fix: backport account deletion authorization (#7901 ) (#7903 )

fix: backport account deletion authorization (#7901 )
fix: (backport) prevent SSRF via redirect following in webhook delivery (#7877 ) (#7892 )
2026-05-08 11:19:30 -05:00 · 2026-04-28 18:39:00 +05:30 · 2026-04-28 12:52:06 +00:00 · 2026-04-27 15:32:12 +05:30 · 2026-04-27 15:32:03 +05:30 · 2026-04-27 15:31:52 +05:30
501 changed files with 10412 additions and 30893 deletions
@@ -106,13 +106,6 @@ PASSWORD_RESET_DISABLED=1
 # Organization Invite. Disable the ability for invited users to create an account.
 # INVITE_DISABLED=1

-###########################################
-# Account deletion reauthentication       #
-###########################################
-
-# Danger: disables fresh SSO reauthentication for passwordless account deletion. Keep unset unless you accept the risk.
-# DISABLE_ACCOUNT_DELETION_SSO_REAUTH=1
-

 ##########
 # Other  #
@@ -139,9 +132,6 @@ GITHUB_SECRET=
 # Configure Google Login
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
-# Google only returns the auth_time proof after Auth Platform Security Bundle "Session age claims" is enabled.
-# Keep this unset until that setting is active for the OAuth app.
-# GOOGLE_ACCOUNT_DELETION_REAUTH_ENABLED=1

 # Configure Azure Active Directory Login
 AZUREAD_CLIENT_ID=
@@ -20,12 +20,12 @@ runs:
  using: "composite"
  steps:
    - name: Checkout repo
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@v3

    - uses: ./.github/actions/dangerous-git-checkout

    - name: Cache Build
-      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+      uses: actions/cache@v3
      id: cache-build
      env:
        cache-name: prod-build
@@ -43,7 +43,7 @@ runs:
      shell: bash

    - name: Setup Node.js 20.x
-      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      uses: actions/setup-node@v3
      with:
        node-version: 20.x
      if: steps.cache-build.outputs.cache-hit != 'true'
@@ -53,7 +53,7 @@ runs:
      if: steps.cache-build.outputs.cache-hit != 'true'

    - name: Install dependencies
-      run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
+      run: pnpm install --config.platform=linux --config.architecture=x64
      if: steps.cache-build.outputs.cache-hit != 'true'
      shell: bash

@@ -4,7 +4,7 @@ runs:
  using: "composite"
  steps:
    - name: Checkout repo
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@v3
      with:
        ref: ${{ github.event.pull_request.head.sha }}
        fetch-depth: 2
@@ -49,7 +49,7 @@ jobs:
            ${{ runner.os }}-pnpm-store-

      - name: Install dependencies
-        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
+        run: pnpm install --config.platform=linux --config.architecture=x64

      - name: Run Chromatic
        uses: chromaui/action@4c20b95e9d3209ecfdf9cd6aace6bbde71ba1694 # v13.3.4
@@ -57,7 +57,7 @@ jobs:
      - uses: ./.github/actions/dangerous-git-checkout

      - name: Setup Node.js 22.x
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
        with:
          node-version: 22.x

@@ -65,7 +65,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
+        run: pnpm install --config.platform=linux --config.architecture=x64
        shell: bash

      - name: create .env
@@ -85,48 +85,65 @@ jobs:
          echo "S3_REGION=us-east-1" >> .env
          echo "S3_BUCKET_NAME=formbricks-e2e" >> .env
          echo "S3_ENDPOINT_URL=http://localhost:9000" >> .env
-          echo "S3_ACCESS_KEY=devrustfs-service" >> .env
-          echo "S3_SECRET_KEY=devrustfs-service123" >> .env
+          echo "S3_ACCESS_KEY=devminio" >> .env
+          echo "S3_SECRET_KEY=devminio123" >> .env
          echo "S3_FORCE_PATH_STYLE=1" >> .env
        shell: bash

-      - name: Start RustFS Server
+      - name: Install MinIO client (mc)
+        run: |
+          set -euo pipefail
+          MC_VERSION="RELEASE.2025-08-13T08-35-41Z"
+          MC_BASE="https://dl.min.io/client/mc/release/linux-amd64/archive"
+          MC_BIN="mc.${MC_VERSION}"
+          MC_SUM="${MC_BIN}.sha256sum"
+
+          curl -fsSL "${MC_BASE}/${MC_BIN}" -o "${MC_BIN}"
+          curl -fsSL "${MC_BASE}/${MC_SUM}" -o "${MC_SUM}"
+
+          sha256sum -c "${MC_SUM}"
+
+          chmod +x "${MC_BIN}"
+          sudo mv "${MC_BIN}" /usr/local/bin/mc
+
+      - name: Start MinIO Server
        run: |
          set -euo pipefail

-          # Start RustFS server in background
+          # Start MinIO server in background
          docker run -d \
-            --name rustfs-server \
+            --name minio-server \
            -p 9000:9000 \
            -p 9001:9001 \
-            -e RUSTFS_ACCESS_KEY=devrustfs \
-            -e RUSTFS_SECRET_KEY=devrustfs123 \
-            -e RUSTFS_ADDRESS=:9000 \
-            -e RUSTFS_CONSOLE_ENABLE=true \
-            -e RUSTFS_CONSOLE_ADDRESS=:9001 \
-            rustfs/rustfs:1.0.0-alpha.93 \
-            /data
+            -e MINIO_ROOT_USER=devminio \
+            -e MINIO_ROOT_PASSWORD=devminio123 \
+            minio/minio:RELEASE.2025-09-07T16-13-09Z \
+            server /data --console-address :9001

-          echo "RustFS server started"
+          echo "MinIO server started"

-      - name: Bootstrap RustFS bucket and browser upload CORS
+      - name: Wait for MinIO and create S3 bucket
        run: |
          set -euo pipefail

-          docker run --rm \
-            --network host \
-            --entrypoint /bin/sh \
-            -e RUSTFS_ENDPOINT_URL=http://127.0.0.1:9000 \
-            -e RUSTFS_ADMIN_USER=devrustfs \
-            -e RUSTFS_ADMIN_PASSWORD=devrustfs123 \
-            -e RUSTFS_SERVICE_USER=devrustfs-service \
-            -e RUSTFS_SERVICE_PASSWORD=devrustfs-service123 \
-            -e RUSTFS_BUCKET_NAME=formbricks-e2e \
-            -e RUSTFS_POLICY_NAME=formbricks-e2e-policy \
-            -e RUSTFS_CORS_ALLOWED_ORIGINS=http://localhost:3000,http://127.0.0.1:3000 \
-            -v "$PWD/docker/rustfs-init.sh:/tmp/rustfs-init.sh:ro" \
-            minio/mc@sha256:95b5f3f7969a5c5a9f3a700ba72d5c84172819e13385aaf916e237cf111ab868 \
-            /tmp/rustfs-init.sh
+          echo "Waiting for MinIO to be ready..."
+          ready=0
+          for i in {1..60}; do
+            if curl -fsS http://localhost:9000/minio/health/live >/dev/null; then
+              echo "MinIO is up after ${i} seconds"
+              ready=1
+              break
+            fi
+            sleep 1
+          done
+
+          if [ "$ready" -ne 1 ]; then
+            echo "::error::MinIO did not become ready within 60 seconds"
+            exit 1
+          fi
+
+          mc alias set local http://localhost:9000 devminio devminio123
+          mc mb --ignore-existing local/formbricks-e2e

      - name: Build App
        run: |
@@ -225,14 +242,8 @@ jobs:
        if: failure()
        with:
          name: app-logs
-          if-no-files-found: ignore
          path: app.log

      - name: Output App Logs
        if: failure()
-        run: |
-          if [ -f app.log ]; then
-            cat app.log
-          else
-            echo "app.log not found because the Run App step did not execute or failed before log creation."
-          fi
+        run: cat app.log
@@ -155,31 +155,3 @@ jobs:
      commit_sha: ${{ github.sha }}
      is_prerelease: ${{ github.event.release.prerelease }}
      make_latest: ${{ needs.check-latest-release.outputs.is_latest == 'true' }}
-
-  linear-release-complete:
-    name: Mark Linear release as complete
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    needs:
-      - docker-build-community
-      - docker-build-cloud
-      - helm-chart-release
-      - move-stable-tag
-    if: ${{ !github.event.release.prerelease }}
-    steps:
-      - name: Harden the runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
-        with:
-          egress-policy: audit
-
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Complete Linear release
-        uses: linear/linear-release-action@0353b5fa8c00326913966f00557d68f8f30b8b6b # v0.7.0
-        with:
-          access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
-          command: complete
-          version: ${{ github.event.release.tag_name }}
@@ -1,30 +0,0 @@
-name: Linear Release Sync
-
-on:
-  push:
-    branches:
-      - main
-
-permissions:
-  contents: read
-
-jobs:
-  linear-release:
-    name: Sync release to Linear
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    steps:
-      - name: Harden the runner
-        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
-        with:
-          egress-policy: audit
-
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-
-      - name: Sync Linear release
-        uses: linear/linear-release-action@0353b5fa8c00326913966f00557d68f8f30b8b6b # v0.7.0
-        with:
-          access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
@@ -21,7 +21,7 @@ jobs:
      - uses: ./.github/actions/dangerous-git-checkout

      - name: Setup Node.js 20.x
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
        with:
          node-version: 20.x

@@ -29,7 +29,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
+        run: pnpm install --config.platform=linux --config.architecture=x64

      - name: create .env
        run: cp .env.example .env
@@ -25,7 +25,7 @@ jobs:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

      - name: Setup Node.js 22.x
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
        with:
          node-version: 22.x

@@ -33,7 +33,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
+        run: pnpm install --config.platform=linux --config.architecture=x64

      - name: create .env
        run: cp .env.example .env
@@ -22,7 +22,7 @@ jobs:
      - uses: ./.github/actions/dangerous-git-checkout

      - name: Setup Node.js 20.x
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
        with:
          node-version: 20.x

@@ -30,7 +30,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
+        run: pnpm install --config.platform=linux --config.architecture=x64

      - name: create .env
        run: cp .env.example .env
@@ -2,7 +2,6 @@ name: Translation Validation

 permissions:
  contents: read
-  pull-requests: read

 on:
  pull_request:
@@ -40,7 +39,7 @@ jobs:

      - name: Setup Node.js 22.x
        if: steps.changes.outputs.translations == 'true'
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
        with:
          node-version: 22.x

@@ -50,7 +49,7 @@ jobs:

      - name: Install dependencies
        if: steps.changes.outputs.translations == 'true'
-        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
+        run: pnpm install --config.platform=linux --config.architecture=x64

      - name: Validate translation keys
        if: steps.changes.outputs.translations == 'true'
@@ -11,19 +11,19 @@
    "clean": "rimraf .turbo node_modules dist storybook-static"
  },
  "devDependencies": {
-    "@chromatic-com/storybook": "5.0.2",
-    "@storybook/addon-a11y": "10.3.5",
-    "@storybook/addon-docs": "10.3.5",
-    "@storybook/addon-links": "10.3.5",
-    "@storybook/addon-onboarding": "10.3.5",
-    "@storybook/react-vite": "10.3.5",
-    "@tailwindcss/vite": "4.2.4",
-    "@typescript-eslint/eslint-plugin": "8.57.2",
-    "@typescript-eslint/parser": "8.57.2",
+    "@chromatic-com/storybook": "^5.0.1",
+    "@storybook/addon-a11y": "10.2.17",
+    "@storybook/addon-links": "10.2.17",
+    "@storybook/addon-onboarding": "10.2.17",
+    "@storybook/react-vite": "10.2.17",
+    "@typescript-eslint/eslint-plugin": "8.57.0",
+    "@tailwindcss/vite": "4.2.1",
+    "@typescript-eslint/parser": "8.57.0",
    "@vitejs/plugin-react": "5.1.4",
    "eslint-plugin-react-refresh": "0.4.26",
-    "eslint-plugin-storybook": "10.3.5",
-    "storybook": "10.3.5",
-    "vite": "7.3.2"
+    "eslint-plugin-storybook": "10.2.17",
+    "storybook": "10.2.17",
+    "vite": "7.3.1",
+    "@storybook/addon-docs": "10.2.17"
  }
 }
@@ -1,4 +1,4 @@
-import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
+import { Prisma } from "@prisma/client";
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { DatabaseError } from "@formbricks/types/errors";
@@ -32,7 +32,7 @@ describe("getTeamsByOrganizationId", () => {

  test("throws DatabaseError on Prisma error", async () => {
    vi.mocked(prisma.team.findMany).mockRejectedValueOnce(
-      new PrismaClientKnownRequestError("fail", { code: "P2002", clientVersion: "1.0.0" })
+      new Prisma.PrismaClientKnownRequestError("fail", { code: "P2002", clientVersion: "1.0.0" })
    );
    await expect(getTeamsByOrganizationId("org1")).rejects.toThrow(DatabaseError);
  });
@@ -1,6 +1,6 @@
 "use server";

-import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
+import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { ZId } from "@formbricks/types/common";
@@ -27,7 +27,7 @@ export const getTeamsByOrganizationId = reactCache(
        name: team.name,
      }));
    } catch (error) {
-      if (error instanceof PrismaClientKnownRequestError) {
+      if (error instanceof Prisma.PrismaClientKnownRequestError) {
        throw new DatabaseError(error.message);
      }

@@ -2,7 +2,6 @@ import { PictureInPicture2Icon, SendIcon, XIcon } from "lucide-react";
 import Link from "next/link";
 import { redirect } from "next/navigation";
 import { OnboardingOptionsContainer } from "@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer";
-import { capturePostHogEvent } from "@/lib/posthog";
 import { getUserProjects } from "@/lib/project/service";
 import { getTranslate } from "@/lingodotdev/server";
 import { getOrganizationAuth } from "@/modules/organization/lib/utils";
@@ -42,16 +41,6 @@ const Page = async (props: ChannelPageProps) => {

  const projects = await getUserProjects(session.user.id, params.organizationId);

-  capturePostHogEvent(
-    session.user.id,
-    "organization_mode_selected",
-    {
-      organization_id: params.organizationId,
-      mode: "surveys",
-    },
-    { organizationId: params.organizationId }
-  );
-
  return (
    <div className="flex min-h-full min-w-full flex-col items-center justify-center space-y-12">
      <Header
@@ -18,7 +18,6 @@ import { createProjectAction } from "@/app/(app)/environments/[environmentId]/ac
 import { previewSurvey } from "@/app/lib/templates";
 import { FORMBRICKS_SURVEYS_FILTERS_KEY_LS } from "@/lib/localStorage";
 import { buildStylingFromBrandColor } from "@/lib/styling/constants";
-import { toJsEnvironmentStateSurvey } from "@/lib/survey/client-utils";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { TOrganizationTeam } from "@/modules/ee/teams/project-teams/types/team";
 import { CreateTeamModal } from "@/modules/ee/teams/team-list/components/create-team-modal";
@@ -243,7 +242,7 @@ export const ProjectSettings = ({
        <SurveyInline
          appUrl={publicDomain}
          isPreviewMode={true}
-          survey={toJsEnvironmentStateSurvey(previewSurvey(projectName || t("common.my_product"), t))}
+          survey={previewSurvey(projectName || t("common.my_product"), t)}
          styling={previewStyling}
          isBrandingEnabled={false}
          languageCode="default"
@@ -7,7 +7,6 @@ import { getTeamsByOrganizationId } from "@/app/(app)/(onboarding)/lib/onboardin
 import { ProjectSettings } from "@/app/(app)/(onboarding)/organizations/[organizationId]/workspaces/new/settings/components/ProjectSettings";
 import { DEFAULT_BRAND_COLOR } from "@/lib/constants";
 import { getPublicDomain } from "@/lib/getPublicUrl";
-import { capturePostHogEvent } from "@/lib/posthog";
 import { getUserProjects } from "@/lib/project/service";
 import { getTranslate } from "@/lingodotdev/server";
 import { getAccessControlPermission } from "@/modules/ee/license-check/lib/utils";
@@ -52,18 +51,6 @@ const Page = async (props: ProjectSettingsPageProps) => {

  const publicDomain = getPublicDomain();

-  if (searchParams.mode === "cx") {
-    capturePostHogEvent(
-      session.user.id,
-      "organization_mode_selected",
-      {
-        organization_id: params.organizationId,
-        mode: "cx",
-      },
-      { organizationId: params.organizationId }
-    );
-  }
-
  return (
    <div className="flex min-h-full min-w-full flex-col items-center justify-center space-y-12">
      <Header
@@ -10,7 +10,6 @@ import {
 import { ZProjectUpdateInput } from "@formbricks/types/project";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getOrganization } from "@/lib/organization/service";
-import { capturePostHogEvent, groupIdentifyPostHog } from "@/lib/posthog";
 import { getOrganizationProjectsCount } from "@/lib/project/service";
 import { updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
@@ -81,19 +80,6 @@ export const createProjectAction = authenticatedActionClient.inputSchema(ZCreate
      notificationSettings: updatedNotificationSettings,
    });

-    groupIdentifyPostHog("workspace", project.id, { name: project.name });
-
-    capturePostHogEvent(
-      user.id,
-      "workspace_created",
-      {
-        organization_id: organizationId,
-        workspace_id: project.id,
-        name: project.name,
-      },
-      { organizationId, workspaceId: project.id }
-    );
-
    ctx.auditLoggingCtx.organizationId = organizationId;
    ctx.auditLoggingCtx.projectId = project.id;
    ctx.auditLoggingCtx.newObject = project;
@@ -409,22 +409,16 @@ export const MainNavigation = ({
    : `/environments/${environment.id}/surveys/`;

  const handleProjectChange = (projectId: string) => {
-    const targetPath =
-      projectId === project.id ? `/environments/${environment.id}/surveys` : `/workspaces/${projectId}/`;
+    if (projectId === project.id) return;
    startTransition(() => {
-      setIsWorkspaceDropdownOpen(false);
-      router.push(targetPath);
+      router.push(`/workspaces/${projectId}/`);
    });
  };

  const handleOrganizationChange = (organizationId: string) => {
-    const targetPath =
-      organizationId === organization.id
-        ? `/environments/${environment.id}/settings/general`
-        : `/organizations/${organizationId}/`;
+    if (organizationId === organization.id) return;
    startTransition(() => {
-      setIsOrganizationDropdownOpen(false);
-      router.push(targetPath);
+      router.push(`/organizations/${organizationId}/`);
    });
  };

@@ -481,7 +475,7 @@ export const MainNavigation = ({
  );

  const switcherIconClasses =
-    "flex h-9 w-9 shrink-0 items-center justify-center rounded-full bg-slate-100 text-slate-600";
+    "flex h-9 w-9 items-center justify-center rounded-full bg-slate-100 text-slate-600";
  const isInitialProjectsLoading = isWorkspaceDropdownOpen && !hasInitializedProjects && !workspaceLoadError;

  return (
@@ -114,12 +114,8 @@ export const OrganizationBreadcrumb = ({
  }

  const handleOrganizationChange = (organizationId: string) => {
+    if (organizationId === currentOrganizationId) return;
    startTransition(() => {
-      setIsOrganizationDropdownOpen(false);
-      if (organizationId === currentOrganizationId && currentEnvironmentId) {
-        router.push(`/environments/${currentEnvironmentId}/settings/general`);
-        return;
-      }
      router.push(`/organizations/${organizationId}/`);
    });
  };
@@ -152,13 +152,9 @@ export const ProjectBreadcrumb = ({
  }

  const handleProjectChange = (projectId: string) => {
-    const targetPath =
-      projectId === currentProjectId
-        ? `/environments/${currentEnvironmentId}/surveys`
-        : `/workspaces/${projectId}/`;
+    if (projectId === currentProjectId) return;
    startTransition(() => {
-      setIsProjectDropdownOpen(false);
-      router.push(targetPath);
+      router.push(`/workspaces/${projectId}/`);
    });
  };

@@ -2,8 +2,6 @@ import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { EnvironmentLayout } from "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout";
 import { EnvironmentContextWrapper } from "@/app/(app)/environments/[environmentId]/context/environment-context";
-import { PostHogGroupIdentify } from "@/app/posthog/PostHogGroupIdentify";
-import { POSTHOG_KEY } from "@/lib/constants";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getEnvironmentLayoutData } from "@/modules/environments/lib/utils";
 import EnvironmentStorageHandler from "./components/EnvironmentStorageHandler";
@@ -27,14 +25,6 @@ const EnvLayout = async (props: {
  return (
    <>
      <EnvironmentStorageHandler environmentId={params.environmentId} />
-      {POSTHOG_KEY && (
-        <PostHogGroupIdentify
-          organizationId={layoutData.organization.id}
-          organizationName={layoutData.organization.name}
-          workspaceId={layoutData.project.id}
-          workspaceName={layoutData.project.name}
-        />
-      )}
      <EnvironmentContextWrapper
        environment={layoutData.environment}
        project={layoutData.project}
@@ -1,68 +1,30 @@
 "use client";

 import type { Session } from "next-auth";
-import { useEffect, useRef, useState } from "react";
-import toast from "react-hot-toast";
+import { useState } from "react";
 import { useTranslation } from "react-i18next";
 import { TOrganization } from "@formbricks/types/organizations";
 import { TUser } from "@formbricks/types/user";
 import { DeleteAccountModal } from "@/modules/account/components/DeleteAccountModal";
-import {
-  ACCOUNT_DELETION_GOOGLE_REAUTH_NOT_CONFIGURED_ERROR_CODE,
-  ACCOUNT_DELETION_SSO_REAUTH_ERROR_QUERY_PARAM,
-} from "@/modules/account/constants";
 import { Button } from "@/modules/ui/components/button";
 import { TooltipRenderer } from "@/modules/ui/components/tooltip";

-interface DeleteAccountProps {
-  session: Session | null;
-  IS_FORMBRICKS_CLOUD: boolean;
-  user: TUser;
-  organizationsWithSingleOwner: TOrganization[];
-  accountDeletionError?: string | string[];
-  isMultiOrgEnabled: boolean;
-  requiresPasswordConfirmation: boolean;
-}
-
 export const DeleteAccount = ({
  session,
  IS_FORMBRICKS_CLOUD,
  user,
  organizationsWithSingleOwner,
-  accountDeletionError,
  isMultiOrgEnabled,
-  requiresPasswordConfirmation,
-}: Readonly<DeleteAccountProps>) => {
+}: {
+  session: Session | null;
+  IS_FORMBRICKS_CLOUD: boolean;
+  user: TUser;
+  organizationsWithSingleOwner: TOrganization[];
+  isMultiOrgEnabled: boolean;
+}) => {
  const [isModalOpen, setModalOpen] = useState(false);
  const isDeleteDisabled = !isMultiOrgEnabled && organizationsWithSingleOwner.length > 0;
  const { t } = useTranslation();
-  const accountDeletionErrorCode = Array.isArray(accountDeletionError)
-    ? accountDeletionError[0]
-    : accountDeletionError;
-  const hasShownAccountDeletionError = useRef(false);
-
-  useEffect(() => {
-    if (!accountDeletionErrorCode || hasShownAccountDeletionError.current) {
-      return;
-    }
-
-    hasShownAccountDeletionError.current = true;
-
-    if (accountDeletionErrorCode === ACCOUNT_DELETION_GOOGLE_REAUTH_NOT_CONFIGURED_ERROR_CODE) {
-      toast.error(t("environments.settings.profile.google_sso_account_deletion_requires_setup"), {
-        id: "account-deletion-sso-reauth-error",
-      });
-    } else {
-      toast.error(t("environments.settings.profile.sso_reauthentication_failed"), {
-        id: "account-deletion-sso-reauth-error",
-      });
-    }
-
-    const url = new URL(globalThis.location.href);
-    url.searchParams.delete(ACCOUNT_DELETION_SSO_REAUTH_ERROR_QUERY_PARAM);
-    globalThis.history.replaceState(null, "", url.toString());
-  }, [accountDeletionErrorCode, t]);
-
  if (!session) {
    return null;
  }
@@ -70,7 +32,6 @@ export const DeleteAccount = ({
  return (
    <div>
      <DeleteAccountModal
-        requiresPasswordConfirmation={requiresPasswordConfirmation}
        open={isModalOpen}
        setOpen={setModalOpen}
        user={user}
@@ -1,7 +1,14 @@
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
+import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { verifyUserPassword } from "@/lib/user/password";
+import { verifyPassword as mockVerifyPasswordImported } from "@/modules/auth/lib/utils";
 import { getIsEmailUnique } from "./user";

