feat: audit logs (#5866)

Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
Co-authored-by: Matthias Nannt <mail@matthiasnannt.com>

.cursor/rules/cache-optimization.mdc

@@ -0,0 +1,414 @@
+---
+description: Caching rules for performance improvements
+globs: 
+alwaysApply: false
+---
+# Cache Optimization Patterns for Formbricks
+
+## Cache Strategy Overview
+
+Formbricks uses a **hybrid caching approach** optimized for enterprise scale:
+
+- **Redis** for persistent cross-request caching  
+- **React `cache()`** for request-level deduplication
+- **NO Next.js `unstable_cache()`** - avoid for reliability
+
+## Key Files
+
+### Core Cache Infrastructure
+- [apps/web/modules/cache/lib/service.ts](mdc:apps/web/modules/cache/lib/service.ts) - Redis cache service
+- [apps/web/modules/cache/lib/withCache.ts](mdc:apps/web/modules/cache/lib/withCache.ts) - Cache wrapper utilities
+- [apps/web/modules/cache/lib/cacheKeys.ts](mdc:apps/web/modules/cache/lib/cacheKeys.ts) - Enterprise cache key patterns and utilities
+
+### Environment State Caching (Critical Endpoint)
+- [apps/web/app/api/v1/client/[environmentId]/environment/route.ts](mdc:apps/web/app/api/v1/client/[environmentId]/environment/route.ts) - Main endpoint serving hundreds of thousands of SDK clients
+- [apps/web/app/api/v1/client/[environmentId]/environment/lib/data.ts](mdc:apps/web/app/api/v1/client/[environmentId]/environment/lib/data.ts) - Optimized data layer with caching
+
+## Enterprise-Grade Cache Key Patterns
+
+**Always use** the `createCacheKey` utilities from [cacheKeys.ts](mdc:apps/web/modules/cache/lib/cacheKeys.ts):
+
+```typescript
+// ✅ Correct patterns
+createCacheKey.environment.state(environmentId)     // "fb:env:abc123:state"
+createCacheKey.organization.billing(organizationId) // "fb:org:xyz789:billing"
+createCacheKey.license.status(organizationId)       // "fb:license:org123:status"
+createCacheKey.user.permissions(userId, orgId)      // "fb:user:456:org:123:permissions"
+
+// ❌ Never use flat keys - collision-prone
+"environment_abc123"
+"user_data_456"
+```
+
+## When to Use Each Cache Type
+
+### Use React `cache()` for Request Deduplication
+```typescript
+// ✅ Prevents multiple calls within same request
+export const getEnterpriseLicense = reactCache(async () => {
+  // Complex license validation logic
+});
+```
+
+### Use `withCache()` for Simple Database Queries
+```typescript
+// ✅ Simple caching with automatic fallback (TTL in milliseconds)
+export const getActionClasses = (environmentId: string) => {
+  return withCache(() => fetchActionClassesFromDB(environmentId), {
+    key: createCacheKey.environment.actionClasses(environmentId),
+    ttl: 60 * 30 * 1000, // 30 minutes in milliseconds
+  })();
+};
+```
+
+### Use Explicit Redis Cache for Complex Business Logic
+```typescript
+// ✅ Full control for high-stakes endpoints
+export const getEnvironmentState = async (environmentId: string) => {
+  const cached = await environmentStateCache.getEnvironmentState(environmentId);
+  if (cached) return cached;
+  
+  const fresh = await buildComplexState(environmentId);
+  await environmentStateCache.setEnvironmentState(environmentId, fresh);
+  return fresh;
+};
+```
+
+## Caching Decision Framework
+
+### When TO Add Caching
+
+```typescript
+// ✅ Expensive operations that benefit from caching
+- Database queries (>10ms typical)
+- External API calls (>50ms typical)  
+- Complex computations (>5ms)
+- File system operations
+- Heavy data transformations
+
+// Example: Database query with complex joins (TTL in milliseconds)
+export const getEnvironmentWithDetails = withCache(
+  async (environmentId: string) => {
+    return prisma.environment.findUnique({
+      where: { id: environmentId },
+      include: { /* complex joins */ }
+    });
+  },
+  { key: createCacheKey.environment.details(environmentId), ttl: 60 * 30 * 1000 } // 30 minutes
+)();
+```
+
+### When NOT to Add Caching
+
+```typescript
+// ❌ Don't cache these operations - minimal overhead
+- Simple property access (<0.1ms)
+- Basic transformations (<1ms)
+- Functions that just call already-cached functions
+- Pure computation without I/O
+
+// ❌ Bad example: Redundant caching
+const getCachedLicenseFeatures = withCache(
+  async () => {
+    const license = await getEnterpriseLicense(); // Already cached!
+    return license.active ? license.features : null; // Just property access
+  },
+  { key: "license-features", ttl: 1800 * 1000 } // 30 minutes in milliseconds
+);
+
+// ✅ Good example: Simple and efficient
+const getLicenseFeatures = async () => {
+  const license = await getEnterpriseLicense(); // Already cached
+  return license.active ? license.features : null; // 0.1ms overhead
+};
+```
+
+### Computational Overhead Analysis
+
+Before adding caching, analyze the overhead:
+
+```typescript
+// ✅ High overhead - CACHE IT
+- Database queries: ~10-100ms
+- External APIs: ~50-500ms  
+- File I/O: ~5-50ms
+- Complex algorithms: >5ms
+
+// ❌ Low overhead - DON'T CACHE
+- Property access: ~0.001ms
+- Simple lookups: ~0.1ms
+- Basic validation: ~1ms
+- Type checks: ~0.01ms
+
+// Example decision tree:
+const expensiveOperation = async () => {
+  return prisma.query(); // 50ms - CACHE IT
+};
+
+const cheapOperation = (data: any) => {
+  return data.property; // 0.001ms - DON'T CACHE
+};
+```
+
+### Avoid Cache Wrapper Anti-Pattern
+
+```typescript
+// ❌ Don't create wrapper functions just for caching
+const getCachedUserPermissions = withCache(
+  async (userId: string) => getUserPermissions(userId),
+  { key: createCacheKey.user.permissions(userId), ttl: 3600 * 1000 } // 1 hour in milliseconds
+);
+
+// ✅ Add caching directly to the original function
+export const getUserPermissions = withCache(
+  async (userId: string) => {
+    return prisma.user.findUnique({
+      where: { id: userId },
+      include: { permissions: true }
+    });
+  },
+  { key: createCacheKey.user.permissions(userId), ttl: 3600 * 1000 } // 1 hour in milliseconds
+);
+```
+
+## TTL Coordination Strategy
+
+### Multi-Layer Cache Coordination
+For endpoints serving client SDKs, coordinate TTLs across layers:
+
+```typescript
+// Client SDK cache (expiresAt) - longest TTL for fewer requests
+const CLIENT_TTL = 60 * 60;           // 1 hour (seconds for client)
+
+// Server Redis cache - shorter TTL ensures fresh data for clients  
+const SERVER_TTL = 60 * 30 * 1000;   // 30 minutes in milliseconds
+
+// HTTP cache headers (seconds)
+const BROWSER_TTL = 60 * 60;         // 1 hour (max-age)
+const CDN_TTL = 60 * 30;             // 30 minutes (s-maxage)
+const CORS_TTL = 60 * 60;            // 1 hour (balanced approach)
+```
+
+### Standard TTL Guidelines (in milliseconds for cache-manager + Keyv)
+```typescript
+// Configuration data - rarely changes
+const CONFIG_TTL = 60 * 60 * 24 * 1000;     // 24 hours
+
+// User data - moderate frequency  
+const USER_TTL = 60 * 60 * 2 * 1000;        // 2 hours
+
+// Survey data - changes moderately
+const SURVEY_TTL = 60 * 15 * 1000;          // 15 minutes
+
+// Billing data - expensive to compute
+const BILLING_TTL = 60 * 30 * 1000;         // 30 minutes
+
+// Action classes - infrequent changes
+const ACTION_CLASS_TTL = 60 * 30 * 1000;    // 30 minutes
+```
+
+## High-Frequency Endpoint Optimization
+
+### Performance Patterns for High-Volume Endpoints
+
+```typescript
+// ✅ Optimized high-frequency endpoint pattern
+export const GET = async (request: NextRequest, props: { params: Promise<{ id: string }> }) => {
+  const params = await props.params;
+
+  try {
+    // Simple validation (avoid Zod for high-frequency)
+    if (!params.id || typeof params.id !== 'string') {
+      return responses.badRequestResponse("ID is required", undefined, true);
+    }
+
+    // Single optimized query with caching
+    const data = await getOptimizedData(params.id);
+
+    return responses.successResponse(
+      {
+        data,
+        expiresAt: new Date(Date.now() + CLIENT_TTL * 1000), // SDK cache duration
+      },
+      true,
+      "public, s-maxage=1800, max-age=3600, stale-while-revalidate=1800, stale-if-error=3600"
+    );
+  } catch (err) {
+    // Simplified error handling for performance
+    if (err instanceof ResourceNotFoundError) {
+      return responses.notFoundResponse(err.resourceType, err.resourceId);
+    }
+    logger.error({ error: err, url: request.url }, "Error in high-frequency endpoint");
+    return responses.internalServerErrorResponse(err.message, true);
+  }
+};
+```
+
+### Avoid These Performance Anti-Patterns
+
+```typescript
+// ❌ Avoid for high-frequency endpoints
+const inputValidation = ZodSchema.safeParse(input);     // Too slow
+const startTime = Date.now(); logger.debug(...);       // Logging overhead
+const { data, revalidateEnvironment } = await get();   // Complex return types
+```
+
+### CORS Optimization
+```typescript
+// ✅ Balanced CORS caching (not too aggressive)
+export const OPTIONS = async (): Promise<Response> => {
+  return responses.successResponse(
+    {},
+    true,
+    "public, s-maxage=3600, max-age=3600" // 1 hour balanced approach
+  );
+};
+```
+
+## Redis Cache Migration from Next.js
+
+### Avoid Legacy Next.js Patterns
+```typescript
+// ❌ Old Next.js unstable_cache pattern (avoid)
+const getCachedData = unstable_cache(
+  async (id) => fetchData(id),
+  ['cache-key'],
+  { tags: ['environment'], revalidate: 900 }
+);
+
+// ❌ Don't use revalidateEnvironment flags with Redis
+return { data, revalidateEnvironment: true }; // This gets cached incorrectly!
+
+// ✅ New Redis pattern with withCache (TTL in milliseconds)
+export const getCachedData = (id: string) => 
+  withCache(
+    () => fetchData(id),
+    {
+      key: createCacheKey.environment.data(id),
+      ttl: 60 * 15 * 1000, // 15 minutes in milliseconds
+    }
+  )();
+```
+
+### Remove Revalidation Logic
+When migrating from Next.js `unstable_cache`:
+- Remove `revalidateEnvironment` or similar flags
+- Remove tag-based invalidation logic  
+- Use TTL-based expiration instead
+- Handle one-time updates (like `appSetupCompleted`) directly in cache
+
+## Data Layer Optimization
+
+### Single Query Pattern
+```typescript
+// ✅ Optimize with single database query
+export const getOptimizedEnvironmentData = async (environmentId: string) => {
+  return prisma.environment.findUniqueOrThrow({
+    where: { id: environmentId },
+    include: {
+      project: { 
+        select: { id: true, recontactDays: true, /* ... */ }
+      },
+      organization: {
+        select: { id: true, billing: true }
+      },
+      surveys: {
+        where: { status: "inProgress" },
+        select: { id: true, name: true, /* ... */ }
+      },
+      actionClasses: {
+        select: { id: true, name: true, /* ... */ }
+      }
+    }
+  });
+};
+
+// ❌ Avoid multiple separate queries
+const environment = await getEnvironment(id);
+const organization = await getOrganization(environment.organizationId);  
+const surveys = await getSurveys(id);
+const actionClasses = await getActionClasses(id);
+```
+
+## Invalidation Best Practices
+
+**Always use explicit key-based invalidation:**
+
+```typescript
+// ✅ Clear and debuggable
+await invalidateCache(createCacheKey.environment.state(environmentId));
+await invalidateCache([
+  createCacheKey.environment.surveys(environmentId),
+  createCacheKey.environment.actionClasses(environmentId)
+]);
+
+// ❌ Avoid complex tag systems
+await invalidateByTags(["environment", "survey"]); // Don't do this
+```
+
+## Critical Performance Targets
+
+### High-Frequency Endpoint Goals
+- **Cache hit ratio**: >85%
+- **Response time P95**: <200ms  
+- **Database load reduction**: >60%
+- **HTTP cache duration**: 1hr browser, 30min Cloudflare
+- **SDK refresh interval**: 1 hour with 30min server cache
+
+### Performance Monitoring
+- Use **existing elastic cache analytics** for metrics
+- Log cache errors and warnings (not debug info)
+- Track database query reduction
+- Monitor response times for cached endpoints
+- **Avoid performance logging** in high-frequency endpoints
+
+## Error Handling Pattern
+
+Always provide fallback to fresh data on cache errors:
+
+```typescript
+try {
+  const cached = await cache.get(key);
+  if (cached) return cached;
+  
+  const fresh = await fetchFresh();
+  await cache.set(key, fresh, ttl); // ttl in milliseconds
+  return fresh;
+} catch (error) {
+  // ✅ Always fallback to fresh data
+  logger.warn("Cache error, fetching fresh", { key, error });
+  return fetchFresh();
+}
+```
+
+## Common Pitfalls to Avoid
+
+1. **Never use Next.js `unstable_cache()`** - unreliable in production
+2. **Don't use revalidation flags with Redis** - they get cached incorrectly
+3. **Avoid Zod validation** for simple parameters in high-frequency endpoints
+4. **Don't add performance logging** to high-frequency endpoints
+5. **Coordinate TTLs** between client and server caches
+6. **Don't over-engineer** with complex tag systems  
+7. **Avoid caching rapidly changing data** (real-time metrics)
+8. **Always validate cache keys** to prevent collisions
+9. **Don't add redundant caching layers** - analyze computational overhead first
+10. **Avoid cache wrapper functions** - add caching directly to expensive operations
+11. **Don't cache property access or simple transformations** - overhead is negligible
+12. **Analyze the full call chain** before adding caching to avoid double-caching
+13. **Remember TTL is in milliseconds** for cache-manager + Keyv stack (not seconds)
+
+## Monitoring Strategy
+
+- Use **existing elastic cache analytics** for metrics
+- Log cache errors and warnings  
+- Track database query reduction
+- Monitor response times for cached endpoints
+- **Don't add custom metrics** that duplicate existing monitoring
+
+## Important Notes
+
+### TTL Units
+- **cache-manager + Keyv**: TTL in **milliseconds**
+- **Direct Redis commands**: TTL in **seconds** (EXPIRE, SETEX) or **milliseconds** (PEXPIRE, PSETEX)
+- **HTTP cache headers**: TTL in **seconds** (max-age, s-maxage)
+- **Client SDK**: TTL in **seconds** (expiresAt calculation)

.cursor/rules/eks-alb-optimization.mdc

@@ -0,0 +1,152 @@
+---
+description:
+globs:
+alwaysApply: false
+---
+# EKS & ALB Optimization Guide for Error Reduction
+
+## Infrastructure Overview
+
+This project uses AWS EKS with Application Load Balancer (ALB) for the Formbricks application. The infrastructure has been optimized to minimize ELB 502/504 errors through careful configuration of connection handling, health checks, and pod lifecycle management.
+
+## Key Infrastructure Files
+
+### Terraform Configuration
+- **Main Infrastructure**: [infra/terraform/main.tf](mdc:infra/terraform/main.tf) - EKS cluster, VPC, Karpenter, and core AWS resources
+- **Monitoring**: [infra/terraform/cloudwatch.tf](mdc:infra/terraform/cloudwatch.tf) - CloudWatch alarms for 502/504 error tracking and alerting
+- **Database**: [infra/terraform/rds.tf](mdc:infra/terraform/rds.tf) - Aurora PostgreSQL configuration
+
+### Helm Configuration
+- **Production**: [infra/formbricks-cloud-helm/values.yaml.gotmpl](mdc:infra/formbricks-cloud-helm/values.yaml.gotmpl) - Optimized ALB and pod configurations
+- **Staging**: [infra/formbricks-cloud-helm/values-staging.yaml.gotmpl](mdc:infra/formbricks-cloud-helm/values-staging.yaml.gotmpl) - Staging environment with spot instances
+- **Deployment**: [infra/formbricks-cloud-helm/helmfile.yaml.gotmpl](mdc:infra/formbricks-cloud-helm/helmfile.yaml.gotmpl) - Multi-environment Helm releases
+
+## ALB Optimization Patterns
+
+### Connection Handling Optimizations
+```yaml
+# Key ALB annotations for reducing 502/504 errors
+alb.ingress.kubernetes.io/load-balancer-attributes: |
+  idle_timeout.timeout_seconds=120,
+  connection_logs.s3.enabled=false,
+  access_logs.s3.enabled=false
+
+alb.ingress.kubernetes.io/target-group-attributes: |
+  deregistration_delay.timeout_seconds=30,
+  stickiness.enabled=false,
+  load_balancing.algorithm.type=least_outstanding_requests,
+  target_group_health.dns_failover.minimum_healthy_targets.count=1
+```
+
+### Health Check Configuration
+- **Interval**: 15 seconds for faster detection of unhealthy targets
+- **Timeout**: 5 seconds to prevent false positives
+- **Thresholds**: 2 healthy, 3 unhealthy for balanced responsiveness
+- **Path**: `/health` endpoint optimized for < 100ms response time
+
+## Pod Lifecycle Management
+
+### Graceful Shutdown Pattern
+```yaml
+# PreStop hook to allow connection draining
+lifecycle:
+  preStop:
+    exec:
+      command: ["/bin/sh", "-c", "sleep 15"]
+
+# Termination grace period for complete cleanup
+terminationGracePeriodSeconds: 45
+```
+
+### Health Probe Strategy
+- **Startup Probe**: 5s initial delay, 5s interval, max 60s startup time
+- **Readiness Probe**: 10s delay, 10s interval for traffic readiness
+- **Liveness Probe**: 30s delay, 30s interval for container health
+
+### Rolling Update Configuration
+```yaml
+strategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxUnavailable: 25%  # Maintain capacity during updates
+    maxSurge: 50%        # Allow faster rollouts
+```
+
+## Karpenter Node Management
+
+### Node Lifecycle Optimization
+- **Startup Taints**: Prevent traffic during node initialization
+- **Graceful Shutdown**: 30s grace period for pod eviction
+- **Consolidation Delay**: 60s to reduce unnecessary churn
+- **Eviction Policies**: Configured for smooth pod migrations
+
+### Instance Selection
+- **Families**: c8g, c7g, m8g, m7g, r8g, r7g (ARM64 Graviton)
+- **Sizes**: 2, 4, 8 vCPUs for cost optimization
+- **Bottlerocket AMI**: Enhanced security and performance
+
+## Monitoring & Alerting
+
+### Critical ALB Metrics
+1. **ELB 502 Errors**: Threshold 20 over 5 minutes
+2. **ELB 504 Errors**: Threshold 15 over 5 minutes  
+3. **Target Connection Errors**: Threshold 50 over 5 minutes
+4. **4XX Errors**: Threshold 100 over 10 minutes (client issues)
+
+### Expected Improvements
+- **60-80% reduction** in ELB 502 errors
+- **Faster recovery** during pod restarts
+- **Better connection reuse** efficiency
+- **Improved autoscaling** responsiveness
+
+## Deployment Patterns
+
+### Infrastructure Updates
+1. **Terraform First**: Apply infrastructure changes via [infra/deploy-improvements.sh](mdc:infra/deploy-improvements.sh)
+2. **Helm Second**: Deploy application configurations
+3. **Verification**: Check pod status, endpoints, and ALB health
+4. **Monitoring**: Watch CloudWatch metrics for 24-48 hours
+
+### Environment-Specific Configurations
+- **Production**: On-demand instances, stricter resource limits
+- **Staging**: Spot instances, rate limiting disabled, relaxed resources
+
+## Troubleshooting Patterns
+
+### 502 Error Investigation
+1. Check pod readiness and health probe status
+2. Verify ALB target group health
+3. Review deregistration timing during deployments
+4. Monitor connection pool utilization
+
+### 504 Error Analysis  
+1. Check application response times
+2. Verify timeout configurations (ALB: 120s, App: aligned)
+3. Review database query performance
+4. Monitor resource utilization during traffic spikes
+
+### Connection Error Patterns
+1. Verify Karpenter node lifecycle timing
+2. Check pod termination grace periods
+3. Review ALB connection draining settings
+4. Monitor cluster autoscaling events
+
+## Best Practices
+
+### When Making Changes
+- **Test in staging first** with same configurations
+- **Monitor metrics** for 24-48 hours after changes
+- **Use gradual rollouts** with proper health checks
+- **Maintain ALB timeout alignment** across all layers
+
+### Performance Optimization
+- **Health endpoint** should respond < 100ms consistently  
+- **Connection pooling** aligned with ALB idle timeouts
+- **Resource requests/limits** tuned for consistent performance
+- **Graceful shutdown** implemented in application code
+
+### Monitoring Strategy
+- **Real-time alerts** for error rate spikes
+- **Trend analysis** for connection patterns
+- **Capacity planning** based on LCU usage
+- **4XX pattern analysis** for client behavior insights

.cursor/rules/testing-patterns.mdc

@@ -5,6 +5,51 @@ alwaysApply: false
 ---
 # Testing Patterns & Best Practices
 
+## Running Tests
+
+### Test Commands
+From the **root directory** (formbricks/):
+- `npm test` - Run all tests across all packages (recommended for CI/full testing)
+- `npm run test:coverage` - Run all tests with coverage reports
+- `npm run test:e2e` - Run end-to-end tests with Playwright
+
+From the **apps/web directory** (apps/web/):
+- `npm run test` - Run only web app tests (fastest for development)
+- `npm run test:coverage` - Run web app tests with coverage
+- `npm run test -- <file-pattern>` - Run specific test files
+
+### Examples
+```bash
+# Run all tests from root (takes ~3 minutes, runs 790 test files with 5334+ tests)
+npm test
+
+# Run specific test file from apps/web (fastest for development)
+npm run test -- modules/cache/lib/service.test.ts
+
+# Run tests matching pattern from apps/web  
+npm run test -- modules/ee/license-check/lib/license.test.ts
+
+# Run with coverage from root
+npm run test:coverage
+
+# Run specific test with watch mode from apps/web (for development)
+npm run test -- --watch modules/cache/lib/service.test.ts
+
+# Run tests for a specific directory from apps/web
+npm run test -- modules/cache/
+```
+
+### Performance Tips
+- **For development**: Use `apps/web` directory commands to run only web app tests
+- **For CI/validation**: Use root directory commands to run all packages
+- **For specific features**: Use file patterns to target specific test files
+- **For debugging**: Use `--watch` mode for continuous testing during development
+
+### Test File Organization
+- Place test files in the **same directory** as the source file
+- Use `.test.ts` for utility/service tests (Node environment)
+- Use `.test.tsx` for React component tests (jsdom environment)
+
 ## Test File Naming & Environment
 
 ### File Extensions

.cursor/rules/testing.mdc

@@ -3,4 +3,5 @@ description: Whenever the user asks to write or update a test file for .tsx or .
 globs: 
 alwaysApply: false
 ---
-Use the rules in this file when writing tests [copilot-instructions.md](mdc:.github/copilot-instructions.md)
+Use the rules in this file when writing tests [copilot-instructions.md](mdc:.github/copilot-instructions.md).
+After writing the tests, run them and check if there's any issue with the tests and if all of them are passing. Fix the issues and rerun the tests until all pass.

.env.example

@@ -190,7 +190,7 @@ UNSPLASH_ACCESS_KEY=
 
 # The below is used for Next Caching (uses In-Memory from Next Cache if not provided)
 # You can also add more configuration to Redis using the redis.conf file in the root directory
-# REDIS_URL=redis://localhost:6379
+REDIS_URL=redis://localhost:6379
 
 # The below is used for Rate Limiting (uses In-Memory LRU Cache if not provided) (You can use a service like Webdis for this)
 # REDIS_HTTP_URL:
@@ -216,3 +216,8 @@ UNKEY_ROOT_KEY=
 
 # Configure the maximum age for the session in seconds. Default is 86400 (24 hours)
 # SESSION_MAX_AGE=86400
+
+# Audit logs options. Requires REDIS_URL env varibale. Default 0.
+# AUDIT_LOG_ENABLED=0
+# If the ip should be added in the log or not. Default 0
+# AUDIT_LOG_GET_USER_IP=0

.github/workflows/e2e.yml

@@ -45,6 +45,16 @@ jobs:
           --health-interval=10s
           --health-timeout=5s
           --health-retries=5
+      valkey:
+        image: valkey/valkey:8.1.1
+        ports:
+          - 6379:6379
+        options: >-
+          --entrypoint "valkey-server"
+          --health-cmd="valkey-cli ping"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=5
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0

apps/web/app/(app)/(onboarding)/environments/[environmentId]/layout.test.tsx

@@ -86,6 +86,8 @@ vi.mock("@/lib/constants", () => ({
   OIDC_ISSUER: "https://mock-oidc-issuer.com",
   OIDC_SIGNING_ALGORITHM: "RS256",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("next/navigation", () => ({

apps/web/app/(app)/(onboarding)/lib/onboarding.test.ts

@@ -12,20 +12,6 @@ vi.mock("@formbricks/database", () => ({
   },
 }));
 
-vi.mock("@/lib/cache", () => ({
-  cache: (fn: any) => fn,
-}));
-
-vi.mock("@/lib/cache/team", () => ({
-  teamCache: {
-    tag: { byOrganizationId: vi.fn((id: string) => `organization-${id}-teams`) },
-  },
-}));
-
-vi.mock("@/lib/utils/validate", () => ({
-  validateInputs: vi.fn(),
-}));
-
 describe("getTeamsByOrganizationId", () => {
   beforeEach(() => {
     vi.clearAllMocks();

apps/web/app/(app)/(onboarding)/lib/onboarding.ts

@@ -1,8 +1,6 @@
 "use server";
 
 import { TOrganizationTeam } from "@/app/(app)/(onboarding)/types/onboarding";
-import { cache } from "@/lib/cache";
-import { teamCache } from "@/lib/cache/team";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
@@ -11,38 +9,31 @@ import { ZId } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
 
 export const getTeamsByOrganizationId = reactCache(
-  async (organizationId: string): Promise<TOrganizationTeam[] | null> =>
-    cache(
-      async () => {
-        validateInputs([organizationId, ZId]);
-        try {
-          const teams = await prisma.team.findMany({
-            where: {
-              organizationId,
-            },
-            select: {
-              id: true,
-              name: true,
-            },
-          });
+  async (organizationId: string): Promise<TOrganizationTeam[] | null> => {
+    validateInputs([organizationId, ZId]);
+    try {
+      const teams = await prisma.team.findMany({
+        where: {
+          organizationId,
+        },
+        select: {
+          id: true,
+          name: true,
+        },
+      });
 
-          const projectTeams = teams.map((team) => ({
-            id: team.id,
-            name: team.name,
-          }));
+      const projectTeams = teams.map((team) => ({
+        id: team.id,
+        name: team.name,
+      }));
 
-          return projectTeams;
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            throw new DatabaseError(error.message);
-          }
-
-          throw error;
-        }
-      },
-      [`getTeamsByOrganizationId-${organizationId}`],
-      {
-        tags: [teamCache.tag.byOrganizationId(organizationId)],
+      return projectTeams;
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+        throw new DatabaseError(error.message);
       }
-    )()
+
+      throw error;
+    }
+  }
 );

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.test.tsx

@@ -1,15 +1,33 @@
 import "@testing-library/jest-dom/vitest";
 import { cleanup, render, screen } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
-import { signOut } from "next-auth/react";
 import { afterEach, describe, expect, test, vi } from "vitest";
 import { LandingSidebar } from "./landing-sidebar";
 
+// Mock constants that this test needs
+vi.mock("@/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: false,
+  WEBAPP_URL: "http://localhost:3000",
+}));
+
+// Mock server actions that this test needs
+vi.mock("@/modules/auth/actions/sign-out", () => ({
+  logSignOutAction: vi.fn().mockResolvedValue(undefined),
+}));
+
 // Module mocks must be declared before importing the component
 vi.mock("@tolgee/react", () => ({
   useTranslate: () => ({ t: (key: string) => key, isLoading: false }),
 }));
-vi.mock("next-auth/react", () => ({ signOut: vi.fn() }));
+
+// Mock our useSignOut hook
+const mockSignOut = vi.fn();
+vi.mock("@/modules/auth/hooks/use-sign-out", () => ({
+  useSignOut: () => ({
+    signOut: mockSignOut,
+  }),
+}));
+
 vi.mock("next/navigation", () => ({ useRouter: () => ({ push: vi.fn() }) }));
 vi.mock("@/modules/organization/components/CreateOrganizationModal", () => ({
   CreateOrganizationModal: ({ open }: { open: boolean }) => (
@@ -70,6 +88,12 @@ describe("LandingSidebar component", () => {
     const logoutItem = await screen.findByText("common.logout");
     await userEvent.click(logoutItem);
 
-    expect(signOut).toHaveBeenCalledWith({ callbackUrl: "/auth/login" });
+    expect(mockSignOut).toHaveBeenCalledWith({
+      reason: "user_initiated",
+      redirectUrl: "/auth/login",
+      organizationId: "o1",
+      redirect: true,
+      callbackUrl: "/auth/login",
+    });
   });
 });

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar.tsx

@@ -3,6 +3,7 @@
 import FBLogo from "@/images/formbricks-wordmark.svg";
 import { cn } from "@/lib/cn";
 import { capitalizeFirstLetter } from "@/lib/utils/strings";
+import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { CreateOrganizationModal } from "@/modules/organization/components/CreateOrganizationModal";
 import { ProfileAvatar } from "@/modules/ui/components/avatars";
 import {
@@ -20,7 +21,6 @@ import {
 } from "@/modules/ui/components/dropdown-menu";
 import { useTranslate } from "@tolgee/react";
 import { ArrowUpRightIcon, ChevronRightIcon, LogOutIcon, PlusIcon } from "lucide-react";
-import { signOut } from "next-auth/react";
 import Image from "next/image";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
@@ -44,6 +44,7 @@ export const LandingSidebar = ({
   const [openCreateOrganizationModal, setOpenCreateOrganizationModal] = useState<boolean>(false);
 
   const { t } = useTranslate();
+  const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
 
   const router = useRouter();
 
