chore(infra-updates): updates and fixes (#4976)

Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>
Co-authored-by: Johannes <johannes@formbricks.com>

.env.example

@@ -39,6 +39,7 @@ DATABASE_URL='postgresql://postgres:postgres@localhost:5432/formbricks?schema=pu
 # See optional configurations below if you want to disable these features.
 
 MAIL_FROM=noreply@example.com
+MAIL_FROM_NAME=Formbricks
 SMTP_HOST=localhost
 SMTP_PORT=1025
 # Enable SMTP_SECURE_ENABLED for TLS (port 465)
@@ -184,7 +185,7 @@ ENTERPRISE_LICENSE_KEY=
 UNSPLASH_ACCESS_KEY=
 
 # The below is used for Next Caching (uses In-Memory from Next Cache if not provided)
-# REDIS_URL=redis://localhost:6379
+REDIS_URL=redis://localhost:6379
 
 # The below is used for Rate Limiting (uses In-Memory LRU Cache if not provided) (You can use a service like Webdis for this)
 # REDIS_HTTP_URL:
@@ -202,4 +203,9 @@ UNKEY_ROOT_KEY=
 # AI_AZURE_LLM_DEPLOYMENT_ID=
 
 # NEXT_PUBLIC_INTERCOM_APP_ID=
-# INTERCOM_SECRET_KEY=
+# INTERCOM_SECRET_KEY=
+
+# Enable Prometheus metrics
+# PROMETHEUS_ENABLED=
+# PROMETHEUS_EXPORTER_PORT=
+

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,6 +1,7 @@
 name: Bug report
 description: "Found a bug? Please fill out the sections below. \U0001F44D"
 type: bug
+labels: ["bug"]
 body:
   - type: textarea
     id: issue-summary

.github/workflows/apply-issue-labels-to-pr.yml

@@ -5,6 +5,9 @@ on:
     types:
       - opened
 
+permissions:
+  contents: read
+
 jobs:
   label_on_pr:
     runs-on: ubuntu-latest
@@ -15,8 +18,13 @@ jobs:
       pull-requests: write
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Apply labels from linked issue to PR
-        uses: actions/github-script@v5
+        uses: actions/github-script@211cb3fefb35a799baa5156f9321bb774fe56294 # v5.2.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/build-web.yml

@@ -12,7 +12,12 @@ jobs:
     timeout-minutes: 30
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - uses: ./.github/actions/dangerous-git-checkout
 
       - name: Build & Cache Web Binaries

.github/workflows/chromatic.yml

@@ -11,19 +11,24 @@ jobs:
     name: Run Chromatic
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: 20
       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
       - name: Install dependencies
         run: pnpm install --config.platform=linux --config.architecture=x64
       - name: Run Chromatic
-        uses: chromaui/action@latest
+        uses: chromaui/action@c93e0bc3a63aa176e14a75b61a31847cbfdd341c # latest
         with:
           # ⚠️ Make sure to configure a `CHROMATIC_PROJECT_TOKEN` repository secret
           projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}

.github/workflows/cron-surveyStatusUpdate.yml

@@ -18,6 +18,11 @@ jobs:
       CRON_SECRET: ${{ secrets.CRON_SECRET }}
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
+
       - name: cURL request
         if: ${{ env.APP_URL && env.CRON_SECRET }}
         run: |

.github/workflows/cron-weeklySummary.yml

@@ -7,6 +7,9 @@ on:
   schedule:
     # Runs “At 08:00 on Monday.” (see https://crontab.guru)
     - cron: "0 8 * * 1"
+permissions:
+  contents: read
+
 jobs:
   cron-weeklySummary:
     permissions:
@@ -16,6 +19,10 @@ jobs:
       CRON_SECRET: ${{ secrets.CRON_SECRET }}
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481
+        with:
+          egress-policy: audit
       - name: cURL request
         if: ${{ env.APP_URL && env.CRON_SECRET }}
         run: |

.github/workflows/dependency-review.yml

@@ -0,0 +1,27 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

.github/workflows/e2e.yml

@@ -43,16 +43,21 @@ jobs:
           --health-timeout=5s
           --health-retries=5
     steps:
-      - uses: actions/checkout@v3
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - uses: ./.github/actions/dangerous-git-checkout
 
       - name: Setup Node.js 20.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
         with:
           node-version: 20.x
 
       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
 
       - name: Install dependencies
         run: pnpm install --config.platform=linux --config.architecture=x64
@@ -112,7 +117,7 @@ jobs:
 
       - name: Azure login
         if: env.AZURE_ENABLED == 'true'
-        uses: azure/login@v2
+        uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0
         with:
           client-id: ${{ secrets.AZURE_CLIENT_ID }}
           tenant-id: ${{ secrets.AZURE_TENANT_ID }}
@@ -130,7 +135,7 @@ jobs:
         run: |
           pnpm test:e2e
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           name: playwright-report

.github/workflows/labeler.yml

@@ -4,6 +4,9 @@ on:
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
+permissions:
+  contents: read
+
 jobs:
   labeler:
     name: Pull Request Labeler
@@ -12,7 +15,12 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/labeler@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/labeler@ac9175f8a1f3625fd0d4fb234536d26811351594 # v4.3.0
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
           # https://github.com/actions/labeler/issues/442#issuecomment-1297359481

.github/workflows/lint.yml

@@ -12,6 +12,11 @@ jobs:
     timeout-minutes: 15
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       - uses: ./.github/actions/dangerous-git-checkout
 

.github/workflows/pr.yml

@@ -50,6 +50,10 @@ jobs:
       checks: write
       statuses: write
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481
+        with:
+          egress-policy: audit
       - name: fail if conditional jobs failed
         if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'skipped') || contains(needs.*.result, 'cancelled')
         run: exit 1

.github/workflows/prepare-release.yml

@@ -18,6 +18,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
       - uses: ./.github/actions/dangerous-git-checkout

.github/workflows/release-changesets.yml

@@ -26,23 +26,28 @@ jobs:
       TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
       TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout Repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Setup Node.js 18.x
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
         with:
           node-version: 18.x
 
       - name: Install pnpm
-        uses: pnpm/action-setup@v2.2.4
+        uses: pnpm/action-setup@c3b53f6a16e57305370b4ae5a540c2077a1d50dd # v2.2.4
 
       - name: Install Dependencies
         run: pnpm install --config.platform=linux --config.architecture=x64
 
       - name: Create Release Pull Request or Publish to npm
         id: changesets
-        uses: changesets/action@v1
+        uses: changesets/action@c8bada60c408975afd1a20b3db81d6eee6789308 # v1.4.9
         with:
           # This expects you to have a script called release which does a build for your packages and calls changeset publish
           publish: pnpm release

.github/workflows/release-docker-github-experimental.yml

@@ -17,6 +17,9 @@ env:
   TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
   DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -28,23 +31,28 @@ jobs:
       id-token: write
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Set up Depot CLI
-        uses: depot/setup-action@v1
+        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
 
       # Install the cosign tool except on PR
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v3.5.0
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3 # v3.0.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -54,7 +62,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v5 # v5.0.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
@@ -62,7 +70,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: depot/build-push-action@v1
+        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
         with:
           project: tw0fqmsx3c
           token: ${{ secrets.DEPOT_PROJECT_TOKEN }}

.github/workflows/release-docker-github.yml

@@ -20,6 +20,9 @@ env:
   TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
   DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -31,23 +34,28 @@ jobs:
       id-token: write
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Set up Depot CLI
-        uses: depot/setup-action@v1
+        uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
 
       # Install the cosign tool except on PR
       # https://github.com/sigstore/cosign-installer
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v3.5.0
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3 # v3.0.0
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -57,7 +65,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v5 # v5.0.0
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
@@ -65,7 +73,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: depot/build-push-action@v1
+        uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0
         with:
           project: tw0fqmsx3c
           token: ${{ secrets.DEPOT_PROJECT_TOKEN }}

.github/workflows/release-docker.yml

@@ -5,6 +5,9 @@ on:
     tags:
       - "v*"
 
+permissions:
+  contents: read
+
 jobs:
   release-image-on-dockerhub:
     name: Release on Dockerhub
@@ -16,17 +19,22 @@ jobs:
       TURBO_TEAM: ${{ secrets.TURBO_TEAM }}
       DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout Repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
 
       - name: Log in to Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2.10.0
 
       - name: Get Release Tag
         id: extract_release_tag
@@ -36,7 +44,7 @@ jobs:
           echo "RELEASE_TAG=$TAG" >> $GITHUB_ENV
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1
         with:
           context: .
           file: ./apps/web/Dockerfile

.github/workflows/release-helm-chart.yml

@@ -0,0 +1,43 @@
+name: Publish Helm Chart
+
+on:
+  release:
+    types:
+      - published
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Extract release version
+        run: echo "VERSION=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: latest
+
+      - name: Log in to GitHub Container Registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin
+
+      - name: Install YQ
+        uses: dcarbone/install-yq-action@v1.3.1
+
+      - name: Update Chart.yaml with new version
+        run: |
+          yq -i ".version = \"${VERSION#v}\"" helm-chart/Chart.yaml
+          yq -i ".appVersion = \"${VERSION}\"" helm-chart/Chart.yaml
+
+      - name: Package Helm chart
+        run: |
+          helm package ./helm-chart
+
+      - name: Push Helm chart to GitHub Container Registry
+        run: |
+          helm push formbricks-${VERSION#v}.tgz oci://ghcr.io/formbricks/helm-charts

.github/workflows/scorecard.yml

@@ -34,6 +34,11 @@ jobs:
       # actions: read
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: "Checkout code"
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
@@ -71,6 +76,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d # v3.28.10
         with:
           sarif_file: results.sarif

.github/workflows/semantic-pull-requests.yml

@@ -16,7 +16,12 @@ jobs:
     name: PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@v5
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5.5.3
         id: lint_pr_title
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -35,7 +40,7 @@ jobs:
             revert
             ossgg
 
-      - uses: marocchino/sticky-pull-request-comment@v2
+      - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1
         # When the previous steps fails, the workflow would stop. By adding this
         # condition you can continue the execution with the populated error message.
         if: always() && (steps.lint_pr_title.outputs.error_message != null)
@@ -54,7 +59,7 @@ jobs:
 
       # Delete a previous comment when the issue has been resolved
       - if: ${{ steps.lint_pr_title.outputs.error_message == null }}
-        uses: marocchino/sticky-pull-request-comment@v2
+        uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1
         with:
           header: pr-title-lint-error
           message: |

.github/workflows/sonarqube.yml

@@ -14,7 +14,12 @@ jobs:
     name: SonarQube
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 

.github/workflows/terrafrom-plan-and-apply.yml

@@ -0,0 +1,69 @@
+name: 'Terraform'
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: write
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
+          aws-region: "eu-central-1"
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check -recursive
+        continue-on-error: true
+        working-directory: infra/terraform
+
+      - name: Terraform Init
+        id: init
+        run: terraform init
+        working-directory: infra/terraform
+
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate
+        working-directory: infra/terraform
+
+      - name: Terraform Plan
+        id: plan
+        run: terraform plan -out .planfile
+        working-directory: infra/terraform
+
+      - name: Post PR comment
+        uses: borchero/terraform-plan-comment@v2
+        if: always() && github.ref != 'refs/heads/main' && (steps.validate.outcome == 'success' || steps.validate.outcome == 'failure')
+        with:
+          token: ${{ github.token }}
+          planfile: .planfile
+          working-directory: "infra/terraform"
+          skip-comment: true
+
+      - name: Terraform Apply
+        id: apply
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+        run: terraform apply .planfile
+        working-directory: "infra/terraform"
+

.github/workflows/test.yml

@@ -1,6 +1,9 @@
 name: Tests
 on:
   workflow_call:
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Unit Tests
@@ -10,16 +13,21 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v3
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - uses: ./.github/actions/dangerous-git-checkout
 
       - name: Setup Node.js 20.x
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.2
         with:
           node-version: 20.x
 
       - name: Install pnpm
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0
 
       - name: Install dependencies
         run: pnpm install --config.platform=linux --config.architecture=x64

.github/workflows/tolgee-missing-key-check.yml

@@ -12,18 +12,23 @@ jobs:
   check-missing-translations:
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           ref: ${{ github.event.pull_request.base.ref }}
 
       - name: Checkout PR
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: 18
 

.github/workflows/tolgee.yml

@@ -15,8 +15,13 @@ jobs:
     if: github.event.pull_request.merged == true
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0 # This ensures we get the full git history
 
@@ -36,7 +41,7 @@ jobs:
           echo "Detected source branch: $SOURCE_BRANCH"
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
         with:
           node-version: 18 # Ensure compatibility with your project
 
@@ -51,7 +56,6 @@ jobs:
             --filter-tag "draft:${SOURCE_BRANCH}" \
             --tag production \
             --untag "draft:${SOURCE_BRANCH}"
-            --verbose
 
       - name: Tag unused production keys as Deprecated
         run: |
@@ -59,7 +63,6 @@ jobs:
             --api-key ${{ secrets.TOLGEE_API_KEY }} \
             --filter-not-extracted --filter-tag production \
             --tag deprecated --untag production
-            --verbose
 
       - name: Tag unused draft:current-branch keys as Deprecated
         run: |
@@ -67,7 +70,6 @@ jobs:
             --api-key ${{ secrets.TOLGEE_API_KEY }} \
             --filter-not-extracted --filter-tag "draft:${SOURCE_BRANCH}" \
             --tag deprecated --untag "draft:${SOURCE_BRANCH}"
-            --verbose
 
       - name: Sync with backup
         run: |
@@ -78,7 +80,7 @@ jobs:
             --yes
 
       - name: Upload backup as artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: tolgee-backup-${{ github.sha }}
           path: ./tolgee-backup

.github/workflows/welcome-new-contributors.yml

@@ -17,7 +17,12 @@ jobs:
     timeout-minutes: 10
     if: github.event.action == 'opened'
     steps:
-      - uses: actions/first-interaction@v1
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/first-interaction@3c71ce730280171fd1cfb57c00c774f8998586f7 # v1
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           pr-message: |-

.gitignore

@@ -55,3 +55,20 @@ apps/web/public/js
 packages/database/migrations
 branch.json
 .vercel
+
+# Terraform
+infra/terraform/.terraform/
+**/.terraform.lock.hcl
+**/terraform.tfstate
+**/terraform.tfstate.*
+**/crash.log
+**/override.tf
+**/override.tf.json
+**/*.tfvars
+**/*.tfvars.json
+**/.terraformrc
+**/terraform.rc
+
+# IntelliJ IDEA
+/.idea/
+/*.iml

.gitpod/init.bash

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-images=($(yq eval '.services.*.image' packages/database/docker-compose.yml))
+images=($(yq eval '.services.*.image' docker-compose.dev.yml))
 
 pull_image() {
   docker pull "$1"

apps/storybook/package.json

@@ -30,7 +30,7 @@
     "@typescript-eslint/eslint-plugin": "8.18.0",
     "@typescript-eslint/parser": "8.18.0",
     "@vitejs/plugin-react": "4.3.4",
-    "esbuild": "0.25.0",
+    "esbuild": "0.25.1",
     "eslint-plugin-storybook": "0.11.1",
     "prop-types": "15.8.1",
     "storybook": "8.4.7",

apps/web/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:22-alpine3.20 AS base
+FROM node:22-alpine3.20@sha256:40be979442621049f40b1d51a26b55e281246b5de4e5f51a18da7beb6e17e3f9 AS base
 
 #
 ## step 1: Prune monorepo

apps/web/app/(app)/(onboarding)/organizations/[organizationId]/projects/new/settings/components/ProjectSettings.tsx

