chore(deps): bump the npm_and_yarn group across 3 directories with 1 update (#5035)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>

.dockerignore

@@ -1,39 +1,56 @@
 # See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
 
 # dependencies
-# **/node_modules
+**/node_modules
 .pnp
 .pnp.js
 .pnpm-store/
 
 # testing
-coverage
+**/coverage
 
 # next.js
-**/.next
-**/out
+**/.next/
+**/out/
 **/build
 
 # node
-**/dist
+**/dist/
 
 # misc
-.DS_Store
+**/.DS_Store
 *.pem
+Zone.Identifier
 
 # debug
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 
-# turbo
-.turbo
+# local env files
+**/.env
+**/.env.local
+**/.env.development.local
+**/.env.test.local
+**/.env.production.local
+!packages/database/.env
+!apps/web/.env
 
-# nixos stuff
+# build tools
+.turbo
+**/*vite.config.*.timestamp-*
+
+# environment specific
 .direnv
 
-.vscode
-.github
-**/.turbo
+# Playwright
+/test-results/
+/playwright-report/
+/blob-report/
+/playwright/.cache/
 
-.env
+# project specific
+packages/lib/uploads
+apps/web/public/js
+packages/database/migrations
+branch.json

.env.example

@@ -25,6 +25,9 @@ NEXTAUTH_SECRET=
 # You can use: `openssl rand -hex 32` to generate a secure one
 CRON_SECRET=
 
+# Set the minimum log level(debug, info, warn, error, fatal)
+LOG_LEVEL=info
+
 ##############
 #  DATABASE  #
 ##############
@@ -39,6 +42,7 @@ DATABASE_URL='postgresql://postgres:postgres@localhost:5432/formbricks?schema=pu
 # See optional configurations below if you want to disable these features.
 
 MAIL_FROM=noreply@example.com
+MAIL_FROM_NAME=Formbricks
 SMTP_HOST=localhost
 SMTP_PORT=1025
 # Enable SMTP_SECURE_ENABLED for TLS (port 465)
@@ -96,6 +100,9 @@ PASSWORD_RESET_DISABLED=1
 # Organization Invite. Disable the ability for invited users to create an account.
 # INVITE_DISABLED=1
 
+# Docker cron jobs. Disable the supercronic cron jobs in the Docker image (useful for cluster setups).
+# DOCKER_CRON_ENABLED=1
+
 ##########
 # Other  #
 ##########
@@ -130,6 +137,9 @@ AZUREAD_TENANT_ID=
 # OIDC_DISPLAY_NAME=
 # OIDC_SIGNING_ALGORITHM=
 
+# Configure SAML SSO
+# SAML_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/formbricks-saml
+
 # Configure this when you want to ship JS & CSS files from a complete URL instead of the current domain
 # ASSET_PREFIX_URL=
 
@@ -181,11 +191,16 @@ ENTERPRISE_LICENSE_KEY=
 UNSPLASH_ACCESS_KEY=
 
 # The below is used for Next Caching (uses In-Memory from Next Cache if not provided)
-# REDIS_URL=redis://localhost:6379
+# You can also add more configuration to Redis using the redis.conf file in the root directory
+REDIS_URL=redis://localhost:6379
+REDIS_DEFAULT_TTL=86400 # 1 day 
 
 # The below is used for Rate Limiting (uses In-Memory LRU Cache if not provided) (You can use a service like Webdis for this)
 # REDIS_HTTP_URL:
 
+# The below is used for Rate Limiting for management API
+UNKEY_ROOT_KEY=
+
 # Disable custom cache handler if necessary (e.g. if deployed on Vercel)
 # CUSTOM_CACHE_DISABLED=1
 
@@ -195,5 +210,10 @@ UNSPLASH_ACCESS_KEY=
 # AI_AZURE_EMBEDDINGS_DEPLOYMENT_ID=
 # AI_AZURE_LLM_DEPLOYMENT_ID=
 
-# NEXT_PUBLIC_INTERCOM_APP_ID=
-# INTERCOM_SECRET_KEY=
+# INTERCOM_APP_ID=
+# INTERCOM_SECRET_KEY=
+
+# Enable Prometheus metrics
+# PROMETHEUS_ENABLED=
+# PROMETHEUS_EXPORTER_PORT=
+

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,6 +1,7 @@
 name: Bug report
 description: "Found a bug? Please fill out the sections below. \U0001F44D"
 type: bug
+labels: ["bug"]
 body:
   - type: textarea
     id: issue-summary

.github/workflows/apply-issue-labels-to-pr.yml

@@ -5,6 +5,9 @@ on:
     types:
       - opened
 
+permissions:
+  contents: read
+
 jobs:
   label_on_pr:
     runs-on: ubuntu-latest
@@ -15,8 +18,13 @@ jobs:
       pull-requests: write
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Apply labels from linked issue to PR
-        uses: actions/github-script@v5
+        uses: actions/github-script@211cb3fefb35a799baa5156f9321bb774fe56294 # v5.2.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/build-web.yml

@@ -12,7 +12,12 @@ jobs:
     timeout-minutes: 30
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - uses: ./.github/actions/dangerous-git-checkout
 
       - name: Build & Cache Web Binaries

.github/workflows/chromatic.yml

@@ -11,19 +11,24 @@ jobs:
     name: Run Chromatic
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: 20
       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
       - name: Install dependencies
         run: pnpm install --config.platform=linux --config.architecture=x64
       - name: Run Chromatic
-        uses: chromaui/action@latest
+        uses: chromaui/action@c93e0bc3a63aa176e14a75b61a31847cbfdd341c # latest
         with:
           # ⚠️ Make sure to configure a `CHROMATIC_PROJECT_TOKEN` repository secret
           projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}

.github/workflows/cron-surveyStatusUpdate.yml

@@ -18,6 +18,11 @@ jobs:
       CRON_SECRET: ${{ secrets.CRON_SECRET }}
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: cURL request
         if: ${{ env.APP_URL && env.CRON_SECRET }}
         run: |

.github/workflows/cron-weeklySummary.yml

@@ -7,6 +7,9 @@ on:
   schedule:
     # Runs “At 08:00 on Monday.” (see https://crontab.guru)
     - cron: "0 8 * * 1"
+permissions:
+  contents: read
+
 jobs:
   cron-weeklySummary:
     permissions:
@@ -16,6 +19,10 @@ jobs:
       CRON_SECRET: ${{ secrets.CRON_SECRET }}
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481
+        with:
+          egress-policy: audit
       - name: cURL request
         if: ${{ env.APP_URL && env.CRON_SECRET }}
         run: |

.github/workflows/dependency-review.yml

@@ -0,0 +1,27 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

.github/workflows/e2e.yml

@@ -43,16 +43,21 @@ jobs:
           --health-timeout=5s
           --health-retries=5
     steps:
-      - uses: actions/checkout@v3
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - uses: ./.github/actions/dangerous-git-checkout
 
       - name: Setup Node.js 20.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
         with:
           node-version: 20.x
 
       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
 
       - name: Install dependencies
         run: pnpm install --config.platform=linux --config.architecture=x64
@@ -84,7 +89,7 @@ jobs:
 
       - name: Run App
         run: |
-          NODE_ENV=test pnpm start --filter=@formbricks/web &
+          NODE_ENV=test pnpm start --filter=@formbricks/web | tee app.log 2>&1 &
           sleep 10  # Optional: gives some buffer for the app to start
           for attempt in {1..10}; do
             if [ $(curl -o /dev/null -s -w "%{http_code}" http://localhost:3000/health) -eq 200 ]; then
@@ -112,7 +117,7 @@ jobs:
 
       - name: Azure login
         if: env.AZURE_ENABLED == 'true'
-        uses: azure/login@v2
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -130,9 +135,19 @@ jobs:
         run: |
           pnpm test:e2e
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           name: playwright-report
           path: playwright-report/
           retention-days: 30
+
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        if: failure()
+        with:
+          name: app-logs
+          path: app.log
+
+      - name: Output App Logs
+        if: failure()
+        run: cat app.log

.github/workflows/labeler.yml

@@ -4,6 +4,9 @@ on:
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
+permissions:
+  contents: read
+
 jobs:
   labeler:
     name: Pull Request Labeler
@@ -12,7 +15,12 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           # https://github.com/actions/labeler/issues/442#issuecomment-1297359481

.github/workflows/lint.yml

@@ -12,6 +12,11 @@ jobs:
     timeout-minutes: 15
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       - uses: ./.github/actions/dangerous-git-checkout
 

.github/workflows/pr.yml

@@ -50,6 +50,10 @@ jobs:
       checks: write
       statuses: write
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481
+        with:
+          egress-policy: audit
       - name: fail if conditional jobs failed
         if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'skipped') || contains(needs.*.result, 'cancelled')
         run: exit 1

.github/workflows/prepare-release.yml

@@ -1,62 +0,0 @@
-name: Prepare release
-run-name: Prepare release ${{ inputs.next_version }}
-
-on:
-  workflow_dispatch:
-    inputs:
-      next_version:
-        required: true
-        type: string
-        description: "Version name"
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  prepare_release:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
-
-      - uses: ./.github/actions/dangerous-git-checkout
-
-      - name: Configure git
-        run: |
-          git config --local user.email "github-actions@github.com"
-          git config --local user.name "GitHub Actions"
-
-      - name: Setup Node.js 20.x
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
-        with:
-          node-version: 20.x
-
-      - name: Install pnpm
-        uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2
-
-      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
-
-      - name: Bump version
-        run: |
-          cd apps/web
-          pnpm version ${{ inputs.next_version }} --no-workspaces-update
-
-      - name: Commit changes and create a branch
-        run: |
-          branch_name="release-v${{ inputs.next_version }}"
-          git checkout -b "$branch_name"
-          git add .
-          git commit -m "chore: release v${{ inputs.next_version }}"
-          git push origin "$branch_name"
-
-      - name: Create pull request
-        run: |
-          gh pr create \
-            --base main \
-            --head "release-v${{ inputs.next_version }}" \
-            --title "chore: bump version to v${{ inputs.next_version }}" \
-            --body "This PR contains the changes for the v${{ inputs.next_version }} release."
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release-changesets.yml

@@ -26,23 +26,28 @@ jobs:
       TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
       TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout Repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Setup Node.js 18.x
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
         with:
           node-version: 18.x
 
       - name: Install pnpm
-        uses: pnpm/action-setup@v2.2.4
+        uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4
 
       - name: Install Dependencies
         run: pnpm install --config.platform=linux --config.architecture=x64
 
       - name: Create Release Pull Request or Publish to npm
         id: changesets
-        uses: changesets/action@v1
+        uses: changesets/action@c8bada60c408975afd1a20b3db81d6eee6789308 # v1.4.9
         with:
           # This expects you to have a script called release which does a build for your packages and calls changeset publish
           publish: pnpm release

.github/workflows/release-docker-github-experimental.yml

@@ -17,6 +17,9 @@ env:
   TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
   DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -28,23 +31,28 @@ jobs:
       id-token: write
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Set up Depot CLI
-        uses: depot/setup-action@v1
+        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
 
       # Install the cosign tool except on PR
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v3.5.0
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3 # v3.0.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -54,7 +62,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v5 # v5.0.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
@@ -62,7 +70,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: depot/build-push-action@v1
+        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
         with:
           project: tw0fqmsx3c
           token: ${{ secrets.DEPOT_PROJECT_TOKEN }}

.github/workflows/release-docker-github.yml

@@ -20,6 +20,9 @@ env:
   TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
   DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -31,23 +34,40 @@ jobs:
       id-token: write
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+
+      - name: Get Release Tag
+        id: extract_release_tag
+        run: |
+          TAG=${{ github.ref }}
+          TAG=${TAG#refs/tags/v}
+          echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV
+
+      - name: Update package.json version
+        run: |
+          sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${{ env.RELEASE_TAG }}\"/" ./apps/web/package.json
+          cat ./apps/web/package.json | grep version
 
       - name: Set up Depot CLI
-        uses: depot/setup-action@v1
+        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
 
       # Install the cosign tool except on PR
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v3.5.0
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3 # v3.0.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -57,7 +77,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v5 # v5.0.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
@@ -65,7 +85,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: depot/build-push-action@v1
+        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
         with:
           project: tw0fqmsx3c
           token: ${{ secrets.DEPOT_PROJECT_TOKEN }}

.github/workflows/release-docker.yml

@@ -5,6 +5,9 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: read
+
 jobs:
   release-image-on-dockerhub:
     name: Release on Dockerhub
@@ -16,17 +19,13 @@ jobs:
       TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
       DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
     steps:
-      - name: Checkout Repo
-        uses: actions/checkout@v2
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v2
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          egress-policy: audit
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - name: Checkout Repo
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Get Release Tag
         id: extract_release_tag
@@ -35,8 +34,22 @@ jobs:
           TAG=${TAG#refs/tags/v}
           echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV
 
+      - name: Update package.json version
+        run: |
+          sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${{ env.RELEASE_TAG }}\"/" ./apps/web/package.json
+          cat ./apps/web/package.json | grep version
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0
+
       - name: Build and push Docker image
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1
         with:
           context: .
           file: ./apps/web/Dockerfile

.github/workflows/release-helm-chart.yml

@@ -0,0 +1,51 @@
+name: Publish Helm Chart
+
+on:
+  release:
+    types:
+      - published
+
+permissions:
+  contents: read
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Extract release version
+        run: echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+
+      - name: Set up Helm
+        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
+        with:
+          version: latest
+
+      - name: Log in to GitHub Container Registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin
+
+      - name: Install YQ
+        uses: dcarbone/install-yq-action@4075b4dca348d74bd83f2bf82d30f25d7c54539b # v1.3.1
+
+      - name: Update Chart.yaml with new version
+        run: |
+          yq -i ".version = \"${VERSION#v}\"" helm-chart/Chart.yaml
+          yq -i ".appVersion = \"${VERSION}\"" helm-chart/Chart.yaml
+
+      - name: Package Helm chart
+        run: |
+          helm package ./helm-chart
+
+      - name: Push Helm chart to GitHub Container Registry
+        run: |
+          helm push formbricks-${VERSION#v}.tgz oci://ghcr.io/formbricks/helm-charts

.github/workflows/scorecard.yml

@@ -34,6 +34,11 @@ jobs:
       # actions: read
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: "Checkout code"
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
@@ -71,6 +76,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
         with:
           sarif_file: results.sarif

.github/workflows/semantic-pull-requests.yml

@@ -16,7 +16,12 @@ jobs:
     name: PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@v5
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
         id: lint_pr_title
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -35,7 +40,7 @@ jobs:
             revert
             ossgg
 
-      - uses: marocchino/sticky-pull-request-comment@v2
+      - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1
         # When the previous steps fails, the workflow would stop. By adding this
         # condition you can continue the execution with the populated error message.
         if: always() && (steps.lint_pr_title.outputs.error_message != null)
@@ -54,7 +59,7 @@ jobs:
 
       # Delete a previous comment when the issue has been resolved
       - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
-        uses: marocchino/sticky-pull-request-comment@v2
+        uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1
         with:
           header: pr-title-lint-error
           message: |

.github/workflows/sonarqube.yml

@@ -6,6 +6,7 @@ on:
       - main
   pull_request:
     types: [opened, synchronize, reopened]
+  merge_group:
 permissions:
   contents: read
 jobs:
@@ -13,7 +14,12 @@ jobs:
     name: SonarQube
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
@@ -40,11 +46,7 @@ jobs:
 
