fix: harden password reset token handling

Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/actions.ts

@@ -64,15 +64,17 @@ export const sendEmbedSurveyPreviewEmailAction = authenticatedActionClient
 
 const ZResetSurveyAction = z.object({
   surveyId: ZId,
-  organizationId: ZId,
   projectId: ZId,
 });
 
 export const resetSurveyAction = authenticatedActionClient.inputSchema(ZResetSurveyAction).action(
   withAuditLogging("updated", "survey", async ({ ctx, parsedInput }) => {
+    const organizationId = await getOrganizationIdFromSurveyId(parsedInput.surveyId);
+    const projectId = await getProjectIdFromSurveyId(parsedInput.surveyId);
+
     await checkAuthorizationUpdated({
       userId: ctx.user.id,
-      organizationId: parsedInput.organizationId,
+      organizationId,
       access: [
         {
           type: "organization",
@@ -81,12 +83,12 @@ export const resetSurveyAction = authenticatedActionClient.inputSchema(ZResetSur
         {
           type: "projectTeam",
           minPermission: "readWrite",
-          projectId: parsedInput.projectId,
+          projectId,
         },
       ],
     });
 
-    ctx.auditLoggingCtx.organizationId = parsedInput.organizationId;
+    ctx.auditLoggingCtx.organizationId = organizationId;
     ctx.auditLoggingCtx.surveyId = parsedInput.surveyId;
     ctx.auditLoggingCtx.oldObject = null;
 

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.tsx

@@ -64,7 +64,7 @@ export const SurveyAnalysisCTA = ({
   const [isResetModalOpen, setIsResetModalOpen] = useState(false);
   const [isResetting, setIsResetting] = useState(false);
 
-  const { organizationId, project } = useEnvironment();
+  const { project } = useEnvironment();
   const { refreshSingleUseId } = useSingleUseId(survey, isReadOnly);
 
   const appSetupCompleted = survey.type === "app" && environment.appSetupCompleted;
@@ -128,7 +128,6 @@ export const SurveyAnalysisCTA = ({
     setIsResetting(true);
     const result = await resetSurveyAction({
       surveyId: survey.id,
-      organizationId: organizationId,
       projectId: project.id,
     });
     if (result?.data) {

apps/web/instrumentation.ts

@@ -1,19 +1,7 @@
 import * as Sentry from "@sentry/nextjs";
-import { type Instrumentation } from "next";
-import { isExpectedError } from "@formbricks/types/errors";
 import { IS_PRODUCTION, PROMETHEUS_ENABLED, SENTRY_DSN } from "@/lib/constants";
 
-export const onRequestError: Instrumentation.onRequestError = (...args) => {
-  const [error] = args;
-
-  // Skip expected business-logic errors (AuthorizationError, ResourceNotFoundError, etc.)
-  // These are handled gracefully in the UI and don't need server-side Sentry reporting
-  if (error instanceof Error && isExpectedError(error)) {
-    return;
-  }
-
-  Sentry.captureRequestError(...args);
-};
+export const onRequestError = Sentry.captureRequestError;
 
 export const register = async () => {
   if (process.env.NEXT_RUNTIME === "nodejs") {

apps/web/modules/api/v2/lib/tests/utils.test.ts

@@ -217,7 +217,7 @@ describe("utils", () => {
   });
 
   describe("logApiError", () => {
-    test("logs API error details", () => {
+    test("logs API error details with method and path", () => {
       // Mock the withContext method and its returned error method
       const errorMock = vi.fn();
       const withContextMock = vi.fn().mockReturnValue({
@@ -228,7 +228,7 @@ describe("utils", () => {
       const originalWithContext = logger.withContext;
       logger.withContext = withContextMock;
 
-      const mockRequest = new Request("http://localhost/api/test");
+      const mockRequest = new Request("http://localhost/api/v2/management/surveys", { method: "POST" });
       mockRequest.headers.set("x-request-id", "123");
 
       const error: ApiErrorResponseV2 = {
@@ -238,9 +238,11 @@ describe("utils", () => {
 
       logApiError(mockRequest, error);
 
-      // Verify withContext was called with the expected context
+      // Verify withContext was called with the expected context including method and path
       expect(withContextMock).toHaveBeenCalledWith({
         correlationId: "123",
+        method: "POST",
+        path: "/api/v2/management/surveys",
         error,
       });
 
@@ -275,6 +277,8 @@ describe("utils", () => {
       // Verify withContext was called with the expected context
       expect(withContextMock).toHaveBeenCalledWith({
         correlationId: "",
+        method: "GET",
+        path: "/api/test",
         error,
       });
 
@@ -285,7 +289,7 @@ describe("utils", () => {
       logger.withContext = originalWithContext;
     });
 
-    test("log API error details with SENTRY_DSN set", () => {
+    test("log API error details with SENTRY_DSN set includes method and path tags", () => {
       // Mock the withContext method and its returned error method
       const errorMock = vi.fn();
       const withContextMock = vi.fn().mockReturnValue({
@@ -295,11 +299,23 @@ describe("utils", () => {
       // Mock Sentry's captureException method
       vi.mocked(Sentry.captureException).mockImplementation((() => {}) as any);
 
+      // Capture the scope mock for tag verification
+      const scopeSetTagMock = vi.fn();
+      vi.mocked(Sentry.withScope).mockImplementation((callback: (scope: any) => void) => {
+        const mockScope = {
+          setTag: scopeSetTagMock,
+          setContext: vi.fn(),
+          setLevel: vi.fn(),
+          setExtra: vi.fn(),
+        };
+        callback(mockScope);
+      });
+
       // Replace the original withContext with our mock
       const originalWithContext = logger.withContext;
       logger.withContext = withContextMock;
 
-      const mockRequest = new Request("http://localhost/api/test");
+      const mockRequest = new Request("http://localhost/api/v2/management/surveys", { method: "DELETE" });
       mockRequest.headers.set("x-request-id", "123");
 
       const error: ApiErrorResponseV2 = {
@@ -309,20 +325,60 @@ describe("utils", () => {
 
       logApiError(mockRequest, error);
 
-      // Verify withContext was called with the expected context
+      // Verify withContext was called with the expected context including method and path
       expect(withContextMock).toHaveBeenCalledWith({
         correlationId: "123",
+        method: "DELETE",
+        path: "/api/v2/management/surveys",
         error,
       });
 
       // Verify error was called on the child logger
       expect(errorMock).toHaveBeenCalledWith("API V2 Error Details");
 
+      // Verify Sentry scope tags include method and path
+      expect(scopeSetTagMock).toHaveBeenCalledWith("correlationId", "123");
+      expect(scopeSetTagMock).toHaveBeenCalledWith("method", "DELETE");
+      expect(scopeSetTagMock).toHaveBeenCalledWith("path", "/api/v2/management/surveys");
+
       // Verify Sentry.captureException was called
       expect(Sentry.captureException).toHaveBeenCalled();
 
       // Restore the original method
       logger.withContext = originalWithContext;
     });
+
+    test("does not send to Sentry for non-internal_server_error types", () => {
+      // Mock the withContext method and its returned error method
+      const errorMock = vi.fn();
+      const withContextMock = vi.fn().mockReturnValue({
+        error: errorMock,
+      });
+
+      vi.mocked(Sentry.captureException).mockClear();
+
+      // Replace the original withContext with our mock
+      const originalWithContext = logger.withContext;
+      logger.withContext = withContextMock;
+
+      const mockRequest = new Request("http://localhost/api/v2/management/surveys");
+      mockRequest.headers.set("x-request-id", "456");
+
+      const error: ApiErrorResponseV2 = {
+        type: "not_found",
+        details: [{ field: "survey", issue: "not found" }],
+      };
+
+      logApiError(mockRequest, error);
+
+      // Verify Sentry.captureException was NOT called for non-500 errors
+      expect(Sentry.captureException).not.toHaveBeenCalled();
+
+      // But structured logging should still happen
+      expect(errorMock).toHaveBeenCalledWith("API V2 Error Details");
+
+      // Restore the original method
+      logger.withContext = originalWithContext;
+    });
   });
 });

apps/web/modules/api/v2/lib/utils-edge.ts

@@ -6,13 +6,18 @@ import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
 
 export const logApiErrorEdge = (request: Request, error: ApiErrorResponseV2): void => {
   const correlationId = request.headers.get("x-request-id") ?? "";
+  const method = request.method;
+  const url = new URL(request.url);
+  const path = url.pathname;
 
   // Send the error to Sentry if the DSN is set and the error type is internal_server_error
   // This is useful for tracking down issues without overloading Sentry with errors
   if (SENTRY_DSN && IS_PRODUCTION && error.type === "internal_server_error") {
-    // Use Sentry scope to add correlation ID as a tag for easy filtering
+    // Use Sentry scope to add correlation ID and request context as tags for easy filtering
     Sentry.withScope((scope) => {
       scope.setTag("correlationId", correlationId);
+      scope.setTag("method", method);
+      scope.setTag("path", path);
       scope.setLevel("error");
 
       scope.setExtra("originalError", error);
@@ -24,6 +29,8 @@ export const logApiErrorEdge = (request: Request, error: ApiErrorResponseV2): vo
   logger
     .withContext({
       correlationId,
+      method,
+      path,
       error,
     })
     .error("API V2 Error Details");

apps/web/modules/auth/forgot-password/reset/components/reset-password-form.tsx

@@ -2,6 +2,7 @@
 
 import { zodResolver } from "@hookform/resolvers/zod";
 import { useRouter, useSearchParams } from "next/navigation";
+import { useEffect, useState } from "react";
 import { SubmitHandler, useForm } from "react-hook-form";
 import { toast } from "react-hot-toast";
 import { useTranslation } from "react-i18next";
@@ -33,6 +34,7 @@ export const ResetPasswordForm = () => {
   const { t } = useTranslation();
   const searchParams = useSearchParams();
   const router = useRouter();
+  const [token, setToken] = useState("");
 
   const form = useForm<TPasswordResetForm>({
     defaultValues: {
@@ -42,12 +44,24 @@ export const ResetPasswordForm = () => {
     resolver: zodResolver(ZPasswordResetForm),
   });
 
