fix(ci): backport release tag validation fix to release/4.0 (#6609 )

chore: backport jwt and script fix (#6607 )
Co-authored-by: Anshuman Pandey <54475686+pandeymangg@users.noreply.github.com>
2025-12-21 13:40:31 -06:00 · 2025-09-26 09:41:06 +02:00 · 2025-09-25 11:53:45 -03:00 · 2025-09-25 10:42:29 -03:00 · 2025-09-25 18:49:55 +05:30 · 2025-09-25 18:21:51 +05:30
1235 changed files with 64387 additions and 32335 deletions
--- a/.cursor/rules/cache-optimization.mdc
+++ b/.cursor/rules/cache-optimization.mdc
@@ -16,9 +16,10 @@ Formbricks uses a **hybrid caching approach** optimized for enterprise scale:
 ## Key Files

 ### Core Cache Infrastructure
- [apps/web/modules/cache/lib/service.ts](mdc:apps/web/modules/cache/lib/service.ts) - Redis cache service
- [apps/web/modules/cache/lib/withCache.ts](mdc:apps/web/modules/cache/lib/withCache.ts) - Cache wrapper utilities
- [apps/web/modules/cache/lib/cacheKeys.ts](mdc:apps/web/modules/cache/lib/cacheKeys.ts) - Enterprise cache key patterns and utilities
+- [packages/cache/src/service.ts](mdc:packages/cache/src/service.ts) - Redis cache service
+- [packages/cache/src/client.ts](mdc:packages/cache/src/client.ts) - Cache client initialization and singleton management  
+- [apps/web/lib/cache/index.ts](mdc:apps/web/lib/cache/index.ts) - Cache service proxy for web app
+- [packages/cache/src/index.ts](mdc:packages/cache/src/index.ts) - Cache package exports and utilities

 ### Environment State Caching (Critical Endpoint)
 - [apps/web/app/api/v1/client/[environmentId]/environment/route.ts](mdc:apps/web/app/api/v1/client/[environmentId]/environment/route.ts) - Main endpoint serving hundreds of thousands of SDK clients
@@ -26,7 +27,7 @@ Formbricks uses a **hybrid caching approach** optimized for enterprise scale:

 ## Enterprise-Grade Cache Key Patterns

-**Always use** the `createCacheKey` utilities from [cacheKeys.ts](mdc:apps/web/modules/cache/lib/cacheKeys.ts):
+**Always use** the `createCacheKey` utilities from the cache package:

 ```typescript
 // ✅ Correct patterns
@@ -50,14 +51,14 @@ export const getEnterpriseLicense = reactCache(async () => {
 });
 ```

-### Use `withCache()` for Simple Database Queries
+### Use `cache.withCache()` for Simple Database Queries
 ```typescript
 // ✅ Simple caching with automatic fallback (TTL in milliseconds)
 export const getActionClasses = (environmentId: string) => {
-  return withCache(() => fetchActionClassesFromDB(environmentId), {
-    key: createCacheKey.environment.actionClasses(environmentId),
-    ttl: 60 * 30 * 1000, // 30 minutes in milliseconds
-  })();
+  return cache.withCache(() => fetchActionClassesFromDB(environmentId), 
+    createCacheKey.environment.actionClasses(environmentId),
+    60 * 30 * 1000 // 30 minutes in milliseconds
+  );
 };
 ```

--- a/.cursor/rules/database.mdc
+++ b/.cursor/rules/database.mdc
@@ -7,6 +7,7 @@ description: >
 globs: []
 alwaysApply: agent-requested
 ---
+
 # Formbricks Database Schema Reference

 This rule provides a reference to the Formbricks database structure. For the most up-to-date and complete schema definitions, please refer to the schema.prisma file directly.
@@ -16,6 +17,7 @@ This rule provides a reference to the Formbricks database structure. For the mos
 Formbricks uses PostgreSQL with Prisma ORM. The schema is designed for multi-tenancy with strong data isolation between organizations.

 ### Core Hierarchy
+
 ```
 Organization
 └── Project
@@ -29,6 +31,7 @@ Organization
 ## Schema Reference

 For the complete and up-to-date database schema, please refer to:
+
 - Main schema: `packages/database/schema.prisma`
 - JSON type definitions: `packages/database/json-types.ts`

@@ -37,17 +40,22 @@ The schema.prisma file contains all model definitions, relationships, enums, and
 ## Data Access Patterns

 ### Multi-tenancy
+
 - All data is scoped by Organization
 - Environment-level isolation for surveys and contacts
 - Project-level grouping for related surveys

 ### Soft Deletion
+
 Some models use soft deletion patterns:
+
 - Check `isActive` fields where present
 - Use proper filtering in queries

 ### Cascading Deletes
+
 Configured cascade relationships:
+
 - Organization deletion cascades to all child entities
 - Survey deletion removes responses, displays, triggers
 - Contact deletion removes attributes and responses
@@ -55,6 +63,7 @@ Configured cascade relationships:
 ## Common Query Patterns

 ### Survey with Responses
+
 ```typescript
 // Include response count and latest responses
 const survey = await prisma.survey.findUnique({
@@ -62,40 +71,40 @@ const survey = await prisma.survey.findUnique({
  include: {
    responses: {
      take: 10,
-      orderBy: { createdAt: 'desc' }
+      orderBy: { createdAt: "desc" },
    },
    _count: {
-      select: { responses: true }
-    }
-  }
+      select: { responses: true },
+    },
+  },
 });
 ```

 ### Environment Scoping
+
 ```typescript
 // Always scope by environment
 const surveys = await prisma.survey.findMany({
  where: {
    environmentId: environmentId,
    // Additional filters...
-  }
+  },
 });
 ```

 ### Contact with Attributes
+
 ```typescript
 const contact = await prisma.contact.findUnique({
  where: { id: contactId },
  include: {
    attributes: {
      include: {
-        attributeKey: true
-      }
-    }
-  }
+        attributeKey: true,
+      },
+    },
+  },
 });
 ```

 This schema supports Formbricks' core functionality: multi-tenant survey management, user targeting, response collection, and analysis, all while maintaining strict data isolation and security.
-
-
--- a/.cursor/rules/documentations.mdc
+++ b/.cursor/rules/documentations.mdc
@@ -1,23 +1,28 @@
 ---
 description: Guideline for writing end-user facing documentation in the apps/docs folder
-globs: 
+globs:
 alwaysApply: false
 ---
+
 Follow these instructions and guidelines when asked to write documentation in the apps/docs folder

 Follow this structure to write the title, describtion and pick a matching icon and insert it at the top of the MDX file:

 ---
+
 title: "FEATURE NAME"
 description: "1 concise sentence to describe WHEN the feature is being used and FOR WHAT BENEFIT."
 icon: "link"
+
 ---

 - Description: 1 concise sentence to describe WHEN the feature is being used and FOR WHAT BENEFIT.
- Make ample use of the Mintlify components you can find here https://mintlify.com/docs/llms.txt
- In all Headlines, only capitalize the current feature and nothing else, to Camel Case
+- Make ample use of the Mintlify components you can find here https://mintlify.com/docs/llms.txt - e.g. if docs describe consecutive steps, always use Mintlify Step component.
+- In all Headlines, only capitalize the current feature and nothing else, to Camel Case.
+- The page should never start with H1 headline, because it's already part of the template.
+- Tonality: Keep it concise and to the point. Avoid Jargon where possible.
 - If a feature is part of the Enterprise Edition, use this note:

 <Note>
-  FEATURE NAME is part of the @Enterprise Edition. 
-</Note>
+  FEATURE NAME is part of the [Enterprise Edition](/self-hosting/advanced/license) 
+</Note>
--- a/.cursor/rules/github-actions-security.mdc
+++ b/.cursor/rules/github-actions-security.mdc
@@ -0,0 +1,232 @@
+---
+description: Security best practices and guidelines for writing GitHub Actions and workflows
+globs: .github/workflows/*.yml,.github/workflows/*.yaml,.github/actions/*/action.yml,.github/actions/*/action.yaml
+---
+
+# GitHub Actions Security Best Practices
+
+## Required Security Measures
+
+### 1. Set Minimum GITHUB_TOKEN Permissions
+
+Always explicitly set the minimum required permissions for GITHUB_TOKEN:
+
+```yaml
+permissions:
+  contents: read
+  # Only add additional permissions if absolutely necessary:
+  # pull-requests: write  # for commenting on PRs
+  # issues: write         # for creating/updating issues
+  # checks: write         # for publishing check results
+```
+
+### 2. Add Harden-Runner as First Step
+
+For **every job** on `ubuntu-latest`, add Harden-Runner as the first step:
+
+```yaml
+- name: Harden the runner
+  uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+  with:
+    egress-policy: audit # or 'block' for stricter security
+```
+
+### 3. Pin Actions to Full Commit SHA
+
+**Always** pin third-party actions to their full commit SHA, not tags:
+
+```yaml
+# ❌ BAD - uses mutable tag
+- uses: actions/checkout@v4
+
+# ✅ GOOD - pinned to immutable commit SHA
+- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+```
+
+### 4. Secure Variable Handling
+
+Prevent command injection by properly quoting variables:
+
+```yaml
+# ❌ BAD - potential command injection
+run: echo "Processing ${{ inputs.user_input }}"
+
+# ✅ GOOD - properly quoted
+env:
+  USER_INPUT: ${{ inputs.user_input }}
+run: echo "Processing ${USER_INPUT}"
+```
+
+Use `${VARIABLE}` syntax in shell scripts instead of `$VARIABLE`.
+
+### 5. Environment Variables for Secrets
+
+Store sensitive data in environment variables, not inline:
+
+```yaml
+# ❌ BAD
+run: curl -H "Authorization: Bearer ${{ secrets.TOKEN }}" api.example.com
+
+# ✅ GOOD
+env:
+  API_TOKEN: ${{ secrets.TOKEN }}
+run: curl -H "Authorization: Bearer ${API_TOKEN}" api.example.com
+```
+
+## Workflow Structure Best Practices
+
+### Required Workflow Elements
+
+```yaml
+name: "Descriptive Workflow Name"
+
+on:
+  # Define specific triggers
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+# Always set explicit permissions
+permissions:
+  contents: read
+
+jobs:
+  job-name:
+    name: "Descriptive Job Name"
+    runs-on: ubuntu-latest
+    timeout-minutes: 30 # tune per job; standardize repo-wide
+
+    # Set job-level permissions if different from workflow level
+    permissions:
+      contents: read
+
+    steps:
+      # Always start with Harden-Runner on ubuntu-latest
+      - name: Harden the runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
+      # Pin all actions to commit SHA
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+```
+
+### Input Validation for Actions
+
+For composite actions, always validate inputs:
+
+```yaml
+inputs:
+  user_input:
+    description: "User provided input"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Validate input
+      shell: bash
+      run: |
+        # Harden shell and validate input format/content before use
+        set -euo pipefail
+
+        USER_INPUT="${{ inputs.user_input }}"
+
+        if [[ ! "${USER_INPUT}" =~ ^[A-Za-z0-9._-]+$ ]]; then
+          echo "❌ Invalid input format"
+          exit 1
+        fi
+```
+
+## Docker Security in Actions
+
+### Pin Docker Images to Digests
+
+```yaml
+# ❌ BAD - mutable tag
+container: node:18
+
+# ✅ GOOD - pinned to digest
+container: node:18@sha256:a1ba21bf0c92931d02a8416f0a54daad66cb36a85d6a37b82dfe1604c4c09cad
+```
+
+## Common Patterns
+
+### Secure File Operations
+
+```yaml
+- name: Process files securely
+  shell: bash
+  env:
+    FILE_PATH: ${{ inputs.file_path }}
+  run: |
+    set -euo pipefail  # Fail on errors, undefined vars, pipe failures
+
+    # Use absolute paths and validate
+    SAFE_PATH=$(realpath "${FILE_PATH}")
+    if [[ "$SAFE_PATH" != "${GITHUB_WORKSPACE}"/* ]]; then
+      echo "❌ Path outside workspace"
+      exit 1
+    fi
+```
+
+### Artifact Handling
+
+```yaml
+- name: Upload artifacts securely
+  uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+  with:
+    name: build-artifacts
+    path: |
+      dist/
+      !dist/**/*.log  # Exclude sensitive files
+    retention-days: 30
+```
+
+### GHCR authentication for pulls/scans
+
+```yaml
+# Minimal permissions required for GHCR pulls/scans
+permissions:
+  contents: read
+  packages: read
+
+steps:
+  - name: Log in to GitHub Container Registry
+    uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+    with:
+      registry: ghcr.io
+      username: ${{ github.actor }}
+      password: ${{ secrets.GITHUB_TOKEN }}
+```
+
+## Security Checklist
+
+- [ ] Minimum GITHUB_TOKEN permissions set
+- [ ] Harden-Runner added to all ubuntu-latest jobs
+- [ ] All third-party actions pinned to commit SHA
+- [ ] Input validation implemented for custom actions
+- [ ] Variables properly quoted in shell scripts
+- [ ] Secrets stored in environment variables
+- [ ] Docker images pinned to digests (if used)
+- [ ] Error handling with `set -euo pipefail`
+- [ ] File paths validated and sanitized
+- [ ] No sensitive data in logs or outputs
+- [ ] GHCR login performed before pulls/scans (packages: read)
+- [ ] Job timeouts configured (`timeout-minutes`)
+
+## Recommended Additional Workflows
+
+Consider adding these security-focused workflows to your repository:
+
+1. **CodeQL Analysis** - Static Application Security Testing (SAST)
+2. **Dependency Review** - Scan for vulnerable dependencies in PRs
+3. **Dependabot Configuration** - Automated dependency updates
+
+## Resources
+
+- [GitHub Security Hardening Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)
+- [Step Security Harden-Runner](https://github.com/step-security/harden-runner)
+- [Secure-Repo Best Practices](https://github.com/step-security/secure-repo)
--- a/.cursor/rules/testing-patterns.mdc
+++ b/.cursor/rules/testing-patterns.mdc
@@ -90,7 +90,7 @@ When testing hooks that use React Context:
 vi.mocked(useResponseFilter).mockReturnValue({
  selectedFilter: {
    filter: [],
-    onlyComplete: false,
+    responseStatus: "all",
  },
  setSelectedFilter: vi.fn(),
  selectedOptions: {
--- a/.env.example
+++ b/.env.example
@@ -62,9 +62,6 @@ SMTP_PASSWORD=smtpPassword

 # Uncomment the variables you would like to use and customize the values.

-# Custom local storage path for file uploads
-#UPLOADS_DIR=
-
 ##############
 # S3 STORAGE #
 ##############
@@ -99,8 +96,6 @@ PASSWORD_RESET_DISABLED=1
 # Organization Invite. Disable the ability for invited users to create an account.
 # INVITE_DISABLED=1

-# Docker cron jobs. Disable the supercronic cron jobs in the Docker image (useful for cluster setups).
-# DOCKER_CRON_ENABLED=1

 ##########
 # Other  #
--- a/.eslintrc.cjs
+++ b/.eslintrc.cjs
@@ -0,0 +1,13 @@
+module.exports = {
+  root: true,
+  ignorePatterns: ["node_modules/", "dist/", "coverage/"],
+  overrides: [
+    {
+      files: ["packages/cache/**/*.{ts,js}"],
+      extends: ["@formbricks/eslint-config/library.js"],
+      parserOptions: {
+        project: "./packages/cache/tsconfig.json",
+      },
+    },
+  ],
+};
--- a/.github/actions/build-and-push-docker/action.yml
+++ b/.github/actions/build-and-push-docker/action.yml
@@ -0,0 +1,312 @@
+name: Build and Push Docker Image
+description: |
+  Unified Docker build and push action for both ECR and GHCR registries.
+
+  Supports:
+  - ECR builds for Formbricks Cloud deployment
+  - GHCR builds for community self-hosting
+  - Automatic version resolution and tagging
+  - Conditional signing and deployment tags
+
+inputs:
+  registry_type:
+    description: "Registry type: 'ecr' or 'ghcr'"
+    required: true
+
+  # Version input
+  version:
+    description: "Explicit version (SemVer only, e.g., 1.2.3). If provided, this version is used directly. If empty, version is auto-generated from branch name."
+    required: false
+  experimental_mode:
+    description: "Enable experimental timestamped versions"
+    required: false
+    default: "false"
+
+  # ECR specific inputs
+  ecr_registry:
+    description: "ECR registry URL (required for ECR builds)"
+    required: false
+  ecr_repository:
+    description: "ECR repository name (required for ECR builds)"
+    required: false
+  ecr_region:
+    description: "ECR AWS region (required for ECR builds)"
+    required: false
+  aws_role_arn:
+    description: "AWS role ARN for ECR authentication (required for ECR builds)"
+    required: false
+
+  # GHCR specific inputs
+  ghcr_image_name:
+    description: "GHCR image name (required for GHCR builds)"
+    required: false
+
+  # Deployment options
+  deploy_production:
+    description: "Tag image for production deployment"
+    required: false
+    default: "false"
+  deploy_staging:
+    description: "Tag image for staging deployment"
+    required: false
+    default: "false"
+  is_prerelease:
+    description: "Whether this is a prerelease (auto-tags for staging/production)"
+    required: false
+    default: "false"
+
+  # Build options
+  dockerfile:
+    description: "Path to Dockerfile"
+    required: false
+    default: "apps/web/Dockerfile"
+  context:
+    description: "Build context"
+    required: false
+    default: "."
+
+outputs:
+  image_tag:
+    description: "Resolved image tag used for the build"
+    value: ${{ steps.version.outputs.version }}
+  registry_tags:
+    description: "Complete registry tags that were pushed"
+    value: ${{ steps.build.outputs.tags }}
+  image_digest:
+    description: "Image digest from the build"
+    value: ${{ steps.build.outputs.digest }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Validate inputs
+      shell: bash
+      env:
+        REGISTRY_TYPE: ${{ inputs.registry_type }}
+        ECR_REGISTRY: ${{ inputs.ecr_registry }}
+        ECR_REPOSITORY: ${{ inputs.ecr_repository }}
+        ECR_REGION: ${{ inputs.ecr_region }}
+        AWS_ROLE_ARN: ${{ inputs.aws_role_arn }}
+        GHCR_IMAGE_NAME: ${{ inputs.ghcr_image_name }}
+      run: |
+        set -euo pipefail
+
+        if [[ "$REGISTRY_TYPE" != "ecr" && "$REGISTRY_TYPE" != "ghcr" ]]; then
+          echo "ERROR: registry_type must be 'ecr' or 'ghcr', got: $REGISTRY_TYPE"
+          exit 1
+        fi
+
+        if [[ "$REGISTRY_TYPE" == "ecr" ]]; then
+          if [[ -z "$ECR_REGISTRY" || -z "$ECR_REPOSITORY" || -z "$ECR_REGION" || -z "$AWS_ROLE_ARN" ]]; then
+            echo "ERROR: ECR builds require ecr_registry, ecr_repository, ecr_region, and aws_role_arn"
+            exit 1
+          fi
+        fi
+
+        if [[ "$REGISTRY_TYPE" == "ghcr" ]]; then
+          if [[ -z "$GHCR_IMAGE_NAME" ]]; then
+            echo "ERROR: GHCR builds require ghcr_image_name"
+            exit 1
+          fi
+        fi
+
+        echo "SUCCESS: Input validation passed for $REGISTRY_TYPE build"
+
+    - name: Resolve Docker version
+      id: version
+      uses: ./.github/actions/resolve-docker-version
+      with:
+        version: ${{ inputs.version }}
+        current_branch: ${{ github.ref_name }}
+        experimental_mode: ${{ inputs.experimental_mode }}
+
+    - name: Update package.json version
+      uses: ./.github/actions/update-package-version
+      with:
+        version: ${{ steps.version.outputs.version }}
+
+    - name: Configure AWS credentials (ECR only)
+      if: ${{ inputs.registry_type == 'ecr' }}
+      uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.2.0
+      with:
+        role-to-assume: ${{ inputs.aws_role_arn }}
+        aws-region: ${{ inputs.ecr_region }}
+
+    - name: Log in to Amazon ECR (ECR only)
+      if: ${{ inputs.registry_type == 'ecr' }}
+      uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+
+    - name: Set up Docker build tools
+      uses: ./.github/actions/docker-build-setup
+      with:
+        registry: ${{ inputs.registry_type == 'ghcr' && 'ghcr.io' || '' }}
+        setup_cosign: ${{ inputs.registry_type == 'ghcr' && 'true' || 'false' }}
+        skip_login_on_pr: ${{ inputs.registry_type == 'ghcr' && 'true' || 'false' }}
+
+    - name: Build ECR tag list
+      if: ${{ inputs.registry_type == 'ecr' }}
+      id: ecr-tags
+      shell: bash
+      env:
+        IMAGE_TAG: ${{ steps.version.outputs.version }}
+        ECR_REGISTRY: ${{ inputs.ecr_registry }}
+        ECR_REPOSITORY: ${{ inputs.ecr_repository }}
+        DEPLOY_PRODUCTION: ${{ inputs.deploy_production }}
+        DEPLOY_STAGING: ${{ inputs.deploy_staging }}
+        IS_PRERELEASE: ${{ inputs.is_prerelease }}
+      run: |
+        set -euo pipefail
+
+        # Start with the base image tag
+        TAGS="${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}"
+
+        # Handle automatic tagging based on release type
+        if [[ "${IS_PRERELEASE}" == "true" ]]; then
+          TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:staging"
+          echo "Adding staging tag for prerelease"
+        elif [[ "${IS_PRERELEASE}" == "false" ]]; then
+          TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:production"
+          echo "Adding production tag for stable release"
+        fi
+
+        # Handle manual deployment overrides
+        if [[ "${DEPLOY_PRODUCTION}" == "true" ]]; then
+          TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:production"
+          echo "Adding production tag (manual override)"
+        fi
+        if [[ "${DEPLOY_STAGING}" == "true" ]]; then
+          TAGS="${TAGS}\n${ECR_REGISTRY}/${ECR_REPOSITORY}:staging"
+          echo "Adding staging tag (manual override)"
+        fi
+
+        echo "ECR tags generated:"
+        echo -e "${TAGS}"
+
+        {
+          echo "tags<<EOF"
+          echo -e "${TAGS}"
+          echo "EOF"
+        } >> "${GITHUB_OUTPUT}"
+
+    - name: Generate additional GHCR tags for releases
+      if: ${{ inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'false' && (github.event_name == 'workflow_call' || github.event_name == 'release' || github.event_name == 'workflow_dispatch') }}
+      id: ghcr-extra-tags
+      shell: bash
+      env:
+        VERSION: ${{ steps.version.outputs.version }}
+        IMAGE_NAME: ${{ inputs.ghcr_image_name }}
+        IS_PRERELEASE: ${{ inputs.is_prerelease }}
+      run: |
+        set -euo pipefail
+
+        # Start with base version tag
+        TAGS="ghcr.io/${IMAGE_NAME}:${VERSION}"
+
+        # For proper SemVer releases, add major.minor and major tags
+        if [[ "${VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+          # Extract major and minor versions
+          MAJOR=$(echo "${VERSION}" | cut -d. -f1)
+          MINOR=$(echo "${VERSION}" | cut -d. -f2)
+          
+          TAGS="${TAGS}\nghcr.io/${IMAGE_NAME}:${MAJOR}.${MINOR}"
+          TAGS="${TAGS}\nghcr.io/${IMAGE_NAME}:${MAJOR}"
+          
+          echo "Added SemVer tags: ${MAJOR}.${MINOR}, ${MAJOR}"
+        fi
+
+        # Add latest tag for stable releases
+        if [[ "${IS_PRERELEASE}" == "false" ]]; then
+          TAGS="${TAGS}\nghcr.io/${IMAGE_NAME}:latest"
+          echo "Added latest tag for stable release"
+        fi
+
+        echo "Generated GHCR tags:"
+        echo -e "${TAGS}"
+
+        # Debug: Show what will be passed to Docker build
+        echo "DEBUG: Tags for Docker build step:"
+        echo -e "${TAGS}"
+
+        {
+          echo "tags<<EOF"
+          echo -e "${TAGS}"
+          echo "EOF"
+        } >> "${GITHUB_OUTPUT}"
+
+    - name: Build GHCR metadata (experimental)
+      if: ${{ inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'true' }}
+      id: ghcr-meta-experimental
+      uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+      with:
+        images: ghcr.io/${{ inputs.ghcr_image_name }}
+        tags: |
+          type=ref,event=branch
+          type=raw,value=${{ steps.version.outputs.version }}
+
+    - name: Debug Docker build tags
+      shell: bash
+      run: |
+        echo "=== DEBUG: Docker Build Configuration ==="
+        echo "Registry Type: ${{ inputs.registry_type }}"
+        echo "Experimental Mode: ${{ inputs.experimental_mode }}"
+        echo "Event Name: ${{ github.event_name }}"
+        echo "Is Prerelease: ${{ inputs.is_prerelease }}"
+        echo "Version: ${{ steps.version.outputs.version }}"
+
+        if [[ "${{ inputs.registry_type }}" == "ecr" ]]; then
+          echo "ECR Tags: ${{ steps.ecr-tags.outputs.tags }}"
+        elif [[ "${{ inputs.experimental_mode }}" == "true" ]]; then
+          echo "GHCR Experimental Tags: ${{ steps.ghcr-meta-experimental.outputs.tags }}"
+        else
+          echo "GHCR Extra Tags: ${{ steps.ghcr-extra-tags.outputs.tags }}"
+        fi
+
+    - name: Build and push Docker image
+      id: build
+      uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
+      with:
+        project: tw0fqmsx3c
+        token: ${{ env.DEPOT_PROJECT_TOKEN }}
+        context: ${{ inputs.context }}
+        file: ${{ inputs.dockerfile }}
+        platforms: linux/amd64,linux/arm64
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ inputs.registry_type == 'ecr' && steps.ecr-tags.outputs.tags || (inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'true' && steps.ghcr-meta-experimental.outputs.tags) || (inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'false' && steps.ghcr-extra-tags.outputs.tags) || (inputs.registry_type == 'ghcr' && format('ghcr.io/{0}:{1}', inputs.ghcr_image_name, steps.version.outputs.version)) || (inputs.registry_type == 'ecr' && format('{0}/{1}:{2}', inputs.ecr_registry, inputs.ecr_repository, steps.version.outputs.version)) }}
+        labels: ${{ inputs.registry_type == 'ghcr' && inputs.experimental_mode == 'true' && steps.ghcr-meta-experimental.outputs.labels || '' }}
+        secrets: |
+          database_url=${{ env.DUMMY_DATABASE_URL }}
+          encryption_key=${{ env.DUMMY_ENCRYPTION_KEY }}
+          redis_url=${{ env.DUMMY_REDIS_URL }}
+          sentry_auth_token=${{ env.SENTRY_AUTH_TOKEN }}
+      env:
+        DEPOT_PROJECT_TOKEN: ${{ env.DEPOT_PROJECT_TOKEN }}
+        DUMMY_DATABASE_URL: ${{ env.DUMMY_DATABASE_URL }}
+        DUMMY_ENCRYPTION_KEY: ${{ env.DUMMY_ENCRYPTION_KEY }}
+        DUMMY_REDIS_URL: ${{ env.DUMMY_REDIS_URL }}
+        SENTRY_AUTH_TOKEN: ${{ env.SENTRY_AUTH_TOKEN }}
+
+    - name: Sign GHCR image (GHCR only)
+      if: ${{ inputs.registry_type == 'ghcr' && (github.event_name == 'workflow_call' || github.event_name == 'release' || github.event_name == 'workflow_dispatch') }}
+      shell: bash
+      env:
+        TAGS: ${{ inputs.experimental_mode == 'true' && steps.ghcr-meta-experimental.outputs.tags || steps.ghcr-extra-tags.outputs.tags }}
+        DIGEST: ${{ steps.build.outputs.digest }}
+      run: |
+        set -euo pipefail
+        echo "${TAGS}" | xargs -I {} cosign sign --yes "{}@${DIGEST}"
+
+    - name: Output build summary
+      shell: bash
+      env:
+        REGISTRY_TYPE: ${{ inputs.registry_type }}
+        IMAGE_TAG: ${{ steps.version.outputs.version }}
+        VERSION_SOURCE: ${{ steps.version.outputs.source }}
+      run: |
+        echo "SUCCESS: Built and pushed Docker image to $REGISTRY_TYPE"
+        echo "Image Tag: $IMAGE_TAG (source: $VERSION_SOURCE)"
+        if [[ "$REGISTRY_TYPE" == "ecr" ]]; then
+          echo "ECR Registry: ${{ inputs.ecr_registry }}"
+          echo "ECR Repository: ${{ inputs.ecr_repository }}"
+        else
+          echo "GHCR Image: ghcr.io/${{ inputs.ghcr_image_name }}"
+        fi
--- a/.github/actions/cache-build-web/action.yml
+++ b/.github/actions/cache-build-web/action.yml
@@ -62,10 +62,12 @@ runs:
      shell: bash

    - name: Fill ENCRYPTION_KEY, ENTERPRISE_LICENSE_KEY and E2E_TESTING in .env
+      env:
+        E2E_TESTING_MODE: ${{ inputs.e2e_testing_mode }}
      run: |
        RANDOM_KEY=$(openssl rand -hex 32)
        sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=${RANDOM_KEY}/" .env
-        echo "E2E_TESTING=${{ inputs.e2e_testing_mode }}" >> .env
+        echo "E2E_TESTING=$E2E_TESTING_MODE" >> .env
      shell: bash

    - run: |
--- a/.github/actions/docker-build-setup/action.yml
+++ b/.github/actions/docker-build-setup/action.yml
@@ -0,0 +1,106 @@
+name: Docker Build Setup
+description: |
+  Sets up common Docker build tools and authentication with security validation.
+
+  Security Features:
+  - Registry URL validation
+  - Input sanitization
+  - Conditional setup based on event type
+  - Post-setup verification
+
+  Supports Depot CLI, Cosign signing, and Docker registry authentication.
+
+inputs:
+  registry:
+    description: "Docker registry hostname to login to (e.g., ghcr.io, registry.example.com:5000). No paths allowed."
+    required: false
+    default: "ghcr.io"
+  setup_cosign:
+    description: "Whether to install cosign for image signing"
+    required: false
+    default: "true"
+  skip_login_on_pr:
+    description: "Whether to skip registry login on pull requests"
+    required: false
+    default: "true"
+
+runs:
+  using: "composite"
+  steps:
+    - name: Validate inputs
+      shell: bash
+      env:
+        REGISTRY: ${{ inputs.registry }}
+        SETUP_COSIGN: ${{ inputs.setup_cosign }}
+        SKIP_LOGIN_ON_PR: ${{ inputs.skip_login_on_pr }}
+      run: |
+        set -euo pipefail
+
+        # Security: Validate registry input - must be hostname[:port] only, no paths
+        # Allow empty registry for cases where login is handled externally (e.g., ECR)
+        if [[ -n "$REGISTRY" ]]; then
+          if [[ "$REGISTRY" =~ / ]]; then
+            echo "ERROR: Invalid registry format: $REGISTRY"
+            echo "Registry must be host[:port] with no path (e.g., 'ghcr.io' or 'registry.example.com:5000')"
+            echo "Path components like 'ghcr.io/org' are not allowed as they break docker login"
+            exit 1
+          fi
+
+          # Validate hostname with optional port format
+          if [[ ! "$REGISTRY" =~ ^[a-zA-Z0-9.-]+(\:[0-9]+)?$ ]]; then
+            echo "ERROR: Invalid registry hostname format: $REGISTRY"
+            echo "Registry must be a valid hostname optionally with port (e.g., 'ghcr.io' or 'registry.example.com:5000')"
+            exit 1
+          fi
+        fi
+
+        # Validate boolean inputs
+        if [[ "$SETUP_COSIGN" != "true" && "$SETUP_COSIGN" != "false" ]]; then
+          echo "ERROR: setup_cosign must be 'true' or 'false', got: $SETUP_COSIGN"
+          exit 1
+        fi
+
+        if [[ "$SKIP_LOGIN_ON_PR" != "true" && "$SKIP_LOGIN_ON_PR" != "false" ]]; then
+          echo "ERROR: skip_login_on_pr must be 'true' or 'false', got: $SKIP_LOGIN_ON_PR"
+          exit 1
+        fi
+
+        echo "SUCCESS: Input validation passed"
+
+    - name: Set up Depot CLI
+      uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
+
+    - name: Install cosign
+      # Install cosign when requested AND when we might actually sign images
+      # (i.e., non-PR contexts or when we login on PRs)
+      if: ${{ inputs.setup_cosign == 'true' && (inputs.skip_login_on_pr == 'false' || github.event_name != 'pull_request') }}
+      uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
+
+    - name: Log into registry
+      if: ${{ inputs.registry != '' && (inputs.skip_login_on_pr == 'false' || github.event_name != 'pull_request') }}
+      uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ github.actor }}
+        password: ${{ github.token }}
+
+    - name: Verify setup completion
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        # Verify Depot CLI is available
+        if ! command -v depot >/dev/null 2>&1; then
+          echo "ERROR: Depot CLI not found in PATH"
+          exit 1
+        fi
+
+        # Verify cosign if it should be installed (same conditions as install step)
+        if [[ "${{ inputs.setup_cosign }}" == "true" ]] && [[ "${{ inputs.skip_login_on_pr }}" == "false" || "${{ github.event_name }}" != "pull_request" ]]; then
+          if ! command -v cosign >/dev/null 2>&1; then
+            echo "ERROR: Cosign not found in PATH despite being requested"
+            exit 1
+          fi
+        fi
+
+        echo "SUCCESS: Docker build setup completed successfully"
--- a/.github/actions/resolve-docker-version/action.yml
+++ b/.github/actions/resolve-docker-version/action.yml
@@ -0,0 +1,192 @@
+name: Resolve Docker Version
+description: |
+  Resolves and validates Docker-compatible SemVer versions for container builds with comprehensive security.
+
+  Security Features:
+  - Command injection protection
+  - Input sanitization and validation
+  - Docker tag character restrictions
+  - Length limits and boundary checks
+  - Safe branch name handling
+
+  Supports multiple modes: release, manual override, branch auto-detection, and experimental timestamped versions.
+
+inputs:
+  version:
+    description: "Explicit version (SemVer only, e.g., 1.2.3-beta). If provided, this version is used directly. If empty, version is auto-generated from branch name."
+    required: false
+  current_branch:
+    description: "Current branch name for auto-detection"
+    required: true
+  experimental_mode:
+    description: "Enable experimental mode with timestamp-based versions"
+    required: false
+    default: "false"
+
+outputs:
+  version:
+    description: "Resolved Docker-compatible SemVer version"
+    value: ${{ steps.resolve.outputs.version }}
+  source:
+    description: "Source of version (release|override|branch)"
+    value: ${{ steps.resolve.outputs.source }}
+  normalized:
+    description: "Whether the version was normalized (true/false)"
+    value: ${{ steps.resolve.outputs.normalized }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Resolve and validate Docker version
+      id: resolve
+      shell: bash
+      env:
+        EXPLICIT_VERSION: ${{ inputs.version }}
+        CURRENT_BRANCH: ${{ inputs.current_branch }}
+        EXPERIMENTAL_MODE: ${{ inputs.experimental_mode }}
+      run: |
+        set -euo pipefail
+
+        # Function to validate SemVer format (Docker-compatible, no '+' build metadata)
+        validate_semver() {
+          local version="$1"
+          local context="$2"
+          
+          if [[ ! "$version" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then
+            echo "ERROR: Invalid $context format. Must be semver without build metadata (e.g., 1.2.3, 1.2.3-alpha)"
+            echo "Provided: $version"
+            echo "Note: Docker tags cannot contain '+' characters. Use prerelease identifiers instead."
+            exit 1
+          fi
+        }
+
+        # Function to generate branch-based version
+        generate_branch_version() {
+          local branch="$1"
+          local use_timestamp="${2:-true}"
+          local timestamp
+          
+          if [[ "$use_timestamp" == "true" ]]; then
+            timestamp=$(date +%s)
+          else
+            timestamp=""
+          fi
+          
+          # Sanitize branch name for Docker compatibility
+          local sanitized_branch=$(echo "$branch" | sed 's/[^a-zA-Z0-9.-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
+          
+          # Additional safety: truncate if too long (reserve space for prefix and timestamp)
+          if (( ${#sanitized_branch} > 80 )); then
+            sanitized_branch="${sanitized_branch:0:80}"
+            echo "INFO: Branch name truncated for Docker compatibility" >&2
+          fi
+          local version
+          
+          # Generate version based on branch name (unified approach)
+          # All branches get alpha versions with sanitized branch name
+          if [[ -n "$timestamp" ]]; then
+            version="0.0.0-alpha-$sanitized_branch-$timestamp"
+            echo "INFO: Branch '$branch' detected - alpha version: $version" >&2
+          else
+            version="0.0.0-alpha-$sanitized_branch"
+            echo "INFO: Branch '$branch' detected - alpha version: $version" >&2
+          fi
+          
+          echo "$version"
+        }
+
+
+        # Input validation and sanitization
+        if [[ -z "$CURRENT_BRANCH" ]]; then
+          echo "ERROR: current_branch input is required"
+          exit 1
+        fi
+
+        # Security: Validate inputs to prevent command injection
+        # Use grep to check for dangerous characters (more reliable than bash regex)
+        validate_input() {
+          local input="$1"
+          local name="$2"
+          
+          # Check for dangerous characters using grep
+          if echo "$input" | grep -q '[;|&`$(){}\\[:space:]]'; then
+            echo "ERROR: $name contains potentially dangerous characters: $input"
+            echo "Input should only contain letters, numbers, hyphens, underscores, dots, and forward slashes"
+            return 1
+          fi
+          
+          return 0
+        }
+
+        # Validate current branch
+        if ! validate_input "$CURRENT_BRANCH" "Branch name"; then
+          exit 1
+        fi
+
+        # Validate explicit version if provided
+        if [[ -n "$EXPLICIT_VERSION" ]] && ! validate_input "$EXPLICIT_VERSION" "Explicit version"; then
+          exit 1
+        fi
+
+        # Main resolution logic (ultra-simplified)
+        NORMALIZED="false"
+
+        if [[ -n "$EXPLICIT_VERSION" ]]; then
+          # Use provided explicit version (from either workflow_call or manual input)
+          validate_semver "$EXPLICIT_VERSION" "explicit version"
+          
+          # Normalize to lowercase for Docker/ECR compatibility
+          RESOLVED_VERSION="${EXPLICIT_VERSION,,}"
+          if [[ "$EXPLICIT_VERSION" != "$RESOLVED_VERSION" ]]; then
+            NORMALIZED="true"
+            echo "INFO: Original version contained uppercase characters, normalized: $EXPLICIT_VERSION -> $RESOLVED_VERSION"
+          fi
+          
+          SOURCE="explicit"
+          echo "INFO: Using explicit version: $RESOLVED_VERSION"
+          
+        else
+          # Auto-generate version from branch name
+          if [[ "$EXPERIMENTAL_MODE" == "true" ]]; then
+            # Use timestamped version generation
+            echo "INFO: Experimental mode: generating timestamped version from branch: $CURRENT_BRANCH"
+            RESOLVED_VERSION=$(generate_branch_version "$CURRENT_BRANCH" "true")
+            SOURCE="experimental"
+          else
+            # Standard branch version (no timestamp)
+            echo "INFO: Auto-detecting version from branch: $CURRENT_BRANCH"
+            RESOLVED_VERSION=$(generate_branch_version "$CURRENT_BRANCH" "false")
+            SOURCE="branch"
+          fi
+          echo "Generated version: $RESOLVED_VERSION"
+        fi
+
+        # Final validation - ensure result is valid Docker tag
+        if [[ -z "$RESOLVED_VERSION" ]]; then
+          echo "ERROR: Failed to resolve version"
+          exit 1
+        fi
+
+        if (( ${#RESOLVED_VERSION} > 128 )); then
+          echo "ERROR: Version must be at most 128 characters (Docker limitation)"
+          echo "Generated version: $RESOLVED_VERSION (${#RESOLVED_VERSION} chars)"
+          exit 1
+        fi
+
+        if [[ ! "$RESOLVED_VERSION" =~ ^[a-z0-9._-]+$ ]]; then
+          echo "ERROR: Version contains invalid characters for Docker tags"
+          echo "Version: $RESOLVED_VERSION"
+          exit 1
+        fi
+
+        if [[ "$RESOLVED_VERSION" =~ ^[.-] || "$RESOLVED_VERSION" =~ [.-]$ ]]; then
+          echo "ERROR: Version must not start or end with '.' or '-'"
+          echo "Version: $RESOLVED_VERSION"
+          exit 1
+        fi
+
+        # Output results
+        echo "SUCCESS: Resolved Docker version: $RESOLVED_VERSION (source: $SOURCE)"
+        echo "version=$RESOLVED_VERSION" >> $GITHUB_OUTPUT
+        echo "source=$SOURCE" >> $GITHUB_OUTPUT
+        echo "normalized=$NORMALIZED" >> $GITHUB_OUTPUT
--- a/.github/actions/update-package-version/action.yml
+++ b/.github/actions/update-package-version/action.yml
@@ -0,0 +1,160 @@
+name: Update Package Version
+description: |
+  Safely updates package.json version with comprehensive validation and atomic operations.
+
+  Security Features:
+  - Path traversal protection
+  - SemVer validation with length limits
+  - Atomic file operations with backup/recovery
+  - JSON validation before applying changes
+
+  This action is designed to be secure by default and prevent common attack vectors.
