fix: harden sso account deletion reauth

fix: resolve remaining sso deletion review comments
fix: address sso deletion review comments
2026-05-06 11:20:56 -05:00 · 2026-05-06 10:16:37 +00:00 · 2026-05-05 17:10:21 +00:00 · 2026-05-05 16:27:52 +00:00 · 2026-05-05 15:45:56 +00:00 · 2026-05-05 15:01:25 +00:00
713 changed files with 44364 additions and 12678 deletions
@@ -0,0 +1,9 @@
+# THIS IS AUTOGENERATED. DO NOT EDIT MANUALLY
+version = 1
+name = "formbricks"
+
+[setup]
+script = '''
+pnpm install
+pnpm dev:setup
+'''
@@ -94,12 +94,25 @@ EMAIL_VERIFICATION_DISABLED=1
 # Password Reset. If you enable Password Reset functionality you have to setup SMTP-Settings, too.
 PASSWORD_RESET_DISABLED=1

+# Password reset token lifetime in minutes. Must be between 5 and 120 if set.
+# PASSWORD_RESET_TOKEN_LIFETIME_MINUTES=30
+
+# Development-only helper: log the password reset link to the server console instead of sending reset emails.
+# DEBUG_SHOW_RESET_LINK=1
+
 # Email login. Disable the ability for users to login with email.
 # EMAIL_AUTH_DISABLED=1

 # Organization Invite. Disable the ability for invited users to create an account.
 # INVITE_DISABLED=1

+###########################################
+# Account deletion reauthentication       #
+###########################################
+
+# Danger: disables fresh SSO reauthentication for passwordless account deletion. Keep unset unless you accept the risk.
+# DISABLE_ACCOUNT_DELETION_SSO_REAUTH=1
+

 ##########
 # Other  #
@@ -126,12 +139,40 @@ GITHUB_SECRET=
 # Configure Google Login
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
+# Google only returns the auth_time proof after Auth Platform Security Bundle "Session age claims" is enabled.
+# Keep this unset until that setting is active for the OAuth app.
+# GOOGLE_ACCOUNT_DELETION_REAUTH_ENABLED=1

 # Configure Azure Active Directory Login
 AZUREAD_CLIENT_ID=
 AZUREAD_CLIENT_SECRET=
 AZUREAD_TENANT_ID=

+# Configure Formbricks AI at the instance level
+# Set the provider used for AI features on this instance.
+# Accepted values for AI_PROVIDER: aws, gcp, azure
+# Set AI_MODEL to the provider-specific model or deployment name and configure the matching credentials below.
+# AI_PROVIDER=gcp
+# AI_MODEL=gemini-2.5-flash
+
+# Google Vertex AI credentials
+# AI_GCP_PROJECT=
+# AI_GCP_LOCATION=
+# AI_GCP_CREDENTIALS_JSON=
+# AI_GCP_APPLICATION_CREDENTIALS=
+
+# Amazon Bedrock credentials
+# AI_AWS_REGION=
+# AI_AWS_ACCESS_KEY_ID=
+# AI_AWS_SECRET_ACCESS_KEY=
+# AI_AWS_SESSION_TOKEN=
+
+# Azure AI / Microsoft Foundry credentials
+# AI_AZURE_BASE_URL=
+# AI_AZURE_RESOURCE_NAME=
+# AI_AZURE_API_KEY=
+# AI_AZURE_API_VERSION=v1
+
 # OpenID Connect (OIDC) configuration
 # OIDC_CLIENT_ID=
 # OIDC_CLIENT_SECRET=
@@ -185,6 +226,14 @@ ENTERPRISE_LICENSE_KEY=
 # Ignore Rate Limiting across the Formbricks app
 # RATE_LIMITING_DISABLED=1

+# Disable telemetry reporting (usage stats sent to Formbricks). Ignored when an EE license is active.
+# TELEMETRY_DISABLED=1
+
+# Allow webhook URLs to point to internal/private network addresses (e.g. localhost, 192.168.x.x)
+# WARNING: Only enable this if you understand the SSRF risks. Useful for self-hosted instances
+# that need to send webhooks to internal services.
+# DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS=1
+
 # OpenTelemetry OTLP endpoint (base URL, exporters append /v1/traces and /v1/metrics)
 # OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
 # OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf
@@ -20,12 +20,12 @@ runs:
  using: "composite"
  steps:
    - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - uses: ./.github/actions/dangerous-git-checkout

    - name: Cache Build
-      uses: actions/cache@v3
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      id: cache-build
      env:
        cache-name: prod-build
@@ -43,7 +43,7 @@ runs:
      shell: bash

    - name: Setup Node.js 20.x
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
      with:
        node-version: 20.x
      if: steps.cache-build.outputs.cache-hit != 'true'
@@ -53,7 +53,7 @@ runs:
      if: steps.cache-build.outputs.cache-hit != 'true'

    - name: Install dependencies
-      run: pnpm install --config.platform=linux --config.architecture=x64
+      run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
      if: steps.cache-build.outputs.cache-hit != 'true'
      shell: bash

@@ -4,7 +4,7 @@ runs:
  using: "composite"
  steps:
    - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        ref: ${{ github.event.pull_request.head.sha }}
        fetch-depth: 2
@@ -49,7 +49,7 @@ jobs:
            ${{ runner.os }}-pnpm-store-

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: Run Chromatic
        uses: chromaui/action@4c20b95e9d3209ecfdf9cd6aace6bbde71ba1694 # v13.3.4
@@ -57,7 +57,7 @@ jobs:
      - uses: ./.github/actions/dangerous-git-checkout

      - name: Setup Node.js 22.x
-        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 22.x

@@ -65,7 +65,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
        shell: bash

      - name: create .env
@@ -85,65 +85,48 @@ jobs:
          echo "S3_REGION=us-east-1" >> .env
          echo "S3_BUCKET_NAME=formbricks-e2e" >> .env
          echo "S3_ENDPOINT_URL=http://localhost:9000" >> .env
-          echo "S3_ACCESS_KEY=devminio" >> .env
-          echo "S3_SECRET_KEY=devminio123" >> .env
+          echo "S3_ACCESS_KEY=devrustfs-service" >> .env
+          echo "S3_SECRET_KEY=devrustfs-service123" >> .env
          echo "S3_FORCE_PATH_STYLE=1" >> .env
        shell: bash

-      - name: Install MinIO client (mc)
-        run: |
-          set -euo pipefail
-          MC_VERSION="RELEASE.2025-08-13T08-35-41Z"
-          MC_BASE="https://dl.min.io/client/mc/release/linux-amd64/archive"
-          MC_BIN="mc.${MC_VERSION}"
-          MC_SUM="${MC_BIN}.sha256sum"
-
-          curl -fsSL "${MC_BASE}/${MC_BIN}" -o "${MC_BIN}"
-          curl -fsSL "${MC_BASE}/${MC_SUM}" -o "${MC_SUM}"
-
-          sha256sum -c "${MC_SUM}"
-
-          chmod +x "${MC_BIN}"
-          sudo mv "${MC_BIN}" /usr/local/bin/mc
-
-      - name: Start MinIO Server
+      - name: Start RustFS Server
        run: |
          set -euo pipefail

-          # Start MinIO server in background
+          # Start RustFS server in background
          docker run -d \
-            --name minio-server \
+            --name rustfs-server \
            -p 9000:9000 \
            -p 9001:9001 \
-            -e MINIO_ROOT_USER=devminio \
-            -e MINIO_ROOT_PASSWORD=devminio123 \
-            minio/minio:RELEASE.2025-09-07T16-13-09Z \
-            server /data --console-address :9001
+            -e RUSTFS_ACCESS_KEY=devrustfs \
+            -e RUSTFS_SECRET_KEY=devrustfs123 \
+            -e RUSTFS_ADDRESS=:9000 \
+            -e RUSTFS_CONSOLE_ENABLE=true \
+            -e RUSTFS_CONSOLE_ADDRESS=:9001 \
+            rustfs/rustfs:1.0.0-alpha.93 \
+            /data

-          echo "MinIO server started"
+          echo "RustFS server started"

-      - name: Wait for MinIO and create S3 bucket
+      - name: Bootstrap RustFS bucket and browser upload CORS
        run: |
          set -euo pipefail

-          echo "Waiting for MinIO to be ready..."
-          ready=0
-          for i in {1..60}; do
-            if curl -fsS http://localhost:9000/minio/health/live >/dev/null; then
-              echo "MinIO is up after ${i} seconds"
-              ready=1
-              break
-            fi
-            sleep 1
-          done
-
-          if [ "$ready" -ne 1 ]; then
-            echo "::error::MinIO did not become ready within 60 seconds"
-            exit 1
-          fi
-
-          mc alias set local http://localhost:9000 devminio devminio123
-          mc mb --ignore-existing local/formbricks-e2e
+          docker run --rm \
+            --network host \
+            --entrypoint /bin/sh \
+            -e RUSTFS_ENDPOINT_URL=http://127.0.0.1:9000 \
+            -e RUSTFS_ADMIN_USER=devrustfs \
+            -e RUSTFS_ADMIN_PASSWORD=devrustfs123 \
+            -e RUSTFS_SERVICE_USER=devrustfs-service \
+            -e RUSTFS_SERVICE_PASSWORD=devrustfs-service123 \
+            -e RUSTFS_BUCKET_NAME=formbricks-e2e \
+            -e RUSTFS_POLICY_NAME=formbricks-e2e-policy \
+            -e RUSTFS_CORS_ALLOWED_ORIGINS=http://localhost:3000,http://127.0.0.1:3000 \
+            -v "$PWD/docker/rustfs-init.sh:/tmp/rustfs-init.sh:ro" \
+            minio/mc@sha256:95b5f3f7969a5c5a9f3a700ba72d5c84172819e13385aaf916e237cf111ab868 \
+            /tmp/rustfs-init.sh

      - name: Build App
        run: |
@@ -242,8 +225,14 @@ jobs:
        if: failure()
        with:
          name: app-logs
+          if-no-files-found: ignore
          path: app.log

      - name: Output App Logs
        if: failure()
-        run: cat app.log
+        run: |
+          if [ -f app.log ]; then
+            cat app.log
+          else
+            echo "app.log not found because the Run App step did not execute or failed before log creation."
+          fi
@@ -21,7 +21,7 @@ jobs:
      - uses: ./.github/actions/dangerous-git-checkout

      - name: Setup Node.js 20.x
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 20.x

@@ -29,7 +29,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: create .env
        run: cp .env.example .env
@@ -25,7 +25,7 @@ jobs:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

      - name: Setup Node.js 22.x
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 22.x

@@ -33,7 +33,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: create .env
        run: cp .env.example .env
@@ -22,7 +22,7 @@ jobs:
      - uses: ./.github/actions/dangerous-git-checkout

      - name: Setup Node.js 20.x
-        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 20.x

@@ -30,7 +30,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: create .env
        run: cp .env.example .env
@@ -2,6 +2,7 @@ name: Translation Validation

 permissions:
  contents: read
+  pull-requests: read

 on:
  pull_request:
@@ -39,7 +40,7 @@ jobs:

      - name: Setup Node.js 22.x
        if: steps.changes.outputs.translations == 'true'
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 22.x

@@ -49,7 +50,7 @@ jobs:

      - name: Install dependencies
        if: steps.changes.outputs.translations == 'true'
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: Validate translation keys
        if: steps.changes.outputs.translations == 'true'
@@ -45,7 +45,7 @@ yarn-error.log*
 .direnv

 # Playwright
-/test-results/
+**/test-results/
 /playwright-report/
 /blob-report/
 /playwright/.cache/
@@ -1 +1,13 @@
-pnpm lint-staged
+#!/usr/bin/env sh
+
+if command -v pnpm >/dev/null 2>&1; then
+  pnpm lint-staged
+elif command -v npm >/dev/null 2>&1; then
+  npm exec --yes pnpm@10.32.1 lint-staged
+elif command -v corepack >/dev/null 2>&1; then
+  corepack pnpm lint-staged
+else
+  echo "Error: pnpm, npm, and corepack are unavailable in this Git hook PATH."
+  echo "Install Node.js tooling or update your PATH, then retry the commit."
+  exit 127
+fi
@@ -127,34 +127,10 @@ Formbricks has a hosted cloud offering with a generous free plan to get you up a

 Formbricks is available Open-Source under AGPLv3 license. You can host Formbricks on your own servers using Docker without a subscription.

-If you opt for self-hosting Formbricks, here are a few options to consider:
-
 #### Docker

 To get started with self-hosting with Docker, take a look at our [self-hosting docs](https://formbricks.com/docs/self-hosting/deployment).

-#### Community-managed One Click Hosting
-
-##### Railway
-
-You can deploy Formbricks on [Railway](https://railway.app) using the button below.
-
-[![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/new/template/PPDzCd)
-
-##### RepoCloud
-
-Or you can also deploy Formbricks on [RepoCloud](https://repocloud.io) using the button below.
-
-[![Deploy on RepoCloud](https://d16t0pc4846x52.cloudfront.net/deploy.png)](https://repocloud.io/details/?app_id=254)
-
-##### Zeabur
-
-Or you can also deploy Formbricks on [Zeabur](https://zeabur.com) using the button below.
-
-[![Deploy to Zeabur](https://zeabur.com/button.svg)](https://zeabur.com/templates/G4TUJL)
-
-<a id="development"></a>
-
 ## 👨‍💻 Development

 ### Prerequisites
@@ -247,4 +223,4 @@ We currently do not offer Formbricks white-labeled. That means that we don't sel

 The Enterprise Edition allows us to fund the development of Formbricks sustainably. It guarantees that the free and open-source surveying infrastructure we're building will be around for decades to come.

-<p align="right"><a href="#top">🔼 Back to top</a></p>
+<a id="readme-de"></a>
@@ -11,19 +11,19 @@
    "clean": "rimraf .turbo node_modules dist storybook-static"
  },
  "devDependencies": {
-    "@chromatic-com/storybook": "^5.0.1",
-    "@storybook/addon-a11y": "10.2.17",
-    "@storybook/addon-links": "10.2.17",
-    "@storybook/addon-onboarding": "10.2.17",
-    "@storybook/react-vite": "10.2.17",
-    "@typescript-eslint/eslint-plugin": "8.57.0",
-    "@tailwindcss/vite": "4.2.1",
-    "@typescript-eslint/parser": "8.57.0",
+    "@chromatic-com/storybook": "5.0.2",
+    "@storybook/addon-a11y": "10.3.5",
+    "@storybook/addon-docs": "10.3.5",
+    "@storybook/addon-links": "10.3.5",
+    "@storybook/addon-onboarding": "10.3.5",
+    "@storybook/react-vite": "10.3.5",
+    "@tailwindcss/vite": "4.2.4",
+    "@typescript-eslint/eslint-plugin": "8.57.2",
+    "@typescript-eslint/parser": "8.57.2",
    "@vitejs/plugin-react": "5.1.4",
    "eslint-plugin-react-refresh": "0.4.26",
-    "eslint-plugin-storybook": "10.2.17",
-    "storybook": "10.2.17",
-    "vite": "7.3.1",
-    "@storybook/addon-docs": "10.2.17"
+    "eslint-plugin-storybook": "10.3.5",
+    "storybook": "10.3.5",
+    "vite": "7.3.2"
  }
 }
@@ -1,4 +1,4 @@
-import { Prisma } from "@prisma/client";
+import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { DatabaseError } from "@formbricks/types/errors";
@@ -32,7 +32,7 @@ describe("getTeamsByOrganizationId", () => {

  test("throws DatabaseError on Prisma error", async () => {
    vi.mocked(prisma.team.findMany).mockRejectedValueOnce(
-      new Prisma.PrismaClientKnownRequestError("fail", { code: "P2002", clientVersion: "1.0.0" })
+      new PrismaClientKnownRequestError("fail", { code: "P2002", clientVersion: "1.0.0" })
    );
    await expect(getTeamsByOrganizationId("org1")).rejects.toThrow(DatabaseError);
  });
@@ -1,6 +1,6 @@
 "use server";

-import { Prisma } from "@prisma/client";
+import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { ZId } from "@formbricks/types/common";
@@ -27,7 +27,7 @@ export const getTeamsByOrganizationId = reactCache(
        name: team.name,
      }));
    } catch (error) {
-      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      if (error instanceof PrismaClientKnownRequestError) {
        throw new DatabaseError(error.message);
      }

@@ -26,7 +26,8 @@ const Page = async (props: { params: Promise<{ organizationId: string }> }) => {
  const isMultiOrgEnabled = await getIsMultiOrgEnabled();

  const membership = await getMembershipByUserIdOrganizationId(session.user.id, organization.id);
-  const { isMember } = getAccessFlags(membership?.role);
+  const { isMember, isBilling } = getAccessFlags(membership?.role);
+  const isMembershipPending = membership?.role === undefined;

  return (
    <div className="flex min-h-full min-w-full flex-row">
@@ -45,6 +46,8 @@ const Page = async (props: { params: Promise<{ organizationId: string }> }) => {
              isOwnerOrManager={false}
              isAccessControlAllowed={false}
              isMember={isMember}
+              isBilling={isBilling}
+              isMembershipPending={isMembershipPending}
              environments={[]}
            />
          </div>
@@ -75,6 +75,10 @@ export const EnvironmentLayout = async ({ layoutData, children }: EnvironmentLay
          isDevelopment={IS_DEVELOPMENT}
          membershipRole={membership.role}
          publicDomain={publicDomain}
+          isMultiOrgEnabled={isMultiOrgEnabled}
+          organizationProjectsLimit={organizationProjectsLimit}
+          isLicenseActive={active}
+          isAccessControlAllowed={isAccessControlAllowed}
        />
        <div id="mainContent" className="flex flex-1 flex-col overflow-hidden bg-slate-50">
          <TopControlBar
@@ -2,42 +2,59 @@

 import {
  ArrowUpRightIcon,
+  Building2Icon,
  ChevronRightIcon,
  Cog,
+  FoldersIcon,
+  Loader2,
  LogOutIcon,
  MessageCircle,
  PanelLeftCloseIcon,
  PanelLeftOpenIcon,
+  PlusIcon,
  RocketIcon,
+  SettingsIcon,
  UserCircleIcon,
  UserIcon,
-  WorkflowIcon,
 } from "lucide-react";
 import Image from "next/image";
 import Link from "next/link";
 import { usePathname, useRouter } from "next/navigation";
-import { useEffect, useMemo, useState } from "react";
+import { useCallback, useEffect, useMemo, useState, useTransition } from "react";
 import { useTranslation } from "react-i18next";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TOrganizationRole } from "@formbricks/types/memberships";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TUser } from "@formbricks/types/user";
+import {
+  getOrganizationsForSwitcherAction,
+  getProjectsForSwitcherAction,
+} from "@/app/(app)/environments/[environmentId]/actions";
 import { NavigationLink } from "@/app/(app)/environments/[environmentId]/components/NavigationLink";
 import { isNewerVersion } from "@/app/(app)/environments/[environmentId]/lib/utils";
 import FBLogo from "@/images/formbricks-wordmark.svg";
 import { cn } from "@/lib/cn";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
 import { getAccessFlags } from "@/lib/membership/utils";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { useSignOut } from "@/modules/auth/hooks/use-sign-out";
 import { TrialAlert } from "@/modules/ee/billing/components/trial-alert";
+import { CreateOrganizationModal } from "@/modules/organization/components/CreateOrganizationModal";
+import { CreateProjectModal } from "@/modules/projects/components/create-project-modal";
+import { ProjectLimitModal } from "@/modules/projects/components/project-limit-modal";
 import { getLatestStableFbReleaseAction } from "@/modules/projects/settings/(setup)/app-connection/actions";
 import { ProfileAvatar } from "@/modules/ui/components/avatars";
 import { Button } from "@/modules/ui/components/button";
 import {
  DropdownMenu,
+  DropdownMenuCheckboxItem,
  DropdownMenuContent,
+  DropdownMenuGroup,
  DropdownMenuItem,
+  DropdownMenuSeparator,
  DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
+import { ModalButton } from "@/modules/ui/components/upgrade-prompt";
 import packageJson from "../../../../../package.json";

 interface NavigationProps {
@@ -49,8 +66,31 @@ interface NavigationProps {
  isDevelopment: boolean;
  membershipRole?: TOrganizationRole;
  publicDomain: string;
+  isMultiOrgEnabled: boolean;
+  organizationProjectsLimit: number;
+  isLicenseActive: boolean;
+  isAccessControlAllowed: boolean;
 }

+const isActiveProjectSetting = (pathname: string, settingId: string): boolean => {
+  if (pathname.includes("/settings/")) {
+    return false;
+  }
+
+  const pattern = new RegExp(`/workspace/${settingId}(?:/|$)`);
+  return pattern.test(pathname);
+};
+
+const isActiveOrganizationSetting = (pathname: string, settingId: string): boolean => {
+  const accountSettingsPattern = /\/settings\/(profile|account|notifications|security|appearance)(?:\/|$)/;
+  if (accountSettingsPattern.test(pathname)) {
+    return false;
+  }
+
+  const pattern = new RegExp(`/settings/${settingId}(?:/|$)`);
+  return pattern.test(pathname);
+};
+
 export const MainNavigation = ({
  environment,
  organization,
@@ -60,6 +100,10 @@ export const MainNavigation = ({
  isFormbricksCloud,
  isDevelopment,
  publicDomain,
+  isMultiOrgEnabled,
+  organizationProjectsLimit,
+  isLicenseActive,
+  isAccessControlAllowed,
 }: NavigationProps) => {
  const router = useRouter();
  const pathname = usePathname();
@@ -69,7 +113,12 @@ export const MainNavigation = ({
  const [latestVersion, setLatestVersion] = useState("");
  const { signOut: signOutWithAudit } = useSignOut({ id: user.id, email: user.email });

-  const { isManager, isOwner, isBilling } = getAccessFlags(membershipRole);
+  const [isPending, startTransition] = useTransition();
+  const { isManager, isOwner, isBilling, isMember } = getAccessFlags(membershipRole);
+  const isMembershipPending = membershipRole === undefined;
+  const disabledNavigationMessage = isMembershipPending
+    ? t("common.loading")
+    : t("common.you_are_not_authorized_to_perform_this_action");

  const isOwnerOrManager = isManager || isOwner;

@@ -106,6 +155,7 @@ export const MainNavigation = ({
        icon: MessageCircle,
        isActive: pathname?.includes("/surveys"),
        isHidden: false,
+        disabled: isMembershipPending || isBilling,
      },
      {
        href: `/environments/${environment.id}/contacts`,
@@ -115,22 +165,17 @@ export const MainNavigation = ({
          pathname?.includes("/contacts") ||
          pathname?.includes("/segments") ||
          pathname?.includes("/attributes"),
-      },
-      {
-        name: t("common.workflows"),
-        href: `/environments/${environment.id}/workflows`,
-        icon: WorkflowIcon,
-        isActive: pathname?.includes("/workflows"),
-        isHidden: !isFormbricksCloud,
+        disabled: isMembershipPending || isBilling,
      },
      {
        name: t("common.configuration"),
        href: `/environments/${environment.id}/workspace/general`,
        icon: Cog,
        isActive: pathname?.includes("/workspace"),
+        disabled: isMembershipPending || isBilling,
      },
    ],
-    [t, environment.id, pathname, isFormbricksCloud]
+    [t, environment.id, pathname, isMembershipPending, isBilling]
  );

  const dropdownNavigation = [
@@ -153,6 +198,183 @@ export const MainNavigation = ({
    },
  ];

+  const [isWorkspaceDropdownOpen, setIsWorkspaceDropdownOpen] = useState(false);
+  const [isOrganizationDropdownOpen, setIsOrganizationDropdownOpen] = useState(false);
+  const [projects, setProjects] = useState<{ id: string; name: string }[]>([]);
+  const [organizations, setOrganizations] = useState<{ id: string; name: string }[]>([]);
+  const [isLoadingProjects, setIsLoadingProjects] = useState(false);
+  const [hasInitializedProjects, setHasInitializedProjects] = useState(false);
+  const [isLoadingOrganizations, setIsLoadingOrganizations] = useState(false);
+  const [workspaceLoadError, setWorkspaceLoadError] = useState<string | null>(null);
+  const [organizationLoadError, setOrganizationLoadError] = useState<string | null>(null);
+  const [openCreateProjectModal, setOpenCreateProjectModal] = useState(false);
+  const [openCreateOrganizationModal, setOpenCreateOrganizationModal] = useState(false);
+  const [openProjectLimitModal, setOpenProjectLimitModal] = useState(false);
+
+  const renderSwitcherError = (error: string, onRetry: () => void, retryLabel: string) => (
+    <div className="px-2 py-4">
+      <p className="mb-2 text-sm text-red-600">{error}</p>
+      <button onClick={onRetry} className="text-xs text-slate-600 underline hover:text-slate-800">
+        {retryLabel}
+      </button>
+    </div>
+  );
+
+  const projectSettings = [
+    {
+      id: "general",
+      label: t("common.general"),
+      href: `/environments/${environment.id}/workspace/general`,
+    },
+    {
+      id: "look",
+      label: t("common.look_and_feel"),
+      href: `/environments/${environment.id}/workspace/look`,
+    },
+    {
+      id: "app-connection",
+      label: t("common.website_and_app_connection"),
+      href: `/environments/${environment.id}/workspace/app-connection`,
+    },
+    {
+      id: "integrations",
+      label: t("common.integrations"),
+      href: `/environments/${environment.id}/workspace/integrations`,
+    },
+    {
+      id: "teams",
+      label: t("common.team_access"),
+      href: `/environments/${environment.id}/workspace/teams`,
+    },
+    {
+      id: "languages",
+      label: t("common.survey_languages"),
+      href: `/environments/${environment.id}/workspace/languages`,
+    },
+    {
+      id: "tags",
+      label: t("common.tags"),
+      href: `/environments/${environment.id}/workspace/tags`,
+    },
+  ];
+
+  const organizationSettings = [
+    {
+      id: "general",
+      label: t("common.general"),
+      href: `/environments/${environment.id}/settings/general`,
+    },
+    {
+      id: "teams",
+      label: t("common.members_and_teams"),
+      href: `/environments/${environment.id}/settings/teams`,
+    },
+    {
+      id: "api-keys",
+      label: t("common.api_keys"),
+      href: `/environments/${environment.id}/settings/api-keys`,
+      hidden: !isOwnerOrManager,
+    },
+    {
+      id: "domain",
+      label: t("common.domain"),
+      href: `/environments/${environment.id}/settings/domain`,
+      hidden: isFormbricksCloud,
+    },
+    {
+      id: "billing",
+      label: t("common.billing"),
+      href: `/environments/${environment.id}/settings/billing`,
+      hidden: !isFormbricksCloud,
+    },
+    {
+      id: "enterprise",
+      label: t("common.enterprise_license"),
+      href: `/environments/${environment.id}/settings/enterprise`,
+      hidden: isFormbricksCloud || isMember,
+    },
+  ];
+
+  const loadProjects = useCallback(async () => {
+    setIsLoadingProjects(true);
+    setWorkspaceLoadError(null);
+
+    try {
+      const result = await getProjectsForSwitcherAction({ organizationId: organization.id });
+      if (result?.data) {
+        const sorted = [...result.data].sort((a, b) => a.name.localeCompare(b.name));
+        setProjects(sorted);
+      } else {
+        setWorkspaceLoadError(getFormattedErrorMessage(result) || t("common.failed_to_load_workspaces"));
+      }
+    } catch (error) {
+      const formattedError =
+        typeof error === "object" && error !== null
+          ? getFormattedErrorMessage(error as { serverError?: string; validationErrors?: unknown })
+          : "";
+      setWorkspaceLoadError(
+        formattedError || (error instanceof Error ? error.message : t("common.failed_to_load_workspaces"))
+      );
+    } finally {
+      setIsLoadingProjects(false);
+      setHasInitializedProjects(true);
+    }
+  }, [organization.id, t]);
+
+  useEffect(() => {
+    if (!isWorkspaceDropdownOpen || projects.length > 0 || isLoadingProjects || workspaceLoadError) {
+      return;
+    }
+
+    loadProjects();
+  }, [isWorkspaceDropdownOpen, projects.length, isLoadingProjects, workspaceLoadError, loadProjects]);
+
+  const loadOrganizations = useCallback(async () => {
+    setIsLoadingOrganizations(true);
+    setOrganizationLoadError(null);
+
+    try {
+      const result = await getOrganizationsForSwitcherAction({ organizationId: organization.id });
+      if (result?.data) {
+        const sorted = [...result.data].sort((a, b) => a.name.localeCompare(b.name));
+        setOrganizations(sorted);
+      } else {
+        setOrganizationLoadError(
+          getFormattedErrorMessage(result) || t("common.failed_to_load_organizations")
+        );
+      }
+    } catch (error) {
+      const formattedError =
+        typeof error === "object" && error !== null
+          ? getFormattedErrorMessage(error as { serverError?: string; validationErrors?: unknown })
+          : "";
+      setOrganizationLoadError(
+        formattedError || (error instanceof Error ? error.message : t("common.failed_to_load_organizations"))
+      );
+    } finally {
+      setIsLoadingOrganizations(false);
+    }
+  }, [organization.id, t]);
+
+  useEffect(() => {
+    if (
+      !isOrganizationDropdownOpen ||
+      organizations.length > 0 ||
+      isLoadingOrganizations ||
+      organizationLoadError
+    ) {
+      return;
+    }
+
+    loadOrganizations();
+  }, [
+    isOrganizationDropdownOpen,
+    organizations.length,
+    isLoadingOrganizations,
+    organizationLoadError,
+    loadOrganizations,
+  ]);
+
  useEffect(() => {
    async function loadReleases() {
      const res = await getLatestStableFbReleaseAction();
@@ -182,7 +404,85 @@ export const MainNavigation = ({
    organization.billing?.stripe?.trialEnd,
  ]);

-  const mainNavigationLink = `/environments/${environment.id}/${isBilling ? "settings/billing/" : "surveys/"}`;
+  const mainNavigationLink = isBilling
+    ? getBillingFallbackPath(environment.id, isFormbricksCloud)
+    : `/environments/${environment.id}/surveys/`;
+
+  const handleProjectChange = (projectId: string) => {
+    const targetPath =
+      projectId === project.id ? `/environments/${environment.id}/surveys` : `/workspaces/${projectId}/`;
+    startTransition(() => {
+      setIsWorkspaceDropdownOpen(false);
+      router.push(targetPath);
+    });
+  };
+
+  const handleOrganizationChange = (organizationId: string) => {
+    const targetPath =
+      organizationId === organization.id
+        ? `/environments/${environment.id}/settings/general`
+        : `/organizations/${organizationId}/`;
+    startTransition(() => {
+      setIsOrganizationDropdownOpen(false);
+      router.push(targetPath);
+    });
+  };
+
+  const handleSettingNavigation = (href: string) => {
+    startTransition(() => {
+      router.push(href);
+    });
+  };
+
+  const handleProjectCreate = () => {
+    if (!hasInitializedProjects || isLoadingProjects) {
+      return;
+    }
+
+    if (projects.length >= organizationProjectsLimit) {
+      setOpenProjectLimitModal(true);
+      return;
+    }
+
+    setOpenCreateProjectModal(true);
+  };
+
+  const projectLimitModalButtons = (): [ModalButton, ModalButton] => {
+    if (isFormbricksCloud) {
+      return [
+        {
+          text: t("environments.settings.billing.upgrade"),
+          href: `/environments/${environment.id}/settings/billing`,
+        },
+        {
+          text: t("common.cancel"),
+          onClick: () => setOpenProjectLimitModal(false),
+        },
+      ];
+    }
+
+    return [
+      {
+        text: t("environments.settings.billing.upgrade"),
+        href: isLicenseActive
+          ? `/environments/${environment.id}/settings/enterprise`
+          : "https://formbricks.com/upgrade-self-hosted-license",
+      },
+      {
+        text: t("common.cancel"),
+        onClick: () => setOpenProjectLimitModal(false),
+      },
+    ];
+  };
+
+  const switcherTriggerClasses = cn(
+    "w-full border-t px-3 py-3 text-left transition-colors duration-200 hover:bg-slate-50 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-slate-500 focus-visible:ring-inset",
+    isCollapsed ? "flex items-center justify-center" : ""
+  );
+
+  const switcherIconClasses =
+    "flex h-9 w-9 shrink-0 items-center justify-center rounded-full bg-slate-100 text-slate-600";
+  const isInitialProjectsLoading = isWorkspaceDropdownOpen && !hasInitializedProjects && !workspaceLoadError;

  return (
    <>
@@ -222,24 +522,24 @@ export const MainNavigation = ({
            </div>

            {/* Main Nav Switch */}
-            {!isBilling && (
-              <ul>
-                {mainNavigation.map(
-                  (item) =>
-                    !item.isHidden && (
-                      <NavigationLink
-                        key={item.name}
-                        href={item.href}
-                        isActive={item.isActive}
-                        isCollapsed={isCollapsed}
-                        isTextVisible={isTextVisible}
-                        linkText={item.name}>
-                        <item.icon strokeWidth={1.5} />
-                      </NavigationLink>
-                    )
-                )}
-              </ul>
-            )}
+            <ul>
+              {mainNavigation.map(
+                (item) =>
+                  !item.isHidden && (
+                    <NavigationLink
+                      key={item.name}
+                      href={item.href}
+                      isActive={item.isActive}
+                      isCollapsed={isCollapsed}
+                      isTextVisible={isTextVisible}
+                      disabled={item.disabled}
+                      disabledMessage={item.disabled ? disabledNavigationMessage : undefined}
+                      linkText={item.name}>
+                      <item.icon strokeWidth={1.5} />
+                    </NavigationLink>
+                  )
+              )}
+            </ul>
          </div>

          <div>
@@ -263,38 +563,210 @@ export const MainNavigation = ({
              </Link>
            )}

