feat: add hub docs rewrites

Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>

apps/web/app/api/(internal)/pipeline/lib/handleIntegrations.ts

@@ -21,7 +21,6 @@ import { getElementsFromBlocks } from "@/lib/survey/utils";
 import { getFormattedDateTimeString } from "@/lib/utils/datetime";
 import { parseRecallInfo } from "@/lib/utils/recall";
 import { truncateText } from "@/lib/utils/strings";
-import { resolveStorageUrlAuto } from "@/modules/storage/utils";
 
 const convertMetaObjectToString = (metadata: TResponseMeta): string => {
   let result: string[] = [];
@@ -257,16 +256,10 @@ const processElementResponse = (
     const selectedChoiceIds = responseValue as string[];
     return element.choices
       .filter((choice) => selectedChoiceIds.includes(choice.id))
-      .map((choice) => resolveStorageUrlAuto(choice.imageUrl))
+      .map((choice) => choice.imageUrl)
       .join("\n");
   }
 
-  if (element.type === TSurveyElementTypeEnum.FileUpload && Array.isArray(responseValue)) {
-    return responseValue
-      .map((url) => (typeof url === "string" ? resolveStorageUrlAuto(url) : url))
-      .join("; ");
-  }
-
   return processResponseData(responseValue);
 };
 
@@ -375,7 +368,7 @@ const buildNotionPayloadProperties = (
 
       responses[resp] = (pictureElement as any)?.choices
         .filter((choice) => selectedChoiceIds.includes(choice.id))
-        .map((choice) => resolveStorageUrlAuto(choice.imageUrl));
+        .map((choice) => choice.imageUrl);
     }
   });
 

apps/web/app/api/(internal)/pipeline/route.ts

@@ -18,7 +18,6 @@ import { convertDatesInObject } from "@/lib/time";
 import { queueAuditEvent } from "@/modules/ee/audit-logs/lib/handler";
 import { TAuditStatus, UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";
 import { sendResponseFinishedEmail } from "@/modules/email";
-import { resolveStorageUrlsInObject } from "@/modules/storage/utils";
 import { sendFollowUpsForResponse } from "@/modules/survey/follow-ups/lib/follow-ups";
 import { FollowUpSendError } from "@/modules/survey/follow-ups/types/follow-up";
 import { handleIntegrations } from "./lib/handleIntegrations";
@@ -96,15 +95,12 @@ export const POST = async (request: Request) => {
     ]);
   };
 
-  const resolvedResponseData = resolveStorageUrlsInObject(response.data);
-
   const webhookPromises = webhooks.map((webhook) => {
     const body = JSON.stringify({
       webhookId: webhook.id,
       event,
       data: {
         ...response,
-        data: resolvedResponseData,
         survey: {
           title: survey.name,
           type: survey.type,

apps/web/app/api/v1/client/[environmentId]/environment/lib/data.ts

@@ -10,7 +10,6 @@ import {
   TJsEnvironmentStateSurvey,
 } from "@formbricks/types/js";
 import { validateInputs } from "@/lib/utils/validate";
-import { resolveStorageUrlsInObject } from "@/modules/storage/utils";
 import { transformPrismaSurvey } from "@/modules/survey/lib/utils";
 
 /**
@@ -178,14 +177,14 @@ export const getEnvironmentStateData = async (environmentId: string): Promise<En
           overlay: environmentData.project.overlay,
           placement: environmentData.project.placement,
           inAppSurveyBranding: environmentData.project.inAppSurveyBranding,
-          styling: resolveStorageUrlsInObject(environmentData.project.styling),
+          styling: environmentData.project.styling,
         },
       },
       organization: {
         id: environmentData.project.organization.id,
         billing: environmentData.project.organization.billing,
       },
-      surveys: resolveStorageUrlsInObject(transformedSurveys),
+      surveys: transformedSurveys,
       actionClasses: environmentData.actionClasses as TJsEnvironmentStateActionClass[],
     };
   } catch (error) {

apps/web/app/api/v1/client/[environmentId]/responses/[responseId]/route.ts

@@ -44,10 +44,13 @@ const validateResponse = (
     ...responseUpdateInput.data,
   };
 
+  const isFinished = responseUpdateInput.finished ?? false;
+
   const validationErrors = validateResponseData(
     survey.blocks,
     mergedData,
     responseUpdateInput.language ?? response.language ?? "en",
+    isFinished,
     survey.questions
   );
 

apps/web/app/api/v1/client/[environmentId]/responses/route.ts

@@ -41,6 +41,7 @@ const validateResponse = (responseInputData: TResponseInput, survey: TSurvey) =>
     survey.blocks,
     responseInputData.data,
     responseInputData.language ?? "en",
+    responseInputData.finished,
     survey.questions
   );
 

apps/web/app/api/v1/management/responses/[responseId]/route.ts

@@ -10,7 +10,7 @@ import { deleteResponse, getResponse } from "@/lib/response/service";
 import { getSurvey } from "@/lib/survey/service";
 import { formatValidationErrorsForV1Api, validateResponseData } from "@/modules/api/lib/validation";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-import { resolveStorageUrlsInObject, validateFileUploads } from "@/modules/storage/utils";
+import { validateFileUploads } from "@/modules/storage/utils";
 import { updateResponseWithQuotaEvaluation } from "./lib/response";
 
 async function fetchAndAuthorizeResponse(
@@ -57,10 +57,7 @@ export const GET = withV1ApiWrapper({
       }
 
       return {
-        response: responses.successResponse({
-          ...result.response,
-          data: resolveStorageUrlsInObject(result.response.data),
-        }),
+        response: responses.successResponse(result.response),
       };
     } catch (error) {
       return {
@@ -149,6 +146,7 @@ export const PUT = withV1ApiWrapper({
         result.survey.blocks,
         responseUpdate.data,
         responseUpdate.language ?? "en",
+        responseUpdate.finished,
         result.survey.questions
       );
 
@@ -192,7 +190,7 @@ export const PUT = withV1ApiWrapper({
       }
 
       return {
-        response: responses.successResponse({ ...updated, data: resolveStorageUrlsInObject(updated.data) }),
+        response: responses.successResponse(updated),
       };
     } catch (error) {
       return {

apps/web/app/api/v1/management/responses/route.ts

@@ -9,7 +9,7 @@ import { sendToPipeline } from "@/app/lib/pipelines";
 import { getSurvey } from "@/lib/survey/service";
 import { formatValidationErrorsForV1Api, validateResponseData } from "@/modules/api/lib/validation";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-import { resolveStorageUrlsInObject, validateFileUploads } from "@/modules/storage/utils";
+import { validateFileUploads } from "@/modules/storage/utils";
 import {
   createResponseWithQuotaEvaluation,
   getResponses,
@@ -54,9 +54,7 @@ export const GET = withV1ApiWrapper({
         allResponses.push(...environmentResponses);
       }
       return {
-        response: responses.successResponse(
-          allResponses.map((r) => ({ ...r, data: resolveStorageUrlsInObject(r.data) }))
-        ),
+        response: responses.successResponse(allResponses),
       };
     } catch (error) {
       if (error instanceof DatabaseError) {
@@ -157,6 +155,7 @@ export const POST = withV1ApiWrapper({
         surveyResult.survey.blocks,
         responseInput.data,
         responseInput.language ?? "en",
+        responseInput.finished,
         surveyResult.survey.questions
       );
 

apps/web/app/api/v1/management/surveys/[surveyId]/route.ts

@@ -16,7 +16,6 @@ import { TApiAuditLog, TApiKeyAuthentication, withV1ApiWrapper } from "@/app/lib
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-import { resolveStorageUrlsInObject } from "@/modules/storage/utils";
 
 const fetchAndAuthorizeSurvey = async (
   surveyId: string,
@@ -59,18 +58,16 @@ export const GET = withV1ApiWrapper({
 
       if (shouldTransformToQuestions) {
         return {
-          response: responses.successResponse(
-            resolveStorageUrlsInObject({
-              ...result.survey,
-              questions: transformBlocksToQuestions(result.survey.blocks, result.survey.endings),
-              blocks: [],
-            })
-          ),
+          response: responses.successResponse({
+            ...result.survey,
+            questions: transformBlocksToQuestions(result.survey.blocks, result.survey.endings),
+            blocks: [],
+          }),
         };
       }
 
       return {
-        response: responses.successResponse(resolveStorageUrlsInObject(result.survey)),
+        response: responses.successResponse(result.survey),
       };
     } catch (error) {
       return {
@@ -205,12 +202,12 @@ export const PUT = withV1ApiWrapper({
           };
 
           return {
-            response: responses.successResponse(resolveStorageUrlsInObject(surveyWithQuestions)),
+            response: responses.successResponse(surveyWithQuestions),
           };
         }
 
         return {
-          response: responses.successResponse(resolveStorageUrlsInObject(updatedSurvey)),
+          response: responses.successResponse(updatedSurvey),
         };
       } catch (error) {
         return {

apps/web/app/api/v1/management/surveys/route.ts

@@ -14,7 +14,6 @@ import { TApiAuditLog, TApiKeyAuthentication, withV1ApiWrapper } from "@/app/lib
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
 import { createSurvey } from "@/lib/survey/service";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-import { resolveStorageUrlsInObject } from "@/modules/storage/utils";
 import { getSurveys } from "./lib/surveys";
 