+
+inputs:
+  version:
+    description: "Version to set in package.json (must be valid SemVer)"
+    required: true
+  package_path:
+    description: "Path to package.json file"
+    required: false
+    default: "./apps/web/package.json"
+
+outputs:
+  updated_version:
+    description: "The version that was actually set in package.json"
+    value: ${{ steps.update.outputs.updated_version }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Update and verify package.json version
+      id: update
+      shell: bash
+      env:
+        VERSION: ${{ inputs.version }}
+        PACKAGE_PATH: ${{ inputs.package_path }}
+      run: |
+        set -euo pipefail
+
+        # Validate inputs
+        if [[ -z "$VERSION" ]]; then
+          echo "ERROR: version input is required"
+          exit 1
+        fi
+
+        # Security: Validate package_path to prevent path traversal attacks
+        # Only allow paths within the workspace and must end with package.json
+        if [[ "$PACKAGE_PATH" =~ \.\./|^/|^~ ]]; then
+          echo "ERROR: Invalid package path - path traversal detected: $PACKAGE_PATH"
+          echo "Package path must be relative to workspace root and cannot contain '../', start with '/', or '~'"
+          exit 1
+        fi
+
+        if [[ ! "$PACKAGE_PATH" =~ package\.json$ ]]; then
+          echo "ERROR: Package path must end with 'package.json': $PACKAGE_PATH"
+          exit 1
+        fi
+
+        # Resolve to absolute path within workspace for additional security
+        WORKSPACE_ROOT="${GITHUB_WORKSPACE:-$(pwd)}"
+
+        # Use realpath to resolve both paths and handle symlinks properly
+        WORKSPACE_ROOT=$(realpath "$WORKSPACE_ROOT")
+        RESOLVED_PATH=$(realpath "${WORKSPACE_ROOT}/${PACKAGE_PATH}")
+
+        # Ensure WORKSPACE_ROOT has a trailing slash for proper prefix matching
+        WORKSPACE_ROOT="${WORKSPACE_ROOT}/"
+
+        # Use shell string matching to ensure RESOLVED_PATH is within workspace
+        # This is more secure than regex and handles edge cases properly
+        if [[ "$RESOLVED_PATH" != "$WORKSPACE_ROOT"* ]]; then
+          echo "ERROR: Resolved path is outside workspace: $RESOLVED_PATH"
+          echo "Workspace root: $WORKSPACE_ROOT"
+          exit 1
+        fi
+
+        if [[ ! -f "$RESOLVED_PATH" ]]; then
+          echo "ERROR: package.json not found at: $RESOLVED_PATH"
+          exit 1
+        fi
+
+        # Use resolved path for operations
+        PACKAGE_PATH="$RESOLVED_PATH"
+
+        # Validate SemVer format with additional security checks
+        if [[ ${#VERSION} -gt 128 ]]; then
+          echo "ERROR: Version string too long (${#VERSION} chars, max 128): $VERSION"
+          exit 1
+        fi
+
+        if [[ ! "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then
+          echo "ERROR: Invalid SemVer format: $VERSION"
+          echo "Expected format: MAJOR.MINOR.PATCH[-PRERELEASE]"
+          echo "Only alphanumeric characters, dots, and hyphens allowed in prerelease"
+          exit 1
+        fi
+
+        # Additional validation: Check for reasonable version component sizes
+        # Extract base version (MAJOR.MINOR.PATCH) without prerelease/build metadata
+        if [[ "$VERSION" =~ ^([0-9]+\.[0-9]+\.[0-9]+) ]]; then
+          BASE_VERSION="${BASH_REMATCH[1]}"
+        else
+          echo "ERROR: Could not extract base version from: $VERSION"
+          exit 1
+        fi
+
+        # Split version components safely
+        IFS='.' read -ra VERSION_PARTS <<< "$BASE_VERSION"
+
+        # Validate component sizes (should have exactly 3 parts due to regex above)
+        if (( ${VERSION_PARTS[0]} > 999 || ${VERSION_PARTS[1]} > 999 || ${VERSION_PARTS[2]} > 999 )); then
+          echo "ERROR: Version components too large (max 999 each): $VERSION"
+          echo "Components: ${VERSION_PARTS[0]}.${VERSION_PARTS[1]}.${VERSION_PARTS[2]}"
+          exit 1
+        fi
+
+        echo "Updating package.json version to: $VERSION"
+
+        # Create backup for atomic operations
+        BACKUP_PATH="${PACKAGE_PATH}.backup.$$"
+        cp "$PACKAGE_PATH" "$BACKUP_PATH"
+
+        # Use jq to safely update the version field with error handling
+        if ! jq --arg version "$VERSION" '.version = $version' "$PACKAGE_PATH" > "${PACKAGE_PATH}.tmp"; then
+          echo "ERROR: jq failed to process package.json"
+          rm -f "${PACKAGE_PATH}.tmp" "$BACKUP_PATH"
+          exit 1
+        fi
+
+        # Validate the generated JSON before applying changes
+        if ! jq empty "${PACKAGE_PATH}.tmp" 2>/dev/null; then
+          echo "ERROR: Generated invalid JSON"
+          rm -f "${PACKAGE_PATH}.tmp" "$BACKUP_PATH"
+          exit 1
+        fi
+
+        # Atomic move operation
+        if ! mv "${PACKAGE_PATH}.tmp" "$PACKAGE_PATH"; then
+          echo "ERROR: Failed to update package.json"
+          # Restore backup
+          mv "$BACKUP_PATH" "$PACKAGE_PATH"
+          exit 1
+        fi
+
+        # Verify the update was successful
+        UPDATED_VERSION=$(jq -r '.version' "$PACKAGE_PATH" 2>/dev/null)
+
+        if [[ "$UPDATED_VERSION" != "$VERSION" ]]; then
+          echo "ERROR: Version update failed!"
+          echo "Expected: $VERSION"
+          echo "Actual: $UPDATED_VERSION"
+          # Restore backup
+          mv "$BACKUP_PATH" "$PACKAGE_PATH"
+          exit 1
+        fi
+
+        # Clean up backup on success
+        rm -f "$BACKUP_PATH"
+
+        echo "SUCCESS: Updated package.json version to: $UPDATED_VERSION"
+        echo "updated_version=$UPDATED_VERSION" >> $GITHUB_OUTPUT
--- a/.github/actions/upload-sentry-sourcemaps/action.yml
+++ b/.github/actions/upload-sentry-sourcemaps/action.yml
@@ -1,125 +0,0 @@
-name: 'Upload Sentry Sourcemaps'
-description: 'Extract sourcemaps from Docker image and upload to Sentry'
-
-inputs:
-  docker_image:
-    description: 'Docker image to extract sourcemaps from'
-    required: true
-  release_version:
-    description: 'Sentry release version (e.g., v1.2.3)'
-    required: true
-  sentry_auth_token:
-    description: 'Sentry authentication token'
-    required: true
-  environment:
-    description: 'Sentry environment (e.g., production, staging)'
-    required: false
-    default: 'staging'
-
-runs:
-  using: 'composite'
-  steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
-
-    - name: Validate Sentry auth token
-      shell: bash
-      run: |
-        set -euo pipefail
-        echo "🔐 Validating Sentry authentication token..."
-
-        # Assign token to local variable for secure handling
-        SENTRY_TOKEN="${{ inputs.sentry_auth_token }}"
-
-        # Test the token by making a simple API call to Sentry
-        response=$(curl -s -w "%{http_code}" -o /tmp/sentry_response.json \
-          -H "Authorization: Bearer $SENTRY_TOKEN" \
-          "https://sentry.io/api/0/organizations/formbricks/")
-
-        http_code=$(echo "$response" | tail -n1)
-
-        if [ "$http_code" != "200" ]; then
-          echo "❌ Error: Invalid Sentry auth token (HTTP $http_code)"
-          echo "Please check your SENTRY_AUTH_TOKEN is correct and has the necessary permissions."
-          if [ -f /tmp/sentry_response.json ]; then
-            echo "Response body:"
-            cat /tmp/sentry_response.json
-          fi
-          exit 1
-        fi
-
-        echo "✅ Sentry auth token validated successfully"
-
-        # Clean up temp file
-        rm -f /tmp/sentry_response.json
-
-    - name: Extract sourcemaps from Docker image
-      shell: bash
-      run: |
-        set -euo pipefail
-        echo "📦 Extracting sourcemaps from Docker image: ${{ inputs.docker_image }}"
-
-        # Create temporary container from the image and capture its ID
-        echo "Creating temporary container..."
-        CONTAINER_ID=$(docker create "${{ inputs.docker_image }}")
-        echo "Container created with ID: $CONTAINER_ID"
-
-        # Set up cleanup function to ensure container is removed on script exit
-        cleanup_container() {
-          # Capture the current exit code to preserve it
-          local original_exit_code=$?
-          
-          echo "🧹 Cleaning up Docker container..."
-          
-          # Remove the container if it exists (ignore errors if already removed)
-          if [ -n "$CONTAINER_ID" ]; then
-            docker rm -f "$CONTAINER_ID" 2>/dev/null || true
-            echo "Container $CONTAINER_ID removed"
-          fi
-          
-          # Exit with the original exit code to preserve script success/failure status
-          exit $original_exit_code
-        }
-        
-        # Register cleanup function to run on script exit (success or failure)
-        trap cleanup_container EXIT
-
-        # Extract .next directory containing sourcemaps
-        docker cp "$CONTAINER_ID:/home/nextjs/apps/web/.next" ./extracted-next
-
-        # Verify sourcemaps exist
-        if [ ! -d "./extracted-next/static/chunks" ]; then
-          echo "❌ Error: .next/static/chunks directory not found in Docker image"
-          echo "Expected structure: /home/nextjs/apps/web/.next/static/chunks/"
-          exit 1
-        fi
-
-        sourcemap_count=$(find ./extracted-next/static/chunks -name "*.map" | wc -l)
-        echo "✅ Found $sourcemap_count sourcemap files"
-
-        if [ "$sourcemap_count" -eq 0 ]; then
-          echo "❌ Error: No sourcemap files found. Check that productionBrowserSourceMaps is enabled."
-          exit 1
-        fi
-
-    - name: Create Sentry release and upload sourcemaps
-      uses: getsentry/action-release@v3
-      env:
-        SENTRY_AUTH_TOKEN: ${{ inputs.sentry_auth_token }}
-        SENTRY_ORG: formbricks
-        SENTRY_PROJECT: formbricks-cloud
-      with:
-        environment: ${{ inputs.environment }}
-        version: ${{ inputs.release_version }}
-        sourcemaps: './extracted-next/'
-
-    - name: Clean up extracted files
-      shell: bash
-      if: always()
-      run: |
-        set -euo pipefail
-        # Clean up extracted files
-        rm -rf ./extracted-next
-        echo "🧹 Cleaned up extracted files"
--- a/.github/workflows/apply-issue-labels-to-pr.yml
+++ b/.github/workflows/apply-issue-labels-to-pr.yml
@@ -1,82 +0,0 @@
-name: "Apply issue labels to PR"
-
-on:
-  pull_request_target:
-    types:
-      - opened
-
-permissions:
-  contents: read
-
-jobs:
-  label_on_pr:
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: none
-      issues: read
-      pull-requests: write
-
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
-      - name: Apply labels from linked issue to PR
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            async function getLinkedIssues(owner, repo, prNumber) {
-              const query = `query GetLinkedIssues($owner: String!, $repo: String!, $prNumber: Int!) {
-                repository(owner: $owner, name: $repo) {
-                  pullRequest(number: $prNumber) {
-                    closingIssuesReferences(first: 10) {
-                      nodes {
-                        number
-                        labels(first: 10) {
-                          nodes {
-                            name
-                          }
-                        }
-                      }
-                    }
-                  }
-                }
-              }`;
-
-              const variables = {
-                owner: owner,
-                repo: repo,
-                prNumber: prNumber,
-              };
-
-              const result = await github.graphql(query, variables);
-              return result.repository.pullRequest.closingIssuesReferences.nodes;
-            }
-
-            const pr = context.payload.pull_request;
-            const linkedIssues = await getLinkedIssues(
-              context.repo.owner,
-              context.repo.repo,
-              pr.number
-            );
-
-            const labelsToAdd = new Set();
-            for (const issue of linkedIssues) {
-              if (issue.labels && issue.labels.nodes) {
-                for (const label of issue.labels.nodes) {
-                  labelsToAdd.add(label.name);
-                }
-              }
-            }
-
-            if (labelsToAdd.size) {
-              await github.rest.issues.addLabels({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: pr.number,
-                labels: Array.from(labelsToAdd),
-              });
-            }
--- a/.github/workflows/build-and-push-ecr.yml
+++ b/.github/workflows/build-and-push-ecr.yml
@@ -0,0 +1,88 @@
+name: Build Cloud Deployment Images
+
+# This workflow builds Formbricks Docker images for ECR deployment:
+# - workflow_call: Used by releases with explicit SemVer versions
+# - workflow_dispatch: Auto-detects version from current branch or uses override
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_override:
+        description: "Override version (SemVer only, e.g., 1.2.3). Leave empty to auto-detect from branch."
+        required: false
+        type: string
+      deploy_production:
+        description: "Tag image for production deployment"
+        required: false
+        default: false
+        type: boolean
+      deploy_staging:
+        description: "Tag image for staging deployment"
+        required: false
+        default: false
+        type: boolean
+  workflow_call:
+    inputs:
+      image_tag:
+        description: "Image tag to push (required for workflow_call)"
+        required: true
+        type: string
+      IS_PRERELEASE:
+        description: "Whether this is a prerelease (auto-tags for staging/production)"
+        required: false
+        type: boolean
+        default: false
+    outputs:
+      IMAGE_TAG:
+        description: "Normalized image tag used for the build"
+        value: ${{ jobs.build-and-push.outputs.IMAGE_TAG }}
+      TAGS:
+        description: "Newline-separated list of ECR tags pushed"
+        value: ${{ jobs.build-and-push.outputs.TAGS }}
+
+permissions:
+  contents: read
+  id-token: write
+
+env:
+  ECR_REGION: ${{ vars.ECR_REGION }}
+  # ECR settings are sourced from repository/environment variables for portability across envs/forks
+  ECR_REGISTRY: ${{ vars.ECR_REGISTRY }}
+  ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
+
+jobs:
+  build-and-push:
+    name: Build and Push
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    outputs:
+      IMAGE_TAG: ${{ steps.build.outputs.image_tag }}
+      TAGS: ${{ steps.build.outputs.registry_tags }}
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Build and push cloud deployment image
+        id: build
+        uses: ./.github/actions/build-and-push-docker
+        with:
+          registry_type: "ecr"
+          ecr_registry: ${{ env.ECR_REGISTRY }}
+          ecr_repository: ${{ env.ECR_REPOSITORY }}
+          ecr_region: ${{ env.ECR_REGION }}
+          aws_role_arn: ${{ secrets.AWS_ECR_PUSH_ROLE_ARN }}
+          version: ${{ inputs.version_override || inputs.image_tag }}
+          deploy_production: ${{ inputs.deploy_production }}
+          deploy_staging: ${{ inputs.deploy_staging }}
+          is_prerelease: ${{ inputs.IS_PRERELEASE }}
+        env:
+          DEPOT_PROJECT_TOKEN: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          DUMMY_DATABASE_URL: ${{ secrets.DUMMY_DATABASE_URL }}
+          DUMMY_ENCRYPTION_KEY: ${{ secrets.DUMMY_ENCRYPTION_KEY }}
+          DUMMY_REDIS_URL: ${{ secrets.DUMMY_REDIS_URL }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@@ -6,12 +6,14 @@ on:
      - main
  workflow_dispatch:

+permissions:
+  contents: read
+
 jobs:
  chromatic:
    name: Run Chromatic
    runs-on: ubuntu-latest
    permissions:
-      contents: read
      packages: write
      id-token: write
      actions: read
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -1,27 +0,0 @@
-# Dependency Review Action
-#
-# This Action will scan dependency manifest files that change as part of a Pull Request,
-# surfacing known-vulnerable versions of the packages declared or updated in the PR.
-# Once installed, if the workflow run is marked as required,
-# PRs introducing known-vulnerable packages will be blocked from merging.
-#
-# Source repository: https://github.com/actions/dependency-review-action
-name: 'Dependency Review'
-on: [pull_request]
-
-permissions:
-  contents: read
-
-jobs:
-  dependency-review:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
-      - name: 'Checkout Repository'
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@38ecb5b593bf0eb19e335c03f97670f792489a8b # v4.7.0
--- a/.github/workflows/deploy-formbricks-cloud.yml
+++ b/.github/workflows/deploy-formbricks-cloud.yml
@@ -4,7 +4,7 @@ on:
  workflow_dispatch:
    inputs:
      VERSION:
-        description: "The version of the Docker image to release, full image tag if image tag is v0.0.0 enter v0.0.0."
+        description: "The version of the Docker image to release (clean SemVer, e.g., 1.2.3)"
        required: true
        type: string
      REPOSITORY:
@@ -37,17 +37,22 @@ on:

 permissions:
  id-token: write
-  contents: write
+  contents: read

 jobs:
  helmfile-deploy:
    runs-on: ubuntu-latest
    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
      - name: Checkout
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Tailscale
-        uses: tailscale/github-action@v3
+        uses: tailscale/github-action@84a3f23bb4d843bcf4da6cf824ec1be473daf4de # v3.2.3
        with:
          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
@@ -66,7 +71,7 @@ jobs:
        env:
          AWS_REGION: eu-central-1

-      - uses: helmfile/helmfile-action@v2
+      - uses: helmfile/helmfile-action@712000e3d4e28c72778ecc53857746082f555ef3 # v2.0.4
        name: Deploy Formbricks Cloud Production
        if: inputs.ENVIRONMENT == 'production'
        env:
@@ -84,7 +89,7 @@ jobs:
          helmfile-auto-init: "false"
          helmfile-workdirectory: infra/formbricks-cloud-helm

-      - uses: helmfile/helmfile-action@v2
+      - uses: helmfile/helmfile-action@712000e3d4e28c72778ecc53857746082f555ef3 # v2.0.4
        name: Deploy Formbricks Cloud Staging
        if: inputs.ENVIRONMENT == 'staging'
        env:
@@ -106,15 +111,16 @@ jobs:
        env:
          CF_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
          CF_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          ENVIRONMENT: ${{ inputs.ENVIRONMENT }}
        run: |
          # Set hostname based on environment
-          if [[ "${{ inputs.ENVIRONMENT }}" == "production" ]]; then
+          if [[ "$ENVIRONMENT" == "production" ]]; then
            PURGE_HOST="app.formbricks.com"
          else
            PURGE_HOST="stage.app.formbricks.com"
          fi

-          echo "Purging Cloudflare cache for host: $PURGE_HOST (environment: ${{ inputs.ENVIRONMENT }}, zone: $CF_ZONE_ID)"
+          echo "Purging Cloudflare cache for host: $PURGE_HOST (environment: $ENVIRONMENT, zone: $CF_ZONE_ID)"

          # Prepare JSON payload for selective cache purge
          json_payload=$(cat << EOF
--- a/.github/workflows/docker-build-validation.yml
+++ b/.github/workflows/docker-build-validation.yml
@@ -21,10 +21,10 @@ jobs:
    name: Validate Docker Build
    runs-on: ubuntu-latest

-    # Add PostgreSQL service container
+    # Add PostgreSQL and Redis service containers
    services:
      postgres:
-        image: pgvector/pgvector:pg17
+        image: pgvector/pgvector@sha256:9ae02a756ba16a2d69dd78058e25915e36e189bb36ddf01ceae86390d7ed786a
        env:
          POSTGRES_USER: test
          POSTGRES_PASSWORD: test
@@ -38,43 +38,98 @@ jobs:
          --health-timeout 5s
          --health-retries 5

+      redis:
+        image: valkey/valkey@sha256:12ba4f45a7c3e1d0f076acd616cb230834e75a77e8516dde382720af32832d6d
+        ports:
+          - 6379:6379
+
    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
      - name: Checkout Repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

      - name: Build Docker Image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        env:
+          GITHUB_SHA: ${{ github.sha }}
        with:
          context: .
          file: ./apps/web/Dockerfile
          push: false
          load: true
-          tags: formbricks-test:${{ github.sha }}
+          tags: formbricks-test:${{ env.GITHUB_SHA }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          secrets: |
            database_url=${{ secrets.DUMMY_DATABASE_URL }}
            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
+            redis_url=redis://localhost:6379

-      - name: Verify PostgreSQL Connection
+      - name: Verify and Initialize PostgreSQL
        run: |
          echo "Verifying PostgreSQL connection..."
          # Install PostgreSQL client to test connection
          sudo apt-get update && sudo apt-get install -y postgresql-client

-          # Test connection using psql
-          PGPASSWORD=test psql -h localhost -U test -d formbricks -c "\dt" || echo "Failed to connect to PostgreSQL"
+          # Test connection using psql with timeout and proper error handling
+          echo "Testing PostgreSQL connection with 30 second timeout..."
+          if timeout 30 bash -c 'until PGPASSWORD=test psql -h localhost -U test -d formbricks -c "\dt" >/dev/null 2>&1; do
+            echo "Waiting for PostgreSQL to be ready..."
+            sleep 2
+          done'; then
+            echo "✅ PostgreSQL connection successful"
+            PGPASSWORD=test psql -h localhost -U test -d formbricks -c "SELECT version();"
+
+            # Enable necessary extensions that might be required by migrations
+            echo "Enabling required PostgreSQL extensions..."
+            PGPASSWORD=test psql -h localhost -U test -d formbricks -c "CREATE EXTENSION IF NOT EXISTS vector;" || echo "Vector extension already exists or not available"
+
+          else
+            echo "❌ PostgreSQL connection failed after 30 seconds"
+            exit 1
+          fi

          # Show network configuration
          echo "Network configuration:"
-          ip addr show
          netstat -tulpn | grep 5432 || echo "No process listening on port 5432"

+      - name: Verify Redis/Valkey Connection
+        run: |
+          echo "Verifying Redis/Valkey connection..."
+          # Install Redis client to test connection
+          sudo apt-get update && sudo apt-get install -y redis-tools
+
+          # Test connection using redis-cli with timeout and proper error handling
+          echo "Testing Redis connection with 30 second timeout..."
+          if timeout 30 bash -c 'until redis-cli -h localhost -p 6379 ping >/dev/null 2>&1; do
+            echo "Waiting for Redis to be ready..."
+            sleep 2
+          done'; then
+            echo "✅ Redis connection successful"
+            redis-cli -h localhost -p 6379 info server | head -5
+          else
+            echo "❌ Redis connection failed after 30 seconds"
+            exit 1
+          fi
+
+          # Show network configuration for Redis
+          echo "Redis network configuration:"
+          netstat -tulpn | grep 6379 || echo "No process listening on port 6379"
+
      - name: Test Docker Image with Health Check
        shell: bash
+        env:
+          GITHUB_SHA: ${{ github.sha }}
+          DUMMY_ENCRYPTION_KEY: ${{ secrets.DUMMY_ENCRYPTION_KEY }}
        run: |
          echo "🧪 Testing if the Docker image starts correctly..."

@@ -86,29 +141,13 @@ jobs:
            $DOCKER_RUN_ARGS \
            -p 3000:3000 \
            -e DATABASE_URL="postgresql://test:test@host.docker.internal:5432/formbricks" \
-            -e ENCRYPTION_KEY="${{ secrets.DUMMY_ENCRYPTION_KEY }}" \
-            -d formbricks-test:${{ github.sha }}
+            -e ENCRYPTION_KEY="$DUMMY_ENCRYPTION_KEY" \
+            -e REDIS_URL="redis://host.docker.internal:6379" \
+            -d "formbricks-test:$GITHUB_SHA"

-          # Give it more time to start up
-          echo "Waiting 45 seconds for application to start..."
-          sleep 45
-
-          # Check if the container is running
-          if [ "$(docker inspect -f '{{.State.Running}}' formbricks-test)" != "true" ]; then
-            echo "❌ Container failed to start properly!"
-            docker logs formbricks-test
-            exit 1
-          else
-            echo "✅ Container started successfully!"
-          fi
-
-          # Try connecting to PostgreSQL from inside the container
-          echo "Testing PostgreSQL connection from inside container..."
-          docker exec formbricks-test sh -c 'apt-get update && apt-get install -y postgresql-client && PGPASSWORD=test psql -h host.docker.internal -U test -d formbricks -c "\dt" || echo "Failed to connect to PostgreSQL from container"'
-
-          # Try to access the health endpoint
-          echo "🏥 Testing /health endpoint..."
-          MAX_RETRIES=10
+          # Start health check polling immediately (every 5 seconds for up to 5 minutes)
+          echo "🏥 Polling /health endpoint every 5 seconds for up to 5 minutes..."
+          MAX_RETRIES=60  # 60 attempts × 5 seconds = 5 minutes
          RETRY_COUNT=0
          HEALTH_CHECK_SUCCESS=false

@@ -116,38 +155,32 @@ jobs:

          while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
            RETRY_COUNT=$((RETRY_COUNT + 1))
-            echo "Attempt $RETRY_COUNT of $MAX_RETRIES..."
-            
-            # Show container logs before each attempt to help debugging
-            if [ $RETRY_COUNT -gt 1 ]; then
-              echo "📋 Current container logs:"
-              docker logs --tail 20 formbricks-test
+
+            # Check if container is still running
+            if [ "$(docker inspect -f '{{.State.Running}}' formbricks-test 2>/dev/null)" != "true" ]; then
+              echo "❌ Container stopped running after $((RETRY_COUNT * 5)) seconds!"
+              echo "📋 Container logs:"
+              docker logs formbricks-test
+              exit 1
            fi
-            
-            # Get detailed curl output for debugging
-            HTTP_OUTPUT=$(curl -v -s -m 30 http://localhost:3000/health 2>&1)
-            CURL_EXIT_CODE=$?
-            
-            echo "Curl exit code: $CURL_EXIT_CODE"
-            echo "Curl output: $HTTP_OUTPUT"
-            
-            if [ $CURL_EXIT_CODE -eq 0 ]; then
-              STATUS_CODE=$(echo "$HTTP_OUTPUT" | grep -oP "HTTP/\d(\.\d)? \K\d+")
-              echo "Status code detected: $STATUS_CODE"
-              
-              if [ "$STATUS_CODE" = "200" ]; then
-                echo "✅ Health check successful!"
-                HEALTH_CHECK_SUCCESS=true
-                break
-              else
-                echo "❌ Health check returned non-200 status code: $STATUS_CODE"
-              fi
-            else
-              echo "❌ Curl command failed with exit code: $CURL_EXIT_CODE"
+
+            # Show progress and diagnostic info every 12 attempts (1 minute intervals)
+            if [ $((RETRY_COUNT % 12)) -eq 0 ] || [ $RETRY_COUNT -eq 1 ]; then
+              echo "Health check attempt $RETRY_COUNT of $MAX_RETRIES ($(($RETRY_COUNT * 5)) seconds elapsed)..."
+              echo "📋 Recent container logs:"
+              docker logs --tail 10 formbricks-test
            fi
-            
-            echo "Waiting 15 seconds before next attempt..."
-            sleep 15
+
+            # Try health endpoint with shorter timeout for faster polling
+            # Use -f flag to make curl fail on HTTP error status codes (4xx, 5xx)
+            if curl -f -s -m 10 http://localhost:3000/health >/dev/null 2>&1; then
+              echo "✅ Health check successful after $((RETRY_COUNT * 5)) seconds!"
+              HEALTH_CHECK_SUCCESS=true
+              break
+            fi
+
+            # Wait 5 seconds before next attempt
+            sleep 5
          done

          # Show full container logs for debugging
@@ -160,7 +193,7 @@ jobs:

          # Exit with failure if health check did not succeed
          if [ "$HEALTH_CHECK_SUCCESS" != "true" ]; then
-            echo "❌ Health check failed after $MAX_RETRIES attempts"
+            echo "❌ Health check failed after $((MAX_RETRIES * 5)) seconds (5 minutes)"
            exit 1
          fi

--- a/.github/workflows/docker-security-scan.yml
+++ b/.github/workflows/docker-security-scan.yml
@@ -0,0 +1,70 @@
+name: Docker Security Scan
+
+on:
+  schedule:
+    - cron: "0 2 * * *" # Daily at 2 AM UTC
+  workflow_dispatch:
+  workflow_run:
+    workflows: ["Docker Release to Github"]
+    types: [completed]
+
+permissions:
+  contents: read
+  packages: read
+  security-events: write
+
+jobs:
+  scan:
+    name: Vulnerability Scan
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Harden the runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout (for SARIF fingerprinting only)
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 1
+
+      - name: Determine ref and commit for upload
+        id: gitref
+        shell: bash
+        env:
+          EVENT_NAME: ${{ github.event_name }}
+          HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }}
+          HEAD_SHA: ${{ github.event.workflow_run.head_sha }}
+        run: |
+          set -euo pipefail
+          if [[ "${EVENT_NAME}" == "workflow_run" ]]; then
+            echo "ref=refs/heads/${HEAD_BRANCH}" >> "$GITHUB_OUTPUT"
+            echo "sha=${HEAD_SHA}" >> "$GITHUB_OUTPUT"
+          else
+            echo "ref=${GITHUB_REF}" >> "$GITHUB_OUTPUT"
+            echo "sha=${GITHUB_SHA}" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
+        with:
+          image-ref: "ghcr.io/${{ github.repository }}:latest"
+          format: "sarif"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH,MEDIUM,LOW"
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@a4e1a019f5e24960714ff6296aee04b736cbc3cf # v3.29.6
+        if: ${{ always() }}
+        with:
+          sarif_file: "trivy-results.sarif"
+          ref: ${{ steps.gitref.outputs.ref }}
+          sha: ${{ steps.gitref.outputs.sha }}
+          category: "trivy-container-scan"
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -41,27 +41,23 @@ jobs:
        ports:
          - 5432:5432
        options: >-
-          --health-cmd="pg_isready -U testuser"
+          --health-cmd="pg_isready -U postgres"
          --health-interval=10s
          --health-timeout=5s
          --health-retries=5
      valkey:
-        image: valkey/valkey:8.1.1
+        image: valkey/valkey@sha256:12ba4f45a7c3e1d0f076acd616cb230834e75a77e8516dde382720af32832d6d
        ports:
          - 6379:6379
-        options: >-
-          --entrypoint "valkey-server"
-          --health-cmd="valkey-cli ping"
-          --health-interval=10s
-          --health-timeout=5s
-          --health-retries=5
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
-          egress-policy: allow
+          egress-policy: audit
          allowed-endpoints: |
            ee.formbricks.com:443
+            registry-1.docker.io:443
+            docker.io:443

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: ./.github/actions/dangerous-git-checkout
@@ -92,8 +88,69 @@ jobs:
          sed -i "s|REDIS_URL=.*|REDIS_URL=redis://localhost:6379|" .env
          echo "" >> .env
          echo "E2E_TESTING=1" >> .env
+          echo "S3_REGION=us-east-1" >> .env
+          echo "S3_BUCKET_NAME=formbricks-e2e" >> .env
+          echo "S3_ENDPOINT_URL=http://localhost:9000" >> .env
+          echo "S3_ACCESS_KEY=devminio" >> .env
+          echo "S3_SECRET_KEY=devminio123" >> .env
+          echo "S3_FORCE_PATH_STYLE=1" >> .env
        shell: bash

+      - name: Install MinIO client (mc)
+        run: |
+          set -euo pipefail
+          MC_VERSION="RELEASE.2025-08-13T08-35-41Z"
+          MC_BASE="https://dl.min.io/client/mc/release/linux-amd64/archive"
+          MC_BIN="mc.${MC_VERSION}"
+          MC_SUM="${MC_BIN}.sha256sum"
+
+          curl -fsSL "${MC_BASE}/${MC_BIN}" -o "${MC_BIN}"
+          curl -fsSL "${MC_BASE}/${MC_SUM}" -o "${MC_SUM}"
+
+          sha256sum -c "${MC_SUM}"
+
+          chmod +x "${MC_BIN}"
+          sudo mv "${MC_BIN}" /usr/local/bin/mc
+
+      - name: Start MinIO Server
+        run: |
+          set -euo pipefail
+          
+          # Start MinIO server in background
+          docker run -d \
+            --name minio-server \
+            -p 9000:9000 \
+            -p 9001:9001 \
+            -e MINIO_ROOT_USER=devminio \
+            -e MINIO_ROOT_PASSWORD=devminio123 \
+            minio/minio:RELEASE.2025-09-07T16-13-09Z \
+            server /data --console-address :9001
+          
+          echo "MinIO server started"
+
+      - name: Wait for MinIO and create S3 bucket
+        run: |
+          set -euo pipefail
+
+          echo "Waiting for MinIO to be ready..."
+          ready=0
+          for i in {1..60}; do
+            if curl -fsS http://localhost:9000/minio/health/live >/dev/null; then
+              echo "MinIO is up after ${i} seconds"
+              ready=1
+              break
+            fi
+            sleep 1
+          done
+
+          if [ "$ready" -ne 1 ]; then
+            echo "::error::MinIO did not become ready within 60 seconds"
+            exit 1
+          fi
+
+          mc alias set local http://localhost:9000 devminio devminio123
+          mc mb --ignore-existing local/formbricks-e2e
+
      - name: Build App
        run: |
          pnpm build --filter=@formbricks/web...
@@ -182,4 +239,4 @@ jobs:

      - name: Output App Logs
        if: failure()
-        run: cat app.log
+        run: cat app.log
--- a/.github/workflows/formbricks-release.yml
+++ b/.github/workflows/formbricks-release.yml
@@ -7,56 +7,75 @@ on:
 permissions:
  contents: read

-env:
-  ENVIRONMENT: ${{ github.event.release.prerelease && 'staging' || 'production' }}
-
 jobs:
-  docker-build:
-    name: Build & release docker image
+  docker-build-community:
+    name: Build & release community docker image
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
    uses: ./.github/workflows/release-docker-github.yml
    secrets: inherit
    with:
      IS_PRERELEASE: ${{ github.event.release.prerelease }}

+  docker-build-cloud:
+    name: Build & push Formbricks Cloud to ECR
+    permissions:
+      contents: read
+      id-token: write
+    uses: ./.github/workflows/build-and-push-ecr.yml
+    secrets: inherit
+    with:
+      image_tag: ${{ needs.docker-build-community.outputs.VERSION }}
+      IS_PRERELEASE: ${{ github.event.release.prerelease }}
+    needs:
+      - docker-build-community
+
  helm-chart-release:
    name: Release Helm Chart
+    permissions:
+      contents: read
+      packages: write
    uses: ./.github/workflows/release-helm-chart.yml
    secrets: inherit
    needs:
-      - docker-build
+      - docker-build-community
    with:
-      VERSION: ${{ needs.docker-build.outputs.VERSION }}
+      VERSION: ${{ needs.docker-build-community.outputs.VERSION }}

-  deploy-formbricks-cloud:
-    name: Deploy Helm Chart to Formbricks Cloud
-    secrets: inherit
-    uses: ./.github/workflows/deploy-formbricks-cloud.yml
-    needs:
-      - docker-build
-      - helm-chart-release
-    with:
-      VERSION: v${{ needs.docker-build.outputs.VERSION }}
-      ENVIRONMENT: ${{ env.ENVIRONMENT }}
-
-  upload-sentry-sourcemaps:
-    name: Upload Sentry Sourcemaps
+  verify-cloud-build:
+    name: Verify Cloud Build Outputs
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
+    timeout-minutes: 5 # Simple verification should be quick
    needs:
-      - docker-build
-      - deploy-formbricks-cloud
+      - docker-build-cloud
    steps:
-      - name: Checkout
-        uses: actions/checkout@v4.2.2
+      - name: Harden the runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
-          fetch-depth: 0
+          egress-policy: audit

-      - name: Upload Sentry Sourcemaps
-        uses: ./.github/actions/upload-sentry-sourcemaps
-        continue-on-error: true
-        with:
-          docker_image: ghcr.io/formbricks/formbricks:v${{ needs.docker-build.outputs.VERSION }}
-          release_version: v${{ needs.docker-build.outputs.VERSION }}
-          sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          environment: ${{ env.ENVIRONMENT }}
+      - name: Display ECR build outputs
+        env:
+          IMAGE_TAG: ${{ needs.docker-build-cloud.outputs.IMAGE_TAG }}
+          TAGS: ${{ needs.docker-build-cloud.outputs.TAGS }}
+        run: |
+          set -euo pipefail
+
+          echo "✅ ECR Build Completed Successfully"
+          echo "Image Tag: ${IMAGE_TAG}"
+          echo "ECR Tags:"
+          printf '%s\n' "${TAGS}"
+
+  move-stable-tag:
+    name: Move stable tag to release
+    permissions:
+      contents: write # Required for tag push operations in called workflow
+    uses: ./.github/workflows/move-stable-tag.yml
+    needs:
+      - docker-build-community # Ensure release is successful first
+    with:
+      release_tag: ${{ github.event.release.tag_name }}
+      commit_sha: ${{ github.sha }}
+      is_prerelease: ${{ github.event.release.prerelease }}
--- a/.github/workflows/move-stable-tag.yml
+++ b/.github/workflows/move-stable-tag.yml
@@ -0,0 +1,96 @@
+name: Move Stable Tag
+
+on:
+  workflow_call:
+    inputs:
+      release_tag:
+        description: "The release tag name (e.g., 1.2.3)"
+        required: true
+        type: string
+      commit_sha:
+        description: "The commit SHA to point the stable tag to"
+        required: true
+        type: string
+      is_prerelease:
+        description: "Whether this is a prerelease (stable tag won't be moved for prereleases)"
+        required: false
+        type: boolean
+        default: false
+
+permissions:
+  contents: read
+
+# Prevent concurrent stable tag operations to avoid race conditions
+concurrency:
+  group: move-stable-tag-${{ github.repository }}
+  cancel-in-progress: true
+
+jobs:
+  move-stable-tag:
+    name: Move stable tag to release
+    runs-on: ubuntu-latest
+    timeout-minutes: 10 # Prevent hung git operations
+    permissions:
+      contents: write # Required to push tags
+    # Only move stable tag for non-prerelease versions
+    if: ${{ !inputs.is_prerelease }}
+    steps:
+      - name: Harden the runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # Full history needed for tag operations
+
+      - name: Validate inputs
+        env:
+          RELEASE_TAG: ${{ inputs.release_tag }}
+          COMMIT_SHA: ${{ inputs.commit_sha }}
+        run: |
+          set -euo pipefail
+
+          # Validate release tag format
+          if [[ ! "$RELEASE_TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ ]]; then
+            echo "❌ Error: Invalid release tag format. Expected format: 1.2.3, 1.2.3-alpha"
+            echo "Provided: $RELEASE_TAG"
+            exit 1
+          fi
+
+          # Validate commit SHA format (40 character hex)
+          if [[ ! "$COMMIT_SHA" =~ ^[a-f0-9]{40}$ ]]; then
+            echo "❌ Error: Invalid commit SHA format. Expected 40 character hex string"
+            echo "Provided: $COMMIT_SHA"
+            exit 1
+          fi
+
+          echo "✅ Input validation passed"
+          echo "Release tag: $RELEASE_TAG"
+          echo "Commit SHA: $COMMIT_SHA"
+
+      - name: Move stable tag
+        env:
+          RELEASE_TAG: ${{ inputs.release_tag }}
+          COMMIT_SHA: ${{ inputs.commit_sha }}
+        run: |
+          set -euo pipefail
+
+          # Configure git
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Verify the commit exists
+          if ! git cat-file -e "$COMMIT_SHA"; then
+            echo "❌ Error: Commit $COMMIT_SHA does not exist in this repository"
+            exit 1
+          fi
+
+          # Move stable tag to the release commit
+          echo "📌 Moving stable tag to commit: $COMMIT_SHA (release: $RELEASE_TAG)"
+          git tag -f stable "$COMMIT_SHA"
+          git push origin stable --force
+
+          echo "✅ Successfully moved stable tag to release $RELEASE_TAG"
+          echo "🔗 Stable tag now points to: https://github.com/${{ github.repository }}/commit/$COMMIT_SHA"
--- a/.github/workflows/release-docker-github-experimental.yml
+++ b/.github/workflows/release-docker-github-experimental.yml
@@ -1,187 +1,50 @@
-name: Docker Release to Github Experimental
+name: Build Community Testing Images

-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+# This workflow builds experimental/testing versions of Formbricks for self-hosting customers
+# to test fixes and features before official releases. Images are pushed to GHCR with
+# timestamped experimental versions for easy identification and testing.

 on:
  workflow_dispatch:
-
-env:
-  # Use docker.io for Docker Hub if empty
-  REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
-  IMAGE_NAME: ${{ github.repository }}-experimental
-  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-  TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
+    inputs:
+      version_override:
+        description: "Override version (SemVer only, e.g., 1.2.3-beta). Leave empty for auto-generated experimental version."
+        required: false
+        type: string

 permissions:
  contents: read
+  packages: write
+  id-token: write

 jobs:
-  build:
+  build-community-testing:
+    name: Build Community Testing Image
    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
-      id-token: write
-
-    outputs:
-      DOCKER_IMAGE: ${{ steps.extract_image_info.outputs.DOCKER_IMAGE }}
-      RELEASE_VERSION: ${{ steps.extract_image_info.outputs.RELEASE_VERSION }}
+    timeout-minutes: 45

    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Generate SemVer version from branch or tag
-        id: generate_version
-        run: |
-          # Get reference name and type
-          REF_NAME="${{ github.ref_name }}"
-          REF_TYPE="${{ github.ref_type }}"
-
-          echo "Reference type: $REF_TYPE"
-          echo "Reference name: $REF_NAME"
-
-          if [[ "$REF_TYPE" == "tag" ]]; then
-            # If running from a tag, use the tag name
-            if [[ "$REF_NAME" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+.*$ ]]; then
-              # Tag looks like a SemVer, use it directly (remove 'v' prefix if present)
-              VERSION=$(echo "$REF_NAME" | sed 's/^v//')
-              echo "Using SemVer tag: $VERSION"
-            else
-              # Tag is not SemVer, treat as prerelease
-              SANITIZED_TAG=$(echo "$REF_NAME" | sed 's/[^a-zA-Z0-9.-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
-              VERSION="0.0.0-$SANITIZED_TAG"
-              echo "Using tag as prerelease: $VERSION"
-            fi
-          else
-            # Running from branch, use branch name as prerelease
-            SANITIZED_BRANCH=$(echo "$REF_NAME" | sed 's/[^a-zA-Z0-9.-]/-/g' | sed 's/--*/-/g' | sed 's/^-\|-$//g')
-            VERSION="0.0.0-$SANITIZED_BRANCH"
-            echo "Using branch as prerelease: $VERSION"
-          fi
-
-          echo "VERSION=$VERSION" >> $GITHUB_ENV
-          echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
-          echo "Generated SemVer version: $VERSION"
-
-      - name: Update package.json version
-        run: |
-          sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${{ env.VERSION }}\"/" ./apps/web/package.json
-          cat ./apps/web/package.json | grep version
-
-      - name: Set Sentry environment in .env
-        run: |
-          if ! grep -q "^SENTRY_ENVIRONMENT=staging$" .env 2>/dev/null; then
-            echo "SENTRY_ENVIRONMENT=staging" >> .env
-            echo "Added SENTRY_ENVIRONMENT=staging to .env file"
-          else
-            echo "SENTRY_ENVIRONMENT=staging already exists in .env file"
-          fi
-
-      - name: Set up Depot CLI
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
-
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
-      - name: Build and push Docker image
-        id: build-and-push
-        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
-        with:
-          project: tw0fqmsx3c
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          context: .
