fix: remove invalid placeholder ARIA roles from membership role controls

`role="button-role"` and `role="badge-role"` are not valid ARIA roles — they look like placeholder values that were never replaced. The underlying `<Button>` already carries the implicit `button` role, and the `<Badge>` is decorative (its text content conveys the value), so the right fix is to drop both attributes rather than substitute new roles. Flagged by react-doctor as react-doctor/aria-role (Accessibility, error). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fix: harden Helm release secret lookups (#8118 )
2026-05-23 19:49:08 -05:00 · 2026-05-23 14:40:40 +02:00 · 2026-05-22 11:54:20 +00:00 · 2026-05-22 10:51:00 +00:00 · 2026-05-22 09:09:03 +00:00 · 2026-05-22 08:09:45 +00:00
296 changed files with 4216 additions and 9128 deletions
@@ -47,7 +47,7 @@ jobs:
      - name: Set up Helm
        uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
        with:
-          version: latest
+          version: v3.15.4

      - name: Log in to GitHub Container Registry
        env:
@@ -66,11 +66,6 @@ const getFeatureDefinitions = (t: TFunction): TFeatureDefinition[] => {
      labelKey: t("workspace.settings.general.ai_smart_tools_enabled"),
      docsUrl: "https://formbricks.com/docs/self-hosting/configuration/ai",
    },
-    {
-      key: "aiDataAnalysis",
-      labelKey: t("workspace.settings.general.ai_data_analysis_enabled"),
-      docsUrl: "https://formbricks.com/docs/self-hosting/configuration/ai",
-    },
    {
      key: "auditLogs",
      labelKey: t("workspace.settings.enterprise.license_feature_audit_logs"),
@@ -57,7 +57,6 @@ describe("organization AI settings actions", () => {
    mocks.getOrganization.mockResolvedValue({
      id: organizationId,
      isAISmartToolsEnabled: false,
-      isAIDataAnalysisEnabled: false,
    });
    mocks.isInstanceAIConfigured.mockReturnValue(true);
    mocks.getTranslate.mockResolvedValue((key: string, values?: Record<string, string>) =>
@@ -66,7 +65,6 @@ describe("organization AI settings actions", () => {
    mocks.updateOrganization.mockResolvedValue({
      id: organizationId,
      isAISmartToolsEnabled: true,
-      isAIDataAnalysisEnabled: false,
    });
    mocks.getIsMultiOrgEnabled.mockResolvedValue(true);
  });
@@ -114,18 +112,15 @@ describe("organization AI settings actions", () => {
      oldObject: {
        id: organizationId,
        isAISmartToolsEnabled: false,
-        isAIDataAnalysisEnabled: false,
      },
      newObject: {
        id: organizationId,
        isAISmartToolsEnabled: true,
-        isAIDataAnalysisEnabled: false,
      },
    });
    expect(result).toEqual({
      id: organizationId,
      isAISmartToolsEnabled: true,
-      isAIDataAnalysisEnabled: false,
    });
  });

@@ -194,7 +189,6 @@ describe("organization AI settings actions", () => {
    mocks.getOrganization.mockResolvedValueOnce({
      id: organizationId,
      isAISmartToolsEnabled: true,
-      isAIDataAnalysisEnabled: false,
    });
    mocks.isInstanceAIConfigured.mockReturnValueOnce(false);

@@ -71,12 +71,11 @@ export const updateOrganizationNameAction = authenticatedActionClient

 type TOrganizationAISettings = Pick<
  NonNullable<Awaited<ReturnType<typeof getOrganization>>>,
-  "isAISmartToolsEnabled" | "isAIDataAnalysisEnabled"
+  "isAISmartToolsEnabled"
 >;

 type TResolvedOrganizationAISettings = {
  smartToolsEnabled: boolean;
-  dataAnalysisEnabled: boolean;
  isEnablingAnyAISetting: boolean;
 };

@@ -90,16 +89,10 @@ const resolveOrganizationAISettings = ({
  const smartToolsEnabled = Object.hasOwn(data, "isAISmartToolsEnabled")
    ? (data.isAISmartToolsEnabled ?? organization.isAISmartToolsEnabled)
    : organization.isAISmartToolsEnabled;
-  const dataAnalysisEnabled = Object.hasOwn(data, "isAIDataAnalysisEnabled")
-    ? (data.isAIDataAnalysisEnabled ?? organization.isAIDataAnalysisEnabled)
-    : organization.isAIDataAnalysisEnabled;

  return {
    smartToolsEnabled,
-    dataAnalysisEnabled,
-    isEnablingAnyAISetting:
-      (smartToolsEnabled && !organization.isAISmartToolsEnabled) ||
-      (dataAnalysisEnabled && !organization.isAIDataAnalysisEnabled),
+    isEnablingAnyAISetting: smartToolsEnabled && !organization.isAISmartToolsEnabled,
  };
 };

@@ -50,29 +50,18 @@ export const AISettingsToggle = ({
    currentValue: organization.isAISmartToolsEnabled,
    isInstanceConfigured: isInstanceAIConfigured,
  });
-  const displayedDataAnalysisValue = getDisplayedOrganizationAISettingValue({
-    currentValue: organization.isAIDataAnalysisEnabled,
-    isInstanceConfigured: isInstanceAIConfigured,
-  });

-  const handleToggle = async (
-    field: "isAISmartToolsEnabled" | "isAIDataAnalysisEnabled",
-    checked: boolean
-  ) => {
+  const handleToggle = async (checked: boolean) => {
    if (checked && !aiEnablementState.canEnableFeatures) {
      toast.error(aiEnablementBlockedMessage);
      return;
    }

-    setLoadingField(field);
+    setLoadingField("isAISmartToolsEnabled");
    try {
-      const data =
-        field === "isAISmartToolsEnabled"
-          ? { isAISmartToolsEnabled: checked }
-          : { isAIDataAnalysisEnabled: checked };
      const response = await updateOrganizationAISettingsAction({
        organizationId: organization.id,
-        data,
+        data: { isAISmartToolsEnabled: checked },
      });

      if (response?.data) {
@@ -122,7 +111,7 @@ export const AISettingsToggle = ({

      <AdvancedOptionToggle
        isChecked={displayedSmartToolsValue}
-        onToggle={(checked) => handleToggle("isAISmartToolsEnabled", checked)}
+        onToggle={handleToggle}
        htmlId="ai-smart-tools-toggle"
        title={t("workspace.settings.general.ai_smart_tools_enabled")}
        description={t("workspace.settings.general.ai_smart_tools_enabled_description")}
@@ -130,16 +119,6 @@ export const AISettingsToggle = ({
        customContainerClass="px-0"
      />

-      <AdvancedOptionToggle
-        isChecked={displayedDataAnalysisValue}
-        onToggle={(checked) => handleToggle("isAIDataAnalysisEnabled", checked)}
-        htmlId="ai-data-analysis-toggle"
-        title={t("workspace.settings.general.ai_data_analysis_enabled")}
-        description={t("workspace.settings.general.ai_data_analysis_enabled_description")}
-        disabled={isToggleDisabled}
-        customContainerClass="px-0"
-      />
-
      {!canEdit && (
        <Alert variant="warning">
          <AlertDescription>
@@ -9,7 +9,6 @@ import {
 import { getUser } from "@/lib/user/service";
 import { getTranslate } from "@/lingodotdev/server";
 import {
-  getIsAIDataAnalysisEnabled,
  getIsAISmartToolsEnabled,
  getIsMultiOrgEnabled,
  getWhiteLabelPermission,
@@ -38,14 +37,11 @@ const Page = async (props: Readonly<{ params: Promise<{ workspaceId: string }> }

  const user = session?.user?.id ? await getUser(session.user.id) : null;

-  const [isMultiOrgEnabled, hasWhiteLabelPermission, hasAISmartToolsPermission, hasAIDataAnalysisPermission] =
-    await Promise.all([
-      getIsMultiOrgEnabled(),
-      getWhiteLabelPermission(organization.id),
-      getIsAISmartToolsEnabled(organization.id),
-      getIsAIDataAnalysisEnabled(organization.id),
-    ]);
-  const hasAIPermission = hasAISmartToolsPermission || hasAIDataAnalysisPermission;
+  const [isMultiOrgEnabled, hasWhiteLabelPermission, hasAIPermission] = await Promise.all([
+    getIsMultiOrgEnabled(),
+    getWhiteLabelPermission(organization.id),
+    getIsAISmartToolsEnabled(organization.id),
+  ]);

  const isDeleteDisabled = !isOwner || !isMultiOrgEnabled;
  const currentUserRole = currentUserMembership?.role;
@@ -4,7 +4,6 @@ import { ZOrganizationUpdateInput } from "@formbricks/types/organizations";

 export const ZOrganizationAISettingsInput = ZOrganizationUpdateInput.pick({
  isAISmartToolsEnabled: true,
-  isAIDataAnalysisEnabled: true,
 });

 export const ZUpdateOrganizationAISettingsAction = z.object({
@@ -2,7 +2,7 @@

 import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
-import { OperationNotAllowedError, ResourceNotFoundError, UnknownError } from "@formbricks/types/errors";
+import { InvalidInputError, OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { getEmailTemplateHtml } from "@/app/(app)/workspaces/[workspaceId]/surveys/[surveyId]/(analysis)/summary/lib/emailTemplate";
 import { capturePostHogEvent } from "@/lib/posthog";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
@@ -176,7 +176,7 @@ export const generatePersonalLinksAction = authenticatedActionClient
    );

    if (!contactsResult || contactsResult.length === 0) {
-      throw new UnknownError("No contacts found for the selected segment");
+      throw new InvalidInputError("No contacts found for the selected segment");
    }

    capturePostHogEvent(
@@ -1,52 +0,0 @@
-import "server-only";
-import { Prisma } from "@prisma/client";
-import { prisma } from "@formbricks/database";
-import type { TContactAttributes } from "@formbricks/types/contact-attribute";
-import type { TResponse } from "@formbricks/types/responses";
-import type { TTag } from "@formbricks/types/tags";
-import { evaluateResponseQuotas } from "@/modules/ee/quotas/lib/evaluation-service";
-
-type TQuotaEvaluationResponseInput = {
-  surveyId: string;
-  data: TResponse["data"];
-  variables?: TResponse["variables"];
-  language?: string;
-};
-
-export const buildClientResponse = (
-  responsePrisma: Omit<TResponse, "contact" | "tags"> & { tags: { tag: TTag }[] },
-  contact: { id: string; attributes: TContactAttributes } | null
-): TResponse => ({
-  ...responsePrisma,
-  contact: contact
-    ? {
-        id: contact.id,
-        userId: contact.attributes.userId,
-      }
-    : null,
-  tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
-});
-
-export const createResponseWithQuotaEvaluation = async <TInput extends TQuotaEvaluationResponseInput>(
-  responseInput: TInput,
-  createResponse: (responseInput: TInput, tx: Prisma.TransactionClient) => Promise<TResponse>
-) => {
-  return await prisma.$transaction(async (tx: Prisma.TransactionClient) => {
-    const response = await createResponse(responseInput, tx);
-
-    const quotaResult = await evaluateResponseQuotas({
-      surveyId: responseInput.surveyId,
-      responseId: response.id,
-      data: responseInput.data,
-      variables: responseInput.variables,
-      language: responseInput.language,
-      responseFinished: response.finished,
-      tx,
-    });
-
-    return {
-      ...response,
-      ...(quotaResult.quotaFull && { quotaFull: quotaResult.quotaFull }),
-    };
-  });
-};
@@ -313,9 +313,18 @@ describe("handleErrorResponse", () => {
    expect(body.message).toBe("bad input");
  });

-  test("returns 400 badRequest for ResourceNotFoundError", async () => {
+  test("returns 404 notFound for ResourceNotFoundError", async () => {
    const response = handleErrorResponse(new ResourceNotFoundError("Survey", "id-1"));
-    expect(response.status).toBe(400);
+    expect(response.status).toBe(404);
+    const body = await response.json();
+    expect(body).toEqual({
+      code: "not_found",
+      message: "Survey not found",
+      details: {
+        resource_id: "id-1",
+        resource_type: "Survey",
+      },
+    });
  });

  test("returns 500 internalServerError for unknown errors", async () => {
@@ -29,11 +29,10 @@ export const handleErrorResponse = (error: any): Response => {
      if (error instanceof UniqueConstraintError) {
        return responses.conflictResponse(error.message);
      }
-      if (
-        error instanceof DatabaseError ||
-        error instanceof InvalidInputError ||
-        error instanceof ResourceNotFoundError
-      ) {
+      if (error instanceof ResourceNotFoundError) {
+        return responses.notFoundResponse(error.resourceType, error.resourceId);
+      }
+      if (error instanceof DatabaseError || error instanceof InvalidInputError) {
        return responses.badRequestResponse(error.message);
      }
      return responses.internalServerErrorResponse("Some error occurred");
@@ -1,6 +1,7 @@
 import { logger } from "@formbricks/logger";
 import { ZDisplayCreateInput } from "@formbricks/types/displays";
 import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -32,7 +33,25 @@ export const POST = withV1ApiWrapper({
    }
    const { workspaceId } = resolved;

-    const jsonInput = await req.json();
+    let jsonInput;
+    try {
+      jsonInput = await parseJsonBodyWithLimit<Record<string, unknown>>(req);
+    } catch (error) {
+      if (error instanceof RequestBodyTooLargeError) {
+        return {
+          response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }, true),
+        };
+      }
+
+      return {
+        response: responses.badRequestResponse(
+          "Malformed JSON input, please check your request body",
+          { error: error instanceof Error ? error.message : "Unknown error occurred" },
+          true
+        ),
+      };
+    }
+
    const inputValidation = ZDisplayCreateInput.safeParse({
      ...jsonInput,
      workspaceId,
@@ -1,7 +1,12 @@
 import { Prisma } from "@prisma/client";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
-import { DatabaseError, ResourceNotFoundError, UniqueConstraintError } from "@formbricks/types/errors";
+import {
+  DatabaseError,
+  InvalidInputError,
+  ResourceNotFoundError,
+  UniqueConstraintError,
+} from "@formbricks/types/errors";
 import { TSurveyQuota } from "@formbricks/types/quota";
 import { TResponseInput } from "@formbricks/types/responses";
 import { getOrganization } from "@/lib/organization/service";
@@ -155,6 +160,16 @@ describe("createResponse", () => {
    await expect(createResponse(mockResponseInput, prisma)).rejects.toThrow(UniqueConstraintError);
  });

+  test("should throw InvalidInputError on P2002 with displayId target (race condition)", async () => {
+    const prismaError = new Prisma.PrismaClientKnownRequestError("Unique constraint failed", {
+      code: "P2002",
+      clientVersion: "test",
+      meta: { target: ["displayId"] },
+    });
+    vi.mocked(prisma.response.create).mockRejectedValue(prismaError);
+    await expect(createResponse(mockResponseInput, prisma)).rejects.toThrow(InvalidInputError);
+  });
+
  test("should throw original error on other Prisma errors", async () => {
    const genericError = new Error("Generic database error");
    vi.mocked(prisma.response.create).mockRejectedValue(genericError);
@@ -2,22 +2,26 @@ import "server-only";
 import { Prisma } from "@prisma/client";
 import { prisma } from "@formbricks/database";
 import { TContactAttributes } from "@formbricks/types/contact-attribute";
-import { DatabaseError, ResourceNotFoundError, UniqueConstraintError } from "@formbricks/types/errors";
+import {
+  DatabaseError,
+  InvalidInputError,
+  ResourceNotFoundError,
+  UniqueConstraintError,
+} from "@formbricks/types/errors";
 import { TResponseWithQuotaFull } from "@formbricks/types/quota";
 import { TResponse, TResponseInput, ZResponseInput } from "@formbricks/types/responses";
-import {
-  buildClientResponse,
-  createResponseWithQuotaEvaluation as createClientResponseWithQuotaEvaluation,
-} from "@/app/api/client/[workspaceId]/responses/lib/response";
+import { TTag } from "@formbricks/types/tags";
 import {
  isPrismaKnownRequestError,
  isSingleUseIdUniqueConstraintError,
 } from "@/app/api/client/[workspaceId]/responses/lib/response-error";
 import { buildPrismaResponseData } from "@/app/api/v1/lib/utils";
+import { assertDisplayOwnership } from "@/lib/display/service";
 import { getOrganization } from "@/lib/organization/service";
 import { calculateTtcTotal } from "@/lib/response/utils";
 import { getOrganizationIdFromWorkspaceId } from "@/lib/utils/helper";
 import { validateInputs } from "@/lib/utils/validate";
+import { evaluateResponseQuotas } from "@/modules/ee/quotas/lib/evaluation-service";
 import { getContactByUserId } from "./contact";

 export const responseSelection = {
@@ -61,7 +65,26 @@ export const responseSelection = {
 export const createResponseWithQuotaEvaluation = async (
  responseInput: TResponseInput
 ): Promise<TResponseWithQuotaFull> => {
-  return await createClientResponseWithQuotaEvaluation(responseInput, createResponse);
+  const txResponse = await prisma.$transaction(async (tx) => {
+    const response = await createResponse(responseInput, tx);
+
+    const quotaResult = await evaluateResponseQuotas({
+      surveyId: responseInput.surveyId,
+      responseId: response.id,
+      data: responseInput.data,
+      variables: responseInput.variables,
+      language: responseInput.language,
+      responseFinished: response.finished,
+      tx,
+    });
+
+    return {
+      ...response,
+      ...(quotaResult.quotaFull && { quotaFull: quotaResult.quotaFull }),
+    };
+  });
+
+  return txResponse;
 };

 export const createResponse = async (
@@ -87,6 +110,16 @@ export const createResponse = async (

    const ttc = initialTtc ? (finished ? calculateTtcTotal(initialTtc) : initialTtc) : {};

+    if (responseInput.displayId) {
+      await assertDisplayOwnership(
+        responseInput.displayId,
+        workspaceId,
+        responseInput.surveyId,
+        contact?.id ?? null,
+        tx
+      );
+    }
+
    const prismaData = buildPrismaResponseData(
      { ...responseInput, createdAt: undefined, updatedAt: undefined },
      contact,
@@ -100,9 +133,27 @@ export const createResponse = async (
      select: responseSelection,
    });

-    return buildClientResponse(responsePrisma, contact);
+    const response = {
+      ...responsePrisma,
+      contact: contact
+        ? {
+            id: contact.id,
+            userId: contact.attributes.userId,
+          }
+        : null,
+      tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
+    };
+
+    return response;
  } catch (error) {
    if (isPrismaKnownRequestError(error)) {
+      if (
+        error.code === "P2002" &&
+        Array.isArray(error.meta?.target) &&
+        error.meta.target.includes("displayId")
+      ) {
+        throw new InvalidInputError(`Display ${responseInput.displayId} is already linked to a response`);
+      }
      if (isSingleUseIdUniqueConstraintError(error)) {
        throw new UniqueConstraintError("Response already submitted for this single-use link");
      }
@@ -6,6 +6,7 @@ import { TResponseWithQuotaFull } from "@formbricks/types/quota";
 import { TResponseInput, ZResponseInput } from "@formbricks/types/responses";
 import { TSurvey } from "@formbricks/types/surveys/types";
 import { validateSingleUseResponseInput } from "@/app/api/client/[workspaceId]/responses/lib/single-use";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -56,11 +57,17 @@ export const POST = withV1ApiWrapper({
    const requestHeaders = await headers();
    let responseInput;
    try {
-      responseInput = await req.json();
+      responseInput = await parseJsonBodyWithLimit<Record<string, unknown>>(req);
    } catch (error) {
+      if (error instanceof RequestBodyTooLargeError) {
+        return {
+          response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }, true),
+        };
+      }
+
      return {
        response: responses.badRequestResponse(
-          "Invalid JSON in request body",
+          "Malformed JSON input, please check your request body",
          { error: error instanceof Error ? error.message : "Unknown error occurred" },
          true
        ),
@@ -211,7 +218,7 @@ export const POST = withV1ApiWrapper({
      response: responseData,
    });

-    if (responseInput.finished) {
+    if (responseInputData.finished) {
      await sendToPipeline({
        event: "responseFinished",
        workspaceId,
@@ -3,6 +3,7 @@ import { TActionClass, ZActionClassInput } from "@formbricks/types/action-classe
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
 import { handleErrorResponse } from "@/app/api/v1/auth";
 import { resolveBodyIds } from "@/app/api/v1/management/lib/workspace-resolver";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -84,8 +85,14 @@ export const PUT = withV1ApiWrapper({

      let actionClassUpdate;
      try {
-        actionClassUpdate = await req.json();
+        actionClassUpdate = await parseJsonBodyWithLimit<Record<string, unknown>>(req);
      } catch (error) {
+        if (error instanceof RequestBodyTooLargeError) {
+          return {
+            response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }),
+          };
+        }
+
        logger.error({ error, url: req.url }, "Error parsing JSON");
        return {
          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
@@ -2,6 +2,7 @@ import { logger } from "@formbricks/logger";
 import { TActionClass, ZActionClassInput } from "@formbricks/types/action-classes";
 import { DatabaseError, UniqueConstraintError } from "@formbricks/types/errors";
 import { resolveBodyIds } from "@/app/api/v1/management/lib/workspace-resolver";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -45,8 +46,14 @@ export const POST = withV1ApiWrapper({
    try {
      let actionClassInput;
      try {
-        actionClassInput = await req.json();
+        actionClassInput = await parseJsonBodyWithLimit<Record<string, unknown>>(req);
      } catch (error) {
+        if (error instanceof RequestBodyTooLargeError) {
+          return {
+            response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }),
+          };
+        }
+
        logger.error({ error, url: req.url }, "Error parsing JSON input");
        return {
          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
@@ -1,6 +1,7 @@
 import { logger } from "@formbricks/logger";
-import { ZResponseUpdateInput } from "@formbricks/types/responses";
+import { TResponseData, ZResponseUpdateInput } from "@formbricks/types/responses";
 import { handleErrorResponse } from "@/app/api/v1/auth";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { TApiV1Authentication, THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -12,6 +13,11 @@ import { hasPermission } from "@/modules/organization/settings/api-keys/lib/util
 import { resolveStorageUrlsInObject, validateFileUploads } from "@/modules/storage/utils";
 import { updateResponseWithQuotaEvaluation } from "./lib/response";

+type TUncheckedResponseUpdate = Record<string, unknown> & {
+  data: TResponseData;
+  language?: string;
+};
+
 async function fetchAndAuthorizeResponse(
  responseId: string,
  authentication: TApiV1Authentication | undefined,
@@ -120,10 +126,16 @@ export const PUT = withV1ApiWrapper({
        auditLog.oldObject = result.response;
      }

-      let responseUpdate;
+      let responseUpdate: TUncheckedResponseUpdate;
      try {
-        responseUpdate = await req.json();
+        responseUpdate = await parseJsonBodyWithLimit<TUncheckedResponseUpdate>(req);
      } catch (error) {
+        if (error instanceof RequestBodyTooLargeError) {
+          return {
+            response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }),
+          };
+        }
+
        logger.error({ error, url: req.url }, "Error parsing JSON");
        return {
          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
@@ -2,6 +2,7 @@ import { logger } from "@formbricks/logger";
 import { DatabaseError, InvalidInputError } from "@formbricks/types/errors";
 import { TResponse, TResponseInput, ZResponseInput } from "@formbricks/types/responses";
 import { resolveBodyIds } from "@/app/api/v1/management/lib/workspace-resolver";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -91,8 +92,14 @@ export const POST = withV1ApiWrapper({
    try {
      let jsonInput;
      try {
-        jsonInput = await req.json();
+        jsonInput = await parseJsonBodyWithLimit<Record<string, unknown>>(req);
      } catch (error) {
+        if (error instanceof RequestBodyTooLargeError) {
+          return {
+            response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }),
+          };
+        }
+
        logger.error({ error, url: req.url }, "Error parsing JSON input");
        return {
          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
@@ -2,6 +2,7 @@ import { logger } from "@formbricks/logger";
 import { ZUploadPublicFileRequest } from "@formbricks/types/storage";
 import { resolveBodyIds } from "@/app/api/v1/management/lib/workspace-resolver";
 import { checkAuth } from "@/app/api/v1/management/storage/lib/utils";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -19,8 +20,14 @@ export const POST = withV1ApiWrapper({
    let storageInput;

    try {
-      storageInput = await req.json();
+      storageInput = await parseJsonBodyWithLimit<Record<string, unknown>>(req);
    } catch (error) {
+      if (error instanceof RequestBodyTooLargeError) {
+        return {
+          response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }),
+        };
+      }
+
      logger.error({ error, url: req.url }, "Error parsing JSON input");
      return {
        response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
@@ -9,6 +9,7 @@ import {
  addLegacyProjectOverwrites,
  normaliseProjectOverwritesToWorkspace,
 } from "@/app/lib/api/api-backwards-compat";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import {
  transformBlocksToQuestions,
@@ -22,6 +23,12 @@ import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { resolveStorageUrlsInObject } from "@/modules/storage/utils";

+type TSurveyUpdateBody = Record<string, unknown> & {
+  blocks?: Parameters<typeof validateSurveyInput>[0]["blocks"];
+  endings?: Parameters<typeof transformQuestionsToBlocks>[1];
+  questions?: Parameters<typeof transformQuestionsToBlocks>[0];
+};
+
 const fetchAndAuthorizeSurvey = async (
  surveyId: string,
  authentication: TAuthenticationApiKey,
@@ -164,10 +171,16 @@ export const PUT = withV1ApiWrapper({
        };
      }

-      let surveyUpdate;
+      let surveyUpdate: TSurveyUpdateBody;
      try {
-        surveyUpdate = await req.json();
+        surveyUpdate = await parseJsonBodyWithLimit<TSurveyUpdateBody>(req);
      } catch (error) {
+        if (error instanceof RequestBodyTooLargeError) {
+          return {
+            response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }),
+          };
+        }
+
        logger.error({ error, url: req.url }, "Error parsing JSON input");
        return {
          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
@@ -188,7 +201,7 @@ export const PUT = withV1ApiWrapper({

      if (hasQuestions) {
        surveyUpdate.blocks = transformQuestionsToBlocks(
-          surveyUpdate.questions,
+          surveyUpdate.questions ?? [],
          surveyUpdate.endings || result.survey.endings
        );
        surveyUpdate.questions = [];
@@ -208,7 +221,11 @@ export const PUT = withV1ApiWrapper({
        };
      }

-      const featureCheckResult = await checkFeaturePermissions(surveyUpdate, organization, result.survey);
+      const featureCheckResult = await checkFeaturePermissions(
+        surveyUpdate as Parameters<typeof checkFeaturePermissions>[0],
+        organization,
+        result.survey
+      );
      if (featureCheckResult) {
        return {
          response: featureCheckResult,
@@ -51,7 +51,6 @@ const mockOrganization: TOrganization = {
    usageCycleAnchor: new Date(),
  },
  isAISmartToolsEnabled: false,
-  isAIDataAnalysisEnabled: false,
 };

 const mockFollowUp: TSurveyCreateInputWithWorkspaceId["followUps"][number] = {
@@ -8,6 +8,7 @@ import {
  addLegacyProjectOverwritesToList,
  normaliseProjectOverwritesToWorkspace,
 } from "@/app/lib/api/api-backwards-compat";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import {
  transformBlocksToQuestions,
@@ -84,8 +85,14 @@ export const POST = withV1ApiWrapper({
    try {
      let surveyInput;
      try {
-        surveyInput = await req.json();
+        surveyInput = await parseJsonBodyWithLimit<Record<string, unknown>>(req);
      } catch (error) {
+        if (error instanceof RequestBodyTooLargeError) {
+          return {
+            response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }),
+          };
+        }
+
        logger.error({ error, url: req.url }, "Error parsing JSON");
        return {
          response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
@@ -2,6 +2,7 @@ import { DatabaseError, InvalidInputError } from "@formbricks/types/errors";
 import { resolveBodyIds } from "@/app/api/v1/management/lib/workspace-resolver";
 import { createWebhook, getWebhooks } from "@/app/api/v1/webhooks/lib/webhook";
 import { ZWebhookInput } from "@/app/api/v1/webhooks/types/webhooks";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -40,8 +41,14 @@ export const POST = withV1ApiWrapper({

    let webhookInput;
    try {
-      webhookInput = await req.json();
-    } catch {
+      webhookInput = await parseJsonBodyWithLimit<Record<string, unknown>>(req);
+    } catch (error) {
+      if (error instanceof RequestBodyTooLargeError) {
+        return {
+          response: responses.payloadTooLargeResponse("Payload Too Large", { error: error.message }),
+        };
+      }
+
      return {
        response: responses.badRequestResponse("Malformed JSON input, please check your request body"),
      };
@@ -2,7 +2,12 @@ import { Prisma } from "@prisma/client";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { TContactAttributes } from "@formbricks/types/contact-attribute";
-import { DatabaseError, ResourceNotFoundError, UniqueConstraintError } from "@formbricks/types/errors";
+import {
+  DatabaseError,
+  InvalidInputError,
+  ResourceNotFoundError,
+  UniqueConstraintError,
+} from "@formbricks/types/errors";
 import { TResponseWithQuotaFull, TSurveyQuota } from "@formbricks/types/quota";
 import { TResponse } from "@formbricks/types/responses";
 import { TTag } from "@formbricks/types/tags";
@@ -190,7 +195,19 @@ describe("createResponse V2", () => {
    ).rejects.toThrow(UniqueConstraintError);
  });

-  test("should throw DatabaseError on P2002 without singleUseId target", async () => {
+  test("should throw DatabaseError on P2002 without singleUseId or displayId target", async () => {
+    const prismaError = new Prisma.PrismaClientKnownRequestError("Unique constraint failed", {
+      code: "P2002",
+      clientVersion: "test",
+      meta: { target: ["someOtherField"] },
+    });
+    vi.mocked(mockTx.response.create).mockRejectedValue(prismaError);
+    await expect(
+      createResponse(mockResponseInput, mockTx as unknown as Prisma.TransactionClient)
+    ).rejects.toThrow(DatabaseError);
+  });
+
+  test("should throw InvalidInputError on P2002 with displayId target (race condition)", async () => {
    const prismaError = new Prisma.PrismaClientKnownRequestError("Unique constraint failed", {
      code: "P2002",
      clientVersion: "test",
@@ -199,7 +216,7 @@ describe("createResponse V2", () => {
    vi.mocked(mockTx.response.create).mockRejectedValue(prismaError);
    await expect(
      createResponse(mockResponseInput, mockTx as unknown as Prisma.TransactionClient)
-    ).rejects.toThrow(DatabaseError);
+    ).rejects.toThrow(InvalidInputError);
  });

  test("should throw DatabaseError on non-P2002 Prisma known request error", async () => {
@@ -2,29 +2,52 @@ import "server-only";
 import { Prisma } from "@prisma/client";
 import { prisma } from "@formbricks/database";
 import { TContactAttributes } from "@formbricks/types/contact-attribute";
-import { DatabaseError, ResourceNotFoundError, UniqueConstraintError } from "@formbricks/types/errors";
+import {
+  DatabaseError,
+  InvalidInputError,
+  ResourceNotFoundError,
+  UniqueConstraintError,
+} from "@formbricks/types/errors";
 import { TResponseWithQuotaFull } from "@formbricks/types/quota";
 import { TResponse, ZResponseInput } from "@formbricks/types/responses";
-import {
-  buildClientResponse,
-  createResponseWithQuotaEvaluation as createClientResponseWithQuotaEvaluation,
-} from "@/app/api/client/[workspaceId]/responses/lib/response";
+import { TTag } from "@formbricks/types/tags";
 import {
  isPrismaKnownRequestError,
  isSingleUseIdUniqueConstraintError,
 } from "@/app/api/client/[workspaceId]/responses/lib/response-error";
 import { responseSelection } from "@/app/api/v1/client/[workspaceId]/responses/lib/response";
 import { TResponseInputV2 } from "@/app/api/v2/client/[workspaceId]/responses/types/response";
+import { assertDisplayOwnership } from "@/lib/display/service";
 import { getOrganization } from "@/lib/organization/service";
 import { calculateTtcTotal } from "@/lib/response/utils";
 import { getOrganizationIdFromWorkspaceId } from "@/lib/utils/helper";
 import { validateInputs } from "@/lib/utils/validate";
+import { evaluateResponseQuotas } from "@/modules/ee/quotas/lib/evaluation-service";
 import { getContact } from "./contact";

 export const createResponseWithQuotaEvaluation = async (
  responseInput: TResponseInputV2
 ): Promise<TResponseWithQuotaFull> => {
-  return await createClientResponseWithQuotaEvaluation(responseInput, createResponse);
+  const txResponse = await prisma.$transaction(async (tx: Prisma.TransactionClient) => {
+    const response = await createResponse(responseInput, tx);
+
+    const quotaResult = await evaluateResponseQuotas({
+      surveyId: responseInput.surveyId,
+      responseId: response.id,
+      data: responseInput.data,
+      variables: responseInput.variables,
+      language: responseInput.language,
+      responseFinished: response.finished,
+      tx,
+    });
+
+    return {
+      ...response,
+      ...(quotaResult.quotaFull && { quotaFull: quotaResult.quotaFull }),
+    };
+  });
+
+  return txResponse;
 };

 const buildPrismaResponseData = (
@@ -82,6 +105,16 @@ export const createResponse = async (

    const ttc = initialTtc ? (finished ? calculateTtcTotal(initialTtc) : initialTtc) : {};

+    if (responseInput.displayId) {
+      await assertDisplayOwnership(
+        responseInput.displayId,
+        workspaceId,
+        responseInput.surveyId,
+        contactId ?? null,
+        tx
+      );
+    }
+
    const prismaData = buildPrismaResponseData(responseInput, contact, ttc);

    const prismaClient = tx ?? prisma;
@@ -91,9 +124,27 @@ export const createResponse = async (
      select: responseSelection,
    });

-    return buildClientResponse(responsePrisma, contact);
+    const response: TResponse = {
+      ...responsePrisma,
+      contact: contact
+        ? {
+            id: contact.id,
+            userId: contact.attributes.userId,
+          }
+        : null,
+      tags: responsePrisma.tags.map((tagPrisma: { tag: TTag }) => tagPrisma.tag),
+    };
+
+    return response;
  } catch (error) {
    if (isPrismaKnownRequestError(error)) {
+      if (
+        error.code === "P2002" &&
+        Array.isArray(error.meta?.target) &&
+        error.meta.target.includes("displayId")
+      ) {
+        throw new InvalidInputError(`Display ${responseInput.displayId} is already linked to a response`);
+      }
      if (isSingleUseIdUniqueConstraintError(error)) {
        throw new UniqueConstraintError("Response already submitted for this single-use link");
      }
@@ -2,6 +2,7 @@ import { NextRequest } from "next/server";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
 import { z } from "zod";
 import { TooManyRequestsError } from "@formbricks/types/errors";
+import { DEFAULT_REQUEST_BODY_LIMIT_BYTES } from "@/app/lib/api/request-body";
 import { withV3ApiWrapper } from "./api-wrapper";

 const { mockAuthenticateRequest, mockGetServerSession } = vi.hoisted(() => ({
@@ -135,7 +136,7 @@ describe("withV3ApiWrapper", () => {
      apiKeyId: "key_1",
      organizationId: "org_1",
      organizationAccess: { accessControl: { read: true, write: true } },
-      workspacePermissions: [],
+      environmentPermissions: [],
    });

    const wrapped = withV3ApiWrapper({
@@ -414,6 +415,44 @@ describe("withV3ApiWrapper", () => {
    ]);
  });

+  test("returns 413 problem response for oversized JSON input", async () => {
+    const handler = vi.fn(async () => Response.json({ ok: true }));
+    const wrapped = withV3ApiWrapper({
+      auth: "none",
+      schemas: {
+        body: z.object({
+          name: z.string(),
+        }),
+      },
+      handler,
+    });
+
+    const response = await wrapped(
+      new NextRequest("http://localhost/api/v3/surveys", {
+        method: "POST",
+        body: "{}",
+        headers: {
+          "Content-Length": String(DEFAULT_REQUEST_BODY_LIMIT_BYTES + 1),
+          "Content-Type": "application/json",
+          "x-request-id": "req-payload-too-large",
+        },
+      }),
+      {} as never
+    );
+
+    expect(response.status).toBe(413);
+    expect(handler).not.toHaveBeenCalled();
+    await expect(response.json()).resolves.toEqual(
+      expect.objectContaining({
+        code: "payload_too_large",
+        detail: `Request body must not exceed ${DEFAULT_REQUEST_BODY_LIMIT_BYTES} bytes`,
+        requestId: "req-payload-too-large",
+        status: 413,
+        title: "Payload Too Large",
+      })
+    );
+  });
+
  test("returns 400 problem response for invalid route params", async () => {
    const handler = vi.fn(async () => Response.json({ ok: true }));
    const wrapped = withV3ApiWrapper({
@@ -440,46 +479,6 @@ describe("withV3ApiWrapper", () => {
    );
  });

-  test("preserves machine-readable validation metadata from Zod issues", async () => {
-    const handler = vi.fn(async () => Response.json({ ok: true }));
-    const wrapped = withV3ApiWrapper({
-      auth: "none",
-      schemas: {
-        body: z.unknown().superRefine((_value, ctx) => {
-          ctx.addIssue({
-            code: "custom",
-            message: "Unsupported field 'extra'",
-            path: ["extra"],
-            params: { code: "unsupported_field" },
-          });
-        }),
-      },
-      handler,
-    });
-
-    const response = await wrapped(
-      new NextRequest("http://localhost/api/v3/surveys", {
-        method: "POST",
-        body: JSON.stringify({ extra: true }),
-        headers: {
-          "Content-Type": "application/json",
-        },
-      }),
-      {} as never
-    );
-
-    expect(response.status).toBe(400);
-    expect(handler).not.toHaveBeenCalled();
-    const body = await response.json();
-    expect(body.invalid_params).toEqual([
-      {
-        name: "extra",
-        reason: "Unsupported field 'extra'",
-        code: "unsupported_field",
-      },
-    ]);
-  });
-
  test("returns 429 problem response when rate limited", async () => {
    const { applyRateLimit } = await import("@/modules/core/rate-limit/helpers");
    mockGetServerSession.mockResolvedValue({
@@ -501,42 +500,6 @@ describe("withV3ApiWrapper", () => {
    expect(body.code).toBe("too_many_requests");
  });

