feat: add expand parameter to getResponses API for enriched data

fix: org managers not able to access api keys (#7123 )
feat: introduce language variations (#7082 )
2026-02-03 21:59:38 -06:00 · 2026-01-16 10:54:18 +00:00 · 2026-01-16 09:54:54 +00:00 · 2026-01-16 08:51:20 +00:00 · 2026-01-16 08:20:23 +00:00 · 2026-01-16 07:19:18 +00:00
131 changed files with 3825 additions and 3844 deletions
--- a/.cursor/rules/build-and-deployment.mdc
+++ b/.cursor/rules/build-and-deployment.mdc
@@ -1,61 +0,0 @@
---
-description: 
-globs: 
-alwaysApply: false
---
-# Build & Deployment Best Practices
-
-## Build Process
-
-### Running Builds
- Use `pnpm build` from project root for full build
- Monitor for React hooks warnings and fix them immediately
- Ensure all TypeScript errors are resolved before deployment
-
-### Common Build Issues & Fixes
-
-#### React Hooks Warnings
- Capture ref values in variables within useEffect cleanup
- Avoid accessing `.current` directly in cleanup functions
- Pattern for fixing ref cleanup warnings:
-```typescript
-useEffect(() => {
-  const currentRef = myRef.current;
-  return () => {
-    if (currentRef) {
-      currentRef.cleanup();
-    }
-  };
-}, []);
-```
-
-#### Test Failures During Build
- Ensure all test mocks include required constants like `SESSION_MAX_AGE`
- Mock Next.js navigation hooks properly: `useParams`, `useRouter`, `useSearchParams`
- Remove unused imports and constants from test files
- Use literal values instead of imported constants when the constant isn't actually needed
-
-### Test Execution
- Run `pnpm test` to execute all tests
- Use `pnpm test -- --run filename.test.tsx` for specific test files
- Fix test failures before merging code
- Ensure 100% test coverage for new components
-
-### Performance Monitoring
- Monitor build times and optimize if necessary
- Watch for memory usage during builds
- Use proper caching strategies for faster rebuilds
-
-### Deployment Checklist
-1. All tests passing
-2. Build completes without warnings
-3. TypeScript compilation successful
-4. No linter errors
-5. Database migrations applied (if any)
-6. Environment variables configured
-
-### EKS Deployment Considerations
- Ensure latest code is deployed to all pods
- Monitor AWS RDS Performance Insights for database issues
- Verify environment-specific configurations
- Check pod health and resource usage
--- a/.cursor/rules/cache-optimization.mdc
+++ b/.cursor/rules/cache-optimization.mdc
@@ -1,415 +0,0 @@
---
-description: Caching rules for performance improvements
-globs: 
-alwaysApply: false
---
-# Cache Optimization Patterns for Formbricks
-
-## Cache Strategy Overview
-
-Formbricks uses a **hybrid caching approach** optimized for enterprise scale:
-
- **Redis** for persistent cross-request caching  
- **React `cache()`** for request-level deduplication
- **NO Next.js `unstable_cache()`** - avoid for reliability
-
-## Key Files
-
-### Core Cache Infrastructure
- [packages/cache/src/service.ts](mdc:packages/cache/src/service.ts) - Redis cache service
- [packages/cache/src/client.ts](mdc:packages/cache/src/client.ts) - Cache client initialization and singleton management  
- [apps/web/lib/cache/index.ts](mdc:apps/web/lib/cache/index.ts) - Cache service proxy for web app
- [packages/cache/src/index.ts](mdc:packages/cache/src/index.ts) - Cache package exports and utilities
-
-### Environment State Caching (Critical Endpoint)
- [apps/web/app/api/v1/client/[environmentId]/environment/route.ts](mdc:apps/web/app/api/v1/client/[environmentId]/environment/route.ts) - Main endpoint serving hundreds of thousands of SDK clients
- [apps/web/app/api/v1/client/[environmentId]/environment/lib/data.ts](mdc:apps/web/app/api/v1/client/[environmentId]/environment/lib/data.ts) - Optimized data layer with caching
-
-## Enterprise-Grade Cache Key Patterns
-
-**Always use** the `createCacheKey` utilities from the cache package:
-
-```typescript
-// ✅ Correct patterns
-createCacheKey.environment.state(environmentId)     // "fb:env:abc123:state"
-createCacheKey.organization.billing(organizationId) // "fb:org:xyz789:billing"
-createCacheKey.license.status(organizationId)       // "fb:license:org123:status"
-createCacheKey.user.permissions(userId, orgId)      // "fb:user:456:org:123:permissions"
-
-// ❌ Never use flat keys - collision-prone
-"environment_abc123"
-"user_data_456"
-```
-
-## When to Use Each Cache Type
-
-### Use React `cache()` for Request Deduplication
-```typescript
-// ✅ Prevents multiple calls within same request
-export const getEnterpriseLicense = reactCache(async () => {
-  // Complex license validation logic
-});
-```
-
-### Use `cache.withCache()` for Simple Database Queries
-```typescript
-// ✅ Simple caching with automatic fallback (TTL in milliseconds)
-export const getActionClasses = (environmentId: string) => {
-  return cache.withCache(() => fetchActionClassesFromDB(environmentId), 
-    createCacheKey.environment.actionClasses(environmentId),
-    60 * 30 * 1000 // 30 minutes in milliseconds
-  );
-};
-```
-
-### Use Explicit Redis Cache for Complex Business Logic
-```typescript
-// ✅ Full control for high-stakes endpoints
-export const getEnvironmentState = async (environmentId: string) => {
-  const cached = await environmentStateCache.getEnvironmentState(environmentId);
-  if (cached) return cached;
-  
-  const fresh = await buildComplexState(environmentId);
-  await environmentStateCache.setEnvironmentState(environmentId, fresh);
-  return fresh;
-};
-```
-
-## Caching Decision Framework
-
-### When TO Add Caching
-
-```typescript
-// ✅ Expensive operations that benefit from caching
- Database queries (>10ms typical)
- External API calls (>50ms typical)  
- Complex computations (>5ms)
- File system operations
- Heavy data transformations
-
-// Example: Database query with complex joins (TTL in milliseconds)
-export const getEnvironmentWithDetails = withCache(
-  async (environmentId: string) => {
-    return prisma.environment.findUnique({
-      where: { id: environmentId },
-      include: { /* complex joins */ }
-    });
-  },
-  { key: createCacheKey.environment.details(environmentId), ttl: 60 * 30 * 1000 } // 30 minutes
-)();
-```
-
-### When NOT to Add Caching
-
-```typescript
-// ❌ Don't cache these operations - minimal overhead
- Simple property access (<0.1ms)
- Basic transformations (<1ms)
- Functions that just call already-cached functions
- Pure computation without I/O
-
-// ❌ Bad example: Redundant caching
-const getCachedLicenseFeatures = withCache(
-  async () => {
-    const license = await getEnterpriseLicense(); // Already cached!
-    return license.active ? license.features : null; // Just property access
-  },
-  { key: "license-features", ttl: 1800 * 1000 } // 30 minutes in milliseconds
-);
-
-// ✅ Good example: Simple and efficient
-const getLicenseFeatures = async () => {
-  const license = await getEnterpriseLicense(); // Already cached
-  return license.active ? license.features : null; // 0.1ms overhead
-};
-```
-
-### Computational Overhead Analysis
-
-Before adding caching, analyze the overhead:
-
-```typescript
-// ✅ High overhead - CACHE IT
- Database queries: ~10-100ms
- External APIs: ~50-500ms  
- File I/O: ~5-50ms
- Complex algorithms: >5ms
-
-// ❌ Low overhead - DON'T CACHE
- Property access: ~0.001ms
- Simple lookups: ~0.1ms
- Basic validation: ~1ms
- Type checks: ~0.01ms
-
-// Example decision tree:
-const expensiveOperation = async () => {
-  return prisma.query(); // 50ms - CACHE IT
-};
-
-const cheapOperation = (data: any) => {
-  return data.property; // 0.001ms - DON'T CACHE
-};
-```
-
-### Avoid Cache Wrapper Anti-Pattern
-
-```typescript
-// ❌ Don't create wrapper functions just for caching
-const getCachedUserPermissions = withCache(
-  async (userId: string) => getUserPermissions(userId),
-  { key: createCacheKey.user.permissions(userId), ttl: 3600 * 1000 } // 1 hour in milliseconds
-);
-
-// ✅ Add caching directly to the original function
-export const getUserPermissions = withCache(
-  async (userId: string) => {
-    return prisma.user.findUnique({
-      where: { id: userId },
-      include: { permissions: true }
-    });
-  },
-  { key: createCacheKey.user.permissions(userId), ttl: 3600 * 1000 } // 1 hour in milliseconds
-);
-```
-
-## TTL Coordination Strategy
-
-### Multi-Layer Cache Coordination
-For endpoints serving client SDKs, coordinate TTLs across layers:
-
-```typescript
-// Client SDK cache (expiresAt) - longest TTL for fewer requests
-const CLIENT_TTL = 60;           // 1 minute (seconds for client)
-
-// Server Redis cache - shorter TTL ensures fresh data for clients  
-const SERVER_TTL = 60 * 1000;   // 1 minutes in milliseconds
-
-// HTTP cache headers (seconds)
-const BROWSER_TTL = 60;         // 1 minute (max-age)
-const CDN_TTL = 60;             // 1 minute (s-maxage)
-const CORS_TTL = 60 * 60;            // 1 hour (balanced approach)
-```
-
-### Standard TTL Guidelines (in milliseconds for cache-manager + Keyv)
-```typescript
-// Configuration data - rarely changes
-const CONFIG_TTL = 60 * 60 * 24 * 1000;     // 24 hours
-
-// User data - moderate frequency  
-const USER_TTL = 60 * 60 * 2 * 1000;        // 2 hours
-
-// Survey data - changes moderately
-const SURVEY_TTL = 60 * 15 * 1000;          // 15 minutes
-
-// Billing data - expensive to compute
-const BILLING_TTL = 60 * 30 * 1000;         // 30 minutes
-
-// Action classes - infrequent changes
-const ACTION_CLASS_TTL = 60 * 30 * 1000;    // 30 minutes
-```
-
-## High-Frequency Endpoint Optimization
-
-### Performance Patterns for High-Volume Endpoints
-
-```typescript
-// ✅ Optimized high-frequency endpoint pattern
-export const GET = async (request: NextRequest, props: { params: Promise<{ id: string }> }) => {
-  const params = await props.params;
-
-  try {
-    // Simple validation (avoid Zod for high-frequency)
-    if (!params.id || typeof params.id !== 'string') {
-      return responses.badRequestResponse("ID is required", undefined, true);
-    }
-
-    // Single optimized query with caching
-    const data = await getOptimizedData(params.id);
-
-    return responses.successResponse(
-      {
-        data,
-        expiresAt: new Date(Date.now() + CLIENT_TTL * 1000), // SDK cache duration
-      },
-      true,
-      "public, s-maxage=1800, max-age=3600, stale-while-revalidate=1800, stale-if-error=3600"
-    );
-  } catch (err) {
-    // Simplified error handling for performance
-    if (err instanceof ResourceNotFoundError) {
-      return responses.notFoundResponse(err.resourceType, err.resourceId);
-    }
-    logger.error({ error: err, url: request.url }, "Error in high-frequency endpoint");
-    return responses.internalServerErrorResponse(err.message, true);
-  }
-};
-```
-
-### Avoid These Performance Anti-Patterns
-
-```typescript
-// ❌ Avoid for high-frequency endpoints
-const inputValidation = ZodSchema.safeParse(input);     // Too slow
-const startTime = Date.now(); logger.debug(...);       // Logging overhead
-const { data, revalidateEnvironment } = await get();   // Complex return types
-```
-
-### CORS Optimization
-```typescript
-// ✅ Balanced CORS caching (not too aggressive)
-export const OPTIONS = async (): Promise<Response> => {
-  return responses.successResponse(
-    {},
-    true,
-    "public, s-maxage=3600, max-age=3600" // 1 hour balanced approach
-  );
-};
-```
-
-## Redis Cache Migration from Next.js
-
-### Avoid Legacy Next.js Patterns
-```typescript
-// ❌ Old Next.js unstable_cache pattern (avoid)
-const getCachedData = unstable_cache(
-  async (id) => fetchData(id),
-  ['cache-key'],
-  { tags: ['environment'], revalidate: 900 }
-);
-
-// ❌ Don't use revalidateEnvironment flags with Redis
-return { data, revalidateEnvironment: true }; // This gets cached incorrectly!
-
-// ✅ New Redis pattern with withCache (TTL in milliseconds)
-export const getCachedData = (id: string) => 
-  withCache(
-    () => fetchData(id),
-    {
-      key: createCacheKey.environment.data(id),
-      ttl: 60 * 15 * 1000, // 15 minutes in milliseconds
-    }
-  )();
-```
-
-### Remove Revalidation Logic
-When migrating from Next.js `unstable_cache`:
- Remove `revalidateEnvironment` or similar flags
- Remove tag-based invalidation logic  
- Use TTL-based expiration instead
- Handle one-time updates (like `appSetupCompleted`) directly in cache
-
-## Data Layer Optimization
-
-### Single Query Pattern
-```typescript
-// ✅ Optimize with single database query
-export const getOptimizedEnvironmentData = async (environmentId: string) => {
-  return prisma.environment.findUniqueOrThrow({
-    where: { id: environmentId },
-    include: {
-      project: { 
-        select: { id: true, recontactDays: true, /* ... */ }
-      },
-      organization: {
-        select: { id: true, billing: true }
-      },
-      surveys: {
-        where: { status: "inProgress" },
-        select: { id: true, name: true, /* ... */ }
-      },
-      actionClasses: {
-        select: { id: true, name: true, /* ... */ }
-      }
-    }
-  });
-};
-
-// ❌ Avoid multiple separate queries
-const environment = await getEnvironment(id);
-const organization = await getOrganization(environment.organizationId);  
-const surveys = await getSurveys(id);
-const actionClasses = await getActionClasses(id);
-```
-
-## Invalidation Best Practices
-
-**Always use explicit key-based invalidation:**
-
-```typescript
-// ✅ Clear and debuggable
-await invalidateCache(createCacheKey.environment.state(environmentId));
-await invalidateCache([
-  createCacheKey.environment.surveys(environmentId),
-  createCacheKey.environment.actionClasses(environmentId)
-]);
-
-// ❌ Avoid complex tag systems
-await invalidateByTags(["environment", "survey"]); // Don't do this
-```
-
-## Critical Performance Targets
-
-### High-Frequency Endpoint Goals
- **Cache hit ratio**: >85%
- **Response time P95**: <200ms  
- **Database load reduction**: >60%
- **HTTP cache duration**: 1hr browser, 30min Cloudflare
- **SDK refresh interval**: 1 hour with 30min server cache
-
-### Performance Monitoring
- Use **existing elastic cache analytics** for metrics
- Log cache errors and warnings (not debug info)
- Track database query reduction
- Monitor response times for cached endpoints
- **Avoid performance logging** in high-frequency endpoints
-
-## Error Handling Pattern
-
-Always provide fallback to fresh data on cache errors:
-
-```typescript
-try {
-  const cached = await cache.get(key);
-  if (cached) return cached;
-  
-  const fresh = await fetchFresh();
-  await cache.set(key, fresh, ttl); // ttl in milliseconds
-  return fresh;
-} catch (error) {
-  // ✅ Always fallback to fresh data
-  logger.warn("Cache error, fetching fresh", { key, error });
-  return fetchFresh();
-}
-```
-
-## Common Pitfalls to Avoid
-
-1. **Never use Next.js `unstable_cache()`** - unreliable in production
-2. **Don't use revalidation flags with Redis** - they get cached incorrectly
-3. **Avoid Zod validation** for simple parameters in high-frequency endpoints
-4. **Don't add performance logging** to high-frequency endpoints
-5. **Coordinate TTLs** between client and server caches
-6. **Don't over-engineer** with complex tag systems  
-7. **Avoid caching rapidly changing data** (real-time metrics)
-8. **Always validate cache keys** to prevent collisions
-9. **Don't add redundant caching layers** - analyze computational overhead first
-10. **Avoid cache wrapper functions** - add caching directly to expensive operations
-11. **Don't cache property access or simple transformations** - overhead is negligible
-12. **Analyze the full call chain** before adding caching to avoid double-caching
-13. **Remember TTL is in milliseconds** for cache-manager + Keyv stack (not seconds)
-
-## Monitoring Strategy
-
- Use **existing elastic cache analytics** for metrics
- Log cache errors and warnings  
- Track database query reduction
- Monitor response times for cached endpoints
- **Don't add custom metrics** that duplicate existing monitoring
-
-## Important Notes
-
-### TTL Units
- **cache-manager + Keyv**: TTL in **milliseconds**
- **Direct Redis commands**: TTL in **seconds** (EXPIRE, SETEX) or **milliseconds** (PEXPIRE, PSETEX)
- **HTTP cache headers**: TTL in **seconds** (max-age, s-maxage)
- **Client SDK**: TTL in **seconds** (expiresAt calculation)
--- a/.cursor/rules/database-performance.mdc
+++ b/.cursor/rules/database-performance.mdc
@@ -1,41 +0,0 @@
---
-description: 
-globs: 
-alwaysApply: false
---
-# Database Performance & Prisma Best Practices
-
-## Critical Performance Rules
-
-### Response Count Queries
- **NEVER** use `skip`/`offset` with `prisma.response.count()` - this causes expensive subqueries with OFFSET
- Always use only `where` clauses for count operations: `prisma.response.count({ where: { ... } })`
- For pagination, separate count queries from data queries
- Reference: [apps/web/lib/response/service.ts](mdc:apps/web/lib/response/service.ts) line 654-686
-
-### Prisma Query Optimization
- Use proper indexes defined in [packages/database/schema.prisma](mdc:packages/database/schema.prisma)
- Leverage existing indexes: `@@index([surveyId, createdAt])`, `@@index([createdAt])`
- Use cursor-based pagination for large datasets instead of offset-based
- Cache frequently accessed data using React Cache and custom cache tags
-
-### Date Range Filtering
- When filtering by `createdAt`, always use indexed queries
- Combine with `surveyId` for optimal performance: `{ surveyId, createdAt: { gte: start, lt: end } }`
- Avoid complex WHERE clauses that can't utilize indexes
-
-### Count vs Data Separation
- Always separate count queries from data fetching queries
- Use `Promise.all()` to run count and data queries in parallel
- Example pattern from [apps/web/modules/api/v2/management/responses/lib/response.ts](mdc:apps/web/modules/api/v2/management/responses/lib/response.ts):
-```typescript
-const [responses, totalCount] = await Promise.all([
-  prisma.response.findMany(query),
-  prisma.response.count({ where: whereClause }),
-]);
-```
-
-### Monitoring & Debugging
- Monitor AWS RDS Performance Insights for problematic queries
- Look for queries with OFFSET in count operations - these indicate performance issues
- Use proper error handling with `DatabaseError` for Prisma exceptions
--- a/.cursor/rules/database.mdc
+++ b/.cursor/rules/database.mdc
@@ -1,105 +0,0 @@
---
-description: >
-globs: schema.prisma
-alwaysApply: false
---
-# Formbricks Database Schema Reference
-
-This rule provides a reference to the Formbricks database structure. For the most up-to-date and complete schema definitions, please refer to the schema.prisma file directly.
-
-## Database Overview
-
-Formbricks uses PostgreSQL with Prisma ORM. The schema is designed for multi-tenancy with strong data isolation between organizations.
-
-### Core Hierarchy
-
-```
-Organization
-└── Project
-    └── Environment (production/development)
-        ├── Survey
-        ├── Contact
-        ├── ActionClass
-        └── Integration
-```
-
-## Schema Reference
-
-For the complete and up-to-date database schema, please refer to:
-
- Main schema: `packages/database/schema.prisma`
- JSON type definitions: `packages/database/json-types.ts`
-
-The schema.prisma file contains all model definitions, relationships, enums, and field types. The json-types.ts file contains TypeScript type definitions for JSON fields.
-
-## Data Access Patterns
-
-### Multi-tenancy
-
- All data is scoped by Organization
- Environment-level isolation for surveys and contacts
- Project-level grouping for related surveys
-
-### Soft Deletion
-
-Some models use soft deletion patterns:
-
- Check `isActive` fields where present
- Use proper filtering in queries
-
-### Cascading Deletes
-
-Configured cascade relationships:
-
- Organization deletion cascades to all child entities
- Survey deletion removes responses, displays, triggers
- Contact deletion removes attributes and responses
-
-## Common Query Patterns
-
-### Survey with Responses
-
-```typescript
-// Include response count and latest responses
-const survey = await prisma.survey.findUnique({
-  where: { id: surveyId },
-  include: {
-    responses: {
-      take: 10,
-      orderBy: { createdAt: "desc" },
-    },
-    _count: {
-      select: { responses: true },
-    },
-  },
-});
-```
-
-### Environment Scoping
-
-```typescript
-// Always scope by environment
-const surveys = await prisma.survey.findMany({
-  where: {
-    environmentId: environmentId,
-    // Additional filters...
-  },
-});
-```
-
-### Contact with Attributes
-
-```typescript
-const contact = await prisma.contact.findUnique({
-  where: { id: contactId },
-  include: {
-    attributes: {
-      include: {
-        attributeKey: true,
-      },
-    },
-  },
-});
-```
-
-This schema supports Formbricks' core functionality: multi-tenant survey management, user targeting, response collection, and analysis, all while maintaining strict data isolation and security.
--- a/.cursor/rules/documentations.mdc
+++ b/.cursor/rules/documentations.mdc
@@ -1,28 +0,0 @@
---
-description: Guideline for writing end-user facing documentation in the apps/docs folder
-globs:
-alwaysApply: false
---
-
-Follow these instructions and guidelines when asked to write documentation in the apps/docs folder
-
-Follow this structure to write the title, describtion and pick a matching icon and insert it at the top of the MDX file:
-
---
-
-title: "FEATURE NAME"
-description: "1 concise sentence to describe WHEN the feature is being used and FOR WHAT BENEFIT."
-icon: "link"
-
---
-
- Description: 1 concise sentence to describe WHEN the feature is being used and FOR WHAT BENEFIT.
- Make ample use of the Mintlify components you can find here https://mintlify.com/docs/llms.txt - e.g. if docs describe consecutive steps, always use Mintlify Step component.
- In all Headlines, only capitalize the current feature and nothing else, to Camel Case.
- The page should never start with H1 headline, because it's already part of the template.
- Tonality: Keep it concise and to the point. Avoid Jargon where possible.
- If a feature is part of the Enterprise Edition, use this note:
-
-<Note>
-  FEATURE NAME is part of the [Enterprise Edition](/self-hosting/advanced/license) 
-</Note>
--- a/.cursor/rules/formbricks-architecture.mdc
+++ b/.cursor/rules/formbricks-architecture.mdc
@@ -1,332 +0,0 @@
---
-description: 
-globs: 
-alwaysApply: false
---
-# Formbricks Architecture & Patterns
-
-## Monorepo Structure
-
-### Apps Directory
- `apps/web/` - Main Next.js web application
- `packages/` - Shared packages and utilities
-
-### Key Directories in Web App
-```
-apps/web/
-├── app/                    # Next.js 13+ app directory
-│   ├── (app)/             # Main application routes
-│   ├── (auth)/            # Authentication routes
-│   ├── api/               # API routes
-├── components/            # Shared components
-├── lib/                   # Utility functions and services
-└── modules/               # Feature-specific modules
-```
-
-## Routing Patterns
-
-### App Router Structure
-The application uses Next.js 13+ app router with route groups:
-
-```
-(app)/environments/[environmentId]/
-├── surveys/[surveyId]/
-│   ├── (analysis)/        # Analysis views
-│   │   ├── responses/     # Response management
-│   │   ├── summary/       # Survey summary
-│   │   └── hooks/         # Analysis-specific hooks
-│   ├── edit/              # Survey editing
-│   └── settings/          # Survey settings
-```
-
-### Dynamic Routes
- `[environmentId]` - Environment-specific routes
- `[surveyId]` - Survey-specific routes
-
-## Service Layer Pattern
-
-### Service Organization
-Services are organized by domain in `apps/web/lib/`:
-
-```typescript
-// Example: Response service
-// apps/web/lib/response/service.ts
-export const getResponseCountAction = async ({
-  surveyId,
-  filterCriteria,
-}: {
-  surveyId: string;
-  filterCriteria: any;
-}) => {
-  // Service implementation
-};
-```
-
-### Action Pattern
-Server actions follow a consistent pattern:
-
-```typescript
-// Action wrapper for service calls
-export const getResponseCountAction = async (params) => {
-  try {
-    const result = await responseService.getCount(params);
-    return { data: result };
-  } catch (error) {
-    return { error: error.message };
-  }
-};
-```
-
-## Context Patterns
-
-### Provider Structure
-Context providers follow a consistent pattern:
-
-```typescript
-// Provider component
-export const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) => {
-  const [selectedFilter, setSelectedFilter] = useState(defaultFilter);
-  
-  const value = {
-    selectedFilter,
-    setSelectedFilter,
-    // ... other state and methods
-  };
-
-  return (
-    <ResponseFilterContext.Provider value={value}>
-      {children}
-    </ResponseFilterContext.Provider>
-  );
-};
-
-// Hook for consuming context
-export const useResponseFilter = () => {
-  const context = useContext(ResponseFilterContext);
-  if (!context) {
-    throw new Error('useResponseFilter must be used within ResponseFilterProvider');
-  }
-  return context;
-};
-```
-
-### Context Composition
-Multiple contexts are often composed together:
-
-```typescript
-// Layout component with multiple providers
-export default function AnalysisLayout({ children }: { children: React.ReactNode }) {
-  return (
-    <ResponseFilterProvider>
-      <ResponseCountProvider>
-        {children}
-      </ResponseCountProvider>
-    </ResponseFilterProvider>
-  );
-}
-```
-
-## Component Patterns
-
-### Page Components
-Page components are located in the app directory and follow this pattern:
-
-```typescript
-// apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/page.tsx
-export default function ResponsesPage() {
-  return (
-    <div>
-      <ResponsesTable />
-      <ResponsesPagination />
-    </div>
-  );
-}
-```
-
-### Component Organization
- **Pages** - Route components in app directory
- **Components** - Reusable UI components
- **Modules** - Feature-specific components and logic
-
-### Shared Components
-Common components are in `apps/web/components/`:
- UI components (buttons, inputs, modals)
- Layout components (headers, sidebars)
- Data display components (tables, charts)
-
-## Hook Patterns
-
-### Custom Hook Structure
-Custom hooks follow consistent patterns:
-
-```typescript
-export const useResponseCount = ({ 
-  survey, 
-  initialCount 
-}: {
-  survey: TSurvey;
-  initialCount?: number;
-}) => {
-  const [responseCount, setResponseCount] = useState(initialCount ?? 0);
-  const [isLoading, setIsLoading] = useState(false);
-  
-  // Hook logic...
-  
-  return {
-    responseCount,
-    isLoading,
-    refetch,
-  };
-};
-```
-
-### Hook Dependencies
- Use context hooks for shared state
- Implement proper cleanup with AbortController
- Optimize dependency arrays to prevent unnecessary re-renders
-
-## Data Fetching Patterns
-
-### Server Actions
-The app uses Next.js server actions for data fetching:
-
-```typescript
-// Server action
-export async function getResponsesAction(params: GetResponsesParams) {
-  const responses = await getResponses(params);
-  return { data: responses };
-}
-
-// Client usage
-const { data } = await getResponsesAction(params);
-```
-
-### Error Handling
-Consistent error handling across the application:
-
-```typescript
-try {
-  const result = await apiCall();
-  return { data: result };
-} catch (error) {
-  console.error("Operation failed:", error);
-  return { error: error.message };
-}
-```
-
-## Type Safety
-
-### Type Organization
-Types are organized in packages:
- `@formbricks/types` - Shared type definitions
- Local types in component/hook files
-
-### Common Types
-```typescript
-import { TSurvey } from "@formbricks/types/surveys/types";
-import { TResponse } from "@formbricks/types/responses";
-import { TEnvironment } from "@formbricks/types/environment";
-```
-
-## State Management
-
-### Local State
- Use `useState` for component-specific state
- Use `useReducer` for complex state logic
- Use refs for mutable values that don't trigger re-renders
-
-### Global State
- React Context for feature-specific shared state
- URL state for filters and pagination
- Server state through server actions
-
-## Performance Considerations
-
-### Code Splitting
- Dynamic imports for heavy components
- Route-based code splitting with app router
- Lazy loading for non-critical features
-
-### Caching Strategy
- Server-side caching for database queries
- Client-side caching with React Query (where applicable)
- Static generation for public pages
-
-## Testing Strategy
-
-### Test Organization
-```
-component/
-├── Component.tsx
-├── Component.test.tsx
-└── hooks/
-    ├── useHook.ts
-    └── useHook.test.tsx
-```
-
-### Test Patterns
- Unit tests for utilities and services
- Integration tests for components with context
- Hook tests with proper mocking
-
-## Build & Deployment
-
-### Build Process
- TypeScript compilation
- Next.js build optimization
- Asset optimization and bundling
-
-### Environment Configuration
- Environment-specific configurations
- Feature flags for gradual rollouts
- Database connection management
-
-## Security Patterns
-
-### Authentication
- Session-based authentication
- Environment-based access control
- API route protection
-
-### Data Validation
- Input validation on both client and server
- Type-safe API contracts
- Sanitization of user inputs
-
-## Monitoring & Observability
-
-### Error Tracking
- Client-side error boundaries
- Server-side error logging
- Performance monitoring
-
-### Analytics
- User interaction tracking
- Performance metrics
- Database query monitoring
-
-## Best Practices Summary
-
-### Code Organization
- ✅ Follow the established directory structure
- ✅ Use consistent naming conventions
- ✅ Separate concerns (UI, logic, data)
- ✅ Keep components focused and small
-
-### Performance
- ✅ Implement proper loading states
- ✅ Use AbortController for async operations
- ✅ Optimize database queries
- ✅ Implement proper caching strategies
-
-### Type Safety
- ✅ Use TypeScript throughout
- ✅ Define proper interfaces for props
- ✅ Use type guards for runtime validation
- ✅ Leverage shared type packages
-
-### Testing
- ✅ Write tests for critical functionality
- ✅ Mock external dependencies properly
- ✅ Test error scenarios and edge cases
- ✅ Maintain good test coverage
--- a/.cursor/rules/github-actions-security.mdc
+++ b/.cursor/rules/github-actions-security.mdc
@@ -1,232 +0,0 @@
---
-description: Security best practices and guidelines for writing GitHub Actions and workflows
-globs: .github/workflows/*.yml,.github/workflows/*.yaml,.github/actions/*/action.yml,.github/actions/*/action.yaml
---
-
-# GitHub Actions Security Best Practices
-
-## Required Security Measures
-
-### 1. Set Minimum GITHUB_TOKEN Permissions
-
-Always explicitly set the minimum required permissions for GITHUB_TOKEN:
-
-```yaml
-permissions:
-  contents: read
-  # Only add additional permissions if absolutely necessary:
-  # pull-requests: write  # for commenting on PRs
-  # issues: write         # for creating/updating issues
-  # checks: write         # for publishing check results
-```
-
-### 2. Add Harden-Runner as First Step
-
-For **every job** on `ubuntu-latest`, add Harden-Runner as the first step:
-
-```yaml
- name: Harden the runner
-  uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
-  with:
-    egress-policy: audit # or 'block' for stricter security
-```
-
-### 3. Pin Actions to Full Commit SHA
-
-**Always** pin third-party actions to their full commit SHA, not tags:
-
-```yaml
-# ❌ BAD - uses mutable tag
- uses: actions/checkout@v4
-
-# ✅ GOOD - pinned to immutable commit SHA
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-```
-
-### 4. Secure Variable Handling
-
-Prevent command injection by properly quoting variables:
-
-```yaml
-# ❌ BAD - potential command injection
-run: echo "Processing ${{ inputs.user_input }}"
-
-# ✅ GOOD - properly quoted
-env:
-  USER_INPUT: ${{ inputs.user_input }}
-run: echo "Processing ${USER_INPUT}"
-```
-
-Use `${VARIABLE}` syntax in shell scripts instead of `$VARIABLE`.
-
-### 5. Environment Variables for Secrets
-
-Store sensitive data in environment variables, not inline:
-
-```yaml
-# ❌ BAD
-run: curl -H "Authorization: Bearer ${{ secrets.TOKEN }}" api.example.com
-
-# ✅ GOOD
-env:
-  API_TOKEN: ${{ secrets.TOKEN }}
-run: curl -H "Authorization: Bearer ${API_TOKEN}" api.example.com
-```
-
-## Workflow Structure Best Practices
-
-### Required Workflow Elements
-
-```yaml
-name: "Descriptive Workflow Name"
-
-on:
-  # Define specific triggers
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-# Always set explicit permissions
-permissions:
-  contents: read
-
-jobs:
-  job-name:
-    name: "Descriptive Job Name"
-    runs-on: ubuntu-latest
-    timeout-minutes: 30 # tune per job; standardize repo-wide
-
-    # Set job-level permissions if different from workflow level
-    permissions:
-      contents: read
-
-    steps:
-      # Always start with Harden-Runner on ubuntu-latest
-      - name: Harden the runner
-        uses: step-security/harden-runner@v2
-        with:
-          egress-policy: audit
-
-      # Pin all actions to commit SHA
-      - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-```
-
-### Input Validation for Actions
-
-For composite actions, always validate inputs:
-
-```yaml
-inputs:
-  user_input:
-    description: "User provided input"
-    required: true
-
-runs:
-  using: "composite"
-  steps:
-    - name: Validate input
-      shell: bash
-      run: |
-        # Harden shell and validate input format/content before use
-        set -euo pipefail
-
-        USER_INPUT="${{ inputs.user_input }}"
-
-        if [[ ! "${USER_INPUT}" =~ ^[A-Za-z0-9._-]+$ ]]; then
-          echo "❌ Invalid input format"
-          exit 1
-        fi
-```
-
-## Docker Security in Actions
-
-### Pin Docker Images to Digests
-
-```yaml
-# ❌ BAD - mutable tag
-container: node:18
-
-# ✅ GOOD - pinned to digest
-container: node:18@sha256:a1ba21bf0c92931d02a8416f0a54daad66cb36a85d6a37b82dfe1604c4c09cad
-```
-
-## Common Patterns
-
-### Secure File Operations
-
-```yaml
- name: Process files securely
-  shell: bash
-  env:
-    FILE_PATH: ${{ inputs.file_path }}
-  run: |
-    set -euo pipefail  # Fail on errors, undefined vars, pipe failures
-
-    # Use absolute paths and validate
-    SAFE_PATH=$(realpath "${FILE_PATH}")
-    if [[ "$SAFE_PATH" != "${GITHUB_WORKSPACE}"/* ]]; then
-      echo "❌ Path outside workspace"
-      exit 1
-    fi
-```
-
-### Artifact Handling
-
-```yaml
- name: Upload artifacts securely
-  uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
-  with:
-    name: build-artifacts
-    path: |
-      dist/
-      !dist/**/*.log  # Exclude sensitive files
-    retention-days: 30
-```
-
-### GHCR authentication for pulls/scans
-
-```yaml
-# Minimal permissions required for GHCR pulls/scans
-permissions:
-  contents: read
-  packages: read
-
-steps:
-  - name: Log in to GitHub Container Registry
