi.mock("@/app/(app)/environments/[environmentId]/actions/actions", () => ({
   getLatestStableFbReleaseAction: vi.fn(),
 }));
@@ -203,7 +217,11 @@ describe("MainNavigation", () => {
   });
 
   test("renders user dropdown and handles logout", async () => {
-    vi.mocked(signOut).mockResolvedValue({ url: "/auth/login" });
+    const mockSignOut = vi.fn().mockResolvedValue({ url: "/auth/login" });
+    vi.mocked(useSignOut).mockReturnValue({ signOut: mockSignOut });
+
+    // Set up localStorage spy on the mocked localStorage
+
     render(<MainNavigation {...defaultProps} />);
 
     // Find the avatar and get its parent div which acts as the trigger
@@ -224,7 +242,15 @@ describe("MainNavigation", () => {
     const logoutButton = screen.getByText("common.logout");
     await userEvent.click(logoutButton);
 
-    expect(signOut).toHaveBeenCalledWith({ redirect: false, callbackUrl: "/auth/login" });
+    expect(mockSignOut).toHaveBeenCalledWith({
+      reason: "user_initiated",
+      redirectUrl: "/auth/login",
+      organizationId: "org1",
+      redirect: false,
+      callbackUrl: "/auth/login",
+      clearEnvironmentId: true,
+    });
+
     await waitFor(() => {
       expect(mockRouterPush).toHaveBeenCalledWith("/auth/login");
     });

apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.tsx

@@ -6,6 +6,7 @@ import FBLogo from "@/images/formbricks-wordmark.svg";
 import { cn } from "@/lib/cn";
 import { getAccessFlags } from "@/lib/membership/utils";
 import { capitalizeFirstLetter } from "@/lib/utils/strings";
+import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { CreateOrganizationModal } from "@/modules/organization/components/CreateOrganizationModal";
 import { ProjectSwitcher } from "@/modules/projects/components/project-switcher";
 import { ProfileAvatar } from "@/modules/ui/components/avatars";
@@ -42,7 +43,6 @@ import {
   UserIcon,
   UsersIcon,
 } from "lucide-react";
-import { signOut } from "next-auth/react";
 import Image from "next/image";
 import Link from "next/link";
 import { usePathname, useRouter } from "next/navigation";
@@ -90,6 +90,7 @@ export const MainNavigation = ({
   const [isCollapsed, setIsCollapsed] = useState(true);
   const [isTextVisible, setIsTextVisible] = useState(true);
   const [latestVersion, setLatestVersion] = useState("");
+  const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
 
   const project = projects.find((project) => project.id === environment.projectId);
   const { isManager, isOwner, isMember, isBilling } = getAccessFlags(membershipRole);
@@ -389,8 +390,15 @@ export const MainNavigation = ({
 
                   <DropdownMenuItem
                     onClick={async () => {
-                      const route = await signOut({ redirect: false, callbackUrl: "/auth/login" });
-                      router.push(route.url);
+                      const route = await signOutWithAudit({
+                        reason: "user_initiated",
+                        redirectUrl: "/auth/login",
+                        organizationId: organization.id,
+                        redirect: false,
+                        callbackUrl: "/auth/login",
+                        clearEnvironmentId: true,
+                      });
+                      router.push(route?.url || "/auth/login"); // NOSONAR // We want to check for empty strings
                     }}
                     icon={<LogOutIcon className="mr-2 h-4 w-4" strokeWidth={1.5} />}>
                     {t("common.logout")}

apps/web/app/(app)/environments/[environmentId]/context/environment-context.test.tsx

@@ -0,0 +1,157 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen } from "@testing-library/react";
+import { afterEach, describe, expect, test } from "vitest";
+import { TEnvironment } from "@formbricks/types/environment";
+import { TProject } from "@formbricks/types/project";
+import { EnvironmentContextWrapper, useEnvironment } from "./environment-context";
+
+// Mock environment data
+const mockEnvironment: TEnvironment = {
+  id: "test-env-id",
+  createdAt: new Date(),
+  updatedAt: new Date(),
+  type: "development",
+  projectId: "test-project-id",
+  appSetupCompleted: true,
+};
+
+// Mock project data
+const mockProject = {
+  id: "test-project-id",
+  createdAt: new Date(),
+  updatedAt: new Date(),
+  organizationId: "test-org-id",
+  config: {
+    channel: "app",
+    industry: "saas",
+  },
+  linkSurveyBranding: true,
+  styling: {
+    allowStyleOverwrite: true,
+    brandColor: {
+      light: "#ffffff",
+      dark: "#000000",
+    },
+    questionColor: {
+      light: "#000000",
+      dark: "#ffffff",
+    },
+    inputColor: {
+      light: "#000000",
+      dark: "#ffffff",
+    },
+    inputBorderColor: {
+      light: "#cccccc",
+      dark: "#444444",
+    },
+    cardBackgroundColor: {
+      light: "#ffffff",
+      dark: "#000000",
+    },
+    cardBorderColor: {
+      light: "#cccccc",
+      dark: "#444444",
+    },
+    isDarkModeEnabled: false,
+    isLogoHidden: false,
+    hideProgressBar: false,
+    roundness: 8,
+    cardArrangement: {
+      linkSurveys: "casual",
+      appSurveys: "casual",
+    },
+  },
+  recontactDays: 30,
+  inAppSurveyBranding: true,
+  logo: {
+    url: "test-logo.png",
+    bgColor: "#ffffff",
+  },
+  placement: "bottomRight",
+  clickOutsideClose: true,
+} as TProject;
+
+// Test component that uses the hook
+const TestComponent = () => {
+  const { environment, project } = useEnvironment();
+  return (
+    <div>
+      <div data-testid="environment-id">{environment.id}</div>
+      <div data-testid="environment-type">{environment.type}</div>
+      <div data-testid="project-id">{project.id}</div>
+      <div data-testid="project-organization-id">{project.organizationId}</div>
+    </div>
+  );
+};
+
+describe("EnvironmentContext", () => {
+  afterEach(() => {
+    cleanup();
+  });
+
+  test("provides environment and project data to child components", () => {
+    render(
+      <EnvironmentContextWrapper environment={mockEnvironment} project={mockProject}>
+        <TestComponent />
+      </EnvironmentContextWrapper>
+    );
+
+    expect(screen.getByTestId("environment-id")).toHaveTextContent("test-env-id");
+    expect(screen.getByTestId("environment-type")).toHaveTextContent("development");
+    expect(screen.getByTestId("project-id")).toHaveTextContent("test-project-id");
+    expect(screen.getByTestId("project-organization-id")).toHaveTextContent("test-org-id");
+  });
+
+  test("throws error when useEnvironment is used outside of provider", () => {
+    const TestComponentWithoutProvider = () => {
+      useEnvironment();
+      return <div>Should not render</div>;
+    };
+
+    expect(() => {
+      render(<TestComponentWithoutProvider />);
+    }).toThrow("useEnvironment must be used within an EnvironmentProvider");
+  });
+
+  test("updates context value when environment or project changes", () => {
+    const { rerender } = render(
+      <EnvironmentContextWrapper environment={mockEnvironment} project={mockProject}>
+        <TestComponent />
+      </EnvironmentContextWrapper>
+    );
+
+    expect(screen.getByTestId("environment-type")).toHaveTextContent("development");
+
+    const updatedEnvironment = {
+      ...mockEnvironment,
+      type: "production" as const,
+    };
+
+    rerender(
+      <EnvironmentContextWrapper environment={updatedEnvironment} project={mockProject}>
+        <TestComponent />
+      </EnvironmentContextWrapper>
+    );
+
+    expect(screen.getByTestId("environment-type")).toHaveTextContent("production");
+  });
+
+  test("memoizes context value correctly", () => {
+    const { rerender } = render(
+      <EnvironmentContextWrapper environment={mockEnvironment} project={mockProject}>
+        <TestComponent />
+      </EnvironmentContextWrapper>
+    );
+
+    // Re-render with same props
+    rerender(
+      <EnvironmentContextWrapper environment={mockEnvironment} project={mockProject}>
+        <TestComponent />
+      </EnvironmentContextWrapper>
+    );
+
+    // Should still work correctly
+    expect(screen.getByTestId("environment-id")).toHaveTextContent("test-env-id");
+    expect(screen.getByTestId("project-id")).toHaveTextContent("test-project-id");
+  });
+});

apps/web/app/(app)/environments/[environmentId]/context/environment-context.tsx

@@ -0,0 +1,45 @@
+"use client";
+
+import { createContext, useContext, useMemo } from "react";
+import { TEnvironment } from "@formbricks/types/environment";
+import { TProject } from "@formbricks/types/project";
+
+export interface EnvironmentContextType {
+  environment: TEnvironment;
+  project: TProject;
+}
+
+const EnvironmentContext = createContext<EnvironmentContextType | null>(null);
+
+export const useEnvironment = () => {
+  const context = useContext(EnvironmentContext);
+  if (!context) {
+    throw new Error("useEnvironment must be used within an EnvironmentProvider");
+  }
+  return context;
+};
+
+// Client wrapper component to be used in server components
+interface EnvironmentContextWrapperProps {
+  environment: TEnvironment;
+  project: TProject;
+  children: React.ReactNode;
+}
+
+export const EnvironmentContextWrapper = ({
+  environment,
+  project,
+  children,
+}: EnvironmentContextWrapperProps) => {
+  const environmentContextValue = useMemo(
+    () => ({
+      environment,
+      project,
+    }),
+    [environment, project]
+  );
+
+  return (
+    <EnvironmentContext.Provider value={environmentContextValue}>{children}</EnvironmentContext.Provider>
+  );
+};

apps/web/app/(app)/environments/[environmentId]/integrations/actions.ts

@@ -2,13 +2,15 @@
 
 import { createOrUpdateIntegration, deleteIntegration } from "@/lib/integration/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
 import {
   getOrganizationIdFromEnvironmentId,
   getOrganizationIdFromIntegrationId,
   getProjectIdFromEnvironmentId,
   getProjectIdFromIntegrationId,
 } from "@/lib/utils/helper";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
 import { ZIntegrationInput } from "@formbricks/types/integration";
@@ -20,48 +22,79 @@ const ZCreateOrUpdateIntegrationAction = z.object({
 
 export const createOrUpdateIntegrationAction = authenticatedActionClient
   .schema(ZCreateOrUpdateIntegrationAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromEnvironmentId(parsedInput.environmentId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          minPermission: "readWrite",
-          projectId: await getProjectIdFromEnvironmentId(parsedInput.environmentId),
-        },
-      ],
-    });
+  .action(
+    withAuditLogging(
+      "createdUpdated",
+      "integration",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: Record<string, any>;
+      }) => {
+        const organizationId = await getOrganizationIdFromEnvironmentId(parsedInput.environmentId);
 
-    return await createOrUpdateIntegration(parsedInput.environmentId, parsedInput.integrationData);
-  });
+        await checkAuthorizationUpdated({
+          userId: ctx.user.id,
+          organizationId,
+          access: [
+            {
+              type: "organization",
+              roles: ["owner", "manager"],
+            },
+            {
+              type: "projectTeam",
+              minPermission: "readWrite",
+              projectId: await getProjectIdFromEnvironmentId(parsedInput.environmentId),
+            },
+          ],
+        });
+
+        ctx.auditLoggingCtx.organizationId = organizationId;
+        const result = await createOrUpdateIntegration(
+          parsedInput.environmentId,
+          parsedInput.integrationData
+        );
+        ctx.auditLoggingCtx.integrationId = result.id;
+        ctx.auditLoggingCtx.newObject = result;
+        return result;
+      }
+    )
+  );
 
 const ZDeleteIntegrationAction = z.object({
   integrationId: ZId,
 });
 
-export const deleteIntegrationAction = authenticatedActionClient
-  .schema(ZDeleteIntegrationAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromIntegrationId(parsedInput.integrationId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          projectId: await getProjectIdFromIntegrationId(parsedInput.integrationId),
-          minPermission: "readWrite",
-        },
-      ],
-    });
+export const deleteIntegrationAction = authenticatedActionClient.schema(ZDeleteIntegrationAction).action(
+  withAuditLogging(
+    "deleted",
+    "integration",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const organizationId = await getOrganizationIdFromIntegrationId(parsedInput.integrationId);
 
-    return await deleteIntegration(parsedInput.integrationId);
-  });
+      await checkAuthorizationUpdated({
+        userId: ctx.user.id,
+        organizationId,
+        access: [
+          {
+            type: "organization",
+            roles: ["owner", "manager"],
+          },
+          {
+            type: "projectTeam",
+            projectId: await getProjectIdFromIntegrationId(parsedInput.integrationId),
+            minPermission: "readWrite",
+          },
+        ],
+      });
+
+      ctx.auditLoggingCtx.organizationId = organizationId;
+      ctx.auditLoggingCtx.integrationId = parsedInput.integrationId;
+      const result = await deleteIntegration(parsedInput.integrationId);
+      ctx.auditLoggingCtx.oldObject = result;
+      return result;
+    }
+  )
+);

apps/web/app/(app)/environments/[environmentId]/integrations/airtable/components/AddIntegrationModal.test.tsx

@@ -92,14 +92,24 @@ vi.mock("@/modules/ui/components/additional-integration-settings", () => ({
     </div>
   ),
 }));
-vi.mock("@/modules/ui/components/modal", () => ({
-  Modal: ({ children, open, setOpen }) =>
+vi.mock("@/modules/ui/components/dialog", () => ({
+  Dialog: ({ children, open, onOpenChange }: any) =>
     open ? (
-      <div data-testid="modal">
+      <div data-testid="dialog" role="dialog">
         {children}
-        <button onClick={() => setOpen(false)}>Close Modal</button>
+        <button onClick={() => onOpenChange(false)}>Close Dialog</button>
       </div>
     ) : null,
+  DialogContent: ({ children, ...props }: any) => (
+    <div data-testid="dialog-content" {...props}>
+      {children}
+    </div>
+  ),
+  DialogHeader: ({ children }: any) => <div data-testid="dialog-header">{children}</div>,
+  DialogTitle: ({ children }: any) => <h2 data-testid="dialog-title">{children}</h2>,
+  DialogDescription: ({ children }: any) => <p data-testid="dialog-description">{children}</p>,
+  DialogBody: ({ children }: any) => <div data-testid="dialog-body">{children}</div>,
+  DialogFooter: ({ children }: any) => <div data-testid="dialog-footer">{children}</div>,
 }));
 vi.mock("@/modules/ui/components/alert", () => ({
   Alert: ({ children }) => <div data-testid="alert">{children}</div>,

apps/web/app/(app)/environments/[environmentId]/integrations/airtable/components/AddIntegrationModal.tsx

@@ -10,8 +10,16 @@ import { AdditionalIntegrationSettings } from "@/modules/ui/components/additiona
 import { Alert, AlertDescription, AlertTitle } from "@/modules/ui/components/alert";
 import { Button } from "@/modules/ui/components/button";
 import { Checkbox } from "@/modules/ui/components/checkbox";
+import {
+  Dialog,
+  DialogBody,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from "@/modules/ui/components/dialog";
 import { Label } from "@/modules/ui/components/label";
-import { Modal } from "@/modules/ui/components/modal";
 import {
   Select,
   SelectContent,
@@ -19,11 +27,11 @@ import {
   SelectTrigger,
   SelectValue,
 } from "@/modules/ui/components/select";
-import { useTranslate } from "@tolgee/react";
+import { TFnType, useTranslate } from "@tolgee/react";
 import Image from "next/image";
 import { useRouter } from "next/navigation";
 import { useEffect, useState } from "react";
-import { Controller, useForm } from "react-hook-form";
+import { Control, Controller, useForm } from "react-hook-form";
 import { toast } from "react-hot-toast";
 import { TIntegrationItem } from "@formbricks/types/integration";
 import {
@@ -68,6 +76,80 @@ const NoBaseFoundError = () => {
   );
 };
 
