fixes coderabbit feedback

fix/webhook-ssrf-toctou-dns-pin
feat: add PostHog group analytics and feature events (#7914 )
2026-05-08 02:43:06 -05:00 · 2026-05-08 10:49:22 +05:30 · 2026-05-07 18:37:46 +05:30 · 2026-05-07 07:49:27 +00:00 · 2026-05-07 06:14:06 +00:00 · 2026-05-06 10:21:42 +00:00
467 changed files with 26370 additions and 12393 deletions
@@ -20,12 +20,12 @@ runs:
  using: "composite"
  steps:
    - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

    - uses: ./.github/actions/dangerous-git-checkout

    - name: Cache Build
-      uses: actions/cache@v3
+      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
      id: cache-build
      env:
        cache-name: prod-build
@@ -43,7 +43,7 @@ runs:
      shell: bash

    - name: Setup Node.js 20.x
-      uses: actions/setup-node@v3
+      uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
      with:
        node-version: 20.x
      if: steps.cache-build.outputs.cache-hit != 'true'
@@ -53,7 +53,7 @@ runs:
      if: steps.cache-build.outputs.cache-hit != 'true'

    - name: Install dependencies
-      run: pnpm install --config.platform=linux --config.architecture=x64
+      run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
      if: steps.cache-build.outputs.cache-hit != 'true'
      shell: bash

@@ -4,7 +4,7 @@ runs:
  using: "composite"
  steps:
    - name: Checkout repo
-      uses: actions/checkout@v3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      with:
        ref: ${{ github.event.pull_request.head.sha }}
        fetch-depth: 2
@@ -49,7 +49,7 @@ jobs:
            ${{ runner.os }}-pnpm-store-

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: Run Chromatic
        uses: chromaui/action@4c20b95e9d3209ecfdf9cd6aace6bbde71ba1694 # v13.3.4
@@ -57,7 +57,7 @@ jobs:
      - uses: ./.github/actions/dangerous-git-checkout

      - name: Setup Node.js 22.x
-        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 22.x

@@ -65,7 +65,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64
        shell: bash

      - name: create .env
@@ -85,65 +85,48 @@ jobs:
          echo "S3_REGION=us-east-1" >> .env
          echo "S3_BUCKET_NAME=formbricks-e2e" >> .env
          echo "S3_ENDPOINT_URL=http://localhost:9000" >> .env
-          echo "S3_ACCESS_KEY=devminio" >> .env
-          echo "S3_SECRET_KEY=devminio123" >> .env
+          echo "S3_ACCESS_KEY=devrustfs-service" >> .env
+          echo "S3_SECRET_KEY=devrustfs-service123" >> .env
          echo "S3_FORCE_PATH_STYLE=1" >> .env
        shell: bash

-      - name: Install MinIO client (mc)
-        run: |
-          set -euo pipefail
-          MC_VERSION="RELEASE.2025-08-13T08-35-41Z"
-          MC_BASE="https://dl.min.io/client/mc/release/linux-amd64/archive"
-          MC_BIN="mc.${MC_VERSION}"
-          MC_SUM="${MC_BIN}.sha256sum"
-
-          curl -fsSL "${MC_BASE}/${MC_BIN}" -o "${MC_BIN}"
-          curl -fsSL "${MC_BASE}/${MC_SUM}" -o "${MC_SUM}"
-
-          sha256sum -c "${MC_SUM}"
-
-          chmod +x "${MC_BIN}"
-          sudo mv "${MC_BIN}" /usr/local/bin/mc
-
-      - name: Start MinIO Server
+      - name: Start RustFS Server
        run: |
          set -euo pipefail

-          # Start MinIO server in background
+          # Start RustFS server in background
          docker run -d \
-            --name minio-server \
+            --name rustfs-server \
            -p 9000:9000 \
            -p 9001:9001 \
-            -e MINIO_ROOT_USER=devminio \
-            -e MINIO_ROOT_PASSWORD=devminio123 \
-            minio/minio:RELEASE.2025-09-07T16-13-09Z \
-            server /data --console-address :9001
+            -e RUSTFS_ACCESS_KEY=devrustfs \
+            -e RUSTFS_SECRET_KEY=devrustfs123 \
+            -e RUSTFS_ADDRESS=:9000 \
+            -e RUSTFS_CONSOLE_ENABLE=true \
+            -e RUSTFS_CONSOLE_ADDRESS=:9001 \
+            rustfs/rustfs:1.0.0-alpha.93 \
+            /data

-          echo "MinIO server started"
+          echo "RustFS server started"

-      - name: Wait for MinIO and create S3 bucket
+      - name: Bootstrap RustFS bucket and browser upload CORS
        run: |
          set -euo pipefail

-          echo "Waiting for MinIO to be ready..."
-          ready=0
-          for i in {1..60}; do
-            if curl -fsS http://localhost:9000/minio/health/live >/dev/null; then
-              echo "MinIO is up after ${i} seconds"
-              ready=1
-              break
-            fi
-            sleep 1
-          done
-
-          if [ "$ready" -ne 1 ]; then
-            echo "::error::MinIO did not become ready within 60 seconds"
-            exit 1
-          fi
-
-          mc alias set local http://localhost:9000 devminio devminio123
-          mc mb --ignore-existing local/formbricks-e2e
+          docker run --rm \
+            --network host \
+            --entrypoint /bin/sh \
+            -e RUSTFS_ENDPOINT_URL=http://127.0.0.1:9000 \
+            -e RUSTFS_ADMIN_USER=devrustfs \
+            -e RUSTFS_ADMIN_PASSWORD=devrustfs123 \
+            -e RUSTFS_SERVICE_USER=devrustfs-service \
+            -e RUSTFS_SERVICE_PASSWORD=devrustfs-service123 \
+            -e RUSTFS_BUCKET_NAME=formbricks-e2e \
+            -e RUSTFS_POLICY_NAME=formbricks-e2e-policy \
+            -e RUSTFS_CORS_ALLOWED_ORIGINS=http://localhost:3000,http://127.0.0.1:3000 \
+            -v "$PWD/docker/rustfs-init.sh:/tmp/rustfs-init.sh:ro" \
+            minio/mc@sha256:95b5f3f7969a5c5a9f3a700ba72d5c84172819e13385aaf916e237cf111ab868 \
+            /tmp/rustfs-init.sh

      - name: Build App
        run: |
@@ -242,8 +225,14 @@ jobs:
        if: failure()
        with:
          name: app-logs
+          if-no-files-found: ignore
          path: app.log

      - name: Output App Logs
        if: failure()
-        run: cat app.log
+        run: |
+          if [ -f app.log ]; then
+            cat app.log
+          else
+            echo "app.log not found because the Run App step did not execute or failed before log creation."
+          fi
@@ -155,3 +155,31 @@ jobs:
      commit_sha: ${{ github.sha }}
      is_prerelease: ${{ github.event.release.prerelease }}
      make_latest: ${{ needs.check-latest-release.outputs.is_latest == 'true' }}
+
+  linear-release-complete:
+    name: Mark Linear release as complete
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    needs:
+      - docker-build-community
+      - docker-build-cloud
+      - helm-chart-release
+      - move-stable-tag
+    if: ${{ !github.event.release.prerelease }}
+    steps:
+      - name: Harden the runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Complete Linear release
+        uses: linear/linear-release-action@0353b5fa8c00326913966f00557d68f8f30b8b6b # v0.7.0
+        with:
+          access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
+          command: complete
+          version: ${{ github.event.release.tag_name }}
@@ -0,0 +1,30 @@
+name: Linear Release Sync
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  linear-release:
+    name: Sync release to Linear
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Harden the runner
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Sync Linear release
+        uses: linear/linear-release-action@0353b5fa8c00326913966f00557d68f8f30b8b6b # v0.7.0
+        with:
+          access_key: ${{ secrets.LINEAR_ACCESS_KEY }}
@@ -21,7 +21,7 @@ jobs:
      - uses: ./.github/actions/dangerous-git-checkout

      - name: Setup Node.js 20.x
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 20.x

@@ -29,7 +29,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: create .env
        run: cp .env.example .env
@@ -25,7 +25,7 @@ jobs:
          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

      - name: Setup Node.js 22.x
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 22.x

@@ -33,7 +33,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: create .env
        run: cp .env.example .env
@@ -22,7 +22,7 @@ jobs:
      - uses: ./.github/actions/dangerous-git-checkout

      - name: Setup Node.js 20.x
-        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 20.x

@@ -30,7 +30,7 @@ jobs:
        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0

      - name: Install dependencies
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: create .env
        run: cp .env.example .env
@@ -2,6 +2,7 @@ name: Translation Validation

 permissions:
  contents: read
+  pull-requests: read

 on:
  pull_request:
@@ -39,7 +40,7 @@ jobs:

      - name: Setup Node.js 22.x
        if: steps.changes.outputs.translations == 'true'
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: 22.x

@@ -49,7 +50,7 @@ jobs:

      - name: Install dependencies
        if: steps.changes.outputs.translations == 'true'
-        run: pnpm install --config.platform=linux --config.architecture=x64
+        run: pnpm install --frozen-lockfile --config.platform=linux --config.architecture=x64

      - name: Validate translation keys
        if: steps.changes.outputs.translations == 'true'
@@ -11,19 +11,19 @@
    "clean": "rimraf .turbo node_modules dist storybook-static"
  },
  "devDependencies": {
-    "@chromatic-com/storybook": "^5.0.1",
-    "@storybook/addon-a11y": "10.2.17",
-    "@storybook/addon-links": "10.2.17",
-    "@storybook/addon-onboarding": "10.2.17",
-    "@storybook/react-vite": "10.2.17",
-    "@typescript-eslint/eslint-plugin": "8.57.0",
-    "@tailwindcss/vite": "4.2.1",
-    "@typescript-eslint/parser": "8.57.0",
+    "@chromatic-com/storybook": "5.0.2",
+    "@storybook/addon-a11y": "10.3.5",
+    "@storybook/addon-docs": "10.3.5",
+    "@storybook/addon-links": "10.3.5",
+    "@storybook/addon-onboarding": "10.3.5",
+    "@storybook/react-vite": "10.3.5",
+    "@tailwindcss/vite": "4.2.4",
+    "@typescript-eslint/eslint-plugin": "8.57.2",
+    "@typescript-eslint/parser": "8.57.2",
    "@vitejs/plugin-react": "5.1.4",
    "eslint-plugin-react-refresh": "0.4.26",
-    "eslint-plugin-storybook": "10.2.17",
-    "storybook": "10.2.17",
-    "vite": "7.3.1",
-    "@storybook/addon-docs": "10.2.17"
+    "eslint-plugin-storybook": "10.3.5",
+    "storybook": "10.3.5",
+    "vite": "7.3.2"
  }
 }
@@ -1,4 +1,4 @@
-import { Prisma } from "@prisma/client";
+import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { DatabaseError } from "@formbricks/types/errors";
@@ -32,7 +32,7 @@ describe("getTeamsByOrganizationId", () => {

  test("throws DatabaseError on Prisma error", async () => {
    vi.mocked(prisma.team.findMany).mockRejectedValueOnce(
-      new Prisma.PrismaClientKnownRequestError("fail", { code: "P2002", clientVersion: "1.0.0" })
+      new PrismaClientKnownRequestError("fail", { code: "P2002", clientVersion: "1.0.0" })
    );
    await expect(getTeamsByOrganizationId("org1")).rejects.toThrow(DatabaseError);
  });
@@ -1,6 +1,6 @@
 "use server";

-import { Prisma } from "@prisma/client";
+import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
 import { ZId } from "@formbricks/types/common";
@@ -27,7 +27,7 @@ export const getTeamsByOrganizationId = reactCache(
        name: team.name,
      }));
    } catch (error) {
-      if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      if (error instanceof PrismaClientKnownRequestError) {
        throw new DatabaseError(error.message);
      }

@@ -2,6 +2,7 @@ import { PictureInPicture2Icon, SendIcon, XIcon } from "lucide-react";
 import Link from "next/link";
 import { redirect } from "next/navigation";
 import { OnboardingOptionsContainer } from "@/app/(app)/(onboarding)/organizations/components/OnboardingOptionsContainer";
+import { capturePostHogEvent } from "@/lib/posthog";
 import { getUserProjects } from "@/lib/project/service";
 import { getTranslate } from "@/lingodotdev/server";
 import { getOrganizationAuth } from "@/modules/organization/lib/utils";
@@ -41,6 +42,16 @@ const Page = async (props: ChannelPageProps) => {

  const projects = await getUserProjects(session.user.id, params.organizationId);

+  capturePostHogEvent(
+    session.user.id,
+    "organization_mode_selected",
+    {
+      organization_id: params.organizationId,
+      mode: "surveys",
+    },
+    { organizationId: params.organizationId }
+  );
+
  return (
    <div className="flex min-h-full min-w-full flex-col items-center justify-center space-y-12">
      <Header
@@ -18,6 +18,7 @@ import { createProjectAction } from "@/app/(app)/environments/[environmentId]/ac
 import { previewSurvey } from "@/app/lib/templates";
 import { FORMBRICKS_SURVEYS_FILTERS_KEY_LS } from "@/lib/localStorage";
 import { buildStylingFromBrandColor } from "@/lib/styling/constants";
+import { toJsEnvironmentStateSurvey } from "@/lib/survey/client-utils";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { TOrganizationTeam } from "@/modules/ee/teams/project-teams/types/team";
 import { CreateTeamModal } from "@/modules/ee/teams/team-list/components/create-team-modal";
@@ -242,7 +243,7 @@ export const ProjectSettings = ({
        <SurveyInline
          appUrl={publicDomain}
          isPreviewMode={true}
-          survey={previewSurvey(projectName || t("common.my_product"), t)}
+          survey={toJsEnvironmentStateSurvey(previewSurvey(projectName || t("common.my_product"), t))}
          styling={previewStyling}
          isBrandingEnabled={false}
          languageCode="default"
@@ -7,6 +7,7 @@ import { getTeamsByOrganizationId } from "@/app/(app)/(onboarding)/lib/onboardin
 import { ProjectSettings } from "@/app/(app)/(onboarding)/organizations/[organizationId]/workspaces/new/settings/components/ProjectSettings";
 import { DEFAULT_BRAND_COLOR } from "@/lib/constants";
 import { getPublicDomain } from "@/lib/getPublicUrl";
+import { capturePostHogEvent } from "@/lib/posthog";
 import { getUserProjects } from "@/lib/project/service";
 import { getTranslate } from "@/lingodotdev/server";
 import { getAccessControlPermission } from "@/modules/ee/license-check/lib/utils";
@@ -51,6 +52,18 @@ const Page = async (props: ProjectSettingsPageProps) => {

  const publicDomain = getPublicDomain();

+  if (searchParams.mode === "cx") {
+    capturePostHogEvent(
+      session.user.id,
+      "organization_mode_selected",
+      {
+        organization_id: params.organizationId,
+        mode: "cx",
+      },
+      { organizationId: params.organizationId }
+    );
+  }
+
  return (
    <div className="flex min-h-full min-w-full flex-col items-center justify-center space-y-12">
      <Header
@@ -10,6 +10,7 @@ import {
 import { ZProjectUpdateInput } from "@formbricks/types/project";
 import { getMembershipByUserIdOrganizationId } from "@/lib/membership/service";
 import { getOrganization } from "@/lib/organization/service";
+import { capturePostHogEvent, groupIdentifyPostHog } from "@/lib/posthog";
 import { getOrganizationProjectsCount } from "@/lib/project/service";
 import { updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
@@ -80,6 +81,19 @@ export const createProjectAction = authenticatedActionClient.inputSchema(ZCreate
      notificationSettings: updatedNotificationSettings,
    });

+    groupIdentifyPostHog("workspace", project.id, { name: project.name });
+
+    capturePostHogEvent(
+      user.id,
+      "workspace_created",
+      {
+        organization_id: organizationId,
+        workspace_id: project.id,
+        name: project.name,
+      },
+      { organizationId, workspaceId: project.id }
+    );
+
    ctx.auditLoggingCtx.organizationId = organizationId;
    ctx.auditLoggingCtx.projectId = project.id;
    ctx.auditLoggingCtx.newObject = project;
@@ -409,16 +409,22 @@ export const MainNavigation = ({
    : `/environments/${environment.id}/surveys/`;

  const handleProjectChange = (projectId: string) => {
-    if (projectId === project.id) return;
+    const targetPath =
+      projectId === project.id ? `/environments/${environment.id}/surveys` : `/workspaces/${projectId}/`;
    startTransition(() => {
-      router.push(`/workspaces/${projectId}/`);
+      setIsWorkspaceDropdownOpen(false);
+      router.push(targetPath);
    });
  };

  const handleOrganizationChange = (organizationId: string) => {
-    if (organizationId === organization.id) return;
+    const targetPath =
+      organizationId === organization.id
+        ? `/environments/${environment.id}/settings/general`
+        : `/organizations/${organizationId}/`;
    startTransition(() => {
-      router.push(`/organizations/${organizationId}/`);
+      setIsOrganizationDropdownOpen(false);
+      router.push(targetPath);
    });
  };

@@ -475,7 +481,7 @@ export const MainNavigation = ({
  );

  const switcherIconClasses =
-    "flex h-9 w-9 items-center justify-center rounded-full bg-slate-100 text-slate-600";
+    "flex h-9 w-9 shrink-0 items-center justify-center rounded-full bg-slate-100 text-slate-600";
  const isInitialProjectsLoading = isWorkspaceDropdownOpen && !hasInitializedProjects && !workspaceLoadError;

  return (
@@ -114,8 +114,12 @@ export const OrganizationBreadcrumb = ({
  }

  const handleOrganizationChange = (organizationId: string) => {
-    if (organizationId === currentOrganizationId) return;
    startTransition(() => {
+      setIsOrganizationDropdownOpen(false);
+      if (organizationId === currentOrganizationId && currentEnvironmentId) {
+        router.push(`/environments/${currentEnvironmentId}/settings/general`);
+        return;
+      }
      router.push(`/organizations/${organizationId}/`);
    });
  };
@@ -152,9 +152,13 @@ export const ProjectBreadcrumb = ({
  }

  const handleProjectChange = (projectId: string) => {
-    if (projectId === currentProjectId) return;
+    const targetPath =
+      projectId === currentProjectId
+        ? `/environments/${currentEnvironmentId}/surveys`
+        : `/workspaces/${projectId}/`;
    startTransition(() => {
-      router.push(`/workspaces/${projectId}/`);
+      setIsProjectDropdownOpen(false);
+      router.push(targetPath);
    });
  };

@@ -2,6 +2,8 @@ import { getServerSession } from "next-auth";
 import { redirect } from "next/navigation";
 import { EnvironmentLayout } from "@/app/(app)/environments/[environmentId]/components/EnvironmentLayout";
 import { EnvironmentContextWrapper } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { PostHogGroupIdentify } from "@/app/posthog/PostHogGroupIdentify";
+import { POSTHOG_KEY } from "@/lib/constants";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { getEnvironmentLayoutData } from "@/modules/environments/lib/utils";
 import EnvironmentStorageHandler from "./components/EnvironmentStorageHandler";
@@ -25,6 +27,14 @@ const EnvLayout = async (props: {
  return (
    <>
      <EnvironmentStorageHandler environmentId={params.environmentId} />
+      {POSTHOG_KEY && (
+        <PostHogGroupIdentify
+          organizationId={layoutData.organization.id}
+          organizationName={layoutData.organization.name}
+          workspaceId={layoutData.project.id}
+          workspaceName={layoutData.project.name}
+        />
+      )}
      <EnvironmentContextWrapper
        environment={layoutData.environment}
        project={layoutData.project}
@@ -6,11 +6,9 @@ import {
  TUserUpdateInput,
  ZUserPersonalInfoUpdateInput,
 } from "@formbricks/types/user";
-import {
-  getIsEmailUnique,
-  verifyUserPassword,
-} from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user";
+import { getIsEmailUnique } from "@/app/(app)/environments/[environmentId]/settings/(account)/profile/lib/user";
 import { EMAIL_VERIFICATION_DISABLED, PASSWORD_RESET_DISABLED } from "@/lib/constants";
+import { verifyUserPassword } from "@/lib/user/password";
 import { getUser, updateUser } from "@/lib/user/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { AuthenticatedActionClientCtx } from "@/lib/utils/action-client/types/context";
@@ -1,8 +1,9 @@
 import { beforeEach, describe, expect, test, vi } from "vitest";
 import { prisma } from "@formbricks/database";
 import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { verifyUserPassword } from "@/lib/user/password";
 import { verifyPassword as mockVerifyPasswordImported } from "@/modules/auth/lib/utils";
-import { getIsEmailUnique, verifyUserPassword } from "./user";
+import { getIsEmailUnique } from "./user";

 vi.mock("@/modules/auth/lib/utils", () => ({
  verifyPassword: vi.fn(),
@@ -1,42 +1,5 @@
-import { User } from "@prisma/client";
 import { cache as reactCache } from "react";
 import { prisma } from "@formbricks/database";
-import { InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
-import { verifyPassword } from "@/modules/auth/lib/utils";
-
-export const getUserById = reactCache(
-  async (userId: string): Promise<Pick<User, "password" | "identityProvider">> => {
-    const user = await prisma.user.findUnique({
-      where: {
-        id: userId,
-      },
-      select: {
-        password: true,
-        identityProvider: true,
-      },
-    });
-    if (!user) {
-      throw new ResourceNotFoundError("user", userId);
-    }
-    return user;
-  }
-);
-
-export const verifyUserPassword = async (userId: string, password: string): Promise<boolean> => {
-  const user = await getUserById(userId);
-
-  if (user.identityProvider !== "email" || !user.password) {
-    throw new InvalidInputError("Password is not set for this user");
-  }
-
-  const isCorrectPassword = await verifyPassword(password, user.password);
-
-  if (!isCorrectPassword) {
-    return false;
-  }
-
-  return true;
-};

 export const getIsEmailUnique = reactCache(async (email: string): Promise<boolean> => {
  const user = await prisma.user.findUnique({
@@ -3,25 +3,22 @@
 import { InboxIcon, PresentationIcon } from "lucide-react";
 import { usePathname } from "next/navigation";
 import { useTranslation } from "react-i18next";
-import { TSurvey } from "@formbricks/types/surveys/types";
+import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
 import { revalidateSurveyIdPath } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/actions";
+import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { SecondaryNavigation } from "@/modules/ui/components/secondary-navigation";

 interface SurveyAnalysisNavigationProps {
-  environmentId: string;
-  survey: TSurvey;
  activeId: string;
 }

-export const SurveyAnalysisNavigation = ({
-  environmentId,
-  survey,
-  activeId,
-}: SurveyAnalysisNavigationProps) => {
+export const SurveyAnalysisNavigation = ({ activeId }: SurveyAnalysisNavigationProps) => {
  const pathname = usePathname();
  const { t } = useTranslation();
+  const { environment } = useEnvironment();
+  const { survey } = useSurvey();

-  const url = `/environments/${environmentId}/surveys/${survey.id}`;
+  const url = `/environments/${environment.id}/surveys/${survey.id}`;

  const navigation = [
    {
@@ -31,7 +28,7 @@ export const SurveyAnalysisNavigation = ({
      href: `${url}/summary?referer=true`,
      current: pathname?.includes("/summary"),
      onClick: () => {
-        revalidateSurveyIdPath(environmentId, survey.id);
+        revalidateSurveyIdPath(environment.id, survey.id);
      },
    },
    {
@@ -41,7 +38,7 @@ export const SurveyAnalysisNavigation = ({
      href: `${url}/responses?referer=true`,
      current: pathname?.includes("/responses"),
      onClick: () => {
-        revalidateSurveyIdPath(environmentId, survey.id);
+        revalidateSurveyIdPath(environment.id, survey.id);
      },
    },
  ];
@@ -1,6 +1,6 @@
 "use client";

-import React, { createContext, useCallback, useContext, useState } from "react";
+import React, { createContext, useCallback, useContext, useMemo, useRef, useState } from "react";
 import {
  ElementOption,
  ElementOptions,
@@ -30,7 +30,7 @@ interface SelectedFilterOptions {

 export interface DateRange {
  from: Date | undefined;
-  to?: Date | undefined;
+  to?: Date;
 }

 interface FilterDateContextProps {
@@ -41,6 +41,8 @@ interface FilterDateContextProps {
  dateRange: DateRange;
  setDateRange: React.Dispatch<React.SetStateAction<DateRange>>;
  resetState: () => void;
+  refreshAnalysisData: () => Promise<void>;
+  registerAnalysisRefreshHandler: (handler: () => Promise<void>) => () => void;
 }

 const ResponseFilterContext = createContext<FilterDateContextProps | undefined>(undefined);
@@ -61,6 +63,7 @@ const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) =>
    from: undefined,
    to: getTodayDate(),
  });
+  const refreshHandlerRef = useRef<(() => Promise<void>) | null>(null);

  const resetState = useCallback(() => {
    setDateRange({
@@ -73,20 +76,43 @@ const ResponseFilterProvider = ({ children }: { children: React.ReactNode }) =>
    });
  }, []);

-  return (
-    <ResponseFilterContext.Provider
-      value={{
-        setSelectedFilter,
-        selectedFilter,
-        selectedOptions,
-        setSelectedOptions,
-        dateRange,
-        setDateRange,
-        resetState,
-      }}>
-      {children}
-    </ResponseFilterContext.Provider>
+  const refreshAnalysisData = useCallback(async () => {
+    await refreshHandlerRef.current?.();
+  }, []);
+
+  const registerAnalysisRefreshHandler = useCallback((handler: () => Promise<void>) => {
+    refreshHandlerRef.current = handler;
+
+    return () => {
+      if (refreshHandlerRef.current === handler) {
+        refreshHandlerRef.current = null;
+      }
+    };
+  }, []);
+
+  const contextValue = useMemo(
+    () => ({
+      setSelectedFilter,
+      selectedFilter,
+      selectedOptions,
+      setSelectedOptions,
+      dateRange,
+      setDateRange,
+      resetState,
+      refreshAnalysisData,
+      registerAnalysisRefreshHandler,
+    }),
+    [
+      dateRange,
+      refreshAnalysisData,
+      registerAnalysisRefreshHandler,
+      resetState,
+      selectedFilter,
+      selectedOptions,
+    ]
  );
+
+  return <ResponseFilterContext.Provider value={contextValue}>{children}</ResponseFilterContext.Provider>;
 };

 const useResponseFilter = () => {
@@ -2,6 +2,8 @@

 import { useSearchParams } from "next/navigation";
 import { useCallback, useEffect, useMemo, useState } from "react";
+import toast from "react-hot-toast";
+import { useTranslation } from "react-i18next";
 import { TEnvironment } from "@formbricks/types/environment";
 import { TSurveyQuota } from "@formbricks/types/quota";
 import { TResponseWithQuotas } from "@formbricks/types/responses";
@@ -13,6 +15,7 @@ import { useResponseFilter } from "@/app/(app)/environments/[environmentId]/surv
 import { ResponseDataView } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/responses/components/ResponseDataView";
 import { CustomFilter } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/CustomFilter";
 import { getFormattedFilters } from "@/app/lib/surveys/surveys";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { replaceHeadlineRecall } from "@/lib/utils/recall";

 interface ResponsePageProps {
@@ -46,8 +49,8 @@ export const ResponsePage = ({
  const [page, setPage] = useState<number | null>(null);
  const [hasMore, setHasMore] = useState<boolean>(initialResponses.length >= responsesPerPage);
  const [isFetchingFirstPage, setIsFetchingFirstPage] = useState<boolean>(false);
-  const { selectedFilter, dateRange, resetState } = useResponseFilter();
-
+  const { selectedFilter, dateRange, resetState, registerAnalysisRefreshHandler } = useResponseFilter();
+  const { t } = useTranslation();
  const filters = useMemo(
    () => getFormattedFilters(survey, selectedFilter, dateRange),

@@ -86,6 +89,34 @@ export const ResponsePage = ({
    setResponses((prev) => prev.map((r) => (r.id === responseId ? updatedResponse : r)));
  };

+  const refetchResponses = useCallback(async () => {
+    setIsFetchingFirstPage(true);
+
+    try {
+      const getResponsesActionResponse = await getResponsesAction({
+        surveyId,
+        limit: responsesPerPage,
+        offset: 0,
+        filterCriteria: filters,
+      });
+
+      if (getResponsesActionResponse?.serverError) {
+        toast.error(getFormattedErrorMessage(getResponsesActionResponse) ?? t("common.something_went_wrong"));
+      }
+
+      const freshResponses = getResponsesActionResponse?.data ?? [];
+      setResponses(freshResponses);
+      setPage(1);
+      setHasMore(freshResponses.length >= responsesPerPage);
+    } finally {
+      setIsFetchingFirstPage(false);
+    }
+  }, [filters, responsesPerPage, surveyId]);
+
+  useEffect(() => {
+    return registerAnalysisRefreshHandler(refetchResponses);
+  }, [refetchResponses, registerAnalysisRefreshHandler]);
+
  const surveyMemoized = useMemo(() => {
    return replaceHeadlineRecall(survey, "default");
  }, [survey]);
@@ -134,6 +165,8 @@ export const ResponsePage = ({
      }
    };
    fetchFilteredResponses();
+    // page is intentionally omitted to avoid refetching after the initial page setup.
+    // eslint-disable-next-line react-hooks/exhaustive-deps
  }, [filters, responsesPerPage, selectedFilter, dateRange, surveyId]);

  return (
@@ -1,5 +1,4 @@
 import { TFunction } from "i18next";
-import { capitalize } from "lodash";
 import {
  AirplayIcon,
  ArrowUpFromDotIcon,
@@ -9,6 +8,7 @@ import {
  SmartphoneIcon,
 } from "lucide-react";
 import { TResponseMeta } from "@formbricks/types/responses";
+import { capitalize } from "@/lib/utils/object";

 export const getAddressFieldLabel = (field: string, t: TFunction) => {
  switch (field) {
@@ -64,8 +64,6 @@ const Page = async (props: { params: Promise<{ environmentId: string; surveyId:
        pageTitle={survey.name}
        cta={
          <SurveyAnalysisCTA
-            environment={environment}
-            survey={survey}
            isReadOnly={isReadOnly}
            user={user}
            publicDomain={publicDomain}
@@ -76,7 +74,7 @@ const Page = async (props: { params: Promise<{ environmentId: string; surveyId:
            isStorageConfigured={IS_STORAGE_CONFIGURED}
          />
        }>
-        <SurveyAnalysisNavigation environmentId={environment.id} survey={survey} activeId="responses" />
+        <SurveyAnalysisNavigation activeId="responses" />
      </PageHeader>
      <ResponsePage
        environment={environment}
@@ -4,6 +4,7 @@ import { z } from "zod";
 import { ZId } from "@formbricks/types/common";
 import { OperationNotAllowedError, ResourceNotFoundError, UnknownError } from "@formbricks/types/errors";
 import { getEmailTemplateHtml } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/lib/emailTemplate";
+import { capturePostHogEvent } from "@/lib/posthog";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
@@ -146,6 +147,7 @@ export const generatePersonalLinksAction = authenticatedActionClient
  .inputSchema(ZGeneratePersonalLinksAction)
  .action(async ({ ctx, parsedInput }) => {
    const organizationId = await getOrganizationIdFromSurveyId(parsedInput.surveyId);
+    const projectId = await getProjectIdFromSurveyId(parsedInput.surveyId);
    const isContactsEnabled = await getIsContactsEnabled(organizationId);
    if (!isContactsEnabled) {
      throw new OperationNotAllowedError("Contacts are not enabled for this environment");
@@ -153,7 +155,7 @@ export const generatePersonalLinksAction = authenticatedActionClient

    await checkAuthorizationUpdated({
      userId: ctx.user.id,
-      organizationId: await getOrganizationIdFromSurveyId(parsedInput.surveyId),
+      organizationId,
      access: [
        {
          type: "organization",
@@ -161,7 +163,7 @@ export const generatePersonalLinksAction = authenticatedActionClient
        },
        {
          type: "projectTeam",
-          projectId: await getProjectIdFromSurveyId(parsedInput.surveyId),
+          projectId,
          minPermission: "readWrite",
        },
      ],
@@ -178,6 +180,18 @@ export const generatePersonalLinksAction = authenticatedActionClient
      throw new UnknownError("No contacts found for the selected segment");
    }