-            {/* User Switch */}
-            <div className="flex items-center">
+            <div className="flex flex-col">
+              <DropdownMenu onOpenChange={setIsWorkspaceDropdownOpen}>
+                <DropdownMenuTrigger asChild id="workspaceDropdownTrigger" className={switcherTriggerClasses}>
+                  <button
+                    type="button"
+                    aria-label={isCollapsed ? t("common.change_workspace") : undefined}
+                    className={cn("flex w-full items-center gap-3", isCollapsed && "justify-center")}>
+                    <span className={switcherIconClasses}>
+                      <FoldersIcon className="h-4 w-4" strokeWidth={1.5} />
+                    </span>
+                    {!isCollapsed && !isTextVisible && (
+                      <>
+                        <div className="grow overflow-hidden">
+                          <p className="truncate text-sm font-bold text-slate-700">{project.name}</p>
+                          <p className="text-sm text-slate-500">{t("common.workspace")}</p>
+                        </div>
+                        {isPending && (
+                          <Loader2 className="h-4 w-4 animate-spin text-slate-600" strokeWidth={1.5} />
+                        )}
+                        <ChevronRightIcon className="h-4 w-4 shrink-0 text-slate-600" strokeWidth={1.5} />
+                      </>
+                    )}
+                  </button>
+                </DropdownMenuTrigger>
+                <DropdownMenuContent side="right" sideOffset={10} alignOffset={5} align="end">
+                  <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
+                    <FoldersIcon className="mr-2 inline h-4 w-4" strokeWidth={1.5} />
+                    {t("common.change_workspace")}
+                  </div>
+                  {(isLoadingProjects || isInitialProjectsLoading) && (
+                    <div className="flex items-center justify-center py-2">
+                      <Loader2 className="h-4 w-4 animate-spin" />
+                    </div>
+                  )}
+                  {!isLoadingProjects &&
+                    !isInitialProjectsLoading &&
+                    workspaceLoadError &&
+                    renderSwitcherError(
+                      workspaceLoadError,
+                      () => {
+                        setWorkspaceLoadError(null);
+                        setProjects([]);
+                      },
+                      t("common.try_again")
+                    )}
+                  {!isLoadingProjects && !isInitialProjectsLoading && !workspaceLoadError && (
+                    <>
+                      <DropdownMenuGroup className="max-h-[300px] overflow-y-auto">
+                        {projects.map((proj) => (
+                          <DropdownMenuCheckboxItem
+                            key={proj.id}
+                            checked={proj.id === project.id}
+                            onClick={() => handleProjectChange(proj.id)}
+                            className="cursor-pointer">
+                            {proj.name}
+                          </DropdownMenuCheckboxItem>
+                        ))}
+                      </DropdownMenuGroup>
+                      {isOwnerOrManager && (
+                        <DropdownMenuCheckboxItem
+                          onClick={handleProjectCreate}
+                          className="w-full cursor-pointer justify-between">
+                          <span>{t("common.add_new_workspace")}</span>
+                          <PlusIcon className="ml-2 h-4 w-4" strokeWidth={1.5} />
+                        </DropdownMenuCheckboxItem>
+                      )}
+                    </>
+                  )}
+                  <DropdownMenuSeparator />
+                  <DropdownMenuGroup>
+                    <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
+                      <Cog className="mr-2 inline h-4 w-4" strokeWidth={1.5} />
+                      {t("common.workspace_configuration")}
+                    </div>
+                    {projectSettings.map((setting) => (
+                      <DropdownMenuCheckboxItem
+                        key={setting.id}
+                        checked={isActiveProjectSetting(pathname, setting.id)}
+                        onClick={() => handleSettingNavigation(setting.href)}
+                        className="cursor-pointer">
+                        {setting.label}
+                      </DropdownMenuCheckboxItem>
+                    ))}
+                  </DropdownMenuGroup>
+                </DropdownMenuContent>
+              </DropdownMenu>
+
+              <DropdownMenu onOpenChange={setIsOrganizationDropdownOpen}>
+                <DropdownMenuTrigger
+                  asChild
+                  id="organizationDropdownTriggerSidebar"
+                  className={switcherTriggerClasses}>
+                  <button
+                    type="button"
+                    aria-label={isCollapsed ? t("common.change_organization") : undefined}
+                    className={cn("flex w-full items-center gap-3", isCollapsed && "justify-center")}>
+                    <span className={switcherIconClasses}>
+                      <Building2Icon className="h-4 w-4" strokeWidth={1.5} />
+                    </span>
+                    {!isCollapsed && !isTextVisible && (
+                      <>
+                        <div className="grow overflow-hidden">
+                          <p className="truncate text-sm font-bold text-slate-700">{organization.name}</p>
+                          <p className="text-sm text-slate-500">{t("common.organization")}</p>
+                        </div>
+                        {isPending && (
+                          <Loader2 className="h-4 w-4 animate-spin text-slate-600" strokeWidth={1.5} />
+                        )}
+                        <ChevronRightIcon className="h-4 w-4 shrink-0 text-slate-600" strokeWidth={1.5} />
+                      </>
+                    )}
+                  </button>
+                </DropdownMenuTrigger>
+                <DropdownMenuContent side="right" sideOffset={10} alignOffset={5} align="end">
+                  <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
+                    <Building2Icon className="mr-2 inline h-4 w-4" strokeWidth={1.5} />
+                    {t("common.change_organization")}
+                  </div>
+                  {isLoadingOrganizations && (
+                    <div className="flex items-center justify-center py-2">
+                      <Loader2 className="h-4 w-4 animate-spin" />
+                    </div>
+                  )}
+                  {!isLoadingOrganizations &&
+                    organizationLoadError &&
+                    renderSwitcherError(
+                      organizationLoadError,
+                      () => {
+                        setOrganizationLoadError(null);
+                        setOrganizations([]);
+                      },
+                      t("common.try_again")
+                    )}
+                  {!isLoadingOrganizations && !organizationLoadError && (
+                    <>
+                      <DropdownMenuGroup className="max-h-[300px] overflow-y-auto">
+                        {organizations.map((org) => (
+                          <DropdownMenuCheckboxItem
+                            key={org.id}
+                            checked={org.id === organization.id}
+                            onClick={() => handleOrganizationChange(org.id)}
+                            className="cursor-pointer">
+                            {org.name}
+                          </DropdownMenuCheckboxItem>
+                        ))}
+                      </DropdownMenuGroup>
+                      {isMultiOrgEnabled && (
+                        <DropdownMenuCheckboxItem
+                          onClick={() => setOpenCreateOrganizationModal(true)}
+                          className="w-full cursor-pointer justify-between">
+                          <span>{t("common.create_new_organization")}</span>
+                          <PlusIcon className="ml-2 h-4 w-4" strokeWidth={1.5} />
+                        </DropdownMenuCheckboxItem>
+                      )}
+                    </>
+                  )}
+                  <DropdownMenuSeparator />
+                  <DropdownMenuGroup>
+                    <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
+                      <SettingsIcon className="mr-2 inline h-4 w-4" strokeWidth={1.5} />
+                      {t("common.organization_settings")}
+                    </div>
+                    {organizationSettings.map((setting) => {
+                      if (setting.hidden) return null;
+                      return (
+                        <DropdownMenuCheckboxItem
+                          key={setting.id}
+                          checked={isActiveOrganizationSetting(pathname, setting.id)}
+                          onClick={() => handleSettingNavigation(setting.href)}
+                          className="cursor-pointer">
+                          {setting.label}
+                        </DropdownMenuCheckboxItem>
+                      );
+                    })}
+                  </DropdownMenuGroup>
+                </DropdownMenuContent>
+              </DropdownMenu>
+
              <DropdownMenu>
                <DropdownMenuTrigger
                  asChild
                  id="userDropdownTrigger"
-                  className="w-full rounded-br-xl border-t py-4 transition-colors duration-200 hover:bg-slate-50 focus:outline-none">
-                  <div
-                    className={cn(
-                      "flex cursor-pointer flex-row items-center gap-3",
-                      isCollapsed ? "justify-center px-2" : "px-4"
-                    )}>
-                    <ProfileAvatar userId={user.id} />
+                  className={cn(switcherTriggerClasses, "rounded-br-xl")}>
+                  <button
+                    type="button"
+                    aria-label={isCollapsed ? t("common.account_settings") : undefined}
+                    className={cn("flex w-full items-center gap-3", isCollapsed && "justify-center")}>
+                    <span className={switcherIconClasses}>
+                      <ProfileAvatar userId={user.id} />
+                    </span>
                    {!isCollapsed && !isTextVisible && (
                      <>
-                        <div
-                          className={cn(isTextVisible ? "opacity-0" : "opacity-100", "grow overflow-hidden")}>
+                        <div className="grow overflow-hidden">
                          <p
                            title={user?.email}
-                            className={cn(
-                              "ph-no-capture ph-no-capture -mb-0.5 truncate text-sm font-bold text-slate-700"
-                            )}>
+                            className="ph-no-capture ph-no-capture -mb-0.5 truncate text-sm font-bold text-slate-700">
                            {user?.name ? <span>{user?.name}</span> : <span>{user?.email}</span>}
                          </p>
-                          <p className="text-sm text-slate-700">{t("common.account")}</p>
+                          <p className="text-sm text-slate-500">{t("common.account")}</p>
                        </div>
-                        <ChevronRightIcon
-                          className={cn("h-5 w-5 shrink-0 text-slate-700 hover:text-slate-500")}
-                        />
+                        <ChevronRightIcon className="h-4 w-4 shrink-0 text-slate-600" strokeWidth={1.5} />
                      </>
                    )}
-                  </div>
+                  </button>
                </DropdownMenuTrigger>

                <DropdownMenuContent
@@ -303,8 +775,6 @@ export const MainNavigation = ({
                  sideOffset={10}
                  alignOffset={5}
                  align="end">
-                  {/* Dropdown Items */}
-
                  {dropdownNavigation.map((link) => (
                    <Link
                      href={link.href}
@@ -318,7 +788,6 @@ export const MainNavigation = ({
                      </DropdownMenuItem>
                    </Link>
                  ))}
-                  {/* Logout */}
                  <DropdownMenuItem
                    onClick={async () => {
                      const loginUrl = `${publicDomain}/auth/login`;
@@ -341,6 +810,28 @@ export const MainNavigation = ({
          </div>
        </aside>
      )}
+      {openProjectLimitModal && (
+        <ProjectLimitModal
+          open={openProjectLimitModal}
+          setOpen={setOpenProjectLimitModal}
+          buttons={projectLimitModalButtons()}
+          projectLimit={organizationProjectsLimit}
+        />
+      )}
+      {openCreateProjectModal && (
+        <CreateProjectModal
+          open={openCreateProjectModal}
+          setOpen={setOpenCreateProjectModal}
+          organizationId={organization.id}
+          isAccessControlAllowed={isAccessControlAllowed}
+        />
+      )}
+      {openCreateOrganizationModal && (
+        <CreateOrganizationModal
+          open={openCreateOrganizationModal}
+          setOpen={setOpenCreateOrganizationModal}
+        />
+      )}
    </>
  );
 };
@@ -1,6 +1,7 @@
 import Link from "next/link";
 import React from "react";
 import { cn } from "@/lib/cn";
+import { Popover, PopoverContent, PopoverTrigger } from "@/modules/ui/components/popover";
 import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";

 interface NavigationLinkProps {
@@ -10,6 +11,8 @@ interface NavigationLinkProps {
  children: React.ReactNode;
  linkText: string;
  isTextVisible: boolean;
+  disabled?: boolean;
+  disabledMessage?: string;
 }

 export const NavigationLink = ({
@@ -19,10 +22,34 @@ export const NavigationLink = ({
  children,
  linkText,
  isTextVisible = true,
+  disabled = false,
+  disabledMessage,
 }: NavigationLinkProps) => {
+  const tooltipText = disabled ? disabledMessage || linkText : linkText;
  const activeClass = "bg-slate-50 border-r-4 border-brand-dark font-semibold text-slate-900";
  const inactiveClass =
    "hover:bg-slate-50 border-r-4 border-transparent hover:border-slate-300 transition-all duration-150 ease-in-out";
+  const disabledClass = "cursor-not-allowed border-r-4 border-transparent text-slate-400";
+  const getColorClass = (baseClass: string) => {
+    if (disabled) {
+      return disabledClass;
+    }
+
+    return cn(baseClass, isActive ? activeClass : inactiveClass);
+  };
+
+  const collapsedColorClass = getColorClass("text-slate-700 hover:text-slate-900");
+  const expandedColorClass = getColorClass("text-slate-600 hover:text-slate-900");
+
+  const label = (
+    <span
+      className={cn(
+        "ml-2 flex transition-opacity duration-100",
+        isTextVisible ? "opacity-0" : "opacity-100"
+      )}>
+      {linkText}
+    </span>
+  );

  return (
    <>
@@ -30,35 +57,37 @@ export const NavigationLink = ({
        <TooltipProvider delayDuration={0}>
          <Tooltip>
            <TooltipTrigger asChild>
-              <li
-                className={cn(
-                  "mb-1 ml-2 rounded-l-md py-2 pl-2 text-sm text-slate-700 hover:text-slate-900",
-                  isActive ? activeClass : inactiveClass
-                )}>
-                <Link href={href} className="flex items-center">
-                  {children}
-                </Link>
+              <li className={cn("mb-1 ml-2 rounded-l-md py-2 pl-2 text-sm", collapsedColorClass)}>
+                {disabled ? (
+                  <div className="flex items-center">{children}</div>
+                ) : (
+                  <Link href={href}>{children}</Link>
+                )}
              </li>
            </TooltipTrigger>
-            <TooltipContent side="right">{linkText}</TooltipContent>
+            <TooltipContent side="right">{tooltipText}</TooltipContent>
          </Tooltip>
        </TooltipProvider>
      ) : (
-        <li
-          className={cn(
-            "mb-1 rounded-l-md py-2 pl-5 text-sm text-slate-600 hover:text-slate-900",
-            isActive ? activeClass : inactiveClass
-          )}>
-          <Link href={href} className="flex items-center">
-            {children}
-            <span
-              className={cn(
-                "ml-2 flex transition-opacity duration-100",
-                isTextVisible ? "opacity-0" : "opacity-100"
-              )}>
-              {linkText}
-            </span>
-          </Link>
+        <li className={cn("mb-1 rounded-l-md py-2 pl-5 text-sm", expandedColorClass)}>
+          {disabled ? (
+            <Popover>
+              <PopoverTrigger asChild>
+                <div className="flex items-center">
+                  {children}
+                  {label}
+                </div>
+              </PopoverTrigger>
+              <PopoverContent className="w-fit max-w-72 px-3 py-2 text-sm text-slate-700">
+                {disabledMessage || linkText}
+              </PopoverContent>
+            </Popover>
+          ) : (
+            <Link href={href} className="flex items-center">
+              {children}
+              {label}
+            </Link>
+          )}
        </li>
      )}
    </>
@@ -31,7 +31,8 @@ export const TopControlBar = ({
  isAccessControlAllowed,
  membershipRole,
 }: TopControlBarProps) => {
-  const { isMember } = getAccessFlags(membershipRole);
+  const { isMember, isBilling } = getAccessFlags(membershipRole);
+  const isMembershipPending = membershipRole === undefined;
  const { environment } = useEnvironment();

  return (
@@ -49,6 +50,8 @@ export const TopControlBar = ({
        isLicenseActive={isLicenseActive}
        isOwnerOrManager={isOwnerOrManager}
        isMember={isMember}
+        isBilling={isBilling}
+        isMembershipPending={isMembershipPending}
        isAccessControlAllowed={isAccessControlAllowed}
      />
    </div>
@@ -25,6 +25,7 @@ import {
  DropdownMenuSeparator,
  DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
+import { Popover, PopoverContent, PopoverTrigger } from "@/modules/ui/components/popover";
 import { useOrganization } from "../context/environment-context";

 interface OrganizationBreadcrumbProps {
@@ -35,6 +36,7 @@ interface OrganizationBreadcrumbProps {
  isFormbricksCloud: boolean;
  isMember: boolean;
  isOwnerOrManager: boolean;
+  isMembershipPending: boolean;
 }

 const isActiveOrganizationSetting = (pathname: string, settingId: string): boolean => {
@@ -56,6 +58,7 @@ export const OrganizationBreadcrumb = ({
  isFormbricksCloud,
  isMember,
  isOwnerOrManager,
+  isMembershipPending,
 }: OrganizationBreadcrumbProps) => {
  const { t } = useTranslation();
  const [isOrganizationDropdownOpen, setIsOrganizationDropdownOpen] = useState(false);
@@ -111,8 +114,12 @@ export const OrganizationBreadcrumb = ({
  }

  const handleOrganizationChange = (organizationId: string) => {
-    if (organizationId === currentOrganizationId) return;
    startTransition(() => {
+      setIsOrganizationDropdownOpen(false);
+      if (organizationId === currentOrganizationId && currentEnvironmentId) {
+        router.push(`/environments/${currentEnvironmentId}/settings/general`);
+        return;
+      }
      router.push(`/organizations/${organizationId}/`);
    });
  };
@@ -142,7 +149,10 @@ export const OrganizationBreadcrumb = ({
      id: "api-keys",
      label: t("common.api_keys"),
      href: `/environments/${currentEnvironmentId}/settings/api-keys`,
-      hidden: !isOwnerOrManager,
+      disabled: isMembershipPending || !isOwnerOrManager,
+      disabledMessage: isMembershipPending
+        ? t("common.loading")
+        : t("common.you_are_not_authorized_to_perform_this_action"),
    },
    {
      id: "domain",
@@ -160,7 +170,11 @@ export const OrganizationBreadcrumb = ({
      id: "enterprise",
      label: t("common.enterprise_license"),
      href: `/environments/${currentEnvironmentId}/settings/enterprise`,
-      hidden: isFormbricksCloud || isMember,
+      hidden: isFormbricksCloud,
+      disabled: isMembershipPending || isMember,
+      disabledMessage: isMembershipPending
+        ? t("common.loading")
+        : t("common.you_are_not_authorized_to_perform_this_action"),
    },
  ];

@@ -242,14 +256,30 @@ export const OrganizationBreadcrumb = ({

              {organizationSettings.map((setting) => {
                return setting.hidden ? null : (
-                  <DropdownMenuCheckboxItem
-                    key={setting.id}
-                    checked={isActiveOrganizationSetting(pathname, setting.id)}
-                    hidden={setting.hidden}
-                    onClick={() => handleSettingChange(setting.href)}
-                    className="cursor-pointer">
-                    {setting.label}
-                  </DropdownMenuCheckboxItem>
+                  <div key={setting.id}>
+                    {setting.disabled ? (
+                      <Popover>
+                        <PopoverTrigger asChild>
+                          <button
+                            type="button"
+                            aria-disabled="true"
+                            className="relative flex w-full cursor-not-allowed select-none items-center rounded-lg py-1.5 pl-8 pr-2 text-sm font-medium text-slate-400">
+                            {setting.label}
+                          </button>
+                        </PopoverTrigger>
+                        <PopoverContent className="w-fit max-w-72 px-3 py-2 text-sm text-slate-700">
+                          {setting.disabledMessage}
+                        </PopoverContent>
+                      </Popover>
+                    ) : (
+                      <DropdownMenuCheckboxItem
+                        checked={isActiveOrganizationSetting(pathname, setting.id)}
+                        onClick={() => handleSettingChange(setting.href)}
+                        className="cursor-pointer">
+                        {setting.label}
+                      </DropdownMenuCheckboxItem>
+                    )}
+                  </div>
                );
              })}
            </div>
@@ -18,6 +18,8 @@ interface ProjectAndOrgSwitchProps {
  isLicenseActive: boolean;
  isOwnerOrManager: boolean;
  isMember: boolean;
+  isBilling: boolean;
+  isMembershipPending: boolean;
  isAccessControlAllowed: boolean;
 }

@@ -35,6 +37,8 @@ export const ProjectAndOrgSwitch = ({
  isOwnerOrManager,
  isAccessControlAllowed,
  isMember,
+  isBilling,
+  isMembershipPending,
 }: ProjectAndOrgSwitchProps) => {
  const currentEnvironment = environments.find((env) => env.id === currentEnvironmentId);
  const showEnvironmentBreadcrumb = currentEnvironment?.type === "development";
@@ -50,6 +54,7 @@ export const ProjectAndOrgSwitch = ({
          isFormbricksCloud={isFormbricksCloud}
          isMember={isMember}
          isOwnerOrManager={isOwnerOrManager}
+          isMembershipPending={isMembershipPending}
        />
        {currentProjectId && currentEnvironmentId && (
          <ProjectBreadcrumb
@@ -63,6 +68,8 @@ export const ProjectAndOrgSwitch = ({
            isLicenseActive={isLicenseActive}
            isAccessControlAllowed={isAccessControlAllowed}
            isEnvironmentBreadcrumbVisible={showEnvironmentBreadcrumb}
+            isBilling={isBilling}
+            isMembershipPending={isMembershipPending}
          />
        )}
        {showEnvironmentBreadcrumb && (
@@ -1,7 +1,7 @@
 "use client";

 import * as Sentry from "@sentry/nextjs";
-import { ChevronDownIcon, ChevronRightIcon, CogIcon, HotelIcon, Loader2, PlusIcon } from "lucide-react";
+import { ChevronDownIcon, ChevronRightIcon, CogIcon, FoldersIcon, Loader2, PlusIcon } from "lucide-react";
 import { usePathname, useRouter } from "next/navigation";
 import { useEffect, useState, useTransition } from "react";
 import { useTranslation } from "react-i18next";
@@ -19,6 +19,7 @@ import {
  DropdownMenuSeparator,
  DropdownMenuTrigger,
 } from "@/modules/ui/components/dropdown-menu";
+import { Popover, PopoverContent, PopoverTrigger } from "@/modules/ui/components/popover";
 import { ModalButton } from "@/modules/ui/components/upgrade-prompt";
 import { useProject } from "../context/environment-context";

@@ -33,6 +34,8 @@ interface ProjectBreadcrumbProps {
  currentEnvironmentId: string;
  isAccessControlAllowed: boolean;
  isEnvironmentBreadcrumbVisible: boolean;
+  isBilling: boolean;
+  isMembershipPending: boolean;
 }

 const isActiveProjectSetting = (pathname: string, settingId: string): boolean => {
@@ -56,6 +59,8 @@ export const ProjectBreadcrumb = ({
  currentEnvironmentId,
  isAccessControlAllowed,
  isEnvironmentBreadcrumbVisible,
+  isBilling,
+  isMembershipPending,
 }: ProjectBreadcrumbProps) => {
  const { t } = useTranslation();
  const [isProjectDropdownOpen, setIsProjectDropdownOpen] = useState(false);
@@ -134,6 +139,10 @@ export const ProjectBreadcrumb = ({
      href: `/environments/${currentEnvironmentId}/workspace/tags`,
    },
  ];
+  const areProjectSettingsDisabled = isMembershipPending || isBilling;
+  const projectSettingsDisabledMessage = isMembershipPending
+    ? t("common.loading")
+    : t("common.you_are_not_authorized_to_perform_this_action");

  if (!currentProject) {
    const errorMessage = `Workspace not found for workspace id: ${currentProjectId}`;
@@ -143,9 +152,13 @@ export const ProjectBreadcrumb = ({
  }

  const handleProjectChange = (projectId: string) => {
-    if (projectId === currentProjectId) return;
+    const targetPath =
+      projectId === currentProjectId
+        ? `/environments/${currentEnvironmentId}/surveys`
+        : `/workspaces/${projectId}/`;
    startTransition(() => {
-      router.push(`/workspaces/${projectId}/`);
+      setIsProjectDropdownOpen(false);
+      router.push(targetPath);
    });
  };

@@ -198,7 +211,7 @@ export const ProjectBreadcrumb = ({
          id="projectDropdownTrigger"
          asChild>
          <div className="flex items-center gap-1">
-            <HotelIcon className="h-3 w-3" strokeWidth={1.5} />
+            <FoldersIcon className="h-3 w-3" strokeWidth={1.5} />
            <span>{projectName}</span>
            {isPending && <Loader2 className="h-3 w-3 animate-spin" strokeWidth={1.5} />}
            {isEnvironmentBreadcrumbVisible && !isProjectDropdownOpen ? (
@@ -211,7 +224,7 @@ export const ProjectBreadcrumb = ({

        <DropdownMenuContent align="start" className="mt-2">
          <div className="px-2 py-1.5 text-sm font-medium text-slate-500">
-            <HotelIcon className="mr-2 inline h-4 w-4" strokeWidth={1.5} />
+            <FoldersIcon className="mr-2 inline h-4 w-4" strokeWidth={1.5} />
            {t("common.choose_workspace")}
          </div>
          {isLoadingProjects && (
@@ -247,7 +260,24 @@ export const ProjectBreadcrumb = ({
                  </DropdownMenuCheckboxItem>
                ))}
              </DropdownMenuGroup>
-              {isOwnerOrManager && (
+              {isMembershipPending || !isOwnerOrManager ? (
+                <Popover>
+                  <PopoverTrigger asChild>
+                    <button
+                      type="button"
+                      aria-disabled="true"
+                      className="relative flex w-full cursor-not-allowed select-none items-center justify-between rounded-lg py-1.5 pl-8 pr-2 text-sm font-medium text-slate-400">
+                      <span>{t("common.add_new_workspace")}</span>
+                      <PlusIcon className="ml-2 h-4 w-4" strokeWidth={1.5} />
+                    </button>
+                  </PopoverTrigger>
+                  <PopoverContent className="w-fit max-w-72 px-3 py-2 text-sm text-slate-700">
+                    {isMembershipPending
+                      ? t("common.loading")
+                      : t("common.you_are_not_authorized_to_perform_this_action")}
+                  </PopoverContent>
+                </Popover>
+              ) : (
                <DropdownMenuCheckboxItem
                  onClick={handleAddProject}
                  className="w-full cursor-pointer justify-between">
@@ -264,13 +294,30 @@ export const ProjectBreadcrumb = ({
              {t("common.workspace_configuration")}
            </div>
            {projectSettings.map((setting) => (
-              <DropdownMenuCheckboxItem
-                key={setting.id}
-                checked={isActiveProjectSetting(pathname, setting.id)}
-                onClick={() => handleProjectSettingsNavigation(setting.id)}
-                className="cursor-pointer">
-                {setting.label}
-              </DropdownMenuCheckboxItem>
+              <div key={setting.id}>
+                {areProjectSettingsDisabled ? (
+                  <Popover>
+                    <PopoverTrigger asChild>
+                      <button
+                        type="button"
+                        aria-disabled="true"
+                        className="relative flex w-full cursor-not-allowed select-none items-center rounded-lg py-1.5 pl-8 pr-2 text-sm font-medium text-slate-400">
+                        {setting.label}
+                      </button>
+                    </PopoverTrigger>
+                    <PopoverContent className="w-fit max-w-72 px-3 py-2 text-sm text-slate-700">
+                      {projectSettingsDisabledMessage}
+                    </PopoverContent>
+                  </Popover>
+                ) : (
+                  <DropdownMenuCheckboxItem
+                    checked={isActiveProjectSetting(pathname, setting.id)}
+                    onClick={() => handleProjectSettingsNavigation(setting.id)}
+                    className="cursor-pointer">
+                    {setting.label}
+                  </DropdownMenuCheckboxItem>
+                )}
+              </div>
            ))}
          </DropdownMenuGroup>
        </DropdownMenuContent>
@@ -1,5 +1,6 @@
 import { redirect } from "next/navigation";
 import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getAccessFlags } from "@/lib/membership/utils";
 import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
@@ -12,11 +13,7 @@ const EnvironmentPage = async (props: { params: Promise<{ environmentId: string
  const { isBilling } = getAccessFlags(currentUserMembership?.role);

  if (isBilling) {
-    if (IS_FORMBRICKS_CLOUD) {
-      return redirect(`/environments/${params.environmentId}/settings/billing`);
-    } else {
-      return redirect(`/environments/${params.environmentId}/settings/enterprise`);
-    }
+    return redirect(getBillingFallbackPath(params.environmentId, IS_FORMBRICKS_CLOUD));
  }

  return redirect(`/environments/${params.environmentId}/surveys`);
@@ -6,19 +6,18 @@ import {
  TUserUpdateInput,
  ZUserPersonalInfoUpdateInput,
 } from "@formbricks/types/user";
-import {
-  getIsEmailUnique,
-  verifyUserPassword,
-} from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user";
-import { EMAIL_VERIFICATION_DISABLED } from "@/lib/constants";
+import { getIsEmailUnique } from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user";
+import { EMAIL_VERIFICATION_DISABLED, PASSWORD_RESET_DISABLED } from "@/lib/constants";
+import { verifyUserPassword } from "@/lib/user/password";
 import { getUser, updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
+import { requestPasswordReset } from "@/modules/auth/forgot-password/lib/password-reset-service";
 import { updateBrevoCustomer } from "@/modules/auth/lib/brevo";
 import { applyRateLimit } from "@/modules/core/rate-limit/helpers";
 import { rateLimitConfigs } from "@/modules/core/rate-limit/rate-limit-configs";
 import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
-import { sendForgotPasswordEmail, sendVerificationNewEmail } from "@/modules/email";
+import { sendVerificationNewEmail } from "@/modules/email";

 function buildUserUpdatePayload(parsedInput: TUserPersonalInfoUpdateInput): TUserUpdateInput {
  return {
@@ -85,11 +84,15 @@ export const updateUserAction = authenticatedActionClient.inputSchema(ZUserPerso

 export const resetPasswordAction = authenticatedActionClient.action(
  withAuditLogging("passwordReset", "user", async ({ ctx }) => {
+    if (PASSWORD_RESET_DISABLED) {
+      throw new OperationNotAllowedError("Password reset is disabled");
+    }
+
    if (ctx.user.identityProvider !== "email") {
      throw new OperationNotAllowedError("Password reset is not allowed for this user.");
    }

-    await sendForgotPasswordEmail(ctx.user);
+    await requestPasswordReset(ctx.user, "profile");

    ctx.auditLoggingCtx.userId = ctx.user.id;

@@ -1,30 +1,68 @@
 "use client";

 import type { Session } from "next-auth";
-import { useState } from "react";
+import { useEffect, useRef, useState } from "react";
+import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TUser } from "@formbricks/types/user";
 import { DeleteAccountModal } from "@/modules/account/components/DeleteAccountModal";
+import {
+  ACCOUNT_DELETION_GOOGLE_REAUTH_NOT_CONFIGURED_ERROR_CODE,
+  ACCOUNT_DELETION_SSO_REAUTH_ERROR_QUERY_PARAM,
+} from "@/modules/account/constants";
 import { Button } from "@/modules/ui/components/button";
 import { TooltipRenderer } from "@/modules/ui/components/tooltip";

+interface DeleteAccountProps {
+  session: Session | null;
+  IS_FORMBRICKS_CLOUD: boolean;
+  user: TUser;
+  organizationsWithSingleOwner: TOrganization[];
+  accountDeletionError?: string | string[];
+  isMultiOrgEnabled: boolean;
+  requiresPasswordConfirmation: boolean;
+}
+
 export const DeleteAccount = ({
  session,
  IS_FORMBRICKS_CLOUD,
  user,
  organizationsWithSingleOwner,
+  accountDeletionError,
  isMultiOrgEnabled,
-}: {
-  session: Session | null;
-  IS_FORMBRICKS_CLOUD: boolean;
-  user: TUser;
-  organizationsWithSingleOwner: TOrganization[];
-  isMultiOrgEnabled: boolean;
-}) => {
+  requiresPasswordConfirmation,
+}: Readonly<DeleteAccountProps>) => {
  const [isModalOpen, setModalOpen] = useState(false);
  const isDeleteDisabled = !isMultiOrgEnabled && organizationsWithSingleOwner.length > 0;
  const { t } = useTranslation();
+  const accountDeletionErrorCode = Array.isArray(accountDeletionError)
+    ? accountDeletionError[0]
+    : accountDeletionError;
+  const hasShownAccountDeletionError = useRef(false);
+
+  useEffect(() => {
+    if (!accountDeletionErrorCode || hasShownAccountDeletionError.current) {
+      return;
+    }
+
+    hasShownAccountDeletionError.current = true;
+
+    if (accountDeletionErrorCode === ACCOUNT_DELETION_GOOGLE_REAUTH_NOT_CONFIGURED_ERROR_CODE) {
+      toast.error(t("environments.settings.profile.google_sso_account_deletion_requires_setup"), {
+        id: "account-deletion-sso-reauth-error",
+      });
+    } else {
+      toast.error(t("environments.settings.profile.sso_reauthentication_failed"), {
+        id: "account-deletion-sso-reauth-error",
+      });
+    }
+
+    const url = new URL(globalThis.location.href);
+    url.searchParams.delete(ACCOUNT_DELETION_SSO_REAUTH_ERROR_QUERY_PARAM);
+    globalThis.history.replaceState(null, "", url.toString());
+  }, [accountDeletionErrorCode, t]);
+
  if (!session) {
    return null;
  }
@@ -32,6 +70,7 @@ export const DeleteAccount = ({
  return (
    <div>
      <DeleteAccountModal
+        requiresPasswordConfirmation={requiresPasswordConfirmation}
        open={isModalOpen}
        setOpen={setModalOpen}
        user={user}
@@ -116,10 +116,14 @@ export const EditProfileDetailsForm = ({
      setShowModal(true);
    } else {
      try {
-        await updateUserAction({
+        const result = await updateUserAction({
          ...data,
          name: data.name.trim(),
        });
+        if (result?.serverError) {
+          toast.error(getFormattedErrorMessage(result));
+          return;
+        }
        toast.success(t("environments.settings.profile.profile_updated_successfully"));
        window.location.reload();
        form.reset(data);
@@ -1,12 +1,6 @@
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
-import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
-import { verifyPassword as mockVerifyPasswordImported } from "@/modules/auth/lib/utils";
-import { getIsEmailUnique, verifyUserPassword } from "./user";
-
-vi.mock("@/modules/auth/lib/utils", () => ({
-  verifyPassword: vi.fn(),
-}));
+import { getIsEmailUnique } from "./user";

 vi.mock("@formbricks/database", () => ({
  prisma: {
@@ -17,92 +11,12 @@ vi.mock("@formbricks/database", () => ({
 }));

 const mockPrismaUserFindUnique = vi.mocked(prisma.user.findUnique);
-const mockVerifyPasswordUtil = vi.mocked(mockVerifyPasswordImported);

 describe("User Library Tests", () => {
  beforeEach(() => {
    vi.resetAllMocks();
  });