       - name: Run tests with coverage
         run: |
-          cd apps/web
           pnpm test:coverage
-          cd ../../
-          # The Vitest coverage config is in your vite.config.mts
-
       - name: SonarQube Scan
         uses: SonarSource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203
         env:

.github/workflows/terrafrom-plan-and-apply.yml

@@ -0,0 +1,75 @@
+name: 'Terraform'
+
+on:
+  workflow_dispatch:
+# TODO: enable it back when migration is completed.
+#  push:
+#    branches:
+#      - main
+#  pull_request:
+#    branches:
+#      - main
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+        with:
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
+          aws-region: "eu-central-1"
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check -recursive
+        continue-on-error: true
+        working-directory: infra/terraform
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+        working-directory: infra/terraform
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate
+        working-directory: infra/terraform
+
+      - name: Terraform Plan
+        id: plan
+        run: terraform plan -out .planfile
+        working-directory: infra/terraform
+
+#      - name: Post PR comment
+#        uses: borchero/terraform-plan-comment@3399d8dbae8b05185e815e02361ede2949cd99c4 # v2.4.0
+#        if: always() && github.ref != 'refs/heads/main' && (steps.validate.outcome == 'success' || steps.validate.outcome == 'failure')
+#        with:
+#          token: ${{ github.token }}
+#          planfile: .planfile
+#          working-directory: "infra/terraform"
+#          skip-comment: true
+
+      - name: Terraform Apply
+        id: apply
+#        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform apply .planfile
+        working-directory: "infra/terraform"
+

.github/workflows/test.yml

@@ -1,6 +1,9 @@
 name: Tests
 on:
   workflow_call:
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Unit Tests
@@ -10,16 +13,21 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - uses: ./.github/actions/dangerous-git-checkout
 
       - name: Setup Node.js 20.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
         with:
           node-version: 20.x
 
       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
 
       - name: Install dependencies
         run: pnpm install --config.platform=linux --config.architecture=x64

.github/workflows/tolgee-missing-key-check.yml

@@ -5,18 +5,30 @@ permissions:
 
 on:
   workflow_dispatch:
-  pull_request:
+  pull_request_target:
     types: [opened, synchronize, reopened]
 
 jobs:
   check-missing-translations:
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ github.event.pull_request.base.ref }}
+
+      - name: Checkout PR
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: 18
 

.github/workflows/tolgee.yml

@@ -3,7 +3,8 @@ permissions:
   contents: read
 
 on:
-  push:
+  pull_request_target:
+    types: [closed]
     branches:
       - main
 
@@ -11,13 +12,36 @@ jobs:
   tag-production-keys:
     name: Tag Production Keys
     runs-on: ubuntu-latest
+    if: github.event.pull_request.merged == true
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # This ensures we get the full git history
+
+      - name: Get source branch name
+        id: branch-name
+        run: |
+          RAW_BRANCH="${{ github.head_ref }}"
+          SOURCE_BRANCH=$(echo "$RAW_BRANCH" | sed 's/[^a-zA-Z0-9._\/-]//g')
+
+
+          # Safely add to environment variables using GitHub's recommended method
+          # This prevents environment variable injection attacks
+          echo "SOURCE_BRANCH<<EOF" >> $GITHUB_ENV
+          echo "$SOURCE_BRANCH" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV
+
+          echo "Detected source branch: $SOURCE_BRANCH"
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: 18 # Ensure compatibility with your project
 
@@ -26,17 +50,38 @@ jobs:
 
       - name: Tag Production Keys
         run: |
-          BRANCH_NAME=${GITHUB_REF##*/}
           npx tolgee tag \
             --api-key ${{ secrets.TOLGEE_API_KEY }} \
             --filter-extracted \
-            --filter-tag "draft: ${BRANCH_NAME}" \
+            --filter-tag "draft:${SOURCE_BRANCH}" \
             --tag production \
-            --untag "draft: ${BRANCH_NAME}"
+            --untag "draft:${SOURCE_BRANCH}"
 
-      - name: Tag Deprecated Keys
+      - name: Tag unused production keys as Deprecated
         run: |
           npx tolgee tag \
             --api-key ${{ secrets.TOLGEE_API_KEY }} \
             --filter-not-extracted --filter-tag production \
             --tag deprecated --untag production
+
+      - name: Tag unused draft:current-branch keys as Deprecated
+        run: |
+          npx tolgee tag \
+            --api-key ${{ secrets.TOLGEE_API_KEY }} \
+            --filter-not-extracted --filter-tag "draft:${SOURCE_BRANCH}" \
+            --tag deprecated --untag "draft:${SOURCE_BRANCH}"
+
+      - name: Sync with backup
+        run: |
+          npx tolgee sync \
+            --api-key ${{ secrets.TOLGEE_API_KEY }} \
+            --backup ./tolgee-backup \
+            --continue-on-warning \
+            --yes
+
+      - name: Upload backup as artifact
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        with:
+          name: tolgee-backup-${{ github.sha }}
+          path: ./tolgee-backup
+          retention-days: 90

.github/workflows/welcome-new-contributors.yml

@@ -17,7 +17,12 @@ jobs:
     timeout-minutes: 10
     if: github.event.action == 'opened'
     steps:
-      - uses: actions/first-interaction@v1
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/first-interaction@3c71ce730280171fd1cfb57c00c774f8998586f7 # v1
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           pr-message: |-

.gitignore

@@ -1,25 +1,26 @@
 # See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
 
 # dependencies
-node_modules
+**/node_modules
 .pnp
 .pnp.js
 .pnpm-store/
 
 # testing
-coverage
+**/coverage
 
 # next.js
-.next/
-out/
-build
+**/.next/
+**/out/
+**/build
 
 # node
-dist/
+**/dist/
 
 # misc
-.DS_Store
+**/.DS_Store
 *.pem
+Zone.Identifier
 
 # debug
 npm-debug.log*
@@ -27,36 +28,47 @@ yarn-debug.log*
 yarn-error.log*
 
 # local env files
-.env
-.env.local
-.env.development.local
-.env.test.local
-.env.production.local
+**/.env
+**/.env.local
+**/.env.development.local
+**/.env.test.local
+**/.env.production.local
 !packages/database/.env
 !apps/web/.env
 
-# turbo
+# build tools
 .turbo
+**/*vite.config.*.timestamp-*
 
-# nixos stuff
+# environment specific
 .direnv
 
-Zone.Identifier
-
 # Playwright
 /test-results/
 /playwright-report/
 /blob-report/
 /playwright/.cache/
 
-# uploads
+# project specific
 packages/lib/uploads
-
-# Vite Timestamps
-*vite.config.*.timestamp-*
-
-# js compiled assets
 apps/web/public/js
+packages/database/migrations
+branch.json
+.vercel
 
+# Terraform
+infra/terraform/.terraform/
+**/.terraform.lock.hcl
+**/terraform.tfstate
+**/terraform.tfstate.*
+**/crash.log
+**/override.tf
+**/override.tf.json
+**/*.tfvars
+**/*.tfvars.json
+**/.terraformrc
+**/terraform.rc
 
-packages/database/migrations
+# IntelliJ IDEA
+/.idea/
+/*.iml

.gitpod/init.bash

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-images=($(yq eval '.services.*.image' packages/database/docker-compose.yml))
+images=($(yq eval '.services.*.image' docker-compose.dev.yml))
 
 pull_image() {
   docker pull "$1"

.husky/post-checkout

@@ -1 +1,2 @@
-echo "{\"branchName\": \"$(git rev-parse --abbrev-ref HEAD)\"}" > ../branch.json
+echo "{\"branchName\": \"$(git rev-parse --abbrev-ref HEAD)\"}" > ./branch.json
+prettier --write ./branch.json

.husky/post-commit

@@ -1 +0,0 @@
-echo "{\"branchName\": \"$(git rev-parse --abbrev-ref HEAD)\"}" > ../branch.json

.husky/pre-commit

@@ -1,5 +1,21 @@
-pnpm lint-staged
-pnpm tolgee-pull || true 
-echo "{\"branchName\": \"main\"}" > ../branch.json
-git add branch.json packages/lib/messages/*.json
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
 
+# Load environment variables from .env files
+if [ -f .env ]; then
+  set -a
+  . .env
+  set +a
+fi
+
+pnpm lint-staged
+
+# Run tolgee-pull if branch.json exists and NEXT_PUBLIC_TOLGEE_API_KEY is not set
+if [ -f branch.json ]; then
+  if [ -z "$NEXT_PUBLIC_TOLGEE_API_KEY" ]; then
+    echo "Skipping tolgee-pull: NEXT_PUBLIC_TOLGEE_API_KEY is not set"
+  else
+    pnpm run tolgee-pull
+    git add packages/lib/messages
+  fi
+fi

.tolgeerc.json

@@ -27,6 +27,10 @@
       {
         "language": "zh-Hant-TW",
         "path": "./packages/lib/messages/zh-Hant-TW.json"
+      },
+      {
+        "language": "pt-PT",
+        "path": "./packages/lib/messages/pt-PT.json"
       }
     ],
     "forceMode": "OVERRIDE"

.vscode/extensions.json

@@ -6,6 +6,8 @@
     "dbaeumer.vscode-eslint", // eslint plugin
     "esbenp.prettier-vscode", // prettier plugin
     "Prisma.prisma", // syntax|format|completion for prisma
-    "yzhang.markdown-all-in-one" // nicer markdown support
+    "yzhang.markdown-all-in-one", // nicer markdown support
+    "vitest.explorer", // run tests directly from the code window
+    "sonarsource.sonarlint-vscode" // sonarqube linter for vscode
   ]
 }

LICENSE

@@ -3,7 +3,7 @@ Copyright (c) 2024 Formbricks GmbH
 Portions of this software are licensed as follows:
 
 - All content that resides under the "apps/web/modules/ee" directory of this repository, if these directories exist, is licensed under the license defined in "apps/web/modules/ee/LICENSE".
-- All content that resides under the "packages/js/", "packages/react-native/" and "packages/api/" directories of this repository, if that directories exist, is licensed under the "MIT" license as defined in the "LICENSE" files of these packages.
+- All content that resides under the "packages/js/", "packages/react-native/", "packages/android/", "packages/ios/" and "packages/api/" directories of this repository, if that directories exist, is licensed under the "MIT" license as defined in the "LICENSE" files of these packages.
 - All third party components incorporated into the Formbricks Software are licensed under the original license provided by the owner of the applicable component.
 - Content outside of the above mentioned directories or restrictions above is available under the "AGPLv3" license as defined below.
 

README.md

@@ -13,7 +13,7 @@
 <h3 align="center">Formbricks</h3>
 
 <p align="center">
-Harvest user-insights, build irresistible experiences.
+The Open Source Qualtrics Alternative
 <br />
 <a href="https://formbricks.com/">Website</a>
 </p>

apps/demo/package.json

@@ -13,7 +13,7 @@
   "dependencies": {
     "@formbricks/js": "workspace:*",
     "lucide-react": "0.468.0",
-    "next": "15.1.2",
+    "next": "15.2.3",
     "react": "19.0.0",
     "react-dom": "19.0.0"
   },

apps/demo/pages/index.tsx

@@ -9,6 +9,12 @@ declare const window: Window;
 export default function AppPage(): React.JSX.Element {
   const [darkMode, setDarkMode] = useState(false);
   const router = useRouter();
+  const userId = "THIS-IS-A-VERY-LONG-USER-ID-FOR-TESTING";
+  const userAttributes = {
+    "Attribute 1": "one",
+    "Attribute 2": "two",
+    "Attribute 3": "three",
+  };
 
   useEffect(() => {
     if (darkMode) {
@@ -33,18 +39,9 @@ export default function AppPage(): React.JSX.Element {
       addFormbricksDebugParam();
 
       if (process.env.NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID && process.env.NEXT_PUBLIC_FORMBRICKS_API_HOST) {
-        const userId = "THIS-IS-A-VERY-LONG-USER-ID-FOR-TESTING";
-        const userInitAttributes = {
-          language: "de",
-          "Init Attribute 1": "eight",
-          "Init Attribute 2": "two",
-        };
-
-        void formbricks.init({
+        void formbricks.setup({
           environmentId: process.env.NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID,
-          apiHost: process.env.NEXT_PUBLIC_FORMBRICKS_API_HOST,
-          userId,
-          attributes: userInitAttributes,
+          appUrl: process.env.NEXT_PUBLIC_FORMBRICKS_API_HOST,
         });
       }
 