+  useEffect(() => {
+    const resetToken = searchParams?.get("token");
+    if (!resetToken) {
+      return;
+    }
+
+    setToken((currentToken) => currentToken || resetToken);
+
+    // Remove the token from the address bar after the page has loaded.
+    const sanitizedUrl = `${window.location.pathname}${window.location.hash}`;
+    window.history.replaceState(window.history.state, "", sanitizedUrl);
+  }, [searchParams]);
+
   const handleSubmit: SubmitHandler<TPasswordResetForm> = async (data) => {
     if (data.password !== data.confirmPassword) {
       toast.error(t("auth.forgot-password.reset.passwords_do_not_match"));
       return;
     }
-    const token = searchParams?.get("token");
     if (!token) {
       toast.error(t("auth.forgot-password.reset.no_token_provided"));
       return;
@@ -94,7 +108,7 @@ export const ResetPasswordForm = () => {
         <div>
           <Button
             type="submit"
-            disabled={!form.formState.isValid}
+            disabled={!form.formState.isValid || !token}
             className="w-full justify-center"
             loading={form.formState.isSubmitting}>
             {t("auth.forgot-password.reset_password")}

apps/web/modules/ee/contacts/segments/actions.ts

@@ -97,14 +97,13 @@ export const createSegmentAction = authenticatedActionClient.inputSchema(ZSegmen
 );
 
 const ZUpdateSegmentAction = z.object({
-  environmentId: ZId,
   segmentId: ZId,
   data: ZSegmentUpdateInput,
 });
 
 export const updateSegmentAction = authenticatedActionClient.inputSchema(ZUpdateSegmentAction).action(
   withAuditLogging("updated", "segment", async ({ ctx, parsedInput }) => {
-    const organizationId = await getOrganizationIdFromEnvironmentId(parsedInput.environmentId);
+    const organizationId = await getOrganizationIdFromSegmentId(parsedInput.segmentId);
     await checkAuthorizationUpdated({
       userId: ctx.user.id,
       organizationId,

apps/web/modules/ee/contacts/segments/components/edit-segment-modal.tsx

@@ -4,7 +4,7 @@ import { UsersIcon } from "lucide-react";
 import { useEffect, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { TContactAttributeKey } from "@formbricks/types/contact-attribute-key";
-import { TSegment, TSegmentWithSurveyRefs } from "@formbricks/types/segment";
+import { TSegment, TSegmentWithSurveyNames } from "@formbricks/types/segment";
 import { SegmentSettings } from "@/modules/ee/contacts/segments/components/segment-settings";
 import {
   Dialog,
@@ -15,63 +15,23 @@ import {
   DialogTitle,
 } from "@/modules/ui/components/dialog";
 import { SegmentActivityTab } from "./segment-activity-tab";
-import { TSegmentActivitySummary } from "./segment-activity-utils";
 
 interface EditSegmentModalProps {
   environmentId: string;
   open: boolean;
   setOpen: (open: boolean) => void;
-  currentSegment: TSegmentWithSurveyRefs;
-  activitySummary: TSegmentActivitySummary;
+  currentSegment: TSegmentWithSurveyNames;
   segments: TSegment[];
   contactAttributeKeys: TContactAttributeKey[];
   isContactsEnabled: boolean;
   isReadOnly: boolean;
 }
 
-const SegmentSettingsTab = ({
-  activitySummary,
-  contactAttributeKeys,
-  currentSegment,
-  environmentId,
-  isContactsEnabled,
-  isReadOnly,
-  segments,
-  setOpen,
-}: Pick<
-  EditSegmentModalProps,
-  | "activitySummary"
-  | "contactAttributeKeys"
-  | "currentSegment"
-  | "environmentId"
-  | "isContactsEnabled"
-  | "isReadOnly"
-  | "segments"
-  | "setOpen"
->) => {
-  if (!isContactsEnabled) {
-    return null;
-  }
-
-  return (
-    <SegmentSettings
-      activitySummary={activitySummary}
-      contactAttributeKeys={contactAttributeKeys}
-      environmentId={environmentId}
-      initialSegment={currentSegment}
-      segments={segments}
-      setOpen={setOpen}
-      isReadOnly={isReadOnly}
-    />
-  );
-};
-
 export const EditSegmentModal = ({
   environmentId,
   open,
   setOpen,
   currentSegment,
-  activitySummary,
   contactAttributeKeys,
   segments,
   isContactsEnabled,
@@ -80,25 +40,31 @@ export const EditSegmentModal = ({
   const { t } = useTranslation();
   const [activeTab, setActiveTab] = useState(0);
 
+  const SettingsTab = () => {
+    if (isContactsEnabled) {
+      return (
+        <SegmentSettings
+          contactAttributeKeys={contactAttributeKeys}
+          environmentId={environmentId}
+          initialSegment={currentSegment}
+          segments={segments}
+          setOpen={setOpen}
+          isReadOnly={isReadOnly}
+        />
+      );
+    }
+
+    return null;
+  };
+
   const tabs = [
     {
       title: t("common.activity"),
-      children: <SegmentActivityTab currentSegment={currentSegment} activitySummary={activitySummary} />,
+      children: <SegmentActivityTab currentSegment={currentSegment} />,
     },
     {
       title: t("common.settings"),
-      children: (
-        <SegmentSettingsTab
-          activitySummary={activitySummary}
-          contactAttributeKeys={contactAttributeKeys}
-          currentSegment={currentSegment}
-          environmentId={environmentId}
-          isContactsEnabled={isContactsEnabled}
-          isReadOnly={isReadOnly}
-          segments={segments}
-          setOpen={setOpen}
-        />
-      ),
+      children: <SettingsTab />,
     },
   ];
 

apps/web/modules/ee/contacts/segments/components/segment-activity-tab.tsx

@@ -1,20 +1,19 @@
 "use client";
 
 import { useTranslation } from "react-i18next";
-import { TSegmentWithSurveyRefs } from "@formbricks/types/segment";
+import { TSegmentWithSurveyNames } from "@formbricks/types/segment";
 import { convertDateTimeStringShort } from "@/lib/time";
 import { IdBadge } from "@/modules/ui/components/id-badge";
 import { Label } from "@/modules/ui/components/label";
-import { TSegmentActivitySummary } from "./segment-activity-utils";
 
 interface SegmentActivityTabProps {
-  currentSegment: TSegmentWithSurveyRefs;
-  activitySummary: TSegmentActivitySummary;
+  currentSegment: TSegmentWithSurveyNames;
 }
 
-export const SegmentActivityTab = ({ currentSegment, activitySummary }: SegmentActivityTabProps) => {
+export const SegmentActivityTab = ({ currentSegment }: SegmentActivityTabProps) => {
   const { t } = useTranslation();
-  const { activeSurveys, inactiveSurveys } = activitySummary;
+
+  const { activeSurveys, inactiveSurveys } = currentSegment;
 
   return (
     <div className="grid grid-cols-3 pb-2">
@@ -23,20 +22,20 @@ export const SegmentActivityTab = ({ currentSegment, activitySummary }: SegmentA
           <Label className="text-slate-500">{t("common.active_surveys")}</Label>
           {!activeSurveys?.length && <p className="text-sm text-slate-900">-</p>}
 
-          {activeSurveys?.map((surveyName) => (
-            <div className="py-0.5" key={surveyName}>
-              <p className="text-sm text-slate-900">{surveyName}</p>
-            </div>
+          {activeSurveys?.map((survey, index) => (
+            <p className="text-sm text-slate-900" key={index + survey}>
+              {survey}
+            </p>
           ))}
         </div>
         <div>
           <Label className="text-slate-500">{t("common.inactive_surveys")}</Label>
           {!inactiveSurveys?.length && <p className="text-sm text-slate-900">-</p>}
 
-          {inactiveSurveys?.map((surveyName) => (
-            <div className="py-0.5" key={surveyName}>
-              <p className="text-sm text-slate-900">{surveyName}</p>
-            </div>
+          {inactiveSurveys?.map((survey, index) => (
+            <p className="text-sm text-slate-900" key={index + survey}>
+              {survey}
+            </p>
           ))}
         </div>
       </div>

apps/web/modules/ee/contacts/segments/components/segment-activity-utils.ts

@@ -1,99 +0,0 @@
-import { TBaseFilters, TSegmentWithSurveyRefs } from "@formbricks/types/segment";
-import { TSurvey } from "@formbricks/types/surveys/types";
-
-type TSurveySummary = Pick<TSurvey, "id" | "name" | "status">;
-type TReferencingSegmentSurveyGroup = {
-  segmentId: string;
-  segmentTitle: string;
-  surveys: TSurveySummary[];
-};
-
-export type TSegmentActivitySummary = {
-  activeSurveys: string[];
-  inactiveSurveys: string[];
-};
-
-export const doesSegmentReferenceSegment = (filters: TBaseFilters, targetSegmentId: string): boolean => {
-  for (const filter of filters) {
-    const { resource } = filter;
-
-    if (Array.isArray(resource)) {
-      if (doesSegmentReferenceSegment(resource, targetSegmentId)) {
-        return true;
-      }
-      continue;
-    }
-
-    if (resource.root.type === "segment" && resource.root.segmentId === targetSegmentId) {
-      return true;
-    }
-  }
-
-  return false;
-};
-
-export const getReferencingSegments = (
-  segments: TSegmentWithSurveyRefs[],
-  targetSegmentId: string
-): TSegmentWithSurveyRefs[] =>
-  segments.filter(
-    (segment) =>
-      segment.id !== targetSegmentId && doesSegmentReferenceSegment(segment.filters, targetSegmentId)
-  );
-
-export const buildSegmentActivitySummary = (
-  directSurveys: TSurveySummary[],
-  indirectSurveyGroups: TReferencingSegmentSurveyGroup[]
-): TSegmentActivitySummary => {
-  const surveyMap = new Map<string, TSurveySummary>();
-
-  for (const survey of directSurveys) {
-    surveyMap.set(survey.id, survey);
-  }
-
-  for (const segment of indirectSurveyGroups) {
-    for (const survey of segment.surveys) {
-      if (!surveyMap.has(survey.id)) {
-        surveyMap.set(survey.id, survey);
-      }
-    }
-  }
-
-  const surveys = Array.from(surveyMap.values());
-
-  return {
-    activeSurveys: surveys.filter((survey) => survey.status === "inProgress").map((survey) => survey.name),
-    inactiveSurveys: surveys
-      .filter((survey) => survey.status === "draft" || survey.status === "paused")
-      .map((survey) => survey.name),
-  };
-};
-
-export const buildSegmentActivitySummaryFromSegments = (
-  currentSegment: TSegmentWithSurveyRefs,
-  segments: TSegmentWithSurveyRefs[]
-): TSegmentActivitySummary => {
-  const activeSurveyMap = new Map(currentSegment.activeSurveys.map((s) => [s.id, s.name]));
-  const inactiveSurveyMap = new Map(currentSegment.inactiveSurveys.map((s) => [s.id, s.name]));
-  const allDirectIds = new Set([...activeSurveyMap.keys(), ...inactiveSurveyMap.keys()]);
-
-  const referencingSegments = getReferencingSegments(segments, currentSegment.id);
-  for (const segment of referencingSegments) {
-    for (const survey of segment.activeSurveys) {
-      if (!allDirectIds.has(survey.id) && !activeSurveyMap.has(survey.id)) {
-        activeSurveyMap.set(survey.id, survey.name);
-      }
-    }
-
-    for (const survey of segment.inactiveSurveys) {
-      if (!allDirectIds.has(survey.id) && !inactiveSurveyMap.has(survey.id)) {
-        inactiveSurveyMap.set(survey.id, survey.name);
-      }
-    }
-  }
-
-  return {
-    activeSurveys: Array.from(activeSurveyMap.values()),
-    inactiveSurveys: Array.from(inactiveSurveyMap.values()),
-  };
-};