 export const GET = withV1ApiWrapper({
@@ -56,7 +55,7 @@ export const GET = withV1ApiWrapper({
       });
 
       return {
-        response: responses.successResponse(resolveStorageUrlsInObject(surveysWithQuestions)),
+        response: responses.successResponse(surveysWithQuestions),
       };
     } catch (error) {
       if (error instanceof DatabaseError) {

apps/web/app/api/v2/client/[environmentId]/responses/route.ts

@@ -112,6 +112,7 @@ export const POST = async (request: Request, context: Context): Promise<Response
     survey.blocks,
     responseInputData.data,
     responseInputData.language ?? "en",
+    responseInputData.finished,
     survey.questions
   );
 

apps/web/lib/response/service.ts

@@ -22,7 +22,6 @@ import { getElementsFromBlocks } from "@/lib/survey/utils";
 import { getIsQuotasEnabled } from "@/modules/ee/license-check/lib/utils";
 import { reduceQuotaLimits } from "@/modules/ee/quotas/lib/quotas";
 import { deleteFile } from "@/modules/storage/service";
-import { resolveStorageUrlsInObject } from "@/modules/storage/utils";
 import { getOrganizationIdFromEnvironmentId } from "@/modules/survey/lib/organization";
 import { getOrganizationBilling } from "@/modules/survey/lib/survey";
 import { ITEMS_PER_PAGE } from "../constants";
@@ -409,10 +408,9 @@ export const getResponseDownloadFile = async (
     if (survey.isVerifyEmailEnabled) {
       headers.push("Verified Email");
     }
-    const resolvedResponses = responses.map((r) => ({ ...r, data: resolveStorageUrlsInObject(r.data) }));
     const jsonData = getResponsesJson(
       survey,
-      resolvedResponses,
+      responses,
       elements,
       userAttributes,
       hiddenFields,

apps/web/modules/api/lib/validation.test.ts

@@ -95,7 +95,7 @@ describe("validateResponseData", () => {
     mockGetElementsFromBlocks.mockReturnValue(mockElements);
     mockValidateBlockResponses.mockReturnValue({});
 
-    validateResponseData([], mockResponseData, "en", mockQuestions);
+    validateResponseData([], mockResponseData, "en", true, mockQuestions);
 
     expect(mockTransformQuestionsToBlocks).toHaveBeenCalledWith(mockQuestions, []);
     expect(mockGetElementsFromBlocks).toHaveBeenCalledWith(transformedBlocks);
@@ -105,15 +105,15 @@ describe("validateResponseData", () => {
     mockGetElementsFromBlocks.mockReturnValue(mockElements);
     mockValidateBlockResponses.mockReturnValue({});
 
-    validateResponseData(mockBlocks, mockResponseData, "en", mockQuestions);
+    validateResponseData(mockBlocks, mockResponseData, "en", true, mockQuestions);
 
     expect(mockTransformQuestionsToBlocks).not.toHaveBeenCalled();
   });
 
   test("should return null when both blocks and questions are empty", () => {
-    expect(validateResponseData([], mockResponseData, "en", [])).toBeNull();
-    expect(validateResponseData(null, mockResponseData, "en", [])).toBeNull();
-    expect(validateResponseData(undefined, mockResponseData, "en", null)).toBeNull();
+    expect(validateResponseData([], mockResponseData, "en", true, [])).toBeNull();
+    expect(validateResponseData(null, mockResponseData, "en", true, [])).toBeNull();
+    expect(validateResponseData(undefined, mockResponseData, "en", true, null)).toBeNull();
   });
 
   test("should use default language code", () => {
@@ -125,58 +125,25 @@ describe("validateResponseData", () => {
     expect(mockValidateBlockResponses).toHaveBeenCalledWith(mockElements, mockResponseData, "en");
   });
 
-  test("should validate only fields present in responseData", () => {
+  test("should validate only present fields when finished is false", () => {
     const partialResponseData: TResponseData = { element1: "test" };
-    const elementsToValidate = [mockElements[0]];
+    const partialElements = [mockElements[0]];
     mockGetElementsFromBlocks.mockReturnValue(mockElements);
     mockValidateBlockResponses.mockReturnValue({});
 
-    validateResponseData(mockBlocks, partialResponseData, "en");
+    validateResponseData(mockBlocks, partialResponseData, "en", false);
 
-    expect(mockValidateBlockResponses).toHaveBeenCalledWith(elementsToValidate, partialResponseData, "en");
+    expect(mockValidateBlockResponses).toHaveBeenCalledWith(partialElements, partialResponseData, "en");
   });
 
-  test("should never validate elements not in responseData", () => {
-    const blocksWithTwoElements: TSurveyBlock[] = [
-      ...mockBlocks,
-      {
-        id: "block2",
-        name: "Block 2",
-        elements: [
-          {
-            id: "element2",
-            type: TSurveyElementTypeEnum.OpenText,
-            headline: { default: "Q2" },
-            required: true,
-            inputType: "text",
-            charLimit: { enabled: false },
-          },
-        ],
-      },
-    ];
-    const allElements = [
-      ...mockElements,
-      {
-        id: "element2",
-        type: TSurveyElementTypeEnum.OpenText,
-        headline: { default: "Q2" },
-        required: true,
-        inputType: "text",
-        charLimit: { enabled: false },
-      },
-    ];
-    const responseDataWithOnlyElement1: TResponseData = { element1: "test" };
-    mockGetElementsFromBlocks.mockReturnValue(allElements);
+  test("should validate all fields when finished is true", () => {
+    const partialResponseData: TResponseData = { element1: "test" };
+    mockGetElementsFromBlocks.mockReturnValue(mockElements);
     mockValidateBlockResponses.mockReturnValue({});
 
-    validateResponseData(blocksWithTwoElements, responseDataWithOnlyElement1, "en");
+    validateResponseData(mockBlocks, partialResponseData, "en", true);
 
-    // Only element1 should be validated, not element2 (even though it's required)
-    expect(mockValidateBlockResponses).toHaveBeenCalledWith(
-      [allElements[0]],
-      responseDataWithOnlyElement1,
-      "en"
-    );
+    expect(mockValidateBlockResponses).toHaveBeenCalledWith(mockElements, partialResponseData, "en");
   });
 });
 

apps/web/modules/api/lib/validation.ts

@@ -9,13 +9,13 @@ import { getElementsFromBlocks } from "@/lib/survey/utils";
 import { ApiErrorDetails } from "@/modules/api/v2/types/api-error";
 
 /**
- * Validates response data against survey validation rules.
- * Only validates elements that have data in responseData - never validates
- * all survey elements regardless of completion status.
+ * Validates response data against survey validation rules
+ * Handles partial responses (in-progress) by only validating present fields when finished is false
  *
  * @param blocks - Survey blocks containing elements with validation rules (preferred)
  * @param responseData - Response data to validate (keyed by element ID)
  * @param languageCode - Language code for error messages (defaults to "en")
+ * @param finished - Whether the response is finished (defaults to true for management APIs)
  * @param questions - Survey questions (legacy format, used as fallback if blocks are empty)
  * @returns Validation error map keyed by element ID, or null if validation passes
  */
@@ -23,6 +23,7 @@ export const validateResponseData = (
   blocks: TSurveyBlock[] | undefined | null,
   responseData: TResponseData,
   languageCode: string = "en",
+  finished: boolean = true,
   questions?: TSurveyQuestion[] | undefined | null
 ): TValidationErrorMap | null => {
   // Use blocks if available, otherwise transform questions to blocks
@@ -41,8 +42,11 @@ export const validateResponseData = (
   // Extract elements from blocks
   const allElements = getElementsFromBlocks(blocksToUse);
 
-  // Always validate only elements that are present in responseData
-  const elementsToValidate = allElements.filter((element) => Object.keys(responseData).includes(element.id));
+  // If response is not finished, only validate elements that are present in the response data
+  // This prevents "required" errors for fields the user hasn't reached yet
+  const elementsToValidate = finished
+    ? allElements
+    : allElements.filter((element) => Object.keys(responseData).includes(element.id));
 
   // Validate selected elements
   const errorMap = validateBlockResponses(elementsToValidate, responseData, languageCode);

apps/web/modules/api/v2/management/responses/[responseId]/route.ts

@@ -15,7 +15,7 @@ import {
 import { getSurveyQuestions } from "@/modules/api/v2/management/responses/[responseId]/lib/survey";
 import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-import { resolveStorageUrlsInObject, validateFileUploads } from "@/modules/storage/utils";
+import { validateFileUploads } from "@/modules/storage/utils";
 import { ZResponseIdSchema, ZResponseUpdateSchema } from "./types/responses";
 
 export const GET = async (request: Request, props: { params: Promise<{ responseId: string }> }) =>
@@ -51,10 +51,7 @@ export const GET = async (request: Request, props: { params: Promise<{ responseI
         return handleApiError(request, response.error as ApiErrorResponseV2);
       }
 
-      return responses.successResponse({
-        ...response,
-        data: { ...response.data, data: resolveStorageUrlsInObject(response.data.data) },
-      });
+      return responses.successResponse(response);
     },
   });
 