@@ -126,19 +123,19 @@ export default function AppPage(): React.JSX.Element {
         <div className="md:grid md:grid-cols-3">
           <div className="col-span-3 self-start rounded-lg border border-slate-300 bg-slate-100 p-6 dark:border-slate-600 dark:bg-slate-900">
             <h3 className="text-lg font-semibold dark:text-white">
-              Reset person / pull data from Formbricks app
+              Set a user ID / pull data from Formbricks app
             </h3>
             <p className="text-slate-700 dark:text-slate-300">
-              On formbricks.reset() the local state will <strong>be deleted</strong> and formbricks gets{" "}
-              <strong>reinitialized</strong>.
+              On formbricks.setUserId() the user state will <strong>be fetched from Formbricks</strong> and
+              the local state gets <strong>updated with the user state</strong>.
             </p>
             <button
               className="my-4 rounded-lg bg-slate-500 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600"
               type="button"
               onClick={() => {
-                void formbricks.reset();
+                void formbricks.setUserId(userId);
               }}>
-              Reset
+              Set user ID
             </button>
             <p className="text-xs text-slate-700 dark:text-slate-300">
               If you made a change in Formbricks app and it does not seem to work, hit &apos;Reset&apos; and
@@ -158,7 +155,7 @@ export default function AppPage(): React.JSX.Element {
               <p className="text-xs text-slate-700 dark:text-slate-300">
                 This button sends a{" "}
                 <a
-                  href="https://formbricks.com/docs/actions/no-code"
+                  href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-no-code-actions"
                   rel="noopener noreferrer"
                   className="underline dark:text-blue-500"
                   target="_blank">
@@ -166,7 +163,7 @@ export default function AppPage(): React.JSX.Element {
                 </a>{" "}
                 as long as you created it beforehand in the Formbricks App.{" "}
                 <a
-                  href="https://formbricks.com/docs/actions/no-code"
+                  href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-no-code-actions"
                   rel="noopener noreferrer"
                   target="_blank"
                   className="underline dark:text-blue-500">
@@ -175,6 +172,7 @@ export default function AppPage(): React.JSX.Element {
               </p>
             </div>
           </div>
+
           <div className="p-6">
             <div>
               <button
@@ -190,7 +188,7 @@ export default function AppPage(): React.JSX.Element {
               <p className="text-xs text-slate-700 dark:text-slate-300">
                 This button sets the{" "}
                 <a
-                  href="https://formbricks.com/docs/attributes/custom-attributes"
+                  href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/user-identification#setting-custom-user-attributes"
                   target="_blank"
                   rel="noopener noreferrer"
                   className="underline dark:text-blue-500">
@@ -215,7 +213,7 @@ export default function AppPage(): React.JSX.Element {
               <p className="text-xs text-slate-700 dark:text-slate-300">
                 This button sets the{" "}
                 <a
-                  href="https://formbricks.com/docs/attributes/custom-attributes"
+                  href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/user-identification#setting-custom-user-attributes"
                   target="_blank"
                   rel="noopener noreferrer"
                   className="underline dark:text-blue-500">
@@ -240,7 +238,7 @@ export default function AppPage(): React.JSX.Element {
               <p className="text-xs text-slate-700 dark:text-slate-300">
                 This button sets the{" "}
                 <a
-                  href="https://formbricks.com/docs/attributes/identify-users"
+                  href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/user-identification"
                   target="_blank"
                   rel="noopener noreferrer"
                   className="underline dark:text-blue-500">
@@ -250,6 +248,110 @@ export default function AppPage(): React.JSX.Element {
               </p>
             </div>
           </div>
+
+          <div className="p-6">
+            <div>
+              <button
+                type="button"
+                onClick={() => {
+                  void formbricks.setAttributes(userAttributes);
+                }}
+                className="mb-4 rounded-lg bg-slate-800 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600">
+                Set Multiple Attributes
+              </button>
+            </div>
+            <div>
+              <p className="text-xs text-slate-700 dark:text-slate-300">
+                This button sets the{" "}
+                <a
+                  href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/user-identification#setting-custom-user-attributes"
+                  target="_blank"
+                  rel="noopener noreferrer"
+                  className="underline dark:text-blue-500">
+                  user attributes
+                </a>{" "}
+                to &apos;one&apos;, &apos;two&apos;, &apos;three&apos;.
+              </p>
+            </div>
+          </div>
+
+          <div className="p-6">
+            <div>
+              <button
+                type="button"
+                onClick={() => {
+                  void formbricks.setLanguage("de");
+                }}
+                className="mb-4 rounded-lg bg-slate-800 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600">
+                Set Language to &apos;de&apos;
+              </button>
+            </div>
+            <div>
+              <p className="text-xs text-slate-700 dark:text-slate-300">
+                This button sets the{" "}
+                <a
+                  href="https://formbricks.com/docs/xm-and-surveys/surveys/general-features/multi-language-surveys"
+                  target="_blank"
+                  rel="noopener noreferrer"
+                  className="underline dark:text-blue-500">
+                  language
+                </a>{" "}
+                to &apos;de&apos;.
+              </p>
+            </div>
+          </div>
+
+          <div className="p-6">
+            <div>
+              <button
+                type="button"
+                className="mb-4 rounded-lg bg-slate-800 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600"
+                onClick={() => {
+                  void formbricks.track("code");
+                }}>
+                Code Action
+              </button>
+            </div>
+            <div>
+              <p className="text-xs text-slate-700 dark:text-slate-300">
+                This button sends a{" "}
+                <a
+                  href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-code-actions"
+                  rel="noopener noreferrer"
+                  className="underline dark:text-blue-500"
+                  target="_blank">
+                  Code Action
+                </a>{" "}
+                as long as you created it beforehand in the Formbricks App.{" "}
+                <a
+                  href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-code-actions"
+                  rel="noopener noreferrer"
+                  target="_blank"
+                  className="underline dark:text-blue-500">
+                  Here are instructions on how to do it.
+                </a>
+              </p>
+            </div>
+          </div>
+
+          <div className="p-6">
+            <div>
+              <button
+                type="button"
+                className="mb-4 rounded-lg bg-slate-800 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600"
+                onClick={() => {
+                  void formbricks.logout();
+                }}>
+                Logout
+              </button>
+            </div>
+            <div>
+              <p className="text-xs text-slate-700 dark:text-slate-300">
+                This button logs out the user and syncs the local state with Formbricks. (Only works if a
+                userId is set)
+              </p>
+            </div>
+          </div>
         </div>
       </div>
     </div>

apps/storybook/package.json

@@ -30,7 +30,7 @@
     "@typescript-eslint/eslint-plugin": "8.18.0",
     "@typescript-eslint/parser": "8.18.0",
     "@vitejs/plugin-react": "4.3.4",
-    "esbuild": "0.25.0",
+    "esbuild": "0.25.1",
     "eslint-plugin-storybook": "0.11.1",
     "prop-types": "15.8.1",
     "storybook": "8.4.7",

apps/web/.gitignore

@@ -48,3 +48,6 @@ uploads/
 
 # Sentry Config File
 .sentryclirc
+
+# SAML Preloaded Connections
+saml-connection/

apps/web/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:22-alpine3.20 AS base
+FROM node:22-alpine3.20@sha256:40be979442621049f40b1d51a26b55e281246b5de4e5f51a18da7beb6e17e3f9 AS base
 
 #
 ## step 1: Prune monorepo
@@ -33,6 +33,9 @@ ENV CRON_SECRET="placeholder_for_cron_secret_of_64_chars_get_overwritten_at_runt
 ARG NEXT_PUBLIC_SENTRY_DSN
 ARG SENTRY_AUTH_TOKEN
 
+# Increase Node.js memory limit
+# ENV NODE_OPTIONS="--max_old_space_size=4096"
+
 # Set the working directory
 WORKDIR /app
 
@@ -41,19 +44,17 @@ WORKDIR /app
 # COPY --from=builder /app/out/json/ .
 # COPY --from=builder /app/out/pnpm-lock.yaml ./pnpm-lock.yaml
 
-# Install the dependencies
-# RUN pnpm install
-
 # Prepare the build
 COPY . .
+
 # Create a .env file
 RUN touch apps/web/.env
 
+# Install the dependencies
 RUN pnpm install
 
 # Build the project
-# RUN pnpm post-install --filter=@formbricks/web...
-RUN pnpm build --filter=@formbricks/web...
+RUN NODE_OPTIONS="--max_old_space_size=4096" pnpm build --filter=@formbricks/web...
 
 # Extract Prisma version
 RUN jq -r '.devDependencies.prisma' packages/database/package.json > /prisma_version.txt
@@ -76,6 +77,7 @@ WORKDIR /home/nextjs
 COPY --from=installer /app/apps/web/next.config.mjs .
 COPY --from=installer /app/apps/web/package.json .
 # Leverage output traces to reduce image size
+
 COPY --from=installer --chown=nextjs:nextjs /app/apps/web/.next/standalone ./
 COPY --from=installer --chown=nextjs:nextjs /app/apps/web/.next/static ./apps/web/.next/static
 COPY --from=installer --chown=nextjs:nextjs /app/apps/web/public ./apps/web/public
@@ -83,6 +85,8 @@ COPY --from=installer --chown=nextjs:nextjs /app/packages/database/schema.prisma
 COPY --from=installer --chown=nextjs:nextjs /app/packages/database/package.json ./packages/database/package.json
 COPY --from=installer --chown=nextjs:nextjs /app/packages/database/migration ./packages/database/migration
 COPY --from=installer --chown=nextjs:nextjs /app/packages/database/src ./packages/database/src
+COPY --from=installer --chown=nextjs:nextjs /app/packages/database/node_modules ./packages/database/node_modules
+COPY --from=installer --chown=nextjs:nextjs /app/packages/logger/dist ./packages/database/node_modules/@formbricks/logger/dist
 
 # Copy Prisma-specific generated files
 COPY --from=installer --chown=nextjs:nextjs /app/node_modules/@prisma/client ./node_modules/@prisma/client
@@ -91,20 +95,32 @@ COPY --from=installer --chown=nextjs:nextjs /app/node_modules/.prisma ./node_mod
 COPY --from=installer --chown=nextjs:nextjs /prisma_version.txt .
 COPY /docker/cronjobs /app/docker/cronjobs
 
-# Copy only @paralleldrive/cuid2 and @noble/hashes
+# Copy required dependencies
 COPY --from=installer /app/node_modules/@paralleldrive/cuid2 ./node_modules/@paralleldrive/cuid2
 COPY --from=installer /app/node_modules/@noble/hashes ./node_modules/@noble/hashes
+COPY --from=installer /app/node_modules/zod ./node_modules/zod
 
-RUN npm install -g tsx typescript prisma
+RUN npm install -g tsx typescript prisma pino-pretty
 
 EXPOSE 3000
 ENV HOSTNAME "0.0.0.0"
+ENV NODE_ENV="production"
 # USER nextjs
 
 # Prepare volume for uploads
 RUN mkdir -p /home/nextjs/apps/web/uploads/
 VOLUME /home/nextjs/apps/web/uploads/
 
-CMD supercronic -quiet /app/docker/cronjobs & \
+# Prepare volume for SAML preloaded connection
+RUN mkdir -p /home/nextjs/apps/web/saml-connection
+VOLUME /home/nextjs/apps/web/saml-connection
+
+CMD if [ "${DOCKER_CRON_ENABLED:-1}" = "1" ]; then \
+      echo "Starting cron jobs..."; \
+      supercronic -quiet /app/docker/cronjobs & \
+    else \
+      echo "Docker cron jobs are disabled via DOCKER_CRON_ENABLED=0"; \
+    fi; \
     (cd packages/database && npm run db:migrate:deploy) && \
-    exec node apps/web/server.js
+    (cd packages/database && npm run db:create-saml-database:deploy) && \
+    exec node apps/web/server.js

apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.tsx

@@ -34,10 +34,9 @@ export const OnboardingSetupInstructions = ({
   const htmlSnippetForAppSurveys = `<!-- START Formbricks Surveys -->
   <script type="text/javascript">
   !function(){
-      var apiHost = "${webAppUrl}";
+      var appUrl = "${webAppUrl}";
       var environmentId = "${environmentId}";
-      var userId = "testUser";
-      var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=apiHost+"/js/formbricks.umd.cjs";var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e),setTimeout(function(){window.formbricks.init({environmentId: environmentId, apiHost: apiHost, userId: userId})},500)}();
+      var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=appUrl+"/js/formbricks.umd.cjs";var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e),setTimeout(function(){window.formbricks.setup({environmentId: environmentId, appUrl: appUrl})},500)}();
   </script>
   <!-- END Formbricks Surveys -->
   `;
@@ -45,9 +44,9 @@ export const OnboardingSetupInstructions = ({
   const htmlSnippetForWebsiteSurveys = `<!-- START Formbricks Surveys -->
   <script type="text/javascript">
   !function(){
-    var apiHost = "${webAppUrl}";
+    var appUrl = "${webAppUrl}";
     var environmentId = "${environmentId}";
-      var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=apiHost+"/js/formbricks.umd.cjs";var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e),setTimeout(function(){window.formbricks.init({environmentId: environmentId, apiHost: apiHost})},500)}();
+      var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=appUrl+"/js/formbricks.umd.cjs";var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e),setTimeout(function(){window.formbricks.setup({environmentId: environmentId, appUrl: appUrl })},500)}();
   </script>
   <!-- END Formbricks Surveys -->
   `;
@@ -56,10 +55,9 @@ export const OnboardingSetupInstructions = ({
   import formbricks from "@formbricks/js";
   
   if (typeof window !== "undefined") {
-    formbricks.init({
+    formbricks.setup({
       environmentId: "${environmentId}",
-      apiHost: "${webAppUrl}",
-      userId: "testUser",
+      appUrl: "${webAppUrl}",
     });
   }
   
@@ -75,9 +73,9 @@ export const OnboardingSetupInstructions = ({
   import formbricks from "@formbricks/js";
   
   if (typeof window !== "undefined") {
-    formbricks.init({
+    formbricks.setup({
       environmentId: "${environmentId}",
-      apiHost: "${webAppUrl}",
+      appUrl: "${webAppUrl}",
     });
   }
   

apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates.ts

@@ -1,13 +1,10 @@
 import { getDefaultEndingCard } from "@/app/lib/templates";
 import { createId } from "@paralleldrive/cuid2";
 import { TFnType } from "@tolgee/react";
+import { logger } from "@formbricks/logger";
 import { TSurveyQuestionTypeEnum } from "@formbricks/types/surveys/types";
 import { TXMTemplate } from "@formbricks/types/templates";
 
-function logError(error: Error, context: string) {
-  console.error(`Error in ${context}:`, error);
-}
-
 export const getXMSurveyDefault = (t: TFnType): TXMTemplate => {
   try {
     return {
@@ -19,7 +16,7 @@ export const getXMSurveyDefault = (t: TFnType): TXMTemplate => {
       },
     };
   } catch (error) {
-    logError(error, "getXMSurveyDefault");
+    logger.error(error, "Failed to create default XM survey template");
     throw error; // Re-throw after logging
   }
 };
@@ -449,7 +446,7 @@ export const getXMTemplates = (t: TFnType): TXMTemplate[] => {
       enpsSurvey(t),
     ];
   } catch (error) {
-    logError(error, "getXMTemplates");
+    logger.error(error, "Unable to load XM templates, returning empty array");
     return []; // Return an empty array or handle as needed
   }
 };

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings.tsx

@@ -231,6 +231,7 @@ export const ProjectSettings = ({
         <p className="text-sm text-slate-400">{t("common.preview")}</p>
         <div className="z-0 h-3/4 w-3/4">
           <SurveyInline
+            isPreviewMode={true}
             survey={previewSurvey(projectName || "my Product", t)}
             styling={{ brandColor: { light: brandColor } }}
             isBrandingEnabled={false}

apps/web/app/(app)/components/FormbricksClient.tsx

@@ -12,12 +12,12 @@ export const FormbricksClient = ({ userId, email }: { userId: string; email: str
 
   useEffect(() => {
     if (formbricksEnabled && userId) {
-      formbricks.init({
+      formbricks.setup({
         environmentId: env.NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID || "",
-        apiHost: env.NEXT_PUBLIC_FORMBRICKS_API_HOST || "",
-        userId,
+        appUrl: env.NEXT_PUBLIC_FORMBRICKS_API_HOST || "",
       });
 
+      formbricks.setUserId(userId);
       formbricks.setEmail(email);
     }
   }, [userId, email]);

apps/web/app/(app)/environments/[environmentId]/actions/page.tsx

@@ -2,21 +2,14 @@ import { ActionClassesTable } from "@/app/(app)/environments/[environmentId]/act
 import { ActionClassDataRow } from "@/app/(app)/environments/[environmentId]/actions/components/ActionRowData";
 import { ActionTableHeading } from "@/app/(app)/environments/[environmentId]/actions/components/ActionTableHeading";
 import { AddActionModal } from "@/app/(app)/environments/[environmentId]/actions/components/AddActionModal";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
-import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
+import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getTranslate } from "@/tolgee/server";
 import { Metadata } from "next";
-import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { getActionClasses } from "@formbricks/lib/actionClass/service";
 import { getEnvironments } from "@formbricks/lib/environment/service";
-import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
-import { getAccessFlags } from "@formbricks/lib/membership/utils";
-import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
-import { getProjectByEnvironmentId } from "@formbricks/lib/project/service";
 import { findMatchingLocale } from "@formbricks/lib/utils/locale";
 
 export const metadata: Metadata = {
@@ -25,51 +18,24 @@ export const metadata: Metadata = {
 
 const Page = async (props) => {
   const params = await props.params;
-  const session = await getServerSession(authOptions);
+
+  const { isReadOnly, project, isBilling, environment } = await getEnvironmentAuth(params.environmentId);
+
   const t = await getTranslate();
-  const [actionClasses, organization, project] = await Promise.all([
-    getActionClasses(params.environmentId),
-    getOrganizationByEnvironmentId(params.environmentId),
-    getProjectByEnvironmentId(params.environmentId),
-  ]);
+
+  const [actionClasses] = await Promise.all([getActionClasses(params.environmentId)]);
+
   const locale = await findMatchingLocale();
-
-  if (!session) {
-    throw new Error(t("common.session_not_found"));
-  }
-
-  if (!organization) {
-    throw new Error(t("common.organization_not_found"));
-  }
-
-  if (!project) {
-    throw new Error(t("common.project_not_found"));
-  }
-
   const environments = await getEnvironments(project.id);
-  const currentEnvironment = environments.find((env) => env.id === params.environmentId);
-
-  if (!currentEnvironment) {
-    throw new Error(t("common.environment_not_found"));
-  }
 
   const otherEnvironment = environments.filter((env) => env.id !== params.environmentId)[0];
 
   const otherEnvActionClasses = await getActionClasses(otherEnvironment.id);
 