+vi.mock("@/modules/auth/lib/utils", () => ({
+  verifyPassword: vi.fn(),
+}));
+
 vi.mock("@formbricks/database", () => ({
  prisma: {
    user: {
@@ -11,12 +18,92 @@ vi.mock("@formbricks/database", () => ({
 }));

 const mockPrismaUserFindUnique = vi.mocked(prisma.user.findUnique);
+const mockVerifyPasswordUtil = vi.mocked(mockVerifyPasswordImported);

 describe("User Library Tests", () => {
  beforeEach(() => {
    vi.resetAllMocks();
  });

+  describe("verifyUserPassword", () => {
+    const userId = "test-user-id";
+    const password = "test-password";
+
+    test("should return true for correct password", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: "hashed-password",
+        identityProvider: "email",
+      } as any);
+      mockVerifyPasswordUtil.mockResolvedValue(true);
+
+      const result = await verifyUserPassword(userId, password);
+      expect(result).toBe(true);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).toHaveBeenCalledWith(password, "hashed-password");
+    });
+
+    test("should return false for incorrect password", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: "hashed-password",
+        identityProvider: "email",
+      } as any);
+      mockVerifyPasswordUtil.mockResolvedValue(false);
+
+      const result = await verifyUserPassword(userId, password);
+      expect(result).toBe(false);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).toHaveBeenCalledWith(password, "hashed-password");
+    });
+
+    test("should throw ResourceNotFoundError if user not found", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue(null);
+
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(ResourceNotFoundError);
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(`user with ID ${userId} not found`);
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
+    });
+
+    test("should throw InvalidInputError if identityProvider is not email", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: "hashed-password",
+        identityProvider: "google", // Not 'email'
+      } as any);
+
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(InvalidInputError);
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow("Password is not set for this user");
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
+    });
+
+    test("should throw InvalidInputError if password is not set for email provider", async () => {
+      mockPrismaUserFindUnique.mockResolvedValue({
+        password: null, // Password not set
+        identityProvider: "email",
+      } as any);
+
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow(InvalidInputError);
+      await expect(verifyUserPassword(userId, password)).rejects.toThrow("Password is not set for this user");
+      expect(mockPrismaUserFindUnique).toHaveBeenCalledWith({
+        where: { id: userId },
+        select: { password: true, identityProvider: true },
+      });
+      expect(mockVerifyPasswordUtil).not.toHaveBeenCalled();
+    });
+  });
+
  describe("getIsEmailUnique", () => {
    const email = "test@example.com";

@@ -5,7 +5,6 @@ import { EMAIL_VERIFICATION_DISABLED, IS_FORMBRICKS_CLOUD, PASSWORD_RESET_DISABL
 import { getOrganizationsWhereUserIsSingleOwner } from "@/lib/organization/service";
 import { getUser } from "@/lib/user/service";
 import { getTranslate } from "@/lingodotdev/server";
-import { requiresPasswordConfirmationForAccountDeletion } from "@/modules/account/lib/account-deletion-auth";
 import { getIsMultiOrgEnabled, getIsTwoFactorAuthEnabled } from "@/modules/ee/license-check/lib/utils";
 import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { IdBadge } from "@/modules/ui/components/id-badge";
@@ -16,14 +15,10 @@ import { SettingsCard } from "../../components/SettingsCard";
 import { DeleteAccount } from "./components/DeleteAccount";
 import { EditProfileDetailsForm } from "./components/EditProfileDetailsForm";

-const Page = async (props: {
-  params: Promise<{ environmentId: string }>;
-  searchParams: Promise<{ accountDeletionError?: string | string[] }>;
-}) => {
+const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
  const isTwoFactorAuthEnabled = await getIsTwoFactorAuthEnabled();
  const isMultiOrgEnabled = await getIsMultiOrgEnabled();
  const params = await props.params;
-  const searchParams = await props.searchParams;
  const t = await getTranslate();
  const { environmentId } = params;

@@ -38,7 +33,6 @@ const Page = async (props: {
  }

  const isPasswordResetEnabled = !PASSWORD_RESET_DISABLED && user.identityProvider === "email";
-  const requiresPasswordConfirmation = requiresPasswordConfirmationForAccountDeletion(user);

  return (
    <PageContentWrapper>
@@ -96,8 +90,6 @@ const Page = async (props: {
              user={user}
              organizationsWithSingleOwner={organizationsWithSingleOwner}
              isMultiOrgEnabled={isMultiOrgEnabled}
-              accountDeletionError={searchParams.accountDeletionError}
-              requiresPasswordConfirmation={requiresPasswordConfirmation}
            />
          </SettingsCard>
          <IdBadge id={user.id} label={t("common.profile_id")} variant="column" />
@@ -3,22 +3,25 @@
 import { InboxIcon, PresentationIcon } from "lucide-react";
 import { usePathname } from "next/navigation";
 import { useTranslation } from "react-i18next";
-import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { TSurvey } from "@formbricks/types/surveys/types";
 import { revalidateSurveyIdPath } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
-import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { SecondaryNavigation } from "@/modules/ui/components/secondary-navigation";

 interface SurveyAnalysisNavigationProps {
+  environmentId: string;
+  survey: TSurvey;
  activeId: string;
 }

-export const SurveyAnalysisNavigation = ({ activeId }: SurveyAnalysisNavigationProps) => {
+export const SurveyAnalysisNavigation = ({
+  environmentId,
+  survey,
+  activeId,
+}: SurveyAnalysisNavigationProps) => {
  const pathname = usePathname();
  const { t } = useTranslation();
-  const { environment } = useEnvironment();
-  const { survey } = useSurvey();

-  const url = `/environments/${environment.id}/surveys/${survey.id}`;
+  const url = `/environments/${environmentId}/surveys/${survey.id}`;

  const navigation = [
    {
@@ -28,7 +31,7 @@ export const SurveyAnalysisNavigation = ({ activeId }: SurveyAnalysisNavigationP
      href: `${url}/summary?referer=true`,
      current: pathname?.includes("/summary"),
      onClick: () => {
-        revalidateSurveyIdPath(environment.id, survey.id);
+        revalidateSurveyIdPath(environmentId, survey.id);
      },
    },
    {
@@ -38,7 +41,7 @@ export const SurveyAnalysisNavigation = ({ activeId }: SurveyAnalysisNavigationP
      href: `${url}/responses?referer=true`,
      current: pathname?.includes("/responses"),
      onClick: () => {
-        revalidateSurveyIdPath(environment.id, survey.id);
+        revalidateSurveyIdPath(environmentId, survey.id);
      },
    },
  ];
@@ -1,6 +1,6 @@
 "use client";

-import React, { createContext, useCallback, useContext, useMemo, useRef, useState } from "react";
+import React, { createContext, useCallback, useContext, useState } from "react";
 import {
  ElementOption,
  ElementOptions,
@@ -30,7 +30,7 @@ interface SelectedFilterOptions {

 export interface DateRange {
  from: Date | undefined;
-  to?: Date;
+  to?: Date | undefined;
 }

 interface FilterDateContextProps {
@@ -41,8 +41,6 @@ interface FilterDateContextProps {
  dateRange: DateRange;
  setDateRange: React.Dispatch<React.SetStateAction<DateRange>>;
  resetState: () => void;
-  refreshAnalysisData: () => Promise<void>;
-  registerAnalysisRefreshHandler: (handler: () => Promise<void>) => () => void;
 }

 const ResponseFilterContext = createContext<FilterDateContextProps | undefined>(undefined);
@@ -63,7 +61,6 @@ const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) =>
    from: undefined,
    to: getTodayDate(),
  });
-  const refreshHandlerRef = useRef<(() => Promise<void>) | null>(null);

  const resetState = useCallback(() => {
    setDateRange({
@@ -76,43 +73,20 @@ const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) =>
    });
  }, []);

-  const refreshAnalysisData = useCallback(async () => {
-    await refreshHandlerRef.current?.();
-  }, []);
-
-  const registerAnalysisRefreshHandler = useCallback((handler: () => Promise<void>) => {
-    refreshHandlerRef.current = handler;
-
-    return () => {
-      if (refreshHandlerRef.current === handler) {
-        refreshHandlerRef.current = null;
-      }
-    };
-  }, []);
-
-  const contextValue = useMemo(
-    () => ({
-      setSelectedFilter,
-      selectedFilter,
-      selectedOptions,
-      setSelectedOptions,
-      dateRange,
-      setDateRange,
-      resetState,
-      refreshAnalysisData,
-      registerAnalysisRefreshHandler,
-    }),
-    [
-      dateRange,
-      refreshAnalysisData,
-      registerAnalysisRefreshHandler,
-      resetState,
-      selectedFilter,
-      selectedOptions,
-    ]
+  return (
+    <ResponseFilterContext.Provider
+      value={{
+        setSelectedFilter,
+        selectedFilter,
+        selectedOptions,
+        setSelectedOptions,
+        dateRange,
+        setDateRange,
+        resetState,
+      }}>
+      {children}
+    </ResponseFilterContext.Provider>
  );
-
-  return <ResponseFilterContext.Provider value={contextValue}>{children}</ResponseFilterContext.Provider>;
 };

 const useResponseFilter = () => {
@@ -1,22 +0,0 @@
-"use client";
-
-import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
-import { PageHeader } from "@/modules/ui/components/page-header";
-import { SkeletonLoader } from "@/modules/ui/components/skeleton-loader";
-
-const Loading = () => {
-  return (
-    <PageContentWrapper>
-      <PageHeader pageTitle="" />
-      <div className="flex h-9 animate-pulse gap-2">
-        <div className="h-9 w-36 rounded-full bg-slate-200" />
-        <div className="h-9 w-36 rounded-full bg-slate-200" />
-        <div className="h-9 w-36 rounded-full bg-slate-200" />
-        <div className="h-9 w-36 rounded-full bg-slate-200" />
-      </div>
-      <SkeletonLoader type="summary" />
-    </PageContentWrapper>
-  );
-};
-
-export default Loading;
@@ -2,8 +2,6 @@

 import { useSearchParams } from "next/navigation";
 import { useCallback, useEffect, useMemo, useState } from "react";
-import toast from "react-hot-toast";
-import { useTranslation } from "react-i18next";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TSurveyQuota } from "@formbricks/types/quota";
 import { TResponseWithQuotas } from "@formbricks/types/responses";
@@ -15,7 +13,6 @@ import { useResponseFilter } from "@/app/(app)/environments/[environmentId]/surv
 import { ResponseDataView } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/components/ResponseDataView";
 import { CustomFilter } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/CustomFilter";
 import { getFormattedFilters } from "@/app/lib/surveys/surveys";
-import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { replaceHeadlineRecall } from "@/lib/utils/recall";

 interface ResponsePageProps {
@@ -49,8 +46,8 @@ export const ResponsePage = ({
  const [page, setPage] = useState<number | null>(null);
  const [hasMore, setHasMore] = useState<boolean>(initialResponses.length >= responsesPerPage);
  const [isFetchingFirstPage, setIsFetchingFirstPage] = useState<boolean>(false);
-  const { selectedFilter, dateRange, resetState, registerAnalysisRefreshHandler } = useResponseFilter();
-  const { t } = useTranslation();
+  const { selectedFilter, dateRange, resetState } = useResponseFilter();
+
  const filters = useMemo(
    () => getFormattedFilters(survey, selectedFilter, dateRange),

@@ -89,34 +86,6 @@ export const ResponsePage = ({
    setResponses((prev) => prev.map((r) => (r.id === responseId ? updatedResponse : r)));
  };

-  const refetchResponses = useCallback(async () => {
-    setIsFetchingFirstPage(true);
-
-    try {
-      const getResponsesActionResponse = await getResponsesAction({
-        surveyId,
-        limit: responsesPerPage,
-        offset: 0,
-        filterCriteria: filters,
-      });
-
-      if (getResponsesActionResponse?.serverError) {
-        toast.error(getFormattedErrorMessage(getResponsesActionResponse) ?? t("common.something_went_wrong"));
-      }
-
-      const freshResponses = getResponsesActionResponse?.data ?? [];
-      setResponses(freshResponses);
-      setPage(1);
-      setHasMore(freshResponses.length >= responsesPerPage);
-    } finally {
-      setIsFetchingFirstPage(false);
-    }
-  }, [filters, responsesPerPage, surveyId]);
-
-  useEffect(() => {
-    return registerAnalysisRefreshHandler(refetchResponses);
-  }, [refetchResponses, registerAnalysisRefreshHandler]);
-
  const surveyMemoized = useMemo(() => {
    return replaceHeadlineRecall(survey, "default");
  }, [survey]);
@@ -165,8 +134,6 @@ export const ResponsePage = ({
      }
    };
    fetchFilteredResponses();
-    // page is intentionally omitted to avoid refetching after the initial page setup.
-    // eslint-disable-next-line react-hooks/exhaustive-deps
  }, [filters, responsesPerPage, selectedFilter, dateRange, surveyId]);

  return (
@@ -1,4 +1,5 @@
 import { TFunction } from "i18next";
+import { capitalize } from "lodash";
 import {
  AirplayIcon,
  ArrowUpFromDotIcon,
@@ -8,7 +9,6 @@ import {
  SmartphoneIcon,
 } from "lucide-react";
 import { TResponseMeta } from "@formbricks/types/responses";
-import { capitalize } from "@/lib/utils/object";

 export const getAddressFieldLabel = (field: string, t: TFunction) => {
  switch (field) {
@@ -1,23 +0,0 @@
-"use client";
-
-import { useTranslation } from "react-i18next";
-import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
-import { PageHeader } from "@/modules/ui/components/page-header";
-import { SkeletonLoader } from "@/modules/ui/components/skeleton-loader";
-
-const Loading = () => {
-  const { t } = useTranslation();
-
-  return (
-    <PageContentWrapper>
-      <PageHeader pageTitle={t("common.responses")} />
-      <div className="flex h-9 animate-pulse gap-1.5">
-        <div className="h-9 w-36 rounded-full bg-slate-200" />
-        <div className="h-9 w-36 rounded-full bg-slate-200" />
-      </div>
-      <SkeletonLoader type="responseTable" />
-    </PageContentWrapper>
-  );
-};
-
-export default Loading;
@@ -64,6 +64,8 @@ const Page = async (props: { params: Promise<{ environmentId: string; surveyId:
        pageTitle={survey.name}
        cta={
          <SurveyAnalysisCTA
+            environment={environment}
+            survey={survey}
            isReadOnly={isReadOnly}
            user={user}
            publicDomain={publicDomain}
@@ -74,7 +76,7 @@ const Page = async (props: { params: Promise<{ environmentId: string; surveyId:
            isStorageConfigured={IS_STORAGE_CONFIGURED}
          />
        }>
-        <SurveyAnalysisNavigation activeId="responses" />
+        <SurveyAnalysisNavigation environmentId={environment.id} survey={survey} activeId="responses" />
      </PageHeader>
      <ResponsePage
        environment={environment}
@@ -4,7 +4,6 @@ import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
 import { OperationNotAllowedError, ResourceNotFoundError, UnknownError } from "@formbricks/types/errors";
 import { getEmailTemplateHtml } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/emailTemplate";
-import { capturePostHogEvent } from "@/lib/posthog";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
@@ -147,7 +146,6 @@ export const generatePersonalLinksAction = authenticatedActionClient
  .inputSchema(ZGeneratePersonalLinksAction)
  .action(async ({ ctx, parsedInput }) => {
    const organizationId = await getOrganizationIdFromSurveyId(parsedInput.surveyId);
-    const projectId = await getProjectIdFromSurveyId(parsedInput.surveyId);
    const isContactsEnabled = await getIsContactsEnabled(organizationId);
    if (!isContactsEnabled) {
      throw new OperationNotAllowedError("Contacts are not enabled for this environment");
@@ -155,7 +153,7 @@ export const generatePersonalLinksAction = authenticatedActionClient

    await checkAuthorizationUpdated({
      userId: ctx.user.id,
-      organizationId,
+      organizationId: await getOrganizationIdFromSurveyId(parsedInput.surveyId),
      access: [
        {
          type: "organization",
@@ -163,7 +161,7 @@ export const generatePersonalLinksAction = authenticatedActionClient
        },
        {
          type: "projectTeam",
-          projectId,
+          projectId: await getProjectIdFromSurveyId(parsedInput.surveyId),
          minPermission: "readWrite",
        },
      ],
@@ -180,18 +178,6 @@ export const generatePersonalLinksAction = authenticatedActionClient
      throw new UnknownError("No contacts found for the selected segment");
    }

-    capturePostHogEvent(
-      ctx.user.id,
-      "personal_link_created",
-      {
-        organization_id: organizationId,
-        workspace_id: projectId,
-        survey_id: parsedInput.surveyId,
-        link_count: contactsResult.length,
-      },
-      { organizationId, workspaceId: projectId }
-    );
-
    // Prepare CSV data with the specified headers and order
    const csvHeaders = [
      "Formbricks Contact ID",
@@ -4,13 +4,16 @@ import { useSearchParams } from "next/navigation";
 import { useEffect, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
-import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
-import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
+import { TEnvironment } from "@formbricks/types/environment";
+import { TSurvey } from "@formbricks/types/surveys/types";
 import { Confetti } from "@/modules/ui/components/confetti";

-export const SuccessMessage = () => {
-  const { environment } = useEnvironment();
-  const { survey } = useSurvey();
+interface SummaryMetadataProps {
+  environment: TEnvironment;
+  survey: TSurvey;
+}
+
+export const SuccessMessage = ({ environment, survey }: SummaryMetadataProps) => {
  const { t } = useTranslation();
  const searchParams = useSearchParams();
  const [confetti, setConfetti] = useState(false);
@@ -71,7 +71,7 @@ export const SummaryPage = ({
  const [tab, setTab] = useState<"dropOffs" | "quotas" | "impressions" | undefined>(undefined);
  const [isLoading, setIsLoading] = useState(!initialSurveySummary);

-  const { selectedFilter, dateRange, resetState, registerAnalysisRefreshHandler } = useResponseFilter();
+  const { selectedFilter, dateRange, resetState } = useResponseFilter();

  const [displays, setDisplays] = useState<TDisplayWithContact[]>([]);
  const [isDisplaysLoading, setIsDisplaysLoading] = useState(false);
@@ -111,7 +111,7 @@ export const SummaryPage = ({
    } finally {
      setIsDisplaysLoading(false);
    }
-  }, [fetchDisplays]);
+  }, [fetchDisplays, t]);

  const handleLoadMoreDisplays = useCallback(async () => {
    try {
@@ -131,39 +131,13 @@ export const SummaryPage = ({
    }
  }, [tab, loadInitialDisplays]);

-  const fetchSummary = useCallback(async () => {
-    const currentFilters = getFormattedFilters(survey, selectedFilter, dateRange);
-    const updatedSurveySummary = await getSurveySummaryAction({
-      surveyId,
-      filterCriteria: currentFilters,
-    });
-
-    if (updatedSurveySummary?.serverError) {
-      throw new Error(getFormattedErrorMessage(updatedSurveySummary));
-    }
-
-    setSurveySummary(updatedSurveySummary?.data ?? defaultSurveySummary);
-  }, [dateRange, selectedFilter, survey, surveyId]);
-
-  const refreshSummary = useCallback(async () => {
-    setIsLoading(true);
-
-    try {
-      await Promise.all([fetchSummary(), tab === "impressions" ? loadInitialDisplays() : Promise.resolve()]);
-    } finally {
-      setIsLoading(false);
-    }
-  }, [fetchSummary, loadInitialDisplays, tab]);
-
-  useEffect(() => {
-    return registerAnalysisRefreshHandler(refreshSummary);
-  }, [refreshSummary, registerAnalysisRefreshHandler]);
-
  // Only fetch data when filters change or when there's no initial data
  useEffect(() => {
    // If we have initial data and no filters are applied, don't fetch
    const hasNoFilters =
-      (!selectedFilter || Object.keys(selectedFilter).length === 0 || selectedFilter.filter?.length === 0) &&
+      (!selectedFilter ||
+        Object.keys(selectedFilter).length === 0 ||
+        (selectedFilter.filter && selectedFilter.filter.length === 0)) &&
      (!dateRange || (!dateRange.from && !dateRange.to));

    if (initialSurveySummary && hasNoFilters) {
@@ -171,11 +145,21 @@ export const SummaryPage = ({
      return;
    }

-    const fetchFilteredSummary = async () => {
+    const fetchSummary = async () => {
      setIsLoading(true);

      try {
-        await fetchSummary();
+        // Recalculate filters inside the effect to ensure we have the latest values
+        const currentFilters = getFormattedFilters(survey, selectedFilter, dateRange);
+        let updatedSurveySummary;
+
+        updatedSurveySummary = await getSurveySummaryAction({
+          surveyId,
+          filterCriteria: currentFilters,
+        });
+
+        const surveySummary = updatedSurveySummary?.data ?? defaultSurveySummary;
+        setSurveySummary(surveySummary);
      } catch (error) {
        console.error(error);
      } finally {
@@ -183,8 +167,8 @@ export const SummaryPage = ({
      }
    };

-    fetchFilteredSummary();
-  }, [selectedFilter, dateRange, initialSurveySummary, fetchSummary]);
+    fetchSummary();
+  }, [selectedFilter, dateRange, survey, surveyId, initialSurveySummary]);

  const surveyMemoized = useMemo(() => {
    return replaceHeadlineRecall(survey, "default");
@@ -1,18 +1,18 @@
 "use client";

-import { BellRing, Eye, ListRestart, RefreshCcwIcon, SquarePenIcon } from "lucide-react";
+import { BellRing, Eye, ListRestart, SquarePenIcon } from "lucide-react";
 import { usePathname, useRouter, useSearchParams } from "next/navigation";
 import { useEffect, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
+import { TEnvironment } from "@formbricks/types/environment";
 import { TSegment } from "@formbricks/types/segment";
+import { TSurvey } from "@formbricks/types/surveys/types";
 import { TUser } from "@formbricks/types/user";
 import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
-import { useResponseFilter } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/response-filter-context";
 import { SuccessMessage } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SuccessMessage";
 import { ShareSurveyModal } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/share-survey-modal";
 import { SurveyStatusDropdown } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/SurveyStatusDropdown";
-import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { EditPublicSurveyAlertDialog } from "@/modules/survey/components/edit-public-survey-alert-dialog";
 import { useSingleUseId } from "@/modules/survey/hooks/useSingleUseId";
@@ -23,6 +23,8 @@ import { IconBar } from "@/modules/ui/components/iconbar";
 import { resetSurveyAction } from "../actions";

 interface SurveyAnalysisCTAProps {
+  survey: TSurvey;
+  environment: TEnvironment;
  isReadOnly: boolean;
  user: TUser;
  publicDomain: string;
@@ -39,6 +41,8 @@ interface ModalState {
 }

 export const SurveyAnalysisCTA = ({
+  survey,
+  environment,
  isReadOnly,
  user,
  publicDomain,
@@ -59,12 +63,9 @@ export const SurveyAnalysisCTA = ({
  });
  const [isResetModalOpen, setIsResetModalOpen] = useState(false);
  const [isResetting, setIsResetting] = useState(false);
-  const [isRefreshing, setIsRefreshing] = useState(false);

-  const { environment, project } = useEnvironment();
-  const { survey } = useSurvey();
+  const { project } = useEnvironment();
  const { refreshSingleUseId } = useSingleUseId(survey, isReadOnly);
-  const { refreshAnalysisData } = useResponseFilter();

  const appSetupCompleted = survey.type === "app" && environment.appSetupCompleted;