-          file: ./apps/web/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          secrets: |
-            database_url=${{ secrets.DUMMY_DATABASE_URL }}
-            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
-
-      - name: Extract image info for sourcemap upload
-        id: extract_image_info
-        run: |
-          # Use the first readable tag from metadata action output
-          DOCKER_IMAGE=$(echo "${{ steps.meta.outputs.tags }}" | head -n1 | xargs)
-          echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> $GITHUB_OUTPUT
-
-          # Use the generated version for Sentry release
-          RELEASE_VERSION="$VERSION"
-          echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_OUTPUT
-
-          echo "Docker image: $DOCKER_IMAGE"
-          echo "Release version: $RELEASE_VERSION"
-          echo "Available tags: ${{ steps.meta.outputs.tags }}"
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
-
-  upload-sentry-sourcemaps:
-    name: Upload Sentry Sourcemaps
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    needs:
-      - build
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4.2.2
        with:
          fetch-depth: 0

-      - name: Upload Sentry Sourcemaps
-        uses: ./.github/actions/upload-sentry-sourcemaps
-        continue-on-error: true
+      - name: Build and push community testing image
+        uses: ./.github/actions/build-and-push-docker
        with:
-          docker_image: ${{ needs.build.outputs.DOCKER_IMAGE }}
-          release_version: ${{ needs.build.outputs.RELEASE_VERSION }}
-          sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          environment: staging
+          registry_type: "ghcr"
+          ghcr_image_name: "${{ github.repository }}-experimental"
+          experimental_mode: "true"
+          version: ${{ inputs.version_override }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEPOT_PROJECT_TOKEN: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          DUMMY_DATABASE_URL: ${{ secrets.DUMMY_DATABASE_URL }}
+          DUMMY_ENCRYPTION_KEY: ${{ secrets.DUMMY_ENCRYPTION_KEY }}
+          DUMMY_REDIS_URL: ${{ secrets.DUMMY_REDIS_URL }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
--- a/.github/workflows/release-docker-github.yml
+++ b/.github/workflows/release-docker-github.yml
@@ -1,4 +1,4 @@
-name: Docker Release to Github
+name: Release Community Docker Images

 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
@@ -9,7 +9,7 @@ on:
  workflow_call:
    inputs:
      IS_PRERELEASE:
-        description: 'Whether this is a prerelease (affects latest tag)'
+        description: "Whether this is a prerelease (affects latest tag)"
        required: false
        type: boolean
        default: false
@@ -23,12 +23,14 @@ env:
  REGISTRY: ghcr.io
  # github.repository as <account>/<repo>
  IMAGE_NAME: ${{ github.repository }}
-  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
-  TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
+
+permissions:
+  contents: read

 jobs:
  build:
    runs-on: ubuntu-latest
+    timeout-minutes: 45
    permissions:
      contents: read
      packages: write
@@ -41,91 +43,60 @@ jobs:

    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

-      - name: Get Release Tag
+      - name: Extract release version from tag
        id: extract_release_tag
        run: |
-          # Extract version from tag (e.g., refs/tags/v1.2.3 -> 1.2.3)
-          TAG=${{ github.ref }}
-          TAG=${TAG#refs/tags/v}
-          echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV
+          set -euo pipefail
+
+          # Extract tag name with fallback logic for different trigger contexts
+          if [[ -n "${RELEASE_TAG:-}" ]]; then
+            TAG="$RELEASE_TAG"
+            echo "Using RELEASE_TAG override: $TAG"
+          elif [[ "$GITHUB_REF_NAME" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]] || [[ "$GITHUB_REF_NAME" =~ ^v[0-9] ]]; then
+            TAG="$GITHUB_REF_NAME"
+            echo "Using GITHUB_REF_NAME (looks like tag): $TAG"
+          else
+            # Fallback: extract from GITHUB_REF for direct tag triggers
+            TAG="${GITHUB_REF#refs/tags/}"
+            if [[ -z "$TAG" || "$TAG" == "$GITHUB_REF" ]]; then
+              TAG="$GITHUB_REF_NAME"
+              echo "Using GITHUB_REF_NAME as final fallback: $TAG"
+            else
+              echo "Extracted from GITHUB_REF: $TAG"
+            fi
+          fi
+
+          # Strip v-prefix if present (normalize to clean SemVer)
+          TAG=${TAG#[vV]}
+
+          # Validate SemVer format (supports prereleases like 4.0.0-rc.1)
+          if [[ ! "$TAG" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?$ ]]; then
+            echo "ERROR: Invalid tag format '$TAG'. Expected SemVer (e.g., 1.2.3, 4.0.0-rc.1)"
+            exit 1
+          fi
+
          echo "VERSION=$TAG" >> $GITHUB_OUTPUT
-          echo "Using tag-based version: $TAG"
+          echo "Using version: $TAG"

-      - name: Update package.json version
-        run: |
-          sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${{ env.RELEASE_TAG }}\"/" ./apps/web/package.json
-          cat ./apps/web/package.json | grep version
-
-      - name: Set up Depot CLI
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
-
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
-        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
-
-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
-      - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+      - name: Build and push community release image
+        id: build
+        uses: ./.github/actions/build-and-push-docker
        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
-      - name: Extract Docker metadata
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          tags: |
-            # Default semver tags (version, major.minor, major)
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            # Only tag as 'latest' for stable releases (not prereleases)
-            type=raw,value=latest,enable=${{ inputs.IS_PRERELEASE != 'true' }}
-
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
-      - name: Build and push Docker image
-        id: build-and-push
-        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
-        with:
-          project: tw0fqmsx3c
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          context: .
-          file: ./apps/web/Dockerfile
-          platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          secrets: |
-            database_url=${{ secrets.DUMMY_DATABASE_URL }}
-            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
-
-      # Sign the resulting Docker image digest except on PRs.
-      # This will only write to the public Rekor transparency log when the Docker
-      # repository is public to avoid leaking data.  If you would like to publish
-      # transparency data even for private images, pass --force to cosign below.
-      # https://github.com/sigstore/cosign
-      - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' }}
+          registry_type: "ghcr"
+          ghcr_image_name: ${{ env.IMAGE_NAME }}
+          version: ${{ steps.extract_release_tag.outputs.VERSION }}
+          is_prerelease: ${{ inputs.IS_PRERELEASE }}
        env:
-          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
-          TAGS: ${{ steps.meta.outputs.tags }}
-          DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        # This step uses the identity token to provision an ephemeral certificate
-        # against the sigstore community Fulcio instance.
-        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DEPOT_PROJECT_TOKEN: ${{ secrets.DEPOT_PROJECT_TOKEN }}
+          DUMMY_DATABASE_URL: ${{ secrets.DUMMY_DATABASE_URL }}
+          DUMMY_ENCRYPTION_KEY: ${{ secrets.DUMMY_ENCRYPTION_KEY }}
+          DUMMY_REDIS_URL: ${{ secrets.DUMMY_REDIS_URL }}
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
--- a/.github/workflows/release-helm-chart.yml
+++ b/.github/workflows/release-helm-chart.yml
@@ -19,15 +19,30 @@ jobs:
      contents: read
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
        with:
          egress-policy: audit

      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

-      - name: Extract release version
-        run: echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+      - name: Validate input version
+        env:
+          INPUT_VERSION: ${{ inputs.VERSION }}
+        run: |
+          set -euo pipefail
+          # Validate input version format (expects clean semver without 'v' prefix)
+          if [[ ! "$INPUT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ ]]; then
+            echo "❌ Error: Invalid version format. Must be clean semver (e.g., 1.2.3, 1.2.3-alpha)"
+            echo "Expected: clean version without 'v' prefix"
+            echo "Provided: $INPUT_VERSION"
+            exit 1
+          fi
+
+          # Store validated version in environment variable
+          echo "VERSION<<EOF" >> $GITHUB_ENV
+          echo "$INPUT_VERSION" >> $GITHUB_ENV
+          echo "EOF" >> $GITHUB_ENV

      - name: Set up Helm
        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
@@ -35,20 +50,44 @@ jobs:
          version: latest

      - name: Log in to GitHub Container Registry
-        run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_ACTOR: ${{ github.actor }}
+        run: printf '%s' "$GITHUB_TOKEN" | helm registry login ghcr.io --username "$GITHUB_ACTOR" --password-stdin

      - name: Install YQ
        uses: dcarbone/install-yq-action@4075b4dca348d74bd83f2bf82d30f25d7c54539b # v1.3.1

      - name: Update Chart.yaml with new version
+        env:
+          VERSION: ${{ env.VERSION }}
        run: |
-          yq -i ".version = \"${{ inputs.VERSION }}\"" helm-chart/Chart.yaml
-          yq -i ".appVersion = \"v${{ inputs.VERSION }}\"" helm-chart/Chart.yaml
+          set -euo pipefail
+
+          echo "Updating Chart.yaml with version: ${VERSION}"
+          yq -i ".version = \"${VERSION}\"" helm-chart/Chart.yaml
+          yq -i ".appVersion = \"${VERSION}\"" helm-chart/Chart.yaml
+
+          echo "✅ Successfully updated Chart.yaml"

      - name: Package Helm chart
+        env:
+          VERSION: ${{ env.VERSION }}
        run: |
+          set -euo pipefail
+
+          echo "Packaging Helm chart version: ${VERSION}"
          helm package ./helm-chart

+          echo "✅ Successfully packaged formbricks-${VERSION}.tgz"
+
      - name: Push Helm chart to GitHub Container Registry
+        env:
+          VERSION: ${{ env.VERSION }}
        run: |
-          helm push formbricks-${{ inputs.VERSION }}.tgz oci://ghcr.io/formbricks/helm-charts
+          set -euo pipefail
+
+          echo "Pushing Helm chart to registry: formbricks-${VERSION}.tgz"
+          helm push "formbricks-${VERSION}.tgz" oci://ghcr.io/formbricks/helm-charts
+
+          echo "✅ Successfully pushed Helm chart to registry"
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -1,81 +0,0 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
-name: Scorecard supply-chain security
-on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
-  schedule:
-    - cron: "17 17 * * 6"
-  push:
-    branches: ["main"]
-  workflow_dispatch:
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    name: Scorecard analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Needed to publish results and get a badge (see publish_results below).
-      id-token: write
-      # Add this permission
-      actions: write # Required for artifact upload
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read
-
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
-      - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecard on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional.
-          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
-
-          # Public repositories:
-          #   - Publish results to OpenSSF REST API for easy access by consumers
-          #   - Allows the repository to include the Scorecard badge.
-          #   - See https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories:
-          #   - `publish_results` will always be set to `false`, regardless
-          #     of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: sarif
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard (optional).
-      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
-        with:
-          sarif_file: results.sarif
--- a/.github/workflows/semantic-pull-requests.yml
+++ b/.github/workflows/semantic-pull-requests.yml
@@ -56,11 +56,3 @@ jobs:
            ```
            ${{ steps.lint_pr_title.outputs.error_message }}
            ```
-
-      # Delete a previous comment when the issue has been resolved
-      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
-        uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2
-        with:
-          header: pr-title-lint-error
-          message: |
-            Thank you for following the naming conventions for pull request titles! 🙏
--- a/.github/workflows/terraform-plan-and-apply.yml
+++ b/.github/workflows/terraform-plan-and-apply.yml
@@ -14,12 +14,14 @@ on:
    paths:
      - "infra/terraform/**"

+permissions:
+  contents: read
+
 jobs:
  terraform:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
-      contents: read
      pull-requests: write
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -33,7 +35,7 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Tailscale
-        uses: tailscale/github-action@v3
+        uses: tailscale/github-action@84a3f23bb4d843bcf4da6cf824ec1be473daf4de # v3.2.3
        with:
          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
--- a/.github/workflows/tolgee.yml
+++ b/.github/workflows/tolgee.yml
@@ -27,10 +27,18 @@ jobs:

      - name: Get source branch name
        id: branch-name
+        env:
+          RAW_BRANCH: ${{ github.head_ref }}
        run: |
-          RAW_BRANCH="${{ github.head_ref }}"
+          # Validate and sanitize branch name - only allow alphanumeric, dots, underscores, hyphens, and forward slashes
          SOURCE_BRANCH=$(echo "$RAW_BRANCH" | sed 's/[^a-zA-Z0-9._\/-]//g')

+          # Additional validation - ensure branch name is not empty after sanitization
+          if [[ -z "$SOURCE_BRANCH" ]]; then
+            echo "❌ Error: Branch name is empty after sanitization"
+            echo "Original branch: $RAW_BRANCH"
+            exit 1
+          fi

          # Safely add to environment variables using GitHub's recommended method
          # This prevents environment variable injection attacks
--- a/.github/workflows/upload-sentry-sourcemaps.yml
+++ b/.github/workflows/upload-sentry-sourcemaps.yml
@@ -1,46 +0,0 @@
-name: Upload Sentry Sourcemaps (Manual)
-
-on:
-  workflow_dispatch:
-    inputs:
-      docker_image:
-        description: "Docker image to extract sourcemaps from"
-        required: true
-        type: string
-      release_version:
-        description: "Release version (e.g., v1.2.3)"
-        required: true
-        type: string
-      tag_version:
-        description: "Docker image tag (leave empty to use release_version)"
-        required: false
-        type: string
-
-permissions:
-  contents: read
-
-jobs:
-  upload-sourcemaps:
-    name: Upload Sourcemaps to Sentry
-    runs-on: ubuntu-latest
-    
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Set Docker Image
-        run: |
-          if [ -n "${{ inputs.tag_version }}" ]; then
-            echo "DOCKER_IMAGE=${{ inputs.docker_image }}:${{ inputs.tag_version }}" >> $GITHUB_ENV
-          else
-            echo "DOCKER_IMAGE=${{ inputs.docker_image }}:${{ inputs.release_version }}" >> $GITHUB_ENV
-          fi
-
-      - name: Upload Sourcemaps to Sentry
-        uses: ./.github/actions/upload-sentry-sourcemaps
-        with:
-          docker_image: ${{ env.DOCKER_IMAGE }}
-          release_version: ${{ inputs.release_version }}
-          sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }} 
--- a/.github/workflows/welcome-new-contributors.yml
+++ b/.github/workflows/welcome-new-contributors.yml
@@ -1,32 +0,0 @@
-name: "Welcome new contributors"
-
-on:
-  issues:
-    types: opened
-  pull_request_target:
-    types: opened
-
-permissions:
-  pull-requests: write
-  issues: write
-
-jobs:
-  welcome-message:
-    name: Welcoming New Users
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    if: github.event.action == 'opened'
-    steps:
-      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
-        with:
-          egress-policy: audit
-
-      - uses: actions/first-interaction@3c71ce730280171fd1cfb57c00c774f8998586f7 # v1
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          pr-message: |-
-            Thank you so much for making your first Pull Request and taking the time to improve Formbricks! 🚀🙏❤️
-            Feel free to join the conversation on [Github Discussions](https://github.com/formbricks/formbricks/discussions) if you need any help or have any questions. 😊
-          issue-message: |
-            Thank you for opening your first issue! 🙏❤️ One of our team members will review it and get back to you as soon as it possible. 😊
--- a/.gitignore
+++ b/.gitignore
@@ -74,3 +74,4 @@ infra/terraform/.terraform/
 /*.iml
 packages/ios/FormbricksSDK/FormbricksSDK.xcodeproj/project.xcworkspace/xcuserdata
 .cursorrules
+i18n.cache
--- a/.tolgeerc.json
+++ b/.tolgeerc.json
@@ -31,6 +31,18 @@
      {
        "language": "pt-PT",
        "path": "./apps/web/locales/pt-PT.json"
+      },
+      {
+        "language": "ro-RO",
+        "path": "./apps/web/locales/ro-RO.json"
+      },
+      {
+        "language": "ja-JP",
+        "path": "./apps/web/locales/ja-JP.json"
+      },
+      {
+        "language": "zh-Hans-CN",
+        "path": "./apps/web/locales/zh-Hans-CN.json"
      }
    ],
    "forceMode": "OVERRIDE"
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,4 +1,6 @@
 {
+  "eslint.validate": ["javascript", "javascriptreact", "typescript", "typescriptreact"],
+  "eslint.workingDirectories": [{ "mode": "auto" }],
  "javascript.updateImportsOnFileMove.enabled": "always",
  "sonarlint.connectedMode.project": {
    "connectionId": "formbricks",
--- a/README.md
+++ b/README.md
@@ -21,6 +21,7 @@ The Open Source Qualtrics Alternative

 <p align="center">
 <a href="https://github.com/formbricks/formbricks/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-AGPL-purple" alt="License"></a> <a href="https://github.com/formbricks/formbricks/stargazers"><img src="https://img.shields.io/github/stars/formbricks/formbricks?logo=github" alt="Github Stars"></a>
+<a href="https://insights.linuxfoundation.org/project/formbricks"><img src="https://insights.linuxfoundation.org/api/badge/health-score?project=formbricks"></a>
 <a href="https://news.ycombinator.com/item?id=32303986"><img src="https://img.shields.io/badge/Hacker%20News-122-%23FF6600" alt="Hacker News"></a>
 <a href="[https://www.producthunt.com/products/formbricks](https://www.producthunt.com/posts/formbricks)"><img src="https://img.shields.io/badge/Product%20Hunt-455-orange?logo=producthunt&logoColor=%23fff" alt="Product Hunt"></a>
 <a href="https://github.blog/2023-04-12-github-accelerator-our-first-cohort-and-whats-next/"><img src="https://img.shields.io/badge/2023-blue?logo=github&label=Github%20Accelerator" alt="Github Accelerator"></a>
--- a/apps/storybook/.storybook/preview.ts
+++ b/apps/storybook/.storybook/preview.ts
@@ -1,6 +1,8 @@
 import type { Preview } from "@storybook/react-vite";
 import { TolgeeProvider } from "@tolgee/react";
 import React from "react";
+// Import translation data for Storybook
+import enUSTranslations from "../../web/locales/en-US.json";
 import "../../web/modules/ui/globals.css";
 import { TolgeeBase } from "../../web/tolgee/shared";

@@ -12,7 +14,16 @@ const withTolgee = (Story: any) => {

  return React.createElement(
    TolgeeProvider,
-    { tolgee, fallback: "Loading", ssr: { language: "en", staticData: {} } },
+    {
+      tolgee,
+      fallback: "Loading",
+      ssr: {
+        language: "en-US",
+        staticData: {
+          "en-US": enUSTranslations,
+        },
+      },
+    },
    React.createElement(Story)
  );
 };
--- a/apps/storybook/package.json
+++ b/apps/storybook/package.json
@@ -26,7 +26,7 @@
    "eslint-plugin-storybook": "9.0.15",
    "prop-types": "15.8.1",
    "storybook": "9.0.15",
-    "vite": "6.3.5",
+    "vite": "6.3.6",
    "@storybook/addon-docs": "9.0.15"
  }
 }
--- a/apps/web/Dockerfile
+++ b/apps/web/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:22-alpine3.21 AS base
+FROM node:22-alpine3.22 AS base

 #
 ## step 1: Prune monorepo
@@ -30,9 +30,13 @@ COPY apps/web/scripts/docker/read-secrets.sh /tmp/read-secrets.sh
 RUN chmod +x /tmp/read-secrets.sh

 # Increase Node.js memory limit as a regular build argument
-ARG NODE_OPTIONS="--max_old_space_size=4096"
+ARG NODE_OPTIONS="--max_old_space_size=8192"
 ENV NODE_OPTIONS=${NODE_OPTIONS}

+# Target architecture - automatically provided by Docker in multi-platform builds
+# but needs explicit declaration for some build systems (like Depot)
+ARG TARGETARCH
+
 # Set the working directory
 WORKDIR /app

@@ -57,6 +61,8 @@ RUN pnpm build --filter=@formbricks/database
 # This mounts the secrets only during this build step without storing them in layers
 RUN --mount=type=secret,id=database_url \
    --mount=type=secret,id=encryption_key \
+    --mount=type=secret,id=redis_url \
+    --mount=type=secret,id=sentry_auth_token \
    /tmp/read-secrets.sh pnpm build --filter=@formbricks/web...

 # Extract Prisma version
@@ -109,9 +115,6 @@ RUN chown -R nextjs:nextjs ./node_modules/.prisma && chmod -R 755 ./node_modules
 COPY --from=installer /prisma_version.txt .
 RUN chown nextjs:nextjs ./prisma_version.txt && chmod 644 ./prisma_version.txt

-COPY /docker/cronjobs /app/docker/cronjobs
-RUN chmod -R 755 /app/docker/cronjobs
-
 COPY --from=installer /app/node_modules/@paralleldrive/cuid2 ./node_modules/@paralleldrive/cuid2
 RUN chmod -R 755 ./node_modules/@paralleldrive/cuid2

--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.test.tsx
@@ -23,12 +23,12 @@ describe("ConnectWithFormbricks", () => {
  const webAppUrl = "http://app";
  const channel = {} as any;

-  test("renders waiting state when widgetSetupCompleted is false", () => {
+  test("renders waiting state when appSetupCompleted is false", () => {
    render(
      <ConnectWithFormbricks
        environment={environment}
        publicDomain={webAppUrl}
-        widgetSetupCompleted={false}
+        appSetupCompleted={false}
        channel={channel}
      />
    );
@@ -36,12 +36,12 @@ describe("ConnectWithFormbricks", () => {
    expect(screen.getByText("environments.connect.waiting_for_your_signal")).toBeInTheDocument();
  });

-  test("renders success state when widgetSetupCompleted is true", () => {
+  test("renders success state when appSetupCompleted is true", () => {
    render(
      <ConnectWithFormbricks
        environment={environment}
        publicDomain={webAppUrl}
-        widgetSetupCompleted={true}
+        appSetupCompleted={true}
        channel={channel}
      />
    );
@@ -54,7 +54,7 @@ describe("ConnectWithFormbricks", () => {
      <ConnectWithFormbricks
        environment={environment}
        publicDomain={webAppUrl}
-        widgetSetupCompleted={true}
+        appSetupCompleted={true}
        channel={channel}
      />
    );
@@ -68,7 +68,7 @@ describe("ConnectWithFormbricks", () => {
      <ConnectWithFormbricks
        environment={environment}
        publicDomain={webAppUrl}
-        widgetSetupCompleted={false}
+        appSetupCompleted={false}
        channel={channel}
      />
    );
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.tsx
@@ -13,14 +13,14 @@ import { OnboardingSetupInstructions } from "./OnboardingSetupInstructions";
 interface ConnectWithFormbricksProps {
  environment: TEnvironment;
  publicDomain: string;
-  widgetSetupCompleted: boolean;
+  appSetupCompleted: boolean;
  channel: TProjectConfigChannel;
 }

 export const ConnectWithFormbricks = ({
  environment,
  publicDomain,
-  widgetSetupCompleted,
+  appSetupCompleted,
  channel,
 }: ConnectWithFormbricksProps) => {
  const { t } = useTranslate();
@@ -51,15 +51,15 @@ export const ConnectWithFormbricks = ({
            environmentId={environment.id}
            publicDomain={publicDomain}
            channel={channel}
-            widgetSetupCompleted={widgetSetupCompleted}
+            appSetupCompleted={appSetupCompleted}
          />
        </div>
        <div
          className={cn(
            "flex h-[30rem] w-1/2 flex-col items-center justify-center rounded-lg border text-center",
-            widgetSetupCompleted ? "border-green-500 bg-green-100" : "border-slate-300 bg-slate-200"
+            appSetupCompleted ? "border-green-500 bg-green-100" : "border-slate-300 bg-slate-200"
          )}>
-          {widgetSetupCompleted ? (
+          {appSetupCompleted ? (
            <div>
              <p className="text-3xl">{t("environments.connect.congrats")}</p>
              <p className="pt-4 text-sm font-medium text-slate-600">
@@ -81,9 +81,9 @@ export const ConnectWithFormbricks = ({
      </div>
      <Button
        id="finishOnboarding"
-        variant={widgetSetupCompleted ? "default" : "ghost"}
+        variant={appSetupCompleted ? "default" : "ghost"}
        onClick={handleFinishOnboarding}>
-        {widgetSetupCompleted
+        {appSetupCompleted
          ? t("environments.connect.finish_onboarding")
          : t("environments.connect.do_it_later")}
        <ArrowRight />
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.test.tsx
@@ -35,7 +35,7 @@ describe("OnboardingSetupInstructions", () => {
    environmentId: "env-123",
    publicDomain: "https://example.com",
    channel: "app" as const, // Assuming channel is either "app" or "website"
-    widgetSetupCompleted: false,
+    appSetupCompleted: false,
  };

  test("renders HTML tab content by default", () => {
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.tsx
@@ -20,14 +20,14 @@ interface OnboardingSetupInstructionsProps {
  environmentId: string;
  publicDomain: string;
  channel: TProjectConfigChannel;
-  widgetSetupCompleted: boolean;
+  appSetupCompleted: boolean;
 }

 export const OnboardingSetupInstructions = ({
  environmentId,
  publicDomain,
  channel,
-  widgetSetupCompleted,
+  appSetupCompleted,
 }: OnboardingSetupInstructionsProps) => {
  const { t } = useTranslate();
  const [activeTab, setActiveTab] = useState(tabs[0].id);
@@ -137,7 +137,7 @@ export const OnboardingSetupInstructions = ({
            <div className="mt-4 flex justify-between space-x-2">
              <Button
                id="onboarding-inapp-connect-copy-code"
-                variant={widgetSetupCompleted ? "secondary" : "default"}
+                variant={appSetupCompleted ? "secondary" : "default"}
                onClick={() => {
                  navigator.clipboard.writeText(
                    channel === "app" ? htmlSnippetForAppSurveys : htmlSnippetForWebsiteSurveys
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/page.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/page.tsx
@@ -42,7 +42,7 @@ const Page = async (props: ConnectPageProps) => {
      <ConnectWithFormbricks
        environment={environment}
        publicDomain={publicDomain}
-        widgetSetupCompleted={environment.appSetupCompleted}
+        appSetupCompleted={environment.appSetupCompleted}
        channel={channel}
      />
      <Button
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.test.tsx
@@ -45,22 +45,11 @@ afterEach(() => {
 });

 describe("LandingSidebar component", () => {
-  const user = { id: "u1", name: "Alice", email: "alice@example.com", imageUrl: "" } as any;
+  const user = { id: "u1", name: "Alice", email: "alice@example.com" } as any;
  const organization = { id: "o1", name: "orgOne" } as any;
-  const organizations = [
-    { id: "o2", name: "betaOrg" },
-    { id: "o1", name: "alphaOrg" },
-  ] as any;

  test("renders logo, avatar, and initial modal closed", () => {
-    render(
-      <LandingSidebar
-        isMultiOrgEnabled={false}
-        user={user}
-        organization={organization}
-        organizations={organizations}
-      />
-    );
+    render(<LandingSidebar user={user} organization={organization} />);

    // Formbricks logo
    expect(screen.getByAltText("environments.formbricks_logo")).toBeInTheDocument();
@@ -71,14 +60,7 @@ describe("LandingSidebar component", () => {
  });

  test("clicking logout triggers signOut", async () => {
-    render(
-      <LandingSidebar
-        isMultiOrgEnabled={false}
-        user={user}
-        organization={organization}
-        organizations={organizations}
-      />
-    );
+    render(<LandingSidebar user={user} organization={organization} />);

    // Open user dropdown by clicking on avatar trigger
    const trigger = screen.getByTestId("avatar").parentElement;
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.tsx
@@ -10,48 +10,27 @@ import {
  DropdownMenu,
  DropdownMenuContent,
  DropdownMenuItem,
-  DropdownMenuPortal,
-  DropdownMenuRadioGroup,
-  DropdownMenuRadioItem,
-  DropdownMenuSeparator,
-  DropdownMenuSub,
-  DropdownMenuSubContent,
-  DropdownMenuSubTrigger,
  DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
 import { useTranslate } from "@tolgee/react";
-import { ArrowUpRightIcon, ChevronRightIcon, LogOutIcon, PlusIcon } from "lucide-react";
+import { ArrowUpRightIcon, ChevronRightIcon, LogOutIcon } from "lucide-react";
 import Image from "next/image";
 import Link from "next/link";
-import { useRouter } from "next/navigation";
-import { useMemo, useState } from "react";
+import { useState } from "react";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TUser } from "@formbricks/types/user";

 interface LandingSidebarProps {
-  isMultiOrgEnabled: boolean;
  user: TUser;
  organization: TOrganization;
-  organizations: TOrganization[];
 }

-export const LandingSidebar = ({
-  isMultiOrgEnabled,
-  user,
-  organization,
-  organizations,
-}: LandingSidebarProps) => {
+export const LandingSidebar = ({ user, organization }: LandingSidebarProps) => {
  const [openCreateOrganizationModal, setOpenCreateOrganizationModal] = useState<boolean>(false);

  const { t } = useTranslate();
  const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });

-  const router = useRouter();
-
-  const handleEnvironmentChangeByOrganization = (organizationId: string) => {
-    router.push(`/organizations/${organizationId}/`);
-  };
-
  const dropdownNavigation = [
    {
      label: t("common.documentation"),
@@ -61,13 +40,6 @@ export const LandingSidebar = ({
    },
  ];

-  const currentOrganizationId = organization?.id;
-  const currentOrganizationName = capitalizeFirstLetter(organization?.name);
-
-  const sortedOrganizations = useMemo(() => {
-    return [...organizations].sort((a, b) => a.name.localeCompare(b.name));
-  }, [organizations]);
-
  return (
    <aside
      className={cn(
@@ -80,27 +52,28 @@ export const LandingSidebar = ({
          <DropdownMenuTrigger
            asChild
            id="userDropdownTrigger"
-            className="w-full rounded-br-xl border-t py-4 pl-4 transition-colors duration-200 hover:bg-slate-50 focus:outline-none">
-            <div tabIndex={0} className={cn("flex cursor-pointer flex-row items-center space-x-3")}>
-              <ProfileAvatar userId={user.id} imageUrl={user.imageUrl} />
-              <>
-                <div>
-                  <p
-                    title={user?.email}
-                    className={cn(
-                      "ph-no-capture ph-no-capture -mb-0.5 max-w-28 truncate text-sm font-bold text-slate-700"
-                    )}>
-                    {user?.name ? <span>{user?.name}</span> : <span>{user?.email}</span>}
-                  </p>
-                  <p
-                    title={capitalizeFirstLetter(organization?.name)}
-                    className="max-w-28 truncate text-sm text-slate-500">
-                    {capitalizeFirstLetter(organization?.name)}
-                  </p>
-                </div>
-                <ChevronRightIcon className={cn("h-5 w-5 text-slate-700 hover:text-slate-500")} />
-              </>
-            </div>
+            className="w-full rounded-br-xl border-t p-4 transition-colors duration-200 hover:bg-slate-50 focus:outline-none">
+            <button
+              type="button"
+              className={cn("flex w-full cursor-pointer flex-row items-center gap-3 text-left")}
+              aria-haspopup="menu">
+              <ProfileAvatar userId={user.id} />
+              <div className="grow overflow-hidden">
+                <p
+                  title={user?.email}
+                  className={cn(
+                    "ph-no-capture ph-no-capture -mb-0.5 truncate text-sm font-bold text-slate-700"
+                  )}>
+                  {user?.name ? <span>{user?.name}</span> : <span>{user?.email}</span>}
+                </p>
+                <p
+                  title={capitalizeFirstLetter(organization?.name)}
+                  className="truncate text-sm text-slate-500">
+                  {capitalizeFirstLetter(organization?.name)}
+                </p>
+              </div>
+              <ChevronRightIcon className={cn("h-5 w-5 shrink-0 text-slate-700 hover:text-slate-500")} />
+            </button>
          </DropdownMenuTrigger>

          <DropdownMenuContent
@@ -112,7 +85,13 @@ export const LandingSidebar = ({
            {/* Dropdown Items */}

            {dropdownNavigation.map((link) => (
-              <Link id={link.href} href={link.href} target={link.target} className="flex w-full items-center">
+              <Link
+                key={link.href}
+                id={link.href}
+                href={link.href}
+                target={link.target}
+                rel={link.target === "_blank" ? "noopener noreferrer" : undefined}
+                className="flex w-full items-center">
                <DropdownMenuItem>
                  <link.icon className="mr-2 h-4 w-4" strokeWidth={1.5} />
                  {link.label}
@@ -121,7 +100,6 @@ export const LandingSidebar = ({
            ))}

            {/* Logout */}
-
            <DropdownMenuItem
              onClick={async () => {
                await signOutWithAudit({
@@ -136,45 +114,6 @@ export const LandingSidebar = ({
              icon={<LogOutIcon className="mr-2 h-4 w-4" strokeWidth={1.5} />}>
              {t("common.logout")}
            </DropdownMenuItem>
-
-            {/* Organization Switch */}
-
-            {(isMultiOrgEnabled || organizations.length > 1) && (
-              <DropdownMenuSub>
-                <DropdownMenuSubTrigger className="rounded-lg">
-                  <div>
-                    <p>{currentOrganizationName}</p>
-                    <p className="block text-xs text-slate-500">{t("common.switch_organization")}</p>
-                  </div>
-                </DropdownMenuSubTrigger>
-                <DropdownMenuPortal>
-                  <DropdownMenuSubContent sideOffset={10} alignOffset={5}>
-                    <DropdownMenuRadioGroup
-                      value={currentOrganizationId}
-                      onValueChange={(organizationId) =>
-                        handleEnvironmentChangeByOrganization(organizationId)
-                      }>
-                      {sortedOrganizations.map((organization) => (
-                        <DropdownMenuRadioItem
-                          value={organization.id}
-                          className="cursor-pointer rounded-lg"
-                          key={organization.id}>
-                          {organization.name}
-                        </DropdownMenuRadioItem>
-                      ))}
-                    </DropdownMenuRadioGroup>
-                    <DropdownMenuSeparator />
-                    {isMultiOrgEnabled && (
-                      <DropdownMenuItem
-                        onClick={() => setOpenCreateOrganizationModal(true)}
-                        icon={<PlusIcon className="mr-2 h-4 w-4" />}>
-                        <span>{t("common.create_new_organization")}</span>
-                      </DropdownMenuItem>
-                    )}
-                  </DropdownMenuSubContent>
-                </DropdownMenuPortal>
-              </DropdownMenuSub>
-            )}
          </DropdownMenuContent>
        </DropdownMenu>
      </div>
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.test.tsx
@@ -1,3 +1,4 @@
+import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getOrganizationsByUserId } from "@/lib/organization/service";
 import { getUser } from "@/lib/user/service";
 import { getOrganizationAuth } from "@/modules/organization/lib/utils";
@@ -15,6 +16,7 @@ vi.mock("@/modules/ee/license-check/lib/license", () => ({
    isPendingDowngrade: false,
    fallbackLevel: "live",
  }),
+  getLicenseFeatures: vi.fn().mockResolvedValue({ isMultiOrgEnabled: true }),
 }));

 vi.mock("@/lib/constants", () => ({
@@ -101,16 +103,32 @@ vi.mock("@/lib/constants", () => ({
  AUDIT_LOG_ENABLED: true,
 }));

+vi.mock("@/lib/getPublicUrl", () => ({
+  getPublicDomain: vi.fn().mockReturnValue("http://localhost:3000"),
+}));
+
 vi.mock("@/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar", () => ({
  LandingSidebar: () => <div data-testid="landing-sidebar" />,
 }));
+vi.mock("@/app/(app)/environments/[environmentId]/components/project-and-org-switch", () => ({
+  ProjectAndOrgSwitch: () => <div data-testid="project-and-org-switch" />,
+}));
 vi.mock("@/modules/organization/lib/utils");
 vi.mock("@/lib/user/service");
 vi.mock("@/lib/organization/service");
+vi.mock("@/lib/membership/service");
 vi.mock("@/tolgee/server");
 vi.mock("next/navigation", () => ({
  redirect: vi.fn(() => "REDIRECT_STUB"),
  notFound: vi.fn(() => "NOT_FOUND_STUB"),
+  usePathname: vi.fn(() => "/organizations/org1"),
+  useRouter: vi.fn(() => ({
+    push: vi.fn(),
+    replace: vi.fn(),
+    back: vi.fn(),
+    forward: vi.fn(),
+    refresh: vi.fn(),
+  })),
 }));

 // Mock the React cache function
@@ -142,6 +160,7 @@ describe("Page component", () => {
        isPendingDowngrade: false,
        fallbackLevel: "live",
      }),
+      getLicenseFeatures: vi.fn().mockResolvedValue({ isMultiOrgEnabled: true }),
    }));
    const { default: Page } = await import("./page");
    const result = await Page({ params: { organizationId: "org1" } });
@@ -163,6 +182,7 @@ describe("Page component", () => {
        isPendingDowngrade: false,
        fallbackLevel: "live",
      }),
+      getLicenseFeatures: vi.fn().mockResolvedValue({ isMultiOrgEnabled: true }),
    }));
    const { default: Page } = await import("./page");
    const result = await Page({ params: { organizationId: "org1" } });
@@ -173,10 +193,16 @@ describe("Page component", () => {
  test("renders header and sidebar for authenticated user", async () => {
    vi.mocked(getOrganizationAuth).mockResolvedValue({
      session: { user: { id: "user1" } },
-      organization: { id: "org1" },
+      organization: { id: "org1", billing: { plan: "free" } },
    } as any);
    vi.mocked(getUser).mockResolvedValue({ id: "user1", name: "Test User" } as any);
    vi.mocked(getOrganizationsByUserId).mockResolvedValue([{ id: "org1", name: "Org One" } as any]);
+    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue({
+      organizationId: "org1",
+      userId: "user1",
+      accepted: true,
+      role: "member",
+    } as any);
    vi.mocked(getTranslate).mockResolvedValue((props: any) =>
      typeof props === "string" ? props : props.key || ""
    );
@@ -188,11 +214,13 @@ describe("Page component", () => {
        isPendingDowngrade: false,
        fallbackLevel: "live",
      }),
+      getLicenseFeatures: vi.fn().mockResolvedValue({ isMultiOrgEnabled: true }),
    }));
    const { default: Page } = await import("./page");
    const element = await Page({ params: { organizationId: "org1" } });
    render(element as React.ReactElement);
    expect(screen.getByTestId("landing-sidebar")).toBeInTheDocument();
+    expect(screen.getByTestId("project-and-org-switch")).toBeInTheDocument();
    expect(screen.getByText("organizations.landing.no_projects_warning_title")).toBeInTheDocument();
    expect(screen.getByText("organizations.landing.no_projects_warning_subtitle")).toBeInTheDocument();
  });
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.tsx
@@ -1,7 +1,11 @@
 import { LandingSidebar } from "@/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar";
+import { ProjectAndOrgSwitch } from "@/app/(app)/environments/[environmentId]/components/project-and-org-switch";
+import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
+import { getAccessFlags } from "@/lib/membership/utils";
 import { getOrganizationsByUserId } from "@/lib/organization/service";
 import { getUser } from "@/lib/user/service";
-import { getEnterpriseLicense } from "@/modules/ee/license-check/lib/license";
+import { getIsMultiOrgEnabled } from "@/modules/ee/license-check/lib/utils";
 import { getOrganizationAuth } from "@/modules/organization/lib/utils";
 import { Header } from "@/modules/ui/components/header";
 import { getTranslate } from "@/tolgee/server";
@@ -22,24 +26,38 @@ const Page = async (props) => {

  const organizations = await getOrganizationsByUserId(session.user.id);

-  const { features } = await getEnterpriseLicense();
+  const isMultiOrgEnabled = await getIsMultiOrgEnabled();

-  const isMultiOrgEnabled = features?.isMultiOrgEnabled ?? false;
+  const membership = await getMembershipByUserIdOrganizationId(session.user.id, organization.id);
+  const { isMember } = getAccessFlags(membership?.role);

  return (
    <div className="flex min-h-full min-w-full flex-row">
-      <LandingSidebar
-        user={user}
-        organization={organization}
-        isMultiOrgEnabled={isMultiOrgEnabled}
-        organizations={organizations}
-      />
+      <LandingSidebar user={user} organization={organization} />
      <div className="flex-1">
-        <div className="flex h-full flex-col items-center justify-center space-y-12">
-          <Header
-            title={t("organizations.landing.no_projects_warning_title")}
-            subtitle={t("organizations.landing.no_projects_warning_subtitle")}
-          />
+        <div className="flex h-full flex-col">
+          <div className="p-6">
+            {/* we only need to render organization breadcrumb on this page, so we pass some default value without actually calculating them to ProjectAndOrgSwitch component  */}
+            <ProjectAndOrgSwitch
+              currentOrganizationId={organization.id}
+              organizations={organizations}
+              projects={[]}
+              isMultiOrgEnabled={isMultiOrgEnabled}
+              organizationProjectsLimit={0}
+              isFormbricksCloud={IS_FORMBRICKS_CLOUD}
+              isLicenseActive={false}
+              isOwnerOrManager={false}
+              isAccessControlAllowed={false}
+              isMember={isMember}
+              environments={[]}
+            />
+          </div>
+          <div className="flex h-full flex-col items-center justify-center space-y-12">
+            <Header
+              title={t("organizations.landing.no_projects_warning_title")}
+              subtitle={t("organizations.landing.no_projects_warning_subtitle")}
+            />
+          </div>
        </div>
      </div>
    </div>
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings.test.tsx
@@ -62,7 +62,7 @@ describe("ProjectSettings component", () => {
    industry: "ind",
    defaultBrandColor: "#fff",
    organizationTeams: [],
-    canDoRoleManagement: false,
+    isAccessControlAllowed: false,
    userProjectsCount: 0,
  } as any;

--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings.tsx
@@ -42,7 +42,7 @@ interface ProjectSettingsProps {
  industry: TProjectConfigIndustry;
  defaultBrandColor: string;
  organizationTeams: TOrganizationTeam[];
-  canDoRoleManagement: boolean;
+  isAccessControlAllowed: boolean;
  userProjectsCount: number;
 }

@@ -53,7 +53,7 @@ export const ProjectSettings = ({
  industry,
  defaultBrandColor,
  organizationTeams,
-  canDoRoleManagement = false,
+  isAccessControlAllowed = false,
  userProjectsCount,
 }: ProjectSettingsProps) => {
  const [createTeamModalOpen, setCreateTeamModalOpen] = useState(false);
@@ -174,7 +174,7 @@ export const ProjectSettings = ({
              )}
            />

-            {canDoRoleManagement && userProjectsCount > 0 && (
+            {isAccessControlAllowed && userProjectsCount > 0 && (
              <FormField
                control={form.control}
                name="teamIds"
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/page.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/page.test.tsx
@@ -1,6 +1,6 @@
 import { getTeamsByOrganizationId } from "@/app/(app)/(onboarding)/lib/onboarding";
 import { getUserProjects } from "@/lib/project/service";
-import { getRoleManagementPermission } from "@/modules/ee/license-check/lib/utils";
+import { getAccessControlPermission } from "@/modules/ee/license-check/lib/utils";
 import { getOrganizationAuth } from "@/modules/organization/lib/utils";
 import "@testing-library/jest-dom/vitest";
 import { cleanup, render, screen } from "@testing-library/react";
@@ -12,7 +12,7 @@ vi.mock("@/lib/constants", () => ({ DEFAULT_BRAND_COLOR: "#fff" }));
 // Mocks before component import
 vi.mock("@/app/(app)/(onboarding)/lib/onboarding", () => ({ getTeamsByOrganizationId: vi.fn() }));
 vi.mock("@/lib/project/service", () => ({ getUserProjects: vi.fn() }));
-vi.mock("@/modules/ee/license-check/lib/utils", () => ({ getRoleManagementPermission: vi.fn() }));
+vi.mock("@/modules/ee/license-check/lib/utils", () => ({ getAccessControlPermission: vi.fn() }));
 vi.mock("@/modules/organization/lib/utils", () => ({ getOrganizationAuth: vi.fn() }));
 vi.mock("@/tolgee/server", () => ({ getTranslate: () => Promise.resolve((key: string) => key) }));
 vi.mock("next/navigation", () => ({ redirect: vi.fn() }));
@@ -61,7 +61,7 @@ describe("ProjectSettingsPage", () => {
    } as any);
    vi.mocked(getUserProjects).mockResolvedValueOnce([] as any);
    vi.mocked(getTeamsByOrganizationId).mockResolvedValueOnce(null as any);
-    vi.mocked(getRoleManagementPermission).mockResolvedValueOnce(false as any);
+    vi.mocked(getAccessControlPermission).mockResolvedValueOnce(false as any);

    await expect(Page({ params, searchParams })).rejects.toThrow("common.organization_teams_not_found");
  });
@@ -73,7 +73,7 @@ describe("ProjectSettingsPage", () => {
    } as any);
    vi.mocked(getUserProjects).mockResolvedValueOnce([{ id: "p1" }] as any);
    vi.mocked(getTeamsByOrganizationId).mockResolvedValueOnce([{ id: "t1", name: "Team1" }] as any);
-    vi.mocked(getRoleManagementPermission).mockResolvedValueOnce(true as any);
+    vi.mocked(getAccessControlPermission).mockResolvedValueOnce(true as any);

    const element = await Page({ params, searchParams });
    render(element as React.ReactElement);
@@ -96,7 +96,7 @@ describe("ProjectSettingsPage", () => {
    } as any);
    vi.mocked(getUserProjects).mockResolvedValueOnce([] as any);
    vi.mocked(getTeamsByOrganizationId).mockResolvedValueOnce([{ id: "t1", name: "Team1" }] as any);
-    vi.mocked(getRoleManagementPermission).mockResolvedValueOnce(true as any);
+    vi.mocked(getAccessControlPermission).mockResolvedValueOnce(true as any);

    const element = await Page({ params, searchParams });
    render(element as React.ReactElement);
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/page.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/page.tsx
@@ -2,7 +2,7 @@ import { getTeamsByOrganizationId } from "@/app/(app)/(onboarding)/lib/onboardin
 import { ProjectSettings } from "@/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings";
 import { DEFAULT_BRAND_COLOR } from "@/lib/constants";
 import { getUserProjects } from "@/lib/project/service";
-import { getRoleManagementPermission } from "@/modules/ee/license-check/lib/utils";
+import { getAccessControlPermission } from "@/modules/ee/license-check/lib/utils";