-    uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
-    with:
-      registry: ghcr.io
-      username: ${{ github.actor }}
-      password: ${{ secrets.GITHUB_TOKEN }}
-```
-
-## Security Checklist
-
- [ ] Minimum GITHUB_TOKEN permissions set
- [ ] Harden-Runner added to all ubuntu-latest jobs
- [ ] All third-party actions pinned to commit SHA
- [ ] Input validation implemented for custom actions
- [ ] Variables properly quoted in shell scripts
- [ ] Secrets stored in environment variables
- [ ] Docker images pinned to digests (if used)
- [ ] Error handling with `set -euo pipefail`
- [ ] File paths validated and sanitized
- [ ] No sensitive data in logs or outputs
- [ ] GHCR login performed before pulls/scans (packages: read)
- [ ] Job timeouts configured (`timeout-minutes`)
-
-## Recommended Additional Workflows
-
-Consider adding these security-focused workflows to your repository:
-
-1. **CodeQL Analysis** - Static Application Security Testing (SAST)
-2. **Dependency Review** - Scan for vulnerable dependencies in PRs
-3. **Dependabot Configuration** - Automated dependency updates
-
-## Resources
-
- [GitHub Security Hardening Guide](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)
- [Step Security Harden-Runner](https://github.com/step-security/harden-runner)
- [Secure-Repo Best Practices](https://github.com/step-security/secure-repo)
--- a/.cursor/rules/i18n-management.mdc
+++ b/.cursor/rules/i18n-management.mdc
@@ -1,457 +0,0 @@
---
-title: i18n Management with Lingo.dev
-description: Guidelines for managing internationalization (i18n) with Lingo.dev, including translation workflow, key validation, and best practices
---
-
-# i18n Management with Lingo.dev
-
-This rule defines the workflow and best practices for managing internationalization (i18n) in the Formbricks project using Lingo.dev.
-
-## Overview
-
-Formbricks uses [Lingo.dev](https://lingo.dev) for managing translations across multiple languages. The translation workflow includes:
-
-1. **Translation Keys**: Defined in code using the `t()` function from `react-i18next`
-2. **Translation Files**: JSON files stored in `apps/web/locales/` for each supported language
-3. **Validation**: Automated scanning to detect missing and unused translation keys
-4. **CI/CD**: Pre-commit hooks and GitHub Actions to enforce translation quality
-
-## Translation Workflow
-
-### 1. Using Translations in Code
-
-When adding translatable text in the web app, use the `t()` function or `<Trans>` component:
-
-**Using the `t()` function:**
-```tsx
-import { useTranslate } from "@/lib/i18n/translate";
-
-const MyComponent = () => {
-  const { t } = useTranslate();
-  
-  return (
-    <div>
-      <h1>{t("common.welcome")}</h1>
-      <p>{t("pages.dashboard.description")}</p>
-    </div>
-  );
-};
-```
-
-**Using the `<Trans>` component (for text with HTML elements):**
-```tsx
-import { Trans } from "react-i18next";
-
-const MyComponent = () => {
-  return (
-    <div>
-      <p>
-        <Trans
-          i18nKey="auth.terms_agreement"
-          components={{ 
-            link: <a href="/terms" />,
-            b: <b />
-          }}
-        />
-      </p>
-    </div>
-  );
-};
-```
-
-**Key Naming Conventions:**
- Use dot notation for nested keys: `section.subsection.key`
- Use descriptive names: `auth.login.success_message` not `auth.msg1`
- Group related keys together: `auth.*`, `errors.*`, `common.*`
- Use lowercase with underscores: `user_profile_settings` not `UserProfileSettings`
-
-### 2. Translation File Structure
-
-Translation files are located in `apps/web/locales/` and use the following naming convention:
- `en-US.json` (English - United States, default)
- `de-DE.json` (German)
- `fr-FR.json` (French)
- `pt-BR.json` (Portuguese - Brazil)
- etc.
-
-**File Structure:**
-```json
-{
-  "common": {
-    "welcome": "Welcome",
-    "save": "Save",
-    "cancel": "Cancel"
-  },
-  "auth": {
-    "login": {
-      "title": "Login",
-      "email_placeholder": "Enter your email",
-      "password_placeholder": "Enter your password"
-    }
-  }
-}
-```
-
-### 3. Adding New Translation Keys
-
-When adding new translation keys:
-
-1. **Add the key in your code** using `t("your.new.key")`
-2. **Add translation for that key in en-US.json file**
-3. **Run the translation workflow:**
-   ```bash
-   pnpm i18n
-   ```
-   This will:
-   - Generate translations for all languages using Lingo.dev
-   - Validate that all keys are present and used
-
-4. **Review and commit** the generated translation files
-
-### 4. Available Scripts
-
-```bash
-# Generate translations using Lingo.dev
-pnpm generate-translations
-
-# Scan and validate translation keys
-pnpm scan-translations
-
-# Full workflow: generate + validate
-pnpm i18n
-
-# Validate only (without generation)
-pnpm i18n:validate
-```
-
-## Translation Key Validation
-
-### Automated Validation
-
-The project includes automated validation that runs:
- **Pre-commit hook**: Validates translations before allowing commits (when `LINGODOTDEV_API_KEY` is set)
- **GitHub Actions**: Validates translations on every PR and push to main
-
-### Validation Rules
-
-The validation script (`scan-translations.ts`) checks for:
-
-1. **Missing Keys**: Translation keys used in code but not present in translation files
-2. **Unused Keys**: Translation keys present in translation files but not used in code
-3. **Incomplete Translations**: Keys that exist in the default language (`en-US`) but are missing in target languages
-
-**What gets scanned:**
- All `.ts` and `.tsx` files in `apps/web/`
- Both `t()` function calls and `<Trans i18nKey="">` components
- All locale files (`de-DE.json`, `fr-FR.json`, `ja-JP.json`, etc.)
-
-**What gets excluded:**
- Test files (`*.test.ts`, `*.test.tsx`, `*.spec.ts`, `*.spec.tsx`)
- Build directories (`node_modules`, `dist`, `build`, `.next`, `coverage`)
- Locale files themselves (from code scanning)
-
-**Note:** Test files are excluded because they often use mock or example translation keys for testing purposes that don't need to exist in production translation files.
-
-### Fixing Validation Errors
-
-#### Missing Keys
-
-If you encounter missing key errors:
-
-```
-❌ MISSING KEYS (2):
-
-   These keys are used in code but not found in translation files:
-
-   • auth.signup.email_required
-   • settings.profile.update_success
-```
-
-**Resolution:**
-1. Ensure that translations for those keys are present in en-US.json .  
-2. Run `pnpm generate-translations` to have Lingo.dev generate the missing translations
-3. OR manually add the keys to `apps/web/locales/en-US.json`:
-   ```json
-   {
-     "auth": {
-       "signup": {
-         "email_required": "Email is required"
-       }
-     },
-     "settings": {
-       "profile": {
-         "update_success": "Profile updated successfully"
-       }
-     }
-   }
-   ```
-3. Run `pnpm scan-translations` to verify
-4. Commit the changes
-
-#### Unused Keys
-
-If you encounter unused key errors:
-
-```
-⚠️  UNUSED KEYS (1):
-
-   These keys exist in translation files but are not used in code:
-
-   • old.deprecated.key
-```
-
-**Resolution:**
-1. If the key is truly unused, remove it from all translation files
-2. If the key should be used, add it to your code using `t("old.deprecated.key")`
-3. Run `pnpm scan-translations` to verify
-4. Commit the changes
-
-#### Incomplete Translations
-
-If you encounter incomplete translation errors:
-
-```
-⚠️  INCOMPLETE TRANSLATIONS:
-
-   Some keys from en-US are missing in target languages:
-
-   📝 de-DE (5 missing keys):
-      • auth.new_feature.title
-      • auth.new_feature.description
-      • settings.advanced.option
-      ... and 2 more
-```
-
-**Resolution:**
-1. **Recommended:** Run `pnpm generate-translations` to have Lingo.dev automatically translate the missing keys
-2. **Manual:** Add the missing keys to the target language files:
-   ```bash
-   # Copy the structure from en-US.json and translate the values
-   # For example, in de-DE.json:
-   {
-     "auth": {
-       "new_feature": {
-         "title": "Neues Feature",
-         "description": "Beschreibung des neuen Features"
-       }
-     }
-   }
-   ```
-3. Run `pnpm scan-translations` to verify all translations are complete
-4. Commit the changes
-
-## Pre-commit Hook Behavior
-
-The pre-commit hook will:
-
-1. Run `lint-staged` for code formatting
-2. If `LINGODOTDEV_API_KEY` is set:
-   - Generate translations using Lingo.dev
-   - Validate translation keys
-   - Auto-add updated locale files to the commit
-   - **Block the commit** if validation fails
-3. If `LINGODOTDEV_API_KEY` is not set:
-   - Skip translation validation (for community contributors)
-   - Show a warning message
-
-## Environment Variables
-
-### LINGODOTDEV_API_KEY
-
-This is the API key for Lingo.dev integration.
-
-**For Core Team:**
- Add to your local `.env` file
- Required for running translation generation
-
-**For Community Contributors:**
- Not required for local development
- Translation validation will be skipped
- The CI will still validate translations
-
-## Best Practices
-
-### 1. Keep Keys Organized
-
-Group related keys together:
-```json
-{
-  "auth": {
-    "login": { ... },
-    "signup": { ... },
-    "forgot_password": { ... }
-  },
-  "dashboard": {
-    "header": { ... },
-    "sidebar": { ... }
-  }
-}
-```
-
-### 2. Avoid Hardcoded Strings
-
-**❌ Bad:**
-```tsx
-<button>Click here</button>
-```
-
-**✅ Good:**
-```tsx
-<button>{t("common.click_here")}</button>
-```
-
-### 3. Use Interpolation for Dynamic Content
-
-**❌ Bad:**
-```tsx
-{t("welcome")} {userName}!
-```
-
-**✅ Good:**
-```tsx
-{t("auth.welcome_message", { userName })}
-```
-
-With translation:
-```json
-{
-  "auth": {
-    "welcome_message": "Welcome, {userName}!"
-  }
-}
-```
-
-### 4. Avoid Dynamic Key Construction
-
-**❌ Bad:**
-```tsx
-const key = `errors.${errorCode}`;
-t(key);
-```
-
-**✅ Good:**
-```tsx
-switch (errorCode) {
-  case "401":
-    return t("errors.unauthorized");
-  case "404":
-    return t("errors.not_found");
-  default:
-    return t("errors.unknown");
-}
-```
-
-### 5. Test Translation Keys
-
-When adding new features:
-1. Add translation keys
-2. Test in multiple languages using the language switcher
-3. Ensure text doesn't overflow in longer translations (German, French)
-4. Run `pnpm scan-translations` before committing
-
-## Troubleshooting
-
-### Issue: Pre-commit hook fails with validation errors
-
-**Solution:**
-```bash
-# Run the full i18n workflow
-pnpm i18n
-
-# Fix any missing or unused keys
-# Then commit again
-git add .
-git commit -m "your message"
-```
-
-### Issue: Translation validation passes locally but fails in CI
-
-**Solution:**
- Ensure all translation files are committed
- Check that `scan-translations.ts` hasn't been modified
- Verify that locale files are properly formatted JSON
-
-### Issue: Cannot commit because of missing translations
-
-**Solution:**
-```bash
-# If you have LINGODOTDEV_API_KEY:
-pnpm generate-translations
-
-# If you don't have the API key (community contributor):
-# Manually add the missing keys to en-US.json
-# Then run validation:
-pnpm scan-translations
-```
-
-### Issue: Getting "unused keys" for keys that are used
-
-**Solution:**
- The script scans `.ts` and `.tsx` files only
- If keys are used in other file types, they may be flagged
- Verify the key is actually used with `grep -r "your.key" apps/web/`
- If it's a false positive, consider updating the scanning patterns in `scan-translations.ts`
-
-## AI Assistant Guidelines
-
-When assisting with i18n-related tasks, always:
-
-1. **Use the `t()` function** for all user-facing text
-2. **Follow key naming conventions** (lowercase, dots for nesting)
-3. **Run validation** after making changes: `pnpm scan-translations`
-4. **Fix missing keys** by adding them to `en-US.json`
-5. **Remove unused keys** from all translation files
-6. **Test the pre-commit hook** if making changes to translation workflow
-7. **Update this rule file** if translation workflow changes
-
-### Fixing Missing Translation Keys
-
-When the AI encounters missing translation key errors:
-
-1. Identify the missing keys from the error output
-2. Determine the appropriate section and naming for each key
-3. Add the keys to `apps/web/locales/en-US.json` with meaningful English text
-4. Ensure proper JSON structure and nesting
-5. Run `pnpm scan-translations` to verify
-6. Inform the user that other language files will be updated via Lingo.dev
-
-**Example:**
-```typescript
-// Error: Missing key "settings.api.rate_limit_exceeded"
-
-// Add to en-US.json:
-{
-  "settings": {
-    "api": {
-      "rate_limit_exceeded": "API rate limit exceeded. Please try again later."
-    }
-  }
-}
-```
-
-### Removing Unused Translation Keys
-
-When the AI encounters unused translation key errors:
-
-1. Verify the keys are truly unused by searching the codebase
-2. Remove the keys from `apps/web/locales/en-US.json`
-3. Note that removal from other language files can be handled via Lingo.dev
-4. Run `pnpm scan-translations` to verify
-
-## Migration Notes
-
-This project previously used Tolgee for translations. As of this migration:
-
- **Old scripts**: `tolgee-pull` is deprecated (kept for reference)
- **New scripts**: Use `pnpm i18n` or `pnpm generate-translations`
- **Old workflows**: `tolgee.yml` and `tolgee-missing-key-check.yml` removed
- **New workflow**: `translation-check.yml` handles all validation
-
---
-
-**Last Updated:** October 14, 2025
-**Related Files:**
- `scan-translations.ts` - Translation validation script
- `.husky/pre-commit` - Pre-commit hook with i18n validation
- `.github/workflows/translation-check.yml` - CI workflow for translation validation
- `apps/web/locales/*.json` - Translation files
--- a/.cursor/rules/react-context-patterns.mdc
+++ b/.cursor/rules/react-context-patterns.mdc
@@ -1,52 +0,0 @@
---
-description: 
-globs: 
-alwaysApply: false
---
-# React Context & Provider Patterns
-
-## Context Provider Best Practices
-
-### Provider Implementation
- Use TypeScript interfaces for provider props with optional `initialCount` for testing
- Implement proper cleanup in `useEffect` to avoid React hooks warnings
- Reference: [apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/ResponseCountProvider.tsx](mdc:apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/ResponseCountProvider.tsx)
-
-### Cleanup Pattern for Refs
-```typescript
-useEffect(() => {
-  const currentPendingRequests = pendingRequests.current;
-  const currentAbortController = abortController.current;
-  
-  return () => {
-    if (currentAbortController) {
-      currentAbortController.abort();
-    }
-    currentPendingRequests.clear();
-  };
-}, []);
-```
-
-### Testing Context Providers
- Always wrap components using context in the provider during tests
- Use `initialCount` prop for predictable test scenarios
- Mock context dependencies like `useParams`, `useResponseFilter`
- Example from [apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.test.tsx](mdc:apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SurveyAnalysisCTA.test.tsx):
-
-```typescript
-render(
-  <ResponseCountProvider survey={dummySurvey} initialCount={5}>
-    <ComponentUnderTest />
-  </ResponseCountProvider>
-);
-```
-
-### Required Mocks for Context Testing
- Mock `next/navigation` with `useParams` returning environment and survey IDs
- Mock response filter context and actions
- Mock API actions that the provider depends on
-
-### Context Hook Usage
- Create custom hooks like `useResponseCountContext()` for consuming context
- Provide meaningful error messages when context is used outside provider
- Use context for shared state that multiple components need to access
--- a/.cursor/rules/review-and-refine.mdc
+++ b/.cursor/rules/review-and-refine.mdc
@@ -1,179 +0,0 @@
---
-description: Apply these quality standards before finalizing code changes to ensure DRY principles, React best practices, TypeScript conventions, and maintainable code.
-globs:
-alwaysApply: false
---
-
-# Review & Refine
-
-Before finalizing any code changes, review your implementation against these quality standards:
-
-## Core Principles
-
-### DRY (Don't Repeat Yourself)
-
- Extract duplicated logic into reusable functions or hooks
- If the same code appears in multiple places, consolidate it
- Create helper functions at appropriate scope (component-level, module-level, or utility files)
- Avoid copy-pasting code blocks
-
-### Code Reduction
-
- Remove unnecessary code, comments, and abstractions
- Prefer built-in solutions over custom implementations
- Consolidate similar logic
- Remove dead code and unused imports
- Question if every line of code is truly needed
-
-## React Best Practices
-
-### Component Design
-
- Keep components focused on a single responsibility
- Extract complex logic into custom hooks
- Prefer composition over prop drilling
- Use children props and render props when appropriate
- Keep component files under 300 lines when possible
-
-### Hooks Usage
-
- Follow Rules of Hooks (only call at top level, only in React functions)
- Extract complex `useEffect` logic into custom hooks
- Use `useMemo` and `useCallback` only when you have a measured performance issue
- Declare dependencies arrays correctly - don't ignore exhaustive-deps warnings
- Keep `useEffect` focused on a single concern
-
-### State Management
-
- Colocate state as close as possible to where it's used
- Lift state only when necessary
- Use `useReducer` for complex state logic with multiple sub-values
- Avoid derived state - compute values during render instead
- Don't store values in state that can be computed from props
-
-### Event Handlers
-
- Name event handlers with `handle` prefix (e.g., `handleClick`, `handleSubmit`)
- Extract complex event handler logic into separate functions
- Avoid inline arrow functions in JSX when they contain complex logic
-
-## TypeScript Best Practices
-
-### Type Safety
-
- Prefer type inference over explicit types when possible
- Use `const` assertions for literal types
- Avoid `any` - use `unknown` if type is truly unknown
- Use discriminated unions for complex conditional logic
- Leverage type guards and narrowing
-
-### Interface & Type Usage
-
- Use existing types from `@formbricks/types` - don't recreate them
- Prefer `interface` for object shapes that might be extended
- Prefer `type` for unions, intersections, and mapped types
- Define types close to where they're used unless they're shared
- Export types from index files for shared types
-
-### Type Assertions
-
- Avoid type assertions (`as`) when possible
- Use type guards instead of assertions
- Only assert when you have more information than TypeScript
-
-## Code Organization
-
-### Separation of Concerns
-
- Separate business logic from UI rendering
- Extract API calls into separate functions or modules
- Keep data transformation separate from component logic
- Use custom hooks for stateful logic that doesn't render UI
-
-### Function Clarity
-
- Functions should do one thing well
- Name functions clearly and descriptively
- Keep functions small (aim for under 20 lines)
- Extract complex conditionals into named boolean variables or functions
- Avoid deep nesting (max 3 levels)
-
-### File Structure
-
- Group related functions together
- Order declarations logically (types → hooks → helpers → component)
- Keep imports organized (external → internal → relative)
- Consider splitting large files by concern
-
-## Additional Quality Checks
-
-### Performance
-
- Don't optimize prematurely - measure first
- Avoid creating new objects/arrays/functions in render unnecessarily
- Use keys properly in lists (stable, unique identifiers)
- Lazy load heavy components when appropriate
-
-### Accessibility
-
- Use semantic HTML elements
- Include ARIA labels where needed
- Ensure keyboard navigation works
- Check color contrast and focus states
-
-### Error Handling
-
- Handle error states in components
- Provide user feedback for failed operations
- Use error boundaries for component errors
- Log errors appropriately (avoid swallowing errors silently)
-
-### Naming Conventions
-
- Use descriptive names (avoid abbreviations unless very common)
- Boolean variables/props should sound like yes/no questions (`isLoading`, `hasError`, `canEdit`)
- Arrays should be plural (`users`, `choices`, `items`)
- Event handlers: `handleX` in components, `onX` for props
- Constants in UPPER_SNAKE_CASE only for true constants
-
-### Code Readability
-
- Prefer early returns to reduce nesting
- Use destructuring to make code clearer
- Break complex expressions into named variables
- Add comments only when code can't be made self-explanatory
- Use whitespace to group related code
-
-### Testing Considerations
-
- Write code that's easy to test (pure functions, clear inputs/outputs)
- Avoid hard-to-mock dependencies when possible
- Keep side effects at the edges of your code
-
-## Review Checklist
-
-Before submitting your changes, ask yourself:
-
-1. **DRY**: Is there any duplicated logic I can extract?
-2. **Clarity**: Would another developer understand this code easily?
-3. **Simplicity**: Is this the simplest solution that works?
-4. **Types**: Am I using TypeScript effectively?
-5. **React**: Am I following React idioms and best practices?
-6. **Performance**: Are there obvious performance issues?
-7. **Separation**: Are concerns properly separated?
-8. **Testing**: Is this code testable?
-9. **Maintenance**: Will this be easy to change in 6 months?
-10. **Deletion**: Can I remove any code and still accomplish the goal?
-
-## When to Apply This Rule
-
-Apply this rule:
-
- After implementing a feature but before marking it complete
- When you notice your code feels "messy" or complex
- Before requesting code review
- When you see yourself copy-pasting code
- After receiving feedback about code quality
-
-Don't let perfect be the enemy of good, but always strive for:
-**Simple, readable, maintainable code that does one thing well.**
--- a/.cursor/rules/storybook-component-migration.mdc
+++ b/.cursor/rules/storybook-component-migration.mdc
@@ -1,216 +0,0 @@
---
-description: Migrate deprecated UI components to a unified component
-globs: 
-alwaysApply: false
---
-# Component Migration Automation Rule
-
-## Overview
-This rule automates the migration of deprecated components to new component systems in React/TypeScript codebases.
-
-## Trigger
-When the user requests component migration (e.g., "migrate [DeprecatedComponent] to [NewComponent]" or "component migration").
-
-## Process
-
-### Step 1: Discovery and Planning
-1. **Identify migration parameters:**
-   - Ask user for deprecated component name (e.g., "Modal")
-   - Ask user for new component name(s) (e.g., "Dialog")
-   - Ask for any components to exclude (e.g., "ModalWithTabs")
-   - Ask for specific import paths if needed
-
-2. **Scan codebase** for deprecated components:
-   - Search for `import.*[DeprecatedComponent]` patterns
-   - Exclude specified components that should not be migrated
-   - List all found components with file paths
-   - Present numbered list to user for confirmation
-
-### Step 2: Component-by-Component Migration
-For each component, follow this exact sequence:
-
-#### 2.1 Component Migration
- **Import changes:**
-  - Ask user to provide the new import structure
-  - Example transformation pattern:
-  ```typescript
-  // FROM:
-  import { [DeprecatedComponent] } from "@/components/ui/[DeprecatedComponent]"
-  
-  // TO:
-  import {
-    [NewComponent],
-    [NewComponentPart1],
-    [NewComponentPart2],
-    // ... other parts
-  } from "@/components/ui/[NewComponent]"
-  ```
-
- **Props transformation:**
-  - Ask user for prop mapping rules (e.g., `open` → `open`, `setOpen` → `onOpenChange`)
-  - Ask for props to remove (e.g., `noPadding`, `closeOnOutsideClick`, `size`)
-  - Apply transformations based on user specifications
-
- **Structure transformation:**
-  - Ask user for the new component structure pattern
-  - Apply the transformation maintaining all functionality
-  - Preserve all existing logic, state management, and event handlers
-
-#### 2.2 Wait for User Approval
- Present the migration changes
- Wait for explicit user approval before proceeding
- If rejected, ask for specific feedback and iterate
-#### 2.3 Re-read and Apply Additional Changes
- Re-read the component file to capture any user modifications
- Apply any additional improvements the user made
- Ensure all changes are incorporated
-
-#### 2.4 Test File Updates
- **Find corresponding test file** (same name with `.test.tsx` or `.test.ts`)
- **Update test mocks:**
-  - Ask user for new component mock structure
-  - Replace old component mocks with new ones
-  - Example pattern:
-  ```typescript
-  // Add to test setup:
-  jest.mock("@/components/ui/[NewComponent]", () => ({
-    [NewComponent]: ({ children, [props] }: any) => ([mock implementation]),
-    [NewComponentPart1]: ({ children }: any) => <div data-testid="[new-component-part1]">{children}</div>,
-    [NewComponentPart2]: ({ children }: any) => <div data-testid="[new-component-part2]">{children}</div>,
-    // ... other parts
-  }));
-  ```
- **Update test expectations:**
-  - Change test IDs from old component to new component
-  - Update any component-specific assertions
-  - Ensure all new component parts used in the component are mocked
-
-#### 2.5 Run Tests and Optimize
- Execute `Node package manager test -- ComponentName.test.tsx`
- Fix any failing tests
- Optimize code quality (imports, formatting, etc.)
- Re-run tests until all pass
- **Maximum 3 iterations** - if still failing, ask user for guidance
-
-#### 2.6 Wait for Final Approval
- Present test results and any optimizations made
- Wait for user approval of the complete migration
- If rejected, iterate based on feedback
-
-#### 2.7 Git Commit
- Run: `git add .`
- Run: `git commit -m "migrate [ComponentName] from [DeprecatedComponent] to [NewComponent]"`
- Confirm commit was successful
-
-### Step 3: Final Report Generation
-After all components are migrated, generate a comprehensive GitHub PR report:
-
-#### PR Title
-```
-feat: migrate [DeprecatedComponent] components to [NewComponent] system
-```
-
-#### PR Description Template
-```markdown
-## 🔄 [DeprecatedComponent] to [NewComponent] Migration
-
-### Overview
-Migrated [X] [DeprecatedComponent] components to the new [NewComponent] component system to modernize the UI architecture and improve consistency.
-
-### Components Migrated
-[List each component with file path]
-
-### Technical Changes
- **Imports:** Replaced `[DeprecatedComponent]` with `[NewComponent], [NewComponentParts...]`
- **Props:** [List prop transformations]
- **Structure:** Implemented proper [NewComponent] component hierarchy
- **Styling:** [Describe styling changes]
- **Tests:** Updated all test mocks and expectations
-
-### Migration Pattern
-```typescript
-// Before
-<[DeprecatedComponent] [oldProps]>
-  [oldStructure]
-</[DeprecatedComponent]>
-
-// After
-<[NewComponent] [newProps]>
-  [newStructure]
-</[NewComponent]>
-```
-
-### Testing
- ✅ All existing tests updated and passing
- ✅ Component functionality preserved
- ✅ UI/UX behavior maintained
-
-### How to Test This PR
-1. **Functional Testing:**
-   - Navigate to each migrated component's usage
-   - Verify [component] opens and closes correctly
-   - Test all interactive elements within [components]
-   - Confirm styling and layout are preserved
-
-2. **Automated Testing:**
-   ```bash
-   Node package manager test
-   ```
-
-3. **Visual Testing:**
-   - Check that all [components] maintain proper styling
-   - Verify responsive behavior
-   - Test keyboard navigation and accessibility
-
-### Breaking Changes
-[List any breaking changes or state "None - this is a drop-in replacement maintaining all existing functionality."]
-
-### Notes
- [Any excluded components] were preserved as they already use [NewComponent] internally
- All form validation and complex state management preserved
- Enhanced code quality with better imports and formatting
-```
-
-## Special Considerations
-
-### Excluded Components
- **DO NOT MIGRATE** components specified by user as exclusions
- They may already use the new component internally or have other reasons
- Inform user these are skipped and why
-
-### Complex Components
- Preserve all existing functionality (forms, validation, state management)
- Maintain prop interfaces
- Keep all event handlers and callbacks
- Preserve accessibility features
-
-### Test Coverage
- Ensure all new component parts are mocked when used
- Mock all new component parts that appear in the component
- Update test IDs from old component to new component
- Maintain all existing test scenarios
-
-### Error Handling
- If tests fail after 3 iterations, stop and ask user for guidance
- If component is too complex, ask user for specific guidance
- If unsure about functionality preservation, ask for clarification
-
-### Migration Patterns
- Always ask user for specific migration patterns before starting
- Confirm import structures, prop mappings, and component hierarchies
- Adapt to different component architectures (simple replacements, complex restructuring, etc.)
-
-## Success Criteria
- All deprecated components successfully migrated to new components
- All tests passing
- No functionality lost
- Code quality maintained or improved
- User approval on each component
- Successful git commits for each migration
- Comprehensive PR report generated
-
-## Usage Examples
- "migrate Modal to Dialog"
- "migrate Button to NewButton" 
- "migrate Card to ModernCard"
- "component migration" (will prompt for details) 
--- a/.cursor/rules/storybook-create-new-story.mdc
+++ b/.cursor/rules/storybook-create-new-story.mdc
@@ -1,177 +0,0 @@
---
-description: Create a story in Storybook for a given component
-globs:
-alwaysApply: false
---
-
-# Formbricks Storybook Stories
-
-## When generating Storybook stories for Formbricks components:
-
-### 1. **File Structure**
- Create `stories.tsx` (not `.stories.tsx`) in component directory
- Use exact import: `import { Meta, StoryObj } from "@storybook/react-vite";`
- Import component from `"./index"`
-
-### 2. **Story Structure Template**
-```tsx
-import { Meta, StoryObj } from "@storybook/react-vite";
-import { ComponentName } from "./index";
-
-// For complex components with configurable options
-// consider this as an example the options need to reflect the props types
-interface StoryOptions {
-  showIcon: boolean;
-  numberOfElements: number;
-  customLabels: string[];
-}
-
-type StoryProps = React.ComponentProps<typeof ComponentName> & StoryOptions;
-
-const meta: Meta<StoryProps> = {
-  title: "UI/ComponentName",
-  component: ComponentName,
-  tags: ["autodocs"],
-  parameters: {
-    layout: "centered",
-    controls: { sort: "alpha", exclude: [] },
-    docs: {
-      description: {
-        component: "The **ComponentName** component provides [description].",
-      },
-    },
-  },
-  argTypes: {
-    // Organize in exactly these categories: Behavior, Appearance, Content
-  },
-};
-
-export default meta;
-type Story = StoryObj<typeof ComponentName> & { args: StoryOptions };
-```
-
-### 3. **ArgTypes Organization**
-Organize ALL argTypes into exactly three categories:
- **Behavior**: disabled, variant, onChange, etc.
- **Appearance**: size, color, layout, styling, etc.  
- **Content**: text, icons, numberOfElements, etc.
-
-Format:
-```tsx
-argTypes: {
-  propName: {
-    control: "select" | "boolean" | "text" | "number",
-    options: ["option1", "option2"], // for select
-    description: "Clear description",
-    table: {
-      category: "Behavior" | "Appearance" | "Content",
-      type: { summary: "string" },
-      defaultValue: { summary: "default" },
-    },
-    order: 1,
-  },
-}
-```
-
-### 4. **Required Stories**
-Every component must include:
- `Default`: Most common use case
- `Disabled`: If component supports disabled state
- `WithIcon`: If component supports icons
- Variant stories for each variant (Primary, Secondary, Error, etc.)
- Edge case stories (ManyElements, LongText, CustomStyling)
-
-### 5. **Story Format**
-```tsx
-export const Default: Story = {
-  args: {
-    // Props with realistic values
-  },
-};
-
-export const EdgeCase: Story = {
-  args: { /* ... */ },
-  parameters: {
-    docs: {
-      description: {
-        story: "Use this when [specific scenario].",
-      },
-    },
-  },
-};
-```
-
-### 6. **Dynamic Content Pattern**
-For components with dynamic content, create render function:
-```tsx
-const renderComponent = (args: StoryProps) => {
-  const { numberOfElements, showIcon, customLabels } = args;
-  
-  // Generate dynamic content
-  const elements = Array.from({ length: numberOfElements }, (_, i) => ({
-    id: `element-${i}`,
-    label: customLabels[i] || `Element ${i + 1}`,
-    icon: showIcon ? <IconComponent /> : undefined,
-  }));
-  
-  return <ComponentName {...args} elements={elements} />;
-};
-
-export const Dynamic: Story = {
-  render: renderComponent,
-  args: {
-    numberOfElements: 3,
-    showIcon: true,
-    customLabels: ["First", "Second", "Third"],
-  },
-};
-```
-
-### 7. **State Management**
-For interactive components:
-```tsx
-import { useState } from "react";
-
-const ComponentWithState = (args: any) => {
-  const [value, setValue] = useState(args.defaultValue);
-  
-  return (
-    <ComponentName
-      {...args}
-      value={value}
-      onChange={(newValue) => {
-        setValue(newValue);
-        args.onChange?.(newValue);
-      }}
-    />
-  );
-};
-
-export const Interactive: Story = {
-  render: ComponentWithState,
-  args: { defaultValue: "initial" },
-};
-```
-
-### 8. **Quality Requirements**
- Include component description in parameters.docs
- Add story documentation for non-obvious use cases
- Test edge cases (overflow, empty states, many elements)
- Ensure no TypeScript errors
- Use realistic prop values
- Include at least 3-5 story variants
- Example values need to be in the context of survey application
-
-### 9. **Naming Conventions**
- **Story titles**: "UI/ComponentName"
- **Story exports**: PascalCase (Default, WithIcon, ManyElements)
- **Categories**: "Behavior", "Appearance", "Content" (exact spelling)
- **Props**: camelCase matching component props
-
-### 10. **Special Cases**
- **Generic components**: Remove `component` from meta if type conflicts
- **Form components**: Include Invalid, WithValue stories
- **Navigation**: Include ManyItems stories
- **Modals, Dropdowns and Popups **: Include trigger and content structure
-
-## Generate stories that are comprehensive, well-documented, and reflect all component states and edge cases. 
--- a/.github/workflows/pr-size-check.yml
+++ b/.github/workflows/pr-size-check.yml
@@ -111,27 +111,21 @@ jobs:
            const additions = ${{ steps.check-size.outputs.total_additions }};
            const deletions = ${{ steps.check-size.outputs.total_deletions }};
            
