fix: [Backport] backports query fix (#7289)

Co-authored-by: Theodór Tómas <theodortomas@gmail.com>

.env.example

@@ -38,13 +38,6 @@ LOG_LEVEL=info
 
 DATABASE_URL='postgresql://postgres:postgres@localhost:5432/formbricks?schema=public'
 
-#################
-#  HUB (DEV)    #
-#################
-# Optional. The dev stack (pnpm db:up / pnpm go) runs Formbricks Hub on port 8080.
-# Override the default Hub API key (default: dev-api-key) when using docker-compose.dev.yml:
-# HUB_API_KEY=
-
 ################
 #  MAIL SETUP  #
 ################

README.md

@@ -169,7 +169,7 @@ Here is what you need to be able to run Formbricks:
 
 ### Local Setup
 
-To get started locally, we've got a [guide to help you](https://formbricks.com/docs/developer-docs/contributing/get-started#local-machine-setup). The dev stack (`pnpm db:up` or `pnpm go`) includes [Formbricks Hub](https://github.com/formbricks/hub) on port 8080; optional Hub env vars (e.g. `HUB_API_KEY`) are in `.env.example`. See [docker/README.md](docker/README.md#formbricks-hub) for details.
+To get started locally, we've got a [guide to help you](https://formbricks.com/docs/developer-docs/contributing/get-started#local-machine-setup).
 
 ### Gitpod Setup
 

apps/web/modules/core/rate-limit/rate-limit-configs.ts

@@ -30,4 +30,4 @@ export const rateLimitConfigs = {
     upload: { interval: 60, allowedPerInterval: 5, namespace: "storage:upload" }, // 5 per minute
     delete: { interval: 60, allowedPerInterval: 5, namespace: "storage:delete" }, // 5 per minute
   },
-} as const;
+};

apps/web/modules/ee/contacts/segments/lib/filter/prisma-query.test.ts

@@ -5,10 +5,14 @@ import { getSegment } from "../segments";
 import { segmentFilterToPrismaQuery } from "./prisma-query";
 
 const mockQueryRawUnsafe = vi.fn();
+const mockFindFirst = vi.fn();
 
 vi.mock("@formbricks/database", () => ({
   prisma: {
     $queryRawUnsafe: (...args: unknown[]) => mockQueryRawUnsafe(...args),
+    contactAttribute: {
+      findFirst: (...args: unknown[]) => mockFindFirst(...args),
+    },
   },
 }));
 
@@ -26,7 +30,9 @@ describe("segmentFilterToPrismaQuery", () => {
 
   beforeEach(() => {
     vi.clearAllMocks();
-    // Default mock: number filter raw SQL returns one matching contact
+    // Default: backfill is complete, no un-migrated rows
+    mockFindFirst.mockResolvedValue(null);
+    // Fallback path mock: raw SQL returns one matching contact when un-migrated rows exist
     mockQueryRawUnsafe.mockResolvedValue([{ contactId: "mock-contact-1" }]);
   });
 
@@ -145,7 +151,16 @@ describe("segmentFilterToPrismaQuery", () => {
             },
           },
         ],
-        OR: [{ id: { in: ["mock-contact-1"] } }],
+        OR: [
+          {
+            attributes: {
+              some: {
+                attributeKey: { key: "age" },
+                valueNumber: { gt: 30 },
+              },
+            },
+          },
+        ],
       });
     }
   });
@@ -757,7 +772,12 @@ describe("segmentFilterToPrismaQuery", () => {
       });
 
       expect(subgroup.AND[0].AND[2]).toStrictEqual({
-        id: { in: ["mock-contact-1"] },
+        attributes: {
+          some: {
+            attributeKey: { key: "age" },
+            valueNumber: { gte: 18 },
+          },
+        },
       });
 
       // Segment inclusion
@@ -1158,10 +1178,23 @@ describe("segmentFilterToPrismaQuery", () => {
         },
       });
 
-      // Second subgroup (numeric operators - now use raw SQL subquery returning contact IDs)
+      // Second subgroup (numeric operators - uses clean Prisma filter post-backfill)
       const secondSubgroup = whereClause.AND?.[0];
       expect(secondSubgroup.AND[1].AND).toContainEqual({
-        id: { in: ["mock-contact-1"] },
+        attributes: {
+          some: {
+            attributeKey: { key: "loginCount" },
+            valueNumber: { gt: 5 },
+          },
+        },
+      });
+      expect(secondSubgroup.AND[1].AND).toContainEqual({
+        attributes: {
+          some: {
+            attributeKey: { key: "purchaseAmount" },
+            valueNumber: { lte: 1000 },
+          },
+        },
       });
 
