fix coderabbit issue

Potential fix for code scanning alert no. 211: Artifact poisoning
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-12-30 10:19:51 -06:00 · 2025-04-09 11:19:30 +09:00 · 2025-03-11 13:52:52 +01:00 · 2025-03-11 13:47:47 +01:00 · 2025-03-11 13:46:07 +01:00 · 2025-03-11 13:13:14 +01:00
2407 changed files with 47255 additions and 191907 deletions
--- a/.cursor/rules/testing.mdc
+++ b/.cursor/rules/testing.mdc
@@ -1,6 +0,0 @@
 ---
 description: Whenever the user asks to write or update a test file for .tsx or .ts files.
 globs: 
 alwaysApply: false
 ---
 Use the rules in this file when writing tests [copilot-instructions.md](mdc:.github/copilot-instructions.md)
--- a/.env.example
+++ b/.env.example
@@ -25,9 +25,6 @@ NEXTAUTH_SECRET=
 # You can use: `openssl rand -hex 32` to generate a secure one
 CRON_SECRET=
 # Set the minimum log level(debug, info, warn, error, fatal)
 LOG_LEVEL=info
 ##############
 #  DATABASE  #
 ##############
@@ -42,7 +39,6 @@ DATABASE_URL='postgresql://postgres:postgres@localhost:5432/formbricks?schema=pu
 # See optional configurations below if you want to disable these features.
 MAIL_FROM=noreply@example.com
 MAIL_FROM_NAME=Formbricks
 SMTP_HOST=localhost
 SMTP_PORT=1025
 # Enable SMTP_SECURE_ENABLED for TLS (port 465)
@@ -80,9 +76,6 @@ S3_ENDPOINT_URL=
 # Force path style for S3 compatible storage (0 for disabled, 1 for enabled)
 S3_FORCE_PATH_STYLE=0
 # Set this URL to add a custom domain to your survey links(default is WEBAPP_URL)
 # SURVEY_URL=https://survey.example.com
 #####################
 # Disable Features  #
 #####################
@@ -93,15 +86,16 @@ EMAIL_VERIFICATION_DISABLED=1
 # Password Reset. If you enable Password Reset functionality you have to setup SMTP-Settings, too.
 PASSWORD_RESET_DISABLED=1
 # Signup. Disable the ability for new users to create an account.
 # Note: This variable is only available to the SaaS setup of Formbricks Cloud. Signup is disable by default for self-hosting.
 # SIGNUP_DISABLED=1
 # Email login. Disable the ability for users to login with email.
 # EMAIL_AUTH_DISABLED=1
 # Organization Invite. Disable the ability for invited users to create an account.
 # INVITE_DISABLED=1
 # Docker cron jobs. Disable the supercronic cron jobs in the Docker image (useful for cluster setups).
 # DOCKER_CRON_ENABLED=1
 ##########
 # Other  #
 ##########
@@ -113,13 +107,9 @@ IMPRINT_URL=
 IMPRINT_ADDRESS=
 # Configure Turnstile in signup flow
-# TURNSTILE_SITE_KEY=
+# NEXT_PUBLIC_TURNSTILE_SITE_KEY=
 # TURNSTILE_SECRET_KEY=
 # Google reCAPTCHA v3 keys
 RECAPTCHA_SITE_KEY=
 RECAPTCHA_SECRET_KEY=
 # Configure Github Login
 GITHUB_ID=
 GITHUB_SECRET=
@@ -154,6 +144,11 @@ NOTION_OAUTH_CLIENT_SECRET=
 STRIPE_SECRET_KEY=
 STRIPE_WEBHOOK_SECRET=
 # Configure Formbricks usage within Formbricks
 NEXT_PUBLIC_FORMBRICKS_API_HOST=
 NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID=
 NEXT_PUBLIC_FORMBRICKS_ONBOARDING_SURVEY_ID=
 # Oauth credentials for Google sheet integration
 GOOGLE_SHEETS_CLIENT_ID=
 GOOGLE_SHEETS_CLIENT_SECRET=
@@ -172,8 +167,8 @@ ENTERPRISE_LICENSE_KEY=
 # Automatically assign new users to a specific organization and role within that organization
 # Insert an existing organization id or generate a valid CUID for a new one at https://www.getuniqueid.com/cuid (e.g. cjld2cjxh0000qzrmn831i7rn)
 # (Role Management is an Enterprise feature)
-# AUTH_SSO_DEFAULT_TEAM_ID=
+# DEFAULT_ORGANIZATION_ID=
-# AUTH_SKIP_INVITE_FOR_SSO=
+# DEFAULT_ORGANIZATION_ROLE=owner
 # Send new users to Brevo
 # BREVO_API_KEY=
@@ -189,7 +184,6 @@ ENTERPRISE_LICENSE_KEY=
 UNSPLASH_ACCESS_KEY=
 # The below is used for Next Caching (uses In-Memory from Next Cache if not provided)
 # You can also add more configuration to Redis using the redis.conf file in the root directory
 # REDIS_URL=redis://localhost:6379
 # The below is used for Rate Limiting (uses In-Memory LRU Cache if not provided) (You can use a service like Webdis for this)
@@ -198,21 +192,14 @@ UNSPLASH_ACCESS_KEY=
 # The below is used for Rate Limiting for management API
 UNKEY_ROOT_KEY=
-# INTERCOM_APP_ID=
+# Disable custom cache handler if necessary (e.g. if deployed on Vercel)
-# INTERCOM_SECRET_KEY=
+# CUSTOM_CACHE_DISABLED=1
-# Enable Prometheus metrics
+# Azure AI settings
-# PROMETHEUS_ENABLED=
+# AI_AZURE_RESSOURCE_NAME=
-# PROMETHEUS_EXPORTER_PORT=
+# AI_AZURE_API_KEY=
 # AI_AZURE_EMBEDDINGS_DEPLOYMENT_ID=
 # AI_AZURE_LLM_DEPLOYMENT_ID=
-# The SENTRY_DSN is used for error tracking and performance monitoring with Sentry.
+# NEXT_PUBLIC_INTERCOM_APP_ID=
-# SENTRY_DSN=
+# INTERCOM_SECRET_KEY=
 # The SENTRY_AUTH_TOKEN variable is picked up by the Sentry Build Plugin.
 # It's used automatically by Sentry during the build for authentication when uploading source maps.
 # SENTRY_AUTH_TOKEN=
 # Configure the minimum role for user management from UI(owner, manager, disabled)
 # USER_MANAGEMENT_MINIMUM_ROLE="manager"
 # Configure the maximum age for the session in seconds. Default is 86400 (24 hours)
 # SESSION_MAX_AGE=86400
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -1,7 +1,6 @@
 name: Bug report
 description: "Found a bug? Please fill out the sections below. \U0001F44D"
 type: bug
 labels: ["bug"]
 body:
  - type: textarea
    id: issue-summary
--- a/.github/actions/cache-build-web/action.yml
+++ b/.github/actions/cache-build-web/action.yml
@@ -8,14 +8,6 @@ on:
        required: false
        default: "0"
 inputs:
  turbo_token:
    description: "Turborepo token"
    required: false
  turbo_team:
    description: "Turborepo team"
    required: false
 runs:
  using: "composite"
  steps:
@@ -49,7 +41,7 @@ runs:
      if: steps.cache-build.outputs.cache-hit != 'true'
    - name: Install pnpm
-      uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+      uses: pnpm/action-setup@v4
      if: steps.cache-build.outputs.cache-hit != 'true'
    - name: Install dependencies
@@ -65,13 +57,14 @@ runs:
      run: |
        RANDOM_KEY=$(openssl rand -hex 32)
        sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=${RANDOM_KEY}/" .env
        sed -i "s/CRON_SECRET=.*/CRON_SECRET=${RANDOM_KEY}/" .env
        sed -i "s/NEXTAUTH_SECRET=.*/NEXTAUTH_SECRET=${RANDOM_KEY}/" .env
        sed -i "s/ENTERPRISE_LICENSE_KEY=.*/ENTERPRISE_LICENSE_KEY=${RANDOM_KEY}/" .env
        echo "E2E_TESTING=${{ inputs.e2e_testing_mode }}" >> .env
      shell: bash
    - run: |
        pnpm build --filter=@formbricks/web...
      if: steps.cache-build.outputs.cache-hit != 'true'
      shell: bash
      env:
        TURBO_TOKEN: ${{ inputs.turbo_token }}
        TURBO_TEAM: ${{ inputs.turbo_team }}
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -1,32 +0,0 @@
 # Testing Instructions
 When generating test files inside the "/app/web" path, follow these rules:
 - You are an experienced senior software engineer
 - Use vitest
 - Ensure 100% code coverage
 - Add as few comments as possible
 - The test file should be located in the same folder as the original file
 - Use the `test` function instead of `it`
 - Follow the same test pattern used for other files in the package where the file is located
 - All imports should be at the top of the file, not inside individual tests
 - For mocking inside "test" blocks use "vi.mocked"
 - If the file is located in the "packages/survey" path, use "@testing-library/preact" instead of "@testing-library/react"
 - Don't mock functions that are already mocked in the "apps/web/vitestSetup.ts" file
 - When using "screen.getByText" check for the tolgee string if it is being used in the file.
 - The types for mocked variables can be found in the "packages/types" path. Be sure that every imported type exists before using it. Don't create types that are not already in the codebase.
 - When mocking data check if the properties added are part of the type of the object being mocked. Only specify known properties, don't use properties that are not part of the type.
 If it's a test for a ".tsx" file, follow these extra instructions:
 - Add this code inside the "describe" block and before any test:
 afterEach(() => {
    cleanup();
 });
 - The "afterEach" function should only have the "cleanup()" line inside it and should be adde to the "vitest" imports.
 - For click events, import userEvent from "@testing-library/user-event"
 - Mock other components that can make the text more complex and but at the same time mocking it wouldn't make the test flaky. It's ok to leave basic and simple components.
 - You don't need to mock @tolgee/react
 - Use "import "@testing-library/jest-dom/vitest";"
--- a/.github/workflows/apply-issue-labels-to-pr.yml
+++ b/.github/workflows/apply-issue-labels-to-pr.yml
@@ -5,9 +5,6 @@ on:
    types:
      - opened
 permissions:
  contents: read
 jobs:
  label_on_pr:
    runs-on: ubuntu-latest
@@ -18,13 +15,8 @@ jobs:
      pull-requests: write
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: Apply labels from linked issue to PR
-        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        uses: actions/github-script@v5
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -4,7 +4,7 @@ on:
 permissions:
  contents: read
-
+  
 jobs:
  build:
    name: Build Formbricks-web
@@ -12,12 +12,7 @@ jobs:
    timeout-minutes: 30
    steps:
-      - name: Harden the runner (Audit all outbound calls)
+      - uses: actions/checkout@v3
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: ./.github/actions/dangerous-git-checkout
      - name: Build & Cache Web Binaries
@@ -25,5 +20,3 @@ jobs:
        id: cache-build-web
        with:
          e2e_testing_mode: "0"
          turbo_token: ${{ secrets.TURBO_TOKEN }}
          turbo_team: ${{ vars.TURBO_TEAM }}
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@@ -10,30 +10,20 @@ jobs:
  chromatic:
    name: Run Chromatic
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write
      actions: read
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
-      - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+      - uses: actions/setup-node@v4
        with:
          node-version: 20
      - name: Install pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@v4
      - name: Install dependencies
        run: pnpm install --config.platform=linux --config.architecture=x64
      - name: Run Chromatic
-        uses: chromaui/action@c93e0bc3a63aa176e14a75b61a31847cbfdd341c # latest
+        uses: chromaui/action@latest
        with:
          # ⚠️ Make sure to configure a `CHROMATIC_PROJECT_TOKEN` repository secret
          projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
--- a/.github/workflows/cron-surveyStatusUpdate.yml
+++ b/.github/workflows/cron-surveyStatusUpdate.yml
@@ -0,0 +1,28 @@
 name: Cron - Survey status update
 on:
  workflow_dispatch:
  # "Scheduled workflows run on the latest commit on the default or base branch."
  # — https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#schedule
  schedule:
    # Runs "At 00:00." (see https://crontab.guru)
    - cron: "0 0 * * *"
 permissions:
  contents: read
 jobs:
  cron-weeklySummary:
    env:
      APP_URL: ${{ secrets.APP_URL }}
      CRON_SECRET: ${{ secrets.CRON_SECRET }}
    runs-on: ubuntu-latest
    steps:
      - name: cURL request
        if: ${{ env.APP_URL && env.CRON_SECRET }}
        run: |
          curl ${{ env.APP_URL }}/api/cron/survey-status \
            -X POST \
            -H 'content-type: application/json' \
            -H 'x-api-key: ${{ env.CRON_SECRET }}' \
            --fail
--- a/.github/workflows/cron-weeklySummary.yml
+++ b/.github/workflows/cron-weeklySummary.yml
@@ -0,0 +1,26 @@
 name: Cron - Weekly summary
 on:
  workflow_dispatch:
  # "Scheduled workflows run on the latest commit on the default or base branch."
  # — https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#schedule
  schedule:
    # Runs “At 08:00 on Monday.” (see https://crontab.guru)
    - cron: "0 8 * * 1"
 jobs:
  cron-weeklySummary:
    permissions:
      contents: read    
    env:
      APP_URL: ${{ secrets.APP_URL }}
      CRON_SECRET: ${{ secrets.CRON_SECRET }}
    runs-on: ubuntu-latest
    steps:
      - name: cURL request
        if: ${{ env.APP_URL && env.CRON_SECRET }}
        run: |
          curl ${{ env.APP_URL }}/api/cron/weekly-summary \
            -X POST \
            -H 'content-type: application/json' \
            -H 'x-api-key: ${{ env.CRON_SECRET }}' \
            --fail
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -1,27 +0,0 @@
 # Dependency Review Action
 #
 # This Action will scan dependency manifest files that change as part of a Pull Request,
 # surfacing known-vulnerable versions of the packages declared or updated in the PR.
 # Once installed, if the workflow run is marked as required,
 # PRs introducing known-vulnerable packages will be blocked from merging.
 #
 # Source repository: https://github.com/actions/dependency-review-action
 name: 'Dependency Review'
 on: [pull_request]
 permissions:
  contents: read
 jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: 'Checkout Repository'
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@38ecb5b593bf0eb19e335c03f97670f792489a8b # v4.7.0
--- a/.github/workflows/deploy-formbricks-cloud.yml
+++ b/.github/workflows/deploy-formbricks-cloud.yml
@@ -1,102 +0,0 @@
 name: Formbricks Cloud Deployment
 on:
  workflow_dispatch:
    inputs:
      VERSION:
        description: 'The version of the Docker image to release, full image tag if image tag is v0.0.0 enter v0.0.0.'
        required: true
        type: string
      REPOSITORY:
        description: 'The repository to use for the Docker image'
        required: false
        type: string
        default: 'ghcr.io/formbricks/formbricks'
      ENVIRONMENT:
        description: 'The environment to deploy to'
        required: true
        type: choice
        options:
          - stage
          - prod
  workflow_call:
    inputs:
      VERSION:
        description: 'The version of the Docker image to release'
        required: true
        type: string
      REPOSITORY:
        description: 'The repository to use for the Docker image'
        required: false
        type: string
        default: 'ghcr.io/formbricks/formbricks'
      ENVIRONMENT:
        description: 'The environment to deploy to'
        required: true
        type: string
 permissions:
  id-token: write
  contents: write
 jobs:
  helmfile-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4.2.2
      - name: Tailscale
        uses: tailscale/github-action@v3
        with:
          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
          tags: tag:github
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0
        with:
          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
          aws-region: "eu-central-1"
      - name: Setup Cluster Access
        run: |
          aws eks update-kubeconfig --name formbricks-prod-eks --region eu-central-1
        env:
          AWS_REGION: eu-central-1
      - uses: helmfile/helmfile-action@v2
        name: Deploy Formbricks Cloud Prod
        if: inputs.ENVIRONMENT == 'prod'
        env:
          VERSION: ${{ inputs.VERSION }}
          REPOSITORY: ${{ inputs.REPOSITORY }}
          FORMBRICKS_S3_BUCKET: ${{ secrets.FORMBRICKS_S3_BUCKET }}
          FORMBRICKS_INGRESS_CERT_ARN: ${{ secrets.FORMBRICKS_INGRESS_CERT_ARN }}
          FORMBRICKS_ROLE_ARN: ${{ secrets.FORMBRICKS_ROLE_ARN }}
        with:
          helmfile-version: 'v1.0.0'
          helm-plugins: >
            https://github.com/databus23/helm-diff,
            https://github.com/jkroepke/helm-secrets
          helmfile-args: apply -l environment=prod
          helmfile-auto-init: "false"
          helmfile-workdirectory: infra/formbricks-cloud-helm
      - uses: helmfile/helmfile-action@v2
        name: Deploy Formbricks Cloud Stage
        if: inputs.ENVIRONMENT == 'stage'
        env:
          VERSION: ${{ inputs.VERSION }}
          REPOSITORY: ${{ inputs.REPOSITORY }}
          FORMBRICKS_INGRESS_CERT_ARN: ${{ secrets.STAGE_FORMBRICKS_INGRESS_CERT_ARN }}
          FORMBRICKS_ROLE_ARN: ${{ secrets.STAGE_FORMBRICKS_ROLE_ARN }}
        with:
          helmfile-version: 'v1.0.0'
          helm-plugins: >
            https://github.com/databus23/helm-diff,
            https://github.com/jkroepke/helm-secrets
          helmfile-args: apply -l environment=stage
          helmfile-auto-init: "false"
          helmfile-workdirectory: infra/formbricks-cloud-helm
--- a/.github/workflows/docker-build-validation.yml
+++ b/.github/workflows/docker-build-validation.yml
@@ -1,167 +0,0 @@
 name: Docker Build Validation
 on:
  pull_request:
    branches:
      - main
  merge_group:
    branches:
      - main
  workflow_dispatch:
 permissions:
  contents: read
 env:
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
  TURBO_TEAM: ${{ vars.TURBO_TEAM }}
 jobs:
  validate-docker-build:
    name: Validate Docker Build
    runs-on: ubuntu-latest
    # Add PostgreSQL service container
    services:
      postgres:
        image: pgvector/pgvector:pg17
        env:
          POSTGRES_USER: test
          POSTGRES_PASSWORD: test
          POSTGRES_DB: formbricks
        ports:
          - 5432:5432
        # Health check to ensure PostgreSQL is ready before using it
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4.2.2
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build Docker Image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./apps/web/Dockerfile
          push: false
          load: true
          tags: formbricks-test:${{ github.sha }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          secrets: |
            database_url=${{ secrets.DUMMY_DATABASE_URL }}
            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
      - name: Verify PostgreSQL Connection
        run: |
          echo "Verifying PostgreSQL connection..."
          # Install PostgreSQL client to test connection
          sudo apt-get update && sudo apt-get install -y postgresql-client
          # Test connection using psql
          PGPASSWORD=test psql -h localhost -U test -d formbricks -c "\dt" || echo "Failed to connect to PostgreSQL"
          # Show network configuration
          echo "Network configuration:"
          ip addr show
          netstat -tulpn | grep 5432 || echo "No process listening on port 5432"
      - name: Test Docker Image with Health Check
        shell: bash
        run: |
          echo "🧪 Testing if the Docker image starts correctly..."
          # Add extra docker run args to support host.docker.internal on Linux
          DOCKER_RUN_ARGS="--add-host=host.docker.internal:host-gateway"
          # Start the container with host.docker.internal pointing to the host
          docker run --name formbricks-test \
            $DOCKER_RUN_ARGS \
            -p 3000:3000 \
            -e DATABASE_URL="postgresql://test:test@host.docker.internal:5432/formbricks" \
            -e ENCRYPTION_KEY="${{ secrets.DUMMY_ENCRYPTION_KEY }}" \
            -d formbricks-test:${{ github.sha }}
          # Give it more time to start up
          echo "Waiting 45 seconds for application to start..."
          sleep 45
          # Check if the container is running
          if [ "$(docker inspect -f '{{.State.Running}}' formbricks-test)" != "true" ]; then
            echo "❌ Container failed to start properly!"
            docker logs formbricks-test
            exit 1
          else
            echo "✅ Container started successfully!"
          fi
          # Try connecting to PostgreSQL from inside the container
          echo "Testing PostgreSQL connection from inside container..."
          docker exec formbricks-test sh -c 'apt-get update && apt-get install -y postgresql-client && PGPASSWORD=test psql -h host.docker.internal -U test -d formbricks -c "\dt" || echo "Failed to connect to PostgreSQL from container"'
          # Try to access the health endpoint
          echo "🏥 Testing /health endpoint..."
          MAX_RETRIES=10
          RETRY_COUNT=0
          HEALTH_CHECK_SUCCESS=false
          set +e  # Disable exit on error to allow for retries
          while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
            RETRY_COUNT=$((RETRY_COUNT + 1))
            echo "Attempt $RETRY_COUNT of $MAX_RETRIES..."
            # Show container logs before each attempt to help debugging
            if [ $RETRY_COUNT -gt 1 ]; then
              echo "📋 Current container logs:"
              docker logs --tail 20 formbricks-test
            fi
            # Get detailed curl output for debugging
            HTTP_OUTPUT=$(curl -v -s -m 30 http://localhost:3000/health 2>&1)
            CURL_EXIT_CODE=$?
            echo "Curl exit code: $CURL_EXIT_CODE"
            echo "Curl output: $HTTP_OUTPUT"
            if [ $CURL_EXIT_CODE -eq 0 ]; then
              STATUS_CODE=$(echo "$HTTP_OUTPUT" | grep -oP "HTTP/\d(\.\d)? \K\d+")
              echo "Status code detected: $STATUS_CODE"
              if [ "$STATUS_CODE" = "200" ]; then
                echo "✅ Health check successful!"