@@ -231,6 +231,7 @@ export const ProjectSettings = ({
         <p className="text-sm text-slate-400">{t("common.preview")}</p>
         <div className="z-0 h-3/4 w-3/4">
           <SurveyInline
+            isPreviewMode={true}
             survey={previewSurvey(projectName || "my Product", t)}
             styling={{ brandColor: { light: brandColor } }}
             isBrandingEnabled={false}

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/actions.ts

@@ -1,25 +1,41 @@
 "use server";
 
-import { authOptions } from "@/modules/auth/lib/authOptions";
-import { getServerSession } from "next-auth";
-import { hasUserEnvironmentAccess } from "@formbricks/lib/environment/auth";
+import { authenticatedActionClient } from "@/lib/utils/action-client";
+import { checkAuthorizationUpdated } from "@/lib/utils/action-client-middleware";
+import { getOrganizationIdFromEnvironmentId, getProjectIdFromEnvironmentId } from "@/lib/utils/helper";
+import { z } from "zod";
 import { getSpreadsheetNameById } from "@formbricks/lib/googleSheet/service";
-import { AuthorizationError } from "@formbricks/types/errors";
-import { TIntegrationGoogleSheets } from "@formbricks/types/integration/google-sheet";
+import { ZIntegrationGoogleSheets } from "@formbricks/types/integration/google-sheet";
 
-export async function getSpreadsheetNameByIdAction(
-  googleSheetIntegration: TIntegrationGoogleSheets,
-  environmentId: string,
-  spreadsheetId: string
-) {
-  const session = await getServerSession(authOptions);
-  if (!session) throw new AuthorizationError("Not authorized");
+const ZGetSpreadsheetNameByIdAction = z.object({
+  googleSheetIntegration: ZIntegrationGoogleSheets,
+  environmentId: z.string(),
+  spreadsheetId: z.string(),
+});
 
-  const isAuthorized = await hasUserEnvironmentAccess(session.user.id, environmentId);
-  if (!isAuthorized) throw new AuthorizationError("Not authorized");
-  const integrationData = structuredClone(googleSheetIntegration);
-  integrationData.config.data.forEach((data) => {
-    data.createdAt = new Date(data.createdAt);
+export const getSpreadsheetNameByIdAction = authenticatedActionClient
+  .schema(ZGetSpreadsheetNameByIdAction)
+  .action(async ({ ctx, parsedInput }) => {
+    await checkAuthorizationUpdated({
+      userId: ctx.user.id,
+      organizationId: await getOrganizationIdFromEnvironmentId(parsedInput.environmentId),
+      access: [
+        {
+          type: "organization",
+          roles: ["owner", "manager"],
+        },
+        {
+          type: "projectTeam",
+          projectId: await getProjectIdFromEnvironmentId(parsedInput.environmentId),
+          minPermission: "readWrite",
+        },
+      ],
+    });
+
+    const integrationData = structuredClone(parsedInput.googleSheetIntegration);
+    integrationData.config.data.forEach((data) => {
+      data.createdAt = new Date(data.createdAt);
+    });
+
+    return await getSpreadsheetNameById(integrationData, parsedInput.spreadsheetId);
   });
-  return await getSpreadsheetNameById(integrationData, spreadsheetId);
-}

apps/web/app/(app)/environments/[environmentId]/integrations/google-sheets/components/AddIntegrationModal.tsx

@@ -8,6 +8,7 @@ import {
   isValidGoogleSheetsUrl,
 } from "@/app/(app)/environments/[environmentId]/integrations/google-sheets/lib/util";
 import GoogleSheetLogo from "@/images/googleSheetsLogo.png";
+import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { AdditionalIntegrationSettings } from "@/modules/ui/components/additional-integration-settings";
 import { Button } from "@/modules/ui/components/button";
 import { Checkbox } from "@/modules/ui/components/checkbox";
@@ -115,11 +116,18 @@ export const AddIntegrationModal = ({
         throw new Error(t("environments.integrations.select_at_least_one_question_error"));
       }
       const spreadsheetId = extractSpreadsheetIdFromUrl(spreadsheetUrl);
-      const spreadsheetName = await getSpreadsheetNameByIdAction(
+      const spreadsheetNameResponse = await getSpreadsheetNameByIdAction({
         googleSheetIntegration,
         environmentId,
-        spreadsheetId
-      );
+        spreadsheetId,
+      });
+
+      if (!spreadsheetNameResponse?.data) {
+        const errorMessage = getFormattedErrorMessage(spreadsheetNameResponse);
+        throw new Error(errorMessage);
+      }
+
+      const spreadsheetName = spreadsheetNameResponse.data;
 
       setIsLinkingSheet(true);
       integrationData.spreadsheetId = spreadsheetId;

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/components/EditAlerts.tsx

@@ -27,7 +27,7 @@ export const EditAlerts = ({
   return (
     <>
       {memberships.map((membership) => (
-        <>
+        <div key={membership.organization.id}>
           <div className="mb-5 grid grid-cols-6 items-center space-x-3">
             <div className="col-span-3 flex items-center space-x-3">
               <UsersIcon className="h-6 w-7 text-slate-600" />
@@ -110,7 +110,7 @@ export const EditAlerts = ({
               </Link>
             </p>
           </div>
-        </>
+        </div>
       ))}
     </>
   );

apps/web/app/(app)/environments/[environmentId]/settings/(account)/notifications/components/EditWeeklySummary.tsx

@@ -18,7 +18,7 @@ export const EditWeeklySummary = ({ memberships, user, environmentId }: EditAler
   return (
     <>
       {memberships.map((membership) => (
-        <>
+        <div key={membership.organization.id}>
           <div className="mb-5 flex items-center space-x-3 text-sm font-medium">
             <UsersIcon className="h-6 w-7 text-slate-600" />
 
@@ -52,7 +52,7 @@ export const EditWeeklySummary = ({ memberships, user, environmentId }: EditAler
               </Link>
             </p>
           </div>
-        </>
+        </div>
       ))}
     </>
   );

apps/web/app/(app)/environments/[environmentId]/settings/(account)/profile/page.tsx

@@ -9,8 +9,10 @@ import { UpgradePrompt } from "@/modules/ui/components/upgrade-prompt";
 import { getTranslate } from "@/tolgee/server";
 import { getServerSession } from "next-auth";
 import { IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
-import { getOrganizationsWhereUserIsSingleOwner } from "@formbricks/lib/organization/service";
-import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/service";
+import {
+  getOrganizationByEnvironmentId,
+  getOrganizationsWhereUserIsSingleOwner,
+} from "@formbricks/lib/organization/service";
 import { getUser } from "@formbricks/lib/user/service";
 import { SettingsCard } from "../../components/SettingsCard";
 import { DeleteAccount } from "./components/DeleteAccount";
@@ -71,7 +73,9 @@ const Page = async (props: { params: Promise<{ environmentId: string }> }) => {
                   description={t("environments.settings.profile.two_factor_authentication_description")}
                   buttons={[
                     {
-                      text: t("common.start_free_trial"),
+                      text: IS_FORMBRICKS_CLOUD
+                        ? t("common.start_free_trial")
+                        : t("common.request_trial_license"),
                       href: IS_FORMBRICKS_CLOUD
                         ? `/environments/${params.environmentId}/settings/billing`
                         : "https://formbricks.com/upgrade-self-hosting-license",

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/AppTab.tsx

@@ -1,11 +1,12 @@
 "use client";
 
+import { MobileAppTab } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/MobileAppTab";
+import { WebAppTab } from "@/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/WebAppTab";
 import { OptionsSwitch } from "@/modules/ui/components/options-switch";
 import { useTranslate } from "@tolgee/react";
-import Link from "next/link";
 import { useState } from "react";
 
-export const AppTab = ({ environmentId }) => {
+export const AppTab = () => {
   const { t } = useTranslate();
   const [selectedTab, setSelectedTab] = useState("webapp");
 
@@ -20,79 +21,7 @@ export const AppTab = ({ environmentId }) => {
         handleOptionChange={(value) => setSelectedTab(value)}
       />
 
-      <div className="mt-4">
-        {selectedTab === "webapp" ? <WebAppTab environmentId={environmentId} /> : <MobileAppTab />}
-      </div>
-    </div>
-  );
-};
-
-const MobileAppTab = () => {
-  const { t } = useTranslate();
-  return (
-    <div>
-      <p className="text-lg font-semibold text-slate-800">
-        {t("environments.surveys.summary.how_to_embed_a_survey_on_your_react_native_app")}
-      </p>
-      <ol className="mt-4 list-decimal space-y-2 pl-5 text-sm text-slate-700">
-        <li>
-          {t("common.follow_these")}{" "}
-          <Link
-            href="https://formbricks.com/docs/developer-docs/react-native-in-app-surveys"
-            target="_blank"
-            className="decoration-brand-dark font-medium underline underline-offset-2">
-            {t("environments.surveys.summary.setup_instructions_for_react_native_apps")}
-          </Link>{" "}
-          {t("environments.surveys.summary.to_connect_your_app_with_formbricks")}
-        </li>
-      </ol>
-      <div className="mt-2 text-sm italic text-slate-700">
-        {t("environments.surveys.summary.were_working_on_sdks_for_flutter_swift_and_kotlin")}
-      </div>
-    </div>
-  );
-};
-
-const WebAppTab = ({ environmentId }) => {
-  const { t } = useTranslate();
-  return (
-    <div>
-      <p className="text-lg font-semibold text-slate-800">
-        {t("environments.surveys.summary.how_to_embed_a_survey_on_your_web_app")}
-      </p>
-      <ol className="mt-4 list-decimal space-y-2 pl-5 text-sm text-slate-700">
-        <li>
-          {t("common.follow_these")}{" "}
-          <Link
-            href={`/environments/${environmentId}/project/app-connection`}
-            target="_blank"
-            className="decoration-brand-dark font-medium underline underline-offset-2">
-            {t("environments.surveys.summary.setup_instructions")}
-          </Link>{" "}
-          {t("environments.surveys.summary.to_connect_your_web_app_with_formbricks")}
-        </li>
-        <li>
-          {t("environments.surveys.summary.learn_how_to")}{" "}
-          <Link
-            href="https://formbricks.com/docs/app-surveys/user-identification"
-            target="_blank"
-            className="decoration-brand-dark font-medium underline underline-offset-2">
-            {t("environments.surveys.summary.identify_users_and_set_attributes")}
-          </Link>{" "}
-          {t("environments.surveys.summary.to_run_highly_targeted_surveys")}.
-        </li>
-        <li>
-          {t("environments.surveys.summary.make_sure_the_survey_type_is_set_to")}{" "}
-          <b>{t("common.app_survey")}</b>
-        </li>
-        <li>{t("environments.surveys.summary.define_when_and_where_the_survey_should_pop_up")}</li>
-      </ol>
-      <div className="mt-4">
-        <video autoPlay loop muted className="w-full rounded-xl border border-slate-200">
-          <source src="/video/tooltips/change-survey-type-app.mp4" type="video/mp4" />
-          {t("environments.surveys.summary.unsupported_video_tag_warning")}
-        </video>
-      </div>
+      <div className="mt-4">{selectedTab === "webapp" ? <WebAppTab /> : <MobileAppTab />}</div>
     </div>
   );
 };

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/EmbedView.tsx

@@ -88,7 +88,7 @@ export const EmbedView = ({
               locale={locale}
             />
           ) : activeId === "app" ? (
-            <AppTab environmentId={environmentId} />
+            <AppTab />
           ) : null}
           <div className="mt-2 rounded-md p-3 text-center lg:hidden">
             {tabs.slice(0, 2).map((tab) => (

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/MobileAppTab.tsx

@@ -0,0 +1,25 @@
+"use client";
+
+import { Alert, AlertDescription, AlertTitle } from "@/modules/ui/components/alert";
+import { Button } from "@/modules/ui/components/button";
+import { useTranslate } from "@tolgee/react";
+import Link from "next/link";
+
+export const MobileAppTab = () => {
+  const { t } = useTranslate();
+  return (
+    <Alert>
+      <AlertTitle>{t("environments.surveys.summary.quickstart_mobile_apps")}</AlertTitle>
+      <AlertDescription>
+        {t("environments.surveys.summary.quickstart_mobile_apps_description")}
+        <Button asChild className="w-fit" size="sm" variant="link">
+          <Link
+            href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/framework-guides"
+            target="_blank">
+            {t("common.learn_more")}
+          </Link>
+        </Button>
+      </AlertDescription>
+    </Alert>
+  );
+};

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/PanelInfoView.tsx

@@ -85,8 +85,10 @@ export const PanelInfoView = ({ disableBack, handleInitialPageButton }: PanelInf
             </p>
           </div>
           <Button className="justify-center" asChild>
-            <Link href="https://formbricks.com/docs/link-surveys/market-research-panel" target="_blank">
-              {t("common.get_started")}
+            <Link
+              href="https://formbricks.com/docs/xm-and-surveys/surveys/link-surveys/market-research-panel"
+              target="_blank">
+              {t("common.learn_more")}
             </Link>
           </Button>
         </div>

apps/web/app/(app)/environments/[environmentId]/surveys/[surveyId]/(analysis)/summary/components/shareEmbedModal/WebAppTab.tsx

@@ -0,0 +1,25 @@
+"use client";
+
+import { Alert, AlertDescription, AlertTitle } from "@/modules/ui/components/alert";
+import { Button } from "@/modules/ui/components/button";
+import { useTranslate } from "@tolgee/react";
+import Link from "next/link";
+
+export const WebAppTab = () => {
+  const { t } = useTranslate();
+  return (
+    <Alert>
+      <AlertTitle>{t("environments.surveys.summary.quickstart_web_apps")}</AlertTitle>
+      <AlertDescription>
+        {t("environments.surveys.summary.quickstart_web_apps_description")}
+        <Button asChild className="w-fit" size="sm" variant="link">
+          <Link
+            href="https://formbricks.com/docs/xm-and-surveys/surveys/website-app-surveys/quickstart"
+            target="_blank">
+            {t("common.learn_more")}
+          </Link>
+        </Button>
+      </AlertDescription>
+    </Alert>
+  );
+};

apps/web/cache-handler.mjs

@@ -11,7 +11,7 @@ const createTimeoutPromise = (ms, rejectReason) => {
 CacheHandler.onCreation(async () => {
   let client;
 
-  if (process.env.REDIS_URL && process.env.ENTERPRISE_LICENSE_KEY) {
+  if (process.env.REDIS_URL) {
     try {
       // Create a Redis client.
       client = createClient({
@@ -45,8 +45,6 @@ CacheHandler.onCreation(async () => {
           });
       }
     }
-  } else if (process.env.REDIS_URL) {
-    console.log("Redis clustering requires an Enterprise License. Falling back to LRU cache.");
   }
 