@@ -201,6 +198,7 @@ export const PUT = (request: Request, props: { params: Promise<{ responseId: str
         questionsResponse.data.blocks,
         body.data,
         body.language ?? "en",
+        body.finished,
         questionsResponse.data.questions
       );
 
@@ -246,10 +244,7 @@ export const PUT = (request: Request, props: { params: Promise<{ responseId: str
         auditLog.newObject = response.data;
       }
 
-      return responses.successResponse({
-        ...response,
-        data: { ...response.data, data: resolveStorageUrlsInObject(response.data.data) },
-      });
+      return responses.successResponse(response);
     },
     action: "updated",
     targetType: "response",

apps/web/modules/api/v2/management/responses/route.ts

@@ -12,7 +12,7 @@ import { getSurveyQuestions } from "@/modules/api/v2/management/responses/[respo
 import { ZGetResponsesFilter, ZResponseInput } from "@/modules/api/v2/management/responses/types/responses";
 import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-import { resolveStorageUrlsInObject, validateFileUploads } from "@/modules/storage/utils";
+import { validateFileUploads } from "@/modules/storage/utils";
 import { createResponseWithQuotaEvaluation, getResponses } from "./lib/response";
 
 export const GET = async (request: NextRequest) =>
@@ -44,9 +44,7 @@ export const GET = async (request: NextRequest) =>
 
       environmentResponses.push(...res.data.data);
 
-      return responses.successResponse({
-        data: environmentResponses.map((r) => ({ ...r, data: resolveStorageUrlsInObject(r.data) })),
-      });
+      return responses.successResponse({ data: environmentResponses });
     },
   });
 
@@ -136,6 +134,7 @@ export const POST = async (request: Request) =>
         surveyQuestions.data.blocks,
         body.data,
         body.language ?? "en",
+        body.finished,
         surveyQuestions.data.questions
       );
 

apps/web/modules/core/rate-limit/rate-limit-configs.ts

@@ -30,4 +30,4 @@ export const rateLimitConfigs = {
     upload: { interval: 60, allowedPerInterval: 5, namespace: "storage:upload" }, // 5 per minute
     delete: { interval: 60, allowedPerInterval: 5, namespace: "storage:delete" }, // 5 per minute
   },
-};
+} as const;

apps/web/modules/ee/contacts/api/v1/client/[environmentId]/user/lib/segments.test.ts

@@ -7,9 +7,10 @@ import { validateInputs } from "@/lib/utils/validate";
 import { segmentFilterToPrismaQuery } from "@/modules/ee/contacts/segments/lib/filter/prisma-query";
 import { getPersonSegmentIds, getSegments } from "./segments";
 
+// Mock the cache functions
 vi.mock("@/lib/cache", () => ({
   cache: {
-    withCache: vi.fn(async (fn) => await fn()),
+    withCache: vi.fn(async (fn) => await fn()), // Just execute the function without caching for tests
   },
 }));
 
@@ -29,15 +30,15 @@ vi.mock("@formbricks/database", () => ({
     contact: {
       findFirst: vi.fn(),
     },
-    $transaction: vi.fn(),
   },
 }));
 
+// Mock React cache
 vi.mock("react", async () => {
   const actual = await vi.importActual("react");
   return {
     ...actual,
-    cache: <T extends (...args: any[]) => any>(fn: T): T => fn,
+    cache: <T extends (...args: any[]) => any>(fn: T): T => fn, // Return the function with the same type signature
   };
 });
 
@@ -96,20 +97,22 @@ describe("segments lib", () => {
   });
 
   describe("getPersonSegmentIds", () => {
-    const mockWhereClause = { AND: [{ environmentId: mockEnvironmentId }, {}] };
-
     beforeEach(() => {
       vi.mocked(prisma.segment.findMany).mockResolvedValue(
         mockSegmentsData as Prisma.Result<typeof prisma.segment, unknown, "findMany">
       );
       vi.mocked(segmentFilterToPrismaQuery).mockResolvedValue({
         ok: true,
-        data: { whereClause: mockWhereClause },
+        data: { whereClause: { AND: [{ environmentId: mockEnvironmentId }, {}] } },
       });
     });
 
     test("should return person segment IDs successfully", async () => {
-      vi.mocked(prisma.$transaction).mockResolvedValue([{ id: mockContactId }, { id: mockContactId }]);
+      vi.mocked(prisma.contact.findFirst).mockResolvedValue({ id: mockContactId } as Prisma.Result<
+        typeof prisma.contact,
+        unknown,
+        "findFirst"
+      >);
 
       const result = await getPersonSegmentIds(
         mockEnvironmentId,
@@ -125,12 +128,12 @@ describe("segments lib", () => {
       });
 
       expect(segmentFilterToPrismaQuery).toHaveBeenCalledTimes(mockSegmentsData.length);
-      expect(prisma.$transaction).toHaveBeenCalledTimes(1);
+      expect(prisma.contact.findFirst).toHaveBeenCalledTimes(mockSegmentsData.length);
       expect(result).toEqual(mockSegmentsData.map((s) => s.id));
     });
 
     test("should return empty array if no segments exist", async () => {
-      vi.mocked(prisma.segment.findMany).mockResolvedValue([]);
+      vi.mocked(prisma.segment.findMany).mockResolvedValue([]); // No segments
 
       const result = await getPersonSegmentIds(
         mockEnvironmentId,
@@ -141,11 +144,10 @@ describe("segments lib", () => {
 
       expect(result).toEqual([]);
       expect(segmentFilterToPrismaQuery).not.toHaveBeenCalled();
-      expect(prisma.$transaction).not.toHaveBeenCalled();
     });
 
     test("should return empty array if segments exist but none match", async () => {
-      vi.mocked(prisma.$transaction).mockResolvedValue([null, null]);
+      vi.mocked(prisma.contact.findFirst).mockResolvedValue(null);
 
       const result = await getPersonSegmentIds(
         mockEnvironmentId,
@@ -153,14 +155,16 @@ describe("segments lib", () => {
         mockContactUserId,
         mockDeviceType
       );
-
       expect(result).toEqual([]);
       expect(segmentFilterToPrismaQuery).toHaveBeenCalledTimes(mockSegmentsData.length);
-      expect(prisma.$transaction).toHaveBeenCalledTimes(1);
     });
 
     test("should call validateInputs with correct parameters", async () => {
-      vi.mocked(prisma.$transaction).mockResolvedValue([{ id: mockContactId }, { id: mockContactId }]);
+      vi.mocked(prisma.contact.findFirst).mockResolvedValue({ id: mockContactId } as Prisma.Result<
+        typeof prisma.contact,
+        unknown,
+        "findFirst"
+      >);
 
       await getPersonSegmentIds(mockEnvironmentId, mockContactId, mockContactUserId, mockDeviceType);
       expect(validateInputs).toHaveBeenCalledWith(
@@ -171,7 +175,14 @@ describe("segments lib", () => {
     });
 
     test("should return only matching segment IDs", async () => {
-      vi.mocked(prisma.$transaction).mockResolvedValue([{ id: mockContactId }, null]);
+      // First segment matches, second doesn't
+      vi.mocked(prisma.contact.findFirst)
+        .mockResolvedValueOnce({ id: mockContactId } as Prisma.Result<
+          typeof prisma.contact,
+          unknown,
+          "findFirst"
+        >) // First segment matches
+        .mockResolvedValueOnce(null); // Second segment does not match
 
       const result = await getPersonSegmentIds(
         mockEnvironmentId,
@@ -182,66 +193,6 @@ describe("segments lib", () => {
 
       expect(result).toEqual([mockSegmentsData[0].id]);
       expect(segmentFilterToPrismaQuery).toHaveBeenCalledTimes(mockSegmentsData.length);
-      expect(prisma.$transaction).toHaveBeenCalledTimes(1);
-    });
-
-    test("should include segments with no filters as always-matching", async () => {
-      const segmentsWithEmptyFilters = [
-        { id: "segment-no-filter", filters: [] },
-        { id: "segment-with-filter", filters: [{}] as TBaseFilter[] },
-      ];
-      vi.mocked(prisma.segment.findMany).mockResolvedValue(
-        segmentsWithEmptyFilters as Prisma.Result<typeof prisma.segment, unknown, "findMany">
-      );
-      vi.mocked(prisma.$transaction).mockResolvedValue([{ id: mockContactId }]);
-
-      const result = await getPersonSegmentIds(
-        mockEnvironmentId,
-        mockContactId,
-        mockContactUserId,
-        mockDeviceType
-      );
-
-      expect(result).toContain("segment-no-filter");
-      expect(result).toContain("segment-with-filter");
-      expect(segmentFilterToPrismaQuery).toHaveBeenCalledTimes(1);
-      expect(prisma.$transaction).toHaveBeenCalledTimes(1);
-    });
-
-    test("should skip segments where filter query building fails", async () => {
-      vi.mocked(segmentFilterToPrismaQuery)
-        .mockResolvedValueOnce({
-          ok: true,
-          data: { whereClause: mockWhereClause },
-        })
-        .mockResolvedValueOnce({
-          ok: false,
-          error: { type: "bad_request", message: "Invalid filters", details: [] },
-        });
-      vi.mocked(prisma.$transaction).mockResolvedValue([{ id: mockContactId }]);
-
-      const result = await getPersonSegmentIds(
-        mockEnvironmentId,
-        mockContactId,
-        mockContactUserId,
-        mockDeviceType
-      );
-
-      expect(result).toEqual(["segment1"]);
-      expect(prisma.$transaction).toHaveBeenCalledTimes(1);
-    });
-
-    test("should return empty array on unexpected error", async () => {
-      vi.mocked(prisma.segment.findMany).mockRejectedValue(new Error("Unexpected"));
-
-      const result = await getPersonSegmentIds(
-        mockEnvironmentId,
-        mockContactId,
-        mockContactUserId,
-        mockDeviceType
-      );
-
-      expect(result).toEqual([]);
     });
   });
 });

apps/web/modules/ee/contacts/api/v1/client/[environmentId]/user/lib/segments.ts

@@ -37,6 +37,47 @@ export const getSegments = reactCache(
     )
 );
 