-  describe("verifyUserPassword", () => {
-    const userId = "test-user-id";
-    const password = "test-password";
-
-    test("should return true for correct password", async () => {
-      mockPrismaUserFindUnique.mockResolvedValue({
-        password: "hashed-password",
-        identityProvider: "email",
-      } as any);
-      mockVerifyPasswordUtil.mockResolvedValue(true);
-
-      const result = await verifyUserPassword(userId, password);
-      expect(result).toBe(true);
-      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
-        where: { id: userId },
-        select: { password: true, identityProvider: true },
-      });
-      expect(mockVerifyPasswordUtil).toHaveBeenCalledWith(password, "hashed-password");
-    });
-
-    test("should return false for incorrect password", async () => {
-      mockPrismaUserFindUnique.mockResolvedValue({
-        password: "hashed-password",
-        identityProvider: "email",
-      } as any);
-      mockVerifyPasswordUtil.mockResolvedValue(false);
-
-      const result = await verifyUserPassword(userId, password);
-      expect(result).toBe(false);
-      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
-        where: { id: userId },
-        select: { password: true, identityProvider: true },
-      });
-      expect(mockVerifyPasswordUtil).toHaveBeenCalledWith(password, "hashed-password");
-    });
-
-    test("should throw ResourceNotFoundError if user not found", async () => {
-      mockPrismaUserFindUnique.mockResolvedValue(null);
-
-      await expect(verifyUserPassword(userId, password)).rejects.toThrow(ResourceNotFoundError);
-      await expect(verifyUserPassword(userId, password)).rejects.toThrow(`user with ID ${userId} not found`);
-      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
-        where: { id: userId },
-        select: { password: true, identityProvider: true },
-      });
-      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
-    });
-
-    test("should throw InvalidInputError if identityProvider is not email", async () => {
-      mockPrismaUserFindUnique.mockResolvedValue({
-        password: "hashed-password",
-        identityProvider: "google", // Not 'email'
-      } as any);
-
-      await expect(verifyUserPassword(userId, password)).rejects.toThrow(InvalidInputError);
-      await expect(verifyUserPassword(userId, password)).rejects.toThrow("Password is not set for this user");
-      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
-        where: { id: userId },
-        select: { password: true, identityProvider: true },
-      });
-      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
-    });
-
-    test("should throw InvalidInputError if password is not set for email provider", async () => {
-      mockPrismaUserFindUnique.mockResolvedValue({
-        password: null, // Password not set
-        identityProvider: "email",
-      } as any);
-
-      await expect(verifyUserPassword(userId, password)).rejects.toThrow(InvalidInputError);
-      await expect(verifyUserPassword(userId, password)).rejects.toThrow("Password is not set for this user");
-      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
-        where: { id: userId },
-        select: { password: true, identityProvider: true },
-      });
-      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
-    });
-  });
-
  describe("getIsEmailUnique", () => {
    const email = "test@example.com";

@@ -1,42 +1,5 @@
-import { User } from "@prisma/client";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
-import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
-import { verifyPassword } from "@/modules/auth/lib/utils";
-
-export const getUserById = reactCache(
-  async (userId: string): Promise<Pick<User, "password" | "identityProvider">> => {
-    const user = await prisma.user.findUnique({
-      where: {
-        id: userId,
-      },
-      select: {
-        password: true,
-        identityProvider: true,
-      },
-    });
-    if (!user) {
-      throw new ResourceNotFoundError("user", userId);
-    }
-    return user;
-  }
-);
-
-export const verifyUserPassword = async (userId: string, password: string): Promise<boolean> => {
-  const user = await getUserById(userId);
-
-  if (user.identityProvider !== "email" || !user.password) {
-    throw new InvalidInputError("Password is not set for this user");
-  }
-
-  const isCorrectPassword = await verifyPassword(password, user.password);
-
-  if (!isCorrectPassword) {
-    return false;
-  }
-
-  return true;
-};

 export const getIsEmailUnique = reactCache(async (email: string): Promise<boolean> => {
  const user = await prisma.user.findUnique({
@@ -5,6 +5,7 @@ import { EMAIL_VERIFICATION_DISABLED, IS_FORMBRICKS_CLOUD, PASSWORD_RESET_DISABL
 import { getOrganizationsWhereUserIsSingleOwner } from "@/lib/organization/service";
 import { getUser } from "@/lib/user/service";
 import { getTranslate } from "@/lingodotdev/server";
+import { requiresPasswordConfirmationForAccountDeletion } from "@/modules/account/lib/account-deletion-auth";
 import { getIsMultiOrgEnabled, getIsTwoFactorAuthEnabled } from "@/modules/ee/license-check/lib/utils";
 import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { IdBadge } from "@/modules/ui/components/id-badge";
@@ -15,10 +16,14 @@ import { SettingsCard } from "../../components/SettingsCard";
 import { DeleteAccount } from "./components/DeleteAccount";
 import { EditProfileDetailsForm } from "./components/EditProfileDetailsForm";

-const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
+const Page = async (props: {
+  params: Promise<{ environmentId: string }>;
+  searchParams: Promise<{ accountDeletionError?: string | string[] }>;
+}) => {
  const isTwoFactorAuthEnabled = await getIsTwoFactorAuthEnabled();
  const isMultiOrgEnabled = await getIsMultiOrgEnabled();
  const params = await props.params;
+  const searchParams = await props.searchParams;
  const t = await getTranslate();
  const { environmentId } = params;

@@ -33,6 +38,7 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
  }

  const isPasswordResetEnabled = !PASSWORD_RESET_DISABLED && user.identityProvider === "email";
+  const requiresPasswordConfirmation = requiresPasswordConfirmationForAccountDeletion(user);

  return (
    <PageContentWrapper>
@@ -90,6 +96,8 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
              user={user}
              organizationsWithSingleOwner={organizationsWithSingleOwner}
              isMultiOrgEnabled={isMultiOrgEnabled}
+              accountDeletionError={searchParams.accountDeletionError}
+              requiresPasswordConfirmation={requiresPasswordConfirmation}
            />
          </SettingsCard>
          <IdBadge id={user.id} label={t("common.profile_id")} variant="column" />
@@ -22,8 +22,9 @@ export const OrganizationSettingsNavbar = ({
  loading,
 }: OrganizationSettingsNavbarProps) => {
  const pathname = usePathname();
-  const { isMember, isOwner } = getAccessFlags(membershipRole);
-  const isPricingDisabled = isMember;
+  const { isMember, isOwner, isManager } = getAccessFlags(membershipRole);
+  const isOwnerOrManager = isOwner || isManager;
+  const isMembershipPending = membershipRole === undefined || loading;
  const { t } = useTranslation();

  const navigation = [
@@ -45,7 +46,10 @@ export const OrganizationSettingsNavbar = ({
      label: t("common.api_keys"),
      href: `/environments/${environmentId}/settings/api-keys`,
      current: pathname?.includes("/api-keys"),
-      hidden: !isOwner,
+      disabled: isMembershipPending || !isOwnerOrManager,
+      disabledMessage: isMembershipPending
+        ? t("common.loading")
+        : t("common.you_are_not_authorized_to_perform_this_action"),
    },
    {
      id: "domain",
@@ -58,14 +62,18 @@ export const OrganizationSettingsNavbar = ({
      id: "billing",
      label: t("common.billing"),
      href: `/environments/${environmentId}/settings/billing`,
-      hidden: !isFormbricksCloud || loading,
+      hidden: !isFormbricksCloud,
      current: pathname?.includes("/billing"),
    },
    {
      id: "enterprise",
      label: t("common.enterprise_license"),
      href: `/environments/${environmentId}/settings/enterprise`,
-      hidden: isFormbricksCloud || isPricingDisabled,
+      hidden: isFormbricksCloud,
+      disabled: isMembershipPending || isMember,
+      disabledMessage: isMembershipPending
+        ? t("common.loading")
+        : t("common.you_are_not_authorized_to_perform_this_action"),
      current: pathname?.includes("/enterprise"),
    },
  ];
@@ -0,0 +1,218 @@
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { AuthorizationError, OperationNotAllowedError } from "@formbricks/types/errors";
+import { updateOrganizationAISettingsAction } from "./actions";
+import { ZOrganizationAISettingsInput } from "./schemas";
+
+const mocks = vi.hoisted(() => ({
+  isInstanceAIConfigured: vi.fn(),
+  checkAuthorizationUpdated: vi.fn(),
+  deleteOrganization: vi.fn(),
+  getOrganization: vi.fn(),
+  getIsMultiOrgEnabled: vi.fn(),
+  getTranslate: vi.fn(),
+  updateOrganization: vi.fn(),
+}));
+
+vi.mock("@/lib/utils/action-client", () => ({
+  authenticatedActionClient: {
+    inputSchema: vi.fn(() => ({
+      action: vi.fn((fn) => fn),
+    })),
+  },
+}));
+
+vi.mock("@/lib/utils/action-client/action-client-middleware", () => ({
+  checkAuthorizationUpdated: mocks.checkAuthorizationUpdated,
+}));
+
+vi.mock("@/lib/organization/service", () => ({
+  deleteOrganization: mocks.deleteOrganization,
+  getOrganization: mocks.getOrganization,
+  updateOrganization: mocks.updateOrganization,
+}));
+
+vi.mock("@/lib/ai/service", () => ({
+  isInstanceAIConfigured: mocks.isInstanceAIConfigured,
+}));
+
+vi.mock("@/lingodotdev/server", () => ({
+  getTranslate: mocks.getTranslate,
+}));
+
+vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
+  withAuditLogging: vi.fn((_eventName, _objectType, fn) => fn),
+}));
+
+vi.mock("@/modules/ee/license-check/lib/utils", () => ({
+  getIsMultiOrgEnabled: mocks.getIsMultiOrgEnabled,
+}));
+
+const organizationId = "cm9gptbhg0000192zceq9ayuc";
+
+describe("organization AI settings actions", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+
+    mocks.checkAuthorizationUpdated.mockResolvedValue(undefined);
+    mocks.getOrganization.mockResolvedValue({
+      id: organizationId,
+      isAISmartToolsEnabled: false,
+      isAIDataAnalysisEnabled: false,
+    });
+    mocks.isInstanceAIConfigured.mockReturnValue(true);
+    mocks.getTranslate.mockResolvedValue((key: string, values?: Record<string, string>) =>
+      values ? `${key}:${JSON.stringify(values)}` : key
+    );
+    mocks.updateOrganization.mockResolvedValue({
+      id: organizationId,
+      isAISmartToolsEnabled: true,
+      isAIDataAnalysisEnabled: false,
+    });
+    mocks.getIsMultiOrgEnabled.mockResolvedValue(true);
+  });
+
+  test("accepts AI toggle updates", () => {
+    expect(
+      ZOrganizationAISettingsInput.parse({
+        isAISmartToolsEnabled: true,
+      })
+    ).toEqual({
+      isAISmartToolsEnabled: true,
+    });
+  });
+
+  test("passes owner and manager roles to the authorization check and updates organization settings", async () => {
+    const ctx = {
+      user: { id: "user_1", locale: "en-US" },
+      auditLoggingCtx: {},
+    };
+    const parsedInput = {
+      organizationId,
+      data: {
+        isAISmartToolsEnabled: true,
+      },
+    };
+
+    const result = await updateOrganizationAISettingsAction({ ctx, parsedInput } as any);
+
+    expect(mocks.checkAuthorizationUpdated).toHaveBeenCalledWith({
+      userId: "user_1",
+      organizationId,
+      access: [
+        {
+          type: "organization",
+          schema: ZOrganizationAISettingsInput,
+          data: parsedInput.data,
+          roles: ["owner", "manager"],
+        },
+      ],
+    });
+    expect(mocks.getOrganization).toHaveBeenCalledWith(organizationId);
+    expect(mocks.updateOrganization).toHaveBeenCalledWith(organizationId, parsedInput.data);
+    expect(ctx.auditLoggingCtx).toMatchObject({
+      organizationId,
+      oldObject: {
+        id: organizationId,
+        isAISmartToolsEnabled: false,
+        isAIDataAnalysisEnabled: false,
+      },
+      newObject: {
+        id: organizationId,
+        isAISmartToolsEnabled: true,
+        isAIDataAnalysisEnabled: false,
+      },
+    });
+    expect(result).toEqual({
+      id: organizationId,
+      isAISmartToolsEnabled: true,
+      isAIDataAnalysisEnabled: false,
+    });
+  });
+
+  test("propagates authorization failures so members cannot update AI settings", async () => {
+    mocks.checkAuthorizationUpdated.mockRejectedValueOnce(new AuthorizationError("Not authorized"));
+
+    await expect(
+      updateOrganizationAISettingsAction({
+        ctx: {
+          user: { id: "user_member", locale: "en-US" },
+          auditLoggingCtx: {},
+        },
+        parsedInput: {
+          organizationId,
+          data: {
+            isAISmartToolsEnabled: true,
+          },
+        },
+      } as any)
+    ).rejects.toThrow(AuthorizationError);
+
+    expect(mocks.updateOrganization).not.toHaveBeenCalled();
+  });
+
+  test("rejects enabling AI when the instance AI provider is not configured", async () => {
+    mocks.isInstanceAIConfigured.mockReturnValueOnce(false);
+
+    await expect(
+      updateOrganizationAISettingsAction({
+        ctx: {
+          user: { id: "user_owner", locale: "en-US" },
+          auditLoggingCtx: {},
+        },
+        parsedInput: {
+          organizationId,
+          data: {
+            isAISmartToolsEnabled: true,
+          },
+        },
+      } as any)
+    ).rejects.toThrow(OperationNotAllowedError);
+
+    expect(mocks.updateOrganization).not.toHaveBeenCalled();
+  });
+
+  test("allows enabling AI when the instance configuration is valid", async () => {
+    await updateOrganizationAISettingsAction({
+      ctx: {
+        user: { id: "user_owner", locale: "en-US" },
+        auditLoggingCtx: {},
+      },
+      parsedInput: {
+        organizationId,
+        data: {
+          isAISmartToolsEnabled: true,
+        },
+      },
+    } as any);
+
+    expect(mocks.updateOrganization).toHaveBeenCalledWith(organizationId, {
+      isAISmartToolsEnabled: true,
+    });
+  });
+
+  test("allows disabling AI when the instance configuration later becomes invalid", async () => {
+    mocks.getOrganization.mockResolvedValueOnce({
+      id: organizationId,
+      isAISmartToolsEnabled: true,
+      isAIDataAnalysisEnabled: false,
+    });
+    mocks.isInstanceAIConfigured.mockReturnValueOnce(false);
+
+    await updateOrganizationAISettingsAction({
+      ctx: {
+        user: { id: "user_owner", locale: "en-US" },
+        auditLoggingCtx: {},
+      },
+      parsedInput: {
+        organizationId,
+        data: {
+          isAISmartToolsEnabled: false,
+        },
+      },
+    } as any);
+
+    expect(mocks.updateOrganization).toHaveBeenCalledWith(organizationId, {
+      isAISmartToolsEnabled: false,
+    });
+  });
+});
@@ -2,13 +2,44 @@

 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
-import { OperationNotAllowedError } from "@formbricks/types/errors";
+import { OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/types/errors";
+import type { TOrganizationRole } from "@formbricks/types/memberships";
 import { ZOrganizationUpdateInput } from "@formbricks/types/organizations";
+import { isInstanceAIConfigured } from "@/lib/ai/service";
 import { deleteOrganization, getOrganization, updateOrganization } from "@/lib/organization/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
+import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
+import { getTranslate } from "@/lingodotdev/server";
 import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { getIsMultiOrgEnabled } from "@/modules/ee/license-check/lib/utils";
+import { ZOrganizationAISettingsInput, ZUpdateOrganizationAISettingsAction } from "./schemas";
+
+async function updateOrganizationAction<T extends z.ZodRawShape>({
+  ctx,
+  organizationId,
+  schema,
+  data,
+  roles,
+}: {
+  ctx: AuthenticatedActionClientCtx;
+  organizationId: string;
+  schema: z.ZodObject<T>;
+  data: z.infer<z.ZodObject<T>>;
+  roles: TOrganizationRole[];
+}) {
+  await checkAuthorizationUpdated({
+    userId: ctx.user.id,
+    organizationId,
+    access: [{ type: "organization", schema, data, roles }],
+  });
+  ctx.auditLoggingCtx.organizationId = organizationId;
+  const oldObject = await getOrganization(organizationId);
+  const result = await updateOrganization(organizationId, data);
+  ctx.auditLoggingCtx.oldObject = oldObject;
+  ctx.auditLoggingCtx.newObject = result;
+  return result;
+}

 const ZUpdateOrganizationNameAction = z.object({
  organizationId: ZId,
@@ -18,26 +49,114 @@ const ZUpdateOrganizationNameAction = z.object({
 export const updateOrganizationNameAction = authenticatedActionClient
  .inputSchema(ZUpdateOrganizationNameAction)
  .action(
-    withAuditLogging("updated", "organization", async ({ ctx, parsedInput }) => {
-      await checkAuthorizationUpdated({
-        userId: ctx.user.id,
-        organizationId: parsedInput.organizationId,
-        access: [
-          {
-            type: "organization",
-            schema: ZOrganizationUpdateInput.pick({ name: true }),
-            data: parsedInput.data,
-            roles: ["owner"],
-          },
-        ],
-      });
-      ctx.auditLoggingCtx.organizationId = parsedInput.organizationId;
-      const oldObject = await getOrganization(parsedInput.organizationId);
-      const result = await updateOrganization(parsedInput.organizationId, parsedInput.data);
-      ctx.auditLoggingCtx.oldObject = oldObject;
-      ctx.auditLoggingCtx.newObject = result;
-      return result;
-    })
+    withAuditLogging(
+      "updated",
+      "organization",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: z.infer<typeof ZUpdateOrganizationNameAction>;
+      }) =>
+        updateOrganizationAction({
+          ctx,
+          organizationId: parsedInput.organizationId,
+          schema: ZOrganizationUpdateInput.pick({ name: true }),
+          data: parsedInput.data,
+          roles: ["owner"],
+        })
+    )
+  );
+
+type TOrganizationAISettings = Pick<
+  NonNullable<Awaited<ReturnType<typeof getOrganization>>>,
+  "isAISmartToolsEnabled" | "isAIDataAnalysisEnabled"
+>;
+
+type TResolvedOrganizationAISettings = {
+  smartToolsEnabled: boolean;
+  dataAnalysisEnabled: boolean;
+  isEnablingAnyAISetting: boolean;
+};
+
+const resolveOrganizationAISettings = ({
+  data,
+  organization,
+}: {
+  data: z.infer<typeof ZOrganizationAISettingsInput>;
+  organization: TOrganizationAISettings;
+}): TResolvedOrganizationAISettings => {
+  const smartToolsEnabled = Object.hasOwn(data, "isAISmartToolsEnabled")
+    ? (data.isAISmartToolsEnabled ?? organization.isAISmartToolsEnabled)
+    : organization.isAISmartToolsEnabled;
+  const dataAnalysisEnabled = Object.hasOwn(data, "isAIDataAnalysisEnabled")
+    ? (data.isAIDataAnalysisEnabled ?? organization.isAIDataAnalysisEnabled)
+    : organization.isAIDataAnalysisEnabled;
+
+  return {
+    smartToolsEnabled,
+    dataAnalysisEnabled,
+    isEnablingAnyAISetting:
+      (smartToolsEnabled && !organization.isAISmartToolsEnabled) ||
+      (dataAnalysisEnabled && !organization.isAIDataAnalysisEnabled),
+  };
+};
+
+const assertOrganizationAISettingsUpdateAllowed = ({
+  isInstanceAIConfigured,
+  resolvedSettings,
+  t,
+}: {
+  isInstanceAIConfigured: boolean;
+  resolvedSettings: TResolvedOrganizationAISettings;
+  t: Awaited<ReturnType<typeof getTranslate>>;
+}) => {
+  if (resolvedSettings.isEnablingAnyAISetting && !isInstanceAIConfigured) {
+    throw new OperationNotAllowedError(t("environments.settings.general.ai_instance_not_configured"));
+  }
+};
+
+export const updateOrganizationAISettingsAction = authenticatedActionClient
+  .inputSchema(ZUpdateOrganizationAISettingsAction)
+  .action(
+    withAuditLogging(
+      "updated",
+      "organization",
+      async ({
+        ctx,
+        parsedInput,
+      }: {
+        ctx: AuthenticatedActionClientCtx;
+        parsedInput: z.infer<typeof ZUpdateOrganizationAISettingsAction>;
+      }) => {
+        const t = await getTranslate(ctx.user.locale);
+        const organization = await getOrganization(parsedInput.organizationId);
+
+        if (!organization) {
+          throw new ResourceNotFoundError("Organization", parsedInput.organizationId);
+        }
+
+        const resolvedSettings = resolveOrganizationAISettings({
+          data: parsedInput.data,
+          organization,
+        });
+
+        assertOrganizationAISettingsUpdateAllowed({
+          isInstanceAIConfigured: isInstanceAIConfigured(),
+          resolvedSettings,
+          t,
+        });
+
+        return updateOrganizationAction({
+          ctx,
+          organizationId: parsedInput.organizationId,
+          schema: ZOrganizationAISettingsInput,
+          data: parsedInput.data,
+          roles: ["owner", "manager"],
+        });
+      }
+    )
  );

 const ZDeleteOrganizationAction = z.object({
@@ -49,7 +168,10 @@ export const deleteOrganizationAction = authenticatedActionClient
  .action(
    withAuditLogging("deleted", "organization", async ({ ctx, parsedInput }) => {
      const isMultiOrgEnabled = await getIsMultiOrgEnabled();
-      if (!isMultiOrgEnabled) throw new OperationNotAllowedError("Organization deletion disabled");
+      if (!isMultiOrgEnabled) {
+        const t = await getTranslate(ctx.user.locale);
+        throw new OperationNotAllowedError(t("environments.settings.general.organization_deletion_disabled"));
+      }

      await checkAuthorizationUpdated({
        userId: ctx.user.id,
@@ -0,0 +1,118 @@
+"use client";
+
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import toast from "react-hot-toast";
+import { useTranslation } from "react-i18next";
+import { TOrganizationRole } from "@formbricks/types/memberships";
+import { TOrganization } from "@formbricks/types/organizations";
+import { updateOrganizationAISettingsAction } from "@/app/(app)/environments/[environmentId]/settings/(organization)/general/actions";
+import { getDisplayedOrganizationAISettingValue, getOrganizationAIEnablementState } from "@/lib/ai/utils";
+import { getAccessFlags } from "@/lib/membership/utils";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
+import { AdvancedOptionToggle } from "@/modules/ui/components/advanced-option-toggle";
+import { Alert, AlertDescription } from "@/modules/ui/components/alert";
+
+interface AISettingsToggleProps {
+  organization: TOrganization;
+  membershipRole?: TOrganizationRole;
+  isInstanceAIConfigured: boolean;
+}
+
+export const AISettingsToggle = ({
+  organization,
+  membershipRole,
+  isInstanceAIConfigured,
+}: Readonly<AISettingsToggleProps>) => {
+  const [loadingField, setLoadingField] = useState<string | null>(null);
+  const { t } = useTranslation();
+  const router = useRouter();
+
+  const { isOwner, isManager } = getAccessFlags(membershipRole);
+  const canEdit = isOwner || isManager;
+  const aiEnablementState = getOrganizationAIEnablementState({
+    isInstanceConfigured: isInstanceAIConfigured,
+  });
+  const showInstanceConfigWarning = aiEnablementState.blockReason === "instanceNotConfigured";
+  const isToggleDisabled = loadingField !== null || !canEdit || !aiEnablementState.canEnableFeatures;
+  const aiEnablementBlockedMessage = t("environments.settings.general.ai_instance_not_configured");
+  const displayedSmartToolsValue = getDisplayedOrganizationAISettingValue({
+    currentValue: organization.isAISmartToolsEnabled,
+    isInstanceConfigured: isInstanceAIConfigured,
+  });
+  const displayedDataAnalysisValue = getDisplayedOrganizationAISettingValue({
+    currentValue: organization.isAIDataAnalysisEnabled,
+    isInstanceConfigured: isInstanceAIConfigured,
+  });
+
+  const handleToggle = async (
+    field: "isAISmartToolsEnabled" | "isAIDataAnalysisEnabled",
+    checked: boolean
+  ) => {
+    if (checked && !aiEnablementState.canEnableFeatures) {
+      toast.error(aiEnablementBlockedMessage);
+      return;
+    }
+
+    setLoadingField(field);
+    try {
+      const data =
+        field === "isAISmartToolsEnabled"
+          ? { isAISmartToolsEnabled: checked }
+          : { isAIDataAnalysisEnabled: checked };
+      const response = await updateOrganizationAISettingsAction({
+        organizationId: organization.id,
+        data,
+      });
+
+      if (response?.data) {
+        toast.success(t("environments.settings.general.ai_settings_updated_successfully"));
+        router.refresh();
+      } else {
+        toast.error(getFormattedErrorMessage(response));
+      }
+    } catch (error) {
+      toast.error(error instanceof Error ? error.message : t("common.something_went_wrong_please_try_again"));
+    } finally {
+      setLoadingField(null);
+    }
+  };
+
+  return (
+    <div className="space-y-4">
+      {showInstanceConfigWarning && (
+        <Alert variant="warning">
+          <AlertDescription>{aiEnablementBlockedMessage}</AlertDescription>
+        </Alert>
+      )}
+
+      <AdvancedOptionToggle
+        isChecked={displayedSmartToolsValue}
+        onToggle={(checked) => handleToggle("isAISmartToolsEnabled", checked)}
+        htmlId="ai-smart-tools-toggle"
+        title={t("environments.settings.general.ai_smart_tools_enabled")}
+        description={t("environments.settings.general.ai_smart_tools_enabled_description")}
+        disabled={isToggleDisabled}
+        customContainerClass="px-0"
+      />
+
+      <AdvancedOptionToggle
+        isChecked={displayedDataAnalysisValue}
+        onToggle={(checked) => handleToggle("isAIDataAnalysisEnabled", checked)}
+        htmlId="ai-data-analysis-toggle"
+        title={t("environments.settings.general.ai_data_analysis_enabled")}
+        description={t("environments.settings.general.ai_data_analysis_enabled_description")}
+        disabled={isToggleDisabled}
+        customContainerClass="px-0"
+      />
+
+      {!canEdit && (
+        <Alert variant="warning">
+          <AlertDescription>
+            {t("common.only_owners_managers_and_manage_access_members_can_perform_this_action")}
+          </AlertDescription>
+        </Alert>
+      )}
+    </div>
+  );
+};
@@ -1,4 +1,5 @@
 import { OrganizationSettingsNavbar } from "@/app/(app)/environments/[environmentId]/settings/(organization)/components/OrganizationSettingsNavbar";
+import { isInstanceAIConfigured } from "@/lib/ai/service";
 import { FB_LOGO_URL, IS_FORMBRICKS_CLOUD, IS_STORAGE_CONFIGURED } from "@/lib/constants";
 import { getUser } from "@/lib/user/service";
 import { getTranslate } from "@/lingodotdev/server";
@@ -11,6 +12,7 @@ import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper
 import { PageHeader } from "@/modules/ui/components/page-header";
 import packageJson from "@/package.json";
 import { SettingsCard } from "../../components/SettingsCard";
+import { AISettingsToggle } from "./components/AISettingsToggle";
 import { DeleteOrganization } from "./components/DeleteOrganization";
 import { EditOrganizationNameForm } from "./components/EditOrganizationNameForm";
 import { SecurityListTip } from "./components/SecurityListTip";
@@ -60,6 +62,15 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
          membershipRole={currentUserMembership?.role}
        />
      </SettingsCard>
+      <SettingsCard
+        title={t("environments.settings.general.ai_enabled")}
+        description={t("environments.settings.general.ai_enabled_description")}>
+        <AISettingsToggle
+          organization={organization}
+          membershipRole={currentUserMembership?.role}
+          isInstanceAIConfigured={isInstanceAIConfigured()}
+        />
+      </SettingsCard>
      <EmailCustomizationSettings
        organization={organization}
        hasWhiteLabelPermission={hasWhiteLabelPermission}
@@ -0,0 +1,13 @@
+import { z } from "zod";
+import { ZId } from "@formbricks/types/common";
+import { ZOrganizationUpdateInput } from "@formbricks/types/organizations";
+
+export const ZOrganizationAISettingsInput = ZOrganizationUpdateInput.pick({
+  isAISmartToolsEnabled: true,
+  isAIDataAnalysisEnabled: true,
+});
+
+export const ZUpdateOrganizationAISettingsAction = z.object({
+  organizationId: ZId,
+  data: ZOrganizationAISettingsInput,
+});
@@ -3,25 +3,22 @@
 import { InboxIcon, PresentationIcon } from "lucide-react";
 import { usePathname } from "next/navigation";
 import { useTranslation } from "react-i18next";
-import { TSurvey } from "@formbricks/types/surveys/types";
+import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
 import { revalidateSurveyIdPath } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
+import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { SecondaryNavigation } from "@/modules/ui/components/secondary-navigation";

 interface SurveyAnalysisNavigationProps {
-  environmentId: string;
-  survey: TSurvey;
  activeId: string;
 }

-export const SurveyAnalysisNavigation = ({
-  environmentId,
-  survey,
-  activeId,
-}: SurveyAnalysisNavigationProps) => {
+export const SurveyAnalysisNavigation = ({ activeId }: SurveyAnalysisNavigationProps) => {
  const pathname = usePathname();
  const { t } = useTranslation();
+  const { environment } = useEnvironment();
+  const { survey } = useSurvey();

-  const url = `/environments/${environmentId}/surveys/${survey.id}`;
+  const url = `/environments/${environment.id}/surveys/${survey.id}`;

  const navigation = [
    {
@@ -31,7 +28,7 @@ export const SurveyAnalysisNavigation = ({
      href: `${url}/summary?referer=true`,
      current: pathname?.includes("/summary"),
      onClick: () => {
-        revalidateSurveyIdPath(environmentId, survey.id);
+        revalidateSurveyIdPath(environment.id, survey.id);
      },
    },
    {
@@ -41,7 +38,7 @@ export const SurveyAnalysisNavigation = ({
      href: `${url}/responses?referer=true`,
      current: pathname?.includes("/responses"),
      onClick: () => {
-        revalidateSurveyIdPath(environmentId, survey.id);
+        revalidateSurveyIdPath(environment.id, survey.id);
      },
    },
  ];
@@ -1,6 +1,6 @@
 "use client";

-import React, { createContext, useCallback, useContext, useState } from "react";
+import React, { createContext, useCallback, useContext, useMemo, useRef, useState } from "react";
 import {
  ElementOption,
  ElementOptions,
@@ -30,7 +30,7 @@ interface SelectedFilterOptions {

 export interface DateRange {
  from: Date | undefined;
-  to?: Date | undefined;
+  to?: Date;
 }

 interface FilterDateContextProps {
@@ -41,6 +41,8 @@ interface FilterDateContextProps {
  dateRange: DateRange;
  setDateRange: React.Dispatch<React.SetStateAction<DateRange>>;
  resetState: () => void;
+  refreshAnalysisData: () => Promise<void>;
+  registerAnalysisRefreshHandler: (handler: () => Promise<void>) => () => void;
 }

 const ResponseFilterContext = createContext<FilterDateContextProps | undefined>(undefined);
@@ -61,6 +63,7 @@ const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) =>
    from: undefined,
    to: getTodayDate(),
  });
+  const refreshHandlerRef = useRef<(() => Promise<void>) | null>(null);

  const resetState = useCallback(() => {
    setDateRange({
@@ -73,20 +76,43 @@ const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) =>
    });
  }, []);

