feat: add hub docs rewrites

Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>

apps/web/modules/core/rate-limit/rate-limit-configs.ts

@@ -30,4 +30,4 @@ export const rateLimitConfigs = {
     upload: { interval: 60, allowedPerInterval: 5, namespace: "storage:upload" }, // 5 per minute
     delete: { interval: 60, allowedPerInterval: 5, namespace: "storage:delete" }, // 5 per minute
   },
-};
+} as const;

apps/web/modules/ee/contacts/segments/lib/filter/prisma-query.test.ts

@@ -5,14 +5,10 @@ import { getSegment } from "../segments";
 import { segmentFilterToPrismaQuery } from "./prisma-query";
 
 const mockQueryRawUnsafe = vi.fn();
-const mockFindFirst = vi.fn();
 
 vi.mock("@formbricks/database", () => ({
   prisma: {
     $queryRawUnsafe: (...args: unknown[]) => mockQueryRawUnsafe(...args),
-    contactAttribute: {
-      findFirst: (...args: unknown[]) => mockFindFirst(...args),
-    },
   },
 }));
 
@@ -30,9 +26,7 @@ describe("segmentFilterToPrismaQuery", () => {
 
   beforeEach(() => {
     vi.clearAllMocks();
-    // Default: backfill is complete, no un-migrated rows
-    mockFindFirst.mockResolvedValue(null);
-    // Fallback path mock: raw SQL returns one matching contact when un-migrated rows exist
+    // Default mock: number filter raw SQL returns one matching contact
     mockQueryRawUnsafe.mockResolvedValue([{ contactId: "mock-contact-1" }]);
   });
 
@@ -151,16 +145,7 @@ describe("segmentFilterToPrismaQuery", () => {
             },
           },
         ],
-        OR: [
-          {
-            attributes: {
-              some: {
-                attributeKey: { key: "age" },
-                valueNumber: { gt: 30 },
-              },
-            },
-          },
-        ],
+        OR: [{ id: { in: ["mock-contact-1"] } }],
       });
     }
   });
@@ -772,12 +757,7 @@ describe("segmentFilterToPrismaQuery", () => {
       });
 
       expect(subgroup.AND[0].AND[2]).toStrictEqual({
-        attributes: {
-          some: {
-            attributeKey: { key: "age" },
-            valueNumber: { gte: 18 },
-          },
-        },
+        id: { in: ["mock-contact-1"] },
       });
 
       // Segment inclusion
@@ -1178,23 +1158,10 @@ describe("segmentFilterToPrismaQuery", () => {
         },
       });
 
-      // Second subgroup (numeric operators - uses clean Prisma filter post-backfill)
+      // Second subgroup (numeric operators - now use raw SQL subquery returning contact IDs)
       const secondSubgroup = whereClause.AND?.[0];
       expect(secondSubgroup.AND[1].AND).toContainEqual({
-        attributes: {
-          some: {
-            attributeKey: { key: "loginCount" },
-            valueNumber: { gt: 5 },
-          },
-        },
-      });
-      expect(secondSubgroup.AND[1].AND).toContainEqual({
-        attributes: {
-          some: {
-            attributeKey: { key: "purchaseAmount" },
-            valueNumber: { lte: 1000 },
-          },
-        },
+        id: { in: ["mock-contact-1"] },
       });
 
       // Third subgroup (negation operators in OR clause)
@@ -1671,15 +1638,8 @@ describe("segmentFilterToPrismaQuery", () => {
           mode: "insensitive",
         });
 
-        // Number filter uses clean Prisma filter post-backfill
-        expect(andConditions[1]).toEqual({
-          attributes: {
-            some: {
-              attributeKey: { key: "purchaseCount" },
-              valueNumber: { gt: 5 },
-            },
-          },
-        });
+        // Number filter uses raw SQL subquery (transition code) returning contact IDs
+        expect(andConditions[1]).toEqual({ id: { in: ["mock-contact-1"] } });
 