+    capturePostHogEvent(
+      ctx.user.id,
+      "personal_link_created",
+      {
+        organization_id: organizationId,
+        workspace_id: projectId,
+        survey_id: parsedInput.surveyId,
+        link_count: contactsResult.length,
+      },
+      { organizationId, workspaceId: projectId }
+    );
+
    // Prepare CSV data with the specified headers and order
    const csvHeaders = [
      "Formbricks Contact ID",
@@ -4,16 +4,13 @@ import { useSearchParams } from "next/navigation";
 import { useEffect, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
-import { TEnvironment } from "@formbricks/types/environment";
-import { TSurvey } from "@formbricks/types/surveys/types";
+import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { Confetti } from "@/modules/ui/components/confetti";

-interface SummaryMetadataProps {
-  environment: TEnvironment;
-  survey: TSurvey;
-}
-
-export const SuccessMessage = ({ environment, survey }: SummaryMetadataProps) => {
+export const SuccessMessage = () => {
+  const { environment } = useEnvironment();
+  const { survey } = useSurvey();
  const { t } = useTranslation();
  const searchParams = useSearchParams();
  const [confetti, setConfetti] = useState(false);
@@ -71,7 +71,7 @@ export const SummaryPage = ({
  const [tab, setTab] = useState<"dropOffs" | "quotas" | "impressions" | undefined>(undefined);
  const [isLoading, setIsLoading] = useState(!initialSurveySummary);

-  const { selectedFilter, dateRange, resetState } = useResponseFilter();
+  const { selectedFilter, dateRange, resetState, registerAnalysisRefreshHandler } = useResponseFilter();

  const [displays, setDisplays] = useState<TDisplayWithContact[]>([]);
  const [isDisplaysLoading, setIsDisplaysLoading] = useState(false);
@@ -111,7 +111,7 @@ export const SummaryPage = ({
    } finally {
      setIsDisplaysLoading(false);
    }
-  }, [fetchDisplays, t]);
+  }, [fetchDisplays]);

  const handleLoadMoreDisplays = useCallback(async () => {
    try {
@@ -131,13 +131,39 @@ export const SummaryPage = ({
    }
  }, [tab, loadInitialDisplays]);

+  const fetchSummary = useCallback(async () => {
+    const currentFilters = getFormattedFilters(survey, selectedFilter, dateRange);
+    const updatedSurveySummary = await getSurveySummaryAction({
+      surveyId,
+      filterCriteria: currentFilters,
+    });
+
+    if (updatedSurveySummary?.serverError) {
+      throw new Error(getFormattedErrorMessage(updatedSurveySummary));
+    }
+
+    setSurveySummary(updatedSurveySummary?.data ?? defaultSurveySummary);
+  }, [dateRange, selectedFilter, survey, surveyId]);
+
+  const refreshSummary = useCallback(async () => {
+    setIsLoading(true);
+
+    try {
+      await Promise.all([fetchSummary(), tab === "impressions" ? loadInitialDisplays() : Promise.resolve()]);
+    } finally {
+      setIsLoading(false);
+    }
+  }, [fetchSummary, loadInitialDisplays, tab]);
+
+  useEffect(() => {
+    return registerAnalysisRefreshHandler(refreshSummary);
+  }, [refreshSummary, registerAnalysisRefreshHandler]);
+
  // Only fetch data when filters change or when there's no initial data
  useEffect(() => {
    // If we have initial data and no filters are applied, don't fetch
    const hasNoFilters =
-      (!selectedFilter ||
-        Object.keys(selectedFilter).length === 0 ||
-        (selectedFilter.filter && selectedFilter.filter.length === 0)) &&
+      (!selectedFilter || Object.keys(selectedFilter).length === 0 || selectedFilter.filter?.length === 0) &&
      (!dateRange || (!dateRange.from && !dateRange.to));

    if (initialSurveySummary && hasNoFilters) {
@@ -145,21 +171,11 @@ export const SummaryPage = ({
      return;
    }

-    const fetchSummary = async () => {
+    const fetchFilteredSummary = async () => {
      setIsLoading(true);

      try {
-        // Recalculate filters inside the effect to ensure we have the latest values
-        const currentFilters = getFormattedFilters(survey, selectedFilter, dateRange);
-        let updatedSurveySummary;
-
-        updatedSurveySummary = await getSurveySummaryAction({
-          surveyId,
-          filterCriteria: currentFilters,
-        });
-
-        const surveySummary = updatedSurveySummary?.data ?? defaultSurveySummary;
-        setSurveySummary(surveySummary);
+        await fetchSummary();
      } catch (error) {
        console.error(error);
      } finally {
@@ -167,8 +183,8 @@ export const SummaryPage = ({
      }
    };

-    fetchSummary();
-  }, [selectedFilter, dateRange, survey, surveyId, initialSurveySummary]);
+    fetchFilteredSummary();
+  }, [selectedFilter, dateRange, initialSurveySummary, fetchSummary]);

  const surveyMemoized = useMemo(() => {
    return replaceHeadlineRecall(survey, "default");
@@ -1,18 +1,18 @@
 "use client";

-import { BellRing, Eye, ListRestart, SquarePenIcon } from "lucide-react";
+import { BellRing, Eye, ListRestart, RefreshCcwIcon, SquarePenIcon } from "lucide-react";
 import { usePathname, useRouter, useSearchParams } from "next/navigation";
 import { useEffect, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
-import { TEnvironment } from "@formbricks/types/environment";
 import { TSegment } from "@formbricks/types/segment";
-import { TSurvey } from "@formbricks/types/surveys/types";
 import { TUser } from "@formbricks/types/user";
 import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { useResponseFilter } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/components/response-filter-context";
 import { SuccessMessage } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/SuccessMessage";
 import { ShareSurveyModal } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/share-survey-modal";
 import { SurveyStatusDropdown } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/components/SurveyStatusDropdown";
+import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { EditPublicSurveyAlertDialog } from "@/modules/survey/components/edit-public-survey-alert-dialog";
 import { useSingleUseId } from "@/modules/survey/hooks/useSingleUseId";
@@ -23,8 +23,6 @@ import { IconBar } from "@/modules/ui/components/iconbar";
 import { resetSurveyAction } from "../actions";

 interface SurveyAnalysisCTAProps {
-  survey: TSurvey;
-  environment: TEnvironment;
  isReadOnly: boolean;
  user: TUser;
  publicDomain: string;
@@ -41,8 +39,6 @@ interface ModalState {
 }

 export const SurveyAnalysisCTA = ({
-  survey,
-  environment,
  isReadOnly,
  user,
  publicDomain,
@@ -63,9 +59,12 @@ export const SurveyAnalysisCTA = ({
  });
  const [isResetModalOpen, setIsResetModalOpen] = useState(false);
  const [isResetting, setIsResetting] = useState(false);
+  const [isRefreshing, setIsRefreshing] = useState(false);

-  const { project } = useEnvironment();
+  const { environment, project } = useEnvironment();
+  const { survey } = useSurvey();
  const { refreshSingleUseId } = useSingleUseId(survey, isReadOnly);
+  const { refreshAnalysisData } = useResponseFilter();

  const appSetupCompleted = survey.type === "app" && environment.appSetupCompleted;

@@ -77,7 +76,7 @@ export const SurveyAnalysisCTA = ({
  }, [searchParams]);

  const handleShareModalToggle = (open: boolean) => {
-    const params = new URLSearchParams(window.location.search);
+    const params = new URLSearchParams(globalThis.location.search);
    const currentShareParam = params.get("share") === "true";

    if (open && !currentShareParam) {
@@ -147,6 +146,25 @@ export const SurveyAnalysisCTA = ({
  };

  const iconActions = [
+    {
+      icon: RefreshCcwIcon,
+      tooltip: t("common.refresh"),
+      onClick: async () => {
+        if (isRefreshing) return;
+        setIsRefreshing(true);
+        try {
+          await refreshAnalysisData();
+          toast.success(t("common.data_refreshed_successfully"));
+        } catch (error) {
+          const errorMessage = error instanceof Error ? error.message : t("common.something_went_wrong");
+          toast.error(errorMessage);
+        } finally {
+          setIsRefreshing(false);
+        }
+      },
+      disabled: isRefreshing,
+      isVisible: true,
+    },
    {
      icon: BellRing,
      tooltip: t("environments.surveys.summary.configure_alerts"),
@@ -183,7 +201,7 @@ export const SurveyAnalysisCTA = ({
  return (
    <div className="hidden justify-end gap-x-1.5 sm:flex">
      {!isReadOnly && (appSetupCompleted || survey.type === "link") && survey.status !== "draft" && (
-        <SurveyStatusDropdown environment={environment} survey={survey} />
+        <SurveyStatusDropdown />
      )}

      <IconBar actions={iconActions} />
@@ -215,7 +233,7 @@ export const SurveyAnalysisCTA = ({
          projectCustomScripts={project.customHeadScripts}
        />
      )}
-      <SuccessMessage environment={environment} survey={survey} />
+      <SuccessMessage />

      {responseCount > 0 && (
        <EditPublicSurveyAlertDialog
@@ -2,7 +2,7 @@

 import DOMPurify from "dompurify";
 import { CopyIcon, SendIcon } from "lucide-react";
-import { useEffect, useMemo, useState } from "react";
+import { type SyntheticEvent, useEffect, useMemo, useState } from "react";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
 import { AuthenticationError } from "@formbricks/types/errors";
@@ -21,6 +21,7 @@ interface EmailTabProps {
 export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
  const [activeTab, setActiveTab] = useState("preview");
  const [emailHtmlPreview, setEmailHtmlPreview] = useState<string>("");
+  const [previewFrameHeight, setPreviewFrameHeight] = useState(560);
  const { t } = useTranslation();

  const emailHtml = useMemo(() => {
@@ -31,6 +32,40 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
      .replaceAll("?preview=true", "");
  }, [emailHtmlPreview]);

+  const sanitizedEmailHtml = useMemo(() => {
+    if (!emailHtmlPreview) return "";
+    return DOMPurify.sanitize(emailHtmlPreview, { ADD_ATTR: ["bgcolor", "target"] });
+  }, [emailHtmlPreview]);
+
+  const emailPreviewDocument = useMemo(() => {
+    if (!sanitizedEmailHtml) return "";
+
+    return `<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <meta name="color-scheme" content="only light" />
+    <meta name="supported-color-schemes" content="light" />
+    <base target="_blank" />
+    <style>
+      :root {
+        color-scheme: only light;
+        supported-color-schemes: light;
+      }
+
+      html, body {
+        margin: 0;
+        padding: 0;
+        background: #ffffff;
+        color-scheme: only light;
+      }
+    </style>
+  </head>
+  <body>${sanitizedEmailHtml}</body>
+</html>`;
+  }, [sanitizedEmailHtml]);
+
  const tabs = [
    {
      id: "preview",
@@ -51,6 +86,25 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
    getData();
  }, [surveyId]);

+  useEffect(() => {
+    setPreviewFrameHeight(560);
+  }, [emailPreviewDocument]);
+
+  const handlePreviewFrameLoad = (event: SyntheticEvent<HTMLIFrameElement>) => {
+    const { contentDocument } = event.currentTarget;
+    if (!contentDocument) {
+      return;
+    }
+
+    const nextHeight = Math.max(
+      contentDocument.body.scrollHeight,
+      contentDocument.documentElement.scrollHeight,
+      560
+    );
+
+    setPreviewFrameHeight(nextHeight);
+  };
+
  const sendPreviewEmail = async () => {
    try {
      const val = await sendEmbedSurveyPreviewEmailAction({ surveyId });
@@ -73,7 +127,9 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
    if (activeTab === "preview") {
      return (
        <div className="space-y-4 pb-4">
-          <div className="flex-1 overflow-y-auto rounded-lg border border-slate-200 bg-white p-4">
+          <div
+            className="flex-1 overflow-y-auto rounded-lg border border-slate-200 bg-white p-4"
+            data-testid="survey-email-preview-shell">
            <div className="mb-6 flex gap-2">
              <div className="h-3 w-3 rounded-full bg-red-500" />
              <div className="h-3 w-3 rounded-full bg-amber-500" />
@@ -87,9 +143,17 @@ export const EmailTab = ({ surveyId, email }: EmailTabProps) => {
                {t("environments.surveys.share.send_email.email_subject_label")} :{" "}
                {t("environments.surveys.share.send_email.formbricks_email_survey_preview")}
              </div>
-              <div className="p-2">
-                {emailHtml ? (
-                  <div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(emailHtml) }} />
+              <div data-testid="survey-email-preview-content">
+                {emailPreviewDocument ? (
+                  <iframe
+                    className="mt-2 w-full rounded-md border-0 bg-white"
+                    data-testid="survey-email-preview-frame"
+                    onLoad={handlePreviewFrameLoad}
+                    sandbox="allow-popups allow-popups-to-escape-sandbox allow-same-origin"
+                    srcDoc={emailPreviewDocument}
+                    style={{ height: `${previewFrameHeight}px` }}
+                    title={t("environments.surveys.share.send_email.email_preview_tab")}
+                  />
                ) : (
                  <LoadingSpinner />
                )}
@@ -16,13 +16,19 @@ export const WebsiteEmbedTab = ({ surveyUrl }: WebsiteEmbedTabProps) => {
  const [embedModeEnabled, setEmbedModeEnabled] = useState(false);
  const { t } = useTranslation();

-  const iframeCode = `<div style="position: relative; height:80dvh; overflow:auto;"> 
-  <iframe 
-    src="${surveyUrl}${embedModeEnabled ? "?embed=true" : ""}" 
+  const separator = surveyUrl.includes("?") ? "&" : "?";
+
+  const iframeSrc = embedModeEnabled ? `${surveyUrl}${separator}embed=true` : surveyUrl;
+
+  const iframeCode = `<div style="position: relative; height:80dvh; overflow:auto;">
+  <iframe
+    src="${iframeSrc}"
    frameborder="0" style="position: absolute; left:0; top:0; width:100%; height:100%; border:0;">
  </iframe>
 </div>`;

+  const previewSrc = `${iframeSrc}${iframeSrc.includes("?") ? "&" : "?"}preview=true`;
+
  return (
    <>
      <CodeBlock language="html" noMargin>
@@ -48,6 +54,15 @@ export const WebsiteEmbedTab = ({ surveyUrl }: WebsiteEmbedTabProps) => {
        {t("common.copy_code")}
        <CopyIcon />
      </Button>
+
+      <p className="text-base font-medium text-slate-800">{t("common.preview")}</p>
+      <div className="relative h-[500px] w-full overflow-hidden rounded-lg border border-slate-300">
+        <iframe
+          title={t("common.preview")}
+          src={previewSrc}
+          className="absolute inset-0 h-full w-full border-0"
+        />
+      </div>
    </>
  );
 };
@@ -0,0 +1,59 @@
+import { describe, expect, test } from "vitest";
+import { extractEmailBodyFragment } from "./emailTemplateFragment";
+
+describe("extractEmailBodyFragment", () => {
+  test("returns the body contents for rendered email documents", () => {
+    const html = `
+      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+      <html>
+        <head>
+          <style>.foo { color: red; }</style>
+        </head>
+        <body class="email-body">
+          <table>
+            <tr>
+              <td>Preview content</td>
+            </tr>
+          </table>
+        </body>
+      </html>
+    `;
+
+    expect(extractEmailBodyFragment(html)).toBe(
+      "<table>\n            <tr>\n              <td>Preview content</td>\n            </tr>\n          </table>"
+    );
+  });
+
+  test("removes document-level tags from rendered survey email markup", () => {
+    const fragment = extractEmailBodyFragment(`
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <style>.foo { color: red; }</style>
+        </head>
+        <body>
+          <table>
+            <tr>
+              <td>Which fruits do you like</td>
+            </tr>
+          </table>
+        </body>
+      </html>
+    `);
+
+    expect(fragment).toBe(
+      "<table>\n            <tr>\n              <td>Which fruits do you like</td>\n            </tr>\n          </table>"
+    );
+    expect(fragment).not.toMatch(/<!DOCTYPE|<html|<head|<body/i);
+  });
+
+  test("falls back to the original markup when no body tag exists", () => {
+    expect(extractEmailBodyFragment("<div>Preview content</div>")).toBe("<div>Preview content</div>");
+  });
+
+  test("removes React server markers from rendered fragments", () => {
+    expect(extractEmailBodyFragment("<body><!--$--><div>Preview content</div><!--/$--></body>")).toBe(
+      "<div>Preview content</div>"
+    );
+  });
+});
@@ -1,10 +1,12 @@
 import { ResourceNotFoundError } from "@formbricks/types/errors";
 import { getPublicDomain } from "@/lib/getPublicUrl";
 import { getProjectByEnvironmentId } from "@/lib/project/service";
+import { toJsEnvironmentStateSurvey } from "@/lib/survey/client-utils";
 import { getSurvey } from "@/lib/survey/service";
 import { getStyling } from "@/lib/utils/styling";
 import { getTranslate } from "@/lingodotdev/server";
 import { getPreviewEmailTemplateHtml } from "@/modules/email/components/preview-email-template";
+import { extractEmailBodyFragment } from "./emailTemplateFragment";

 export const getEmailTemplateHtml = async (surveyId: string, locale: string) => {
  const t = await getTranslate();
@@ -17,12 +19,9 @@ export const getEmailTemplateHtml = async (surveyId: string, locale: string) =>
    throw new ResourceNotFoundError(t("common.workspace"), null);
  }

-  const styling = getStyling(project, survey);
+  const styling = getStyling(project, toJsEnvironmentStateSurvey(survey));
  const surveyUrl = getPublicDomain() + "/s/" + survey.id;
  const html = await getPreviewEmailTemplateHtml(survey, surveyUrl, styling, locale, t);
-  const doctype =
-    '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">';
-  const htmlCleaned = html.toString().replace(doctype, "");

-  return htmlCleaned;
+  return extractEmailBodyFragment(html.toString());
 };
@@ -0,0 +1,11 @@
+const EMAIL_DOCTYPE_PATTERN = /<!DOCTYPE[^>]*>/i;
+const EMAIL_BODY_PATTERN = /<body\b[^>]*>([\s\S]*?)<\/body>/i;
+const EMAIL_REACT_SERVER_MARKER_PATTERN = /<!--\/?\$-->/g;
+
+export const extractEmailBodyFragment = (html: string): string => {
+  const htmlWithoutDoctype = html.replace(EMAIL_DOCTYPE_PATTERN, "").trim();
+  const bodyMatch = EMAIL_BODY_PATTERN.exec(htmlWithoutDoctype);
+  const fragment = bodyMatch?.[1].trim() ?? htmlWithoutDoctype;
+
+  return fragment.replaceAll(EMAIL_REACT_SERVER_MARKER_PATTERN, "").trim();
+};
@@ -66,8 +66,6 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
        pageTitle={survey.name}
        cta={
          <SurveyAnalysisCTA
-            environment={environment}
-            survey={survey}
            isReadOnly={isReadOnly}
            user={user}
            publicDomain={publicDomain}
@@ -78,7 +76,7 @@ const SurveyPage = async (props: { params: Promise<{ environmentId: string; surv
            isStorageConfigured={IS_STORAGE_CONFIGURED}
          />
        }>
-        <SurveyAnalysisNavigation environmentId={environment.id} survey={survey} activeId="summary" />
+        <SurveyAnalysisNavigation activeId="summary" />
      </PageHeader>
      <SummaryPage
        environment={environment}
@@ -42,18 +42,25 @@ export const getResponsesDownloadUrlAction = authenticatedActionClient
      ],
    });

+    const projectId = await getProjectIdFromSurveyId(parsedInput.surveyId);
    const result = await getResponseDownloadFile(
      parsedInput.surveyId,
      parsedInput.format,
      parsedInput.filterCriteria
    );

-    capturePostHogEvent(ctx.user.id, "responses_exported", {
-      survey_id: parsedInput.surveyId,
-      format: parsedInput.format,
-      filter_applied: Object.keys(parsedInput.filterCriteria ?? {}).length > 0,
-      organization_id: organizationId,
-    });
+    capturePostHogEvent(
+      ctx.user.id,
+      "responses_exported",
+      {
+        survey_id: parsedInput.surveyId,
+        format: parsedInput.format,
+        filter_applied: Object.keys(parsedInput.filterCriteria ?? {}).length > 0,
+        organization_id: organizationId,
+        workspace_id: projectId,
+      },
+      { organizationId, workspaceId: projectId }
+    );

    return result;
  });
@@ -3,8 +3,9 @@
 import { useRouter } from "next/navigation";
 import toast from "react-hot-toast";
 import { useTranslation } from "react-i18next";
-import { TEnvironment } from "@formbricks/types/environment";
 import { TSurvey } from "@formbricks/types/surveys/types";
+import { useEnvironment } from "@/app/(app)/environments/[environmentId]/context/environment-context";
+import { useSurvey } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/context/survey-context";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { updateSurveyAction } from "@/modules/survey/editor/actions";
 import {
@@ -16,17 +17,9 @@ import {
 } from "@/modules/ui/components/select";
 import { SurveyStatusIndicator } from "@/modules/ui/components/survey-status-indicator";

-interface SurveyStatusDropdownProps {
-  environment: TEnvironment;
-  updateLocalSurveyStatus?: (status: TSurvey["status"]) => void;
-  survey: TSurvey;
-}
-
-export const SurveyStatusDropdown = ({
-  environment,
-  updateLocalSurveyStatus,
-  survey,
-}: SurveyStatusDropdownProps) => {
+export const SurveyStatusDropdown = () => {
+  const { environment } = useEnvironment();
+  const { survey } = useSurvey();
  const { t } = useTranslation();
  const router = useRouter();

@@ -46,10 +39,6 @@ export const SurveyStatusDropdown = ({
        toast.success(toastMessage);
      }

-      if (updateLocalSurveyStatus) {
-        updateLocalSurveyStatus(resultingStatus);
-      }
-
      router.refresh();
    } else {
      const errorMessage = getFormattedErrorMessage(updateSurveyActionResponse);
@@ -0,0 +1,8 @@
+import { type ReactNode } from "react";
+import { SurveysQueryClientProvider } from "./query-client-provider";
+
+const SurveysLayout = ({ children }: { children: ReactNode }) => {
+  return <SurveysQueryClientProvider>{children}</SurveysQueryClientProvider>;
+};
+
+export default SurveysLayout;
@@ -0,0 +1,10 @@
+"use client";
+
+import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
+import { type ReactNode, useState } from "react";
+
+export const SurveysQueryClientProvider = ({ children }: { children: ReactNode }) => {
+  const [queryClient] = useState(() => new QueryClient());
+
+  return <QueryClientProvider client={queryClient}>{children}</QueryClientProvider>;
+};
@@ -43,14 +43,22 @@ export const createOrUpdateIntegrationAction = authenticatedActionClient
      });

      ctx.auditLoggingCtx.organizationId = organizationId;
+      const projectId = await getProjectIdFromEnvironmentId(parsedInput.environmentId);
      const result = await createOrUpdateIntegration(parsedInput.environmentId, parsedInput.integrationData);
      ctx.auditLoggingCtx.integrationId = result.id;
      ctx.auditLoggingCtx.newObject = result;

-      capturePostHogEvent(ctx.user.id, "integration_connected", {
-        integration_type: parsedInput.integrationData.type,
-        organization_id: organizationId,
-      });
+      capturePostHogEvent(
+        ctx.user.id,
+        "integration_connected",
+        {
+          integration_type: parsedInput.integrationData.type,
+          organization_id: organizationId,
+          workspace_id: projectId,
+          environment_id: parsedInput.environmentId,
+        },
+        { organizationId, workspaceId: projectId }
+      );

      return result;
    })
@@ -18,6 +18,7 @@ interface AirtableWrapperProps {
  isEnabled: boolean;
  webAppUrl: string;
  locale: TUserLocale;
+  showReconnectButton?: boolean;
 }

 export const AirtableWrapper = ({
@@ -28,6 +29,7 @@ export const AirtableWrapper = ({
  isEnabled,
  webAppUrl,
  locale,
+  showReconnectButton = false,
 }: AirtableWrapperProps) => {
  const [isConnected, setIsConnected] = useState(
    airtableIntegration ? airtableIntegration.config?.key : false
@@ -49,6 +51,8 @@ export const AirtableWrapper = ({
      setIsConnected={setIsConnected}
      surveys={surveys}
      locale={locale}
+      showReconnectButton={showReconnectButton}
+      handleAirtableAuthorization={handleAirtableAuthorization}
    />
  ) : (
    <ConnectIntegration
@@ -1,6 +1,6 @@
 "use client";

-import { Trash2Icon } from "lucide-react";
+import { RefreshCcwIcon, Trash2Icon } from "lucide-react";
 import { useState } from "react";
 import { toast } from "react-hot-toast";
 import { useTranslation } from "react-i18next";
@@ -12,9 +12,11 @@ import { deleteIntegrationAction } from "@/app/(app)/environments/[environmentId
 import { AddIntegrationModal } from "@/app/(app)/environments/[environmentId]/workspace/integrations/airtable/components/AddIntegrationModal";
 import { timeSince } from "@/lib/time";
 import { getFormattedErrorMessage } from "@/lib/utils/helper";
+import { Alert, AlertButton, AlertDescription } from "@/modules/ui/components/alert";
 import { Button } from "@/modules/ui/components/button";
 import { DeleteDialog } from "@/modules/ui/components/delete-dialog";
 import { EmptyState } from "@/modules/ui/components/empty-state";
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/modules/ui/components/tooltip";
 import { IntegrationModalInputs } from "../lib/types";

 interface ManageIntegrationProps {
@@ -24,10 +26,20 @@ interface ManageIntegrationProps {
  surveys: TSurvey[];
  airtableArray: TIntegrationItem[];
  locale: TUserLocale;
+  showReconnectButton: boolean;
+  handleAirtableAuthorization: () => Promise<void>;
 }

-export const ManageIntegration = (props: ManageIntegrationProps) => {
-  const { airtableIntegration, environmentId, setIsConnected, surveys, airtableArray } = props;
+export const ManageIntegration = ({
+  airtableIntegration,
+  environmentId,
+  setIsConnected,
+  surveys,
+  airtableArray,
+  showReconnectButton,
+  handleAirtableAuthorization,
+  locale,
+}: ManageIntegrationProps) => {
  const { t } = useTranslation();

  const tableHeaders = [
@@ -73,15 +85,34 @@ export const ManageIntegration = (props: ManageIntegrationProps) => {
    : { isEditMode: false as const };
  return (
    <div className="mt-6 flex w-full flex-col items-center justify-center p-6">
-      <div className="flex w-full justify-end gap-x-6">
-        <div className="flex items-center">
+      {showReconnectButton && (
+        <Alert variant="warning" size="small" className="mb-4 w-full">
+          <AlertDescription>{t("environments.integrations.reconnect_button_description")}</AlertDescription>
+          <AlertButton onClick={handleAirtableAuthorization}>
+            {t("environments.integrations.reconnect_button")}
+          </AlertButton>
+        </Alert>
+      )}
+      <div className="flex w-full justify-end space-x-2">
+        <div className="mr-6 flex items-center">
          <span className="mr-4 h-4 w-4 rounded-full bg-green-600"></span>
-          <span className="cursor-pointer text-slate-500">
+          <span className="text-slate-500">
            {t("environments.integrations.connected_with_email", {
              email: airtableIntegration.config.email,
            })}
          </span>
        </div>
+        <TooltipProvider>
+          <Tooltip>
+            <TooltipTrigger asChild>
+              <Button variant="outline" onClick={handleAirtableAuthorization}>
+                <RefreshCcwIcon className="mr-2 h-4 w-4" />
+                {t("environments.integrations.reconnect_button")}
+              </Button>
+            </TooltipTrigger>
+            <TooltipContent>{t("environments.integrations.reconnect_button_tooltip")}</TooltipContent>
+          </Tooltip>
+        </TooltipProvider>
        <Button
          onClick={() => {
            setDefaultValues(null);
@@ -122,9 +153,7 @@ export const ManageIntegration = (props: ManageIntegrationProps) => {
              <div className="col-span-2 text-center">{data.surveyName}</div>
              <div className="col-span-2 text-center">{data.tableName}</div>
              <div className="col-span-2 text-center">{data.elements}</div>
-              <div className="col-span-2 text-center">
-                {timeSince(data.createdAt.toString(), props.locale)}
-              </div>
+              <div className="col-span-2 text-center">{timeSince(data.createdAt.toString(), locale)}</div>
            </button>
          ))}
        </div>
@@ -1,4 +1,5 @@
 import { redirect } from "next/navigation";
+import { logger } from "@formbricks/logger";
 import { TIntegrationItem } from "@formbricks/types/integration";
 import { TIntegrationAirtable } from "@formbricks/types/integration/airtable";
 import { AirtableWrapper } from "@/app/(app)/environments/[environmentId]/workspace/integrations/airtable/components/AirtableWrapper";
@@ -31,8 +32,14 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
  );

  let airtableArray: TIntegrationItem[] = [];
+  let isTokenValid = true;
  if (airtableIntegration?.config.key) {
-    airtableArray = await getAirtableTables(params.environmentId);
+    try {
+      airtableArray = await getAirtableTables(params.environmentId);
+    } catch (error) {
+      logger.error(error, "Failed to load Airtable bases — token may be expired or revoked");
+      isTokenValid = false;
+    }
  }
  if (isReadOnly) {
    return redirect("./");
@@ -51,6 +58,7 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
          surveys={surveys}
          webAppUrl={WEBAPP_URL}
          locale={locale ?? DEFAULT_LOCALE}
+          showReconnectButton={!isTokenValid}
        />
      </div>
    </PageContentWrapper>
@@ -12,6 +12,7 @@ describe("captureSurveyResponsePostHogEvent", () => {

  const makeParams = (responseCount: number) => ({
    organizationId: "org-1",
+    workspaceId: "ws-1",
    surveyId: "survey-1",
    surveyType: "link",
    environmentId: "env-1",
@@ -23,15 +24,21 @@ describe("captureSurveyResponsePostHogEvent", () => {

    captureSurveyResponsePostHogEvent(makeParams(1));

-    expect(capturePostHogEvent).toHaveBeenCalledWith("org-1", "survey_response_received", {
-      survey_id: "survey-1",
-      survey_type: "link",
-      organization_id: "org-1",
-      environment_id: "env-1",
-      response_count: 1,
-      is_first_response: true,
-      milestone: "first",
-    });
+    expect(capturePostHogEvent).toHaveBeenCalledWith(
+      "org-1",
+      "survey_response_received",
+      {
+        survey_id: "survey-1",
+        survey_type: "link",
+        organization_id: "org-1",
+        workspace_id: "ws-1",
+        environment_id: "env-1",
+        response_count: 1,
+        is_first_response: true,
+        milestone: "first",
+      },
+      { organizationId: "org-1", workspaceId: "ws-1" }
+    );
  });

  test("fires on every 100th response", async () => {
@@ -44,10 +51,20 @@ describe("captureSurveyResponsePostHogEvent", () => {
    expect(capturePostHogEvent).toHaveBeenCalledTimes(6);
  });

-  test("does NOT fire for 2nd through 99th responses", async () => {
+  test("fires on every 10th response up to 100", async () => {
    const { capturePostHogEvent } = await import("@/lib/posthog");

-    for (const count of [2, 5, 10, 50, 99]) {
+    for (const count of [10, 20, 30, 40, 50, 60, 70, 80, 90, 100]) {
+      captureSurveyResponsePostHogEvent(makeParams(count));
+    }
+
+    expect(capturePostHogEvent).toHaveBeenCalledTimes(10);
+  });
+
+  test("does NOT fire for non-milestone responses under 100", async () => {
+    const { capturePostHogEvent } = await import("@/lib/posthog");
+
+    for (const count of [2, 5, 11, 25, 49, 51, 99]) {
      captureSurveyResponsePostHogEvent(makeParams(count));
    }

@@ -75,7 +92,8 @@ describe("captureSurveyResponsePostHogEvent", () => {
      expect.objectContaining({
        is_first_response: false,
        milestone: "200",
-      })
+      }),
+      { organizationId: "org-1", workspaceId: "ws-1" }
    );
  });
 });
@@ -2,6 +2,7 @@ import { capturePostHogEvent } from "@/lib/posthog";

 interface SurveyResponsePostHogEventParams {
  organizationId: string;
+  workspaceId: string;
  surveyId: string;
  surveyType: string;
  environmentId: string;
@@ -10,24 +11,36 @@ interface SurveyResponsePostHogEventParams {