       // Third subgroup (negation operators in OR clause)
@@ -1638,8 +1671,15 @@ describe("segmentFilterToPrismaQuery", () => {
           mode: "insensitive",
         });
 
-        // Number filter uses raw SQL subquery (transition code) returning contact IDs
-        expect(andConditions[1]).toEqual({ id: { in: ["mock-contact-1"] } });
+        // Number filter uses clean Prisma filter post-backfill
+        expect(andConditions[1]).toEqual({
+          attributes: {
+            some: {
+              attributeKey: { key: "purchaseCount" },
+              valueNumber: { gt: 5 },
+            },
+          },
+        });
 
         // Date filter uses OR fallback with 'valueDate' and string 'value'
         expect((andConditions[2] as unknown as any).attributes.some.OR[0].valueDate).toHaveProperty("gte");

apps/web/modules/ee/contacts/segments/lib/filter/prisma-query.ts

@@ -116,59 +116,100 @@ const buildDateAttributeFilterWhereClause = (filter: TSegmentAttributeFilter): P
 
 /**
  * Builds a Prisma where clause for number attribute filters.
- * Uses a raw SQL subquery to handle both migrated rows (valueNumber populated)
- * and un-migrated rows (valueNumber NULL, value contains numeric string).
- * This is transition code for the deferred value backfill.
+ * Uses a clean Prisma query when all rows have valueNumber populated (post-backfill).
+ * Falls back to a raw SQL subquery for un-migrated rows (valueNumber NULL, value contains numeric string).
  *
  * TODO: After the backfill script has been run and all valueNumber columns are populated,
- * revert this to the clean Prisma-only version that queries valueNumber directly.
+ * remove the un-migrated fallback path entirely.
  */
 const buildNumberAttributeFilterWhereClause = async (
-  filter: TSegmentAttributeFilter
+  filter: TSegmentAttributeFilter,
+  environmentId: string
 ): Promise<Prisma.ContactWhereInput> => {
   const { root, qualifier, value } = filter;
   const { contactAttributeKey } = root;
   const { operator } = qualifier;
 
   const numericValue = typeof value === "number" ? value : Number(value);
-  const sqlOp = SQL_OPERATORS[operator];
 
-  if (!sqlOp) {
-    return {};
+  let valueNumberCondition: Prisma.FloatNullableFilter;
+
+  switch (operator) {
+    case "greaterThan":
+      valueNumberCondition = { gt: numericValue };
+      break;
+    case "greaterEqual":
+      valueNumberCondition = { gte: numericValue };
+      break;
+    case "lessThan":
+      valueNumberCondition = { lt: numericValue };
+      break;
+    case "lessEqual":
+      valueNumberCondition = { lte: numericValue };
+      break;
+    default:
+      return {};
   }
 
-  const matchingContactIds = await prisma.$queryRawUnsafe<{ contactId: string }[]>(
+  const migratedFilter: Prisma.ContactWhereInput = {
+    attributes: {
+      some: {
+        attributeKey: { key: contactAttributeKey },
+        valueNumber: valueNumberCondition,
+      },
+    },
+  };
+
+  const hasUnmigratedRows = await prisma.contactAttribute.findFirst({
+    where: {
+      attributeKey: {
+        key: contactAttributeKey,
+        environmentId,
+      },
+      valueNumber: null,
+    },
+    select: { id: true },
+  });
+
+  if (!hasUnmigratedRows) {
+    return migratedFilter;
+  }
+
+  const sqlOp = SQL_OPERATORS[operator];
+  const unmigratedMatchingIds = await prisma.$queryRawUnsafe<{ contactId: string }[]>(
     `
     SELECT DISTINCT ca."contactId"
     FROM "ContactAttribute" ca
     JOIN "ContactAttributeKey" cak ON ca."attributeKeyId" = cak.id
     WHERE cak.key = $1
-    AND (
-      (ca."valueNumber" IS NOT NULL AND ca."valueNumber" ${sqlOp} $2)
-      OR
-      (ca."valueNumber" IS NULL AND ca.value ~ $3 AND ca.value::double precision ${sqlOp} $2)
-    )
+    AND cak."environmentId" = $4
+    AND ca."valueNumber" IS NULL
+    AND ca.value ~ $3
+    AND ca.value::double precision ${sqlOp} $2
     `,
     contactAttributeKey,
     numericValue,
-    NUMBER_PATTERN_SQL
+    NUMBER_PATTERN_SQL,
+    environmentId
   );
 