-  test("applies rate limiting before parsing request bodies", async () => {
-    const { applyRateLimit } = await import("@/modules/core/rate-limit/helpers");
-    mockGetServerSession.mockResolvedValue({
-      user: { id: "user_1" },
-      expires: "2026-01-01",
-    });
-    vi.mocked(applyRateLimit).mockRejectedValueOnce(new TooManyRequestsError("Too many requests", 60));
-
-    const handler = vi.fn(async () => Response.json({ ok: true }));
-    const wrapped = withV3ApiWrapper({
-      auth: "both",
-      schemas: {
-        body: z.object({
-          name: z.string(),
-        }),
-      },
-      handler,
-    });
-
-    const response = await wrapped(
-      new NextRequest("http://localhost/api/v3/surveys", {
-        method: "POST",
-        body: "{",
-        headers: {
-          "Content-Type": "application/json",
-        },
-      }),
-      {} as never
-    );
-
-    expect(response.status).toBe(429);
-    expect(handler).not.toHaveBeenCalled();
-    const body = await response.json();
-    expect(body.code).toBe("too_many_requests");
-  });
-
  test("returns 500 problem response when the handler throws unexpectedly", async () => {
    mockGetServerSession.mockResolvedValue({
      user: { id: "user_1" },
@@ -4,6 +4,7 @@ import { z } from "zod";
 import { logger } from "@formbricks/logger";
 import { TooManyRequestsError } from "@formbricks/types/errors";
 import { authenticateRequest } from "@/app/api/v1/auth";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { buildAuditLogBaseObject } from "@/app/lib/api/with-api-logging";
 import { getApiKeyFromHeaders } from "@/modules/api/lib/api-key-auth";
 import { authOptions } from "@/modules/auth/lib/authOptions";
@@ -14,9 +15,9 @@ import { queueAuditEvent } from "@/modules/ee/audit-logs/lib/handler";
 import { TAuditAction, TAuditTarget } from "@/modules/ee/audit-logs/types/audit-log";
 import {
  type InvalidParam,
-  isInvalidParamCode,
  problemBadRequest,
  problemInternalError,
+  problemPayloadTooLarge,
  problemTooManyRequests,
  problemUnauthorized,
 } from "./response";
@@ -71,21 +72,11 @@ function getUnauthenticatedDetail(authMode: TV3AuthMode): string {
  return "Not authenticated";
 }

-function isPlainObject(value: unknown): value is Record<string, unknown> {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-
 function formatZodIssues(error: z.ZodError, fallbackName: "body" | "query" | "params"): InvalidParam[] {
-  return error.issues.map((issue) => {
-    const params = "params" in issue && isPlainObject(issue.params) ? issue.params : {};
-    const code = isInvalidParamCode(params.code) ? params.code : undefined;
-
-    return {
-      name: issue.path.length > 0 ? issue.path.join(".") : fallbackName,
-      reason: issue.message,
-      ...(code ? { code } : {}),
-    };
-  });
+  return error.issues.map((issue) => ({
+    name: issue.path.length > 0 ? issue.path.join(".") : fallbackName,
+    reason: issue.message,
+  }));
 }

 function searchParamsToObject(searchParams: URLSearchParams): Record<string, string | string[]> {
@@ -181,8 +172,15 @@ async function parseV3Input<S extends TV3Schemas | undefined, TProps>(
    let bodyData: unknown;

    try {
-      bodyData = await req.json();
-    } catch {
+      bodyData = await parseJsonBodyWithLimit(req);
+    } catch (error) {
+      if (error instanceof RequestBodyTooLargeError) {
+        return {
+          ok: false,
+          response: problemPayloadTooLarge(requestId, error.message, instance),
+        };
+      }
+
      return {
        ok: false,
        response: problemBadRequest(requestId, "Invalid request body", {
@@ -381,6 +379,12 @@ export const withV3ApiWrapper = <S extends TV3Schemas | undefined, TProps = unkn
        return authResult.response;
      }

+      const parsedInputResult = await parseV3Input(req, props, schemas, requestId, instance);
+      if (!parsedInputResult.ok) {
+        log.warn({ statusCode: parsedInputResult.response.status }, "V3 API request validation failed");
+        return parsedInputResult.response;
+      }
+
      const rateLimitResponse = await applyV3RateLimitOrRespond({
        authentication: authResult.authentication,
        enabled: rateLimit,
@@ -392,12 +396,6 @@ export const withV3ApiWrapper = <S extends TV3Schemas | undefined, TProps = unkn
        return rateLimitResponse;
      }

-      const parsedInputResult = await parseV3Input(req, props, schemas, requestId, instance);
-      if (!parsedInputResult.ok) {
-        log.warn({ statusCode: parsedInputResult.response.status }, "V3 API request validation failed");
-        return parsedInputResult.response;
-      }
-
      auditLog = buildV3AuditLog(authResult.authentication, action, targetType, req.url);

      const response = await handler({
@@ -3,7 +3,7 @@ import { beforeEach, describe, expect, test, vi } from "vitest";
 import { AuthorizationError } from "@formbricks/types/errors";
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import { getOrganizationIdFromWorkspaceId } from "@/lib/utils/helper";
-import { getWorkspace } from "@/lib/workspace/service";
+import { findWorkspaceByIdOrLegacyEnvId } from "@/lib/utils/resolve-client-id";
 import { requireSessionWorkspaceAccess, requireV3WorkspaceAccess } from "./auth";

 vi.mock("@formbricks/logger", () => ({
@@ -19,8 +19,8 @@ vi.mock("@/lib/utils/helper", () => ({
  getOrganizationIdFromWorkspaceId: vi.fn(),
 }));

-vi.mock("@/lib/workspace/service", () => ({
-  getWorkspace: vi.fn(),
+vi.mock("@/lib/utils/resolve-client-id", () => ({
+  findWorkspaceByIdOrLegacyEnvId: vi.fn(),
 }));

 vi.mock("@/lib/utils/action-client/action-client-middleware", () => ({
@@ -39,7 +39,7 @@ describe("requireSessionWorkspaceAccess", () => {
    expect(body.requestId).toBe(requestId);
    expect(body.status).toBe(401);
    expect(body.code).toBe("not_authenticated");
-    expect(getWorkspace).not.toHaveBeenCalled();
+    expect(findWorkspaceByIdOrLegacyEnvId).not.toHaveBeenCalled();
    expect(checkAuthorizationUpdated).not.toHaveBeenCalled();
  });

@@ -55,11 +55,11 @@ describe("requireSessionWorkspaceAccess", () => {
    const body = await (result as Response).json();
    expect(body.requestId).toBe(requestId);
    expect(body.code).toBe("not_authenticated");
-    expect(getWorkspace).not.toHaveBeenCalled();
+    expect(findWorkspaceByIdOrLegacyEnvId).not.toHaveBeenCalled();
  });

  test("returns 403 when workspace is not found (avoid leaking existence)", async () => {
-    vi.mocked(getWorkspace).mockResolvedValueOnce(null);
+    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce(null);
    const result = await requireSessionWorkspaceAccess(
      { user: { id: "user_1" }, expires: "" } as any,
      "ws_nonexistent",
@@ -72,12 +72,12 @@ describe("requireSessionWorkspaceAccess", () => {
    const body = await (result as Response).json();
    expect(body.requestId).toBe(requestId);
    expect(body.code).toBe("forbidden");
-    expect(getWorkspace).toHaveBeenCalledWith("ws_nonexistent");
+    expect(findWorkspaceByIdOrLegacyEnvId).toHaveBeenCalledWith("ws_nonexistent");
    expect(checkAuthorizationUpdated).not.toHaveBeenCalled();
  });

  test("returns 403 when user has no access to workspace", async () => {
-    vi.mocked(getWorkspace).mockResolvedValueOnce({ id: "proj_abc" } as any);
+    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce({ id: "proj_abc" });
    vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValueOnce("org_1");
    vi.mocked(checkAuthorizationUpdated).mockRejectedValueOnce(new AuthorizationError("Not authorized"));
    const result = await requireSessionWorkspaceAccess(
@@ -102,7 +102,7 @@ describe("requireSessionWorkspaceAccess", () => {
  });

  test("returns workspace context when session is valid and user has access", async () => {
-    vi.mocked(getWorkspace).mockResolvedValueOnce({ id: "proj_abc" } as any);
+    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce({ id: "proj_abc" });
    vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValueOnce("org_1");
    vi.mocked(checkAuthorizationUpdated).mockResolvedValueOnce(undefined as any);
    const result = await requireSessionWorkspaceAccess(
@@ -144,7 +144,7 @@ function wsPerm(workspaceId: string, permission: ApiKeyPermission = ApiKeyPermis

 describe("requireV3WorkspaceAccess", () => {
  beforeEach(() => {
-    vi.mocked(getWorkspace).mockResolvedValue({ id: "proj_k" } as any);
+    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValue({ id: "proj_k" });
    vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValue("org_k");
  });

@@ -154,7 +154,7 @@ describe("requireV3WorkspaceAccess", () => {
  });

  test("delegates to session flow when user is present", async () => {
-    vi.mocked(getWorkspace).mockResolvedValueOnce({ id: "proj_s" } as any);
+    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce({ id: "proj_s" });
    vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValueOnce("org_s");
    vi.mocked(checkAuthorizationUpdated).mockResolvedValueOnce(undefined as any);
    const r = await requireV3WorkspaceAccess(
@@ -179,7 +179,7 @@ describe("requireV3WorkspaceAccess", () => {
      workspaceId: "proj_k",
      organizationId: "org_k",
    });
-    expect(getWorkspace).toHaveBeenCalledWith("proj_k");
+    expect(findWorkspaceByIdOrLegacyEnvId).toHaveBeenCalledWith("proj_k");
  });

  test("returns context for API key with write on workspace", async () => {
@@ -239,7 +239,7 @@ describe("requireV3WorkspaceAccess", () => {
  });

  test("returns 403 when the workspace cannot be resolved for an API key", async () => {
-    vi.mocked(getWorkspace).mockResolvedValueOnce(null);
+    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce(null);
    const auth = {
      ...keyBase,
      workspacePermissions: [wsPerm("proj_k", ApiKeyPermission.manage)],
@@ -1,7 +1,5 @@
 import { describe, expect, test } from "vitest";
 import {
-  createdResponse,
-  noContentResponse,
  problemBadRequest,
  problemForbidden,
  problemInternalError,
@@ -15,7 +13,7 @@ import {
 describe("v3 problem responses", () => {
  test("problemBadRequest includes invalid_params", async () => {
    const res = problemBadRequest("rid", "bad", {
-      invalid_params: [{ name: "x", reason: "y", identifier: "canonical-x" }],
+      invalid_params: [{ name: "x", reason: "y" }],
      instance: "/p",
    });
    expect(res.status).toBe(400);
@@ -23,7 +21,7 @@ describe("v3 problem responses", () => {
    const body = await res.json();
    expect(body.code).toBe("bad_request");
    expect(body.requestId).toBe("rid");
-    expect(body.invalid_params).toEqual([{ name: "x", reason: "y", identifier: "canonical-x" }]);
+    expect(body.invalid_params).toEqual([{ name: "x", reason: "y" }]);
    expect(body.instance).toBe("/p");
  });

@@ -120,34 +118,3 @@ describe("successResponse", () => {
    expect(res.headers.get("Cache-Control")).toBe("private, max-age=60");
  });
 });
-
-describe("createdResponse", () => {
-  test("returns 201 with Location, request id, and data envelope", async () => {
-    const res = createdResponse(
-      { id: "survey_1" },
-      {
-        location: "/api/v3/surveys/survey_1",
-        requestId: "req-created",
-      }
-    );
-
-    expect(res.status).toBe(201);
-    expect(res.headers.get("Location")).toBe("/api/v3/surveys/survey_1");
-    expect(res.headers.get("X-Request-Id")).toBe("req-created");
-    expect(res.headers.get("Content-Type")).toBe("application/json");
-    expect(res.headers.get("Cache-Control")).toContain("no-store");
-    expect(await res.json()).toEqual({
-      data: { id: "survey_1" },
-    });
-  });
-});
-
-describe("noContentResponse", () => {
-  test("returns 204 without a body", async () => {
-    const res = noContentResponse({ requestId: "req-empty" });
-    expect(res.status).toBe(204);
-    expect(res.headers.get("X-Request-Id")).toBe("req-empty");
-    expect(res.headers.get("Cache-Control")).toContain("no-store");
-    expect(await res.text()).toBe("");
-  });
-});
@@ -6,45 +6,7 @@
 const PROBLEM_JSON = "application/problem+json" as const;
 const CACHE_NO_STORE = "private, no-store" as const;

-export const INVALID_PARAM_CODES = [
-  "dangling_reference",
-  "duplicate_identifier",
-  "duplicate_locale",
-  "forbidden_identifier",
-  "immutable_identifier",
-  "invalid_locale",
-  "invalid_reference",
-  "missing_required_field",
-  "missing_translation",
-  "unsupported_field",
-] as const;
-
-export type InvalidParamCode = (typeof INVALID_PARAM_CODES)[number];
-
-const INVALID_PARAM_CODE_SET = new Set<InvalidParamCode>(INVALID_PARAM_CODES);
-
-export function isInvalidParamCode(value: unknown): value is InvalidParamCode {
-  return typeof value === "string" && INVALID_PARAM_CODE_SET.has(value as InvalidParamCode);
-}
-
-export type InvalidParam = {
-  name: string;
-  reason: string;
-  code?: InvalidParamCode;
-  identifier?: string;
-  referenceType?:
-    | "block"
-    | "element"
-    | "ending"
-    | "hiddenField"
-    | "language"
-    | "variable"
-    | "variableName"
-    | "recall";
-  missingId?: string;
-  firstUsedAt?: string;
-  conflictsWith?: string;
-};
+export type InvalidParam = { name: string; reason: string };

 export type ProblemExtension = {
  code?: string;
@@ -109,6 +71,17 @@ export function problemBadRequest(
  });
 }

+export function problemPayloadTooLarge(
+  requestId: string,
+  detail: string = "Payload Too Large",
+  instance?: string
+): Response {
+  return problemResponse(413, "Payload Too Large", detail, requestId, {
+    code: "payload_too_large",
+    instance,
+  });
+}
+
 export function problemUnauthorized(
  requestId: string,
  detail: string = "Not authenticated",
@@ -209,43 +182,3 @@ export function successResponse<T>(
    }
  );
 }
-
-export function createdResponse<T>(
-  data: T,
-  options: { location: string; requestId?: string; cache?: string }
-): Response {
-  const headers: Record<string, string> = {
-    "Content-Type": "application/json",
-    "Cache-Control": options.cache ?? CACHE_NO_STORE,
-    Location: options.location,
-  };
-
-  if (options.requestId) {
-    headers["X-Request-Id"] = options.requestId;
-  }
-
-  return Response.json(
-    {
-      data,
-    },
-    {
-      status: 201,
-      headers,
-    }
-  );
-}
-
-export function noContentResponse(options?: { requestId?: string; cache?: string }): Response {
-  const headers: Record<string, string> = {
-    "Cache-Control": options?.cache ?? CACHE_NO_STORE,
-  };
-
-  if (options?.requestId) {
-    headers["X-Request-Id"] = options.requestId;
-  }
-
-  return new Response(null, {
-    status: 204,
-    headers,
-  });
-}
@@ -1,34 +1,45 @@
 import { describe, expect, test, vi } from "vitest";
 import { ResourceNotFoundError } from "@formbricks/types/errors";
 import { getOrganizationIdFromWorkspaceId } from "@/lib/utils/helper";
-import { getWorkspace } from "@/lib/workspace/service";
+import { findWorkspaceByIdOrLegacyEnvId } from "@/lib/utils/resolve-client-id";
 import { resolveV3WorkspaceContext } from "./workspace-context";

-vi.mock("@/lib/workspace/service", () => ({
-  getWorkspace: vi.fn(),
-}));
-
 vi.mock("@/lib/utils/helper", () => ({
  getOrganizationIdFromWorkspaceId: vi.fn(),
 }));

+vi.mock("@/lib/utils/resolve-client-id", () => ({
+  findWorkspaceByIdOrLegacyEnvId: vi.fn(),
+}));
+
 describe("resolveV3WorkspaceContext", () => {
  test("returns workspaceId and organizationId when workspace exists", async () => {
-    vi.mocked(getWorkspace).mockResolvedValueOnce({ id: "ws_abc" });
+    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce({ id: "ws_abc" });
    vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValueOnce("org_123");
    const result = await resolveV3WorkspaceContext("ws_abc");
    expect(result).toEqual({
      workspaceId: "ws_abc",
      organizationId: "org_123",
    });
-    expect(getWorkspace).toHaveBeenCalledWith("ws_abc");
+    expect(findWorkspaceByIdOrLegacyEnvId).toHaveBeenCalledWith("ws_abc");
    expect(getOrganizationIdFromWorkspaceId).toHaveBeenCalledWith("ws_abc");
  });

+  test("resolves legacy environmentId to canonical workspaceId", async () => {
+    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce({ id: "ws_canonical" });
+    vi.mocked(getOrganizationIdFromWorkspaceId).mockResolvedValueOnce("org_456");
+    const result = await resolveV3WorkspaceContext("env_legacy");
+    expect(result).toEqual({
+      workspaceId: "ws_canonical",
+      organizationId: "org_456",
+    });
+    expect(getOrganizationIdFromWorkspaceId).toHaveBeenCalledWith("ws_canonical");
+  });
+
  test("throws when workspace does not exist", async () => {
-    vi.mocked(getWorkspace).mockResolvedValueOnce(null);
+    vi.mocked(findWorkspaceByIdOrLegacyEnvId).mockResolvedValueOnce(null);
    await expect(resolveV3WorkspaceContext("ws_nonexistent")).rejects.toThrow(ResourceNotFoundError);
-    expect(getWorkspace).toHaveBeenCalledWith("ws_nonexistent");
+    expect(findWorkspaceByIdOrLegacyEnvId).toHaveBeenCalledWith("ws_nonexistent");
    expect(getOrganizationIdFromWorkspaceId).not.toHaveBeenCalled();
  });
 });
@@ -6,7 +6,7 @@
 */
 import { ResourceNotFoundError } from "@formbricks/types/errors";
 import { getOrganizationIdFromWorkspaceId } from "@/lib/utils/helper";
-import { getWorkspace } from "@/lib/workspace/service";
+import { findWorkspaceByIdOrLegacyEnvId } from "@/lib/utils/resolve-client-id";

 /**
 * Internal IDs derived from a V3 workspace identifier.
@@ -19,20 +19,21 @@ export type V3WorkspaceContext = {
 };

 /**
- * Resolves a V3 API workspaceId to internal workspaceId and organizationId.
+ * Resolves a V3 API workspaceId (or legacy environmentId) to internal workspaceId and organizationId.
 *
 * @throws ResourceNotFoundError if the workspace does not exist.
 */
 export async function resolveV3WorkspaceContext(workspaceId: string): Promise<V3WorkspaceContext> {
-  const workspace = await getWorkspace(workspaceId);
+  const workspace = await findWorkspaceByIdOrLegacyEnvId(workspaceId);
  if (!workspace) {
    throw new ResourceNotFoundError("workspace", workspaceId);
  }

-  const organizationId = await getOrganizationIdFromWorkspaceId(workspace.id);
+  const canonicalId = workspace.id;
+  const organizationId = await getOrganizationIdFromWorkspaceId(canonicalId);

  return {
-    workspaceId: workspace.id,
+    workspaceId: canonicalId,
    organizationId,
  };
 }
@@ -1,16 +1,32 @@
-import type { Session } from "next-auth";
+import { ApiKeyPermission } from "@prisma/client";
 import { NextRequest } from "next/server";
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import { DatabaseError } from "@formbricks/types/errors";
-import type { TSurvey } from "@formbricks/types/surveys/types";
-import { patchV3Survey } from "../patch";
-import { V3SurveyReferenceValidationError } from "../reference-validation";
-import { PATCH } from "./route";
+import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
+import { getSurvey } from "@/lib/survey/service";
+import { deleteSurvey } from "@/modules/survey/lib/surveys";
+import { DELETE } from "./route";

 const { mockAuthenticateRequest } = vi.hoisted(() => ({
  mockAuthenticateRequest: vi.fn(),
 }));

+const { mockQueueAuditEvent, mockBuildAuditLogBaseObject } = vi.hoisted(() => ({
+  mockQueueAuditEvent: vi.fn().mockImplementation(async () => undefined),
+  mockBuildAuditLogBaseObject: vi.fn((action: string, targetType: string, apiUrl: string) => ({
+    action,
+    targetType,
+    userId: "unknown",
+    targetId: "unknown",
+    organizationId: "unknown",
+    status: "failure",
+    oldObject: undefined,
+    newObject: undefined,
+    userType: "api",
+    apiUrl,
+  })),
+}));
+
 vi.mock("next-auth", () => ({
  getServerSession: vi.fn(),
 }));
@@ -30,18 +46,26 @@ vi.mock("@/lib/constants", async (importOriginal) => {
  return { ...actual, AUDIT_LOG_ENABLED: false };
 });

-vi.mock("../authorization", () => ({
-  getAuthorizedV3Survey: vi.fn(),
+vi.mock("@/app/api/v3/lib/auth", () => ({
+  requireV3WorkspaceAccess: vi.fn(),
 }));

-vi.mock("../patch", () => ({
-  patchV3Survey: vi.fn(),
+vi.mock("@/lib/survey/service", () => ({
+  getSurvey: vi.fn(),
 }));

 vi.mock("@/modules/survey/lib/surveys", () => ({
  deleteSurvey: vi.fn(),
 }));

+vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
+  queueAuditEvent: mockQueueAuditEvent,
+}));
+
+vi.mock("@/app/lib/api/with-api-logging", () => ({
+  buildAuditLogBaseObject: mockBuildAuditLogBaseObject,
+}));
+
 vi.mock("@formbricks/logger", () => ({
  logger: {
    withContext: vi.fn(() => ({
@@ -52,253 +76,243 @@ vi.mock("@formbricks/logger", () => ({
 }));

 const getServerSession = vi.mocked((await import("next-auth")).getServerSession);
-const { getAuthorizedV3Survey } = await import("../authorization");
+const queueAuditEvent = vi.mocked((await import("@/modules/ee/audit-logs/lib/handler")).queueAuditEvent);

-const surveyId = "clsv1234567890123456789012";
-const workspaceId = "clxx1234567890123456789012";
-type PatchRouteContext = { params: Promise<{ surveyId: string }> };
+const surveyId = "clxx1234567890123456789012";
+const workspaceId = "clzz9876543210987654321098";

-const testSession: Session = {
-  user: { id: "user_1", name: "User", email: "user@example.com" },
-  expires: "2026-01-01",
+function createRequest(url: string, requestId?: string, extraHeaders?: Record<string, string>): NextRequest {
+  const headers: Record<string, string> = { ...extraHeaders };
+  if (requestId) {
+    headers["x-request-id"] = requestId;
+  }
+
+  return new NextRequest(url, {
+    method: "DELETE",
+    headers,
+  });
+}
+
+const apiKeyAuth = {
+  type: "apiKey" as const,
+  apiKeyId: "key_1",
+  organizationId: "org_1",
+  organizationAccess: {
+    accessControl: { read: true, write: true },
+  },
+  workspacePermissions: [
+    {
+      workspaceId,
+      workspaceName: "W",
+      permission: ApiKeyPermission.write,
+    },
+  ],
 };

-const survey = {
-  id: surveyId,
-  workspaceId,
-  createdAt: new Date("2026-04-21T10:00:00.000Z"),
-  updatedAt: new Date("2026-04-21T10:00:00.000Z"),
-  name: "Product Feedback",
-  type: "link",
-  status: "draft",
-  metadata: {},
-  languages: [
-    {
-      language: {
-        id: "cllangenus000000000000000",
-        code: "en-US",
-        alias: null,
-        workspaceId,
-        createdAt: new Date("2026-04-21T10:00:00.000Z"),
-        updatedAt: new Date("2026-04-21T10:00:00.000Z"),
-      },
-      default: true,
-      enabled: true,
-    },
-  ],
-  questions: [],
-  welcomeCard: { enabled: false },
-  blocks: [
-    {
-      id: "clbk1234567890123456789012",
-      name: "Main Block",
-      elements: [
-        {
-          id: "feedback",
-          type: "openText",
-          headline: { default: "What should we improve?" },
-          required: true,
-        },
-      ],
-    },
-  ],
-  endings: [],
-  hiddenFields: { enabled: false },
-  variables: [],
-} as unknown as TSurvey;
-
-function createPatchRequest(body: unknown, url = `http://localhost/api/v3/surveys/${surveyId}`): NextRequest {
-  return createRawPatchRequest(JSON.stringify(body), url);
-}
-
-function createRawPatchRequest(
-  body: string,
-  url = `http://localhost/api/v3/surveys/${surveyId}`
-): NextRequest {
-  return new NextRequest(url, {
-    method: "PATCH",
-    body,
-    headers: {
-      "content-type": "application/json",
-      "x-request-id": "req_1",
-    },
-  });
-}
-
-function createPatchContext(id = surveyId): PatchRouteContext {
-  return { params: Promise.resolve({ surveyId: id }) };
-}
-
-describe("PATCH /api/v3/surveys/[surveyId]", () => {
+describe("DELETE /api/v3/surveys/[surveyId]", () => {
  beforeEach(() => {
    vi.resetAllMocks();
-    getServerSession.mockResolvedValue(testSession);
+    getServerSession.mockResolvedValue({
+      user: { id: "user_1", name: "User", email: "u@example.com" },
+      expires: "2026-01-01",
+    } as any);
    mockAuthenticateRequest.mockResolvedValue(null);
-    vi.mocked(getAuthorizedV3Survey).mockResolvedValue({
-      survey,
-      authResult: { workspaceId, organizationId: "org_1" },
-      response: null,
-    });
-    vi.mocked(patchV3Survey).mockResolvedValue({ ...survey, name: "Updated Feedback" } as TSurvey);
-  });
-
-  test("returns the normalized updated survey resource", async () => {
-    const res = await PATCH(createPatchRequest({ name: "Updated Feedback" }), createPatchContext());
-
-    expect(res.status).toBe(200);
-    expect(res.headers.get("Cache-Control")).toBe("private, no-store");
-    expect(patchV3Survey).toHaveBeenCalledWith(survey, { name: "Updated Feedback" }, "req_1", "org_1");
-    const body = await res.json();
-    expect(body.data).toMatchObject({
+    vi.mocked(getSurvey).mockResolvedValue({
+      id: surveyId,
+      name: "Delete me",
+      workspaceId: workspaceId,
+      type: "link",
+      status: "draft",
+      createdAt: new Date("2026-04-15T10:00:00.000Z"),
+      updatedAt: new Date("2026-04-15T10:00:00.000Z"),
+      responseCount: 0,
+      creator: { name: "User" },
+      singleUse: null,
+    } as any);
+    vi.mocked(deleteSurvey).mockResolvedValue({
      id: surveyId,
      workspaceId,
-      name: "Updated Feedback",
-      defaultLanguage: "en-US",
+      type: "link",
+      segment: null,
+      triggers: [],
+    } as any);
+    vi.mocked(requireV3WorkspaceAccess).mockResolvedValue({
+      workspaceId,
+      organizationId: "org_1",
    });
  });

-  test("rejects unsupported query parameters before patching", async () => {
-    const res = await PATCH(
-      createPatchRequest(
-        { name: "Updated Feedback" },
-        `http://localhost/api/v3/surveys/${surveyId}?lang=de-DE`
-      ),
-      createPatchContext()
-    );
-
-    expect(res.status).toBe(400);
-    expect(patchV3Survey).not.toHaveBeenCalled();
+  afterEach(() => {
+    vi.clearAllMocks();
  });

-  test("returns 400 for malformed JSON before patching", async () => {
-    const res = await PATCH(createRawPatchRequest("{"), createPatchContext());
-
-    expect(res.status).toBe(400);
-    const body = await res.json();
-    expect(body.invalid_params).toEqual([
-      {
-        name: "body",
-        reason: "Malformed JSON input, please check your request body",
-      },
-    ]);
-    expect(patchV3Survey).not.toHaveBeenCalled();
-  });
-
-  test("returns 401 when authentication is missing", async () => {
+  test("returns 401 when no session and no API key", async () => {
    getServerSession.mockResolvedValue(null);
    mockAuthenticateRequest.mockResolvedValue(null);

-    const res = await PATCH(createPatchRequest({ name: "Updated Feedback" }), createPatchContext());
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`), {
+      params: Promise.resolve({ surveyId }),
+    } as never);

    expect(res.status).toBe(401);
-    expect(getAuthorizedV3Survey).not.toHaveBeenCalled();
-    expect(patchV3Survey).not.toHaveBeenCalled();
+    expect(vi.mocked(getSurvey)).not.toHaveBeenCalled();
  });

-  test("returns structured validation errors from the patch pipeline", async () => {
-    vi.mocked(patchV3Survey).mockRejectedValue(
-      new V3SurveyReferenceValidationError([
-        {
-          name: "defaultLanguage",
-          reason: "Unsupported field 'defaultLanguage'",
-          code: "unsupported_field",
-        },
-      ])
+  test("returns 200 with session auth and deletes the survey", async () => {
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-delete"), {
+      params: Promise.resolve({ surveyId }),
+    } as never);
+
+    expect(res.status).toBe(200);
+    expect(requireV3WorkspaceAccess).toHaveBeenCalledWith(
+      expect.objectContaining({ user: expect.any(Object) }),
+      workspaceId,
+      "readWrite",
+      "req-delete",
+      `/api/v3/surveys/${surveyId}`
+    );
+    expect(deleteSurvey).toHaveBeenCalledWith(surveyId);
+    expect(await res.json()).toEqual({
+      data: {
+        id: surveyId,
+      },
+    });
+  });
+
+  test("returns 200 with x-api-key when the key can delete in the survey workspace", async () => {
+    getServerSession.mockResolvedValue(null);
+    mockAuthenticateRequest.mockResolvedValue(apiKeyAuth as any);
+
+    const res = await DELETE(
+      createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-api-key", {
+        "x-api-key": "fbk_test",
+      }),
+      {
+        params: Promise.resolve({ surveyId }),
+      } as never
    );

-    const res = await PATCH(createPatchRequest({ defaultLanguage: "de-DE" }), createPatchContext());
-
-    expect(res.status).toBe(400);
-    const body = await res.json();
-    expect(body.invalid_params).toEqual([
-      {
-        name: "defaultLanguage",
-        reason: "Unsupported field 'defaultLanguage'",
-        code: "unsupported_field",
-      },
-    ]);
-  });
-
-  test("returns structured validation errors for empty patch bodies", async () => {
-    vi.mocked(patchV3Survey).mockRejectedValue(
-      new V3SurveyReferenceValidationError([
-        {
-          name: "data",
-          reason: "Request body must include at least one updatable field",
-        },
-      ])
+    expect(res.status).toBe(200);
+    expect(requireV3WorkspaceAccess).toHaveBeenCalledWith(
+      expect.objectContaining({ apiKeyId: "key_1" }),
+      workspaceId,
+      "readWrite",
+      "req-api-key",
+      `/api/v3/surveys/${surveyId}`
    );
-
-    const res = await PATCH(createPatchRequest({}), createPatchContext());
-
-    expect(res.status).toBe(400);
-    const body = await res.json();
-    expect(body.invalid_params).toEqual([
-      {
-        name: "data",
-        reason: "Request body must include at least one updatable field",
-      },
-    ]);
  });

-  test("returns structured validation errors for invalid references", async () => {
-    vi.mocked(patchV3Survey).mockRejectedValue(
-      new V3SurveyReferenceValidationError([
-        {
-          name: "blocks.0.logicFallback",
-          reason: "Logic fallback target 'missing_block' is not defined in blocks or endings",
-          code: "dangling_reference",
-          identifier: "missing_block",
-          referenceType: "block",
-          missingId: "missing_block",
-        },
-      ])
-    );
-
-    const res = await PATCH(createPatchRequest({ blocks: [] }), createPatchContext());
+  test("returns 400 when surveyId is invalid", async () => {
+    const res = await DELETE(createRequest("http://localhost/api/v3/surveys/not-a-cuid"), {
+      params: Promise.resolve({ surveyId: "not-a-cuid" }),
+    } as never);

    expect(res.status).toBe(400);
-    const body = await res.json();
-    expect(body.invalid_params).toEqual([
-      {
-        name: "blocks.0.logicFallback",
-        reason: "Logic fallback target 'missing_block' is not defined in blocks or endings",
-        code: "dangling_reference",
-        identifier: "missing_block",
-        referenceType: "block",
-        missingId: "missing_block",
-      },
-    ]);
+    expect(vi.mocked(getSurvey)).not.toHaveBeenCalled();
  });

-  test("returns 403 for missing or inaccessible surveys", async () => {
-    vi.mocked(getAuthorizedV3Survey).mockResolvedValue({
-      survey: null,
-      authResult: null,
-      response: new Response(
+  test("returns 403 when the survey does not exist", async () => {
+    vi.mocked(getSurvey).mockResolvedValueOnce(null);
+
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`), {
+      params: Promise.resolve({ surveyId }),
+    } as never);
+
+    expect(res.status).toBe(403);
+    expect(deleteSurvey).not.toHaveBeenCalled();
+  });
+
+  test("returns 403 when the user lacks readWrite workspace access", async () => {
+    vi.mocked(requireV3WorkspaceAccess).mockResolvedValueOnce(
+      new Response(
        JSON.stringify({
          title: "Forbidden",
          status: 403,
          detail: "You are not authorized to access this resource",
-          requestId: "req_1",
+          requestId: "req-forbidden",
        }),
        { status: 403, headers: { "Content-Type": "application/problem+json" } }
-      ),
-    });
+      )
+    );

-    const res = await PATCH(createPatchRequest({ name: "Updated Feedback" }), createPatchContext());
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-forbidden"), {
+      params: Promise.resolve({ surveyId }),
+    } as never);

    expect(res.status).toBe(403);
-    expect(patchV3Survey).not.toHaveBeenCalled();
+    expect(deleteSurvey).not.toHaveBeenCalled();
+    expect(queueAuditEvent).toHaveBeenCalledWith(
+      expect.objectContaining({
+        action: "deleted",
+        targetType: "survey",
+        targetId: "unknown",
+        organizationId: "unknown",
+        userId: "user_1",
+        userType: "user",
+        status: "failure",
+        oldObject: undefined,
+      })
+    );
  });

-  test("returns 500 for database errors", async () => {
-    vi.mocked(patchV3Survey).mockRejectedValue(new DatabaseError("database unavailable"));
+  test("returns 500 when survey deletion fails", async () => {
+    vi.mocked(deleteSurvey).mockRejectedValueOnce(new DatabaseError("db down"));