-            const body = `## 🚨 PR Size Warning
-            
-This PR has approximately **${totalChanges} lines** of changes (${additions} additions, ${deletions} deletions across ${countedFiles} files).
-
-Large PRs (>800 lines) are significantly harder to review and increase the chance of merge conflicts. Consider splitting this into smaller, self-contained PRs.
-
-### 💡 Suggestions:
- **Split by feature or module** - Break down into logical, independent pieces
- **Create a sequence of PRs** - Each building on the previous one
- **Branch off PR branches** - Don't wait for reviews to continue dependent work
-
-### 📊 What was counted:
- ✅ Source files, stylesheets, configuration files
- ❌ Excluded ${excludedFiles} files (tests, locales, locks, generated files)
-
-### 📚 Guidelines:
- **Ideal:** 300-500 lines per PR
- **Warning:** 500-800 lines
- **Critical:** 800+ lines ⚠️
-
-If this large PR is unavoidable (e.g., migration, dependency update, major refactor), please explain in the PR description why it couldn't be split.`;
+            const body = '## 🚨 PR Size Warning\n\n' +
+              'This PR has approximately **' + totalChanges + ' lines** of changes (' + additions + ' additions, ' + deletions + ' deletions across ' + countedFiles + ' files).\n\n' +
+              'Large PRs (>800 lines) are significantly harder to review and increase the chance of merge conflicts. Consider splitting this into smaller, self-contained PRs.\n\n' +
+              '### 💡 Suggestions:\n' +
+              '- **Split by feature or module** - Break down into logical, independent pieces\n' +
+              '- **Create a sequence of PRs** - Each building on the previous one\n' +
+              '- **Branch off PR branches** - Don\'t wait for reviews to continue dependent work\n\n' +
+              '### 📊 What was counted:\n' +
+              '- ✅ Source files, stylesheets, configuration files\n' +
+              '- ❌ Excluded ' + excludedFiles + ' files (tests, locales, locks, generated files)\n\n' +
+              '### 📚 Guidelines:\n' +
+              '- **Ideal:** 300-500 lines per PR\n' +
+              '- **Warning:** 500-800 lines\n' +
+              '- **Critical:** 800+ lines ⚠️\n\n' +
+              'If this large PR is unavoidable (e.g., migration, dependency update, major refactor), please explain in the PR description why it couldn\'t be split.';
            
            // Check if we already commented
            const { data: comments } = await github.rest.issues.listComments({
--- a/.gitignore
+++ b/.gitignore
@@ -62,3 +62,4 @@ branch.json
 packages/ios/FormbricksSDK/FormbricksSDK.xcodeproj/project.xcworkspace/xcuserdata
 .cursorrules
 i18n.cache
+stats.html
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -1,6 +1,3 @@
-#!/bin/sh
-. "$(dirname "$0")/_/husky.sh"
-
 # Load environment variables from .env files
 if [ -f .env ]; then
  set -a
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -18,11 +18,65 @@ Formbricks runs as a pnpm/turbo monorepo. `apps/web` is the Next.js product surf
 ## Coding Style & Naming Conventions

 TypeScript, React, and Prisma are the primary languages. Use the shared ESLint presets (`@formbricks/eslint-config`) and Prettier preset (110-char width, semicolons, double quotes, sorted import groups). Two-space indentation is standard; prefer `PascalCase` for React components and folders under `modules/`, `camelCase` for functions/variables, and `SCREAMING_SNAKE_CASE` only for constants. When adding mocks, place them inside `__mocks__` so import ordering stays stable.
+We are using SonarQube to identify code smells and security hotspots.
+
+## Architecture & Patterns
+
+- Next.js app router lives in `apps/web/app` with route groups like `(app)` and `(auth)`. Services live in `apps/web/lib`, feature modules in `apps/web/modules`.
+- Server actions wrap service calls and return `{ data }` or `{ error }` consistently.
+- Context providers should guard against missing provider usage and use cleanup patterns that snapshot refs inside `useEffect` to avoid React hooks warnings
+
+## Caching
+
+- Use React `cache()` for request-level dedupe and `cache.withCache()` or explicit Redis for expensive data.
+- Do not use Next.js `unstable_cache()`.
+- Always use `createCacheKey.*` utilities for cache keys.
+
+## i18n (Internationalization)
+
+- All user-facing text must use the `t()` function from `react-i18next`.
+- Key naming: use lowercase with dots for nesting (e.g., `common.welcome`).
+- Translations are in `apps/web/locales/`. Default is `en-US.json`.
+- Lingo.dev is automatically translating strings from en-US into other languages on commit. Run `pnpm i18n` to generate missing translations and validate keys.
+
+## Database & Prisma Performance
+
+- Multi-tenancy: All data must be scoped by Organization or Environment.
+- Soft Deletion: Check for `isActive` or `deletedAt` fields; use proper filtering.
+- Never use `skip`/`offset` with `prisma.response.count()`; only use `where`.
+- Separate count and data queries and run in parallel (`Promise.all`).
+- Prefer cursor pagination for large datasets.
+- When filtering by `createdAt`, include indexed fields (e.g., `surveyId` + `createdAt`).

 ## Testing Guidelines

 Prefer Vitest with Testing Library for logic in `.ts` files, keeping specs colocated with the code they exercise (`utility.test.ts`). Do not write tests for `.tsx` files—React components are covered by Playwright E2E tests instead. Mock network and storage boundaries through helpers from `@formbricks/*`. Run `pnpm test` before opening a PR and `pnpm test:coverage` when touching critical flows; keep coverage from regressing. End-to-end scenarios belong in `apps/web/playwright`, using descriptive filenames (`billing.spec.ts`) and tagging slow suites with `@slow` when necessary.