                HEALTH_CHECK_SUCCESS=true
                break
              else
                echo "❌ Health check returned non-200 status code: $STATUS_CODE"
              fi
            else
              echo "❌ Curl command failed with exit code: $CURL_EXIT_CODE"
            fi
            echo "Waiting 15 seconds before next attempt..."
            sleep 15
          done
          # Show full container logs for debugging
          echo "📋 Full container logs:"
          docker logs formbricks-test
          # Clean up the container
          echo "🧹 Cleaning up..."
          docker rm -f formbricks-test
          # Exit with failure if health check did not succeed
          if [ "$HEALTH_CHECK_SUCCESS" != "true" ]; then
            echo "❌ Health check failed after $MAX_RETRIES attempts"
            exit 1
          fi
          echo "✨ Docker validation complete - all checks passed!"
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -11,20 +11,17 @@ on:
        required: false
      PLAYWRIGHT_SERVICE_URL:
        required: false
      ENTERPRISE_LICENSE_KEY:
        required: true
      # Add other secrets if necessary
  workflow_dispatch:
 env:
  TELEMETRY_DISABLED: 1
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
  TURBO_TEAM: ${{ vars.TURBO_TEAM }}
 permissions:
  id-token: write
  contents: read
  actions: read
  checks: write
 jobs:
  build:
@@ -46,23 +43,16 @@ jobs:
          --health-timeout=5s
          --health-retries=5
    steps:
-      - name: Harden the runner (Audit all outbound calls)
+      - uses: actions/checkout@v3
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: allow
          allowed-endpoints: |
            ee.formbricks.com:443
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: ./.github/actions/dangerous-git-checkout
-      - name: Setup Node.js 22.x
+      - name: Setup Node.js 20.x
-        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
+        uses: actions/setup-node@v3
        with:
-          node-version: 22.x
+          node-version: 20.x
      - name: Install pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@v4
      - name: Install dependencies
        run: pnpm install --config.platform=linux --config.architecture=x64
@@ -78,7 +68,7 @@ jobs:
          sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=${RANDOM_KEY}/" .env
          sed -i "s/CRON_SECRET=.*/CRON_SECRET=${RANDOM_KEY}/" .env
          sed -i "s/NEXTAUTH_SECRET=.*/NEXTAUTH_SECRET=${RANDOM_KEY}/" .env
-          sed -i "s/ENTERPRISE_LICENSE_KEY=.*/ENTERPRISE_LICENSE_KEY=${{ secrets.ENTERPRISE_LICENSE_KEY }}/" .env
+          sed -i "s/ENTERPRISE_LICENSE_KEY=.*/ENTERPRISE_LICENSE_KEY=${RANDOM_KEY}/" .env
          echo "" >> .env
          echo "E2E_TESTING=1" >> .env
        shell: bash
@@ -92,18 +82,8 @@ jobs:
          # pnpm prisma migrate deploy
          pnpm db:migrate:dev
      - name: Check for Enterprise License
        run: |
          LICENSE_KEY=$(grep '^ENTERPRISE_LICENSE_KEY=' .env | cut -d'=' -f2-)
          if [ -z "$LICENSE_KEY" ]; then
            echo "::error::ENTERPRISE_LICENSE_KEY in .env is empty. Please check your secret configuration."
            exit 1
          fi
          echo "License key length: ${#LICENSE_KEY}"
      - name: Run App
        run: |
          echo "Starting app with enterprise license..."
          NODE_ENV=test pnpm start --filter=@formbricks/web | tee app.log 2>&1 &
          sleep 10  # Optional: gives some buffer for the app to start
          for attempt in {1..10}; do
@@ -132,7 +112,7 @@ jobs:
      - name: Azure login
        if: env.AZURE_ENABLED == 'true'
-        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
+        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -150,14 +130,14 @@ jobs:
        run: |
          pnpm test:e2e
-      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+      - uses: actions/upload-artifact@v4
        if: always()
        with:
          name: playwright-report
          path: playwright-report/
          retention-days: 30
-      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+      - uses: actions/upload-artifact@v4
        if: failure()
        with:
          name: app-logs
--- a/.github/workflows/formbricks-release.yml
+++ b/.github/workflows/formbricks-release.yml
@@ -1,34 +0,0 @@
 name: Build, release & deploy Formbricks images
 on:
  workflow_dispatch:
  push:
    tags:
      - "v*"
 jobs:
  docker-build:
    name: Build & release stable docker image
    if: startsWith(github.ref, 'refs/tags/v')
    uses: ./.github/workflows/release-docker-github.yml
    secrets: inherit
  helm-chart-release:
    name: Release Helm Chart
    uses: ./.github/workflows/release-helm-chart.yml
    secrets: inherit
    needs:
      - docker-build
    with:
      VERSION: ${{ needs.docker-build.outputs.VERSION }}
  deploy-formbricks-cloud:
    name: Deploy Helm Chart to Formbricks Cloud
    secrets: inherit
    uses: ./.github/workflows/deploy-formbricks-cloud.yml
    needs:
      - docker-build
      - helm-chart-release
    with:
      VERSION: v${{ needs.docker-build.outputs.VERSION }}
      ENVIRONMENT: "prod"
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -0,0 +1,19 @@
 name: "Pull Request Labeler"
 on:
  - pull_request_target
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true
 jobs:
  labeler:
    name: Pull Request Labeler
    permissions:
      contents: read
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/labeler@v4
        with:
          repo-token: "${{ secrets.GITHUB_TOKEN }}"
          # https://github.com/actions/labeler/issues/442#issuecomment-1297359481
          sync-labels: ""
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -12,11 +12,6 @@ jobs:
    timeout-minutes: 15
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      - uses: ./.github/actions/dangerous-git-checkout
@@ -26,7 +21,7 @@ jobs:
          node-version: 20.x
      - name: Install pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2
      - name: Install dependencies
        run: pnpm install --config.platform=linux --config.architecture=x64
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -50,10 +50,6 @@ jobs:
      checks: write
      statuses: write
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0
        with:
          egress-policy: audit
      - name: fail if conditional jobs failed
        if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'skipped') || contains(needs.*.result, 'cancelled')
        run: exit 1
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -0,0 +1,62 @@
 name: Prepare release
 run-name: Prepare release ${{ inputs.next_version }}
 on:
  workflow_dispatch:
    inputs:
      next_version:
        required: true
        type: string
        description: "Version name"
 permissions:
  contents: write
  pull-requests: write
 jobs:
  prepare_release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      - uses: ./.github/actions/dangerous-git-checkout
      - name: Configure git
        run: |
          git config --local user.email "github-actions@github.com"
          git config --local user.name "GitHub Actions"
      - name: Setup Node.js 20.x
        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
        with:
          node-version: 20.x
      - name: Install pnpm
        uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2
      - name: Install dependencies
        run: pnpm install --config.platform=linux --config.architecture=x64
      - name: Bump version
        run: |
          cd apps/web
          pnpm version ${{ inputs.next_version }} --no-workspaces-update
      - name: Commit changes and create a branch
        run: |
          branch_name="release-v${{ inputs.next_version }}"
          git checkout -b "$branch_name"
          git add .
          git commit -m "chore: release v${{ inputs.next_version }}"
          git push origin "$branch_name"
      - name: Create pull request
        run: |
          gh pr create \
            --base main \
            --head "release-v${{ inputs.next_version }}" \
            --title "chore: bump version to v${{ inputs.next_version }}" \
            --body "This PR contains the changes for the v${{ inputs.next_version }} release."
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/release-changesets.yml
+++ b/.github/workflows/release-changesets.yml
@@ -0,0 +1,51 @@
 name: Release Changesets
 on:
  workflow_dispatch:
  #push:
  #  branches:
  #    - main
 permissions:
  contents: write
  pull-requests: write
  packages: write
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 env:
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
  TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
 jobs:
  release:
    name: Release
    runs-on: ubuntu-latest
    timeout-minutes: 15
    env:
      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
      TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
    steps:
      - name: Checkout Repo
        uses: actions/checkout@v2
      - name: Setup Node.js 18.x
        uses: actions/setup-node@v2
        with:
          node-version: 18.x
      - name: Install pnpm
        uses: pnpm/action-setup@v2.2.4
      - name: Install Dependencies
        run: pnpm install --config.platform=linux --config.architecture=x64
      - name: Create Release Pull Request or Publish to npm
        id: changesets
        uses: changesets/action@v1
        with:
          # This expects you to have a script called release which does a build for your packages and calls changeset publish
          publish: pnpm release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
--- a/.github/workflows/release-docker-github-experimental.yml
+++ b/.github/workflows/release-docker-github-experimental.yml
@@ -15,9 +15,7 @@ env:
  IMAGE_NAME: ${{ github.repository }}-experimental
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
  TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
-
+  DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
 permissions:
  contents: read
 jobs:
  build:
@@ -30,28 +28,23 @@ jobs:
      id-token: write
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v3
      - name: Set up Depot CLI
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
+        uses: depot/setup-action@v1
      # Install the cosign tool except on PR
      # https://github.com/sigstore/cosign-installer
      - name: Install cosign
        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
+        uses: sigstore/cosign-installer@v3.5.0
      # Login against a Docker registry except on PR
      # https://github.com/docker/login-action
      - name: Log into registry ${{ env.REGISTRY }}
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3 # v3.0.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
@@ -61,7 +54,7 @@ jobs:
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@v5 # v5.0.0
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@@ -69,7 +62,7 @@ jobs:
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        id: build-and-push
-        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
+        uses: depot/build-push-action@v1
        with:
          project: tw0fqmsx3c
          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
@@ -79,9 +72,8 @@ jobs:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
-          secrets: |
+          cache-from: type=gha
-            database_url=${{ secrets.DUMMY_DATABASE_URL }}
+          cache-to: type=gha,mode=max
            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
      # Sign the resulting Docker image digest except on PRs.
      # This will only write to the public Rekor transparency log when the Docker
--- a/.github/workflows/release-docker-github.yml
+++ b/.github/workflows/release-docker-github.yml
@@ -6,11 +6,10 @@ name: Docker Release to Github
 # documentation.
 on:
-  workflow_call:
+  workflow_dispatch:
-    outputs:
+  push:
-      VERSION:
+    tags:
-        description: release version
+      - "v*"
        value: ${{ jobs.build.outputs.VERSION }}
 env:
  # Use docker.io for Docker Hub if empty
@@ -19,6 +18,7 @@ env:
  IMAGE_NAME: ${{ github.repository }}
  TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
  TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
  DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
 jobs:
  build:
@@ -26,49 +26,28 @@ jobs:
    permissions:
      contents: read
      packages: write
      id-token: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
-
+      id-token: write
    outputs:
      VERSION: ${{ steps.extract_release_tag.outputs.VERSION }}
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v3
      - name: Get Release Tag
        id: extract_release_tag
        run: |
          TAG=${{ github.ref }}
          TAG=${TAG#refs/tags/v}
          echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV
          echo "VERSION=$TAG" >> $GITHUB_OUTPUT
      - name: Update package.json version
        run: |
          sed -i "s/\"version\": \"0.0.0\"/\"version\": \"${{ env.RELEASE_TAG }}\"/" ./apps/web/package.json
          cat ./apps/web/package.json | grep version
      - name: Set up Depot CLI
-        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
+        uses: depot/setup-action@v1
      # Install the cosign tool except on PR
      # https://github.com/sigstore/cosign-installer
      - name: Install cosign
        if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@3454372f43399081ed03b604cb2d021dabca52bb # v3.8.2
+        uses: sigstore/cosign-installer@v3.5.0
      # Login against a Docker registry except on PR
      # https://github.com/docker/login-action
      - name: Log into registry ${{ env.REGISTRY }}
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3 # v3.0.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
@@ -78,7 +57,7 @@ jobs:
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@v5 # v5.0.0
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
@@ -86,7 +65,7 @@ jobs:
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        id: build-and-push
-        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
+        uses: depot/build-push-action@v1
        with:
          project: tw0fqmsx3c
          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
@@ -96,9 +75,8 @@ jobs:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
-          secrets: |
+          cache-from: type=gha
-            database_url=${{ secrets.DUMMY_DATABASE_URL }}
+          cache-to: type=gha,mode=max
            encryption_key=${{ secrets.DUMMY_ENCRYPTION_KEY }}
      # Sign the resulting Docker image digest except on PRs.
      # This will only write to the public Rekor transparency log when the Docker
--- a/.github/workflows/release-docker.yml
+++ b/.github/workflows/release-docker.yml
@@ -0,0 +1,46 @@
 name: Release on Dockerhub
 on:
  push:
    tags:
      - "v*"
 jobs:
  release-image-on-dockerhub:
    name: Release on Dockerhub
    permissions:
      contents: read
    runs-on: ubuntu-latest
    env:
      TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
      TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
      DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
    steps:
      - name: Checkout Repo
        uses: actions/checkout@v2
      - name: Log in to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: Get Release Tag
        id: extract_release_tag
        run: |
          TAG=${{ github.ref }}
          TAG=${TAG#refs/tags/v}
          echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV
      - name: Build and push Docker image
        uses: docker/build-push-action@v4
        with:
          context: .
          file: ./apps/web/Dockerfile
          push: true
          tags: |
            ${{ secrets.DOCKER_USERNAME }}/formbricks:${{ env.RELEASE_TAG }}
            ${{ secrets.DOCKER_USERNAME }}/formbricks:latest
--- a/.github/workflows/release-helm-chart.yml
+++ b/.github/workflows/release-helm-chart.yml
@@ -1,54 +0,0 @@
 name: Publish Helm Chart
 on:
  workflow_call:
    inputs:
      VERSION:
        description: "The version of the Helm chart to release"
        required: true
        type: string
 permissions:
  contents: read
 jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      packages: write
      contents: read
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: Checkout repository
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Extract release version
        run: echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
      - name: Set up Helm
        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
        with:
          version: latest
      - name: Log in to GitHub Container Registry
        run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin
      - name: Install YQ
        uses: dcarbone/install-yq-action@4075b4dca348d74bd83f2bf82d30f25d7c54539b # v1.3.1
      - name: Update Chart.yaml with new version
        run: |
          yq -i ".version = \"${{ inputs.VERSION }}\"" helm-chart/Chart.yaml
          yq -i ".appVersion = \"v${{ inputs.VERSION }}\"" helm-chart/Chart.yaml
      - name: Package Helm chart
        run: |
          helm package ./helm-chart
      - name: Push Helm chart to GitHub Container Registry
        run: |
          helm push formbricks-${{ inputs.VERSION }}.tgz oci://ghcr.io/formbricks/helm-charts
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -34,13 +34,8 @@ jobs:
      # actions: read
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: "Checkout code"
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
        with:
          persist-credentials: false
@@ -76,6 +71,6 @@ jobs:
      # Upload the results to GitHub's code scanning dashboard (optional).
      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
+        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif
--- a/.github/workflows/semantic-pull-requests.yml
+++ b/.github/workflows/semantic-pull-requests.yml
@@ -16,12 +16,7 @@ jobs:
    name: PR title
    runs-on: ubuntu-latest
    steps:
-      - name: Harden the runner (Audit all outbound calls)
+      - uses: amannn/action-semantic-pull-request@v5
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
        id: lint_pr_title
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -40,7 +35,7 @@ jobs:
            revert
            ossgg
-      - uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2
+      - uses: marocchino/sticky-pull-request-comment@v2
        # When the previous steps fails, the workflow would stop. By adding this
        # condition you can continue the execution with the populated error message.
        if: always() && (steps.lint_pr_title.outputs.error_message != null)
@@ -59,7 +54,7 @@ jobs:
      # Delete a previous comment when the issue has been resolved
      - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
-        uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2
+        uses: marocchino/sticky-pull-request-comment@v2
        with:
          header: pr-title-lint-error
          message: |
--- a/.github/workflows/sonarqube-report.yml
+++ b/.github/workflows/sonarqube-report.yml
@@ -0,0 +1,134 @@
 name: SonarQube Report
 on:
  workflow_dispatch:
  push:
    branches:
      - main
  workflow_run:
    workflows: ["SonarQube Analysis"]
    types:
      - completed
 permissions:
  # Needed to download artifacts from previous workflow
  actions: read
  contents: read
 jobs:
  report:
    name: SonarCloud Report
    runs-on: ubuntu-latest
    # Only run if the previous workflow was successful
    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      # Download artifacts only for workflow_run events
      - name: Create temporary directory for artifacts
        if: ${{ github.event_name == 'workflow_run' }}
        run: mkdir -p ${{ runner.temp }}/artifacts/
      - name: Download analysis package
        if: ${{ github.event_name == 'workflow_run' }}
        uses: actions/github-script@v7
        with:
          script: |
            const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
              owner: context.repo.owner,
              repo: context.repo.repo,
              run_id: ${{ github.event.workflow_run.id }}
            })
            const matchArtifact = artifacts.data.artifacts.find((artifact) => {
              return artifact.name == "sonarqube-analysis"
            })
            if (!matchArtifact) {
              throw new Error('No SonarQube analysis artifact found')
            }
            const download = await github.rest.actions.downloadArtifact({
              owner: context.repo.owner,
              repo: context.repo.repo,
              artifact_id: matchArtifact.id,
              archive_format: 'zip'
            })
            const fs = require('fs')
            const path = require('path')
            const tempDir = process.env.RUNNER_TEMP
            const artifactPath = path.join(tempDir, 'artifacts', 'sonarqube-analysis.zip')
            fs.writeFileSync(artifactPath, Buffer.from(download.data))
      # Extract the analysis package
      - name: Extract analysis package
        if: ${{ github.event_name == 'workflow_run' }}
        run: |
          unzip -q ${{ runner.temp }}/artifacts/sonarqube-analysis.zip -d ${{ runner.temp }}/artifacts/
          tar -xzf ${{ runner.temp }}/artifacts/sonarqube-analysis.tar.gz -C ${{ runner.temp }}/artifacts/
      # For direct push to main or manual runs, set up environment and run tests
      - name: Setup Node.js 20.x
        if: ${{ github.event_name != 'workflow_run' }}
        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
        with:
          node-version: 20.x
      - name: Install pnpm
        if: ${{ github.event_name != 'workflow_run' }}
        uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2
      - name: Install dependencies
        if: ${{ github.event_name != 'workflow_run' }}
        run: pnpm install --config.platform=linux --config.architecture=x64
      - name: Create .env
        if: ${{ github.event_name != 'workflow_run' }}
        run: cp .env.example .env
      - name: Generate Random ENCRYPTION_KEY, CRON_SECRET & NEXTAUTH_SECRET and fill in .env
        if: ${{ github.event_name != 'workflow_run' }}
        run: |
          RANDOM_KEY=$(openssl rand -hex 32)
          sed -i "s/ENCRYPTION_KEY=.*/ENCRYPTION_KEY=${RANDOM_KEY}/" .env
          sed -i "s/CRON_SECRET=.*/CRON_SECRET=${RANDOM_KEY}/" .env
          sed -i "s/NEXTAUTH_SECRET=.*/NEXTAUTH_SECRET=${RANDOM_KEY}/" .env
      - name: Run tests with coverage
        if: ${{ github.event_name != 'workflow_run' }}
        run: |
          # Verify repository integrity before running tests
          git -c protocol.version=2 fetch --no-tags --prune --progress --no-recurse-submodules --depth=1 origin ${{ github.sha }}
          git checkout --progress --force ${{ github.sha }}
          # Verify that only expected files exist in the test directory
          echo "Verifying test directory integrity..."