+const renderQuestionSelection = ({
+  t,
+  selectedSurvey,
+  control,
+  includeVariables,
+  setIncludeVariables,
+  includeHiddenFields,
+  includeMetadata,
+  setIncludeHiddenFields,
+  setIncludeMetadata,
+  includeCreatedAt,
+  setIncludeCreatedAt,
+}: {
+  t: TFnType;
+  selectedSurvey: TSurvey;
+  control: Control<IntegrationModalInputs>;
+  includeVariables: boolean;
+  setIncludeVariables: (value: boolean) => void;
+  includeHiddenFields: boolean;
+  includeMetadata: boolean;
+  setIncludeHiddenFields: (value: boolean) => void;
+  setIncludeMetadata: (value: boolean) => void;
+  includeCreatedAt: boolean;
+  setIncludeCreatedAt: (value: boolean) => void;
+}) => {
+  return (
+    <div className="space-y-4">
+      <div>
+        <Label htmlFor="Surveys">{t("common.questions")}</Label>
+        <div className="mt-1 max-h-[15vh] overflow-y-auto rounded-lg border border-slate-200">
+          <div className="grid content-center rounded-lg bg-slate-50 p-3 text-left text-sm text-slate-900">
+            {replaceHeadlineRecall(selectedSurvey, "default")?.questions.map((question) => (
+              <Controller
+                key={question.id}
+                control={control}
+                name={"questions"}
+                render={({ field }) => (
+                  <div className="my-1 flex items-center space-x-2">
+                    <label htmlFor={question.id} className="flex cursor-pointer items-center">
+                      <Checkbox
+                        type="button"
+                        id={question.id}
+                        value={question.id}
+                        className="bg-white"
+                        checked={field.value?.includes(question.id)}
+                        onCheckedChange={(checked) => {
+                          return checked
+                            ? field.onChange([...field.value, question.id])
+                            : field.onChange(field.value?.filter((value) => value !== question.id));
+                        }}
+                      />
+                      <span className="ml-2">{getLocalizedValue(question.headline, "default")}</span>
+                    </label>
+                  </div>
+                )}
+              />
+            ))}
+          </div>
+        </div>
+      </div>
+      <AdditionalIntegrationSettings
+        includeVariables={includeVariables}
+        setIncludeVariables={setIncludeVariables}
+        includeHiddenFields={includeHiddenFields}
+        includeMetadata={includeMetadata}
+        setIncludeHiddenFields={setIncludeHiddenFields}
+        setIncludeMetadata={setIncludeMetadata}
+        includeCreatedAt={includeCreatedAt}
+        setIncludeCreatedAt={setIncludeCreatedAt}
+      />
+    </div>
+  );
+};
+
 export const AddIntegrationModal = ({
   open,
   setOpenWithStates,
@@ -210,182 +292,148 @@ export const AddIntegrationModal = ({
   };
 
   return (
-    <Modal open={open} setOpen={handleClose} noPadding>
-      <div className="rounded-t-lg bg-slate-100">
-        <div className="flex w-full items-center justify-between p-6">
+    <Dialog open={open} onOpenChange={setOpenWithStates}>
+      <DialogContent className="overflow-visible md:overflow-visible">
+        <DialogHeader>
           <div className="flex items-center space-x-2">
-            <div className="mr-1.5 h-6 w-6 text-slate-500">
-              <Image className="w-12" src={AirtableLogo} alt="Airtable logo" />
+            <div className="relative size-8">
+              <Image
+                fill
+                className="object-contain object-center"
+                src={AirtableLogo}
+                alt={t("environments.integrations.airtable.airtable_logo")}
+              />
             </div>
-            <div>
-              <div className="text-xl font-medium text-slate-700">
-                {t("environments.integrations.airtable.link_airtable_table")}
-              </div>
-              <div className="text-sm text-slate-500">
+            <div className="space-y-0.5">
+              <DialogTitle>{t("environments.integrations.airtable.link_airtable_table")}</DialogTitle>
+              <DialogDescription>
                 {t("environments.integrations.airtable.sync_responses_with_airtable")}
-              </div>
+              </DialogDescription>
             </div>
           </div>
-        </div>
-      </div>
-      <form onSubmit={handleSubmit(submitHandler)}>
-        <div className="flex rounded-lg p-6">
-          <div className="flex w-full flex-col gap-y-4 pt-5">
-            {airtableArray.length ? (
-              <BaseSelectDropdown
-                control={control}
-                isLoading={isLoading}
-                fetchTable={fetchTable}
-                airtableArray={airtableArray}
-                setValue={setValue}
-                defaultValue={defaultData?.base}
-              />
-            ) : (
-              <NoBaseFoundError />
-            )}
-
-            <div className="flex w-full flex-col">
-              <Label htmlFor="table">{t("environments.integrations.airtable.table_name")}</Label>
-              <div className="mt-1 flex">
-                <Controller
+        </DialogHeader>
+        <form className="space-y-4" onSubmit={handleSubmit(submitHandler)}>
+          <DialogBody className="overflow-visible">
+            <div className="flex w-full flex-col gap-y-4">
+              {airtableArray.length ? (
+                <BaseSelectDropdown
                   control={control}
-                  name="table"
-                  render={({ field }) => (
-                    <Select
-                      required
-                      disabled={!tables.length}
-                      onValueChange={(val) => {
-                        field.onChange(val);
-                      }}
-                      defaultValue={defaultData?.table}>
-                      <SelectTrigger>
-                        <SelectValue />
-                      </SelectTrigger>
-                      {tables.length ? (
-                        <SelectContent>
-                          {tables.map((item) => (
-                            <SelectItem key={item.id} value={item.id}>
-                              {item.name}
-                            </SelectItem>
-                          ))}
-                        </SelectContent>
-                      ) : null}
-                    </Select>
-                  )}
+                  isLoading={isLoading}
+                  fetchTable={fetchTable}
+                  airtableArray={airtableArray}
+                  setValue={setValue}
+                  defaultValue={defaultData?.base}
                 />
-              </div>
-            </div>
+              ) : (
+                <NoBaseFoundError />
+              )}
 
-            {surveys.length ? (
               <div className="flex w-full flex-col">
-                <Label htmlFor="survey">{t("common.select_survey")}</Label>
+                <Label htmlFor="table">{t("environments.integrations.airtable.table_name")}</Label>
                 <div className="mt-1 flex">
                   <Controller
                     control={control}
-                    name="survey"
+                    name="table"
                     render={({ field }) => (
                       <Select
                         required
+                        disabled={!tables.length}
                         onValueChange={(val) => {
                           field.onChange(val);
-                          setValue("questions", []);
                         }}
-                        defaultValue={defaultData?.survey}>
+                        defaultValue={defaultData?.table}>
                         <SelectTrigger>
                           <SelectValue />
                         </SelectTrigger>
-                        <SelectContent>
-                          {surveys.map((item) => (
-                            <SelectItem key={item.id} value={item.id}>
-                              {item.name}
-                            </SelectItem>
-                          ))}
-                        </SelectContent>
+                        {tables.length ? (
+                          <SelectContent>
+                            {tables.map((item) => (
+                              <SelectItem key={item.id} value={item.id}>
+                                {item.name}
+                              </SelectItem>
+                            ))}
+                          </SelectContent>
+                        ) : null}
                       </Select>
                     )}
                   />
                 </div>
               </div>
-            ) : null}
 
-            {!surveys.length ? (
-              <p className="m-1 text-xs text-slate-500">
-                {t("environments.integrations.create_survey_warning")}
-              </p>
-            ) : null}
-
-            {survey && selectedSurvey && (
-              <div className="space-y-4">
-                <div>
-                  <Label htmlFor="Surveys">{t("common.questions")}</Label>
-                  <div className="mt-1 max-h-[15vh] overflow-y-auto rounded-lg border border-slate-200">
-                    <div className="grid content-center rounded-lg bg-slate-50 p-3 text-left text-sm text-slate-900">
-                      {replaceHeadlineRecall(selectedSurvey, "default")?.questions.map((question) => (
-                        <Controller
-                          key={question.id}
-                          control={control}
-                          name={"questions"}
-                          render={({ field }) => (
-                            <div className="my-1 flex items-center space-x-2">
-                              <label htmlFor={question.id} className="flex cursor-pointer items-center">
-                                <Checkbox
-                                  type="button"
-                                  id={question.id}
-                                  value={question.id}
-                                  className="bg-white"
-                                  checked={field.value?.includes(question.id)}
-                                  onCheckedChange={(checked) => {
-                                    return checked
-                                      ? field.onChange([...field.value, question.id])
-                                      : field.onChange(field.value?.filter((value) => value !== question.id));
-                                  }}
-                                />
-                                <span className="ml-2">
-                                  {getLocalizedValue(question.headline, "default")}
-                                </span>
-                              </label>
-                            </div>
-                          )}
-                        />
-                      ))}
-                    </div>
+              {surveys.length ? (
+                <div className="flex w-full flex-col">
+                  <Label htmlFor="survey">{t("common.select_survey")}</Label>
+                  <div className="mt-1 flex">
+                    <Controller
+                      control={control}
+                      name="survey"
+                      render={({ field }) => (
+                        <Select
+                          required
+                          onValueChange={(val) => {
+                            field.onChange(val);
+                            setValue("questions", []);
+                          }}
+                          defaultValue={defaultData?.survey}>
+                          <SelectTrigger>
+                            <SelectValue />
+                          </SelectTrigger>
+                          <SelectContent>
+                            {surveys.map((item) => (
+                              <SelectItem key={item.id} value={item.id}>
+                                {item.name}
+                              </SelectItem>
+                            ))}
+                          </SelectContent>
+                        </Select>
+                      )}
+                    />
                   </div>
                 </div>
-                <AdditionalIntegrationSettings
-                  includeVariables={includeVariables}
-                  setIncludeVariables={setIncludeVariables}
-                  includeHiddenFields={includeHiddenFields}
-                  includeMetadata={includeMetadata}
-                  setIncludeHiddenFields={setIncludeHiddenFields}
-                  setIncludeMetadata={setIncludeMetadata}
-                  includeCreatedAt={includeCreatedAt}
-                  setIncludeCreatedAt={setIncludeCreatedAt}
-                />
-              </div>
-            )}
-
-            <div className="flex justify-end gap-x-2">
-              {isEditMode ? (
-                <Button
-                  onClick={async () => {
-                    await handleDelete(defaultData.index);
-                  }}
-                  type="button"
-                  loading={isLoading}
-                  variant="destructive">
-                  {t("common.delete")}
-                </Button>
               ) : (
-                <Button type="button" loading={isLoading} variant="ghost" onClick={handleClose}>
-                  {t("common.cancel")}
-                </Button>
+                <p className="m-1 text-xs text-slate-500">
+                  {t("environments.integrations.create_survey_warning")}
+                </p>
               )}
 
-              <Button type="submit">{t("common.save")}</Button>
+              {survey &&
+                selectedSurvey &&
+                renderQuestionSelection({
+                  t,
+                  selectedSurvey,
+                  control,
+                  includeVariables,
+                  setIncludeVariables,
+                  includeHiddenFields,
+                  includeMetadata,
+                  setIncludeHiddenFields,
+                  setIncludeMetadata,
+                  includeCreatedAt,
+                  setIncludeCreatedAt,
+                })}
             </div>
-          </div>
-        </div>
-      </form>
-    </Modal>
+          </DialogBody>
+          <DialogFooter>
+            {isEditMode ? (
+              <Button
+                onClick={async () => {
+                  await handleDelete(defaultData.index);
+                }}
+                type="button"
+                loading={isLoading}
+                variant="destructive">
+                {t("common.delete")}
+              </Button>
+            ) : (
+              <Button type="button" loading={isLoading} variant="ghost" onClick={handleClose}>
+                {t("common.cancel")}
+              </Button>
+            )}
+
+            <Button type="submit">{t("common.save")}</Button>
+          </DialogFooter>
+        </form>
+      </DialogContent>
+    </Dialog>
   );
 };

apps/web/app/(app)/environments/[environmentId]/integrations/airtable/page.test.tsx

@@ -48,6 +48,9 @@ vi.mock("@/lib/constants", () => ({
   OIDC_CLIENT_SECRET: "test-oidc-client-secret",
   OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("@/lib/integration/service");

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/actions.ts

@@ -2,7 +2,7 @@
 
 import { getSpreadsheetNameById } from "@/lib/googleSheet/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
 import { z } from "zod";
 import { ZIntegrationGoogleSheets } from "@formbricks/types/integration/google-sheet";

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/components/AddIntegrationModal.test.tsx

@@ -88,9 +88,24 @@ vi.mock("@/modules/ui/components/dropdown-selector", () => ({
     </div>
   ),
 }));
-vi.mock("@/modules/ui/components/modal", () => ({
-  Modal: ({ open, children }: { open: boolean; children: React.ReactNode }) =>
-    open ? <div data-testid="modal">{children}</div> : null,
+vi.mock("@/modules/ui/components/dialog", () => ({
+  Dialog: ({ children, open, onOpenChange }: any) =>
+    open ? (
+      <div data-testid="dialog" role="dialog">
+        {children}
+        <button onClick={() => onOpenChange(false)}>Close Dialog</button>
+      </div>
+    ) : null,
+  DialogContent: ({ children, ...props }: any) => (
+    <div data-testid="dialog-content" {...props}>
+      {children}
+    </div>
+  ),
+  DialogHeader: ({ children }: any) => <div data-testid="dialog-header">{children}</div>,
+  DialogTitle: ({ children }: any) => <h2 data-testid="dialog-title">{children}</h2>,
+  DialogDescription: ({ children }: any) => <p data-testid="dialog-description">{children}</p>,
+  DialogBody: ({ children }: any) => <div data-testid="dialog-body">{children}</div>,
+  DialogFooter: ({ children }: any) => <div data-testid="dialog-footer">{children}</div>,
 }));
 vi.mock("next/image", () => ({
   // eslint-disable-next-line @next/next/no-img-element
@@ -304,10 +319,9 @@ describe("AddIntegrationModal", () => {
       />
     );
 
-    expect(screen.getByTestId("modal")).toBeInTheDocument();
-    expect(
-      screen.getByText("Link Google Sheet", { selector: "div.text-xl.font-medium" })
-    ).toBeInTheDocument();
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-title")).toHaveTextContent("Link Google Sheet");
+    expect(screen.getByTestId("dialog-description")).toHaveTextContent("Sync responses with Google Sheets.");
     // Use getByPlaceholderText for the input
     expect(
       screen.getByPlaceholderText("https://docs.google.com/spreadsheets/d/<your-spreadsheet-id>")
@@ -332,10 +346,9 @@ describe("AddIntegrationModal", () => {
       />
     );
 
-    expect(screen.getByTestId("modal")).toBeInTheDocument();
-    expect(
-      screen.getByText("Link Google Sheet", { selector: "div.text-xl.font-medium" })
-    ).toBeInTheDocument();
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-title")).toHaveTextContent("Link Google Sheet");
+    expect(screen.getByTestId("dialog-description")).toHaveTextContent("Sync responses with Google Sheets.");
     // Use getByPlaceholderText for the input
     expect(
       screen.getByPlaceholderText("https://docs.google.com/spreadsheets/d/<your-spreadsheet-id>")

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/components/AddIntegrationModal.tsx

@@ -14,10 +14,18 @@ import { replaceHeadlineRecall } from "@/lib/utils/recall";
 import { AdditionalIntegrationSettings } from "@/modules/ui/components/additional-integration-settings";
 import { Button } from "@/modules/ui/components/button";
 import { Checkbox } from "@/modules/ui/components/checkbox";
+import {
+  Dialog,
+  DialogBody,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from "@/modules/ui/components/dialog";
 import { DropdownSelector } from "@/modules/ui/components/dropdown-selector";
 import { Input } from "@/modules/ui/components/input";
 import { Label } from "@/modules/ui/components/label";
-import { Modal } from "@/modules/ui/components/modal";
 import { useTranslate } from "@tolgee/react";
 import Image from "next/image";
 import { useEffect, useState } from "react";
@@ -202,31 +210,28 @@ export const AddIntegrationModal = ({
   };
 
   return (
-    <Modal open={open} setOpen={setOpenWithStates} noPadding closeOnOutsideClick={true}>
-      <div className="flex h-full flex-col rounded-lg">
-        <div className="rounded-t-lg bg-slate-100">
-          <div className="flex w-full items-center justify-between p-6">
-            <div className="flex items-center space-x-2">
-              <div className="mr-1.5 h-6 w-6 text-slate-500">
-                <Image
-                  className="w-12"
-                  src={GoogleSheetLogo}
-                  alt={t("environments.integrations.google_sheets.google_sheet_logo")}
-                />
-              </div>
-              <div>
-                <div className="text-xl font-medium text-slate-700">
-                  {t("environments.integrations.google_sheets.link_google_sheet")}
-                </div>
-                <div className="text-sm text-slate-500">
-                  {t("environments.integrations.google_sheets.google_sheets_integration_description")}
-                </div>
-              </div>
+    <Dialog open={open} onOpenChange={setOpenWithStates}>
+      <DialogContent>
+        <DialogHeader>
+          <div className="flex items-center space-x-2">
+            <div className="relative size-8">
+              <Image
+                fill
+                className="object-contain object-center"
+                src={GoogleSheetLogo}
+                alt={t("environments.integrations.google_sheets.google_sheet_logo")}
+              />
+            </div>
+            <div className="space-y-0.5">
+              <DialogTitle>{t("environments.integrations.google_sheets.link_google_sheet")}</DialogTitle>
+              <DialogDescription>
+                {t("environments.integrations.google_sheets.google_sheets_integration_description")}
+              </DialogDescription>
             </div>
           </div>
-        </div>
-        <form onSubmit={handleSubmit(linkSheet)}>
-          <div className="flex justify-between rounded-lg p-6">
+        </DialogHeader>
+        <form className="space-y-4" onSubmit={handleSubmit(linkSheet)}>
+          <DialogBody>
             <div className="w-full space-y-4">
               <div>
                 <div className="mb-4">
@@ -292,39 +297,37 @@ export const AddIntegrationModal = ({
                 </div>
               )}
             </div>
-          </div>
-          <div className="flex justify-end border-t border-slate-200 p-6">
-            <div className="flex space-x-2">
-              {selectedIntegration ? (
-                <Button
-                  type="button"
-                  variant="destructive"
-                  loading={isDeleting}
-                  onClick={() => {
-                    deleteLink();
-                  }}>
-                  {t("common.delete")}
-                </Button>
-              ) : (
-                <Button
-                  type="button"
-                  variant="ghost"
-                  onClick={() => {
-                    setOpen(false);
-                    resetForm();
-                  }}>
-                  {t("common.cancel")}
-                </Button>
-              )}
-              <Button type="submit" loading={isLinkingSheet}>
-                {selectedIntegration
-                  ? t("common.update")
-                  : t("environments.integrations.google_sheets.link_google_sheet")}
+          </DialogBody>
+          <DialogFooter>
+            {selectedIntegration ? (
+              <Button
+                type="button"
+                variant="destructive"
+                loading={isDeleting}
+                onClick={() => {
+                  deleteLink();
+                }}>
+                {t("common.delete")}
               </Button>
-            </div>
-          </div>
+            ) : (
+              <Button
+                type="button"
+                variant="ghost"
+                onClick={() => {
+                  setOpen(false);
+                  resetForm();
+                }}>
+                {t("common.cancel")}
+              </Button>
+            )}
+            <Button type="submit" loading={isLinkingSheet}>
+              {selectedIntegration
+                ? t("common.update")
+                : t("environments.integrations.google_sheets.link_google_sheet")}
+            </Button>
+          </DialogFooter>
         </form>
-      </div>
-    </Modal>
+      </DialogContent>
+    </Dialog>
   );
 };

apps/web/app/(app)/environments/[environmentId]/integrations/lib/surveys.test.ts

@@ -1,10 +1,8 @@
-import { cache } from "@/lib/cache";
-import { surveyCache } from "@/lib/survey/cache";
 import { selectSurvey } from "@/lib/survey/service";
 import { transformPrismaSurvey } from "@/lib/survey/utils";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
-import { beforeEach, describe, expect, test, vi } from "vitest";
+import { describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
 import { DatabaseError } from "@formbricks/types/errors";
@@ -12,14 +10,6 @@ import { TSurvey } from "@formbricks/types/surveys/types";
 import { getSurveys } from "./surveys";
 