         // Date filter uses OR fallback with 'valueDate' and string 'value'
         expect((andConditions[2] as unknown as any).attributes.some.OR[0].valueDate).toHaveProperty("gte");

apps/web/modules/ee/contacts/segments/lib/filter/prisma-query.ts

@@ -116,100 +116,59 @@ const buildDateAttributeFilterWhereClause = (filter: TSegmentAttributeFilter): P
 
 /**
  * Builds a Prisma where clause for number attribute filters.
- * Uses a clean Prisma query when all rows have valueNumber populated (post-backfill).
- * Falls back to a raw SQL subquery for un-migrated rows (valueNumber NULL, value contains numeric string).
+ * Uses a raw SQL subquery to handle both migrated rows (valueNumber populated)
+ * and un-migrated rows (valueNumber NULL, value contains numeric string).
+ * This is transition code for the deferred value backfill.
  *
  * TODO: After the backfill script has been run and all valueNumber columns are populated,
- * remove the un-migrated fallback path entirely.
+ * revert this to the clean Prisma-only version that queries valueNumber directly.
  */
 const buildNumberAttributeFilterWhereClause = async (
-  filter: TSegmentAttributeFilter,
-  environmentId: string
+  filter: TSegmentAttributeFilter
 ): Promise<Prisma.ContactWhereInput> => {
   const { root, qualifier, value } = filter;
   const { contactAttributeKey } = root;
   const { operator } = qualifier;
 
   const numericValue = typeof value === "number" ? value : Number(value);
-
-  let valueNumberCondition: Prisma.FloatNullableFilter;
-
-  switch (operator) {
-    case "greaterThan":
-      valueNumberCondition = { gt: numericValue };
-      break;
-    case "greaterEqual":
-      valueNumberCondition = { gte: numericValue };
-      break;
-    case "lessThan":
-      valueNumberCondition = { lt: numericValue };
-      break;
-    case "lessEqual":
-      valueNumberCondition = { lte: numericValue };
-      break;
-    default:
-      return {};
-  }
-
-  const migratedFilter: Prisma.ContactWhereInput = {
-    attributes: {
-      some: {
-        attributeKey: { key: contactAttributeKey },
-        valueNumber: valueNumberCondition,
-      },
-    },
-  };
-
-  const hasUnmigratedRows = await prisma.contactAttribute.findFirst({
-    where: {
-      attributeKey: {
-        key: contactAttributeKey,
-        environmentId,
-      },
-      valueNumber: null,
-    },
-    select: { id: true },
-  });
-
-  if (!hasUnmigratedRows) {
-    return migratedFilter;
-  }
-
   const sqlOp = SQL_OPERATORS[operator];
-  const unmigratedMatchingIds = await prisma.$queryRawUnsafe<{ contactId: string }[]>(
+
+  if (!sqlOp) {
+    return {};
+  }
+
+  const matchingContactIds = await prisma.$queryRawUnsafe<{ contactId: string }[]>(
     `
     SELECT DISTINCT ca."contactId"
     FROM "ContactAttribute" ca
     JOIN "ContactAttributeKey" cak ON ca."attributeKeyId" = cak.id
     WHERE cak.key = $1
-    AND cak."environmentId" = $4
-    AND ca."valueNumber" IS NULL
-    AND ca.value ~ $3
-    AND ca.value::double precision ${sqlOp} $2
+    AND (
+      (ca."valueNumber" IS NOT NULL AND ca."valueNumber" ${sqlOp} $2)
+      OR
+      (ca."valueNumber" IS NULL AND ca.value ~ $3 AND ca.value::double precision ${sqlOp} $2)
+    )
     `,
     contactAttributeKey,
     numericValue,
-    NUMBER_PATTERN_SQL,
-    environmentId
+    NUMBER_PATTERN_SQL
   );
 