apps/web/modules/ee/contacts/segments/components/segment-settings.tsx

@@ -6,7 +6,7 @@ import { type Dispatch, type SetStateAction, useMemo, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
 import { TContactAttributeKey } from "@formbricks/types/contact-attribute-key";
-import type { TBaseFilter, TSegment, TSegmentWithSurveyRefs } from "@formbricks/types/segment";
+import type { TBaseFilter, TSegment, TSegmentWithSurveyNames } from "@formbricks/types/segment";
 import { ZSegmentFilters } from "@formbricks/types/segment";
 import { cn } from "@/lib/cn";
 import { structuredClone } from "@/lib/pollyfills/structuredClone";
@@ -16,21 +16,18 @@ import { Button } from "@/modules/ui/components/button";
 import { ConfirmDeleteSegmentModal } from "@/modules/ui/components/confirm-delete-segment-modal";
 import { Input } from "@/modules/ui/components/input";
 import { AddFilterModal } from "./add-filter-modal";
-import { TSegmentActivitySummary } from "./segment-activity-utils";
 import { SegmentEditor } from "./segment-editor";
 
 interface TSegmentSettingsTabProps {
-  activitySummary: TSegmentActivitySummary;
   environmentId: string;
   setOpen: (open: boolean) => void;
-  initialSegment: TSegmentWithSurveyRefs;
+  initialSegment: TSegmentWithSurveyNames;
   segments: TSegment[];
   contactAttributeKeys: TContactAttributeKey[];
   isReadOnly: boolean;
 }
 
 export function SegmentSettings({
-  activitySummary,
   environmentId,
   initialSegment,
   setOpen,
@@ -41,7 +38,7 @@ export function SegmentSettings({
   const router = useRouter();
   const { t } = useTranslation();
   const [addFilterModalOpen, setAddFilterModalOpen] = useState(false);
-  const [segment, setSegment] = useState<TSegmentWithSurveyRefs>(initialSegment);
+  const [segment, setSegment] = useState<TSegmentWithSurveyNames>(initialSegment);
 
   const [isUpdatingSegment, setIsUpdatingSegment] = useState(false);
   const [isDeletingSegment, setIsDeletingSegment] = useState(false);
@@ -78,7 +75,6 @@ export function SegmentSettings({
     try {
       setIsUpdatingSegment(true);
       const data = await updateSegmentAction({
-        environmentId,
         segmentId: segment.id,
         data: {
           title: segment.title,
@@ -260,9 +256,9 @@ export function SegmentSettings({
 
             {isDeleteSegmentModalOpen ? (
               <ConfirmDeleteSegmentModal
-                activitySummary={activitySummary}
                 onDelete={handleDeleteSegment}
                 open={isDeleteSegmentModalOpen}
+                segment={initialSegment}
                 setOpen={setIsDeleteSegmentModalOpen}
               />
             ) : null}

apps/web/modules/ee/contacts/segments/components/segment-table-columns.tsx

@@ -4,10 +4,10 @@ import { ColumnDef } from "@tanstack/react-table";
 import { format, formatDistanceToNow } from "date-fns";
 import { TFunction } from "i18next";
 import { UsersIcon } from "lucide-react";
-import { TSegmentWithSurveyRefs } from "@formbricks/types/segment";
+import { TSegmentWithSurveyNames } from "@formbricks/types/segment";
 
-export const generateSegmentTableColumns = (t: TFunction): ColumnDef<TSegmentWithSurveyRefs>[] => {
-  const titleColumn: ColumnDef<TSegmentWithSurveyRefs> = {
+export const generateSegmentTableColumns = (t: TFunction): ColumnDef<TSegmentWithSurveyNames>[] => {
+  const titleColumn: ColumnDef<TSegmentWithSurveyNames> = {
     id: "title",
     accessorKey: "title",
     header: t("common.title"),
@@ -28,7 +28,7 @@ export const generateSegmentTableColumns = (t: TFunction): ColumnDef<TSegmentWit
     },
   };
 
-  const updatedAtColumn: ColumnDef<TSegmentWithSurveyRefs> = {
+  const updatedAtColumn: ColumnDef<TSegmentWithSurveyNames> = {
     id: "updatedAt",
     accessorKey: "updatedAt",
     header: t("common.updated_at"),
@@ -41,7 +41,7 @@ export const generateSegmentTableColumns = (t: TFunction): ColumnDef<TSegmentWit
     },
   };
 
-  const createdAtColumn: ColumnDef<TSegmentWithSurveyRefs> = {
+  const createdAtColumn: ColumnDef<TSegmentWithSurveyNames> = {
     id: "createdAt",
     accessorKey: "createdAt",
     header: t("common.created_at"),

apps/web/modules/ee/contacts/segments/components/segment-table-data-row-container.tsx

@@ -0,0 +1,46 @@
+import { TContactAttributeKey } from "@formbricks/types/contact-attribute-key";
+import { TSegment } from "@formbricks/types/segment";
+import { getSurveysBySegmentId } from "@/lib/survey/service";
+import { SegmentTableDataRow } from "./segment-table-data-row";
+
+type TSegmentTableDataRowProps = {
+  currentSegment: TSegment;
+  segments: TSegment[];
+  contactAttributeKeys: TContactAttributeKey[];
+  isContactsEnabled: boolean;
+  isReadOnly: boolean;
+};
+
+export const SegmentTableDataRowContainer = async ({
+  currentSegment,
+  segments,
+  contactAttributeKeys,
+  isContactsEnabled,
+  isReadOnly,
+}: TSegmentTableDataRowProps) => {
+  const surveys = await getSurveysBySegmentId(currentSegment.id);
+
+  const activeSurveys = surveys?.length
+    ? surveys.filter((survey) => survey.status === "inProgress").map((survey) => survey.name)
+    : [];
+
+  const inactiveSurveys = surveys?.length
+    ? surveys.filter((survey) => ["draft", "paused"].includes(survey.status)).map((survey) => survey.name)
+    : [];
+
+  const filteredSegments = segments.filter((segment) => segment.id !== currentSegment.id);
+
+  return (
+    <SegmentTableDataRow
+      currentSegment={{
+        ...currentSegment,
+        activeSurveys,
+        inactiveSurveys,
+      }}
+      segments={filteredSegments}
+      contactAttributeKeys={contactAttributeKeys}
+      isContactsEnabled={isContactsEnabled}
+      isReadOnly={isReadOnly}
+    />
+  );
+};

apps/web/modules/ee/contacts/segments/components/segment-table-data-row.tsx

@@ -4,13 +4,11 @@ import { format, formatDistanceToNow } from "date-fns";
 import { UsersIcon } from "lucide-react";
 import { useState } from "react";
 import { TContactAttributeKey } from "@formbricks/types/contact-attribute-key";
-import { TSegment, TSegmentWithSurveyRefs } from "@formbricks/types/segment";
+import { TSegment, TSegmentWithSurveyNames } from "@formbricks/types/segment";
 import { EditSegmentModal } from "./edit-segment-modal";
-import { TSegmentActivitySummary } from "./segment-activity-utils";
 
 type TSegmentTableDataRowProps = {
-  currentSegment: TSegmentWithSurveyRefs;
-  activitySummary: TSegmentActivitySummary;
+  currentSegment: TSegmentWithSurveyNames;
   segments: TSegment[];
   contactAttributeKeys: TContactAttributeKey[];
   isContactsEnabled: boolean;
@@ -19,7 +17,6 @@ type TSegmentTableDataRowProps = {
 
 export const SegmentTableDataRow = ({
   currentSegment,
-  activitySummary,
   contactAttributeKeys,
   segments,
   isContactsEnabled,
@@ -65,7 +62,6 @@ export const SegmentTableDataRow = ({
         open={isEditSegmentModalOpen}
         setOpen={setIsEditSegmentModalOpen}
         currentSegment={currentSegment}
-        activitySummary={activitySummary}
         contactAttributeKeys={contactAttributeKeys}
         segments={segments}
         isContactsEnabled={isContactsEnabled}

apps/web/modules/ee/contacts/segments/components/segment-table.tsx

@@ -4,15 +4,13 @@ import { Header, getCoreRowModel, useReactTable } from "@tanstack/react-table";
 import { useMemo, useState } from "react";
 import { useTranslation } from "react-i18next";
 import { TContactAttributeKey } from "@formbricks/types/contact-attribute-key";
-import { TSegmentWithSurveyRefs } from "@formbricks/types/segment";
+import { TSegmentWithSurveyNames } from "@formbricks/types/segment";
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "@/modules/ui/components/table";
 import { EditSegmentModal } from "./edit-segment-modal";
-import { buildSegmentActivitySummaryFromSegments } from "./segment-activity-utils";
 import { generateSegmentTableColumns } from "./segment-table-columns";
 
 interface SegmentTableUpdatedProps {
-  segments: TSegmentWithSurveyRefs[];
-  allSegments: TSegmentWithSurveyRefs[];
+  segments: TSegmentWithSurveyNames[];
   contactAttributeKeys: TContactAttributeKey[];
   isContactsEnabled: boolean;
   isReadOnly: boolean;
@@ -20,17 +18,16 @@ interface SegmentTableUpdatedProps {
 
 export function SegmentTable({
   segments,
-  allSegments,
   contactAttributeKeys,
   isContactsEnabled,
   isReadOnly,
-}: Readonly<SegmentTableUpdatedProps>) {
+}: SegmentTableUpdatedProps) {
   const { t } = useTranslation();
-  const [editingSegment, setEditingSegment] = useState<TSegmentWithSurveyRefs | null>(null);
+  const [editingSegment, setEditingSegment] = useState<TSegmentWithSurveyNames | null>(null);
 
   const columns = useMemo(() => {
     return generateSegmentTableColumns(t);
-  }, [t]);
+  }, []);
 
   const table = useReactTable({
     data: segments,
@@ -38,7 +35,7 @@ export function SegmentTable({
     getCoreRowModel: getCoreRowModel(),
   });
 