-  return (
-    <ResponseFilterContext.Provider
-      value={{
-        setSelectedFilter,
-        selectedFilter,
-        selectedOptions,
-        setSelectedOptions,
-        dateRange,
-        setDateRange,
-        resetState,
-      }}>
-      {children}
-    </ResponseFilterContext.Provider>
+  const refreshAnalysisData = useCallback(async () => {
+    await refreshHandlerRef.current?.();
+  }, []);
+
+  const registerAnalysisRefreshHandler = useCallback((handler: () => Promise<void>) => {
+    refreshHandlerRef.current = handler;
+
+    return () => {
+      if (refreshHandlerRef.current === handler) {
+        refreshHandlerRef.current = null;
+      }
+    };
+  }, []);
+
+  const contextValue = useMemo(
+    () => ({
+      setSelectedFilter,
+      selectedFilter,
+      selectedOptions,
+      setSelectedOptions,
+      dateRange,
+      setDateRange,
+      resetState,
+      refreshAnalysisData,
+      registerAnalysisRefreshHandler,
+    }),
+    [
+      dateRange,
+      refreshAnalysisData,
+      registerAnalysisRefreshHandler,
+      resetState,
+      selectedFilter,
+      selectedOptions,
+    ]
  );
+
+  return <ResponseFilterContext.Provider value={contextValue}>{children}</ResponseFilterContext.Provider>;
 };

 const useResponseFilter = () => {
@@ -0,0 +1,22 @@
+"use client";
+
+import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
+import { PageHeader } from "@/modules/ui/components/page-header";
+import { SkeletonLoader } from "@/modules/ui/components/skeleton-loader";
+
+const Loading = () => {
+  return (
+    <PageContentWrapper>
+      <PageHeader pageTitle="" />
+      <div className="flex h-9 animate-pulse gap-2">
+        <div className="h-9 w-36 rounded-full bg-slate-200" />
+        <div className="h-9 w-36 rounded-full bg-slate-200" />
+        <div className="h-9 w-36 rounded-full bg-slate-200" />
+        <div className="h-9 w-36 rounded-full bg-slate-200" />
+      </div>
+      <SkeletonLoader type="summary" />
+    </PageContentWrapper>
+  );
+};
+
+export default Loading;
@@ -2,6 +2,8 @@

 import { useSearchParams } from "next/navigation";
 import { useCallback, useEffect, useMemo, useState } from "react";
+import toast from "react-hot-toast";
+import { useTranslation } from "react-i18next";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TSurveyQuota } from "@formbricks/types/quota";
 import { TResponseWithQuotas } from "@formbricks/types/responses";
@@ -13,6 +15,7 @@ import { useResponseFilter } from "@/app/(app)/environments/[environmentId]/surv
 import { ResponseDataView } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/components/ResponseDataView";
 import { CustomFilter } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/CustomFilter";
 import { getFormattedFilters } from "@/app/lib/surveys/surveys";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { replaceHeadlineRecall } from "@/lib/utils/recall";

 interface ResponsePageProps {
@@ -46,8 +49,8 @@ export const ResponsePage = ({
  const [page, setPage] = useState<number | null>(null);
  const [hasMore, setHasMore] = useState<boolean>(initialResponses.length >= responsesPerPage);
  const [isFetchingFirstPage, setIsFetchingFirstPage] = useState<boolean>(false);
-  const { selectedFilter, dateRange, resetState } = useResponseFilter();
-
+  const { selectedFilter, dateRange, resetState, registerAnalysisRefreshHandler } = useResponseFilter();
+  const { t } = useTranslation();
  const filters = useMemo(
    () => getFormattedFilters(survey, selectedFilter, dateRange),

@@ -86,6 +89,34 @@ export const ResponsePage = ({
    setResponses((prev) => prev.map((r) => (r.id === responseId ? updatedResponse : r)));
  };

+  const refetchResponses = useCallback(async () => {
+    setIsFetchingFirstPage(true);
+
+    try {
+      const getResponsesActionResponse = await getResponsesAction({
+        surveyId,
+        limit: responsesPerPage,
+        offset: 0,
+        filterCriteria: filters,
+      });
+
+      if (getResponsesActionResponse?.serverError) {
+        toast.error(getFormattedErrorMessage(getResponsesActionResponse) ?? t("common.something_went_wrong"));
+      }
+
+      const freshResponses = getResponsesActionResponse?.data ?? [];
+      setResponses(freshResponses);
+      setPage(1);
+      setHasMore(freshResponses.length >= responsesPerPage);
+    } finally {
+      setIsFetchingFirstPage(false);
+    }
+  }, [filters, responsesPerPage, surveyId]);
+
+  useEffect(() => {
+    return registerAnalysisRefreshHandler(refetchResponses);
+  }, [refetchResponses, registerAnalysisRefreshHandler]);
+
  const surveyMemoized = useMemo(() => {
    return replaceHeadlineRecall(survey, "default");
  }, [survey]);
@@ -134,6 +165,8 @@ export const ResponsePage = ({
      }
    };
    fetchFilteredResponses();
+    // page is intentionally omitted to avoid refetching after the initial page setup.
+    // eslint-disable-next-line react-hooks/exhaustive-deps
  }, [filters, responsesPerPage, selectedFilter, dateRange, surveyId]);

  return (
@@ -29,6 +29,7 @@ import { ResponseTableCell } from "@/app/(app)/environments/[environmentId]/surv
 import { generateResponseTableColumns } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/components/ResponseTableColumns";
 import { getResponsesDownloadUrlAction } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/actions";
 import { downloadResponsesFile } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/utils";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { deleteResponseAction } from "@/modules/analysis/components/SingleResponseCard/actions";
 import { Button } from "@/modules/ui/components/button";
 import {
@@ -201,7 +202,13 @@ export const ResponseTable = ({
  };

  const deleteResponse = async (responseId: string, params?: { decrementQuotas?: boolean }) => {
-    await deleteResponseAction({ responseId, decrementQuotas: params?.decrementQuotas ?? false });
+    const result = await deleteResponseAction({
+      responseId,
+      decrementQuotas: params?.decrementQuotas ?? false,
+    });
+    if (result?.serverError) {
+      throw new Error(getFormattedErrorMessage(result));
+    }
  };

  // Handle downloading selected responses
@@ -1,5 +1,4 @@
 import { TFunction } from "i18next";
-import { capitalize } from "lodash";
 import {
  AirplayIcon,
  ArrowUpFromDotIcon,
@@ -9,6 +8,7 @@ import {
  SmartphoneIcon,
 } from "lucide-react";
 import { TResponseMeta } from "@formbricks/types/responses";
+import { capitalize } from "@/lib/utils/object";

 export const getAddressFieldLabel = (field: string, t: TFunction) => {
  switch (field) {
@@ -0,0 +1,23 @@
+"use client";
+
+import { useTranslation } from "react-i18next";
+import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
+import { PageHeader } from "@/modules/ui/components/page-header";
+import { SkeletonLoader } from "@/modules/ui/components/skeleton-loader";
+
+const Loading = () => {
+  const { t } = useTranslation();
+
+  return (
+    <PageContentWrapper>
+      <PageHeader pageTitle={t("common.responses")} />
+      <div className="flex h-9 animate-pulse gap-1.5">
+        <div className="h-9 w-36 rounded-full bg-slate-200" />
+        <div className="h-9 w-36 rounded-full bg-slate-200" />
+      </div>
+      <SkeletonLoader type="responseTable" />
+    </PageContentWrapper>
+  );
+};
+
+export default Loading;
@@ -64,8 +64,6 @@ const Page = async (props: { params: Promise<{ environmentId: string; surveyId:
        pageTitle={survey.name}
        cta={
          <SurveyAnalysisCTA
-            environment={environment}
-            survey={survey}
            isReadOnly={isReadOnly}
            user={user}
            publicDomain={publicDomain}
@@ -76,7 +74,7 @@ const Page = async (props: { params: Promise<{ environmentId: string; surveyId:
            isStorageConfigured={IS_STORAGE_CONFIGURED}
          />
        }>
-        <SurveyAnalysisNavigation environmentId={environment.id} survey={survey} activeId="responses" />
+        <SurveyAnalysisNavigation activeId="responses" />
      </PageHeader>
      <ResponsePage
        environment={environment}
@@ -4,16 +4,13 @@ import { useSearchParams } from "next/navigation";
 import { useEffect, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TSurvey } from "@formbricks/types/surveys/types";
+import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { Confetti } from "@/modules/ui/components/confetti";

-interface SummaryMetadataProps {
-  environment: TEnvironment;
-  survey: TSurvey;
-}
-
-export const SuccessMessage = ({ environment, survey }: SummaryMetadataProps) => {
+export const SuccessMessage = () => {
+  const { environment } = useEnvironment();
+  const { survey } = useSurvey();
  const { t } = useTranslation();
  const searchParams = useSearchParams();
  const [confetti, setConfetti] = useState(false);
@@ -107,7 +107,9 @@ export const SummaryMetadata = ({
          label={t("environments.surveys.summary.time_to_complete")}
          percentage={null}
          value={ttcAverage === 0 ? <span>-</span> : `${formatTime(ttcAverage)}`}
-          tooltipText={t("environments.surveys.summary.ttc_tooltip")}
+          tooltipText={t("environments.surveys.summary.ttc_survey_tooltip", {
+            defaultValue: "Average time to complete the survey.",
+          })}
          isLoading={isLoading}
        />

@@ -71,7 +71,7 @@ export const SummaryPage = ({
  const [tab, setTab] = useState<"dropOffs" | "quotas" | "impressions" | undefined>(undefined);
  const [isLoading, setIsLoading] = useState(!initialSurveySummary);

-  const { selectedFilter, dateRange, resetState } = useResponseFilter();
+  const { selectedFilter, dateRange, resetState, registerAnalysisRefreshHandler } = useResponseFilter();

  const [displays, setDisplays] = useState<TDisplayWithContact[]>([]);
  const [isDisplaysLoading, setIsDisplaysLoading] = useState(false);
@@ -111,7 +111,7 @@ export const SummaryPage = ({
    } finally {
      setIsDisplaysLoading(false);
    }
-  }, [fetchDisplays, t]);
+  }, [fetchDisplays]);

  const handleLoadMoreDisplays = useCallback(async () => {
    try {
@@ -131,13 +131,39 @@ export const SummaryPage = ({
    }
  }, [tab, loadInitialDisplays]);

+  const fetchSummary = useCallback(async () => {
+    const currentFilters = getFormattedFilters(survey, selectedFilter, dateRange);
+    const updatedSurveySummary = await getSurveySummaryAction({
+      surveyId,
+      filterCriteria: currentFilters,
+    });
+
+    if (updatedSurveySummary?.serverError) {
+      throw new Error(getFormattedErrorMessage(updatedSurveySummary));
+    }
+
+    setSurveySummary(updatedSurveySummary?.data ?? defaultSurveySummary);
+  }, [dateRange, selectedFilter, survey, surveyId]);
+
+  const refreshSummary = useCallback(async () => {
+    setIsLoading(true);
+
+    try {
+      await Promise.all([fetchSummary(), tab === "impressions" ? loadInitialDisplays() : Promise.resolve()]);
+    } finally {
+      setIsLoading(false);
+    }
+  }, [fetchSummary, loadInitialDisplays, tab]);
+
+  useEffect(() => {
+    return registerAnalysisRefreshHandler(refreshSummary);
+  }, [refreshSummary, registerAnalysisRefreshHandler]);
+
  // Only fetch data when filters change or when there's no initial data
  useEffect(() => {
    // If we have initial data and no filters are applied, don't fetch
    const hasNoFilters =
-      (!selectedFilter ||
-        Object.keys(selectedFilter).length === 0 ||
-        (selectedFilter.filter && selectedFilter.filter.length === 0)) &&
+      (!selectedFilter || Object.keys(selectedFilter).length === 0 || selectedFilter.filter?.length === 0) &&
      (!dateRange || (!dateRange.from && !dateRange.to));

    if (initialSurveySummary && hasNoFilters) {
@@ -145,21 +171,11 @@ export const SummaryPage = ({
      return;
    }

-    const fetchSummary = async () => {
+    const fetchFilteredSummary = async () => {
      setIsLoading(true);

      try {
-        // Recalculate filters inside the effect to ensure we have the latest values
-        const currentFilters = getFormattedFilters(survey, selectedFilter, dateRange);
-        let updatedSurveySummary;
-
-        updatedSurveySummary = await getSurveySummaryAction({
-          surveyId,
-          filterCriteria: currentFilters,
-        });
-
-        const surveySummary = updatedSurveySummary?.data ?? defaultSurveySummary;
-        setSurveySummary(surveySummary);
+        await fetchSummary();
      } catch (error) {
        console.error(error);
      } finally {
@@ -167,8 +183,8 @@ export const SummaryPage = ({
      }
    };

-    fetchSummary();
-  }, [selectedFilter, dateRange, survey, surveyId, initialSurveySummary]);
+    fetchFilteredSummary();
+  }, [selectedFilter, dateRange, initialSurveySummary, fetchSummary]);

  const surveyMemoized = useMemo(() => {
    return replaceHeadlineRecall(survey, "default");
@@ -1,18 +1,18 @@
 "use client";

-import { BellRing, Eye, ListRestart, SquarePenIcon } from "lucide-react";
+import { BellRing, Eye, ListRestart, RefreshCcwIcon, SquarePenIcon } from "lucide-react";
 import { usePathname, useRouter, useSearchParams } from "next/navigation";
 import { useEffect, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
-import { TEnvironment } from "@formbricks/types/environment";
 import { TSegment } from "@formbricks/types/segment";
-import { TSurvey } from "@formbricks/types/surveys/types";
 import { TUser } from "@formbricks/types/user";
 import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { useResponseFilter } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/response-filter-context";
 import { SuccessMessage } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SuccessMessage";
 import { ShareSurveyModal } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/share-survey-modal";
 import { SurveyStatusDropdown } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/SurveyStatusDropdown";
+import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { EditPublicSurveyAlertDialog } from "@/modules/survey/components/edit-public-survey-alert-dialog";
 import { useSingleUseId } from "@/modules/survey/hooks/useSingleUseId";
@@ -23,8 +23,6 @@ import { IconBar } from "@/modules/ui/components/iconbar";
 import { resetSurveyAction } from "../actions";

 interface SurveyAnalysisCTAProps {
-  survey: TSurvey;
-  environment: TEnvironment;
  isReadOnly: boolean;
  user: TUser;
  publicDomain: string;
@@ -41,8 +39,6 @@ interface ModalState {
 }

 export const SurveyAnalysisCTA = ({
-  survey,
-  environment,
  isReadOnly,
  user,
  publicDomain,
@@ -63,9 +59,12 @@ export const SurveyAnalysisCTA = ({
  });
  const [isResetModalOpen, setIsResetModalOpen] = useState(false);
  const [isResetting, setIsResetting] = useState(false);
+  const [isRefreshing, setIsRefreshing] = useState(false);

-  const { project } = useEnvironment();
+  const { environment, project } = useEnvironment();
+  const { survey } = useSurvey();
  const { refreshSingleUseId } = useSingleUseId(survey, isReadOnly);
+  const { refreshAnalysisData } = useResponseFilter();

  const appSetupCompleted = survey.type === "app" && environment.appSetupCompleted;

@@ -77,7 +76,7 @@ export const SurveyAnalysisCTA = ({
  }, [searchParams]);

  const handleShareModalToggle = (open: boolean) => {
-    const params = new URLSearchParams(window.location.search);
+    const params = new URLSearchParams(globalThis.location.search);
    const currentShareParam = params.get("share") === "true";

    if (open && !currentShareParam) {
@@ -147,6 +146,25 @@ export const SurveyAnalysisCTA = ({
  };

  const iconActions = [
+    {
+      icon: RefreshCcwIcon,
+      tooltip: t("common.refresh"),
+      onClick: async () => {
+        if (isRefreshing) return;
+        setIsRefreshing(true);
+        try {
+          await refreshAnalysisData();
+          toast.success(t("common.data_refreshed_successfully"));
+        } catch (error) {
+          const errorMessage = error instanceof Error ? error.message : t("common.something_went_wrong");
+          toast.error(errorMessage);
+        } finally {
+          setIsRefreshing(false);
+        }
+      },
+      disabled: isRefreshing,
+      isVisible: true,
+    },
    {
      icon: BellRing,
      tooltip: t("environments.surveys.summary.configure_alerts"),
@@ -183,7 +201,7 @@ export const SurveyAnalysisCTA = ({
  return (
    <div className="hidden justify-end gap-x-1.5 sm:flex">
      {!isReadOnly && (appSetupCompleted || survey.type === "link") && survey.status !== "draft" && (
-        <SurveyStatusDropdown environment={environment} survey={survey} />
+        <SurveyStatusDropdown />
      )}

      <IconBar actions={iconActions} />
@@ -215,7 +233,7 @@ export const SurveyAnalysisCTA = ({
          projectCustomScripts={project.customHeadScripts}
        />
      )}
-      <SuccessMessage environment={environment} survey={survey} />
+      <SuccessMessage />

      {responseCount > 0 && (
        <EditPublicSurveyAlertDialog
@@ -2,7 +2,7 @@

 import DOMPurify from "dompurify";
 import { CopyIcon, SendIcon } from "lucide-react";
-import { useEffect, useMemo, useState } from "react";
+import { type SyntheticEvent, useEffect, useMemo, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
 import { AuthenticationError } from "@formbricks/types/errors";
@@ -21,6 +21,7 @@ interface EmailTabProps {
 export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
  const [activeTab, setActiveTab] = useState("preview");
  const [emailHtmlPreview, setEmailHtmlPreview] = useState<string>("");
+  const [previewFrameHeight, setPreviewFrameHeight] = useState(560);
  const { t } = useTranslation();

  const emailHtml = useMemo(() => {
@@ -31,6 +32,40 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
      .replaceAll("?preview=true", "");
  }, [emailHtmlPreview]);

+  const sanitizedEmailHtml = useMemo(() => {
+    if (!emailHtmlPreview) return "";
+    return DOMPurify.sanitize(emailHtmlPreview, { ADD_ATTR: ["bgcolor", "target"] });
+  }, [emailHtmlPreview]);
+
+  const emailPreviewDocument = useMemo(() => {
+    if (!sanitizedEmailHtml) return "";
+
+    return `<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <meta name="color-scheme" content="only light" />
+    <meta name="supported-color-schemes" content="light" />
+    <base target="_blank" />
+    <style>
+      :root {
+        color-scheme: only light;
+        supported-color-schemes: light;
+      }
+
+      html, body {
+        margin: 0;
+        padding: 0;
+        background: #ffffff;
+        color-scheme: only light;
+      }
+    </style>
+  </head>
+  <body>${sanitizedEmailHtml}</body>
+</html>`;
+  }, [sanitizedEmailHtml]);
+
  const tabs = [
    {
      id: "preview",
@@ -51,6 +86,25 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
    getData();
  }, [surveyId]);

+  useEffect(() => {
+    setPreviewFrameHeight(560);
+  }, [emailPreviewDocument]);
+
+  const handlePreviewFrameLoad = (event: SyntheticEvent<HTMLIFrameElement>) => {
+    const { contentDocument } = event.currentTarget;
+    if (!contentDocument) {
+      return;
+    }
+
+    const nextHeight = Math.max(
+      contentDocument.body.scrollHeight,
+      contentDocument.documentElement.scrollHeight,
+      560
+    );
+
+    setPreviewFrameHeight(nextHeight);
+  };
+
  const sendPreviewEmail = async () => {
    try {
      const val = await sendEmbedSurveyPreviewEmailAction({ surveyId });
@@ -73,7 +127,9 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
    if (activeTab === "preview") {
      return (
        <div className="space-y-4 pb-4">
-          <div className="flex-1 overflow-y-auto rounded-lg border border-slate-200 bg-white p-4">
+          <div
+            className="flex-1 overflow-y-auto rounded-lg border border-slate-200 bg-white p-4"
+            data-testid="survey-email-preview-shell">
            <div className="mb-6 flex gap-2">
              <div className="h-3 w-3 rounded-full bg-red-500" />
              <div className="h-3 w-3 rounded-full bg-amber-500" />
@@ -87,9 +143,17 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
                {t("environments.surveys.share.send_email.email_subject_label")} :{" "}
                {t("environments.surveys.share.send_email.formbricks_email_survey_preview")}
              </div>
-              <div className="p-2">
-                {emailHtml ? (
-                  <div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(emailHtml) }} />
+              <div data-testid="survey-email-preview-content">
+                {emailPreviewDocument ? (
+                  <iframe
+                    className="mt-2 w-full rounded-md border-0 bg-white"
+                    data-testid="survey-email-preview-frame"
+                    onLoad={handlePreviewFrameLoad}
+                    sandbox="allow-popups allow-popups-to-escape-sandbox allow-same-origin"
+                    srcDoc={emailPreviewDocument}
+                    style={{ height: `${previewFrameHeight}px` }}
+                    title={t("environments.surveys.share.send_email.email_preview_tab")}
+                  />
                ) : (
                  <LoadingSpinner />
                )}
@@ -163,6 +163,7 @@ export const PersonalLinksTab = ({
      <UpgradePrompt
        title={t("environments.surveys.share.personal_links.upgrade_prompt_title")}
        description={t("environments.surveys.share.personal_links.upgrade_prompt_description")}
+        feature="personal_links"
        buttons={[
          {
            text: isFormbricksCloud ? t("common.upgrade_plan") : t("common.request_trial_license"),
@@ -16,13 +16,19 @@ export const WebsiteEmbedTab = ({ surveyUrl }: WebsiteEmbedTabProps) => {
  const [embedModeEnabled, setEmbedModeEnabled] = useState(false);
  const { t } = useTranslation();

-  const iframeCode = `<div style="position: relative; height:80dvh; overflow:auto;"> 
-  <iframe 
-    src="${surveyUrl}${embedModeEnabled ? "?embed=true" : ""}" 
+  const separator = surveyUrl.includes("?") ? "&" : "?";
+
+  const iframeSrc = embedModeEnabled ? `${surveyUrl}${separator}embed=true` : surveyUrl;
+
+  const iframeCode = `<div style="position: relative; height:80dvh; overflow:auto;">
+  <iframe
+    src="${iframeSrc}"
    frameborder="0" style="position: absolute; left:0; top:0; width:100%; height:100%; border:0;">
  </iframe>
 </div>`;

+  const previewSrc = `${iframeSrc}${iframeSrc.includes("?") ? "&" : "?"}preview=true`;
+
  return (
    <>
      <CodeBlock language="html" noMargin>
@@ -48,6 +54,15 @@ export const WebsiteEmbedTab = ({ surveyUrl }: WebsiteEmbedTabProps) => {
        {t("common.copy_code")}
        <CopyIcon />
      </Button>
+
+      <p className="text-base font-medium text-slate-800">{t("common.preview")}</p>
+      <div className="relative h-[500px] w-full overflow-hidden rounded-lg border border-slate-300">
+        <iframe
+          title={t("common.preview")}
+          src={previewSrc}
+          className="absolute inset-0 h-full w-full border-0"
+        />
+      </div>
    </>
  );
 };
@@ -0,0 +1,59 @@
+import { describe, expect, test } from "vitest";
+import { extractEmailBodyFragment } from "./emailTemplateFragment";
+
+describe("extractEmailBodyFragment", () => {
+  test("returns the body contents for rendered email documents", () => {
+    const html = `
+      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+      <html>
+        <head>
+          <style>.foo { color: red; }</style>
+        </head>
+        <body class="email-body">
+          <table>
+            <tr>
+              <td>Preview content</td>
+            </tr>
+          </table>
+        </body>
+      </html>
+    `;
+
+    expect(extractEmailBodyFragment(html)).toBe(
+      "<table>\n            <tr>\n              <td>Preview content</td>\n            </tr>\n          </table>"
+    );
+  });
+
+  test("removes document-level tags from rendered survey email markup", () => {
+    const fragment = extractEmailBodyFragment(`
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <style>.foo { color: red; }</style>
+        </head>
+        <body>
+          <table>
+            <tr>
+              <td>Which fruits do you like</td>
+            </tr>
+          </table>
+        </body>
+      </html>
+    `);
+
+    expect(fragment).toBe(
+      "<table>\n            <tr>\n              <td>Which fruits do you like</td>\n            </tr>\n          </table>"
+    );
+    expect(fragment).not.toMatch(/<!DOCTYPE|<html|<head|<body/i);
+  });
+
+  test("falls back to the original markup when no body tag exists", () => {
+    expect(extractEmailBodyFragment("<div>Preview content</div>")).toBe("<div>Preview content</div>");
+  });
+
+  test("removes React server markers from rendered fragments", () => {
+    expect(extractEmailBodyFragment("<body><!--$--><div>Preview content</div><!--/$--></body>")).toBe(
+      "<div>Preview content</div>"
+    );
+  });
+});
@@ -5,6 +5,7 @@ import { getSurvey } from "@/lib/survey/service";
 import { getStyling } from "@/lib/utils/styling";
 import { getTranslate } from "@/lingodotdev/server";
 import { getPreviewEmailTemplateHtml } from "@/modules/email/components/preview-email-template";
+import { extractEmailBodyFragment } from "./emailTemplateFragment";

 export const getEmailTemplateHtml = async (surveyId: string, locale: string) => {
  const t = await getTranslate();
@@ -20,9 +21,6 @@ export const getEmailTemplateHtml = async (surveyId: string, locale: string) =>
  const styling = getStyling(project, survey);
  const surveyUrl = getPublicDomain() + "/s/" + survey.id;
  const html = await getPreviewEmailTemplateHtml(survey, surveyUrl, styling, locale, t);
-  const doctype =
-    '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
-  const htmlCleaned = html.toString().replace(doctype, "");

-  return htmlCleaned;
+  return extractEmailBodyFragment(html.toString());
 };
@@ -0,0 +1,11 @@
+const EMAIL_DOCTYPE_PATTERN = /<!DOCTYPE[^>]*>/i;
+const EMAIL_BODY_PATTERN = /<body\b[^>]*>([\s\S]*?)<\/body>/i;
+const EMAIL_REACT_SERVER_MARKER_PATTERN = /<!--\/?\$-->/g;
+
+export const extractEmailBodyFragment = (html: string): string => {
+  const htmlWithoutDoctype = html.replace(EMAIL_DOCTYPE_PATTERN, "").trim();
+  const bodyMatch = EMAIL_BODY_PATTERN.exec(htmlWithoutDoctype);
+  const fragment = bodyMatch?.[1].trim() ?? htmlWithoutDoctype;
+
+  return fragment.replaceAll(EMAIL_REACT_SERVER_MARKER_PATTERN, "").trim();
+};
@@ -164,7 +164,7 @@ describe("getSurveySummaryMeta", () => {
  });

  test("calculates meta correctly", () => {
-    const meta = getSurveySummaryMeta(mockResponses, 10, mockQuotas);
+    const meta = getSurveySummaryMeta(mockBaseSurvey, mockResponses, 10, mockQuotas);
    expect(meta.displayCount).toBe(10);
    expect(meta.totalResponses).toBe(3);
    expect(meta.startsPercentage).toBe(30);
@@ -178,19 +178,74 @@ describe("getSurveySummaryMeta", () => {
  });

  test("handles zero display count", () => {
-    const meta = getSurveySummaryMeta(mockResponses, 0, mockQuotas);
+    const meta = getSurveySummaryMeta(mockBaseSurvey, mockResponses, 0, mockQuotas);
    expect(meta.startsPercentage).toBe(0);
    expect(meta.completedPercentage).toBe(0);
  });

  test("handles zero responses", () => {
-    const meta = getSurveySummaryMeta([], 10, mockQuotas);
+    const meta = getSurveySummaryMeta(mockBaseSurvey, [], 10, mockQuotas);
    expect(meta.totalResponses).toBe(0);
    expect(meta.completedResponses).toBe(0);
    expect(meta.dropOffCount).toBe(0);
    expect(meta.dropOffPercentage).toBe(0);
    expect(meta.ttcAverage).toBe(0);
  });
+
+  test("uses block-level TTC to avoid multiplying by number of elements", () => {
+    const surveyWithOneBlockThreeElements: TSurvey = {
+      ...mockBaseSurvey,
+      blocks: [
+        {
+          id: "block1",
+          name: "Block 1",
+          elements: [
+            {
+              id: "q1",
+              type: TSurveyElementTypeEnum.OpenText,
+              headline: { default: "Q1" },
+              required: false,
+              inputType: "text",
+              charLimit: { enabled: false },
+            },
+            {
+              id: "q2",
+              type: TSurveyElementTypeEnum.OpenText,
+              headline: { default: "Q2" },
+              required: false,
+              inputType: "text",
+              charLimit: { enabled: false },
+            },
+            {
+              id: "q3",
+              type: TSurveyElementTypeEnum.OpenText,
+              headline: { default: "Q3" },
+              required: false,
+              inputType: "text",
+              charLimit: { enabled: false },
+            },
+          ] as TSurveyElement[],
+        },
+      ],
+      questions: [],
+    };
+
+    const responses = [
+      {
+        id: "r1",
+        data: { q1: "a", q2: "b", q3: "c" },
+        updatedAt: new Date(),
+        contact: null,
+        contactAttributes: {},
+        language: "en",
+        ttc: { q1: 5000, q2: 5000, q3: 4800, _total: 14800 },
+        finished: true,
+      },
+    ] as any;
+
+    const meta = getSurveySummaryMeta(surveyWithOneBlockThreeElements, responses, 1, mockQuotas);
+    expect(meta.ttcAverage).toBe(5000);
+  });
 });

 describe("getSurveySummaryDropOff", () => {
@@ -274,7 +329,7 @@ describe("getSurveySummaryDropOff", () => {
    expect(dropOff[1].impressions).toBe(2);
    expect(dropOff[1].dropOffCount).toBe(1); // r1 dropped at q2 (last seen element)
    expect(dropOff[1].dropOffPercentage).toBe(50); // (1/2)*100
-    expect(dropOff[1].ttc).toBe(7.5); // avg of r1(5ms) and r2(10ms)
+    expect(dropOff[1].ttc).toBe(10); // block-level TTC uses max block time per response
  });

  test("drop-off attributed to last seen element when user doesn't reach next question", () => {
@@ -51,7 +51,32 @@ interface TSurveySummaryResponse {
  finished: boolean;
 }

+const getElementIdToBlockIdMap = (survey: TSurvey): Record<string, string> => {
+  return survey.blocks.reduce<Record<string, string>>((acc, block) => {
+    block.elements.forEach((element) => {
+      acc[element.id] = block.id;
+    });
+    return acc;
+  }, {});
+};
+
+const getBlockTimesForResponse = (
+  response: TSurveySummaryResponse,
+  survey: TSurvey
+): Record<string, number> => {
+  return survey.blocks.reduce<Record<string, number>>((acc, block) => {
+    const maxElementTtc = block.elements.reduce((maxTtc, element) => {
+      const elementTtc = response.ttc?.[element.id] ?? 0;
+      return Math.max(maxTtc, elementTtc);
+    }, 0);
+
+    acc[block.id] = maxElementTtc;
+    return acc;
+  }, {});
+};
+
 export const getSurveySummaryMeta = (
+  survey: TSurvey,
  responses: TSurveySummaryResponse[],
  displayCount: number,
  quotas: TSurveySummary["quotas"]
@@ -60,9 +85,15 @@ export const getSurveySummaryMeta = (

  let ttcResponseCount = 0;
  const ttcSum = responses.reduce((acc, response) => {
-    if (response.ttc?._total) {
+    const blockTimes = getBlockTimesForResponse(response, survey);
+    const responseBlockTtcTotal = Object.values(blockTimes).reduce((sum, ttc) => sum + ttc, 0);
+
+    // Fallback to _total for malformed surveys with no block mappings.
+    const responseTtcTotal = responseBlockTtcTotal > 0 ? responseBlockTtcTotal : (response.ttc?._total ?? 0);
+
+    if (responseTtcTotal > 0) {
      ttcResponseCount++;
-      return acc + response.ttc._total;
+      return acc + responseTtcTotal;
    }
    return acc;
  }, 0);
@@ -117,12 +148,16 @@ export const getSurveySummaryDropOff = (
  let dropOffArr = new Array(elements.length).fill(0) as number[];
  let impressionsArr = new Array(elements.length).fill(0) as number[];
  let dropOffPercentageArr = new Array(elements.length).fill(0) as number[];
+  const elementIdToBlockId = getElementIdToBlockIdMap(survey);

  responses.forEach((response) => {
    // Calculate total time-to-completion per element
+    const blockTimes = getBlockTimesForResponse(response, survey);
    Object.keys(totalTtc).forEach((elementId) => {
-      if (response.ttc && response.ttc[elementId]) {
-        totalTtc[elementId] += response.ttc[elementId];
+      const blockId = elementIdToBlockId[elementId];
+      const blockTtc = blockId ? (blockTimes[blockId] ?? 0) : 0;
+      if (blockTtc > 0) {
+        totalTtc[elementId] += blockTtc;
        responseCounts[elementId]++;
      }
    });
@@ -974,10 +1009,8 @@ export const getSurveySummary = reactCache(
      ]);

      const dropOff = getSurveySummaryDropOff(survey, elements, responses, displayCount);
-      const [meta, elementSummary] = await Promise.all([
-        getSurveySummaryMeta(responses, displayCount, quotas),
-        getElementSummary(survey, elements, responses, dropOff),
-      ]);
+      const meta = getSurveySummaryMeta(survey, responses, displayCount, quotas);
+      const elementSummary = await getElementSummary(survey, elements, responses, dropOff);

      return {
        meta,
@@ -1061,7 +1094,9 @@ export const getResponsesForSummary = reactCache(
      const transformedResponses: TSurveySummaryResponse[] = await Promise.all(
        responses.map((responsePrisma) => {
          return {
-            ...responsePrisma,
+            id: responsePrisma.id,
+            data: (responsePrisma.data ?? {}) as TResponseData,
+            updatedAt: responsePrisma.updatedAt,
            contact: responsePrisma.contact
              ? {
                  id: responsePrisma.contact.id as string,
@@ -1070,6 +1105,10 @@ export const getResponsesForSummary = reactCache(
                  )?.value as string,
                }
              : null,
+            contactAttributes: (responsePrisma.contactAttributes ?? {}) as TResponseContactAttributes,
+            language: responsePrisma.language,
+            ttc: (responsePrisma.ttc ?? {}) as TResponseTtc,
+            finished: responsePrisma.finished,
          };
        })
      );
@@ -66,8 +66,6 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
        pageTitle={survey.name}
        cta={
          <SurveyAnalysisCTA
-            environment={environment}
-            survey={survey}
            isReadOnly={isReadOnly}
            user={user}
            publicDomain={publicDomain}
@@ -78,7 +76,7 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
            isStorageConfigured={IS_STORAGE_CONFIGURED}
          />
        }>
-        <SurveyAnalysisNavigation environmentId={environment.id} survey={survey} activeId="summary" />
+        <SurveyAnalysisNavigation activeId="summary" />
      </PageHeader>
      <SummaryPage
        environment={environment}
@@ -4,6 +4,7 @@ import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
 import { ResourceNotFoundError } from "@formbricks/types/errors";
 import { ZResponseFilterCriteria } from "@formbricks/types/responses";
+import { capturePostHogEvent } from "@/lib/posthog";
 import { getResponseDownloadFile, getResponseFilteringValues } from "@/lib/response/service";
 import { getSurvey } from "@/lib/survey/service";
 import { getTagsByEnvironmentId } from "@/lib/tag/service";
@@ -23,9 +24,11 @@ const ZGetResponsesDownloadUrlAction = z.object({
 export const getResponsesDownloadUrlAction = authenticatedActionClient
  .inputSchema(ZGetResponsesDownloadUrlAction)
  .action(async ({ ctx, parsedInput }) => {
+    const organizationId = await getOrganizationIdFromSurveyId(parsedInput.surveyId);
+
    await checkAuthorizationUpdated({
      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromSurveyId(parsedInput.surveyId),
+      organizationId,
      access: [
        {
          type: "organization",
@@ -39,11 +42,20 @@ export const getResponsesDownloadUrlAction = authenticatedActionClient
      ],
    });