 // Mock dependencies
-vi.mock("@/lib/cache");
-vi.mock("@/lib/survey/cache", () => ({
-  surveyCache: {
-    tag: {
-      byEnvironmentId: vi.fn((environmentId) => `survey_environment_${environmentId}`),
-    },
-  },
-}));
 vi.mock("@/lib/survey/service", () => ({
   selectSurvey: { id: true, name: true, status: true, updatedAt: true }, // Expanded mock based on usage
 }));
@@ -46,11 +36,11 @@ vi.mock("react", async (importOriginal) => {
 });
 
 const environmentId = "test-environment-id";
-// Ensure mockPrismaSurveys includes all fields used in selectSurvey mock
+// Use 'as any' to bypass complex type matching for mock data
 const mockPrismaSurveys = [
   { id: "survey1", name: "Survey 1", status: "inProgress", updatedAt: new Date() },
   { id: "survey2", name: "Survey 2", status: "draft", updatedAt: new Date() },
-];
+] as any; // Use 'as any' to bypass complex type matching
 const mockTransformedSurveys: TSurvey[] = [
   {
     id: "survey1",
@@ -99,14 +89,8 @@ const mockTransformedSurveys: TSurvey[] = [
 ];
 
 describe("getSurveys", () => {
-  beforeEach(() => {
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-  });
-
   test("should fetch and transform surveys successfully", async () => {
-    vi.mocked(prisma.survey.findMany).mockResolvedValue(mockPrismaSurveys);
+    vi.mocked(prisma.survey.findMany).mockResolvedValue(mockPrismaSurveys as any);
     vi.mocked(transformPrismaSurvey).mockImplementation((survey) => {
       const found = mockTransformedSurveys.find((ts) => ts.id === survey.id);
       if (!found) throw new Error("Survey not found in mock transformed data");
@@ -134,39 +118,29 @@ describe("getSurveys", () => {
     expect(transformPrismaSurvey).toHaveBeenCalledTimes(mockPrismaSurveys.length);
     expect(transformPrismaSurvey).toHaveBeenCalledWith(mockPrismaSurveys[0]);
     expect(transformPrismaSurvey).toHaveBeenCalledWith(mockPrismaSurveys[1]);
-    // Check if the inner cache function was called with the correct arguments
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function), // The async function passed to cache
-      [`getSurveys-${environmentId}`], // The cache key
-      {
-        tags: [surveyCache.tag.byEnvironmentId(environmentId)], // Cache tags
-      }
-    );
-    // Remove the assertion for reactCache being called within the test execution
-    // expect(reactCache).toHaveBeenCalled(); // Removed this line
+    // React cache is already mocked globally - no need to check it here
   });
 
   test("should throw DatabaseError on Prisma known request error", async () => {
-    // No need to mock cache here again as beforeEach handles it
-    const prismaError = new Prisma.PrismaClientKnownRequestError("Test error", {
-      code: "P2025",
-      clientVersion: "5.0.0",
-      meta: {}, // Added meta property
+    const prismaError = new Prisma.PrismaClientKnownRequestError("Database connection error", {
+      code: "P2002",
+      clientVersion: "4.0.0",
     });
-    vi.mocked(prisma.survey.findMany).mockRejectedValue(prismaError);
+
+    vi.mocked(prisma.survey.findMany).mockRejectedValueOnce(prismaError);
 
     await expect(getSurveys(environmentId)).rejects.toThrow(DatabaseError);
     expect(logger.error).toHaveBeenCalledWith({ error: prismaError }, "getSurveys: Could not fetch surveys");
-    expect(cache).toHaveBeenCalled(); // Ensure cache wrapper was still called
+    // React cache is already mocked globally - no need to check it here
   });
 
   test("should throw original error on other errors", async () => {
-    // No need to mock cache here again as beforeEach handles it
-    const genericError = new Error("Something went wrong");
-    vi.mocked(prisma.survey.findMany).mockRejectedValue(genericError);
+    const genericError = new Error("Some other error");
+
+    vi.mocked(prisma.survey.findMany).mockRejectedValueOnce(genericError);
 
     await expect(getSurveys(environmentId)).rejects.toThrow(genericError);
     expect(logger.error).not.toHaveBeenCalled();
-    expect(cache).toHaveBeenCalled(); // Ensure cache wrapper was still called
+    // React cache is already mocked globally - no need to check it here
   });
 });

apps/web/app/(app)/environments/[environmentId]/integrations/lib/surveys.ts

@@ -1,6 +1,4 @@
 import "server-only";
-import { cache } from "@/lib/cache";
-import { surveyCache } from "@/lib/survey/cache";
 import { selectSurvey } from "@/lib/survey/service";
 import { transformPrismaSurvey } from "@/lib/survey/utils";
 import { validateInputs } from "@/lib/utils/validate";
@@ -12,38 +10,29 @@ import { ZId } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
 import { TSurvey } from "@formbricks/types/surveys/types";
 
-export const getSurveys = reactCache(
-  async (environmentId: string): Promise<TSurvey[]> =>
-    cache(
-      async () => {
-        validateInputs([environmentId, ZId]);
+export const getSurveys = reactCache(async (environmentId: string): Promise<TSurvey[]> => {
+  validateInputs([environmentId, ZId]);
 
-        try {
-          const surveysPrisma = await prisma.survey.findMany({
-            where: {
-              environmentId,
-              status: {
-                not: "completed",
-              },
-            },
-            select: selectSurvey,
-            orderBy: {
-              updatedAt: "desc",
-            },
-          });
-
-          return surveysPrisma.map((surveyPrisma) => transformPrismaSurvey<TSurvey>(surveyPrisma));
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            logger.error({ error }, "getSurveys: Could not fetch surveys");
-            throw new DatabaseError(error.message);
-          }
-          throw error;
-        }
+  try {
+    const surveysPrisma = await prisma.survey.findMany({
+      where: {
+        environmentId,
+        status: {
+          not: "completed",
+        },
       },
-      [`getSurveys-${environmentId}`],
-      {
-        tags: [surveyCache.tag.byEnvironmentId(environmentId)],
-      }
-    )()
-);
+      select: selectSurvey,
+      orderBy: {
+        updatedAt: "desc",
+      },
+    });
+
+    return surveysPrisma.map((surveyPrisma) => transformPrismaSurvey<TSurvey>(surveyPrisma));
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      logger.error({ error }, "getSurveys: Could not fetch surveys");
+      throw new DatabaseError(error.message);
+    }
+    throw error;
+  }
+});

apps/web/app/(app)/environments/[environmentId]/integrations/lib/webhook.test.ts

@@ -1,21 +1,10 @@
-import { cache } from "@/lib/cache";
-import { webhookCache } from "@/lib/cache/webhook";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { afterEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { DatabaseError } from "@formbricks/types/errors";
 import { getWebhookCountBySource } from "./webhook";
 
-// Mock dependencies
-vi.mock("@/lib/cache");
-vi.mock("@/lib/cache/webhook", () => ({
-  webhookCache: {
-    tag: {
-      byEnvironmentIdAndSource: vi.fn((envId, source) => `webhook_${envId}_${source ?? "all"}`),
-    },
-  },
-}));
 vi.mock("@/lib/utils/validate");
 vi.mock("@formbricks/database", () => ({
   prisma: {
@@ -29,12 +18,6 @@ const environmentId = "test-environment-id";
 const sourceZapier = "zapier";
 
 describe("getWebhookCountBySource", () => {
-  beforeEach(() => {
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-  });
-
   afterEach(() => {
     vi.resetAllMocks();
   });
@@ -56,13 +39,6 @@ describe("getWebhookCountBySource", () => {
         source: sourceZapier,
       },
     });
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function),
-      [`getWebhookCountBySource-${environmentId}-${sourceZapier}`],
-      {
-        tags: [webhookCache.tag.byEnvironmentIdAndSource(environmentId, sourceZapier)],
-      }
-    );
   });
 
   test("should return total webhook count when source is undefined", async () => {
@@ -82,13 +58,6 @@ describe("getWebhookCountBySource", () => {
         source: undefined,
       },
     });
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function),
-      [`getWebhookCountBySource-${environmentId}-undefined`],
-      {
-        tags: [webhookCache.tag.byEnvironmentIdAndSource(environmentId, undefined)],
-      }
-    );
   });
 
   test("should throw DatabaseError on Prisma known request error", async () => {
@@ -100,7 +69,6 @@ describe("getWebhookCountBySource", () => {
 
     await expect(getWebhookCountBySource(environmentId, sourceZapier)).rejects.toThrow(DatabaseError);
     expect(prisma.webhook.count).toHaveBeenCalledTimes(1);
-    expect(cache).toHaveBeenCalledTimes(1);
   });
 
   test("should throw original error on other errors", async () => {
@@ -109,6 +77,5 @@ describe("getWebhookCountBySource", () => {
 
     await expect(getWebhookCountBySource(environmentId)).rejects.toThrow(genericError);
     expect(prisma.webhook.count).toHaveBeenCalledTimes(1);
-    expect(cache).toHaveBeenCalledTimes(1);
   });
 });

apps/web/app/(app)/environments/[environmentId]/integrations/lib/webhook.ts

@@ -1,5 +1,3 @@
-import { cache } from "@/lib/cache";
-import { webhookCache } from "@/lib/cache/webhook";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma, Webhook } from "@prisma/client";
 import { z } from "zod";
@@ -7,29 +5,25 @@ import { prisma } from "@formbricks/database";
 import { ZId } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
 
-export const getWebhookCountBySource = (environmentId: string, source?: Webhook["source"]): Promise<number> =>
-  cache(
-    async () => {
-      validateInputs([environmentId, ZId], [source, z.string().optional()]);
+export const getWebhookCountBySource = async (
+  environmentId: string,
+  source?: Webhook["source"]
+): Promise<number> => {
+  validateInputs([environmentId, ZId], [source, z.string().optional()]);
 
-      try {
-        const count = await prisma.webhook.count({
-          where: {
-            environmentId,
-            source,
-          },
-        });
-        return count;
-      } catch (error) {
-        if (error instanceof Prisma.PrismaClientKnownRequestError) {
-          throw new DatabaseError(error.message);
-        }
-
-        throw error;
-      }
-    },
-    [`getWebhookCountBySource-${environmentId}-${source}`],
-    {
-      tags: [webhookCache.tag.byEnvironmentIdAndSource(environmentId, source)],
+  try {
+    const count = await prisma.webhook.count({
+      where: {
+        environmentId,
+        source,
+      },
+    });
+    return count;
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      throw new DatabaseError(error.message);
     }
-  )();
+
+    throw error;
+  }
+};

apps/web/app/(app)/environments/[environmentId]/integrations/notion/components/AddIntegrationModal.test.tsx

@@ -74,13 +74,41 @@ vi.mock("@/modules/ui/components/dropdown-selector", () => ({
 vi.mock("@/modules/ui/components/label", () => ({
   Label: ({ children }: { children: React.ReactNode }) => <label>{children}</label>,
 }));
-vi.mock("@/modules/ui/components/modal", () => ({
-  Modal: ({ open, children }: { open: boolean; children: React.ReactNode }) =>
-    open ? <div data-testid="modal">{children}</div> : null,
+vi.mock("@/modules/ui/components/dialog", () => ({
+  Dialog: ({ open, children }: { open: boolean; children: React.ReactNode }) =>
+    open ? <div data-testid="dialog">{children}</div> : null,
+  DialogContent: ({ children, className }: { children: React.ReactNode; className?: string }) => (
+    <div data-testid="dialog-content" className={className}>
+      {children}
+    </div>
+  ),
+  DialogHeader: ({ children, className }: { children: React.ReactNode; className?: string }) => (
+    <div data-testid="dialog-header" className={className}>
+      {children}
+    </div>
+  ),
+  DialogDescription: ({ children, className }: { children: React.ReactNode; className?: string }) => (
+    <p data-testid="dialog-description" className={className}>
+      {children}
+    </p>
+  ),
+  DialogTitle: ({ children }: { children: React.ReactNode }) => (
+    <h2 data-testid="dialog-title">{children}</h2>
+  ),
+  DialogBody: ({ children, className }: { children: React.ReactNode; className?: string }) => (
+    <div data-testid="dialog-body" className={className}>
+      {children}
+    </div>
+  ),
+  DialogFooter: ({ children, className }: { children: React.ReactNode; className?: string }) => (
+    <div data-testid="dialog-footer" className={className}>
+      {children}
+    </div>
+  ),
 }));
 vi.mock("lucide-react", () => ({
   PlusIcon: () => <span data-testid="plus-icon">+</span>,
-  XIcon: () => <span data-testid="x-icon">x</span>,
+  TrashIcon: () => <span data-testid="trash-icon">🗑️</span>,
 }));
 vi.mock("next/image", () => ({
   // eslint-disable-next-line @next/next/no-img-element
@@ -334,7 +362,7 @@ describe("AddIntegrationModal (Notion)", () => {
       />
     );
 
-    expect(screen.getByTestId("modal")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
     expect(screen.getByText("environments.integrations.notion.link_database")).toBeInTheDocument();
     expect(screen.getByTestId("dropdown-select-a-database")).toBeInTheDocument();
     expect(screen.getByTestId("dropdown-select-survey")).toBeInTheDocument();
@@ -359,7 +387,7 @@ describe("AddIntegrationModal (Notion)", () => {
       />
     );
 
-    expect(screen.getByTestId("modal")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
     expect(screen.getByTestId("dropdown-select-a-database")).toHaveValue(databases[0].id);
     expect(screen.getByTestId("dropdown-select-survey")).toHaveValue(surveys[0].id);
     expect(screen.getByText("Map Formbricks fields to Notion property")).toBeInTheDocument();
@@ -381,7 +409,7 @@ describe("AddIntegrationModal (Notion)", () => {
       expect(columnDropdowns[1]).toHaveValue("p2");
 
       expect(screen.getAllByTestId("plus-icon").length).toBeGreaterThan(0);
-      expect(screen.getAllByTestId("x-icon").length).toBeGreaterThan(0);
+      expect(screen.getAllByTestId("trash-icon").length).toBeGreaterThan(0);
     });
 
     expect(screen.getByText("Delete")).toBeInTheDocument();
@@ -445,8 +473,8 @@ describe("AddIntegrationModal (Notion)", () => {
 
     expect(screen.getAllByTestId("dropdown-select-a-survey-question")).toHaveLength(2);
 