@@ -76,7 +77,7 @@ export const SurveyAnalysisCTA = ({
  }, [searchParams]);

  const handleShareModalToggle = (open: boolean) => {
-    const params = new URLSearchParams(globalThis.location.search);
+    const params = new URLSearchParams(window.location.search);
    const currentShareParam = params.get("share") === "true";

    if (open && !currentShareParam) {
@@ -146,25 +147,6 @@ export const SurveyAnalysisCTA = ({
  };

  const iconActions = [
-    {
-      icon: RefreshCcwIcon,
-      tooltip: t("common.refresh"),
-      onClick: async () => {
-        if (isRefreshing) return;
-        setIsRefreshing(true);
-        try {
-          await refreshAnalysisData();
-          toast.success(t("common.data_refreshed_successfully"));
-        } catch (error) {
-          const errorMessage = error instanceof Error ? error.message : t("common.something_went_wrong");
-          toast.error(errorMessage);
-        } finally {
-          setIsRefreshing(false);
-        }
-      },
-      disabled: isRefreshing,
-      isVisible: true,
-    },
    {
      icon: BellRing,
      tooltip: t("environments.surveys.summary.configure_alerts"),
@@ -201,7 +183,7 @@ export const SurveyAnalysisCTA = ({
  return (
    <div className="hidden justify-end gap-x-1.5 sm:flex">
      {!isReadOnly && (appSetupCompleted || survey.type === "link") && survey.status !== "draft" && (
-        <SurveyStatusDropdown />
+        <SurveyStatusDropdown environment={environment} survey={survey} />
      )}

      <IconBar actions={iconActions} />
@@ -233,7 +215,7 @@ export const SurveyAnalysisCTA = ({
          projectCustomScripts={project.customHeadScripts}
        />
      )}
-      <SuccessMessage />
+      <SuccessMessage environment={environment} survey={survey} />

      {responseCount > 0 && (
        <EditPublicSurveyAlertDialog
@@ -2,7 +2,7 @@

 import DOMPurify from "dompurify";
 import { CopyIcon, SendIcon } from "lucide-react";
-import { type SyntheticEvent, useEffect, useMemo, useState } from "react";
+import { useEffect, useMemo, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
 import { AuthenticationError } from "@formbricks/types/errors";
@@ -21,7 +21,6 @@ interface EmailTabProps {
 export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
  const [activeTab, setActiveTab] = useState("preview");
  const [emailHtmlPreview, setEmailHtmlPreview] = useState<string>("");
-  const [previewFrameHeight, setPreviewFrameHeight] = useState(560);
  const { t } = useTranslation();

  const emailHtml = useMemo(() => {
@@ -32,40 +31,6 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
      .replaceAll("?preview=true", "");
  }, [emailHtmlPreview]);

-  const sanitizedEmailHtml = useMemo(() => {
-    if (!emailHtmlPreview) return "";
-    return DOMPurify.sanitize(emailHtmlPreview, { ADD_ATTR: ["bgcolor", "target"] });
-  }, [emailHtmlPreview]);
-
-  const emailPreviewDocument = useMemo(() => {
-    if (!sanitizedEmailHtml) return "";
-
-    return `<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <meta name="color-scheme" content="only light" />
-    <meta name="supported-color-schemes" content="light" />
-    <base target="_blank" />
-    <style>
-      :root {
-        color-scheme: only light;
-        supported-color-schemes: light;
-      }
-
-      html, body {
-        margin: 0;
-        padding: 0;
-        background: #ffffff;
-        color-scheme: only light;
-      }
-    </style>
-  </head>
-  <body>${sanitizedEmailHtml}</body>
-</html>`;
-  }, [sanitizedEmailHtml]);
-
  const tabs = [
    {
      id: "preview",
@@ -86,25 +51,6 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
    getData();
  }, [surveyId]);

-  useEffect(() => {
-    setPreviewFrameHeight(560);
-  }, [emailPreviewDocument]);
-
-  const handlePreviewFrameLoad = (event: SyntheticEvent<HTMLIFrameElement>) => {
-    const { contentDocument } = event.currentTarget;
-    if (!contentDocument) {
-      return;
-    }
-
-    const nextHeight = Math.max(
-      contentDocument.body.scrollHeight,
-      contentDocument.documentElement.scrollHeight,
-      560
-    );
-
-    setPreviewFrameHeight(nextHeight);
-  };
-
  const sendPreviewEmail = async () => {
    try {
      const val = await sendEmbedSurveyPreviewEmailAction({ surveyId });
@@ -127,9 +73,7 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
    if (activeTab === "preview") {
      return (
        <div className="space-y-4 pb-4">
-          <div
-            className="flex-1 overflow-y-auto rounded-lg border border-slate-200 bg-white p-4"
-            data-testid="survey-email-preview-shell">
+          <div className="flex-1 overflow-y-auto rounded-lg border border-slate-200 bg-white p-4">
            <div className="mb-6 flex gap-2">
              <div className="h-3 w-3 rounded-full bg-red-500" />
              <div className="h-3 w-3 rounded-full bg-amber-500" />
@@ -143,17 +87,9 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
                {t("environments.surveys.share.send_email.email_subject_label")} :{" "}
                {t("environments.surveys.share.send_email.formbricks_email_survey_preview")}
              </div>
-              <div data-testid="survey-email-preview-content">
-                {emailPreviewDocument ? (
-                  <iframe
-                    className="mt-2 w-full rounded-md border-0 bg-white"
-                    data-testid="survey-email-preview-frame"
-                    onLoad={handlePreviewFrameLoad}
-                    sandbox="allow-popups allow-popups-to-escape-sandbox allow-same-origin"
-                    srcDoc={emailPreviewDocument}
-                    style={{ height: `${previewFrameHeight}px` }}
-                    title={t("environments.surveys.share.send_email.email_preview_tab")}
-                  />
+              <div className="p-2">
+                {emailHtml ? (
+                  <div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(emailHtml) }} />
                ) : (
                  <LoadingSpinner />
                )}
@@ -16,19 +16,13 @@ export const WebsiteEmbedTab = ({ surveyUrl }: WebsiteEmbedTabProps) => {
  const [embedModeEnabled, setEmbedModeEnabled] = useState(false);
  const { t } = useTranslation();

-  const separator = surveyUrl.includes("?") ? "&" : "?";
-
-  const iframeSrc = embedModeEnabled ? `${surveyUrl}${separator}embed=true` : surveyUrl;
-
-  const iframeCode = `<div style="position: relative; height:80dvh; overflow:auto;">
-  <iframe
-    src="${iframeSrc}"
+  const iframeCode = `<div style="position: relative; height:80dvh; overflow:auto;"> 
+  <iframe 
+    src="${surveyUrl}${embedModeEnabled ? "?embed=true" : ""}" 
    frameborder="0" style="position: absolute; left:0; top:0; width:100%; height:100%; border:0;">
  </iframe>
 </div>`;

-  const previewSrc = `${iframeSrc}${iframeSrc.includes("?") ? "&" : "?"}preview=true`;
-
  return (
    <>
      <CodeBlock language="html" noMargin>
@@ -54,15 +48,6 @@ export const WebsiteEmbedTab = ({ surveyUrl }: WebsiteEmbedTabProps) => {
        {t("common.copy_code")}
        <CopyIcon />
      </Button>
-
-      <p className="text-base font-medium text-slate-800">{t("common.preview")}</p>
-      <div className="relative h-[500px] w-full overflow-hidden rounded-lg border border-slate-300">
-        <iframe
-          title={t("common.preview")}
-          src={previewSrc}
-          className="absolute inset-0 h-full w-full border-0"
-        />
-      </div>
    </>
  );
 };
@@ -1,59 +0,0 @@
-import { describe, expect, test } from "vitest";
-import { extractEmailBodyFragment } from "./emailTemplateFragment";
-
-describe("extractEmailBodyFragment", () => {
-  test("returns the body contents for rendered email documents", () => {
-    const html = `
-      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-      <html>
-        <head>
-          <style>.foo { color: red; }</style>
-        </head>
-        <body class="email-body">
-          <table>
-            <tr>
-              <td>Preview content</td>
-            </tr>
-          </table>
-        </body>
-      </html>
-    `;
-
-    expect(extractEmailBodyFragment(html)).toBe(
-      "<table>\n            <tr>\n              <td>Preview content</td>\n            </tr>\n          </table>"
-    );
-  });
-
-  test("removes document-level tags from rendered survey email markup", () => {
-    const fragment = extractEmailBodyFragment(`
-      <!DOCTYPE html>
-      <html>
-        <head>
-          <style>.foo { color: red; }</style>
-        </head>
-        <body>
-          <table>
-            <tr>
-              <td>Which fruits do you like</td>
-            </tr>
-          </table>
-        </body>
-      </html>
-    `);
-
-    expect(fragment).toBe(
-      "<table>\n            <tr>\n              <td>Which fruits do you like</td>\n            </tr>\n          </table>"
-    );
-    expect(fragment).not.toMatch(/<!DOCTYPE|<html|<head|<body/i);
-  });
-
-  test("falls back to the original markup when no body tag exists", () => {
-    expect(extractEmailBodyFragment("<div>Preview content</div>")).toBe("<div>Preview content</div>");
-  });
-
-  test("removes React server markers from rendered fragments", () => {
-    expect(extractEmailBodyFragment("<body><!--$--><div>Preview content</div><!--/$--></body>")).toBe(
-      "<div>Preview content</div>"
-    );
-  });
-});
@@ -1,12 +1,10 @@
 import { ResourceNotFoundError } from "@formbricks/types/errors";
 import { getPublicDomain } from "@/lib/getPublicUrl";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
-import { toJsEnvironmentStateSurvey } from "@/lib/survey/client-utils";
 import { getSurvey } from "@/lib/survey/service";
 import { getStyling } from "@/lib/utils/styling";
 import { getTranslate } from "@/lingodotdev/server";
 import { getPreviewEmailTemplateHtml } from "@/modules/email/components/preview-email-template";
-import { extractEmailBodyFragment } from "./emailTemplateFragment";

 export const getEmailTemplateHtml = async (surveyId: string, locale: string) => {
  const t = await getTranslate();
@@ -19,9 +17,12 @@ export const getEmailTemplateHtml = async (surveyId: string, locale: string) =>
    throw new ResourceNotFoundError(t("common.workspace"), null);
  }

-  const styling = getStyling(project, toJsEnvironmentStateSurvey(survey));
+  const styling = getStyling(project, survey);
  const surveyUrl = getPublicDomain() + "/s/" + survey.id;
  const html = await getPreviewEmailTemplateHtml(survey, surveyUrl, styling, locale, t);
+  const doctype =
+    '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
+  const htmlCleaned = html.toString().replace(doctype, "");

-  return extractEmailBodyFragment(html.toString());
+  return htmlCleaned;
 };
@@ -1,11 +0,0 @@
-const EMAIL_DOCTYPE_PATTERN = /<!DOCTYPE[^>]*>/i;
-const EMAIL_BODY_PATTERN = /<body\b[^>]*>([\s\S]*?)<\/body>/i;
-const EMAIL_REACT_SERVER_MARKER_PATTERN = /<!--\/?\$-->/g;
-
-export const extractEmailBodyFragment = (html: string): string => {
-  const htmlWithoutDoctype = html.replace(EMAIL_DOCTYPE_PATTERN, "").trim();
-  const bodyMatch = EMAIL_BODY_PATTERN.exec(htmlWithoutDoctype);
-  const fragment = bodyMatch?.[1].trim() ?? htmlWithoutDoctype;
-
-  return fragment.replaceAll(EMAIL_REACT_SERVER_MARKER_PATTERN, "").trim();
-};
@@ -191,61 +191,6 @@ describe("getSurveySummaryMeta", () => {
    expect(meta.dropOffPercentage).toBe(0);
    expect(meta.ttcAverage).toBe(0);
  });
-
-  test("uses block-level TTC to avoid multiplying by number of elements", () => {
-    const surveyWithOneBlockThreeElements: TSurvey = {
-      ...mockBaseSurvey,
-      blocks: [
-        {
-          id: "block1",
-          name: "Block 1",
-          elements: [
-            {
-              id: "q1",
-              type: TSurveyElementTypeEnum.OpenText,
-              headline: { default: "Q1" },
-              required: false,
-              inputType: "text",
-              charLimit: { enabled: false },
-            },
-            {
-              id: "q2",
-              type: TSurveyElementTypeEnum.OpenText,
-              headline: { default: "Q2" },
-              required: false,
-              inputType: "text",
-              charLimit: { enabled: false },
-            },
-            {
-              id: "q3",
-              type: TSurveyElementTypeEnum.OpenText,
-              headline: { default: "Q3" },
-              required: false,
-              inputType: "text",
-              charLimit: { enabled: false },
-            },
-          ] as TSurveyElement[],
-        },
-      ],
-      questions: [],
-    };
-
-    const responses = [
-      {
-        id: "r1",
-        data: { q1: "a", q2: "b", q3: "c" },
-        updatedAt: new Date(),
-        contact: null,
-        contactAttributes: {},
-        language: "en",
-        ttc: { q1: 5000, q2: 5000, q3: 4800, _total: 14800 },
-        finished: true,
-      },
-    ] as any;
-
-    const meta = getSurveySummaryMeta(surveyWithOneBlockThreeElements, responses, 1, mockQuotas);
-    expect(meta.ttcAverage).toBe(5000);
-  });
 });

 describe("getSurveySummaryDropOff", () => {
@@ -1094,9 +1094,7 @@ export const getResponsesForSummary = reactCache(
      const transformedResponses: TSurveySummaryResponse[] = await Promise.all(
        responses.map((responsePrisma) => {
          return {
-            id: responsePrisma.id,
-            data: (responsePrisma.data ?? {}) as TResponseData,
-            updatedAt: responsePrisma.updatedAt,
+            ...responsePrisma,
            contact: responsePrisma.contact
              ? {
                  id: responsePrisma.contact.id as string,
@@ -1105,10 +1103,6 @@ export const getResponsesForSummary = reactCache(
                  )?.value as string,
                }
              : null,
-            contactAttributes: (responsePrisma.contactAttributes ?? {}) as TResponseContactAttributes,
-            language: responsePrisma.language,
-            ttc: (responsePrisma.ttc ?? {}) as TResponseTtc,
-            finished: responsePrisma.finished,
          };
        })
      );
@@ -66,6 +66,8 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
        pageTitle={survey.name}
        cta={
          <SurveyAnalysisCTA
+            environment={environment}
+            survey={survey}
            isReadOnly={isReadOnly}
            user={user}
            publicDomain={publicDomain}
@@ -76,7 +78,7 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
            isStorageConfigured={IS_STORAGE_CONFIGURED}
          />
        }>
-        <SurveyAnalysisNavigation activeId="summary" />
+        <SurveyAnalysisNavigation environmentId={environment.id} survey={survey} activeId="summary" />
      </PageHeader>
      <SummaryPage
        environment={environment}
@@ -42,25 +42,18 @@ export const getResponsesDownloadUrlAction = authenticatedActionClient
      ],
    });

-    const projectId = await getProjectIdFromSurveyId(parsedInput.surveyId);
    const result = await getResponseDownloadFile(
      parsedInput.surveyId,
      parsedInput.format,
      parsedInput.filterCriteria
    );

-    capturePostHogEvent(
-      ctx.user.id,
-      "responses_exported",
-      {
-        survey_id: parsedInput.surveyId,
-        format: parsedInput.format,
-        filter_applied: Object.keys(parsedInput.filterCriteria ?? {}).length > 0,
-        organization_id: organizationId,
-        workspace_id: projectId,
-      },
-      { organizationId, workspaceId: projectId }
-    );
+    capturePostHogEvent(ctx.user.id, "responses_exported", {
+      survey_id: parsedInput.surveyId,
+      format: parsedInput.format,
+      filter_applied: Object.keys(parsedInput.filterCriteria ?? {}).length > 0,
+      organization_id: organizationId,
+    });

    return result;
  });
@@ -3,9 +3,8 @@
 import { useRouter } from "next/navigation";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
+import { TEnvironment } from "@formbricks/types/environment";
 import { TSurvey } from "@formbricks/types/surveys/types";
-import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
-import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { updateSurveyAction } from "@/modules/survey/editor/actions";
 import {
@@ -17,9 +16,17 @@ import {
 } from "@/modules/ui/components/select";
 import { SurveyStatusIndicator } from "@/modules/ui/components/survey-status-indicator";

-export const SurveyStatusDropdown = () => {
-  const { environment } = useEnvironment();
-  const { survey } = useSurvey();
+interface SurveyStatusDropdownProps {
+  environment: TEnvironment;
+  updateLocalSurveyStatus?: (status: TSurvey["status"]) => void;
+  survey: TSurvey;
+}
+
+export const SurveyStatusDropdown = ({
+  environment,
+  updateLocalSurveyStatus,
+  survey,
+}: SurveyStatusDropdownProps) => {
  const { t } = useTranslation();
  const router = useRouter();

@@ -39,6 +46,10 @@ export const SurveyStatusDropdown = () => {
        toast.success(toastMessage);
      }

+      if (updateLocalSurveyStatus) {
+        updateLocalSurveyStatus(resultingStatus);
+      }
+
      router.refresh();
    } else {
      const errorMessage = getFormattedErrorMessage(updateSurveyActionResponse);
@@ -1,8 +0,0 @@
-import { type ReactNode } from "react";
-import { SurveysQueryClientProvider } from "./query-client-provider";
-
-const SurveysLayout = ({ children }: { children: ReactNode }) => {
-  return <SurveysQueryClientProvider>{children}</SurveysQueryClientProvider>;
-};
-
-export default SurveysLayout;
@@ -1,10 +0,0 @@
-"use client";
-
-import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
-import { type ReactNode, useState } from "react";
-
-export const SurveysQueryClientProvider = ({ children }: { children: ReactNode }) => {
-  const [queryClient] = useState(() => new QueryClient());
-
-  return <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>;
-};
@@ -43,22 +43,14 @@ export const createOrUpdateIntegrationAction = authenticatedActionClient
      });

      ctx.auditLoggingCtx.organizationId = organizationId;
-      const projectId = await getProjectIdFromEnvironmentId(parsedInput.environmentId);
      const result = await createOrUpdateIntegration(parsedInput.environmentId, parsedInput.integrationData);
      ctx.auditLoggingCtx.integrationId = result.id;
      ctx.auditLoggingCtx.newObject = result;

-      capturePostHogEvent(
-        ctx.user.id,
-        "integration_connected",
-        {
-          integration_type: parsedInput.integrationData.type,
-          organization_id: organizationId,
-          workspace_id: projectId,
-          environment_id: parsedInput.environmentId,
-        },
-        { organizationId, workspaceId: projectId }
-      );
+      capturePostHogEvent(ctx.user.id, "integration_connected", {
+        integration_type: parsedInput.integrationData.type,
+        organization_id: organizationId,
+      });