-    return await getResponseDownloadFile(
+    const result = await getResponseDownloadFile(
      parsedInput.surveyId,
      parsedInput.format,
      parsedInput.filterCriteria
    );
+
+    capturePostHogEvent(ctx.user.id, "responses_exported", {
+      survey_id: parsedInput.surveyId,
+      format: parsedInput.format,
+      filter_applied: Object.keys(parsedInput.filterCriteria ?? {}).length > 0,
+      organization_id: organizationId,
+    });
+
+    return result;
  });

 const ZGetSurveyFilterDataAction = z.object({
@@ -1,6 +1,7 @@
 "use client";

 import clsx from "clsx";
+import { TFunction } from "i18next";
 import {
  AirplayIcon,
  ArrowUpFromDotIcon,
@@ -54,6 +55,25 @@ export enum OptionsType {
  QUOTAS = "Quotas",
 }

+const getOptionsTypeTranslationKey = (type: OptionsType, t: TFunction): string => {
+  switch (type) {
+    case OptionsType.ELEMENTS:
+      return t("common.elements");
+    case OptionsType.TAGS:
+      return t("common.tags");
+    case OptionsType.ATTRIBUTES:
+      return t("common.attributes");
+    case OptionsType.OTHERS:
+      return t("common.other_filters");
+    case OptionsType.META:
+      return t("common.meta");
+    case OptionsType.HIDDEN_FIELDS:
+      return t("common.hidden_fields");
+    case OptionsType.QUOTAS:
+      return t("common.quotas");
+  }
+};
+
 export type ElementOption = {
  label: string;
  elementType?: TSurveyElementTypeEnum;
@@ -218,7 +238,12 @@ export const ElementsComboBox = ({ options, selected, onChangeValue }: ElementCo
            {options?.map((data) => (
              <Fragment key={data.header}>
                {data?.option.length > 0 && (
-                  <CommandGroup heading={<p className="text-sm font-medium text-slate-600">{data.header}</p>}>
+                  <CommandGroup
+                    heading={
+                      <p className="text-sm font-medium text-slate-600">
+                        {getOptionsTypeTranslationKey(data.header, t)}
+                      </p>
+                    }>
                    {data?.option?.map((o) => (
                      <CommandItem
                        key={o.id}
@@ -3,8 +3,9 @@
 import { useRouter } from "next/navigation";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
-import { TEnvironment } from "@formbricks/types/environment";
 import { TSurvey } from "@formbricks/types/surveys/types";
+import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { updateSurveyAction } from "@/modules/survey/editor/actions";
 import {
@@ -16,17 +17,9 @@ import {
 } from "@/modules/ui/components/select";
 import { SurveyStatusIndicator } from "@/modules/ui/components/survey-status-indicator";

-interface SurveyStatusDropdownProps {
-  environment: TEnvironment;
-  updateLocalSurveyStatus?: (status: TSurvey["status"]) => void;
-  survey: TSurvey;
-}
-
-export const SurveyStatusDropdown = ({
-  environment,
-  updateLocalSurveyStatus,
-  survey,
-}: SurveyStatusDropdownProps) => {
+export const SurveyStatusDropdown = () => {
+  const { environment } = useEnvironment();
+  const { survey } = useSurvey();
  const { t } = useTranslation();
  const router = useRouter();

@@ -46,10 +39,6 @@ export const SurveyStatusDropdown = ({
        toast.success(toastMessage);
      }

-      if (updateLocalSurveyStatus) {
-        updateLocalSurveyStatus(resultingStatus);
-      }
-
      router.refresh();
    } else {
      const errorMessage = getFormattedErrorMessage(updateSurveyActionResponse);
@@ -0,0 +1,8 @@
+import { type ReactNode } from "react";
+import { SurveysQueryClientProvider } from "./query-client-provider";
+
+const SurveysLayout = ({ children }: { children: ReactNode }) => {
+  return <SurveysQueryClientProvider>{children}</SurveysQueryClientProvider>;
+};
+
+export default SurveysLayout;
@@ -0,0 +1,10 @@
+"use client";
+
+import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
+import { type ReactNode, useState } from "react";
+
+export const SurveysQueryClientProvider = ({ children }: { children: ReactNode }) => {
+  const [queryClient] = useState(() => new QueryClient());
+
+  return <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>;
+};
@@ -1,208 +0,0 @@
-"use client";
-
-import { CheckCircle2, Sparkles } from "lucide-react";
-import { useState } from "react";
-import { useTranslation } from "react-i18next";
-import { Button } from "@/modules/ui/components/button";
-
-const FORMBRICKS_HOST = "https://app.formbricks.com";
-const SURVEY_ID = "cr9r4b2r73x6hlmn5aa2ha44";
-const ENVIRONMENT_ID = "cmk41i8bi92bdad01svi74dec";
-
-interface WorkflowsPageProps {
-  userEmail: string;
-  organizationName: string;
-  billingPlan: string;
-}
-
-type Step = "prompt" | "followup" | "thankyou";
-
-export const WorkflowsPage = ({ userEmail, organizationName, billingPlan }: WorkflowsPageProps) => {
-  const { t } = useTranslation();
-  const [step, setStep] = useState<Step>("prompt");
-  const [promptValue, setPromptValue] = useState("");
-  const [detailsValue, setDetailsValue] = useState("");
-  const [responseId, setResponseId] = useState<string | null>(null);
-  const [isSubmitting, setIsSubmitting] = useState(false);
-
-  const handleGenerateWorkflow = async () => {
-    if (promptValue.trim().length < 100 || isSubmitting) return;
-    setIsSubmitting(true);
-
-    try {
-      const res = await fetch(`${FORMBRICKS_HOST}/api/v2/client/${ENVIRONMENT_ID}/responses`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          surveyId: SURVEY_ID,
-          finished: false,
-          data: {
-            workflow: promptValue.trim(),
-            useremail: userEmail,
-            orgname: organizationName,
-            billingplan: billingPlan,
-          },
-        }),
-      });
-
-      if (res.ok) {
-        const json = await res.json();
-        setResponseId(json.data?.id ?? null);
-      }
-
-      setStep("followup");
-    } catch {
-      setStep("followup");
-    } finally {
-      setIsSubmitting(false);
-    }
-  };
-
-  const handleSubmitFeedback = async () => {
-    if (isSubmitting) return;
-    setIsSubmitting(true);
-
-    if (responseId) {
-      try {
-        await fetch(`${FORMBRICKS_HOST}/api/v1/client/${ENVIRONMENT_ID}/responses/${responseId}`, {
-          method: "PUT",
-          headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({
-            finished: true,
-            data: {
-              details: detailsValue.trim(),
-            },
-          }),
-        });
-      } catch {
-        // silently fail
-      }
-    }
-
-    setIsSubmitting(false);
-    setStep("thankyou");
-  };
-
-  const handleSkipFeedback = async () => {
-    if (!responseId) {
-      setStep("thankyou");
-      return;
-    }
-
-    try {
-      await fetch(`${FORMBRICKS_HOST}/api/v1/client/${ENVIRONMENT_ID}/responses/${responseId}`, {
-        method: "PUT",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          finished: true,
-          data: {},
-        }),
-      });
-    } catch {
-      // silently fail
-    }
-
-    setStep("thankyou");
-  };
-
-  if (step === "prompt") {
-    return (
-      <div className="flex h-full flex-col items-center px-4 pt-[15vh]">
-        <div className="w-full max-w-2xl space-y-8">
-          <div className="space-y-3 text-center">
-            <div className="mx-auto mb-4 flex h-12 w-12 items-center justify-center rounded-xl bg-gradient-to-br from-brand-light to-brand-dark shadow-md">
-              <Sparkles className="h-6 w-6 text-white" />
-            </div>
-            <h1 className="text-4xl font-bold tracking-tight text-slate-800">{t("workflows.heading")}</h1>
-            <p className="text-lg text-slate-500">{t("workflows.subheading")}</p>
-          </div>
-
-          <div className="relative">
-            <textarea
-              value={promptValue}
-              onChange={(e) => setPromptValue(e.target.value)}
-              placeholder={t("workflows.placeholder")}
-              rows={5}
-              className="w-full resize-none rounded-xl border border-slate-200 bg-white px-5 py-4 text-base text-slate-800 shadow-sm transition-all placeholder:text-slate-400 focus:border-brand-dark focus:outline-none focus:ring-2 focus:ring-brand-light/20"
-              onKeyDown={(e) => {
-                if (e.key === "Enter" && (e.metaKey || e.ctrlKey)) {
-                  handleGenerateWorkflow();
-                }
-              }}
-            />
-            <div className="mt-3 flex items-center justify-between">
-              <span
-                className={`text-xs ${promptValue.trim().length >= 100 ? "text-slate-400" : "text-amber-500"}`}>
-                {promptValue.trim().length} / 100
-              </span>
-              <Button
-                onClick={handleGenerateWorkflow}
-                disabled={promptValue.trim().length < 100 || isSubmitting}
-                loading={isSubmitting}
-                size="lg">
-                <Sparkles className="h-4 w-4" />
-                {t("workflows.generate_button")}
-              </Button>
-            </div>
-          </div>
-        </div>
-      </div>
-    );
-  }
-
-  if (step === "followup") {
-    return (
-      <div className="flex h-full flex-col items-center px-4 pt-[15vh]">
-        <div className="w-full max-w-2xl space-y-8">
-          <div className="space-y-3 text-center">
-            <div className="mx-auto mb-4 flex h-12 w-12 items-center justify-center rounded-xl bg-slate-100">
-              <Sparkles className="h-6 w-6 text-brand-dark" />
-            </div>
-            <h1 className="text-3xl font-bold tracking-tight text-slate-800">
-              {t("workflows.coming_soon_title")}
-            </h1>
-            <p className="mx-auto max-w-md text-base text-slate-500">
-              {t("workflows.coming_soon_description")}
-            </p>
-          </div>
-
-          <div className="rounded-xl border border-slate-200 bg-white p-6 shadow-sm">
-            <label className="text-md mb-2 block font-medium text-slate-700">
-              {t("workflows.follow_up_label")}
-            </label>
-            <textarea
-              value={detailsValue}
-              onChange={(e) => setDetailsValue(e.target.value)}
-              placeholder={t("workflows.follow_up_placeholder")}
-              rows={4}
-              className="w-full resize-none rounded-lg border border-slate-200 bg-slate-50 px-4 py-3 text-sm text-slate-800 transition-all placeholder:text-slate-400 focus:border-brand-dark focus:bg-white focus:outline-none focus:ring-2 focus:ring-brand-light/20"
-            />
-            <div className="mt-4 flex items-center justify-end gap-3">
-              <Button variant="ghost" onClick={handleSkipFeedback} className="text-slate-500">
-                {t("common.skip")}
-              </Button>
-              <Button
-                onClick={handleSubmitFeedback}
-                disabled={!detailsValue.trim() || isSubmitting}
-                loading={isSubmitting}>
-                {t("workflows.submit_button")}
-              </Button>
-            </div>
-          </div>
-        </div>
-      </div>
-    );
-  }
-
-  return (
-    <div className="flex h-full flex-col items-center px-4 pt-[15vh]">
-      <div className="w-full max-w-md space-y-6 text-center">
-        <div className="mx-auto flex h-16 w-16 items-center justify-center rounded-full bg-green-50">
-          <CheckCircle2 className="h-8 w-8 text-green-500" />
-        </div>
-        <h1 className="text-2xl font-bold text-slate-800">{t("workflows.thank_you_title")}</h1>
-        <p className="text-base text-slate-500">{t("workflows.thank_you_description")}</p>
-      </div>
-    </div>
-  );
-};
@@ -1,42 +0,0 @@
-import { Metadata } from "next";
-import { notFound, redirect } from "next/navigation";
-import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
-import { getUser } from "@/lib/user/service";
-import { getCloudBillingDisplayContext } from "@/modules/ee/billing/lib/cloud-billing-display";
-import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
-import { WorkflowsPage } from "./components/workflows-page";
-
-export const metadata: Metadata = {
-  title: "Workflows",
-};
-
-const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
-  const params = await props.params;
-
-  if (!IS_FORMBRICKS_CLOUD) {
-    return notFound();
-  }
-
-  const { session, organization, isBilling } = await getEnvironmentAuth(params.environmentId);
-
-  if (isBilling) {
-    return redirect(`/environments/${params.environmentId}/settings/billing`);
-  }
-
-  const user = await getUser(session.user.id);
-  if (!user) {
-    return redirect("/auth/login");
-  }
-
-  const cloudBillingDisplayContext = await getCloudBillingDisplayContext(organization.id);
-
-  return (
-    <WorkflowsPage
-      userEmail={user.email}
-      organizationName={organization.name}
-      billingPlan={cloudBillingDisplayContext.currentCloudPlan}
-    />
-  );
-};
-
-export default Page;
@@ -4,6 +4,7 @@ import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
 import { ZIntegrationInput } from "@formbricks/types/integration";
 import { createOrUpdateIntegration, deleteIntegration } from "@/lib/integration/service";
+import { capturePostHogEvent } from "@/lib/posthog";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import {
@@ -45,6 +46,12 @@ export const createOrUpdateIntegrationAction = authenticatedActionClient
      const result = await createOrUpdateIntegration(parsedInput.environmentId, parsedInput.integrationData);
      ctx.auditLoggingCtx.integrationId = result.id;
      ctx.auditLoggingCtx.newObject = result;
+
+      capturePostHogEvent(ctx.user.id, "integration_connected", {
+        integration_type: parsedInput.integrationData.type,
+        organization_id: organizationId,
+      });
+
      return result;
    })
  );
@@ -18,6 +18,7 @@ interface AirtableWrapperProps {
  isEnabled: boolean;
  webAppUrl: string;
  locale: TUserLocale;
+  showReconnectButton?: boolean;
 }

 export const AirtableWrapper = ({
@@ -28,6 +29,7 @@ export const AirtableWrapper = ({
  isEnabled,
  webAppUrl,
  locale,
+  showReconnectButton = false,
 }: AirtableWrapperProps) => {
  const [isConnected, setIsConnected] = useState(
    airtableIntegration ? airtableIntegration.config?.key : false
@@ -49,6 +51,8 @@ export const AirtableWrapper = ({
      setIsConnected={setIsConnected}
      surveys={surveys}
      locale={locale}
+      showReconnectButton={showReconnectButton}
+      handleAirtableAuthorization={handleAirtableAuthorization}
    />
  ) : (
    <ConnectIntegration
@@ -1,6 +1,6 @@
 "use client";

-import { Trash2Icon } from "lucide-react";
+import { RefreshCcwIcon, Trash2Icon } from "lucide-react";
 import { useState } from "react";
 import { toast } from "react-hot-toast";
 import { useTranslation } from "react-i18next";
@@ -12,9 +12,11 @@ import { deleteIntegrationAction } from "@/app/(app)/environments/[environmentId
 import { AddIntegrationModal } from "@/app/(app)/environments/[environmentId]/workspace/integrations/airtable/components/AddIntegrationModal";
 import { timeSince } from "@/lib/time";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
+import { Alert, AlertButton, AlertDescription } from "@/modules/ui/components/alert";
 import { Button } from "@/modules/ui/components/button";
 import { DeleteDialog } from "@/modules/ui/components/delete-dialog";
 import { EmptyState } from "@/modules/ui/components/empty-state";
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
 import { IntegrationModalInputs } from "../lib/types";

 interface ManageIntegrationProps {
@@ -24,10 +26,20 @@ interface ManageIntegrationProps {
  surveys: TSurvey[];
  airtableArray: TIntegrationItem[];
  locale: TUserLocale;
+  showReconnectButton: boolean;
+  handleAirtableAuthorization: () => Promise<void>;
 }

-export const ManageIntegration = (props: ManageIntegrationProps) => {
-  const { airtableIntegration, environmentId, setIsConnected, surveys, airtableArray } = props;
+export const ManageIntegration = ({
+  airtableIntegration,
+  environmentId,
+  setIsConnected,
+  surveys,
+  airtableArray,
+  showReconnectButton,
+  handleAirtableAuthorization,
+  locale,
+}: ManageIntegrationProps) => {
  const { t } = useTranslation();

  const tableHeaders = [
@@ -73,15 +85,34 @@ export const ManageIntegration = (props: ManageIntegrationProps) => {
    : { isEditMode: false as const };
  return (
    <div className="mt-6 flex w-full flex-col items-center justify-center p-6">
-      <div className="flex w-full justify-end gap-x-6">
-        <div className="flex items-center">
+      {showReconnectButton && (
+        <Alert variant="warning" size="small" className="mb-4 w-full">
+          <AlertDescription>{t("environments.integrations.reconnect_button_description")}</AlertDescription>
+          <AlertButton onClick={handleAirtableAuthorization}>
+            {t("environments.integrations.reconnect_button")}
+          </AlertButton>
+        </Alert>
+      )}
+      <div className="flex w-full justify-end space-x-2">
+        <div className="mr-6 flex items-center">
          <span className="mr-4 h-4 w-4 rounded-full bg-green-600"></span>
-          <span className="cursor-pointer text-slate-500">
+          <span className="text-slate-500">
            {t("environments.integrations.connected_with_email", {
              email: airtableIntegration.config.email,
            })}
          </span>
        </div>
+        <TooltipProvider>
+          <Tooltip>
+            <TooltipTrigger asChild>
+              <Button variant="outline" onClick={handleAirtableAuthorization}>
+                <RefreshCcwIcon className="mr-2 h-4 w-4" />
+                {t("environments.integrations.reconnect_button")}
+              </Button>
+            </TooltipTrigger>
+            <TooltipContent>{t("environments.integrations.reconnect_button_tooltip")}</TooltipContent>
+          </Tooltip>
+        </TooltipProvider>
        <Button
          onClick={() => {
            setDefaultValues(null);
@@ -122,9 +153,7 @@ export const ManageIntegration = (props: ManageIntegrationProps) => {
              <div className="col-span-2 text-center">{data.surveyName}</div>
              <div className="col-span-2 text-center">{data.tableName}</div>
              <div className="col-span-2 text-center">{data.elements}</div>
-              <div className="col-span-2 text-center">
-                {timeSince(data.createdAt.toString(), props.locale)}
-              </div>
+              <div className="col-span-2 text-center">{timeSince(data.createdAt.toString(), locale)}</div>
            </button>
          ))}
        </div>
@@ -1,4 +1,5 @@
 import { redirect } from "next/navigation";
+import { logger } from "@formbricks/logger";
 import { TIntegrationItem } from "@formbricks/types/integration";
 import { TIntegrationAirtable } from "@formbricks/types/integration/airtable";
 import { AirtableWrapper } from "@/app/(app)/environments/[environmentId]/workspace/integrations/airtable/components/AirtableWrapper";
@@ -31,8 +32,14 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
  );

  let airtableArray: TIntegrationItem[] = [];
+  let isTokenValid = true;
  if (airtableIntegration?.config.key) {
-    airtableArray = await getAirtableTables(params.environmentId);
+    try {
+      airtableArray = await getAirtableTables(params.environmentId);
+    } catch (error) {
+      logger.error(error, "Failed to load Airtable bases — token may be expired or revoked");
+      isTokenValid = false;
+    }
  }
  if (isReadOnly) {
    return redirect("./");
@@ -51,6 +58,7 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
          surveys={surveys}
          webAppUrl={WEBAPP_URL}
          locale={locale ?? DEFAULT_LOCALE}
+          showReconnectButton={!isTokenValid}
        />
      </div>
    </PageContentWrapper>
@@ -13,7 +13,9 @@ import notionLogo from "@/images/notion.png";
 import SlackLogo from "@/images/slacklogo.png";
 import WebhookLogo from "@/images/webhook.png";
 import ZapierLogo from "@/images/zapier-small.png";
+import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
 import { getIntegrations } from "@/lib/integration/service";
+import { getBillingFallbackPath } from "@/lib/membership/navigation";
 import { getTranslate } from "@/lingodotdev/server";
 import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { ProjectConfigNavigation } from "@/modules/projects/settings/components/project-config-navigation";
@@ -53,7 +55,7 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
    integrations.some((integration) => integration.type === type);

  if (isBilling) {
-    return redirect(`/environments/${params.environmentId}/settings/billing`);
+    return redirect(getBillingFallbackPath(params.environmentId, IS_FORMBRICKS_CLOUD));
  }

  const isGoogleSheetsIntegrationConnected = isIntegrationConnected("googleSheets");
@@ -0,0 +1,160 @@
+import { getServerSession } from "next-auth";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { logger } from "@formbricks/logger";
+import { AuthorizationError } from "@formbricks/types/errors";
+import { verifyAccountDeletionSsoReauthIntent } from "@/lib/jwt";
+import { deleteUserWithAccountDeletionAuthorization } from "@/modules/account/lib/account-deletion";
+import { queueAuditEventBackground } from "@/modules/ee/audit-logs/lib/handler";
+import { completeAccountDeletionSsoReauthenticationAndGetRedirectPath } from "./account-deletion-sso-complete";
+
+vi.mock("server-only", () => ({}));
+
+vi.mock("next-auth", () => ({
+  getServerSession: vi.fn(),
+}));
+
+vi.mock("@formbricks/logger", () => ({
+  logger: {
+    error: vi.fn(),
+    info: vi.fn(),
+  },
+}));
+
+vi.mock("@/lib/constants", () => ({
+  IS_FORMBRICKS_CLOUD: false,
+  WEBAPP_URL: "http://localhost:3000",
+}));
+
+vi.mock("@/lib/jwt", () => ({
+  verifyAccountDeletionSsoReauthIntent: vi.fn(),
+}));
+
+vi.mock("@/modules/account/lib/account-deletion", () => ({
+  deleteUserWithAccountDeletionAuthorization: vi.fn(),
+}));
+
+vi.mock("@/modules/auth/lib/authOptions", () => ({
+  authOptions: {},
+}));
+
+vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
+  queueAuditEventBackground: vi.fn(),
+}));
+
+const mockGetServerSession = vi.mocked(getServerSession);
+const mockLoggerError = vi.mocked(logger.error);
+const mockVerifyAccountDeletionSsoReauthIntent = vi.mocked(verifyAccountDeletionSsoReauthIntent);
+const mockDeleteUserWithAccountDeletionAuthorization = vi.mocked(deleteUserWithAccountDeletionAuthorization);
+const mockQueueAuditEventBackground = vi.mocked(queueAuditEventBackground);
+
+const intent = {
+  id: "intent-id",
+  email: "delete-user@example.com",
+  provider: "google",
+  providerAccountId: "google-account-id",
+  purpose: "account_deletion_sso_reauth" as const,
+  returnToUrl: "http://localhost:3000/environments/env-id/settings/profile",
+  userId: "user-id",
+};
+
+describe("completeAccountDeletionSsoReauthenticationAndGetRedirectPath", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+
+    mockVerifyAccountDeletionSsoReauthIntent.mockReturnValue(intent);
+    mockGetServerSession.mockResolvedValue({
+      user: {
+        email: intent.email,
+        id: intent.userId,
+      },
+    } as any);
+    mockDeleteUserWithAccountDeletionAuthorization.mockResolvedValue({
+      oldUser: { id: intent.userId } as any,
+    });
+    mockQueueAuditEventBackground.mockResolvedValue(undefined);
+  });
+
+  test("returns login without deleting when the callback has no intent", async () => {
+    await expect(completeAccountDeletionSsoReauthenticationAndGetRedirectPath({})).resolves.toBe(
+      "/auth/login"
+    );
+
+    expect(mockVerifyAccountDeletionSsoReauthIntent).not.toHaveBeenCalled();
+    expect(mockDeleteUserWithAccountDeletionAuthorization).not.toHaveBeenCalled();
+    expect(mockQueueAuditEventBackground).not.toHaveBeenCalled();
+  });
+
+  test("deletes the account after a completed SSO reauthentication", async () => {
+    await expect(
+      completeAccountDeletionSsoReauthenticationAndGetRedirectPath({ intent: "intent-token" })
+    ).resolves.toBe("/auth/login");
+
+    expect(mockDeleteUserWithAccountDeletionAuthorization).toHaveBeenCalledWith({
+      confirmationEmail: intent.email,
+      userEmail: intent.email,
+      userId: intent.userId,
+    });
+    expect(mockQueueAuditEventBackground).toHaveBeenCalledWith({
+      action: "deleted",
+      targetType: "user",
+      userId: intent.userId,
+      userType: "user",
+      targetId: intent.userId,
+      organizationId: "unknown",
+      oldObject: { id: intent.userId },
+      status: "success",
+    });
+  });
+
+  test("does not delete when the callback session does not match the intent user", async () => {
+    mockGetServerSession.mockResolvedValue({
+      user: {
+        email: "other@example.com",
+        id: "other-user-id",
+      },
+    } as any);
+
+    await expect(
+      completeAccountDeletionSsoReauthenticationAndGetRedirectPath({ intent: "intent-token" })
+    ).resolves.toBe("/environments/env-id/settings/profile");
+
+    expect(mockDeleteUserWithAccountDeletionAuthorization).not.toHaveBeenCalled();
+    expect(mockLoggerError).toHaveBeenCalledWith(
+      { error: expect.any(AuthorizationError) },
+      "Failed to complete account deletion after SSO reauth"
+    );
+  });
+
+  test("keeps the post-deletion redirect if audit logging fails after deletion", async () => {
+    mockQueueAuditEventBackground.mockRejectedValue(new Error("audit unavailable"));
+
+    await expect(
+      completeAccountDeletionSsoReauthenticationAndGetRedirectPath({ intent: "intent-token" })
+    ).resolves.toBe("/auth/login");
+
+    expect(mockDeleteUserWithAccountDeletionAuthorization).toHaveBeenCalled();
+    expect(mockLoggerError).toHaveBeenCalledWith(
+      { error: expect.any(Error) },
+      "Failed to complete account deletion after SSO reauth"
+    );
+  });
+
+  test("falls back to login when the intent return URL is not allowed", async () => {
+    mockVerifyAccountDeletionSsoReauthIntent.mockReturnValue({
+      ...intent,
+      returnToUrl: "https://evil.example/settings/profile",
+    });
+    mockGetServerSession.mockResolvedValue({
+      user: {
+        email: "other@example.com",
+        id: "other-user-id",
+      },
+    } as any);
+
+    await expect(
+      completeAccountDeletionSsoReauthenticationAndGetRedirectPath({ intent: ["intent-token"] })
+    ).resolves.toBe("/auth/login");
+
+    expect(mockDeleteUserWithAccountDeletionAuthorization).not.toHaveBeenCalled();
+  });
+});
@@ -0,0 +1,82 @@
+import "server-only";
+import { getServerSession } from "next-auth";
+import { logger } from "@formbricks/logger";
+import { AuthorizationError } from "@formbricks/types/errors";
+import { IS_FORMBRICKS_CLOUD, WEBAPP_URL } from "@/lib/constants";
+import { verifyAccountDeletionSsoReauthIntent } from "@/lib/jwt";
+import { getValidatedCallbackUrl } from "@/lib/utils/url";
+import { FORMBRICKS_CLOUD_ACCOUNT_DELETION_SURVEY_URL } from "@/modules/account/constants";
+import { deleteUserWithAccountDeletionAuthorization } from "@/modules/account/lib/account-deletion";
+import { authOptions } from "@/modules/auth/lib/authOptions";
+import { queueAuditEventBackground } from "@/modules/ee/audit-logs/lib/handler";
+import { UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";
+
+type TAccountDeletionSsoCompleteSearchParams = {
+  intent?: string | string[];
+};
+
+const getIntentToken = (intent: string | string[] | undefined) => {
+  if (Array.isArray(intent)) {
+    return intent[0];
+  }
+
+  return intent;
+};
+
+const getSafeRedirectPath = (returnToUrl: string) => {
+  const validatedReturnToUrl = getValidatedCallbackUrl(returnToUrl, WEBAPP_URL);
+
+  if (!validatedReturnToUrl) {
+    return "/auth/login";
+  }
+
+  const parsedReturnToUrl = new URL(validatedReturnToUrl);
+  return `${parsedReturnToUrl.pathname}${parsedReturnToUrl.search}${parsedReturnToUrl.hash}`;
+};
+
+const getPostDeletionRedirectPath = () =>
+  IS_FORMBRICKS_CLOUD ? FORMBRICKS_CLOUD_ACCOUNT_DELETION_SURVEY_URL : "/auth/login";
+
+export const completeAccountDeletionSsoReauthenticationAndGetRedirectPath = async ({
+  intent,
+}: TAccountDeletionSsoCompleteSearchParams): Promise<string> => {
+  const intentToken = getIntentToken(intent);
+  let redirectPath = "/auth/login";
+
+  if (!intentToken) {
+    return redirectPath;
+  }
+
+  try {
+    const verifiedIntent = verifyAccountDeletionSsoReauthIntent(intentToken);
+    redirectPath = getSafeRedirectPath(verifiedIntent.returnToUrl);
+    const session = await getServerSession(authOptions);
+
+    if (!session?.user?.id || !session.user.email || session.user.id !== verifiedIntent.userId) {
+      throw new AuthorizationError("Account deletion SSO reauthentication session mismatch");
+    }
+
+    logger.info({ userId: session.user.id }, "Completing account deletion after SSO reauth");
+    const { oldUser } = await deleteUserWithAccountDeletionAuthorization({
+      confirmationEmail: verifiedIntent.email,
+      userEmail: session.user.email,
+      userId: session.user.id,
+    });
+    redirectPath = getPostDeletionRedirectPath();
+    await queueAuditEventBackground({
+      action: "deleted",
+      targetType: "user",
+      userId: session.user.id,
+      userType: "user",
+      targetId: session.user.id,
+      organizationId: UNKNOWN_DATA,
+      oldObject: oldUser,
+      status: "success",
+    });
+    logger.info({ userId: session.user.id }, "Completed account deletion after SSO reauth");
+  } catch (error) {
+    logger.error({ error }, "Failed to complete account deletion after SSO reauth");
+  }
+
+  return redirectPath;
+};
@@ -0,0 +1,10 @@
+import { redirect } from "next/navigation";
+import { completeAccountDeletionSsoReauthenticationAndGetRedirectPath } from "./lib/account-deletion-sso-complete";
+
+export default async function AccountDeletionSsoReauthCompletePage({
+  searchParams,
+}: {
+  searchParams: Promise<{ intent?: string | string[] }>;
+}) {
+  redirect(await completeAccountDeletionSsoReauthenticationAndGetRedirectPath(await searchParams));
+}
@@ -0,0 +1,81 @@
+import { afterEach, describe, expect, test, vi } from "vitest";
+import { captureSurveyResponsePostHogEvent } from "./posthog";
+
+vi.mock("@/lib/posthog", () => ({
+  capturePostHogEvent: vi.fn(),
+}));
+
+describe("captureSurveyResponsePostHogEvent", () => {
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  const makeParams = (responseCount: number) => ({
+    organizationId: "org-1",
+    surveyId: "survey-1",
+    surveyType: "link",
+    environmentId: "env-1",
+    responseCount,
+  });
+
+  test("fires on 1st response with milestone 'first'", async () => {
+    const { capturePostHogEvent } = await import("@/lib/posthog");
+
+    captureSurveyResponsePostHogEvent(makeParams(1));
+
+    expect(capturePostHogEvent).toHaveBeenCalledWith("org-1", "survey_response_received", {
+      survey_id: "survey-1",
+      survey_type: "link",
+      organization_id: "org-1",
+      environment_id: "env-1",
+      response_count: 1,
+      is_first_response: true,
+      milestone: "first",
+    });
+  });
+
+  test("fires on every 100th response", async () => {
+    const { capturePostHogEvent } = await import("@/lib/posthog");
+
+    for (const count of [100, 200, 300, 500, 1000, 5000]) {
+      captureSurveyResponsePostHogEvent(makeParams(count));
+    }
+
+    expect(capturePostHogEvent).toHaveBeenCalledTimes(6);
+  });
+
+  test("does NOT fire for 2nd through 99th responses", async () => {
+    const { capturePostHogEvent } = await import("@/lib/posthog");
+
+    for (const count of [2, 5, 10, 50, 99]) {
+      captureSurveyResponsePostHogEvent(makeParams(count));
+    }
+
+    expect(capturePostHogEvent).not.toHaveBeenCalled();
+  });
+
+  test("does NOT fire for non-100th counts above 100", async () => {
+    const { capturePostHogEvent } = await import("@/lib/posthog");
+
+    for (const count of [101, 150, 250, 499, 501]) {
+      captureSurveyResponsePostHogEvent(makeParams(count));
+    }
+
+    expect(capturePostHogEvent).not.toHaveBeenCalled();
+  });
+
+  test("sets milestone to count string for non-first milestones", async () => {
+    const { capturePostHogEvent } = await import("@/lib/posthog");
+
+    captureSurveyResponsePostHogEvent(makeParams(200));
+
+    expect(capturePostHogEvent).toHaveBeenCalledWith(
+      "org-1",
+      "survey_response_received",
+      expect.objectContaining({
+        is_first_response: false,
+        milestone: "200",
+      })
+    );
+  });
+});
@@ -0,0 +1,33 @@
+import { capturePostHogEvent } from "@/lib/posthog";
+
+interface SurveyResponsePostHogEventParams {
+  organizationId: string;
+  surveyId: string;
+  surveyType: string;
+  environmentId: string;
+  responseCount: number;
+}
+
+/**
+ * Captures a PostHog event for survey responses at milestones:
+ * 1st response, then every 100th (100, 200, 300, ...).
+ */
+export const captureSurveyResponsePostHogEvent = ({
+  organizationId,
+  surveyId,
+  surveyType,
+  environmentId,
+  responseCount,
+}: SurveyResponsePostHogEventParams): void => {
+  if (responseCount !== 1 && responseCount % 100 !== 0) return;
+
+  capturePostHogEvent(organizationId, "survey_response_received", {
+    survey_id: surveyId,
+    survey_type: surveyType,
+    organization_id: organizationId,
+    environment_id: environmentId,
+    response_count: responseCount,
+    is_first_response: responseCount === 1,
+    milestone: responseCount === 1 ? "first" : String(responseCount),
+  });
+};
@@ -51,8 +51,20 @@ vi.mock("@/lib/env", () => ({
    RECAPTCHA_SECRET_KEY: "secret-key",
    GITHUB_ID: "github-id",
    SAML_DATABASE_URL: "postgresql://saml.example.com/formbricks",
+    ENTERPRISE_LICENSE_KEY: "test-license-key",
  },
 }));
+vi.mock("@/lib/constants", () => ({
+  E2E_TESTING: false,
+  IS_DEVELOPMENT: false,
+  TELEMETRY_DISABLED: false,
+}));
+vi.mock("@/lib/hash-string", () => ({
+  hashString: vi.fn((s: string) => `hashed-${s}`),
+}));
+vi.mock("@/modules/ee/license-check/lib/license", () => ({
+  getEnterpriseLicense: vi.fn(),
+}));