          UNEXPECTED_FILES=$(find apps/web -type f -not -path "*/node_modules/*" -not -path "*/\.*" -not -path "*/coverage/*" | grep -v -E '\.tsx?$|\.jsx?$|package\.json|tsconfig\.json|\.html$|\.css$|\.svg$')
          if [ -n "$UNEXPECTED_FILES" ]; then
            echo "Warning: Unexpected files detected in apps/web directory:"
            echo "$UNEXPECTED_FILES"
            exit 1
          fi
          # Run tests in a more restricted environment
          cd apps/web
          NODE_OPTIONS="--max-old-space-size=4096 --max-http-header-size=8192" pnpm test:coverage
          cd ../../
          # The Vitest coverage config is in your vite.config.mts
      # Run SonarQube scan
      - name: SonarQube Scan
        uses: SonarSource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL || 'https://sonarcloud.io' }}
      # Optional: Get the Quality Gate status
      - name: SonarQube Quality Gate check
        id: sonarqube-quality-gate-check
        uses: sonarsource/sonarqube-quality-gate-action@master
        # Force the job to fail if Quality Gate fails
        # timeout-minutes: 5
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL || 'https://sonarcloud.io' }}
--- a/.github/workflows/sonarqube.yml
+++ b/.github/workflows/sonarqube.yml
@@ -1,40 +1,33 @@
-name: SonarQube
+name: SonarQube Analysis
 on:
  workflow_dispatch:
  push:
    branches:
      - main
  pull_request:
    types: [opened, synchronize, reopened]
  merge_group:
 permissions:
  contents: read
 jobs:
-  sonarqube:
+  analyze:
-    name: SonarQube
+    name: Analyze
    runs-on: ubuntu-latest
    steps:
-      - name: Harden the runner (Audit all outbound calls)
+      - name: Checkout code
-        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        uses: actions/checkout@v4
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
-      - name: Setup Node.js 22.x
+      - name: Setup Node.js 20.x
        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
        with:
-          node-version: 22.x
+          node-version: 20.x
      - name: Install pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2
      - name: Install dependencies
        run: pnpm install --config.platform=linux --config.architecture=x64
-      - name: create .env
+      - name: Create .env
        run: cp .env.example .env
      - name: Generate Random ENCRYPTION_KEY, CRON_SECRET & NEXTAUTH_SECRET and fill in .env
@@ -46,9 +39,53 @@ jobs:
      - name: Run tests with coverage
        run: |
          cd apps/web
          pnpm test:coverage
-      - name: SonarQube Scan
+          cd ../../
-        uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf
+          # The Vitest coverage config is in your vite.config.mts
-        env:
+
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
+      - name: Prepare SonarQube scan info
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        id: sonarqube-prep
        # We'll collect info about the PR without running the actual scan
        run: |
          echo "PR_NUMBER=${{ github.event.pull_request.number || 'main' }}" >> $GITHUB_OUTPUT
          echo "PR_SOURCE=${{ github.event.pull_request.head.repo.full_name || github.repository }}" >> $GITHUB_OUTPUT
          echo "PR_BRANCH=${{ github.event.pull_request.head.ref || github.ref_name }}" >> $GITHUB_OUTPUT
          echo "PR_BASE=${{ github.event.pull_request.base.ref || '' }}" >> $GITHUB_OUTPUT
      # Create analysis properties file
      - name: Generate sonar-scanner properties
        run: |
          {
            echo "sonar.projectKey=${{ github.repository_owner }}_formbricks"
            echo "sonar.organization=${{ github.repository_owner }}-github"
            # If this is a PR, add PR specific properties
            if [[ ! -z "${{ steps.sonarqube-prep.outputs.PR_NUMBER }}" && "${{ steps.sonarqube-prep.outputs.PR_NUMBER }}" != "main" ]]; then
              echo "sonar.pullrequest.key=${{ steps.sonarqube-prep.outputs.PR_NUMBER }}"
              echo "sonar.pullrequest.branch=${{ steps.sonarqube-prep.outputs.PR_BRANCH }}"
              echo "sonar.pullrequest.base=${{ steps.sonarqube-prep.outputs.PR_BASE }}"
            else
              echo "sonar.branch.name=${{ github.ref_name }}"
            fi
          } > sonar-scanner.properties
      # Prepare the project for analysis and save all necessary files
      - name: Package project for SonarQube analysis
        run: |
          # Create a tar file containing all necessary files
          tar -czf sonarqube-analysis.tar.gz \
            --exclude=node_modules \
            --exclude=.git \
            sonar-scanner.properties \
            sonar-project.properties \
            apps/web/coverage \
            $(find . -type f -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.jsx")
      # Upload the packaged project as an artifact
      - name: Upload SonarQube analysis package
        uses: actions/upload-artifact@v4
        with:
          name: sonarqube-analysis
          path: sonarqube-analysis.tar.gz
          retention-days: 1
--- a/.github/workflows/terraform-plan-and-apply.yml
+++ b/.github/workflows/terraform-plan-and-apply.yml
@@ -1,84 +0,0 @@
 name: "Terraform"
 on:
  workflow_dispatch:
  # TODO: enable it back when migration is completed.
  push:
    branches:
      - main
    paths:
      - "infra/terraform/**"
  pull_request:
    branches:
      - main
    paths:
      - "infra/terraform/**"
 jobs:
  terraform:
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
      pull-requests: write
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Tailscale
        uses: tailscale/github-action@v3
        with:
          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
          tags: tag:github
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@f24d7193d98baebaeacc7e2227925dd47cc267f5 # v4.2.0
        with:
          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
          aws-region: "eu-central-1"
      - name: Setup Terraform
        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
      - name: Terraform Format
        id: fmt
        run: terraform fmt -check -recursive
        continue-on-error: true
        working-directory: infra/terraform
      - name: Terraform Init
        id: init
        run: terraform init
        working-directory: infra/terraform
      - name: Terraform Validate
        id: validate
        run: terraform validate
        working-directory: infra/terraform
      - name: Terraform Plan
        id: plan
        run: terraform plan -out .planfile
        working-directory: infra/terraform
      - name: Post PR comment
        uses: borchero/terraform-plan-comment@434458316f8f24dd073cd2561c436cce41dc8f34 # v2.4.1
        if: always() && github.ref != 'refs/heads/main' && (steps.plan.outcome == 'success' || steps.plan.outcome == 'failure')
        with:
          token: ${{ github.token }}
          planfile: .planfile
          working-directory: "infra/terraform"
      - name: Terraform Apply
        id: apply
        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
        run: terraform apply .planfile
        working-directory: "infra/terraform"
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,9 +1,6 @@
 name: Tests
 on:
  workflow_call:
 permissions:
  contents: read
 jobs:
  build:
    name: Unit Tests
@@ -13,21 +10,16 @@ jobs:
      contents: read
    steps:
-      - name: Harden the runner (Audit all outbound calls)
+      - uses: actions/checkout@v3
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: ./.github/actions/dangerous-git-checkout
      - name: Setup Node.js 20.x
-        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
+        uses: actions/setup-node@v3
        with:
          node-version: 20.x
      - name: Install pnpm
-        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
+        uses: pnpm/action-setup@v4
      - name: Install dependencies
        run: pnpm install --config.platform=linux --config.architecture=x64
--- a/.github/workflows/tolgee-missing-key-check.yml
+++ b/.github/workflows/tolgee-missing-key-check.yml
@@ -12,23 +12,18 @@ jobs:
  check-missing-translations:
    runs-on: ubuntu-latest
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.base.ref }}
      - name: Checkout PR
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}
      - name: Setup Node.js
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@v4
        with:
          node-version: 18
--- a/.github/workflows/tolgee.yml
+++ b/.github/workflows/tolgee.yml
@@ -15,13 +15,8 @@ jobs:
    if: github.event.pull_request.merged == true
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # This ensures we get the full git history
@@ -41,7 +36,7 @@ jobs:
          echo "Detected source branch: $SOURCE_BRANCH"
      - name: Setup Node.js
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: actions/setup-node@v4
        with:
          node-version: 18 # Ensure compatibility with your project
@@ -56,6 +51,7 @@ jobs:
            --filter-tag "draft:${SOURCE_BRANCH}" \
            --tag production \
            --untag "draft:${SOURCE_BRANCH}"
            --verbose
      - name: Tag unused production keys as Deprecated
        run: |
@@ -63,6 +59,7 @@ jobs:
            --api-key ${{ secrets.TOLGEE_API_KEY }} \
            --filter-not-extracted --filter-tag production \
            --tag deprecated --untag production
            --verbose
      - name: Tag unused draft:current-branch keys as Deprecated
        run: |
@@ -70,6 +67,7 @@ jobs:
            --api-key ${{ secrets.TOLGEE_API_KEY }} \
            --filter-not-extracted --filter-tag "draft:${SOURCE_BRANCH}" \
            --tag deprecated --untag "draft:${SOURCE_BRANCH}"
            --verbose
      - name: Sync with backup
        run: |
@@ -80,7 +78,7 @@ jobs:
            --yes
      - name: Upload backup as artifact
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@v4
        with:
          name: tolgee-backup-${{ github.sha }}
          path: ./tolgee-backup
--- a/.github/workflows/welcome-new-contributors.yml
+++ b/.github/workflows/welcome-new-contributors.yml
@@ -17,12 +17,7 @@ jobs:
    timeout-minutes: 10
    if: github.event.action == 'opened'
    steps:
-      - name: Harden the runner (Audit all outbound calls)
+      - uses: actions/first-interaction@v1
        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
        with:
          egress-policy: audit
      - uses: actions/first-interaction@3c71ce730280171fd1cfb57c00c774f8998586f7 # v1
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          pr-message: |-
--- a/.gitignore
+++ b/.gitignore
@@ -55,21 +55,3 @@ apps/web/public/js
 packages/database/migrations
 branch.json
 .vercel
 # Terraform
 infra/terraform/.terraform/
 **/.terraform.lock.hcl
 **/terraform.tfstate
 **/terraform.tfstate.*
 **/crash.log
 **/override.tf
 **/override.tf.json
 **/*.tfvars
 **/*.tfvars.json
 **/.terraformrc
 **/terraform.rc
 # IntelliJ IDEA
 /.idea/
 /*.iml
 packages/ios/FormbricksSDK/FormbricksSDK.xcodeproj/project.xcworkspace/xcuserdata
--- a/.gitpod/init.bash
+++ b/.gitpod/init.bash
@@ -1,6 +1,6 @@
 #!/bin/bash
-images=($(yq eval '.services.*.image' docker-compose.dev.yml))
+images=($(yq eval '.services.*.image' packages/database/docker-compose.yml))
 pull_image() {
  docker pull "$1"
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -16,6 +16,6 @@ if [ -f branch.json ]; then
    echo "Skipping tolgee-pull: NEXT_PUBLIC_TOLGEE_API_KEY is not set"
  else
    pnpm run tolgee-pull
-    git add apps/web/locales
+    git add packages/lib/messages
  fi
 fi
--- a/.tolgeerc.json
+++ b/.tolgeerc.json
@@ -4,33 +4,33 @@
  "patterns": ["./apps/web/**/*.ts?(x)"],
  "projectId": 10304,
  "pull": {
-    "path": "./apps/web/locales"
+    "path": "./packages/lib/messages"
  },
  "push": {
    "files": [
      {
        "language": "en-US",
-        "path": "./apps/web/locales/en-US.json"
+        "path": "./packages/lib/messages/en-US.json"
      },
      {
        "language": "de-DE",
-        "path": "./apps/web/locales/de-DE.json"
+        "path": "./packages/lib/messages/de-DE.json"
      },
      {
        "language": "fr-FR",
-        "path": "./apps/web/locales/fr-FR.json"
+        "path": "./packages/lib/messages/fr-FR.json"
      },
      {
        "language": "pt-BR",
-        "path": "./apps/web/locales/pt-BR.json"
+        "path": "./packages/lib/messages/pt-BR.json"
      },
      {
        "language": "zh-Hant-TW",
-        "path": "./apps/web/locales/zh-Hant-TW.json"
+        "path": "./packages/lib/messages/zh-Hant-TW.json"
      },
      {
        "language": "pt-PT",
-        "path": "./apps/web/locales/pt-PT.json"
+        "path": "./packages/lib/messages/pt-PT.json"
      }
    ],
    "forceMode": "OVERRIDE"
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,10 +1,4 @@
 {
  "javascript.updateImportsOnFileMove.enabled": "always",
  "sonarlint.connectedMode.project": {
    "connectionId": "formbricks",
    "projectKey": "formbricks_formbricks"
  },
  "typescript.preferences.importModuleSpecifier": "non-relative",
-  "typescript.tsdk": "node_modules/typescript/lib",
+  "typescript.tsdk": "node_modules/typescript/lib"
  "typescript.updateImportsOnFileMove.enabled": "always"
 }
--- a/2
+++ b/2
@@ -3,7 +3,7 @@ Copyright (c) 2024 Formbricks GmbH
 Portions of this software are licensed as follows:
 - All content that resides under the "apps/web/modules/ee" directory of this repository, if these directories exist, is licensed under the license defined in "apps/web/modules/ee/LICENSE".
- All content that resides under the "packages/js/", "packages/android/", "packages/ios/" and "packages/api/" directories of this repository, if that directories exist, is licensed under the "MIT" license as defined in the "LICENSE" files of these packages.
+- All content that resides under the "packages/js/", "packages/react-native/", "packages/android/", "packages/ios/" and "packages/api/" directories of this repository, if that directories exist, is licensed under the "MIT" license as defined in the "LICENSE" files of these packages.
 - All third party components incorporated into the Formbricks Software are licensed under the original license provided by the owner of the applicable component.
 - Content outside of the above mentioned directories or restrictions above is available under the "AGPLv3" license as defined below.
--- a/apps/demo-react-native/.env.example
+++ b/apps/demo-react-native/.env.example
@@ -0,0 +1,2 @@
 EXPO_PUBLIC_APP_URL=http://192.168.0.197:3000
 EXPO_PUBLIC_FORMBRICKS_ENVIRONMENT_ID=cm5p0cs7r000819182b32j0a1
--- a/apps/demo-react-native/.eslintrc.js
+++ b/apps/demo-react-native/.eslintrc.js
@@ -0,0 +1,7 @@
 module.exports = {
  extends: ["@formbricks/eslint-config/react.js"],
  parserOptions: {
    project: "tsconfig.json",
    tsconfigRootDir: __dirname,
  },
 };
--- a/apps/demo-react-native/.gitignore
+++ b/apps/demo-react-native/.gitignore
@@ -0,0 +1,35 @@
 # Learn more https://docs.github.com/en/get-started/getting-started-with-git/ignoring-files
 # dependencies
 node_modules/
 # Expo
 .expo/
 dist/
 web-build/
 # Native
 *.orig.*
 *.jks
 *.p8
 *.p12
 *.key
 *.mobileprovision
 # Metro
 .metro-health-check*
 # debug
 npm-debug.*
 yarn-debug.*
 yarn-error.*
 # macOS
 .DS_Store
 *.pem
 # local env files
 .env*.local
 # typescript
 *.tsbuildinfo
--- a/apps/demo-react-native/.npmrc
+++ b/apps/demo-react-native/.npmrc
--- a/apps/demo-react-native/app.json
+++ b/apps/demo-react-native/app.json
@@ -0,0 +1,35 @@
 {
  "expo": {
    "android": {
      "adaptiveIcon": {
        "backgroundColor": "#ffffff",
        "foregroundImage": "./assets/adaptive-icon.png"
      }
    },
    "assetBundlePatterns": ["**/*"],
    "icon": "./assets/icon.png",
    "ios": {
      "infoPlist": {
        "NSCameraUsageDescription": "Take pictures for certain activities.",
        "NSMicrophoneUsageDescription": "Need microphone access for recording videos.",
        "NSPhotoLibraryUsageDescription": "Select pictures for certain activities."
      },
      "supportsTablet": true
    },
    "jsEngine": "hermes",
    "name": "react-native-demo",
    "newArchEnabled": true,
    "orientation": "portrait",
    "slug": "react-native-demo",
    "splash": {
      "backgroundColor": "#ffffff",
      "image": "./assets/splash.png",
      "resizeMode": "contain"
    },
    "userInterfaceStyle": "light",
    "version": "1.0.0",
    "web": {
      "favicon": "./assets/favicon.png"
    }
  }
 }
--- a/apps/demo-react-native/assets/adaptive-icon.png
+++ b/apps/demo-react-native/assets/adaptive-icon.png
--- a/apps/demo-react-native/assets/favicon.png
+++ b/apps/demo-react-native/assets/favicon.png
--- a/apps/demo-react-native/assets/icon.png
+++ b/apps/demo-react-native/assets/icon.png
--- a/apps/demo-react-native/assets/splash.png
+++ b/apps/demo-react-native/assets/splash.png
--- a/apps/demo-react-native/babel.config.js
+++ b/apps/demo-react-native/babel.config.js
@@ -0,0 +1,6 @@
 module.exports = function babel(api) {
  api.cache(true);
  return {
    presets: ["babel-preset-expo"],
  };
 };
--- a/apps/demo-react-native/index.js
+++ b/apps/demo-react-native/index.js
@@ -0,0 +1,7 @@
 import { registerRootComponent } from "expo";
 import { LogBox } from "react-native";
 import App from "./src/app";
 registerRootComponent(App);
 LogBox.ignoreAllLogs();
--- a/apps/demo-react-native/metro.config.js
+++ b/apps/demo-react-native/metro.config.js
@@ -0,0 +1,21 @@
 // Learn more https://docs.expo.io/guides/customizing-metro
 const path = require("node:path");
 const { getDefaultConfig } = require("expo/metro-config");
 // Find the workspace root, this can be replaced with `find-yarn-workspace-root`
 const workspaceRoot = path.resolve(__dirname, "../..");
 const projectRoot = __dirname;
 const config = getDefaultConfig(projectRoot);
 // 1. Watch all files within the monorepo
 config.watchFolders = [workspaceRoot];
 // 2. Let Metro know where to resolve packages, and in what order
 config.resolver.nodeModulesPaths = [
  path.resolve(projectRoot, "node_modules"),
  path.resolve(workspaceRoot, "node_modules"),
 ];
 // 3. Force Metro to resolve (sub)dependencies only from the `nodeModulesPaths`
 config.resolver.disableHierarchicalLookup = true;
 module.exports = config;
--- a/apps/demo-react-native/package.json
+++ b/apps/demo-react-native/package.json
@@ -0,0 +1,30 @@
 {
  "name": "@formbricks/demo-react-native",
  "version": "1.0.0",
  "main": "./index.js",
  "scripts": {
    "dev": "expo start",
    "android": "expo start --android",
    "ios": "expo start --ios",
    "web": "expo start --web",
    "eject": "expo eject",
    "clean": "rimraf .turbo node_modules .expo"
  },
  "dependencies": {
    "@formbricks/js": "workspace:*",
    "@formbricks/react-native": "workspace:*",
    "@react-native-async-storage/async-storage": "2.1.0",
    "expo": "52.0.28",
    "expo-status-bar": "2.0.1",
    "react": "18.3.1",
    "react-dom": "18.3.1",
    "react-native": "0.76.6",
    "react-native-webview": "13.12.5"
  },
  "devDependencies": {
    "@babel/core": "7.26.0",
    "@types/react": "18.3.18",
    "typescript": "5.7.2"
  },
  "private": true
 }
--- a/apps/demo-react-native/src/app.tsx
+++ b/apps/demo-react-native/src/app.tsx
@@ -0,0 +1,117 @@
 import { StatusBar } from "expo-status-bar";
 import React, { type JSX } from "react";
 import { Button, LogBox, StyleSheet, Text, View } from "react-native";
 import Formbricks, {
  logout,
  setAttribute,
  setAttributes,
  setLanguage,
  setUserId,
  track,
 } from "@formbricks/react-native";
 LogBox.ignoreAllLogs();
 export default function App(): JSX.Element {
  if (!process.env.EXPO_PUBLIC_FORMBRICKS_ENVIRONMENT_ID) {
    throw new Error("EXPO_PUBLIC_FORMBRICKS_ENVIRONMENT_ID is required");
  }
  if (!process.env.EXPO_PUBLIC_APP_URL) {
    throw new Error("EXPO_PUBLIC_APP_URL is required");
  }
  return (
    <View style={styles.container}>
      <Text>Formbricks React Native SDK Demo</Text>
      <View
        style={{
          display: "flex",
          flexDirection: "column",
          gap: 10,
        }}>
        <Button
          title="Trigger Code Action"
          onPress={() => {
            track("code").catch((error: unknown) => {
              // eslint-disable-next-line no-console -- logging is allowed in demo apps
              console.error("Error tracking event:", error);
            });
          }}
        />
        <Button
          title="Set User Id"
          onPress={() => {
            setUserId("random-user-id").catch((error: unknown) => {
              // eslint-disable-next-line no-console -- logging is allowed in demo apps
              console.error("Error setting user id:", error);
            });
          }}
        />
        <Button
          title="Set User Attributess (multiple)"
          onPress={() => {
            setAttributes({
              testAttr: "attr-test",
              testAttr2: "attr-test-2",
              testAttr3: "attr-test-3",
              testAttr4: "attr-test-4",
            }).catch((error: unknown) => {
              // eslint-disable-next-line no-console -- logging is allowed in demo apps
              console.error("Error setting user attributes:", error);
            });
          }}
        />
        <Button
          title="Set User Attributes (single)"
          onPress={() => {
            setAttribute("testSingleAttr", "testSingleAttr").catch((error: unknown) => {
              // eslint-disable-next-line no-console -- logging is allowed in demo apps
              console.error("Error setting user attributes:", error);
            });
          }}
        />
        <Button
          title="Logout"
          onPress={() => {
            logout().catch((error: unknown) => {
              // eslint-disable-next-line no-console -- logging is allowed in demo apps
              console.error("Error logging out:", error);
            });
          }}
        />
        <Button
          title="Set Language (de)"
          onPress={() => {
            setLanguage("de").catch((error: unknown) => {
              // eslint-disable-next-line no-console -- logging is allowed in demo apps
              console.error("Error setting language:", error);
            });
          }}
        />
      </View>
      <StatusBar style="auto" />
      <Formbricks
        appUrl={process.env.EXPO_PUBLIC_APP_URL as string}
        environmentId={process.env.EXPO_PUBLIC_FORMBRICKS_ENVIRONMENT_ID as string}
      />
    </View>
  );
 }
 const styles = StyleSheet.create({
  container: {
    flex: 1,
    backgroundColor: "#fff",
    alignItems: "center",
    justifyContent: "center",
  },
 });
--- a/apps/demo-react-native/tsconfig.json
+++ b/apps/demo-react-native/tsconfig.json
@@ -0,0 +1,6 @@
 {
  "compilerOptions": {
    "strict": true
  },
  "extends": "expo/tsconfig.base"