 import { getOrganizationAuth } from "@/modules/organization/lib/utils";
 import { Button } from "@/modules/ui/components/button";
 import { Header } from "@/modules/ui/components/header";
@@ -41,7 +41,7 @@ const Page = async (props: ProjectSettingsPageProps) => {

  const organizationTeams = await getTeamsByOrganizationId(params.organizationId);

-  const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
+  const isAccessControlAllowed = await getAccessControlPermission(organization.billing.plan);

  if (!organizationTeams) {
    throw new Error(t("common.organization_teams_not_found"));
@@ -60,7 +60,7 @@ const Page = async (props: ProjectSettingsPageProps) => {
        industry={industry}
        defaultBrandColor={DEFAULT_BRAND_COLOR}
        organizationTeams={organizationTeams}
-        canDoRoleManagement={canDoRoleManagement}
+        isAccessControlAllowed={isAccessControlAllowed}
        userProjectsCount={projects.length}
      />
      {projects.length >= 1 && (
--- a/apps/web/app/(app)/(survey-editor)/environments/[environmentId]/layout.test.tsx
+++ b/apps/web/app/(app)/(survey-editor)/environments/[environmentId]/layout.test.tsx
@@ -18,11 +18,6 @@ vi.mock("@/modules/ui/components/environmentId-base-layout", () => ({
    </div>
  ),
 }));
-vi.mock("@/modules/ui/components/dev-environment-banner", () => ({
-  DevEnvironmentBanner: ({ environment }: any) => (
-    <div data-testid="DevEnvironmentBanner">{environment.id}</div>
-  ),
-}));

 // Mocks for dependencies
 vi.mock("@/modules/environments/lib/utils", () => ({
@@ -58,7 +53,6 @@ describe("SurveyEditorEnvironmentLayout", () => {
    render(result);

    expect(screen.getByTestId("EnvironmentIdBaseLayout")).toHaveTextContent("env1");
-    expect(screen.getByTestId("DevEnvironmentBanner")).toHaveTextContent("env1");
    expect(screen.getByTestId("child")).toHaveTextContent("Survey Editor Content");
  });

--- a/apps/web/app/(app)/(survey-editor)/environments/[environmentId]/layout.tsx
+++ b/apps/web/app/(app)/(survey-editor)/environments/[environmentId]/layout.tsx
@@ -1,6 +1,5 @@
 import { getEnvironment } from "@/lib/environment/service";
 import { environmentIdLayoutChecks } from "@/modules/environments/lib/utils";
-import { DevEnvironmentBanner } from "@/modules/ui/components/dev-environment-banner";
 import { EnvironmentIdBaseLayout } from "@/modules/ui/components/environmentId-base-layout";
 import { redirect } from "next/navigation";

@@ -32,7 +31,6 @@ const SurveyEditorEnvironmentLayout = async (props) => {
      user={user}
      organization={organization}>
      <div className="flex h-screen flex-col">
-        <DevEnvironmentBanner environment={environment} />
        <div className="h-full overflow-y-auto bg-slate-50">{children}</div>
      </div>
    </EnvironmentIdBaseLayout>
--- a/apps/web/app/(app)/environments/[environmentId]/actions.ts
+++ b/apps/web/app/(app)/environments/[environmentId]/actions.ts
@@ -8,8 +8,8 @@ import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-clie
 import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
 import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import {
+  getAccessControlPermission,
  getOrganizationProjectsLimit,
-  getRoleManagementPermission,
 } from "@/modules/ee/license-check/lib/utils";
 import { createProject } from "@/modules/projects/settings/lib/project";
 import { z } from "zod";
@@ -58,9 +58,9 @@ export const createProjectAction = authenticatedActionClient.schema(ZCreateProje
      }

      if (parsedInput.data.teamIds && parsedInput.data.teamIds.length > 0) {
-        const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
+        const isAccessControlAllowed = await getAccessControlPermission(organization.billing.plan);

-        if (!canDoRoleManagement) {
+        if (!isAccessControlAllowed) {
          throw new OperationNotAllowedError("You do not have permission to manage roles");
        }
      }
--- a/apps/web/app/(app)/environments/[environmentId]/actions/components/ActionSettingsTab.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/actions/components/ActionSettingsTab.tsx
@@ -1,254 +0,0 @@
-"use client";
-
-import {
-  deleteActionClassAction,
-  updateActionClassAction,
-} from "@/app/(app)/environments/[environmentId]/actions/actions";
-import { isValidCssSelector } from "@/app/lib/actionClass/actionClass";
-import { Button } from "@/modules/ui/components/button";
-import { CodeActionForm } from "@/modules/ui/components/code-action-form";
-import { DeleteDialog } from "@/modules/ui/components/delete-dialog";
-import { FormControl, FormError, FormField, FormItem, FormLabel } from "@/modules/ui/components/form";
-import { Input } from "@/modules/ui/components/input";
-import { NoCodeActionForm } from "@/modules/ui/components/no-code-action-form";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { useTranslate } from "@tolgee/react";
-import { TrashIcon } from "lucide-react";
-import Link from "next/link";
-import { useRouter } from "next/navigation";
-import { useMemo, useState } from "react";
-import { FormProvider, useForm } from "react-hook-form";
-import { toast } from "react-hot-toast";
-import { z } from "zod";
-import { TActionClass, TActionClassInput, ZActionClassInput } from "@formbricks/types/action-classes";
-
-interface ActionSettingsTabProps {
-  actionClass: TActionClass;
-  actionClasses: TActionClass[];
-  setOpen: (v: boolean) => void;
-  isReadOnly: boolean;
-}
-
-export const ActionSettingsTab = ({
-  actionClass,
-  actionClasses,
-  setOpen,
-  isReadOnly,
-}: ActionSettingsTabProps) => {
-  const { createdAt, updatedAt, id, ...restActionClass } = actionClass;
-  const router = useRouter();
-  const [openDeleteDialog, setOpenDeleteDialog] = useState(false);
-  const { t } = useTranslate();
-  const [isUpdatingAction, setIsUpdatingAction] = useState(false);
-  const [isDeletingAction, setIsDeletingAction] = useState(false);
-
-  const actionClassNames = useMemo(
-    () =>
-      actionClasses.filter((action) => action.id !== actionClass.id).map((actionClass) => actionClass.name),
-    [actionClass.id, actionClasses]
-  );
-
-  const form = useForm<TActionClassInput>({
-    defaultValues: {
-      ...restActionClass,
-    },
-    resolver: zodResolver(
-      ZActionClassInput.superRefine((data, ctx) => {
-        if (data.name && actionClassNames.includes(data.name)) {
-          ctx.addIssue({
-            code: z.ZodIssueCode.custom,
-            path: ["name"],
-            message: t("environments.actions.action_with_name_already_exists", { name: data.name }),
-          });
-        }
-      })
-    ),
-
-    mode: "onChange",
-  });
-
-  const { handleSubmit, control } = form;
-
-  const onSubmit = async (data: TActionClassInput) => {
-    try {
-      if (isReadOnly) {
-        throw new Error(t("common.you_are_not_authorised_to_perform_this_action"));
-      }
-      setIsUpdatingAction(true);
-
-      if (data.name && actionClassNames.includes(data.name)) {
-        throw new Error(t("environments.actions.action_with_name_already_exists", { name: data.name }));
-      }
-
-      if (
-        data.type === "noCode" &&
-        data.noCodeConfig?.type === "click" &&
-        data.noCodeConfig.elementSelector.cssSelector &&
-        !isValidCssSelector(data.noCodeConfig.elementSelector.cssSelector)
-      ) {
-        throw new Error(t("environments.actions.invalid_css_selector"));
-      }
-
-      const updatedData: TActionClassInput = {
-        ...data,
-        ...(data.type === "noCode" &&
-          data.noCodeConfig?.type === "click" && {
-            noCodeConfig: {
-              ...data.noCodeConfig,
-              elementSelector: {
-                cssSelector: data.noCodeConfig.elementSelector.cssSelector,
-                innerHtml: data.noCodeConfig.elementSelector.innerHtml,
-              },
-            },
-          }),
-      };
-      await updateActionClassAction({
-        actionClassId: actionClass.id,
-        updatedAction: updatedData,
-      });
-      setOpen(false);
-      router.refresh();
-      toast.success(t("environments.actions.action_updated_successfully"));
-    } catch (error) {
-      toast.error(error.message);
-    } finally {
-      setIsUpdatingAction(false);
-    }
-  };
-
-  const handleDeleteAction = async () => {
-    try {
-      setIsDeletingAction(true);
-      await deleteActionClassAction({ actionClassId: actionClass.id });
-      router.refresh();
-      toast.success(t("environments.actions.action_deleted_successfully"));
-      setOpen(false);
-    } catch (error) {
-      toast.error(t("common.something_went_wrong_please_try_again"));
-    } finally {
-      setIsDeletingAction(false);
-    }
-  };
-
-  return (
-    <div>
-      <FormProvider {...form}>
-        <form onSubmit={handleSubmit(onSubmit)}>
-          <div className="max-h-[400px] w-full space-y-4 overflow-y-auto">
-            <div className="grid w-full grid-cols-2 gap-x-4">
-              <div className="col-span-1">
-                <FormField
-                  control={control}
-                  name="name"
-                  disabled={isReadOnly}
-                  render={({ field, fieldState: { error } }) => (
-                    <FormItem>
-                      <FormLabel htmlFor="actionNameSettingsInput">
-                        {actionClass.type === "noCode"
-                          ? t("environments.actions.what_did_your_user_do")
-                          : t("environments.actions.display_name")}
-                      </FormLabel>
-
-                      <FormControl>
-                        <Input
-                          type="text"
-                          id="actionNameSettingsInput"
-                          {...field}
-                          placeholder={t("environments.actions.eg_clicked_download")}
-                          isInvalid={!!error?.message}
-                          disabled={isReadOnly}
-                        />
-                      </FormControl>
-
-                      <FormError />
-                    </FormItem>
-                  )}
-                />
-              </div>
-
-              <div className="col-span-1">
-                <FormField
-                  control={control}
-                  name="description"
-                  render={({ field }) => (
-                    <FormItem>
-                      <FormLabel htmlFor="actionDescriptionSettingsInput">
-                        {t("common.description")}
-                      </FormLabel>
-
-                      <FormControl>
-                        <Input
-                          type="text"
-                          id="actionDescriptionSettingsInput"
-                          {...field}
-                          placeholder={t("environments.actions.user_clicked_download_button")}
-                          value={field.value ?? ""}
-                          disabled={isReadOnly}
-                        />
-                      </FormControl>
-                    </FormItem>
-                  )}
-                />
-              </div>
-            </div>
-
-            {actionClass.type === "code" ? (
-              <>
-                <CodeActionForm form={form} isReadOnly={true} />
-                <p className="text-sm text-slate-600">
-                  {t("environments.actions.this_is_a_code_action_please_make_changes_in_your_code_base")}
-                </p>
-              </>
-            ) : actionClass.type === "noCode" ? (
-              <NoCodeActionForm form={form} isReadOnly={isReadOnly} />
-            ) : (
-              <p className="text-sm text-slate-600">
-                {t(
-                  "environments.actions.this_action_was_created_automatically_you_cannot_make_changes_to_it"
-                )}
-              </p>
-            )}
-          </div>
-
-          <div className="flex justify-between gap-x-2 border-slate-200 pt-4">
-            <div className="flex items-center gap-x-2">
-              {!isReadOnly ? (
-                <Button
-                  type="button"
-                  variant="destructive"
-                  onClick={() => setOpenDeleteDialog(true)}
-                  id="deleteActionModalTrigger">
-                  <TrashIcon />
-                  {t("common.delete")}
-                </Button>
-              ) : null}
-
-              <Button variant="secondary" asChild>
-                <Link href="https://formbricks.com/docs/actions/no-code" target="_blank">
-                  {t("common.read_docs")}
-                </Link>
-              </Button>
-            </div>
-
-            {!isReadOnly ? (
-              <div className="flex space-x-2">
-                <Button type="submit" loading={isUpdatingAction}>
-                  {t("common.save_changes")}
-                </Button>
-              </div>
-            ) : null}
-          </div>
-        </form>
-      </FormProvider>
-
-      <DeleteDialog
-        open={openDeleteDialog}
-        setOpen={setOpenDeleteDialog}
-        isDeleting={isDeletingAction}
-        deleteWhat={t("common.action")}
-        text={t("environments.actions.delete_action_text")}
-        onDelete={handleDeleteAction}
-      />
-    </div>
-  );
-};
--- a/apps/web/app/(app)/environments/[environmentId]/actions/components/ActionTableHeading.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/actions/components/ActionTableHeading.tsx
@@ -1,14 +0,0 @@
-import { getTranslate } from "@/tolgee/server";
-
-export const ActionTableHeading = async () => {
-  const t = await getTranslate();
-  return (
-    <>
-      <div className="grid h-12 grid-cols-6 content-center border-b border-slate-200 text-left text-sm font-semibold text-slate-900">
-        <span className="sr-only">{t("common.edit")}</span>
-        <div className="col-span-4 pl-6">{t("environments.actions.user_actions")}</div>
-        <div className="col-span-2 text-center">{t("common.created")}</div>
-      </div>
-    </>
-  );
-};
--- a/apps/web/app/(app)/environments/[environmentId]/actions/components/AddActionModal.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/actions/components/AddActionModal.tsx
@@ -1,58 +0,0 @@
-"use client";
-
-import { CreateNewActionTab } from "@/modules/survey/editor/components/create-new-action-tab";
-import { Button } from "@/modules/ui/components/button";
-import {
-  Dialog,
-  DialogBody,
-  DialogContent,
-  DialogDescription,
-  DialogHeader,
-  DialogTitle,
-} from "@/modules/ui/components/dialog";
-import { useTranslate } from "@tolgee/react";
-import { MousePointerClickIcon, PlusIcon } from "lucide-react";
-import { useState } from "react";
-import { TActionClass } from "@formbricks/types/action-classes";
-
-interface AddActionModalProps {
-  environmentId: string;
-  actionClasses: TActionClass[];
-  isReadOnly: boolean;
-}
-
-export const AddActionModal = ({ environmentId, actionClasses, isReadOnly }: AddActionModalProps) => {
-  const { t } = useTranslate();
-  const [open, setOpen] = useState(false);
-
-  const [newActionClasses, setNewActionClasses] = useState<TActionClass[]>(actionClasses);
-
-  return (
-    <>
-      <Button size="sm" onClick={() => setOpen(true)}>
-        {t("common.add_action")}
-        <PlusIcon />
-      </Button>
-      <Dialog open={open} onOpenChange={setOpen}>
-        <DialogContent disableCloseOnOutsideClick>
-          <DialogHeader>
-            <MousePointerClickIcon />
-            <DialogTitle>{t("environments.actions.track_new_user_action")}</DialogTitle>
-            <DialogDescription>
-              {t("environments.actions.track_user_action_to_display_surveys_or_create_user_segment")}
-            </DialogDescription>
-          </DialogHeader>
-          <DialogBody>
-            <CreateNewActionTab
-              actionClasses={newActionClasses}
-              environmentId={environmentId}
-              isReadOnly={isReadOnly}
-              setActionClasses={setNewActionClasses}
-              setOpen={setOpen}
-            />
-          </DialogBody>
-        </DialogContent>
-      </Dialog>
-    </>
-  );
-};
--- a/apps/web/app/(app)/environments/[environmentId]/actions/loading.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/actions/loading.test.tsx
@@ -1,44 +0,0 @@
-import { cleanup, render, screen } from "@testing-library/react";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import Loading from "./loading";
-
-// Mock child components
-vi.mock("@/modules/ui/components/page-content-wrapper", () => ({
-  PageContentWrapper: ({ children }: { children: React.ReactNode }) => (
-    <div data-testid="page-content-wrapper">{children}</div>
-  ),
-}));
-
-vi.mock("@/modules/ui/components/page-header", () => ({
-  PageHeader: ({ pageTitle }: { pageTitle: string }) => <div data-testid="page-header">{pageTitle}</div>,
-}));
-
-describe("Loading", () => {
-  afterEach(() => {
-    cleanup();
-  });
-
-  test("renders loading state correctly", () => {
-    render(<Loading />);
-
-    // Check if mocked components are rendered
-    expect(screen.getByTestId("page-content-wrapper")).toBeInTheDocument();
-    expect(screen.getByTestId("page-header")).toBeInTheDocument();
-    expect(screen.getByTestId("page-header")).toHaveTextContent("common.actions");
-
-    // Check for translated table headers
-    expect(screen.getByText("environments.actions.user_actions")).toBeInTheDocument();
-    expect(screen.getByText("common.created")).toBeInTheDocument();
-    expect(screen.getByText("common.edit")).toBeInTheDocument(); // Screen reader text
-
-    // Check for skeleton elements (presence of animate-pulse class)
-    const skeletonElements = document.querySelectorAll(".animate-pulse");
-    expect(skeletonElements.length).toBeGreaterThan(0); // Ensure some skeleton elements are rendered
-
-    // Check for the presence of multiple skeleton rows (3 rows * 4 pulse elements per row = 12)
-    const pulseDivs = screen.getAllByText((_, element) => {
-      return element?.tagName.toLowerCase() === "div" && element.classList.contains("animate-pulse");
-    });
-    expect(pulseDivs.length).toBe(3 * 4); // 3 rows, 4 pulsing divs per row (icon, name, desc, created)
-  });
-});
--- a/apps/web/app/(app)/environments/[environmentId]/actions/loading.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/actions/loading.tsx
@@ -1,46 +0,0 @@
-"use client";
-
-import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
-import { PageHeader } from "@/modules/ui/components/page-header";
-import { useTranslate } from "@tolgee/react";
-
-const Loading = () => {
-  const { t } = useTranslate();
-  return (
-    <>
-      <PageContentWrapper>
-        <PageHeader pageTitle={t("common.actions")} />
-        <div className="rounded-xl border border-slate-200 bg-white shadow-sm">
-          <div className="grid h-12 grid-cols-6 content-center border-b border-slate-200 text-left text-sm font-semibold text-slate-900">
-            <span className="sr-only">{t("common.edit")}</span>
-            <div className="col-span-4 pl-6">{t("environments.actions.user_actions")}</div>
-            <div className="col-span-2 text-center">{t("common.created")}</div>
-          </div>
-          {[...Array(3)].map((_, index) => (
-            <div
-              key={index}
-              className="m-2 grid h-16 grid-cols-6 content-center rounded-lg transition-colors ease-in-out hover:bg-slate-100">
-              <div className="col-span-4 flex items-center pl-6 text-sm">
-                <div className="flex items-center">
-                  <div className="h-6 w-6 flex-shrink-0 animate-pulse rounded-full bg-slate-200 text-slate-500" />
-                  <div className="ml-4 text-left">
-                    <div className="font-medium text-slate-900">
-                      <div className="mt-0 h-4 w-48 animate-pulse rounded-full bg-slate-200"></div>
-                    </div>
-                    <div className="mt-1 text-xs text-slate-400">
-                      <div className="h-2 w-24 animate-pulse rounded-full bg-slate-200"></div>
-                    </div>
-                  </div>
-                </div>
-              </div>
-              <div className="col-span-2 my-auto flex justify-center whitespace-nowrap text-center text-sm text-slate-500">
-                <div className="h-4 w-28 animate-pulse rounded-full bg-slate-200"></div>
-              </div>
-            </div>
-          ))}
-        </div>
-      </PageContentWrapper>
-    </>
-  );
-};
-export default Loading;
--- a/apps/web/app/(app)/environments/[environmentId]/actions/page.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/actions/page.test.tsx
@@ -1,161 +0,0 @@
-import { getActionClasses } from "@/lib/actionClass/service";
-import { getEnvironments } from "@/lib/environment/service";
-import { findMatchingLocale } from "@/lib/utils/locale";
-import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
-import { TEnvironmentAuth } from "@/modules/environments/types/environment-auth";
-import { cleanup, render, screen } from "@testing-library/react";
-import { redirect } from "next/navigation";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { TActionClass } from "@formbricks/types/action-classes";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TProject } from "@formbricks/types/project";
-// Import the component after mocks
-import Page from "./page";
-
-// Mock dependencies
-vi.mock("@/lib/actionClass/service", () => ({
-  getActionClasses: vi.fn(),
-}));
-vi.mock("@/lib/environment/service", () => ({
-  getEnvironments: vi.fn(),
-}));
-vi.mock("@/lib/utils/locale", () => ({
-  findMatchingLocale: vi.fn(),
-}));
-vi.mock("@/modules/environments/lib/utils", () => ({
-  getEnvironmentAuth: vi.fn(),
-}));
-vi.mock("@/tolgee/server", () => ({
-  getTranslate: async () => (key: string) => key,
-}));
-vi.mock("next/navigation", () => ({
-  redirect: vi.fn(),
-}));
-vi.mock("@/app/(app)/environments/[environmentId]/actions/components/ActionClassesTable", () => ({
-  ActionClassesTable: ({ children }) => <div>ActionClassesTable Mock{children}</div>,
-}));
-vi.mock("@/app/(app)/environments/[environmentId]/actions/components/ActionRowData", () => ({
-  ActionClassDataRow: ({ actionClass }) => <div>ActionClassDataRow Mock: {actionClass.name}</div>,
-}));
-vi.mock("@/app/(app)/environments/[environmentId]/actions/components/ActionTableHeading", () => ({
-  ActionTableHeading: () => <div>ActionTableHeading Mock</div>,
-}));
-vi.mock("@/app/(app)/environments/[environmentId]/actions/components/AddActionModal", () => ({
-  AddActionModal: () => <div>AddActionModal Mock</div>,
-}));
-vi.mock("@/modules/ui/components/page-content-wrapper", () => ({
-  PageContentWrapper: ({ children }) => <div>PageContentWrapper Mock{children}</div>,
-}));
-vi.mock("@/modules/ui/components/page-header", () => ({
-  PageHeader: ({ pageTitle, cta }) => (
-    <div>
-      PageHeader Mock: {pageTitle} {cta && <div>CTA Mock</div>}
-    </div>
-  ),
-}));
-
-// Mock data
-const mockEnvironmentId = "test-env-id";
-const mockProjectId = "test-project-id";
-const mockEnvironment = {
-  id: mockEnvironmentId,
-  name: "Test Environment",
-  type: "development",
-} as unknown as TEnvironment;
-const mockOtherEnvironment = {
-  id: "other-env-id",
-  name: "Other Environment",
-  type: "production",
-} as unknown as TEnvironment;
-const mockProject = { id: mockProjectId, name: "Test Project" } as unknown as TProject;
-const mockActionClasses = [
-  { id: "action1", name: "Action 1", type: "code", environmentId: mockEnvironmentId } as TActionClass,
-  { id: "action2", name: "Action 2", type: "noCode", environmentId: mockEnvironmentId } as TActionClass,
-];
-const mockOtherEnvActionClasses = [
-  { id: "action3", name: "Action 3", type: "code", environmentId: mockOtherEnvironment.id } as TActionClass,
-];
-const mockLocale = "en-US";
-
-const mockParams = { environmentId: mockEnvironmentId };
-const mockProps = { params: mockParams };
-
-describe("Actions Page", () => {
-  beforeEach(() => {
-    vi.mocked(getActionClasses)
-      .mockResolvedValueOnce(mockActionClasses) // First call for current env
-      .mockResolvedValueOnce(mockOtherEnvActionClasses); // Second call for other env
-    vi.mocked(getEnvironments).mockResolvedValue([mockEnvironment, mockOtherEnvironment]);
-    vi.mocked(findMatchingLocale).mockResolvedValue(mockLocale);
-  });
-
-  afterEach(() => {
-    cleanup();
-    vi.resetAllMocks();
-  });
-
-  test("renders the page correctly with actions", async () => {
-    vi.mocked(getEnvironmentAuth).mockResolvedValue({
-      isReadOnly: false,
-      project: mockProject,
-      isBilling: false,
-      environment: mockEnvironment,
-    } as TEnvironmentAuth);
-
-    const PageComponent = await Page(mockProps);
-    render(PageComponent);
-
-    expect(screen.getByText("PageHeader Mock: common.actions")).toBeInTheDocument();
-    expect(screen.getByText("CTA Mock")).toBeInTheDocument(); // AddActionModal rendered via CTA
-    expect(screen.getByText("ActionClassesTable Mock")).toBeInTheDocument();
-    expect(screen.getByText("ActionTableHeading Mock")).toBeInTheDocument();
-    expect(screen.getByText("ActionClassDataRow Mock: Action 1")).toBeInTheDocument();
-    expect(screen.getByText("ActionClassDataRow Mock: Action 2")).toBeInTheDocument();
-    expect(vi.mocked(redirect)).not.toHaveBeenCalled();
-  });
-
-  test("redirects if isBilling is true", async () => {
-    vi.mocked(getEnvironmentAuth).mockResolvedValue({
-      isReadOnly: false,
-      project: mockProject,
-      isBilling: true,
-      environment: mockEnvironment,
-    } as TEnvironmentAuth);
-
-    await Page(mockProps);
-
-    expect(vi.mocked(redirect)).toHaveBeenCalledWith(`/environments/${mockEnvironmentId}/settings/billing`);
-  });
-
-  test("does not render AddActionModal CTA if isReadOnly is true", async () => {
-    vi.mocked(getEnvironmentAuth).mockResolvedValue({
-      isReadOnly: true,
-      project: mockProject,
-      isBilling: false,
-      environment: mockEnvironment,
-    } as TEnvironmentAuth);
-
-    const PageComponent = await Page(mockProps);
-    render(PageComponent);
-
-    expect(screen.getByText("PageHeader Mock: common.actions")).toBeInTheDocument();
-    expect(screen.queryByText("CTA Mock")).not.toBeInTheDocument(); // CTA should not be present
-    expect(screen.getByText("ActionClassesTable Mock")).toBeInTheDocument();
-  });
-
-  test("renders AddActionModal CTA if isReadOnly is false", async () => {
-    vi.mocked(getEnvironmentAuth).mockResolvedValue({
-      isReadOnly: false,
-      project: mockProject,
-      isBilling: false,
-      environment: mockEnvironment,
-    } as TEnvironmentAuth);
-
-    const PageComponent = await Page(mockProps);
-    render(PageComponent);
-
-    expect(screen.getByText("PageHeader Mock: common.actions")).toBeInTheDocument();
-    expect(screen.getByText("CTA Mock")).toBeInTheDocument(); // CTA should be present
-    expect(screen.getByText("ActionClassesTable Mock")).toBeInTheDocument();
-  });
-});
--- a/apps/web/app/(app)/environments/[environmentId]/actions/page.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/actions/page.tsx
@@ -1,66 +0,0 @@
-import { ActionClassesTable } from "@/app/(app)/environments/[environmentId]/actions/components/ActionClassesTable";
-import { ActionClassDataRow } from "@/app/(app)/environments/[environmentId]/actions/components/ActionRowData";
-import { ActionTableHeading } from "@/app/(app)/environments/[environmentId]/actions/components/ActionTableHeading";
-import { AddActionModal } from "@/app/(app)/environments/[environmentId]/actions/components/AddActionModal";
-import { getActionClasses } from "@/lib/actionClass/service";
-import { getEnvironments } from "@/lib/environment/service";
-import { findMatchingLocale } from "@/lib/utils/locale";
-import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
-import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
-import { PageHeader } from "@/modules/ui/components/page-header";
-import { getTranslate } from "@/tolgee/server";
-import { Metadata } from "next";
-import { redirect } from "next/navigation";
-
-export const metadata: Metadata = {
-  title: "Actions",
-};
-
-const Page = async (props) => {
-  const params = await props.params;
-
-  const { isReadOnly, project, isBilling, environment } = await getEnvironmentAuth(params.environmentId);
-
-  const t = await getTranslate();
-
-  const [actionClasses] = await Promise.all([getActionClasses(params.environmentId)]);
-
-  const locale = await findMatchingLocale();
-  const environments = await getEnvironments(project.id);
-
-  const otherEnvironment = environments.filter((env) => env.id !== params.environmentId)[0];
-
-  const otherEnvActionClasses = await getActionClasses(otherEnvironment.id);
-
-  if (isBilling) {
-    return redirect(`/environments/${params.environmentId}/settings/billing`);
-  }
-
-  const renderAddActionButton = () => (
-    <AddActionModal
-      environmentId={params.environmentId}
-      actionClasses={actionClasses}
-      isReadOnly={isReadOnly}
-    />
-  );
-
-  return (
-    <PageContentWrapper>
-      <PageHeader pageTitle={t("common.actions")} cta={!isReadOnly ? renderAddActionButton() : undefined} />
-      <ActionClassesTable
-        environment={environment}
-        otherEnvironment={otherEnvironment}
-        otherEnvActionClasses={otherEnvActionClasses}
-        environmentId={params.environmentId}
-        actionClasses={actionClasses}
-        isReadOnly={isReadOnly}>
-        <ActionTableHeading />
-        {actionClasses.map((actionClass) => (
-          <ActionClassDataRow key={actionClass.id} actionClass={actionClass} locale={locale} />
-        ))}
-      </ActionClassesTable>
-    </PageContentWrapper>
-  );
-};
-
-export default Page;
--- a/apps/web/app/(app)/environments/[environmentId]/actions/utils.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/actions/utils.tsx
@@ -1,6 +0,0 @@
-import { Code2Icon, MousePointerClickIcon } from "lucide-react";
-
-export const ACTION_TYPE_ICON_LOOKUP = {
-  code: <Code2Icon className="h-4 w-4" />,
-  noCode: <MousePointerClickIcon className="h-4 w-4" />,
-};
--- a/apps/web/app/(app)/environments/[environmentId]/components/EnvironmentLayout.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/EnvironmentLayout.test.tsx
@@ -1,3 +1,5 @@
+import { getOrganizationsByUserId } from "@/app/(app)/environments/[environmentId]/lib/organization";
+import { getProjectsByUserId } from "@/app/(app)/environments/[environmentId]/lib/project";
 import { getEnvironment, getEnvironments } from "@/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getAccessFlags } from "@/lib/membership/utils";
@@ -5,13 +7,11 @@ import {
  getMonthlyActiveOrganizationPeopleCount,
  getMonthlyOrganizationResponseCount,
  getOrganizationByEnvironmentId,
-  getOrganizationsByUserId,
 } from "@/lib/organization/service";
-import { getUserProjects } from "@/lib/project/service";
 import { getUser } from "@/lib/user/service";
 import {
+  getAccessControlPermission,
  getOrganizationProjectsLimit,
-  getRoleManagementPermission,
 } from "@/modules/ee/license-check/lib/utils";
 import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
 import { getTeamsByOrganizationId } from "@/modules/ee/teams/team-list/lib/team";
@@ -20,11 +20,7 @@ import type { Session } from "next-auth";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TMembership } from "@formbricks/types/memberships";
-import {
-  TOrganization,
-  TOrganizationBilling,
-  TOrganizationBillingPlanLimits,
-} from "@formbricks/types/organizations";
+import { TOrganization } from "@formbricks/types/organizations";
 import { TProject } from "@formbricks/types/project";
 import { TUser } from "@formbricks/types/user";

@@ -35,16 +31,12 @@ vi.mock("@/lib/environment/service", () => ({
 }));
 vi.mock("@/lib/organization/service", () => ({
  getOrganizationByEnvironmentId: vi.fn(),
-  getOrganizationsByUserId: vi.fn(),
  getMonthlyActiveOrganizationPeopleCount: vi.fn(),
  getMonthlyOrganizationResponseCount: vi.fn(),
 }));
 vi.mock("@/lib/user/service", () => ({
  getUser: vi.fn(),
 }));
-vi.mock("@/lib/project/service", () => ({
-  getUserProjects: vi.fn(),
-}));
 vi.mock("@/lib/membership/service", () => ({
  getMembershipByUserIdOrganizationId: vi.fn(),
 }));
@@ -53,7 +45,7 @@ vi.mock("@/lib/membership/utils", () => ({
 }));
 vi.mock("@/modules/ee/license-check/lib/utils", () => ({
  getOrganizationProjectsLimit: vi.fn(),
-  getRoleManagementPermission: vi.fn(),
+  getAccessControlPermission: vi.fn(),
 }));
 vi.mock("@/modules/ee/teams/lib/roles", () => ({
  getProjectPermissionByUserId: vi.fn(),
@@ -64,6 +56,22 @@ vi.mock("@/modules/ee/teams/team-list/lib/team", () => ({
 vi.mock("@/tolgee/server", () => ({
  getTranslate: async () => (key: string) => key,
 }));
+vi.mock("@/app/(app)/environments/[environmentId]/lib/organization", () => ({
+  getOrganizationsByUserId: vi.fn(),
+}));
+vi.mock("@/app/(app)/environments/[environmentId]/lib/project", () => ({
+  getProjectsByUserId: vi.fn(),
+}));
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    project: {
+      findMany: vi.fn(),
+    },
+    organization: {
+      findMany: vi.fn(),
+    },
+  },
+}));

 let mockIsFormbricksCloud = false;
 let mockIsDevelopment = false;
@@ -79,21 +87,17 @@ vi.mock("@/lib/constants", () => ({

 // Mock components
 vi.mock("@/app/(app)/environments/[environmentId]/components/MainNavigation", () => ({
-  MainNavigation: ({ organizationTeams, canDoRoleManagement }: any) => (
+  MainNavigation: ({ organizationTeams, isAccessControlAllowed }: any) => (
    <div data-testid="main-navigation">
      MainNavigation
      <div data-testid="organization-teams">{JSON.stringify(organizationTeams || [])}</div>
-      <div data-testid="can-do-role-management">{canDoRoleManagement?.toString() || "false"}</div>
+      <div data-testid="is-access-control-allowed">{isAccessControlAllowed?.toString() || "false"}</div>
    </div>
  ),
 }));
 vi.mock("@/app/(app)/environments/[environmentId]/components/TopControlBar", () => ({
  TopControlBar: () => <div data-testid="top-control-bar">TopControlBar</div>,
 }));
-vi.mock("@/modules/ui/components/dev-environment-banner", () => ({
-  DevEnvironmentBanner: ({ environment }: { environment: TEnvironment }) =>
-    environment.type === "development" ? <div data-testid="dev-banner">DevEnvironmentBanner</div> : null,
-}));
 vi.mock("@/modules/ui/components/limits-reached-banner", () => ({
  LimitsReachedBanner: () => <div data-testid="limits-banner">LimitsReachedBanner</div>,
 }));
@@ -113,7 +117,6 @@ const mockUser = {
  name: "Test User",
  email: "test@example.com",
  emailVerified: new Date(),
-  imageUrl: "",
  twoFactorEnabled: false,
  identityProvider: "email",
  createdAt: new Date(),
@@ -124,12 +127,10 @@ const mockUser = {
 const mockOrganization = {
  id: "org-1",
  name: "Test Org",
-  createdAt: new Date(),
-  updatedAt: new Date(),
  billing: {
-    stripeCustomerId: null,
-    limits: { monthly: { responses: null } } as unknown as TOrganizationBillingPlanLimits,
-  } as unknown as TOrganizationBilling,
+    plan: "free",
+    limits: {},
+  },
 } as unknown as TOrganization;

 const mockEnvironment: TEnvironment = {
@@ -192,9 +193,11 @@ describe("EnvironmentLayout", () => {
  beforeEach(() => {
    vi.mocked(getUser).mockResolvedValue(mockUser);
    vi.mocked(getEnvironment).mockResolvedValue(mockEnvironment);
-    vi.mocked(getOrganizationsByUserId).mockResolvedValue([mockOrganization]);
+    vi.mocked(getOrganizationsByUserId).mockResolvedValue([
+      { id: mockOrganization.id, name: mockOrganization.name },
+    ]);
    vi.mocked(getOrganizationByEnvironmentId).mockResolvedValue(mockOrganization);
-    vi.mocked(getUserProjects).mockResolvedValue([mockProject]);
+    vi.mocked(getProjectsByUserId).mockResolvedValue([{ id: mockProject.id, name: mockProject.name }]);
    vi.mocked(getEnvironments).mockResolvedValue([mockEnvironment]);
    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue(mockMembership);
    vi.mocked(getMonthlyActiveOrganizationPeopleCount).mockResolvedValue(100);
@@ -202,7 +205,7 @@ describe("EnvironmentLayout", () => {
    vi.mocked(getOrganizationProjectsLimit).mockResolvedValue(null as any);
    vi.mocked(getProjectPermissionByUserId).mockResolvedValue(mockProjectPermission);
    vi.mocked(getTeamsByOrganizationId).mockResolvedValue(mockOrganizationTeams);
-    vi.mocked(getRoleManagementPermission).mockResolvedValue(true);
+    vi.mocked(getAccessControlPermission).mockResolvedValue(true);
    mockIsDevelopment = false;
    mockIsFormbricksCloud = false;
  });
@@ -241,33 +244,6 @@ describe("EnvironmentLayout", () => {
    expect(screen.queryByTestId("downgrade-banner")).not.toBeInTheDocument();
  });

-  test("renders DevEnvironmentBanner in development environment", async () => {
-    const devEnvironment = { ...mockEnvironment, type: "development" as const };
-    vi.mocked(getEnvironment).mockResolvedValue(devEnvironment);
-    mockIsDevelopment = true;
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    render(
-      await EnvironmentLayout({
-        environmentId: "env-1",
-        session: mockSession,
-        children: <div>Child Content</div>,
-      })
-    );
-    expect(screen.getByTestId("dev-banner")).toBeInTheDocument();
-  });
-
  test("renders LimitsReachedBanner in Formbricks Cloud", async () => {
    mockIsFormbricksCloud = true;
    vi.resetModules();
@@ -315,32 +291,6 @@ describe("EnvironmentLayout", () => {
    expect(screen.getByTestId("downgrade-banner")).toBeInTheDocument();
  });

-  test("passes canDoRoleManagement props to MainNavigation", async () => {
-    vi.resetModules();
-    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
-      getEnterpriseLicense: vi.fn().mockResolvedValue({
-        active: false,
-        isPendingDowngrade: false,
-        features: { isMultiOrgEnabled: false },
-        lastChecked: new Date(),
-        fallbackLevel: "live",
-      }),
-    }));
-    const { EnvironmentLayout } = await import(
-      "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout"
-    );
-    render(
-      await EnvironmentLayout({
-        environmentId: "env-1",
-        session: mockSession,
-        children: <div>Child Content</div>,
-      })
-    );
-
-    expect(screen.getByTestId("can-do-role-management")).toHaveTextContent("true");
-    expect(vi.mocked(getRoleManagementPermission)).toHaveBeenCalledWith(mockOrganization.billing.plan);
-  });
-
  test("handles empty organizationTeams array", async () => {
    vi.mocked(getTeamsByOrganizationId).mockResolvedValue([]);
    vi.resetModules();
@@ -393,8 +343,8 @@ describe("EnvironmentLayout", () => {
    expect(screen.getByTestId("organization-teams")).toHaveTextContent("[]");
  });

-  test("handles canDoRoleManagement false", async () => {
-    vi.mocked(getRoleManagementPermission).mockResolvedValue(false);
+  test("handles isAccessControlAllowed false", async () => {
+    vi.mocked(getAccessControlPermission).mockResolvedValue(false);
    vi.resetModules();
    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
      getEnterpriseLicense: vi.fn().mockResolvedValue({
@@ -416,7 +366,7 @@ describe("EnvironmentLayout", () => {
      })
    );

-    expect(screen.getByTestId("can-do-role-management")).toHaveTextContent("false");
+    expect(screen.getByTestId("is-access-control-allowed")).toHaveTextContent("false");
  });

  test("throws error if user not found", async () => {
@@ -480,7 +430,7 @@ describe("EnvironmentLayout", () => {
  });

  test("throws error if projects, environments or organizations not found", async () => {
-    vi.mocked(getUserProjects).mockResolvedValue(null as any);
+    vi.mocked(getProjectsByUserId).mockResolvedValue(null as any);
    vi.resetModules();
    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
      getEnterpriseLicense: vi.fn().mockResolvedValue({
--- a/apps/web/app/(app)/environments/[environmentId]/components/EnvironmentLayout.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/EnvironmentLayout.tsx
@@ -1,5 +1,7 @@
 import { MainNavigation } from "@/app/(app)/environments/[environmentId]/components/MainNavigation";
 import { TopControlBar } from "@/app/(app)/environments/[environmentId]/components/TopControlBar";
+import { getOrganizationsByUserId } from "@/app/(app)/environments/[environmentId]/lib/organization";
+import { getProjectsByUserId } from "@/app/(app)/environments/[environmentId]/lib/project";
 import { IS_DEVELOPMENT, IS_FORMBRICKS_CLOUD } from "@/lib/constants";
 import { getEnvironment, getEnvironments } from "@/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
@@ -8,17 +10,14 @@ import {
  getMonthlyActiveOrganizationPeopleCount,
  getMonthlyOrganizationResponseCount,
  getOrganizationByEnvironmentId,
-  getOrganizationsByUserId,
 } from "@/lib/organization/service";
-import { getUserProjects } from "@/lib/project/service";
 import { getUser } from "@/lib/user/service";
 import { getEnterpriseLicense } from "@/modules/ee/license-check/lib/license";
 import {
+  getAccessControlPermission,
  getOrganizationProjectsLimit,
-  getRoleManagementPermission,
 } from "@/modules/ee/license-check/lib/utils";
 import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
-import { DevEnvironmentBanner } from "@/modules/ui/components/dev-environment-banner";
 import { LimitsReachedBanner } from "@/modules/ui/components/limits-reached-banner";
 import { PendingDowngradeBanner } from "@/modules/ui/components/pending-downgrade-banner";
 import { getTranslate } from "@/tolgee/server";
@@ -51,18 +50,22 @@ export const EnvironmentLayout = async ({ environmentId, session, children }: En
    throw new Error(t("common.environment_not_found"));
  }

-  const [projects, environments, canDoRoleManagement] = await Promise.all([
-    getUserProjects(user.id, organization.id),
+  const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organization.id);
+  if (!currentUserMembership) {
+    throw new Error(t("common.membership_not_found"));
+  }
+  const membershipRole = currentUserMembership?.role;
+
+  const [projects, environments, isAccessControlAllowed] = await Promise.all([
+    getProjectsByUserId(user.id, currentUserMembership),
    getEnvironments(environment.projectId),
-    getRoleManagementPermission(organization.billing.plan),
+    getAccessControlPermission(organization.billing.plan),
  ]);

  if (!projects || !environments || !organizations) {
    throw new Error(t("environments.projects_environments_organizations_not_found"));
  }

-  const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organization.id);
-  const membershipRole = currentUserMembership?.role;
  const { isMember } = getAccessFlags(membershipRole);

  const { features, lastChecked, isPendingDowngrade, active } = await getEnterpriseLicense();
@@ -87,10 +90,17 @@ export const EnvironmentLayout = async ({ environmentId, session, children }: En

  const organizationProjectsLimit = await getOrganizationProjectsLimit(organization.billing.limits);

+  // Find the current project from the projects array
+  const project = projects.find((p) => p.id === environment.projectId);
+  if (!project) {
+    throw new Error(t("common.project_not_found"));
+  }
+
+  const { isManager, isOwner } = getAccessFlags(membershipRole);
+  const isOwnerOrManager = isManager || isOwner;
+
  return (
    <div className="flex h-screen min-h-screen flex-col overflow-hidden">
-      <DevEnvironmentBanner environment={environment} />
-
      {IS_FORMBRICKS_CLOUD && (
        <LimitsReachedBanner
          organization={organization}
@@ -112,25 +122,28 @@ export const EnvironmentLayout = async ({ environmentId, session, children }: En
        <MainNavigation
          environment={environment}
          organization={organization}
-          organizations={organizations}
          projects={projects}
-          organizationProjectsLimit={organizationProjectsLimit}
          user={user}
          isFormbricksCloud={IS_FORMBRICKS_CLOUD}
          isDevelopment={IS_DEVELOPMENT}
          membershipRole={membershipRole}
-          isMultiOrgEnabled={isMultiOrgEnabled}
-          isLicenseActive={active}
-          canDoRoleManagement={canDoRoleManagement}
        />
-        <div id="mainContent" className="flex-1 overflow-y-auto bg-slate-50">
+        <div id="mainContent" className="flex flex-1 flex-col overflow-hidden bg-slate-50">
          <TopControlBar
-            environment={environment}
            environments={environments}
+            currentOrganizationId={organization.id}
+            organizations={organizations}
+            currentProjectId={project.id}
+            projects={projects}
+            isMultiOrgEnabled={isMultiOrgEnabled}
+            organizationProjectsLimit={organizationProjectsLimit}
+            isFormbricksCloud={IS_FORMBRICKS_CLOUD}
+            isLicenseActive={active}
+            isOwnerOrManager={isOwnerOrManager}
+            isAccessControlAllowed={isAccessControlAllowed}
            membershipRole={membershipRole}
-            projectPermission={projectPermission}
          />
-          <div className="mt-14">{children}</div>
+          <div className="flex-1 overflow-y-auto">{children}</div>
        </div>
      </div>
    </div>
--- a/apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.test.tsx
@@ -1,5 +1,5 @@
 import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
-import { TOrganizationTeam } from "@/modules/ee/teams/team-list/types/team";
+import { getLatestStableFbReleaseAction } from "@/modules/projects/settings/(setup)/app-connection/actions";
 import { cleanup, render, screen, waitFor } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
 import { usePathname, useRouter } from "next/navigation";
@@ -8,7 +8,6 @@ import { TEnvironment } from "@formbricks/types/environment";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TProject } from "@formbricks/types/project";
 import { TUser } from "@formbricks/types/user";
-import { getLatestStableFbReleaseAction } from "../actions/actions";
 import { MainNavigation } from "./MainNavigation";

 // Mock constants that this test needs
@@ -33,7 +32,7 @@ vi.mock("next-auth/react", () => ({
 vi.mock("@/modules/auth/hooks/use-sign-out", () => ({
  useSignOut: vi.fn(() => ({ signOut: vi.fn() })),
 }));
-vi.mock("@/app/(app)/environments/[environmentId]/actions/actions", () => ({
+vi.mock("@/modules/projects/settings/(setup)/app-connection/actions", () => ({
  getLatestStableFbReleaseAction: vi.fn(),
 }));
 vi.mock("@/app/lib/formbricks", () => ({
@@ -52,23 +51,6 @@ vi.mock("@/modules/organization/components/CreateOrganizationModal", () => ({
  CreateOrganizationModal: ({ open }: { open: boolean }) =>
    open ? <div data-testid="create-org-modal">Create Org Modal</div> : null,
 }));
-vi.mock("@/modules/projects/components/project-switcher", () => ({
-  ProjectSwitcher: ({
-    isCollapsed,
-    organizationTeams,
-    canDoRoleManagement,
-  }: {
-    isCollapsed: boolean;
-    organizationTeams: TOrganizationTeam[];
-    canDoRoleManagement: boolean;
-  }) => (
-    <div data-testid="project-switcher" data-collapsed={isCollapsed}>
-      Project Switcher
-      <div data-testid="organization-teams-count">{organizationTeams?.length || 0}</div>
-      <div data-testid="can-do-role-management">{canDoRoleManagement.toString()}</div>
-    </div>
-  ),
-}));
 vi.mock("@/modules/ui/components/avatars", () => ({
  ProfileAvatar: () => <div data-testid="profile-avatar">Avatar</div>,
 }));
@@ -111,7 +93,6 @@ const mockUser = {
  id: "user1",
  name: "Test User",
  email: "test@example.com",
-  imageUrl: "http://example.com/avatar.png",
  emailVerified: new Date(),
  twoFactorEnabled: false,
  identityProvider: "email",
@@ -157,7 +138,7 @@ const defaultProps = {
  membershipRole: "owner" as const,
  organizationProjectsLimit: 5,
  isLicenseActive: true,
-  canDoRoleManagement: true,
+  isAccessControlAllowed: true,
 };

 describe("MainNavigation", () => {
@@ -178,13 +159,11 @@ describe("MainNavigation", () => {

  test("renders expanded by default and collapses on toggle", async () => {
    render(<MainNavigation {...defaultProps} />);
-    const projectSwitcher = screen.getByTestId("project-switcher");
    // Assuming the toggle button is the only one initially without an accessible name
    // A more specific selector like data-testid would be better if available.