-  const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organization.id);
-  const { isMember, isBilling } = getAccessFlags(currentUserMembership?.role);
-
-  const projectPermission = await getProjectPermissionByUserId(session?.user.id, project.id);
-
-  const { hasReadAccess } = getTeamPermissionFlags(projectPermission);
-
   if (isBilling) {
     return redirect(`/environments/${params.environmentId}/settings/billing`);
   }
 
-  const isReadOnly = isMember && hasReadAccess;
-
   const renderAddActionButton = () => (
     <AddActionModal
       environmentId={params.environmentId}
@@ -82,7 +48,7 @@ const Page = async (props) => {
     <PageContentWrapper>
       <PageHeader pageTitle={t("common.actions")} cta={!isReadOnly ? renderAddActionButton() : undefined} />
       <ActionClassesTable
-        environment={currentEnvironment}
+        environment={environment}
         otherEnvironment={otherEnvironment}
         otherEnvActionClasses={otherEnvActionClasses}
         environmentId={params.environmentId}

apps/web/app/(app)/environments/[environmentId]/integrations/airtable/lib/airtable.ts

@@ -1,3 +1,4 @@
+import { logger } from "@formbricks/logger";
 import { TIntegrationAirtableTables } from "@formbricks/types/integration/airtable";
 
 export const fetchTables = async (environmentId: string, baseId: string) => {
@@ -17,7 +18,8 @@ export const authorize = async (environmentId: string, apiHost: string): Promise
   });
 
   if (!res.ok) {
-    console.error(res.text);
+    const errorText = await res.text();
+    logger.error({ errorText }, "authorize: Could not fetch airtable config");
     throw new Error("Could not create response");
   }
   const resJSON = await res.json();

apps/web/app/(app)/environments/[environmentId]/integrations/airtable/page.tsx

@@ -1,21 +1,14 @@
 import { AirtableWrapper } from "@/app/(app)/environments/[environmentId]/integrations/airtable/components/AirtableWrapper";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
-import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
+import { getSurveys } from "@/app/(app)/environments/[environmentId]/integrations/lib/surveys";
+import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { GoBackButton } from "@/modules/ui/components/go-back-button";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getTranslate } from "@/tolgee/server";
-import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { getAirtableTables } from "@formbricks/lib/airtable/service";
 import { AIRTABLE_CLIENT_ID, WEBAPP_URL } from "@formbricks/lib/constants";
-import { getEnvironment } from "@formbricks/lib/environment/service";
 import { getIntegrations } from "@formbricks/lib/integration/service";
-import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
-import { getAccessFlags } from "@formbricks/lib/membership/utils";
-import { getProjectByEnvironmentId } from "@formbricks/lib/project/service";
-import { getSurveys } from "@formbricks/lib/survey/service";
 import { findMatchingLocale } from "@formbricks/lib/utils/locale";
 import { TIntegrationItem } from "@formbricks/types/integration";
 import { TIntegrationAirtable } from "@formbricks/types/integration/airtable";
@@ -24,48 +17,25 @@ const Page = async (props) => {
   const params = await props.params;
   const t = await getTranslate();
   const isEnabled = !!AIRTABLE_CLIENT_ID;
-  const [session, surveys, integrations, environment] = await Promise.all([
-    getServerSession(authOptions),
+
+  const { isReadOnly, environment } = await getEnvironmentAuth(params.environmentId);
+
+  const [surveys, integrations] = await Promise.all([
     getSurveys(params.environmentId),
     getIntegrations(params.environmentId),
-    getEnvironment(params.environmentId),
   ]);
 
-  if (!session) {
-    throw new Error(t("common.session_not_found"));
-  }
-
-  if (!environment) {
-    throw new Error(t("common.environment_not_found"));
-  }
-  const project = await getProjectByEnvironmentId(params.environmentId);
-  if (!project) {
-    throw new Error(t("common.project_not_found"));
-  }
-
   const airtableIntegration: TIntegrationAirtable | undefined = integrations?.find(
     (integration): integration is TIntegrationAirtable => integration.type === "airtable"
   );
 
   let airtableArray: TIntegrationItem[] = [];
-  if (airtableIntegration && airtableIntegration.config.key) {
+  if (airtableIntegration?.config.key) {
     airtableArray = await getAirtableTables(params.environmentId);
   }
 
   const locale = await findMatchingLocale();
 
-  const currentUserMembership = await getMembershipByUserIdOrganizationId(
-    session?.user.id,
-    project.organizationId
-  );
-  const { isMember } = getAccessFlags(currentUserMembership?.role);
-
-  const projectPermission = await getProjectPermissionByUserId(session?.user.id, environment?.projectId);
-
-  const { hasReadAccess } = getTeamPermissionFlags(projectPermission);
-
-  const isReadOnly = isMember && hasReadAccess;
-
   if (isReadOnly) {
     redirect("./");
   }

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/actions.ts

@@ -1,25 +1,41 @@
 "use server";
 
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getServerSession } from "next-auth";
-import { hasUserEnvironmentAccess } from "@formbricks/lib/environment/auth";
+import { authenticatedActionClient } from "@/lib/utils/action-client";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
+import { z } from "zod";
 import { getSpreadsheetNameById } from "@formbricks/lib/googleSheet/service";
-import { AuthorizationError } from "@formbricks/types/errors";
-import { TIntegrationGoogleSheets } from "@formbricks/types/integration/google-sheet";
+import { ZIntegrationGoogleSheets } from "@formbricks/types/integration/google-sheet";
 
-export async function getSpreadsheetNameByIdAction(
-  googleSheetIntegration: TIntegrationGoogleSheets,
-  environmentId: string,
-  spreadsheetId: string
-) {
-  const session = await getServerSession(authOptions);
-  if (!session) throw new AuthorizationError("Not authorized");
+const ZGetSpreadsheetNameByIdAction = z.object({
+  googleSheetIntegration: ZIntegrationGoogleSheets,
+  environmentId: z.string(),
+  spreadsheetId: z.string(),
+});
 
-  const isAuthorized = await hasUserEnvironmentAccess(session.user.id, environmentId);
-  if (!isAuthorized) throw new AuthorizationError("Not authorized");
-  const integrationData = structuredClone(googleSheetIntegration);
-  integrationData.config.data.forEach((data) => {
-    data.createdAt = new Date(data.createdAt);
+export const getSpreadsheetNameByIdAction = authenticatedActionClient
+  .schema(ZGetSpreadsheetNameByIdAction)
+  .action(async ({ ctx, parsedInput }) => {
+    await checkAuthorizationUpdated({
+      userId: ctx.user.id,
+      organizationId: await getOrganizationIdFromEnvironmentId(parsedInput.environmentId),
+      access: [
+        {
+          type: "organization",
+          roles: ["owner", "manager"],
+        },
+        {
+          type: "projectTeam",
+          projectId: await getProjectIdFromEnvironmentId(parsedInput.environmentId),
+          minPermission: "readWrite",
+        },
+      ],
+    });
+
+    const integrationData = structuredClone(parsedInput.googleSheetIntegration);
+    integrationData.config.data.forEach((data) => {
+      data.createdAt = new Date(data.createdAt);
+    });
+
+    return await getSpreadsheetNameById(integrationData, parsedInput.spreadsheetId);
   });
-  return await getSpreadsheetNameById(integrationData, spreadsheetId);
-}

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/components/AddIntegrationModal.tsx

@@ -8,6 +8,7 @@ import {
   isValidGoogleSheetsUrl,
 } from "@/app/(app)/environments/[environmentId]/integrations/google-sheets/lib/util";
 import GoogleSheetLogo from "@/images/googleSheetsLogo.png";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { AdditionalIntegrationSettings } from "@/modules/ui/components/additional-integration-settings";
 import { Button } from "@/modules/ui/components/button";
 import { Checkbox } from "@/modules/ui/components/checkbox";
@@ -115,11 +116,18 @@ export const AddIntegrationModal = ({
         throw new Error(t("environments.integrations.select_at_least_one_question_error"));
       }
       const spreadsheetId = extractSpreadsheetIdFromUrl(spreadsheetUrl);
-      const spreadsheetName = await getSpreadsheetNameByIdAction(
+      const spreadsheetNameResponse = await getSpreadsheetNameByIdAction({
         googleSheetIntegration,
         environmentId,
-        spreadsheetId
-      );
+        spreadsheetId,
+      });
+
+      if (!spreadsheetNameResponse?.data) {
+        const errorMessage = getFormattedErrorMessage(spreadsheetNameResponse);
+        throw new Error(errorMessage);
+      }
+
+      const spreadsheetName = spreadsheetNameResponse.data;
 
       setIsLinkingSheet(true);
       integrationData.spreadsheetId = spreadsheetId;

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/lib/google.ts

@@ -1,3 +1,5 @@
+import { logger } from "@formbricks/logger";
+
 export const authorize = async (environmentId: string, apiHost: string): Promise<string> => {
   const res = await fetch(`${apiHost}/api/google-sheet`, {
     method: "GET",
@@ -5,7 +7,8 @@ export const authorize = async (environmentId: string, apiHost: string): Promise
   });
 
   if (!res.ok) {
-    console.error(res.text);
+    const errorText = await res.text();
+    logger.error({ errorText }, "authorize: Could not fetch google sheet config");
     throw new Error("Could not create response");
   }
   const resJSON = await res.json();

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/page.tsx

@@ -1,12 +1,10 @@
 import { GoogleSheetWrapper } from "@/app/(app)/environments/[environmentId]/integrations/google-sheets/components/GoogleSheetWrapper";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
-import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
+import { getSurveys } from "@/app/(app)/environments/[environmentId]/integrations/lib/surveys";
+import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { GoBackButton } from "@/modules/ui/components/go-back-button";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getTranslate } from "@/tolgee/server";
-import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import {
   GOOGLE_SHEETS_CLIENT_ID,
@@ -14,12 +12,7 @@ import {
   GOOGLE_SHEETS_REDIRECT_URL,
   WEBAPP_URL,
 } from "@formbricks/lib/constants";
-import { getEnvironment } from "@formbricks/lib/environment/service";
 import { getIntegrations } from "@formbricks/lib/integration/service";
-import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
-import { getAccessFlags } from "@formbricks/lib/membership/utils";
-import { getProjectByEnvironmentId } from "@formbricks/lib/project/service";
-import { getSurveys } from "@formbricks/lib/survey/service";
 import { findMatchingLocale } from "@formbricks/lib/utils/locale";
 import { TIntegrationGoogleSheets } from "@formbricks/types/integration/google-sheet";
 
@@ -27,43 +20,20 @@ const Page = async (props) => {
   const params = await props.params;
   const t = await getTranslate();
   const isEnabled = !!(GOOGLE_SHEETS_CLIENT_ID && GOOGLE_SHEETS_CLIENT_SECRET && GOOGLE_SHEETS_REDIRECT_URL);
-  const [session, surveys, integrations, environment] = await Promise.all([
-    getServerSession(authOptions),
+
+  const { isReadOnly, environment } = await getEnvironmentAuth(params.environmentId);
+
+  const [surveys, integrations] = await Promise.all([
     getSurveys(params.environmentId),
     getIntegrations(params.environmentId),
-    getEnvironment(params.environmentId),
   ]);
 
-  if (!session) {
-    throw new Error(t("common.session_not_found"));
-  }
-
-  if (!environment) {
-    throw new Error(t("common.environment_not_found"));
-  }
-  const project = await getProjectByEnvironmentId(params.environmentId);
-  if (!project) {
-    throw new Error(t("common.project_not_found"));
-  }
-
   const googleSheetIntegration: TIntegrationGoogleSheets | undefined = integrations?.find(
     (integration): integration is TIntegrationGoogleSheets => integration.type === "googleSheets"
   );
 
   const locale = await findMatchingLocale();
 
-  const currentUserMembership = await getMembershipByUserIdOrganizationId(
-    session?.user.id,
-    project.organizationId
-  );
-  const { isMember } = getAccessFlags(currentUserMembership?.role);
-
-  const projectPermission = await getProjectPermissionByUserId(session?.user.id, environment?.projectId);
-
-  const { hasReadAccess } = getTeamPermissionFlags(projectPermission);
-
-  const isReadOnly = isMember && hasReadAccess;
-
   if (isReadOnly) {
     redirect("./");
   }

apps/web/app/(app)/environments/[environmentId]/integrations/lib/surveys.ts

@@ -0,0 +1,49 @@
+import "server-only";
+import { Prisma } from "@prisma/client";
+import { cache as reactCache } from "react";
+import { prisma } from "@formbricks/database";
+import { cache } from "@formbricks/lib/cache";
+import { surveyCache } from "@formbricks/lib/survey/cache";
+import { selectSurvey } from "@formbricks/lib/survey/service";
+import { transformPrismaSurvey } from "@formbricks/lib/survey/utils";
+import { validateInputs } from "@formbricks/lib/utils/validate";
+import { logger } from "@formbricks/logger";
+import { ZId } from "@formbricks/types/common";
+import { DatabaseError } from "@formbricks/types/errors";
+import { TSurvey } from "@formbricks/types/surveys/types";
+
+export const getSurveys = reactCache(
+  async (environmentId: string): Promise<TSurvey[]> =>
+    cache(
+      async () => {
+        validateInputs([environmentId, ZId]);
+
+        try {
+          const surveysPrisma = await prisma.survey.findMany({
+            where: {
+              environmentId,
+              status: {
+                not: "completed",
+              },
+            },
+            select: selectSurvey,
+            orderBy: {
+              updatedAt: "desc",
+            },
+          });
+
+          return surveysPrisma.map((surveyPrisma) => transformPrismaSurvey<TSurvey>(surveyPrisma));
+        } catch (error) {
+          if (error instanceof Prisma.PrismaClientKnownRequestError) {
+            logger.error({ error }, "getSurveys: Could not fetch surveys");
+            throw new DatabaseError(error.message);
+          }
+          throw error;
+        }
+      },
+      [`getSurveys-${environmentId}`],
+      {
+        tags: [surveyCache.tag.byEnvironmentId(environmentId)],
+      }
+    )()
+);

apps/web/app/(app)/environments/[environmentId]/integrations/notion/components/AddIntegrationModal.tsx

@@ -7,6 +7,7 @@ import {
   UNSUPPORTED_TYPES_BY_NOTION,
 } from "@/app/(app)/environments/[environmentId]/integrations/notion/constants";
 import NotionLogo from "@/images/notion.png";
+import { getQuestionTypes } from "@/modules/survey/lib/questions";
 import { Button } from "@/modules/ui/components/button";
 import { DropdownSelector } from "@/modules/ui/components/dropdown-selector";
 import { Label } from "@/modules/ui/components/label";
@@ -19,7 +20,6 @@ import { useForm } from "react-hook-form";
 import toast from "react-hot-toast";
 import { getLocalizedValue } from "@formbricks/lib/i18n/utils";
 import { structuredClone } from "@formbricks/lib/pollyfills/structuredClone";
-import { getQuestionTypes } from "@formbricks/lib/utils/questions";
 import { replaceHeadlineRecall } from "@formbricks/lib/utils/recall";
 import { TIntegrationInput } from "@formbricks/types/integration";
 import {

apps/web/app/(app)/environments/[environmentId]/integrations/notion/lib/notion.ts