+/**
+ * Checks if a contact matches a segment using Prisma query
+ * This leverages native DB types (valueDate, valueNumber) for accurate comparisons
+ * Device filters are evaluated at query build time using the provided deviceType
+ */
+const isContactInSegment = async (
+  contactId: string,
+  segmentId: string,
+  filters: TBaseFilters,
+  environmentId: string,
+  deviceType: "phone" | "desktop"
+): Promise<boolean> => {
+  // If no filters, segment matches all contacts
+  if (!filters || filters.length === 0) {
+    return true;
+  }
+
+  const queryResult = await segmentFilterToPrismaQuery(segmentId, filters, environmentId, deviceType);
+
+  if (!queryResult.ok) {
+    logger.warn(
+      { segmentId, environmentId, error: queryResult.error },
+      "Failed to build Prisma query for segment"
+    );
+    return false;
+  }
+
+  const { whereClause } = queryResult.data;
+
+  // Check if this specific contact matches the segment filters
+  const matchingContact = await prisma.contact.findFirst({
+    where: {
+      id: contactId,
+      ...whereClause,
+    },
+    select: { id: true },
+  });
+
+  return matchingContact !== null;
+};
+
 export const getPersonSegmentIds = async (
   environmentId: string,
   contactId: string,
@@ -48,70 +89,23 @@ export const getPersonSegmentIds = async (
 
     const segments = await getSegments(environmentId);
 
-    if (!segments || !Array.isArray(segments) || segments.length === 0) {
+    // fast path; if there are no segments, return an empty array
+    if (!segments || !Array.isArray(segments)) {
       return [];
     }
 
-    // Phase 1: Build all Prisma where clauses concurrently.
-    // This converts segment filters into where clauses without per-contact DB queries.
-    const segmentWithClauses = await Promise.all(
-      segments.map(async (segment) => {
-        const filters = segment.filters as TBaseFilters | null;
+    // Device filters are evaluated at query build time using the provided deviceType
+    const segmentPromises = segments.map(async (segment) => {
+      const filters = segment.filters;
+      const isIncluded = await isContactInSegment(contactId, segment.id, filters, environmentId, deviceType);
+      return isIncluded ? segment.id : null;
+    });
 
-        if (!filters || filters.length === 0) {
-          return { segmentId: segment.id, whereClause: {} as Prisma.ContactWhereInput };
-        }
+    const results = await Promise.all(segmentPromises);
 
-        const queryResult = await segmentFilterToPrismaQuery(segment.id, filters, environmentId, deviceType);
-
-        if (!queryResult.ok) {
-          logger.warn(
-            { segmentId: segment.id, environmentId, error: queryResult.error },
-            "Failed to build Prisma query for segment"
-          );
-          return { segmentId: segment.id, whereClause: null };
-        }
-
-        return { segmentId: segment.id, whereClause: queryResult.data.whereClause };
-      })
-    );
-
-    // Separate segments into: always-match (no filters), needs-DB-check, and failed-to-build
-    const alwaysMatchIds: string[] = [];
-    const toCheck: { segmentId: string; whereClause: Prisma.ContactWhereInput }[] = [];
-
-    for (const item of segmentWithClauses) {
-      if (item.whereClause === null) {
-        continue;
-      }
-
-      if (Object.keys(item.whereClause).length === 0) {
-        alwaysMatchIds.push(item.segmentId);
-      } else {
-        toCheck.push({ segmentId: item.segmentId, whereClause: item.whereClause });
-      }
-    }
-
-    if (toCheck.length === 0) {
-      return alwaysMatchIds;
-    }
-
-    // Phase 2: Batch all contact-match checks into a single DB transaction.
-    // Replaces N individual findFirst queries with one batched round-trip.
-    const batchResults = await prisma.$transaction(
-      toCheck.map(({ whereClause }) =>
-        prisma.contact.findFirst({
-          where: { id: contactId, ...whereClause },
-          select: { id: true },
-        })
-      )
-    );
-
-    // Phase 3: Collect matching segment IDs
-    const dbMatchIds = toCheck.filter((_, i) => batchResults[i] !== null).map(({ segmentId }) => segmentId);
-
-    return [...alwaysMatchIds, ...dbMatchIds];
+    return results.filter((id): id is string => id !== null);
   } catch (error) {
+    // Log error for debugging but don't throw to prevent "segments is not iterable" error
     logger.warn(
       {
         environmentId,

apps/web/modules/ee/contacts/lib/attribute-storage.ts

@@ -54,6 +54,7 @@ export const prepareNewSDKAttributeForStorage = (
 };
 
 const handleStringType = (value: TRawValue): TAttributeStorageColumns => {
+  // String type - only use value column
   let stringValue: string;
 
   if (value instanceof Date) {

apps/web/modules/ee/contacts/lib/attributes.ts

@@ -130,12 +130,7 @@ export const updateAttributes = async (
   const messages: TAttributeUpdateMessage[] = [];
   const errors: TAttributeUpdateMessage[] = [];
 
-  // Coerce boolean values to strings (SDK may send booleans for string attributes)
-  const coercedAttributes: Record<string, string | number> = {};
-  for (const [key, value] of Object.entries(contactAttributesParam)) {
-    coercedAttributes[key] = typeof value === "boolean" ? String(value) : value;
-  }
-
+  // Convert email and userId to strings for lookup (they should always be strings, but handle numbers gracefully)
   const emailValue =
     contactAttributesParam.email === null || contactAttributesParam.email === undefined
       ? null
@@ -159,7 +154,7 @@ export const updateAttributes = async (
   const userIdExists = !!existingUserIdAttribute;
 
   // Remove email and/or userId from attributes if they already exist on another contact
-  let contactAttributes = { ...coercedAttributes };
+  let contactAttributes = { ...contactAttributesParam };
 
   // Determine what the final email and userId values will be after this update
   // Only consider a value as "submitted" if it was explicitly included in the attributes

apps/web/modules/ee/contacts/segments/lib/filter/prisma-query.test.ts

@@ -5,14 +5,10 @@ import { getSegment } from "../segments";
 import { segmentFilterToPrismaQuery } from "./prisma-query";
 
 const mockQueryRawUnsafe = vi.fn();
-const mockFindFirst = vi.fn();
 
 vi.mock("@formbricks/database", () => ({
   prisma: {
     $queryRawUnsafe: (...args: unknown[]) => mockQueryRawUnsafe(...args),
-    contactAttribute: {
-      findFirst: (...args: unknown[]) => mockFindFirst(...args),
-    },
   },
 }));
 
@@ -30,9 +26,7 @@ describe("segmentFilterToPrismaQuery", () => {
 
   beforeEach(() => {
     vi.clearAllMocks();
-    // Default: backfill is complete, no un-migrated rows
-    mockFindFirst.mockResolvedValue(null);
-    // Fallback path mock: raw SQL returns one matching contact when un-migrated rows exist
+    // Default mock: number filter raw SQL returns one matching contact
     mockQueryRawUnsafe.mockResolvedValue([{ contactId: "mock-contact-1" }]);
   });
 
@@ -151,16 +145,7 @@ describe("segmentFilterToPrismaQuery", () => {
             },
           },
         ],
-        OR: [
-          {
-            attributes: {
-              some: {
-                attributeKey: { key: "age" },
-                valueNumber: { gt: 30 },
-              },
-            },
-          },
-        ],
+        OR: [{ id: { in: ["mock-contact-1"] } }],
       });
     }
   });
@@ -772,12 +757,7 @@ describe("segmentFilterToPrismaQuery", () => {
       });
 
       expect(subgroup.AND[0].AND[2]).toStrictEqual({
-        attributes: {
-          some: {
-            attributeKey: { key: "age" },
-            valueNumber: { gte: 18 },
-          },
-        },
+        id: { in: ["mock-contact-1"] },
       });
 
       // Segment inclusion
@@ -1178,23 +1158,10 @@ describe("segmentFilterToPrismaQuery", () => {
         },
       });
 