-  const contactIds = matchingContactIds.map((r) => r.contactId);
-
-  if (contactIds.length === 0) {
-    // Return an impossible condition so the filter correctly excludes all contacts
-    return { id: "__NUMBER_FILTER_NO_MATCH__" };
+  if (unmigratedMatchingIds.length === 0) {
+    return migratedFilter;
   }
 
-  return { id: { in: contactIds } };
+  const contactIds = unmigratedMatchingIds.map((r) => r.contactId);
+
+  return {
+    OR: [migratedFilter, { id: { in: contactIds } }],
+  };
 };
 
 /**
  * Builds a Prisma where clause from a segment attribute filter
  */
 const buildAttributeFilterWhereClause = async (
-  filter: TSegmentAttributeFilter
+  filter: TSegmentAttributeFilter,
+  environmentId: string
 ): Promise<Prisma.ContactWhereInput> => {
   const { root, qualifier, value } = filter;
   const { contactAttributeKey } = root;
@@ -215,7 +256,7 @@ const buildAttributeFilterWhereClause = async (
 
   // Handle number operators
   if (["greaterThan", "greaterEqual", "lessThan", "lessEqual"].includes(operator)) {
-    return await buildNumberAttributeFilterWhereClause(filter);
+    return await buildNumberAttributeFilterWhereClause(filter, environmentId);
   }
 
   // For string operators, ensure value is a primitive (not an object or array)
@@ -253,7 +294,8 @@ const buildAttributeFilterWhereClause = async (
  * Builds a Prisma where clause from a person filter
  */
 const buildPersonFilterWhereClause = async (
-  filter: TSegmentPersonFilter
+  filter: TSegmentPersonFilter,
+  environmentId: string
 ): Promise<Prisma.ContactWhereInput> => {
   const { personIdentifier } = filter.root;
 
@@ -265,7 +307,7 @@ const buildPersonFilterWhereClause = async (
         contactAttributeKey: personIdentifier,
       },
     };
-    return await buildAttributeFilterWhereClause(personFilter);
+    return await buildAttributeFilterWhereClause(personFilter, environmentId);
   }
 
   return {};
@@ -314,6 +356,7 @@ const buildDeviceFilterWhereClause = (
 const buildSegmentFilterWhereClause = async (
   filter: TSegmentSegmentFilter,
   segmentPath: Set<string>,
+  environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
   const { root } = filter;
@@ -337,7 +380,7 @@ const buildSegmentFilterWhereClause = async (
   const newPath = new Set(segmentPath);
   newPath.add(segmentId);
 
-  return processFilters(segment.filters, newPath, deviceType);
+  return processFilters(segment.filters, newPath, environmentId, deviceType);
 };
 
 /**
@@ -346,19 +389,25 @@ const buildSegmentFilterWhereClause = async (
 const processSingleFilter = async (
   filter: TSegmentFilter,
   segmentPath: Set<string>,
+  environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
   const { root } = filter;
 
   switch (root.type) {
     case "attribute":
-      return await buildAttributeFilterWhereClause(filter as TSegmentAttributeFilter);
+      return await buildAttributeFilterWhereClause(filter as TSegmentAttributeFilter, environmentId);
     case "person":
-      return await buildPersonFilterWhereClause(filter as TSegmentPersonFilter);
+      return await buildPersonFilterWhereClause(filter as TSegmentPersonFilter, environmentId);
     case "device":
       return buildDeviceFilterWhereClause(filter as TSegmentDeviceFilter, deviceType);
     case "segment":
-      return await buildSegmentFilterWhereClause(filter as TSegmentSegmentFilter, segmentPath, deviceType);
+      return await buildSegmentFilterWhereClause(
+        filter as TSegmentSegmentFilter,
+        segmentPath,
+        environmentId,
+        deviceType
+      );
     default:
       return {};
   }
@@ -370,6 +419,7 @@ const processSingleFilter = async (
 const processFilters = async (
   filters: TBaseFilters,
   segmentPath: Set<string>,
+  environmentId: string,
   deviceType?: "phone" | "desktop"
 ): Promise<Prisma.ContactWhereInput> => {
   if (filters.length === 0) return {};
@@ -386,10 +436,10 @@ const processFilters = async (
     // Process the resource based on its type
     if (isResourceFilter(resource)) {
       // If it's a single filter, process it directly
-      whereClause = await processSingleFilter(resource, segmentPath, deviceType);
+      whereClause = await processSingleFilter(resource, segmentPath, environmentId, deviceType);
     } else {
       // If it's a group of filters, process it recursively
-      whereClause = await processFilters(resource, segmentPath, deviceType);
+      whereClause = await processFilters(resource, segmentPath, environmentId, deviceType);
     }
 