-    const res = await PATCH(createPatchRequest({ name: "Updated Feedback" }), createPatchContext());
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-db"), {
+      params: Promise.resolve({ surveyId }),
+    } as never);

    expect(res.status).toBe(500);
    const body = await res.json();
    expect(body.code).toBe("internal_server_error");
  });
+
+  test("returns 403 when the survey is deleted after authorization succeeds", async () => {
+    vi.mocked(deleteSurvey).mockRejectedValueOnce(new ResourceNotFoundError("Survey", surveyId));
+
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-race"), {
+      params: Promise.resolve({ surveyId }),
+    } as never);
+
+    expect(res.status).toBe(403);
+    const body = await res.json();
+    expect(body.code).toBe("forbidden");
+    expect(queueAuditEvent).toHaveBeenCalledWith(
+      expect.objectContaining({
+        action: "deleted",
+        targetType: "survey",
+        targetId: surveyId,
+        organizationId: "org_1",
+        userId: "user_1",
+        userType: "user",
+        status: "failure",
+        oldObject: expect.objectContaining({
+          id: surveyId,
+          workspaceId: workspaceId,
+        }),
+      })
+    );
+  });
+
+  test("queues an audit log with target, actor, organization, and old object", async () => {
+    await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-audit"), {
+      params: Promise.resolve({ surveyId }),
+    } as never);
+
+    expect(queueAuditEvent).toHaveBeenCalledWith(
+      expect.objectContaining({
+        action: "deleted",
+        targetType: "survey",
+        targetId: surveyId,
+        organizationId: "org_1",
+        userId: "user_1",
+        userType: "user",
+        status: "success",
+        oldObject: expect.objectContaining({
+          id: surveyId,
+          workspaceId: workspaceId,
+        }),
+      })
+    );
+  });
 });
@@ -2,245 +2,42 @@ import { z } from "zod";
 import { logger } from "@formbricks/logger";
 import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { withV3ApiWrapper } from "@/app/api/v3/lib/api-wrapper";
-import {
-  noContentResponse,
-  problemBadRequest,
-  problemForbidden,
-  problemInternalError,
-  successResponse,
-} from "@/app/api/v3/lib/response";
-import {
-  V3SurveyLanguageError,
-  V3SurveyUnsupportedShapeError,
-  serializeV3SurveyResource,
-} from "@/app/api/v3/surveys/serializers";
+import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
+import { problemForbidden, problemInternalError, successResponse } from "@/app/api/v3/lib/response";
+import { getSurvey } from "@/lib/survey/service";
 import { deleteSurvey } from "@/modules/survey/lib/surveys";
-import { getAuthorizedV3Survey } from "../authorization";
-import { parseV3SurveyLanguageQuery } from "../language";
-import { patchV3Survey } from "../patch";
-import { V3SurveyReferenceValidationError } from "../reference-validation";
-import { ZV3EmptyQuery } from "../schemas";
-import { V3SurveyWritePermissionError } from "../write-permissions";
-
-const surveyParamsSchema = z.object({
-  surveyId: z.cuid2(),
-});
-
-const surveyQuerySchema = z
-  .object({
-    lang: z
-      .union([z.string(), z.array(z.string())])
-      .transform((value, ctx) => {
-        const parsedLanguageQuery = parseV3SurveyLanguageQuery(value);
-
-        if (!parsedLanguageQuery.ok) {
-          ctx.addIssue({
-            code: "custom",
-            message: parsedLanguageQuery.message,
-          });
-          return z.NEVER;
-        }
-
-        return parsedLanguageQuery.languages;
-      })
-      .optional(),
-  })
-  .strict();
-
-export const GET = withV3ApiWrapper({
-  auth: "both",
-  schemas: {
-    params: surveyParamsSchema,
-    query: surveyQuerySchema,
-  },
-  handler: async ({ parsedInput, authentication, requestId, instance }) => {
-    const surveyId = parsedInput.params.surveyId;
-    const log = logger.withContext({ requestId, surveyId });
-
-    try {
-      const { survey, response } = await getAuthorizedV3Survey({
-        surveyId,
-        authentication,
-        access: "read",
-        requestId,
-        instance,
-      });
-
-      if (response) {
-        log.warn({ statusCode: response.status }, "Survey not found or not accessible");
-        return response;
-      }
-
-      try {
-        return successResponse(serializeV3SurveyResource(survey, { lang: parsedInput.query.lang }), {
-          requestId,
-          cache: "private, no-store",
-        });
-      } catch (error) {
-        if (error instanceof V3SurveyLanguageError) {
-          log.warn({ statusCode: 400, lang: parsedInput.query.lang }, "Invalid survey language selector");
-          return problemBadRequest(requestId, error.message, {
-            instance,
-            invalid_params: [
-              {
-                name: "lang",
-                reason: error.message,
-                ...(error.normalizedCode && { identifier: error.normalizedCode }),
-              },
-            ],
-          });
-        }
-
-        if (error instanceof V3SurveyUnsupportedShapeError) {
-          log.warn({ statusCode: 400 }, "Unsupported v3 survey shape");
-          return problemBadRequest(requestId, error.message, {
-            instance,
-            invalid_params: [
-              {
-                name: "survey",
-                reason: error.message,
-              },
-            ],
-          });
-        }
-
-        throw error;
-      }
-    } catch (error) {
-      if (error instanceof DatabaseError) {
-        log.error({ error, statusCode: 500 }, "Database error");
-        return problemInternalError(requestId, "An unexpected error occurred.", instance);
-      }
-
-      log.error({ error, statusCode: 500 }, "V3 survey get unexpected error");
-      return problemInternalError(requestId, "An unexpected error occurred.", instance);
-    }
-  },
-});
-
-export const PATCH = withV3ApiWrapper({
-  auth: "both",
-  action: "updated",
-  targetType: "survey",
-  schemas: {
-    params: surveyParamsSchema,
-    query: ZV3EmptyQuery,
-    body: z.unknown(),
-  },
-  handler: async ({ parsedInput, authentication, requestId, instance, auditLog }) => {
-    const surveyId = parsedInput.params.surveyId;
-    const log = logger.withContext({ requestId, surveyId });
-    let workspaceId: string | undefined;
-
-    try {
-      const { survey, authResult, response } = await getAuthorizedV3Survey({
-        surveyId,
-        authentication,
-        access: "readWrite",
-        requestId,
-        instance,
-      });
-
-      if (response) {
-        log.warn({ statusCode: response.status }, "Survey not found or not accessible");
-        return response;
-      }
-
-      workspaceId = survey.workspaceId;
-      const updatedSurvey = await patchV3Survey(
-        survey,
-        parsedInput.body,
-        requestId,
-        authResult.organizationId
-      );
-      const resource = serializeV3SurveyResource(updatedSurvey);
-
-      if (auditLog) {
-        auditLog.targetId = updatedSurvey.id;
-        auditLog.organizationId = authResult.organizationId;
-        auditLog.oldObject = serializeV3SurveyResource(survey);
-        auditLog.newObject = resource;
-      }
-
-      return successResponse(resource, {
-        requestId,
-        cache: "private, no-store",
-      });
-    } catch (error) {
-      if (error instanceof V3SurveyReferenceValidationError) {
-        log.warn(
-          { statusCode: 400, workspaceId, invalidParamCount: error.invalidParams.length },
-          "Survey document validation failed"
-        );
-        return problemBadRequest(requestId, "Invalid survey document", {
-          invalid_params: error.invalidParams,
-          instance,
-        });
-      }
-
-      if (error instanceof V3SurveyUnsupportedShapeError) {
-        log.warn({ statusCode: 400, workspaceId, errorCode: error.name }, "Unsupported v3 survey shape");
-        return problemBadRequest(requestId, error.message, {
-          instance,
-          invalid_params: [
-            {
-              name: "survey",
-              reason: error.message,
-            },
-          ],
-        });
-      }
-
-      if (error instanceof V3SurveyWritePermissionError) {
-        log.warn(
-          { statusCode: 403, workspaceId, errorCode: error.name },
-          "Survey patch permission check failed"
-        );
-        return problemForbidden(requestId, error.message, instance);
-      }
-
-      if (error instanceof ResourceNotFoundError) {
-        log.warn(
-          { errorCode: error.name, workspaceId, statusCode: 403 },
-          "Survey not found or not accessible"
-        );
-        return problemForbidden(requestId, "You are not authorized to access this resource", instance);
-      }
-
-      if (error instanceof DatabaseError) {
-        log.error({ error, workspaceId, statusCode: 500 }, "Database error");
-        return problemInternalError(requestId, "An unexpected error occurred.", instance);
-      }
-
-      log.error({ error, workspaceId, statusCode: 500 }, "V3 survey patch unexpected error");
-      return problemInternalError(requestId, "An unexpected error occurred.", instance);
-    }
-  },
-});

 export const DELETE = withV3ApiWrapper({
  auth: "both",
  action: "deleted",
  targetType: "survey",
  schemas: {
-    params: surveyParamsSchema,
+    params: z.object({
+      surveyId: z.cuid2(),
+    }),
  },
  handler: async ({ parsedInput, authentication, requestId, instance, auditLog }) => {
    const surveyId = parsedInput.params.surveyId;
    const log = logger.withContext({ requestId, surveyId });

    try {
-      const { survey, authResult, response } = await getAuthorizedV3Survey({
-        surveyId,
-        authentication,
-        access: "readWrite",
-        requestId,
-        instance,
-      });
+      const survey = await getSurvey(surveyId);

-      if (response) {
+      if (!survey) {
        log.warn({ statusCode: 403 }, "Survey not found or not accessible");
-        return response;
+        return problemForbidden(requestId, "You are not authorized to access this resource", instance);
+      }
+
+      const authResult = await requireV3WorkspaceAccess(
+        authentication,
+        survey.workspaceId,
+        "readWrite",
+        requestId,
+        instance
+      );
+
+      if (authResult instanceof Response) {
+        return authResult;
      }

      if (auditLog) {
@@ -249,9 +46,14 @@ export const DELETE = withV3ApiWrapper({
        auditLog.oldObject = survey;
      }

-      await deleteSurvey(surveyId);
+      const deletedSurvey = await deleteSurvey(surveyId);