 }
--- a/apps/demo/.env.example
+++ b/apps/demo/.env.example
@@ -0,0 +1,5 @@
 NEXT_PUBLIC_FORMBRICKS_API_HOST=http://localhost:3000
 NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID=YOUR_ENVIRONMENT_ID
 # Copy the environment ID for the URL of your Formbricks App and
 # paste it above to connect your Formbricks App with the Demo App.
--- a/apps/demo/.eslintrc.js
+++ b/apps/demo/.eslintrc.js
@@ -0,0 +1,7 @@
 module.exports = {
  extends: ["@formbricks/eslint-config/next.js"],
  parserOptions: {
    project: "tsconfig.json",
    tsconfigRootDir: __dirname,
  },
 };
--- a/apps/demo/.gitignore
+++ b/apps/demo/.gitignore
@@ -0,0 +1,36 @@
 # See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
 # dependencies
 /node_modules
 /.pnp
 .pnp.js
 # testing
 /coverage
 # next.js
 /.next/
 /out/
 # production
 /build
 # misc
 .DS_Store
 *.pem
 # debug
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 .pnpm-debug.log*
 # local env files
 .env*.local
 # vercel
 .vercel
 # typescript
 *.tsbuildinfo
 next-env.d.ts
--- a/apps/demo/components/layout-app.tsx
+++ b/apps/demo/components/layout-app.tsx
@@ -0,0 +1,13 @@
 import { Sidebar } from "./sidebar";
 export function LayoutApp({ children }: { children: React.ReactNode }): React.JSX.Element {
  return (
    <div className="min-h-full">
      {/* Static sidebar for desktop */}
      <div className="hidden lg:fixed lg:inset-y-0 lg:flex lg:w-64 lg:flex-col">
        <Sidebar />
      </div>
      <div className="flex flex-1 flex-col lg:pl-64">{children}</div>
    </div>
  );
 }
--- a/apps/demo/components/sidebar.tsx
+++ b/apps/demo/components/sidebar.tsx
@@ -0,0 +1,65 @@
 import {
  ClockIcon,
  CogIcon,
  CreditCardIcon,
  FileBarChartIcon,
  HelpCircleIcon,
  HomeIcon,
  ScaleIcon,
  ShieldCheckIcon,
  UsersIcon,
 } from "lucide-react";
 import { classNames } from "../lib/utils";
 const navigation = [
  { name: "Home", href: "#", icon: HomeIcon, current: true },
  { name: "History", href: "#", icon: ClockIcon, current: false },
  { name: "Balances", href: "#", icon: ScaleIcon, current: false },
  { name: "Cards", href: "#", icon: CreditCardIcon, current: false },
  { name: "Recipients", href: "#", icon: UsersIcon, current: false },
  { name: "Reports", href: "#", icon: FileBarChartIcon, current: false },
 ];
 const secondaryNavigation = [
  { name: "Settings", href: "#", icon: CogIcon },
  { name: "Help", href: "#", icon: HelpCircleIcon },
  { name: "Privacy", href: "#", icon: ShieldCheckIcon },
 ];
 export function Sidebar(): React.JSX.Element {
  return (
    <div className="flex flex-grow flex-col overflow-y-auto bg-cyan-700 pb-4 pt-5">
      <nav
        className="mt-5 flex flex-1 flex-col divide-y divide-cyan-800 overflow-y-auto"
        aria-label="Sidebar">
        <div className="space-y-1 px-2">
          {navigation.map((item) => (
            <a
              key={item.name}
              href={item.href}
              className={classNames(
                item.current ? "bg-cyan-800 text-white" : "text-cyan-100 hover:bg-cyan-600 hover:text-white",
                "group flex items-center rounded-md px-2 py-2 text-sm font-medium leading-6"
              )}
              aria-current={item.current ? "page" : undefined}>
              <item.icon className="mr-4 h-6 w-6 flex-shrink-0 text-cyan-200" aria-hidden="true" />
              {item.name}
            </a>
          ))}
        </div>
        <div className="mt-6 pt-6">
          <div className="space-y-1 px-2">
            {secondaryNavigation.map((item) => (
              <a
                key={item.name}
                href={item.href}
                className="group flex items-center rounded-md px-2 py-2 text-sm font-medium leading-6 text-cyan-100 hover:bg-cyan-600 hover:text-white">
                <item.icon className="mr-4 h-6 w-6 text-cyan-200" aria-hidden="true" />
                {item.name}
              </a>
            ))}
          </div>
        </div>
      </nav>
    </div>
  );
 }
--- a/apps/demo/globals.css
+++ b/apps/demo/globals.css
@@ -0,0 +1,3 @@
@tailwind base;
@tailwind components;
@tailwind utilities;
--- a/apps/demo/lib/utils.ts
+++ b/apps/demo/lib/utils.ts
@@ -0,0 +1,3 @@
 export function classNames(...classes: string[]): string {
  return classes.filter(Boolean).join(" ");
 }
--- a/apps/demo/next-env.d.ts
+++ b/apps/demo/next-env.d.ts
@@ -0,0 +1,5 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
 // NOTE: This file should not be edited
 // see https://nextjs.org/docs/pages/api-reference/config/typescript for more information.
--- a/apps/demo/next.config.mjs
+++ b/apps/demo/next.config.mjs
@@ -0,0 +1,17 @@
 /** @type {import('next').NextConfig} */
 const nextConfig = {
  images: {
    remotePatterns: [
      {
        protocol: "https",
        hostname: "tailwindui.com",
      },
      {
        protocol: "https",
        hostname: "images.unsplash.com",
      },
    ],
  },
 };
 export default nextConfig;
--- a/apps/demo/package.json
+++ b/apps/demo/package.json
@@ -0,0 +1,24 @@
 {
  "name": "@formbricks/demo",
  "version": "0.1.0",
  "private": true,
  "scripts": {
    "clean": "rimraf .turbo node_modules .next",
    "dev": "next dev -p 3002 --turbopack",
    "go": "next dev -p 3002 --turbopack",
    "build": "next build",
    "start": "next start",
    "lint": "next lint"
  },
  "dependencies": {
    "@formbricks/js": "workspace:*",
    "lucide-react": "0.468.0",
    "next": "15.1.2",
    "react": "19.0.0",
    "react-dom": "19.0.0"
  },
  "devDependencies": {
    "@formbricks/config-typescript": "workspace:*",
    "@formbricks/eslint-config": "workspace:*"
  }
 }
--- a/apps/demo/pages/_app.tsx
+++ b/apps/demo/pages/_app.tsx
@@ -0,0 +1,20 @@
 import type { AppProps } from "next/app";
 import Head from "next/head";
 import "../globals.css";
 export default function App({ Component, pageProps }: AppProps): React.JSX.Element {
  return (
    <>
      <Head>
        <title>Demo App</title>
      </Head>
      {(!process.env.NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID ||
        !process.env.NEXT_PUBLIC_FORMBRICKS_API_HOST) && (
        <div className="w-full bg-red-500 p-3 text-center text-sm text-white">
          Please set Formbricks environment variables in apps/demo/.env
        </div>
      )}
      <Component {...pageProps} />
    </>
  );
 }
--- a/apps/demo/pages/_document.tsx
+++ b/apps/demo/pages/_document.tsx
@@ -0,0 +1,13 @@
 import { Head, Html, Main, NextScript } from "next/document";
 export default function Document(): React.JSX.Element {
  return (
    <Html lang="en" className="h-full bg-slate-50">
      <Head />
      <body className="h-full">
        <Main />
        <NextScript />
      </body>
    </Html>
  );
 }
--- a/apps/demo/pages/index.tsx
+++ b/apps/demo/pages/index.tsx
@@ -0,0 +1,257 @@
 import Image from "next/image";
 import { useRouter } from "next/router";
 import { useEffect, useState } from "react";
 import formbricks from "@formbricks/js";
 import fbsetup from "../public/fb-setup.png";
 declare const window: Window;
 export default function AppPage(): React.JSX.Element {
  const [darkMode, setDarkMode] = useState(false);
  const router = useRouter();
  useEffect(() => {
    if (darkMode) {
      document.body.classList.add("dark");
    } else {
      document.body.classList.remove("dark");
    }
  }, [darkMode]);
  useEffect(() => {
    const initFormbricks = () => {
      // enable Formbricks debug mode by adding formbricksDebug=true GET parameter
      const addFormbricksDebugParam = (): void => {
        const urlParams = new URLSearchParams(window.location.search);
        if (!urlParams.has("formbricksDebug")) {
          urlParams.set("formbricksDebug", "true");
          const newUrl = `${window.location.pathname}?${urlParams.toString()}`;
          window.history.replaceState({}, "", newUrl);
        }
      };
      addFormbricksDebugParam();
      if (process.env.NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID && process.env.NEXT_PUBLIC_FORMBRICKS_API_HOST) {
        const userId = "THIS-IS-A-VERY-LONG-USER-ID-FOR-TESTING";
        const userInitAttributes = {
          language: "de",
          "Init Attribute 1": "eight",
          "Init Attribute 2": "two",
        };
        void formbricks.init({
          environmentId: process.env.NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID,
          apiHost: process.env.NEXT_PUBLIC_FORMBRICKS_API_HOST,
          userId,
          attributes: userInitAttributes,
        });
      }
      // Connect next.js router to Formbricks
      if (process.env.NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID && process.env.NEXT_PUBLIC_FORMBRICKS_API_HOST) {
        const handleRouteChange = formbricks.registerRouteChange;
        router.events.on("routeChangeComplete", () => {
          void handleRouteChange();
        });
        return () => {
          router.events.off("routeChangeComplete", () => {
            void handleRouteChange();
          });
        };
      }
    };
    initFormbricks();
  }, [router.events]);
  return (
    <div className="min-h-screen bg-white px-12 py-6 dark:bg-slate-800">
      <div className="flex flex-col justify-between md:flex-row">
        <div className="flex flex-col items-center gap-2 sm:flex-row">
          <div>
            <h1 className="text-2xl font-bold text-slate-900 dark:text-white">
              Formbricks In-product Survey Demo App
            </h1>
            <p className="text-slate-700 dark:text-slate-300">
              This app helps you test your app surveys. You can create and test user actions, create and
              update user attributes, etc.
            </p>
          </div>
        </div>
        <button
          type="button"
          className="mt-2 rounded-lg bg-slate-200 px-6 py-1 dark:bg-slate-700 dark:text-slate-100"
          onClick={() => {
            setDarkMode(!darkMode);
          }}>
          {darkMode ? "Toggle Light Mode" : "Toggle Dark Mode"}
        </button>
      </div>
      <div className="my-4 grid grid-cols-1 gap-6 md:grid-cols-2">
        <div>
          <div className="rounded-lg border border-slate-300 bg-slate-100 p-6 dark:border-slate-600 dark:bg-slate-900">
            <h3 className="text-lg font-semibold text-slate-900 dark:text-white">1. Setup .env</h3>
            <p className="text-slate-700 dark:text-slate-300">
              Copy the environment ID of your Formbricks app to the env variable in /apps/demo/.env
            </p>
            <Image src={fbsetup} alt="fb setup" className="mt-4 rounded" priority />
            <div className="mt-4 flex-col items-start text-sm text-slate-700 sm:flex sm:items-center sm:text-base dark:text-slate-300">
              <p className="mb-1 sm:mb-0 sm:mr-2">You&apos;re connected with env:</p>
              <div className="flex items-center">
                <strong className="w-32 truncate sm:w-auto">
                  {process.env.NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID}
                </strong>
                <span className="relative ml-2 flex h-3 w-3">
                  <span className="absolute inline-flex h-full w-full animate-ping rounded-full bg-green-500 opacity-75" />
                  <span className="relative inline-flex h-3 w-3 rounded-full bg-green-500" />
                </span>
              </div>
            </div>
          </div>
          <div className="mt-4 rounded-lg border border-slate-300 bg-slate-100 p-6 dark:border-slate-600 dark:bg-slate-900">
            <h3 className="text-lg font-semibold text-slate-900 dark:text-white">2. Widget Logs</h3>
            <p className="text-slate-700 dark:text-slate-300">
              Look at the logs to understand how the widget works.{" "}
              <strong className="dark:text-white">Open your browser console</strong> to see the logs.
            </p>
          </div>
        </div>
        <div className="md:grid md:grid-cols-3">
          <div className="col-span-3 self-start rounded-lg border border-slate-300 bg-slate-100 p-6 dark:border-slate-600 dark:bg-slate-900">
            <h3 className="text-lg font-semibold dark:text-white">
              Reset person / pull data from Formbricks app
            </h3>
            <p className="text-slate-700 dark:text-slate-300">
              On formbricks.reset() the local state will <strong>be deleted</strong> and formbricks gets{" "}
              <strong>reinitialized</strong>.
            </p>
            <button
              className="my-4 rounded-lg bg-slate-500 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600"
              type="button"
              onClick={() => {
                void formbricks.reset();
              }}>
              Reset
            </button>
            <p className="text-xs text-slate-700 dark:text-slate-300">
              If you made a change in Formbricks app and it does not seem to work, hit &apos;Reset&apos; and
              try again.
            </p>
          </div>
          <div className="p-6">
            <div>
              <button
                type="button"
                className="mb-4 rounded-lg bg-slate-800 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600">
                No-Code Action
              </button>
            </div>
            <div>
              <p className="text-xs text-slate-700 dark:text-slate-300">
                This button sends a{" "}
                <a
                  href="https://formbricks.com/docs/actions/no-code"
                  rel="noopener noreferrer"
                  className="underline dark:text-blue-500"
                  target="_blank">
                  No Code Action
                </a>{" "}
                as long as you created it beforehand in the Formbricks App.{" "}
                <a
                  href="https://formbricks.com/docs/actions/no-code"
                  rel="noopener noreferrer"
                  target="_blank"
                  className="underline dark:text-blue-500">
                  Here are instructions on how to do it.
                </a>
              </p>
            </div>
          </div>
          <div className="p-6">
            <div>
              <button
                type="button"
                onClick={() => {
                  void formbricks.setAttribute("Plan", "Free");
                }}
                className="mb-4 rounded-lg bg-slate-800 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600">
                Set Plan to &apos;Free&apos;
              </button>
            </div>
            <div>
              <p className="text-xs text-slate-700 dark:text-slate-300">
                This button sets the{" "}
                <a
                  href="https://formbricks.com/docs/attributes/custom-attributes"
                  target="_blank"
                  rel="noopener noreferrer"
                  className="underline dark:text-blue-500">
                  attribute
                </a>{" "}
                &apos;Plan&apos; to &apos;Free&apos;. If the attribute does not exist, it creates it.
              </p>
            </div>
          </div>
          <div className="p-6">
            <div>
              <button
                type="button"
                onClick={() => {
                  void formbricks.setAttribute("Plan", "Paid");
                }}
                className="mb-4 rounded-lg bg-slate-800 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600">
                Set Plan to &apos;Paid&apos;
              </button>
            </div>
            <div>
              <p className="text-xs text-slate-700 dark:text-slate-300">
                This button sets the{" "}
                <a
                  href="https://formbricks.com/docs/attributes/custom-attributes"
                  target="_blank"
                  rel="noopener noreferrer"
                  className="underline dark:text-blue-500">
                  attribute
                </a>{" "}
                &apos;Plan&apos; to &apos;Paid&apos;. If the attribute does not exist, it creates it.