    const toggleButton = screen.getByRole("button", { name: "" });

    // Check initial state (expanded)
-    expect(projectSwitcher).toHaveAttribute("data-collapsed", "false");
    expect(screen.getByAltText("environments.formbricks_logo")).toBeInTheDocument();
    // Check localStorage is not set initially after clear()
    expect(localStorage.getItem("isMainNavCollapsed")).toBeNull();
@@ -195,7 +174,6 @@ describe("MainNavigation", () => {
    // Check state after first toggle (collapsed)
    await waitFor(() => {
      // Check that the attribute eventually becomes true
-      expect(projectSwitcher).toHaveAttribute("data-collapsed", "true");
      // Check that localStorage is updated
      expect(localStorage.getItem("isMainNavCollapsed")).toBe("true");
    });
@@ -210,7 +188,6 @@ describe("MainNavigation", () => {
    // Check state after second toggle (expanded)
    await waitFor(() => {
      // Check that the attribute eventually becomes false
-      expect(projectSwitcher).toHaveAttribute("data-collapsed", "false");
      // Check that localStorage is updated
      expect(localStorage.getItem("isMainNavCollapsed")).toBe("false");
    });
@@ -220,14 +197,6 @@ describe("MainNavigation", () => {
    });
  });

-  test("renders correct active navigation link", () => {
-    vi.mocked(usePathname).mockReturnValue("/environments/env1/actions");
-    render(<MainNavigation {...defaultProps} />);
-    const actionsLink = screen.getByRole("link", { name: /common.actions/ });
-    // Check if the parent li has the active class styling
-    expect(actionsLink.closest("li")).toHaveClass("border-brand-dark");
-  });
-
  test("renders user dropdown and handles logout", async () => {
    const mockSignOut = vi.fn().mockResolvedValue({ url: "/auth/login" });
    vi.mocked(useSignOut).mockReturnValue({ signOut: mockSignOut });
@@ -246,8 +215,6 @@ describe("MainNavigation", () => {
      expect(screen.getByText("common.account")).toBeInTheDocument();
    });

-    expect(screen.getByText("common.organization")).toBeInTheDocument();
-    expect(screen.getByText("common.license")).toBeInTheDocument(); // Not cloud, not member
    expect(screen.getByText("common.documentation")).toBeInTheDocument();
    expect(screen.getByText("common.logout")).toBeInTheDocument();

@@ -268,46 +235,6 @@ describe("MainNavigation", () => {
    });
  });

-  test("handles organization switching", async () => {
-    render(<MainNavigation {...defaultProps} />);
-
-    const userTrigger = screen.getByTestId("profile-avatar").parentElement!;
-    await userEvent.click(userTrigger);
-
-    // Wait for the initial dropdown items
-    await waitFor(() => {
-      expect(screen.getByText("common.switch_organization")).toBeInTheDocument();
-    });
-
-    const switchOrgTrigger = screen.getByText("common.switch_organization").closest("div[role='menuitem']")!;
-    await userEvent.hover(switchOrgTrigger); // Hover to open sub-menu
-
-    const org2Item = await screen.findByText("Another Org"); // findByText includes waitFor
-    await userEvent.click(org2Item);
-
-    expect(mockRouterPush).toHaveBeenCalledWith("/organizations/org2/");
-  });
-
-  test("opens create organization modal", async () => {
-    render(<MainNavigation {...defaultProps} />);
-
-    const userTrigger = screen.getByTestId("profile-avatar").parentElement!;
-    await userEvent.click(userTrigger);
-
-    // Wait for the initial dropdown items
-    await waitFor(() => {
-      expect(screen.getByText("common.switch_organization")).toBeInTheDocument();
-    });
-
-    const switchOrgTrigger = screen.getByText("common.switch_organization").closest("div[role='menuitem']")!;
-    await userEvent.hover(switchOrgTrigger); // Hover to open sub-menu
-
-    const createOrgButton = await screen.findByText("common.create_new_organization"); // findByText includes waitFor
-    await userEvent.click(createOrgButton);
-
-    expect(screen.getByTestId("create-org-modal")).toBeInTheDocument();
-  });
-
  test("hides new version banner for members or if no new version", async () => {
    // Test for member
    vi.mocked(getLatestStableFbReleaseAction).mockResolvedValue({ data: "v1.1.0" });
@@ -335,34 +262,25 @@ describe("MainNavigation", () => {
    expect(screen.queryByTestId("project-switcher")).not.toBeInTheDocument();
  });

-  test("shows billing link and hides license link in cloud", async () => {
-    render(<MainNavigation {...defaultProps} isFormbricksCloud={true} />);
-    const userTrigger = screen.getByTestId("profile-avatar").parentElement!;
-    await userEvent.click(userTrigger);
-
-    // Wait for dropdown items
-    await waitFor(() => {
-      expect(screen.getByText("common.billing")).toBeInTheDocument();
-    });
-    expect(screen.queryByText("common.license")).not.toBeInTheDocument();
-  });
-
-  test("passes canDoRoleManagement props to ProjectSwitcher", () => {
+  test("passes isAccessControlAllowed props to ProjectSwitcher", () => {
    render(<MainNavigation {...defaultProps} />);

-    expect(screen.getByTestId("organization-teams-count")).toHaveTextContent("0");
-    expect(screen.getByTestId("can-do-role-management")).toHaveTextContent("true");
+    // Test basic navigation structure is rendered (aside element with complementary role)
+    expect(screen.getByRole("complementary")).toBeInTheDocument();
+    expect(screen.getByTestId("profile-avatar")).toBeInTheDocument();
  });

  test("handles no organizationTeams", () => {
    render(<MainNavigation {...defaultProps} />);

-    expect(screen.getByTestId("organization-teams-count")).toHaveTextContent("0");
+    // Test that navigation renders correctly with no teams
+    expect(screen.getByRole("complementary")).toBeInTheDocument();
  });

-  test("handles canDoRoleManagement false", () => {
-    render(<MainNavigation {...defaultProps} canDoRoleManagement={false} />);
+  test("handles isAccessControlAllowed false", () => {
+    render(<MainNavigation {...defaultProps} />);

-    expect(screen.getByTestId("can-do-role-management")).toHaveTextContent("false");
+    // Test that navigation renders correctly with access control disabled
+    expect(screen.getByRole("complementary")).toBeInTheDocument();
  });
 });
--- a/apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.tsx
@@ -1,47 +1,32 @@
 "use client";

-import { getLatestStableFbReleaseAction } from "@/app/(app)/environments/[environmentId]/actions/actions";
 import { NavigationLink } from "@/app/(app)/environments/[environmentId]/components/NavigationLink";
+import { isNewerVersion } from "@/app/(app)/environments/[environmentId]/lib/utils";
 import FBLogo from "@/images/formbricks-wordmark.svg";
 import { cn } from "@/lib/cn";
 import { getAccessFlags } from "@/lib/membership/utils";
-import { capitalizeFirstLetter } from "@/lib/utils/strings";
 import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
-import { CreateOrganizationModal } from "@/modules/organization/components/CreateOrganizationModal";
-import { ProjectSwitcher } from "@/modules/projects/components/project-switcher";
+import { getLatestStableFbReleaseAction } from "@/modules/projects/settings/(setup)/app-connection/actions";
 import { ProfileAvatar } from "@/modules/ui/components/avatars";
 import { Button } from "@/modules/ui/components/button";
 import {
  DropdownMenu,
  DropdownMenuContent,
  DropdownMenuItem,
-  DropdownMenuPortal,
-  DropdownMenuRadioGroup,
-  DropdownMenuRadioItem,
-  DropdownMenuSeparator,
-  DropdownMenuSub,
-  DropdownMenuSubContent,
-  DropdownMenuSubTrigger,
  DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
 import { useTranslate } from "@tolgee/react";
 import {
  ArrowUpRightIcon,
-  BlocksIcon,
  ChevronRightIcon,
  Cog,
-  CreditCardIcon,
-  KeyIcon,
  LogOutIcon,
  MessageCircle,
-  MousePointerClick,
  PanelLeftCloseIcon,
  PanelLeftOpenIcon,
-  PlusIcon,
  RocketIcon,
  UserCircleIcon,
  UserIcon,
-  UsersIcon,
 } from "lucide-react";
 import Image from "next/image";
 import Link from "next/link";
@@ -50,55 +35,40 @@ import { useEffect, useMemo, useState } from "react";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TOrganizationRole } from "@formbricks/types/memberships";
 import { TOrganization } from "@formbricks/types/organizations";
-import { TProject } from "@formbricks/types/project";
 import { TUser } from "@formbricks/types/user";
 import packageJson from "../../../../../package.json";

 interface NavigationProps {
  environment: TEnvironment;
-  organizations: TOrganization[];
  user: TUser;
  organization: TOrganization;
-  projects: TProject[];
-  isMultiOrgEnabled: boolean;
+  projects: { id: string; name: string }[];
  isFormbricksCloud: boolean;
  isDevelopment: boolean;
  membershipRole?: TOrganizationRole;
-  organizationProjectsLimit: number;
-  isLicenseActive: boolean;
-  canDoRoleManagement: boolean;
 }

 export const MainNavigation = ({
  environment,
-  organizations,
  organization,
  user,
  projects,
-  isMultiOrgEnabled,
  membershipRole,
  isFormbricksCloud,
-  organizationProjectsLimit,
-  isLicenseActive,
  isDevelopment,
-  canDoRoleManagement,
 }: NavigationProps) => {
  const router = useRouter();
  const pathname = usePathname();
  const { t } = useTranslate();
-  const [currentOrganizationName, setCurrentOrganizationName] = useState("");
-  const [currentOrganizationId, setCurrentOrganizationId] = useState("");
-  const [showCreateOrganizationModal, setShowCreateOrganizationModal] = useState(false);
  const [isCollapsed, setIsCollapsed] = useState(true);
  const [isTextVisible, setIsTextVisible] = useState(true);
  const [latestVersion, setLatestVersion] = useState("");
  const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });

  const project = projects.find((project) => project.id === environment.projectId);
-  const { isManager, isOwner, isMember, isBilling } = getAccessFlags(membershipRole);
+  const { isManager, isOwner, isBilling } = getAccessFlags(membershipRole);

  const isOwnerOrManager = isManager || isOwner;
-  const isPricingDisabled = isMember;

  const toggleSidebar = () => {
    setIsCollapsed(!isCollapsed);
@@ -119,40 +89,11 @@ export const MainNavigation = ({
  }, [isCollapsed]);

  useEffect(() => {
-    if (organization && organization.name !== "") {
-      setCurrentOrganizationName(organization.name);
-      setCurrentOrganizationId(organization.id);
+    // Auto collapse project navbar on org and account settings
+    if (pathname?.includes("/settings")) {
+      setIsCollapsed(true);
    }
-  }, [organization]);
-
-  const sortedOrganizations = useMemo(() => {
-    return [...organizations].sort((a, b) => a.name.localeCompare(b.name));
-  }, [organizations]);
-
-  const sortedProjects = useMemo(() => {
-    const channelOrder: (string | null)[] = ["website", "app", "link", null];
-
-    const groupedProjects = projects.reduce(
-      (acc, project) => {
-        const channel = project.config.channel;
-        const key = channel !== null ? channel : "null";
-        acc[key] = acc[key] || [];
-        acc[key].push(project);
-        return acc;
-      },
-      {} as Record<string, typeof projects>
-    );
-
-    Object.keys(groupedProjects).forEach((channel) => {
-      groupedProjects[channel].sort((a, b) => a.name.localeCompare(b.name));
-    });
-
-    return channelOrder.flatMap((channel) => groupedProjects[channel !== null ? channel : "null"] || []);
-  }, [projects]);
-
-  const handleEnvironmentChangeByOrganization = (organizationId: string) => {
-    router.push(`/organizations/${organizationId}/`);
-  };
+  }, [pathname]);

  const mainNavigation = useMemo(
    () => [
@@ -169,18 +110,6 @@ export const MainNavigation = ({
        icon: UserIcon,
        isActive: pathname?.includes("/contacts") || pathname?.includes("/segments"),
      },
-      {
-        name: t("common.actions"),
-        href: `/environments/${environment.id}/actions`,
-        icon: MousePointerClick,
-        isActive: pathname?.includes("/actions"),
-      },
-      {
-        name: t("common.integrations"),
-        href: `/environments/${environment.id}/integrations`,
-        icon: BlocksIcon,
-        isActive: pathname?.includes("/integrations"),
-      },
      {
        name: t("common.configuration"),
        href: `/environments/${environment.id}/project/general`,
@@ -197,29 +126,18 @@ export const MainNavigation = ({
      href: `/environments/${environment.id}/settings/profile`,
      icon: UserCircleIcon,
    },
-    {
-      label: t("common.organization"),
-      href: `/environments/${environment.id}/settings/general`,
-      icon: UsersIcon,
-    },
-    {
-      label: t("common.billing"),
-      href: `/environments/${environment.id}/settings/billing`,
-      hidden: !isFormbricksCloud,
-      icon: CreditCardIcon,
-    },
-    {
-      label: t("common.license"),
-      href: `/environments/${environment.id}/settings/enterprise`,
-      hidden: isFormbricksCloud || isPricingDisabled,
-      icon: KeyIcon,
-    },
    {
      label: t("common.documentation"),
      href: "https://formbricks.com/docs",
      target: "_blank",
      icon: ArrowUpRightIcon,
    },
+    {
+      label: t("common.share_feedback"),
+      href: "https://github.com/formbricks/formbricks/issues",
+      target: "_blank",
+      icon: ArrowUpRightIcon,
+    },
  ];

  useEffect(() => {
@@ -229,7 +147,7 @@ export const MainNavigation = ({
        const latestVersionTag = res.data;
        const currentVersionTag = `v${packageJson.version}`;

-        if (currentVersionTag !== latestVersionTag) {
+        if (isNewerVersion(currentVersionTag, latestVersionTag)) {
          setLatestVersion(latestVersionTag);
        }
      }
@@ -245,8 +163,7 @@ export const MainNavigation = ({
        <aside
          className={cn(
            "z-40 flex flex-col justify-between rounded-r-xl border-r border-slate-200 bg-white pt-3 shadow-md transition-all duration-100",
-            !isCollapsed ? "w-sidebar-collapsed" : "w-sidebar-expanded",
-            environment.type === "development" ? `h-[calc(100vh-1.25rem)]` : "h-screen"
+            !isCollapsed ? "w-sidebar-collapsed" : "w-sidebar-expanded"
          )}>
          <div>
            {/* Logo and Toggle */}
@@ -312,23 +229,6 @@ export const MainNavigation = ({
              </Link>
            )}

-            {/* Project Switch */}
-            {!isBilling && (
-              <ProjectSwitcher
-                environmentId={environment.id}
-                projects={sortedProjects}
-                project={project}
-                isCollapsed={isCollapsed}
-                isFormbricksCloud={isFormbricksCloud}
-                isLicenseActive={isLicenseActive}
-                isOwnerOrManager={isOwnerOrManager}
-                isTextVisible={isTextVisible}
-                organization={organization}
-                organizationProjectsLimit={organizationProjectsLimit}
-                canDoRoleManagement={canDoRoleManagement}
-              />
-            )}
-
            {/* User Switch */}
            <div className="flex items-center">
              <DropdownMenu>
@@ -337,29 +237,27 @@ export const MainNavigation = ({
                  id="userDropdownTrigger"
                  className="w-full rounded-br-xl border-t py-4 transition-colors duration-200 hover:bg-slate-50 focus:outline-none">
                  <div
-                    tabIndex={0}
                    className={cn(
-                      "flex cursor-pointer flex-row items-center space-x-3",
-                      isCollapsed ? "pl-2" : "pl-4"
+                      "flex cursor-pointer flex-row items-center gap-3",
+                      isCollapsed ? "justify-center px-2" : "px-4"
                    )}>
-                    <ProfileAvatar userId={user.id} imageUrl={user.imageUrl} />
+                    <ProfileAvatar userId={user.id} />
                    {!isCollapsed && !isTextVisible && (
                      <>
-                        <div className={cn(isTextVisible ? "opacity-0" : "opacity-100")}>
+                        <div
+                          className={cn(isTextVisible ? "opacity-0" : "opacity-100", "grow overflow-hidden")}>
                          <p
                            title={user?.email}
                            className={cn(
-                              "ph-no-capture ph-no-capture -mb-0.5 max-w-28 truncate text-sm font-bold text-slate-700"
+                              "ph-no-capture ph-no-capture -mb-0.5 truncate text-sm font-bold text-slate-700"
                            )}>
                            {user?.name ? <span>{user?.name}</span> : <span>{user?.email}</span>}
                          </p>
-                          <p
-                            title={capitalizeFirstLetter(organization?.name)}
-                            className="max-w-28 truncate text-sm text-slate-500">
-                            {capitalizeFirstLetter(organization?.name)}
-                          </p>
+                          <p className="text-sm text-slate-700">{t("common.account")}</p>
                        </div>
-                        <ChevronRightIcon className={cn("h-5 w-5 text-slate-700 hover:text-slate-500")} />
+                        <ChevronRightIcon
+                          className={cn("h-5 w-5 shrink-0 text-slate-700 hover:text-slate-500")}
+                        />
                      </>
                    )}
                  </div>
@@ -373,24 +271,20 @@ export const MainNavigation = ({
                  align="end">
                  {/* Dropdown Items */}

-                  {dropdownNavigation.map(
-                    (link) =>
-                      !link.hidden && (
-                        <Link
-                          href={link.href}
-                          target={link.target}
-                          className="flex w-full items-center"
-                          key={link.label}>
-                          <DropdownMenuItem>
-                            <link.icon className="mr-2 h-4 w-4" strokeWidth={1.5} />
-                            {link.label}
-                          </DropdownMenuItem>
-                        </Link>
-                      )
-                  )}
-
+                  {dropdownNavigation.map((link) => (
+                    <Link
+                      href={link.href}
+                      target={link.target}
+                      className="flex w-full items-center"
+                      key={link.label}
+                      rel={link.target === "_blank" ? "noopener noreferrer" : undefined}>
+                      <DropdownMenuItem>
+                        <link.icon className="mr-2 h-4 w-4" strokeWidth={1.5} />
+                        {link.label}
+                      </DropdownMenuItem>
+                    </Link>
+                  ))}
                  {/* Logout */}
-
                  <DropdownMenuItem
                    onClick={async () => {
                      const route = await signOutWithAudit({
@@ -406,55 +300,12 @@ export const MainNavigation = ({
                    icon={<LogOutIcon className="mr-2 h-4 w-4" strokeWidth={1.5} />}>
                    {t("common.logout")}
                  </DropdownMenuItem>
-
-                  {/* Organization Switch */}
-
-                  {(isMultiOrgEnabled || organizations.length > 1) && (
-                    <DropdownMenuSub>
-                      <DropdownMenuSubTrigger className="rounded-lg">
-                        <div>
-                          <p>{currentOrganizationName}</p>
-                          <p className="block text-xs text-slate-500">{t("common.switch_organization")}</p>
-                        </div>
-                      </DropdownMenuSubTrigger>
-                      <DropdownMenuPortal>
-                        <DropdownMenuSubContent sideOffset={10} alignOffset={5}>
-                          <DropdownMenuRadioGroup
-                            value={currentOrganizationId}
-                            onValueChange={(organizationId) =>
-                              handleEnvironmentChangeByOrganization(organizationId)
-                            }>
-                            {sortedOrganizations.map((organization) => (
-                              <DropdownMenuRadioItem
-                                value={organization.id}
-                                className="cursor-pointer rounded-lg"
-                                key={organization.id}>
-                                {organization.name}
-                              </DropdownMenuRadioItem>
-                            ))}
-                          </DropdownMenuRadioGroup>
-                          <DropdownMenuSeparator />
-                          {isMultiOrgEnabled && (
-                            <DropdownMenuItem
-                              onClick={() => setShowCreateOrganizationModal(true)}
-                              icon={<PlusIcon className="mr-2 h-4 w-4" />}>
-                              <span>{t("common.create_new_organization")}</span>
-                            </DropdownMenuItem>
-                          )}
-                        </DropdownMenuSubContent>
-                      </DropdownMenuPortal>
-                    </DropdownMenuSub>
-                  )}
                </DropdownMenuContent>
              </DropdownMenu>
            </div>
          </div>
        </aside>
      )}
-      <CreateOrganizationModal
-        open={showCreateOrganizationModal}
-        setOpen={(val) => setShowCreateOrganizationModal(val)}
-      />
    </>
  );
 };
--- a/apps/web/app/(app)/environments/[environmentId]/components/PosthogIdentify.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/PosthogIdentify.test.tsx
@@ -36,8 +36,6 @@ describe("PosthogIdentify", () => {
          {
            name: "Test User",
            email: "test@example.com",
-            role: "engineer",
-            objective: "increase_conversion",
          } as TUser
        }
        environmentId="env-456"
@@ -57,8 +55,6 @@ describe("PosthogIdentify", () => {
    expect(mockIdentify).toHaveBeenCalledWith("user-123", {
      name: "Test User",
      email: "test@example.com",
-      role: "engineer",
-      objective: "increase_conversion",
    });

    // environment + organization groups
@@ -142,8 +138,6 @@ describe("PosthogIdentify", () => {
    expect(mockIdentify).toHaveBeenCalledWith("user-123", {
      name: "Test User",
      email: "test@example.com",
-      role: undefined,
-      objective: undefined,
    });
    // No environmentId or organizationId => no group calls
    expect(mockGroup).not.toHaveBeenCalled();
--- a/apps/web/app/(app)/environments/[environmentId]/components/PosthogIdentify.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/PosthogIdentify.tsx
@@ -32,8 +32,6 @@ export const PosthogIdentify = ({
      posthog.identify(session.user.id, {
        name: user.name,
        email: user.email,
-        role: user.role,
-        objective: user.objective,
      });
      if (environmentId) {
        posthog.group("environment", environmentId, { name: environmentId });
@@ -56,8 +54,6 @@ export const PosthogIdentify = ({
    organizationBilling,
    user.name,
    user.email,
-    user.role,
-    user.objective,
    isPosthogEnabled,
  ]);

--- a/apps/web/app/(app)/environments/[environmentId]/components/ResponseFilterContext.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/ResponseFilterContext.test.tsx
@@ -28,7 +28,7 @@ const TestComponent = () => {

  return (
    <div>
-      <div data-testid="onlyComplete">{selectedFilter.onlyComplete.toString()}</div>
+      <div data-testid="responseStatus">{selectedFilter.responseStatus}</div>
      <div data-testid="filterLength">{selectedFilter.filter.length}</div>
      <div data-testid="questionOptionsLength">{selectedOptions.questionOptions.length}</div>
      <div data-testid="questionFilterOptionsLength">{selectedOptions.questionFilterOptions.length}</div>
@@ -44,7 +44,7 @@ const TestComponent = () => {
                filterType: { filterValue: "value1", filterComboBoxValue: "option1" },
              },
            ],
-            onlyComplete: true,
+            responseStatus: "complete",
          })
        }>
        Update Filter
@@ -81,7 +81,7 @@ describe("ResponseFilterContext", () => {
      </ResponseFilterProvider>
    );

-    expect(screen.getByTestId("onlyComplete").textContent).toBe("false");
+    expect(screen.getByTestId("responseStatus").textContent).toBe("all");
    expect(screen.getByTestId("filterLength").textContent).toBe("0");
    expect(screen.getByTestId("questionOptionsLength").textContent).toBe("0");
    expect(screen.getByTestId("questionFilterOptionsLength").textContent).toBe("0");
@@ -99,7 +99,7 @@ describe("ResponseFilterContext", () => {
    const updateButton = screen.getByText("Update Filter");
    await userEvent.click(updateButton);

-    expect(screen.getByTestId("onlyComplete").textContent).toBe("true");
+    expect(screen.getByTestId("responseStatus").textContent).toBe("complete");
    expect(screen.getByTestId("filterLength").textContent).toBe("1");
  });

--- a/apps/web/app/(app)/environments/[environmentId]/components/ResponseFilterContext.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/ResponseFilterContext.tsx
@@ -16,9 +16,11 @@ export interface FilterValue {
  };
 }

+export type TResponseStatus = "all" | "complete" | "partial";
+
 export interface SelectedFilterValue {
  filter: FilterValue[];
-  onlyComplete: boolean;
+  responseStatus: TResponseStatus;
 }

 interface SelectedFilterOptions {
@@ -47,7 +49,7 @@ const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) =>
  // state holds the filter selected value
  const [selectedFilter, setSelectedFilter] = useState<SelectedFilterValue>({
    filter: [],
-    onlyComplete: false,
+    responseStatus: "all",
  });
  // state holds all the options of the responses fetched
  const [selectedOptions, setSelectedOptions] = useState<SelectedFilterOptions>({
@@ -67,7 +69,7 @@ const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) =>
    });
    setSelectedFilter({
      filter: [],
-      onlyComplete: false,
+      responseStatus: "all",
    });
  }, []);

--- a/apps/web/app/(app)/environments/[environmentId]/components/TopControlBar.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/TopControlBar.test.tsx
@@ -1,66 +0,0 @@
-import { TopControlButtons } from "@/app/(app)/environments/[environmentId]/components/TopControlButtons";
-import { cleanup, render, screen } from "@testing-library/react";
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TOrganizationRole } from "@formbricks/types/memberships";
-import { TopControlBar } from "./TopControlBar";
-
-// Mock the child component
-vi.mock("@/app/(app)/environments/[environmentId]/components/TopControlButtons", () => ({
-  TopControlButtons: vi.fn(() => <div data-testid="top-control-buttons">Mocked TopControlButtons</div>),
-}));
-
-const mockEnvironment: TEnvironment = {
-  id: "env1",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  type: "production",
-  projectId: "proj1",
-  appSetupCompleted: true,
-};
-
-const mockEnvironments: TEnvironment[] = [
-  mockEnvironment,
-  { ...mockEnvironment, id: "env2", type: "development" },
-];
-
-const mockMembershipRole: TOrganizationRole = "owner";
-const mockProjectPermission = "manage";
-
-describe("TopControlBar", () => {
-  afterEach(() => {
-    cleanup();
-    vi.clearAllMocks();
-  });
-
-  test("renders correctly and passes props to TopControlButtons", () => {
-    render(
-      <TopControlBar
-        environment={mockEnvironment}
-        environments={mockEnvironments}
-        membershipRole={mockMembershipRole}
-        projectPermission={mockProjectPermission}
-      />
-    );
-
-    // Check if the main div is rendered
-    const mainDiv = screen.getByTestId("top-control-buttons").parentElement?.parentElement?.parentElement;
-    expect(mainDiv).toHaveClass(
-      "fixed inset-0 top-0 z-30 flex h-14 w-full items-center justify-end bg-slate-50 px-6"
-    );
-
-    // Check if the mocked child component is rendered
-    expect(screen.getByTestId("top-control-buttons")).toBeInTheDocument();
-
-    // Check if the child component received the correct props
-    expect(TopControlButtons).toHaveBeenCalledWith(
-      {
-        environment: mockEnvironment,
-        environments: mockEnvironments,
-        membershipRole: mockMembershipRole,
-        projectPermission: mockProjectPermission,
-      },
-      undefined // Updated from {} to undefined
-    );
-  });
-});
--- a/apps/web/app/(app)/environments/[environmentId]/components/TopControlBar.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/TopControlBar.tsx
@@ -1,33 +1,62 @@
-import { TopControlButtons } from "@/app/(app)/environments/[environmentId]/components/TopControlButtons";
-import { TTeamPermission } from "@/modules/ee/teams/project-teams/types/team";
+"use client";
+
+import { ProjectAndOrgSwitch } from "@/app/(app)/environments/[environmentId]/components/project-and-org-switch";
+import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { getAccessFlags } from "@/lib/membership/utils";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TOrganizationRole } from "@formbricks/types/memberships";

-interface SideBarProps {
-  environment: TEnvironment;
+interface TopControlBarProps {
  environments: TEnvironment[];
+  currentOrganizationId: string;
+  organizations: { id: string; name: string }[];
+  currentProjectId: string;
+  projects: { id: string; name: string }[];
+  isMultiOrgEnabled: boolean;
+  organizationProjectsLimit: number;
+  isFormbricksCloud: boolean;
+  isLicenseActive: boolean;
+  isOwnerOrManager: boolean;
+  isAccessControlAllowed: boolean;
  membershipRole?: TOrganizationRole;
-  projectPermission: TTeamPermission | null;
 }

 export const TopControlBar = ({
-  environment,
  environments,
+  currentOrganizationId,
+  organizations,
+  currentProjectId,
+  projects,
+  isMultiOrgEnabled,
+  organizationProjectsLimit,
+  isFormbricksCloud,
+  isLicenseActive,
+  isOwnerOrManager,
+  isAccessControlAllowed,
  membershipRole,
-  projectPermission,
-}: SideBarProps) => {
+}: TopControlBarProps) => {
+  const { isMember } = getAccessFlags(membershipRole);
+  const { environment } = useEnvironment();
+
  return (
-    <div className="fixed inset-0 top-0 z-30 flex h-14 w-full items-center justify-end bg-slate-50 px-6">
-      <div className="shadow-xs z-10">
-        <div className="flex w-fit items-center space-x-2 py-2">
-          <TopControlButtons
-            environment={environment}
-            environments={environments}
-            membershipRole={membershipRole}
-            projectPermission={projectPermission}
-          />
-        </div>
-      </div>
+    <div
+      className="flex h-14 w-full items-center justify-between bg-slate-50 px-6"
+      data-testid="fb__global-top-control-bar">
+      <ProjectAndOrgSwitch
+        currentEnvironmentId={environment.id}
+        environments={environments}
+        currentOrganizationId={currentOrganizationId}
+        organizations={organizations}
+        currentProjectId={currentProjectId}
+        projects={projects}
+        isMultiOrgEnabled={isMultiOrgEnabled}
+        organizationProjectsLimit={organizationProjectsLimit}
+        isFormbricksCloud={isFormbricksCloud}
+        isLicenseActive={isLicenseActive}
+        isOwnerOrManager={isOwnerOrManager}
+        isMember={isMember}
+        isAccessControlAllowed={isAccessControlAllowed}
+      />
    </div>
  );
 };
--- a/apps/web/app/(app)/environments/[environmentId]/components/TopControlButtons.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/TopControlButtons.test.tsx
@@ -1,182 +0,0 @@
-import { getAccessFlags } from "@/lib/membership/utils";
-import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
-import { cleanup, render, screen, waitFor } from "@testing-library/react";
-import userEvent from "@testing-library/user-event";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TOrganizationRole } from "@formbricks/types/memberships";
-import { TopControlButtons } from "./TopControlButtons";
-
-// Mock dependencies
-const mockPush = vi.fn();
-vi.mock("next/navigation", () => ({
-  useRouter: vi.fn(() => ({ push: mockPush })),
-}));
-
-vi.mock("@/lib/membership/utils", () => ({
-  getAccessFlags: vi.fn(),
-}));
-
-vi.mock("@/modules/ee/teams/utils/teams", () => ({
-  getTeamPermissionFlags: vi.fn(),
-}));
-
-vi.mock("@/app/(app)/environments/[environmentId]/components/EnvironmentSwitch", () => ({
-  EnvironmentSwitch: vi.fn(() => <div data-testid="environment-switch">EnvironmentSwitch</div>),
-}));
-
-vi.mock("@/modules/ui/components/button", () => ({
-  Button: ({ children, onClick, variant, size, className, asChild, ...props }: any) => {
-    const Tag = asChild ? "div" : "button"; // Use div if asChild is true for Link mock
-    return (
-      <Tag onClick={onClick} data-testid={`button-${className}`} {...props}>
-        {children}
-      </Tag>
-    );
-  },
-}));
-
-vi.mock("@/modules/ui/components/tooltip", () => ({
-  TooltipRenderer: ({ children, tooltipContent }: { children: React.ReactNode; tooltipContent: string }) => (
-    <div data-testid={`tooltip-${tooltipContent.split(".").pop()}`}>{children}</div>
-  ),
-}));
-
-vi.mock("lucide-react", () => ({
-  BugIcon: () => <div data-testid="bug-icon" />,
-  CircleUserIcon: () => <div data-testid="circle-user-icon" />,
-  PlusIcon: () => <div data-testid="plus-icon" />,
-}));
-
-vi.mock("next/link", () => ({
-  default: ({ children, href, target }: { children: React.ReactNode; href: string; target?: string }) => (
-    <a href={href} target={target} data-testid="link-mock">
-      {children}
-    </a>
-  ),
-}));
-
-// Mock data
-const mockEnvironmentDev: TEnvironment = {
-  id: "dev-env-id",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  type: "development",
-  projectId: "project-id",
-  appSetupCompleted: true,
-};
-
-const mockEnvironmentProd: TEnvironment = {
-  id: "prod-env-id",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  type: "production",
-  projectId: "project-id",
-  appSetupCompleted: true,
-};
-
-const mockEnvironments = [mockEnvironmentDev, mockEnvironmentProd];
-
-describe("TopControlButtons", () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-    // Default mocks for access flags
-    vi.mocked(getAccessFlags).mockReturnValue({
-      isOwner: false,
-      isMember: false,
-      isBilling: false,
-    } as any);
-    vi.mocked(getTeamPermissionFlags).mockReturnValue({
-      hasReadAccess: false,
-    } as any);
-  });
-
-  afterEach(() => {
-    cleanup();
-  });
-
-  const renderComponent = (
-    membershipRole?: TOrganizationRole,
-    projectPermission: any = null,
-    isBilling = false,
-    hasReadAccess = false
-  ) => {
-    vi.mocked(getAccessFlags).mockReturnValue({
-      isMember: membershipRole === "member",
-      isBilling: isBilling,
-      isOwner: membershipRole === "owner",
-    } as any);
-    vi.mocked(getTeamPermissionFlags).mockReturnValue({
-      hasReadAccess: hasReadAccess,
-    } as any);
-
-    return render(
-      <TopControlButtons
-        environment={mockEnvironmentDev}
-        environments={mockEnvironments}
-        membershipRole={membershipRole}
-        projectPermission={projectPermission}
-      />
-    );
-  };
-
-  test("renders correctly for Owner role", async () => {
-    renderComponent("owner");
-
-    expect(screen.getByTestId("environment-switch")).toBeInTheDocument();
-    expect(screen.getByTestId("tooltip-share_feedback")).toBeInTheDocument();
-    expect(screen.getByTestId("bug-icon")).toBeInTheDocument();
-    expect(screen.getByTestId("tooltip-account")).toBeInTheDocument();
-    expect(screen.getByTestId("circle-user-icon")).toBeInTheDocument();
-    expect(screen.getByTestId("tooltip-new_survey")).toBeInTheDocument();
-    expect(screen.getByTestId("plus-icon")).toBeInTheDocument();
-
-    // Check link
-    const link = screen.getByTestId("link-mock");
-    expect(link).toHaveAttribute("href", "https://github.com/formbricks/formbricks/issues");
-    expect(link).toHaveAttribute("target", "_blank");
-
-    // Click account button
-    const accountButton = screen.getByTestId("circle-user-icon").closest("button");
-    await userEvent.click(accountButton!);
-    await waitFor(() => {
-      expect(mockPush).toHaveBeenCalledWith(`/environments/${mockEnvironmentDev.id}/settings/profile`);
-    });
-
-    // Click new survey button
-    const newSurveyButton = screen.getByTestId("plus-icon").closest("button");
-    await userEvent.click(newSurveyButton!);
-    await waitFor(() => {
-      expect(mockPush).toHaveBeenCalledWith(`/environments/${mockEnvironmentDev.id}/surveys/templates`);
-    });
-  });
-
-  test("hides EnvironmentSwitch for Billing role", () => {
-    renderComponent(undefined, null, true); // isBilling = true
-    expect(screen.queryByTestId("environment-switch")).not.toBeInTheDocument();
-    expect(screen.getByTestId("tooltip-share_feedback")).toBeInTheDocument();
-    expect(screen.getByTestId("tooltip-account")).toBeInTheDocument();
-    expect(screen.queryByTestId("tooltip-new_survey")).not.toBeInTheDocument(); // Hidden for billing
-  });
-
-  test("hides New Survey button for Billing role", () => {
-    renderComponent(undefined, null, true); // isBilling = true
-    expect(screen.queryByTestId("tooltip-new_survey")).not.toBeInTheDocument();
-    expect(screen.queryByTestId("plus-icon")).not.toBeInTheDocument();
-  });
-
-  test("hides New Survey button for read-only Member", () => {
-    renderComponent("member", null, false, true); // isMember = true, hasReadAccess = true
-    expect(screen.getByTestId("environment-switch")).toBeInTheDocument();
-    expect(screen.getByTestId("tooltip-share_feedback")).toBeInTheDocument();
-    expect(screen.getByTestId("tooltip-account")).toBeInTheDocument();
-    expect(screen.queryByTestId("tooltip-new_survey")).not.toBeInTheDocument();
-    expect(screen.queryByTestId("plus-icon")).not.toBeInTheDocument();
-  });
-
-  test("shows New Survey button for Member with write access", () => {
-    renderComponent("member", null, false, false); // isMember = true, hasReadAccess = false
-    expect(screen.getByTestId("tooltip-new_survey")).toBeInTheDocument();
-    expect(screen.getByTestId("plus-icon")).toBeInTheDocument();
-  });
-});
--- a/apps/web/app/(app)/environments/[environmentId]/components/TopControlButtons.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/TopControlButtons.tsx
@@ -1,76 +0,0 @@
-"use client";
-
-import { EnvironmentSwitch } from "@/app/(app)/environments/[environmentId]/components/EnvironmentSwitch";
-import { getAccessFlags } from "@/lib/membership/utils";
-import { TTeamPermission } from "@/modules/ee/teams/project-teams/types/team";
-import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
-import { Button } from "@/modules/ui/components/button";
-import { TooltipRenderer } from "@/modules/ui/components/tooltip";
-import { useTranslate } from "@tolgee/react";
-import { BugIcon, CircleUserIcon, PlusIcon } from "lucide-react";
-import Link from "next/link";
-import { useRouter } from "next/navigation";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TOrganizationRole } from "@formbricks/types/memberships";
-
-interface TopControlButtonsProps {
-  environment: TEnvironment;
-  environments: TEnvironment[];
-  membershipRole?: TOrganizationRole;
-  projectPermission: TTeamPermission | null;
-}
-
-export const TopControlButtons = ({
-  environment,
-  environments,
-  membershipRole,
-  projectPermission,
-}: TopControlButtonsProps) => {
-  const { t } = useTranslate();
-  const router = useRouter();
-
-  const { isMember, isBilling } = getAccessFlags(membershipRole);
-  const { hasReadAccess } = getTeamPermissionFlags(projectPermission);
-  const isReadOnly = isMember && hasReadAccess;
-
-  return (
-    <div className="z-50 flex items-center space-x-2">
-      {!isBilling && <EnvironmentSwitch environment={environment} environments={environments} />}
-
-      <TooltipRenderer tooltipContent={t("common.share_feedback")}>
-        <Button variant="ghost" size="icon" className="h-fit w-fit bg-slate-50 p-1" asChild>
-          <Link href="https://github.com/formbricks/formbricks/issues" target="_blank">
-            <BugIcon />
-          </Link>
-        </Button>
-      </TooltipRenderer>
-
-      <TooltipRenderer tooltipContent={t("common.account")}>
-        <Button
-          variant="ghost"
-          size="icon"
-          className="h-fit w-fit bg-slate-50 p-1"
-          onClick={() => {
-            router.push(`/environments/${environment.id}/settings/profile`);
-          }}>
-          <CircleUserIcon />