-  if (unmigratedMatchingIds.length === 0) {
-    return migratedFilter;
+  const contactIds = matchingContactIds.map((r) => r.contactId);
+
+  if (contactIds.length === 0) {
+    // Return an impossible condition so the filter correctly excludes all contacts
+    return { id: "__NUMBER_FILTER_NO_MATCH__" };
   }
 
-  const contactIds = unmigratedMatchingIds.map((r) => r.contactId);
-
-  return {
-    OR: [migratedFilter, { id: { in: contactIds } }],
-  };
+  return { id: { in: contactIds } };
 };
 
 /**
  * Builds a Prisma where clause from a segment attribute filter
  */
 const buildAttributeFilterWhereClause = async (
-  filter: TSegmentAttributeFilter,
-  environmentId: string
+  filter: TSegmentAttributeFilter
 ): Promise<Prisma.ContactWhereInput> => {
   const { root, qualifier, value } = filter;
   const { contactAttributeKey } = root;
@@ -256,7 +215,7 @@ const buildAttributeFilterWhereClause = async (
 
   // Handle number operators
   if (["greaterThan", "greaterEqual", "lessThan", "lessEqual"].includes(operator)) {
-    return await buildNumberAttributeFilterWhereClause(filter, environmentId);
+    return await buildNumberAttributeFilterWhereClause(filter);
   }
 
   // For string operators, ensure value is a primitive (not an object or array)
@@ -294,8 +253,7 @@ const buildAttributeFilterWhereClause = async (
  * Builds a Prisma where clause from a person filter
  */
 const buildPersonFilterWhereClause = async (
-  filter: TSegmentPersonFilter,
-  environmentId: string
+  filter: TSegmentPersonFilter
 ): Promise<Prisma.ContactWhereInput> => {
   const { personIdentifier } = filter.root;
 
@@ -307,7 +265,7 @@ const buildPersonFilterWhereClause = async (
         contactAttributeKey: personIdentifier,
       },
     };
-    return await buildAttributeFilterWhereClause(personFilter, environmentId);
+    return await buildAttributeFilterWhereClause(personFilter);
   }
 
   return {};
@@ -356,7 +314,6 @@ const buildDeviceFilterWhereClause = (
 const buildSegmentFilterWhereClause = async (
   filter: TSegmentSegmentFilter,
   segmentPath: Set<string>,
-  environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
   const { root } = filter;
@@ -380,7 +337,7 @@ const buildSegmentFilterWhereClause = async (
   const newPath = new Set(segmentPath);
   newPath.add(segmentId);
 
-  return processFilters(segment.filters, newPath, environmentId, deviceType);
+  return processFilters(segment.filters, newPath, deviceType);
 };
 
 /**
@@ -389,25 +346,19 @@ const buildSegmentFilterWhereClause = async (
 const processSingleFilter = async (
   filter: TSegmentFilter,
   segmentPath: Set<string>,
-  environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
   const { root } = filter;
 
   switch (root.type) {
     case "attribute":
-      return await buildAttributeFilterWhereClause(filter as TSegmentAttributeFilter, environmentId);
+      return await buildAttributeFilterWhereClause(filter as TSegmentAttributeFilter);
     case "person":
-      return await buildPersonFilterWhereClause(filter as TSegmentPersonFilter, environmentId);
+      return await buildPersonFilterWhereClause(filter as TSegmentPersonFilter);
     case "device":
       return buildDeviceFilterWhereClause(filter as TSegmentDeviceFilter, deviceType);
     case "segment":
-      return await buildSegmentFilterWhereClause(
-        filter as TSegmentSegmentFilter,
-        segmentPath,
-        environmentId,
-        deviceType
-      );
+      return await buildSegmentFilterWhereClause(filter as TSegmentSegmentFilter, segmentPath, deviceType);
     default:
       return {};
   }
@@ -419,7 +370,6 @@ const processSingleFilter = async (
 const processFilters = async (
   filters: TBaseFilters,
   segmentPath: Set<string>,
-  environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
   if (filters.length === 0) return {};
@@ -436,10 +386,10 @@ const processFilters = async (
     // Process the resource based on its type
     if (isResourceFilter(resource)) {
       // If it's a single filter, process it directly
-      whereClause = await processSingleFilter(resource, segmentPath, environmentId, deviceType);
+      whereClause = await processSingleFilter(resource, segmentPath, deviceType);
     } else {
       // If it's a group of filters, process it recursively
-      whereClause = await processFilters(resource, segmentPath, environmentId, deviceType);
+      whereClause = await processFilters(resource, segmentPath, deviceType);
     }
 