      return result;
    })
@@ -1,160 +0,0 @@
-import { getServerSession } from "next-auth";
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import { logger } from "@formbricks/logger";
-import { AuthorizationError } from "@formbricks/types/errors";
-import { verifyAccountDeletionSsoReauthIntent } from "@/lib/jwt";
-import { deleteUserWithAccountDeletionAuthorization } from "@/modules/account/lib/account-deletion";
-import { queueAuditEventBackground } from "@/modules/ee/audit-logs/lib/handler";
-import { completeAccountDeletionSsoReauthenticationAndGetRedirectPath } from "./account-deletion-sso-complete";
-
-vi.mock("server-only", () => ({}));
-
-vi.mock("next-auth", () => ({
-  getServerSession: vi.fn(),
-}));
-
-vi.mock("@formbricks/logger", () => ({
-  logger: {
-    error: vi.fn(),
-    info: vi.fn(),
-  },
-}));
-
-vi.mock("@/lib/constants", () => ({
-  IS_FORMBRICKS_CLOUD: false,
-  WEBAPP_URL: "http://localhost:3000",
-}));
-
-vi.mock("@/lib/jwt", () => ({
-  verifyAccountDeletionSsoReauthIntent: vi.fn(),
-}));
-
-vi.mock("@/modules/account/lib/account-deletion", () => ({
-  deleteUserWithAccountDeletionAuthorization: vi.fn(),
-}));
-
-vi.mock("@/modules/auth/lib/authOptions", () => ({
-  authOptions: {},
-}));
-
-vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
-  queueAuditEventBackground: vi.fn(),
-}));
-
-const mockGetServerSession = vi.mocked(getServerSession);
-const mockLoggerError = vi.mocked(logger.error);
-const mockVerifyAccountDeletionSsoReauthIntent = vi.mocked(verifyAccountDeletionSsoReauthIntent);
-const mockDeleteUserWithAccountDeletionAuthorization = vi.mocked(deleteUserWithAccountDeletionAuthorization);
-const mockQueueAuditEventBackground = vi.mocked(queueAuditEventBackground);
-
-const intent = {
-  id: "intent-id",
-  email: "delete-user@example.com",
-  provider: "google",
-  providerAccountId: "google-account-id",
-  purpose: "account_deletion_sso_reauth" as const,
-  returnToUrl: "http://localhost:3000/environments/env-id/settings/profile",
-  userId: "user-id",
-};
-
-describe("completeAccountDeletionSsoReauthenticationAndGetRedirectPath", () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-
-    mockVerifyAccountDeletionSsoReauthIntent.mockReturnValue(intent);
-    mockGetServerSession.mockResolvedValue({
-      user: {
-        email: intent.email,
-        id: intent.userId,
-      },
-    } as any);
-    mockDeleteUserWithAccountDeletionAuthorization.mockResolvedValue({
-      oldUser: { id: intent.userId } as any,
-    });
-    mockQueueAuditEventBackground.mockResolvedValue(undefined);
-  });
-
-  test("returns login without deleting when the callback has no intent", async () => {
-    await expect(completeAccountDeletionSsoReauthenticationAndGetRedirectPath({})).resolves.toBe(
-      "/auth/login"
-    );
-
-    expect(mockVerifyAccountDeletionSsoReauthIntent).not.toHaveBeenCalled();
-    expect(mockDeleteUserWithAccountDeletionAuthorization).not.toHaveBeenCalled();
-    expect(mockQueueAuditEventBackground).not.toHaveBeenCalled();
-  });
-
-  test("deletes the account after a completed SSO reauthentication", async () => {
-    await expect(
-      completeAccountDeletionSsoReauthenticationAndGetRedirectPath({ intent: "intent-token" })
-    ).resolves.toBe("/auth/login");
-
-    expect(mockDeleteUserWithAccountDeletionAuthorization).toHaveBeenCalledWith({
-      confirmationEmail: intent.email,
-      userEmail: intent.email,
-      userId: intent.userId,
-    });
-    expect(mockQueueAuditEventBackground).toHaveBeenCalledWith({
-      action: "deleted",
-      targetType: "user",
-      userId: intent.userId,
-      userType: "user",
-      targetId: intent.userId,
-      organizationId: "unknown",
-      oldObject: { id: intent.userId },
-      status: "success",
-    });
-  });
-
-  test("does not delete when the callback session does not match the intent user", async () => {
-    mockGetServerSession.mockResolvedValue({
-      user: {
-        email: "other@example.com",
-        id: "other-user-id",
-      },
-    } as any);
-
-    await expect(
-      completeAccountDeletionSsoReauthenticationAndGetRedirectPath({ intent: "intent-token" })
-    ).resolves.toBe("/environments/env-id/settings/profile");
-
-    expect(mockDeleteUserWithAccountDeletionAuthorization).not.toHaveBeenCalled();
-    expect(mockLoggerError).toHaveBeenCalledWith(
-      { error: expect.any(AuthorizationError) },
-      "Failed to complete account deletion after SSO reauth"
-    );
-  });
-
-  test("keeps the post-deletion redirect if audit logging fails after deletion", async () => {
-    mockQueueAuditEventBackground.mockRejectedValue(new Error("audit unavailable"));
-
-    await expect(
-      completeAccountDeletionSsoReauthenticationAndGetRedirectPath({ intent: "intent-token" })
-    ).resolves.toBe("/auth/login");
-
-    expect(mockDeleteUserWithAccountDeletionAuthorization).toHaveBeenCalled();
-    expect(mockLoggerError).toHaveBeenCalledWith(
-      { error: expect.any(Error) },
-      "Failed to complete account deletion after SSO reauth"
-    );
-  });
-
-  test("falls back to login when the intent return URL is not allowed", async () => {
-    mockVerifyAccountDeletionSsoReauthIntent.mockReturnValue({
-      ...intent,
-      returnToUrl: "https://evil.example/settings/profile",
-    });
-    mockGetServerSession.mockResolvedValue({
-      user: {
-        email: "other@example.com",
-        id: "other-user-id",
-      },
-    } as any);
-
-    await expect(
-      completeAccountDeletionSsoReauthenticationAndGetRedirectPath({ intent: ["intent-token"] })
-    ).resolves.toBe("/auth/login");
-
-    expect(mockDeleteUserWithAccountDeletionAuthorization).not.toHaveBeenCalled();
-  });
-});
@@ -1,82 +0,0 @@
-import "server-only";
-import { getServerSession } from "next-auth";
-import { logger } from "@formbricks/logger";
-import { AuthorizationError } from "@formbricks/types/errors";
-import { IS_FORMBRICKS_CLOUD, WEBAPP_URL } from "@/lib/constants";
-import { verifyAccountDeletionSsoReauthIntent } from "@/lib/jwt";
-import { getValidatedCallbackUrl } from "@/lib/utils/url";
-import { FORMBRICKS_CLOUD_ACCOUNT_DELETION_SURVEY_URL } from "@/modules/account/constants";
-import { deleteUserWithAccountDeletionAuthorization } from "@/modules/account/lib/account-deletion";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { queueAuditEventBackground } from "@/modules/ee/audit-logs/lib/handler";
-import { UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";
-
-type TAccountDeletionSsoCompleteSearchParams = {
-  intent?: string | string[];
-};
-
-const getIntentToken = (intent: string | string[] | undefined) => {
-  if (Array.isArray(intent)) {
-    return intent[0];
-  }
-
-  return intent;
-};
-
-const getSafeRedirectPath = (returnToUrl: string) => {
-  const validatedReturnToUrl = getValidatedCallbackUrl(returnToUrl, WEBAPP_URL);
-
-  if (!validatedReturnToUrl) {
-    return "/auth/login";
-  }
-
-  const parsedReturnToUrl = new URL(validatedReturnToUrl);
-  return `${parsedReturnToUrl.pathname}${parsedReturnToUrl.search}${parsedReturnToUrl.hash}`;
-};
-
-const getPostDeletionRedirectPath = () =>
-  IS_FORMBRICKS_CLOUD ? FORMBRICKS_CLOUD_ACCOUNT_DELETION_SURVEY_URL : "/auth/login";
-
-export const completeAccountDeletionSsoReauthenticationAndGetRedirectPath = async ({
-  intent,
-}: TAccountDeletionSsoCompleteSearchParams): Promise<string> => {
-  const intentToken = getIntentToken(intent);
-  let redirectPath = "/auth/login";
-
-  if (!intentToken) {
-    return redirectPath;
-  }
-
-  try {
-    const verifiedIntent = verifyAccountDeletionSsoReauthIntent(intentToken);
-    redirectPath = getSafeRedirectPath(verifiedIntent.returnToUrl);
-    const session = await getServerSession(authOptions);
-
-    if (!session?.user?.id || !session.user.email || session.user.id !== verifiedIntent.userId) {
-      throw new AuthorizationError("Account deletion SSO reauthentication session mismatch");
-    }
-
-    logger.info({ userId: session.user.id }, "Completing account deletion after SSO reauth");
-    const { oldUser } = await deleteUserWithAccountDeletionAuthorization({
-      confirmationEmail: verifiedIntent.email,
-      userEmail: session.user.email,
-      userId: session.user.id,
-    });
-    redirectPath = getPostDeletionRedirectPath();
-    await queueAuditEventBackground({
-      action: "deleted",
-      targetType: "user",
-      userId: session.user.id,
-      userType: "user",
-      targetId: session.user.id,
-      organizationId: UNKNOWN_DATA,
-      oldObject: oldUser,
-      status: "success",
-    });
-    logger.info({ userId: session.user.id }, "Completed account deletion after SSO reauth");
-  } catch (error) {
-    logger.error({ error }, "Failed to complete account deletion after SSO reauth");
-  }
-
-  return redirectPath;
-};
@@ -1,10 +0,0 @@
-import { redirect } from "next/navigation";
-import { completeAccountDeletionSsoReauthenticationAndGetRedirectPath } from "./lib/account-deletion-sso-complete";
-
-export default async function AccountDeletionSsoReauthCompletePage({
-  searchParams,
-}: {
-  searchParams: Promise<{ intent?: string | string[] }>;
-}) {
-  redirect(await completeAccountDeletionSsoReauthenticationAndGetRedirectPath(await searchParams));
-}
@@ -1,99 +0,0 @@
-import { afterEach, describe, expect, test, vi } from "vitest";
-import { captureSurveyResponsePostHogEvent } from "./posthog";
-
-vi.mock("@/lib/posthog", () => ({
-  capturePostHogEvent: vi.fn(),
-}));
-
-describe("captureSurveyResponsePostHogEvent", () => {
-  afterEach(() => {
-    vi.clearAllMocks();
-  });
-
-  const makeParams = (responseCount: number) => ({
-    organizationId: "org-1",
-    workspaceId: "ws-1",
-    surveyId: "survey-1",
-    surveyType: "link",
-    environmentId: "env-1",
-    responseCount,
-  });
-
-  test("fires on 1st response with milestone 'first'", async () => {
-    const { capturePostHogEvent } = await import("@/lib/posthog");
-
-    captureSurveyResponsePostHogEvent(makeParams(1));
-
-    expect(capturePostHogEvent).toHaveBeenCalledWith(
-      "org-1",
-      "survey_response_received",
-      {
-        survey_id: "survey-1",
-        survey_type: "link",
-        organization_id: "org-1",
-        workspace_id: "ws-1",
-        environment_id: "env-1",
-        response_count: 1,
-        is_first_response: true,
-        milestone: "first",
-      },
-      { organizationId: "org-1", workspaceId: "ws-1" }
-    );
-  });
-
-  test("fires on every 100th response", async () => {
-    const { capturePostHogEvent } = await import("@/lib/posthog");
-
-    for (const count of [100, 200, 300, 500, 1000, 5000]) {
-      captureSurveyResponsePostHogEvent(makeParams(count));
-    }
-
-    expect(capturePostHogEvent).toHaveBeenCalledTimes(6);
-  });
-
-  test("fires on every 10th response up to 100", async () => {
-    const { capturePostHogEvent } = await import("@/lib/posthog");
-
-    for (const count of [10, 20, 30, 40, 50, 60, 70, 80, 90, 100]) {
-      captureSurveyResponsePostHogEvent(makeParams(count));
-    }
-
-    expect(capturePostHogEvent).toHaveBeenCalledTimes(10);
-  });
-
-  test("does NOT fire for non-milestone responses under 100", async () => {
-    const { capturePostHogEvent } = await import("@/lib/posthog");
-
-    for (const count of [2, 5, 11, 25, 49, 51, 99]) {
-      captureSurveyResponsePostHogEvent(makeParams(count));
-    }
-
-    expect(capturePostHogEvent).not.toHaveBeenCalled();
-  });
-
-  test("does NOT fire for non-100th counts above 100", async () => {
-    const { capturePostHogEvent } = await import("@/lib/posthog");
-
-    for (const count of [101, 150, 250, 499, 501]) {
-      captureSurveyResponsePostHogEvent(makeParams(count));
-    }
-
-    expect(capturePostHogEvent).not.toHaveBeenCalled();
-  });
-
-  test("sets milestone to count string for non-first milestones", async () => {
-    const { capturePostHogEvent } = await import("@/lib/posthog");
-
-    captureSurveyResponsePostHogEvent(makeParams(200));
-
-    expect(capturePostHogEvent).toHaveBeenCalledWith(
-      "org-1",
-      "survey_response_received",
-      expect.objectContaining({
-        is_first_response: false,
-        milestone: "200",
-      }),
-      { organizationId: "org-1", workspaceId: "ws-1" }
-    );
-  });
-});
@@ -2,7 +2,6 @@ import { capturePostHogEvent } from "@/lib/posthog";

 interface SurveyResponsePostHogEventParams {
  organizationId: string;
-  workspaceId: string;
  surveyId: string;
  surveyType: string;
  environmentId: string;
@@ -11,36 +10,24 @@ interface SurveyResponsePostHogEventParams {

 /**
 * Captures a PostHog event for survey responses at milestones:
- * 1st response, every 10th for the first 100 (10, 20, ..., 100),
- * then every 100th (200, 300, 400, ...).
+ * 1st response, then every 100th (100, 200, 300, ...).
 */
 export const captureSurveyResponsePostHogEvent = ({
  organizationId,
-  workspaceId,
  surveyId,
  surveyType,
  environmentId,
  responseCount,
 }: SurveyResponsePostHogEventParams): void => {
-  const isFirst = responseCount === 1;
-  const isEvery10thUnder100 = responseCount <= 100 && responseCount % 10 === 0;
-  const isEvery100thAbove100 = responseCount > 100 && responseCount % 100 === 0;
+  if (responseCount !== 1 && responseCount % 100 !== 0) return;

-  if (!isFirst && !isEvery10thUnder100 && !isEvery100thAbove100) return;
-
-  capturePostHogEvent(
-    organizationId,
-    "survey_response_received",
-    {
-      survey_id: surveyId,
-      survey_type: surveyType,
-      organization_id: organizationId,
-      workspace_id: workspaceId,
-      environment_id: environmentId,
-      response_count: responseCount,
-      is_first_response: responseCount === 1,
-      milestone: responseCount === 1 ? "first" : String(responseCount),
-    },
-    { organizationId, workspaceId }
-  );
+  capturePostHogEvent(organizationId, "survey_response_received", {
+    survey_id: surveyId,
+    survey_type: surveyType,
+    organization_id: organizationId,
+    environment_id: environmentId,
+    response_count: responseCount,
+    is_first_response: responseCount === 1,
+    milestone: responseCount === 1 ? "first" : String(responseCount),
+  });
 };
@@ -15,7 +15,6 @@ import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
 import { getResponseCountBySurveyId } from "@/lib/response/service";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { convertDatesInObject } from "@/lib/time";
-import { getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
 import { validateWebhookUrl } from "@/lib/utils/validate-webhook-url";
 import { queueAuditEvent } from "@/modules/ee/audit-logs/lib/handler";
 import { TAuditStatus, UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";
@@ -308,11 +307,9 @@ export const POST = async (request: Request) => {

    if (POSTHOG_KEY) {
      const responseCount = await getResponseCountBySurveyId(surveyId);
-      const workspaceId = await getProjectIdFromEnvironmentId(environmentId);

      captureSurveyResponsePostHogEvent({
        organizationId: organization.id,
-        workspaceId,
        surveyId,
        surveyType: survey.type,
        environmentId,
@@ -185,20 +185,4 @@ describe("auth route audit logging", () => {
      })
    );
  });
-
-  test("does not log a completed sign-in for the intermediate SSO recovery verification step", async () => {
-    const authOptions = await getWrappedAuthOptions("req-sso-recovery");
-    const user = {
-      id: "user_4",
-      email: "user4@example.com",
-      authFlowPurpose: "sso_recovery",
-    };
-    const account = { provider: "token" };
-
-    await expect(authOptions.callbacks.signIn({ user, account })).resolves.toBe(true);
-    await authOptions.events.signIn({ user, account, isNewUser: false });
-
-    expect(mocks.baseEventSignIn).not.toHaveBeenCalled();
-    expect(mocks.queueAuditEventBackground).not.toHaveBeenCalled();
-  });
 });
@@ -26,12 +26,6 @@ const getAuthMethod = (account: Account | null) => {
  return "unknown";
 };

-const isSsoRecoveryVerificationFlow = (account: Account | null, user: User | AdapterUser) =>
-  account?.provider === "token" &&
-  "authFlowPurpose" in user &&
-  typeof user.authFlowPurpose === "string" &&
-  user.authFlowPurpose === "sso_recovery";
-
 const handler = async (req: Request, ctx: any) => {
  const eventId = req.headers.get("x-request-id") ?? undefined;

@@ -123,10 +117,6 @@ const handler = async (req: Request, ctx: any) => {
    events: {
      ...baseAuthOptions.events,
      async signIn({ user, account, isNewUser }: any) {
-        if (isSsoRecoveryVerificationFlow(account, user)) {
-          return;
-        }
-
        try {
          await baseAuthOptions.events?.signIn?.({ user, account, isNewUser });
        } catch (err) {
@@ -1,67 +0,0 @@
-import { getServerSession } from "next-auth";
-import { NextResponse } from "next/server";
-import { logger } from "@formbricks/logger";
-import { verifySsoRelinkIntent } from "@/lib/jwt";
-import { deleteSessionBySessionToken } from "@/modules/auth/lib/auth-session-repository";
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import {
-  NEXT_AUTH_SESSION_COOKIE_NAMES,
-  getSessionTokenFromCookieHeader,
-} from "@/modules/auth/lib/session-cookie";
-import { completeSsoRecovery, getSsoRecoveryFailureRedirectUrl } from "@/modules/ee/sso/lib/sso-recovery";
-
-const clearSessionCookies = (response: NextResponse) => {
-  for (const cookieName of NEXT_AUTH_SESSION_COOKIE_NAMES) {
-    response.cookies.set({
-      name: cookieName,
-      value: "",
-      expires: new Date(0),
-      path: "/",
-      secure: cookieName.startsWith("__Secure-"),
-    });
-  }
-};
-
-const buildFailedRecoveryResponse = async (request: Request, callbackUrl?: string) => {
-  const response = NextResponse.redirect(getSsoRecoveryFailureRedirectUrl(callbackUrl));
-  clearSessionCookies(response);
-
-  const sessionToken = getSessionTokenFromCookieHeader(request.headers.get("cookie"));
-  if (!sessionToken) {
-    return response;
-  }
-
-  try {
-    await deleteSessionBySessionToken(sessionToken);
-  } catch (error) {
-    logger.error(error, "Failed to delete SSO recovery session after recovery completion error");
-  }
-
-  return response;
-};
-
-export const GET = async (request: Request) => {
-  const url = new URL(request.url);
-  const intentToken = url.searchParams.get("intent");
-
-  if (!intentToken) {
-    return NextResponse.redirect(getSsoRecoveryFailureRedirectUrl());
-  }
-
-  try {
-    const session = await getServerSession(authOptions);
-    const callbackUrl = await completeSsoRecovery({
-      intentToken,
-      sessionUserId: session?.user.id,
-    });
-
-    return NextResponse.redirect(callbackUrl);
-  } catch {
-    try {
-      const intent = verifySsoRelinkIntent(intentToken);
-      return await buildFailedRecoveryResponse(request, intent.callbackUrl);
-    } catch {
-      return await buildFailedRecoveryResponse(request);
-    }
-  }
-};
@@ -12,7 +12,7 @@ import {
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { capturePostHogEvent } from "@/lib/posthog";
-import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
+import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
 import { authOptions } from "@/modules/auth/lib/authOptions";

 export const GET = async (req: Request) => {
@@ -87,18 +87,10 @@ export const GET = async (req: Request) => {
  if (result) {
    try {
      const organizationId = await getOrganizationIdFromEnvironmentId(environmentId);
-      const projectId = await getProjectIdFromEnvironmentId(environmentId);
-      capturePostHogEvent(
-        session.user.id,
-        "integration_connected",
-        {
-          integration_type: "googleSheets",
-          organization_id: organizationId,
-          workspace_id: projectId,
-          environment_id: environmentId,
-        },
-        { organizationId, workspaceId: projectId }
-      );
+      capturePostHogEvent(session.user.id, "integration_connected", {
+        integration_type: "googleSheets",
+        organization_id: organizationId,
+      });
    } catch (err) {
      logger.error({ error: err }, "Failed to capture PostHog integration_connected event for googleSheets");
    }
@@ -1,15 +1,9 @@
 import { NextRequest } from "next/server";
 import { describe, expect, test, vi } from "vitest";
 import { TAPIKeyEnvironmentPermission } from "@formbricks/types/auth";
-import {
-  DatabaseError,
-  InvalidInputError,
-  ResourceNotFoundError,
-  UniqueConstraintError,
-} from "@formbricks/types/errors";
 import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-import { authenticateRequest, handleErrorResponse } from "./auth";
+import { authenticateRequest } from "./auth";

 vi.mock("@/modules/organization/settings/api-keys/lib/api-key", () => ({
  getApiKeyWithPermissions: vi.fn(),
@@ -177,7 +171,7 @@ describe("authenticateRequest", () => {
    expect(result).toBeNull();
  });

-  test("returns null by default when API key has no environment permissions", async () => {
+  test("returns null when API key has no environment permissions", async () => {
    const request = new NextRequest("http://localhost", {
      headers: { "x-api-key": "valid-api-key" },
    });
@@ -198,120 +192,4 @@ describe("authenticateRequest", () => {
    const result = await authenticateRequest(request);
    expect(result).toBeNull();
  });
-
-  test("authenticates a valid API key with no environment permissions when explicitly allowed", async () => {
-    const request = new NextRequest("http://localhost", {
-      headers: { "x-api-key": "valid-api-key" },
-    });
-
-    const mockApiKeyData = {
-      id: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: "all" as const,
-      createdAt: new Date(),
-      createdBy: "user-id",
-      lastUsedAt: null,
-      label: "Test API Key",
-      apiKeyEnvironments: [],
-    };
-
-    vi.mocked(getApiKeyWithPermissions).mockResolvedValue(mockApiKeyData as any);
-
-    const result = await authenticateRequest(request, { allowOrganizationOnlyApiKey: true });
-    expect(result).toEqual({
-      type: "apiKey",
-      environmentPermissions: [],
-      apiKeyId: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: "all",
-    });
-  });
-
-  test("authenticates a read-only organization API key with no environment permissions", async () => {
-    const request = new NextRequest("http://localhost/api/v1/management/surveys", {
-      headers: { "x-api-key": "read-only-org-api-key" },
-    });
-
-    const mockApiKeyData = {
-      id: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-      createdAt: new Date(),
-      createdBy: "user-id",
-      lastUsedAt: null,
-      label: "Read-only Organization API Key",
-      apiKeyEnvironments: [],
-    };
-
-    vi.mocked(getApiKeyWithPermissions).mockResolvedValue(mockApiKeyData as any);
-
-    const result = await authenticateRequest(request, { allowOrganizationOnlyApiKey: true });
-    expect(result).toEqual({
-      type: "apiKey",
-      environmentPermissions: [],
-      apiKeyId: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-    });
-  });
-});
-
-describe("handleErrorResponse", () => {
-  test("returns 401 notAuthenticated for 'NotAuthenticated' message", async () => {
-    const response = handleErrorResponse(new Error("NotAuthenticated"));
-    expect(response.status).toBe(401);
-    const body = await response.json();
-    expect(body.code).toBe("not_authenticated");
-  });
-
-  test("returns 401 unauthorized for 'Unauthorized' message", async () => {
-    const response = handleErrorResponse(new Error("Unauthorized"));
-    expect(response.status).toBe(401);
-    const body = await response.json();
-    expect(body.code).toBe("unauthorized");
-  });
-
-  test("returns 409 conflict for UniqueConstraintError", async () => {
-    const response = handleErrorResponse(new UniqueConstraintError("Action with name foo already exists"));
-    expect(response.status).toBe(409);
-    const body = await response.json();
-    expect(body.code).toBe("conflict");
-    expect(body.message).toBe("Action with name foo already exists");
-  });
-
-  test("returns 400 badRequest for DatabaseError", async () => {
-    const response = handleErrorResponse(new DatabaseError("db boom"));
-    expect(response.status).toBe(400);
-    const body = await response.json();
-    expect(body.message).toBe("db boom");
-  });
-
-  test("returns 400 badRequest for InvalidInputError", async () => {
-    const response = handleErrorResponse(new InvalidInputError("bad input"));
-    expect(response.status).toBe(400);
-    const body = await response.json();
-    expect(body.message).toBe("bad input");
-  });
-
-  test("returns 400 badRequest for ResourceNotFoundError", async () => {
-    const response = handleErrorResponse(new ResourceNotFoundError("Survey", "id-1"));
-    expect(response.status).toBe(400);
-  });
-
-  test("returns 500 internalServerError for unknown errors", async () => {
-    const response = handleErrorResponse(new Error("something else"));
-    expect(response.status).toBe(500);
-    const body = await response.json();
-    expect(body.message).toBe("Some error occurred");
-  });
 });
@@ -1,30 +1,21 @@
 import { NextRequest } from "next/server";
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
-import {
-  DatabaseError,
-  InvalidInputError,
-  ResourceNotFoundError,
-  UniqueConstraintError,
-} from "@formbricks/types/errors";
+import { DatabaseError, InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { responses } from "@/app/lib/api/response";
 import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";

-type AuthenticateApiKeyOptions = {
-  allowOrganizationOnlyApiKey?: boolean;
-};
+export const authenticateRequest = async (request: NextRequest): Promise<TAuthenticationApiKey | null> => {
+  const apiKey = request.headers.get("x-api-key");
+  if (!apiKey) return null;

-export const authenticateApiKey = async (
-  apiKey: string,
-  options: AuthenticateApiKeyOptions = {}
-): Promise<TAuthenticationApiKey | null> => {
+  // Get API key with permissions
  const apiKeyData = await getApiKeyWithPermissions(apiKey);
  if (!apiKeyData) return null;

-  if (!options.allowOrganizationOnlyApiKey && apiKeyData.apiKeyEnvironments.length === 0) {
-    return null;
-  }
-
  // In the route handlers, we'll do more specific permission checks
+  const environmentIds = apiKeyData.apiKeyEnvironments.map((env) => env.environmentId);
+  if (environmentIds.length === 0) return null;
+
  const authentication: TAuthenticationApiKey = {
    type: "apiKey",
    environmentPermissions: apiKeyData.apiKeyEnvironments.map((env) => ({
@@ -42,16 +33,6 @@ export const authenticateApiKey = async (
  return authentication;
 };