-        </Button>
-      </TooltipRenderer>
-      {isBilling || isReadOnly ? (
-        <></>
-      ) : (
-        <TooltipRenderer tooltipContent={t("common.new_survey")}>
-          <Button
-            variant="secondary"
-            size="icon"
-            className="h-fit w-fit p-1"
-            onClick={() => {
-              router.push(`/environments/${environment.id}/surveys/templates`);
-            }}>
-            <PlusIcon />
-          </Button>
-        </TooltipRenderer>
-      )}
-    </div>
-  );
-};
--- a/apps/web/app/(app)/environments/[environmentId]/components/environment-breadcrumb.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/environment-breadcrumb.test.tsx
@@ -0,0 +1,329 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen, waitFor } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
+import { useRouter } from "next/navigation";
+import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { TEnvironment } from "@formbricks/types/environment";
+import { EnvironmentBreadcrumb } from "./environment-breadcrumb";
+
+// Mock the dependencies
+vi.mock("next/navigation", () => ({
+  useRouter: vi.fn(),
+}));
+
+// Mock the UI components
+vi.mock("@/modules/ui/components/breadcrumb", () => ({
+  BreadcrumbItem: ({ children, isActive, isHighlighted, ...props }: any) => (
+    <li data-testid="breadcrumb-item" data-active={isActive} data-highlighted={isHighlighted} {...props}>
+      {children}
+    </li>
+  ),
+}));
+
+vi.mock("@/modules/ui/components/dropdown-menu", () => ({
+  DropdownMenu: ({ children, onOpenChange }: any) => (
+    <button
+      type="button"
+      data-testid="dropdown-menu"
+      onClick={() => onOpenChange?.(true)}
+      onKeyDown={(e: any) => e.key === "Enter" && onOpenChange?.(true)}>
+      {children}
+    </button>
+  ),
+  DropdownMenuContent: ({ children, ...props }: any) => (
+    <div data-testid="dropdown-content" {...props}>
+      {children}
+    </div>
+  ),
+  DropdownMenuCheckboxItem: ({ children, onClick, checked, ...props }: any) => (
+    <div
+      data-testid="dropdown-checkbox-item"
+      data-checked={checked}
+      onClick={onClick}
+      onKeyDown={(e: any) => e.key === "Enter" && onClick?.()}
+      role="menuitemcheckbox"
+      aria-checked={checked}
+      tabIndex={0}
+      {...props}>
+      {children}
+    </div>
+  ),
+  DropdownMenuTrigger: ({ children, ...props }: any) => (
+    <button data-testid="dropdown-trigger" {...props}>
+      {children}
+    </button>
+  ),
+  DropdownMenuGroup: ({ children }: any) => <div data-testid="dropdown-group">{children}</div>,
+}));
+
+vi.mock("@/modules/ui/components/tooltip", () => ({
+  TooltipProvider: ({ children }: any) => <div data-testid="tooltip-provider">{children}</div>,
+  Tooltip: ({ children }: any) => <div data-testid="tooltip">{children}</div>,
+  TooltipTrigger: ({ children, asChild }: any) => (
+    <div data-testid="tooltip-trigger" data-as-child={asChild}>
+      {children}
+    </div>
+  ),
+  TooltipContent: ({ children, className }: any) => (
+    <div data-testid="tooltip-content" className={className}>
+      {children}
+    </div>
+  ),
+}));
+
+// Mock Lucide React icons
+vi.mock("lucide-react", () => ({
+  Code2Icon: ({ className, strokeWidth }: any) => {
+    const isHeader = className?.includes("mr-2");
+    return (
+      <svg
+        data-testid={isHeader ? "code2-header-icon" : "code2-icon"}
+        className={className}
+        strokeWidth={strokeWidth}>
+        <title>Code2 Icon</title>
+      </svg>
+    );
+  },
+  ChevronDownIcon: ({ className, strokeWidth }: any) => (
+    <svg data-testid="chevron-down-icon" className={className} strokeWidth={strokeWidth}>
+      <title>ChevronDown Icon</title>
+    </svg>
+  ),
+  CircleHelpIcon: ({ className }: any) => (
+    <svg data-testid="circle-help-icon" className={className}>
+      <title>CircleHelp Icon</title>
+    </svg>
+  ),
+  Loader2: ({ className }: any) => (
+    <svg data-testid="loader-2-icon" className={className}>
+      <title>Loader2 Icon</title>
+    </svg>
+  ),
+}));
+
+describe("EnvironmentBreadcrumb", () => {
+  const mockPush = vi.fn();
+  const mockRouter = {
+    push: mockPush,
+    replace: vi.fn(),
+    refresh: vi.fn(),
+    back: vi.fn(),
+    forward: vi.fn(),
+    prefetch: vi.fn(),
+  };
+
+  const mockProductionEnvironment: TEnvironment = {
+    id: "env-prod-1",
+    createdAt: new Date("2023-01-01"),
+    updatedAt: new Date("2023-01-01"),
+    type: "production",
+    projectId: "project-1",
+    appSetupCompleted: true,
+  };
+
+  const mockDevelopmentEnvironment: TEnvironment = {
+    id: "env-dev-1",
+    createdAt: new Date("2023-01-01"),
+    updatedAt: new Date("2023-01-01"),
+    type: "development",
+    projectId: "project-1",
+    appSetupCompleted: true,
+  };
+
+  const mockEnvironments: TEnvironment[] = [mockProductionEnvironment, mockDevelopmentEnvironment];
+
+  beforeEach(() => {
+    vi.mocked(useRouter).mockReturnValue(mockRouter as any);
+  });
+
+  afterEach(() => {
+    cleanup();
+    vi.clearAllMocks();
+  });
+
+  test("renders environment breadcrumb with production environment", () => {
+    render(
+      <EnvironmentBreadcrumb environments={mockEnvironments} currentEnvironment={mockProductionEnvironment} />
+    );
+
+    expect(screen.getByTestId("breadcrumb-item")).toBeInTheDocument();
+    expect(screen.getByTestId("dropdown-trigger")).toBeInTheDocument();
+    expect(screen.getByTestId("code2-icon")).toBeInTheDocument();
+    expect(screen.getAllByText("production")).toHaveLength(2); // trigger + dropdown option
+  });
+
+  test("renders environment breadcrumb with development environment and shows tooltip", () => {
+    render(
+      <EnvironmentBreadcrumb
+        environments={mockEnvironments}
+        currentEnvironment={mockDevelopmentEnvironment}
+      />
+    );
+
+    expect(screen.getAllByText("development")).toHaveLength(2); // trigger + dropdown option
+    expect(screen.getByTestId("tooltip-provider")).toBeInTheDocument();
+    expect(screen.getByTestId("circle-help-icon")).toBeInTheDocument();
+  });
+
+  test("highlights breadcrumb item for development environment", () => {
+    render(
+      <EnvironmentBreadcrumb
+        environments={mockEnvironments}
+        currentEnvironment={mockDevelopmentEnvironment}
+      />
+    );
+
+    const breadcrumbItem = screen.getByTestId("breadcrumb-item");
+    expect(breadcrumbItem).toHaveAttribute("data-highlighted", "true");
+  });
+
+  test("does not highlight breadcrumb item for production environment", () => {
+    render(
+      <EnvironmentBreadcrumb environments={mockEnvironments} currentEnvironment={mockProductionEnvironment} />
+    );
+
+    const breadcrumbItem = screen.getByTestId("breadcrumb-item");
+    expect(breadcrumbItem).toHaveAttribute("data-highlighted", "false");
+  });
+
+  test("shows chevron down icon when dropdown is open", async () => {
+    const user = userEvent.setup();
+    render(
+      <EnvironmentBreadcrumb environments={mockEnvironments} currentEnvironment={mockProductionEnvironment} />
+    );
+
+    const dropdownMenu = screen.getByTestId("dropdown-menu");
+    await user.click(dropdownMenu);
+
+    await waitFor(() => {
+      expect(screen.getAllByTestId("chevron-down-icon")).toHaveLength(1);
+    });
+  });
+
+  test("renders dropdown content with environment options", async () => {
+    const user = userEvent.setup();
+    render(
+      <EnvironmentBreadcrumb environments={mockEnvironments} currentEnvironment={mockProductionEnvironment} />
+    );
+
+    const dropdownMenu = screen.getByTestId("dropdown-menu");
+    await user.click(dropdownMenu);
+
+    expect(screen.getByTestId("dropdown-content")).toBeInTheDocument();
+    expect(screen.getByText("common.choose_environment")).toBeInTheDocument();
+    expect(screen.getByTestId("dropdown-group")).toBeInTheDocument();
+  });
+
+  test("renders all environment options in dropdown", async () => {
+    const user = userEvent.setup();
+    render(
+      <EnvironmentBreadcrumb environments={mockEnvironments} currentEnvironment={mockProductionEnvironment} />
+    );
+
+    const dropdownMenu = screen.getByTestId("dropdown-menu");
+    await user.click(dropdownMenu);
+
+    const checkboxItems = screen.getAllByTestId("dropdown-checkbox-item");
+    expect(checkboxItems).toHaveLength(2);
+
+    // Check production environment option
+    const productionOption = checkboxItems.find((item) => item.textContent?.includes("production"));
+    expect(productionOption).toBeInTheDocument();
+    expect(productionOption).toHaveAttribute("data-checked", "true");
+
+    // Check development environment option
+    const developmentOption = checkboxItems.find((item) => item.textContent?.includes("development"));
+    expect(developmentOption).toBeInTheDocument();
+    expect(developmentOption).toHaveAttribute("data-checked", "false");
+  });
+
+  test("handles environment change when clicking dropdown option", async () => {
+    const user = userEvent.setup();
+    render(
+      <EnvironmentBreadcrumb environments={mockEnvironments} currentEnvironment={mockProductionEnvironment} />
+    );
+
+    const dropdownMenu = screen.getByTestId("dropdown-menu");
+    await user.click(dropdownMenu);
+
+    const checkboxItems = screen.getAllByTestId("dropdown-checkbox-item");
+    const developmentOption = checkboxItems.find((item) => item.textContent?.includes("development"));
+
+    expect(developmentOption).toBeInTheDocument();
+    await user.click(developmentOption!);
+
+    expect(mockPush).toHaveBeenCalledWith("/environments/env-dev-1/");
+  });
+
+  test("capitalizes environment type in display", () => {
+    render(
+      <EnvironmentBreadcrumb environments={mockEnvironments} currentEnvironment={mockProductionEnvironment} />
+    );
+
+    const environmentSpans = screen.getAllByText("production");
+    const triggerSpan = environmentSpans.find((span) => span.className.includes("capitalize"));
+    expect(triggerSpan).toHaveClass("capitalize");
+  });
+
+  test("tooltip shows correct content for development environment", () => {
+    render(
+      <EnvironmentBreadcrumb
+        environments={mockEnvironments}
+        currentEnvironment={mockDevelopmentEnvironment}
+      />
+    );
+
+    const tooltipContent = screen.getByTestId("tooltip-content");
+    expect(tooltipContent).toHaveClass("text-white bg-red-800 border-none mt-2");
+    expect(tooltipContent).toHaveTextContent("common.development_environment_banner");
+  });
+
+  test("renders without tooltip for production environment", () => {
+    render(
+      <EnvironmentBreadcrumb environments={mockEnvironments} currentEnvironment={mockProductionEnvironment} />
+    );
+
+    expect(screen.queryByTestId("circle-help-icon")).not.toBeInTheDocument();
+    expect(screen.queryByTestId("tooltip-provider")).not.toBeInTheDocument();
+  });
+
+  test("sets breadcrumb item as active when dropdown is open", async () => {
+    const user = userEvent.setup();
+    render(
+      <EnvironmentBreadcrumb environments={mockEnvironments} currentEnvironment={mockProductionEnvironment} />
+    );
+
+    // Initially not active
+    let breadcrumbItem = screen.getByTestId("breadcrumb-item");
+    expect(breadcrumbItem).toHaveAttribute("data-active", "false");
+
+    // Open dropdown
+    const dropdownMenu = screen.getByTestId("dropdown-menu");
+    await user.click(dropdownMenu);
+
+    // Should be active when dropdown is open
+    breadcrumbItem = screen.getByTestId("breadcrumb-item");
+    expect(breadcrumbItem).toHaveAttribute("data-active", "true");
+  });
+
+  test("handles single environment scenario", () => {
+    const singleEnvironment = [mockProductionEnvironment];
+
+    render(
+      <EnvironmentBreadcrumb
+        environments={singleEnvironment}
+        currentEnvironment={mockProductionEnvironment}
+      />
+    );
+
+    expect(screen.getByTestId("breadcrumb-item")).toBeInTheDocument();
+    expect(screen.getAllByText("production")).toHaveLength(2); // trigger + dropdown option
+  });
+
+  test("handles empty environments array gracefully", () => {
+    render(<EnvironmentBreadcrumb environments={[]} currentEnvironment={mockProductionEnvironment} />);
+
+    expect(screen.getByTestId("breadcrumb-item")).toBeInTheDocument();
+    expect(screen.getByText("production")).toBeInTheDocument();
+  });
+});
--- a/apps/web/app/(app)/environments/[environmentId]/components/environment-breadcrumb.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/environment-breadcrumb.tsx
@@ -0,0 +1,89 @@
+"use client";
+
+import { BreadcrumbItem } from "@/modules/ui/components/breadcrumb";
+import {
+  DropdownMenu,
+  DropdownMenuCheckboxItem,
+  DropdownMenuContent,
+  DropdownMenuGroup,
+  DropdownMenuTrigger,
+} from "@/modules/ui/components/dropdown-menu";
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
+import { useTranslate } from "@tolgee/react";
+import { ChevronDownIcon, CircleHelpIcon, Code2Icon, Loader2 } from "lucide-react";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+
+export const EnvironmentBreadcrumb = ({
+  environments,
+  currentEnvironment,
+}: {
+  environments: { id: string; type: string }[];
+  currentEnvironment: { id: string; type: string };
+}) => {
+  const { t } = useTranslate();
+  const [isEnvironmentDropdownOpen, setIsEnvironmentDropdownOpen] = useState(false);
+  const router = useRouter();
+  const [isLoading, setIsLoading] = useState(false);
+
+  const handleEnvironmentChange = (environmentId: string) => {
+    if (environmentId === currentEnvironment.id) return;
+    setIsLoading(true);
+    router.push(`/environments/${environmentId}/`);
+  };
+
+  const developmentTooltip = () => {
+    return (
+      <TooltipProvider>
+        <Tooltip delayDuration={0}>
+          <TooltipTrigger asChild>
+            <CircleHelpIcon className="h-3 w-3" />
+          </TooltipTrigger>
+          <TooltipContent className="mt-2 border-none bg-red-800 text-white">
+            {t("common.development_environment_banner")}
+          </TooltipContent>
+        </Tooltip>
+      </TooltipProvider>
+    );
+  };
+
+  return (
+    <BreadcrumbItem
+      isActive={isEnvironmentDropdownOpen}
+      isHighlighted={currentEnvironment.type === "development"}>
+      <DropdownMenu onOpenChange={setIsEnvironmentDropdownOpen}>
+        <DropdownMenuTrigger
+          className="flex cursor-pointer items-center gap-1 outline-none"
+          id="environmentDropdownTrigger"
+          asChild>
+          <div className="flex items-center gap-1">
+            <Code2Icon className="h-3 w-3" strokeWidth={1.5} />
+            <span className="capitalize">{currentEnvironment.type}</span>
+            {isLoading && <Loader2 className="h-3 w-3 animate-spin" strokeWidth={1.5} />}
+            {currentEnvironment.type === "development" && developmentTooltip()}
+            {isEnvironmentDropdownOpen && <ChevronDownIcon className="h-3 w-3" strokeWidth={1.5} />}
+          </div>
+        </DropdownMenuTrigger>
+        <DropdownMenuContent className="mt-2" align="start">
+          <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
+            <Code2Icon className="mr-2 inline h-4 w-4" />
+            {t("common.choose_environment")}
+          </div>
+          <DropdownMenuGroup>
+            {environments.map((env) => (
+              <DropdownMenuCheckboxItem
+                key={env.id}
+                checked={env.type === currentEnvironment.type}
+                onClick={() => handleEnvironmentChange(env.id)}
+                className="cursor-pointer">
+                <div className="flex items-center gap-2 capitalize">
+                  <span>{env.type}</span>
+                </div>
+              </DropdownMenuCheckboxItem>
+            ))}
+          </DropdownMenuGroup>
+        </DropdownMenuContent>
+      </DropdownMenu>
+    </BreadcrumbItem>
+  );
+};
--- a/apps/web/app/(app)/environments/[environmentId]/components/organization-breadcrumb.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/organization-breadcrumb.test.tsx
@@ -0,0 +1,560 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen, waitFor } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
+import { usePathname, useRouter } from "next/navigation";
+import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { TOrganization, TOrganizationBilling } from "@formbricks/types/organizations";
+import { OrganizationBreadcrumb } from "./organization-breadcrumb";
+
+// Mock the dependencies
+vi.mock("next/navigation", () => ({
+  useRouter: vi.fn(),
+  usePathname: vi.fn(),
+}));
+
+vi.mock("@tolgee/react", () => ({
+  useTranslate: () => ({
+    t: (key: string) => key,
+  }),
+}));
+
+vi.mock("@/modules/organization/components/CreateOrganizationModal", () => ({
+  CreateOrganizationModal: ({ open, setOpen }: any) =>
+    open ? (
+      <div data-testid="create-organization-modal">
+        <button type="button" onClick={() => setOpen(false)}>
+          Close Modal
+        </button>
+        Create Organization Modal
+      </div>
+    ) : null,
+}));
+
+// Mock the UI components
+vi.mock("@/modules/ui/components/breadcrumb", () => ({
+  BreadcrumbItem: ({ children, isActive, ...props }: any) => (
+    <li data-testid="breadcrumb-item" data-active={isActive} {...props}>
+      {children}
+    </li>
+  ),
+}));
+
+vi.mock("@/modules/ui/components/dropdown-menu", () => ({
+  DropdownMenu: ({ children, onOpenChange }: any) => (
+    <div
+      data-testid="dropdown-menu"
+      onClick={() => onOpenChange?.(true)}
+      onKeyDown={(e: any) => e.key === "Enter" && onOpenChange?.(true)}
+      role="button"
+      tabIndex={0}>
+      {children}
+    </div>
+  ),
+  DropdownMenuContent: ({ children, ...props }: any) => (
+    <div data-testid="dropdown-content" {...props}>
+      {children}
+    </div>
+  ),
+  DropdownMenuCheckboxItem: ({ children, onClick, checked, ...props }: any) => (
+    <div
+      data-testid="dropdown-checkbox-item"
+      data-checked={checked}
+      onClick={onClick}
+      onKeyDown={(e: any) => e.key === "Enter" && onClick?.()}
+      role="menuitemcheckbox"
+      aria-checked={checked}
+      tabIndex={0}
+      {...props}>
+      {children}
+    </div>
+  ),
+  DropdownMenuTrigger: ({ children, ...props }: any) => (
+    <button data-testid="dropdown-trigger" {...props}>
+      {children}
+    </button>
+  ),
+  DropdownMenuGroup: ({ children }: any) => <div data-testid="dropdown-group">{children}</div>,
+  DropdownMenuSeparator: () => <div data-testid="dropdown-separator" />,
+}));
+
+// Mock Lucide React icons
+vi.mock("lucide-react", () => ({
+  BuildingIcon: ({ className, strokeWidth }: any) => {
+    const isHeader = className?.includes("mr-2");
+    return (
+      <svg
+        data-testid={isHeader ? "building-header-icon" : "building-icon"}
+        className={className}
+        strokeWidth={strokeWidth}>
+        <title>Building Icon</title>
+      </svg>
+    );
+  },
+  ChevronDownIcon: ({ className, strokeWidth }: any) => (
+    <svg data-testid="chevron-down-icon" className={className} strokeWidth={strokeWidth}>
+      <title>ChevronDown Icon</title>
+    </svg>
+  ),
+  ChevronRightIcon: ({ className, strokeWidth }: any) => (
+    <svg data-testid="chevron-right-icon" className={className} strokeWidth={strokeWidth}>
+      <title>ChevronRight Icon</title>
+    </svg>
+  ),
+  PlusIcon: ({ className }: any) => (
+    <svg data-testid="plus-icon" className={className}>
+      <title>Plus Icon</title>
+    </svg>
+  ),
+  SettingsIcon: ({ className }: any) => (
+    <svg data-testid="settings-icon" className={className}>
+      <title>Settings Icon</title>
+    </svg>
+  ),
+  Loader2: ({ className }: any) => (
+    <svg data-testid="loader-2-icon" className={className}>
+      <title>Loader2 Icon</title>
+    </svg>
+  ),
+}));
+
+describe("OrganizationBreadcrumb", () => {
+  const mockPush = vi.fn();
+  const mockRouter = {
+    push: mockPush,
+    replace: vi.fn(),
+    refresh: vi.fn(),
+    back: vi.fn(),
+    forward: vi.fn(),
+    prefetch: vi.fn(),
+  };
+
+  const mockOrganization1: TOrganization = {
+    id: "org-1",
+    name: "Test Organization 1",
+    createdAt: new Date("2023-01-01"),
+    updatedAt: new Date("2023-01-01"),
+    billing: {
+      plan: "free",
+      stripeCustomerId: null,
+    } as unknown as TOrganizationBilling,
+    isAIEnabled: false,
+  };
+
+  const mockOrganization2: TOrganization = {
+    id: "org-2",
+    name: "Test Organization 2",
+    createdAt: new Date("2023-01-01"),
+    updatedAt: new Date("2023-01-01"),
+    billing: {
+      plan: "startup",
+      stripeCustomerId: null,
+    } as unknown as TOrganizationBilling,
+    isAIEnabled: true,
+  };
+
+  const mockOrganizations = [mockOrganization1, mockOrganization2];
+  const currentEnvironmentId = "env-123";
+
+  beforeEach(() => {
+    vi.mocked(useRouter).mockReturnValue(mockRouter as any);
+    vi.mocked(usePathname).mockReturnValue("/environments/env-123/");
+  });
+
+  afterEach(() => {
+    cleanup();
+    vi.clearAllMocks();
+  });
+
+  describe("Single Organization Setup", () => {
+    test("renders organization breadcrumb without dropdown for single org", () => {
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={[mockOrganization1]}
+          isMultiOrgEnabled={false}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      expect(screen.getByTestId("breadcrumb-item")).toBeInTheDocument();
+      expect(screen.getByTestId("dropdown-trigger")).toBeInTheDocument();
+      expect(screen.getByTestId("building-icon")).toBeInTheDocument();
+      expect(screen.getByText("Test Organization 1")).toBeInTheDocument();
+    });
+
+    test("shows organization settings without organization switcher", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={[mockOrganization1]}
+          isMultiOrgEnabled={false}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      expect(screen.getByTestId("dropdown-content")).toBeInTheDocument();
+      expect(screen.getByText("common.organization_settings")).toBeInTheDocument();
+      expect(screen.queryByText("common.choose_organization")).not.toBeInTheDocument();
+    });
+  });
+
+  describe("Multi Organization Setup", () => {
+    test("renders organization breadcrumb with dropdown for multi org", () => {
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      expect(screen.getByTestId("breadcrumb-item")).toBeInTheDocument();
+      expect(screen.getByTestId("building-icon")).toBeInTheDocument();
+      expect(screen.getAllByText("Test Organization 1")).toHaveLength(2); // trigger + dropdown option
+    });
+
+    test("shows chevron icons correctly", () => {
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      // Should show chevron right when closed
+      expect(screen.getByTestId("chevron-right-icon")).toBeInTheDocument();
+      expect(screen.queryByTestId("chevron-down-icon")).not.toBeInTheDocument();
+    });
+
+    test("shows chevron down when dropdown is open", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      await waitFor(() => {
+        expect(screen.getByTestId("chevron-down-icon")).toBeInTheDocument();
+      });
+    });
+
+    test("renders organization selector in dropdown", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      expect(screen.getByText("common.choose_organization")).toBeInTheDocument();
+      expect(screen.getByTestId("dropdown-group")).toBeInTheDocument();
+
+      const checkboxItems = screen.getAllByTestId("dropdown-checkbox-item");
+      expect(checkboxItems.length).toBeGreaterThanOrEqual(2); // Organizations + create new option + settings
+    });
+
+    test("handles organization change when clicking dropdown option", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const checkboxItems = screen.getAllByTestId("dropdown-checkbox-item");
+      const org2Option = checkboxItems.find((item) => item.textContent?.includes("Test Organization 2"));
+
+      expect(org2Option).toBeInTheDocument();
+      await user.click(org2Option!);
+
+      expect(mockPush).toHaveBeenCalledWith("/organizations/org-2/");
+    });
+
+    test("shows create new organization option when multi org is enabled", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const createOrgOption = screen.getByText("common.create_new_organization");
+      expect(createOrgOption).toBeInTheDocument();
+      expect(screen.getByTestId("plus-icon")).toBeInTheDocument();
+    });
+
+    test("opens create organization modal when clicking create new option", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const createOrgOption = screen.getByText("common.create_new_organization");
+      await user.click(createOrgOption);
+
+      expect(screen.getByTestId("create-organization-modal")).toBeInTheDocument();
+    });
+
+    test("hides create new organization option when multi org is disabled", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={false}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      expect(screen.queryByText("common.create_new_organization")).not.toBeInTheDocument();
+    });
+  });
+
+  describe("Organization Settings", () => {
+    test("renders all organization settings options", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          isFormbricksCloud={true}
+          isMember={false}
+          currentEnvironmentId={currentEnvironmentId}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      expect(screen.getByText("common.organization_settings")).toBeInTheDocument();
+      expect(screen.getByTestId("settings-icon")).toBeInTheDocument();
+      expect(screen.getByText("common.general")).toBeInTheDocument();
+      expect(screen.getByText("common.teams")).toBeInTheDocument();
+      expect(screen.getByText("common.api_keys")).toBeInTheDocument();
+      expect(screen.getByText("common.billing")).toBeInTheDocument();
+    });
+
+    test("handles navigation to organization settings", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const generalOption = screen.getByText("common.general");
+      await user.click(generalOption);
+
+      expect(mockPush).toHaveBeenCalledWith(`/environments/${currentEnvironmentId}/settings/general`);
+    });
+
+    test("marks current settings page as checked", async () => {
+      vi.mocked(usePathname).mockReturnValue("/environments/env-123/settings/teams");
+
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const checkboxItems = screen.getAllByTestId("dropdown-checkbox-item");
+      const teamsOption = checkboxItems.find((item) => item.textContent?.includes("common.teams"));
+
+      expect(teamsOption).toBeInTheDocument();
+      expect(teamsOption).toHaveAttribute("data-checked", "true");
+    });
+  });
+
+  describe("Edge Cases", () => {
+    test("handles single organization with multi org enabled", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={[mockOrganization1]}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      // Should still show organization selector since multi org is enabled
+      expect(screen.getByText("common.choose_organization")).toBeInTheDocument();
+      expect(screen.getByText("common.create_new_organization")).toBeInTheDocument();
+    });
+
+    test("shows separator between organization switcher and settings", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      expect(screen.getByTestId("dropdown-separator")).toBeInTheDocument();
+    });
+
+    test("sets breadcrumb item as active when dropdown is open", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      // Initially not active
+      let breadcrumbItem = screen.getByTestId("breadcrumb-item");
+      expect(breadcrumbItem).toHaveAttribute("data-active", "false");
+
+      // Open dropdown
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      // Should be active when dropdown is open
+      breadcrumbItem = screen.getByTestId("breadcrumb-item");
+      expect(breadcrumbItem).toHaveAttribute("data-active", "true");
+    });
+
+    test("closes create organization modal correctly", async () => {
+      const user = userEvent.setup();
+      render(
+        <OrganizationBreadcrumb
+          currentOrganizationId={mockOrganization1.id}
+          organizations={mockOrganizations}
+          isMultiOrgEnabled={true}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={true}
+          isMember={false}
+          isOwnerOrManager={true}
+        />
+      );
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const createOrgOption = screen.getByText("common.create_new_organization");
+      await user.click(createOrgOption);
+
+      expect(screen.getByTestId("create-organization-modal")).toBeInTheDocument();
+
+      const closeButton = screen.getByText("Close Modal");
+      await user.click(closeButton);
+
+      expect(screen.queryByTestId("create-organization-modal")).not.toBeInTheDocument();
+    });
+  });
+});
--- a/apps/web/app/(app)/environments/[environmentId]/components/organization-breadcrumb.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/organization-breadcrumb.tsx
@@ -0,0 +1,179 @@
+"use client";
+
+import { CreateOrganizationModal } from "@/modules/organization/components/CreateOrganizationModal";
+import { BreadcrumbItem } from "@/modules/ui/components/breadcrumb";
+import {
+  DropdownMenu,
+  DropdownMenuCheckboxItem,
+  DropdownMenuContent,
+  DropdownMenuGroup,
+  DropdownMenuSeparator,
+  DropdownMenuTrigger,
+} from "@/modules/ui/components/dropdown-menu";
+import * as Sentry from "@sentry/nextjs";
+import { useTranslate } from "@tolgee/react";
+import {
+  BuildingIcon,
+  ChevronDownIcon,
+  ChevronRightIcon,
+  Loader2,
+  PlusIcon,
+  SettingsIcon,
+} from "lucide-react";
+import { usePathname, useRouter } from "next/navigation";
+import { useState } from "react";
+import { logger } from "@formbricks/logger";
+
+interface OrganizationBreadcrumbProps {
+  currentOrganizationId: string;
+  organizations: { id: string; name: string }[];
+  isMultiOrgEnabled: boolean;
+  currentEnvironmentId?: string;
+  isFormbricksCloud: boolean;
+  isMember: boolean;
+  isOwnerOrManager: boolean;
+}
+
+export const OrganizationBreadcrumb = ({
+  currentOrganizationId,
+  organizations,
+  isMultiOrgEnabled,
+  currentEnvironmentId,
+  isFormbricksCloud,
+  isMember,
+  isOwnerOrManager,
+}: OrganizationBreadcrumbProps) => {
+  const { t } = useTranslate();
+  const [isOrganizationDropdownOpen, setIsOrganizationDropdownOpen] = useState(false);
+  const [openCreateOrganizationModal, setOpenCreateOrganizationModal] = useState(false);
+  const pathname = usePathname();
+  const router = useRouter();
+  const [isLoading, setIsLoading] = useState(false);
+  const currentOrganization = organizations.find((org) => org.id === currentOrganizationId);
+
+  if (!currentOrganization) {
+    const errorMessage = `Organization not found for organization id: ${currentOrganizationId}`;
+    logger.error(errorMessage);
+    Sentry.captureException(new Error(errorMessage));
+    return;
+  }
+
+  const handleOrganizationChange = (organizationId: string) => {
+    if (organizationId === currentOrganizationId) return;
+    setIsLoading(true);
+    router.push(`/organizations/${organizationId}/`);
+  };
+
+  // Hide organization dropdown for single org setups (on-premise)
+  const showOrganizationDropdown = isMultiOrgEnabled || organizations.length > 1;
+
+  const organizationSettings = [
+    {
+      id: "general",
+      label: t("common.general"),
+      href: `/environments/${currentEnvironmentId}/settings/general`,
+    },
+    {
+      id: "teams",
+      label: t("common.teams"),
+      href: `/environments/${currentEnvironmentId}/settings/teams`,
+    },
+    {
+      id: "api-keys",
+      label: t("common.api_keys"),
+      href: `/environments/${currentEnvironmentId}/settings/api-keys`,
+      hidden: !isOwnerOrManager,
+    },
+    {
+      id: "billing",
+      label: t("common.billing"),
+      href: `/environments/${currentEnvironmentId}/settings/billing`,
+      hidden: !isFormbricksCloud,
+    },
+    {
+      id: "enterprise",
+      label: t("common.enterprise_license"),
+      href: `/environments/${currentEnvironmentId}/settings/enterprise`,
+      hidden: isFormbricksCloud || isMember,
+    },
+  ];
+
+  return (
+    <BreadcrumbItem isActive={isOrganizationDropdownOpen}>
+      <DropdownMenu onOpenChange={setIsOrganizationDropdownOpen}>
+        <DropdownMenuTrigger
+          className="flex cursor-pointer items-center gap-1 outline-none"
+          id="organizationDropdownTrigger"
+          asChild>
+          <div className="flex items-center gap-1">
+            <BuildingIcon className="h-3 w-3" strokeWidth={1.5} />
+            <span>{currentOrganization.name}</span>
+            {isLoading && <Loader2 className="h-3 w-3 animate-spin" strokeWidth={1.5} />}
+            {isOrganizationDropdownOpen ? (
+              <ChevronDownIcon className="h-3 w-3" strokeWidth={1.5} />
+            ) : (
+              <ChevronRightIcon className="h-3 w-3" strokeWidth={1.5} />
+            )}
+          </div>
+        </DropdownMenuTrigger>
+        <DropdownMenuContent align="start" className="mt-2">
+          {showOrganizationDropdown && (
+            <>
+              <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
+                <BuildingIcon className="mr-2 inline h-4 w-4" />
+                {t("common.choose_organization")}
+              </div>
+              <DropdownMenuGroup>
+                {organizations.map((org) => (
+                  <DropdownMenuCheckboxItem
+                    key={org.id}
+                    checked={org.id === currentOrganization.id}
+                    onClick={() => handleOrganizationChange(org.id)}
+                    className="cursor-pointer">
+                    {org.name}
+                  </DropdownMenuCheckboxItem>
+                ))}
+              </DropdownMenuGroup>
+              {isMultiOrgEnabled && (
+                <DropdownMenuCheckboxItem
+                  onClick={() => setOpenCreateOrganizationModal(true)}
+                  className="cursor-pointer">
+                  <span>{t("common.create_new_organization")}</span>
+                  <PlusIcon className="ml-2 h-4 w-4" />
+                </DropdownMenuCheckboxItem>
+              )}
+            </>
+          )}
+          {currentEnvironmentId && (
+            <div>
+              <DropdownMenuSeparator />
+              <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
+                <SettingsIcon className="mr-2 inline h-4 w-4" />
+                {t("common.organization_settings")}
+              </div>
+
+              {organizationSettings.map((setting) => {
+                return setting.hidden ? null : (
+                  <DropdownMenuCheckboxItem
+                    key={setting.id}
+                    checked={pathname.includes(setting.id)}
+                    hidden={setting.hidden}
+                    onClick={() => router.push(setting.href)}
+                    className="cursor-pointer">
+                    {setting.label}
+                  </DropdownMenuCheckboxItem>
+                );
+              })}
+            </div>
+          )}
+        </DropdownMenuContent>
+      </DropdownMenu>
+      {openCreateOrganizationModal && (
+        <CreateOrganizationModal
+          open={openCreateOrganizationModal}
+          setOpen={setOpenCreateOrganizationModal}
+        />
+      )}
+    </BreadcrumbItem>
+  );
+};
--- a/apps/web/app/(app)/environments/[environmentId]/components/project-and-org-switch.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/project-and-org-switch.test.tsx
@@ -0,0 +1,340 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen } from "@testing-library/react";
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { TEnvironment } from "@formbricks/types/environment";
+import { ProjectAndOrgSwitch } from "./project-and-org-switch";
+
+// Mock the individual breadcrumb components
+vi.mock("@/app/(app)/environments/[environmentId]/components/organization-breadcrumb", () => ({
+  OrganizationBreadcrumb: ({
+    currentOrganizationId,
+    organizations,
+    isMultiOrgEnabled,
+    currentEnvironmentId,
+  }: any) => {
+    const currentOrganization = organizations.find((org: any) => org.id === currentOrganizationId);
+    return (
+      <div data-testid="organization-breadcrumb">
+        <div>Organization: {currentOrganization?.name}</div>
+        <div>Organizations Count: {organizations.length}</div>
+        <div>Multi Org: {isMultiOrgEnabled ? "Enabled" : "Disabled"}</div>
+        <div>Environment ID: {currentEnvironmentId}</div>
+      </div>
+    );
+  },
+}));
+
+vi.mock("@/app/(app)/environments/[environmentId]/components/project-breadcrumb", () => ({
+  ProjectBreadcrumb: ({
+    currentProjectId,
+    projects,
+    isOwnerOrManager,
+    organizationProjectsLimit,
+    isFormbricksCloud,
+    isLicenseActive,
+    currentOrganizationId,
+    currentEnvironmentId,
+    isAccessControlAllowed,
+  }: any) => {
+    const currentProject = projects.find((project: any) => project.id === currentProjectId);
+    return (
+      <div data-testid="project-breadcrumb">
+        <div>Project: {currentProject?.name}</div>
+        <div>Projects Count: {projects.length}</div>
+        <div>Owner/Manager: {isOwnerOrManager ? "Yes" : "No"}</div>
+        <div>Project Limit: {organizationProjectsLimit}</div>
+        <div>Formbricks Cloud: {isFormbricksCloud ? "Yes" : "No"}</div>
+        <div>License Active: {isLicenseActive ? "Yes" : "No"}</div>
+        <div>Organization ID: {currentOrganizationId}</div>
+        <div>Environment ID: {currentEnvironmentId}</div>
+        <div>Access Control: {isAccessControlAllowed ? "Allowed" : "Not Allowed"}</div>
+      </div>
+    );
+  },
+}));
+
+vi.mock("@/app/(app)/environments/[environmentId]/components/environment-breadcrumb", () => ({
+  EnvironmentBreadcrumb: ({ environments, currentEnvironmentId }: any) => {
+    const currentEnvironment = environments.find((env: any) => env.id === currentEnvironmentId);
+    return (
+      <div data-testid="environment-breadcrumb">
+        <div>Environment: {currentEnvironment?.type}</div>
+        <div>Environments Count: {environments.length}</div>
+        <div>Environment ID: {currentEnvironment?.id}</div>
+      </div>
+    );
+  },
+}));
+
+// Mock the UI components
+vi.mock("@/modules/ui/components/breadcrumb", () => ({
+  Breadcrumb: ({ children }: any) => (
+    <nav data-testid="breadcrumb" aria-label="breadcrumb">
+      {children}
+    </nav>
+  ),
+  BreadcrumbList: ({ children, className }: any) => (
+    <ol data-testid="breadcrumb-list" className={className}>
+      {children}
+    </ol>
+  ),
+}));
+
+describe("ProjectAndOrgSwitch", () => {
+  const mockOrganization1 = {
+    id: "org-1",
+    name: "Test Organization 1",
+  };
+
+  const mockOrganization2 = {
+    id: "org-2",
+    name: "Test Organization 2",
+  };
+
+  const mockProject1 = {
+    id: "proj-1",
+    name: "Test Project 1",
+  };
+
+  const mockProject2 = {
+    id: "proj-2",
+    name: "Test Project 2",
+  };
+
+  const mockEnvironment1: TEnvironment = {
+    id: "env-1",
+    createdAt: new Date("2023-01-01"),
+    updatedAt: new Date("2023-01-01"),
+    type: "development",
+    projectId: "proj-1",
+    appSetupCompleted: true,
+  };
+
+  const mockEnvironment2: TEnvironment = {
+    id: "env-2",
+    createdAt: new Date("2023-01-01"),
+    updatedAt: new Date("2023-01-01"),
+    type: "development",
+    projectId: "proj-1",
+    appSetupCompleted: true,
+  };
+
+  const defaultProps = {
+    currentOrganizationId: "org-1",
+    organizations: [mockOrganization1, mockOrganization2],
+    currentProjectId: "proj-1",
+    projects: [mockProject1, mockProject2],
+    currentEnvironmentId: "env-1",
+    environments: [mockEnvironment1, mockEnvironment2],
+    isMultiOrgEnabled: true,
+    organizationProjectsLimit: 5,
+    isFormbricksCloud: true,
+    isLicenseActive: false,
+    isOwnerOrManager: true,
+    isAccessControlAllowed: true,
+    isMember: true,
+  };
+
+  afterEach(() => {
+    cleanup();
+  });
+
+  describe("Basic Rendering", () => {
+    test("renders main breadcrumb structure", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} />);
+
+      expect(screen.getByTestId("breadcrumb")).toBeInTheDocument();
+      expect(screen.getByTestId("breadcrumb-list")).toBeInTheDocument();
+      expect(screen.getByTestId("breadcrumb")).toHaveAttribute("aria-label", "breadcrumb");
+    });
+
+    test("applies correct CSS classes to breadcrumb list", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} />);
+
+      const breadcrumbList = screen.getByTestId("breadcrumb-list");
+      expect(breadcrumbList).toHaveClass("gap-0");
+    });
+