     if (Object.keys(whereClause).length === 0) continue;
@@ -432,7 +482,7 @@ export const segmentFilterToPrismaQuery = reactCache(
 
       // Initialize an empty stack for tracking the current evaluation path
       const segmentPath = new Set<string>([segmentId]);
-      const filtersWhereClause = await processFilters(filters, segmentPath, deviceType);
+      const filtersWhereClause = await processFilters(filters, segmentPath, environmentId, deviceType);
 
       const whereClause = {
         AND: [baseWhereClause, filtersWhereClause],

apps/web/modules/ui/components/survey/index.tsx

@@ -40,10 +40,7 @@ export const SurveyInline = (props: Omit<SurveyContainerProps, "containerId">) =
     isLoadingScript = true;
     try {
       const scriptUrl = props.appUrl ? `${props.appUrl}/js/surveys.umd.cjs` : "/js/surveys.umd.cjs";
-      const response = await fetch(
-        scriptUrl,
-        process.env.NODE_ENV === "development" ? { cache: "no-store" } : {}
-      );
+      const response = await fetch(scriptUrl);
 
       if (!response.ok) {
         throw new Error("Failed to load the surveys package");

charts/formbricks/templates/_helpers.tpl

@@ -7,10 +7,6 @@ It also truncates the name to a maximum of 63 characters and removes trailing hy
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
-{{- define "formbricks.hubname" -}}
-{{- printf "%s-hub" (include "formbricks.name" .) | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
 
 {{/*
 Define the application version to be used in labels.

charts/formbricks/templates/hub-deployment.yaml

@@ -1,55 +0,0 @@
-{{- if .Values.hub.enabled }}
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "formbricks.hubname" . }}
-  labels:
-    helm.sh/chart: {{ include "formbricks.chart" . }}
-    app.kubernetes.io/name: {{ include "formbricks.hubname" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: hub
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/part-of: {{ .Values.partOfOverride | default (include "formbricks.name" .) }}
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "formbricks.hubname" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "formbricks.hubname" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/component: hub
-    spec:
-      {{- if .Values.deployment.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml .Values.deployment.imagePullSecrets | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: hub
-          image: {{ .Values.hub.image.repository }}:{{ .Values.hub.image.tag | default "latest" }}
-          imagePullPolicy: {{ .Values.hub.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 8080
-              protocol: TCP
-          {{- if .Values.hub.existingSecret }}
-          envFrom:
-            - secretRef:
-                name: {{ .Values.hub.existingSecret }}
-          {{- end }}
-          {{- if .Values.hub.env }}
-          env:
-            {{- range $key, $value := .Values.hub.env }}
-            - name: {{ $key }}
-              value: {{ $value | quote }}
-            {{- end }}
-          {{- end }}
-          {{- if .Values.hub.resources }}
-          resources:
-            {{- toYaml .Values.hub.resources | nindent 12 }}
-          {{- end }}
-{{- end }}