 // Mock fetch
 const fetchMock = vi.fn();
@@ -199,6 +211,14 @@ describe("sendTelemetryEvents", () => {
  test("should handle telemetry send failure and apply cooldown", async () => {
    // Reset module to clear nextTelemetryCheck state from previous tests
    vi.resetModules();
+    vi.doMock("@/lib/constants", () => ({
+      E2E_TESTING: false,
+      IS_DEVELOPMENT: false,
+      TELEMETRY_DISABLED: false,
+    }));
+    vi.doMock("@/modules/ee/license-check/lib/license", () => ({
+      getEnterpriseLicense: vi.fn().mockResolvedValue({ active: false }),
+    }));
    const { sendTelemetryEvents: freshSendTelemetryEvents } = await import("./telemetry");

    // Ensure we can acquire lock by setting last sent time far in the past
@@ -221,6 +241,7 @@ describe("sendTelemetryEvents", () => {
      expect.objectContaining({
        error: networkError,
        message: "Network error",
+        hashedLicenseKey: "hashed-test-license-key",
      }),
      "Failed to send telemetry - applying 1h cooldown"
    );
@@ -242,6 +263,14 @@ describe("sendTelemetryEvents", () => {
  test("should skip if no organization exists", async () => {
    // Reset module to clear nextTelemetryCheck state from previous tests
    vi.resetModules();
+    vi.doMock("@/lib/constants", () => ({
+      E2E_TESTING: false,
+      IS_DEVELOPMENT: false,
+      TELEMETRY_DISABLED: false,
+    }));
+    vi.doMock("@/modules/ee/license-check/lib/license", () => ({
+      getEnterpriseLicense: vi.fn().mockResolvedValue({ active: false }),
+    }));
    const { sendTelemetryEvents: freshSendTelemetryEvents } = await import("./telemetry");

    // Ensure we can acquire lock by setting last sent time far in the past
@@ -276,4 +305,113 @@ describe("sendTelemetryEvents", () => {
    // This might be a bug, but we test the actual behavior
    expect(mockCacheService.set).toHaveBeenCalled();
  });
+
+  test("should skip telemetry when TELEMETRY_DISABLED is true and no active EE license", async () => {
+    vi.resetModules();
+    vi.doMock("@/lib/constants", () => ({
+      E2E_TESTING: false,
+      IS_DEVELOPMENT: false,
+      TELEMETRY_DISABLED: true,
+    }));
+    vi.doMock("@/modules/ee/license-check/lib/license", () => ({
+      getEnterpriseLicense: vi.fn().mockResolvedValue({ active: false }),
+    }));
+    const { sendTelemetryEvents: freshSendTelemetryEvents } = await import("./telemetry");
+
+    await freshSendTelemetryEvents();
+
+    // Should return early without touching cache or sending telemetry
+    expect(getCacheService).not.toHaveBeenCalled();
+    expect(fetchMock).not.toHaveBeenCalled();
+  });
+
+  test("should send telemetry when TELEMETRY_DISABLED is true but EE license is active", async () => {
+    vi.resetModules();
+    vi.doMock("@/lib/constants", () => ({
+      E2E_TESTING: false,
+      IS_DEVELOPMENT: false,
+      TELEMETRY_DISABLED: true,
+    }));
+    vi.doMock("@/modules/ee/license-check/lib/license", () => ({
+      getEnterpriseLicense: vi.fn().mockResolvedValue({ active: true }),
+    }));
+    const { sendTelemetryEvents: freshSendTelemetryEvents } = await import("./telemetry");
+
+    // Re-setup mocks after resetModules
+    vi.mocked(getCacheService).mockResolvedValue({
+      ok: true,
+      data: mockCacheService as any,
+    });
+    mockCacheService.tryLock.mockResolvedValue({ ok: true, data: true });
+    mockCacheService.del.mockResolvedValue({ ok: true, data: undefined });
+    mockCacheService.get.mockResolvedValue({ ok: true, data: null });
+    mockCacheService.set.mockResolvedValue({ ok: true, data: undefined });
+
+    vi.mocked(prisma.organization.findFirst).mockResolvedValue({
+      id: "org-123",
+      createdAt: new Date("2023-01-01"),
+    } as any);
+    vi.mocked(prisma.$queryRaw).mockResolvedValue([
+      {
+        organizationCount: BigInt(1),
+        userCount: BigInt(5),
+        teamCount: BigInt(2),
+        projectCount: BigInt(3),
+        surveyCount: BigInt(10),
+        inProgressSurveyCount: BigInt(4),
+        completedSurveyCount: BigInt(6),
+        responseCountAllTime: BigInt(100),
+        responseCountSinceLastUpdate: BigInt(10),
+        displayCount: BigInt(50),
+        contactCount: BigInt(20),
+        segmentCount: BigInt(4),
+        newestResponseAt: new Date("2024-01-01T00:00:00.000Z"),
+      },
+    ] as any);
+    vi.mocked(prisma.integration.findMany).mockResolvedValue([{ type: IntegrationType.notion }] as any);
+    vi.mocked(prisma.account.findMany).mockResolvedValue([{ provider: "github" }] as any);
+    fetchMock.mockResolvedValue({ ok: true });
+
+    await freshSendTelemetryEvents();
+
+    // EE license active — telemetry should bypass TELEMETRY_DISABLED and send
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+  });
+
+  test("should unconditionally skip when E2E_TESTING is true even with active EE license", async () => {
+    vi.resetModules();
+    vi.doMock("@/lib/constants", () => ({
+      E2E_TESTING: true,
+      IS_DEVELOPMENT: false,
+      TELEMETRY_DISABLED: false,
+    }));
+    vi.doMock("@/modules/ee/license-check/lib/license", () => ({
+      getEnterpriseLicense: vi.fn().mockResolvedValue({ active: true }),
+    }));
+    const { sendTelemetryEvents: freshSendTelemetryEvents } = await import("./telemetry");
+
+    await freshSendTelemetryEvents();
+
+    // E2E_TESTING is a hard skip — no EE bypass, no cache, no fetch
+    expect(getCacheService).not.toHaveBeenCalled();
+    expect(fetchMock).not.toHaveBeenCalled();
+  });
+
+  test("should unconditionally skip when IS_DEVELOPMENT is true", async () => {
+    vi.resetModules();
+    vi.doMock("@/lib/constants", () => ({
+      E2E_TESTING: false,
+      IS_DEVELOPMENT: true,
+      TELEMETRY_DISABLED: false,
+    }));
+    vi.doMock("@/modules/ee/license-check/lib/license", () => ({
+      getEnterpriseLicense: vi.fn().mockResolvedValue({ active: true }),
+    }));
+    const { sendTelemetryEvents: freshSendTelemetryEvents } = await import("./telemetry");
+
+    await freshSendTelemetryEvents();
+
+    expect(getCacheService).not.toHaveBeenCalled();
+    expect(fetchMock).not.toHaveBeenCalled();
+  });
 });
@@ -2,8 +2,11 @@ import { IntegrationType } from "@prisma/client";
 import { createCacheKey, getCacheService } from "@formbricks/cache";
 import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
+import { E2E_TESTING, IS_DEVELOPMENT, TELEMETRY_DISABLED } from "@/lib/constants";
 import { env } from "@/lib/env";
+import { hashString } from "@/lib/hash-string";
 import { getInstanceInfo } from "@/lib/instance";
+import { getEnterpriseLicense } from "@/modules/ee/license-check/lib/license";
 import packageJson from "@/package.json";

 const TELEMETRY_INTERVAL_MS = 24 * 60 * 60 * 1000; // 24 hours
@@ -24,8 +27,31 @@ let nextTelemetryCheck = 0;
 * 2. Redis check (shared across instances, persists across restarts)
 * 3. Distributed lock (prevents concurrent execution in multi-instance deployments)
 */
+// Hashed license key for log context — allows correlating log entries to a specific license
+// without exposing the raw key. Computed once at module load.
+const hashedLicenseKey = env.ENTERPRISE_LICENSE_KEY ? hashString(env.ENTERPRISE_LICENSE_KEY) : null;
+
+/**
+ * Returns true if telemetry is disabled via env var AND there is no active EE license.
+ * EE customers cannot opt out — telemetry is always enforced for license compliance.
+ */
+const isTelemetryDisabledForCE = async (): Promise<boolean> => {
+  if (!TELEMETRY_DISABLED) return false;
+  const license = await getEnterpriseLicense();
+  return !license.active;
+};
+
 export const sendTelemetryEvents = async () => {
  try {
+    // ============================================================
+    // CHECK 0: Non-Production Hard Skip
+    // ============================================================
+    // Purpose: Unconditionally skip telemetry in dev and test/CI environments.
+    // No EE bypass — these are internal flags, not customer-facing.
+    if (E2E_TESTING || IS_DEVELOPMENT) {
+      return;
+    }
+
    const now = Date.now();

    // ============================================================
@@ -39,7 +65,18 @@ export const sendTelemetryEvents = async () => {
    }

    // ============================================================
-    // CHECK 2: Redis Check (Shared State)
+    // CHECK 2: Telemetry Disabled Check
+    // ============================================================
+    // Purpose: Allow CE self-hosters to opt out of telemetry via env var.
+    // EE bypass: If an active Enterprise License is detected, telemetry is always sent
+    // regardless of the TELEMETRY_DISABLED setting to enforce license compliance.
+    // Placed after in-memory check to avoid calling getEnterpriseLicense() on every invocation.
+    if (await isTelemetryDisabledForCE()) {
+      return;
+    }
+
+    // ============================================================
+    // CHECK 3: Redis Check (Shared State)
    // ============================================================
    // Purpose: Check if telemetry was sent recently by ANY instance (shared across cluster).
    // This persists across restarts and works in multi-instance deployments.
@@ -66,7 +103,7 @@ export const sendTelemetryEvents = async () => {
    }

    // ============================================================
-    // CHECK 3: Distributed Lock (Prevent Concurrent Execution)
+    // CHECK 4: Distributed Lock (Prevent Concurrent Execution)
    // ============================================================
    // Purpose: Ensure only ONE instance executes telemetry at a time in a cluster.
    // How it works:
@@ -100,7 +137,7 @@ export const sendTelemetryEvents = async () => {
      // Log as warning since telemetry is non-essential
      const errorMessage = e instanceof Error ? e.message : String(e);
      logger.warn(
-        { error: e, message: errorMessage, lastSent, now },
+        { error: e, message: errorMessage, lastSent, now, hashedLicenseKey },
        "Failed to send telemetry - applying 1h cooldown"
      );

@@ -118,7 +155,7 @@ export const sendTelemetryEvents = async () => {
    // Log as warning since telemetry is non-essential functionality
    const errorMessage = error instanceof Error ? error.message : String(error);
    logger.warn(
-      { error, message: errorMessage, timestamp: Date.now() },
+      { error, message: errorMessage, timestamp: Date.now(), hashedLicenseKey },
      "Unexpected error in sendTelemetryEvents wrapper - telemetry check skipped"
    );
  }
@@ -8,7 +8,7 @@ import { sendTelemetryEvents } from "@/app/api/(internal)/pipeline/lib/telemetry
 import { ZPipelineInput } from "@/app/api/(internal)/pipeline/types/pipelines";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
-import { CRON_SECRET } from "@/lib/constants";
+import { CRON_SECRET, DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS, POSTHOG_KEY } from "@/lib/constants";
 import { generateStandardWebhookSignature } from "@/lib/crypto";
 import { getIntegrations } from "@/lib/integration/service";
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
@@ -24,6 +24,7 @@ import { resolveStorageUrlsInObject } from "@/modules/storage/utils";
 import { sendFollowUpsForResponse } from "@/modules/survey/follow-ups/lib/follow-ups";
 import { FollowUpSendError } from "@/modules/survey/follow-ups/types/follow-up";
 import { handleIntegrations } from "./lib/handleIntegrations";
+import { captureSurveyResponsePostHogEvent } from "./lib/posthog";

 export const POST = async (request: Request) => {
  const requestHeaders = await headers();
@@ -90,10 +91,15 @@ export const POST = async (request: Request) => {
  const webhooks: Webhook[] = await getWebhooksForPipeline(environmentId, event, surveyId);
  // Prepare webhook and email promises

-  // Fetch with timeout of 5 seconds to prevent hanging
+  // Fetch with timeout of 5 seconds to prevent hanging.
+  // `redirect: "manual"` blocks SSRF via redirect — webhook URLs are validated against private/internal
+  // ranges before delivery, but redirect targets would otherwise bypass that check. Gated on the same
+  // env var as `validateWebhookUrl`: self-hosters who opted into trusting internal URLs also get the
+  // pre-patch redirect-follow behavior for consistency.
+  const redirectMode: RequestRedirect = DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS ? "follow" : "manual";
  const fetchWithTimeout = (url: string, options: RequestInit, timeout: number = 5000): Promise<Response> => {
    return Promise.race([
-      fetch(url, options),
+      fetch(url, { ...options, redirect: redirectMode }),
      new Promise<never>((_, reject) => setTimeout(() => reject(new Error("Timeout")), timeout)),
    ]);
  };
@@ -299,6 +305,18 @@ export const POST = async (request: Request) => {
      logger.error({ error, responseId: response.id }, "Failed to record response meter event");
    });

+    if (POSTHOG_KEY) {
+      const responseCount = await getResponseCountBySurveyId(surveyId);
+
+      captureSurveyResponsePostHogEvent({
+        organizationId: organization.id,
+        surveyId,
+        surveyType: survey.type,
+        environmentId,
+        responseCount,
+      });
+    }
+
    // Send telemetry events
    await sendTelemetryEvents();
  }
@@ -0,0 +1,204 @@
+import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { GET } from "./route";
+
+type WrappedAuthOptions = {
+  callbacks: {
+    signIn: (params: { user: unknown; account: unknown }) => Promise<boolean | string>;
+  };
+  events: {
+    signIn: (params: { user: unknown; account: unknown; isNewUser: boolean }) => Promise<void>;
+  };
+};
+
+const mocks = vi.hoisted(() => {
+  const nextAuthHandler = vi.fn(async () => new Response(null, { status: 200 }));
+  const nextAuth = vi.fn((_authOptions: WrappedAuthOptions) => nextAuthHandler);
+
+  return {
+    nextAuth,
+    nextAuthHandler,
+    baseSignIn: vi.fn(async () => true),
+    baseSession: vi.fn(async ({ session }: { session: unknown }) => session),
+    baseEventSignIn: vi.fn(),
+    queueAuditEventBackground: vi.fn(),
+    captureException: vi.fn(),
+    loggerError: vi.fn(),
+  };
+});
+
+vi.mock("next-auth", () => ({
+  default: mocks.nextAuth,
+}));
+
+vi.mock("@/lib/constants", () => ({
+  IS_PRODUCTION: false,
+  SENTRY_DSN: undefined,
+}));
+
+vi.mock("@sentry/nextjs", () => ({
+  captureException: mocks.captureException,
+}));
+
+vi.mock("@formbricks/logger", () => ({
+  logger: {
+    withContext: vi.fn(() => ({
+      error: mocks.loggerError,
+    })),
+  },
+}));
+
+vi.mock("@/modules/auth/lib/authOptions", () => ({
+  authOptions: {
+    callbacks: {
+      signIn: mocks.baseSignIn,
+      session: mocks.baseSession,
+    },
+    events: {
+      signIn: mocks.baseEventSignIn,
+    },
+  },
+}));
+
+vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
+  queueAuditEventBackground: mocks.queueAuditEventBackground,
+}));
+
+const getWrappedAuthOptions = async (requestId: string = "req-123"): Promise<WrappedAuthOptions> => {
+  const request = new Request("http://localhost/api/auth/signin", {
+    headers: { "x-request-id": requestId },
+  });
+
+  await GET(request, {} as any);
+
+  expect(mocks.nextAuth).toHaveBeenCalledTimes(1);
+
+  const firstCall = mocks.nextAuth.mock.calls.at(0);
+  if (!firstCall) {
+    throw new Error("NextAuth was not called");
+  }
+
+  const [authOptions] = firstCall;
+  if (!authOptions) {
+    throw new Error("NextAuth options were not provided");
+  }
+
+  return authOptions;
+};
+
+describe("auth route audit logging", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  test("logs successful sign-in from the NextAuth signIn event after session creation", async () => {
+    const authOptions = await getWrappedAuthOptions();
+    const user = { id: "user_1", email: "user@example.com", name: "User Example" };
+    const account = { provider: "keycloak" };
+
+    await expect(authOptions.callbacks.signIn({ user, account })).resolves.toBe(true);
+    expect(mocks.queueAuditEventBackground).not.toHaveBeenCalled();
+
+    await authOptions.events.signIn({ user, account, isNewUser: false });
+
+    expect(mocks.baseEventSignIn).toHaveBeenCalledWith({ user, account, isNewUser: false });
+    expect(mocks.queueAuditEventBackground).toHaveBeenCalledWith(
+      expect.objectContaining({
+        action: "signedIn",
+        targetType: "user",
+        userId: "user_1",
+        targetId: "user_1",
+        organizationId: "unknown",
+        status: "success",
+        userType: "user",
+        newObject: expect.objectContaining({
+          email: "user@example.com",
+          authMethod: "sso",
+          provider: "keycloak",
+          sessionStrategy: "database",
+          isNewUser: false,
+        }),
+      })
+    );
+  });
+
+  test("logs failed sign-in attempts from the callback stage with the request event id", async () => {
+    const error = new Error("Access denied");
+    mocks.baseSignIn.mockRejectedValueOnce(error);
+
+    const authOptions = await getWrappedAuthOptions("req-failure");
+    const user = { id: "user_2", email: "user2@example.com" };
+    const account = { provider: "credentials" };
+
+    await expect(authOptions.callbacks.signIn({ user, account })).rejects.toThrow("Access denied");
+
+    expect(mocks.baseEventSignIn).not.toHaveBeenCalled();
+    expect(mocks.queueAuditEventBackground).toHaveBeenCalledWith(
+      expect.objectContaining({
+        action: "signedIn",
+        targetType: "user",
+        userId: "user_2",
+        targetId: "user_2",
+        organizationId: "unknown",
+        status: "failure",
+        userType: "user",
+        eventId: "req-failure",
+        newObject: expect.objectContaining({
+          email: "user2@example.com",
+          authMethod: "password",
+          provider: "credentials",
+          errorMessage: "Access denied",
+        }),
+      })
+    );
+  });
+
+  test("logs blocked SSO account-linking attempts as SSO failures", async () => {
+    const error = new Error("OAuthAccountNotLinked");
+    mocks.baseSignIn.mockRejectedValueOnce(error);
+
+    const authOptions = await getWrappedAuthOptions("req-sso-failure");
+    const user = { id: "user_3", email: "user3@example.com" };
+    const account = { provider: "google" };
+
+    await expect(authOptions.callbacks.signIn({ user, account })).rejects.toThrow("OAuthAccountNotLinked");
+
+    expect(mocks.queueAuditEventBackground).toHaveBeenCalledWith(
+      expect.objectContaining({
+        action: "signedIn",
+        targetType: "user",
+        userId: "user_3",
+        targetId: "user_3",
+        organizationId: "unknown",
+        status: "failure",
+        userType: "user",
+        eventId: "req-sso-failure",
+        newObject: expect.objectContaining({
+          email: "user3@example.com",
+          authMethod: "sso",
+          provider: "google",
+          errorMessage: "OAuthAccountNotLinked",
+        }),
+      })
+    );
+  });
+
+  test("does not log a completed sign-in for the intermediate SSO recovery verification step", async () => {
+    const authOptions = await getWrappedAuthOptions("req-sso-recovery");
+    const user = {
+      id: "user_4",
+      email: "user4@example.com",
+      authFlowPurpose: "sso_recovery",
+    };
+    const account = { provider: "token" };
+
+    await expect(authOptions.callbacks.signIn({ user, account })).resolves.toBe(true);
+    await authOptions.events.signIn({ user, account, isNewUser: false });
+
+    expect(mocks.baseEventSignIn).not.toHaveBeenCalled();
+    expect(mocks.queueAuditEventBackground).not.toHaveBeenCalled();
+  });
+});
@@ -6,10 +6,32 @@ import { logger } from "@formbricks/logger";
 import { IS_PRODUCTION, SENTRY_DSN } from "@/lib/constants";
 import { authOptions as baseAuthOptions } from "@/modules/auth/lib/authOptions";
 import { queueAuditEventBackground } from "@/modules/ee/audit-logs/lib/handler";
-import { TAuditStatus, UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";
+import { UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";

 export const fetchCache = "force-no-store";

+const getAuthMethod = (account: Account | null) => {
+  if (account?.provider === "credentials") {
+    return "password";
+  }
+
+  if (account?.provider === "token") {
+    return "email_verification";
+  }
+
+  if (account?.provider) {
+    return "sso";
+  }
+
+  return "unknown";
+};
+
+const isSsoRecoveryVerificationFlow = (account: Account | null, user: User | AdapterUser) =>
+  account?.provider === "token" &&
+  "authFlowPurpose" in user &&
+  typeof user.authFlowPurpose === "string" &&
+  user.authFlowPurpose === "sso_recovery";
+
 const handler = async (req: Request, ctx: any) => {
  const eventId = req.headers.get("x-request-id") ?? undefined;

@@ -17,44 +39,6 @@ const handler = async (req: Request, ctx: any) => {
    ...baseAuthOptions,
    callbacks: {
      ...baseAuthOptions.callbacks,
-      async jwt(params: any) {
-        let result: any = params.token;
-        let error: any = undefined;
-
-        try {
-          if (baseAuthOptions.callbacks?.jwt) {
-            result = await baseAuthOptions.callbacks.jwt(params);
-          }
-        } catch (err) {
-          error = err;
-          logger.withContext({ eventId, err }).error("JWT callback failed");
-
-          if (SENTRY_DSN && IS_PRODUCTION) {
-            Sentry.captureException(err);
-          }
-        }
-
-        // Audit JWT operations (token refresh, updates)
-        if (params.trigger && params.token?.profile?.id) {
-          const status: TAuditStatus = error ? "failure" : "success";
-          const auditLog = {
-            action: "jwtTokenCreated" as const,
-            targetType: "user" as const,
-            userId: params.token.profile.id,
-            targetId: params.token.profile.id,
-            organizationId: UNKNOWN_DATA,
-            status,
-            userType: "user" as const,
-            newObject: { trigger: params.trigger, tokenType: "jwt" },
-            ...(error ? { eventId } : {}),
-          };
-
-          queueAuditEventBackground(auditLog);
-        }
-
-        if (error) throw error;
-        return result;
-      },
      async session(params: any) {
        let result: any = params.session;
        let error: any = undefined;
@@ -90,7 +74,7 @@ const handler = async (req: Request, ctx: any) => {
      }) {
        let result: boolean | string = true;
        let error: any = undefined;
-        let authMethod = "unknown";
+        const authMethod = getAuthMethod(account);

        try {
          if (baseAuthOptions.callbacks?.signIn) {
@@ -102,15 +86,6 @@ const handler = async (req: Request, ctx: any) => {
              credentials,
            });
          }
-
-          // Determine authentication method for more detailed logging
-          if (account?.provider === "credentials") {
-            authMethod = "password";
-          } else if (account?.provider === "token") {
-            authMethod = "email_verification";
-          } else if (account?.provider && account.provider !== "credentials") {
-            authMethod = "sso";
-          }
        } catch (err) {
          error = err;
          result = false;
@@ -122,30 +97,64 @@ const handler = async (req: Request, ctx: any) => {
          }
        }

-        const status: TAuditStatus = result === false ? "failure" : "success";
-        const auditLog = {
-          action: "signedIn" as const,
-          targetType: "user" as const,
-          userId: user?.id ?? UNKNOWN_DATA,
-          targetId: user?.id ?? UNKNOWN_DATA,
-          organizationId: UNKNOWN_DATA,
-          status,
-          userType: "user" as const,
-          newObject: {
-            ...user,
-            authMethod,
-            provider: account?.provider,
-            ...(error ? { errorMessage: error.message } : {}),
-          },
-          ...(status === "failure" ? { eventId } : {}),
-        };
-
-        queueAuditEventBackground(auditLog);
+        if (result === false) {
+          queueAuditEventBackground({
+            action: "signedIn",
+            targetType: "user",
+            userId: user?.id ?? UNKNOWN_DATA,
+            targetId: user?.id ?? UNKNOWN_DATA,
+            organizationId: UNKNOWN_DATA,
+            status: "failure",
+            userType: "user",
+            newObject: {
+              ...user,
+              authMethod,
+              provider: account?.provider,
+              ...(error instanceof Error ? { errorMessage: error.message } : {}),
+            },
+            eventId,
+          });
+        }

        if (error) throw error;
        return result;
      },
    },
+    events: {
+      ...baseAuthOptions.events,
+      async signIn({ user, account, isNewUser }: any) {
+        if (isSsoRecoveryVerificationFlow(account, user)) {
+          return;
+        }
+
+        try {
+          await baseAuthOptions.events?.signIn?.({ user, account, isNewUser });
+        } catch (err) {
+          logger.withContext({ eventId, err }).error("Sign-in event callback failed");
+
+          if (SENTRY_DSN && IS_PRODUCTION) {
+            Sentry.captureException(err);
+          }
+        }
+
+        queueAuditEventBackground({
+          action: "signedIn",
+          targetType: "user",
+          userId: user?.id ?? UNKNOWN_DATA,
+          targetId: user?.id ?? UNKNOWN_DATA,
+          organizationId: UNKNOWN_DATA,
+          status: "success",
+          userType: "user",
+          newObject: {
+            ...user,
+            authMethod: getAuthMethod(account),
+            provider: account?.provider,
+            sessionStrategy: "database",
+            isNewUser: isNewUser ?? false,
+          },
+        });
+      },
+    },
  };

  return NextAuth(authOptions)(req, ctx);
@@ -0,0 +1,67 @@
+import { getServerSession } from "next-auth";
+import { NextResponse } from "next/server";
+import { logger } from "@formbricks/logger";
+import { verifySsoRelinkIntent } from "@/lib/jwt";
+import { deleteSessionBySessionToken } from "@/modules/auth/lib/auth-session-repository";
+import { authOptions } from "@/modules/auth/lib/authOptions";
+import {
+  NEXT_AUTH_SESSION_COOKIE_NAMES,
+  getSessionTokenFromCookieHeader,
+} from "@/modules/auth/lib/session-cookie";
+import { completeSsoRecovery, getSsoRecoveryFailureRedirectUrl } from "@/modules/ee/sso/lib/sso-recovery";
+
+const clearSessionCookies = (response: NextResponse) => {
+  for (const cookieName of NEXT_AUTH_SESSION_COOKIE_NAMES) {
+    response.cookies.set({
+      name: cookieName,
+      value: "",
+      expires: new Date(0),
+      path: "/",
+      secure: cookieName.startsWith("__Secure-"),
+    });
+  }
+};
+
+const buildFailedRecoveryResponse = async (request: Request, callbackUrl?: string) => {
+  const response = NextResponse.redirect(getSsoRecoveryFailureRedirectUrl(callbackUrl));
+  clearSessionCookies(response);
+
+  const sessionToken = getSessionTokenFromCookieHeader(request.headers.get("cookie"));
+  if (!sessionToken) {
+    return response;
+  }
+
+  try {
+    await deleteSessionBySessionToken(sessionToken);
+  } catch (error) {
+    logger.error(error, "Failed to delete SSO recovery session after recovery completion error");
+  }
+
+  return response;
+};
+
+export const GET = async (request: Request) => {
+  const url = new URL(request.url);
+  const intentToken = url.searchParams.get("intent");
+
+  if (!intentToken) {
+    return NextResponse.redirect(getSsoRecoveryFailureRedirectUrl());
+  }
+
+  try {
+    const session = await getServerSession(authOptions);
+    const callbackUrl = await completeSsoRecovery({
+      intentToken,
+      sessionUserId: session?.user.id,
+    });
+
+    return NextResponse.redirect(callbackUrl);
+  } catch {
+    try {
+      const intent = verifySsoRelinkIntent(intentToken);
+      return await buildFailedRecoveryResponse(request, intent.callbackUrl);
+    } catch {
+      return await buildFailedRecoveryResponse(request);
+    }
+  }
+};
@@ -1,5 +1,6 @@
 import { google } from "googleapis";
 import { getServerSession } from "next-auth";
+import { logger } from "@formbricks/logger";
 import { TIntegrationGoogleSheetsConfig } from "@formbricks/types/integration/google-sheet";
 import { responses } from "@/app/lib/api/response";
 import {
@@ -10,6 +11,8 @@ import {
 } from "@/lib/constants";
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
+import { capturePostHogEvent } from "@/lib/posthog";
+import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
 import { authOptions } from "@/modules/auth/lib/authOptions";

 export const GET = async (req: Request) => {
@@ -82,6 +85,16 @@ export const GET = async (req: Request) => {

  const result = await createOrUpdateIntegration(environmentId, googleSheetIntegration);
  if (result) {
+    try {
+      const organizationId = await getOrganizationIdFromEnvironmentId(environmentId);
+      capturePostHogEvent(session.user.id, "integration_connected", {
+        integration_type: "googleSheets",
+        organization_id: organizationId,
+      });
+    } catch (err) {
+      logger.error({ error: err }, "Failed to capture PostHog integration_connected event for googleSheets");
+    }
+
    return Response.redirect(
      `${WEBAPP_URL}/environments/${environmentId}/workspace/integrations/google-sheets`
    );
@@ -1,9 +1,15 @@
 import { NextRequest } from "next/server";
 import { describe, expect, test, vi } from "vitest";
 import { TAPIKeyEnvironmentPermission } from "@formbricks/types/auth";
+import {
+  DatabaseError,
+  InvalidInputError,
+  ResourceNotFoundError,
+  UniqueConstraintError,
+} from "@formbricks/types/errors";
 import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-import { authenticateRequest } from "./auth";
+import { authenticateRequest, handleErrorResponse } from "./auth";

 vi.mock("@/modules/organization/settings/api-keys/lib/api-key", () => ({
  getApiKeyWithPermissions: vi.fn(),
@@ -193,3 +199,53 @@ describe("authenticateRequest", () => {
    expect(result).toBeNull();
  });
 });
+
+describe("handleErrorResponse", () => {
+  test("returns 401 notAuthenticated for 'NotAuthenticated' message", async () => {
+    const response = handleErrorResponse(new Error("NotAuthenticated"));
+    expect(response.status).toBe(401);
+    const body = await response.json();
+    expect(body.code).toBe("not_authenticated");
+  });
+
+  test("returns 401 unauthorized for 'Unauthorized' message", async () => {
+    const response = handleErrorResponse(new Error("Unauthorized"));
+    expect(response.status).toBe(401);
+    const body = await response.json();
+    expect(body.code).toBe("unauthorized");
+  });
+
+  test("returns 409 conflict for UniqueConstraintError", async () => {
+    const response = handleErrorResponse(new UniqueConstraintError("Action with name foo already exists"));
+    expect(response.status).toBe(409);
+    const body = await response.json();
+    expect(body.code).toBe("conflict");
+    expect(body.message).toBe("Action with name foo already exists");
+  });
+
+  test("returns 400 badRequest for DatabaseError", async () => {
+    const response = handleErrorResponse(new DatabaseError("db boom"));
+    expect(response.status).toBe(400);
+    const body = await response.json();
+    expect(body.message).toBe("db boom");
+  });
+
+  test("returns 400 badRequest for InvalidInputError", async () => {
+    const response = handleErrorResponse(new InvalidInputError("bad input"));
+    expect(response.status).toBe(400);
+    const body = await response.json();
+    expect(body.message).toBe("bad input");
+  });
+
+  test("returns 400 badRequest for ResourceNotFoundError", async () => {
+    const response = handleErrorResponse(new ResourceNotFoundError("Survey", "id-1"));
+    expect(response.status).toBe(400);
+  });
+
+  test("returns 500 internalServerError for unknown errors", async () => {
+    const response = handleErrorResponse(new Error("something else"));
+    expect(response.status).toBe(500);
+    const body = await response.json();
+    expect(body.message).toBe("Some error occurred");
+  });
+});
@@ -1,6 +1,11 @@
 import { NextRequest } from "next/server";
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { DatabaseError, InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import {
+  DatabaseError,
+  InvalidInputError,
+  ResourceNotFoundError,
+  UniqueConstraintError,
+} from "@formbricks/types/errors";
 import { responses } from "@/app/lib/api/response";
 import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";