-    const xButton = screen.getAllByTestId("x-icon")[0]; // Get the first X button
-    await userEvent.click(xButton);
+    const trashButton = screen.getAllByTestId("trash-icon")[0]; // Get the first trash button
+    await userEvent.click(trashButton);
 
     expect(screen.getAllByTestId("dropdown-select-a-survey-question")).toHaveLength(1);
   });

apps/web/app/(app)/environments/[environmentId]/integrations/notion/components/AddIntegrationModal.tsx

@@ -12,11 +12,19 @@ import { structuredClone } from "@/lib/pollyfills/structuredClone";
 import { replaceHeadlineRecall } from "@/lib/utils/recall";
 import { getQuestionTypes } from "@/modules/survey/lib/questions";
 import { Button } from "@/modules/ui/components/button";
+import {
+  Dialog,
+  DialogBody,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from "@/modules/ui/components/dialog";
 import { DropdownSelector } from "@/modules/ui/components/dropdown-selector";
 import { Label } from "@/modules/ui/components/label";
-import { Modal } from "@/modules/ui/components/modal";
 import { useTranslate } from "@tolgee/react";
-import { PlusIcon, XIcon } from "lucide-react";
+import { PlusIcon, TrashIcon } from "lucide-react";
 import Image from "next/image";
 import React, { useEffect, useMemo, useState } from "react";
 import { useForm } from "react-hook-form";
@@ -336,9 +344,9 @@ export const AddIntegrationModal = ({
           col={mapping[idx].column}
           ques={mapping[idx].question}
         />
-        <div className="flex w-full items-center">
+        <div className="flex w-full items-center space-x-2">
           <div className="flex w-full items-center">
-            <div className="w-[340px] max-w-full">
+            <div className="max-w-full flex-1">
               <DropdownSelector
                 placeholder={t("environments.integrations.notion.select_a_survey_question")}
                 items={filteredQuestionItems}
@@ -384,7 +392,7 @@ export const AddIntegrationModal = ({
               />
             </div>
             <div className="h-px w-4 border-t border-t-slate-300" />
-            <div className="w-[340px] max-w-full">
+            <div className="max-w-full flex-1">
               <DropdownSelector
                 placeholder={t("environments.integrations.notion.select_a_field_to_map")}
                 items={getFilteredDbItems()}
@@ -430,53 +438,45 @@ export const AddIntegrationModal = ({
               />
             </div>
           </div>
-          <button
-            type="button"
-            className={`rounded-md p-1 hover:bg-slate-300 ${
-              idx === mapping.length - 1 ? "visible" : "invisible"
-            }`}
-            onClick={addRow}>
-            <PlusIcon className="h-5 w-5 font-bold text-slate-500" />
-          </button>
-          <button
-            type="button"
-            className={`flex-1 rounded-md p-1 hover:bg-red-100 ${
-              mapping.length > 1 ? "visible" : "invisible"
-            }`}
-            onClick={deleteRow}>
-            <XIcon className="h-5 w-5 text-red-500" />
-          </button>
+          <div className="flex space-x-2">
+            {mapping.length > 1 && (
+              <Button variant="secondary" size="icon" className="size-10" onClick={deleteRow}>
+                <TrashIcon />
+              </Button>
+            )}
+            <Button variant="secondary" size="icon" className="size-10" onClick={addRow}>
+              <PlusIcon />
+            </Button>
+          </div>
         </div>
       </div>
     );
   };
 
   return (
-    <Modal open={open} setOpen={setOpen} noPadding closeOnOutsideClick={false} size="lg">
-      <div className="flex h-full flex-col rounded-lg">
-        <div className="rounded-t-lg bg-slate-100">
-          <div className="flex w-full items-center justify-between p-6">
-            <div className="flex items-center space-x-2">
-              <div className="mr-1.5 h-6 w-6 text-slate-500">
-                <Image
-                  className="w-12"
-                  src={NotionLogo}
-                  alt={t("environments.integrations.notion.notion_logo")}
-                />
-              </div>
-              <div>
-                <div className="text-xl font-medium text-slate-700">
-                  {t("environments.integrations.notion.link_notion_database")}
-                </div>
-                <div className="text-sm text-slate-500">
-                  {t("environments.integrations.notion.sync_responses_with_a_notion_database")}
-                </div>
-              </div>
+    <Dialog open={open} onOpenChange={setOpen}>
+      <DialogContent>
+        <DialogHeader>
+          <div className="mb-4 flex items-start space-x-2">
+            <div className="relative size-8">
+              <Image
+                fill
+                className="object-contain object-center"
+                src={NotionLogo}
+                alt={t("environments.integrations.notion.notion_logo")}
+              />
+            </div>
+            <div className="space-y-0.5">
+              <DialogTitle>{t("environments.integrations.notion.link_notion_database")}</DialogTitle>
+              <DialogDescription>
+                {t("environments.integrations.notion.notion_integration_description")}
+              </DialogDescription>
             </div>
           </div>
-        </div>
-        <form onSubmit={handleSubmit(linkDatabase)} className="w-full">
-          <div className="flex justify-between rounded-lg p-6">
+        </DialogHeader>
+
+        <form onSubmit={handleSubmit(linkDatabase)} className="contents space-y-4">
+          <DialogBody>
             <div className="w-full space-y-4">
               <div>
                 <div className="mb-4">
@@ -521,7 +521,7 @@ export const AddIntegrationModal = ({
                     <Label>
                       {t("environments.integrations.notion.map_formbricks_fields_to_notion_property")}
                     </Label>
-                    <div className="mt-4 max-h-[20vh] w-full overflow-y-auto">
+                    <div className="mt-1 space-y-2 overflow-y-auto">
                       {mapping.map((_, idx) => (
                         <MappingRow idx={idx} key={idx} />
                       ))}
@@ -530,43 +530,40 @@ export const AddIntegrationModal = ({
                 )}
               </div>
             </div>
-          </div>
-          <div className="flex justify-end border-t border-slate-200 p-6">
-            <div className="flex space-x-2">
-              {selectedIntegration ? (
-                <Button
-                  type="button"
-                  variant="destructive"
-                  loading={isDeleting}
-                  onClick={() => {
-                    deleteLink();
-                  }}>
-                  {t("common.delete")}
-                </Button>
-              ) : (
-                <Button
-                  type="button"
-                  variant="ghost"
-                  onClick={() => {
-                    setOpen(false);
-                    resetForm();
-                    setMapping([]);
-                  }}>
-                  {t("common.cancel")}
-                </Button>
-              )}
+          </DialogBody>
+
+          <DialogFooter>
+            {selectedIntegration ? (
               <Button
-                type="submit"
-                loading={isLinkingDatabase}
-                disabled={mapping.filter((m) => m.error).length > 0}>
-                {selectedIntegration
-                  ? t("common.update")
-                  : t("environments.integrations.notion.link_database")}
+                type="button"
+                variant="destructive"
+                loading={isDeleting}
+                onClick={() => {
+                  deleteLink();
+                }}>
+                {t("common.delete")}
               </Button>
-            </div>
-          </div>
+            ) : (
+              <Button
+                type="button"
+                variant="secondary"
+                onClick={() => {
+                  setOpen(false);
+                  resetForm();
+                  setMapping([]);
+                }}>
+                {t("common.cancel")}
+              </Button>
+            )}
+            <Button
+              type="submit"
+              loading={isLinkingDatabase}
+              disabled={mapping.filter((m) => m.error).length > 0}>
+              {selectedIntegration ? t("common.update") : t("environments.integrations.notion.link_database")}
+            </Button>
+          </DialogFooter>
         </form>
-      </div>
-    </Modal>
+      </DialogContent>
+    </Dialog>
   );
 };

apps/web/app/(app)/environments/[environmentId]/integrations/notion/components/NotionWrapper.test.tsx

@@ -31,6 +31,9 @@ vi.mock("@/lib/constants", () => ({
   SENTRY_DSN: "mock-sentry-dsn",
   GOOGLE_SHEETS_CLIENT_SECRET: "test-client-secret",
   GOOGLE_SHEETS_REDIRECT_URL: "test-redirect-url",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
 }));
 
 // Mock child components

apps/web/app/(app)/environments/[environmentId]/integrations/slack/actions.ts

@@ -2,7 +2,7 @@
 
 import { getSlackChannels } from "@/lib/slack/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";

apps/web/app/(app)/environments/[environmentId]/integrations/slack/components/AddChannelMappingModal.test.tsx

@@ -83,9 +83,24 @@ vi.mock("@/modules/ui/components/dropdown-selector", () => ({
     </div>
   ),
 }));
-vi.mock("@/modules/ui/components/modal", () => ({
-  Modal: ({ open, children }: { open: boolean; children: React.ReactNode }) =>
-    open ? <div data-testid="modal">{children}</div> : null,
+vi.mock("@/modules/ui/components/dialog", () => ({
+  Dialog: ({ children, open, onOpenChange }: any) =>
+    open ? (
+      <div data-testid="dialog" role="dialog">
+        {children}
+        <button onClick={() => onOpenChange(false)}>Close Dialog</button>
+      </div>
+    ) : null,
+  DialogContent: ({ children, ...props }: any) => (
+    <div data-testid="dialog-content" {...props}>
+      {children}
+    </div>
+  ),
+  DialogHeader: ({ children }: any) => <div data-testid="dialog-header">{children}</div>,
+  DialogTitle: ({ children }: any) => <h2 data-testid="dialog-title">{children}</h2>,
+  DialogDescription: ({ children }: any) => <p data-testid="dialog-description">{children}</p>,
+  DialogBody: ({ children }: any) => <div data-testid="dialog-body">{children}</div>,
+  DialogFooter: ({ children }: any) => <div data-testid="dialog-footer">{children}</div>,
 }));
 vi.mock("next/image", () => ({
   // eslint-disable-next-line @next/next/no-img-element
@@ -121,6 +136,8 @@ vi.mock("@tolgee/react", async () => {
       if (key === "common.all_questions") return "All questions";
       if (key === "common.selected_questions") return "Selected questions";
       if (key === "environments.integrations.slack.link_slack_channel") return "Link Slack Channel";
+      if (key === "environments.integrations.slack.slack_integration_description")
+        return "Send responses directly to Slack.";
       if (key === "common.update") return "Update";
       if (key === "common.delete") return "Delete";
       if (key === "common.cancel") return "Cancel";
@@ -312,10 +329,9 @@ describe("AddChannelMappingModal", () => {
       />
     );
 
-    expect(screen.getByTestId("modal")).toBeInTheDocument();
-    expect(
-      screen.getByText("Link Slack Channel", { selector: "div.text-xl.font-medium" })
-    ).toBeInTheDocument();
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-title")).toHaveTextContent("Link Slack Channel");
+    expect(screen.getByTestId("dialog-description")).toHaveTextContent("Send responses directly to Slack.");
     expect(screen.getByTestId("channel-dropdown")).toBeInTheDocument();
     expect(screen.getByTestId("survey-dropdown")).toBeInTheDocument();
     expect(screen.getByText("Cancel")).toBeInTheDocument();
@@ -339,10 +355,9 @@ describe("AddChannelMappingModal", () => {
       />
     );
 
-    expect(screen.getByTestId("modal")).toBeInTheDocument();
-    expect(
-      screen.getByText("Link Slack Channel", { selector: "div.text-xl.font-medium" })
-    ).toBeInTheDocument();
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-title")).toHaveTextContent("Link Slack Channel");
+    expect(screen.getByTestId("dialog-description")).toHaveTextContent("Send responses directly to Slack.");
     expect(screen.getByTestId("channel-dropdown")).toHaveValue(channels[0].id);
     expect(screen.getByTestId("survey-dropdown")).toHaveValue(surveys[0].id);
     expect(screen.getByText("Questions")).toBeInTheDocument();

apps/web/app/(app)/environments/[environmentId]/integrations/slack/components/AddChannelMappingModal.tsx

@@ -7,9 +7,17 @@ import { replaceHeadlineRecall } from "@/lib/utils/recall";
 import { AdditionalIntegrationSettings } from "@/modules/ui/components/additional-integration-settings";
 import { Button } from "@/modules/ui/components/button";
 import { Checkbox } from "@/modules/ui/components/checkbox";
+import {
+  Dialog,
+  DialogBody,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from "@/modules/ui/components/dialog";
 import { DropdownSelector } from "@/modules/ui/components/dropdown-selector";
 import { Label } from "@/modules/ui/components/label";
-import { Modal } from "@/modules/ui/components/modal";
 import { useTranslate } from "@tolgee/react";
 import { CircleHelpIcon } from "lucide-react";
 import Image from "next/image";
@@ -189,24 +197,28 @@ export const AddChannelMappingModal = ({
   );
 
   return (
-    <Modal open={open} setOpen={setOpenWithStates} noPadding closeOnOutsideClick={true}>
-      <div className="flex h-full flex-col rounded-lg">
-        <div className="rounded-t-lg bg-slate-100">
-          <div className="flex w-full items-center justify-between p-6">
-            <div className="flex items-center space-x-2">
-              <div className="mr-1.5 h-6 w-6 text-slate-500">
-                <Image className="w-12" src={SlackLogo} alt="Slack logo" />
-              </div>
-              <div>
-                <div className="text-xl font-medium text-slate-700">
-                  {t("environments.integrations.slack.link_slack_channel")}
-                </div>
-              </div>
+    <Dialog open={open} onOpenChange={setOpenWithStates}>
+      <DialogContent>
+        <DialogHeader>
+          <div className="flex items-center space-x-2">
+            <div className="relative size-8">
+              <Image
+                fill
+                className="object-contain object-center"
+                src={SlackLogo}
+                alt={t("environments.integrations.slack.slack_logo")}
+              />
+            </div>
+            <div className="space-y-0.5">
+              <DialogTitle>{t("environments.integrations.slack.link_slack_channel")}</DialogTitle>
+              <DialogDescription>
+                {t("environments.integrations.slack.slack_integration_description")}
+              </DialogDescription>
             </div>
           </div>
-        </div>
-        <form onSubmit={handleSubmit(linkChannel)}>
-          <div className="flex justify-between rounded-lg p-6">
+        </DialogHeader>
+        <form className="space-y-4" onSubmit={handleSubmit(linkChannel)}>
+          <DialogBody>
             <div className="w-full space-y-4">
               <div>
                 <div className="mb-4">
@@ -289,31 +301,29 @@ export const AddChannelMappingModal = ({
                 </div>
               )}
             </div>
-          </div>
-          <div className="flex justify-end border-t border-slate-200 p-6">
-            <div className="flex space-x-2">
-              {selectedIntegration ? (
-                <Button type="button" variant="destructive" loading={isDeleting} onClick={deleteLink}>
-                  {t("common.delete")}
-                </Button>
-              ) : (
-                <Button
-                  type="button"
-                  variant="ghost"
-                  onClick={() => {
-                    setOpen(false);
-                    resetForm();
-                  }}>
-                  {t("common.cancel")}
-                </Button>
-              )}
-              <Button type="submit" loading={isLinkingChannel}>
-                {selectedIntegration ? t("common.update") : t("environments.integrations.slack.link_channel")}
+          </DialogBody>
+          <DialogFooter>
+            {selectedIntegration ? (
+              <Button type="button" variant="destructive" loading={isDeleting} onClick={deleteLink}>
+                {t("common.delete")}
               </Button>
-            </div>
-          </div>
+            ) : (
+              <Button
+                type="button"
+                variant="ghost"
+                onClick={() => {
+                  setOpen(false);
+                  resetForm();
+                }}>
+                {t("common.cancel")}
+              </Button>
+            )}
+            <Button type="submit" loading={isLinkingChannel}>
+              {selectedIntegration ? t("common.update") : t("environments.integrations.slack.link_channel")}
+            </Button>
+          </DialogFooter>
         </form>
-      </div>
-    </Modal>
+      </DialogContent>
+    </Dialog>
   );
 };

apps/web/app/(app)/environments/[environmentId]/layout.test.tsx

@@ -1,3 +1,4 @@
+import { getEnvironment } from "@/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
 import { environmentIdLayoutChecks } from "@/modules/environments/lib/utils";
@@ -5,6 +6,7 @@ import { cleanup, render, screen } from "@testing-library/react";
 import { Session } from "next-auth";
 import { redirect } from "next/navigation";
 import { afterEach, describe, expect, test, vi } from "vitest";
+import { TEnvironment } from "@formbricks/types/environment";
 import { TMembership } from "@formbricks/types/memberships";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TProject } from "@formbricks/types/project";
@@ -13,12 +15,20 @@ import EnvLayout from "./layout";
 