     if (Object.keys(whereClause).length === 0) continue;
@@ -482,7 +432,7 @@ export const segmentFilterToPrismaQuery = reactCache(
 
       // Initialize an empty stack for tracking the current evaluation path
       const segmentPath = new Set<string>([segmentId]);
-      const filtersWhereClause = await processFilters(filters, segmentPath, environmentId, deviceType);
+      const filtersWhereClause = await processFilters(filters, segmentPath, deviceType);
 
       const whereClause = {
         AND: [baseWhereClause, filtersWhereClause],

apps/web/modules/ui/components/survey/index.tsx

@@ -40,7 +40,10 @@ export const SurveyInline = (props: Omit<SurveyContainerProps, "containerId">) =
     isLoadingScript = true;
     try {
       const scriptUrl = props.appUrl ? `${props.appUrl}/js/surveys.umd.cjs` : "/js/surveys.umd.cjs";
-      const response = await fetch(scriptUrl);
+      const response = await fetch(
+        scriptUrl,
+        process.env.NODE_ENV === "development" ? { cache: "no-store" } : {}
+      );
 
       if (!response.ok) {
         throw new Error("Failed to load the surveys package");

apps/web/next.config.mjs

@@ -405,6 +405,14 @@ const nextConfig = {
   },
   async rewrites() {
     return [
+      {
+        source: "/hub",
+        destination: "https://hub.stldocs.app",
+      },
+      {
+        source: "/hub/:path*",
+        destination: "https://hub.stldocs.app/:path*",
+      },
       {
         source: "/api/packages/website",
         destination: "/js/formbricks.umd.cjs",
@@ -482,5 +490,4 @@ const sentryOptions = {
 // Runtime Sentry reporting still depends on DSN being set via environment variables
 const exportConfig = process.env.SENTRY_AUTH_TOKEN ? withSentryConfig(nextConfig, sentryOptions) : nextConfig;
 
-
 export default exportConfig;

docs/self-hosting/advanced/rate-limiting.mdx

@@ -1,41 +1,94 @@
 ---
 title: "Rate Limiting"
-description: "Rate limiting for Formbricks"
+description: "Current request rate limits in Formbricks"
 icon: "timer"
 ---
 
-To protect the platform from abuse and ensure fair usage, rate limiting is enforced by default on an IP-address basis. If a client exceeds the allowed number of requests within the specified time window, the API will return a `429 Too Many Requests` status code.
+Formbricks applies request rate limits to protect against abuse and keep API usage fair.
 
-## Default Rate Limits
+Rate limits are scoped by identifier, depending on the endpoint:
 
-The following rate limits apply to various endpoints:
+- IP hash (for unauthenticated/client-side routes and public actions)
+- API key ID (for authenticated API calls)
+- User ID (for authenticated session-based calls and server actions)
+- Organization ID (for follow-up email dispatch)
 
-| **Endpoint**            | **Rate Limit** | **Time Window** |
-| ----------------------- | -------------- | --------------- |
-| `POST /login`           | 30 requests    | 15 minutes      |
-| `POST /signup`          | 30 requests    | 60 minutes      |
-| `POST /verify-email`    | 10 requests    | 60 minutes      |
-| `POST /forgot-password` | 5 requests     | 60 minutes      |
-| `GET /client-side-api`  | 100 requests   | 1 minute        |
-| `POST /share`           | 100 requests   | 60 minutes      |
+When a limit is exceeded, the API returns `429 Too Many Requests`.
 