@@ -40,6 +45,9 @@ export const handleErrorResponse = (error: any): Response => {
    case "Unauthorized":
      return responses.unauthorizedResponse();
    default:
+      if (error instanceof UniqueConstraintError) {
+        return responses.conflictResponse(error.message);
+      }
      if (
        error instanceof DatabaseError ||
        error instanceof InvalidInputError ||
@@ -0,0 +1,98 @@
+import { Prisma } from "@prisma/client";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { DatabaseError, ResourceNotFoundError, ValidationError } from "@formbricks/types/errors";
+import { validateInputs } from "@/lib/utils/validate";
+import { getResponseIdByDisplayId } from "./response";
+
+vi.mock("@/lib/utils/validate", () => ({
+  validateInputs: vi.fn((inputs: [unknown, unknown][]) =>
+    inputs.map((input: [unknown, unknown]) => input[0])
+  ),
+}));
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    display: {
+      findFirst: vi.fn(),
+    },
+  },
+}));
+
+describe("getResponseIdByDisplayId", () => {
+  const environmentId = "env1234567890123456789012";
+  const displayId = "display1234567890123456789";
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  test("returns the linked responseId when a response exists", async () => {
+    vi.mocked(prisma.display.findFirst).mockResolvedValue({
+      response: {
+        id: "response123456789012345678",
+      },
+    } as any);
+
+    const result = await getResponseIdByDisplayId(environmentId, displayId);
+
+    expect(validateInputs).toHaveBeenCalledWith(
+      [environmentId, expect.any(Object)],
+      [displayId, expect.any(Object)]
+    );
+    expect(prisma.display.findFirst).toHaveBeenCalledWith({
+      where: {
+        id: displayId,
+        survey: {
+          environmentId,
+        },
+      },
+      select: {
+        response: {
+          select: {
+            id: true,
+          },
+        },
+      },
+    });
+    expect(result).toEqual({ responseId: "response123456789012345678" });
+  });
+
+  test("returns null when the display exists but has no response", async () => {
+    vi.mocked(prisma.display.findFirst).mockResolvedValue({
+      response: null,
+    } as any);
+
+    await expect(getResponseIdByDisplayId(environmentId, displayId)).resolves.toEqual({
+      responseId: null,
+    });
+  });
+
+  test("throws ResourceNotFoundError when the display does not exist in the environment", async () => {
+    vi.mocked(prisma.display.findFirst).mockResolvedValue(null);
+
+    await expect(getResponseIdByDisplayId(environmentId, displayId)).rejects.toThrow(
+      new ResourceNotFoundError("Display", displayId)
+    );
+  });
+
+  test("throws ValidationError when input validation fails", async () => {
+    const validationError = new ValidationError("Validation failed");
+    vi.mocked(validateInputs).mockImplementation(() => {
+      throw validationError;
+    });
+
+    await expect(getResponseIdByDisplayId(environmentId, displayId)).rejects.toThrow(ValidationError);
+    expect(prisma.display.findFirst).not.toHaveBeenCalled();
+  });
+
+  test("throws DatabaseError on Prisma request errors", async () => {
+    const prismaError = new Prisma.PrismaClientKnownRequestError("Database error", {
+      code: "P2002",
+      clientVersion: "test",
+    });
+    vi.mocked(prisma.display.findFirst).mockRejectedValue(prismaError);
+
+    await expect(getResponseIdByDisplayId(environmentId, displayId)).rejects.toThrow(DatabaseError);
+  });
+});
@@ -0,0 +1,44 @@
+import { Prisma } from "@prisma/client";
+import { prisma } from "@formbricks/database";
+import { ZId } from "@formbricks/types/common";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { validateInputs } from "@/lib/utils/validate";
+
+export const getResponseIdByDisplayId = async (
+  environmentId: string,
+  displayId: string
+): Promise<{ responseId: string | null }> => {
+  validateInputs([environmentId, ZId], [displayId, ZId]);
+
+  try {
+    const display = await prisma.display.findFirst({
+      where: {
+        id: displayId,
+        survey: {
+          environmentId,
+        },
+      },
+      select: {
+        response: {
+          select: {
+            id: true,
+          },
+        },
+      },
+    });
+
+    if (!display) {
+      throw new ResourceNotFoundError("Display", displayId);
+    }
+
+    return {
+      responseId: display.response?.id ?? null,
+    };
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      throw new DatabaseError(error.message);
+    }
+
+    throw error;
+  }
+};
@@ -0,0 +1,70 @@
+import { NextRequest } from "next/server";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { ResourceNotFoundError } from "@formbricks/types/errors";
+import { getResponseIdByDisplayId } from "./lib/response";
+import { GET } from "./route";
+
+vi.mock("@/app/lib/api/with-api-logging", async () => {
+  return {
+    withV1ApiWrapper:
+      ({ handler }: { handler: any }) =>
+      async (req: NextRequest, props: any) => {
+        const result = await handler({ req, props });
+        return result.response;
+      },
+  };
+});
+
+vi.mock("./lib/response", () => ({
+  getResponseIdByDisplayId: vi.fn(),
+}));
+
+describe("GET /api/v1/client/[environmentId]/displays/[displayId]/response", () => {
+  const req = new NextRequest("http://localhost/api/v1/client/env/displays/display/response");
+  const props = {
+    params: Promise.resolve({
+      environmentId: "env1234567890123456789012",
+      displayId: "display1234567890123456789",
+    }),
+  };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  test("returns the responseId when a linked response exists", async () => {
+    vi.mocked(getResponseIdByDisplayId).mockResolvedValue({ responseId: "response123456789012345678" });
+
+    const response = await GET(req, props);
+
+    expect(response.status).toBe(200);
+    await expect(response.json()).resolves.toEqual({
+      data: {
+        responseId: "response123456789012345678",
+      },
+    });
+  });
+
+  test("returns null when the display exists without a response", async () => {
+    vi.mocked(getResponseIdByDisplayId).mockResolvedValue({ responseId: null });
+
+    const response = await GET(req, props);
+
+    expect(response.status).toBe(200);
+    await expect(response.json()).resolves.toEqual({
+      data: {
+        responseId: null,
+      },
+    });
+  });
+
+  test("returns 404 when the display is missing for the environment", async () => {
+    vi.mocked(getResponseIdByDisplayId).mockRejectedValue(
+      new ResourceNotFoundError("Display", "display1234567890123456789")
+    );
+
+    const response = await GET(req, props);
+
+    expect(response.status).toBe(404);
+  });
+});
@@ -0,0 +1,40 @@
+import { logger } from "@formbricks/logger";
+import { ResourceNotFoundError } from "@formbricks/types/errors";
+import { responses } from "@/app/lib/api/response";
+import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
+import { getResponseIdByDisplayId } from "./lib/response";
+
+export const OPTIONS = async (): Promise<Response> => {
+  return responses.successResponse({}, true);
+};
+
+export const GET = withV1ApiWrapper({
+  handler: async ({
+    req,
+    props,
+  }: THandlerParams<{ params: Promise<{ environmentId: string; displayId: string }> }>) => {
+    const params = await props.params;
+
+    try {
+      const response = await getResponseIdByDisplayId(params.environmentId, params.displayId);
+
+      return {
+        response: responses.successResponse(response, true),
+      };
+    } catch (error) {
+      if (error instanceof ResourceNotFoundError) {
+        return {
+          response: responses.notFoundResponse("Display", params.displayId, true),
+        };
+      }
+
+      logger.error(
+        { error, url: req.url, environmentId: params.environmentId, displayId: params.displayId },
+        "Error in GET /api/v1/client/[environmentId]/displays/[displayId]/response"
+      );
+      return {
+        response: responses.internalServerErrorResponse("Something went wrong. Please try again."),
+      };
+    }
+  },
+});
@@ -70,6 +70,7 @@ const mockEnvironmentData = {
      displayOption: "displayOnce",
      hiddenFields: { enabled: false },
      isBackButtonHidden: false,
+      isAutoProgressingEnabled: true,
      triggers: [],
      displayPercentage: null,
      delay: 0,
@@ -122,6 +123,13 @@ describe("getEnvironmentStateData", () => {
        surveys: expect.any(Object),
      }),
    });
+
+    const prismaCall = vi.mocked(prisma.environment.findUnique).mock.calls[0][0];
+    expect(prismaCall.select.surveys.select).toEqual(
+      expect.objectContaining({
+        isAutoProgressingEnabled: true,
+      })
+    );
  });

  test("should throw ResourceNotFoundError when environment is not found", async () => {
@@ -121,6 +121,7 @@ export const getEnvironmentStateData = async (environmentId: string): Promise<En
            displayOption: true,
            hiddenFields: true,
            isBackButtonHidden: true,
+            isAutoProgressingEnabled: true,
            triggers: {
              select: {
                actionClass: {
@@ -6,6 +6,7 @@ import { TJsEnvironmentState, TJsEnvironmentStateProject } from "@formbricks/typ
 import { TOrganization } from "@formbricks/types/organizations";
 import { TSurvey } from "@formbricks/types/surveys/types";
 import { cache } from "@/lib/cache";
+import { capturePostHogEvent } from "@/lib/posthog";
 import { EnvironmentStateData, getEnvironmentStateData } from "./data";
 import { getEnvironmentState } from "./environmentState";

@@ -36,6 +37,11 @@ vi.mock("@/lib/constants", () => ({
  IS_RECAPTCHA_CONFIGURED: true,
  IS_PRODUCTION: true,
  ENTERPRISE_LICENSE_KEY: "mock_enterprise_license_key",
+  POSTHOG_KEY: "phc_test_key",
+}));
+
+vi.mock("@/lib/posthog", () => ({
+  capturePostHogEvent: vi.fn(),
 }));

 // Mock @formbricks/cache
@@ -76,7 +82,8 @@ const mockOrganization: TOrganization = {
    },
    usageCycleAnchor: new Date(),
  },
-  isAIEnabled: false,
+  isAISmartToolsEnabled: false,
+  isAIDataAnalysisEnabled: false,
 };

 const mockSurveys: TSurvey[] = [
@@ -302,4 +309,38 @@ describe("getEnvironmentState", () => {

    expect(result.data.actionClasses).toEqual([]);
  });
+
+  test("should capture app_connected PostHog event when app setup completes", async () => {
+    const noCodeAction = {
+      ...mockActionClasses[0],
+      id: "action-2",
+      type: "noCode" as const,
+      key: null,
+    };
+    const incompleteEnvironmentData = {
+      ...mockEnvironmentStateData,
+      environment: {
+        ...mockEnvironmentStateData.environment,
+        appSetupCompleted: false,
+      },
+      actionClasses: [...mockActionClasses, noCodeAction],
+    };
+    vi.mocked(getEnvironmentStateData).mockResolvedValue(incompleteEnvironmentData);
+
+    await getEnvironmentState(environmentId);
+
+    expect(capturePostHogEvent).toHaveBeenCalledWith(environmentId, "app_connected", {
+      num_surveys: 1,
+      num_code_actions: 1,
+      num_no_code_actions: 1,
+    });
+  });
+
+  test("should not capture app_connected event when app setup already completed", async () => {
+    vi.mocked(getEnvironmentStateData).mockResolvedValue(mockEnvironmentStateData);
+
+    await getEnvironmentState(environmentId);
+
+    expect(capturePostHogEvent).not.toHaveBeenCalled();
+  });
 });
@@ -3,7 +3,8 @@ import { createCacheKey } from "@formbricks/cache";
 import { prisma } from "@formbricks/database";
 import { TJsEnvironmentState } from "@formbricks/types/js";
 import { cache } from "@/lib/cache";
-import { IS_RECAPTCHA_CONFIGURED, RECAPTCHA_SITE_KEY } from "@/lib/constants";
+import { IS_RECAPTCHA_CONFIGURED, POSTHOG_KEY, RECAPTCHA_SITE_KEY } from "@/lib/constants";
+import { capturePostHogEvent } from "@/lib/posthog";
 import { getEnvironmentStateData } from "./data";

 /**
@@ -30,6 +31,14 @@ export const getEnvironmentState = async (
          where: { id: environmentId },
          data: { appSetupCompleted: true },
        });
+
+        if (POSTHOG_KEY) {
+          capturePostHogEvent(environmentId, "app_connected", {
+            num_surveys: surveys.length,
+            num_code_actions: actionClasses.filter((ac) => ac.type === "code").length,
+            num_no_code_actions: actionClasses.filter((ac) => ac.type === "noCode").length,
+          });
+        }
      }

      // Build the response data
@@ -86,9 +86,11 @@ export const GET = withV1ApiWrapper({
        };
      }

+      const error = err instanceof Error ? err : new Error(String(err));
+
      logger.error(
        {
-          error: err,
+          error,
          url: req.url,
          environmentId: params.environmentId,
        },
@@ -96,9 +98,10 @@ export const GET = withV1ApiWrapper({
      );
      return {
        response: responses.internalServerErrorResponse(
-          err instanceof Error ? err.message : "Unknown error occurred",
+          "An error occurred while processing your request.",
          true
        ),
+        error,
      };
    }
  },
@@ -0,0 +1,488 @@
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { DatabaseError, InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { responses } from "@/app/lib/api/response";
+import { putResponseHandler } from "./put-response-handler";
+
+const mocks = vi.hoisted(() => ({
+  formatValidationErrorsForV1Api: vi.fn((errors) => errors),
+  getResponse: vi.fn(),
+  getSurvey: vi.fn(),
+  getValidatedResponseUpdateInput: vi.fn(),
+  loggerError: vi.fn(),
+  sendToPipeline: vi.fn(),
+  updateResponseWithQuotaEvaluation: vi.fn(),
+  validateFileUploads: vi.fn(),
+  validateOtherOptionLengthForMultipleChoice: vi.fn(),
+  validateResponseData: vi.fn(),
+}));
+
+vi.mock("@formbricks/logger", () => ({
+  logger: {
+    error: mocks.loggerError,
+  },
+}));
+
+vi.mock("@/app/lib/pipelines", () => ({
+  sendToPipeline: mocks.sendToPipeline,
+}));
+
+vi.mock("@/lib/response/service", () => ({
+  getResponse: mocks.getResponse,
+}));
+
+vi.mock("@/lib/survey/service", () => ({
+  getSurvey: mocks.getSurvey,
+}));
+
+vi.mock("@/modules/api/lib/validation", () => ({
+  formatValidationErrorsForV1Api: mocks.formatValidationErrorsForV1Api,
+  validateResponseData: mocks.validateResponseData,
+}));
+
+vi.mock("@/modules/api/v2/lib/element", () => ({
+  validateOtherOptionLengthForMultipleChoice: mocks.validateOtherOptionLengthForMultipleChoice,
+}));
+
+vi.mock("@/modules/storage/utils", () => ({
+  validateFileUploads: mocks.validateFileUploads,
+}));
+
+vi.mock("./response", () => ({
+  updateResponseWithQuotaEvaluation: mocks.updateResponseWithQuotaEvaluation,
+}));
+
+vi.mock("./validated-response-update-input", () => ({
+  getValidatedResponseUpdateInput: mocks.getValidatedResponseUpdateInput,
+}));
+
+const environmentId = "environment_a";
+const responseId = "response_123";
+const surveyId = "survey_123";
+
+const createRequest = () =>
+  new Request(`https://api.test/api/v1/client/${environmentId}/responses/${responseId}`, {
+    method: "PUT",
+  });
+
+const createHandlerParams = (params?: Partial<{ environmentId: string; responseId: string }>) =>
+  ({
+    req: createRequest(),
+    props: {
+      params: Promise.resolve({
+        environmentId,
+        responseId,
+        ...params,
+      }),
+    },
+  }) as never;
+
+const getBaseResponseUpdateInput = () => ({
+  data: {
+    q1: "updated-answer",
+  },
+  language: "en",
+});
+
+const getBaseExistingResponse = () =>
+  ({
+    id: responseId,
+    surveyId,
+    data: {
+      q0: "existing-answer",
+    },
+    finished: false,
+    language: "en",
+  }) as const;
+
+const getBaseSurvey = () =>
+  ({
+    id: surveyId,
+    environmentId,
+    blocks: [],
+    questions: [],
+  }) as const;
+
+const getBaseUpdatedResponse = () =>
+  ({
+    id: responseId,
+    surveyId,
+    data: {
+      q0: "existing-answer",
+      q1: "updated-answer",
+    },
+    finished: false,
+    quotaFull: undefined,
+  }) as const;
+
+describe("putResponseHandler", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+
+    mocks.getValidatedResponseUpdateInput.mockResolvedValue({
+      responseUpdateInput: getBaseResponseUpdateInput(),
+    });
+    mocks.getResponse.mockResolvedValue(getBaseExistingResponse());
+    mocks.getSurvey.mockResolvedValue(getBaseSurvey());
+    mocks.updateResponseWithQuotaEvaluation.mockResolvedValue(getBaseUpdatedResponse());
+    mocks.validateFileUploads.mockReturnValue(true);
+    mocks.validateOtherOptionLengthForMultipleChoice.mockReturnValue(null);
+    mocks.validateResponseData.mockReturnValue(null);
+  });
+
+  test("returns a bad request response when the response id is missing", async () => {
+    const result = await putResponseHandler(createHandlerParams({ responseId: "" }));
+
+    expect(result.response.status).toBe(400);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "bad_request",
+      message: "Response ID is missing",
+      details: {},
+    });
+    expect(mocks.getValidatedResponseUpdateInput).not.toHaveBeenCalled();
+  });
+
+  test("returns the validation response from the parsed request input", async () => {
+    const validationResponse = responses.badRequestResponse(
+      "Malformed JSON in request body",
+      undefined,
+      true
+    );
+    mocks.getValidatedResponseUpdateInput.mockResolvedValue({
+      response: validationResponse,
+    });
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response).toBe(validationResponse);
+    expect(mocks.getResponse).not.toHaveBeenCalled();
+  });
+
+  test("returns not found when the response does not exist", async () => {
+    mocks.getResponse.mockResolvedValue(null);
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(404);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "not_found",
+      message: "Response not found",
+      details: {
+        resource_id: responseId,
+        resource_type: "Response",
+      },
+    });
+  });
+
+  test("maps resource lookup errors to a not found response", async () => {
+    mocks.getResponse.mockRejectedValue(new ResourceNotFoundError("Response", responseId));
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(404);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "not_found",
+      message: "Response not found",
+      details: {
+        resource_id: responseId,
+        resource_type: "Response",
+      },
+    });
+  });
+
+  test("maps invalid lookup input errors to a bad request response", async () => {
+    mocks.getResponse.mockRejectedValue(new InvalidInputError("Invalid response id"));
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(400);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "bad_request",
+      message: "Invalid response id",
+      details: {},
+    });
+  });
+
+  test("maps database lookup errors to a reported internal server error", async () => {
+    const error = new DatabaseError("Lookup failed");
+    mocks.getResponse.mockRejectedValue(error);
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.error).toBe(error);
+    expect(result.response.status).toBe(500);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "internal_server_error",
+      message: "Lookup failed",
+      details: {},
+    });
+    expect(mocks.loggerError).toHaveBeenCalledWith(
+      {
+        error,
+        url: createRequest().url,
+      },
+      "Error in PUT /api/v1/client/[environmentId]/responses/[responseId]"
+    );
+  });
+
+  test("maps unknown lookup failures to a generic internal server error", async () => {
+    const error = new Error("boom");
+    mocks.getResponse.mockRejectedValue(error);
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.error).toBe(error);
+    expect(result.response.status).toBe(500);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "internal_server_error",
+      message: "Unknown error occurred",
+      details: {},
+    });
+  });
+
+  test("rejects updates when the response survey does not belong to the requested environment", async () => {
+    mocks.getSurvey.mockResolvedValue({
+      ...getBaseSurvey(),
+      environmentId: "different_environment",
+    });
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(404);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "not_found",
+      message: "Response not found",
+      details: {
+        resource_id: responseId,
+        resource_type: "Response",
+      },
+    });
+    expect(mocks.updateResponseWithQuotaEvaluation).not.toHaveBeenCalled();
+    expect(mocks.sendToPipeline).not.toHaveBeenCalled();
+  });
+
+  test("rejects updates when the response is already finished", async () => {
+    mocks.getResponse.mockResolvedValue({
+      ...getBaseExistingResponse(),
+      finished: true,
+    });
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(400);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "bad_request",
+      message: "Response is already finished",
+      details: {},
+    });
+    expect(mocks.updateResponseWithQuotaEvaluation).not.toHaveBeenCalled();
+  });
+
+  test("rejects invalid file upload updates", async () => {
+    mocks.validateFileUploads.mockReturnValue(false);
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(400);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "bad_request",
+      message: "Invalid file upload response",
+      details: {},
+    });
+    expect(mocks.updateResponseWithQuotaEvaluation).not.toHaveBeenCalled();
+  });
+
+  test("rejects updates when an other-option response exceeds the character limit", async () => {
+    mocks.validateOtherOptionLengthForMultipleChoice.mockReturnValue("question_123");
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(400);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "bad_request",
+      message: "Response exceeds character limit",
+      details: {
+        questionId: "question_123",
+      },
+    });
+    expect(mocks.updateResponseWithQuotaEvaluation).not.toHaveBeenCalled();
+  });
+
+  test("returns validation details when merged response data is invalid", async () => {
+    mocks.validateResponseData.mockReturnValue([{ field: "q1", message: "Required" }]);
+    mocks.formatValidationErrorsForV1Api.mockReturnValue({
+      q1: "Required",
+    });
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(400);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "bad_request",
+      message: "Validation failed",
+      details: {
+        q1: "Required",
+      },
+    });
+    expect(mocks.formatValidationErrorsForV1Api).toHaveBeenCalledWith([{ field: "q1", message: "Required" }]);
+  });
+
+  test("returns not found when the response disappears during update", async () => {
+    mocks.updateResponseWithQuotaEvaluation.mockRejectedValue(
+      new ResourceNotFoundError("Response", responseId)
+    );
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(404);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "not_found",
+      message: "Response not found",
+      details: {
+        resource_id: responseId,
+        resource_type: "Response",
+      },
+    });
+  });
+
+  test("returns a bad request response for invalid update input during persistence", async () => {
+    mocks.updateResponseWithQuotaEvaluation.mockRejectedValue(
+      new InvalidInputError("Response update payload is invalid")
+    );
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(400);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "bad_request",
+      message: "Response update payload is invalid",
+      details: {},
+    });
+  });
+
+  test("returns a reported internal server error for database update failures", async () => {
+    const error = new DatabaseError("Update failed");
+    mocks.updateResponseWithQuotaEvaluation.mockRejectedValue(error);
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.error).toBe(error);
+    expect(result.response.status).toBe(500);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "internal_server_error",
+      message: "Update failed",
+      details: {},
+    });
+    expect(mocks.loggerError).toHaveBeenCalledWith(
+      {
+        error,
+        url: createRequest().url,
+      },
+      "Error in PUT /api/v1/client/[environmentId]/responses/[responseId]"
+    );
+  });
+
+  test("returns a generic internal server error for unexpected update failures", async () => {
+    const error = new Error("Unexpected persistence failure");
+    mocks.updateResponseWithQuotaEvaluation.mockRejectedValue(error);
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.error).toBe(error);
+    expect(result.response.status).toBe(500);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "internal_server_error",
+      message: "Something went wrong",
+      details: {},
+    });
+    expect(mocks.loggerError).toHaveBeenCalledWith(
+      {
+        error,
+        url: createRequest().url,
+      },
+      "Error in PUT /api/v1/client/[environmentId]/responses/[responseId]"
+    );
+  });
+
+  test("returns a success payload and emits a responseUpdated pipeline event", async () => {
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(200);
+    await expect(result.response.json()).resolves.toEqual({
+      data: {
+        id: responseId,
+        quotaFull: false,
+      },
+    });
+    expect(mocks.sendToPipeline).toHaveBeenCalledTimes(1);
+    expect(mocks.sendToPipeline).toHaveBeenCalledWith({
+      event: "responseUpdated",
+      environmentId,
+      surveyId,
+      response: {
+        id: responseId,
+        surveyId,
+        data: {
+          q0: "existing-answer",
+          q1: "updated-answer",
+        },
+        finished: false,
+      },
+    });
+  });
+
+  test("emits both pipeline events and includes quota metadata when the response finishes", async () => {
+    mocks.updateResponseWithQuotaEvaluation.mockResolvedValue({
+      ...getBaseUpdatedResponse(),
+      finished: true,
+      quotaFull: {
+        id: "quota_123",
+        action: "endSurvey",
+        endingCardId: "ending_card_123",
+      },
+    });
+
+    const result = await putResponseHandler(createHandlerParams());
+
+    expect(result.response.status).toBe(200);
+    await expect(result.response.json()).resolves.toEqual({
+      data: {
+        id: responseId,
+        quotaFull: true,
+        quota: {
+          id: "quota_123",
+          action: "endSurvey",
+          endingCardId: "ending_card_123",
+        },
+      },
+    });
+    expect(mocks.sendToPipeline).toHaveBeenCalledTimes(2);
+    expect(mocks.sendToPipeline).toHaveBeenNthCalledWith(1, {
+      event: "responseUpdated",
+      environmentId,
+      surveyId,
+      response: {
+        id: responseId,
+        surveyId,
+        data: {
+          q0: "existing-answer",
+          q1: "updated-answer",
+        },
+        finished: true,
+      },
+    });
+    expect(mocks.sendToPipeline).toHaveBeenNthCalledWith(2, {
+      event: "responseFinished",
+      environmentId,
+      surveyId,
+      response: {
+        id: responseId,
+        surveyId,
+        data: {
+          q0: "existing-answer",
+          q1: "updated-answer",
+        },
+        finished: true,
+      },
+    });
+  });
+});
@@ -0,0 +1,283 @@
+import { logger } from "@formbricks/logger";
+import { DatabaseError, InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { TResponse, TResponseUpdateInput } from "@formbricks/types/responses";
+import { TSurveyElement } from "@formbricks/types/surveys/elements";
+import { TSurvey } from "@formbricks/types/surveys/types";
+import { responses } from "@/app/lib/api/response";
+import { THandlerParams } from "@/app/lib/api/with-api-logging";
+import { sendToPipeline } from "@/app/lib/pipelines";
+import { getResponse } from "@/lib/response/service";
+import { getSurvey } from "@/lib/survey/service";
+import { formatValidationErrorsForV1Api, validateResponseData } from "@/modules/api/lib/validation";
+import { validateOtherOptionLengthForMultipleChoice } from "@/modules/api/v2/lib/element";
+import { createQuotaFullObject } from "@/modules/ee/quotas/lib/helpers";
+import { validateFileUploads } from "@/modules/storage/utils";
+import { updateResponseWithQuotaEvaluation } from "./response";
+import { getValidatedResponseUpdateInput } from "./validated-response-update-input";
+
+type TRouteResult = {
+  response: Response;
+  error?: unknown;
+};
+
+type TExistingResponseResult = { existingResponse: TResponse } | TRouteResult;
+type TSurveyResult = { survey: TSurvey } | TRouteResult;
+type TUpdatedResponseResult =
+  | { updatedResponse: Awaited<ReturnType<typeof updateResponseWithQuotaEvaluation>> }
+  | TRouteResult;
+
+export type TPutRouteParams = {
+  params: Promise<{
+    environmentId: string;
+    responseId: string;
+  }>;
+};
+
+const handleDatabaseError = (
+  error: Error,
+  url: string,
+  endpoint: string,
+  responseId: string
+): TRouteResult => {
+  if (error instanceof ResourceNotFoundError) {
+    return { response: responses.notFoundResponse("Response", responseId, true) };
+  }
+  if (error instanceof InvalidInputError) {
+    return { response: responses.badRequestResponse(error.message, undefined, true) };
+  }
+  if (error instanceof DatabaseError) {
+    logger.error({ error, url }, `Error in ${endpoint}`);
+    return {
+      response: responses.internalServerErrorResponse(error.message, true),
+      error,
+    };
+  }
+
+  return {
+    response: responses.internalServerErrorResponse("Unknown error occurred", true),
+    error,
+  };
+};
+
+const validateResponse = (
+  response: TResponse,
+  survey: TSurvey,
+  responseUpdateInput: TResponseUpdateInput
+) => {
+  const mergedData = {
+    ...response.data,
+    ...responseUpdateInput.data,
+  };
+
+  const validationErrors = validateResponseData(
+    survey.blocks,
+    mergedData,
+    responseUpdateInput.language ?? response.language ?? "en",
+    survey.questions
+  );
+
+  if (validationErrors) {
+    return {
+      response: responses.badRequestResponse(
+        "Validation failed",
+        formatValidationErrorsForV1Api(validationErrors),
+        true
+      ),
+    };
+  }
+};
+
+const getExistingResponse = async (req: Request, responseId: string): Promise<TExistingResponseResult> => {
+  try {
+    const existingResponse = await getResponse(responseId);
+
+    return existingResponse
+      ? { existingResponse }
+      : { response: responses.notFoundResponse("Response", responseId, true) };
+  } catch (error) {
+    return handleDatabaseError(
+      error instanceof Error ? error : new Error(String(error)),
+      req.url,
+      "PUT /api/v1/client/[environmentId]/responses/[responseId]",
+      responseId
+    );
+  }
+};
+
+const getSurveyForResponse = async (
+  req: Request,
+  responseId: string,
+  surveyId: string
+): Promise<TSurveyResult> => {
+  try {
+    const survey = await getSurvey(surveyId);
+
+    return survey ? { survey } : { response: responses.notFoundResponse("Survey", surveyId, true) };
+  } catch (error) {
+    return handleDatabaseError(
+      error instanceof Error ? error : new Error(String(error)),
+      req.url,
+      "PUT /api/v1/client/[environmentId]/responses/[responseId]",
+      responseId
+    );
+  }
+};
+
+const validateUpdateRequest = (
+  existingResponse: TResponse,
+  survey: TSurvey,
+  responseUpdateInput: TResponseUpdateInput
+): TRouteResult | undefined => {
+  if (existingResponse.finished) {
+    return {
+      response: responses.badRequestResponse("Response is already finished", undefined, true),
+    };
+  }
+
+  if (!validateFileUploads(responseUpdateInput.data, survey.questions)) {
+    return {
+      response: responses.badRequestResponse("Invalid file upload response", undefined, true),
+    };
+  }
+
+  const otherResponseInvalidQuestionId = validateOtherOptionLengthForMultipleChoice({
+    responseData: responseUpdateInput.data,
+    surveyQuestions: survey.questions as unknown as TSurveyElement[],
+    responseLanguage: responseUpdateInput.language,
+  });
+
+  if (otherResponseInvalidQuestionId) {
+    return {
+      response: responses.badRequestResponse(
+        `Response exceeds character limit`,
+        {
+          questionId: otherResponseInvalidQuestionId,
+        },
+        true
+      ),
+    };
+  }
+
+  return validateResponse(existingResponse, survey, responseUpdateInput);
+};
+
+const getUpdatedResponse = async (
+  req: Request,
+  responseId: string,
+  responseUpdateInput: TResponseUpdateInput
+): Promise<TUpdatedResponseResult> => {
+  try {
+    const updatedResponse = await updateResponseWithQuotaEvaluation(responseId, responseUpdateInput);
+    return { updatedResponse };
+  } catch (error) {
+    if (error instanceof ResourceNotFoundError) {
+      return {
+        response: responses.notFoundResponse("Response", responseId, true),
+      };
+    }
+    if (error instanceof InvalidInputError) {
+      return {
+        response: responses.badRequestResponse(error.message),
+      };
+    }
+    if (error instanceof DatabaseError) {
+      logger.error(
+        { error, url: req.url },
+        "Error in PUT /api/v1/client/[environmentId]/responses/[responseId]"
+      );
+      return {
+        response: responses.internalServerErrorResponse(error.message),
+        error,
+      };
+    }
+
+    const unexpectedError = error instanceof Error ? error : new Error(String(error));
+
+    logger.error(
+      { error: unexpectedError, url: req.url },
+      "Error in PUT /api/v1/client/[environmentId]/responses/[responseId]"
+    );
+    return {
+      response: responses.internalServerErrorResponse("Something went wrong"),
+      error: unexpectedError,
+    };
+  }
+};
+
+export const putResponseHandler = async ({
+  req,
+  props,
+}: THandlerParams<TPutRouteParams>): Promise<TRouteResult> => {
+  const params = await props.params;
+  const { environmentId, responseId } = params;
+
+  if (!responseId) {
+    return {
+      response: responses.badRequestResponse("Response ID is missing", undefined, true),
+    };
+  }
+
+  const validatedUpdateInput = await getValidatedResponseUpdateInput(req);
+  if ("response" in validatedUpdateInput) {
+    return validatedUpdateInput;
+  }
+  const { responseUpdateInput } = validatedUpdateInput;
+
+  const existingResponseResult = await getExistingResponse(req, responseId);
+  if ("response" in existingResponseResult) {
+    return existingResponseResult;
+  }
+  const { existingResponse } = existingResponseResult;
+
+  const surveyResult = await getSurveyForResponse(req, responseId, existingResponse.surveyId);
+  if ("response" in surveyResult) {
+    return surveyResult;
+  }
+  const { survey } = surveyResult;
+
+  if (survey.environmentId !== environmentId) {
+    return {
+      response: responses.notFoundResponse("Response", responseId, true),
+    };
+  }
+
+  const validationResult = validateUpdateRequest(existingResponse, survey, responseUpdateInput);
+  if (validationResult) {
+    return validationResult;
+  }
+
+  const updatedResponseResult = await getUpdatedResponse(req, responseId, responseUpdateInput);
+  if ("response" in updatedResponseResult) {
+    return updatedResponseResult;
+  }
+  const { updatedResponse } = updatedResponseResult;
+
+  const { quotaFull, ...responseData } = updatedResponse;
+
+  sendToPipeline({
+    event: "responseUpdated",
+    environmentId: survey.environmentId,
+    surveyId: survey.id,
+    response: responseData,
+  });
+
+  if (updatedResponse.finished) {
+    sendToPipeline({
+      event: "responseFinished",
+      environmentId: survey.environmentId,
+      surveyId: survey.id,
+      response: responseData,
+    });
+  }
+
+  const quotaObj = createQuotaFullObject(quotaFull);
+
+  const responseDataWithQuota = {
+    id: responseData.id,
+    ...quotaObj,
+  };
+
+  return {
+    response: responses.successResponse(responseDataWithQuota, true),
+  };
+};
@@ -0,0 +1,84 @@
+import { describe, expect, test } from "vitest";
+import { getValidatedResponseUpdateInput } from "./validated-response-update-input";
+
+describe("getValidatedResponseUpdateInput", () => {
+  test("returns a bad request response for malformed JSON", async () => {
+    const request = new Request("http://localhost/api/v1/client/test/responses/response-id", {
+      method: "PUT",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: "{invalid-json",
+    });
+
+    const result = await getValidatedResponseUpdateInput(request);
+
+    expect("response" in result).toBe(true);
+
+    if (!("response" in result)) {
+      throw new Error("Expected a response result");
+    }
+
+    expect(result.response.status).toBe(400);
+    await expect(result.response.json()).resolves.toEqual(
+      expect.objectContaining({
+        code: "bad_request",
+        message: "Malformed JSON in request body",
+        details: {
+          error: expect.any(String),
+        },
+      })
+    );
+  });
+
+  test("returns parsed response update input for valid JSON", async () => {
+    const request = new Request("http://localhost/api/v1/client/test/responses/response-id", {
+      method: "PUT",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        finished: true,
+      }),
+    });
+
+    const result = await getValidatedResponseUpdateInput(request);
+
+    expect(result).toEqual({
+      responseUpdateInput: {
+        finished: true,
+      },
+    });
+  });
+
+  test("returns a bad request response for schema-invalid JSON", async () => {
+    const request = new Request("http://localhost/api/v1/client/test/responses/response-id", {
+      method: "PUT",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        finished: "not-boolean",
+      }),
+    });
+
+    const result = await getValidatedResponseUpdateInput(request);
+
+    expect("response" in result).toBe(true);
+
+    if (!("response" in result)) {
+      throw new Error("Expected a response result");
+    }
+
+    expect(result.response.status).toBe(400);
+    await expect(result.response.json()).resolves.toEqual(
+      expect.objectContaining({
+        code: "bad_request",
+        message: "Fields are missing or incorrectly formatted",
+        details: expect.objectContaining({
+          finished: expect.any(String),
+        }),
+      })
+    );
+  });
+});
@@ -0,0 +1,28 @@
+import { TResponseUpdateInput, ZResponseUpdateInput } from "@formbricks/types/responses";
+import {
+  TParseAndValidateJsonBodyResult,
+  parseAndValidateJsonBody,
+} from "@/app/lib/api/parse-and-validate-json-body";
+
+export type TValidatedResponseUpdateInputResult =
+  | { response: Response }
+  | { responseUpdateInput: TResponseUpdateInput };
+
+export const getValidatedResponseUpdateInput = async (
+  req: Request
+): Promise<TValidatedResponseUpdateInputResult> => {
+  const validatedInput: TParseAndValidateJsonBodyResult<TResponseUpdateInput> =
+    await parseAndValidateJsonBody({
+      request: req,
+      schema: ZResponseUpdateInput,
+      malformedJsonMessage: "Malformed JSON in request body",
+    });
+
+  if ("response" in validatedInput) {
+    return {
+      response: validatedInput.response,
+    };
+  }
+
+  return { responseUpdateInput: validatedInput.data };
+};
@@ -1,235 +1,11 @@
-import { logger } from "@formbricks/logger";
-import { DatabaseError, InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
-import { TResponse, TResponseUpdateInput, ZResponseUpdateInput } from "@formbricks/types/responses";
-import { TSurveyElement } from "@formbricks/types/surveys/elements";
-import { TSurvey } from "@formbricks/types/surveys/types";
 import { responses } from "@/app/lib/api/response";
-import { transformErrorToDetails } from "@/app/lib/api/validator";
-import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
-import { sendToPipeline } from "@/app/lib/pipelines";
-import { getResponse } from "@/lib/response/service";
-import { getSurvey } from "@/lib/survey/service";
-import { formatValidationErrorsForV1Api, validateResponseData } from "@/modules/api/lib/validation";
-import { validateOtherOptionLengthForMultipleChoice } from "@/modules/api/v2/lib/element";
-import { createQuotaFullObject } from "@/modules/ee/quotas/lib/helpers";
-import { validateFileUploads } from "@/modules/storage/utils";
-import { updateResponseWithQuotaEvaluation } from "./lib/response";
+import { withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
+import { putResponseHandler } from "./lib/put-response-handler";

 export const OPTIONS = async (): Promise<Response> => {
  return responses.successResponse({}, true);
 };