-export const authenticateRequest = async (
-  request: NextRequest,
-  options: AuthenticateApiKeyOptions = {}
-): Promise<TAuthenticationApiKey | null> => {
-  const apiKey = request.headers.get("x-api-key");
-  if (!apiKey) return null;
-
-  return authenticateApiKey(apiKey, options);
-};
-
 export const handleErrorResponse = (error: any): Response => {
  switch (error.message) {
    case "NotAuthenticated":
@@ -59,9 +40,6 @@ export const handleErrorResponse = (error: any): Response => {
    case "Unauthorized":
      return responses.unauthorizedResponse();
    default:
-      if (error instanceof UniqueConstraintError) {
-        return responses.conflictResponse(error.message);
-      }
      if (
        error instanceof DatabaseError ||
        error instanceof InvalidInputError ||
@@ -1,98 +0,0 @@
-import { Prisma } from "@prisma/client";
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import { prisma } from "@formbricks/database";
-import { DatabaseError, ResourceNotFoundError, ValidationError } from "@formbricks/types/errors";
-import { validateInputs } from "@/lib/utils/validate";
-import { getResponseIdByDisplayId } from "./response";
-
-vi.mock("@/lib/utils/validate", () => ({
-  validateInputs: vi.fn((inputs: [unknown, unknown][]) =>
-    inputs.map((input: [unknown, unknown]) => input[0])
-  ),
-}));
-
-vi.mock("@formbricks/database", () => ({
-  prisma: {
-    display: {
-      findFirst: vi.fn(),
-    },
-  },
-}));
-
-describe("getResponseIdByDisplayId", () => {
-  const environmentId = "env1234567890123456789012";
-  const displayId = "display1234567890123456789";
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-  });
-
-  test("returns the linked responseId when a response exists", async () => {
-    vi.mocked(prisma.display.findFirst).mockResolvedValue({
-      response: {
-        id: "response123456789012345678",
-      },
-    } as any);
-
-    const result = await getResponseIdByDisplayId(environmentId, displayId);
-
-    expect(validateInputs).toHaveBeenCalledWith(
-      [environmentId, expect.any(Object)],
-      [displayId, expect.any(Object)]
-    );
-    expect(prisma.display.findFirst).toHaveBeenCalledWith({
-      where: {
-        id: displayId,
-        survey: {
-          environmentId,
-        },
-      },
-      select: {
-        response: {
-          select: {
-            id: true,
-          },
-        },
-      },
-    });
-    expect(result).toEqual({ responseId: "response123456789012345678" });
-  });
-
-  test("returns null when the display exists but has no response", async () => {
-    vi.mocked(prisma.display.findFirst).mockResolvedValue({
-      response: null,
-    } as any);
-
-    await expect(getResponseIdByDisplayId(environmentId, displayId)).resolves.toEqual({
-      responseId: null,
-    });
-  });
-
-  test("throws ResourceNotFoundError when the display does not exist in the environment", async () => {
-    vi.mocked(prisma.display.findFirst).mockResolvedValue(null);
-
-    await expect(getResponseIdByDisplayId(environmentId, displayId)).rejects.toThrow(
-      new ResourceNotFoundError("Display", displayId)
-    );
-  });
-
-  test("throws ValidationError when input validation fails", async () => {
-    const validationError = new ValidationError("Validation failed");
-    vi.mocked(validateInputs).mockImplementation(() => {
-      throw validationError;
-    });
-
-    await expect(getResponseIdByDisplayId(environmentId, displayId)).rejects.toThrow(ValidationError);
-    expect(prisma.display.findFirst).not.toHaveBeenCalled();
-  });
-
-  test("throws DatabaseError on Prisma request errors", async () => {
-    const prismaError = new Prisma.PrismaClientKnownRequestError("Database error", {
-      code: "P2002",
-      clientVersion: "test",
-    });
-    vi.mocked(prisma.display.findFirst).mockRejectedValue(prismaError);
-
-    await expect(getResponseIdByDisplayId(environmentId, displayId)).rejects.toThrow(DatabaseError);
-  });
-});
@@ -1,70 +0,0 @@
-import { NextRequest } from "next/server";
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import { ResourceNotFoundError } from "@formbricks/types/errors";
-import { getResponseIdByDisplayId } from "./lib/response";
-import { GET } from "./route";
-
-vi.mock("@/app/lib/api/with-api-logging", async () => {
-  return {
-    withV1ApiWrapper:
-      ({ handler }: { handler: any }) =>
-      async (req: NextRequest, props: any) => {
-        const result = await handler({ req, props });
-        return result.response;
-      },
-  };
-});
-
-vi.mock("./lib/response", () => ({
-  getResponseIdByDisplayId: vi.fn(),
-}));
-
-describe("GET /api/v1/client/[environmentId]/displays/[displayId]/response", () => {
-  const req = new NextRequest("http://localhost/api/v1/client/env/displays/display/response");
-  const props = {
-    params: Promise.resolve({
-      environmentId: "env1234567890123456789012",
-      displayId: "display1234567890123456789",
-    }),
-  };
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-  });
-
-  test("returns the responseId when a linked response exists", async () => {
-    vi.mocked(getResponseIdByDisplayId).mockResolvedValue({ responseId: "response123456789012345678" });
-
-    const response = await GET(req, props);
-
-    expect(response.status).toBe(200);
-    await expect(response.json()).resolves.toEqual({
-      data: {
-        responseId: "response123456789012345678",
-      },
-    });
-  });
-
-  test("returns null when the display exists without a response", async () => {
-    vi.mocked(getResponseIdByDisplayId).mockResolvedValue({ responseId: null });
-
-    const response = await GET(req, props);
-
-    expect(response.status).toBe(200);
-    await expect(response.json()).resolves.toEqual({
-      data: {
-        responseId: null,
-      },
-    });
-  });
-
-  test("returns 404 when the display is missing for the environment", async () => {
-    vi.mocked(getResponseIdByDisplayId).mockRejectedValue(
-      new ResourceNotFoundError("Display", "display1234567890123456789")
-    );
-
-    const response = await GET(req, props);
-
-    expect(response.status).toBe(404);
-  });
-});
@@ -70,7 +70,6 @@ const mockEnvironmentData = {
      displayOption: "displayOnce",
      hiddenFields: { enabled: false },
      isBackButtonHidden: false,
-      isAutoProgressingEnabled: true,
      triggers: [],
      displayPercentage: null,
      delay: 0,
@@ -123,13 +122,6 @@ describe("getEnvironmentStateData", () => {
        surveys: expect.any(Object),
      }),
    });
-
-    const prismaCall = vi.mocked(prisma.environment.findUnique).mock.calls[0][0];
-    expect(prismaCall.select.surveys.select).toEqual(
-      expect.objectContaining({
-        isAutoProgressingEnabled: true,
-      })
-    );
  });

  test("should throw ResourceNotFoundError when environment is not found", async () => {
@@ -80,7 +80,7 @@ export const getEnvironmentStateData = async (environmentId: string): Promise<En
          select: {
            id: true,
            welcomeCard: true,
-            // name intentionally omitted — internal label not needed by the SDK
+            name: true,
            questions: true,
            blocks: true,
            variables: true,
@@ -107,13 +107,13 @@ export const getEnvironmentStateData = async (environmentId: string): Promise<En
            styling: true,
            status: true,
            recaptcha: true,
-            // Fetch only what's needed to compute the minimal segment shape.
-            // Titles, descriptions, and filter conditions are evaluated server-side
-            // and must not be sent to the browser.
            segment: {
-              select: {
-                id: true,
-                filters: true,
+              include: {
+                surveys: {
+                  select: {
+                    id: true,
+                  },
+                },
              },
            },
            recontactDays: true,
@@ -121,7 +121,6 @@ export const getEnvironmentStateData = async (environmentId: string): Promise<En
            displayOption: true,
            hiddenFields: true,
            isBackButtonHidden: true,
-            isAutoProgressingEnabled: true,
            triggers: {
              select: {
                actionClass: {
@@ -147,28 +146,10 @@ export const getEnvironmentStateData = async (environmentId: string): Promise<En
      throw new ResourceNotFoundError("project", null);
    }

-    // Transform surveys using the shared utility, then replace the segment with
-    // the minimal public shape (id + hasFilters). We null out segment before
-    // calling transformPrismaSurvey because that function expects a surveys[]
-    // relation on the segment object (used by the management API), which we
-    // intentionally don't fetch here.
-    const transformedSurveys = environmentData.surveys.map((survey) => {
-      const minimalSegment = survey.segment
-        ? {
-            id: survey.segment.id,
-            hasFilters:
-              Array.isArray(survey.segment.filters) && (survey.segment.filters as unknown[]).length > 0,
-          }
-        : null;
-
-      const { segment: _segment, ...surveyWithoutSegment } = survey;
-      const transformed = transformPrismaSurvey<TJsEnvironmentStateSurvey>({
-        ...surveyWithoutSegment,
-        segment: null,
-      });
-
-      return { ...transformed, segment: minimalSegment };
-    });
+    // Transform surveys using existing utility
+    const transformedSurveys = environmentData.surveys.map((survey) =>
+      transformPrismaSurvey<TJsEnvironmentStateSurvey>(survey)
+    );

    return {
      environment: {
@@ -10,11 +10,6 @@ import { capturePostHogEvent } from "@/lib/posthog";
 import { EnvironmentStateData, getEnvironmentStateData } from "./data";
 import { getEnvironmentState } from "./environmentState";

-vi.mock("server-only", () => ({}));
-vi.mock("@/lib/utils/validate", () => ({ validateInputs: vi.fn() }));
-vi.mock("@/modules/storage/utils", () => ({ resolveStorageUrlsInObject: vi.fn((obj: unknown) => obj) }));
-vi.mock("@/modules/survey/lib/utils", () => ({ transformPrismaSurvey: vi.fn() }));
-
 // Mock dependencies
 vi.mock("@/lib/cache", () => ({
  cache: {
@@ -27,9 +22,6 @@ vi.mock("@formbricks/database", () => ({
    environment: {
      update: vi.fn(),
    },
-    project: {
-      findUnique: vi.fn(),
-    },
  },
 }));
 vi.mock("@formbricks/logger", () => ({
@@ -171,7 +163,6 @@ describe("getEnvironmentState", () => {

    // Default mocks for successful retrieval
    vi.mocked(getEnvironmentStateData).mockResolvedValue(mockEnvironmentStateData);
-    vi.mocked(prisma.project.findUnique).mockResolvedValue({ organizationId: "test-org-id" });
  });

  afterEach(() => {
@@ -338,18 +329,11 @@ describe("getEnvironmentState", () => {

    await getEnvironmentState(environmentId);

-    expect(capturePostHogEvent).toHaveBeenCalledWith(
-      environmentId,
-      "app_connected",
-      {
-        num_surveys: 1,
-        num_code_actions: 1,
-        num_no_code_actions: 1,
-        organization_id: "test-org-id",
-        workspace_id: "test-project-id",
-      },
-      { organizationId: "test-org-id", workspaceId: "test-project-id" }
-    );
+    expect(capturePostHogEvent).toHaveBeenCalledWith(environmentId, "app_connected", {
+      num_surveys: 1,
+      num_code_actions: 1,
+      num_no_code_actions: 1,
+    });
  });

  test("should not capture app_connected event when app setup already completed", async () => {
@@ -33,25 +33,11 @@ export const getEnvironmentState = async (
        });

        if (POSTHOG_KEY) {
-          const workspaceId = environment.project.id;
-          const project = await prisma.project.findUnique({
-            where: { id: workspaceId },
-            select: { organizationId: true },
+          capturePostHogEvent(environmentId, "app_connected", {
+            num_surveys: surveys.length,
+            num_code_actions: actionClasses.filter((ac) => ac.type === "code").length,
+            num_no_code_actions: actionClasses.filter((ac) => ac.type === "noCode").length,
          });
-          const organizationId = project?.organizationId;
-
-          capturePostHogEvent(
-            environmentId,
-            "app_connected",
-            {
-              num_surveys: surveys.length,
-              num_code_actions: actionClasses.filter((ac) => ac.type === "code").length,
-              num_no_code_actions: actionClasses.filter((ac) => ac.type === "noCode").length,
-              organization_id: organizationId ?? "",
-              workspace_id: workspaceId,
-            },
-            organizationId ? { organizationId, workspaceId } : undefined
-          );
        }
      }

@@ -10,8 +10,6 @@ import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
 import { sendToPipeline } from "@/app/lib/pipelines";
-import { ENCRYPTION_KEY } from "@/lib/constants";
-import { symmetricDecrypt } from "@/lib/crypto";
 import { getSurvey } from "@/lib/survey/service";
 import { getClientIpFromHeaders } from "@/lib/utils/client-ip";
 import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
@@ -125,118 +123,17 @@ export const POST = withV1ApiWrapper({
    }
    if (survey.environmentId !== environmentId) {
      return {
-        response: responses.badRequestResponse("Survey does not belong to this environment", undefined, true),
+        response: responses.badRequestResponse(
+          "Survey is part of another environment",
+          {
+            "survey.environmentId": survey.environmentId,
+            environmentId,
+          },
+          true
+        ),
      };
    }

-    if (survey.type === "link" && survey.singleUse?.enabled) {
-      if (!responseInputData.singleUseId) {
-        return {
-          response: responses.badRequestResponse(
-            "Missing single use id",
-            {
-              surveyId: survey.id,
-              environmentId,
-            },
-            true
-          ),
-        };
-      }
-
-      if (!responseInputData.meta?.url) {
-        return {
-          response: responses.badRequestResponse(
-            "Missing or invalid URL in response metadata",
-            {
-              surveyId: survey.id,
-              environmentId,
-            },
-            true
-          ),
-        };
-      }
-
-      let url: URL;
-      try {
-        url = new URL(responseInputData.meta.url);
-      } catch (error) {
-        return {
-          response: responses.badRequestResponse(
-            "Invalid URL in response metadata",
-            {
-              surveyId: survey.id,
-              environmentId,
-              error: error instanceof Error ? error.message : "Unknown error occurred",
-            },
-            true
-          ),
-        };
-      }
-
-      const suId = url.searchParams.get("suId");
-      if (!suId) {
-        return {
-          response: responses.badRequestResponse(
-            "Missing single use id",
-            {
-              surveyId: survey.id,
-              environmentId,
-            },
-            true
-          ),
-        };
-      }
-
-      if (survey.singleUse.isEncrypted) {
-        if (!ENCRYPTION_KEY) {
-          logger.error({ url: req.url, surveyId: survey.id, environmentId }, "ENCRYPTION_KEY is not set");
-          return {
-            response: responses.internalServerErrorResponse("An unexpected error occurred.", true),
-          };
-        }
-
-        let decryptedSuId: string;
-        try {
-          decryptedSuId = symmetricDecrypt(suId, ENCRYPTION_KEY);
-        } catch {
-          return {
-            response: responses.badRequestResponse(
-              "Invalid single use id",
-              {
-                surveyId: survey.id,
-                environmentId,
-              },
-              true
-            ),
-          };
-        }
-
-        if (decryptedSuId !== responseInputData.singleUseId) {
-          return {
-            response: responses.badRequestResponse(
-              "Invalid single use id",
-              {
-                surveyId: survey.id,
-                environmentId,
-              },
-              true
-            ),
-          };
-        }
-      } else if (responseInputData.singleUseId !== suId) {
-        return {
-          response: responses.badRequestResponse(
-            "Invalid single use id",
-            {
-              surveyId: survey.id,
-              environmentId,
-            },
-            true
-          ),
-        };
-      }
-    }
-
    if (!validateFileUploads(responseInputData.data, survey.questions)) {
      return {
        response: responses.badRequestResponse("Invalid file upload response"),
@@ -75,7 +75,11 @@ export const POST = withV1ApiWrapper({

    if (survey.environmentId !== environmentId) {
      return {
-        response: responses.badRequestResponse("Survey does not belong to this environment", undefined, true),
+        response: responses.badRequestResponse(
+          "Survey does not belong to the environment",
+          { surveyId, environmentId },
+          true
+        ),
      };
    }

@@ -7,7 +7,7 @@ import { AIRTABLE_CLIENT_ID, WEBAPP_URL } from "@/lib/constants";
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { capturePostHogEvent } from "@/lib/posthog";
-import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
+import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";

 const getEmail = async (token: string) => {
  const req_ = await fetch("https://api.airtable.com/v0/meta/whoami", {
@@ -95,18 +95,10 @@ export const GET = withV1ApiWrapper({

      try {
        const organizationId = await getOrganizationIdFromEnvironmentId(environmentId);
-        const projectId = await getProjectIdFromEnvironmentId(environmentId);
-        capturePostHogEvent(
-          authentication.user.id,
-          "integration_connected",
-          {
-            integration_type: "airtable",
-            organization_id: organizationId,
-            workspace_id: projectId,
-            environment_id: environmentId,
-          },
-          { organizationId, workspaceId: projectId }
-        );
+        capturePostHogEvent(authentication.user.id, "integration_connected", {
+          integration_type: "airtable",
+          organization_id: organizationId,
+        });
      } catch (err) {
        logger.error({ error: err }, "Failed to capture PostHog integration_connected event for airtable");
      }
@@ -13,7 +13,7 @@ import { symmetricEncrypt } from "@/lib/crypto";
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { capturePostHogEvent } from "@/lib/posthog";
-import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
+import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";

 export const GET = withV1ApiWrapper({
  handler: async ({ req, authentication }) => {
@@ -101,18 +101,10 @@ export const GET = withV1ApiWrapper({
      if (result) {
        try {
          const organizationId = await getOrganizationIdFromEnvironmentId(environmentId);
-          const projectId = await getProjectIdFromEnvironmentId(environmentId);
-          capturePostHogEvent(
-            authentication.user.id,
-            "integration_connected",
-            {
-              integration_type: "notion",
-              organization_id: organizationId,
-              workspace_id: projectId,
-              environment_id: environmentId,
-            },
-            { organizationId, workspaceId: projectId }
-          );
+          capturePostHogEvent(authentication.user.id, "integration_connected", {
+            integration_type: "notion",
+            organization_id: organizationId,
+          });
        } catch (err) {
          logger.error({ error: err }, "Failed to capture PostHog integration_connected event for notion");
        }
@@ -10,7 +10,7 @@ import { SLACK_CLIENT_ID, SLACK_CLIENT_SECRET, SLACK_REDIRECT_URI, WEBAPP_URL }
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { capturePostHogEvent } from "@/lib/posthog";
-import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
+import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";

 export const GET = withV1ApiWrapper({
  handler: async ({ req, authentication }) => {
@@ -109,18 +109,10 @@ export const GET = withV1ApiWrapper({
      if (result) {
        try {
          const organizationId = await getOrganizationIdFromEnvironmentId(environmentId);
-          const projectId = await getProjectIdFromEnvironmentId(environmentId);
-          capturePostHogEvent(
-            authentication.user.id,
-            "integration_connected",
-            {
-              integration_type: "slack",
-              organization_id: organizationId,
-              workspace_id: projectId,
-              environment_id: environmentId,
-            },
-            { organizationId, workspaceId: projectId }
-          );
+          capturePostHogEvent(authentication.user.id, "integration_connected", {
+            integration_type: "slack",
+            organization_id: organizationId,
+          });
        } catch (err) {
          logger.error({ error: err }, "Failed to capture PostHog integration_connected event for slack");
        }
@@ -1,6 +1,6 @@
 import { logger } from "@formbricks/logger";
 import { TActionClass, ZActionClassInput } from "@formbricks/types/action-classes";
-import { DatabaseError, UniqueConstraintError } from "@formbricks/types/errors";
+import { DatabaseError } from "@formbricks/types/errors";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -80,11 +80,6 @@ export const POST = withV1ApiWrapper({
        response: responses.successResponse(actionClass),
      };
    } catch (error) {
-      if (error instanceof UniqueConstraintError) {
-        return {
-          response: responses.conflictResponse(error.message),
-        };
-      }
      if (error instanceof DatabaseError) {
        return {
          response: responses.badRequestResponse(error.message),
@@ -1,199 +0,0 @@
-import { EnvironmentType } from "@prisma/client";
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import type { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { getEnvironment } from "@/lib/environment/service";
-import { buildApiKeyMeResponse } from "./api-key-response";
-
-vi.mock("@/lib/environment/service", () => ({
-  getEnvironment: vi.fn(),
-}));
-
-const baseAuthentication = {
-  type: "apiKey" as const,
-  apiKeyId: "api-key-id",
-  organizationId: "org-id",
-  organizationAccess: {
-    accessControl: {
-      read: false,
-      write: false,
-    },
-  },
-  environmentPermissions: [],
-};
-
-const environmentPermission = (
-  environmentId: string,
-  permission: "read" | "write" | "manage" = "read"
-): TAuthenticationApiKey["environmentPermissions"][number] => ({
-  environmentId,
-  permission,
-  environmentType: EnvironmentType.development,
-  projectId: "project-id",
-  projectName: "Project Name",
-});
-
-describe("buildApiKeyMeResponse", () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-  });
-
-  test("returns auth metadata for an organization-read API key without environment permissions", async () => {
-    const response = await buildApiKeyMeResponse({
-      ...baseAuthentication,
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-    });
-
-    expect(response?.status).toBe(200);
-    expect(await response?.json()).toEqual({
-      environmentPermissions: [],
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-    });
-    expect(getEnvironment).not.toHaveBeenCalled();
-  });
-
-  test("returns auth metadata with permissions for organization-read API keys with multiple environments", async () => {
-    const response = await buildApiKeyMeResponse({
-      ...baseAuthentication,
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-      environmentPermissions: [
-        environmentPermission("env-1", "read"),
-        environmentPermission("env-2", "write"),
-      ],
-    });
-
-    expect(response?.status).toBe(200);
-    expect(await response?.json()).toEqual({
-      environmentPermissions: [
-        {
-          environmentId: "env-1",
-          environmentType: EnvironmentType.development,
-          permissions: "read",
-          projectId: "project-id",
-          projectName: "Project Name",
-        },
-        {
-          environmentId: "env-2",
-          environmentType: EnvironmentType.development,
-          permissions: "write",
-          projectId: "project-id",
-          projectName: "Project Name",
-        },
-      ],
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-    });
-    expect(getEnvironment).not.toHaveBeenCalled();
-  });
-
-  test("returns the legacy environment response for a single environment permission", async () => {
-    const createdAt = new Date("2026-01-01T00:00:00.000Z");
-    const updatedAt = new Date("2026-01-02T00:00:00.000Z");
-
-    vi.mocked(getEnvironment).mockResolvedValue({
-      id: "env-id",
-      type: EnvironmentType.development,
-      createdAt,
-      updatedAt,
-      projectId: "project-id",
-      appSetupCompleted: true,
-    });
-
-    const response = await buildApiKeyMeResponse({
-      ...baseAuthentication,
-      environmentPermissions: [environmentPermission("env-id", "read")],
-    });
-
-    expect(response?.status).toBe(200);
-    expect(await response?.json()).toEqual({
-      id: "env-id",
-      type: EnvironmentType.development,
-      createdAt: createdAt.toISOString(),
-      updatedAt: updatedAt.toISOString(),
-      appSetupCompleted: true,
-      project: {
-        id: "project-id",
-        name: "Project Name",
-      },
-    });
-    expect(getEnvironment).toHaveBeenCalledWith("env-id");
-  });
-
-  test("returns the legacy environment response for an organization-read API key with one environment", async () => {
-    const createdAt = new Date("2026-01-01T00:00:00.000Z");
-    const updatedAt = new Date("2026-01-02T00:00:00.000Z");
-
-    vi.mocked(getEnvironment).mockResolvedValue({
-      id: "env-id",
-      type: EnvironmentType.development,
-      createdAt,
-      updatedAt,
-      projectId: "project-id",
-      appSetupCompleted: true,
-    });
-
-    const response = await buildApiKeyMeResponse({
-      ...baseAuthentication,
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-      environmentPermissions: [environmentPermission("env-id", "read")],
-    });
-
-    expect(response?.status).toBe(200);
-    expect(await response?.json()).toEqual({
-      id: "env-id",
-      type: EnvironmentType.development,
-      createdAt: createdAt.toISOString(),
-      updatedAt: updatedAt.toISOString(),
-      appSetupCompleted: true,
-      project: {
-        id: "project-id",
-        name: "Project Name",
-      },
-    });
-    expect(getEnvironment).toHaveBeenCalledWith("env-id");
-  });
-
-  test("returns null when an API key has neither organization read nor exactly one environment", async () => {
-    const response = await buildApiKeyMeResponse(baseAuthentication);
-
-    expect(response).toBeNull();
-    expect(getEnvironment).not.toHaveBeenCalled();
-  });
-
-  test("returns null when the single permitted environment no longer exists", async () => {
-    vi.mocked(getEnvironment).mockResolvedValue(null);
-
-    const response = await buildApiKeyMeResponse({
-      ...baseAuthentication,
-      environmentPermissions: [environmentPermission("env-id", "read")],
-    });
-
-    expect(response).toBeNull();
-    expect(getEnvironment).toHaveBeenCalledWith("env-id");
-  });
-});
@@ -1,49 +0,0 @@
-import { OrganizationAccessType } from "@formbricks/types/api-key";
-import type { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { getEnvironment } from "@/lib/environment/service";
-import { hasOrganizationAccess } from "@/modules/organization/settings/api-keys/lib/utils";
-
-const buildApiKeyMetadataResponse = (authentication: TAuthenticationApiKey) => ({
-  environmentPermissions: authentication.environmentPermissions.map((permission) => ({
-    environmentId: permission.environmentId,
-    environmentType: permission.environmentType,
-    permissions: permission.permission,
-    projectId: permission.projectId,
-    projectName: permission.projectName,
-  })),
-  organizationId: authentication.organizationId,
-  organizationAccess: authentication.organizationAccess,
-});
-
-export const buildApiKeyMeResponse = async (
-  authentication: TAuthenticationApiKey
-): Promise<Response | null> => {
-  const environmentPermissionCount = authentication.environmentPermissions.length;
-
-  if (environmentPermissionCount !== 1) {
-    if (hasOrganizationAccess(authentication, OrganizationAccessType.Read)) {
-      return Response.json(buildApiKeyMetadataResponse(authentication));
-    }
-
-    return null;
-  }
-
-  const permission = authentication.environmentPermissions[0];
-  const environment = await getEnvironment(permission.environmentId);
-
-  if (!environment) {
-    return null;
-  }
-
-  return Response.json({
-    id: environment.id,
-    type: environment.type,
-    createdAt: environment.createdAt,
-    updatedAt: environment.updatedAt,
-    appSetupCompleted: environment.appSetupCompleted,
-    project: {
-      id: permission.projectId,
-      name: permission.projectName,
-    },
-  });
-};
@@ -1,128 +1,178 @@
-import { EnvironmentType } from "@prisma/client";
 import { beforeEach, describe, expect, test, vi } from "vitest";
-import { authenticateApiKey } from "@/app/api/v1/auth";
-import { getEnvironment } from "@/lib/environment/service";
-import { applyRateLimit } from "@/modules/core/rate-limit/helpers";
+import { prisma } from "@formbricks/database";
+import { publicUserSelect } from "@/lib/user/public-user";
 import { GET } from "./route";