@@ -123,7 +124,13 @@ export const LandingSidebar = ({
 
             <DropdownMenuItem
               onClick={async () => {
-                await signOut({ callbackUrl: "/auth/login" });
+                await signOutWithAudit({
+                  reason: "user_initiated",
+                  redirectUrl: "/auth/login",
+                  organizationId: organization.id,
+                  redirect: true,
+                  callbackUrl: "/auth/login",
+                });
               }}
               icon={<LogOutIcon className="mr-2 h-4 w-4" strokeWidth={1.5} />}>
               {t("common.logout")}

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/layout.test.tsx

@@ -89,6 +89,8 @@ vi.mock("@/lib/constants", () => ({
   OIDC_ISSUER: "https://mock-oidc-issuer.com",
   OIDC_SIGNING_ALGORITHM: "RS256",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("@/lib/environment/service");

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/landing/page.test.tsx

@@ -98,6 +98,8 @@ vi.mock("@/lib/constants", () => ({
   OIDC_ISSUER: "https://mock-oidc-issuer.com",
   OIDC_SIGNING_ALGORITHM: "RS256",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("@/app/(app)/(onboarding)/organizations/[organizationId]/landing/components/landing-sidebar", () => ({

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/layout.test.tsx

@@ -35,6 +35,8 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("next-auth", () => ({

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/layout.test.tsx

@@ -34,6 +34,8 @@ vi.mock("@/lib/constants", () => ({
   WEBAPP_URL: "test-webapp-url",
   IS_PRODUCTION: false,
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 // Mock dependencies

apps/web/app/(app)/environments/[environmentId]/(contacts)/contacts/[contactId]/page.test.tsx

@@ -26,6 +26,8 @@ vi.mock("@/lib/constants", () => ({
   SMTP_PORT: "mock-smtp-port",
   IS_POSTHOG_CONFIGURED: true,
   SESSION_MAX_AGE: 1000,
+  AUDIT_LOG_ENABLED: 1,
+  REDIS_URL: "redis://localhost:6379",
 }));
 
 describe("Contact Page Re-export", () => {

apps/web/app/(app)/environments/[environmentId]/actions.ts

@@ -4,7 +4,9 @@ import { getOrganization } from "@/lib/organization/service";
 import { getOrganizationProjectsCount } from "@/lib/project/service";
 import { updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import {
   getOrganizationProjectsLimit,
   getRoleManagementPermission,
@@ -20,62 +22,69 @@ const ZCreateProjectAction = z.object({
   data: ZProjectUpdateInput,
 });
 
-export const createProjectAction = authenticatedActionClient
-  .schema(ZCreateProjectAction)
-  .action(async ({ parsedInput, ctx }) => {
-    const { user } = ctx;
+export const createProjectAction = authenticatedActionClient.schema(ZCreateProjectAction).action(
+  withAuditLogging(
+    "created",
+    "project",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const { user } = ctx;
 
-    const organizationId = parsedInput.organizationId;
+      const organizationId = parsedInput.organizationId;
 
-    await checkAuthorizationUpdated({
-      userId: user.id,
-      organizationId: parsedInput.organizationId,
-      access: [
-        {
-          data: parsedInput.data,
-          schema: ZProjectUpdateInput,
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-      ],
-    });
+      await checkAuthorizationUpdated({
+        userId: user.id,
+        organizationId: parsedInput.organizationId,
+        access: [
+          {
+            data: parsedInput.data,
+            schema: ZProjectUpdateInput,
+            type: "organization",
+            roles: ["owner", "manager"],
+          },
+        ],
+      });
 
-    const organization = await getOrganization(organizationId);
+      const organization = await getOrganization(organizationId);
 
-    if (!organization) {
-      throw new Error("Organization not found");
-    }
-
-    const organizationProjectsLimit = await getOrganizationProjectsLimit(organization.billing.limits);
-    const organizationProjectsCount = await getOrganizationProjectsCount(organization.id);
-
-    if (organizationProjectsCount >= organizationProjectsLimit) {
-      throw new OperationNotAllowedError("Organization project limit reached");
-    }
-
-    if (parsedInput.data.teamIds && parsedInput.data.teamIds.length > 0) {
-      const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
-
-      if (!canDoRoleManagement) {
-        throw new OperationNotAllowedError("You do not have permission to manage roles");
+      if (!organization) {
+        throw new Error("Organization not found");
       }
+
+      const organizationProjectsLimit = await getOrganizationProjectsLimit(organization.billing.limits);
+      const organizationProjectsCount = await getOrganizationProjectsCount(organization.id);
+
+      if (organizationProjectsCount >= organizationProjectsLimit) {
+        throw new OperationNotAllowedError("Organization project limit reached");
+      }
+
+      if (parsedInput.data.teamIds && parsedInput.data.teamIds.length > 0) {
+        const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
+
+        if (!canDoRoleManagement) {
+          throw new OperationNotAllowedError("You do not have permission to manage roles");
+        }
+      }
+
+      const project = await createProject(parsedInput.organizationId, parsedInput.data);
+      const updatedNotificationSettings = {
+        ...user.notificationSettings,
+        alert: {
+          ...user.notificationSettings?.alert,
+        },
+        weeklySummary: {
+          ...user.notificationSettings?.weeklySummary,
+          [project.id]: true,
+        },
+      };
+
+      await updateUser(user.id, {
+        notificationSettings: updatedNotificationSettings,
+      });
+
+      ctx.auditLoggingCtx.organizationId = organizationId;
+      ctx.auditLoggingCtx.projectId = project.id;
+      ctx.auditLoggingCtx.newObject = project;
+      return project;
     }
-
-    const project = await createProject(parsedInput.organizationId, parsedInput.data);
-    const updatedNotificationSettings = {
-      ...user.notificationSettings,
-      alert: {
-        ...user.notificationSettings?.alert,
-      },
-      weeklySummary: {
-        ...user.notificationSettings?.weeklySummary,
-        [project.id]: true,
-      },
-    };
-
-    await updateUser(user.id, {
-      notificationSettings: updatedNotificationSettings,
-    });
-
-    return project;
-  });
+  )
+);

apps/web/app/(app)/environments/[environmentId]/actions/actions.ts

@@ -1,11 +1,12 @@
 "use server";
 
 import { deleteActionClass, getActionClass, updateActionClass } from "@/lib/actionClass/service";
-import { cache } from "@/lib/cache";
 import { getSurveysByActionClassId } from "@/lib/survey/service";
 import { actionClient, authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
 import { getOrganizationIdFromActionClassId, getProjectIdFromActionClassId } from "@/lib/utils/helper";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { z } from "zod";
 import { ZActionClassInput } from "@formbricks/types/action-classes";
 import { ZId } from "@formbricks/types/common";
@@ -15,63 +16,80 @@ const ZDeleteActionClassAction = z.object({
   actionClassId: ZId,
 });
 
-export const deleteActionClassAction = authenticatedActionClient
-  .schema(ZDeleteActionClassAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromActionClassId(parsedInput.actionClassId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          minPermission: "readWrite",
-          projectId: await getProjectIdFromActionClassId(parsedInput.actionClassId),
-        },
-      ],
-    });
-
-    await deleteActionClass(parsedInput.actionClassId);
-  });
+export const deleteActionClassAction = authenticatedActionClient.schema(ZDeleteActionClassAction).action(
+  withAuditLogging(
+    "deleted",
+    "actionClass",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const organizationId = await getOrganizationIdFromActionClassId(parsedInput.actionClassId);
+      await checkAuthorizationUpdated({
+        userId: ctx.user.id,
+        organizationId,
+        access: [
+          {
+            type: "organization",
+            roles: ["owner", "manager"],
+          },
+          {
+            type: "projectTeam",
+            minPermission: "readWrite",
+            projectId: await getProjectIdFromActionClassId(parsedInput.actionClassId),
+          },
+        ],
+      });
+      ctx.auditLoggingCtx.organizationId = organizationId;
+      ctx.auditLoggingCtx.actionClassId = parsedInput.actionClassId;
+      ctx.auditLoggingCtx.oldObject = await getActionClass(parsedInput.actionClassId);
+      return await deleteActionClass(parsedInput.actionClassId);
+    }
+  )
+);
 
 const ZUpdateActionClassAction = z.object({
   actionClassId: ZId,
   updatedAction: ZActionClassInput,
 });
 
-export const updateActionClassAction = authenticatedActionClient
-  .schema(ZUpdateActionClassAction)
-  .action(async ({ ctx, parsedInput }) => {
-    const actionClass = await getActionClass(parsedInput.actionClassId);
-    if (actionClass === null) {
-      throw new ResourceNotFoundError("ActionClass", parsedInput.actionClassId);
+export const updateActionClassAction = authenticatedActionClient.schema(ZUpdateActionClassAction).action(
+  withAuditLogging(
+    "updated",
+    "actionClass",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const actionClass = await getActionClass(parsedInput.actionClassId);
+      if (actionClass === null) {
+        throw new ResourceNotFoundError("ActionClass", parsedInput.actionClassId);
+      }
+
+      const organizationId = await getOrganizationIdFromActionClassId(parsedInput.actionClassId);
+
+      await checkAuthorizationUpdated({
+        userId: ctx.user.id,
+        organizationId,
+        access: [
+          {
+            type: "organization",
+            roles: ["owner", "manager"],
+          },
+          {
+            type: "projectTeam",
+            minPermission: "readWrite",
+            projectId: await getProjectIdFromActionClassId(parsedInput.actionClassId),
+          },
+        ],
+      });
+      ctx.auditLoggingCtx.organizationId = organizationId;
+      ctx.auditLoggingCtx.actionClassId = parsedInput.actionClassId;
+      ctx.auditLoggingCtx.oldObject = actionClass;
+      const result = await updateActionClass(
+        actionClass.environmentId,
+        parsedInput.actionClassId,
+        parsedInput.updatedAction
+      );
+      ctx.auditLoggingCtx.newObject = result;
+      return result;
     }
-
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromActionClassId(parsedInput.actionClassId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          minPermission: "readWrite",
-          projectId: await getProjectIdFromActionClassId(parsedInput.actionClassId),
-        },
-      ],
-    });
-
-    return await updateActionClass(
-      actionClass.environmentId,
-      parsedInput.actionClassId,
-      parsedInput.updatedAction
-    );
-  });
+  )
+);
 
 const ZGetActiveInactiveSurveysAction = z.object({
   actionClassId: ZId,
@@ -104,31 +122,24 @@ export const getActiveInactiveSurveysAction = authenticatedActionClient
     return response;
   });
 
-const getLatestStableFbRelease = async (): Promise<string | null> =>
-  cache(
-    async () => {
-      try {
-        const res = await fetch("https://api.github.com/repos/formbricks/formbricks/releases");
-        const releases = await res.json();
+const getLatestStableFbRelease = async (): Promise<string | null> => {
+  try {
+    const res = await fetch("https://api.github.com/repos/formbricks/formbricks/releases");
+    const releases = await res.json();
 
-        if (Array.isArray(releases)) {
-          const latestStableReleaseTag = releases.filter((release) => !release.prerelease)?.[0]
-            ?.tag_name as string;
-          if (latestStableReleaseTag) {
-            return latestStableReleaseTag;
-          }
-        }
-
-        return null;
-      } catch (err) {
-        return null;
+    if (Array.isArray(releases)) {
+      const latestStableReleaseTag = releases.filter((release) => !release.prerelease)?.[0]
+        ?.tag_name as string;
+      if (latestStableReleaseTag) {
+        return latestStableReleaseTag;
       }
-    },
-    ["latest-fb-release"],
-    {
-      revalidate: 60 * 60 * 24, // 24 hours
     }
-  )();
+
+    return null;
+  } catch (err) {
+    return null;
+  }
+};
 
 export const getLatestStableFbReleaseAction = actionClient.action(async () => {
   return await getLatestStableFbRelease();

apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.test.tsx

@@ -1,6 +1,6 @@
+import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { cleanup, render, screen, waitFor } from "@testing-library/react";
 import userEvent from "@testing-library/user-event";
-import { signOut } from "next-auth/react";
 import { usePathname, useRouter } from "next/navigation";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { TEnvironment } from "@formbricks/types/environment";
@@ -10,6 +10,17 @@ import { TUser } from "@formbricks/types/user";
 import { getLatestStableFbReleaseAction } from "../actions/actions";
 import { MainNavigation } from "./MainNavigation";
 
+// Mock constants that this test needs
+vi.mock("@/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: false,
+  WEBAPP_URL: "http://localhost:3000",
+}));
+
+// Mock server actions that this test needs
+vi.mock("@/modules/auth/actions/sign-out", () => ({
+  logSignOutAction: vi.fn().mockResolvedValue(undefined),
+}));
+
 // Mock dependencies
 vi.mock("next/navigation", () => ({
   useRouter: vi.fn(() => ({ push: vi.fn() })),
@@ -18,6 +29,9 @@ vi.mock("next/navigation", () => ({
 vi.mock("next-auth/react", () => ({
   signOut: vi.fn(),
 }));
+vi.mock("@/modules/auth/hooks/use-sign-out", () => ({
+  useSignOut: vi.fn(() => ({ signOut: vi.fn() })),
+}));
 vi.mock("@/app/(app)/environments/[environmentId]/actions/actions", () => ({
   getLatestStableFbReleaseAction: vi.fn(),
 }));
@@ -203,7 +217,9 @@ describe("MainNavigation", () => {
   });
 
   test("renders user dropdown and handles logout", async () => {
-    vi.mocked(signOut).mockResolvedValue({ url: "/auth/login" });
+    const mockSignOut = vi.fn().mockResolvedValue({ url: "/auth/login" });
+    vi.mocked(useSignOut).mockReturnValue({ signOut: mockSignOut });
+
     render(<MainNavigation {...defaultProps} />);
 
     // Find the avatar and get its parent div which acts as the trigger
@@ -224,7 +240,13 @@ describe("MainNavigation", () => {
     const logoutButton = screen.getByText("common.logout");
     await userEvent.click(logoutButton);
 
-    expect(signOut).toHaveBeenCalledWith({ redirect: false, callbackUrl: "/auth/login" });
+    expect(mockSignOut).toHaveBeenCalledWith({
+      reason: "user_initiated",
+      redirectUrl: "/auth/login",
+      organizationId: "org1",
+      redirect: false,
+      callbackUrl: "/auth/login",
+    });
     await waitFor(() => {
       expect(mockRouterPush).toHaveBeenCalledWith("/auth/login");
     });

apps/web/app/(app)/environments/[environmentId]/components/MainNavigation.tsx

@@ -6,6 +6,7 @@ import FBLogo from "@/images/formbricks-wordmark.svg";
 import { cn } from "@/lib/cn";
 import { getAccessFlags } from "@/lib/membership/utils";
 import { capitalizeFirstLetter } from "@/lib/utils/strings";
+import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { CreateOrganizationModal } from "@/modules/organization/components/CreateOrganizationModal";
 import { ProjectSwitcher } from "@/modules/projects/components/project-switcher";
 import { ProfileAvatar } from "@/modules/ui/components/avatars";
@@ -42,7 +43,6 @@ import {
   UserIcon,
   UsersIcon,
 } from "lucide-react";
-import { signOut } from "next-auth/react";
 import Image from "next/image";
 import Link from "next/link";
 import { usePathname, useRouter } from "next/navigation";
@@ -90,6 +90,7 @@ export const MainNavigation = ({
   const [isCollapsed, setIsCollapsed] = useState(true);
   const [isTextVisible, setIsTextVisible] = useState(true);
   const [latestVersion, setLatestVersion] = useState("");
+  const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
 
   const project = projects.find((project) => project.id === environment.projectId);
   const { isManager, isOwner, isMember, isBilling } = getAccessFlags(membershipRole);
@@ -389,8 +390,14 @@ export const MainNavigation = ({
 
                   <DropdownMenuItem
                     onClick={async () => {
-                      const route = await signOut({ redirect: false, callbackUrl: "/auth/login" });
-                      router.push(route.url);
+                      const route = await signOutWithAudit({
+                        reason: "user_initiated",
+                        redirectUrl: "/auth/login",
+                        organizationId: organization.id,
+                        redirect: false,
+                        callbackUrl: "/auth/login",
+                      });
+                      router.push(route?.url || "/auth/login"); // NOSONAR // We want to check for empty strings
                     }}
                     icon={<LogOutIcon className="mr-2 h-4 w-4" strokeWidth={1.5} />}>
                     {t("common.logout")}

apps/web/app/(app)/environments/[environmentId]/integrations/actions.ts

@@ -2,13 +2,15 @@
 
 import { createOrUpdateIntegration, deleteIntegration } from "@/lib/integration/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
 import {
   getOrganizationIdFromEnvironmentId,
   getOrganizationIdFromIntegrationId,
   getProjectIdFromEnvironmentId,
   getProjectIdFromIntegrationId,
 } from "@/lib/utils/helper";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
 import { ZIntegrationInput } from "@formbricks/types/integration";
@@ -20,48 +22,79 @@ const ZCreateOrUpdateIntegrationAction = z.object({
 
 export const createOrUpdateIntegrationAction = authenticatedActionClient
   .schema(ZCreateOrUpdateIntegrationAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromEnvironmentId(parsedInput.environmentId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          minPermission: "readWrite",
-          projectId: await getProjectIdFromEnvironmentId(parsedInput.environmentId),
-        },
-      ],
-    });
+  .action(
+    withAuditLogging(
+      "createdUpdated",
+      "integration",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: Record<string, any>;
+      }) => {
+        const organizationId = await getOrganizationIdFromEnvironmentId(parsedInput.environmentId);
 
-    return await createOrUpdateIntegration(parsedInput.environmentId, parsedInput.integrationData);
-  });
+        await checkAuthorizationUpdated({
+          userId: ctx.user.id,
+          organizationId,
+          access: [
+            {
+              type: "organization",
+              roles: ["owner", "manager"],
+            },
+            {
+              type: "projectTeam",
+              minPermission: "readWrite",
+              projectId: await getProjectIdFromEnvironmentId(parsedInput.environmentId),
+            },
+          ],
+        });
+
+        ctx.auditLoggingCtx.organizationId = organizationId;
+        const result = await createOrUpdateIntegration(
+          parsedInput.environmentId,
+          parsedInput.integrationData
+        );
+        ctx.auditLoggingCtx.integrationId = result.id;
+        ctx.auditLoggingCtx.newObject = result;
+        return result;
+      }
+    )
+  );
 
 const ZDeleteIntegrationAction = z.object({
   integrationId: ZId,
 });
 
-export const deleteIntegrationAction = authenticatedActionClient
-  .schema(ZDeleteIntegrationAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromIntegrationId(parsedInput.integrationId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          projectId: await getProjectIdFromIntegrationId(parsedInput.integrationId),
-          minPermission: "readWrite",
-        },
-      ],
-    });
+export const deleteIntegrationAction = authenticatedActionClient.schema(ZDeleteIntegrationAction).action(
+  withAuditLogging(
+    "deleted",
+    "integration",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const organizationId = await getOrganizationIdFromIntegrationId(parsedInput.integrationId);
 
-    return await deleteIntegration(parsedInput.integrationId);
-  });
+      await checkAuthorizationUpdated({
+        userId: ctx.user.id,
+        organizationId,
+        access: [
+          {
+            type: "organization",
+            roles: ["owner", "manager"],
+          },
+          {
+            type: "projectTeam",
+            projectId: await getProjectIdFromIntegrationId(parsedInput.integrationId),
+            minPermission: "readWrite",
+          },
+        ],
+      });
+
+      ctx.auditLoggingCtx.organizationId = organizationId;
+      ctx.auditLoggingCtx.integrationId = parsedInput.integrationId;
+      const result = await deleteIntegration(parsedInput.integrationId);
+      ctx.auditLoggingCtx.oldObject = result;
+      return result;
+    }
+  )
+);

apps/web/app/(app)/environments/[environmentId]/integrations/airtable/page.test.tsx

@@ -49,6 +49,8 @@ vi.mock("@/lib/constants", () => ({
   OIDC_SIGNING_ALGORITHM: "test-oidc-signing-algorithm",
   SENTRY_DSN: "mock-sentry-dsn",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("@/lib/integration/service");

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/actions.ts

@@ -2,7 +2,7 @@
 
 import { getSpreadsheetNameById } from "@/lib/googleSheet/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
 import { z } from "zod";
 import { ZIntegrationGoogleSheets } from "@formbricks/types/integration/google-sheet";

apps/web/app/(app)/environments/[environmentId]/integrations/lib/surveys.test.ts

@@ -1,10 +1,8 @@
-import { cache } from "@/lib/cache";
-import { surveyCache } from "@/lib/survey/cache";
 import { selectSurvey } from "@/lib/survey/service";
 import { transformPrismaSurvey } from "@/lib/survey/utils";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
-import { beforeEach, describe, expect, test, vi } from "vitest";
+import { describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
 import { DatabaseError } from "@formbricks/types/errors";
@@ -12,14 +10,6 @@ import { TSurvey } from "@formbricks/types/surveys/types";
 import { getSurveys } from "./surveys";
 
 // Mock dependencies
-vi.mock("@/lib/cache");
-vi.mock("@/lib/survey/cache", () => ({
-  surveyCache: {
-    tag: {
-      byEnvironmentId: vi.fn((environmentId) => `survey_environment_${environmentId}`),
-    },
-  },
-}));
 vi.mock("@/lib/survey/service", () => ({
   selectSurvey: { id: true, name: true, status: true, updatedAt: true }, // Expanded mock based on usage
 }));
@@ -46,11 +36,11 @@ vi.mock("react", async (importOriginal) => {
 });
 
 const environmentId = "test-environment-id";
-// Ensure mockPrismaSurveys includes all fields used in selectSurvey mock
+// Use 'as any' to bypass complex type matching for mock data
 const mockPrismaSurveys = [
   { id: "survey1", name: "Survey 1", status: "inProgress", updatedAt: new Date() },
   { id: "survey2", name: "Survey 2", status: "draft", updatedAt: new Date() },
-];
+] as any; // Use 'as any' to bypass complex type matching
 const mockTransformedSurveys: TSurvey[] = [
   {
     id: "survey1",
@@ -99,14 +89,8 @@ const mockTransformedSurveys: TSurvey[] = [
 ];
 
 describe("getSurveys", () => {
-  beforeEach(() => {
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-  });
-
   test("should fetch and transform surveys successfully", async () => {
-    vi.mocked(prisma.survey.findMany).mockResolvedValue(mockPrismaSurveys);
+    vi.mocked(prisma.survey.findMany).mockResolvedValue(mockPrismaSurveys as any);
     vi.mocked(transformPrismaSurvey).mockImplementation((survey) => {
       const found = mockTransformedSurveys.find((ts) => ts.id === survey.id);
       if (!found) throw new Error("Survey not found in mock transformed data");
@@ -134,39 +118,29 @@ describe("getSurveys", () => {
     expect(transformPrismaSurvey).toHaveBeenCalledTimes(mockPrismaSurveys.length);
     expect(transformPrismaSurvey).toHaveBeenCalledWith(mockPrismaSurveys[0]);
     expect(transformPrismaSurvey).toHaveBeenCalledWith(mockPrismaSurveys[1]);
-    // Check if the inner cache function was called with the correct arguments
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function), // The async function passed to cache
-      [`getSurveys-${environmentId}`], // The cache key
-      {
-        tags: [surveyCache.tag.byEnvironmentId(environmentId)], // Cache tags
-      }
-    );
-    // Remove the assertion for reactCache being called within the test execution
-    // expect(reactCache).toHaveBeenCalled(); // Removed this line
+    // React cache is already mocked globally - no need to check it here
   });
 
   test("should throw DatabaseError on Prisma known request error", async () => {
-    // No need to mock cache here again as beforeEach handles it
-    const prismaError = new Prisma.PrismaClientKnownRequestError("Test error", {
-      code: "P2025",
-      clientVersion: "5.0.0",
-      meta: {}, // Added meta property
+    const prismaError = new Prisma.PrismaClientKnownRequestError("Database connection error", {
+      code: "P2002",
+      clientVersion: "4.0.0",
     });
-    vi.mocked(prisma.survey.findMany).mockRejectedValue(prismaError);
+
+    vi.mocked(prisma.survey.findMany).mockRejectedValueOnce(prismaError);
 
     await expect(getSurveys(environmentId)).rejects.toThrow(DatabaseError);
     expect(logger.error).toHaveBeenCalledWith({ error: prismaError }, "getSurveys: Could not fetch surveys");
-    expect(cache).toHaveBeenCalled(); // Ensure cache wrapper was still called
+    // React cache is already mocked globally - no need to check it here
   });
 
   test("should throw original error on other errors", async () => {
-    // No need to mock cache here again as beforeEach handles it
-    const genericError = new Error("Something went wrong");
-    vi.mocked(prisma.survey.findMany).mockRejectedValue(genericError);
+    const genericError = new Error("Some other error");
+
+    vi.mocked(prisma.survey.findMany).mockRejectedValueOnce(genericError);
 
     await expect(getSurveys(environmentId)).rejects.toThrow(genericError);
     expect(logger.error).not.toHaveBeenCalled();
-    expect(cache).toHaveBeenCalled(); // Ensure cache wrapper was still called
+    // React cache is already mocked globally - no need to check it here
   });
 });

apps/web/app/(app)/environments/[environmentId]/integrations/lib/surveys.ts

@@ -1,6 +1,4 @@
 import "server-only";
-import { cache } from "@/lib/cache";
-import { surveyCache } from "@/lib/survey/cache";
 import { selectSurvey } from "@/lib/survey/service";
 import { transformPrismaSurvey } from "@/lib/survey/utils";
 import { validateInputs } from "@/lib/utils/validate";
@@ -12,38 +10,29 @@ import { ZId } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
 import { TSurvey } from "@formbricks/types/surveys/types";
 
-export const getSurveys = reactCache(
-  async (environmentId: string): Promise<TSurvey[]> =>
-    cache(
-      async () => {
-        validateInputs([environmentId, ZId]);
+export const getSurveys = reactCache(async (environmentId: string): Promise<TSurvey[]> => {
+  validateInputs([environmentId, ZId]);
 
-        try {
-          const surveysPrisma = await prisma.survey.findMany({
-            where: {
-              environmentId,
-              status: {
-                not: "completed",
-              },
-            },
-            select: selectSurvey,
-            orderBy: {
-              updatedAt: "desc",
-            },
-          });
-
-          return surveysPrisma.map((surveyPrisma) => transformPrismaSurvey<TSurvey>(surveyPrisma));
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            logger.error({ error }, "getSurveys: Could not fetch surveys");
-            throw new DatabaseError(error.message);
-          }
-          throw error;
-        }
+  try {
+    const surveysPrisma = await prisma.survey.findMany({
+      where: {
+        environmentId,
+        status: {
+          not: "completed",
+        },
       },
-      [`getSurveys-${environmentId}`],
-      {
-        tags: [surveyCache.tag.byEnvironmentId(environmentId)],
-      }
-    )()
-);
+      select: selectSurvey,
+      orderBy: {
+        updatedAt: "desc",
+      },
+    });
+
+    return surveysPrisma.map((surveyPrisma) => transformPrismaSurvey<TSurvey>(surveyPrisma));
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      logger.error({ error }, "getSurveys: Could not fetch surveys");
+      throw new DatabaseError(error.message);
+    }
+    throw error;
+  }
+});

apps/web/app/(app)/environments/[environmentId]/integrations/lib/webhook.test.ts

@@ -1,21 +1,10 @@
-import { cache } from "@/lib/cache";
-import { webhookCache } from "@/lib/cache/webhook";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { afterEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { DatabaseError } from "@formbricks/types/errors";
 import { getWebhookCountBySource } from "./webhook";
 
-// Mock dependencies
-vi.mock("@/lib/cache");
-vi.mock("@/lib/cache/webhook", () => ({
-  webhookCache: {
-    tag: {
-      byEnvironmentIdAndSource: vi.fn((envId, source) => `webhook_${envId}_${source ?? "all"}`),
-    },
-  },
-}));
 vi.mock("@/lib/utils/validate");
 vi.mock("@formbricks/database", () => ({
   prisma: {
@@ -29,12 +18,6 @@ const environmentId = "test-environment-id";
 const sourceZapier = "zapier";
 
 describe("getWebhookCountBySource", () => {
-  beforeEach(() => {
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-  });
-
   afterEach(() => {
     vi.resetAllMocks();
   });
@@ -56,13 +39,6 @@ describe("getWebhookCountBySource", () => {
         source: sourceZapier,
       },
     });
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function),
-      [`getWebhookCountBySource-${environmentId}-${sourceZapier}`],
-      {
-        tags: [webhookCache.tag.byEnvironmentIdAndSource(environmentId, sourceZapier)],
-      }
-    );
   });
 
   test("should return total webhook count when source is undefined", async () => {
@@ -82,13 +58,6 @@ describe("getWebhookCountBySource", () => {
         source: undefined,
       },
     });
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function),
-      [`getWebhookCountBySource-${environmentId}-undefined`],
-      {
-        tags: [webhookCache.tag.byEnvironmentIdAndSource(environmentId, undefined)],
-      }
-    );
   });
 
   test("should throw DatabaseError on Prisma known request error", async () => {
@@ -100,7 +69,6 @@ describe("getWebhookCountBySource", () => {
 
     await expect(getWebhookCountBySource(environmentId, sourceZapier)).rejects.toThrow(DatabaseError);
     expect(prisma.webhook.count).toHaveBeenCalledTimes(1);
-    expect(cache).toHaveBeenCalledTimes(1);
   });
 
   test("should throw original error on other errors", async () => {
@@ -109,6 +77,5 @@ describe("getWebhookCountBySource", () => {
 
     await expect(getWebhookCountBySource(environmentId)).rejects.toThrow(genericError);
     expect(prisma.webhook.count).toHaveBeenCalledTimes(1);
-    expect(cache).toHaveBeenCalledTimes(1);
   });
 });

apps/web/app/(app)/environments/[environmentId]/integrations/lib/webhook.ts

@@ -1,5 +1,3 @@
-import { cache } from "@/lib/cache";
-import { webhookCache } from "@/lib/cache/webhook";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma, Webhook } from "@prisma/client";
 import { z } from "zod";
@@ -7,29 +5,25 @@ import { prisma } from "@formbricks/database";
 import { ZId } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
 
-export const getWebhookCountBySource = (environmentId: string, source?: Webhook["source"]): Promise<number> =>
-  cache(
-    async () => {
-      validateInputs([environmentId, ZId], [source, z.string().optional()]);
+export const getWebhookCountBySource = async (
+  environmentId: string,
+  source?: Webhook["source"]
+): Promise<number> => {
+  validateInputs([environmentId, ZId], [source, z.string().optional()]);
 