+    test("renders all three breadcrumb components", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} />);
+
+      expect(screen.getByTestId("organization-breadcrumb")).toBeInTheDocument();
+      expect(screen.getByTestId("project-breadcrumb")).toBeInTheDocument();
+    });
+  });
+
+  describe("Organization Breadcrumb Integration", () => {
+    test("passes correct props to organization breadcrumb", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} />);
+
+      const orgBreadcrumb = screen.getByTestId("organization-breadcrumb");
+      expect(orgBreadcrumb).toHaveTextContent("Organization: Test Organization 1");
+      expect(orgBreadcrumb).toHaveTextContent("Organizations Count: 2");
+      expect(orgBreadcrumb).toHaveTextContent("Multi Org: Enabled");
+      expect(orgBreadcrumb).toHaveTextContent("Environment ID: env-1");
+    });
+
+    test("handles single organization setup", () => {
+      render(
+        <ProjectAndOrgSwitch
+          {...defaultProps}
+          organizations={[mockOrganization1]}
+          isMultiOrgEnabled={false}
+        />
+      );
+
+      const orgBreadcrumb = screen.getByTestId("organization-breadcrumb");
+      expect(orgBreadcrumb).toHaveTextContent("Organizations Count: 1");
+      expect(orgBreadcrumb).toHaveTextContent("Multi Org: Disabled");
+    });
+  });
+
+  describe("Project Breadcrumb Integration", () => {
+    test("passes correct props to project breadcrumb", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} />);
+
+      const projectBreadcrumb = screen.getByTestId("project-breadcrumb");
+      expect(projectBreadcrumb).toHaveTextContent("Project: Test Project 1");
+      expect(projectBreadcrumb).toHaveTextContent("Projects Count: 2");
+      expect(projectBreadcrumb).toHaveTextContent("Owner/Manager: Yes");
+      expect(projectBreadcrumb).toHaveTextContent("Project Limit: 5");
+      expect(projectBreadcrumb).toHaveTextContent("Formbricks Cloud: Yes");
+      expect(projectBreadcrumb).toHaveTextContent("License Active: No");
+      expect(projectBreadcrumb).toHaveTextContent("Organization ID: org-1");
+      expect(projectBreadcrumb).toHaveTextContent("Environment ID: env-1");
+      expect(projectBreadcrumb).toHaveTextContent("Access Control: Allowed");
+    });
+
+    test("handles non-owner/manager user", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} isOwnerOrManager={false} />);
+
+      const projectBreadcrumb = screen.getByTestId("project-breadcrumb");
+      expect(projectBreadcrumb).toHaveTextContent("Owner/Manager: No");
+    });
+
+    test("handles self-hosted setup", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} isFormbricksCloud={false} isLicenseActive={true} />);
+
+      const projectBreadcrumb = screen.getByTestId("project-breadcrumb");
+      expect(projectBreadcrumb).toHaveTextContent("Formbricks Cloud: No");
+      expect(projectBreadcrumb).toHaveTextContent("License Active: Yes");
+    });
+
+    test("handles access control restrictions", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} isAccessControlAllowed={false} />);
+
+      const projectBreadcrumb = screen.getByTestId("project-breadcrumb");
+      expect(projectBreadcrumb).toHaveTextContent("Access Control: Not Allowed");
+    });
+  });
+
+  describe("Environment Breadcrumb Integration", () => {
+    test("passes correct props to environment breadcrumb", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} />);
+
+      const envBreadcrumb = screen.getByTestId("environment-breadcrumb");
+      expect(envBreadcrumb).toHaveTextContent("Environments Count: 2");
+    });
+
+    test("handles single environment", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} environments={[mockEnvironment1]} />);
+
+      const envBreadcrumb = screen.getByTestId("environment-breadcrumb");
+      expect(envBreadcrumb).toHaveTextContent("Environments Count: 1");
+    });
+  });
+
+  describe("Props Propagation", () => {
+    test("correctly propagates organization limits", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} organizationProjectsLimit={10} />);
+
+      const projectBreadcrumb = screen.getByTestId("project-breadcrumb");
+      expect(projectBreadcrumb).toHaveTextContent("Project Limit: 10");
+    });
+
+    test("correctly propagates current organization to project breadcrumb", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} currentOrganizationId="org-2" />);
+
+      const orgBreadcrumb = screen.getByTestId("organization-breadcrumb");
+      const projectBreadcrumb = screen.getByTestId("project-breadcrumb");
+
+      expect(orgBreadcrumb).toHaveTextContent("Organization: Test Organization 2");
+      expect(projectBreadcrumb).toHaveTextContent("Organization ID: org-2");
+    });
+  });
+
+  describe("Edge Cases", () => {
+    test("handles zero project limit", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} organizationProjectsLimit={0} />);
+
+      const projectBreadcrumb = screen.getByTestId("project-breadcrumb");
+      expect(projectBreadcrumb).toHaveTextContent("Project Limit: 0");
+    });
+
+    test("handles all boolean props as false", () => {
+      render(
+        <ProjectAndOrgSwitch
+          {...defaultProps}
+          isMultiOrgEnabled={false}
+          isFormbricksCloud={false}
+          isLicenseActive={false}
+          isOwnerOrManager={false}
+          isAccessControlAllowed={false}
+        />
+      );
+
+      const orgBreadcrumb = screen.getByTestId("organization-breadcrumb");
+      const projectBreadcrumb = screen.getByTestId("project-breadcrumb");
+
+      expect(orgBreadcrumb).toHaveTextContent("Multi Org: Disabled");
+      expect(projectBreadcrumb).toHaveTextContent("Owner/Manager: No");
+      expect(projectBreadcrumb).toHaveTextContent("Formbricks Cloud: No");
+      expect(projectBreadcrumb).toHaveTextContent("License Active: No");
+      expect(projectBreadcrumb).toHaveTextContent("Access Control: Not Allowed");
+    });
+
+    test("maintains component order in DOM", () => {
+      render(<ProjectAndOrgSwitch {...defaultProps} />);
+
+      const breadcrumbList = screen.getByTestId("breadcrumb-list");
+      const children = Array.from(breadcrumbList.children);
+
+      expect(children[0]).toHaveAttribute("data-testid", "organization-breadcrumb");
+      expect(children[1]).toHaveAttribute("data-testid", "project-breadcrumb");
+      expect(children[2]).toHaveAttribute("data-testid", "environment-breadcrumb");
+    });
+  });
+
+  describe("TypeScript Props Interface", () => {
+    test("accepts all required props without error", () => {
+      // This test ensures the component accepts the full interface
+      expect(() => {
+        render(<ProjectAndOrgSwitch {...defaultProps} />);
+      }).not.toThrow();
+    });
+
+    test("works with minimal valid props", () => {
+      const minimalProps = {
+        currentOrganizationId: "org-1",
+        organizations: [mockOrganization1],
+        currentProjectId: "proj-1",
+        projects: [mockProject1],
+        currentEnvironmentId: "env-1",
+        environments: [mockEnvironment1],
+        isMultiOrgEnabled: false,
+        organizationProjectsLimit: 1,
+        isFormbricksCloud: false,
+        isLicenseActive: false,
+        isOwnerOrManager: false,
+        isAccessControlAllowed: false,
+        isMember: true,
+      };
+
+      expect(() => {
+        render(<ProjectAndOrgSwitch {...minimalProps} />);
+      }).not.toThrow();
+
+      expect(screen.getByTestId("breadcrumb")).toBeInTheDocument();
+    });
+  });
+});
--- a/apps/web/app/(app)/environments/[environmentId]/components/project-and-org-switch.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/project-and-org-switch.tsx
@@ -0,0 +1,80 @@
+"use client";
+
+import { EnvironmentBreadcrumb } from "@/app/(app)/environments/[environmentId]/components/environment-breadcrumb";
+import { OrganizationBreadcrumb } from "@/app/(app)/environments/[environmentId]/components/organization-breadcrumb";
+import { ProjectBreadcrumb } from "@/app/(app)/environments/[environmentId]/components/project-breadcrumb";
+import { Breadcrumb, BreadcrumbList } from "@/modules/ui/components/breadcrumb";
+import { useMemo } from "react";
+
+interface ProjectAndOrgSwitchProps {
+  currentOrganizationId: string;
+  organizations: { id: string; name: string }[];
+  currentProjectId?: string;
+  projects: { id: string; name: string }[];
+  currentEnvironmentId?: string;
+  environments: { id: string; type: string }[];
+  isMultiOrgEnabled: boolean;
+  organizationProjectsLimit: number;
+  isFormbricksCloud: boolean;
+  isLicenseActive: boolean;
+  isOwnerOrManager: boolean;
+  isAccessControlAllowed: boolean;
+  isMember: boolean;
+}
+
+export const ProjectAndOrgSwitch = ({
+  currentOrganizationId,
+  organizations,
+  currentProjectId,
+  projects,
+  currentEnvironmentId,
+  environments,
+  isMultiOrgEnabled,
+  organizationProjectsLimit,
+  isFormbricksCloud,
+  isLicenseActive,
+  isOwnerOrManager,
+  isAccessControlAllowed,
+  isMember,
+}: ProjectAndOrgSwitchProps) => {
+  const sortedProjects = useMemo(() => projects.toSorted((a, b) => a.name.localeCompare(b.name)), [projects]);
+  const sortedOrganizations = useMemo(
+    () => organizations.toSorted((a, b) => a.name.localeCompare(b.name)),
+    [organizations]
+  );
+  const currentEnvironment = environments.find((env) => env.id === currentEnvironmentId);
+  const showEnvironmentBreadcrumb = currentEnvironment?.type === "development";
+
+  return (
+    <Breadcrumb>
+      <BreadcrumbList className="gap-0">
+        <OrganizationBreadcrumb
+          currentOrganizationId={currentOrganizationId}
+          organizations={sortedOrganizations}
+          isMultiOrgEnabled={isMultiOrgEnabled}
+          currentEnvironmentId={currentEnvironmentId}
+          isFormbricksCloud={isFormbricksCloud}
+          isMember={isMember}
+          isOwnerOrManager={isOwnerOrManager}
+        />
+        {currentProjectId && currentEnvironmentId && (
+          <ProjectBreadcrumb
+            currentProjectId={currentProjectId}
+            currentOrganizationId={currentOrganizationId}
+            currentEnvironmentId={currentEnvironmentId}
+            projects={sortedProjects}
+            isOwnerOrManager={isOwnerOrManager}
+            organizationProjectsLimit={organizationProjectsLimit}
+            isFormbricksCloud={isFormbricksCloud}
+            isLicenseActive={isLicenseActive}
+            isAccessControlAllowed={isAccessControlAllowed}
+            isEnvironmentBreadcrumbVisible={showEnvironmentBreadcrumb}
+          />
+        )}
+        {showEnvironmentBreadcrumb && (
+          <EnvironmentBreadcrumb environments={environments} currentEnvironment={currentEnvironment} />
+        )}
+      </BreadcrumbList>
+    </Breadcrumb>
+  );
+};
--- a/apps/web/app/(app)/environments/[environmentId]/components/project-breadcrumb.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/project-breadcrumb.test.tsx
@@ -0,0 +1,512 @@
+import "@testing-library/jest-dom/vitest";
+import { cleanup, render, screen, waitFor } from "@testing-library/react";
+import userEvent from "@testing-library/user-event";
+import { useRouter } from "next/navigation";
+import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { TOrganization, TOrganizationBilling } from "@formbricks/types/organizations";
+import { TProject } from "@formbricks/types/project";
+import { ProjectBreadcrumb } from "./project-breadcrumb";
+
+// Mock the dependencies
+vi.mock("next/navigation", () => ({
+  useRouter: vi.fn(),
+  usePathname: vi.fn(() => "/environments/env-123/project/general"),
+}));
+
+vi.mock("@tolgee/react", () => ({
+  useTranslate: () => ({
+    t: (key: string) => key,
+  }),
+}));
+
+vi.mock("@/modules/projects/components/project-limit-modal", () => ({
+  ProjectLimitModal: ({ open, setOpen, buttons, projectLimit }: any) =>
+    open ? (
+      <div data-testid="project-limit-modal">
+        <div>Project Limit: {projectLimit}</div>
+        <button onClick={() => setOpen(false)}>Close Limit Modal</button>
+        {buttons.map((button: any) => (
+          <button key={button.text} type="button" onClick={() => button.href && window.open(button.href)}>
+            {button.text}
+          </button>
+        ))}
+      </div>
+    ) : null,
+}));
+
+vi.mock("@/modules/projects/components/create-project-modal", () => ({
+  CreateProjectModal: ({ open, setOpen, organizationId, isAccessControlAllowed }: any) =>
+    open ? (
+      <div data-testid="create-project-modal">
+        <div>Organization: {organizationId}</div>
+        <div>Access Control: {isAccessControlAllowed ? "Allowed" : "Not Allowed"}</div>
+        <button onClick={() => setOpen(false)}>Close Create Modal</button>
+      </div>
+    ) : null,
+}));
+
+// Mock the UI components
+vi.mock("@/modules/ui/components/breadcrumb", () => ({
+  BreadcrumbItem: ({ children, isActive, ...props }: any) => (
+    <li data-testid="breadcrumb-item" data-active={isActive} {...props}>
+      {children}
+    </li>
+  ),
+}));
+
+vi.mock("@/modules/ui/components/dropdown-menu", () => ({
+  DropdownMenu: ({ children, onOpenChange }: any) => (
+    <button
+      type="button"
+      data-testid="dropdown-menu"
+      onClick={() => onOpenChange?.(true)}
+      onKeyDown={(e: any) => e.key === "Enter" && onOpenChange?.(true)}>
+      {children}
+    </button>
+  ),
+  DropdownMenuContent: ({ children, ...props }: any) => (
+    <div data-testid="dropdown-content" {...props}>
+      {children}
+    </div>
+  ),
+  DropdownMenuCheckboxItem: ({ children, onClick, checked, ...props }: any) => (
+    <div
+      data-testid="dropdown-checkbox-item"
+      data-checked={checked}
+      onClick={onClick}
+      onKeyDown={(e: any) => e.key === "Enter" && onClick?.()}
+      role="menuitemcheckbox"
+      aria-checked={checked}
+      tabIndex={0}
+      {...props}>
+      {children}
+    </div>
+  ),
+  DropdownMenuTrigger: ({ children, ...props }: any) => (
+    <button data-testid="dropdown-trigger" {...props}>
+      {children}
+    </button>
+  ),
+  DropdownMenuGroup: ({ children }: any) => <div data-testid="dropdown-group">{children}</div>,
+  DropdownMenuSeparator: () => <div data-testid="dropdown-separator" />,
+}));
+
+// Mock Lucide React icons
+vi.mock("lucide-react", () => ({
+  FolderOpenIcon: ({ className, strokeWidth }: any) => {
+    const isHeader = className?.includes("mr-2");
+    return (
+      <svg
+        data-testid={isHeader ? "folder-open-header-icon" : "folder-open-icon"}
+        className={className}
+        strokeWidth={strokeWidth}>
+        <title>FolderOpen Icon</title>
+      </svg>
+    );
+  },
+  ChevronDownIcon: ({ className, strokeWidth }: any) => (
+    <svg data-testid="chevron-down-icon" className={className} strokeWidth={strokeWidth}>
+      <title>ChevronDown Icon</title>
+    </svg>
+  ),
+  ChevronRightIcon: ({ className, strokeWidth }: any) => (
+    <svg data-testid="chevron-right-icon" className={className} strokeWidth={strokeWidth}>
+      <title>ChevronRight Icon</title>
+    </svg>
+  ),
+  PlusIcon: ({ className }: any) => (
+    <svg data-testid="plus-icon" className={className}>
+      <title>Plus Icon</title>
+    </svg>
+  ),
+  Loader2: ({ className }: any) => (
+    <svg data-testid="loader-2-icon" className={className}>
+      <title>Loader2 Icon</title>
+    </svg>
+  ),
+  CogIcon: ({ className }: any) => (
+    <svg data-testid="cog-icon" className={className}>
+      <title>Cog Icon</title>
+    </svg>
+  ),
+  SettingsIcon: ({ className }: any) => (
+    <svg data-testid="settings-icon" className={className}>
+      <title>Settings Icon</title>
+    </svg>
+  ),
+}));
+
+describe("ProjectBreadcrumb", () => {
+  const mockPush = vi.fn();
+  const mockRouter = {
+    push: mockPush,
+    replace: vi.fn(),
+    refresh: vi.fn(),
+    back: vi.fn(),
+    forward: vi.fn(),
+    prefetch: vi.fn(),
+  };
+
+  const mockProject1 = {
+    id: "proj-1",
+    name: "Test Project 1",
+    createdAt: new Date("2023-01-01"),
+    updatedAt: new Date("2023-01-01"),
+    organizationId: "org-1",
+    languages: [],
+  } as unknown as TProject;
+
+  const mockProject2 = {
+    id: "proj-2",
+    name: "Test Project 2",
+    createdAt: new Date("2023-01-01"),
+    updatedAt: new Date("2023-01-01"),
+    organizationId: "org-1",
+    languages: [],
+  } as unknown as TProject;
+
+  const mockProjects = [mockProject1, mockProject2];
+
+  const mockOrganization: TOrganization = {
+    id: "org-1",
+    name: "Test Organization",
+    createdAt: new Date("2023-01-01"),
+    updatedAt: new Date("2023-01-01"),
+    billing: {
+      plan: "free",
+      stripeCustomerId: null,
+    } as unknown as TOrganizationBilling,
+    isAIEnabled: false,
+  };
+
+  const defaultProps = {
+    currentProjectId: "proj-1",
+    currentOrganizationId: "org-1",
+    projects: mockProjects,
+    isOwnerOrManager: true,
+    organizationProjectsLimit: 3,
+    isFormbricksCloud: true,
+    isLicenseActive: false,
+    currentEnvironmentId: "env-123",
+    isAccessControlAllowed: true,
+    isEnvironmentBreadcrumbVisible: true,
+  };
+
+  beforeEach(() => {
+    vi.mocked(useRouter).mockReturnValue(mockRouter as any);
+  });
+
+  afterEach(() => {
+    cleanup();
+    vi.clearAllMocks();
+  });
+
+  describe("Basic Rendering", () => {
+    test("renders project breadcrumb correctly", () => {
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      expect(screen.getByTestId("breadcrumb-item")).toBeInTheDocument();
+      expect(screen.getByTestId("dropdown-trigger")).toBeInTheDocument();
+      expect(screen.getByTestId("folder-open-icon")).toBeInTheDocument();
+      expect(screen.getAllByText("Test Project 1")).toHaveLength(2); // trigger + dropdown option
+    });
+
+    test("shows chevron icons correctly", () => {
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      // Should show chevron right when closed
+      expect(screen.getByTestId("chevron-right-icon")).toBeInTheDocument();
+      expect(screen.queryByTestId("chevron-down-icon")).not.toBeInTheDocument();
+    });
+
+    test("shows chevron down when dropdown is open", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      await waitFor(() => {
+        expect(screen.getByTestId("chevron-down-icon")).toBeInTheDocument();
+      });
+    });
+  });
+
+  describe("Project Selection", () => {
+    test("renders dropdown content with project options", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      expect(screen.getByTestId("dropdown-content")).toBeInTheDocument();
+      expect(screen.getByText("common.choose_project")).toBeInTheDocument();
+      expect(screen.getAllByTestId("dropdown-group")).toHaveLength(2); // Projects group and settings group
+    });
+
+    test("renders all project options in dropdown", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const checkboxItems = screen.getAllByTestId("dropdown-checkbox-item");
+
+      // Find project options (excluding the add new project option)
+      const projectOptions = checkboxItems.filter((item) => item.textContent?.includes("Test Project"));
+      expect(projectOptions).toHaveLength(2);
+
+      // Check current project is marked as selected
+      const currentProjectOption = checkboxItems.find((item) => item.textContent?.includes("Test Project 1"));
+      expect(currentProjectOption).toHaveAttribute("data-checked", "true");
+
+      // Check other project is not selected
+      const otherProjectOption = checkboxItems.find((item) => item.textContent?.includes("Test Project 2"));
+      expect(otherProjectOption).toHaveAttribute("data-checked", "false");
+    });
+
+    test("handles project change when clicking dropdown option", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const checkboxItems = screen.getAllByTestId("dropdown-checkbox-item");
+      const project2Option = checkboxItems.find((item) => item.textContent?.includes("Test Project 2"));
+
+      expect(project2Option).toBeInTheDocument();
+      await user.click(project2Option!);
+
+      expect(mockPush).toHaveBeenCalledWith("/projects/proj-2/");
+    });
+  });
+
+  describe("Add New Project", () => {
+    test("shows add new project option when user is owner or manager", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      expect(screen.getByText("common.add_new_project")).toBeInTheDocument();
+      expect(screen.getByTestId("plus-icon")).toBeInTheDocument();
+    });
+
+    test("hides add new project option when user is not owner or manager", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} isOwnerOrManager={false} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      expect(screen.queryByText("common.add_new_project")).not.toBeInTheDocument();
+    });
+
+    test("opens create project modal when within project limit", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const addProjectOption = screen.getByText("common.add_new_project");
+      await user.click(addProjectOption);
+
+      expect(screen.getByTestId("create-project-modal")).toBeInTheDocument();
+      expect(screen.getByText("Organization: org-1")).toBeInTheDocument();
+      expect(screen.getByText("Access Control: Allowed")).toBeInTheDocument();
+    });
+
+    test("opens limit modal when exceeding project limit", async () => {
+      const user = userEvent.setup();
+      const props = {
+        ...defaultProps,
+        projects: [mockProject1, mockProject2, { ...mockProject1, id: "proj-3", name: "Project 3" }],
+        organizationProjectsLimit: 3,
+      };
+      render(<ProjectBreadcrumb {...props} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const addProjectOption = screen.getByText("common.add_new_project");
+      await user.click(addProjectOption);
+
+      expect(screen.getByTestId("project-limit-modal")).toBeInTheDocument();
+      expect(screen.getByText("Project Limit: 3")).toBeInTheDocument();
+    });
+  });
+
+  describe("Project Limit Modal", () => {
+    test("shows correct buttons for Formbricks Cloud with non-enterprise plan", async () => {
+      const user = userEvent.setup();
+      const props = {
+        ...defaultProps,
+        projects: [mockProject1, mockProject2, { ...mockProject1, id: "proj-3", name: "Project 3" }],
+        organizationProjectsLimit: 3,
+        isFormbricksCloud: true,
+        isEnvironmentBreadcrumbVisible: true,
+        currentOrganization: {
+          ...mockOrganization,
+          billing: { ...mockOrganization.billing, plan: "startup" } as unknown as TOrganizationBilling,
+        },
+      };
+      render(<ProjectBreadcrumb {...props} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const addProjectOption = screen.getByText("common.add_new_project");
+      await user.click(addProjectOption);
+
+      expect(screen.getByText("environments.settings.billing.upgrade")).toBeInTheDocument();
+      expect(screen.getByText("common.cancel")).toBeInTheDocument();
+    });
+
+    test("shows correct buttons for self-hosted with active license", async () => {
+      const user = userEvent.setup();
+      const props = {
+        ...defaultProps,
+        projects: [mockProject1, mockProject2, { ...mockProject1, id: "proj-3", name: "Project 3" }],
+        organizationProjectsLimit: 3,
+        isFormbricksCloud: false,
+        isLicenseActive: true,
+        isEnvironmentBreadcrumbVisible: true,
+      };
+      render(<ProjectBreadcrumb {...props} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const addProjectOption = screen.getByText("common.add_new_project");
+      await user.click(addProjectOption);
+
+      expect(screen.getByText("environments.settings.billing.upgrade")).toBeInTheDocument();
+      expect(screen.getByText("common.cancel")).toBeInTheDocument();
+    });
+
+    test("closes limit modal correctly", async () => {
+      const user = userEvent.setup();
+      const props = {
+        ...defaultProps,
+        projects: [mockProject1, mockProject2, { ...mockProject1, id: "proj-3", name: "Project 3" }],
+        organizationProjectsLimit: 3,
+      };
+      render(<ProjectBreadcrumb {...props} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const addProjectOption = screen.getByText("common.add_new_project");
+      await user.click(addProjectOption);
+
+      expect(screen.getByTestId("project-limit-modal")).toBeInTheDocument();
+
+      const closeButton = screen.getByText("Close Limit Modal");
+      await user.click(closeButton);
+
+      expect(screen.queryByTestId("project-limit-modal")).not.toBeInTheDocument();
+    });
+  });
+
+  describe("Create Project Modal", () => {
+    test("closes create project modal correctly", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const addProjectOption = screen.getByText("common.add_new_project");
+      await user.click(addProjectOption);
+
+      expect(screen.getByTestId("create-project-modal")).toBeInTheDocument();
+
+      const closeButton = screen.getByText("Close Create Modal");
+      await user.click(closeButton);
+
+      expect(screen.queryByTestId("create-project-modal")).not.toBeInTheDocument();
+    });
+
+    test("passes correct props to create project modal", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} isAccessControlAllowed={false} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const addProjectOption = screen.getByText("common.add_new_project");
+      await user.click(addProjectOption);
+
+      expect(screen.getByText("Access Control: Not Allowed")).toBeInTheDocument();
+    });
+  });
+
+  describe("Edge Cases", () => {
+    test("handles single project scenario", () => {
+      render(<ProjectBreadcrumb {...defaultProps} projects={[mockProject1]} />);
+
+      expect(screen.getByTestId("breadcrumb-item")).toBeInTheDocument();
+      expect(screen.getAllByText("Test Project 1")).toHaveLength(2); // trigger + dropdown option
+    });
+
+    test("sets breadcrumb item as active when dropdown is open", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} />);
+
+      // Initially not active
+      let breadcrumbItem = screen.getByTestId("breadcrumb-item");
+      expect(breadcrumbItem).toHaveAttribute("data-active", "false");
+
+      // Open dropdown
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      // Should be active when dropdown is open
+      breadcrumbItem = screen.getByTestId("breadcrumb-item");
+      expect(breadcrumbItem).toHaveAttribute("data-active", "true");
+    });
+
+    test("handles project limit of zero", async () => {
+      const user = userEvent.setup();
+      render(<ProjectBreadcrumb {...defaultProps} organizationProjectsLimit={0} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const addProjectOption = screen.getByText("common.add_new_project");
+      await user.click(addProjectOption);
+
+      // Should show limit modal even with 0 projects when limit is 0
+      expect(screen.getByTestId("project-limit-modal")).toBeInTheDocument();
+      expect(screen.getByText("Project Limit: 0")).toBeInTheDocument();
+    });
+
+    test("handles enterprise plan on Formbricks Cloud", async () => {
+      const user = userEvent.setup();
+      const props = {
+        ...defaultProps,
+        projects: [mockProject1, mockProject2, { ...mockProject1, id: "proj-3", name: "Project 3" }],
+        organizationProjectsLimit: 3,
+        currentOrganization: {
+          ...mockOrganization,
+          billing: { ...mockOrganization.billing, plan: "enterprise" } as unknown as TOrganizationBilling,
+        },
+      };
+      render(<ProjectBreadcrumb {...props} />);
+
+      const dropdownMenu = screen.getByTestId("dropdown-menu");
+      await user.click(dropdownMenu);
+
+      const addProjectOption = screen.getByText("common.add_new_project");
+      await user.click(addProjectOption);
+
+      // Should show self-hosted style buttons for enterprise plan
+      expect(screen.getByTestId("project-limit-modal")).toBeInTheDocument();
+    });
+  });
+});
--- a/apps/web/app/(app)/environments/[environmentId]/components/project-breadcrumb.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/project-breadcrumb.tsx
@@ -0,0 +1,225 @@
+"use client";
+
+import { CreateProjectModal } from "@/modules/projects/components/create-project-modal";
+import { ProjectLimitModal } from "@/modules/projects/components/project-limit-modal";
+import { BreadcrumbItem } from "@/modules/ui/components/breadcrumb";
+import {
+  DropdownMenu,
+  DropdownMenuCheckboxItem,
+  DropdownMenuContent,
+  DropdownMenuGroup,
+  DropdownMenuSeparator,
+  DropdownMenuTrigger,
+} from "@/modules/ui/components/dropdown-menu";
+import { ModalButton } from "@/modules/ui/components/upgrade-prompt";
+import * as Sentry from "@sentry/nextjs";
+import { useTranslate } from "@tolgee/react";
+import { ChevronDownIcon, ChevronRightIcon, CogIcon, FolderOpenIcon, Loader2, PlusIcon } from "lucide-react";
+import { usePathname, useRouter } from "next/navigation";
+import { useState } from "react";
+import { logger } from "@formbricks/logger";
+
+interface ProjectBreadcrumbProps {
+  currentProjectId: string;
+  projects: { id: string; name: string }[];
+  isOwnerOrManager: boolean;
+  organizationProjectsLimit: number;
+  isFormbricksCloud: boolean;
+  isLicenseActive: boolean;
+  currentOrganizationId: string;
+  currentEnvironmentId: string;
+  isAccessControlAllowed: boolean;
+  isEnvironmentBreadcrumbVisible: boolean;
+}
+
+export const ProjectBreadcrumb = ({
+  currentProjectId,
+  projects,
+  isOwnerOrManager,
+  organizationProjectsLimit,
+  isFormbricksCloud,
+  isLicenseActive,
+  currentOrganizationId,
+  currentEnvironmentId,
+  isAccessControlAllowed,
+  isEnvironmentBreadcrumbVisible,
+}: ProjectBreadcrumbProps) => {
+  const { t } = useTranslate();
+  const [isProjectDropdownOpen, setIsProjectDropdownOpen] = useState(false);
+  const [openCreateProjectModal, setOpenCreateProjectModal] = useState(false);
+  const [openLimitModal, setOpenLimitModal] = useState(false);
+  const router = useRouter();
+  const [isLoading, setIsLoading] = useState(false);
+  const pathname = usePathname();
+
+  const projectSettings = [
+    {
+      id: "general",
+      label: t("common.general"),
+      href: `/environments/${currentEnvironmentId}/project/general`,
+    },
+    {
+      id: "look",
+      label: t("common.look_and_feel"),
+      href: `/environments/${currentEnvironmentId}/project/look`,
+    },
+    {
+      id: "app-connection",
+      label: t("common.website_and_app_connection"),
+      href: `/environments/${currentEnvironmentId}/project/app-connection`,
+    },
+    {
+      id: "integrations",
+      label: t("common.integrations"),
+      href: `/environments/${currentEnvironmentId}/project/integrations`,
+    },
+    {
+      id: "teams",
+      label: t("common.team_access"),
+      href: `/environments/${currentEnvironmentId}/project/teams`,
+    },
+    {
+      id: "languages",
+      label: t("common.survey_languages"),
+      href: `/environments/${currentEnvironmentId}/project/languages`,
+    },
+    {
+      id: "tags",
+      label: t("common.tags"),
+      href: `/environments/${currentEnvironmentId}/project/tags`,
+    },
+  ];
+
+  const currentProject = projects.find((project) => project.id === currentProjectId);
+
+  if (!currentProject) {
+    const errorMessage = `Project not found for project id: ${currentProjectId}`;
+    logger.error(errorMessage);
+    Sentry.captureException(new Error(errorMessage));
+    return;
+  }
+
+  const handleProjectChange = (projectId: string) => {
+    if (projectId === currentProjectId) return;
+    setIsLoading(true);
+    router.push(`/projects/${projectId}/`);
+  };
+
+  const handleAddProject = () => {
+    if (projects.length >= organizationProjectsLimit) {
+      setOpenLimitModal(true);
+      return;
+    }
+    setOpenCreateProjectModal(true);
+  };
+
+  const LimitModalButtons = (): [ModalButton, ModalButton] => {
+    if (isFormbricksCloud) {
+      return [
+        {
+          text: t("environments.settings.billing.upgrade"),
+          href: `/environments/${currentEnvironmentId}/settings/billing`,
+        },
+        {
+          text: t("common.cancel"),
+          onClick: () => setOpenLimitModal(false),
+        },
+      ];
+    }
+
+    return [
+      {
+        text: t("environments.settings.billing.upgrade"),
+        href: isLicenseActive
+          ? `/environments/${currentEnvironmentId}/settings/enterprise`
+          : "https://formbricks.com/upgrade-self-hosted-license",
+      },
+      {
+        text: t("common.cancel"),
+        onClick: () => setOpenLimitModal(false),
+      },
+    ];
+  };
+  return (
+    <BreadcrumbItem isActive={isProjectDropdownOpen}>
+      <DropdownMenu onOpenChange={setIsProjectDropdownOpen}>
+        <DropdownMenuTrigger
+          className="flex cursor-pointer items-center gap-1 outline-none"
+          id="projectDropdownTrigger"
+          asChild>
+          <div className="flex items-center gap-1">
+            <FolderOpenIcon className="h-3 w-3" strokeWidth={1.5} />
+            <span>{currentProject.name}</span>
+            {isLoading && <Loader2 className="h-3 w-3 animate-spin" strokeWidth={1.5} />}
+            {isProjectDropdownOpen ? (
+              <ChevronDownIcon className="h-3 w-3" strokeWidth={1.5} />
+            ) : (
+              isEnvironmentBreadcrumbVisible && <ChevronRightIcon className="h-3 w-3" strokeWidth={1.5} />
+            )}
+          </div>
+        </DropdownMenuTrigger>
+
+        <DropdownMenuContent align="start" className="mt-2">
+          <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
+            <FolderOpenIcon className="mr-2 inline h-4 w-4" strokeWidth={1.5} />
+            {t("common.choose_project")}
+          </div>
+          <DropdownMenuGroup>
+            {projects.map((proj) => (
+              <DropdownMenuCheckboxItem
+                key={proj.id}
+                checked={proj.id === currentProject.id}
+                onClick={() => handleProjectChange(proj.id)}
+                className="cursor-pointer">
+                <div className="flex items-center gap-2">
+                  <span>{proj.name}</span>
+                </div>
+              </DropdownMenuCheckboxItem>
+            ))}
+          </DropdownMenuGroup>
+          {isOwnerOrManager && (
+            <DropdownMenuCheckboxItem
+              onClick={handleAddProject}
+              className="w-full cursor-pointer justify-between">
+              <span>{t("common.add_new_project")}</span>
+              <PlusIcon className="ml-2 h-4 w-4" strokeWidth={1.5} />
+            </DropdownMenuCheckboxItem>
+          )}
+          <DropdownMenuGroup>
+            <DropdownMenuSeparator />
+            <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
+              <CogIcon className="mr-2 inline h-4 w-4" strokeWidth={1.5} />
+              {t("common.project_configuration")}
+            </div>
+            {projectSettings.map((setting) => (
+              <DropdownMenuCheckboxItem
+                key={setting.id}
+                checked={pathname.includes(setting.id)}
+                onClick={() => router.push(setting.href)}
+                className="cursor-pointer">
+                {setting.label}
+              </DropdownMenuCheckboxItem>
+            ))}
+          </DropdownMenuGroup>
+        </DropdownMenuContent>
+      </DropdownMenu>
+      {/* Modals */}
+      {openLimitModal && (
+        <ProjectLimitModal
+          open={openLimitModal}
+          setOpen={setOpenLimitModal}
+          buttons={LimitModalButtons()}
+          projectLimit={organizationProjectsLimit}
+        />
+      )}
+      {openCreateProjectModal && (
+        <CreateProjectModal
+          open={openCreateProjectModal}
+          setOpen={setOpenCreateProjectModal}
+          organizationId={currentOrganizationId}
+          isAccessControlAllowed={isAccessControlAllowed}
+        />
+      )}
+    </BreadcrumbItem>
+  );
+};
--- a/apps/web/app/(app)/environments/[environmentId]/lib/organization.test.ts
+++ b/apps/web/app/(app)/environments/[environmentId]/lib/organization.test.ts
@@ -0,0 +1,77 @@
+import { Prisma } from "@prisma/client";
+import { describe, expect, test, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { getOrganizationsByUserId } from "./organization";
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    organization: {
+      findMany: vi.fn(),
+    },
+  },
+}));
+
+describe("Organization", () => {
+  describe("getOrganizationsByUserId", () => {
+    test("should return organizations when found", async () => {
+      const mockOrganizations = [
+        { id: "org1", name: "Organization 1" },
+        { id: "org2", name: "Organization 2" },
+      ];
+
+      vi.mocked(prisma.organization.findMany).mockResolvedValue(mockOrganizations as any);
+
+      const result = await getOrganizationsByUserId("user1");
+
+      expect(prisma.organization.findMany).toHaveBeenCalledWith({
+        where: {
+          memberships: {
+            some: {
+              userId: "user1",
+            },
+          },
+        },
+        select: {
+          id: true,
+          name: true,
+        },
+      });
+      expect(result).toEqual(mockOrganizations);
+    });
+
+    test("should throw ResourceNotFoundError when organizations is null", async () => {
+      vi.mocked(prisma.organization.findMany).mockResolvedValue(null as any);
+
+      await expect(getOrganizationsByUserId("user1")).rejects.toThrow(
+        new ResourceNotFoundError("Organizations by UserId", "user1")
+      );
+    });
+
+    test("should throw DatabaseError on Prisma error", async () => {
+      const prismaError = new Prisma.PrismaClientKnownRequestError("Database error", {
+        code: "P2002",
+        clientVersion: "5.0.0",
+      });
+
+      vi.mocked(prisma.organization.findMany).mockRejectedValue(prismaError);
+
+      await expect(getOrganizationsByUserId("user1")).rejects.toThrow(new DatabaseError("Database error"));
+    });
+
+    test("should re-throw unknown errors", async () => {
+      const unknownError = new Error("Unknown error");
+      vi.mocked(prisma.organization.findMany).mockRejectedValue(unknownError);
+
+      await expect(getOrganizationsByUserId("user1")).rejects.toThrow(unknownError);
+    });
+
+    test("should validate inputs correctly", async () => {
+      await expect(getOrganizationsByUserId("")).rejects.toThrow();
+    });
+
+    test("should validate userId input with invalid type", async () => {
+      await expect(getOrganizationsByUserId(123 as any)).rejects.toThrow();
+    });
+  });
+});
--- a/apps/web/app/(app)/environments/[environmentId]/lib/organization.ts
+++ b/apps/web/app/(app)/environments/[environmentId]/lib/organization.ts
@@ -0,0 +1,38 @@
+import { validateInputs } from "@/lib/utils/validate";
+import { Prisma } from "@prisma/client";
+import { cache as reactCache } from "react";
+import { prisma } from "@formbricks/database";
+import { ZString } from "@formbricks/types/common";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
+
+export const getOrganizationsByUserId = reactCache(
+  async (userId: string): Promise<{ id: string; name: string }[]> => {
+    validateInputs([userId, ZString]);
+
+    try {
+      const organizations = await prisma.organization.findMany({
+        where: {
+          memberships: {
+            some: {
+              userId,
+            },
+          },
+        },
+        select: {
+          id: true,
+          name: true,
+        },
+      });
+      if (!organizations) {
+        throw new ResourceNotFoundError("Organizations by UserId", userId);
+      }
+      return organizations;
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+        throw new DatabaseError(error.message);
+      }
+
+      throw error;
+    }
+  }
+);
--- a/apps/web/app/(app)/environments/[environmentId]/lib/project.test.ts
+++ b/apps/web/app/(app)/environments/[environmentId]/lib/project.test.ts
@@ -0,0 +1,146 @@
+import { Prisma } from "@prisma/client";
+import { describe, expect, test, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { DatabaseError } from "@formbricks/types/errors";
+import { TMembership } from "@formbricks/types/memberships";
+import { getProjectsByUserId } from "./project";
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    project: {
+      findMany: vi.fn(),
+    },
+  },
+}));
+
+describe("Project", () => {
+  describe("getUserProjects", () => {
+    const mockAdminMembership: TMembership = {
+      role: "manager",
+      organizationId: "org1",
+      userId: "user1",
+      accepted: true,
+    };
+
+    const mockMemberMembership: TMembership = {
+      role: "member",
+      organizationId: "org1",
+      userId: "user1",
+      accepted: true,
+    };
+
+    test("should return projects for admin role", async () => {