-      return noContentResponse({ requestId });
+      return successResponse(
+        {
+          id: deletedSurvey.id,
+        },
+        { requestId }
+      );
    } catch (error) {
      if (error instanceof ResourceNotFoundError) {
        log.warn({ errorCode: error.name, statusCode: 403 }, "Survey not found or not accessible");
@@ -1,71 +0,0 @@
-import { describe, expect, test, vi } from "vitest";
-import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
-import { getSurvey } from "@/lib/survey/service";
-import { getAuthorizedV3Survey } from "./authorization";
-
-vi.mock("@/app/api/v3/lib/auth", () => ({
-  requireV3WorkspaceAccess: vi.fn(),
-}));
-
-vi.mock("@/lib/survey/service", () => ({
-  getSurvey: vi.fn(),
-}));
-
-const survey = {
-  id: "clsv1234567890123456789012",
-  workspaceId: "clxx1234567890123456789012",
-};
-const surveyRecord = survey as unknown as NonNullable<Awaited<ReturnType<typeof getSurvey>>>;
-
-describe("getAuthorizedV3Survey", () => {
-  test("returns a generic forbidden response when the survey does not exist", async () => {
-    vi.mocked(getSurvey).mockResolvedValue(null);
-
-    const result = await getAuthorizedV3Survey({
-      surveyId: survey.id,
-      authentication: null,
-      access: "read",
-      requestId: "req_1",
-      instance: "/api/v3/surveys/clsv1234567890123456789012",
-    });
-
-    expect(result.response?.status).toBe(403);
-    expect(requireV3WorkspaceAccess).not.toHaveBeenCalled();
-  });
-
-  test("returns the authorization response when workspace access is denied", async () => {
-    const forbiddenResponse = new Response(null, { status: 403 });
-    vi.mocked(getSurvey).mockResolvedValue(surveyRecord);
-    vi.mocked(requireV3WorkspaceAccess).mockResolvedValue(forbiddenResponse);
-
-    const result = await getAuthorizedV3Survey({
-      surveyId: survey.id,
-      authentication: null,
-      access: "readWrite",
-      requestId: "req_2",
-      instance: "/api/v3/surveys/clsv1234567890123456789012",
-    });
-
-    expect(result.response).toBe(forbiddenResponse);
-  });
-
-  test("returns the survey and authorization context when access is allowed", async () => {
-    const authResult = { workspaceId: survey.workspaceId, organizationId: "org_1" };
-    vi.mocked(getSurvey).mockResolvedValue(surveyRecord);
-    vi.mocked(requireV3WorkspaceAccess).mockResolvedValue(authResult);
-
-    const result = await getAuthorizedV3Survey({
-      surveyId: survey.id,
-      authentication: null,
-      access: "read",
-      requestId: "req_3",
-      instance: "/api/v3/surveys/clsv1234567890123456789012",
-    });
-
-    expect(result).toEqual({
-      survey,
-      authResult,
-      response: null,
-    });
-  });
-});
@@ -1,37 +0,0 @@
-import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
-import { problemForbidden } from "@/app/api/v3/lib/response";
-import type { TV3Authentication } from "@/app/api/v3/lib/types";
-import { getSurvey } from "@/lib/survey/service";
-
-export async function getAuthorizedV3Survey(params: {
-  surveyId: string;
-  authentication: TV3Authentication;
-  access: "read" | "readWrite";
-  requestId: string;
-  instance: string;
-}) {
-  const { surveyId, authentication, access, requestId, instance } = params;
-  const survey = await getSurvey(surveyId);
-
-  if (!survey) {
-    return {
-      survey: null,
-      authResult: null,
-      response: problemForbidden(requestId, "You are not authorized to access this resource", instance),
-    };
-  }
-
-  const authResult = await requireV3WorkspaceAccess(
-    authentication,
-    survey.workspaceId,
-    access,
-    requestId,
-    instance
-  );
-
-  if (authResult instanceof Response) {
-    return { survey: null, authResult: null, response: authResult };
-  }
-
-  return { survey, authResult, response: null };
-}
@@ -1,262 +0,0 @@
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import { prisma } from "@formbricks/database";
-import type { TSurvey } from "@formbricks/types/surveys/types";
-import { getOrganizationByWorkspaceId } from "@/lib/organization/service";
-import { createSurvey } from "@/lib/survey/service";
-import { getExternalUrlsPermission } from "@/modules/survey/lib/permission";
-import { V3SurveyCreatePermissionError, createV3Survey } from "./create";
-import { ZV3CreateSurveyBody } from "./schemas";
-
-vi.mock("server-only", () => ({}));
-
-vi.mock("@formbricks/database", () => ({
-  prisma: {
-    language: {
-      upsert: vi.fn(),
-    },
-  },
-}));
-
-vi.mock("@/lib/survey/service", () => ({
-  createSurvey: vi.fn(),
-}));
-
-vi.mock("@/lib/organization/service", () => ({
-  getOrganizationByWorkspaceId: vi.fn(),
-}));
-
-vi.mock("@/modules/survey/lib/permission", () => ({
-  getExternalUrlsPermission: vi.fn(),
-}));
-
-vi.mock("@formbricks/logger", () => ({
-  logger: {
-    withContext: vi.fn(() => ({
-      error: vi.fn(),
-      warn: vi.fn(),
-    })),
-  },
-}));
-
-const workspaceId = "clxx1234567890123456789012";
-
-const rawCreateBody = {
-  workspaceId,
-  name: "Product Feedback",
-  defaultLanguage: "en-US",
-  metadata: {
-    cx_operation: "enterprise_onboarding",
-    title: { "en-US": "Product Feedback", "de-DE": "Produktfeedback" },
-  },
-  blocks: [
-    {
-      id: "clbk1234567890123456789012",
-      name: "Main Block",
-      elements: [
-        {
-          id: "satisfaction",
-          type: "openText",
-          headline: {
-            "en-US": "What should we improve?",
-            "de-DE": "Was sollen wir verbessern?",
-          },
-          required: true,
-        },
-      ],
-    },
-  ],
-};
-
-const createBody = ZV3CreateSurveyBody.parse(rawCreateBody);
-
-const createdSurvey = {
-  id: "clsv1234567890123456789012",
-  workspaceId,
-  createdAt: new Date("2026-04-21T10:00:00.000Z"),
-  updatedAt: new Date("2026-04-21T10:00:00.000Z"),
-  name: "Product Feedback",
-  type: "link",
-  status: "draft",
-  metadata: {},
-  languages: [],
-  questions: [],
-  welcomeCard: { enabled: false },
-  blocks: createBody.blocks,
-  endings: [],
-  hiddenFields: { enabled: false },
-  variables: [],
-} as unknown as TSurvey;
-
-type TLanguageUpsertArgs = Parameters<typeof prisma.language.upsert>[0];
-type TLanguageUpsertReturn = ReturnType<typeof prisma.language.upsert>;
-
-describe("createV3Survey", () => {
-  beforeEach(() => {
-    vi.resetAllMocks();
-    vi.mocked(prisma.language.upsert).mockImplementation(
-      (args: TLanguageUpsertArgs): TLanguageUpsertReturn => {
-        const workspaceIdCode = args.where.workspaceId_code;
-        if (!workspaceIdCode) {
-          throw new Error("Expected workspaceId_code upsert selector");
-        }
-
-        return Promise.resolve({
-          id: `cllang${workspaceIdCode.code.toLowerCase().replaceAll("-", "")}`,
-          code: workspaceIdCode.code,
-          alias: null,
-          workspaceId: workspaceIdCode.workspaceId,
-          createdAt: new Date("2026-04-21T10:00:00.000Z"),
-          updatedAt: new Date("2026-04-21T10:00:00.000Z"),
-        }) as TLanguageUpsertReturn;
-      }
-    );
-    vi.mocked(createSurvey).mockResolvedValue(createdSurvey);
-    vi.mocked(getOrganizationByWorkspaceId).mockResolvedValue({
-      id: "org_1",
-      name: "Organization",
-      createdAt: new Date(),
-      updatedAt: new Date(),
-      billing: {
-        limits: { monthly: { responses: 1000 }, workspaces: 1 },
-        stripeCustomerId: null,
-        usageCycleAnchor: null,
-      },
-      isAISmartToolsEnabled: false,
-      isAIDataAnalysisEnabled: false,
-      whitelabel: undefined,
-    });
-    vi.mocked(getExternalUrlsPermission).mockResolvedValue(true);
-  });
-
-  test("maps the public v3 body to the internal create payload", async () => {
-    await createV3Survey(
-      createBody,
-      {
-        user: { id: "user_1", email: "user@example.com", name: "User" },
-        expires: "2026-05-01",
-      },
-      "req_1"
-    );
-
-    expect(prisma.language.upsert).toHaveBeenCalledWith(
-      expect.objectContaining({
-        where: { workspaceId_code: { workspaceId, code: "en-US" } },
-        create: { workspaceId, code: "en-US", alias: null },
-      })
-    );
-    expect(prisma.language.upsert).toHaveBeenCalledWith(
-      expect.objectContaining({
-        where: { workspaceId_code: { workspaceId, code: "de-DE" } },
-        create: { workspaceId, code: "de-DE", alias: null },
-      })
-    );
-    expect(createSurvey).toHaveBeenCalledWith(
-      workspaceId,
-      expect.objectContaining({
-        name: "Product Feedback",
-        type: "link",
-        status: "draft",
-        createdBy: "user_1",
-        questions: [],
-        metadata: expect.objectContaining({
-          cx_operation: "enterprise_onboarding",
-          title: { default: "Product Feedback", "de-DE": "Produktfeedback" },
-        }),
-        blocks: [
-          expect.objectContaining({
-            elements: [
-              expect.objectContaining({
-                headline: {
-                  default: "What should we improve?",
-                  "de-DE": "Was sollen wir verbessern?",
-                },
-              }),
-            ],
-          }),
-        ],
-        languages: [
-          expect.objectContaining({ default: true, enabled: true }),
-          expect.objectContaining({ default: false, enabled: true }),
-        ],
-      })
-    );
-    expect(getOrganizationByWorkspaceId).not.toHaveBeenCalled();
-    expect(getExternalUrlsPermission).not.toHaveBeenCalled();
-  });
-
-  test("keeps createdBy null for API key calls and honors explicit disabled languages", async () => {
-    const body = ZV3CreateSurveyBody.parse({
-      ...rawCreateBody,
-      metadata: {
-        ...rawCreateBody.metadata,
-        title: {
-          ...rawCreateBody.metadata.title,
-          "fr-FR": "Retour produit",
-        },
-      },
-      languages: [{ code: "fr-FR", enabled: false }],
-      blocks: [
-        {
-          ...rawCreateBody.blocks[0],
-          elements: [
-            {
-              ...rawCreateBody.blocks[0].elements[0],
-              headline: {
-                ...rawCreateBody.blocks[0].elements[0].headline,
-                "fr-FR": "Que devons-nous améliorer ?",
-              },
-            },
-          ],
-        },
-      ],
-    });
-
-    await createV3Survey(
-      body,
-      {
-        type: "apiKey",
-        apiKeyId: "key_1",
-        organizationId: "org_1",
-        organizationAccess: { accessControl: { read: true, write: true } },
-        workspacePermissions: [],
-      },
-      "req_2"
-    );
-
-    expect(createSurvey).toHaveBeenCalledWith(
-      workspaceId,
-      expect.objectContaining({
-        createdBy: null,
-        languages: expect.arrayContaining([
-          expect.objectContaining({ language: expect.objectContaining({ code: "fr-FR" }), enabled: false }),
-        ]),
-      })
-    );
-  });
-
-  test("rejects external CTA buttons when the organization does not have external URL permission", async () => {
-    vi.mocked(getExternalUrlsPermission).mockResolvedValue(false);
-    const body = ZV3CreateSurveyBody.parse({
-      ...rawCreateBody,
-      blocks: [
-        {
-          ...rawCreateBody.blocks[0],
-          elements: [
-            {
-              id: "external_cta",
-              type: "cta",
-              headline: { "en-US": "Continue", "de-DE": "Weiter" },
-              required: false,
-              buttonExternal: true,
-              buttonUrl: "https://example.com",
-              ctaButtonLabel: { "en-US": "Open", "de-DE": "Öffnen" },
-            },
-          ],
-        },
-      ],
-    });
-
-    await expect(createV3Survey(body, null, "req_3")).rejects.toThrow(V3SurveyCreatePermissionError);
-    expect(createSurvey).not.toHaveBeenCalled();
-  });
-});
@@ -1,66 +0,0 @@
-import "server-only";
-import type { TSurveyCreateInput } from "@formbricks/types/surveys/types";
-import type { TV3Authentication } from "@/app/api/v3/lib/types";
-import { createSurvey } from "@/lib/survey/service";
-import { type TV3SurveyLanguageRequest, ensureV3WorkspaceLanguages } from "./languages";
-import { prepareV3SurveyCreate } from "./prepare";
-import { V3SurveyReferenceValidationError } from "./reference-validation";
-import type { TV3CreateSurveyBody } from "./schemas";
-import { assertV3SurveyWritePermissions } from "./write-permissions";
-
-export { V3SurveyWritePermissionError as V3SurveyCreatePermissionError } from "./write-permissions";
-
-function getCreatedBy(authentication: TV3Authentication): string | null {
-  if (authentication && "user" in authentication && authentication.user?.id) {
-    return authentication.user.id;
-  }
-
-  return null;
-}
-
-export async function executeV3SurveyCreate(params: {
-  input: TV3CreateSurveyBody;
-  authentication: TV3Authentication;
-  languageRequests: TV3SurveyLanguageRequest[];
-  requestId?: string;
-}) {
-  const { input, authentication, languageRequests, requestId } = params;
-  const languages = await ensureV3WorkspaceLanguages(input.workspaceId, languageRequests, requestId);
-  const surveyCreateInput: TSurveyCreateInput = {
-    name: input.name,
-    type: "link",
-    status: input.status,
-    metadata: input.metadata,
-    welcomeCard: input.welcomeCard,
-    blocks: input.blocks,
-    endings: input.endings,
-    hiddenFields: input.hiddenFields,
-    variables: input.variables,
-    languages,
-    questions: [],
-    createdBy: getCreatedBy(authentication),
-  };
-
-  return await createSurvey(input.workspaceId, surveyCreateInput);
-}
-
-export async function createV3Survey(
-  input: TV3CreateSurveyBody,
-  authentication: TV3Authentication,
-  requestId?: string,
-  organizationId?: string
-) {
-  const preparation = prepareV3SurveyCreate(input);
-  if (!preparation.ok) {
-    throw new V3SurveyReferenceValidationError(preparation.validation.invalidParams);
-  }
-
-  await assertV3SurveyWritePermissions(input, organizationId);
-
-  return await executeV3SurveyCreate({
-    input: preparation.document,
-    authentication,
-    languageRequests: preparation.languageRequests,
-    requestId,
-  });
-}
@@ -1,120 +0,0 @@
-import { describe, expect, test } from "vitest";
-import {
-  normalizeV3SurveyLanguageTag,
-  parseV3SurveyLanguageQuery,
-  resolveV3SurveyLanguageCode,
-} from "./language";
-
-const languages = [
-  { code: "en-US", enabled: true },
-  { code: "de-DE", enabled: true },
-  { code: "fr-FR", enabled: false },
-];
-
-describe("normalizeV3SurveyLanguageTag", () => {
-  test.each([
-    ["EN_us", "en-US"],
-    ["en-us", "en-US"],
-    ["zh_hans_cn", "zh-Hans-CN"],
-    ["ZH-hant-tw", "zh-Hant-TW"],
-  ])("normalizes %s to %s", (input, expected) => {
-    expect(normalizeV3SurveyLanguageTag(input)).toBe(expected);
-  });
-
-  test("returns null for invalid language tags", () => {
-    expect(normalizeV3SurveyLanguageTag("not a locale")).toBeNull();
-  });
-
-  test("returns null for language-only tags", () => {
-    expect(normalizeV3SurveyLanguageTag("de")).toBeNull();
-  });
-
-  test("returns null for script-only tags without a region", () => {
-    expect(normalizeV3SurveyLanguageTag("zh_Hans")).toBeNull();
-  });
-});
-
-describe("parseV3SurveyLanguageQuery", () => {
-  test("parses comma-separated language selectors", () => {
-    expect(parseV3SurveyLanguageQuery("de-DE, pt_PT, EN_us, zh_hans_cn")).toEqual({
-      ok: true,
-      languages: ["de-DE", "pt-PT", "en-US", "zh-Hans-CN"],
-    });
-  });
-
-  test("parses repeated language selectors", () => {
-    expect(parseV3SurveyLanguageQuery(["de-DE", "pt_PT,en_us"])).toEqual({
-      ok: true,
-      languages: ["de-DE", "pt-PT", "en-US"],
-    });
-  });
-
-  test("deduplicates language selectors case-insensitively", () => {
-    expect(parseV3SurveyLanguageQuery("de-DE,DE_de")).toEqual({
-      ok: true,
-      languages: ["de-DE"],
-    });
-  });
-
-  test("rejects empty language selectors", () => {
-    expect(parseV3SurveyLanguageQuery("de-DE,")).toEqual({
-      ok: false,
-      message: "Language selector must contain valid comma-separated locale codes",
-    });
-  });
-
-  test("rejects invalid language selectors", () => {
-    expect(parseV3SurveyLanguageQuery("not a locale")).toEqual({
-      ok: false,
-      message: "Language 'not a locale' is not a valid locale code",
-    });
-  });
-
-  test("rejects language-only selectors", () => {
-    expect(parseV3SurveyLanguageQuery("de")).toEqual({
-      ok: false,
-      message: "Language 'de' is not a valid locale code",
-    });
-  });
-});
-
-describe("resolveV3SurveyLanguageCode", () => {
-  test("matches configured languages case-insensitively and normalizes underscores", () => {
-    expect(resolveV3SurveyLanguageCode("DE_de", languages)).toEqual({ ok: true, code: "de-DE" });
-  });
-
-  test("matches configured script-region languages case-insensitively and normalizes underscores", () => {
-    expect(resolveV3SurveyLanguageCode("ZH_hans_cn", [{ code: "zh-Hans-CN", enabled: true }])).toEqual({
-      ok: true,
-      code: "zh-Hans-CN",
-    });
-  });
-
-  test("resolves disabled configured languages for management reads", () => {
-    expect(resolveV3SurveyLanguageCode("fr-FR", languages)).toEqual({ ok: true, code: "fr-FR" });
-  });
-
-  test("returns unknown for languages not configured on the survey", () => {
-    expect(resolveV3SurveyLanguageCode("ZH_hant_tw", languages)).toEqual({
-      ok: false,
-      reason: "unknown",
-      normalizedCode: "zh-Hant-TW",
-      message: "Language 'zh-Hant-TW' is not configured for this survey",
-    });
-  });
-
-  test("rejects language-only tags for surveys with a matching configured language", () => {
-    expect(resolveV3SurveyLanguageCode("de", languages)).toEqual({
-      ok: false,
-      reason: "invalid",
-      message: "Language 'de' is not a valid locale code",
-    });
-  });
-
-  test("resolves the implicit default locale for surveys without configured languages", () => {
-    expect(resolveV3SurveyLanguageCode("en-US", [{ code: "en-US", enabled: true }])).toEqual({
-      ok: true,
-      code: "en-US",
-    });
-  });
-});
@@ -1,134 +0,0 @@
-import type { TSurvey as TInternalSurvey } from "@formbricks/types/surveys/types";
-
-type TV3SurveyLanguageInput = {
-  code: string;
-  enabled: boolean;
-};
-
-export type TV3SurveyLanguage = {
-  code: string;
-  default: boolean;
-  enabled: boolean;
-};
-
-type TV3SurveyLanguageQueryInput = string | string[];
-
-type TResolveV3SurveyLanguageCodeResult =
-  | { ok: true; code: string }
-  | { ok: false; reason: "invalid" | "unknown"; message: string; normalizedCode?: string };
-
-type TParseV3SurveyLanguageQueryResult = { ok: true; languages: string[] } | { ok: false; message: string };
-
-const V3_SURVEY_LOCALE_CODE_REGEX = /^[a-z]{2}(?:-[A-Z][a-z]{3})?-[A-Z]{2}$/;
-
-export function normalizeV3SurveyLanguageTag(value: string): string | null {
-  const normalizedSeparators = value.trim().replaceAll("_", "-");
-
-  try {
-    const normalizedLanguage = Intl.getCanonicalLocales(normalizedSeparators)[0] ?? null;
-    if (!normalizedLanguage || !V3_SURVEY_LOCALE_CODE_REGEX.test(normalizedLanguage)) {
-      return null;
-    }
-
-    return normalizedLanguage;
-  } catch {
-    return null;
-  }
-}
-
-export function parseV3SurveyLanguageQuery(
-  value: TV3SurveyLanguageQueryInput
-): TParseV3SurveyLanguageQueryResult {
-  const requestedLanguages = (Array.isArray(value) ? value : [value])
-    .flatMap((entry) => entry.split(","))
-    .map((entry) => entry.trim());
-
-  if (requestedLanguages.some((entry) => entry.length === 0)) {
-    return {
-      ok: false,
-      message: "Language selector must contain valid comma-separated locale codes",
-    };
-  }
-
-  const normalizedLanguages: string[] = [];
-
-  for (const language of requestedLanguages) {
-    const normalizedLanguage = normalizeV3SurveyLanguageTag(language);
-
-    if (!normalizedLanguage) {
-      return {
-        ok: false,
-        message: `Language '${language}' is not a valid locale code`,
-      };
-    }
-
-    if (!normalizedLanguages.some((entry) => entry.toLowerCase() === normalizedLanguage.toLowerCase())) {
-      normalizedLanguages.push(normalizedLanguage);
-    }
-  }
-
-  return { ok: true, languages: normalizedLanguages };
-}
-
-export function resolveV3SurveyLanguageCode(
-  requestedLanguage: string,
-  languages: TV3SurveyLanguageInput[]
-): TResolveV3SurveyLanguageCodeResult {
-  const normalizedRequestedLanguage = normalizeV3SurveyLanguageTag(requestedLanguage);
-
-  if (!normalizedRequestedLanguage) {
-    return {
-      ok: false,
-      reason: "invalid",
-      message: `Language '${requestedLanguage}' is not a valid locale code`,
-    };
-  }
-
-  const normalizedLanguages = languages.map((language) => ({
-    ...language,
-    code: normalizeV3SurveyLanguageTag(language.code) ?? language.code,
-  }));
-  const exactMatch = normalizedLanguages.find(
-    (language) => language.code.toLowerCase() === normalizedRequestedLanguage.toLowerCase()
-  );
-
-  if (exactMatch) {
-    return { ok: true, code: exactMatch.code };
-  }
-
-  return {
-    ok: false,
-    reason: "unknown",
-    normalizedCode: normalizedRequestedLanguage,
-    message: `Language '${normalizedRequestedLanguage}' is not configured for this survey`,
-  };
-}
-
-export function getV3SurveyLanguages(
-  survey: Pick<TInternalSurvey, "languages">,
-  fallbackLanguage: string
-): TV3SurveyLanguage[] {
-  const languages = (survey.languages ?? []).map((surveyLanguage) => ({
-    code: normalizeV3SurveyLanguageTag(surveyLanguage.language.code) ?? surveyLanguage.language.code,
-    default: surveyLanguage.default,
-    enabled: surveyLanguage.enabled,
-  }));
-
-  if (languages.length === 0) {
-    return [{ code: fallbackLanguage, default: true, enabled: true }];
-  }
-
-  return languages;
-}
-
-export function getV3SurveyDefaultLanguage(
-  survey: Pick<TInternalSurvey, "languages">,
-  fallbackLanguage: string
-): string {
-  const defaultLanguageCode = survey.languages?.find((surveyLanguage) => surveyLanguage.default)?.language
-    .code;
-
-  return defaultLanguageCode
-    ? (normalizeV3SurveyLanguageTag(defaultLanguageCode) ?? defaultLanguageCode)
-    : fallbackLanguage;
-}
@@ -1,55 +0,0 @@
-import { describe, expect, test, vi } from "vitest";
-import { deriveV3SurveyLanguageRequests } from "./languages";
-import { ZV3CreateSurveyBody } from "./schemas";
-
-vi.mock("server-only", () => ({}));
-
-vi.mock("@formbricks/database", () => ({
-  prisma: {
-    language: {
-      upsert: vi.fn(),
-    },
-  },
-}));
-
-describe("deriveV3SurveyLanguageRequests", () => {
-  test("derives languages from survey content and known translatable metadata fields only", () => {
-    const document = ZV3CreateSurveyBody.parse({
-      workspaceId: "clxx1234567890123456789012",
-      name: "Product Feedback",
-      defaultLanguage: "en-US",
-      metadata: {
-        title: {
-          "en-US": "Feedback",
-          "de-DE": "Feedback",
-        },
-        cx_context: {
-          "fr-FR": "Arbitrary customer metadata, not translatable survey text",
-        },
-      },
-      blocks: [
-        {
-          id: "clbk1234567890123456789012",
-          name: "Main Block",
-          elements: [
-            {
-              id: "satisfaction",
-              type: "openText",
-              headline: {
-                "en-US": "What should we improve?",
-                "pt-BR": "O que devemos melhorar?",
-              },
-              required: true,
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(deriveV3SurveyLanguageRequests(document)).toEqual([
-      { code: "en-US", default: true, enabled: true },
-      { code: "de-DE", default: false, enabled: true },
-      { code: "pt-BR", default: false, enabled: true },
-    ]);
-  });
-});
@@ -1,161 +0,0 @@
-import "server-only";
-import { Prisma } from "@prisma/client";
-import { prisma } from "@formbricks/database";
-import { logger } from "@formbricks/logger";
-import { DatabaseError } from "@formbricks/types/errors";
-import type { TI18nString } from "@formbricks/types/i18n";
-import type { TSurveyLanguage } from "@formbricks/types/surveys/types";
-import { normalizeV3SurveyLanguageTag } from "./language";
-import type { TV3SurveyDocument } from "./schemas";
-import { V3_SURVEY_TRANSLATABLE_METADATA_KEYS } from "./translation-fields";
-
-export type TV3SurveyLanguageRequest = {
-  code: string;
-  default: boolean;
-  enabled: boolean;
-};
-
-const languageSelect = {
-  id: true,
-  code: true,
-  alias: true,
-  workspaceId: true,
-  createdAt: true,
-  updatedAt: true,
-} satisfies Prisma.LanguageSelect;
-
-function isPlainObject(value: unknown): value is Record<string, unknown> {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-
-function isInternalI18nString(value: unknown): value is TI18nString {
-  return (
-    isPlainObject(value) &&
-    typeof value.default === "string" &&
-    Object.values(value).every((entry) => typeof entry === "string")
-  );
-}
-
-function collectI18nLanguageCodes(value: unknown, languageCodes: Set<string>): void {
-  if (Array.isArray(value)) {
-    value.forEach((entry) => collectI18nLanguageCodes(entry, languageCodes));
-    return;
-  }
-
-  if (!isPlainObject(value)) {
-    return;
-  }
-
-  if (isInternalI18nString(value)) {
-    Object.keys(value).forEach((languageCode) => {
-      if (languageCode !== "default") {
-        const normalizedLanguageCode = normalizeV3SurveyLanguageTag(languageCode);
-        if (normalizedLanguageCode) {
-          languageCodes.add(normalizedLanguageCode);
-        }
-      }
-    });
-    return;
-  }
-
-  Object.values(value).forEach((entry) => collectI18nLanguageCodes(entry, languageCodes));
-}
-
-function collectMetadataI18nLanguageCodes(
-  metadata: TV3SurveyDocument["metadata"],
-  languageCodes: Set<string>
-): void {
-  if (!isPlainObject(metadata)) {
-    return;
-  }
-
-  V3_SURVEY_TRANSLATABLE_METADATA_KEYS.forEach((key) =>
-    collectI18nLanguageCodes(metadata[key], languageCodes)
-  );
-}
-
-export function deriveV3SurveyLanguageRequests(input: TV3SurveyDocument): TV3SurveyLanguageRequest[] {
-  const requestedLanguages = new Map<string, TV3SurveyLanguageRequest>();
-  const addLanguage = (code: string, enabled = true): void => {
-    requestedLanguages.set(code, {
-      code,
-      default: code.toLowerCase() === input.defaultLanguage.toLowerCase(),
-      enabled: code.toLowerCase() === input.defaultLanguage.toLowerCase() ? true : enabled,
-    });
-  };
-
-  addLanguage(input.defaultLanguage);
-
-  input.languages.forEach((language) => {
-    addLanguage(language.code, language.enabled);
-  });
-
-  const contentLanguageCodes = new Set<string>();
-  collectI18nLanguageCodes(input.welcomeCard, contentLanguageCodes);
-  collectI18nLanguageCodes(input.blocks, contentLanguageCodes);
-  collectI18nLanguageCodes(input.endings, contentLanguageCodes);
-  collectMetadataI18nLanguageCodes(input.metadata, contentLanguageCodes);
-  contentLanguageCodes.forEach((languageCode) => {
-    if (!requestedLanguages.has(languageCode)) {
-      addLanguage(languageCode);
-    }
-  });
-
-  return Array.from(requestedLanguages.values()).sort((left, right) => {
-    if (left.default) return -1;
-    if (right.default) return 1;
-    return left.code.localeCompare(right.code);
-  });
-}
-
-export async function ensureV3WorkspaceLanguages(
-  workspaceId: string,
-  languageRequests: TV3SurveyLanguageRequest[],
-  requestId?: string
-): Promise<TSurveyLanguage[]> {
-  const log = logger.withContext({ requestId, workspaceId });
-
-  try {
-    const languages = await Promise.all(
-      languageRequests.map((languageRequest) =>
-        prisma.language.upsert({
-          where: {
-            workspaceId_code: {
-              workspaceId,
-              code: languageRequest.code,
-            },
-          },
-          update: {},
-          create: {
-            workspaceId,
-            code: languageRequest.code,
-            alias: null,
-          },
-          select: languageSelect,
-        })
-      )
-    );
-    const languageByCode = new Map(languages.map((language) => [language.code.toLowerCase(), language]));
-
-    return languageRequests.map((languageRequest) => {
-      const language = languageByCode.get(languageRequest.code.toLowerCase());
-
-      if (!language) {
-        throw new DatabaseError(`Failed to resolve language '${languageRequest.code}'`);
-      }
-
-      return {
-        language,
-        default: languageRequest.default,
-        enabled: languageRequest.enabled,
-      };
-    });
-  } catch (error) {
-    if (error instanceof Prisma.PrismaClientKnownRequestError) {
-      log.error({ error }, "Error creating workspace languages for v3 survey write");
-      throw new DatabaseError(error.message);
-    }
-
-    throw error;
-  }
-}
@@ -1,327 +0,0 @@
-import { beforeEach, describe, expect, test, vi } from "vitest";
-import { prisma } from "@formbricks/database";
-import type { TSurvey } from "@formbricks/types/surveys/types";
-import { getOrganizationByWorkspaceId } from "@/lib/organization/service";
-import { updateSurvey } from "@/lib/survey/service";
-import { getExternalUrlsPermission } from "@/modules/survey/lib/permission";
-import { patchV3Survey } from "./patch";
-import { V3SurveyReferenceValidationError } from "./reference-validation";
-import { ZV3CreateSurveyBody } from "./schemas";
-import { V3SurveyWritePermissionError } from "./write-permissions";
-
-vi.mock("server-only", () => ({}));
-
-vi.mock("@formbricks/database", () => ({
-  prisma: {
-    language: {
-      upsert: vi.fn(),
-    },
-  },
-}));
-
-vi.mock("@/lib/survey/service", () => ({
-  updateSurvey: vi.fn(),
-}));
-
-vi.mock("@/lib/organization/service", () => ({
-  getOrganizationByWorkspaceId: vi.fn(),
-}));
-
-vi.mock("@/modules/survey/lib/permission", () => ({
-  getExternalUrlsPermission: vi.fn(),
-}));
-
-vi.mock("@formbricks/logger", () => ({
-  logger: {
-    withContext: vi.fn(() => ({
-      error: vi.fn(),
-      warn: vi.fn(),
-    })),
-  },
-}));
-
-const workspaceId = "clxx1234567890123456789012";
-
-const createBody = ZV3CreateSurveyBody.parse({
-  workspaceId,
-  name: "Product Feedback",
-  defaultLanguage: "en-US",
-  metadata: {
-    title: { "en-US": "Product Feedback" },
-  },
-  blocks: [
-    {
-      id: "clbk1234567890123456789012",
-      name: "Main Block",
-      elements: [
-        {
-          id: "satisfaction",
-          type: "openText",
-          headline: { "en-US": "What should we improve?" },
-          required: true,
-        },
-      ],
-    },
-  ],
-});
-
-const currentSurvey = {
-  id: "clsv1234567890123456789012",
-  workspaceId,
-  createdAt: new Date("2026-04-21T10:00:00.000Z"),
-  updatedAt: new Date("2026-04-21T10:00:00.000Z"),
-  name: "Product Feedback",
-  type: "link",
-  createdBy: "user_1",
-  status: "draft",
-  displayOption: "displayOnce",
-  autoClose: null,
-  triggers: [],
-  recontactDays: null,
-  displayLimit: null,
-  questions: [],
-  welcomeCard: { enabled: false },
-  blocks: createBody.blocks,
-  endings: [],
-  hiddenFields: { enabled: false },
-  variables: [],
-  followUps: [],
-  delay: 0,
-  publishOn: null,
-  closeOn: null,
-  autoComplete: null,
-  workspaceOverwrites: null,
-  styling: null,
-  showLanguageSwitch: null,
-  surveyClosedMessage: null,
-  segment: null,
-  singleUse: null,
-  isVerifyEmailEnabled: false,
-  recaptcha: null,
-  isSingleResponsePerEmailEnabled: false,
-  isBackButtonHidden: false,
-  isAutoProgressingEnabled: false,
-  isCaptureIpEnabled: false,
-  pin: null,
-  displayPercentage: null,
-  languages: [
-    {
-      language: {
-        id: "cllangenus000000000000000",
-        code: "en-US",
-        alias: null,
-        workspaceId,
-        createdAt: new Date("2026-04-21T10:00:00.000Z"),
-        updatedAt: new Date("2026-04-21T10:00:00.000Z"),
-      },
-      default: true,
-      enabled: true,
-    },
-  ],
-  metadata: createBody.metadata,
-  slug: null,
-  customHeadScripts: null,
-  customHeadScriptsMode: null,
-} as unknown as TSurvey;
-
-const createExternalCtaBlock = () => ({
-  ...createBody.blocks[0],
-  elements: [
-    {
-      id: "external_cta",
-      type: "cta" as const,
-      headline: { "en-US": "Continue" },
-      required: false,
-      buttonExternal: true,
-      buttonUrl: "https://example.com",
-      ctaButtonLabel: { "en-US": "Open" },
-    },
-  ],
-});
-
-type TLanguageUpsertArgs = Parameters<typeof prisma.language.upsert>[0];
-type TLanguageUpsertReturn = ReturnType<typeof prisma.language.upsert>;
-
-describe("patchV3Survey", () => {
-  beforeEach(() => {
-    vi.resetAllMocks();
-    vi.mocked(prisma.language.upsert).mockImplementation(
-      (args: TLanguageUpsertArgs): TLanguageUpsertReturn => {
-        const workspaceIdCode = args.where.workspaceId_code;
-        if (!workspaceIdCode) {
-          throw new Error("Expected workspaceId_code upsert selector");
-        }
-
-        return Promise.resolve({
-          id: `cllang${workspaceIdCode.code.toLowerCase().replaceAll("-", "")}`,
-          code: workspaceIdCode.code,
-          alias: null,
-          workspaceId: workspaceIdCode.workspaceId,
-          createdAt: new Date("2026-04-21T10:00:00.000Z"),
-          updatedAt: new Date("2026-04-21T10:00:00.000Z"),
-        }) as TLanguageUpsertReturn;
-      }
-    );
-    vi.mocked(updateSurvey).mockImplementation(async (survey) => survey);
-    vi.mocked(getOrganizationByWorkspaceId).mockResolvedValue({
-      id: "org_1",
-      name: "Organization",
-      createdAt: new Date(),
-      updatedAt: new Date(),
-      billing: {
-        limits: { monthly: { responses: 1000 }, workspaces: 1 },
-        stripeCustomerId: null,
-        usageCycleAnchor: null,
-      },
-      isAISmartToolsEnabled: false,
-      isAIDataAnalysisEnabled: false,
-      whitelabel: undefined,
-    });
-    vi.mocked(getExternalUrlsPermission).mockResolvedValue(true);
-  });
-
-  test("maps the prepared v3 patch onto the existing internal survey", async () => {
-    await patchV3Survey(
-      currentSurvey,
-      {
-        name: "Updated Feedback",
-        metadata: {
-          title: { "en-US": "Updated Feedback", "de-DE": "Aktualisiertes Feedback" },
-        },
-        languages: [{ code: "de-DE", enabled: true }],
-        blocks: [
-          {
-            ...createBody.blocks[0],
-            elements: [
-              {
-                ...createBody.blocks[0].elements[0],
-                headline: {
-                  "en-US": "What should we improve?",
-                  "de-DE": "Was sollen wir verbessern?",
-                },
-              },
-            ],
-          },
-        ],
-      },
-      "req_1",
-      "org_1"
-    );
-
-    expect(prisma.language.upsert).toHaveBeenCalledWith(
-      expect.objectContaining({
-        where: { workspaceId_code: { workspaceId, code: "de-DE" } },
-        create: { workspaceId, code: "de-DE", alias: null },
-      })
-    );
-    expect(updateSurvey).toHaveBeenCalledWith(
-      expect.objectContaining({
-        id: currentSurvey.id,
-        workspaceId,
-        createdBy: "user_1",
-        type: "link",
-        name: "Updated Feedback",
-        metadata: {
-          title: { default: "Updated Feedback", "de-DE": "Aktualisiertes Feedback" },
-        },
-        blocks: [
-          expect.objectContaining({
-            elements: [
-              expect.objectContaining({
-                headline: { default: "What should we improve?", "de-DE": "Was sollen wir verbessern?" },
-              }),
-            ],
-          }),
-        ],
-        languages: expect.arrayContaining([
-          expect.objectContaining({ default: true, enabled: true }),
-          expect.objectContaining({
-            language: expect.objectContaining({ code: "de-DE" }),
-            default: false,
-            enabled: true,
-          }),
-        ]),
-      })
-    );
-    expect(getExternalUrlsPermission).not.toHaveBeenCalled();
-  });
-
-  test("rejects invalid patch documents before updating", async () => {
-    await expect(
-      patchV3Survey(currentSurvey, {
-        defaultLanguage: "de-DE",
-      })
-    ).rejects.toThrow(V3SurveyReferenceValidationError);
-
-    expect(updateSurvey).not.toHaveBeenCalled();
-  });
-
-  test("allows patching unrelated fields when existing external URLs are unchanged", async () => {
-    vi.mocked(getExternalUrlsPermission).mockResolvedValue(false);
-    const externalUrlBody = ZV3CreateSurveyBody.parse({
-      workspaceId,
-      name: "Product Feedback",
-      defaultLanguage: "en-US",
-      blocks: [createExternalCtaBlock()],
-      endings: [
-        {
-          id: "clen1234567890123456789012",
-          type: "endScreen",
-          headline: { "en-US": "Thanks" },
-          buttonLabel: { "en-US": "Open" },
-          buttonLink: "https://example.com",
-        },
-      ],
-    });
-    const currentSurveyWithExternalUrls = {
-      ...currentSurvey,
-      blocks: externalUrlBody.blocks,
-      endings: externalUrlBody.endings,
-    } as TSurvey;
-
-    await patchV3Survey(currentSurveyWithExternalUrls, { name: "Renamed Feedback" }, "req_2", "org_1");
-
-    expect(getExternalUrlsPermission).not.toHaveBeenCalled();
-    expect(updateSurvey).toHaveBeenCalledWith(
-      expect.objectContaining({
-        name: "Renamed Feedback",
-        blocks: externalUrlBody.blocks,
-        endings: externalUrlBody.endings,
-      })
-    );
-  });
-
-  test("reuses external URL permission checks for patched survey documents", async () => {
-    vi.mocked(getExternalUrlsPermission).mockResolvedValue(false);
-
-    await expect(
-      patchV3Survey(
-        currentSurvey,
-        {
-          blocks: [createExternalCtaBlock()],
-        },
-        "req_2",
-        "org_1"
-      )
-    ).rejects.toThrow(V3SurveyWritePermissionError);
-
-    expect(updateSurvey).not.toHaveBeenCalled();
-  });
-
-  test("fails closed when external URL permissions cannot resolve an organization", async () => {
-    vi.mocked(getOrganizationByWorkspaceId).mockResolvedValue(null);
-
-    await expect(
-      patchV3Survey(
-        currentSurvey,
-        {
-          blocks: [createExternalCtaBlock()],
-        },
-        "req_2"
-      )
-    ).rejects.toThrow(`Unable to verify external URL permissions for workspaceId: ${workspaceId}`);
-
-    expect(getExternalUrlsPermission).not.toHaveBeenCalled();
-    expect(updateSurvey).not.toHaveBeenCalled();
-  });
-});
@@ -1,63 +0,0 @@
-import "server-only";
-import type { TSurvey } from "@formbricks/types/surveys/types";
-import { updateSurvey } from "@/lib/survey/service";
-import { type TV3SurveyLanguageRequest, ensureV3WorkspaceLanguages } from "./languages";
-import { prepareV3SurveyPatchInput } from "./prepare";
-import { V3SurveyReferenceValidationError } from "./reference-validation";
-import type { TV3SurveyDocument } from "./schemas";
-import { assertV3SurveyWritePermissions } from "./write-permissions";
-
-export async function executeV3SurveyPatch(params: {
-  currentSurvey: TSurvey;
-  document: TV3SurveyDocument;
-  languageRequests: TV3SurveyLanguageRequest[];
-  requestId?: string;
-}): Promise<TSurvey> {
-  const { currentSurvey, document, languageRequests, requestId } = params;
-  const languages = await ensureV3WorkspaceLanguages(currentSurvey.workspaceId, languageRequests, requestId);
-
-  return await updateSurvey({
-    ...currentSurvey,
-    name: document.name,
-    status: document.status,
-    metadata: document.metadata,
-    languages,
-    welcomeCard: document.welcomeCard,
-    blocks: document.blocks,
-    endings: document.endings,
-    hiddenFields: document.hiddenFields,
-    variables: document.variables,
-  });
-}
-
-export async function patchV3Survey(
-  currentSurvey: TSurvey,
-  input: unknown,
-  requestId?: string,
-  organizationId?: string
-): Promise<TSurvey> {
-  const preparation = prepareV3SurveyPatchInput(currentSurvey, input);
-  if (!preparation.ok) {
-    throw new V3SurveyReferenceValidationError(preparation.validation.invalidParams);
-  }
-
-  await assertV3SurveyWritePermissions(
-    {
-      workspaceId: currentSurvey.workspaceId,
-      blocks: preparation.document.blocks,
-      endings: preparation.document.endings,
-      previous: {
-        blocks: currentSurvey.blocks,
-        endings: currentSurvey.endings,
-      },
-    },
-    organizationId
-  );
-
-  return await executeV3SurveyPatch({
-    currentSurvey,
-    document: preparation.document,
-    languageRequests: preparation.languageRequests,
-    requestId,
-  });
-}
@@ -1,354 +0,0 @@
-import { describe, expect, test, vi } from "vitest";
-import type { TSurvey } from "@formbricks/types/surveys/types";
-import { prepareV3SurveyCreate, prepareV3SurveyCreateInput, prepareV3SurveyPatchInput } from "./prepare";
-import { ZV3CreateSurveyBody } from "./schemas";
-
-vi.mock("server-only", () => ({}));
-
-const workspaceId = "clxx1234567890123456789012";
-
-const rawCreateBody = {
-  workspaceId,
-  name: "Product Feedback",
-  defaultLanguage: "en-US",
-  blocks: [
-    {
-      id: "clbk1234567890123456789012",
-      name: "Main Block",
-      elements: [
-        {
-          id: "satisfaction",
-          type: "openText",
-          headline: { "en-US": "What should we improve?", "de-DE": "Was sollen wir verbessern?" },
-          required: true,
-        },
-      ],
-    },
-  ],
-};
-
-const createBody = ZV3CreateSurveyBody.parse(rawCreateBody);
-
-const survey = {
-  id: "clsv1234567890123456789012",
-  workspaceId,
-  createdAt: new Date("2026-04-21T10:00:00.000Z"),
-  updatedAt: new Date("2026-04-21T10:00:00.000Z"),
-  name: "Product Feedback",
-  type: "link",
-  status: "draft",
-  metadata: {},
-  languages: [
-    {
-      language: {
-        id: "cllangenus000000000000000",
-        code: "en-US",
-        alias: null,
-        workspaceId,
-        createdAt: new Date("2026-04-21T10:00:00.000Z"),
-        updatedAt: new Date("2026-04-21T10:00:00.000Z"),
-      },
-      default: true,
-      enabled: true,
-    },
-  ],
-  questions: [],
-  welcomeCard: { enabled: false },
-  blocks: createBody.blocks,
-  endings: [],
-  hiddenFields: { enabled: false },
-  variables: [],
-} as unknown as TSurvey;
-
-describe("v3 survey preparation", () => {
-  test("prepares a valid create document and derives language side effects", () => {
-    const preparation = prepareV3SurveyCreate(createBody);
-
-    expect(preparation.ok).toBe(true);
-    if (!preparation.ok) {
-      throw new Error("Expected create preparation to succeed");
-    }
-    expect(preparation.languageRequests).toEqual([
-      { code: "en-US", default: true, enabled: true },
-      { code: "de-DE", default: false, enabled: true },
-    ]);
-  });
-
-  test("returns validation results instead of throwing for invalid create input", () => {
-    const preparation = prepareV3SurveyCreateInput({
-      ...rawCreateBody,
-      blocks: [
-        {
-          ...rawCreateBody.blocks[0],
-          elements: [
-            {
-              ...rawCreateBody.blocks[0].elements[0],
-              buttonUrl: "https://example.com",
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.elements.0.buttonUrl",
-            code: "unsupported_field",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects configured languages that are missing from translatable survey content", () => {
-    const preparation = prepareV3SurveyCreateInput({
-      ...rawCreateBody,
-      languages: [{ code: "pt-PT", enabled: true }],
-    });
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.elements.0.headline",
-            code: "missing_translation",
-            identifier: "pt-PT",
-            referenceType: "language",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects partial derived translations before internal survey validation", () => {
-    const preparation = prepareV3SurveyCreateInput({
-      ...rawCreateBody,
-      blocks: [
-        {
-          ...rawCreateBody.blocks[0],
-          elements: [
-            {
-              ...rawCreateBody.blocks[0].elements[0],
-              subheader: { "en-US": "Tell us more" },
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.elements.0.subheader",
-            code: "missing_translation",
-            identifier: "de-DE",
-            referenceType: "language",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects metadata translations that are missing configured languages", () => {
-    const preparation = prepareV3SurveyCreateInput({
-      ...rawCreateBody,
-      metadata: {
-        title: { "en-US": "Product Feedback" },
-      },
-    });
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "metadata.title",
-            code: "missing_translation",
-            identifier: "de-DE",
-            referenceType: "language",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("uses metadata translations when deriving required survey languages", () => {
-    const preparation = prepareV3SurveyCreateInput({
-      ...rawCreateBody,
-      metadata: {
-        title: { "en-US": "Product Feedback", "fr-FR": "Retour produit" },
-      },
-    });
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "metadata.title",
-            code: "missing_translation",
-            identifier: "de-DE",
-            referenceType: "language",
-          }),
-          expect.objectContaining({
-            name: "blocks.0.elements.0.headline",
-            code: "missing_translation",
-            identifier: "fr-FR",
-            referenceType: "language",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("returns language and reference validation issues together", () => {
-    const preparation = prepareV3SurveyCreateInput({
-      ...rawCreateBody,
-      languages: [{ code: "pt-PT", enabled: true }],
-      blocks: [
-        {
-          ...rawCreateBody.blocks[0],
-          logicFallback: "clmiss12345678901234567890",
-        },
-      ],
-    });
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.elements.0.headline",
-            code: "missing_translation",
-          }),
-          expect.objectContaining({
-            name: "blocks.0.logicFallback",
-            code: "dangling_reference",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("applies a patch over the current document before validating references", () => {
-    const preparation = prepareV3SurveyPatchInput(survey, {
-      blocks: [
-        {
-          ...rawCreateBody.blocks[0],
-          logicFallback: "clmiss12345678901234567890",
-        },
-      ],
-    });
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([expect.objectContaining({ name: "blocks.0.logicFallback" })])
-      );
-    }
-  });
-
-  test("rejects patch input with immutable fields as validation results", () => {
-    const preparation = prepareV3SurveyPatchInput(survey, {
-      workspaceId,
-      defaultLanguage: "de-DE",
-    });
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "workspaceId",
-            code: "unsupported_field",
-          }),
-          expect.objectContaining({
-            name: "defaultLanguage",
-            code: "unsupported_field",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects patch language changes that try to move the default language", () => {
-    const preparation = prepareV3SurveyPatchInput(survey, {
-      languages: [{ code: "de-DE", default: true, enabled: true }],
-    });
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "languages.0.default",
-            reason: "The default language entry must match defaultLanguage",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("preserves omitted fields while replacing provided top-level patch fields", () => {
-    const preparation = prepareV3SurveyPatchInput(survey, {
-      name: "Updated Product Feedback",
-      metadata: {
-        title: { "en-US": "Updated title", "de-DE": "Aktualisierter Titel" },
-      },
-    });
-
-    expect(preparation.ok).toBe(true);
-    if (!preparation.ok) {
-      throw new Error("Expected patch preparation to succeed");
-    }
-    expect(preparation.document).toMatchObject({
-      name: "Updated Product Feedback",
-      metadata: { title: { default: "Updated title", "de-DE": "Aktualisierter Titel" } },
-      blocks: survey.blocks,
-      hiddenFields: survey.hiddenFields,
-    });
-  });
-
-  test("rejects non-draft element id changes on non-draft surveys", () => {
-    const preparation = prepareV3SurveyPatchInput(
-      {
-        ...survey,
-        status: "inProgress",
-      } as TSurvey,
-      {
-        blocks: [
-          {
-            ...rawCreateBody.blocks[0],
-            elements: [
-              {
-                ...rawCreateBody.blocks[0].elements[0],
-                id: "renamed_satisfaction",
-              },
-            ],
-          },
-        ],
-      }
-    );
-
-    expect(preparation.ok).toBe(false);
-    if (!preparation.ok) {
-      expect(preparation.validation.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.elements.0.id",
-            reason: expect.stringContaining("cannot be changed"),
-            code: "immutable_identifier",
-            identifier: "satisfaction",
-            referenceType: "element",
-          }),
-        ])
-      );
-    }
-  });
-});
@@ -1,181 +0,0 @@
-import type { TSurvey as TInternalSurvey } from "@formbricks/types/surveys/types";
-import type { InvalidParam } from "@/app/api/v3/lib/response";
-import { getV3SurveyDefaultLanguage, getV3SurveyLanguages } from "./language";
-import { type TV3SurveyLanguageRequest, deriveV3SurveyLanguageRequests } from "./languages";
-import {
-  DEFAULT_V3_SURVEY_LANGUAGE,
-  type TV3CreateSurveyBody,
-  type TV3PatchSurveyBody,
-  type TV3SurveyDocument,
-  ZV3CreateSurveyBody,
-  ZV3SurveyDocumentBase,
-  createZV3PatchSurveyBodySchema,
-  formatV3ZodInvalidParams,
-} from "./schemas";
-import { type TV3SurveyDocumentValidationResult, validateV3SurveyDocument } from "./validation";
-
-type TV3SurveyPrepareSuccess<TDocument> = {
-  ok: true;
-  document: TDocument;
-  validation: Extract<TV3SurveyDocumentValidationResult, { valid: true }>;
-  languageRequests: TV3SurveyLanguageRequest[];
-};
-
-type TV3SurveyPrepareFailure = {
-  ok: false;
-  validation: Extract<TV3SurveyDocumentValidationResult, { valid: false }>;
-};
-
-export type TV3SurveyPrepareResult<TDocument> = TV3SurveyPrepareSuccess<TDocument> | TV3SurveyPrepareFailure;
-
-function invalidPreparation(invalidParams: InvalidParam[]): TV3SurveyPrepareFailure {
-  return {
-    ok: false,
-    validation: {
-      valid: false,
-      invalidParams,
-    },
-  };
-}
-
-function validPreparation<TDocument extends TV3SurveyDocument>(
-  document: TDocument
-): TV3SurveyPrepareResult<TDocument> {
-  const validation = validateV3SurveyDocument(document);
-
-  if (!validation.valid) {
-    return invalidPreparation(validation.invalidParams);
-  }
-
-  return {
-    ok: true,
-    document,
-    validation,
-    languageRequests: deriveV3SurveyLanguageRequests(document),
-  };
-}
-
-function buildDocumentFromSurvey(survey: TInternalSurvey): TV3SurveyPrepareResult<TV3SurveyDocument> {
-  if (Array.isArray(survey.questions) && survey.questions.length > 0) {
-    return invalidPreparation([
-      {
-        name: "survey",
-        reason: "Legacy question-based surveys are not supported by the v3 survey management API",
-      },
-    ]);
-  }
-
-  const documentResult = ZV3SurveyDocumentBase.safeParse({
-    name: survey.name,
-    status: survey.status,
-    metadata: survey.metadata ?? {},
-    defaultLanguage: getV3SurveyDefaultLanguage(survey, DEFAULT_V3_SURVEY_LANGUAGE),
-    languages: getV3SurveyLanguages(survey, DEFAULT_V3_SURVEY_LANGUAGE),
-    welcomeCard: survey.welcomeCard,
-    blocks: survey.blocks,
-    endings: survey.endings,
-    hiddenFields: survey.hiddenFields,
-    variables: survey.variables,
-  });
-
-  if (!documentResult.success) {
-    return invalidPreparation(formatV3ZodInvalidParams(documentResult.error, "survey"));
-  }
-
-  return validPreparation(documentResult.data);
-}
-
-function mergeV3SurveyPatch(document: TV3SurveyDocument, patch: TV3PatchSurveyBody): TV3SurveyDocument {
-  return {
-    ...document,
-    ...Object.fromEntries(Object.entries(patch).filter(([, value]) => value !== undefined)),
-  };
-}
-
-function getElementIds(document: TV3SurveyDocument): Set<string> {
-  return new Set(document.blocks.flatMap((block) => block.elements.map((element) => element.id)));
-}
-
-function getImmutableElementIdIssues(
-  currentDocument: TV3SurveyDocument,
-  patchedDocument: TV3SurveyDocument
-): InvalidParam[] {
-  if (currentDocument.status === "draft") {
-    return [];
-  }
-
-  const patchedElementIds = getElementIds(patchedDocument);
-  const issues: InvalidParam[] = [];
-
-  currentDocument.blocks.forEach((currentBlock) => {
-    const patchedBlockIndex = patchedDocument.blocks.findIndex((block) => block.id === currentBlock.id);
-    if (patchedBlockIndex === -1) {
-      return;
-    }
-
-    const patchedBlock = patchedDocument.blocks[patchedBlockIndex];
-    currentBlock.elements.forEach((currentElement, elementIndex) => {
-      if (currentElement.isDraft || patchedElementIds.has(currentElement.id)) {
-        return;
-      }
-
-      const patchedElement = patchedBlock.elements[elementIndex];
-      if (!patchedElement || patchedElement.id === currentElement.id) {
-        return;
-      }
-
-      issues.push({
-        name: `blocks.${patchedBlockIndex}.elements.${elementIndex}.id`,
-        reason: `Element id '${currentElement.id}' cannot be changed because the survey and element are no longer drafts`,
-        code: "immutable_identifier",
-        identifier: currentElement.id,
-        referenceType: "element",
-      });
-    });
-  });
-
-  return issues;
-}
-
-export function prepareV3SurveyCreate(
-  document: TV3CreateSurveyBody
-): TV3SurveyPrepareResult<TV3CreateSurveyBody> {
-  return validPreparation(document);
-}
-
-export function prepareV3SurveyCreateInput(input: unknown): TV3SurveyPrepareResult<TV3CreateSurveyBody> {
-  const parsed = ZV3CreateSurveyBody.safeParse(input);
-
-  if (!parsed.success) {
-    return invalidPreparation(formatV3ZodInvalidParams(parsed.error, "data"));
-  }
-
-  return prepareV3SurveyCreate(parsed.data);
-}
-
-export function prepareV3SurveyPatchInput(
-  survey: TInternalSurvey,
-  input: unknown
-): TV3SurveyPrepareResult<TV3SurveyDocument> {
-  const currentDocument = buildDocumentFromSurvey(survey);
-
-  if (!currentDocument.ok) {
-    return currentDocument;
-  }
-
-  const parsedPatch = createZV3PatchSurveyBodySchema(currentDocument.document.defaultLanguage).safeParse(
-    input
-  );
-
-  if (!parsedPatch.success) {
-    return invalidPreparation(formatV3ZodInvalidParams(parsedPatch.error, "data"));
-  }
-
-  const patchedDocument = mergeV3SurveyPatch(currentDocument.document, parsedPatch.data);
-  const immutableElementIdIssues = getImmutableElementIdIssues(currentDocument.document, patchedDocument);
-  if (immutableElementIdIssues.length > 0) {
-    return invalidPreparation(immutableElementIdIssues);
-  }
-
-  return validPreparation(patchedDocument);
-}
@@ -1,373 +0,0 @@
-import { describe, expect, test } from "vitest";
-import { validateV3SurveyReferences } from "./reference-validation";
-import { ZV3CreateSurveyBody } from "./schemas";
-
-const validSurvey = ZV3CreateSurveyBody.parse({
-  workspaceId: "clxx1234567890123456789012",
-  name: "Product Feedback",
-  hiddenFields: {
-    enabled: true,
-    fieldIds: ["account_id"],
-  },
-  variables: [
-    {
-      id: "clvar123456789012345678901",
-      name: "score",
-      type: "number",
-      value: 0,
-    },
-  ],
-  endings: [
-    {
-      id: "clend123456789012345678901",
-      type: "endScreen",
-      headline: { "en-US": "Thanks" },
-    },
-  ],
-  blocks: [
-    {
-      id: "clbk1234567890123456789012",
-      name: "Main Block",
-      logicFallback: "clend123456789012345678901",
-      elements: [
-        {
-          id: "satisfaction",
-          type: "openText",
-          headline: { "en-US": "What should we improve?" },
-          required: true,
-        },
-      ],
-      logic: [
-        {
-          id: "cllog123456789012345678901",
-          conditions: {
-            id: "clgrp123456789012345678901",
-            connector: "and",
-            conditions: [
-              {
-                id: "clcon123456789012345678901",
-                leftOperand: { type: "element", value: "satisfaction" },
-                operator: "isSubmitted",
-              },
-            ],
-          },
-          actions: [
-            {
-              id: "clact123456789012345678901",
-              objective: "calculate",
-              variableId: "clvar123456789012345678901",
-              operator: "add",
-              value: { type: "static", value: 1 },
-            },
-          ],
-        },
-      ],
-    },
-  ],
-});
-
-describe("validateV3SurveyReferences", () => {
-  test("accepts a survey with consistent stable identifiers", () => {
-    expect(
-      validateV3SurveyReferences({
-        blocks: validSurvey.blocks,
-        endings: validSurvey.endings,
-        hiddenFields: validSurvey.hiddenFields,
-        variables: validSurvey.variables,
-      })
-    ).toEqual({ ok: true, invalidParams: [] });
-  });
-
-  test("rejects duplicate block, element, variable, and hidden field identifiers", () => {
-    const survey = {
-      ...validSurvey,
-      hiddenFields: { enabled: true, fieldIds: ["account_id", "account_id"] },
-      variables: [
-        ...validSurvey.variables,
-        {
-          id: "clvar123456789012345678901",
-          name: "score",
-          type: "number" as const,
-          value: 0,
-        },
-      ],
-      blocks: [
-        ...validSurvey.blocks,
-        {
-          ...validSurvey.blocks[0],
-          elements: [{ ...validSurvey.blocks[0].elements[0] }],
-        },
-      ],
-    };
-
-    const result = validateV3SurveyReferences({
-      blocks: survey.blocks,
-      endings: survey.endings,
-      hiddenFields: survey.hiddenFields,
-      variables: survey.variables,
-    });
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ name: "blocks.1.id" }),
-          expect.objectContaining({ name: "blocks.1.elements.0.id" }),
-          expect.objectContaining({ name: "variables.1.id" }),
-          expect.objectContaining({ name: "hiddenFields.fieldIds.1" }),
-          expect.objectContaining({
-            name: "blocks.1.id",
-            code: "duplicate_identifier",
-            identifier: "clbk1234567890123456789012",
-            referenceType: "block",
-            firstUsedAt: "blocks.0.id",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects cross-namespace identifier collisions", () => {
-    const result = validateV3SurveyReferences({
-      blocks: validSurvey.blocks,
-      endings: validSurvey.endings,
-      hiddenFields: { enabled: true, fieldIds: ["account_id", "satisfaction"] },
-      variables: [
-        {
-          id: "satisfaction",
-          name: "account_id",
-          type: "number",
-          value: 0,
-        },
-      ],
-    });
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ name: "hiddenFields.fieldIds.1" }),
-          expect.objectContaining({ name: "variables.0.id" }),
-          expect.objectContaining({ name: "variables.0.name" }),
-          expect.objectContaining({
-            name: "hiddenFields.fieldIds.1",
-            code: "duplicate_identifier",
-            identifier: "satisfaction",
-            referenceType: "hiddenField",
-            conflictsWith: "blocks.0.elements.0.id",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("reports dangling logic references with actionable paths", () => {
-    const survey = {
-      ...validSurvey,
-      blocks: [
-        {
-          ...validSurvey.blocks[0],
-          logicFallback: "clmiss12345678901234567890",
-          logic: [
-            {
-              ...validSurvey.blocks[0].logic![0],
-              actions: [
-                {
-                  ...validSurvey.blocks[0].logic![0].actions[0],
-                  variableId: "clmiss12345678901234567890",
-                },
-                {
-                  id: "cljmp123456789012345678901",
-                  objective: "jumpToBlock" as const,
-                  target: "clmiss12345678901234567890",
-                },
-              ],
-            },
-          ],
-        },
-      ],
-    };
-
-    const result = validateV3SurveyReferences({
-      blocks: survey.blocks,
-      endings: survey.endings,
-      hiddenFields: survey.hiddenFields,
-      variables: survey.variables,
-    });
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({ name: "blocks.0.logicFallback" }),
-          expect.objectContaining({ name: "blocks.0.logic.0.actions.0.variableId" }),
-          expect.objectContaining({ name: "blocks.0.logic.0.actions.1.target" }),
-          expect.objectContaining({
-            name: "blocks.0.logic.0.actions.0.variableId",
-            code: "dangling_reference",
-            missingId: "clmiss12345678901234567890",
-            referenceType: "variable",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects logicFallback without logic before persistence", () => {
-    const survey = {
-      ...validSurvey,
-      blocks: [
-        {
-          ...validSurvey.blocks[0],
-          logic: undefined,
-          logicFallback: validSurvey.endings[0].id,
-        },
-      ],
-    };
-
-    const result = validateV3SurveyReferences({
-      blocks: survey.blocks,
-      endings: survey.endings,
-      hiddenFields: survey.hiddenFields,
-      variables: survey.variables,
-    });
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.logicFallback",
-            code: "invalid_reference",
-            reason:
-              "logicFallback requires at least one logic rule on the same block; omit logicFallback for normal sequential flow or add blocks[].logic",
-            referenceType: "ending",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects logicFallback targeting the same block", () => {
-    const survey = {
-      ...validSurvey,
-      blocks: [
-        {
-          ...validSurvey.blocks[0],
-          logicFallback: validSurvey.blocks[0].id,
-        },
-      ],
-    };
-
-    const result = validateV3SurveyReferences({
-      blocks: survey.blocks,
-      endings: survey.endings,
-      hiddenFields: survey.hiddenFields,
-      variables: survey.variables,
-    });
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.logicFallback",
-            code: "invalid_reference",
-            reason: "logicFallback cannot target the same block",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("reports dangling recall references with actionable paths", () => {
-    const survey = {
-      ...validSurvey,
-      blocks: [
-        {
-          ...validSurvey.blocks[0],
-          elements: [
-            {
-              ...validSurvey.blocks[0].elements[0],
-              headline: {
-                default: "Please explain #recall:missing_id/fallback:your answer#",
-              },
-            },
-          ],
-        },
-      ],
-    };
-
-    const result = validateV3SurveyReferences({
-      blocks: survey.blocks,
-      endings: survey.endings,
-      hiddenFields: survey.hiddenFields,
-      variables: survey.variables,
-    });
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.elements.0.headline.default",
-            reason: expect.stringContaining("missing_id"),
-            code: "dangling_reference",
-            missingId: "missing_id",
-            referenceType: "recall",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("reports dangling recall references in survey-level translatable fields", () => {
-    const result = validateV3SurveyReferences({
-      blocks: validSurvey.blocks,
-      endings: validSurvey.endings,
-      hiddenFields: validSurvey.hiddenFields,
-      metadata: {
-        title: {
-          default: "Metadata #recall:missing_metadata_reference/fallback:value#",
-        },
-      },
-      variables: validSurvey.variables,
-      welcomeCard: {
-        enabled: true,
-        headline: {
-          default: "Welcome #recall:missing_welcome_reference/fallback:there#",
-        },
-      },
-    });
-
-    expect(result.ok).toBe(false);
-    if (!result.ok) {
-      expect(result.invalidParams).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "welcomeCard.headline.default",
-            reason: expect.stringContaining("missing_welcome_reference"),
-          }),
-          expect.objectContaining({
-            name: "metadata.title.default",
-            reason: expect.stringContaining("missing_metadata_reference"),
-          }),
-        ])
-      );
-    }
-  });
-
-  test("ignores recall-like strings in arbitrary metadata values", () => {
-    const result = validateV3SurveyReferences({
-      blocks: validSurvey.blocks,
-      endings: validSurvey.endings,
-      hiddenFields: validSurvey.hiddenFields,
-      metadata: {
-        cx_operation: "Enterprise #recall:external_context/fallback:context#",
-      },
-      variables: validSurvey.variables,
-    });
-
-    expect(result).toEqual({ ok: true, invalidParams: [] });
-  });
-});
@@ -1,429 +0,0 @@
-import type { TSurveyBlocks } from "@formbricks/types/surveys/blocks";
-import type { TConditionGroup, TDynamicLogicFieldValue } from "@formbricks/types/surveys/logic";
-import type { TSurveyEndings, TSurveyHiddenFields, TSurveyVariables } from "@formbricks/types/surveys/types";
-import type { InvalidParam } from "@/app/api/v3/lib/response";
-import { V3_SURVEY_TRANSLATABLE_METADATA_KEYS } from "./translation-fields";
-
-type TReferenceValidationInput = {
-  blocks: TSurveyBlocks;
-  endings: TSurveyEndings;
-  hiddenFields: TSurveyHiddenFields;
-  metadata?: unknown;
-  variables: TSurveyVariables;
-  welcomeCard?: unknown;
-};
-
-type TNamedReference = {
-  id: string;
-  path: string;
-  namespace: "block" | "element" | "ending" | "hiddenField" | "variable" | "variableName";
-};
-
-type TReferenceLookup = {
-  elementIds: Set<string>;
-  variableIds: Set<string>;
-  hiddenFieldIds: Set<string>;
-};
-
-export class V3SurveyReferenceValidationError extends Error {
-  invalidParams: InvalidParam[];
-
-  constructor(invalidParams: InvalidParam[]) {
-    super("Survey contains invalid references");
-    this.name = "V3SurveyReferenceValidationError";
-    this.invalidParams = invalidParams;
-  }
-}
-
-export type TV3SurveyReferenceValidationResult =
-  | { ok: true; invalidParams: [] }
-  | { ok: false; invalidParams: InvalidParam[] };
-
-function addDuplicateIdIssues(
-  entries: { id: string; path: string }[],
-  label: string,
-  referenceType: NonNullable<InvalidParam["referenceType"]>,
-  issues: InvalidParam[]
-): void {
-  const firstPathById = new Map<string, string>();
-
-  entries.forEach(({ id, path }) => {
-    const firstPath = firstPathById.get(id);
-    if (firstPath !== undefined) {
-      issues.push({
-        name: path,
-        reason: `${label} id '${id}' is duplicated; first used at ${firstPath}`,
-        code: "duplicate_identifier",
-        identifier: id,
-        referenceType,
-        firstUsedAt: firstPath,
-      });
-      return;
-    }
-
-    firstPathById.set(id, path);
-  });
-}
-
-function addDuplicateValueIssues(
-  values: string[],
-  pathForIndex: (index: number) => string,
-  label: string,
-  referenceType: NonNullable<InvalidParam["referenceType"]>,
-  issues: InvalidParam[]
-): void {
-  const firstIndexByValue = new Map<string, number>();
-
-  values.forEach((value, index) => {
-    const firstIndex = firstIndexByValue.get(value);
-    if (firstIndex !== undefined) {
-      issues.push({
-        name: pathForIndex(index),
-        reason: `${label} '${value}' is duplicated; first used at ${pathForIndex(firstIndex)}`,
-        code: "duplicate_identifier",
-        identifier: value,
-        referenceType,
-        firstUsedAt: pathForIndex(firstIndex),
-      });
-      return;
-    }
-
-    firstIndexByValue.set(value, index);
-  });
-}
-
-function addCrossNamespaceCollisionIssues(entries: TNamedReference[], issues: InvalidParam[]): void {
-  const firstEntryById = new Map<string, TNamedReference>();
-
-  entries.forEach((entry) => {
-    const lookupId = entry.id.toLowerCase();
-    const firstEntry = firstEntryById.get(lookupId);
-
-    if (!firstEntry) {
-      firstEntryById.set(lookupId, entry);
-      return;
-    }
-
-    if (firstEntry.namespace === entry.namespace) {
-      return;
-    }
-
-    issues.push({
-      name: entry.path,
-      reason: `${entry.namespace} identifier '${entry.id}' conflicts with ${firstEntry.namespace} identifier at ${firstEntry.path}`,
-      code: "duplicate_identifier",
-      identifier: entry.id,
-      referenceType: entry.namespace,
-      conflictsWith: firstEntry.path,
-    });
-  });
-}
-
-function isPlainObject(value: unknown): value is Record<string, unknown> {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-
-function addRecallReferenceIssues(
-  value: unknown,
-  path: string,
-  references: TReferenceLookup,
-  issues: InvalidParam[]
-): void {
-  if (typeof value === "string") {
-    const recallPattern = /#recall:([A-Za-z0-9_-]+)/g;
-
-    for (const match of value.matchAll(recallPattern)) {
-      const recallId = match[1];
-      const isKnownReference =
-        references.elementIds.has(recallId) ||
-        references.variableIds.has(recallId) ||
-        references.hiddenFieldIds.has(recallId);
-
-      if (!isKnownReference) {
-        issues.push({
-          name: path,
-          reason: `Recall reference '${recallId}' is not defined in blocks, variables, or hiddenFields.fieldIds`,
-          code: "dangling_reference",
-          identifier: recallId,
-          referenceType: "recall",
-          missingId: recallId,
-        });
-      }
-    }
-
-    return;
-  }
-
-  if (Array.isArray(value)) {
-    value.forEach((entry, index) => addRecallReferenceIssues(entry, `${path}.${index}`, references, issues));
-    return;
-  }
-
-  if (!isPlainObject(value)) {
-    return;
-  }
-
-  Object.entries(value).forEach(([key, entry]) => {
-    addRecallReferenceIssues(entry, path ? `${path}.${key}` : key, references, issues);
-  });
-}
-
-function addMetadataRecallReferenceIssues(
-  metadata: unknown,
-  references: TReferenceLookup,
-  issues: InvalidParam[]
-): void {
-  if (!isPlainObject(metadata)) {
-    return;
-  }
-
-  V3_SURVEY_TRANSLATABLE_METADATA_KEYS.forEach((key) =>
-    addRecallReferenceIssues(metadata[key], `metadata.${key}`, references, issues)
-  );
-}
-
-function validateDynamicOperand(
-  operand: TDynamicLogicFieldValue,
-  path: string,
-  references: TReferenceLookup,
-  issues: InvalidParam[]
-): void {
-  if (operand.type === "element" && !references.elementIds.has(operand.value)) {
-    issues.push({
-      name: `${path}.value`,
-      reason: `Element id '${operand.value}' is not defined in blocks`,
-      code: "dangling_reference",
-      identifier: operand.value,
-      referenceType: "element",
-      missingId: operand.value,
-    });
-  }
-
-  if (operand.type === "variable" && !references.variableIds.has(operand.value)) {
-    issues.push({
-      name: `${path}.value`,
-      reason: `Variable id '${operand.value}' is not defined in variables`,
-      code: "dangling_reference",
-      identifier: operand.value,
-      referenceType: "variable",
-      missingId: operand.value,
-    });
-  }
-
-  if (operand.type === "hiddenField" && !references.hiddenFieldIds.has(operand.value)) {
-    issues.push({
-      name: `${path}.value`,
-      reason: `Hidden field id '${operand.value}' is not defined in hiddenFields.fieldIds`,
-      code: "dangling_reference",
-      identifier: operand.value,
-      referenceType: "hiddenField",
-      missingId: operand.value,
-    });
-  }
-}
-
-function validateConditionGroup(
-  conditionGroup: TConditionGroup,
-  path: string,
-  references: TReferenceLookup,
-  issues: InvalidParam[]
-): void {
-  conditionGroup.conditions.forEach((condition, index) => {
-    const conditionPath = `${path}.conditions.${index}`;
-
-    if ("conditions" in condition) {
-      validateConditionGroup(condition, conditionPath, references, issues);
-      return;
-    }
-
-    validateDynamicOperand(condition.leftOperand, `${conditionPath}.leftOperand`, references, issues);
-
-    if (condition.rightOperand?.type && condition.rightOperand.type !== "static") {
-      validateDynamicOperand(condition.rightOperand, `${conditionPath}.rightOperand`, references, issues);
-    }
-  });
-}
-
-export function getV3SurveyReferenceInvalidParams(input: TReferenceValidationInput): InvalidParam[] {
-  const issues: InvalidParam[] = [];
-  const blockIds = input.blocks.map((block) => block.id);
-  const blockEntries = input.blocks.map((block, index) => ({
-    id: block.id,
-    path: `blocks.${index}.id`,
-  }));
-  const endingIds = input.endings.map((ending) => ending.id);
-  const endingEntries = input.endings.map((ending, index) => ({
-    id: ending.id,
-    path: `endings.${index}.id`,
-  }));
-  const elementEntries = input.blocks.flatMap((block, blockIndex) =>
-    block.elements.map((element, elementIndex) => ({
-      id: element.id,
-      path: `blocks.${blockIndex}.elements.${elementIndex}.id`,
-    }))
-  );
-  const elementIds = elementEntries.map((element) => element.id);
-  const hiddenFieldIds = input.hiddenFields.fieldIds ?? [];
-  const hiddenFieldEntries = hiddenFieldIds.map((id, index) => ({
-    id,
-    path: `hiddenFields.fieldIds.${index}`,
-  }));
-  const variableIds = input.variables.map((variable) => variable.id);
-  const variableIdEntries = variableIds.map((id, index) => ({
-    id,
-    path: `variables.${index}.id`,
-  }));
-  const variableNames = input.variables.map((variable) => variable.name);
-  const variableNameEntries = variableNames.map((id, index) => ({
-    id,
-    path: `variables.${index}.name`,
-  }));
-  const navigationTargetIds = new Set([...blockIds, ...endingIds]);
-  const navigationTargetReferenceTypes = new Map<string, "block" | "ending">([
-    ...blockIds.map((id) => [id, "block"] as const),
-    ...endingIds.map((id) => [id, "ending"] as const),
-  ]);
-  const references = {
-    elementIds: new Set(elementIds),
-    variableIds: new Set(variableIds),
-    hiddenFieldIds: new Set(hiddenFieldIds),
-  };
-
-  addDuplicateIdIssues(blockEntries, "Block", "block", issues);
-  addDuplicateIdIssues(elementEntries, "Element", "element", issues);
-  addDuplicateIdIssues(variableIdEntries, "Variable", "variable", issues);
-  addDuplicateValueIssues(
-    hiddenFieldIds,
-    (index) => `hiddenFields.fieldIds.${index}`,
-    "Hidden field id",
-    "hiddenField",
-    issues
-  );
-  addDuplicateValueIssues(
-    variableNames,
-    (index) => `variables.${index}.name`,
-    "Variable name",
-    "variableName",
-    issues
-  );
-  addCrossNamespaceCollisionIssues(
-    [
-      ...blockEntries.map((entry) => ({ ...entry, namespace: "block" as const })),
-      ...elementEntries.map((entry) => ({ ...entry, namespace: "element" as const })),
-      ...endingEntries.map((entry) => ({ ...entry, namespace: "ending" as const })),
-      ...hiddenFieldEntries.map((entry) => ({ ...entry, namespace: "hiddenField" as const })),
-      ...variableIdEntries.map((entry) => ({ ...entry, namespace: "variable" as const })),
-      ...variableNameEntries.map((entry) => ({ ...entry, namespace: "variableName" as const })),
-    ],
-    issues
-  );
-
-  input.blocks.forEach((block, blockIndex) => {
-    if (block.logicFallback && !block.logic?.length) {
-      issues.push({
-        name: `blocks.${blockIndex}.logicFallback`,
-        reason:
-          "logicFallback requires at least one logic rule on the same block; omit logicFallback for normal sequential flow or add blocks[].logic",
-        code: "invalid_reference",
-        identifier: block.logicFallback,
-        referenceType: navigationTargetReferenceTypes.get(block.logicFallback) ?? "block",
-      });
-    }
-
-    if (block.logicFallback && block.logicFallback === block.id) {
-      issues.push({
-        name: `blocks.${blockIndex}.logicFallback`,
-        reason: "logicFallback cannot target the same block",
-        code: "invalid_reference",
-        identifier: block.logicFallback,
-        referenceType: "block",
-      });
-    }
-
-    if (block.logicFallback && !navigationTargetIds.has(block.logicFallback)) {
-      issues.push({
-        name: `blocks.${blockIndex}.logicFallback`,
-        reason: `Logic fallback target '${block.logicFallback}' is not defined in blocks or endings`,
-        code: "dangling_reference",
-        identifier: block.logicFallback,
-        referenceType: "block",
-        missingId: block.logicFallback,
-      });
-    }
-
-    block.logic?.forEach((logic, logicIndex) => {
-      const logicPath = `blocks.${blockIndex}.logic.${logicIndex}`;
-      validateConditionGroup(logic.conditions, `${logicPath}.conditions`, references, issues);
-
-      logic.actions.forEach((action, actionIndex) => {
-        const actionPath = `${logicPath}.actions.${actionIndex}`;
-
-        if (action.objective === "calculate") {
-          if (!references.variableIds.has(action.variableId)) {
-            issues.push({
-              name: `${actionPath}.variableId`,
-              reason: `Variable id '${action.variableId}' is not defined in variables`,
-              code: "dangling_reference",
-              identifier: action.variableId,
-              referenceType: "variable",
-              missingId: action.variableId,
-            });
-          }
-
-          if (action.value.type !== "static") {
-            validateDynamicOperand(action.value, `${actionPath}.value`, references, issues);
-          }
-        }
-
-        if (action.objective === "requireAnswer" && !references.elementIds.has(action.target)) {
-          issues.push({
-            name: `${actionPath}.target`,
-            reason: `Element id '${action.target}' is not defined in blocks`,
-            code: "dangling_reference",
-            identifier: action.target,
-            referenceType: "element",
-            missingId: action.target,
-          });
-        }
-
-        if (action.objective === "jumpToBlock" && !navigationTargetIds.has(action.target)) {
-          issues.push({
-            name: `${actionPath}.target`,
-            reason: `Jump target '${action.target}' is not defined in blocks or endings`,
-            code: "dangling_reference",
-            identifier: action.target,
-            referenceType: "block",
-            missingId: action.target,
-          });
-        }
-      });
-    });
-  });
-
-  addRecallReferenceIssues(input.blocks, "blocks", references, issues);
-  addRecallReferenceIssues(input.endings, "endings", references, issues);
-  addRecallReferenceIssues(input.welcomeCard, "welcomeCard", references, issues);
-  addMetadataRecallReferenceIssues(input.metadata, references, issues);
-
-  return issues;
-}
-
-export function validateV3SurveyReferences(
-  input: TReferenceValidationInput
-): TV3SurveyReferenceValidationResult {
-  const invalidParams = getV3SurveyReferenceInvalidParams(input);
-
-  if (invalidParams.length > 0) {
-    return { ok: false, invalidParams };
-  }
-
-  return { ok: true, invalidParams: [] };
-}
-
-export function assertValidV3SurveyReferences(input: TReferenceValidationInput): void {
-  const result = validateV3SurveyReferences(input);
-
-  if (!result.ok) {
-    throw new V3SurveyReferenceValidationError(result.invalidParams);
-  }
-}
@@ -50,10 +50,6 @@ vi.mock("@/modules/survey/list/lib/survey", async (importOriginal) => {
  };
 });