@@ -1,3 +1,5 @@
+import { logger } from "@formbricks/logger";
+
 export const authorize = async (environmentId: string, apiHost: string): Promise<string> => {
   const res = await fetch(`${apiHost}/api/v1/integrations/notion`, {
     method: "GET",
@@ -5,7 +7,8 @@ export const authorize = async (environmentId: string, apiHost: string): Promise
   });
 
   if (!res.ok) {
-    console.error(res.text);
+    const errorText = await res.text();
+    logger.error({ errorText }, "authorize: Could not fetch notion config");
     throw new Error("Could not create response");
   }
   const resJSON = await res.json();

apps/web/app/(app)/environments/[environmentId]/integrations/notion/page.tsx

@@ -1,12 +1,10 @@
+import { getSurveys } from "@/app/(app)/environments/[environmentId]/integrations/lib/surveys";
 import { NotionWrapper } from "@/app/(app)/environments/[environmentId]/integrations/notion/components/NotionWrapper";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
-import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
+import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { GoBackButton } from "@/modules/ui/components/go-back-button";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getTranslate } from "@/tolgee/server";
-import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import {
   NOTION_AUTH_URL,
@@ -15,13 +13,8 @@ import {
   NOTION_REDIRECT_URI,
   WEBAPP_URL,
 } from "@formbricks/lib/constants";
-import { getEnvironment } from "@formbricks/lib/environment/service";
 import { getIntegrationByType } from "@formbricks/lib/integration/service";
-import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
-import { getAccessFlags } from "@formbricks/lib/membership/utils";
 import { getNotionDatabases } from "@formbricks/lib/notion/service";
-import { getProjectByEnvironmentId } from "@formbricks/lib/project/service";
-import { getSurveys } from "@formbricks/lib/survey/service";
 import { findMatchingLocale } from "@formbricks/lib/utils/locale";
 import { TIntegrationNotion, TIntegrationNotionDatabase } from "@formbricks/types/integration/notion";
 
@@ -34,44 +27,20 @@ const Page = async (props) => {
     NOTION_AUTH_URL &&
     NOTION_REDIRECT_URI
   );
-  const [session, surveys, notionIntegration, environment] = await Promise.all([
-    getServerSession(authOptions),
+
+  const { isReadOnly, environment } = await getEnvironmentAuth(params.environmentId);
+
+  const [surveys, notionIntegration] = await Promise.all([
     getSurveys(params.environmentId),
     getIntegrationByType(params.environmentId, "notion"),
-    getEnvironment(params.environmentId),
   ]);
 
-  if (!session) {
-    throw new Error(t("common.session_not_found"));
-  }
-
-  if (!environment) {
-    throw new Error(t("common.environment_not_found"));
-  }
-
-  const project = await getProjectByEnvironmentId(params.environmentId);
-  if (!project) {
-    throw new Error(t("common.project_not_found"));
-  }
-
   let databasesArray: TIntegrationNotionDatabase[] = [];
   if (notionIntegration && (notionIntegration as TIntegrationNotion).config.key?.bot_id) {
     databasesArray = (await getNotionDatabases(environment.id)) ?? [];
   }
   const locale = await findMatchingLocale();
 
-  const currentUserMembership = await getMembershipByUserIdOrganizationId(
-    session?.user.id,
-    project.organizationId
-  );
-  const { isMember } = getAccessFlags(currentUserMembership?.role);
-
-  const projectPermission = await getProjectPermissionByUserId(session?.user.id, environment?.projectId);
-
-  const { hasReadAccess } = getTeamPermissionFlags(projectPermission);
-
-  const isReadOnly = isMember && hasReadAccess;
-
   if (isReadOnly) {
     redirect("./");
   }

apps/web/app/(app)/environments/[environmentId]/integrations/page.tsx

@@ -9,71 +9,40 @@ import notionLogo from "@/images/notion.png";
 import SlackLogo from "@/images/slacklogo.png";
 import WebhookLogo from "@/images/webhook.png";
 import ZapierLogo from "@/images/zapier-small.png";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
-import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
+import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { Card } from "@/modules/ui/components/integration-card";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getTranslate } from "@/tolgee/server";
-import { getServerSession } from "next-auth";
 import Image from "next/image";
 import { redirect } from "next/navigation";
-import { getEnvironment } from "@formbricks/lib/environment/service";
 import { getIntegrations } from "@formbricks/lib/integration/service";
-import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
-import { getAccessFlags } from "@formbricks/lib/membership/utils";
-import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
 import { TIntegrationType } from "@formbricks/types/integration";
 
 const Page = async (props) => {
   const params = await props.params;
-  const environmentId = params.environmentId;
   const t = await getTranslate();
+
+  const { isReadOnly, environment, isBilling } = await getEnvironmentAuth(params.environmentId);
+
   const [
-    environment,
     integrations,
-    organization,
-    session,
     userWebhookCount,
     zapierWebhookCount,
     makeWebhookCount,
     n8nwebhookCount,
     activePiecesWebhookCount,
   ] = await Promise.all([
-    getEnvironment(environmentId),
-    getIntegrations(environmentId),
-    getOrganizationByEnvironmentId(params.environmentId),
-    getServerSession(authOptions),
-    getWebhookCountBySource(environmentId, "user"),
-    getWebhookCountBySource(environmentId, "zapier"),
-    getWebhookCountBySource(environmentId, "make"),
-    getWebhookCountBySource(environmentId, "n8n"),
-    getWebhookCountBySource(environmentId, "activepieces"),
+    getIntegrations(params.environmentId),
+    getWebhookCountBySource(params.environmentId, "user"),
+    getWebhookCountBySource(params.environmentId, "zapier"),
+    getWebhookCountBySource(params.environmentId, "make"),
+    getWebhookCountBySource(params.environmentId, "n8n"),
+    getWebhookCountBySource(params.environmentId, "activepieces"),
   ]);
 
   const isIntegrationConnected = (type: TIntegrationType) =>
     integrations.some((integration) => integration.type === type);
-  if (!session) {
-    throw new Error(t("common.session_not_found"));
-  }
-
-  if (!organization) {
-    throw new Error(t("common.organization_not_found"));
-  }
-
-  if (!environment) {
-    throw new Error(t("common.environment_not_found"));
-  }
-
-  const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organization.id);
-  const { isMember, isBilling } = getAccessFlags(currentUserMembership?.role);
-
-  const projectPermission = await getProjectPermissionByUserId(session?.user.id, environment?.projectId);
-
-  const { hasReadAccess } = getTeamPermissionFlags(projectPermission);
-
-  const isReadOnly = isMember && hasReadAccess;
 
   if (isBilling) {
     return redirect(`/environments/${params.environmentId}/settings/billing`);
@@ -244,7 +213,7 @@ const Page = async (props) => {
     docsHref: "https://formbricks.com/docs/app-surveys/quickstart",
     docsText: t("common.docs"),
     docsNewTab: true,
-    connectHref: `/environments/${environmentId}/project/app-connection`,
+    connectHref: `/environments/${params.environmentId}/project/app-connection`,
     connectText: t("common.connect"),
     connectNewTab: false,
     label: "Javascript SDK",

apps/web/app/(app)/environments/[environmentId]/integrations/slack/lib/slack.ts

@@ -1,3 +1,5 @@
+import { logger } from "@formbricks/logger";
+
 export const authorize = async (environmentId: string, apiHost: string): Promise<string> => {
   const res = await fetch(`${apiHost}/api/v1/integrations/slack`, {
     method: "GET",
@@ -5,7 +7,8 @@ export const authorize = async (environmentId: string, apiHost: string): Promise
   });
 
   if (!res.ok) {
-    console.error(res.text);
+    const errorText = await res.text();
+    logger.error({ errorText }, "authorize: Could not fetch slack config");
     throw new Error("Could not create response");
   }
   const resJSON = await res.json();

apps/web/app/(app)/environments/[environmentId]/integrations/slack/page.tsx

@@ -1,20 +1,13 @@
+import { getSurveys } from "@/app/(app)/environments/[environmentId]/integrations/lib/surveys";
 import { SlackWrapper } from "@/app/(app)/environments/[environmentId]/integrations/slack/components/SlackWrapper";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
-import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
+import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { GoBackButton } from "@/modules/ui/components/go-back-button";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getTranslate } from "@/tolgee/server";
-import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { SLACK_CLIENT_ID, SLACK_CLIENT_SECRET, WEBAPP_URL } from "@formbricks/lib/constants";
-import { getEnvironment } from "@formbricks/lib/environment/service";
 import { getIntegrationByType } from "@formbricks/lib/integration/service";
-import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
-import { getAccessFlags } from "@formbricks/lib/membership/utils";
-import { getProjectByEnvironmentId } from "@formbricks/lib/project/service";
-import { getSurveys } from "@formbricks/lib/survey/service";
 import { findMatchingLocale } from "@formbricks/lib/utils/locale";
 import { TIntegrationSlack } from "@formbricks/types/integration/slack";
 
@@ -23,40 +16,16 @@ const Page = async (props) => {
   const isEnabled = !!(SLACK_CLIENT_ID && SLACK_CLIENT_SECRET);
 
   const t = await getTranslate();
-  const [session, surveys, slackIntegration, environment] = await Promise.all([
-    getServerSession(authOptions),
+
+  const { isReadOnly, environment } = await getEnvironmentAuth(params.environmentId);
+
+  const [surveys, slackIntegration] = await Promise.all([
     getSurveys(params.environmentId),
     getIntegrationByType(params.environmentId, "slack"),
-    getEnvironment(params.environmentId),
   ]);
 
-  if (!session) {
-    throw new Error(t("common.session_not_found"));
-  }
-
-  if (!environment) {
-    throw new Error(t("common.environment_not_found"));
-  }
-
-  const project = await getProjectByEnvironmentId(params.environmentId);
-  if (!project) {
-    throw new Error(t("common.project_not_found"));
-  }
-
   const locale = await findMatchingLocale();
 
-  const currentUserMembership = await getMembershipByUserIdOrganizationId(
-    session?.user.id,
-    project.organizationId
-  );
-  const { isMember } = getAccessFlags(currentUserMembership?.role);
-
-  const projectPermission = await getProjectPermissionByUserId(session?.user.id, environment?.projectId);
-
-  const { hasReadAccess } = getTeamPermissionFlags(projectPermission);
-
-  const isReadOnly = isMember && hasReadAccess;
-
   if (isReadOnly) {
     redirect("./");
   }

apps/web/app/(app)/environments/[environmentId]/layout.tsx

@@ -4,7 +4,7 @@ import { authOptions } from "@/modules/auth/lib/authOptions";
 import { ToasterClient } from "@/modules/ui/components/toaster-client";
 import { getTranslate } from "@/tolgee/server";
 import { getServerSession } from "next-auth";
-import { notFound, redirect } from "next/navigation";
+import { redirect } from "next/navigation";
 import { hasUserEnvironmentAccess } from "@formbricks/lib/environment/auth";
 import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
 import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
@@ -49,7 +49,10 @@ const EnvLayout = async (props: {
   }
 
   const membership = await getMembershipByUserIdOrganizationId(session.user.id, organization.id);
-  if (!membership) return notFound();
+
+  if (!membership) {
+    throw new Error(t("common.membership_not_found"));
+  }
 
   return (
     <>

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/components/EditAlerts.tsx

@@ -27,7 +27,7 @@ export const EditAlerts = ({
   return (
     <>
       {memberships.map((membership) => (
-        <>
+        <div key={membership.organization.id}>
           <div className="mb-5 grid grid-cols-6 items-center space-x-3">
             <div className="col-span-3 flex items-center space-x-3">
               <UsersIcon className="h-6 w-7 text-slate-600" />
@@ -110,7 +110,7 @@ export const EditAlerts = ({
               </Link>
             </p>
           </div>
-        </>
+        </div>
       ))}
     </>
   );

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/components/EditWeeklySummary.tsx

@@ -18,7 +18,7 @@ export const EditWeeklySummary = ({ memberships, user, environmentId }: EditAler
   return (
     <>
       {memberships.map((membership) => (
-        <>
+        <div key={membership.organization.id}>
           <div className="mb-5 flex items-center space-x-3 text-sm font-medium">
             <UsersIcon className="h-6 w-7 text-slate-600" />
 
@@ -52,7 +52,7 @@ export const EditWeeklySummary = ({ memberships, user, environmentId }: EditAler
               </Link>
             </p>
           </div>
-        </>
+        </div>
       ))}
     </>
   );

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/page.tsx

@@ -157,6 +157,10 @@ const Page = async (props) => {
     throw new Error(t("common.user_not_found"));
   }
 
+  if (!memberships) {
+    throw new Error(t("common.membership_not_found"));
+  }
+
   if (user?.notificationSettings) {
     user.notificationSettings = setCompleteNotificationSettings(user.notificationSettings, memberships);
   }

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/page.tsx

@@ -1,16 +1,14 @@
 import { AccountSettingsNavbar } from "@/app/(app)/environments/[environmentId]/settings/(account)/components/AccountSettingsNavbar";
 import { AccountSecurity } from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/components/AccountSecurity";
-import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getIsMultiOrgEnabled, getIsTwoFactorAuthEnabled } from "@/modules/ee/license-check/lib/utils";
+import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { SettingsId } from "@/modules/ui/components/settings-id";
 import { UpgradePrompt } from "@/modules/ui/components/upgrade-prompt";
 import { getTranslate } from "@/tolgee/server";
-import { getServerSession } from "next-auth";
 import { IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
 import { getOrganizationsWhereUserIsSingleOwner } from "@formbricks/lib/organization/service";
-import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
 import { getUser } from "@formbricks/lib/user/service";
 import { SettingsCard } from "../../components/SettingsCard";
 import { DeleteAccount } from "./components/DeleteAccount";
@@ -23,20 +21,16 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
   const params = await props.params;
   const t = await getTranslate();
   const { environmentId } = params;
-  const session = await getServerSession(authOptions);
-  if (!session) {
-    throw new Error(t("common.session_not_found"));
-  }
 
-  const organization = await getOrganizationByEnvironmentId(environmentId);
-
-  if (!organization) {
-    throw new Error(t("common.organization_not_found"));
-  }
+  const { session } = await getEnvironmentAuth(params.environmentId);
 
   const organizationsWithSingleOwner = await getOrganizationsWhereUserIsSingleOwner(session.user.id);
 
-  const user = session && session.user ? await getUser(session.user.id) : null;
+  const user = session?.user ? await getUser(session.user.id) : null;
+
+  if (!user) {
+    throw new Error(t("common.user_not_found"));
+  }
 
   return (
     <PageContentWrapper>
@@ -71,7 +65,9 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
                   description={t("environments.settings.profile.two_factor_authentication_description")}
                   buttons={[
                     {
-                      text: t("common.start_free_trial"),
+                      text: IS_FORMBRICKS_CLOUD
+                        ? t("common.start_free_trial")
+                        : t("common.request_trial_license"),
                       href: IS_FORMBRICKS_CLOUD
                         ? `/environments/${params.environmentId}/settings/billing`
                         : "https://formbricks.com/upgrade-self-hosting-license",

apps/web/app/(app)/environments/[environmentId]/settings/(organization)/enterprise/page.tsx