-const handleDatabaseError = (error: Error, url: string, endpoint: string, responseId: string): Response => {
-  if (error instanceof ResourceNotFoundError) {
-    return responses.notFoundResponse("Response", responseId, true);
-  }
-  if (error instanceof InvalidInputError) {
-    return responses.badRequestResponse(error.message, undefined, true);
-  }
-  if (error instanceof DatabaseError) {
-    logger.error({ error, url }, `Error in ${endpoint}`);
-    return responses.internalServerErrorResponse(error.message, true);
-  }
-  return responses.internalServerErrorResponse("Unknown error occurred", true);
-};
-
-const validateResponse = (
-  response: TResponse,
-  survey: TSurvey,
-  responseUpdateInput: TResponseUpdateInput
-) => {
-  // Validate response data against validation rules
-  const mergedData = {
-    ...response.data,
-    ...responseUpdateInput.data,
-  };
-
-  const validationErrors = validateResponseData(
-    survey.blocks,
-    mergedData,
-    responseUpdateInput.language ?? response.language ?? "en",
-    survey.questions
-  );
-
-  if (validationErrors) {
-    return {
-      response: responses.badRequestResponse(
-        "Validation failed",
-        formatValidationErrorsForV1Api(validationErrors),
-        true
-      ),
-    };
-  }
-};
-
 export const PUT = withV1ApiWrapper({
-  handler: async ({ req, props }: THandlerParams<{ params: Promise<{ responseId: string }> }>) => {
-    const params = await props.params;
-    const { responseId } = params;
-
-    if (!responseId) {
-      return {
-        response: responses.badRequestResponse("Response ID is missing", undefined, true),
-      };
-    }
-
-    const responseUpdate = await req.json();
-    const inputValidation = ZResponseUpdateInput.safeParse(responseUpdate);
-
-    if (!inputValidation.success) {
-      return {
-        response: responses.badRequestResponse(
-          "Fields are missing or incorrectly formatted",
-          transformErrorToDetails(inputValidation.error),
-          true
-        ),
-      };
-    }
-
-    let response;
-    try {
-      response = await getResponse(responseId);
-    } catch (error) {
-      const endpoint = "PUT /api/v1/client/[environmentId]/responses/[responseId]";
-      return {
-        response: handleDatabaseError(
-          error instanceof Error ? error : new Error(String(error)),
-          req.url,
-          endpoint,
-          responseId
-        ),
-      };
-    }
-
-    if (!response) {
-      return {
-        response: responses.notFoundResponse("Response", responseId, true),
-      };
-    }
-
-    if (response.finished) {
-      return {
-        response: responses.badRequestResponse("Response is already finished", undefined, true),
-      };
-    }
-
-    // get survey to get environmentId
-    let survey;
-    try {
-      survey = await getSurvey(response.surveyId);
-    } catch (error) {
-      const endpoint = "PUT /api/v1/client/[environmentId]/responses/[responseId]";
-      return {
-        response: handleDatabaseError(
-          error instanceof Error ? error : new Error(String(error)),
-          req.url,
-          endpoint,
-          responseId
-        ),
-      };
-    }
-
-    if (!survey) {
-      return {
-        response: responses.notFoundResponse("Survey", response.surveyId, true),
-      };
-    }
-
-    if (!validateFileUploads(inputValidation.data.data, survey.questions)) {
-      return {
-        response: responses.badRequestResponse("Invalid file upload response", undefined, true),
-      };
-    }
-
-    // Validate response data for "other" options exceeding character limit
-    const otherResponseInvalidQuestionId = validateOtherOptionLengthForMultipleChoice({
-      responseData: inputValidation.data.data,
-      surveyQuestions: survey.questions as unknown as TSurveyElement[],
-      responseLanguage: inputValidation.data.language,
-    });
-
-    if (otherResponseInvalidQuestionId) {
-      return {
-        response: responses.badRequestResponse(
-          `Response exceeds character limit`,
-          {
-            questionId: otherResponseInvalidQuestionId,
-          },
-          true
-        ),
-      };
-    }
-
-    const validationResult = validateResponse(response, survey, inputValidation.data);
-    if (validationResult) {
-      return validationResult;
-    }
-
-    // update response with quota evaluation
-    let updatedResponse;
-    try {
-      updatedResponse = await updateResponseWithQuotaEvaluation(responseId, inputValidation.data);
-    } catch (error) {
-      if (error instanceof ResourceNotFoundError) {
-        return {
-          response: responses.notFoundResponse("Response", responseId, true),
-        };
-      }
-      if (error instanceof InvalidInputError) {
-        return {
-          response: responses.badRequestResponse(error.message),
-        };
-      }
-      if (error instanceof DatabaseError) {
-        logger.error(
-          { error, url: req.url },
-          "Error in PUT /api/v1/client/[environmentId]/responses/[responseId]"
-        );
-        return {
-          response: responses.internalServerErrorResponse(error.message),
-        };
-      }
-
-      logger.error(
-        { error, url: req.url },
-        "Error in PUT /api/v1/client/[environmentId]/responses/[responseId]"
-      );
-      return {
-        response: responses.internalServerErrorResponse("Something went wrong"),
-      };
-    }
-
-    const { quotaFull, ...responseData } = updatedResponse;
-
-    // send response update to pipeline
-    // don't await to not block the response
-    sendToPipeline({
-      event: "responseUpdated",
-      environmentId: survey.environmentId,
-      surveyId: survey.id,
-      response: responseData,
-    });
-
-    if (updatedResponse.finished) {
-      // send response to pipeline
-      // don't await to not block the response
-      sendToPipeline({
-        event: "responseFinished",
-        environmentId: survey.environmentId,
-        surveyId: survey.id,
-        response: responseData,
-      });
-    }
-
-    const quotaObj = createQuotaFullObject(quotaFull);
-
-    const responseDataWithQuota = {
-      id: responseData.id,
-      ...quotaObj,
-    };
-
-    return {
-      response: responses.successResponse(responseDataWithQuota, true),
-    };
-  },
+  handler: putResponseHandler,
 });
@@ -10,6 +10,8 @@ import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
 import { sendToPipeline } from "@/app/lib/pipelines";
+import { ENCRYPTION_KEY } from "@/lib/constants";
+import { symmetricDecrypt } from "@/lib/crypto";
 import { getSurvey } from "@/lib/survey/service";
 import { getClientIpFromHeaders } from "@/lib/utils/client-ip";
 import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
@@ -123,17 +125,118 @@ export const POST = withV1ApiWrapper({
    }
    if (survey.environmentId !== environmentId) {
      return {
-        response: responses.badRequestResponse(
-          "Survey is part of another environment",
-          {
-            "survey.environmentId": survey.environmentId,
-            environmentId,
-          },
-          true
-        ),
+        response: responses.badRequestResponse("Survey does not belong to this environment", undefined, true),
      };
    }

+    if (survey.type === "link" && survey.singleUse?.enabled) {
+      if (!responseInputData.singleUseId) {
+        return {
+          response: responses.badRequestResponse(
+            "Missing single use id",
+            {
+              surveyId: survey.id,
+              environmentId,
+            },
+            true
+          ),
+        };
+      }
+
+      if (!responseInputData.meta?.url) {
+        return {
+          response: responses.badRequestResponse(
+            "Missing or invalid URL in response metadata",
+            {
+              surveyId: survey.id,
+              environmentId,
+            },
+            true
+          ),
+        };
+      }
+
+      let url: URL;
+      try {
+        url = new URL(responseInputData.meta.url);
+      } catch (error) {
+        return {
+          response: responses.badRequestResponse(
+            "Invalid URL in response metadata",
+            {
+              surveyId: survey.id,
+              environmentId,
+              error: error instanceof Error ? error.message : "Unknown error occurred",
+            },
+            true
+          ),
+        };
+      }
+
+      const suId = url.searchParams.get("suId");
+      if (!suId) {
+        return {
+          response: responses.badRequestResponse(
+            "Missing single use id",
+            {
+              surveyId: survey.id,
+              environmentId,
+            },
+            true
+          ),
+        };
+      }
+
+      if (survey.singleUse.isEncrypted) {
+        if (!ENCRYPTION_KEY) {
+          logger.error({ url: req.url, surveyId: survey.id, environmentId }, "ENCRYPTION_KEY is not set");
+          return {
+            response: responses.internalServerErrorResponse("An unexpected error occurred.", true),
+          };
+        }
+
+        let decryptedSuId: string;
+        try {
+          decryptedSuId = symmetricDecrypt(suId, ENCRYPTION_KEY);
+        } catch {
+          return {
+            response: responses.badRequestResponse(
+              "Invalid single use id",
+              {
+                surveyId: survey.id,
+                environmentId,
+              },
+              true
+            ),
+          };
+        }
+
+        if (decryptedSuId !== responseInputData.singleUseId) {
+          return {
+            response: responses.badRequestResponse(
+              "Invalid single use id",
+              {
+                surveyId: survey.id,
+                environmentId,
+              },
+              true
+            ),
+          };
+        }
+      } else if (responseInputData.singleUseId !== suId) {
+        return {
+          response: responses.badRequestResponse(
+            "Invalid single use id",
+            {
+              surveyId: survey.id,
+              environmentId,
+            },
+            true
+          ),
+        };
+      }
+    }
+
    if (!validateFileUploads(responseInputData.data, survey.questions)) {
      return {
        response: responses.badRequestResponse("Invalid file upload response"),
@@ -1,7 +1,7 @@
 import { logger } from "@formbricks/logger";
-import { TUploadPrivateFileRequest, ZUploadPrivateFileRequest } from "@formbricks/types/storage";
+import { ZUploadPrivateFileRequest } from "@formbricks/types/storage";
+import { parseAndValidateJsonBody } from "@/app/lib/api/parse-and-validate-json-body";
 import { responses } from "@/app/lib/api/response";
-import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
 import { MAX_FILE_UPLOAD_SIZES } from "@/lib/constants";
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
@@ -30,33 +30,27 @@ export const POST = withV1ApiWrapper({
  handler: async ({ req, props }: THandlerParams<{ params: Promise<{ environmentId: string }> }>) => {
    const params = await props.params;
    const { environmentId } = params;
-    let jsonInput: TUploadPrivateFileRequest;
-
-    try {
-      jsonInput = await req.json();
-    } catch (error) {
-      logger.error({ error, url: req.url }, "Error parsing JSON input");
-      return {
-        response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
-      };
-    }
-
-    const parsedInputResult = ZUploadPrivateFileRequest.safeParse({
-      ...jsonInput,
-      environmentId,
+    const parsedInputResult = await parseAndValidateJsonBody({
+      request: req,
+      schema: ZUploadPrivateFileRequest,
+      buildInput: (jsonInput) => ({
+        ...(jsonInput !== null && typeof jsonInput === "object" ? jsonInput : {}),
+        environmentId,
+      }),
    });

-    if (!parsedInputResult.success) {
-      const errorDetails = transformErrorToDetails(parsedInputResult.error);
-
-      logger.error({ error: errorDetails }, "Fields are missing or incorrectly formatted");
+    if ("response" in parsedInputResult) {
+      if (parsedInputResult.issue === "invalid_json") {
+        logger.error({ error: parsedInputResult.details, url: req.url }, "Error parsing JSON input");
+      } else {
+        logger.error(
+          { error: parsedInputResult.details, url: req.url },
+          "Fields are missing or incorrectly formatted"
+        );
+      }

      return {
-        response: responses.badRequestResponse(
-          "Fields are missing or incorrectly formatted",
-          errorDetails,
-          true
-        ),
+        response: parsedInputResult.response,
      };
    }

@@ -81,11 +75,7 @@ export const POST = withV1ApiWrapper({

    if (survey.environmentId !== environmentId) {
      return {
-        response: responses.badRequestResponse(
-          "Survey does not belong to the environment",
-          { surveyId, environmentId },
-          true
-        ),
+        response: responses.badRequestResponse("Survey does not belong to this environment", undefined, true),
      };
    }

@@ -105,9 +95,14 @@ export const POST = withV1ApiWrapper({
    if (!signedUrlResponse.ok) {
      logger.error({ error: signedUrlResponse.error }, "Error getting signed url for upload");
      const errorResponse = getErrorResponseFromStorageError(signedUrlResponse.error, { fileName });
-      return {
-        response: errorResponse,
-      };
+      return errorResponse.status >= 500
+        ? {
+            response: errorResponse,
+            error: signedUrlResponse.error,
+          }
+        : {
+            response: errorResponse,
+          };
    }

    return {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Tiago Farto	88db91a804	fix: harden sso account deletion reauth	2026-05-06 10:16:37 +00:00
Tiago Farto	e4a60be670	fix: resolve remaining sso deletion review comments	2026-05-05 17:10:21 +00:00
Tiago Farto	93268722c2	fix: address sso deletion review comments	2026-05-05 16:27:52 +00:00
Tiago Farto	50a0f7bdbd	fix: simplify SSO deletion reauth validation	2026-05-05 15:45:56 +00:00
Tiago Farto	b0856cd6c5	chore: more explicit delete flow explanaition	2026-05-05 15:01:25 +00:00
Tiago Farto	b94d2a8be1	docs: rewrite	2026-05-05 14:36:05 +00:00
Tiago Farto	d227f4e701	docs: narrow env variable diff	2026-05-05 14:16:04 +00:00
Tiago Farto	4b7d3c1c46	fix: support configurable SSO deletion reauth	2026-05-05 14:03:34 +00:00
Tiago Farto	0394af16b5	fix: require verifiable SSO deletion reauth Only allow account deletion SSO reauth for providers that return fresh authentication evidence. Decrypt signed SAML responses before extracting AuthnInstant so encrypted assertions remain supported.	2026-05-05 10:08:01 +00:00
Tiago Farto	e42a2099d1	chore: fix test	2026-05-04 17:08:07 +00:00
Tiago Farto	fb311fa1ff	chore: address linting issues	2026-05-04 16:53:15 +00:00
Tiago Farto	eacc0988d8	chore: lint comments and additional test coverage	2026-05-04 16:18:14 +00:00
Tiago Farto	a5f882588e	chore: increase test coverage	2026-05-04 15:49:32 +00:00
Tiago Farto	738ff6c2ff	fix: sso account deletion password check	2026-05-04 15:30:47 +00:00
Tiago	fae00f6a82	fix: outlook preview (#7803 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-05-04 15:10:14 +00:00
Anshuman Pandey	a274c444ad	fix: reject SSO auto-provisioning when AUTH_SSO_DEFAULT_TEAM_ID is missing (#7926 )	2026-05-04 10:57:44 +00:00
Anshuman Pandey	5fae207cd7	fix: duplicate action class name error (#7919 )	2026-04-30 09:17:09 +00:00
Johannes	654539d320	fix: removed dead menu item & theme import (#7909 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-30 08:09:40 +00:00
Johannes	44aac89d41	fix: return generic credentials error for SSO-only accounts (#7911 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com>	2026-04-30 08:09:34 +00:00
Johannes	e0250b2a58	fix: include partial response in trigger description (#7908 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com> Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-30 06:27:48 +00:00
Labeeb	a8d6cd8a9f	fix: 7817 use fully translated inactive survey headings (#7836 )	2026-04-30 04:46:13 +00:00
Bhagya Amarasinghe	f79fe1490e	feat: add PostHog experiment wrappers (#7899 )	2026-04-29 08:07:11 +00:00
Dhruwang Jariwala	5cfbc671c5	fix: allow back navigation to prefilled questions in email embed surveys (#7900 )	2026-04-29 08:06:08 +00:00
Tiago	e6e9419b93	fix: require step-up authorization for account deletion (#7901 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-28 12:46:27 +00:00
dependabot[bot]	90eb78e571	chore(deps): bump the npm_and_yarn group across 5 directories with 2 updates (#7834 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matti Nannt <matti@formbricks.com>	2026-04-28 12:01:12 +02:00
Johannes	991866f549	docs: document option ID prefilling (#7893 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-28 08:17:05 +00:00
Bhagya Amarasinghe	6d1b3475d4	fix(survey-list): reduce v3 overview query cost (#7812 )	2026-04-27 16:53:53 +00:00
Johannes	5e967a2b67	fix: use app.formbricks.com in v1 API docs (#7894 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-27 13:19:12 +00:00
Johannes	23a8fd6a47	fix: replace organization name placeholder example (#7832 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com> Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-27 12:49:16 +00:00
Dhruwang Jariwala	0686eb3cbb	feat: add refetch button to refresh responses table (#7808 ) Co-authored-by: Johannes <johannes@formbricks.com>	2026-04-27 10:10:53 +00:00
Anshuman Pandey	6d9ab315c2	fix: prevent SSRF via redirect following in webhook delivery (#7877 )	2026-04-27 08:50:21 +00:00
Tiago	4128731c5f	fix: password hash visibility improvement (#7814 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-24 18:16:59 +00:00
Matti Nannt	ef96426ca0	chore(security): dependency audit — reduce attack surface & resolve all vulnerabilities (#7801 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-24 20:32:32 +02:00
Dhruwang Jariwala	ce1dbe8b00	fix: apply plan changes immediately for non-standard plans (#7807 )	2026-04-24 07:38:33 +00:00
Dhruwang Jariwala	444f043140	fix: prevent Airtable integration crash when token expires (#7811 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-23 08:36:10 +00:00
Dhruwang Jariwala	2d32c0d671	feat: add iframe preview to website embed tab (#7791 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-23 06:36:55 +00:00
Dhruwang Jariwala	8dc70a5e30	fix: prevent survey widget CSS from polluting host page styles (#7805 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-22 12:24:44 +00:00
Aryan Ghugare	3e4e55fbf1	fix: prevent bypass of single-use survey restriction via v1 API (#7735 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-22 09:48:18 +00:00
Tiago	fcfedd6e15	feat: replace minio with rustfs (#7742 )	2026-04-22 08:07:38 +00:00
Tiago	6c4342690f	fix: harden legacy SSO relinking (#7755 )	2026-04-22 07:35:23 +00:00
arasucar	b8c361fcf3	refactor: use context instead of prop drilling in survey analysis components (#6223 ) (#7754 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-22 06:00:13 +00:00
Matti Nannt	8771a0ec91	fix: lodash vulnerability (#7800 )	2026-04-22 05:57:08 +00:00
Bhagya Amarasinghe	fc33c52133	fix: patch protobufjs transitive vulnerabilities (#7790 )	2026-04-21 09:59:12 +00:00
Balázs Úr	75cf9293b1	fix: Hungarian translation (#7752 )	2026-04-21 08:41:53 +00:00
Serhat	e489c6a346	feat: Add Turkish (tr) translations (#7645 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-20 12:51:25 +00:00
Johannes	cefc2bdf60	fix: show oversized upload error when mime type is missing (#7757 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com>	2026-04-20 07:00:41 +00:00
dependabot[bot]	78473bf3d0	chore(deps): bump the npm_and_yarn group across 12 directories with 4 updates (#7680 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matti Nannt <matti@formbricks.com>	2026-04-20 06:59:52 +00:00
Johannes	15403c6a92	fix: add accessible dialog title to project limit modal (#7769 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-20 06:45:21 +00:00
Johannes	35b98863a4	feat: auto-fill safe attribute key from label (#7771 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-20 06:44:10 +00:00
Anshuman Pandey	65f5968fb1	fix: fixes sentry ref issue (#7776 )	2026-04-20 06:29:44 +00:00
Bhagya Amarasinghe	2dfea4d72f	fix: prevent split offline responses on restore (#7767 )	2026-04-20 06:05:13 +00:00
Dhruwang Jariwala	ff77118932	fix: response tag UI issues in response modal (#7765 )	2026-04-17 11:59:59 +00:00
Johannes	79a773432a	feat: extend auto-progress to single-select question types (#7725 )	2026-04-17 10:17:00 +00:00
Niels Kaspers	d53869f1df	fix: fix duplicate block and misleading subheader in trial conversion template (#7560 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-17 10:01:54 +00:00
Balázs Úr	fc9ddb2b0d	fix: mark Identify Customer Goals survey as translatable (#7566 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-17 09:53:15 +00:00
Bhagya Amarasinghe	6fcb6863bd	feat: migrate survey overview to v3 APIs (#7741 )	2026-04-17 09:45:12 +00:00
Johannes	b1cee91ad9	fix: redirect active project and organization selections (#7724 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-17 09:33:12 +00:00
Dhruwang Jariwala	60bd5cbeff	fix: prevent environment ID leak in API error responses (#7753 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-17 08:38:32 +00:00
Dhruwang Jariwala	b6a3a15379	fix: make other option input field mandatory when sole selection (#7751 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-17 08:06:00 +00:00
Johannes	c68f214eff	fix: keep sidebar switcher icons round with long labels (#7756 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-17 08:04:10 +00:00
Harsh Bhat	c90ee84483	chore: Add survey to formbricks docs (#7746 )	2026-04-16 12:13:55 +00:00
Dhruwang Jariwala	dc1ee72594	chore: translation management revamp (scope 1) (#7733 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Johannes <johannes@formbricks.com> Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-16 11:18:48 +00:00
Dhruwang Jariwala	924132287e	fix: connect rating/NPS scale labels to label styling settings (#7738 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 10:59:59 +00:00
Dhruwang Jariwala	e6f347aa07	fix: remove dark: variant classes from survey-ui to prevent host page style leakage (#7747 )	2026-04-16 05:50:46 +00:00
Dhruwang Jariwala	367bc23dd4	fix: prevent offline replay from dropping survey blocks after completion (#7743 )	2026-04-15 19:59:15 +00:00
XHamzaX	a1a11b2bb8	fix: prevent OIDC button text overlap with 'last used' indicator (#7731 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-15 09:42:20 +00:00
Marius	0653c6a59f	fix: strip @layer properties block to prevent host page CSS pollution (#7685 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-15 06:58:35 +00:00
Anshuman Pandey	b6d793e109	fix: fixes unique constraint error with singleUseId and surveyId (#7737 )	2026-04-15 06:50:20 +00:00
Dhruwang Jariwala	439dd0b44e	fix: add loading skeleton for responses page (#7700 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Johannes <johannes@formbricks.com>	2026-04-13 16:56:20 +00:00
Anshuman Pandey	2556f5e15d	fix: add missing PostHog events (#7722 ) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-13 11:57:12 +00:00
Johannes	cc0eec3bf0	feat: add auto-progress mode for rating and NPS surveys (#7709 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com> Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-13 11:22:50 +00:00
Johannes	4b009a8eb4	revert: enhance welcome card to support video uploads (#7712 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-13 08:17:05 +00:00
Johannes	2aaddf7306	fix: prevent TTC overcount for multi-question blocks (#7713 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-13 07:56:40 +00:00
Dhruwang Jariwala	fb5d6145d0	fix: only show beforeunload warning when offline support is active (#7715 )	2026-04-13 07:19:57 +00:00
Dhruwang Jariwala	59310bac93	fix: validate "Other" option text on required questions and remove duplicate response entry (#7716 )	2026-04-13 07:05:08 +00:00
Dhruwang Jariwala	322f0be197	fix: improve restricted ID validation toast with i18n support (#7703 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Johannes <johannes@formbricks.com>	2026-04-12 06:18:13 +00:00
Manuel Delgado	1a02f91afd	fix(api): return 409 Conflict instead of 500 when creating user with duplicate email (#7675 ) Co-authored-by: Tiago Farto <tiago@formbricks.com>	2026-04-10 14:28:17 +00:00
Tiago	cc22ccb22d	chore: Harden SSO account linking for existing email-based accounts (#7702 )	2026-04-10 14:19:21 +00:00
Tiago	12763f0ef6	fix: Dutch translations for link survey footer (Privacy Policy, Imprint, Report Survey) (#7707 )	2026-04-10 13:42:15 +00:00
Dhruwang Jariwala	d39e3ee638	feat: offline support for link surveys (#7694 ) Co-authored-by: Matti Nannt <mail@matthiasnannt.com> Co-authored-by: Anshuman Pandey <54475686+pandeymangg@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com> Co-authored-by: Johannes <johannes@formbricks.com>	2026-04-10 11:27:48 +00:00
dingdyan	d85242a86b	fix: handle internal server error toast behavior in create organization (#7662 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-10 11:13:10 +00:00
Bhagya Amarasinghe	ef53065abc	feat: support GKE Envoy ingress split with numeric ports and service annotations (#7704 )	2026-04-10 09:22:19 +00:00
Dhruwang Jariwala	805c1c6874	fix: (duplicate) server error toast handling (#7701 )	2026-04-10 09:22:16 +00:00
Niels Kaspers	01687e8907	fix: add TERMS_URL support to survey link footers (#7670 )	2026-04-10 09:21:11 +00:00
Johannes	31d455002d	feat: unifiy nav auth behaviour (#7635 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-09 14:26:14 +00:00
Johannes	d96304d86d	fix: make navigation more user-friendly (#7599 ) Co-authored-by: Tiago Farto <tiago@formbricks.com>	2026-04-09 08:03:24 +00:00
Bhagya Amarasinghe	1064f68435	fix: support OTEL host config for envoy telemetry (#7692 )	2026-04-09 07:25:52 +00:00
Anshuman Pandey	3d16e859c6	feat: custom posthog events (#7647 )	2026-04-09 05:34:01 +00:00
Salim B	af198c5632	docs: remove spurious left-overs (#7690 )	2026-04-08 16:11:30 +00:00
Bhagya Amarasinghe	a43ed2b25c	feat: add envoy gateway helm bundle (#7686 )	2026-04-08 07:34:47 +00:00
Tiago	87bcad2b20	feat: Supporting different AI providers within Formbricks (#7611 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-06 05:45:12 +00:00
Anshuman Pandey	b5eaa4c7fd	fix: merge epic/improve-telemetry into main (#7666 )	2026-04-03 10:12:51 +00:00
Tiago	995c03bc01	chore: Revoke all active sessions after password reset (#7628 )	2026-04-03 06:10:28 +00:00
Johannes	b4395a48c5	fix: multi-lang toggle covering arabic text (#7657 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-02 13:09:16 +00:00
Johannes	461e3893fe	fix: 7549 multilang button overflow (#7656 ) Co-authored-by: Niels Kaspers <kaspersniels@gmail.com>	2026-04-02 12:53:57 +00:00
Tiago	735a9f84ec	fix: harden api error reporting for v2/v1 Sentry observability (#7633 )	2026-04-02 12:08:44 +00:00
Dhruwang Jariwala	8cb8d734cf	fix: prevent language switch from breaking survey orientation and resetting language on auto-save (#7654 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-02 12:08:12 +00:00
Anshuman Pandey	44d5530b48	fix: adds formbricks instance on window (#7630 )	2026-04-02 07:26:48 +00:00
Matti Nannt	a314eb391e	chore: add Codex environment config (#7589 )	2026-04-02 07:24:02 +00:00
Matti Nannt	6c34c316d0	docs: remove non-official self-hosting options from README.md	2026-04-01 14:16:47 +02:00
Matti Nannt	4f26278f16	docs: add German README summary (#7641 )	2026-04-01 11:04:15 +02:00
Tiago	b975e7fa2e	feat: Make password reset links single-use and revocable (#7627 )	2026-04-01 07:12:37 +00:00
Johannes	6c3052f9e4	fix: correct CSAT template option order for question 2 (#7636 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-01 07:11:27 +00:00
Dhruwang Jariwala	5bb8119ebf	feat: split AI toggle into smart tools and data analysis settings (#7563 )	2026-03-31 11:23:51 +00:00
Johannes	02411277d4	revert: remove fake-door workflows experiment (#7392 ) (#7631 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-03-31 10:47:33 +00:00
Dhruwang Jariwala	4cfb8c6d7b	fix: resolve language code case mismatch in link survey rendering (#7624 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-30 11:34:20 +00:00
Anshuman Pandey	e74a51a5ff	fix: sync segment state after auto-save to prevent stale reference on publish (#7619 )	2026-03-30 06:51:44 +00:00
Dhruwang Jariwala	29cc6a10fe	fix: prevent auto-save from overwriting survey status during publish (#7618 )	2026-03-30 06:34:20 +00:00
Bhagya Amarasinghe	01f765e969	fix: migrate auth sessions to database-backed storage (#7594 )	2026-03-27 07:15:06 +00:00
Anshuman Pandey	9366960f18	feat: adds support for internal webhook urls (#7577 )	2026-03-27 07:04:14 +00:00
IllimarR	697dc9cc99	feat: add Estonian language support for surveys (#7574 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-03-27 06:12:40 +00:00
Dhruwang Jariwala	83bc272ed2	fix: prevent duplicate hobby subscriptions from race condition (#7597 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-26 15:50:52 +00:00
Dhruwang Jariwala	59cc9c564e	fix: duplicate org creation (#7593 )	2026-03-26 05:52:09 +00:00
Dhruwang Jariwala	20dc147682	fix: scrolling behaviour to invalid questions (#7573 )	2026-03-25 13:35:51 +00:00
cursor[bot]	2bb7a6f277	fix: prevent TypeError when checking for duplicate matrix labels (#7579 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com>	2026-03-25 13:14:18 +00:00
Dhruwang Jariwala	deb062dd03	fix: handle 404 race condition in Stripe webhook reconciliation (#7584 )	2026-03-25 09:58:00 +00:00
Dhruwang Jariwala	474be86d33	fix: translations for option types (#7576 )	2026-03-24 13:18:26 +00:00