charts/formbricks/templates/hub-migration-job.yaml

@@ -1,45 +0,0 @@
-{{- if and .Values.hub.enabled .Values.hub.existingSecret }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "formbricks.hubname" . }}-migration
-  labels:
-    helm.sh/chart: {{ include "formbricks.chart" . }}
-    app.kubernetes.io/name: {{ include "formbricks.hubname" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: hub-migration
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-  annotations:
-    helm.sh/hook: pre-install,pre-upgrade
-    helm.sh/hook-weight: "-5"
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-spec:
-  ttlSecondsAfterFinished: {{ .Values.hub.migration.ttlSecondsAfterFinished | default 300 }}
-  backoffLimit: {{ .Values.hub.migration.backoffLimit | default 3 }}
-  template:
-    metadata:
-      labels:
-        app.kubernetes.io/name: {{ include "formbricks.hubname" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/component: hub-migration
-    spec:
-      restartPolicy: Never
-      {{- if .Values.deployment.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml .Values.deployment.imagePullSecrets | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: hub-migrate
-          image: {{ .Values.hub.image.repository }}:{{ .Values.hub.image.tag | default "latest" }}
-          imagePullPolicy: {{ .Values.hub.image.pullPolicy }}
-          command:
-            - sh
-            - -c
-            - |
-              /usr/local/bin/goose -dir /app/migrations postgres "$DATABASE_URL" up && \
-              /usr/local/bin/river migrate-up --database-url "$DATABASE_URL"
-          envFrom:
-            - secretRef:
-                name: {{ .Values.hub.existingSecret }}
-{{- end }}

charts/formbricks/templates/hub-service.yaml

@@ -1,24 +0,0 @@
-{{- if .Values.hub.enabled }}
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "formbricks.hubname" . }}
-  labels:
-    helm.sh/chart: {{ include "formbricks.chart" . }}
-    app.kubernetes.io/name: {{ include "formbricks.hubname" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: hub
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-    app.kubernetes.io/part-of: {{ .Values.partOfOverride | default (include "formbricks.name" .) }}
-spec:
-  type: ClusterIP
-  selector:
-    app.kubernetes.io/name: {{ include "formbricks.hubname" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-  ports:
-    - name: http
-      port: 8080
-      targetPort: 8080
-      protocol: TCP
-{{- end }}

charts/formbricks/values.yaml

@@ -304,36 +304,6 @@ serviceMonitor:
       path: /metrics
       port: metrics
 
-##########################################################
-# Hub API Configuration
-# Formbricks Hub image: ghcr.io/formbricks/hub
-##########################################################
-hub:
-  enabled: true
-
-  image:
-    repository: "ghcr.io/formbricks/hub"
-    tag: "latest"
-    pullPolicy: IfNotPresent
-
-  # Secret containing API_KEY and DATABASE_URL for Hub. Use the same app secret (or same DATABASE_URL) to share the Formbricks database.
-  existingSecret: ""
-
-  # Optional env vars (non-secret). Use existingSecret for API_KEY and DATABASE_URL.
-  env: {}
-
-  # Migration job runs goose + river before Hub API starts (pre-install/pre-upgrade hook). Requires existingSecret with DATABASE_URL.
-  migration:
-    ttlSecondsAfterFinished: 300
-    backoffLimit: 3
-
-  resources:
-    limits:
-      memory: 512Mi
-    requests:
-      memory: 256Mi
-      cpu: "100m"
-
 ##########################################################
 # PostgreSQL Configuration
 ##########################################################

docker-compose.dev.yml

@@ -1,19 +1,14 @@
 services:
-  # PostgreSQL must load the vector library so Hub (and Formbricks) can use the pgvector extension.
   postgres:
     image: pgvector/pgvector:pg17
     volumes:
       - postgres:/var/lib/postgresql/data
-      - ./docker/postgres-init-dev:/docker-entrypoint-initdb.d:ro
     environment:
       - POSTGRES_DB=postgres
       - POSTGRES_USER=postgres
       - POSTGRES_PASSWORD=postgres
     ports:
       - 5432:5432
-    command: >
-      postgres
-      -c shared_preload_libraries=vector
 
   mailhog:
     image: arjenz/mailhog
@@ -41,36 +36,6 @@ services:
     volumes:
       - minio-data:/data
 
-  # Run Hub DB migrations (goose + river) before the API starts. Idempotent; runs on every compose up.
-  hub-migrate:
-    image: ghcr.io/formbricks/hub:latest
-    restart: "no"
-    entrypoint: ["sh", "-c"]
-    command: ["if [ -x /usr/local/bin/goose ] && [ -x /usr/local/bin/river ]; then /usr/local/bin/goose -dir /app/migrations postgres \"$$DATABASE_URL\" up && /usr/local/bin/river migrate-up --database-url \"$$DATABASE_URL\"; else echo 'Migration tools (goose/river) not in image, skipping migrations.'; fi"]
-    environment:
-      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/postgres?schema=public
-    depends_on:
-      - postgres
-
-  # Formbricks Hub API (ghcr.io/formbricks/hub). Shares the same Postgres database as Formbricks by default.
-  hub:
-    image: ghcr.io/formbricks/hub:latest
-    depends_on:
-      hub-migrate:
-        condition: service_completed_successfully
-    ports:
-      - "8080:8080"
-    environment:
-      API_KEY: ${HUB_API_KEY:-dev-api-key}
-      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/postgres?schema=public&sslmode=disable
-      # Explicit Postgres env so migrations and any libpq fallback use the service host, not localhost
-      PGHOST: postgres
-      PGPORT: "5432"
-      PGUSER: postgres
-      PGPASSWORD: postgres
-      PGDATABASE: postgres
-      PGSSLMODE: disable
-
 volumes:
   postgres:
     driver: local