-const { mockHeaders, mockPrisma } = vi.hoisted(() => ({
-  mockHeaders: vi.fn(),
-  mockPrisma: {
+const mocks = vi.hoisted(() => ({
+  headers: vi.fn(),
+  getSessionUser: vi.fn(),
+  parseApiKeyV2: vi.fn(),
+  hashSha256: vi.fn(),
+  verifySecret: vi.fn(),
+  applyRateLimit: vi.fn(),
+  notAuthenticatedResponse: vi.fn(
+    () => new Response(JSON.stringify({ message: "Not authenticated" }), { status: 401 })
+  ),
+  tooManyRequestsResponse: vi.fn(
+    (message: string) => new Response(JSON.stringify({ message }), { status: 429 })
+  ),
+  badRequestResponse: vi.fn((message: string) => new Response(JSON.stringify({ message }), { status: 400 })),
+}));
+
+vi.mock("next/headers", () => ({
+  headers: mocks.headers,
+}));
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
    user: {
      findUnique: vi.fn(),
    },
+    apiKey: {
+      findUnique: vi.fn(),
+      findFirst: vi.fn(),
+      update: vi.fn(),
+    },
  },
 }));

-vi.mock("next/headers", () => ({
-  headers: mockHeaders,
-}));
-
-vi.mock("@formbricks/database", () => ({
-  prisma: mockPrisma,
-}));
-
-vi.mock("@/app/api/v1/auth", () => ({
-  authenticateApiKey: vi.fn(),
-}));
-
 vi.mock("@/app/api/v1/management/me/lib/utils", () => ({
-  getSessionUser: vi.fn(),
+  getSessionUser: mocks.getSessionUser,
 }));

-vi.mock("@/lib/environment/service", () => ({
-  getEnvironment: vi.fn(),
+vi.mock("@/app/lib/api/response", () => ({
+  responses: {
+    notAuthenticatedResponse: mocks.notAuthenticatedResponse,
+    tooManyRequestsResponse: mocks.tooManyRequestsResponse,
+    badRequestResponse: mocks.badRequestResponse,
+  },
+}));
+
+vi.mock("@/lib/crypto", () => ({
+  hashSha256: mocks.hashSha256,
+  parseApiKeyV2: mocks.parseApiKeyV2,
+  verifySecret: mocks.verifySecret,
 }));

 vi.mock("@/modules/core/rate-limit/helpers", () => ({
-  applyRateLimit: vi.fn().mockResolvedValue(undefined),
+  applyRateLimit: mocks.applyRateLimit,
 }));

-describe("GET /api/v1/management/me", () => {
+vi.mock("@/modules/core/rate-limit/rate-limit-configs", () => ({
+  rateLimitConfigs: {
+    api: {
+      v1: { windowMs: 60_000, max: 1000 },
+    },
+  },
+}));
+
+const getMockHeaders = (apiKey: string | null) => ({
+  get: (headerName: string) => (headerName === "x-api-key" ? apiKey : null),
+});
+
+describe("v1 management me route", () => {
  beforeEach(() => {
    vi.clearAllMocks();
-    mockHeaders.mockResolvedValue(new Headers({ "x-api-key": "read-only-org-api-key" }));
+    mocks.headers.mockResolvedValue(getMockHeaders(null));
+    mocks.getSessionUser.mockResolvedValue(undefined);
+    mocks.parseApiKeyV2.mockReturnValue(null);
+    mocks.hashSha256.mockReturnValue("hashed-api-key");
+    mocks.verifySecret.mockResolvedValue(false);
+    mocks.applyRateLimit.mockResolvedValue(undefined);
  });

-  test("accepts a read-only organization API key without environment permissions", async () => {
-    vi.mocked(authenticateApiKey).mockResolvedValue({
-      type: "apiKey",
-      apiKeyId: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
+  test("returns a sanitized authenticated user for session-based requests", async () => {
+    const publicUser = {
+      id: "user_123",
+      name: "Test User",
+      email: "test@example.com",
+      emailVerified: new Date("2025-04-17T20:11:54.947Z"),
+      createdAt: new Date("2025-04-17T20:09:14.021Z"),
+      updatedAt: new Date("2026-04-22T22:12:39.104Z"),
+      twoFactorEnabled: false,
+      identityProvider: "email" as const,
+      notificationSettings: {
+        alert: {},
+        unsubscribedOrganizationIds: [],
      },
-      environmentPermissions: [],
-    });
+      locale: "en-US" as const,
+      lastLoginAt: new Date("2026-04-22T22:12:39.104Z"),
+      isActive: true,
+    };
+
+    mocks.getSessionUser.mockResolvedValue({ id: publicUser.id });
+    vi.mocked(prisma.user.findUnique).mockResolvedValue(publicUser as never);

    const response = await GET();
+    const responseBody = await response.json();

    expect(response.status).toBe(200);
-    expect(await response.json()).toEqual({
-      environmentPermissions: [],
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
+    expect(responseBody).toStrictEqual(JSON.parse(JSON.stringify(publicUser)));
+    expect(responseBody).not.toHaveProperty("password");
+    expect(responseBody).not.toHaveProperty("twoFactorSecret");
+    expect(responseBody).not.toHaveProperty("backupCodes");
+    expect(responseBody).not.toHaveProperty("identityProviderAccountId");
+    expect(prisma.user.findUnique).toHaveBeenCalledWith({
+      where: { id: publicUser.id },
+      select: publicUserSelect,
    });
-    expect(authenticateApiKey).toHaveBeenCalledWith("read-only-org-api-key", {
-      allowOrganizationOnlyApiKey: true,
-    });
-    expect(applyRateLimit).toHaveBeenCalledWith(expect.any(Object), "api-key-id");
+    expect(mocks.applyRateLimit).toHaveBeenCalledWith(expect.any(Object), publicUser.id);
  });

-  test("preserves the legacy environment response for single-environment API keys", async () => {
-    const createdAt = new Date("2026-01-01T00:00:00.000Z");
-    const updatedAt = new Date("2026-01-02T00:00:00.000Z");
+  test("returns the existing unauthenticated response when no session is present", async () => {
+    const response = await GET();
+    const responseBody = await response.json();

-    vi.mocked(authenticateApiKey).mockResolvedValue({
-      type: "apiKey",
-      apiKeyId: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: false,
-          write: false,
-        },
-      },
-      environmentPermissions: [
+    expect(response.status).toBe(401);
+    expect(responseBody).toEqual({ message: "Not authenticated" });
+    expect(mocks.notAuthenticatedResponse).toHaveBeenCalled();
+    expect(prisma.user.findUnique).not.toHaveBeenCalled();
+  });
+
+  test("preserves the API key response path", async () => {
+    const apiKeyData = {
+      id: "api_key_123",
+      organizationId: "org_123",
+      hashedKey: "stored-hash",
+      lastUsedAt: new Date(),
+      apiKeyEnvironments: [
        {
-          environmentId: "env-id",
-          environmentType: EnvironmentType.development,
-          permission: "read",
-          projectId: "project-id",
-          projectName: "Project Name",
+          permission: "manage",
+          environment: {
+            id: "env_123",
+            type: "development",
+            createdAt: new Date("2025-01-01T00:00:00.000Z"),
+            updatedAt: new Date("2025-01-02T00:00:00.000Z"),
+            projectId: "project_123",
+            appSetupCompleted: true,
+            project: {
+              id: "project_123",
+              name: "My Project",
+            },
+          },
        },
      ],
-    });
-    vi.mocked(getEnvironment).mockResolvedValue({
-      id: "env-id",
-      type: EnvironmentType.development,
-      createdAt,
-      updatedAt,
-      projectId: "project-id",
-      appSetupCompleted: true,
-    });
+    };
+
+    mocks.headers.mockResolvedValue(getMockHeaders("api-key"));
+    vi.mocked(prisma.apiKey.findFirst).mockResolvedValue(apiKeyData as never);

    const response = await GET();
+    const responseBody = await response.json();

    expect(response.status).toBe(200);
-    expect(await response.json()).toEqual({
-      id: "env-id",
-      type: EnvironmentType.development,
-      createdAt: createdAt.toISOString(),
-      updatedAt: updatedAt.toISOString(),
+    expect(responseBody).toStrictEqual({
+      id: "env_123",
+      type: "development",
+      createdAt: "2025-01-01T00:00:00.000Z",
+      updatedAt: "2025-01-02T00:00:00.000Z",
      appSetupCompleted: true,
      project: {
-        id: "project-id",
-        name: "Project Name",
+        id: "project_123",
+        name: "My Project",
      },
    });
+    expect(mocks.getSessionUser).not.toHaveBeenCalled();
+    expect(mocks.applyRateLimit).toHaveBeenCalledWith(expect.any(Object), apiKeyData.id);
  });
 });
@@ -1,13 +1,104 @@
 import { headers } from "next/headers";
 import { prisma } from "@formbricks/database";
-import { authenticateApiKey } from "@/app/api/v1/auth";
-import { buildApiKeyMeResponse } from "@/app/api/v1/management/me/lib/api-key-response";
 import { getSessionUser } from "@/app/api/v1/management/me/lib/utils";
 import { responses } from "@/app/lib/api/response";
+import { CONTROL_HASH } from "@/lib/constants";
+import { hashSha256, parseApiKeyV2, verifySecret } from "@/lib/crypto";
 import { publicUserSelect } from "@/lib/user/public-user";
 import { applyRateLimit } from "@/modules/core/rate-limit/helpers";
 import { rateLimitConfigs } from "@/modules/core/rate-limit/rate-limit-configs";

+const ALLOWED_PERMISSIONS = ["manage", "read", "write"] as const;
+
+const apiKeySelect = {
+  id: true,
+  organizationId: true,
+  lastUsedAt: true,
+  apiKeyEnvironments: {
+    select: {
+      environment: {
+        select: {
+          id: true,
+          type: true,
+          createdAt: true,
+          updatedAt: true,
+          projectId: true,
+          appSetupCompleted: true,
+          project: {
+            select: {
+              id: true,
+              name: true,
+            },
+          },
+        },
+      },
+      permission: true,
+    },
+  },
+  hashedKey: true,
+};
+
+type ApiKeyData = {
+  id: string;
+  hashedKey: string;
+  organizationId: string;
+  lastUsedAt: Date | null;
+  apiKeyEnvironments: Array<{
+    permission: string;
+    environment: {
+      id: string;
+      type: string;
+      createdAt: Date;
+      updatedAt: Date;
+      projectId: string;
+      appSetupCompleted: boolean;
+      project: {
+        id: string;
+        name: string;
+      };
+    };
+  }>;
+};
+
+const validateApiKey = async (apiKey: string): Promise<ApiKeyData | null> => {
+  const v2Parsed = parseApiKeyV2(apiKey);
+
+  if (v2Parsed) {
+    return validateV2ApiKey(v2Parsed);
+  }
+
+  return validateLegacyApiKey(apiKey);
+};
+
+const validateV2ApiKey = async (v2Parsed: { secret: string }): Promise<ApiKeyData | null> => {
+  // Step 1: Fast SHA-256 lookup by indexed lookupHash
+  const lookupHash = hashSha256(v2Parsed.secret);
+
+  const apiKeyData = await prisma.apiKey.findUnique({
+    where: { lookupHash },
+    select: apiKeySelect,
+  });
+
+  // Step 2: Security verification with bcrypt
+  // Always perform bcrypt verification to prevent timing attacks
+  // Use a control hash when API key doesn't exist to maintain constant timing
+  const hashToVerify = apiKeyData?.hashedKey || CONTROL_HASH;
+  const isValid = await verifySecret(v2Parsed.secret, hashToVerify);
+
+  if (!apiKeyData || !isValid) return null;
+
+  return apiKeyData;
+};
+
+const validateLegacyApiKey = async (apiKey: string): Promise<ApiKeyData | null> => {
+  const hashedKey = hashSha256(apiKey);
+  const result = await prisma.apiKey.findFirst({
+    where: { hashedKey },
+    select: apiKeySelect,
+  });
+  return result;
+};
+
 const checkRateLimit = async (userId: string) => {
  try {
    await applyRateLimit(rateLimitConfigs.api.v1, userId);
@@ -19,23 +110,59 @@ const checkRateLimit = async (userId: string) => {
  return null;
 };

-const handleApiKeyAuthentication = async (apiKey: string) => {
-  const authentication = await authenticateApiKey(apiKey, { allowOrganizationOnlyApiKey: true });
+const updateApiKeyUsage = async (apiKeyId: string) => {
+  await prisma.apiKey.update({
+    where: { id: apiKeyId },
+    data: { lastUsedAt: new Date() },
+  });
+};

-  if (!authentication) {
+const buildEnvironmentResponse = (apiKeyData: ApiKeyData) => {
+  const env = apiKeyData.apiKeyEnvironments[0].environment;
+  return Response.json({
+    id: env.id,
+    type: env.type,
+    createdAt: env.createdAt,
+    updatedAt: env.updatedAt,
+    appSetupCompleted: env.appSetupCompleted,
+    project: {
+      id: env.projectId,
+      name: env.project.name,
+    },
+  });
+};
+
+const isValidApiKeyEnvironment = (apiKeyData: ApiKeyData): boolean => {
+  return (
+    apiKeyData.apiKeyEnvironments.length === 1 &&
+    ALLOWED_PERMISSIONS.includes(
+      apiKeyData.apiKeyEnvironments[0].permission as (typeof ALLOWED_PERMISSIONS)[number]
+    )
+  );
+};
+
+const handleApiKeyAuthentication = async (apiKey: string) => {
+  const apiKeyData = await validateApiKey(apiKey);
+
+  if (!apiKeyData) {
    return responses.notAuthenticatedResponse();
  }

-  const rateLimitError = await checkRateLimit(authentication.apiKeyId);
+  if (!apiKeyData.lastUsedAt || apiKeyData.lastUsedAt <= new Date(Date.now() - 1000 * 30)) {
+    // Fire-and-forget: update lastUsedAt in the background without blocking the response
+    updateApiKeyUsage(apiKeyData.id).catch((error) => {
+      console.error("Failed to update API key usage:", error);
+    });
+  }
+
+  const rateLimitError = await checkRateLimit(apiKeyData.id);
  if (rateLimitError) return rateLimitError;

-  const apiKeyMeResponse = await buildApiKeyMeResponse(authentication);
-
-  if (!apiKeyMeResponse) {
+  if (!isValidApiKeyEnvironment(apiKeyData)) {
    return responses.badRequestResponse("You can't use this method with this API key");
  }

-  return apiKeyMeResponse;
+  return buildEnvironmentResponse(apiKeyData);
 };

 const handleSessionAuthentication = async () => {
@@ -96,7 +96,14 @@ const validateSurvey = async (responseInput: TResponseInput, environmentId: stri
  }
  if (survey.environmentId !== environmentId) {
    return {
-      error: responses.badRequestResponse("Survey does not belong to this environment", undefined, true),
+      error: responses.badRequestResponse(
+        "Survey is part of another environment",
+        {
+          "survey.environmentId": survey.environmentId,
+          environmentId,
+        },
+        true
+      ),
    };
  }
  return { survey };
@@ -1,19 +1,47 @@
+import { Prisma } from "@prisma/client";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { logger } from "@formbricks/logger";
+import { DatabaseError } from "@formbricks/types/errors";
+import { validateInputs } from "@/lib/utils/validate";
 import { deleteSurvey } from "./surveys";

-const { mockDeleteSharedSurvey } = vi.hoisted(() => ({
-  mockDeleteSharedSurvey: vi.fn(),
+vi.mock("@/lib/utils/validate", () => ({
+  validateInputs: vi.fn(),
 }));
-
-vi.mock("@/modules/survey/lib/surveys", () => ({
-  deleteSurvey: mockDeleteSharedSurvey,
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    survey: {
+      delete: vi.fn(),
+    },
+    segment: {
+      delete: vi.fn(),
+    },
+  },
+}));
+vi.mock("@formbricks/logger", () => ({
+  logger: {
+    error: vi.fn(),
+  },
 }));

 const surveyId = "clq5n7p1q0000m7z0h5p6g3r2";
+const environmentId = "clq5n7p1q0000m7z0h5p6g3r3";
+const segmentId = "clq5n7p1q0000m7z0h5p6g3r4";
+const actionClassId1 = "clq5n7p1q0000m7z0h5p6g3r5";
+const actionClassId2 = "clq5n7p1q0000m7z0h5p6g3r6";
+
+const mockDeletedSurveyAppPrivateSegment = {
+  id: surveyId,
+  environmentId,
+  type: "app",
+  segment: { id: segmentId, isPrivate: true },
+  triggers: [{ actionClass: { id: actionClassId1 } }, { actionClass: { id: actionClassId2 } }],
+};

 const mockDeletedSurveyLink = {
  id: surveyId,
-  environmentId: "clq5n7p1q0000m7z0h5p6g3r3",
+  environmentId,
  type: "link",
  segment: null,
  triggers: [],
@@ -28,20 +56,66 @@ describe("deleteSurvey", () => {
    vi.clearAllMocks();
  });

-  test("delegates survey deletion to the shared service", async () => {
-    mockDeleteSharedSurvey.mockResolvedValue(mockDeletedSurveyLink);
+  test("should delete a link survey without a segment and revalidate caches", async () => {
+    vi.mocked(prisma.survey.delete).mockResolvedValue(mockDeletedSurveyLink as any);

    const deletedSurvey = await deleteSurvey(surveyId);

-    expect(mockDeleteSharedSurvey).toHaveBeenCalledWith(surveyId);
+    expect(validateInputs).toHaveBeenCalledWith([surveyId, expect.any(Object)]);
+    expect(prisma.survey.delete).toHaveBeenCalledWith({
+      where: { id: surveyId },
+      include: {
+        segment: true,
+        triggers: { include: { actionClass: true } },
+      },
+    });
+    expect(prisma.segment.delete).not.toHaveBeenCalled();
+
    expect(deletedSurvey).toEqual(mockDeletedSurveyLink);
  });

-  test("rethrows shared delete service errors", async () => {
+  test("should handle PrismaClientKnownRequestError during survey deletion", async () => {
+    const prismaError = new Prisma.PrismaClientKnownRequestError("Record not found", {
+      code: "P2025",
+      clientVersion: "4.0.0",
+    });
+    vi.mocked(prisma.survey.delete).mockRejectedValue(prismaError);
+
+    await expect(deleteSurvey(surveyId)).rejects.toThrow(DatabaseError);
+    expect(logger.error).toHaveBeenCalledWith({ error: prismaError, surveyId }, "Error deleting survey");
+    expect(prisma.segment.delete).not.toHaveBeenCalled();
+  });
+
+  test("should handle PrismaClientKnownRequestError during segment deletion", async () => {
+    const prismaError = new Prisma.PrismaClientKnownRequestError("Foreign key constraint failed", {
+      code: "P2003",
+      clientVersion: "4.0.0",
+    });
+    vi.mocked(prisma.survey.delete).mockResolvedValue(mockDeletedSurveyAppPrivateSegment as any);
+    vi.mocked(prisma.segment.delete).mockRejectedValue(prismaError);
+
+    await expect(deleteSurvey(surveyId)).rejects.toThrow(DatabaseError);
+    expect(logger.error).toHaveBeenCalledWith({ error: prismaError, surveyId }, "Error deleting survey");
+    expect(prisma.segment.delete).toHaveBeenCalledWith({ where: { id: segmentId } });
+  });
+
+  test("should handle generic errors during deletion", async () => {
    const genericError = new Error("Something went wrong");
-    mockDeleteSharedSurvey.mockRejectedValue(genericError);
+    vi.mocked(prisma.survey.delete).mockRejectedValue(genericError);

    await expect(deleteSurvey(surveyId)).rejects.toThrow(genericError);
-    expect(mockDeleteSharedSurvey).toHaveBeenCalledWith(surveyId);
+    expect(logger.error).not.toHaveBeenCalled();
+    expect(prisma.segment.delete).not.toHaveBeenCalled();
+  });
+
+  test("should throw validation error for invalid surveyId", async () => {
+    const invalidSurveyId = "invalid-id";
+    const validationError = new Error("Validation failed");
+    vi.mocked(validateInputs).mockImplementation(() => {
+      throw validationError;
+    });
+
+    await expect(deleteSurvey(invalidSurveyId)).rejects.toThrow(validationError);
+    expect(prisma.survey.delete).not.toHaveBeenCalled();
  });
 });
@@ -1,3 +1,43 @@
-import { deleteSurvey as deleteSharedSurvey } from "@/modules/survey/lib/surveys";
+import { Prisma } from "@prisma/client";
+import { z } from "zod";
+import { prisma } from "@formbricks/database";
+import { logger } from "@formbricks/logger";
+import { DatabaseError } from "@formbricks/types/errors";
+import { validateInputs } from "@/lib/utils/validate";