-      try {
-        const count = await prisma.webhook.count({
-          where: {
-            environmentId,
-            source,
-          },
-        });
-        return count;
-      } catch (error) {
-        if (error instanceof Prisma.PrismaClientKnownRequestError) {
-          throw new DatabaseError(error.message);
-        }
-
-        throw error;
-      }
-    },
-    [`getWebhookCountBySource-${environmentId}-${source}`],
-    {
-      tags: [webhookCache.tag.byEnvironmentIdAndSource(environmentId, source)],
+  try {
+    const count = await prisma.webhook.count({
+      where: {
+        environmentId,
+        source,
+      },
+    });
+    return count;
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      throw new DatabaseError(error.message);
     }
-  )();
+
+    throw error;
+  }
+};

apps/web/app/(app)/environments/[environmentId]/integrations/notion/components/NotionWrapper.test.tsx

@@ -32,6 +32,8 @@ vi.mock("@/lib/constants", () => ({
   GOOGLE_SHEETS_CLIENT_SECRET: "test-client-secret",
   GOOGLE_SHEETS_REDIRECT_URL: "test-redirect-url",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "mock-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 // Mock child components

apps/web/app/(app)/environments/[environmentId]/integrations/slack/actions.ts

@@ -2,7 +2,7 @@
 
 import { getSlackChannels } from "@/lib/slack/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";

apps/web/app/(app)/environments/[environmentId]/project/(setup)/app-connection/page.test.tsx

@@ -25,6 +25,8 @@ vi.mock("@/lib/constants", () => ({
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 describe("AppConnectionPage Re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/general/page.test.tsx

@@ -25,6 +25,8 @@ vi.mock("@/lib/constants", () => ({
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "redis://localhost:6379",
+  AUDIT_LOG_ENABLED: 1,
 }));
 
 describe("GeneralSettingsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/languages/page.test.tsx

@@ -25,6 +25,8 @@ vi.mock("@/lib/constants", () => ({
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "redis://localhost:6379",
+  AUDIT_LOG_ENABLED: 1,
 }));
 
 describe("LanguagesPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/look/page.test.tsx

@@ -25,6 +25,8 @@ vi.mock("@/lib/constants", () => ({
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "redis://localhost:6379",
+  AUDIT_LOG_ENABLED: 1,
 }));
 
 describe("ProjectLookSettingsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/tags/page.test.tsx

@@ -25,6 +25,8 @@ vi.mock("@/lib/constants", () => ({
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "redis://localhost:6379",
+  AUDIT_LOG_ENABLED: 1,
 }));
 
 describe("TagsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/project/teams/page.test.tsx

@@ -25,6 +25,8 @@ vi.mock("@/lib/constants", () => ({
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 describe("ProjectTeams re-export", () => {

apps/web/app/(app)/environments/[environmentId]/settings/(account)/layout.test.tsx

@@ -41,6 +41,8 @@ vi.mock("@/lib/constants", () => ({
   IS_PRODUCTION: false,
   SENTRY_DSN: "mock-sentry-dsn",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 const mockGetOrganizationByEnvironmentId = vi.mocked(getOrganizationByEnvironmentId);

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/actions.ts

@@ -1,7 +1,9 @@
 "use server";
 
-import { updateUser } from "@/lib/user/service";
+import { getUser, updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { z } from "zod";
 import { ZUserNotificationSettings } from "@formbricks/types/user";
 
@@ -11,8 +13,25 @@ const ZUpdateNotificationSettingsAction = z.object({
 
 export const updateNotificationSettingsAction = authenticatedActionClient
   .schema(ZUpdateNotificationSettingsAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await updateUser(ctx.user.id, {
-      notificationSettings: parsedInput.notificationSettings,
-    });
-  });
+  .action(
+    withAuditLogging(
+      "updated",
+      "user",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: Record<string, any>;
+      }) => {
+        const oldObject = await getUser(ctx.user.id);
+        const result = await updateUser(ctx.user.id, {
+          notificationSettings: parsedInput.notificationSettings,
+        });
+        ctx.auditLoggingCtx.userId = ctx.user.id;
+        ctx.auditLoggingCtx.oldObject = oldObject;
+        ctx.auditLoggingCtx.newObject = result;
+        return result;
+      }
+    )
+  );

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/actions.ts

@@ -7,10 +7,12 @@ import {
 import { EMAIL_VERIFICATION_DISABLED } from "@/lib/constants";
 import { deleteFile } from "@/lib/storage/service";
 import { getFileNameWithIdFromUrl } from "@/lib/storage/utils";
-import { updateUser } from "@/lib/user/service";
+import { getUser, updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
 import { rateLimit } from "@/lib/utils/rate-limit";
 import { updateBrevoCustomer } from "@/modules/auth/lib/brevo";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { sendVerificationNewEmail } from "@/modules/email";
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
@@ -27,93 +29,136 @@ const limiter = rateLimit({
   allowedPerInterval: 3, // max 3 calls for email verification per hour
 });
 
+function buildUserUpdatePayload(parsedInput: any): TUserUpdateInput {
+  return {
+    ...(parsedInput.name && { name: parsedInput.name }),
+    ...(parsedInput.locale && { locale: parsedInput.locale }),
+  };
+}
+
+async function handleEmailUpdate({
+  ctx,
+  parsedInput,
+  payload,
+}: {
+  ctx: any;
+  parsedInput: any;
+  payload: TUserUpdateInput;
+}) {
+  const inputEmail = parsedInput.email?.trim().toLowerCase();
+  if (!inputEmail || ctx.user.email === inputEmail) return payload;
+
+  try {
+    await limiter(ctx.user.id);
+  } catch {
+    throw new TooManyRequestsError("Too many requests");
+  }
+  if (ctx.user.identityProvider !== "email") {
+    throw new OperationNotAllowedError("Email update is not allowed for non-credential users.");
+  }
+  if (!parsedInput.password) {
+    throw new AuthenticationError("Password is required to update email.");
+  }
+  const isCorrectPassword = await verifyUserPassword(ctx.user.id, parsedInput.password);
+  if (!isCorrectPassword) {
+    throw new AuthorizationError("Incorrect credentials");
+  }
+  const isEmailUnique = await getIsEmailUnique(inputEmail);
+  if (!isEmailUnique) return payload;
+
+  if (EMAIL_VERIFICATION_DISABLED) {
+    payload.email = inputEmail;
+    await updateBrevoCustomer({ id: ctx.user.id, email: inputEmail });
+  } else {
+    await sendVerificationNewEmail(ctx.user.id, inputEmail);
+  }
+  return payload;
+}
+
 export const updateUserAction = authenticatedActionClient
   .schema(
     ZUserUpdateInput.pick({ name: true, email: true, locale: true }).extend({
       password: ZUserPassword.optional(),
     })
   )
-  .action(async ({ parsedInput, ctx }) => {
-    const inputEmail = parsedInput.email?.trim().toLowerCase();
+  .action(
+    withAuditLogging(
+      "updated",
+      "user",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: Record<string, any>;
+      }) => {
+        const oldObject = await getUser(ctx.user.id);
+        let payload = buildUserUpdatePayload(parsedInput);
+        payload = await handleEmailUpdate({ ctx, parsedInput, payload });
 
-    let payload: TUserUpdateInput = {
-      ...(parsedInput.name && { name: parsedInput.name }),
-      ...(parsedInput.locale && { locale: parsedInput.locale }),
-    };
-
-    // Only process email update if a new email is provided and it's different from current email
-    if (inputEmail && ctx.user.email !== inputEmail) {
-      // Check rate limit
-      try {
-        await limiter(ctx.user.id);
-      } catch {
-        throw new TooManyRequestsError("Too many requests");
-      }
-      if (ctx.user.identityProvider !== "email") {
-        throw new OperationNotAllowedError("Email update is not allowed for non-credential users.");
-      }
-
-      if (!parsedInput.password) {
-        throw new AuthenticationError("Password is required to update email.");
-      }
-
-      const isCorrectPassword = await verifyUserPassword(ctx.user.id, parsedInput.password);
-      if (!isCorrectPassword) {
-        throw new AuthorizationError("Incorrect credentials");
-      }
-
-      // Check if the new email is unique, no user exists with the new email
-      const isEmailUnique = await getIsEmailUnique(inputEmail);
-
-      // If the new email is unique, proceed with the email update
-      if (isEmailUnique) {
-        if (EMAIL_VERIFICATION_DISABLED) {
-          payload.email = inputEmail;
-          await updateBrevoCustomer({ id: ctx.user.id, email: inputEmail });
-        } else {
-          await sendVerificationNewEmail(ctx.user.id, inputEmail);
+        // Only proceed with updateUser if we have actual changes to make
+        let newObject = oldObject;
+        if (Object.keys(payload).length > 0) {
+          newObject = await updateUser(ctx.user.id, payload);
         }
+
+        ctx.auditLoggingCtx.userId = ctx.user.id;
+        ctx.auditLoggingCtx.oldObject = oldObject;
+        ctx.auditLoggingCtx.newObject = newObject;
+
+        return true;
       }
-    }
-
-    // Only proceed with updateUser if we have actual changes to make
-    if (Object.keys(payload).length > 0) {
-      await updateUser(ctx.user.id, payload);
-    }
-
-    return true;
-  });
+    )
+  );
 
 const ZUpdateAvatarAction = z.object({
   avatarUrl: z.string(),
 });
 
-export const updateAvatarAction = authenticatedActionClient
-  .schema(ZUpdateAvatarAction)
-  .action(async ({ parsedInput, ctx }) => {
-    return await updateUser(ctx.user.id, { imageUrl: parsedInput.avatarUrl });
-  });
+export const updateAvatarAction = authenticatedActionClient.schema(ZUpdateAvatarAction).action(
+  withAuditLogging(
+    "updated",
+    "user",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const oldObject = await getUser(ctx.user.id);
+      const result = await updateUser(ctx.user.id, { imageUrl: parsedInput.avatarUrl });
+      ctx.auditLoggingCtx.userId = ctx.user.id;
+      ctx.auditLoggingCtx.oldObject = oldObject;
+      ctx.auditLoggingCtx.newObject = result;
+      return result;
+    }
+  )
+);
 
 const ZRemoveAvatarAction = z.object({
   environmentId: ZId,
 });
 
-export const removeAvatarAction = authenticatedActionClient
-  .schema(ZRemoveAvatarAction)
-  .action(async ({ parsedInput, ctx }) => {
-    const imageUrl = ctx.user.imageUrl;
-    if (!imageUrl) {
-      throw new Error("Image not found");
-    }
+export const removeAvatarAction = authenticatedActionClient.schema(ZRemoveAvatarAction).action(
+  withAuditLogging(
+    "updated",
+    "user",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const oldObject = await getUser(ctx.user.id);
+      const imageUrl = ctx.user.imageUrl;
+      if (!imageUrl) {
+        throw new Error("Image not found");
+      }
 
-    const fileName = getFileNameWithIdFromUrl(imageUrl);
-    if (!fileName) {
-      throw new Error("Invalid filename");
-    }
+      const fileName = getFileNameWithIdFromUrl(imageUrl);
+      if (!fileName) {
+        throw new Error("Invalid filename");
+      }
 
-    const deletionResult = await deleteFile(parsedInput.environmentId, "public", fileName);
-    if (!deletionResult.success) {
-      throw new Error("Deletion failed");
+      const deletionResult = await deleteFile(parsedInput.environmentId, "public", fileName);
+      if (!deletionResult.success) {
+        throw new Error("Deletion failed");
+      }
+      const result = await updateUser(ctx.user.id, { imageUrl: null });
+      ctx.auditLoggingCtx.userId = ctx.user.id;
+      ctx.auditLoggingCtx.oldObject = oldObject;
+      ctx.auditLoggingCtx.newObject = result;
+      return result;
     }
-    return await updateUser(ctx.user.id, { imageUrl: null });
-  });
+  )
+);

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/components/EditProfileDetailsForm.tsx

@@ -3,11 +3,13 @@
 import { PasswordConfirmationModal } from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/components/password-confirmation-modal";
 import { appLanguages } from "@/lib/i18n/utils";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
+import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { Button } from "@/modules/ui/components/button";
 import {
   DropdownMenu,
   DropdownMenuContent,
-  DropdownMenuItem,
+  DropdownMenuRadioGroup,
+  DropdownMenuRadioItem,
   DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
 import { FormControl, FormError, FormField, FormItem, FormLabel } from "@/modules/ui/components/form";
@@ -15,8 +17,6 @@ import { Input } from "@/modules/ui/components/input";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { useTranslate } from "@tolgee/react";
 import { ChevronDownIcon } from "lucide-react";
-import { signOut } from "next-auth/react";
-import { useRouter } from "next/navigation";
 import { useState } from "react";
 import { FormProvider, SubmitHandler, useForm } from "react-hook-form";
 import toast from "react-hot-toast";
@@ -38,7 +38,6 @@ export const EditProfileDetailsForm = ({
   emailVerificationDisabled: boolean;
 }) => {
   const { t } = useTranslate();
-  const router = useRouter();
 
   const form = useForm<TEditProfileNameForm>({
     defaultValues: {
@@ -52,6 +51,7 @@ export const EditProfileDetailsForm = ({
 
   const { isSubmitting, isDirty } = form.formState;
   const [showModal, setShowModal] = useState(false);
+  const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });
 
   const handleConfirmPassword = async (password: string) => {
     const values = form.getValues();
@@ -85,8 +85,12 @@ export const EditProfileDetailsForm = ({
         toast.success(t("auth.verification-requested.new_email_verification_success"));
       } else {
         toast.success(t("environments.settings.profile.email_change_initiated"));
-        await signOut({ redirect: false });
-        router.push(`/email-change-without-verification-success`);
+        await signOutWithAudit({
+          reason: "email_change",
+          redirectUrl: "/email-change-without-verification-success",
+          redirect: true,
+          callbackUrl: "/email-change-without-verification-success",
+        });
         return;
       }
     } else {
@@ -175,20 +179,24 @@ export const EditProfileDetailsForm = ({
                         variant="ghost"
                         className="h-10 w-full border border-slate-300 px-3 text-left">
                         <div className="flex w-full items-center justify-between">
-                          {appLanguages.find((l) => l.code === field.value)?.label[field.value] ?? "NA"}
+                          {appLanguages.find((l) => l.code === field.value)?.label["en-US"] ?? "NA"}
                           <ChevronDownIcon className="h-4 w-4 text-slate-500" />
                         </div>
                       </Button>
                     </DropdownMenuTrigger>
-                    <DropdownMenuContent className="w-40 bg-slate-50 text-slate-700" align="start">
-                      {appLanguages.map((lang) => (
-                        <DropdownMenuItem
-                          key={lang.code}
-                          onClick={() => field.onChange(lang.code)}
-                          className="min-h-8 cursor-pointer">
-                          {lang.label[field.value]}
-                        </DropdownMenuItem>
-                      ))}
+                    <DropdownMenuContent
+                      className="min-w-[var(--radix-dropdown-menu-trigger-width)] bg-slate-50 text-slate-700"
+                      align="start">
+                      <DropdownMenuRadioGroup value={field.value} onValueChange={field.onChange}>
+                        {appLanguages.map((lang) => (
+                          <DropdownMenuRadioItem
+                            key={lang.code}
+                            value={lang.code}
+                            className="min-h-8 cursor-pointer">
+                            {lang.label["en-US"]}
+                          </DropdownMenuRadioItem>
+                        ))}
+                      </DropdownMenuRadioGroup>
                     </DropdownMenuContent>
                   </DropdownMenu>
                 </FormControl>

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user.test.ts

@@ -4,16 +4,6 @@ import { prisma } from "@formbricks/database";
 import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { getIsEmailUnique, verifyUserPassword } from "./user";
 
-// Mock dependencies
-vi.mock("@/lib/user/cache", () => ({
-  userCache: {
-    tag: {
-      byId: vi.fn((id) => `user-${id}-tag`),
-      byEmail: vi.fn((email) => `user-email-${email}-tag`),
-    },
-  },
-}));
-
 vi.mock("@/modules/auth/lib/utils", () => ({
   verifyPassword: vi.fn(),
 }));
@@ -26,9 +16,6 @@ vi.mock("@formbricks/database", () => ({
   },
 }));
 
-// reactCache (from "react") and unstable_cache (from "next/cache") are mocked in vitestSetup.ts
-// to be pass-through, so the inner logic of cached functions is tested.
-
 const mockPrismaUserFindUnique = vi.mocked(prisma.user.findUnique);
 const mockVerifyPasswordUtil = vi.mocked(mockVerifyPasswordImported);
 

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user.ts

@@ -1,5 +1,3 @@
-import { cache } from "@/lib/cache";
-import { userCache } from "@/lib/user/cache";
 import { verifyPassword } from "@/modules/auth/lib/utils";
 import { User } from "@prisma/client";
 import { cache as reactCache } from "react";
@@ -7,28 +5,21 @@ import { prisma } from "@formbricks/database";
 import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
 
 export const getUserById = reactCache(
-  async (userId: string): Promise<Pick<User, "password" | "identityProvider">> =>
-    cache(
-      async () => {
-        const user = await prisma.user.findUnique({
-          where: {
-            id: userId,
-          },
-          select: {
-            password: true,
-            identityProvider: true,
-          },
-        });
-        if (!user) {
-          throw new ResourceNotFoundError("user", userId);
-        }
-        return user;
+  async (userId: string): Promise<Pick<User, "password" | "identityProvider">> => {
+    const user = await prisma.user.findUnique({
+      where: {
+        id: userId,
       },
-      [`getUserById-${userId}`],
-      {
-        tags: [userCache.tag.byId(userId)],
-      }
-    )()
+      select: {
+        password: true,
+        identityProvider: true,
+      },
+    });
+    if (!user) {
+      throw new ResourceNotFoundError("user", userId);
+    }
+    return user;
+  }
 );
 
 export const verifyUserPassword = async (userId: string, password: string): Promise<boolean> => {
@@ -47,24 +38,15 @@ export const verifyUserPassword = async (userId: string, password: string): Prom
   return true;
 };
 
-export const getIsEmailUnique = reactCache(
-  async (email: string): Promise<boolean> =>
-    cache(
-      async () => {
-        const user = await prisma.user.findUnique({
-          where: {
-            email: email.toLowerCase(),
-          },
-          select: {
-            id: true,
-          },
-        });
+export const getIsEmailUnique = reactCache(async (email: string): Promise<boolean> => {
+  const user = await prisma.user.findUnique({
+    where: {
+      email: email.toLowerCase(),
+    },
+    select: {
+      id: true,
+    },
+  });
 
-        return !user;
-      },
-      [`getIsEmailUnique-${email}`],
-      {
-        tags: [userCache.tag.byEmail(email)],
-      }
-    )()
-);
+  return !user;
+});

apps/web/app/(app)/environments/[environmentId]/settings/(organization)/general/actions.ts

@@ -1,8 +1,10 @@
 "use server";
 
-import { deleteOrganization, updateOrganization } from "@/lib/organization/service";
+import { deleteOrganization, getOrganization, updateOrganization } from "@/lib/organization/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { getIsMultiOrgEnabled } from "@/modules/ee/license-check/lib/utils";
 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
@@ -16,43 +18,65 @@ const ZUpdateOrganizationNameAction = z.object({
 
 export const updateOrganizationNameAction = authenticatedActionClient
   .schema(ZUpdateOrganizationNameAction)
-  .action(async ({ parsedInput, ctx }) => {
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: parsedInput.organizationId,
-      access: [
-        {
-          type: "organization",
-          schema: ZOrganizationUpdateInput.pick({ name: true }),
-          data: parsedInput.data,
-          roles: ["owner"],
-        },
-      ],
-    });
-
-    return await updateOrganization(parsedInput.organizationId, parsedInput.data);
-  });
+  .action(
+    withAuditLogging(
+      "updated",
+      "organization",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: Record<string, any>;
+      }) => {
+        await checkAuthorizationUpdated({
+          userId: ctx.user.id,
+          organizationId: parsedInput.organizationId,
+          access: [
+            {
+              type: "organization",
+              schema: ZOrganizationUpdateInput.pick({ name: true }),
+              data: parsedInput.data,
+              roles: ["owner"],
+            },
+          ],
+        });
+        ctx.auditLoggingCtx.organizationId = parsedInput.organizationId;
+        const oldObject = await getOrganization(parsedInput.organizationId);
+        const result = await updateOrganization(parsedInput.organizationId, parsedInput.data);
+        ctx.auditLoggingCtx.oldObject = oldObject;
+        ctx.auditLoggingCtx.newObject = result;
+        return result;
+      }
+    )
+  );
 
 const ZDeleteOrganizationAction = z.object({
   organizationId: ZId,
 });
 
-export const deleteOrganizationAction = authenticatedActionClient
-  .schema(ZDeleteOrganizationAction)
-  .action(async ({ parsedInput, ctx }) => {
-    const isMultiOrgEnabled = await getIsMultiOrgEnabled();
-    if (!isMultiOrgEnabled) throw new OperationNotAllowedError("Organization deletion disabled");
+export const deleteOrganizationAction = authenticatedActionClient.schema(ZDeleteOrganizationAction).action(
+  withAuditLogging(
+    "deleted",
+    "organization",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: Record<string, any> }) => {
+      const isMultiOrgEnabled = await getIsMultiOrgEnabled();
+      if (!isMultiOrgEnabled) throw new OperationNotAllowedError("Organization deletion disabled");
 
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: parsedInput.organizationId,
-      access: [
-        {
-          type: "organization",
-          roles: ["owner"],
-        },
-      ],
-    });
-
-    return await deleteOrganization(parsedInput.organizationId);
-  });
+      await checkAuthorizationUpdated({
+        userId: ctx.user.id,
+        organizationId: parsedInput.organizationId,
+        access: [
+          {
+            type: "organization",
+            roles: ["owner"],
+          },
+        ],
+      });
+      ctx.auditLoggingCtx.organizationId = parsedInput.organizationId;
+      const oldObject = await getOrganization(parsedInput.organizationId);
+      ctx.auditLoggingCtx.oldObject = oldObject;
+      return await deleteOrganization(parsedInput.organizationId);
+    }
+  )
+);

apps/web/app/(app)/environments/[environmentId]/settings/(organization)/teams/page.test.tsx

@@ -30,6 +30,8 @@ vi.mock("@/lib/constants", () => ({
   SMTP_USER: "mock-smtp-user",
   SMTP_PASSWORD: "mock-smtp-password",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "redis://localhost:6379",
+  AUDIT_LOG_ENABLED: 1,
 }));
 
 describe("TeamsPage re-export", () => {

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions.ts

@@ -2,7 +2,7 @@
 
 import { getResponseCountBySurveyId, getResponses } from "@/lib/response/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import { getOrganizationIdFromSurveyId, getProjectIdFromSurveyId } from "@/lib/utils/helper";
 import { revalidatePath } from "next/cache";
 import { z } from "zod";

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/SurveyAnalysisNavigation.test.tsx

@@ -45,6 +45,8 @@ vi.mock("@/lib/constants", () => ({
   SMTP_USER: "mock-smtp-user",
   SMTP_PASSWORD: "mock-smtp-password",
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("@/app/(app)/environments/[environmentId]/components/ResponseFilterContext");

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/actions.ts

@@ -3,8 +3,10 @@
 import { getEmailTemplateHtml } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/emailTemplate";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
 import { getOrganizationIdFromSurveyId, getProjectIdFromSurveyId } from "@/lib/utils/helper";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { getOrganizationLogoUrl } from "@/modules/ee/whitelabel/email-customization/lib/organization";
 import { sendEmbedSurveyPreviewEmail } from "@/modules/email";
 import { customAlphabet } from "nanoid";
@@ -63,37 +65,55 @@ const ZGenerateResultShareUrlAction = z.object({
 
 export const generateResultShareUrlAction = authenticatedActionClient
   .schema(ZGenerateResultShareUrlAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromSurveyId(parsedInput.surveyId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          minPermission: "readWrite",
-          projectId: await getProjectIdFromSurveyId(parsedInput.surveyId),
-        },
-      ],
-    });
+  .action(
+    withAuditLogging(
+      "updated",
+      "survey",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: Record<string, any>;
+      }) => {
+        const organizationId = await getOrganizationIdFromSurveyId(parsedInput.surveyId);
+        await checkAuthorizationUpdated({
+          userId: ctx.user.id,
+          organizationId: organizationId,
+          access: [
+            {
+              type: "organization",
+              roles: ["owner", "manager"],
+            },
+            {
+              type: "projectTeam",
+              minPermission: "readWrite",
+              projectId: await getProjectIdFromSurveyId(parsedInput.surveyId),
+            },
+          ],
+        });
 
-    const survey = await getSurvey(parsedInput.surveyId);
-    if (!survey) {
-      throw new ResourceNotFoundError("Survey", parsedInput.surveyId);
-    }
+        const survey = await getSurvey(parsedInput.surveyId);
+        if (!survey) {
+          throw new ResourceNotFoundError("Survey", parsedInput.surveyId);
+        }
 
-    const resultShareKey = customAlphabet(
-      "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
-      20
-    )();
+        const resultShareKey = customAlphabet(
+          "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
+          20
+        )();
 
-    await updateSurvey({ ...survey, resultShareKey });
+        ctx.auditLoggingCtx.organizationId = organizationId;
+        ctx.auditLoggingCtx.surveyId = parsedInput.surveyId;
+        ctx.auditLoggingCtx.oldObject = survey;
 
-    return resultShareKey;
-  });
+        const newSurvey = await updateSurvey({ ...survey, resultShareKey });
+        ctx.auditLoggingCtx.newObject = newSurvey;
+
+        return resultShareKey;
+      }
+    )
+  );
 
 const ZGetResultShareUrlAction = z.object({
   surveyId: ZId,
@@ -132,30 +152,50 @@ const ZDeleteResultShareUrlAction = z.object({
 
 export const deleteResultShareUrlAction = authenticatedActionClient
   .schema(ZDeleteResultShareUrlAction)
-  .action(async ({ ctx, parsedInput }) => {
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromSurveyId(parsedInput.surveyId),
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          minPermission: "readWrite",
-          projectId: await getProjectIdFromSurveyId(parsedInput.surveyId),
-        },
-      ],
-    });
+  .action(
+    withAuditLogging(
+      "updated",
+      "survey",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: Record<string, any>;
+      }) => {
+        const organizationId = await getOrganizationIdFromSurveyId(parsedInput.surveyId);
+        await checkAuthorizationUpdated({
+          userId: ctx.user.id,
+          organizationId: organizationId,
+          access: [
+            {
+              type: "organization",
+              roles: ["owner", "manager"],
+            },
+            {
+              type: "projectTeam",
+              minPermission: "readWrite",
+              projectId: await getProjectIdFromSurveyId(parsedInput.surveyId),
+            },
+          ],
+        });
 
-    const survey = await getSurvey(parsedInput.surveyId);
-    if (!survey) {
-      throw new ResourceNotFoundError("Survey", parsedInput.surveyId);
-    }
+        const survey = await getSurvey(parsedInput.surveyId);
+        if (!survey) {
+          throw new ResourceNotFoundError("Survey", parsedInput.surveyId);
+        }
 
-    return await updateSurvey({ ...survey, resultShareKey: null });
-  });
+        ctx.auditLoggingCtx.organizationId = organizationId;
+        ctx.auditLoggingCtx.surveyId = parsedInput.surveyId;
+        ctx.auditLoggingCtx.oldObject = survey;
+
+        const newSurvey = await updateSurvey({ ...survey, resultShareKey: null });
+        ctx.auditLoggingCtx.newObject = newSurvey;
+
+        return newSurvey;
+      }
+    )
+  );
 
 const ZGetEmailHtmlAction = z.object({
   surveyId: ZId,

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/ShareEmbedSurvey.test.tsx

@@ -174,20 +174,32 @@ describe("ShareEmbedSurvey", () => {
     expect(screen.getByText("PanelInfoViewMockContent")).toBeInTheDocument();
   });
 
-  test("calls setOpen(false) when handleInitialPageButton is triggered from EmbedView", async () => {
+  test("returns to 'start' view when handleInitialPageButton is triggered from EmbedView", async () => {
     render(<ShareEmbedSurvey {...defaultProps} modalView="embed" />);
     expect(mockEmbedViewComponent).toHaveBeenCalled();
+    expect(screen.getByText("EmbedViewMockContent")).toBeInTheDocument();
+
     const embedViewButton = screen.getByText("EmbedViewMockContent");
     await userEvent.click(embedViewButton);
-    expect(mockSetOpen).toHaveBeenCalledWith(false);
+
+    // Should go back to start view, not close the modal
+    expect(screen.getByText("environments.surveys.summary.your_survey_is_public 🎉")).toBeInTheDocument();
+    expect(screen.queryByText("EmbedViewMockContent")).not.toBeInTheDocument();
+    expect(mockSetOpen).not.toHaveBeenCalled();
   });
 
-  test("calls setOpen(false) when handleInitialPageButton is triggered from PanelInfoView", async () => {
+  test("returns to 'start' view when handleInitialPageButton is triggered from PanelInfoView", async () => {
     render(<ShareEmbedSurvey {...defaultProps} modalView="panel" />);
     expect(mockPanelInfoViewComponent).toHaveBeenCalled();
+    expect(screen.getByText("PanelInfoViewMockContent")).toBeInTheDocument();
+
     const panelInfoViewButton = screen.getByText("PanelInfoViewMockContent");
     await userEvent.click(panelInfoViewButton);
-    expect(mockSetOpen).toHaveBeenCalledWith(false);
+
+    // Should go back to start view, not close the modal
+    expect(screen.getByText("environments.surveys.summary.your_survey_is_public 🎉")).toBeInTheDocument();
+    expect(screen.queryByText("PanelInfoViewMockContent")).not.toBeInTheDocument();
+    expect(mockSetOpen).not.toHaveBeenCalled();
   });
 
   test("handleOpenChange (when Dialog calls its onOpenChange prop)", () => {

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/ShareEmbedSurvey.tsx

@@ -86,7 +86,7 @@ export const ShareEmbedSurvey = ({
   };
 
   const handleInitialPageButton = () => {
-    setOpen(false);
+    setShowView("start");
   };
 
   return (

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SummaryPage.tsx

@@ -109,7 +109,7 @@ export const SummaryPage = ({
     };
 
     fetchSummary();
-  }, [selectedFilter, dateRange, survey.id, isSharingPage, sharingKey, surveyId, initialSurveySummary]);
+  }, [selectedFilter, dateRange, survey, isSharingPage, sharingKey, surveyId, initialSurveySummary]);
 
   const surveyMemoized = useMemo(() => {
     return replaceHeadlineRecall(survey, "default");

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.test.tsx

@@ -7,6 +7,20 @@ import { TSurvey } from "@formbricks/types/surveys/types";
 import { TUser } from "@formbricks/types/user";
 import { SurveyAnalysisCTA } from "./SurveyAnalysisCTA";
 