docker/README.md

@@ -27,13 +27,3 @@ The script will prompt you for the following information:
 3. **Domain Name**: Enter the domain name that Traefik will use to create the SSL certificate and forward requests to Formbricks.
 
 That's it! After running the command and providing the required information, visit the domain name you entered, and you should see the Formbricks home wizard!
-
-## Formbricks Hub
-
-The stack includes the [Formbricks Hub](https://github.com/formbricks/hub) API (`ghcr.io/formbricks/hub`). Hub shares the same database as Formbricks by default.
-
-- **Migrations**: A `hub-migrate` service runs Hub’s database migrations (goose + river) before the Hub API starts. It runs on every `docker compose up` and is idempotent.
-- **Production** (`docker/docker-compose.yml`): Set `HUB_API_KEY` (required). Override `HUB_DATABASE_URL` only if you want Hub to use a separate database (default is the same Formbricks Postgres URL).
-- **Development** (`docker-compose.dev.yml`): Hub uses the same Postgres database; `API_KEY` defaults to `dev-api-key` (override with `HUB_API_KEY`).
-
-Hub listens on port **8080**.

docker/docker-compose.yml

@@ -245,33 +245,6 @@ services:
       - ./saml-connection:/home/nextjs/apps/web/saml-connection
     <<: *environment
 
-  # Run Hub DB migrations (goose + river) before the API starts. Uses same image; migrations are idempotent.
-  hub-migrate:
-    image: ghcr.io/formbricks/hub:latest
-    restart: "no"
-    entrypoint: ["sh", "-c"]
-    command: ["if [ -x /usr/local/bin/goose ] && [ -x /usr/local/bin/river ]; then /usr/local/bin/goose -dir /app/migrations postgres \"$$DATABASE_URL\" up && /usr/local/bin/river migrate-up --database-url \"$$DATABASE_URL\"; else echo 'Migration tools (goose/river) not in image, skipping migrations.'; fi"]
-    environment:
-      DATABASE_URL: ${HUB_DATABASE_URL:-postgresql://postgres:postgres@postgres:5432/formbricks?schema=public}
-    depends_on:
-      postgres:
-        condition: service_healthy
-
-  # Formbricks Hub API (ghcr.io/formbricks/hub). Set HUB_API_KEY. By default shares the Formbricks database; set HUB_DATABASE_URL to use a separate DB.
-  hub:
-    restart: always
-    image: ghcr.io/formbricks/hub:latest
-    depends_on:
-      hub-migrate:
-        condition: service_completed_successfully
-      postgres:
-        condition: service_healthy
-    ports:
-      - "8080:8080"
-    environment:
-      API_KEY: ${HUB_API_KEY:?HUB_API_KEY is required to run Hub}
-      DATABASE_URL: ${HUB_DATABASE_URL:-postgresql://postgres:postgres@postgres:5432/formbricks?schema=public}
-
 volumes:
   postgres:
     driver: local

docs/self-hosting/advanced/rate-limiting.mdx

@@ -1,94 +1,41 @@
 ---
 title: "Rate Limiting"
-description: "Current request rate limits in Formbricks"
+description: "Rate limiting for Formbricks"
 icon: "timer"
 ---
 
-Formbricks applies request rate limits to protect against abuse and keep API usage fair.
+To protect the platform from abuse and ensure fair usage, rate limiting is enforced by default on an IP-address basis. If a client exceeds the allowed number of requests within the specified time window, the API will return a `429 Too Many Requests` status code.
 