@@ -1,18 +1,14 @@
 import { OrganizationSettingsNavbar } from "@/app/(app)/environments/[environmentId]/settings/(organization)/components/OrganizationSettingsNavbar";
-import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getEnterpriseLicense } from "@/modules/ee/license-check/lib/utils";
+import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { Button } from "@/modules/ui/components/button";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getTranslate } from "@/tolgee/server";
 import { CheckIcon } from "lucide-react";
-import { getServerSession } from "next-auth";
 import Link from "next/link";
 import { notFound } from "next/navigation";
 import { IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
-import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
-import { getAccessFlags } from "@formbricks/lib/membership/utils";
-import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
 
 const Page = async (props) => {
   const params = await props.params;
@@ -21,20 +17,8 @@ const Page = async (props) => {
     notFound();
   }
 
-  const session = await getServerSession(authOptions);
+  const { isMember, currentUserMembership } = await getEnvironmentAuth(params.environmentId);
 
-  const organization = await getOrganizationByEnvironmentId(params.environmentId);
-
-  if (!session) {
-    throw new Error(t("common.session_not_found"));
-  }
-
-  if (!organization) {
-    throw new Error(t("common.organization_not_found"));
-  }
-
-  const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organization.id);
-  const { isMember } = getAccessFlags(currentUserMembership?.role);
   const isPricingDisabled = isMember;
 
   if (isPricingDisabled) {

apps/web/app/(app)/environments/[environmentId]/settings/(organization)/general/page.test.tsx

@@ -0,0 +1,133 @@
+import {
+  getIsMultiOrgEnabled,
+  getIsOrganizationAIReady,
+  getWhiteLabelPermission,
+} from "@/modules/ee/license-check/lib/utils";
+import { getTranslate } from "@/tolgee/server";
+import { getServerSession } from "next-auth";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
+import { getAccessFlags } from "@formbricks/lib/membership/utils";
+import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
+import { getUser } from "@formbricks/lib/user/service";
+import { TMembership } from "@formbricks/types/memberships";
+import { TOrganization } from "@formbricks/types/organizations";
+import { TUser } from "@formbricks/types/user";
+import Page from "./page";
+
+vi.mock("@formbricks/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: false,
+  IS_PRODUCTION: false,
+  FB_LOGO_URL: "https://example.com/mock-logo.png",
+  ENCRYPTION_KEY: "mock-encryption-key",
+  ENTERPRISE_LICENSE_KEY: "mock-enterprise-license-key",
+  GITHUB_ID: "mock-github-id",
+  GITHUB_SECRET: "mock-github-secret",
+  GOOGLE_CLIENT_ID: "mock-google-client-id",
+  GOOGLE_CLIENT_SECRET: "mock-google-client-secret",
+  AZUREAD_CLIENT_ID: "mock-azuread-client-id",
+  AZUREAD_CLIENT_SECRET: "mock-azure-client-secret",
+  AZUREAD_TENANT_ID: "mock-azuread-tenant-id",
+  OIDC_CLIENT_ID: "mock-oidc-client-id",
+  OIDC_CLIENT_SECRET: "mock-oidc-client-secret",
+  OIDC_ISSUER: "mock-oidc-issuer",
+  OIDC_DISPLAY_NAME: "mock-oidc-display-name",
+  OIDC_SIGNING_ALGORITHM: "mock-oidc-signing-algorithm",
+  SAML_DATABASE_URL: "mock-saml-database-url",
+  WEBAPP_URL: "mock-webapp-url",
+  SMTP_HOST: "mock-smtp-host",
+  SMTP_PORT: "mock-smtp-port",
+}));
+
+vi.mock("next-auth", () => ({
+  getServerSession: vi.fn(),
+}));
+
+vi.mock("@/tolgee/server", () => ({
+  getTranslate: vi.fn(),
+}));
+
+vi.mock("@formbricks/lib/user/service", () => ({
+  getUser: vi.fn(),
+}));
+
+vi.mock("@formbricks/lib/organization/service", () => ({
+  getOrganizationByEnvironmentId: vi.fn(),
+}));
+
+vi.mock("@formbricks/lib/membership/service", () => ({
+  getMembershipByUserIdOrganizationId: vi.fn(),
+}));
+
+vi.mock("@formbricks/lib/membership/utils", () => ({
+  getAccessFlags: vi.fn(),
+}));
+
+vi.mock("@/modules/ee/license-check/lib/utils", () => ({
+  getIsMultiOrgEnabled: vi.fn(),
+  getIsOrganizationAIReady: vi.fn(),
+  getWhiteLabelPermission: vi.fn(),
+}));
+
+describe("Page", () => {
+  const mockParams = { environmentId: "test-environment-id" };
+  const mockSession = { user: { id: "test-user-id" } };
+  const mockUser = { id: "test-user-id" } as TUser;
+  const mockOrganization = { id: "test-organization-id", billing: { plan: "free" } } as TOrganization;
+  const mockMembership = { role: "owner" } as TMembership;
+  const mockTranslate = vi.fn((key) => key);
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    vi.mocked(getServerSession).mockResolvedValue(mockSession);
+    vi.mocked(getTranslate).mockResolvedValue(mockTranslate);
+    vi.mocked(getUser).mockResolvedValue(mockUser);
+    vi.mocked(getOrganizationByEnvironmentId).mockResolvedValue(mockOrganization);
+    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue(mockMembership);
+    vi.mocked(getAccessFlags).mockReturnValue({
+      isOwner: true,
+      isManager: false,
+      isBilling: false,
+      isMember: false,
+    });
+    vi.mocked(getIsMultiOrgEnabled).mockResolvedValue(true);
+    vi.mocked(getIsOrganizationAIReady).mockResolvedValue(true);
+    vi.mocked(getWhiteLabelPermission).mockResolvedValue(true);
+  });
+
+  it("renders the page with organization settings", async () => {
+    const props = {
+      params: Promise.resolve({ environmentId: "env-123" }),
+    };
+
+    const result = await Page(props);
+
+    expect(result).toBeTruthy();
+  });
+
+  it("renders if session user id is null", async () => {
+    vi.mocked(getServerSession).mockResolvedValue({ user: { id: null } });
+
+    const props = {
+      params: Promise.resolve({ environmentId: "env-123" }),
+    };
+
+    const result = await Page(props);
+
+    expect(result).toBeTruthy();
+  });
+
+  it("throws an error if the session is not found", async () => {
+    vi.mocked(getServerSession).mockResolvedValue(null);
+
+    await expect(Page({ params: Promise.resolve(mockParams) })).rejects.toThrow("common.session_not_found");
+  });
+
+  it("throws an error if the organization is not found", async () => {
+    vi.mocked(getOrganizationByEnvironmentId).mockResolvedValue(null);
+
+    await expect(Page({ params: Promise.resolve(mockParams) })).rejects.toThrow(
+      "common.organization_not_found"
+    );
+  });
+});

apps/web/app/(app)/environments/[environmentId]/settings/(organization)/general/page.tsx

@@ -12,7 +12,7 @@ import { PageHeader } from "@/modules/ui/components/page-header";
 import { SettingsId } from "@/modules/ui/components/settings-id";
 import { getTranslate } from "@/tolgee/server";
 import { getServerSession } from "next-auth";
-import { IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
+import { FB_LOGO_URL, IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
 import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
 import { getAccessFlags } from "@formbricks/lib/membership/utils";
 import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
@@ -84,6 +84,7 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
         environmentId={params.environmentId}
         isReadOnly={!isOwnerOrManager}
         isFormbricksCloud={IS_FORMBRICKS_CLOUD}
+        fbLogoUrl={FB_LOGO_URL}
         user={user}
       />
       {isMultiOrgEnabled && (

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/components/ResponseTableColumns.tsx

@@ -1,6 +1,7 @@
 "use client";
 
 import { RenderResponse } from "@/modules/analysis/components/SingleResponseCard/components/RenderResponse";
+import { VARIABLES_ICON_MAP, getQuestionIconMap } from "@/modules/survey/lib/questions";
 import { getSelectionColumn } from "@/modules/ui/components/data-table";
 import { ResponseBadges } from "@/modules/ui/components/response-badges";
 import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
@@ -12,7 +13,6 @@ import { getLocalizedValue } from "@formbricks/lib/i18n/utils";
 import { processResponseData } from "@formbricks/lib/responses";
 import { getContactIdentifier } from "@formbricks/lib/utils/contact";
 import { getFormattedDateTimeString } from "@formbricks/lib/utils/datetime";
-import { VARIABLES_ICON_MAP, getQuestionIconMap } from "@formbricks/lib/utils/questions";
 import { recallToHeadline } from "@formbricks/lib/utils/recall";
 import { TResponseTableData } from "@formbricks/types/responses";
 import { TSurvey, TSurveyQuestion } from "@formbricks/types/surveys/types";
@@ -200,13 +200,6 @@ export const generateResponseTableColumns = (
             </TooltipTrigger>
             <TooltipContent side="bottom" className="font-normal">
               {t("environments.surveys.responses.how_to_identify_users")}
-              <Link
-                className="underline underline-offset-2 hover:text-slate-900"
-                href="https://formbricks.com/docs/link-surveys/user-identification"
-                target="_blank">
-                {t("common.link_surveys")}
-              </Link>{" "}
-              or{" "}
               <Link
                 className="underline underline-offset-2 hover:text-slate-900"
                 href="https://formbricks.com/docs/app-surveys/user-identification"

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/HiddenFieldsSummary.tsx

@@ -51,9 +51,9 @@ export const HiddenFieldsSummary = ({ environment, questionSummary, locale }: Hi
           <div className="col-span-2 pl-4 md:pl-6">{t("common.response")}</div>
           <div className="px-4 md:px-6">{t("common.time")}</div>
         </div>
-        {questionSummary.samples.slice(0, visibleResponses).map((response) => (
+        {questionSummary.samples.slice(0, visibleResponses).map((response, idx) => (
           <div
-            key={response.value}
+            key={`${response.value}-${idx}`}
             className="grid grid-cols-4 items-center border-b border-slate-100 py-2 text-sm text-slate-800 md:text-base">
             <div className="pl-4 md:pl-6">
               {response.contact ? (

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/QuestionSummaryHeader.tsx

@@ -1,9 +1,9 @@
 "use client";
 
+import { getQuestionTypes } from "@/modules/survey/lib/questions";
 import { useTranslate } from "@tolgee/react";
 import { InboxIcon } from "lucide-react";
 import type { JSX } from "react";
-import { getQuestionTypes } from "@formbricks/lib/utils/questions";
 import { recallToHeadline } from "@formbricks/lib/utils/recall";
 import { TSurvey, TSurveyQuestionSummary } from "@formbricks/types/surveys/types";
 

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/ShareEmbedSurvey.tsx

@@ -60,7 +60,7 @@ export const ShareEmbedSurvey = ({
 
   const [activeId, setActiveId] = useState(survey.type === "link" ? tabs[0].id : tabs[3].id);
   const [showView, setShowView] = useState<"start" | "embed" | "panel">("start");
-  const [surveyUrl, setSurveyUrl] = useState(webAppUrl + "/s/" + survey.id);
+  const [surveyUrl, setSurveyUrl] = useState("");
 
   useEffect(() => {
     if (survey.type !== "link") {

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SummaryDropOffs.tsx

@@ -1,10 +1,10 @@
 "use client";
 
+import { getQuestionIcon } from "@/modules/survey/lib/questions";
 import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
 import { useTranslate } from "@tolgee/react";
 import { TimerIcon } from "lucide-react";
 import { JSX } from "react";
-import { getQuestionIcon } from "@formbricks/lib/utils/questions";
 import { recallToHeadline } from "@formbricks/lib/utils/recall";
 import { TSurvey, TSurveyQuestionType, TSurveySummary } from "@formbricks/types/surveys/types";
 

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/AppTab.tsx

@@ -1,11 +1,12 @@
 "use client";
 
+import { MobileAppTab } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/MobileAppTab";
+import { WebAppTab } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/WebAppTab";
 import { OptionsSwitch } from "@/modules/ui/components/options-switch";
 import { useTranslate } from "@tolgee/react";
-import Link from "next/link";
 import { useState } from "react";
 
-export const AppTab = ({ environmentId }) => {
+export const AppTab = () => {
   const { t } = useTranslate();
   const [selectedTab, setSelectedTab] = useState("webapp");
 
@@ -20,79 +21,7 @@ export const AppTab = ({ environmentId }) => {
         handleOptionChange={(value) => setSelectedTab(value)}
       />
 
-      <div className="mt-4">
-        {selectedTab === "webapp" ? <WebAppTab environmentId={environmentId} /> : <MobileAppTab />}
-      </div>
-    </div>
-  );
-};
-
-const MobileAppTab = () => {
-  const { t } = useTranslate();
-  return (
-    <div>
-      <p className="text-lg font-semibold text-slate-800">
-        {t("environments.surveys.summary.how_to_embed_a_survey_on_your_react_native_app")}
-      </p>
-      <ol className="mt-4 list-decimal space-y-2 pl-5 text-sm text-slate-700">
-        <li>
-          {t("common.follow_these")}{" "}
-          <Link
-            href="https://formbricks.com/docs/developer-docs/react-native-in-app-surveys"
-            target="_blank"
-            className="decoration-brand-dark font-medium underline underline-offset-2">
-            {t("environments.surveys.summary.setup_instructions_for_react_native_apps")}
-          </Link>{" "}
-          {t("environments.surveys.summary.to_connect_your_app_with_formbricks")}
-        </li>
-      </ol>
-      <div className="mt-2 text-sm italic text-slate-700">
-        {t("environments.surveys.summary.were_working_on_sdks_for_flutter_swift_and_kotlin")}
-      </div>
-    </div>
-  );
-};
-
-const WebAppTab = ({ environmentId }) => {
-  const { t } = useTranslate();
-  return (
-    <div>
-      <p className="text-lg font-semibold text-slate-800">
-        {t("environments.surveys.summary.how_to_embed_a_survey_on_your_web_app")}
-      </p>
-      <ol className="mt-4 list-decimal space-y-2 pl-5 text-sm text-slate-700">
-        <li>
-          {t("common.follow_these")}{" "}
-          <Link
-            href={`/environments/${environmentId}/project/app-connection`}
-            target="_blank"
-            className="decoration-brand-dark font-medium underline underline-offset-2">
-            {t("environments.surveys.summary.setup_instructions")}
-          </Link>{" "}
-          {t("environments.surveys.summary.to_connect_your_web_app_with_formbricks")}
-        </li>
-        <li>
-          {t("environments.surveys.summary.learn_how_to")}{" "}
-          <Link
-            href="https://formbricks.com/docs/app-surveys/user-identification"
-            target="_blank"
-            className="decoration-brand-dark font-medium underline underline-offset-2">
-            {t("environments.surveys.summary.identify_users_and_set_attributes")}
-          </Link>{" "}
-          {t("environments.surveys.summary.to_run_highly_targeted_surveys")}.
-        </li>
-        <li>
-          {t("environments.surveys.summary.make_sure_the_survey_type_is_set_to")}{" "}
-          <b>{t("common.app_survey")}</b>
-        </li>
-        <li>{t("environments.surveys.summary.define_when_and_where_the_survey_should_pop_up")}</li>
-      </ol>
-      <div className="mt-4">
-        <video autoPlay loop muted className="w-full rounded-xl border border-slate-200">
-          <source src="/video/tooltips/change-survey-type-app.mp4" type="video/mp4" />
-          {t("environments.surveys.summary.unsupported_video_tag_warning")}
-        </video>
-      </div>
+      <div className="mt-4">{selectedTab === "webapp" ? <WebAppTab /> : <MobileAppTab />}</div>
     </div>
   );
 };