 // Mock sub-components to render identifiable elements
 vi.mock("@/app/(app)/environments/[environmentId]/components/EnvironmentLayout", () => ({
-  EnvironmentLayout: ({ children }: any) => <div data-testid="EnvironmentLayout">{children}</div>,
+  EnvironmentLayout: ({ children, environmentId, session }: any) => (
+    <div data-testid="EnvironmentLayout" data-environment-id={environmentId} data-session={session?.user?.id}>
+      {children}
+    </div>
+  ),
 }));
 vi.mock("@/modules/ui/components/environmentId-base-layout", () => ({
-  EnvironmentIdBaseLayout: ({ children, environmentId }: any) => (
-    <div data-testid="EnvironmentIdBaseLayout">
-      {environmentId}
+  EnvironmentIdBaseLayout: ({ children, environmentId, session, user, organization }: any) => (
+    <div
+      data-testid="EnvironmentIdBaseLayout"
+      data-environment-id={environmentId}
+      data-session={session?.user?.id}
+      data-user={user?.id}
+      data-organization={organization?.id}>
       {children}
     </div>
   ),
@@ -27,7 +37,24 @@ vi.mock("@/modules/ui/components/toaster-client", () => ({
   ToasterClient: () => <div data-testid="ToasterClient" />,
 }));
 vi.mock("./components/EnvironmentStorageHandler", () => ({
-  default: ({ environmentId }: any) => <div data-testid="EnvironmentStorageHandler">{environmentId}</div>,
+  default: ({ environmentId }: any) => (
+    <div data-testid="EnvironmentStorageHandler" data-environment-id={environmentId} />
+  ),
+}));
+vi.mock("@/app/(app)/environments/[environmentId]/context/environment-context", () => ({
+  EnvironmentContextWrapper: ({ children, environment, project }: any) => (
+    <div
+      data-testid="EnvironmentContextWrapper"
+      data-environment-id={environment?.id}
+      data-project-id={project?.id}>
+      {children}
+    </div>
+  ),
+}));
+
+// Mock navigation
+vi.mock("next/navigation", () => ({
+  redirect: vi.fn(),
 }));
 
 // Mocks for dependencies
@@ -37,26 +64,43 @@ vi.mock("@/modules/environments/lib/utils", () => ({
 vi.mock("@/lib/project/service", () => ({
   getProjectByEnvironmentId: vi.fn(),
 }));
+vi.mock("@/lib/environment/service", () => ({
+  getEnvironment: vi.fn(),
+}));
 vi.mock("@/lib/membership/service", () => ({
   getMembershipByUserIdOrganizationId: vi.fn(),
 }));
 
 describe("EnvLayout", () => {
+  const mockSession = { user: { id: "user1" } } as Session;
+  const mockUser = { id: "user1", email: "user1@example.com" } as TUser;
+  const mockOrganization = { id: "org1", name: "Org1", billing: {} } as TOrganization;
+  const mockProject = { id: "proj1", name: "Test Project" } as TProject;
+  const mockEnvironment = { id: "env1", type: "production" } as TEnvironment;
+  const mockMembership = {
+    id: "member1",
+    role: "owner",
+    organizationId: "org1",
+    userId: "user1",
+    accepted: true,
+  } as TMembership;
+  const mockTranslation = ((key: string) => key) as any;
+
   afterEach(() => {
     cleanup();
+    vi.clearAllMocks();
   });
 
   test("renders successfully when all dependencies return valid data", async () => {
     vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
-      t: ((key: string) => key) as any, // Mock translation function, we don't need to implement it for the test
-      session: { user: { id: "user1" } } as Session,
-      user: { id: "user1", email: "user1@example.com" } as TUser,
-      organization: { id: "org1", name: "Org1", billing: {} } as TOrganization,
+      t: mockTranslation,
+      session: mockSession,
+      user: mockUser,
+      organization: mockOrganization,
     });
-    vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce({ id: "proj1" } as TProject);
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValueOnce({
-      id: "member1",
-    } as unknown as TMembership);
+    vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce(mockProject);
+    vi.mocked(getEnvironment).mockResolvedValueOnce(mockEnvironment);
+    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValueOnce(mockMembership);
 
     const result = await EnvLayout({
       params: Promise.resolve({ environmentId: "env1" }),
@@ -64,56 +108,43 @@ describe("EnvLayout", () => {
     });
     render(result);
 
-    expect(screen.getByTestId("EnvironmentIdBaseLayout")).toHaveTextContent("env1");
-    expect(screen.getByTestId("EnvironmentStorageHandler")).toHaveTextContent("env1");
-    expect(screen.getByTestId("EnvironmentLayout")).toBeDefined();
+    // Verify main layout structure
+    expect(screen.getByTestId("EnvironmentIdBaseLayout")).toBeInTheDocument();
+    expect(screen.getByTestId("EnvironmentIdBaseLayout")).toHaveAttribute("data-environment-id", "env1");
+    expect(screen.getByTestId("EnvironmentIdBaseLayout")).toHaveAttribute("data-session", "user1");
+    expect(screen.getByTestId("EnvironmentIdBaseLayout")).toHaveAttribute("data-user", "user1");
+    expect(screen.getByTestId("EnvironmentIdBaseLayout")).toHaveAttribute("data-organization", "org1");
+
+    // Verify environment storage handler
+    expect(screen.getByTestId("EnvironmentStorageHandler")).toBeInTheDocument();
+    expect(screen.getByTestId("EnvironmentStorageHandler")).toHaveAttribute("data-environment-id", "env1");
+
+    // Verify context wrapper
+    expect(screen.getByTestId("EnvironmentContextWrapper")).toBeInTheDocument();
+    expect(screen.getByTestId("EnvironmentContextWrapper")).toHaveAttribute("data-environment-id", "env1");
+    expect(screen.getByTestId("EnvironmentContextWrapper")).toHaveAttribute("data-project-id", "proj1");
+
+    // Verify environment layout
+    expect(screen.getByTestId("EnvironmentLayout")).toBeInTheDocument();
+    expect(screen.getByTestId("EnvironmentLayout")).toHaveAttribute("data-environment-id", "env1");
+    expect(screen.getByTestId("EnvironmentLayout")).toHaveAttribute("data-session", "user1");
+
+    // Verify children are rendered
     expect(screen.getByTestId("child")).toHaveTextContent("Content");
+
+    // Verify all services were called with correct parameters
+    expect(environmentIdLayoutChecks).toHaveBeenCalledWith("env1");
+    expect(getProjectByEnvironmentId).toHaveBeenCalledWith("env1");
+    expect(getEnvironment).toHaveBeenCalledWith("env1");
+    expect(getMembershipByUserIdOrganizationId).toHaveBeenCalledWith("user1", "org1");
   });
 
-  test("throws error if project is not found", async () => {
+  test("redirects when session is null", async () => {
     vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
-      t: ((key: string) => key) as any,
-      session: { user: { id: "user1" } } as Session,
-      user: { id: "user1", email: "user1@example.com" } as TUser,
-      organization: { id: "org1", name: "Org1", billing: {} } as TOrganization,
-    });
-    vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce(null);
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValueOnce({
-      id: "member1",
-    } as unknown as TMembership);
-
-    await expect(
-      EnvLayout({
-        params: Promise.resolve({ environmentId: "env1" }),
-        children: <div>Content</div>,
-      })
-    ).rejects.toThrow("common.project_not_found");
-  });
-
-  test("throws error if membership is not found", async () => {
-    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
-      t: ((key: string) => key) as any,
-      session: { user: { id: "user1" } } as Session,
-      user: { id: "user1", email: "user1@example.com" } as TUser,
-      organization: { id: "org1", name: "Org1", billing: {} } as TOrganization,
-    });
-    vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce({ id: "proj1" } as TProject);
-    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValueOnce(null);
-
-    await expect(
-      EnvLayout({
-        params: Promise.resolve({ environmentId: "env1" }),
-        children: <div>Content</div>,
-      })
-    ).rejects.toThrow("common.membership_not_found");
-  });
-
-  test("calls redirect when session is null", async () => {
-    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
-      t: ((key: string) => key) as any,
-      session: undefined as unknown as Session,
-      user: undefined as unknown as TUser,
-      organization: { id: "org1", name: "Org1", billing: {} } as TOrganization,
+      t: mockTranslation,
+      session: null as unknown as Session,
+      user: mockUser,
+      organization: mockOrganization,
     });
     vi.mocked(redirect).mockImplementationOnce(() => {
       throw new Error("Redirect called");
@@ -125,18 +156,16 @@ describe("EnvLayout", () => {
         children: <div>Content</div>,
       })
     ).rejects.toThrow("Redirect called");
+
+    expect(redirect).toHaveBeenCalledWith("/auth/login");
   });
 
   test("throws error if user is null", async () => {
     vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
-      t: ((key: string) => key) as any,
-      session: { user: { id: "user1" } } as Session,
-      user: undefined as unknown as TUser,
-      organization: { id: "org1", name: "Org1", billing: {} } as TOrganization,
-    });
-
-    vi.mocked(redirect).mockImplementationOnce(() => {
-      throw new Error("Redirect called");
+      t: mockTranslation,
+      session: mockSession,
+      user: null as unknown as TUser,
+      organization: mockOrganization,
     });
 
     await expect(
@@ -145,5 +174,154 @@ describe("EnvLayout", () => {
         children: <div>Content</div>,
       })
     ).rejects.toThrow("common.user_not_found");
+
+    // Verify redirect was not called
+    expect(redirect).not.toHaveBeenCalled();
+  });
+
+  test("throws error if project is not found", async () => {
+    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
+      t: mockTranslation,
+      session: mockSession,
+      user: mockUser,
+      organization: mockOrganization,
+    });
+    vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce(null);
+    vi.mocked(getEnvironment).mockResolvedValueOnce(mockEnvironment);
+
+    await expect(
+      EnvLayout({
+        params: Promise.resolve({ environmentId: "env1" }),
+        children: <div>Content</div>,
+      })
+    ).rejects.toThrow("common.project_not_found");
+
+    // Verify both project and environment were called in Promise.all
+    expect(getProjectByEnvironmentId).toHaveBeenCalledWith("env1");
+    expect(getEnvironment).toHaveBeenCalledWith("env1");
+  });
+
+  test("throws error if environment is not found", async () => {
+    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
+      t: mockTranslation,
+      session: mockSession,
+      user: mockUser,
+      organization: mockOrganization,
+    });
+    vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce(mockProject);
+    vi.mocked(getEnvironment).mockResolvedValueOnce(null);
+
+    await expect(
+      EnvLayout({
+        params: Promise.resolve({ environmentId: "env1" }),
+        children: <div>Content</div>,
+      })
+    ).rejects.toThrow("common.environment_not_found");
+
+    // Verify both project and environment were called in Promise.all
+    expect(getProjectByEnvironmentId).toHaveBeenCalledWith("env1");
+    expect(getEnvironment).toHaveBeenCalledWith("env1");
+  });
+
+  test("throws error if membership is not found", async () => {
+    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
+      t: mockTranslation,
+      session: mockSession,
+      user: mockUser,
+      organization: mockOrganization,
+    });
+    vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce(mockProject);
+    vi.mocked(getEnvironment).mockResolvedValueOnce(mockEnvironment);
+    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValueOnce(null);
+
+    await expect(
+      EnvLayout({
+        params: Promise.resolve({ environmentId: "env1" }),
+        children: <div>Content</div>,
+      })
+    ).rejects.toThrow("common.membership_not_found");
+
+    expect(getMembershipByUserIdOrganizationId).toHaveBeenCalledWith("user1", "org1");
+  });
+
+  test("handles Promise.all correctly for project and environment", async () => {
+    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
+      t: mockTranslation,
+      session: mockSession,
+      user: mockUser,
+      organization: mockOrganization,
+    });
+
+    // Mock Promise.all to verify it's called correctly
+    const getProjectSpy = vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce(mockProject);
+    const getEnvironmentSpy = vi.mocked(getEnvironment).mockResolvedValueOnce(mockEnvironment);
+    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValueOnce(mockMembership);
+
+    const result = await EnvLayout({
+      params: Promise.resolve({ environmentId: "env1" }),
+      children: <div data-testid="child">Content</div>,
+    });
+    render(result);
+
+    // Verify both calls were made
+    expect(getProjectSpy).toHaveBeenCalledWith("env1");
+    expect(getEnvironmentSpy).toHaveBeenCalledWith("env1");
+
+    // Verify successful rendering
+    expect(screen.getByTestId("child")).toBeInTheDocument();
+  });
+
+  test("handles different environment types correctly", async () => {
+    const developmentEnvironment = { id: "env1", type: "development" } as TEnvironment;
+
+    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
+      t: mockTranslation,
+      session: mockSession,
+      user: mockUser,
+      organization: mockOrganization,
+    });
+    vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce(mockProject);
+    vi.mocked(getEnvironment).mockResolvedValueOnce(developmentEnvironment);
+    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValueOnce(mockMembership);
+
+    const result = await EnvLayout({
+      params: Promise.resolve({ environmentId: "env1" }),
+      children: <div data-testid="child">Content</div>,
+    });
+    render(result);
+
+    // Verify context wrapper receives the development environment
+    expect(screen.getByTestId("EnvironmentContextWrapper")).toHaveAttribute("data-environment-id", "env1");
+    expect(screen.getByTestId("child")).toBeInTheDocument();
+  });
+
+  test("handles different user roles correctly", async () => {
+    const memberMembership = {
+      id: "member1",
+      role: "member",
+      organizationId: "org1",
+      userId: "user1",
+      accepted: true,
+    } as TMembership;
+
+    vi.mocked(environmentIdLayoutChecks).mockResolvedValueOnce({
+      t: mockTranslation,
+      session: mockSession,
+      user: mockUser,
+      organization: mockOrganization,
+    });
+    vi.mocked(getProjectByEnvironmentId).mockResolvedValueOnce(mockProject);
+    vi.mocked(getEnvironment).mockResolvedValueOnce(mockEnvironment);
+    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValueOnce(memberMembership);
+
+    const result = await EnvLayout({
+      params: Promise.resolve({ environmentId: "env1" }),
+      children: <div data-testid="child">Content</div>,
+    });
+    render(result);
+
+    // Verify successful rendering with member role
+    expect(screen.getByTestId("child")).toBeInTheDocument();
+    expect(getMembershipByUserIdOrganizationId).toHaveBeenCalledWith("user1", "org1");
   });
 });

apps/web/app/(app)/environments/[environmentId]/layout.tsx

@@ -1,4 +1,6 @@
 import { EnvironmentLayout } from "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout";
+import { EnvironmentContextWrapper } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { getEnvironment } from "@/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
 import { environmentIdLayoutChecks } from "@/modules/environments/lib/utils";
@@ -11,7 +13,6 @@ const EnvLayout = async (props: {
   children: React.ReactNode;
 }) => {
   const params = await props.params;
-
   const { children } = props;
 
   const { t, session, user, organization } = await environmentIdLayoutChecks(params.environmentId);
@@ -24,11 +25,19 @@ const EnvLayout = async (props: {
     throw new Error(t("common.user_not_found"));
   }
 
-  const project = await getProjectByEnvironmentId(params.environmentId);
+  const [project, environment] = await Promise.all([
+    getProjectByEnvironmentId(params.environmentId),
+    getEnvironment(params.environmentId),
+  ]);
+
   if (!project) {
     throw new Error(t("common.project_not_found"));
   }
 
+  if (!environment) {
+    throw new Error(t("common.environment_not_found"));
+  }
+
   const membership = await getMembershipByUserIdOrganizationId(session.user.id, organization.id);
 
   if (!membership) {
@@ -42,9 +51,11 @@ const EnvLayout = async (props: {
       user={user}
       organization={organization}>
       <EnvironmentStorageHandler environmentId={params.environmentId} />
-      <EnvironmentLayout environmentId={params.environmentId} session={session}>
-        {children}
-      </EnvironmentLayout>
+      <EnvironmentContextWrapper environment={environment} project={project}>
+        <EnvironmentLayout environmentId={params.environmentId} session={session}>
+          {children}
+        </EnvironmentLayout>
+      </EnvironmentContextWrapper>
     </EnvironmentIdBaseLayout>
   );
 };

apps/web/app/(app)/environments/[environmentId]/project/(setup)/app-connection/page.test.tsx

@@ -24,6 +24,15 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
+}));
+
+vi.mock("@/lib/env", () => ({
+  env: {
+    PUBLIC_URL: "https://example.com",
+  },
 }));
 
 describe("AppConnectionPage Re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/general/page.test.tsx

@@ -24,6 +24,15 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: 1,
+}));
+
+vi.mock("@/lib/env", () => ({
+  env: {
+    PUBLIC_URL: "https://public-domain.com",
+  },
 }));
 
 describe("GeneralSettingsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/languages/page.test.tsx

@@ -24,6 +24,9 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: 1,
 }));
 
 describe("LanguagesPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/look/page.test.tsx

@@ -24,6 +24,15 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: 1,
+}));
+
+vi.mock("@/lib/env", () => ({
+  env: {
+    PUBLIC_URL: "https://public-domain.com",
+  },
 }));
 
 describe("ProjectLookSettingsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/tags/page.test.tsx

@@ -24,6 +24,9 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: 1,
 }));
 
 describe("TagsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/teams/page.test.tsx