              </p>
            </div>
          </div>
          <div className="p-6">
            <div>
              <button
                type="button"
                onClick={() => {
                  void formbricks.setEmail("test@web.com");
                }}
                className="mb-4 rounded-lg bg-slate-800 px-6 py-3 text-white hover:bg-slate-700 dark:bg-slate-700 dark:hover:bg-slate-600">
                Set Email
              </button>
            </div>
            <div>
              <p className="text-xs text-slate-700 dark:text-slate-300">
                This button sets the{" "}
                <a
                  href="https://formbricks.com/docs/attributes/identify-users"
                  target="_blank"
                  rel="noopener noreferrer"
                  className="underline dark:text-blue-500">
                  user email
                </a>{" "}
                &apos;test@web.com&apos;
              </p>
            </div>
          </div>
        </div>
      </div>
    </div>
  );
 }
--- a/apps/demo/postcss.config.js
+++ b/apps/demo/postcss.config.js
@@ -0,0 +1,6 @@
 module.exports = {
  plugins: {
    tailwindcss: {},
    autoprefixer: {},
  },
 };
--- a/apps/demo/public/favicon.ico
+++ b/apps/demo/public/favicon.ico
--- a/apps/demo/public/fb-setup.png
+++ b/apps/demo/public/fb-setup.png
--- a/apps/demo/public/next.svg
+++ b/apps/demo/public/next.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 394 80"><path fill="#000" d="M262 0h68.5v12.7h-27.2v66.6h-13.6V12.7H262V0ZM149 0v12.7H94v20.4h44.3v12.6H94v21h55v12.6H80.5V0h68.7zm34.3 0h-17.8l63.8 79.4h17.9l-32-39.7 32-39.6h-17.9l-23 28.6-23-28.6zm18.3 56.7-9-11-27.1 33.7h17.8l18.3-22.7z"/><path fill="#000" d="M81 79.3 17 0H0v79.3h13.6V17l50.2 62.3H81Zm252.6-.4c-1 0-1.8-.4-2.5-1s-1.1-1.6-1.1-2.6.3-1.8 1-2.5 1.6-1 2.6-1 1.8.3 2.5 1a3.4 3.4 0 0 1 .6 4.3 3.7 3.7 0 0 1-3 1.8zm23.2-33.5h6v23.3c0 2.1-.4 4-1.3 5.5a9.1 9.1 0 0 1-3.8 3.5c-1.6.8-3.5 1.3-5.7 1.3-2 0-3.7-.4-5.3-1s-2.8-1.8-3.7-3.2c-.9-1.3-1.4-3-1.4-5h6c.1.8.3 1.6.7 2.2s1 1.2 1.6 1.5c.7.4 1.5.5 2.4.5 1 0 1.8-.2 2.4-.6a4 4 0 0 0 1.6-1.8c.3-.8.5-1.8.5-3V45.5zm30.9 9.1a4.4 4.4 0 0 0-2-3.3 7.5 7.5 0 0 0-4.3-1.1c-1.3 0-2.4.2-3.3.5-.9.4-1.6 1-2 1.6a3.5 3.5 0 0 0-.3 4c.3.5.7.9 1.3 1.2l1.8 1 2 .5 3.2.8c1.3.3 2.5.7 3.7 1.2a13 13 0 0 1 3.2 1.8 8.1 8.1 0 0 1 3 6.5c0 2-.5 3.7-1.5 5.1a10 10 0 0 1-4.4 3.5c-1.8.8-4.1 1.2-6.8 1.2-2.6 0-4.9-.4-6.8-1.2-2-.8-3.4-2-4.5-3.5a10 10 0 0 1-1.7-5.6h6a5 5 0 0 0 3.5 4.6c1 .4 2.2.6 3.4.6 1.3 0 2.5-.2 3.5-.6 1-.4 1.8-1 2.4-1.7a4 4 0 0 0 .8-2.4c0-.9-.2-1.6-.7-2.2a11 11 0 0 0-2.1-1.4l-3.2-1-3.8-1c-2.8-.7-5-1.7-6.6-3.2a7.2 7.2 0 0 1-2.4-5.7 8 8 0 0 1 1.7-5 10 10 0 0 1 4.3-3.5c2-.8 4-1.2 6.4-1.2 2.3 0 4.4.4 6.2 1.2 1.8.8 3.2 2 4.3 3.4 1 1.4 1.5 3 1.5 5h-5.8z"/></svg>
--- a/apps/demo/public/thirteen.svg
+++ b/apps/demo/public/thirteen.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="40" height="31" fill="none"><g opacity=".9"><path fill="url(#a)" d="M13 .4v29.3H7V6.3h-.2L0 10.5V5L7.2.4H13Z"/><path fill="url(#b)" d="M28.8 30.1c-2.2 0-4-.3-5.7-1-1.7-.8-3-1.8-4-3.1a7.7 7.7 0 0 1-1.4-4.6h6.2c0 .8.3 1.4.7 2 .4.5 1 .9 1.7 1.2.7.3 1.6.4 2.5.4 1 0 1.7-.2 2.5-.5.7-.3 1.3-.8 1.7-1.4.4-.6.6-1.2.6-2s-.2-1.5-.7-2.1c-.4-.6-1-1-1.8-1.4-.8-.4-1.8-.5-2.9-.5h-2.7v-4.6h2.7a6 6 0 0 0 2.5-.5 4 4 0 0 0 1.7-1.3c.4-.6.6-1.3.6-2a3.5 3.5 0 0 0-2-3.3 5.6 5.6 0 0 0-4.5 0 4 4 0 0 0-1.7 1.2c-.4.6-.6 1.2-.6 2h-6c0-1.7.6-3.2 1.5-4.5 1-1.3 2.2-2.3 3.8-3C25 .4 26.8 0 28.8 0s3.8.4 5.3 1.1c1.5.7 2.7 1.7 3.6 3a7.2 7.2 0 0 1 1.2 4.2c0 1.6-.5 3-1.5 4a7 7 0 0 1-4 2.2v.2c2.2.3 3.8 1 5 2.2a6.4 6.4 0 0 1 1.6 4.6c0 1.7-.5 3.1-1.4 4.4a9.7 9.7 0 0 1-4 3.1c-1.7.8-3.7 1.1-5.8 1.1Z"/></g><defs><linearGradient id="a" x1="20" x2="20" y1="0" y2="30.1" gradientUnits="userSpaceOnUse"><stop/><stop offset="1" stop-color="#3D3D3D"/></linearGradient><linearGradient id="b" x1="20" x2="20" y1="0" y2="30.1" gradientUnits="userSpaceOnUse"><stop/><stop offset="1" stop-color="#3D3D3D"/></linearGradient></defs></svg>
--- a/apps/demo/public/vercel.svg
+++ b/apps/demo/public/vercel.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 283 64"><path fill="black" d="M141 16c-11 0-19 7-19 18s9 18 20 18c7 0 13-3 16-7l-7-5c-2 3-6 4-9 4-5 0-9-3-10-7h28v-3c0-11-8-18-19-18zm-9 15c1-4 4-7 9-7s8 3 9 7h-18zm117-15c-11 0-19 7-19 18s9 18 20 18c6 0 12-3 16-7l-8-5c-2 3-5 4-8 4-5 0-9-3-11-7h28l1-3c0-11-8-18-19-18zm-10 15c2-4 5-7 10-7s8 3 9 7h-19zm-39 3c0 6 4 10 10 10 4 0 7-2 9-5l8 5c-3 5-9 8-17 8-11 0-19-7-19-18s8-18 19-18c8 0 14 3 17 8l-8 5c-2-3-5-5-9-5-6 0-10 4-10 10zm83-29v46h-9V5h9zM37 0l37 64H0L37 0zm92 5-27 48L74 5h10l18 30 17-30h10zm59 12v10l-3-1c-6 0-10 4-10 10v15h-9V17h9v9c0-5 6-9 13-9z"/></svg>
--- a/apps/demo/tailwind.config.js
+++ b/apps/demo/tailwind.config.js
@@ -0,0 +1,13 @@
 /** @type {import('tailwindcss').Config} */
 module.exports = {
  content: [
    "./app/**/*.{js,ts,jsx,tsx}",
    "./pages/**/*.{js,ts,jsx,tsx}",
    "./components/**/*.{js,ts,jsx,tsx}",
  ],
  darkMode: "class",
  theme: {
    extend: {},
  },
  plugins: [require("@tailwindcss/forms")],
 };
--- a/apps/demo/tsconfig.json
+++ b/apps/demo/tsconfig.json
@@ -0,0 +1,5 @@
 {
  "exclude": ["node_modules"],
  "extends": "@formbricks/config-typescript/nextjs.json",
  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx"]
 }
--- a/apps/storybook/package.json
+++ b/apps/storybook/package.json
@@ -11,26 +11,30 @@
    "clean": "rimraf .turbo node_modules dist storybook-static"
  },
  "dependencies": {
-    "eslint-plugin-react-refresh": "0.4.20"
+    "eslint-plugin-react-refresh": "0.4.16",
    "react": "19.0.0",
    "react-dom": "19.0.0"
  },
  "devDependencies": {
-    "@chromatic-com/storybook": "3.2.6",
+    "@chromatic-com/storybook": "3.2.2",
-    "@storybook/addon-a11y": "8.6.12",
+    "@formbricks/config-typescript": "workspace:*",
-    "@storybook/addon-essentials": "8.6.12",
+    "@storybook/addon-a11y": "8.4.7",
-    "@storybook/addon-interactions": "8.6.12",
+    "@storybook/addon-essentials": "8.4.7",
-    "@storybook/addon-links": "8.6.12",
+    "@storybook/addon-interactions": "8.4.7",
-    "@storybook/addon-onboarding": "8.6.12",
+    "@storybook/addon-links": "8.4.7",
-    "@storybook/blocks": "8.6.12",
+    "@storybook/addon-onboarding": "8.4.7",
-    "@storybook/react": "8.6.12",
+    "@storybook/blocks": "8.4.7",
-    "@storybook/react-vite": "8.6.12",
+    "@storybook/react": "8.4.7",
-    "@storybook/test": "8.6.12",
+    "@storybook/react-vite": "8.4.7",
-    "@typescript-eslint/eslint-plugin": "8.32.0",
+    "@storybook/test": "8.4.7",
-    "@typescript-eslint/parser": "8.32.0",
+    "@typescript-eslint/eslint-plugin": "8.18.0",
-    "@vitejs/plugin-react": "4.4.1",
+    "@typescript-eslint/parser": "8.18.0",
-    "esbuild": "0.25.4",
+    "@vitejs/plugin-react": "4.3.4",
-    "eslint-plugin-storybook": "0.12.0",
+    "esbuild": "0.25.0",
    "eslint-plugin-storybook": "0.11.1",
    "prop-types": "15.8.1",
-    "storybook": "8.6.12",
+    "storybook": "8.4.7",
-    "vite": "6.3.5"
+    "tsup": "8.3.5",
    "vite": "6.0.9"
  }
 }
--- a/apps/web/.eslintrc.js
+++ b/apps/web/.eslintrc.js
@@ -1,20 +1,3 @@
 module.exports = {
  extends: ["@formbricks/eslint-config/legacy-next.js"],
  ignorePatterns: ["**/package.json", "**/tsconfig.json"],
  overrides: [
    {
      files: ["locales/*.json"],
      plugins: ["i18n-json"],
      rules: {
        "i18n-json/identical-keys": [
          "error",
          {
            filePath: require("path").join(__dirname, "locales", "en-US.json"),
            checkExtraKeys: false,
            checkMissingKeys: true,
          },
        ],
      },
    },
  ],
 };
--- a/apps/web/.gitignore
+++ b/apps/web/.gitignore
@@ -50,4 +50,4 @@ uploads/
 .sentryclirc
 # SAML Preloaded Connections
-saml-connection/
+saml-connection/
--- a/apps/web/Dockerfile
+++ b/apps/web/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:22-alpine3.21 AS base
+FROM node:22-alpine3.20 AS base
 #
 ## step 1: Prune monorepo
@@ -18,32 +18,23 @@ FROM node:22-alpine3.21 AS base
 FROM base AS installer
 # Enable corepack and prepare pnpm
-RUN npm install --ignore-scripts -g corepack@latest 
+RUN npm install -g corepack@latest
 RUN corepack enable
 RUN corepack prepare pnpm@9.15.9 --activate
 # Install necessary build tools and compilers
-RUN apk update && apk add --no-cache cmake g++ gcc jq make openssl-dev python3
+RUN apk update && apk add --no-cache g++ cmake make gcc python3 openssl-dev jq
-# BuildKit secret handling without hardcoded fallback values
+# Set hardcoded environment variables
-# This approach relies entirely on secrets passed from GitHub Actions
+ENV DATABASE_URL="postgresql://placeholder:for@build:5432/gets_overwritten_at_runtime?schema=public"
-RUN echo '#!/bin/sh' > /tmp/read-secrets.sh && \
+ENV NEXTAUTH_SECRET="placeholder_for_next_auth_of_64_chars_get_overwritten_at_runtime"
-    echo 'if [ -f "/run/secrets/database_url" ]; then' >> /tmp/read-secrets.sh && \
+ENV ENCRYPTION_KEY="placeholder_for_build_key_of_64_chars_get_overwritten_at_runtime"
-    echo '  export DATABASE_URL=$(cat /run/secrets/database_url)' >> /tmp/read-secrets.sh && \
+ENV CRON_SECRET="placeholder_for_cron_secret_of_64_chars_get_overwritten_at_runtime"
    echo 'else' >> /tmp/read-secrets.sh && \
    echo '  echo "DATABASE_URL secret not found. Build may fail if this is required."' >> /tmp/read-secrets.sh && \
    echo 'fi' >> /tmp/read-secrets.sh && \
    echo 'if [ -f "/run/secrets/encryption_key" ]; then' >> /tmp/read-secrets.sh && \
    echo '  export ENCRYPTION_KEY=$(cat /run/secrets/encryption_key)' >> /tmp/read-secrets.sh && \
    echo 'else' >> /tmp/read-secrets.sh && \
    echo '  echo "ENCRYPTION_KEY secret not found. Build may fail if this is required."' >> /tmp/read-secrets.sh && \
    echo 'fi' >> /tmp/read-secrets.sh && \
    echo 'exec "$@"' >> /tmp/read-secrets.sh && \
    chmod +x /tmp/read-secrets.sh
-# Increase Node.js memory limit as a regular build argument
+ARG NEXT_PUBLIC_SENTRY_DSN
-ARG NODE_OPTIONS="--max_old_space_size=4096"
+ARG SENTRY_AUTH_TOKEN
-ENV NODE_OPTIONS=${NODE_OPTIONS}
+
 # Increase Node.js memory limit
 # ENV NODE_OPTIONS="--max_old_space_size=4096"
 # Set the working directory
 WORKDIR /app
@@ -60,13 +51,10 @@ COPY . .
 RUN touch apps/web/.env
 # Install the dependencies
-RUN pnpm install --ignore-scripts
+RUN pnpm install
-# Build the project using our secret reader script
+# Build the project
-# This mounts the secrets only during this build step without storing them in layers
+RUN NODE_OPTIONS="--max_old_space_size=4096" pnpm build --filter=@formbricks/web...
 RUN --mount=type=secret,id=database_url \
    --mount=type=secret,id=encryption_key \
    /tmp/read-secrets.sh pnpm build --filter=@formbricks/web...
 # Extract Prisma version
 RUN jq -r '.devDependencies.prisma' packages/database/package.json > /prisma_version.txt
@@ -76,79 +64,44 @@ RUN jq -r '.devDependencies.prisma' packages/database/package.json > /prisma_ver
 #
 FROM base AS runner
-RUN npm install --ignore-scripts -g corepack@latest 
+RUN npm install -g corepack@latest
 RUN corepack enable
 RUN apk add --no-cache curl \
    && apk add --no-cache supercronic \
    # && addgroup --system --gid 1001 nodejs \
-    && addgroup -S nextjs \
+    && adduser --system --uid 1001 nextjs
    && adduser -S -u 1001 -G nextjs nextjs
 WORKDIR /home/nextjs
 # Ensure no write permissions are assigned to the copied resources
 COPY --from=installer /app/apps/web/.next/standalone ./
 RUN chown -R nextjs:nextjs ./ && chmod -R 755 ./
 COPY --from=installer /app/apps/web/next.config.mjs .
 RUN chmod 644 ./next.config.mjs
 COPY --from=installer /app/apps/web/package.json .
-RUN chmod 644 ./package.json
+# Leverage output traces to reduce image size
-COPY --from=installer /app/apps/web/.next/static ./apps/web/.next/static
+COPY --from=installer --chown=nextjs:nextjs /app/apps/web/.next/standalone ./
-RUN chown -R nextjs:nextjs ./apps/web/.next/static && chmod -R 755 ./apps/web/.next/static
+COPY --from=installer --chown=nextjs:nextjs /app/apps/web/.next/static ./apps/web/.next/static
 COPY --from=installer --chown=nextjs:nextjs /app/apps/web/public ./apps/web/public
 COPY --from=installer --chown=nextjs:nextjs /app/packages/database/schema.prisma ./packages/database/schema.prisma
 COPY --from=installer --chown=nextjs:nextjs /app/packages/database/package.json ./packages/database/package.json
 COPY --from=installer --chown=nextjs:nextjs /app/packages/database/migration ./packages/database/migration
 COPY --from=installer --chown=nextjs:nextjs /app/packages/database/src ./packages/database/src
-COPY --from=installer /app/apps/web/public ./apps/web/public
+# Copy Prisma-specific generated files
-RUN chown -R nextjs:nextjs ./apps/web/public && chmod -R 755 ./apps/web/public
+COPY --from=installer --chown=nextjs:nextjs /app/node_modules/@prisma/client ./node_modules/@prisma/client
-
+COPY --from=installer --chown=nextjs:nextjs /app/node_modules/.prisma ./node_modules/.prisma
 COPY --from=installer /app/packages/database/schema.prisma ./packages/database/schema.prisma
 RUN chown nextjs:nextjs ./packages/database/schema.prisma && chmod 644 ./packages/database/schema.prisma
 COPY --from=installer /app/packages/database/package.json ./packages/database/package.json
 RUN chown nextjs:nextjs ./packages/database/package.json && chmod 644 ./packages/database/package.json
 COPY --from=installer /app/packages/database/migration ./packages/database/migration
 RUN chown -R nextjs:nextjs ./packages/database/migration && chmod -R 755 ./packages/database/migration
 COPY --from=installer /app/packages/database/src ./packages/database/src
 RUN chown -R nextjs:nextjs ./packages/database/src && chmod -R 755 ./packages/database/src
 COPY --from=installer /app/packages/database/node_modules ./packages/database/node_modules
 RUN chown -R nextjs:nextjs ./packages/database/node_modules && chmod -R 755 ./packages/database/node_modules
 COPY --from=installer /app/packages/logger/dist ./packages/database/node_modules/@formbricks/logger/dist
 RUN chown -R nextjs:nextjs ./packages/database/node_modules/@formbricks/logger/dist && chmod -R 755 ./packages/database/node_modules/@formbricks/logger/dist
 COPY --from=installer /app/node_modules/@prisma/client ./node_modules/@prisma/client
 RUN chown -R nextjs:nextjs ./node_modules/@prisma/client && chmod -R 755 ./node_modules/@prisma/client
 COPY --from=installer /app/node_modules/.prisma ./node_modules/.prisma
 RUN chown -R nextjs:nextjs ./node_modules/.prisma && chmod -R 755 ./node_modules/.prisma
 COPY --from=installer /prisma_version.txt .
 RUN chown nextjs:nextjs ./prisma_version.txt && chmod 644 ./prisma_version.txt
 COPY --from=installer --chown=nextjs:nextjs /prisma_version.txt .
 COPY /docker/cronjobs /app/docker/cronjobs
 RUN chmod -R 755 /app/docker/cronjobs
 # Copy only @paralleldrive/cuid2 and @noble/hashes
 COPY --from=installer /app/node_modules/@paralleldrive/cuid2 ./node_modules/@paralleldrive/cuid2
 RUN chmod -R 755 ./node_modules/@paralleldrive/cuid2
 COPY --from=installer /app/node_modules/@noble/hashes ./node_modules/@noble/hashes
 RUN chmod -R 755 ./node_modules/@noble/hashes
-COPY --from=installer /app/node_modules/zod ./node_modules/zod
+RUN npm install -g tsx typescript prisma
 RUN chmod -R 755 ./node_modules/zod
 RUN npm install --ignore-scripts -g tsx typescript pino-pretty 
 RUN npm install -g prisma
 EXPOSE 3000
 ENV HOSTNAME "0.0.0.0"
-ENV NODE_ENV="production"
+# USER nextjs
 USER nextjs
 # Prepare volume for uploads
 RUN mkdir -p /home/nextjs/apps/web/uploads/
@@ -158,12 +111,7 @@ VOLUME /home/nextjs/apps/web/uploads/
 RUN mkdir -p /home/nextjs/apps/web/saml-connection
 VOLUME /home/nextjs/apps/web/saml-connection
-CMD if [ "${DOCKER_CRON_ENABLED:-1}" = "1" ]; then \
+CMD supercronic -quiet /app/docker/cronjobs & \
      echo "Starting cron jobs..."; \
      supercronic -quiet /app/docker/cronjobs & \
    else \
      echo "Docker cron jobs are disabled via DOCKER_CRON_ENABLED=0"; \
    fi; \
    (cd packages/database && npm run db:migrate:deploy) && \
    (cd packages/database && npm run db:create-saml-database:deploy) && \
-    exec node apps/web/server.js
+    exec node apps/web/server.js
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.test.tsx
@@ -1,79 +0,0 @@
 import "@testing-library/jest-dom/vitest";
 import { cleanup, render, screen } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { ConnectWithFormbricks } from "./ConnectWithFormbricks";
 // Mocks before import
 const pushMock = vi.fn();
 const refreshMock = vi.fn();
 vi.mock("@tolgee/react", () => ({ useTranslate: () => ({ t: (key: string) => key }) }));
 vi.mock("next/navigation", () => ({ useRouter: vi.fn(() => ({ push: pushMock, refresh: refreshMock })) }));
 vi.mock("./OnboardingSetupInstructions", () => ({
  OnboardingSetupInstructions: () => <div data-testid="instructions" />,
 }));
 afterEach(() => {
  cleanup();
  vi.clearAllMocks();
 });
 describe("ConnectWithFormbricks", () => {
  const environment = { id: "env1" } as any;
  const webAppUrl = "http://app";
  const channel = {} as any;
  test("renders waiting state when widgetSetupCompleted is false", () => {
    render(
      <ConnectWithFormbricks
        environment={environment}
        webAppUrl={webAppUrl}
        widgetSetupCompleted={false}
        channel={channel}
      />
    );
    expect(screen.getByTestId("instructions")).toBeInTheDocument();
    expect(screen.getByText("environments.connect.waiting_for_your_signal")).toBeInTheDocument();
  });
  test("renders success state when widgetSetupCompleted is true", () => {
    render(
      <ConnectWithFormbricks
        environment={environment}
        webAppUrl={webAppUrl}
        widgetSetupCompleted={true}
        channel={channel}
      />
    );
    expect(screen.getByText("environments.connect.congrats")).toBeInTheDocument();
    expect(screen.getByText("environments.connect.connection_successful_message")).toBeInTheDocument();
  });
  test("clicking finish button navigates to surveys", async () => {
    render(
      <ConnectWithFormbricks
        environment={environment}
        webAppUrl={webAppUrl}
        widgetSetupCompleted={true}
        channel={channel}
      />
    );
    const button = screen.getByRole("button", { name: "environments.connect.finish_onboarding" });
    await userEvent.click(button);
    expect(pushMock).toHaveBeenCalledWith(`/environments/${environment.id}/surveys`);
  });
  test("refresh is called on visibilitychange to visible", () => {
    render(
      <ConnectWithFormbricks
        environment={environment}
        webAppUrl={webAppUrl}
        widgetSetupCompleted={false}
        channel={channel}
      />
    );
    Object.defineProperty(document, "visibilityState", { value: "visible", configurable: true });
    document.dispatchEvent(new Event("visibilitychange"));
    expect(refreshMock).toHaveBeenCalled();
  });
 });
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks.tsx
@@ -1,11 +1,11 @@
 "use client";
 import { cn } from "@/lib/cn";
 import { Button } from "@/modules/ui/components/button";
 import { useTranslate } from "@tolgee/react";
 import { ArrowRight } from "lucide-react";
 import { useRouter } from "next/navigation";
 import { useEffect } from "react";
 import { cn } from "@formbricks/lib/cn";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TProjectConfigChannel } from "@formbricks/types/project";
 import { OnboardingSetupInstructions } from "./OnboardingSetupInstructions";
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.test.tsx
@@ -1,103 +0,0 @@
 import { cleanup, render, screen } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
 import toast from "react-hot-toast";
 import { afterEach, beforeAll, describe, expect, test, vi } from "vitest";
 import { OnboardingSetupInstructions } from "./OnboardingSetupInstructions";
 // Mock react-hot-toast so we can assert that a success message is shown
 vi.mock("react-hot-toast", () => ({
  __esModule: true,
  default: {
    success: vi.fn(),
  },
 }));
 // Set up a spy for navigator.clipboard.writeText so it becomes a ViTest spy.
 beforeAll(() => {
  Object.defineProperty(navigator, "clipboard", {
    configurable: true,
    writable: true,
    value: {
      // Using a mockResolvedValue resolves the promise as writeText is async.
      writeText: vi.fn().mockResolvedValue(undefined),
    },
  });
 });
 describe("OnboardingSetupInstructions", () => {
  afterEach(() => {
    cleanup();
    vi.clearAllMocks();
  });
  // Provide some default props for testing
  const defaultProps = {
    environmentId: "env-123",
    webAppUrl: "https://example.com",
    channel: "app" as const, // Assuming channel is either "app" or "website"
    widgetSetupCompleted: false,
  };
  test("renders HTML tab content by default", () => {
    render(<OnboardingSetupInstructions {...defaultProps} />);
    // Since the default active tab is "html", we check for a unique text
    expect(
      screen.getByText(/environments.connect.insert_this_code_into_the_head_tag_of_your_website/i)
    ).toBeInTheDocument();
    // The HTML snippet contains a marker comment
    expect(screen.getByText("START")).toBeInTheDocument();
    // Verify the "Copy Code" button is present
    expect(screen.getByRole("button", { name: /common.copy_code/i })).toBeInTheDocument();
  });
  test("renders NPM tab content when selected", async () => {
    render(<OnboardingSetupInstructions {...defaultProps} />);
    const user = userEvent.setup();
    // Click on the "NPM" tab to switch views.
    const npmTab = screen.getByText("NPM");
    await user.click(npmTab);
    // Check that the install commands are present
    expect(screen.getByText(/npm install @formbricks\/js/)).toBeInTheDocument();
    expect(screen.getByText(/yarn add @formbricks\/js/)).toBeInTheDocument();
    // Verify the "Read Docs" link has the correct URL (based on channel prop)
    const readDocsLink = screen.getByRole("link", { name: /common.read_docs/i });
    expect(readDocsLink).toHaveAttribute("href", "https://formbricks.com/docs/app-surveys/framework-guides");
  });
  test("copies HTML snippet to clipboard and shows success toast when Copy Code button is clicked", async () => {
    render(<OnboardingSetupInstructions {...defaultProps} />);
    const user = userEvent.setup();
    const writeTextSpy = vi.spyOn(navigator.clipboard, "writeText");
    // Click the "Copy Code" button
    const copyButton = screen.getByRole("button", { name: /common.copy_code/i });
    await user.click(copyButton);
    // Ensure navigator.clipboard.writeText was called.