-  const getHeader = (header: Header<TSegmentWithSurveyRefs, unknown>) => {
+  const getHeader = (header: Header<TSegmentWithSurveyNames, unknown>) => {
     if (header.isPlaceholder) {
       return null;
     }
@@ -139,7 +136,6 @@ export function SegmentTable({
           open={!!editingSegment}
           setOpen={(open) => !open && setEditingSegment(null)}
           currentSegment={editingSegment}
-          activitySummary={buildSegmentActivitySummaryFromSegments(editingSegment, allSegments)}
           contactAttributeKeys={contactAttributeKeys}
           segments={segments}
           isContactsEnabled={isContactsEnabled}

apps/web/modules/ee/contacts/segments/components/targeting-card.tsx

@@ -124,7 +124,7 @@ export function TargetingCard({
   };
 
   const handleSaveAsNewSegmentUpdate = async (segmentId: string, data: TSegmentUpdateInput) => {
-    const updatedSegment = await updateSegmentAction({ segmentId, environmentId, data });
+    const updatedSegment = await updateSegmentAction({ segmentId, data });
     return updatedSegment?.data as TSegment;
   };
 
@@ -136,7 +136,7 @@ export function TargetingCard({
   const handleSaveSegment = async (data: TSegmentUpdateInput) => {
     try {
       if (!segment) throw new Error(t("environments.segments.invalid_segment"));
-      const result = await updateSegmentAction({ segmentId: segment.id, environmentId, data });
+      const result = await updateSegmentAction({ segmentId: segment.id, data });
       if (result?.serverError) {
         toast.error(getFormattedErrorMessage(result));
         return;

apps/web/modules/ee/contacts/segments/lib/filter/prisma-query.test.ts

@@ -1,6 +1,6 @@
 import { Prisma } from "@prisma/client";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { TBaseFilters, TSegmentWithSurveyRefs } from "@formbricks/types/segment";
+import { TBaseFilters, TSegmentWithSurveyNames } from "@formbricks/types/segment";
 import { getSegment } from "../segments";
 import { segmentFilterToPrismaQuery } from "./prisma-query";
 
@@ -270,7 +270,7 @@ describe("segmentFilterToPrismaQuery", () => {
     ];
 
     // Mock the getSegment function to return a segment with filters
-    const mockSegment: TSegmentWithSurveyRefs = {
+    const mockSegment: TSegmentWithSurveyNames = {
       id: nestedSegmentId,
       filters: nestedFilters,
       environmentId: mockEnvironmentId,
@@ -336,7 +336,7 @@ describe("segmentFilterToPrismaQuery", () => {
 
     // Mock getSegment to return null for the non-existent segment
     vi.mocked(getSegment).mockResolvedValueOnce(mockSegment);
-    vi.mocked(getSegment).mockResolvedValueOnce(null as unknown as TSegmentWithSurveyRefs);
+    vi.mocked(getSegment).mockResolvedValueOnce(null as unknown as TSegmentWithSurveyNames);
 
     const result = await segmentFilterToPrismaQuery(mockSegmentId, filters, mockEnvironmentId);
 
@@ -426,7 +426,7 @@ describe("segmentFilterToPrismaQuery", () => {
     ];
 
     // Mock the getSegment function to return a segment with filters
-    const mockSegment: TSegmentWithSurveyRefs = {
+    const mockSegment: TSegmentWithSurveyNames = {
       id: nestedSegmentId,
       filters: nestedFilters,
       environmentId: mockEnvironmentId,
@@ -490,7 +490,7 @@ describe("segmentFilterToPrismaQuery", () => {
 
   test("handle circular references in segment filters", async () => {
     // Mock getSegment to simulate a circular reference
-    const circularSegment: TSegmentWithSurveyRefs = {
+    const circularSegment: TSegmentWithSurveyNames = {
       id: mockSegmentId, // Same ID creates the circular reference
       filters: [
         {
@@ -550,7 +550,7 @@ describe("segmentFilterToPrismaQuery", () => {
   test("handle missing segments in segment filters", async () => {
     const nestedSegmentId = "segment-missing-123";
 
-    vi.mocked(getSegment).mockResolvedValue(null as unknown as TSegmentWithSurveyRefs);
+    vi.mocked(getSegment).mockResolvedValue(null as unknown as TSegmentWithSurveyNames);
 
     const filters: TBaseFilters = [
       {
@@ -599,7 +599,7 @@ describe("segmentFilterToPrismaQuery", () => {
     ];
 
     // Mock the nested segment
-    const mockNestedSegment: TSegmentWithSurveyRefs = {
+    const mockNestedSegment: TSegmentWithSurveyNames = {
       id: nestedSegmentId,
       filters: nestedFilters,
       environmentId: mockEnvironmentId,
@@ -890,7 +890,7 @@ describe("segmentFilterToPrismaQuery", () => {
     ];
 
     // Set up the mocks
-    const mockCircularSegment: TSegmentWithSurveyRefs = {
+    const mockCircularSegment: TSegmentWithSurveyNames = {
       id: circularSegmentId,
       filters: circularFilters,
       environmentId: mockEnvironmentId,
@@ -904,7 +904,7 @@ describe("segmentFilterToPrismaQuery", () => {
       inactiveSurveys: [],
     };
 
-    const mockSecondSegment: TSegmentWithSurveyRefs = {
+    const mockSecondSegment: TSegmentWithSurveyNames = {
       id: secondSegmentId,
       filters: secondFilters,
       environmentId: mockEnvironmentId,
@@ -922,7 +922,7 @@ describe("segmentFilterToPrismaQuery", () => {
     vi.mocked(getSegment)
       .mockResolvedValueOnce(mockCircularSegment) // First call for circularSegmentId
       .mockResolvedValueOnce(mockSecondSegment) // Third call for secondSegmentId
-      .mockResolvedValueOnce(null as unknown as TSegmentWithSurveyRefs); // Fourth call for non-existent-segment
+      .mockResolvedValueOnce(null as unknown as TSegmentWithSurveyNames); // Fourth call for non-existent-segment
 
     // Complex filters with mixed error conditions
     const filters: TBaseFilters = [

apps/web/modules/ee/contacts/segments/lib/filter/prisma-query.ts

@@ -361,7 +361,7 @@ const buildSegmentFilterWhereClause = async (
   environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
-  const { root, qualifier } = filter;
+  const { root } = filter;
   const { segmentId } = root;
 
   if (segmentPath.has(segmentId)) {
@@ -382,22 +382,7 @@ const buildSegmentFilterWhereClause = async (
   const newPath = new Set(segmentPath);
   newPath.add(segmentId);
 
-  const nestedWhereClause = await processFilters(segment.filters, newPath, environmentId, deviceType);
-  const hasNestedConditions = Object.keys(nestedWhereClause).length > 0;
-
-  if (qualifier.operator === "userIsIn") {
-    return nestedWhereClause;
-  }
-
-  if (qualifier.operator === "userIsNotIn") {
-    if (!hasNestedConditions) {
-      return { id: "__SEGMENT_FILTER_NO_MATCH__" };
-    }
-
-    return { NOT: nestedWhereClause };
-  }
-
-  return {};
+  return processFilters(segment.filters, newPath, environmentId, deviceType);
 };
 
 /**

apps/web/modules/ee/contacts/segments/lib/helper.test.ts

@@ -1,6 +1,6 @@
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { InvalidInputError } from "@formbricks/types/errors";
-import { TBaseFilters, TSegmentWithSurveyRefs } from "@formbricks/types/segment";
+import { TBaseFilters, TSegmentWithSurveyNames } from "@formbricks/types/segment";
 import { checkForRecursiveSegmentFilter } from "@/modules/ee/contacts/segments/lib/helper";
 import { getSegment } from "@/modules/ee/contacts/segments/lib/segments";
 
@@ -77,7 +77,7 @@ describe("checkForRecursiveSegmentFilter", () => {
       ],
     };
 
-    vi.mocked(getSegment).mockResolvedValue(referencedSegment as unknown as TSegmentWithSurveyRefs);
+    vi.mocked(getSegment).mockResolvedValue(referencedSegment as unknown as TSegmentWithSurveyNames);
 
     // Act & Assert
     // The function should complete without throwing an error

apps/web/modules/ee/contacts/segments/lib/segments.test.ts

@@ -8,7 +8,7 @@ import {
   TEvaluateSegmentUserData,
   TSegmentCreateInput,
   TSegmentUpdateInput,
-  TSegmentWithSurveyRefs,
+  TSegmentWithSurveyNames,
 } from "@formbricks/types/segment";
 import { getSurvey } from "@/lib/survey/service";
 import { validateInputs } from "@/lib/utils/validate";
@@ -79,10 +79,10 @@ const mockSegmentPrisma = {
   surveys: [{ id: surveyId, name: "Test Survey", status: "inProgress" }],
 };
 
-const mockSegment: TSegmentWithSurveyRefs = {
+const mockSegment: TSegmentWithSurveyNames = {
   ...mockSegmentPrisma,
   surveys: [surveyId],
-  activeSurveys: [{ id: surveyId, name: "Test Survey" }],
+  activeSurveys: ["Test Survey"],
   inactiveSurveys: [],
 };
 
@@ -287,7 +287,7 @@ describe("Segment Service Tests", () => {
       ...mockSegment,
       id: clonedSegmentId,
       title: "Copy of Test Segment (1)",
-      activeSurveys: [{ id: surveyId, name: "Test Survey" }],
+      activeSurveys: ["Test Survey"],
       inactiveSurveys: [],
     };
 
@@ -327,7 +327,7 @@ describe("Segment Service Tests", () => {
       const clonedSegment2 = {
         ...clonedSegment,
         title: "Copy of Test Segment (2)",
-        activeSurveys: [{ id: surveyId, name: "Test Survey" }],
+        activeSurveys: ["Test Survey"],
         inactiveSurveys: [],
       };
 