 /**
 * Captures a PostHog event for survey responses at milestones:
- * 1st response, then every 100th (100, 200, 300, ...).
+ * 1st response, every 10th for the first 100 (10, 20, ..., 100),
+ * then every 100th (200, 300, 400, ...).
 */
 export const captureSurveyResponsePostHogEvent = ({
  organizationId,
+  workspaceId,
  surveyId,
  surveyType,
  environmentId,
  responseCount,
 }: SurveyResponsePostHogEventParams): void => {
-  if (responseCount !== 1 && responseCount % 100 !== 0) return;
+  const isFirst = responseCount === 1;
+  const isEvery10thUnder100 = responseCount <= 100 && responseCount % 10 === 0;
+  const isEvery100thAbove100 = responseCount > 100 && responseCount % 100 === 0;

-  capturePostHogEvent(organizationId, "survey_response_received", {
-    survey_id: surveyId,
-    survey_type: surveyType,
-    organization_id: organizationId,
-    environment_id: environmentId,
-    response_count: responseCount,
-    is_first_response: responseCount === 1,
-    milestone: responseCount === 1 ? "first" : String(responseCount),
-  });
+  if (!isFirst && !isEvery10thUnder100 && !isEvery100thAbove100) return;
+
+  capturePostHogEvent(
+    organizationId,
+    "survey_response_received",
+    {
+      survey_id: surveyId,
+      survey_type: surveyType,
+      organization_id: organizationId,
+      workspace_id: workspaceId,
+      environment_id: environmentId,
+      response_count: responseCount,
+      is_first_response: responseCount === 1,
+      milestone: responseCount === 1 ? "first" : String(responseCount),
+    },
+    { organizationId, workspaceId }
+  );
 };
@@ -1,5 +1,6 @@
 import { PipelineTriggers, Webhook } from "@prisma/client";
 import { headers } from "next/headers";
+import type { Agent } from "undici";
 import { v7 as uuidv7 } from "uuid";
 import { prisma } from "@formbricks/database";
 import { logger } from "@formbricks/logger";
@@ -8,14 +9,15 @@ import { sendTelemetryEvents } from "@/app/api/(internal)/pipeline/lib/telemetry
 import { ZPipelineInput } from "@/app/api/(internal)/pipeline/types/pipelines";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
-import { CRON_SECRET, POSTHOG_KEY } from "@/lib/constants";
+import { CRON_SECRET, DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS, POSTHOG_KEY } from "@/lib/constants";
 import { generateStandardWebhookSignature } from "@/lib/crypto";
 import { getIntegrations } from "@/lib/integration/service";
 import { getOrganizationByEnvironmentId } from "@/lib/organization/service";
 import { getResponseCountBySurveyId } from "@/lib/response/service";
 import { getSurvey, updateSurvey } from "@/lib/survey/service";
 import { convertDatesInObject } from "@/lib/time";
-import { validateWebhookUrl } from "@/lib/utils/validate-webhook-url";
+import { getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
+import { createPinnedDispatcher, validateAndResolveWebhookUrl } from "@/lib/utils/validate-webhook-url";
 import { queueAuditEvent } from "@/modules/ee/audit-logs/lib/handler";
 import { TAuditStatus, UNKNOWN_DATA } from "@/modules/ee/audit-logs/types/audit-log";
 import { recordResponseCreatedMeterEvent } from "@/modules/ee/billing/lib/metering";
@@ -91,10 +93,19 @@ export const POST = async (request: Request) => {
  const webhooks: Webhook[] = await getWebhooksForPipeline(environmentId, event, surveyId);
  // Prepare webhook and email promises

-  // Fetch with timeout of 5 seconds to prevent hanging
-  const fetchWithTimeout = (url: string, options: RequestInit, timeout: number = 5000): Promise<Response> => {
+  // Fetch with timeout of 5 seconds to prevent hanging.
+  // `redirect: "manual"` blocks SSRF via redirect — webhook URLs are validated against private/internal
+  // ranges before delivery, but redirect targets would otherwise bypass that check. Gated on the same
+  // env var as `validateWebhookUrl`: self-hosters who opted into trusting internal URLs also get the
+  // pre-patch redirect-follow behavior for consistency.
+  const redirectMode: RequestRedirect = DANGEROUSLY_ALLOW_WEBHOOK_INTERNAL_URLS ? "follow" : "manual";
+  const fetchWithTimeout = (
+    url: string,
+    options: RequestInit & { dispatcher?: Agent },
+    timeout: number = 5000
+  ): Promise<Response> => {
    return Promise.race([
-      fetch(url, options),
+      fetch(url, { ...options, redirect: redirectMode } as RequestInit & { dispatcher?: Agent }),
      new Promise<never>((_, reject) => setTimeout(() => reject(new Error("Timeout")), timeout)),
    ]);
  };
@@ -138,14 +149,25 @@ export const POST = async (request: Request) => {
      );
    }

-    return validateWebhookUrl(webhook.url)
-      .then(() =>
-        fetchWithTimeout(webhook.url, {
-          method: "POST",
-          headers: requestHeaders,
-          body,
-        })
-      )
+    return validateAndResolveWebhookUrl(webhook.url)
+      .then(async (address) => {
+        // Pin TCP connect to the validated IP. Without this, undici resolves DNS
+        // again at fetch time and an attacker-controlled domain can rebind to a
+        // private/internal IP after validation passed (TOCTOU SSRF).
+        const dispatcher = address ? createPinnedDispatcher(address) : undefined;
+        try {
+          return await fetchWithTimeout(webhook.url, {
+            method: "POST",
+            headers: requestHeaders,
+            body,
+            dispatcher,
+          });
+        } finally {
+          // Each pinned Agent owns a keep-alive socket pool; close it so we
+          // don't leak sockets across the per-webhook fan-out on every response.
+          await dispatcher?.close();
+        }
+      })
      .catch((error) => {
        logger.error({ error, url: request.url }, `Webhook call to ${webhook.url} failed`);
      });
@@ -302,9 +324,11 @@ export const POST = async (request: Request) => {

    if (POSTHOG_KEY) {
      const responseCount = await getResponseCountBySurveyId(surveyId);
+      const workspaceId = await getProjectIdFromEnvironmentId(environmentId);

      captureSurveyResponsePostHogEvent({
        organizationId: organization.id,
+        workspaceId,
        surveyId,
        surveyType: survey.type,
        environmentId,
@@ -185,4 +185,20 @@ describe("auth route audit logging", () => {
      })
    );
  });
+
+  test("does not log a completed sign-in for the intermediate SSO recovery verification step", async () => {
+    const authOptions = await getWrappedAuthOptions("req-sso-recovery");
+    const user = {
+      id: "user_4",
+      email: "user4@example.com",
+      authFlowPurpose: "sso_recovery",
+    };
+    const account = { provider: "token" };
+
+    await expect(authOptions.callbacks.signIn({ user, account })).resolves.toBe(true);
+    await authOptions.events.signIn({ user, account, isNewUser: false });
+
+    expect(mocks.baseEventSignIn).not.toHaveBeenCalled();
+    expect(mocks.queueAuditEventBackground).not.toHaveBeenCalled();
+  });
 });
@@ -26,6 +26,12 @@ const getAuthMethod = (account: Account | null) => {
  return "unknown";
 };

+const isSsoRecoveryVerificationFlow = (account: Account | null, user: User | AdapterUser) =>
+  account?.provider === "token" &&
+  "authFlowPurpose" in user &&
+  typeof user.authFlowPurpose === "string" &&
+  user.authFlowPurpose === "sso_recovery";
+
 const handler = async (req: Request, ctx: any) => {
  const eventId = req.headers.get("x-request-id") ?? undefined;

@@ -117,6 +123,10 @@ const handler = async (req: Request, ctx: any) => {
    events: {
      ...baseAuthOptions.events,
      async signIn({ user, account, isNewUser }: any) {
+        if (isSsoRecoveryVerificationFlow(account, user)) {
+          return;
+        }
+
        try {
          await baseAuthOptions.events?.signIn?.({ user, account, isNewUser });
        } catch (err) {
@@ -0,0 +1,67 @@
+import { getServerSession } from "next-auth";
+import { NextResponse } from "next/server";
+import { logger } from "@formbricks/logger";
+import { verifySsoRelinkIntent } from "@/lib/jwt";
+import { deleteSessionBySessionToken } from "@/modules/auth/lib/auth-session-repository";
+import { authOptions } from "@/modules/auth/lib/authOptions";
+import {
+  NEXT_AUTH_SESSION_COOKIE_NAMES,
+  getSessionTokenFromCookieHeader,
+} from "@/modules/auth/lib/session-cookie";
+import { completeSsoRecovery, getSsoRecoveryFailureRedirectUrl } from "@/modules/ee/sso/lib/sso-recovery";
+
+const clearSessionCookies = (response: NextResponse) => {
+  for (const cookieName of NEXT_AUTH_SESSION_COOKIE_NAMES) {
+    response.cookies.set({
+      name: cookieName,
+      value: "",
+      expires: new Date(0),
+      path: "/",
+      secure: cookieName.startsWith("__Secure-"),
+    });
+  }
+};
+
+const buildFailedRecoveryResponse = async (request: Request, callbackUrl?: string) => {
+  const response = NextResponse.redirect(getSsoRecoveryFailureRedirectUrl(callbackUrl));
+  clearSessionCookies(response);
+
+  const sessionToken = getSessionTokenFromCookieHeader(request.headers.get("cookie"));
+  if (!sessionToken) {
+    return response;
+  }
+
+  try {
+    await deleteSessionBySessionToken(sessionToken);
+  } catch (error) {
+    logger.error(error, "Failed to delete SSO recovery session after recovery completion error");
+  }
+
+  return response;
+};
+
+export const GET = async (request: Request) => {
+  const url = new URL(request.url);
+  const intentToken = url.searchParams.get("intent");
+
+  if (!intentToken) {
+    return NextResponse.redirect(getSsoRecoveryFailureRedirectUrl());
+  }
+
+  try {
+    const session = await getServerSession(authOptions);
+    const callbackUrl = await completeSsoRecovery({
+      intentToken,
+      sessionUserId: session?.user.id,
+    });
+
+    return NextResponse.redirect(callbackUrl);
+  } catch {
+    try {
+      const intent = verifySsoRelinkIntent(intentToken);
+      return await buildFailedRecoveryResponse(request, intent.callbackUrl);
+    } catch {
+      return await buildFailedRecoveryResponse(request);
+    }
+  }
+};
@@ -12,7 +12,7 @@ import {
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { capturePostHogEvent } from "@/lib/posthog";
-import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
+import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
 import { authOptions } from "@/modules/auth/lib/authOptions";

 export const GET = async (req: Request) => {
@@ -87,10 +87,18 @@ export const GET = async (req: Request) => {
  if (result) {
    try {
      const organizationId = await getOrganizationIdFromEnvironmentId(environmentId);
-      capturePostHogEvent(session.user.id, "integration_connected", {
-        integration_type: "googleSheets",
-        organization_id: organizationId,
-      });
+      const projectId = await getProjectIdFromEnvironmentId(environmentId);
+      capturePostHogEvent(
+        session.user.id,
+        "integration_connected",
+        {
+          integration_type: "googleSheets",
+          organization_id: organizationId,
+          workspace_id: projectId,
+          environment_id: environmentId,
+        },
+        { organizationId, workspaceId: projectId }
+      );
    } catch (err) {
      logger.error({ error: err }, "Failed to capture PostHog integration_connected event for googleSheets");
    }
@@ -1,9 +1,15 @@
 import { NextRequest } from "next/server";
 import { describe, expect, test, vi } from "vitest";
 import { TAPIKeyEnvironmentPermission } from "@formbricks/types/auth";
+import {
+  DatabaseError,
+  InvalidInputError,
+  ResourceNotFoundError,
+  UniqueConstraintError,
+} from "@formbricks/types/errors";
 import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";
 import { hasPermission } from "@/modules/organization/settings/api-keys/lib/utils";
-import { authenticateRequest } from "./auth";
+import { authenticateRequest, handleErrorResponse } from "./auth";

 vi.mock("@/modules/organization/settings/api-keys/lib/api-key", () => ({
  getApiKeyWithPermissions: vi.fn(),
@@ -193,3 +199,53 @@ describe("authenticateRequest", () => {
    expect(result).toBeNull();
  });
 });
+
+describe("handleErrorResponse", () => {
+  test("returns 401 notAuthenticated for 'NotAuthenticated' message", async () => {
+    const response = handleErrorResponse(new Error("NotAuthenticated"));
+    expect(response.status).toBe(401);
+    const body = await response.json();
+    expect(body.code).toBe("not_authenticated");
+  });
+
+  test("returns 401 unauthorized for 'Unauthorized' message", async () => {
+    const response = handleErrorResponse(new Error("Unauthorized"));
+    expect(response.status).toBe(401);
+    const body = await response.json();
+    expect(body.code).toBe("unauthorized");
+  });
+
+  test("returns 409 conflict for UniqueConstraintError", async () => {
+    const response = handleErrorResponse(new UniqueConstraintError("Action with name foo already exists"));
+    expect(response.status).toBe(409);
+    const body = await response.json();
+    expect(body.code).toBe("conflict");
+    expect(body.message).toBe("Action with name foo already exists");
+  });
+
+  test("returns 400 badRequest for DatabaseError", async () => {
+    const response = handleErrorResponse(new DatabaseError("db boom"));
+    expect(response.status).toBe(400);
+    const body = await response.json();
+    expect(body.message).toBe("db boom");
+  });
+
+  test("returns 400 badRequest for InvalidInputError", async () => {
+    const response = handleErrorResponse(new InvalidInputError("bad input"));
+    expect(response.status).toBe(400);
+    const body = await response.json();
+    expect(body.message).toBe("bad input");
+  });
+
+  test("returns 400 badRequest for ResourceNotFoundError", async () => {
+    const response = handleErrorResponse(new ResourceNotFoundError("Survey", "id-1"));
+    expect(response.status).toBe(400);
+  });
+
+  test("returns 500 internalServerError for unknown errors", async () => {
+    const response = handleErrorResponse(new Error("something else"));
+    expect(response.status).toBe(500);
+    const body = await response.json();
+    expect(body.message).toBe("Some error occurred");
+  });
+});
@@ -1,6 +1,11 @@
 import { NextRequest } from "next/server";
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
-import { DatabaseError, InvalidInputError, ResourceNotFoundError } from "@formbricks/types/errors";
+import {
+  DatabaseError,
+  InvalidInputError,
+  ResourceNotFoundError,
+  UniqueConstraintError,
+} from "@formbricks/types/errors";
 import { responses } from "@/app/lib/api/response";
 import { getApiKeyWithPermissions } from "@/modules/organization/settings/api-keys/lib/api-key";

@@ -40,6 +45,9 @@ export const handleErrorResponse = (error: any): Response => {
    case "Unauthorized":
      return responses.unauthorizedResponse();
    default:
+      if (error instanceof UniqueConstraintError) {
+        return responses.conflictResponse(error.message);
+      }
      if (
        error instanceof DatabaseError ||
        error instanceof InvalidInputError ||
@@ -0,0 +1,98 @@
+import { Prisma } from "@prisma/client";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { prisma } from "@formbricks/database";
+import { DatabaseError, ResourceNotFoundError, ValidationError } from "@formbricks/types/errors";
+import { validateInputs } from "@/lib/utils/validate";
+import { getResponseIdByDisplayId } from "./response";
+
+vi.mock("@/lib/utils/validate", () => ({
+  validateInputs: vi.fn((inputs: [unknown, unknown][]) =>
+    inputs.map((input: [unknown, unknown]) => input[0])
+  ),
+}));
+
+vi.mock("@formbricks/database", () => ({
+  prisma: {
+    display: {
+      findFirst: vi.fn(),
+    },
+  },
+}));
+
+describe("getResponseIdByDisplayId", () => {
+  const environmentId = "env1234567890123456789012";
+  const displayId = "display1234567890123456789";
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  test("returns the linked responseId when a response exists", async () => {
+    vi.mocked(prisma.display.findFirst).mockResolvedValue({
+      response: {
+        id: "response123456789012345678",
+      },
+    } as any);
+
+    const result = await getResponseIdByDisplayId(environmentId, displayId);
+
+    expect(validateInputs).toHaveBeenCalledWith(
+      [environmentId, expect.any(Object)],
+      [displayId, expect.any(Object)]
+    );
+    expect(prisma.display.findFirst).toHaveBeenCalledWith({
+      where: {
+        id: displayId,
+        survey: {
+          environmentId,
+        },
+      },
+      select: {
+        response: {
+          select: {
+            id: true,
+          },
+        },
+      },
+    });
+    expect(result).toEqual({ responseId: "response123456789012345678" });
+  });
+
+  test("returns null when the display exists but has no response", async () => {
+    vi.mocked(prisma.display.findFirst).mockResolvedValue({
+      response: null,
+    } as any);
+
+    await expect(getResponseIdByDisplayId(environmentId, displayId)).resolves.toEqual({
+      responseId: null,
+    });
+  });
+
+  test("throws ResourceNotFoundError when the display does not exist in the environment", async () => {
+    vi.mocked(prisma.display.findFirst).mockResolvedValue(null);
+
+    await expect(getResponseIdByDisplayId(environmentId, displayId)).rejects.toThrow(
+      new ResourceNotFoundError("Display", displayId)
+    );
+  });
+
+  test("throws ValidationError when input validation fails", async () => {
+    const validationError = new ValidationError("Validation failed");
+    vi.mocked(validateInputs).mockImplementation(() => {
+      throw validationError;
+    });
+
+    await expect(getResponseIdByDisplayId(environmentId, displayId)).rejects.toThrow(ValidationError);
+    expect(prisma.display.findFirst).not.toHaveBeenCalled();
+  });
+
+  test("throws DatabaseError on Prisma request errors", async () => {
+    const prismaError = new Prisma.PrismaClientKnownRequestError("Database error", {
+      code: "P2002",
+      clientVersion: "test",
+    });
+    vi.mocked(prisma.display.findFirst).mockRejectedValue(prismaError);
+
+    await expect(getResponseIdByDisplayId(environmentId, displayId)).rejects.toThrow(DatabaseError);
+  });
+});
@@ -0,0 +1,44 @@
+import { Prisma } from "@prisma/client";
+import { prisma } from "@formbricks/database";
+import { ZId } from "@formbricks/types/common";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { validateInputs } from "@/lib/utils/validate";
+
+export const getResponseIdByDisplayId = async (
+  environmentId: string,
+  displayId: string
+): Promise<{ responseId: string | null }> => {
+  validateInputs([environmentId, ZId], [displayId, ZId]);
+
+  try {
+    const display = await prisma.display.findFirst({
+      where: {
+        id: displayId,
+        survey: {
+          environmentId,
+        },
+      },
+      select: {
+        response: {
+          select: {
+            id: true,
+          },
+        },
+      },
+    });
+
+    if (!display) {
+      throw new ResourceNotFoundError("Display", displayId);
+    }
+
+    return {
+      responseId: display.response?.id ?? null,
+    };
+  } catch (error) {
+    if (error instanceof Prisma.PrismaClientKnownRequestError) {
+      throw new DatabaseError(error.message);
+    }
+
+    throw error;
+  }
+};
@@ -0,0 +1,70 @@
+import { NextRequest } from "next/server";
+import { beforeEach, describe, expect, test, vi } from "vitest";
+import { ResourceNotFoundError } from "@formbricks/types/errors";
+import { getResponseIdByDisplayId } from "./lib/response";
+import { GET } from "./route";
+
+vi.mock("@/app/lib/api/with-api-logging", async () => {
+  return {
+    withV1ApiWrapper:
+      ({ handler }: { handler: any }) =>
+      async (req: NextRequest, props: any) => {
+        const result = await handler({ req, props });
+        return result.response;
+      },
+  };
+});
+
+vi.mock("./lib/response", () => ({
+  getResponseIdByDisplayId: vi.fn(),
+}));
+
+describe("GET /api/v1/client/[environmentId]/displays/[displayId]/response", () => {
+  const req = new NextRequest("http://localhost/api/v1/client/env/displays/display/response");
+  const props = {
+    params: Promise.resolve({
+      environmentId: "env1234567890123456789012",
+      displayId: "display1234567890123456789",
+    }),
+  };
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  test("returns the responseId when a linked response exists", async () => {
+    vi.mocked(getResponseIdByDisplayId).mockResolvedValue({ responseId: "response123456789012345678" });
+
+    const response = await GET(req, props);
+
+    expect(response.status).toBe(200);
+    await expect(response.json()).resolves.toEqual({
+      data: {
+        responseId: "response123456789012345678",
+      },
+    });
+  });
+
+  test("returns null when the display exists without a response", async () => {
+    vi.mocked(getResponseIdByDisplayId).mockResolvedValue({ responseId: null });
+
+    const response = await GET(req, props);
+
+    expect(response.status).toBe(200);
+    await expect(response.json()).resolves.toEqual({
+      data: {
+        responseId: null,
+      },
+    });
+  });
+
+  test("returns 404 when the display is missing for the environment", async () => {
+    vi.mocked(getResponseIdByDisplayId).mockRejectedValue(
+      new ResourceNotFoundError("Display", "display1234567890123456789")
+    );
+
+    const response = await GET(req, props);
+
+    expect(response.status).toBe(404);
+  });
+});
@@ -0,0 +1,40 @@
+import { logger } from "@formbricks/logger";
+import { ResourceNotFoundError } from "@formbricks/types/errors";
+import { responses } from "@/app/lib/api/response";
+import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
+import { getResponseIdByDisplayId } from "./lib/response";
+
+export const OPTIONS = async (): Promise<Response> => {
+  return responses.successResponse({}, true);
+};
+
+export const GET = withV1ApiWrapper({
+  handler: async ({
+    req,
+    props,
+  }: THandlerParams<{ params: Promise<{ environmentId: string; displayId: string }> }>) => {
+    const params = await props.params;
+
+    try {
+      const response = await getResponseIdByDisplayId(params.environmentId, params.displayId);
+
+      return {
+        response: responses.successResponse(response, true),
+      };
+    } catch (error) {
+      if (error instanceof ResourceNotFoundError) {
+        return {
+          response: responses.notFoundResponse("Display", params.displayId, true),
+        };
+      }
+
+      logger.error(
+        { error, url: req.url, environmentId: params.environmentId, displayId: params.displayId },
+        "Error in GET /api/v1/client/[environmentId]/displays/[displayId]/response"
+      );
+      return {
+        response: responses.internalServerErrorResponse("Something went wrong. Please try again."),
+      };
+    }
+  },
+});
@@ -80,7 +80,7 @@ export const getEnvironmentStateData = async (environmentId: string): Promise<En
          select: {
            id: true,
            welcomeCard: true,
-            name: true,
+            // name intentionally omitted — internal label not needed by the SDK
            questions: true,
            blocks: true,
            variables: true,
@@ -107,13 +107,13 @@ export const getEnvironmentStateData = async (environmentId: string): Promise<En
            styling: true,
            status: true,
            recaptcha: true,
+            // Fetch only what's needed to compute the minimal segment shape.
+            // Titles, descriptions, and filter conditions are evaluated server-side
+            // and must not be sent to the browser.
            segment: {
-              include: {
-                surveys: {
-                  select: {
-                    id: true,
-                  },
-                },
+              select: {
+                id: true,
+                filters: true,
              },
            },
            recontactDays: true,
@@ -147,10 +147,28 @@ export const getEnvironmentStateData = async (environmentId: string): Promise<En
      throw new ResourceNotFoundError("project", null);
    }

-    // Transform surveys using existing utility
-    const transformedSurveys = environmentData.surveys.map((survey) =>
-      transformPrismaSurvey<TJsEnvironmentStateSurvey>(survey)
-    );
+    // Transform surveys using the shared utility, then replace the segment with
+    // the minimal public shape (id + hasFilters). We null out segment before
+    // calling transformPrismaSurvey because that function expects a surveys[]
+    // relation on the segment object (used by the management API), which we
+    // intentionally don't fetch here.
+    const transformedSurveys = environmentData.surveys.map((survey) => {
+      const minimalSegment = survey.segment
+        ? {
+            id: survey.segment.id,
+            hasFilters:
+              Array.isArray(survey.segment.filters) && (survey.segment.filters as unknown[]).length > 0,
+          }
+        : null;
+
+      const { segment: _segment, ...surveyWithoutSegment } = survey;
+      const transformed = transformPrismaSurvey<TJsEnvironmentStateSurvey>({
+        ...surveyWithoutSegment,
+        segment: null,
+      });
+
+      return { ...transformed, segment: minimalSegment };
+    });

    return {
      environment: {
@@ -10,6 +10,11 @@ import { capturePostHogEvent } from "@/lib/posthog";
 import { EnvironmentStateData, getEnvironmentStateData } from "./data";
 import { getEnvironmentState } from "./environmentState";

+vi.mock("server-only", () => ({}));
+vi.mock("@/lib/utils/validate", () => ({ validateInputs: vi.fn() }));
+vi.mock("@/modules/storage/utils", () => ({ resolveStorageUrlsInObject: vi.fn((obj: unknown) => obj) }));
+vi.mock("@/modules/survey/lib/utils", () => ({ transformPrismaSurvey: vi.fn() }));
+
 // Mock dependencies
 vi.mock("@/lib/cache", () => ({
  cache: {
@@ -22,6 +27,9 @@ vi.mock("@formbricks/database", () => ({
    environment: {
      update: vi.fn(),
    },
+    project: {
+      findUnique: vi.fn(),
+    },
  },
 }));
 vi.mock("@formbricks/logger", () => ({
@@ -163,6 +171,7 @@ describe("getEnvironmentState", () => {

    // Default mocks for successful retrieval
    vi.mocked(getEnvironmentStateData).mockResolvedValue(mockEnvironmentStateData);
+    vi.mocked(prisma.project.findUnique).mockResolvedValue({ organizationId: "test-org-id" });
  });

  afterEach(() => {
@@ -329,11 +338,18 @@ describe("getEnvironmentState", () => {

    await getEnvironmentState(environmentId);

-    expect(capturePostHogEvent).toHaveBeenCalledWith(environmentId, "app_connected", {
-      num_surveys: 1,
-      num_code_actions: 1,
-      num_no_code_actions: 1,
-    });
+    expect(capturePostHogEvent).toHaveBeenCalledWith(
+      environmentId,
+      "app_connected",
+      {
+        num_surveys: 1,
+        num_code_actions: 1,
+        num_no_code_actions: 1,
+        organization_id: "test-org-id",
+        workspace_id: "test-project-id",
+      },
+      { organizationId: "test-org-id", workspaceId: "test-project-id" }
+    );
  });

  test("should not capture app_connected event when app setup already completed", async () => {
@@ -33,11 +33,25 @@ export const getEnvironmentState = async (
        });

        if (POSTHOG_KEY) {
-          capturePostHogEvent(environmentId, "app_connected", {
-            num_surveys: surveys.length,
-            num_code_actions: actionClasses.filter((ac) => ac.type === "code").length,
-            num_no_code_actions: actionClasses.filter((ac) => ac.type === "noCode").length,
+          const workspaceId = environment.project.id;
+          const project = await prisma.project.findUnique({
+            where: { id: workspaceId },
+            select: { organizationId: true },
          });
+          const organizationId = project?.organizationId;
+
+          capturePostHogEvent(
+            environmentId,
+            "app_connected",
+            {
+              num_surveys: surveys.length,
+              num_code_actions: actionClasses.filter((ac) => ac.type === "code").length,
+              num_no_code_actions: actionClasses.filter((ac) => ac.type === "noCode").length,
+              organization_id: organizationId ?? "",
+              workspace_id: workspaceId,
+            },
+            organizationId ? { organizationId, workspaceId } : undefined
+          );
        }
      }

@@ -10,6 +10,8 @@ import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
 import { sendToPipeline } from "@/app/lib/pipelines";
+import { ENCRYPTION_KEY } from "@/lib/constants";
+import { symmetricDecrypt } from "@/lib/crypto";
 import { getSurvey } from "@/lib/survey/service";
 import { getClientIpFromHeaders } from "@/lib/utils/client-ip";
 import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
@@ -123,17 +125,118 @@ export const POST = withV1ApiWrapper({
    }
    if (survey.environmentId !== environmentId) {
      return {
-        response: responses.badRequestResponse(
-          "Survey is part of another environment",
-          {
-            "survey.environmentId": survey.environmentId,
-            environmentId,
-          },
-          true
-        ),
+        response: responses.badRequestResponse("Survey does not belong to this environment", undefined, true),
      };
    }

+    if (survey.type === "link" && survey.singleUse?.enabled) {
+      if (!responseInputData.singleUseId) {
+        return {
+          response: responses.badRequestResponse(
+            "Missing single use id",
+            {
+              surveyId: survey.id,
+              environmentId,
+            },
+            true
+          ),
+        };
+      }
+
+      if (!responseInputData.meta?.url) {
+        return {
+          response: responses.badRequestResponse(
+            "Missing or invalid URL in response metadata",
+            {
+              surveyId: survey.id,
+              environmentId,
+            },
+            true
+          ),
+        };
+      }
+
+      let url: URL;
+      try {
+        url = new URL(responseInputData.meta.url);
+      } catch (error) {
+        return {
+          response: responses.badRequestResponse(
+            "Invalid URL in response metadata",
+            {
+              surveyId: survey.id,
+              environmentId,
+              error: error instanceof Error ? error.message : "Unknown error occurred",
+            },
+            true
+          ),
+        };
+      }
+
+      const suId = url.searchParams.get("suId");
+      if (!suId) {
+        return {
+          response: responses.badRequestResponse(
+            "Missing single use id",
+            {
+              surveyId: survey.id,
+              environmentId,
+            },
+            true
+          ),
+        };
+      }
+
+      if (survey.singleUse.isEncrypted) {
+        if (!ENCRYPTION_KEY) {
+          logger.error({ url: req.url, surveyId: survey.id, environmentId }, "ENCRYPTION_KEY is not set");
+          return {
+            response: responses.internalServerErrorResponse("An unexpected error occurred.", true),
+          };
+        }
+
+        let decryptedSuId: string;
+        try {
+          decryptedSuId = symmetricDecrypt(suId, ENCRYPTION_KEY);
+        } catch {
+          return {
+            response: responses.badRequestResponse(
+              "Invalid single use id",
+              {
+                surveyId: survey.id,
+                environmentId,
+              },
+              true
+            ),
+          };
+        }
+
+        if (decryptedSuId !== responseInputData.singleUseId) {
+          return {
+            response: responses.badRequestResponse(
+              "Invalid single use id",
+              {
+                surveyId: survey.id,
+                environmentId,
+              },
+              true
+            ),
+          };
+        }
+      } else if (responseInputData.singleUseId !== suId) {
+        return {
+          response: responses.badRequestResponse(
+            "Invalid single use id",
+            {
+              surveyId: survey.id,
+              environmentId,
+            },
+            true
+          ),
+        };
+      }
+    }
+
    if (!validateFileUploads(responseInputData.data, survey.questions)) {
      return {
        response: responses.badRequestResponse("Invalid file upload response"),
@@ -75,11 +75,7 @@ export const POST = withV1ApiWrapper({

    if (survey.environmentId !== environmentId) {
      return {
-        response: responses.badRequestResponse(
-          "Survey does not belong to the environment",
-          { surveyId, environmentId },
-          true
-        ),
+        response: responses.badRequestResponse("Survey does not belong to this environment", undefined, true),
      };
    }

@@ -5,9 +5,9 @@ import { withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
 import { fetchAirtableAuthToken } from "@/lib/airtable/service";
 import { AIRTABLE_CLIENT_ID, WEBAPP_URL } from "@/lib/constants";
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
-import { createOrUpdateIntegration } from "@/lib/integration/service";
+import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { capturePostHogEvent } from "@/lib/posthog";
-import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
+import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";

 const getEmail = async (token: string) => {
  const req_ = await fetch("https://api.airtable.com/v0/meta/whoami", {
@@ -78,12 +78,16 @@ export const GET = withV1ApiWrapper({
      }
      const email = await getEmail(key.access_token);