+vi.mock("@/lib/utils/action-client-middleware", () => ({
+  checkAuthorizationUpdated: vi.fn(),
+}));
+vi.mock("@/modules/ee/audit-logs/lib/utils", () => ({
+  withAuditLogging: vi.fn((...args: any[]) => {
+    // Check if the last argument is a function and return it directly
+    if (typeof args[args.length - 1] === "function") {
+      return args[args.length - 1];
+    }
+    // Otherwise, return a new function that takes a function as an argument and returns it
+    return (fn: any) => fn;
+  }),
+}));
+
 // Mock constants
 vi.mock("@/lib/constants", () => ({
   IS_FORMBRICKS_CLOUD: false,
@@ -30,7 +44,9 @@ vi.mock("@/lib/constants", () => ({
   SMTP_HOST: "mock-smtp-host",
   SMTP_PORT: "mock-smtp-port",
   IS_POSTHOG_CONFIGURED: true,
+  AUDIT_LOG_ENABLED: true,
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "mock-url",
 }));
 
 // Create a spy for refreshSingleUseId so we can override it in tests

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary.test.ts

@@ -1,4 +1,3 @@
-import { cache } from "@/lib/cache";
 import { getDisplayCountBySurveyId } from "@/lib/display/service";
 import { getLocalizedValue } from "@/lib/i18n/utils";
 import { getResponseCountBySurveyId } from "@/lib/response/service";
@@ -26,23 +25,6 @@ import {
 // Ensure this path is correct
 import { convertFloatTo2Decimal } from "./utils";
 
-// Mock dependencies
-vi.mock("@/lib/cache", async () => {
-  const actual = await vi.importActual("@/lib/cache");
-  return {
-    ...(actual as any),
-    cache: vi.fn((fn) => fn()), // Mock cache function to just execute the passed function
-  };
-});
-
-vi.mock("react", async () => {
-  const actual = await vi.importActual("react");
-  return {
-    ...actual,
-    cache: vi.fn().mockImplementation((fn) => fn),
-  };
-});
-
 vi.mock("@/lib/display/service", () => ({
   getDisplayCountBySurveyId: vi.fn(),
 }));
@@ -162,10 +144,6 @@ describe("getSurveySummaryMeta", () => {
     vi.mocked(convertFloatTo2Decimal).mockImplementation((num) =>
       num !== undefined && num !== null ? parseFloat(num.toFixed(2)) : 0
     );
-
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
   });
 
   test("calculates meta correctly", () => {
@@ -226,9 +204,6 @@ describe("getSurveySummaryDropOff", () => {
       requiredQuestionIds: [],
       calculations: {},
     });
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
   });
 
   test("calculates dropOff correctly with welcome card disabled", () => {
@@ -367,9 +342,7 @@ describe("getQuestionSummary", () => {
     vi.mocked(convertFloatTo2Decimal).mockImplementation((num) =>
       num !== undefined && num !== null ? parseFloat(num.toFixed(2)) : 0
     );
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
+    // React cache is already mocked globally - no need to mock it again
   });
 
   test("summarizes OpenText questions", async () => {
@@ -746,9 +719,7 @@ describe("getSurveySummary", () => {
     vi.mocked(convertFloatTo2Decimal).mockImplementation((num) =>
       num !== undefined && num !== null ? parseFloat(num.toFixed(2)) : 0
     );
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
+    // React cache is already mocked globally - no need to mock it again
   });
 
   test("returns survey summary successfully", async () => {
@@ -795,9 +766,7 @@ describe("getResponsesForSummary", () => {
     vi.mocked(prisma.response.findMany).mockResolvedValue(
       mockResponses.map((r) => ({ ...r, contactId: null, personAttributes: {} })) as any
     );
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
+    // React cache is already mocked globally - no need to mock it again
   });
 
   test("fetches and transforms responses", async () => {
@@ -840,6 +809,16 @@ describe("getResponsesForSummary", () => {
       language: "en",
       ttc: {},
       finished: true,
+      createdAt: new Date(),
+      meta: {},
+      variables: {},
+      surveyId: "survey-1",
+      contactId: null,
+      personAttributes: {},
+      singleUseId: null,
+      isFinished: true,
+      displayId: "display-1",
+      endingId: null,
     };
 
     vi.mocked(getSurvey).mockResolvedValue(mockSurvey);
@@ -873,6 +852,16 @@ describe("getResponsesForSummary", () => {
       language: "en",
       ttc: {},
       finished: true,
+      createdAt: new Date(),
+      meta: {},
+      variables: {},
+      surveyId: "survey-1",
+      contactId: "contact-1",
+      personAttributes: {},
+      singleUseId: null,
+      isFinished: true,
+      displayId: "display-1",
+      endingId: null,
     };
 
     vi.mocked(getSurvey).mockResolvedValue(mockSurvey);
@@ -901,6 +890,16 @@ describe("getResponsesForSummary", () => {
       language: "en",
       ttc: {},
       finished: true,
+      createdAt: new Date(),
+      meta: {},
+      variables: {},
+      surveyId: "survey-1",
+      contactId: "contact-1",
+      personAttributes: {},
+      singleUseId: null,
+      isFinished: true,
+      displayId: "display-1",
+      endingId: null,
     };
 
     vi.mocked(getSurvey).mockResolvedValue(mockSurvey);

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/surveySummary.ts

@@ -1,12 +1,8 @@
 import "server-only";
-import { cache } from "@/lib/cache";
 import { RESPONSES_PER_PAGE } from "@/lib/constants";
-import { displayCache } from "@/lib/display/cache";
 import { getDisplayCountBySurveyId } from "@/lib/display/service";
 import { getLocalizedValue } from "@/lib/i18n/utils";
-import { responseCache } from "@/lib/response/cache";
 import { buildWhereClause } from "@/lib/response/utils";
-import { surveyCache } from "@/lib/survey/cache";
 import { getSurvey } from "@/lib/survey/service";
 import { evaluateLogic, performActions } from "@/lib/surveyLogic/utils";
 import { validateInputs } from "@/lib/utils/validate";
@@ -905,68 +901,57 @@ export const getQuestionSummary = async (
 };
 
 export const getSurveySummary = reactCache(
-  async (surveyId: string, filterCriteria?: TResponseFilterCriteria): Promise<TSurveySummary> =>
-    cache(
-      async () => {
-        validateInputs([surveyId, ZId], [filterCriteria, ZResponseFilterCriteria.optional()]);
+  async (surveyId: string, filterCriteria?: TResponseFilterCriteria): Promise<TSurveySummary> => {
+    validateInputs([surveyId, ZId], [filterCriteria, ZResponseFilterCriteria.optional()]);
 
-        try {
-          const survey = await getSurvey(surveyId);
-          if (!survey) {
-            throw new ResourceNotFoundError("Survey", surveyId);
-          }
-
-          const batchSize = 5000;
-          const hasFilter = Object.keys(filterCriteria ?? {}).length > 0;
-
-          // Use cursor-based pagination instead of count + offset to avoid expensive queries
-          const responses: TSurveySummaryResponse[] = [];
-          let cursor: string | undefined = undefined;
-          let hasMore = true;
-
-          while (hasMore) {
-            const batch = await getResponsesForSummary(surveyId, batchSize, 0, filterCriteria, cursor);
-            responses.push(...batch);
-
-            if (batch.length < batchSize) {
-              hasMore = false;
-            } else {
-              // Use the last response's ID as cursor for next batch
-              cursor = batch[batch.length - 1].id;
-            }
-          }
-
-          const responseIds = hasFilter ? responses.map((response) => response.id) : [];
-
-          const displayCount = await getDisplayCountBySurveyId(surveyId, {
-            createdAt: filterCriteria?.createdAt,
-            ...(hasFilter && { responseIds }),
-          });
-
-          const dropOff = getSurveySummaryDropOff(survey, responses, displayCount);
-          const [meta, questionWiseSummary] = await Promise.all([
-            getSurveySummaryMeta(responses, displayCount),
-            getQuestionSummary(survey, responses, dropOff),
-          ]);
-
-          return { meta, dropOff, summary: questionWiseSummary };
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            throw new DatabaseError(error.message);
-          }
-
-          throw error;
-        }
-      },
-      [`getSurveySummary-${surveyId}-${JSON.stringify(filterCriteria)}`],
-      {
-        tags: [
-          surveyCache.tag.byId(surveyId),
-          responseCache.tag.bySurveyId(surveyId),
-          displayCache.tag.bySurveyId(surveyId),
-        ],
+    try {
+      const survey = await getSurvey(surveyId);
+      if (!survey) {
+        throw new ResourceNotFoundError("Survey", surveyId);
       }
-    )()
+
+      const batchSize = 5000;
+      const hasFilter = Object.keys(filterCriteria ?? {}).length > 0;
+
+      // Use cursor-based pagination instead of count + offset to avoid expensive queries
+      const responses: TSurveySummaryResponse[] = [];
+      let cursor: string | undefined = undefined;
+      let hasMore = true;
+
+      while (hasMore) {
+        const batch = await getResponsesForSummary(surveyId, batchSize, 0, filterCriteria, cursor);
+        responses.push(...batch);
+
+        if (batch.length < batchSize) {
+          hasMore = false;
+        } else {
+          // Use the last response's ID as cursor for next batch
+          cursor = batch[batch.length - 1].id;
+        }
+      }
+
+      const responseIds = hasFilter ? responses.map((response) => response.id) : [];
+
+      const displayCount = await getDisplayCountBySurveyId(surveyId, {
+        createdAt: filterCriteria?.createdAt,
+        ...(hasFilter && { responseIds }),
+      });
+
+      const dropOff = getSurveySummaryDropOff(survey, responses, displayCount);
+      const [meta, questionWiseSummary] = await Promise.all([
+        getSurveySummaryMeta(responses, displayCount),
+        getQuestionSummary(survey, responses, dropOff),
+      ]);
+
+      return { meta, dropOff, summary: questionWiseSummary };
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+        throw new DatabaseError(error.message);
+      }
+
+      throw error;
+    }
+  }
 );
 
 export const getResponsesForSummary = reactCache(
@@ -976,94 +961,85 @@ export const getResponsesForSummary = reactCache(
     offset: number,
     filterCriteria?: TResponseFilterCriteria,
     cursor?: string
-  ): Promise<TSurveySummaryResponse[]> =>
-    cache(
-      async () => {
-        validateInputs(
-          [surveyId, ZId],
-          [limit, ZOptionalNumber],
-          [offset, ZOptionalNumber],
-          [filterCriteria, ZResponseFilterCriteria.optional()],
-          [cursor, z.string().cuid2().optional()]
-        );
+  ): Promise<TSurveySummaryResponse[]> => {
+    validateInputs(
+      [surveyId, ZId],
+      [limit, ZOptionalNumber],
+      [offset, ZOptionalNumber],
+      [filterCriteria, ZResponseFilterCriteria.optional()],
+      [cursor, z.string().cuid2().optional()]
+    );
 
-        const queryLimit = limit ?? RESPONSES_PER_PAGE;
-        const survey = await getSurvey(surveyId);
-        if (!survey) return [];
-        try {
-          const whereClause: Prisma.ResponseWhereInput = {
-            surveyId,
-            ...buildWhereClause(survey, filterCriteria),
-          };
+    const queryLimit = limit ?? RESPONSES_PER_PAGE;
+    const survey = await getSurvey(surveyId);
+    if (!survey) return [];
+    try {
+      const whereClause: Prisma.ResponseWhereInput = {
+        surveyId,
+        ...buildWhereClause(survey, filterCriteria),
+      };
 
-          // Add cursor condition for cursor-based pagination
-          if (cursor) {
-            whereClause.id = {
-              lt: cursor, // Get responses with ID less than cursor (for desc order)
-            };
-          }
+      // Add cursor condition for cursor-based pagination
+      if (cursor) {
+        whereClause.id = {
+          lt: cursor, // Get responses with ID less than cursor (for desc order)
+        };
+      }
 
-          const responses = await prisma.response.findMany({
-            where: whereClause,
+      const responses = await prisma.response.findMany({
+        where: whereClause,
+        select: {
+          id: true,
+          data: true,
+          updatedAt: true,
+          contact: {
             select: {
               id: true,
-              data: true,
-              updatedAt: true,
-              contact: {
-                select: {
-                  id: true,
-                  attributes: {
-                    select: { attributeKey: true, value: true },
-                  },
-                },
+              attributes: {
+                select: { attributeKey: true, value: true },
               },
-              contactAttributes: true,
-              language: true,
-              ttc: true,
-              finished: true,
             },
-            orderBy: [
-              {
-                createdAt: "desc",
-              },
-              {
-                id: "desc", // Secondary sort by ID for consistent pagination
-              },
-            ],
-            take: queryLimit,
-            skip: offset,
-          });
+          },
+          contactAttributes: true,
+          language: true,
+          ttc: true,
+          finished: true,
+        },
+        orderBy: [
+          {
+            createdAt: "desc",
+          },
+          {
+            id: "desc", // Secondary sort by ID for consistent pagination
+          },
+        ],
+        take: queryLimit,
+        skip: offset,
+      });
 
-          const transformedResponses: TSurveySummaryResponse[] = await Promise.all(
-            responses.map((responsePrisma) => {
-              return {
-                ...responsePrisma,
-                contact: responsePrisma.contact
-                  ? {
-                      id: responsePrisma.contact.id as string,
-                      userId: responsePrisma.contact.attributes.find(
-                        (attribute) => attribute.attributeKey.key === "userId"
-                      )?.value as string,
-                    }
-                  : null,
-              };
-            })
-          );
+      const transformedResponses: TSurveySummaryResponse[] = await Promise.all(
+        responses.map((responsePrisma) => {
+          return {
+            ...responsePrisma,
+            contact: responsePrisma.contact
+              ? {
+                  id: responsePrisma.contact.id as string,
+                  userId: responsePrisma.contact.attributes.find(
+                    (attribute) => attribute.attributeKey.key === "userId"
+                  )?.value as string,
+                }
+              : null,
+          };
+        })
+      );
 
-          return transformedResponses;
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            throw new DatabaseError(error.message);
-          }
-
-          throw error;
-        }
-      },
-      [
-        `getResponsesForSummary-${surveyId}-${limit}-${offset}-${JSON.stringify(filterCriteria)}-${cursor || ""}`,
-      ],
-      {
-        tags: [responseCache.tag.bySurveyId(surveyId)],
+      return transformedResponses;
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+        throw new DatabaseError(error.message);
       }
-    )()
+
+      throw error;
+    }
+  }
 );

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/page.tsx

@@ -68,7 +68,7 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
         initialSurveySummary={initialSurveySummary}
       />
 
-      <SettingsId title={t("common.survey_id")} id={surveyId}></SettingsId>
+      <SettingsId title={t("common.survey_id")} id={surveyId} />
     </PageContentWrapper>
   );
 };

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/actions.ts

@@ -5,8 +5,10 @@ import { getResponseDownloadUrl, getResponseFilteringValues } from "@/lib/respon
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { getTagsByEnvironmentId } from "@/lib/tag/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
-import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
 import { getOrganizationIdFromSurveyId, getProjectIdFromSurveyId } from "@/lib/utils/helper";
+import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { checkMultiLanguagePermission } from "@/modules/ee/multi-language-surveys/lib/actions";
 import { getSurveyFollowUpsPermission } from "@/modules/survey/follow-ups/lib/utils";
 import { checkSpamProtectionPermission } from "@/modules/survey/lib/permission";
@@ -14,7 +16,7 @@ import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
 import { OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { ZResponseFilterCriteria } from "@formbricks/types/responses";
-import { ZSurvey } from "@formbricks/types/surveys/types";
+import { TSurvey, ZSurvey } from "@formbricks/types/surveys/types";
 
 const ZGetResponsesDownloadUrlAction = z.object({
   surveyId: ZId,
@@ -102,39 +104,54 @@ const checkSurveyFollowUpsPermission = async (organizationId: string): Promise<v
   }
 };
 
-export const updateSurveyAction = authenticatedActionClient
-  .schema(ZSurvey)
-  .action(async ({ ctx, parsedInput }) => {
-    const organizationId = await getOrganizationIdFromSurveyId(parsedInput.id);
-    await checkAuthorizationUpdated({
-      userId: ctx.user.id,
-      organizationId,
-      access: [
-        {
-          type: "organization",
-          roles: ["owner", "manager"],
-        },
-        {
-          type: "projectTeam",
-          projectId: await getProjectIdFromSurveyId(parsedInput.id),
-          minPermission: "readWrite",
-        },
-      ],
-    });
+export const updateSurveyAction = authenticatedActionClient.schema(ZSurvey).action(
+  withAuditLogging(
+    "updated",
+    "survey",
+    async ({ ctx, parsedInput }: { ctx: AuthenticatedActionClientCtx; parsedInput: TSurvey }) => {
+      const organizationId = await getOrganizationIdFromSurveyId(parsedInput.id);
+      await checkAuthorizationUpdated({
+        userId: ctx.user?.id ?? "",
+        organizationId,
+        access: [
+          {
+            type: "organization",
+            roles: ["owner", "manager"],
+          },
+          {
+            type: "projectTeam",
+            projectId: await getProjectIdFromSurveyId(parsedInput.id),
+            minPermission: "readWrite",
+          },
+        ],
+      });
 
-    const { followUps } = parsedInput;
+      const { followUps } = parsedInput;
 
-    if (parsedInput.recaptcha?.enabled) {
-      await checkSpamProtectionPermission(organizationId);
+      const oldSurvey = await getSurvey(parsedInput.id);
+
+      if (parsedInput.recaptcha?.enabled) {
+        await checkSpamProtectionPermission(organizationId);
+      }
+
+      if (followUps?.length) {
+        await checkSurveyFollowUpsPermission(organizationId);
+      }
+
+      if (parsedInput.languages?.length) {
+        await checkMultiLanguagePermission(organizationId);
+      }
+
+      // Context for audit log
+      ctx.auditLoggingCtx.surveyId = parsedInput.id;
+      ctx.auditLoggingCtx.organizationId = organizationId;
+      ctx.auditLoggingCtx.oldObject = oldSurvey;
+
+      const newSurvey = await updateSurvey(parsedInput);
+
+      ctx.auditLoggingCtx.newObject = newSurvey;
+
+      return newSurvey;
     }
-
-    if (followUps?.length) {
-      await checkSurveyFollowUpsPermission(organizationId);
-    }
-
-    if (parsedInput.languages?.length) {
-      await checkMultiLanguagePermission(organizationId);
-    }
-
-    return await updateSurvey(parsedInput);
-  });
+  )
+);

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/SurveyStatusDropdown.tsx

@@ -11,6 +11,7 @@ import {
 import { SurveyStatusIndicator } from "@/modules/ui/components/survey-status-indicator";
 import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
 import { useTranslate } from "@tolgee/react";
+import { useRouter } from "next/navigation";
 import toast from "react-hot-toast";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TSurvey } from "@formbricks/types/surveys/types";
@@ -28,6 +29,7 @@ export const SurveyStatusDropdown = ({
   survey,
 }: SurveyStatusDropdownProps) => {
   const { t } = useTranslate();
+  const router = useRouter();
   const isCloseOnDateEnabled = survey.closeOnDate !== null;
   const closeOnDate = survey.closeOnDate ? new Date(survey.closeOnDate) : null;
   const isStatusChangeDisabled =
@@ -47,6 +49,8 @@ export const SurveyStatusDropdown = ({
               ? t("common.survey_completed")
               : ""
       );
+
+      router.refresh();
     } else {
       const errorMessage = getFormattedErrorMessage(updateSurveyActionResponse);
       toast.error(errorMessage);

apps/web/app/(app)/layout.test.tsx

@@ -39,6 +39,8 @@ vi.mock("@/lib/constants", () => ({
   FORMBRICKS_ENVIRONMENT_ID: "mock-formbricks-environment-id",
   IS_FORMBRICKS_ENABLED: true,
   SESSION_MAX_AGE: 1000,
+  REDIS_URL: "test-redis-url",
+  AUDIT_LOG_ENABLED: true,
 }));
 
 vi.mock("@/app/intercom/IntercomClientWrapper", () => ({

apps/web/app/api/(internal)/pipeline/route.ts

@@ -1,14 +1,14 @@
 import { ZPipelineInput } from "@/app/api/(internal)/pipeline/types/pipelines";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
-import { cache } from "@/lib/cache";
-import { webhookCache } from "@/lib/cache/webhook";
 import { CRON_SECRET } from "@/lib/constants";
 import { getIntegrations } from "@/lib/integration/service";
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
 import { getResponseCountBySurveyId } from "@/lib/response/service";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { convertDatesInObject } from "@/lib/time";
+import { queueAuditEvent } from "@/modules/ee/audit-logs/lib/handler";
+import { TAuditStatus, UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";
 import { sendResponseFinishedEmail } from "@/modules/email";
 import { sendFollowUpsForResponse } from "@/modules/survey/follow-ups/lib/follow-ups";
 import { FollowUpSendError } from "@/modules/survey/follow-ups/types/follow-up";
@@ -51,22 +51,17 @@ export const POST = async (request: Request) => {
   }
 
   // Fetch webhooks
-  const getWebhooksForPipeline = cache(
-    async (environmentId: string, event: PipelineTriggers, surveyId: string) => {
-      const webhooks = await prisma.webhook.findMany({
-        where: {
-          environmentId,
-          triggers: { has: event },
-          OR: [{ surveyIds: { has: surveyId } }, { surveyIds: { isEmpty: true } }],
-        },
-      });
-      return webhooks;
-    },
-    [`getWebhooksForPipeline-${environmentId}-${event}-${surveyId}`],
-    {
-      tags: [webhookCache.tag.byEnvironmentId(environmentId)],
-    }
-  );
+  const getWebhooksForPipeline = async (environmentId: string, event: PipelineTriggers, surveyId: string) => {
+    const webhooks = await prisma.webhook.findMany({
+      where: {
+        environmentId,
+        triggers: { has: event },
+        OR: [{ surveyIds: { has: surveyId } }, { surveyIds: { isEmpty: true } }],
+      },
+    });
+    return webhooks;
+  };
+
   const webhooks: Webhook[] = await getWebhooksForPipeline(environmentId, event, surveyId);
   // Prepare webhook and email promises
 
@@ -186,10 +181,33 @@ export const POST = async (request: Request) => {
 
     // Update survey status if necessary
     if (survey.autoComplete && responseCount >= survey.autoComplete) {
-      await updateSurvey({
-        ...survey,
-        status: "completed",
-      });
+      let logStatus: TAuditStatus = "success";
+
+      try {
+        await updateSurvey({
+          ...survey,
+          status: "completed",
+        });
+      } catch (error) {
+        logStatus = "failure";
+        logger.error(
+          { error, url: request.url, surveyId },
+          `Failed to update survey ${surveyId} status to completed`
+        );
+      } finally {
+        await queueAuditEvent({
+          status: logStatus,
+          action: "updated",
+          targetType: "survey",
+          userId: UNKNOWN_DATA,
+          userType: "system",
+          targetId: survey.id,
+          organizationId: organization.id,
+          newObject: {
+            status: "completed",
+          },
+        });
+      }
     }
 
     // Await webhook and email promises with allSettled to prevent early rejection

apps/web/app/api/auth/[...nextauth]/route.ts

@@ -1,8 +1,140 @@
-import { authOptions } from "@/modules/auth/lib/authOptions";
+import { IS_PRODUCTION, SENTRY_DSN } from "@/lib/constants";
+import { authOptions as baseAuthOptions } from "@/modules/auth/lib/authOptions";
+import { queueAuditEventBackground } from "@/modules/ee/audit-logs/lib/handler";
+import { TAuditStatus, UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";
+import * as Sentry from "@sentry/nextjs";
 import NextAuth from "next-auth";
+import { logger } from "@formbricks/logger";
 
 export const fetchCache = "force-no-store";
 
-const handler = NextAuth(authOptions);
+const handler = async (req: Request, ctx: any) => {
+  const eventId = req.headers.get("x-request-id") ?? undefined;
+
+  const authOptions = {
+    ...baseAuthOptions,
+    callbacks: {
+      ...baseAuthOptions.callbacks,
+      async jwt(params: any) {
+        let result: any = params.token;
+        let error: any = undefined;
+
+        try {
+          if (baseAuthOptions.callbacks?.jwt) {
+            result = await baseAuthOptions.callbacks.jwt(params);
+          }
+        } catch (err) {
+          error = err;
+          logger.withContext({ eventId, err }).error("JWT callback failed");
+
+          if (SENTRY_DSN && IS_PRODUCTION) {
+            Sentry.captureException(err);
+          }
+        }
+
+        // Audit JWT operations (token refresh, updates)
+        if (params.trigger && params.token?.profile?.id) {
+          const status: TAuditStatus = error ? "failure" : "success";
+          const auditLog = {
+            action: "jwtTokenCreated" as const,
+            targetType: "user" as const,
+            userId: params.token.profile.id,
+            targetId: params.token.profile.id,
+            organizationId: UNKNOWN_DATA,
+            status,
+            userType: "user" as const,
+            newObject: { trigger: params.trigger, tokenType: "jwt" },
+            ...(error ? { eventId } : {}),
+          };
+
+          queueAuditEventBackground(auditLog);
+        }
+
+        if (error) throw error;
+        return result;
+      },
+      async session(params: any) {
+        let result: any = params.session;
+        let error: any = undefined;
+
+        try {
+          if (baseAuthOptions.callbacks?.session) {
+            result = await baseAuthOptions.callbacks.session(params);
+          }
+        } catch (err) {
+          error = err;
+          logger.withContext({ eventId, err }).error("Session callback failed");
+
+          if (SENTRY_DSN && IS_PRODUCTION) {
+            Sentry.captureException(err);
+          }
+        }
+
+        if (error) throw error;
+        return result;
+      },
+      async signIn({ user, account, profile, email, credentials }) {
+        let result: boolean | string = true;
+        let error: any = undefined;
+        let authMethod = "unknown";
+
+        try {
+          if (baseAuthOptions.callbacks?.signIn) {
+            result = await baseAuthOptions.callbacks.signIn({
+              user,
+              account,
+              profile,
+              email,
+              credentials,
+            });
+          }
+
+          // Determine authentication method for more detailed logging
+          if (account?.provider === "credentials") {
+            authMethod = "password";
+          } else if (account?.provider === "token") {
+            authMethod = "email_verification";
+          } else if (account?.provider && account.provider !== "credentials") {
+            authMethod = "sso";
+          }
+        } catch (err) {
+          error = err;
+          result = false;
+
+          logger.withContext({ eventId, err }).error("User sign-in failed");
+
+          if (SENTRY_DSN && IS_PRODUCTION) {
+            Sentry.captureException(err);
+          }
+        }
+
+        const status: TAuditStatus = result === false ? "failure" : "success";
+        const auditLog = {
+          action: "signedIn" as const,
+          targetType: "user" as const,
+          userId: user?.id ?? UNKNOWN_DATA,
+          targetId: user?.id ?? UNKNOWN_DATA,
+          organizationId: UNKNOWN_DATA,
+          status,
+          userType: "user" as const,
+          newObject: {
+            ...user,
+            authMethod,
+            provider: account?.provider,
+            ...(error ? { errorMessage: error.message } : {}),
+          },
+          ...(status === "failure" ? { eventId } : {}),
+        };
+
+        queueAuditEventBackground(auditLog);
+
+        if (error) throw error;
+        return result;
+      },
+    },
+  };
+
+  return NextAuth(authOptions)(req, ctx);
+};
 
 export { handler as GET, handler as POST };

apps/web/app/api/cron/survey-status/route.ts

@@ -1,6 +1,5 @@
 import { responses } from "@/app/lib/api/response";
 import { CRON_SECRET } from "@/lib/constants";
-import { surveyCache } from "@/lib/survey/cache";
 import { headers } from "next/headers";
 import { prisma } from "@formbricks/database";
 
@@ -66,15 +65,6 @@ export const POST = async () => {
     });
   }
 
-  const updatedSurveys = [...surveysToClose, ...scheduledSurveys];
-
-  for (const survey of updatedSurveys) {
-    surveyCache.revalidate({
-      id: survey.id,
-      environmentId: survey.environmentId,
-    });
-  }
-
   return responses.successResponse({
     message: `Updated ${surveysToClose.length} surveys to completed and ${scheduledSurveys.length} surveys to inProgress.`,
   });

apps/web/app/api/v1/client/[environmentId]/app/sync/[userId]/route.ts

@@ -6,7 +6,6 @@ import { replaceAttributeRecall } from "@/app/api/v1/client/[environmentId]/app/
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { getActionClasses } from "@/lib/actionClass/service";
-import { contactCache } from "@/lib/cache/contact";
 import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
 import { getEnvironment, updateEnvironment } from "@/lib/environment/service";
 import {
@@ -133,14 +132,6 @@ export const GET = async (
           attributes: { select: { attributeKey: { select: { key: true } }, value: true } },
         },
       });
-
-      if (contact) {
-        contactCache.revalidate({
-          userId: contact.attributes.find((attr) => attr.attributeKey.key === "userId")?.value,
-          id: contact.id,
-          environmentId,
-        });
-      }
     }
 
     const contactAttributes = contact.attributes.reduce((acc, attribute) => {

apps/web/app/api/v1/client/[environmentId]/app/sync/lib/contact.test.ts

@@ -1,6 +1,5 @@
-import { cache } from "@/lib/cache";
 import { TContact } from "@/modules/ee/contacts/types/contact";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { afterEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { getContactByUserId } from "./contact";
 
@@ -13,15 +12,6 @@ vi.mock("@formbricks/database", () => ({
   },
 }));
 
-// Mock cache\
-vi.mock("@/lib/cache", async () => {
-  const actual = await vi.importActual("@/lib/cache");
-  return {
-    ...(actual as any),
-    cache: vi.fn((fn) => fn()), // Mock cache function to just execute the passed function
-  };
-});
-
 const environmentId = "test-environment-id";
 const userId = "test-user-id";
 const contactId = "test-contact-id";
@@ -37,12 +27,6 @@ const contactMock: Partial<TContact> & {
 };
 
 describe("getContactByUserId", () => {
-  beforeEach(() => {
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-  });
-
   afterEach(() => {
     vi.resetAllMocks();
   });

apps/web/app/api/v1/client/[environmentId]/app/sync/lib/contact.ts

@@ -1,11 +1,9 @@
 import "server-only";
-import { cache } from "@/lib/cache";
-import { contactCache } from "@/lib/cache/contact";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 
 export const getContactByUserId = reactCache(
-  (
+  async (
     environmentId: string,
     userId: string
   ): Promise<{
@@ -16,36 +14,29 @@ export const getContactByUserId = reactCache(
       };
     }[];
     id: string;
-  } | null> =>
-    cache(
-      async () => {
-        const contact = await prisma.contact.findFirst({
-          where: {
-            attributes: {
-              some: {
-                attributeKey: {
-                  key: "userId",
-                  environmentId,
-                },
-                value: userId,
-              },
+  } | null> => {
+    const contact = await prisma.contact.findFirst({
+      where: {
+        attributes: {
+          some: {
+            attributeKey: {
+              key: "userId",
+              environmentId,
             },
+            value: userId,
           },
-          select: {
-            id: true,
-            attributes: { select: { attributeKey: { select: { key: true } }, value: true } },
-          },
-        });
-
-        if (!contact) {
-          return null;
-        }
-
-        return contact;
+        },
       },
-      [`getContactByUserId-sync-api-${environmentId}-${userId}`],
-      {
-        tags: [contactCache.tag.byEnvironmentIdAndUserId(environmentId, userId)],
-      }
-    )()
+      select: {
+        id: true,
+        attributes: { select: { attributeKey: { select: { key: true } }, value: true } },
+      },
+    });
+
+    if (!contact) {
+      return null;
+    }
+
+    return contact;
+  }
 );

apps/web/app/api/v1/client/[environmentId]/app/sync/lib/survey.test.ts

@@ -1,4 +1,3 @@
-import { cache } from "@/lib/cache";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
 import { getSurveys } from "@/lib/survey/service";
 import { anySurveyHasFilters } from "@/lib/survey/utils";
@@ -14,15 +13,6 @@ import { TSegment } from "@formbricks/types/segment";
 import { TSurvey } from "@formbricks/types/surveys/types";
 import { getSyncSurveys } from "./survey";
 