+## Documentation (apps/docs)
+
+- Add frontmatter with `title`, `description`, and `icon` at the top of the MDX file.
+- Do not start with an H1; use Camel Case headings (only capitalize the feature name).
+- Use Mintlify components for steps and callouts.
+- If Enterprise-only, add the Enterprise note block described in docs.
+
+## Storybook
+
+- Stories live in `stories.tsx` in the component folder and import from `"./index"`.
+- Use `@storybook/react-vite` and organize argTypes into `Behavior`, `Appearance`, `Content`.
+- Include Default, Disabled (if supported), WithIcon (if supported), all variants, and edge cases.
+
+## GitHub Actions
+
+- Always set minimal `permissions` for `GITHUB_TOKEN`.
+- On `ubuntu-latest`, add `step-security/harden-runner` as the first step.
+
+## Quality Checklist
+
+- Keep code DRY and small; remove dead code and unused imports.
+- Follow React hooks rules, keep effects focused, and avoid unnecessary `useMemo`/`useCallback`.
+- Prefer type inference, avoid `any`, and use shared types from `@formbricks/types`.
+- Keep components focused, avoid deep nesting, and ensure basic accessibility.
+
 ## Commit & Pull Request Guidelines

 Commits follow a lightweight Conventional Commit format (`fix:`, `chore:`, `feat:`) and usually append the PR number, e.g. `fix: update OpenAPI schema (#6617)`. Keep commits scoped and lint-clean. Pull requests should outline the problem, summarize the solution, and link to issues or product specs. Attach screenshots or gifs for UI-facing work, list any migrations or env changes, and paste the output of relevant commands (`pnpm test`, `pnpm lint`, `pnpm db:migrate:dev`) so reviewers can verify readiness.
--- a/apps/storybook/package.json
+++ b/apps/storybook/package.json
@@ -11,24 +11,24 @@
    "clean": "rimraf .turbo node_modules dist storybook-static"
  },
  "dependencies": {
-    "@formbricks/survey-ui": "workspace:*",
-    "eslint-plugin-react-refresh": "0.4.24"
+    "@formbricks/survey-ui": "workspace:*"
  },
  "devDependencies": {
-    "@chromatic-com/storybook": "^4.1.3",
-    "@storybook/addon-a11y": "10.0.8",
-    "@storybook/addon-links": "10.0.8",
-    "@storybook/addon-onboarding": "10.0.8",
-    "@storybook/react-vite": "10.0.8",
-    "@typescript-eslint/eslint-plugin": "8.48.0",
-    "@tailwindcss/vite": "4.1.17",
-    "@typescript-eslint/parser": "8.48.0",
-    "@vitejs/plugin-react": "5.1.1",
-    "esbuild": "0.27.0",
-    "eslint-plugin-storybook": "10.0.8",
+    "@chromatic-com/storybook": "^5.0.0",
+    "@storybook/addon-a11y": "10.1.11",
+    "@storybook/addon-links": "10.1.11",
+    "@storybook/addon-onboarding": "10.1.11",
+    "@storybook/react-vite": "10.1.11",
+    "@typescript-eslint/eslint-plugin": "8.53.0",
+    "@tailwindcss/vite": "4.1.18",
+    "@typescript-eslint/parser": "8.53.0",
+    "@vitejs/plugin-react": "5.1.2",
+    "esbuild": "0.27.2",
+    "eslint-plugin-react-refresh": "0.4.26",
+    "eslint-plugin-storybook": "10.1.11",
    "prop-types": "15.8.1",
-    "storybook": "10.0.8",
-    "vite": "7.2.4",
-    "@storybook/addon-docs": "10.0.8"
+    "storybook": "10.1.11",
+    "vite": "7.3.1",
+    "@storybook/addon-docs": "10.1.11"
  }
 }
--- a/apps/web/.eslintignore
+++ b/apps/web/.eslintignore
@@ -0,0 +1,7 @@
+node_modules/
+.next/
+public/
+playwright/
+dist/
+coverage/
+vendor/
--- a/apps/web/Dockerfile
+++ b/apps/web/Dockerfile
@@ -104,6 +104,9 @@ RUN chown -R nextjs:nextjs ./apps/web/.next/static && chmod -R 755 ./apps/web/.n
 COPY --from=installer /app/apps/web/public ./apps/web/public
 RUN chown -R nextjs:nextjs ./apps/web/public && chmod -R 755 ./apps/web/public

+# Create packages/database directory structure with proper ownership for runtime migrations
+RUN mkdir -p ./packages/database/migrations && chown -R nextjs:nextjs ./packages/database
+
 COPY --from=installer /app/packages/database/schema.prisma ./packages/database/schema.prisma
 RUN chown nextjs:nextjs ./packages/database/schema.prisma && chmod 644 ./packages/database/schema.prisma

--- a/apps/web/app/(app)/environments/[environmentId]/components/organization-breadcrumb.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/organization-breadcrumb.tsx
@@ -209,7 +209,7 @@ export const OrganizationBreadcrumb = ({
              )}
              {!isLoadingOrganizations && !loadError && (
                <>
-                  <DropdownMenuGroup>
+                  <DropdownMenuGroup className="max-h-[300px] overflow-y-auto">
                    {organizations.map((org) => (
                      <DropdownMenuCheckboxItem
                        key={org.id}
--- a/apps/web/app/(app)/environments/[environmentId]/components/project-breadcrumb.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/components/project-breadcrumb.tsx
@@ -234,7 +234,7 @@ export const ProjectBreadcrumb = ({
          )}
          {!isLoadingProjects && !loadError && (
            <>
-              <DropdownMenuGroup>
+              <DropdownMenuGroup className="max-h-[300px] overflow-y-auto">
                {projects.map((proj) => (
                  <DropdownMenuCheckboxItem
                    key={proj.id}
--- a/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/general/components/SecurityListTip.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/general/components/SecurityListTip.tsx
@@ -0,0 +1,26 @@
+"use client";
+
+import { ShieldCheckIcon } from "lucide-react";
+import Link from "next/link";
+import { useTranslation } from "react-i18next";
+
+export const SecurityListTip = () => {
+  const { t } = useTranslation();
+  return (
+    <div className="max-w-4xl">
+      <div className="flex items-center space-x-3 rounded-lg border border-blue-100 bg-blue-50 p-4 text-sm text-blue-900 shadow-sm">
+        <ShieldCheckIcon className="h-5 w-5 flex-shrink-0 text-blue-400" />
+        <p className="text-sm">
+          {t("environments.settings.general.security_list_tip")}{" "}
+          <Link
+            href="https://formbricks.com/security#stay-informed-with-formbricks-security-updates"
+            target="_blank"
+            rel="noopener noreferrer"
+            className="underline hover:text-blue-700">
+            {t("environments.settings.general.security_list_tip_link")}
+          </Link>
+        </p>
+      </div>
+    </div>
+  );
+};
--- a/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/general/page.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/general/page.tsx
@@ -12,6 +12,7 @@ import { PageHeader } from "@/modules/ui/components/page-header";
 import { SettingsCard } from "../../components/SettingsCard";
 import { DeleteOrganization } from "./components/DeleteOrganization";
 import { EditOrganizationNameForm } from "./components/EditOrganizationNameForm";
+import { SecurityListTip } from "./components/SecurityListTip";

 const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
  const params = await props.params;
@@ -48,6 +49,7 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
          </Alert>
        </div>
      )}
+      {!IS_FORMBRICKS_CLOUD && <SecurityListTip />}
      <SettingsCard
        title={t("environments.settings.general.organization_name")}
        description={t("environments.settings.general.organization_name_description")}>
--- a/apps/web/app/lib/survey-block-builder.test.ts
+++ b/apps/web/app/lib/survey-block-builder.test.ts
@@ -0,0 +1,80 @@
+import type { TFunction } from "i18next";
+import { describe, expect, test, vi } from "vitest";
+import { TSurveyElementTypeEnum } from "@formbricks/types/surveys/elements";
+import { createI18nString } from "@/lib/i18n/utils";
+import { buildBlock } from "./survey-block-builder";
+
+const mockT = vi.fn((key: string) => {
+  const translations: Record<string, string> = {
+    "common.next": "Next",
+    "common.back": "Back",
+    "": "",
+  };
+  return translations[key] || key;
+}) as unknown as TFunction;
+
+describe("survey-block-builder", () => {
+  describe("buildBlock", () => {
+    const mockElements = [
+      {
+        id: "element-1",
+        type: TSurveyElementTypeEnum.OpenText,
+        headline: createI18nString("Test Question", []),
+        required: false,
+        inputType: "text",
+        longAnswer: false,
+        charLimit: { enabled: false },
+      },
+    ];
+
+    test("should use getDefaultButtonLabel when buttonLabel is provided", () => {
+      const result = buildBlock({
+        name: "Test Block",
+        elements: mockElements,
+        buttonLabel: "Custom Next",
+        t: mockT,
+      });
+
+      expect(result.buttonLabel).toEqual({
+        default: "Custom Next",
+      });
+    });
+
+    test("should use createI18nString with empty translation when buttonLabel is not provided", () => {
+      const result = buildBlock({
+        name: "Test Block",
+        elements: mockElements,
+        t: mockT,
+      });
+
+      expect(result.buttonLabel).toEqual({
+        default: "",
+      });
+    });
+
+    test("should use getDefaultBackButtonLabel when backButtonLabel is provided", () => {
+      const result = buildBlock({
+        name: "Test Block",
+        elements: mockElements,
+        backButtonLabel: "Custom Back",
+        t: mockT,
+      });
+
+      expect(result.backButtonLabel).toEqual({
+        default: "Custom Back",
+      });
+    });
+
+    test("should use createI18nString with empty translation when backButtonLabel is not provided", () => {
+      const result = buildBlock({
+        name: "Test Block",
+        elements: mockElements,
+        t: mockT,
+      });
+
+      expect(result.backButtonLabel).toEqual({
+        default: "",
+      });
+    });
+  });
+});
--- a/apps/web/app/lib/survey-block-builder.ts
+++ b/apps/web/app/lib/survey-block-builder.ts
@@ -302,7 +302,9 @@ export const buildBlock = ({
    elements,
    logic,
    logicFallback,
-    buttonLabel: buttonLabel ? getDefaultButtonLabel(buttonLabel, t) : undefined,
-    backButtonLabel: backButtonLabel ? getDefaultBackButtonLabel(backButtonLabel, t) : undefined,
+    buttonLabel: buttonLabel ? getDefaultButtonLabel(buttonLabel, t) : createI18nString(t(""), []),
+    backButtonLabel: backButtonLabel
+      ? getDefaultBackButtonLabel(backButtonLabel, t)
+      : createI18nString(t(""), []),
  };
 };
--- a/apps/web/i18n.lock
+++ b/apps/web/i18n.lock
@@ -61,6 +61,10 @@ checksums:
    auth/signup/password_validation_uppercase_and_lowercase: ae98b485024dbff1022f6048e22443cd
    auth/signup/please_verify_captcha: 12938ca7ca13e3f933737dd5436fa1c0
    auth/signup/privacy_policy: 7459744a63ef8af4e517a09024bd7c08
+    auth/signup/product_updates_description: f20eedb2cf42d2235b1fe0294086695b
+    auth/signup/product_updates_title: 31e099ba18abb0a49f8a75fece1f1791
+    auth/signup/security_updates_description: 4643df07f13cec619e7fd91c8f14d93b
+    auth/signup/security_updates_title: de5127f5847cdd412906607e1402f48d
    auth/signup/terms_of_service: 5add91f519e39025708e54a7eb7a9fc5
    auth/signup/title: 96addc349f834eaa5d14c786d5478b1c
    auth/signup_without_verification_success/user_successfully_created: ff849ebedc5dacb36493d7894f16edc7
@@ -954,6 +958,8 @@ checksums:
    environments/settings/general/remove_logo: f60f1803e6fc8017b1eae7c30089107f
    environments/settings/general/replace_logo: e3c8bec7574a670607e88771164e272f
    environments/settings/general/resend_invitation_email: 6305d1ffa015c377ef59fe9c2661cf02
+    environments/settings/general/security_list_tip: 0bbed89fa5265da7e07767087f87c736
+    environments/settings/general/security_list_tip_link: ccdb1a21610ebf5a626d813b155be4ba
    environments/settings/general/share_invite_link: b40b7ffbcf02d7464be52fb562df5e3a
    environments/settings/general/share_this_link_to_let_your_organization_member_join_your_organization: 6eb43d5b1c855572b7ab35f527ba953c
    environments/settings/general/test_email_sent_successfully: aa68214f5e0707c9615e01343640ab32
@@ -1105,6 +1111,9 @@ checksums:
    environments/surveys/edit/assign: e80715ab64bf7cf463abb3a9fd1ad516
    environments/surveys/edit/audience: a4d9fab4214a641e2d358fbb28f010e0
    environments/surveys/edit/auto_close_on_inactivity: 093db516799315ccd4242a3675693012
+    environments/surveys/edit/auto_save_disabled: f7411fb0dcfb8f7b19b85f0be54f2231
+    environments/surveys/edit/auto_save_disabled_tooltip: 77322e1e866b7d29f7641a88bbd3b681
+    environments/surveys/edit/auto_save_on: 1524d466830b00c5d727c701db404963
    environments/surveys/edit/automatically_close_survey_after: 3e1c400a4b226c875dc8337e3b204d85
    environments/surveys/edit/automatically_close_the_survey_after_a_certain_number_of_responses: 2beee129dca506f041e5d1e6a1688310
    environments/surveys/edit/automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds: 1be3819ffa1db67385357ae933d69a7b
@@ -1386,6 +1395,7 @@ checksums:
    environments/surveys/edit/please_specify: e1faa6cd085144f7339c7e74dc6fb366
    environments/surveys/edit/prevent_double_submission: afc502baa2da81d9c9618da1c3b5a57a
    environments/surveys/edit/prevent_double_submission_description: ef7d2aa22d43bdc6ccebb076c6aa9ce5
+    environments/surveys/edit/progress_saved: d7bfc189571f08bbb4d0240cb9363ffa
    environments/surveys/edit/protect_survey_with_pin: 16d1925b6a5770f7423772d6d9a8291a
    environments/surveys/edit/protect_survey_with_pin_description: 0e55d19b6f3578b1024e03606172a5d2
    environments/surveys/edit/publish: 4aa95ba4793bb293e771bd73b4f87c0f
--- a/apps/web/lib/crypto.test.ts
+++ b/apps/web/lib/crypto.test.ts
@@ -444,11 +444,11 @@ describe("Crypto Utils", () => {
      expect(() => symmetricDecrypt(corruptedPayload, testKey)).toThrow();

      // Verify logger.warn was called with the correct format (object first, message second)
-      expect(logger.warn).toHaveBeenCalledWith(
-        { err: expect.any(Error) },
-        "AES-GCM decryption failed; refusing to fall back to insecure CBC"
-      );
      expect(logger.warn).toHaveBeenCalledTimes(1);
+      const [firstArg, secondArg] = vi.mocked(logger.warn).mock.calls[0];
+      expect(firstArg).toHaveProperty("err");
+      expect(firstArg.err).toHaveProperty("message");
+      expect(secondArg).toBe("AES-GCM decryption failed; refusing to fall back to insecure CBC");
    });

    test("logs warning and throws when GCM decryption fails with corrupted encrypted data", () => {
@@ -472,11 +472,11 @@ describe("Crypto Utils", () => {
      expect(() => symmetricDecrypt(corruptedPayload, testKey)).toThrow();

      // Verify logger.warn was called
-      expect(logger.warn).toHaveBeenCalledWith(
-        { err: expect.any(Error) },
-        "AES-GCM decryption failed; refusing to fall back to insecure CBC"
-      );
      expect(logger.warn).toHaveBeenCalledTimes(1);
+      const [firstArg, secondArg] = vi.mocked(logger.warn).mock.calls[0];
+      expect(firstArg).toHaveProperty("err");
+      expect(firstArg.err).toHaveProperty("message");
+      expect(secondArg).toBe("AES-GCM decryption failed; refusing to fall back to insecure CBC");
    });

    test("logs warning and throws when GCM decryption fails with wrong key", () => {
@@ -496,11 +496,11 @@ describe("Crypto Utils", () => {
      expect(() => symmetricDecrypt(payload, wrongKey)).toThrow();

      // Verify logger.warn was called
-      expect(logger.warn).toHaveBeenCalledWith(
-        { err: expect.any(Error) },
-        "AES-GCM decryption failed; refusing to fall back to insecure CBC"
-      );
      expect(logger.warn).toHaveBeenCalledTimes(1);
+      const [firstArg, secondArg] = vi.mocked(logger.warn).mock.calls[0];
+      expect(firstArg).toHaveProperty("err");
+      expect(firstArg.err).toHaveProperty("message");
+      expect(secondArg).toBe("AES-GCM decryption failed; refusing to fall back to insecure CBC");
    });
  });
 });
--- a/apps/web/lib/i18n/utils.ts
+++ b/apps/web/lib/i18n/utils.ts
@@ -88,7 +88,7 @@ export const getLanguageCode = (surveyLanguages: TSurveyLanguage[], languageCode
  return language?.default ? "default" : language?.language.code || "default";
 };

-export const iso639Identifiers = iso639Languages.map((language) => language.alpha2);
+export const iso639Identifiers = iso639Languages.map((language) => language.code);

 // Helper function to add language keys to a multi-language object (e.g. survey or question)
 // Iterates over the object recursively and adds empty strings for new language keys
@@ -130,217 +130,78 @@ export const appLanguages = [
    code: "en-US",
    label: {
      "en-US": "English (US)",
-      "de-DE": "Englisch (US)",
-      "pt-BR": "Inglês (EUA)",
-      "fr-FR": "Anglais (États-Unis)",
-      "zh-Hant-TW": "英文 (美國)",
-      "pt-PT": "Inglês (EUA)",
-      "ro-RO": "Engleză (SUA)",
-      "ja-JP": "英語（米国）",
-      "zh-Hans-CN": "英语（美国）",
-      "nl-NL": "Engels (VS)",
-      "es-ES": "Inglés (EE.UU.)",
-      "sv-SE": "Engelska (USA)",
-      "ru-RU": "Английский (США)",
    },
  },
  {
    code: "de-DE",
    label: {
      "en-US": "German",
-      "de-DE": "Deutsch",
-      "pt-BR": "Alemão",
-      "fr-FR": "Allemand",
-      "zh-Hant-TW": "德語",
-      "pt-PT": "Alemão",
-      "ro-RO": "Germană",
-      "ja-JP": "ドイツ語",
-      "zh-Hans-CN": "德语",
-      "nl-NL": "Duits",
-      "es-ES": "Alemán",
-      "sv-SE": "Tyska",
-      "ru-RU": "Немецкий",
    },
  },
  {
    code: "pt-BR",
    label: {
      "en-US": "Portuguese (Brazil)",
-      "de-DE": "Portugiesisch (Brasilien)",
-      "pt-BR": "Português (Brasil)",
-      "fr-FR": "Portugais (Brésil)",
-      "zh-Hant-TW": "葡萄牙語 (巴西)",
-      "pt-PT": "Português (Brasil)",
-      "ro-RO": "Portugheză (Brazilia)",
-      "ja-JP": "ポルトガル語（ブラジル）",
-      "zh-Hans-CN": "葡萄牙语（巴西）",
-      "nl-NL": "Portugees (Brazilië)",
-      "es-ES": "Portugués (Brasil)",
-      "sv-SE": "Portugisiska (Brasilien)",
-      "ru-RU": "Португальский (Бразилия)",
    },
  },
  {
    code: "fr-FR",
    label: {
      "en-US": "French",
-      "de-DE": "Französisch",
-      "pt-BR": "Francês",
-      "fr-FR": "Français",
-      "zh-Hant-TW": "法語",
-      "pt-PT": "Francês",
-      "ro-RO": "Franceză",
-      "ja-JP": "フランス語",
-      "zh-Hans-CN": "法语",
-      "nl-NL": "Frans",
-      "es-ES": "Francés",
-      "sv-SE": "Franska",
-      "ru-RU": "Французский",
    },
  },
  {
    code: "zh-Hant-TW",
    label: {
      "en-US": "Chinese (Traditional)",
-      "de-DE": "Chinesisch (Traditionell)",
-      "pt-BR": "Chinês (Tradicional)",
-      "fr-FR": "Chinois (Traditionnel)",
-      "zh-Hant-TW": "繁體中文",
-      "pt-PT": "Chinês (Tradicional)",
-      "ro-RO": "Chineza (Tradițională)",
-      "ja-JP": "中国語（繁体字）",
-      "zh-Hans-CN": "繁体中文",
-      "nl-NL": "Chinees (Traditioneel)",
-      "es-ES": "Chino (Tradicional)",
-      "sv-SE": "Kinesiska (traditionell)",
-      "ru-RU": "Китайский (традиционный)",
    },
  },
  {
    code: "pt-PT",
    label: {
      "en-US": "Portuguese (Portugal)",
-      "de-DE": "Portugiesisch (Portugal)",
-      "pt-BR": "Português (Portugal)",
-      "fr-FR": "Portugais (Portugal)",
-      "zh-Hant-TW": "葡萄牙語 (葡萄牙)",
-      "pt-PT": "Português (Portugal)",
-      "ro-RO": "Portugheză (Portugalia)",
-      "ja-JP": "ポルトガル語（ポルトガル）",
-      "zh-Hans-CN": "葡萄牙语（葡萄牙）",
-      "nl-NL": "Portugees (Portugal)",
-      "es-ES": "Portugués (Portugal)",
-      "sv-SE": "Portugisiska (Portugal)",
-      "ru-RU": "Португальский (Португалия)",
    },
  },
  {
    code: "ro-RO",
    label: {
      "en-US": "Romanian",
-      "de-DE": "Rumänisch",
-      "pt-BR": "Romeno",
-      "fr-FR": "Roumain",
-      "zh-Hant-TW": "羅馬尼亞語",
-      "pt-PT": "Romeno",
-      "ro-RO": "Română",
-      "ja-JP": "ルーマニア語",
-      "zh-Hans-CN": "罗马尼亚语",
-      "nl-NL": "Roemeens",
-      "es-ES": "Rumano",
-      "sv-SE": "Rumänska",
-      "ru-RU": "Румынский",
    },
  },
  {
    code: "ja-JP",
    label: {
      "en-US": "Japanese",
-      "de-DE": "Japanisch",
-      "pt-BR": "Japonês",
-      "fr-FR": "Japonais",
-      "zh-Hant-TW": "日語",
-      "pt-PT": "Japonês",
-      "ro-RO": "Japoneză",
-      "ja-JP": "日本語",
-      "zh-Hans-CN": "日语",
-      "nl-NL": "Japans",
-      "es-ES": "Japonés",
-      "sv-SE": "Japanska",
-      "ru-RU": "Японский",
    },
  },
  {
    code: "zh-Hans-CN",
    label: {
      "en-US": "Chinese (Simplified)",
-      "de-DE": "Chinesisch (Vereinfacht)",
-      "pt-BR": "Chinês (Simplificado)",
-      "fr-FR": "Chinois (Simplifié)",
-      "zh-Hant-TW": "簡體中文",
-      "pt-PT": "Chinês (Simplificado)",
-      "ro-RO": "Chineza (Simplificată)",
-      "ja-JP": "中国語（簡体字）",
-      "zh-Hans-CN": "简体中文",
-      "nl-NL": "Chinees (Vereenvoudigd)",
-      "es-ES": "Chino (Simplificado)",
-      "sv-SE": "Kinesiska (förenklad)",
-      "ru-RU": "Китайский (упрощенный)",
    },
  },
  {
    code: "nl-NL",
    label: {
      "en-US": "Dutch",
-      "de-DE": "Niederländisch",
-      "pt-BR": "Holandês",
-      "fr-FR": "Néerlandais",
-      "zh-Hant-TW": "荷蘭語",
-      "pt-PT": "Holandês",
-      "ro-RO": "Olandeza",
-      "ja-JP": "オランダ語",
-      "zh-Hans-CN": "荷兰语",
-      "nl-NL": "Nederlands",
-      "es-ES": "Neerlandés",
-      "sv-SE": "Nederländska",
-      "ru-RU": "Голландский",
    },
  },
  {
    code: "es-ES",
    label: {
      "en-US": "Spanish",
-      "de-DE": "Spanisch",
-      "pt-BR": "Espanhol",
-      "fr-FR": "Espagnol",
-      "zh-Hant-TW": "西班牙語",
-      "pt-PT": "Espanhol",
-      "ro-RO": "Spaniol",
-      "ja-JP": "スペイン語",
-      "zh-Hans-CN": "西班牙语",
-      "nl-NL": "Spaans",
-      "es-ES": "Español",
-      "sv-SE": "Spanska",
-      "ru-RU": "Испанский",
    },
  },
  {
    code: "sv-SE",
    label: {
      "en-US": "Swedish",
-      "de-DE": "Schwedisch",
-      "pt-BR": "Sueco",
-      "fr-FR": "Suédois",
-      "zh-Hant-TW": "瑞典語",
-      "pt-PT": "Sueco",
-      "ro-RO": "Suedeză",
-      "ja-JP": "スウェーデン語",
-      "zh-Hans-CN": "瑞典语",
-      "nl-NL": "Zweeds",
-      "es-ES": "Sueco",
-      "sv-SE": "Svenska",
-      "ru-RU": "Шведский",
+    },
+  },
+  {
+    code: "ru-RU",
+    label: {
+      "en-US": "Russian",
    },
  },
 ];
-export { iso639Languages };
--- a/apps/web/lib/survey/service.test.ts
+++ b/apps/web/lib/survey/service.test.ts
@@ -308,6 +308,10 @@ describe("Tests for updateSurvey", () => {
      const updatedSurvey = await updateSurvey(updateSurveyInput);
      expect(updatedSurvey).toEqual(mockTransformedSurveyOutput);
    });
+
+    // Note: Language handling tests (for languages.length > 0 fix) are covered in
+    // apps/web/modules/survey/editor/lib/survey.test.ts where we have better control
+    // over the test mocks. The key fix ensures languages.length > 0 (not > 1) is used.
  });

  describe("Sad Path", () => {
--- a/apps/web/lib/survey/service.ts
+++ b/apps/web/lib/survey/service.ts
@@ -329,7 +329,7 @@ export const updateSurveyInternal = async (
        ? currentSurvey.languages.map((l) => l.language.id)
        : [];
      const updatedLanguageIds =
-        languages.length > 1 ? updatedSurvey.languages.map((l) => l.language.id) : [];
+        languages.length > 0 ? updatedSurvey.languages.map((l) => l.language.id) : [];
      const enabledLanguageIds = languages.map((language) => {
        if (language.enabled) return language.language.id;
      });
--- a/apps/web/lib/utils/locale.test.ts
+++ b/apps/web/lib/utils/locale.test.ts
@@ -90,11 +90,10 @@ describe("locale", () => {
    // Verify sv-SE is in AVAILABLE_LOCALES
    expect(AVAILABLE_LOCALES).toContain("sv-SE");

-    // Verify Swedish has a language entry with proper labels
+    // Verify Swedish has a language entry with proper label
    const swedishLanguage = appLanguages.find((lang) => lang.code === "sv-SE");
    expect(swedishLanguage).toBeDefined();
    expect(swedishLanguage?.label["en-US"]).toBe("Swedish");
-    expect(swedishLanguage?.label["sv-SE"]).toBe("Svenska");