@@ -24,6 +24,9 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
 }));
 
 describe("ProjectTeams re-export", () => {

apps/web/app/(app)/environments/[environmentId]/settings/(account)/layout.test.tsx

@@ -40,6 +40,9 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
+  SESSION_MAX_AGE: 1000,
+  REDIS_URL: undefined,
+  AUDIT_LOG_ENABLED: true,
 }));
 
 const mockGetOrganizationByEnvironmentId = vi.mocked(getOrganizationByEnvironmentId);

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/actions.ts

@@ -1,7 +1,9 @@
 "use server";
 
-import { updateUser } from "@/lib/user/service";
+import { getUser, updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { z } from "zod";
 import { ZUserNotificationSettings } from "@formbricks/types/user";
 
@@ -11,8 +13,25 @@ const ZUpdateNotificationSettingsAction = z.object({
 
 export const updateNotificationSettingsAction = authenticatedActionClient
   .schema(ZUpdateNotificationSettingsAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await updateUser(ctx.user.id, {
-      notificationSettings: parsedInput.notificationSettings,
-    });
-  });
+  .action(
+    withAuditLogging(
+      "updated",
+      "user",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: Record<string, any>;
+      }) => {
+        const oldObject = await getUser(ctx.user.id);
+        const result = await updateUser(ctx.user.id, {
+          notificationSettings: parsedInput.notificationSettings,
+        });
+        ctx.auditLoggingCtx.userId = ctx.user.id;
+        ctx.auditLoggingCtx.oldObject = oldObject;
+        ctx.auditLoggingCtx.newObject = result;
+        return result;
+      }
+    )
+  );

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/components/NotificationSwitch.test.tsx

@@ -20,7 +20,7 @@ vi.mock("@/modules/ui/components/switch", () => ({
 }));
 
 vi.mock("../actions", () => ({
-  updateNotificationSettingsAction: vi.fn(() => Promise.resolve()),
+  updateNotificationSettingsAction: vi.fn(() => Promise.resolve({ data: true })),
 }));
 
 const surveyId = "survey1";
@@ -246,4 +246,204 @@ describe("NotificationSwitch", () => {
     });
     expect(updateNotificationSettingsAction).not.toHaveBeenCalled();
   });
+
+  test("shows error toast when updateNotificationSettingsAction fails for 'alert' type", async () => {
+    const mockErrorResponse = { serverError: "Failed to update notification settings" };
+    vi.mocked(updateNotificationSettingsAction).mockResolvedValueOnce(mockErrorResponse);
+
+    const initialSettings = { ...baseNotificationSettings, alert: { [surveyId]: false } };
+    renderSwitch({ notificationSettings: initialSettings, notificationType: "alert" });
+    const switchInput = screen.getByLabelText("toggle notification settings for alert");
+
+    await act(async () => {
+      await user.click(switchInput);
+    });
+
+    expect(updateNotificationSettingsAction).toHaveBeenCalledWith({
+      notificationSettings: { ...initialSettings, alert: { [surveyId]: true } },
+    });
+    expect(toast.error).toHaveBeenCalledWith("Failed to update notification settings", {
+      id: "notification-switch",
+    });
+    expect(toast.success).not.toHaveBeenCalled();
+  });
+
+  test("shows error toast when updateNotificationSettingsAction fails for 'weeklySummary' type", async () => {
+    const mockErrorResponse = { serverError: "Database connection failed" };
+    vi.mocked(updateNotificationSettingsAction).mockResolvedValueOnce(mockErrorResponse);
+
+    const initialSettings = { ...baseNotificationSettings, weeklySummary: { [projectId]: true } };
+    renderSwitch({
+      surveyOrProjectOrOrganizationId: projectId,
+      notificationSettings: initialSettings,
+      notificationType: "weeklySummary",
+    });
+    const switchInput = screen.getByLabelText("toggle notification settings for weeklySummary");
+
+    await act(async () => {
+      await user.click(switchInput);
+    });
+
+    expect(updateNotificationSettingsAction).toHaveBeenCalledWith({
+      notificationSettings: { ...initialSettings, weeklySummary: { [projectId]: false } },
+    });
+    expect(toast.error).toHaveBeenCalledWith("Database connection failed", {
+      id: "notification-switch",
+    });
+    expect(toast.success).not.toHaveBeenCalled();
+  });
+
+  test("shows error toast when updateNotificationSettingsAction fails for 'unsubscribedOrganizationIds' type", async () => {
+    const mockErrorResponse = { serverError: "Permission denied" };
+    vi.mocked(updateNotificationSettingsAction).mockResolvedValueOnce(mockErrorResponse);
+
+    const initialSettings = { ...baseNotificationSettings, unsubscribedOrganizationIds: [] };
+    renderSwitch({
+      surveyOrProjectOrOrganizationId: organizationId,
+      notificationSettings: initialSettings,
+      notificationType: "unsubscribedOrganizationIds",
+    });
+    const switchInput = screen.getByLabelText("toggle notification settings for unsubscribedOrganizationIds");
+
+    await act(async () => {
+      await user.click(switchInput);
+    });
+
+    expect(updateNotificationSettingsAction).toHaveBeenCalledWith({
+      notificationSettings: { ...initialSettings, unsubscribedOrganizationIds: [organizationId] },
+    });
+    expect(toast.error).toHaveBeenCalledWith("Permission denied", {
+      id: "notification-switch",
+    });
+    expect(toast.success).not.toHaveBeenCalled();
+  });
+
+  test("shows error toast when updateNotificationSettingsAction returns null", async () => {
+    const mockErrorResponse = { serverError: "An error occurred" };
+    vi.mocked(updateNotificationSettingsAction).mockResolvedValueOnce(mockErrorResponse);
+
+    const initialSettings = { ...baseNotificationSettings, alert: { [surveyId]: false } };
+    renderSwitch({ notificationSettings: initialSettings, notificationType: "alert" });
+    const switchInput = screen.getByLabelText("toggle notification settings for alert");
+
+    await act(async () => {
+      await user.click(switchInput);
+    });
+
+    expect(updateNotificationSettingsAction).toHaveBeenCalledWith({
+      notificationSettings: { ...initialSettings, alert: { [surveyId]: true } },
+    });
+    expect(toast.error).toHaveBeenCalledWith("An error occurred", {
+      id: "notification-switch",
+    });
+    expect(toast.success).not.toHaveBeenCalled();
+  });
+
+  test("shows error toast when updateNotificationSettingsAction returns undefined", async () => {
+    const mockErrorResponse = { serverError: "An error occurred" };
+    vi.mocked(updateNotificationSettingsAction).mockResolvedValueOnce(mockErrorResponse);
+
+    const initialSettings = { ...baseNotificationSettings, alert: { [surveyId]: false } };
+    renderSwitch({ notificationSettings: initialSettings, notificationType: "alert" });
+    const switchInput = screen.getByLabelText("toggle notification settings for alert");
+
+    await act(async () => {
+      await user.click(switchInput);
+    });
+
+    expect(updateNotificationSettingsAction).toHaveBeenCalledWith({
+      notificationSettings: { ...initialSettings, alert: { [surveyId]: true } },
+    });
+    expect(toast.error).toHaveBeenCalledWith("An error occurred", {
+      id: "notification-switch",
+    });
+    expect(toast.success).not.toHaveBeenCalled();
+  });
+
+  test("shows error toast when updateNotificationSettingsAction returns response without data property", async () => {
+    const mockErrorResponse = { validationErrors: { _errors: ["Invalid input"] } };
+    vi.mocked(updateNotificationSettingsAction).mockResolvedValueOnce(mockErrorResponse);
+
+    const initialSettings = { ...baseNotificationSettings, alert: { [surveyId]: false } };
+    renderSwitch({ notificationSettings: initialSettings, notificationType: "alert" });
+    const switchInput = screen.getByLabelText("toggle notification settings for alert");
+
+    await act(async () => {
+      await user.click(switchInput);
+    });
+
+    expect(updateNotificationSettingsAction).toHaveBeenCalledWith({
+      notificationSettings: { ...initialSettings, alert: { [surveyId]: true } },
+    });
+    expect(toast.error).toHaveBeenCalledWith("Invalid input", {
+      id: "notification-switch",
+    });
+    expect(toast.success).not.toHaveBeenCalled();
+  });
+
+  test("shows error toast when updateNotificationSettingsAction throws an exception", async () => {
+    const mockErrorResponse = { serverError: "Network error" };
+    vi.mocked(updateNotificationSettingsAction).mockResolvedValueOnce(mockErrorResponse);
+
+    const initialSettings = { ...baseNotificationSettings, alert: { [surveyId]: false } };
+    renderSwitch({ notificationSettings: initialSettings, notificationType: "alert" });
+    const switchInput = screen.getByLabelText("toggle notification settings for alert");
+
+    await act(async () => {
+      await user.click(switchInput);
+    });
+
+    expect(updateNotificationSettingsAction).toHaveBeenCalledWith({
+      notificationSettings: { ...initialSettings, alert: { [surveyId]: true } },
+    });
+    expect(toast.error).toHaveBeenCalledWith("Network error", {
+      id: "notification-switch",
+    });
+    expect(toast.success).not.toHaveBeenCalled();
+  });
+
+  test("switch remains enabled after error occurs", async () => {
+    const mockErrorResponse = { serverError: "Failed to update" };
+    vi.mocked(updateNotificationSettingsAction).mockResolvedValueOnce(mockErrorResponse);
+
+    const initialSettings = { ...baseNotificationSettings, alert: { [surveyId]: false } };
+    renderSwitch({ notificationSettings: initialSettings, notificationType: "alert" });
+    const switchInput = screen.getByLabelText("toggle notification settings for alert");
+
+    await act(async () => {
+      await user.click(switchInput);
+    });
+
+    expect(toast.error).toHaveBeenCalledWith("Failed to update", {
+      id: "notification-switch",
+    });
+    expect(switchInput).toBeEnabled(); // Switch should be re-enabled after error
+  });
+
+  test("shows error toast with validation errors for specific fields", async () => {
+    const mockErrorResponse = {
+      validationErrors: {
+        notificationSettings: {
+          _errors: ["Invalid notification settings"],
+        },
+      },
+    };
+    vi.mocked(updateNotificationSettingsAction).mockResolvedValueOnce(mockErrorResponse);
+
+    const initialSettings = { ...baseNotificationSettings, alert: { [surveyId]: false } };
+    renderSwitch({ notificationSettings: initialSettings, notificationType: "alert" });
+    const switchInput = screen.getByLabelText("toggle notification settings for alert");
+
+    await act(async () => {
+      await user.click(switchInput);
+    });
+
+    expect(updateNotificationSettingsAction).toHaveBeenCalledWith({
+      notificationSettings: { ...initialSettings, alert: { [surveyId]: true } },
+    });
+    expect(toast.error).toHaveBeenCalledWith("notificationSettingsInvalid notification settings", {
+      id: "notification-switch",
+    });
+    expect(toast.success).not.toHaveBeenCalled();
+  });
 });

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/components/NotificationSwitch.tsx

@@ -1,7 +1,9 @@
 "use client";
 
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { Switch } from "@/modules/ui/components/switch";
 import { useTranslate } from "@tolgee/react";
+import { useRouter } from "next/navigation";
 import { useEffect, useState } from "react";
 import toast from "react-hot-toast";
 import { TUserNotificationSettings } from "@formbricks/types/user";
@@ -24,6 +26,7 @@ export const NotificationSwitch = ({
 }: NotificationSwitchProps) => {
   const [isLoading, setIsLoading] = useState(false);
   const { t } = useTranslate();
+  const router = useRouter();
   const isChecked =
     notificationType === "unsubscribedOrganizationIds"
       ? !notificationSettings.unsubscribedOrganizationIds?.includes(surveyOrProjectOrOrganizationId)
@@ -50,7 +53,20 @@ export const NotificationSwitch = ({
         !updatedNotificationSettings[notificationType][surveyOrProjectOrOrganizationId];
     }
 
-    await updateNotificationSettingsAction({ notificationSettings: updatedNotificationSettings });
+    const updatedNotificationSettingsActionResponse = await updateNotificationSettingsAction({
+      notificationSettings: updatedNotificationSettings,
+    });
+    if (updatedNotificationSettingsActionResponse?.data) {
+      toast.success(t("environments.settings.notifications.notification_settings_updated"), {
+        id: "notification-switch",
+      });
+      router.refresh();
+    } else {
+      const errorMessage = getFormattedErrorMessage(updatedNotificationSettingsActionResponse);
+      toast.error(errorMessage, {
+        id: "notification-switch",
+      });
+    }
     setIsLoading(false);
   };
 
@@ -104,9 +120,6 @@ export const NotificationSwitch = ({
       disabled={isLoading}
       onCheckedChange={async () => {
         await handleSwitchChange();
-        toast.success(t("environments.settings.notifications.notification_settings_updated"), {
-          id: "notification-switch",
-        });
       }}
     />
   );

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/actions.ts

@@ -1,49 +1,182 @@
 "use server";
 
+import {
+  getIsEmailUnique,
+  verifyUserPassword,
+} from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user";
+import { EMAIL_VERIFICATION_DISABLED } from "@/lib/constants";
 import { deleteFile } from "@/lib/storage/service";
 import { getFileNameWithIdFromUrl } from "@/lib/storage/utils";
-import { updateUser } from "@/lib/user/service";
+import { getUser, updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
+import { rateLimit } from "@/lib/utils/rate-limit";
+import { updateBrevoCustomer } from "@/modules/auth/lib/brevo";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
+import { sendForgotPasswordEmail, sendVerificationNewEmail } from "@/modules/email";
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
-import { ZUserUpdateInput } from "@formbricks/types/user";
+import {
+  AuthenticationError,
+  AuthorizationError,
+  OperationNotAllowedError,
+  TooManyRequestsError,
+} from "@formbricks/types/errors";
+import { TUserUpdateInput, ZUserPassword, ZUserUpdateInput } from "@formbricks/types/user";
+
+const limiter = rateLimit({
+  interval: 60 * 60, // 1 hour
+  allowedPerInterval: 3, // max 3 calls for email verification per hour
+});
+
+function buildUserUpdatePayload(parsedInput: any): TUserUpdateInput {
+  return {
+    ...(parsedInput.name && { name: parsedInput.name }),
+    ...(parsedInput.locale && { locale: parsedInput.locale }),
+  };
+}
+
+async function handleEmailUpdate({
+  ctx,
+  parsedInput,
+  payload,
+}: {
+  ctx: any;
+  parsedInput: any;
+  payload: TUserUpdateInput;
+}) {
+  const inputEmail = parsedInput.email?.trim().toLowerCase();
+  if (!inputEmail || ctx.user.email === inputEmail) return payload;
+
+  try {
+    await limiter(ctx.user.id);
+  } catch {
+    throw new TooManyRequestsError("Too many requests");
+  }
+  if (ctx.user.identityProvider !== "email") {
+    throw new OperationNotAllowedError("Email update is not allowed for non-credential users.");
+  }
+  if (!parsedInput.password) {
+    throw new AuthenticationError("Password is required to update email.");
+  }
+  const isCorrectPassword = await verifyUserPassword(ctx.user.id, parsedInput.password);
+  if (!isCorrectPassword) {
+    throw new AuthorizationError("Incorrect credentials");
+  }
+  const isEmailUnique = await getIsEmailUnique(inputEmail);
+  if (!isEmailUnique) return payload;
+
+  if (EMAIL_VERIFICATION_DISABLED) {
+    payload.email = inputEmail;
+    await updateBrevoCustomer({ id: ctx.user.id, email: inputEmail });
+  } else {
+    await sendVerificationNewEmail(ctx.user.id, inputEmail);
+  }
+  return payload;
+}
 
 export const updateUserAction = authenticatedActionClient
-  .schema(ZUserUpdateInput.pick({ name: true, locale: true }))
-  .action(async ({ parsedInput, ctx }) => {
-    return await updateUser(ctx.user.id, parsedInput);
-  });
+  .schema(
+    ZUserUpdateInput.pick({ name: true, email: true, locale: true }).extend({
+      password: ZUserPassword.optional(),
+    })
+  )
+  .action(
+    withAuditLogging(
+      "updated",
+      "user",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: Record<string, any>;
+      }) => {
+        const oldObject = await getUser(ctx.user.id);
+        let payload = buildUserUpdatePayload(parsedInput);
+        payload = await handleEmailUpdate({ ctx, parsedInput, payload });
+
+        // Only proceed with updateUser if we have actual changes to make
+        let newObject = oldObject;
+        if (Object.keys(payload).length > 0) {
+          newObject = await updateUser(ctx.user.id, payload);
+        }
+
+        ctx.auditLoggingCtx.userId = ctx.user.id;
+        ctx.auditLoggingCtx.oldObject = oldObject;
+        ctx.auditLoggingCtx.newObject = newObject;
+
+        return true;
+      }
+    )
+  );
 
 const ZUpdateAvatarAction = z.object({
   avatarUrl: z.string(),
 });
 