-vi.mock("./create", () => ({
-  createV3Survey: vi.fn(),
-}));
-
 vi.mock("@formbricks/logger", () => ({
  logger: {
    withContext: vi.fn(() => ({
@@ -1,5 +1,5 @@
 /**
- * /api/v3/surveys — list and create block-based survey management resources.
+ * GET /api/v3/surveys — list surveys for a workspace.
 * Session cookie or x-api-key; scope by workspaceId only.
 */
 import { logger } from "@formbricks/logger";
@@ -7,7 +7,6 @@ import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { withV3ApiWrapper } from "@/app/api/v3/lib/api-wrapper";
 import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
 import {
-  createdResponse,
  problemBadRequest,
  problemForbidden,
  problemInternalError,
@@ -15,15 +14,8 @@ import {
 } from "@/app/api/v3/lib/response";
 import { getSurveyCount } from "@/modules/survey/list/lib/survey";
 import { getSurveyListPage } from "@/modules/survey/list/lib/survey-page";
-import { V3SurveyCreatePermissionError, createV3Survey } from "./create";
 import { parseV3SurveysListQuery } from "./parse-v3-surveys-list-query";
-import { V3SurveyReferenceValidationError } from "./reference-validation";
-import { ZV3CreateSurveyBody } from "./schemas";
-import {
-  V3SurveyUnsupportedShapeError,
-  serializeV3SurveyListItem,
-  serializeV3SurveyResource,
-} from "./serializers";
+import { serializeV3SurveyListItem } from "./serializers";

 export const GET = withV3ApiWrapper({
  auth: "both",
@@ -88,81 +80,3 @@ export const GET = withV3ApiWrapper({
    }
  },
 });
-
-export const POST = withV3ApiWrapper({
-  auth: "both",
-  schemas: {
-    body: ZV3CreateSurveyBody,
-  },
-  action: "created",
-  targetType: "survey",
-  handler: async ({ authentication, auditLog, parsedInput, requestId, instance }) => {
-    const { body } = parsedInput;
-    const log = logger.withContext({ requestId, workspaceId: body.workspaceId });
-
-    try {
-      const authResult = await requireV3WorkspaceAccess(
-        authentication,
-        body.workspaceId,
-        "readWrite",
-        requestId,
-        instance
-      );
-      if (authResult instanceof Response) {
-        return authResult;
-      }
-
-      const survey = await createV3Survey(
-        {
-          ...body,
-          workspaceId: authResult.workspaceId,
-        },
-        authentication,
-        requestId,
-        authResult.organizationId
-      );
-      const resource = serializeV3SurveyResource(survey);
-
-      if (auditLog) {
-        auditLog.organizationId = authResult.organizationId;
-        auditLog.targetId = survey.id;
-        auditLog.newObject = resource;
-      }
-
-      return createdResponse(resource, {
-        requestId,
-        location: `/api/v3/surveys/${survey.id}`,
-      });
-    } catch (err) {
-      if (err instanceof V3SurveyReferenceValidationError) {
-        log.warn({ statusCode: 400, invalidParams: err.invalidParams }, "Survey document validation failed");
-        return problemBadRequest(requestId, "Invalid survey document", {
-          invalid_params: err.invalidParams,
-          instance,
-        });
-      }
-      if (err instanceof V3SurveyUnsupportedShapeError) {
-        log.warn({ statusCode: 400, errorCode: err.name }, "Unsupported survey shape");
-        return problemBadRequest(requestId, err.message, {
-          invalid_params: [{ name: "body", reason: err.message }],
-          instance,
-        });
-      }
-      if (err instanceof V3SurveyCreatePermissionError) {
-        log.warn({ statusCode: 403, errorCode: err.name }, "Survey create permission check failed");
-        return problemForbidden(requestId, err.message, instance);
-      }
-      if (err instanceof ResourceNotFoundError) {
-        log.warn({ statusCode: 403, errorCode: err.name }, "Resource not found");
-        return problemForbidden(requestId, "You are not authorized to access this resource", instance);
-      }
-      if (err instanceof DatabaseError) {
-        log.error({ error: err, statusCode: 500 }, "Database error");
-        return problemInternalError(requestId, "An unexpected error occurred.", instance);
-      }
-
-      log.error({ error: err, statusCode: 500 }, "V3 survey create unexpected error");
-      return problemInternalError(requestId, "An unexpected error occurred.", instance);
-    }
-  },
-});
@@ -1,624 +0,0 @@
-import { describe, expect, test } from "vitest";
-import {
-  ZV3CreateSurveyBody,
-  ZV3PatchSurveyBody,
-  createZV3PatchSurveyBodySchema,
-  formatV3ZodInvalidParams,
-} from "./schemas";
-
-const validCreateBody = {
-  workspaceId: "clxx1234567890123456789012",
-  name: "Product Feedback",
-  blocks: [
-    {
-      id: "clbk1234567890123456789012",
-      name: "Main Block",
-      elements: [
-        {
-          id: "satisfaction",
-          type: "openText",
-          headline: { "en-US": "What should we improve?" },
-          required: true,
-        },
-      ],
-    },
-  ],
-};
-
-describe("ZV3CreateSurveyBody", () => {
-  test("accepts a valid block-based create body and applies public defaults", () => {
-    const parsed = ZV3CreateSurveyBody.parse(validCreateBody);
-
-    expect(parsed).toMatchObject({
-      workspaceId: validCreateBody.workspaceId,
-      name: "Product Feedback",
-      type: "link",
-      status: "draft",
-      metadata: {},
-      defaultLanguage: "en-US",
-      languages: [],
-      welcomeCard: { enabled: false },
-      endings: [],
-      hiddenFields: { enabled: false },
-      variables: [],
-    });
-    expect(parsed.blocks[0].elements[0]).toMatchObject({
-      headline: { default: "What should we improve?" },
-    });
-  });
-
-  test("generates server-managed block and variable ids on create when omitted", () => {
-    const parsed = ZV3CreateSurveyBody.parse({
-      ...validCreateBody,
-      blocks: [
-        {
-          name: "Generated ID Block",
-          elements: validCreateBody.blocks[0].elements,
-        },
-      ],
-      variables: [
-        {
-          name: "score",
-          type: "number",
-          value: 0,
-        },
-      ],
-    });
-
-    expect(parsed.blocks[0].id).toEqual(expect.any(String));
-    expect(parsed.blocks[0].id.length).toBeGreaterThan(0);
-    expect(parsed.variables[0].id).toEqual(expect.any(String));
-    expect(parsed.variables[0].id.length).toBeGreaterThan(0);
-  });
-
-  test("normalizes locale maps and language codes before shared survey validation", () => {
-    const parsed = ZV3CreateSurveyBody.parse({
-      ...validCreateBody,
-      defaultLanguage: "en_us",
-      languages: [{ code: "de_de" }],
-      welcomeCard: {
-        enabled: true,
-        headline: { en_us: "Welcome", de_de: "Willkommen" },
-      },
-      blocks: [
-        {
-          ...validCreateBody.blocks[0],
-          elements: [
-            {
-              ...validCreateBody.blocks[0].elements[0],
-              headline: { en_us: "Hello", de_de: "Hallo" },
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(parsed.defaultLanguage).toBe("en-US");
-    expect(parsed.languages).toEqual([{ code: "de-DE", enabled: true }]);
-    expect(parsed.welcomeCard).toMatchObject({
-      headline: { default: "Welcome", "de-DE": "Willkommen" },
-    });
-    expect(parsed.blocks[0].elements[0]).toMatchObject({
-      headline: { default: "Hello", "de-DE": "Hallo" },
-    });
-  });
-
-  test("rejects an invalid defaultLanguage instead of silently defaulting", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      defaultLanguage: "not a locale",
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(formatV3ZodInvalidParams(result.error, "body")).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "defaultLanguage",
-            reason: "Language 'not a locale' is not a valid locale code",
-            code: "invalid_locale",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects duplicate locale keys after normalization", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      blocks: [
-        {
-          ...validCreateBody.blocks[0],
-          elements: [
-            {
-              ...validCreateBody.blocks[0].elements[0],
-              headline: { "en-US": "Hello", en_us: "Duplicate" },
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(formatV3ZodInvalidParams(result.error, "body")).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.elements.0.headline.en_us",
-            reason: "Language key 'en_us' duplicates 'en-US' after locale normalization",
-            code: "duplicate_locale",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects unsupported top-level fields instead of silently ignoring them", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      questions: [],
-      styling: {},
-      createdBy: "user_1",
-    });
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues.map((issue) => issue.path.join("."))).toEqual(
-      expect.arrayContaining(["questions", "styling", "createdBy"])
-    );
-  });
-
-  test("rejects unsupported nested fields instead of stripping them", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      blocks: [
-        {
-          ...validCreateBody.blocks[0],
-          targeting: {},
-          elements: [
-            {
-              ...validCreateBody.blocks[0].elements[0],
-              analytics: {},
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues.map((issue) => issue.path.join("."))).toEqual(
-      expect.arrayContaining(["blocks.0.targeting", "blocks.0.elements.0.analytics"])
-    );
-  });
-
-  test("rejects element fields that do not belong to the selected element type", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      blocks: [
-        {
-          ...validCreateBody.blocks[0],
-          elements: [
-            {
-              ...validCreateBody.blocks[0].elements[0],
-              buttonUrl: "https://example.com",
-              scale: "star",
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues.map((issue) => issue.path.join("."))).toContain(
-      "blocks.0.elements.0.buttonUrl"
-    );
-    expect(result.error?.issues.map((issue) => issue.path.join("."))).toContain("blocks.0.elements.0.scale");
-    expect(
-      result.error?.issues.find((issue) => issue.path.join(".") === "blocks.0.elements.0.buttonUrl")
-    ).toMatchObject({
-      message: expect.stringContaining("element type 'openText'"),
-    });
-  });
-
-  test("rejects choice fields that do not belong to the selected element type", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      blocks: [
-        {
-          ...validCreateBody.blocks[0],
-          elements: [
-            {
-              id: "choices",
-              type: "multipleChoiceSingle",
-              headline: { "en-US": "Pick one" },
-              required: true,
-              choices: [
-                { id: "choice_1", label: { "en-US": "A" }, imageUrl: "https://example.com/a.png" },
-                { id: "choice_2", label: { "en-US": "B" } },
-              ],
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues.map((issue) => issue.path.join("."))).toContain(
-      "blocks.0.elements.0.choices.0.imageUrl"
-    );
-    expect(
-      result.error?.issues.find((issue) => issue.path.join(".") === "blocks.0.elements.0.choices.0.imageUrl")
-    ).toMatchObject({
-      message: expect.stringContaining("Allowed fields: id, label"),
-    });
-  });
-
-  test("does not rewrite locale-shaped objects in logic metadata", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      blocks: [
-        {
-          ...validCreateBody.blocks[0],
-          elements: [
-            {
-              ...validCreateBody.blocks[0].elements[0],
-            },
-          ],
-          logic: [
-            {
-              id: "cllog123456789012345678901",
-              conditions: {
-                id: "clgrp123456789012345678901",
-                connector: "and",
-                conditions: [
-                  {
-                    id: "clcon123456789012345678901",
-                    leftOperand: {
-                      type: "element",
-                      value: "satisfaction",
-                      meta: { "en-US": "metadata" },
-                    },
-                    operator: "isSubmitted",
-                  },
-                ],
-              },
-              actions: [
-                {
-                  id: "clact123456789012345678901",
-                  objective: "requireAnswer",
-                  target: "satisfaction",
-                },
-              ],
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(result.success).toBe(true);
-    if (!result.success) {
-      throw new Error("Expected schema validation to pass");
-    }
-    expect(result.data.blocks[0].logic?.[0].conditions.conditions[0]).toMatchObject({
-      leftOperand: {
-        meta: { "en-US": "metadata" },
-      },
-    });
-  });
-
-  test("rejects the internal default translation key in public v3 input", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      blocks: [
-        {
-          ...validCreateBody.blocks[0],
-          elements: [
-            {
-              ...validCreateBody.blocks[0].elements[0],
-              headline: { default: "Internal key should not be public" },
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues[0].path.join(".")).toBe("blocks.0.elements.0.headline.default");
-  });
-
-  test("preserves arbitrary metadata while normalizing known translatable metadata fields", () => {
-    const parsed = ZV3CreateSurveyBody.parse({
-      ...validCreateBody,
-      metadata: {
-        cx_context: {
-          "de-DE": "This is arbitrary customer metadata, not translation content",
-        },
-        title: {
-          "en-US": "Feedback Survey",
-          "de-DE": "Feedback-Umfrage",
-        },
-      },
-    });
-
-    expect(parsed.metadata).toMatchObject({
-      cx_context: {
-        "de-DE": "This is arbitrary customer metadata, not translation content",
-      },
-      title: {
-        default: "Feedback Survey",
-        "de-DE": "Feedback-Umfrage",
-      },
-    });
-  });
-
-  test("rejects non-link survey types for this survey-template endpoint", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      type: "app",
-    });
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues[0].path).toEqual(["type"]);
-  });
-
-  test("rejects malformed locale maps that do not include the default language", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      blocks: [
-        {
-          ...validCreateBody.blocks[0],
-          elements: [
-            {
-              ...validCreateBody.blocks[0].elements[0],
-              headline: { "not a locale": "Hello" },
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(formatV3ZodInvalidParams(result.error, "body")).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.elements.0.headline.not a locale",
-            reason: "Language key 'not a locale' is not a valid locale code",
-            code: "invalid_locale",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("reports missing required element fields before shared element union errors", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      blocks: [
-        {
-          ...validCreateBody.blocks[0],
-          elements: [
-            {
-              id: "feedback",
-              type: "openText",
-              headline: { "en-US": "Tell us more" },
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(formatV3ZodInvalidParams(result.error, "body")).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "blocks.0.elements.0.required",
-            reason: "Missing required field 'required' for element type 'openText'",
-            code: "missing_required_field",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("reports missing required ending fields before shared ending union errors", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      endings: [
-        {
-          type: "endScreen",
-          headline: { "en-US": "Thanks!" },
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(formatV3ZodInvalidParams(result.error, "body")).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "endings.0.id",
-            reason: "Missing required field 'id' for ending type 'endScreen'",
-            code: "missing_required_field",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("reports missing ending type with a precise invalid param path", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      endings: [
-        {
-          id: "clend123456789012345678901",
-          headline: { "en-US": "Thanks!" },
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(formatV3ZodInvalidParams(result.error, "body")).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "endings.0.type",
-            reason: "Missing required field 'type' for survey ending",
-            code: "missing_required_field",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("rejects duplicate language entries and disabled default language", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      languages: [{ code: "en-US", enabled: false }, { code: "en_us" }],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(formatV3ZodInvalidParams(result.error, "body")).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "languages.0.enabled",
-            reason: "The default language cannot be disabled",
-          }),
-          expect.objectContaining({
-            name: "languages.1.code",
-            reason: "Language 'en-US' is duplicated",
-            code: "duplicate_locale",
-          }),
-        ])
-      );
-    }
-  });
-
-  test("reports invalid language entries with machine-readable locale metadata", () => {
-    const result = ZV3CreateSurveyBody.safeParse({
-      ...validCreateBody,
-      languages: [{ code: "de", enabled: true }],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(formatV3ZodInvalidParams(result.error, "body")).toEqual(
-        expect.arrayContaining([
-          expect.objectContaining({
-            name: "languages.0.code",
-            reason: "Language 'de' is not a valid locale code",
-            code: "invalid_locale",
-          }),
-        ])
-      );
-    }
-  });
-});
-
-describe("ZV3PatchSurveyBody", () => {
-  test("accepts a strict top-level partial and preserves omitted defaults", () => {
-    const parsed = ZV3PatchSurveyBody.parse({
-      name: "Updated survey",
-    });
-
-    expect(parsed).toEqual({ name: "Updated survey" });
-  });
-
-  test("rejects an empty patch body", () => {
-    const result = ZV3PatchSurveyBody.safeParse({});
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues[0]).toMatchObject({
-      message: "Request body must include at least one updatable field",
-    });
-  });
-
-  test("rejects immutable and out-of-scope fields", () => {
-    const result = ZV3PatchSurveyBody.safeParse({
-      id: "clsv1234567890123456789012",
-      workspaceId: "clxx1234567890123456789012",
-      type: "link",
-      defaultLanguage: "de-DE",
-      questions: [],
-    });
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues.map((issue) => issue.path.join("."))).toEqual(
-      expect.arrayContaining(["id", "workspaceId", "type", "defaultLanguage", "questions"])
-    );
-  });
-
-  test("rejects patch languages that mark a non-current locale as default", () => {
-    const result = createZV3PatchSurveyBodySchema("en-US").safeParse({
-      languages: [{ code: "de-DE", default: true, enabled: true }],
-    });
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues[0]).toMatchObject({
-      message: "The default language entry must match defaultLanguage",
-      path: ["languages", 0, "default"],
-    });
-  });
-
-  test("accepts patch languages that keep the current default locale", () => {
-    const parsed = createZV3PatchSurveyBodySchema("en-US").parse({
-      languages: [
-        { code: "en_us", default: true, enabled: true },
-        { code: "de-DE", enabled: false },
-      ],
-    });
-
-    expect(parsed.languages).toEqual([
-      { code: "en-US", default: true, enabled: true },
-      { code: "de-DE", enabled: false },
-    ]);
-  });
-
-  test("normalizes patch translation maps using the current default language", () => {
-    const parsed = createZV3PatchSurveyBodySchema("de-DE").parse({
-      blocks: [
-        {
-          id: "clbk1234567890123456789012",
-          name: "Main Block",
-          elements: [
-            {
-              id: "satisfaction",
-              type: "openText",
-              headline: { de_de: "Hallo", en_us: "Hello" },
-              required: true,
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(parsed.blocks?.[0].elements[0]).toMatchObject({
-      headline: { default: "Hallo", "en-US": "Hello" },
-    });
-    expect(parsed).not.toHaveProperty("defaultLanguage");
-  });
-
-  test("does not generate missing ids for canonical patch documents", () => {
-    const result = ZV3PatchSurveyBody.safeParse({
-      blocks: [
-        {
-          name: "Missing ID Block",
-          elements: validCreateBody.blocks[0].elements,
-        },
-      ],
-      variables: [
-        {
-          name: "score",
-          type: "number",
-          value: 0,
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    expect(result.error?.issues.map((issue) => issue.path.join("."))).toEqual(
-      expect.arrayContaining(["blocks.0.id", "variables.0.id"])
-    );
-  });
-});
@@ -1,304 +0,0 @@
-import { describe, expect, test } from "vitest";
-import type { TSurvey } from "@formbricks/types/surveys/types";
-import {
-  V3SurveyLanguageError,
-  V3SurveyUnsupportedShapeError,
-  serializeV3SurveyResource,
-} from "./serializers";
-
-const baseSurvey = {
-  id: "survey_1",
-  workspaceId: "workspace_1",
-  createdAt: new Date("2026-04-21T10:00:00.000Z"),
-  updatedAt: new Date("2026-04-21T11:00:00.000Z"),
-  name: "Product Feedback",
-  type: "link",
-  status: "draft",
-  metadata: {
-    cx: "enterprise",
-    arbitraryConfig: { default: "preserve-me", mode: "strict" },
-    title: { default: "Product Feedback", "de-DE": "Produktfeedback" },
-  },
-  languages: [
-    {
-      default: true,
-      enabled: true,
-      language: { id: "lang_1", code: "en-US", alias: "en", createdAt: new Date(), updatedAt: new Date() },
-    },
-    {
-      default: false,
-      enabled: true,
-      language: { id: "lang_2", code: "de-DE", alias: "de", createdAt: new Date(), updatedAt: new Date() },
-    },
-    {
-      default: false,
-      enabled: false,
-      language: { id: "lang_3", code: "fr-FR", alias: "fr", createdAt: new Date(), updatedAt: new Date() },
-    },
-  ],
-  questions: [],
-  welcomeCard: {
-    enabled: true,
-    headline: { default: "Welcome", "de-DE": "Willkommen", "fr-FR": "Bienvenue" },
-  },
-  blocks: [
-    {
-      id: "block_1",
-      name: "Intro",
-      elements: [
-        {
-          id: "satisfaction",
-          type: "openText",
-          headline: { default: "What should we improve?", "de-DE": "Was sollen wir verbessern?" },
-          subheader: { default: "Tell us more" },
-          required: true,
-        },
-      ],
-    },
-  ],
-  endings: [],
-  hiddenFields: { enabled: false, fieldIds: [] },
-  variables: [],
-} as unknown as TSurvey;
-
-describe("serializeV3SurveyResource", () => {
-  test("returns canonical multilingual fields using real locale codes", () => {
-    const resource = serializeV3SurveyResource(baseSurvey);
-
-    expect(resource.defaultLanguage).toBe("en-US");
-    expect(resource).not.toHaveProperty("language");
-    expect(resource.languages).toEqual([
-      { code: "en-US", default: true, enabled: true },
-      { code: "de-DE", default: false, enabled: true },
-      { code: "fr-FR", default: false, enabled: false },
-    ]);
-    expect(resource).toMatchObject({
-      metadata: {
-        cx: "enterprise",
-        arbitraryConfig: { default: "preserve-me", mode: "strict" },
-        title: {
-          "en-US": "Product Feedback",
-          "de-DE": "Produktfeedback",
-        },
-      },
-    });
-    expect(resource).toMatchObject({
-      welcomeCard: {
-        headline: {
-          "en-US": "Welcome",
-          "de-DE": "Willkommen",
-          "fr-FR": "Bienvenue",
-        },
-      },
-    });
-    expect(resource).toMatchObject({
-      blocks: [
-        {
-          elements: [
-            {
-              headline: {
-                "en-US": "What should we improve?",
-                "de-DE": "Was sollen wir verbessern?",
-              },
-            },
-          ],
-        },
-      ],
-    });
-  });
-
-  test("does not expose the internal default pseudo-locale for surveys without configured languages", () => {
-    const survey = {
-      ...baseSurvey,
-      languages: [],
-      welcomeCard: {
-        enabled: true,
-        headline: { default: "Welcome" },
-      },
-      blocks: [
-        {
-          id: "block_1",
-          name: "Intro",
-          elements: [
-            {
-              id: "satisfaction",
-              type: "openText",
-              headline: { default: "What should we improve?" },
-              required: true,
-            },
-          ],
-        },
-      ],
-    } as unknown as TSurvey;
-
-    const resource = serializeV3SurveyResource(survey);
-
-    expect(resource.defaultLanguage).toBe("en-US");
-    expect(resource.languages).toEqual([{ code: "en-US", default: true, enabled: true }]);
-    expect(resource).toMatchObject({
-      welcomeCard: { headline: { "en-US": "Welcome" } },
-      blocks: [
-        {
-          elements: [
-            {
-              headline: { "en-US": "What should we improve?" },
-            },
-          ],
-        },
-      ],
-    });
-  });
-
-  test("filters the implicit default language for surveys without configured languages", () => {
-    const survey = {
-      ...baseSurvey,
-      languages: [],
-      welcomeCard: {
-        enabled: true,
-        headline: { default: "Welcome" },
-      },
-    } as unknown as TSurvey;
-
-    const resource = serializeV3SurveyResource(survey, { lang: ["en-US"] });
-
-    expect(resource).not.toHaveProperty("language");
-    expect(resource).toMatchObject({ welcomeCard: { headline: { "en-US": "Welcome" } } });
-  });
-
-  test("preserves stored locale variants when their keys use non-canonical casing or separators", () => {
-    const survey = {
-      ...baseSurvey,
-      welcomeCard: {
-        enabled: true,
-        headline: { default: "Welcome", de_de: "Willkommen" },
-      },
-    } as unknown as TSurvey;
-
-    const resource = serializeV3SurveyResource(survey);
-
-    expect(resource).toMatchObject({
-      welcomeCard: {
-        headline: {
-          "en-US": "Welcome",
-          "de-DE": "Willkommen",
-        },
-      },
-    });
-  });
-
-  test("filters fields for case-insensitive underscore language selectors while preserving maps", () => {
-    const resource = serializeV3SurveyResource(baseSurvey, { lang: ["DE_de"] });
-
-    expect(resource).not.toHaveProperty("language");
-    expect(resource).toMatchObject({
-      welcomeCard: { headline: { "de-DE": "Willkommen" } },
-      blocks: [
-        {
-          elements: [
-            {
-              headline: { "de-DE": "Was sollen wir verbessern?" },
-              subheader: { "de-DE": "Tell us more" },
-            },
-          ],
-        },
-      ],
-    });
-  });
-
-  test("filters script-region locale selectors while preserving maps", () => {
-    const survey = {
-      ...baseSurvey,
-      languages: [
-        ...baseSurvey.languages,
-        {
-          default: false,
-          enabled: true,
-          language: {
-            id: "lang_4",
-            code: "zh-Hans-CN",
-            alias: null,
-            createdAt: new Date(),
-            updatedAt: new Date(),
-          },
-        },
-      ],
-      welcomeCard: {
-        enabled: true,
-        headline: { default: "Welcome", zh_hans_cn: "欢迎" },
-      },
-    } as unknown as TSurvey;
-
-    const resource = serializeV3SurveyResource(survey, { lang: ["ZH_hans_cn"] });
-
-    expect(resource).toMatchObject({
-      welcomeCard: { headline: { "zh-Hans-CN": "欢迎" } },
-    });
-  });
-
-  test("filters disabled configured languages for management reads", () => {
-    const resource = serializeV3SurveyResource(baseSurvey, { lang: ["fr-FR"] });
-
-    expect(resource).toMatchObject({ welcomeCard: { headline: { "fr-FR": "Bienvenue" } } });
-  });
-
-  test("filters multiple requested languages while preserving maps", () => {
-    const resource = serializeV3SurveyResource(baseSurvey, { lang: ["en-US", "de-DE"] });
-
-    expect(resource).not.toHaveProperty("language");
-    expect(resource).toMatchObject({
-      welcomeCard: {
-        headline: {
-          "en-US": "Welcome",
-          "de-DE": "Willkommen",
-        },
-      },
-      blocks: [
-        {
-          elements: [
-            {
-              headline: {
-                "en-US": "What should we improve?",
-                "de-DE": "Was sollen wir verbessern?",
-              },
-            },
-          ],
-        },
-      ],
-    });
-  });
-
-  test("rejects language-only selectors", () => {
-    expect(() => serializeV3SurveyResource(baseSurvey, { lang: ["de"] })).toThrow(
-      "Language 'de' is not a valid locale code"
-    );
-  });
-
-  test("exposes the normalized locale code for unknown language errors", () => {
-    try {
-      serializeV3SurveyResource(baseSurvey, { lang: ["ES_es"] });
-    } catch (error) {
-      if (!(error instanceof V3SurveyLanguageError)) {
-        throw error;
-      }
-
-      expect(error.message).toBe("Language 'es-ES' is not configured for this survey");
-      expect(error.normalizedCode).toBe("es-ES");
-      return;
-    }
-
-    throw new Error("Expected V3SurveyLanguageError");
-  });
-
-  test("rejects legacy question-based survey shapes instead of returning an incomplete block resource", () => {
-    const survey = {
-      ...baseSurvey,
-      questions: [{ id: "legacy_question", type: "openText", headline: { default: "Legacy question" } }],
-      blocks: [],
-    } as unknown as TSurvey;
-
-    expect(() => serializeV3SurveyResource(survey)).toThrow(V3SurveyUnsupportedShapeError);
-    expect(() => serializeV3SurveyResource(survey)).toThrow(
-      "Legacy question-based surveys are not supported by the v3 survey management API"
-    );
-  });
-});
@@ -1,204 +1,13 @@
-import type { TSurvey as TInternalSurvey } from "@formbricks/types/surveys/types";
-import type { TSurvey as TSurveyListRecord } from "@/modules/survey/list/types/surveys";
-import {
-  type TV3SurveyLanguage,
-  getV3SurveyDefaultLanguage,
-  getV3SurveyLanguages,
-  normalizeV3SurveyLanguageTag,
-  resolveV3SurveyLanguageCode,
-} from "./language";
-import { V3_SURVEY_TRANSLATABLE_METADATA_KEYS } from "./translation-fields";
+import type { TSurvey } from "@/modules/survey/list/types/surveys";