    expect(writeTextSpy).toHaveBeenCalled();
    const writtenText = (navigator.clipboard.writeText as any).mock.calls[0][0] as string;
    // Check that the pasted snippet contains the expected environment values
    expect(writtenText).toContain('var appUrl = "https://example.com"');
    expect(writtenText).toContain('var environmentId = "env-123"');
    // Verify that a success toast was shown
    expect(toast.success).toHaveBeenCalledWith("common.copied_to_clipboard");
  });
  test("renders step-by-step manual link with correct URL in HTML tab", () => {
    render(<OnboardingSetupInstructions {...defaultProps} />);
    const manualLink = screen.getByRole("link", { name: /common.step_by_step_manual/i });
    expect(manualLink).toHaveAttribute(
      "href",
      "https://formbricks.com/docs/app-surveys/framework-guides#html"
    );
  });
 });
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/components/OnboardingSetupInstructions.tsx
@@ -34,9 +34,10 @@ export const OnboardingSetupInstructions = ({
  const htmlSnippetForAppSurveys = `<!-- START Formbricks Surveys -->
  <script type="text/javascript">
  !function(){
-      var appUrl = "${webAppUrl}";
+      var apiHost = "${webAppUrl}";
      var environmentId = "${environmentId}";
-      var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=appUrl+"/js/formbricks.umd.cjs",t.onload=function(){window.formbricks?window.formbricks.setup({environmentId:environmentId,appUrl:appUrl}):console.error("Formbricks library failed to load properly. The formbricks object is not available.");};var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e)}();
+      var userId = "testUser";
      var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=apiHost+"/js/formbricks.umd.cjs";var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e),setTimeout(function(){window.formbricks.init({environmentId: environmentId, apiHost: apiHost, userId: userId})},500)}();
  </script>
  <!-- END Formbricks Surveys -->
  `;
@@ -44,9 +45,9 @@ export const OnboardingSetupInstructions = ({
  const htmlSnippetForWebsiteSurveys = `<!-- START Formbricks Surveys -->
  <script type="text/javascript">
  !function(){
-    var appUrl = "${webAppUrl}";
+    var apiHost = "${webAppUrl}";
    var environmentId = "${environmentId}";
-    var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=appUrl+"/js/formbricks.umd.cjs",t.onload=function(){window.formbricks?window.formbricks.setup({environmentId:environmentId,appUrl:appUrl}):console.error("Formbricks library failed to load properly. The formbricks object is not available.");};var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e)}();
+      var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=apiHost+"/js/formbricks.umd.cjs";var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e),setTimeout(function(){window.formbricks.init({environmentId: environmentId, apiHost: apiHost})},500)}();
  </script>
  <!-- END Formbricks Surveys -->
  `;
@@ -55,9 +56,10 @@ export const OnboardingSetupInstructions = ({
  import formbricks from "@formbricks/js";
  if (typeof window !== "undefined") {
-    formbricks.setup({
+    formbricks.init({
      environmentId: "${environmentId}",
-      appUrl: "${webAppUrl}",
+      apiHost: "${webAppUrl}",
      userId: "testUser",
    });
  }
@@ -73,9 +75,9 @@ export const OnboardingSetupInstructions = ({
  import formbricks from "@formbricks/js";
  if (typeof window !== "undefined") {
-    formbricks.setup({
+    formbricks.init({
      environmentId: "${environmentId}",
-      appUrl: "${webAppUrl}",
+      apiHost: "${webAppUrl}",
    });
  }
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/page.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/connect/page.tsx
@@ -1,12 +1,12 @@
 import { ConnectWithFormbricks } from "@/app/(app)/(onboarding)/environments/[environmentId]/connect/components/ConnectWithFormbricks";
 import { WEBAPP_URL } from "@/lib/constants";
 import { getEnvironment } from "@/lib/environment/service";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
 import { Button } from "@/modules/ui/components/button";
 import { Header } from "@/modules/ui/components/header";
 import { getTranslate } from "@/tolgee/server";
 import { XIcon } from "lucide-react";
 import Link from "next/link";
 import { WEBAPP_URL } from "@formbricks/lib/constants";
 import { getEnvironment } from "@formbricks/lib/environment/service";
 import { getProjectByEnvironmentId } from "@formbricks/lib/project/service";
 interface ConnectPageProps {
  params: Promise<{
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/layout.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/layout.test.tsx
@@ -1,145 +0,0 @@
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { cleanup, render, screen } from "@testing-library/react";
 import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import OnboardingLayout from "./layout";
 vi.mock("@/lib/constants", () => ({
  IS_FORMBRICKS_CLOUD: false,
  IS_PRODUCTION: false,
  IS_DEVELOPMENT: true,
  E2E_TESTING: false,
  WEBAPP_URL: "http://localhost:3000",
  SURVEY_URL: "http://localhost:3000/survey",
  ENCRYPTION_KEY: "mock-encryption-key",
  CRON_SECRET: "mock-cron-secret",
  DEFAULT_BRAND_COLOR: "#64748b",
  FB_LOGO_URL: "https://mock-logo-url.com/logo.png",
  PRIVACY_URL: "http://localhost:3000/privacy",
  TERMS_URL: "http://localhost:3000/terms",
  IMPRINT_URL: "http://localhost:3000/imprint",
  IMPRINT_ADDRESS: "Mock Address",
  PASSWORD_RESET_DISABLED: false,
  EMAIL_VERIFICATION_DISABLED: false,
  GOOGLE_OAUTH_ENABLED: false,
  GITHUB_OAUTH_ENABLED: false,
  AZURE_OAUTH_ENABLED: false,
  OIDC_OAUTH_ENABLED: false,
  SAML_OAUTH_ENABLED: false,
  SAML_XML_DIR: "./mock-saml-connection",
  SIGNUP_ENABLED: true,
  EMAIL_AUTH_ENABLED: true,
  INVITE_DISABLED: false,
  SLACK_CLIENT_SECRET: "mock-slack-secret",
  SLACK_CLIENT_ID: "mock-slack-id",
  SLACK_AUTH_URL: "https://mock-slack-auth-url.com",
  GOOGLE_SHEETS_CLIENT_ID: "mock-google-sheets-id",
  GOOGLE_SHEETS_CLIENT_SECRET: "mock-google-sheets-secret",
  GOOGLE_SHEETS_REDIRECT_URL: "http://localhost:3000/google-sheets-redirect",
  NOTION_OAUTH_CLIENT_ID: "mock-notion-id",
  NOTION_OAUTH_CLIENT_SECRET: "mock-notion-secret",
  NOTION_REDIRECT_URI: "http://localhost:3000/notion-redirect",
  NOTION_AUTH_URL: "https://mock-notion-auth-url.com",
  AIRTABLE_CLIENT_ID: "mock-airtable-id",
  SMTP_HOST: "mock-smtp-host",
  SMTP_PORT: "587",
  SMTP_SECURE_ENABLED: false,
  SMTP_USER: "mock-smtp-user",
  SMTP_PASSWORD: "mock-smtp-password",
  SMTP_AUTHENTICATED: true,
  SMTP_REJECT_UNAUTHORIZED_TLS: true,
  MAIL_FROM: "mock@mail.com",
  MAIL_FROM_NAME: "Mock Mail",
  NEXTAUTH_SECRET: "mock-nextauth-secret",
  ITEMS_PER_PAGE: 30,
  SURVEYS_PER_PAGE: 12,
  RESPONSES_PER_PAGE: 25,
  TEXT_RESPONSES_PER_PAGE: 5,
  INSIGHTS_PER_PAGE: 10,
  DOCUMENTS_PER_PAGE: 10,
  MAX_RESPONSES_FOR_INSIGHT_GENERATION: 500,
  MAX_OTHER_OPTION_LENGTH: 250,
  ENTERPRISE_LICENSE_KEY: "ABC",
  GITHUB_ID: "mock-github-id",
  GITHUB_SECRET: "mock-github-secret",
  GITHUB_OAUTH_URL: "https://mock-github-auth-url.com",
  AZURE_ID: "mock-azure-id",
  AZUREAD_CLIENT_ID: "mock-azure-client-id",
  AZUREAD_CLIENT_SECRET: "mock-azure-client-secret",
  GOOGLE_CLIENT_ID: "mock-google-client-id",
  GOOGLE_CLIENT_SECRET: "mock-google-client-secret",
  GOOGLE_OAUTH_URL: "https://mock-google-auth-url.com",
  AZURE_OAUTH_URL: "https://mock-azure-auth-url.com",
  OIDC_ID: "mock-oidc-id",
  OIDC_OAUTH_URL: "https://mock-oidc-auth-url.com",
  SAML_ID: "mock-saml-id",
  SAML_OAUTH_URL: "https://mock-saml-auth-url.com",
  SAML_METADATA_URL: "https://mock-saml-metadata-url.com",
  AZUREAD_TENANT_ID: "mock-azure-tenant-id",
  AZUREAD_OAUTH_URL: "https://mock-azuread-auth-url.com",
  OIDC_DISPLAY_NAME: "Mock OIDC",
  OIDC_CLIENT_ID: "mock-oidc-client-id",
  OIDC_CLIENT_SECRET: "mock-oidc-client-secret",
  OIDC_REDIRECT_URL: "http://localhost:3000/oidc-redirect",
  OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
  OIDC_ISSUER: "https://mock-oidc-issuer.com",
  OIDC_SIGNING_ALGORITHM: "RS256",
  SESSION_MAX_AGE: 1000,
 }));
 vi.mock("next/navigation", () => ({
  redirect: vi.fn(),
 }));
 vi.mock("next-auth", () => ({
  getServerSession: vi.fn(),
 }));
 vi.mock("@/lib/environment/auth", () => ({
  hasUserEnvironmentAccess: vi.fn(),
 }));
 describe("OnboardingLayout", () => {
  afterEach(() => {
    cleanup();
    vi.clearAllMocks();
  });
  test("redirects to login if session is missing", async () => {
    vi.mocked(getServerSession).mockResolvedValueOnce(null);
    await OnboardingLayout({
      params: { environmentId: "env1" },
      children: <div>Test Content</div>,
    });
    expect(redirect).toHaveBeenCalledWith("/auth/login");
  });
  test("throws AuthorizationError if user lacks access", async () => {
    vi.mocked(getServerSession).mockResolvedValueOnce({ user: { id: "user1" } });
    vi.mocked(hasUserEnvironmentAccess).mockResolvedValueOnce(false);
    await expect(
      OnboardingLayout({
        params: { environmentId: "env1" },
        children: <div>Test Content</div>,
      })
    ).rejects.toThrow("User is not authorized to access this environment");
  });
  test("renders children if user has access", async () => {
    vi.mocked(getServerSession).mockResolvedValueOnce({ user: { id: "user1" } });
    vi.mocked(hasUserEnvironmentAccess).mockResolvedValueOnce(true);
    const result = await OnboardingLayout({
      params: { environmentId: "env1" },
      children: <div data-testid="child">Test Content</div>,
    });
    render(result);
    expect(screen.getByTestId("child")).toHaveTextContent("Test Content");
  });
 });
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/layout.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/layout.tsx
@@ -1,7 +1,7 @@
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { hasUserEnvironmentAccess } from "@formbricks/lib/environment/auth";
 import { AuthorizationError } from "@formbricks/types/errors";
 const OnboardingLayout = async (props) => {
@@ -16,7 +16,7 @@ const OnboardingLayout = async (props) => {
  const isAuthorized = await hasUserEnvironmentAccess(session.user.id, params.environmentId);
  if (!isAuthorized) {
-    throw new AuthorizationError("User is not authorized to access this environment");
+    throw AuthorizationError;
  }
  return <div className="flex-1 bg-slate-50">{children}</div>;
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/components/XMTemplateList.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/components/XMTemplateList.test.tsx
@@ -1,76 +0,0 @@
 import { createSurveyAction } from "@/modules/survey/components/template-list/actions";
 import "@testing-library/jest-dom/vitest";
 import { cleanup, render, screen } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
 import toast from "react-hot-toast";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { XMTemplateList } from "./XMTemplateList";
 // Prepare push mock and module mocks before importing component
 const pushMock = vi.fn();
 vi.mock("@tolgee/react", () => ({ useTranslate: () => ({ t: (key: string) => key }) }));
 vi.mock("next/navigation", () => ({ useRouter: vi.fn(() => ({ push: pushMock })) }));
 vi.mock("react-hot-toast", () => ({ default: { error: vi.fn() } }));
 vi.mock("@/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates", () => ({
  getXMTemplates: (t: any) => [
    { id: 1, name: "tmpl1" },
    { id: 2, name: "tmpl2" },
  ],
 }));
 vi.mock("@/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/utils", () => ({
  replacePresetPlaceholders: (template: any, project: any) => ({ ...template, projectId: project.id }),
 }));
 vi.mock("@/modules/survey/components/template-list/actions", () => ({ createSurveyAction: vi.fn() }));
 vi.mock("@/lib/utils/helper", () => ({ getFormattedErrorMessage: () => "formatted-error" }));
 vi.mock("@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer", () => ({
  OnboardingOptionsContainer: ({ options }: { options: any[] }) => (
    <div>
      {options.map((opt, idx) => (
        <button key={idx} data-testid={`option-${idx}`} onClick={opt.onClick}>
          {opt.title}
        </button>
      ))}
    </div>
  ),
 }));
 // Reset mocks between tests
 afterEach(() => {
  cleanup();
  vi.clearAllMocks();
 });
 describe("XMTemplateList component", () => {
  const project = { id: "proj1" } as any;
  const user = { id: "user1" } as any;
  const environmentId = "env1";
  test("creates survey and navigates on success", async () => {
    // Mock successful survey creation
    vi.mocked(createSurveyAction).mockResolvedValue({ data: { id: "survey1" } } as any);
    render(<XMTemplateList project={project} user={user} environmentId={environmentId} />);
    const option0 = screen.getByTestId("option-0");
    await userEvent.click(option0);
    expect(createSurveyAction).toHaveBeenCalledWith({
      environmentId,
      surveyBody: expect.objectContaining({ id: 1, projectId: "proj1", type: "link", createdBy: "user1" }),
    });
    expect(pushMock).toHaveBeenCalledWith(`/environments/${environmentId}/surveys/survey1/edit?mode=cx`);
  });
  test("shows error toast on failure", async () => {
    // Mock failed survey creation
    vi.mocked(createSurveyAction).mockResolvedValue({ error: "err" } as any);
    render(<XMTemplateList project={project} user={user} environmentId={environmentId} />);
    const option1 = screen.getByTestId("option-1");
    await userEvent.click(option1);
    expect(createSurveyAction).toHaveBeenCalled();
    expect(toast.error).toHaveBeenCalledWith("formatted-error");
  });
 });
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/utils.test.ts
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/utils.test.ts
@@ -1,80 +0,0 @@
 import "@testing-library/jest-dom/vitest";
 import { cleanup } from "@testing-library/react";
 import { afterEach, describe, expect, test } from "vitest";
 import { TProject } from "@formbricks/types/project";
 import { TXMTemplate } from "@formbricks/types/templates";
 import { replacePresetPlaceholders } from "./utils";
 // Mock data
 const mockProject: TProject = {
  id: "project1",
  createdAt: new Date(),
  updatedAt: new Date(),
  name: "Test Project",
  organizationId: "org1",
  styling: {
    allowStyleOverwrite: true,
    brandColor: { light: "#FFFFFF" },
  },
  recontactDays: 30,
  inAppSurveyBranding: true,
  linkSurveyBranding: true,
  config: {
    channel: "link" as const,
    industry: "eCommerce" as "eCommerce" | "saas" | "other" | null,
  },
  placement: "bottomRight",
  clickOutsideClose: true,
  darkOverlay: false,
  environments: [],
  languages: [],
  logo: null,
 };
 const mockTemplate: TXMTemplate = {
  name: "$[projectName] Survey",
  questions: [
    {
      id: "q1",
      inputType: "text",
      type: "email" as any,
      headline: { default: "$[projectName] Question" },
      required: false,
      charLimit: { enabled: true, min: 400, max: 1000 },
    },
  ],
  endings: [
    {
      id: "e1",
      type: "endScreen",
      headline: { default: "Thank you for completing the survey!" },
    },
  ],
  styling: {
    brandColor: { light: "#0000FF" },
    questionColor: { light: "#00FF00" },
    inputColor: { light: "#FF0000" },
  },
 };
 describe("replacePresetPlaceholders", () => {
  afterEach(() => {
    cleanup();
  });
  test("replaces projectName placeholder in template name", () => {
    const result = replacePresetPlaceholders(mockTemplate, mockProject);
    expect(result.name).toBe("Test Project Survey");
  });
  test("replaces projectName placeholder in question headline", () => {
    const result = replacePresetPlaceholders(mockTemplate, mockProject);
    expect(result.questions[0].headline.default).toBe("Test Project Question");
  });
  test("returns a new object without mutating the original template", () => {
    const originalTemplate = structuredClone(mockTemplate);
    const result = replacePresetPlaceholders(mockTemplate, mockProject);
    expect(result).not.toBe(mockTemplate);
    expect(mockTemplate).toEqual(originalTemplate);
  });
 });
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/utils.ts
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/utils.ts
@@ -1,4 +1,4 @@
-import { replaceQuestionPresetPlaceholders } from "@/lib/utils/templates";
+import { replaceQuestionPresetPlaceholders } from "@formbricks/lib/utils/templates";
 import { TProject } from "@formbricks/types/project";
 import { TXMTemplate } from "@formbricks/types/templates";
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates.test.ts
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates.test.ts
@@ -1,60 +0,0 @@
 import "@testing-library/jest-dom/vitest";
 import { cleanup } from "@testing-library/preact";
 import { TFnType } from "@tolgee/react";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { getXMSurveyDefault, getXMTemplates } from "./xm-templates";
 vi.mock("@formbricks/logger", () => ({
  logger: { error: vi.fn() },
 }));
 describe("xm-templates", () => {
  afterEach(() => {
    cleanup();
  });
  test("getXMSurveyDefault returns default survey template", () => {
    const tMock = vi.fn((key) => key) as TFnType;
    const result = getXMSurveyDefault(tMock);
    expect(result).toEqual({
      name: "",
      endings: expect.any(Array),
      questions: [],
      styling: {
        overwriteThemeStyling: true,
      },
    });
    expect(result.endings).toHaveLength(1);
  });
  test("getXMTemplates returns all templates", () => {
    const tMock = vi.fn((key) => key) as TFnType;
    const result = getXMTemplates(tMock);
    expect(result).toHaveLength(6);
    expect(result[0].name).toBe("templates.nps_survey_name");
    expect(result[1].name).toBe("templates.star_rating_survey_name");
    expect(result[2].name).toBe("templates.csat_survey_name");
    expect(result[3].name).toBe("templates.cess_survey_name");
    expect(result[4].name).toBe("templates.smileys_survey_name");
    expect(result[5].name).toBe("templates.enps_survey_name");
  });
  test("getXMTemplates handles errors gracefully", async () => {
    const tMock = vi.fn(() => {
      throw new Error("Test error");
    }) as TFnType;
    const result = getXMTemplates(tMock);
    // Dynamically import the mocked logger
    const { logger } = await import("@formbricks/logger");
    expect(result).toEqual([]);
    expect(logger.error).toHaveBeenCalledWith(
      expect.any(Error),
      "Unable to load XM templates, returning empty array"
    );
  });
 });
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates.ts
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/lib/xm-templates.ts
@@ -1,15 +1,13 @@
-import {
+import { getDefaultEndingCard } from "@/app/lib/templates";
  buildCTAQuestion,
  buildNPSQuestion,
  buildOpenTextQuestion,
  buildRatingQuestion,
  getDefaultEndingCard,
 } from "@/app/lib/survey-builder";
 import { createId } from "@paralleldrive/cuid2";
 import { TFnType } from "@tolgee/react";
-import { logger } from "@formbricks/logger";
+import { TSurveyQuestionTypeEnum } from "@formbricks/types/surveys/types";
 import { TXMTemplate } from "@formbricks/types/templates";
 function logError(error: Error, context: string) {
  console.error(`Error in ${context}:`, error);
 }
 export const getXMSurveyDefault = (t: TFnType): TXMTemplate => {
  try {
    return {
@@ -21,7 +19,7 @@ export const getXMSurveyDefault = (t: TFnType): TXMTemplate => {
      },
    };
  } catch (error) {
-    logger.error(error, "Failed to create default XM survey template");
+    logError(error, "getXMSurveyDefault");
    throw error; // Re-throw after logging
  }
 };
@@ -31,26 +29,35 @@ const npsSurvey = (t: TFnType): TXMTemplate => {
    ...getXMSurveyDefault(t),