    // Verify the locale can be matched from Accept-Language header
    vi.mocked(nextHeaders.headers).mockReturnValue({
--- a/apps/web/locales/de-DE.json
+++ b/apps/web/locales/de-DE.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "Mix aus Groß- und Kleinbuchstaben",
      "please_verify_captcha": "Bitte bestätige reCAPTCHA",
      "privacy_policy": "Datenschutzerklärung",
+      "product_updates_description": "Monatliche Produktneuigkeiten und Feature-Updates, es gilt die Datenschutzerklärung.",
+      "product_updates_title": "Produkt-Updates",
+      "security_updates_description": "Nur sicherheitsrelevante Informationen, es gilt die Datenschutzerklärung.",
+      "security_updates_title": "Sicherheits-Updates",
      "terms_of_service": "Nutzungsbedingungen",
      "title": "Erstelle dein Formbricks-Konto"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Logo entfernen",
        "replace_logo": "Logo ersetzen",
        "resend_invitation_email": "Einladungsemail erneut senden",
+        "security_list_tip": "Haben Sie sich für unsere Sicherheitsliste angemeldet? Bleiben Sie informiert, um Ihre Instanz sicher zu halten!",
+        "security_list_tip_link": "Hier registrieren.",
        "share_invite_link": "Einladungslink teilen",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Teile diesen Link, damit dein Organisationsmitglied deiner Organisation beitreten kann:",
        "test_email_sent_successfully": "Test-E-Mail erfolgreich gesendet",
@@ -1176,6 +1182,9 @@
        "assign": "Zuweisen =",
        "audience": "Publikum",
        "auto_close_on_inactivity": "Automatisches Schließen bei Inaktivität",
+        "auto_save_disabled": "Automatisches Speichern deaktiviert",
+        "auto_save_disabled_tooltip": "Ihre Umfrage wird nur im Entwurfsmodus automatisch gespeichert. So wird sichergestellt, dass öffentliche Umfragen nicht unbeabsichtigt aktualisiert werden.",
+        "auto_save_on": "Automatisches Speichern an",
        "automatically_close_survey_after": "Umfrage automatisch schließen nach",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Schließe die Umfrage automatisch nach einer bestimmten Anzahl von Antworten.",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Schließe die Umfrage automatisch, wenn der Benutzer nach einer bestimmten Anzahl von Sekunden nicht antwortet.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Bitte angeben",
        "prevent_double_submission": "Doppeltes Anbschicken verhindern",
        "prevent_double_submission_description": "Nur eine Antwort pro E-Mail-Adresse zulassen (beta)",
+        "progress_saved": "Fortschritt gespeichert",
        "protect_survey_with_pin": "Umfrage mit einer PIN schützen",
        "protect_survey_with_pin_description": "Nur Benutzer, die die PIN haben, können auf die Umfrage zugreifen.",
        "publish": "Veröffentlichen",
--- a/apps/web/locales/en-US.json
+++ b/apps/web/locales/en-US.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "Mix of uppercase and lowercase",
      "please_verify_captcha": "Please verify reCAPTCHA",
      "privacy_policy": "Privacy Policy",
+      "product_updates_description": "Monthly product news and feature updates, Privacy Policy applies.",
+      "product_updates_title": "Product updates",
+      "security_updates_description": "Security relevant information only, Privacy Policy applies.",
+      "security_updates_title": "Security updates",
      "terms_of_service": "Terms of Service",
      "title": "Create your Formbricks account"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Remove logo",
        "replace_logo": "Replace logo",
        "resend_invitation_email": "Resend Invitation Email",
+        "security_list_tip": "Are you signed up for our Security List? Stay informed to keep your instance secure!",
+        "security_list_tip_link": "Sign up here.",
        "share_invite_link": "Share Invite Link",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Share this link to let your organization member join your organization:",
        "test_email_sent_successfully": "Test email sent successfully",
@@ -1176,6 +1182,9 @@
        "assign": "Assign =",
        "audience": "Audience",
        "auto_close_on_inactivity": "Auto close on inactivity",
+        "auto_save_disabled": "Auto-save disabled",
+        "auto_save_disabled_tooltip": "Your survey is only auto-saved when in draft. This assures public surveys are not unintentionally updated.",
+        "auto_save_on": "Auto-save on",
        "automatically_close_survey_after": "Automatically close survey after",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Automatically close the survey after a certain number of responses.",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Automatically close the survey if the user does not respond after certain number of seconds.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Please specify",
        "prevent_double_submission": "Prevent double submission",
        "prevent_double_submission_description": "Only allow 1 response per email address",
+        "progress_saved": "Progress saved",
        "protect_survey_with_pin": "Protect survey with a PIN",
        "protect_survey_with_pin_description": "Only users who have the PIN can access the survey.",
        "publish": "Publish",
--- a/apps/web/locales/es-ES.json
+++ b/apps/web/locales/es-ES.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "Mezcla de mayúsculas y minúsculas",
      "please_verify_captcha": "Por favor, verifica el reCAPTCHA",
      "privacy_policy": "Política de privacidad",
+      "product_updates_description": "Noticias mensuales del producto y actualizaciones de funciones, se aplica la política de privacidad.",
+      "product_updates_title": "Actualizaciones del producto",
+      "security_updates_description": "Solo información relevante sobre seguridad, se aplica la política de privacidad.",
+      "security_updates_title": "Actualizaciones de seguridad",
      "terms_of_service": "Términos de servicio",
      "title": "Crea tu cuenta de Formbricks"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Eliminar logotipo",
        "replace_logo": "Reemplazar logotipo",
        "resend_invitation_email": "Reenviar correo electrónico de invitación",
+        "security_list_tip": "¿Estás suscrito a nuestra lista de seguridad? ¡Mantente informado para mantener tu instancia segura!",
+        "security_list_tip_link": "Regístrate aquí.",
        "share_invite_link": "Compartir enlace de invitación",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Comparte este enlace para permitir que los miembros de tu organización se unan a tu organización:",
        "test_email_sent_successfully": "Correo electrónico de prueba enviado correctamente",
@@ -1176,6 +1182,9 @@
        "assign": "Asignar =",
        "audience": "Audiencia",
        "auto_close_on_inactivity": "Cierre automático por inactividad",
+        "auto_save_disabled": "Guardado automático desactivado",
+        "auto_save_disabled_tooltip": "Su encuesta solo se guarda automáticamente cuando está en borrador. Esto asegura que las encuestas públicas no se actualicen involuntariamente.",
+        "auto_save_on": "Guardado automático activado",
        "automatically_close_survey_after": "Cerrar automáticamente la encuesta después de",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Cerrar automáticamente la encuesta después de un cierto número de respuestas.",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Cerrar automáticamente la encuesta si el usuario no responde después de cierto número de segundos.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Por favor, especifica",
        "prevent_double_submission": "Evitar envío duplicado",
        "prevent_double_submission_description": "Permitir solo 1 respuesta por dirección de correo electrónico",
+        "progress_saved": "Progreso guardado",
        "protect_survey_with_pin": "Proteger encuesta con un PIN",
        "protect_survey_with_pin_description": "Solo los usuarios que tengan el PIN pueden acceder a la encuesta.",
        "publish": "Publicar",
--- a/apps/web/locales/fr-FR.json
+++ b/apps/web/locales/fr-FR.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "Mélange de majuscules et de minuscules",
      "please_verify_captcha": "Veuillez vérifier reCAPTCHA",
      "privacy_policy": "Politique de confidentialité",
+      "product_updates_description": "Actualités mensuelles du produit et mises à jour des fonctionnalités, la politique de confidentialité s'applique.",
+      "product_updates_title": "Mises à jour du produit",
+      "security_updates_description": "Informations relatives à la sécurité uniquement, la politique de confidentialité s'applique.",
+      "security_updates_title": "Mises à jour de sécurité",
      "terms_of_service": "Conditions d'utilisation",
      "title": "Créez votre compte Formbricks"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Supprimer le logo",
        "replace_logo": "Remplacer le logo",
        "resend_invitation_email": "Renvoyer l'e-mail d'invitation",
+        "security_list_tip": "Êtes-vous inscrit à notre liste de sécurité ? Restez informé pour maintenir votre instance sécurisée !",
+        "security_list_tip_link": "Inscrivez-vous ici.",
        "share_invite_link": "Partager le lien d'invitation",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Partagez ce lien pour permettre à un membre de votre organisation de rejoindre votre organisation :",
        "test_email_sent_successfully": "E-mail de test envoyé avec succès",
@@ -1176,6 +1182,9 @@
        "assign": "Attribuer =",
        "audience": "Public",
        "auto_close_on_inactivity": "Fermeture automatique en cas d'inactivité",
+        "auto_save_disabled": "Sauvegarde automatique désactivée",
+        "auto_save_disabled_tooltip": "Votre sondage n'est sauvegardé automatiquement que lorsqu'il est en brouillon. Cela garantit que les sondages publics ne sont pas mis à jour involontairement.",
+        "auto_save_on": "Sauvegarde automatique activée",
        "automatically_close_survey_after": "Fermer automatiquement l'enquête après",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Fermer automatiquement l'enquête après un certain nombre de réponses.",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Fermer automatiquement l'enquête si l'utilisateur ne répond pas après un certain nombre de secondes.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Veuillez préciser",
        "prevent_double_submission": "Empêcher la double soumission",
        "prevent_double_submission_description": "Autoriser uniquement 1 réponse par adresse e-mail",
+        "progress_saved": "Progression enregistrée",
        "protect_survey_with_pin": "Protéger l'enquête par un code PIN",
        "protect_survey_with_pin_description": "Seules les personnes ayant le code PIN peuvent accéder à l'enquête.",
        "publish": "Publier",
--- a/apps/web/locales/ja-JP.json
+++ b/apps/web/locales/ja-JP.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "大文字と小文字を混ぜる",
      "please_verify_captcha": "reCAPTCHAを認証してください",
      "privacy_policy": "プライバシーポリシー",
+      "product_updates_description": "毎月の製品ニュースと機能アップデート、プライバシーポリシーが適用されます。",
+      "product_updates_title": "製品アップデート",
+      "security_updates_description": "セキュリティ関連情報のみ、プライバシーポリシーが適用されます。",
+      "security_updates_title": "セキュリティアップデート",
      "terms_of_service": "利用規約",
      "title": "Formbricksアカウントを作成"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "ロゴを削除",
        "replace_logo": "ロゴを交換",
        "resend_invitation_email": "招待メールを再送信",
+        "security_list_tip": "セキュリティリストに登録していますか？インスタンスを安全に保つために最新情報を入手しましょう！",
+        "security_list_tip_link": "こちらからサインアップしてください。",
        "share_invite_link": "招待リンクを共有",
        "share_this_link_to_let_your_organization_member_join_your_organization": "このリンクを共有して、組織メンバーを招待できます:",
        "test_email_sent_successfully": "テストメールを正常に送信しました",
@@ -1176,6 +1182,9 @@
        "assign": "割り当て =",
        "audience": "オーディエンス",
        "auto_close_on_inactivity": "非アクティブ時に自動閉鎖",
+        "auto_save_disabled": "自動保存が無効",
+        "auto_save_disabled_tooltip": "アンケートは下書き状態の時のみ自動保存されます。これにより、公開中のアンケートが意図せず更新されることを防ぎます。",
+        "auto_save_on": "自動保存オン",
        "automatically_close_survey_after": "フォームを自動的に閉じる",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "一定の回答数に達した後にフォームを自動的に閉じます。",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "ユーザーが一定秒数応答しない場合、フォームを自動的に閉じます。",
@@ -1457,6 +1466,7 @@
        "please_specify": "具体的に指定してください",
        "prevent_double_submission": "二重送信を防ぐ",
        "prevent_double_submission_description": "メールアドレスごとに1つの回答のみを許可する",
+        "progress_saved": "進捗を保存しました",
        "protect_survey_with_pin": "PINでフォームを保護",
        "protect_survey_with_pin_description": "PINを持つユーザーのみがフォームにアクセスできます。",
        "publish": "公開",
--- a/apps/web/locales/nl-NL.json
+++ b/apps/web/locales/nl-NL.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "Mix van hoofdletters en kleine letters",
      "please_verify_captcha": "Controleer reCAPTCHA",
      "privacy_policy": "Privacybeleid",
+      "product_updates_description": "Maandelijks productnieuws en feature-updates, privacybeleid is van toepassing.",
+      "product_updates_title": "Product-updates",
+      "security_updates_description": "Alleen beveiligingsrelevante informatie, privacybeleid is van toepassing.",
+      "security_updates_title": "Beveiligingsupdates",
      "terms_of_service": "Servicevoorwaarden",
      "title": "Maak uw Formbricks-account aan"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Logo verwijderen",
        "replace_logo": "Logo vervangen",
        "resend_invitation_email": "Uitnodigings-e-mail opnieuw verzenden",
+        "security_list_tip": "Ben je aangemeld voor onze beveiligingslijst? Blijf op de hoogte om je instantie veilig te houden!",
+        "security_list_tip_link": "Meld je hier aan.",
        "share_invite_link": "Deel de uitnodigingslink",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Deel deze link om uw organisatielid lid te laten worden van uw organisatie:",
        "test_email_sent_successfully": "Test-e-mail succesvol verzonden",
@@ -1176,6 +1182,9 @@
        "assign": "Toewijzen =",
        "audience": "Publiek",
        "auto_close_on_inactivity": "Automatisch sluiten bij inactiviteit",
+        "auto_save_disabled": "Automatisch opslaan uitgeschakeld",
+        "auto_save_disabled_tooltip": "Uw enquête wordt alleen automatisch opgeslagen wanneer deze een concept is. Dit zorgt ervoor dat openbare enquêtes niet onbedoeld worden bijgewerkt.",
+        "auto_save_on": "Automatisch opslaan aan",
        "automatically_close_survey_after": "Sluit de enquête daarna automatisch af",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Sluit de enquête automatisch af na een bepaald aantal reacties.",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Sluit de enquête automatisch af als de gebruiker na een bepaald aantal seconden niet reageert.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Gelieve te specificeren",
        "prevent_double_submission": "Voorkom dubbele indiening",
        "prevent_double_submission_description": "Er is slechts 1 reactie per e-mailadres toegestaan",
+        "progress_saved": "Voortgang opgeslagen",
        "protect_survey_with_pin": "Beveilig onderzoek met een pincode",
        "protect_survey_with_pin_description": "Alleen gebruikers die de pincode hebben, hebben toegang tot de enquête.",
        "publish": "Publiceren",
--- a/apps/web/locales/pt-BR.json
+++ b/apps/web/locales/pt-BR.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "mistura de maiúsculas e minúsculas",
      "please_verify_captcha": "Por favor, verifique o reCAPTCHA",
      "privacy_policy": "Política de Privacidade",
+      "product_updates_description": "Novidades mensais do produto e atualizações de recursos, a Política de Privacidade se aplica.",
+      "product_updates_title": "Atualizações do produto",
+      "security_updates_description": "Apenas informações relevantes sobre segurança, a Política de Privacidade se aplica.",
+      "security_updates_title": "Atualizações de segurança",
      "terms_of_service": "Termos de Serviço",
      "title": "Crie sua conta no Formbricks"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Remover logo",
        "replace_logo": "Substituir logo",
        "resend_invitation_email": "Reenviar E-mail de Convite",
+        "security_list_tip": "Você está inscrito na nossa Lista de Segurança? Mantenha-se informado para manter sua instância segura!",
+        "security_list_tip_link": "Cadastre-se aqui.",
        "share_invite_link": "Compartilhar Link de Convite",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Compartilhe esse link para que o membro da sua organização possa entrar na sua organização:",
        "test_email_sent_successfully": "E-mail de teste enviado com sucesso",
@@ -1176,6 +1182,9 @@
        "assign": "atribuir =",
        "audience": "Público",
        "auto_close_on_inactivity": "Fechar automaticamente por inatividade",
+        "auto_save_disabled": "Salvamento automático desativado",
+        "auto_save_disabled_tooltip": "Sua pesquisa só é salva automaticamente quando está em rascunho. Isso garante que pesquisas públicas não sejam atualizadas involuntariamente.",
+        "auto_save_on": "Salvamento automático ativado",
        "automatically_close_survey_after": "Fechar pesquisa automaticamente após",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Fechar automaticamente a pesquisa depois de um certo número de respostas.",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Feche automaticamente a pesquisa se o usuário não responder depois de alguns segundos.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Por favor, especifique",
        "prevent_double_submission": "Evitar envio duplicado",
        "prevent_double_submission_description": "Permitir apenas 1 resposta por endereço de email",
+        "progress_saved": "Progresso salvo",
        "protect_survey_with_pin": "Proteger pesquisa com um PIN",
        "protect_survey_with_pin_description": "Somente usuários que têm o PIN podem acessar a pesquisa.",
        "publish": "Publicar",
--- a/apps/web/locales/pt-PT.json
+++ b/apps/web/locales/pt-PT.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "Mistura de maiúsculas e minúsculas",
      "please_verify_captcha": "Por favor, verifique o reCAPTCHA",
      "privacy_policy": "Política de Privacidade",
+      "product_updates_description": "Notícias mensais sobre o produto e atualizações de funcionalidades, aplica-se a Política de Privacidade.",
+      "product_updates_title": "Atualizações do produto",
+      "security_updates_description": "Apenas informações relevantes sobre segurança, aplica-se a Política de Privacidade.",
+      "security_updates_title": "Atualizações de segurança",
      "terms_of_service": "Termos de Serviço",
      "title": "Crie a sua conta Formbricks"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Remover logótipo",
        "replace_logo": "Substituir logotipo",
        "resend_invitation_email": "Reenviar Email de Convite",
+        "security_list_tip": "Está inscrito na nossa Lista de Segurança? Mantenha-se informado para manter a sua instância segura!",
+        "security_list_tip_link": "Inscreva-se aqui.",
        "share_invite_link": "Partilhar Link de Convite",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Partilhe este link para permitir que o membro da sua organização se junte à sua organização:",
        "test_email_sent_successfully": "Email de teste enviado com sucesso",
@@ -1176,6 +1182,9 @@
        "assign": "Atribuir =",
        "audience": "Público",
        "auto_close_on_inactivity": "Fechar automaticamente por inatividade",
+        "auto_save_disabled": "Guardar automático desativado",
+        "auto_save_disabled_tooltip": "O seu inquérito só é guardado automaticamente quando está em rascunho. Isto garante que os inquéritos públicos não sejam atualizados involuntariamente.",
+        "auto_save_on": "Guardar automático ativado",
        "automatically_close_survey_after": "Fechar automaticamente o inquérito após",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Fechar automaticamente o inquérito após um certo número de respostas",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Fechar automaticamente o inquérito se o utilizador não responder após um certo número de segundos.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Por favor, especifique",
        "prevent_double_submission": "Impedir submissão dupla",
        "prevent_double_submission_description": "Permitir apenas 1 resposta por endereço de email",
+        "progress_saved": "Progresso guardado",
        "protect_survey_with_pin": "Proteger inquérito com um PIN",
        "protect_survey_with_pin_description": "Apenas utilizadores com o PIN podem aceder ao inquérito.",
        "publish": "Publicar",
--- a/apps/web/locales/ro-RO.json
+++ b/apps/web/locales/ro-RO.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "Amestec de majuscule și minuscule",
      "please_verify_captcha": "Vă rugăm să verificați CAPTCHA",
      "privacy_policy": "Politica de confidențialitate",
+      "product_updates_description": "Noutăți lunare despre produse și actualizări de funcționalități; se aplică Politica de confidențialitate.",
+      "product_updates_title": "Actualizări de produs",
+      "security_updates_description": "Doar informații relevante pentru securitate; se aplică Politica de confidențialitate.",
+      "security_updates_title": "Actualizări de securitate",
      "terms_of_service": "Termeni de utilizare a serviciului",
      "title": "Creați-vă contul Formbricks"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Înlătură siglă",
        "replace_logo": "Înlocuiește sigla",
        "resend_invitation_email": "Retrimite emailul de invitație",
+        "security_list_tip": "Ești abonat la lista noastră de securitate? Rămâi informat pentru a-ți menține instanța în siguranță!",
+        "security_list_tip_link": "Înscrie-te aici.",
        "share_invite_link": "Distribuie link-ul de invitație",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Distribuie acest link pentru a permite membrului organizației să se alăture organizației tale:",
        "test_email_sent_successfully": "Email de test trimis cu succes",
@@ -1176,6 +1182,9 @@
        "assign": "Atribuire =",
        "audience": "Public",
        "auto_close_on_inactivity": "Închidere automată la inactivitate",
+        "auto_save_disabled": "Salvare automată dezactivată",
+        "auto_save_disabled_tooltip": "Chestionarul dvs. este salvat automat doar când este în ciornă. Acest lucru asigură că sondajele publice nu sunt actualizate neintenționat.",
+        "auto_save_on": "Salvare automată activată",
        "automatically_close_survey_after": "Închideți automat sondajul după",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Închideți automat sondajul după un număr anumit de răspunsuri.",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Închideți automat sondajul dacă utilizatorul nu răspunde după un anumit număr de secunde.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Vă rugăm să specificați",
        "prevent_double_submission": "Prevenire trimitere dublă",
        "prevent_double_submission_description": "Permite doar 1 răspuns per adresă de email.",
+        "progress_saved": "Progres salvat",
        "protect_survey_with_pin": "Protejați sondajul cu un PIN",
        "protect_survey_with_pin_description": "Doar utilizatorii care cunosc PIN-ul pot accesa sondajul.",
        "publish": "Publică",
--- a/apps/web/locales/ru-RU.json
+++ b/apps/web/locales/ru-RU.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "Сочетание заглавных и строчных букв",
      "please_verify_captcha": "Пожалуйста, подтвердите reCAPTCHA",
      "privacy_policy": "Политика конфиденциальности",
+      "product_updates_description": "Ежемесячные новости о продукте и обновления функций. Применяется Политика конфиденциальности.",
+      "product_updates_title": "Обновления продукта",
+      "security_updates_description": "Только важная информация по безопасности. Применяется Политика конфиденциальности.",
+      "security_updates_title": "Обновления безопасности",
      "terms_of_service": "Условия использования",
      "title": "Создайте аккаунт Formbricks"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Удалить логотип",
        "replace_logo": "Заменить логотип",
        "resend_invitation_email": "Отправить приглашение повторно",
+        "security_list_tip": "Вы подписаны на нашу рассылку по безопасности? Будьте в курсе, чтобы обезопасить свой экземпляр!",
+        "security_list_tip_link": "Зарегистрируйтесь здесь.",
        "share_invite_link": "Поделиться ссылкой-приглашением",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Поделитесь этой ссылкой, чтобы участник вашей организации мог присоединиться к ней:",
        "test_email_sent_successfully": "Тестовое письмо успешно отправлено",
@@ -1176,6 +1182,9 @@
        "assign": "Назначить =",
        "audience": "Аудитория",
        "auto_close_on_inactivity": "Автоматически закрывать при бездействии",
+        "auto_save_disabled": "Автосохранение отключено",
+        "auto_save_disabled_tooltip": "Ваш опрос автоматически сохраняется только в режиме черновика. Это гарантирует, что публичные опросы не будут случайно обновлены.",
+        "auto_save_on": "Автосохранение включено",
        "automatically_close_survey_after": "Автоматически закрыть опрос через",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Автоматически закрывать опрос после определённого количества ответов.",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Автоматически закрывать опрос, если пользователь не ответил за определённое количество секунд.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Пожалуйста, уточните",
        "prevent_double_submission": "Предотвратить повторную отправку",
        "prevent_double_submission_description": "Разрешить только 1 ответ на один адрес электронной почты",
+        "progress_saved": "Прогресс сохранён",
        "protect_survey_with_pin": "Защитить опрос с помощью PIN-кода",
        "protect_survey_with_pin_description": "Только пользователи, у которых есть PIN-код, могут получить доступ к опросу.",
        "publish": "Опубликовать",
--- a/apps/web/locales/sv-SE.json
+++ b/apps/web/locales/sv-SE.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "Blandning av stora och små bokstäver",
      "please_verify_captcha": "Vänligen verifiera reCAPTCHA",
      "privacy_policy": "Integritetspolicy",
+      "product_updates_description": "Månatliga produktnyheter och funktionsuppdateringar. Integritetspolicyn gäller.",
+      "product_updates_title": "Produktuppdateringar",
+      "security_updates_description": "Endast säkerhetsrelaterad information. Integritetspolicyn gäller.",
+      "security_updates_title": "Säkerhetsuppdateringar",
      "terms_of_service": "Användarvillkor",
      "title": "Skapa ditt Formbricks-konto"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "Ta bort logotyp",
        "replace_logo": "Ersätt logotyp",
        "resend_invitation_email": "Skicka inbjudningsmejl igen",
+        "security_list_tip": "Är du med på vår säkerhetslista? Håll dig informerad för att skydda din instans!",
+        "security_list_tip_link": "Registrera dig här.",
        "share_invite_link": "Dela inbjudningslänk",
        "share_this_link_to_let_your_organization_member_join_your_organization": "Dela denna länk för att låta din organisationsmedlem gå med i din organisation:",
        "test_email_sent_successfully": "Test-e-post skickat",
@@ -1176,6 +1182,9 @@
        "assign": "Tilldela =",
        "audience": "Målgrupp",
        "auto_close_on_inactivity": "Stäng automatiskt vid inaktivitet",
+        "auto_save_disabled": "Automatisk sparning inaktiverad",
+        "auto_save_disabled_tooltip": "Din enkät sparas endast automatiskt när den är ett utkast. Detta säkerställer att publika enkäter inte uppdateras oavsiktligt.",
+        "auto_save_on": "Automatisk sparning på",
        "automatically_close_survey_after": "Stäng enkäten automatiskt efter",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "Stäng enkäten automatiskt efter ett visst antal svar.",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "Stäng enkäten automatiskt om användaren inte svarar efter ett visst antal sekunder.",
@@ -1457,6 +1466,7 @@
        "please_specify": "Vänligen specificera",
        "prevent_double_submission": "Förhindra dubbelinskickning",
        "prevent_double_submission_description": "Tillåt endast 1 svar per e-postadress",
+        "progress_saved": "Framsteg sparade",
        "protect_survey_with_pin": "Skydda enkäten med en PIN",
        "protect_survey_with_pin_description": "Endast användare som har PIN-koden kan komma åt enkäten.",
        "publish": "Publicera",
--- a/apps/web/locales/zh-Hans-CN.json
+++ b/apps/web/locales/zh-Hans-CN.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "大小写混合",
      "please_verify_captcha": "请 验证 reCAPTCHA",
      "privacy_policy": "隐私政策",
+      "product_updates_description": "每月产品新闻和功能更新，适用隐私政策。",
+      "product_updates_title": "产品更新",
+      "security_updates_description": "仅限安全相关信息，适用隐私政策。",
+      "security_updates_title": "安全更新",
      "terms_of_service": "服务条款",
      "title": "创建你的 Formbricks 账户"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "移除 logo",
        "replace_logo": "替换 logo",
        "resend_invitation_email": "重新发送邀请邮件",
+        "security_list_tip": "您已订阅我们的安全列表了吗？保持关注，保障您的实例安全！",
+        "security_list_tip_link": "点击此处注册。",
        "share_invite_link": "分享邀请链接",
        "share_this_link_to_let_your_organization_member_join_your_organization": "分享 这个 链接 以 让 你的 组织 成员 加入 你的 组织：",
        "test_email_sent_successfully": "测试 邮件 发送 成功",
@@ -1176,6 +1182,9 @@
        "assign": "指派 =",
        "audience": "受众",
        "auto_close_on_inactivity": "自动关闭 在 无活动时",
+        "auto_save_disabled": "自动保存已禁用",
+        "auto_save_disabled_tooltip": "您的调查仅在草稿状态时自动保存。这确保公开的调查不会被意外更新。",
+        "auto_save_on": "自动保存已启用",
        "automatically_close_survey_after": "自动 关闭 调查 后",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "自动 关闭 调查 在 达到 一定数量 的 回应 后",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "用户未在一定秒数内应答时 自动关闭 问卷",
@@ -1457,6 +1466,7 @@
        "please_specify": "请 指定",
        "prevent_double_submission": "防止 重复 提交",
        "prevent_double_submission_description": "只允许每个 email 地址提供 1 个回复",
+        "progress_saved": "进度已保存",
        "protect_survey_with_pin": "使用 PIN 保护 调查",
        "protect_survey_with_pin_description": "只有 拥有 PIN 的 用户 可以 访问 调查。",
        "publish": "发布",
--- a/apps/web/locales/zh-Hant-TW.json
+++ b/apps/web/locales/zh-Hant-TW.json
@@ -75,6 +75,10 @@
      "password_validation_uppercase_and_lowercase": "混合使用大小寫字母",
      "please_verify_captcha": "請驗證 reCAPTCHA",
      "privacy_policy": "隱私權政策",
+      "product_updates_description": "每月產品新聞與功能更新，適用隱私權政策。",
+      "product_updates_title": "產品更新",
+      "security_updates_description": "僅限安全相關資訊，適用隱私權政策。",
+      "security_updates_title": "安全更新",
      "terms_of_service": "服務條款",
      "title": "建立您的 Formbricks 帳戶"
    },
@@ -1015,6 +1019,8 @@
        "remove_logo": "移除標誌",
        "replace_logo": "取代標誌",
        "resend_invitation_email": "重新發送邀請電子郵件",
+        "security_list_tip": "您已訂閱我們的安全名單了嗎？保持關注，確保您的實例安全！",
+        "security_list_tip_link": "請在此註冊。",
        "share_invite_link": "分享邀請連結",
        "share_this_link_to_let_your_organization_member_join_your_organization": "分享此連結以讓您的組織成員加入您的組織：",
        "test_email_sent_successfully": "測試電子郵件已成功發送",
@@ -1176,6 +1182,9 @@
        "assign": "等於 =",
        "audience": "受眾",
        "auto_close_on_inactivity": "非活動時自動關閉",
+        "auto_save_disabled": "自動儲存已停用",
+        "auto_save_disabled_tooltip": "您的問卷僅在草稿狀態時自動儲存。這確保公開的問卷不會被意外更新。",
+        "auto_save_on": "自動儲存已啟用",
        "automatically_close_survey_after": "在指定時間自動關閉問卷",
        "automatically_close_the_survey_after_a_certain_number_of_responses": "在收到一定數量的回覆後自動關閉問卷。",
        "automatically_close_the_survey_if_the_user_does_not_respond_after_certain_number_of_seconds": "如果用戶在特定秒數後未回應，則自動關閉問卷。",
@@ -1457,6 +1466,7 @@
        "please_specify": "請指定",
        "prevent_double_submission": "防止重複提交",
        "prevent_double_submission_description": "每個電子郵件地址僅允許 1 個回應",
+        "progress_saved": "進度已儲存",
        "protect_survey_with_pin": "使用 PIN 碼保護問卷",
        "protect_survey_with_pin_description": "只有擁有 PIN 碼的使用者才能存取問卷。",
        "publish": "發布",
--- a/apps/web/modules/analysis/components/ShareSurveyLink/components/LanguageDropdown.tsx
+++ b/apps/web/modules/analysis/components/ShareSurveyLink/components/LanguageDropdown.tsx
@@ -1,11 +1,15 @@
 import { Languages } from "lucide-react";
-import { useRef, useState } from "react";
 import { getLanguageLabel } from "@formbricks/i18n-utils/src/utils";
 import { TSurvey } from "@formbricks/types/surveys/types";
 import { TUserLocale } from "@formbricks/types/user";
 import { getEnabledLanguages } from "@/lib/i18n/utils";
-import { useClickOutside } from "@/lib/utils/hooks/useClickOutside";
 import { Button } from "@/modules/ui/components/button";
+import {
+  DropdownMenu,
+  DropdownMenuContent,
+  DropdownMenuItem,
+  DropdownMenuTrigger,
+} from "@/modules/ui/components/dropdown-menu";