   /** @type {import("@neshca/cache-handler").Handler | null} */

apps/web/instrumentation-node.ts

@@ -0,0 +1,58 @@
+// instrumentation-node.ts
+import { PrometheusExporter } from "@opentelemetry/exporter-prometheus";
+import { HostMetrics } from "@opentelemetry/host-metrics";
+import { registerInstrumentations } from "@opentelemetry/instrumentation";
+import { HttpInstrumentation } from "@opentelemetry/instrumentation-http";
+import { RuntimeNodeInstrumentation } from "@opentelemetry/instrumentation-runtime-node";
+import {
+  Resource,
+  detectResourcesSync,
+  envDetector,
+  hostDetector,
+  processDetector,
+} from "@opentelemetry/resources";
+import { MeterProvider } from "@opentelemetry/sdk-metrics";
+import { env } from "@formbricks/lib/env";
+
+const exporter = new PrometheusExporter({
+  port: env.PROMETHEUS_EXPORTER_PORT ? parseInt(env.PROMETHEUS_EXPORTER_PORT) : 9464,
+  endpoint: "/metrics",
+  host: "0.0.0.0", // Listen on all network interfaces
+});
+
+const detectedResources = detectResourcesSync({
+  detectors: [envDetector, processDetector, hostDetector],
+});
+
+const customResources = new Resource({});
+
+const resources = detectedResources.merge(customResources);
+
+const meterProvider = new MeterProvider({
+  readers: [exporter],
+  resource: resources,
+});
+
+const hostMetrics = new HostMetrics({
+  name: `otel-metrics`,
+  meterProvider,
+});
+
+registerInstrumentations({
+  meterProvider,
+  instrumentations: [new HttpInstrumentation(), new RuntimeNodeInstrumentation()],
+});
+
+hostMetrics.start();
+
+process.on("SIGTERM", async () => {
+  try {
+    // Stop collecting metrics or flush them if needed
+    await meterProvider.shutdown();
+    // Possibly close other instrumentation resources
+  } catch (e) {
+    console.error("Error during graceful shutdown:", e);
+  } finally {
+    process.exit(0);
+  }
+});

apps/web/instrumentation.ts

@@ -1,25 +1,8 @@
-import { registerOTel } from "@vercel/otel";
-import { LangfuseExporter } from "langfuse-vercel";
 import { env } from "@formbricks/lib/env";
 
-export async function register() {
-  if (env.LANGFUSE_SECRET_KEY && env.LANGFUSE_PUBLIC_KEY && env.LANGFUSE_BASEURL) {
-    registerOTel({
-      serviceName: "formbricks-cloud-dev",
-      traceExporter: new LangfuseExporter({
-        debug: false,
-        secretKey: env.LANGFUSE_SECRET_KEY,
-        publicKey: env.LANGFUSE_PUBLIC_KEY,
-        baseUrl: env.LANGFUSE_BASEURL,
-      }),
-    });
+// instrumentation.ts
+export const register = async () => {
+  if (process.env.NEXT_RUNTIME === "nodejs" && env.PROMETHEUS_ENABLED) {
+    await import("./instrumentation-node");
   }
-
-  if (process.env.NEXT_RUNTIME === "nodejs") {
-    await import("./sentry.server.config");
-  }
-
-  if (process.env.NEXT_RUNTIME === "edge") {
-    await import("./sentry.edge.config");
-  }
-}
+};

apps/web/modules/ee/contacts/components/upload-contacts-button.tsx

@@ -360,13 +360,11 @@ export const UploadContactsCSVButton = ({
               )}
             </div>
             {!csvResponse.length && (
-              <p>
-                <a
-                  onClick={handleDownloadExampleCSV}
-                  className="cursor-pointer text-right text-sm text-slate-500">
-                  {t("environments.contacts.upload_contacts_modal_download_example_csv")}{" "}
-                </a>
-              </p>
+              <div className="flex justify-start">
+                <Button onClick={handleDownloadExampleCSV} variant="secondary">
+                  {t("environments.contacts.upload_contacts_modal_download_example_csv")}
+                </Button>
+              </div>
             )}
           </div>
 

apps/web/modules/ee/contacts/page.tsx

@@ -95,7 +95,7 @@ export const ContactsPage = async ({
             description={t("environments.contacts.unlock_contacts_description")}
             buttons={[
               {
-                text: t("common.start_free_trial"),
+                text: IS_FORMBRICKS_CLOUD ? t("common.start_free_trial") : t("common.request_trial_license"),
                 href: IS_FORMBRICKS_CLOUD
                   ? `/environments/${params.environmentId}/settings/billing`
                   : "https://formbricks.com/upgrade-self-hosting-license",

apps/web/modules/ee/contacts/segments/page.tsx

@@ -100,7 +100,7 @@ export const SegmentsPage = async ({
             description={t("environments.segments.unlock_segments_description")}
             buttons={[
               {
-                text: t("common.start_free_trial"),
+                text: IS_FORMBRICKS_CLOUD ? t("common.start_free_trial") : t("common.request_trial_license"),
                 href: IS_FORMBRICKS_CLOUD
                   ? `/environments/${params.environmentId}/settings/billing`
                   : "https://formbricks.com/upgrade-self-hosting-license",

apps/web/modules/ee/languages/loading.tsx

@@ -11,7 +11,7 @@ export const LanguagesLoading = () => {
   const { t } = useTranslate();
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
+      <PageHeader pageTitle={t("common.project_configuration")}>
         <ProjectConfigNavigation activeId="languages" loading />
       </PageHeader>
       <SettingsCard

apps/web/modules/ee/languages/page.tsx

@@ -1,9 +1,6 @@
 import { SettingsCard } from "@/app/(app)/environments/[environmentId]/settings/components/SettingsCard";
 import { authOptions } from "@/modules/auth/lib/authOptions";
-import {
-  getMultiLanguagePermission,
-  getRoleManagementPermission,
-} from "@/modules/ee/license-check/lib/utils";
+import { getMultiLanguagePermission } from "@/modules/ee/license-check/lib/utils";
 import { EditLanguage } from "@/modules/ee/multi-language-surveys/components/edit-language";
 import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
 import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
@@ -12,7 +9,7 @@ import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getTranslate } from "@/tolgee/server";
 import { getServerSession } from "next-auth";
-import { notFound } from "next/navigation";
+import { IS_FORMBRICKS_CLOUD } from "@formbricks/lib/constants";
 import { getMembershipByUserIdOrganizationId } from "@formbricks/lib/membership/service";
 import { getAccessFlags } from "@formbricks/lib/membership/utils";
 import { getOrganization } from "@formbricks/lib/organization/service";
@@ -35,11 +32,6 @@ export const LanguagesPage = async (props: { params: Promise<{ environmentId: st
   }
 
   const isMultiLanguageAllowed = await getMultiLanguagePermission(organization.billing.plan);
-  if (!isMultiLanguageAllowed) {
-    notFound();
-  }
-
-  const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
 
   const session = await getServerSession(authOptions);
 
@@ -63,18 +55,20 @@ export const LanguagesPage = async (props: { params: Promise<{ environmentId: st
 
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
-        <ProjectConfigNavigation
-          environmentId={params.environmentId}
-          activeId="languages"
-          isMultiLanguageAllowed={isMultiLanguageAllowed}
-          canDoRoleManagement={canDoRoleManagement}
-        />
+      <PageHeader pageTitle={t("common.project_configuration")}>
+        <ProjectConfigNavigation environmentId={params.environmentId} activeId="languages" />
       </PageHeader>
       <SettingsCard
         title={t("environments.project.languages.multi_language_surveys")}
         description={t("environments.project.languages.multi_language_surveys_description")}>
-        <EditLanguage project={project} locale={user.locale} isReadOnly={isReadOnly} />
+        <EditLanguage
+          project={project}
+          locale={user.locale}
+          isReadOnly={isReadOnly}
+          isMultiLanguageAllowed={isMultiLanguageAllowed}
+          environmentId={params.environmentId}
+          isFormbricksCloud={IS_FORMBRICKS_CLOUD}
+        />
       </SettingsCard>
     </PageContentWrapper>
   );

apps/web/modules/ee/multi-language-surveys/components/edit-language.tsx

@@ -4,9 +4,9 @@ import { getFormattedErrorMessage } from "@/lib/utils/helper";
 import { Alert, AlertDescription } from "@/modules/ui/components/alert";
 import { Button } from "@/modules/ui/components/button";
 import { ConfirmationModal } from "@/modules/ui/components/confirmation-modal";
+import { ModalButton, UpgradePrompt } from "@/modules/ui/components/upgrade-prompt";
 import { Language } from "@prisma/client";
-import { useTranslate } from "@tolgee/react";
-import { TFnType } from "@tolgee/react";
+import { TFnType, useTranslate } from "@tolgee/react";
 import { PlusIcon } from "lucide-react";
 import { useEffect, useState } from "react";
 import { toast } from "react-hot-toast";
@@ -26,6 +26,9 @@ interface EditLanguageProps {
   project: TProject;
   locale: TUserLocale;
   isReadOnly: boolean;
+  isMultiLanguageAllowed: boolean;
+  environmentId: string;
+  isFormbricksCloud: boolean;
 }
 
 const checkIfDuplicateExists = (arr: string[]) => {
@@ -57,7 +60,7 @@ const validateLanguages = (languages: Language[], t: TFnType) => {
     return false;
   }
 
-  // Check if the chosen alias matches an ISO identifier of a language that hasn’t been added
+  // Check if the chosen alias matches an ISO identifier of a language that hasn't been added
   for (const alias of languageAliases) {
     if (iso639Languages.some((language) => language.alpha2 === alias && !languageCodes.includes(alias))) {
       toast.error(t("environments.project.languages.conflict_between_selected_alias_and_another_language"), {
@@ -70,7 +73,14 @@ const validateLanguages = (languages: Language[], t: TFnType) => {
   return true;
 };
 
-export function EditLanguage({ project, locale, isReadOnly }: EditLanguageProps) {
+export function EditLanguage({
+  project,
+  locale,
+  isReadOnly,
+  isMultiLanguageAllowed,
+  environmentId,
+  isFormbricksCloud,
+}: EditLanguageProps) {
   const { t } = useTranslate();
   const [languages, setLanguages] = useState<Language[]>(project.languages);
   const [isEditing, setIsEditing] = useState(false);
@@ -150,6 +160,21 @@ export function EditLanguage({ project, locale, isReadOnly }: EditLanguageProps)
     setIsEditing(false);
   };
 
+  const buttons: [ModalButton, ModalButton] = [
+    {
+      text: isFormbricksCloud ? t("common.start_free_trial") : t("common.request_trial_license"),
+      href: isFormbricksCloud
+        ? `/environments/${environmentId}/settings/billing`
+        : "https://formbricks.com/upgrade-self-hosting-license",
+    },
+    {
+      text: t("common.learn_more"),
+      href: isFormbricksCloud
+        ? `/environments/${environmentId}/settings/billing`
+        : "https://formbricks.com/learn-more-self-hosting-license",
+    },
+  ];
+
   const handleSaveChanges = async () => {
     if (!validateLanguages(languages, t)) return;
     await Promise.all(
@@ -179,63 +204,75 @@ export function EditLanguage({ project, locale, isReadOnly }: EditLanguageProps)
     ) : null;
 
   return (
-    <div className="flex flex-col space-y-4">
-      <div className="space-y-4">
-        {languages.length > 0 ? (
-          <>
-            <LanguageLabels />
-            {languages.map((language, index) => (
-              <LanguageRow
-                index={index}
-                isEditing={isEditing}
-                key={language.id}
-                language={language}
-                locale={locale}
-                onDelete={() => handleDeleteLanguage(language.id)}
-                onLanguageChange={(newLanguage: Language) => {
-                  const updatedLanguages = [...languages];
-                  updatedLanguages[index] = newLanguage;
-                  setLanguages(updatedLanguages);
-                }}
-              />
-            ))}
-          </>
-        ) : (
-          <p className="text-sm italic text-slate-500">
-            {t("environments.project.languages.no_language_found")}
-          </p>
-        )}
-        <AddLanguageButton onClick={handleAddLanguage} />
-      </div>
-      <EditSaveButtons
-        isEditing={isEditing}
-        onCancel={handleCancelChanges}
-        disabled={isReadOnly}
-        onEdit={() => {
-          setIsEditing(true);
-        }}
-        onSave={handleSaveChanges}
-        t={t}
-      />
-      {isReadOnly && (
-        <Alert variant="warning" className="mt-4">
-          <AlertDescription>
-            {t("common.only_owners_managers_and_manage_access_members_can_perform_this_action")}
-          </AlertDescription>
-        </Alert>
+    <>
+      {isMultiLanguageAllowed ? (
+        <div className="flex flex-col space-y-4">
+          <div className="space-y-4">
+            {languages.length > 0 ? (
+              <>
+                <LanguageLabels />
+                {languages.map((language, index) => (
+                  <LanguageRow
+                    index={index}
+                    isEditing={isEditing}
+                    key={language.id}
+                    language={language}
+                    locale={locale}
+                    onDelete={() => handleDeleteLanguage(language.id)}
+                    onLanguageChange={(newLanguage: Language) => {
+                      const updatedLanguages = [...languages];
+                      updatedLanguages[index] = newLanguage;
+                      setLanguages(updatedLanguages);
+                    }}
+                  />
+                ))}
+              </>
+            ) : (
+              <p className="text-sm italic text-slate-500">
+                {t("environments.project.languages.no_language_found")}
+              </p>
+            )}
+            <AddLanguageButton onClick={handleAddLanguage} />
+          </div>
+          <EditSaveButtons
+            isEditing={isEditing}
+            onCancel={handleCancelChanges}
+            disabled={isReadOnly}
+            onEdit={() => {
+              setIsEditing(true);
+            }}
+            onSave={handleSaveChanges}
+            t={t}
+          />
+          {isReadOnly && (
+            <Alert variant="warning" className="mt-4">
+              <AlertDescription>
+                {t("common.only_owners_managers_and_manage_access_members_can_perform_this_action")}
+              </AlertDescription>
+            </Alert>
+          )}
+          <ConfirmationModal
+            buttonText={t("environments.project.languages.remove_language")}
+            isButtonDisabled={confirmationModal.isButtonDisabled}
+            onConfirm={() => performLanguageDeletion(confirmationModal.languageId)}
+            open={confirmationModal.isOpen}
+            setOpen={() => {
+              setConfirmationModal((prev) => ({ ...prev, isOpen: !prev.isOpen }));
+            }}
+            text={confirmationModal.text}
+            title={t("environments.project.languages.remove_language")}
+          />
+        </div>
+      ) : (
+        <UpgradePrompt
+          title={t("environments.settings.general.use_multi_language_surveys_with_a_higher_plan")}
+          description={t(
+            "environments.settings.general.use_multi_language_surveys_with_a_higher_plan_description"
+          )}
+          buttons={buttons}
+        />
       )}
-      <ConfirmationModal
-        buttonText={t("environments.project.languages.remove_language")}
-        isButtonDisabled={confirmationModal.isButtonDisabled}
-        onConfirm={() => performLanguageDeletion(confirmationModal.languageId)}
-        open={confirmationModal.isOpen}
-        setOpen={() => {
-          setConfirmationModal((prev) => ({ ...prev, isOpen: !prev.isOpen }));
-        }}
-        text={confirmationModal.text}
-        title={t("environments.project.languages.remove_language")}
-      />
-    </div>
+    </>
   );
 }
 

apps/web/modules/ee/multi-language-surveys/components/multi-language-card.tsx

@@ -230,7 +230,9 @@ export const MultiLanguageCard: FC<MultiLanguageCardProps> = ({
                 description={t("environments.surveys.edit.upgrade_notice_description")}
                 buttons={[
                   {
-                    text: t("common.start_free_trial"),
+                    text: isFormbricksCloud
+                      ? t("common.start_free_trial")
+                      : t("common.request_trial_license"),
                     href: isFormbricksCloud
                       ? `/environments/${environmentId}/settings/billing`
                       : "https://formbricks.com/docs/self-hosting/license#30-day-trial-license-request",

apps/web/modules/ee/teams/project-teams/loading.tsx

@@ -0,0 +1,36 @@
+"use client";
+
+import { ProjectConfigNavigation } from "@/modules/projects/settings/components/project-config-navigation";
+import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
+import { PageHeader } from "@/modules/ui/components/page-header";
+import { useTranslate } from "@tolgee/react";
+
+export const TeamsLoading = () => {
+  const { t } = useTranslate();
+
+  return (
+    <PageContentWrapper>
+      <PageHeader pageTitle={t("common.project_configuration")}>
+        <ProjectConfigNavigation activeId="teams" loading />
+      </PageHeader>
+      <div className="p-4">
+        <div className="mb-4">
+          <div className="h-6 w-1/3 animate-pulse rounded bg-slate-200" />
+        </div>
+        <div className="space-y-4">
+          {[...Array(3)].map((_, idx) => (
+            <div
+              key={idx}
+              className="flex animate-pulse items-center space-x-4 rounded border border-slate-200 p-4">
+              <div className="h-10 w-10 rounded-full bg-slate-300" />
+              <div className="flex-1 space-y-2">
+                <div className="h-4 w-3/4 rounded bg-slate-200" />
+                <div className="h-4 w-1/2 rounded bg-slate-200" />
+              </div>
+            </div>
+          ))}
+        </div>
+      </div>
+    </PageContentWrapper>
+  );
+};

apps/web/modules/ee/teams/project-teams/page.tsx

@@ -1,8 +1,4 @@
 import { authOptions } from "@/modules/auth/lib/authOptions";
-import {
-  getMultiLanguagePermission,
-  getRoleManagementPermission,
-} from "@/modules/ee/license-check/lib/utils";
 import { AccessView } from "@/modules/ee/teams/project-teams/components/access-view";
 import { ProjectConfigNavigation } from "@/modules/projects/settings/components/project-config-navigation";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
@@ -37,9 +33,6 @@ export const ProjectTeams = async (props: { params: Promise<{ environmentId: str
   const currentUserMembership = await getMembershipByUserIdOrganizationId(session?.user.id, organization.id);
   const { isOwner, isManager } = getAccessFlags(currentUserMembership?.role);
 