-// Mock dependencies
-vi.mock("@/lib/cache", async () => {
-  const actual = await vi.importActual("@/lib/cache");
-  return {
-    ...(actual as any),
-    cache: vi.fn((fn) => fn()), // Mock cache function to just execute the passed function
-  };
-});
-
 vi.mock("@/lib/project/service", () => ({
   getProjectByEnvironmentId: vi.fn(),
 }));
@@ -120,9 +110,6 @@ const baseSurvey: TSurvey = {
 
 describe("getSyncSurveys", () => {
   beforeEach(() => {
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
     vi.mocked(getProjectByEnvironmentId).mockResolvedValue(mockProject);
     vi.mocked(prisma.display.findMany).mockResolvedValue([]);
     vi.mocked(prisma.response.findMany).mockResolvedValue([]);

apps/web/app/api/v1/client/[environmentId]/app/sync/lib/survey.ts

@@ -1,11 +1,5 @@
 import "server-only";
-import { cache } from "@/lib/cache";
-import { contactCache } from "@/lib/cache/contact";
-import { contactAttributeCache } from "@/lib/cache/contact-attribute";
-import { displayCache } from "@/lib/display/cache";
-import { projectCache } from "@/lib/project/cache";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
-import { surveyCache } from "@/lib/survey/cache";
 import { getSurveys } from "@/lib/survey/service";
 import { anySurveyHasFilters } from "@/lib/survey/utils";
 import { diffInDays } from "@/lib/utils/datetime";
@@ -20,154 +14,135 @@ import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { TSurvey } from "@formbricks/types/surveys/types";
 
 export const getSyncSurveys = reactCache(
-  (
+  async (
     environmentId: string,
     contactId: string,
     contactAttributes: Record<string, string | number>,
     deviceType: "phone" | "desktop" = "desktop"
-  ): Promise<TSurvey[]> =>
-    cache(
-      async () => {
-        validateInputs([environmentId, ZId]);
-        try {
-          const product = await getProjectByEnvironmentId(environmentId);
+  ): Promise<TSurvey[]> => {
+    validateInputs([environmentId, ZId]);
+    try {
+      const product = await getProjectByEnvironmentId(environmentId);
 
-          if (!product) {
-            throw new Error("Product not found");
-          }
-
-          let surveys = await getSurveys(environmentId);
-
-          // filtered surveys for running and web
-          surveys = surveys.filter((survey) => survey.status === "inProgress" && survey.type === "app");
-
-          // if no surveys are left, return an empty array
-          if (surveys.length === 0) {
-            return [];
-          }
-
-          const displays = await prisma.display.findMany({
-            where: {
-              contactId,
-            },
-          });
-
-          const responses = await prisma.response.findMany({
-            where: {
-              contactId,
-            },
-          });
-
-          // filter surveys that meet the displayOption criteria
-          surveys = surveys.filter((survey) => {
-            switch (survey.displayOption) {
-              case "respondMultiple":
-                return true;
-              case "displayOnce":
-                return displays.filter((display) => display.surveyId === survey.id).length === 0;
-              case "displayMultiple":
-                if (!responses) return true;
-                else {
-                  return responses.filter((response) => response.surveyId === survey.id).length === 0;
-                }
-              case "displaySome":
-                if (survey.displayLimit === null) {
-                  return true;
-                }
-
-                if (
-                  responses &&
-                  responses.filter((response) => response.surveyId === survey.id).length !== 0
-                ) {
-                  return false;
-                }
-
-                return (
-                  displays.filter((display) => display.surveyId === survey.id).length < survey.displayLimit
-                );
-              default:
-                throw Error("Invalid displayOption");
-            }
-          });
-
-          const latestDisplay = displays[0];
-
-          // filter surveys that meet the recontactDays criteria
-          surveys = surveys.filter((survey) => {
-            if (!latestDisplay) {
-              return true;
-            } else if (survey.recontactDays !== null) {
-              const lastDisplaySurvey = displays.filter((display) => display.surveyId === survey.id)[0];
-              if (!lastDisplaySurvey) {
-                return true;
-              }
-              return diffInDays(new Date(), new Date(lastDisplaySurvey.createdAt)) >= survey.recontactDays;
-            } else if (product.recontactDays !== null) {
-              return diffInDays(new Date(), new Date(latestDisplay.createdAt)) >= product.recontactDays;
-            } else {
-              return true;
-            }
-          });
-
-          // if no surveys are left, return an empty array
-          if (surveys.length === 0) {
-            return [];
-          }
-
-          // if no surveys have segment filters, return the surveys
-          if (!anySurveyHasFilters(surveys)) {
-            return surveys;
-          }
-
-          // the surveys now have segment filters, so we need to evaluate them
-          const surveyPromises = surveys.map(async (survey) => {
-            const { segment } = survey;
-            // if the survey has no segment, or the segment has no filters, we return the survey
-            if (!segment || !segment.filters?.length) {
-              return survey;
-            }
-
-            // Evaluate the segment filters
-            const result = await evaluateSegment(
-              {
-                attributes: contactAttributes ?? {},
-                deviceType,
-                environmentId,
-                contactId,
-                userId: String(contactAttributes.userId),
-              },
-              segment.filters
-            );
-
-            return result ? survey : null;
-          });
-
-          const resolvedSurveys = await Promise.all(surveyPromises);
-          surveys = resolvedSurveys.filter((survey) => !!survey) as TSurvey[];
-
-          if (!surveys) {
-            throw new ResourceNotFoundError("Survey", environmentId);
-          }
-          return surveys;
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            logger.error(error);
-            throw new DatabaseError(error.message);
-          }
-
-          throw error;
-        }
-      },
-      [`getSyncSurveys-${environmentId}-${contactId}`],
-      {
-        tags: [
-          contactCache.tag.byEnvironmentId(environmentId),
-          contactCache.tag.byId(contactId),
-          displayCache.tag.byContactId(contactId),
-          surveyCache.tag.byEnvironmentId(environmentId),
-          projectCache.tag.byEnvironmentId(environmentId),
-          contactAttributeCache.tag.byContactId(contactId),
-        ],
+      if (!product) {
+        throw new Error("Product not found");
       }
-    )()
+
+      let surveys = await getSurveys(environmentId);
+
+      // filtered surveys for running and web
+      surveys = surveys.filter((survey) => survey.status === "inProgress" && survey.type === "app");
+
+      // if no surveys are left, return an empty array
+      if (surveys.length === 0) {
+        return [];
+      }
+
+      const displays = await prisma.display.findMany({
+        where: {
+          contactId,
+        },
+      });
+
+      const responses = await prisma.response.findMany({
+        where: {
+          contactId,
+        },
+      });
+
+      // filter surveys that meet the displayOption criteria
+      surveys = surveys.filter((survey) => {
+        switch (survey.displayOption) {
+          case "respondMultiple":
+            return true;
+          case "displayOnce":
+            return displays.filter((display) => display.surveyId === survey.id).length === 0;
+          case "displayMultiple":
+            if (!responses) return true;
+            else {
+              return responses.filter((response) => response.surveyId === survey.id).length === 0;
+            }
+          case "displaySome":
+            if (survey.displayLimit === null) {
+              return true;
+            }
+
+            if (responses && responses.filter((response) => response.surveyId === survey.id).length !== 0) {
+              return false;
+            }
+
+            return displays.filter((display) => display.surveyId === survey.id).length < survey.displayLimit;
+          default:
+            throw Error("Invalid displayOption");
+        }
+      });
+
+      const latestDisplay = displays[0];
+
+      // filter surveys that meet the recontactDays criteria
+      surveys = surveys.filter((survey) => {
+        if (!latestDisplay) {
+          return true;
+        } else if (survey.recontactDays !== null) {
+          const lastDisplaySurvey = displays.filter((display) => display.surveyId === survey.id)[0];
+          if (!lastDisplaySurvey) {
+            return true;
+          }
+          return diffInDays(new Date(), new Date(lastDisplaySurvey.createdAt)) >= survey.recontactDays;
+        } else if (product.recontactDays !== null) {
+          return diffInDays(new Date(), new Date(latestDisplay.createdAt)) >= product.recontactDays;
+        } else {
+          return true;
+        }
+      });
+
+      // if no surveys are left, return an empty array
+      if (surveys.length === 0) {
+        return [];
+      }
+
+      // if no surveys have segment filters, return the surveys
+      if (!anySurveyHasFilters(surveys)) {
+        return surveys;
+      }
+
+      // the surveys now have segment filters, so we need to evaluate them
+      const surveyPromises = surveys.map(async (survey) => {
+        const { segment } = survey;
+        // if the survey has no segment, or the segment has no filters, we return the survey
+        if (!segment || !segment.filters?.length) {
+          return survey;
+        }
+
+        // Evaluate the segment filters
+        const result = await evaluateSegment(
+          {
+            attributes: contactAttributes ?? {},
+            deviceType,
+            environmentId,
+            contactId,
+            userId: String(contactAttributes.userId),
+          },
+          segment.filters
+        );
+
+        return result ? survey : null;
+      });
+
+      const resolvedSurveys = await Promise.all(surveyPromises);
+      surveys = resolvedSurveys.filter((survey) => !!survey) as TSurvey[];
+
+      if (!surveys) {
+        throw new ResourceNotFoundError("Survey", environmentId);
+      }
+      return surveys;
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+        logger.error(error);
+        throw new DatabaseError(error.message);
+      }
+
+      throw error;
+    }
+  }
 );

apps/web/app/api/v1/client/[environmentId]/displays/lib/contact.ts

@@ -1,41 +1,32 @@
-import { cache } from "@/lib/cache";
-import { contactCache } from "@/lib/cache/contact";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 
 export const getContactByUserId = reactCache(
-  (
+  async (
     environmentId: string,
     userId: string
   ): Promise<{
     id: string;
-  } | null> =>
-    cache(
-      async () => {
-        const contact = await prisma.contact.findFirst({
-          where: {
-            attributes: {
-              some: {
-                attributeKey: {
-                  key: "userId",
-                  environmentId,
-                },
-                value: userId,
-              },
+  } | null> => {
+    const contact = await prisma.contact.findFirst({
+      where: {
+        attributes: {
+          some: {
+            attributeKey: {
+              key: "userId",
+              environmentId,
             },
+            value: userId,
           },
-          select: { id: true },
-        });
-
-        if (!contact) {
-          return null;
-        }
-
-        return contact;
+        },
       },
-      [`getContactByUserIdForDisplaysApi-${environmentId}-${userId}`],
-      {
-        tags: [contactCache.tag.byEnvironmentIdAndUserId(environmentId, userId)],
-      }
-    )()
+      select: { id: true },
+    });
+
+    if (!contact) {
+      return null;
+    }
+
+    return contact;
+  }
 );

apps/web/app/api/v1/client/[environmentId]/displays/lib/display.ts

@@ -1,4 +1,3 @@
-import { displayCache } from "@/lib/display/cache";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
 import { prisma } from "@formbricks/database";
@@ -51,14 +50,6 @@ export const createDisplay = async (displayInput: TDisplayCreateInput): Promise<
       select: { id: true, contactId: true, surveyId: true },
     });
 
-    displayCache.revalidate({
-      id: display.id,
-      contactId: display.contactId,
-      surveyId: display.surveyId,
-      userId,
-      environmentId,
-    });
-
     return display;
   } catch (error) {
     if (error instanceof Prisma.PrismaClientKnownRequestError) {

apps/web/app/api/v1/client/[environmentId]/displays/route.ts

@@ -14,7 +14,13 @@ interface Context {
 }
 
 export const OPTIONS = async (): Promise<Response> => {
-  return responses.successResponse({}, true);
+  return responses.successResponse(
+    {},
+    true,
+    // Cache CORS preflight responses for 1 hour (conservative approach)
+    // Balances performance gains with flexibility for CORS policy changes
+    "public, s-maxage=3600, max-age=3600"
+  );
 };
 
 export const POST = async (request: Request, context: Context): Promise<Response> => {

apps/web/app/api/v1/client/[environmentId]/environment/lib/actionClass.test.ts

@@ -1,86 +0,0 @@
-import { cache } from "@/lib/cache";
-import { validateInputs } from "@/lib/utils/validate";
-import { describe, expect, test, vi } from "vitest";
-import { prisma } from "@formbricks/database";
-import { TActionClassNoCodeConfig } from "@formbricks/types/action-classes";
-import { DatabaseError } from "@formbricks/types/errors";
-import { TJsEnvironmentStateActionClass } from "@formbricks/types/js";
-import { getActionClassesForEnvironmentState } from "./actionClass";
-
-// Mock dependencies
-vi.mock("@/lib/cache");
-vi.mock("@/lib/utils/validate");
-vi.mock("@formbricks/database", () => ({
-  prisma: {
-    actionClass: {
-      findMany: vi.fn(),
-    },
-  },
-}));
-
-const environmentId = "test-environment-id";
-const mockActionClasses: TJsEnvironmentStateActionClass[] = [
-  {
-    id: "action1",
-    type: "code",
-    name: "Code Action",
-    key: "code-action",
-    noCodeConfig: null,
-  },
-  {
-    id: "action2",
-    type: "noCode",
-    name: "No Code Action",
-    key: null,
-    noCodeConfig: { type: "click" } as TActionClassNoCodeConfig,
-  },
-];
-
-describe("getActionClassesForEnvironmentState", () => {
-  test("should return action classes successfully", async () => {
-    vi.mocked(prisma.actionClass.findMany).mockResolvedValue(mockActionClasses);
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-
-    const result = await getActionClassesForEnvironmentState(environmentId);
-
-    expect(result).toEqual(mockActionClasses);
-    expect(validateInputs).toHaveBeenCalledWith([environmentId, expect.any(Object)]); // ZId is an object
-    expect(prisma.actionClass.findMany).toHaveBeenCalledWith({
-      where: { environmentId },
-      select: {
-        id: true,
-        type: true,
-        name: true,
-        key: true,
-        noCodeConfig: true,
-      },
-    });
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function),
-      [`getActionClassesForEnvironmentState-${environmentId}`],
-      { tags: [`environments-${environmentId}-actionClasses`] }
-    );
-  });
-
-  test("should throw DatabaseError on prisma error", async () => {
-    const mockError = new Error("Prisma error");
-    vi.mocked(prisma.actionClass.findMany).mockRejectedValue(mockError);
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-
-    await expect(getActionClassesForEnvironmentState(environmentId)).rejects.toThrow(DatabaseError);
-    await expect(getActionClassesForEnvironmentState(environmentId)).rejects.toThrow(
-      `Database error when fetching actions for environment ${environmentId}`
-    );
-    expect(validateInputs).toHaveBeenCalledWith([environmentId, expect.any(Object)]);
-    expect(prisma.actionClass.findMany).toHaveBeenCalled();
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function),
-      [`getActionClassesForEnvironmentState-${environmentId}`],
-      { tags: [`environments-${environmentId}-actionClasses`] }
-    );
-  });
-});

apps/web/app/api/v1/client/[environmentId]/environment/lib/actionClass.ts

@@ -1,38 +0,0 @@
-import { actionClassCache } from "@/lib/actionClass/cache";
-import { cache } from "@/lib/cache";
-import { validateInputs } from "@/lib/utils/validate";
-import { cache as reactCache } from "react";
-import { prisma } from "@formbricks/database";
-import { ZId } from "@formbricks/types/common";
-import { DatabaseError } from "@formbricks/types/errors";
-import { TJsEnvironmentStateActionClass } from "@formbricks/types/js";
-
-export const getActionClassesForEnvironmentState = reactCache(
-  async (environmentId: string): Promise<TJsEnvironmentStateActionClass[]> =>
-    cache(
-      async () => {
-        validateInputs([environmentId, ZId]);
-
-        try {
-          return await prisma.actionClass.findMany({
-            where: {
-              environmentId: environmentId,
-            },
-            select: {
-              id: true,
-              type: true,
-              name: true,
-              key: true,
-              noCodeConfig: true,
-            },
-          });
-        } catch (error) {
-          throw new DatabaseError(`Database error when fetching actions for environment ${environmentId}`);
-        }
-      },
-      [`getActionClassesForEnvironmentState-${environmentId}`],
-      {
-        tags: [actionClassCache.tag.byEnvironmentId(environmentId)],
-      }
-    )()
-);

apps/web/app/api/v1/client/[environmentId]/environment/lib/data.ts

@@ -0,0 +1,202 @@
+import "server-only";
+import { validateInputs } from "@/lib/utils/validate";
+import { transformPrismaSurvey } from "@/modules/survey/lib/utils";
+import { Prisma } from "@prisma/client";
+import { prisma } from "@formbricks/database";
+import { logger } from "@formbricks/logger";
+import { ZId } from "@formbricks/types/common";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
+import {
+  TJsEnvironmentStateActionClass,
+  TJsEnvironmentStateProject,
+  TJsEnvironmentStateSurvey,
+} from "@formbricks/types/js";
+
+/**
+ * Optimized data fetcher for environment state
+ * Uses a single Prisma query with strategic includes to minimize database calls
+ * Critical for performance on high-frequency endpoint serving hundreds of thousands of SDK clients
+ */
+export interface EnvironmentStateData {
+  environment: {
+    id: string;
+    type: string;
+    appSetupCompleted: boolean;
+    project: TJsEnvironmentStateProject;
+  };
+  organization: {
+    id: string;
+    billing: any;
+  };
+  surveys: TJsEnvironmentStateSurvey[];
+  actionClasses: TJsEnvironmentStateActionClass[];
+}
+
+/**
+ * Single optimized query that fetches all required data
+ * Replaces multiple separate service calls with one efficient database operation
+ */
+export const getEnvironmentStateData = async (environmentId: string): Promise<EnvironmentStateData> => {
+  validateInputs([environmentId, ZId]);
+
+  try {
+    // Single query that fetches everything needed for environment state
+    // Uses strategic includes and selects to minimize data transfer
+    const environmentData = await prisma.environment.findUnique({
+      where: { id: environmentId },
+      select: {
+        id: true,
+        type: true,
+        appSetupCompleted: true,
+        // Project data (optimized select)
+        project: {
+          select: {
+            id: true,
+            recontactDays: true,
+            clickOutsideClose: true,
+            darkOverlay: true,
+            placement: true,
+            inAppSurveyBranding: true,
+            styling: true,
+            // Organization data (nested select for efficiency)
+            organization: {
+              select: {
+                id: true,
+                billing: true,
+              },
+            },
+          },
+        },
+        // Action classes (optimized for environment state)
+        actionClasses: {
+          select: {
+            id: true,
+            type: true,
+            name: true,
+            key: true,
+            noCodeConfig: true,
+          },
+        },
+        // Surveys (optimized for app surveys only)
+        surveys: {
+          where: {
+            type: "app",
+            status: "inProgress",
+          },
+          orderBy: {
+            createdAt: "desc",
+          },
+          take: 30, // Limit for performance
+          select: {
+            id: true,
+            welcomeCard: true,
+            name: true,
+            questions: true,
+            variables: true,
+            type: true,
+            showLanguageSwitch: true,
+            languages: {
+              select: {
+                default: true,
+                enabled: true,
+                language: {
+                  select: {
+                    id: true,
+                    code: true,
+                    alias: true,
+                    createdAt: true,
+                    updatedAt: true,
+                    projectId: true,
+                  },
+                },
+              },
+            },
+            endings: true,
+            autoClose: true,
+            styling: true,
+            status: true,
+            recaptcha: true,
+            segment: {
+              include: {
+                surveys: {
+                  select: {
+                    id: true,
+                  },
+                },
+              },
+            },
+            recontactDays: true,
+            displayLimit: true,
+            displayOption: true,
+            hiddenFields: true,
+            isBackButtonHidden: true,
+            triggers: {
+              select: {
+                actionClass: {
+                  select: {
+                    name: true,
+                  },
+                },
+              },
+            },
+            displayPercentage: true,
+            delay: true,
+            projectOverwrites: true,
+          },
+        },
+      },
+    });
+
+    if (!environmentData) {
+      throw new ResourceNotFoundError("environment", environmentId);
+    }
+
+    if (!environmentData.project) {
+      throw new ResourceNotFoundError("project", null);
+    }
+
+    if (!environmentData.project.organization) {
+      throw new ResourceNotFoundError("organization", null);
+    }
+
+    // Transform surveys using existing utility
+    const transformedSurveys = environmentData.surveys.map((survey) =>
+      transformPrismaSurvey<TJsEnvironmentStateSurvey>(survey)
+    );
+
+    return {
+      environment: {
+        id: environmentData.id,
+        type: environmentData.type,
+        appSetupCompleted: environmentData.appSetupCompleted,
+        project: {
+          id: environmentData.project.id,
+          recontactDays: environmentData.project.recontactDays,
+          clickOutsideClose: environmentData.project.clickOutsideClose,
+          darkOverlay: environmentData.project.darkOverlay,
+          placement: environmentData.project.placement,
+          inAppSurveyBranding: environmentData.project.inAppSurveyBranding,
+          styling: environmentData.project.styling,
+        },
+      },
+      organization: {
+        id: environmentData.project.organization.id,
+        billing: environmentData.project.organization.billing,
+      },
+      surveys: transformedSurveys,
+      actionClasses: environmentData.actionClasses as TJsEnvironmentStateActionClass[],
+    };
+  } catch (error) {
+    if (error instanceof ResourceNotFoundError) {
+      throw error;
+    }
+
+    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      logger.error(error, "Database error in getEnvironmentStateData");
+      throw new DatabaseError(`Database error when fetching environment state for ${environmentId}`);
+    }
+
+    logger.error(error, "Unexpected error in getEnvironmentStateData");
+    throw error;
+  }
+};

apps/web/app/api/v1/client/[environmentId]/environment/lib/environmentState.test.ts

@@ -1,34 +1,25 @@
-import { cache } from "@/lib/cache";
-import { getEnvironment } from "@/lib/environment/service";
-import {
-  getMonthlyOrganizationResponseCount,
-  getOrganizationByEnvironmentId,
-} from "@/lib/organization/service";
+import { getMonthlyOrganizationResponseCount } from "@/lib/organization/service";
 import {
   capturePosthogEnvironmentEvent,
   sendPlanLimitsReachedEventToPosthogWeekly,
 } from "@/lib/posthogServer";
+import { withCache } from "@/modules/cache/lib/withCache";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
 import { TActionClass } from "@formbricks/types/action-classes";
-import { TEnvironment } from "@formbricks/types/environment";
 import { ResourceNotFoundError } from "@formbricks/types/errors";
-import { TJsEnvironmentState } from "@formbricks/types/js";
+import { TJsEnvironmentState, TJsEnvironmentStateProject } from "@formbricks/types/js";
 import { TOrganization } from "@formbricks/types/organizations";
-import { TProject } from "@formbricks/types/project";
 import { TSurvey } from "@formbricks/types/surveys/types";
-import { getActionClassesForEnvironmentState } from "./actionClass";
+import { EnvironmentStateData, getEnvironmentStateData } from "./data";
 import { getEnvironmentState } from "./environmentState";
-import { getProjectForEnvironmentState } from "./project";
-import { getSurveysForEnvironmentState } from "./survey";
 
 // Mock dependencies
-vi.mock("@/lib/cache");
-vi.mock("@/lib/environment/service");
 vi.mock("@/lib/organization/service");
 vi.mock("@/lib/posthogServer");
-vi.mock("@/modules/ee/license-check/lib/utils");
+vi.mock("@/modules/cache/lib/withCache");
+
 vi.mock("@formbricks/database", () => ({
   prisma: {
     environment: {
@@ -41,11 +32,9 @@ vi.mock("@formbricks/logger", () => ({
     error: vi.fn(),
   },
 }));
-vi.mock("./actionClass");
-vi.mock("./project");
-vi.mock("./survey");
+vi.mock("./data");
 vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: true, // Default to false, override in specific tests
+  IS_FORMBRICKS_CLOUD: true,
   RECAPTCHA_SITE_KEY: "mock_recaptcha_site_key",
   RECAPTCHA_SECRET_KEY: "mock_recaptcha_secret_key",
   IS_RECAPTCHA_CONFIGURED: true,
@@ -56,13 +45,16 @@ vi.mock("@/lib/constants", () => ({
 
 const environmentId = "test-environment-id";
 
-const mockEnvironment: TEnvironment = {
-  id: environmentId,
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  projectId: "test-project-id",
-  type: "production",
-  appSetupCompleted: true, // Default to true
+const mockProject: TJsEnvironmentStateProject = {
+  id: "test-project-id",
+  recontactDays: 30,
+  inAppSurveyBranding: true,
+  placement: "bottomRight",
+  clickOutsideClose: true,
+  darkOverlay: false,
+  styling: {
+    allowStyleOverwrite: false,
+  },
 };
 
 const mockOrganization: TOrganization = {
@@ -77,7 +69,7 @@ const mockOrganization: TOrganization = {
     limits: {
       projects: 1,
       monthly: {
-        responses: 100, // Default limit
+        responses: 100,
         miu: 1000,
       },
     },
@@ -86,29 +78,6 @@ const mockOrganization: TOrganization = {
   isAIEnabled: false,
 };
 
-const mockProject: TProject = {
-  id: "test-project-id",
-  createdAt: new Date(),
-  updatedAt: new Date(),
-  name: "Test Project",
-  config: {
-    channel: "link",
-    industry: "eCommerce",
-  },
-  organizationId: mockOrganization.id,
-  styling: {
-    allowStyleOverwrite: false,
-  },
-  recontactDays: 30,
-  inAppSurveyBranding: true,
-  linkSurveyBranding: true,
-  placement: "bottomRight",
-  clickOutsideClose: true,
-  darkOverlay: false,
-  environments: [],
-  languages: [],
-};
-
 const mockSurveys: TSurvey[] = [
   {
     id: "survey-app-inProgress",
@@ -149,84 +118,6 @@ const mockSurveys: TSurvey[] = [
     createdBy: null,
     recaptcha: { enabled: false, threshold: 0.5 },
   },
-  {
-    id: "survey-app-paused",
-    createdAt: new Date(),
-    updatedAt: new Date(),
-    name: "App Survey Paused",
-    environmentId: environmentId,
-    displayLimit: null,
-    endings: [],
-    followUps: [],
-    isBackButtonHidden: false,
-    isSingleResponsePerEmailEnabled: false,
-    isVerifyEmailEnabled: false,
-    projectOverwrites: null,
-    runOnDate: null,
-    showLanguageSwitch: false,
-    type: "app",
-    status: "paused",
-    questions: [],
-    displayOption: "displayOnce",
-    recontactDays: null,
-    autoClose: null,
-    closeOnDate: null,
-    delay: 0,
-    displayPercentage: null,
-    autoComplete: null,
-    singleUse: null,
-    triggers: [],
-    languages: [],
-    pin: null,
-    resultShareKey: null,
-    segment: null,
-    styling: null,
-    surveyClosedMessage: null,
-    hiddenFields: { enabled: false },
-    welcomeCard: { enabled: false, showResponseCount: false, timeToFinish: false },
-    variables: [],
-    createdBy: null,
-    recaptcha: { enabled: false, threshold: 0.5 },
-  },
-  {
-    id: "survey-web-inProgress",
-    createdAt: new Date(),
-    updatedAt: new Date(),
-    name: "Web Survey In Progress",
-    environmentId: environmentId,
-    type: "link",
-    displayLimit: null,
-    endings: [],
-    followUps: [],
-    isBackButtonHidden: false,
-    isSingleResponsePerEmailEnabled: false,
-    isVerifyEmailEnabled: false,
-    projectOverwrites: null,
-    runOnDate: null,
-    showLanguageSwitch: false,
-    status: "inProgress",
-    questions: [],
-    displayOption: "displayOnce",
-    recontactDays: null,
-    autoClose: null,
-    closeOnDate: null,
-    delay: 0,
-    displayPercentage: null,
-    autoComplete: null,
-    singleUse: null,
-    triggers: [],
-    languages: [],
-    pin: null,
-    resultShareKey: null,
-    segment: null,
-    styling: null,
-    surveyClosedMessage: null,
-    hiddenFields: { enabled: false },
-    welcomeCard: { enabled: false, showResponseCount: false, timeToFinish: false },
-    variables: [],
-    createdBy: null,
-    recaptcha: { enabled: false, threshold: 0.5 },
-  },
 ];
 
 const mockActionClasses: TActionClass[] = [
@@ -243,19 +134,30 @@ const mockActionClasses: TActionClass[] = [
   },
 ];
 
+const mockEnvironmentStateData: EnvironmentStateData = {
+  environment: {
+    id: environmentId,
+    type: "production",
+    appSetupCompleted: true,
+    project: mockProject,
+  },
+  organization: {
+    id: mockOrganization.id,
+    billing: mockOrganization.billing,
+  },
+  surveys: mockSurveys,
+  actionClasses: mockActionClasses,
+};
+
 describe("getEnvironmentState", () => {
   beforeEach(() => {
     vi.resetAllMocks();
-    // Mock the cache implementation
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
+
+    // Mock withCache to simply execute the function without caching for tests
+    vi.mocked(withCache).mockImplementation((fn) => fn);
+
     // Default mocks for successful retrieval
-    vi.mocked(getEnvironment).mockResolvedValue(mockEnvironment);
-    vi.mocked(getOrganizationByEnvironmentId).mockResolvedValue(mockOrganization);
-    vi.mocked(getProjectForEnvironmentState).mockResolvedValue(mockProject);
-    vi.mocked(getSurveysForEnvironmentState).mockResolvedValue([mockSurveys[0]]); // Only return the app, inProgress survey
-    vi.mocked(getActionClassesForEnvironmentState).mockResolvedValue(mockActionClasses);
+    vi.mocked(getEnvironmentStateData).mockResolvedValue(mockEnvironmentStateData);
     vi.mocked(getMonthlyOrganizationResponseCount).mockResolvedValue(50); // Default below limit
   });
 