-If a request exceeds the defined rate limit, the server will respond with:
+## Management API Rate Limits
+
+These are the current limits for Management APIs:
+
+| **Route Group** | **Limit** | **Window** | **Identifier** |
+| --- | --- | --- | --- |
+| `/api/v1/management/*` (except `/api/v1/management/storage`), `/api/v1/webhooks/*`, `/api/v1/integrations/*`, `/api/v1/management/me` | 100 requests | 1 minute | API key ID or session user ID |
+| `/api/v2/management/*` (and other v2 authenticated routes that use `authenticatedApiClient`) | 100 requests | 1 minute | API key ID |
+| `POST /api/v1/management/storage` | 5 requests | 1 minute | API key ID or session user ID |
+
+## All Enforced Limits
+
+| **Config** | **Limit** | **Window** | **Identifier** | **Used For** |
+| --- | --- | --- | --- | --- |
+| `auth.login` | 10 requests | 15 minutes | IP hash | Email/password login flow (`/api/auth/callback/credentials`) |
+| `auth.signup` | 30 requests | 60 minutes | IP hash | Signup server action |
+| `auth.forgotPassword` | 5 requests | 60 minutes | IP hash | Forgot password server action |
+| `auth.verifyEmail` | 10 requests | 60 minutes | IP hash | Email verification callback + resend verification action |
+| `api.v1` | 100 requests | 1 minute | API key ID or session user ID | v1 management, webhooks, integrations, and `/api/v1/management/me` |
+| `api.v2` | 100 requests | 1 minute | API key ID | v2 authenticated API wrapper (`authenticatedApiClient`) |
+| `api.client` | 100 requests | 1 minute | IP hash | v1 client API routes (except `/api/v1/client/og` and storage upload override), plus v2 routes that re-use those v1 handlers |
+| `storage.upload` | 5 requests | 1 minute | IP hash or authenticated ID | Client storage upload and management storage upload |
+| `storage.delete` | 5 requests | 1 minute | API key ID or session user ID | `DELETE /storage/[environmentId]/[accessType]/[fileName]` |
+| `actions.emailUpdate` | 3 requests | 60 minutes | User ID | Profile email update action |
+| `actions.surveyFollowUp` | 50 requests | 60 minutes | Organization ID | Survey follow-up email processing |
+| `actions.sendLinkSurveyEmail` | 10 requests | 60 minutes | IP hash | Link survey email send action |
+| `actions.licenseRecheck` | 5 requests | 1 minute | User ID | Enterprise license recheck action |
+
+## Current Endpoint Exceptions
+
+The following routes are currently not rate-limited by the server-side limiter:
+
+- `GET /api/v1/client/og` (explicitly excluded)
+- `POST /api/v2/client/[environmentId]/responses`
+- `POST /api/v2/client/[environmentId]/displays`
+- `GET /api/v2/health`
+
+## 429 Response Shape
+
+v1-style endpoints return:
 
 ```json
 {
-  "code": 429,
-  "error": "Too many requests, Please try after a while!"
+  "code": "too_many_requests",
+  "message": "Maximum number of requests reached. Please try again later.",
+  "details": {}
+}
+```
+
+v2-style endpoints return:
+
+```json
+{
+  "error": {
+    "code": 429,
+    "message": "Too Many Requests"
+  }
 }
 ```
 
 ## Disabling Rate Limiting
 
-For self-hosters, rate limiting can be disabled if necessary. However, we **strongly recommend keeping rate limiting enabled in production environments** to prevent abuse.
+For self-hosters, rate limiting can be disabled if necessary. We strongly recommend keeping it enabled in production.
 