-  const isMultiLanguageAllowed = await getMultiLanguagePermission(organization.billing.plan);
-  const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
-
   const teams = await getTeamsByProjectId(project.id);
 
   if (!teams) {
@@ -50,13 +43,8 @@ export const ProjectTeams = async (props: { params: Promise<{ environmentId: str
 
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
-        <ProjectConfigNavigation
-          environmentId={params.environmentId}
-          activeId="teams"
-          isMultiLanguageAllowed={isMultiLanguageAllowed}
-          canDoRoleManagement={canDoRoleManagement}
-        />
+      <PageHeader pageTitle={t("common.project_configuration")}>
+        <ProjectConfigNavigation environmentId={params.environmentId} activeId="teams" />
       </PageHeader>
       <AccessView environmentId={params.environmentId} teams={teams} isOwnerOrManager={isOwnerOrManager} />
     </PageContentWrapper>

apps/web/modules/ee/teams/team-list/components/teams-view.tsx

@@ -37,7 +37,7 @@ export const TeamsView = async ({
 
   const buttons: [ModalButton, ModalButton] = [
     {
-      text: t("common.start_free_trial"),
+      text: IS_FORMBRICKS_CLOUD ? t("common.start_free_trial") : t("common.request_trial_license"),
       href: IS_FORMBRICKS_CLOUD
         ? `/environments/${environmentId}/settings/billing`
         : "https://formbricks.com/docs/self-hosting/license#30-day-trial-license-request",

apps/web/modules/ee/whitelabel/email-customization/components/email-customization-settings.tsx

@@ -162,7 +162,7 @@ export const EmailCustomizationSettings = ({
 
   const buttons: [ModalButton, ModalButton] = [
     {
-      text: t("common.start_free_trial"),
+      text: isFormbricksCloud ? t("common.start_free_trial") : t("common.request_trial_license"),
       href: isFormbricksCloud
         ? `/environments/${environmentId}/settings/billing`
         : "https://formbricks.com/upgrade-self-hosting-license",

apps/web/modules/ee/whitelabel/remove-branding/components/branding-settings-card.tsx

@@ -23,7 +23,7 @@ export const BrandingSettingsCard = async ({
 
   const buttons: [ModalButton, ModalButton] = [
     {
-      text: t("common.start_free_trial"),
+      text: IS_FORMBRICKS_CLOUD ? t("common.start_free_trial") : t("common.request_trial_license"),
       href: IS_FORMBRICKS_CLOUD
         ? `/environments/${environmentId}/settings/billing`
         : "https://formbricks.com/upgrade-self-hosting-license",

apps/web/modules/email/index.tsx

@@ -6,6 +6,7 @@ import type SMTPTransport from "nodemailer/lib/smtp-transport";
 import {
   DEBUG,
   MAIL_FROM,
+  MAIL_FROM_NAME,
   SMTP_AUTHENTICATED,
   SMTP_HOST,
   SMTP_PASSWORD,
@@ -69,7 +70,7 @@ export const sendEmail = async (emailData: SendEmailDataProps): Promise<boolean>
     } as SMTPTransport.Options);
 
     const emailDefaults = {
-      from: `Formbricks <${MAIL_FROM ?? "noreply@formbricks.com"}>`,
+      from: `${MAIL_FROM_NAME ?? "Formbricks"} <${MAIL_FROM ?? "noreply@formbricks.com"}>`,
     };
     await transporter.sendMail({ ...emailDefaults, ...emailData });
 

apps/web/modules/projects/settings/(setup)/app-connection/loading.tsx

@@ -35,7 +35,7 @@ export const AppConnectionLoading = () => {
 
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
+      <PageHeader pageTitle={t("common.project_configuration")}>
         <ProjectConfigNavigation activeId="app-connection" loading />
       </PageHeader>
       <div className="mt-4 flex max-w-4xl animate-pulse items-center space-y-4 rounded-lg border bg-blue-50 p-6 text-sm text-blue-900 shadow-sm md:space-y-0 md:text-base"></div>

apps/web/modules/projects/settings/(setup)/app-connection/page.tsx

@@ -1,9 +1,5 @@
 import { WidgetStatusIndicator } from "@/app/(app)/environments/[environmentId]/components/WidgetStatusIndicator";
 import { SettingsCard } from "@/app/(app)/environments/[environmentId]/settings/components/SettingsCard";
-import {
-  getMultiLanguagePermission,
-  getRoleManagementPermission,
-} from "@/modules/ee/license-check/lib/utils";
 import { EnvironmentIdField } from "@/modules/projects/settings/(setup)/components/environment-id-field";
 import { SetupInstructions } from "@/modules/projects/settings/(setup)/components/setup-instructions";
 import { ProjectConfigNavigation } from "@/modules/projects/settings/components/project-config-navigation";
@@ -31,18 +27,10 @@ export const AppConnectionPage = async (props) => {
     throw new Error(t("common.organization_not_found"));
   }
 
-  const isMultiLanguageAllowed = await getMultiLanguagePermission(organization.billing.plan);
-  const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
-
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
-        <ProjectConfigNavigation
-          environmentId={params.environmentId}
-          activeId="app-connection"
-          isMultiLanguageAllowed={isMultiLanguageAllowed}
-          canDoRoleManagement={canDoRoleManagement}
-        />
+      <PageHeader pageTitle={t("common.project_configuration")}>
+        <ProjectConfigNavigation environmentId={params.environmentId} activeId="app-connection" />
       </PageHeader>
       <div className="space-y-4">
         <EnvironmentNotice environmentId={params.environmentId} subPageUrl="/project/app-connection" />

apps/web/modules/projects/settings/api-keys/loading.tsx

@@ -42,7 +42,7 @@ export const APIKeysLoading = () => {
   const { t } = useTranslate();
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
+      <PageHeader pageTitle={t("common.project_configuration")}>
         <ProjectConfigNavigation activeId="api-keys" loading />
       </PageHeader>
       <div className="mt-4 flex max-w-4xl animate-pulse items-center space-y-4 rounded-lg border bg-blue-50 p-6 text-sm text-blue-900 shadow-sm md:space-y-0 md:text-base"></div>

apps/web/modules/projects/settings/api-keys/page.tsx

@@ -1,9 +1,5 @@
 import { SettingsCard } from "@/app/(app)/environments/[environmentId]/settings/components/SettingsCard";
 import { authOptions } from "@/modules/auth/lib/authOptions";
-import {
-  getMultiLanguagePermission,
-  getRoleManagementPermission,
-} from "@/modules/ee/license-check/lib/utils";
 import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
 import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
 import { ProjectConfigNavigation } from "@/modules/projects/settings/components/project-config-navigation";
@@ -53,18 +49,10 @@ export const APIKeysPage = async (props) => {
 
   const isReadOnly = isMember && !hasManageAccess;
 
-  const isMultiLanguageAllowed = await getMultiLanguagePermission(organization.billing.plan);
-  const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
-
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
-        <ProjectConfigNavigation
-          environmentId={params.environmentId}
-          activeId="api-keys"
-          isMultiLanguageAllowed={isMultiLanguageAllowed}
-          canDoRoleManagement={canDoRoleManagement}
-        />
+      <PageHeader pageTitle={t("common.project_configuration")}>
+        <ProjectConfigNavigation environmentId={params.environmentId} activeId="api-keys" />
       </PageHeader>
       <EnvironmentNotice environmentId={environment.id} subPageUrl="/project/api-keys" />
       {environment.type === "development" ? (

apps/web/modules/projects/settings/components/project-config-navigation.tsx

@@ -8,17 +8,13 @@ import { usePathname } from "next/navigation";
 interface ProjectConfigNavigationProps {
   activeId: string;
   environmentId?: string;
-  isMultiLanguageAllowed?: boolean;
   loading?: boolean;
-  canDoRoleManagement?: boolean;
 }
 
 export const ProjectConfigNavigation = ({
   activeId,
   environmentId,
-  isMultiLanguageAllowed,
   loading,
-  canDoRoleManagement,
 }: ProjectConfigNavigationProps) => {
   const { t } = useTranslate();
   const pathname = usePathname();
@@ -43,7 +39,6 @@ export const ProjectConfigNavigation = ({
       label: t("common.survey_languages"),
       icon: <LanguagesIcon className="h-5 w-5" />,
       href: `/environments/${environmentId}/project/languages`,
-      hidden: !isMultiLanguageAllowed,
       current: pathname?.includes("/languages"),
     },
     {
@@ -70,8 +65,8 @@ export const ProjectConfigNavigation = ({
     {
       id: "teams",
       label: t("common.team_access"),
+      icon: <UsersIcon className="h-5 w-5" />,
       href: `/environments/${environmentId}/project/teams`,
-      hidden: !canDoRoleManagement,
       current: pathname?.includes("/teams"),
     },
   ];

apps/web/modules/projects/settings/general/loading.tsx

@@ -28,7 +28,7 @@ export const GeneralSettingsLoading = () => {
 
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
+      <PageHeader pageTitle={t("common.project_configuration")}>
         <ProjectConfigNavigation activeId="general" loading />
       </PageHeader>
       {cards.map((card, index) => (

apps/web/modules/projects/settings/general/page.tsx

@@ -1,9 +1,5 @@
 import { SettingsCard } from "@/app/(app)/environments/[environmentId]/settings/components/SettingsCard";
 import { authOptions } from "@/modules/auth/lib/authOptions";
-import {
-  getMultiLanguagePermission,
-  getRoleManagementPermission,
-} from "@/modules/ee/license-check/lib/utils";
 import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
 import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
 import { ProjectConfigNavigation } from "@/modules/projects/settings/components/project-config-navigation";
@@ -51,21 +47,12 @@ export const GeneralSettingsPage = async (props: { params: Promise<{ environment
 
   const isReadOnly = isMember && !hasManageAccess;
 
-  const isMultiLanguageAllowed = await getMultiLanguagePermission(organization.billing.plan);
-  const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
-
   const isOwnerOrManager = isOwner || isManager;
 
   return (
     <PageContentWrapper>
       <PageHeader pageTitle={t("common.project_configuration")}>
-        {/* </PageHeader><PageHeader pageTitle={t("common.configuration")}> */}
-        <ProjectConfigNavigation
-          environmentId={params.environmentId}
-          activeId="general"
-          isMultiLanguageAllowed={isMultiLanguageAllowed}
-          canDoRoleManagement={canDoRoleManagement}
-        />
+        <ProjectConfigNavigation environmentId={params.environmentId} activeId="general" />
       </PageHeader>
       <SettingsCard
         title={t("common.project_name")}

apps/web/modules/projects/settings/layout.tsx

@@ -9,7 +9,7 @@ import { getOrganizationByEnvironmentId } from "@formbricks/lib/organization/ser
 import { getProjectByEnvironmentId } from "@formbricks/lib/project/service";
 
 export const metadata: Metadata = {
-  title: "Config",
+  title: "Configuration",
 };
 
 export const ProjectSettingsLayout = async (props) => {

apps/web/modules/projects/settings/look/loading.tsx

@@ -24,7 +24,7 @@ export const ProjectLookSettingsLoading = () => {
   const { t } = useTranslate();
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
+      <PageHeader pageTitle={t("common.project_configuration")}>
         <ProjectConfigNavigation activeId="look" loading />
       </PageHeader>
       <SettingsCard

apps/web/modules/projects/settings/look/page.tsx

@@ -1,10 +1,6 @@
 import { SettingsCard } from "@/app/(app)/environments/[environmentId]/settings/components/SettingsCard";
 import { authOptions } from "@/modules/auth/lib/authOptions";
-import {
-  getMultiLanguagePermission,
-  getRoleManagementPermission,
-  getWhiteLabelPermission,
-} from "@/modules/ee/license-check/lib/utils";
+import { getWhiteLabelPermission } from "@/modules/ee/license-check/lib/utils";
 import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
 import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
 import { BrandingSettingsCard } from "@/modules/ee/whitelabel/remove-branding/components/branding-settings-card";
@@ -51,18 +47,10 @@ export const ProjectLookSettingsPage = async (props: { params: Promise<{ environ
 
   const isReadOnly = isMember && !hasManageAccess;
 
-  const isMultiLanguageAllowed = await getMultiLanguagePermission(organization.billing.plan);
-  const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
-
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
-        <ProjectConfigNavigation
-          environmentId={params.environmentId}
-          activeId="look"
-          isMultiLanguageAllowed={isMultiLanguageAllowed}
-          canDoRoleManagement={canDoRoleManagement}
-        />
+      <PageHeader pageTitle={t("common.project_configuration")}>
+        <ProjectConfigNavigation environmentId={params.environmentId} activeId="look" />
       </PageHeader>
       <SettingsCard
         title={t("environments.project.look.theme")}

apps/web/modules/projects/settings/tags/loading.tsx

@@ -10,7 +10,7 @@ export const TagsLoading = () => {
   const { t } = useTranslate();
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
+      <PageHeader pageTitle={t("common.project_configuration")}>
         <ProjectConfigNavigation activeId="tags" />
       </PageHeader>
       <SettingsCard

apps/web/modules/projects/settings/tags/page.tsx

@@ -1,9 +1,5 @@
 import { SettingsCard } from "@/app/(app)/environments/[environmentId]/settings/components/SettingsCard";
 import { authOptions } from "@/modules/auth/lib/authOptions";
-import {
-  getMultiLanguagePermission,
-  getRoleManagementPermission,
-} from "@/modules/ee/license-check/lib/utils";
 import { getProjectPermissionByUserId } from "@/modules/ee/teams/lib/roles";
 import { getTeamPermissionFlags } from "@/modules/ee/teams/utils/teams";
 import { ProjectConfigNavigation } from "@/modules/projects/settings/components/project-config-navigation";
@@ -59,18 +55,10 @@ export const TagsPage = async (props) => {
 
   const isReadOnly = isMember && !hasManageAccess;
 