 interface LanguageDropdownProps {
  survey: TSurvey;
@@ -14,38 +18,31 @@ interface LanguageDropdownProps {
 }

 export const LanguageDropdown = ({ survey, setLanguage, locale }: LanguageDropdownProps) => {
-  const [showLanguageSelect, setShowLanguageSelect] = useState(false);
-  const containerRef = useRef(null);
  const enabledLanguages = getEnabledLanguages(survey.languages ?? []);

-  useClickOutside(containerRef, () => setShowLanguageSelect(false));
+  if (enabledLanguages.length <= 1) {
+    return null;
+  }

  return (
-    enabledLanguages.length > 1 && (
-      <div className="relative" ref={containerRef}>
-        {showLanguageSelect && (
-          <div className="absolute top-12 z-30 max-h-64 max-w-48 overflow-auto rounded-lg border bg-slate-900 p-1 text-sm text-white">
-            {enabledLanguages.map((surveyLanguage) => (
-              <button
-                key={surveyLanguage.language.code}
-                className="w-full truncate rounded-md p-2 text-start hover:cursor-pointer hover:bg-slate-700"
-                onClick={() => {
-                  setLanguage(surveyLanguage.language.code);
-                  setShowLanguageSelect(false);
-                }}>
-                {getLanguageLabel(surveyLanguage.language.code, locale)}
-              </button>
-            ))}
-          </div>
-        )}
-        <Button
-          variant="secondary"
-          title="Select Language"
-          aria-label="Select Language"
-          onClick={() => setShowLanguageSelect(!showLanguageSelect)}>
+    <DropdownMenu>
+      <DropdownMenuTrigger asChild>
+        <Button variant="secondary" title="Select Language" aria-label="Select Language">
          <Languages className="h-5 w-5" />
        </Button>
-      </div>
-    )
+      </DropdownMenuTrigger>
+      <DropdownMenuContent
+        className="max-h-64 max-w-48 overflow-auto bg-slate-900 p-1 text-sm text-white"
+        align="start">
+        {enabledLanguages.map((surveyLanguage) => (
+          <DropdownMenuItem
+            key={surveyLanguage.language.code}
+            className="w-full truncate rounded-md p-2 text-start text-white hover:cursor-pointer hover:bg-slate-700 focus:bg-slate-700"
+            onSelect={() => setLanguage(surveyLanguage.language.code)}>
+            {getLanguageLabel(surveyLanguage.language.code, locale)}
+          </DropdownMenuItem>
+        ))}
+      </DropdownMenuContent>
+    </DropdownMenu>
  );
 };
--- a/apps/web/modules/api/v2/management/lib/utils.test.ts
+++ b/apps/web/modules/api/v2/management/lib/utils.test.ts
@@ -1,10 +1,10 @@
 import { Prisma } from "@prisma/client";
-import { describe, expect, it } from "vitest";
+import { describe, expect, test } from "vitest";
 import { buildCommonFilterQuery } from "./utils";

 describe("buildCommonFilterQuery", () => {
  // Test for line 32: spread existing date filter when adding startDate
-  it("should preserve existing date filter when adding startDate", () => {
+  test("should preserve existing date filter when adding startDate", () => {
    const query: Prisma.ResponseFindManyArgs = {
      where: {
        createdAt: {
@@ -23,7 +23,7 @@ describe("buildCommonFilterQuery", () => {
  });

  // Test for line 45: spread existing date filter when adding endDate
-  it("should preserve existing date filter when adding endDate", () => {
+  test("should preserve existing date filter when adding endDate", () => {
    const query: Prisma.ResponseFindManyArgs = {
      where: {
        createdAt: {
--- a/apps/web/modules/api/v2/management/responses/lib/expand.ts
+++ b/apps/web/modules/api/v2/management/responses/lib/expand.ts
@@ -0,0 +1,176 @@
+import { z } from "zod";
+import { TResponseData, TResponseDataValue } from "@formbricks/types/responses";
+import { TSurveyElement } from "@formbricks/types/surveys/elements";
+import { TSurvey } from "@formbricks/types/surveys/types";
+import { getLocalizedValue } from "@/lib/i18n/utils";
+import { getElementsFromBlocks } from "@/modules/survey/lib/client-utils";
+
+// Supported expansion keys
+export const ZResponseExpand = z.enum(["choiceIds", "questionHeadlines"]);
+
+export type TResponseExpand = z.infer<typeof ZResponseExpand>;
+
+// Schema for the expand query parameter (comma-separated list)
+export const ZExpandParam = z
+  .string()
+  .optional()
+  .transform((val) => {
+    if (!val) return [];
+    return val.split(",").map((s) => s.trim());
+  })
+  .pipe(z.array(ZResponseExpand));
+
+export type TExpandParam = z.infer<typeof ZExpandParam>;
+
+// Expanded response data structure for a single answer
+export type TExpandedValue = {
+  value: TResponseDataValue;
+  choiceIds?: string[];
+};
+
+// Expanded response data structure
+export type TExpandedResponseData = {
+  [questionId: string]: TExpandedValue;
+};
+
+// Additional expansions that are added as separate fields
+export type TResponseExpansions = {
+  questionHeadlines?: Record<string, string>;
+};
+
+// Choice element types that support choiceIds expansion
+const CHOICE_ELEMENT_TYPES = ["multipleChoiceMulti", "multipleChoiceSingle", "ranking", "pictureSelection"];
+
+/**
+ * Check if an element type supports choice ID expansion
+ */
+export const isChoiceElement = (element: TSurveyElement): boolean => {
+  return CHOICE_ELEMENT_TYPES.includes(element.type);
+};
+
+/**
+ * Type guard to check if element has choices property
+ */
+const hasChoices = (
+  element: TSurveyElement
+): element is TSurveyElement & { choices: Array<{ id: string; label: Record<string, string> }> } => {
+  return "choices" in element && Array.isArray(element.choices);
+};
+
+/**
+ * Type guard to check if element has headline property
+ */
+const hasHeadline = (
+  element: TSurveyElement
+): element is TSurveyElement & { headline: Record<string, string> } => {
+  return "headline" in element && typeof element.headline === "object";
+};
+
+/**
+ * Extracts choice IDs from a response value for choice-based questions
+ * @param responseValue - The response value (string for single choice, array for multi choice)
+ * @param element - The survey element containing choices
+ * @param language - The language to match against (defaults to "default")
+ * @returns Array of choice IDs
+ */
+export const extractChoiceIdsFromResponse = (
+  responseValue: TResponseDataValue,
+  element: TSurveyElement,
+  language: string = "default"
+): string[] => {
+  if (!isChoiceElement(element) || !responseValue) {
+    return [];
+  }
+
+  // Picture selection already stores IDs directly
+  if (element.type === "pictureSelection") {
+    if (Array.isArray(responseValue)) {
+      return responseValue.filter((id): id is string => typeof id === "string");
+    }
+    return typeof responseValue === "string" ? [responseValue] : [];
+  }
+
+  // For other choice types, we need to map labels to IDs
+  if (!hasChoices(element)) {
+    return [];
+  }
+
+  const findChoiceByLabel = (label: string): string => {
+    const choice = element.choices.find((c) => {
+      // Try exact language match first
+      if (c.label[language] === label) {
+        return true;
+      }
+      // Fall back to checking all language values
+      return Object.values(c.label).includes(label);
+    });
+    return choice?.id ?? "other";
+  };
+
+  if (Array.isArray(responseValue)) {
+    return responseValue.filter((v): v is string => typeof v === "string" && v !== "").map(findChoiceByLabel);
+  }
+
+  if (typeof responseValue === "string") {
+    return [findChoiceByLabel(responseValue)];
+  }
+
+  return [];
+};
+
+/**
+ * Expand response data with choice IDs
+ * @param data - The response data object
+ * @param survey - The survey definition
+ * @param language - The language code for label matching
+ * @returns Expanded response data with choice IDs
+ */
+export const expandWithChoiceIds = (
+  data: TResponseData,
+  survey: TSurvey,
+  language: string = "default"
+): TExpandedResponseData => {
+  const elements = getElementsFromBlocks(survey.blocks);
+  const expandedData: TExpandedResponseData = {};
+
+  for (const [questionId, value] of Object.entries(data)) {
+    const element = elements.find((e) => e.id === questionId);
+
+    if (element && isChoiceElement(element)) {
+      const choiceIds = extractChoiceIdsFromResponse(value, element, language);
+      expandedData[questionId] = {
+        value,
+        ...(choiceIds.length > 0 && { choiceIds }),
+      };
+    } else {
+      expandedData[questionId] = { value };
+    }
+  }
+
+  return expandedData;
+};
+
+/**
+ * Generate question headlines map
+ * @param data - The response data object
+ * @param survey - The survey definition
+ * @param language - The language code for localization
+ * @returns Record mapping question IDs to their headlines
+ */
+export const getQuestionHeadlines = (
+  data: TResponseData,
+  survey: TSurvey,
+  language: string = "default"
+): Record<string, string> => {
+  const elements = getElementsFromBlocks(survey.blocks);
+  const headlines: Record<string, string> = {};
+
+  for (const questionId of Object.keys(data)) {
+    const element = elements.find((e) => e.id === questionId);
+    if (element && hasHeadline(element)) {
+      headlines[questionId] = getLocalizedValue(element.headline, language);
+    }
+  }
+
+  return headlines;
+};
--- a/apps/web/modules/api/v2/management/responses/lib/openapi.ts
+++ b/apps/web/modules/api/v2/management/responses/lib/openapi.ts
@@ -11,7 +11,8 @@ import { makePartialSchema, responseWithMetaSchema } from "@/modules/api/v2/type
 export const getResponsesEndpoint: ZodOpenApiOperationObject = {
  operationId: "getResponses",
  summary: "Get responses",
-  description: "Gets responses from the database.",
+  description:
+    "Gets responses from the database. Use the `expand` parameter to enrich response data with additional information like choice IDs (for language-agnostic processing) or question headlines.",
  requestParams: {
    query: ZGetResponsesFilter.sourceType(),
  },
--- a/apps/web/modules/api/v2/management/responses/lib/tests/mocks/response.mock.ts
+++ b/apps/web/modules/api/v2/management/responses/lib/tests/mocks/response.mock.ts
@@ -93,4 +93,5 @@ export const responseFilter: TGetResponsesFilter = {
  skip: 0,
  sortBy: "createdAt",
  order: "asc",
+  expand: [],
 };
--- a/apps/web/modules/api/v2/management/responses/lib/transform.ts
+++ b/apps/web/modules/api/v2/management/responses/lib/transform.ts
@@ -0,0 +1,91 @@
+import { Response } from "@prisma/client";
+import { TResponseData } from "@formbricks/types/responses";
+import { TSurvey } from "@formbricks/types/surveys/types";
+import {
+  TExpandParam,
+  TExpandedResponseData,
+  TResponseExpansions,
+  expandWithChoiceIds,
+  getQuestionHeadlines,
+} from "./expand";
+
+export type TTransformedResponse = Omit<Response, "data"> & {
+  data: TResponseData | TExpandedResponseData;
+  expansions?: TResponseExpansions;
+};
+
+/**
+ * Transform a response based on requested expansions
+ * @param response - The raw response from the database
+ * @param survey - The survey definition
+ * @param expand - Array of expansion keys to apply
+ * @returns Transformed response with requested expansions
+ */
+export const transformResponse = (
+  response: Response,
+  survey: TSurvey,
+  expand: TExpandParam
+): TTransformedResponse => {
+  const language = response.language ?? "default";
+  const data = response.data as TResponseData;
+
+  let transformedData: TResponseData | TExpandedResponseData = data;
+  const expansions: TResponseExpansions = {};
+
+  // Apply choiceIds expansion
+  if (expand.includes("choiceIds")) {
+    transformedData = expandWithChoiceIds(data, survey, language);
+  }
+
+  // Apply questionHeadlines expansion
+  if (expand.includes("questionHeadlines")) {
+    expansions.questionHeadlines = getQuestionHeadlines(data, survey, language);
+  }
+
+  return {
+    ...response,
+    data: transformedData,
+    ...(Object.keys(expansions).length > 0 && { expansions }),
+  };
+};
+
+/**
+ * Transform multiple responses with caching of survey lookups
+ * @param responses - Array of raw responses from the database
+ * @param expand - Array of expansion keys to apply
+ * @param getSurvey - Function to fetch survey by ID
+ * @returns Array of transformed responses
+ */
+export const transformResponses = async (
+  responses: Response[],
+  expand: TExpandParam,
+  getSurvey: (surveyId: string) => Promise<TSurvey | null>
+): Promise<TTransformedResponse[]> => {
+  if (expand.length === 0) {
+    // No expansion requested, return as-is
+    return responses as TTransformedResponse[];
+  }
+
+  // Cache surveys to avoid duplicate lookups
+  const surveyCache = new Map<string, TSurvey | null>();
+
+  const transformed = await Promise.all(
+    responses.map(async (response) => {
+      let survey = surveyCache.get(response.surveyId);
+
+      if (survey === undefined) {
+        survey = await getSurvey(response.surveyId);
+        surveyCache.set(response.surveyId, survey);
+      }
+
+      if (!survey) {
+        // Survey not found, return response unchanged
+        return response as TTransformedResponse;
+      }
+
+      return transformResponse(response, survey, expand);
+    })
+  );
+
+  return transformed;
+};
--- a/apps/web/modules/api/v2/management/responses/route.ts
+++ b/apps/web/modules/api/v2/management/responses/route.ts
@@ -1,6 +1,6 @@
-import { Response } from "@prisma/client";
 import { NextRequest } from "next/server";
 import { sendToPipeline } from "@/app/lib/pipelines";
+import { getSurvey } from "@/lib/survey/service";
 import { authenticatedApiClient } from "@/modules/api/v2/auth/authenticated-api-client";
 import { validateOtherOptionLengthForMultipleChoice } from "@/modules/api/v2/lib/element";
 import { responses } from "@/modules/api/v2/lib/response";
@@ -13,6 +13,7 @@ import { ApiErrorResponseV2 } from "@/modules/api/v2/types/api-error";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
 import { validateFileUploads } from "@/modules/storage/utils";
 import { createResponseWithQuotaEvaluation, getResponses } from "./lib/response";
+import { transformResponses } from "./lib/transform";

 export const GET = async (request: NextRequest) =>
  authenticatedApiClient({
@@ -34,16 +35,17 @@ export const GET = async (request: NextRequest) =>
        (permission) => permission.environmentId
      );

-      const environmentResponses: Response[] = [];
      const res = await getResponses(environmentIds, query);

      if (!res.ok) {
        return handleApiError(request, res.error);
      }

-      environmentResponses.push(...res.data.data);
+      // Transform responses if expansion is requested
+      const expand = query.expand ?? [];
+      const transformedResponses = await transformResponses(res.data.data, expand, getSurvey);

-      return responses.successResponse({ data: environmentResponses });
+      return responses.successResponse({ data: transformedResponses, meta: res.data.meta });
    },
  });

--- a/apps/web/modules/api/v2/management/responses/types/responses.ts
+++ b/apps/web/modules/api/v2/management/responses/types/responses.ts
@@ -1,10 +1,12 @@
 import { z } from "zod";
 import { ZResponse } from "@formbricks/database/zod/responses";
+import { ZExpandParam } from "@/modules/api/v2/management/responses/lib/expand";
 import { ZGetFilter } from "@/modules/api/v2/types/api-filter";

 export const ZGetResponsesFilter = ZGetFilter.extend({
  surveyId: z.string().cuid2().optional(),
  contactId: z.string().optional(),
+  expand: ZExpandParam,
 }).refine(
  (data) => {
    if (data.startDate && data.endDate && data.startDate > data.endDate) {
--- a/apps/web/modules/auth/signup/actions.ts
+++ b/apps/web/modules/auth/signup/actions.ts
@@ -18,6 +18,7 @@ import { applyIPRateLimit } from "@/modules/core/rate-limit/helpers";
 import { rateLimitConfigs } from "@/modules/core/rate-limit/rate-limit-configs";
 import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { getIsMultiOrgEnabled } from "@/modules/ee/license-check/lib/utils";
+import { subscribeUserToMailingList } from "@/modules/ee/mailing/lib/mailing-subscription";
 import { sendInviteAcceptedEmail, sendVerificationEmail } from "@/modules/email";

 const ZCreatedUser = ZUser.pick({
@@ -44,6 +45,9 @@ const ZCreateUserAction = z.object({
      (token) => !IS_TURNSTILE_CONFIGURED || (IS_TURNSTILE_CONFIGURED && token),
      "CAPTCHA verification required"
    ),
+  isFormbricksCloud: z.boolean(),
+  subscribeToSecurityUpdates: z.boolean().optional(),
+  subscribeToProductUpdates: z.boolean().optional(),
 });

 async function verifyTurnstileIfConfigured(turnstileToken: string | undefined): Promise<void> {
@@ -191,6 +195,13 @@ export const createUserAction = actionClient.schema(ZCreateUserAction).action(
          parsedInput.inviteToken,
          parsedInput.emailVerificationDisabled
        );
+
+        await subscribeUserToMailingList({
+          email: user.email,
+          isFormbricksCloud: parsedInput.isFormbricksCloud,
+          subscribeToSecurityUpdates: parsedInput.subscribeToSecurityUpdates,
+          subscribeToProductUpdates: parsedInput.subscribeToProductUpdates,
+        });
      }

      if (user) {
--- a/apps/web/modules/auth/signup/components/signup-form.tsx
+++ b/apps/web/modules/auth/signup/components/signup-form.tsx
@@ -15,6 +15,7 @@ import { createUserAction } from "@/modules/auth/signup/actions";
 import { TermsPrivacyLinks } from "@/modules/auth/signup/components/terms-privacy-links";
 import { SSOOptions } from "@/modules/ee/sso/components/sso-options";
 import { Button } from "@/modules/ui/components/button";
+import { Checkbox } from "@/modules/ui/components/checkbox";
 import { FormControl, FormError, FormField, FormItem } from "@/modules/ui/components/form";
 import { Input } from "@/modules/ui/components/input";
 import { PasswordInput } from "@/modules/ui/components/password-input";
@@ -48,6 +49,7 @@ interface SignupFormProps {
  samlTenant: string;
  samlProduct: string;
  turnstileSiteKey?: string;
+  isFormbricksCloud: boolean;
 }

 export const SignupForm = ({
@@ -69,6 +71,7 @@ export const SignupForm = ({
  samlTenant,
  samlProduct,
  turnstileSiteKey,
+  isFormbricksCloud,
 }: SignupFormProps) => {
  const [showLogin, setShowLogin] = useState(false);
  const searchParams = useSearchParams();
@@ -76,6 +79,8 @@ export const SignupForm = ({
  const inviteToken = searchParams?.get("inviteToken");
  const router = useRouter();
  const [turnstileToken, setTurnstileToken] = useState<string>();
+  const [subscribeToSecurityUpdates, setSubscribeToSecurityUpdates] = useState(false);
+  const [subscribeToProductUpdates, setSubscribeToProductUpdates] = useState(false);

  const turnstile = useTurnstile();

@@ -110,6 +115,9 @@ export const SignupForm = ({
        inviteToken: inviteToken ?? "",
        emailVerificationDisabled,
        turnstileToken,
+        isFormbricksCloud,
+        subscribeToSecurityUpdates,
+        subscribeToProductUpdates,
      });

      const emailTokenActionResponse = await createEmailTokenAction({ email: data.email });
@@ -239,6 +247,43 @@ export const SignupForm = ({
              />
            )}