+      // Preserve existing integration data (survey-to-table mappings) when re-authorizing
+      const existingIntegration = await getIntegrationByType(environmentId, "airtable");
+      const existingData = existingIntegration?.config?.data ?? [];
+
      const airtableIntegrationInput = {
        type: "airtable" as "airtable",
        environment: environmentId,
        config: {
          key,
-          data: [],
+          data: existingData,
          email,
        },
      };
@@ -91,10 +95,18 @@ export const GET = withV1ApiWrapper({

      try {
        const organizationId = await getOrganizationIdFromEnvironmentId(environmentId);
-        capturePostHogEvent(authentication.user.id, "integration_connected", {
-          integration_type: "airtable",
-          organization_id: organizationId,
-        });
+        const projectId = await getProjectIdFromEnvironmentId(environmentId);
+        capturePostHogEvent(
+          authentication.user.id,
+          "integration_connected",
+          {
+            integration_type: "airtable",
+            organization_id: organizationId,
+            workspace_id: projectId,
+            environment_id: environmentId,
+          },
+          { organizationId, workspaceId: projectId }
+        );
      } catch (err) {
        logger.error({ error: err }, "Failed to capture PostHog integration_connected event for airtable");
      }
@@ -1,8 +1,7 @@
 import * as z from "zod";
-import { TIntegrationAirtable } from "@formbricks/types/integration/airtable";
 import { responses } from "@/app/lib/api/response";
 import { withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
-import { getTables } from "@/lib/airtable/service";
+import { getAirtableToken, getTables } from "@/lib/airtable/service";
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { getIntegrationByType } from "@/lib/integration/service";

@@ -36,7 +35,7 @@ export const GET = withV1ApiWrapper({
      };
    }

-    const integration = (await getIntegrationByType(environmentId, "airtable")) as TIntegrationAirtable;
+    const integration = await getIntegrationByType(environmentId, "airtable");

    if (!integration) {
      return {
@@ -44,7 +43,12 @@ export const GET = withV1ApiWrapper({
      };
    }

-    const tables = await getTables(integration.config.key, baseId.data);
+    // Use getAirtableToken to ensure the access token is refreshed if expired
+    const freshAccessToken = await getAirtableToken(environmentId);
+    const tables = await getTables(
+      { ...integration.config.key, access_token: freshAccessToken },
+      baseId.data
+    );
    return {
      response: responses.successResponse(tables),
    };
@@ -13,7 +13,7 @@ import { symmetricEncrypt } from "@/lib/crypto";
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { capturePostHogEvent } from "@/lib/posthog";
-import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
+import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";

 export const GET = withV1ApiWrapper({
  handler: async ({ req, authentication }) => {
@@ -101,10 +101,18 @@ export const GET = withV1ApiWrapper({
      if (result) {
        try {
          const organizationId = await getOrganizationIdFromEnvironmentId(environmentId);
-          capturePostHogEvent(authentication.user.id, "integration_connected", {
-            integration_type: "notion",
-            organization_id: organizationId,
-          });
+          const projectId = await getProjectIdFromEnvironmentId(environmentId);
+          capturePostHogEvent(
+            authentication.user.id,
+            "integration_connected",
+            {
+              integration_type: "notion",
+              organization_id: organizationId,
+              workspace_id: projectId,
+              environment_id: environmentId,
+            },
+            { organizationId, workspaceId: projectId }
+          );
        } catch (err) {
          logger.error({ error: err }, "Failed to capture PostHog integration_connected event for notion");
        }
@@ -10,7 +10,7 @@ import { SLACK_CLIENT_ID, SLACK_CLIENT_SECRET, SLACK_REDIRECT_URI, WEBAPP_URL }
 import { hasUserEnvironmentAccess } from "@/lib/environment/auth";
 import { createOrUpdateIntegration, getIntegrationByType } from "@/lib/integration/service";
 import { capturePostHogEvent } from "@/lib/posthog";
-import { getOrganizationIdFromEnvironmentId } from "@/lib/utils/helper";
+import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";

 export const GET = withV1ApiWrapper({
  handler: async ({ req, authentication }) => {
@@ -109,10 +109,18 @@ export const GET = withV1ApiWrapper({
      if (result) {
        try {
          const organizationId = await getOrganizationIdFromEnvironmentId(environmentId);
-          capturePostHogEvent(authentication.user.id, "integration_connected", {
-            integration_type: "slack",
-            organization_id: organizationId,
-          });
+          const projectId = await getProjectIdFromEnvironmentId(environmentId);
+          capturePostHogEvent(
+            authentication.user.id,
+            "integration_connected",
+            {
+              integration_type: "slack",
+              organization_id: organizationId,
+              workspace_id: projectId,
+              environment_id: environmentId,
+            },
+            { organizationId, workspaceId: projectId }
+          );
        } catch (err) {
          logger.error({ error: err }, "Failed to capture PostHog integration_connected event for slack");
        }
@@ -1,6 +1,6 @@
 import { logger } from "@formbricks/logger";
 import { TActionClass, ZActionClassInput } from "@formbricks/types/action-classes";
-import { DatabaseError } from "@formbricks/types/errors";
+import { DatabaseError, UniqueConstraintError } from "@formbricks/types/errors";
 import { responses } from "@/app/lib/api/response";
 import { transformErrorToDetails } from "@/app/lib/api/validator";
 import { THandlerParams, withV1ApiWrapper } from "@/app/lib/api/with-api-logging";
@@ -80,6 +80,11 @@ export const POST = withV1ApiWrapper({
        response: responses.successResponse(actionClass),
      };
    } catch (error) {
+      if (error instanceof UniqueConstraintError) {
+        return {
+          response: responses.conflictResponse(error.message),
+        };
+      }
      if (error instanceof DatabaseError) {
        return {
          response: responses.badRequestResponse(error.message),
@@ -4,6 +4,7 @@ import { getSessionUser } from "@/app/api/v1/management/me/lib/utils";
 import { responses } from "@/app/lib/api/response";
 import { CONTROL_HASH } from "@/lib/constants";
 import { hashSha256, parseApiKeyV2, verifySecret } from "@/lib/crypto";
+import { publicUserSelect } from "@/lib/user/public-user";
 import { applyRateLimit } from "@/modules/core/rate-limit/helpers";
 import { rateLimitConfigs } from "@/modules/core/rate-limit/rate-limit-configs";

@@ -176,6 +177,7 @@ const handleSessionAuthentication = async () => {

  const user = await prisma.user.findUnique({
    where: { id: sessionUser.id },
+    select: publicUserSelect,
  });

  return Response.json(user);
@@ -96,14 +96,7 @@ const validateSurvey = async (responseInput: TResponseInput, environmentId: stri
  }
  if (survey.environmentId !== environmentId) {
    return {
-      error: responses.badRequestResponse(
-        "Survey is part of another environment",
-        {
-          "survey.environmentId": survey.environmentId,
-          environmentId,
-        },
-        true
-      ),
+      error: responses.badRequestResponse("Survey does not belong to this environment", undefined, true),
    };
  }
  return { survey };
@@ -1,47 +1,19 @@
-import { Prisma } from "@prisma/client";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { prisma } from "@formbricks/database";
-import { logger } from "@formbricks/logger";
-import { DatabaseError } from "@formbricks/types/errors";
-import { validateInputs } from "@/lib/utils/validate";
 import { deleteSurvey } from "./surveys";

-vi.mock("@/lib/utils/validate", () => ({
-  validateInputs: vi.fn(),
+const { mockDeleteSharedSurvey } = vi.hoisted(() => ({
+  mockDeleteSharedSurvey: vi.fn(),
 }));
-vi.mock("@formbricks/database", () => ({
-  prisma: {
-    survey: {
-      delete: vi.fn(),
-    },
-    segment: {
-      delete: vi.fn(),
-    },
-  },
-}));
-vi.mock("@formbricks/logger", () => ({
-  logger: {
-    error: vi.fn(),
-  },
+
+vi.mock("@/modules/survey/lib/surveys", () => ({
+  deleteSurvey: mockDeleteSharedSurvey,
 }));

 const surveyId = "clq5n7p1q0000m7z0h5p6g3r2";
-const environmentId = "clq5n7p1q0000m7z0h5p6g3r3";
-const segmentId = "clq5n7p1q0000m7z0h5p6g3r4";
-const actionClassId1 = "clq5n7p1q0000m7z0h5p6g3r5";
-const actionClassId2 = "clq5n7p1q0000m7z0h5p6g3r6";
-
-const mockDeletedSurveyAppPrivateSegment = {
-  id: surveyId,
-  environmentId,
-  type: "app",
-  segment: { id: segmentId, isPrivate: true },
-  triggers: [{ actionClass: { id: actionClassId1 } }, { actionClass: { id: actionClassId2 } }],
-};

 const mockDeletedSurveyLink = {
  id: surveyId,
-  environmentId,
+  environmentId: "clq5n7p1q0000m7z0h5p6g3r3",
  type: "link",
  segment: null,
  triggers: [],
@@ -56,66 +28,20 @@ describe("deleteSurvey", () => {
    vi.clearAllMocks();
  });

-  test("should delete a link survey without a segment and revalidate caches", async () => {
-    vi.mocked(prisma.survey.delete).mockResolvedValue(mockDeletedSurveyLink as any);
+  test("delegates survey deletion to the shared service", async () => {
+    mockDeleteSharedSurvey.mockResolvedValue(mockDeletedSurveyLink);

    const deletedSurvey = await deleteSurvey(surveyId);

-    expect(validateInputs).toHaveBeenCalledWith([surveyId, expect.any(Object)]);
-    expect(prisma.survey.delete).toHaveBeenCalledWith({
-      where: { id: surveyId },
-      include: {
-        segment: true,
-        triggers: { include: { actionClass: true } },
-      },
-    });
-    expect(prisma.segment.delete).not.toHaveBeenCalled();
-
+    expect(mockDeleteSharedSurvey).toHaveBeenCalledWith(surveyId);
    expect(deletedSurvey).toEqual(mockDeletedSurveyLink);
  });

-  test("should handle PrismaClientKnownRequestError during survey deletion", async () => {
-    const prismaError = new Prisma.PrismaClientKnownRequestError("Record not found", {
-      code: "P2025",
-      clientVersion: "4.0.0",
-    });
-    vi.mocked(prisma.survey.delete).mockRejectedValue(prismaError);
-
-    await expect(deleteSurvey(surveyId)).rejects.toThrow(DatabaseError);
-    expect(logger.error).toHaveBeenCalledWith({ error: prismaError, surveyId }, "Error deleting survey");
-    expect(prisma.segment.delete).not.toHaveBeenCalled();
-  });
-
-  test("should handle PrismaClientKnownRequestError during segment deletion", async () => {
-    const prismaError = new Prisma.PrismaClientKnownRequestError("Foreign key constraint failed", {
-      code: "P2003",
-      clientVersion: "4.0.0",
-    });
-    vi.mocked(prisma.survey.delete).mockResolvedValue(mockDeletedSurveyAppPrivateSegment as any);
-    vi.mocked(prisma.segment.delete).mockRejectedValue(prismaError);
-
-    await expect(deleteSurvey(surveyId)).rejects.toThrow(DatabaseError);
-    expect(logger.error).toHaveBeenCalledWith({ error: prismaError, surveyId }, "Error deleting survey");
-    expect(prisma.segment.delete).toHaveBeenCalledWith({ where: { id: segmentId } });
-  });
-
-  test("should handle generic errors during deletion", async () => {
+  test("rethrows shared delete service errors", async () => {
    const genericError = new Error("Something went wrong");
-    vi.mocked(prisma.survey.delete).mockRejectedValue(genericError);
+    mockDeleteSharedSurvey.mockRejectedValue(genericError);

    await expect(deleteSurvey(surveyId)).rejects.toThrow(genericError);
-    expect(logger.error).not.toHaveBeenCalled();
-    expect(prisma.segment.delete).not.toHaveBeenCalled();
-  });
-
-  test("should throw validation error for invalid surveyId", async () => {
-    const invalidSurveyId = "invalid-id";
-    const validationError = new Error("Validation failed");
-    vi.mocked(validateInputs).mockImplementation(() => {
-      throw validationError;
-    });
-
-    await expect(deleteSurvey(invalidSurveyId)).rejects.toThrow(validationError);
-    expect(prisma.survey.delete).not.toHaveBeenCalled();
+    expect(mockDeleteSharedSurvey).toHaveBeenCalledWith(surveyId);
  });
 });
@@ -1,43 +1,3 @@
-import { Prisma } from "@prisma/client";
-import { z } from "zod";
-import { prisma } from "@formbricks/database";
-import { logger } from "@formbricks/logger";
-import { DatabaseError } from "@formbricks/types/errors";
-import { validateInputs } from "@/lib/utils/validate";
+import { deleteSurvey as deleteSharedSurvey } from "@/modules/survey/lib/surveys";

-export const deleteSurvey = async (surveyId: string) => {
-  validateInputs([surveyId, z.cuid2()]);
-
-  try {
-    const deletedSurvey = await prisma.survey.delete({
-      where: {
-        id: surveyId,
-      },
-      include: {
-        segment: true,
-        triggers: {
-          include: {
-            actionClass: true,
-          },
-        },
-      },
-    });
-
-    if (deletedSurvey.type === "app" && deletedSurvey.segment?.isPrivate) {
-      await prisma.segment.delete({
-        where: {
-          id: deletedSurvey.segment.id,
-        },
-      });
-    }
-
-    return deletedSurvey;
-  } catch (error) {
-    if (error instanceof Prisma.PrismaClientKnownRequestError) {
-      logger.error({ error, surveyId }, "Error deleting survey");
-      throw new DatabaseError(error.message);
-    }
-
-    throw error;
-  }
-};
+export const deleteSurvey = async (surveyId: string) => deleteSharedSurvey(surveyId);
@@ -1,5 +1,6 @@
 import { logger } from "@formbricks/logger";
 import { TAuthenticationApiKey } from "@formbricks/types/auth";
+import { ResourceNotFoundError } from "@formbricks/types/errors";
 import { ZSurveyUpdateInput } from "@formbricks/types/surveys/types";
 import { handleErrorResponse } from "@/app/api/v1/auth";
 import { deleteSurvey } from "@/app/api/v1/management/surveys/[surveyId]/lib/surveys";
@@ -70,6 +71,12 @@ export const GET = withV1ApiWrapper({
        response: responses.successResponse(resolveStorageUrlsInObject(result.survey)),
      };
    } catch (error) {
+      if (error instanceof ResourceNotFoundError) {
+        return {
+          response: responses.notFoundResponse("Survey", params.surveyId),
+        };
+      }
+
      return {
        response: handleErrorResponse(error),
      };
@@ -124,11 +124,8 @@ describe("checkSurveyValidity", () => {
    expect(result).toBeInstanceOf(Response);
    expect(result?.status).toBe(400);
    expect(responses.badRequestResponse).toHaveBeenCalledWith(
-      "Survey is part of another environment",
-      {
-        "survey.environmentId": "env-2",
-        environmentId: "env-1",
-      },
+      "Survey does not belong to this environment",
+      undefined,
      true
    );
  });
@@ -17,14 +17,7 @@ export const checkSurveyValidity = async (
  responseInput: TResponseInputV2
 ): Promise<Response | null> => {
  if (survey.environmentId !== environmentId) {
-    return responses.badRequestResponse(
-      "Survey is part of another environment",
-      {
-        "survey.environmentId": survey.environmentId,
-        environmentId,
-      },
-      true
-    );
+    return responses.badRequestResponse("Survey does not belong to this environment", undefined, true);
  }

  if (survey.type === "link" && survey.singleUse?.enabled) {
@@ -9,6 +9,22 @@ const { mockAuthenticateRequest, mockGetServerSession } = vi.hoisted(() => ({
  mockGetServerSession: vi.fn(),
 }));

+const { mockQueueAuditEvent, mockBuildAuditLogBaseObject } = vi.hoisted(() => ({
+  mockQueueAuditEvent: vi.fn().mockImplementation(async () => undefined),
+  mockBuildAuditLogBaseObject: vi.fn((action: string, targetType: string, apiUrl: string) => ({
+    action,
+    targetType,
+    userId: "unknown",
+    targetId: "unknown",
+    organizationId: "unknown",
+    status: "failure",
+    oldObject: undefined,
+    newObject: undefined,
+    userType: "api",
+    apiUrl,
+  })),
+}));
+
 vi.mock("next-auth", () => ({
  getServerSession: mockGetServerSession,
 }));
@@ -25,12 +41,12 @@ vi.mock("@/modules/core/rate-limit/helpers", () => ({
  applyRateLimit: vi.fn().mockResolvedValue(undefined),
 }));

-vi.mock("@/app/lib/api/api-error-reporter", () => ({
-  reportApiError: vi.fn(),
+vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
+  queueAuditEvent: mockQueueAuditEvent,
 }));

-vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
-  queueAuditEvent: vi.fn().mockResolvedValue(undefined),
+vi.mock("@/app/lib/api/with-api-logging", () => ({
+  buildAuditLogBaseObject: mockBuildAuditLogBaseObject,
 }));

 vi.mock("@formbricks/logger", () => ({
@@ -53,6 +69,114 @@ describe("withV3ApiWrapper", () => {
    vi.clearAllMocks();
  });

+  test("passes an audit log to the handler and queues success after the response", async () => {
+    const { queueAuditEvent } = await import("@/modules/ee/audit-logs/lib/handler");
+
+    mockGetServerSession.mockResolvedValue({
+      user: { id: "user_1", name: "Test", email: "t@example.com" },
+      expires: "2026-01-01",
+    });
+
+    const handler = vi.fn(async ({ auditLog }) => {
+      expect(auditLog).toEqual(
+        expect.objectContaining({
+          action: "deleted",
+          targetType: "survey",
+          userId: "user_1",
+          userType: "user",
+          status: "failure",
+        })
+      );
+
+      if (auditLog) {
+        auditLog.targetId = "survey_1";
+        auditLog.organizationId = "org_1";
+        auditLog.oldObject = { id: "survey_1" };
+      }
+
+      return Response.json({ ok: true });
+    });
+
+    const wrapped = withV3ApiWrapper({
+      auth: "both",
+      action: "deleted",
+      targetType: "survey",
+      handler,
+    });
+
+    const response = await wrapped(
+      new NextRequest("http://localhost/api/v3/surveys/survey_1", {
+        method: "DELETE",
+        headers: { "x-request-id": "req-audit" },
+      }),
+      {} as never
+    );
+
+    expect(response.status).toBe(200);
+    expect(queueAuditEvent).toHaveBeenCalledWith(
+      expect.objectContaining({
+        action: "deleted",
+        targetType: "survey",
+        targetId: "survey_1",
+        organizationId: "org_1",
+        userId: "user_1",
+        userType: "user",
+        status: "success",
+        oldObject: { id: "survey_1" },
+      })
+    );
+  });
+
+  test("queues a failure audit log when the handler returns a non-ok response", async () => {
+    const { queueAuditEvent } = await import("@/modules/ee/audit-logs/lib/handler");
+
+    mockAuthenticateRequest.mockResolvedValue({
+      type: "apiKey",
+      apiKeyId: "key_1",
+      organizationId: "org_1",
+      organizationAccess: { accessControl: { read: true, write: true } },
+      environmentPermissions: [],
+    });
+
+    const wrapped = withV3ApiWrapper({
+      auth: "both",
+      action: "deleted",
+      targetType: "survey",
+      handler: async ({ auditLog }) => {
+        if (auditLog) {
+          auditLog.targetId = "survey_2";
+        }
+
+        return new Response("forbidden", { status: 403 });
+      },
+    });
+
+    const response = await wrapped(
+      new NextRequest("http://localhost/api/v3/surveys/survey_2", {
+        method: "DELETE",
+        headers: {
+          "x-request-id": "req-failure-audit",
+          "x-api-key": "fbk_test",
+        },
+      }),
+      {} as never
+    );
+
+    expect(response.status).toBe(403);
+    expect(queueAuditEvent).toHaveBeenCalledWith(
+      expect.objectContaining({
+        action: "deleted",
+        targetType: "survey",
+        targetId: "survey_2",
+        organizationId: "org_1",
+        userId: "key_1",
+        userType: "api",
+        status: "failure",
+        eventId: "req-failure-audit",
+      })
+    );
+  });
+
  test("uses session auth first in both mode and injects request id into plain responses", async () => {
    const { applyRateLimit } = await import("@/modules/core/rate-limit/helpers");
    mockGetServerSession.mockResolvedValue({
@@ -329,67 +453,4 @@ describe("withV3ApiWrapper", () => {
    expect(body.code).toBe("internal_server_error");
    expect(body.requestId).toBe("req-boom");
  });
-
-  test("reports handled non-ok responses and queues audit logs when configured", async () => {
-    mockGetServerSession.mockResolvedValue({
-      user: { id: "user_1" },
-      expires: "2026-01-01",
-    });
-
-    const { reportApiError } = await import("@/app/lib/api/api-error-reporter");
-    const { queueAuditEvent } = await import("@/modules/ee/audit-logs/lib/handler");
-
-    const wrapped = withV3ApiWrapper({
-      auth: "both",
-      action: "deleted",
-      targetType: "survey",
-      handler: async ({ auditLog }) => {
-        if (auditLog) {
-          auditLog.organizationId = "org_1";
-          auditLog.targetId = "survey_1";
-        }
-
-        return new Response(null, { status: 204 });
-      },
-    });
-
-    const response = await wrapped(new NextRequest("http://localhost/api/v3/surveys/survey_1"), {} as never);
-
-    expect(response.status).toBe(204);
-    expect(vi.mocked(reportApiError)).not.toHaveBeenCalled();
-    expect(vi.mocked(queueAuditEvent)).toHaveBeenCalledWith(
-      expect.objectContaining({
-        action: "deleted",
-        targetType: "survey",
-        targetId: "survey_1",
-        organizationId: "org_1",
-        userId: "user_1",
-        userType: "user",
-        status: "success",
-      })
-    );
-  });
-
-  test("reports handler error responses through reportApiError", async () => {
-    mockGetServerSession.mockResolvedValue({
-      user: { id: "user_1" },
-      expires: "2026-01-01",
-    });
-
-    const { reportApiError } = await import("@/app/lib/api/api-error-reporter");
-    const wrapped = withV3ApiWrapper({
-      auth: "both",
-      handler: async () => new Response(JSON.stringify({ error: true }), { status: 403 }),
-    });
-
-    const response = await wrapped(new NextRequest("http://localhost/api/v3/surveys"), {} as never);
-
-    expect(response.status).toBe(403);
-    expect(vi.mocked(reportApiError)).toHaveBeenCalledWith(
-      expect.objectContaining({
-        status: 403,
-        apiVersion: "v3",
-      })
-    );
-  });
 });
@@ -4,14 +4,13 @@ import { z } from "zod";
 import { logger } from "@formbricks/logger";
 import { TooManyRequestsError } from "@formbricks/types/errors";
 import { authenticateRequest } from "@/app/api/v1/auth";
-import { reportApiError } from "@/app/lib/api/api-error-reporter";
 import { buildAuditLogBaseObject } from "@/app/lib/api/with-api-logging";
 import { authOptions } from "@/modules/auth/lib/authOptions";
 import { applyRateLimit } from "@/modules/core/rate-limit/helpers";
 import { rateLimitConfigs } from "@/modules/core/rate-limit/rate-limit-configs";
 import type { TRateLimitConfig } from "@/modules/core/rate-limit/types/rate-limit";
 import { queueAuditEvent } from "@/modules/ee/audit-logs/lib/handler";
-import type { TAuditAction, TAuditTarget } from "@/modules/ee/audit-logs/types/audit-log";
+import { TAuditAction, TAuditTarget } from "@/modules/ee/audit-logs/types/audit-log";
 import {
  type InvalidParam,
  problemBadRequest,
@@ -42,10 +41,10 @@ export type TV3HandlerParams<TParsedInput = Record<string, never>, TProps = unkn
  req: NextRequest;
  props: TProps;
  authentication: TV3Authentication;
+  auditLog?: TV3AuditLog;
  parsedInput: TParsedInput;
  requestId: string;
  instance: string;
-  auditLog?: TV3AuditLog;
 };

 export type TWithV3ApiWrapperParams<S extends TV3Schemas | undefined, TProps = unknown> = {
@@ -71,22 +70,10 @@ function getUnauthenticatedDetail(authMode: TV3AuthMode): string {
 }

 function formatZodIssues(error: z.ZodError, fallbackName: "body" | "query" | "params"): InvalidParam[] {
-  return error.issues.flatMap((issue) => {
-    if (issue.code === "unrecognized_keys" && issue.keys.length > 0) {
-      const prefix = issue.path.length > 0 ? `${issue.path.join(".")}.` : "";
-      return issue.keys.map((key) => ({
-        name: `${prefix}${key}`,
-        reason: "Unsupported field",
-      }));
-    }
-
-    return [
-      {
-        name: issue.path.length > 0 ? issue.path.join(".") : fallbackName,
-        reason: issue.message,
-      },
-    ];
-  });
+  return error.issues.map((issue) => ({
+    name: issue.path.length > 0 ? issue.path.join(".") : fallbackName,
+    reason: issue.message,
+  }));
 }

 function searchParamsToObject(searchParams: URLSearchParams): Record<string, string | string[]> {
@@ -258,56 +245,6 @@ function ensureRequestIdHeader(response: Response, requestId: string): Response
  });
 }

-function enrichV3AuditLog(authentication: TV3Authentication, auditLog?: TV3AuditLog): void {
-  if (!authentication || !auditLog) {
-    return;
-  }
-
-  if ("user" in authentication && authentication.user?.id) {
-    auditLog.userId = authentication.user.id;
-    auditLog.userType = "user";
-    return;
-  }
-
-  if ("apiKeyId" in authentication) {
-    auditLog.userId = authentication.apiKeyId;
-    auditLog.userType = "api";
-    auditLog.organizationId = authentication.organizationId;
-  }
-}
-
-async function processV3Response(params: {
-  response: Response;
-  request: NextRequest;
-  requestId: string;
-  auditLog?: TV3AuditLog;
-  error?: unknown;
-}): Promise<Response> {
-  const responseWithRequestId = ensureRequestIdHeader(params.response, params.requestId);
-
-  if (params.auditLog) {
-    params.auditLog.status = responseWithRequestId.ok ? "success" : "failure";
-    if (!responseWithRequestId.ok) {
-      params.auditLog.eventId = params.requestId;
-    }
-  }
-
-  if (!responseWithRequestId.ok) {
-    reportApiError({
-      request: params.request,
-      status: responseWithRequestId.status,
-      error: params.error,
-      apiVersion: "v3",
-    });
-  }
-
-  if (params.auditLog) {
-    await queueAuditEvent(params.auditLog);
-  }
-
-  return responseWithRequestId;
-}
-
 async function authenticateV3RequestOrRespond(
  req: NextRequest,
  authMode: TV3AuthMode,
@@ -362,6 +299,49 @@ async function applyV3RateLimitOrRespond(params: {
  return null;
 }

+function buildV3AuditLog(
+  authentication: TV3Authentication,
+  action?: TAuditAction,
+  targetType?: TAuditTarget,
+  apiUrl?: string
+): TV3AuditLog | undefined {
+  if (!authentication || !action || !targetType || !apiUrl) {
+    return undefined;
+  }
+
+  const auditLog = buildAuditLogBaseObject(action, targetType, apiUrl);
+
+  if ("user" in authentication && authentication.user?.id) {
+    auditLog.userId = authentication.user.id;
+    auditLog.userType = "user";
+  } else if ("apiKeyId" in authentication) {
+    auditLog.userId = authentication.apiKeyId;
+    auditLog.userType = "api";
+    auditLog.organizationId = authentication.organizationId;
+  }
+
+  return auditLog;
+}
+
+async function queueV3AuditLog(
+  auditLog: TV3AuditLog | undefined,
+  requestId: string,
+  log: ReturnType<typeof logger.withContext>
+): Promise<void> {
+  if (!auditLog) {
+    return;
+  }
+
+  try {
+    await queueAuditEvent({
+      ...auditLog,
+      ...(auditLog.status === "failure" ? { eventId: auditLog.eventId ?? requestId } : {}),
+    });
+  } catch (error) {
+    log.error({ error }, "Failed to queue V3 audit event");
+  }
+}
+
 export const withV3ApiWrapper = <S extends TV3Schemas | undefined, TProps = unknown>(
  params: TWithV3ApiWrapperParams<S, TProps>
 ): ((req: NextRequest, props: TProps) => Promise<Response>) => {
@@ -370,43 +350,32 @@ export const withV3ApiWrapper = <S extends TV3Schemas | undefined, TProps = unkn
    schemas,
    rateLimit = true,
    customRateLimitConfig,
+    handler,
    action,
    targetType,
-    handler,
  } = params;

  return async (req: NextRequest, props: TProps): Promise<Response> => {
    const requestId = req.headers.get("x-request-id") ?? crypto.randomUUID();
    const instance = req.nextUrl.pathname;
-    const auditLog = action && targetType ? buildAuditLogBaseObject(action, targetType, req.url) : undefined;
    const log = logger.withContext({
      requestId,
      method: req.method,
      path: instance,
    });
+    let auditLog: TV3AuditLog | undefined;

    try {
      const authResult = await authenticateV3RequestOrRespond(req, auth, requestId, instance);
      if (authResult.response) {
        log.warn({ statusCode: authResult.response.status }, "V3 API authentication failed");
-        return await processV3Response({
-          response: authResult.response,
-          request: req,
-          requestId,
-          auditLog,
-        });
+        return authResult.response;
      }
-      enrichV3AuditLog(authResult.authentication, auditLog);

      const parsedInputResult = await parseV3Input(req, props, schemas, requestId, instance);
      if (!parsedInputResult.ok) {
        log.warn({ statusCode: parsedInputResult.response.status }, "V3 API request validation failed");
-        return await processV3Response({
-          response: parsedInputResult.response,
-          request: req,
-          requestId,
-          auditLog,
-        });
+        return parsedInputResult.response;
      }

      const rateLimitResponse = await applyV3RateLimitOrRespond({
@@ -417,39 +386,38 @@ export const withV3ApiWrapper = <S extends TV3Schemas | undefined, TProps = unkn
        log,
      });
      if (rateLimitResponse) {
-        return await processV3Response({
-          response: rateLimitResponse,
-          request: req,
-          requestId,
-          auditLog,
-        });
+        return rateLimitResponse;
      }

+      auditLog = buildV3AuditLog(authResult.authentication, action, targetType, req.url);
+
      const response = await handler({
        req,
        props,
        authentication: authResult.authentication,
+        auditLog,
        parsedInput: parsedInputResult.parsedInput,
        requestId,
        instance,
-        auditLog,
      });

-      return await processV3Response({
-        response,
-        request: req,
-        requestId,
-        auditLog,
-      });
+      if (auditLog) {
+        if (response.ok) {
+          auditLog.status = "success";
+        } else {
+          auditLog.eventId = requestId;
+        }
+      }
+
+      await queueV3AuditLog(auditLog, requestId, log);
+      return ensureRequestIdHeader(response, requestId);
    } catch (error) {
+      if (auditLog) {
+        auditLog.eventId = requestId;
+        await queueV3AuditLog(auditLog, requestId, log);
+      }
      log.error({ error, statusCode: 500 }, "V3 API unexpected error");
-      return await processV3Response({
-        response: problemInternalError(requestId, "An unexpected error occurred.", instance),
-        request: req,
-        requestId,
-        auditLog,
-        error,
-      });
+      return problemInternalError(requestId, "An unexpected error occurred.", instance);
    }
  };
 };
@@ -4,11 +4,7 @@ import { AuthorizationError, ResourceNotFoundError } from "@formbricks/types/err
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import { getOrganizationIdFromProjectId } from "@/lib/utils/helper";
 import { getEnvironment } from "@/lib/utils/services";
-import { requireSessionWorkspaceAccess, requireV3SurveyAccess, requireV3WorkspaceAccess } from "./auth";
-
-const { mockGetSurvey } = vi.hoisted(() => ({
-  mockGetSurvey: vi.fn(),
-}));
+import { requireSessionWorkspaceAccess, requireV3WorkspaceAccess } from "./auth";

 vi.mock("@formbricks/logger", () => ({
  logger: {
@@ -31,10 +27,6 @@ vi.mock("@/lib/utils/action-client/action-client-middleware", () => ({
  checkAuthorizationUpdated: vi.fn(),
 }));