@@ -268,42 +170,45 @@ describe("getEnvironmentState", () => {
 
     const expectedData: TJsEnvironmentState["data"] = {
       recaptchaSiteKey: "mock_recaptcha_site_key",
-      surveys: [mockSurveys[0]], // Only app, inProgress survey
+      surveys: mockSurveys,
       actionClasses: mockActionClasses,
       project: mockProject,
     };
 
     expect(result.data).toEqual(expectedData);
-    expect(result.revalidateEnvironment).toBe(false);
-    expect(getEnvironment).toHaveBeenCalledWith(environmentId);
-    expect(getOrganizationByEnvironmentId).toHaveBeenCalledWith(environmentId);
-    expect(getProjectForEnvironmentState).toHaveBeenCalledWith(environmentId);
-    expect(getSurveysForEnvironmentState).toHaveBeenCalledWith(environmentId);
-    expect(getActionClassesForEnvironmentState).toHaveBeenCalledWith(environmentId);
+    expect(getEnvironmentStateData).toHaveBeenCalledWith(environmentId);
     expect(prisma.environment.update).not.toHaveBeenCalled();
     expect(capturePosthogEnvironmentEvent).not.toHaveBeenCalled();
-    expect(getMonthlyOrganizationResponseCount).toHaveBeenCalled(); // Not cloud
+    expect(getMonthlyOrganizationResponseCount).toHaveBeenCalledWith(mockOrganization.id);
     expect(sendPlanLimitsReachedEventToPosthogWeekly).not.toHaveBeenCalled();
   });
 
   test("should throw ResourceNotFoundError if environment not found", async () => {
-    vi.mocked(getEnvironment).mockResolvedValue(null);
+    vi.mocked(getEnvironmentStateData).mockRejectedValue(
+      new ResourceNotFoundError("environment", environmentId)
+    );
     await expect(getEnvironmentState(environmentId)).rejects.toThrow(ResourceNotFoundError);
   });
 
   test("should throw ResourceNotFoundError if organization not found", async () => {
-    vi.mocked(getOrganizationByEnvironmentId).mockResolvedValue(null);
+    vi.mocked(getEnvironmentStateData).mockRejectedValue(new ResourceNotFoundError("organization", null));
     await expect(getEnvironmentState(environmentId)).rejects.toThrow(ResourceNotFoundError);
   });
 
   test("should throw ResourceNotFoundError if project not found", async () => {
-    vi.mocked(getProjectForEnvironmentState).mockResolvedValue(null);
+    vi.mocked(getEnvironmentStateData).mockRejectedValue(new ResourceNotFoundError("project", null));
     await expect(getEnvironmentState(environmentId)).rejects.toThrow(ResourceNotFoundError);
   });
 
   test("should update environment and capture event if app setup not completed", async () => {
-    const incompleteEnv = { ...mockEnvironment, appSetupCompleted: false };
-    vi.mocked(getEnvironment).mockResolvedValue(incompleteEnv);
+    const incompleteEnvironmentData = {
+      ...mockEnvironmentStateData,
+      environment: {
+        ...mockEnvironmentStateData.environment,
+        appSetupCompleted: false,
+      },
+    };
+    vi.mocked(getEnvironmentStateData).mockResolvedValue(incompleteEnvironmentData);
 
     const result = await getEnvironmentState(environmentId);
 
@@ -312,14 +217,14 @@ describe("getEnvironmentState", () => {
       data: { appSetupCompleted: true },
     });
     expect(capturePosthogEnvironmentEvent).toHaveBeenCalledWith(environmentId, "app setup completed");
-    expect(result.revalidateEnvironment).toBe(true);
+    expect(result.data).toBeDefined();
   });
 
   test("should return empty surveys if monthly response limit reached (Cloud)", async () => {
     vi.mocked(getMonthlyOrganizationResponseCount).mockResolvedValue(100); // Exactly at limit
-    vi.mocked(getSurveysForEnvironmentState).mockResolvedValue(mockSurveys);
 
     const result = await getEnvironmentState(environmentId);
+
     expect(result.data.surveys).toEqual([]);
     expect(getMonthlyOrganizationResponseCount).toHaveBeenCalledWith(mockOrganization.id);
     expect(sendPlanLimitsReachedEventToPosthogWeekly).toHaveBeenCalledWith(environmentId, {
@@ -339,7 +244,7 @@ describe("getEnvironmentState", () => {
 
     const result = await getEnvironmentState(environmentId);
 
-    expect(result.data.surveys).toEqual([mockSurveys[0]]);
+    expect(result.data.surveys).toEqual(mockSurveys);
     expect(getMonthlyOrganizationResponseCount).toHaveBeenCalledWith(mockOrganization.id);
     expect(sendPlanLimitsReachedEventToPosthogWeekly).not.toHaveBeenCalled();
   });
@@ -364,9 +269,12 @@ describe("getEnvironmentState", () => {
     expect(result.data.recaptchaSiteKey).toBe("mock_recaptcha_site_key");
   });
 
-  test("should filter surveys correctly (only app type and inProgress status)", async () => {
-    const result = await getEnvironmentState(environmentId);
-    expect(result.data.surveys).toHaveLength(1);
-    expect(result.data.surveys[0].id).toBe("survey-app-inProgress");
+  test("should use withCache for caching with correct cache key and TTL", () => {
+    getEnvironmentState(environmentId);
+
+    expect(withCache).toHaveBeenCalledWith(expect.any(Function), {
+      key: `fb:env:${environmentId}:state`,
+      ttl: 60 * 30 * 1000, // 30 minutes in milliseconds
+    });
   });
 });

apps/web/app/api/v1/client/[environmentId]/environment/lib/environmentState.ts

@@ -1,125 +1,93 @@
-import { actionClassCache } from "@/lib/actionClass/cache";
-import { cache } from "@/lib/cache";
+import "server-only";
 import { IS_FORMBRICKS_CLOUD, IS_RECAPTCHA_CONFIGURED, RECAPTCHA_SITE_KEY } from "@/lib/constants";
-import { environmentCache } from "@/lib/environment/cache";
-import { getEnvironment } from "@/lib/environment/service";
-import { organizationCache } from "@/lib/organization/cache";
-import {
-  getMonthlyOrganizationResponseCount,
-  getOrganizationByEnvironmentId,
-} from "@/lib/organization/service";
+import { getMonthlyOrganizationResponseCount } from "@/lib/organization/service";
 import {
   capturePosthogEnvironmentEvent,
   sendPlanLimitsReachedEventToPosthogWeekly,
 } from "@/lib/posthogServer";
-import { projectCache } from "@/lib/project/cache";
-import { surveyCache } from "@/lib/survey/cache";
+import { createCacheKey } from "@/modules/cache/lib/cacheKeys";
+import { withCache } from "@/modules/cache/lib/withCache";
 import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
-import { ResourceNotFoundError } from "@formbricks/types/errors";
 import { TJsEnvironmentState } from "@formbricks/types/js";
-import { getActionClassesForEnvironmentState } from "./actionClass";
-import { getProjectForEnvironmentState } from "./project";
-import { getSurveysForEnvironmentState } from "./survey";
+import { getEnvironmentStateData } from "./data";
 
 /**
+ * Optimized environment state fetcher using new caching approach
+ * Uses withCache for Redis-backed caching with graceful fallback
+ * Single database query via optimized data service
  *
- * @param environmentId
+ * @param environmentId - The environment ID to fetch state for
  * @returns The environment state
- * @throws ResourceNotFoundError if the environment or organization does not exist
+ * @throws ResourceNotFoundError if environment, organization, or project not found
  */
 export const getEnvironmentState = async (
   environmentId: string
-): Promise<{ data: TJsEnvironmentState["data"]; revalidateEnvironment?: boolean }> =>
-  cache(
+): Promise<{ data: TJsEnvironmentState["data"] }> => {
+  // Use withCache for efficient Redis caching with automatic fallback
+  const getCachedEnvironmentState = withCache(
     async () => {
-      let revalidateEnvironment = false;
-      const [environment, organization, project] = await Promise.all([
-        getEnvironment(environmentId),
-        getOrganizationByEnvironmentId(environmentId),
-        getProjectForEnvironmentState(environmentId),
-      ]);
-
-      if (!environment) {
-        throw new ResourceNotFoundError("environment", environmentId);
-      }
-
-      if (!organization) {
-        throw new ResourceNotFoundError("organization", null);
-      }
-
-      if (!project) {
-        throw new ResourceNotFoundError("project", null);
-      }
+      // Single optimized database call replacing multiple service calls
+      const { environment, organization, surveys, actionClasses } =
+        await getEnvironmentStateData(environmentId);
 
+      // Handle app setup completion update if needed
+      // This is a one-time setup flag that can tolerate TTL-based cache expiration
       if (!environment.appSetupCompleted) {
         await Promise.all([
           prisma.environment.update({
-            where: {
-              id: environmentId,
-            },
+            where: { id: environmentId },
             data: { appSetupCompleted: true },
           }),
           capturePosthogEnvironmentEvent(environmentId, "app setup completed"),
         ]);
-
-        revalidateEnvironment = true;
       }
 
-      // check if MAU limit is reached
+      // Check monthly response limits for Formbricks Cloud
       let isMonthlyResponsesLimitReached = false;
-
       if (IS_FORMBRICKS_CLOUD) {
         const monthlyResponseLimit = organization.billing.limits.monthly.responses;
-
         const currentResponseCount = await getMonthlyOrganizationResponseCount(organization.id);
         isMonthlyResponsesLimitReached =
           monthlyResponseLimit !== null && currentResponseCount >= monthlyResponseLimit;
-      }
 
-      if (isMonthlyResponsesLimitReached) {
-        try {
-          await sendPlanLimitsReachedEventToPosthogWeekly(environmentId, {
-            plan: organization.billing.plan,
-            limits: {
-              projects: null,
-              monthly: {
-                miu: null,
-                responses: organization.billing.limits.monthly.responses,
+        // Send plan limits event if needed
+        if (isMonthlyResponsesLimitReached) {
+          try {
+            await sendPlanLimitsReachedEventToPosthogWeekly(environmentId, {
+              plan: organization.billing.plan,
+              limits: {
+                projects: null,
+                monthly: {
+                  miu: null,
+                  responses: organization.billing.limits.monthly.responses,
+                },
               },
-            },
-          });
-        } catch (err) {
-          logger.error(err, "Error sending plan limits reached event to Posthog");
+            });
+          } catch (err) {
+            logger.error(err, "Error sending plan limits reached event to Posthog");
+          }
         }
       }
 
-      const [surveys, actionClasses] = await Promise.all([
-        getSurveysForEnvironmentState(environmentId),
-        getActionClassesForEnvironmentState(environmentId),
-      ]);
-
+      // Build the response data
       const data: TJsEnvironmentState["data"] = {
         surveys: !isMonthlyResponsesLimitReached ? surveys : [],
         actionClasses,
-        project: project,
+        project: environment.project,
         ...(IS_RECAPTCHA_CONFIGURED ? { recaptchaSiteKey: RECAPTCHA_SITE_KEY } : {}),
       };
 
-      return {
-        data,
-        revalidateEnvironment,
-      };
+      return { data };
     },
-    [`environmentState-${environmentId}`],
     {
-      ...(IS_FORMBRICKS_CLOUD && { revalidate: 24 * 60 * 60 }),
-      tags: [
-        environmentCache.tag.byId(environmentId),
-        organizationCache.tag.byEnvironmentId(environmentId),
-        projectCache.tag.byEnvironmentId(environmentId),
-        surveyCache.tag.byEnvironmentId(environmentId),
-        actionClassCache.tag.byEnvironmentId(environmentId),
-      ],
+      // Use enterprise-grade cache key pattern
+      key: createCacheKey.environment.state(environmentId),
+      // 30 minutes TTL ensures fresh data for hourly SDK checks
+      // Balances performance with freshness requirements
+      ttl: 60 * 30 * 1000, // 30 minutes in milliseconds
     }
-  )();
+  );
+
+  return getCachedEnvironmentState();
+};

apps/web/app/api/v1/client/[environmentId]/environment/lib/project.test.ts

@@ -1,120 +0,0 @@
-import { cache } from "@/lib/cache";
-import { projectCache } from "@/lib/project/cache";
-import { Prisma } from "@prisma/client";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { prisma } from "@formbricks/database";
-import { logger } from "@formbricks/logger";
-import { DatabaseError } from "@formbricks/types/errors";
-import { TJsEnvironmentStateProject } from "@formbricks/types/js";
-import { getProjectForEnvironmentState } from "./project";
-
-// Mock dependencies
-vi.mock("@/lib/cache");
-vi.mock("@/lib/project/cache");
-vi.mock("@formbricks/database", () => ({
-  prisma: {
-    project: {
-      findFirst: vi.fn(),
-    },
-  },
-}));
-vi.mock("@formbricks/logger", () => ({
-  logger: {
-    error: vi.fn(),
-  },
-}));
-vi.mock("@/lib/utils/validate"); // Mock validateInputs if needed, though it's often tested elsewhere
-
-const environmentId = "test-environment-id";
-const mockProject: TJsEnvironmentStateProject = {
-  id: "test-project-id",
-  recontactDays: 30,
-  clickOutsideClose: true,
-  darkOverlay: false,
-  placement: "bottomRight",
-  inAppSurveyBranding: true,
-  styling: { allowStyleOverwrite: false },
-};
-
-describe("getProjectForEnvironmentState", () => {
-  beforeEach(() => {
-    vi.resetAllMocks();
-
-    // Mock cache implementation
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-
-    // Mock projectCache tags
-    vi.mocked(projectCache.tag.byEnvironmentId).mockReturnValue(`project-env-${environmentId}`);
-  });
-
-  afterEach(() => {
-    vi.resetAllMocks();
-  });
-
-  test("should return project state successfully", async () => {
-    vi.mocked(prisma.project.findFirst).mockResolvedValue(mockProject);
-
-    const result = await getProjectForEnvironmentState(environmentId);
-
-    expect(result).toEqual(mockProject);
-    expect(prisma.project.findFirst).toHaveBeenCalledWith({
-      where: {
-        environments: {
-          some: {
-            id: environmentId,
-          },
-        },
-      },
-      select: {
-        id: true,
-        recontactDays: true,
-        clickOutsideClose: true,
-        darkOverlay: true,
-        placement: true,
-        inAppSurveyBranding: true,
-        styling: true,
-      },
-    });
-    expect(cache).toHaveBeenCalledTimes(1);
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function),
-      [`getProjectForEnvironmentState-${environmentId}`],
-      {
-        tags: [`project-env-${environmentId}`],
-      }
-    );
-  });
-
-  test("should return null if project not found", async () => {
-    vi.mocked(prisma.project.findFirst).mockResolvedValue(null);
-
-    const result = await getProjectForEnvironmentState(environmentId);
-
-    expect(result).toBeNull();
-    expect(prisma.project.findFirst).toHaveBeenCalledTimes(1);
-    expect(cache).toHaveBeenCalledTimes(1);
-  });
-
-  test("should throw DatabaseError on PrismaClientKnownRequestError", async () => {
-    const prismaError = new Prisma.PrismaClientKnownRequestError("Test error", {
-      code: "P2001",
-      clientVersion: "test",
-    });
-    vi.mocked(prisma.project.findFirst).mockRejectedValue(prismaError);
-
-    await expect(getProjectForEnvironmentState(environmentId)).rejects.toThrow(DatabaseError);
-    expect(logger.error).toHaveBeenCalledWith(prismaError, "Error getting project for environment state");
-    expect(cache).toHaveBeenCalledTimes(1);
-  });
-
-  test("should re-throw unknown errors", async () => {
-    const unknownError = new Error("Something went wrong");
-    vi.mocked(prisma.project.findFirst).mockRejectedValue(unknownError);
-
-    await expect(getProjectForEnvironmentState(environmentId)).rejects.toThrow(unknownError);
-    expect(logger.error).not.toHaveBeenCalled(); // Should not log unknown errors here
-    expect(cache).toHaveBeenCalledTimes(1);
-  });
-});

apps/web/app/api/v1/client/[environmentId]/environment/lib/project.ts

@@ -1,50 +0,0 @@
-import { cache } from "@/lib/cache";
-import { projectCache } from "@/lib/project/cache";
-import { validateInputs } from "@/lib/utils/validate";
-import { Prisma } from "@prisma/client";
-import { cache as reactCache } from "react";
-import { prisma } from "@formbricks/database";
-import { logger } from "@formbricks/logger";
-import { ZId } from "@formbricks/types/common";
-import { DatabaseError } from "@formbricks/types/errors";
-import { TJsEnvironmentStateProject } from "@formbricks/types/js";
-
-export const getProjectForEnvironmentState = reactCache(
-  async (environmentId: string): Promise<TJsEnvironmentStateProject | null> =>
-    cache(
-      async () => {
-        validateInputs([environmentId, ZId]);
-
-        try {
-          return await prisma.project.findFirst({
-            where: {
-              environments: {
-                some: {
-                  id: environmentId,
-                },
-              },
-            },
-            select: {
-              id: true,
-              recontactDays: true,
-              clickOutsideClose: true,
-              darkOverlay: true,
-              placement: true,
-              inAppSurveyBranding: true,
-              styling: true,
-            },
-          });
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            logger.error(error, "Error getting project for environment state");
-            throw new DatabaseError(error.message);
-          }
-          throw error;
-        }
-      },
-      [`getProjectForEnvironmentState-${environmentId}`],
-      {
-        tags: [projectCache.tag.byEnvironmentId(environmentId)],
-      }
-    )()
-);

apps/web/app/api/v1/client/[environmentId]/environment/lib/survey.test.ts

@@ -1,155 +0,0 @@
-import { cache } from "@/lib/cache";
-import { validateInputs } from "@/lib/utils/validate";
-import { transformPrismaSurvey } from "@/modules/survey/lib/utils";
-import { Prisma } from "@prisma/client";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { prisma } from "@formbricks/database";
-import { logger } from "@formbricks/logger";
-import { DatabaseError } from "@formbricks/types/errors";
-import { TJsEnvironmentStateSurvey } from "@formbricks/types/js";
-import { getSurveysForEnvironmentState } from "./survey";
-
-// Mock dependencies
-vi.mock("@/lib/cache");
-vi.mock("@/lib/utils/validate");
-vi.mock("@/modules/survey/lib/utils");
-vi.mock("@formbricks/database", () => ({
-  prisma: {
-    survey: {
-      findMany: vi.fn(),
-    },
-  },
-}));
-vi.mock("@formbricks/logger", () => ({
-  logger: {
-    error: vi.fn(),
-  },
-}));
-
-const environmentId = "test-environment-id";
-
-const mockPrismaSurvey = {
-  id: "survey-1",
-  welcomeCard: { enabled: false },
-  name: "Test Survey",
-  questions: [],
-  variables: [],
-  type: "app",
-  showLanguageSwitch: false,
-  languages: [],
-  endings: [],
-  autoClose: null,
-  styling: null,
-  status: "inProgress",
-  recaptcha: null,
-  segment: null,
-  recontactDays: null,
-  displayLimit: null,
-  displayOption: "displayOnce",
-  hiddenFields: { enabled: false },
-  isBackButtonHidden: false,
-  triggers: [],
-  displayPercentage: null,
-  delay: 0,
-  projectOverwrites: null,
-};
-
-const mockTransformedSurvey: TJsEnvironmentStateSurvey = {
-  id: "survey-1",
-  welcomeCard: { enabled: false } as TJsEnvironmentStateSurvey["welcomeCard"],
-  name: "Test Survey",
-  questions: [],
-  variables: [],
-  type: "app",
-  showLanguageSwitch: false,
-  languages: [],
-  endings: [],
-  autoClose: null,
-  styling: null,
-  status: "inProgress",
-  recaptcha: null,
-  segment: null,
-  recontactDays: null,
-  displayLimit: null,
-  displayOption: "displayOnce",
-  hiddenFields: { enabled: false },
-  isBackButtonHidden: false,
-  triggers: [],
-  displayPercentage: null,
-  delay: 0,
-  projectOverwrites: null,
-};
-
-describe("getSurveysForEnvironmentState", () => {
-  beforeEach(() => {
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-    vi.mocked(validateInputs).mockReturnValue([environmentId]); // Assume validation passes
-    vi.mocked(transformPrismaSurvey).mockReturnValue(mockTransformedSurvey);
-  });
-
-  afterEach(() => {
-    vi.resetAllMocks();
-  });
-
-  test("should return transformed surveys on successful fetch", async () => {
-    vi.mocked(prisma.survey.findMany).mockResolvedValue([mockPrismaSurvey]);
-
-    const result = await getSurveysForEnvironmentState(environmentId);
-
-    expect(validateInputs).toHaveBeenCalledWith([environmentId, expect.any(Object)]);
-    expect(prisma.survey.findMany).toHaveBeenCalledWith({
-      where: {
-        environmentId,
-        type: "app",
-        status: "inProgress",
-      },
-      select: expect.any(Object), // Check if select is called, specific fields are in the original code
-      orderBy: { createdAt: "desc" },
-      take: 30,
-    });
-    expect(transformPrismaSurvey).toHaveBeenCalledWith(mockPrismaSurvey);
-    expect(result).toEqual([mockTransformedSurvey]);
-    expect(logger.error).not.toHaveBeenCalled();
-  });
-
-  test("should return an empty array if no surveys are found", async () => {
-    vi.mocked(prisma.survey.findMany).mockResolvedValue([]);
-
-    const result = await getSurveysForEnvironmentState(environmentId);
-
-    expect(prisma.survey.findMany).toHaveBeenCalledWith({
-      where: {
-        environmentId,
-        type: "app",
-        status: "inProgress",
-      },
-      select: expect.any(Object),
-      orderBy: { createdAt: "desc" },
-      take: 30,
-    });
-    expect(transformPrismaSurvey).not.toHaveBeenCalled();
-    expect(result).toEqual([]);
-    expect(logger.error).not.toHaveBeenCalled();
-  });
-
-  test("should throw DatabaseError on Prisma known request error", async () => {
-    const prismaError = new Prisma.PrismaClientKnownRequestError("Test Prisma Error", {
-      code: "P2025",
-      clientVersion: "5.0.0",
-    });
-    vi.mocked(prisma.survey.findMany).mockRejectedValue(prismaError);
-
-    await expect(getSurveysForEnvironmentState(environmentId)).rejects.toThrow(DatabaseError);
-    expect(logger.error).toHaveBeenCalledWith(prismaError, "Error getting surveys for environment state");
-  });
-
-  test("should rethrow unknown errors", async () => {
-    const unknownError = new Error("Something went wrong");
-    vi.mocked(prisma.survey.findMany).mockRejectedValue(unknownError);
-
-    await expect(getSurveysForEnvironmentState(environmentId)).rejects.toThrow(unknownError);
-    expect(logger.error).not.toHaveBeenCalled();
-  });
-});

apps/web/app/api/v1/client/[environmentId]/environment/lib/survey.ts

@@ -1,102 +0,0 @@
-import { cache } from "@/lib/cache";
-import { surveyCache } from "@/lib/survey/cache";
-import { validateInputs } from "@/lib/utils/validate";
-import { transformPrismaSurvey } from "@/modules/survey/lib/utils";
-import { Prisma } from "@prisma/client";
-import { cache as reactCache } from "react";
-import { prisma } from "@formbricks/database";
-import { logger } from "@formbricks/logger";
-import { ZId } from "@formbricks/types/common";
-import { DatabaseError } from "@formbricks/types/errors";
-import { TJsEnvironmentStateSurvey } from "@formbricks/types/js";
-
-export const getSurveysForEnvironmentState = reactCache(
-  async (environmentId: string): Promise<TJsEnvironmentStateSurvey[]> =>
-    cache(
-      async () => {
-        validateInputs([environmentId, ZId]);
-
-        try {
-          const surveysPrisma = await prisma.survey.findMany({
-            where: {
-              environmentId,
-              type: "app",
-              status: "inProgress",
-            },
-            orderBy: {
-              createdAt: "desc",
-            },
-            take: 30,
-            select: {
-              id: true,
-              welcomeCard: true,
-              name: true,
-              questions: true,
-              variables: true,
-              type: true,
-              showLanguageSwitch: true,
-              languages: {
-                select: {
-                  default: true,
-                  enabled: true,
-                  language: {
-                    select: {
-                      id: true,
-                      code: true,
-                      alias: true,
-                      createdAt: true,
-                      updatedAt: true,
-                      projectId: true,
-                    },
-                  },
-                },
-              },
-              endings: true,
-              autoClose: true,
-              styling: true,
-              status: true,
-              recaptcha: true,
-              segment: {
-                include: {
-                  surveys: {
-                    select: {
-                      id: true,
-                    },
-                  },
-                },
-              },
-              recontactDays: true,
-              displayLimit: true,
-              displayOption: true,
-              hiddenFields: true,
-              isBackButtonHidden: true,
-              triggers: {
-                select: {
-                  actionClass: {
-                    select: {
-                      name: true,
-                    },
-                  },
-                },
-              },
-              displayPercentage: true,
-              delay: true,
-              projectOverwrites: true,
-            },
-          });
-
-          return surveysPrisma.map((survey) => transformPrismaSurvey<TJsEnvironmentStateSurvey>(survey));
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            logger.error(error, "Error getting surveys for environment state");
-            throw new DatabaseError(error.message);
-          }
-          throw error;
-        }
-      },
-      [`getSurveysForEnvironmentState-${environmentId}`],
-      {
-        tags: [surveyCache.tag.byEnvironmentId(environmentId)],
-      }
-    )()
-);

apps/web/app/api/v1/client/[environmentId]/environment/route.ts

@@ -1,14 +1,19 @@
 import { getEnvironmentState } from "@/app/api/v1/client/[environmentId]/environment/lib/environmentState";
 import { responses } from "@/app/lib/api/response";
-import { transformErrorToDetails } from "@/app/lib/api/validator";
-import { environmentCache } from "@/lib/environment/cache";
 import { NextRequest } from "next/server";
 import { logger } from "@formbricks/logger";
 import { ResourceNotFoundError } from "@formbricks/types/errors";
-import { ZJsSyncInput } from "@formbricks/types/js";
 
 export const OPTIONS = async (): Promise<Response> => {
-  return responses.successResponse({}, true);
+  return responses.successResponse(
+    {},
+    true,
+    // Cache CORS preflight responses for 1 hour (balanced approach)
+    // Allows for reasonable flexibility while still providing good performance
+    // max-age=3600: 1hr browser cache
+    // s-maxage=3600: 1hr Cloudflare cache
+    "public, s-maxage=3600, max-age=3600"
+  );
 };
 
 export const GET = async (
@@ -22,51 +27,49 @@ export const GET = async (
   const params = await props.params;
 
   try {
-    // validate using zod
-    const inputValidation = ZJsSyncInput.safeParse({
-      environmentId: params.environmentId,
-    });
-
-    if (!inputValidation.success) {
-      return responses.badRequestResponse(
-        "Fields are missing or incorrectly formatted",
-        transformErrorToDetails(inputValidation.error),
-        true
-      );
+    // Simple validation for environmentId (faster than Zod for high-frequency endpoint)
+    if (!params.environmentId || typeof params.environmentId !== "string") {
+      return responses.badRequestResponse("Environment ID is required", undefined, true);
     }
 
-    try {
-      const environmentState = await getEnvironmentState(params.environmentId);
-      const { data, revalidateEnvironment } = environmentState;
+    // Use optimized environment state fetcher with new caching approach
+    const environmentState = await getEnvironmentState(params.environmentId);
+    const { data } = environmentState;
 
-      if (revalidateEnvironment) {
-        environmentCache.revalidate({
-          id: inputValidation.data.environmentId,
-          projectId: data.project.id,
-        });
-      }
-
-      return responses.successResponse(
+    return responses.successResponse(
+      {
+        data,
+        expiresAt: new Date(Date.now() + 1000 * 60 * 60), // 1 hour for SDK to recheck
+      },
+      true,
+      // Optimized cache headers for Cloudflare CDN and browser caching
+      // max-age=3600: 1hr browser cache (per guidelines)
+      // s-maxage=1800: 30min Cloudflare cache (per guidelines)
+      // stale-while-revalidate=1800: 30min stale serving during revalidation
+      // stale-if-error=3600: 1hr stale serving on origin errors
+      "public, s-maxage=1800, max-age=3600, stale-while-revalidate=1800, stale-if-error=3600"
+    );
+  } catch (err) {
+    if (err instanceof ResourceNotFoundError) {
+      logger.warn(
         {
-          data,
-          expiresAt: new Date(Date.now() + 1000 * 60 * 30), // 30 minutes
+          environmentId: params.environmentId,
+          resourceType: err.resourceType,
+          resourceId: err.resourceId,
         },
-        true,
-        "public, s-maxage=600, max-age=840, stale-while-revalidate=600, stale-if-error=600"
+        "Resource not found in environment endpoint"
       );
-    } catch (err) {
-      if (err instanceof ResourceNotFoundError) {
-        return responses.notFoundResponse(err.resourceType, err.resourceId);
-      }
-
-      logger.error(
-        { error: err, url: request.url },
-        "Error in GET /api/v1/client/[environmentId]/environment"
-      );
-      return responses.internalServerErrorResponse(err.message, true);
+      return responses.notFoundResponse(err.resourceType, err.resourceId);
     }
-  } catch (error) {
-    logger.error({ error, url: request.url }, "Error in GET /api/v1/client/[environmentId]/environment");
-    return responses.internalServerErrorResponse("Unable to handle the request: " + error.message, true);
+
+    logger.error(
+      {
+        error: err,
+        url: request.url,
+        environmentId: params.environmentId,
+      },
+      "Error in GET /api/v1/client/[environmentId]/environment"
+    );
+    return responses.internalServerErrorResponse(err.message, true);
   }
 };

apps/web/app/api/v1/client/[environmentId]/responses/lib/contact.test.ts

@@ -1,6 +1,5 @@
-import { cache } from "@/lib/cache";
 import { Prisma } from "@prisma/client";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { afterEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { DatabaseError } from "@formbricks/types/errors";
 import { getContact, getContactByUserId } from "./contact";
@@ -15,9 +14,6 @@ vi.mock("@formbricks/database", () => ({
   },
 }));
 