    name: t("templates.nps_survey_name"),
    questions: [
-      buildNPSQuestion({
+      {
-        headline: t("templates.nps_survey_question_1_headline"),
+        id: createId(),
        type: TSurveyQuestionTypeEnum.NPS,
        headline: { default: t("templates.nps_survey_question_1_headline") },
        required: true,
-        lowerLabel: t("templates.nps_survey_question_1_lower_label"),
+        lowerLabel: { default: t("templates.nps_survey_question_1_lower_label") },
-        upperLabel: t("templates.nps_survey_question_1_upper_label"),
+        upperLabel: { default: t("templates.nps_survey_question_1_upper_label") },
        isColorCodingEnabled: true,
-        t,
+      },
-      }),
+      {
-      buildOpenTextQuestion({
+        id: createId(),
-        headline: t("templates.nps_survey_question_2_headline"),
+        type: TSurveyQuestionTypeEnum.OpenText,
        headline: { default: t("templates.nps_survey_question_2_headline") },
        required: false,
        inputType: "text",
-        t,
+        charLimit: {
-      }),
+          enabled: false,
-      buildOpenTextQuestion({
+        },
-        headline: t("templates.nps_survey_question_3_headline"),
+      },
      {
        id: createId(),
        type: TSurveyQuestionTypeEnum.OpenText,
        headline: { default: t("templates.nps_survey_question_3_headline") },
        required: false,
        inputType: "text",
-        t,
+        charLimit: {
-      }),
+          enabled: false,
        },
      },
    ],
  };
 };
@@ -63,8 +70,9 @@ const starRatingSurvey = (t: TFnType): TXMTemplate => {
    ...defaultSurvey,
    name: t("templates.star_rating_survey_name"),
    questions: [
-      buildRatingQuestion({
+      {
        id: reusableQuestionIds[0],
        type: TSurveyQuestionTypeEnum.Rating,
        logic: [
          {
            id: createId(),
@@ -97,15 +105,16 @@ const starRatingSurvey = (t: TFnType): TXMTemplate => {
        ],
        range: 5,
        scale: "number",
-        headline: t("templates.star_rating_survey_question_1_headline"),
+        headline: { default: t("templates.star_rating_survey_question_1_headline") },
        required: true,
-        lowerLabel: t("templates.star_rating_survey_question_1_lower_label"),
+        lowerLabel: { default: t("templates.star_rating_survey_question_1_lower_label") },
-        upperLabel: t("templates.star_rating_survey_question_1_upper_label"),
+        upperLabel: { default: t("templates.star_rating_survey_question_1_upper_label") },
-        t,
+        isColorCodingEnabled: false,
-      }),
+      },
-      buildCTAQuestion({
+      {
        id: reusableQuestionIds[1],
-        html: t("templates.star_rating_survey_question_2_html"),
+        html: { default: t("templates.star_rating_survey_question_2_html") },
        type: TSurveyQuestionTypeEnum.CTA,
        logic: [
          {
            id: createId(),
@@ -132,23 +141,25 @@ const starRatingSurvey = (t: TFnType): TXMTemplate => {
            ],
          },
        ],
-        headline: t("templates.star_rating_survey_question_2_headline"),
+        headline: { default: t("templates.star_rating_survey_question_2_headline") },
        required: true,
        buttonUrl: "https://formbricks.com/github",
-        buttonLabel: t("templates.star_rating_survey_question_2_button_label"),
+        buttonLabel: { default: t("templates.star_rating_survey_question_2_button_label") },
        buttonExternal: true,
-        t,
+      },
-      }),
+      {
      buildOpenTextQuestion({
        id: reusableQuestionIds[2],
-        headline: t("templates.star_rating_survey_question_3_headline"),
+        type: TSurveyQuestionTypeEnum.OpenText,
        headline: { default: t("templates.star_rating_survey_question_3_headline") },
        required: true,
-        subheader: t("templates.star_rating_survey_question_3_subheader"),
+        subheader: { default: t("templates.star_rating_survey_question_3_subheader") },
-        buttonLabel: t("templates.star_rating_survey_question_3_button_label"),
+        buttonLabel: { default: t("templates.star_rating_survey_question_3_button_label") },
-        placeholder: t("templates.star_rating_survey_question_3_placeholder"),
+        placeholder: { default: t("templates.star_rating_survey_question_3_placeholder") },
        inputType: "text",
-        t,
+        charLimit: {
-      }),
+          enabled: false,
        },
      },
    ],
  };
 };
@@ -161,8 +172,9 @@ const csatSurvey = (t: TFnType): TXMTemplate => {
    ...defaultSurvey,
    name: t("templates.csat_survey_name"),
    questions: [
-      buildRatingQuestion({
+      {
        id: reusableQuestionIds[0],
        type: TSurveyQuestionTypeEnum.Rating,
        logic: [
          {
            id: createId(),
@@ -195,14 +207,15 @@ const csatSurvey = (t: TFnType): TXMTemplate => {
        ],
        range: 5,
        scale: "smiley",
-        headline: t("templates.csat_survey_question_1_headline"),
+        headline: { default: t("templates.csat_survey_question_1_headline") },
        required: true,
-        lowerLabel: t("templates.csat_survey_question_1_lower_label"),
+        lowerLabel: { default: t("templates.csat_survey_question_1_lower_label") },
-        upperLabel: t("templates.csat_survey_question_1_upper_label"),
+        upperLabel: { default: t("templates.csat_survey_question_1_upper_label") },
-        t,
+        isColorCodingEnabled: false,
-      }),
+      },
-      buildOpenTextQuestion({
+      {
        id: reusableQuestionIds[1],
        type: TSurveyQuestionTypeEnum.OpenText,
        logic: [
          {
            id: createId(),
@@ -229,20 +242,25 @@ const csatSurvey = (t: TFnType): TXMTemplate => {
            ],
          },
        ],
-        headline: t("templates.csat_survey_question_2_headline"),
+        headline: { default: t("templates.csat_survey_question_2_headline") },
        required: false,
-        placeholder: t("templates.csat_survey_question_2_placeholder"),
+        placeholder: { default: t("templates.csat_survey_question_2_placeholder") },
        inputType: "text",
-        t,
+        charLimit: {
-      }),
+          enabled: false,
-      buildOpenTextQuestion({
+        },
      },
      {
        id: reusableQuestionIds[2],
-        headline: t("templates.csat_survey_question_3_headline"),
+        type: TSurveyQuestionTypeEnum.OpenText,
        headline: { default: t("templates.csat_survey_question_3_headline") },
        required: false,
-        placeholder: t("templates.csat_survey_question_3_placeholder"),
+        placeholder: { default: t("templates.csat_survey_question_3_placeholder") },
        inputType: "text",
-        t,
+        charLimit: {
-      }),
+          enabled: false,
        },
      },
    ],
  };
 };
@@ -252,22 +270,28 @@ const cessSurvey = (t: TFnType): TXMTemplate => {
    ...getXMSurveyDefault(t),
    name: t("templates.cess_survey_name"),
    questions: [
-      buildRatingQuestion({
+      {
        id: createId(),
        type: TSurveyQuestionTypeEnum.Rating,
        range: 5,
        scale: "number",
-        headline: t("templates.cess_survey_question_1_headline"),
+        headline: { default: t("templates.cess_survey_question_1_headline") },
        required: true,
-        lowerLabel: t("templates.cess_survey_question_1_lower_label"),
+        lowerLabel: { default: t("templates.cess_survey_question_1_lower_label") },
-        upperLabel: t("templates.cess_survey_question_1_upper_label"),
+        upperLabel: { default: t("templates.cess_survey_question_1_upper_label") },
-        t,
+        isColorCodingEnabled: false,
-      }),
+      },
-      buildOpenTextQuestion({
+      {
-        headline: t("templates.cess_survey_question_2_headline"),
+        id: createId(),
        type: TSurveyQuestionTypeEnum.OpenText,
        headline: { default: t("templates.cess_survey_question_2_headline") },
        required: true,
-        placeholder: t("templates.cess_survey_question_2_placeholder"),
+        placeholder: { default: t("templates.cess_survey_question_2_placeholder") },
        inputType: "text",
-        t,
+        charLimit: {
-      }),
+          enabled: false,
        },
      },
    ],
  };
 };
@@ -280,8 +304,9 @@ const smileysRatingSurvey = (t: TFnType): TXMTemplate => {
    ...defaultSurvey,
    name: t("templates.smileys_survey_name"),
    questions: [
-      buildRatingQuestion({
+      {
        id: reusableQuestionIds[0],
        type: TSurveyQuestionTypeEnum.Rating,
        logic: [
          {
            id: createId(),
@@ -314,15 +339,16 @@ const smileysRatingSurvey = (t: TFnType): TXMTemplate => {
        ],
        range: 5,
        scale: "smiley",
-        headline: t("templates.smileys_survey_question_1_headline"),
+        headline: { default: t("templates.smileys_survey_question_1_headline") },
        required: true,
-        lowerLabel: t("templates.smileys_survey_question_1_lower_label"),
+        lowerLabel: { default: t("templates.smileys_survey_question_1_lower_label") },
-        upperLabel: t("templates.smileys_survey_question_1_upper_label"),
+        upperLabel: { default: t("templates.smileys_survey_question_1_upper_label") },
-        t,
+        isColorCodingEnabled: false,
-      }),
+      },
-      buildCTAQuestion({
+      {
        id: reusableQuestionIds[1],
-        html: t("templates.smileys_survey_question_2_html"),
+        html: { default: t("templates.smileys_survey_question_2_html") },
        type: TSurveyQuestionTypeEnum.CTA,
        logic: [
          {
            id: createId(),
@@ -349,23 +375,25 @@ const smileysRatingSurvey = (t: TFnType): TXMTemplate => {
            ],
          },
        ],
-        headline: t("templates.smileys_survey_question_2_headline"),
+        headline: { default: t("templates.smileys_survey_question_2_headline") },
        required: true,
        buttonUrl: "https://formbricks.com/github",
-        buttonLabel: t("templates.smileys_survey_question_2_button_label"),
+        buttonLabel: { default: t("templates.smileys_survey_question_2_button_label") },
        buttonExternal: true,
-        t,
+      },
-      }),
+      {
      buildOpenTextQuestion({
        id: reusableQuestionIds[2],
-        headline: t("templates.smileys_survey_question_3_headline"),
+        type: TSurveyQuestionTypeEnum.OpenText,
        headline: { default: t("templates.smileys_survey_question_3_headline") },
        required: true,
-        subheader: t("templates.smileys_survey_question_3_subheader"),
+        subheader: { default: t("templates.smileys_survey_question_3_subheader") },
-        buttonLabel: t("templates.smileys_survey_question_3_button_label"),
+        buttonLabel: { default: t("templates.smileys_survey_question_3_button_label") },
-        placeholder: t("templates.smileys_survey_question_3_placeholder"),
+        placeholder: { default: t("templates.smileys_survey_question_3_placeholder") },
        inputType: "text",
-        t,
+        charLimit: {
-      }),
+          enabled: false,
        },
      },
    ],
  };
 };
@@ -375,26 +403,37 @@ const enpsSurvey = (t: TFnType): TXMTemplate => {
    ...getXMSurveyDefault(t),
    name: t("templates.enps_survey_name"),
    questions: [
-      buildNPSQuestion({
+      {
-        headline: t("templates.enps_survey_question_1_headline"),
+        id: createId(),
        type: TSurveyQuestionTypeEnum.NPS,
        headline: {
          default: t("templates.enps_survey_question_1_headline"),
        },
        required: false,
-        lowerLabel: t("templates.enps_survey_question_1_lower_label"),
+        lowerLabel: { default: t("templates.enps_survey_question_1_lower_label") },
-        upperLabel: t("templates.enps_survey_question_1_upper_label"),
+        upperLabel: { default: t("templates.enps_survey_question_1_upper_label") },
        isColorCodingEnabled: true,
-        t,
+      },
-      }),
+      {
-      buildOpenTextQuestion({
+        id: createId(),
-        headline: t("templates.enps_survey_question_2_headline"),
+        type: TSurveyQuestionTypeEnum.OpenText,
        headline: { default: t("templates.enps_survey_question_2_headline") },
        required: false,
        inputType: "text",
-        t,
+        charLimit: {
-      }),
+          enabled: false,
-      buildOpenTextQuestion({
+        },
-        headline: t("templates.enps_survey_question_3_headline"),
+      },
      {
        id: createId(),
        type: TSurveyQuestionTypeEnum.OpenText,
        headline: { default: t("templates.enps_survey_question_3_headline") },
        required: false,
        inputType: "text",
-        t,
+        charLimit: {
-      }),
+          enabled: false,
        },
      },
    ],
  };
 };
@@ -410,7 +449,7 @@ export const getXMTemplates = (t: TFnType): TXMTemplate[] => {
      enpsSurvey(t),
    ];
  } catch (error) {
-    logger.error(error, "Unable to load XM templates, returning empty array");
+    logError(error, "getXMTemplates");
    return []; // Return an empty array or handle as needed
  }
 };
--- a/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/page.tsx
+++ b/apps/web/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/page.tsx
@@ -1,7 +1,4 @@
 import { XMTemplateList } from "@/app/(app)/(onboarding)/environments/[environmentId]/xm-templates/components/XMTemplateList";
 import { getEnvironment } from "@/lib/environment/service";
 import { getProjectByEnvironmentId, getUserProjects } from "@/lib/project/service";
 import { getUser } from "@/lib/user/service";
 import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { Button } from "@/modules/ui/components/button";
@@ -10,6 +7,9 @@ import { getTranslate } from "@/tolgee/server";
 import { XIcon } from "lucide-react";
 import { getServerSession } from "next-auth";
 import Link from "next/link";
 import { getEnvironment } from "@formbricks/lib/environment/service";
 import { getProjectByEnvironmentId, getUserProjects } from "@formbricks/lib/project/service";
 import { getUser } from "@formbricks/lib/user/service";
 interface XMTemplatePageProps {
  params: Promise<{
--- a/apps/web/app/(app)/(onboarding)/lib/onboarding.test.ts
+++ b/apps/web/app/(app)/(onboarding)/lib/onboarding.test.ts
@@ -1,58 +0,0 @@
 import { Prisma } from "@prisma/client";
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { DatabaseError } from "@formbricks/types/errors";
 import { getTeamsByOrganizationId } from "./onboarding";
 vi.mock("@formbricks/database", () => ({
  prisma: {
    team: {
      findMany: vi.fn(),
    },
  },
 }));
 vi.mock("@/lib/cache", () => ({
  cache: (fn: any) => fn,
 }));
 vi.mock("@/lib/cache/team", () => ({
  teamCache: {
    tag: { byOrganizationId: vi.fn((id: string) => `organization-${id}-teams`) },
  },
 }));
 vi.mock("@/lib/utils/validate", () => ({
  validateInputs: vi.fn(),
 }));
 describe("getTeamsByOrganizationId", () => {
  beforeEach(() => {
    vi.clearAllMocks();
  });
  test("returns mapped teams", async () => {
    const mockTeams = [
      { id: "t1", name: "Team 1" },
      { id: "t2", name: "Team 2" },
    ];
    vi.mocked(prisma.team.findMany).mockResolvedValueOnce(mockTeams);
    const result = await getTeamsByOrganizationId("org1");
    expect(result).toEqual([
      { id: "t1", name: "Team 1" },
      { id: "t2", name: "Team 2" },
    ]);
  });
  test("throws DatabaseError on Prisma error", async () => {
    vi.mocked(prisma.team.findMany).mockRejectedValueOnce(
      new Prisma.PrismaClientKnownRequestError("fail", { code: "P2002", clientVersion: "1.0.0" })
    );
    await expect(getTeamsByOrganizationId("org1")).rejects.toThrow(DatabaseError);
  });
  test("throws error on unknown error", async () => {
    vi.mocked(prisma.team.findMany).mockRejectedValueOnce(new Error("fail"));
    await expect(getTeamsByOrganizationId("org1")).rejects.toThrow("fail");
  });
 });
--- a/apps/web/app/(app)/(onboarding)/lib/onboarding.ts
+++ b/apps/web/app/(app)/(onboarding)/lib/onboarding.ts
@@ -1,12 +1,12 @@
 "use server";
 import { TOrganizationTeam } from "@/app/(app)/(onboarding)/types/onboarding";
 import { cache } from "@/lib/cache";
 import { teamCache } from "@/lib/cache/team";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { cache } from "@formbricks/lib/cache";
 import { validateInputs } from "@formbricks/lib/utils/validate";
 import { ZId } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.test.tsx
@@ -1,75 +0,0 @@
 import "@testing-library/jest-dom/vitest";
 import { cleanup, render, screen } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
 import { signOut } from "next-auth/react";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { LandingSidebar } from "./landing-sidebar";
 // Module mocks must be declared before importing the component
 vi.mock("@tolgee/react", () => ({
  useTranslate: () => ({ t: (key: string) => key, isLoading: false }),
 }));
 vi.mock("next-auth/react", () => ({ signOut: vi.fn() }));
 vi.mock("next/navigation", () => ({ useRouter: () => ({ push: vi.fn() }) }));
 vi.mock("@/modules/organization/components/CreateOrganizationModal", () => ({
  CreateOrganizationModal: ({ open }: { open: boolean }) => (
    <div data-testid={open ? "modal-open" : "modal-closed"} />
  ),
 }));
 vi.mock("@/modules/ui/components/avatars", () => ({
  ProfileAvatar: ({ userId }: { userId: string }) => <div data-testid="avatar">{userId}</div>,
 }));
 // Ensure mocks are reset between tests
 afterEach(() => {
  cleanup();
  vi.clearAllMocks();
 });
 describe("LandingSidebar component", () => {
  const user = { id: "u1", name: "Alice", email: "alice@example.com", imageUrl: "" } as any;
  const organization = { id: "o1", name: "orgOne" } as any;
  const organizations = [
    { id: "o2", name: "betaOrg" },
    { id: "o1", name: "alphaOrg" },
  ] as any;
  test("renders logo, avatar, and initial modal closed", () => {
    render(
      <LandingSidebar
        isMultiOrgEnabled={false}
        user={user}
        organization={organization}
        organizations={organizations}
      />
    );
    // Formbricks logo
    expect(screen.getByAltText("environments.formbricks_logo")).toBeInTheDocument();
    // Profile avatar
    expect(screen.getByTestId("avatar")).toHaveTextContent("u1");
    // CreateOrganizationModal should be closed initially
    expect(screen.getByTestId("modal-closed")).toBeInTheDocument();
  });
  test("clicking logout triggers signOut", async () => {
    render(
      <LandingSidebar
        isMultiOrgEnabled={false}
        user={user}
        organization={organization}
        organizations={organizations}
      />
    );
    // Open user dropdown by clicking on avatar trigger
    const trigger = screen.getByTestId("avatar").parentElement;
    if (trigger) await userEvent.click(trigger);
    // Click logout menu item
    const logoutItem = await screen.findByText("common.logout");
    await userEvent.click(logoutItem);
    expect(signOut).toHaveBeenCalledWith({ callbackUrl: "/auth/login" });
  });
 });
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.tsx
@@ -1,8 +1,7 @@
 "use client";
 import { formbricksLogout } from "@/app/lib/formbricks";
 import FBLogo from "@/images/formbricks-wordmark.svg";
 import { cn } from "@/lib/cn";
 import { capitalizeFirstLetter } from "@/lib/utils/strings";
 import { CreateOrganizationModal } from "@/modules/organization/components/CreateOrganizationModal";
 import { ProfileAvatar } from "@/modules/ui/components/avatars";
 import {
@@ -25,6 +24,8 @@ import Image from "next/image";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
 import { useMemo, useState } from "react";
 import { cn } from "@formbricks/lib/cn";