+      const mockProjects = [
+        { id: "project1", name: "Project 1" },
+        { id: "project2", name: "Project 2" },
+      ];
+
+      vi.mocked(prisma.project.findMany).mockResolvedValue(mockProjects as any);
+
+      const result = await getProjectsByUserId("user1", mockAdminMembership);
+
+      expect(prisma.project.findMany).toHaveBeenCalledWith({
+        where: {
+          organizationId: "org1",
+        },
+        select: {
+          id: true,
+          name: true,
+        },
+      });
+      expect(result).toEqual(mockProjects);
+    });
+
+    test("should return projects for member role with team restrictions", async () => {
+      const mockProjects = [{ id: "project1", name: "Project 1" }];
+
+      vi.mocked(prisma.project.findMany).mockResolvedValue(mockProjects as any);
+
+      const result = await getProjectsByUserId("user1", mockMemberMembership);
+
+      expect(prisma.project.findMany).toHaveBeenCalledWith({
+        where: {
+          organizationId: "org1",
+          projectTeams: {
+            some: {
+              team: {
+                teamUsers: {
+                  some: {
+                    userId: "user1",
+                  },
+                },
+              },
+            },
+          },
+        },
+        select: {
+          id: true,
+          name: true,
+        },
+      });
+      expect(result).toEqual(mockProjects);
+    });
+
+    test("should return empty array when no projects found", async () => {
+      vi.mocked(prisma.project.findMany).mockResolvedValue([]);
+
+      const result = await getProjectsByUserId("user1", mockAdminMembership);
+
+      expect(result).toEqual([]);
+    });
+
+    test("should throw DatabaseError on Prisma error", async () => {
+      const prismaError = new Prisma.PrismaClientKnownRequestError("Database error", {
+        code: "P2002",
+        clientVersion: "5.0.0",
+      });
+
+      vi.mocked(prisma.project.findMany).mockRejectedValue(prismaError);
+
+      await expect(getProjectsByUserId("user1", mockAdminMembership)).rejects.toThrow(
+        new DatabaseError("Database error")
+      );
+    });
+
+    test("should re-throw unknown errors", async () => {
+      const unknownError = new Error("Unknown error");
+      vi.mocked(prisma.project.findMany).mockRejectedValue(unknownError);
+
+      await expect(getProjectsByUserId("user1", mockAdminMembership)).rejects.toThrow(unknownError);
+    });
+
+    test("should validate inputs correctly", async () => {
+      await expect(getProjectsByUserId(123 as any, mockAdminMembership)).rejects.toThrow();
+    });
+
+    test("should validate membership input correctly", async () => {
+      const invalidMembership = {} as TMembership;
+      await expect(getProjectsByUserId("user1", invalidMembership)).rejects.toThrow();
+    });
+
+    test("should handle owner role like manager", async () => {
+      const mockOwnerMembership: TMembership = {
+        role: "owner",
+        organizationId: "org1",
+        userId: "user1",
+        accepted: true,
+      };
+
+      const mockProjects = [{ id: "project1", name: "Project 1" }];
+      vi.mocked(prisma.project.findMany).mockResolvedValue(mockProjects as any);
+
+      const result = await getProjectsByUserId("user1", mockOwnerMembership);
+
+      expect(prisma.project.findMany).toHaveBeenCalledWith({
+        where: {
+          organizationId: "org1",
+        },
+        select: {
+          id: true,
+          name: true,
+        },
+      });
+      expect(result).toEqual(mockProjects);
+    });
+  });
+});
--- a/apps/web/app/(app)/environments/[environmentId]/lib/project.ts
+++ b/apps/web/app/(app)/environments/[environmentId]/lib/project.ts
@@ -0,0 +1,51 @@
+import { validateInputs } from "@/lib/utils/validate";
+import { Prisma } from "@prisma/client";
+import { cache as reactCache } from "react";
+import { prisma } from "@formbricks/database";
+import { ZString } from "@formbricks/types/common";
+import { DatabaseError } from "@formbricks/types/errors";
+import { TMembership, ZMembership } from "@formbricks/types/memberships";
+
+export const getProjectsByUserId = reactCache(
+  async (userId: string, orgMembership: TMembership): Promise<{ id: string; name: string }[]> => {
+    validateInputs([userId, ZString], [orgMembership, ZMembership]);
+
+    let projectWhereClause: Prisma.ProjectWhereInput = {};
+
+    if (orgMembership.role === "member") {
+      projectWhereClause = {
+        projectTeams: {
+          some: {
+            team: {
+              teamUsers: {
+                some: {
+                  userId,
+                },
+              },
+            },
+          },
+        },
+      };
+    }
+
+    try {
+      const projects = await prisma.project.findMany({
+        where: {
+          organizationId: orgMembership.organizationId,
+          ...projectWhereClause,
+        },
+        select: {
+          id: true,
+          name: true,
+        },
+      });
+      return projects;
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+        throw new DatabaseError(error.message);
+      }
+
+      throw error;
+    }
+  }
+);
--- a/apps/web/app/(app)/environments/[environmentId]/lib/utils.test.ts
+++ b/apps/web/app/(app)/environments/[environmentId]/lib/utils.test.ts
@@ -0,0 +1,82 @@
+// apps/web/lib/utils/version.test.ts
+import { describe, expect, test } from "vitest";
+import { isNewerVersion, parseVersion } from "./utils";
+
+describe("Version utilities", () => {
+  describe("parseVersion", () => {
+    test("should parse valid semantic versions", () => {
+      expect(parseVersion("1.2.3")).toEqual({
+        major: 1,
+        minor: 2,
+        patch: 3,
+      });
+
+      expect(parseVersion("v2.0.0-beta.1")).toEqual({
+        major: 2,
+        minor: 0,
+        patch: 0,
+        prerelease: "beta.1",
+      });
+    });
+
+    test("should return null for invalid versions", () => {
+      expect(parseVersion("invalid")).toBeNull();
+      expect(parseVersion("1.2")).toEqual({
+        major: 1,
+        minor: 2,
+        patch: 0,
+      });
+    });
+  });
+
+  describe("isNewerVersion", () => {
+    test("should correctly identify newer versions", () => {
+      expect(isNewerVersion("1.0.0", "1.0.1")).toBe(true);
+      expect(isNewerVersion("1.0.0", "1.1.0")).toBe(true);
+      expect(isNewerVersion("1.0.0", "2.0.0")).toBe(true);
+
+      expect(isNewerVersion("1.0.1", "1.0.0")).toBe(false);
+      expect(isNewerVersion("1.0.0", "1.0.0")).toBe(false);
+    });
+
+    test("should handle version prefixes", () => {
+      expect(isNewerVersion("v1.0.0", "v1.0.1")).toBe(true);
+      expect(isNewerVersion("1.0.0", "v1.0.1")).toBe(true);
+    });
+
+    test("should handle prerelease versions", () => {
+      expect(isNewerVersion("1.0.0-beta.1", "1.0.0")).toBe(true);
+      expect(isNewerVersion("1.0.0", "1.0.0-beta.1")).toBe(false);
+    });
+
+    test("should correctly compare prerelease versions with numeric parts", () => {
+      // Test the main issue: rc.5 vs rc.10
+      expect(isNewerVersion("3.17.0-rc.5", "3.17.0-rc.10")).toBe(true);
+      expect(isNewerVersion("3.17.0-rc.10", "3.17.0-rc.5")).toBe(false);
+
+      // Test other numeric comparisons
+      expect(isNewerVersion("1.0.0-beta.1", "1.0.0-beta.2")).toBe(true);
+      expect(isNewerVersion("1.0.0-alpha.9", "1.0.0-alpha.10")).toBe(true);
+      expect(isNewerVersion("1.0.0-rc.99", "1.0.0-rc.100")).toBe(true);
+
+      // Test mixed alphanumeric comparisons
+      expect(isNewerVersion("1.0.0-alpha.1", "1.0.0-beta.1")).toBe(true);
+      expect(isNewerVersion("1.0.0-beta.1", "1.0.0-rc.1")).toBe(true);
+
+      // Test versions with different number of parts
+      expect(isNewerVersion("1.0.0-beta", "1.0.0-beta.1")).toBe(true);
+      expect(isNewerVersion("1.0.0-beta.1", "1.0.0-beta")).toBe(false);
+    });
+
+    test("should treat two-part versions as patch=0 (e.g., 3.16 == 3.16.0)", () => {
+      expect(isNewerVersion("3.16", "3.16.0")).toBe(false);
+      expect(isNewerVersion("3.16.0", "3.16")).toBe(false);
+      expect(isNewerVersion("3.16", "3.16.1")).toBe(true);
+    });
+
+    test("should ignore build metadata for precedence", () => {
+      expect(isNewerVersion("1.0.0+001", "1.0.0+002")).toBe(false);
+      expect(isNewerVersion("1.0.0", "1.0.0+exp.sha.5114f85")).toBe(false);
+    });
+  });
+});
--- a/apps/web/app/(app)/environments/[environmentId]/lib/utils.ts
+++ b/apps/web/app/(app)/environments/[environmentId]/lib/utils.ts
@@ -0,0 +1,93 @@
+export interface VersionInfo {
+  major: number;
+  minor: number;
+  patch: number;
+  prerelease?: string;
+}
+
+export const parseVersion = (version: string): VersionInfo | null => {
+  // Remove 'v' prefix if present
+  const cleanVersion = version.replace(/^v/, "");
+
+  // Regex for semantic versioning with optional patch and prerelease (no build metadata)
+  // Supports both 2-part (1.2) and 3-part (1.2.3) versions
+  const semverRegex = /^(\d+)\.(\d+)(?:\.(\d+))?(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?$/;
+
+  const match = semverRegex.exec(cleanVersion);
+  if (!match) {
+    console.warn(`Invalid version format: ${version}`);
+    return null;
+  }
+
+  return {
+    major: parseInt(match[1], 10),
+    minor: parseInt(match[2], 10),
+    patch: match[3] ? parseInt(match[3], 10) : 0, // Default to 0 if patch is missing
+    prerelease: match[4],
+  };
+};
+
+const comparePrereleaseVersions = (current: string, latest: string): number => {
+  const currentParts = current.split(".");
+  const latestParts = latest.split(".");
+  const max = Math.max(currentParts.length, latestParts.length);
+
+  const isNumeric = (s: string) => /^\d+$/.test(s);
+
+  const comparePart = (a?: string, b?: string): number => {
+    if (!a && b) return 1; // latest has more segments → newer
+    if (a && !b) return -1; // current has more segments → older
+    if (!a && !b) return 0;
+
+    const aNum = isNumeric(a!);
+    const bNum = isNumeric(b!);
+    if (aNum && bNum) return parseInt(b!, 10) - parseInt(a!, 10);
+    return b!.localeCompare(a!);
+  };
+
+  for (let i = 0; i < max; i++) {
+    const diff = comparePart(currentParts[i], latestParts[i]);
+    if (diff !== 0) return diff;
+  }
+  return 0;
+};
+
+export const compareVersions = (current: string, latest: string): number => {
+  const currentVersion = parseVersion(current);
+  const latestVersion = parseVersion(latest);
+
+  // If either version is invalid, treat as different
+  if (!currentVersion || !latestVersion) {
+    return current === latest ? 0 : -1;
+  }
+
+  // Compare major.minor.patch
+  const majorDiff = latestVersion.major - currentVersion.major;
+  if (majorDiff !== 0) return majorDiff;
+
+  const minorDiff = latestVersion.minor - currentVersion.minor;
+  if (minorDiff !== 0) return minorDiff;
+
+  const patchDiff = latestVersion.patch - currentVersion.patch;
+  if (patchDiff !== 0) return patchDiff;
+
+  // Handle prerelease versions
+  if (!currentVersion.prerelease && !latestVersion.prerelease) {
+    return 0; // Both are stable, same version
+  }
+
+  if (!currentVersion.prerelease && latestVersion.prerelease) {
+    return -1; // Current is stable, latest is prerelease - current is "newer"
+  }
+
+  if (currentVersion.prerelease && !latestVersion.prerelease) {
+    return 1; // Current is prerelease, latest is stable - latest is newer
+  }
+
+  // Both are prerelease, compare properly
+  return comparePrereleaseVersions(currentVersion.prerelease!, latestVersion.prerelease!);
+};
+
+export const isNewerVersion = (current: string, latest: string): boolean => {
+  return compareVersions(current, latest) > 0;
+};
--- a/apps/web/app/(app)/environments/[environmentId]/page.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/page.test.tsx
@@ -23,6 +23,10 @@ vi.mock("next/navigation", () => ({
  redirect: vi.fn(),
 }));

+vi.mock("@/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: true,
+}));
+
 describe("EnvironmentPage", () => {
  afterEach(() => {
    vi.clearAllMocks();
@@ -37,7 +41,6 @@ describe("EnvironmentPage", () => {
      id: mockUserId,
      name: "Test User",
      email: "test@example.com",
-      imageUrl: "",
      twoFactorEnabled: false,
      identityProvider: "email",
      createdAt: new Date(),
--- a/apps/web/app/(app)/environments/[environmentId]/page.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/page.tsx
@@ -1,3 +1,4 @@
+import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getAccessFlags } from "@/lib/membership/utils";
 import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
@@ -11,7 +12,11 @@ const EnvironmentPage = async (props) => {
  const { isBilling } = getAccessFlags(currentUserMembership?.role);

  if (isBilling) {
-    return redirect(`/environments/${params.environmentId}/settings/billing`);
+    if (IS_FORMBRICKS_CLOUD) {
+      return redirect(`/environments/${params.environmentId}/settings/billing`);
+    } else {
+      return redirect(`/environments/${params.environmentId}/settings/enterprise`);
+    }
  }

  return redirect(`/environments/${params.environmentId}/surveys`);
--- a/apps/web/app/(app)/environments/[environmentId]/project/integrations/actions.ts
+++ b/apps/web/app/(app)/environments/[environmentId]/project/integrations/actions.ts
--- a/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AddIntegrationModal.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AddIntegrationModal.test.tsx
@@ -1,5 +1,5 @@
-import { createOrUpdateIntegrationAction } from "@/app/(app)/environments/[environmentId]/integrations/actions";
-import { fetchTables } from "@/app/(app)/environments/[environmentId]/integrations/airtable/lib/airtable";
+import { createOrUpdateIntegrationAction } from "@/app/(app)/environments/[environmentId]/project/integrations/actions";
+import { fetchTables } from "@/app/(app)/environments/[environmentId]/project/integrations/airtable/lib/airtable";
 import { cleanup, render, screen, waitFor } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
 import { useRouter } from "next/navigation";
@@ -16,11 +16,11 @@ import { TSurvey } from "@formbricks/types/surveys/types";
 import { AddIntegrationModal } from "./AddIntegrationModal";

 // Mock dependencies
-vi.mock("@/app/(app)/environments/[environmentId]/integrations/actions", () => ({
+vi.mock("@/app/(app)/environments/[environmentId]/project/integrations/actions", () => ({
  createOrUpdateIntegrationAction: vi.fn(),
 }));
 vi.mock(
-  "@/app/(app)/environments/[environmentId]/integrations/airtable/components/BaseSelectDropdown",
+  "@/app/(app)/environments/[environmentId]/project/integrations/airtable/components/BaseSelectDropdown",
  () => ({
    BaseSelectDropdown: ({ control, airtableArray, fetchTable, defaultValue, setValue }) => (
      <div>
@@ -44,7 +44,7 @@ vi.mock(
    ),
  })
 );
-vi.mock("@/app/(app)/environments/[environmentId]/integrations/airtable/lib/airtable", () => ({
+vi.mock("@/app/(app)/environments/[environmentId]/project/integrations/airtable/lib/airtable", () => ({
  fetchTables: vi.fn(),
 }));
 vi.mock("@/lib/i18n/utils", () => ({
--- a/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AddIntegrationModal.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AddIntegrationModal.tsx
@@ -1,8 +1,8 @@
 "use client";

-import { createOrUpdateIntegrationAction } from "@/app/(app)/environments/[environmentId]/integrations/actions";
-import { BaseSelectDropdown } from "@/app/(app)/environments/[environmentId]/integrations/airtable/components/BaseSelectDropdown";
-import { fetchTables } from "@/app/(app)/environments/[environmentId]/integrations/airtable/lib/airtable";
+import { createOrUpdateIntegrationAction } from "@/app/(app)/environments/[environmentId]/project/integrations/actions";
+import { BaseSelectDropdown } from "@/app/(app)/environments/[environmentId]/project/integrations/airtable/components/BaseSelectDropdown";
+import { fetchTables } from "@/app/(app)/environments/[environmentId]/project/integrations/airtable/lib/airtable";
 import AirtableLogo from "@/images/airtableLogo.svg";
 import { getLocalizedValue } from "@/lib/i18n/utils";
 import { replaceHeadlineRecall } from "@/lib/utils/recall";
@@ -41,6 +41,7 @@ import {
  TIntegrationAirtableTables,
 } from "@formbricks/types/integration/airtable";
 import { TSurvey } from "@formbricks/types/surveys/types";
+import { IntegrationModalInputs } from "../lib/types";

 type EditModeProps =
  | { isEditMode: false; defaultData?: never }
@@ -55,17 +56,6 @@ type AddIntegrationModalProps = {
  airtableIntegration: TIntegrationAirtable;
 } & EditModeProps;

-export type IntegrationModalInputs = {
-  base: string;
-  table: string;
-  survey: string;
-  questions: string[];
-  includeVariables: boolean;
-  includeHiddenFields: boolean;
-  includeMetadata: boolean;
-  includeCreatedAt: boolean;
-};
-
 const NoBaseFoundError = () => {
  const { t } = useTranslate();
  return (
@@ -239,7 +229,7 @@ export const AddIntegrationModal = ({

      if (isEditMode) {
        // update action
-        airtableIntegrationData.config!.data[defaultData.index] = integrationData;
+        airtableIntegrationData.config.data[defaultData.index] = integrationData;
      } else {
        // create action
        airtableIntegrationData.config?.data.push(integrationData);
--- a/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AirtableWrapper.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AirtableWrapper.test.tsx
@@ -1,4 +1,4 @@
-import { authorize } from "@/app/(app)/environments/[environmentId]/integrations/airtable/lib/airtable";
+import { authorize } from "@/app/(app)/environments/[environmentId]/project/integrations/airtable/lib/airtable";
 import { cleanup, render, screen } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
 import { afterEach, describe, expect, test, vi } from "vitest";
@@ -8,7 +8,7 @@ import { AirtableWrapper } from "./AirtableWrapper";

 // Mock child components
 vi.mock(
-  "@/app/(app)/environments/[environmentId]/integrations/airtable/components/ManageIntegration",
+  "@/app/(app)/environments/[environmentId]/project/integrations/airtable/components/ManageIntegration",
  () => ({
    ManageIntegration: ({ setIsConnected }) => (
      <div data-testid="manage-integration">
@@ -28,7 +28,7 @@ vi.mock("@/modules/ui/components/connect-integration", () => ({
 }));

 // Mock library function
-vi.mock("@/app/(app)/environments/[environmentId]/integrations/airtable/lib/airtable", () => ({
+vi.mock("@/app/(app)/environments/[environmentId]/project/integrations/airtable/lib/airtable", () => ({
  authorize: vi.fn(),
 }));

--- a/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AirtableWrapper.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AirtableWrapper.tsx
@@ -1,7 +1,7 @@
 "use client";

-import { ManageIntegration } from "@/app/(app)/environments/[environmentId]/integrations/airtable/components/ManageIntegration";
-import { authorize } from "@/app/(app)/environments/[environmentId]/integrations/airtable/lib/airtable";
+import { ManageIntegration } from "@/app/(app)/environments/[environmentId]/project/integrations/airtable/components/ManageIntegration";
+import { authorize } from "@/app/(app)/environments/[environmentId]/project/integrations/airtable/lib/airtable";
 import airtableLogo from "@/images/airtableLogo.svg";
 import { ConnectIntegration } from "@/modules/ui/components/connect-integration";
 import { useState } from "react";
--- a/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/BaseSelectDropdown.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/BaseSelectDropdown.test.tsx
--- a/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/BaseSelectDropdown.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/BaseSelectDropdown.tsx
@@ -11,7 +11,7 @@ import {
 import { useTranslate } from "@tolgee/react";
 import { Control, Controller, UseFormSetValue } from "react-hook-form";
 import { TIntegrationItem } from "@formbricks/types/integration";
-import { IntegrationModalInputs } from "./AddIntegrationModal";
+import { IntegrationModalInputs } from "../lib/types";

 interface BaseSelectProps {
  control: Control<IntegrationModalInputs, any>;
--- a/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/ManageIntegration.test.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/ManageIntegration.test.tsx
@@ -1,4 +1,4 @@
-import { deleteIntegrationAction } from "@/app/(app)/environments/[environmentId]/integrations/actions";
+import { deleteIntegrationAction } from "@/app/(app)/environments/[environmentId]/project/integrations/actions";
 import { cleanup, render, screen } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
 import { afterEach, describe, expect, test, vi } from "vitest";
@@ -6,11 +6,11 @@ import { TEnvironment } from "@formbricks/types/environment";
 import { TIntegrationAirtable, TIntegrationAirtableConfig } from "@formbricks/types/integration/airtable";
 import { ManageIntegration } from "./ManageIntegration";

-vi.mock("@/app/(app)/environments/[environmentId]/integrations/actions", () => ({
+vi.mock("@/app/(app)/environments/[environmentId]/project/integrations/actions", () => ({
  deleteIntegrationAction: vi.fn(),
 }));
 vi.mock(
-  "@/app/(app)/environments/[environmentId]/integrations/airtable/components/AddIntegrationModal",
+  "@/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AddIntegrationModal",
  () => ({
    AddIntegrationModal: ({ open, setOpenWithStates }) =>
      open ? (
--- a/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/ManageIntegration.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/project/integrations/airtable/components/ManageIntegration.tsx
@@ -1,10 +1,7 @@
 "use client";

-import { deleteIntegrationAction } from "@/app/(app)/environments/[environmentId]/integrations/actions";
-import {
-  AddIntegrationModal,
-  IntegrationModalInputs,
-} from "@/app/(app)/environments/[environmentId]/integrations/airtable/components/AddIntegrationModal";
+import { deleteIntegrationAction } from "@/app/(app)/environments/[environmentId]/project/integrations/actions";
+import { AddIntegrationModal } from "@/app/(app)/environments/[environmentId]/project/integrations/airtable/components/AddIntegrationModal";
 import { timeSince } from "@/lib/time";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { Button } from "@/modules/ui/components/button";
@@ -19,6 +16,7 @@ import { TIntegrationItem } from "@formbricks/types/integration";
 import { TIntegrationAirtable } from "@formbricks/types/integration/airtable";
 import { TSurvey } from "@formbricks/types/surveys/types";
 import { TUserLocale } from "@formbricks/types/user";
+import { IntegrationModalInputs } from "../lib/types";

 interface ManageIntegrationProps {
  airtableIntegration: TIntegrationAirtable;
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Matti Nannt	d49517be91	fix(ci): backport release tag validation fix to release/4.0 (#6609 )	2025-09-26 09:41:06 +02:00
Victor Hugo dos Santos	7aedb73378	chore: backport jwt and script fix (#6607 ) Co-authored-by: Anshuman Pandey <54475686+pandeymangg@users.noreply.github.com>	2025-09-25 11:53:45 -03:00
Dhruwang Jariwala	4112722a88	fix: replace button with div in IdBadge to prevent hydration issues (backport) (#6602 )	2025-09-25 10:42:29 -03:00
Piyush Gupta	0eddeb46c1	fix: logicfallback cleanup backport (#6603 )	2025-09-25 18:49:55 +05:30
Piyush Gupta	774f45b109	chore: reverted translations	2025-09-25 18:21:51 +05:30
Piyush Gupta	3c65c002bb	chore: reverted translations	2025-09-25 18:19:28 +05:30
Piyush Gupta	65539e85df	fix: logicFallback cleanup backport	2025-09-25 17:42:55 +05:30
Anshuman Pandey	91dab12a81	fix: backports migration script changes (#6583 )	2025-09-22 15:30:36 +02:00
Matti Nannt	1c5244e030	fix: s3 storage configured flag fails on minimum setup (#6573 )	2025-09-22 09:11:58 +02:00
Dhruwang Jariwala	8b3c0f1547	fix: Backport/follow ups toast to 4.0 (#6569 )	2025-09-19 15:04:24 +02:00
Dhruwang Jariwala	07370ac765	fix: (backport) synced translations (#6567 )	2025-09-19 12:26:48 +02:00
Anshuman Pandey	0f699405bb	fix: backports the formbricks.sh script and adds the migration script (#6564 )	2025-09-19 12:25:03 +02:00
Anshuman Pandey	422f05b386	feat: support IAM role authentication for S3 storage (#6560 )	2025-09-19 15:32:30 +05:30
Dhruwang Jariwala	bdfbc4b0f6	fix: Backport/critical fixes to 4.0 (#6563 ) Co-authored-by: Johannes <johannes@formbricks.com>	2025-09-19 11:02:54 +02:00
Matti Nannt	b1828a2f27	feat: support IAM role authentication for S3 storage - Update IS_STORAGE_CONFIGURED to only require S3_REGION and S3_BUCKET_NAME - Make S3_ACCESS_KEY and S3_SECRET_KEY optional in S3 client creation - Allow AWS SDK to use IAM roles, instance profiles, and credential chains - Maintain backward compatibility with explicit credentials and MinIO - Update tests to reflect new IAM role authentication behavior BREAKING CHANGE: IS_STORAGE_CONFIGURED now returns true with only region and bucket configured	2025-09-18 12:24:58 +02:00
Matti Nannt	3ba6dd9ada	chore(backport): updated release workflow (#6557 )	2025-09-17 11:53:15 +02:00
Piyush Gupta	47c3df0466	feat: adds survey package translation files (#6539 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-09-12 12:35:37 +00:00
Victor Hugo dos Santos	935e24bd43	chore: clean-up new cache package (#6532 )	2025-09-12 11:16:13 +00:00
dependabot[bot]	3879d86f63	chore(deps-dev): bump the npm_and_yarn group across 2 directories with 1 update (#6537 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-12 12:28:36 +02:00
Matti Nannt	839144d338	chore: remove unused fields and tables from prisma schema (#6531 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-09-12 09:01:03 +00:00
Anshuman Pandey	96031822a6	feat: s3 compatible storage (#6536 ) Co-authored-by: Victor Santos <victor@formbricks.com>	2025-09-12 08:17:33 +00:00
Piyush Gupta	21c8b5d6e4	feat: adds multi language functionality to surveys package (#6527 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-09-11 13:48:08 +00:00
Matti Nannt	22d4952a40	chore: remove ios and android package from monorepo (#6533 )	2025-09-11 12:57:55 +00:00
dependabot[bot]	933723f1fe	chore(deps-dev): bump the npm_and_yarn group across 9 directories with 1 update (#6526 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-11 09:25:10 +02:00
Piyush Gupta	dd394f1d2c	chore: remove cron jobs and survey scheduling functionality (#6505 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-09-11 06:57:11 +00:00
Dhruwang Jariwala	0188aad97b	feat: nav cleanup pt. 2 (#6515 ) Co-authored-by: Johannes <johannes@formbricks.com>	2025-09-11 04:07:17 +00:00
Yuuenn	d46644fe0d	feat: add Simplified Chinese (zh-Hans-CN) translations #6511 (#6518 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-09-10 12:13:48 +00:00
Victor Hugo dos Santos	c259a61f0e	feat: unified cache (#6520 )	2025-09-10 09:59:16 +00:00
Piyush Gupta	feee22b5c3	feat: Quota management(part 1 & part 2) (#6521 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com> Co-authored-by: Dhruwang Jariwala <67850763+Dhruwang@users.noreply.github.com>	2025-09-09 13:25:05 +00:00
Dhruwang Jariwala	a5433f6748	feat: improved project and org switch (#6500 ) Co-authored-by: Johannes <johannes@formbricks.com>	2025-09-09 12:58:44 +00:00
Dhruwang Jariwala	557f14bab8	fix: requried questions being skipped (#6506 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-09-09 08:33:41 +00:00
Dhruwang Jariwala	fdba260301	fix: project styling settings issues (#6488 )	2025-09-09 08:33:28 +00:00
devin-ai-integration[bot]	764b8ec260	docs: update single use links documentation to reflect sharing modal location (#6513 ) Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: Johannes <johannes@formbricks.com>	2025-09-08 12:08:26 +00:00
Dhruwang Jariwala	ac5d1e651e	fix: untranslated string (#6512 )	2025-09-08 10:27:31 +00:00
Johannes	62ffcc8e68	docs: clarified Roles docs + added 2FA (#6507 )	2025-09-05 04:03:44 -07:00
Dhruwang Jariwala	326872a86b	fix: response data table settings modal breaking (#6501 )	2025-09-05 10:41:39 +00:00
Victor Hugo dos Santos	892b55662e	chore: conditionally enable Sentry plugin based on authentication token (#6502 )	2025-09-05 09:44:46 +00:00
Harsh Bhat	23143c8664	docs: Integrate mintlify docs with Posthog (#6487 ) Co-authored-by: Johannes <johannes@formbricks.com>	2025-09-05 07:27:21 +00:00
dependabot[bot]	4c71caf0da	chore(deps): bump the npm_and_yarn group across 2 directories with 1 update (#6491 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-05 07:50:27 +02:00
Dhruwang Jariwala	173821f846	chore: dropdown menu storybook (#6453 )	2025-09-04 05:20:38 +00:00
Matti Nannt	f139830020	fix: sentry source map upload workflow authentication (#6327 ) Co-authored-by: Victor Santos <victor@formbricks.com> Co-authored-by: Victor Hugo dos Santos <115753265+victorvhs017@users.noreply.github.com>	2025-09-02 21:57:41 +00:00
Jonathan Reimer	70979a3b5b	Add Linux Foundation health score badge to README (#6496 )	2025-09-02 18:35:14 +02:00
Matti Nannt	061fa036be	chore: add deployment options to ECR image build action (#6498 )	2025-09-02 17:54:15 +02:00
Dhruwang Jariwala	b83c0a4a5d	chore: update romanian translations (#6495 )	2025-09-02 10:58:49 +00:00
Dhruwang Jariwala	1bc0563965	fix: update action class issue (#6484 )	2025-09-02 10:44:22 +00:00
Dhruwang Jariwala	3a4e2a9f85	fix: duplicate response and contact deletion calls (#6489 )	2025-09-02 05:49:20 +00:00
Dhruwang Jariwala	bd48139a4f	chore: tag stories (#6468 )	2025-09-01 13:46:10 +00:00
Harsh Bhat	89fe82a0d6	docs: Add docs for Link settings (#6492 )	2025-09-01 13:44:06 +00:00
om pharate	65dc1fa771	fix(tooltip): wrap TooltipContent in a Portal for improved rendering (#6458 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-09-01 11:49:54 +00:00
Dhruwang Jariwala	438990bffc	chore: slider component story (#6469 )	2025-09-01 10:56:50 +00:00
Dhruwang Jariwala	7f7bc989c6	fix: data table toolbar alignment (#6486 )	2025-09-01 10:14:22 +00:00
Victor Hugo dos Santos	baa2b31bc9	fix: conditional logic build groups bug (#6476 )	2025-09-01 10:04:31 +00:00
Matti Nannt	77aecf3aad	chore: upgrade nextjs to 15.5.0 (#6454 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-09-01 09:51:17 +02:00
Dhruwang Jariwala	7c1110239b	fix: mobile preview on large screens (#6478 )	2025-08-29 08:51:40 +00:00
Dhruwang Jariwala	eeb337521b	fix: email verify survey question preview (#6474 )	2025-08-29 05:46:14 +00:00
Dhruwang Jariwala	182f674879	fix: multiple recalls in redirect url (#6467 )	2025-08-28 08:38:58 +00:00
Piyush Gupta	73c0da4b75	chore: Updates prisma to the latest version (#6457 )	2025-08-28 07:44:01 +00:00
Matti Nannt	f475b2e6d5	chore: remove deprecated scale plan from stripe subscription update (#6472 )	2025-08-27 14:38:38 +00:00
Dhruwang Jariwala	e5e8941016	chore: tweaked confirmation modal (#6471 ) Co-authored-by: Johannes <johannes@formbricks.com>	2025-08-27 13:11:23 +00:00
Anshuman Pandey	c39c9998f0	fix: surveys package rtl (#6379 ) Co-authored-by: Johannes <johannes@formbricks.com>	2025-08-27 05:52:46 +00:00
Piyush Gupta	a8c8e6f83f	feat: adds switch component stories (#6462 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-08-26 06:15:03 +00:00
Dhruwang Jariwala	8a5e9f38d7	chore: delete dialog stories (#6452 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-08-26 05:54:28 +00:00
Dhruwang Jariwala	a0740d20ea	chore: improved version comparison (#6413 )	2025-08-26 05:54:16 +00:00
Dhruwang Jariwala	71f378a494	fix: select dropdown in project create modal (#6465 )	2025-08-26 04:46:23 +00:00
Dhruwang Jariwala	4bececeb56	fix: Japanese translations (#6464 )	2025-08-25 12:06:49 +00:00
Satoshi	71c96f48d7	feat: japanese translations (#6461 )	2025-08-25 02:27:31 -07:00
Johannes	05d88a3069	docs: add API reference to Personal Links (#6463 )	2025-08-24 23:48:36 -07:00
Piyush Gupta	b6a63edc88	feat: adds line break support in open text question textarea (#6456 )	2025-08-25 05:57:04 +00:00
Matti Nannt	a3764f0316	chore: increase data migration timeout to 600s (#6455 )	2025-08-21 21:46:30 +02:00
Piyush Gupta	ec52bdf3fe	feat: adds stories for logo component (#6448 )	2025-08-20 14:57:43 +00:00
Victor Hugo dos Santos	2e9ad3ce07	fix: community PR check 6400 (#6427 ) Co-authored-by: Alex <alexander.seliakov@gmail.com>	2025-08-20 09:04:48 +00:00
Matti Nannt	654bd232d6	chore(cursor): add monorepo overview rule and refine database rule metadata (#6444 )	2025-08-20 07:29:03 +00:00
Piyush Gupta	01984cf8ca	chore: upgrades prisma to latest version (#6442 )	2025-08-19 14:40:31 +00:00
Anshuman Pandey	3eb18bb120	fix: alert message on invalid file in file upload question (#6431 )	2025-08-19 12:42:31 +00:00
Piyush Gupta	59859d0e4f	fix: organization access checks (#6441 )	2025-08-19 11:23:59 +00:00
Piyush Gupta	c60c8cb7bd	feat: adds stories for tooltip component (#6433 )	2025-08-19 07:48:46 +00:00
Matti Nannt	9fa7aef253	chore: upgrade node-alpine image to 3.22 (#6437 )	2025-08-19 07:45:46 +00:00
Piyush Gupta	a23594428a	fix: color picker in product logo (#6434 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-08-19 07:14:23 +00:00
Piyush Gupta	56e7106d6e	fix: open text number question logic evaluation (#6439 )	2025-08-19 06:03:49 +00:00
Matti Nannt	318f891540	fix: ECR workflow action failing (#6435 )	2025-08-18 16:58:30 +02:00
Piyush Gupta	a59881f9ae	feat: adds drag and drop to matrix question fields (#6386 )	2025-08-18 14:38:53 +00:00
Matti Nannt	7ab4a45ad6	feat: add ecr workflow (#6414 )	2025-08-18 15:17:14 +02:00
Matti Nannt	2990e3805f	fix: docker security scan action not uploading results (#6432 )	2025-08-18 13:54:58 +02:00
Dhruwang Jariwala	29132ab029	fix: metadata issue (#6422 ) Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>	2025-08-15 09:50:15 +00:00
Dhruwang Jariwala	f860d8d25d	fix: link preview settings tweaks (#6418 )	2025-08-14 15:48:05 +00:00
Anshuman Pandey	3501990a79	fix: syntax issue in docker release action (#6415 )	2025-08-14 12:12:42 +00:00
Piyush Gupta	41d60c8a02	chore: custom avatar removal (#6408 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-08-14 10:17:05 +00:00
Anshuman Pandey	a6269f0fd3	fix: disables share tabs when single use is active (#6410 )	2025-08-14 08:49:15 +00:00
Dhruwang Jariwala	9c0d0a16a7	fix: hover on survey close button (#6405 )	2025-08-14 08:11:15 +00:00
Piyush Gupta	c6241f7e7f	fix: Inconsistent icon - Picture select vs. question header image (#6409 )	2025-08-13 13:09:23 +00:00
Piotr Gaczkowski	92f1c2b75a	fix: make `terraform apply` work again (#6403 ) Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>	2025-08-13 12:19:18 +00:00
Dhruwang Jariwala	4d53291c8a	fix: checks and rate limiting for email verification survey action (#6406 )	2025-08-13 06:42:08 +00:00
Matti Nannt	14b7a69cea	fix: permissions in release workflow (#6399 )	2025-08-13 08:35:26 +02:00
Piyush Gupta	a9015b008d	docs: adds identifier note in saml sso docs (#6402 )	2025-08-12 11:18:44 +00:00
Dhruwang Jariwala	d19d624c0c	feat: filters for url in metadata (#6387 ) Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>	2025-08-12 09:37:12 +00:00
Matti Nannt	3edaab6c2b	fix: release workflow environment is not accessible (#6398 )	2025-08-12 10:31:05 +02:00
Dhruwang Jariwala	4786ab61e7	feat: customizable link previews (#6361 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-08-12 06:37:30 +00:00
Dhruwang Jariwala	819380d21c	chore: sonarqube label fixes (#6381 )	2025-08-11 18:22:21 +00:00
Anshuman Pandey	fd3fedb6ed	fix: fixes follow up UI when email is hidden in the contact info question (#6388 )	2025-08-11 14:48:32 +00:00
Dhruwang Jariwala	88b1e63771	chore: updated nextjs version (#6389 )	2025-08-11 13:24:35 +00:00
Piyush Gupta	3132fe74f1	chore: remove response note feature (#6390 )	2025-08-11 12:01:31 +00:00
Harsh Bhat	a27a2a67c8	chore: Change pricing form link (#6394 )	2025-08-11 05:13:43 -07:00
Piyush Gupta	4a7ace5a0a	feat: adds metadata columns in response table (#6368 )	2025-08-11 11:25:06 +00:00
Victor Hugo dos Santos	43628caa3b	feat: Add rate limiting to API V1 (#6355 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-08-11 09:10:45 +00:00
Matti Nannt	9d84bc0c8d	fix: Uncontrolled data used in path expression in storage service (#6375 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-08-11 08:37:33 +00:00
Dhruwang Jariwala	babc020085	chore: short url legacy removal (#6391 )	2025-08-11 07:55:52 +00:00
Matti Nannt	95ee83ef31	chore: remove semantic PR thank you comment to reduce PR spam (#6380 )	2025-08-11 07:24:59 +00:00
Matti Nannt	d994af2dfd	chore: Add Docker Image Vulnerability Scanning for SOC-2 Compliance (#6371 )	2025-08-08 16:42:55 +00:00
Matti Nannt	4b5b5bf59f	chore: add cursor rule for github workflows & actions (#6382 )	2025-08-08 13:30:27 +00:00
Anshuman Pandey	62166dc4b1	fix: tidying up the survey card header (#6341 ) Co-authored-by: Jakob Schott <jakob@formbricks.com> Co-authored-by: Johannes <johannes@formbricks.com> Co-authored-by: Victor Santos <victor@formbricks.com> Co-authored-by: Jakob Schott <154420406+jakobsitory@users.noreply.github.com>	2025-08-08 10:18:56 +00:00
Matti Nannt	ec6d88bf11	fix: OneLeet Code Scanning Sentry action issues (#6378 )	2025-08-08 08:06:57 +00:00
Dhruwang Jariwala	c0240d60a1	feat: romanian translations (#6369 )	2025-08-08 04:03:55 +00:00
Dhruwang Jariwala	cd2884d83e	chore: app connection info alert (#6370 ) Co-authored-by: Johannes <johannes@formbricks.com>	2025-08-07 15:57:49 +00:00
StepSecurity Bot	f7aea2e706	chore: Harden GitHub Actions (#6373 ) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>	2025-08-07 16:33:42 +02:00
Matti Nannt	e80fc2ee61	chore: remove unused github workflows/actions (#6372 )	2025-08-07 15:26:11 +02:00
Jakob Schott	9b489b0682	chore: Optimize styling for MultiLanguageCard (#6353 )	2025-08-07 10:23:25 +00:00
Jakob Schott	2ee0efa1c2	fix: dynamic width for InputCombobox (#6365 )	2025-08-06 23:52:09 -07:00
Anshuman Pandey	9ffd67262c	fix: updates tolgee key (#6367 )	2025-08-07 06:30:00 +00:00
Dhruwang Jariwala	68dc63ce0b	chore: search bar and preview on survey list page (#6349 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-08-07 04:57:28 +00:00
Piyush Gupta	f239ee9697	feat: adds `multiLanguageSurveys` and `accessControl` license features (#6331 )	2025-08-06 14:35:28 +00:00
Piyush Gupta	282b3e070c	fix: sonarqube medium vulnerability issues (#6362 )	2025-08-06 11:23:27 +00:00
Johannes	b5f0bd8f9a	fix: update wording to match actual behaviour (#6364 )	2025-08-06 03:38:47 -07:00
Piyush Gupta	3784bd6b5e	fix: Missing space in Access Control Modal (#6356 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2025-08-06 08:17:47 +00:00
Piyush Gupta	41d27c2093	fix: use full width on sidebar elements (#6357 )	2025-08-06 07:58:28 +00:00
Piyush Gupta	7400ce2e67	fix: secure cookies fix for callback URL (#6358 )	2025-08-05 17:44:13 +00:00
Piyush Gupta	355782f404	chore: sonarqube low reliability issues (#6359 )	2025-08-05 10:06:53 +00:00
Anshuman Pandey	de70e97940	fix: adds loading state to the responses download button (#6352 )	2025-08-05 04:22:22 +00:00
Dhruwang Jariwala	287c45f996	feat: surface option ids (#6339 )	2025-08-05 04:03:12 +00:00
Harsh Bhat	3b07a6d013	docs: update multi-language surveys (#6354 )	2025-08-04 10:02:31 -07:00
Jonas Höbenreich	0cc2606ec6	fix: Remove rounded-lg Class from Company Logo (#6347 )	2025-08-04 01:42:05 -07:00
Dhruwang Jariwala	0fada94b80	chore: Replace entity ids (#6317 )	2025-08-04 04:10:41 +00:00
Piyush Gupta	a59ede20c7	fix: one leet security issues (#6303 )	2025-08-01 14:35:11 +00:00
Piyush Gupta	84294f9df2	feat: adds debug logs (#6237 ) Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>	2025-08-01 11:10:21 +00:00
Johannes	855e7c78ce	docs: add quota docs (#6343 )	2025-07-31 06:25:34 -07:00
Piotr Gaczkowski	6c506d90c7	fix: Make EKS endpoint private (#6333 ) Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>	2025-07-31 13:08:18 +00:00
Piyush Gupta	53f6e02ca1	fix: XLSX security vulnerability \| Update XLSX to SheetJS (#6321 )	2025-07-31 12:12:17 +00:00
Jakob Schott	14de2eab42	feat: 733 warn users when switching survey type (#6336 ) Co-authored-by: Johannes <johannes@formbricks.com>	2025-07-31 08:30:06 +00:00
Piyush Gupta	ad1f80331a	fix: Low severity vulnerability in on-headers@1.0.2 (#6319 )	2025-07-31 06:42:03 +00:00
Piyush Gupta	3527ac337b	feat: adds response status select in filters (#6325 )	2025-07-31 06:33:11 +00:00
Victor Hugo dos Santos	23c2d3dce9	feat: Add Regex No Code Action Page Filter (#6305 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2025-07-31 05:48:12 +00:00
Anshuman Pandey	da652bd860	fix: adds proxy agent to next-auth (#6326 )	2025-07-31 05:08:33 +00:00
Harsh Bhat	6f88dde1a0	chore: SUS template (#6328 ) Co-authored-by: Johannes <johannes@formbricks.com>	2025-07-30 05:27:58 -07:00
Jakob Schott	3b90223101	style: scroll indicator update (#6310 )	2025-07-30 05:27:15 -07:00