-vi.mock("@/modules/survey/lib/survey", () => ({
-  getSurvey: mockGetSurvey,
-}));
-
 const requestId = "req-123";

 describe("requireSessionWorkspaceAccess", () => {
@@ -280,84 +272,3 @@ describe("requireV3WorkspaceAccess", () => {
    expect((r as Response).status).toBe(401);
  });
 });
-
-describe("requireV3SurveyAccess", () => {
-  beforeEach(() => {
-    vi.mocked(getEnvironment).mockResolvedValue({
-      id: "env_survey",
-      projectId: "proj_survey",
-    } as any);
-    vi.mocked(getOrganizationIdFromProjectId).mockResolvedValue("org_survey");
-  });
-
-  test("returns 404 when the survey does not exist", async () => {
-    mockGetSurvey.mockResolvedValueOnce(null);
-
-    const result = await requireV3SurveyAccess(
-      { user: { id: "user_1" }, expires: "" } as any,
-      "survey_missing",
-      "read",
-      requestId
-    );
-
-    expect(result).toBeInstanceOf(Response);
-    expect((result as Response).status).toBe(404);
-    expect(getEnvironment).not.toHaveBeenCalled();
-  });
-
-  test("returns survey context when the survey exists and the caller has access", async () => {
-    const survey = {
-      id: "survey_1",
-      environmentId: "env_survey",
-    };
-
-    mockGetSurvey.mockResolvedValueOnce(survey as any);
-    vi.mocked(checkAuthorizationUpdated).mockResolvedValueOnce(undefined as any);
-
-    const result = await requireV3SurveyAccess(
-      { user: { id: "user_1" }, expires: "" } as any,
-      "survey_1",
-      "readWrite",
-      requestId
-    );
-
-    expect(result).toEqual({
-      environmentId: "env_survey",
-      projectId: "proj_survey",
-      organizationId: "org_survey",
-      survey,
-    });
-  });
-
-  test("returns 403 when the survey exists but the caller lacks access", async () => {
-    mockGetSurvey.mockResolvedValueOnce({
-      id: "survey_forbidden",
-      environmentId: "env_survey",
-    } as any);
-    vi.mocked(checkAuthorizationUpdated).mockRejectedValueOnce(new AuthorizationError("Forbidden"));
-
-    const result = await requireV3SurveyAccess(
-      { user: { id: "user_1" }, expires: "" } as any,
-      "survey_forbidden",
-      "read",
-      requestId
-    );
-
-    expect(result).toBeInstanceOf(Response);
-    expect((result as Response).status).toBe(403);
-  });
-
-  test("returns 404 when loading the survey throws ResourceNotFoundError", async () => {
-    mockGetSurvey.mockRejectedValueOnce(new ResourceNotFoundError("Survey", "survey_err"));
-
-    const result = await requireV3SurveyAccess(
-      { user: { id: "user_1" }, expires: "" } as any,
-      "survey_err",
-      "read",
-      requestId
-    );
-
-    expect(result).toBeInstanceOf(Response);
-    expect((result as Response).status).toBe(404);
-  });
-});
@@ -5,11 +5,9 @@ import { ApiKeyPermission } from "@prisma/client";
 import { logger } from "@formbricks/logger";
 import type { TAuthenticationApiKey } from "@formbricks/types/auth";
 import { AuthorizationError, ResourceNotFoundError } from "@formbricks/types/errors";
-import type { TSurvey } from "@formbricks/types/surveys/types";
 import { checkAuthorizationUpdated } from "@/lib/utils/action-client/action-client-middleware";
 import type { TTeamPermission } from "@/modules/ee/teams/project-teams/types/team";
-import { getSurvey } from "@/modules/survey/lib/survey";
-import { problemForbidden, problemNotFound, problemUnauthorized } from "./response";
+import { problemForbidden, problemUnauthorized } from "./response";
 import type { TV3Authentication } from "./types";
 import { type V3WorkspaceContext, resolveV3WorkspaceContext } from "./workspace-context";

@@ -29,97 +27,6 @@ function apiKeyPermissionAllows(permission: ApiKeyPermission, minPermission: TTe
  return grantedRank >= requiredRank;
 }

-export type V3SurveyContext = V3WorkspaceContext & {
-  survey: TSurvey;
-};
-
-async function authorizeSessionWorkspaceContext(
-  authentication: TV3Authentication,
-  context: V3WorkspaceContext,
-  minPermission: TTeamPermission,
-  requestId: string,
-  instance?: string
-): Promise<Response | V3WorkspaceContext> {
-  if (!("user" in authentication) || !authentication.user?.id) {
-    return problemUnauthorized(requestId, "Session required", instance);
-  }
-
-  const log = logger.withContext({ requestId, workspaceId: context.environmentId });
-
-  try {
-    await checkAuthorizationUpdated({
-      userId: authentication.user.id,
-      organizationId: context.organizationId,
-      access: [
-        { type: "organization", roles: ["owner", "manager"] },
-        { type: "projectTeam", projectId: context.projectId, minPermission },
-      ],
-    });
-
-    return context;
-  } catch (err) {
-    if (err instanceof AuthorizationError) {
-      log.warn({ statusCode: 403, errorCode: err.name }, "Forbidden");
-      return problemForbidden(requestId, "You are not authorized to access this resource", instance);
-    }
-
-    throw err;
-  }
-}
-
-function authorizeApiKeyWorkspaceContext(
-  authentication: TAuthenticationApiKey,
-  context: V3WorkspaceContext,
-  minPermission: TTeamPermission,
-  requestId: string,
-  instance?: string
-): Response | V3WorkspaceContext {
-  const log = logger.withContext({
-    requestId,
-    workspaceId: context.environmentId,
-    apiKeyId: authentication.apiKeyId,
-  });
-
-  const permission = authentication.environmentPermissions.find(
-    (environmentPermission) => environmentPermission.environmentId === context.environmentId
-  );
-
-  if (!permission || !apiKeyPermissionAllows(permission.permission, minPermission)) {
-    log.warn({ statusCode: 403 }, "API key not allowed for workspace");
-    return problemForbidden(requestId, "You are not authorized to access this resource", instance);
-  }
-
-  return context;
-}
-
-async function authorizeV3WorkspaceContext(
-  authentication: TV3Authentication,
-  context: V3WorkspaceContext,
-  minPermission: TTeamPermission,
-  requestId: string,
-  instance?: string
-): Promise<Response | V3WorkspaceContext> {
-  if (!authentication) {
-    return problemUnauthorized(requestId, "Not authenticated", instance);
-  }
-
-  if ("user" in authentication && authentication.user?.id) {
-    return await authorizeSessionWorkspaceContext(
-      authentication,
-      context,
-      minPermission,
-      requestId,
-      instance
-    );
-  }
-
-  if ("apiKeyId" in authentication && Array.isArray(authentication.environmentPermissions)) {
-    return authorizeApiKeyWorkspaceContext(authentication, context, minPermission, requestId, instance);
-  }
-
-  return problemUnauthorized(requestId, "Not authenticated", instance);
-}
-
 /**
 * Require session and workspace access. workspaceId is resolved via the V3 workspace-context layer.
 * Returns a Response (401 or 403) on failure, or the resolved workspace context on success so callers
@@ -133,6 +40,7 @@ export async function requireSessionWorkspaceAccess(
  requestId: string,
  instance?: string
 ): Promise<Response | V3WorkspaceContext> {
+  // --- Session checks ---
  if (!authentication) {
    return problemUnauthorized(requestId, "Not authenticated", instance);
  }
@@ -140,19 +48,28 @@ export async function requireSessionWorkspaceAccess(
    return problemUnauthorized(requestId, "Session required", instance);
  }

+  const userId = authentication.user.id;
+  const log = logger.withContext({ requestId, workspaceId });
+
  try {
+    // Resolve workspaceId → environmentId, projectId, organizationId (single place to change when Workspace exists).
    const context = await resolveV3WorkspaceContext(workspaceId);
-    return await authorizeSessionWorkspaceContext(
-      authentication,
-      context,
-      minPermission,
-      requestId,
-      instance
-    );
+
+    // Org + project-team access; we use internal IDs from context.
+    await checkAuthorizationUpdated({
+      userId,
+      organizationId: context.organizationId,
+      access: [
+        { type: "organization", roles: ["owner", "manager"] },
+        { type: "projectTeam", projectId: context.projectId, minPermission },
+      ],
+    });
+
+    return context;
  } catch (err) {
-    const log = logger.withContext({ requestId, workspaceId });
-    if (err instanceof ResourceNotFoundError) {
-      log.warn({ statusCode: 403, errorCode: err.name }, "Workspace not found");
+    if (err instanceof ResourceNotFoundError || err instanceof AuthorizationError) {
+      const message = err instanceof ResourceNotFoundError ? "Workspace not found" : "Forbidden";
+      log.warn({ statusCode: 403, errorCode: err.name }, message);
      return problemForbidden(requestId, "You are not authorized to access this resource", instance);
    }
    throw err;
@@ -167,54 +84,39 @@ export async function requireV3WorkspaceAccess(
  requestId: string,
  instance?: string
 ): Promise<Response | V3WorkspaceContext> {
-  try {
-    const context = await resolveV3WorkspaceContext(workspaceId);
-    return await authorizeV3WorkspaceContext(authentication, context, minPermission, requestId, instance);
-  } catch (error) {
-    const log = logger.withContext({ requestId, workspaceId });
-    if (error instanceof ResourceNotFoundError) {
-      log.warn({ statusCode: 403, errorCode: error.name }, "Workspace not found");
-      return problemForbidden(requestId, "You are not authorized to access this resource", instance);
-    }
-
-    throw error;
+  if (!authentication) {
+    return problemUnauthorized(requestId, "Not authenticated", instance);
  }
-}

-export async function requireV3SurveyAccess(
-  authentication: TV3Authentication,
-  surveyId: string,
-  minPermission: TTeamPermission,
-  requestId: string,
-  instance?: string
-): Promise<Response | V3SurveyContext> {
-  try {
-    const survey = await getSurvey(surveyId);
-    if (!survey) {
-      return problemNotFound(requestId, "Survey", surveyId, instance);
-    }
-
-    const workspaceAccess = await requireV3WorkspaceAccess(
-      authentication,
-      survey.environmentId,
-      minPermission,
-      requestId,
-      instance
-    );
-
-    if (workspaceAccess instanceof Response) {
-      return workspaceAccess;
-    }
-
-    return {
-      ...workspaceAccess,
-      survey,
-    };
-  } catch (error) {
-    if (error instanceof ResourceNotFoundError) {
-      return problemNotFound(requestId, "Survey", surveyId, instance);
-    }
-
-    throw error;
+  if ("user" in authentication && authentication.user?.id) {
+    return requireSessionWorkspaceAccess(authentication, workspaceId, minPermission, requestId, instance);
  }
+
+  const keyAuth = authentication as TAuthenticationApiKey;
+  if (keyAuth.apiKeyId && Array.isArray(keyAuth.environmentPermissions)) {
+    const log = logger.withContext({ requestId, workspaceId, apiKeyId: keyAuth.apiKeyId });
+
+    try {
+      const context = await resolveV3WorkspaceContext(workspaceId);
+      const permission = keyAuth.environmentPermissions.find(
+        (environmentPermission) => environmentPermission.environmentId === context.environmentId
+      );
+
+      if (!permission || !apiKeyPermissionAllows(permission.permission, minPermission)) {
+        log.warn({ statusCode: 403 }, "API key not allowed for workspace");
+        return problemForbidden(requestId, "You are not authorized to access this resource", instance);
+      }
+
+      return context;
+    } catch (error) {
+      if (error instanceof ResourceNotFoundError) {
+        log.warn({ statusCode: 403, errorCode: error.name }, "Workspace not found");
+        return problemForbidden(requestId, "You are not authorized to access this resource", instance);
+      }
+
+      throw error;
+    }
+  }
+
+  return problemUnauthorized(requestId, "Not authenticated", instance);
 }
@@ -1,7 +1,5 @@
 import { describe, expect, test } from "vitest";
 import {
-  createdResponse,
-  noContentResponse,
  problemBadRequest,
  problemForbidden,
  problemInternalError,
@@ -73,37 +71,6 @@ describe("v3 problem responses", () => {
  });
 });

-describe("item success responses", () => {
-  test("successResponse sets request id and omits meta by default", async () => {
-    const res = successResponse({ id: "survey_1" }, { requestId: "req-success" });
-    expect(res.status).toBe(200);
-    expect(res.headers.get("X-Request-Id")).toBe("req-success");
-    expect(await res.json()).toEqual({
-      data: { id: "survey_1" },
-    });
-  });
-
-  test("createdResponse sets location header", async () => {
-    const res = createdResponse(
-      { id: "survey_1" },
-      { requestId: "req-created", location: "/api/v3/surveys/survey_1" }
-    );
-    expect(res.status).toBe(201);
-    expect(res.headers.get("Location")).toBe("/api/v3/surveys/survey_1");
-    expect(res.headers.get("X-Request-Id")).toBe("req-created");
-    expect(await res.json()).toEqual({
-      data: { id: "survey_1" },
-    });
-  });
-
-  test("noContentResponse keeps request id and no-store cache", () => {
-    const res = noContentResponse({ requestId: "req-no-content" });
-    expect(res.status).toBe(204);
-    expect(res.headers.get("X-Request-Id")).toBe("req-no-content");
-    expect(res.headers.get("Cache-Control")).toContain("no-store");
-  });
-});
-
 describe("successListResponse", () => {
  test("sets X-Request-Id and default cache", async () => {
    const res = successListResponse(
@@ -127,3 +94,27 @@ describe("successListResponse", () => {
    expect(res.headers.get("Cache-Control")).toBe("private, max-age=0");
  });
 });
+
+describe("successResponse", () => {
+  test("wraps the payload in a data envelope", async () => {
+    const res = successResponse({ id: "survey_1" }, { requestId: "req-success" });
+    expect(res.status).toBe(200);
+    expect(res.headers.get("X-Request-Id")).toBe("req-success");
+    expect(res.headers.get("Cache-Control")).toContain("no-store");
+    expect(await res.json()).toEqual({
+      data: { id: "survey_1" },
+    });
+  });
+
+  test("allows custom status and cache headers", async () => {
+    const res = successResponse(
+      { ok: true },
+      {
+        cache: "private, max-age=60",
+        status: 202,
+      }
+    );
+    expect(res.status).toBe(202);
+    expect(res.headers.get("Cache-Control")).toBe("private, max-age=60");
+  });
+});
@@ -59,46 +59,6 @@ function problemResponse(
  return Response.json(body, { status, headers });
 }

-function buildSuccessHeaders(options?: {
-  requestId?: string;
-  cache?: string;
-  headers?: Record<string, string>;
-}): Record<string, string> {
-  const headers: Record<string, string> = {
-    "Content-Type": "application/json",
-    "Cache-Control": options?.cache ?? CACHE_NO_STORE,
-    ...options?.headers,
-  };
-
-  if (options?.requestId) {
-    headers["X-Request-Id"] = options.requestId;
-  }
-
-  return headers;
-}
-
-function successJsonResponse<T, TMeta extends Record<string, unknown> | undefined>(
-  status: number,
-  data: T,
-  options?: {
-    requestId?: string;
-    cache?: string;
-    meta?: TMeta;
-    headers?: Record<string, string>;
-  }
-): Response {
-  return Response.json(
-    {
-      data,
-      ...(options?.meta ? { meta: options.meta } : {}),
-    },
-    {
-      status,
-      headers: buildSuccessHeaders(options),
-    }
-  );
-}
-
 export function problemBadRequest(
  requestId: string,
  detail: string,
@@ -173,46 +133,41 @@ export function problemTooManyRequests(requestId: string, detail: string, retryA
  });
 }

-export function successResponse<T, TMeta extends Record<string, unknown> | undefined = undefined>(
-  data: T,
-  options?: { requestId?: string; cache?: string; meta?: TMeta }
-): Response {
-  return successJsonResponse(200, data, options);
-}
-
-export function createdResponse<T, TMeta extends Record<string, unknown> | undefined = undefined>(
-  data: T,
-  options?: {
-    requestId?: string;
-    cache?: string;
-    meta?: TMeta;
-    location?: string;
-  }
-): Response {
-  return successJsonResponse(201, data, {
-    ...options,
-    headers: options?.location ? { Location: options.location } : undefined,
-  });
-}
-
-export function noContentResponse(options?: { requestId?: string; cache?: string }): Response {
-  return new Response(null, {
-    status: 204,
-    headers: {
-      "Cache-Control": options?.cache ?? CACHE_NO_STORE,
-      ...(options?.requestId ? { "X-Request-Id": options.requestId } : {}),
-    },
-  });
-}
-
 export function successListResponse<T, TMeta extends Record<string, unknown>>(
  data: T[],
  meta: TMeta,
  options?: { requestId?: string; cache?: string }
 ): Response {
-  return successJsonResponse(200, data, {
-    requestId: options?.requestId,
-    cache: options?.cache,
-    meta,
-  });
+  const headers: Record<string, string> = {
+    "Content-Type": "application/json",
+    "Cache-Control": options?.cache ?? CACHE_NO_STORE,
+  };
+  if (options?.requestId) {
+    headers["X-Request-Id"] = options.requestId;
+  }
+  return Response.json({ data, meta }, { status: 200, headers });
+}
+
+export function successResponse<T>(
+  data: T,
+  options?: { requestId?: string; cache?: string; status?: number }
+): Response {
+  const headers: Record<string, string> = {
+    "Content-Type": "application/json",
+    "Cache-Control": options?.cache ?? CACHE_NO_STORE,
+  };
+
+  if (options?.requestId) {
+    headers["X-Request-Id"] = options.requestId;
+  }
+
+  return Response.json(
+    {
+      data,
+    },
+    {
+      status: options?.status ?? 200,
+      headers,
+    }
+  );
 }
@@ -1,20 +1,32 @@
-import { createId } from "@paralleldrive/cuid2";
+import { ApiKeyPermission, EnvironmentType } from "@prisma/client";
 import { NextRequest } from "next/server";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { OperationNotAllowedError } from "@formbricks/types/errors";
-import { requireV3SurveyAccess } from "@/app/api/v3/lib/auth";
-import { updateSurvey } from "@/lib/survey/service";
-import { queueAuditEvent } from "@/modules/ee/audit-logs/lib/handler";
-import { checkExternalUrlsPermission } from "@/modules/survey/editor/lib/check-external-urls-permission";
-import { deleteSurvey } from "@/modules/survey/list/lib/survey";
-import { buildV3SurveyCreateInput, buildV3SurveyPreview } from "../adapters";
-import { ZV3SurveyCreateBody } from "../schemas";
-import { DELETE, GET, PATCH } from "./route";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
+import { getSurvey } from "@/lib/survey/service";
+import { deleteSurvey } from "@/modules/survey/lib/surveys";
+import { DELETE } from "./route";

 const { mockAuthenticateRequest } = vi.hoisted(() => ({
  mockAuthenticateRequest: vi.fn(),
 }));

+const { mockQueueAuditEvent, mockBuildAuditLogBaseObject } = vi.hoisted(() => ({
+  mockQueueAuditEvent: vi.fn().mockImplementation(async () => undefined),
+  mockBuildAuditLogBaseObject: vi.fn((action: string, targetType: string, apiUrl: string) => ({
+    action,
+    targetType,
+    userId: "unknown",
+    targetId: "unknown",
+    organizationId: "unknown",
+    status: "failure",
+    oldObject: undefined,
+    newObject: undefined,
+    userType: "api",
+    apiUrl,
+  })),
+}));
+
 vi.mock("next-auth", () => ({
  getServerSession: vi.fn(),
 }));
@@ -35,32 +47,24 @@ vi.mock("@/lib/constants", async (importOriginal) => {
 });

 vi.mock("@/app/api/v3/lib/auth", () => ({
-  requireV3SurveyAccess: vi.fn(),
+  requireV3WorkspaceAccess: vi.fn(),
 }));

 vi.mock("@/lib/survey/service", () => ({
-  updateSurvey: vi.fn(),
+  getSurvey: vi.fn(),
 }));

-vi.mock("@/modules/survey/list/lib/survey", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("@/modules/survey/list/lib/survey")>();
-  return {
-    ...actual,
-    deleteSurvey: vi.fn(),
-  };
-});
-
-vi.mock("@/modules/survey/editor/lib/check-external-urls-permission", () => ({
-  checkExternalUrlsPermission: vi.fn(),
+vi.mock("@/modules/survey/lib/surveys", () => ({
+  deleteSurvey: vi.fn(),
 }));

-vi.mock("@/modules/ee/audit-logs/lib/handler", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("@/modules/ee/audit-logs/lib/handler")>();
-  return {
-    ...actual,
-    queueAuditEvent: vi.fn(),
-  };
-});
+vi.mock("@/modules/ee/audit-logs/lib/handler", () => ({
+  queueAuditEvent: mockQueueAuditEvent,
+}));
+
+vi.mock("@/app/lib/api/with-api-logging", () => ({
+  buildAuditLogBaseObject: mockBuildAuditLogBaseObject,
+}));

 vi.mock("@formbricks/logger", () => ({
  logger: {
@@ -72,56 +76,42 @@ vi.mock("@formbricks/logger", () => ({
 }));

 const getServerSession = vi.mocked((await import("next-auth")).getServerSession);
+const queueAuditEvent = vi.mocked((await import("@/modules/ee/audit-logs/lib/handler")).queueAuditEvent);

-const workspaceId = createId();
-const surveyId = createId();
-const requestId = "req-item";
-const baseCreateBody = {
-  workspaceId,
-  name: "Item API Survey",
-  blocks: [
-    {
-      id: createId(),
-      name: "Intro",
-      elements: [
-        {
-          id: "question_1",
-          type: "openText",
-          headline: { default: "What should we improve?" },
-          required: true,
-        },
-      ],
-    },
-  ],
-};
-const parsedCreateBody = ZV3SurveyCreateBody.parse(baseCreateBody);
+const surveyId = "clxx1234567890123456789012";
+const environmentId = "clzz9876543210987654321098";

-function buildSurveyFixture(name = "Item API Survey") {
-  return buildV3SurveyPreview(
-    workspaceId,
-    buildV3SurveyCreateInput(
-      {
-        ...parsedCreateBody,
-        name,
-      },
-      "user_1"
-    ),
-    surveyId
-  );
-}
+function createRequest(url: string, requestId?: string, extraHeaders?: Record<string, string>): NextRequest {
+  const headers: Record<string, string> = { ...extraHeaders };
+  if (requestId) {
+    headers["x-request-id"] = requestId;
+  }

-function createRequest(method: string, url: string, body?: unknown): NextRequest {
  return new NextRequest(url, {
-    method,
-    headers: {
-      "Content-Type": "application/json",
-      "x-request-id": requestId,
-    },
-    body: body === undefined ? undefined : JSON.stringify(body),
+    method: "DELETE",
+    headers,
  });
 }

-describe("/api/v3/surveys/[surveyId]", () => {
+const apiKeyAuth = {
+  type: "apiKey" as const,
+  apiKeyId: "key_1",
+  organizationId: "org_1",
+  organizationAccess: {
+    accessControl: { read: true, write: true },
+  },
+  environmentPermissions: [
+    {
+      environmentId,
+      environmentType: EnvironmentType.development,
+      projectId: "proj_1",
+      projectName: "P",
+      permission: ApiKeyPermission.write,
+    },
+  ],
+};
+
+describe("DELETE /api/v3/surveys/[surveyId]", () => {
  beforeEach(() => {
    vi.resetAllMocks();
    getServerSession.mockResolvedValue({
@@ -129,159 +119,202 @@ describe("/api/v3/surveys/[surveyId]", () => {
      expires: "2026-01-01",
    } as any);
    mockAuthenticateRequest.mockResolvedValue(null);
-    vi.mocked(requireV3SurveyAccess).mockResolvedValue({
-      environmentId: workspaceId,
+    vi.mocked(getSurvey).mockResolvedValue({
+      id: surveyId,
+      name: "Delete me",
+      environmentId,
+      type: "link",
+      status: "draft",
+      createdAt: new Date("2026-04-15T10:00:00.000Z"),
+      updatedAt: new Date("2026-04-15T10:00:00.000Z"),
+      responseCount: 0,
+      creator: { name: "User" },
+      singleUse: null,
+    } as any);
+    vi.mocked(deleteSurvey).mockResolvedValue({
+      id: surveyId,
+      environmentId,
+      type: "link",
+      segment: null,
+      triggers: [],
+    } as any);
+    vi.mocked(requireV3WorkspaceAccess).mockResolvedValue({
+      environmentId,
      projectId: "proj_1",
      organizationId: "org_1",
-      survey: buildSurveyFixture(),
-    } as any);
-    vi.mocked(updateSurvey).mockResolvedValue(buildSurveyFixture("Updated survey"));
-    vi.mocked(deleteSurvey).mockResolvedValue(true);
-    vi.mocked(checkExternalUrlsPermission).mockResolvedValue(undefined);
-    vi.mocked(queueAuditEvent).mockResolvedValue(undefined);
+    });
  });

  afterEach(() => {
    vi.clearAllMocks();
  });

-  test("GET returns the survey resource", async () => {
-    const res = await GET(createRequest("GET", `http://localhost/api/v3/surveys/${surveyId}`), {
+  test("returns 401 when no session and no API key", async () => {
+    getServerSession.mockResolvedValue(null);
+    mockAuthenticateRequest.mockResolvedValue(null);
+
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`), {
      params: Promise.resolve({ surveyId }),
-    } as any);
+    } as never);
+
+    expect(res.status).toBe(401);
+    expect(vi.mocked(getSurvey)).not.toHaveBeenCalled();
+  });
+
+  test("returns 200 with session auth and deletes the survey", async () => {
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-delete"), {
+      params: Promise.resolve({ surveyId }),
+    } as never);

    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body.data.workspaceId).toBe(workspaceId);
-    expect(body.data).not.toHaveProperty("environmentId");
-    expect(requireV3SurveyAccess).toHaveBeenCalledWith(
+    expect(requireV3WorkspaceAccess).toHaveBeenCalledWith(
      expect.objectContaining({ user: expect.any(Object) }),
-      surveyId,
-      "read",
-      requestId,
+      environmentId,
+      "readWrite",
+      "req-delete",
+      `/api/v3/surveys/${surveyId}`
+    );
+    expect(deleteSurvey).toHaveBeenCalledWith(surveyId);
+    expect(await res.json()).toEqual({
+      data: {
+        id: surveyId,
+      },
+    });
+  });
+
+  test("returns 200 with x-api-key when the key can delete in the survey workspace", async () => {
+    getServerSession.mockResolvedValue(null);
+    mockAuthenticateRequest.mockResolvedValue(apiKeyAuth as any);
+
+    const res = await DELETE(
+      createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-api-key", {
+        "x-api-key": "fbk_test",
+      }),
+      {
+        params: Promise.resolve({ surveyId }),
+      } as never
+    );
+
+    expect(res.status).toBe(200);
+    expect(requireV3WorkspaceAccess).toHaveBeenCalledWith(
+      expect.objectContaining({ apiKeyId: "key_1" }),
+      environmentId,
+      "readWrite",
+      "req-api-key",
      `/api/v3/surveys/${surveyId}`
    );
  });

-  test("GET returns route parameter validation errors", async () => {
-    const res = await GET(createRequest("GET", "http://localhost/api/v3/surveys/not-valid"), {
-      params: Promise.resolve({ surveyId: "not-valid" }),
-    } as any);
+  test("returns 400 when surveyId is invalid", async () => {
+    const res = await DELETE(createRequest("http://localhost/api/v3/surveys/not-a-cuid"), {
+      params: Promise.resolve({ surveyId: "not-a-cuid" }),
+    } as never);

    expect(res.status).toBe(400);
-    expect(requireV3SurveyAccess).not.toHaveBeenCalled();
+    expect(vi.mocked(getSurvey)).not.toHaveBeenCalled();
  });

-  test("PATCH updates the survey and returns 200", async () => {
-    const res = await PATCH(
-      createRequest("PATCH", `http://localhost/api/v3/surveys/${surveyId}`, {
-        name: "Updated survey",
-      }),
-      { params: Promise.resolve({ surveyId }) } as any
+  test("returns 403 when the survey does not exist", async () => {
+    vi.mocked(getSurvey).mockResolvedValueOnce(null);
+
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`), {
+      params: Promise.resolve({ surveyId }),
+    } as never);
+
+    expect(res.status).toBe(403);
+    expect(deleteSurvey).not.toHaveBeenCalled();
+  });
+
+  test("returns 403 when the user lacks readWrite workspace access", async () => {
+    vi.mocked(requireV3WorkspaceAccess).mockResolvedValueOnce(
+      new Response(
+        JSON.stringify({
+          title: "Forbidden",
+          status: 403,
+          detail: "You are not authorized to access this resource",
+          requestId: "req-forbidden",
+        }),
+        { status: 403, headers: { "Content-Type": "application/problem+json" } }
+      )
    );

-    expect(res.status).toBe(200);
-    expect(requireV3SurveyAccess).toHaveBeenCalledWith(
-      expect.objectContaining({ user: expect.any(Object) }),
-      surveyId,
-      "readWrite",
-      requestId,
-      `/api/v3/surveys/${surveyId}`
-    );
-    expect(checkExternalUrlsPermission).toHaveBeenCalled();
-    expect(updateSurvey).toHaveBeenCalledWith(
-      expect.objectContaining({ id: surveyId, name: "Updated survey" })
-    );
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-forbidden"), {
+      params: Promise.resolve({ surveyId }),
+    } as never);
+
+    expect(res.status).toBe(403);
+    expect(deleteSurvey).not.toHaveBeenCalled();
    expect(queueAuditEvent).toHaveBeenCalledWith(
      expect.objectContaining({
-        action: "updated",
+        action: "deleted",
        targetType: "survey",
-        targetId: surveyId,
-        organizationId: "org_1",
-        status: "success",
+        targetId: "unknown",
+        organizationId: "unknown",
+        userId: "user_1",
+        userType: "user",
+        status: "failure",
+        oldObject: undefined,
      })
    );
  });

-  test("PATCH rejects immutable fields", async () => {
-    const res = await PATCH(
-      createRequest("PATCH", `http://localhost/api/v3/surveys/${surveyId}`, {
-        workspaceId: createId(),
-      }),
-      { params: Promise.resolve({ surveyId }) } as any
-    );
+  test("returns 500 when survey deletion fails", async () => {
+    vi.mocked(deleteSurvey).mockRejectedValueOnce(new DatabaseError("db down"));

-    expect(res.status).toBe(400);
-    const body = await res.json();
-    expect(body.invalid_params).toContainEqual({
-      name: "workspaceId",
-      reason: "Unsupported field",
-    });
-    expect(updateSurvey).not.toHaveBeenCalled();
-  });
-
-  test("PATCH returns 400 for an empty body", async () => {
-    const res = await PATCH(createRequest("PATCH", `http://localhost/api/v3/surveys/${surveyId}`, {}), {
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-db"), {
      params: Promise.resolve({ surveyId }),
-    } as any);
+    } as never);

-    expect(res.status).toBe(400);
+    expect(res.status).toBe(500);
+    const body = await res.json();
+    expect(body.code).toBe("internal_server_error");
  });

-  test("PATCH returns 403 when external url permission blocks the change", async () => {
-    vi.mocked(checkExternalUrlsPermission).mockRejectedValueOnce(
-      new OperationNotAllowedError("External URLs are not enabled")
-    );
+  test("returns 403 when the survey is deleted after authorization succeeds", async () => {
+    vi.mocked(deleteSurvey).mockRejectedValueOnce(new ResourceNotFoundError("Survey", surveyId));