 import { capitalizeFirstLetter } from "@formbricks/lib/utils/strings";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TUser } from "@formbricks/types/user";
@@ -111,7 +112,7 @@ export const LandingSidebar = ({
            {/* Dropdown Items */}
            {dropdownNavigation.map((link) => (
-              <Link id={link.href} href={link.href} target={link.target} className="flex w-full items-center">
+              <Link href={link.href} target={link.target} className="flex w-full items-center">
                <DropdownMenuItem>
                  <link.icon className="mr-2 h-4 w-4" strokeWidth={1.5} />
                  {link.label}
@@ -124,6 +125,7 @@ export const LandingSidebar = ({
            <DropdownMenuItem
              onClick={async () => {
                await signOut({ callbackUrl: "/auth/login" });
                await formbricksLogout();
              }}
              icon={<LogOutIcon className="mr-2 h-4 w-4" strokeWidth={1.5} />}>
              {t("common.logout")}
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/layout.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/layout.test.tsx
@@ -1,185 +0,0 @@
 import { getEnvironments } from "@/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getUserProjects } from "@/lib/project/service";
 import "@testing-library/jest-dom/vitest";
 import { cleanup } from "@testing-library/preact";
 import { getServerSession } from "next-auth";
 import { notFound, redirect } from "next/navigation";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import LandingLayout from "./layout";
 vi.mock("@/lib/constants", () => ({
  IS_FORMBRICKS_CLOUD: false,
  IS_PRODUCTION: false,
  IS_DEVELOPMENT: true,
  E2E_TESTING: false,
  WEBAPP_URL: "http://localhost:3000",
  SURVEY_URL: "http://localhost:3000/survey",
  ENCRYPTION_KEY: "mock-encryption-key",
  CRON_SECRET: "mock-cron-secret",
  DEFAULT_BRAND_COLOR: "#64748b",
  FB_LOGO_URL: "https://mock-logo-url.com/logo.png",
  PRIVACY_URL: "http://localhost:3000/privacy",
  TERMS_URL: "http://localhost:3000/terms",
  IMPRINT_URL: "http://localhost:3000/imprint",
  IMPRINT_ADDRESS: "Mock Address",
  PASSWORD_RESET_DISABLED: false,
  EMAIL_VERIFICATION_DISABLED: false,
  GOOGLE_OAUTH_ENABLED: false,
  GITHUB_OAUTH_ENABLED: false,
  AZURE_OAUTH_ENABLED: false,
  OIDC_OAUTH_ENABLED: false,
  SAML_OAUTH_ENABLED: false,
  SAML_XML_DIR: "./mock-saml-connection",
  SIGNUP_ENABLED: true,
  EMAIL_AUTH_ENABLED: true,
  INVITE_DISABLED: false,
  SLACK_CLIENT_SECRET: "mock-slack-secret",
  SLACK_CLIENT_ID: "mock-slack-id",
  SLACK_AUTH_URL: "https://mock-slack-auth-url.com",
  GOOGLE_SHEETS_CLIENT_ID: "mock-google-sheets-id",
  GOOGLE_SHEETS_CLIENT_SECRET: "mock-google-sheets-secret",
  GOOGLE_SHEETS_REDIRECT_URL: "http://localhost:3000/google-sheets-redirect",
  NOTION_OAUTH_CLIENT_ID: "mock-notion-id",
  NOTION_OAUTH_CLIENT_SECRET: "mock-notion-secret",
  NOTION_REDIRECT_URI: "http://localhost:3000/notion-redirect",
  NOTION_AUTH_URL: "https://mock-notion-auth-url.com",
  AIRTABLE_CLIENT_ID: "mock-airtable-id",
  SMTP_HOST: "mock-smtp-host",
  SMTP_PORT: "587",
  SMTP_SECURE_ENABLED: false,
  SMTP_USER: "mock-smtp-user",
  SMTP_PASSWORD: "mock-smtp-password",
  SMTP_AUTHENTICATED: true,
  SMTP_REJECT_UNAUTHORIZED_TLS: true,
  MAIL_FROM: "mock@mail.com",
  MAIL_FROM_NAME: "Mock Mail",
  NEXTAUTH_SECRET: "mock-nextauth-secret",
  ITEMS_PER_PAGE: 30,
  SURVEYS_PER_PAGE: 12,
  RESPONSES_PER_PAGE: 25,
  TEXT_RESPONSES_PER_PAGE: 5,
  INSIGHTS_PER_PAGE: 10,
  DOCUMENTS_PER_PAGE: 10,
  MAX_RESPONSES_FOR_INSIGHT_GENERATION: 500,
  MAX_OTHER_OPTION_LENGTH: 250,
  ENTERPRISE_LICENSE_KEY: "ABC",
  GITHUB_ID: "mock-github-id",
  GITHUB_SECRET: "mock-github-secret",
  GITHUB_OAUTH_URL: "https://mock-github-auth-url.com",
  AZURE_ID: "mock-azure-id",
  AZUREAD_CLIENT_ID: "mock-azure-client-id",
  AZUREAD_CLIENT_SECRET: "mock-azure-client-secret",
  GOOGLE_CLIENT_ID: "mock-google-client-id",
  GOOGLE_CLIENT_SECRET: "mock-google-client-secret",
  GOOGLE_OAUTH_URL: "https://mock-google-auth-url.com",
  AZURE_OAUTH_URL: "https://mock-azure-auth-url.com",
  OIDC_ID: "mock-oidc-id",
  OIDC_OAUTH_URL: "https://mock-oidc-auth-url.com",
  SAML_ID: "mock-saml-id",
  SAML_OAUTH_URL: "https://mock-saml-auth-url.com",
  SAML_METADATA_URL: "https://mock-saml-metadata-url.com",
  AZUREAD_TENANT_ID: "mock-azure-tenant-id",
  AZUREAD_OAUTH_URL: "https://mock-azuread-auth-url.com",
  OIDC_DISPLAY_NAME: "Mock OIDC",
  OIDC_CLIENT_ID: "mock-oidc-client-id",
  OIDC_CLIENT_SECRET: "mock-oidc-client-secret",
  OIDC_REDIRECT_URL: "http://localhost:3000/oidc-redirect",
  OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
  OIDC_ISSUER: "https://mock-oidc-issuer.com",
  OIDC_SIGNING_ALGORITHM: "RS256",
  SESSION_MAX_AGE: 1000,
 }));
 vi.mock("@/lib/environment/service");
 vi.mock("@/lib/membership/service");
 vi.mock("@/lib/project/service");
 vi.mock("next-auth");
 vi.mock("next/navigation");
 afterEach(() => {
  cleanup();
 });
 describe("LandingLayout", () => {
  test("redirects to login if no session exists", async () => {
    vi.mocked(getServerSession).mockResolvedValue(null);
    const props = { params: { organizationId: "org-123" }, children: <div>Child Content</div> };
    await LandingLayout(props);
    expect(vi.mocked(redirect)).toHaveBeenCalledWith("/auth/login");
  });
  test("returns notFound if no membership is found", async () => {
    vi.mocked(getServerSession).mockResolvedValue({ user: { id: "user-123" } });
    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue(null);
    const props = { params: { organizationId: "org-123" }, children: <div>Child Content</div> };
    await LandingLayout(props);
    expect(vi.mocked(notFound)).toHaveBeenCalled();
  });
  test("redirects to production environment if available", async () => {
    vi.mocked(getServerSession).mockResolvedValue({ user: { id: "user-123" } });
    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue({
      organizationId: "org-123",
      userId: "user-123",
      accepted: true,
      role: "owner",
    });
    vi.mocked(getUserProjects).mockResolvedValue([
      {
        id: "proj-123",
        organizationId: "org-123",
        createdAt: new Date("2023-01-01"),
        updatedAt: new Date("2023-01-02"),
        name: "Project 1",
        styling: { allowStyleOverwrite: true },
        recontactDays: 30,
        inAppSurveyBranding: true,
        linkSurveyBranding: true,
      } as any,
    ]);
    vi.mocked(getEnvironments).mockResolvedValue([
      {
        id: "env-123",
        type: "production",
        projectId: "proj-123",
        createdAt: new Date("2023-01-01"),
        updatedAt: new Date("2023-01-02"),
        appSetupCompleted: true,
      },
    ]);
    const props = { params: { organizationId: "org-123" }, children: <div>Child Content</div> };
    await LandingLayout(props);
    expect(vi.mocked(redirect)).toHaveBeenCalledWith("/environments/env-123/");
  });
  test("renders children if no projects or production environment exist", async () => {
    vi.mocked(getServerSession).mockResolvedValue({ user: { id: "user-123" } });
    vi.mocked(getMembershipByUserIdOrganizationId).mockResolvedValue({
      organizationId: "org-123",
      userId: "user-123",
      accepted: true,
      role: "owner",
    });
    vi.mocked(getUserProjects).mockResolvedValue([]);
    const props = { params: { organizationId: "org-123" }, children: <div>Child Content</div> };
    const result = await LandingLayout(props);
    expect(result).toEqual(
      <>
        <div>Child Content</div>
      </>
    );
  });
 });
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/layout.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/layout.tsx
@@ -1,9 +1,9 @@
 import { getEnvironments } from "@/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getUserProjects } from "@/lib/project/service";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getServerSession } from "next-auth";
 import { notFound, redirect } from "next/navigation";
 import { getEnvironments } from "@formbricks/lib/environment/service";
 import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
 import { getUserProjects } from "@formbricks/lib/project/service";
 const LandingLayout = async (props) => {
  const params = await props.params;
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.test.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.test.tsx
@@ -1,198 +0,0 @@
 import { getOrganizationsByUserId } from "@/lib/organization/service";
 import { getUser } from "@/lib/user/service";
 import { getOrganizationAuth } from "@/modules/organization/lib/utils";
 import { getTranslate } from "@/tolgee/server";
 import "@testing-library/jest-dom/vitest";
 import { cleanup, render, screen } from "@testing-library/react";
 import { notFound, redirect } from "next/navigation";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 vi.mock("@/modules/ee/license-check/lib/license", () => ({
  getEnterpriseLicense: vi.fn().mockResolvedValue({
    active: true,
    features: { isMultiOrgEnabled: true },
    lastChecked: new Date(),
    isPendingDowngrade: false,
    fallbackLevel: "live",
  }),
 }));
 vi.mock("@/lib/constants", () => ({
  IS_FORMBRICKS_CLOUD: false,
  IS_PRODUCTION: false,
  IS_DEVELOPMENT: true,
  E2E_TESTING: false,
  WEBAPP_URL: "http://localhost:3000",
  SURVEY_URL: "http://localhost:3000/survey",
  ENCRYPTION_KEY: "mock-encryption-key",
  CRON_SECRET: "mock-cron-secret",
  DEFAULT_BRAND_COLOR: "#64748b",
  FB_LOGO_URL: "https://mock-logo-url.com/logo.png",
  PRIVACY_URL: "http://localhost:3000/privacy",
  TERMS_URL: "http://localhost:3000/terms",
  IMPRINT_URL: "http://localhost:3000/imprint",
  IMPRINT_ADDRESS: "Mock Address",
  PASSWORD_RESET_DISABLED: false,
  EMAIL_VERIFICATION_DISABLED: false,
  GOOGLE_OAUTH_ENABLED: false,
  GITHUB_OAUTH_ENABLED: false,
  AZURE_OAUTH_ENABLED: false,
  OIDC_OAUTH_ENABLED: false,
  SAML_OAUTH_ENABLED: false,
  SAML_XML_DIR: "./mock-saml-connection",
  SIGNUP_ENABLED: true,
  EMAIL_AUTH_ENABLED: true,
  INVITE_DISABLED: false,
  SLACK_CLIENT_SECRET: "mock-slack-secret",
  SLACK_CLIENT_ID: "mock-slack-id",
  SLACK_AUTH_URL: "https://mock-slack-auth-url.com",
  GOOGLE_SHEETS_CLIENT_ID: "mock-google-sheets-id",
  GOOGLE_SHEETS_CLIENT_SECRET: "mock-google-sheets-secret",
  GOOGLE_SHEETS_REDIRECT_URL: "http://localhost:3000/google-sheets-redirect",
  NOTION_OAUTH_CLIENT_ID: "mock-notion-id",
  NOTION_OAUTH_CLIENT_SECRET: "mock-notion-secret",
  NOTION_REDIRECT_URI: "http://localhost:3000/notion-redirect",
  NOTION_AUTH_URL: "https://mock-notion-auth-url.com",
  AIRTABLE_CLIENT_ID: "mock-airtable-id",
  SMTP_HOST: "mock-smtp-host",
  SMTP_PORT: "587",
  SMTP_SECURE_ENABLED: false,
  SMTP_USER: "mock-smtp-user",
  SMTP_PASSWORD: "mock-smtp-password",
  SMTP_AUTHENTICATED: true,
  SMTP_REJECT_UNAUTHORIZED_TLS: true,
  MAIL_FROM: "mock@mail.com",
  MAIL_FROM_NAME: "Mock Mail",
  NEXTAUTH_SECRET: "mock-nextauth-secret",
  ITEMS_PER_PAGE: 30,
  SURVEYS_PER_PAGE: 12,
  RESPONSES_PER_PAGE: 25,
  TEXT_RESPONSES_PER_PAGE: 5,
  INSIGHTS_PER_PAGE: 10,
  DOCUMENTS_PER_PAGE: 10,
  MAX_RESPONSES_FOR_INSIGHT_GENERATION: 500,
  MAX_OTHER_OPTION_LENGTH: 250,
  ENTERPRISE_LICENSE_KEY: "ABC",
  GITHUB_ID: "mock-github-id",
  GITHUB_SECRET: "mock-github-secret",
  GITHUB_OAUTH_URL: "https://mock-github-auth-url.com",
  AZURE_ID: "mock-azure-id",
  AZUREAD_CLIENT_ID: "mock-azure-client-id",
  AZUREAD_CLIENT_SECRET: "mock-azure-client-secret",
  GOOGLE_CLIENT_ID: "mock-google-client-id",
  GOOGLE_CLIENT_SECRET: "mock-google-client-secret",
  GOOGLE_OAUTH_URL: "https://mock-google-auth-url.com",
  AZURE_OAUTH_URL: "https://mock-azure-auth-url.com",
  OIDC_ID: "mock-oidc-id",
  OIDC_OAUTH_URL: "https://mock-oidc-auth-url.com",
  SAML_ID: "mock-saml-id",
  SAML_OAUTH_URL: "https://mock-saml-auth-url.com",
  SAML_METADATA_URL: "https://mock-saml-metadata-url.com",
  AZUREAD_TENANT_ID: "mock-azure-tenant-id",
  AZUREAD_OAUTH_URL: "https://mock-azuread-auth-url.com",
  OIDC_DISPLAY_NAME: "Mock OIDC",
  OIDC_CLIENT_ID: "mock-oidc-client-id",
  OIDC_CLIENT_SECRET: "mock-oidc-client-secret",
  OIDC_REDIRECT_URL: "http://localhost:3000/oidc-redirect",
  OIDC_AUTH_URL: "https://mock-oidc-auth-url.com",
  OIDC_ISSUER: "https://mock-oidc-issuer.com",
  OIDC_SIGNING_ALGORITHM: "RS256",
  SESSION_MAX_AGE: 1000,
 }));
 vi.mock("@/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar", () => ({
  LandingSidebar: () => <div data-testid="landing-sidebar" />,
 }));
 vi.mock("@/modules/organization/lib/utils");
 vi.mock("@/lib/user/service");
 vi.mock("@/lib/organization/service");
 vi.mock("@/tolgee/server");
 vi.mock("next/navigation", () => ({
  redirect: vi.fn(() => "REDIRECT_STUB"),
  notFound: vi.fn(() => "NOT_FOUND_STUB"),
 }));
 // Mock the React cache function
 vi.mock("react", async () => {
  const actual = await vi.importActual("react");
  return {
    ...actual,
    cache: (fn: any) => fn,
  };
 });
 describe("Page component", () => {
  afterEach(() => {
    cleanup();
    vi.clearAllMocks();
  });
  beforeEach(() => {
    vi.resetModules();
  });
  test("redirects to login if no user session", async () => {
    vi.mocked(getOrganizationAuth).mockResolvedValue({ session: {}, organization: {} } as any);
    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
      getEnterpriseLicense: vi.fn().mockResolvedValue({
        active: true,
        features: { isMultiOrgEnabled: true },
        lastChecked: new Date(),
        isPendingDowngrade: false,
        fallbackLevel: "live",
      }),
    }));
    const { default: Page } = await import("./page");
    const result = await Page({ params: { organizationId: "org1" } });
    expect(redirect).toHaveBeenCalledWith("/auth/login");
    expect(result).toBe("REDIRECT_STUB");
  });
  test("returns notFound if user does not exist", async () => {
    vi.mocked(getOrganizationAuth).mockResolvedValue({
      session: { user: { id: "user1" } },
      organization: {},
    } as any);
    vi.mocked(getUser).mockResolvedValue(null);
    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
      getEnterpriseLicense: vi.fn().mockResolvedValue({
        active: true,
        features: { isMultiOrgEnabled: true },
        lastChecked: new Date(),
        isPendingDowngrade: false,
        fallbackLevel: "live",
      }),
    }));
    const { default: Page } = await import("./page");
    const result = await Page({ params: { organizationId: "org1" } });
    expect(notFound).toHaveBeenCalled();
    expect(result).toBe("NOT_FOUND_STUB");
  });
  test("renders header and sidebar for authenticated user", async () => {
    vi.mocked(getOrganizationAuth).mockResolvedValue({
      session: { user: { id: "user1" } },
      organization: { id: "org1" },
    } as any);
    vi.mocked(getUser).mockResolvedValue({ id: "user1", name: "Test User" } as any);
    vi.mocked(getOrganizationsByUserId).mockResolvedValue([{ id: "org1", name: "Org One" } as any]);
    vi.mocked(getTranslate).mockResolvedValue((props: any) =>
      typeof props === "string" ? props : props.key || ""
    );
    await vi.doMock("@/modules/ee/license-check/lib/license", () => ({
      getEnterpriseLicense: vi.fn().mockResolvedValue({
        active: true,
        features: { isMultiOrgEnabled: true },
        lastChecked: new Date(),
        isPendingDowngrade: false,
        fallbackLevel: "live",
      }),
    }));
    const { default: Page } = await import("./page");
    const element = await Page({ params: { organizationId: "org1" } });
    render(element as React.ReactElement);
    expect(screen.getByTestId("landing-sidebar")).toBeInTheDocument();
    expect(screen.getByText("organizations.landing.no_projects_warning_title")).toBeInTheDocument();
    expect(screen.getByText("organizations.landing.no_projects_warning_subtitle")).toBeInTheDocument();
  });
 });
--- a/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.tsx
+++ b/apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.tsx
@@ -1,25 +1,27 @@
 import { LandingSidebar } from "@/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar";
-import { getOrganizationsByUserId } from "@/lib/organization/service";
+import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getUser } from "@/lib/user/service";
+import { getEnterpriseLicense } from "@/modules/ee/license-check/lib/utils";
 import { getEnterpriseLicense } from "@/modules/ee/license-check/lib/license";
 import { getOrganizationAuth } from "@/modules/organization/lib/utils";
 import { Header } from "@/modules/ui/components/header";
 import { getTranslate } from "@/tolgee/server";
 import { getServerSession } from "next-auth";
 import { notFound, redirect } from "next/navigation";
 import { getOrganization, getOrganizationsByUserId } from "@formbricks/lib/organization/service";
 import { getUser } from "@formbricks/lib/user/service";
 const Page = async (props) => {
  const params = await props.params;
  const t = await getTranslate();
-
+  const session = await getServerSession(authOptions);
-  const { session, organization } = await getOrganizationAuth(params.organizationId);
+  if (!session || !session.user) {
  if (!session?.user) {
    return redirect(`/auth/login`);
  }
  const user = await getUser(session.user.id);
  if (!user) return notFound();
  const organization = await getOrganization(params.organizationId);
  if (!organization) return notFound();
  const organizations = await getOrganizationsByUserId(session.user.id);
  const { features } = await getEnterpriseLicense();
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Matthias Nannt	f4bd2b9289	fix coderabbit issue	2025-04-09 11:19:30 +09:00
Matti Nannt	dba4f53bd8	Potential fix for code scanning alert no. 211: Artifact poisoning Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>	2025-03-11 13:52:52 +01:00
Matthias Nannt	f8cbbb15d6	add second action to address security risk	2025-03-11 13:47:47 +01:00
Matthias Nannt	2fa77b8ef6	update action to address codeQL feedback	2025-03-11 13:46:07 +01:00
Matthias Nannt	ec487899da	fix: sonarqube not running for contributors	2025-03-11 13:13:14 +01:00
		`@@ -0,0 +1,2 @@`
							`EXPO_PUBLIC_APP_URL=http://192.168.0.197:3000`
							`EXPO_PUBLIC_FORMBRICKS_ENVIRONMENT_ID=cm5p0cs7r000819182b32j0a1`
		`@@ -0,0 +1 @@`
							<svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 394 80"><path fill="#000" d="M262 0h68.5v12.7h-27.2v66.6h-13.6V12.7H262V0ZM149 0v12.7H94v20.4h44.3v12.6H94v21h55v12.6H80.5V0h68.7zm34.3 0h-17.8l63.8 79.4h17.9l-32-39.7 32-39.6h-17.9l-23 28.6-23-28.6zm18.3 56.7-9-11-27.1 33.7h17.8l18.3-22.7z"/><path fill="#000" d="M81 79.3 17 0H0v79.3h13.6V17l50.2 62.3H81Zm252.6-.4c-1 0-1.8-.4-2.5-1s-1.1-1.6-1.1-2.6.3-1.8 1-2.5 1.6-1 2.6-1 1.8.3 2.5 1a3.4 3.4 0 0 1 .6 4.3 3.7 3.7 0 0 1-3 1.8zm23.2-33.5h6v23.3c0 2.1-.4 4-1.3 5.5a9.1 9.1 0 0 1-3.8 3.5c-1.6.8-3.5 1.3-5.7 1.3-2 0-3.7-.4-5.3-1s-2.8-1.8-3.7-3.2c-.9-1.3-1.4-3-1.4-5h6c.1.8.3 1.6.7 2.2s1 1.2 1.6 1.5c.7.4 1.5.5 2.4.5 1 0 1.8-.2 2.4-.6a4 4 0 0 0 1.6-1.8c.3-.8.5-1.8.5-3V45.5zm30.9 9.1a4.4 4.4 0 0 0-2-3.3 7.5 7.5 0 0 0-4.3-1.1c-1.3 0-2.4.2-3.3.5-.9.4-1.6 1-2 1.6a3.5 3.5 0 0 0-.3 4c.3.5.7.9 1.3 1.2l1.8 1 2 .5 3.2.8c1.3.3 2.5.7 3.7 1.2a13 13 0 0 1 3.2 1.8 8.1 8.1 0 0 1 3 6.5c0 2-.5 3.7-1.5 5.1a10 10 0 0 1-4.4 3.5c-1.8.8-4.1 1.2-6.8 1.2-2.6 0-4.9-.4-6.8-1.2-2-.8-3.4-2-4.5-3.5a10 10 0 0 1-1.7-5.6h6a5 5 0 0 0 3.5 4.6c1 .4 2.2.6 3.4.6 1.3 0 2.5-.2 3.5-.6 1-.4 1.8-1 2.4-1.7a4 4 0 0 0 .8-2.4c0-.9-.2-1.6-.7-2.2a11 11 0 0 0-2.1-1.4l-3.2-1-3.8-1c-2.8-.7-5-1.7-6.6-3.2a7.2 7.2 0 0 1-2.4-5.7 8 8 0 0 1 1.7-5 10 10 0 0 1 4.3-3.5c2-.8 4-1.2 6.4-1.2 2.3 0 4.4.4 6.2 1.2 1.8.8 3.2 2 4.3 3.4 1 1.4 1.5 3 1.5 5h-5.8z"/></svg>