@@ -415,7 +415,7 @@ describe("Segment Service Tests", () => {
       title: surveyId,
       isPrivate: true,
       filters: [],
-      activeSurveys: [{ id: surveyId, name: "Test Survey" }],
+      activeSurveys: ["Test Survey"],
       inactiveSurveys: [],
     };
 
@@ -487,7 +487,7 @@ describe("Segment Service Tests", () => {
     const updatedSegment = {
       ...mockSegment,
       title: "Updated Segment",
-      activeSurveys: [{ id: surveyId, name: "Test Survey" }],
+      activeSurveys: ["Test Survey"],
       inactiveSurveys: [],
     };
     const updateData: TSegmentUpdateInput = { title: "Updated Segment" };
@@ -531,7 +531,7 @@ describe("Segment Service Tests", () => {
         ...updatedSegment,
         surveys: [newSurveyId],
         activeSurveys: [],
-        inactiveSurveys: [{ id: newSurveyId, name: "New Survey" }],
+        inactiveSurveys: ["New Survey"],
       };
 
       vi.mocked(prisma.segment.update).mockResolvedValue(updatedSegmentPrismaWithSurvey);

apps/web/modules/ee/contacts/segments/lib/segments.ts

@@ -25,7 +25,7 @@ import {
   TSegmentPersonFilter,
   TSegmentSegmentFilter,
   TSegmentUpdateInput,
-  TSegmentWithSurveyRefs,
+  TSegmentWithSurveyNames,
   ZRelativeDateValue,
   ZSegmentCreateInput,
   ZSegmentFilters,
@@ -66,14 +66,14 @@ export const selectSegment = {
   },
 } satisfies Prisma.SegmentSelect;
 
-export const transformPrismaSegment = (segment: PrismaSegment): TSegmentWithSurveyRefs => {
+export const transformPrismaSegment = (segment: PrismaSegment): TSegmentWithSurveyNames => {
   const activeSurveys = segment.surveys
     .filter((survey) => survey.status === "inProgress")
-    .map((survey) => ({ id: survey.id, name: survey.name }));
+    .map((survey) => survey.name);
 
   const inactiveSurveys = segment.surveys
     .filter((survey) => survey.status !== "inProgress")
-    .map((survey) => ({ id: survey.id, name: survey.name }));
+    .map((survey) => survey.name);
 
   return {
     ...segment,
@@ -83,7 +83,7 @@ export const transformPrismaSegment = (segment: PrismaSegment): TSegmentWithSurv
   };
 };
 
-export const getSegment = reactCache(async (segmentId: string): Promise<TSegmentWithSurveyRefs> => {
+export const getSegment = reactCache(async (segmentId: string): Promise<TSegmentWithSurveyNames> => {
   validateInputs([segmentId, ZId]);
   try {
     const segment = await prisma.segment.findUnique({
@@ -107,7 +107,7 @@ export const getSegment = reactCache(async (segmentId: string): Promise<TSegment
   }
 });
 
-export const getSegments = reactCache(async (environmentId: string): Promise<TSegmentWithSurveyRefs[]> => {
+export const getSegments = reactCache(async (environmentId: string): Promise<TSegmentWithSurveyNames[]> => {
   validateInputs([environmentId, ZId]);
   try {
     const segments = await prisma.segment.findMany({

apps/web/modules/ee/contacts/segments/page.tsx

@@ -47,7 +47,6 @@ export const SegmentsPage = async ({
       upgradePromptTitle={t("environments.segments.unlock_segments_title")}
       upgradePromptDescription={t("environments.segments.unlock_segments_description")}>
       <SegmentTable
-        allSegments={segments}
         segments={filteredSegments}
         contactAttributeKeys={contactAttributeKeys}
         isContactsEnabled={isContactsEnabled}

apps/web/modules/ee/quotas/actions.ts

@@ -21,7 +21,6 @@ import { getOrganizationBilling } from "@/modules/survey/lib/survey";
 
 const ZDeleteQuotaAction = z.object({
   quotaId: ZId,
-  surveyId: ZId,
 });
 
 const checkQuotasEnabled = async (organizationId: string) => {
@@ -37,7 +36,7 @@ const checkQuotasEnabled = async (organizationId: string) => {
 
 export const deleteQuotaAction = authenticatedActionClient.inputSchema(ZDeleteQuotaAction).action(
   withAuditLogging("deleted", "quota", async ({ ctx, parsedInput }) => {
-    const organizationId = await getOrganizationIdFromSurveyId(parsedInput.surveyId);
+    const organizationId = await getOrganizationIdFromQuotaId(parsedInput.quotaId);
     await checkQuotasEnabled(organizationId);
     await checkAuthorizationUpdated({
       userId: ctx.user.id,
@@ -49,7 +48,7 @@ export const deleteQuotaAction = authenticatedActionClient.inputSchema(ZDeleteQu
         },
         {
           type: "projectTeam",
-          projectId: await getProjectIdFromSurveyId(parsedInput.surveyId),
+          projectId: await getProjectIdFromQuotaId(parsedInput.quotaId),
           minPermission: "readWrite",
         },
       ],
@@ -72,7 +71,7 @@ const ZUpdateQuotaAction = z.object({
 
 export const updateQuotaAction = authenticatedActionClient.inputSchema(ZUpdateQuotaAction).action(
   withAuditLogging("updated", "quota", async ({ ctx, parsedInput }) => {
-    const organizationId = await getOrganizationIdFromSurveyId(parsedInput.quota.surveyId);
+    const organizationId = await getOrganizationIdFromQuotaId(parsedInput.quotaId);
     await checkQuotasEnabled(organizationId);
     await checkAuthorizationUpdated({
       userId: ctx.user.id,
@@ -84,7 +83,7 @@ export const updateQuotaAction = authenticatedActionClient.inputSchema(ZUpdateQu
         },
         {
           type: "projectTeam",
-          projectId: await getProjectIdFromSurveyId(parsedInput.quota.surveyId),
+          projectId: await getProjectIdFromQuotaId(parsedInput.quotaId),
           minPermission: "readWrite",
         },
       ],

apps/web/modules/ee/quotas/components/quotas-card.tsx

@@ -85,7 +85,6 @@ export const QuotasCard = ({
     setIsDeletingQuota(true);
     const deleteQuotaActionResult = await deleteQuotaAction({
       quotaId: quotaId,
-      surveyId: localSurvey.id,
     });
     if (deleteQuotaActionResult?.data) {
       toast.success(t("environments.surveys.edit.quotas.quota_deleted_successfull_toast"));

apps/web/modules/ee/role-management/actions.ts

@@ -10,6 +10,7 @@ import { getUserManagementAccess } from "@/lib/membership/utils";
 import { getOrganization } from "@/lib/organization/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { getOrganizationIdFromInviteId } from "@/lib/utils/helper";
 import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { getAccessControlPermission } from "@/modules/ee/license-check/lib/utils";
 import { updateInvite } from "@/modules/ee/role-management/lib/invite";
@@ -31,7 +32,6 @@ export const checkRoleManagementPermission = async (organizationId: string) => {
 
 const ZUpdateInviteAction = z.object({
   inviteId: ZUuid,
-  organizationId: ZId,
   data: ZInviteUpdateInput,
 });
 
@@ -39,17 +39,16 @@ export type TUpdateInviteAction = z.infer<typeof ZUpdateInviteAction>;
 
 export const updateInviteAction = authenticatedActionClient.inputSchema(ZUpdateInviteAction).action(
   withAuditLogging("updated", "invite", async ({ ctx, parsedInput }) => {
-    const currentUserMembership = await getMembershipByUserIdOrganizationId(
-      ctx.user.id,
-      parsedInput.organizationId
-    );
+    const organizationId = await getOrganizationIdFromInviteId(parsedInput.inviteId);
+
+    const currentUserMembership = await getMembershipByUserIdOrganizationId(ctx.user.id, organizationId);
     if (!currentUserMembership) {
       throw new AuthenticationError("User not a member of this organization");
     }
 
     await checkAuthorizationUpdated({
       userId: ctx.user.id,
-      organizationId: parsedInput.organizationId,
+      organizationId,
       access: [
         {
           data: parsedInput.data,
@@ -68,9 +67,9 @@ export const updateInviteAction = authenticatedActionClient.inputSchema(ZUpdateI
       throw new OperationNotAllowedError("Managers can only invite members");
     }
 
-    await checkRoleManagementPermission(parsedInput.organizationId);
+    await checkRoleManagementPermission(organizationId);
 
-    ctx.auditLoggingCtx.organizationId = parsedInput.organizationId;
+    ctx.auditLoggingCtx.organizationId = organizationId;
     ctx.auditLoggingCtx.inviteId = parsedInput.inviteId;
     ctx.auditLoggingCtx.oldObject = { ...(await getInvite(parsedInput.inviteId)) };
 

apps/web/modules/ee/role-management/components/edit-membership-role.tsx

@@ -65,7 +65,7 @@ export function EditMembershipRole({
       }
 
       if (inviteId) {
-        await updateInviteAction({ inviteId: inviteId, organizationId, data: { role } });
+        await updateInviteAction({ inviteId: inviteId, data: { role } });
       }
     } catch (error) {
       toast.error(t("common.something_went_wrong_please_try_again"));

apps/web/modules/organization/settings/teams/actions.ts

@@ -27,14 +27,15 @@ import { deleteInvite, getInvite, inviteUser, refreshInviteExpiration, resendInv
 
 const ZDeleteInviteAction = z.object({
   inviteId: ZUuid,
-  organizationId: ZId,
 });
 
 export const deleteInviteAction = authenticatedActionClient.inputSchema(ZDeleteInviteAction).action(
   withAuditLogging("deleted", "invite", async ({ ctx, parsedInput }) => {
+    const organizationId = await getOrganizationIdFromInviteId(parsedInput.inviteId);
+
     await checkAuthorizationUpdated({
       userId: ctx.user.id,
-      organizationId: parsedInput.organizationId,
+      organizationId,
       access: [
         {
           type: "organization",
@@ -42,7 +43,7 @@ export const deleteInviteAction = authenticatedActionClient.inputSchema(ZDeleteI
         },
       ],
     });
-    ctx.auditLoggingCtx.organizationId = parsedInput.organizationId;
+    ctx.auditLoggingCtx.organizationId = organizationId;
     ctx.auditLoggingCtx.inviteId = parsedInput.inviteId;
     ctx.auditLoggingCtx.oldObject = { ...(await getInvite(parsedInput.inviteId)) };
     return await deleteInvite(parsedInput.inviteId);

apps/web/modules/organization/settings/teams/components/edit-memberships/member-actions.tsx