-  const isMultiLanguageAllowed = await getMultiLanguagePermission(organization.billing.plan);
-  const canDoRoleManagement = await getRoleManagementPermission(organization.billing.plan);
-
   return (
     <PageContentWrapper>
-      <PageHeader pageTitle={t("common.configuration")}>
-        <ProjectConfigNavigation
-          environmentId={params.environmentId}
-          activeId="tags"
-          isMultiLanguageAllowed={isMultiLanguageAllowed}
-          canDoRoleManagement={canDoRoleManagement}
-        />
+      <PageHeader pageTitle={t("common.project_configuration")}>
+        <ProjectConfigNavigation environmentId={params.environmentId} activeId="tags" />
       </PageHeader>
       <SettingsCard
         title={t("environments.project.tags.manage_tags")}

apps/web/modules/survey/editor/components/survey-editor.tsx

@@ -243,7 +243,6 @@ export const SurveyEditor = ({
             environment={environment}
             previewType={localSurvey.type === "app" ? "modal" : "fullwidth"}
             languageCode={selectedLanguageCode}
-            onFileUpload={async (file) => file.name}
           />
         </aside>
       </div>

apps/web/modules/survey/editor/components/targeting-locked-card.tsx

@@ -43,7 +43,7 @@ export const TargetingLockedCard = ({ isFormbricksCloud, environmentId }: Target
             description={t("environments.surveys.edit.unlock_targeting_description")}
             buttons={[
               {
-                text: t("common.start_free_trial"),
+                text: isFormbricksCloud ? t("common.start_free_trial") : t("common.request_trial_license"),
                 href: isFormbricksCloud
                   ? `/environments/${environmentId}/settings/billing`
                   : "https://formbricks.com/upgrade-self-hosting-license",

apps/web/modules/survey/link/components/legal-footer.tsx

@@ -21,7 +21,7 @@ export const LegalFooter = ({
 
   return (
     <div className="absolute bottom-0 z-[1500] h-10 w-full" role="contentinfo">
-      <div className="mx-auto flex h-full max-w-lg items-center justify-center p-2 text-center text-xs text-slate-500">
+      <div className="mx-auto flex h-full max-w-2xl items-center justify-center p-2 text-center text-xs text-slate-500">
         {IMPRINT_URL && (
           <Link href={IMPRINT_URL} target="_blank" className="hover:underline" tabIndex={-1}>
             {t("common.imprint")}

apps/web/modules/survey/link/components/link-survey-wrapper.tsx

@@ -80,7 +80,7 @@ export const LinkSurveyWrapper = ({
           onBackgroundLoaded={handleBackgroundLoaded}>
           <div className="flex max-h-dvh min-h-dvh items-center justify-center overflow-clip">
             {!styling.isLogoHidden && project.logo?.url && <ClientLogo projectLogo={project.logo} />}
-            <div className="h-full w-full max-w-lg space-y-6 px-1.5">
+            <div className="h-full w-full max-w-4xl space-y-6 px-1.5">
               {isPreview && (
                 <div className="fixed left-0 top-0 flex w-full items-center justify-between bg-slate-600 p-2 px-4 text-center text-sm text-white shadow-sm">
                   <div />

apps/web/modules/survey/link/components/link-survey.tsx

@@ -170,14 +170,14 @@ export const LinkSurvey = ({
       PRIVACY_URL={PRIVACY_URL}
       isBrandingEnabled={project.linkSurveyBranding}>
       <SurveyInline
-        apiHost={!isPreview ? webAppUrl : undefined}
-        environmentId={!isPreview ? survey.environmentId : undefined}
+        apiHost={webAppUrl}
+        environmentId={survey.environmentId}
+        isPreviewMode={isPreview}
         survey={survey}
         styling={determineStyling()}
         languageCode={languageCode}
         isBrandingEnabled={project.linkSurveyBranding}
         shouldResetQuestionId={false}
-        onFileUpload={isPreview ? async (file) => `https://formbricks.com/${file.name}` : undefined}
         // eslint-disable-next-line jsx-a11y/no-autofocus -- need it as focus behaviour is different in normal surveys and survey preview
         autoFocus={autoFocus}
         prefillResponseData={prefillValue}

apps/web/modules/survey/templates/components/template-container.tsx

@@ -84,7 +84,6 @@ export const TemplateContainerWithPreview = ({
               project={project}
               environment={environment}
               languageCode={"default"}
-              onFileUpload={async (file) => file.name}
             />
           )}
         </aside>

apps/web/modules/ui/components/icons/slack-icon.tsx

@@ -8,8 +8,8 @@ export const SlackIcon: React.FC<React.SVGProps<SVGSVGElement>> = (props) => {
       fill="none"
       stroke="currentColor"
       strokeWidth="2"
-      stroke-linecap="round"
-      stroke-linejoin="round"
+      strokeLinecap="round"
+      strokeLinejoin="round"
       {...props}>
       <rect width="3" height="8" x="13" y="2" rx="1.5" />
       <path d="M19 8.5V10h1.5A1.5 1.5 0 1 0 19 8.5" />

apps/web/modules/ui/components/media-background/index.tsx

@@ -166,7 +166,7 @@ export const MediaBackground: React.FC<MediaBackgroundProps> = ({
     return (
       <div
         ref={ContentRef}
-        className={`relative h-[90%] max-h-[40rem] w-[22rem] overflow-hidden rounded-[3rem] border-[6px] border-slate-400 ${getFilterStyle()}`}>
+        className={`relative h-[90%] max-h-[42rem] w-[22rem] overflow-hidden rounded-[3rem] border-[6px] border-slate-400 ${getFilterStyle()}`}>
         {/* below element is use to create notch for the mobile device mockup   */}
         <div className="absolute left-1/2 right-1/2 top-2 z-20 h-4 w-1/3 -translate-x-1/2 transform rounded-full bg-slate-400"></div>
         {surveyType === "link" && renderBackground()}

apps/web/modules/ui/components/preview-survey/index.tsx

@@ -9,9 +9,7 @@ import { useTranslate } from "@tolgee/react";
 import { Variants, motion } from "framer-motion";
 import { ExpandIcon, MonitorIcon, ShrinkIcon, SmartphoneIcon } from "lucide-react";
 import { useCallback, useEffect, useMemo, useRef, useState } from "react";
-import { TJsFileUploadParams } from "@formbricks/types/js";
 import { TProjectStyling } from "@formbricks/types/project";
-import { TUploadFileConfig } from "@formbricks/types/storage";
 import { TSurvey, TSurveyQuestionId, TSurveyStyling } from "@formbricks/types/surveys/types";
 import { Modal } from "./components/modal";
 import { TabOption } from "./components/tab-option";
@@ -25,7 +23,6 @@ interface PreviewSurveyProps {
   project: Project;
   environment: Pick<Environment, "id" | "appSetupCompleted">;
   languageCode: string;
-  onFileUpload: (file: TJsFileUploadParams["file"], config?: TUploadFileConfig) => Promise<string>;
 }
 
 let surveyNameTemp: string;
@@ -66,7 +63,6 @@ export const PreviewSurvey = ({
   project,
   environment,
   languageCode,
-  onFileUpload,
 }: PreviewSurveyProps) => {
   const [isModalOpen, setIsModalOpen] = useState(true);
   const [isFullScreenPreview, setIsFullScreenPreview] = useState(false);
@@ -265,11 +261,11 @@ export const PreviewSurvey = ({
                   borderRadius={styling?.roundness ?? 8}
                   background={styling?.cardBackgroundColor?.light}>
                   <SurveyInline
+                    isPreviewMode={true}
                     survey={survey}
                     isBrandingEnabled={project.inAppSurveyBranding}
                     isRedirectDisabled={true}
                     languageCode={languageCode}
-                    onFileUpload={onFileUpload}
                     styling={styling}
                     isCardBorderVisible={!styling.highlightBorderColor?.light}
                     onClose={handlePreviewModalClose}
@@ -288,9 +284,9 @@ export const PreviewSurvey = ({
                   </div>
                   <div className="z-10 w-full max-w-md rounded-lg border border-transparent">
                     <SurveyInline
+                      isPreviewMode={true}
                       survey={{ ...survey, type: "link" }}
                       isBrandingEnabled={project.linkSurveyBranding}
-                      onFileUpload={onFileUpload}
                       languageCode={languageCode}
                       responseCount={42}
                       styling={styling}
@@ -367,11 +363,11 @@ export const PreviewSurvey = ({
                 borderRadius={styling.roundness ?? 8}
                 background={styling.cardBackgroundColor?.light}>
                 <SurveyInline
+                  isPreviewMode={true}
                   survey={survey}
                   isBrandingEnabled={project.inAppSurveyBranding}
                   isRedirectDisabled={true}
                   languageCode={languageCode}
-                  onFileUpload={onFileUpload}
                   styling={styling}
                   isCardBorderVisible={!styling.highlightBorderColor?.light}
                   onClose={handlePreviewModalClose}
@@ -392,12 +388,12 @@ export const PreviewSurvey = ({
                     <ClientLogo environmentId={environment.id} projectLogo={project.logo} previewSurvey />
                   )}
                 </div>
-                <div className="z-0 w-full max-w-lg rounded-lg border-transparent">
+                <div className="z-0 w-full max-w-4xl rounded-lg border-transparent">
                   <SurveyInline
+                    isPreviewMode={true}
                     survey={{ ...survey, type: "link" }}
                     isBrandingEnabled={project.linkSurveyBranding}
                     isRedirectDisabled={true}
-                    onFileUpload={onFileUpload}
                     languageCode={languageCode}
                     responseCount={42}
                     styling={styling}

apps/web/modules/ui/components/secondary-navigation/index.tsx

@@ -16,77 +16,72 @@ interface SecondaryNavbarProps {
 export const SecondaryNavigation = ({ navigation, activeId, loading, ...props }: SecondaryNavbarProps) => {
   return (
     <div {...props}>
-      <div className="grid h-10 w-full grid-cols-[auto,1fr]">
-        <nav className="flex h-full min-w-full items-center space-x-4" aria-label="Tabs">
-          {loading
-            ? navigation.map((navElem) => (
-                <div className="group flex h-full flex-col" key={navElem.id}>
-                  <div
-                    aria-disabled="true"
-                    className={cn(
-                      navElem.id === activeId ? "font-semibold text-slate-900" : "text-slate-500",
-                      "flex h-full items-center px-3 text-sm font-medium",
-                      navElem.hidden && "hidden"
-                    )}
-                    aria-current={navElem.id === activeId ? "page" : undefined}>
-                    {navElem.label}
-                  </div>
-                  <div
-                    className={cn(
-                      "bottom-0 mt-auto h-[2px] w-full rounded-t-lg transition-all duration-150 ease-in-out",
-                      navElem.id === activeId ? "bg-slate-300" : "bg-transparent group-hover:bg-slate-300",
-                      navElem.hidden && "hidden"
-                    )}
-                  />
+      <nav className="flex h-10 w-full items-center space-x-4" aria-label="Tabs">
+        {loading
+          ? navigation.map((navElem) => (
+              <div className="group flex h-full flex-col truncate" key={navElem.id}>
+                <div
+                  aria-disabled="true"
+                  className={cn(
+                    navElem.id === activeId ? "font-semibold text-slate-900" : "text-slate-500",
+                    "flex h-full items-center truncate px-3 text-sm font-medium",
+                    navElem.hidden && "hidden"
+                  )}
+                  aria-current={navElem.id === activeId ? "page" : undefined}>
+                  {navElem.label}
                 </div>
-              ))
-            : navigation.map(
-                (navElem) =>
-                  !navElem.hidden && (
-                    <div className="group flex h-full flex-col" key={navElem.id}>
-                      {navElem.href ? (
-                        <Link
-                          href={navElem.href}
-                          {...(navElem.onClick ? { onClick: navElem.onClick } : {})}
-                          className={cn(
-                            navElem.id === activeId
-                              ? "font-semibold text-slate-900"
-                              : "text-slate-500 hover:text-slate-700",
-                            "flex h-full items-center px-3 text-sm font-medium",
-                            navElem.hidden && "hidden"
-                          )}
-                          aria-current={navElem.id === activeId ? "page" : undefined}>
-                          {navElem.label}
-                        </Link>
-                      ) : (
-                        <button
-                          {...(navElem.onClick ? { onClick: navElem.onClick } : {})}
-                          className={cn(
-                            navElem.id === activeId
-                              ? "font-semibold text-slate-900"
-                              : "text-slate-500 hover:text-slate-700",
-                            "grow items-center px-3 text-sm font-medium transition-all duration-150 ease-in-out",
-                            navElem.hidden && "hidden"
-                          )}
-                          aria-current={navElem.id === activeId ? "page" : undefined}>
-                          {navElem.label}
-                        </button>
-                      )}
-                      <div
+                <div
+                  className={cn(
+                    "bottom-0 mt-auto h-[2px] w-full rounded-t-lg transition-all duration-150 ease-in-out",
+                    navElem.id === activeId ? "bg-slate-300" : "bg-transparent group-hover:bg-slate-300",
+                    navElem.hidden && "hidden"
+                  )}
+                />
+              </div>
+            ))
+          : navigation.map(
+              (navElem) =>
+                !navElem.hidden && (
+                  <div className="group flex h-full flex-col truncate" key={navElem.id}>
+                    {navElem.href ? (
+                      <Link
+                        href={navElem.href}
+                        {...(navElem.onClick ? { onClick: navElem.onClick } : {})}
                         className={cn(
-                          "bottom-0 mt-auto h-[2px] w-full rounded-t-lg transition-all duration-150 ease-in-out",
                           navElem.id === activeId
-                            ? "bg-brand-dark"
-                            : "bg-transparent group-hover:bg-slate-300",
+                            ? "font-semibold text-slate-900"
+                            : "text-slate-500 hover:text-slate-700",
+                          "flex h-full items-center px-3 text-sm font-medium",
                           navElem.hidden && "hidden"
                         )}
-                      />
-                    </div>
-                  )
-              )}
-        </nav>
-        <div className="justify-self-end"></div>
-      </div>
+                        aria-current={navElem.id === activeId ? "page" : undefined}>
+                        {navElem.label}
+                      </Link>
+                    ) : (
+                      <button
+                        {...(navElem.onClick ? { onClick: navElem.onClick } : {})}
+                        className={cn(
+                          navElem.id === activeId
+                            ? "font-semibold text-slate-900"
+                            : "text-slate-500 hover:text-slate-700",
+                          "grow items-center px-3 text-sm font-medium transition-all duration-150 ease-in-out",
+                          navElem.hidden && "hidden"
+                        )}
+                        aria-current={navElem.id === activeId ? "page" : undefined}>
+                        {navElem.label}
+                      </button>
+                    )}
+                    <div
+                      className={cn(
+                        "bottom-0 mt-auto h-[2px] w-full rounded-t-lg transition-all duration-150 ease-in-out",
+                        navElem.id === activeId ? "bg-brand-dark" : "bg-transparent group-hover:bg-slate-300",
+                        navElem.hidden && "hidden"
+                      )}
+                    />
+                  </div>
+                )
+            )}
+      </nav>
     </div>
   );
 };

apps/web/modules/ui/components/theme-styling-preview-survey/index.tsx

@@ -162,6 +162,7 @@ export const ThemeStylingPreviewSurvey = ({
               borderRadius={project.styling.roundness ?? 8}>
               <Fragment key={surveyFormKey}>
                 <SurveyInline
+                  isPreviewMode={true}
                   survey={{ ...survey, type: "app" }}
                   isBrandingEnabled={project.inAppSurveyBranding}
                   isRedirectDisabled={true}
@@ -187,6 +188,7 @@ export const ThemeStylingPreviewSurvey = ({
                 key={surveyFormKey}
                 className={`${project.logo?.url && !project.styling.isLogoHidden && !isFullScreenPreview ? "mt-12" : ""} z-0 w-full max-w-md rounded-lg p-4`}>
                 <SurveyInline
+                  isPreviewMode={true}
                   survey={{ ...survey, type: "link" }}
                   isBrandingEnabled={project.linkSurveyBranding}
                   isRedirectDisabled={true}