-      // Second subgroup (numeric operators - uses clean Prisma filter post-backfill)
+      // Second subgroup (numeric operators - now use raw SQL subquery returning contact IDs)
       const secondSubgroup = whereClause.AND?.[0];
       expect(secondSubgroup.AND[1].AND).toContainEqual({
-        attributes: {
-          some: {
-            attributeKey: { key: "loginCount" },
-            valueNumber: { gt: 5 },
-          },
-        },
-      });
-      expect(secondSubgroup.AND[1].AND).toContainEqual({
-        attributes: {
-          some: {
-            attributeKey: { key: "purchaseAmount" },
-            valueNumber: { lte: 1000 },
-          },
-        },
+        id: { in: ["mock-contact-1"] },
       });
 
       // Third subgroup (negation operators in OR clause)
@@ -1265,7 +1232,7 @@ describe("segmentFilterToPrismaQuery", () => {
             {
               attributes: {
                 some: {
-                  attributeKey: { key: "purchaseDate", dataType: "date" },
+                  attributeKey: { key: "purchaseDate" },
                   OR: [
                     { valueDate: { lt: new Date(targetDate) } },
                     { valueDate: null, value: { lt: new Date(targetDate).toISOString() } },
@@ -1309,7 +1276,7 @@ describe("segmentFilterToPrismaQuery", () => {
             {
               attributes: {
                 some: {
-                  attributeKey: { key: "signupDate", dataType: "date" },
+                  attributeKey: { key: "signupDate" },
                   OR: [
                     { valueDate: { gt: new Date(targetDate) } },
                     { valueDate: null, value: { gt: new Date(targetDate).toISOString() } },
@@ -1354,7 +1321,7 @@ describe("segmentFilterToPrismaQuery", () => {
             {
               attributes: {
                 some: {
-                  attributeKey: { key: "lastActivityDate", dataType: "date" },
+                  attributeKey: { key: "lastActivityDate" },
                   OR: [
                     { valueDate: { gte: new Date(startDate), lte: new Date(endDate) } },
                     {
@@ -1671,15 +1638,8 @@ describe("segmentFilterToPrismaQuery", () => {
           mode: "insensitive",
         });
 
-        // Number filter uses clean Prisma filter post-backfill
-        expect(andConditions[1]).toEqual({
-          attributes: {
-            some: {
-              attributeKey: { key: "purchaseCount" },
-              valueNumber: { gt: 5 },
-            },
-          },
-        });
+        // Number filter uses raw SQL subquery (transition code) returning contact IDs
+        expect(andConditions[1]).toEqual({ id: { in: ["mock-contact-1"] } });
 
         // Date filter uses OR fallback with 'valueDate' and string 'value'
         expect((andConditions[2] as unknown as any).attributes.some.OR[0].valueDate).toHaveProperty("gte");

apps/web/modules/ee/contacts/segments/lib/filter/prisma-query.ts

@@ -107,7 +107,7 @@ const buildDateAttributeFilterWhereClause = (filter: TSegmentAttributeFilter): P
   return {
     attributes: {
       some: {
-        attributeKey: { key: contactAttributeKey, dataType: "date" },
+        attributeKey: { key: contactAttributeKey },
         OR: [{ valueDate: dateCondition }, { valueDate: null, value: stringDateCondition }],
       },
     },
@@ -116,102 +116,59 @@ const buildDateAttributeFilterWhereClause = (filter: TSegmentAttributeFilter): P
 
 /**
  * Builds a Prisma where clause for number attribute filters.
- * Uses a clean Prisma query when all rows have valueNumber populated (post-backfill).
- * Falls back to a raw SQL subquery for un-migrated rows (valueNumber NULL, value contains numeric string).
+ * Uses a raw SQL subquery to handle both migrated rows (valueNumber populated)
+ * and un-migrated rows (valueNumber NULL, value contains numeric string).
+ * This is transition code for the deferred value backfill.
  *
  * TODO: After the backfill script has been run and all valueNumber columns are populated,
- * remove the un-migrated fallback path entirely.
+ * revert this to the clean Prisma-only version that queries valueNumber directly.
  */
 const buildNumberAttributeFilterWhereClause = async (
-  filter: TSegmentAttributeFilter,
-  environmentId: string
+  filter: TSegmentAttributeFilter
 ): Promise<Prisma.ContactWhereInput> => {
   const { root, qualifier, value } = filter;
   const { contactAttributeKey } = root;
   const { operator } = qualifier;
 
   const numericValue = typeof value === "number" ? value : Number(value);
-
-  let valueNumberCondition: Prisma.FloatNullableFilter;
-
-  switch (operator) {
-    case "greaterThan":
-      valueNumberCondition = { gt: numericValue };
-      break;
-    case "greaterEqual":
-      valueNumberCondition = { gte: numericValue };
-      break;
-    case "lessThan":
-      valueNumberCondition = { lt: numericValue };
-      break;
-    case "lessEqual":
-      valueNumberCondition = { lte: numericValue };
-      break;
-    default:
-      return {};
-  }
-
-  const migratedFilter: Prisma.ContactWhereInput = {
-    attributes: {
-      some: {
-        attributeKey: { key: contactAttributeKey },
-        valueNumber: valueNumberCondition,
-      },
-    },
-  };
-
-  const hasUnmigratedRows = await prisma.contactAttribute.findFirst({
-    where: {
-      attributeKey: {
-        key: contactAttributeKey,
-        environmentId,
-        dataType: "number",
-      },
-      valueNumber: null,
-    },
-    select: { id: true },
-  });
-
-  if (!hasUnmigratedRows) {
-    return migratedFilter;
-  }
-
   const sqlOp = SQL_OPERATORS[operator];
-  const unmigratedMatchingIds = await prisma.$queryRawUnsafe<{ contactId: string }[]>(
+
+  if (!sqlOp) {
+    return {};
+  }
+
+  const matchingContactIds = await prisma.$queryRawUnsafe<{ contactId: string }[]>(
     `
     SELECT DISTINCT ca."contactId"
     FROM "ContactAttribute" ca
     JOIN "ContactAttributeKey" cak ON ca."attributeKeyId" = cak.id
     WHERE cak.key = $1
-    AND cak."environmentId" = $4
-    AND cak."dataType" = 'number'
-    AND ca."valueNumber" IS NULL
-    AND ca.value ~ $3
-    AND ca.value::double precision ${sqlOp} $2
+    AND (
+      (ca."valueNumber" IS NOT NULL AND ca."valueNumber" ${sqlOp} $2)
+      OR
+      (ca."valueNumber" IS NULL AND ca.value ~ $3 AND ca.value::double precision ${sqlOp} $2)
+    )
     `,
     contactAttributeKey,
     numericValue,
-    NUMBER_PATTERN_SQL,
-    environmentId
+    NUMBER_PATTERN_SQL
   );
 
-  if (unmigratedMatchingIds.length === 0) {
-    return migratedFilter;
+  const contactIds = matchingContactIds.map((r) => r.contactId);
+
+  if (contactIds.length === 0) {
+    // Return an impossible condition so the filter correctly excludes all contacts
+    return { id: "__NUMBER_FILTER_NO_MATCH__" };
   }
 
-  const contactIds = unmigratedMatchingIds.map((r) => r.contactId);
-
-  return {
-    OR: [migratedFilter, { id: { in: contactIds } }],
-  };
+  return { id: { in: contactIds } };
 };
 
 /**
  * Builds a Prisma where clause from a segment attribute filter
  */
 const buildAttributeFilterWhereClause = async (
-  filter: TSegmentAttributeFilter,
-  environmentId: string
+  filter: TSegmentAttributeFilter
 ): Promise<Prisma.ContactWhereInput> => {
   const { root, qualifier, value } = filter;
   const { contactAttributeKey } = root;
@@ -258,7 +215,7 @@ const buildAttributeFilterWhereClause = async (
 
   // Handle number operators
   if (["greaterThan", "greaterEqual", "lessThan", "lessEqual"].includes(operator)) {
-    return await buildNumberAttributeFilterWhereClause(filter, environmentId);
+    return await buildNumberAttributeFilterWhereClause(filter);
   }
 
   // For string operators, ensure value is a primitive (not an object or array)
@@ -296,8 +253,7 @@ const buildAttributeFilterWhereClause = async (
  * Builds a Prisma where clause from a person filter
  */
 const buildPersonFilterWhereClause = async (
-  filter: TSegmentPersonFilter,
-  environmentId: string
+  filter: TSegmentPersonFilter
 ): Promise<Prisma.ContactWhereInput> => {
   const { personIdentifier } = filter.root;
 
@@ -309,7 +265,7 @@ const buildPersonFilterWhereClause = async (
         contactAttributeKey: personIdentifier,
       },
     };
-    return await buildAttributeFilterWhereClause(personFilter, environmentId);
+    return await buildAttributeFilterWhereClause(personFilter);
   }
 
   return {};
@@ -358,7 +314,6 @@ const buildDeviceFilterWhereClause = (
 const buildSegmentFilterWhereClause = async (
   filter: TSegmentSegmentFilter,
   segmentPath: Set<string>,
-  environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
   const { root } = filter;
@@ -382,7 +337,7 @@ const buildSegmentFilterWhereClause = async (
   const newPath = new Set(segmentPath);
   newPath.add(segmentId);
 
-  return processFilters(segment.filters, newPath, environmentId, deviceType);
+  return processFilters(segment.filters, newPath, deviceType);
 };
 