@@ -41,7 +41,7 @@ export const MemberActions = ({ organization, member, invite, showDeleteButton }
       if (!member && invite) {
         // This is an invite
 
-        const result = await deleteInviteAction({ inviteId: invite?.id, organizationId: organization.id });
+        const result = await deleteInviteAction({ inviteId: invite?.id });
         if (result?.serverError) {
           toast.error(getFormattedErrorMessage(result));
           setIsDeleting(false);

apps/web/modules/projects/settings/tags/loading.tsx

@@ -11,7 +11,7 @@ export const TagsLoading = () => {
   return (
     <PageContentWrapper>
       <PageHeader pageTitle={t("common.workspace_configuration")}>
-        <ProjectConfigNavigation activeId="tags" loading />
+        <ProjectConfigNavigation activeId="tags" />
       </PageHeader>
       <SettingsCard
         title={t("environments.workspace.tags.manage_tags")}

apps/web/modules/survey/editor/components/edit-welcome-card.tsx

@@ -129,10 +129,8 @@ export const EditWelcomeCard = ({
                 allowedFileExtensions={["png", "jpeg", "jpg", "webp", "heic"]}
                 environmentId={environmentId}
                 onFileUpload={(url: string[] | undefined, _fileType: "image" | "video") => {
-                  if (url?.length) {
+                  if (url?.[0]) {
                     updateSurvey({ fileUrl: url[0] });
-                  } else {
-                    updateSurvey({ fileUrl: undefined });
                   }
                 }}
                 fileUrl={localSurvey?.welcomeCard?.fileUrl}

apps/web/modules/ui/components/confirm-delete-segment-modal/index.tsx

@@ -2,7 +2,7 @@
 
 import React, { useMemo } from "react";
 import { useTranslation } from "react-i18next";
-import { TSegmentActivitySummary } from "@/modules/ee/contacts/segments/components/segment-activity-utils";
+import { TSegmentWithSurveyNames } from "@formbricks/types/segment";
 import { Button } from "@/modules/ui/components/button";
 import {
   Dialog,
@@ -15,16 +15,16 @@ import {
 } from "@/modules/ui/components/dialog";
 
 interface ConfirmDeleteSegmentModalProps {
-  activitySummary: TSegmentActivitySummary;
   open: boolean;
   setOpen: React.Dispatch<React.SetStateAction<boolean>>;
+  segment: TSegmentWithSurveyNames;
   onDelete: () => Promise<void>;
 }
 
 export const ConfirmDeleteSegmentModal = ({
-  activitySummary,
   onDelete,
   open,
+  segment,
   setOpen,
 }: ConfirmDeleteSegmentModalProps) => {
   const { t } = useTranslation();
@@ -32,9 +32,9 @@ export const ConfirmDeleteSegmentModal = ({
     await onDelete();
   };
 
-  const allSurveys = useMemo(() => {
-    return [...activitySummary.activeSurveys, ...activitySummary.inactiveSurveys];
-  }, [activitySummary.activeSurveys, activitySummary.inactiveSurveys]);
+  const segmentHasSurveys = useMemo(() => {
+    return segment.activeSurveys.length > 0 || segment.inactiveSurveys.length > 0;
+  }, [segment.activeSurveys.length, segment.inactiveSurveys.length]);
 
   return (
     <Dialog open={open} onOpenChange={setOpen}>
@@ -46,13 +46,16 @@ export const ConfirmDeleteSegmentModal = ({
           </DialogDescription>
         </DialogHeader>
 
-        {allSurveys.length > 0 && (
+        {segmentHasSurveys && (
           <DialogBody>
             <div className="space-y-2">
               <p>{t("environments.segments.cannot_delete_segment_used_in_surveys")}</p>
               <ol className="my-2 ml-4 list-decimal">
-                {allSurveys.map((surveyName) => (
-                  <li key={surveyName}>{surveyName}</li>
+                {segment.activeSurveys.map((survey) => (
+                  <li key={survey}>{survey}</li>
+                ))}
+                {segment.inactiveSurveys.map((survey) => (
+                  <li key={survey}>{survey}</li>
                 ))}
               </ol>
             </div>
@@ -66,7 +69,7 @@ export const ConfirmDeleteSegmentModal = ({
           <Button variant="secondary" onClick={() => setOpen(false)}>
             {t("common.cancel")}
           </Button>
-          <Button variant="destructive" onClick={handleDelete} disabled={allSurveys.length > 0}>
+          <Button variant="destructive" onClick={handleDelete} disabled={segmentHasSurveys}>
             {t("common.delete")}
           </Button>
         </DialogFooter>

apps/web/next.config.mjs

@@ -234,6 +234,15 @@ const nextConfig = {
           },
         ],
       },
+      {
+        source: "/auth/forgot-password/reset",
+        headers: [
+          {
+            key: "Referrer-Policy",
+            value: "no-referrer",
+          },
+        ],
+      },
       {
         source: "/js/(.*)",
         headers: [

apps/web/playwright/api/auth/security.spec.ts

@@ -8,27 +8,20 @@ test.describe("Authentication Security Tests - Vulnerability Prevention", () =>
   let csrfToken: string;
   let testUser: { email: string; password: string };
 
-  test.beforeEach(async ({ request, users }) => {
-    // Get CSRF token for authentication requests
-    const csrfResponse = await request.get("/api/auth/csrf");
-    const csrfData = await csrfResponse.json();
-    csrfToken = csrfData.csrfToken;
+  test("should disable referrers on the password reset page", async ({ request }) => {
+    const response = await request.get("/auth/forgot-password/reset?token=test-token");
 
-    // Create a test user for "existing user" scenarios with unique email
-    const uniqueId = Date.now() + Math.random();
-    const userName = "Security Test User";
-    const userEmail = `security-test-${uniqueId}@example.com`;
-    await users.create({
-      name: userName,
-      email: userEmail,
-    });
-    testUser = {
-      email: userEmail,
-      password: userName, // The fixture uses the name as password
-    };
+    expect(response.status()).toBe(200);
+    expect(response.headers()["referrer-policy"]).toBe("no-referrer");
   });
 
   test.describe("DoS Protection - Password Length Limits", () => {
+    test.beforeEach(async ({ request }) => {
+      const csrfResponse = await request.get("/api/auth/csrf");
+      const csrfData = await csrfResponse.json();
+      csrfToken = csrfData.csrfToken;
+    });
+
     test("should handle extremely long passwords without crashing", async ({ request }) => {
       const email = "nonexistent-dos-test@example.com"; // Use non-existent email for DoS test
       const extremelyLongPassword = "A".repeat(50000); // 50,000 characters
@@ -126,6 +119,24 @@ test.describe("Authentication Security Tests - Vulnerability Prevention", () =>
   });
 
   test.describe("Timing Attack Prevention - User Enumeration Protection", () => {
+    test.beforeEach(async ({ request, users }) => {
+      const csrfResponse = await request.get("/api/auth/csrf");
+      const csrfData = await csrfResponse.json();
+      csrfToken = csrfData.csrfToken;
+
+      const uniqueId = Date.now() + Math.random();
+      const userName = "Security Test User";
+      const userEmail = `security-test-${uniqueId}@example.com`;
+      await users.create({
+        name: userName,
+        email: userEmail,
+      });
+      testUser = {
+        email: userEmail,
+        password: userName, // The fixture uses the name as password
+      };
+    });
+
     test("should not reveal user existence through response timing differences", async ({ request }) => {
       // Helper functions for statistical analysis
       const calculateMedian = (values: number[]): number => {
@@ -359,6 +370,12 @@ test.describe("Authentication Security Tests - Vulnerability Prevention", () =>
   });
 
   test.describe("Security Headers and Response Safety", () => {
+    test.beforeEach(async ({ request }) => {
+      const csrfResponse = await request.get("/api/auth/csrf");
+      const csrfData = await csrfResponse.json();
+      csrfToken = csrfData.csrfToken;
+    });
+
     test("should include security headers in responses", async ({ request }) => {
       const response = await request.post("/api/auth/callback/credentials", {
         data: {

packages/js-core/src/lib/common/setup.ts

@@ -6,7 +6,7 @@ import { Logger } from "@/lib/common/logger";
 import { getIsSetup, setIsSetup } from "@/lib/common/status";
 import { filterSurveys, getIsDebug, isNowExpired, wrapThrows } from "@/lib/common/utils";
 import { fetchEnvironmentState } from "@/lib/environment/state";
-import { closeSurvey, preloadSurveysScript } from "@/lib/survey/widget";
+import { closeSurvey } from "@/lib/survey/widget";
 import { DEFAULT_USER_STATE_NO_USER_ID } from "@/lib/user/state";
 import { sendUpdatesToBackend } from "@/lib/user/update";
 import {
@@ -316,9 +316,6 @@ export const setup = async (
   addEventListeners();
   addCleanupEventListeners();
 
-  // Preload surveys script so it's ready when a survey triggers
-  preloadSurveysScript(configInput.appUrl);
-
   setIsSetup(true);
   logger.debug("Set up complete");
 

packages/js-core/src/lib/survey/tests/widget.test.ts

@@ -43,6 +43,17 @@ vi.mock("@/lib/common/utils", () => ({
   handleHiddenFields: vi.fn(),
 }));
 