-    const res = await PATCH(
-      createRequest("PATCH", `http://localhost/api/v3/surveys/${surveyId}`, {
-        name: "Blocked update",
-      }),
-      { params: Promise.resolve({ surveyId }) } as any
-    );
+    const res = await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-race"), {
+      params: Promise.resolve({ surveyId }),
+    } as never);

    expect(res.status).toBe(403);
-  });
-
-  test("PATCH propagates a not found response from survey auth", async () => {
-    vi.mocked(requireV3SurveyAccess).mockResolvedValueOnce(
-      new Response(
-        JSON.stringify({
-          title: "Not Found",
-          status: 404,
-          detail: "Survey not found",
-          requestId,
-        }),
-        { status: 404, headers: { "Content-Type": "application/problem+json" } }
-      )
-    );
-
-    const res = await PATCH(
-      createRequest("PATCH", `http://localhost/api/v3/surveys/${surveyId}`, {
-        name: "Missing survey",
-      }),
-      { params: Promise.resolve({ surveyId }) } as any
-    );
-
-    expect(res.status).toBe(404);
-    expect(updateSurvey).not.toHaveBeenCalled();
-  });
-
-  test("DELETE removes the survey and returns 204", async () => {
-    const res = await DELETE(createRequest("DELETE", `http://localhost/api/v3/surveys/${surveyId}`), {
-      params: Promise.resolve({ surveyId }),
-    } as any);
-
-    expect(res.status).toBe(204);
-    expect(deleteSurvey).toHaveBeenCalledWith(surveyId);
-    expect(res.headers.get("X-Request-Id")).toBe(requestId);
+    const body = await res.json();
+    expect(body.code).toBe("forbidden");
    expect(queueAuditEvent).toHaveBeenCalledWith(
      expect.objectContaining({
        action: "deleted",
        targetType: "survey",
        targetId: surveyId,
        organizationId: "org_1",
+        userId: "user_1",
+        userType: "user",
+        status: "failure",
+        oldObject: expect.objectContaining({
+          id: surveyId,
+          environmentId,
+        }),
+      })
+    );
+  });
+
+  test("queues an audit log with target, actor, organization, and old object", async () => {
+    await DELETE(createRequest(`http://localhost/api/v3/surveys/${surveyId}`, "req-audit"), {
+      params: Promise.resolve({ surveyId }),
+    } as never);
+
+    expect(queueAuditEvent).toHaveBeenCalledWith(
+      expect.objectContaining({
+        action: "deleted",
+        targetType: "survey",
+        targetId: surveyId,
+        organizationId: "org_1",
+        userId: "user_1",
+        userType: "user",
        status: "success",
+        oldObject: expect.objectContaining({
+          id: surveyId,
+          environmentId,
+        }),
      })
    );
  });
@@ -1,169 +1,72 @@
+import { z } from "zod";
 import { logger } from "@formbricks/logger";
-import {
-  DatabaseError,
-  InvalidInputError,
-  OperationNotAllowedError,
-  ValidationError,
-} from "@formbricks/types/errors";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { withV3ApiWrapper } from "@/app/api/v3/lib/api-wrapper";
-import { requireV3SurveyAccess } from "@/app/api/v3/lib/auth";
-import {
-  noContentResponse,
-  problemBadRequest,
-  problemForbidden,
-  problemInternalError,
-  successResponse,
-} from "@/app/api/v3/lib/response";
-import { updateSurvey } from "@/lib/survey/service";
-import { checkExternalUrlsPermission } from "@/modules/survey/editor/lib/check-external-urls-permission";
-import { deleteSurvey } from "@/modules/survey/list/lib/survey";
-import { applyV3SurveyPatch } from "../adapters";
-import { ZV3SurveyPatchBody, ZV3SurveyRouteParams } from "../schemas";
-import { serializeV3SurveyResource } from "../serializers";
+import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
+import { problemForbidden, problemInternalError, successResponse } from "@/app/api/v3/lib/response";
+import { getSurvey } from "@/lib/survey/service";
+import { deleteSurvey } from "@/modules/survey/lib/surveys";

-function handleSurveyMutationError(
-  error: unknown,
-  requestId: string,
-  instance: string,
-  action: string
-): Response {
-  const log = logger.withContext({ requestId });
-
-  if (error instanceof OperationNotAllowedError) {
-    log.warn({ statusCode: 403, errorCode: error.name }, `Survey ${action} forbidden`);
-    return problemForbidden(requestId, error.message, instance);
-  }
-
-  if (error instanceof InvalidInputError || error instanceof ValidationError) {
-    log.warn({ statusCode: 400, errorCode: error.name }, `Survey ${action} validation failed`);
-    return problemBadRequest(requestId, error.message, {
-      instance,
-    });
-  }
-
-  if (error instanceof DatabaseError) {
-    log.error({ error, statusCode: 500 }, `Database error during survey ${action}`);
-    return problemInternalError(requestId, "An unexpected error occurred.", instance);
-  }
-
-  log.error({ error, statusCode: 500 }, `V3 survey ${action} unexpected error`);
-  return problemInternalError(requestId, "An unexpected error occurred.", instance);
-}
-
-export const GET = withV3ApiWrapper({
+export const DELETE = withV3ApiWrapper({
  auth: "both",
+  action: "deleted",
+  targetType: "survey",
  schemas: {
-    params: ZV3SurveyRouteParams,
+    params: z.object({
+      surveyId: z.cuid2(),
+    }),
  },
-  handler: async ({ authentication, parsedInput, requestId, instance }) => {
-    const log = logger.withContext({ requestId, surveyId: parsedInput.params.surveyId });
+  handler: async ({ parsedInput, authentication, requestId, instance, auditLog }) => {
+    const surveyId = parsedInput.params.surveyId;
+    const log = logger.withContext({ requestId, surveyId });

    try {
-      const authResult = await requireV3SurveyAccess(
+      const survey = await getSurvey(surveyId);
+
+      if (!survey) {
+        log.warn({ statusCode: 403 }, "Survey not found or not accessible");
+        return problemForbidden(requestId, "You are not authorized to access this resource", instance);
+      }
+
+      const authResult = await requireV3WorkspaceAccess(
        authentication,
-        parsedInput.params.surveyId,
-        "read",
+        survey.environmentId,
+        "readWrite",
        requestId,
        instance
      );
+
      if (authResult instanceof Response) {
        return authResult;
      }

-      return successResponse(serializeV3SurveyResource(authResult.survey), {
-        requestId,
-        cache: "private, no-store",
-      });
+      if (auditLog) {
+        auditLog.targetId = survey.id;
+        auditLog.organizationId = authResult.organizationId;
+        auditLog.oldObject = survey;
+      }
+
+      const deletedSurvey = await deleteSurvey(surveyId);
+
+      return successResponse(
+        {
+          id: deletedSurvey.id,
+        },
+        { requestId }
+      );
    } catch (error) {
+      if (error instanceof ResourceNotFoundError) {
+        log.warn({ errorCode: error.name, statusCode: 403 }, "Survey not found or not accessible");
+        return problemForbidden(requestId, "You are not authorized to access this resource", instance);
+      }
+
      if (error instanceof DatabaseError) {
-        log.error({ error, statusCode: 500 }, "Database error during survey fetch");
+        log.error({ error, statusCode: 500 }, "Database error");
        return problemInternalError(requestId, "An unexpected error occurred.", instance);
      }

-      log.error({ error, statusCode: 500 }, "V3 survey fetch unexpected error");
+      log.error({ error, statusCode: 500 }, "V3 survey delete unexpected error");
      return problemInternalError(requestId, "An unexpected error occurred.", instance);
    }
  },
 });
-
-export const PATCH = withV3ApiWrapper({
-  auth: "both",
-  schemas: {
-    params: ZV3SurveyRouteParams,
-    body: ZV3SurveyPatchBody,
-  },
-  action: "updated",
-  targetType: "survey",
-  handler: async ({ authentication, parsedInput, requestId, instance, auditLog }) => {
-    try {
-      const authResult = await requireV3SurveyAccess(
-        authentication,
-        parsedInput.params.surveyId,
-        "readWrite",
-        requestId,
-        instance
-      );
-      if (authResult instanceof Response) {
-        return authResult;
-      }
-
-      const updatedSurveyInput = applyV3SurveyPatch(authResult.survey, parsedInput.body);
-      await checkExternalUrlsPermission(authResult.organizationId, updatedSurveyInput, authResult.survey);
-
-      const survey = await updateSurvey(updatedSurveyInput);
-      const serializedSurvey = serializeV3SurveyResource(survey);
-
-      if (auditLog) {
-        auditLog.organizationId = authResult.organizationId;
-        auditLog.targetId = survey.id;
-        auditLog.oldObject = serializeV3SurveyResource(authResult.survey);
-        auditLog.newObject = serializedSurvey;
-      }
-
-      return successResponse(serializedSurvey, {
-        requestId,
-        cache: "private, no-store",
-      });
-    } catch (error) {
-      return handleSurveyMutationError(error, requestId, instance, "update");
-    }
-  },
-});
-
-export const DELETE = withV3ApiWrapper({
-  auth: "both",
-  schemas: {
-    params: ZV3SurveyRouteParams,
-  },
-  action: "deleted",
-  targetType: "survey",
-  handler: async ({ authentication, parsedInput, requestId, instance, auditLog }) => {
-    try {
-      const authResult = await requireV3SurveyAccess(
-        authentication,
-        parsedInput.params.surveyId,
-        "readWrite",
-        requestId,
-        instance
-      );
-      if (authResult instanceof Response) {
-        return authResult;
-      }
-
-      await deleteSurvey(parsedInput.params.surveyId);
-
-      if (auditLog) {
-        auditLog.organizationId = authResult.organizationId;
-        auditLog.targetId = parsedInput.params.surveyId;
-        auditLog.oldObject = serializeV3SurveyResource(authResult.survey);
-      }
-
-      return noContentResponse({
-        requestId,
-        cache: "private, no-store",
-      });
-    } catch (error) {
-      return handleSurveyMutationError(error, requestId, instance, "delete");
-    }
-  },
-});
@@ -1,120 +0,0 @@
-import { createId } from "@paralleldrive/cuid2";
-import { describe, expect, test } from "vitest";
-import { ValidationError } from "@formbricks/types/errors";
-import { applyV3SurveyPatch, buildV3SurveyCreateInput, buildV3SurveyPreview } from "./adapters";
-
-const workspaceId = createId();
-const surveyId = createId();
-
-function buildCreateBody() {
-  return {
-    workspaceId,
-    name: "Adapter Survey",
-    blocks: [
-      {
-        id: createId(),
-        name: "Intro",
-        elements: [
-          {
-            id: "question_1",
-            type: "openText",
-            headline: { default: "What should we improve?" },
-            required: true,
-          },
-        ],
-      },
-    ],
-  };
-}
-
-describe("v3 survey adapters", () => {
-  test("buildV3SurveyCreateInput injects defaults and creator identity", () => {
-    const result = buildV3SurveyCreateInput(buildCreateBody(), "user_1");
-
-    expect(result.createdBy).toBe("user_1");
-    expect(result.type).toBe("link");
-    expect(result.status).toBe("draft");
-    expect(result.questions).toEqual([]);
-    expect(result.followUps).toEqual([]);
-    expect(result.hiddenFields).toEqual({ enabled: false });
-  });
-
-  test("buildV3SurveyPreview creates a full survey resource candidate", () => {
-    const createInput = buildV3SurveyCreateInput(buildCreateBody(), null);
-    const survey = buildV3SurveyPreview(workspaceId, createInput, surveyId);
-
-    expect(survey.id).toBe(surveyId);
-    expect(survey.environmentId).toBe(workspaceId);
-    expect(survey.createdBy).toBeNull();
-    expect(survey.name).toBe("Adapter Survey");
-    expect(survey.questions).toEqual([]);
-  });
-
-  test("buildV3SurveyCreateInput throws for invalid create payloads", () => {
-    expect(() =>
-      buildV3SurveyCreateInput(
-        {
-          ...buildCreateBody(),
-          blocks: [],
-        } as any,
-        "user_1"
-      )
-    ).toThrow(ValidationError);
-  });
-
-  test("buildV3SurveyPreview throws when the generated survey candidate is invalid", () => {
-    expect(() =>
-      buildV3SurveyPreview(
-        workspaceId,
-        {
-          ...buildV3SurveyCreateInput(buildCreateBody(), "user_1"),
-          blocks: [],
-        } as any,
-        surveyId
-      )
-    ).toThrow(ValidationError);
-  });
-
-  test("applyV3SurveyPatch replaces nested subtrees and preserves omitted top-level fields", () => {
-    const currentSurvey = buildV3SurveyPreview(
-      workspaceId,
-      buildV3SurveyCreateInput(
-        {
-          ...buildCreateBody(),
-          welcomeCard: {
-            enabled: true,
-            headline: { default: "Welcome" },
-          },
-        },
-        "user_1"
-      ),
-      surveyId
-    );
-
-    const updatedSurvey = applyV3SurveyPatch(currentSurvey, {
-      name: "Patched Survey",
-      welcomeCard: {
-        enabled: false,
-      },
-    });
-
-    expect(updatedSurvey.name).toBe("Patched Survey");
-    expect(updatedSurvey.status).toBe(currentSurvey.status);
-    expect(updatedSurvey.blocks).toEqual(currentSurvey.blocks);
-    expect(updatedSurvey.welcomeCard).toEqual({
-      enabled: false,
-      timeToFinish: true,
-      showResponseCount: false,
-    });
-  });
-
-  test("applyV3SurveyPatch throws when a patch would make the survey invalid", () => {
-    const currentSurvey = buildV3SurveyPreview(
-      workspaceId,
-      buildV3SurveyCreateInput(buildCreateBody(), "user_1"),
-      surveyId
-    );
-
-    expect(() => applyV3SurveyPatch(currentSurvey, { blocks: [] })).toThrow(ValidationError);
-  });
-});
@@ -1,146 +0,0 @@
-import { createId } from "@paralleldrive/cuid2";
-import { z } from "zod";
-import { ValidationError } from "@formbricks/types/errors";
-import { TSurvey, TSurveyCreateInput, ZSurvey, ZSurveyCreateInput } from "@formbricks/types/surveys/types";
-import type { TV3SurveyCreateBody, TV3SurveyPatchBody } from "./schemas";
-
-const V3_SURVEY_SYSTEM_DEFAULTS = {
-  displayOption: "displayOnce",
-  autoClose: null,
-  triggers: [],
-  recontactDays: null,
-  displayLimit: null,
-  questions: [],
-  followUps: [],
-  delay: 0,
-  autoComplete: null,
-  projectOverwrites: null,
-  styling: null,
-  showLanguageSwitch: null,
-  surveyClosedMessage: null,
-  segment: null,
-  singleUse: null,
-  isVerifyEmailEnabled: false,
-  recaptcha: null,
-  isSingleResponsePerEmailEnabled: false,
-  isBackButtonHidden: false,
-  isAutoProgressingEnabled: false,
-  isCaptureIpEnabled: false,
-  pin: null,
-  displayPercentage: null,
-  languages: [],
-  metadata: {},
-  slug: null,
-  customHeadScripts: null,
-  customHeadScriptsMode: null,
-} satisfies Omit<
-  TSurvey,
-  | "id"
-  | "createdAt"
-  | "updatedAt"
-  | "environmentId"
-  | "createdBy"
-  | "name"
-  | "type"
-  | "status"
-  | "welcomeCard"
-  | "blocks"
-  | "endings"
-  | "hiddenFields"
-  | "variables"
->;
-
-function formatValidationError(error: z.ZodError): string {
-  return error.issues
-    .map((issue) => {
-      const path = issue.path.length > 0 ? `${issue.path.join(".")}: ` : "";
-      return `${path}${issue.message}`;
-    })
-    .join("; ");
-}
-
-function toValidationError(error: z.ZodError): ValidationError {
-  return new ValidationError(formatValidationError(error));
-}
-
-export function normalizeV3SurveyCreateInput(
-  body: TV3SurveyCreateBody,
-  createdBy: string | null
-): TSurveyCreateInput {
-  return {
-    ...V3_SURVEY_SYSTEM_DEFAULTS,
-    name: body.name,
-    type: body.type ?? "link",
-    status: body.status ?? "draft",
-    welcomeCard: body.welcomeCard ?? {
-      enabled: false,
-    },
-    blocks: body.blocks,
-    endings: body.endings ?? [],
-    hiddenFields: body.hiddenFields ?? { enabled: false },
-    variables: body.variables ?? [],
-    createdBy,
-  };
-}
-
-export function buildV3SurveyCreateInput(
-  body: TV3SurveyCreateBody,
-  createdBy: string | null
-): TSurveyCreateInput {
-  const input = normalizeV3SurveyCreateInput(body, createdBy);
-  const result = ZSurveyCreateInput.safeParse(input);
-
-  if (!result.success) {
-    throw toValidationError(result.error);
-  }
-
-  return result.data;
-}
-
-export function buildV3SurveyPreview(
-  environmentId: string,
-  createInput: TSurveyCreateInput,
-  surveyId = createId()
-): TSurvey {
-  const now = new Date();
-  const surveyCandidate: TSurvey = {
-    ...V3_SURVEY_SYSTEM_DEFAULTS,
-    id: surveyId,
-    createdAt: now,
-    updatedAt: now,
-    environmentId,
-    createdBy: createInput.createdBy ?? null,
-    name: createInput.name,
-    type: createInput.type ?? "link",
-    status: createInput.status ?? "draft",
-    welcomeCard: createInput.welcomeCard ?? {
-      enabled: false,
-    },
-    blocks: createInput.blocks ?? [],
-    endings: createInput.endings ?? [],
-    hiddenFields: createInput.hiddenFields ?? { enabled: false },
-    variables: createInput.variables ?? [],
-  };
-
-  const result = ZSurvey.safeParse(surveyCandidate);
-  if (!result.success) {
-    throw toValidationError(result.error);
-  }
-
-  return result.data;
-}
-
-export function applyV3SurveyPatch(currentSurvey: TSurvey, patch: TV3SurveyPatchBody): TSurvey {
-  const mergedSurvey: TSurvey = {
-    ...currentSurvey,
-    ...patch,
-    updatedAt: new Date(),
-  };
-
-  const result = ZSurvey.safeParse(mergedSurvey);
-  if (!result.success) {
-    throw toValidationError(result.error);
-  }
-
-  return result.data;
-}
@@ -34,7 +34,7 @@ describe("parseV3SurveysListQuery", () => {
      expect(r.invalid_params[0]).toEqual({
        name: "foo",
        reason:
-          "Unsupported query parameter. Use only workspaceId, limit, cursor, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
+          "Unsupported query parameter. Use only workspaceId, limit, cursor, includeTotalCount, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
      });
  });

@@ -45,7 +45,7 @@ describe("parseV3SurveysListQuery", () => {
      expect(r.invalid_params[0]).toEqual({
        name: "after",
        reason:
-          "Unsupported query parameter. Use only workspaceId, limit, cursor, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
+          "Unsupported query parameter. Use only workspaceId, limit, cursor, includeTotalCount, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
      });
    }
  });
@@ -57,7 +57,7 @@ describe("parseV3SurveysListQuery", () => {
      expect(r.invalid_params[0]).toEqual({
        name: "name",
        reason:
-          "Unsupported query parameter. Use only workspaceId, limit, cursor, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
+          "Unsupported query parameter. Use only workspaceId, limit, cursor, includeTotalCount, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
      });
    }
  });
@@ -68,11 +68,20 @@ describe("parseV3SurveysListQuery", () => {
    if (r.ok) {
      expect(r.limit).toBe(20);
      expect(r.cursor).toBeNull();
+      expect(r.includeTotalCount).toBe(true);
      expect(r.sortBy).toBe("updatedAt");
      expect(r.filterCriteria).toBeUndefined();
    }
  });

+  test("parses includeTotalCount=false", () => {
+    const r = parseV3SurveysListQuery(params(`workspaceId=${wid}&includeTotalCount=false`));
+    expect(r.ok).toBe(true);
+    if (r.ok) {
+      expect(r.includeTotalCount).toBe(false);
+    }
+  });
+
  test("builds filter from explicit operator params", () => {
    const r = parseV3SurveysListQuery(
      params(
@@ -102,7 +111,7 @@ describe("parseV3SurveysListQuery", () => {
      expect(r.invalid_params[0]).toEqual({
        name: "filter[createdBy][in]",
        reason:
-          "Unsupported query parameter. Use only workspaceId, limit, cursor, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
+          "Unsupported query parameter. Use only workspaceId, limit, cursor, includeTotalCount, filter[name][contains], filter[status][in], filter[type][in], sortBy.",
      });
    }
  });
@@ -28,6 +28,7 @@ const SUPPORTED_QUERY_PARAMS = [
  "workspaceId",
  "limit",
  "cursor",
+  "includeTotalCount",
  FILTER_NAME_CONTAINS_QUERY_PARAM,
  FILTER_STATUS_IN_QUERY_PARAM,
  FILTER_TYPE_IN_QUERY_PARAM,
@@ -53,6 +54,11 @@ const ZV3SurveysListQuery = z.object({
  workspaceId: ZId,
  limit: z.coerce.number().int().min(1).max(V3_SURVEYS_MAX_LIMIT).default(V3_SURVEYS_DEFAULT_LIMIT),
  cursor: z.string().min(1).optional(),
+  includeTotalCount: z
+    .enum(["true", "false"])
+    .optional()
+    .transform((value) => value !== "false")
+    .default(true),
  [FILTER_NAME_CONTAINS_QUERY_PARAM]: z
    .string()
    .max(512)
@@ -71,6 +77,7 @@ export type TV3SurveysListQueryParseResult =
      workspaceId: string;
      limit: number;
      cursor: TSurveyListPageCursor | null;
+      includeTotalCount: boolean;
      sortBy: TSurveyListSort;
      filterCriteria: TSurveyFilterCriteria | undefined;
    }
@@ -111,6 +118,7 @@ export function parseV3SurveysListQuery(searchParams: URLSearchParams): TV3Surve
    workspaceId: searchParams.get("workspaceId"),
    limit: searchParams.get("limit") ?? undefined,
    cursor: searchParams.get("cursor")?.trim() || undefined,
+    includeTotalCount: searchParams.get("includeTotalCount")?.trim() || undefined,
    [FILTER_NAME_CONTAINS_QUERY_PARAM]: searchParams.get(FILTER_NAME_CONTAINS_QUERY_PARAM) ?? undefined,
    [FILTER_STATUS_IN_QUERY_PARAM]: statusVals.length > 0 ? statusVals : undefined,
    [FILTER_TYPE_IN_QUERY_PARAM]: typeVals.length > 0 ? typeVals : undefined,
@@ -153,6 +161,7 @@ export function parseV3SurveysListQuery(searchParams: URLSearchParams): TV3Surve
    workspaceId: q.workspaceId,
    limit: q.limit,
    cursor,
+    includeTotalCount: q.includeTotalCount,
    sortBy,
    filterCriteria: buildFilterCriteria(q),
  };
@@ -1,17 +1,11 @@
-import { createId } from "@paralleldrive/cuid2";
 import { ApiKeyPermission, EnvironmentType } from "@prisma/client";
 import { NextRequest } from "next/server";
 import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-import { DatabaseError, OperationNotAllowedError, ResourceNotFoundError } from "@formbricks/types/errors";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
-import { createSurvey } from "@/lib/survey/service";
-import { queueAuditEvent } from "@/modules/ee/audit-logs/lib/handler";
-import { checkExternalUrlsPermission } from "@/modules/survey/editor/lib/check-external-urls-permission";
 import { getSurveyCount } from "@/modules/survey/list/lib/survey";
-import { getSurveyListPage } from "@/modules/survey/list/lib/survey-page";
-import { buildV3SurveyCreateInput, buildV3SurveyPreview } from "./adapters";
-import { GET, POST } from "./route";
-import { ZV3SurveyCreateBody } from "./schemas";
+import { encodeSurveyListPageCursor, getSurveyListPage } from "@/modules/survey/list/lib/survey-page";
+import { GET } from "./route";

 const { mockAuthenticateRequest } = vi.hoisted(() => ({
  mockAuthenticateRequest: vi.fn(),
@@ -40,22 +34,6 @@ vi.mock("@/app/api/v3/lib/auth", () => ({
  requireV3WorkspaceAccess: vi.fn(),
 }));

-vi.mock("@/lib/survey/service", () => ({
-  createSurvey: vi.fn(),
-}));
-
-vi.mock("@/modules/survey/editor/lib/check-external-urls-permission", () => ({
-  checkExternalUrlsPermission: vi.fn(),
-}));
-
-vi.mock("@/modules/ee/audit-logs/lib/handler", async (importOriginal) => {
-  const actual = await importOriginal<typeof import("@/modules/ee/audit-logs/lib/handler")>();
-  return {
-    ...actual,
-    queueAuditEvent: vi.fn(),
-  };
-});
-
 vi.mock("@/modules/survey/list/lib/survey-page", async (importOriginal) => {
  const actual = await importOriginal<typeof import("@/modules/survey/list/lib/survey-page")>();
  return {
@@ -85,27 +63,6 @@ const getServerSession = vi.mocked((await import("next-auth")).getServerSession)

 const validWorkspaceId = "clxx1234567890123456789012";
 const resolvedEnvironmentId = "clzz9876543210987654321098";
-const surveyId = "clsv1234567890123456789012";
-
-const createBody = {
-  workspaceId: validWorkspaceId,
-  name: "API Survey",
-  blocks: [
-    {
-      id: createId(),
-      name: "Intro",
-      elements: [
-        {
-          id: "question_1",
-          type: "openText",
-          headline: { default: "How can we help?" },
-          required: true,
-        },
-      ],
-    },
-  ],
-};
-const parsedCreateBody = ZV3SurveyCreateBody.parse(createBody);

 function createRequest(url: string, requestId?: string, extraHeaders?: Record<string, string>): NextRequest {
  const headers: Record<string, string> = { ...extraHeaders };
@@ -167,15 +124,6 @@ describe("GET /api/v3/surveys", () => {
    });
    vi.mocked(getSurveyListPage).mockResolvedValue({ surveys: [], nextCursor: null });
    vi.mocked(getSurveyCount).mockResolvedValue(0);
-    vi.mocked(checkExternalUrlsPermission).mockResolvedValue(undefined);
-    vi.mocked(queueAuditEvent).mockResolvedValue(undefined);
-    vi.mocked(createSurvey).mockResolvedValue(
-      buildV3SurveyPreview(
-        resolvedEnvironmentId,
-        buildV3SurveyCreateInput(parsedCreateBody, "user_1"),
-        surveyId
-      )
-    );
  });

  afterEach(() => {
@@ -309,6 +257,29 @@ describe("GET /api/v3/surveys", () => {
    expect(getSurveyCount).toHaveBeenCalledWith(resolvedEnvironmentId, undefined);
  });

+  test("skips totalCount when includeTotalCount=false", async () => {
+    vi.mocked(getSurveyListPage).mockResolvedValue({
+      surveys: [],
+      nextCursor: null,
+    });
+    const cursor = encodeSurveyListPageCursor({
+      version: 1,
+      sortBy: "updatedAt",
+      value: "2026-04-15T10:00:00.000Z",
+      id: "survey_1",
+    });
+
+    const req = createRequest(
+      `http://localhost/api/v3/surveys?workspaceId=${validWorkspaceId}&cursor=${cursor}&includeTotalCount=false`
+    );
+    const res = await GET(req, {} as any);
+
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.meta).toEqual({ limit: 20, nextCursor: null, totalCount: null });
+    expect(getSurveyCount).not.toHaveBeenCalled();
+  });
+
  test("passes filter query to getSurveyListPage", async () => {
    const filterCriteria = { status: ["inProgress"] };
    const req = createRequest(
@@ -373,11 +344,11 @@ describe("GET /api/v3/surveys", () => {
    const res = await GET(req, {} as any);
    const body = await res.json();
    expect(body.data[0]).not.toHaveProperty("blocks");
-    expect(body.data[0]).not.toHaveProperty("singleUse");
    expect(body.data[0]).not.toHaveProperty("_count");
    expect(body.data[0]).not.toHaveProperty("environmentId");
    expect(body.data[0].id).toBe("s1");
    expect(body.data[0].workspaceId).toBe("env_1");
+    expect(body.data[0].singleUse).toBeNull();
  });

  test("returns 403 when getSurveyListPage throws ResourceNotFoundError", async () => {
@@ -407,109 +378,3 @@ describe("GET /api/v3/surveys", () => {
    expect(body.code).toBe("internal_server_error");
  });
 });
-
-describe("POST /api/v3/surveys", () => {
-  beforeEach(() => {
-    vi.resetAllMocks();
-    getServerSession.mockResolvedValue({
-      user: { id: "user_1", name: "User", email: "u@example.com" },
-      expires: "2026-01-01",
-    } as any);
-    mockAuthenticateRequest.mockResolvedValue(null);
-    vi.mocked(requireV3WorkspaceAccess).mockResolvedValue({
-      environmentId: resolvedEnvironmentId,
-      projectId: "proj_1",
-      organizationId: "org_1",
-    } as any);
-    vi.mocked(checkExternalUrlsPermission).mockResolvedValue(undefined);
-    vi.mocked(queueAuditEvent).mockResolvedValue(undefined);
-    vi.mocked(createSurvey).mockResolvedValue(
-      buildV3SurveyPreview(
-        resolvedEnvironmentId,
-        buildV3SurveyCreateInput(parsedCreateBody, "user_1"),
-        surveyId
-      )
-    );
-  });
-
-  afterEach(() => {
-    vi.clearAllMocks();
-  });
-
-  test("creates a survey and returns 201 with location header", async () => {
-    const requestId = "req-create";
-    const req = new NextRequest("http://localhost/api/v3/surveys", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "x-request-id": requestId,
-      },
-      body: JSON.stringify(createBody),
-    });
-
-    const res = await POST(req, {} as any);
-
-    expect(res.status).toBe(201);
-    expect(res.headers.get("Location")).toBe(`/api/v3/surveys/${surveyId}`);
-    expect(res.headers.get("X-Request-Id")).toBe(requestId);
-    expect(requireV3WorkspaceAccess).toHaveBeenCalledWith(
-      expect.objectContaining({ user: expect.any(Object) }),
-      validWorkspaceId,
-      "readWrite",
-      requestId,
-      "/api/v3/surveys"
-    );
-    expect(checkExternalUrlsPermission).toHaveBeenCalled();
-    expect(createSurvey).toHaveBeenCalledWith(
-      resolvedEnvironmentId,
-      buildV3SurveyCreateInput(parsedCreateBody, "user_1")
-    );
-    expect(queueAuditEvent).toHaveBeenCalledWith(
-      expect.objectContaining({
-        action: "created",
-        targetType: "survey",
-        organizationId: "org_1",
-        targetId: surveyId,
-        status: "success",
-      })
-    );
-  });
-
-  test("returns 400 when unsupported top-level fields are provided", async () => {
-    const req = new NextRequest("http://localhost/api/v3/surveys", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify({
-        ...createBody,
-        questions: [],
-      }),
-    });
-
-    const res = await POST(req, {} as any);
-    expect(res.status).toBe(400);
-    const body = await res.json();
-    expect(body.invalid_params).toContainEqual({
-      name: "questions",
-      reason: "Unsupported field",
-    });
-    expect(createSurvey).not.toHaveBeenCalled();
-  });
-
-  test("returns 403 when external url permission blocks creation", async () => {
-    vi.mocked(checkExternalUrlsPermission).mockRejectedValueOnce(
-      new OperationNotAllowedError("External URLs are not enabled")
-    );
-    const req = new NextRequest("http://localhost/api/v3/surveys", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify(createBody),
-    });
-
-    const res = await POST(req, {} as any);
-    expect(res.status).toBe(403);
-  });
-});
@@ -1,31 +1,21 @@
 /**
- * /api/v3/surveys — list and create surveys for a workspace.
+ * GET /api/v3/surveys — list surveys for a workspace.
+ * Session cookie or x-api-key; scope by workspaceId only.
 */
 import { logger } from "@formbricks/logger";
-import {
-  DatabaseError,
-  InvalidInputError,
-  OperationNotAllowedError,
-  ResourceNotFoundError,
-  ValidationError,
-} from "@formbricks/types/errors";
+import { DatabaseError, ResourceNotFoundError } from "@formbricks/types/errors";
 import { withV3ApiWrapper } from "@/app/api/v3/lib/api-wrapper";
 import { requireV3WorkspaceAccess } from "@/app/api/v3/lib/auth";
 import {
-  createdResponse,
  problemBadRequest,
  problemForbidden,
  problemInternalError,
  successListResponse,
 } from "@/app/api/v3/lib/response";
-import { createSurvey } from "@/lib/survey/service";
-import { checkExternalUrlsPermission } from "@/modules/survey/editor/lib/check-external-urls-permission";
 import { getSurveyCount } from "@/modules/survey/list/lib/survey";
 import { getSurveyListPage } from "@/modules/survey/list/lib/survey-page";
-import { buildV3SurveyCreateInput, buildV3SurveyPreview } from "./adapters";
 import { parseV3SurveysListQuery } from "./parse-v3-surveys-list-query";
-import { ZV3SurveyCreateBody } from "./schemas";
-import { serializeV3SurveyListItem, serializeV3SurveyResource } from "./serializers";
+import { serializeV3SurveyListItem } from "./serializers";

 export const GET = withV3ApiWrapper({
  auth: "both",
@@ -56,21 +46,22 @@ export const GET = withV3ApiWrapper({

      const { environmentId } = authResult;