 /**
@@ -391,25 +346,19 @@ const buildSegmentFilterWhereClause = async (
 const processSingleFilter = async (
   filter: TSegmentFilter,
   segmentPath: Set<string>,
-  environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
   const { root } = filter;
 
   switch (root.type) {
     case "attribute":
-      return await buildAttributeFilterWhereClause(filter as TSegmentAttributeFilter, environmentId);
+      return await buildAttributeFilterWhereClause(filter as TSegmentAttributeFilter);
     case "person":
-      return await buildPersonFilterWhereClause(filter as TSegmentPersonFilter, environmentId);
+      return await buildPersonFilterWhereClause(filter as TSegmentPersonFilter);
     case "device":
       return buildDeviceFilterWhereClause(filter as TSegmentDeviceFilter, deviceType);
     case "segment":
-      return await buildSegmentFilterWhereClause(
-        filter as TSegmentSegmentFilter,
-        segmentPath,
-        environmentId,
-        deviceType
-      );
+      return await buildSegmentFilterWhereClause(filter as TSegmentSegmentFilter, segmentPath, deviceType);
     default:
       return {};
   }
@@ -421,7 +370,6 @@ const processSingleFilter = async (
 const processFilters = async (
   filters: TBaseFilters,
   segmentPath: Set<string>,
-  environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
   if (filters.length === 0) return {};
@@ -438,10 +386,10 @@ const processFilters = async (
     // Process the resource based on its type
     if (isResourceFilter(resource)) {
       // If it's a single filter, process it directly
-      whereClause = await processSingleFilter(resource, segmentPath, environmentId, deviceType);
+      whereClause = await processSingleFilter(resource, segmentPath, deviceType);
     } else {
       // If it's a group of filters, process it recursively
-      whereClause = await processFilters(resource, segmentPath, environmentId, deviceType);
+      whereClause = await processFilters(resource, segmentPath, deviceType);
     }
 
     if (Object.keys(whereClause).length === 0) continue;
@@ -484,7 +432,7 @@ export const segmentFilterToPrismaQuery = reactCache(
 
       // Initialize an empty stack for tracking the current evaluation path
       const segmentPath = new Set<string>([segmentId]);
-      const filtersWhereClause = await processFilters(filters, segmentPath, environmentId, deviceType);
+      const filtersWhereClause = await processFilters(filters, segmentPath, deviceType);
 
       const whereClause = {
         AND: [baseWhereClause, filtersWhereClause],

apps/web/modules/ee/contacts/segments/lib/segments.ts

@@ -136,48 +136,28 @@ export const createSegment = async (segmentCreateInput: TSegmentCreateInput): Pr
 
   const { description, environmentId, filters, isPrivate, surveyId, title } = segmentCreateInput;
 
-  const surveyConnect = surveyId ? { surveys: { connect: { id: surveyId } } } : {};
+  let data: Prisma.SegmentCreateArgs["data"] = {
+    environmentId,
+    title,
+    description,
+    isPrivate,
+    filters,
+  };
+
+  if (surveyId) {
+    data = {
+      ...data,
+      surveys: {
+        connect: {
+          id: surveyId,
+        },
+      },
+    };
+  }
 
   try {
-    // Private segments use upsert because auto-save may have already created a
-    // default (empty-filter) segment via connectOrCreate before the user publishes.
-    // Without upsert the second create hits the (environmentId, title) unique constraint.
-    if (isPrivate) {
-      const segment = await prisma.segment.upsert({
-        where: {
-          environmentId_title: {
-            environmentId,
-            title,
-          },
-        },
-        create: {
-          environmentId,
-          title,
-          description,
-          isPrivate,
-          filters,
-          ...surveyConnect,
-        },
-        update: {
-          description,
-          filters,
-          ...surveyConnect,
-        },
-        select: selectSegment,
-      });
-
-      return transformPrismaSegment(segment);
-    }
-
     const segment = await prisma.segment.create({
-      data: {
-        environmentId,
-        title,
-        description,
-        isPrivate,
-        filters,
-        ...surveyConnect,
-      },
+      data,
       select: selectSegment,
     });
 

apps/web/modules/storage/utils.ts

@@ -151,7 +151,7 @@ export const getErrorResponseFromStorageError = (
 
 /**
  * Resolves a storage URL to an absolute URL.
- * - If already absolute, returns as-is
+ * - If already absolute, returns as-is (backward compatibility for old data)
  * - If relative (/storage/...), prepends the appropriate base URL
  * @param url The storage URL (relative or absolute)
  * @param accessType The access type to determine which base URL to use (defaults to "public")
@@ -163,7 +163,7 @@ export const resolveStorageUrl = (
 ): string => {
   if (!url) return "";
 
-  // Already absolute URL - return as-is
+  // Already absolute URL - return as-is (backward compatibility for old data)
   if (url.startsWith("http://") || url.startsWith("https://")) {
     return url;
   }
@@ -176,41 +176,3 @@ export const resolveStorageUrl = (
 
   return url;
 };
-
-// Matches the actual storage URL format: /storage/{id}/{public|private}/{filename...}
-const STORAGE_URL_PATTERN = /^\/storage\/[^/]+\/(public|private)\/.+/;
-
-const isStorageUrl = (value: string): boolean => STORAGE_URL_PATTERN.test(value);
-
-export const resolveStorageUrlAuto = (url: string): string => {
-  if (!isStorageUrl(url)) return url;
-  const accessType = url.includes("/private/") ? "private" : "public";
-  return resolveStorageUrl(url, accessType);
-};
-
-/**
- * Recursively walks an object/array and resolves all relative storage URLs
- * Preserves the original structure; skips Date instances and non-object primitives.
- */
-export const resolveStorageUrlsInObject = <T>(obj: T): T => {
-  if (obj === null || obj === undefined) return obj;
-
-  if (typeof obj === "string") {
-    return resolveStorageUrlAuto(obj) as T;
-  }
-
-  if (typeof obj !== "object") return obj;
-
-  if (obj instanceof Date) return obj;
-
-  if (Array.isArray(obj)) {
-    return obj.map((item) => resolveStorageUrlsInObject(item)) as T;
-  }
-
-  const result: Record<string, unknown> = {};
-  for (const [key, value] of Object.entries(obj as Record<string, unknown>)) {
-    result[key] = resolveStorageUrlsInObject(value);
-  }
-
-  return result as T;
-};

apps/web/modules/ui/components/survey/index.tsx

@@ -40,7 +40,10 @@ export const SurveyInline = (props: Omit<SurveyContainerProps, "containerId">) =
     isLoadingScript = true;
     try {
       const scriptUrl = props.appUrl ? `${props.appUrl}/js/surveys.umd.cjs` : "/js/surveys.umd.cjs";
-      const response = await fetch(scriptUrl);
+      const response = await fetch(
+        scriptUrl,
+        process.env.NODE_ENV === "development" ? { cache: "no-store" } : {}
+      );
 
       if (!response.ok) {
         throw new Error("Failed to load the surveys package");

apps/web/next.config.mjs

@@ -405,6 +405,14 @@ const nextConfig = {
   },
   async rewrites() {
     return [
+      {
+        source: "/hub",
+        destination: "https://hub.stldocs.app",
+      },
+      {
+        source: "/hub/:path*",
+        destination: "https://hub.stldocs.app/:path*",
+      },
       {
         source: "/api/packages/website",
         destination: "/js/formbricks.umd.cjs",
@@ -482,5 +490,4 @@ const sentryOptions = {
 // Runtime Sentry reporting still depends on DSN being set via environment variables
 const exportConfig = process.env.SENTRY_AUTH_TOKEN ? withSentryConfig(nextConfig, sentryOptions) : nextConfig;
 
-
 export default exportConfig;

charts/formbricks/templates/NOTES.txt

@@ -118,7 +118,7 @@ Scaling:
    kubectl get hpa -n {{ .Release.Namespace }} {{ include "formbricks.name" . }}
    ```
 {{- else }}
-   HPA is **not enabled**. Your deployment has a fixed number of `{{ .Values.deployment.replicas }}` replicas.
+   HPA is **not enabled**. Your deployment has a fixed number of `{{ .Values.replicaCount }}` replicas.
    Manually scale using:
    ```sh
    kubectl scale deployment -n {{ .Release.Namespace }} {{ include "formbricks.name" . }} --replicas=<desired_number>
@@ -127,34 +127,6 @@ Scaling:
 
 ---
 
-Pod Disruption Budget:
-
-{{- if .Values.pdb.enabled }}
-   A PodDisruptionBudget is active to protect against voluntary disruptions.
-   {{- if not (kindIs "invalid" .Values.pdb.minAvailable) }}
-   - **Min Available**: `{{ .Values.pdb.minAvailable }}`
-   {{- end }}
-   {{- if not (kindIs "invalid" .Values.pdb.maxUnavailable) }}
-   - **Max Unavailable**: `{{ .Values.pdb.maxUnavailable }}`
-   {{- end }}
-
-   Check PDB status:
-   ```sh
-   kubectl get pdb -n {{ .Release.Namespace }} {{ include "formbricks.name" . }}
-   ```
-   {{- if and .Values.autoscaling.enabled (eq (int .Values.autoscaling.minReplicas) 1) }}
-
-   WARNING: autoscaling.minReplicas is 1. With minAvailable: 1, the PDB
-   will block all node drains when only 1 replica is running. Set
-   autoscaling.minReplicas to at least 2 for proper HA protection.
-   {{- end }}
-{{- else }}
-   PDB is **not enabled**. Voluntary disruptions (node drains, upgrades) may
-   take down all pods simultaneously.
-{{- end }}
-
----
-
 External Secrets:
 {{- if .Values.externalSecret.enabled }}
    External secrets are enabled.