-// Mock cache module
-vi.mock("@/lib/cache");
-
 // Mock react cache
 vi.mock("react", async () => {
   const actual = await vi.importActual("react");
@@ -32,12 +28,6 @@ const mockEnvironmentId = "test-env-id";
 const mockUserId = "test-user-id";
 
 describe("Contact API Lib", () => {
-  beforeEach(() => {
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-  });
-
   afterEach(() => {
     vi.resetAllMocks();
   });

apps/web/app/api/v1/client/[environmentId]/responses/lib/contact.ts

@@ -1,84 +1,67 @@
-import { cache } from "@/lib/cache";
-import { contactCache } from "@/lib/cache/contact";
 import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { TContactAttributes } from "@formbricks/types/contact-attribute";
 import { DatabaseError } from "@formbricks/types/errors";
 
-export const getContact = reactCache((contactId: string) =>
-  cache(
-    async () => {
-      try {
-        const contact = await prisma.contact.findUnique({
-          where: { id: contactId },
-          select: { id: true },
-        });
+export const getContact = reactCache(async (contactId: string) => {
+  try {
+    const contact = await prisma.contact.findUnique({
+      where: { id: contactId },
+      select: { id: true },
+    });
 
-        return contact;
-      } catch (error) {
-        if (error instanceof Prisma.PrismaClientKnownRequestError) {
-          throw new DatabaseError(error.message);
-        }
-      }
-    },
-    [`getContact-responses-api-${contactId}`],
-    {
-      tags: [contactCache.tag.byId(contactId)],
+    return contact;
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      throw new DatabaseError(error.message);
     }
-  )()
-);
+  }
+});
 
 export const getContactByUserId = reactCache(
-  (
+  async (
     environmentId: string,
     userId: string
   ): Promise<{
     id: string;
     attributes: TContactAttributes;
-  } | null> =>
-    cache(
-      async () => {
-        const contact = await prisma.contact.findFirst({
-          where: {
-            attributes: {
-              some: {
-                attributeKey: {
-                  key: "userId",
-                  environmentId,
-                },
-                value: userId,
-              },
+  } | null> => {
+    const contact = await prisma.contact.findFirst({
+      where: {
+        attributes: {
+          some: {
+            attributeKey: {
+              key: "userId",
+              environmentId,
             },
+            value: userId,
           },
-          select: {
-            id: true,
-            attributes: {
-              select: {
-                attributeKey: { select: { key: true } },
-                value: true,
-              },
-            },
-          },
-        });
-
-        if (!contact) {
-          return null;
-        }
-
-        const contactAttributes = contact.attributes.reduce((acc, attr) => {
-          acc[attr.attributeKey.key] = attr.value;
-          return acc;
-        }, {}) as TContactAttributes;
-
-        return {
-          id: contact.id,
-          attributes: contactAttributes,
-        };
+        },
       },
-      [`getContactByUserIdForResponsesApi-${environmentId}-${userId}`],
-      {
-        tags: [contactCache.tag.byEnvironmentIdAndUserId(environmentId, userId)],
-      }
-    )()
+      select: {
+        id: true,
+        attributes: {
+          select: {
+            attributeKey: { select: { key: true } },
+            value: true,
+          },
+        },
+      },
+    });
+
+    if (!contact) {
+      return null;
+    }
+
+    const contactAttributes = contact.attributes.reduce((acc, attr) => {
+      acc[attr.attributeKey.key] = attr.value;
+      return acc;
+    }, {}) as TContactAttributes;
+
+    return {
+      id: contact.id,
+      attributes: contactAttributes,
+    };
+  }
 );

apps/web/app/api/v1/client/[environmentId]/responses/lib/response.test.ts

@@ -29,22 +29,10 @@ vi.mock("@/lib/posthogServer", () => ({
   sendPlanLimitsReachedEventToPosthogWeekly: vi.fn(),
 }));
 
-vi.mock("@/lib/response/cache", () => ({
-  responseCache: {
-    revalidate: vi.fn(),
-  },
-}));
-
 vi.mock("@/lib/response/utils", () => ({
   calculateTtcTotal: vi.fn((ttc) => ttc),
 }));
 
-vi.mock("@/lib/responseNote/cache", () => ({
-  responseNoteCache: {
-    revalidate: vi.fn(),
-  },
-}));
-
 vi.mock("@/lib/telemetry", () => ({
   captureTelemetry: vi.fn(),
 }));

apps/web/app/api/v1/client/[environmentId]/responses/lib/response.ts

@@ -5,9 +5,7 @@ import {
   getOrganizationByEnvironmentId,
 } from "@/lib/organization/service";
 import { sendPlanLimitsReachedEventToPosthogWeekly } from "@/lib/posthogServer";
-import { responseCache } from "@/lib/response/cache";
 import { calculateTtcTotal } from "@/lib/response/utils";
-import { responseNoteCache } from "@/lib/responseNote/cache";
 import { captureTelemetry } from "@/lib/telemetry";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
@@ -149,19 +147,6 @@ export const createResponse = async (responseInput: TResponseInput): Promise<TRe
       tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
     };
 
-    responseCache.revalidate({
-      environmentId,
-      id: response.id,
-      contactId: contact?.id,
-      ...(singleUseId && { singleUseId }),
-      userId: userId ?? undefined,
-      surveyId,
-    });
-
-    responseNoteCache.revalidate({
-      responseId: response.id,
-    });
-
     if (IS_FORMBRICKS_CLOUD) {
       const responsesCount = await getMonthlyOrganizationResponseCount(organization.id);
       const responsesLimit = organization.billing.limits.monthly.responses;

apps/web/app/api/v1/client/[environmentId]/responses/route.ts

@@ -20,7 +20,13 @@ interface Context {
 }
 
 export const OPTIONS = async (): Promise<Response> => {
-  return responses.successResponse({}, true);
+  return responses.successResponse(
+    {},
+    true,
+    // Cache CORS preflight responses for 1 hour (conservative approach)
+    // Balances performance gains with flexibility for CORS policy changes
+    "public, s-maxage=3600, max-age=3600"
+  );
 };
 
 export const POST = async (request: Request, context: Context): Promise<Response> => {

apps/web/app/api/v1/client/[environmentId]/storage/local/route.ts

@@ -19,15 +19,12 @@ interface Context {
 }
 
 export const OPTIONS = async (): Promise<Response> => {
-  return Response.json(
+  return responses.successResponse(
     {},
-    {
-      headers: {
-        "Access-Control-Allow-Origin": "*",
-        "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
-        "Access-Control-Allow-Headers": "Content-Type, Authorization",
-      },
-    }
+    true,
+    // Cache CORS preflight responses for 1 hour (conservative approach)
+    // Balances performance gains with flexibility for CORS policy changes
+    "public, s-maxage=3600, max-age=3600"
   );
 };
 

apps/web/app/api/v1/client/[environmentId]/storage/route.ts

@@ -15,7 +15,13 @@ interface Context {
 }
 
 export const OPTIONS = async (): Promise<Response> => {
-  return responses.successResponse({}, true);
+  return responses.successResponse(
+    {},
+    true,
+    // Cache CORS preflight responses for 1 hour (conservative approach)
+    // Balances performance gains with flexibility for CORS policy changes
+    "public, s-maxage=3600, max-age=3600"
+  );
 };
 
 // api endpoint for uploading private files

apps/web/app/api/v1/management/action-classes/[actionClassId]/route.ts

@@ -1,6 +1,7 @@
 import { authenticateRequest, handleErrorResponse } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
+import { ApiAuditLog, withApiLogging } from "@/app/lib/api/with-api-logging";
 import { deleteActionClass, getActionClass, updateActionClass } from "@/lib/actionClass/service";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { logger } from "@formbricks/logger";
@@ -44,63 +45,104 @@ export const GET = async (
   }
 };
 
-export const PUT = async (
-  request: Request,
-  props: { params: Promise<{ actionClassId: string }> }
-): Promise<Response> => {
-  const params = await props.params;
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication) return responses.notAuthenticatedResponse();
-    const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId, "PUT");
-    if (!actionClass) {
-      return responses.notFoundResponse("Action Class", params.actionClassId);
-    }
-
-    let actionClassUpdate;
+export const PUT = withApiLogging(
+  async (request: Request, props: { params: Promise<{ actionClassId: string }> }, auditLog: ApiAuditLog) => {
+    const params = await props.params;
     try {
-      actionClassUpdate = await request.json();
-    } catch (error) {
-      logger.error({ error, url: request.url }, "Error parsing JSON");
-      return responses.badRequestResponse("Malformed JSON input, please check your request body");
-    }
+      const authentication = await authenticateRequest(request);
+      if (!authentication) {
+        return {
+          response: responses.notAuthenticatedResponse(),
+        };
+      }
+      auditLog.userId = authentication.apiKeyId;
 
-    const inputValidation = ZActionClassInput.safeParse(actionClassUpdate);
-    if (!inputValidation.success) {
-      return responses.badRequestResponse(
-        "Fields are missing or incorrectly formatted",
-        transformErrorToDetails(inputValidation.error)
+      const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId, "PUT");
+      if (!actionClass) {
+        return {
+          response: responses.notFoundResponse("Action Class", params.actionClassId),
+        };
+      }
+      auditLog.oldObject = actionClass;
+      auditLog.organizationId = authentication.organizationId;
+
+      let actionClassUpdate;
+      try {
+        actionClassUpdate = await request.json();
+      } catch (error) {
+        logger.error({ error, url: request.url }, "Error parsing JSON");
+        return {
+          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
+        };
+      }
+
+      const inputValidation = ZActionClassInput.safeParse(actionClassUpdate);
+      if (!inputValidation.success) {
+        return {
+          response: responses.badRequestResponse(
+            "Fields are missing or incorrectly formatted",
+            transformErrorToDetails(inputValidation.error)
+          ),
+        };
+      }
+      const updatedActionClass = await updateActionClass(
+        inputValidation.data.environmentId,
+        params.actionClassId,
+        inputValidation.data
       );
+      if (updatedActionClass) {
+        auditLog.newObject = updatedActionClass;
+        return {
+          response: responses.successResponse(updatedActionClass),
+        };
+      }
+      return {
+        response: responses.internalServerErrorResponse("Some error occurred while updating action"),
+      };
+    } catch (error) {
+      return {
+        response: handleErrorResponse(error),
+      };
     }
-    const updatedActionClass = await updateActionClass(
-      inputValidation.data.environmentId,
-      params.actionClassId,
-      inputValidation.data
-    );
-    if (updatedActionClass) {
-      return responses.successResponse(updatedActionClass);
-    }
-    return responses.internalServerErrorResponse("Some error ocured while updating action");
-  } catch (error) {
-    return handleErrorResponse(error);
-  }
-};
+  },
+  "updated",
+  "actionClass"
+);
 
-export const DELETE = async (
-  request: Request,
-  props: { params: Promise<{ actionClassId: string }> }
-): Promise<Response> => {
-  const params = await props.params;
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication) return responses.notAuthenticatedResponse();
-    const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId, "DELETE");
-    if (!actionClass) {
-      return responses.notFoundResponse("Action Class", params.actionClassId);
+export const DELETE = withApiLogging(
+  async (request: Request, props: { params: Promise<{ actionClassId: string }> }, auditLog: ApiAuditLog) => {
+    const params = await props.params;
+    auditLog.targetId = params.actionClassId;
+
+    try {
+      const authentication = await authenticateRequest(request);
+      if (!authentication) {
+        return {
+          response: responses.notAuthenticatedResponse(),
+        };
+      }
+      auditLog.userId = authentication.apiKeyId;
+
+      const actionClass = await fetchAndAuthorizeActionClass(authentication, params.actionClassId, "DELETE");
+      if (!actionClass) {
+        return {
+          response: responses.notFoundResponse("Action Class", params.actionClassId),
+        };
+      }
+
+      auditLog.oldObject = actionClass;
+      auditLog.organizationId = authentication.organizationId;
+
+      const deletedActionClass = await deleteActionClass(params.actionClassId);
+      return {
+        response: responses.successResponse(deletedActionClass),
+      };
+    } catch (error) {
+      return {
+        response: handleErrorResponse(error),
+      };
     }
-    const deletedActionClass = await deleteActionClass(params.actionClassId);
-    return responses.successResponse(deletedActionClass);
-  } catch (error) {
-    return handleErrorResponse(error);
-  }
-};
+  },
+  "deleted",
+  "actionClass"
+);

apps/web/app/api/v1/management/action-classes/lib/action-classes.ts

@@ -1,8 +1,6 @@
 "use server";
 
 import "server-only";
-import { actionClassCache } from "@/lib/actionClass/cache";
-import { cache } from "@/lib/cache";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
@@ -23,29 +21,20 @@ const selectActionClass = {
   environmentId: true,
 } satisfies Prisma.ActionClassSelect;
 
-export const getActionClasses = reactCache(
-  async (environmentIds: string[]): Promise<TActionClass[]> =>
-    cache(
-      async () => {
-        validateInputs([environmentIds, ZId.array()]);
+export const getActionClasses = reactCache(async (environmentIds: string[]): Promise<TActionClass[]> => {
+  validateInputs([environmentIds, ZId.array()]);
 
-        try {
-          return await prisma.actionClass.findMany({
-            where: {
-              environmentId: { in: environmentIds },
-            },
-            select: selectActionClass,
-            orderBy: {
-              createdAt: "asc",
-            },
-          });
-        } catch (error) {
-          throw new DatabaseError(`Database error when fetching actions for environment ${environmentIds}`);
-        }
+  try {
+    return await prisma.actionClass.findMany({
+      where: {
+        environmentId: { in: environmentIds },
       },
-      environmentIds.map((environmentId) => `getActionClasses-management-api-${environmentId}`),
-      {
-        tags: environmentIds.map((environmentId) => actionClassCache.tag.byEnvironmentId(environmentId)),
-      }
-    )()
-);
+      select: selectActionClass,
+      orderBy: {
+        createdAt: "asc",
+      },
+    });
+  } catch (error) {
+    throw new DatabaseError(`Database error when fetching actions for environment ${environmentIds}`);
+  }
+});

apps/web/app/api/v1/management/action-classes/route.ts

@@ -1,6 +1,7 @@
 import { authenticateRequest } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
+import { ApiAuditLog, withApiLogging } from "@/app/lib/api/with-api-logging";
 import { createActionClass } from "@/lib/actionClass/service";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { logger } from "@formbricks/logger";
@@ -28,41 +29,62 @@ export const GET = async (request: Request) => {
   }
 };
 
-export const POST = async (request: Request): Promise<Response> => {
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication) return responses.notAuthenticatedResponse();
-
-    let actionClassInput;
+export const POST = withApiLogging(
+  async (request: Request, _, auditLog: ApiAuditLog) => {
     try {
-      actionClassInput = await request.json();
+      const authentication = await authenticateRequest(request);
+      if (!authentication) {
+        return {
+          response: responses.notAuthenticatedResponse(),
+        };
+      }
+      auditLog.userId = authentication.apiKeyId;
+      auditLog.organizationId = authentication.organizationId;
+
+      let actionClassInput;
+      try {
+        actionClassInput = await request.json();
+      } catch (error) {
+        logger.error({ error, url: request.url }, "Error parsing JSON input");
+        return {
+          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
+        };
+      }
+
+      const inputValidation = ZActionClassInput.safeParse(actionClassInput);
+      const environmentId = actionClassInput.environmentId;
+
+      if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
+        return {
+          response: responses.unauthorizedResponse(),
+        };
+      }
+
+      if (!inputValidation.success) {
+        return {
+          response: responses.badRequestResponse(
+            "Fields are missing or incorrectly formatted",
+            transformErrorToDetails(inputValidation.error),
+            true
+          ),
+        };
+      }
+
+      const actionClass: TActionClass = await createActionClass(environmentId, inputValidation.data);
+      auditLog.targetId = actionClass.id;
+      auditLog.newObject = actionClass;
+      return {
+        response: responses.successResponse(actionClass),
+      };
     } catch (error) {
-      logger.error({ error, url: request.url }, "Error parsing JSON input");
-      return responses.badRequestResponse("Malformed JSON input, please check your request body");
+      if (error instanceof DatabaseError) {
+        return {
+          response: responses.badRequestResponse(error.message),
+        };
+      }
+      throw error;
     }
-
-    const inputValidation = ZActionClassInput.safeParse(actionClassInput);
-
-    const environmentId = actionClassInput.environmentId;
-
-    if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
-      return responses.unauthorizedResponse();
-    }
-
-    if (!inputValidation.success) {
-      return responses.badRequestResponse(
-        "Fields are missing or incorrectly formatted",
-        transformErrorToDetails(inputValidation.error),
-        true
-      );
-    }
-
-    const actionClass: TActionClass = await createActionClass(environmentId, inputValidation.data);
-    return responses.successResponse(actionClass);
-  } catch (error) {
-    if (error instanceof DatabaseError) {
-      return responses.badRequestResponse(error.message);
-    }
-    throw error;
-  }
-};
+  },
+  "created",
+  "actionClass"
+);

apps/web/app/api/v1/management/responses/[responseId]/route.ts

@@ -1,6 +1,7 @@
 import { authenticateRequest, handleErrorResponse } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
+import { ApiAuditLog, withApiLogging } from "@/app/lib/api/with-api-logging";
 import { validateFileUploads } from "@/lib/fileValidation";
 import { deleteResponse, getResponse, updateResponse } from "@/lib/response/service";
 import { getSurvey } from "@/lib/survey/service";
@@ -48,58 +49,101 @@ export const GET = async (
   }
 };
 
-export const DELETE = async (
-  request: Request,
-  props: { params: Promise<{ responseId: string }> }
-): Promise<Response> => {
-  const params = await props.params;
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication) return responses.notAuthenticatedResponse();
-
-    const result = await fetchAndAuthorizeResponse(params.responseId, authentication, "DELETE");
-    if (result.error) return result.error;
-
-    const deletedResponse = await deleteResponse(params.responseId);
-    return responses.successResponse(deletedResponse);
-  } catch (error) {
-    return handleErrorResponse(error);
-  }
-};
-
-export const PUT = async (
-  request: Request,
-  props: { params: Promise<{ responseId: string }> }
-): Promise<Response> => {
-  const params = await props.params;
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication) return responses.notAuthenticatedResponse();
-
-    const result = await fetchAndAuthorizeResponse(params.responseId, authentication, "PUT");
-    if (result.error) return result.error;
-
-    let responseUpdate;
+export const DELETE = withApiLogging(
+  async (request: Request, props: { params: Promise<{ responseId: string }> }, auditLog: ApiAuditLog) => {
+    const params = await props.params;
+    auditLog.targetId = params.responseId;
     try {
-      responseUpdate = await request.json();
+      const authentication = await authenticateRequest(request);
+      if (!authentication) {
+        return {
+          response: responses.notAuthenticatedResponse(),
+        };
+      }
+      auditLog.userId = authentication.apiKeyId;
+      auditLog.organizationId = authentication.organizationId;
+
+      const result = await fetchAndAuthorizeResponse(params.responseId, authentication, "DELETE");
+      if (result.error) {
+        return {
+          response: result.error,
+        };
+      }
+      auditLog.oldObject = result.response;
+
+      const deletedResponse = await deleteResponse(params.responseId);
+      return {
+        response: responses.successResponse(deletedResponse),
+      };
     } catch (error) {
-      logger.error({ error, url: request.url }, "Error parsing JSON");
-      return responses.badRequestResponse("Malformed JSON input, please check your request body");
+      return {
+        response: handleErrorResponse(error),
+      };
     }
+  },
+  "deleted",
+  "response"
+);
 
-    if (!validateFileUploads(responseUpdate.data, result.survey.questions)) {
-      return responses.badRequestResponse("Invalid file upload response");
-    }
+export const PUT = withApiLogging(
+  async (request: Request, props: { params: Promise<{ responseId: string }> }, auditLog: ApiAuditLog) => {
+    const params = await props.params;
+    auditLog.targetId = params.responseId;
+    try {
+      const authentication = await authenticateRequest(request);
+      if (!authentication) {
+        return {
+          response: responses.notAuthenticatedResponse(),
+        };
+      }
+      auditLog.userId = authentication.apiKeyId;
+      auditLog.organizationId = authentication.organizationId;
 
-    const inputValidation = ZResponseUpdateInput.safeParse(responseUpdate);
-    if (!inputValidation.success) {
-      return responses.badRequestResponse(
-        "Fields are missing or incorrectly formatted",
-        transformErrorToDetails(inputValidation.error)
-      );
+      const result = await fetchAndAuthorizeResponse(params.responseId, authentication, "PUT");
+      if (result.error) {
+        return {
+          response: result.error,
+        };
+      }
+      auditLog.oldObject = result.response;
+
+      let responseUpdate;
+      try {
+        responseUpdate = await request.json();
+      } catch (error) {
+        logger.error({ error, url: request.url }, "Error parsing JSON");
+        return {
+          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
+        };
+      }
+
+      if (!validateFileUploads(responseUpdate.data, result.survey.questions)) {
+        return {
+          response: responses.badRequestResponse("Invalid file upload response"),
+        };
+      }
+
+      const inputValidation = ZResponseUpdateInput.safeParse(responseUpdate);
+      if (!inputValidation.success) {
+        return {
+          response: responses.badRequestResponse(
+            "Fields are missing or incorrectly formatted",
+            transformErrorToDetails(inputValidation.error)
+          ),
+        };
+      }
+
+      const updated = await updateResponse(params.responseId, inputValidation.data);
+      auditLog.newObject = updated;
+      return {
+        response: responses.successResponse(updated),
+      };
+    } catch (error) {
+      return {
+        response: handleErrorResponse(error),
+      };
     }
-    return responses.successResponse(await updateResponse(params.responseId, inputValidation.data));
-  } catch (error) {
-    return handleErrorResponse(error);
-  }
-};
+  },
+  "updated",
+  "response"
+);

apps/web/app/api/v1/management/responses/lib/contact.test.ts

@@ -1,6 +1,4 @@
-import { cache } from "@/lib/cache";
-import { contactCache } from "@/lib/cache/contact";
-import { beforeEach, describe, expect, test, vi } from "vitest";
+import { describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { TContactAttributes } from "@formbricks/types/contact-attribute";
 import { getContactByUserId } from "./contact";
@@ -14,8 +12,6 @@ vi.mock("@formbricks/database", () => ({
   },
 }));
 
-vi.mock("@/lib/cache");
-
 const environmentId = "test-env-id";
 const userId = "test-user-id";
 const contactId = "test-contact-id";
@@ -36,12 +32,6 @@ const expectedContactAttributes: TContactAttributes = {
 };
 
 describe("getContactByUserId", () => {
-  beforeEach(() => {
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
-  });
-
   test("should return contact with attributes when found", async () => {
     vi.mocked(prisma.contact.findFirst).mockResolvedValue(mockContactDbData);
 
@@ -73,13 +63,6 @@ describe("getContactByUserId", () => {
       id: contactId,
       attributes: expectedContactAttributes,
     });
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function),
-      [`getContactByUserIdForResponsesApi-${environmentId}-${userId}`],
-      {
-        tags: [contactCache.tag.byEnvironmentIdAndUserId(environmentId, userId)],
-      }
-    );
   });
 
   test("should return null when contact is not found", async () => {
@@ -110,12 +93,5 @@ describe("getContactByUserId", () => {
       },
     });
     expect(contact).toBeNull();
-    expect(cache).toHaveBeenCalledWith(
-      expect.any(Function),
-      [`getContactByUserIdForResponsesApi-${environmentId}-${userId}`],
-      {
-        tags: [contactCache.tag.byEnvironmentIdAndUserId(environmentId, userId)],
-      }
-    );
   });
 });

apps/web/app/api/v1/management/responses/lib/contact.ts

@@ -1,60 +1,51 @@
 import "server-only";
-import { cache } from "@/lib/cache";
-import { contactCache } from "@/lib/cache/contact";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { TContactAttributes } from "@formbricks/types/contact-attribute";
 
 export const getContactByUserId = reactCache(
-  (
+  async (
     environmentId: string,
     userId: string
   ): Promise<{
     id: string;
     attributes: TContactAttributes;
-  } | null> =>
-    cache(
-      async () => {
-        const contact = await prisma.contact.findFirst({
-          where: {
-            attributes: {
-              some: {
-                attributeKey: {
-                  key: "userId",
-                  environmentId,
-                },
-                value: userId,
-              },
+  } | null> => {
+    const contact = await prisma.contact.findFirst({
+      where: {
+        attributes: {
+          some: {
+            attributeKey: {
+              key: "userId",
+              environmentId,
             },
+            value: userId,
           },
-          select: {
-            id: true,
-            attributes: {
-              select: {
-                attributeKey: { select: { key: true } },
-                value: true,
-              },
-            },
-          },
-        });
-
-        if (!contact) {
-          return null;
-        }
-
-        const contactAttributes = contact.attributes.reduce((acc, attr) => {
-          acc[attr.attributeKey.key] = attr.value;
-          return acc;
-        }, {}) as TContactAttributes;
-
-        return {
-          id: contact.id,
-          attributes: contactAttributes,
-        };
+        },
       },
-      [`getContactByUserIdForResponsesApi-${environmentId}-${userId}`],
-      {
-        tags: [contactCache.tag.byEnvironmentIdAndUserId(environmentId, userId)],
-      }
-    )()
+      select: {
+        id: true,
+        attributes: {
+          select: {
+            attributeKey: { select: { key: true } },
+            value: true,
+          },
+        },
+      },
+    });
+
+    if (!contact) {
+      return null;
+    }
+
+    const contactAttributes = contact.attributes.reduce((acc, attr) => {
+      acc[attr.attributeKey.key] = attr.value;
+      return acc;
+    }, {}) as TContactAttributes;
+
+    return {
+      id: contact.id,
+      attributes: contactAttributes,
+    };
+  }
 );

apps/web/app/api/v1/management/responses/lib/response.test.ts

@@ -1,13 +1,10 @@
-import { cache } from "@/lib/cache";
 import {
   getMonthlyOrganizationResponseCount,
   getOrganizationByEnvironmentId,
 } from "@/lib/organization/service";
 import { sendPlanLimitsReachedEventToPosthogWeekly } from "@/lib/posthogServer";
-import { responseCache } from "@/lib/response/cache";
 import { getResponseContact } from "@/lib/response/service";
 import { calculateTtcTotal } from "@/lib/response/utils";
-import { responseNoteCache } from "@/lib/responseNote/cache";
 import { validateInputs } from "@/lib/utils/validate";
 import { Organization, Prisma, Response as ResponsePrisma } from "@prisma/client";
 import { beforeEach, describe, expect, test, vi } from "vitest";
@@ -99,7 +96,6 @@ const mockResponsesPrisma = [mockResponsePrisma, { ...mockResponsePrisma, id: "r
 const mockTransformedResponses = [mockResponse, { ...mockResponse, id: "response-2" }];
 
 // Mock dependencies
-vi.mock("@/lib/cache");
 vi.mock("@/lib/constants", () => ({
   IS_FORMBRICKS_CLOUD: true,
   POSTHOG_API_KEY: "mock-posthog-api-key",
@@ -125,10 +121,8 @@ vi.mock("@/lib/constants", () => ({
 }));
 vi.mock("@/lib/organization/service");
 vi.mock("@/lib/posthogServer");
-vi.mock("@/lib/response/cache");
 vi.mock("@/lib/response/service");
 vi.mock("@/lib/response/utils");
-vi.mock("@/lib/responseNote/cache");
 vi.mock("@/lib/telemetry");
 vi.mock("@/lib/utils/validate");
 vi.mock("@formbricks/database", () => ({
@@ -145,10 +139,6 @@ vi.mock("./contact");
 describe("Response Lib Tests", () => {
   beforeEach(() => {
     vi.clearAllMocks();
-    // No need to mock IS_FORMBRICKS_CLOUD here anymore unless specifically changing it from the default
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
   });
 
   describe("createResponse", () => {
@@ -174,13 +164,6 @@ describe("Response Lib Tests", () => {
           }),
         })
       );
-      expect(responseCache.revalidate).toHaveBeenCalledWith(
-        expect.objectContaining({
-          contactId: mockContact.id,
-          userId: mockUserId,
-        })
-      );
-      expect(responseNoteCache.revalidate).toHaveBeenCalled();
       expect(response.contact).toEqual({ id: mockContact.id, userId: mockUserId });
     });
 
@@ -296,7 +279,6 @@ describe("Response Lib Tests", () => {
       );
       expect(getResponseContact).toHaveBeenCalledTimes(mockResponsesPrisma.length);
       expect(responses).toEqual(mockTransformedResponses);
-      expect(cache).toHaveBeenCalled();
     });
 
     test("should return responses with limit and offset", async () => {
@@ -311,7 +293,6 @@ describe("Response Lib Tests", () => {
           skip: mockOffset,
         })
       );
-      expect(cache).toHaveBeenCalled();
     });
 
     test("should return empty array if no responses found", async () => {
@@ -322,7 +303,6 @@ describe("Response Lib Tests", () => {
       expect(responses).toEqual([]);
       expect(prisma.response.findMany).toHaveBeenCalled();
       expect(getResponseContact).not.toHaveBeenCalled();
-      expect(cache).toHaveBeenCalled();
     });
 
     test("should handle PrismaClientKnownRequestError", async () => {
@@ -333,7 +313,6 @@ describe("Response Lib Tests", () => {
       vi.mocked(prisma.response.findMany).mockRejectedValue(prismaError);
 
       await expect(getResponsesByEnvironmentIds(mockEnvironmentIds)).rejects.toThrow(DatabaseError);
-      expect(cache).toHaveBeenCalled();
     });
 
     test("should handle generic errors", async () => {
@@ -341,7 +320,6 @@ describe("Response Lib Tests", () => {
       vi.mocked(prisma.response.findMany).mockRejectedValue(genericError);
 
       await expect(getResponsesByEnvironmentIds(mockEnvironmentIds)).rejects.toThrow(genericError);
-      expect(cache).toHaveBeenCalled();
     });
   });
 });

apps/web/app/api/v1/management/responses/lib/response.ts

@@ -1,15 +1,12 @@
 import "server-only";
-import { cache } from "@/lib/cache";
 import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
 import {
   getMonthlyOrganizationResponseCount,
   getOrganizationByEnvironmentId,
 } from "@/lib/organization/service";
 import { sendPlanLimitsReachedEventToPosthogWeekly } from "@/lib/posthogServer";
-import { responseCache } from "@/lib/response/cache";
 import { getResponseContact } from "@/lib/response/service";
 import { calculateTtcTotal } from "@/lib/response/utils";
-import { responseNoteCache } from "@/lib/responseNote/cache";
 import { captureTelemetry } from "@/lib/telemetry";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
@@ -153,19 +150,6 @@ export const createResponse = async (responseInput: TResponseInput): Promise<TRe
       tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
     };
 