-      const [{ surveys, nextCursor }, totalCount] = await Promise.all([
-        getSurveyListPage(environmentId, {
-          limit: parsed.limit,
-          cursor: parsed.cursor,
-          sortBy: parsed.sortBy,
-          filterCriteria: parsed.filterCriteria,
-        }),
-        getSurveyCount(environmentId, parsed.filterCriteria),
-      ]);
+      const surveyPagePromise = getSurveyListPage(environmentId, {
+        limit: parsed.limit,
+        cursor: parsed.cursor,
+        sortBy: parsed.sortBy,
+        filterCriteria: parsed.filterCriteria,
+      });
+      const totalCountPromise = parsed.includeTotalCount
+        ? getSurveyCount(environmentId, parsed.filterCriteria)
+        : Promise.resolve(null);
+      const [surveyPage, totalCount] = await Promise.all([surveyPagePromise, totalCountPromise]);

      return successListResponse(
-        surveys.map(serializeV3SurveyListItem),
+        surveyPage.surveys.map(serializeV3SurveyListItem),
        {
          limit: parsed.limit,
-          nextCursor,
+          nextCursor: surveyPage.nextCursor,
          totalCount,
        },
        { requestId, cache: "private, no-store" }
@@ -89,75 +80,3 @@ export const GET = withV3ApiWrapper({
    }
  },
 });
-
-export const POST = withV3ApiWrapper({
-  auth: "both",
-  schemas: {
-    body: ZV3SurveyCreateBody,
-  },
-  action: "created",
-  targetType: "survey",
-  handler: async ({ authentication, parsedInput, requestId, instance, auditLog }) => {
-    const log = logger.withContext({ requestId });
-
-    try {
-      const authResult = await requireV3WorkspaceAccess(
-        authentication,
-        parsedInput.body.workspaceId,
-        "readWrite",
-        requestId,
-        instance
-      );
-      if (authResult instanceof Response) {
-        return authResult;
-      }
-
-      const createdBy =
-        authentication && "user" in authentication && authentication.user?.id ? authentication.user.id : null;
-      const createInput = buildV3SurveyCreateInput(parsedInput.body, createdBy);
-      const surveyPreview = buildV3SurveyPreview(authResult.environmentId, createInput);
-
-      await checkExternalUrlsPermission(authResult.organizationId, surveyPreview, null);
-
-      const survey = await createSurvey(authResult.environmentId, createInput);
-      const serializedSurvey = serializeV3SurveyResource(survey);
-
-      if (auditLog) {
-        auditLog.organizationId = authResult.organizationId;
-        auditLog.targetId = survey.id;
-        auditLog.newObject = serializedSurvey;
-      }
-
-      return createdResponse(serializedSurvey, {
-        requestId,
-        cache: "private, no-store",
-        location: `/api/v3/surveys/${survey.id}`,
-      });
-    } catch (error) {
-      if (error instanceof OperationNotAllowedError) {
-        log.warn({ statusCode: 403, errorCode: error.name }, "Survey creation forbidden");
-        return problemForbidden(requestId, error.message, instance);
-      }
-
-      if (error instanceof InvalidInputError || error instanceof ValidationError) {
-        log.warn({ statusCode: 400, errorCode: error.name }, "Survey creation validation failed");
-        return problemBadRequest(requestId, error.message, {
-          instance,
-        });
-      }
-
-      if (error instanceof DatabaseError) {
-        log.error({ error, statusCode: 500 }, "Database error during survey creation");
-        return problemInternalError(requestId, "An unexpected error occurred.", instance);
-      }
-
-      if (error instanceof ResourceNotFoundError) {
-        log.error({ error, statusCode: 500 }, "Missing resource during survey creation");
-        return problemInternalError(requestId, "An unexpected error occurred.", instance);
-      }
-
-      log.error({ error, statusCode: 500 }, "V3 survey create unexpected error");
-      return problemInternalError(requestId, "An unexpected error occurred.", instance);
-    }
-  },
-});
@@ -1,163 +0,0 @@
-import { createId } from "@paralleldrive/cuid2";
-import { describe, expect, test } from "vitest";
-import { ZV3SurveyCreateBody, ZV3SurveyPatchBody } from "./schemas";
-
-const workspaceId = createId();
-
-function buildCreateBody() {
-  return {
-    workspaceId,
-    name: "Schema Survey",
-    blocks: [
-      {
-        id: createId(),
-        name: "Intro",
-        elements: [
-          {
-            id: "question_1",
-            type: "openText",
-            headline: { default: "How did it go?" },
-            required: true,
-          },
-        ],
-      },
-    ],
-  };
-}
-
-describe("v3 survey schemas", () => {
-  test("applies public defaults for create requests", () => {
-    const result = ZV3SurveyCreateBody.parse(buildCreateBody());
-
-    expect(result.type).toBe("link");
-    expect(result.status).toBe("draft");
-    expect(result.welcomeCard).toEqual({
-      enabled: false,
-      timeToFinish: true,
-      showResponseCount: false,
-    });
-    expect(result.endings).toEqual([]);
-    expect(result.hiddenFields).toEqual({ enabled: false });
-    expect(result.variables).toEqual([]);
-  });
-
-  test("rejects unsupported create fields", () => {
-    const result = ZV3SurveyCreateBody.safeParse({
-      ...buildCreateBody(),
-      questions: [],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(result.error.issues.some((issue) => issue.code === "unrecognized_keys")).toBe(true);
-    }
-  });
-
-  test("rejects invalid nested block logic on create", () => {
-    const missingTarget = createId();
-    const result = ZV3SurveyCreateBody.safeParse({
-      ...buildCreateBody(),
-      blocks: [
-        {
-          id: createId(),
-          name: "Logic block",
-          elements: [
-            {
-              id: "question_1",
-              type: "openText",
-              headline: { default: "How did it go?" },
-              required: true,
-            },
-          ],
-          logic: [
-            {
-              id: createId(),
-              conditions: {
-                id: createId(),
-                connector: "and",
-                conditions: [
-                  {
-                    id: createId(),
-                    leftOperand: {
-                      type: "element",
-                      value: "question_1",
-                    },
-                    operator: "isSubmitted",
-                  },
-                ],
-              },
-              actions: [
-                {
-                  id: createId(),
-                  objective: "jumpToBlock",
-                  target: missingTarget,
-                },
-              ],
-            },
-          ],
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(result.error.issues.some((issue) => issue.path.join(".").includes("blocks"))).toBe(true);
-    }
-  });
-
-  test("rejects invalid hidden field identifiers", () => {
-    const result = ZV3SurveyCreateBody.safeParse({
-      ...buildCreateBody(),
-      hiddenFields: {
-        enabled: true,
-        fieldIds: ["userId", "bad field"],
-      },
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(result.error.issues.some((issue) => issue.path.join(".").includes("hiddenFields"))).toBe(true);
-    }
-  });
-
-  test("rejects invalid variable names", () => {
-    const result = ZV3SurveyCreateBody.safeParse({
-      ...buildCreateBody(),
-      variables: [
-        {
-          id: createId(),
-          name: "Bad-Variable",
-          type: "text",
-        },
-      ],
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(result.error.issues.some((issue) => issue.path.join(".").includes("variables"))).toBe(true);
-    }
-  });
-
-  test("accepts strict top-level partial patch requests", () => {
-    const result = ZV3SurveyPatchBody.parse({
-      name: "Updated name",
-      status: "inProgress",
-    });
-
-    expect(result).toEqual({
-      name: "Updated name",
-      status: "inProgress",
-    });
-  });
-
-  test("rejects immutable patch fields", () => {
-    const result = ZV3SurveyPatchBody.safeParse({
-      id: createId(),
-    });
-
-    expect(result.success).toBe(false);
-    if (!result.success) {
-      expect(result.error.issues.some((issue) => issue.code === "unrecognized_keys")).toBe(true);
-    }
-  });
-});
@@ -1,157 +0,0 @@
-import { z } from "zod";
-import { ZEndingCardUrl, ZId, ZStorageUrl } from "@formbricks/types/common";
-import { ZI18nString } from "@formbricks/types/i18n";
-import { ZSurveyBlocks } from "@formbricks/types/surveys/blocks";
-import { ZSurveyCreateInput, ZSurveyStatus, ZSurveyType } from "@formbricks/types/surveys/types";
-import { FORBIDDEN_IDS } from "@formbricks/types/surveys/validation";
-import { normalizeV3SurveyCreateInput } from "./adapters";
-
-const ZV3SurveyEndScreen = z.strictObject({
-  id: z.cuid2(),
-  type: z.literal("endScreen"),
-  headline: ZI18nString.optional(),
-  subheader: ZI18nString.optional(),
-  buttonLabel: ZI18nString.optional(),
-  buttonLink: ZEndingCardUrl.optional(),
-  imageUrl: ZStorageUrl.optional(),
-  videoUrl: ZStorageUrl.optional(),
-});
-
-const ZV3SurveyRedirectEnding = z.strictObject({
-  id: z.cuid2(),
-  type: z.literal("redirectToUrl"),
-  url: ZEndingCardUrl.optional(),
-  label: z.string().optional(),
-});
-
-const ZV3SurveyEndings = z.array(z.union([ZV3SurveyEndScreen, ZV3SurveyRedirectEnding]));
-
-const ZV3SurveyWelcomeCard = z
-  .strictObject({
-    enabled: z.boolean(),
-    headline: ZI18nString.optional(),
-    subheader: ZI18nString.optional(),
-    fileUrl: ZStorageUrl.optional(),
-    buttonLabel: ZI18nString.optional(),
-    timeToFinish: z.boolean().prefault(true),
-    showResponseCount: z.boolean().prefault(false),
-    videoUrl: ZStorageUrl.optional(),
-  })
-  .refine((value) => !(value.enabled && !value.headline), {
-    error: "Welcome card must have a headline",
-  });
-
-const ZV3HiddenFieldId = z.string().superRefine((field, ctx) => {
-  if (FORBIDDEN_IDS.includes(field)) {
-    ctx.addIssue({
-      code: "custom",
-      message: "Hidden field id is not allowed",
-    });
-  }
-
-  if (field.includes(" ")) {
-    ctx.addIssue({
-      code: "custom",
-      message: "Hidden field id not allowed, avoid using spaces.",
-    });
-  }
-
-  if (!/^[a-zA-Z0-9_-]+$/.test(field)) {
-    ctx.addIssue({
-      code: "custom",
-      message: "Hidden field id not allowed, use only alphanumeric characters, hyphens, or underscores.",
-    });
-  }
-});
-
-const ZV3SurveyHiddenFields = z.strictObject({
-  enabled: z.boolean(),
-  fieldIds: z.array(ZV3HiddenFieldId).optional(),
-});
-
-const ZV3SurveyVariable = z
-  .discriminatedUnion("type", [
-    z.strictObject({
-      id: z.cuid2(),
-      name: z.string(),
-      type: z.literal("number"),
-      value: z.number().prefault(0),
-    }),
-    z.strictObject({
-      id: z.cuid2(),
-      name: z.string(),
-      type: z.literal("text"),
-      value: z.string().prefault(""),
-    }),
-  ])
-  .superRefine((value, ctx) => {
-    if (!/^[a-z0-9_]+$/.test(value.name)) {
-      ctx.addIssue({
-        code: "custom",
-        message: "Variable name can only contain lowercase letters, numbers, and underscores",
-        path: ["name"],
-      });
-    }
-  });
-
-const ZV3SurveyVariables = z.array(ZV3SurveyVariable);
-
-function addCreateInputIssues(body: TV3SurveyCreateBody, ctx: z.RefinementCtx): void {
-  const result = ZSurveyCreateInput.safeParse(normalizeV3SurveyCreateInput(body, null));
-  if (result.success) {
-    return;
-  }
-
-  for (const issue of result.error.issues) {
-    ctx.addIssue(issue as any);
-  }
-}
-
-export const ZV3SurveyCreateBody = z
-  .strictObject({
-    workspaceId: ZId,
-    name: z.string().trim().min(1),
-    type: ZSurveyType.default("link"),
-    status: ZSurveyStatus.default("draft"),
-    welcomeCard: ZV3SurveyWelcomeCard.prefault({
-      enabled: false,
-    }),
-    blocks: ZSurveyBlocks.min(1, {
-      error: "Survey must have at least one block",
-    }),
-    endings: ZV3SurveyEndings.default([]),
-    hiddenFields: ZV3SurveyHiddenFields.prefault({
-      enabled: false,
-    }),
-    variables: ZV3SurveyVariables.default([]),
-  })
-  .superRefine(addCreateInputIssues);
-
-export const ZV3SurveyPatchBody = z
-  .strictObject({
-    name: z.string().trim().min(1).optional(),
-    type: ZSurveyType.optional(),
-    status: ZSurveyStatus.optional(),
-    welcomeCard: ZV3SurveyWelcomeCard.optional(),
-    blocks: ZSurveyBlocks.optional(),
-    endings: ZV3SurveyEndings.optional(),
-    hiddenFields: ZV3SurveyHiddenFields.optional(),
-    variables: ZV3SurveyVariables.optional(),
-  })
-  .superRefine((body, ctx) => {
-    if (Object.keys(body).length === 0) {
-      ctx.addIssue({
-        code: "custom",
-        message: "Request body must include at least one updatable field",
-        path: [],
-      });
-    }
-  });
-
-export const ZV3SurveyRouteParams = z.strictObject({
-  surveyId: ZId,
-});
-
-export type TV3SurveyCreateBody = z.infer<typeof ZV3SurveyCreateBody>;
-export type TV3SurveyPatchBody = z.infer<typeof ZV3SurveyPatchBody>;
-export type TV3SurveyRouteParams = z.infer<typeof ZV3SurveyRouteParams>;
@@ -1,51 +1,18 @@
-import type { TSurvey as TFullSurvey } from "@formbricks/types/surveys/types";
 import type { TSurvey } from "@/modules/survey/list/types/surveys";

-export type TV3SurveyListItem = Omit<TSurvey, "environmentId" | "singleUse"> & {
+export type TV3SurveyListItem = Omit<TSurvey, "environmentId"> & {
  workspaceId: string;
 };

-export type TV3SurveyResource = {
-  id: TFullSurvey["id"];
-  workspaceId: string;
-  createdAt: TFullSurvey["createdAt"];
-  updatedAt: TFullSurvey["updatedAt"];
-  name: TFullSurvey["name"];
-  type: TFullSurvey["type"];
-  status: TFullSurvey["status"];
-  welcomeCard: TFullSurvey["welcomeCard"];
-  blocks: TFullSurvey["blocks"];
-  endings: TFullSurvey["endings"];
-  hiddenFields: TFullSurvey["hiddenFields"];
-  variables: TFullSurvey["variables"];
-};
-
 /**
 * Keep the v3 API contract isolated from internal persistence naming.
 * Internally surveys are still scoped by environmentId; externally v3 exposes workspaceId.
 */
 export function serializeV3SurveyListItem(survey: TSurvey): TV3SurveyListItem {
-  const { environmentId, singleUse: _omitSingleUse, ...rest } = survey;
+  const { environmentId, ...rest } = survey;

  return {
    ...rest,
    workspaceId: environmentId,
  };
 }
-
-export function serializeV3SurveyResource(survey: TFullSurvey): TV3SurveyResource {
-  return {
-    id: survey.id,
-    workspaceId: survey.environmentId,
-    createdAt: survey.createdAt,
-    updatedAt: survey.updatedAt,
-    name: survey.name,
-    type: survey.type,
-    status: survey.status,
-    welcomeCard: survey.welcomeCard,
-    blocks: survey.blocks,
-    endings: survey.endings,
-    hiddenFields: survey.hiddenFields,
-    variables: survey.variables,
-  };
-}
@@ -971,13 +971,13 @@ const improveTrialConversion = (t: TFunction): TTemplate => {
          elements: [
            buildOpenTextElement({
              id: reusableElementIds[2],
-              headline: t("templates.improve_trial_conversion_question_2_headline"),
+              headline: t("templates.improve_trial_conversion_question_3_headline"),
              required: true,
              inputType: "text",
            }),
          ],
          logic: [createBlockJumpLogic(reusableElementIds[2], block6Id, "isSubmitted")],
-          buttonLabel: t("templates.improve_trial_conversion_question_2_button_label"),
+          buttonLabel: t("templates.improve_trial_conversion_question_3_button_label"),
          t,
        }),
        buildBlock({
@@ -1647,14 +1647,14 @@ const identifyCustomerGoals = (t: TFunction): TTemplate => {
          elements: [
            buildMultipleChoiceElement({
              type: TSurveyElementTypeEnum.MultipleChoiceSingle,
-              headline: "What's your primary goal for using $[projectName]?",
+              headline: t("templates.identify_customer_goals_question_1_headline"),
              required: true,
              shuffleOption: "none",
              choices: [
-                "Understand my user base deeply",
-                "Identify upselling opportunities",
-                "Build the best possible product",
-                "Rule the world to make everyone breakfast brussels sprouts.",
+                t("templates.identify_customer_goals_question_1_choice_1"),
+                t("templates.identify_customer_goals_question_1_choice_2"),
+                t("templates.identify_customer_goals_question_1_choice_3"),
+                t("templates.identify_customer_goals_question_1_choice_4"),
              ],
            }),
          ],
@@ -0,0 +1,57 @@
+"use client";
+
+import posthog from "posthog-js";
+import { useEffect, useRef } from "react";
+
+interface PostHogGroupIdentifyProps {
+  organizationId: string;
+  organizationName: string;
+  workspaceId: string;
+  workspaceName: string;
+}
+
+export const PostHogGroupIdentify = ({
+  organizationId,
+  organizationName,
+  workspaceId,
+  workspaceName,
+}: PostHogGroupIdentifyProps) => {
+  const cancelledRef = useRef(false);
+
+  useEffect(() => {
+    cancelledRef.current = false;
+
+    const applyGroups = () => {
+      posthog.group("organization", organizationId, { name: organizationName });
+      posthog.group("workspace", workspaceId, { name: workspaceName });
+    };
+
+    if (posthog.__loaded) {
+      applyGroups();
+      return;
+    }
+
+    // PostHogIdentify (in app layout) initialises posthog from a sibling
+    // useEffect; effect order isn't guaranteed, so poll briefly until loaded.
+    const intervalId = setInterval(() => {
+      if (cancelledRef.current) return;
+      if (posthog.__loaded) {
+        applyGroups();
+        clearInterval(intervalId);
+      }
+    }, 50);
+
+    const timeoutId = setTimeout(() => {
+      cancelledRef.current = true;
+      clearInterval(intervalId);
+    }, 5000);
+
+    return () => {
+      cancelledRef.current = true;
+      clearInterval(intervalId);
+      clearTimeout(timeoutId);
+    };
+  }, [organizationId, organizationName, workspaceId, workspaceName]);
+
+  return null;
+};
@@ -4,10 +4,10 @@ import { z } from "zod";
 import { logger } from "@formbricks/logger";
 import { OperationNotAllowedError } from "@formbricks/types/errors";
 import { IS_FORMBRICKS_CLOUD } from "@/lib/constants";
-import { gethasNoOrganizations } from "@/lib/instance/service";
+import { getHasNoOrganizations } from "@/lib/instance/service";
 import { createMembership } from "@/lib/membership/service";
 import { createOrganization } from "@/lib/organization/service";
-import { capturePostHogEvent } from "@/lib/posthog";
+import { capturePostHogEvent, groupIdentifyPostHog } from "@/lib/posthog";
 import { authenticatedActionClient } from "@/lib/utils/action-client";
 import { withAuditLogging } from "@/modules/ee/audit-logs/lib/handler";
 import { ensureCloudStripeSetupForOrganization } from "@/modules/ee/billing/lib/organization-billing";
@@ -21,7 +21,7 @@ export const createOrganizationAction = authenticatedActionClient
  .inputSchema(ZCreateOrganizationAction)
  .action(
    withAuditLogging("created", "organization", async ({ ctx, parsedInput }) => {
-      const hasNoOrganizations = await gethasNoOrganizations();
+      const hasNoOrganizations = await getHasNoOrganizations();
      const isMultiOrgEnabled = await getIsMultiOrgEnabled();

      if (!hasNoOrganizations && !isMultiOrgEnabled) {
@@ -50,10 +50,17 @@ export const createOrganizationAction = authenticatedActionClient
      ctx.auditLoggingCtx.organizationId = newOrganization.id;
      ctx.auditLoggingCtx.newObject = newOrganization;

-      capturePostHogEvent(ctx.user.id, "organization_created", {
-        organization_id: newOrganization.id,
-        is_first_org: hasNoOrganizations,
-      });
+      groupIdentifyPostHog("organization", newOrganization.id, { name: newOrganization.name });
+
+      capturePostHogEvent(
+        ctx.user.id,
+        "organization_created",
+        {
+          organization_id: newOrganization.id,
+          is_first_org: hasNoOrganizations,
+        },
+        { organizationId: newOrganization.id }
+      );