charts/formbricks/templates/pdb.yaml

@@ -1,37 +0,0 @@
-{{- if .Values.pdb.enabled }}
-{{- $hasMinAvailable := not (kindIs "invalid" .Values.pdb.minAvailable) -}}
-{{- $hasMaxUnavailable := not (kindIs "invalid" .Values.pdb.maxUnavailable) -}}
-{{- if and $hasMinAvailable $hasMaxUnavailable }}
-  {{- fail "pdb.minAvailable and pdb.maxUnavailable are mutually exclusive; set only one" }}
-{{- end }}
-{{- if not (or $hasMinAvailable $hasMaxUnavailable) }}
-  {{- fail "pdb.enabled is true but neither pdb.minAvailable nor pdb.maxUnavailable is set; set exactly one" }}
-{{- end }}
----
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ template "formbricks.name" . }}
-  labels:
-    {{- include "formbricks.labels" . | nindent 4 }}
-    {{- with .Values.pdb.additionalLabels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- if .Values.pdb.annotations }}
-  annotations:
-    {{- toYaml .Values.pdb.annotations | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if $hasMinAvailable }}
-  minAvailable: {{ .Values.pdb.minAvailable }}
-  {{- end }}
-  {{- if $hasMaxUnavailable }}
-  maxUnavailable: {{ .Values.pdb.maxUnavailable }}
-  {{- end }}
-  {{- if .Values.pdb.unhealthyPodEvictionPolicy }}
-  unhealthyPodEvictionPolicy: {{ .Values.pdb.unhealthyPodEvictionPolicy }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "formbricks.selectorLabels" . | nindent 6 }}
-{{- end }}

charts/formbricks/values.yaml

@@ -214,42 +214,6 @@ autoscaling:
           value: 2
           periodSeconds: 60 # Add at most 2 pods every minute
 
-##########################################################
-# Pod Disruption Budget (PDB)
-#
-# Ensures a minimum number of pods remain available during
-# voluntary disruptions (node drains, cluster upgrades, etc.).
-#
-# IMPORTANT:
-#   - minAvailable and maxUnavailable are MUTUALLY EXCLUSIVE.
-#     Setting both will cause a helm install/upgrade failure.
-#     To switch, set the unused one to null in your override file.
-#   - Accepts an integer (e.g., 1) or a percentage string (e.g., "25%").
-#   - For PDB to provide real HA protection, ensure
-#     autoscaling.minReplicas >= 2 (or deployment.replicas >= 2
-#     if HPA is disabled). With only 1 replica and minAvailable: 1,
-#     the PDB will block ALL node drains and cluster upgrades.
-##########################################################
-pdb:
-  enabled: true
-  additionalLabels: {}
-  annotations: {}
-
-  # Minimum pods that must remain available during disruptions.
-  # Set to null and configure maxUnavailable instead if preferred.
-  minAvailable: 1
-
-  # Maximum pods that can be unavailable during disruptions.
-  # Mutually exclusive with minAvailable — uncomment and set
-  # minAvailable to null to use this instead.
-  # maxUnavailable: 1
-
-  # Eviction policy for unhealthy pods (Kubernetes 1.27+).
-  # "IfHealthy"    — unhealthy pods count toward the budget (default).
-  # "AlwaysAllow"  — unhealthy pods can always be evicted,
-  #                  preventing them from blocking node drain.
-  # unhealthyPodEvictionPolicy: AlwaysAllow
-
 ##########################################################
 # Service Configuration
 ##########################################################

docs/self-hosting/advanced/rate-limiting.mdx

@@ -1,41 +1,94 @@
 ---
 title: "Rate Limiting"
-description: "Rate limiting for Formbricks"
+description: "Current request rate limits in Formbricks"
 icon: "timer"
 ---
 
-To protect the platform from abuse and ensure fair usage, rate limiting is enforced by default on an IP-address basis. If a client exceeds the allowed number of requests within the specified time window, the API will return a `429 Too Many Requests` status code.
+Formbricks applies request rate limits to protect against abuse and keep API usage fair.
 
-## Default Rate Limits
+Rate limits are scoped by identifier, depending on the endpoint:
 
-The following rate limits apply to various endpoints:
+- IP hash (for unauthenticated/client-side routes and public actions)
+- API key ID (for authenticated API calls)
+- User ID (for authenticated session-based calls and server actions)
+- Organization ID (for follow-up email dispatch)
 
-| **Endpoint**            | **Rate Limit** | **Time Window** |
-| ----------------------- | -------------- | --------------- |
-| `POST /login`           | 30 requests    | 15 minutes      |
-| `POST /signup`          | 30 requests    | 60 minutes      |
-| `POST /verify-email`    | 10 requests    | 60 minutes      |
-| `POST /forgot-password` | 5 requests     | 60 minutes      |
-| `GET /client-side-api`  | 100 requests   | 1 minute        |
-| `POST /share`           | 100 requests   | 60 minutes      |
+When a limit is exceeded, the API returns `429 Too Many Requests`.
 
-If a request exceeds the defined rate limit, the server will respond with:
+## Management API Rate Limits
+
+These are the current limits for Management APIs:
+
+| **Route Group** | **Limit** | **Window** | **Identifier** |
+| --- | --- | --- | --- |
+| `/api/v1/management/*` (except `/api/v1/management/storage`), `/api/v1/webhooks/*`, `/api/v1/integrations/*`, `/api/v1/management/me` | 100 requests | 1 minute | API key ID or session user ID |
+| `/api/v2/management/*` (and other v2 authenticated routes that use `authenticatedApiClient`) | 100 requests | 1 minute | API key ID |
+| `POST /api/v1/management/storage` | 5 requests | 1 minute | API key ID or session user ID |
+
+## All Enforced Limits
+
+| **Config** | **Limit** | **Window** | **Identifier** | **Used For** |
+| --- | --- | --- | --- | --- |
+| `auth.login` | 10 requests | 15 minutes | IP hash | Email/password login flow (`/api/auth/callback/credentials`) |
+| `auth.signup` | 30 requests | 60 minutes | IP hash | Signup server action |
+| `auth.forgotPassword` | 5 requests | 60 minutes | IP hash | Forgot password server action |
+| `auth.verifyEmail` | 10 requests | 60 minutes | IP hash | Email verification callback + resend verification action |
+| `api.v1` | 100 requests | 1 minute | API key ID or session user ID | v1 management, webhooks, integrations, and `/api/v1/management/me` |
+| `api.v2` | 100 requests | 1 minute | API key ID | v2 authenticated API wrapper (`authenticatedApiClient`) |
+| `api.client` | 100 requests | 1 minute | IP hash | v1 client API routes (except `/api/v1/client/og` and storage upload override), plus v2 routes that re-use those v1 handlers |
+| `storage.upload` | 5 requests | 1 minute | IP hash or authenticated ID | Client storage upload and management storage upload |
+| `storage.delete` | 5 requests | 1 minute | API key ID or session user ID | `DELETE /storage/[environmentId]/[accessType]/[fileName]` |
+| `actions.emailUpdate` | 3 requests | 60 minutes | User ID | Profile email update action |
+| `actions.surveyFollowUp` | 50 requests | 60 minutes | Organization ID | Survey follow-up email processing |
+| `actions.sendLinkSurveyEmail` | 10 requests | 60 minutes | IP hash | Link survey email send action |
+| `actions.licenseRecheck` | 5 requests | 1 minute | User ID | Enterprise license recheck action |
+
+## Current Endpoint Exceptions
+
+The following routes are currently not rate-limited by the server-side limiter:
+
+- `GET /api/v1/client/og` (explicitly excluded)
+- `POST /api/v2/client/[environmentId]/responses`
+- `POST /api/v2/client/[environmentId]/displays`
+- `GET /api/v2/health`
+
+## 429 Response Shape
+
+v1-style endpoints return:
 
 ```json
 {
-  "code": 429,
-  "error": "Too many requests, Please try after a while!"
+  "code": "too_many_requests",
+  "message": "Maximum number of requests reached. Please try again later.",
+  "details": {}
+}
+```
+
+v2-style endpoints return:
+
+```json
+{
+  "error": {
+    "code": 429,
+    "message": "Too Many Requests"
+  }
 }
 ```
 
 ## Disabling Rate Limiting
 
-For self-hosters, rate limiting can be disabled if necessary. However, we **strongly recommend keeping rate limiting enabled in production environments** to prevent abuse.
+For self-hosters, rate limiting can be disabled if necessary. We strongly recommend keeping it enabled in production.
 