apps/web/next.config.mjs

@@ -27,7 +27,10 @@ const nextConfig = {
     localeDetection: false,
     defaultLocale: "en-US",
   },
-  experimental: {},
+  experimental: {
+    instrumentationHook: true,
+    serverComponentsExternalPackages: ["@opentelemetry/instrumentation"],
+  },
   transpilePackages: ["@formbricks/database", "@formbricks/lib"],
   images: {
     remotePatterns: [
@@ -108,6 +111,10 @@ const nextConfig = {
         },
       ],
     });
+    config.resolve.fallback = {
+      http: false, // Prevents Next.js from trying to bundle 'http'
+      https: false,
+    };
     return config;
   },
   async headers() {

apps/web/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@formbricks/web",
-  "version": "3.3.1",
+  "version": "3.4.0",
   "private": true,
   "scripts": {
     "clean": "rimraf .turbo node_modules .next",
@@ -41,8 +41,13 @@
     "@lexical/rich-text": "0.21.0",
     "@lexical/table": "0.21.0",
     "@opentelemetry/api-logs": "0.56.0",
+    "@opentelemetry/exporter-prometheus": "0.57.2",
+    "@opentelemetry/host-metrics": "0.35.5",
     "@opentelemetry/instrumentation": "0.56.0",
+    "@opentelemetry/instrumentation-http": "0.57.2",
+    "@opentelemetry/instrumentation-runtime-node": "0.12.2",
     "@opentelemetry/sdk-logs": "0.56.0",
+    "@opentelemetry/sdk-metrics": "1.30.1",
     "@paralleldrive/cuid2": "2.2.2",
     "@prisma/client": "6.0.1",
     "@radix-ui/react-accordion": "1.2.2",
@@ -104,11 +109,12 @@
     "next-safe-action": "7.10.2",
     "node-fetch": "3.3.2",
     "nodemailer": "6.9.16",
+    "opentelemetry": "0.1.0",
     "optional": "0.1.4",
     "otplib": "12.0.1",
     "papaparse": "5.4.1",
     "posthog-js": "1.200.2",
-    "prismjs": "1.29.0",
+    "prismjs": "1.30.0",
     "react": "19.0.0",
     "react-colorful": "5.6.1",
     "react-confetti": "6.1.0",

apps/web/prometheus.yml

@@ -0,0 +1,5 @@
+scrape_configs:
+  - job_name: "nodejs-app"
+    scrape_interval: 5s
+    static_configs:
+      - targets: ["host.docker.internal:9464"]

docker-compose.dev.yml

@@ -0,0 +1,44 @@
+services:
+  postgres:
+    image: pgvector/pgvector:pg17
+    volumes:
+      - postgres:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB=postgres
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+    ports:
+      - 5432:5432
+
+  mailhog:
+    image: arjenz/mailhog # Copy of mailhog/MailHog to support linux/arm64
+    ports:
+      - 8025:8025 # web ui
+      - 1025:1025 # smtp server
+
+  redis:
+    image: redis:7.0.11
+    ports:
+      - 6379:6379
+    volumes:
+      - redis-data:/data
+
+  minio:
+    image: minio/minio:RELEASE.2025-02-28T09-55-16Z
+    command: server /data --console-address ":9001"
+    environment:
+      - MINIO_ROOT_USER=devminio
+      - MINIO_ROOT_PASSWORD=devminio123
+    ports:
+      - "9000:9000"  # S3 API
+      - "9001:9001"  # Console
+    volumes:
+      - minio-data:/data
+
+volumes:
+  postgres:
+    driver: local
+  redis-data:
+    driver: local
+  minio-data:
+    driver: local

docker/docker-compose.yml

@@ -36,6 +36,7 @@ x-environment: &environment
 
     # Email Configuration
     # MAIL_FROM:
+    # MAIL_FROM_NAME:
     # SMTP_HOST:
     # SMTP_PORT:
     # SMTP_USER:

docker/formbricks.sh

@@ -224,6 +224,9 @@ EOT
     echo -n "Enter your SMTP configured Email ID: "
     read mail_from
 
+    echo -n "Enter your SMTP configured Email Name: "
+    read mail_from_name
+
     echo -n "Enter your SMTP Host URL: "
     read smtp_host
 
@@ -244,6 +247,7 @@ EOT
 
   else
     mail_from=""
+    mail_from_name=""
     smtp_host=""
     smtp_port=""
     smtp_user=""
@@ -270,6 +274,7 @@ EOT
 
   if [[ -n $mail_from ]]; then
     sed -i "s|# MAIL_FROM:|MAIL_FROM: \"$mail_from\"|" docker-compose.yml
+    sed -i "s|# MAIL_FROM_NAME:|MAIL_FROM_NAME: \"$mail_from_name\"|" docker-compose.yml
     sed -i "s|# SMTP_HOST:|SMTP_HOST: \"$smtp_host\"|" docker-compose.yml
     sed -i "s|# SMTP_PORT:|SMTP_PORT: \"$smtp_port\"|" docker-compose.yml
     sed -i "s|# SMTP_SECURE_ENABLED:|SMTP_SECURE_ENABLED: $smtp_secure_enabled|" docker-compose.yml

docs/mint.json

@@ -262,7 +262,9 @@
           "group": "Auth & SSO",
           "icon": "lock",
           "pages": [
-            "self-hosting/configuration/auth-sso/oauth",
+            "self-hosting/configuration/auth-sso/open-id-connect",
+            "self-hosting/configuration/auth-sso/azure-ad-oauth",
+            "self-hosting/configuration/auth-sso/google-oauth",
             "self-hosting/configuration/auth-sso/saml-sso"
           ]
         },

docs/self-hosting/advanced/migration.mdx

@@ -1039,6 +1039,7 @@ x-environment: &environment
 
     # Email Configuration
     MAIL_FROM:
+    MAIL_FROM_NAME:
     SMTP_HOST:
     SMTP_PORT:
     SMTP_SECURE_ENABLED:

docs/self-hosting/configuration/auth-sso/azure-ad-oauth.mdx

@@ -0,0 +1,109 @@
+---
+title: Azure AD OAuth
+description: "Configure Microsoft Entra ID (Azure AD) OAuth for secure Single Sign-On with your Formbricks instance. Use enterprise-grade authentication for your survey platform."
+icon: "microsoft"
+---
+
+<Note>
+  Single Sign-On (SSO) functionality, including OAuth integrations with Google, Microsoft Azure AD, and OpenID Connect, requires is part of the [Enterprise Edition](/self-hosting/advanced/license).
+</Note>
+
+### Microsoft Entra ID
+
+Do you have a Microsoft Entra ID Tenant? Integrate it with your Formbricks instance to allow users to log in using their existing Microsoft credentials. This guide will walk you through the process of setting up an Application Registration for your Formbricks instance.
+
+### Requirements
+
+- A Microsoft Entra ID Tenant populated with users. [Create a tenant as per Microsoft's documentation](https://learn.microsoft.com/en-us/entra/fundamentals/create-new-tenant).
+
+- A Formbricks instance running and accessible.
+
+- The callback URI for your Formbricks instance: `{WEBAPP_URL}/api/auth/callback/azure-ad`
+
+## How to connect your Formbricks instance to Microsoft Entra
+
+<Steps>
+  <Step title="Access the Microsoft Entra admin center">
+    - Login to the [Microsoft Entra admin center](https://entra.microsoft.com/).
+    - Go to **Applications** > **App registrations** in the left menu.
+
+    ![first](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250153/image_tobdth.jpg)
+  </Step>
+
+  <Step title="Create a new app registration">
+    - Click the **New registration** button at the top.
+
+    ![second](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250228/image_dmz75t.jpg)
+  </Step>
+
+  <Step title="Configure the application">
+    - Name your application something descriptive, such as `Formbricks SSO`.
+
+    ![third](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250292/image_rooa3w.jpg)
+
+    - If you have multiple tenants/organizations, choose the appropriate **Supported account types** option. Otherwise, leave the default option for _Single Tenant_.
+
+    ![fourth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250542/image_nyndzo.jpg)
+
+    - Under **Redirect URI**, select **Web** for the platform and paste your Formbricks callback URI (see Requirements above).
+
+    ![fifth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250776/image_s3pgb6.jpg)
+
+    - Click **Register** to create the App registration. You will be redirected to your new app's _Overview_ page after it is created.
+  </Step>
+
+  <Step title="Collect application credentials">
+    - On the _Overview_ page, under **Essentials**:
+      - Copy the entry for **Application (client) ID** to populate the `AZUREAD_CLIENT_ID` variable.
+      - Copy the entry for **Directory (tenant) ID** to populate the `AZUREAD_TENANT_ID` variable.
+
+    ![sixth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250876/image_dj2vi5.jpg)
+  </Step>
+
+  <Step title="Create a client secret">
+    - From your App registration's _Overview_ page, go to **Manage** > **Certificates & secrets**.
+
+    ![seventh](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250913/image_p4zknw.jpg)
+
+    - Make sure you have the **Client secrets** tab active, and click **New client secret**.
+
+    ![eighth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250973/image_kyjray.jpg)
+
+    - Enter a **Description**, set an **Expires** period, then click **Add**.
+
+    <Note>
+      You will need to create a new client secret using these steps whenever your chosen expiry period ends.
+    </Note>
+
+    ![ninth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738251467/image_bkirq4.jpg)
+
+    - Copy the entry under **Value** to populate the `AZUREAD_CLIENT_SECRET` variable.
+
+    <Note>
+      Microsoft will only show this value to you immediately after creation, and you will not be able to access it again. If you lose it, simply create a new secret.
+    </Note>
+
+    ![tenth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738251234/image_jen6tp.jpg)
+  </Step>
+
+  <Step title="Update environment variables">
+    - Update these environment variables in your `docker-compose.yml` or pass it like your other environment variables to the Formbricks container.
+
+    <Note>
+      You must wrap the `AZUREAD_CLIENT_SECRET` value in double quotes (e.g., "THis~iS4faKe.53CreTvALu3"`) to prevent issues with special characters.
+    </Note>
+
+    An example `.env` for Microsoft Entra ID in Formbricks would look like this:
+
+    ```yml Formbricks Env for Microsoft Entra ID SSO
+    AZUREAD_CLIENT_ID=a25cadbd-f049-4690-ada3-56a163a72f4c
+    AZUREAD_TENANT_ID=2746c29a-a3a6-4ea1-8762-37816d4b7885
+    AZUREAD_CLIENT_SECRET="THis~iS4faKe.53CreTvALu3"
+    ```
+  </Step>
+
+  <Step title="Restart and test">
+    - Restart your Formbricks instance.
+    - You're all set! Users can now sign up & log in using their Microsoft credentials associated with your Entra ID Tenant.
+  </Step>
+</Steps>

docs/self-hosting/configuration/auth-sso/google-oauth.mdx

@@ -0,0 +1,81 @@
+---
+title: "Google OAuth"
+description: "Configure Google OAuth for secure Single Sign-On with your Formbricks instance. Implement enterprise-grade authentication for your survey platform with Google credentials."
+icon: "google"
+---
+
+<Note>
+  Single Sign-On (SSO) functionality, including OAuth integrations with Google, Microsoft Azure AD, and OpenID Connect, requires is part of the [Enterprise Edition](/self-hosting/advanced/license).
+</Note>
+
+### Google OAuth
+
+Integrating Google OAuth with your Formbricks instance allows users to log in using their Google credentials, ensuring a secure and streamlined user experience. This guide will walk you through the process of setting up Google OAuth for your Formbricks instance.
+
+### Requirements
+
+- A Google Cloud Platform (GCP) account
+
+- A Formbricks instance running
+
+### How to connect your Formbricks instance to Google
+
+<Steps>
+  <Step title="Create a GCP Project">
+    - Navigate to the [GCP Console](https://console.cloud.google.com/).
+    - From the projects list, select a project or create a new one.
+  </Step>
+
+  <Step title="Setting up OAuth 2.0">
+    - If the **APIs & services** page isn't already open, open the console left side menu and select **APIs & services**.
+    - On the left, click **Credentials**.
+    - Click **Create Credentials**, then select **OAuth client ID**.
+  </Step>
+
+  <Step title="Configure OAuth Consent Screen">
+    - If this is your first time creating a client ID, configure your consent screen by clicking **Consent Screen**.
+    - Fill in the necessary details and under **Authorized domains**, add the domain where your Formbricks instance is hosted.
+  </Step>
+
+  <Step title="Create OAuth 2.0 Client IDs">
+    - Select the application type **Web application** for your project and enter any additional information required.
+    - Ensure to specify authorized JavaScript origins and authorized redirect URIs.
+
+    ```
+    Authorized JavaScript origins: {WEBAPP_URL}
+    Authorized redirect URIs: {WEBAPP_URL}/api/auth/callback/google
+    ```
+  </Step>
+
+  <Step title="Update Environment Variables in Docker">
+    - To integrate the Google OAuth, you have two options: either update the environment variables in the docker-compose file or directly add them to the running container.
+    
+    - In your Docker setup directory, open the `.env` file, and add or update the following lines with the `Client ID` and `Client Secret` obtained from Google Cloud Platform:
+    
+    ```sh
+    GOOGLE_CLIENT_ID=your-client-id-here
+    GOOGLE_CLIENT_SECRET=your-client-secret-here
+    ```
+    
+    - Alternatively, you can add the environment variables directly to the running container using the following commands (replace `container_id` with your actual Docker container ID):
+    
+    ```sh
+    docker exec -it container_id /bin/bash
+    export GOOGLE_CLIENT_ID=your-client-id-here
+    export GOOGLE_CLIENT_SECRET=your-client-secret-here
+    exit
+    ```
+  </Step>
+
+  <Step title="Restart Your Formbricks Instance">
+    <Note>
+      Restarting your Docker containers may cause a brief period of downtime. Plan accordingly.
+    </Note>
+    
+    - Once the environment variables have been updated, it's crucial to restart your Docker containers to apply the changes. This ensures that your Formbricks instance can utilize the new Google OAuth configuration for user authentication.
+    
+    - Navigate to your Docker setup directory where your `docker-compose.yml` file is located.
+    
+    - Run the following command to bring down your current Docker containers and then bring them back up with the updated environment configuration.
+  </Step>
+</Steps>