-Rate limits are scoped by identifier, depending on the endpoint:
+## Default Rate Limits
 
-- IP hash (for unauthenticated/client-side routes and public actions)
-- API key ID (for authenticated API calls)
-- User ID (for authenticated session-based calls and server actions)
-- Organization ID (for follow-up email dispatch)
+The following rate limits apply to various endpoints:
 
-When a limit is exceeded, the API returns `429 Too Many Requests`.
+| **Endpoint**            | **Rate Limit** | **Time Window** |
+| ----------------------- | -------------- | --------------- |
+| `POST /login`           | 30 requests    | 15 minutes      |
+| `POST /signup`          | 30 requests    | 60 minutes      |
+| `POST /verify-email`    | 10 requests    | 60 minutes      |
+| `POST /forgot-password` | 5 requests     | 60 minutes      |
+| `GET /client-side-api`  | 100 requests   | 1 minute        |
+| `POST /share`           | 100 requests   | 60 minutes      |
 
-## Management API Rate Limits
-
-These are the current limits for Management APIs:
-
-| **Route Group** | **Limit** | **Window** | **Identifier** |
-| --- | --- | --- | --- |
-| `/api/v1/management/*` (except `/api/v1/management/storage`), `/api/v1/webhooks/*`, `/api/v1/integrations/*`, `/api/v1/management/me` | 100 requests | 1 minute | API key ID or session user ID |
-| `/api/v2/management/*` (and other v2 authenticated routes that use `authenticatedApiClient`) | 100 requests | 1 minute | API key ID |
-| `POST /api/v1/management/storage` | 5 requests | 1 minute | API key ID or session user ID |
-
-## All Enforced Limits
-
-| **Config** | **Limit** | **Window** | **Identifier** | **Used For** |
-| --- | --- | --- | --- | --- |
-| `auth.login` | 10 requests | 15 minutes | IP hash | Email/password login flow (`/api/auth/callback/credentials`) |
-| `auth.signup` | 30 requests | 60 minutes | IP hash | Signup server action |
-| `auth.forgotPassword` | 5 requests | 60 minutes | IP hash | Forgot password server action |
-| `auth.verifyEmail` | 10 requests | 60 minutes | IP hash | Email verification callback + resend verification action |
-| `api.v1` | 100 requests | 1 minute | API key ID or session user ID | v1 management, webhooks, integrations, and `/api/v1/management/me` |
-| `api.v2` | 100 requests | 1 minute | API key ID | v2 authenticated API wrapper (`authenticatedApiClient`) |
-| `api.client` | 100 requests | 1 minute | IP hash | v1 client API routes (except `/api/v1/client/og` and storage upload override), plus v2 routes that re-use those v1 handlers |
-| `storage.upload` | 5 requests | 1 minute | IP hash or authenticated ID | Client storage upload and management storage upload |
-| `storage.delete` | 5 requests | 1 minute | API key ID or session user ID | `DELETE /storage/[environmentId]/[accessType]/[fileName]` |
-| `actions.emailUpdate` | 3 requests | 60 minutes | User ID | Profile email update action |
-| `actions.surveyFollowUp` | 50 requests | 60 minutes | Organization ID | Survey follow-up email processing |
-| `actions.sendLinkSurveyEmail` | 10 requests | 60 minutes | IP hash | Link survey email send action |
-| `actions.licenseRecheck` | 5 requests | 1 minute | User ID | Enterprise license recheck action |
-
-## Current Endpoint Exceptions
-
-The following routes are currently not rate-limited by the server-side limiter:
-
-- `GET /api/v1/client/og` (explicitly excluded)
-- `POST /api/v2/client/[environmentId]/responses`
-- `POST /api/v2/client/[environmentId]/displays`
-- `GET /api/v2/health`
-
-## 429 Response Shape
-
-v1-style endpoints return:
+If a request exceeds the defined rate limit, the server will respond with:
 
 ```json
 {
-  "code": "too_many_requests",
-  "message": "Maximum number of requests reached. Please try again later.",
-  "details": {}
-}
-```
-
-v2-style endpoints return:
-
-```json
-{
-  "error": {
-    "code": 429,
-    "message": "Too Many Requests"
-  }
+  "code": 429,
+  "error": "Too many requests, Please try after a while!"
 }
 ```
 
 ## Disabling Rate Limiting
 
-For self-hosters, rate limiting can be disabled if necessary. We strongly recommend keeping it enabled in production.
+For self-hosters, rate limiting can be disabled if necessary. However, we **strongly recommend keeping rate limiting enabled in production environments** to prevent abuse.
 