+const mockUpdateQueue = {
+  hasPendingWork: vi.fn().mockReturnValue(false),
+  waitForPendingWork: vi.fn().mockResolvedValue(true),
+};
+
+vi.mock("@/lib/user/update-queue", () => ({
+  UpdateQueue: {
+    getInstance: vi.fn(() => mockUpdateQueue),
+  },
+}));
+
 describe("widget-file", () => {
   let getInstanceConfigMock: MockInstance<() => Config>;
   let getInstanceLoggerMock: MockInstance<() => Logger>;
@@ -249,4 +260,265 @@ describe("widget-file", () => {
     widget.removeWidgetContainer();
     expect(document.getElementById("formbricks-container")).toBeFalsy();
   });
+
+  test("renderWidget waits for pending identification before rendering", async () => {
+    mockUpdateQueue.hasPendingWork.mockReturnValue(true);
+    mockUpdateQueue.waitForPendingWork.mockResolvedValue(true);
+
+    const mockConfigValue = {
+      get: vi.fn().mockReturnValue({
+        appUrl: "https://fake.app",
+        environmentId: "env_123",
+        environment: {
+          data: {
+            project: {
+              clickOutsideClose: true,
+              overlay: "none",
+              placement: "bottomRight",
+              inAppSurveyBranding: true,
+            },
+          },
+        },
+        user: {
+          data: {
+            userId: "user_abc",
+            contactId: "contact_abc",
+            displays: [],
+            responses: [],
+            lastDisplayAt: null,
+            language: "en",
+          },
+        },
+      }),
+      update: vi.fn(),
+    };
+
+    getInstanceConfigMock.mockReturnValue(mockConfigValue as unknown as Config);
+    widget.setIsSurveyRunning(false);
+
+    // @ts-expect-error -- mock window.formbricksSurveys
+    window.formbricksSurveys = {
+      renderSurvey: vi.fn(),
+    };
+
+    vi.useFakeTimers();
+
+    await widget.renderWidget({
+      ...mockSurvey,
+      delay: 0,
+    } as unknown as TEnvironmentStateSurvey);
+
+    expect(mockUpdateQueue.hasPendingWork).toHaveBeenCalled();
+    expect(mockUpdateQueue.waitForPendingWork).toHaveBeenCalled();
+
+    vi.advanceTimersByTime(0);
+
+    expect(window.formbricksSurveys.renderSurvey).toHaveBeenCalledWith(
+      expect.objectContaining({
+        contactId: "contact_abc",
+      })
+    );
+
+    vi.useRealTimers();
+  });
+
+  test("renderWidget does not wait when no identification is pending", async () => {
+    mockUpdateQueue.hasPendingWork.mockReturnValue(false);
+
+    const mockConfigValue = {
+      get: vi.fn().mockReturnValue({
+        appUrl: "https://fake.app",
+        environmentId: "env_123",
+        environment: {
+          data: {
+            project: {
+              clickOutsideClose: true,
+              overlay: "none",
+              placement: "bottomRight",
+              inAppSurveyBranding: true,
+            },
+          },
+        },
+        user: {
+          data: {
+            userId: "user_abc",
+            contactId: "contact_abc",
+            displays: [],
+            responses: [],
+            lastDisplayAt: null,
+            language: "en",
+          },
+        },
+      }),
+      update: vi.fn(),
+    };
+
+    getInstanceConfigMock.mockReturnValue(mockConfigValue as unknown as Config);
+    widget.setIsSurveyRunning(false);
+
+    // @ts-expect-error -- mock window.formbricksSurveys
+    window.formbricksSurveys = {
+      renderSurvey: vi.fn(),
+    };
+
+    vi.useFakeTimers();
+
+    await widget.renderWidget({
+      ...mockSurvey,
+      delay: 0,
+    } as unknown as TEnvironmentStateSurvey);
+
+    expect(mockUpdateQueue.hasPendingWork).toHaveBeenCalled();
+    expect(mockUpdateQueue.waitForPendingWork).not.toHaveBeenCalled();
+
+    vi.advanceTimersByTime(0);
+    expect(window.formbricksSurveys.renderSurvey).toHaveBeenCalled();
+
+    vi.useRealTimers();
+  });
+
+  test("renderWidget reads contactId after identification wait completes", async () => {
+    let callCount = 0;
+    const mockConfigValue = {
+      get: vi.fn().mockImplementation(() => {
+        callCount++;
+        return {
+          appUrl: "https://fake.app",
+          environmentId: "env_123",
+          environment: {
+            data: {
+              project: {
+                clickOutsideClose: true,
+                overlay: "none",
+                placement: "bottomRight",
+                inAppSurveyBranding: true,
+              },
+            },
+          },
+          user: {
+            data: {
+              // Simulate contactId becoming available after identification
+              userId: "user_abc",
+              contactId: callCount > 2 ? "contact_after_identification" : undefined,
+              displays: [],
+              responses: [],
+              lastDisplayAt: null,
+              language: "en",
+            },
+          },
+        };
+      }),
+      update: vi.fn(),
+    };
+
+    getInstanceConfigMock.mockReturnValue(mockConfigValue as unknown as Config);
+    mockUpdateQueue.hasPendingWork.mockReturnValue(true);
+    mockUpdateQueue.waitForPendingWork.mockResolvedValue(true);
+    widget.setIsSurveyRunning(false);
+
+    // @ts-expect-error -- mock window.formbricksSurveys
+    window.formbricksSurveys = {
+      renderSurvey: vi.fn(),
+    };
+
+    vi.useFakeTimers();
+
+    await widget.renderWidget({
+      ...mockSurvey,
+      delay: 0,
+    } as unknown as TEnvironmentStateSurvey);
+
+    vi.advanceTimersByTime(0);
+
+    // The contactId passed to renderSurvey should be read after the wait
+    expect(window.formbricksSurveys.renderSurvey).toHaveBeenCalledWith(
+      expect.objectContaining({
+        contactId: "contact_after_identification",
+      })
+    );
+
+    vi.useRealTimers();
+  });
+
+  test("renderWidget skips survey when identification fails and survey has segment filters", async () => {
+    mockUpdateQueue.hasPendingWork.mockReturnValue(true);
+    mockUpdateQueue.waitForPendingWork.mockResolvedValue(false);
+
+    widget.setIsSurveyRunning(false);
+
+    // @ts-expect-error -- mock window.formbricksSurveys
+    window.formbricksSurveys = {
+      renderSurvey: vi.fn(),
+    };
+
+    await widget.renderWidget({
+      ...mockSurvey,
+      delay: 0,
+      segment: { id: "seg_1", filters: [{ type: "attribute", value: "plan" }] },
+    } as unknown as TEnvironmentStateSurvey);
+
+    expect(mockUpdateQueue.waitForPendingWork).toHaveBeenCalled();
+    expect(mockLogger.debug).toHaveBeenCalledWith(
+      "User identification failed. Skipping survey with segment filters."
+    );
+    expect(window.formbricksSurveys.renderSurvey).not.toHaveBeenCalled();
+  });
+
+  test("renderWidget proceeds when identification fails but survey has no segment filters", async () => {
+    mockUpdateQueue.hasPendingWork.mockReturnValue(true);
+    mockUpdateQueue.waitForPendingWork.mockResolvedValue(false);
+
+    const mockConfigValue = {
+      get: vi.fn().mockReturnValue({
+        appUrl: "https://fake.app",
+        environmentId: "env_123",
+        environment: {
+          data: {
+            project: {
+              clickOutsideClose: true,
+              overlay: "none",
+              placement: "bottomRight",
+              inAppSurveyBranding: true,
+            },
+          },
+        },
+        user: {
+          data: {
+            userId: null,
+            contactId: null,
+            displays: [],
+            responses: [],
+            lastDisplayAt: null,
+            language: "en",
+          },
+        },
+      }),
+      update: vi.fn(),
+    };
+
+    getInstanceConfigMock.mockReturnValue(mockConfigValue as unknown as Config);
+    widget.setIsSurveyRunning(false);
+
+    // @ts-expect-error -- mock window.formbricksSurveys
+    window.formbricksSurveys = {
+      renderSurvey: vi.fn(),
+    };
+
+    vi.useFakeTimers();
+
+    await widget.renderWidget({
+      ...mockSurvey,
+      delay: 0,
+      segment: undefined,
+    } as unknown as TEnvironmentStateSurvey);
+
+    expect(mockLogger.debug).toHaveBeenCalledWith(
+      "User identification failed but survey has no segment filters. Proceeding."
+    );
+
+    vi.advanceTimersByTime(0);
+    expect(window.formbricksSurveys.renderSurvey).toHaveBeenCalled();
+
+    vi.useRealTimers();
+  });
 });

packages/js-core/src/lib/survey/widget.ts

@@ -106,15 +106,7 @@ export const renderWidget = async (
   const overlay = projectOverwrites.overlay ?? project.overlay;
   const placement = projectOverwrites.placement ?? project.placement;
   const isBrandingEnabled = project.inAppSurveyBranding;
-
-  let formbricksSurveys: TFormbricksSurveys;
-  try {
-    formbricksSurveys = await loadFormbricksSurveysExternally();
-  } catch (error) {
-    logger.error(`Failed to load surveys library: ${String(error)}`);
-    setIsSurveyRunning(false);
-    return;
-  }
+  const formbricksSurveys = await loadFormbricksSurveysExternally();
 
   const recaptchaSiteKey = config.get().environment.data.recaptchaSiteKey;
   const isSpamProtectionEnabled = Boolean(recaptchaSiteKey && survey.recaptcha?.enabled);
@@ -227,87 +219,30 @@ export const removeWidgetContainer = (): void => {
   document.getElementById(CONTAINER_ID)?.remove();
 };
 
-const SURVEYS_LOAD_TIMEOUT_MS = 10000;
-const SURVEYS_POLL_INTERVAL_MS = 200;
+const loadFormbricksSurveysExternally = (): Promise<typeof globalThis.window.formbricksSurveys> => {
+  const config = Config.getInstance();
 