-export const deleteSurvey = async (surveyId: string) => deleteSharedSurvey(surveyId);
+export const deleteSurvey = async (surveyId: string) => {
+  validateInputs([surveyId, z.cuid2()]);
+
+  try {
+    const deletedSurvey = await prisma.survey.delete({
+      where: {
+        id: surveyId,
+      },
+      include: {
+        segment: true,
+        triggers: {
+          include: {
+            actionClass: true,
+          },
+        },
+      },
+    });
+
+    if (deletedSurvey.type === "app" && deletedSurvey.segment?.isPrivate) {
+      await prisma.segment.delete({
+        where: {
+          id: deletedSurvey.segment.id,
+        },
+      });
+    }
+
+    return deletedSurvey;
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      logger.error({ error, surveyId }, "Error deleting survey");
+      throw new DatabaseError(error.message);
+    }
+
+    throw error;
+  }
+};
@@ -1,6 +1,5 @@
 import { logger } from "@formbricks/logger";
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { ResourceNotFoundError } from "@formbricks/types/errors";
 import { ZSurveyUpdateInput } from "@formbricks/types/surveys/types";
 import { handleErrorResponse } from "@/app/api/v1/auth";
 import { deleteSurvey } from "@/app/api/v1/management/surveys/[surveyId]/lib/surveys";
@@ -71,12 +70,6 @@ export const GET = withV1ApiWrapper({
        response: responses.successResponse(resolveStorageUrlsInObject(result.survey)),
      };
    } catch (error) {
-      if (error instanceof ResourceNotFoundError) {
-        return {
-          response: responses.notFoundResponse("Survey", params.surveyId),
-        };
-      }
-
      return {
        response: handleErrorResponse(error),
      };
@@ -1,111 +0,0 @@
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import type { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { getEnvironmentIdsByOrganizationId } from "@/lib/environment/organization";
-import { getReadableEnvironmentIds } from "./access";
-
-vi.mock("@/lib/environment/organization", () => ({
-  getEnvironmentIdsByOrganizationId: vi.fn(),
-}));
-
-const baseAuthentication = {
-  type: "apiKey" as const,
-  apiKeyId: "api-key-id",
-  organizationId: "org-id",
-  organizationAccess: {
-    accessControl: {
-      read: false,
-      write: false,
-    },
-  },
-  environmentPermissions: [],
-};
-
-const environmentPermission = (
-  environmentId: string,
-  permission: "read" | "write" | "manage"
-): TAuthenticationApiKey["environmentPermissions"][number] => ({
-  environmentId,
-  permission,
-  environmentType: "development",
-  projectId: `project-${environmentId}`,
-  projectName: `Project ${environmentId}`,
-});
-
-describe("getReadableEnvironmentIds", () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-  });
-
-  test("returns all organization environments when API key has organization read access", async () => {
-    vi.mocked(getEnvironmentIdsByOrganizationId).mockResolvedValue(["env-1", "env-2"]);
-
-    const result = await getReadableEnvironmentIds({
-      ...baseAuthentication,
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-    });
-
-    expect(result).toEqual(["env-1", "env-2"]);
-    expect(getEnvironmentIdsByOrganizationId).toHaveBeenCalledWith("org-id");
-  });
-
-  test("returns an empty list when an organization-read API key belongs to an organization without environments", async () => {
-    vi.mocked(getEnvironmentIdsByOrganizationId).mockResolvedValue([]);
-
-    const result = await getReadableEnvironmentIds({
-      ...baseAuthentication,
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-    });
-
-    expect(result).toEqual([]);
-    expect(getEnvironmentIdsByOrganizationId).toHaveBeenCalledWith("org-id");
-  });
-
-  test("returns all organization environments when API key has organization write access", async () => {
-    vi.mocked(getEnvironmentIdsByOrganizationId).mockResolvedValue(["env-1"]);
-
-    const result = await getReadableEnvironmentIds({
-      ...baseAuthentication,
-      organizationAccess: {
-        accessControl: {
-          read: false,
-          write: true,
-        },
-      },
-    });
-
-    expect(result).toEqual(["env-1"]);
-    expect(getEnvironmentIdsByOrganizationId).toHaveBeenCalledWith("org-id");
-  });
-
-  test("returns de-duplicated environment permissions that allow GET without organization access", async () => {
-    const result = await getReadableEnvironmentIds({
-      ...baseAuthentication,
-      environmentPermissions: [
-        environmentPermission("env-1", "read"),
-        environmentPermission("env-2", "write"),
-        environmentPermission("env-3", "manage"),
-        environmentPermission("env-1", "read"),
-      ],
-    });
-
-    expect(result).toEqual(["env-1", "env-2", "env-3"]);
-    expect(getEnvironmentIdsByOrganizationId).not.toHaveBeenCalled();
-  });
-
-  test("returns null when the API key has no readable access", async () => {
-    const result = await getReadableEnvironmentIds(baseAuthentication);
-
-    expect(result).toBeNull();
-    expect(getEnvironmentIdsByOrganizationId).not.toHaveBeenCalled();
-  });
-});
@@ -1,22 +0,0 @@
-import { OrganizationAccessType } from "@formbricks/types/api-key";
-import type { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { getEnvironmentIdsByOrganizationId } from "@/lib/environment/organization";
-import { hasOrganizationAccess, hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-
-export const getReadableEnvironmentIds = async (
-  authentication: TAuthenticationApiKey
-): Promise<string[] | null> => {
-  if (hasOrganizationAccess(authentication, OrganizationAccessType.Read)) {
-    return getEnvironmentIdsByOrganizationId(authentication.organizationId);
-  }
-
-  const environmentIds = authentication.environmentPermissions
-    .filter((permission) =>
-      hasPermission(authentication.environmentPermissions, permission.environmentId, "GET")
-    )
-    .map((permission) => permission.environmentId);
-
-  const readableEnvironmentIds = Array.from(new Set(environmentIds));
-
-  return readableEnvironmentIds.length > 0 ? readableEnvironmentIds : null;
-};
@@ -1,149 +0,0 @@
-import { NextRequest } from "next/server";
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import { getEnvironmentIdsByOrganizationId } from "@/lib/environment/organization";
-import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";
-import { getSurveys } from "./lib/surveys";
-import { GET } from "./route";
-
-vi.mock("@/modules/organization/settings/api-keys/lib/api-key", () => ({
-  getApiKeyWithPermissions: vi.fn(),
-}));
-
-vi.mock("@/lib/environment/organization", () => ({
-  getEnvironmentIdsByOrganizationId: vi.fn(),
-}));
-
-vi.mock("./lib/surveys", () => ({
-  getSurveys: vi.fn(),
-}));
-
-vi.mock("@/modules/core/rate-limit/helpers", () => ({
-  applyRateLimit: vi.fn().mockResolvedValue(undefined),
-  applyIPRateLimit: vi.fn().mockResolvedValue(undefined),
-}));
-
-vi.mock("@/app/lib/api/api-error-reporter", () => ({
-  reportApiError: vi.fn(),
-}));
-
-vi.mock("@/lib/constants", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("@/lib/constants")>();
-  return { ...actual, AUDIT_LOG_ENABLED: false };
-});
-
-describe("GET /api/v1/management/surveys", () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-    vi.mocked(getEnvironmentIdsByOrganizationId).mockResolvedValue(["env-1", "env-2"]);
-    vi.mocked(getSurveys).mockResolvedValue([]);
-  });
-
-  test("accepts a read-only organization API key without environment permissions", async () => {
-    vi.mocked(getApiKeyWithPermissions).mockResolvedValue({
-      id: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-      apiKeyEnvironments: [],
-    } as any);
-
-    const request = new NextRequest("http://localhost/api/v1/management/surveys", {
-      headers: { "x-api-key": "read-only-org-api-key" },
-    });
-
-    const response = await GET(request, {} as any);
-
-    expect(response.status).toBe(200);
-    expect(getEnvironmentIdsByOrganizationId).toHaveBeenCalledWith("org-id");
-    expect(getSurveys).toHaveBeenCalledWith(["env-1", "env-2"], undefined, undefined);
-  });
-
-  test("returns an empty survey list for an organization-read API key when the organization has no environments", async () => {
-    vi.mocked(getEnvironmentIdsByOrganizationId).mockResolvedValue([]);
-    vi.mocked(getApiKeyWithPermissions).mockResolvedValue({
-      id: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: true,
-          write: false,
-        },
-      },
-      apiKeyEnvironments: [],
-    } as any);
-
-    const request = new NextRequest("http://localhost/api/v1/management/surveys", {
-      headers: { "x-api-key": "read-only-org-api-key" },
-    });
-
-    const response = await GET(request, {} as any);
-
-    expect(response.status).toBe(200);
-    expect(getEnvironmentIdsByOrganizationId).toHaveBeenCalledWith("org-id");
-    expect(getSurveys).toHaveBeenCalledWith([], undefined, undefined);
-  });
-
-  test("rejects an organization-only API key without readable organization access", async () => {
-    vi.mocked(getApiKeyWithPermissions).mockResolvedValue({
-      id: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: false,
-          write: false,
-        },
-      },
-      apiKeyEnvironments: [],
-    } as any);
-
-    const request = new NextRequest("http://localhost/api/v1/management/surveys", {
-      headers: { "x-api-key": "no-access-org-api-key" },
-    });
-
-    const response = await GET(request, {} as any);
-
-    expect(response.status).toBe(401);
-    expect(await response.json()).toMatchObject({ code: "unauthorized" });
-    expect(getEnvironmentIdsByOrganizationId).not.toHaveBeenCalled();
-    expect(getSurveys).not.toHaveBeenCalled();
-  });
-
-  test("uses explicit readable environment permissions without organization read access", async () => {
-    vi.mocked(getApiKeyWithPermissions).mockResolvedValue({
-      id: "api-key-id",
-      organizationId: "org-id",
-      organizationAccess: {
-        accessControl: {
-          read: false,
-          write: false,
-        },
-      },
-      apiKeyEnvironments: [
-        {
-          environmentId: "env-1",
-          permission: "read",
-          environment: {
-            id: "env-1",
-            type: "development",
-            projectId: "project-1",
-            project: { id: "project-1", name: "Project 1" },
-          },
-        },
-      ],
-    } as any);
-
-    const request = new NextRequest("http://localhost/api/v1/management/surveys?limit=10&offset=5", {
-      headers: { "x-api-key": "environment-read-api-key" },
-    });
-
-    const response = await GET(request, {} as any);
-
-    expect(response.status).toBe(200);
-    expect(getEnvironmentIdsByOrganizationId).not.toHaveBeenCalled();
-    expect(getSurveys).toHaveBeenCalledWith(["env-1"], 10, 5);
-  });
-});
@@ -14,11 +14,9 @@ import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
 import { createSurvey } from "@/lib/survey/service";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { resolveStorageUrlsInObject } from "@/modules/storage/utils";
-import { getReadableEnvironmentIds } from "./lib/access";
 import { getSurveys } from "./lib/surveys";

 export const GET = withV1ApiWrapper({
-  allowOrganizationOnlyApiKey: true,
  handler: async ({ req, authentication }) => {
    if (!authentication || !("apiKeyId" in authentication)) {
      return { response: responses.notAuthenticatedResponse() };
@@ -29,10 +27,9 @@ export const GET = withV1ApiWrapper({
      const limit = searchParams.has("limit") ? Number(searchParams.get("limit")) : undefined;
      const offset = searchParams.has("offset") ? Number(searchParams.get("offset")) : undefined;

-      const environmentIds = await getReadableEnvironmentIds(authentication);
-      if (!environmentIds) {
-        return { response: responses.unauthorizedResponse() };
-      }
+      const environmentIds = authentication.environmentPermissions.map(
+        (permission) => permission.environmentId
+      );

      const surveys = await getSurveys(environmentIds, limit, offset);

@@ -2,7 +2,7 @@ import { Prisma } from "@prisma/client";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { TContactAttributes } from "@formbricks/types/contact-attribute";
-import { DatabaseError, ResourceNotFoundError, UniqueConstraintError } from "@formbricks/types/errors";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { TResponseWithQuotaFull, TSurveyQuota } from "@formbricks/types/quota";
 import { TResponse } from "@formbricks/types/responses";
 import { TTag } from "@formbricks/types/tags";
@@ -175,33 +175,9 @@ describe("createResponse V2", () => {
    ).rejects.toThrow(ResourceNotFoundError);
  });

-  test("should throw UniqueConstraintError on P2002 with singleUseId target", async () => {
-    const prismaError = new Prisma.PrismaClientKnownRequestError("Unique constraint failed", {
-      code: "P2002",
-      clientVersion: "test",
-      meta: { target: ["surveyId", "singleUseId"] },
-    });
-    vi.mocked(mockTx.response.create).mockRejectedValue(prismaError);
-    await expect(
-      createResponse(mockResponseInput, mockTx as unknown as Prisma.TransactionClient)
-    ).rejects.toThrow(UniqueConstraintError);
-  });
-
-  test("should throw DatabaseError on P2002 without singleUseId target", async () => {
-    const prismaError = new Prisma.PrismaClientKnownRequestError("Unique constraint failed", {
-      code: "P2002",
-      clientVersion: "test",
-      meta: { target: ["displayId"] },
-    });
-    vi.mocked(mockTx.response.create).mockRejectedValue(prismaError);
-    await expect(
-      createResponse(mockResponseInput, mockTx as unknown as Prisma.TransactionClient)
-    ).rejects.toThrow(DatabaseError);
-  });
-
-  test("should throw DatabaseError on non-P2002 Prisma known request error", async () => {
+  test("should throw DatabaseError on Prisma known request error", async () => {
    const prismaError = new Prisma.PrismaClientKnownRequestError("Test Prisma Error", {
-      code: "P2025",
+      code: "P2002",
      clientVersion: "test",
    });
    vi.mocked(mockTx.response.create).mockRejectedValue(prismaError);
@@ -2,7 +2,7 @@ import "server-only";
 import { Prisma } from "@prisma/client";
 import { prisma } from "@formbricks/database";
 import { TContactAttributes } from "@formbricks/types/contact-attribute";
-import { DatabaseError, ResourceNotFoundError, UniqueConstraintError } from "@formbricks/types/errors";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { TResponseWithQuotaFull } from "@formbricks/types/quota";
 import { TResponse, ZResponseInput } from "@formbricks/types/responses";
 import { TTag } from "@formbricks/types/tags";
@@ -129,13 +129,6 @@ export const createResponse = async (
    return response;
  } catch (error) {
    if (error instanceof Prisma.PrismaClientKnownRequestError) {
-      if (error.code === "P2002") {
-        const target = (error.meta?.target as string[]) ?? [];
-        if (target?.includes("singleUseId")) {
-          throw new UniqueConstraintError("Response already submitted for this single-use link");
-        }
-      }
-
      throw new DatabaseError(error.message);
    }

@@ -124,8 +124,11 @@ describe("checkSurveyValidity", () => {
    expect(result).toBeInstanceOf(Response);
    expect(result?.status).toBe(400);
    expect(responses.badRequestResponse).toHaveBeenCalledWith(
-      "Survey does not belong to this environment",
-      undefined,
+      "Survey is part of another environment",
+      {
+        "survey.environmentId": "env-2",
+        environmentId: "env-1",
+      },
      true
    );
  });
@@ -17,7 +17,14 @@ export const checkSurveyValidity = async (
  responseInput: TResponseInputV2
 ): Promise<Response | null> => {
  if (survey.environmentId !== environmentId) {
-    return responses.badRequestResponse("Survey does not belong to this environment", undefined, true);
+    return responses.badRequestResponse(
+      "Survey is part of another environment",
+      {
+        "survey.environmentId": survey.environmentId,
+        environmentId,
+      },
+      true
+    );
  }

  if (survey.type === "link" && survey.singleUse?.enabled) {
@@ -1,6 +1,6 @@
 import { UAParser } from "ua-parser-js";
 import { ZEnvironmentId } from "@formbricks/types/environment";
-import { InvalidInputError, UniqueConstraintError } from "@formbricks/types/errors";
+import { InvalidInputError } from "@formbricks/types/errors";
 import { TResponseWithQuotaFull } from "@formbricks/types/quota";
 import { checkSurveyValidity } from "@/app/api/v2/client/[environmentId]/responses/lib/utils";
 import { reportApiError } from "@/app/lib/api/api-error-reporter";
@@ -177,10 +177,6 @@ const createResponseForRequest = async ({
      return responses.badRequestResponse(error.message, undefined, true);
    }

-    if (error instanceof UniqueConstraintError) {
-      return responses.conflictResponse(error.message, undefined, true);
-    }
-
    const response = getUnexpectedPublicErrorResponse();
    reportApiError({
      request,
@@ -9,22 +9,6 @@ const { mockAuthenticateRequest, mockGetServerSession } = vi.hoisted(() => ({
  mockGetServerSession: vi.fn(),
 }));

-const { mockQueueAuditEvent, mockBuildAuditLogBaseObject } = vi.hoisted(() => ({
-  mockQueueAuditEvent: vi.fn().mockImplementation(async () => undefined),
-  mockBuildAuditLogBaseObject: vi.fn((action: string, targetType: string, apiUrl: string) => ({
-    action,
-    targetType,
-    userId: "unknown",
-    targetId: "unknown",
-    organizationId: "unknown",
-    status: "failure",
-    oldObject: undefined,
-    newObject: undefined,
-    userType: "api",
-    apiUrl,
-  })),
-}));
-
 vi.mock("next-auth", () => ({
  getServerSession: mockGetServerSession,
 }));
@@ -41,14 +25,6 @@ vi.mock("@/modules/core/rate-limit/helpers", () => ({
  applyRateLimit: vi.fn().mockResolvedValue(undefined),
 }));

-vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
-  queueAuditEvent: mockQueueAuditEvent,
-}));
-
-vi.mock("@/app/lib/api/with-api-logging", () => ({
-  buildAuditLogBaseObject: mockBuildAuditLogBaseObject,
-}));
-
 vi.mock("@formbricks/logger", () => ({
  logger: {
    withContext: vi.fn(() => ({
@@ -69,114 +45,6 @@ describe("withV3ApiWrapper", () => {
    vi.clearAllMocks();
  });

-  test("passes an audit log to the handler and queues success after the response", async () => {
-    const { queueAuditEvent } = await import("@/modules/ee/audit-logs/lib/handler");
-
-    mockGetServerSession.mockResolvedValue({
-      user: { id: "user_1", name: "Test", email: "t@example.com" },
-      expires: "2026-01-01",
-    });
-
-    const handler = vi.fn(async ({ auditLog }) => {
-      expect(auditLog).toEqual(
-        expect.objectContaining({
-          action: "deleted",
-          targetType: "survey",
-          userId: "user_1",
-          userType: "user",
-          status: "failure",
-        })
-      );
-
-      if (auditLog) {
-        auditLog.targetId = "survey_1";
-        auditLog.organizationId = "org_1";
-        auditLog.oldObject = { id: "survey_1" };
-      }
-
-      return Response.json({ ok: true });
-    });
-
-    const wrapped = withV3ApiWrapper({
-      auth: "both",
-      action: "deleted",
-      targetType: "survey",
-      handler,
-    });
-
-    const response = await wrapped(
-      new NextRequest("http://localhost/api/v3/surveys/survey_1", {
-        method: "DELETE",
-        headers: { "x-request-id": "req-audit" },
-      }),
-      {} as never
-    );
-
-    expect(response.status).toBe(200);
-    expect(queueAuditEvent).toHaveBeenCalledWith(
-      expect.objectContaining({
-        action: "deleted",
-        targetType: "survey",
-        targetId: "survey_1",
-        organizationId: "org_1",
-        userId: "user_1",
-        userType: "user",
-        status: "success",
-        oldObject: { id: "survey_1" },
-      })
-    );
-  });
-
-  test("queues a failure audit log when the handler returns a non-ok response", async () => {
-    const { queueAuditEvent } = await import("@/modules/ee/audit-logs/lib/handler");
-
-    mockAuthenticateRequest.mockResolvedValue({
-      type: "apiKey",
-      apiKeyId: "key_1",
-      organizationId: "org_1",
-      organizationAccess: { accessControl: { read: true, write: true } },
-      environmentPermissions: [],
-    });
-
-    const wrapped = withV3ApiWrapper({
-      auth: "both",
-      action: "deleted",
-      targetType: "survey",
-      handler: async ({ auditLog }) => {
-        if (auditLog) {
-          auditLog.targetId = "survey_2";
-        }
-
-        return new Response("forbidden", { status: 403 });
-      },
-    });
-
-    const response = await wrapped(
-      new NextRequest("http://localhost/api/v3/surveys/survey_2", {
-        method: "DELETE",
-        headers: {
-          "x-request-id": "req-failure-audit",
-          "x-api-key": "fbk_test",
-        },
-      }),
-      {} as never
-    );
-
-    expect(response.status).toBe(403);
-    expect(queueAuditEvent).toHaveBeenCalledWith(
-      expect.objectContaining({
-        action: "deleted",
-        targetType: "survey",
-        targetId: "survey_2",
-        organizationId: "org_1",
-        userId: "key_1",
-        userType: "api",
-        status: "failure",
-        eventId: "req-failure-audit",
-      })
-    );
-  });
-
  test("uses session auth first in both mode and injects request id into plain responses", async () => {
    const { applyRateLimit } = await import("@/modules/core/rate-limit/helpers");
    mockGetServerSession.mockResolvedValue({
@@ -4,13 +4,10 @@ import { z } from "zod";
 import { logger } from "@formbricks/logger";
 import { TooManyRequestsError } from "@formbricks/types/errors";
 import { authenticateRequest } from "@/app/api/v1/auth";
-import { buildAuditLogBaseObject } from "@/app/lib/api/with-api-logging";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { applyRateLimit } from "@/modules/core/rate-limit/helpers";
 import { rateLimitConfigs } from "@/modules/core/rate-limit/rate-limit-configs";
 import type { TRateLimitConfig } from "@/modules/core/rate-limit/types/rate-limit";
-import { queueAuditEvent } from "@/modules/ee/audit-logs/lib/handler";
-import { TAuditAction, TAuditTarget } from "@/modules/ee/audit-logs/types/audit-log";
 import {
  type InvalidParam,
  problemBadRequest,
@@ -18,7 +15,7 @@ import {
  problemTooManyRequests,
  problemUnauthorized,
 } from "./response";
-import type { TV3AuditLog, TV3Authentication } from "./types";
+import type { TV3Authentication } from "./types";

 type TV3Schema = z.ZodTypeAny;
 type MaybePromise<T> = T | Promise<T>;
@@ -41,7 +38,6 @@ export type TV3HandlerParams<TParsedInput = Record<string, never>, TProps = unkn
  req: NextRequest;
  props: TProps;
  authentication: TV3Authentication;
-  auditLog?: TV3AuditLog;
  parsedInput: TParsedInput;
  requestId: string;
  instance: string;
@@ -52,8 +48,6 @@ export type TWithV3ApiWrapperParams<S extends TV3Schemas | undefined, TProps = u
  schemas?: S;
  rateLimit?: boolean;
  customRateLimitConfig?: TRateLimitConfig;
-  action?: TAuditAction;
-  targetType?: TAuditTarget;
  handler: (params: TV3HandlerParams<TV3ParsedInput<S>, TProps>) => MaybePromise<Response>;
 };

@@ -299,61 +293,10 @@ async function applyV3RateLimitOrRespond(params: {
  return null;
 }

-function buildV3AuditLog(
-  authentication: TV3Authentication,
-  action?: TAuditAction,
-  targetType?: TAuditTarget,
-  apiUrl?: string
-): TV3AuditLog | undefined {
-  if (!authentication || !action || !targetType || !apiUrl) {
-    return undefined;
-  }
-
-  const auditLog = buildAuditLogBaseObject(action, targetType, apiUrl);
-
-  if ("user" in authentication && authentication.user?.id) {
-    auditLog.userId = authentication.user.id;
-    auditLog.userType = "user";
-  } else if ("apiKeyId" in authentication) {
-    auditLog.userId = authentication.apiKeyId;
-    auditLog.userType = "api";
-    auditLog.organizationId = authentication.organizationId;
-  }
-
-  return auditLog;
-}
-
-async function queueV3AuditLog(
-  auditLog: TV3AuditLog | undefined,
-  requestId: string,
-  log: ReturnType<typeof logger.withContext>
-): Promise<void> {
-  if (!auditLog) {
-    return;
-  }
-
-  try {
-    await queueAuditEvent({
-      ...auditLog,
-      ...(auditLog.status === "failure" ? { eventId: auditLog.eventId ?? requestId } : {}),
-    });
-  } catch (error) {
-    log.error({ error }, "Failed to queue V3 audit event");
-  }
-}
-
 export const withV3ApiWrapper = <S extends TV3Schemas | undefined, TProps = unknown>(
  params: TWithV3ApiWrapperParams<S, TProps>
 ): ((req: NextRequest, props: TProps) => Promise<Response>) => {
-  const {
-    auth = "both",
-    schemas,
-    rateLimit = true,
-    customRateLimitConfig,
-    handler,
-    action,
-    targetType,
-  } = params;
+  const { auth = "both", schemas, rateLimit = true, customRateLimitConfig, handler } = params;

  return async (req: NextRequest, props: TProps): Promise<Response> => {
    const requestId = req.headers.get("x-request-id") ?? crypto.randomUUID();
@@ -363,7 +306,6 @@ export const withV3ApiWrapper = <S extends TV3Schemas | undefined, TProps = unkn
      method: req.method,
      path: instance,
    });
-    let auditLog: TV3AuditLog | undefined;

    try {
      const authResult = await authenticateV3RequestOrRespond(req, auth, requestId, instance);
@@ -389,33 +331,17 @@ export const withV3ApiWrapper = <S extends TV3Schemas | undefined, TProps = unkn
        return rateLimitResponse;
      }

-      auditLog = buildV3AuditLog(authResult.authentication, action, targetType, req.url);
-
      const response = await handler({
        req,
        props,
        authentication: authResult.authentication,
-        auditLog,
        parsedInput: parsedInputResult.parsedInput,
        requestId,
        instance,
      });