-export type TV3SurveyListItem = Omit<TSurveyListRecord, "singleUse">;
-const DEFAULT_V3_SURVEY_LANGUAGE = "en-US";
-
-type TSerializedValue =
-  | string
-  | number
-  | boolean
-  | null
-  | TSerializedValue[]
-  | { [key: string]: TSerializedValue };
-
-export class V3SurveyLanguageError extends Error {
-  constructor(
-    message: string,
-    readonly normalizedCode?: string
-  ) {
-    super(message);
-    this.name = "V3SurveyLanguageError";
-  }
-}
-
-export class V3SurveyUnsupportedShapeError extends Error {
-  constructor(message: string) {
-    super(message);
-    this.name = "V3SurveyUnsupportedShapeError";
-  }
-}
+export type TV3SurveyListItem = Omit<TSurvey, "singleUse">;

 /**
 * Keep the v3 API contract isolated from internal persistence naming.
 * Surveys are scoped by workspaceId.
 */
-export function serializeV3SurveyListItem(survey: TSurveyListRecord): TV3SurveyListItem {
+export function serializeV3SurveyListItem(survey: TSurvey): TV3SurveyListItem {
  const { singleUse: _omitSingleUse, ...rest } = survey;

  return rest;
 }
-
-function toIsoString(value: Date | string): string {
-  return value instanceof Date ? value.toISOString() : new Date(value).toISOString();
-}
-
-function isPlainObject(value: unknown): value is Record<string, unknown> {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-
-function isI18nString(value: unknown): value is Record<string, string> {
-  return (
-    isPlainObject(value) &&
-    typeof value.default === "string" &&
-    Object.values(value).every((entry) => typeof entry === "string")
-  );
-}
-
-function getI18nValueForLanguage(value: Record<string, string>, languageCode: string): string | undefined {
-  if (typeof value[languageCode] === "string") {
-    return value[languageCode];
-  }
-
-  const matchingKey = Object.keys(value).find(
-    (key) => normalizeV3SurveyLanguageTag(key)?.toLowerCase() === languageCode.toLowerCase()
-  );
-  return matchingKey ? value[matchingKey] : undefined;
-}
-
-function serializeCanonicalValue(
-  value: unknown,
-  defaultLanguage: string,
-  languageCodes: Set<string>,
-  options?: { fallbackMissingTranslations?: boolean }
-): TSerializedValue {
-  if (isI18nString(value)) {
-    const result: Record<string, string> = {
-      [defaultLanguage]: value.default,
-    };
-
-    for (const languageCode of languageCodes) {
-      const translatedValue = getI18nValueForLanguage(value, languageCode);
-      if (languageCode !== defaultLanguage) {
-        if (translatedValue !== undefined) {
-          result[languageCode] = translatedValue;
-        } else if (options?.fallbackMissingTranslations) {
-          result[languageCode] = value.default;
-        }
-      }
-    }
-
-    if (!languageCodes.has(defaultLanguage)) {
-      delete result[defaultLanguage];
-    }
-
-    return result;
-  }
-
-  if (Array.isArray(value)) {
-    return value.map((entry) => serializeCanonicalValue(entry, defaultLanguage, languageCodes, options));
-  }
-
-  if (isPlainObject(value)) {
-    return Object.fromEntries(
-      Object.entries(value).map(([key, entry]) => [
-        key,
-        serializeCanonicalValue(entry, defaultLanguage, languageCodes, options),
-      ])
-    );
-  }
-
-  return value as TSerializedValue;
-}
-
-function serializeMetadata(
-  metadata: unknown,
-  defaultLanguage: string,
-  languageCodes: Set<string>,
-  options?: { fallbackMissingTranslations?: boolean }
-): TSerializedValue {
-  if (!isPlainObject(metadata)) {
-    return metadata as TSerializedValue;
-  }
-
-  const serializedMetadata: Record<string, TSerializedValue> = { ...metadata } as Record<
-    string,
-    TSerializedValue
-  >;
-  for (const key of V3_SURVEY_TRANSLATABLE_METADATA_KEYS) {
-    if (metadata[key] !== undefined) {
-      serializedMetadata[key] = serializeCanonicalValue(
-        metadata[key],
-        defaultLanguage,
-        languageCodes,
-        options
-      );
-    }
-  }
-
-  return serializedMetadata;
-}
-
-function resolveRequestedLanguage(languages: TV3SurveyLanguage[], language: string): string {
-  const result = resolveV3SurveyLanguageCode(language, languages);
-
-  if (!result.ok) {
-    throw new V3SurveyLanguageError(result.message, result.normalizedCode);
-  }
-
-  return result.code;
-}
-
-function resolveRequestedLanguages(languages: TV3SurveyLanguage[], requestedLanguages?: string[]): string[] {
-  if (!requestedLanguages) {
-    return [];
-  }
-
-  return requestedLanguages.map((language) => resolveRequestedLanguage(languages, language));
-}
-
-export function serializeV3SurveyResource(survey: TInternalSurvey, options?: { lang?: string[] }) {
-  if (Array.isArray(survey.questions) && survey.questions.length > 0) {
-    throw new V3SurveyUnsupportedShapeError(
-      "Legacy question-based surveys are not supported by the v3 survey management API"
-    );
-  }
-
-  const defaultLanguage = getV3SurveyDefaultLanguage(survey, DEFAULT_V3_SURVEY_LANGUAGE);
-  const languages = getV3SurveyLanguages(survey, DEFAULT_V3_SURVEY_LANGUAGE);
-  const configuredLanguageCodes = new Set(languages.map((language) => language.code));
-  const requestedLanguages = resolveRequestedLanguages(languages, options?.lang);
-  const languageCodes = requestedLanguages.length > 0 ? new Set(requestedLanguages) : configuredLanguageCodes;
-  const serializeValue = (value: unknown) =>
-    serializeCanonicalValue(value, defaultLanguage, languageCodes, {
-      fallbackMissingTranslations: requestedLanguages.length > 0,
-    });
-
-  return {
-    id: survey.id,
-    workspaceId: survey.workspaceId,
-    createdAt: toIsoString(survey.createdAt),
-    updatedAt: toIsoString(survey.updatedAt),
-    name: survey.name,
-    type: survey.type,
-    status: survey.status,
-    metadata: serializeMetadata(survey.metadata, defaultLanguage, languageCodes, {
-      fallbackMissingTranslations: requestedLanguages.length > 0,
-    }),
-    defaultLanguage,
-    languages,
-    welcomeCard: serializeValue(survey.welcomeCard),
-    blocks: serializeValue(survey.blocks),
-    endings: serializeValue(survey.endings),
-    hiddenFields: survey.hiddenFields,
-    variables: survey.variables,
-  };
-}
@@ -1 +0,0 @@
-export const V3_SURVEY_TRANSLATABLE_METADATA_KEYS = ["title", "description"] as const;
@@ -1,108 +0,0 @@
-import { z } from "zod";
-import { logger } from "@formbricks/logger";
-import { DatabaseError } from "@formbricks/types/errors";
-import { withV3ApiWrapper } from "@/app/api/v3/lib/api-wrapper";
-import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
-import { problemInternalError, successResponse } from "@/app/api/v3/lib/response";
-import { getAuthorizedV3Survey } from "../authorization";
-import {
-  type TV3SurveyPrepareResult,
-  prepareV3SurveyCreateInput,
-  prepareV3SurveyPatchInput,
-} from "../prepare";
-import { type TV3SurveyDocument, ZV3EmptyQuery, ZV3SurveyValidationRequestBody } from "../schemas";
-
-const createWorkspaceSchema = z.object({
-  workspaceId: z.cuid2(),
-});
-
-function serializeValidationResult<TDocument extends TV3SurveyDocument>(
-  operation: "create" | "patch",
-  preparation: TV3SurveyPrepareResult<TDocument>
-) {
-  if (!preparation.ok) {
-    return {
-      valid: false,
-      operation,
-      invalid_params: preparation.validation.invalidParams,
-    };
-  }
-
-  return {
-    valid: true,
-    operation,
-    invalid_params: [],
-    languages: preparation.languageRequests.map((languageRequest) => ({
-      ...languageRequest,
-      writeBehavior: "connect_or_create" as const,
-    })),
-  };
-}
-
-export const POST = withV3ApiWrapper({
-  auth: "both",
-  schemas: {
-    body: ZV3SurveyValidationRequestBody,
-    query: ZV3EmptyQuery,
-  },
-  handler: async ({ parsedInput, authentication, requestId, instance }) => {
-    const { body } = parsedInput;
-    const log = logger.withContext({ requestId, operation: body.operation });
-
-    try {
-      if (body.operation === "create") {
-        const workspaceResult = createWorkspaceSchema.safeParse(body.data);
-        if (workspaceResult.success) {
-          const authResult = await requireV3WorkspaceAccess(
-            authentication,
-            workspaceResult.data.workspaceId,
-            "readWrite",
-            requestId,
-            instance
-          );
-
-          if (authResult instanceof Response) {
-            return authResult;
-          }
-        }
-
-        return successResponse(serializeValidationResult("create", prepareV3SurveyCreateInput(body.data)), {
-          requestId,
-          cache: "private, no-store",
-        });
-      }
-
-      const { survey, response } = await getAuthorizedV3Survey({
-        surveyId: body.surveyId,
-        authentication,
-        access: "readWrite",
-        requestId,
-        instance,
-      });
-
-      if (response) {
-        log.warn(
-          { statusCode: response.status, surveyId: body.surveyId },
-          "Survey not found or not accessible"
-        );
-        return response;
-      }
-
-      return successResponse(
-        serializeValidationResult("patch", prepareV3SurveyPatchInput(survey, body.data)),
-        {
-          requestId,
-          cache: "private, no-store",
-        }
-      );
-    } catch (error) {
-      if (error instanceof DatabaseError) {
-        log.error({ error, statusCode: 500 }, "Database error");
-        return problemInternalError(requestId, "An unexpected error occurred.", instance);
-      }
-
-      log.error({ error, statusCode: 500 }, "V3 survey validation unexpected error");
-      return problemInternalError(requestId, "An unexpected error occurred.", instance);
-    }
-  },
-});
@@ -1,152 +0,0 @@
-import type { InvalidParam } from "@/app/api/v3/lib/response";
-import { validateV3SurveyReferences } from "./reference-validation";
-import type { TV3SurveyDocument } from "./schemas";
-import { V3_SURVEY_TRANSLATABLE_METADATA_KEYS } from "./translation-fields";
-
-export type TV3SurveyDocumentValidationResult =
-  | { valid: true; invalidParams: [] }
-  | { valid: false; invalidParams: InvalidParam[] };
-
-function isPlainObject(value: unknown): value is Record<string, unknown> {
-  return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-
-function isInternalI18nString(value: unknown): value is Record<string, string> {
-  return (
-    isPlainObject(value) &&
-    typeof value.default === "string" &&
-    Object.values(value).every((entry) => typeof entry === "string")
-  );
-}
-
-function getConfiguredTranslationLanguageCodes(document: TV3SurveyDocument): string[] {
-  const defaultLanguage = document.defaultLanguage.toLowerCase();
-  const languageCodes = new Set<string>();
-
-  document.languages.forEach((language) => {
-    const code = language.code;
-    if (code.toLowerCase() !== defaultLanguage) {
-      languageCodes.add(code);
-    }
-  });
-
-  return Array.from(languageCodes.values());
-}
-
-function collectTranslationLanguageCodes(value: unknown, languageCodes: Set<string>): void {
-  if (Array.isArray(value)) {
-    value.forEach((entry) => collectTranslationLanguageCodes(entry, languageCodes));
-    return;
-  }
-
-  if (!isPlainObject(value)) {
-    return;
-  }
-
-  if (isInternalI18nString(value)) {
-    Object.keys(value).forEach((languageCode) => {
-      if (languageCode !== "default") {
-        languageCodes.add(languageCode);
-      }
-    });
-    return;
-  }
-
-  Object.values(value).forEach((entry) => collectTranslationLanguageCodes(entry, languageCodes));
-}
-
-function getRequiredTranslationLanguageCodes(document: TV3SurveyDocument): string[] {
-  const languageCodes = new Set(getConfiguredTranslationLanguageCodes(document));
-
-  V3_SURVEY_TRANSLATABLE_METADATA_KEYS.forEach((key) =>
-    collectTranslationLanguageCodes(document.metadata[key], languageCodes)
-  );
-  collectTranslationLanguageCodes(document.welcomeCard, languageCodes);
-  collectTranslationLanguageCodes(document.blocks, languageCodes);
-  collectTranslationLanguageCodes(document.endings, languageCodes);
-
-  return Array.from(languageCodes.values());
-}
-
-function addMissingTranslationIssues(
-  value: unknown,
-  path: string,
-  languageCodes: string[],
-  issues: InvalidParam[]
-): void {
-  if (languageCodes.length === 0) {
-    return;
-  }
-
-  if (Array.isArray(value)) {
-    value.forEach((entry, index) =>
-      addMissingTranslationIssues(entry, path ? `${path}.${index}` : String(index), languageCodes, issues)
-    );
-    return;
-  }
-
-  if (!isPlainObject(value)) {
-    return;
-  }
-
-  if (isInternalI18nString(value)) {
-    languageCodes.forEach((languageCode) => {
-      if (value[languageCode] === undefined) {
-        issues.push({
-          name: path,
-          reason: `Translatable field is missing configured language '${languageCode}'`,
-          code: "missing_translation",
-          identifier: languageCode,
-          referenceType: "language",
-          missingId: languageCode,
-        });
-      }
-    });
-    return;
-  }
-
-  Object.entries(value).forEach(([key, entry]) =>
-    addMissingTranslationIssues(entry, path ? `${path}.${key}` : key, languageCodes, issues)
-  );
-}
-
-function getV3SurveyLanguageInvalidParams(document: TV3SurveyDocument): InvalidParam[] {
-  const languageCodes = getRequiredTranslationLanguageCodes(document);
-  const issues: InvalidParam[] = [];
-
-  V3_SURVEY_TRANSLATABLE_METADATA_KEYS.forEach((key) =>
-    addMissingTranslationIssues(document.metadata[key], `metadata.${key}`, languageCodes, issues)
-  );
-  addMissingTranslationIssues(document.welcomeCard, "welcomeCard", languageCodes, issues);
-  addMissingTranslationIssues(document.blocks, "blocks", languageCodes, issues);
-  addMissingTranslationIssues(document.endings, "endings", languageCodes, issues);
-
-  return issues;
-}
-
-export function validateV3SurveyDocument(document: TV3SurveyDocument): TV3SurveyDocumentValidationResult {
-  const languageInvalidParams = getV3SurveyLanguageInvalidParams(document);
-  const invalidParams = [...languageInvalidParams];
-
-  const referenceValidation = validateV3SurveyReferences({
-    blocks: document.blocks,
-    endings: document.endings,
-    hiddenFields: document.hiddenFields,
-    metadata: document.metadata,
-    variables: document.variables,
-    welcomeCard: document.welcomeCard,
-  });
-
-  if (!referenceValidation.ok) {
-    invalidParams.push(...referenceValidation.invalidParams);
-  }
-
-  if (invalidParams.length > 0) {
-    return {
-      valid: false,
-      invalidParams,
-    };
-  }
-
-  return { valid: true, invalidParams: [] };
-}
@@ -1,79 +0,0 @@
-import "server-only";
-import type { TSurveyBlock } from "@formbricks/types/surveys/blocks";
-import type { TSurveyEnding } from "@formbricks/types/surveys/types";
-import { getOrganizationByWorkspaceId } from "@/lib/organization/service";
-import { getElementsFromBlocks } from "@/lib/survey/utils";
-import { getExternalUrlsPermission } from "@/modules/survey/lib/permission";
-
-type TV3SurveyWritePermissionInput = {
-  workspaceId: string;
-  blocks: TSurveyBlock[];
-  endings: TSurveyEnding[];
-  previous?: {
-    blocks: TSurveyBlock[];
-    endings: TSurveyEnding[];
-  };
-};
-
-export class V3SurveyWritePermissionError extends Error {
-  constructor(message: string) {
-    super(message);
-    this.name = "V3SurveyWritePermissionError";
-  }
-}
-
-function hasNewOrChangedExternalUrlReferences(input: TV3SurveyWritePermissionInput): boolean {
-  for (const ending of input.endings) {
-    if (ending.type !== "endScreen" || !ending.buttonLink) {
-      continue;
-    }
-
-    const previousEnding = input.previous?.endings.find((entry) => entry.id === ending.id);
-    if (previousEnding?.type !== "endScreen" || previousEnding.buttonLink !== ending.buttonLink) {
-      return true;
-    }
-  }
-
-  const elements = getElementsFromBlocks(input.blocks);
-  const previousElements = input.previous ? getElementsFromBlocks(input.previous.blocks) : [];
-  for (const element of elements) {
-    if (element.type !== "cta" || !element.buttonExternal) {
-      continue;
-    }
-
-    const previousElement = previousElements.find((entry) => entry.id === element.id);
-    if (
-      previousElement?.type !== "cta" ||
-      !previousElement.buttonExternal ||
-      previousElement.buttonUrl !== element.buttonUrl
-    ) {
-      return true;
-    }
-  }
-
-  return false;
-}
-
-export async function assertV3SurveyWritePermissions(
-  input: TV3SurveyWritePermissionInput,
-  organizationId?: string
-): Promise<void> {
-  if (!hasNewOrChangedExternalUrlReferences(input)) {
-    return;
-  }
-
-  const resolvedOrganizationId =
-    organizationId ?? (await getOrganizationByWorkspaceId(input.workspaceId))?.id ?? null;
-  if (!resolvedOrganizationId) {
-    throw new V3SurveyWritePermissionError(
-      `Unable to verify external URL permissions for workspaceId: ${input.workspaceId}`
-    );
-  }
-
-  const isExternalUrlsAllowed = await getExternalUrlsPermission(resolvedOrganizationId);
-  if (!isExternalUrlsAllowed) {
-    throw new V3SurveyWritePermissionError(
-      "External URLs are not enabled for this organization. Upgrade to use external survey links."
-    );
-  }
-}
@@ -1,6 +1,7 @@
 import { describe, expect, test } from "vitest";
 import { z } from "zod";
 import { parseAndValidateJsonBody } from "./parse-and-validate-json-body";
+import { DEFAULT_REQUEST_BODY_LIMIT_BYTES } from "./request-body";

 describe("parseAndValidateJsonBody", () => {
  test("returns a malformed JSON response when request parsing fails", async () => {
@@ -39,6 +40,40 @@ describe("parseAndValidateJsonBody", () => {
    });
  });

+  test("returns a payload too large response when the request body exceeds the body limit", async () => {
+    const request = new Request("http://localhost/api/test", {
+      method: "POST",
+      headers: {
+        "Content-Length": String(DEFAULT_REQUEST_BODY_LIMIT_BYTES + 1),
+        "Content-Type": "application/json",
+      },
+      body: "{}",
+    });
+
+    const result = await parseAndValidateJsonBody({
+      request,
+      schema: z.object({
+        finished: z.boolean(),
+      }),
+    });
+
+    expect("response" in result).toBe(true);
+
+    if (!("response" in result)) {
+      throw new Error("Expected a response result");
+    }
+
+    expect(result.issue).toBe("payload_too_large");
+    expect(result.response.status).toBe(413);
+    await expect(result.response.json()).resolves.toEqual({
+      code: "payload_too_large",
+      message: "Payload Too Large",
+      details: {
+        error: `Request body must not exceed ${DEFAULT_REQUEST_BODY_LIMIT_BYTES} bytes`,
+      },
+    });
+  });
+
  test("returns a validation response when the parsed JSON does not match the schema", async () => {
    const request = new Request("http://localhost/api/test", {
      method: "POST",
@@ -1,8 +1,9 @@
 import { z } from "zod";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";

-type TJsonBodyValidationIssue = "invalid_json" | "invalid_body";
+type TJsonBodyValidationIssue = "invalid_json" | "invalid_body" | "payload_too_large";

 type TJsonBodyValidationError = {
  details: Record<string, string> | { error: string };
@@ -44,10 +45,18 @@ export const parseAndValidateJsonBody = async <TSchema extends z.ZodTypeAny>({
  let jsonInput: unknown;

  try {
-    jsonInput = await request.json();
+    jsonInput = await parseJsonBodyWithLimit(request);
  } catch (error) {
    const details = { error: getErrorMessage(error) };

+    if (error instanceof RequestBodyTooLargeError) {
+      return {
+        details,
+        issue: "payload_too_large",
+        response: responses.payloadTooLargeResponse("Payload Too Large", details, true),
+      };
+    }
+
    return {
      details,
      issue: "invalid_json",
@@ -0,0 +1,76 @@
+import { describe, expect, test } from "vitest";
+import {
+  DEFAULT_REQUEST_BODY_LIMIT_BYTES,
+  RequestBodyTooLargeError,
+  parseJsonBodyWithLimit,
+  readRequestBodyWithLimit,
+} from "./request-body";
+
+const createStreamingRequest = (chunks: string[]): Request =>
+  new Request("http://localhost/api/test", {
+    method: "POST",
+    body: new ReadableStream<Uint8Array>({
+      start(controller) {
+        const encoder = new TextEncoder();
+        for (const chunk of chunks) {
+          controller.enqueue(encoder.encode(chunk));
+        }
+        controller.close();
+      },
+    }),
+    duplex: "half",
+  } as RequestInit & { duplex: "half" });
+
+describe("request body parsing", () => {
+  test("rejects a request when content-length exceeds the body limit", async () => {
+    const request = new Request("http://localhost/api/test", {
+      method: "POST",
+      headers: {
+        "Content-Length": String(DEFAULT_REQUEST_BODY_LIMIT_BYTES + 1),
+      },
+      body: "{}",
+    });
+
+    await expect(readRequestBodyWithLimit(request)).rejects.toMatchObject({
+      actualBytes: DEFAULT_REQUEST_BODY_LIMIT_BYTES + 1,
+      limitBytes: DEFAULT_REQUEST_BODY_LIMIT_BYTES,
+      name: "RequestBodyTooLargeError",
+    });
+  });
+
+  test("rejects a streamed request when the actual body exceeds the body limit", async () => {
+    const request = createStreamingRequest(["a".repeat(DEFAULT_REQUEST_BODY_LIMIT_BYTES), "b"]);
+
+    await expect(readRequestBodyWithLimit(request)).rejects.toBeInstanceOf(RequestBodyTooLargeError);
+  });
+
+  test("allows a body exactly at the body limit", async () => {
+    const rawBody = "a".repeat(DEFAULT_REQUEST_BODY_LIMIT_BYTES);
+    const request = new Request("http://localhost/api/test", {
+      method: "POST",
+      body: rawBody,
+    });
+
+    const body = await readRequestBodyWithLimit(request);
+
+    expect(body).toHaveLength(DEFAULT_REQUEST_BODY_LIMIT_BYTES);
+    expect(body).toBe(rawBody);
+  });
+
+  test("preserves JSON parse errors for malformed bodies under the body limit", async () => {
+    const request = new Request("http://localhost/api/test", {
+      method: "POST",
+      body: "{invalid-json",
+    });
+
+    await expect(parseJsonBodyWithLimit(request)).rejects.toBeInstanceOf(SyntaxError);
+  });
+
+  test("returns an empty string for requests without a body", async () => {
+    const request = new Request("http://localhost/api/test", {
+      method: "POST",
+    });
+
+    await expect(readRequestBodyWithLimit(request)).resolves.toBe("");
+  });
+});
@@ -0,0 +1,90 @@
+export const DEFAULT_REQUEST_BODY_LIMIT_BYTES = 2 * 1024 * 1024;
+
+export class RequestBodyTooLargeError extends Error {
+  readonly actualBytes: number | null;
+  readonly limitBytes: number;
+
+  constructor(limitBytes: number, actualBytes: number | null = null) {
+    super(`Request body must not exceed ${limitBytes} bytes`);
+    this.name = "RequestBodyTooLargeError";
+    this.limitBytes = limitBytes;
+    this.actualBytes = actualBytes;
+  }
+}
+
+const textDecoder = new TextDecoder();
+
+const getContentLength = (headers: Headers): number | null => {
+  const contentLength = headers.get("content-length");
+  if (!contentLength) {
+    return null;
+  }
+
+  const parsedContentLength = Number(contentLength);
+  if (!Number.isSafeInteger(parsedContentLength) || parsedContentLength < 0) {
+    return null;
+  }
+
+  return parsedContentLength;
+};
+
+const assertBodySize = (actualBytes: number, limitBytes: number): void => {
+  if (actualBytes > limitBytes) {
+    throw new RequestBodyTooLargeError(limitBytes, actualBytes);
+  }
+};
+
+export const readRequestBodyWithLimit = async (
+  request: Request,
+  limitBytes: number = DEFAULT_REQUEST_BODY_LIMIT_BYTES
+): Promise<string> => {
+  const contentLength = getContentLength(request.headers);
+  if (contentLength !== null) {
+    assertBodySize(contentLength, limitBytes);
+  }
+
+  if (!request.body) {
+    return "";
+  }
+
+  const reader = request.body.getReader();
+  const chunks: Uint8Array[] = [];
+  let receivedBytes = 0;
+
+  while (true) {
+    const { done, value } = await reader.read();
+    if (done) {
+      break;
+    }
+
+    receivedBytes += value.byteLength;
+    if (receivedBytes > limitBytes) {
+      await reader.cancel().catch(() => undefined);
+      throw new RequestBodyTooLargeError(limitBytes, receivedBytes);
+    }
+
+    chunks.push(value);
+  }
+
+  if (chunks.length === 0) {
+    return "";
+  }
+
+  if (chunks.length === 1) {
+    return textDecoder.decode(chunks[0]);
+  }
+
+  const body = new Uint8Array(receivedBytes);
+  let offset = 0;
+  for (const chunk of chunks) {
+    body.set(chunk, offset);
+    offset += chunk.byteLength;
+  }
+
+  return textDecoder.decode(body);
+};
+
+export const parseJsonBodyWithLimit = async <TJson = unknown>(
+  request: Request,
+  limitBytes: number = DEFAULT_REQUEST_BODY_LIMIT_BYTES
+): Promise<TJson> => JSON.parse(await readRequestBodyWithLimit(request, limitBytes)) as TJson;
@@ -17,7 +17,8 @@ interface ApiErrorResponse {
    | "not_authenticated"
    | "forbidden"
    | "too_many_requests"
-    | "conflict";
+    | "conflict"
+    | "payload_too_large";
  message: string;
  details: {
    [key: string]: string | string[] | number | number[] | boolean | boolean[];
@@ -80,6 +81,30 @@ const badRequestResponse = (
  );
 };

+const payloadTooLargeResponse = (
+  message: string = "Payload Too Large",
+  details: ApiErrorResponse["details"] = {},
+  cors: boolean = false,
+  cache: string = "private, no-store"
+) => {
+  const headers = {
+    ...(cors && corsHeaders),
+    "Cache-Control": cache,
+  };
+
+  return Response.json(
+    {
+      code: "payload_too_large",
+      message,
+      details,
+    },
+    {
+      status: 413,
+      headers,
+    }
+  );
+};
+
 const methodNotAllowedResponse = (
  res: CustomNextApiResponse,
  allowedMethods: string[],
@@ -294,6 +319,7 @@ export const responses = {
  unauthorizedResponse,
  notFoundResponse,
  successResponse,
+  payloadTooLargeResponse,
  tooManyRequestsResponse,
  forbiddenResponse,
  conflictResponse,
@@ -1859,6 +1859,7 @@ checksums:
    workspace/contacts/attribute_key_hint: 1a68c6f91e1a5cf9eff811e2e54e92b8
    workspace/contacts/attribute_key_placeholder: 31702e553b3f138a623dbaa42b6f878f
    workspace/contacts/attribute_key_required: 75f22558e9bafe7da2a549e75fab5f75
+    workspace/contacts/attribute_key_reserved_future_default: 2dbd2159bb6883bf56195448789ef72e
    workspace/contacts/attribute_key_safe_identifier_required: aece7d4708065ec5f110b82fc061621d
    workspace/contacts/attribute_label: a5c71bf158481233f8215dbd38cc196b
    workspace/contacts/attribute_label_placeholder: bf5106cb14d2ec0c21e7d8b4ab1f3a93
@@ -1893,6 +1894,7 @@ checksums:
    workspace/contacts/generate_personal_link: 9ac0865f6876d40fe858f94eae781eb8
    workspace/contacts/generate_personal_link_description: b9dbaf9e2d8362505b7e3cfa40f415a6
    workspace/contacts/invalid_csv_column_names: dcb8534e7d4c00b9ea7bdaf389f72328
+    workspace/contacts/invalid_csv_reserved_column_names: 6fef9d55e3dd298fea069404c9aaa474
    workspace/contacts/invalid_date_format: 5bad9730ac5a5bacd0792098f712b1c4
    workspace/contacts/invalid_number_format: bd0422507385f671c3046730a6febc64
    workspace/contacts/no_activity_yet: f88897ac05afd6bf8af0d4834ad24ffc
@@ -3,7 +3,6 @@ import { OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/typ
 import {
  assertOrganizationAIConfigured,
  generateOrganizationAIText,
-  getAIDataAnalysisUnavailableReason,
  getAISmartToolsUnavailableReason,
  getOrganizationAIConfig,
  isInstanceAIConfigured,
@@ -13,7 +12,6 @@ const mocks = vi.hoisted(() => ({
  generateText: vi.fn(),
  isAiConfigured: vi.fn(),
  getOrganization: vi.fn(),
-  getIsAIDataAnalysisEnabled: vi.fn(),
  getIsAISmartToolsEnabled: vi.fn(),
  loggerError: vi.fn(),
 }));
@@ -63,7 +61,6 @@ vi.mock("@/lib/organization/service", () => ({
 }));

 vi.mock("@/modules/ee/license-check/lib/utils", () => ({
-  getIsAIDataAnalysisEnabled: mocks.getIsAIDataAnalysisEnabled,
  getIsAISmartToolsEnabled: mocks.getIsAISmartToolsEnabled,
 }));

@@ -75,10 +72,8 @@ describe("AI organization service", () => {
    mocks.getOrganization.mockResolvedValue({
      id: "org_1",
      isAISmartToolsEnabled: true,
-      isAIDataAnalysisEnabled: false,
    });
    mocks.getIsAISmartToolsEnabled.mockResolvedValue(true);
-    mocks.getIsAIDataAnalysisEnabled.mockResolvedValue(true);
  });

  test("returns the instance AI status and organization settings", async () => {
@@ -89,9 +84,7 @@ describe("AI organization service", () => {
    expect(result).toMatchObject({
      organizationId: "org_1",
      isAISmartToolsEnabled: true,
-      isAIDataAnalysisEnabled: false,
      isAISmartToolsEntitled: true,
-      isAIDataAnalysisEntitled: true,
      isInstanceConfigured: true,
    });
  });
@@ -105,29 +98,22 @@ describe("AI organization service", () => {
  test("fails closed when the organization is not entitled to AI", async () => {
    mocks.getIsAISmartToolsEnabled.mockResolvedValueOnce(false);

-    await expect(assertOrganizationAIConfigured("org_1", "smartTools")).rejects.toThrow(
-      OperationNotAllowedError
-    );
+    await expect(assertOrganizationAIConfigured("org_1")).rejects.toThrow(OperationNotAllowedError);
  });

  test("fails closed when the requested AI capability is disabled", async () => {
    mocks.getOrganization.mockResolvedValueOnce({
      id: "org_1",
      isAISmartToolsEnabled: false,
-      isAIDataAnalysisEnabled: true,
    });

-    await expect(assertOrganizationAIConfigured("org_1", "smartTools")).rejects.toThrow(
-      OperationNotAllowedError
-    );
+    await expect(assertOrganizationAIConfigured("org_1")).rejects.toThrow(OperationNotAllowedError);
  });

  test("fails closed when the instance AI configuration is incomplete", async () => {
    mocks.isAiConfigured.mockReturnValueOnce(false);

-    await expect(assertOrganizationAIConfigured("org_1", "smartTools")).rejects.toThrow(
-      OperationNotAllowedError
-    );
+    await expect(assertOrganizationAIConfigured("org_1")).rejects.toThrow(OperationNotAllowedError);
  });

  test("generates organization AI text with the configured package abstraction", async () => {
@@ -136,7 +122,6 @@ describe("AI organization service", () => {

    const result = await generateOrganizationAIText({
      organizationId: "org_1",
-      capability: "smartTools",
      prompt: "Translate this survey",
    });

@@ -160,14 +145,12 @@ describe("AI organization service", () => {
    await expect(
      generateOrganizationAIText({
        organizationId: "org_1",
-        capability: "smartTools",
        prompt: "Translate this survey",
      })
    ).rejects.toThrow(modelError);
    expect(mocks.loggerError).toHaveBeenCalledWith(
      {
        organizationId: "org_1",
-        capability: "smartTools",
        isInstanceConfigured: true,
        errorCode: undefined,
        err: modelError,
@@ -176,46 +159,11 @@ describe("AI organization service", () => {
    );
  });

-  describe("getAIDataAnalysisUnavailableReason", () => {
-    const baseConfig = {
-      organizationId: "org_1",
-      isAISmartToolsEntitled: true,
-      isAISmartToolsEnabled: true,
-      isAIDataAnalysisEntitled: true,
-      isAIDataAnalysisEnabled: true,
-      isInstanceConfigured: true,
-    };
-
-    test("returns undefined when all checks pass", () => {
-      expect(getAIDataAnalysisUnavailableReason(baseConfig)).toBeUndefined();
-    });
-
-    test("returns not_in_plan when not entitled", () => {
-      expect(getAIDataAnalysisUnavailableReason({ ...baseConfig, isAIDataAnalysisEntitled: false })).toBe(
-        "not_in_plan"
-      );
-    });
-
-    test("returns not_enabled when disabled at org level", () => {
-      expect(getAIDataAnalysisUnavailableReason({ ...baseConfig, isAIDataAnalysisEnabled: false })).toBe(
-        "not_enabled"
-      );
-    });
-
-    test("returns instance_not_configured when instance AI is missing", () => {
-      expect(getAIDataAnalysisUnavailableReason({ ...baseConfig, isInstanceConfigured: false })).toBe(
-        "instance_not_configured"
-      );
-    });
-  });
-
  describe("getAISmartToolsUnavailableReason", () => {
    const baseConfig = {
      organizationId: "org_1",
      isAISmartToolsEntitled: true,
      isAISmartToolsEnabled: true,
-      isAIDataAnalysisEntitled: true,
-      isAIDataAnalysisEnabled: true,
      isInstanceConfigured: true,
    };

@@ -240,15 +188,5 @@ describe("AI organization service", () => {
        "instance_not_configured"
      );
    });
-
-    test("ignores data-analysis flags (smart tools is independent of data analysis state)", () => {
-      expect(
-        getAISmartToolsUnavailableReason({
-          ...baseConfig,
-          isAIDataAnalysisEntitled: false,
-          isAIDataAnalysisEnabled: false,
-        })
-      ).toBeUndefined();
-    });
  });
 });
@@ -4,12 +4,11 @@ import { logger } from "@formbricks/logger";
 import { OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { env } from "@/lib/env";
 import { getOrganization } from "@/lib/organization/service";
-import { getIsAIDataAnalysisEnabled, getIsAISmartToolsEnabled } from "@/modules/ee/license-check/lib/utils";
+import { getIsAISmartToolsEnabled } from "@/modules/ee/license-check/lib/utils";

 export const AI_ERROR_CODES = {
  FEATURES_NOT_ENABLED: "ai_features_not_enabled",
  SMART_TOOLS_DISABLED: "ai_smart_tools_disabled",
-  DATA_ANALYSIS_DISABLED: "ai_data_analysis_disabled",
  INSTANCE_NOT_CONFIGURED: "ai_instance_not_configured",
 } as const;

@@ -18,9 +17,7 @@ export type TAIErrorCode = (typeof AI_ERROR_CODES)[keyof typeof AI_ERROR_CODES];
 export interface TOrganizationAIConfig {
  organizationId: string;
  isAISmartToolsEnabled: boolean;
-  isAIDataAnalysisEnabled: boolean;
  isAISmartToolsEntitled: boolean;
-  isAIDataAnalysisEntitled: boolean;
  isInstanceConfigured: boolean;
 }

@@ -33,32 +30,18 @@ export const getOrganizationAIConfig = async (organizationId: string): Promise<T
    throw new ResourceNotFoundError("Organization", organizationId);
  }

-  const [isAISmartToolsEntitled, isAIDataAnalysisEntitled] = await Promise.all([
-    getIsAISmartToolsEnabled(organizationId),
-    getIsAIDataAnalysisEnabled(organizationId),
-  ]);
+  const isAISmartToolsEntitled = await getIsAISmartToolsEnabled(organizationId);

  return {
    organizationId,
    isAISmartToolsEnabled: organization.isAISmartToolsEnabled,
-    isAIDataAnalysisEnabled: organization.isAIDataAnalysisEnabled,
    isAISmartToolsEntitled,
-    isAIDataAnalysisEntitled,
    isInstanceConfigured: isInstanceAIConfigured(),
  };
 };

 export type TAIUnavailableReason = "not_in_plan" | "not_enabled" | "instance_not_configured";

-export const getAIDataAnalysisUnavailableReason = (
-  aiConfig: TOrganizationAIConfig
-): TAIUnavailableReason | undefined => {
-  if (!aiConfig.isAIDataAnalysisEntitled) return "not_in_plan";
-  if (!aiConfig.isAIDataAnalysisEnabled) return "not_enabled";
-  if (!aiConfig.isInstanceConfigured) return "instance_not_configured";
-  return undefined;
-};
-
 export const getAISmartToolsUnavailableReason = (
  aiConfig: TOrganizationAIConfig
 ): TAIUnavailableReason | undefined => {
@@ -69,25 +52,18 @@ export const getAISmartToolsUnavailableReason = (
 };

 export const assertOrganizationAIConfigured = async (
-  organizationId: string,
-  capability: "smartTools" | "dataAnalysis"
+  organizationId: string
 ): Promise<TOrganizationAIConfig> => {
  const aiConfig = await getOrganizationAIConfig(organizationId);
-  const isCapabilityEntitled =
-    capability === "smartTools" ? aiConfig.isAISmartToolsEntitled : aiConfig.isAIDataAnalysisEntitled;