-To disable rate limiting, set the following environment variable:
+Set:
 
 ```bash
 RATE_LIMITING_DISABLED=1
 ```
 
-After making this change, restart your server to apply the new setting.
+After changing this value, restart the server.
+
+## Operational Notes
+
+- Redis/Valkey is required for robust rate limiting (`REDIS_URL`).
+- If Redis is unavailable at runtime, rate-limiter checks currently fail open (requests are allowed through without enforcement).
+- Authentication failure audit logging uses a separate throttle (`shouldLogAuthFailure()`) and is intentionally **fail-closed**: when Redis is unavailable or errors occur, audit log entries are **skipped entirely** rather than written without throttle control. This prevents spam while preserving the hash-integrity chain required for compliance. In other words, if Redis is down, no authentication-failure audit logs will be recorded—requests themselves are still allowed (fail-open rate limiting above), but the audit trail for those failures will not be written.

docs/xm-and-surveys/xm/best-practices/cancel-subscription.mdx

@@ -16,8 +16,6 @@ The Churn Survey is among the most effective ways to identify weaknesses in your
 
 * Follow-up to prevent bad reviews
 
-* Coming soon: Make survey mandatory
-
 ## Overview
 
 To run the Churn Survey in your app you want to proceed as follows:
@@ -80,13 +78,6 @@ Whenever a user visits this page, matches the filter conditions above and the re
 
 Here is our complete [Actions manual](/xm-and-surveys/surveys/website-app-surveys/actions/) covering [No-Code](/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-no-code-actions) and [Code](/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-code-actions) Actions.
 
-<Note>
-  Pre-churn flow coming soon We’re currently building full-screen survey
-  pop-ups. You’ll be able to prevent users from closing the survey unless they
-  respond to it. It’s certainly debatable if you want that but you could force
-  them to click through the survey before letting them cancel 🤷
-</Note>
-
 ### 5. Select Action in the “When to ask” card
 
 ![Select feedback button action](/images/xm-and-surveys/xm/best-practices/cancel-subscription/select-action.webp)

docs/xm-and-surveys/xm/best-practices/improve-trial-cr.mdx

@@ -46,13 +46,7 @@ _Want to change the button color? Adjust it in the project settings!_
 
 Save, and move over to the **Audience** tab.
 
-### 3. Pre-segment your audience (coming soon)
-
-<Note>
-### Filter by Attribute Coming Soon
-
-We're working on pre-segmenting users by attributes. This manual will be updated in the coming days.
-</Note>
+### 3. Pre-segment your audience
 
 Pre-segmentation isn't needed for this survey since you likely want to target all users who cancel their trial. You can use a specific user action, like clicking **Cancel Trial**, to show the survey only to users trying your product.
 
@@ -62,13 +56,13 @@ How you trigger your survey depends on your product. There are two options:
 
 - **Trigger by Page view:** If you have a page like `/trial-cancelled` for users who cancel their trial subscription, create a user action with the type "Page View." Select "Limit to specific pages" and apply URL filters with these settings:
 
-![Change text content](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-pageurl.webp)
+![Add page URL action](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-pageurl.webp)
 
 Whenever a user visits this page, the survey will be displayed ✅
 
 - **Trigger by Button Click:** In a different case, you have a “Cancel Trial" button in your app. You can setup a user Action with the `Inner Text`:
 
-![Change text content](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-innertext.webp)
+![Add inner text action](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-innertext.webp)
 
 Please have a look at our complete [Actions manual](/xm-and-surveys/surveys/website-app-surveys/actions) if you have questions.
 

docs/xm-and-surveys/xm/best-practices/interview-prompt.mdx

@@ -54,13 +54,7 @@ In the button settings you have to make sure it is set to “External URL”. In
 
 Save, and move over to the “Audience” tab.
 
-### 3. Pre-segment your audience (coming soon)
-
-<Note>
-  ## Filter by attribute coming soon. We're working on pre-segmenting users by
-
-  attributes. We will update this manual in the next few days.
-</Note>
+### 3. Pre-segment your audience
 
 Once you clicked over to the “Audience” tab you can change the settings. In the **Who To Send** card, select “Filter audience by attribute”. This allows you to only show the prompt to a specific segment of your user base.
 

packages/surveys/src/lib/validation/evaluator.ts

@@ -137,11 +137,6 @@ const checkRequiredField = (
     return null;
   }
 
-  // CTA elements never block progression (informational only)
-  if (element.type === TSurveyElementTypeEnum.CTA) {
-    return null;
-  }
-
   if (element.type === TSurveyElementTypeEnum.Ranking) {
     return validateRequiredRanking(value, t);
   }

packages/types/contact-attribute.ts

@@ -16,5 +16,5 @@ export type TContactAttribute = z.infer<typeof ZContactAttribute>;
 export const ZContactAttributes = z.record(z.string());
 export type TContactAttributes = z.infer<typeof ZContactAttributes>;
 
-export const ZContactAttributesInput = z.record(z.union([z.string(), z.number(), z.boolean()]));
+export const ZContactAttributesInput = z.record(z.union([z.string(), z.number()]));
 export type TContactAttributesInput = z.infer<typeof ZContactAttributesInput>;

sonar-project.properties

@@ -20,9 +20,6 @@ sonar.scm.exclusions.disabled=false
 # Encoding of the source code
 sonar.sourceEncoding=UTF-8
 
-# Node.js memory limit for JS/TS analysis (in MB)
-sonar.javascript.node.maxspace=8192
-
 # Coverage
 sonar.coverage.exclusions=**/*.test.*,**/*.spec.*,**/*.tsx,**/*.mdx,**/*.config.mts,**/*.config.ts,**/constants.ts,**/route.ts,**/route.tsx,**/types/**,**/types.ts,**/stories.*,**/*.mock.*,**/mocks/**,**/__mocks__/**,**/openapi.ts,**/openapi-document.ts,**/instrumentation.ts,scripts/openapi/merge-client-endpoints.ts,**/playwright/**,**/Dockerfile,**/*.config.cjs,**/*.css,**/templates.ts,**/actions.ts,apps/web/modules/ui/components/icons/*,**/*.json,apps/web/vitestSetup.ts,packages/js-core/src/index.ts,apps/web/tailwind.config.js,apps/web/postcss.config.js,apps/web/next.config.mjs,apps/web/scripts/**,packages/js-core/vitest.setup.ts,**/*.mjs,apps/web/modules/auth/lib/mock-data.ts,**/cache.ts,apps/web/app/**/billing-confirmation/**,apps/web/modules/ee/billing/**,apps/web/modules/ee/multi-language-surveys/**,apps/web/modules/email/**,apps/web/modules/integrations/**,apps/web/modules/setup/**/intro/**,apps/web/modules/setup/**/signup/**,apps/web/modules/setup/**/layout.tsx,apps/web/modules/survey/follow-ups/**,apps/web/app/share/**,apps/web/modules/ee/contacts/[contactId]/**,apps/web/modules/ee/contacts/components/**,apps/web/modules/ee/two-factor-auth/**,apps/web/lib/slack/**,apps/web/lib/notion/**,apps/web/lib/googleSheet/**,apps/web/app/api/google-sheet/**,apps/web/app/api/billing/**,apps/web/lib/airtable/**,apps/web/app/api/v1/integrations/**,apps/web/lib/env.ts,**/instrumentation-node.ts,**/cache/**,**/*.svg,apps/web/modules/ui/components/icons/**,apps/web/modules/ui/components/table/**,packages/survey-ui/**/*.stories.*
 sonar.cpd.exclusions=**/*.test.*,**/*.spec.*,**/*.tsx,**/*.mdx,**/*.config.mts,**/*.config.ts,**/constants.ts,**/route.ts,**/route.tsx,**/types/**,**/types.ts,**/stories.*,**/*.mock.*,**/mocks/**,**/__mocks__/**,**/openapi.ts,**/openapi-document.ts,**/instrumentation.ts,scripts/openapi/merge-client-endpoints.ts,**/playwright/**,**/Dockerfile,**/*.config.cjs,**/*.css,**/templates.ts,**/actions.ts,apps/web/modules/ui/components/icons/*,**/*.json,apps/web/vitestSetup.ts,apps/web/tailwind.config.js,apps/web/postcss.config.js,apps/web/next.config.mjs,apps/web/scripts/**,packages/js-core/vitest.setup.ts,packages/js-core/src/index.ts,**/*.mjs,apps/web/modules/auth/lib/mock-data.ts,**/cache.ts,apps/web/app/**/billing-confirmation/**,apps/web/modules/ee/billing/**,apps/web/modules/ee/multi-language-surveys/**,apps/web/modules/email/**,apps/web/modules/integrations/**,apps/web/modules/setup/**/intro/**,apps/web/modules/setup/**/signup/**,apps/web/modules/setup/**/layout.tsx,apps/web/modules/survey/follow-ups/**,apps/web/app/share/**,apps/web/modules/ee/contacts/[contactId]/**,apps/web/modules/ee/contacts/components/**,apps/web/modules/ee/two-factor-auth/**,apps/web/lib/slack/**,apps/web/lib/notion/**,apps/web/lib/googleSheet/**,apps/web/app/api/google-sheet/**,apps/web/app/api/billing/**,apps/web/lib/airtable/**,apps/web/app/api/v1/integrations/**,apps/web/lib/env.ts,**/instrumentation-node.ts,**/cache/**,**/*.svg,apps/web/modules/ui/components/icons/**,apps/web/modules/ui/components/table/**,packages/survey-ui/**/*.stories.*