docs/self-hosting/configuration/auth-sso/oauth.mdx

@@ -1,208 +0,0 @@
----
-title: OAuth
-description: "OAuth for Formbricks"
-icon: "key"
----
-
-<Note>
-  Single Sign-On (SSO) functionality, including OAuth integrations with Google, Microsoft Entra ID, Github and OpenID Connect, requires a valid Formbricks Enterprise License.
-</Note>
-
-### Google OAuth
-
-Integrating Google OAuth with your Formbricks instance allows users to log in using their Google credentials, ensuring a secure and streamlined user experience. This guide will walk you through the process of setting up Google OAuth for your Formbricks instance.
-
-#### Requirements:
-
-- A Google Cloud Platform (GCP) account.
-
-- A Formbricks instance running and accessible.
-
-#### Steps:
-
-1. **Create a GCP Project**:
-
-   - Navigate to the [GCP Console](https://console.cloud.google.com/).
-
-   - From the projects list, select a project or create a new one.
-
-2. **Setting up OAuth 2.0**:
-
-   - If the **APIs & services** page isn't already open, open the console left side menu and select **APIs & services**.
-
-   - On the left, click **Credentials**.
-
-   - Click **Create Credentials**, then select **OAuth client ID**.
-
-3. **Configure OAuth Consent Screen**:
-
-   - If this is your first time creating a client ID, configure your consent screen by clicking **Consent Screen**.
-
-   - Fill in the necessary details and under **Authorized domains**, add the domain where your Formbricks instance is hosted.
-
-4. **Create OAuth 2.0 Client IDs**:
-
-   - Select the application type **Web application** for your project and enter any additional information required.
-
-   - Ensure to specify authorized JavaScript origins and authorized redirect URIs.
-
-```{{ Redirect & Origin URLs
-Authorized JavaScript origins: {WEBAPP_URL}
-Authorized redirect URIs: {WEBAPP_URL}/api/auth/callback/google
-```
-
-- **Update Environment Variables in Docker**:
-
-  - To integrate the Google OAuth, you have two options: either update the environment variables in the docker-compose file or directly add them to the running container.
-
-  - In your Docker setup directory, open the `.env` file, and add or update the following lines with the `Client ID` and `Client Secret` obtained from Google Cloud Platform:
-
-  - Alternatively, you can add the environment variables directly to the running container using the following commands (replace `container_id` with your actual Docker container ID):
-
-  ```sh Shell commands
-  docker exec -it container_id /bin/bash
-  export GOOGLE_CLIENT_ID=your-client-id-here
-  export GOOGLE_CLIENT_SECRET=your-client-secret-here
-  exit
-  ```
-
-```sh env file
-GOOGLE_CLIENT_ID=your-client-id-here
-GOOGLE_CLIENT_SECRET=your-client-secret-here
-```
-
-1. **Restart Your Formbricks Instance**:
-
-   - **Note:** Restarting your Docker containers may cause a brief period of downtime. Plan accordingly.
-
-   - Once the environment variables have been updated, it's crucial to restart your Docker containers to apply the changes. This ensures that your Formbricks instance can utilize the new Google OAuth configuration for user authentication. Here's how you can do it:
-
-   - Navigate to your Docker setup directory where your `docker-compose.yml` file is located.
-
-   - Run the following command to bring down your current Docker containers and then bring them back up with the updated environment configuration:
-
-### Microsoft Entra ID (Azure Active Directory) SSO OAuth
-
-Do you have a Microsoft Entra ID Tenant? Integrate it with your Formbricks instance to allow users to log in using their existing Microsoft credentials. This guide will walk you through the process of setting up an Application Registration for your Formbricks instance.
-
-#### Requirements
-
-- A Microsoft Entra ID Tenant populated with users. [Create a tenant as per Microsoft's documentation](https://learn.microsoft.com/en-us/entra/fundamentals/create-new-tenant).
-
-- A Formbricks instance running and accessible.
-
-- The callback URI for your Formbricks instance: `{WEBAPP_URL}/api/auth/callback/azure-ad`
-
-#### Creating an App Registration
-
-- Login to the [Microsoft Entra admin center](https://entra.microsoft.com/).
-
-- Go to **Applications** > **App registrations** in the left menu.
-
-![first](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250153/image_tobdth.jpg)
-
-- Click the **New registration** button at the top.
-
-![second](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250228/image_dmz75t.jpg)
-
-- Name your application something descriptive, such as `Formbricks SSO`.
-
-![third](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250292/image_rooa3w.jpg)
-
-- If you have multiple tenants/organizations, choose the appropriate **Supported account types** option. Otherwise, leave the default option for _Single Tenant_.
-
-![fourth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250542/image_nyndzo.jpg)
-
-- Under **Redirect URI**, select **Web** for the platform and paste your Formbricks callback URI (see Requirements above).
-
-![fifth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250776/image_s3pgb6.jpg)
-
-- Click **Register** to create the App registration. You will be redirected to your new app's _Overview_ page after it is created.
-
-- On the _Overview_ page, under **Essentials**:
-
-- Copy the entry for **Application (client) ID** to populate the `AZUREAD_CLIENT_ID` variable.
-
-- Copy the entry for **Directory (tenant) ID** to populate the `AZUREAD_TENANT_ID` variable.
-
-![sixth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250876/image_dj2vi5.jpg)
-
-- From your App registration's _Overview_ page, go to **Manage** > **Certificates & secrets**.
-
-![seventh](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250913/image_p4zknw.jpg)
-
-- Make sure you have the **Client secrets** tab active, and click **New client secret**.
-
-![eighth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738250973/image_kyjray.jpg)
-
-- Enter a **Description**, set an **Expires** period, then click **Add**.
-
-<Note>
-  You will need to create a new client secret using these steps whenever your chosen expiry period ends.
-</Note>
-
-![ninth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738251467/image_bkirq4.jpg)
-
-- Copy the entry under **Value** to populate the `AZUREAD_CLIENT_SECRET` variable.
-
-<Note>
-  Microsoft will only show this value to you immediately after creation, and you will not be able to access it again. If you lose it, simply start from step 9 to create a new secret.
-</Note>
-
-![tenth](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738251234/image_jen6tp.jpg)
-
-- Update these environment variables in your `docker-compose.yml` or pass it like your other environment variables to the Formbricks container.
-
-<Note>
-  You must wrap the `AZUREAD_CLIENT_SECRET` value in double quotes (e.g., "THis~iS4faKe.53CreTvALu3"`) to prevent issues with special characters.
-</Note>
-
-An example `.env` for Microsoft Entra ID in Formbricks would look like:
-
-```yml Formbricks Env for Microsoft Entra ID SSO
-AZUREAD_CLIENT_ID=a25cadbd-f049-4690-ada3-56a163a72f4c
-AZUREAD_TENANT_ID=2746c29a-a3a6-4ea1-8762-37816d4b7885
-AZUREAD_CLIENT_SECRET="THis~iS4faKe.53CreTvALu3"
-```
-
-- Restart your Formbricks instance.
-
-- You're all set! Users can now sign up & log in using their Microsoft credentials associated with your Entra ID Tenant.
-
-## OpenID Configuration
-
-Integrating your own OIDC (OpenID Connect) instance with your Formbricks instance allows users to log in using their OIDC credentials, ensuring a secure and streamlined user experience. Please follow the steps below to set up OIDC for your Formbricks instance.
-
-- Configure your OIDC provider & get the following variables:
-
-- `OIDC_CLIENT_ID`
-
-- `OIDC_CLIENT_SECRET`
-
-- `OIDC_ISSUER`
-
-- `OIDC_SIGNING_ALGORITHM`
-
-<Note>
-  Make sure the Redirect URI for your OIDC Client is set to `{WEBAPP_URL}/api/auth/callback/openid`.
-</Note>
-
-- Update these environment variables in your `docker-compose.yml` or pass it directly to the running container.
-
-An example configuration for a FusionAuth OpenID Connect in Formbricks would look like:
-
-
-```yml Formbricks Env for FusionAuth OIDC
-OIDC_CLIENT_ID=59cada54-56d4-4aa8-a5e7-5823bbe0e5b7
-OIDC_CLIENT_SECRET=4f4dwP0ZoOAqMW8fM9290A7uIS3E8Xg29xe1umhlB_s
-OIDC_ISSUER=http://localhost:9011 
-OIDC_DISPLAY_NAME=FusionAuth
-OIDC_SIGNING_ALGORITHM=HS256
-```
-
-
-- Set an environment variable `OIDC_DISPLAY_NAME` to the display name of your OIDC provider.
-
-- Restart your Formbricks instance.
-
-- You're all set! Users can now sign up & log in using their OIDC credentials.

docs/self-hosting/configuration/auth-sso/open-id-connect.mdx

@@ -0,0 +1,45 @@
+---
+title: "Open ID Connect"
+description: "Configure Open ID Connect for secure Single Sign-On with your Formbricks instance. Implement enterprise-grade authentication for your survey platform with Open ID Connect."
+icon: "key"
+---
+
+<Note>
+  Single Sign-On (SSO) functionality, including OAuth integrations with Google, Microsoft Azure AD, and OpenID Connect, requires is part of the [Enterprise Edition](/self-hosting/advanced/license).
+</Note>
+
+Integrating your own OIDC (OpenID Connect) instance with your Formbricks instance allows users to log in using their OIDC credentials, ensuring a secure and streamlined user experience. Please follow the steps below to set up OIDC for your Formbricks instance.
+
+- Configure your OIDC provider & get the following variables:
+
+- `OIDC_CLIENT_ID`
+
+- `OIDC_CLIENT_SECRET`
+
+- `OIDC_ISSUER`
+
+- `OIDC_SIGNING_ALGORITHM`
+
+<Note>
+  Make sure the Redirect URI for your OIDC Client is set to `{WEBAPP_URL}/api/auth/callback/openid`.
+</Note>
+
+- Update these environment variables in your `docker-compose.yml` or pass it directly to the running container.
+
+An example configuration for a FusionAuth OpenID Connect in Formbricks would look like:
+
+
+```yml Formbricks Env for FusionAuth OIDC
+OIDC_CLIENT_ID=59cada54-56d4-4aa8-a5e7-5823bbe0e5b7
+OIDC_CLIENT_SECRET=4f4dwP0ZoOAqMW8fM9290A7uIS3E8Xg29xe1umhlB_s
+OIDC_ISSUER=http://localhost:9011 
+OIDC_DISPLAY_NAME=FusionAuth
+OIDC_SIGNING_ALGORITHM=HS256
+```
+
+
+- Set an environment variable `OIDC_DISPLAY_NAME` to the display name of your OIDC provider.
+
+- Restart your Formbricks instance.
+
+- You're all set! Users can now sign up & log in using their OIDC credentials.

docs/self-hosting/configuration/auth-sso/saml-sso.mdx

@@ -1,7 +1,7 @@
 ---
-title: "SAML SSO"
+title: "SAML SSO - Self-hosted"
 icon: "user-shield"
-description: "How to set up SAML SSO for Formbricks"
+description: "Configure SAML Single Sign-On (SSO) for secure enterprise authentication with your Formbricks instance."
 ---
 
 <Note>You require an Enterprise License along with a SAML SSO add-on to avail this feature.</Note>
@@ -12,7 +12,7 @@ Formbricks supports SAML Single Sign-On (SSO) to enable secure, centralized auth
 
 To learn more about SAML Jackson, please refer to the [BoxyHQ SAML Jackson documentation](https://boxyhq.com/docs/jackson/deploy).
 
-## How SAML Works in Formbricks
+## How SAML works in Formbricks
 
 SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an Identity Provider (IdP) and Formbricks. Here's how the integration works with BoxyHQ Jackson embedded into the flow:
 
@@ -37,7 +37,7 @@ SAML (Security Assertion Markup Language) is an XML-based standard for exchangin
 7. **Access Granted:**  
    Formbricks logs the user in using the verified information.
 
-## SAML Authentication Flow Sequence Diagram
+## SAML Auth Flow Sequence Diagram
 
 Below is a sequence diagram illustrating the complete SAML authentication flow with BoxyHQ Jackson integrated:
 
@@ -67,12 +67,31 @@ sequenceDiagram
 
 To configure SAML SSO in Formbricks, follow these steps:
 
-1. **Database Setup:** Configure a dedicated database for SAML by setting the `SAML_DATABASE_URL` environment variable in your `docker-compose.yml` file (e.g., `postgres://postgres:postgres@postgres:5432/formbricks-saml`). If you're using a self-signed certificate for Postgres, include the `sslmode=disable` parameter.
-2. **IdP Application:** Create a SAML application in your IdP by following your provider's instructions([SAML Setup](/development/guides/auth-and-provision/setup-saml-with-identity-providers))
-3. **User Provisioning:** Provision users in your IdP and configure access to the IdP SAML app for all your users (who need access to Formbricks).
-4. **Metadata:** Keep the XML metadata from your IdP handy for the next step.
-5. **Metadata Setup:** Create a file called `connection.xml` in your self-hosted Formbricks instance's `formbricks/saml-connection` directory and paste the XML metadata from your IdP into it. Please create the directory if it doesn't exist. Your metadata file should start with a tag like this: `<?xml version="1.0" encoding="UTF-8"?><...>` or `<md:EntityDescriptor entityID="...">`. Please remove any extra text from the metadata.
-6. **Restart Formbricks:** Restart Formbricks to apply the changes. You can do this by running `docker compose down` and then `docker compose up -d`.
+<Steps>
+  <Step title="Database Setup">
+    Configure a dedicated database for SAML by setting the `SAML_DATABASE_URL` environment variable in your `docker-compose.yml` file (e.g., `postgres://postgres:postgres@postgres:5432/formbricks-saml`). If you're using a self-signed certificate for Postgres, include the `sslmode=disable` parameter.
+  </Step>
+
+  <Step title="IdP Application">
+    Create a SAML application in your IdP by following your provider's instructions([SAML Setup](/development/guides/auth-and-provision/setup-saml-with-identity-providers))
+  </Step>
+
+  <Step title="User Provisioning">
+    Provision users in your IdP and configure access to the IdP SAML app for all your users (who need access to Formbricks).
+  </Step>
+
+  <Step title="Metadata">
+    Keep the XML metadata from your IdP handy for the next step.
+  </Step>
+
+  <Step title="Metadata Setup">
+    Create a file called `connection.xml` in your self-hosted Formbricks instance's `formbricks/saml-connection` directory and paste the XML metadata from your IdP into it. Please create the directory if it doesn't exist. Your metadata file should start with a tag like this: `<?xml version="1.0" encoding="UTF-8"?><...>` or `<md:EntityDescriptor entityID="...">`. Please remove any extra text from the metadata.
+  </Step>
+
+  <Step title="Restart Formbricks">
+    Restart Formbricks to apply the changes. You can do this by running `docker compose down` and then `docker compose up -d`.
+  </Step>
+</Steps>
 
 <Note>
   We don't support multiple SAML connections yet. You can only have one SAML connection at a time. If you

docs/self-hosting/configuration/environment-variables.mdx

@@ -33,6 +33,7 @@ These variables are present inside your machine’s docker-compose file. Restart
 | RATE_LIMITING_DISABLED       | Disables rate limiting if set to 1.                                                                            | optional                                                |                                                                           |
 | INVITE_DISABLED              | Disables the ability for invited users to create an account if set to 1.                                       | optional                                                |                                                                           |
 | MAIL_FROM                    | Email address to send emails from.                                                                             | optional (required if email services are to be enabled) |                                                                           |
+| MAIL_FROM_NAME               | Email name/title to send emails from.                                                                          | optional (required if email services are to be enabled) |                                                                           |
 | SMTP_HOST                    | Host URL of your SMTP server.                                                                                  | optional (required if email services are to be enabled) |                                                                           |
 | SMTP_PORT                    | Host Port of your SMTP server.                                                                                 | optional (required if email services are to be enabled) |                                                                           |
 | SMTP_USER                    | Username for your SMTP Server.                                                                                 | optional (required if email services are to be enabled) |                                                                           |
@@ -60,5 +61,7 @@ These variables are present inside your machine’s docker-compose file. Restart
 | OPENTELEMETRY_LISTENER_URL   | URL for OpenTelemetry listener inside Formbricks.                                                              | optional                                                |                                                                           |
 | UNKEY_ROOT_KEY               | Key for the [Unkey](https://www.unkey.com/) service. This is used for Rate Limiting for management API.                                                              | optional                                                |                                                                           |
 | CUSTOM_CACHE_DISABLED        | Disables custom cache handler if set to 1 (required for deployment on Vercel)                                  | optional                                                |                                                                           |
+| PROMETHEUS_ENABLED           | Enables Prometheus metrics if set to 1.                                                                        | optional                                                |                                                                           |
+| PROMETHEUS_EXPORTER_PORT     | Port for Prometheus metrics.                                                                                   | optional                                                | 9090                                                                      |                                                                                    | optional                                                |                                                                           |
 
 Note: If you want to configure something that is not possible via above, please open an issue on our GitHub repo here or reach out to us on Github Discussions and we’ll try our best to work out a solution with you.