-  if (!isCapabilityEntitled) {
+  if (!aiConfig.isAISmartToolsEntitled) {
    throw new OperationNotAllowedError(AI_ERROR_CODES.FEATURES_NOT_ENABLED);
  }

-  if (capability === "smartTools" && !aiConfig.isAISmartToolsEnabled) {
+  if (!aiConfig.isAISmartToolsEnabled) {
    throw new OperationNotAllowedError(AI_ERROR_CODES.SMART_TOOLS_DISABLED);
  }

-  if (capability === "dataAnalysis" && !aiConfig.isAIDataAnalysisEnabled) {
-    throw new OperationNotAllowedError(AI_ERROR_CODES.DATA_ANALYSIS_DISABLED);
-  }
-
  if (!aiConfig.isInstanceConfigured) {
    throw new OperationNotAllowedError(AI_ERROR_CODES.INSTANCE_NOT_CONFIGURED);
  }
@@ -97,15 +73,13 @@ export const assertOrganizationAIConfigured = async (

 type TGenerateOrganizationAITextInput = {
  organizationId: string;
-  capability: "smartTools" | "dataAnalysis";
 } & Parameters<typeof generateText>[0];

 export const generateOrganizationAIText = async ({
  organizationId,
-  capability,
  ...options
 }: TGenerateOrganizationAITextInput): Promise<Awaited<ReturnType<typeof generateText>>> => {
-  const aiConfig = await assertOrganizationAIConfigured(organizationId, capability);
+  const aiConfig = await assertOrganizationAIConfigured(organizationId);

  try {
    return await generateText(options, env);
@@ -113,7 +87,6 @@ export const generateOrganizationAIText = async ({
    logger.error(
      {
        organizationId,
-        capability,
        isInstanceConfigured: aiConfig.isInstanceConfigured,
        errorCode: error instanceof AIConfigurationError ? error.code : undefined,
        err: error,
@@ -5,7 +5,7 @@ import { z } from "zod";
 import { prisma } from "@formbricks/database";
 import { ZId } from "@formbricks/types/common";
 import { TDisplay, TDisplayFilters, TDisplayWithContact, ZDisplayFilters } from "@formbricks/types/displays";
-import { DatabaseError } from "@formbricks/types/errors";
+import { DatabaseError, InvalidInputError } from "@formbricks/types/errors";
 import { validateInputs } from "../utils/validate";

 export const selectDisplay = {
@@ -146,6 +146,58 @@ export const getDisplaysBySurveyIdWithContact = reactCache(
  }
 );

+export const getDisplayForResponseValidation = async (
+  displayId: string,
+  tx?: Prisma.TransactionClient
+): Promise<{
+  surveyId: string;
+  workspaceId: string;
+  responseId: string | null;
+  contactId: string | null;
+} | null> => {
+  validateInputs([displayId, ZId]);
+  const client = tx ?? prisma;
+  try {
+    const display = await client.display.findUnique({
+      where: { id: displayId },
+      select: {
+        surveyId: true,
+        contactId: true,
+        response: { select: { id: true } },
+        survey: { select: { workspaceId: true } },
+      },
+    });
+    if (!display) return null;
+    return {
+      surveyId: display.surveyId,
+      workspaceId: display.survey.workspaceId,
+      responseId: display.response?.id ?? null,
+      contactId: display.contactId,
+    };
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError) throw new DatabaseError(error.message);
+    throw error;
+  }
+};
+
+export const assertDisplayOwnership = async (
+  displayId: string,
+  workspaceId: string,
+  surveyId: string,
+  contactId: string | null,
+  tx?: Prisma.TransactionClient
+): Promise<void> => {
+  const display = await getDisplayForResponseValidation(displayId, tx);
+  if (!display) throw new InvalidInputError(`Display ${displayId} not found`);
+  if (display.workspaceId !== workspaceId)
+    throw new InvalidInputError(`Display ${displayId} belongs to a different workspace`);
+  if (display.surveyId !== surveyId)
+    throw new InvalidInputError(`Display ${displayId} is associated with a different survey`);
+  if (display.responseId) throw new InvalidInputError(`Display ${displayId} is already linked to a response`);
+  if (display.contactId !== null && display.contactId !== contactId)
+    throw new InvalidInputError(`Display ${displayId} belongs to a different contact`);
+};
+
 export const deleteDisplay = async (displayId: string, tx?: Prisma.TransactionClient): Promise<TDisplay> => {
  validateInputs([displayId, ZId]);
  try {
@@ -3,14 +3,18 @@ import { prisma } from "@/lib/__mocks__/database";
 import { Prisma } from "@prisma/client";
 import { describe, expect, test, vi } from "vitest";
 import { PrismaErrorType } from "@formbricks/database/types/error";
-import { DatabaseError, ValidationError } from "@formbricks/types/errors";
+import { DatabaseError, InvalidInputError, ValidationError } from "@formbricks/types/errors";
 import {
+  assertDisplayOwnership,
  getDisplayCountBySurveyId,
+  getDisplayForResponseValidation,
  getDisplaysByContactId,
  getDisplaysBySurveyIdWithContact,
 } from "../service";

 const mockContactId = "clqnj99r9000008lebgf8734j";
+const mockWorkspaceId = "clqkr8dlv000308jybb08evgz";
+const mockResponseId = "clqnfg59i000208i426pb4wcv";
 const mockResponseIds = ["clqnfg59i000208i426pb4wcv", "clqnfg59i000208i426pb4wcw"];

 const mockDisplaysForContact = [
@@ -290,3 +294,96 @@ describe("getDisplaysBySurveyIdWithContact", () => {
    });
  });
 });
+
+const mockDisplayRecord = {
+  surveyId: mockSurveyId,
+  contactId: null as string | null,
+  response: null as { id: string } | null,
+  survey: { workspaceId: mockWorkspaceId },
+};
+
+describe("getDisplayForResponseValidation", () => {
+  test("returns null when display is not found", async () => {
+    vi.mocked(prisma.display.findUnique).mockResolvedValue(null);
+    const result = await getDisplayForResponseValidation(mockDisplayId);
+    expect(result).toBeNull();
+  });
+
+  test("returns mapped shape when display is found", async () => {
+    vi.mocked(prisma.display.findUnique).mockResolvedValue({
+      ...mockDisplayRecord,
+      contactId: mockContactId,
+      response: { id: mockResponseId },
+    } as any);
+    const result = await getDisplayForResponseValidation(mockDisplayId);
+    expect(result).toEqual({
+      surveyId: mockSurveyId,
+      workspaceId: mockWorkspaceId,
+      responseId: mockResponseId,
+      contactId: mockContactId,
+    });
+  });
+
+  test("throws DatabaseError on PrismaClientKnownRequestError", async () => {
+    vi.mocked(prisma.display.findUnique).mockRejectedValue(
+      new Prisma.PrismaClientKnownRequestError("Mock error", {
+        code: PrismaErrorType.UniqueConstraintViolation,
+        clientVersion: "0.0.1",
+      })
+    );
+    await expect(getDisplayForResponseValidation(mockDisplayId)).rejects.toThrow(DatabaseError);
+  });
+});
+
+describe("assertDisplayOwnership", () => {
+  test("throws InvalidInputError when display is not found", async () => {
+    vi.mocked(prisma.display.findUnique).mockResolvedValue(null);
+    await expect(assertDisplayOwnership(mockDisplayId, mockWorkspaceId, mockSurveyId, null)).rejects.toThrow(
+      InvalidInputError
+    );
+  });
+
+  test("throws InvalidInputError when workspaceId does not match", async () => {
+    vi.mocked(prisma.display.findUnique).mockResolvedValue(mockDisplayRecord as any);
+    await expect(
+      assertDisplayOwnership(mockDisplayId, "wrong-workspace", mockSurveyId, null)
+    ).rejects.toThrow(InvalidInputError);
+  });
+
+  test("throws InvalidInputError when surveyId does not match", async () => {
+    vi.mocked(prisma.display.findUnique).mockResolvedValue(mockDisplayRecord as any);
+    await expect(
+      assertDisplayOwnership(mockDisplayId, mockWorkspaceId, "wrong-survey", null)
+    ).rejects.toThrow(InvalidInputError);
+  });
+
+  test("throws InvalidInputError when display is already linked to a response", async () => {
+    vi.mocked(prisma.display.findUnique).mockResolvedValue({
+      ...mockDisplayRecord,
+      response: { id: mockResponseId },
+    } as any);
+    await expect(assertDisplayOwnership(mockDisplayId, mockWorkspaceId, mockSurveyId, null)).rejects.toThrow(
+      InvalidInputError
+    );
+  });
+
+  test("throws InvalidInputError when contactId does not match", async () => {
+    vi.mocked(prisma.display.findUnique).mockResolvedValue({
+      ...mockDisplayRecord,
+      contactId: "contact-a",
+    } as any);
+    await expect(
+      assertDisplayOwnership(mockDisplayId, mockWorkspaceId, mockSurveyId, "contact-b")
+    ).rejects.toThrow(InvalidInputError);
+  });
+
+  test("resolves without error when all ownership checks pass", async () => {
+    vi.mocked(prisma.display.findUnique).mockResolvedValue({
+      ...mockDisplayRecord,
+      contactId: mockContactId,
+    } as any);
+    await expect(
+      assertDisplayOwnership(mockDisplayId, mockWorkspaceId, mockSurveyId, mockContactId)
+    ).resolves.toBeUndefined();
+  });
+});
@@ -38,7 +38,6 @@ describe("auth", () => {
            usageCycleAnchor: new Date(),
          },
          isAISmartToolsEnabled: false,
-          isAIDataAnalysisEnabled: false,
        },
      ];
      vi.mocked(getOrganizationsByUserId).mockResolvedValue(mockOrganizations);
@@ -46,6 +46,13 @@ vi.mock("@/modules/ee/billing/lib/organization-billing", () => ({
  cleanupStripeCustomer: vi.fn().mockResolvedValue(undefined),
 }));

+vi.mock("@/modules/hub/service", () => ({
+  deleteHubTenantData: vi.fn().mockResolvedValue({
+    data: { deletedFeedbackRecords: 0, deletedEmbeddings: 0, deletedWebhooks: 0 },
+    error: null,
+  }),
+}));
+
 describe("Organization Service", () => {
  beforeEach(() => {
    vi.mocked(ensureCloudStripeSetupForOrganization).mockResolvedValue(undefined);
@@ -73,7 +80,6 @@ describe("Organization Service", () => {
          usageCycleAnchor: new Date(),
        },
        isAISmartToolsEnabled: false,
-        isAIDataAnalysisEnabled: false,
        whitelabel: false,
      };

@@ -126,7 +132,6 @@ describe("Organization Service", () => {
            usageCycleAnchor: new Date(),
          },
          isAISmartToolsEnabled: false,
-          isAIDataAnalysisEnabled: false,
          whitelabel: false,
        },
      ];
@@ -179,7 +184,6 @@ describe("Organization Service", () => {
        updatedAt: new Date(),
        billing: expectedBilling,
        isAISmartToolsEnabled: false,
-        isAIDataAnalysisEnabled: false,
        whitelabel: false,
      };

@@ -239,7 +243,6 @@ describe("Organization Service", () => {
          usageCycleAnchor: new Date(),
        },
        isAISmartToolsEnabled: false,
-        isAIDataAnalysisEnabled: false,
        whitelabel: false,
        memberships: [{ userId: "user1" }, { userId: "user2" }],
        workspaces: [
@@ -281,7 +284,6 @@ describe("Organization Service", () => {
          usageCycleAnchor: expect.any(Date),
        },
        isAISmartToolsEnabled: false,
-        isAIDataAnalysisEnabled: false,
        whitelabel: false,
      });
      expect(prisma.organization.update).toHaveBeenCalledWith({
@@ -355,6 +357,7 @@ describe("Organization Service", () => {
        billing: { stripeCustomerId: "cus_123" },
        memberships: [],
        workspaces: [],
+        feedbackDirectories: [],
      } as any);

      await deleteOrganization("org1");
@@ -363,5 +366,23 @@ describe("Organization Service", () => {
        expect(cleanupStripeCustomer).toHaveBeenCalledWith("cus_123");
      }
    });
+
+    test("should purge Hub-owned data for each feedback directory", async () => {
+      const { deleteHubTenantData } = await import("@/modules/hub/service");
+      vi.mocked(prisma.organization.delete).mockResolvedValue({
+        id: "org1",
+        name: "Test Org",
+        billing: null,
+        memberships: [],
+        workspaces: [],
+        feedbackDirectories: [{ id: "frd_1" }, { id: "frd_2" }],
+      } as any);
+
+      await deleteOrganization("org1");
+
+      expect(deleteHubTenantData).toHaveBeenCalledTimes(2);
+      expect(deleteHubTenantData).toHaveBeenCalledWith("frd_1");
+      expect(deleteHubTenantData).toHaveBeenCalledWith("frd_2");
+    });
  });
 });
@@ -19,6 +19,7 @@ import { updateUser } from "@/lib/user/service";
 import { getBillingUsageCycleWindow } from "@/lib/utils/billing";
 import { getWorkspaces } from "@/lib/workspace/service";
 import { cleanupStripeCustomer } from "@/modules/ee/billing/lib/organization-billing";
+import { deleteHubTenantData } from "@/modules/hub/service";
 import { validateInputs } from "../utils/validate";

 export const select = {
@@ -35,7 +36,6 @@ export const select = {
    },
  },
  isAISmartToolsEnabled: true,
-  isAIDataAnalysisEnabled: true,
  whitelabel: true,
 } satisfies Prisma.OrganizationSelect;

@@ -74,7 +74,6 @@ const mapOrganization = (organization: TOrganizationWithBilling): TOrganization
  name: organization.name,
  billing: mapOrganizationBilling(organization.billing),
  isAISmartToolsEnabled: organization.isAISmartToolsEnabled,
-  isAIDataAnalysisEnabled: organization.isAIDataAnalysisEnabled,
  whitelabel: organization.whitelabel as TOrganization["whitelabel"],
 });

@@ -294,6 +293,11 @@ export const deleteOrganization = async (organizationId: string) => {
            id: true,
          },
        },
+        feedbackDirectories: {
+          select: {
+            id: true,
+          },
+        },
      },
    });

@@ -301,6 +305,13 @@ export const deleteOrganization = async (organizationId: string) => {
    if (IS_FORMBRICKS_CLOUD && stripeCustomerId) {
      await cleanupStripeCustomer(stripeCustomerId);
    }
+
+    // Best-effort: purge Hub-owned data (feedback records, embeddings, webhooks) for each
+    // directory tenant. Failures are logged inside the gateway and do not roll back the
+    // local delete.
+    for (const directory of deletedOrganization.feedbackDirectories) {
+      await deleteHubTenantData(directory.id);
+    }
  } catch (error) {
    if (error instanceof Prisma.PrismaClientKnownRequestError) {
      throw new DatabaseError(error.message);
@@ -1,6 +1,7 @@
 import { Prisma } from "@prisma/client";
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
+import { PrismaErrorType } from "@formbricks/database/types/error";
 import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { TResponseUpdateInput } from "@formbricks/types/responses";
 import { updateResponse } from "./service";
@@ -324,5 +325,35 @@ describe("updateResponse", () => {

      await expect(updateResponse(mockResponseId, responseInput)).rejects.toThrow(DatabaseError);
    });
+
+    test("should throw ResourceNotFoundError when response is deleted during update", async () => {
+      const currentResponse = createMockCurrentResponse();
+      vi.mocked(prisma.response.findUnique).mockResolvedValue(currentResponse as any);
+      vi.mocked(prisma.response.update).mockRejectedValue(
+        new Prisma.PrismaClientKnownRequestError("Record to update not found", {
+          code: PrismaErrorType.RelatedRecordDoesNotExist,
+          clientVersion: "5.0.0",
+        })
+      );
+
+      const responseInput = createMockResponseInput();
+
+      await expect(updateResponse(mockResponseId, responseInput)).rejects.toThrow(ResourceNotFoundError);
+    });
+
+    test("should throw ResourceNotFoundError when Prisma reports a missing response record", async () => {
+      const currentResponse = createMockCurrentResponse();
+      vi.mocked(prisma.response.findUnique).mockResolvedValue(currentResponse as any);
+      vi.mocked(prisma.response.update).mockRejectedValue(
+        new Prisma.PrismaClientKnownRequestError("Record does not exist", {
+          code: PrismaErrorType.RecordDoesNotExist,
+          clientVersion: "5.0.0",
+        })
+      );
+
+      const responseInput = createMockResponseInput();
+
+      await expect(updateResponse(mockResponseId, responseInput)).rejects.toThrow(ResourceNotFoundError);
+    });
  });
 });
@@ -3,6 +3,7 @@ import { Prisma } from "@prisma/client";
 import { cache as reactCache } from "react";
 import { z } from "zod";
 import { prisma } from "@formbricks/database";
+import { PrismaErrorType } from "@formbricks/database/types/error";
 import { logger } from "@formbricks/logger";
 import { ZId, ZOptionalNumber, ZString } from "@formbricks/types/common";
 import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
@@ -569,6 +570,13 @@ export const updateResponse = async (
    return response;
  } catch (error) {
    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      if (
+        error.code === PrismaErrorType.RecordDoesNotExist ||
+        error.code === PrismaErrorType.RelatedRecordDoesNotExist
+      ) {
+        throw new ResourceNotFoundError("Response", responseId);
+      }
+
      throw new DatabaseError(error.message);
    }

@@ -228,7 +228,6 @@ export const mockOrganizationOutput: TOrganization = {
  createdAt: currentDate,
  updatedAt: currentDate,
  isAISmartToolsEnabled: false,
-  isAIDataAnalysisEnabled: false,
  billing: {
    stripeCustomerId: null,
    limits: {
@@ -733,85 +733,6 @@ describe("Tests for createSurvey", () => {
        })
      );
    });
-
-    test("creates survey languages from validated language inputs", async () => {
-      vi.mocked(getOrganizationByWorkspaceId).mockResolvedValueOnce(mockOrganizationOutput);
-      prisma.survey.create.mockResolvedValueOnce({
-        ...mockSurveyOutput,
-      });
-
-      await createSurvey(mockWorkspaceId, {
-        ...mockCreateSurveyInput,
-        languages: [
-          {
-            default: true,
-            enabled: true,
-            language: {
-              id: "cllang12345678901234567890",
-              code: "en-US",
-              alias: null,
-              workspaceId: mockWorkspaceId,
-              createdAt: new Date(),
-              updatedAt: new Date(),
-            },
-          },
-        ],
-      });
-
-      expect(prisma.survey.create).toHaveBeenCalledWith(
-        expect.objectContaining({
-          data: expect.objectContaining({
-            languages: {
-              create: [
-                {
-                  language: {
-                    connect: {
-                      id: "cllang12345678901234567890",
-                    },
-                  },
-                  default: true,
-                  enabled: true,
-                },
-              ],
-            },
-          }),
-        })
-      );
-    });
-
-    test("preserves an explicitly provided segment relation for existing callers", async () => {
-      vi.mocked(getOrganizationByWorkspaceId).mockResolvedValueOnce(mockOrganizationOutput);
-      prisma.survey.create.mockResolvedValueOnce({
-        ...mockSurveyOutput,
-      });
-
-      await createSurvey(mockWorkspaceId, {
-        ...mockCreateSurveyInput,
-        segment: {
-          id: "clseg123456789012345678901",
-          title: "Segment",
-          description: null,
-          isPrivate: false,
-          filters: [],
-          workspaceId: mockWorkspaceId,
-          surveys: [],
-          createdAt: new Date(),
-          updatedAt: new Date(),
-        },
-      });
-
-      expect(prisma.survey.create).toHaveBeenCalledWith(
-        expect.objectContaining({
-          data: expect.objectContaining({
-            segment: {
-              connect: {
-                id: "clseg123456789012345678901",
-              },
-            },
-          }),
-        })
-      );
-    });
  });

  describe("Sad Path", () => {
@@ -824,30 +745,6 @@ describe("Tests for createSurvey", () => {
      );
    });

-    test("rejects survey languages from a different workspace", async () => {
-      await expect(
-        createSurvey(mockWorkspaceId, {
-          ...mockCreateSurveyInput,
-          languages: [
-            {
-              default: true,
-              enabled: true,
-              language: {
-                id: "cllang12345678901234567890",
-                code: "en-US",
-                alias: null,
-                workspaceId: "clotherworkspace0000000000",
-                createdAt: new Date(),
-                updatedAt: new Date(),
-              },
-            },
-          ],
-        })
-      ).rejects.toThrow(ResourceNotFoundError);
-
-      expect(prisma.survey.create).not.toHaveBeenCalled();
-    });
-
    test("throws DatabaseError if there is a Prisma error", async () => {
      vi.mocked(getOrganizationByWorkspaceId).mockResolvedValueOnce(mockOrganizationOutput);
      const mockError = new Prisma.PrismaClientKnownRequestError("Database error", {
@@ -621,17 +621,6 @@ const validateSurveyCreateDataMedia = (
  return data;
 };

-const assertSurveyLanguagesBelongToWorkspace = (
-  workspaceId: string,
-  languages: TSurveyCreateInput["languages"]
-): void => {
-  for (const surveyLanguage of languages ?? []) {
-    if (surveyLanguage.language.workspaceId !== workspaceId) {
-      throw new ResourceNotFoundError("Language", surveyLanguage.language.id);
-    }
-  }
-};
-
 export const createSurvey = async (workspaceId: string, surveyBody: TSurveyCreateInput): Promise<TSurvey> => {
  const [parsedWorkspaceId, parsedSurveyBody] = validateInputs(
    [workspaceId, ZId],
@@ -639,24 +628,9 @@ export const createSurvey = async (workspaceId: string, surveyBody: TSurveyCreat
  );

  try {
-    const { createdBy, languages, segment, followUps, ...restSurveyBody } = parsedSurveyBody;
-    assertSurveyLanguagesBelongToWorkspace(parsedWorkspaceId, languages);
+    const { createdBy, languages, ...restSurveyBody } = parsedSurveyBody;
    const normalizedCloseOn = restSurveyBody.closeOn instanceof Date ? restSurveyBody.closeOn : null;
    const normalizedPublishOn = restSurveyBody.publishOn instanceof Date ? restSurveyBody.publishOn : null;
-    const surveyLanguagesCreateData: Prisma.SurveyLanguageCreateNestedManyWithoutSurveyInput | undefined =
-      languages?.length
-        ? {
-            create: languages.map((surveyLanguage) => ({
-              language: {
-                connect: {
-                  id: surveyLanguage.language.id,
-                },
-              },
-              default: surveyLanguage.default,
-              enabled: surveyLanguage.enabled,
-            })),
-          }
-        : undefined;

    const actionClasses = await getActionClasses(parsedWorkspaceId);

@@ -667,15 +641,18 @@ export const createSurvey = async (workspaceId: string, surveyBody: TSurveyCreat
        publishOn: normalizedPublishOn,
        status: restSurveyBody.status ?? "draft",
      }),
-      languages: surveyLanguagesCreateData,
-      segment: segment?.id ? { connect: { id: segment.id } } : undefined,
+      // @ts-expect-error - languages would be undefined in case of empty array
+      languages: languages?.length ? languages : undefined,
      triggers: restSurveyBody.triggers
        ? handleTriggerUpdates(restSurveyBody.triggers, [], actionClasses)
        : undefined,
      attributeFilters: undefined,
    };
    const data = validateSurveyCreateDataMedia(
-      attachSurveyFollowUpsToCreateData(attachSurveyCreatorToCreateData(baseData, createdBy), followUps)
+      attachSurveyFollowUpsToCreateData(
+        attachSurveyCreatorToCreateData(baseData, createdBy),
+        restSurveyBody.followUps
+      )
    );

    const organization = await getOrganizationByWorkspaceId(parsedWorkspaceId);
@@ -67,7 +67,6 @@ describe("User Service", () => {
        usageCycleAnchor: new Date(),
      },
      isAISmartToolsEnabled: false,
-      isAIDataAnalysisEnabled: false,
    },
    {
      id: "org2",
@@ -85,7 +84,6 @@ describe("User Service", () => {
        usageCycleAnchor: new Date(),
      },
      isAISmartToolsEnabled: false,
-      isAIDataAnalysisEnabled: false,
    },
  ];

@@ -18,6 +18,7 @@ import {
  ValidationError,
  isExpectedError,
 } from "@formbricks/types/errors";
+import { RequestBodyTooLargeError } from "@/app/lib/api/request-body";

 // Mock Sentry
 vi.mock("@sentry/nextjs", () => ({
@@ -78,6 +79,7 @@ describe("isExpectedError (shared helper)", () => {
      "TooManyRequestsError",
      "InvalidPasswordResetTokenError",
      "UniqueConstraintError",
+      "RequestBodyTooLargeError",
    ];

    expect(EXPECTED_ERROR_NAMES.size).toBe(expected.length);
@@ -97,6 +99,7 @@ describe("isExpectedError (shared helper)", () => {
    { ErrorClass: QueryExecutionError, args: ["Cube query failed. Details: connect ECONNREFUSED"] },
    { ErrorClass: InvalidPasswordResetTokenError, args: [INVALID_PASSWORD_RESET_TOKEN_ERROR_CODE] },
    { ErrorClass: UniqueConstraintError, args: ["Already exists"] },
+    { ErrorClass: RequestBodyTooLargeError, args: [2 * 1024 * 1024] },
  ])("returns true for $ErrorClass.name", ({ ErrorClass, args }) => {
    const error = new (ErrorClass as any)(...args);
    expect(isExpectedError(error)).toBe(true);
@@ -27,16 +27,8 @@ describe("validateInputs", () => {

    expect(() => validateInputs([123, schema])).toThrow(ValidationError);
    expect(logger.error).toHaveBeenCalledWith(
-      expect.objectContaining({
-        error: expect.any(z.ZodError),
-        issues: expect.arrayContaining([
-          expect.objectContaining({
-            message: "Invalid input: expected string, received number",
-          }),
-        ]),
-        valuePreview: "123",
-      }),
-      "Input validation failed"
+      expect.anything(),
+      expect.stringContaining("Validation failed")
    );
  });

@@ -55,16 +47,8 @@ describe("validateInputs", () => {

    expect(() => validateInputs(["valid", stringSchema], ["invalid", numberSchema])).toThrow(ValidationError);
    expect(logger.error).toHaveBeenCalledWith(
-      expect.objectContaining({
-        error: expect.any(z.ZodError),
-        issues: expect.arrayContaining([
-          expect.objectContaining({
-            message: "Invalid input: expected number, received string",
-          }),
-        ]),
-        valuePreview: '"invalid"',
-      }),
-      "Input validation failed"
+      expect.anything(),
+      expect.stringContaining("Validation failed")
    );
  });
 });
@@ -20,12 +20,8 @@ export function validateInputs<T extends ValidationPair<any>[]>(
        .join("; ");