-Set:
+To disable rate limiting, set the following environment variable:
 
 ```bash
 RATE_LIMITING_DISABLED=1
 ```
 
-After changing this value, restart the server.
-
-## Operational Notes
-
-- Redis/Valkey is required for robust rate limiting (`REDIS_URL`).
-- If Redis is unavailable at runtime, rate-limiter checks currently fail open (requests are allowed through without enforcement).
-- Authentication failure audit logging uses a separate throttle (`shouldLogAuthFailure()`) and is intentionally **fail-closed**: when Redis is unavailable or errors occur, audit log entries are **skipped entirely** rather than written without throttle control. This prevents spam while preserving the hash-integrity chain required for compliance. In other words, if Redis is down, no authentication-failure audit logs will be recorded—requests themselves are still allowed (fail-open rate limiting above), but the audit trail for those failures will not be written.
+After making this change, restart your server to apply the new setting.

docs/xm-and-surveys/xm/best-practices/cancel-subscription.mdx

@@ -16,6 +16,8 @@ The Churn Survey is among the most effective ways to identify weaknesses in your
 
 * Follow-up to prevent bad reviews
 
+* Coming soon: Make survey mandatory
+
 ## Overview
 
 To run the Churn Survey in your app you want to proceed as follows:
@@ -78,6 +80,13 @@ Whenever a user visits this page, matches the filter conditions above and the re
 
 Here is our complete [Actions manual](/xm-and-surveys/surveys/website-app-surveys/actions/) covering [No-Code](/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-no-code-actions) and [Code](/xm-and-surveys/surveys/website-app-surveys/actions#setting-up-code-actions) Actions.
 
+<Note>
+  Pre-churn flow coming soon We’re currently building full-screen survey
+  pop-ups. You’ll be able to prevent users from closing the survey unless they
+  respond to it. It’s certainly debatable if you want that but you could force
+  them to click through the survey before letting them cancel 🤷
+</Note>
+
 ### 5. Select Action in the “When to ask” card
 
 ![Select feedback button action](/images/xm-and-surveys/xm/best-practices/cancel-subscription/select-action.webp)

docs/xm-and-surveys/xm/best-practices/improve-trial-cr.mdx

@@ -46,7 +46,13 @@ _Want to change the button color? Adjust it in the project settings!_
 
 Save, and move over to the **Audience** tab.
 
-### 3. Pre-segment your audience
+### 3. Pre-segment your audience (coming soon)
+
+<Note>
+### Filter by Attribute Coming Soon
+
+We're working on pre-segmenting users by attributes. This manual will be updated in the coming days.
+</Note>
 
 Pre-segmentation isn't needed for this survey since you likely want to target all users who cancel their trial. You can use a specific user action, like clicking **Cancel Trial**, to show the survey only to users trying your product.
 
@@ -56,13 +62,13 @@ How you trigger your survey depends on your product. There are two options:
 
 - **Trigger by Page view:** If you have a page like `/trial-cancelled` for users who cancel their trial subscription, create a user action with the type "Page View." Select "Limit to specific pages" and apply URL filters with these settings:
 
-![Add page URL action](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-pageurl.webp)
+![Change text content](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-pageurl.webp)
 
 Whenever a user visits this page, the survey will be displayed ✅
 
 - **Trigger by Button Click:** In a different case, you have a “Cancel Trial" button in your app. You can setup a user Action with the `Inner Text`:
 
-![Add inner text action](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-innertext.webp)
+![Change text content](/images/xm-and-surveys/xm/best-practices/improve-trial-cr/action-innertext.webp)
 
 Please have a look at our complete [Actions manual](/xm-and-surveys/surveys/website-app-surveys/actions) if you have questions.
 

docs/xm-and-surveys/xm/best-practices/interview-prompt.mdx

@@ -54,7 +54,13 @@ In the button settings you have to make sure it is set to “External URL”. In
 
 Save, and move over to the “Audience” tab.
 
-### 3. Pre-segment your audience
+### 3. Pre-segment your audience (coming soon)
+
+<Note>
+  ## Filter by attribute coming soon. We're working on pre-segmenting users by
+
+  attributes. We will update this manual in the next few days.
+</Note>
 
 Once you clicked over to the “Audience” tab you can change the settings. In the **Who To Send** card, select “Filter audience by attribute”. This allows you to only show the prompt to a specific segment of your user base.