-To disable rate limiting, set the following environment variable:
+Set:
 
 ```bash
 RATE_LIMITING_DISABLED=1
 ```
 
-After making this change, restart your server to apply the new setting.
+After changing this value, restart the server.
+
+## Operational Notes
+
+- Redis/Valkey is required for robust rate limiting (`REDIS_URL`).
+- If Redis is unavailable at runtime, rate-limiter checks currently fail open (requests are allowed through without enforcement).
+- Authentication failure audit logging uses a separate throttle (`shouldLogAuthFailure()`) and is intentionally **fail-closed**: when Redis is unavailable or errors occur, audit log entries are **skipped entirely** rather than written without throttle control. This prevents spam while preserving the hash-integrity chain required for compliance. In other words, if Redis is down, no authentication-failure audit logs will be recorded—requests themselves are still allowed (fail-open rate limiting above), but the audit trail for those failures will not be written.

docs/xm-and-surveys/xm/best-practices/cancel-subscription.mdx

@@ -16,8 +16,6 @@ The Churn Survey is among the most effective ways to identify weaknesses in your
 
 * Follow-up to prevent bad reviews
 
-* Coming soon: Make survey mandatory
-
 ## Overview
 
 To run the Churn Survey in your app you want to proceed as follows:
@@ -80,13 +78,6 @@ Whenever a user visits this page, matches the filter conditions above and the re
 
 Here is our complete [Actions manual](/xm-and-surveys/surveys/website-app-surveys/actions/) covering [No-Code](/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-no-code-actions) and [Code](/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-code-actions) Actions.
 
-<Note>
-  Pre-churn flow coming soon We’re currently building full-screen survey
-  pop-ups. You’ll be able to prevent users from closing the survey unless they
-  respond to it. It’s certainly debatable if you want that but you could force
-  them to click through the survey before letting them cancel 🤷
-</Note>
-
 ### 5. Select Action in the “When to ask” card
 
 ![Select feedback button action](/images/xm-and-surveys/xm/best-practices/cancel-subscription/select-action.webp)

docs/xm-and-surveys/xm/best-practices/improve-trial-cr.mdx

@@ -46,13 +46,7 @@ _Want to change the button color? Adjust it in the project settings!_
 
 Save, and move over to the **Audience** tab.
 
-### 3. Pre-segment your audience (coming soon)
-
-<Note>
-### Filter by Attribute Coming Soon
-
-We're working on pre-segmenting users by attributes. This manual will be updated in the coming days.
-</Note>
+### 3. Pre-segment your audience
 
 Pre-segmentation isn't needed for this survey since you likely want to target all users who cancel their trial. You can use a specific user action, like clicking **Cancel Trial**, to show the survey only to users trying your product.
 
@@ -62,13 +56,13 @@ How you trigger your survey depends on your product. There are two options:
 
 - **Trigger by Page view:** If you have a page like `/trial-cancelled` for users who cancel their trial subscription, create a user action with the type "Page View." Select "Limit to specific pages" and apply URL filters with these settings:
 
-![Change text content](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-pageurl.webp)
+![Add page URL action](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-pageurl.webp)
 
 Whenever a user visits this page, the survey will be displayed ✅
 
 - **Trigger by Button Click:** In a different case, you have a “Cancel Trial" button in your app. You can setup a user Action with the `Inner Text`:
 
-![Change text content](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-innertext.webp)
+![Add inner text action](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-innertext.webp)
 
 Please have a look at our complete [Actions manual](/xm-and-surveys/surveys/website-app-surveys/actions) if you have questions.
 

docs/xm-and-surveys/xm/best-practices/interview-prompt.mdx

@@ -54,13 +54,7 @@ In the button settings you have to make sure it is set to “External URL”. In
 
 Save, and move over to the “Audience” tab.
 
-### 3. Pre-segment your audience (coming soon)
-
-<Note>
-  ## Filter by attribute coming soon. We're working on pre-segmenting users by
-
-  attributes. We will update this manual in the next few days.
-</Note>
+### 3. Pre-segment your audience
 
 Once you clicked over to the “Audience” tab you can change the settings. In the **Who To Send** card, select “Filter audience by attribute”. This allows you to only show the prompt to a specific segment of your user base.