+            {showLogin &&
+              (isFormbricksCloud ? (
+                <label
+                  htmlFor="product-updates"
+                  className="my-4 flex cursor-pointer space-x-2 rounded-md border border-slate-200 bg-slate-100 p-2 text-left">
+                  <Checkbox
+                    id="product-updates"
+                    checked={subscribeToProductUpdates}
+                    onCheckedChange={(checked) => setSubscribeToProductUpdates(checked === true)}
+                    className="mt-0.5 h-4 w-4"
+                  />
+                  <div>
+                    <span className="text-sm font-medium text-slate-700">
+                      {t("auth.signup.product_updates_title")}
+                    </span>
+                    <p className="text-xs text-slate-500">{t("auth.signup.product_updates_description")}</p>
+                  </div>
+                </label>
+              ) : (
+                <label
+                  htmlFor="security-updates"
+                  className="my-4 flex cursor-pointer space-x-2 rounded-md border border-slate-200 bg-slate-100 p-2 text-left">
+                  <Checkbox
+                    id="security-updates"
+                    checked={subscribeToSecurityUpdates}
+                    onCheckedChange={(checked) => setSubscribeToSecurityUpdates(checked === true)}
+                    className="mt-0.5 h-4 w-4"
+                  />
+                  <div>
+                    <span className="text-sm font-medium text-slate-700">
+                      {t("auth.signup.security_updates_title")}
+                    </span>
+                    <p className="text-xs text-slate-500">{t("auth.signup.security_updates_description")}</p>
+                  </div>
+                </label>
+              ))}
+
            {showLogin && (
              <Button
                data-testid="signup-submit"
--- a/apps/web/modules/auth/signup/page.tsx
+++ b/apps/web/modules/auth/signup/page.tsx
@@ -5,6 +5,7 @@ import {
  EMAIL_VERIFICATION_DISABLED,
  GITHUB_OAUTH_ENABLED,
  GOOGLE_OAUTH_ENABLED,
+  IS_FORMBRICKS_CLOUD,
  IS_TURNSTILE_CONFIGURED,
  OIDC_DISPLAY_NAME,
  OIDC_OAUTH_ENABLED,
@@ -76,6 +77,7 @@ export const SignupPage = async ({ searchParams: searchParamsProps }) => {
          samlTenant={SAML_TENANT}
          samlProduct={SAML_PRODUCT}
          turnstileSiteKey={TURNSTILE_SITE_KEY}
+          isFormbricksCloud={IS_FORMBRICKS_CLOUD}
        />
      </FormWrapper>
    </div>
--- a/apps/web/modules/ee/license-check/lib/license.ts
+++ b/apps/web/modules/ee/license-check/lib/license.ts
@@ -30,6 +30,7 @@ const CONFIG = {
      env.ENVIRONMENT === "staging"
        ? "https://staging.ee.formbricks.com/api/licenses/check"
        : "https://ee.formbricks.com/api/licenses/check",
+    // ENDPOINT: "https://localhost:8080/api/licenses/check",
    TIMEOUT_MS: 5000,
  },
 } as const;
--- a/apps/web/modules/ee/mailing/lib/mailing-subscription.test.ts
+++ b/apps/web/modules/ee/mailing/lib/mailing-subscription.test.ts
@@ -0,0 +1,205 @@
+import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
+import { logger } from "@formbricks/logger";
+import { subscribeToMailingList, subscribeUserToMailingList } from "./mailing-subscription";
+
+vi.mock("@formbricks/logger", () => ({
+  logger: {
+    error: vi.fn(),
+    info: vi.fn(),
+  },
+}));
+
+vi.mock("@/lib/utils/validate", () => ({
+  validateInputs: vi.fn(),
+}));
+
+globalThis.fetch = vi.fn();
+
+describe("subscribeToMailingList", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    vi.useFakeTimers();
+  });
+
+  afterEach(() => {
+    vi.useRealTimers();
+  });
+
+  test("should successfully subscribe to security mailing list", async () => {
+    vi.mocked(globalThis.fetch).mockResolvedValueOnce(new Response(null, { status: 200 }));
+
+    const result = await subscribeToMailingList({
+      email: "test@example.com",
+      listId: "security",
+    });
+
+    expect(result).toEqual({ success: true });
+    expect(globalThis.fetch).toHaveBeenCalledWith(
+      "https://ee.formbricks.com/api/v1/public/mailing/security/subscriptions",
+      expect.objectContaining({
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email: "test@example.com" }),
+      })
+    );
+    expect(logger.info).toHaveBeenCalledWith(
+      { listId: "security" },
+      "Successfully subscribed to security mailing list"
+    );
+  });
+
+  test("should successfully subscribe to product-updates mailing list", async () => {
+    vi.mocked(globalThis.fetch).mockResolvedValueOnce(new Response(null, { status: 200 }));
+
+    const result = await subscribeToMailingList({
+      email: "test@example.com",
+      listId: "product-updates",
+    });
+
+    expect(result).toEqual({ success: true });
+    expect(globalThis.fetch).toHaveBeenCalledWith(
+      "https://ee.formbricks.com/api/v1/public/mailing/product-updates/subscriptions",
+      expect.objectContaining({
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email: "test@example.com" }),
+      })
+    );
+  });
+
+  test("should return error when API returns non-ok response", async () => {
+    vi.mocked(globalThis.fetch).mockResolvedValueOnce(
+      new Response("Bad Request", { status: 400, statusText: "Bad Request" })
+    );
+
+    const result = await subscribeToMailingList({
+      email: "test@example.com",
+      listId: "security",
+    });
+
+    expect(result).toEqual({ success: false, error: "Failed to subscribe: 400" });
+    expect(logger.error).toHaveBeenCalledWith(
+      { status: 400, error: "Bad Request" },
+      "Failed to subscribe to security mailing list"
+    );
+  });
+
+  test("should return error when fetch throws an error", async () => {
+    vi.mocked(globalThis.fetch).mockRejectedValueOnce(new Error("Network error"));
+
+    const result = await subscribeToMailingList({
+      email: "test@example.com",
+      listId: "security",
+    });
+
+    expect(result).toEqual({ success: false, error: "Failed to subscribe to mailing list" });
+    expect(logger.error).toHaveBeenCalledWith(
+      expect.any(Error),
+      "Error subscribing to security mailing list"
+    );
+  });
+
+  test("should return timeout error when request times out", async () => {
+    const abortError = new Error("Aborted");
+    abortError.name = "AbortError";
+    vi.mocked(globalThis.fetch).mockRejectedValueOnce(abortError);
+
+    const result = await subscribeToMailingList({
+      email: "test@example.com",
+      listId: "security",
+    });
+
+    expect(result).toEqual({ success: false, error: "Request timed out" });
+    expect(logger.error).toHaveBeenCalledWith(
+      { listId: "security" },
+      "Mailing subscription request timed out"
+    );
+  });
+});
+
+describe("subscribeUserToMailingList", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  test("should subscribe to product-updates when isFormbricksCloud is true and subscribeToProductUpdates is true", async () => {
+    vi.mocked(globalThis.fetch).mockResolvedValueOnce(new Response(null, { status: 200 }));
+
+    await subscribeUserToMailingList({
+      email: "test@example.com",
+      isFormbricksCloud: true,
+      subscribeToProductUpdates: true,
+      subscribeToSecurityUpdates: false,
+    });
+
+    expect(globalThis.fetch).toHaveBeenCalledWith(
+      "https://ee.formbricks.com/api/v1/public/mailing/product-updates/subscriptions",
+      expect.any(Object)
+    );
+  });
+
+  test("should not subscribe when isFormbricksCloud is true but subscribeToProductUpdates is false", async () => {
+    await subscribeUserToMailingList({
+      email: "test@example.com",
+      isFormbricksCloud: true,
+      subscribeToProductUpdates: false,
+      subscribeToSecurityUpdates: true,
+    });
+
+    expect(globalThis.fetch).not.toHaveBeenCalled();
+  });
+
+  test("should subscribe to security when isFormbricksCloud is false and subscribeToSecurityUpdates is true", async () => {
+    vi.mocked(globalThis.fetch).mockResolvedValueOnce(new Response(null, { status: 200 }));
+
+    await subscribeUserToMailingList({
+      email: "test@example.com",
+      isFormbricksCloud: false,
+      subscribeToSecurityUpdates: true,
+      subscribeToProductUpdates: false,
+    });
+
+    expect(globalThis.fetch).toHaveBeenCalledWith(
+      "https://ee.formbricks.com/api/v1/public/mailing/security/subscriptions",
+      expect.any(Object)
+    );
+  });
+
+  test("should not subscribe when isFormbricksCloud is false but subscribeToSecurityUpdates is false", async () => {
+    await subscribeUserToMailingList({
+      email: "test@example.com",
+      isFormbricksCloud: false,
+      subscribeToSecurityUpdates: false,
+      subscribeToProductUpdates: true,
+    });
+
+    expect(globalThis.fetch).not.toHaveBeenCalled();
+  });
+
+  test("should not subscribe when both subscription flags are undefined", async () => {
+    await subscribeUserToMailingList({
+      email: "test@example.com",
+      isFormbricksCloud: true,
+    });
+
+    expect(globalThis.fetch).not.toHaveBeenCalled();
+  });
+
+  test("should prioritize product-updates for cloud users even if security is also true", async () => {
+    vi.mocked(globalThis.fetch).mockResolvedValueOnce(new Response(null, { status: 200 }));
+
+    await subscribeUserToMailingList({
+      email: "test@example.com",
+      isFormbricksCloud: true,
+      subscribeToProductUpdates: true,
+      subscribeToSecurityUpdates: true,
+    });
+
+    // Should only call product-updates endpoint for cloud users
+    expect(globalThis.fetch).toHaveBeenCalledTimes(1);
+    expect(globalThis.fetch).toHaveBeenCalledWith(
+      "https://ee.formbricks.com/api/v1/public/mailing/product-updates/subscriptions",
+      expect.any(Object)
+    );
+  });
+});
--- a/apps/web/modules/ee/mailing/lib/mailing-subscription.ts
+++ b/apps/web/modules/ee/mailing/lib/mailing-subscription.ts
@@ -0,0 +1,91 @@
+"use server";
+
+import { logger } from "@formbricks/logger";
+import { TUserEmail, ZUserEmail } from "@formbricks/types/user";
+import { validateInputs } from "@/lib/utils/validate";
+
+export type TMailingListId = "security" | "product-updates";
+
+const MAILING_LIST_ENDPOINTS: Record<TMailingListId, string> = {
+  security: "https://ee.formbricks.com/api/v1/public/mailing/security/subscriptions",
+  "product-updates": "https://ee.formbricks.com/api/v1/public/mailing/product-updates/subscriptions",
+} as const;
+
+const EE_SERVER_TIMEOUT_MS = 5000;
+
+interface TSubscribeToMailingListParams {
+  email: TUserEmail;
+  listId: TMailingListId;
+}
+
+/**
+ * Subscribe a user to a mailing list via the EE server
+ * @param email - The user's email address
+ * @param listId - The mailing list ID ("security" or "product-updates")
+ */
+export const subscribeToMailingList = async ({
+  email,
+  listId,
+}: TSubscribeToMailingListParams): Promise<{ success: boolean; error?: string }> => {
+  validateInputs([email, ZUserEmail.toLowerCase()]);
+
+  const endpoint = MAILING_LIST_ENDPOINTS[listId];
+  if (!endpoint) {
+    logger.error({ listId }, "Invalid mailing list ID");
+    return { success: false, error: "Invalid mailing list ID" };
+  }
+
+  try {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), EE_SERVER_TIMEOUT_MS);
+
+    const response = await fetch(endpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({ email }),
+      signal: controller.signal,
+    });
+
+    clearTimeout(timeoutId);
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      logger.error(
+        { status: response.status, error: errorText },
+        `Failed to subscribe to ${listId} mailing list`
+      );
+      return { success: false, error: `Failed to subscribe: ${response.status}` };
+    }
+
+    logger.info({ listId }, `Successfully subscribed to ${listId} mailing list`);
+    return { success: true };
+  } catch (error) {
+    if (error instanceof Error && error.name === "AbortError") {
+      logger.error({ listId }, "Mailing subscription request timed out");
+      return { success: false, error: "Request timed out" };
+    }
+
+    logger.error(error, `Error subscribing to ${listId} mailing list`);
+    return { success: false, error: "Failed to subscribe to mailing list" };
+  }
+};
+
+export const subscribeUserToMailingList = async ({
+  email,
+  isFormbricksCloud,
+  subscribeToSecurityUpdates,
+  subscribeToProductUpdates,
+}: {
+  email: TUserEmail;
+  isFormbricksCloud: boolean;
+  subscribeToSecurityUpdates?: boolean;
+  subscribeToProductUpdates?: boolean;
+}): Promise<void> => {
+  if (isFormbricksCloud && subscribeToProductUpdates) {
+    await subscribeToMailingList({ email, listId: "product-updates" });
+  } else if (!isFormbricksCloud && subscribeToSecurityUpdates) {
+    await subscribeToMailingList({ email, listId: "security" });
+  }
+};
--- a/apps/web/modules/ee/multi-language-surveys/components/edit-language.tsx
+++ b/apps/web/modules/ee/multi-language-surveys/components/edit-language.tsx
@@ -67,7 +67,7 @@ const validateLanguages = (languages: Language[], t: TFunction) => {
  // (e.g. alias "nl" pointing to a non-Dutch language) which later breaks the
  // dropdowns that rely on ISO identifiers.
  for (const alias of languageAliases) {
-    if (iso639Languages.some((language) => language.alpha2 === alias && !languageCodes.includes(alias))) {
+    if (iso639Languages.some((language) => language.code === alias && !languageCodes.includes(alias))) {
      toast.error(
        t("environments.workspace.languages.conflict_between_selected_alias_and_another_language"),
        {
--- a/apps/web/modules/ee/multi-language-surveys/components/language-select.tsx
+++ b/apps/web/modules/ee/multi-language-surveys/components/language-select.tsx
@@ -22,7 +22,7 @@ export function LanguageSelect({ language, onLanguageChange, disabled, locale }:
  const [isOpen, setIsOpen] = useState(false);
  const [searchTerm, setSearchTerm] = useState("");
  const [selectedOption, setSelectedOption] = useState(
-    iso639Languages.find((isoLang) => isoLang.alpha2 === language.code)
+    iso639Languages.find((isoLang) => isoLang.code === language.code)
  );
  const items = iso639Languages;

@@ -39,7 +39,7 @@ export function LanguageSelect({ language, onLanguageChange, disabled, locale }:

  const handleOptionSelect = (option: TIso639Language) => {
    setSelectedOption(option);
-    onLanguageChange({ ...language, code: option.alpha2 || "" });
+    onLanguageChange({ ...language, code: option.code || "" });
    setIsOpen(false);
  };

@@ -87,7 +87,7 @@ export function LanguageSelect({ language, onLanguageChange, disabled, locale }:
          {filteredItems.map((item) => (
            <button
              className="block w-full cursor-pointer rounded-md px-4 py-2 text-left text-slate-700 hover:bg-slate-100 active:bg-blue-100"
-              key={item.alpha2}
+              key={item.code}
              onClick={() => {
                handleOptionSelect(item);
              }}>
--- a/apps/web/modules/organization/settings/api-keys/components/add-api-key-modal.tsx
+++ b/apps/web/modules/organization/settings/api-keys/components/add-api-key-modal.tsx
@@ -255,7 +255,7 @@ export const AddApiKeyModal = ({
                              </span>
                            </button>
                          </DropdownMenuTrigger>
-                          <DropdownMenuContent className="min-w-[8rem]">
+                          <DropdownMenuContent className="max-h-[300px] min-w-[8rem] overflow-y-auto">
                            {projectOptions.map((option) => (
                              <DropdownMenuItem
                                key={option.id}
@@ -286,7 +286,7 @@ export const AddApiKeyModal = ({
                              </span>
                            </button>
                          </DropdownMenuTrigger>
-                          <DropdownMenuContent className="min-w-[8rem] capitalize">
+                          <DropdownMenuContent className="max-h-[300px] min-w-[8rem] overflow-y-auto capitalize">
                            {getEnvironmentOptionsForProject(permission.projectId).map((env) => (
                              <DropdownMenuItem
                                key={env.id}
--- a/apps/web/modules/organization/settings/api-keys/page.tsx
+++ b/apps/web/modules/organization/settings/api-keys/page.tsx
@@ -18,9 +18,9 @@ export const APIKeysPage = async (props) => {

  const projects = await getProjectsByOrganizationId(organization.id);

-  const isNotOwner = currentUserMembership.role !== "owner";
+  const canAccessApiKeys = currentUserMembership.role === "owner" || currentUserMembership.role === "manager";

-  if (isNotOwner) throw new Error(t("common.not_authorized"));
+  if (!canAccessApiKeys) throw new Error(t("common.not_authorized"));

  return (
    <PageContentWrapper>
@@ -38,7 +38,7 @@ export const APIKeysPage = async (props) => {
        <ApiKeyList
          organizationId={organization.id}
          locale={locale}
-          isReadOnly={isNotOwner}
+          isReadOnly={!canAccessApiKeys}
          projects={projects}
        />
      </SettingsCard>
--- a/apps/web/modules/setup/(fresh-instance)/signup/page.tsx
+++ b/apps/web/modules/setup/(fresh-instance)/signup/page.tsx
@@ -5,6 +5,7 @@ import {
  EMAIL_VERIFICATION_DISABLED,
  GITHUB_OAUTH_ENABLED,
  GOOGLE_OAUTH_ENABLED,
+  IS_FORMBRICKS_CLOUD,
  IS_TURNSTILE_CONFIGURED,
  OIDC_DISPLAY_NAME,
  OIDC_OAUTH_ENABLED,
@@ -57,6 +58,7 @@ export const SignupPage = async () => {
        samlTenant={SAML_TENANT}
        samlProduct={SAML_PRODUCT}
        turnstileSiteKey={TURNSTILE_SITE_KEY}
+        isFormbricksCloud={IS_FORMBRICKS_CLOUD}
      />
    </div>
  );
--- a/apps/web/modules/survey/editor/components/auto-save-indicator.tsx
+++ b/apps/web/modules/survey/editor/components/auto-save-indicator.tsx
@@ -0,0 +1,61 @@
+"use client";
+
+import { useEffect, useMemo, useState } from "react";
+import { useTranslation } from "react-i18next";
+import { cn } from "@/lib/cn";
+import { TooltipRenderer } from "@/modules/ui/components/tooltip";
+
+interface AutoSaveIndicatorProps {
+  isDraft: boolean;
+  lastSaved: Date | null;
+}
+
+export const AutoSaveIndicator = ({ isDraft, lastSaved }: AutoSaveIndicatorProps) => {
+  const { t } = useTranslation();
+  const [showSaved, setShowSaved] = useState(false);
+
+  useEffect(() => {
+    if (lastSaved) {
+      setShowSaved(true);
+      const timer = setTimeout(() => {
+        setShowSaved(false);
+      }, 3000);
+      return () => clearTimeout(timer);
+    }
+  }, [lastSaved]);
+
+  const isSavedState = isDraft && showSaved;
+
+  const text = useMemo(() => {
+    if (!isDraft) {
+      return t("environments.surveys.edit.auto_save_disabled");
+    }
+
+    if (showSaved) {
+      return t("environments.surveys.edit.progress_saved");
+    }
+
+    return t("environments.surveys.edit.auto_save_on");
+  }, [isDraft, showSaved, t]);
+
+  const badge = (
+    <span
+      className={cn(
+        "inline-flex cursor-default items-center rounded-full border px-2.5 py-0.5 text-xs font-medium transition-colors duration-300",
+        isSavedState
+          ? "border-green-600 bg-green-50 text-green-800"
+          : "border-slate-200 bg-slate-100 text-slate-600"
+      )}>
+      {text}
+    </span>
+  );
+
+  return (
+    <TooltipRenderer
+      shouldRender={!isDraft}
+      tooltipContent={t("environments.surveys.edit.auto_save_disabled_tooltip")}
+      className="max-w-64 text-center">
+      {badge}
+    </TooltipRenderer>
+  );
+};
--- a/apps/web/modules/survey/editor/components/survey-menu-bar.tsx
+++ b/apps/web/modules/survey/editor/components/survey-menu-bar.tsx
@@ -26,6 +26,7 @@ import { Button } from "@/modules/ui/components/button";
 import { Input } from "@/modules/ui/components/input";
 import { updateSurveyAction, updateSurveyDraftAction } from "../actions";
 import { isSurveyValid } from "../lib/validation";
+import { AutoSaveIndicator } from "./auto-save-indicator";

 interface SurveyMenuBarProps {
  localSurvey: TSurvey;
@@ -68,7 +69,14 @@ export const SurveyMenuBar = ({
  const [isConfirmDialogOpen, setConfirmDialogOpen] = useState(false);
  const [isSurveyPublishing, setIsSurveyPublishing] = useState(false);
  const [isSurveySaving, setIsSurveySaving] = useState(false);
+  const [lastAutoSaved, setLastAutoSaved] = useState<Date | null>(null);
  const isSuccessfullySavedRef = useRef(false);
+  const isAutoSavingRef = useRef(false);
+
+  // Refs for interval-based auto-save (to access current values without re-creating interval)
+  const localSurveyRef = useRef(localSurvey);
+  const surveyRef = useRef(survey);
+  const isSurveySavingRef = useRef(isSurveySaving);

  useEffect(() => {
    if (audiencePrompt && activeId === "settings") {
@@ -80,6 +88,19 @@ export const SurveyMenuBar = ({
    setIsLinkSurvey(localSurvey.type === "link");
  }, [localSurvey.type]);

+  // Keep refs updated for interval-based auto-save
+  useEffect(() => {
+    localSurveyRef.current = localSurvey;
+  }, [localSurvey]);
+
+  useEffect(() => {
+    surveyRef.current = survey;
+  }, [survey]);
+
+  useEffect(() => {
+    isSurveySavingRef.current = isSurveySaving;
+  }, [isSurveySaving]);
+
  // Reset the successfully saved flag when survey prop updates (page refresh complete)
  useEffect(() => {
    if (isSuccessfullySavedRef.current) {
@@ -228,6 +249,52 @@ export const SurveyMenuBar = ({
    return true;
  };

+  // Interval-based auto-save for draft surveys (every 10 seconds)
+  useEffect(() => {
+    // Only set up interval for draft surveys
+    if (localSurvey.status !== "draft") return;
+
+    const intervalId = setInterval(async () => {
+      // Skip if tab is not visible (no computation, no API calls for background tabs)
+      if (document.hidden) return;
+
+      // Skip if already saving (manual or auto)
+      if (isAutoSavingRef.current || isSurveySavingRef.current) return;
+
+      // Check for changes using refs (avoids re-creating interval on every change)
+      const { updatedAt: localUpdatedAt, ...localSurveyRest } = localSurveyRef.current;
+      const { updatedAt: surveyUpdatedAt, ...surveyRest } = surveyRef.current;
+
+      // Skip if no changes
+      if (isEqual(localSurveyRest, surveyRest)) return;
+
+      isAutoSavingRef.current = true;
+
+      try {
+        const currentSurvey = localSurveyRef.current;
+        const updatedSurveyResponse = await updateSurveyDraftAction({
+          ...currentSurvey,
+          segment: currentSurvey.segment?.id === "temp" ? null : currentSurvey.segment,
+        } as unknown as TSurveyDraft);
+
+        if (updatedSurveyResponse?.data) {
+          // Update surveyRef (not localSurvey state) to prevent re-renders during auto-save.
+          // This keeps the UI stable while still tracking that changes have been saved.
+          // The comparison uses refs, so this prevents unnecessary re-saves.
+          surveyRef.current = { ...updatedSurveyResponse.data };
+          isSuccessfullySavedRef.current = true;
+          setLastAutoSaved(new Date());
+        }
+      } catch (e) {
+        console.error(e);
+      } finally {
+        isAutoSavingRef.current = false;
+      }
+    }, 10000);
+
+    return () => clearInterval(intervalId);
+  }, [localSurvey.status]);
+
  // Add new handler after handleSurveySave
  const handleSurveySaveDraft = async (): Promise<boolean> => {
    setIsSurveySaving(true);
@@ -401,6 +468,7 @@ export const SurveyMenuBar = ({
      </div>

      <div className="mt-3 flex items-center gap-2 sm:mt-0 sm:ml-4">
+        <AutoSaveIndicator isDraft={localSurvey.status === "draft"} lastSaved={lastAutoSaved} />
        {!isStorageConfigured && (
          <div>
            <Alert variant="warning" size="small">
@@ -427,6 +495,7 @@ export const SurveyMenuBar = ({
        )}
        {!isCxMode && (
          <Button
+            data-save-button
            disabled={disableSave}
            variant="secondary"
            size="sm"
--- a/apps/web/modules/survey/editor/lib/survey.test.ts
+++ b/apps/web/modules/survey/editor/lib/survey.test.ts
@@ -168,7 +168,7 @@ describe("Survey Editor Library Tests", () => {
      vi.mocked(getOrganizationAIKeys).mockResolvedValue(mockOrganization as any);
    });

-    test("should handle languages update", async () => {
+    test("should handle languages update with multiple languages", async () => {
      const updatedSurvey: TSurvey = {
        ...mockSurvey,
        languages: [
@@ -219,6 +219,60 @@ describe("Survey Editor Library Tests", () => {
      });
    });

+    test("should handle languages update with single default language", async () => {
+      // This tests the fix for the bug where languages.length === 1 would incorrectly
+      // set updatedLanguageIds to [] causing the default language to be removed
+      const updatedSurvey: TSurvey = {
+        ...mockSurvey,
+        languages: [
+          {
+            language: {
+              id: "en",
+              code: "en",
+              createdAt: new Date(),
+              updatedAt: new Date(),
+              alias: null,
+              projectId: "project1",
+            },
+            default: true,
+            enabled: true,
+          },
+        ],
+      };
+
+      await updateSurvey(updatedSurvey);
+
+      // Verify that prisma.survey.update was called
+      expect(prisma.survey.update).toHaveBeenCalled();
+
+      const updateCall = vi.mocked(prisma.survey.update).mock.calls[0][0];
+
+      // The key test: when languages.length === 1, we should still process language updates
+      // and NOT delete the language. Before the fix, languages.length > 1 would fail this case.
+      expect(updateCall).toBeDefined();
+      expect(updateCall.where).toEqual({ id: "survey123" });
+      expect(updateCall.data).toBeDefined();
+    });
+
+    test("should remove all languages when empty array is passed", async () => {
+      const updatedSurvey: TSurvey = {
+        ...mockSurvey,
+        languages: [],
+      };
+
+      await updateSurvey(updatedSurvey);
+
+      // Verify that prisma.survey.update was called
+      expect(prisma.survey.update).toHaveBeenCalled();
+
+      const updateCall = vi.mocked(prisma.survey.update).mock.calls[0][0];
+
+      // When languages is empty array, all existing languages should be removed
+      expect(updateCall).toBeDefined();
+      expect(updateCall.where).toEqual({ id: "survey123" });
+      expect(updateCall.data).toBeDefined();
+    });
+
    test("should delete private segment for non-app type surveys", async () => {
      const mockSegment: TSegment = {
        id: "segment1",
--- a/apps/web/modules/survey/editor/lib/survey.ts
+++ b/apps/web/modules/survey/editor/lib/survey.ts
@@ -43,7 +43,7 @@ export const updateSurvey = async (updatedSurvey: TSurvey): Promise<TSurvey> =>
        ? currentSurvey.languages.map((l) => l.language.id)
        : [];
      const updatedLanguageIds =
-        languages.length > 1 ? updatedSurvey.languages.map((l) => l.language.id) : [];
+        languages.length > 0 ? updatedSurvey.languages.map((l) => l.language.id) : [];
      const enabledLanguageIds = languages.map((language) => {
        if (language.enabled) return language.language.id;
      });
--- a/apps/web/modules/ui/globals.css
+++ b/apps/web/modules/ui/globals.css
@@ -64,11 +64,13 @@