      return newOrganization;
    })
@@ -0,0 +1,28 @@
+import { getServerSession } from "next-auth";
+import { redirect } from "next/navigation";
+import { getHasNoOrganizations, getIsFreshInstance } from "@/lib/instance/service";
+import { authOptions } from "@/modules/auth/lib/authOptions";
+
+const Page = async () => {
+  const [session, isFreshInstance, hasNoOrganizations] = await Promise.all([
+    getServerSession(authOptions),
+    getIsFreshInstance(),
+    getHasNoOrganizations(),
+  ]);
+
+  if (isFreshInstance) {
+    return redirect("/setup/intro");
+  }
+
+  if (hasNoOrganizations) {
+    if (session) {
+      return redirect("/setup/organization/create");
+    }
+
+    return redirect("/auth/login?callbackUrl=%2Fsetup%2Forganization%2Fcreate");
+  }
+
+  return redirect("/");
+};
+
+export default Page;
@@ -19,6 +19,7 @@
      "ro-RO",
      "ru-RU",
      "sv-SE",
+      "tr-TR",
      "zh-Hans-CN",
      "zh-Hant-TW"
    ]
@@ -125,6 +125,7 @@ checksums:
    common/centered_modal: 982ff411cb7e91e30300c2ed56b7e507
    common/change_organization: 3b2c873962509445ff2cb8cde5ad913b
    common/change_workspace: 489cbcf7eef9b9b960e426fbf4da318f
+    common/choice_n: ee41eb382bae7289a221d959f3046965
    common/choices: 8a7a77a71ec6eebc363c5dc0f8490a4d
    common/choose_environment: 5762cd499529815fc3e6a7feea39f90b
    common/choose_organization: a8f5db68012323bfbb1a0ad0fb194603
@@ -138,6 +139,7 @@ checksums:
    common/close: 2c2e22f8424a1031de89063bd0022e16
    common/code: 343bc5386149b97cece2b093c39034b2
    common/collapse_rows: 24988527f9180f37aa55d2aa183ccb21
+    common/column_n: 550955aee6a92d8ccc96989300add693
    common/completed: 0e4bbce9985f25eb673d9a054c8d5334
    common/configuration: 923ec0502721489202f6222dd4107163
    common/confirm: 90930b51154032f119fa75c1bd422d8b
@@ -168,6 +170,7 @@ checksums:
    common/created_by: 6775c2fa7d495fea48f1ad816daea93b
    common/customer_success: 2b0c99a5f57e1d16cf0a998f9bb116c4
    common/dark_overlay: 173e84b526414dbc70dbf9737e443b60
+    common/data_refreshed_successfully: 85728c61a9e1a16e46af69ddf0dbcda6
    common/date: 56f41c5d30a76295bb087b20b7bee4c3
    common/days: c95fe8aedde21a0b5653dbd0b3c58b48
    common/default: d9c6dc5c412fe94143dfd1d332ec81d4
@@ -209,6 +212,7 @@ checksums:
    common/failed_to_copy_to_clipboard: de836a7d628d36c832809252f188f784
    common/failed_to_load_organizations: 512808a2b674c7c28bca73f8f91fd87e
    common/failed_to_load_workspaces: 6ee3448097394517dc605074cd4e6ea4
+    common/field_placeholder: ec26d96643d86da164162204ec6c650f
    common/filter: 626325a05e4c8800f7ede7012b0cadaf
    common/finish: ffa7a10f71182b48fefed7135bee24fa
    common/first_name: cf040a5d6a9fd696be400380cc99f54b
@@ -220,10 +224,12 @@ checksums:
    common/generate: 0345bf322c191e70d01fd6607ec5c2f8
    common/go_back: b917ea82facb90c88c523b255d29f84b
    common/go_to_dashboard: a6efa97d25e36fedc0af794f6ba610f2
+    common/headline: 0023cbe059bbadcc77312825cbbce5ac
    common/hidden: fa290c6ada5869d744ed35e9cca64699
    common/hidden_field: 3ed5c58d0ed359e558cdf7bd33606d2d
    common/hidden_fields: 3de6cfd308293a826cb8679fd1d49972
    common/hide_column: 23ce94db148f2d8e4a0923defead6cf1
+    common/html: f750870203043349d570d8f5865ca0f8
    common/id: c8886d38aeea2ed5f785aba4fc96784b
    common/image: 048ba7a239de0fbd883ade8558415830
    common/images: 9305827c28694866f49db42b4c51831f
@@ -271,7 +277,6 @@ checksums:
    common/months: da74749fbe80394fa0f72973d7b0964a
    common/move_down: 4f4de55743043355ad4a839aff2c48ff
    common/move_up: 69f25b205c677abdb26cbb69d97cd10b
-    common/multiple_languages: 7d8ddd4b40d32fcd7bd6f7bac6485b1f
    common/my_product: ad022177062f9ef6e9acf33b13e889aa
    common/name: 9368b5a047572b6051f334af5aa76819
    common/new: 126d036fae5fb6b629728ecb97e6195b
@@ -286,6 +291,7 @@ checksums:
    common/no_result_found: fedddbc0149972ea072a9e063198a16d
    common/no_results: 0e9b73265c6542240f5a3bf6b43e9280
    common/no_surveys_found: 7b74706fe4f4aacd7d858e19e444fe85
+    common/no_text_found: 27350f35bdd57b3701c7ec578a1a0e11
    common/none_of_the_above: e007f0b1e046d5ddbbcfbd87940456ee
    common/not_authenticated: fed6c62208524ea6782b5f9c07a95a4f
    common/not_authorized: 4be80383fe1a6f52c61138f1aa8d01d4
@@ -309,7 +315,7 @@ checksums:
    common/organization_settings: 11528aa89ae9935e55dcb54478058775
    common/other: 79acaa6cd481262bea4e743a422529d2
    common/other_filters: 20b09213c131db47eb8b23e72d0c4bea
-    common/others: 39160224ce0e35eb4eb252c997edf4d8
+    common/other_placeholder: f3a0fa2eaaf75aa92b290449c928c081
    common/overlay_color: 4b72073285d13fff93d094aabffe05ac
    common/overview: 30c54e4dc4ce599b87d94be34a8617f5
    common/password: 223a61cf906ab9c40d22612c588dff48
@@ -327,7 +333,6 @@ checksums:
    common/please_upgrade_your_plan: 03d54a21ecd27723c72a13644837e5ed
    common/powered_by_formbricks: 1c3e19894583292bfaf686cac84a4960
    common/preview: 3173ee1f0f1d4e50665ca4a84c38e15d
-    common/preview_survey: 7409e9c118e3e5d5f2a86201c2b354f2
    common/privacy: 7459744a63ef8af4e517a09024bd7c08
    common/product_manager: dfeadc96e6d3de22a884ee97974b505e
    common/production: 226e0ce83b49700bc1b1c08c4c3ed23a
@@ -342,6 +347,7 @@ checksums:
    common/quotas_description: a2caa44fa74664b3b6007e813f31a754
    common/read_docs: d06513c266fdd9056e0500eab838ebac
    common/recipients: f90e7f266be3f5a724858f21a9fd855e
+    common/refresh: c0aec3f31be4c984bae9a482572d2857
    common/remove: dba2fe5fe9f83f8078c687f28cba4b52
    common/remove_from_team: 69bcc7a1001c3017f9de578ee22cffd6
    common/reorder_and_hide_columns: a5e3d7c0c7ef879211d05a37be1c5069
@@ -354,6 +360,7 @@ checksums:
    common/responses: 14bb6c69f906d7bbd1359f7ef1bb3c28
    common/restart: bab6232e89f24e3129f8e48268739d5b
    common/role: 53743bbb6ca938f5b893552e839d067f
+    common/row_n: eb5bb04b244fadd7a6962aa58bf6bd17
    common/saas: f01686245bcfb35a3590ab56db677bdb
    common/sales: 38758eb50094cd8190a71fe67be4d647
    common/save: f7a2929f33bc420195e59ac5a8bcd454
@@ -392,6 +399,7 @@ checksums:
    common/storage_not_configured: b0c3e339f6d71f23fdd189e7bcb076f6
    common/string: 4ddccc1974775ed7357f9beaf9361cec
    common/styling: 240fc91eb03c52d46b137f82e7aec2a1
+    common/subheader: 73a37d57cb9807e574a42bd0c7e334ed
    common/submit: 7c91ef5f747eea9f77a9c4f23e19fb2e
    common/summary: 13eb7b8a239fb4702dfdaee69100a220
    common/survey: b659d270a53dada994d926e0cc6e9a54
@@ -460,7 +468,6 @@ checksums:
    common/workspace_name_placeholder: 8a9e30ab01666af13c44a73b82c37ec1
    common/workspaces: 8ba082a84aa35cf851af1cf874b853e2
    common/years: eb4f5fdd2b320bf13e200fd6a6c1abff
-    common/you: db2a4a796b70cc1430d1b21f6ffb6dcb
    common/you_are_downgraded_to_the_community_edition: e3ae56502ff787109cae0997519f628e
    common/you_are_not_authorized_to_perform_this_action: 1b3255ab740582ddff016a399f8bf302
    common/you_have_reached_your_limit_of_workspace_limit: 54d754c3267036742f23fb05fd3fcc45
@@ -633,8 +640,6 @@ checksums:
    environments/contacts/attributes_msg_new_attribute_created: 5cba6158c4305c05104814ec1479267c
    environments/contacts/attributes_msg_userid_already_exists: 9c695538befc152806c460f52a73821a
    environments/contacts/contact_deleted_successfully: c5b64a42a50e055f9e27ec49e20e03fa
-    environments/contacts/contacts_table_refresh: 6a959475991dd4ab28ad881bae569a09
-    environments/contacts/contacts_table_refresh_success: 40951396e88e5c8fdafa0b3bb4fadca8
    environments/contacts/create_attribute: 87320615901f95b4f35ee83c290a3a6c
    environments/contacts/create_new_attribute: c17d407dacd0b90f360f9f5e899d662f
    environments/contacts/create_new_attribute_description: cc19d76bb6940537bbe3461191f25d26
@@ -784,6 +789,9 @@ checksums:
    environments/integrations/notion/update_connection_tooltip: 2429919f575e47f5c76e54b4442ba706
    environments/integrations/notion_integration_description: 31a73dbe88fe18a078d6dc15f0c303e2
    environments/integrations/please_select_a_survey_error: 465aa7048773079c8ffdde8b333b78eb
+    environments/integrations/reconnect_button: 8992a0f250278c116cb26be448b68ba2
+    environments/integrations/reconnect_button_description: 01f79dc561ff87b5f2a80bf66e492844
+    environments/integrations/reconnect_button_tooltip: 5552effda9df8d6778dda1cf42e5d880
    environments/integrations/select_at_least_one_question_error: a3513cb02ab0de2a1531893ac0c7e089
    environments/integrations/slack/already_connected_another_survey: 4508f9e4a2915e3818ea5f9e2695e000
    environments/integrations/slack/channel_name: 1afcd1d0401850ff353f5ae27502b04a
@@ -1129,7 +1137,7 @@ checksums:
    environments/settings/general/organization_invite_link_ready: e54b37c4ec2e5a9ea9f6bc6e5b512b0b
    environments/settings/general/organization_name: 73c9b31c9032a22bd84a07881942bb04
    environments/settings/general/organization_name_description: ff517b4749a332b94a26110d7c7e771f
-    environments/settings/general/organization_name_placeholder: fc91de3ddc89ab77f30d555778312380
+    environments/settings/general/organization_name_placeholder: abcee7d91a848e573b63a763cfaf6a08
    environments/settings/general/organization_name_updated_successfully: d36ba3a4f614d30b10e696d25da22432
    environments/settings/general/organization_settings: d31952131ad5f0ec72ad96f1ed11bef6
    environments/settings/general/please_add_a_logo: 66d6f97a2e7b27efc04bd653240ee813
@@ -1184,6 +1192,7 @@ checksums:
    environments/settings/profile/update_personal_info: 5806f9bae0248a604cf85a2d8790a606
    environments/settings/profile/warning_cannot_delete_account: 07c25c3829149cd7171e7ad88229deac
    environments/settings/profile/warning_cannot_undo: dd1b2a59ff244b362d1d0d4eb1dbf7c6
+    environments/settings/profile/wrong_password: e3523f78b302d11b33af6cc40d8df9da
    environments/settings/teams/add_members_description: 96e1e7125a0dfeaecc2c238eda3a216f
    environments/settings/teams/add_workspaces_description: f0f0cdd4d1032fbcb83d34a780bdfa52
    environments/settings/teams/all_members_added: 0541be1777b5c838f2e039035488506c
@@ -1231,15 +1240,9 @@ checksums:
    environments/settings/teams/you_are_a_member: cf5af638d5371c8fbc337e92519e5150
    environments/surveys/all_set_time_to_create_first_survey: 21d3bb74c3b9642b3195d17c17346399
    environments/surveys/alphabetical: 5fcfeff9c5fd28714f0a390e0ddaaaee
-    environments/surveys/copy_survey: de8142b45e7bca61f2dca0069a62b417
-    environments/surveys/copy_survey_description: 66d0aadf192ad5790fbf3f55f3bb5485
-    environments/surveys/copy_survey_error: 74cab7d84ea8b669e106d4c326cac005
    environments/surveys/copy_survey_link_to_clipboard: 77387e3d3de4be07a2a34963f73cd7e8
-    environments/surveys/copy_survey_partially_success: a436a5fb7167b95c2308794d35aab070
-    environments/surveys/copy_survey_success: a829e645fe034b3e712d0b8572a5edc4
    environments/surveys/delete_survey_and_responses_warning: 3320c91c1fd27378b7f3d6abc003f2ae
-    environments/surveys/edit/1_choose_the_default_language_for_this_survey: d22759857c1bb3d6b337e8e9d501dad7
-    environments/surveys/edit/2_activate_translation_for_specific_languages: 9f23cb81ad301073df45ae36f0d94f9e
+    environments/surveys/edit/activate_translations: af127c1bed2b47e2012e3a23e489ecb8
    environments/surveys/edit/add: 5196f5cd4ba3a6ac8edef91345e17f66
    environments/surveys/edit/add_a_delay_or_auto_close_the_survey: b5fa358bf3ff324014060eb0baf6dd2f
    environments/surveys/edit/add_a_four_digit_pin: 953cb3673d2135923e3b4474d33ffb2c
@@ -1289,7 +1292,7 @@ checksums:
    environments/surveys/edit/audience: a4d9fab4214a641e2d358fbb28f010e0
    environments/surveys/edit/auto_close_on_inactivity: 093db516799315ccd4242a3675693012
    environments/surveys/edit/auto_progress_rating_and_nps: 76b98e95a5b850850baa0ccc3c7fbf7c
-    environments/surveys/edit/auto_progress_rating_and_nps_description: cbf676789b9f3f47e36bdf35fa58282b
+    environments/surveys/edit/auto_progress_rating_and_nps_description: 2a992dd8a5b9532f178f9a21881feb9a
    environments/surveys/edit/auto_save_disabled: f7411fb0dcfb8f7b19b85f0be54f2231
    environments/surveys/edit/auto_save_disabled_tooltip: 77322e1e866b7d29f7641a88bbd3b681
    environments/surveys/edit/auto_save_on: 1524d466830b00c5d727c701db404963
@@ -1335,6 +1338,7 @@ checksums:
    environments/surveys/edit/caution_text: 3291e962c0e4c4656832837ddc512918
    environments/surveys/edit/change_anyway: 6377497d40373f6d0f082670194981ab
    environments/surveys/edit/change_background: fa71a993869f7d3ac553c547c12c3e9b
+    environments/surveys/edit/change_default: 6236a6c8a28489ba7c4cad7426806859
    environments/surveys/edit/change_question_type: 2d555ae48df8dbedfc6a4e1ad492f4aa
    environments/surveys/edit/change_survey_type: c26322043a476da6d94adb8b4efe1e93
    environments/surveys/edit/change_the_background_to_a_color_image_or_animation: f1b9c9eb61497dd91b2550dd50c77836
@@ -1347,6 +1351,7 @@ checksums:
    environments/surveys/edit/choose_where_to_run_the_survey: ad87bcae97c445f1fd9ac110ea24f117
    environments/surveys/edit/city: 1831f32e1babbb29af27fac3053504a2
    environments/surveys/edit/close_survey_on_response_limit: 256d0bccdbcbb3d20e39aabc5b376e5e
+    environments/surveys/edit/code: 343bc5386149b97cece2b093c39034b2
    environments/surveys/edit/color: 9d53d1d120e8b8954bcae9a322573748
    environments/surveys/edit/column_used_in_logic_error: deffbd3e8f4bd71a5e522682e8ee60dd
    environments/surveys/edit/columns: 14896556dc1535d70198854757f704ec
@@ -1371,6 +1376,7 @@ checksums:
    environments/surveys/edit/customize_survey_logo: 7f7e26026c88a727228f2d7a00d914e2
    environments/surveys/edit/darken_or_lighten_background_of_your_choice: 304a64a8050ebf501d195e948cd25b6f
    environments/surveys/edit/days_before_showing_this_survey_again: 9ee757e5c3a07844b12ceb406dc65b04
+    environments/surveys/edit/default_language: 06d01d2598419e36ba97d2d8719f849b
    environments/surveys/edit/delete_anyways: cc8683ab625280eefc9776bd381dc2e8
    environments/surveys/edit/delete_block: c00617cb0724557e486304276063807a
    environments/surveys/edit/delete_choice: fd750208d414b9ad8c980c161a0199e1
@@ -1390,7 +1396,6 @@ checksums:
    environments/surveys/edit/duplicate_question: 910751de01fdd327165968214717711b
    environments/surveys/edit/edit_link: 40ba9e15beac77a46c5baf30be84ac54
    environments/surveys/edit/edit_recall: 38a4a7378d02453e35d06f2532eef318
-    environments/surveys/edit/edit_translations: 2b21bea4b53e88342559272701e9fbf3
    environments/surveys/edit/element_not_found: 196777ff6811dd177971ffc8e27a72c1
    environments/surveys/edit/enable_participants_to_switch_the_survey_language_at_any_point_during_the_survey: c70466147d49dcbb3686452f35c46428
    environments/surveys/edit/enable_recaptcha_to_protect_your_survey_from_spam: 4483a5763718d201ac97caa1e1216e13
@@ -1477,7 +1482,7 @@ checksums:
    environments/surveys/edit/hide_question_settings: 99127cd016db2f7fc80333b36473c0ef
    environments/surveys/edit/hostname: 9bdaa7692869999df51bb60d58d9ef62
    environments/surveys/edit/if_you_need_more_please: a7d208c283caf6b93800b809fca80768
-    environments/surveys/edit/if_you_really_want_that_answer_ask_until_you_get_it: 31c18a8c7c578db2ba49eed663d1739f
+    environments/surveys/edit/if_you_really_want_that_answer_ask_until_you_get_it: 5abd8b702f9fb0e3815c3413d6f8aef6
    environments/surveys/edit/ignore_global_waiting_time: e08db543ace4935625e0961cc6e60489
    environments/surveys/edit/ignore_global_waiting_time_description: 37d173a4d537622de40677389238d859
    environments/surveys/edit/image: 048ba7a239de0fbd883ade8558415830
@@ -1526,11 +1531,13 @@ checksums:
    environments/surveys/edit/long_answer: 3a97f8d2e90aba6e679917a0c5670c53
    environments/surveys/edit/long_answer_toggle_description: 86bcdfeb74d9825c2f2d5a215e92d111
    environments/surveys/edit/lower_label: 45985bca022d4370bd6e013af75d5160
-    environments/surveys/edit/manage_languages: 9c56d5afee8a73dfc283a452470f3a10
+    environments/surveys/edit/manage_languages: fe82303bc27b55ccfc076b527b185e39
+    environments/surveys/edit/manage_translations: 09b01c5c251e6dbc3dc6cd8b33fb6301
    environments/surveys/edit/matrix_all_fields: 187240509163b2f52a400a565e57c67f
    environments/surveys/edit/matrix_rows: 8f41f34e6ca28221cf1ebd948af4c151
    environments/surveys/edit/max_file_size: 3d35a22048f4d22e24da698fb5fb77d7
    environments/surveys/edit/max_file_size_limit_is: 78998639cde3587cecb272ba47e05f9e
+    environments/surveys/edit/missing_first: a0c8802636ade7bac86a0dacba00b8d4
    environments/surveys/edit/move_question_to_block: e8d7ef1e2f727921cb7f5788849492ad
    environments/surveys/edit/multiply: 89a0bb629167f97750ae1645a46ced0d
    environments/surveys/edit/needed_for_self_hosted_cal_com_instance: d241e72f0332177d32ce6c35070757dc
@@ -1538,7 +1545,7 @@ checksums:
    environments/surveys/edit/next_button_label: 39f1e82ae1dea5e400e8ed7c98c6ad9c
    environments/surveys/edit/no_hidden_fields_yet_add_first_one_below: 9cc6cab3a6a42dbf835215897b5b8516
    environments/surveys/edit/no_images_found_for: 7dabcbcc7084f59c6ec0971895dfcd29
-    environments/surveys/edit/no_languages_found_add_first_one_to_get_started: 22d7782c8504daf693cab3cf7135d6e3
+    environments/surveys/edit/no_languages_found_add_first_one_to_get_started: 4e66397232da6a463708220dc020bf42
    environments/surveys/edit/no_option_found: a1a3aa7e6c13b6bb8df20a1a104c7c04
    environments/surveys/edit/no_recall_items_found: 729e2b02e412cdc79f5ad94b1918620c
    environments/surveys/edit/no_variables_yet_add_first_one_below: c8704b9ebc9c26c0e9dd50c099ba88cd
@@ -1565,6 +1572,7 @@ checksums:
    environments/surveys/edit/please_enter_a_valid_url: 25d43dfb802c31cb59dc88453ea72fc4
    environments/surveys/edit/please_set_a_survey_trigger: 0358142df37dd1724f629008a1db453a
    environments/surveys/edit/please_specify: e1faa6cd085144f7339c7e74dc6fb366
+    environments/surveys/edit/present_your_survey_in_multiple_languages: 37f28b0a092d68322fedbc2e0c221ef3
    environments/surveys/edit/prevent_double_submission: afc502baa2da81d9c9618da1c3b5a57a
    environments/surveys/edit/prevent_double_submission_description: ef7d2aa22d43bdc6ccebb076c6aa9ce5
    environments/surveys/edit/progress_saved: d7bfc189571f08bbb4d0240cb9363ffa
@@ -1654,6 +1662,7 @@ checksums:
    environments/surveys/edit/seven_points: 4ead50fdfda45e8710767e1b1a84bf42
    environments/surveys/edit/show_block_settings: bad99d99c9908874e45f5c350a88cc79
    environments/surveys/edit/show_button: 6b364aac9d7ac71f34a438607c9693bc
+    environments/surveys/edit/show_in_order: 15784a59572eb8a6dba6b918c31a9493
    environments/surveys/edit/show_language_switch: b6915a7f26d7079f2d4d844d74440413
    environments/surveys/edit/show_multiple_times: 05239c532c9c05ef5d2990ba6ce12f60
    environments/surveys/edit/show_only_once: 31858baf60ebcf193c7e35d9084af0af
@@ -1685,7 +1694,6 @@ checksums:
    environments/surveys/edit/survey_preview: 33644451073149383d3ace08be930739
    environments/surveys/edit/survey_styling: 7f96d6563e934e65687b74374a33b1dc
    environments/surveys/edit/survey_trigger: f0c7014a684ca566698b87074fad5579
-    environments/surveys/edit/switch_multi_language_on_to_get_started: cca0ef91ee49095da30cd1e3f26c406f
    environments/surveys/edit/target_block_not_found: 0a0c401017ab32364fec2fcbf815d832
    environments/surveys/edit/targeted: ca615f1fc3b490d5a2187b27fb4a2073
    environments/surveys/edit/ten_points: a1317b82003859f77fb3138c55450d63
@@ -1693,9 +1701,11 @@ checksums:
    environments/surveys/edit/the_survey_will_be_shown_once_even_if_person_doesnt_respond: e45beba7ae126775f4966776c982a3b4
    environments/surveys/edit/then: 5e941fb7dd51a18651fcfb865edd5ba6
    environments/surveys/edit/this_action_will_remove_all_the_translations_from_this_survey: 3340c89696f10bdc01b9a1047ff0b987
+    environments/surveys/edit/this_will_remove_the_language_and_all_its_translations: 6a71ae70abbd61f13f15323d825a47f6
    environments/surveys/edit/three_points: d7f299aec752d7d690ef0ab6373327ae
    environments/surveys/edit/times: 5ab156c13df6bfd75c0b17ad0a92c78a
    environments/surveys/edit/to_keep_the_placement_over_all_surveys_consistent_you_can: 7a078e6a39d4c30b465137d2b6ef3e67
+    environments/surveys/edit/translated: 5b9d805410310b726f12bacb06da44e3
    environments/surveys/edit/trigger_survey_when_one_of_the_actions_is_fired: 8570291668ec9879d204f10e861112db
    environments/surveys/edit/try_lollipop_or_mountain: c550a0f07b3ae40a237e30a4314a249c
    environments/surveys/edit/type_field_id: 714b845806236bb8a9d6a09933b836e9
@@ -1768,6 +1778,7 @@ checksums:
    environments/surveys/edit/verify_email_before_submission_description: 434ab3ee6134367513b633a9d4f7d772
    environments/surveys/edit/visibility_and_recontact: c27cb4ff3a4262266902a335c3ad5d84
    environments/surveys/edit/visibility_and_recontact_description: 2969ab679e1f6111dd96e95cee26e219
+    environments/surveys/edit/visible: 54ea1310fe55664c24a712eb17070fbd
    environments/surveys/edit/wait: 014d18ade977bf08d75b995076596708
    environments/surveys/edit/wait_a_few_seconds_after_the_trigger_before_showing_the_survey: 13d5521cf73be5afeba71f5db5847919
    environments/surveys/edit/waiting_time_across_surveys: 6873c18d51830e2cadef67cce6a2c95c
@@ -1950,7 +1961,6 @@ checksums:
    environments/surveys/summary/downloading_qr_code: 3c46bf636e617848a4fca9b6c5b51dac
    environments/surveys/summary/drop_offs: 605ee950f82110132d6c5780926af109
    environments/surveys/summary/drop_offs_tooltip: 2a01683380be45f17636365886cf3452
-    environments/surveys/summary/failed_to_copy_link: 4e891c757c80e770674e8e74d1c08487
    environments/surveys/summary/filter_added_successfully: e247f65020cd87454bcec0da6f0fd034
    environments/surveys/summary/filter_updated_successfully: 01146bc7e6394e271836be2f1b3a257b
    environments/surveys/summary/filtered_responses_csv: aad66a98be6a09cac8bef9e4db4a75cf
@@ -2035,7 +2045,6 @@ checksums:
    environments/surveys/summary/youre_not_plugged_in_yet: f19da3cd474b9a3cf28e956fd811fb00
    environments/surveys/survey_deleted_successfully: a6b654cc914b344a4475fd2fd4a98cc5
    environments/surveys/survey_duplicated_successfully: 91e244f1e7a33640bb4817166a01ff46
-    environments/surveys/survey_duplication_error: 35994330aed844ce37d8b4f09df24581
    environments/surveys/templates/all_channels: 6be67a82fc7326dc2304b23ab3348b87
    environments/surveys/templates/all_industries: c7354412fe34585526ff2232aadace41
    environments/surveys/templates/all_roles: 6582ccd0a2349c162a7ae1574cdf76be
@@ -2112,7 +2121,6 @@ checksums:
    environments/workspace/languages/duplicate_language_or_language_id: 0e17e3794b24e2428ca6ffadae0d08f3
    environments/workspace/languages/edit_languages: c9d36f6b28557cc7d54e87c37dc18fdd
    environments/workspace/languages/identifier: 7d8ade6b85e96216bcd73adeeeeecd8c
-    environments/workspace/languages/incomplete_translations: d82908b5725f18f5849c7876ad497ebc
    environments/workspace/languages/language: 277fd1a41cc237a437cd1d5e4a80463b
    environments/workspace/languages/language_deleted_successfully: 4a805d030491f3fe608d2371b0cfcd83
    environments/workspace/languages/languages_updated_successfully: 60de474c99c5059c0458cddd0b016c15
@@ -2123,7 +2131,6 @@ checksums:
    environments/workspace/languages/remove_language: 1a64563b0f37109f97b78eddd493e381
    environments/workspace/languages/remove_language_from_surveys_to_remove_it_from_workspace: 61bc96f9db31a29a649cc9ecd684bc39
    environments/workspace/languages/search_items: b54b751c8b075200be579d6c8e58096b
-    environments/workspace/languages/translate: 59f9803b27e2030ba7323ed239116cf7
    environments/workspace/look/add_background_color: 9be512ee1246e32d3958c56097d202d9
    environments/workspace/look/add_background_color_description: adb6fcb392862b3d0e9420d9b5405ddb
    environments/workspace/look/advanced_styling_field_border_radius: 63b8f3541a9792d705e67d5aca7b6451
@@ -2181,12 +2188,12 @@ checksums:
    environments/workspace/look/advanced_styling_field_track_bg_description: 8a56258273dfe49e83fe752ea9e8daed
    environments/workspace/look/advanced_styling_field_track_height: 9ce57cb4583039c224a37e013efb6b8f
    environments/workspace/look/advanced_styling_field_track_height_description: 90243a4374e15d9118ad0fd93d5f3614
-    environments/workspace/look/advanced_styling_field_upper_label_color: 65d75c60dfdba88e5fed38bcb24a0a5d
-    environments/workspace/look/advanced_styling_field_upper_label_color_description: ae2276506807c7ceeb7a8b87723a8dd4
-    environments/workspace/look/advanced_styling_field_upper_label_size: ea0ca9a3ffa1650f97a31df453b0afc7
-    environments/workspace/look/advanced_styling_field_upper_label_size_description: 061668625be0f7a68ebc2e2ebe49e5a9
-    environments/workspace/look/advanced_styling_field_upper_label_weight: 946c5836d2cfaaee21e494424d550887
-    environments/workspace/look/advanced_styling_field_upper_label_weight_description: 916b03c719a8dead351679336aabcf53
+    environments/workspace/look/advanced_styling_field_upper_label_color: 2767a5db32742073a01aac16488e93dc
+    environments/workspace/look/advanced_styling_field_upper_label_color_description: 58f43ce21b7f6539cc937aa80c7e8060
+    environments/workspace/look/advanced_styling_field_upper_label_size: 3342babd1df61a3bdf7a3284137f7c24
+    environments/workspace/look/advanced_styling_field_upper_label_size_description: 867a89a79ed7ac7f1c6b0f3481a67f26
+    environments/workspace/look/advanced_styling_field_upper_label_weight: a9a0de9e840518d282cfdbcb02d059b5
+    environments/workspace/look/advanced_styling_field_upper_label_weight_description: 3cee88e1c8e75548dcb6004f0e44f31c
    environments/workspace/look/advanced_styling_section_buttons: 3b44d6e2800e7bf3f133f1bce435f4c2
    environments/workspace/look/advanced_styling_section_headlines: 6def704c0ac2ecb5951400c806856a41
    environments/workspace/look/advanced_styling_section_inputs: 76bbeb561122a72fd3ec8c49eff7c563
@@ -2719,6 +2726,11 @@ checksums:
    templates/gauge_feature_satisfaction_question_2_headline: 0fcbefbfcf5c21e42de8a36cb2cad854
    templates/identify_customer_goals_description: c30d06df9e5c76334e4c3d470ee6e4d8
    templates/identify_customer_goals_name: f8123dbfa22e169517a811fae7496595
+    templates/identify_customer_goals_question_1_choice_1: a6803cfbdbd6208eedf5c691f9e106a5
+    templates/identify_customer_goals_question_1_choice_2: 7461749517d62030ec2e3915cf1d223b
+    templates/identify_customer_goals_question_1_choice_3: 725eb3ee0d4f2d229fcf588c21e66a86
+    templates/identify_customer_goals_question_1_choice_4: 3985521036afaf1cbd2bdc7a4d86d351
+    templates/identify_customer_goals_question_1_headline: bd9cd414fb723110d7f0a786bbf89d6c
    templates/identify_sign_up_barriers_description: 5b2fbee8c425d7a4d0706ec3628cea11
    templates/identify_sign_up_barriers_name: 3bbc5352dfa7a9c237bc2c6b21b608dd
    templates/identify_sign_up_barriers_question_1_button_label: 080fd22c580f56ffdcea6c3d60448b84
@@ -2793,12 +2805,14 @@ checksums:
    templates/improve_trial_conversion_question_1_subheader: 67c7047ba2365d461df14dbed3f9506d
    templates/improve_trial_conversion_question_2_button_label: 89ddbcf710eba274963494f312bdc8a9
    templates/improve_trial_conversion_question_2_headline: 05dd4820f60b9d267a9affc7e662f029
+    templates/improve_trial_conversion_question_3_button_label: 89ddbcf710eba274963494f312bdc8a9
+    templates/improve_trial_conversion_question_3_headline: 3daeccf3dfc7bf8e9868c10fb3ea0b19
    templates/improve_trial_conversion_question_4_button_label: d94a6a11cfdf4ebde4c5332e585e2e96
    templates/improve_trial_conversion_question_4_headline: 9b07341f65574c4165086ec107cebb45
    templates/improve_trial_conversion_question_4_html: 8ce95691eeeae7ad61c4d2f867b918ca
    templates/improve_trial_conversion_question_5_button_label: 89ddbcf710eba274963494f312bdc8a9
    templates/improve_trial_conversion_question_5_headline: dbd99e216fcbf8693b8e77fbd77e1c84
-    templates/improve_trial_conversion_question_5_subheader: b9b478e967930358b0c74324a7c18fc8
+    templates/improve_trial_conversion_question_5_subheader: 859876a442a633f4aa0d78fd0ee4ab4c
    templates/improve_trial_conversion_question_6_headline: f15239ecc4f1a6bd8bea77a38b39c844
    templates/improve_trial_conversion_question_6_subheader: e147ddbb609fff6e6fc78fb1f4add0ac
    templates/integration_setup_survey_description: 696ccab07d7098cdb79c224fa1208889
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
pandeymangg	2884fc9f1e	fixes coderabbit feedback	2026-05-08 10:49:22 +05:30
pandeymangg	29d4f23520	fix/webhook-ssrf-toctou-dns-pin	2026-05-07 18:37:46 +05:30
Dhruwang Jariwala	7e2c439325	feat: add PostHog group analytics and feature events (#7914 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Harsh Bhat <harsh121102@gmail.com>	2026-05-07 07:49:27 +00:00
Javi Aguilar	a2177eec96	fix: survey modal accessibility issues by using a focus trap (#7939 )	2026-05-07 06:14:06 +00:00
Javi Aguilar	255c97854f	fix: survey runtime accessibility for keyboard controls (#7927 )	2026-05-06 10:21:42 +00:00
Matti Nannt	d103499496	fix(security): strip sensitive survey and segment metadata from public client API (#7931 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-05-06 09:54:15 +00:00
Matti Nannt	b863238f15	refactor: rename gethasNoOrganizations to getHasNoOrganizations (#7940 ) Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-06 05:03:02 +00:00
Johannes	28280899ea	fix: recover incomplete initial setup (#7912 )	2026-05-05 14:28:23 +00:00
Matti Nannt	bc63870289	feat: add Linear Releases integration to CI pipeline (#7921 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-05 14:17:48 +00:00
Javi Aguilar	9a04e95d15	fix: cal and open text fields a11y semantic improvements (#7936 )	2026-05-05 12:31:09 +00:00
Bhagya Amarasinghe	9d9f38515d	fix: omit replicas when HPA is enabled (#7934 )	2026-05-05 10:32:16 +00:00
Tiago	fae00f6a82	fix: outlook preview (#7803 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-05-04 15:10:14 +00:00
Anshuman Pandey	a274c444ad	fix: reject SSO auto-provisioning when AUTH_SSO_DEFAULT_TEAM_ID is missing (#7926 )	2026-05-04 10:57:44 +00:00
Anshuman Pandey	5fae207cd7	fix: duplicate action class name error (#7919 )	2026-04-30 09:17:09 +00:00
Johannes	654539d320	fix: removed dead menu item & theme import (#7909 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-30 08:09:40 +00:00
Johannes	44aac89d41	fix: return generic credentials error for SSO-only accounts (#7911 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com>	2026-04-30 08:09:34 +00:00
Johannes	e0250b2a58	fix: include partial response in trigger description (#7908 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com> Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-30 06:27:48 +00:00
Labeeb	a8d6cd8a9f	fix: 7817 use fully translated inactive survey headings (#7836 )	2026-04-30 04:46:13 +00:00
Bhagya Amarasinghe	f79fe1490e	feat: add PostHog experiment wrappers (#7899 )	2026-04-29 08:07:11 +00:00
Dhruwang Jariwala	5cfbc671c5	fix: allow back navigation to prefilled questions in email embed surveys (#7900 )	2026-04-29 08:06:08 +00:00
Tiago	e6e9419b93	fix: require step-up authorization for account deletion (#7901 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-28 12:46:27 +00:00
dependabot[bot]	90eb78e571	chore(deps): bump the npm_and_yarn group across 5 directories with 2 updates (#7834 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matti Nannt <matti@formbricks.com>	2026-04-28 12:01:12 +02:00
Johannes	991866f549	docs: document option ID prefilling (#7893 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-28 08:17:05 +00:00
Bhagya Amarasinghe	6d1b3475d4	fix(survey-list): reduce v3 overview query cost (#7812 )	2026-04-27 16:53:53 +00:00
Johannes	5e967a2b67	fix: use app.formbricks.com in v1 API docs (#7894 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-27 13:19:12 +00:00
Johannes	23a8fd6a47	fix: replace organization name placeholder example (#7832 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com> Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-27 12:49:16 +00:00
Dhruwang Jariwala	0686eb3cbb	feat: add refetch button to refresh responses table (#7808 ) Co-authored-by: Johannes <johannes@formbricks.com>	2026-04-27 10:10:53 +00:00
Anshuman Pandey	6d9ab315c2	fix: prevent SSRF via redirect following in webhook delivery (#7877 )	2026-04-27 08:50:21 +00:00
Tiago	4128731c5f	fix: password hash visibility improvement (#7814 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-24 18:16:59 +00:00
Matti Nannt	ef96426ca0	chore(security): dependency audit — reduce attack surface & resolve all vulnerabilities (#7801 ) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-24 20:32:32 +02:00
Dhruwang Jariwala	ce1dbe8b00	fix: apply plan changes immediately for non-standard plans (#7807 )	2026-04-24 07:38:33 +00:00
Dhruwang Jariwala	444f043140	fix: prevent Airtable integration crash when token expires (#7811 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-23 08:36:10 +00:00
Dhruwang Jariwala	2d32c0d671	feat: add iframe preview to website embed tab (#7791 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-23 06:36:55 +00:00
Dhruwang Jariwala	8dc70a5e30	fix: prevent survey widget CSS from polluting host page styles (#7805 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-22 12:24:44 +00:00
Aryan Ghugare	3e4e55fbf1	fix: prevent bypass of single-use survey restriction via v1 API (#7735 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-22 09:48:18 +00:00
Tiago	fcfedd6e15	feat: replace minio with rustfs (#7742 )	2026-04-22 08:07:38 +00:00
Tiago	6c4342690f	fix: harden legacy SSO relinking (#7755 )	2026-04-22 07:35:23 +00:00
arasucar	b8c361fcf3	refactor: use context instead of prop drilling in survey analysis components (#6223 ) (#7754 ) Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-22 06:00:13 +00:00
Matti Nannt	8771a0ec91	fix: lodash vulnerability (#7800 )	2026-04-22 05:57:08 +00:00
Bhagya Amarasinghe	fc33c52133	fix: patch protobufjs transitive vulnerabilities (#7790 )	2026-04-21 09:59:12 +00:00
Balázs Úr	75cf9293b1	fix: Hungarian translation (#7752 )	2026-04-21 08:41:53 +00:00
Serhat	e489c6a346	feat: Add Turkish (tr) translations (#7645 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-20 12:51:25 +00:00
Johannes	cefc2bdf60	fix: show oversized upload error when mime type is missing (#7757 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com>	2026-04-20 07:00:41 +00:00
dependabot[bot]	78473bf3d0	chore(deps): bump the npm_and_yarn group across 12 directories with 4 updates (#7680 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Matti Nannt <matti@formbricks.com>	2026-04-20 06:59:52 +00:00
Johannes	15403c6a92	fix: add accessible dialog title to project limit modal (#7769 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-20 06:45:21 +00:00
Johannes	35b98863a4	feat: auto-fill safe attribute key from label (#7771 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-20 06:44:10 +00:00
Anshuman Pandey	65f5968fb1	fix: fixes sentry ref issue (#7776 )	2026-04-20 06:29:44 +00:00
Bhagya Amarasinghe	2dfea4d72f	fix: prevent split offline responses on restore (#7767 )	2026-04-20 06:05:13 +00:00
Dhruwang Jariwala	ff77118932	fix: response tag UI issues in response modal (#7765 )	2026-04-17 11:59:59 +00:00
Johannes	79a773432a	feat: extend auto-progress to single-select question types (#7725 )	2026-04-17 10:17:00 +00:00
Niels Kaspers	d53869f1df	fix: fix duplicate block and misleading subheader in trial conversion template (#7560 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-17 10:01:54 +00:00
Balázs Úr	fc9ddb2b0d	fix: mark Identify Customer Goals survey as translatable (#7566 ) Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>	2026-04-17 09:53:15 +00:00
Bhagya Amarasinghe	6fcb6863bd	feat: migrate survey overview to v3 APIs (#7741 )	2026-04-17 09:45:12 +00:00
Johannes	b1cee91ad9	fix: redirect active project and organization selections (#7724 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-17 09:33:12 +00:00
Dhruwang Jariwala	60bd5cbeff	fix: prevent environment ID leak in API error responses (#7753 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-17 08:38:32 +00:00
Dhruwang Jariwala	b6a3a15379	fix: make other option input field mandatory when sole selection (#7751 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-17 08:06:00 +00:00
Johannes	c68f214eff	fix: keep sidebar switcher icons round with long labels (#7756 ) Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Johannes <jobenjada@users.noreply.github.com>	2026-04-17 08:04:10 +00:00
Harsh Bhat	c90ee84483	chore: Add survey to formbricks docs (#7746 )	2026-04-16 12:13:55 +00:00
Dhruwang Jariwala	dc1ee72594	chore: translation management revamp (scope 1) (#7733 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Johannes <johannes@formbricks.com> Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>	2026-04-16 11:18:48 +00:00
Dhruwang Jariwala	924132287e	fix: connect rating/NPS scale labels to label styling settings (#7738 ) Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-16 10:59:59 +00:00