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/EmbedView.tsx

@@ -88,7 +88,7 @@ export const EmbedView = ({
               locale={locale}
             />
           ) : activeId === "app" ? (
-            <AppTab environmentId={environmentId} />
+            <AppTab />
           ) : null}
           <div className="mt-2 rounded-md p-3 text-center lg:hidden">
             {tabs.slice(0, 2).map((tab) => (

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/LinkTab.tsx

@@ -16,12 +16,8 @@ interface LinkTabProps {
 
 export const LinkTab = ({ survey, webAppUrl, surveyUrl, setSurveyUrl, locale }: LinkTabProps) => {
   const { t } = useTranslate();
+
   const docsLinks = [
-    {
-      title: t("environments.surveys.summary.identify_users"),
-      description: t("environments.surveys.summary.identify_users_description"),
-      link: "https://formbricks.com/docs/link-surveys/user-identification",
-    },
     {
       title: t("environments.surveys.summary.data_prefilling"),
       description: t("environments.surveys.summary.data_prefilling_description"),
@@ -53,6 +49,7 @@ export const LinkTab = ({ survey, webAppUrl, surveyUrl, setSurveyUrl, locale }:
           locale={locale}
         />
       </div>
+
       <div className="flex flex-wrap justify-between gap-2">
         <p className="pt-2 font-semibold text-slate-700">
           {t("environments.surveys.summary.you_can_do_a_lot_more_with_links_surveys")} 💡

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/MobileAppTab.tsx

@@ -0,0 +1,25 @@
+"use client";
+
+import { Alert, AlertDescription, AlertTitle } from "@/modules/ui/components/alert";
+import { Button } from "@/modules/ui/components/button";
+import { useTranslate } from "@tolgee/react";
+import Link from "next/link";
+
+export const MobileAppTab = () => {
+  const { t } = useTranslate();
+  return (
+    <Alert>
+      <AlertTitle>{t("environments.surveys.summary.quickstart_mobile_apps")}</AlertTitle>
+      <AlertDescription>
+        {t("environments.surveys.summary.quickstart_mobile_apps_description")}
+        <Button asChild className="w-fit" size="sm" variant="link">
+          <Link
+            href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/framework-guides"
+            target="_blank">
+            {t("common.learn_more")}
+          </Link>
+        </Button>
+      </AlertDescription>
+    </Alert>
+  );
+};

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/PanelInfoView.tsx

@@ -85,8 +85,10 @@ export const PanelInfoView = ({ disableBack, handleInitialPageButton }: PanelInf
             </p>
           </div>
           <Button className="justify-center" asChild>
-            <Link href="https://formbricks.com/docs/link-surveys/market-research-panel" target="_blank">
-              {t("common.get_started")}
+            <Link
+              href="https://formbricks.com/docs/xm-and-surveys/surveys/link-surveys/market-research-panel"
+              target="_blank">
+              {t("common.learn_more")}
             </Link>
           </Button>
         </div>

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/WebAppTab.tsx

@@ -0,0 +1,25 @@
+"use client";
+
+import { Alert, AlertDescription, AlertTitle } from "@/modules/ui/components/alert";
+import { Button } from "@/modules/ui/components/button";
+import { useTranslate } from "@tolgee/react";
+import Link from "next/link";
+
+export const WebAppTab = () => {
+  const { t } = useTranslate();
+  return (
+    <Alert>
+      <AlertTitle>{t("environments.surveys.summary.quickstart_web_apps")}</AlertTitle>
+      <AlertDescription>
+        {t("environments.surveys.summary.quickstart_web_apps_description")}
+        <Button asChild className="w-fit" size="sm" variant="link">
+          <Link
+            href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/quickstart"
+            target="_blank">
+            {t("common.learn_more")}
+          </Link>
+        </Button>
+      </AlertDescription>
+    </Alert>
+  );
+};

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/get-qr-code-options.ts

@@ -0,0 +1,36 @@
+import { Options } from "qr-code-styling";
+
+export const getQRCodeOptions = (width: number, height: number): Options => ({
+  width,
+  height,
+  type: "svg",
+  data: "",
+  margin: 0,
+  qrOptions: {
+    typeNumber: 0,
+    mode: "Byte",
+    errorCorrectionLevel: "L",
+  },
+  imageOptions: {
+    saveAsBlob: true,
+    hideBackgroundDots: false,
+    imageSize: 0,
+    margin: 0,
+  },
+  dotsOptions: {
+    type: "extra-rounded",
+    color: "#000000",
+    roundSize: true,
+  },
+  backgroundOptions: {
+    color: "#ffffff",
+  },
+  cornersSquareOptions: {
+    type: "dot",
+    color: "#000000",
+  },
+  cornersDotOptions: {
+    type: "dot",
+    color: "#000000",
+  },
+});

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/survey-qr-code.tsx

@@ -0,0 +1,44 @@
+"use client";
+
+import { getQRCodeOptions } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/get-qr-code-options";
+import { useTranslate } from "@tolgee/react";
+import QRCodeStyling from "qr-code-styling";
+import { useEffect, useRef } from "react";
+import { toast } from "react-hot-toast";
+
+export const useSurveyQRCode = (surveyUrl: string) => {
+  const qrCodeRef = useRef<HTMLDivElement>(null);
+  const qrInstance = useRef<QRCodeStyling | null>(null);
+  const { t } = useTranslate();
+
+  useEffect(() => {
+    try {
+      if (!qrInstance.current) {
+        qrInstance.current = new QRCodeStyling(getQRCodeOptions(70, 70));
+      }
+
+      if (surveyUrl && qrInstance.current) {
+        qrInstance.current.update({ data: surveyUrl });
+
+        if (qrCodeRef.current) {
+          qrCodeRef.current.innerHTML = "";
+          qrInstance.current.append(qrCodeRef.current);
+        }
+      }
+    } catch (error) {
+      toast.error(t("environments.surveys.summary.failed_to_generate_qr_code"));
+    }
+  }, [surveyUrl]);
+
+  const downloadQRCode = () => {
+    try {
+      const downloadInstance = new QRCodeStyling(getQRCodeOptions(500, 500));
+      downloadInstance.update({ data: surveyUrl });
+      downloadInstance.download({ name: "survey-qr", extension: "png" });
+    } catch (error) {
+      toast.error(t("environments.surveys.summary.failed_to_generate_qr_code"));
+    }
+  };
+
+  return { qrCodeRef, downloadQRCode };
+};

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary.ts

@@ -380,7 +380,7 @@ export const getQuestionSummary = async (
 
           let hasValidAnswer = false;
 
-          if (Array.isArray(answer)) {
+          if (Array.isArray(answer) && question.type === TSurveyQuestionTypeEnum.MultipleChoiceMulti) {
             answer.forEach((value) => {
               if (value) {
                 totalSelectionCount++;
@@ -396,7 +396,10 @@ export const getQuestionSummary = async (
                 hasValidAnswer = true;
               }
             });
-          } else if (typeof answer === "string") {
+          } else if (
+            typeof answer === "string" &&
+            question.type === TSurveyQuestionTypeEnum.MultipleChoiceSingle
+          ) {
             if (answer) {
               totalSelectionCount++;
               if (questionChoices.includes(answer)) {

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/QuestionFilterComboBox.tsx

@@ -14,6 +14,7 @@ import {
   DropdownMenuItem,
   DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
+import { Input } from "@/modules/ui/components/input";
 import { useTranslate } from "@tolgee/react";
 import clsx from "clsx";
 import { ChevronDown, ChevronUp, X } from "lucide-react";
@@ -48,6 +49,7 @@ export const QuestionFilterComboBox = ({
   const [open, setOpen] = React.useState(false);
   const [openFilterValue, setOpenFilterValue] = React.useState<boolean>(false);
   const commandRef = React.useRef(null);
+  const [searchQuery, setSearchQuery] = React.useState<string>("");
   const defaultLanguageCode = "default";
   useClickOutside(commandRef, () => setOpen(false));
   const { t } = useTranslate();
@@ -73,6 +75,12 @@ export const QuestionFilterComboBox = ({
     (type === TSurveyQuestionTypeEnum.NPS || type === TSurveyQuestionTypeEnum.Rating) &&
     (filterValue === "Submitted" || filterValue === "Skipped");
 
+  const filteredOptions = options?.filter((o) =>
+    (typeof o === "object" ? getLocalizedValue(o, defaultLanguageCode) : o)
+      .toLowerCase()
+      .includes(searchQuery.toLowerCase())
+  );
+
   return (
     <div className="inline-flex w-full flex-row">
       {filterOptions && filterOptions?.length <= 1 ? (
@@ -160,10 +168,21 @@ export const QuestionFilterComboBox = ({
           {open && (
             <div className="animate-in bg-popover absolute top-0 z-10 max-h-52 w-full overflow-auto rounded-md bg-white outline-none">
               <CommandList>
+                <div className="p-2">
+                  <Input
+                    type="text"
+                    autoFocus
+                    placeholder={t("common.search") + "..."}
+                    value={searchQuery}
+                    onChange={(e) => setSearchQuery(e.target.value)}
+                    className="w-full rounded-md border border-slate-300 p-2 text-sm focus:border-slate-300"
+                  />
+                </div>
                 <CommandEmpty>{t("common.no_result_found")}</CommandEmpty>
                 <CommandGroup>
-                  {options?.map((o) => (
+                  {filteredOptions?.map((o, index) => (
                     <CommandItem
+                      key={`option-${typeof o === "object" ? getLocalizedValue(o, defaultLanguageCode) : o}-${index}`}
                       onSelect={() => {
                         !isMultiple
                           ? onChangeFilterComboBoxValue(

apps/web/app/(app)/layout.test.tsx

@@ -0,0 +1,92 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen } from "@testing-library/react";
+import { getServerSession } from "next-auth";
+import { afterEach, describe, expect, it, vi } from "vitest";
+import { getUser } from "@formbricks/lib/user/service";
+import { TUser } from "@formbricks/types/user";
+import AppLayout from "./layout";
+
+vi.mock("next-auth", () => ({
+  getServerSession: vi.fn(),
+}));
+
+vi.mock("@formbricks/lib/user/service", () => ({
+  getUser: vi.fn(),
+}));
+
+vi.mock("@formbricks/lib/constants", () => ({
+  INTERCOM_SECRET_KEY: "test-secret-key",
+  IS_INTERCOM_CONFIGURED: true,
+  INTERCOM_APP_ID: "test-app-id",
+  ENCRYPTION_KEY: "test-encryption-key",
+  ENTERPRISE_LICENSE_KEY: "test-enterprise-license-key",
+  GITHUB_ID: "test-github-id",
+  GITHUB_SECRET: "test-githubID",
+  GOOGLE_CLIENT_ID: "test-google-client-id",
+  GOOGLE_CLIENT_SECRET: "test-google-client-secret",
+  AZUREAD_CLIENT_ID: "test-azuread-client-id",
+  AZUREAD_CLIENT_SECRET: "test-azure",
+  AZUREAD_TENANT_ID: "test-azuread-tenant-id",
+  OIDC_DISPLAY_NAME: "test-oidc-display-name",
+  OIDC_CLIENT_ID: "test-oidc-client-id",
+  OIDC_ISSUER: "test-oidc-issuer",
+  OIDC_CLIENT_SECRET: "test-oidc-client-secret",
+  OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
+  WEBAPP_URL: "test-webapp-url",
+}));
+
+vi.mock("@/app/(app)/components/FormbricksClient", () => ({
+  FormbricksClient: () => <div data-testid="formbricks-client" />,
+}));
+vi.mock("@/app/intercom/IntercomClientWrapper", () => ({
+  IntercomClientWrapper: () => <div data-testid="mock-intercom-wrapper" />,
+}));
+vi.mock("@/modules/ui/components/no-mobile-overlay", () => ({
+  NoMobileOverlay: () => <div data-testid="no-mobile-overlay" />,
+}));
+vi.mock("@/modules/ui/components/post-hog-client", () => ({
+  PHProvider: ({ children }: { children: React.ReactNode }) => (
+    <div data-testid="ph-provider">{children}</div>
+  ),
+  PostHogPageview: () => <div data-testid="ph-pageview" />,
+}));
+vi.mock("@/modules/ui/components/toaster-client", () => ({
+  ToasterClient: () => <div data-testid="toaster-client" />,
+}));
+
+describe("(app) AppLayout", () => {
+  afterEach(() => {
+    cleanup();
+  });
+
+  it("renders child content and all sub-components when user exists", async () => {
+    vi.mocked(getServerSession).mockResolvedValueOnce({ user: { id: "user-123" } });
+    vi.mocked(getUser).mockResolvedValueOnce({ id: "user-123", email: "test@example.com" } as TUser);
+
+    // Because AppLayout is async, call it like a function
+    const element = await AppLayout({
+      children: <div data-testid="child-content">Hello from children</div>,
+    });
+
+    render(element);
+
+    expect(screen.getByTestId("no-mobile-overlay")).toBeInTheDocument();
+    expect(screen.getByTestId("ph-pageview")).toBeInTheDocument();
+    expect(screen.getByTestId("ph-provider")).toBeInTheDocument();
+    expect(screen.getByTestId("mock-intercom-wrapper")).toBeInTheDocument();
+    expect(screen.getByTestId("toaster-client")).toBeInTheDocument();
+    expect(screen.getByTestId("child-content")).toHaveTextContent("Hello from children");
+    expect(screen.getByTestId("formbricks-client")).toBeInTheDocument();
+  });
+
+  it("skips FormbricksClient if no user is present", async () => {
+    vi.mocked(getServerSession).mockResolvedValueOnce(null);
+
+    const element = await AppLayout({
+      children: <div data-testid="child-content">Hello from children</div>,
+    });
+    render(element);
+
+    expect(screen.queryByTestId("formbricks-client")).not.toBeInTheDocument();
+  });
+});

apps/web/app/(app)/layout.tsx

@@ -1,12 +1,11 @@
 import { FormbricksClient } from "@/app/(app)/components/FormbricksClient";
-import { IntercomClient } from "@/app/IntercomClient";
+import { IntercomClientWrapper } from "@/app/intercom/IntercomClientWrapper";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { NoMobileOverlay } from "@/modules/ui/components/no-mobile-overlay";
 import { PHProvider, PostHogPageview } from "@/modules/ui/components/post-hog-client";
 import { ToasterClient } from "@/modules/ui/components/toaster-client";
 import { getServerSession } from "next-auth";
 import { Suspense } from "react";
-import { INTERCOM_SECRET_KEY, IS_INTERCOM_CONFIGURED } from "@formbricks/lib/constants";
 import { getUser } from "@formbricks/lib/user/service";
 
 const AppLayout = async ({ children }) => {
@@ -22,11 +21,7 @@ const AppLayout = async ({ children }) => {
       <PHProvider>
         <>
           {user ? <FormbricksClient userId={user.id} email={user.email} /> : null}
-          <IntercomClient
-            isIntercomConfigured={IS_INTERCOM_CONFIGURED}
-            intercomSecretKey={INTERCOM_SECRET_KEY}
-            user={user}
-          />
+          <IntercomClientWrapper user={user} />
           <ToasterClient />
           {children}
         </>