-export const updateAvatarAction = authenticatedActionClient
-  .schema(ZUpdateAvatarAction)
-  .action(async ({ parsedInput, ctx }) => {
-    return await updateUser(ctx.user.id, { imageUrl: parsedInput.avatarUrl });
-  });
+export const updateAvatarAction = authenticatedActionClient.schema(ZUpdateAvatarAction).action(
+  withAuditLogging(
+    "updated",
+    "user",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const oldObject = await getUser(ctx.user.id);
+      const result = await updateUser(ctx.user.id, { imageUrl: parsedInput.avatarUrl });
+      ctx.auditLoggingCtx.userId = ctx.user.id;
+      ctx.auditLoggingCtx.oldObject = oldObject;
+      ctx.auditLoggingCtx.newObject = result;
+      return result;
+    }
+  )
+);
 
 const ZRemoveAvatarAction = z.object({
   environmentId: ZId,
 });
 
-export const removeAvatarAction = authenticatedActionClient
-  .schema(ZRemoveAvatarAction)
-  .action(async ({ parsedInput, ctx }) => {
-    const imageUrl = ctx.user.imageUrl;
-    if (!imageUrl) {
-      throw new Error("Image not found");
-    }
+export const removeAvatarAction = authenticatedActionClient.schema(ZRemoveAvatarAction).action(
+  withAuditLogging(
+    "updated",
+    "user",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const oldObject = await getUser(ctx.user.id);
+      const imageUrl = ctx.user.imageUrl;
+      if (!imageUrl) {
+        throw new Error("Image not found");
+      }
 
-    const fileName = getFileNameWithIdFromUrl(imageUrl);
-    if (!fileName) {
-      throw new Error("Invalid filename");
-    }
+      const fileName = getFileNameWithIdFromUrl(imageUrl);
+      if (!fileName) {
+        throw new Error("Invalid filename");
+      }
 
-    const deletionResult = await deleteFile(parsedInput.environmentId, "public", fileName);
-    if (!deletionResult.success) {
-      throw new Error("Deletion failed");
+      const deletionResult = await deleteFile(parsedInput.environmentId, "public", fileName);
+      if (!deletionResult.success) {
+        throw new Error("Deletion failed");
+      }
+      const result = await updateUser(ctx.user.id, { imageUrl: null });
+      ctx.auditLoggingCtx.userId = ctx.user.id;
+      ctx.auditLoggingCtx.oldObject = oldObject;
+      ctx.auditLoggingCtx.newObject = result;
+      return result;
     }
-    return await updateUser(ctx.user.id, { imageUrl: null });
-  });
+  )
+);
+
+export const resetPasswordAction = authenticatedActionClient.action(
+  withAuditLogging(
+    "passwordReset",
+    "user",
+    async ({ ctx }: { ctx: AuthenticatedActionClientCtx; parsedInput: undefined }) => {
+      if (ctx.user.identityProvider !== "email") {
+        throw new OperationNotAllowedError("Password reset is not allowed for this user.");
+      }
+
+      await sendForgotPasswordEmail(ctx.user);
+
+      ctx.auditLoggingCtx.userId = ctx.user.id;
+
+      return { success: true };
+    }
+  )
+);

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/EditProfileDetailsForm.test.tsx

@@ -3,7 +3,7 @@ import userEvent from "@testing-library/user-event";
 import toast from "react-hot-toast";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { TUser } from "@formbricks/types/user";
-import { updateUserAction } from "../actions";
+import { resetPasswordAction, updateUserAction } from "../actions";
 import { EditProfileDetailsForm } from "./EditProfileDetailsForm";
 
 const mockUser = {
@@ -24,6 +24,8 @@ const mockUser = {
   objective: "other",
 } as unknown as TUser;
 
+vi.mock("next-auth/react", () => ({ signOut: vi.fn() }));
+
 // Mock window.location.reload
 const originalLocation = window.location;
 beforeEach(() => {
@@ -35,6 +37,11 @@ beforeEach(() => {
 
 vi.mock("@/app/(app)/environments/[environmentId]/settings/(account)/profile/actions", () => ({
   updateUserAction: vi.fn(),
+  resetPasswordAction: vi.fn(),
+}));
+
+vi.mock("@/modules/auth/forgot-password/actions", () => ({
+  forgotPasswordAction: vi.fn(),
 }));
 
 afterEach(() => {
@@ -50,11 +57,16 @@ describe("EditProfileDetailsForm", () => {
   test("renders with initial user data and updates successfully", async () => {
     vi.mocked(updateUserAction).mockResolvedValue({ ...mockUser, name: "New Name" } as any);
 
-    render(<EditProfileDetailsForm user={mockUser} />);
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={true}
+        isPasswordResetEnabled={false}
+      />
+    );
 
     const nameInput = screen.getByPlaceholderText("common.full_name");
     expect(nameInput).toHaveValue(mockUser.name);
-    expect(screen.getByDisplayValue(mockUser.email)).toBeDisabled();
     // Check initial language (English)
     expect(screen.getByText("English (US)")).toBeInTheDocument();
 
@@ -72,7 +84,11 @@ describe("EditProfileDetailsForm", () => {
     await userEvent.click(updateButton);
 
     await waitFor(() => {
-      expect(updateUserAction).toHaveBeenCalledWith({ name: "New Name", locale: "de-DE" });
+      expect(updateUserAction).toHaveBeenCalledWith({
+        name: "New Name",
+        locale: "de-DE",
+        email: mockUser.email,
+      });
     });
     await waitFor(() => {
       expect(toast.success).toHaveBeenCalledWith(
@@ -88,7 +104,13 @@ describe("EditProfileDetailsForm", () => {
     const errorMessage = "Update failed";
     vi.mocked(updateUserAction).mockRejectedValue(new Error(errorMessage));
 
-    render(<EditProfileDetailsForm user={mockUser} />);
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={false}
+      />
+    );
 
     const nameInput = screen.getByPlaceholderText("common.full_name");
     await userEvent.clear(nameInput);
@@ -106,7 +128,13 @@ describe("EditProfileDetailsForm", () => {
   });
 
   test("update button is disabled initially and enables on change", async () => {
-    render(<EditProfileDetailsForm user={mockUser} />);
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={false}
+      />
+    );
     const updateButton = screen.getByText("common.update");
     expect(updateButton).toBeDisabled();
 
@@ -114,4 +142,68 @@ describe("EditProfileDetailsForm", () => {
     await userEvent.type(nameInput, " updated");
     expect(updateButton).toBeEnabled();
   });
+
+  test("reset password button works", async () => {
+    vi.mocked(resetPasswordAction).mockResolvedValue({ data: { success: true } });
+
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={true}
+      />
+    );
+
+    const resetButton = screen.getByRole("button", { name: "auth.forgot-password.reset_password" });
+    await userEvent.click(resetButton);
+
+    await waitFor(() => {
+      expect(resetPasswordAction).toHaveBeenCalled();
+    });
+
+    await waitFor(() => {
+      expect(toast.success).toHaveBeenCalledWith("auth.forgot-password.email-sent.heading");
+    });
+  });
+
+  test("reset password button handles error correctly", async () => {
+    const errorMessage = "Reset failed";
+    vi.mocked(resetPasswordAction).mockResolvedValue({ serverError: errorMessage });
+
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={true}
+      />
+    );
+
+    const resetButton = screen.getByRole("button", { name: "auth.forgot-password.reset_password" });
+    await userEvent.click(resetButton);
+
+    await waitFor(() => {
+      expect(resetPasswordAction).toHaveBeenCalled();
+    });
+
+    await waitFor(() => {
+      expect(toast.error).toHaveBeenCalledWith(errorMessage);
+    });
+  });
+
+  test("reset password button shows loading state", async () => {
+    vi.mocked(resetPasswordAction).mockImplementation(() => new Promise(() => {})); // Never resolves
+
+    render(
+      <EditProfileDetailsForm
+        user={mockUser}
+        emailVerificationDisabled={false}
+        isPasswordResetEnabled={true}
+      />
+    );
+
+    const resetButton = screen.getByRole("button", { name: "auth.forgot-password.reset_password" });
+    await userEvent.click(resetButton);
+
+    expect(resetButton).toBeDisabled();
+  });
 });

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/EditProfileDetailsForm.tsx

@@ -1,136 +1,278 @@
 "use client";
 
+import { PasswordConfirmationModal } from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/components/password-confirmation-modal";
 import { appLanguages } from "@/lib/i18n/utils";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
+import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { Button } from "@/modules/ui/components/button";
 import {
   DropdownMenu,
   DropdownMenuContent,
-  DropdownMenuItem,
+  DropdownMenuRadioGroup,
+  DropdownMenuRadioItem,
   DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
-import {
-  FormControl,
-  FormError,
-  FormField,
-  FormItem,
-  FormLabel,
-  FormProvider,
-} from "@/modules/ui/components/form";
+import { FormControl, FormError, FormField, FormItem, FormLabel } from "@/modules/ui/components/form";
 import { Input } from "@/modules/ui/components/input";
 import { Label } from "@/modules/ui/components/label";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { useTranslate } from "@tolgee/react";
 import { ChevronDownIcon } from "lucide-react";
-import { SubmitHandler, useForm } from "react-hook-form";
+import { useState } from "react";
+import { FormProvider, SubmitHandler, useForm } from "react-hook-form";
 import toast from "react-hot-toast";
 import { z } from "zod";
-import { TUser, ZUser } from "@formbricks/types/user";
-import { updateUserAction } from "../actions";
+import { TUser, TUserUpdateInput, ZUser, ZUserEmail } from "@formbricks/types/user";
+import { resetPasswordAction, updateUserAction } from "../actions";
 
-const ZEditProfileNameFormSchema = ZUser.pick({ name: true, locale: true });
+// Schema & types
+const ZEditProfileNameFormSchema = ZUser.pick({ name: true, locale: true, email: true }).extend({
+  email: ZUserEmail.transform((val) => val?.trim().toLowerCase()),
+});
 type TEditProfileNameForm = z.infer<typeof ZEditProfileNameFormSchema>;
 
-export const EditProfileDetailsForm = ({ user }: { user: TUser }) => {
+interface IEditProfileDetailsFormProps {
+  user: TUser;
+  isPasswordResetEnabled?: boolean;
+  emailVerificationDisabled: boolean;
+}
+
+export const EditProfileDetailsForm = ({
+  user,
+  isPasswordResetEnabled,
+  emailVerificationDisabled,
+}: IEditProfileDetailsFormProps) => {
+  const { t } = useTranslate();
+
   const form = useForm<TEditProfileNameForm>({
-    defaultValues: { name: user.name, locale: user.locale || "en" },
+    defaultValues: {
+      name: user.name,
+      locale: user.locale,
+      email: user.email,
+    },
     mode: "onChange",
     resolver: zodResolver(ZEditProfileNameFormSchema),
   });
 
   const { isSubmitting, isDirty } = form.formState;
-  const { t } = useTranslate();
+
+  const [isResettingPassword, setIsResettingPassword] = useState(false);
+  const [showModal, setShowModal] = useState(false);
+  const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
+
+  const handleConfirmPassword = async (password: string) => {
+    const values = form.getValues();
+    const dirtyFields = form.formState.dirtyFields;
+
+    const emailChanged = "email" in dirtyFields;
+    const nameChanged = "name" in dirtyFields;
+    const localeChanged = "locale" in dirtyFields;
+
+    const name = values.name.trim();
+    const email = values.email.trim().toLowerCase();
+    const locale = values.locale;
+
+    const data: TUserUpdateInput = {};
+
+    if (emailChanged) {
+      data.email = email;
+      data.password = password;
+    }
+    if (nameChanged) {
+      data.name = name;
+    }
+    if (localeChanged) {
+      data.locale = locale;
+    }
+
+    const updatedUserResult = await updateUserAction(data);
+
+    if (updatedUserResult?.data) {
+      if (!emailVerificationDisabled) {
+        toast.success(t("auth.verification-requested.new_email_verification_success"));
+      } else {
+        toast.success(t("environments.settings.profile.email_change_initiated"));
+        await signOutWithAudit({
+          reason: "email_change",
+          redirectUrl: "/email-change-without-verification-success",
+          redirect: true,
+          callbackUrl: "/email-change-without-verification-success",
+          clearEnvironmentId: true,
+        });
+        return;
+      }
+    } else {
+      const errorMessage = getFormattedErrorMessage(updatedUserResult);
+      toast.error(errorMessage);
+      return;
+    }
+
+    window.location.reload();
+    setShowModal(false);
+  };
 
   const onSubmit: SubmitHandler<TEditProfileNameForm> = async (data) => {
-    try {
-      const name = data.name.trim();
-      const locale = data.locale;
-      await updateUserAction({ name, locale });
-      toast.success(t("environments.settings.profile.profile_updated_successfully"));
-      window.location.reload();
-      form.reset({ name, locale });
-    } catch (error) {
-      toast.error(`${t("common.error")}: ${error.message}`);
+    if (data.email !== user.email) {
+      setShowModal(true);
+    } else {
+      try {
+        await updateUserAction({
+          ...data,
+          name: data.name.trim(),
+        });
+        toast.success(t("environments.settings.profile.profile_updated_successfully"));
+        window.location.reload();
+        form.reset(data);
+      } catch (error: any) {
+        toast.error(`${t("common.error")}: ${error.message}`);
+      }
     }
   };
 
+  const handleResetPassword = async () => {
+    setIsResettingPassword(true);
+
+    const result = await resetPasswordAction();
+    if (result?.data) {
+      toast.success(t("auth.forgot-password.email-sent.heading"));
+
+      await signOutWithAudit({
+        reason: "password_reset",
+        redirectUrl: "/auth/login",
+        redirect: true,
+        callbackUrl: "/auth/login",
+        clearEnvironmentId: true,
+      });
+    } else {
+      const errorMessage = getFormattedErrorMessage(result);
+      toast.error(errorMessage);
+    }
+
+    setIsResettingPassword(false);
+  };
+
   return (
-    <FormProvider {...form}>
-      <form className="w-full max-w-sm items-center" onSubmit={form.handleSubmit(onSubmit)}>
-        <FormField
-          control={form.control}
-          name="name"
-          render={({ field }) => (
-            <FormItem>
-              <FormLabel>{t("common.full_name")}</FormLabel>
-              <FormControl>
-                <Input
-                  {...field}
-                  type="text"
-                  placeholder={t("common.full_name")}
-                  required
-                  isInvalid={!!form.formState.errors.name}
-                />
-              </FormControl>
-              <FormError />
-            </FormItem>
+    <>
+      <FormProvider {...form}>
+        <form className="w-full max-w-sm" onSubmit={form.handleSubmit(onSubmit)}>
+          <FormField
+            control={form.control}
+            name="name"
+            render={({ field }) => (
+              <FormItem>
+                <FormLabel>{t("common.full_name")}</FormLabel>
+                <FormControl>
+                  <Input
+                    {...field}
+                    type="text"
+                    required
+                    placeholder={t("common.full_name")}
+                    isInvalid={!!form.formState.errors.name}
+                  />
+                </FormControl>
+                <FormError />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="email"
+            render={({ field }) => (
+              <FormItem className="mt-4">
+                <FormLabel>{t("common.email")}</FormLabel>
+                <FormControl>
+                  <Input
+                    {...field}
+                    type="email"
+                    required
+                    isInvalid={!!form.formState.errors.email}
+                    disabled={user.identityProvider !== "email"}
+                  />
+                </FormControl>
+                <FormError />
+              </FormItem>
+            )}
+          />
+
+          <FormField
+            control={form.control}
+            name="locale"
+            render={({ field }) => (
+              <FormItem className="mt-4">
+                <FormLabel>{t("common.language")}</FormLabel>
+                <FormControl>
+                  <DropdownMenu>
+                    <DropdownMenuTrigger asChild>
+                      <Button
+                        type="button"
+                        variant="ghost"
+                        className="h-10 w-full border border-slate-300 px-3 text-left">
+                        <div className="flex w-full items-center justify-between">
+                          {appLanguages.find((l) => l.code === field.value)?.label["en-US"] ?? "NA"}
+                          <ChevronDownIcon className="h-4 w-4 text-slate-500" />
+                        </div>
+                      </Button>
+                    </DropdownMenuTrigger>
+                    <DropdownMenuContent
+                      className="min-w-[var(--radix-dropdown-menu-trigger-width)] bg-slate-50 text-slate-700"
+                      align="start">
+                      <DropdownMenuRadioGroup value={field.value} onValueChange={field.onChange}>
+                        {appLanguages.map((lang) => (
+                          <DropdownMenuRadioItem
+                            key={lang.code}
+                            value={lang.code}
+                            className="min-h-8 cursor-pointer">
+                            {lang.label["en-US"]}
+                          </DropdownMenuRadioItem>
+                        ))}
+                      </DropdownMenuRadioGroup>
+                    </DropdownMenuContent>
+                  </DropdownMenu>
+                </FormControl>
+                <FormError />
+              </FormItem>
+            )}
+          />
+
+          {isPasswordResetEnabled && (
+            <div className="mt-4 space-y-2">
+              <Label htmlFor="reset-password">{t("auth.forgot-password.reset_password")}</Label>
+              <p className="mt-1 text-sm text-slate-500">
+                {t("auth.forgot-password.reset_password_description")}
+              </p>
+              <div className="flex items-center justify-between gap-2">
+                <Input type="email" id="reset-password" defaultValue={user.email} disabled />
+                <Button
+                  onClick={handleResetPassword}
+                  loading={isResettingPassword}
+                  disabled={isResettingPassword}
+                  size="default"
+                  variant="secondary">
+                  {t("auth.forgot-password.reset_password")}
+                </Button>
+              </div>
+            </div>
           )}
-        />
 