      logger.error(
-        {
-          error: inputValidation.error,
-          issues: inputValidation.error.issues,
-          valuePreview: JSON.stringify(value).substring(0, 100),
-        },
-        "Input validation failed"
+        inputValidation.error,
+        `Validation failed for ${JSON.stringify(value).substring(0, 100)} and ${JSON.stringify(schema)}`
      );
      throw new ValidationError(`Validation failed: ${zodDetails}`);
    }
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Nur Kleinbuchstaben, Zahlen und Unterstriche. Muss mit einem Buchstaben beginnen.",
      "attribute_key_placeholder": "z. B. geburtsdatum",
      "attribute_key_required": "Schlüssel ist erforderlich",
+      "attribute_key_reserved_future_default": "Der Schlüssel ist für zukünftige Standardattribute reserviert ({reservedKeys}). Bitte wähle einen anderen Schlüssel.",
      "attribute_key_safe_identifier_required": "Schlüssel muss ein sicherer Identifikator sein: nur Kleinbuchstaben, Zahlen und Unterstriche, und muss mit einem Buchstaben beginnen",
      "attribute_label": "Bezeichnung",
      "attribute_label_placeholder": "z. B. Geburtsdatum",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Persönlichen Link erstellen",
      "generate_personal_link_description": "Wähle eine veröffentlichte Umfrage aus, um einen personalisierten Link für diesen Kontakt zu erstellen.",
      "invalid_csv_column_names": "Ungültige CSV-Spaltennamen: {columns}. Spaltennamen, die zu neuen Attributen werden, dürfen nur Kleinbuchstaben, Zahlen und Unterstriche enthalten und müssen mit einem Buchstaben beginnen.",
+      "invalid_csv_reserved_column_names": "Reservierte CSV-Spaltennamen: {columns}. Diese Namen sind für zukünftige Standardattribute ({reservedKeys}) reserviert und können nicht als neue Attribute erstellt werden.",
      "invalid_date_format": "Ungültiges Datumsformat. Bitte verwende ein gültiges Datum.",
      "invalid_number_format": "Ungültiges Zahlenformat. Bitte gib eine gültige Zahl ein.",
      "no_activity_yet": "Noch keine Aktivität",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Workspaces, denen Zugriff gewährt wird"
      },
      "general": {
-        "ai_data_analysis_enabled": "Datenanreicherung & -analyse (KI)",
-        "ai_data_analysis_enabled_description": "KI nutzen, um mehr aus deinen Daten herauszuholen – richte Dashboards, Diagramme, Berichte und mehr ein. Greift auf deine Erfahrungsdaten zu.",
        "ai_enabled": "Formbricks KI",
        "ai_enabled_description": "Verwalte KI-gestützte Funktionen für diese Organisation.",
        "ai_instance_not_configured": "KI wird auf Instanzebene über Umgebungsvariablen konfiguriert. Bitte deine:n Administrator:in, AI_PROVIDER, AI_MODEL und die passenden Provider-Zugangsdaten zu setzen, bevor du KI-Funktionen aktivierst.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "„Umfrage geschlossen“-Nachricht anpassen",
        "adjust_survey_closed_message_description": "Ändere die Nachricht, die Besucher sehen, wenn die Umfrage geschlossen ist.",
        "adjust_theme_in_look_and_feel_settings": "Passe das Theme in den <lookFeelLink>Look & Feel</lookFeelLink> Einstellungen an.",
-        "ai_data_analysis_disabled": "KI-Datenanalyse ist für diese Organisation deaktiviert.",
        "ai_features_not_enabled": "KI-Funktionen sind für diese Organisation nicht aktiviert.",
        "ai_instance_not_configured": "KI ist nicht konfiguriert. Kontaktiere deinen Administrator.",
        "ai_smart_tools_disabled": "KI-Smart-Tools sind für diese Organisation deaktiviert.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Only lowercase letters, numbers, and underscores. Must start with a letter.",
      "attribute_key_placeholder": "e.g. date_of_birth",
      "attribute_key_required": "Key is required",
+      "attribute_key_reserved_future_default": "Key is reserved for future default attributes ({reservedKeys}). Please choose a different key.",
      "attribute_key_safe_identifier_required": "Key must be a safe identifier: only lowercase letters, numbers, and underscores, and must start with a letter",
      "attribute_label": "Label",
      "attribute_label_placeholder": "e.g. Date of Birth",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Generate Personal Link",
      "generate_personal_link_description": "Select a published survey to generate a personalized link for this contact.",
      "invalid_csv_column_names": "Invalid CSV column name(s): {columns}. Column names that will become new attributes must only contain lowercase letters, numbers, and underscores, and must start with a letter.",
+      "invalid_csv_reserved_column_names": "Reserved CSV column name(s): {columns}. These names are reserved for future default attributes ({reservedKeys}) and cannot be created as new attributes.",
      "invalid_date_format": "Invalid date format. Please use a valid date.",
      "invalid_number_format": "Invalid number format. Please enter a valid number.",
      "no_activity_yet": "No activity yet",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Workspaces being granted access"
      },
      "general": {
-        "ai_data_analysis_enabled": "Data enrichment & analysis (AI)",
-        "ai_data_analysis_enabled_description": "AI to get more out of your data, setup dashboards, charts, reports and more. Touches your experience data.",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "Manage AI-powered features for this organization.",
        "ai_instance_not_configured": "AI is configured at the instance level via environment variables. Ask your administrator to set AI_PROVIDER, AI_MODEL, and the matching provider credentials before enabling AI features.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "Adjust “Survey Closed” message",
        "adjust_survey_closed_message_description": "Change the message visitors see when the survey is closed.",
        "adjust_theme_in_look_and_feel_settings": "Adjust the theme in the <lookFeelLink>Look & Feel</lookFeelLink> Settings.",
-        "ai_data_analysis_disabled": "AI data analysis is disabled for this organization.",
        "ai_features_not_enabled": "AI features are not enabled for this organization.",
        "ai_instance_not_configured": "AI is not configured. Contact your administrator.",
        "ai_smart_tools_disabled": "AI smart tools are disabled for this organization.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Solo letras minúsculas, números y guiones bajos. Debe empezar con una letra.",
      "attribute_key_placeholder": "p. ej. fecha_de_nacimiento",
      "attribute_key_required": "La clave es obligatoria",
+      "attribute_key_reserved_future_default": "La clave está reservada para atributos predeterminados futuros ({reservedKeys}). Por favor, elige una clave diferente.",
      "attribute_key_safe_identifier_required": "La clave debe ser un identificador seguro: solo letras minúsculas, números y guiones bajos, y debe empezar con una letra",
      "attribute_label": "Etiqueta",
      "attribute_label_placeholder": "p. ej. fecha de nacimiento",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Generar enlace personal",
      "generate_personal_link_description": "Selecciona una encuesta publicada para generar un enlace personalizado para este contacto.",
      "invalid_csv_column_names": "Nombre(s) de columna CSV no válido(s): {columns}. Los nombres de columna que se convertirán en nuevos atributos solo deben contener letras minúsculas, números y guiones bajos, y deben comenzar con una letra.",
+      "invalid_csv_reserved_column_names": "Nombre(s) de columna CSV reservado(s): {columns}. Estos nombres están reservados para atributos predeterminados futuros ({reservedKeys}) y no se pueden crear como nuevos atributos.",
      "invalid_date_format": "Formato de fecha no válido. Por favor, usa una fecha válida.",
      "invalid_number_format": "Formato de número no válido. Por favor, introduce un número válido.",
      "no_activity_yet": "Aún no hay actividad",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Espacios de trabajo a los que se concede acceso"
      },
      "general": {
-        "ai_data_analysis_enabled": "Enriquecimiento y análisis de datos (IA)",
-        "ai_data_analysis_enabled_description": "IA para sacar más partido a tus datos, configurar paneles, gráficos, informes y más. Accede a los datos de experiencia.",
        "ai_enabled": "IA de Formbricks",
        "ai_enabled_description": "Gestiona las funciones impulsadas por IA para esta organización.",
        "ai_instance_not_configured": "La IA se configura a nivel de instancia mediante variables de entorno. Pide a tu administrador que configure AI_PROVIDER, las credenciales de ese proveedor y la lista de modelos correspondiente antes de habilitar las funciones de IA.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "Ajustar mensaje 'Encuesta cerrada'",
        "adjust_survey_closed_message_description": "Cambiar el mensaje que ven los visitantes cuando la encuesta está cerrada.",
        "adjust_theme_in_look_and_feel_settings": "Ajusta el tema en la configuración de <lookFeelLink>Aspecto</lookFeelLink>.",
-        "ai_data_analysis_disabled": "El análisis de datos con IA está deshabilitado para esta organización.",
        "ai_features_not_enabled": "Las funciones de IA no están habilitadas para esta organización.",
        "ai_instance_not_configured": "La IA no está configurada. Contacta con tu administrador.",
        "ai_smart_tools_disabled": "Las herramientas inteligentes de IA están deshabilitadas para esta organización.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Uniquement des lettres minuscules, des chiffres et des underscores. Doit commencer par une lettre.",
      "attribute_key_placeholder": "ex. date_de_naissance",
      "attribute_key_required": "La clé est requise",
+      "attribute_key_reserved_future_default": "La clé est réservée pour les attributs par défaut futurs ({reservedKeys}). Veuillez choisir une clé différente.",
      "attribute_key_safe_identifier_required": "La clé doit être un identifiant sûr : uniquement des lettres minuscules, des chiffres et des underscores, et doit commencer par une lettre",
      "attribute_label": "Étiquette",
      "attribute_label_placeholder": "ex. Date de naissance",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Générer un lien personnel",
      "generate_personal_link_description": "Sélectionnez une enquête publiée pour générer un lien personnalisé pour ce contact.",
      "invalid_csv_column_names": "Nom(s) de colonne CSV invalide(s) : {columns}. Les noms de colonnes qui deviendront de nouveaux attributs ne doivent contenir que des lettres minuscules, des chiffres et des underscores, et doivent commencer par une lettre.",
+      "invalid_csv_reserved_column_names": "Nom(s) de colonne CSV réservé(s) : {columns}. Ces noms sont réservés pour les attributs par défaut futurs ({reservedKeys}) et ne peuvent pas être créés en tant que nouveaux attributs.",
      "invalid_date_format": "Format de date invalide. Merci d'utiliser une date valide.",
      "invalid_number_format": "Format de nombre invalide. Veuillez saisir un nombre valide.",
      "no_activity_yet": "Aucune activité pour le moment",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Espaces de travail en cours d'ajout"
      },
      "general": {
-        "ai_data_analysis_enabled": "Enrichissement et analyse des données (IA)",
-        "ai_data_analysis_enabled_description": "L'IA pour tirer le meilleur parti de vos données, configurer des tableaux de bord, des graphiques, des rapports et plus encore. Accède à vos données d'expérience.",
        "ai_enabled": "IA Formbricks",
        "ai_enabled_description": "Gérer les fonctionnalités alimentées par l'IA pour cette organisation.",
        "ai_instance_not_configured": "L'IA est configurée au niveau de l'instance via des variables d'environnement. Demandez à votre administrateur de définir AI_PROVIDER, les identifiants du fournisseur et la liste de modèles correspondante avant d'activer les fonctionnalités d'IA.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "Ajuster le message \"Sondage fermé\"",
        "adjust_survey_closed_message_description": "Modifiez le message que les visiteurs voient lorsque l'enquête est fermée.",
        "adjust_theme_in_look_and_feel_settings": "Ajuste le thème dans les paramètres <lookFeelLink>Apparence et ressenti</lookFeelLink>.",
-        "ai_data_analysis_disabled": "L'analyse de données par IA est désactivée pour cette organisation.",
        "ai_features_not_enabled": "Les fonctionnalités IA ne sont pas activées pour cette organisation.",
        "ai_instance_not_configured": "L'IA n'est pas configurée. Contacte ton administrateur.",
        "ai_smart_tools_disabled": "Les outils intelligents IA sont désactivés pour cette organisation.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Csak ékezet nélküli kisbetűk, számok és aláhúzásjelek használhatók. Betűvel kell kezdődnie.",
      "attribute_key_placeholder": "például: szuletesi_ido",
      "attribute_key_required": "A kulcs kötelező",
+      "attribute_key_reserved_future_default": "A kulcs le van foglalva jövőbeli alapértelmezett attribútumok számára ({reservedKeys}). Kérem, válasszon egy másik kulcsot.",
      "attribute_key_safe_identifier_required": "A kulcs csak biztonságos azonosító lehet: csak ékezet nélküli kisbetűk, számok és aláhúzásjelek használhatók, és betűvel kell kezdődnie",
      "attribute_label": "Címke",
      "attribute_label_placeholder": "például: Születési idő",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Személyes hivatkozás előállítása",
      "generate_personal_link_description": "Válasszon egy közzétett kérdőívet, hogy személyre szabott hivatkozást állítson elő ehhez a partnerhez.",
      "invalid_csv_column_names": "Érvénytelen CSV-oszlopnevek: {columns}. Az új attribútumokká váló oszlopnevek csak ékezet nélküli kisbetűket, számokat és aláhúzásjeleket tartalmazhatnak, valamint betűvel kell kezdődniük.",
+      "invalid_csv_reserved_column_names": "Fenntartott CSV oszlopnév/nevek: {columns}. Ezek a nevek le vannak foglalva jövőbeli alapértelmezett attribútumok számára ({reservedKeys}), és nem hozhatók létre új attribútumokként.",
      "invalid_date_format": "Érvénytelen dátumformátum. Használjon érvényes dátumot.",
      "invalid_number_format": "Érvénytelen számformátum. Adjon meg érvényes számot.",
      "no_activity_yet": "Még nincs tevékenység",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Hozzáférést kapó munkaterületek"
      },
      "general": {
-        "ai_data_analysis_enabled": "Adatgazdagítás és elemzés (AI)",
-        "ai_data_analysis_enabled_description": "AI segítségével többet hozhat ki az adataiból, irányítópultokat, diagramokat, jelentéseket és egyebeket állíthat be. Hozzáfér az élményekhez kapcsolódó adatokhoz.",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "AI-alapú funkciók kezelése ehhez a szervezethez.",
        "ai_instance_not_configured": "Az MI példányszinten, környezeti változókkal van konfigurálva. Kérd meg a rendszergazdát, hogy állítsa be az AI_PROVIDER értékét, a szolgáltató hitelesítő adatait és a megfelelő modelllistát, mielőtt engedélyezné az MI-funkciókat.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "A „Kérdőív lezárva” üzenet módosítása",
        "adjust_survey_closed_message_description": "Annak az üzenetnek a megváltoztatása, amelyet a látogatók akkor látnak, amikor a kérdőív lezárul.",
        "adjust_theme_in_look_and_feel_settings": "A témát a <lookFeelLink>Megjelenés és Élmény</lookFeelLink> beállításokban módosíthatja.",
-        "ai_data_analysis_disabled": "Az AI adatelemzés le van tiltva ezen szervezet számára.",
        "ai_features_not_enabled": "Az AI funkciók nincsenek engedélyezve ezen szervezet számára.",
        "ai_instance_not_configured": "Az AI nincs konfigurálva. Kérjük, forduljon a rendszergazdájához.",
        "ai_smart_tools_disabled": "Az AI intelligens eszközök le vannak tiltva ezen szervezet számára.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "小文字のアルファベット、数字、アンダースコアのみ使用可能です。アルファベットで始める必要があります。",
      "attribute_key_placeholder": "例: date_of_birth",
      "attribute_key_required": "キーは必須です",
+      "attribute_key_reserved_future_default": "このキーは将来のデフォルト属性用に予約されています（{reservedKeys}）。別のキーを選択してください。",
      "attribute_key_safe_identifier_required": "キーは安全な識別子である必要があります: 小文字のアルファベット、数字、アンダースコアのみ使用可能で、アルファベットで始める必要があります",
      "attribute_label": "ラベル",
      "attribute_label_placeholder": "例: 生年月日",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "個人リンクを生成",
      "generate_personal_link_description": "公開されたフォームを選択して、この連絡先用のパーソナライズされたリンクを生成します。",
      "invalid_csv_column_names": "無効なCSV列名: {columns}。新しい属性となる列名は、小文字、数字、アンダースコアのみを含み、文字で始まる必要があります。",
+      "invalid_csv_reserved_column_names": "予約されたCSV列名: {columns}。これらの名前は将来のデフォルト属性（{reservedKeys}）用に予約されており、新しい属性として作成できません。",
      "invalid_date_format": "無効な日付形式です。有効な日付を使用してください。",
      "invalid_number_format": "無効な数値形式です。有効な数値を入力してください。",
      "no_activity_yet": "まだアクティビティがありません",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "アクセス権が付与されるワークスペース"
      },
      "general": {
-        "ai_data_analysis_enabled": "データエンリッチメントと分析（AI）",
-        "ai_data_analysis_enabled_description": "AIを活用してデータから最大限の価値を引き出し、ダッシュボード、チャート、レポートなどを設定できます。エクスペリエンスデータに触れます。",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "この組織のAI機能を管理します。",
        "ai_instance_not_configured": "AI は環境変数を使ってインスタンスレベルで設定されます。AI 機能を有効にする前に、管理者に AI_PROVIDER、このプロバイダーの認証情報、および対応するモデル一覧を設定してもらってください。",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "「フォームはクローズしました」メッセージを調整",
        "adjust_survey_closed_message_description": "フォームがクローズしたときに訪問者が見るメッセージを変更します。",
        "adjust_theme_in_look_and_feel_settings": "テーマは<lookFeelLink>外観</lookFeelLink>設定で調整できます。",
-        "ai_data_analysis_disabled": "この組織ではAIデータ分析が無効になっています。",
        "ai_features_not_enabled": "この組織ではAI機能が有効になっていません。",
        "ai_instance_not_configured": "AIが設定されていません。管理者にお問い合わせください。",
        "ai_smart_tools_disabled": "この組織ではAIスマートツールが無効になっています。",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Alleen kleine letters, cijfers en onderstrepingstekens. Moet beginnen met een letter.",
      "attribute_key_placeholder": "bijv. geboortedatum",
      "attribute_key_required": "Sleutel is verplicht",
+      "attribute_key_reserved_future_default": "Sleutel is gereserveerd voor toekomstige standaardattributen ({reservedKeys}). Kies een andere sleutel.",
      "attribute_key_safe_identifier_required": "Sleutel moet een veilige identifier zijn: alleen kleine letters, cijfers en onderstrepingstekens, en moet beginnen met een letter",
      "attribute_label": "Label",
      "attribute_label_placeholder": "bijv. Geboortedatum",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Persoonlijke link genereren",
      "generate_personal_link_description": "Selecteer een gepubliceerde enquête om een gepersonaliseerde link voor dit contact te genereren.",
      "invalid_csv_column_names": "Ongeldige CSV-kolomna(a)m(en): {columns}. Kolomnamen die nieuwe kenmerken worden, mogen alleen kleine letters, cijfers en underscores bevatten en moeten beginnen met een letter.",
+      "invalid_csv_reserved_column_names": "Gereserveerde CSV-kolomnaam/namen: {columns}. Deze namen zijn gereserveerd voor toekomstige standaardattributen ({reservedKeys}) en kunnen niet als nieuwe attributen worden aangemaakt.",
      "invalid_date_format": "Ongeldig datumformaat. Gebruik een geldige datum.",
      "invalid_number_format": "Ongeldig getalformaat. Voer een geldig getal in.",
      "no_activity_yet": "Nog geen activiteit",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Werkruimtes die toegang krijgen"
      },
      "general": {
-        "ai_data_analysis_enabled": "Dataverrijking & analyse (AI)",
-        "ai_data_analysis_enabled_description": "AI om meer uit je data te halen, dashboards op te zetten, grafieken, rapporten en meer. Raakt je ervaringsdata aan.",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "Beheer AI-functies voor deze organisatie.",
        "ai_instance_not_configured": "AI wordt op instantieniveau geconfigureerd via omgevingsvariabelen. Vraag je beheerder om AI_PROVIDER, de inloggegevens voor die provider en de bijbehorende modellenlijst in te stellen voordat AI-functies worden ingeschakeld.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "Pas het bericht 'Enquête gesloten' aan",
        "adjust_survey_closed_message_description": "Wijzig het bericht dat bezoekers zien wanneer de enquête wordt gesloten.",
        "adjust_theme_in_look_and_feel_settings": "Pas het thema aan in de <lookFeelLink>Look & Feel</lookFeelLink> instellingen.",
-        "ai_data_analysis_disabled": "AI-gegevensanalyse is uitgeschakeld voor deze organisatie.",
        "ai_features_not_enabled": "AI-functies zijn niet ingeschakeld voor deze organisatie.",
        "ai_instance_not_configured": "AI is niet geconfigureerd. Neem contact op met je beheerder.",
        "ai_smart_tools_disabled": "AI slimme tools zijn uitgeschakeld voor deze organisatie.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Apenas letras minúsculas, números e underscores. Deve começar com uma letra.",
      "attribute_key_placeholder": "ex: data_de_nascimento",
      "attribute_key_required": "A chave é obrigatória",
+      "attribute_key_reserved_future_default": "A chave está reservada para atributos padrão futuros ({reservedKeys}). Por favor, escolha uma chave diferente.",
      "attribute_key_safe_identifier_required": "A chave deve ser um identificador seguro: apenas letras minúsculas, números e underscores, e deve começar com uma letra",
      "attribute_label": "Etiqueta",
      "attribute_label_placeholder": "ex: Data de nascimento",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Gerar link pessoal",
      "generate_personal_link_description": "Selecione uma pesquisa publicada para gerar um link personalizado para este contato.",
      "invalid_csv_column_names": "Nome(s) de coluna CSV inválido(s): {columns}. Os nomes de colunas que se tornarão novos atributos devem conter apenas letras minúsculas, números e sublinhados, e devem começar com uma letra.",
+      "invalid_csv_reserved_column_names": "Nome(s) de coluna CSV reservado(s): {columns}. Esses nomes estão reservados para atributos padrão futuros ({reservedKeys}) e não podem ser criados como novos atributos.",
      "invalid_date_format": "Formato de data inválido. Por favor, use uma data válida.",
      "invalid_number_format": "Formato de número inválido. Por favor, insira um número válido.",
      "no_activity_yet": "Nenhuma atividade ainda",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Workspaces recebendo acesso"
      },
      "general": {
-        "ai_data_analysis_enabled": "Enriquecimento e análise de dados (IA)",
-        "ai_data_analysis_enabled_description": "IA para extrair mais dos seus dados, configurar dashboards, gráficos, relatórios e muito mais. Acessa os dados da sua experiência.",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "Gerencie recursos com IA para esta organização.",
        "ai_instance_not_configured": "A IA é configurada no nível da instância por meio de variáveis de ambiente. Peça ao seu administrador para definir AI_PROVIDER, as credenciais desse provedor e a lista de modelos correspondente antes de habilitar os recursos de IA.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "Ajustar mensagem 'Pesquisa Encerrada''",
        "adjust_survey_closed_message_description": "Mude a mensagem que os visitantes veem quando a pesquisa está fechada.",
        "adjust_theme_in_look_and_feel_settings": "Ajuste o tema nas configurações de <lookFeelLink>Aparência</lookFeelLink>.",
-        "ai_data_analysis_disabled": "A análise de dados por IA está desabilitada para esta organização.",
        "ai_features_not_enabled": "Os recursos de IA não estão habilitados para esta organização.",
        "ai_instance_not_configured": "A IA não está configurada. Entre em contato com seu administrador.",
        "ai_smart_tools_disabled": "As ferramentas inteligentes de IA estão desabilitadas para esta organização.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Apenas letras minúsculas, números e sublinhados. Deve começar com uma letra.",
      "attribute_key_placeholder": "ex. data_de_nascimento",
      "attribute_key_required": "A chave é obrigatória",
+      "attribute_key_reserved_future_default": "A chave está reservada para atributos padrão futuros ({reservedKeys}). Por favor, escolhe uma chave diferente.",
      "attribute_key_safe_identifier_required": "A chave deve ser um identificador seguro: apenas letras minúsculas, números e sublinhados, e deve começar com uma letra",
      "attribute_label": "Etiqueta",
      "attribute_label_placeholder": "ex. Data de nascimento",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Gerar Link Pessoal",
      "generate_personal_link_description": "Selecione um inquérito publicado para gerar um link personalizado para este contacto.",
      "invalid_csv_column_names": "Nome(s) de coluna CSV inválido(s): {columns}. Os nomes de colunas que se tornarão novos atributos devem conter apenas letras minúsculas, números e underscores, e devem começar com uma letra.",
+      "invalid_csv_reserved_column_names": "Nome(s) de coluna CSV reservado(s): {columns}. Estes nomes estão reservados para atributos padrão futuros ({reservedKeys}) e não podem ser criados como novos atributos.",
      "invalid_date_format": "Formato de data inválido. Por favor, usa uma data válida.",
      "invalid_number_format": "Formato de número inválido. Por favor, introduz um número válido.",
      "no_activity_yet": "Ainda sem atividade",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Workspaces a receber acesso"
      },
      "general": {
-        "ai_data_analysis_enabled": "Enriquecimento e análise de dados (IA)",
-        "ai_data_analysis_enabled_description": "IA para tirar mais partido dos teus dados, configurar dashboards, gráficos, relatórios e muito mais. Acede aos dados da tua experiência.",
        "ai_enabled": "IA da Formbricks",
        "ai_enabled_description": "Gerir funcionalidades com IA para esta organização.",
        "ai_instance_not_configured": "A IA é configurada ao nível da instância através de variáveis de ambiente. Peça ao seu administrador para definir AI_PROVIDER, as credenciais desse fornecedor e a lista de modelos correspondente antes de ativar as funcionalidades de IA.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "Ajustar mensagem de 'Inquérito Fechado'",
        "adjust_survey_closed_message_description": "Alterar a mensagem que os visitantes veem quando o inquérito está fechado.",
        "adjust_theme_in_look_and_feel_settings": "Ajusta o tema nas definições de <lookFeelLink>Aparência</lookFeelLink>.",
-        "ai_data_analysis_disabled": "A análise de dados por IA está desativada para esta organização.",
        "ai_features_not_enabled": "As funcionalidades de IA não estão ativadas para esta organização.",
        "ai_instance_not_configured": "A IA não está configurada. Contacta o teu administrador.",
        "ai_smart_tools_disabled": "As ferramentas inteligentes de IA estão desativadas para esta organização.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Doar litere mici, cifre și caractere de subliniere. Trebuie să înceapă cu o literă.",
      "attribute_key_placeholder": "ex: date_of_birth",
      "attribute_key_required": "Cheia este obligatorie",
+      "attribute_key_reserved_future_default": "Cheia este rezervată pentru atribute implicite viitoare ({reservedKeys}). Te rugăm să alegi o cheie diferită.",
      "attribute_key_safe_identifier_required": "Cheia trebuie să fie un identificator sigur: doar litere mici, cifre și caractere de subliniere, și trebuie să înceapă cu o literă",
      "attribute_label": "Etichetă",
      "attribute_label_placeholder": "ex: Data nașterii",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Generează link personal",
      "generate_personal_link_description": "Selectați un sondaj publicat pentru a genera un link personalizat pentru acest contact.",
      "invalid_csv_column_names": "Nume de coloană CSV nevalide: {columns}. Numele coloanelor care vor deveni atribute noi trebuie să conțină doar litere mici, cifre și caractere de subliniere și trebuie să înceapă cu o literă.",
+      "invalid_csv_reserved_column_names": "Nume de coloană CSV rezervate: {columns}. Aceste nume sunt rezervate pentru atribute implicite viitoare ({reservedKeys}) și nu pot fi create ca atribute noi.",
      "invalid_date_format": "Format de dată invalid. Te rugăm să folosești o dată validă.",
      "invalid_number_format": "Format de număr invalid. Te rugăm să introduci un număr valid.",
      "no_activity_yet": "Nicio activitate încă",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Spații de lucru cărora li se acordă acces"
      },
      "general": {
-        "ai_data_analysis_enabled": "Îmbogățire și analiză de date (AI)",
-        "ai_data_analysis_enabled_description": "AI pentru a obține mai mult din datele tale, configurare dashboard-uri, grafice, rapoarte și multe altele. Accesează datele tale de experiență.",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "Gestionează funcționalitățile bazate pe AI pentru această organizație.",
        "ai_instance_not_configured": "AI este configurată la nivel de instanță prin variabile de mediu. Cere administratorului să configureze AI_PROVIDER, credențialele acelui furnizor și lista de modele corespunzătoare înainte de a activa funcționalitățile AI.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "Ajustați mesajul 'Sondaj Închis'",
        "adjust_survey_closed_message_description": "Schimbați mesajul pe care îl văd vizitatorii atunci când sondajul este închis.",
        "adjust_theme_in_look_and_feel_settings": "Ajustează tema în setările <lookFeelLink>Aspect și Experiență</lookFeelLink>.",
-        "ai_data_analysis_disabled": "Analiza de date AI este dezactivată pentru această organizație.",
        "ai_features_not_enabled": "Funcțiile AI nu sunt activate pentru această organizație.",
        "ai_instance_not_configured": "AI nu este configurat. Contactează administratorul.",
        "ai_smart_tools_disabled": "Instrumentele inteligente AI sunt dezactivate pentru această organizație.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Только строчные буквы, цифры и символы подчёркивания. Должен начинаться с буквы.",
      "attribute_key_placeholder": "например, date_of_birth",
      "attribute_key_required": "Ключ обязателен",
+      "attribute_key_reserved_future_default": "Ключ зарезервирован для будущих атрибутов по умолчанию ({reservedKeys}). Пожалуйста, выбери другой ключ.",
      "attribute_key_safe_identifier_required": "Ключ должен быть безопасным идентификатором: только строчные буквы, цифры и символы подчёркивания, и должен начинаться с буквы",
      "attribute_label": "Метка",
      "attribute_label_placeholder": "например, дата рождения",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Сгенерировать персональную ссылку",
      "generate_personal_link_description": "Выберите опубликованный опрос, чтобы сгенерировать персональную ссылку для этого контакта.",
      "invalid_csv_column_names": "Недопустимые имена столбцов в CSV: {columns}. Имена столбцов, которые станут новыми атрибутами, должны содержать только строчные буквы, цифры и подчёркивания, а также начинаться с буквы.",
+      "invalid_csv_reserved_column_names": "Зарезервированные названия столбцов CSV: {columns}. Эти названия зарезервированы для будущих атрибутов по умолчанию ({reservedKeys}) и не могут быть созданы как новые атрибуты.",
      "invalid_date_format": "Неверный формат даты. Пожалуйста, используйте корректную дату.",
      "invalid_number_format": "Неверный формат числа. Пожалуйста, введите корректное число.",
      "no_activity_yet": "Пока нет активности",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Рабочие пространства, которым предоставляется доступ"
      },
      "general": {
-        "ai_data_analysis_enabled": "Обогащение и анализ данных (ИИ)",
-        "ai_data_analysis_enabled_description": "ИИ для получения большего от твоих данных: настройка дашбордов, графиков, отчетов и не только. Работает с твоими данными об опыте.",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "Управляй функциями на базе ИИ для этой организации.",
        "ai_instance_not_configured": "ИИ настраивается на уровне инстанса через переменные окружения. Попросите администратора настроить AI_PROVIDER, учетные данные этого провайдера и соответствующий список моделей перед включением функций ИИ.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "Изменить сообщение «Опрос закрыт»",
        "adjust_survey_closed_message_description": "Измените сообщение, которое видят посетители, когда опрос закрыт.",
        "adjust_theme_in_look_and_feel_settings": "Настройте тему в разделе <lookFeelLink>Внешний вид</lookFeelLink>.",
-        "ai_data_analysis_disabled": "Анализ данных с помощью ИИ отключён для этой организации.",
        "ai_features_not_enabled": "Функции ИИ не включены для этой организации.",
        "ai_instance_not_configured": "ИИ не настроен. Свяжись с администратором.",
        "ai_smart_tools_disabled": "Умные инструменты ИИ отключены для этой организации.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Endast små bokstäver, siffror och understreck. Måste börja med en bokstav.",
      "attribute_key_placeholder": "t.ex. date_of_birth",
      "attribute_key_required": "Nyckel krävs",
+      "attribute_key_reserved_future_default": "Nyckeln är reserverad för framtida standardattribut ({reservedKeys}). Välj en annan nyckel.",
      "attribute_key_safe_identifier_required": "Nyckeln måste vara en säker identifierare: endast små bokstäver, siffror och understreck, och måste börja med en bokstav",
      "attribute_label": "Etikett",
      "attribute_label_placeholder": "t.ex. Födelsedatum",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Generera personlig länk",
      "generate_personal_link_description": "Välj en publicerad enkät för att generera en personlig länk för denna kontakt.",
      "invalid_csv_column_names": "Ogiltiga CSV-kolumnnamn: {columns}. Kolumnnamn som ska bli nya attribut får bara innehålla små bokstäver, siffror och understreck, och måste börja med en bokstav.",
+      "invalid_csv_reserved_column_names": "Reserverade CSV-kolumnnamn: {columns}. Dessa namn är reserverade för framtida standardattribut ({reservedKeys}) och kan inte skapas som nya attribut.",
      "invalid_date_format": "Ogiltigt datumformat. Ange ett giltigt datum.",
      "invalid_number_format": "Ogiltigt nummerformat. Ange ett giltigt nummer.",
      "no_activity_yet": "Ingen aktivitet än",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Arbetsytor som beviljas åtkomst"
      },
      "general": {
-        "ai_data_analysis_enabled": "Dataförbättring & analys (AI)",
-        "ai_data_analysis_enabled_description": "AI för att få ut mer av din data, skapa dashboards, diagram, rapporter och mer. Använder din upplevelsedata.",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "Hantera AI-drivna funktioner för den här organisationen.",
        "ai_instance_not_configured": "AI konfigureras på instansnivå via miljövariabler. Be din administratör att ange AI_PROVIDER, autentiseringsuppgifterna för den leverantören och den tillhörande modellistan innan AI-funktioner aktiveras.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "Justera meddelande för 'Enkät stängd'",
        "adjust_survey_closed_message_description": "Ändra meddelandet besökare ser när enkäten är stängd.",
        "adjust_theme_in_look_and_feel_settings": "Justera temat i inställningarna för <lookFeelLink>Utseende & Känsla</lookFeelLink>.",
-        "ai_data_analysis_disabled": "AI-dataanalys är inaktiverad för den här organisationen.",
        "ai_features_not_enabled": "AI-funktioner är inte aktiverade för den här organisationen.",
        "ai_instance_not_configured": "AI är inte konfigurerad. Kontakta din administratör.",
        "ai_smart_tools_disabled": "AI smarta verktyg är inaktiverade för den här organisationen.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "Yalnızca küçük harfler, rakamlar ve alt çizgiler. Bir harfle başlamalıdır.",
      "attribute_key_placeholder": "örn. dogum_tarihi",
      "attribute_key_required": "Anahtar gereklidir",
+      "attribute_key_reserved_future_default": "Anahtar, gelecekteki varsayılan özellikler için ayrılmıştır ({reservedKeys}). Lütfen farklı bir anahtar seçin.",
      "attribute_key_safe_identifier_required": "Anahtar güvenli bir tanımlayıcı olmalıdır: yalnızca küçük harfler, rakamlar ve alt çizgiler içermeli ve bir harfle başlamalıdır",
      "attribute_label": "Etiket",
      "attribute_label_placeholder": "örn. Doğum Tarihi",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "Kişisel Bağlantı Oluştur",
      "generate_personal_link_description": "Bu kişi için kişiselleştirilmiş bir bağlantı oluşturmak üzere yayınlanmış bir anket seç.",
      "invalid_csv_column_names": "Geçersiz CSV sütun adı/adları: {columns}. Yeni özellik olacak sütun adları yalnızca küçük harf, rakam ve alt çizgi içerebilir ve bir harfle başlamalıdır.",
+      "invalid_csv_reserved_column_names": "Ayrılmış CSV sütun adı/adları: {columns}. Bu adlar gelecekteki varsayılan özellikler ({reservedKeys}) için ayrılmıştır ve yeni özellik olarak oluşturulamaz.",
      "invalid_date_format": "Geçersiz tarih formatı. Lütfen geçerli bir tarih kullanın.",
      "invalid_number_format": "Geçersiz sayı formatı. Lütfen geçerli bir sayı girin.",
      "no_activity_yet": "Henüz aktivite yok",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "Erişim verilen çalışma alanları"
      },
      "general": {
-        "ai_data_analysis_enabled": "Veri zenginleştirme ve analiz (Yapay Zeka)",
-        "ai_data_analysis_enabled_description": "Verilerinden daha fazlasını elde etmek, kontrol panelleri, grafikler, raporlar ve daha fazlasını kurmak için yapay zeka. Deneyim verilerine dokunur.",
        "ai_enabled": "Formbricks Yapay Zeka",
        "ai_enabled_description": "Bu organizasyon için yapay zeka destekli özellikleri yönet.",
        "ai_instance_not_configured": "Yapay zeka, ortam değişkenleri aracılığıyla instance seviyesinde yapılandırılır. Yapay zeka özelliklerini etkinleştirmeden önce yöneticinden AI_PROVIDER, AI_MODEL ve eşleşen sağlayıcı kimlik bilgilerini ayarlamasını iste.",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "\"Anket Kapatıldı\" mesajını düzenle",
        "adjust_survey_closed_message_description": "Anket kapalıyken ziyaretçilerin gördüğü mesajı değiştir.",
        "adjust_theme_in_look_and_feel_settings": "Temayı <lookFeelLink>Görünüm ve His</lookFeelLink> Ayarlarından düzenleyin.",
-        "ai_data_analysis_disabled": "Bu organizasyon için yapay zeka veri analizi devre dışı.",
        "ai_features_not_enabled": "Bu organizasyon için yapay zeka özellikleri etkinleştirilmemiş.",
        "ai_instance_not_configured": "Yapay zeka yapılandırılmamış. Yöneticinle iletişime geç.",
        "ai_smart_tools_disabled": "Bu organizasyon için yapay zeka akıllı araçları devre dışı.",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "仅允许小写字母、数字和下划线，且必须以字母开头。",
      "attribute_key_placeholder": "例如：date_of_birth",
      "attribute_key_required": "键为必填项",
+      "attribute_key_reserved_future_default": "该键已保留用于未来的默认属性（{reservedKeys}）。请选择其他键。",
      "attribute_key_safe_identifier_required": "键必须为安全标识符：仅允许小写字母、数字和下划线，且必须以字母开头",
      "attribute_label": "标签",
      "attribute_label_placeholder": "例如：出生日期",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "生成个人链接",
      "generate_personal_link_description": "选择一个已发布的调查，为此联系人生成个性化链接。",
      "invalid_csv_column_names": "无效的 CSV 列名：{columns}。作为新属性的列名只能包含小写字母、数字和下划线，并且必须以字母开头。",
+      "invalid_csv_reserved_column_names": "CSV 列名已被保留：{columns}。这些名称已保留用于未来的默认属性（{reservedKeys}），无法创建为新属性。",
      "invalid_date_format": "日期格式无效。请使用有效日期。",
      "invalid_number_format": "数字格式无效。请输入有效的数字。",
      "no_activity_yet": "暂无活动",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "将被授权访问的工作区"
      },
      "general": {
-        "ai_data_analysis_enabled": "数据增强与分析（AI）",
-        "ai_data_analysis_enabled_description": "使用 AI 深度挖掘你的数据，设置仪表盘、图表、报告等。会处理你的体验数据。",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "管理该组织的 AI 驱动功能。",
        "ai_instance_not_configured": "AI 通过环境变量在实例级别进行配置。启用 AI 功能前，请让管理员设置 AI_PROVIDER、该提供商的凭据以及对应的模型列表。",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "调整 \"调查 关闭\" 消息",
        "adjust_survey_closed_message_description": "更改 访客 看到 调查 关闭 时 的 消息。",
        "adjust_theme_in_look_and_feel_settings": "在<lookFeelLink>外观与感觉</lookFeelLink>设置中调整主题。",
-        "ai_data_analysis_disabled": "此组织已禁用 AI 数据分析。",
        "ai_features_not_enabled": "此组织未启用 AI 功能。",
        "ai_instance_not_configured": "AI 未配置。请联系您的管理员。",
        "ai_smart_tools_disabled": "此组织已禁用 AI 智能工具。",
@@ -1935,6 +1935,7 @@
      "attribute_key_hint": "僅限小寫字母、數字和底線，且必須以字母開頭。",
      "attribute_key_placeholder": "例如：date_of_birth",
      "attribute_key_required": "金鑰為必填項目",
+      "attribute_key_reserved_future_default": "此鍵已保留供未來預設屬性使用（{reservedKeys}）。請選擇其他鍵。",
      "attribute_key_safe_identifier_required": "金鑰必須為安全識別字：僅限小寫字母、數字和底線，且必須以字母開頭",
      "attribute_label": "標籤",
      "attribute_label_placeholder": "例如：出生日期",
@@ -1969,6 +1970,7 @@
      "generate_personal_link": "產生個人連結",
      "generate_personal_link_description": "選擇一個已發佈的問卷，為此聯絡人產生個人化連結。",
      "invalid_csv_column_names": "無效的 CSV 欄位名稱：{columns}。作為新屬性的欄位名稱只能包含小寫字母、數字和底線，且必須以字母開頭。",
+      "invalid_csv_reserved_column_names": "保留的 CSV 欄位名稱：{columns}。這些名稱已保留供未來預設屬性使用（{reservedKeys}），無法建立為新屬性。",
      "invalid_date_format": "日期格式無效。請使用有效的日期。",
      "invalid_number_format": "數字格式無效。請輸入有效的數字。",
      "no_activity_yet": "尚無活動",
@@ -2610,8 +2612,6 @@
        "workspaces_being_added": "正在授予存取權限的工作區"
      },
      "general": {
-        "ai_data_analysis_enabled": "資料增強與分析（AI）",
-        "ai_data_analysis_enabled_description": "利用 AI 深入分析你的資料，建立儀表板、圖表、報告等。會處理你的體驗資料。",
        "ai_enabled": "Formbricks AI",
        "ai_enabled_description": "管理此組織的 AI 功能。",
        "ai_instance_not_configured": "AI 會透過環境變數在實例層級進行設定。啟用 AI 功能前，請管理員設定 AI_PROVIDER、該供應商的憑證，以及對應的模型清單。",
@@ -2818,7 +2818,6 @@
        "adjust_survey_closed_message": "調整「問卷已關閉」訊息",
        "adjust_survey_closed_message_description": "變更訪客在問卷關閉時看到的訊息。",
        "adjust_theme_in_look_and_feel_settings": "在<lookFeelLink>外觀與感覺</lookFeelLink>設定中調整主題。",
-        "ai_data_analysis_disabled": "此組織已停用 AI 資料分析。",
        "ai_features_not_enabled": "此組織未啟用 AI 功能。",
        "ai_instance_not_configured": "AI 未設定。請聯絡您的管理員。",
        "ai_smart_tools_disabled": "此組織已停用 AI 智慧工具。",
@@ -1,6 +1,7 @@
 import { ZodRawShape, z } from "zod";
 import { logger } from "@formbricks/logger";
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
+import { RequestBodyTooLargeError, parseJsonBodyWithLimit } from "@/app/lib/api/request-body";
 import { TApiAuditLog } from "@/app/lib/api/with-api-logging";
 import { formatZodError, handleApiError } from "@/modules/api/v2/lib/utils";
 import { applyRateLimit } from "@/modules/core/rate-limit/helpers";
@@ -73,10 +74,22 @@ export const apiWrapper = async <S extends ExtendedSchemas>({
  let parsedInput: ParsedSchemas<S> = {} as ParsedSchemas<S>;

  if (schemas?.body) {
-    let bodyData;
+    let bodyData: Record<string, unknown>;
    try {
-      bodyData = await request.json();
+      bodyData = await parseJsonBodyWithLimit<Record<string, unknown>>(request);
    } catch (error) {
+      if (error instanceof RequestBodyTooLargeError) {
+        return handleApiError(request, {
+          type: "payload_too_large",
+          details: [
+            {
+              field: "body",
+              issue: error.message,
+            },
+          ],
+        });
+      }
+
      logger.error({ error, url: request.url }, "Error parsing JSON input");
      return handleApiError(request, {
        type: "bad_request",
@@ -1,6 +1,7 @@
 import { describe, expect, test, vi } from "vitest";
 import { z } from "zod";
 import { err, ok } from "@formbricks/types/error-handlers";
+import { DEFAULT_REQUEST_BODY_LIMIT_BYTES } from "@/app/lib/api/request-body";
 import { apiWrapper } from "@/modules/api/v2/auth/api-wrapper";
 import { authenticateRequest } from "@/modules/api/v2/auth/authenticate-request";
 import { handleApiError } from "@/modules/api/v2/lib/utils";
@@ -164,6 +165,42 @@ describe("apiWrapper", () => {
    });
  });

+  test("should handle oversized JSON input in request body", async () => {
+    const request = new Request("http://localhost", {
+      method: "POST",
+      body: "{}",
+      headers: {
+        "Content-Length": String(DEFAULT_REQUEST_BODY_LIMIT_BYTES + 1),
+        "Content-Type": "application/json",
+      },
+    });
+
+    vi.mocked(authenticateRequest).mockResolvedValue(ok(mockAuthentication));
+    vi.mocked(handleApiError).mockResolvedValue(new Response("error", { status: 413 }));
+
+    const bodySchema = z.object({ key: z.string() });
+    const handler = vi.fn();
+
+    const response = await apiWrapper({
+      request,
+      schemas: { body: bodySchema },
+      rateLimit: false,
+      handler,
+    });
+
+    expect(response.status).toBe(413);
+    expect(handler).not.toHaveBeenCalled();
+    expect(handleApiError).toHaveBeenCalledWith(request, {
+      type: "payload_too_large",
+      details: [
+        {
+          field: "body",
+          issue: `Request body must not exceed ${DEFAULT_REQUEST_BODY_LIMIT_BYTES} bytes`,
+        },
+      ],
+    });
+  });
+
  test("should handle empty body when body schema is provided", async () => {
    const request = new Request("http://localhost", {
      method: "POST",
@@ -148,6 +148,35 @@ const conflictResponse = ({
  );
 };

+const payloadTooLargeResponse = ({
+  details = [],
+  cors = false,
+  cache = "private, no-store",
+}: {
+  details?: ApiErrorDetails;
+  cors?: boolean;
+  cache?: string;
+} = {}) => {
+  const headers = {
+    ...(cors && corsHeaders),
+    "Cache-Control": cache,
+  };
+
+  return Response.json(
+    {
+      error: {
+        code: 413,
+        message: "Payload Too Large",
+        details,
+      },
+    },
+    {
+      status: 413,
+      headers,
+    }
+  );
+};
+
 const unprocessableEntityResponse = ({
  details = [],
  cors = false,
@@ -351,6 +380,7 @@ export const responses = {
  forbiddenResponse,
  notFoundResponse,
  conflictResponse,
+  payloadTooLargeResponse,
  unprocessableEntityResponse,
  tooManyRequestsResponse,
  internalServerErrorResponse,
@@ -85,6 +85,18 @@ describe("utils", () => {
      expect(body.error.message).toBe("Conflict");
    });

+    test('return payload too large response for "payload_too_large" error', async () => {
+      const details = [{ field: "body", issue: "Request body must not exceed 2097152 bytes" }];
+      const error: ApiErrorResponseV2 = { type: "payload_too_large", details };
+
+      const response = handleApiError(mockRequest, error);
+      expect(response.status).toBe(413);
+      const body = await response.json();
+      expect(body.error.code).toBe(413);
+      expect(body.error.message).toBe("Payload Too Large");
+      expect(body.error.details).toEqual(details);
+    });
+
    test('return unprocessable entity response for "unprocessable_entity" error', async () => {
      const details = [{ field: "data", issue: "malformed" }];
      const error: ApiErrorResponseV2 = { type: "unprocessable_entity", details };
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Matti Nannt	44d1d7a962	fix: remove invalid placeholder ARIA roles from membership role controls `role="button-role"` and `role="badge-role"` are not valid ARIA roles — they look like placeholder values that were never replaced. The underlying `<Button>` already carries the implicit `button` role, and the `<Badge>` is decorative (its text content conveys the value), so the right fix is to drop both attributes rather than substitute new roles. Flagged by react-doctor as react-doctor/aria-role (Accessibility, error). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-23 14:40:40 +02:00
Bhagya Amarasinghe	be5beaeed7	fix: harden Helm release secret lookups (#8118 )	2026-05-22 11:54:20 +00:00
Dhruwang Jariwala	bc56f99fd8	feat: cascade delete Hub feedback records on org deletion (ENG-973) (#8055 ) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-22 10:51:00 +00:00
Harsh Bhat	0f38627627	docs: restructure into Platform, Surveys, and Unify Feedback tabs (#8114 ) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Johannes <johannes@formbricks.com>	2026-05-22 09:09:03 +00:00
Bhagya Amarasinghe	a878bdff42	fix: limit JSON request body size (#8051 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-05-22 08:09:45 +00:00
Bhagya Amarasinghe	d757e12c76	fix: return 404 when response is deleted mid-update (#8049 )	2026-05-22 07:58:35 +00:00
Bhagya Amarasinghe	629febb2f7	fix: order Helm Hub migrations after Prisma (#8104 )	2026-05-22 06:31:11 +00:00
Bhagya Amarasinghe	40b93cc834	fix: use Valkey for bundled Helm Redis (#8092 )	2026-05-22 05:56:57 +00:00
Anshuman Pandey	f41d2c14f1	fix: pin DNS and block redirects on webhook delivery in the response pipeline (#8095 ) Co-authored-by: Bhagya Amarasinghe <b.sithumini@yahoo.com>	2026-05-22 04:46:20 +00:00
Matti Nannt	af51414b03	fix: remove isAIDataAnalysisEnabled (ENG-1039) (#8109 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-21 15:54:36 +00:00
Matti Nannt	a9e39dd4ab	fix: validate displayId ownership on response creation (ENG-825) (#8046 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-21 13:11:19 +00:00
Johannes	c8b0bb2225	fix: reserve future contact keys and improve segment errors (ENG-1037, ENG-994) (#8101 ) Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-21 11:41:23 +00:00
				`@@ -1 +0,0 @@`
				`export const V3_SURVEY_TRANSLATABLE_METADATA_KEYS = ["title", "description"] as const;`