-      if (auditLog) {
-        if (response.ok) {
-          auditLog.status = "success";
-        } else {
-          auditLog.eventId = requestId;
-        }
-      }
-
-      await queueV3AuditLog(auditLog, requestId, log);
      return ensureRequestIdHeader(response, requestId);
    } catch (error) {
-      if (auditLog) {
-        auditLog.eventId = requestId;
-        await queueV3AuditLog(auditLog, requestId, log);
-      }
      log.error({ error, statusCode: 500 }, "V3 API unexpected error");
      return problemInternalError(requestId, "An unexpected error occurred.", instance);
    }
@@ -7,7 +7,6 @@ import {
  problemTooManyRequests,
  problemUnauthorized,
  successListResponse,
-  successResponse,
 } from "./response";

 describe("v3 problem responses", () => {
@@ -94,27 +93,3 @@ describe("successListResponse", () => {
    expect(res.headers.get("Cache-Control")).toBe("private, max-age=0");
  });
 });
-
-describe("successResponse", () => {
-  test("wraps the payload in a data envelope", async () => {
-    const res = successResponse({ id: "survey_1" }, { requestId: "req-success" });
-    expect(res.status).toBe(200);
-    expect(res.headers.get("X-Request-Id")).toBe("req-success");
-    expect(res.headers.get("Cache-Control")).toContain("no-store");
-    expect(await res.json()).toEqual({
-      data: { id: "survey_1" },
-    });
-  });
-
-  test("allows custom status and cache headers", async () => {
-    const res = successResponse(
-      { ok: true },
-      {
-        cache: "private, max-age=60",
-        status: 202,
-      }
-    );
-    expect(res.status).toBe(202);
-    expect(res.headers.get("Cache-Control")).toBe("private, max-age=60");
-  });
-});
@@ -147,27 +147,3 @@ export function successListResponse<T, TMeta extends Record<string, unknown>>(
  }
  return Response.json({ data, meta }, { status: 200, headers });
 }
-
-export function successResponse<T>(
-  data: T,
-  options?: { requestId?: string; cache?: string; status?: number }
-): Response {
-  const headers: Record<string, string> = {
-    "Content-Type": "application/json",
-    "Cache-Control": options?.cache ?? CACHE_NO_STORE,
-  };
-
-  if (options?.requestId) {
-    headers["X-Request-Id"] = options.requestId;
-  }
-
-  return Response.json(
-    {
-      data,
-    },
-    {
-      status: options?.status ?? 200,
-      headers,
-    }
-  );
-}
@@ -1,6 +1,4 @@
 import type { Session } from "next-auth";
 import type { TAuthenticationApiKey } from "@formbricks/types/auth";
-import type { TApiAuditLog } from "@/app/lib/api/with-api-logging";

 export type TV3Authentication = TAuthenticationApiKey | Session | null;
-export type TV3AuditLog = TApiAuditLog;
@@ -1,321 +0,0 @@
-import { ApiKeyPermission, EnvironmentType } from "@prisma/client";
-import { NextRequest } from "next/server";
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
-import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
-import { getSurvey } from "@/lib/survey/service";
-import { deleteSurvey } from "@/modules/survey/lib/surveys";
-import { DELETE } from "./route";
-
-const { mockAuthenticateRequest } = vi.hoisted(() => ({
-  mockAuthenticateRequest: vi.fn(),
-}));
-
-const { mockQueueAuditEvent, mockBuildAuditLogBaseObject } = vi.hoisted(() => ({
-  mockQueueAuditEvent: vi.fn().mockImplementation(async () => undefined),
-  mockBuildAuditLogBaseObject: vi.fn((action: string, targetType: string, apiUrl: string) => ({
-    action,
-    targetType,
-    userId: "unknown",
-    targetId: "unknown",
-    organizationId: "unknown",
-    status: "failure",
-    oldObject: undefined,
-    newObject: undefined,
-    userType: "api",
-    apiUrl,
-  })),
-}));
-
-vi.mock("next-auth", () => ({
-  getServerSession: vi.fn(),
-}));
-
-vi.mock("@/app/api/v1/auth", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("@/app/api/v1/auth")>();
-  return { ...actual, authenticateRequest: mockAuthenticateRequest };
-});
-
-vi.mock("@/modules/core/rate-limit/helpers", () => ({
-  applyRateLimit: vi.fn().mockResolvedValue(undefined),
-  applyIPRateLimit: vi.fn().mockResolvedValue(undefined),
-}));
-
-vi.mock("@/lib/constants", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("@/lib/constants")>();
-  return { ...actual, AUDIT_LOG_ENABLED: false };
-});
-
-vi.mock("@/app/api/v3/lib/auth", () => ({
-  requireV3WorkspaceAccess: vi.fn(),
-}));
-
-vi.mock("@/lib/survey/service", () => ({
-  getSurvey: vi.fn(),
-}));
-
-vi.mock("@/modules/survey/lib/surveys", () => ({
-  deleteSurvey: vi.fn(),
-}));
-
-vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
-  queueAuditEvent: mockQueueAuditEvent,
-}));
-
-vi.mock("@/app/lib/api/with-api-logging", () => ({
-  buildAuditLogBaseObject: mockBuildAuditLogBaseObject,
-}));
-
-vi.mock("@formbricks/logger", () => ({
-  logger: {
-    withContext: vi.fn(() => ({
-      warn: vi.fn(),
-      error: vi.fn(),
-    })),
-  },
-}));
-
-const getServerSession = vi.mocked((await import("next-auth")).getServerSession);
-const queueAuditEvent = vi.mocked((await import("@/modules/ee/audit-logs/lib/handler")).queueAuditEvent);
-
-const surveyId = "clxx1234567890123456789012";
-const environmentId = "clzz9876543210987654321098";
-
-function createRequest(url: string, requestId?: string, extraHeaders?: Record<string, string>): NextRequest {
-  const headers: Record<string, string> = { ...extraHeaders };
-  if (requestId) {
-    headers["x-request-id"] = requestId;
-  }
-
-  return new NextRequest(url, {
-    method: "DELETE",
-    headers,
-  });
-}
-
-const apiKeyAuth = {
-  type: "apiKey" as const,
-  apiKeyId: "key_1",
-  organizationId: "org_1",
-  organizationAccess: {
-    accessControl: { read: true, write: true },
-  },
-  environmentPermissions: [
-    {
-      environmentId,
-      environmentType: EnvironmentType.development,
-      projectId: "proj_1",
-      projectName: "P",
-      permission: ApiKeyPermission.write,
-    },
-  ],
-};
-
-describe("DELETE /api/v3/surveys/[surveyId]", () => {
-  beforeEach(() => {
-    vi.resetAllMocks();
-    getServerSession.mockResolvedValue({
-      user: { id: "user_1", name: "User", email: "u@example.com" },
-      expires: "2026-01-01",
-    } as any);
-    mockAuthenticateRequest.mockResolvedValue(null);
-    vi.mocked(getSurvey).mockResolvedValue({
-      id: surveyId,
-      name: "Delete me",
-      environmentId,
-      type: "link",
-      status: "draft",
-      createdAt: new Date("2026-04-15T10:00:00.000Z"),
-      updatedAt: new Date("2026-04-15T10:00:00.000Z"),
-      responseCount: 0,
-      creator: { name: "User" },
-      singleUse: null,
-    } as any);
-    vi.mocked(deleteSurvey).mockResolvedValue({
-      id: surveyId,
-      environmentId,
-      type: "link",
-      segment: null,
-      triggers: [],
-    } as any);
-    vi.mocked(requireV3WorkspaceAccess).mockResolvedValue({
-      environmentId,
-      projectId: "proj_1",
-      organizationId: "org_1",
-    });
-  });
-
-  afterEach(() => {
-    vi.clearAllMocks();
-  });
-
-  test("returns 401 when no session and no API key", async () => {
-    getServerSession.mockResolvedValue(null);
-    mockAuthenticateRequest.mockResolvedValue(null);
-
-    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`), {
-      params: Promise.resolve({ surveyId }),
-    } as never);
-
-    expect(res.status).toBe(401);
-    expect(vi.mocked(getSurvey)).not.toHaveBeenCalled();
-  });
-
-  test("returns 200 with session auth and deletes the survey", async () => {
-    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-delete"), {
-      params: Promise.resolve({ surveyId }),
-    } as never);
-
-    expect(res.status).toBe(200);
-    expect(requireV3WorkspaceAccess).toHaveBeenCalledWith(
-      expect.objectContaining({ user: expect.any(Object) }),
-      environmentId,
-      "readWrite",
-      "req-delete",
-      `/api/v3/surveys/${surveyId}`
-    );
-    expect(deleteSurvey).toHaveBeenCalledWith(surveyId);
-    expect(await res.json()).toEqual({
-      data: {
-        id: surveyId,
-      },
-    });
-  });
-
-  test("returns 200 with x-api-key when the key can delete in the survey workspace", async () => {
-    getServerSession.mockResolvedValue(null);
-    mockAuthenticateRequest.mockResolvedValue(apiKeyAuth as any);
-
-    const res = await DELETE(
-      createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-api-key", {
-        "x-api-key": "fbk_test",
-      }),
-      {
-        params: Promise.resolve({ surveyId }),
-      } as never
-    );
-
-    expect(res.status).toBe(200);
-    expect(requireV3WorkspaceAccess).toHaveBeenCalledWith(
-      expect.objectContaining({ apiKeyId: "key_1" }),
-      environmentId,
-      "readWrite",
-      "req-api-key",
-      `/api/v3/surveys/${surveyId}`
-    );
-  });
-
-  test("returns 400 when surveyId is invalid", async () => {
-    const res = await DELETE(createRequest("http://localhost/api/v3/surveys/not-a-cuid"), {
-      params: Promise.resolve({ surveyId: "not-a-cuid" }),
-    } as never);
-
-    expect(res.status).toBe(400);
-    expect(vi.mocked(getSurvey)).not.toHaveBeenCalled();
-  });
-
-  test("returns 403 when the survey does not exist", async () => {
-    vi.mocked(getSurvey).mockResolvedValueOnce(null);
-
-    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`), {
-      params: Promise.resolve({ surveyId }),
-    } as never);
-
-    expect(res.status).toBe(403);
-    expect(deleteSurvey).not.toHaveBeenCalled();
-  });
-
-  test("returns 403 when the user lacks readWrite workspace access", async () => {
-    vi.mocked(requireV3WorkspaceAccess).mockResolvedValueOnce(
-      new Response(
-        JSON.stringify({
-          title: "Forbidden",
-          status: 403,
-          detail: "You are not authorized to access this resource",
-          requestId: "req-forbidden",
-        }),
-        { status: 403, headers: { "Content-Type": "application/problem+json" } }
-      )
-    );
-
-    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-forbidden"), {
-      params: Promise.resolve({ surveyId }),
-    } as never);
-
-    expect(res.status).toBe(403);
-    expect(deleteSurvey).not.toHaveBeenCalled();
-    expect(queueAuditEvent).toHaveBeenCalledWith(
-      expect.objectContaining({
-        action: "deleted",
-        targetType: "survey",
-        targetId: "unknown",
-        organizationId: "unknown",
-        userId: "user_1",
-        userType: "user",
-        status: "failure",
-        oldObject: undefined,
-      })
-    );
-  });
-
-  test("returns 500 when survey deletion fails", async () => {
-    vi.mocked(deleteSurvey).mockRejectedValueOnce(new DatabaseError("db down"));
-
-    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-db"), {
-      params: Promise.resolve({ surveyId }),
-    } as never);
-
-    expect(res.status).toBe(500);
-    const body = await res.json();
-    expect(body.code).toBe("internal_server_error");
-  });
-
-  test("returns 403 when the survey is deleted after authorization succeeds", async () => {
-    vi.mocked(deleteSurvey).mockRejectedValueOnce(new ResourceNotFoundError("Survey", surveyId));
-
-    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-race"), {
-      params: Promise.resolve({ surveyId }),
-    } as never);
-
-    expect(res.status).toBe(403);
-    const body = await res.json();
-    expect(body.code).toBe("forbidden");
-    expect(queueAuditEvent).toHaveBeenCalledWith(
-      expect.objectContaining({
-        action: "deleted",
-        targetType: "survey",
-        targetId: surveyId,
-        organizationId: "org_1",
-        userId: "user_1",
-        userType: "user",
-        status: "failure",
-        oldObject: expect.objectContaining({
-          id: surveyId,
-          environmentId,
-        }),
-      })
-    );
-  });
-
-  test("queues an audit log with target, actor, organization, and old object", async () => {
-    await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-audit"), {
-      params: Promise.resolve({ surveyId }),
-    } as never);
-
-    expect(queueAuditEvent).toHaveBeenCalledWith(
-      expect.objectContaining({
-        action: "deleted",
-        targetType: "survey",
-        targetId: surveyId,
-        organizationId: "org_1",
-        userId: "user_1",
-        userType: "user",
-        status: "success",
-        oldObject: expect.objectContaining({
-          id: surveyId,
-          environmentId,
-        }),
-      })
-    );
-  });
-});
@@ -1,72 +0,0 @@
-import { z } from "zod";
-import { logger } from "@formbricks/logger";
-import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
-import { withV3ApiWrapper } from "@/app/api/v3/lib/api-wrapper";
-import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
-import { problemForbidden, problemInternalError, successResponse } from "@/app/api/v3/lib/response";
-import { getSurvey } from "@/lib/survey/service";
-import { deleteSurvey } from "@/modules/survey/lib/surveys";
-
-export const DELETE = withV3ApiWrapper({
-  auth: "both",
-  action: "deleted",
-  targetType: "survey",
-  schemas: {
-    params: z.object({
-      surveyId: z.cuid2(),
-    }),
-  },
-  handler: async ({ parsedInput, authentication, requestId, instance, auditLog }) => {
-    const surveyId = parsedInput.params.surveyId;
-    const log = logger.withContext({ requestId, surveyId });
-
-    try {
-      const survey = await getSurvey(surveyId);
-
-      if (!survey) {
-        log.warn({ statusCode: 403 }, "Survey not found or not accessible");
-        return problemForbidden(requestId, "You are not authorized to access this resource", instance);
-      }
-
-      const authResult = await requireV3WorkspaceAccess(
-        authentication,
-        survey.environmentId,
-        "readWrite",
-        requestId,
-        instance
-      );
-
-      if (authResult instanceof Response) {
-        return authResult;
-      }
-
-      if (auditLog) {
-        auditLog.targetId = survey.id;
-        auditLog.organizationId = authResult.organizationId;
-        auditLog.oldObject = survey;
-      }
-
-      const deletedSurvey = await deleteSurvey(surveyId);
-
-      return successResponse(
-        {
-          id: deletedSurvey.id,
-        },
-        { requestId }
-      );
-    } catch (error) {
-      if (error instanceof ResourceNotFoundError) {
-        log.warn({ errorCode: error.name, statusCode: 403 }, "Survey not found or not accessible");
-        return problemForbidden(requestId, "You are not authorized to access this resource", instance);
-      }
-
-      if (error instanceof DatabaseError) {
-        log.error({ error, statusCode: 500 }, "Database error");
-        return problemInternalError(requestId, "An unexpected error occurred.", instance);
-      }
-
-      log.error({ error, statusCode: 500 }, "V3 survey delete unexpected error");
-      return problemInternalError(requestId, "An unexpected error occurred.", instance);
-    }
-  },
-});
@@ -34,7 +34,7 @@ describe("parseV3SurveysListQuery", () => {
      expect(r.invalid_params[0]).toEqual({
        name: "foo",
        reason:
-          "Unsupported query parameter. Use only workspaceId, limit, cursor, includeTotalCount, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
+          "Unsupported query parameter. Use only workspaceId, limit, cursor, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
      });
  });

@@ -45,7 +45,7 @@ describe("parseV3SurveysListQuery", () => {
      expect(r.invalid_params[0]).toEqual({
        name: "after",
        reason:
-          "Unsupported query parameter. Use only workspaceId, limit, cursor, includeTotalCount, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
+          "Unsupported query parameter. Use only workspaceId, limit, cursor, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
      });
    }
  });
@@ -57,7 +57,7 @@ describe("parseV3SurveysListQuery", () => {
      expect(r.invalid_params[0]).toEqual({
        name: "name",
        reason:
-          "Unsupported query parameter. Use only workspaceId, limit, cursor, includeTotalCount, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
+          "Unsupported query parameter. Use only workspaceId, limit, cursor, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
      });
    }
  });
@@ -68,20 +68,11 @@ describe("parseV3SurveysListQuery", () => {
    if (r.ok) {
      expect(r.limit).toBe(20);
      expect(r.cursor).toBeNull();
-      expect(r.includeTotalCount).toBe(true);
      expect(r.sortBy).toBe("updatedAt");
      expect(r.filterCriteria).toBeUndefined();
    }
  });

-  test("parses includeTotalCount=false", () => {
-    const r = parseV3SurveysListQuery(params(`workspaceId=${wid}&includeTotalCount=false`));
-    expect(r.ok).toBe(true);
-    if (r.ok) {
-      expect(r.includeTotalCount).toBe(false);
-    }
-  });
-
  test("builds filter from explicit operator params", () => {
    const r = parseV3SurveysListQuery(
      params(
@@ -111,7 +102,7 @@ describe("parseV3SurveysListQuery", () => {
      expect(r.invalid_params[0]).toEqual({
        name: "filter[createdBy][in]",
        reason:
-          "Unsupported query parameter. Use only workspaceId, limit, cursor, includeTotalCount, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
+          "Unsupported query parameter. Use only workspaceId, limit, cursor, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
      });
    }
  });
@@ -28,7 +28,6 @@ const SUPPORTED_QUERY_PARAMS = [
  "workspaceId",
  "limit",
  "cursor",
-  "includeTotalCount",
  FILTER_NAME_CONTAINS_QUERY_PARAM,
  FILTER_STATUS_IN_QUERY_PARAM,
  FILTER_TYPE_IN_QUERY_PARAM,
@@ -54,11 +53,6 @@ const ZV3SurveysListQuery = z.object({
  workspaceId: ZId,
  limit: z.coerce.number().int().min(1).max(V3_SURVEYS_MAX_LIMIT).default(V3_SURVEYS_DEFAULT_LIMIT),
  cursor: z.string().min(1).optional(),
-  includeTotalCount: z
-    .enum(["true", "false"])
-    .optional()
-    .transform((value) => value !== "false")
-    .default(true),
  [FILTER_NAME_CONTAINS_QUERY_PARAM]: z
    .string()
    .max(512)
@@ -77,7 +71,6 @@ export type TV3SurveysListQueryParseResult =
      workspaceId: string;
      limit: number;
      cursor: TSurveyListPageCursor | null;
-      includeTotalCount: boolean;
      sortBy: TSurveyListSort;
      filterCriteria: TSurveyFilterCriteria | undefined;
    }
@@ -118,7 +111,6 @@ export function parseV3SurveysListQuery(searchParams: URLSearchParams): TV3Surve
    workspaceId: searchParams.get("workspaceId"),
    limit: searchParams.get("limit") ?? undefined,
    cursor: searchParams.get("cursor")?.trim() || undefined,
-    includeTotalCount: searchParams.get("includeTotalCount")?.trim() || undefined,
    [FILTER_NAME_CONTAINS_QUERY_PARAM]: searchParams.get(FILTER_NAME_CONTAINS_QUERY_PARAM) ?? undefined,
    [FILTER_STATUS_IN_QUERY_PARAM]: statusVals.length > 0 ? statusVals : undefined,
    [FILTER_TYPE_IN_QUERY_PARAM]: typeVals.length > 0 ? typeVals : undefined,
@@ -161,7 +153,6 @@ export function parseV3SurveysListQuery(searchParams: URLSearchParams): TV3Surve
    workspaceId: q.workspaceId,
    limit: q.limit,
    cursor,
-    includeTotalCount: q.includeTotalCount,
    sortBy,
    filterCriteria: buildFilterCriteria(q),
  };
@@ -4,7 +4,7 @@ import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
 import { getSurveyCount } from "@/modules/survey/list/lib/survey";
-import { encodeSurveyListPageCursor, getSurveyListPage } from "@/modules/survey/list/lib/survey-page";
+import { getSurveyListPage } from "@/modules/survey/list/lib/survey-page";
 import { GET } from "./route";

 const { mockAuthenticateRequest } = vi.hoisted(() => ({
@@ -257,29 +257,6 @@ describe("GET /api/v3/surveys", () => {
    expect(getSurveyCount).toHaveBeenCalledWith(resolvedEnvironmentId, undefined);
  });

-  test("skips totalCount when includeTotalCount=false", async () => {
-    vi.mocked(getSurveyListPage).mockResolvedValue({
-      surveys: [],
-      nextCursor: null,
-    });
-    const cursor = encodeSurveyListPageCursor({
-      version: 1,
-      sortBy: "updatedAt",
-      value: "2026-04-15T10:00:00.000Z",
-      id: "survey_1",
-    });
-
-    const req = createRequest(
-      `http://localhost/api/v3/surveys?workspaceId=${validWorkspaceId}&cursor=${cursor}&includeTotalCount=false`
-    );
-    const res = await GET(req, {} as any);
-
-    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body.meta).toEqual({ limit: 20, nextCursor: null, totalCount: null });
-    expect(getSurveyCount).not.toHaveBeenCalled();
-  });
-
  test("passes filter query to getSurveyListPage", async () => {
    const filterCriteria = { status: ["inProgress"] };
    const req = createRequest(
@@ -344,11 +321,11 @@ describe("GET /api/v3/surveys", () => {
    const res = await GET(req, {} as any);
    const body = await res.json();
    expect(body.data[0]).not.toHaveProperty("blocks");
+    expect(body.data[0]).not.toHaveProperty("singleUse");
    expect(body.data[0]).not.toHaveProperty("_count");
    expect(body.data[0]).not.toHaveProperty("environmentId");
    expect(body.data[0].id).toBe("s1");
    expect(body.data[0].workspaceId).toBe("env_1");
-    expect(body.data[0].singleUse).toBeNull();
  });

  test("returns 403 when getSurveyListPage throws ResourceNotFoundError", async () => {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Dhruwang Jariwala	bd05387d99	fix: backport account deletion authorization (#7901 ) (#7903 )	2026-04-28 18:39:00 +05:30
Tiago Farto	9b4be60dd9	fix: backport account deletion authorization (#7901 )	2026-04-28 12:52:06 +00:00
Dhruwang Jariwala	bad3b7a771	fix: (backport) prevent SSRF via redirect following in webhook delivery (#7877 ) (#7892 )	2026-04-27 15:32:12 +05:30
Dhruwang Jariwala	007d99f6b8	fix: prevent Airtable integration crash when token expires (backport #7811 ) (#7873 )	2026-04-27 15:32:03 +05:30
Dhruwang Jariwala	03b7dfefe4	fix: fixes sentry ref issue (backport #7776 ) (#7872 )	2026-04-27 15:31:52 +05:30
Anshuman Pandey	9178558ba1	fix: prevent SSRF via redirect following in webhook delivery (#7877 )	2026-04-27 15:08:17 +05:30
Dhruwang Jariwala	a65e6d9093	fix: prevent Airtable integration crash when token expires (#7811 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-27 11:02:04 +05:30
Anshuman Pandey	592d36542f	fix: fixes sentry ref issue (#7776 )	2026-04-27 11:01:17 +05:30
Tiago	5ec8218666	fix: (backport) password hash visibility improvement (#7814 ) (#7833 )	2026-04-24 14:33:26 +00:00
Tiago Farto	e1a44817f2	fix: password hash visibility improvement (cherry picked from commit `73ad130ece`)	2026-04-24 13:10:40 +00:00
Dhruwang Jariwala	7f5b2bf69d	fix: prevent split offline responses on restore (backport #7767 ) (#7777 )	2026-04-20 12:00:34 +05:30
Dhruwang	60e7c7e8ee	fix(surveys): prevent split offline responses on restore (backport #7767 ) Backport of #7767 to release/4.9. Anchors displayId and responseId back into saved survey progress as soon as they are created, recovers a missing responseId from displayId on restore, and falls back to a bootstrap create path that uses the full accumulated response state. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-20 11:43:46 +05:30
Dhruwang Jariwala	7988d7775c	fix: [backport] remove dark: variant classes from survey-ui to prevent host page style leakage (#7748 )	2026-04-16 11:20:33 +05:30
Dhruwang Jariwala	b7ede6c578	fix: prevent offline replay from dropping survey blocks after completion (#7744 )	2026-04-15 22:00:29 +02:00
Bhagya Amarasinghe	8204a5c652	fix: restore legacy SSO auto-linking hotfix (#7728 )	2026-04-13 20:42:33 +05:30
Anshuman Pandey	e823e10f9a	fix: backports missing posthog events fix (#7723 )	2026-04-13 17:36:39 +05:30
Dhruwang Jariwala	f5c3212b2c	revert: enhance welcome card to support video uploads (backport #7712 ) (#7720 ) Co-authored-by: Johannes <72809645+jobenjada@users.noreply.github.com> Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-13 14:59:20 +05:30
Dhruwang Jariwala	2d66fc6987	fix: prevent TTC overcount for multi-question blocks (backport #7713 ) (#7719 )	2026-04-13 14:40:35 +05:30
Dhruwang Jariwala	652970003d	fix: validate "Other" option text on required questions and remove duplicate response entry (backport #7716 ) (#7717 )	2026-04-13 12:27:08 +04:00
Dhruwang Jariwala	a8b5e286b6	fix: only show beforeunload warning when offline support is active (backport #7715 ) (#7718 )	2026-04-13 12:26:30 +04:00