-        {/* disabled email field */}
-        <div className="mt-4 space-y-2">
-          <Label htmlFor="email">{t("common.email")}</Label>
-          <Input type="email" id="email" defaultValue={user.email} disabled />
-        </div>
+          <Button
+            type="submit"
+            className="mt-4"
+            size="sm"
+            loading={isSubmitting}
+            disabled={isSubmitting || !isDirty}>
+            {t("common.update")}
+          </Button>
+        </form>
+      </FormProvider>
 
-        <FormField
-          control={form.control}
-          name="locale"
-          render={({ field }) => (
-            <FormItem className="mt-4">
-              <FormLabel>{t("common.language")}</FormLabel>
-              <FormControl>
-                <DropdownMenu>
-                  <DropdownMenuTrigger asChild>
-                    <Button
-                      type="button"
-                      className="h-10 w-full border border-slate-300 px-3 text-left"
-                      variant="ghost">
-                      <div className="flex w-full items-center justify-between">
-                        {appLanguages.find((language) => language.code === field.value)?.label[field.value] ||
-                          "NA"}
-                        <ChevronDownIcon className="h-4 w-4 text-slate-500" />
-                      </div>
-                    </Button>
-                  </DropdownMenuTrigger>
-                  <DropdownMenuContent
-                    className="w-40 bg-slate-50 text-slate-700"
-                    align="start"
-                    side="bottom">
-                    {appLanguages.map((language) => (
-                      <DropdownMenuItem
-                        key={language.code}
-                        onClick={() => field.onChange(language.code)}
-                        className="min-h-8 cursor-pointer">
-                        {language.label[field.value]}
-                      </DropdownMenuItem>
-                    ))}
-                  </DropdownMenuContent>
-                </DropdownMenu>
-              </FormControl>
-              <FormError />
-            </FormItem>
-          )}
-        />
-
-        <Button
-          type="submit"
-          className="mt-4"
-          size="sm"
-          loading={isSubmitting}
-          disabled={isSubmitting || !isDirty}>
-          {t("common.update")}
-        </Button>
-      </form>
-    </FormProvider>
+      <PasswordConfirmationModal
+        open={showModal}
+        setOpen={setShowModal}
+        oldEmail={user.email}
+        newEmail={form.getValues("email") || user.email}
+        onConfirm={handleConfirmPassword}
+      />
+    </>
   );
 };

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/password-confirmation-modal.test.tsx

@@ -0,0 +1,141 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen, waitFor } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { PasswordConfirmationModal } from "./password-confirmation-modal";
+
+// Mock the Dialog component
+vi.mock("@/modules/ui/components/dialog", () => ({
+  Dialog: ({ children, open, onOpenChange }: any) =>
+    open ? (
+      <div data-testid="dialog" role="dialog">
+        {children}
+        <button data-testid="dialog-close" onClick={() => onOpenChange(false)}>
+          Close
+        </button>
+      </div>
+    ) : null,
+  DialogContent: ({ children, ...props }: any) => (
+    <div data-testid="dialog-content" {...props}>
+      {children}
+    </div>
+  ),
+  DialogHeader: ({ children }: any) => <div data-testid="dialog-header">{children}</div>,
+  DialogTitle: ({ children }: any) => <h2 data-testid="dialog-title">{children}</h2>,
+  DialogDescription: ({ children }: any) => <p data-testid="dialog-description">{children}</p>,
+  DialogBody: ({ children }: any) => <div data-testid="dialog-body">{children}</div>,
+  DialogFooter: ({ children }: any) => <div data-testid="dialog-footer">{children}</div>,
+}));
+
+// Mock the PasswordInput component
+vi.mock("@/modules/ui/components/password-input", () => ({
+  PasswordInput: ({ onChange, value, placeholder }: any) => (
+    <input
+      type="password"
+      value={value || ""}
+      onChange={(e) => onChange(e.target.value)}
+      placeholder={placeholder}
+      data-testid="password-input"
+    />
+  ),
+}));
+
+// Mock the useTranslate hook
+vi.mock("@tolgee/react", () => ({
+  useTranslate: () => ({
+    t: (key: string) => key,
+  }),
+}));
+
+describe("PasswordConfirmationModal", () => {
+  const defaultProps = {
+    open: true,
+    setOpen: vi.fn(),
+    oldEmail: "old@example.com",
+    newEmail: "new@example.com",
+    onConfirm: vi.fn(),
+  };
+
+  afterEach(() => {
+    cleanup();
+    vi.clearAllMocks();
+  });
+
+  test("renders nothing when open is false", () => {
+    render(<PasswordConfirmationModal {...defaultProps} open={false} />);
+    expect(screen.queryByTestId("dialog")).not.toBeInTheDocument();
+  });
+
+  test("renders dialog content when open is true", () => {
+    render(<PasswordConfirmationModal {...defaultProps} />);
+    expect(screen.getByTestId("dialog")).toBeInTheDocument();
+    expect(screen.getByTestId("dialog-title")).toBeInTheDocument();
+  });
+
+  test("displays old and new email addresses", () => {
+    render(<PasswordConfirmationModal {...defaultProps} />);
+    expect(screen.getByText("old@example.com")).toBeInTheDocument();
+    expect(screen.getByText("new@example.com")).toBeInTheDocument();
+  });
+
+  test("shows password input field", () => {
+    render(<PasswordConfirmationModal {...defaultProps} />);
+    const passwordInput = screen.getByTestId("password-input");
+    expect(passwordInput).toBeInTheDocument();
+    expect(passwordInput).toHaveAttribute("placeholder", "*******");
+  });
+
+  test("disables confirm button when form is not dirty", () => {
+    render(<PasswordConfirmationModal {...defaultProps} />);
+    const confirmButton = screen.getByText("common.confirm");
+    expect(confirmButton).toBeDisabled();
+  });
+
+  test("disables confirm button when old and new emails are the same", () => {
+    render(
+      <PasswordConfirmationModal {...defaultProps} oldEmail="same@example.com" newEmail="same@example.com" />
+    );
+    const confirmButton = screen.getByText("common.confirm");
+    expect(confirmButton).toBeDisabled();
+  });
+
+  test("enables confirm button when password is entered and emails are different", async () => {
+    const user = userEvent.setup();
+    render(<PasswordConfirmationModal {...defaultProps} />);
+
+    const passwordInput = screen.getByTestId("password-input");
+    await user.type(passwordInput, "password123");
+
+    const confirmButton = screen.getByText("common.confirm");
+    expect(confirmButton).not.toBeDisabled();
+  });
+
+  test("shows error message when password is too short", async () => {
+    const user = userEvent.setup();
+    render(<PasswordConfirmationModal {...defaultProps} />);
+
+    const passwordInput = screen.getByTestId("password-input");
+    await user.type(passwordInput, "short");
+
+    const confirmButton = screen.getByText("common.confirm");
+    await user.click(confirmButton);
+
+    expect(screen.getByText("String must contain at least 8 character(s)")).toBeInTheDocument();
+  });
+
+  test("handles cancel button click and resets form", async () => {
+    const user = userEvent.setup();
+    render(<PasswordConfirmationModal {...defaultProps} />);
+
+    const passwordInput = screen.getByTestId("password-input");
+    await user.type(passwordInput, "password123");
+
+    const cancelButton = screen.getByText("common.cancel");
+    await user.click(cancelButton);
+
+    expect(defaultProps.setOpen).toHaveBeenCalledWith(false);
+    await waitFor(() => {
+      expect(passwordInput).toHaveValue("");
+    });
+  });
+});

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/password-confirmation-modal.tsx

@@ -0,0 +1,130 @@
+"use client";
+
+import { Button } from "@/modules/ui/components/button";
+import {
+  Dialog,
+  DialogBody,
+  DialogContent,
+  DialogDescription,
+  DialogFooter,
+  DialogHeader,
+  DialogTitle,
+} from "@/modules/ui/components/dialog";
+import { FormControl, FormError, FormField, FormItem } from "@/modules/ui/components/form";
+import { PasswordInput } from "@/modules/ui/components/password-input";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useTranslate } from "@tolgee/react";
+import { FormProvider, SubmitHandler, useForm } from "react-hook-form";
+import { z } from "zod";
+import { ZUserPassword } from "@formbricks/types/user";
+
+interface PasswordConfirmationModalProps {
+  open: boolean;
+  setOpen: (open: boolean) => void;
+  oldEmail: string;
+  newEmail: string;
+  onConfirm: (password: string) => Promise<void>;
+}
+
+const PasswordConfirmationSchema = z.object({
+  password: ZUserPassword,
+});
+
+type FormValues = z.infer<typeof PasswordConfirmationSchema>;
+
+export const PasswordConfirmationModal = ({
+  open,
+  setOpen,
+  oldEmail,
+  newEmail,
+  onConfirm,
+}: PasswordConfirmationModalProps) => {
+  const { t } = useTranslate();
+
+  const form = useForm<FormValues>({
+    resolver: zodResolver(PasswordConfirmationSchema),
+  });
+  const { isSubmitting, isDirty } = form.formState;
+
+  const onSubmit: SubmitHandler<FormValues> = async (data) => {
+    try {
+      await onConfirm(data.password);
+      form.reset();
+    } catch (error) {
+      form.setError("password", {
+        message: error instanceof Error ? error.message : "Authentication failed",
+      });
+    }
+  };
+  const handleCancel = () => {
+    form.reset();
+    setOpen(false);
+  };
+
+  return (
+    <Dialog open={open} onOpenChange={setOpen}>
+      <DialogContent>
+        <DialogHeader>
+          <DialogTitle>{t("auth.forgot-password.reset.confirm_password")}</DialogTitle>
+          <DialogDescription>{t("auth.email-change.confirm_password_description")}</DialogDescription>
+        </DialogHeader>
+        <FormProvider {...form}>
+          <form onSubmit={form.handleSubmit(onSubmit)} className="space-y-4">
+            <DialogBody>
+              <div className="space-y-4">
+                <div className="flex flex-col gap-2 text-sm sm:flex-row sm:justify-between sm:gap-4">
+                  <p>
+                    <strong>{t("auth.email-change.old_email")}:</strong>
+                    <br /> {oldEmail.toLowerCase()}
+                  </p>
+                  <p>
+                    <strong>{t("auth.email-change.new_email")}:</strong>
+                    <br /> {newEmail.toLowerCase()}
+                  </p>
+                </div>
+
+                <FormField
+                  control={form.control}
+                  name="password"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormItem className="w-full">
+                      <FormControl>
+                        <div>
+                          <PasswordInput
+                            id="password"
+                            autoComplete="current-password"
+                            placeholder="*******"
+                            aria-placeholder="password"
+                            aria-label="password"
+                            aria-required="true"
+                            required
+                            className="focus:border-brand-dark focus:ring-brand-dark block w-full rounded-md border-slate-300 shadow-sm sm:text-sm"
+                            value={field.value}
+                            onChange={(password) => field.onChange(password)}
+                          />
+                          {error?.message && <FormError className="text-left">{error.message}</FormError>}
+                        </div>
+                      </FormControl>
+                    </FormItem>
+                  )}
+                />
+              </div>
+            </DialogBody>
+            <DialogFooter>
+              <Button type="button" variant="secondary" onClick={handleCancel}>
+                {t("common.cancel")}
+              </Button>
+              <Button
+                type="submit"
+                variant="default"
+                loading={isSubmitting}
+                disabled={isSubmitting || !isDirty || oldEmail.toLowerCase() === newEmail.toLowerCase()}>
+                {t("common.confirm")}
+              </Button>
+            </DialogFooter>
+          </form>
+        </FormProvider>
+      </DialogContent>
+    </Dialog>
+  );
+};

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user.test.ts

@@ -0,0 +1,133 @@
+import { verifyPassword as mockVerifyPasswordImported } from "@/modules/auth/lib/utils";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { getIsEmailUnique, verifyUserPassword } from "./user";
+
+vi.mock("@/modules/auth/lib/utils", () => ({
+  verifyPassword: vi.fn(),
+}));
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    user: {
+      findUnique: vi.fn(),
+    },
+  },
+}));
+
+const mockPrismaUserFindUnique = vi.mocked(prisma.user.findUnique);
+const mockVerifyPasswordUtil = vi.mocked(mockVerifyPasswordImported);
+
+describe("User Library Tests", () => {
+  beforeEach(() => {
+    vi.resetAllMocks();
+  });
+
+  describe("verifyUserPassword", () => {
+    const userId = "test-user-id";
+    const password = "test-password";
+
+    test("should return true for correct password", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: "hashed-password",
+        identityProvider: "email",
+      } as any);
+      mockVerifyPasswordUtil.mockResolvedValue(true);
+
+      const result = await verifyUserPassword(userId, password);
+      expect(result).toBe(true);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).toHaveBeenCalledWith(password, "hashed-password");
+    });
+
+    test("should return false for incorrect password", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: "hashed-password",
+        identityProvider: "email",
+      } as any);
+      mockVerifyPasswordUtil.mockResolvedValue(false);
+
+      const result = await verifyUserPassword(userId, password);
+      expect(result).toBe(false);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).toHaveBeenCalledWith(password, "hashed-password");
+    });
+
+    test("should throw ResourceNotFoundError if user not found", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue(null);
+
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(ResourceNotFoundError);
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(`user with ID ${userId} not found`);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
+    });
+
+    test("should throw InvalidInputError if identityProvider is not email", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: "hashed-password",
+        identityProvider: "google", // Not 'email'
+      } as any);
+
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(InvalidInputError);
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow("Password is not set for this user");
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
+    });
+
+    test("should throw InvalidInputError if password is not set for email provider", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: null, // Password not set
+        identityProvider: "email",
+      } as any);
+
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(InvalidInputError);
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow("Password is not set for this user");
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
+    });
+  });
+
+  describe("getIsEmailUnique", () => {
+    const email = "test@example.com";
+
+    test("should return false if user exists", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        id: "some-user-id",
+      } as any);
+
+      const result = await getIsEmailUnique(email);
+      expect(result).toBe(false);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { email },
+        select: { id: true },
+      });
+    });
+
+    test("should return true if user does not exist", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue(null);
+
+      const result = await getIsEmailUnique(email);
+      expect(result).toBe(true);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { email },
+        select: { id: true },
+      });
+    });
+  });
+});

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user.ts

@@ -0,0 +1,52 @@
+import { verifyPassword } from "@/modules/auth/lib/utils";
+import { User } from "@prisma/client";
+import { cache as reactCache } from "react";
+import { prisma } from "@formbricks/database";
+import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+
+export const getUserById = reactCache(
+  async (userId: string): Promise<Pick<User, "password" | "identityProvider">> => {
+    const user = await prisma.user.findUnique({
+      where: {
+        id: userId,
+      },
+      select: {
+        password: true,
+        identityProvider: true,
+      },
+    });
+    if (!user) {
+      throw new ResourceNotFoundError("user", userId);
+    }
+    return user;
+  }
+);
+
+export const verifyUserPassword = async (userId: string, password: string): Promise<boolean> => {
+  const user = await getUserById(userId);
+
+  if (user.identityProvider !== "email" || !user.password) {
+    throw new InvalidInputError("Password is not set for this user");
+  }
+
+  const isCorrectPassword = await verifyPassword(password, user.password);
+
+  if (!isCorrectPassword) {
+    return false;
+  }
+
+  return true;
+};
+
+export const getIsEmailUnique = reactCache(async (email: string): Promise<boolean> => {
+  const user = await prisma.user.findUnique({
+    where: {
+      email: email.toLowerCase(),
+    },
+    select: {
+      id: true,
+    },
+  });
+
+  return !user;
+});

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/page.test.tsx

@@ -12,7 +12,9 @@ import Page from "./page";
 
 // Mock services and utils
 vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: true,
+  IS_FORMBRICKS_CLOUD: 1,
+  PASSWORD_RESET_DISABLED: 1,
+  EMAIL_VERIFICATION_DISABLED: true,
 }));
 vi.mock("@/lib/organization/service", () => ({
   getOrganizationsWhereUserIsSingleOwner: vi.fn(),