-    responseCache.revalidate({
-      environmentId,
-      id: response.id,
-      contactId: contact?.id,
-      ...(singleUseId && { singleUseId }),
-      userId: userId ?? undefined,
-      surveyId,
-    });
-
-    responseNoteCache.revalidate({
-      responseId: response.id,
-    });
-
     if (IS_FORMBRICKS_CLOUD) {
       const responsesCount = await getMonthlyOrganizationResponseCount(organization.id);
       const responsesLimit = organization.billing.limits.monthly.responses;
@@ -200,51 +184,42 @@ export const createResponse = async (responseInput: TResponseInput): Promise<TRe
 };
 
 export const getResponsesByEnvironmentIds = reactCache(
-  async (environmentIds: string[], limit?: number, offset?: number): Promise<TResponse[]> =>
-    cache(
-      async () => {
-        validateInputs([environmentIds, ZId.array()], [limit, ZOptionalNumber], [offset, ZOptionalNumber]);
-        try {
-          const responses = await prisma.response.findMany({
-            where: {
-              survey: {
-                environmentId: { in: environmentIds },
-              },
-            },
-            select: responseSelection,
-            orderBy: [
-              {
-                createdAt: "desc",
-              },
-            ],
-            take: limit ? limit : undefined,
-            skip: offset ? offset : undefined,
-          });
+  async (environmentIds: string[], limit?: number, offset?: number): Promise<TResponse[]> => {
+    validateInputs([environmentIds, ZId.array()], [limit, ZOptionalNumber], [offset, ZOptionalNumber]);
+    try {
+      const responses = await prisma.response.findMany({
+        where: {
+          survey: {
+            environmentId: { in: environmentIds },
+          },
+        },
+        select: responseSelection,
+        orderBy: [
+          {
+            createdAt: "desc",
+          },
+        ],
+        take: limit ? limit : undefined,
+        skip: offset ? offset : undefined,
+      });
 
-          const transformedResponses: TResponse[] = await Promise.all(
-            responses.map((responsePrisma) => {
-              return {
-                ...responsePrisma,
-                contact: getResponseContact(responsePrisma),
-                tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
-              };
-            })
-          );
+      const transformedResponses: TResponse[] = await Promise.all(
+        responses.map((responsePrisma) => {
+          return {
+            ...responsePrisma,
+            contact: getResponseContact(responsePrisma),
+            tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
+          };
+        })
+      );
 
-          return transformedResponses;
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            throw new DatabaseError(error.message);
-          }
-
-          throw error;
-        }
-      },
-      environmentIds.map(
-        (environmentId) => `getResponses-management-api-${environmentId}-${limit}-${offset}`
-      ),
-      {
-        tags: environmentIds.map((environmentId) => responseCache.tag.byEnvironmentId(environmentId)),
+      return transformedResponses;
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+        throw new DatabaseError(error.message);
       }
-    )()
+
+      throw error;
+    }
+  }
 );

apps/web/app/api/v1/management/responses/route.ts

@@ -1,6 +1,7 @@
 import { authenticateRequest } from "@/app/api/v1/auth";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
+import { ApiAuditLog, withApiLogging } from "@/app/lib/api/with-api-logging";
 import { validateFileUploads } from "@/lib/fileValidation";
 import { getResponses } from "@/lib/response/service";
 import { getSurvey } from "@/lib/survey/service";
@@ -91,46 +92,78 @@ const validateSurvey = async (responseInput: TResponseInput, environmentId: stri
   return { survey };
 };
 
-export const POST = async (request: Request): Promise<Response> => {
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication) return responses.notAuthenticatedResponse();
-
-    const inputResult = await validateInput(request);
-    if (inputResult.error) return inputResult.error;
-
-    const responseInput = inputResult.data;
-    const environmentId = responseInput.environmentId;
-
-    if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
-      return responses.unauthorizedResponse();
-    }
-
-    const surveyResult = await validateSurvey(responseInput, environmentId);
-    if (surveyResult.error) return surveyResult.error;
-
-    if (!validateFileUploads(responseInput.data, surveyResult.survey.questions)) {
-      return responses.badRequestResponse("Invalid file upload response");
-    }
-
-    if (responseInput.createdAt && !responseInput.updatedAt) {
-      responseInput.updatedAt = responseInput.createdAt;
-    }
-
+export const POST = withApiLogging(
+  async (request: Request, _, auditLog: ApiAuditLog) => {
     try {
-      const response = await createResponse(responseInput);
-      return responses.successResponse(response, true);
-    } catch (error) {
-      if (error instanceof InvalidInputError) {
-        return responses.badRequestResponse(error.message);
+      const authentication = await authenticateRequest(request);
+      if (!authentication) {
+        return {
+          response: responses.notAuthenticatedResponse(),
+        };
       }
-      logger.error({ error, url: request.url }, "Error in POST /api/v1/management/responses");
-      return responses.internalServerErrorResponse(error.message);
+      auditLog.userId = authentication.apiKeyId;
+      auditLog.organizationId = authentication.organizationId;
+
+      const inputResult = await validateInput(request);
+      if (inputResult.error) {
+        return {
+          response: inputResult.error,
+        };
+      }
+
+      const responseInput = inputResult.data;
+      const environmentId = responseInput.environmentId;
+
+      if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
+        return {
+          response: responses.unauthorizedResponse(),
+        };
+      }
+
+      const surveyResult = await validateSurvey(responseInput, environmentId);
+      if (surveyResult.error) {
+        return {
+          response: surveyResult.error,
+        };
+      }
+
+      if (!validateFileUploads(responseInput.data, surveyResult.survey.questions)) {
+        return {
+          response: responses.badRequestResponse("Invalid file upload response"),
+        };
+      }
+
+      if (responseInput.createdAt && !responseInput.updatedAt) {
+        responseInput.updatedAt = responseInput.createdAt;
+      }
+
+      try {
+        const response = await createResponse(responseInput);
+        auditLog.targetId = response.id;
+        auditLog.newObject = response;
+        return {
+          response: responses.successResponse(response, true),
+        };
+      } catch (error) {
+        if (error instanceof InvalidInputError) {
+          return {
+            response: responses.badRequestResponse(error.message),
+          };
+        }
+        logger.error({ error, url: request.url }, "Error in POST /api/v1/management/responses");
+        return {
+          response: responses.internalServerErrorResponse(error.message),
+        };
+      }
+    } catch (error) {
+      if (error instanceof DatabaseError) {
+        return {
+          response: responses.badRequestResponse(error.message),
+        };
+      }
+      throw error;
     }
-  } catch (error) {
-    if (error instanceof DatabaseError) {
-      return responses.badRequestResponse(error.message);
-    }
-    throw error;
-  }
-};
+  },
+  "created",
+  "response"
+);

apps/web/app/api/v1/management/surveys/[surveyId]/lib/surveys.test.ts

@@ -1,6 +1,3 @@
-import { segmentCache } from "@/lib/cache/segment";
-import { responseCache } from "@/lib/response/cache";
-import { surveyCache } from "@/lib/survey/cache";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
@@ -9,22 +6,6 @@ import { logger } from "@formbricks/logger";
 import { DatabaseError } from "@formbricks/types/errors";
 import { deleteSurvey } from "./surveys";
 
-// Mock dependencies
-vi.mock("@/lib/cache/segment", () => ({
-  segmentCache: {
-    revalidate: vi.fn(),
-  },
-}));
-vi.mock("@/lib/response/cache", () => ({
-  responseCache: {
-    revalidate: vi.fn(),
-  },
-}));
-vi.mock("@/lib/survey/cache", () => ({
-  surveyCache: {
-    revalidate: vi.fn(),
-  },
-}));
 vi.mock("@/lib/utils/validate", () => ({
   validateInputs: vi.fn(),
 }));
@@ -91,14 +72,7 @@ describe("deleteSurvey", () => {
       },
     });
     expect(prisma.segment.delete).not.toHaveBeenCalled();
-    expect(segmentCache.revalidate).not.toHaveBeenCalled(); // No segment to revalidate
-    expect(responseCache.revalidate).toHaveBeenCalledWith({ surveyId, environmentId });
-    expect(surveyCache.revalidate).toHaveBeenCalledTimes(1); // Only for surveyId
-    expect(surveyCache.revalidate).toHaveBeenCalledWith({
-      id: surveyId,
-      environmentId,
-      resultShareKey: undefined,
-    });
+
     expect(deletedSurvey).toEqual(mockDeletedSurveyLink);
   });
 
@@ -112,9 +86,6 @@ describe("deleteSurvey", () => {
     await expect(deleteSurvey(surveyId)).rejects.toThrow(DatabaseError);
     expect(logger.error).toHaveBeenCalledWith({ error: prismaError, surveyId }, "Error deleting survey");
     expect(prisma.segment.delete).not.toHaveBeenCalled();
-    expect(segmentCache.revalidate).not.toHaveBeenCalled();
-    expect(responseCache.revalidate).not.toHaveBeenCalled();
-    expect(surveyCache.revalidate).not.toHaveBeenCalled();
   });
 
   test("should handle PrismaClientKnownRequestError during segment deletion", async () => {
@@ -128,7 +99,6 @@ describe("deleteSurvey", () => {
     await expect(deleteSurvey(surveyId)).rejects.toThrow(DatabaseError);
     expect(logger.error).toHaveBeenCalledWith({ error: prismaError, surveyId }, "Error deleting survey");
     expect(prisma.segment.delete).toHaveBeenCalledWith({ where: { id: segmentId } });
-    // Caches might have been partially revalidated before the error
   });
 
   test("should handle generic errors during deletion", async () => {
@@ -136,7 +106,7 @@ describe("deleteSurvey", () => {
     vi.mocked(prisma.survey.delete).mockRejectedValue(genericError);
 
     await expect(deleteSurvey(surveyId)).rejects.toThrow(genericError);
-    expect(logger.error).not.toHaveBeenCalled(); // Should not log generic errors here
+    expect(logger.error).not.toHaveBeenCalled();
     expect(prisma.segment.delete).not.toHaveBeenCalled();
   });
 

apps/web/app/api/v1/management/surveys/[surveyId]/lib/surveys.ts

@@ -1,6 +1,3 @@
-import { segmentCache } from "@/lib/cache/segment";
-import { responseCache } from "@/lib/response/cache";
-import { surveyCache } from "@/lib/survey/cache";
 import { validateInputs } from "@/lib/utils/validate";
 import { Prisma } from "@prisma/client";
 import { z } from "zod";
@@ -27,44 +24,13 @@ export const deleteSurvey = async (surveyId: string) => {
     });
 
     if (deletedSurvey.type === "app" && deletedSurvey.segment?.isPrivate) {
-      const deletedSegment = await prisma.segment.delete({
+      await prisma.segment.delete({
         where: {
           id: deletedSurvey.segment.id,
         },
       });
-
-      if (deletedSegment) {
-        segmentCache.revalidate({
-          id: deletedSegment.id,
-          environmentId: deletedSurvey.environmentId,
-        });
-      }
     }
 
-    responseCache.revalidate({
-      surveyId,
-      environmentId: deletedSurvey.environmentId,
-    });
-    surveyCache.revalidate({
-      id: deletedSurvey.id,
-      environmentId: deletedSurvey.environmentId,
-      resultShareKey: deletedSurvey.resultShareKey ?? undefined,
-    });
-
-    if (deletedSurvey.segment?.id) {
-      segmentCache.revalidate({
-        id: deletedSurvey.segment.id,
-        environmentId: deletedSurvey.environmentId,
-      });
-    }
-
-    // Revalidate public triggers by actionClassId
-    deletedSurvey.triggers.forEach((trigger) => {
-      surveyCache.revalidate({
-        actionClassId: trigger.actionClass.id,
-      });
-    });
-
     return deletedSurvey;
   } catch (error) {
     if (error instanceof Prisma.PrismaClientKnownRequestError) {

apps/web/app/api/v1/management/surveys/[surveyId]/route.ts

@@ -3,6 +3,7 @@ import { deleteSurvey } from "@/app/api/v1/management/surveys/[surveyId]/lib/sur
 import { checkFeaturePermissions } from "@/app/api/v1/management/surveys/lib/utils";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
+import { ApiAuditLog, withApiLogging } from "@/app/lib/api/with-api-logging";
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
@@ -42,64 +43,121 @@ export const GET = async (
   }
 };
 
-export const DELETE = async (
-  request: Request,
-  props: { params: Promise<{ surveyId: string }> }
-): Promise<Response> => {
-  const params = await props.params;
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication) return responses.notAuthenticatedResponse();
-    const result = await fetchAndAuthorizeSurvey(params.surveyId, authentication, "DELETE");
-    if (result.error) return result.error;
-    const deletedSurvey = await deleteSurvey(params.surveyId);
-    return responses.successResponse(deletedSurvey);
-  } catch (error) {
-    return handleErrorResponse(error);
-  }
-};
-
-export const PUT = async (
-  request: Request,
-  props: { params: Promise<{ surveyId: string }> }
-): Promise<Response> => {
-  const params = await props.params;
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication) return responses.notAuthenticatedResponse();
-    const result = await fetchAndAuthorizeSurvey(params.surveyId, authentication, "PUT");
-    if (result.error) return result.error;
-
-    const organization = await getOrganizationByEnvironmentId(result.survey.environmentId);
-    if (!organization) {
-      return responses.notFoundResponse("Organization", null);
-    }
-
-    let surveyUpdate;
+export const DELETE = withApiLogging(
+  async (request: Request, props: { params: Promise<{ surveyId: string }> }, auditLog: ApiAuditLog) => {
+    const params = await props.params;
+    auditLog.targetId = params.surveyId;
     try {
-      surveyUpdate = await request.json();
+      const authentication = await authenticateRequest(request);
+      if (!authentication) {
+        return {
+          response: responses.notAuthenticatedResponse(),
+        };
+      }
+      auditLog.userId = authentication.apiKeyId;
+      auditLog.organizationId = authentication.organizationId;
+
+      const result = await fetchAndAuthorizeSurvey(params.surveyId, authentication, "DELETE");
+      if (result.error) {
+        return {
+          response: result.error,
+        };
+      }
+      auditLog.oldObject = result.survey;
+
+      const deletedSurvey = await deleteSurvey(params.surveyId);
+      return {
+        response: responses.successResponse(deletedSurvey),
+      };
     } catch (error) {
-      logger.error({ error, url: request.url }, "Error parsing JSON input");
-      return responses.badRequestResponse("Malformed JSON input, please check your request body");
+      return {
+        response: handleErrorResponse(error),
+      };
     }
+  },
+  "deleted",
+  "survey"
+);
 
-    const inputValidation = ZSurveyUpdateInput.safeParse({
-      ...result.survey,
-      ...surveyUpdate,
-    });
+export const PUT = withApiLogging(
+  async (request: Request, props: { params: Promise<{ surveyId: string }> }, auditLog: ApiAuditLog) => {
+    const params = await props.params;
+    auditLog.targetId = params.surveyId;
+    try {
+      const authentication = await authenticateRequest(request);
+      if (!authentication) {
+        return {
+          response: responses.notAuthenticatedResponse(),
+        };
+      }
+      auditLog.userId = authentication.apiKeyId;
 
-    if (!inputValidation.success) {
-      return responses.badRequestResponse(
-        "Fields are missing or incorrectly formatted",
-        transformErrorToDetails(inputValidation.error)
-      );
+      const result = await fetchAndAuthorizeSurvey(params.surveyId, authentication, "PUT");
+      if (result.error) {
+        return {
+          response: result.error,
+        };
+      }
+      auditLog.oldObject = result.survey;
+
+      const organization = await getOrganizationByEnvironmentId(result.survey.environmentId);
+      if (!organization) {
+        return {
+          response: responses.notFoundResponse("Organization", null),
+        };
+      }
+      auditLog.organizationId = organization.id;
+
+      let surveyUpdate;
+      try {
+        surveyUpdate = await request.json();
+      } catch (error) {
+        logger.error({ error, url: request.url }, "Error parsing JSON input");
+        return {
+          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
+        };
+      }
+
+      const inputValidation = ZSurveyUpdateInput.safeParse({
+        ...result.survey,
+        ...surveyUpdate,
+      });
+
+      if (!inputValidation.success) {
+        return {
+          response: responses.badRequestResponse(
+            "Fields are missing or incorrectly formatted",
+            transformErrorToDetails(inputValidation.error)
+          ),
+        };
+      }
+
+      const featureCheckResult = await checkFeaturePermissions(surveyUpdate, organization);
+      if (featureCheckResult) {
+        return {
+          response: featureCheckResult,
+        };
+      }
+
+      try {
+        const updatedSurvey = await updateSurvey({ ...inputValidation.data, id: params.surveyId });
+        auditLog.newObject = updatedSurvey;
+        return {
+          response: responses.successResponse(updatedSurvey),
+        };
+      } catch (error) {
+        auditLog.status = "failure";
+        return {
+          response: handleErrorResponse(error),
+        };
+      }
+    } catch (error) {
+      auditLog.status = "failure";
+      return {
+        response: handleErrorResponse(error),
+      };
     }
-
-    const featureCheckResult = await checkFeaturePermissions(surveyUpdate, organization);
-    if (featureCheckResult) return featureCheckResult;
-
-    return responses.successResponse(await updateSurvey({ ...inputValidation.data, id: params.surveyId }));
-  } catch (error) {
-    return handleErrorResponse(error);
-  }
-};
+  },
+  "updated",
+  "survey"
+);

apps/web/app/api/v1/management/surveys/lib/surveys.test.ts

@@ -1,4 +1,3 @@
-import { cache } from "@/lib/cache";
 import { selectSurvey } from "@/lib/survey/service";
 import { transformPrismaSurvey } from "@/lib/survey/utils";
 import { validateInputs } from "@/lib/utils/validate";
@@ -11,8 +10,6 @@ import { TSurvey } from "@formbricks/types/surveys/types";
 import { getSurveys } from "./surveys";
 
 // Mock dependencies
-vi.mock("@/lib/cache");
-vi.mock("@/lib/survey/cache");
 vi.mock("@/lib/survey/utils");
 vi.mock("@/lib/utils/validate");
 vi.mock("@formbricks/database", () => ({
@@ -75,10 +72,6 @@ const mockSurveyTransformed3: TSurvey = {
 describe("getSurveys (Management API)", () => {
   beforeEach(() => {
     vi.resetAllMocks();
-    // Mock the cache function to simply execute the underlying function
-    vi.mocked(cache).mockImplementation((fn) => async () => {
-      return fn();
-    });
     vi.mocked(transformPrismaSurvey).mockImplementation((survey) => ({
       ...survey,
       displayPercentage: null,
@@ -112,7 +105,6 @@ describe("getSurveys (Management API)", () => {
     expect(transformPrismaSurvey).toHaveBeenCalledTimes(1);
     expect(transformPrismaSurvey).toHaveBeenCalledWith(mockSurveyPrisma2);
     expect(surveys).toEqual([mockSurveyTransformed2]);
-    expect(cache).toHaveBeenCalledTimes(1);
   });
 
   test("should return surveys for multiple environment IDs without limit and offset", async () => {
@@ -138,7 +130,6 @@ describe("getSurveys (Management API)", () => {
     });
     expect(transformPrismaSurvey).toHaveBeenCalledTimes(3);
     expect(surveys).toEqual([mockSurveyTransformed1, mockSurveyTransformed2, mockSurveyTransformed3]);
-    expect(cache).toHaveBeenCalledTimes(1);
   });
 
   test("should return an empty array if no surveys are found", async () => {
@@ -149,7 +140,6 @@ describe("getSurveys (Management API)", () => {
     expect(prisma.survey.findMany).toHaveBeenCalled();
     expect(transformPrismaSurvey).not.toHaveBeenCalled();
     expect(surveys).toEqual([]);
-    expect(cache).toHaveBeenCalledTimes(1);
   });
 
   test("should handle PrismaClientKnownRequestError", async () => {
@@ -161,7 +151,6 @@ describe("getSurveys (Management API)", () => {
 
     await expect(getSurveys([environmentId1])).rejects.toThrow(DatabaseError);
     expect(logger.error).toHaveBeenCalledWith(prismaError, "Error getting surveys");
-    expect(cache).toHaveBeenCalledTimes(1);
   });
 
   test("should handle generic errors", async () => {
@@ -170,7 +159,6 @@ describe("getSurveys (Management API)", () => {
 
     await expect(getSurveys([environmentId1])).rejects.toThrow(genericError);
     expect(logger.error).not.toHaveBeenCalled();
-    expect(cache).toHaveBeenCalledTimes(1);
   });
 
   test("should throw validation error for invalid input", async () => {
@@ -182,6 +170,5 @@ describe("getSurveys (Management API)", () => {
 
     await expect(getSurveys([invalidEnvId])).rejects.toThrow(validationError);
     expect(prisma.survey.findMany).not.toHaveBeenCalled();
-    expect(cache).toHaveBeenCalledTimes(1); // Cache wrapper is still called
   });
 });

apps/web/app/api/v1/management/surveys/lib/surveys.ts

@@ -1,6 +1,4 @@
 import "server-only";
-import { cache } from "@/lib/cache";
-import { surveyCache } from "@/lib/survey/cache";
 import { selectSurvey } from "@/lib/survey/service";
 import { transformPrismaSurvey } from "@/lib/survey/utils";
 import { validateInputs } from "@/lib/utils/validate";
@@ -8,41 +6,33 @@ import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
-import { ZOptionalNumber } from "@formbricks/types/common";
-import { ZId } from "@formbricks/types/common";
+import { ZId, ZOptionalNumber } from "@formbricks/types/common";
 import { DatabaseError } from "@formbricks/types/errors";
 import { TSurvey } from "@formbricks/types/surveys/types";
 
 export const getSurveys = reactCache(
-  async (environmentIds: string[], limit?: number, offset?: number): Promise<TSurvey[]> =>
-    cache(
-      async () => {
-        validateInputs([environmentIds, ZId.array()], [limit, ZOptionalNumber], [offset, ZOptionalNumber]);
+  async (environmentIds: string[], limit?: number, offset?: number): Promise<TSurvey[]> => {
+    validateInputs([environmentIds, ZId.array()], [limit, ZOptionalNumber], [offset, ZOptionalNumber]);
 
-        try {
-          const surveysPrisma = await prisma.survey.findMany({
-            where: {
-              environmentId: { in: environmentIds },
-            },
-            select: selectSurvey,
-            orderBy: {
-              updatedAt: "desc",
-            },
-            take: limit,
-            skip: offset,
-          });
-          return surveysPrisma.map((surveyPrisma) => transformPrismaSurvey<TSurvey>(surveyPrisma));
-        } catch (error) {
-          if (error instanceof Prisma.PrismaClientKnownRequestError) {
-            logger.error(error, "Error getting surveys");
-            throw new DatabaseError(error.message);
-          }
-          throw error;
-        }
-      },
-      environmentIds.map((environmentId) => `getSurveys-management-api-${environmentId}-${limit}-${offset}`),
-      {
-        tags: environmentIds.map((environmentId) => surveyCache.tag.byEnvironmentId(environmentId)),
+    try {
+      const surveysPrisma = await prisma.survey.findMany({
+        where: {
+          environmentId: { in: environmentIds },
+        },
+        select: selectSurvey,
+        orderBy: {
+          updatedAt: "desc",
+        },
+        take: limit,
+        skip: offset,
+      });
+      return surveysPrisma.map((surveyPrisma) => transformPrismaSurvey<TSurvey>(surveyPrisma));
+    } catch (error) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+        logger.error(error, "Error getting surveys");
+        throw new DatabaseError(error.message);
       }
-    )()
+      throw error;
+    }
+  }
 );

apps/web/app/api/v1/management/surveys/route.ts

@@ -2,6 +2,7 @@ import { authenticateRequest } from "@/app/api/v1/auth";
 import { checkFeaturePermissions } from "@/app/api/v1/management/surveys/lib/utils";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
+import { ApiAuditLog, withApiLogging } from "@/app/lib/api/with-api-logging";
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
 import { createSurvey } from "@/lib/survey/service";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
@@ -33,50 +34,78 @@ export const GET = async (request: Request) => {
   }
 };
 
-export const POST = async (request: Request): Promise<Response> => {
-  try {
-    const authentication = await authenticateRequest(request);
-    if (!authentication) return responses.notAuthenticatedResponse();
-
-    let surveyInput;
+export const POST = withApiLogging(
+  async (request: Request, _, auditLog: ApiAuditLog) => {
     try {
-      surveyInput = await request.json();
+      const authentication = await authenticateRequest(request);
+      if (!authentication) {
+        return {
+          response: responses.notAuthenticatedResponse(),
+        };
+      }
+      auditLog.userId = authentication.apiKeyId;
+
+      let surveyInput;
+      try {
+        surveyInput = await request.json();
+      } catch (error) {
+        logger.error({ error, url: request.url }, "Error parsing JSON");
+        return {
+          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
+        };
+      }
+      const inputValidation = ZSurveyCreateInputWithEnvironmentId.safeParse(surveyInput);
+
+      if (!inputValidation.success) {
+        return {
+          response: responses.badRequestResponse(
+            "Fields are missing or incorrectly formatted",
+            transformErrorToDetails(inputValidation.error),
+            true
+          ),
+        };
+      }
+
+      const { environmentId } = inputValidation.data;
+
+      if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
+        return {
+          response: responses.unauthorizedResponse(),
+        };
+      }
+
+      const organization = await getOrganizationByEnvironmentId(environmentId);
+      if (!organization) {
+        return {
+          response: responses.notFoundResponse("Organization", null),
+        };
+      }
+      auditLog.organizationId = organization.id;
+
+      const surveyData = { ...inputValidation.data, environmentId };
+
+      const featureCheckResult = await checkFeaturePermissions(surveyData, organization);
+      if (featureCheckResult) {
+        return {
+          response: featureCheckResult,
+        };
+      }
+
+      const survey = await createSurvey(environmentId, { ...surveyData, environmentId: undefined });
+      auditLog.targetId = survey.id;
+      auditLog.newObject = survey;
+      return {
+        response: responses.successResponse(survey),
+      };
     } catch (error) {
-      logger.error({ error, url: request.url }, "Error parsing JSON");
-      return responses.badRequestResponse("Malformed JSON input, please check your request body");
+      if (error instanceof DatabaseError) {
+        return {
+          response: responses.badRequestResponse(error.message),
+        };
+      }
+      throw error;
     }
-    const inputValidation = ZSurveyCreateInputWithEnvironmentId.safeParse(surveyInput);
-
-    if (!inputValidation.success) {
-      return responses.badRequestResponse(
-        "Fields are missing or incorrectly formatted",
-        transformErrorToDetails(inputValidation.error),
-        true
-      );
-    }
-
-    const { environmentId } = inputValidation.data;
-
-    if (!hasPermission(authentication.environmentPermissions, environmentId, "POST")) {
-      return responses.unauthorizedResponse();
-    }
-
-    const organization = await getOrganizationByEnvironmentId(environmentId);
-    if (!organization) {
-      return responses.notFoundResponse("Organization", null);
-    }
-
-    const surveyData = { ...inputValidation.data, environmentId };
-
-    const featureCheckResult = await checkFeaturePermissions(surveyData, organization);
-    if (featureCheckResult) return featureCheckResult;
-
-    const survey = await createSurvey(environmentId, { ...surveyData, environmentId: undefined });
-    return responses.successResponse(survey);
-  } catch (error) {
-    if (error instanceof DatabaseError) {
-      return responses.badRequestResponse(error.message);
-    }
-    throw error;
-  }
-};
+  },
+  "created",
+  "survey"
+);

apps/web/app/api/v1/webhooks/[webhookId]/lib/webhook.test.ts

@@ -1,4 +1,3 @@
-import { webhookCache } from "@/lib/cache/webhook";
 import { Prisma, Webhook } from "@prisma/client";
 import { cleanup } from "@testing-library/react";
 import { afterEach, describe, expect, test, vi } from "vitest";
@@ -15,15 +14,6 @@ vi.mock("@formbricks/database", () => ({
   },
 }));
 
-vi.mock("@/lib/cache/webhook", () => ({
-  webhookCache: {
-    tag: {
-      byId: () => "mockTag",
-    },
-    revalidate: vi.fn(),
-  },
-}));
-
 vi.mock("@/lib/utils/validate", () => ({
   validateInputs: vi.fn(),
   ValidationError: class ValidationError extends Error {
@@ -34,11 +24,6 @@ vi.mock("@/lib/utils/validate", () => ({
   },
 }));
 
-vi.mock("@/lib/cache", () => ({
-  // Accept any function and return the exact same generic Fn – keeps typings intact
-  cache: <T extends (...args: any[]) => any>(fn: T): T => fn,
-}));
-
 describe("deleteWebhook", () => {
   afterEach(() => {
     cleanup();
@@ -68,10 +53,9 @@ describe("deleteWebhook", () => {
         id: "test-webhook-id",
       },
     });
-    expect(webhookCache.revalidate).toHaveBeenCalled();
   });
 
-  test("should delete the webhook and call webhookCache.revalidate with correct parameters", async () => {
+  test("should delete the webhook", async () => {
     const mockedWebhook: Webhook = {
       id: "test-webhook-id",
       url: "https://example.com",
@@ -94,11 +78,6 @@ describe("deleteWebhook", () => {
         id: "test-webhook-id",
       },
     });
-    expect(webhookCache.revalidate).toHaveBeenCalledWith({
-      id: mockedWebhook.id,
-      environmentId: mockedWebhook.environmentId,
-      source: mockedWebhook.source,
-    });
   });
 
   test("should throw an error when called with an invalid webhook ID format", async () => {
@@ -110,7 +89,6 @@ describe("deleteWebhook", () => {
     await expect(deleteWebhook("invalid-id")).rejects.toThrow(ValidationError);
 
     expect(prisma.webhook.delete).not.toHaveBeenCalled();
-    expect(webhookCache.revalidate).not.toHaveBeenCalled();
   });
 
   test("should throw ResourceNotFoundError when webhook does not exist", async () => {
@@ -122,7 +100,6 @@ describe("deleteWebhook", () => {
     vi.mocked(prisma.webhook.delete).mockRejectedValueOnce(prismaError);
 
     await expect(deleteWebhook("non-existent-id")).rejects.toThrow(ResourceNotFoundError);
-    expect(webhookCache.revalidate).not.toHaveBeenCalled();
   });
 
   test("should throw DatabaseError when database operation fails", async () => {
@@ -134,14 +111,12 @@ describe("deleteWebhook", () => {
     vi.mocked(prisma.webhook.delete).mockRejectedValueOnce(prismaError);
 
     await expect(deleteWebhook("test-webhook-id")).rejects.toThrow(DatabaseError);
-    expect(webhookCache.revalidate).not.toHaveBeenCalled();
   });
 
   test("should throw DatabaseError when an unknown error occurs", async () => {
     vi.mocked(prisma.webhook.delete).mockRejectedValueOnce(new Error("Unknown error"));
 
     await expect(deleteWebhook("test-webhook-id")).rejects.toThrow(DatabaseError);
-    expect(webhookCache.revalidate).not.toHaveBeenCalled();
   });
 });