 *::-webkit-scrollbar-track {
  background: #e2e8f0;
+  border-radius: 10px;
 }

 *::-webkit-scrollbar-thumb {
  background-color: #cbd5e1;
  border: 1px solid #cbd5e1;
+  border-radius: 10px;
 }

 .filter-scrollbar::-webkit-scrollbar {
--- a/apps/web/next-env.d.ts
+++ b/apps/web/next-env.d.ts
@@ -1,6 +1,6 @@
 /// <reference types="next" />
 /// <reference types="next/image-types/global" />
-/// <reference path="./.next/types/routes.d.ts" />
+import "./.next/dev/types/routes.d.ts";

 // NOTE: This file should not be edited
 // see https://nextjs.org/docs/app/api-reference/config/typescript for more information.
--- a/apps/web/next.config.mjs
+++ b/apps/web/next.config.mjs
@@ -24,6 +24,7 @@ const nextConfig = {
  outputFileTracingIncludes: {
    "/api/auth/**/*": ["../../node_modules/jose/**/*"],
  },
+  turbopack: {},
  experimental: {},
  transpilePackages: ["@formbricks/database"],
  images: {
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -10,7 +10,7 @@
    "build": "cross-env NODE_OPTIONS=--max-old-space-size=8192 next build",
    "build:dev": "pnpm run build",
    "start": "next start",
-    "lint": "next lint",
+    "lint": "eslint . --fix --ext .ts,.js,.tsx,.jsx",
    "test": "dotenv -e ../../.env -- vitest run",
    "test:coverage": "dotenv -e ../../.env -- vitest run --coverage",
    "generate-api-specs": "./scripts/openapi/generate.sh",
@@ -46,7 +46,7 @@
    "@lexical/rich-text": "0.36.2",
    "@lexical/table": "0.36.2",
    "@opentelemetry/exporter-prometheus": "0.203.0",
-    "@opentelemetry/host-metrics": "0.36.0",
+    "@opentelemetry/host-metrics": "0.38.0",
    "@opentelemetry/instrumentation": "0.203.0",
    "@opentelemetry/instrumentation-http": "0.203.0",
    "@opentelemetry/instrumentation-runtime-node": "0.17.1",
@@ -101,7 +101,7 @@
    "lucide-react": "0.507.0",
    "markdown-it": "14.1.0",
    "mime-types": "3.0.1",
-    "next": "15.5.9",
+    "next": "16.1.1",
    "next-auth": "4.24.12",
    "next-safe-action": "7.10.8",
    "node-fetch": "3.3.2",
@@ -133,7 +133,9 @@
    "webpack": "5.99.8",
    "xlsx": "file:vendor/xlsx-0.20.3.tgz",
    "zod": "3.24.4",
-    "zod-openapi": "4.2.4"
+    "zod-openapi": "4.2.4",
+    "react": "19.2.3",
+    "react-dom": "19.2.3"
  },
  "devDependencies": {
    "@formbricks/config-typescript": "workspace:*",
@@ -156,7 +158,7 @@
    "autoprefixer": "10.4.21",
    "cross-env": "10.0.0",
    "dotenv": "16.5.0",
-    "esbuild": "0.25.10",
+    "esbuild": "0.25.11",
    "postcss": "8.5.3",
    "resize-observer-polyfill": "1.5.1",
    "ts-node": "10.9.2",
--- a/apps/web/playwright/survey.spec.ts
+++ b/apps/web/playwright/survey.spec.ts
@@ -255,14 +255,14 @@ test.describe("Multi Language Survey Create", async () => {
    await page.getByRole("button", { name: "Select" }).click();
    await page.getByPlaceholder("Search items").click();
    await page.getByPlaceholder("Search items").fill("Eng");
-    await page.getByText("English").click();
+    await page.getByText("English", { exact: true }).click();
    await page.getByRole("button", { name: "Save changes" }).click();
    await page.getByRole("button", { name: "Edit languages" }).click();
    await page.getByRole("button", { name: "Add language" }).click();
    await page.getByRole("button", { name: "Select" }).click();
    await page.getByRole("textbox", { name: "Search items" }).click();
    await page.getByRole("textbox", { name: "Search items" }).fill("German");
-    await page.getByText("German").nth(1).click();
+    await page.getByText("German", { exact: true }).nth(1).click();
    await page.getByRole("button", { name: "Save changes" }).click();
    await page.waitForTimeout(2000);
    await page.getByRole("link", { name: "Surveys" }).click();
--- a/apps/web/middleware.ts
+++ b/apps/web/middleware.ts
@@ -56,7 +56,7 @@ const handleDomainAwareRouting = (request: NextRequest): Response | null => {
  }
 };

-export const middleware = async (originalRequest: NextRequest) => {
+export const proxy = async (originalRequest: NextRequest) => {
  // Handle domain-aware routing first
  const domainResponse = handleDomainAwareRouting(originalRequest);
  if (domainResponse) return domainResponse;
--- a/apps/web/scripts/docker/next-start.sh
+++ b/apps/web/scripts/docker/next-start.sh
@@ -48,10 +48,10 @@ run_with_timeout() {


 echo "🗃️ Running database migrations..."
-run_with_timeout 300 "database migration" sh -c '(cd packages/database && npm run db:migrate:deploy)'
+run_with_timeout 300 "database migration" node packages/database/dist/scripts/apply-migrations.js

 echo "🗃️ Running SAML database setup..."
-run_with_timeout 60 "SAML database setup" sh -c '(cd packages/database && npm run db:create-saml-database:deploy)'
+run_with_timeout 60 "SAML database setup" node packages/database/dist/scripts/create-saml-database.js

 echo "✅ Database setup completed"
 echo "🚀 Starting Next.js server..."
--- a/docs/api-reference/openapi.json
+++ b/docs/api-reference/openapi.json
@@ -5868,6 +5868,7 @@
                        "jpeg",
                        "jpg",
                        "webp",
+                        "ico",
                        "pdf",
                        "eml",
                        "doc",
@@ -5883,6 +5884,7 @@
                        "avi",
                        "mkv",
                        "webm",
+                        "mp3",
                        "zip",
                        "rar",
                        "7z",
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -7,6 +7,11 @@ type: application
 # Helm chart Version
 version: 0.0.0-dev

+# This is the version number of the application being deployed.
+appVersion: "3.7.0"
+
+icon: https://formbricks.com/favicon.ico
+
 keywords:
  - formbricks
  - postgresql
--- a/helm-chart/templates/NOTES.txt
+++ b/helm-chart/templates/NOTES.txt
@@ -84,13 +84,18 @@ Redis Access:
 ---

 Environment Variables:
-The following environment variables have been automatically generated:
+The following environment variables have been configured:

- `NEXTAUTH_SECRET`: A random 32-character string
- `ENCRYPTION_KEY`: A random 32-character string
- `CRON_SECRET`: A random 32-character string
- 'EMAIL_VERIFICATION_DISABLED': 1 # By Default email verification is disabled, configure SMTP settings to enable(https://formbricks.com/docs/self-hosting/configuration/smtp)
- 'PASSWORD_RESET_DISABLED': 1 # By Default password reset is disabled, configure SMTP settings to enable(https://formbricks.com/docs/self-hosting/configuration/smtp)
+- `WEBAPP_URL`: {{ .Values.formbricks.webappUrl }}
+- `NEXTAUTH_URL`: {{ .Values.formbricks.webappUrl }}
+{{- if .Values.formbricks.publicUrl }}
+- `PUBLIC_URL`: {{ .Values.formbricks.publicUrl }}
+{{- end }}
+- `NEXTAUTH_SECRET`: A random 32-character string (auto-generated)
+- `ENCRYPTION_KEY`: A random 32-character string (auto-generated)
+- `CRON_SECRET`: A random 32-character string (auto-generated)
+- `EMAIL_VERIFICATION_DISABLED`: 1 # By Default email verification is disabled, configure SMTP settings to enable(https://formbricks.com/docs/self-hosting/configuration/smtp)
+- `PASSWORD_RESET_DISABLED`: 1 # By Default password reset is disabled, configure SMTP settings to enable(https://formbricks.com/docs/self-hosting/configuration/smtp)

 Retrieve them using:
 ```sh
--- a/helm-chart/templates/secrets.yaml
+++ b/helm-chart/templates/secrets.yaml
@@ -3,6 +3,7 @@
 {{- $postgresAdminPassword := include "formbricks.postgresAdminPassword" . }}
 {{- $postgresUserPassword := include "formbricks.postgresUserPassword" . }}
 {{- $redisPassword := include "formbricks.redisPassword" . }}
+{{- $webappUrl := required "formbricks.webappUrl is required. Set it to your Formbricks instance URL (e.g., https://formbricks.example.com)" .Values.formbricks.webappUrl }}
 ---
 apiVersion: v1
 kind: Secret
@@ -11,6 +12,12 @@ metadata:
  labels:
    {{- include "formbricks.labels" . | nindent 4 }}
 data:
+  # Formbricks application URLs
+  WEBAPP_URL: {{ $webappUrl | b64enc }}
+  NEXTAUTH_URL: {{ $webappUrl | b64enc }}
+  {{- if .Values.formbricks.publicUrl }}
+  PUBLIC_URL: {{ .Values.formbricks.publicUrl | b64enc }}
+  {{- end }}
  {{- if .Values.redis.enabled }}
  REDIS_URL: {{ printf "redis://:%s@formbricks-redis-master:6379" $redisPassword | b64enc }}
  {{- else }}
@@ -21,7 +28,7 @@ data:
  {{- else }}
  DATABASE_URL: {{ .Values.postgresql.externalDatabaseUrl | b64enc }}
  {{- end }}
-  CRON_SECRET: {{ include "formbricks.cronSecret" . | b64enc }}	
+  CRON_SECRET: {{ include "formbricks.cronSecret" . | b64enc }}
  ENCRYPTION_KEY: {{ include "formbricks.encryptionKey" . | b64enc }}
  NEXTAUTH_SECRET: {{ include "formbricks.nextAuthSecret" . | b64enc }}
  {{- if and (.Values.enterprise.licenseKey) (ne .Values.enterprise.licenseKey "") }}
--- a/helm-chart/templates/servicemonitor.yaml
+++ b/helm-chart/templates/servicemonitor.yaml
@@ -7,15 +7,13 @@ metadata:
  namespace: {{ include "formbricks.namespace" . }}
  labels:
  {{- include "formbricks.labels" $ | nindent 4 }}
-{{- if .Values.serviceMonitor.additionalLabels }}
-{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }}
-{{- end }}
-{{- if .Values.serviceMonitor.annotations }}
+  {{- if .Values.serviceMonitor.additionalLabels }}
+  {{- toYaml .Values.serviceMonitor.additionalLabels | nindent 4 }}
+  {{- end }}
+  {{- if .Values.serviceMonitor.annotations }}
  annotations:
-{{- end }}
-{{- if or .Values.serviceMonitor.annotations }}
-{{ toYaml .Values.serviceMonitor.annotations | indent 4 }}
-{{- end }}
+  {{- toYaml .Values.serviceMonitor.annotations | nindent 4 }}
+  {{- end }}
 spec:
  selector:
    matchLabels:
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -10,6 +10,17 @@ componentOverride: ""
 # Defaults to the chart name if not set.
 partOfOverride: ""

+##########################################################
+# Formbricks Configuration
+##########################################################
+formbricks:
+  # REQUIRED: Base URL of the site (e.g., https://formbricks.example.com)
+  # This is used for WEBAPP_URL and NEXTAUTH_URL
+  webappUrl: ""
+  
+  # Optional: Public URL for surveys (defaults to webappUrl if not set)
+  publicUrl: ""
+
 ##########################################################
 # Enterprise Configuration
 ##########################################################
@@ -76,6 +87,7 @@ deployment:
  # Application container image
  image:
    repository: "ghcr.io/formbricks/formbricks"
+    tag: "" # Defaults to appVersion if not set
    digest: "" # If set, digest takes precedence over the tag
    pullPolicy: IfNotPresent

--- a/package.json
+++ b/package.json
@@ -44,8 +44,9 @@
    "i18n:validate": "pnpm scan-translations"
  },
  "dependencies": {
-    "react": "19.2.1",
-    "react-dom": "19.2.1"
+    "react": "19.2.3",
+    "react-dom": "19.2.3",
+    "next": "16.1.1"
  },
  "devDependencies": {
    "@azure/identity": "4.13.0",
@@ -86,10 +87,11 @@
      "axios": ">=1.12.2",
      "node-forge": ">=1.3.2",
      "tar-fs": "2.1.4",
-      "typeorm": ">=0.3.26"
+      "typeorm": ">=0.3.26",
+      "systeminformation": "5.27.14"
    },
    "comments": {
-      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update"
+      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update | systeminformation (Dependabot #241) - awaiting @opentelemetry/host-metrics update"
    },
    "patchedDependencies": {
      "next-auth@4.24.12": "patches/next-auth@4.24.12.patch"
--- a/packages/database/package.json
+++ b/packages/database/package.json
@@ -38,7 +38,7 @@
    "db:push": "prisma db push --accept-data-loss",
    "db:seed": "dotenv -e ../../.env -- tsx src/seed.ts",
    "db:seed:clear": "dotenv -e ../../.env -- tsx src/seed.ts --clear",
-    "db:setup": "pnpm db:migrate:dev && pnpm db:create-saml-database:dev && pnpm db:seed",
+    "db:setup": "pnpm db:migrate:dev && pnpm db:create-saml-database:dev",
    "db:start": "pnpm db:setup",
    "format": "prisma format",
    "generate": "prisma generate",
--- a/packages/database/src/scripts/migration-runner.ts
+++ b/packages/database/src/scripts/migration-runner.ts
@@ -34,6 +34,7 @@ const MIGRATIONS_DIR = isBuilt
  ? path.resolve(__dirname, "../migration") // From dist/scripts to dist/migration
  : path.resolve(__dirname, "../../migration"); // From src/scripts to migration
 const PRISMA_MIGRATIONS_DIR = path.resolve(__dirname, "../../migrations");
+const PRISMA_SCHEMA_PATH = path.resolve(__dirname, "../../schema.prisma");

 const runMigrations = async (migrations: MigrationScript[]): Promise<void> => {
  logger.info(`Starting migrations: ${migrations.length.toString()} to run`);
@@ -169,7 +170,7 @@ const runSingleMigration = async (migration: MigrationScript, index: number): Pr

      // Run Prisma migrate
      // throws when migrate deploy fails
-      await execAsync("pnpm prisma migrate deploy");
+      await execAsync(`pnpm prisma migrate deploy --schema="${PRISMA_SCHEMA_PATH}"`);
      logger.info(`Successfully applied schema migration: ${migration.name}`);
    } catch (err) {
      logger.error(err, `Schema migration ${migration.name} failed`);
--- a/packages/i18n-utils/src/utils.ts
+++ b/packages/i18n-utils/src/utils.ts
--- a/packages/survey-ui/src/components/elements/consent.tsx
+++ b/packages/survey-ui/src/components/elements/consent.tsx
@@ -24,6 +24,8 @@ export interface ConsentProps {
  onChange: (checked: boolean) => void;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -45,6 +47,7 @@ function Consent({
  value = false,
  onChange,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -63,6 +66,7 @@ function Consent({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/cta.tsx
+++ b/packages/survey-ui/src/components/elements/cta.tsx
@@ -26,6 +26,8 @@ export interface CTAProps {
  onClick: () => void;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -50,6 +52,7 @@ function CTA({
  buttonExternal = false,
  onClick,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -73,6 +76,7 @@ function CTA({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
@@ -82,7 +86,7 @@ function CTA({
      <div className="relative space-y-2">
        <ElementError errorMessage={errorMessage} dir={dir} />

-        {buttonExternal && (
+        {buttonExternal ? (
          <div className="flex w-full justify-start">
            <Button
              id={inputId}
@@ -95,7 +99,7 @@ function CTA({
              <SquareArrowOutUpRightIcon className="size-4" />
            </Button>
          </div>
-        )}
+        ) : null}
      </div>
    </div>
  );
--- a/packages/survey-ui/src/components/elements/date.tsx
+++ b/packages/survey-ui/src/components/elements/date.tsx
@@ -19,6 +19,8 @@ interface DateElementProps {
  onChange: (value: string) => void;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Minimum date allowed (ISO format: YYYY-MM-DD) */
  minDate?: string;
  /** Maximum date allowed (ISO format: YYYY-MM-DD) */
@@ -45,6 +47,7 @@ function DateElement({
  value,
  onChange,
  required = false,
+  requiredLabel,
  minDate,
  maxDate,
  dir = "auto",
@@ -152,6 +155,7 @@ function DateElement({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/file-upload.tsx
+++ b/packages/survey-ui/src/components/elements/file-upload.tsx
@@ -37,6 +37,8 @@ interface FileUploadProps {
  allowedFileExtensions?: string[];
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display */
  errorMessage?: string;
  /** Whether the component is in uploading state */
@@ -219,6 +221,7 @@ function FileUpload({
  allowMultiple = false,
  allowedFileExtensions,
  required = false,
+  requiredLabel,
  errorMessage,
  isUploading = false,
  dir = "auto",
@@ -279,6 +282,7 @@ function FileUpload({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/form-field.tsx
+++ b/packages/survey-ui/src/components/elements/form-field.tsx
@@ -37,6 +37,8 @@ interface FormFieldProps {
  onChange: (value: Record<string, string>) => void;
  /** Whether the entire form is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -57,6 +59,7 @@ function FormField({
  value = {},
  onChange,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -103,6 +106,7 @@ function FormField({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
      />
--- a/packages/survey-ui/src/components/elements/matrix.tsx
+++ b/packages/survey-ui/src/components/elements/matrix.tsx
@@ -35,6 +35,8 @@ interface MatrixProps {
  onChange: (value: Record<string, string>) => void;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -57,6 +59,7 @@ function Matrix({
  value = {},
  onChange,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -84,6 +87,7 @@ function Matrix({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/multi-select.tsx
+++ b/packages/survey-ui/src/components/elements/multi-select.tsx
@@ -45,6 +45,8 @@ interface MultiSelectProps {
  onChange: (value: string[]) => void;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display below the options */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -405,6 +407,7 @@ function MultiSelect({
  value = [],
  onChange,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -473,6 +476,7 @@ function MultiSelect({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/nps.tsx
+++ b/packages/survey-ui/src/components/elements/nps.tsx
@@ -25,6 +25,8 @@ interface NPSProps {
  colorCoding?: boolean;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -48,6 +50,7 @@ function NPS({
  upperLabel,
  colorCoding = false,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -171,6 +174,7 @@ function NPS({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/open-text.tsx
+++ b/packages/survey-ui/src/components/elements/open-text.tsx
@@ -14,6 +14,7 @@ interface OpenTextProps {
  value?: string;
  onChange: (value: string) => void;
  required?: boolean;
+  requiredLabel?: string;
  longAnswer?: boolean;
  inputType?: "text" | "email" | "url" | "phone" | "number";
  charLimit?: {
@@ -37,6 +38,7 @@ function OpenText({
  inputId,
  onChange,
  required = false,
+  requiredLabel,
  longAnswer = false,
  inputType = "text",
  charLimit,
@@ -72,6 +74,7 @@ function OpenText({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/picture-select.tsx
+++ b/packages/survey-ui/src/components/elements/picture-select.tsx
@@ -37,6 +37,8 @@ interface PictureSelectProps {
  allowMulti?: boolean;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -59,6 +61,7 @@ function PictureSelect({
  onChange,
  allowMulti = false,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -96,6 +99,7 @@ function PictureSelect({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/ranking.tsx
+++ b/packages/survey-ui/src/components/elements/ranking.tsx
@@ -37,6 +37,8 @@ interface RankingProps {
  onChange: (value: string[]) => void;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -191,6 +193,7 @@ function Ranking({
  value = [],
  onChange,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -249,6 +252,7 @@ function Ranking({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/rating.tsx
+++ b/packages/survey-ui/src/components/elements/rating.tsx
@@ -137,6 +137,8 @@ interface RatingProps {
  colorCoding?: boolean;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -162,6 +164,7 @@ function Rating({
  upperLabel,
  colorCoding = false,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -406,6 +409,7 @@ function Rating({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/elements/single-select.tsx
+++ b/packages/survey-ui/src/components/elements/single-select.tsx
@@ -41,6 +41,8 @@ interface SingleSelectProps {
  onChange: (value: string) => void;
  /** Whether the field is required (shows asterisk indicator) */
  required?: boolean;
+  /** Custom label for the required indicator */
+  requiredLabel?: string;
  /** Error message to display below the options */
  errorMessage?: string;
  /** Text direction: 'ltr' (left-to-right), 'rtl' (right-to-left), or 'auto' (auto-detect from content) */
@@ -76,6 +78,7 @@ function SingleSelect({
  value,
  onChange,
  required = false,
+  requiredLabel,
  errorMessage,
  dir = "auto",
  disabled = false,
@@ -141,6 +144,7 @@ function SingleSelect({
        headline={headline}
        description={description}
        required={required}
+        requiredLabel={requiredLabel}
        htmlFor={inputId}
        imageUrl={imageUrl}
        videoUrl={videoUrl}
--- a/packages/survey-ui/src/components/general/element-header.tsx
+++ b/packages/survey-ui/src/components/general/element-header.tsx
@@ -8,6 +8,8 @@ interface ElementHeaderProps extends React.ComponentProps<"div"> {
  headline: string;
  description?: string;
  required?: boolean;
+  /** Custom label for the required indicator. Defaults to "Required" */
+  requiredLabel?: string;
  htmlFor?: string;
  imageUrl?: string;
  videoUrl?: string;
@@ -43,6 +45,7 @@ function ElementHeader({
  headline,
  description,
  required = false,
+  requiredLabel = "Required",
  htmlFor,
  className,
  imageUrl,
@@ -73,7 +76,9 @@ function ElementHeader({
      {/* Headline */}
      <div>
        <div>
-          {required ? <span className="label-headline mb-[3px] text-xs opacity-60">Required</span> : null}
+          {required ? (
+            <span className="label-headline mb-[3px] text-xs opacity-60">{requiredLabel}</span>
+          ) : null}
        </div>
        <div className="flex">
          {isHeadlineHtml && safeHeadlineHtml ? (
--- a/packages/survey-ui/tsconfig.json
+++ b/packages/survey-ui/tsconfig.json
@@ -10,6 +10,7 @@
    },
    "resolveJsonModule": true
  },
+  "exclude": ["src/**/*.stories.tsx", "src/**/story-helpers.tsx", "src/**/*.test.ts"],
  "extends": "@formbricks/config-typescript/react-library.json",
  "include": ["src"]
 }
--- a/packages/survey-ui/vite.config.mts
+++ b/packages/survey-ui/vite.config.mts
@@ -49,7 +49,7 @@ export default defineConfig({
    tsconfigPaths(),
    dts({
      include: ["src"],
-      exclude: ["**/*.stories.tsx", "**/*.test.ts", "**/story-helpers.ts"],
+      exclude: ["**/*.stories.tsx", "**/*.test.ts", "**/story-helpers.tsx"],
    }),
    tailwindcss(),
  ],
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Johannes	8ce3bae78b	feat: add expand parameter to getResponses API for enriched data	2026-01-16 10:54:18 +00:00
Dhruwang Jariwala	6e19de32f7	fix: org managers not able to access api keys (#7123 )	2026-01-16 09:54:54 +00:00
Johannes	957a4432f4	feat: introduce language variations (#7082 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-01-16 08:51:20 +00:00
Matti Nannt	22a5d4bb7d	chore: consolidate agent instructions and remove Cursor rules (#7096 )	2026-01-16 08:20:23 +00:00
Matti Nannt	226dff0344	fix: upgrade storybook to v10.1.11 (#7120 )	2026-01-16 07:19:18 +00:00
Dhruwang Jariwala	d474a94a21	fix: multi lang button label issue (#7117 )	2026-01-15 17:57:50 +00:00
dependabot[bot]	c1a4cc308b	chore(deps): bump the npm_and_yarn group across 2 directories with 1 update (#7081 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matti Nannt <matti@formbricks.com>	2026-01-15 15:10:33 +01:00
Dhruwang Jariwala	210da98b69	fix: scrolling in project breadcrumb dropdown (#7118 )	2026-01-15 11:59:17 +00:00
Matti Nannt	2fc183d384	chore: update pre-commit hook to address husky warning (#7106 )	2026-01-15 07:42:37 +00:00
Dhruwang Jariwala	78fb111610	fix: syntax issue in pr check size github action (#7116 )	2026-01-15 06:43:59 +00:00
Bhagya Amarasinghe	11c0cb4b61	fix: add required WEBAPP_URL/NEXTAUTH_URL config and improve helm chart (#7107 )	2026-01-14 18:26:40 +00:00
Johannes	95831f7c7f	feat: add auto-save for draft surveys and Cmd+S hotkey (#7087 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-01-14 17:23:34 +00:00
Anshuman Pandey	a31e7bfaa5	feat: security signup ui (#7088 ) Co-authored-by: Johannes <johannes@formbricks.com>	2026-01-14 16:45:21 +00:00
Matti Nannt	6e35fc1769	fix: update systeminformation to 5.27.14 (#7105 )	2026-01-14 11:04:43 +00:00
Theodór Tómas	48cded1646	perf: decouple constants from zod and add bundle analyzer (#7101 )	2026-01-14 09:50:05 +00:00
Dhruwang Jariwala	db752cee15	feat: add support for mp3 file extension and corresponding MIME type (#7103 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-01-13 12:19:22 +00:00
Dhruwang Jariwala	b33aae0a73	fix: missing Russian langauge in language select dropdown (#7099 )	2026-01-13 10:08:50 +00:00
Matti Nannt	72126ad736	fix: required label not being translated (#7092 )	2026-01-13 10:05:11 +00:00
Theodór Tómas	4a2eeac90b	perf: reduce bundle size (#7094 )	2026-01-12 16:57:12 +00:00