-type TFormbricksSurveys = typeof globalThis.window.formbricksSurveys;
-
-let surveysLoadPromise: Promise<TFormbricksSurveys> | null = null;
-
-const waitForSurveysGlobal = (): Promise<TFormbricksSurveys> => {
   return new Promise((resolve, reject) => {
-    const startTime = Date.now();
-
-    const check = (): void => {
-      // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- Runtime check for surveys package availability
-      if (globalThis.window.formbricksSurveys) {
+    // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- We need to check if the formbricksSurveys object exists
+    if (globalThis.window.formbricksSurveys) {
+      resolve(globalThis.window.formbricksSurveys);
+    } else {
+      const script = document.createElement("script");
+      script.src = `${config.get().appUrl}/js/surveys.umd.cjs`;
+      script.async = true;
+      script.onload = () => {
+        // Apply stored nonce if it was set before surveys package loaded
         const storedNonce = globalThis.window.__formbricksNonce;
         if (storedNonce) {
           globalThis.window.formbricksSurveys.setNonce(storedNonce);
         }
         resolve(globalThis.window.formbricksSurveys);
-        return;
-      }
-
-      if (Date.now() - startTime >= SURVEYS_LOAD_TIMEOUT_MS) {
-        reject(new Error("Formbricks Surveys library did not become available within timeout"));
-        return;
-      }
-
-      setTimeout(check, SURVEYS_POLL_INTERVAL_MS);
-    };
-
-    check();
+      };
+      script.onerror = (error) => {
+        console.error("Failed to load Formbricks Surveys library:", error);
+        reject(new Error(`Failed to load Formbricks Surveys library: ${error as string}`));
+      };
+      document.head.appendChild(script);
+    }
   });
 };
-
-const loadFormbricksSurveysExternally = (): Promise<TFormbricksSurveys> => {
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- Runtime check for surveys package availability
-  if (globalThis.window.formbricksSurveys) {
-    return Promise.resolve(globalThis.window.formbricksSurveys);
-  }
-
-  if (surveysLoadPromise) {
-    return surveysLoadPromise;
-  }
-
-  surveysLoadPromise = new Promise<TFormbricksSurveys>((resolve, reject: (error: unknown) => void) => {
-    const config = Config.getInstance();
-    const script = document.createElement("script");
-    script.src = `${config.get().appUrl}/js/surveys.umd.cjs`;
-    script.async = true;
-    script.onload = () => {
-      waitForSurveysGlobal()
-        .then(resolve)
-        .catch((error: unknown) => {
-          surveysLoadPromise = null;
-          console.error("Failed to load Formbricks Surveys library:", error);
-          reject(new Error(`Failed to load Formbricks Surveys library`));
-        });
-    };
-    script.onerror = (error) => {
-      surveysLoadPromise = null;
-      console.error("Failed to load Formbricks Surveys library:", error);
-      reject(new Error(`Failed to load Formbricks Surveys library`));
-    };
-    document.head.appendChild(script);
-  });
-
-  return surveysLoadPromise;
-};
-
-let isPreloaded = false;
-
-export const preloadSurveysScript = (appUrl: string): void => {
-  // Don't preload if already loaded or already preloading
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-condition -- Runtime check for surveys package availability
-  if (globalThis.window.formbricksSurveys) return;
-  if (isPreloaded) return;
-
-  isPreloaded = true;
-  const link = document.createElement("link");
-  link.rel = "preload";
-  link.as = "script";
-  link.href = `${appUrl}/js/surveys.umd.cjs`;
-  document.head.appendChild(link);
-};

packages/js-core/src/lib/user/tests/update-queue.test.ts

@@ -169,4 +169,104 @@ describe("UpdateQueue", () => {
       "Formbricks can't set attributes without a userId! Please set a userId first with the setUserId function"
     );
   });
+
+  test("hasPendingWork returns false when no updates and no flush in flight", () => {
+    expect(updateQueue.hasPendingWork()).toBe(false);
+  });
+
+  test("hasPendingWork returns true when updates are queued", () => {
+    updateQueue.updateUserId(mockUserId1);
+    expect(updateQueue.hasPendingWork()).toBe(true);
+  });
+
+  test("hasPendingWork returns true while processUpdates flush is in flight", () => {
+    (sendUpdates as Mock).mockReturnValue({
+      ok: true,
+      data: { hasWarnings: false },
+    });
+
+    updateQueue.updateUserId(mockUserId1);
+    // Start processing but don't await — the debounce means the flush is in-flight
+    void updateQueue.processUpdates();
+
+    expect(updateQueue.hasPendingWork()).toBe(true);
+  });
+
+  test("waitForPendingWork returns true immediately when no pending work", async () => {
+    const result = await updateQueue.waitForPendingWork();
+    expect(result).toBe(true);
+  });
+
+  test("waitForPendingWork returns true when processUpdates succeeds", async () => {
+    (sendUpdates as Mock).mockReturnValue({
+      ok: true,
+      data: { hasWarnings: false },
+    });
+
+    updateQueue.updateUserId(mockUserId1);
+    void updateQueue.processUpdates();
+
+    const result = await updateQueue.waitForPendingWork();
+
+    expect(result).toBe(true);
+    expect(updateQueue.hasPendingWork()).toBe(false);
+    expect(sendUpdates).toHaveBeenCalled();
+  });
+
+  test("waitForPendingWork returns false when processUpdates rejects", async () => {
+    loggerMock.mockReturnValue(mockLogger as unknown as Logger);
+    (sendUpdates as Mock).mockRejectedValue(new Error("network error"));
+
+    updateQueue.updateUserId(mockUserId1);
+    // eslint-disable-next-line @typescript-eslint/no-empty-function -- intentionally swallowing rejection to avoid unhandled promise
+    const processPromise = updateQueue.processUpdates().catch(() => {});
+
+    const result = await updateQueue.waitForPendingWork();
+    expect(result).toBe(false);
+    await processPromise;
+  });
+
+  test("waitForPendingWork returns false when flush hangs past timeout", async () => {
+    vi.useFakeTimers();
+
+    // sendUpdates returns a promise that never resolves, simulating a network hang
+    // eslint-disable-next-line @typescript-eslint/no-empty-function -- intentionally never-resolving promise
+    (sendUpdates as Mock).mockReturnValue(new Promise(() => {}));
+
+    updateQueue.updateUserId(mockUserId1);
+    void updateQueue.processUpdates();
+
+    const resultPromise = updateQueue.waitForPendingWork();
+
+    // Advance past the debounce delay (500ms) so the handler fires and hangs on sendUpdates
+    await vi.advanceTimersByTimeAsync(500);
+    // Advance past the pending work timeout (5000ms)
+    await vi.advanceTimersByTimeAsync(5000);
+
+    const result = await resultPromise;
+    expect(result).toBe(false);
+
+    vi.useRealTimers();
+  });
+
+  test("processUpdates reuses pending flush instead of creating orphaned promises", async () => {
+    (sendUpdates as Mock).mockReturnValue({
+      ok: true,
+      data: { hasWarnings: false },
+    });
+
+    updateQueue.updateUserId(mockUserId1);
+
+    // First call creates the flush promise
+    const firstPromise = updateQueue.processUpdates();
+
+    // Second call while first is still pending should not create a new flush
+    updateQueue.updateAttributes({ name: mockAttributes.name });
+    const secondPromise = updateQueue.processUpdates();
+
+    // Both promises should resolve (second is not orphaned)
+    await Promise.all([firstPromise, secondPromise]);
+
+    expect(updateQueue.hasPendingWork()).toBe(false);
+  });
 });

packages/survey-ui/src/components/general/label.tsx

@@ -1,4 +1,4 @@
-import { sanitize } from "isomorphic-dompurify";
+import DOMPurify from "isomorphic-dompurify";
 import * as React from "react";
 import { cn, stripInlineStyles } from "@/lib/utils";
 
@@ -39,7 +39,7 @@ function Label({
   const isHtml = childrenString ? isValidHTML(strippedContent) : false;
   const safeHtml =
     isHtml && strippedContent
-      ? sanitize(strippedContent, {
+      ? DOMPurify.sanitize(strippedContent, {
           ADD_ATTR: ["target"],
           FORBID_ATTR: ["style"],
         })

packages/survey-ui/src/lib/utils.ts

@@ -1,5 +1,5 @@
 import { type ClassValue, clsx } from "clsx";
-import { sanitize } from "isomorphic-dompurify";
+import DOMPurify from "isomorphic-dompurify";
 import { extendTailwindMerge } from "tailwind-merge";
 
 const twMerge = extendTailwindMerge({
@@ -27,16 +27,14 @@ export function cn(...inputs: ClassValue[]): string {
 export const stripInlineStyles = (html: string): string => {
   if (!html) return html;
 
-  // Pre-strip style attributes from the raw string BEFORE DOMPurify parses it.
-  // DOMPurify internally uses innerHTML to parse HTML, which triggers CSP
-  // `style-src` violations at parse time — before FORBID_ATTR can strip them.
-  // The regex is O(n) safe: [^"]* and [^']* are negated classes bounded by
-  // fixed quote delimiters, so no backtracking can occur.
-  const preStripped = html.replaceAll(/ style="[^"]*"| style='[^']*'/gi, "");
-
-  return sanitize(preStripped, {
+  // Use DOMPurify to safely remove style attributes
+  // This is more secure than regex-based approaches and handles edge cases properly
+  return DOMPurify.sanitize(html, {
     FORBID_ATTR: ["style"],
+    // Preserve the target attribute (e.g. target="_blank" on links) which is not
+    // in DOMPurify's default allow-list but is explicitly required downstream.
     ADD_ATTR: ["target"],
+    // Keep other attributes and tags as-is, only remove style attributes
     KEEP_CONTENT: true,
   });
 };

packages/survey-ui/tsconfig.json

@@ -4,7 +4,6 @@
     "baseUrl": ".",
     "isolatedModules": true,
     "jsx": "react-jsx",
-    "lib": ["DOM", "DOM.Iterable", "ES2020", "ES2021.String"],
     "noEmit": true,
     "paths": {
       "@/*": ["./src/*"]

packages/surveys/src/lib/html-utils.ts

@@ -10,16 +10,14 @@ import DOMPurify from "isomorphic-dompurify";
 export const stripInlineStyles = (html: string): string => {
   if (!html) return html;
 
-  // Pre-strip style attributes from the raw string BEFORE DOMPurify parses it.
-  // DOMPurify internally uses innerHTML to parse HTML, which triggers CSP
-  // `style-src` violations at parse time — before FORBID_ATTR can strip them.
-  // The regex is O(n) safe: [^"]* and [^']* are negated classes bounded by
-  // fixed quote delimiters, so no backtracking can occur.
-  const preStripped = html.replaceAll(/ style="[^"]*"| style='[^']*'/gi, "");
-
-  return DOMPurify.sanitize(preStripped, {
+  // Use DOMPurify to safely remove style attributes
+  // This is more secure than regex-based approaches and handles edge cases properly
+  return DOMPurify.sanitize(html, {
     FORBID_ATTR: ["style"],
+    // Preserve the target attribute (e.g. target="_blank" on links) which is not
+    // in DOMPurify's default allow-list but is explicitly required downstream.
     ADD_ATTR: ["target"],
+    // Keep other attributes and tags as-is, only remove style attributes
     KEEP_CONTENT: true,
   });
 };

packages/types/segment.ts

@@ -357,13 +357,9 @@ export const ZSegmentCreateInput = z.object({
 export type TSegmentCreateInput = z.infer<typeof ZSegmentCreateInput>;
 
 export type TSegment = z.infer<typeof ZSegment>;
-export interface TSegmentSurveyReference {
-  id: string;
-  name: string;
-}
-export type TSegmentWithSurveyRefs = TSegment & {
-  activeSurveys: TSegmentSurveyReference[];
-  inactiveSurveys: TSegmentSurveyReference[];
+export type TSegmentWithSurveyNames = TSegment & {
+  activeSurveys: string[];
+  inactiveSurveys: string[];
 };
 
 export const ZSegmentUpdateInput = z