docs/self-hosting/configuration/smtp.mdx

@@ -33,6 +33,7 @@ To enable email functionality, configure the following environment variables:
 ```bash
 # Basic SMTP Configuration
 MAIL_FROM=noreply@yourdomain.com
+MAIL_FROM_NAME=Formbricks
 SMTP_HOST=smtp.yourprovider.com
 SMTP_PORT=587
 SMTP_USER=your_username
@@ -75,6 +76,7 @@ If you're using the one-click setup with Docker Compose, you can either:
 environment:
   # Email Configuration
   MAIL_FROM: noreply@yourdomain.com
+  MAIL_FROM_NAME: Formbricks
   SMTP_HOST: smtp.yourprovider.com
   SMTP_PORT: 587
   SMTP_USER: your_username
@@ -95,6 +97,7 @@ environment:
 
 ```bash
 MAIL_FROM=noreply@yourdomain.com
+MAIL_FROM_NAME=Formbricks
 SMTP_HOST=smtp.sendgrid.net
 SMTP_PORT=587
 SMTP_USER=apikey
@@ -105,6 +108,7 @@ SMTP_PASSWORD=your_sendgrid_api_key
 
 ```bash
 MAIL_FROM=noreply@yourdomain.com
+MAIL_FROM_NAME=Formbricks
 SMTP_HOST=email-smtp.us-east-1.amazonaws.com
 SMTP_PORT=587
 SMTP_USER=your_ses_access_key
@@ -115,6 +119,7 @@ SMTP_PASSWORD=your_ses_secret_key
 
 ```bash
 MAIL_FROM=your_email@gmail.com
+MAIL_FROM_NAME=Formbricks
 SMTP_HOST=smtp.gmail.com
 SMTP_PORT=587
 SMTP_USER=your_email@gmail.com

docs/self-hosting/setup/kubernetes.mdx

@@ -1,154 +1,217 @@
 ---
 title: "Kubernetes Deployment"
-description: "Deploy Formbricks on a Kubernetes cluster using Helm."
+description: "Deploy the new Helm chart on a Kubernetes cluster using Helm."
 icon: "circle-nodes"
 ---
 
-This guide explains how to deploy Formbricks on a Kubernetes cluster using Helm. The primary focus is on deploying Formbricks pods in a production-ready environment with external database services.
+# **🚀 Kubernetes Deployment Guide**
 
-## Prerequisites
+This guide explains how to deploy the **Formbricks Helm Chart** on a Kubernetes cluster using Helm. It provides configuration options for **internal** and **external** databases, caching services, and secrets management.
 
-Before you begin, ensure that:
+---
 
-- You have a running Kubernetes cluster (AWS EKS, GCP GKE, Azure AKS, Minikube, etc.)
-- An Ingress controller (e.g., Traefik, Nginx) is configured
-- You have Helm installed on your local machine
-- For production environments, you have access to external PostgreSQL and Redis services
+## **📌 Prerequisites**
+Ensure you have the following before proceeding:
 
-> **Important:** Running multiple Formbricks pods in a cluster setup requires a Formbricks Enterprise license. With the Community Edition, only a single Formbricks pod is supported. Redis is required when deploying multiple Formbricks pods for proper session handling and caching.
+- A running Kubernetes cluster (EKS, GKE, AKS, Minikube, etc.)
+- An **Ingress Controller** (e.g., Traefik, Nginx)
+- **Helm installed** on your local machine
+- **Production setup requires managed PostgreSQL and Redis services**
 
-## Basic Installation
+> **Note:** Redis is required for **session handling** when deploying multiple pods.
 
-### Step 1: Clone the Formbricks Helm Chart
+---
 
+## **1️⃣ Installation Steps**
+
+### **🔹 Step 1: Clone the Helm Chart**
 ```sh
-git clone https://github.com/formbricks/formbricks.git
-cd formbricks/helm-chart
+git clone https://github.com/formbricks/formbricks
+cd helm-chart
 ```
 
-### Step 2: Deploy Formbricks
-
-For a basic deployment with a single pod (Community Edition) and PostgreSQL running in the cluster:
-
+### **🔹 Step 2: Install with Default Configuration**
 ```sh
-helm install my-formbricks ./ \
-  --namespace formbricks \
-  --set redis.enabled=false \
-  --create-namespace
+helm install formbricks ./ -n formbricks --create-namespace
 ```
+By default:
+- PostgreSQL and Redis **are deployed within the cluster**.
+- Secrets **are dynamically generated** and stored as Kubernetes Secrets.
 
-## Production Deployment
-
-For production environments, we recommend using managed database and cache services like AWS RDS for PostgreSQL and AWS ElastiCache for Redis:
-
+### **🔹 Step 3: Install with an Enterprise License**
 ```sh
-helm install my-formbricks ./ \
-  --namespace formbricks \
-  --create-namespace \
-  --set replicaCount=3 \
-  --set postgresql.enabled=false \
-  --set postgresql.externalUrl="postgresql://user:password@your-postgres-host:5432/formbricks" \
-  --set redis.enabled=false \
-  --set redis.externalUrl="redis://your-redis-host:6379"
+helm install formbricks ./ -n formbricks --create-namespace --set enterprise.licenseKey="YOUR_LICENSE_KEY"
 ```
 
-> **Note:** The above multi-pod configuration requires a Formbricks Enterprise license. Redis is enabled and configured to support multiple Formbricks pods.
+---
 
-## Verify Installation
+## **2️⃣ Configuring Secrets**
 
-### Check Running Services
+### **🔹 Using Kubernetes Secrets (Default)**
+By default, **secrets are stored as Kubernetes Secrets**.
+The chart automatically generates **random values** for required secrets.
 
+Modify `values.yaml`:
+```yaml
+secret:
+  enabled: true
+```
+
+---
+
+### **🔹 Using External Secrets (AWS Secrets Manager, Vault, etc.)**
+To use an **external secrets manager**, enable `externalSecret` in `values.yaml`:
+```yaml
+secret:
+  enabled: false  # Disable default secret generation
+
+externalSecret:
+  enabled: true
+  secretStore:
+    name: aws-secrets-manager
+    kind: ClusterSecretStore
+  refreshInterval: "1h"
+  files:
+    redis:
+      data:
+        REDIS_PASSWORD:
+          remoteRef:
+            key: "prod/formbricks/secrets"
+            property: REDIS_PASSWORD
+    postgres:
+      data:
+        POSTGRES_ADMIN_PASSWORD:
+          remoteRef:
+            key: "prod/formbricks/secrets"
+            property: POSTGRES_ADMIN_PASSWORD
+        POSTGRES_USER_PASSWORD:
+          remoteRef:
+            key: "prod/formbricks/secrets"
+            property: POSTGRES_USER_PASSWORD
+    app-secrets:
+      data:
+        DATABASE_URL:
+          remoteRef:
+            key: "prod/formbricks/secrets"
+            property: DATABASE_URL
+        REDIS_URL:
+          remoteRef:
+            key: "prod/formbricks/secrets"
+            property: REDIS_URL
+        ENCRYPTION_KEY:
+          remoteRef:
+            key: "prod/formbricks/secrets"
+            property: ENCRYPTION_KEY
+```
+📌 **Ensure ExternalSecrets Operator is installed:**
+[https://external-secrets.io/latest/](https://external-secrets.io/latest/)
+
+Install with:
 ```sh
-kubectl get pods -n formbricks
-kubectl get svc -n formbricks
-kubectl get ingress -n formbricks
+helm install formbricks ./ -n formbricks --create-namespace -f values.yaml
 ```
 
-> **Note:** The Formbricks application pod may take some time to reach a stable state as it runs database migrations during startup.
+---
 
-### Access Formbricks
+## **3️⃣ Configuring PostgreSQL and Redis**
 
-- If running locally with Minikube:
-  ```sh
-  minikube service my-formbricks -n formbricks
-  ```
-- If deployed on a cloud cluster, make sure to set up your ingress controller properly and visit the domain or IP address associated with your ingress.
+### **🔹 Using Managed PostgreSQL and Redis**
+For production, we recommend using **managed database and cache services**.
 
-## Upgrading Formbricks
+Modify `values.yaml`:
+```yaml
+postgresql:
+  enabled: false
+  externalDatabaseUrl: "postgresql://user:password@your-postgres-host:5432/mydb"
 
-To upgrade your Formbricks deployment, use:
-
-```bash
-# From the helm-chart directory
-helm upgrade my-formbricks ./ --namespace formbricks
+redis:
+  enabled: false
+  externalRedisUrl: "redis://your-redis-host:6379"
+```
+Install with:
+```sh
+helm install formbricks ./ -n formbricks --create-namespace -f values.yaml
 ```
 
-### Common Upgrade Scenarios
+---
 
-#### 1. Updating Environment Variables
+### **🔹 Using In-Cluster PostgreSQL and Redis (Default)**
+By default, PostgreSQL and Redis are **deployed inside the cluster**.
+To **ensure in-cluster deployment**, use:
 
-```bash
-helm upgrade my-formbricks ./ --namespace formbricks \
-  --set env.SMTP_HOST=new-smtp.example.com \
-  --set env.SMTP_PORT=587 \
-  --set env.NEW_CUSTOM_VAR=newvalue
+```yaml
+postgresql:
+  enabled: true
+
+redis:
+  enabled: true
+```
+Apply with:
+```sh
+helm install formbricks ./ -n formbricks --create-namespace -f values.yaml
 ```
 
-#### 2. Scaling Resources
+---
 
-```bash
-helm upgrade my-formbricks ./ --namespace formbricks \
-  --set resources.limits.cpu=1 \
-  --set resources.limits.memory=2Gi \
-  --set resources.requests.cpu=500m \
-  --set resources.requests.memory=1Gi
+## **4️⃣ Upgrading the Deployment**
+To apply changes:
+```sh
+helm upgrade formbricks ./ -n formbricks
 ```
 
-#### 3. Updating Autoscaling Configuration
-
-```bash
-helm upgrade my-formbricks ./ --namespace formbricks \
-  --set autoscaling.enabled=true \
-  --set autoscaling.minReplicas=3 \
-  --set autoscaling.maxReplicas=10 \
-  --set autoscaling.metrics[0].resource.target.averageUtilization=75
+### **🔹 Scaling Resources**
+```sh
+helm upgrade formbricks ./ -n formbricks   --set deployment.resources.limits.cpu=2   --set deployment.resources.limits.memory=4Gi
 ```
 
-> **Note:** Enabling autoscaling requires a Formbricks Enterprise license and proper Redis configuration.
-
-#### 4. Changing Database Connection
-
-```bash
-helm upgrade my-formbricks ./ --namespace formbricks \
-  --set postgresql.enabled=false \
-  --set postgresql.externalUrl="postgresql://newuser:newpassword@external-postgres-host:5432/newdatabase"
+### **🔹 Enabling Autoscaling**
+```sh
+helm upgrade formbricks ./ -n formbricks   --set autoscaling.enabled=true   --set autoscaling.minReplicas=3   --set autoscaling.maxReplicas=10
 ```
 
-## Advanced Configuration Options
+---
 
-For advanced configurations including:
+## **5️⃣ Key Configuration Values**
 
-- Deploying PostgreSQL and Redis within your Kubernetes cluster
-- Configuring Traefik ingress controller
-- Setting up high availability
-- Customizing autoscaling behavior
+| Field                         | Description                          | Default Value |
+|--------------------------------|--------------------------------------|--------------|
+| `deployment.replicas`         | Number of application replicas       | `1`          |
+| `deployment.image.repository` | Docker image repository              | `"ghcr.io/formbricks/formbricks"` |
+| `deployment.image.tag`        | Docker image tag                     | `"latest"`   |
+| `autoscaling.enabled`         | Enable autoscaling                   | `false`      |
+| `postgresql.enabled`          | Deploy PostgreSQL in cluster         | `true`       |
+| `postgresql.externalDatabaseUrl` | External PostgreSQL URL           | `""`         |
+| `redis.enabled`               | Deploy Redis in cluster              | `true`       |
+| `redis.externalRedisUrl`      | External Redis URL                   | `""`         |
+| `externalSecret.enabled`      | Enable external secrets manager      | `false`      |
 
-Please refer to the complete Helm chart documentation at:
-[https://github.com/formbricks/formbricks/tree/main/helm-chart](https://github.com/formbricks/formbricks/tree/main/helm-chart)
+📌 **Refer to the Helm chart repository for full configuration options.**
 
-## Key Configuration Values
+---
 
-| Field                     | Description                   | Default                         |
-| ------------------------- | ----------------------------- | ------------------------------- |
-| `replicaCount`            | Number of Formbricks replicas | `1`                             |
-| `image.repository`        | Docker image repository       | `ghcr.io/formbricks/formbricks` |
-| `image.tag`               | Docker image tag              | `"2.6.0"`                       |
-| `resources.limits.cpu`    | CPU resource limit            | `500m`                          |
-| `resources.limits.memory` | Memory resource limit         | `1Gi`                           |
-| `autoscaling.enabled`     | Enable autoscaling            | `false`                         |
-| `postgresql.enabled`      | Deploy PostgreSQL in cluster  | `true`                          |
-| `postgresql.externalUrl`  | External PostgreSQL URL       | `""`                            |
-| `redis.enabled`           | Deploy Redis in cluster       | `false`                         |
-| `redis.externalUrl`       | External Redis URL            | `""`                            |
+## **6️⃣ Uninstalling the Deployment**
+To remove the deployment:
+```sh
+helm uninstall formbricks -n formbricks
+```
 
-For the complete list of configuration options, please refer to the Formbricks Helm chart repository.
+### **Removing Persistent Volumes (PVCs)**
+By default, **PVCs are not deleted** with Helm.
+To manually remove them:
+```sh
+kubectl delete pvc --all -n formbricks
+```
+
+To completely delete the namespace:
+```sh
+kubectl delete namespace formbricks
+```
+
+---
+
+## **📢 Additional Notes**
+- **Ingress Setup:** If using an ingress controller, make sure to configure `ingress.enabled: true` in `values.yaml`.
+- **Environment Variables:** Pass custom environment variables via `envFrom` in `values.yaml`.
+- **Backup Strategy:** Ensure you have a backup policy for PostgreSQL if running in-cluster.
+
+🚀 **Your Formbricks deployment is now ready!** 🚀

docs/xm-and-surveys/core-features/integrations/overview.mdx

@@ -1,5 +1,5 @@
 ---
-title: "Overview"
+title: "Third-party Integrations"
 description: "Configure third-party integrations with Formbricks Cloud."
 ---
 

docs/xm-and-surveys/surveys/link-surveys/market-research-panel.mdx

@@ -1,16 +1,11 @@
 ---
-title: "Market Research Panel"
+title: "Market Research Panel with Prolific"
+sidebarTitle: "Market Research Panel"
 description:
   "Formbricks surveys can be integrated with Prolifics participant panel easily. This tutorial walks you through the steps on how to access a pool of over 200.000 participants for your research."
 icon: "users"
 ---
 
-# Creating a Research Panel with Prolific
-
-You need a lot of research participants that match your target audience fast?
-
-Formbricks integrates well with Prolific. Prolific provides a pool of over 200.000 research participants you can choose from. Run market research with Formbricks within hours, not days.
-
 <Note>
   Prolific is a paid service. You need to fund your account to access the pool
   of participants. The cost depends on the number of participants you want to

docs/xm-and-surveys/surveys/link-surveys/quickstart.mdx

@@ -1,5 +1,5 @@
 ---
-title: "Quickstart"
+title: "Quickstart - Link Surveys"
 description: "Create your first link survey in under 5 minutes."
 icon: "rocket"
 ---