apps/web/app/(auth)/layout.test.tsx

@@ -0,0 +1,34 @@
+import "@testing-library/jest-dom/vitest";
+import { render, screen } from "@testing-library/react";
+import { describe, expect, it, vi } from "vitest";
+import AppLayout from "../(auth)/layout";
+
+vi.mock("@formbricks/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: false,
+  IS_INTERCOM_CONFIGURED: true,
+  INTERCOM_SECRET_KEY: "mock-intercom-secret-key",
+  INTERCOM_APP_ID: "mock-intercom-app-id",
+}));
+
+vi.mock("@/app/intercom/IntercomClientWrapper", () => ({
+  IntercomClientWrapper: () => <div data-testid="mock-intercom-wrapper" />,
+}));
+vi.mock("@/modules/ui/components/no-mobile-overlay", () => ({
+  NoMobileOverlay: () => <div data-testid="mock-no-mobile-overlay" />,
+}));
+
+describe("(auth) AppLayout", () => {
+  it("renders the NoMobileOverlay and IntercomClient, plus children", async () => {
+    const appLayoutElement = await AppLayout({
+      children: <div data-testid="child-content">Hello from children!</div>,
+    });
+
+    const childContentText = "Hello from children!";
+
+    render(appLayoutElement);
+
+    expect(screen.getByTestId("mock-no-mobile-overlay")).toBeInTheDocument();
+    expect(screen.getByTestId("mock-intercom-wrapper")).toBeInTheDocument();
+    expect(screen.getByTestId("child-content")).toHaveTextContent(childContentText);
+  });
+});

apps/web/app/(auth)/layout.tsx

@@ -1,12 +1,11 @@
-import { IntercomClient } from "@/app/IntercomClient";
+import { IntercomClientWrapper } from "@/app/intercom/IntercomClientWrapper";
 import { NoMobileOverlay } from "@/modules/ui/components/no-mobile-overlay";
-import { INTERCOM_SECRET_KEY, IS_INTERCOM_CONFIGURED } from "@formbricks/lib/constants";
 
 const AppLayout = async ({ children }) => {
   return (
     <>
       <NoMobileOverlay />
-      <IntercomClient isIntercomConfigured={IS_INTERCOM_CONFIGURED} intercomSecretKey={INTERCOM_SECRET_KEY} />
+      <IntercomClientWrapper />
       {children}
     </>
   );

apps/web/app/(redirects)/organizations/[organizationId]/route.ts

@@ -1,8 +1,8 @@
-import { hasOrganizationAccess } from "@/app/lib/api/apiHelper";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { notFound } from "next/navigation";
+import { hasOrganizationAccess } from "@formbricks/lib/auth";
 import { getEnvironments } from "@formbricks/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
 import { getAccessFlags } from "@formbricks/lib/membership/utils";
@@ -16,7 +16,7 @@ export const GET = async (_: Request, context: { params: Promise<{ organizationI
   // check auth
   const session = await getServerSession(authOptions);
   if (!session) throw new AuthenticationError("Not authenticated");
-  const hasAccess = await hasOrganizationAccess(session.user, organizationId);
+  const hasAccess = await hasOrganizationAccess(session.user.id, organizationId);
   if (!hasAccess) throw new AuthorizationError("Unauthorized");
 
   const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organizationId);

apps/web/app/(redirects)/projects/[projectId]/route.ts

@@ -1,7 +1,7 @@
-import { hasOrganizationAccess } from "@/app/lib/api/apiHelper";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getServerSession } from "next-auth";
 import { notFound, redirect } from "next/navigation";
+import { hasOrganizationAccess } from "@formbricks/lib/auth";
 import { getEnvironments } from "@formbricks/lib/environment/service";
 import { getProject } from "@formbricks/lib/project/service";
 import { AuthenticationError, AuthorizationError } from "@formbricks/types/errors";
@@ -15,7 +15,7 @@ export const GET = async (_: Request, context: { params: Promise<{ projectId: st
   if (!session) throw new AuthenticationError("Not authenticated");
   const project = await getProject(projectId);
   if (!project) return notFound();
-  const hasAccess = await hasOrganizationAccess(session.user, project.organizationId);
+  const hasAccess = await hasOrganizationAccess(session.user.id, project.organizationId);
   if (!hasAccess) throw new AuthorizationError("Unauthorized");
   // redirect to project's production environment
   const environments = await getEnvironments(project.id);

apps/web/app/[shortUrlId]/page.tsx

@@ -2,6 +2,7 @@ import { getMetadataForLinkSurvey } from "@/modules/survey/link/metadata";
 import type { Metadata } from "next";
 import { notFound, redirect } from "next/navigation";
 import { getShortUrl } from "@formbricks/lib/shortUrl/service";
+import { logger } from "@formbricks/logger";
 import { TShortUrl, ZShortUrlId } from "@formbricks/types/short-url";
 
 export const generateMetadata = async (props): Promise<Metadata> => {
@@ -44,7 +45,7 @@ const Page = async (props) => {
   try {
     shortUrl = await getShortUrl(params.shortUrlId);
   } catch (error) {
-    console.error(error);
+    logger.error(error, "Could not fetch short url");
     notFound();
   }
 

apps/web/app/api/(internal)/csv-conversion/route.ts

@@ -3,6 +3,7 @@ import { authOptions } from "@/modules/auth/lib/authOptions";
 import { AsyncParser } from "@json2csv/node";
 import { getServerSession } from "next-auth";
 import { NextRequest } from "next/server";
+import { logger } from "@formbricks/logger";
 
 export const POST = async (request: NextRequest) => {
   const session = await getServerSession(authOptions);
@@ -28,7 +29,7 @@ export const POST = async (request: NextRequest) => {
   try {
     csv = await parser.parse(json).promise();
   } catch (err) {
-    console.error(err);
+    logger.error({ error: err, url: request.url }, "Failed to convert to CSV");
     throw new Error("Failed to convert to CSV");
   }
 

apps/web/app/api/(internal)/insights/lib/utils.ts

@@ -4,6 +4,7 @@ import { surveyCache } from "@formbricks/lib/survey/cache";
 import { getSurvey, updateSurvey } from "@formbricks/lib/survey/service";
 import { doesSurveyHasOpenTextQuestion } from "@formbricks/lib/survey/utils";
 import { validateInputs } from "@formbricks/lib/utils/validate";
+import { logger } from "@formbricks/logger";
 import { ZId } from "@formbricks/types/common";
 import { ResourceNotFoundError } from "@formbricks/types/errors";
 import { TResponse } from "@formbricks/types/responses";
@@ -80,7 +81,7 @@ export const generateInsightsEnabledForSurveyQuestions = async (
 
     return { success: false };
   } catch (error) {
-    console.error("Error generating insights for surveys:", error);
+    logger.error(error, "Error generating insights for surveys");
     throw error;
   }
 };

apps/web/app/api/(internal)/insights/route.ts

@@ -5,6 +5,7 @@ import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { headers } from "next/headers";
 import { z } from "zod";
 import { CRON_SECRET } from "@formbricks/lib/constants";
+import { logger } from "@formbricks/logger";
 import { generateInsightsEnabledForSurveyQuestions } from "./lib/utils";
 
 export const maxDuration = 300; // This function can run for a maximum of 300 seconds
@@ -25,7 +26,7 @@ export const POST = async (request: Request) => {
     const inputValidation = ZGenerateInsightsInput.safeParse(jsonInput);
 
     if (!inputValidation.success) {
-      console.error(inputValidation.error);
+      logger.error({ error: inputValidation.error, url: request.url }, "Error in POST /api/insights");
       return responses.badRequestResponse(
         "Fields are missing or incorrectly formatted",
         transformErrorToDetails(inputValidation.error),

apps/web/app/api/(internal)/pipeline/lib/handleIntegrations.ts

@@ -9,6 +9,7 @@ import { writeDataToSlack } from "@formbricks/lib/slack/service";
 import { getFormattedDateTimeString } from "@formbricks/lib/utils/datetime";
 import { parseRecallInfo } from "@formbricks/lib/utils/recall";
 import { truncateText } from "@formbricks/lib/utils/strings";
+import { logger } from "@formbricks/logger";
 import { Result } from "@formbricks/types/error-handlers";
 import { TIntegration, TIntegrationType } from "@formbricks/types/integration";
 import { TIntegrationAirtable } from "@formbricks/types/integration/airtable";
@@ -83,13 +84,13 @@ export const handleIntegrations = async (
           survey
         );
         if (!googleResult.ok) {
-          console.error("Error in google sheets integration: ", googleResult.error);
+          logger.error(googleResult.error, "Error in google sheets integration");
         }
         break;
       case "slack":
         const slackResult = await handleSlackIntegration(integration as TIntegrationSlack, data, survey);
         if (!slackResult.ok) {
-          console.error("Error in slack integration: ", slackResult.error);
+          logger.error(slackResult.error, "Error in slack integration");
         }
         break;
       case "airtable":
@@ -99,13 +100,13 @@ export const handleIntegrations = async (
           survey
         );
         if (!airtableResult.ok) {
-          console.error("Error in airtable integration: ", airtableResult.error);
+          logger.error(airtableResult.error, "Error in airtable integration");
         }
         break;
       case "notion":
         const notionResult = await handleNotionIntegration(integration as TIntegrationNotion, data, survey);
         if (!notionResult.ok) {
-          console.error("Error in notion integration: ", notionResult.error);
+          logger.error(notionResult.error, "Error in notion integration");
         }
         break;
     }
@@ -418,7 +419,7 @@ const getValue = (colType: string, value: string | string[] | Date | number | Re
         return typeof value === "string" ? value : (value as string[]).join(", ");
     }
   } catch (error) {
-    console.error(error);
+    logger.error(error, "Payload build failed!");
     throw new Error("Payload build failed!");
   }
 };

apps/web/app/api/(internal)/pipeline/lib/survey-follow-up.ts

@@ -1,6 +1,7 @@
 import { sendFollowUpEmail } from "@/modules/email";
 import { z } from "zod";
 import { TSurveyFollowUpAction } from "@formbricks/database/types/survey-follow-up";
+import { logger } from "@formbricks/logger";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TResponse } from "@formbricks/types/responses";
 import { TSurvey } from "@formbricks/types/surveys/types";
@@ -89,6 +90,6 @@ export const sendSurveyFollowUps = async (
     .map((result) => `FollowUp ${result.followUpId} failed: ${result.error}`);
 
   if (errors.length > 0) {
-    console.error("Follow-up processing errors:", errors);
+    logger.error(errors, "Follow-up processing errors");
   }
 };

apps/web/app/api/(internal)/pipeline/route.ts

@@ -19,6 +19,7 @@ import { getSurvey, updateSurvey } from "@formbricks/lib/survey/service";
 import { convertDatesInObject } from "@formbricks/lib/time";
 import { getPromptText } from "@formbricks/lib/utils/ai";
 import { parseRecallInfo } from "@formbricks/lib/utils/recall";
+import { logger } from "@formbricks/logger";
 import { handleIntegrations } from "./lib/handleIntegrations";
 
 export const POST = async (request: Request) => {
@@ -34,7 +35,10 @@ export const POST = async (request: Request) => {
   const inputValidation = ZPipelineInput.safeParse(convertedJsonInput);
 
   if (!inputValidation.success) {
-    console.error(inputValidation.error);
+    logger.error(
+      { error: inputValidation.error, url: request.url },
+      "Error in POST /api/(internal)/pipeline"
+    );
     return responses.badRequestResponse(
       "Fields are missing or incorrectly formatted",
       transformErrorToDetails(inputValidation.error),
@@ -87,7 +91,7 @@ export const POST = async (request: Request) => {
         data: response,
       }),
     }).catch((error) => {
-      console.error(`Webhook call to ${webhook.url} failed:`, error);
+      logger.error({ error, url: request.url }, `Webhook call to ${webhook.url} failed`);
     })
   );
 
@@ -100,7 +104,7 @@ export const POST = async (request: Request) => {
     ]);
 
     if (!survey) {
-      console.error(`Survey with id ${surveyId} not found`);
+      logger.error({ url: request.url, surveyId }, `Survey with id ${surveyId} not found`);
       return new Response("Survey not found", { status: 404 });
     }
 
@@ -172,7 +176,10 @@ export const POST = async (request: Request) => {
 
     const emailPromises = usersWithNotifications.map((user) =>
       sendResponseFinishedEmail(user.email, environmentId, survey, response, responseCount).catch((error) => {
-        console.error(`Failed to send email to ${user.email}:`, error);
+        logger.error(
+          { error, url: request.url, userEmail: user.email },
+          `Failed to send email to ${user.email}`
+        );
       })
     );
 
@@ -188,7 +195,7 @@ export const POST = async (request: Request) => {
     const results = await Promise.allSettled([...webhookPromises, ...emailPromises]);
     results.forEach((result) => {
       if (result.status === "rejected") {
-        console.error("Promise rejected:", result.reason);
+        logger.error({ error: result.reason, url: request.url }, "Promise rejected");
       }
     });
 
@@ -228,7 +235,7 @@ export const POST = async (request: Request) => {
                   text,
                 });
               } catch (e) {
-                console.error(e);
+                logger.error({ error: e, url: request.url }, "Error creating document and assigning insight");
               }
             }
           }
@@ -240,7 +247,7 @@ export const POST = async (request: Request) => {
     const results = await Promise.allSettled(webhookPromises);
     results.forEach((result) => {
       if (result.status === "rejected") {
-        console.error("Promise rejected:", result.reason);
+        logger.error({ error: result.reason, url: request.url }, "Promise rejected");
       }
     });
   }

apps/web/app/api/auth/saml/authorize/route.ts

@@ -0,0 +1,3 @@
+import { GET } from "@/modules/ee/auth/saml/api/authorize/route";
+
+export { GET };

apps/web/app/api/auth/saml/callback/route.ts

@@ -0,0 +1,3 @@
+import { POST } from "@/modules/ee/auth/saml/api/callback/route";
+
+export { POST };

apps/web/app/api/auth/saml/token/route.ts

@@ -0,0 +1,3 @@
+import { POST } from "@/modules/ee/auth/saml/api/token/route";
+
+export { POST };

apps/web/app/api/auth/saml/userinfo/route.ts

@@ -0,0 +1,3 @@
+import { GET } from "@/modules/ee/auth/saml/api/userinfo/route";
+
+export { GET };

apps/web/app/api/v1/auth.ts

@@ -1,16 +1,19 @@
+import { getEnvironmentIdFromApiKey } from "@/app/api/v1/lib/api-key";
 import { responses } from "@/app/lib/api/response";
+import { hashApiKey } from "@/modules/api/v2/management/lib/utils";
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
 import { DatabaseError, InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
-import { getEnvironmentIdFromApiKey } from "./lib/api-key";
 
 export const authenticateRequest = async (request: Request): Promise<TAuthenticationApiKey | null> => {
   const apiKey = request.headers.get("x-api-key");
   if (apiKey) {
     const environmentId = await getEnvironmentIdFromApiKey(apiKey);
     if (environmentId) {
+      const hashedApiKey = hashApiKey(apiKey);
       const authentication: TAuthenticationApiKey = {
         type: "apiKey",
         environmentId,
+        hashedApiKey,
       };
       return authentication;
     }